ucentral-schema: update to latest HEAD

* minor fixes to handling of boolean values

Signed-off-by: John Crispin <john@phrozen.org>

.github/actions/create-ami-from-image/action.yml

@@ -1,39 +0,0 @@
-name: Create AMI from firmware image in S3 bucket
-
-inputs:
-  firmware_image_name:
-    description: Name of the firmware image
-    required: true
-  firmware_image_s3_bucket:
-    description: Name of the S3 bucket where the image resides
-    required: true
-
-runs:
-  using: "composite"
-  steps:
-    - name: Import snapshot based on firmware image
-      id: import_snapshot
-      shell: bash
-      run: |
-        echo "import_task_id=$(aws ec2 import-snapshot --description '${{ inputs.firmware_image_name }}' --disk-container 'Format=raw,UserBucket={S3Bucket=${{ inputs.firmware_image_s3_bucket }},S3Key=${{ inputs.firmware_image_name }}}' | jq -r '.ImportTaskId')" >> $GITHUB_OUTPUT
-
-    - name: Wait for import task to complete and get snapshot ID
-      id: get_snapshot_id
-      shell: bash
-      run: |
-        IMPORT_TASK_STATUS=""
-        while [[ $IMPORT_TASK_STATUS != 'completed' ]]; do
-          IMPORT_TASK_STATUS=$(aws ec2 describe-import-snapshot-tasks --import-task-ids ${{ steps.import_snapshot.outputs.import_task_id }} | jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail.Status')
-          echo "Import task status is $IMPORT_TASK_STATUS, waiting for completion."
-        done
-        echo "id=$(aws ec2 describe-import-snapshot-tasks --import-task-ids ${{ steps.import_snapshot.outputs.import_task_id }} | jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail.SnapshotId')" >> $GITHUB_OUTPUT
-
-    - name: Tag snapshot with image name
-      shell: bash
-      run: |
-        aws ec2 create-tags --resources ${{ steps.get_snapshot_id.outputs.id }} --tags 'Key=Name,Value=${{ inputs.firmware_image_name }}'
-
-    - name: Register AMI based on snapshot
-      shell: bash
-      run: |
-        aws ec2 register-image --name '${{ inputs.firmware_image_name }}' --root-device-name /dev/xvda --block-device-mappings 'DeviceName=/dev/xvda,Ebs={SnapshotId=${{ steps.get_snapshot_id.outputs.id }}}'

.github/workflows/build-dev.yml

@@ -1,34 +1,20 @@
 name: Build OpenWrt/uCentral images
 
-env:
-  AWS_DEFAULT_OUTPUT: json
-  AWS_DEFAULT_REGION: us-east-1
-  AWS_S3_BUCKET_NAME: ucentral-ap-firmware
-  AWS_ACCOUNT_ID: ${{ secrets.UCENTRAL_S3_ACCOUNT_ID }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.UCENTRAL_S3_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.UCENTRAL_S3_ACCESS_KEY_SECRET }}
-
 on:
   push:
-    branches: [ main, next, staging-* ]
+    branches: [ uCentral-* ]
     tags: [ v* ]
 
 jobs:
   build:
-    runs-on: ubuntu-22.04
-    outputs:
-      x64_vm_image_name: ${{ steps.package_and_upload_image.outputs.x64_vm_image_name }}
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        target: [ 'cig_wf189h', 'cig_wf189w', 'cig_wf660a', 'cig_wf672', 'cig_wf186h', 'cig_wf186w', 'cig_wf188n', 'cig_wf189', 'cig_wf196', 'cig_wf196', 'cybertan_eww631-a1', 'cybertan_eww631-b1', 'sonicfi_rap630w-312g', 'sonicfi_rap63xc-211g', 'sonicfi_rap630c-311g', 'sonicfi_rap630w-311g', 'sonicfi_rap630w-211g', 'sonicfi_rap650c', 'sonicfi_rap7110c-341x', 'sonicfi_rap750e-h', 'sonicfi_rap750e-s', 'sonicfi_rap750w-311a', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_eap105', 'edgecore_eap111', 'edgecore_eap112', 'edgecore_oap101', 'edgecore_oap101-6e', 'edgecore_oap101e', 'edgecore_oap101e-6e', 'edgecore_oap103', 'hfcl_ion4xe', 'hfcl_ion4xi', 'hfcl_ion4x', 'hfcl_ion4x_2', 'hfcl_ion4x_3', 'hfcl_ion4xi_w', 'hfcl_ion4x_w', 'indio_um-305ax', 'senao_iap4300m', 'senao_iap2300m', 'senao_jeap6500', 'udaya_a6-id2', 'udaya_a6-od2', 'yuncore_ax820', 'yuncore_ax840', 'yuncore_fap640', 'yuncore_fap650', 'yuncore_fap655', 'emplus_wap588m', 'zyxel_nwa130be', 'sercomm_ap72tip-v4' ]
-    steps:
-    - uses: actions/checkout@v3
+        target: ['cig_wf188', 'cig_wf194c', 'cig_wf160d', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_ssw2ac2600', 'edgecore_spw2ac1200', 'indio_um-305ac', 'linksys_e8450-ubi', 'linksys_ea8300', 'mikrotik_nand', 'tplink_cpe210_v3', 'tplink_cpe510_v3', 'tplink_eap225_outdoor_v1', 'tplink_ec420', 'tplink_ex227', 'tplink_ex228', 'tplink_ex447', 'wallys_dr40x9' ]
 
-    # Clean unnecessary files to save disk space
-    - name: clean unncessary files to save space
-      run: |
-        docker rmi `docker images -q` || true
+    steps:
+    - uses: actions/checkout@v2
 
     - name: Build image for ${{ matrix.target }}
       id: build
@@ -38,12 +24,17 @@ jobs:
         make -j TARGET=${{ matrix.target }}
 
     - name: Package and upload image for ${{ matrix.target }}
-      id: package_and_upload_image
       env:
           GH_BUILD_USERNAME: ${{ secrets.GH_BUILD_USERNAME }}
           GH_BUILD_PASSWORD: ${{ secrets.GH_BUILD_PASSWORD }}
           ARTIFACTORY_USERNAME: cicd-indoor-main
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+          AWS_S3_BUCKET_NAME: ucentral-ap-firmware
+          AWS_DEFAULT_OUTPUT: json
+          AWS_DEFAULT_REGION: us-east-1
+          AWS_ACCOUNT_ID: ${{ secrets.UCENTRAL_S3_ACCOUNT_ID }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.UCENTRAL_S3_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.UCENTRAL_S3_ACCESS_KEY_SECRET }}
       run: |
         LOWERCASE_TARGET=`echo ${{ matrix.target }} | tr '[:upper:]' '[:lower:]'`
         HASH=$(git rev-parse --short HEAD)
@@ -51,10 +42,8 @@ jobs:
         if [[ ${GITHUB_REF} == "refs/heads/"* ]]
         then
           REF=$(echo ${GITHUB_REF#refs/heads/} | tr '/' '-')
-          IS_RELEASE="false"
         else
           REF=$(echo ${GITHUB_REF#refs/tags/} | tr '/' '-')
-          IS_RELEASE="true"
         fi
 
         BASENAME="$(date +%Y%m%d)-$LOWERCASE_TARGET-$REF-$HASH"
@@ -71,36 +60,4 @@ jobs:
         [ -f openwrt/tmp/image-file ] && curl -u $GH_BUILD_USERNAME:$GH_BUILD_PASSWORD -T "latest-upgrade.json" "https://tip.jfrog.io/artifactory/tip-wlan-ap-firmware/uCentral/$LOWERCASE_TARGET/latest-upgrade.json"
 
         [ -f openwrt/tmp/image-file ] && aws s3 cp --acl public-read --content-type "application/octet-stream" "openwrt/$(cat openwrt/tmp/image-file)" "s3://$AWS_S3_BUCKET_NAME/$IMG_NAME"
-        [ -f openwrt/tmp/image-file ] && aws s3api put-object-tagging --bucket "$AWS_S3_BUCKET_NAME" --key "$IMG_NAME" --tagging "{\"TagSet\":[{\"Key\":\"release\",\"Value\":\"$IS_RELEASE\"}]}"
         [ -f openwrt/tmp/image-file ] && aws s3 cp --acl public-read --content-type "application/json" "latest-upgrade.json" "s3://$AWS_S3_BUCKET_NAME/$JSON_NAME"
-        [ -f openwrt/tmp/image-file ] && aws s3api put-object-tagging --bucket "$AWS_S3_BUCKET_NAME" --key "$JSON_NAME" --tagging "{\"TagSet\":[{\"Key\":\"release\",\"Value\":\"$IS_RELEASE\"}]}"
-
-        if [ ${{ matrix.target }} == 'x64_vm' ]; then
-          echo "x64_vm_image_name=$(echo $IMG_NAME)" >> $GITHUB_OUTPUT
-        fi
-
-  trigger-testing:
-    runs-on: ubuntu-22.04
-    needs: build
-    if: startsWith(github.ref, 'refs/tags/v')
-    steps:
-    - name: Trigger testing of release
-      uses: peter-evans/repository-dispatch@v1
-      with:
-        token: ${{ secrets.WLAN_TESTING_PAT }}
-        repository: Telecominfraproject/wlan-testing
-        event-type: new-ap-release
-        client-payload: '{"ref": "${GITHUB_REF#refs/tags/}", "sha": "${{ github.sha }}"}'
-
-  create-x64_vm-ami:
-    runs-on: ubuntu-22.04
-    needs: build
-    if: startsWith(github.ref, 'refs/tags/v')
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Use create-ami-from-image composite action
-      uses: ./.github/actions/create-ami-from-image
-      with:
-        firmware_image_name: ${{ needs.build.outputs.x64_vm_image_name }}
-        firmware_image_s3_bucket: ${{ env.AWS_S3_BUCKET_NAME }}

.github/workflows/x64_vm-build-test.yml

@@ -1,88 +0,0 @@
-name: Test x64_vm build and AMI creation
-
-env:
-  AWS_DEFAULT_OUTPUT: json
-  AWS_DEFAULT_REGION: us-east-1
-  AWS_S3_BUCKET_NAME: ucentral-ap-firmware
-  AWS_ACCOUNT_ID: ${{ secrets.UCENTRAL_S3_ACCOUNT_ID }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.UCENTRAL_S3_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.UCENTRAL_S3_ACCESS_KEY_SECRET }}
-
-on:
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    outputs:
-      x64_vm_image_name: ${{ steps.package_and_upload_image.outputs.x64_vm_image_name }}
-    strategy:
-      fail-fast: false
-      matrix:
-        target: ['x64_vm']
-
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Build image for ${{ matrix.target }}
-      id: build
-      run: |
-        git config --global user.email "you@example.com"
-        git config --global user.name "Your Name"
-        make -j TARGET=${{ matrix.target }}        make -j TARGET=${{ matrix.target }}
-
-    - name: Package and upload image for ${{ matrix.target }}
-      id: package_and_upload_image
-      env:
-        GH_BUILD_USERNAME: ${{ secrets.GH_BUILD_USERNAME }}
-        GH_BUILD_PASSWORD: ${{ secrets.GH_BUILD_PASSWORD }}
-        ARTIFACTORY_USERNAME: cicd-indoor-main
-        ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
-      run: |
-        LOWERCASE_TARGET=`echo ${{ matrix.target }} | tr '[:upper:]' '[:lower:]'`
-        HASH=$(git rev-parse --short HEAD)
-
-        if [[ ${GITHUB_REF} == "refs/heads/"* ]]
-        then
-          REF=$(echo ${GITHUB_REF#refs/heads/} | tr '/' '-')
-          IS_RELEASE="false"
-        else
-          REF=$(echo ${GITHUB_REF#refs/tags/} | tr '/' '-')
-          IS_RELEASE="true"
-        fi
-
-        BASENAME="$(date +%Y%m%d)-$LOWERCASE_TARGET-$REF-$HASH"
-        TAR_NAME="$BASENAME.tar.gz"
-        IMG_NAME="$BASENAME-upgrade.bin";
-        JSON_NAME="$BASENAME.json";
-
-        tar cfz "$TAR_NAME" -C openwrt/bin/targets/ .
-        curl -s -u $GH_BUILD_USERNAME:$GH_BUILD_PASSWORD -T "$TAR_NAME" "https://tip.jfrog.io/artifactory/tip-wlan-ap-firmware/uCentral/$LOWERCASE_TARGET/"$TAR_NAME""
-        IMG_NAME="$BASENAME-upgrade.bin";
-        TIP_VERSION="$(grep DISTRIB_TIP= openwrt/tmp/openwrt_release | cut -d\' -f2)"
-        echo -e "{\n\t\"image\":\""${IMG_NAME}"\",\n\t\"revision\": \""${TIP_VERSION}"\",\n\t\"timestamp\":\""$(date +%s)"\",\n\t\"compatible\": \""${LOWERCASE_TARGET}"\"\n}" > latest-upgrade.json
-        [ -f openwrt/tmp/image-file ] && curl -s -u $GH_BUILD_USERNAME:$GH_BUILD_PASSWORD -T "openwrt/$(cat openwrt/tmp/image-file)" "https://tip.jfrog.io/artifactory/tip-wlan-ap-firmware/uCentral/$LOWERCASE_TARGET/"$IMG_NAME""
-        [ -f openwrt/tmp/image-file ] && curl -s -u $GH_BUILD_USERNAME:$GH_BUILD_PASSWORD -T "latest-upgrade.json" "https://tip.jfrog.io/artifactory/tip-wlan-ap-firmware/uCentral/$LOWERCASE_TARGET/latest-upgrade.json"
-
-        [ -f openwrt/tmp/image-file ] && aws s3 cp --acl public-read --content-type "application/octet-stream" "openwrt/$(cat openwrt/tmp/image-file)" "s3://$AWS_S3_BUCKET_NAME/$IMG_NAME"
-        [ -f openwrt/tmp/image-file ] && aws s3api put-object-tagging --bucket "$AWS_S3_BUCKET_NAME" --key "$IMG_NAME" --tagging "{\"TagSet\":[{\"Key\":\"release\",\"Value\":\"$IS_RELEASE\"}]}"
-        [ -f openwrt/tmp/image-file ] && aws s3 cp --acl public-read --content-type "application/json" "latest-upgrade.json" "s3://$AWS_S3_BUCKET_NAME/$JSON_NAME"
-        [ -f openwrt/tmp/image-file ] && aws s3api put-object-tagging --bucket "$AWS_S3_BUCKET_NAME" --key "$JSON_NAME" --tagging "{\"TagSet\":[{\"Key\":\"release\",\"Value\":\"$IS_RELEASE\"}]}"
-
-        if [[ ${{ matrix.target }} == 'x64_vm' ]]; then
-            echo "x64_vm_image_name=$(echo $IMG_NAME)" >> $GITHUB_OUTPUT
-        fi
-
-  create-x64_vm-ami:
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        ref: WIFI-7206-add-workflow-to-build-virtual-ap-image
-
-    - name: Use create-ami-from-image composite action
-      uses: ./.github/actions/create-ami-from-image
-      with:
-        firmware_image_name: ${{ needs.build.outputs.x64_vm_image_name }}
-        firmware_image_s3_bucket: ${{ env.AWS_S3_BUCKET_NAME }}

LICENSE

@@ -1,28 +0,0 @@
-BSD 3-Clause License
-
-Copyright (c) 2024, Telecom Infra Project
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
-   contributors may be used to endorse or promote products derived from
-   this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -1,83 +1,20 @@
-# OpenWiFi AP NOS
+# Setting up your build machine
 
-OpenWrt-based access point network operating system (AP NOS) for TIP OpenWiFi.
-Read more at [openwifi.tip.build](https://openwifi.tip.build/).
+Requires a recent linux installation. Older systems without python 3.7 will have trouble.  See this link for details: https://openwrt.org/docs/guide-developer/quickstart-build-images
 
-## Building
+Install build packages:  sudo apt install build-essential libncurses5-dev gawk git libssl-dev gettext zlib1g-dev swig unzip time rsync python3 python3-setuptools python3-yaml.
 
