ucentral-schema: fix vxlan.json

the upstream section had no DNS Fixes: WIFI-15256 Signed-off-by: John Crispin <john@phrozen.org>
ucentral-schema: update to latest HEAD
2025-12-08 00:45:22 +00:00 · 2025-12-05 11:14:07 +01:00 · 2025-12-05 10:55:25 +01:00 · 2025-12-05 07:28:59 +01:00 · 2025-12-05 07:28:59 +01:00 · 2025-12-05 07:28:59 +01:00
34 changed files with 1907 additions and 40 deletions
--- a/feeds/ipq807x_v5.4/mac80211/patches/pending/a-101-mac80211-clean-fast-rx.patch
+++ b/feeds/ipq807x_v5.4/mac80211/patches/pending/a-101-mac80211-clean-fast-rx.patch
@@ -0,0 +1,22 @@
+Index: backports-20210222_001-5.4.164-b157d2276/drivers/net/wireless/ath/ath11k/dp_rx.c
+===================================================================
+--- backports-20210222_001-5.4.164-b157d2276.orig/drivers/net/wireless/ath/ath11k/dp_rx.c
+++ backports-20210222_001-5.4.164-b157d2276/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -2847,8 +2847,6 @@ static void ath11k_dp_rx_h_mpdu(struct a
+ 			}
+ 		}
+ 
+-		*fast_rx = false;
+-
+ 		if (rxcb->is_mcbc)
+ 			enctype = peer->sec_type_grp;
+ 		else
+@@ -2858,6 +2856,8 @@ static void ath11k_dp_rx_h_mpdu(struct a
+ 	}
+ 	spin_unlock_bh(&ar->ab->base_lock);
+ 
+	*fast_rx = false;
+
+ 	rx_attention = ath11k_dp_rx_get_attention(ar->ab, rx_desc);
+ 	err_bitmap = ath11k_dp_rx_h_attn_mpdu_err(rx_attention);
+ 	if (enctype != HAL_ENCRYPT_TYPE_OPEN && !err_bitmap)
--- a/feeds/ipq807x_v5.4/mac80211/patches/pending/a-101-wifi-ap-mitigate-peer-delete-WMI-timeout-to-reduce-b.patch
+++ b/feeds/ipq807x_v5.4/mac80211/patches/pending/a-101-wifi-ap-mitigate-peer-delete-WMI-timeout-to-reduce-b.patch
@@ -0,0 +1,53 @@
+From 375d0d25e6c02991392e44956c81cbac84909f49 Mon Sep 17 00:00:00 2001
+From: Venkat Chimata <venkat@nearhop.com>
+Date: Thu, 4 Sep 2025 00:09:17 +0530
+Subject: [PATCH] wifi: ap: mitigate peer-delete WMI timeout to reduce blind
+ period & prevent peer leaks
+
+1. When a connected client roams to another AP, the AP is trying to delete the peer
+   but for some reason the WMI command times out and while driver is waiting for
+   the response, we observed that the AP doesn't respond to any frames from STA
+   (probe requests, authentication etc) and once the response times out (3seconds default)
+   then AP starts responding to the older requets but client has already connected to
+   another AP. As the root cause for the response timing out is in the FW, we added
+   a WAR to reduce the timeout to minimize this blind period, with this AP responds
+   after 100ms and client connects successfully. And 100ms timeout is also reasonable
+   for this internal operation.
+2. In case of peer deletion timeout, the driver peer database is not cleared, so,
+   if this happens often (which it is) then eventually we hit the max peers in the
+   driver and all subsequent operations fail, so, in case of timeout ignore the failure
+   and proceed with driver peer database cleanup.
+
+Signed-off-by: Venkat Chimata <venkat@nearhop.com>
+---
+ drivers/net/wireless/ath/ath11k/peer.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath11k/peer.c b/drivers/net/wireless/ath/ath11k/peer.c
+index 1907067..aefc6ba 100644
+--- a/drivers/net/wireless/ath/ath11k/peer.c
+++ b/drivers/net/wireless/ath/ath11k/peer.c
+@@ -771,7 +771,7 @@ int ath11k_wait_for_peer_delete_done(struct ath11k *ar, u32 vdev_id,
+ 	}
+ 
+ 	time_left = wait_for_completion_timeout(&ar->peer_delete_done,
+-						3 * HZ);
+						100 * HZ / 1000);
+ 	if (time_left == 0) {
+ 		ath11k_warn(ar->ab, "Timeout in receiving peer delete response\n");
+ 		return -ETIMEDOUT;
+@@ -857,7 +857,10 @@ int ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, u8 *addr)
+ 	}
+ 
+ 	ret = ath11k_wait_for_peer_delete_done(ar, vdev_id, addr);
+-	if (ret)
+	/* WAR: For the timeout case, proceed to delete the peer anyway, as FW is
+	 * still functional, without this, driver ends up hitting max peers
+	 */
+	if (ret && ret != -ETIMEDOUT)
+ 		return ret;
+ 
+ 	ATH11K_MEMORY_STATS_DEC(ar->ab, per_peer_object,
+-- 
+2.34.1
+
--- a/feeds/ipq807x_v5.4/mac80211/patches/pending/a-102-ath11k-fix-num-peers-counter-and-add-debug-logs.patch
+++ b/feeds/ipq807x_v5.4/mac80211/patches/pending/a-102-ath11k-fix-num-peers-counter-and-add-debug-logs.patch
@@ -0,0 +1,193 @@
+From: John Crispin <john@phrozen.org>
+Date: Thu, 2 Oct 2025 09:00:00 +0000
+Subject: [PATCH] ath11k: fix num_peers counter corruption and add debug
+ logging
+
+The num_peers counter becomes corrupted during peer deletion due to race
+conditions between ath11k_peer_delete() and ath11k_peer_unmap_event().
+The firmware may or may not send unmap events, and the timing varies,
+causing the counter to either leak (increment without decrement) or
+underflow (double decrement).
+
+Root causes:
+1. ath11k_peer_delete() doesn't decrement num_peers, relying on
+   ath11k_peer_unmap_event() to do it
+2. Firmware sometimes doesn't send unmap events, leaving num_peers
+   inflated
+3. When unmap events do arrive, timing races with ath11k_peer_delete()
+   can cause missed decrements
+4. Cleanup paths may double-decrement if delete_in_progress not checked
+5. num_peers modified outside proper locking in some paths
+
+This fix:
+- Moves num_peers decrement into ath11k_peer_delete() after successful
+  peer deletion wait, ensuring exactly one decrement per deletion
+- Handles both cases: peer removed by unmap event, or peer still in list
+- Removes num_peers decrement from ath11k_peer_unmap_event() to prevent
+  double-decrement when unmap event arrives
+- Adds ath11k_dp_peer_cleanup() call before ath11k_peer_delete() in
+  roaming path to ensure datapath structures properly cleaned up
+- Adds delete_in_progress checks in cleanup paths to prevent
+  double-delete
+- Ensures all num_peers modifications happen under base_lock
+- Adds comprehensive debug logging to track num_peers throughout peer
+  lifecycle
+
+Signed-off-by: Arif Alam <arif.alam@netexperience.com>
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -5742,14 +5742,22 @@ static int ath11k_mac_op_sta_state(struc
+ 		mutex_lock(&ar->ab->tbl_mtx_lock);
+ 		spin_lock_bh(&ar->ab->base_lock);
+ 		peer = ath11k_peer_find(ar->ab, arvif->vdev_id, sta->addr);
+-		if (peer && peer->sta == sta) {
+		/* Skip if peer deletion already in progress to prevent
+		 * double-delete and num_peers underflow
+		 */
+		if (peer && peer->sta == sta && !peer->delete_in_progress) {
+ 			ath11k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n",
+ 				    vif->addr, arvif->vdev_id);
+ 			ath11k_peer_rhash_delete(ar->ab, peer);
+ 			peer->sta = NULL;
+			/* num_peers decrement now happens under base_lock when
+			 * peer is actually removed from list
+			 */
+ 			list_del(&peer->list);
+ 			kfree(peer);
+ 			ar->num_peers--;
+			ath11k_dbg(ar->ab, ATH11K_DBG_PEER, "%s peer deleted %pM vdev_id: %d num_peers: %d\n",
+				__func__, sta->addr, arvif->vdev_id, ar->num_peers);
+ 		}
+ 		spin_unlock_bh(&ar->ab->base_lock);
+ 		mutex_unlock(&ar->ab->tbl_mtx_lock);
+@@ -7847,6 +7855,8 @@ err_peer_del:
+ 			goto err_keyid;
+ 
+ 		ar->num_peers--;
+		ath11k_dbg(ar->ab, ATH11K_DBG_PEER, "%s vif peer deleted %pM vdev_id: %d num_peers: %d\n",
+			__func__, vif->addr, arvif->vdev_id, ar->num_peers);
+ 	}
+ 
+ err_vdev_del:
+--- a/drivers/net/wireless/ath/ath11k/peer.c
+++ b/drivers/net/wireless/ath/ath11k/peer.c
+@@ -461,6 +461,9 @@ void ath11k_peer_unmap_event(struct ath1
+ 		ath11k_dbg(ab, ATH11K_DBG_PEER, "peer unmap vdev %d peer %pM id %d\n",
+ 			   peer->vdev_id, peer->addr, peer_id);
+ 
+	/* Don't decrement num_peers here - it's already decremented in
+	 * ath11k_peer_delete() after successful wait. Just clean up the peer.
+	 */
+ 	list_del(&peer->list);
+ 	kfree(peer);
+ 	wake_up(&ab->peer_mapping_wq);
+@@ -726,6 +729,10 @@ void ath11k_peer_cleanup(struct ath11k *
+ 		if (peer->vdev_id != vdev_id)
+ 			continue;
+ 
+		/* Skip peers that are being deleted to prevent double-free */
+		if (peer->delete_in_progress)
+			continue;
+
+ 		ath11k_warn(ab, "removing stale peer %pM from vdev_id %d\n",
+ 			    peer->addr, vdev_id);
+ 
+@@ -743,7 +750,10 @@ void ath11k_peer_cleanup(struct ath11k *
+ 		ath11k_peer_rhash_delete(ab, peer);
+ 		list_del(&peer->list);
+ 		kfree(peer);
+		/* num_peers decrement happens here under base_lock */
+ 		ar->num_peers--;
+		ath11k_dbg(ar->ab, ATH11K_DBG_PEER, "%s peer cleanup %pM vdev_id: %d num_peers: %d\n",
+			__func__, peer->addr, vdev_id, ar->num_peers);
+ 	}
+ 
+ 	spin_unlock_bh(&ab->base_lock);
+@@ -824,6 +834,12 @@ int ath11k_peer_delete(struct ath11k *ar
+ 
+ #ifdef CPTCFG_ATH11K_NSS_SUPPORT
+ 	peer->delete_in_progress = true;
+#else
+	if (peer)
+		peer->delete_in_progress = true;
+#endif
+
+#ifdef CPTCFG_ATH11K_NSS_SUPPORT
+ 	if (peer->self_ast_entry) {
+ 		ath11k_peer_del_ast(ar, peer->self_ast_entry);
+ 		peer->self_ast_entry = NULL;
+@@ -863,10 +879,51 @@ int ath11k_peer_delete(struct ath11k *ar
+ 	if (ret && ret != -ETIMEDOUT)
+ 		return ret;
+ 
+-	ATH11K_MEMORY_STATS_DEC(ar->ab, per_peer_object,
+-				sizeof(struct ath11k_peer));
+	/* If timeout occurred, manually remove peer from list since firmware
+	 * won't send unmap event. This prevents peer leaks and num_peers corruption.
+	 */
+	if (ret == -ETIMEDOUT) {
+		ath11k_warn(ar->ab, "peer delete timeout %pM vdev %d, manually cleaning up\n",
+			    addr, vdev_id);
+ 
+-	ar->num_peers--;
+		mutex_lock(&ar->ab->tbl_mtx_lock);
+		spin_lock_bh(&ar->ab->base_lock);
+		peer = ath11k_peer_find(ar->ab, vdev_id, addr);
+		if (peer) {
+			list_del(&peer->list);
+			kfree(peer);
+			ar->num_peers--;
+			ath11k_dbg(ar->ab, ATH11K_DBG_PEER,
+				   "%s peer deleted (timeout) %pM vdev_id: %d num_peers: %d\n",
+				   __func__, addr, vdev_id, ar->num_peers);
+		}
+		spin_unlock_bh(&ar->ab->base_lock);
+		mutex_unlock(&ar->ab->tbl_mtx_lock);
+	} else {
+		/* Normal path - but firmware may not send unmap event, so decrement here
+		 * after successful peer deletion wait
+		 */
+		mutex_lock(&ar->ab->tbl_mtx_lock);
+		spin_lock_bh(&ar->ab->base_lock);
+		peer = ath11k_peer_find(ar->ab, vdev_id, addr);
+		if (peer) {
+			/* Peer still in list - firmware didn't send unmap event yet */
+			list_del(&peer->list);
+			kfree(peer);
+			ar->num_peers--;
+			ath11k_dbg(ar->ab, ATH11K_DBG_PEER,
+				   "%s peer deleted (no unmap event) %pM vdev_id: %d num_peers: %d\n",
+				   __func__, addr, vdev_id, ar->num_peers);
+		} else {
+			/* Peer already removed by unmap event - still need to decrement */
+			ar->num_peers--;
+			ath11k_dbg(ar->ab, ATH11K_DBG_PEER,
+				   "%s peer deleted (via unmap event) %pM vdev_id: %d num_peers: %d\n",
+				   __func__, addr, vdev_id, ar->num_peers);
+		}
+		spin_unlock_bh(&ar->ab->base_lock);
+		mutex_unlock(&ar->ab->tbl_mtx_lock);
+	}
+ 
+ 	return 0;
+ }
+@@ -905,6 +962,7 @@ int ath11k_peer_create(struct ath11k *ar
+ 		if (vdev_id == param->vdev_id)
+ 			return -EINVAL;
+ 
+		ath11k_dp_peer_cleanup(ar, vdev_id, param->peer_addr);
+ 		ath11k_peer_delete(ar, vdev_id, param->peer_addr);
+ 	}
+ 
+@@ -970,7 +1028,8 @@ int ath11k_peer_create(struct ath11k *ar
+ 	ar->num_peers++;
+ 
+ 	if (ath11k_mac_sta_level_info(arvif, sta)) {
+-		ath11k_dbg(ar->ab, ATH11K_DBG_PEER, "peer created %pM\n", param->peer_addr);
+		ath11k_dbg(ar->ab, ATH11K_DBG_PEER, "peer created %pM vdev_id: %d num_peers: %d\n",
+			param->peer_addr, param->vdev_id, ar->num_peers);
+ 		peer->peer_logging_enabled = true;
+ 	}
+ 
--- a/feeds/ipq807x_v5.4/mac80211/patches/pending/a-103-ath11k-Synchronize-num_peers-with-the-actual-peer-co.patch
+++ b/feeds/ipq807x_v5.4/mac80211/patches/pending/a-103-ath11k-Synchronize-num_peers-with-the-actual-peer-co.patch
@@ -0,0 +1,174 @@
+From 6a9ba11a6c58ddf6a9902c0f0396507778ef83ec Mon Sep 17 00:00:00 2001
+From: Venkat Chimata <venkat@nearhop.com>
+Date: Mon, 1 Dec 2025 07:25:36 +0530
+Subject: [PATCH] ath11k: Synchronize num_peers with the actual peer count when
+  out of sync
+
+Description:
+The num_peers counter does not always update at the exact moment a peer is deleted.
+Since deletion and decrement are not fully atomic, there are scenarios where
+num_peers can drift out of sync with the actual number of peers.
+
+Fix:
+A complete rewrite of the num_peers update logic—ensuring fully correct
+increment/decrement handling during peer insertion and deletion—would require
+significant effort and QA validation. As an immediate and effective solution,
+this patch synchronizes num_peers with the actual peer count whenever a mismatch
+is detected.
+
+Signed-off-by: Venkat Chimata <venkat@nearhop.com>
+---
+ drivers/net/wireless/ath/ath11k/mac.c  |  4 +-
+ drivers/net/wireless/ath/ath11k/peer.c | 70 +++++++++++++++++++-------
+ 2 files changed, 53 insertions(+), 21 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
+index f300c4f..5d936d9 100644
+--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -5745,7 +5745,7 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw,
+ 		/* Skip if peer deletion already in progress to prevent
+ 		 * double-delete and num_peers underflow
+ 		 */
+-		if (peer && peer->sta == sta && !peer->delete_in_progress) {
+		if (peer && peer->sta == sta) {
+ 			ath11k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n",
+ 				    vif->addr, arvif->vdev_id);
+ 			ath11k_peer_rhash_delete(ar->ab, peer);
+@@ -7947,7 +7947,7 @@ static void ath11k_mac_op_remove_interface(struct ieee80211_hw *hw,
+ 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
+ 		ret = ath11k_peer_delete(ar, arvif->vdev_id, vif->addr);
+ 		if (ret)
+-			ath11k_warn(ab, "failed to submit AP self-peer removal on vdev %d: %d\n",
+			ath11k_warn(ab, "%s: failed to submit AP self-peer removal on vdev %d: %d\n", __func__,
+ 				    arvif->vdev_id, ret);
+ 
+ 		list_for_each_entry_safe(ap_vlan_arvif, tmp, &arvif->ap_vlan_arvifs,
+diff --git a/drivers/net/wireless/ath/ath11k/peer.c b/drivers/net/wireless/ath/ath11k/peer.c
+index 877ea30..3433857 100644
+--- a/drivers/net/wireless/ath/ath11k/peer.c
+++ b/drivers/net/wireless/ath/ath11k/peer.c
+@@ -882,48 +882,38 @@ int ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, u8 *addr)
+ 	/* If timeout occurred, manually remove peer from list since firmware
+ 	 * won't send unmap event. This prevents peer leaks and num_peers corruption.
+ 	 */
+	mutex_lock(&ar->ab->tbl_mtx_lock);
+	spin_lock_bh(&ar->ab->base_lock);
+ 	if (ret == -ETIMEDOUT) {
+ 		ath11k_warn(ar->ab, "peer delete timeout %pM vdev %d, manually cleaning up\n",
+ 			    addr, vdev_id);
+ 
+-		mutex_lock(&ar->ab->tbl_mtx_lock);
+-		spin_lock_bh(&ar->ab->base_lock);
+ 		peer = ath11k_peer_find(ar->ab, vdev_id, addr);
+ 		if (peer) {
+ 			list_del(&peer->list);
+ 			kfree(peer);
+-			ar->num_peers--;
+ 			ath11k_dbg(ar->ab, ATH11K_DBG_PEER,
+ 				   "%s peer deleted (timeout) %pM vdev_id: %d num_peers: %d\n",
+ 				   __func__, addr, vdev_id, ar->num_peers);
+ 		}
+-		spin_unlock_bh(&ar->ab->base_lock);
+-		mutex_unlock(&ar->ab->tbl_mtx_lock);
+ 	} else {
+ 		/* Normal path - but firmware may not send unmap event, so decrement here
+ 		 * after successful peer deletion wait
+ 		 */
+-		mutex_lock(&ar->ab->tbl_mtx_lock);
+-		spin_lock_bh(&ar->ab->base_lock);
+ 		peer = ath11k_peer_find(ar->ab, vdev_id, addr);
+ 		if (peer) {
+ 			/* Peer still in list - firmware didn't send unmap event yet */
+ 			list_del(&peer->list);
+ 			kfree(peer);
+-			ar->num_peers--;
+ 			ath11k_dbg(ar->ab, ATH11K_DBG_PEER,
+ 				   "%s peer deleted (no unmap event) %pM vdev_id: %d num_peers: %d\n",
+ 				   __func__, addr, vdev_id, ar->num_peers);
+-		} else {
+-			/* Peer already removed by unmap event - still need to decrement */
+-			ar->num_peers--;
+-			ath11k_dbg(ar->ab, ATH11K_DBG_PEER,
+-				   "%s peer deleted (via unmap event) %pM vdev_id: %d num_peers: %d\n",
+-				   __func__, addr, vdev_id, ar->num_peers);
+ 		}
+-		spin_unlock_bh(&ar->ab->base_lock);
+-		mutex_unlock(&ar->ab->tbl_mtx_lock);
+ 	}
+	// Peer can be deleted in the unmap or here, so only decrement num_peers once
+	ar->num_peers--;
+	spin_unlock_bh(&ar->ab->base_lock);
+	mutex_unlock(&ar->ab->tbl_mtx_lock);
+ 
+ 	return 0;
+ }
+@@ -933,6 +923,31 @@ static int ath11k_wait_for_peer_created(struct ath11k *ar, int vdev_id, const u8
+ 	return ath11k_wait_for_peer_common(ar->ab, vdev_id, addr, true);
+ }
+ 
+static int ath11k_get_peer_count(struct rhashtable *ht)
+{
+	struct rhashtable_iter iter;
+	struct rhash_head *pos;
+	int count = 0;
+
+	rhashtable_walk_enter(ht, &iter);
+	rhashtable_walk_start(&iter);
+
+	while ((pos = rhashtable_walk_next(&iter))) {
+		if (IS_ERR(pos)) {
+			if (PTR_ERR(pos) == -EAGAIN)
+				continue;   // retry due to resize
+			break;          // some other error
+		}
+		count++;
+	}
+
+	rhashtable_walk_stop(&iter);
+	rhashtable_walk_exit(&iter);
+
+	return count;
+}
+
+
+ int ath11k_peer_create(struct ath11k *ar, struct ath11k_vif *arvif,
+ 		       struct ieee80211_sta *sta, struct peer_create_params *param)
+ {
+@@ -941,13 +956,30 @@ int ath11k_peer_create(struct ath11k *ar, struct ath11k_vif *arvif,
+ 	struct ath11k_sta *arsta;
+ 	int ret, fbret;
+ 	u8 vdev_id = 0;
+	int rhash_count;
+ 
+ 	lockdep_assert_held(&ar->conf_mutex);
+ 
+-	if (ar->num_peers > (ar->max_num_peers - 1)) {
+	// Check for peer count desynchronization
+	// If num_peers is negative or exceeds max_num_peers - 1, recalculate from rhashtable
+	if ((ar->num_peers < 0) || (ar->num_peers > (ar->max_num_peers - 1))) {
+		// This can happen if rhash table and num_peers get out of sync
+		// e.g. during peer delete for some unknown reason
+		// Recalculate num_peers from rhash table
+ 		ath11k_warn(ar->ab,
+-			    "failed to create peer due to insufficient peer entry resource in firmware\n");
+-		return -ENOBUFS;
+			    "failed to create peer due to insufficient peer entry resource in firmware ar->num_peers = %d "
+			    "ar->max_num_peers = %d ar->num_stations = %d\n", ar->num_peers, ar->max_num_peers, ar->num_stations);
+		mutex_lock(&ar->ab->tbl_mtx_lock);
+		spin_lock_bh(&ar->ab->base_lock);
+		rhash_count = ath11k_get_peer_count(ar->ab->rhead_peer_addr);
+		spin_unlock_bh(&ar->ab->base_lock);
+		mutex_unlock(&ar->ab->tbl_mtx_lock);
+		if (rhash_count > ar->max_num_peers -1 ) {
+			ath11k_warn(ar->ab,
+				"rhash_count %d exceeds max_num_peers %d\n", rhash_count, ar->max_num_peers);
+			return -ENOBUFS;
+		}
+		ar->num_peers = rhash_count;
+ 	}
+ 
+ 	mutex_lock(&ar->ab->tbl_mtx_lock);
+-- 
+2.34.1
+
--- a/feeds/ipq807x_v5.4/mac80211/patches/pending/a-104-fix-ath11k-frag-setup-leak.patch
+++ b/feeds/ipq807x_v5.4/mac80211/patches/pending/a-104-fix-ath11k-frag-setup-leak.patch
@@ -0,0 +1,33 @@
+From ed3f83b3459a67a3ab9d806490ac304b567b1c2d Mon Sep 17 00:00:00 2001
+From: Miaoqian Lin <linmq006@gmail.com>
+Date: Mon, 2 Jan 2023 12:11:42 +0400
+Subject: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
+
+crypto_alloc_shash() allocates resources, which should be released by
+crypto_free_shash(). When ath11k_peer_find() fails, there has memory
+leak. Add missing crypto_free_shash() to fix this.
+
+Fixes: 243874c64c81 ("ath11k: handle RX fragments")
+Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
+Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
+Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
+Link: https://lore.kernel.org/r/20230102081142.3937570-1-linmq006@gmail.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c
+index be391322956fec..b65a84a8826413 100644
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
+++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -3126,6 +3126,7 @@ int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id
+ 	if (!peer) {
+ 		ath11k_warn(ab, "failed to find the peer to set up fragment info\n");
+ 		spin_unlock_bh(&ab->base_lock);
+		crypto_free_shash(tfm);
+ 		return -ENOENT;
+ 	}
+ 
+-- 
+cgit 1.2.3-korg
+
--- a/feeds/ipq807x_v5.4/mac80211/patches/pending/a-105-ath11k-qmi-event-leak.patch
+++ b/feeds/ipq807x_v5.4/mac80211/patches/pending/a-105-ath11k-qmi-event-leak.patch
@@ -0,0 +1,39 @@
+From 72de799aa9e3e064b35238ef053d2f0a49db055a Mon Sep 17 00:00:00 2001
+From: Baochen Qiang <bqiang@codeaurora.org>
+Date: Tue, 28 Sep 2021 14:00:44 +0300
+Subject: ath11k: Fix memory leak in ath11k_qmi_driver_event_work
+
+The buffer pointed to by event is not freed in case
+ATH11K_FLAG_UNREGISTERING bit is set, resulting in
+memory leak, so fix it.
+
+Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1
+
+Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
+Signed-off-by: Baochen Qiang <bqiang@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/20210913180246.193388-4-jouni@codeaurora.org
+---
+ drivers/net/wireless/ath/ath11k/qmi.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c
+index babadd574e4b9c..8c615bc788cacf 100644
+--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
+@@ -2759,8 +2759,10 @@ static void ath11k_qmi_driver_event_work(struct work_struct *work)
+ 		list_del(&event->list);
+ 		spin_unlock(&qmi->event_lock);
+ 
+-		if (test_bit(ATH11K_FLAG_UNREGISTERING, &ab->dev_flags))
+		if (test_bit(ATH11K_FLAG_UNREGISTERING, &ab->dev_flags)) {
+			kfree(event);
+ 			return;
+		}
+ 
+ 		switch (event->type) {
+ 		case ATH11K_QMI_EVENT_SERVER_ARRIVE:
+-- 
+cgit 1.2.3-korg
+
--- a/feeds/qca-wifi-7/ath12k-wifi/Makefile
+++ b/feeds/qca-wifi-7/ath12k-wifi/Makefile
@@ -98,6 +98,11 @@ $(call Package/ath12k-wifi-default)
    TITLE:=board-2.bin for NWA50BE
 endef