-### Setting up your build machine
-
-Building requires a recent Linux installation. Older systems without Python 3.7
-will have trouble. See this guide for details:
-https://openwrt.org/docs/guide-developer/toolchain/beginners-build-guide
-
-Install build packages on Debian/Ubuntu (or see above guide for other systems):
+# Doing a native build on Linux
+First we need to clone and setup our tree. This will result in an openwrt/.
 ```
-sudo apt install build-essential libncurses5-dev gawk git libssl-dev gettext zlib1g-dev swig unzip time rsync python3 python3-setuptools python3-yaml
+./setup.py --setup
 ```
-
-### Doing a native build on Linux
-
-Use `./build.sh <target>`, or follow the manual steps below:
-
-1. Clone and set up the tree. This will create an `openwrt/` directory.
-```shell
-./setup.py --setup    # for subsequent builds, use --rebase instead
+Next we need to select the profile and base package selection. This setup will install the feeds, packages and generate the .config file.
 ```
-
-2. Select the profile and base package selection. This setup will install the
-   feeds and packages and generate the `.config` file.
-```shell
 cd openwrt
-./scripts/gen_config.py linksys_ea8300
+./scripts/gen_config.py ea8300
 ```
-
-3. Build the tree (replace `-j 8` with the number of cores to use).
-```shell
-make -j 8 V=s
+Finally we can build the tree.
+```
+make -j X V=s
 ```
-
-### Build output
-
-The build results are located in the `openwrt/bin/` directory:
-
-| Type             | Path                                                 |
-| ---------------- | ---------------------------------------------------- |
-| Firmware images  | `openwrt/bin/targets/<target>/<subtarget>/`          |
-| Kernel modules   | `openwrt/bin/targets/<target>/<subtarget>/packages/` |
-| Package binaries | `openwrt/bin/packages/<platform>/<feed>/`            |
-
-## Developer Notes
-
-### Branching model
-
-- `main` - Stable dev branch
-- `next` - Integration branch
-- `staging-*` - Feature/bug branches
-- `release/v#.#.#` - Release branches (*major.minor.patch*)
-
-### Repository structure
-
-Build files:
-- `Makefile` - Calls Docker environment per target
-- `dock-run.sh` - Dockerized build environment
-- `docker/Dockerfile` - Dockerfile for build image
-- `build.sh` - Build script
-- `setup.py` - Clone and set up the tree
-- `config.yml` - Specifies OpenWrt version and patches to apply
-
-Directories:
-- `feeds/` - OpenWiFi feeds
-- `patches/` - OpenWiFi patches applied during builds
-- `profiles/` - Per-target kernel configs, packages, and feeds
-    - [wifi-ax](profiles/wifi-ax.yml): Wi-Fi AX packages
-    - [ucentral-ap](profiles/ucentral-ap.yml): uCentral packages
-    - [x64_vm](profiles/x64_vm.yml): x86-64 VM image
-
-### uCentral packages
-
-AP-NOS packages implementing the uCentral protocol include the following
-repositories (refer to the [ucentral](feeds/ucentral/) feed for a full list):
-- ucentral-client: https://github.com/Telecominfraproject/wlan-ucentral-client
-- ucentral-schema: https://github.com/Telecominfraproject/wlan-ucentral-schema
-- ucentral-wifi: https://github.com/blogic/ucentral-wifi

backports/0001-build-build-kernel-image-before-building-modules-pac.patch

@@ -0,0 +1,48 @@
+From 08be0915e06fb6f2b62c022099e82bb4d849a8c6 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 22 Oct 2020 10:29:34 +0200
+Subject: [PATCH 1/9] build: build kernel image before building
+ modules/packages
+
+This is needed for linux 5.10, where modules.builtin is generated from
+vmlinux.o
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ include/kernel-defaults.mk | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
+index e5a0ba367b..b069c1e671 100644
+--- a/include/kernel-defaults.mk
++++ b/include/kernel-defaults.mk
+@@ -113,7 +113,7 @@ endef
+ 
+ define Kernel/CompileModules/Default
+ 	rm -f $(LINUX_DIR)/vmlinux $(LINUX_DIR)/System.map
+-	+$(KERNEL_MAKE) modules
++	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
+ endef
+ 
+ OBJCOPY_STRIP = -R .reginfo -R .notes -R .note -R .comment -R .mdebug -R .note.gnu.build-id
+@@ -137,7 +137,7 @@ endef
+ 
+ define Kernel/CompileImage/Default
+ 	rm -f $(TARGET_DIR)/init
+-	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
++	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all)
+ 	$(call Kernel/CopyImage)
+ endef
+ 
+@@ -147,7 +147,7 @@ define Kernel/CompileImage/Initramfs
+ 	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
+ 	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
+ 	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
+-	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
++	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all)
+ 	$(call Kernel/CopyImage,-initramfs)
+ endef
+ else
+-- 
+2.25.1
+

backports/0002-build-fix-build-with-CONFIG_STRIP_KERNEL_EXPORTS.patch

@@ -0,0 +1,46 @@
+From 6d2e2ff2778ca6360af9bf1e712d7ff276afa54b Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 17 Feb 2021 13:49:14 +0100
+Subject: [PATCH 2/9] build: fix build with CONFIG_STRIP_KERNEL_EXPORTS
+
+Only use symtab.h on the final kernel link
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ include/kernel-defaults.mk | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
+index b069c1e671..93eed54ae1 100644
+--- a/include/kernel-defaults.mk
++++ b/include/kernel-defaults.mk
+@@ -3,7 +3,7 @@
+ # Copyright (C) 2006-2020 OpenWrt.org
+ 
+ ifdef CONFIG_STRIP_KERNEL_EXPORTS
+-  KERNEL_MAKEOPTS += \
++  KERNEL_MAKEOPTS_IMAGE += \
+ 	EXTRA_LDSFLAGS="-I$(KERNEL_BUILD_DIR) -include symtab.h"
+ endif
+ 
+@@ -137,7 +137,7 @@ endef
+ 
+ define Kernel/CompileImage/Default
+ 	rm -f $(TARGET_DIR)/init
+-	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all)
++	+$(KERNEL_MAKE) $(KERNEL_MAKEOPTS_IMAGE) $(if $(KERNELNAME),$(KERNELNAME),all)
+ 	$(call Kernel/CopyImage)
+ endef
+ 
+@@ -147,7 +147,7 @@ define Kernel/CompileImage/Initramfs
+ 	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
+ 	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
+ 	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
+-	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all)
++	+$(KERNEL_MAKE) $(KERNEL_MAKEOPTS_IMAGE) $(if $(KERNELNAME),$(KERNELNAME),all)
+ 	$(call Kernel/CopyImage,-initramfs)
+ endef
+ else
+-- 
+2.25.1
+

backports/0005-sysupgrade-nand-allow-limiting-rootfs_data-by-settin.patch

@@ -0,0 +1,74 @@
+From 0a0953b5c81a2b5b366a3f0f543db71ffc81f713 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Sat, 20 Feb 2021 08:36:43 +0100
+Subject: [PATCH 5/9] sysupgrade-nand: allow limiting rootfs_data by setting
+ env variable
+
+Check if firmware environment variable 'rootfs_data_max' exists and is
+set to a numerical value greater than 0. If so, limit rootfs_data
+volume to that size instead of using the maximum available size.
+
+This is useful on devices with lots of flash where users may want to
+have eg. a volume for persistent logs and statistics or for external
+applications/containers. Persistence on rootfs overlay is limited by
+the size of memory available during the sysugprade process as that
+data needs to be copied to RAM while the volume is being recreated
+during sysupgrade. Hence it is unsuitable for keeping larger amounts
+of data accross upgrade which makes additional volume(s) for
+application data desirable.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ package/base-files/files/lib/upgrade/nand.sh | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/package/base-files/files/lib/upgrade/nand.sh b/package/base-files/files/lib/upgrade/nand.sh
+index 5bc9ff83f9..e335d940ed 100644
+--- a/package/base-files/files/lib/upgrade/nand.sh
++++ b/package/base-files/files/lib/upgrade/nand.sh
+@@ -117,6 +117,9 @@ nand_restore_config() {
+ nand_upgrade_prepare_ubi() {
+ 	local rootfs_length="$1"
+ 	local rootfs_type="$2"
++	local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2>/dev/null)"
++	[ -n "$rootfs_data_max" ] && rootfs_data_max=$(printf %d "$rootfs_data_max")
++
+ 	local kernel_length="$3"
+ 	local has_env="${4:-0}"
+ 
+@@ -176,11 +179,11 @@ nand_upgrade_prepare_ubi() {
+ 
+ 	# update rootfs
+ 	if [ -n "$rootfs_length" ]; then
+-		local root_size_param
++		local rootfs_size_param
+ 		if [ "$rootfs_type" = "ubifs" ]; then
+-			root_size_param="-m"
++			rootfs_size_param="-m"
+ 		else
+-			root_size_param="-s $rootfs_length"
++			rootfs_size_param="-s $rootfs_length"
+ 		fi
+ 		if ! ubimkvol /dev/$ubidev -N $CI_ROOTPART $rootfs_size_param; then
+ 			echo "cannot create rootfs volume"
+@@ -190,7 +193,16 @@ nand_upgrade_prepare_ubi() {
+ 
+ 	# create rootfs_data for non-ubifs rootfs
+ 	if [ "$rootfs_type" != "ubifs" ]; then
+-		if ! ubimkvol /dev/$ubidev -N rootfs_data -m; then
++		local availeb=$(cat /sys/devices/virtual/ubi/$ubidev/avail_eraseblocks)
++		local ebsize=$(cat /sys/devices/virtual/ubi/$ubidev/eraseblock_size)
++		local avail_size=$(( $availeb * $ebsize ))
++		local rootfs_data_size_param="-m"
++		if [ -n "$rootfs_data_max" ] &&
++		   [ "$rootfs_data_max" != "0" ] &&
++		   [ "$rootfs_data_max" -le "$avail_size" ]; then
++			rootfs_data_size_param="-s $rootfs_data_max"
++		fi
++		if ! ubimkvol /dev/$ubidev -N rootfs_data $rootfs_data_size_param; then
+ 			echo "cannot initialize rootfs_data volume"
+ 			return 1
+ 		fi
+-- 
+2.25.1
+

backports/0007-uboot-envtools-add-defaults-for-linksys-e8450-ubi.patch

@@ -0,0 +1,70 @@
+From 256daf33ec9c8cc8b094d7612ba7384db18d0a6b Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Fri, 12 Feb 2021 03:09:39 +0000
+Subject: [PATCH 04/64] uboot-envtools: add defaults for linksys-e8450-ubi
+
+Add U-Boot environment configuration for the Linksys E8450 (UBI) to
+allow access to the bootloader environment from OpenWrt via
+'fw_printenv' and 'fw_setenv'.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ package/boot/uboot-envtools/files/mediatek | 46 ++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
+ create mode 100644 package/boot/uboot-envtools/files/mediatek
+
+diff --git a/package/boot/uboot-envtools/files/mediatek b/package/boot/uboot-envtools/files/mediatek
+new file mode 100644
+index 0000000000..495a837274
+--- /dev/null
++++ b/package/boot/uboot-envtools/files/mediatek
+@@ -0,0 +1,46 @@
++#
++# Copyright (C) 2021 OpenWrt.org
++#
++
++[ -e /etc/config/ubootenv ] && exit 0
++
++touch /etc/config/ubootenv
++
++. /lib/uboot-envtools.sh
++. /lib/functions.sh
++
++board=$(board_name)
++
++case "$board" in
++linksys,e8450-ubi)
++	ubootenv_add_uci_config "/dev/ubi0_0" "0x0" "0x1f000" "0x1f000" "1"
++	ubootenv_add_uci_config "/dev/ubi0_1" "0x0" "0x1f000" "0x1f000" "1"
++	;;
++bananapi,bpi-r64)
++	. /lib/upgrade/common.sh
++	export_bootdevice
++	export_partdevice rootdev 0
++	case "$rootdev" in
++	mmc*)
++		local envdev=/dev/$(get_partition_by_name $rootdev ubootenv)
++		ubootenv_add_uci_config "$envdev" "0x0" "0x80000" "0x80000" "1"
++		ubootenv_add_uci_config "$envdev" "0x80000" "0x80000" "0x80000" "1"
++		;;
++	*)
++		ubootenv_add_uci_config "/dev/ubi0_0" "0x0" "0x1f000" "0x1f000" "1"
++		ubootenv_add_uci_config "/dev/ubi0_1" "0x0" "0x1f000" "0x1f000" "1"
++		;;
++	esac
++	;;
++buffalo,wsr-2533dhp2)
++	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x1000" "0x20000"
++	;;
++ubnt,unifi-6-lr-ubootmod)
++	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x4000" "0x10000"
++	;;
++esac
++
++config_load ubootenv
++config_foreach ubootenv_add_app_config ubootenv
++
++exit 0
+-- 
+2.25.1
+

backports/0009-include-set-kernel-version.mk.patch

@@ -0,0 +1,33 @@
+From 3b896a540de03ca8dfd5596881f9ec6dc15d72c9 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Wed, 7 Apr 2021 10:46:26 +0200
+Subject: [PATCH 01/32] include: set kernel-version.mk
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ include/kernel-version.mk | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/include/kernel-version.mk b/include/kernel-version.mk
+index 52e5c11d75..547f57fa11 100644
+--- a/include/kernel-version.mk
++++ b/include/kernel-version.mk
+@@ -6,9 +6,15 @@ ifdef CONFIG_TESTING_KERNEL
+   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
+ endif
+ 
++LINUX_VERSION-4.4 = .60
++LINUX_VERSION-4.14 = .193
+ LINUX_VERSION-5.4 = .111
++LINUX_VERSION-5.10 = .27
+ 
++LINUX_KERNEL_HASH-4.4.60 = 2cd8df6f1ac6a5329c5a286ec9b5956215977221a1b731597ed169fff74a9659
++LINUX_KERNEL_HASH-4.14.193 = 0b0fb41d4430e1a42738b341cbfd2f41951aa5cd02acabbd53f076119c8b9f03
+ LINUX_KERNEL_HASH-5.4.111 = 21626132658dc34cb41b7aa7b80ecf83751890a71ac1a63d77aea9d488271a03
++LINUX_KERNEL_HASH-5.10.27 = d99dc9662951299c53a0a8d8c8d0a72a16ff861d20e927c0f9b14f63282d69d9
+ 
+ remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
+ sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
+-- 
+2.25.1
+

backports/0011-backport-mkits.sh.patch

@@ -0,0 +1,266 @@
+From 43f832c25bb9dee1a817370ab11531e81348f177 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Sun, 9 May 2021 12:23:00 +0200
+Subject: [PATCH 42/43] backport: mkits.sh
+
+969083634481c3ab5fb80509f385ef10ab45b55f
+e991c1b8a2385397fc1e657ed73878938997d951
+9f714398e060c6338fbfad44cdbfa8c940dbb84b
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ include/image-commands.mk           |   2 +-
+ include/image.mk                    |   2 +-
+ scripts/mkits.sh                    | 101 +++++++++++++++++++++++++---
+ target/linux/ipq40xx/image/Makefile |   1 +
+ target/linux/ipq806x/image/Makefile |   1 +
+ 5 files changed, 95 insertions(+), 12 deletions(-)
+
+diff --git a/include/image-commands.mk b/include/image-commands.mk
+index bde6e030bc..f97d4363d1 100644
+--- a/include/image-commands.mk
++++ b/include/image-commands.mk
+@@ -204,7 +204,7 @@ define Build/fit
+ 		$(if $(word 3,$(1)),-r $(IMAGE_ROOTFS) -f $(subst _,$(comma),$(DEVICE_NAME))) \
+ 		-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
+ 		$(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \
+-		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config@1") \
++		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
+ 		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
+ 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage $(if $(word 3,$(1)),-E -B 0x1000 -p 0x1000) -f $@.its $@.new
+ 	@mv $@.new $@
+diff --git a/include/image.mk b/include/image.mk
+index fc46012e87..7a48b789af 100644
+--- a/include/image.mk
++++ b/include/image.mk
+@@ -139,7 +139,7 @@ endef
+ define Image/BuildKernel/MkFIT
+ 	$(TOPDIR)/scripts/mkits.sh \
+ 		-D $(1) -o $(KDIR)/fit-$(1).its -k $(2) $(if $(3),-d $(3)) -C $(4) -a $(5) -e $(6) \
+-		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config@1") \
++		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
+ 		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
+ 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $(KDIR)/fit-$(1).its $(KDIR)/fit-$(1)$(7).itb
+ endef
+diff --git a/scripts/mkits.sh b/scripts/mkits.sh
+index 3d68fdacbc..7533baf799 100755
+--- a/scripts/mkits.sh
++++ b/scripts/mkits.sh
+@@ -24,22 +24,29 @@ usage() {
+ 	printf "\n\t-a ==> set load address to 'addr' (hex)"
+ 	printf "\n\t-e ==> set entry point to 'entry' (hex)"
+ 	printf "\n\t-f ==> set device tree compatible string"
++	printf "\n\t-i ==> include initrd Blob 'initrd'"
+ 	printf "\n\t-v ==> set kernel version to 'version'"
+ 	printf "\n\t-k ==> include kernel image 'kernel'"
+ 	printf "\n\t-D ==> human friendly Device Tree Blob 'name'"
+ 	printf "\n\t-n ==> fdt unit-address 'address'"
+ 	printf "\n\t-d ==> include Device Tree Blob 'dtb'"
+-	printf "\n\t-r ==> include RootFS blob"
++	printf "\n\t-r ==> include RootFS blob 'rootfs'"
+ 	printf "\n\t-H ==> specify hash algo instead of SHA1"
+-	printf "\n\t-o ==> create output file 'its_file'\n"
++	printf "\n\t-o ==> create output file 'its_file'"
++	printf "\n\t-O ==> create config with dt overlay 'name:dtb'"
++	printf "\n\t\t(can be specified more than once)\n"
+ 	exit 1
+ }
+ 
+ FDTNUM=1
+ ROOTFSNUM=1
++INITRDNUM=1
+ HASH=sha1
++LOADABLES=
++DTOVERLAY=
++DTADDR=
+ 
+-while getopts ":A:a:c:C:D:d:e:f:k:n:o:v:r:S" OPTION
++while getopts ":A:a:c:C:D:d:e:f:i:k:n:o:O:v:r:S" OPTION
+ do
+ 	case $OPTION in
+ 		A ) ARCH=$OPTARG;;
+@@ -50,9 +57,11 @@ do
+ 		d ) DTB=$OPTARG;;
+ 		e ) ENTRY_ADDR=$OPTARG;;
+ 		f ) COMPATIBLE=$OPTARG;;
++		i ) INITRD=$OPTARG;;
+ 		k ) KERNEL=$OPTARG;;
+ 		n ) FDTNUM=$OPTARG;;
+ 		o ) OUTPUT=$OPTARG;;
++		O ) DTOVERLAY="$DTOVERLAY ${OPTARG}";;
+ 		r ) ROOTFS=$OPTARG;;
+ 		S ) HASH=$OPTARG;;
+ 		v ) VERSION=$OPTARG;;
+@@ -74,14 +83,20 @@ if [ -n "${COMPATIBLE}" ]; then
+ 	COMPATIBLE_PROP="compatible = \"${COMPATIBLE}\";"
+ fi
+ 
++[ "$DTOVERLAY" ] && {
++	dtbsize=$(wc -c "$DTB" | cut -d' ' -f1)
++	DTADDR=$(printf "0x%08x" $(($LOAD_ADDR - $dtbsize)) )
++}
++
+ # Conditionally create fdt information
+ if [ -n "${DTB}" ]; then
+ 	FDT_NODE="
+-		fdt@$FDTNUM {
++		fdt-$FDTNUM {
+ 			description = \"${ARCH_UPPER} OpenWrt ${DEVICE} device tree blob\";
+ 			${COMPATIBLE_PROP}
+ 			data = /incbin/(\"${DTB}\");
+ 			type = \"flat_dt\";
++			${DTADDR:+load = <${DTADDR}>;}
+ 			arch = \"${ARCH}\";
+ 			compression = \"none\";
+ 			hash@1 {
+@@ -92,13 +107,34 @@ if [ -n "${DTB}" ]; then
+ 			};
+ 		};
+ "
+-	FDT_PROP="fdt = \"fdt@$FDTNUM\";"
++	FDT_PROP="fdt = \"fdt-$FDTNUM\";"
+ fi
+ 
++if [ -n "${INITRD}" ]; then
++	INITRD_NODE="
++		initrd-$INITRDNUM {
++			description = \"${ARCH_UPPER} OpenWrt ${DEVICE} initrd\";
++			${COMPATIBLE_PROP}
++			data = /incbin/(\"${INITRD}\");
++			type = \"ramdisk\";
++			arch = \"${ARCH}\";
++			os = \"linux\";
++			hash@1 {
++				algo = \"crc32\";
++			};
++			hash@2 {
++				algo = \"${HASH}\";
++			};
++		};
++"
++	INITRD_PROP="ramdisk=\"initrd-${INITRDNUM}\";"
++fi
++
++
+ if [ -n "${ROOTFS}" ]; then
+ 	dd if="${ROOTFS}" of="${ROOTFS}.pagesync" bs=4096 conv=sync
+ 	ROOTFS_NODE="
+-		rootfs@$ROOTFSNUM {
++		rootfs-$ROOTFSNUM {
+ 			description = \"${ARCH_UPPER} OpenWrt ${DEVICE} rootfs\";
+ 			${COMPATIBLE_PROP}
+ 			data = /incbin/(\"${ROOTFS}.pagesync\");
+@@ -113,9 +149,50 @@ if [ -n "${ROOTFS}" ]; then
+ 			};
+ 		};
+ "
+-	ROOTFS_PROP="loadables = \"rootfs@${ROOTFSNUM}\";"
++	LOADABLES="${LOADABLES:+$LOADABLES, }\"rootfs-${ROOTFSNUM}\""
+ fi
+ 
++# add DT overlay blobs
++FDTOVERLAY_NODE=""
++OVCONFIGS=""
++[ "$DTOVERLAY" ] && for overlay in $DTOVERLAY ; do
++	overlay_blob=${overlay##*:}
++	ovname=${overlay%%:*}
++	ovnode="fdt-$ovname"
++	ovsize=$(wc -c "$overlay_blob" | cut -d' ' -f1)
++	echo "$ovname ($overlay_blob) : $ovsize" >&2
++	DTADDR=$(printf "0x%08x" $(($DTADDR - $ovsize)))
++	FDTOVERLAY_NODE="$FDTOVERLAY_NODE
++
++		$ovnode {
++			description = \"${ARCH_UPPER} OpenWrt ${DEVICE} device tree overlay $ovname\";
++			${COMPATIBLE_PROP}
++			data = /incbin/(\"${overlay_blob}\");
++			type = \"flat_dt\";
++			arch = \"${ARCH}\";
++			load = <${DTADDR}>;
++			compression = \"none\";
++			hash@1 {
++				algo = \"crc32\";
++			};
++			hash@2 {
++				algo = \"${HASH}\";
++			};
++		};
++"
++	OVCONFIGS="$OVCONFIGS
++
++		config-$ovname {
++			description = \"OpenWrt ${DEVICE} with $ovname\";
++			kernel = \"kernel-1\";
++			fdt = \"fdt-$FDTNUM\", \"$ovnode\";
++			${LOADABLES:+loadables = ${LOADABLES};}
++			${COMPATIBLE_PROP}
++			${INITRD_PROP}
++		};
++	"
++done
++
+ # Create a default, fully populated DTS file
+ DATA="/dts-v1/;
+ 
+@@ -124,7 +201,7 @@ DATA="/dts-v1/;
+ 	#address-cells = <1>;
+ 
+ 	images {
+-		kernel@1 {
++		kernel-1 {
+ 			description = \"${ARCH_UPPER} OpenWrt Linux-${VERSION}\";
+ 			data = /incbin/(\"${KERNEL}\");
+ 			type = \"kernel\";
+@@ -140,7 +217,9 @@ DATA="/dts-v1/;
+ 				algo = \"$HASH\";
+ 			};
+ 		};
++${INITRD_NODE}
+ ${FDT_NODE}
++${FDTOVERLAY_NODE}
+ ${ROOTFS_NODE}
+ 	};
+ 
+@@ -148,11 +227,13 @@ ${ROOTFS_NODE}
+ 		default = \"${CONFIG}\";
+ 		${CONFIG} {
+ 			description = \"OpenWrt ${DEVICE}\";
+-			kernel = \"kernel@1\";
++			kernel = \"kernel-1\";
+ 			${FDT_PROP}
+-			${ROOTFS_PROP}
++			${LOADABLES:+loadables = ${LOADABLES};}
+ 			${COMPATIBLE_PROP}
++			${INITRD_PROP}
+ 		};
++		${OVCONFIGS}
+ 	};
+ };"
+ 
+diff --git a/target/linux/ipq40xx/image/Makefile b/target/linux/ipq40xx/image/Makefile
+index 2be262936f..a0d6242a28 100644
+--- a/target/linux/ipq40xx/image/Makefile
++++ b/target/linux/ipq40xx/image/Makefile
+@@ -8,6 +8,7 @@ define Device/Default
+ 	KERNEL_PREFIX := $$(IMAGE_PREFIX)
+ 	KERNEL_LOADADDR := 0x80208000
+ 	DEVICE_DTS = $$(SOC)-$(lastword $(subst _, ,$(1)))
++	DEVICE_DTS_CONFIG := config@1
+ 	IMAGES := sysupgrade.bin
+ 	IMAGE/sysupgrade.bin = sysupgrade-tar | append-metadata
+ 	IMAGE/sysupgrade.bin/squashfs :=
+diff --git a/target/linux/ipq806x/image/Makefile b/target/linux/ipq806x/image/Makefile
+index bab1da0090..3bc60fa931 100644
+--- a/target/linux/ipq806x/image/Makefile
++++ b/target/linux/ipq806x/image/Makefile
+@@ -30,6 +30,7 @@ define Device/Default
+ 	KERNEL_PREFIX := $$(IMAGE_PREFIX)
+ 	KERNEL_LOADADDR = 0x42208000
+ 	DEVICE_DTS = $$(SOC)-$(lastword $(subst _, ,$(1)))
++	DEVICE_DTS_CONFIG := config@1
+ 	IMAGES := sysupgrade.bin
+ 	IMAGE/sysupgrade.bin = sysupgrade-tar | append-metadata
+ 	IMAGE/sysupgrade.bin/squashfs :=
+-- 
+2.25.1
+

backports/0013-iw-update-to-latest-HEAD.patch

@@ -0,0 +1,167 @@
+From 0ddce2498be815e098154867d0b18293fe613f12 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 27 May 2021 11:57:10 +0200
+Subject: [PATCH 13/13] iw: update to latest HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/network/utils/iw/Makefile             | 11 +++----
+ .../utils/iw/patches/200-reduce_size.patch    | 30 +++++++++----------
+ 2 files changed, 21 insertions(+), 20 deletions(-)
+
+diff --git a/package/network/utils/iw/Makefile b/package/network/utils/iw/Makefile
+index 6db9aaf105..8e11046189 100644
+--- a/package/network/utils/iw/Makefile
++++ b/package/network/utils/iw/Makefile
+@@ -8,12 +8,13 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=iw
+-PKG_VERSION:=5.9
+-PKG_RELEASE:=1
++PKG_VERSION:=5.9-8fab0c9e
++PKG_RELEASE:=$(AUTORELEASE)
+ 
+-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+-PKG_SOURCE_URL:=@KERNEL/software/network/iw
+-PKG_HASH:=293a07109aeb7e36267cf59e3ce52857e9ffae3a6666eb8ac77894b1839fe1f2
++PKG_SOURCE_PROTO:=git
++PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git
++PKG_SOURCE_VERSION:=8fab0c9ee9db217587a58efcc37421c86edcb638
++PKG_MIRROR_HASH:=797b322bc03952f3127ae0a7da476c14ada1bbe9a9ae234a56dd6f864c568e16
+ 
+ PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+ PKG_LICENSE:=GPL-2.0
+diff --git a/package/network/utils/iw/patches/200-reduce_size.patch b/package/network/utils/iw/patches/200-reduce_size.patch
+index af30876012..83e11405cb 100644
+--- a/package/network/utils/iw/patches/200-reduce_size.patch
++++ b/package/network/utils/iw/patches/200-reduce_size.patch
+@@ -1,6 +1,6 @@
+ --- a/event.c
+ +++ b/event.c
+-@@ -944,6 +944,7 @@ static int print_event(struct nl_msg *ms
++@@ -956,6 +956,7 @@ static int print_event(struct nl_msg *ms
+  	}
+  
+  	switch (gnlh->cmd) {
+@@ -8,7 +8,7 @@
+  	case NL80211_CMD_NEW_WIPHY:
+  		printf("renamed to %s\n", nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]));
+  		break;
+-@@ -979,6 +980,7 @@ static int print_event(struct nl_msg *ms
++@@ -991,6 +992,7 @@ static int print_event(struct nl_msg *ms
+  	case NL80211_CMD_SCHED_SCAN_RESULTS:
+  		printf("got scheduled scan results\n");
+  		break;
+@@ -16,7 +16,7 @@
+  	case NL80211_CMD_WIPHY_REG_CHANGE:
+  	case NL80211_CMD_REG_CHANGE:
+  		if (gnlh->cmd == NL80211_CMD_WIPHY_REG_CHANGE)
+-@@ -1061,6 +1063,7 @@ static int print_event(struct nl_msg *ms
++@@ -1073,6 +1075,7 @@ static int print_event(struct nl_msg *ms
+  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
+  		printf("del station %s\n", macbuf);
+  		break;
+@@ -24,7 +24,7 @@
+  	case NL80211_CMD_JOIN_IBSS:
+  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
+  		printf("IBSS %s joined\n", macbuf);
+-@@ -1254,9 +1257,9 @@ static int print_event(struct nl_msg *ms
++@@ -1271,9 +1274,9 @@ static int print_event(struct nl_msg *ms
+  	case NL80211_CMD_CH_SWITCH_NOTIFY:
+  		parse_ch_switch_notify(tb, gnlh->cmd);
+  		break;
+@@ -134,7 +134,7 @@
+  {
+ --- a/scan.c
+ +++ b/scan.c
+-@@ -1297,6 +1297,9 @@ static void print_ht_op(const uint8_t ty
++@@ -1306,6 +1306,9 @@ static void print_ht_op(const uint8_t ty
+  	printf("\t\t * secondary channel offset: %s\n",
+  		ht_secondary_offset[data[1] & 0x3]);
+  	printf("\t\t * STA channel width: %s\n", sta_chan_width[(data[1] & 0x4)>>2]);
+@@ -144,7 +144,7 @@
+  	printf("\t\t * RIFS: %d\n", (data[1] & 0x8)>>3);
+  	printf("\t\t * HT protection: %s\n", protection[data[2] & 0x3]);
+  	printf("\t\t * non-GF present: %d\n", (data[2] & 0x4) >> 2);
+-@@ -1707,6 +1710,14 @@ static void print_ie(const struct ie_pri
++@@ -1716,6 +1719,14 @@ static void print_ie(const struct ie_pri
+  
+  static const struct ie_print ieprinters[] = {
+  	[0] = { "SSID", print_ssid, 0, 32, BIT(PRINT_SCAN) | BIT(PRINT_LINK), },
+@@ -159,7 +159,7 @@
+  	[1] = { "Supported rates", print_supprates, 0, 255, BIT(PRINT_SCAN), },
+  	[3] = { "DS Parameter set", print_ds, 1, 1, BIT(PRINT_SCAN), },
+  	[5] = { "TIM", print_tim, 4, 255, BIT(PRINT_SCAN), },
+-@@ -1716,26 +1727,20 @@ static const struct ie_print ieprinters[
++@@ -1725,26 +1736,20 @@ static const struct ie_print ieprinters[
+  	[32] = { "Power constraint", print_powerconstraint, 1, 1, BIT(PRINT_SCAN), },
+  	[35] = { "TPC report", print_tpcreport, 2, 2, BIT(PRINT_SCAN), },
+  	[42] = { "ERP", print_erp, 1, 255, BIT(PRINT_SCAN), },
+@@ -187,15 +187,15 @@
+  };
+  
+  static void print_wifi_wpa(const uint8_t type, uint8_t len, const uint8_t *data,
+-@@ -2279,6 +2284,7 @@ void print_ies(unsigned char *ie, int ie
++@@ -2326,6 +2331,7 @@ void print_ies(unsigned char *ie, int ie
+  		    ieprinters[ie[0]].flags & BIT(ptype)) {
+  			print_ie(&ieprinters[ie[0]],
+  				 ie[0], ie[1], ie + 2, &ie_buffer);
+ +#ifdef IW_FULL
+  		} else if (ie[0] == 221 /* vendor */) {
+  			print_vendor(ie[1], ie + 2, unknown, ptype);
+- 		} else if (unknown) {
+-@@ -2288,6 +2294,7 @@ void print_ies(unsigned char *ie, int ie
++ 		} else if (ie[0] == 255 /* extension */) {
++@@ -2337,6 +2343,7 @@ void print_ies(unsigned char *ie, int ie
+  			for (i=0; i<ie[1]; i++)
+  				printf(" %.2x", ie[2+i]);
+  			printf("\n");
+@@ -203,7 +203,7 @@
+  		}
+  		ielen -= ie[1] + 2;
+  		ie += ie[1] + 2;
+-@@ -2328,6 +2335,7 @@ static void print_capa_non_dmg(__u16 cap
++@@ -2377,6 +2384,7 @@ static void print_capa_non_dmg(__u16 cap
+  		printf(" ESS");
+  	if (capa & WLAN_CAPABILITY_IBSS)
+  		printf(" IBSS");
+@@ -211,7 +211,7 @@
+  	if (capa & WLAN_CAPABILITY_CF_POLLABLE)
+  		printf(" CfPollable");
+  	if (capa & WLAN_CAPABILITY_CF_POLL_REQUEST)
+-@@ -2356,6 +2364,7 @@ static void print_capa_non_dmg(__u16 cap
++@@ -2405,6 +2413,7 @@ static void print_capa_non_dmg(__u16 cap
+  		printf(" DelayedBACK");
+  	if (capa & WLAN_CAPABILITY_IMM_BACK)
+  		printf(" ImmediateBACK");
+@@ -219,7 +219,7 @@
+  }
+  
+  static int print_bss_handler(struct nl_msg *msg, void *arg)
+-@@ -2440,8 +2449,10 @@ static int print_bss_handler(struct nl_m
++@@ -2489,8 +2498,10 @@ static int print_bss_handler(struct nl_m
+  	if (bss[NL80211_BSS_FREQUENCY]) {
+  		int freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
+  		printf("\tfreq: %d\n", freq);
+@@ -230,7 +230,7 @@
+  	}
+  	if (bss[NL80211_BSS_BEACON_INTERVAL])
+  		printf("\tbeacon interval: %d TUs\n",
+-@@ -2635,6 +2646,7 @@ static int handle_stop_sched_scan(struct
++@@ -2684,6 +2695,7 @@ static int handle_stop_sched_scan(struct
+  	return 0;
+  }
+  
+@@ -238,7 +238,7 @@
+  COMMAND(scan, sched_start,
+  	SCHED_SCAN_OPTIONS,
+  	NL80211_CMD_START_SCHED_SCAN, 0, CIB_NETDEV, handle_start_sched_scan,
+-@@ -2645,3 +2657,4 @@ COMMAND(scan, sched_start,
++@@ -2694,3 +2706,4 @@ COMMAND(scan, sched_start,
+  COMMAND(scan, sched_stop, "",
+  	NL80211_CMD_STOP_SCHED_SCAN, 0, CIB_NETDEV, handle_stop_sched_scan,
+  	"Stop an ongoing scheduled scan.");
+-- 
+2.25.1
+

backports/0014-libubox-update-to-latest-HEAD.patch

@@ -0,0 +1,44 @@
+From 029282d8ef8e4e813817d1c7d4aeae4208bc2da5 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Tue, 18 May 2021 10:46:43 +0200
+Subject: [PATCH 01/52] libubox: update to latest HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/libs/libubox/Makefile | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/package/libs/libubox/Makefile b/package/libs/libubox/Makefile
+index 4d582eacfd..33aa73eef7 100644
+--- a/package/libs/libubox/Makefile
++++ b/package/libs/libubox/Makefile
+@@ -1,13 +1,13 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=libubox
+-PKG_RELEASE=1
++PKG_RELEASE=2
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/libubox.git
+-PKG_MIRROR_HASH:=97dc4eba01cf2c5d6a6d0db3747e0cdc0d95cb87e51b3115272e7d3e69a8b255
+-PKG_SOURCE_DATE:=2020-12-12
+-PKG_SOURCE_VERSION:=357877693ca363b12e6e7e14d345639b2440cd07
++PKG_MIRROR_HASH:=1cdb91ac0ee925f133ee9f70eac131a99def312fe7cf0aed44df84eb1762e30b
++PKG_SOURCE_DATE:=2021-08-19
++PKG_SOURCE_VERSION:=d716ac4bc4236031d4c3cc1ed362b502e20e3787
+ PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
+ CMAKE_INSTALL:=1
+ 
+@@ -67,7 +67,7 @@ define Package/libubox-lua
+ endef
+ 
+ TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
+-CMAKE_OPTIONS = \
++CMAKE_OPTIONS += \
+ 	-DLUAPATH=/usr/lib/lua \
+ 	-DABIVERSION="$(PKG_ABI_VERSION)"
+ 
+-- 
+2.25.1
+

backports/0015-umdns-update-to-latest-HEAD.patch

@@ -0,0 +1,30 @@
+From e413c12b77acc0012a79e8981b553e35d4a2b20e Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Wed, 30 Jun 2021 14:21:23 +0200
+Subject: [PATCH] umdns: update to latest HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/network/services/umdns/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/package/network/services/umdns/Makefile b/package/network/services/umdns/Makefile
+index 9a5f46a705..908758e44b 100644
+--- a/package/network/services/umdns/Makefile
++++ b/package/network/services/umdns/Makefile
+@@ -12,9 +12,9 @@ PKG_RELEASE:=$(AUTORELEASE)
+ 
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
+ PKG_SOURCE_PROTO:=git
+-PKG_SOURCE_DATE:=2021-01-26
+-PKG_SOURCE_VERSION:=78aa36b0e9808e801c527c6dc47320e593309522
+-PKG_MIRROR_HASH:=241833f2bf2f3366f356703159be386862ef747d9b253af6c13555f252cc970d
++PKG_SOURCE_DATE:=2021-06-30
++PKG_SOURCE_VERSION:=4a8747193ab2b8f2d68a9d26334545e19d89cbe2
++PKG_MIRROR_HASH:=bdddec2793303e4cc1a90cb2ed2241c04fdd0a736b6c0cbbb1fab9de5527566a
+ 
+ PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+ PKG_LICENSE:=LGPL-2.1
+-- 
+2.25.1
+

backports/0016-kernel-modules-move-act_gact-into-kmod-sched-core.patch

@@ -0,0 +1,45 @@
+From 6c7e11cccbd28224a9a473a36df1102b4257d356 Mon Sep 17 00:00:00 2001
+From: DENG Qingfang <dqfext@gmail.com>
+Date: Fri, 9 Apr 2021 12:25:08 +0800
+Subject: [PATCH 5/6] kernel/modules: move act_gact into kmod-sched-core
+
+As the name suggests, act_gact has the generic actions such as dropping
+and accepting packets, so move it into kmod-sched-core.
+
+Signed-off-by: DENG Qingfang <dqfext@gmail.com>
+---
+ package/kernel/linux/modules/netsupport.mk | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk
+index 9fd49c1392..4343e850e9 100644
+--- a/package/kernel/linux/modules/netsupport.mk
++++ b/package/kernel/linux/modules/netsupport.mk
+@@ -721,7 +721,7 @@ $(eval $(call KernelPackage,mppe))
+ 
+ 
+ SCHED_MODULES = $(patsubst $(LINUX_DIR)/net/sched/%.ko,%,$(wildcard $(LINUX_DIR)/net/sched/*.ko))
+-SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit cls_matchall
++SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_gact act_mirred act_skbedit cls_matchall
+ SCHED_MODULES_FILTER = $(SCHED_MODULES_CORE) act_connmark act_ctinfo sch_cake sch_netem sch_mqprio em_ipset cls_bpf cls_flower act_bpf act_vlan
+ SCHED_MODULES_EXTRA = $(filter-out $(SCHED_MODULES_FILTER),$(SCHED_MODULES))
+ SCHED_FILES = $(patsubst %,$(LINUX_DIR)/net/sched/%.ko,$(filter $(SCHED_MODULES_CORE),$(SCHED_MODULES)))
+@@ -745,6 +745,7 @@ define KernelPackage/sched-core
+ 	CONFIG_NET_CLS_ROUTE4 \
+ 	CONFIG_NET_CLS_TCINDEX \
+ 	CONFIG_NET_CLS_U32 \
++	CONFIG_NET_ACT_GACT \
+ 	CONFIG_NET_ACT_MIRRED \
+ 	CONFIG_NET_ACT_SKBEDIT \
+ 	CONFIG_NET_CLS_MATCHALL \
+@@ -899,7 +900,6 @@ define KernelPackage/sched
+ 	CONFIG_NET_SCH_FQ \
+ 	CONFIG_NET_SCH_PIE \
+ 	CONFIG_NET_ACT_POLICE \
+-	CONFIG_NET_ACT_GACT \
+ 	CONFIG_NET_ACT_IPT \
+ 	CONFIG_NET_ACT_PEDIT \
+ 	CONFIG_NET_ACT_SIMP \
+-- 
+2.25.1
+

backports/0017-kernel-add-bdpu-filter-support.patch

@@ -0,0 +1,242 @@
+From 97fb5323a826e6b5ad89b5281c0b9d9e92bfc0b4 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Fri, 27 Aug 2021 16:52:34 +0200
+Subject: [PATCH 59/59] kernel: add bdpu filter support
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ ...l-knob-for-filtering-rx-tx-BPDU-pack.patch | 107 ++++++++++++++++++
+ ...l-knob-for-filtering-rx-tx-BPDU-pack.patch | 107 ++++++++++++++++++
+ 2 files changed, 214 insertions(+)
+ create mode 100644 target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+ create mode 100644 target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+
+diff --git a/target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch b/target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+new file mode 100644
+index 0000000000..918ae05d12
+--- /dev/null
++++ b/target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+@@ -0,0 +1,107 @@
++From: Felix Fietkau <nbd@nbd.name>
++Date: Fri, 27 Aug 2021 12:22:32 +0200
++Subject: [PATCH] bridge: add sysctl knob for filtering rx/tx BPDU packets on a
++ port
++
++Some devices (e.g. wireless APs) can't have devices behind them be part of
++a bridge topology with redundant links, due to address limitations.
++Additionally, broadcast traffic on these devices is somewhat expensive, due to
++the low data rate and wakeups of clients in powersave mode.
++This sysctl knob can be used to ensure that BPDU packets are never sent
++or forwarded to/from these devices
++
++Signed-off-by: Felix Fietkau <nbd@nbd.name>
++---
++
++--- a/include/linux/if_bridge.h
+++++ b/include/linux/if_bridge.h
++@@ -56,6 +56,7 @@ struct br_ip_list {
++ #define BR_MRP_AWARE		BIT(17)
++ #define BR_MRP_LOST_CONT	BIT(18)
++ #define BR_MRP_LOST_IN_CONT	BIT(19)
+++#define BR_BPDU_FILTER		BIT(20)
++ 
++ #define BR_DEFAULT_AGEING_TIME	(300 * HZ)
++ 
++--- a/net/bridge/br_forward.c
+++++ b/net/bridge/br_forward.c
++@@ -191,6 +191,7 @@ out:
++ void br_flood(struct net_bridge *br, struct sk_buff *skb,
++ 	      enum br_pkt_type pkt_type, bool local_rcv, bool local_orig)
++ {
+++	const unsigned char *dest = eth_hdr(skb)->h_dest;
++ 	struct net_bridge_port *prev = NULL;
++ 	struct net_bridge_port *p;
++ 
++@@ -206,6 +207,10 @@ void br_flood(struct net_bridge *br, str
++ 		case BR_PKT_MULTICAST:
++ 			if (!(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev)
++ 				continue;
+++			if ((p->flags & BR_BPDU_FILTER) &&
+++			    unlikely(is_link_local_ether_addr(dest) &&
+++				     dest[5] == 0))
+++				continue;
++ 			break;
++ 		case BR_PKT_BROADCAST:
++ 			if (!(p->flags & BR_BCAST_FLOOD) && skb->dev != br->dev)
++--- a/net/bridge/br_input.c
+++++ b/net/bridge/br_input.c
++@@ -305,6 +305,8 @@ static rx_handler_result_t br_handle_fra
++ 		fwd_mask |= p->group_fwd_mask;
++ 		switch (dest[5]) {
++ 		case 0x00:	/* Bridge Group Address */
+++			if (p->flags & BR_BPDU_FILTER)
+++				goto drop;
++ 			/* If STP is turned off,
++ 			   then must forward to keep loop detection */
++ 			if (p->br->stp_enabled == BR_NO_STP ||
++--- a/net/bridge/br_sysfs_if.c
+++++ b/net/bridge/br_sysfs_if.c
++@@ -233,6 +233,7 @@ BRPORT_ATTR_FLAG(multicast_flood, BR_MCA
++ BRPORT_ATTR_FLAG(broadcast_flood, BR_BCAST_FLOOD);
++ BRPORT_ATTR_FLAG(neigh_suppress, BR_NEIGH_SUPPRESS);
++ BRPORT_ATTR_FLAG(isolated, BR_ISOLATED);
+++BRPORT_ATTR_FLAG(bpdu_filter, BR_BPDU_FILTER);
++ 
++ #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
++ static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf)
++@@ -285,6 +286,7 @@ static const struct brport_attribute *br
++ 	&brport_attr_group_fwd_mask,
++ 	&brport_attr_neigh_suppress,
++ 	&brport_attr_isolated,
+++	&brport_attr_bpdu_filter,
++ 	&brport_attr_backup_port,
++ 	NULL
++ };
++--- a/net/bridge/br_stp_bpdu.c
+++++ b/net/bridge/br_stp_bpdu.c
++@@ -80,7 +80,8 @@ void br_send_config_bpdu(struct net_brid
++ {
++ 	unsigned char buf[35];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -127,7 +128,8 @@ void br_send_tcn_bpdu(struct net_bridge_
++ {
++ 	unsigned char buf[4];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -172,6 +174,9 @@ void br_stp_rcv(const struct stp_proto *
++ 	if (!(br->dev->flags & IFF_UP))
++ 		goto out;
++ 
+++	if (p->flags & BR_BPDU_FILTER)
+++		goto out;
+++
++ 	if (p->state == BR_STATE_DISABLED)
++ 		goto out;
++ 
+diff --git a/target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch b/target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+new file mode 100644
+index 0000000000..586d264cd5
+--- /dev/null
++++ b/target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+@@ -0,0 +1,107 @@
++From: Felix Fietkau <nbd@nbd.name>
++Date: Fri, 27 Aug 2021 12:22:32 +0200
++Subject: [PATCH] bridge: add sysctl knob for filtering rx/tx BPDU packets on a
++ port
++
++Some devices (e.g. wireless APs) can't have devices behind them be part of
++a bridge topology with redundant links, due to address limitations.
++Additionally, broadcast traffic on these devices is somewhat expensive, due to
++the low data rate and wakeups of clients in powersave mode.
++This sysctl knob can be used to ensure that BPDU packets are never sent
++or forwarded to/from these devices
++
++Signed-off-by: Felix Fietkau <nbd@nbd.name>
++---
++
++--- a/include/linux/if_bridge.h
+++++ b/include/linux/if_bridge.h
++@@ -47,6 +47,7 @@ struct br_ip_list {
++ #define BR_BCAST_FLOOD		BIT(14)
++ #define BR_NEIGH_SUPPRESS	BIT(15)
++ #define BR_ISOLATED		BIT(16)
+++#define BR_BPDU_FILTER		BIT(17)
++ 
++ #define BR_DEFAULT_AGEING_TIME	(300 * HZ)
++ 
++--- a/net/bridge/br_forward.c
+++++ b/net/bridge/br_forward.c
++@@ -191,6 +191,7 @@ out:
++ void br_flood(struct net_bridge *br, struct sk_buff *skb,
++ 	      enum br_pkt_type pkt_type, bool local_rcv, bool local_orig)
++ {
+++	const unsigned char *dest = eth_hdr(skb)->h_dest;
++ 	struct net_bridge_port *prev = NULL;
++ 	struct net_bridge_port *p;
++ 
++@@ -206,6 +207,10 @@ void br_flood(struct net_bridge *br, str
++ 		case BR_PKT_MULTICAST:
++ 			if (!(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev)
++ 				continue;
+++			if ((p->flags & BR_BPDU_FILTER) &&
+++			    unlikely(is_link_local_ether_addr(dest) &&
+++				     dest[5] == 0))
+++				continue;
++ 			break;
++ 		case BR_PKT_BROADCAST:
++ 			if (!(p->flags & BR_BCAST_FLOOD) && skb->dev != br->dev)
++--- a/net/bridge/br_input.c
+++++ b/net/bridge/br_input.c
++@@ -300,6 +300,8 @@ rx_handler_result_t br_handle_frame(stru
++ 		fwd_mask |= p->group_fwd_mask;
++ 		switch (dest[5]) {
++ 		case 0x00:	/* Bridge Group Address */
+++			if (p->flags & BR_BPDU_FILTER)
+++				goto drop;
++ 			/* If STP is turned off,
++ 			   then must forward to keep loop detection */
++ 			if (p->br->stp_enabled == BR_NO_STP ||
++--- a/net/bridge/br_sysfs_if.c
+++++ b/net/bridge/br_sysfs_if.c
++@@ -233,6 +233,7 @@ BRPORT_ATTR_FLAG(multicast_flood, BR_MCA
++ BRPORT_ATTR_FLAG(broadcast_flood, BR_BCAST_FLOOD);
++ BRPORT_ATTR_FLAG(neigh_suppress, BR_NEIGH_SUPPRESS);
++ BRPORT_ATTR_FLAG(isolated, BR_ISOLATED);
+++BRPORT_ATTR_FLAG(bpdu_filter, BR_BPDU_FILTER);
++ 
++ #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
++ static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf)
++@@ -285,6 +286,7 @@ static const struct brport_attribute *br
++ 	&brport_attr_group_fwd_mask,
++ 	&brport_attr_neigh_suppress,
++ 	&brport_attr_isolated,
+++	&brport_attr_bpdu_filter,
++ 	&brport_attr_backup_port,
++ 	NULL
++ };
++--- a/net/bridge/br_stp_bpdu.c
+++++ b/net/bridge/br_stp_bpdu.c
++@@ -80,7 +80,8 @@ void br_send_config_bpdu(struct net_brid
++ {
++ 	unsigned char buf[35];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -125,7 +126,8 @@ void br_send_tcn_bpdu(struct net_bridge_
++ {
++ 	unsigned char buf[4];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -168,6 +170,9 @@ void br_stp_rcv(const struct stp_proto *
++ 	if (!(br->dev->flags & IFF_UP))
++ 		goto out;
++ 
+++	if (p->flags & BR_BPDU_FILTER)
+++		goto out;
+++
++ 	if (p->state == BR_STATE_DISABLED)
++ 		goto out;
++ 
+-- 
+2.25.1
+

backports/0035-uhttp-update-to-latest-HEAD.patch

@@ -0,0 +1,157 @@
+From patchwork Fri Aug 20 13:11:12 2021
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Stijn Tintel <stijn@linux-ipv6.be>
+X-Patchwork-Id: 1519040
+X-Patchwork-Delegate: stijn@linux-ipv6.be
+Return-Path: 
+ <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
+X-Original-To: incoming@patchwork.ozlabs.org
+Delivered-To: patchwork-incoming@bilbo.ozlabs.org
+Authentication-Results: ozlabs.org;
+ spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
+ (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
+ envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
+ receiver=<UNKNOWN>)
+Authentication-Results: ozlabs.org;
+	dkim=pass (2048-bit key;
+ secure) header.d=lists.infradead.org header.i=@lists.infradead.org
+ header.a=rsa-sha256 header.s=bombadil.20210309 header.b=r2Ly8Vhy;
+	dkim=fail reason="signature verification failed" (1024-bit key;
+ unprotected) header.d=linux-ipv6.be header.i=@linux-ipv6.be
+ header.a=rsa-sha256 header.s=502B7754-045F-11E5-BBC5-64595FD46BE8
+ header.b=BipII9T0;
+	dkim-atps=neutral
+Received: from bombadil.infradead.org (bombadil.infradead.org
+ [IPv6:2607:7c80:54:e::133])
+	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
+ SHA256)
+	(No client certificate requested)
+	by ozlabs.org (Postfix) with ESMTPS id 4Grhsz3FQvz9s1l
+	for <incoming@patchwork.ozlabs.org>; Fri, 20 Aug 2021 23:13:59 +1000 (AEST)
+DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
+	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
+	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
+	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
+	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
+	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
+	List-Owner; bh=Dxw7atu76L/aBQntt7pW1jTYPCULL0mkcY2U1BYT2sI=; b=r2Ly8VhysFZseN
+	kLaheAFj130coCdyeHSxT/951GnDDBkmyursFZAP2hBLaKv9Z+9HpHIGM3sOiNhM/zDKfabNJ/1D2
+	CV4iyPpVkhRxG9t6HPpPx94E6J5Oknl7l6eyL04DWUB28EzXcoBSMiP0zYsoOWjI8sQO8wITNp6hf
+	neAM1VlZlNb22n5/Wu5oD1RoEiMUS5GeyhU7kEFEWpC45rcpyuQdvHpPLMn5GkcqCOO6i90E7BKAK
+	ipYG2tptIjqjrmR+nC6CPRavA+hSG/o6HzDSYNJvWmgVjCc6RpN/xliN03Rum4+mbDtMEB4Wpidmj
+	FepfgPqKxWRJ0UiXBJew==;
+Received: from localhost ([::1] helo=bombadil.infradead.org)
+	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
+	id 1mH4J2-00BF23-C2; Fri, 20 Aug 2021 13:11:32 +0000
+Received: from mail.tintel.eu ([51.83.127.189])
+ by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
+ id 1mH4Iw-00BF1P-CR
+ for openwrt-devel@lists.openwrt.org; Fri, 20 Aug 2021 13:11:30 +0000
+Received: from localhost (localhost [IPv6:::1])
+ by mail.tintel.eu (Postfix) with ESMTP id 1BE4C4486AC4;
+ Fri, 20 Aug 2021 15:11:14 +0200 (CEST)
+Received: from mail.tintel.eu ([IPv6:::1])
+ by localhost (mail.tintel.eu [IPv6:::1]) (amavisd-new, port 10032)
+ with ESMTP id npDXmiQngdDU; Fri, 20 Aug 2021 15:11:13 +0200 (CEST)
+Received: from localhost (localhost [IPv6:::1])
+ by mail.tintel.eu (Postfix) with ESMTP id 5B1EC4486ACC;
+ Fri, 20 Aug 2021 15:11:13 +0200 (CEST)
+DKIM-Filter: OpenDKIM Filter v2.10.3 mail.tintel.eu 5B1EC4486ACC
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-ipv6.be;
+ s=502B7754-045F-11E5-BBC5-64595FD46BE8; t=1629465073;
+ bh=3YKw9bephsRsf4MDuHSX4MioHjRWefi/5PEc54pFn4g=;
+ h=From:To:Date:Message-Id:MIME-Version;
+ b=BipII9T0eY8ENYqcdZ7rxKFn6rwkKKOhJ2IoeLZ1fx4lgpPuGWsZrexzqU6mYTDRa
+ Aihei2/ovPeWgUDbzfjNC9hIqv0fXRaEW0sCAPZGOP6gNHWNCkJxuPqYI+4pjijRRt
+ 6YYC2qCi8DqzQJv7St1FqeVFoIaF8SfbniBW+1N4=
+X-Virus-Scanned: amavisd-new at mail.tintel.eu
+Received: from mail.tintel.eu ([IPv6:::1])
+ by localhost (mail.tintel.eu [IPv6:::1]) (amavisd-new, port 10026)
+ with ESMTP id J5m0pY66LdR7; Fri, 20 Aug 2021 15:11:13 +0200 (CEST)
+Received: from taz.sof.bg.adlevio.net (unknown [IPv6:2001:67c:21bc:20::10])
+ by mail.tintel.eu (Postfix) with SMTP id 17DF94486AC4;
+ Fri, 20 Aug 2021 15:11:13 +0200 (CEST)
+Received: (nullmailer pid 141125 invoked by uid 1000);
+ Fri, 20 Aug 2021 13:11:12 -0000
+From: Stijn Tintel <stijn@linux-ipv6.be>
+To: openwrt-devel@lists.openwrt.org
+Cc: nbd@nbd.name
+Subject: [PATCH] uhttpd: add config option for json_script
+Date: Fri, 20 Aug 2021 16:11:12 +0300
+Message-Id: <20210820131112.141077-1-stijn@linux-ipv6.be>
+X-Mailer: git-send-email 2.31.1
+MIME-Version: 1.0
+X-Rspamd-Queue-Id: 17DF94486AC4
+X-Spamd-Result: default: False [0.00 / 15.00];
+ IP_WHITELIST(0.00)[2001:67c:21bc:20::10];
+ ASN(0.00)[asn:200533, ipnet:2001:67c:21bc::/48, country:BG]
+X-Rspamd-Server: skulls
+X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
+X-CRM114-CacheID: sfid-20210820_061126_592239_17869382 
+X-CRM114-Status: UNSURE (   9.50  )
+X-CRM114-Notice: Please train this message.
+X-Spam-Score: 0.2 (/)
+X-Spam-Report: Spam detection software,
+ running on the system "bombadil.infradead.org",
+ has NOT identified this incoming email as spam.  The original
+ message has been attached to this so you can view it or label
+ similar future email.  If you have any questions, see
+ the administrator of that system for details.
+ Content preview: Add a config option for json_script instead of
+ unconditionally
+ including all json files in /etc/uhttpd in every uhttpd instance. This makes
+ it possible to configure a single instance with an unconditi [...]
+ Content analysis details:   (0.2 points, 5.0 required)
+ pts rule name              description
+ ---- ----------------------
+ --------------------------------------------------
+ -0.0 SPF_PASS               SPF: sender matches SPF record
+ -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
+ 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
+ not necessarily
+ valid
+ 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
+X-BeenThere: openwrt-devel@lists.openwrt.org
+X-Mailman-Version: 2.1.34
+Precedence: list
+List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
+List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
+ <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
+List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
+List-Post: <mailto:openwrt-devel@lists.openwrt.org>
+List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
+List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
+ <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
+Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
+Errors-To: 
+ openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org
+
+Add a config option for json_script instead of unconditionally including
+all json files in /etc/uhttpd in every uhttpd instance. This makes it
+possible to configure a single instance with an unconditional redirect,
+which is currently not possible as it would render all other uhttpd
+instances unusable.
+
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ package/network/services/uhttpd/Makefile          | 2 +-
+ package/network/services/uhttpd/files/uhttpd.init | 3 ++-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
+index e7709941c2..30fd7b4259 100755
+--- a/package/network/services/uhttpd/files/uhttpd.init
++++ b/package/network/services/uhttpd/files/uhttpd.init
+@@ -196,7 +196,8 @@ start_instance()
+ 		append_bool "$cfg" redirect_https "-q" 0
+ 	}
+ 
+-	for file in /etc/uhttpd/*.json; do
++	config_get json_script "$cfg" json_script
++	for file in $json_script; do
+ 		[ -s "$file" ] && procd_append_param command -H "$file"
+ 	done
+ 

backports/0036-iwinfo-update-to-latest-git-HEAD.patch

@@ -0,0 +1,39 @@
+From c90fec205137d8d8c1197722a39d5c700ae3f6b1 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Mon, 21 Jun 2021 12:53:28 +0200
+Subject: [PATCH 02/36] iwinfo: update to latest git HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/network/utils/iwinfo/Makefile | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/package/network/utils/iwinfo/Makefile b/package/network/utils/iwinfo/Makefile
+index 3454d615a9..b7c8370bba 100644
+--- a/package/network/utils/iwinfo/Makefile
++++ b/package/network/utils/iwinfo/Makefile
+@@ -11,9 +11,9 @@ PKG_RELEASE:=1
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git
+-PKG_SOURCE_DATE:=2021-01-31
+-PKG_SOURCE_VERSION:=4a32b33e9606f1bc1125f4bc24b0581349e55f2e
+-PKG_MIRROR_HASH:=414e5d150efaadba21103e66f862be66a94dcf83c16a2850f7c05051a9b0739d
++PKG_SOURCE_DATE:=2021-06-09
++PKG_SOURCE_VERSION:=c0414642fead263a4a6a686ad3cb7e965ec8a23a
++PKG_MIRROR_HASH:=c5686bbae86753c53db03a686b034bbb80d31107cc359ebd8522ea1c82db35ea
+ PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+ PKG_LICENSE:=GPL-2.0
+ 
+@@ -25,7 +25,7 @@ PKG_CONFIG_DEPENDS := \
+ 	CONFIG_PACKAGE_kmod-brcm-wl-mimo \
+ 	CONFIG_PACKAGE_kmod-cfg80211
+ 
+-IWINFO_ABI_VERSION:=20210106
++IWINFO_ABI_VERSION:=20210430
+ 
+ include $(INCLUDE_DIR)/package.mk
+ 
+-- 
+2.25.1
+

backports/0037-netifd-update-to-latest-HEAD.patch

@@ -0,0 +1,105 @@
+From a622ab0c15a2f58b724362339d6b467c02ee7576 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 27 May 2021 13:24:47 +0200
+Subject: [PATCH 01/57] netifd: update to latest HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/network/config/netifd/Makefile          | 14 +++++++++-----
+ .../network/config/netifd/files/etc/udhcpc.user |  1 +
+ .../config/netifd/files/lib/netifd/dhcp.script  |  3 +++
+ .../netifd/patches/002-fix-dhcp-issue.patch     | 17 +++++++++++++++++
+ 4 files changed, 30 insertions(+), 5 deletions(-)
+ create mode 100644 package/network/config/netifd/files/etc/udhcpc.user
+ create mode 100644 package/network/config/netifd/patches/002-fix-dhcp-issue.patch
+
+diff --git a/package/network/config/netifd/Makefile b/package/network/config/netifd/Makefile
+index 7061456b08..13c1d96ed7 100644
+--- a/package/network/config/netifd/Makefile
++++ b/package/network/config/netifd/Makefile
+@@ -5,16 +5,14 @@ PKG_RELEASE:=1
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
+-PKG_SOURCE_DATE:=2021-01-09
+-PKG_SOURCE_VERSION:=c00c8335d6188daa326ecfe5a62da15a9b9987e1
+-PKG_MIRROR_HASH:=c740e51e0cec13eec336ba1c7a643db3b64a9a2235f8c1b73a566cb89e841190
++PKG_SOURCE_DATE:=2021-09-01
++PKG_SOURCE_VERSION:=300b1220fab38600f102bb8cfcc59a29ce41b095
++PKG_MIRROR_HASH:=310fa90059795b1c956f9822db712ecc58bc19725b0f05f98c9e0a6824c8ca36
+ PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+ 
+ PKG_LICENSE:=GPL-2.0
+ PKG_LICENSE_FILES:=
+ 
+-PKG_BUILD_PARALLEL:=1
+-
+ include $(INCLUDE_DIR)/package.mk
+ include $(INCLUDE_DIR)/cmake.mk
+ 
+@@ -25,6 +23,11 @@ define Package/netifd
+   TITLE:=OpenWrt Network Interface Configuration Daemon
+ endef
+ 
++define Package/netifd/conffiles
++/etc/udhcpc.user
++/etc/udhcpc.user.d/
++endef
++
+ TARGET_CFLAGS += \
+ 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
+ 	-I$(STAGING_DIR)/usr/include \
+@@ -40,6 +43,7 @@ define Package/netifd/install
+ 	$(INSTALL_DIR) $(1)/sbin
+ 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/netifd $(1)/sbin/
+ 	$(CP) ./files/* $(1)/
++	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d/
+ 	$(CP) $(PKG_BUILD_DIR)/scripts/* $(1)/lib/netifd/
+ endef
+ 
+diff --git a/package/network/config/netifd/files/etc/udhcpc.user b/package/network/config/netifd/files/etc/udhcpc.user
+new file mode 100644
+index 0000000000..78e2ba5f18
+--- /dev/null
++++ b/package/network/config/netifd/files/etc/udhcpc.user
+@@ -0,0 +1 @@
++# This script is sourced by udhcpc's dhcp.script at every DHCP event.
+diff --git a/package/network/config/netifd/files/lib/netifd/dhcp.script b/package/network/config/netifd/files/lib/netifd/dhcp.script
+index 6585b641d6..e46005d84c 100755
+--- a/package/network/config/netifd/files/lib/netifd/dhcp.script
++++ b/package/network/config/netifd/files/lib/netifd/dhcp.script
+@@ -112,5 +112,8 @@ esac
+ 
+ # user rules
+ [ -f /etc/udhcpc.user ] && . /etc/udhcpc.user "$@"
++for f in /etc/udhcpc.user.d/*; do
++	[ -f "$f" ] && (. "$f" "$@")
++done
+ 
+ exit 0
+diff --git a/package/network/config/netifd/patches/002-fix-dhcp-issue.patch b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
+new file mode 100644
+index 0000000000..6f1d2e708e
+--- /dev/null
++++ b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
+@@ -0,0 +1,17 @@
++Index: netifd-2019-08-05-5e02f944/interface.c
++===================================================================
++--- netifd-2019-08-05-5e02f944.orig/interface.c
+++++ netifd-2019-08-05-5e02f944/interface.c
++@@ -424,7 +424,11 @@ interface_main_dev_cb(struct device_user
++ 		interface_set_link_state(iface, false);
++ 		break;
++ 	case DEV_EVENT_TOPO_CHANGE:
++-		interface_proto_event(iface->proto, PROTO_CMD_RENEW, false);
+++	/* This renews the dhcp lease when the bridge adds/deletes a
+++	 * new interface. It causes some dhcp servers to fail in
+++	 * case where there are many interfaces being added to the
+++	 * bridge frequently. Disabling this for now. */
+++	/*	interface_proto_event(iface->proto, PROTO_CMD_RENEW, false); */
++ 		return;
++ 	default:
++ 		break;
+-- 
+2.25.1
+

backports/0040-mt76-update-to-latest-HEAD.patch

@@ -0,0 +1,51 @@
+From e01de214b2492e1b8001d6057211017b5f0f6f49 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 27 May 2021 13:25:41 +0200
+Subject: [PATCH 04/44] mt76: update to latest HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/kernel/mt76/Makefile | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/package/kernel/mt76/Makefile b/package/kernel/mt76/Makefile
+index e9e95fa9b3..431c57a240 100644
+--- a/package/kernel/mt76/Makefile
++++ b/package/kernel/mt76/Makefile
+@@ -8,11 +8,12 @@ PKG_LICENSE_FILES:=
+ 
+ PKG_SOURCE_URL:=https://github.com/openwrt/mt76
+ PKG_SOURCE_PROTO:=git
+-PKG_SOURCE_DATE:=2021-04-11
+-PKG_SOURCE_VERSION:=bf45b30d891961dd7c4139dddb58b909ea2c2b5a
+-PKG_MIRROR_HASH:=431cecf80dafa986e805f809522721c2bb26289867d6770695d49baf8b471bea
++PKG_SOURCE_DATE:=2021-07-15
++PKG_SOURCE_VERSION:=bbebea7d6dc64313132226adc3f7369d36e9359d
++PKG_MIRROR_HASH:=17cd74e72c1f6c8742b698bf6772afacc6fba71b233af8c4d59530600cf44d5b
+ 
+ PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
++PKG_USE_NINJA:=0
+ PKG_BUILD_PARALLEL:=1
+ 
+ PKG_CONFIG_DEPENDS += \
+@@ -155,7 +156,7 @@ define KernelPackage/mt7615-common
+   $(KernelPackage/mt76-default)
+   TITLE:=MediaTek MT7615 wireless driver common code
+   HIDDEN:=1
+-  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac
++  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac +kmod-hwmon-core
+   FILES:= $(PKG_BUILD_DIR)/mt7615/mt7615-common.ko
+ endef
+ 
+@@ -213,7 +214,7 @@ endef
+ define KernelPackage/mt7915e
+   $(KernelPackage/mt76-default)
+   TITLE:=MediaTek MT7915e wireless driver
+-  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +@DRIVER_11AX_SUPPORT
++  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +kmod-hwmon-core +kmod-thermal +@DRIVER_11AX_SUPPORT
+   FILES:= $(PKG_BUILD_DIR)/mt7915/mt7915e.ko
+   AUTOLOAD:=$(call AutoProbe,mt7915e)
+ endef
+-- 
+2.25.1
+

backports/0041-ar71xx-hacks.patch

@@ -0,0 +1,53 @@
+From d01d8c9e5cf7de98222860011d1d5b362bfde005 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Mon, 12 Jul 2021 13:09:25 +0200
+Subject: [PATCH 01/39] ar71xx: hacks
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/kernel/linux/modules/crypto.mk                 | 2 +-
+ package/kernel/mac80211/ath.mk                         | 1 +
+ target/linux/ar71xx/files/arch/mips/ath79/mach-rb91x.c | 2 ++
+ 3 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk
+index 19b0d4696b..1b1c1e1a51 100644
+--- a/package/kernel/linux/modules/crypto.mk
++++ b/package/kernel/linux/modules/crypto.mk
+@@ -882,7 +882,7 @@ define KernelPackage/crypto-sha256
+ 	CONFIG_CRYPTO_SHA256_SSSE3
+   FILES:= \
+ 	$(LINUX_DIR)/crypto/sha256_generic.ko \
+-	$(LINUX_DIR)/lib/crypto/libsha256.ko
++	$(LINUX_DIR)/lib/crypto/libsha256.ko@ge4.15
+   AUTOLOAD:=$(call AutoLoad,09,sha256_generic)
+   $(call AddDepends/crypto)
+ endef
+diff --git a/package/kernel/mac80211/ath.mk b/package/kernel/mac80211/ath.mk
+index ba03ae11a6..ad2860a98e 100644
+--- a/package/kernel/mac80211/ath.mk
++++ b/package/kernel/mac80211/ath.mk
+@@ -43,6 +43,7 @@ config-$(call config_package,ath9k) += ATH9K
+ config-$(call config_package,ath9k-common) += ATH9K_COMMON
+ config-$(call config_package,owl-loader) += ATH9K_PCI_NO_EEPROM
+ config-$(CONFIG_TARGET_ath79) += ATH9K_AHB
++config-$(CONFIG_TARGET_ar71xx) += ATH9K_AHB
+ config-$(CONFIG_TARGET_ipq40xx) += ATH10K_AHB
+ config-$(CONFIG_PCI) += ATH9K_PCI
+ config-$(CONFIG_ATH_USER_REGD) += ATH_USER_REGD ATH_REG_DYNAMIC_USER_REG_HINTS
+diff --git a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb91x.c b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb91x.c
+index 9620718962..2cdf97efd6 100644
+--- a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb91x.c
++++ b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb91x.c
+@@ -271,6 +271,8 @@ static const struct rb_board_info rb711gr100_boards[] __initconst = {
+ 	RB_BOARD_INFO("911G-5HPnD", 0),
+ 	RB_BOARD_INFO("912UAG-2HPnD", RB91X_FLAG_USB | RB91X_FLAG_PCIE),
+ 	RB_BOARD_INFO("912UAG-5HPnD", RB91X_FLAG_USB | RB91X_FLAG_PCIE),
++	RB_BOARD_INFO("RB912UAG-2HPnD", RB91X_FLAG_USB | RB91X_FLAG_PCIE),
++	RB_BOARD_INFO("RB912UAG-5HPnD", RB91X_FLAG_USB | RB91X_FLAG_PCIE),
+ };
+ 
+ static u32 rb711gr100_get_flags(const struct rb_info *info)
+-- 
+2.25.1
+

backports/0100-procd-add-uxc-support.patch

@@ -0,0 +1,170 @@
+From 8897bab871fb43701fad786c94af5d1b1ef123ae Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Sun, 25 Jul 2021 13:32:37 +0200
+Subject: [PATCH 01/46] procd: add uxc support
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/system/procd/Makefile       | 12 ++---
+ package/system/procd/files/procd.sh | 79 +++++++++++++++++++++++++++++
+ package/system/procd/files/uxc.init |  4 ++
+ 3 files changed, 89 insertions(+), 6 deletions(-)
+
+diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
+index fff9faa1bf..98f1ed1775 100644
+--- a/package/system/procd/Makefile
++++ b/package/system/procd/Makefile
+@@ -12,9 +12,9 @@ PKG_RELEASE:=$(AUTORELEASE)
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git
+-PKG_SOURCE_DATE:=2021-02-08
+-PKG_SOURCE_VERSION:=08938fe1cbc06eeaafa39448057368391d165272
+-PKG_MIRROR_HASH:=efc3deac56057e929789d44742858b2a16d976f6bfa0a2036e413d10afcaeee4
++PKG_SOURCE_DATE:=2021-08-15
++PKG_SOURCE_VERSION:=104b49d6ab25a8cf067e6d8d1f2da7defb9876d4
++PKG_MIRROR_HASH:=d13b566a14e84f6babe8b7d3dfb88e34c3dff0e97d7770d6fe71174685bca628
+ CMAKE_INSTALL:=1
+ 
+ PKG_LICENSE:=GPL-2.0
+@@ -32,7 +32,7 @@ include $(INCLUDE_DIR)/package.mk
+ include $(INCLUDE_DIR)/cmake.mk
+ 
+ ifeq ($(DUMP),)
+-  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | mkhash md5)
++  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | $(MKHASH) md5)
+ endif
+ 
+ CMAKE_OPTIONS += -DEARLY_PATH="$(TARGET_INIT_PATH)"
+@@ -82,7 +82,7 @@ endef
+ define Package/procd-seccomp
+   SECTION:=base
+   CATEGORY:=Base system
+-  DEPENDS:=@(arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
++  DEPENDS:=@(aarch64||arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
+ 	  @KERNEL_SECCOMP +libubox +libblobmsg-json
+   TITLE:=OpenWrt process seccomp helper + utrace
+ endef
+@@ -90,7 +90,7 @@ endef
+ define Package/uxc
+   SECTION:=base
+   CATEGORY:=Base system
+-  DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json
++  DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json +blockd +rpcd
+   TITLE:=OpenWrt container management
+   MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+ endef
+diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh
+index d86b7219da..3549a5a914 100644
+--- a/package/system/procd/files/procd.sh
++++ b/package/system/procd/files/procd.sh
+@@ -329,6 +329,82 @@ _procd_add_config_trigger() {
+ 	json_close_array
+ }
+ 
++_procd_add_mount_trigger() {
++	json_add_array
++	_procd_add_array_data "$1"
++	local action="$2"
++	local multi=0
++	shift ; shift
++
++	json_add_array
++	_procd_add_array_data "if"
++
++	if [ "$2" ]; then
++		json_add_array
++		_procd_add_array_data "or"
++		multi=1
++	fi
++
++	while [ "$1" ]; do
++		json_add_array
++		_procd_add_array_data "eq" "target" "$1"
++		shift
++		json_close_array
++	done
++
++	[ $multi = 1 ] && json_close_array
++
++	json_add_array
++	_procd_add_array_data "run_script" /etc/init.d/$name $action
++	json_close_array
++
++	json_close_array
++	_procd_add_timeout
++	json_close_array
++}
++
++_procd_add_action_mount_trigger() {
++	local script=$(readlink "$initscript")
++	local name=$(basename ${script:-$initscript})
++	local action="$1"
++	local mpath
++	shift
++
++	_procd_open_trigger
++	_procd_add_mount_trigger mount.add $action "$@"
++	_procd_close_trigger
++}
++
++procd_get_mountpoints() {
++	(
++		__procd_check_mount() {