+define Package/ath12k-wifi-zyxel-nwa210be
+$(call Package/ath12k-wifi-default)
+    TITLE:=board-2.bin for NWA210BE
+endef
+
 define Package/ath12k-wifi-cig-wf672
 $(call Package/ath12k-wifi-default)
    TITLE:=board-2.bin for WF672
@@ -204,6 +209,13 @@ define Package/ath12k-wifi-zyxel-nwa50be/install
 	$(INSTALL_DATA) ./ipq5332_qcn6432.regdb $(1)/lib/firmware/ath12k/QCN6432/hw1.0/regdb.bin
 endef

+define Package/ath12k-wifi-zyxel-nwa210be/install
+	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/QCN92XX/hw1.0/
+	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/IPQ5332/hw1.0/
+	$(INSTALL_DATA) ./board-2.bin.nwa210be.QCN92XX $(1)/lib/firmware/ath12k/QCN92XX/hw1.0/board-2.bin
+	$(INSTALL_DATA) ./board-2.bin.nwa210be.IPQ5332 $(1)/lib/firmware/ath12k/IPQ5332/hw1.0/board-2.bin
+endef
+
 define Package/ath12k-wifi-cig-wf672/install
 	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/QCN92XX/hw1.0/
 	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/IPQ5332/hw1.0/
@@ -224,4 +236,5 @@ $(eval $(call BuildPackage,ath12k-wifi-sercomm-ap72tip))
 $(eval $(call BuildPackage,ath12k-wifi-sercomm-ap72tip-v4))
 $(eval $(call BuildPackage,ath12k-wifi-zyxel-nwa130be))
 $(eval $(call BuildPackage,ath12k-wifi-zyxel-nwa50be))
+$(eval $(call BuildPackage,ath12k-wifi-zyxel-nwa210be))
 $(eval $(call BuildPackage,ath12k-wifi-cig-wf672))
--- a/feeds/qca-wifi-7/ath12k-wifi/board-2-nwa210be-IPQ5332.json
+++ b/feeds/qca-wifi-7/ath12k-wifi/board-2-nwa210be-IPQ5332.json
@@ -0,0 +1,20 @@
+[
+    {
+        "board": [
+            {
+                "names": [
+                    "bus=ahb,qmi-chip-id=0,qmi-board-id=18"
+                ],
+                "data": "nwa210be-IPQ5332.bin"
+            }
+        ],
+        "regdb": [
+            {
+                "names": [
+                    "bus=ahb,qmi-chip-id=0,qmi-board-id=18"
+                ],
+                "data": "ipq5332.regdb"
+            }
+        ]
+    }
+]
--- a/feeds/qca-wifi-7/ath12k-wifi/board-2-nwa210be-QCN92XX.json
+++ b/feeds/qca-wifi-7/ath12k-wifi/board-2-nwa210be-QCN92XX.json
@@ -0,0 +1,20 @@
+[
+    {
+        "board": [
+            {
+                "names": [
+                    "bus=pci,qmi-chip-id=0,qmi-board-id=12"
+                ],
+                "data": "nwa210be-QCN92XX.bin"
+            }
+        ],
+        "regdb": [
+            {
+                "names": [
+                    "bus=pci,qmi-chip-id=0,qmi-board-id=12"
+                ],
+                "data": "qcn92xx.regdb"
+            }
+        ]
+    }
+]
--- a/feeds/qca-wifi-7/ath12k-wifi/board-2.bin.nwa210be.IPQ5332
+++ b/feeds/qca-wifi-7/ath12k-wifi/board-2.bin.nwa210be.IPQ5332
--- a/feeds/qca-wifi-7/ath12k-wifi/board-2.bin.nwa210be.QCN92XX
+++ b/feeds/qca-wifi-7/ath12k-wifi/board-2.bin.nwa210be.QCN92XX
--- a/feeds/qca-wifi-7/ath12k-wifi/generate.sh
+++ b/feeds/qca-wifi-7/ath12k-wifi/generate.sh
@@ -21,3 +21,6 @@ $encoder -c board-2-nwa130be-QCN92XX.json -o board-2.bin.nwa130be.QCN92XX

 $encoder -c board-2-nwa50be-IPQ5332.json -o board-2.bin.nwa50be.IPQ5332
 $encoder -c board-2-nwa50be-QCN6432.json -o board-2.bin.nwa50be.QCN6432
+
+$encoder -c board-2-nwa210be-IPQ5332.json -o board-2.bin.nwa210be.IPQ5332
+$encoder -c board-2-nwa210be-QCN92XX.json -o board-2.bin.nwa210be.QCN92XX
--- a/feeds/qca-wifi-7/ath12k-wifi/nwa210be-IPQ5332.bin
+++ b/feeds/qca-wifi-7/ath12k-wifi/nwa210be-IPQ5332.bin
--- a/feeds/qca-wifi-7/ath12k-wifi/nwa210be-QCN92XX.bin
+++ b/feeds/qca-wifi-7/ath12k-wifi/nwa210be-QCN92XX.bin
--- a/feeds/qca-wifi-7/ipq53xx/base-files/etc/board.d/02_network
+++ b/feeds/qca-wifi-7/ipq53xx/base-files/etc/board.d/02_network
@@ -41,7 +41,8 @@ ipq53xx_setup_interfaces()
 	emplus,wap7635|\
 	sercomm,ap72tip-v4)
 		ucidef_set_interface_wan "eth0"
-		;;	
+		;;
+	zyxel,nwa210be|\
 	zyxel,nwa130be)
 		ucidef_set_interfaces_lan_wan "eth1" "eth0"
 		;;
@@ -131,6 +132,18 @@ qcom_setup_macs()
 		ucidef_set_wireless_macaddr_base 5g $(macaddr_add "$wan_mac" 3)
 		ucidef_set_wireless_macaddr_base 6g $(macaddr_add "$wan_mac" 4)
 		;;
+	zyxel,nwa210be)
+		wan_mac=$(cat /proc/cmdline)
+		wan_mac="${wan_mac##*hwaddr=}"
+		wan_mac="${wan_mac%% *}"
+		wan_mac="$(echo ${wan_mac} | sed 's/\(..\)/\1:/g;s/:$//')"
+		lan_mac=$(macaddr_add "$wan_mac" 1)
+		ucidef_set_network_device_mac eth0 $wan_mac
+		ucidef_set_network_device_mac eth1 $lan_mac
+		ucidef_set_label_macaddr $wan_mac
+		ucidef_set_wireless_macaddr_base 2g $(macaddr_add "$wan_mac" 2)
+		ucidef_set_wireless_macaddr_base 5g $(macaddr_add "$wan_mac" 3)
+		;;
 	zyxel,nwa50be)
 		wan_mac=$(cat /proc/cmdline)
 		wan_mac="${wan_mac##*hwaddr=}"
--- a/feeds/qca-wifi-7/ipq53xx/base-files/etc/hotplug.d/firmware/10-ath12k-caldata
+++ b/feeds/qca-wifi-7/ipq53xx/base-files/etc/hotplug.d/firmware/10-ath12k-caldata
@@ -68,6 +68,7 @@ ath12k/IPQ5332/hw1.0/caldata.bin)
 	sercomm,ap72tip-v4|\
 	sercomm,ap72tip|\
 	zyxel,nwa130be|\
+	zyxel,nwa210be|\
 	zyxel,nwa50be)
 		caldata_extract "0:ART" 0x1000 0x20000
 		;;
@@ -91,6 +92,7 @@ ath12k/QCN92XX/hw1.0/cal-pci-0001:01:00.0.bin)
 	emplus,wap7635|\
 	sercomm,ap72tip-v4|\
 	sercomm,ap72tip|\
+	zyxel,nwa210be|\
 	zyxel,nwa130be)
 		caldata_extract "0:ART" 0x58800 0x2d000
 		;;
--- a/feeds/qca-wifi-7/ipq53xx/base-files/lib/upgrade/platform.sh
+++ b/feeds/qca-wifi-7/ipq53xx/base-files/lib/upgrade/platform.sh
@@ -175,6 +175,7 @@ platform_do_upgrade() {
 		nand_upgrade_tar "$1"
 		;;
 	zyxel,nwa130be|\
+	zyxel,nwa210be|\
 	zyxel,nwa50be)
 		nand_upgrade_tar "$1"
 		;;
--- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-zyxel-nwa210be.dts
+++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-zyxel-nwa210be.dts
@@ -0,0 +1,655 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
+/*
+ * IPQ5332 RDP468 board device tree source
+ *
+ * Copyright (c) 2020-2021 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
+ */
+
+/dts-v1/;
+
+#include <dt-bindings/gpio/gpio.h>
+#include <dt-bindings/input/input.h>
+#include <dt-bindings/leds/common.h>
+#include "ipq5332.dtsi"
+#include "ipq5332-default-memory.dtsi"
+
+/ {
+	model = "Zyxel NWA210BE";
+	compatible = "zyxel,nwa210be", "qcom,ipq5332-ap-mi01.6", "qcom,ipq5332-rdp468", "qcom,ipq5332";
+
+	reserved-memory {
+		#address-cells = <2>;
+		#size-cells = <2>;
+		ranges;
+
+		ramoops@49c00000 {
+			compatible = "ramoops";
+			no-map;
+			reg = <0x0 0x49c00000 0x0 0x100000>;
+			record-size = <0x20000>;
+			console-size = <0x20000>;
+			pmsg-size = <0x20000>;
+		};
+	};
+
+	aliases {
+		serial0 = &blsp1_uart0;
+		serial1 = &blsp1_uart1;
+		ethernet0 = "/soc/dp1";
+		ethernet1 = "/soc/dp2";
+	};
+
+	chosen {
+		stdout-path = "serial0";
+	};
+
+	soc@0 {
+		mdio:mdio@90000 {
+			pinctrl-0 = <&mdio1_pins &mdio0_pins>;
+			pinctrl-names = "default";
+			/*gpio51 for manhattan reset*/
+			phy-reset-gpio = <&tlmm 51 GPIO_ACTIVE_LOW>;
+			phyaddr_fixup = <0xC90F018>;
+			uniphyaddr_fixup = <0xC90F014>;
+			mdio_clk_fixup; /* MDIO clock sequence fix up flag */
+			status = "okay";
+
+			phy0: ethernet-phy@0 {
+				reg = <1>;
+				fixup;
+			};
+			phy1: ethernet-phy@1 {
+				reg = <2>;
+				fixup;
+			};
+			phy2: ethernet-phy@2 {
+				reg = <3>;
+				fixup;
+			};
+			phy3: ethernet-phy@3 {
+				reg = <4>;
+				fixup;
+			};
+
+			switch0@10 {
+				compatible = "qca,qca8386";
+				#address-cells = <1>;
+				#size-cells = <0>;
+				reg = <0x10>;
+
+				ports {
+					#address-cells = <1>;
+					#size-cells = <0>;
+
+					port@0 {
+						reg = <0>;
+						label = "cpu";
+						ethernet = <&gmac2>;
+						dsa-tag-protocol = "qca_4b";
+					};
+
+					port@1 {
+						reg = <1>;
+						label = "lan1";
+						phy-handle = <&phy0>;
+						phy-mode = "usxgmii";
+					};
+
+					port@2 {
+						reg = <2>;
+						label = "lan2";
+						phy-handle = <&phy1>;
+						phy-mode = "usxgmii";
+					};
+
+					port@3 {
+						reg = <3>;
+						label = "lan3";
+						phy-handle = <&phy2>;
+						phy-mode = "usxgmii";
+					};
+				};
+			};
+		};
+
+		ess-instance {
+			num_devices = <0x2>;
+
+			ess-switch@3a000000 {
+				switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
+				switch_lan_bmp = <0x2>; /* lan port bitmap */
+				switch_wan_bmp = <0x4>; /* wan port bitmap */
+				switch_mac_mode = <0xc>; /* mac mode for uniphy instance0*/
+				switch_mac_mode1 = <0xf>; /* mac mode for uniphy instance1*/
+				switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
+
+				qcom,port_phyinfo {
+					port@0 {
+						port_id = <1>;
+						forced-speed = <2500>;
+						forced-duplex = <1>;
+					};
+					port@1 {
+						port_id = <2>;
+						phy_address = <4>;
+					};
+				};
+
+				led_source@5 {
+					source = <5>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+
+				qcom,port_ledinfo {
+					port@1 {
+						port = <2>;
+						led_source@0 {
+							source = <0>;
+							mode = "normal";
+							speed = "2500M";
+							active = "high";
+							blink_en = "enable";
+						};
+						led_source@1 {
+							source = <1>;
+							mode = "normal";
+							speed = "10M", "100M","1000M";
+							active = "high";
+							blink_en = "enable";
+						};
+					};
+				};
+			};
+
+			ess-switch1@1 {
+				compatible = "qcom,ess-switch-qca8386";
+				device_id = <1>;
+				switch_access_mode = "mdio";
+				mdio-bus = <&mdio>;
+				switch_mac_mode = <0xc>; /* mac mode for uniphy instance0 */
+				switch_mac_mode1 = <0xff>; /* mac mode1 for uniphy instance1 */
+				switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
+				switch_lan_bmp = <0xe>; /* lan port bitmap */
+				switch_wan_bmp = <0x0>;  /* wan port bitmap */
+				link-polling-required = <0>;
+				fdb_sync = "interrupt";
+				link-intr-gpio = <&tlmm 23 GPIO_ACTIVE_HIGH>;
+
+				qcom,port_phyinfo {
+					port@0 {
+						port_id = <0>;
+						forced-speed = <2500>;
+						forced-duplex = <1>;
+					};
+					port@1 {
+						port_id = <1>;
+						phy_address = <1>;
+					};
+					port@2 {
+						port_id = <2>;
+						phy_address = <2>;
+					};
+					port@3 {
+						port_id = <3>;
+						phy_address = <3>;
+					};
+				};
+
+				qcom,port_ledinfo {
+					port@3 {
+						port = <3>;
+						led_source@0 {
+							source = <0>;
+							mode = "normal";
+							speed = "2500M";
+							active = "high";
+							blink_en = "enable";
+						};
+						led_source@1 {
+							source = <1>;
+							mode = "normal";
+							speed = "10M", "100M","1000M";
+							active = "high";
+							blink_en = "enable";
+						};
+					};
+				};
+
+				led_source@2 {
+					source = <2>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+				led_source@5 {
+					source = <5>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+				led_source@8 {
+					source = <8>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+			};
+		};
+
+		dp1 {
+			device_type = "network";
+			compatible = "qcom,nss-dp";
+			qcom,id = <2>;
+			reg = <0x3a504000 0x4000>;
+			qcom,mactype = <1>;
+			local-mac-address = [000000000000];
+			mdio-bus = <&mdio>;
+			qcom,phy-mdio-addr = <4>;
+			qcom,link-poll = <1>;