++			local cfg="$1"
++			local path="${2%%/}/"
++			local target
++			config_get target "$cfg" target
++			target="${target%%/}/"
++			[ "$path" != "${path##$target}" ] && echo "${target%%/}"
++		}
++
++		config_load fstab
++		for mpath in "$@"; do
++			config_foreach __procd_check_mount mount "$mpath"
++		done
++	) | sort -u
++}
++
++_procd_add_restart_mount_trigger() {
++	local mountpoints="$(procd_get_mountpoints "$@")"
++	[ "${mountpoints//[[:space:]]}" ] &&
++		_procd_add_action_mount_trigger restart $mountpoints
++}
++
++_procd_add_reload_mount_trigger() {
++	local mountpoints="$(procd_get_mountpoints "$@")"
++	[ "${mountpoints//[[:space:]]}" ] &&
++		_procd_add_action_mount_trigger reload $mountpoints
++}
++
+ _procd_add_raw_trigger() {
+ 	json_add_array
+ 	_procd_add_array_data "$1"
+@@ -560,8 +636,11 @@ _procd_wrapper \
+ 	procd_add_raw_trigger \
+ 	procd_add_config_trigger \
+ 	procd_add_interface_trigger \
++	procd_add_mount_trigger \
+ 	procd_add_reload_trigger \
+ 	procd_add_reload_interface_trigger \
++	procd_add_reload_mount_trigger \
++	procd_add_restart_mount_trigger \
+ 	procd_open_trigger \
+ 	procd_close_trigger \
+ 	procd_open_instance \
+diff --git a/package/system/procd/files/uxc.init b/package/system/procd/files/uxc.init
+index 035c8b0b9e..1e75b796f8 100644
+--- a/package/system/procd/files/uxc.init
++++ b/package/system/procd/files/uxc.init
+@@ -16,3 +16,7 @@ boot() {
+ 	__BOOT_UXC=1
+ 	start
+ }
++
++service_triggers() {
++	procd_add_raw_trigger "mount.add" 3000 /etc/init.d/uxc boot
++}
+-- 
+2.25.1
+

backports/0101-build-create-APK-files-parrallel-to-IPK.patch

@@ -0,0 +1,174 @@
+From 0a31ac2bfc8aa43c2a5e43eac81c4647dbf2d1b7 Mon Sep 17 00:00:00 2001
+From: Paul Spooren <mail@aparcar.org>
+Date: Fri, 2 Oct 2020 23:30:30 -1000
+Subject: [PATCH 01/45] build: create APK files parrallel to IPK
+
+Create APK files based on the folder and control files of IPK packages.
+
+Signed-off-by: Paul Spooren <mail@aparcar.org>
+---
+ include/package-ipkg.mk     | 48 +++++++++++++++++++++++++------------
+ package/Makefile            |  2 ++
+ package/base-files/Makefile |  4 ++++
+ rules.mk                    |  2 ++
+ scripts/apk-make-index.sh   | 20 ++++++++++++++++
+ 5 files changed, 61 insertions(+), 15 deletions(-)
+ create mode 100755 scripts/apk-make-index.sh
+
+diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
+index c2017cd220..b0177070f8 100644
+--- a/include/package-ipkg.mk
++++ b/include/package-ipkg.mk
+@@ -102,6 +102,7 @@ ifeq ($(DUMP),)
+     ABIV_$(1):=$(if $(filter-out kmod-%,$(1)),$(ABI_VERSION))
+     PDIR_$(1):=$(call FeedPackageDir,$(1))
+     IPKG_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).ipk
++    APK_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).apk
+     IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1)
+     KEEP_$(1):=$(strip $(call Package/$(1)/conffiles))
+ 
+@@ -200,7 +201,7 @@ $(_endef)
+     $(PKG_INFO_DIR)/$(1).provides $$(IPKG_$(1)): $(STAMP_BUILT) $(INCLUDE_DIR)/package-ipkg.mk
+ 	@rm -rf $$(IDIR_$(1)); \
+ 		$$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_ipkg_wildcard,$(1))))
+-	mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/CONTROL $(PKG_INFO_DIR)
++	mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1)) $(PKG_INFO_DIR)
+ 	$(call Package/$(1)/install,$$(IDIR_$(1)))
+ 	$(if $(Package/$(1)/install-overlay),mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/rootfs-overlay)
+ 	$(call Package/$(1)/install-overlay,$$(IDIR_$(1))/rootfs-overlay)
+@@ -226,6 +227,37 @@ $(_endef)
+ 		) || true \
+ 	)
+     endif
++
++    ifneq ($$(KEEP_$(1)),)
++		@( \
++			keepfiles=""; \
++			for x in $$(KEEP_$(1)); do \
++				[ -f "$$(IDIR_$(1))/$$$$x" ] || keepfiles="$$$${keepfiles:+$$$$keepfiles }$$$$x"; \
++			done; \
++			[ -z "$$$$keepfiles" ] || { \
++				mkdir -p $$(IDIR_$(1))/lib/upgrade/keep.d; \
++				for x in $$$$keepfiles; do echo $$$$x >> $$(IDIR_$(1))/lib/upgrade/keep.d/$(1); done; \
++			}; \
++		)
++    endif
++
++	$(INSTALL_DIR) $$(PDIR_$(1))
++
++	$(FAKEROOT) apk mkpkg \
++	  --info "name:$(1)" \
++	  --info "version:$(VERSION)" \
++	  --info "description:$()" \
++	  --info "arch:$(PKGARCH)" \
++	  --info "license:$(LICENSE)" \
++	  --info "origin:$(SOURCE)" \
++	  --info "maintainer:$(MAINTAINER)" \
++	  $$(foreach dep,$$(Package/$(1)/DEPENDS),--info "depends:$$(subst $$(comma),,$$(dep))") \
++	  --files "$$(IDIR_$(1))" \
++	  --output "$$(APK_$(1))" \
++	  --sign "$(BUILD_KEY_APK_SEC)"
++
++	mkdir -p $$(IDIR_$(1))/CONTROL
++
+ 	(cd $$(IDIR_$(1))/CONTROL; \
+ 		( \
+ 			echo "$$$$CONTROL"; \
+@@ -249,20 +281,6 @@ $(_endef)
+ 		$($(1)_COMMANDS) \
+ 	)
+ 
+-    ifneq ($$(KEEP_$(1)),)
+-		@( \
+-			keepfiles=""; \
+-			for x in $$(KEEP_$(1)); do \
+-				[ -f "$$(IDIR_$(1))/$$$$x" ] || keepfiles="$$$${keepfiles:+$$$$keepfiles }$$$$x"; \
+-			done; \
+-			[ -z "$$$$keepfiles" ] || { \
+-				mkdir -p $$(IDIR_$(1))/lib/upgrade/keep.d; \
+-				for x in $$$$keepfiles; do echo $$$$x >> $$(IDIR_$(1))/lib/upgrade/keep.d/$(1); done; \
+-			}; \
+-		)
+-    endif
+-
+-	$(INSTALL_DIR) $$(PDIR_$(1))
+ 	$(FAKEROOT) $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
+ 	@[ -f $$(IPKG_$(1)) ]
+ 
+diff --git a/package/Makefile b/package/Makefile
+index ec503dc527..18a19fff13 100644
+--- a/package/Makefile
++++ b/package/Makefile
+@@ -60,6 +60,7 @@ $(curdir)/merge-index: $(curdir)/merge
+ 
+ ifndef SDK
+   $(curdir)/compile: $(curdir)/system/opkg/host/compile
++  $(patsubst %,$(curdir)/%/compile,$(filter-out %/apk/host,$($(curdir)/builddirs))): $(curdir)/system/apk/host/compile
+ endif
+ 
+ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DEVICE_ROOTFS),$(curdir)/merge-index)
+@@ -84,6 +85,7 @@ $(curdir)/index: FORCE
+ 	@for d in $(PACKAGE_SUBDIRS); do ( \
+ 		mkdir -p $$d; \
+ 		cd $$d || continue; \
++		$(SCRIPT_DIR)/apk-make-index.sh . 2>&1; \
+ 		$(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages.manifest; \
+ 		grep -vE '^(Maintainer|LicenseFiles|Source|SourceName|Require|SourceDateEpoch)' Packages.manifest > Packages; \
+ 		case "$$(((64 + $$(stat -L -c%s Packages)) % 128))" in 110|111) \
+diff --git a/package/base-files/Makefile b/package/base-files/Makefile
+index 8a1ddf96f5..9db4812981 100644
+--- a/package/base-files/Makefile
++++ b/package/base-files/Makefile
+@@ -107,6 +107,10 @@ ifdef CONFIG_SIGNED_PACKAGES
+ 	[ -s $(BUILD_KEY).ucert ] || \
+ 		$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p $(BUILD_KEY).pub -s $(BUILD_KEY)
+ 
++	[ -s $(BUILD_KEY_APK_SEC) -a -s $(BUILD_KEY_APK_PUB) ] || \
++		openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC); \
++		openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB)
++
+   endef
+ 
+ ifndef CONFIG_BUILDBOT
+diff --git a/rules.mk b/rules.mk
+index f31d9bb113..de81b65d46 100644
+--- a/rules.mk
++++ b/rules.mk
+@@ -258,6 +258,8 @@ else
+ endif
+ 
+ BUILD_KEY=$(TOPDIR)/key-build
++BUILD_KEY_APK_SEC=$(TOPDIR)/private-key.pem
++BUILD_KEY_APK_PUB=$(TOPDIR)/public-key.pem
+ 
+ FAKEROOT:=$(STAGING_DIR_HOST)/bin/fakeroot
+ 
+diff --git a/scripts/apk-make-index.sh b/scripts/apk-make-index.sh
+new file mode 100755
+index 0000000000..df1f1a2e2b
+--- /dev/null
++++ b/scripts/apk-make-index.sh
+@@ -0,0 +1,20 @@
++#!/usr/bin/env bash
++set -e
++
++pkg_dir=$1
++
++if [ -z "$pkg_dir" ] || [ ! -d "$pkg_dir" ]; then
++	echo "Usage: apk-make-index <package_directory>" >&2
++	exit 1
++fi
++
++(
++	cd "$pkg_dir" || exit 1
++	GLOBIGNORE="kernel*:libc*"
++	set -- *.apk
++	if [ "$1" = '*.apk' ]; then
++		echo "No APK packages found"
++	fi
++	apk index --output APKINDEX.tar.gz "$@"
++	unset GLOBIGNORE
++)
+-- 
+2.25.1
+

backports/0102-fstools-update-to-git-HEAD.patch

@@ -0,0 +1,69 @@
+From 2239c3c87a723bee8efa64ecf22c61a15433517e Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sun, 25 Jul 2021 01:20:31 +0100
+Subject: [PATCH 102/146] fstools: update to git HEAD
+
+ bad1835 fstools: add partname volume driver
+ 19d7d93 libfstools: partname: several fixes
+ 3c38f0c libfstools: fix build with glibc
+ d05ad93 libfstools: remove superflus include
+ 964d1e3 partname: allow skipping existing 'rootfs_data' partition
+ c44b40b overlay: fix syncronizing typo
+ b5397a1 fstools: block: fix segfault on mount with no target
+ bd7cc8d block: use dynamically allocated target string
+ 6d8450e blockd: use allocated strings instead of fixed buffers
+ d47909e libblkid-tiny: fix buffer overflow
+ 67d2297 block: match device path instead of assuming /dev/%s
+ 2aeba88 block: allow autofs and umount commands also on MTD/UBI
+ 3d40a1b blockd: add missing #define _GNU_SOURCE
+ 4d4dcfb blockd: detect mountpoint of /dev/mapper/*
+ 2f42515 block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging
+ 39558a1 blockd: also send ubus notification on mount hotplug
+ 3386b6b blockd: fix trigger name
+ cdc9939 blockd: move to its own POSIX process group
+ 59f7c11 blockd: create mountpoint parent folder if needed
+ 9cc96af Revert "block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging"
+ 06334ac Revert "blockd: detect mountpoint of /dev/mapper/*"
+ 9ab3551 block: use /dev/dm-* instead of /dev/mapper/*
+ 5114595 block: allow remove hotplug event to arrive at blockd
+ a846c6b blockd: fix length of timeout int passed to ioctl
+ 1d681ca block: support umount device basename
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ package/system/fstools/Makefile          | 6 +++---
+ package/system/fstools/files/blockd.init | 1 +
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/package/system/fstools/Makefile b/package/system/fstools/Makefile
+index 2da508d541..b582a17bae 100644
+--- a/package/system/fstools/Makefile
++++ b/package/system/fstools/Makefile
+@@ -12,9 +12,9 @@ PKG_RELEASE:=1
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/fstools.git
+-PKG_MIRROR_HASH:=a485792d90c71cd4fb396ce97f42a57ee4d2a3d78e5f3fd0748270ffb14209e6
+-PKG_SOURCE_DATE:=2021-01-04
+-PKG_SOURCE_VERSION:=c53b18820756f6f32ad0782d3bf489422b7c4ad3
++PKG_MIRROR_HASH:=6a457b812166e04e2244ee1be92a4957666b5d1554315c0e18db1b30376cc617
++PKG_SOURCE_DATE:=2021-07-28
++PKG_SOURCE_VERSION:=cc63933faedd8d4fcdabb872cf4661ac04fe4ba2
+ CMAKE_INSTALL:=1
+ 
+ PKG_LICENSE:=GPL-2.0
+diff --git a/package/system/fstools/files/blockd.init b/package/system/fstools/files/blockd.init
+index a4ce57d40d..bdd8bbf622 100755
+--- a/package/system/fstools/files/blockd.init
++++ b/package/system/fstools/files/blockd.init
+@@ -16,6 +16,7 @@ reload_service() {
+ start_service() {
+ 	procd_open_instance
+ 	procd_set_param command "$PROG"
++	procd_set_param watch block
+ 	procd_set_param respawn
+ 	procd_close_instance
+ }
+-- 
+2.25.1
+

backports/0103-tools-libressl-update-to-3.3.3.patch

@@ -0,0 +1,40 @@
+From c40bb49f31443d9c03043c4361e4af56e5c3eba4 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 19 Jun 2021 14:45:11 -0700
+Subject: [PATCH 103/146] tools/libressl: update to 3.3.3
+
+Fix wrong FPIC variable usage. Fixes compilation under sparc64 host.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+(cherry picked from commit bf4dbbb55e2b8e23f186e1334f1e9ce6a3a8ddfe)
+---
+ tools/libressl/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tools/libressl/Makefile b/tools/libressl/Makefile
+index 2b5a33450c..e25b5661ee 100644
+--- a/tools/libressl/Makefile
++++ b/tools/libressl/Makefile
+@@ -8,8 +8,8 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=libressl
+-PKG_VERSION:=3.3.1
+-PKG_HASH:=a6d331865e0164a13ac85a228e52517f7cf8f8488f2f95f34e7857302f97cfdb
++PKG_VERSION:=3.3.3
++PKG_HASH:=a471565b36ccd1a70d0bd7d37c6e95c43a26a62829b487d9d2cdebfe58be3066
+ PKG_RELEASE:=1
+ 
+ PKG_CPE_ID:=cpe:/a:openbsd:libressl
+@@ -25,7 +25,7 @@ include $(INCLUDE_DIR)/host-build.mk
+ 
+ HOSTCC := $(HOSTCC_NOCACHE)
+ HOST_CONFIGURE_ARGS += --enable-static --disable-shared --disable-tests
+-HOST_CFLAGS += $(FPIC)
++HOST_CFLAGS += $(HOST_FPIC)
+ 
+ ifeq ($(GNU_HOST_NAME),x86_64-linux-gnux32)
+ HOST_CONFIGURE_ARGS += --disable-asm
+-- 
+2.25.1
+

backports/0105-apk-backport-package.patch

@@ -0,0 +1,312 @@
+From 6741963067c4be8999896a5e653dc0d72487e392 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Fri, 13 Aug 2021 08:47:11 +0200
+Subject: [PATCH 06/46] apk: backport package
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/system/apk/Makefile                   | 93 +++++++++++++++++++
+ ...vel@lists.alpinelinux.org-4a6a0840.rsa.pub |  9 ++
+ ...vel@lists.alpinelinux.org-5243ef4b.rsa.pub |  9 ++
+ ...vel@lists.alpinelinux.org-5261cecb.rsa.pub |  9 ++
+ package/system/apk/files/alpine-repositories  |  3 +
+ .../apk/patches/000-Makefile-version.patch    | 11 +++
+ .../patches/0001-remove-doc-generation.patch  | 21 +++++
+ package/system/apk/patches/100-link.patch     | 16 ++++
+ package/system/apk/patches/100-phtread.patch  | 12 +++
+ ...ude-limits.h-to-fix-build-with-glibc.patch | 20 ++++
+ package/system/apk/test.sh                    |  9 ++
+ 11 files changed, 212 insertions(+)
+ create mode 100644 package/system/apk/Makefile
+ create mode 100644 package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+ create mode 100644 package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+ create mode 100644 package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+ create mode 100644 package/system/apk/files/alpine-repositories
+ create mode 100644 package/system/apk/patches/000-Makefile-version.patch
+ create mode 100644 package/system/apk/patches/0001-remove-doc-generation.patch
+ create mode 100644 package/system/apk/patches/100-link.patch
+ create mode 100644 package/system/apk/patches/100-phtread.patch
+ create mode 100644 package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch
+ create mode 100644 package/system/apk/test.sh
+
+diff --git a/package/system/apk/Makefile b/package/system/apk/Makefile
+new file mode 100644
+index 0000000000..335f50c155
+--- /dev/null
++++ b/package/system/apk/Makefile
+@@ -0,0 +1,93 @@
++include $(TOPDIR)/rules.mk
++
++PKG_NAME:=apk
++PKG_VERSION:=3.0.0_pre0
++
++PKG_SOURCE_PROTO:=git
++PKG_SOURCE_URL:=https://git.alpinelinux.org/apk-tools.git
++PKG_SOURCE_DATE:=2021-08-17
++PKG_SOURCE_VERSION:=a46043bcc4cc15b456ef1eac5c5f9d93bd905d53
++PKG_MIRROR_HASH:=e16fd04b18043e78a177acd8c6958fa03fd1484b62c879c2dd0bed8ce9c50625
++PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_DATE)-$(call version_abbrev,$(PKG_SOURCE_VERSION))
++PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
++HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_SOURCE_SUBDIR)
++PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.xz
++PKG_RELEASE:=r$(PKG_SOURCE_DATE)-$(call version_abbrev,$(PKG_SOURCE_VERSION))-$(AUTORELEASE)
++
++PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
++PKG_LICENSE:=GPL-2.0-only
++PKG_LICENSE_FILES:=LICENSE
++
++PKG_INSTALL:=1
++PKG_BUILD_PARALLEL:=1
++
++HOST_BUILD_DEPENDS:=lua/host lua-lzlib/host
++PKG_BUILD_DEPENDS:=$(HOST_BUILD_DEPENDS)
++
++include $(INCLUDE_DIR)/package.mk
++include $(INCLUDE_DIR)/host-build.mk
++
++define Package/apk
++  SECTION:=utils
++  CATEGORY:=Utilities
++  TITLE:=apk package manager
++  DEPENDS:=+liblua +libopenssl +zlib @!arc
++  URL:=$(PKG_SOURCE_URL)
++endef
++
++define Package/alpine-keys
++  SECTION:=utils
++  CATEGORY:=Utilities
++  TITLE:=Alpine apk public signing keys
++  DEPENDS:=apk
++endef
++
++define Package/alpine-repositories
++  SECTION:=utils
++  CATEGORY:=Utilities
++  TITLE:=Official Alpine repositories
++  DEPENDS:=apk
++endef
++
++MAKE_FLAGS += \
++	LUA=$(STAGING_DIR_HOSTPKG)/bin/lua \
++	LUA_VERSION=5.1 \
++	LUA_PC=lua
++
++HOST_MAKE_FLAGS += \
++	LUA=$(STAGING_DIR_HOSTPKG)/bin/lua \
++	LUA_VERSION=5.1 \
++	DESTDIR=$(STAGING_DIR_HOSTPKG) \
++	SBINDIR=/bin \
++	PREFIX=
++
++HOST_LDFLAGS+=-Wl,-rpath=$(STAGING_DIR_HOSTPKG)/lib -lpthread
++
++define Package/apk/install
++	$(INSTALL_DIR) $(1)/lib/apk/db
++
++	$(INSTALL_DIR) $(1)/bin
++	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/apk $(1)/bin/apk
++
++	$(INSTALL_DIR) $(1)/usr/lib
++	$(CP) $(PKG_INSTALL_DIR)/lib/*.so.* $(1)/usr/lib/
++
++	$(INSTALL_DIR) $(1)/etc/apk/
++	echo $(ARCH) > $(1)/etc/apk/arch
++	touch $(1)/etc/apk/world
++endef
++
++define Package/alpine-keys/install
++	$(INSTALL_DIR) $(1)/etc/apk/keys
++	$(INSTALL_DATA) ./files/alpine-keys/* $(1)/etc/apk/keys
++endef
++
++define Package/alpine-repositories/install
++	$(INSTALL_DIR) $(1)/etc/apk/keys
++	$(INSTALL_DATA) ./files/alpine-repositories $(1)/etc/apk/repositories
++endef
++
++$(eval $(call BuildPackage,apk))
++$(eval $(call BuildPackage,alpine-keys))
++$(eval $(call BuildPackage,alpine-repositories))
++$(eval $(call HostBuild))
+diff --git a/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+new file mode 100644
+index 0000000000..bb4bdc80fd
+--- /dev/null
++++ b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+@@ -0,0 +1,9 @@
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe
++qxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O
++Q0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA
++jixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R
++L5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo
++GuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B
++ywIDAQAB
++-----END PUBLIC KEY-----
+diff --git a/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+new file mode 100644
+index 0000000000..6cbfad7441
+--- /dev/null
++++ b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+@@ -0,0 +1,9 @@
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNijDxJ8kloskKQpJdx+
++mTMVFFUGDoDCbulnhZMJoKNkSuZOzBoFC94omYPtxnIcBdWBGnrm6ncbKRlR+6oy
++DO0W7c44uHKCFGFqBhDasdI4RCYP+fcIX/lyMh6MLbOxqS22TwSLhCVjTyJeeH7K
++aA7vqk+QSsF4TGbYzQDDpg7+6aAcNzg6InNePaywA6hbT0JXbxnDWsB+2/LLSF2G
++mnhJlJrWB1WGjkz23ONIWk85W4S0XB/ewDefd4Ly/zyIciastA7Zqnh7p3Ody6Q0
++sS2MJzo7p3os1smGjUF158s6m/JbVh4DN6YIsxwl2OjDOz9R0OycfJSDaBVIGZzg
++cQIDAQAB
++-----END PUBLIC KEY-----
+diff --git a/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+new file mode 100644
+index 0000000000..83f0658e9c
+--- /dev/null
++++ b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+@@ -0,0 +1,9 @@
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0
++cGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX
++yHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j
++g01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB
++Ca1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY
++sWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw
++wwIDAQAB
++-----END PUBLIC KEY-----
+diff --git a/package/system/apk/files/alpine-repositories b/package/system/apk/files/alpine-repositories
+new file mode 100644
+index 0000000000..5babbb23b4
+--- /dev/null
++++ b/package/system/apk/files/alpine-repositories
+@@ -0,0 +1,3 @@
++https://dl-cdn.alpinelinux.org/alpine/edge/main
++https://dl-cdn.alpinelinux.org/alpine/edge/community
++
+diff --git a/package/system/apk/patches/000-Makefile-version.patch b/package/system/apk/patches/000-Makefile-version.patch
+new file mode 100644
+index 0000000000..2e7f5b0f15
+--- /dev/null
++++ b/package/system/apk/patches/000-Makefile-version.patch
+@@ -0,0 +1,11 @@
++--- a/Makefile
+++++ b/Makefile
++@@ -4,7 +4,7 @@
++ -include config.mk
++ 
++ PACKAGE := apk-tools
++-VERSION := 2.12.0
+++VERSION := 3.0.0_pre0
++ 
++ export VERSION
++ 
+diff --git a/package/system/apk/patches/0001-remove-doc-generation.patch b/package/system/apk/patches/0001-remove-doc-generation.patch
+new file mode 100644
+index 0000000000..dee05c56f2
+--- /dev/null
++++ b/package/system/apk/patches/0001-remove-doc-generation.patch
+@@ -0,0 +1,21 @@
++From b05a93c48fdbb50f0c464310dc2ce45777d32ea2 Mon Sep 17 00:00:00 2001
++From: Paul Spooren <mail@aparcar.org>
++Date: Fri, 2 Oct 2020 14:08:52 -1000
++Subject: [PATCH] remove doc generation
++
++Signed-off-by: Paul Spooren <mail@aparcar.org>
++---
++ Makefile | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++--- a/Makefile
+++++ b/Makefile
++@@ -25,7 +25,7 @@ export DESTDIR SBINDIR LIBDIR CONFDIR MA
++ ##
++ # Top-level subdirs
++ 
++-subdirs		:= libfetch/ src/ doc/
+++subdirs		:= libfetch/ src/
++ 
++ ##
++ # Include all rules and stuff
+diff --git a/package/system/apk/patches/100-link.patch b/package/system/apk/patches/100-link.patch
+new file mode 100644
+index 0000000000..9cae2787d9
+--- /dev/null
++++ b/package/system/apk/patches/100-link.patch
+@@ -0,0 +1,16 @@
++diff -urN apk-2021-08-17-a46043bc.orig/src/Makefile apk-2021-08-17-a46043bc/src/Makefile
++--- apk-2021-08-17-a46043bc.orig/src/Makefile	2021-08-17 14:21:04.117760513 +0200
+++++ apk-2021-08-17-a46043bc/src/Makefile	2021-08-17 14:21:16.653830180 +0200
++@@ -65,7 +65,11 @@
++ 	app_convdb.o app_convndx.o app_del.o app_dot.o app_extract.o app_fetch.o \
++ 	app_fix.o app_index.o app_info.o app_list.o app_manifest.o app_mkndx.o \
++ 	app_mkpkg.o app_policy.o app_update.o app_upgrade.o app_search.o \
++-	app_stats.o app_verify.o app_version.o app_vertest.o applet.o
+++	app_stats.o app_verify.o app_version.o app_vertest.o applet.o \
+++	adb.o adb_comp.o adb_walk_adb.o adb_walk_genadb.o adb_walk_gentext.o adb_walk_text.o apk_adb.o \
+++	atom.o blob.o commit.o common.o context.o crypto_openssl.o database.o hash.o \
+++	extract.o extract_v2.o extract_v3.o io.o io_gunzip.o io_url.o tar.o \
+++	package.o pathbuilder.o print.o solver.o trust.o version.o
++ 
++ ifeq ($(ADB),y)
++ libapk.so.$(libapk_soname)-objs += apk_adb.o
+diff --git a/package/system/apk/patches/100-phtread.patch b/package/system/apk/patches/100-phtread.patch
+new file mode 100644
+index 0000000000..c252e14dc1
+--- /dev/null
++++ b/package/system/apk/patches/100-phtread.patch
+@@ -0,0 +1,12 @@
++diff -urN apk-2021-07-23-3d203e8f.orig/src/Makefile apk-2021-07-23-3d203e8f/src/Makefile
++--- apk-2021-07-23-3d203e8f.orig/src/Makefile	2021-07-25 12:55:05.576564663 +0200
+++++ apk-2021-07-23-3d203e8f/src/Makefile	2021-07-25 12:55:48.660862181 +0200
++@@ -87,7 +87,7 @@
++ apk.static-libs		:= $(apk-static-libs)
++ LDFLAGS_apk.static	:= -static
++ LIBS_apk.static		:= -Wl,--as-needed -ldl -Wl,--no-as-needed
++-LDFLAGS_apk		+= -L$(obj)
+++LDFLAGS_apk		+= -L$(obj) -pthread
++ LDFLAGS_apk-test	+= -L$(obj)
++ 
++ CFLAGS_ALL		+= $(OPENSSL_CFLAGS) $(ZLIB_CFLAGS)
+diff --git a/package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch b/package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch
+new file mode 100644
+index 0000000000..43ec7d5f1a
+--- /dev/null
++++ b/package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch
+@@ -0,0 +1,20 @@
++From c72ea983e287ec1d8b1f2b3aab1bf40aa7a30b03 Mon Sep 17 00:00:00 2001
++From: Daniel Golle <daniel@makrotopia.org>
++Date: Wed, 4 Aug 2021 21:37:40 +0100
++Subject: [PATCH] tar: include <limits.h> to fix build with glibc
++
++Signed-off-by: Daniel Golle <daniel@makrotopia.org>
++---
++ src/tar.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/src/tar.c
+++++ b/src/tar.c
++@@ -9,6 +9,7 @@
++ 
++ #include <sys/stat.h>
++ #include <sys/sysmacros.h>
+++#include <limits.h> /* for SSIZE_MAX with glibc */
++ 
++ #include "apk_defines.h"
++ #include "apk_tar.h"
+diff --git a/package/system/apk/test.sh b/package/system/apk/test.sh
+new file mode 100644
+index 0000000000..814777fd70
+--- /dev/null
++++ b/package/system/apk/test.sh
+@@ -0,0 +1,9 @@
++#!/bin/sh
++
++case "$1" in
++    "apk")
++        apk --version | grep "${2/-r*/}"
++        ;;
++    *)
++        return 0;
++esac
+-- 
+2.25.1
+

backports/0106-lua-lzlib-backport-package.patch

@@ -0,0 +1,104 @@
+From 900d18f3ae2cd5bb3d8d6e2584d2280cb5302e01 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Fri, 13 Aug 2021 08:48:02 +0200
+Subject: [PATCH 106/146] lua-lzlib: backport package
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/libs/lua-lzlib/Makefile               | 64 +++++++++++++++++++
+ .../patches/001-allow_optim_flags.patch       | 12 ++++
+ 2 files changed, 76 insertions(+)
+ create mode 100644 package/libs/lua-lzlib/Makefile
+ create mode 100644 package/libs/lua-lzlib/patches/001-allow_optim_flags.patch
+
+diff --git a/package/libs/lua-lzlib/Makefile b/package/libs/lua-lzlib/Makefile
+new file mode 100644
+index 0000000000..5e0a16b135
+--- /dev/null
++++ b/package/libs/lua-lzlib/Makefile
+@@ -0,0 +1,64 @@
++#
++# Copyright (C) 2015 OpenWrt.org
++#
++# This is free software, licensed under the GNU General Public License v2.
++# See /LICENSE for more information.
++#
++
++include $(TOPDIR)/rules.mk
++
++PKG_NAME:=lua-lzlib
++PKG_VERSION:=0.4.3
++PKG_RELEASE:=1
++PKG_MAINTAINER:=Dirk Chang <dirk@kooiot.com>
++PKG_LICENSE:=MIT
++
++PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
++PKG_MIRROR_HASH:=b6ef5e3f04b7f2137b39931a175ee802489a2486e70537770919bcccca10e723
++PKG_SOURCE_URL:=https://github.com/LuaDist/lzlib.git
++PKG_SOURCE_PROTO:=git
++PKG_SOURCE_VERSION:=79329a07d8f79c19eadd7ea2752b4c4e1574b015
++PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
++
++HOST_BUILD_DEPENDS:=lua/host
++
++include $(INCLUDE_DIR)/package.mk
++include $(INCLUDE_DIR)/host-build.mk
++
++define Package/lua-lzlib
++  SUBMENU:=Lua
++  SECTION:=lang
++  CATEGORY:=Languages
++  TITLE:=Lua zlib binding
++  URL:=http://github.com/LuaDist/lzlib
++  DEPENDS:= +lua +zlib
++endef
++
++define Package/lua-lzlib/description
++	A library to access zlib library functions and also to read/write gzip files using an interface similar to the base io package. 
++endef
++
++MAKE_FLAGS += \
++	LUA="$(STAGING_DIR)/usr" \
++	OFLAGS="$(TARGET_CFLAGS)" \
++
++HOST_MAKE_FLAGS += \
++	LUA="$(STAGING_DIR_HOSTPKG)" \
++	OFLAGS="$(HOST_CFLAGS)" \
++
++define Package/lua-lzlib/install
++	$(INSTALL_DIR) $(1)/usr/lib/lua
++	$(INSTALL_BIN) $(PKG_BUILD_DIR)/zlib.so $(1)/usr/lib/lua/
++
++	$(INSTALL_DATA) $(PKG_BUILD_DIR)/gzip.lua $(1)/usr/lib/lua/
++endef
++
++define Host/Install
++	$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/lib/lua/5.1
++	$(INSTALL_BIN) $(HOST_BUILD_DIR)/zlib.so $(STAGING_DIR_HOSTPKG)/lib/lua/5.1
++
++	$(INSTALL_DATA) $(HOST_BUILD_DIR)/gzip.lua $(STAGING_DIR_HOSTPKG)/lib/lua/5.1
++endef
++
++$(eval $(call BuildPackage,lua-lzlib))
++$(eval $(call HostBuild))
+diff --git a/package/libs/lua-lzlib/patches/001-allow_optim_flags.patch b/package/libs/lua-lzlib/patches/001-allow_optim_flags.patch
+new file mode 100644
+index 0000000000..78f981d237
+--- /dev/null
++++ b/package/libs/lua-lzlib/patches/001-allow_optim_flags.patch
+@@ -0,0 +1,12 @@
++--- a/Makefile
+++++ b/Makefile
++@@ -14,7 +14,8 @@ LUABIN= $(LUA)/bin
++ ZLIB=../zlib-1.2.3
++ 
++ # no need to change anything below here
++-CFLAGS= $(INCS) $(DEFS) $(WARN) -O0 -fPIC
+++CFLAGS= $(INCS) $(DEFS) $(WARN) $(OFLAGS) -fPIC
+++OFLAGS= -O0
++ WARN= -g -Werror -Wall -pedantic #-ansi
++ INCS= -I$(LUAINC) -I$(ZLIB)
++ LIBS= -L$(ZLIB) -lz -L$(LUALIB) -L$(LUABIN) #-llua51
+-- 
+2.25.1
+

backports/0107-lua-make-it-easier-to-detect-host-built-Lua.patch

@@ -0,0 +1,35 @@
+From 5c8a575ec759105e63a3aad033289d124516ec69 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sat, 10 Jul 2021 20:21:26 +0100
+Subject: [PATCH 107/146] lua: make it easier to detect host-built Lua
+
+Install pkg-config file also for host-build, clean up Lua symlinks.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+(cherry picked from commit 315f52e0f3bfa3d65ad14ca21a696c6d31c4edcd)
+---
+ package/utils/lua/Makefile | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/package/utils/lua/Makefile b/package/utils/lua/Makefile
+index a54ef7d25a..be18880cb1 100644
+--- a/package/utils/lua/Makefile
++++ b/package/utils/lua/Makefile
+@@ -134,8 +134,12 @@ define Host/Install
+ 		INSTALL_TOP="$(STAGING_DIR_HOSTPKG)" \
+ 		install
+ 
+-	$(LN) $(STAGING_DIR_HOSTPKG)/bin/lua5.1 $(STAGING_DIR_HOSTPKG)/bin/lua
+-	$(LN) $(STAGING_DIR_HOSTPKG)/bin/luac5.1 $(STAGING_DIR_HOSTPKG)/bin/luac
++	$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/lib/pkgconfig
++	$(CP) $(HOST_BUILD_DIR)/etc/lua.pc $(STAGING_DIR_HOSTPKG)/lib/pkgconfig/lua5.1.pc
++
++	$(LN) lua5.1 $(STAGING_DIR_HOSTPKG)/bin/lua
++	$(LN) luac5.1 $(STAGING_DIR_HOSTPKG)/bin/luac
++	$(LN) lua5.1.pc $(STAGING_DIR_HOSTPKG)/lib/pkgconfig/lua.pc
+ endef
+ 
+ define Build/InstallDev
+-- 
+2.25.1
+

config.yml

@@ -1,7 +1,8 @@
 repo:  https://github.com/openwrt/openwrt.git
-branch: openwrt-24.10
-revision: v24.10.3
+branch: openwrt-21.02
+revision: 6fd65c657351908302b37447675ee352ec927d93
 output_dir: ./output
 
 patch_folders:
-  - patches-24.10
+  - backports/
+  - patches/

docker/Dockerfile

@@ -3,7 +3,7 @@ FROM ubuntu:20.04
 RUN apt-get update \
     && DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata \
     && apt-get install -y \
-            time git-core build-essential gcc-multilib clang \
+            time git-core build-essential gcc-multilib \
             libncurses5-dev zlib1g-dev gawk flex gettext wget unzip python \
             python3 python3-pip python3-yaml libssl-dev rsync \
     && apt-get clean

feeds/bluetooth/bluetooth-6lowpand/Makefile

@@ -0,0 +1,53 @@
+#
+# Copyright (C) 2016 Nordic Semiconductor ASA.
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=bluetooth-6lowpand
+PKG_VERSION:=0.0.1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/NordicSemiconductor/Linux-ble-6lowpan-joiner.git
+PKG_SOURCE_VERSION:=5ce5b248846a6d4ac4a609eb0e8d023cf920b247
+PKG_SOURCE_PROTO:=git
+
+BLUEZ_DIR:=$(wildcard $(BUILD_DIR)/bluez-*)
+
+TARGET_CFLAGS += -I$(BLUEZ_DIR)
+TARGET_LDFLAGS += -L$(BLUEZ_DIR)/lib/.libs/ -L$(BLUEZ_DIR)/src/.libs/ -lshared-mainloop -lbluetooth-internal
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/bluetooth-6lowpand
+  SECTION:=base
+  CATEGORY:=Network
+  TITLE:=Bluetooth LE 6lowpan joiner daemon
+  URL:=http://www.nordicsemi.com/
+  DEPENDS:=+libusb-1.0 +bluez-libs
+endef
+
+define Package/bluetooth-6lowpand/description
+  Bluetooth Low Energy IPSP device scanner and connection daemon. 
+  The Daemon can be used to whitelist certain IPSP Bluetooth LE MAC
+  addresses, or autoconnect using SSID and Key derived from Wifi AP 
+  setup to authenticate the devices in order to connect. Also, manual 
+  configuration of software SSID and Key can be used.
+endef
+
+define Package/bluetooth-6lowpand/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/bluetooth_6lowpand.init $(1)/etc/init.d/bluetooth_6lowpand
+
+	$(INSTALL_DIR) $(1)/etc/bluetooth
+	$(INSTALL_DATA) ./files/bluetooth_6lowpand.conf $(1)/etc/bluetooth
+
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/bluetooth_6lowpand $(1)/usr/sbin
+endef
+
+$(eval $(call BuildPackage,bluetooth-6lowpand))

feeds/bluetooth/bluetooth-6lowpand/files/bluetooth_6lowpand.init

@@ -0,0 +1,24 @@
+#!/bin/sh /etc/rc.common
+
+START=63
+PROG=/usr/sbin/bluetooth_6lowpand
+HCICONFIG=/usr/bin/hciconfig
+
+start() {
+	config_load btle
+	config_get enable bluetooth_6lowpand enable 0
+	[ "$enable" -eq 1 ] || return
+	echo "start bluetooth_6lowpand"
+	sleep 1
+	echo 1 > /sys/kernel/debug/bluetooth/6lowpan_enable
+	sleep 1
+	killall bluetoothd
+	sleep 1
+	$HCICONFIG hci0 reset
+	$PROG -w 3 -t 5 -a -d
+}
+
+stop() {
+	echo "stop bluetooth_6lowpand"
+	killall -9 bluetooth_6lowpand
+}

feeds/bluetooth/bluez-ibeacon/Makefile

@@ -0,0 +1,33 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=bluez-ibeacon
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL=https://github.com/blogic/bluez-ibeacon
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2022-10-31
+PKG_SOURCE_VERSION:=07c082bf3e139ce061ff62a42b7876860256f4ea
+
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+PKG_LICENSE:=MIT
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/bluez-ibeacon
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=bluez-ibeacon
+  DEPENDS:=+bluez-libs
+endef
+
+define Build/Compile
+	$(MAKE_VARS) $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/bluez-beacon $(MAKE_FLAGS)
+endef
+
+define Package/bluez-ibeacon/install
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bluez-beacon/ibeacon $(1)/usr/sbin/
+	$(INSTALL_BIN) ./files/ibeacon $(1)/etc/init.d/ibeacon
+endef
+
+$(eval $(call BuildPackage,bluez-ibeacon))

feeds/bluetooth/bluez-ibeacon/files/ibeacon

@@ -0,0 +1,25 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+
+USE_PROCD=1
+PROG=/usr/sbin/ibeacon
+
+service_triggers() {
+	procd_add_reload_trigger btle
+}
+
+start_service() {
+	config_load btle
+	config_get enable ibeacon enable 0
+	config_get uuid ibeacon uuid 0
+	config_get major ibeacon major 0
+	config_get minor ibeacon minor 0
+
+	[ "$enable" -eq 1 ] || return
+
+	procd_open_instance
+	procd_set_param command "$PROG" 200 "${uuid}" "${major}" "${minor}" -29
+	procd_set_param respawn
+	procd_close_instance
+}

feeds/bluetooth/ubtled/Makefile

@@ -0,0 +1,32 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ubtled
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL=https://github.com/blogic/ubtled.git
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2022-10-31
+PKG_SOURCE_VERSION:=7e01ab86c562fc8ab3777d04e60b8dce596a4c5f
+
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+PKG_LICENSE:=GPL-2.0
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/ubtled
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=OpenWrt BTLE daemon
+  DEPENDS:=+libubox +libubus +bluez-libs
+endef
+
+define Package/ubtled/install
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/{config,init.d,uci-defaults}
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ubtled $(1)/usr/sbin/
+	$(INSTALL_BIN) ./files/ubtled.init $(1)/etc/init.d/ubtled
+	$(INSTALL_DATA) ./files/btle.config $(1)/etc/config/btle
+	$(INSTALL_DATA) ./files/99-btle $(1)/etc/uci-defaults/
+endef
+
+$(eval $(call BuildPackage,ubtled))

feeds/bluetooth/ubtled/files/99-btle

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+cat >> /etc/bluetooth/main.conf <<EOF
+[General]
+Name = TIP AP
+[GATT]
+[Policy]
+EOF

feeds/bluetooth/ubtled/files/btle.config

@@ -0,0 +1,11 @@
+config ubtled ubtled
+	option enable		0
+
+config bluetooth_6lowpand bluetooth_6lowpand
+	option enable		0
+
+config ubtled ibeacon
+	option enable		0
+	option uuid		0
+	option major		0
+	option minor		0

feeds/bluetooth/ubtled/files/ubtled.init

@@ -0,0 +1,24 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+
+USE_PROCD=1
+PROG=/usr/sbin/ubtled
+
+service_triggers() {
+	procd_add_reload_trigger btle
+}
+
+start_service() {
+	config_load btle
+	config_get enable ubtled enable 0
+
+	[ "$enable" -eq 1 ] || return
+
+	hciconfig hci0 up
+
+	procd_open_instance
+	procd_set_param command "$PROG"
+	procd_set_param respawn
+	procd_close_instance
+}

feeds/facebook/fbwifi/Makefile

@@ -0,0 +1,56 @@
+# Copyright (c) Facebook, Inc. and its affiliates.
+# All rights reserved.
+#
+# This source code is licensed under the license found in the
+# LICENSE file in the root directory of this source tree.
+#
+
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fbwifi
+PKG_VERSION:=2
+PKG_RELEASE:=0
+PKG_LICENSE:=GPL-2.0
+
+PKG_MAINTAINER:=Simon Kinane <skinane@fb.com>
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fbwifi
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+iptables +luasec +luasocket \
+	+luci-base +libuci-lua +luaposix \
+	+luci-mod-network +luci-mod-status +luci-theme-bootstrap \
+	+lua-cjson +uhttpd
+  TITLE:=Facebook Wi-Fi
+  PKGARCH:=all
+endef
+
+define Package/fbwifi/description
+  Facebook Wi-Fi, an AP authorisation solution
+endef
+
+define Package/fbwifi/conffiles
+/etc/config/fbwifi
+endef
+
+define Build/Prepare
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/fbwifi/install
+	$(INSTALL_DIR) $(1)
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fbwifi))

feeds/facebook/fbwifi/README.md

@@ -0,0 +1,55 @@
+# Facebook Wi-Fi v2.0 Reference Implementation for OpenWrt 
+
+## Getting started
+
+Case studies for OEM customers are available at the official page of [Facebook Wi-Fi](https://www.facebook.com/facebook-wifi).
+
+For OEM engineers, start by reading the init script in [files/etc/init.d/fbwifi](https://github.com/facebookincubator/fbc_owrt_feed/blob/master/fbwifi/files/etc/init.d/fbwifi)
+
+## Contents
+
+The 'files' subdirectory contains all the configuration, script and code 
+that implements the Facebook Wi-Fi v2.0 standard for OpenWrt.
+
+The folder structure follows *nix conventions :
+- 'etc' is the boot time scripts and configuration
+- 'usr' contains procedural scripts, lua common code module and GUI prototype for luci
+- 'www' contains the HTTP endpoints as CGI handlers 
+
+```
+files/
+├── etc
+│   ├── config
+│   │   └── fbwifi
+│   ├── hotplug.d
+│   │   └── iface
+│   │       └── 50-fbwifi
+│   ├── init.d
+│   │   └── fbwifi
+├── usr
+│   ├── lib
+│   │   └── lua
+│   │       ├── fbwifi.lua
+│   │       └── luci
+│   │           ├── controller
+│   │           │   └── fbwifi.lua
+│   │           └── view
+│   │               └── fbwifi.htm
+│   ├── sbin
+│   │   ├── fbwifi
+│   │   ├── fbwifi_debug_dump
+│   │   ├── fbwifi_gateway_info_update
+│   │   ├── fbwifi_get_config
+│   │   └── fbwifi_validate_token_db
+│   └── share
+│       └── fbwifi
+│           ├── firewall.include
+│           └── uhttpd.json
+└── www
+    └── cgi-bin
+        └── fbwifi
+            └── v2.0
+                ├── auth
+                ├── capport
+                └── info
+```

feeds/facebook/fbwifi/files/etc/config/fbwifi

@@ -0,0 +1,6 @@
+config fbwifi 'main'
+	option enabled '0'
+	option gateway_token 'FBWIFI:GATEWAY|123456789|0123456789|abcdeABCDE123456789'
+	option http_port '2060'
+	option https_port '2061'
+	option zone 'lan'

feeds/facebook/fbwifi/files/etc/hotplug.d/iface/50-fbwifi

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+[ "$ACTION" = ifup ] || exit 0
+
+/etc/init.d/fbwifi enabled || exit 0
+
+ip route get fibmatch 1.1.1.1 | grep -q "$DEVICE" || exit 0
+
+logger -t fbwifi "Reloading fbwifi due to $ACTION of $INTERFACE ($DEVICE)"
+/etc/init.d/fbwifi restart

feeds/facebook/fbwifi/files/etc/init.d/fbwifi

@@ -0,0 +1,43 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+
+USE_PROCD=1
+
+reload_service() {
+	restart
+}
+
+service_triggers() {
+	procd_add_reload_trigger fbwifi
+}
+
+start_service() {
+
+	config_load fbwifi
+	config_get_bool enabled 'main' 'enabled' '0'
+	[ "$enabled" -eq 0 ] && return
+
+	config_get http_port main http_port
+	[ -z "$http_port" ] && {
+		logger -t fbwifi "required option http_port not set"
+		exit 1
+	}
+
+	config_get https_port main https_port
+	[ -z "$https_port" ] && {
+		logger -t fbwifi "required option https_port not set"
+		exit 1
+	}
+
+	logger "[fbwifi] Enabled; starting"
+
+	mkdir -p /tmp/fbwifi
+
+	/usr/sbin/fbwifi reload
+
+	procd_open_instance
+	procd_set_param command /usr/sbin/fbwifi_validate_token_db
+	procd_set_param respawn 1 300 0
+	procd_close_instance
+}

feeds/facebook/fbwifi/files/usr/lib/lua/fbwifi.lua

@@ -0,0 +1,153 @@
+-- FBWIFI Lua library
+-- function table
+local fbwifi = {}
+
+local http = require("ssl.https")
+local json = require("cjson")
+local log = require("posix.syslog")
+local uci = require("uci")
+
+function fbwifi.gateway_token()
+
+	state = uci.cursor(nil, "/var/state")
+	token = state:get("fbwifi", "main", "gateway_token")
+	if token and string.len(token) > 0 then
+		return token
+	else
+		log.syslog( log.LOG_WARNING, "[fbwifi] UCI option fbwifi.main.gateway_token is missing" )
+		return nil
+	end 
+end
+
+function fbwifi.validate_token( token )
+
+	local valid = false
+
+	if string.len(token or '' ) > 0 then
+
+	        GATEWAY_TOKEN = fbwifi.gateway_token()
+
+	        URL="https://api.fbwifi.com/v2.0/token"
+	        BODY="token="..token
+	        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+	        if code==200 then
+	                valid = true
+	        else
+	                log.syslog(log.LOG_WARNING, "[fbwifi] validate_token:"..body)
+	        end
+
+	end
+
+	return valid
+end
+
+local mac_to_purge=''
+function remove_client_by_mac(client)
+	state = uci.cursor(nil, "/var/state")
+
+	for key, value in pairs(client) do
+		if
+			key == 'mac' and
+			value == mac_to_purge
+		then
+			log.syslog(log.LOG_INFO, string.format("[fbwifi] Purging DB entry %s for MAC %s", client['.name'] or 'unknown', mac_to_purge) )
+			state:delete("fbwifi", client['.name'])
+			return
+		end
+	end
+end
+
+function fbwifi.instate_client_rule( token, client_mac )
+
+	log.syslog(log.LOG_INFO, "[fbwifi] Validating client "..client_mac)
+
+	state = uci.cursor(nil, "/var/state")
+	state_name = "token_" .. token
+
+	RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
+	RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
+	local RULE
+
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] Cleaning DB for MAC %s", client_mac) )
+	mac_to_purge = client_mac
+	state:foreach("fbwifi", "client", remove_client_by_mac)
+	
+		
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] Adding DB entry %s for MAC %s", state_name, client_mac) )
+	state:set("fbwifi", state_name, "client")
+	state:set("fbwifi", state_name, "token", token)
+	state:set("fbwifi", state_name, "mac", client_mac)
+	state:set("fbwifi", state_name, "authenticated", "true")
+				
+	-- verify a rule exists for the given client MAC, 
+	--   OR install it
+	RULE=string.format(RULE_COND.." || "..RULE_FMT, client_mac, "A", client_mac)
+
+	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Opening iptables for %s", client_mac ) )
+	res = os.execute(RULE)
+	if res ~= 0 then 
+		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
+	end
+	log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
+	
+	state:save('fbwifi')
+end
+
+function fbwifi.revoke_client_rule( token )
+        
+        if (token == nil) then
+                log.syslog(log.LOG_INFO, "[fbwifi] Invalidating token, but token is Nil")
+                return
+        end
+
+	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Invalidating token (%s)", token) )
+
+	state = uci.cursor(nil, "/var/state")
+	state_name = "token_" .. token
+	
+	client_mac = state:get("fbwifi", state_name, "mac")
+
+	if client_mac then
+		RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
+		RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
+
+		-- verify a rule exists for the given client MAC, 
+		--  AND delete it
+		RULE=string.format(RULE_COND.." && "..RULE_FMT, client_mac, "D", client_mac)
+
+		res = os.execute(RULE)
+		if res ~= 0 then 
+			log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
+		end
+		log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
+
+		state:delete("fbwifi", state_name)
+		state:save('fbwifi')
+	else
+		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Client MAC not found in DB (%s)", state_name ) )
+	end
+end
+
+function fbwifi.reset()
+
+	local success = false
+        GATEWAY_TOKEN = fbwifi.gateway_token()
+        URL="https://api.fbwifi.com/v2.0/gateway/reset"
+	BODY="{}"
+        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+        if code==200 then
+                log.syslog(log.LOG_INFO, "[fbwifi] Reset committed")
+                success = true
+        else
+                log.syslog(log.LOG_WARNING, "[fbwifi] Reset failed : "..body)
+        end
+
+	return success
+end
+
+--
+-- Return the function table to the host script
+--
+return fbwifi

feeds/facebook/fbwifi/files/usr/lib/lua/luci/controller/fbwifi.lua

@@ -0,0 +1,12 @@
+-- Copyright 
+-- Licensed to the public under the GNU General Public License v2.
+
+module("luci.controller.fbwifi", package.seeall)
+
+sys = require "luci.sys"
+ut = require "luci.util"
+
+function index()
+    entry({"admin", "network", "fbwifi"}, template("fbwifi"), "Facebook Wi-Fi", 90).dependent=false
+end
+

feeds/facebook/fbwifi/files/usr/lib/lua/luci/view/fbwifi.htm

@@ -0,0 +1,16 @@
+<%#
+ Copyright
+ Licensed to the public under the GNU General Public License v2.
+-%>
+
+<%+header%>
+
+<h1>Facebook Wi-Fi</h1>
+<%
+	require("uci")
+	state = uci.cursor(nil, "/var/state")
+	url = state:get("fbwifi", "main", "captive_portal_config_url")
+%>
+<a href="<% print(url) %>">Configure FB business page</a>
+
+<%+footer%>

feeds/facebook/fbwifi/files/usr/sbin/fbwifi

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+case "$1" in
+disable)
+	uci set fbwifi.main.enabled=0
+
+	uci delete firewall.fbwifi
+
+	uci delete uhttpd.fbwifi_redirect
+
+	uci delete uhttpd.main.json_script
+	uci set uhttpd.main.cert='/etc/uhttpd.crt'
+	uci set uhttpd.main.key='/etc/uhttpd.key'
+	uci set uhttpd.main.rfc1918_filter=1
+	;;
+enable)
+	uci set fbwifi.main.enabled=1
+
+	uci set firewall.fbwifi=include
+	uci set firewall.fbwifi.enabled=1
+	uci set firewall.fbwifi.family=ipv4
+	uci set firewall.fbwifi.path=/usr/share/fbwifi/firewall.include
+	uci set firewall.fbwifi.reload=1
+	uci set firewall.fbwifi.type=script
+
+	uci set uhttpd.fbwifi_redirect=uhttpd
+	uci set uhttpd.fbwifi_redirect.enabled=1
+	uci set uhttpd.fbwifi_redirect.cert='/tmp/fbwifi/https_server_cert'
+	uci set uhttpd.fbwifi_redirect.json_script='/tmp/fbwifi/uhttpd-redirect.json'
+	uci set uhttpd.fbwifi_redirect.key='/tmp/fbwifi/https_server_key'
+	uci set uhttpd.fbwifi_redirect.listen_http='0.0.0.0:2060'
+	uci set uhttpd.fbwifi_redirect.listen_https='0.0.0.0:2061'
+
+	uci set uhttpd.main.cert='/tmp/fbwifi/https_server_cert'
+	uci set uhttpd.main.json_script='/usr/share/fbwifi/uhttpd.json'
+	uci set uhttpd.main.key='/tmp/fbwifi/https_server_key'
+	uci set uhttpd.main.rfc1918_filter=0
+	;;
+reload)
+	/usr/sbin/fbwifi_get_config
+
+	login_url=$(uci -p /var/state get fbwifi.main.captive_portal_url)
+	[ -z "$login_url" ] && {
+		logger -t fbwifi "captive_portal_url not available yet"
+		exit 1
+	}
+	printf '{ "request": [ ["redirect", "%s", 302] ] }' "$login_url" > /tmp/fbwifi/uhttpd-redirect.json
+
+	/etc/init.d/uhttpd restart
+
+	exit 0
+	;;
+esac
+
+uci commit
+/etc/init.d/uhttpd restart
+reload_config

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_debug_dump

@@ -0,0 +1,8 @@
+echo -e "Runtime configuration and token DB\n"
+uci -p /var/state export fbwifi
+
+echo -e "\nDynamic firewall flow rules\n"
+iptables -t mangle -L FBWIFI_CLIENT_TO_INTERNET
+
+echo -e "\nDHCP leases\n"
+cat /tmp/dhcp.leases

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_gateway_info_update

@@ -0,0 +1,38 @@
+#!/usr/bin/lua
+
+http = require("ssl.https")
+json = require("cjson")
+log = require("posix.syslog")
+socket = require("socket")
+require("uci")
+fbwifi = require("fbwifi")
+
+GATEWAY_TOKEN = fbwifi.gateway_token()
+state = uci.cursor(nil, "/var/state")
+
+payload="name="..socket.dns.gethostname()
+
+function queue_ssid_update(iface)
+	bssid_file="/sys/class/net/br-"..iface["network"].."/address"
+	local file = io.open(bssid_file)
+        if file then
+            for line in file:lines() do
+		payload=payload.."&bssid[]="..line
+            end
+	    payload=payload.."ssid[]="..iface["ssid"]
+        else
+	    log.syslog(log.LOG_WARNING, "[fbwifi] Failed to find BSSID for interface br-"..iface["network"])
+        end
+end
+
+state:foreach("wireless", "wifi-iface", queue_ssid_update)
+
+URL="https://api.fbwifi.com/v2.0/gateway"
+body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, payload)
+if code == 200 then 
+	log.syslog(log.LOG_INFO, "[fbwifi] gateway information updated "..body)
+	os.exit(0)
+else
+	log.syslog(log.LOG_WARNING, "[fbwifi] gateway API failed "..body)
+	os.exit(code)
+end

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_get_config

@@ -0,0 +1,106 @@
+#!/usr/bin/lua
+http = require("ssl.https")
+json = require("cjson")
+require("uci")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+http_port = uci.get("fbwifi.main.http_port")
+https_port = uci.get("fbwifi.main.https_port")
+
+state = uci.cursor(nil, "/var/state")
+
+URL="https://api.fbwifi.com/v2.0/gateway"
+body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN.."&fields=config,config_version")
+
+if code == 200 then
+	log.syslog(log.LOG_INFO, "[fbwifi] Got gateway config ("..code..")")
+else
+	log.syslog(log.LOG_CRIT, "[fbwifi] Failed to get gateway config ("..code..")")
+	os.exit(1)
+end
+
+obj = json.decode(body)
+
+function save_cert(name, value)
+	log.syslog(log.LOG_INFO, "[fbwifi] Saving cert "..name)
+	local f = assert(io.open("/tmp/fbwifi/"..name, "w"))
+	f:write(value)
+	f:close()
+end
+
+function process_redirect(ix, host)
+	IP_SET = "ip addr replace dev lo "..host
+	local result = os.execute(IP_SET)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Redirect address applied "..host)
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to apply redirect address "..host)
+	end
+
+	ip = string.match(host, '([0-9\.]*)/([0-9]*)')
+	RULE_FMT="grep -q \"%s\" /etc/hosts || echo \"%s\tstar.fbwifigateway.net\" >> /etc/hosts"
+	HOSTS_RULE = string.format(RULE_FMT, ip, ip)
+	result = os.execute(HOSTS_RULE)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Cached redirect host for DNS")
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to amend /etc/hosts")
+		log.syslog(log.LOG_INFO, "[fbwifi] "..HOSTS_RULE)
+	end
+
+	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 80 -d "..ip.." -j ACCEPT # REDIRECT --to-ports "..http_port)
+	--print(result)
+	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 443 -d "..ip.."  -j ACCEPT # REDIRECT --to-ports "..https_port)
+	--print(result)
+end
+
+save_cert("https_server_cert", obj['config']['https_server_cert'])
+save_cert("https_server_key", obj['config']['https_server_key'])
+
+result = os.execute("iptables -t nat -F FBWIFI_HOST_REDIRLIST")
+--print(result)
+table.foreach(obj['config']['host_redirect_ips'], process_redirect)
+
+RULE_FORMAT = "iptables -t mangle -A FBWIFI_TRAFFIC_ALLOWLIST -d %s -p %s --dport %s -j MARK --set-mark 0xfb"
+function process_traffic_rule(ix, rule)
+	log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
+	
+	if rule["protocol"] == 6 then
+		PROTO = "tcp"
+	elseif rule["protocol"] == 17 then
+		PROTO = "udp"
+	end
+	RULE = string.format(RULE_FORMAT, rule["ip"], PROTO, rule["port"])
+	local result = os.execute(RULE)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to install traffic rule ; "..RULE)
+	end
+end
+
+local cross_origin_list = {}
+function process_cross_origin_rule(ix, url)
+	log.syslog(log.LOG_INFO, "[fbwifi] Cross origin rule "..url)
+	table.insert(cross_origin_list, url)
+end
+
+function process_url(url_purpose, fqdn)
+	log.syslog(log.LOG_INFO, "[fbwifi] Caching "..url_purpose)
+	state:set("fbwifi", "main", url_purpose, fqdn)	
+end
+
+state:set("fbwifi", "main", "config")
+
+result = os.execute("iptables -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST ")
+--print(result)
+table.foreach(obj['config']['traffic_allowlist'], process_traffic_rule)
+table.foreach(obj['config']['cross_origin_allowlist'], process_cross_origin_rule)
+table.foreach(obj['config']['urls'], process_url)
+state:set("fbwifi", "main", "cross_origin_allow_rules", cross_origin_list)
+
+state:set("fbwifi", "main", "config_version", obj['config_version'])
+state:save('fbwifi')

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_validate_token_db

@@ -0,0 +1,75 @@
+#!/usr/bin/lua
+
+https = require("ssl.https")
+json = require("cjson")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+require("uci")
+
+state = uci.cursor(nil, "/var/state")
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+request = { 
+	tokens = {}, 
+	traffic_type = "total",
+	config_version = state:get("fbwifi", "main", "config_version")
+}
+
+function queue_token(client)
+
+	request.tokens[client.token]={
+		incoming = json.null,
+		outgoing = json.null,
+		connected_time_sec = json.null,
+		inactive_time_sec = json.null,
+		signal_rssi_dbm = json.null,
+		--expected_tpus_mbps = json.null,
+		is_connected = true
+	}
+
+end
+
+state:foreach("fbwifi", "client", queue_token)
+print( "\nRequest:\n"..json.encode(request) )
+
+URL="https://api.fbwifi.com/v2.0/tokens"
+BODY=string.format(
+	"tokens=%s&traffic_type=%s&config_version=%s",
+	json.encode(request.tokens),
+	"'total'",
+	state:get("fbwifi", "main", "config_version")
+)
+
+body, code, headers = https.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+if code then
+	print( "\nResponse:\n"..body )
+end
+
+response = json.decode(body)
+--print(response)
+--table.foreach(response,print)
+--table.foreach(response.tokens,print)
+
+if response.config_valid then
+	log.syslog(log.LOG_INFO, "[fbwifi] Config validated")
+else
+	log.syslog(log.LOG_WARNING, "[fbwifi] config is stale, refreshing config")
+        local result = os.execute("/usr/sbin/fbwifi reload")
+        if result == 0 then
+                log.syslog(log.LOG_INFO, "[fbwifi] successfully fetched and loaded new config ")
+        else
+                log.syslog(log.LOG_WARNING, "[fbwifi] failed to fetch and load new config, possible stale config")
+        end
+end
+
+function process_token(token, metadata)
+	table.foreach(metadata,print)
+	if metadata.valid then
+		print("OK: "..token)	
+	else
+		print("Nok: "..token)	
+		fbwifi.revoke_client_rule( token )
+	end
+end
+table.foreach(response.tokens,process_token)

feeds/facebook/fbwifi/files/usr/share/fbwifi/firewall.include

@@ -0,0 +1,67 @@
+#!/bin/sh
+
+IPT4="/usr/sbin/iptables"
+
+fbwifi_http_port="$(uci get fbwifi.main.http_port)"
+[ -n "$fbwifi_http_port" ] || {
+	logger -t fbwifi "required option http_port not set"
+	exit 1
+}
+
+fbwifi_https_port="$(uci get fbwifi.main.https_port)"
+[ -n "$fbwifi_https_port" ] || {
+	logger -t fbwifi "required option https_port not set"
+	exit 1
+}
+
+fbwifi_zone="$(uci get fbwifi.main.zone)"
+[ -n "$fbwifi_zone" ] || {
+	logger -t fbwifi "required option zone  not set"
+	exit 1
+}
+
+fbwifi_ifaces="$(fw3 -q zone "$fbwifi_zone")"
+
+## Create custom chains
+$IPT4 -t filter -N FBWIFI_FORWARD 2>/dev/null
+$IPT4 -t filter -N FBWIFI_INPUT 2>/dev/null
+$IPT4 -t mangle -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
+$IPT4 -t mangle -N FBWIFI_PREROUTING 2>/dev/null
+$IPT4 -t mangle -N FBWIFI_TRAFFIC_ALLOWLIST 2>/dev/null
+$IPT4 -t nat -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
+$IPT4 -t nat -N FBWIFI_PREROUTING 2>/dev/null
+$IPT4 -t nat -N FBWIFI_HOST_REDIRLIST 2>/dev/null
+
+## Flush custom chains
+$IPT4 -t filter -F FBWIFI_FORWARD
+$IPT4 -t filter -F FBWIFI_INPUT
+$IPT4 -t mangle -F FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t mangle -F FBWIFI_PREROUTING
+$IPT4 -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST
+$IPT4 -t nat -F FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t nat -F FBWIFI_PREROUTING
+$IPT4 -t nat -F FBWIFI_HOST_REDIRLIST
+
+## Populate custom chains
+$IPT4 -t filter -A FBWIFI_FORWARD -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+$IPT4 -t filter -A FBWIFI_FORWARD -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+$IPT4 -t filter -A FBWIFI_FORWARD -j REJECT
+$IPT4 -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_http_port" -m conntrack --ctstate NEW -j ACCEPT
+$IPT4 -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_https_port"  -m conntrack --ctstate NEW -j ACCEPT
+$IPT4 -t mangle -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t mangle -A FBWIFI_PREROUTING -j FBWIFI_TRAFFIC_ALLOWLIST
+$IPT4 -t nat -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j REDIRECT --to-ports "$fbwifi_http_port"
+
+## Hook custom chains in firewall3 chains
+$IPT4 -t filter -I "zone_${fbwifi_zone}_input" 2 -j FBWIFI_INPUT
+$IPT4 -t filter -I "zone_${fbwifi_zone}_forward" 2 -j FBWIFI_FORWARD
+$IPT4 -t nat -I "zone_${fbwifi_zone}_prerouting" 2 -j FBWIFI_PREROUTING
+# There are no firewall3 zone chains in the mangle table so we need to do this for all interfaces in the zone
+for iface in $fbwifi_ifaces; do
+	$IPT4 -t mangle -I PREROUTING -i "$iface" -j FBWIFI_PREROUTING
+done

feeds/facebook/fbwifi/files/usr/share/fbwifi/uhttpd.json

@@ -0,0 +1,8 @@
+{
+  "request": [
+    [ "if",
+      [ "regex", "REQUEST_URI", "^/fbwifi" ],
+      [ "rewrite", "/cgi-bin%REQUEST_URI%" ]
+    ]
+  ]
+}

feeds/facebook/fbwifi/files/www/cgi-bin/fbwifi/v2.0/auth

@@ -0,0 +1,69 @@
+#!/usr/bin/lua
+require("uci")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+
+state = uci.cursor(nil, "/var/state")
+function process_cors()
+	origin = os.getenv("HTTP_ORIGIN")
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] [auth] process_cors origin %s", origin or 'not found') )
+	if string.len(origin or '') > 0 then
+		allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
+		for _, value in pairs(allow_list) do
+    			if value == origin then
+				log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors Appending CORS Headers to HTTP")
+				print("Access-Control-Allow-Origin: "..origin)
+				print("Vary: Origin")
+				break
+			end
+		end
+	else	
+		log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors No CORS Headers added to Response")
+	end
+end
+
+method = os.getenv("REQUEST_METHOD")
+if method == 'GET' then
+	log.syslog(log.LOG_INFO, "[fbwifi] [auth] GET handler")
+	print("Status: 302")
+	print("Location: "..state:get("fbwifi", "main", "landing_page_url"))
+	process_cors()
+	print ('\n')
+
+elseif method == 'POST' then
+	local token
+	
+	log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler")
+	process_cors()
+	print("Status: 200")
+
+	form_data=io.read()
+	while form_data do
+		token = string.match(form_data, '[%d]+')
+		if string.len(token or '') > 14 then
+
+			client = os.getenv("REMOTE_ADDR")
+			f = io.popen("awk '/"..client.."/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+			client_mac = assert(f:read('*a'))
+
+			if fbwifi.validate_token(token) then
+                                log.syslog(log.LOG_INFO, string.format( "[fbwifi] [auth] POST handler : Validating Token (%s) for MAC (%s)", token or 'nil', client_mac or 'nil') )
+				fbwifi.instate_client_rule(token, client_mac)
+				print("\n{\"valid\":true}\n")
+			else
+                                log.syslog(log.LOG_WARNING, string.format( "[fbwifi] [auth] POST handler : ! Invalid token (%s) for mac (%s) !", token or 'nil', client_mac or 'nil') )
+				fbwifi.revoke_client_rule(token)
+				print("\n{\"valid\":false}\n")
+			end
+			log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler completed")
+			return
+		end
+
+		form_data=io.read()
+	end
+	print ('\n')
+
+	log.syslog(log.LOG_WARNING, string.format("[fbwifi] [auth] POST handler : token not found" ))
+	fbwifi.revoke_client_rule(token)
+	print("\n{\"valid\":false}\n")
+end

feeds/facebook/fbwifi/files/www/cgi-bin/fbwifi/v2.0/capport

@@ -0,0 +1,41 @@
+#!/usr/bin/lua
+json = require("cjson")
+require("uci")
+
+state = uci.cursor(nil, "/var/state")
+client_mac = ""
+token = ""
+
+response = {}
+response['venue-info-url'] = state:get("fbwifi", "main", "capport_venue_info_url")
+
+function map_remote_mac_to_token(client)
+        for key, value in pairs(client) do
+                if
+                        key == 'mac' and
+                        value == client_mac
+                then
+			token = client.token
+                        return false
+                end
+        end
+end
+
+function hasValidToken(client_ip)
+	f = io.popen("awk '/"..client_ip.."/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+	client_mac = assert(f:read('*a'))
+	state:foreach("fbwifi", "client", map_remote_mac_to_token)
+
+	return 0 < string.len(token)
+end
+
+print("Content-type: application/captive+json; charset=utf-8\n")
+
+client = os.getenv("REMOTE_ADDR")
+response['captive'] = not hasValidToken(client)
+
+if response['captive'] then
+	response['user-portal-url'] = state:get("fbwifi", "main", "captive_portal_url")
+end
+
+print( json.encode(response) )

feeds/facebook/fbwifi/files/www/cgi-bin/fbwifi/v2.0/info

@@ -0,0 +1,58 @@
+#!/usr/bin/lua
+require "luci.cacheloader"
+require "luci.sgi.cgi"
+json = require("cjson")
+fbwifi = require("fbwifi")
+
+state = uci.cursor(nil, "/var/state")
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+response = { api_version = "2.0", token = json.null }
+client_mac = ""
+
+function process_cors()
+        origin = os.getenv("HTTP_ORIGIN")
+        if string.len(origin or '') > 0 then
+                allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
+                for _, value in pairs(allow_list) do
+                        if value == origin then
+                                print("Access-Control-Allow-Origin: "..origin)
+                                print("Vary: Origin")
+                                break
+                        end
+                end
+        end
+end
+
+function map_remote_mac_to_token(client)
+
+	for key, value in pairs(client) do
+		if
+			key == 'mac' and
+			value == client_mac
+		then
+			response.token = client.token
+			return false -- escape outer loop
+		end
+	end
+end
+
+function getClientToken(client_ip)
+	f = io.popen("awk '/"..client_ip.."/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+	client_mac = assert(f:read('*a'))
+
+	state:foreach("fbwifi", "client", map_remote_mac_to_token)
+end
+
+function getGatewayId()
+	id = string.match(GATEWAY_TOKEN, 'FBWIFI:GATEWAY|[0-9]*|([0-9]*)')
+	return id
+end
+
+process_cors()
+print("Content-type: application/json; charset=utf-8\n")
+
+getClientToken(os.getenv("REMOTE_ADDR"))
+response.gateway_id = getGatewayId()
+