+			phy-mode = "sgmii";
+		};
+
+		gmac2:dp2 {
+			device_type = "network";
+			compatible = "qcom,nss-dp";
+			qcom,id = <1>;
+			reg = <0x3a500000 0x4000>;
+			qcom,mactype = <1>;
+			local-mac-address = [000000000000];
+			phy-mode = "sgmii";
+			qcom,mht-dev = <1>;
+			qcom,is_switch_connected = <1>;
+			qcom,ppe-offload-disabled = <1>;
+		};
+
+		/* EDMA host driver configuration for the board */
+		edma@3ab00000 {
+			qcom,txdesc-ring-start = <4>;		/* Tx desc ring start ID */
+			qcom,txdesc-rings = <12>;		/* Total number of Tx desc rings to be provisioned */
+			qcom,mht-txdesc-rings = <8>;            /* Extra Tx desc rings to be provisioned for MHT SW ports */
+			qcom,txcmpl-ring-start = <4>;		/* Tx complete ring start ID */
+			qcom,txcmpl-rings = <12>;		/* Total number of Tx complete rings to be provisioned */
+			qcom,mht-txcmpl-rings = <8>;            /* Extra Tx complete rings to be provisioned for mht sw ports. */
+			qcom,rxfill-ring-start = <4>;		/* Rx fill ring start ID */
+			qcom,rxfill-rings = <4>;		/* Total number of Rx fill rings to be provisioned */
+			qcom,rxdesc-ring-start = <12>;		/* Rx desc ring start ID */
+			qcom,rxdesc-rings = <4>;		/* Total number of Rx desc rings to be provisioned */
+			qcom,rx-page-mode = <0>;		/* Rx fill ring page mode */
+			qcom,tx-map-priority-level = <1>;	/* Tx priority level per port */
+			qcom,rx-map-priority-level = <1>;	/* Rx priority level per core */
+			qcom,ppeds-num = <2>;			/* Number of PPEDS nodes */
+			/* PPE-DS node format: <Rx-fill Tx-cmpl Rx Tx Queue-base Queue-count> */
+			qcom,ppeds-map = <1 1 1 1 32 8>,	/* PPEDS Node#0 ring and queue map */
+					<2 2 2 2 40 8>;		/* PPEDS Node#1 ring and queue map */
+			qcom,txdesc-map = <8 9 10 11>,		/* Port0 per-core Tx ring map */
+					<12 13 14 15>,        /* MHT-Port1 per-core Tx ring map */
+					<4 5 6 7>,            /* MHT-Port2 per-core Tx ring map/packets from  vp*/
+					<16 17 18 19>,        /* MHT-Port3 per-core Tx ring map */
+					<20 21 22 23>;        /* MHT-Port4 per-core Tx ring map */
+			qcom,txdesc-fc-grp-map = <1 2 3 4 5>;   /* Per GMAC flow control group map */
+			qcom,rxfill-map = <4 5 6 7>;		/* Per-core Rx fill ring map */
+			qcom,rxdesc-map = <12 13 14 15>;	/* Per-core Rx desc ring map */
+			qcom,rx-queue-start = <0>;		/* Rx queue start */
+			qcom,rx-ring-queue-map = <0 8 16 24>,	/* Priority 0 queues per-core Rx ring map */
+						<1 9 17 25>,	/* Priority 1 queues per-core Rx ring map */
+						<2 10 18 26>,	/* Priority 2 queues per-core Rx ring map */
+						<3 11 19 27>,	/* Priority 3 queues per-core Rx ring map */
+						<4 12 20 28>,	/* Priority 4 queues per-core Rx ring map */
+						<5 13 21 29>,	/* Priority 5 queues per-core Rx ring map */
+						<6 14 22 30>,	/* Priority 6 queues per-core Rx ring map */
+						<7 15 23 31>;	/* Priority 7 queues per-core Rx ring map */
+			interrupts = <0 163 4>,			/* Tx complete ring id #4 IRQ info */
+				   <0 164 4>,			/* Tx complete ring id #5 IRQ info */
+				   <0 165 4>,			/* Tx complete ring id #6 IRQ info */
+				   <0 166 4>,			/* Tx complete ring id #7 IRQ info */
+				   <0 167 4>,			/* Tx complete ring id #8 IRQ info */
+				   <0 168 4>,			/* Tx complete ring id #9 IRQ info */
+				   <0 169 4>,			/* Tx complete ring id #10 IRQ info */
+				   <0 170 4>,			/* Tx complete ring id #11 IRQ info */
+				   <0 171 4>,			/* Tx complete ring id #12 IRQ info */
+				   <0 172 4>,			/* Tx complete ring id #13 IRQ info */
+				   <0 173 4>,			/* Tx complete ring id #14 IRQ info */
+				   <0 174 4>,			/* Tx complete ring id #15 IRQ info */
+				   <0 139 4>,			/* Rx desc ring id #12 IRQ info */
+				   <0 140 4>,			/* Rx desc ring id #13 IRQ info */
+				   <0 141 4>,			/* Rx desc ring id #14 IRQ info */
+				   <0 142 4>,			/* Rx desc ring id #15 IRQ info */
+				   <0 191 4>,			/* Misc error IRQ info */
+				<0 160 4>,			/* PPEDS Node #1(TxComp ring id #1) TxComplete IRQ info */
+				<0 128 4>,			/* PPEDS Node #1(Rx Desc ring id #1) Rx Desc IRQ info */
+				<0 152 4>,			/* PPEDS Node #1(RxFill Desc ring id #1) Rx Fill IRQ info */
+				<0 161 4>,			/* PPEDS Node #2(TxComp ring id #2) TxComplete IRQ info */
+				<0 129 4>,			/* PPEDS Node #2(Rx Desc ring id #2) Rx Desc IRQ info */
+				<0 153 4>,                      /* PPEDS Node #2(RxFill Desc ring id #2) Rx Fill IRQ info */
+				<0 175 4>,                   /* MHT port Tx complete ring id #16 IRQ info */
+				<0 176 4>,                   /* MHT port Tx complete ring id #17 IRQ info */
+				<0 177 4>,                   /* MHT port Tx complete ring id #18 IRQ info */
+				<0 178 4>,                   /* MHT port Tx complete ring id #19 IRQ info */
+				<0 179 4>,                   /* MHT port Tx complete ring id #20 IRQ info */
+				<0 180 4>,                   /* MHT port Tx complete ring id #21 IRQ info */
+				<0 181 4>,                   /* MHT port Tx complete ring id #22 IRQ info */
+				<0 182 4>;                   /* MHT port Tx complete ring id #23 IRQ info */
+		};
+
+		leds {
+			compatible = "gpio-leds";
+			pinctrl-0 = <&led_pins>;
+			pinctrl-names = "default";
+			led_blue{
+				label = "led_blue";
+				gpio = <&tlmm 22 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_blue";
+				default-state = "off";
+			};
+			led_green {
+				label = "led_green";
+				gpio = <&tlmm 45 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_green";
+				default-state = "on";
+			};
+			led_white {
+				label = "led_white";
+				gpio = <&tlmm 43 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_white";
+				default-state = "off";
+			};
+			led_red {
+				label = "led_red";
+				gpio = <&tlmm 44 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_red";
+				default-state = "off";
+			};
+		};
+
+		gpio_keys {
+			compatible = "gpio-keys";
+			pinctrl-0 = <&button_pins>;
+			pinctrl-names = "default";
+			button@1 {
+				label = "reset";
+				linux,code = <KEY_RESTART>;
+				gpios = <&tlmm 30 GPIO_ACTIVE_LOW>;
+				linux,input-type = <1>;
+				debounce-interval = <60>;
+			};
+		};
+
+		wsi: wsi {
+			id = <0>;
+			num_chip = <2>;
+			status = "okay";
+			chip_info = <0 1 1>,
+				    <1 1 0>;
+		};
+	};
+};
+
+&wifi0 {
+	led-gpio = <&tlmm 36 GPIO_ACTIVE_HIGH>;
+	qcom,rproc = <&q6_wcss_pd1>;
+	qcom,rproc_rpd = <&q6v5_wcss>;
+	qcom,multipd_arch;
+	qcom,userpd-subsys-name = "q6v5_wcss_userpd1";
+	memory-region = <&q6_region>;
+	qcom,wsi = <&wsi>;
+	qcom,wsi_index = <0>;
+	qcom,board_id = <0x12>;
+	status = "okay";
+};
+
+&qcn9224_pcie1 {
+	status = "okay";
+};
+
+&blsp1_uart0 {
+	pinctrl-0 = <&serial_0_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+};
+
+&blsp1_uart1 {
+	pinctrl-0 = <&serial_1_pins>;
+	pinctrl-names = "default";
+	status = "disabled";
+};
+
+&blsp1_spi0 {
+	pinctrl-0 = <&spi_0_data_clk_pins &spi_0_cs_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+
+	flash@0 {
+		compatible = "n25q128a11", "micron,n25q128a11", "jedec,spi-nor";
+		reg = <0>;
+		#address-cells = <1>;
+		#size-cells = <1>;
+		spi-max-frequency = <50000000>;
+	};
+};
+
+&sdhc {
+	bus-width = <4>;
+	max-frequency = <192000000>;
+	mmc-ddr-1_8v;
+	mmc-hs200-1_8v;
+	non-removable;
+	pinctrl-0 = <&sdc_default_state>;
+	pinctrl-names = "default";
+	status = "disabled";
+};
+
+&sleep_clk {
+	clock-frequency = <32000>;
+};
+
+&xo {
+	clock-frequency = <24000000>;
+};
+
+&qpic_bam {
+	status = "okay";
+};
+
+&qpic_nand {
+	pinctrl-0 = <&qspi_default_state>;
+	pinctrl-names = "default";
+	status = "okay";
+
+	nandcs@0 {
+		reg = <0>;
+		#address-cells = <1>;
+		#size-cells = <1>;
+
+		nand-ecc-strength = <8>;
+		nand-ecc-step-size = <512>;
+		nand-bus-width = <8>;
+	};
+};
+
+&pcie1_phy_x2 {
+	status = "okay";
+};
+
+&pcie1 {
+	pinctrl-0 = <&pcie1_default_state>;
+	pinctrl-names = "default";
+	perst-gpios = <&tlmm 47 GPIO_ACTIVE_LOW>;
+	status = "okay";
+
+	pcie1_rp {
+		reg = <0 0 0 0 0>;
+
+		qcom,mhi@1 {
+			reg = <0 0 0 0 0>;
+			boot-args = <0x2 0x4 0x34 0x3 0x0 0x0     /* MX Rail, GPIO52, Drive strength 0x3 */
+					0x4 0x4 0x18 0x3 0x0 0x0  /* RFA1p2 Rail, GPIO24, Drive strength 0x3 */
+					0x0 0x4 0x0 0x0 0x0 0x0>; /* End of arguments */
+			memory-region = <&qcn9224_pcie1>;
+			qcom,wsi = <&wsi>;
+			qcom,wsi_index = <1>;
+			qcom,board_id = <0x000c>;
+			qcom,wide_band = <1>;
+		};
+	};
+};
+
+/* PINCTRL */
+
+&tlmm {
+
+	led_pins: led_pins {
+		fem_en {
+			pins = "gpio31";
+			function = "gpio";
+			drive-strength = <8>;
+			output-high; //Enable Wi-Fi FEM
+		};
+
+		led_blue {
+			pins = "gpio22";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		led_green {
+			pins = "gpio45";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		led_white {
+			pins = "gpio43";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		led_red {
+			pins = "gpio44";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+	};
+
+
+	sdc_default_state: sdc-default-state {
+		clk-pins {
+			pins = "gpio13";
+			function = "sdc_clk";
+			drive-strength = <8>;
+			bias-disable;
+		};
+
+		cmd-pins {
+			pins = "gpio12";
+			function = "sdc_cmd";
+			drive-strength = <8>;
+			bias-pull-up;
+		};
+
+		data-pins {
+			pins = "gpio8", "gpio9", "gpio10", "gpio11";
+			function = "sdc_data";
+			drive-strength = <8>;
+			bias-pull-up;
+		};
+	};
+
+	spi_0_data_clk_pins: spi-0-data-clk-state {
+		pins = "gpio14", "gpio15", "gpio16";
+		function = "blsp0_spi";
+		drive-strength = <2>;
+		bias-pull-down;
+	};
+
+	spi_0_cs_pins: spi-0-cs-state {
+		pins = "gpio17";
+		function = "blsp0_spi";
+		drive-strength = <2>;
+		bias-pull-up;
+	};
+
+	qspi_default_state: qspi-default-state {
+		qspi_clock {
+			pins = "gpio13";
+			function = "qspi_clk";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		qspi_cs {
+			pins = "gpio12";
+			function = "qspi_cs";
+			drive-strength = <8>;
+			bias-pull-up;
+		};
+
+		qspi_data {
+			pins = "gpio8", "gpio9", "gpio10", "gpio11";
+			function = "qspi_data";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+	};
+
+	serial_1_pins: serial1-pinmux {
+		pins = "gpio33", "gpio34", "gpio35", "gpio36";
+		function = "blsp1_uart2";
+		drive-strength = <8>;
+		bias-pull-up;
+	};
+
+	button_pins: button-state {
+		pins = "gpio30";
+		function = "gpio";
+		drive-strength = <8>;
+		bias-pull-up;
+	};
+
+	pwm_pins: pwm-state {
+		pins = "gpio46";
+		function = "pwm0";
+		drive-strength = <8>;
+	};
+
+	pcie1_default_state: pcie1-default-state {
+		pins = "gpio47";
+		function = "gpio";
+		drive-strength = <8>;
+		bias-pull-up;
+		output-low;
+	};
+};
+
+&license_manager {
+	status = "okay";
+};
+
+&usb3 {
+	qcom,multiplexed-phy;
+	status = "okay";
+};
+
+&pwm {
+	pinctrl-0 = <&pwm_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+};
+
+&hs_m31phy_0 {
+	status = "okay";
+};
+
+&ssuniphy_0 {
+	status = "okay";
+};
--- a/feeds/qca-wifi-7/ipq53xx/image/ipq53xx.mk
+++ b/feeds/qca-wifi-7/ipq53xx/image/ipq53xx.mk
@@ -178,6 +178,21 @@ define Device/zyxel_nwa50be
 endef
 TARGET_DEVICES += zyxel_nwa50be