+print( json.encode(response) )

feeds/hostapd/hostapd/Config.in

@@ -1,108 +0,0 @@
-# wpa_supplicant config
-config WPA_RFKILL_SUPPORT
-	bool "Add rfkill support"
-	depends on PACKAGE_wpa-supplicant || \
-		   PACKAGE_wpa-supplicant-openssl || \
-		   PACKAGE_wpa-supplicant-wolfssl || \
-		   PACKAGE_wpa-supplicant-mbedtls || \
-		   PACKAGE_wpa-supplicant-mesh-openssl || \
-		   PACKAGE_wpa-supplicant-mesh-wolfssl || \
-		   PACKAGE_wpa-supplicant-mesh-mbedtls || \
-		   PACKAGE_wpa-supplicant-basic || \
-		   PACKAGE_wpa-supplicant-mini || \
-		   PACKAGE_wpa-supplicant-p2p || \
-		   PACKAGE_wpad || \
-		   PACKAGE_wpad-openssl || \
-		   PACKAGE_wpad-wolfssl || \
-		   PACKAGE_wpad-mbedtls || \
-		   PACKAGE_wpad-basic || \
-		   PACKAGE_wpad-basic-openssl || \
-		   PACKAGE_wpad-basic-wolfssl || \
-		   PACKAGE_wpad-basic-mbedtls || \
-		   PACKAGE_wpad-mini || \
-		   PACKAGE_wpad-mesh-openssl || \
-		   PACKAGE_wpad-mesh-wolfssl || \
-		   PACKAGE_wpad-mesh-mbedtls
-	default n
-
-config WPA_MSG_MIN_PRIORITY
-	int "Minimum debug message priority"
-	depends on PACKAGE_wpa-supplicant || \
-		   PACKAGE_wpa-supplicant-openssl || \
-		   PACKAGE_wpa-supplicant-wolfssl || \
-		   PACKAGE_wpa-supplicant-mbedtls || \
-		   PACKAGE_wpa-supplicant-mesh-openssl || \
-		   PACKAGE_wpa-supplicant-mesh-wolfssl || \
-		   PACKAGE_wpa-supplicant-mesh-mbedtls || \
-		   PACKAGE_wpa-supplicant-basic || \
-		   PACKAGE_wpa-supplicant-mini || \
-		   PACKAGE_wpa-supplicant-p2p || \
-		   PACKAGE_wpad || \
-		   PACKAGE_wpad-openssl || \
-		   PACKAGE_wpad-wolfssl || \
-		   PACKAGE_wpad-mbedtls || \
-		   PACKAGE_wpad-basic || \
-		   PACKAGE_wpad-basic-openssl || \
-		   PACKAGE_wpad-basic-wolfssl || \
-		   PACKAGE_wpad-basic-mbedtls || \
-		   PACKAGE_wpad-mini || \
-		   PACKAGE_wpad-mesh-openssl || \
-		   PACKAGE_wpad-mesh-wolfssl || \
-		   PACKAGE_wpad-mesh-mbedtls
-	default 3
-	help
-	  Useful values are:
-	    0 = all messages
-		1 = raw message dumps
-		2 = most debugging messages
-		3 = info messages
-		4 = warnings
-		5 = errors
-
-config WPA_WOLFSSL
-	bool
-	default PACKAGE_wpa-supplicant-wolfssl ||\
-	        PACKAGE_wpad-wolfssl ||\
-	        PACKAGE_wpad-basic-wolfssl || \
-	        PACKAGE_wpad-mesh-wolfssl ||\
-	        PACKAGE_eapol-test-wolfssl
-	select WOLFSSL_HAS_AES_CCM
-	select WOLFSSL_HAS_ARC4
-	select WOLFSSL_HAS_DH
-	select WOLFSSL_HAS_OCSP
-	select WOLFSSL_HAS_SESSION_TICKET
-	select WOLFSSL_HAS_WPAS
-
-config DRIVER_11AC_SUPPORT
-	bool
-	default n
-
-config DRIVER_11AX_SUPPORT
-	bool
-	default n
-	select WPA_MBO_SUPPORT
-
-config WPA_ENABLE_WEP
-	bool "Enable support for unsecure and obsolete WEP"
-	help
-	  Wired equivalent privacy (WEP) is an obsolete cryptographic data
-	  confidentiality algorithm that is not considered secure. It should not be used
-	  for anything anymore. The functionality needed to use WEP is available in the
-	  current hostapd release under this optional build parameter and completely
-	  removed in a future release.
-
-config WPA_MBO_SUPPORT
-	bool "Multi Band Operation (Agile Multiband)"
-	default PACKAGE_wpa-supplicant || \
-		PACKAGE_wpa-supplicant-openssl || \
-		PACKAGE_wpa-supplicant-wolfssl || \
-		PACKAGE_wpa-supplicant-mbedtls || \
-		PACKAGE_wpad || \
-		PACKAGE_wpad-openssl || \
-		PACKAGE_wpad-wolfssl || \
-		PACKAGE_wpad-mbedtls
-	help
-	  Multi Band Operation aka (Agile Multiband) enables features
-	  that facilitate efficient use of multiple frequency bands.
-	  Enabling MBO on an AP using RSN requires 802.11w to be enabled.
-	  Hostapd will refuse to start if MBO and RSN are enabled without 11w.

feeds/hostapd/hostapd/Makefile

@@ -1,851 +0,0 @@
-# SPDX-License-Identifier: GPL-2.0-only
-#
-# Copyright (C) 2006-2021 OpenWrt.org
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=hostapd
-PKG_RELEASE:=4
-
-PKG_SOURCE_URL:=http://w1.fi/hostap.git
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2023-09-08
-PKG_SOURCE_VERSION:=e5ccbfc69ecf297590341ae8b461edba9d8e964c
-PKG_MIRROR_HASH:=4d71097b8e3b91b5c21c2bba7a1e68415bd21d972fddbffa9ef130877d81b347
-
-PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
-PKG_LICENSE:=BSD-3-Clause
-PKG_CPE_ID:=cpe:/a:w1.fi:hostapd
-
-PKG_BUILD_PARALLEL:=1
-PKG_ASLR_PIE_REGULAR:=1
-
-PKG_CONFIG_DEPENDS:= \
-	CONFIG_PACKAGE_hostapd \
-	CONFIG_PACKAGE_hostapd-basic \
-	CONFIG_PACKAGE_hostapd-mini \
-	CONFIG_WPA_RFKILL_SUPPORT \
-	CONFIG_DRIVER_11AC_SUPPORT \
-	CONFIG_DRIVER_11AX_SUPPORT \
-	CONFIG_WPA_ENABLE_WEP
-
-PKG_BUILD_FLAGS:=gc-sections lto
-
-EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
-
-SUPPLICANT_PROVIDERS:=
-HOSTAPD_PROVIDERS:=
-
-LOCAL_TYPE=$(strip \
-		$(if $(findstring wpad,$(BUILD_VARIANT)),wpad, \
-		$(if $(findstring supplicant,$(BUILD_VARIANT)),supplicant, \
-		hostapd \
-		)))
-
-LOCAL_AND_LIB_VARIANT=$(patsubst hostapd-%,%,\
-		      $(patsubst wpad-%,%,\
-		      $(patsubst supplicant-%,%,\
-		      $(BUILD_VARIANT)\
-		      )))
-
-LOCAL_VARIANT=$(patsubst %-internal,%,\
-	      $(patsubst %-openssl,%,\
-	      $(patsubst %-wolfssl,%,\
-	      $(patsubst %-mbedtls,%,\
-	      $(LOCAL_AND_LIB_VARIANT)\
-	      ))))
-
-SSL_VARIANT=$(strip \
-		$(if $(findstring openssl,$(LOCAL_AND_LIB_VARIANT)),openssl,\
-		$(if $(findstring wolfssl,$(LOCAL_AND_LIB_VARIANT)),wolfssl,\
-		$(if $(findstring mbedtls,$(LOCAL_AND_LIB_VARIANT)),mbedtls,\
-		internal\
-		))))
-
-CONFIG_VARIANT:=$(LOCAL_VARIANT)
-ifeq ($(LOCAL_VARIANT),mesh)
-  CONFIG_VARIANT:=full
-endif
-
-include $(INCLUDE_DIR)/package.mk
-
-STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_$(CONFIG_WPA_MSG_MIN_PRIORITY)
-
-ifneq ($(CONFIG_DRIVER_11AC_SUPPORT),)
-  HOSTAPD_IEEE80211AC:=y
-endif
-
-ifneq ($(CONFIG_DRIVER_11AX_SUPPORT),)
-  HOSTAPD_IEEE80211AX:=y
-endif
-
-CORE_DEPENDS = +ucode +libubus +libucode +ucode-mod-fs +ucode-mod-nl80211 +ucode-mod-rtnl +ucode-mod-ubus +ucode-mod-uloop +libblobmsg-json
-OPENSSL_DEPENDS = +PACKAGE_$(1):libopenssl +PACKAGE_$(1):libopenssl-legacy
-
-DRIVER_MAKEOPTS= \
-	CONFIG_ACS=y CONFIG_DRIVER_NL80211=y \
-	CONFIG_IEEE80211AC=$(HOSTAPD_IEEE80211AC) \
-	CONFIG_IEEE80211AX=$(HOSTAPD_IEEE80211AX) \
-	CONFIG_MBO=$(CONFIG_WPA_MBO_SUPPORT) \
-	CONFIG_UCODE=y
-
-ifeq ($(SSL_VARIANT),openssl)
-  DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
-  TARGET_LDFLAGS += -lcrypto -lssl
-
-  ifeq ($(LOCAL_VARIANT),basic)
-    DRIVER_MAKEOPTS += CONFIG_OWE=y
-  endif
-  ifeq ($(LOCAL_VARIANT),mesh)
-    DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y
-  endif
-  ifeq ($(LOCAL_VARIANT),full)
-    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
-  endif
-endif
-
-ifeq ($(SSL_VARIANT),wolfssl)
-  DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_SAE=y
-  TARGET_LDFLAGS += -lwolfssl
-
-  ifeq ($(LOCAL_VARIANT),basic)
-    DRIVER_MAKEOPTS += CONFIG_OWE=y
-  endif
-  ifeq ($(LOCAL_VARIANT),mesh)
-    DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
-  endif
-  ifeq ($(LOCAL_VARIANT),full)
-    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
-  endif
-endif
-
-ifeq ($(SSL_VARIANT),mbedtls)
-  DRIVER_MAKEOPTS += CONFIG_TLS=mbedtls CONFIG_SAE=y
-  TARGET_LDFLAGS += -lmbedcrypto -lmbedx509 -lmbedtls
-
-  ifeq ($(LOCAL_VARIANT),basic)
-    DRIVER_MAKEOPTS += CONFIG_OWE=y
-  endif
-  ifeq ($(LOCAL_VARIANT),mesh)
-    DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
-  endif
-  ifeq ($(LOCAL_VARIANT),full)
-    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
-  endif
-endif
-
-ifneq ($(LOCAL_TYPE),hostapd)
-  ifdef CONFIG_WPA_RFKILL_SUPPORT
-    DRIVER_MAKEOPTS += NEED_RFKILL=y
-  endif
-endif
-
-DRV_DEPENDS:=+libnl-tiny
-
-
-define Package/hostapd/Default
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=WirelessAPD
-  TITLE:=IEEE 802.1x Authenticator
-  URL:=http://hostap.epitest.fi/
-  DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
-  EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-r$(PKG_RELEASE))
-  USERID:=network=101:network=101
-  PROVIDES:=hostapd
-  CONFLICTS:=$(HOSTAPD_PROVIDERS)
-  HOSTAPD_PROVIDERS+=$(1)
-endef
-
-define Package/hostapd
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (built-in full)
-  VARIANT:=full-internal
-endef
-
-define Package/hostapd/description
- This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
- Authenticator.
-endef
-
-define Package/hostapd-openssl
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (OpenSSL full)
-  VARIANT:=full-openssl
-  DEPENDS+=$(OPENSSL_DEPENDS)
-endef
-
-Package/hostapd-openssl/description = $(Package/hostapd/description)
-
-define Package/hostapd-wolfssl
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (wolfSSL full)
-  VARIANT:=full-wolfssl
-  DEPENDS+=+PACKAGE_hostapd-wolfssl:libwolfssl
-endef
-
-Package/hostapd-wolfssl/description = $(Package/hostapd/description)
-
-define Package/hostapd-mbedtls
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (mbedTLS full)
-  VARIANT:=full-mbedtls
-  DEPENDS+=+PACKAGE_hostapd-mbedtls:libmbedtls
-endef
-
-Package/hostapd-mbedtls/description = $(Package/hostapd/description)
-
-define Package/hostapd-basic
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (WPA-PSK, 11r, 11w)
-  VARIANT:=basic
-endef
-
-define Package/hostapd-basic/description
- This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
-endef
-
-define Package/hostapd-basic-openssl
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (WPA-PSK, 11r and 11w)
-  VARIANT:=basic-openssl
-  DEPENDS+=+PACKAGE_hostapd-basic-openssl:libopenssl
-endef
-
-define Package/hostapd-basic-openssl/description
- This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
-endef
-
-define Package/hostapd-basic-wolfssl
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (WPA-PSK, 11r and 11w)
-  VARIANT:=basic-wolfssl
-  DEPENDS+=+PACKAGE_hostapd-basic-wolfssl:libwolfssl
-endef
-
-define Package/hostapd-basic-wolfssl/description
- This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
-endef
-
-define Package/hostapd-basic-mbedtls
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (WPA-PSK, 11r and 11w)
-  VARIANT:=basic-mbedtls
-  DEPENDS+=+PACKAGE_hostapd-basic-mbedtls:libmbedtls
-endef
-
-define Package/hostapd-basic-mbedtls/description
- This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
-endef
-
-define Package/hostapd-mini
-$(call Package/hostapd/Default,$(1))
-  TITLE+= (WPA-PSK only)
-  VARIANT:=mini
-endef
-
-define Package/hostapd-mini/description
- This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only).
-endef
-
-
-define Package/wpad/Default
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=WirelessAPD
-  TITLE:=IEEE 802.1x Auth/Supplicant
-  DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
-  EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-r$(PKG_RELEASE))
-  USERID:=network=101:network=101
-  URL:=http://hostap.epitest.fi/
-  PROVIDES:=hostapd wpa-supplicant
-  CONFLICTS:=$(HOSTAPD_PROVIDERS) $(SUPPLICANT_PROVIDERS)
-  HOSTAPD_PROVIDERS+=$(1)
-  SUPPLICANT_PROVIDERS+=$(1)
-endef
-
-define Package/wpad
-$(call Package/wpad/Default,$(1))
-  TITLE+= (built-in full)
-  VARIANT:=wpad-full-internal
-endef
-
-define Package/wpad/description
- This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
- Authenticator and Supplicant
-endef
-
-define Package/wpad-openssl
-$(call Package/wpad/Default,$(1))
-  TITLE+= (OpenSSL full)
-  VARIANT:=wpad-full-openssl
-  DEPENDS+=$(OPENSSL_DEPENDS)
-endef
-
-Package/wpad-openssl/description = $(Package/wpad/description)
-
-define Package/wpad-wolfssl
-$(call Package/wpad/Default,$(1))
-  TITLE+= (wolfSSL full)
-  VARIANT:=wpad-full-wolfssl
-  DEPENDS+=+PACKAGE_wpad-wolfssl:libwolfssl
-endef
-
-Package/wpad-wolfssl/description = $(Package/wpad/description)
-
-define Package/wpad-mbedtls
-$(call Package/wpad/Default,$(1))
-  TITLE+= (mbedTLS full)
-  VARIANT:=wpad-full-mbedtls
-  DEPENDS+=+PACKAGE_wpad-mbedtls:libmbedtls
-endef
-
-Package/wpad-mbedtls/description = $(Package/wpad/description)
-
-define Package/wpad-basic
-$(call Package/wpad/Default,$(1))
-  TITLE+= (WPA-PSK, 11r, 11w)
-  VARIANT:=wpad-basic
-endef
-
-define Package/wpad-basic/description
- This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, 802.11r and 802.11w support.
-endef
-
-define Package/wpad-basic-openssl
-$(call Package/wpad/Default,$(1))
-  TITLE+= (OpenSSL, 11r, 11w)
-  VARIANT:=wpad-basic-openssl
-  DEPENDS+=$(OPENSSL_DEPENDS)
-endef
-
-define Package/wpad-basic-openssl/description
- This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
-endef
-
-define Package/wpad-basic-wolfssl
-$(call Package/wpad/Default,$(1))
-  TITLE+= (wolfSSL, 11r, 11w)
-  VARIANT:=wpad-basic-wolfssl
-  DEPENDS+=+PACKAGE_wpad-basic-wolfssl:libwolfssl
-endef
-
-define Package/wpad-basic-wolfssl/description
- This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
-endef
-
-define Package/wpad-basic-mbedtls
-$(call Package/wpad/Default,$(1))
-  TITLE+= (mbedTLS, 11r, 11w)
-  VARIANT:=wpad-basic-mbedtls
-  DEPENDS+=+PACKAGE_wpad-basic-mbedtls:libmbedtls
-endef
-
-define Package/wpad-basic-mbedtls/description
- This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
-endef
-
-define Package/wpad-mini
-$(call Package/wpad/Default,$(1))
-  TITLE+= (WPA-PSK only)
-  VARIANT:=wpad-mini
-endef
-
-define Package/wpad-mini/description
- This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (WPA-PSK only).
-endef
-
-define Package/wpad-mesh
-$(call Package/wpad/Default,$(1))
-  DEPENDS+=@(!TARGET_uml||BROKEN)
-  PROVIDES+=wpa-supplicant-mesh wpad-mesh
-endef
-
-define Package/wpad-mesh/description
- This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
-endef
-
-define Package/wpad-mesh-openssl
-$(call Package/wpad-mesh,$(1))
-  TITLE+= (OpenSSL, 11s, SAE)
-  DEPENDS+=$(OPENSSL_DEPENDS)
-  VARIANT:=wpad-mesh-openssl
-endef
-
-Package/wpad-mesh-openssl/description = $(Package/wpad-mesh/description)
-
-define Package/wpad-mesh-wolfssl
-$(call Package/wpad-mesh,$(1))
-  TITLE+= (wolfSSL, 11s, SAE)
-  DEPENDS+=+PACKAGE_wpad-mesh-wolfssl:libwolfssl
-  VARIANT:=wpad-mesh-wolfssl
-endef
-
-Package/wpad-mesh-wolfssl/description = $(Package/wpad-mesh/description)
-
-define Package/wpad-mesh-mbedtls
-$(call Package/wpad-mesh,$(1))
-  TITLE+= (mbedTLS, 11s, SAE)
-  DEPENDS+=+PACKAGE_wpad-mesh-mbedtls:libmbedtls
-  VARIANT:=wpad-mesh-mbedtls
-endef
-
-Package/wpad-mesh-mbedtls/description = $(Package/wpad-mesh/description)
-
-
-define Package/wpa-supplicant/Default
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=WirelessAPD
-  TITLE:=WPA Supplicant
-  URL:=http://hostap.epitest.fi/wpa_supplicant/
-  DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
-  EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-r$(PKG_RELEASE))
-  USERID:=network=101:network=101
-  PROVIDES:=wpa-supplicant
-  CONFLICTS:=$(SUPPLICANT_PROVIDERS)
-  SUPPLICANT_PROVIDERS+=$(1)
-endef
-
-define Package/wpa-supplicant
-$(call Package/wpa-supplicant/Default,$(1))
-  TITLE+= (built-in full)
-  VARIANT:=supplicant-full-internal
-endef
-
-define Package/wpa-supplicant-openssl
-$(call Package/wpa-supplicant/Default,$(1))
-  TITLE+= (OpenSSL full)
-  VARIANT:=supplicant-full-openssl
-  DEPENDS+=$(OPENSSL_DEPENDS)
-endef
-
-define Package/wpa-supplicant-wolfssl
-$(call Package/wpa-supplicant/Default,$(1))
-  TITLE+= (wolfSSL full)
-  VARIANT:=supplicant-full-wolfssl
-  DEPENDS+=+PACKAGE_wpa-supplicant-wolfssl:libwolfssl
-endef
-
-define Package/wpa-supplicant-mbedtls
-$(call Package/wpa-supplicant/Default,$(1))
-  TITLE+= (mbedTLS full)
-  VARIANT:=supplicant-full-mbedtls
-  DEPENDS+=+PACKAGE_wpa-supplicant-mbedtls:libmbedtls
-endef
-
-define Package/wpa-supplicant/config
-	source "$(SOURCE)/Config.in"
-endef
-
-define Package/wpa-supplicant-p2p
-$(call Package/wpa-supplicant/Default,$(1))
-  TITLE+= (Wi-Fi P2P support)
-  VARIANT:=supplicant-p2p-internal
-endef
-
-define Package/wpa-supplicant-mesh/Default
-$(call Package/wpa-supplicant/Default,$(1))
-  DEPENDS+=@(!TARGET_uml||BROKEN)
-  PROVIDES+=wpa-supplicant-mesh
-endef
-
-define Package/wpa-supplicant-mesh-openssl
-$(call Package/wpa-supplicant-mesh/Default,$(1))
-  TITLE+= (OpenSSL, 11s, SAE)
-  VARIANT:=supplicant-mesh-openssl
-  DEPENDS+=$(OPENSSL_DEPENDS)
-endef
-
-define Package/wpa-supplicant-mesh-wolfssl
-$(call Package/wpa-supplicant-mesh/Default,$(1))
-  TITLE+= (wolfSSL, 11s, SAE)
-  VARIANT:=supplicant-mesh-wolfssl
-  DEPENDS+=+PACKAGE_wpa-supplicant-mesh-wolfssl:libwolfssl
-endef
-
-define Package/wpa-supplicant-mesh-mbedtls
-$(call Package/wpa-supplicant-mesh/Default,$(1))
-  TITLE+= (mbedTLS, 11s, SAE)
-  VARIANT:=supplicant-mesh-mbedtls
-  DEPENDS+=+PACKAGE_wpa-supplicant-mesh-mbedtls:libmbedtls
-endef
-
-define Package/wpa-supplicant-basic
-$(call Package/wpa-supplicant/Default,$(1))
-  TITLE+= (11r, 11w)
-  VARIANT:=supplicant-basic
-endef
-
-define Package/wpa-supplicant-mini
-$(call Package/wpa-supplicant/Default,$(1))
-  TITLE+= (minimal)
-  VARIANT:=supplicant-mini
-endef
-
-
-define Package/hostapd-common
-  TITLE:=hostapd/wpa_supplicant common support files
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=WirelessAPD
-endef
-
-define Package/hostapd-utils
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=WirelessAPD
-  TITLE:=IEEE 802.1x Authenticator (utils)
-  URL:=http://hostap.epitest.fi/
-  DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(HOSTAPD_PROVIDERS),PACKAGE_$(pkg)))
-  VARIANT:=*
-endef
-
-define Package/hostapd-utils/description
- This package contains a command line utility to control the
- IEEE 802.1x/WPA/EAP/RADIUS Authenticator.
-endef
-
-define Package/wpa-cli
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=WirelessAPD
-  DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(SUPPLICANT_PROVIDERS),PACKAGE_$(pkg)))
-  TITLE:=WPA Supplicant command line control utility
-  VARIANT:=*
-endef
-
-define Package/eapol-test/Default
-  TITLE:=802.1x auth test utility
-  SECTION:=net
-  SUBMENU:=WirelessAPD
-  CATEGORY:=Network
-  DEPENDS:=$(DRV_DEPENDS) $(CORE_DEPENDS)
-endef
-
-define Package/eapol-test
-  $(call Package/eapol-test/Default,$(1))
-  TITLE+= (built-in full)
-  VARIANT:=supplicant-full-internal
-endef
-
-define Package/eapol-test-openssl
-  $(call Package/eapol-test/Default,$(1))
-  TITLE+= (OpenSSL full)
-  VARIANT:=supplicant-full-openssl
-  CONFLICTS:=$(filter-out eapol-test-openssl ,$(EAPOL_TEST_PROVIDERS))
-  DEPENDS+=$(OPENSSL_DEPENDS)
-  PROVIDES:=eapol-test
-endef
-
-define Package/eapol-test-wolfssl
-  $(call Package/eapol-test/Default,$(1))
-  TITLE+= (wolfSSL full)
-  VARIANT:=supplicant-full-wolfssl
-  CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-wolfssl ,$(EAPOL_TEST_PROVIDERS)))
-  DEPENDS+=+PACKAGE_eapol-test-wolfssl:libwolfssl
-  PROVIDES:=eapol-test
-endef
-
-define Package/eapol-test-mbedtls
-  $(call Package/eapol-test/Default,$(1))
-  TITLE+= (mbedTLS full)
-  VARIANT:=supplicant-full-mbedtls
-  CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-mbedtls ,$(EAPOL_TEST_PROVIDERS)))
-  DEPENDS+=+PACKAGE_eapol-test-mbedtls:libmbedtls
-  PROVIDES:=eapol-test
-endef
-
-
-ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
-  define Build/Configure/rebuild
-	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.a | $(XARGS) rm -f
-	rm -f $(PKG_BUILD_DIR)/hostapd/hostapd
-	rm -f $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant
-	rm -f $(PKG_BUILD_DIR)/.config_*
-	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
-  endef
-endif
-
-define Build/Configure
-	$(Build/Configure/rebuild)
-	$(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \
-		$(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
-	)
-	$(if $(wildcard ./files/wpa_supplicant-$(CONFIG_VARIANT).config), \
-		$(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
-	)
-endef
-
-TARGET_CPPFLAGS := \
-	-I$(STAGING_DIR)/usr/include/libnl-tiny \
-	-I$(PKG_BUILD_DIR)/src/crypto \
-	$(TARGET_CPPFLAGS) \
-	-DCONFIG_LIBNL20 \
-	-D_GNU_SOURCE \
-	$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
-
-TARGET_LDFLAGS += -lubox -lubus -lblobmsg_json -lucode -lm -lnl-tiny
-
-ifdef CONFIG_WPA_ENABLE_WEP
-    DRIVER_MAKEOPTS += CONFIG_WEP=y
-endif
-
-define Build/RunMake
-	CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
-	$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \
-		$(TARGET_CONFIGURE_OPTS) \
-		$(DRIVER_MAKEOPTS) \
-		LIBS="$(TARGET_LDFLAGS)" \
-		LIBS_c="$(TARGET_LDFLAGS_C)" \
-		AR="$(TARGET_CROSS)gcc-ar" \
-		BCHECK= \
-		$(if $(findstring s,$(OPENWRT_VERBOSE)),V=1) \
-		$(2)
-endef
-
-define Build/Compile/wpad
-	echo ` \
-		$(call Build/RunMake,hostapd,-s MULTICALL=1 dump_cflags); \
-		$(call Build/RunMake,wpa_supplicant,-s MULTICALL=1 dump_cflags) | \
-		sed -e 's,-n ,,g' -e 's^$(TARGET_CFLAGS)^^' \
-	` > $(PKG_BUILD_DIR)/.cflags
-	sed -i 's/"/\\"/g' $(PKG_BUILD_DIR)/.cflags
-	+$(call Build/RunMake,hostapd, \
-		CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
-		MULTICALL=1 \
-		hostapd_cli hostapd_multi.a \
-	)
-	+$(call Build/RunMake,wpa_supplicant, \
-		CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
-		MULTICALL=1 \
-		wpa_cli wpa_supplicant_multi.a \
-	)
-	+export MAKEFLAGS="$(MAKE_JOBSERVER)"; $(TARGET_CC) -o $(PKG_BUILD_DIR)/wpad \
-		$(TARGET_CFLAGS) \
-		./files/multicall.c \
-		$(PKG_BUILD_DIR)/hostapd/hostapd_multi.a \
-		$(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant_multi.a \
-		$(TARGET_LDFLAGS)
-endef
-
-define Build/Compile/hostapd
-	+$(call Build/RunMake,hostapd, \
-		hostapd hostapd_cli \
-	)
-endef
-
-define Build/Compile/supplicant
-	+$(call Build/RunMake,wpa_supplicant, \
-		wpa_cli wpa_supplicant \
-	)
-endef
-
-define Build/Compile/supplicant-full-internal
-	+$(call Build/RunMake,wpa_supplicant, \
-		eapol_test \
-	)
-endef
-
-define Build/Compile/supplicant-full-openssl
-	+$(call Build/RunMake,wpa_supplicant, \
-		eapol_test \
-	)
-endef
-
-define Build/Compile/supplicant-full-wolfssl
-	+$(call Build/RunMake,wpa_supplicant, \
-		eapol_test \
-	)
-endef
-
-define Build/Compile/supplicant-full-mbedtls
-	+$(call Build/RunMake,wpa_supplicant, \
-		eapol_test \
-	)
-endef
-
-define Build/Compile
-	$(Build/Compile/$(LOCAL_TYPE))
-	$(Build/Compile/$(BUILD_VARIANT))
-endef
-
-define Install/hostapd/full
-	$(INSTALL_DIR) $(1)/etc/init.d $(1)/etc/config $(1)/etc/radius
-	ln -sf hostapd $(1)/usr/sbin/hostapd-radius
-	$(INSTALL_BIN) ./files/radius.init $(1)/etc/init.d/radius
-	$(INSTALL_DATA) ./files/radius.config $(1)/etc/config/radius
-	$(INSTALL_DATA) ./files/radius.clients $(1)/etc/radius/clients
-	$(INSTALL_DATA) ./files/radius.users $(1)/etc/radius/users
-endef
-
-define Package/hostapd-full/conffiles
-/etc/config/radius
-/etc/radius
-endef
-
-ifeq ($(CONFIG_VARIANT),full)
-Package/wpad-mesh-openssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-mesh-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-mesh-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-openssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd-openssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
-endif
-
-define Install/hostapd
-	$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/share/hostap
-	$(INSTALL_DATA) ./files/hostapd.uc $(1)/usr/share/hostap/
-	$(if $(findstring full,$(CONFIG_VARIANT)),$(Install/hostapd/full))
-endef
-
-define Install/supplicant
-	$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/share/hostap
-	$(INSTALL_DATA) ./files/wpa_supplicant.uc $(1)/usr/share/hostap/
-endef
-
-define Package/hostapd-common/install
-	$(INSTALL_DIR) $(1)/etc/capabilities $(1)/etc/rc.button $(1)/etc/hotplug.d/ieee80211 $(1)/etc/init.d $(1)/lib/netifd  $(1)/usr/share/acl.d $(1)/usr/share/hostap
-	$(INSTALL_BIN) ./files/dhcp-get-server.sh $(1)/lib/netifd/dhcp-get-server.sh
-	$(INSTALL_DATA) ./files/hostapd.sh $(1)/lib/netifd/hostapd.sh
-	$(INSTALL_BIN) ./files/wpad.init $(1)/etc/init.d/wpad
-	$(INSTALL_BIN) ./files/wps-hotplug.sh $(1)/etc/rc.button/wps
-	$(INSTALL_DATA) ./files/wpad_acl.json $(1)/usr/share/acl.d
-	$(INSTALL_DATA) ./files/wpad.json $(1)/etc/capabilities
-	$(INSTALL_DATA) ./files/common.uc $(1)/usr/share/hostap/
-	$(INSTALL_DATA) ./files/wdev.uc $(1)/usr/share/hostap/
-endef
-
-define Package/hostapd/install
-	$(call Install/hostapd,$(1))
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/
-endef
-Package/hostapd-basic/install = $(Package/hostapd/install)
-Package/hostapd-basic-openssl/install = $(Package/hostapd/install)
-Package/hostapd-basic-wolfssl/install = $(Package/hostapd/install)
-Package/hostapd-basic-mbedtls/install = $(Package/hostapd/install)
-Package/hostapd-mini/install = $(Package/hostapd/install)
-Package/hostapd-openssl/install = $(Package/hostapd/install)
-Package/hostapd-wolfssl/install = $(Package/hostapd/install)
-Package/hostapd-mbedtls/install = $(Package/hostapd/install)
-
-ifneq ($(LOCAL_TYPE),supplicant)
-  define Package/hostapd-utils/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd_cli $(1)/usr/sbin/
-  endef
-endif
-
-define Package/wpad/install
-	$(call Install/hostapd,$(1))
-	$(call Install/supplicant,$(1))
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpad $(1)/usr/sbin/
-	$(LN) wpad $(1)/usr/sbin/hostapd
-	$(LN) wpad $(1)/usr/sbin/wpa_supplicant
-endef
-Package/wpad-basic/install = $(Package/wpad/install)
-Package/wpad-basic-openssl/install = $(Package/wpad/install)
-Package/wpad-basic-wolfssl/install = $(Package/wpad/install)
-Package/wpad-basic-mbedtls/install = $(Package/wpad/install)
-Package/wpad-mini/install = $(Package/wpad/install)
-Package/wpad-openssl/install = $(Package/wpad/install)
-Package/wpad-wolfssl/install = $(Package/wpad/install)
-Package/wpad-mbedtls/install = $(Package/wpad/install)
-Package/wpad-mesh-openssl/install = $(Package/wpad/install)
-Package/wpad-mesh-wolfssl/install = $(Package/wpad/install)
-Package/wpad-mesh-mbedtls/install = $(Package/wpad/install)
-
-define Package/wpa-supplicant/install
-	$(call Install/supplicant,$(1))
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant $(1)/usr/sbin/
-endef
-Package/wpa-supplicant-basic/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-openssl/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-wolfssl/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-mbedtls/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-mesh-openssl/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-mesh-wolfssl/install = $(Package/wpa-supplicant/install)
-Package/wpa-supplicant-mesh-mbedtls/install = $(Package/wpa-supplicant/install)
-
-ifneq ($(LOCAL_TYPE),hostapd)
-  define Package/wpa-cli/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_cli $(1)/usr/sbin/
-  endef
-endif
-
-ifeq ($(BUILD_VARIANT),supplicant-full-internal)
-  define Package/eapol-test/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
-  endef
-endif
-
-ifeq ($(BUILD_VARIANT),supplicant-full-openssl)
-  define Package/eapol-test-openssl/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
-  endef
-endif
-
-ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
-  define Package/eapol-test-wolfssl/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
-  endef
-endif
-
-ifeq ($(BUILD_VARIANT),supplicant-full-mbedtls)
-  define Package/eapol-test-mbedtls/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
-  endef
-endif
-
-# Build hostapd-common before its dependents, to avoid
-# spurious rebuilds when building multiple variants.
-$(eval $(call BuildPackage,hostapd-common))
-$(eval $(call BuildPackage,hostapd))
-$(eval $(call BuildPackage,hostapd-basic))
-$(eval $(call BuildPackage,hostapd-basic-openssl))
-$(eval $(call BuildPackage,hostapd-basic-wolfssl))
-$(eval $(call BuildPackage,hostapd-basic-mbedtls))
-$(eval $(call BuildPackage,hostapd-mini))
-$(eval $(call BuildPackage,hostapd-openssl))
-$(eval $(call BuildPackage,hostapd-wolfssl))
-$(eval $(call BuildPackage,hostapd-mbedtls))
-$(eval $(call BuildPackage,wpad))
-$(eval $(call BuildPackage,wpad-mesh-openssl))
-$(eval $(call BuildPackage,wpad-mesh-wolfssl))
-$(eval $(call BuildPackage,wpad-mesh-mbedtls))
-$(eval $(call BuildPackage,wpad-basic))
-$(eval $(call BuildPackage,wpad-basic-openssl))
-$(eval $(call BuildPackage,wpad-basic-wolfssl))
-$(eval $(call BuildPackage,wpad-basic-mbedtls))
-$(eval $(call BuildPackage,wpad-mini))
-$(eval $(call BuildPackage,wpad-openssl))
-$(eval $(call BuildPackage,wpad-wolfssl))
-$(eval $(call BuildPackage,wpad-mbedtls))
-$(eval $(call BuildPackage,wpa-supplicant))
-$(eval $(call BuildPackage,wpa-supplicant-mesh-openssl))
-$(eval $(call BuildPackage,wpa-supplicant-mesh-wolfssl))
-$(eval $(call BuildPackage,wpa-supplicant-mesh-mbedtls))
-$(eval $(call BuildPackage,wpa-supplicant-basic))
-$(eval $(call BuildPackage,wpa-supplicant-mini))
-$(eval $(call BuildPackage,wpa-supplicant-p2p))
-$(eval $(call BuildPackage,wpa-supplicant-openssl))
-$(eval $(call BuildPackage,wpa-supplicant-wolfssl))
-$(eval $(call BuildPackage,wpa-supplicant-mbedtls))
-$(eval $(call BuildPackage,wpa-cli))
-$(eval $(call BuildPackage,hostapd-utils))
-$(eval $(call BuildPackage,eapol-test))
-$(eval $(call BuildPackage,eapol-test-openssl))
-$(eval $(call BuildPackage,eapol-test-wolfssl))
-$(eval $(call BuildPackage,eapol-test-mbedtls))

feeds/hostapd/hostapd/README.md

@@ -1,419 +0,0 @@
-# UBUS methods - hostapd
-
-## bss_mgmt_enable
-Enable 802.11k/v features.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| neighbor_report | bool | no | enable 802.11k neighbor reports |
-| beacon_report | bool | no | enable 802.11k beacon reports |
-| link_measurements | bool | no | enable 802.11k link measurements |
-| bss_transition | bool | no | enable 802.11v BSS transition support |
-
-### example
-`ubus call hostapd.wl5-fb bss_mgmt_enable '{ "neighbor_report": true, "beacon_report": true, "link_measurements": true, "bss_transition": true
-}'`
-
-
-## bss_transition_request
-Initiate an 802.11v transition request.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| addr | string | yes | client MAC address |
-| disassociation_imminent | bool | no | set Disassociation Imminent bit |
-| disassociation_timer | int32 | no | disassociate client if it doesn't roam after this time |
-| validity_period | int32 | no | validity of the BSS Transition Candiate List |
-| neighbors | array | no | BSS Transition Candidate List |
-| abridged | bool | no | prefer APs in the BSS Transition Candidate List |
-| dialog_token | int32 | no | identifier for the request/report transaction |
-| mbo_reason | int32 | no | MBO Transition Reason Code Attribute |
-| cell_pref | int32 | no | MBO Cellular Data Connection Preference Attribute |