+define Device/zyxel_nwa210be
+  DEVICE_TITLE := Zyxel NWA210BE
+  DEVICE_DTS := ipq5332-zyxel-nwa210be
+  DEVICE_DTS_DIR := ../dts
+  DEVICE_DTS_CONFIG := config@mi01.6
+  IMAGES := sysupgrade.tar nand-factory.bin nand-factory.ubi
+  BLOCKSIZE := 128k
+  PAGESIZE := 2048
+  IMAGE/sysupgrade.tar := sysupgrade-tar | append-metadata
+  IMAGE/nand-factory.bin := append-ubi | qsdk-ipq-factory-nand
+  IMAGE/nand-factory.ubi := append-ubi
+  DEVICE_PACKAGES := ath12k-wifi-zyxel-nwa210be ath12k-firmware-qcn92xx ath12k-firmware-ipq5332
+endef
+TARGET_DEVICES += zyxel_nwa210be
+
 define Device/cig_wf672
  DEVICE_TITLE := CIG WF672
  DEVICE_DTS := ipq5332-cig-wf672
--- a/feeds/qca-wifi-7/mac80211/files/lib/netifd/wireless/mac80211.sh
+++ b/feeds/qca-wifi-7/mac80211/files/lib/netifd/wireless/mac80211.sh
@@ -519,15 +519,16 @@ mac80211_hostapd_setup_base() {
 		append base_cfg "he_mu_edca_ac_vo_ecwmax=7" "$N"
 		append base_cfg "he_mu_edca_ac_vo_timer=255" "$N"
 	fi
+	
+	[ "$band" = 6g ] && multiple_bssid=1

-	if [ "$enable_be" != "0" ]; then
-		append base_cfg "ieee80211be=1" "$N"
-		[ "$band" = 6g ] && multiple_bssid=1
-		[ "$hwmode" = "a" ] && {
-			append base_cfg "eht_oper_chwidth=$eht_oper_chwidth" "$N"
-			append base_cfg "eht_oper_centr_freq_seg0_idx=$eht_center_seg0" "$N"
-		}
-	fi
+        if [ "$enable_be" != "0" ]; then
+                append base_cfg "ieee80211be=1" "$N"
+                [ "$hwmode" = "a" ] && {
+                        append base_cfg "eht_oper_chwidth=$eht_oper_chwidth" "$N"
+                        append base_cfg "eht_oper_centr_freq_seg0_idx=$eht_center_seg0" "$N"
+                }
+        fi

 	hostapd_prepare_device_config "$hostapd_conf_file" nl80211
 	cat >> "$hostapd_conf_file" <<EOF
--- a/feeds/qca-wifi-7/mac80211/patches-zyxel_nwa210be/ath12k/0001-thermal-thermal-setting.patch
+++ b/feeds/qca-wifi-7/mac80211/patches-zyxel_nwa210be/ath12k/0001-thermal-thermal-setting.patch
@@ -0,0 +1,72 @@
+From 5f22b2d262ba44ecd0b05b32c6eee6161460718f Mon Sep 17 00:00:00 2001
+From: YenLin Pan <yenlin.pan@zyxel.com.tw>
+Date: Tue, 15 Jul 2025 16:18:48 +0800
+Subject: [PATCH] thermal: thermal setting
+
+lv0 -100 -hi0 105 -off0 0
+lv1 95   -hi1 110 -off1 75
+lv2 100  -hi2 115 -off2 99
+lv3 105  -hi3 120 -off3 100
+
+Signed-off-by: YenLin Pan <YenLin.Pan@zyxel.com.tw>
+---
+ drivers/net/wireless/ath/ath12k/thermal.h | 30 +++++++++++------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath12k/thermal.h b/drivers/net/wireless/ath/ath12k/thermal.h
+index 5c91906..2334901 100644
+--- a/drivers/net/wireless/ath/ath12k/thermal.h
+++ b/drivers/net/wireless/ath/ath12k/thermal.h
+@@ -13,34 +13,34 @@
+ 
+ /* Below temperatures are in celsius */
+ #define ATH12K_THERMAL_LVL0_TEMP_LOW_MARK -100
+-#define ATH12K_THERMAL_LVL0_TEMP_HIGH_MARK 100
+#define ATH12K_THERMAL_LVL0_TEMP_HIGH_MARK 105
+ #define ATH12K_THERMAL_LVL1_TEMP_LOW_MARK 95
+-#define ATH12K_THERMAL_LVL1_TEMP_HIGH_MARK 105
+#define ATH12K_THERMAL_LVL1_TEMP_HIGH_MARK 110
+ #define ATH12K_THERMAL_LVL2_TEMP_LOW_MARK 100
+-#define ATH12K_THERMAL_LVL2_TEMP_HIGH_MARK 110
+#define ATH12K_THERMAL_LVL2_TEMP_HIGH_MARK 115
+ #define ATH12K_THERMAL_LVL3_TEMP_LOW_MARK 105
+ #define ATH12K_THERMAL_LVL3_TEMP_HIGH_MARK 120
+ 
+ #define ATH12K_THERMAL_LVL0_V2_TEMP_LOW_MARK -100
+-#define ATH12K_THERMAL_LVL0_V2_TEMP_HIGH_MARK 95
+-#define ATH12K_THERMAL_LVL1_V2_TEMP_LOW_MARK 90
+-#define ATH12K_THERMAL_LVL1_V2_TEMP_HIGH_MARK 100
+-#define ATH12K_THERMAL_LVL2_V2_TEMP_LOW_MARK 95
+-#define ATH12K_THERMAL_LVL2_V2_TEMP_HIGH_MARK 105
+-#define ATH12K_THERMAL_LVL3_V2_TEMP_LOW_MARK 100
+-#define ATH12K_THERMAL_LVL3_V2_TEMP_HIGH_MARK 110
+#define ATH12K_THERMAL_LVL0_V2_TEMP_HIGH_MARK 105
+#define ATH12K_THERMAL_LVL1_V2_TEMP_LOW_MARK 95
+#define ATH12K_THERMAL_LVL1_V2_TEMP_HIGH_MARK 110
+#define ATH12K_THERMAL_LVL2_V2_TEMP_LOW_MARK 100
+#define ATH12K_THERMAL_LVL2_V2_TEMP_HIGH_MARK 115
+#define ATH12K_THERMAL_LVL3_V2_TEMP_LOW_MARK 105
+#define ATH12K_THERMAL_LVL3_V2_TEMP_HIGH_MARK 120
+ #define ATH12K_THERMAL_LVL4_V2_TEMP_LOW_MARK 105
+ #define ATH12K_THERMAL_LVL4_V2_TEMP_HIGH_MARK 120
+ 
+ #define ATH12K_THERMAL_LVL0_DUTY_CYCLE 0
+-#define ATH12K_THERMAL_LVL1_DUTY_CYCLE 50
+-#define ATH12K_THERMAL_LVL2_DUTY_CYCLE 90
+#define ATH12K_THERMAL_LVL1_DUTY_CYCLE 75
+#define ATH12K_THERMAL_LVL2_DUTY_CYCLE 99
+ #define ATH12K_THERMAL_LVL3_DUTY_CYCLE 100
+ 
+ #define ATH12K_THERMAL_LVL0_V2_DUTY_CYCLE ATH12K_THERMAL_LVL0_DUTY_CYCLE
+-#define ATH12K_THERMAL_LVL1_V2_DUTY_CYCLE ATH12K_THERMAL_LVL0_DUTY_CYCLE
+-#define ATH12K_THERMAL_LVL2_V2_DUTY_CYCLE ATH12K_THERMAL_LVL1_DUTY_CYCLE
+-#define ATH12K_THERMAL_LVL3_V2_DUTY_CYCLE ATH12K_THERMAL_LVL2_DUTY_CYCLE
+#define ATH12K_THERMAL_LVL1_V2_DUTY_CYCLE ATH12K_THERMAL_LVL1_DUTY_CYCLE
+#define ATH12K_THERMAL_LVL2_V2_DUTY_CYCLE ATH12K_THERMAL_LVL2_DUTY_CYCLE
+#define ATH12K_THERMAL_LVL3_V2_DUTY_CYCLE ATH12K_THERMAL_LVL3_DUTY_CYCLE
+ #define ATH12K_THERMAL_LVL4_V2_DUTY_CYCLE ATH12K_THERMAL_LVL3_DUTY_CYCLE
+ 
+ #define THERMAL_CONFIG_POUT0                        0
+-- 
+2.34.1
+
--- a/feeds/qca-wifi-7/qca-ssdk-qca/files-zyxel_nwa210be/qca-ssdk
+++ b/feeds/qca-wifi-7/qca-ssdk-qca/files-zyxel_nwa210be/qca-ssdk
@@ -0,0 +1,317 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2018, 2021, The Linux Foundation. All rights reserved.
+# Copyright (c) 2022-2024, Qualcomm Innovation Center, Inc. All rights reserved.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+START=16
+
+#!/bin/sh
+ruletype="ip4 ip6"
+side="wan lan"
+qwan="1 3 2 0 5 7 6 4"
+qlan="0 1 2 3 4 5 6 7"
+
+function create_war_acl_rules(){
+	for lw in $side
+	do
+		#echo $lw
+		if [ "$lw" == "wan" ];then
+			listid=254
+			queue=$qwan
+			portmap=0x20
+		else
+			listid=255
+			queue=$qlan
+			portmap=0x1e
+		fi
+		#echo $queue
+		#echo "creating list $listid"
+		ssdk_sh acl list create $listid 255
+		ruleid=0
+		for rt in $ruletype
+		do
+			for qid in $queue
+			do
+				cmd="ssdk_sh acl rule add $listid $ruleid  1 n 0 0"
+				#echo $cmd
+				if [ "$rt" == "ip4" ];then
+					cmd="$cmd ip4 n n n n n n n n n n n n n n n n n n n n n n n n n n n n n"
+					#echo $cmd
+				else
+					cmd="$cmd ip6 n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n"
+					#echo $cmd
+				fi
+				if [ $ruleid -le 3 ];then
+					#non-zero dscp
+					cmd="$cmd y 0x0 0xff"
+				elif [ $ruleid -le 7 ];then
+					#zero dscp
+					cmd="$cmd n"
+				elif [ $ruleid -le 11 ];then
+					#non-zero dscp
+					cmd="$cmd y 0x0 0xff"
+				else
+					#zero dscp
+					cmd="$cmd n"
+				fi
+				p=$((ruleid/2))
+				cmd="$cmd y mask $((ruleid%2)) 0x1 y mask $((p%2)) 0x1 n n n n n n n n n n n n n n n y n n n n n n n y $qid n n 0 0 n n n n n n n n n n n n n n n n n n n n 0"
+				#echo $cmd
+				$cmd
+				ruleid=`expr $ruleid + 1`
+			done
+		done
+		ssdk_sh acl list bind $listid 0 1 $portmap
+	done
+}
+
+function create_war_cosmap(){
+	ssdk_sh cosmap pri2q set 0 0
+	ssdk_sh cosmap pri2q set 1 0
+	ssdk_sh cosmap pri2q set 2 0
+	ssdk_sh cosmap pri2q set 3 0
+	ssdk_sh cosmap pri2q set 4 1
+	ssdk_sh cosmap pri2q set 5 1
+	ssdk_sh cosmap pri2q set 6 1
+	ssdk_sh cosmap pri2q set 7 1
+	ssdk_sh cosmap pri2ehq set 0 0
+	ssdk_sh cosmap pri2ehq set 1 0
+	ssdk_sh cosmap pri2ehq set 2 0
+	ssdk_sh cosmap pri2ehq set 3 0
+	ssdk_sh cosmap pri2ehq set 4 1
+	ssdk_sh cosmap pri2ehq set 5 1
+	ssdk_sh cosmap pri2ehq set 6 1
+	ssdk_sh cosmap pri2ehq set 7 1
+}
+
+function create_acl_byp_egstp_rules(){
+	chip_ver=$1
+	cmd="ssdk_sh servcode config set 1 n 0 0xfffefc7f 0xffbdff 0 0 0 0 0 0"
+	if [ "$chip_ver" == "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		cmd="$cmd 0"
+	fi
+	#echo $cmd
+	$cmd
+
+	ssdk_sh acl list create 56 48
+	#action bypass eg stp check
+	action="y n n n n n n n n n n 0 0 n n n n n n n n n n n n n y n n n n n n n n n n n n y n n n n n n n n n n n n n n n n n n"
+	if [ "$chip_ver" == "0x2000" ]; then
+		action="$action n n 0"
+	elif [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		action="$action n n n 0"
+	else
+		action="$action 0"
+	fi
+
+	for ruleid in $( seq 0 2 )
+	do
+		if [ "$ruleid" == "0" ];then
+			cmd="ssdk_sh acl rule add 56 0 1 n 0 0 mac n n n n n y 01-80-c2-00-00-00 ff-ff-ff-ff-ff-ff n n n n n n n n n n n n n n n n n n n n n n n"
+		elif [ "$ruleid" == "1" ];then
+			cmd="ssdk_sh acl rule add 56 1 1 n 0 0 mac n n n n n n n yes 0x8809 0xffff n n n n n n n n n n n n n n n n n n n n n"
+		else
+			cmd="ssdk_sh acl rule add 56 2 1 n 0 0 mac n n n n n n n yes 0x888e 0xffff n n n n n n n n n n n n n n n n n n n n n"
+		fi
+		if [ "$chip_ver" == "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+			cmd="$cmd n $action"
+		else
+			cmd="$cmd $action"
+		fi
+		#echo $cmd
+		$cmd
+	done
+	ssdk_sh acl list bind 56 0 2 1
+}
+
+function delete_war_acl_rules(){
+	for lw in $side
+	do
+		#echo $lw
+		if [ "$lw" == "wan" ];then
+			listid=254
+			queue=$qwan
+			portmap=0x20
+		else
+			listid=255
+			queue=$qlan
+			portmap=0x1e
+		fi
+		ssdk_sh acl list unbind $listid 0 1 $portmap
+		for rt in $ruletype
+		do
+			for qid in $queue
+			do
+				cmd="ssdk_sh acl rule del $listid 0 1"
+				echo $cmd
+				$cmd
+			done
+		done
+		#echo "deleting list $listid"
+		ssdk_sh acl list destroy $listid
+	done
+}
+
+function delete_war_cosmap(){
+	ssdk_sh cosmap pri2q set 0 0
+	ssdk_sh cosmap pri2q set 1 0
+	ssdk_sh cosmap pri2q set 2 1
+	ssdk_sh cosmap pri2q set 3 1
+	ssdk_sh cosmap pri2q set 4 2
+	ssdk_sh cosmap pri2q set 5 2
+	ssdk_sh cosmap pri2q set 6 3
+	ssdk_sh cosmap pri2q set 7 3
+	ssdk_sh cosmap pri2ehq set 0 1
+	ssdk_sh cosmap pri2ehq set 1 0
+	ssdk_sh cosmap pri2ehq set 2 2
+	ssdk_sh cosmap pri2ehq set 3 2
+	ssdk_sh cosmap pri2ehq set 4 3
+	ssdk_sh cosmap pri2ehq set 5 3
+	ssdk_sh cosmap pri2ehq set 6 4
+	ssdk_sh cosmap pri2ehq set 7 5
+}
+
+function delete_acl_byp_egstp_rules(){
+	chip_ver=$1
+	cmd="ssdk_sh servcode config set 1 n 0 0xfffefcff 0xffbfff 0 0 0 0 0 0"
+	if [ "$chip_ver" == "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		cmd="$cmd 0"
+	fi
+	#echo $cmd
+	$cmd
+	ssdk_sh acl list unbind 56 0 2 1
+	ssdk_sh acl rule del 56 0 1
+	ssdk_sh acl rule del 56 1 1
+	ssdk_sh acl rule del 56 2 1
+	ssdk_sh acl list destroy 56
+}
+
+function edma_war_config_add(){
+	create_war_cosmap
+	ssdk_sh acl status set enable
+	create_war_acl_rules
+}
+
+function edma_war_config_del(){
+	delete_war_acl_rules
+	delete_war_cosmap
+}
+
+function ipq50xx_serdes_monitor () {
+	#if qca808x phy exist, need to monitor the serdes to avoid the effect for WIFI
+	port_id=2
+	old_linkstatus="DISABLE"
+	phy_id_info=`ssdk_sh port phyid get $port_id | grep Org | awk -F '!' '{print $2}'`
+	if [ "$phy_id_info" = "[Org ID]:0x004d[Rev ID]:0xd101" ]; then
+		ssdk_sh debug phy set 29 0xb 0x300d
+		ssdk_sh debug uniphy set 0 0x7ac 0x300d 4
+
+		while true
+		do
+			cur_linkstatus=`ssdk_sh port linkstatus get $port_id | grep Status | awk -F ':' '{print $2}'`
+			#when qca808x phy link status is from down to up, serdes tx would be enabled
+			if [ "$cur_linkstatus" = "ENABLE" ] && [ "$old_linkstatus" = "DISABLE" ]; then
+				ssdk_sh debug phy set 29 0xb 0xb00d
+				ssdk_sh debug uniphy set 0 0x7ac 0xb00d 4
+			fi
+			#when qca808x phy link status is from up to down, serdes tx would be disabled
+			if [ "$cur_linkstatus" = "DISABLE" ] && [ "$old_linkstatus" = "ENABLE" ]; then
+				ssdk_sh debug phy set 29 0xb 0x300d
+				ssdk_sh debug uniphy set 0 0x7ac 0x300d 4
+			fi
+			old_linkstatus=$cur_linkstatus
+		done
+	fi
+}
+
+function ipq53xx_phy_amplitude_set () {
+	#for qca808x phy sgmii, set half amplitude with src_half_swing register
+	port_id=2
+	phy_id_info=`ssdk_sh port phyid get $port_id | grep Org | awk -F '!' '{print $2}'`
+	if [ "$phy_id_info" = "[Org ID]:0x004d[Rev ID]:0xd180" ]; then
+		ssdk_sh debug phy set 5 0x40010087 0x208a
+		ssdk_sh debug phy set 6 0x40010087 0x208a
+		#Set the Reg0x67 bits[7:5]=3’b000 and bit4=1’b1
+		ampl_val=$(eval "ssdk_sh debug phy get 5 0x40010067 | grep SSDK | grep -oE '0x[0-9a-fA-F]+' | sed 's/\(0x..\)./\11/'")
+		ssdk_sh debug phy set 5 0x40010067 $ampl_val
+		ampl_val=$(eval "ssdk_sh debug phy get 6 0x40010067 | grep SSDK | grep -oE '0x[0-9a-fA-F]+' | sed 's/\(0x..\)./\11/'")
+		ssdk_sh debug phy set 6 0x40010067 $ampl_val
+	fi
+}
+
+function ipq53xx_uniphy_amplitude_set () {
+	#for ipq50xx sgmii, set half amplitude with tx_emp_lvl/margin_index and tx_margin
+	ssdk_sh debug uniphy set 0 0x7ac 0xb10d 4
+	ssdk_sh debug uniphy set 0 0x24 0 4
+	ssdk_sh debug uniphy set 1 0x7ac 0xb10d 4
+	ssdk_sh debug uniphy set 1 0x24 0 4
+}
+
+ssdk_dependency() {
+	counter=0
+	[ -e /lib/modules/$(uname -r)/qca-ssdk.ko ] && [ ! -d /sys/module/qca_ssdk ] && {
+		insmod qca-ssdk.ko
+	}
+	while [ ! -d /sys/ssdk ] && [ "$counter" -le 5 ]
+	do
+		sleep 1
+		counter=$((counter+1))
+	done
+}
+
+start() {
+	ssdk_dependency
+	chip_ver=`ssdk_sh debug reg get 0 4 | grep Data | tr -d 'SSDK Init OK![Data]:'`
+	#The following commands should be uncommented to enable EDMA WAR
+	if [ "$chip_ver" = "0x1401" ]; then
+		#edma_war_config_add
+		echo ''
+	fi
+	#The following commands should be uncommented to add acl egress stp bypass rules
+	if [ "$chip_ver" = "0x1500" ] || [ "$chip_ver" = "0x1501" ] || [ "$chip_ver" = "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		#create_acl_byp_egstp_rules $chip_ver
+		echo ''
+	fi
+	#The following commands should be uncommented to enable WAR for ipq50xx
+	chip_type_info=`cat tmp/sysinfo/model`
+	result=$(echo $chip_type_info | grep "IPQ5018")
+	if [ "$result" != "" ]; then
+		#ipq50xx_serdes_monitor &
+		#ipq50xx_uniphy_amplitude_set
+		#ipq50xx_phy_amplitude_set
+		echo ''
+	fi
+	if [ "$chip_ver" = "0x2001" ]; then
+		ipq53xx_uniphy_amplitude_set
+		ipq53xx_phy_amplitude_set
+		echo ''
+	fi
+	echo starting
+}
+
+stop() {
+	chip_ver=`ssdk_sh debug reg get 0 4 | grep Data | tr -d 'SSDK Init OK![Data]:'`
+	#The following commands should be uncommented to disable EDMA WAR
+	if [ "$chip_ver" = "0x1401" ]; then
+		#edma_war_config_del
+		echo ''
+	fi
+	#The following commands should be uncommented to delete acl egress stp bypass rules
+	if [ "$chip_ver" = "0x1500" ] || [ "$chip_ver" = "0x1501" ] || [ "$chip_ver" = "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		#delete_acl_byp_egstp_rules $chip_ver
+		echo ''
+	fi
+	echo stoping
+}
--- a/feeds/qca-wifi-7/qca-ssdk-qca/patches-zyxel_nwa210be/0001-pinctrl-make-the-switch-LED-works.patch
+++ b/feeds/qca-wifi-7/qca-ssdk-qca/patches-zyxel_nwa210be/0001-pinctrl-make-the-switch-LED-works.patch
@@ -0,0 +1,47 @@
+From 7fa9e9b683f1c573c58a14755347988919bc7d06 Mon Sep 17 00:00:00 2001
+From: YenLin Pan <yenlin.pan@zyxel.com.tw>
+Date: Wed, 14 May 2025 13:47:06 +0800
+Subject: [PATCH] pinctrl: make the switch LED works
+
+Enable switch LED pin definition for LED0/LED1/LED2 control
+
+Signed-off-by: YenLin Pan <YenLin.Pan@zyxel.com.tw>
+---
+ src/init/ssdk_mht_pinctrl.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/init/ssdk_mht_pinctrl.c b/src/init/ssdk_mht_pinctrl.c
+index 2debe59..1ae0002 100755
+--- a/src/init/ssdk_mht_pinctrl.c
+++ b/src/init/ssdk_mht_pinctrl.c
+@@ -33,11 +33,17 @@ static struct mht_pinctrl_setting mht_pin_settings[] = {
+     /*PINs default MUX Setting*/
+     MHT_PIN_SETTING_MUX(0,  MHT_PIN_FUNC_INTN_WOL),
+     MHT_PIN_SETTING_MUX(1,  MHT_PIN_FUNC_INTN),
+-#if 0
+#if 1
+     MHT_PIN_SETTING_MUX(2,  MHT_PIN_FUNC_P0_LED_0),
+     MHT_PIN_SETTING_MUX(3,  MHT_PIN_FUNC_P1_LED_0),
+     MHT_PIN_SETTING_MUX(4,  MHT_PIN_FUNC_P2_LED_0),
+     MHT_PIN_SETTING_MUX(5,  MHT_PIN_FUNC_P3_LED_0),
+    MHT_PIN_SETTING_MUX(6,  MHT_PIN_FUNC_P0_LED_2),
+    MHT_PIN_SETTING_MUX(7,  MHT_PIN_FUNC_P1_LED_2),
+    MHT_PIN_SETTING_MUX(8,  MHT_PIN_FUNC_P2_LED_2),
+    MHT_PIN_SETTING_MUX(9,  MHT_PIN_FUNC_P3_LED_2),
+#endif
+#if 0
+     MHT_PIN_SETTING_MUX(6,  MHT_PIN_FUNC_PPS_IN),
+     MHT_PIN_SETTING_MUX(7,  MHT_PIN_FUNC_TOD_IN),
+     MHT_PIN_SETTING_MUX(8,  MHT_PIN_FUNC_RTC_REFCLK_IN),
+@@ -49,7 +55,7 @@ static struct mht_pinctrl_setting mht_pin_settings[] = {
+     MHT_PIN_SETTING_MUX(13, MHT_PIN_FUNC_P0_TOD_OUT),
+     MHT_PIN_SETTING_MUX(14, MHT_PIN_FUNC_P0_CLK125_TDI),
+     MHT_PIN_SETTING_MUX(15, MHT_PIN_FUNC_P0_SYNC_CLKO_PTP),
+-#if 0
+#if 1
+     MHT_PIN_SETTING_MUX(16, MHT_PIN_FUNC_P0_LED_1),
+     MHT_PIN_SETTING_MUX(17, MHT_PIN_FUNC_P1_LED_1),
+     MHT_PIN_SETTING_MUX(18, MHT_PIN_FUNC_P2_LED_1),
+-- 
+2.34.1
+
--- a/feeds/tip/certificates/files/etc/init.d/early_boot
+++ b/feeds/tip/certificates/files/etc/init.d/early_boot
@@ -5,7 +5,7 @@ START=09
 copy_certificates() {
 	[ -f /certificates/key.pem ] || return

-	cp /certificates/cert.pem /certificates/key.pem /certificates/operational.* /etc/ucentral/
+	cp /certificates/*.pem /certificates/*.ca /etc/ucentral/ 2>/dev/null || true
 	chown root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
 	chmod 0440 root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
 	[ -f /certificates/gateway.json ] && cp /certificates/gateway.json /etc/ucentral/gateway.flash
--- a/feeds/tip/cloud_discovery/Makefile
+++ b/feeds/tip/cloud_discovery/Makefile
@@ -12,7 +12,7 @@ define Package/cloud_discovery
  SECTION:=ucentral
  CATEGORY:=uCentral
  TITLE:=TIP cloud_discovery
-  DEPENDS:=+certificates
+  DEPENDS:=+certificates +bind-dig
 endef

 Build/Compile=
--- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery
+++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery
@@ -3,6 +3,7 @@
 'use strict';

 import { ulog_open, ulog, ULOG_SYSLOG, ULOG_STDIO, LOG_DAEMON, LOG_INFO } from 'log';
+import { query } from 'resolv';
 import * as libubus from 'ubus';
 import * as uloop from 'uloop';
 import * as libuci from 'uci';
@@ -17,8 +18,12 @@ const ORPHAN = 4;

 const DISCOVER_DHCP = "DHCP";
 const DISCOVER_FLASH = "FLASH";
+const DISCOVER_FQDN = "STANDARD_FQDN";
 const DISCOVER_LOOKUP = "OpenLAN";

+const STANDARD_FQDN = "openwifi.wlan.local";
+const STANDARD_FQDN_PORT = 15002;
+
 let ubus = libubus.connect();
 let uci = libuci.cursor();
 let state = DISCOVER;
@@ -118,7 +123,7 @@ function gateway_write(data) {
 	gateway ??= {};
 	let new = {};
 	let changed = false;
-	for (let key in [ 'server', 'port', 'valid', 'hostname_validate' ]) {
+	for (let key in [ 'server', 'port', 'valid', 'hostname_validate', 'cert', 'ca' ]) {
 		if (exists(data, key))
 			new[key] = data[key];
 		else if (exists(gateway, key))
@@ -140,6 +145,17 @@ function gateway_available() {
 	return true;
 }

+function dnsmasq_rebind_allow(fqdn) {
+	let config_dir = '/tmp/dnsmasq.d';
+	let config_file = `${config_dir}/cloud-discovery.conf`;
+
+	if (!fs.stat(config_dir))
+		fs.mkdir(config_dir);
+
+	fs.writefile(config_file, `rebind-domain-ok=/${fqdn}/\n`);
+	system('/etc/init.d/dnsmasq reload');
+}
+
 function set_state(set) {
 	if (state == set)
 		return;
@@ -187,8 +203,21 @@ function set_state(set) {
 function discover_dhcp() {
 	let dhcp = readjsonfile('/tmp/cloud.json');
 	if (dhcp?.dhcp_server && dhcp?.dhcp_port) {
-		if (gateway_write({ server: dhcp.dhcp_server, port:dhcp.dhcp_port, valid: false, hostname_validate: dhcp.no_validation ? 0 : 1 })) {
-			ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port}\n`);
+		let fqdn = split(dhcp.dhcp_server, ':')[0];
+		dnsmasq_rebind_allow(fqdn);
+		if (gateway_write({
+			server: dhcp.dhcp_server,
+			port: dhcp.dhcp_port,
+			valid: false,
+			hostname_validate: dhcp.no_validation ? 0 : 1,
+			cert: `/etc/ucentral/${fqdn}.pem`,
+			ca: `/etc/ucentral/${fqdn}.ca`
+		})) {
+			ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port} - trying EST\n`);
+			fs.writefile('/tmp/discovery.method', DISCOVER_DHCP);
+			if (system('/usr/bin/est_client enroll'))
+	                        return false;
+			ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port} - starting client\n`);
 			client_start();
 			set_state(VALIDATING);
 		}
@@ -209,10 +238,18 @@ function redirector_lookup() {
 	let redir = readjsonfile(path);
 	if (redir?.controller_endpoint) {
 		let controller_endpoint = split(redir.controller_endpoint, ':');
-		if (gateway_write({ server: controller_endpoint[0], port: controller_endpoint[1] || 15002, valid: false, hostname_validate: 1 })) {
+		if (gateway_write({
+			server: controller_endpoint[0],
+			port: controller_endpoint[1] || 15002,
+			valid: false,
+			hostname_validate: 1,
+			cert: '/etc/ucentral/operational.pem',
+			ca: '/etc/ucentral/operational.ca'
+		})) {
 			ulog(LOG_INFO, `Discovered cloud via lookup service ${controller_endpoint[0]}:${controller_endpoint[1] || 15002}\n`);
-                        client_start();
-                	set_state(VALIDATING);
+			fs.writefile('/tmp/discovery.method', DISCOVER_LOOKUP);
+			client_start();
+			set_state(VALIDATING);
 		}
 	} else {
 		ulog(LOG_INFO, 'Failed to discover cloud endpoint\n');
@@ -224,11 +261,44 @@ function discover_flash() {
 		return 1;
 	ulog(LOG_INFO, 'Using pre-populated cloud information\n');
 	fs.writefile('/etc/ucentral/gateway.json', fs.readfile('/etc/ucentral/gateway.flash'));
+	fs.writefile('/tmp/discovery.method', DISCOVER_FLASH);
 	client_start();
 	set_state(VALIDATING);
 	return 0;
 }

+function discover_standard_fqdn() {
+	ulog(LOG_INFO, `Trying standard FQDN: ${STANDARD_FQDN}\n`);
+
+	let result = query([STANDARD_FQDN], { type: ['A'] });
+	if (!result || !result[STANDARD_FQDN] || !result[STANDARD_FQDN].A) {
+		ulog(LOG_INFO, `Failed to resolve ${STANDARD_FQDN}\n`);
+		return false;
+	}
+
+	let address = result[STANDARD_FQDN].A[0];
+	ulog(LOG_INFO, `Resolved ${STANDARD_FQDN} to ${address}\n`);
+
+	dnsmasq_rebind_allow(STANDARD_FQDN);
+
+	if (gateway_write({
+		server: STANDARD_FQDN,
+		port: STANDARD_FQDN_PORT,
+		valid: false,
+		hostname_validate: 1,
+		cert: `/etc/ucentral/${STANDARD_FQDN}.pem`,
+		ca: `/etc/ucentral/${STANDARD_FQDN}.ca`
+	})) {
+		ulog(LOG_INFO, `Discovered cloud via standard FQDN ${STANDARD_FQDN}\n`);
+		fs.writefile('/tmp/discovery.method', DISCOVER_FQDN);
+		client_start();
+		set_state(VALIDATING);
+		return true;
+	}
+
+	return false;
+}
+
 function time_is_valid() {
 	let valid = !!fs.stat('/tmp/ntp.set');
 	if (!valid)
@@ -269,21 +339,25 @@ function interval_handler() {

 	case DISCOVER:
 		ulog(LOG_INFO, 'Starting discover\n');
-	
-		if (!time_is_valid())
-			return;

-		if (system('/usr/bin/est_client enroll'))
+		if (!time_is_valid())
 			return;

 		discovery_method = DISCOVER_DHCP;
 		if (!is_discover_method_blacked() && discover_dhcp())
 			return;

+		if (system('/usr/bin/est_client enroll'))
+			return;
+
 		discovery_method = DISCOVER_FLASH;
 		if (!is_discover_method_blacked() && !discover_flash())
 			return;

+		discovery_method = DISCOVER_FQDN;
+		if (!is_discover_method_blacked() && discover_standard_fqdn())
+			return;
+
 		discovery_method = DISCOVER_LOOKUP;
 		redirector_lookup();

--- a/feeds/tip/cloud_discovery/files/usr/bin/est_client
+++ b/feeds/tip/cloud_discovery/files/usr/bin/est_client
@@ -11,7 +11,70 @@ let store_operational_ca = false;
 let est_server = 'est.certificates.open-lan.org';
 let cert_prefix = 'operational';

+function cert_prefix_determine() {
+	let cloud_config = fs.readfile('/tmp/cloud.json');
+	if (cloud_config) {
+		let cloud = json(cloud_config);
+		if (cloud?.dhcp_server) {
+			let fqdn = split(cloud.dhcp_server, ':')[0];
+			ulog(LOG_INFO, `Using controller-specific cert prefix from cloud.json: ${fqdn}\n`);
+			return fqdn;
+		}
+	}
+
+	let discovery_method = trim(fs.readfile('/tmp/discovery.method') || 'OpenLAN');
+	ulog(LOG_INFO, `Discovery method from file: ${discovery_method}\n`);
+
+	if (discovery_method == 'OpenLAN') {
+		ulog(LOG_INFO, 'Using operational cert prefix\n');
+		return 'operational';
+	}
+
+	ulog(LOG_INFO, 'Using operational cert prefix as fallback\n');
+	return 'operational';
+}
+
+function discover_est_server_via_caa() {
+	let cloud_config = fs.readfile('/tmp/cloud.json');
+	if (!cloud_config)
+		return null;
+
+	let cloud = json(cloud_config);
+	if (!cloud || !cloud.dhcp_server)
+		return null;
+
+	let controller_fqdn = cloud.dhcp_server;
+	let fqdn_parts = split(controller_fqdn, ':');
+	if (length(fqdn_parts) > 0)
+		controller_fqdn = fqdn_parts[0];
+
+	ulog(LOG_INFO, `Attempting CAA lookup for controller FQDN: ${controller_fqdn}\n`);
+
+	let pipe = fs.popen(`dig @localhost ${controller_fqdn} CAA +short | cut -d'"' -f2`);
+	let est_server = pipe.read('all');
+	pipe.close();
+
+	if (!est_server)
+		return null;
+
+	est_server = trim(est_server);
+	if (est_server) {
+		ulog(LOG_INFO, `Found EST server via CAA: ${est_server}\n`);
+		return est_server;
+	}
+
+	return null;
+}
+
 function set_est_server() {
+	let discovered_server = discover_est_server_via_caa();
+	if (discovered_server) {
+		est_server = discovered_server;
+		return;
+	}
+
+	ulog(LOG_INFO, 'No EST server found via CAA, using certificate issuer-based selection\n');
+
 	let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`);
 	let issuer = pipe.read("all");
 	pipe.close();
@@ -94,11 +157,13 @@ function call_est_server(path, cert, target) {
 	if (generate_csr(cert))
 		return 1;

-	set_est_server();	
+	set_est_server();

-	let ret = system('curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
+	let curl_cmd = 'curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7';
+	ulog(LOG_INFO, `Executing: ${curl_cmd}\n`);
+	let ret = system(curl_cmd);
 	if (ret) {
-		ulog(LOG_INFO, 'Failed to request operational certificate\n');
+		ulog(LOG_INFO, `Failed to request operational certificate (exit code: ${ret})\n`);
 		return 1;
 	}
 	ulog(LOG_INFO, 'EST succeeded\n');
@@ -108,20 +173,26 @@ function call_est_server(path, cert, target) {


 function simpleenroll() {
+	cert_prefix = cert_prefix_determine();
+	ulog(LOG_INFO, `Checking for certificate: /etc/ucentral/${cert_prefix}.pem\n`);
+
 	if (fs.stat('/etc/ucentral/' + cert_prefix + '.pem')) {
 		ulog(LOG_INFO, 'Operational certificate is present\n');
 		return 0;
 	}

+	ulog(LOG_INFO, 'Operational certificate not found, enrolling...\n');
 	if (call_est_server('simpleenroll', '/etc/ucentral/cert.pem', '/etc/ucentral/' + cert_prefix + '.pem'))
-		return 1; 
-	
+		return 1;
+
 	ulog(LOG_INFO, 'Operational cert acquired\n');
 	store_operational_pem = true;
 	return 0;
 }

 function simplereenroll() {
+	cert_prefix = cert_prefix_determine();
+
 	if (!fs.stat('/etc/ucentral/' + cert_prefix + '.pem')) {
 		ulog(LOG_INFO, 'Operational certificate was not found\n');
 		return 0;
@@ -129,7 +200,7 @@ function simplereenroll() {

 	if (call_est_server('simplereenroll', '/etc/ucentral/' + cert_prefix + '.pem', '/tmp/' + cert_prefix + '.pem'))
 		return 1;
-	
+
 	ulog(LOG_INFO, 'Operational cert updated\n');
 	store_operational_cert('/tmp/' + cert_prefix + '.pem', cert_prefix + '.pem');
 	system('cp /tmp/' + cert_prefix + '.pem /etc/ucentral/');
@@ -139,18 +210,22 @@ function simplereenroll() {
 }

 function load_operational_ca() {
+	cert_prefix = cert_prefix_determine();
+
 	if (fs.stat('/etc/ucentral/' + cert_prefix + '.ca')) {
 		ulog(LOG_INFO, 'Operational CA is present\n');
 		return 0;
 	}

-	set_est_server();	
+	set_est_server();

-	let ret = system('curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7');
+	let curl_cmd = 'curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7';
+	ulog(LOG_INFO, `Executing: ${curl_cmd}\n`);
+	let ret = system(curl_cmd);
 	if (!ret)
 		ret = p7_too_pem('/tmp/' + cert_prefix + '.ca.nohdr.p7', '/etc/ucentral/' + cert_prefix + '.ca');
 	if (ret) {
-		ulog(LOG_INFO, 'Failed to load CA\n');
+		ulog(LOG_INFO, `Failed to load CA (exit code: ${ret})\n`);
 		return 1;
 	}
 	system('cat /etc/ucentral/openlan.pem >> /etc/ucentral/' + cert_prefix + '.ca');
--- a/feeds/tip/tip-defaults/files/etc/ucentral/insta.pem
+++ b/feeds/tip/tip-defaults/files/etc/ucentral/insta.pem
@@ -7,3 +7,6 @@ MIIFIDCCAwigAwIBAgICDnkwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3BlbkxBTiBEZW1vIFJv
 -----BEGIN CERTIFICATE-----
 MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3BlbkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAaMRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvMHwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenqc4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5OohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9PIhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9QzRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0VTzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzPKRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbfRXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQABo2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQUlGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0JoWhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dUWmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZh5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqfH+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1ncHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJXbZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1dashL0CPsbIJ
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgICCQYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3BlbkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTY0MVoXDTQ1MDUxNDA5MjY0MVowJDEiMCAGA1UEAwwZT3BlbkxBTiBTZXJ2ZXIgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALSdJpzwPfQM9oHBGt6w8UDLDJNznxI7cpfl0u0xVCHN1YY7onpwxFVkFRzUx/JrQ/tbEGZH19XtngaCZ91KbGbqVao9S32H0tyn2t3eTJ5h+klJ7+7YAbZr8UfOi3nG4bZzNSa5dDBPaNPvI51byKDN7siXXnALV3f0l6lZgDpLQco/E7ANU3lslUVjVNALfFUEonDyP7XV+lFAyidpjIn6dRn7oYs3SUwkzZUntYJAhAykmxXMWox+85gDkdb+2O3G8ci0uHVbb0A9LP+MeIhzxHgnnAMfWLfEZexdmEd2PwVHaz/D2Xp/gYrpPDTsbqWjQ9NmgdASwqN5j8BuJ8vHDVBVCztVDltm6JPw3Y6GQPN1LmiSLUzst7VYpydUJRDHYIAKJhT9DYxQ126VfiyMo6Xl4IQO8YZ/J6r8yR7gyvyUiBW+wvvC1bCY5+VuI4P/cY+6iA1qwC1SOWjYlccy+tbfGj9zr32Qf27e9RXSAkcATHen1rc/9AGEeAuSpKrzhmZIIvM4+EtYgbBvf91NkP51zbGpvsAbfWN/ecNmqH9SeyrrVgv68Z34hMijCcvJNyIvloo3nkb/gHYV4tAiwTTrX13Rio/8qNF4nwHLsjw0t7jEyRiXdOciePyhGbtdicuiUxrShzbGY7ID0yNwyTKcJYhorL/8r+YFpsXrAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQUBwUkiaCh5hdY+ZH6O8NmEE/nH5EwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGXBggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEAqEk5ZJdpMVr2U0YhmqEU6gqxEeih9MWKcQfmsT/lhf5m5V7VuLMc3r+EBCsPssw60umdQcAU2IPlJXLAeWwdRyY7ZNNwQVgl9GBI/CM2b7x18+12/llCdXW9FOagdChTuuhwRnGTt71jcrJkleQyEYhqwwIEN82hxq4HSZO6XJDev4IsMRF00+qt8biJcf7OVGOSLoyiU6Dm/EzxoB+DZf3HdUc0vzfVjD4Im+yYzqXuwWV6c9oIBQH6obzaqlpg926CtEBFR8E1LQe93ahMvF7pExpIOkE5PTuqONvy7Xn3Ui8NRxHhmm8j/unql6bUTGENz9s68n8Im7weq6awC9Hfu8aGWjcnXI7tsDY5uJEguP5fSwCUrdTE85XgPgPHeKaIwBZsyRZTqVSvbky+c15Yv6ITXLWoA0AUxz9ste3WpqiWCNJVI90MCruSYKdpXGV0KU3QQXJDMKhHJBF5DLpuKiboFfh9O8pB7B4/tJ76JpAc6Z0rfaQUo2vxSpb3Sbd/IHNcL08zB8Ay+YUBULspxe+1StKthmCzCHI9DOhIgeASyNBpcL7uZPjCXiYGhUuzsFGv4sQ+d267Jyvql/Piw/vYg1k2aVBfdIoIU4TpIEVyQqPz4aAW+0SgL7OM+/zD9jxn3gVdusCpmHcoTzOfZRriH0FGIeDSQydpOJU=
+-----END CERTIFICATE-----
--- a/feeds/ucentral/ucentral-client/Makefile
+++ b/feeds/ucentral/ucentral-client/Makefile
@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-client
 PKG_RELEASE:=1

 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-client.git
-PKG_MIRROR_HASH:=2935998d6074f0c290d9b96c2988c89aae6f405608f12a0063fa7215498bae9a
+PKG_MIRROR_HASH:=1cc7ab3d041221610d8da8b4e3a4c87749508e6fee81194b5cca28065dc86d75
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-08-11
-PKG_SOURCE_VERSION:=549e84e5fea7230c5471d6a3dbddcc7d3152f665
+PKG_SOURCE_DATE:=2025-11-25
+PKG_SOURCE_VERSION:=cb17a7819f558fb22e56bb20102ce98f24e5f3eb

 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
--- a/feeds/ucentral/ucentral-client/files/etc/init.d/ucentral
+++ b/feeds/ucentral/ucentral-client/files/etc/init.d/ucentral
@@ -35,7 +35,8 @@ start_service() {
 	#config_get server 'config' 'server'
 	#config_get port 'config' 'port'
 	config_get debug 'config' 'debug' 0
-	config_get insecure 'config' 'insecure' 0
+	insecure=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["allow-self-signed"]')
+	config_get insecure 'config' 'insecure' $insecure

 	if [ -f /etc/ucentral/restrictions.json ]; then
 		selfsigned=$(cat /etc/ucentral/restrictions.json | jsonfilter -e '@["allow-self-signed"]')
@@ -46,6 +47,9 @@ start_service() {
 	port=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["port"]')
 	[ -n "$server" -a -n "$port" ] || return 0

+	cert=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["cert"]')
+	ca=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["ca"]')
+
 	boot_cause=$(cat /tmp/pstore | jsonfilter -e '@["pstore"][-1]'.boot_cause)
 	[ -z $boot_cause ] && boot_cause=coldboot
 	procd_open_instance
@@ -55,8 +59,9 @@ start_service() {
 	procd_append_param command -P $port
 	[ "$debug" -eq 0 ] || procd_append_param command -d
 	[ "$insecure" -eq 0 ] || procd_append_param command -i
+	[ -n "$cert" -a -n "$ca" ] && procd_append_param command -c $cert -C $ca
 	[ -z "$(mount | grep 'tmpfs on / type tmpfs')" ] || procd_append_param command -r
-	procd_append_param command -c "$boot_cause"
+	procd_append_param command -b "$boot_cause"
 	procd_append_param command -f "$(cat /tmp/ucentral.version)"
 	procd_set_param respawn 3600 5 0
 	procd_close_instance
--- a/feeds/ucentral/ucentral-schema/Makefile
+++ b/feeds/ucentral/ucentral-schema/Makefile
@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-schema
 PKG_RELEASE:=1

 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
-PKG_MIRROR_HASH:=c0f43db0530a38eb424e81908ad47a14e1d4d8f8a86eb148e34f98187c79ba6b
+PKG_MIRROR_HASH:=7eac2e19363e3810b0980afd0ae9ce63e11b7da0f5ccff5ff6b3c8c0e2c07a3e
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-10-16
-PKG_SOURCE_VERSION:=dc9cad95641266a08de73aab85d931d992090159
+PKG_SOURCE_DATE:=2025-12-05
+PKG_SOURCE_VERSION:=384eba5c0ecfe9ec0b09864752c3516937aec9db
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

--- a/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/vxlan.json
+++ b/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/vxlan.json
@@ -38,7 +38,8 @@
 			"ipv4": {
 				"addressing": "static",
 				"subnet": "10.0.0.2/24",
-				"gateway": "10.0.0.1"
+				"gateway": "10.0.0.1",
+				"use-dns": ["10.0.0.1"]
 			},
 			"ssids": [
 				{
--- a/feeds/ucentral/udhcpinject/src/udhcpinject.h
+++ b/feeds/ucentral/udhcpinject/src/udhcpinject.h
@@ -14,7 +14,7 @@

 #define CONFIG_PATH "/etc/config/dhcpinject"

-#define IWINFO_CMD "iwinfo | grep %s -A2 | grep '.*Channel:.*\\(%s\\..*\\) GHz' -B2 | awk '/ESSID/{print $1} /Access Point/{gsub(/:/, \"\", $3); print $3}'"
+#define IWINFO_CMD "iwinfo | grep '\"%s\"$' -A2 | grep '.*Channel:.*\\(%s\\..*\\) GHz' -B2 | awk '/ESSID/{print $1} /Access Point/{gsub(/:/, \"\", $3); print $3}'"

 static pcap_t 		*handle = NULL;

--- a/profiles/zyxel_nwa210be.yml
+++ b/profiles/zyxel_nwa210be.yml
@@ -0,0 +1,16 @@
+---
+profile: zyxel_nwa210be
+target: ipq53xx
+subtarget: generic
+description: Build image for the zyxel nwa210be
+image: bin/targets/ipq53xx/generic/openwrt-ipq53xx-zyxel_nwa210be-squashfs-sysupgrade.tar
+feeds:
+  - name: qca
+    path: ../../feeds/qca-wifi-7
+packages:
+  - ipq53xx
+  - qca-ssdk-shell
+include:
+  - ucentral-ap
+diffconfig: |
+  CONFIG_KERNEL_IPQ_MEM_PROFILE=0
Author	SHA1	Message	Date
John Crispin	7d641524e1	ucentral-schema: fix vxlan.json the upstream section had no DNS Fixes: WIFI-15256 Signed-off-by: John Crispin <john@phrozen.org>	2025-12-05 11:14:07 +01:00
John Crispin	bf3781e793	ucentral-schema: update to latest HEAD 384eba5 radio: apply HE settings for EHT modes Signed-off-by: John Crispin <john@phrozen.org>	2025-12-05 10:55:25 +01:00
Venkat Chimata	415a512450	ath11k: Synchronize num_peers with the actual peer count when out of sync Description: The num_peers counter does not always update at the exact moment a peer is deleted. Since deletion and decrement are not fully atomic, there are scenarios where num_peers can drift out of sync with the actual number of peers. Fix: A complete rewrite of the num_peers update logic—ensuring fully correct increment/decrement handling during peer insertion and deletion—would require significant effort and QA validation. As an immediate and effective solution, this patch synchronizes num_peers with the actual peer count whenever a mismatch is detected. Fixes WIFI-14998 and indirectly resolves WIFI-15202. Signed-off-by: Venkat Chimata <venkat@nearhop.com>	2025-12-05 07:28:59 +01:00
Venkat Chimata	194109d317	ath11k: Fix memory leak in ath11k_qmi_driver_event_work The buffer pointed to by event is not freed in case ATH11K_FLAG_UNREGISTERING bit is set, resulting in memory leak, so fix it. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Signed-off-by: Baochen Qiang <bqiang@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210913180246.193388-4-jouni@codeaurora.org Signed-off-by: Venkat Chimata <venkat@nearhop.com>	2025-12-05 07:28:59 +01:00
Venkat Chimata	d64e3c8d14	wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add missing crypto_free_shash() to fix this. Fixes: 243874c64c81 ("ath11k: handle RX fragments") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230102081142.3937570-1-linmq006@gmail.com Signed-off-by: Venkat Chimata <venkat@nearhop.com>	2025-12-05 07:28:59 +01:00
Oleksandr Mazur	a81fe1274b	ath11k: fix memory leak when peer lookup fails in dp rx path In the DP RX path, fast_rx is set to true by default. Currently, if peer lookup fails in ath11k_dp_rx_h_mpdu(), the SKB is not sent to the network stack or mac80211 because fast_rx remains true. This results in a memory leak. Fix this by setting fast_rx = false when peer lookup fails in ath11k_dp_rx_h_mpdu(), ensuring the SKB is properly delivered to mac80211 via ath11k_dp_rx_deliver_msdu(). Fixes: WIFI-15202 Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>	2025-12-05 07:28:59 +01:00
John Crispin	05b5bae4aa	ath11k: fix num_peers counter corruption and add debug logging The num_peers counter becomes corrupted during peer deletion due to race conditions between ath11k_peer_delete() and ath11k_peer_unmap_event(). The firmware may or may not send unmap events, and the timing varies, causing the counter to either leak (increment without decrement) or underflow (double decrement). Root causes: 1. ath11k_peer_delete() doesn't decrement num_peers, relying on ath11k_peer_unmap_event() to do it 2. Firmware sometimes doesn't send unmap events, leaving num_peers inflated 3. When unmap events do arrive, timing races with ath11k_peer_delete() can cause missed decrements 4. Cleanup paths may double-decrement if delete_in_progress not checked 5. num_peers modified outside proper locking in some paths This fix: - Moves num_peers decrement into ath11k_peer_delete() after successful peer deletion wait, ensuring exactly one decrement per deletion - Handles both cases: peer removed by unmap event, or peer still in list - Removes num_peers decrement from ath11k_peer_unmap_event() to prevent double-decrement when unmap event arrives - Adds ath11k_dp_peer_cleanup() call before ath11k_peer_delete() in roaming path to ensure datapath structures properly cleaned up - Adds delete_in_progress checks in cleanup paths to prevent double-delete - Ensures all num_peers modifications happen under base_lock - Adds comprehensive debug logging to track num_peers throughout peer lifecycle Signed-off-by: Arif Alam <arif.alam@netexperience.com> Signed-off-by: John Crispin <john@phrozen.org>	2025-12-05 07:28:59 +01:00
Venkat Chimata	fbca032f4c	WIFI-14998: wifi: ap: mitigate peer-delete WMI timeout to reduce blind period & prevent peer leaks 1. When a connected client roams to another AP, the AP is trying to delete the peer but for some reason the WMI command times out and while driver is waiting for the response, we observed that the AP doesn't respond to any frames from STA (probe requests, authentication etc) and once the response times out (3seconds default) then AP starts responding to the older requets but client has already connected to another AP. As the root cause for the response timing out is in the FW, we added a WAR to reduce the timeout to minimize this blind period, with this AP responds after 100ms and client connects successfully. And 100ms timeout is also reasonable for this internal operation. 2. In case of peer deletion timeout, the driver peer database is not cleared, so, if this happens often (which it is) then eventually we hit the max peers in the driver and all subsequent operations fail, so, in case of timeout ignore the failure and proceed with driver peer database cleanup. Signed-off-by: Venkat Chimata <venkat@nearhop.com>	2025-12-05 07:28:59 +01:00
John Crispin	e2083316cc	ucentral-client: update to latest HEAD cb17a78 ucentral-client: Add command-line options for certificate paths Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:42:31 +01:00
John Crispin	0173442dc0	cloud_discovery: add bind-dig dependency Add bind-dig package dependency required for CAA record lookups in est_client, which uses the dig command to query DNS for EST server discovery. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	cd0bbfb9c3	cloud_discovery: use .local TLD for standard FQDN discovery Change standard FQDN from 'openwifi.network' to 'openwifi.wlan.local' to prevent DNS hijacking attacks. The .local TLD is reserved for local network use (mDNS) and cannot be registered in public DNS, ensuring that discovery traffic cannot be redirected to attacker-controlled infrastructure. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	0f979f2b1f	cloud_discovery: run EST enrollment within DHCP discovery flow Move EST client enrollment to occur immediately after successful DHCP discovery and before starting the ucentral client. This ensures controller-specific certificates are enrolled before attempting to connect. If EST enrollment fails during DHCP discovery, the client will not be started. Adjust interval_handler to call EST enrollment after DHCP discovery attempt rather than before, ensuring proper certificate handling for DHCP-discovered controllers. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	371edb568f	est_client: switch to dig for CAA lookups and improve logging Replace resolv module usage with dig command for CAA record lookups to simplify DNS query handling. Reorganise cert_prefix_determine() to prioritise controller-specific FQDN from cloud.json before checking discovery method. Add extensive debug logging throughout to aid troubleshooting of EST enrollment process, including curl commands and exit codes. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	0ce1a987da	tip-defaults: add OpenLAN Server Issuing CA certificate The air-gapped EST server uses a certificate signed by the OpenLAN Server Issuing CA. This certificate is used to ensure mTLS authentication when the device connects to the EST server. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	af9a7bdb35	cloud_discovery: allow DNS rebind for controller FQDNs Add dnsmasq_rebind_allow() function to automatically whitelist controller FQDNs for private IP resolution in air-gapped deployments. When dnsmasq's boguspriv option is enabled (default), it blocks DNS responses containing private IP addresses (RFC 1918) as a security measure. This prevents DHCP Option 224 from resolving controller FQDNs to local private IPs in air-gapped networks. Solution: Inject rebind-domain-ok directives into /tmp/dnsmasq.d/ directory, which dnsmasq automatically includes via --conf-dir option. Behaviour: - DHCP discovery: Whitelist FQDN from dhcp_server field - Standard FQDN discovery: Whitelist openwifi.network - Centralized discovery: No changes (public IPs not affected) This maintains security by only allowing specific controller domains to resolve to private IPs whilst filtering all other RFC 1918 responses. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	0589fb7f5f	est_client: support FQDN-based certificate naming Add cert_prefix_determine() function that reads discovery method from /tmp/discovery.method and determines appropriate certificate naming: - Centralized (OpenLAN redirector): operational.pem/operational.ca - Air-gapped (DHCP/FQDN/Flash): <controller-fqdn>.pem/<controller-fqdn>.ca The FQDN is extracted from the controller address in /tmp/cloud.json (DHCP Option 224). This enables APs to enrol and store separate operational certificates for multiple controllers, supporting portability between centralized and air-gapped deployments without certificate conflicts. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	2009b5eb90	cloud_discovery: add certificate paths to gateway.json Extend gateway.json to include cert and ca fields specifying which certificate files the client should use for the connection. Certificate naming strategy: - Centralized (redirector discovery): operational.pem/operational.ca - Air-gapped (DHCP/FQDN/Flash): <fqdn>.pem/<fqdn>.ca Write discovery method to /tmp/discovery.method so est_client can determine appropriate certificate naming when enrolling. This enables APs to maintain separate operational certificates for multiple controllers and automatically select the correct certificates based on which controller they're connecting to. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	4865aabdb3	certificates: copy all certificates at boot Modify early_boot init script to copy all .pem and .ca files from /certificates/ to /etc/ucentral/ instead of only operational.pem and operational.ca. This enables support for multiple trust chains where certificates are stored with FQDN-based names (e.g., controller.example.com.pem) alongside the traditional operational.pem. The simple wildcard copy allows air-gapped deployments to maintain certificates for multiple controllers without complex logic. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	90e2f3452d	cloud_discovery: add standard FQDN fallback discovery Add discovery method that attempts to resolve a standard FQDN when DHCP discovery fails. This enables zero-touch provisioning in environments where administrators configure DNS without modifying DHCP infrastructure. The standard FQDN is configurable via STANDARD_FQDN constant (defaults to "openwifi.network"). Administrators can configure their local DNS to resolve this FQDN to their controller, allowing APs to discover the controller automatically. Discovery priority order: 1. EST enrollment (blocking) 2. DHCP discovery (Option 224/138) 3. Flash-based configuration 4. Standard FQDN resolution (NEW) 5. Cloud redirector service (internet-connected only) The implementation uses the resolv module for DNS queries, performing A record lookups. If resolution fails, discovery continues to the next method. The standard FQDN method integrates with the existing discovery block list mechanism to prevent repeated failed attempts. Note: The boguspriv dnsmasq option may prevent FQDNs from resolving to private IPs. Administrators should either use CG NAT Safe IP addresses (100.64.0.0/10) or configure dnsmasq with rebind-domain-ok exceptions. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
John Crispin	b499eceebe	cloud_discovery: add CAA DNS-based EST server discovery Implement EST server discovery via CAA DNS records for air-gapped deployments. When DHCP Option 224 provides a controller FQDN, query CAA records to determine the appropriate EST server endpoint. The discovery flow: 1. Read controller FQDN from /tmp/cloud.json (set by DHCP handler) 2. Query CAA records for the controller domain 3. Use EST server from CAA 'issue' tag if present 4. Fall back to certificate issuer-based selection if CAA lookup fails This allows network administrators to configure local EST servers via DNS rather than relying on hardcoded public endpoints. Air-gapped deployments can now specify private EST servers through standard DNS infrastructure. Example DNS configuration: controller.local. IN CAA 0 issue "est.local:8001" When an AP receives controller.local via DHCP Option 224, it will query CAA records and use est.local:8001 for certificate enrollment instead of the public est.certificates.open-lan.org endpoint. Signed-off-by: John Crispin <john@phrozen.org>	2025-12-04 12:31:17 +01:00
Jimmy Cheng	2e316ef076	qca-wifi-7: Add Zyxel NWA210BE model Signed-off-by: YenLin Pan <YenLin.Pan@zyxel.com.tw>	2025-12-04 12:30:45 +01:00
ruanyaoyu	eac3e7dc2e	qca-wifi-7: fix 6Ghz multiple_bssid configuration Fixes: WIFI-15260 Signed-off-by: ruanyaoyu <ruanyaoyu@cigtech.com>	2025-12-04 12:29:04 +01:00
Kumiko18	61c858f3a9	udhcpinject: Fail to get interface information for SSIDs with space Quote SSIDs as string literal Fixes: WIFI-15239 Signed-off-by: Kumiko18 <alex18_huang@accton.com>	2025-12-04 12:26:49 +01:00