-| reassoc_delay | int32 | no | MBO Re-association retry delay |
-
-### example
-`ubus call hostapd.wl5-fb bss_transition_request '{ "addr": "68:2F:67:8B:98:ED", "disassociation_imminent": false, "disassociation_timer": 0, "validity_period": 30, "neighbors": ["b6a7b9cbeebabf5900008064090603026a00"], "abridged": 1 }'`
-
-
-## config_add
-Dynamically load a BSS configuration from a file. This is used by netifd's mac80211 support script to configure BSSes on multiple PHYs in a single hostapd instance.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| iface | string | yes | WiFi interface name |
-| config | string | yes | path to hostapd config file |
-
-
-## config_remove
-Dynamically remove a BSS configuration.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| iface | string | yes | WiFi interface name |
-
-
-## del_client
-Kick a client off the network.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| addr | string | yes | client MAC address |
-| reason | int32 | no | 802.11 reason code |
-| deauth | bool | no | deauthenticates client instead of disassociating |
-| ban_time | int32 | no | ban client for N milliseconds |
-
-### example
-`ubus call hostapd.wl5-fb del_client '{ "addr": "68:2f:67:8b:98:ed", "reason": 5, "deauth": true, "ban_time": 10000 }'`
-
-
-## get_clients
-Show associated clients.
-
-### example
-`ubus call hostapd.wl5-fb get_clients`
-
-### output
-```json
-{
-        "freq": 5260,
-        "clients": {
-                "68:2f:67:8b:98:ed": {
-                        "auth": true,
-                        "assoc": true,
-                        "authorized": true,
-                        "preauth": false,
-                        "wds": false,
-                        "wmm": true,
-                        "ht": true,
-                        "vht": true,
-                        "he": false,
-                        "wps": false,
-                        "mfp": true,
-                        "rrm": [
-                                0,
-                                0,
-                                0,
-                                0,
-                                0
-                        ],
-                        "extended_capabilities": [
-                                0,
-                                0,
-                                0,
-                                0,
-                                0,
-                                0,
-                                0,
-                                64
-                        ],
-                        "aid": 3,
-                        "signature": "wifi4|probe:0,1,45,127,107,191,221(0017f2,10),221(001018,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,extcap:0000008000000040|assoc:0,1,33,36,48,45,127,191,221(0017f2,10),221(001018,2),221(0050f2,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,txpow:14f9,extcap:0000000000000040",
-                        "bytes": {
-                                "rx": 1933667,
-                                "tx": 746805
-                        },
-                        "airtime": {
-                                "rx": 208863,
-                                "tx": 9037883
-                        },
-                        "packets": {
-                                "rx": 3587,
-                                "tx": 2185
-                        },
-                        "rate": {
-                                "rx": 866700,
-                                "tx": 866700
-                        },
-                        "signal": -50,
-                        "capabilities": {
-                                "vht": {
-                                        "su_beamformee": true,
-                                        "mu_beamformee": false,
-                                        "mcs_map": {
-                                                "rx": {
-                                                        "1ss": 9,
-                                                        "2ss": 9,
-                                                        "3ss": 9,
-                                                        "4ss": -1,
-                                                        "5ss": -1,
-                                                        "6ss": -1,
-                                                        "7ss": -1,
-                                                        "8ss": -1
-                                                },
-                                                "tx": {
-                                                        "1ss": 9,
-                                                        "2ss": 9,
-                                                        "3ss": 9,
-                                                        "4ss": -1,
-                                                        "5ss": -1,
-                                                        "6ss": -1,
-                                                        "7ss": -1,
-                                                        "8ss": -1
-                                                }
-                                        }
-                                }
-                        }
-                }
-        }
-}
-```
-
-
-## get_features
-Show HT/VHT support.
-
-### example
-`ubus call hostapd.wl5-fb get_features`
-
-### output
-```json
-{
-        "ht_supported": true,
-        "vht_supported": true
-}
-```
-
-
-## get_status
-Get BSS status.
-
-### example
-`ubus call hostapd.wl5-fb get_status`
-
-### output
-```json
-{
-        "status": "ENABLED",
-        "bssid": "b6:a7:b9:cb:ee:bc",
-        "ssid": "fb",
-        "freq": 5260,
-        "channel": 52,
-        "op_class": 128,
-        "beacon_interval": 100,
-        "phy": "wl5-lan",
-        "rrm": {
-                "neighbor_report_tx": 0
-        },
-        "wnm": {
-                "bss_transition_query_rx": 0,
-                "bss_transition_request_tx": 0,
-                "bss_transition_response_rx": 0
-        },
-        "airtime": {
-                "time": 259561738,
-                "time_busy": 2844249,
-                "utilization": 0
-        },
-        "dfs": {
-                "cac_seconds": 60,
-                "cac_active": false,
-                "cac_seconds_left": 0
-        }
-}
-```
-
-
-## link_measurement_req
-Initiate an 802.11k Link Measurement Request.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| addr | string | yes | client MAC address |
-| tx-power-used | int32 | no | transmit power used to transmit the Link Measurement Request frame |
-| tx-power-max | int32 | no | upper limit of transmit power to be used by the client |
-
-
-## list_bans
-List banned clients.
-
-### example
-`ubus call hostapd.wl5-fb list_bans`
-
-### output
-```json
-{
-        "clients": [
-                "68:2f:67:8b:98:ed"
-        ]
-}
-```
-
-
-## notify_response
-When enabled, hostapd will send a ubus notification and wait for a response before responding to various requests. This is used by e.g. usteer to make it possible to ignore probe requests.
-
-:warning: enabling this will cause hostapd to stop responding to probe requests unless a ubus subscriber responds to the ubus notifications.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| notify_response | int32 | yes | disable (0) or enable (!0) |
-
-### example
-`ubus call hostapd.wl5-fb notify_response '{ "notify_response": 1 }'`
-
-## reload
-Reload BSS configuration.
-
-:warning: this can cause problems for certain configurations:
-
-```
-Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
-Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
-Mon May 16 16:09:08 2022 daemon.err hostapd: Wrong coupling between HT and VHT/HE channel setting
-```
-
-### example
-`ubus call hostapd.wl5-fb reload`
-
-
-## rrm_beacon_req
-Send a Beacon Measurement Request to a client.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| addr | string | yes | client MAC address |
-| op_class | int32 | yes | the Regulatory Class for which this Measurement Request applies |
-| channel | int32 | yes | channel to measure |
-| duration | int32 | yes | compile Beacon Measurement Report after N TU |
-| mode | int32 | yes | mode to be used for measurement (0: passive, 1: active, 2: beacon table) |
-| bssid | string | no | filter BSSes in Beacon Measurement Report by BSSID |
-| ssid | string | no | filter BSSes in Beacon Measurement Report by SSID|
-
-
-## rrm_nr_get_own
-Show Neighbor Report Element for this BSS.
-
-### example
-`ubus call hostapd.wl5-fb rrm_nr_get_own`
-
-### output
-```json
-{
-        "value": [
-                "b6:a7:b9:cb:ee:bc",
-                "fb",
-                "b6a7b9cbeebcaf5900008095090603029b00"
-        ]
-}
-```
-
-
-## rrm_nr_list
-Show Neighbor Report Elements for other BSSes in this ESS.
-
-### example
-`ubus call hostapd.wl5-fb rrm_nr_list`
-
-### output
-```json
-{
-        "list": [
-                [
-                        "b6:a7:b9:cb:ee:ba",
-                        "fb",
-                        "b6a7b9cbeebabf5900008064090603026a00"
-                ]
-        ]
-}
-```
-
-## rrm_nr_set
-Set the Neighbor Report Elements. An element for the node on which this command is executed will always be added.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| list | array | yes | array of Neighbor Report Elements in the format of the rrm_nr_list output |
-
-### example
-`ubus call hostapd.wl5-fb rrm_nr_set '{ "list": [ [ "b6:a7:b9:cb:ee:ba", "fb", "b6a7b9cbeebabf5900008064090603026a00" ] ] }'`
-
-
-## set_vendor_elements
-Configure Vendor-specific Information Elements for BSS.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| vendor_elements | string | yes | Vendor-specific Information Elements as hex string |
-
-### example
-`ubus call hostapd.wl5-fb set_vendor_elements '{ "vendor_elements": "dd054857dd6662" }'`
-
-
-## switch_chan
-Initiate a channel switch.
-
-:warning: trying to switch to the channel that is currently in use will fail: `Command failed: Operation not supported`
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| freq | int32 | yes | frequency in MHz to switch to |
-| bcn_count | int32 | no | count in Beacon frames (TBTT) to perform the switch |
-| center_freq1 | int32 | no | segment 0 center frequency in MHz (valid for HT and VHT) |
-| center_freq2 | int32 | no | segment 1 center frequency in MHz (valid only for 80 MHz channel width and an 80+80 channel) |
-| bandwidth | int32 | no | channel width to use |
-| sec_channel_offset| int32 | no | secondary channel offset for HT40 (0 = disabled, 1 = HT40+, -1 = HT40-) |
-| ht | bool | no | enable 802.11n |
-| vht | bool | no | enable 802.11ac |
-| he | bool | no | enable 802.11ax |
-| block_tx | bool | no | block transmission during CSA period |
-| csa_force | bool | no | restart the interface in case the CSA fails |
-
-## example
-`ubus call hostapd.wl5-fb switch_chan '{ "freq": 5180, "bcn_count": 10, "center_freq1": 5210, "bandwidth": 80, "he": 1, "block_tx": 1, "csa_force": 0 }'`
-
-
-## update_airtime
-Set dynamic airtime weight for client.
-
-### arguments
-| Name | Type | Required | Description |
-|---|---|---|---|
-| sta | string | yes | client MAC address |
-| weight | int32 | yes | airtime weight |
-
-
-## update_beacon
-Force beacon frame content to be updated and to start beaconing on an interface that uses start_disabled=1.
-
-### example
-`ubus call hostapd.wl5-fb update_beacon`
-
-
-## wps_status
-Get WPS status for BSS.
-
-### example
-`ubus call hostapd.wl5-fb wps_status`
-
-### output
-```json
-{
-        "pbc_status": "Disabled",
-        "last_wps_result": "None"
-}
-```
-
-
-## wps_cancel
-Cancel WPS Push Button Configuration.
-
-### example
-`ubus call hostapd.wl5-fb wps_cancel`
-
-
-## wps_start
-Start WPS Push Button Configuration.
-
-### example
-`ubus call hostapd.wl5-fb wps_start`

feeds/hostapd/hostapd/files/common.uc

@@ -1,318 +0,0 @@
-import * as nl80211 from "nl80211";
-import * as rtnl from "rtnl";
-import { readfile, glob, basename, readlink } from "fs";
-
-const iftypes = {
-	ap: nl80211.const.NL80211_IFTYPE_AP,
-	mesh: nl80211.const.NL80211_IFTYPE_MESH_POINT,
-	sta: nl80211.const.NL80211_IFTYPE_STATION,
-	adhoc: nl80211.const.NL80211_IFTYPE_ADHOC,
-	monitor: nl80211.const.NL80211_IFTYPE_MONITOR,
-};
-
-function wdev_remove(name)
-{
-	nl80211.request(nl80211.const.NL80211_CMD_DEL_INTERFACE, 0, { dev: name });
-}
-
-function __phy_is_fullmac(phyidx)
-{
-	let data = nl80211.request(nl80211.const.NL80211_CMD_GET_WIPHY, 0, { wiphy: phyidx });
-
-	return !data.software_iftypes.ap_vlan;
-}
-
-function phy_is_fullmac(phy)
-{
-	let phyidx = int(trim(readfile(`/sys/class/ieee80211/${phy}/index`)));
-
-	return __phy_is_fullmac(phyidx);
-}
-
-function find_reusable_wdev(phyidx)
-{
-	if (!__phy_is_fullmac(phyidx))
-		return null;
-
-	let data = nl80211.request(
-		nl80211.const.NL80211_CMD_GET_INTERFACE,
-		nl80211.const.NLM_F_DUMP,
-		{ wiphy: phyidx });
-	for (let res in data)
-		if (trim(readfile(`/sys/class/net/${res.ifname}/operstate`)) == "down")
-			return res.ifname;
-	return null;
-}
-
-function wdev_create(phy, name, data)
-{
-	let phyidx = int(readfile(`/sys/class/ieee80211/${phy}/index`));
-
-	wdev_remove(name);
-
-	if (!iftypes[data.mode])
-		return `Invalid mode: ${data.mode}`;
-
-	let req = {
-		wiphy: phyidx,
-		ifname: name,
-		iftype: iftypes[data.mode],
-	};
-
-	if (data["4addr"])
-		req["4addr"] = data["4addr"];
-	if (data.macaddr)
-		req.mac = data.macaddr;
-
-	nl80211.error();
-
-	let reuse_ifname = find_reusable_wdev(phyidx);
-	if (reuse_ifname &&
-	    (reuse_ifname == name ||
-	     rtnl.request(rtnl.const.RTM_SETLINK, 0, { dev: reuse_ifname, ifname: name}) != false))
-		nl80211.request(
-			nl80211.const.NL80211_CMD_SET_INTERFACE, 0, {
-				wiphy: phyidx,
-				dev: name,
-				iftype: iftypes[data.mode],
-			});
-	else
-		nl80211.request(
-			nl80211.const.NL80211_CMD_NEW_INTERFACE,
-			nl80211.const.NLM_F_CREATE,
-			req);
-
-	let error = nl80211.error();
-	if (error)
-		return error;
-
-	if (data.powersave != null) {
-		nl80211.request(nl80211.const.NL80211_CMD_SET_POWER_SAVE, 0,
-			{ dev: name, ps_state: data.powersave ? 1 : 0});
-	}
-
-	return null;
-}
-
-function phy_sysfs_file(phy, name)
-{
-	return trim(readfile(`/sys/class/ieee80211/${phy}/${name}`));
-}
-
-function macaddr_split(str)
-{
-	return map(split(str, ":"), (val) => hex(val));
-}
-
-function macaddr_join(addr)
-{
-	return join(":", map(addr, (val) => sprintf("%02x", val)));
-}
-
-function wdev_macaddr(wdev)
-{
-	return trim(readfile(`/sys/class/net/${wdev}/address`));
-}
-
-const phy_proto = {
-	macaddr_init: function(used, options) {
-		this.macaddr_options = options ?? {};
-		this.macaddr_list = {};
-
-		if (type(used) == "object")
-			for (let addr in used)
-				this.macaddr_list[addr] = used[addr];
-		else
-			for (let addr in used)
-				this.macaddr_list[addr] = -1;
-
-		this.for_each_wdev((wdev) => {
-			let macaddr = wdev_macaddr(wdev);
-			this.macaddr_list[macaddr] ??= -1;
-		});
-
-		return this.macaddr_list;
-	},
-
-	macaddr_generate: function(data) {
-		let phy = this.name;
-		let idx = int(data.id ?? 0);
-		let mbssid = int(data.mbssid ?? 0) > 0;
-		let num_global = int(data.num_global ?? 1);
-		let use_global = !mbssid && idx < num_global;
-
-		let base_addr = phy_sysfs_file(phy, "macaddress");
-		if (!base_addr)
-			return null;
-
-		if (!idx && !mbssid)
-			return base_addr;
-
-		let base_mask = phy_sysfs_file(phy, "address_mask");
-		if (!base_mask)
-			return null;
-
-		if (base_mask == "00:00:00:00:00:00" && idx >= num_global) {
-			let addrs = split(phy_sysfs_file(phy, "addresses"), "\n");
-
-			if (idx < length(addrs))
-				return addrs[idx];
-
-			base_mask = "ff:ff:ff:ff:ff:ff";
-		}
-
-		let addr = macaddr_split(base_addr);
-		let mask = macaddr_split(base_mask);
-		let type;
-
-		if (mbssid)
-			type = "b5";
-		else if (use_global)
-			type = "add";
-		else if (mask[0] > 0)
-			type = "b1";
-		else if (mask[5] < 0xff)
-			type = "b5";
-		else
-			type = "add";
-
-		switch (type) {
-		case "b1":
-			if (!(addr[0] & 2))
-				idx--;
-			addr[0] |= 2;
-			addr[0] ^= idx << 2;
-			break;
-		case "b5":
-			if (mbssid)
-				addr[0] |= 2;
-			addr[5] ^= idx;
-			break;
-		default:
-			for (let i = 5; i > 0; i--) {
-				addr[i] += idx;
-				if (addr[i] < 256)
-					break;
-				addr[i] %= 256;
-			}
-			break;
-		}
-
-		return macaddr_join(addr);
-	},
-
-	macaddr_next: function(val) {
-		let data = this.macaddr_options ?? {};
-		let list = this.macaddr_list;
-
-		for (let i = 0; i < 32; i++) {
-			data.id = i;
-
-			let mac = this.macaddr_generate(data);
-			if (!mac)
-				return null;
-
-			if (list[mac] != null)
-				continue;
-
-			list[mac] = val != null ? val : -1;
-			return mac;
-		}
-	},
-
-	for_each_wdev: function(cb) {
-		let wdevs = glob(`/sys/class/ieee80211/${this.name}/device/net/*`);
-		wdevs = map(wdevs, (arg) => basename(arg));
-		for (let wdev in wdevs) {
-			if (basename(readlink(`/sys/class/net/${wdev}/phy80211`)) != this.name)
-				continue;
-
-			cb(wdev);
-		}
-	}
-};
-
-function phy_open(phy)
-{
-	let phyidx = readfile(`/sys/class/ieee80211/${phy}/index`);
-	if (!phyidx)
-		return null;
-
-	return proto({
-		name: phy,
-		idx: int(phyidx)
-	}, phy_proto);
-}
-
-const vlist_proto = {
-	update: function(values, arg) {
-		let data = this.data;
-		let cb = this.cb;
-		let seq = { };
-		let new_data = {};
-		let old_data = {};
-
-		this.data = new_data;
-
-		if (type(values) == "object") {
-			for (let key in values) {
-				old_data[key] = data[key];
-				new_data[key] = values[key];
-				delete data[key];
-			}
-		} else {
-			for (let val in values) {
-				let cur_key = val[0];
-				let cur_obj = val[1];
-
-				old_data[cur_key] = data[cur_key];
-				new_data[cur_key] = val[1];
-				delete data[cur_key];
-			}
-		}
-
-		for (let key in data) {
-			cb(null, data[key], arg);
-			delete data[key];
-		}
-		for (let key in new_data)
-			cb(new_data[key], old_data[key], arg);
-	}
-};
-
-function is_equal(val1, val2) {
-	let t1 = type(val1);
-
-	if (t1 != type(val2))
-		return false;
-
-	if (t1 == "array") {
-		if (length(val1) != length(val2))
-			return false;
-
-		for (let i = 0; i < length(val1); i++)
-			if (!is_equal(val1[i], val2[i]))
-				return false;
-
-		return true;
-	} else if (t1 == "object") {
-		for (let key in val1)
-			if (!is_equal(val1[key], val2[key]))
-				return false;
-		for (let key in val2)
-			if (val1[key] == null)
-				return false;
-		return true;
-	} else {
-		return val1 == val2;
-	}
-}
-
-function vlist_new(cb) {
-	return proto({
-			cb: cb,
-			data: {}
-		}, vlist_proto);
-}
-
-export { wdev_remove, wdev_create, is_equal, vlist_new, phy_is_fullmac, phy_open };

feeds/hostapd/hostapd/files/dhcp-get-server.sh

@@ -1,2 +0,0 @@
-#!/bin/sh
-[ "$1" = bound ] && echo "$serverid"

feeds/hostapd/hostapd/files/hostapd-basic.config

@@ -1,404 +0,0 @@
-# Example hostapd build time configuration
-#
-# This file lists the configuration options that are used when building the
-# hostapd binary. All lines starting with # are ignored. Configuration option
-# lines must be commented out complete, if they are not to be included, i.e.,
-# just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cass, these lines should use += in order not
-# to override previous values of the variables.
-
-# Driver interface for Host AP driver
-#CONFIG_DRIVER_HOSTAP=y
-
-# Driver interface for wired authenticator
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for no driver (e.g., RADIUS server only)
-#CONFIG_DRIVER_NONE=y
-
-# IEEE 802.11F/IAPP
-#CONFIG_IAPP=y
-
-# WPA2/IEEE 802.11i RSN pre-authentication
-CONFIG_RSN_PREAUTH=y
-
-# IEEE 802.11w (management frame protection)
-#CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-CONFIG_OCV=y
-
-# Integrated EAP server
-#CONFIG_EAP=y
-
-# EAP Re-authentication Protocol (ERP) in integrated EAP server
-#CONFIG_ERP=y
-
-# EAP-MD5 for the integrated EAP server
-#CONFIG_EAP_MD5=y
-
-# EAP-TLS for the integrated EAP server
-#CONFIG_EAP_TLS=y
-
-# EAP-MSCHAPv2 for the integrated EAP server
-#CONFIG_EAP_MSCHAPV2=y
-
-# EAP-PEAP for the integrated EAP server
-#CONFIG_EAP_PEAP=y
-
-# EAP-GTC for the integrated EAP server
-#CONFIG_EAP_GTC=y
-
-# EAP-TTLS for the integrated EAP server
-#CONFIG_EAP_TTLS=y
-
-# EAP-SIM for the integrated EAP server
-#CONFIG_EAP_SIM=y
-
-# EAP-AKA for the integrated EAP server
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' for the integrated EAP server
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# EAP-PAX for the integrated EAP server
-#CONFIG_EAP_PAX=y
-
-# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd for the integrated EAP server (secure authentication with a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-SAKE for the integrated EAP server
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK for the integrated EAP server
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-FAST for the integrated EAP server
-#CONFIG_EAP_FAST=y
-
-# EAP-TEAP for the integrated EAP server
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# Wi-Fi Protected Setup (WPS)
-#CONFIG_WPS=y
-# Enable UPnP support for external WPS Registrars
-#CONFIG_WPS_UPNP=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# Trusted Network Connect (EAP-TNC)
-#CONFIG_EAP_TNC=y
-
-# EAP-EKE for the integrated EAP server
-#CONFIG_EAP_EKE=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-#CONFIG_PKCS12=y
-
-# RADIUS authentication server. This provides access to the integrated EAP
-# server from external hosts using RADIUS.
-#CONFIG_RADIUS_SERVER=y
-
-# Build IPv6 support for RADIUS operations
-#CONFIG_IPV6=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition)
-CONFIG_IEEE80211R=y
-
-# Use the hostapd's IEEE 802.11 authentication (ACL), but without
-# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
-#CONFIG_DRIVER_RADIUS_ACL=y
-
-# IEEE 802.11n (High Throughput) support
-CONFIG_IEEE80211N=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# IEEE 802.11ac (Very High Throughput) support
-CONFIG_IEEE80211AC=y
-
-# IEEE 802.11ax HE support
-# Note: This is experimental and work in progress. The definitions are still
-# subject to change and this should not be expected to interoperate with the
-# final IEEE 802.11ax version.
-#CONFIG_IEEE80211AX=y
-
-# Remove debugging code that is printing out debug messages to stdout.
-# This can be used to reduce the size of the hostapd considerably if debugging
-# code is not needed.
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Add support for writing debug log to a file: -f /tmp/hostapd.log
-# Disabled by default.
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Remove support for RADIUS accounting
-CONFIG_NO_ACCOUNTING=y
-
-# Remove support for RADIUS
-CONFIG_NO_RADIUS=y
-
-# Remove support for VLANs
-#CONFIG_NO_VLAN=y
-
-# Enable support for fully dynamic VLANs. This enables hostapd to
-# automatically create bridge and VLAN interfaces if necessary.
-#CONFIG_FULL_DYNAMIC_VLAN=y
-
-# Use netlink-based kernel API for VLAN operations instead of ioctl()
-# Note: This requires libnl 3.1 or newer.
-#CONFIG_VLAN_NETLINK=y
-
-# Remove support for dumping internal state through control interface commands
-# This can be used to reduce binary size at the cost of disabling a debugging
-# option.
-CONFIG_NO_DUMP_STATE=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, comment out these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, comment out these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# hostapd depends on strong random number generation being available from the
-# operating system. os_get_random() function is used to fetch random data when
-# needed, e.g., for key generation. On Linux and BSD systems, this works by
-# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
-# properly initialized before hostapd is started. This is important especially
-# on embedded devices that do not have a hardware random number generator and
-# may by default start up with minimal entropy available for random number
-# generation.
-#
-# As a safety net, hostapd is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data
-# fetched from the OS. This by itself is not considered to be very strong, but
-# it may help in cases where the system pool is not initialized properly.
-# However, it is very strongly recommended that the system pool is initialized
-# with enough entropy either by using hardware assisted random number
-# generator or by storing state over device reboots.
-#
-# hostapd can be configured to maintain its own entropy store over restarts to
-# enhance random number generation. This is not perfect, but it is much more
-# secure than using the same sequence of random numbers after every reboot.
-# This can be enabled with -e<entropy file> command line option. The specified
-# file needs to be readable and writable by hostapd.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal hostapd random pool can be disabled.
-# This will save some in binary size and CPU use. However, this should only be
-# considered for builds that are known to be used on devices that meet the
-# requirements described above.
-CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-CONFIG_GETRANDOM=y
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used.
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms.
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks.
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
-#CONFIG_SQLITE=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# Testing options
-# This can be used to enable some testing options (see also the example
-# configuration file) that are really useful only for testing clients that
-# connect to this hostapd. These options allow, for example, to drop a
-# certain percentage of probe requests or auth/(re)assoc frames.
-#
-#CONFIG_TESTING_OPTIONS=y
-
-# Automatic Channel Selection
-# This will allow hostapd to pick the channel automatically when channel is set
-# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# You can customize the ACS survey algorithm with the hostapd.conf variable
-# acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#
-#CONFIG_ACS=y
-
-# Multiband Operation support
-# These extentions facilitate efficient use of multiple frequency bands
-# available to the AP and the devices that may associate with it.
-#CONFIG_MBO=y
-
-# Client Taxonomy
-# Has the AP retain the Probe Request and (Re)Association Request frames from
-# a client, from which a signature can be produced which can identify the model
-# of client device like "Nexus 6P" or "iPhone 5s".
-#CONFIG_TAXONOMY=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Include internal line edit mode in hostapd_cli. This can be used to provide
-# limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Airtime policy support
-CONFIG_AIRTIME_POLICY=y
-
-# Proxy ARP support
-#CONFIG_PROXYARP=y
-
-# Override default value for the wpa_disable_eapol_key_retries configuration
-# parameter. See that parameter in hostapd.conf for more details.
-#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
-
-# uBus IPC/RPC System
-# Services can connect to the bus and provide methods
-# that can be called by other services or clients.
-CONFIG_UBUS=y
-
-# OpenWrt patch 380-disable-ctrl-iface-mib.patch
-# leads to the MIB only being compiled in if
-# CONFIG_CTRL_IFACE_MIB is enabled.
-#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/hostapd-full.config

@@ -1,404 +0,0 @@
-# Example hostapd build time configuration
-#
-# This file lists the configuration options that are used when building the
-# hostapd binary. All lines starting with # are ignored. Configuration option
-# lines must be commented out complete, if they are not to be included, i.e.,
-# just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cass, these lines should use += in order not
-# to override previous values of the variables.
-
-# Driver interface for Host AP driver
-#CONFIG_DRIVER_HOSTAP=y
-
-# Driver interface for wired authenticator
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for no driver (e.g., RADIUS server only)
-#CONFIG_DRIVER_NONE=y
-
-# IEEE 802.11F/IAPP
-CONFIG_IAPP=y
-
-# WPA2/IEEE 802.11i RSN pre-authentication
-CONFIG_RSN_PREAUTH=y
-
-# IEEE 802.11w (management frame protection)
-#CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-CONFIG_OCV=y
-
-# Integrated EAP server
-CONFIG_EAP=y
-
-# EAP Re-authentication Protocol (ERP) in integrated EAP server
-CONFIG_ERP=y
-
-# EAP-MD5 for the integrated EAP server
-CONFIG_EAP_MD5=y
-
-# EAP-TLS for the integrated EAP server
-CONFIG_EAP_TLS=y
-
-# EAP-MSCHAPv2 for the integrated EAP server
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-PEAP for the integrated EAP server
-CONFIG_EAP_PEAP=y
-
-# EAP-GTC for the integrated EAP server
-CONFIG_EAP_GTC=y
-
-# EAP-TTLS for the integrated EAP server
-CONFIG_EAP_TTLS=y
-
-# EAP-SIM for the integrated EAP server
-#CONFIG_EAP_SIM=y
-
-# EAP-AKA for the integrated EAP server
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' for the integrated EAP server
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# EAP-PAX for the integrated EAP server
-#CONFIG_EAP_PAX=y
-
-# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-CONFIG_EAP_PSK=y
-
-# EAP-pwd for the integrated EAP server (secure authentication with a password)
-CONFIG_EAP_PWD=y
-
-# EAP-SAKE for the integrated EAP server
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK for the integrated EAP server
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-FAST for the integrated EAP server
-CONFIG_EAP_FAST=y
-
-# EAP-TEAP for the integrated EAP server
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable UPnP support for external WPS Registrars
-#CONFIG_WPS_UPNP=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# Trusted Network Connect (EAP-TNC)
-#CONFIG_EAP_TNC=y
-
-# EAP-EKE for the integrated EAP server
-#CONFIG_EAP_EKE=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# RADIUS authentication server. This provides access to the integrated EAP
-# server from external hosts using RADIUS.
-CONFIG_RADIUS_SERVER=y
-
-# Build IPv6 support for RADIUS operations
-CONFIG_IPV6=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition)
-CONFIG_IEEE80211R=y
-
-# Use the hostapd's IEEE 802.11 authentication (ACL), but without
-# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
-#CONFIG_DRIVER_RADIUS_ACL=y
-
-# IEEE 802.11n (High Throughput) support
-CONFIG_IEEE80211N=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-CONFIG_WNM=y
-
-# IEEE 802.11ac (Very High Throughput) support
-CONFIG_IEEE80211AC=y
-
-# IEEE 802.11ax HE support
-# Note: This is experimental and work in progress. The definitions are still
-# subject to change and this should not be expected to interoperate with the
-# final IEEE 802.11ax version.
-#CONFIG_IEEE80211AX=y
-
-# Remove debugging code that is printing out debug messages to stdout.
-# This can be used to reduce the size of the hostapd considerably if debugging
-# code is not needed.
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Add support for writing debug log to a file: -f /tmp/hostapd.log
-# Disabled by default.
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Remove support for RADIUS accounting
-#CONFIG_NO_ACCOUNTING=y
-
-# Remove support for RADIUS
-#CONFIG_NO_RADIUS=y
-
-# Remove support for VLANs
-#CONFIG_NO_VLAN=y
-
-# Enable support for fully dynamic VLANs. This enables hostapd to
-# automatically create bridge and VLAN interfaces if necessary.
-CONFIG_FULL_DYNAMIC_VLAN=y
-
-# Use netlink-based kernel API for VLAN operations instead of ioctl()
-# Note: This requires libnl 3.1 or newer.
-#CONFIG_VLAN_NETLINK=y
-
-# Remove support for dumping internal state through control interface commands
-# This can be used to reduce binary size at the cost of disabling a debugging
-# option.
-CONFIG_NO_DUMP_STATE=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, comment out these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, comment out these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# hostapd depends on strong random number generation being available from the
-# operating system. os_get_random() function is used to fetch random data when
-# needed, e.g., for key generation. On Linux and BSD systems, this works by
-# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
-# properly initialized before hostapd is started. This is important especially
-# on embedded devices that do not have a hardware random number generator and
-# may by default start up with minimal entropy available for random number
-# generation.
-#
-# As a safety net, hostapd is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data
-# fetched from the OS. This by itself is not considered to be very strong, but
-# it may help in cases where the system pool is not initialized properly.
-# However, it is very strongly recommended that the system pool is initialized
-# with enough entropy either by using hardware assisted random number
-# generator or by storing state over device reboots.
-#
-# hostapd can be configured to maintain its own entropy store over restarts to
-# enhance random number generation. This is not perfect, but it is much more
-# secure than using the same sequence of random numbers after every reboot.
-# This can be enabled with -e<entropy file> command line option. The specified
-# file needs to be readable and writable by hostapd.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal hostapd random pool can be disabled.
-# This will save some in binary size and CPU use. However, this should only be
-# considered for builds that are known to be used on devices that meet the
-# requirements described above.
-CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-CONFIG_GETRANDOM=y
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used.
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms.
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks.
-CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-CONFIG_HS20=y
-
-# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
-#CONFIG_SQLITE=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# Testing options
-# This can be used to enable some testing options (see also the example
-# configuration file) that are really useful only for testing clients that
-# connect to this hostapd. These options allow, for example, to drop a
-# certain percentage of probe requests or auth/(re)assoc frames.
-#
-#CONFIG_TESTING_OPTIONS=y
-
-# Automatic Channel Selection
-# This will allow hostapd to pick the channel automatically when channel is set
-# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# You can customize the ACS survey algorithm with the hostapd.conf variable
-# acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#
-#CONFIG_ACS=y
-
-# Multiband Operation support
-# These extentions facilitate efficient use of multiple frequency bands
-# available to the AP and the devices that may associate with it.
-#CONFIG_MBO=y
-
-# Client Taxonomy
-# Has the AP retain the Probe Request and (Re)Association Request frames from
-# a client, from which a signature can be produced which can identify the model
-# of client device like "Nexus 6P" or "iPhone 5s".
-CONFIG_TAXONOMY=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Include internal line edit mode in hostapd_cli. This can be used to provide
-# limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Airtime policy support
-CONFIG_AIRTIME_POLICY=y
-
-# Proxy ARP support
-CONFIG_PROXYARP=y
-
-# Override default value for the wpa_disable_eapol_key_retries configuration
-# parameter. See that parameter in hostapd.conf for more details.
-#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
-
-# uBus IPC/RPC System
-# Services can connect to the bus and provide methods
-# that can be called by other services or clients.
-CONFIG_UBUS=y
-
-# OpenWrt patch 380-disable-ctrl-iface-mib.patch
-# leads to the MIB only being compiled in if
-# CONFIG_CTRL_IFACE_MIB is enabled.
-CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/hostapd-mini.config

@@ -1,404 +0,0 @@
-# Example hostapd build time configuration
-#
-# This file lists the configuration options that are used when building the
-# hostapd binary. All lines starting with # are ignored. Configuration option
-# lines must be commented out complete, if they are not to be included, i.e.,
-# just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cass, these lines should use += in order not
-# to override previous values of the variables.
-
-# Driver interface for Host AP driver
-#CONFIG_DRIVER_HOSTAP=y
-
-# Driver interface for wired authenticator
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for no driver (e.g., RADIUS server only)
-#CONFIG_DRIVER_NONE=y
-
-# IEEE 802.11F/IAPP
-#CONFIG_IAPP=y
-
-# WPA2/IEEE 802.11i RSN pre-authentication
-CONFIG_RSN_PREAUTH=y
-
-# IEEE 802.11w (management frame protection)
-#CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-#CONFIG_OCV=y
-
-# Integrated EAP server
-#CONFIG_EAP=y
-
-# EAP Re-authentication Protocol (ERP) in integrated EAP server
-#CONFIG_ERP=y
-
-# EAP-MD5 for the integrated EAP server
-#CONFIG_EAP_MD5=y
-
-# EAP-TLS for the integrated EAP server
-#CONFIG_EAP_TLS=y
-
-# EAP-MSCHAPv2 for the integrated EAP server
-#CONFIG_EAP_MSCHAPV2=y
-
-# EAP-PEAP for the integrated EAP server
-#CONFIG_EAP_PEAP=y
-
-# EAP-GTC for the integrated EAP server
-#CONFIG_EAP_GTC=y
-
-# EAP-TTLS for the integrated EAP server
-#CONFIG_EAP_TTLS=y
-
-# EAP-SIM for the integrated EAP server
-#CONFIG_EAP_SIM=y
-
-# EAP-AKA for the integrated EAP server
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' for the integrated EAP server
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# EAP-PAX for the integrated EAP server
-#CONFIG_EAP_PAX=y
-
-# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd for the integrated EAP server (secure authentication with a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-SAKE for the integrated EAP server
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK for the integrated EAP server
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-FAST for the integrated EAP server
-#CONFIG_EAP_FAST=y
-
-# EAP-TEAP for the integrated EAP server
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# Wi-Fi Protected Setup (WPS)
-#CONFIG_WPS=y
-# Enable UPnP support for external WPS Registrars
-#CONFIG_WPS_UPNP=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# Trusted Network Connect (EAP-TNC)
-#CONFIG_EAP_TNC=y
-
-# EAP-EKE for the integrated EAP server
-#CONFIG_EAP_EKE=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-#CONFIG_PKCS12=y
-
-# RADIUS authentication server. This provides access to the integrated EAP
-# server from external hosts using RADIUS.
-#CONFIG_RADIUS_SERVER=y
-
-# Build IPv6 support for RADIUS operations
-#CONFIG_IPV6=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition)
-#CONFIG_IEEE80211R=y
-
-# Use the hostapd's IEEE 802.11 authentication (ACL), but without
-# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
-#CONFIG_DRIVER_RADIUS_ACL=y
-
-# IEEE 802.11n (High Throughput) support
-CONFIG_IEEE80211N=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# IEEE 802.11ac (Very High Throughput) support
-CONFIG_IEEE80211AC=y
-
-# IEEE 802.11ax HE support
-# Note: This is experimental and work in progress. The definitions are still
-# subject to change and this should not be expected to interoperate with the
-# final IEEE 802.11ax version.
-#CONFIG_IEEE80211AX=y
-
-# Remove debugging code that is printing out debug messages to stdout.
-# This can be used to reduce the size of the hostapd considerably if debugging
-# code is not needed.
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Add support for writing debug log to a file: -f /tmp/hostapd.log
-# Disabled by default.
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Remove support for RADIUS accounting
-CONFIG_NO_ACCOUNTING=y
-
-# Remove support for RADIUS
-CONFIG_NO_RADIUS=y
-
-# Remove support for VLANs
-#CONFIG_NO_VLAN=y
-
-# Enable support for fully dynamic VLANs. This enables hostapd to
-# automatically create bridge and VLAN interfaces if necessary.
-#CONFIG_FULL_DYNAMIC_VLAN=y
-
-# Use netlink-based kernel API for VLAN operations instead of ioctl()
-# Note: This requires libnl 3.1 or newer.
-#CONFIG_VLAN_NETLINK=y
-
-# Remove support for dumping internal state through control interface commands
-# This can be used to reduce binary size at the cost of disabling a debugging
-# option.
-CONFIG_NO_DUMP_STATE=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, comment out these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, comment out these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# hostapd depends on strong random number generation being available from the
-# operating system. os_get_random() function is used to fetch random data when
-# needed, e.g., for key generation. On Linux and BSD systems, this works by
-# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
-# properly initialized before hostapd is started. This is important especially
-# on embedded devices that do not have a hardware random number generator and
-# may by default start up with minimal entropy available for random number
-# generation.
-#
-# As a safety net, hostapd is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data
-# fetched from the OS. This by itself is not considered to be very strong, but
-# it may help in cases where the system pool is not initialized properly.
-# However, it is very strongly recommended that the system pool is initialized
-# with enough entropy either by using hardware assisted random number
-# generator or by storing state over device reboots.
-#
-# hostapd can be configured to maintain its own entropy store over restarts to
-# enhance random number generation. This is not perfect, but it is much more
-# secure than using the same sequence of random numbers after every reboot.
-# This can be enabled with -e<entropy file> command line option. The specified
-# file needs to be readable and writable by hostapd.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal hostapd random pool can be disabled.
-# This will save some in binary size and CPU use. However, this should only be
-# considered for builds that are known to be used on devices that meet the
-# requirements described above.
-CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-CONFIG_GETRANDOM=y
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used.
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms.
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks.
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
-#CONFIG_SQLITE=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# Testing options
-# This can be used to enable some testing options (see also the example
-# configuration file) that are really useful only for testing clients that
-# connect to this hostapd. These options allow, for example, to drop a
-# certain percentage of probe requests or auth/(re)assoc frames.
-#
-#CONFIG_TESTING_OPTIONS=y
-
-# Automatic Channel Selection
-# This will allow hostapd to pick the channel automatically when channel is set
-# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# You can customize the ACS survey algorithm with the hostapd.conf variable
-# acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#
-#CONFIG_ACS=y
-
-# Multiband Operation support
-# These extentions facilitate efficient use of multiple frequency bands
-# available to the AP and the devices that may associate with it.
-#CONFIG_MBO=y
-
-# Client Taxonomy
-# Has the AP retain the Probe Request and (Re)Association Request frames from
-# a client, from which a signature can be produced which can identify the model
-# of client device like "Nexus 6P" or "iPhone 5s".
-#CONFIG_TAXONOMY=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Include internal line edit mode in hostapd_cli. This can be used to provide
-# limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Airtime policy support
-#CONFIG_AIRTIME_POLICY=y
-
-# Proxy ARP support
-#CONFIG_PROXYARP=y
-
-# Override default value for the wpa_disable_eapol_key_retries configuration
-# parameter. See that parameter in hostapd.conf for more details.
-#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
-
-# uBus IPC/RPC System
-# Services can connect to the bus and provide methods
-# that can be called by other services or clients.
-CONFIG_UBUS=y
-
-# OpenWrt patch 380-disable-ctrl-iface-mib.patch
-# leads to the MIB only being compiled in if
-# CONFIG_CTRL_IFACE_MIB is enabled.
-#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/hostapd.uc

@@ -1,812 +0,0 @@
-let libubus = require("ubus");
-import { open, readfile } from "fs";
-import { wdev_create, wdev_remove, is_equal, vlist_new, phy_is_fullmac, phy_open } from "common";
-
-let ubus = libubus.connect();
-
-hostapd.data.config = {};
-
-hostapd.data.file_fields = {
-	vlan_file: true,
-	wpa_psk_file: true,
-	accept_mac_file: true,
-	deny_mac_file: true,
-	eap_user_file: true,
-	ca_cert: true,
-	server_cert: true,
-	server_cert2: true,
-	private_key: true,
-	private_key2: true,
-	dh_file: true,
-	eap_sim_db: true,
-};
-
-function iface_remove(cfg)
-{
-	if (!cfg || !cfg.bss || !cfg.bss[0] || !cfg.bss[0].ifname)
-		return;
-
-	for (let bss in cfg.bss)
-		wdev_remove(bss.ifname);
-}
-
-function iface_gen_config(phy, config, start_disabled)
-{
-	let str = `data:
-${join("\n", config.radio.data)}
-channel=${config.radio.channel}
-`;
-
-	for (let i = 0; i < length(config.bss); i++) {
-		let bss = config.bss[i];
-		let type = i > 0 ? "bss" : "interface";
-		let nasid = bss.nasid ?? replace(bss.bssid, ":", "");
-
-		str += `
-${type}=${bss.ifname}
-bssid=${bss.bssid}
-${join("\n", bss.data)}
-nas_identifier=${nasid}
-`;
-		if (start_disabled)
-			str += `
-start_disabled=1
-`;
-	}
-
-	return str;
-}
-
-function iface_freq_info(iface, config, params)
-{
-	let freq = params.frequency;
-	if (!freq)
-		return null;
-
-	let sec_offset = params.sec_chan_offset;
-	if (sec_offset != -1 && sec_offset != 1)
-		sec_offset = 0;
-
-	let width = 0;
-	for (let line in config.radio.data) {
-		if (!sec_offset && match(line, /^ht_capab=.*HT40/)) {
-			sec_offset = null; // auto-detect
-			continue;
-		}
-
-		let val = match(line, /^(vht_oper_chwidth|he_oper_chwidth)=(\d+)/);
-		if (!val)
-			continue;
-
-		val = int(val[2]);
-		if (val > width)
-			width = val;
-	}
-
-	if (freq < 4000)
-		width = 0;
-
-	return hostapd.freq_info(freq, sec_offset, width);
-}
-
-function iface_add(phy, config, phy_status)
-{
-	let config_inline = iface_gen_config(phy, config, !!phy_status);
-
-	let bss = config.bss[0];
-	let ret = hostapd.add_iface(`bss_config=${phy}:${config_inline}`);
-	if (ret < 0)
-		return false;
-
-	if (!phy_status)
-		return true;
-
-	let iface = hostapd.interfaces[phy];
-	if (!iface)
-		return false;
-
-	let freq_info = iface_freq_info(iface, config, phy_status);
-
-	return iface.start(freq_info) >= 0;
-}
-
-function iface_config_macaddr_list(config)
-{
-	let macaddr_list = {};
-	for (let i = 0; i < length(config.bss); i++) {
-		let bss = config.bss[i];
-		if (!bss.default_macaddr)
-			macaddr_list[bss.bssid] = i;
-	}
-
-	return macaddr_list;
-}
-
-function iface_update_supplicant_macaddr(phy, config)
-{
-	let macaddr_list = [];
-	for (let i = 0; i < length(config.bss); i++)
-		push(macaddr_list, config.bss[i].bssid);
-	ubus.call("wpa_supplicant", "phy_set_macaddr_list", { phy: phy, macaddr: macaddr_list });
-}
-
-function iface_restart(phydev, config, old_config)
-{
-	let phy = phydev.name;
-
-	hostapd.remove_iface(phy);
-	iface_remove(old_config);
-	iface_remove(config);
-
-	if (!config.bss || !config.bss[0]) {
-		hostapd.printf(`No bss for phy ${phy}`);
-		return;
-	}
-
-	phydev.macaddr_init(iface_config_macaddr_list(config));
-	for (let i = 0; i < length(config.bss); i++) {
-		let bss = config.bss[i];
-		if (bss.default_macaddr)
-			bss.bssid = phydev.macaddr_next();
-	}
-
-	iface_update_supplicant_macaddr(phy, config);
-
-	let bss = config.bss[0];
-	let err = wdev_create(phy, bss.ifname, { mode: "ap" });
-	if (err)
-		hostapd.printf(`Failed to create ${bss.ifname} on phy ${phy}: ${err}`);
-
-	let ubus = hostapd.data.ubus;
-	let phy_status = ubus.call("wpa_supplicant", "phy_status", { phy: phy });
-	if (phy_status && phy_status.state == "COMPLETED") {
-		if (iface_add(phy, config, phy_status))
-			return;
-
-		hostapd.printf(`Failed to bring up phy ${phy} ifname=${bss.ifname} with supplicant provided frequency`);
-	}
-
-	ubus.call("wpa_supplicant", "phy_set_state", { phy: phy, stop: true });
-	if (!iface_add(phy, config))
-		hostapd.printf(`hostapd.add_iface failed for phy ${phy} ifname=${bss.ifname}`);
-	ubus.call("wpa_supplicant", "phy_set_state", { phy: phy, stop: false });
-}
-
-function array_to_obj(arr, key, start)
-{
-	let obj = {};
-
-	start ??= 0;
-	for (let i = start; i < length(arr); i++) {
-		let cur = arr[i];
-		obj[cur[key]] = cur;
-	}
-
-	return obj;
-}
-
-function find_array_idx(arr, key, val)
-{
-	for (let i = 0; i < length(arr); i++)
-		if (arr[i][key] == val)
-			return i;
-
-	return -1;
-}
-
-function bss_reload_psk(bss, config, old_config)
-{
-	if (is_equal(old_config.hash.wpa_psk_file, config.hash.wpa_psk_file))
-		return;
-
-	old_config.hash.wpa_psk_file = config.hash.wpa_psk_file;
-	if (!is_equal(old_config, config))
-		return;
-
-	let ret = bss.ctrl("RELOAD_WPA_PSK");
-	ret ??= "failed";
-
-	hostapd.printf(`Reload WPA PSK file for bss ${config.ifname}: ${ret}`);
-}
-
-function remove_file_fields(config)
-{
-	return filter(config, (line) => !hostapd.data.file_fields[split(line, "=")[0]]);
-}
-
-function bss_remove_file_fields(config)
-{
-	let new_cfg = {};
-
-	for (let key in config)
-		new_cfg[key] = config[key];
-	new_cfg.data = remove_file_fields(new_cfg.data);
-	new_cfg.hash = {};
-	for (let key in config.hash)
-		new_cfg.hash[key] = config.hash[key];
-	delete new_cfg.hash.wpa_psk_file;
-	delete new_cfg.hash.vlan_file;
-
-	return new_cfg;
-}
-
-function bss_config_hash(config)
-{
-	return hostapd.sha1(remove_file_fields(config) + "");
-}
-
-function bss_find_existing(config, prev_config, prev_hash)
-{
-	let hash = bss_config_hash(config.data);
-
-	for (let i = 0; i < length(prev_config.bss); i++) {
-		if (!prev_hash[i] || hash != prev_hash[i])
-			continue;
-
-		prev_hash[i] = null;
-		return i;
-	}
-
-	return -1;
-}
-
-function get_config_bss(config, idx)
-{
-	if (!config.bss[idx]) {
-		hostapd.printf(`Invalid bss index ${idx}`);
-		return null;
-	}
-
-	let ifname = config.bss[idx].ifname;
-	if (!ifname)
-		hostapd.printf(`Could not find bss ${config.bss[idx].ifname}`);
-
-	return hostapd.bss[ifname];
-}
-
-function iface_reload_config(phydev, config, old_config)
-{
-	let phy = phydev.name;
-
-	if (!old_config || !is_equal(old_config.radio, config.radio))
-		return false;
-
-	if (is_equal(old_config.bss, config.bss))
-		return true;
-
-	if (!old_config.bss || !old_config.bss[0])
-		return false;
-
-	let iface = hostapd.interfaces[phy];
-	if (!iface) {
-		hostapd.printf(`Could not find previous interface ${iface_name}`);
-		return false;
-	}
-
-	let iface_name = old_config.bss[0].ifname;
-	let first_bss = hostapd.bss[iface_name];
-	if (!first_bss) {
-		hostapd.printf(`Could not find bss of previous interface ${iface_name}`);
-		return false;
-	}
-
-	let macaddr_list = iface_config_macaddr_list(config);
-	let bss_list = [];
-	let bss_list_cfg = [];
-	let prev_bss_hash = [];
-
-	for (let bss in old_config.bss) {
-		let hash = bss_config_hash(bss.data);
-		push(prev_bss_hash, bss_config_hash(bss.data));
-	}
-
-	// Step 1: find (possibly renamed) interfaces with the same config
-	// and store them in the new order (with gaps)
-	for (let i = 0; i < length(config.bss); i++) {
-		let prev;
-
-		// For fullmac devices, the first interface needs to be preserved,
-		// since it's treated as the master
-		if (!i && phy_is_fullmac(phy)) {
-			prev = 0;
-			prev_bss_hash[0] = null;
-		} else {
-			prev = bss_find_existing(config.bss[i], old_config, prev_bss_hash);
-		}
-		if (prev < 0)
-			continue;
-
-		let cur_config = config.bss[i];
-		let prev_config = old_config.bss[prev];
-
-		let prev_bss = get_config_bss(old_config, prev);
-		if (!prev_bss)
-			return false;
-
-		// try to preserve MAC address of this BSS by reassigning another
-		// BSS if necessary
-		if (cur_config.default_macaddr &&
-		    !macaddr_list[prev_config.bssid]) {
-			macaddr_list[prev_config.bssid] = i;
-			cur_config.bssid = prev_config.bssid;
-		}
-
-		bss_list[i] = prev_bss;
-		bss_list_cfg[i] = old_config.bss[prev];
-	}
-
-	if (config.mbssid && !bss_list_cfg[0]) {
-		hostapd.printf("First BSS changed with MBSSID enabled");
-		return false;
-	}
-
-	// Step 2: if none were found, rename and preserve the first one
-	if (length(bss_list) == 0) {
-		// can't change the bssid of the first bss
-		if (config.bss[0].bssid != old_config.bss[0].bssid) {
-			if (!config.bss[0].default_macaddr) {
-				hostapd.printf(`BSSID of first interface changed: ${lc(old_config.bss[0].bssid)} -> ${lc(config.bss[0].bssid)}`);
-				return false;
-			}
-
-			config.bss[0].bssid = old_config.bss[0].bssid;
-		}
-
-		let prev_bss = get_config_bss(old_config, 0);
-		if (!prev_bss)
-			return false;
-
-		macaddr_list[config.bss[0].bssid] = 0;
-		bss_list[0] = prev_bss;
-		bss_list_cfg[0] = old_config.bss[0];
-		prev_bss_hash[0] = null;
-	}
-
-	// Step 3: delete all unused old interfaces
-	for (let i = 0; i < length(prev_bss_hash); i++) {
-		if (!prev_bss_hash[i])
-			continue;
-
-		let prev_bss = get_config_bss(old_config, i);
-		if (!prev_bss)
-			return false;
-
-		let ifname = old_config.bss[i].ifname;
-		hostapd.printf(`Remove bss '${ifname}' on phy '${phy}'`);
-		prev_bss.delete();
-		wdev_remove(ifname);
-	}
-
-	// Step 4: rename preserved interfaces, use temporary name on duplicates
-	let rename_list = [];
-	for (let i = 0; i < length(bss_list); i++) {
-		if (!bss_list[i])
-			continue;
-
-		let old_ifname = bss_list_cfg[i].ifname;
-		let new_ifname = config.bss[i].ifname;
-		if (old_ifname == new_ifname)
-			continue;
-
-		if (hostapd.bss[new_ifname]) {
-			new_ifname = "tmp_" + substr(hostapd.sha1(new_ifname), 0, 8);
-			push(rename_list, i);
-		}
-
-		hostapd.printf(`Rename bss ${old_ifname} to ${new_ifname}`);
-		if (!bss_list[i].rename(new_ifname)) {
-			hostapd.printf(`Failed to rename bss ${old_ifname} to ${new_ifname}`);
-			return false;
-		}
-
-		bss_list_cfg[i].ifname = new_ifname;
-	}
-
-	// Step 5: rename interfaces with temporary names
-	for (let i in rename_list) {
-		let new_ifname = config.bss[i].ifname;
-		if (!bss_list[i].rename(new_ifname)) {
-			hostapd.printf(`Failed to rename bss to ${new_ifname}`);
-			return false;
-		}
-		bss_list_cfg[i].ifname = new_ifname;
-	}
-
-	// Step 6: assign BSSID for newly created interfaces
-	let macaddr_data = {
-		num_global: config.num_global_macaddr ?? 1,
-		mbssid: config.mbssid ?? 0,
-	};
-	macaddr_list = phydev.macaddr_init(macaddr_list, macaddr_data);
-	for (let i = 0; i < length(config.bss); i++) {
-		if (bss_list[i])
-			continue;
-		let bsscfg = config.bss[i];
-
-		let mac_idx = macaddr_list[bsscfg.bssid];
-		if (mac_idx < 0)
-			macaddr_list[bsscfg.bssid] = i;
-		if (mac_idx == i)
-			continue;
-
-		// statically assigned bssid of the new interface is in conflict
-		// with the bssid of a reused interface. reassign the reused interface
-		if (!bsscfg.default_macaddr) {
-			// can't update bssid of the first BSS, need to restart
-			if (!mac_idx < 0)
-				return false;
-
-			bsscfg = config.bss[mac_idx];
-		}
-
-		let addr = phydev.macaddr_next(i);
-		if (!addr) {
-			hostapd.printf(`Failed to generate mac address for phy ${phy}`);
-			return false;
-		}
-		bsscfg.bssid = addr;
-	}
-
-	let config_inline = iface_gen_config(phy, config);
-
-	// Step 7: fill in the gaps with new interfaces
-	for (let i = 0; i < length(config.bss); i++) {
-		let ifname = config.bss[i].ifname;
-		let bss = bss_list[i];
-
-		if (bss)
-			continue;
-
-		hostapd.printf(`Add bss ${ifname} on phy ${phy}`);
-		bss_list[i] = iface.add_bss(config_inline, i);
-		if (!bss_list[i]) {
-			hostapd.printf(`Failed to add new bss ${ifname} on phy ${phy}`);
-			return false;
-		}
-	}
-
-	// Step 8: update interface bss order
-	if (!iface.set_bss_order(bss_list)) {
-		hostapd.printf(`Failed to update BSS order on phy '${phy}'`);
-		return false;
-	}
-
-	// Step 9: update config
-	for (let i = 0; i < length(config.bss); i++) {
-		if (!bss_list_cfg[i])
-			continue;
-
-		let ifname = config.bss[i].ifname;
-		let bss = bss_list[i];
-
-		if (is_equal(config.bss[i], bss_list_cfg[i]))
-			continue;
-
-		if (is_equal(bss_remove_file_fields(config.bss[i]),
-		             bss_remove_file_fields(bss_list_cfg[i]))) {
-			hostapd.printf(`Update config data files for bss ${ifname}`);
-			if (bss.set_config(config_inline, i, true) < 0) {
-				hostapd.printf(`Could not update config data files for bss ${ifname}`);
-				return false;
-			} else {
-				bss.ctrl("RELOAD_WPA_PSK");
-				continue;
-			}
-		}
-
-		bss_reload_psk(bss, config.bss[i], bss_list_cfg[i]);
-		if (is_equal(config.bss[i], bss_list_cfg[i]))
-			continue;
-
-		hostapd.printf(`Reload config for bss '${config.bss[0].ifname}' on phy '${phy}'`);
-		if (bss.set_config(config_inline, i) < 0) {
-			hostapd.printf(`Failed to set config for bss ${ifname}`);
-			return false;
-		}
-	}
-
-	return true;
-}
-
-function iface_set_config(phy, config)
-{
-	let old_config = hostapd.data.config[phy];
-
-	hostapd.data.config[phy] = config;
-
-	if (!config) {
-		hostapd.remove_iface(phy);
-		return iface_remove(old_config);
-	}
-
-	let phydev = phy_open(phy);
-	if (!phydev) {
-		hostapd.printf(`Failed to open phy ${phy}`);
-		return false;
-	}
-
-	try {
-		let ret = iface_reload_config(phydev, config, old_config);
-		if (ret) {
-			iface_update_supplicant_macaddr(phy, config);
-			hostapd.printf(`Reloaded settings for phy ${phy}`);
-			return 0;
-		}
-	} catch (e) {
-			hostapd.printf(`Error reloading config: ${e}\n${e.stacktrace[0].context}`);
-	}
-
-	hostapd.printf(`Restart interface for phy ${phy}`);
-	let ret = iface_restart(phydev, config, old_config);
-
-	return ret;
-}
-
-function config_add_bss(config, name)
-{
-	let bss = {
-		ifname: name,
-		data: [],
-		hash: {}
-	};
-
-	push(config.bss, bss);
-
-	return bss;
-}
-
-function iface_load_config(filename)
-{
-	let f = open(filename, "r");
-	if (!f)
-		return null;
-
-	let config = {
-		radio: {
-			data: []
-		},
-		bss: [],
-		orig_file: filename,
-	};
-
-	let bss;
-	let line;
-	while ((line = trim(f.read("line"))) != null) {
-		let val = split(line, "=", 2);
-		if (!val[0])
-			continue;
-
-		if (val[0] == "interface") {
-			bss = config_add_bss(config, val[1]);
-			break;
-		}
-
-		if (val[0] == "channel") {
-			config.radio.channel = val[1];
-			continue;
-		}
-
-		if (val[0] == "#num_global_macaddr" ||
-		    val[0] == "mbssid")
-			config[val[0]] = int(val[1]);
-
-		push(config.radio.data, line);
-	}
-
-	while ((line = trim(f.read("line"))) != null) {
-		if (line == "#default_macaddr")
-			bss.default_macaddr = true;
-
-		let val = split(line, "=", 2);
-		if (!val[0])
-			continue;
-
-		if (val[0] == "bssid") {
-			bss.bssid = lc(val[1]);
-			continue;
-		}
-
-		if (val[0] == "nas_identifier")
-			bss.nasid = val[1];
-
-		if (val[0] == "bss") {
-			bss = config_add_bss(config, val[1]);
-			continue;
-		}
-
-		if (hostapd.data.file_fields[val[0]])
-			bss.hash[val[0]] = hostapd.sha1(readfile(val[1]));
-
-		push(bss.data, line);
-	}
-	f.close();
-
-	return config;
-}
-
-function ex_wrap(func) {
-	return (req) => {
-		try {
-			let ret = func(req);
-			return ret;
-		} catch(e) {
-			hostapd.printf(`Exception in ubus function: ${e}\n${e.stacktrace[0].context}`);
-		}
-		return libubus.STATUS_UNKNOWN_ERROR;
-	};
-}
-
-let main_obj = {
-	reload: {
-		args: {
-			phy: "",
-		},
-		call: ex_wrap(function(req) {
-			let phy_list = req.args.phy ? [ req.args.phy ] : keys(hostapd.data.config);
-			for (let phy_name in phy_list) {
-				let phy = hostapd.data.config[phy_name];
-				let config = iface_load_config(phy.orig_file);
-				iface_set_config(phy_name, config);
-			}
-
-			return 0;
-		})
-	},
-	apsta_state: {
-		args: {
-			phy: "",
-			up: true,
-			frequency: 0,
-			sec_chan_offset: 0,
-			csa: true,
-			csa_count: 0,
-		},
-		call: ex_wrap(function(req) {
-			if (req.args.up == null || !req.args.phy)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			let phy = req.args.phy;
-			let config = hostapd.data.config[phy];
-			if (!config || !config.bss || !config.bss[0] || !config.bss[0].ifname)
-				return 0;
-
-			let iface = hostapd.interfaces[phy];
-			if (!iface)
-				return 0;
-
-			if (!req.args.up) {
-				iface.stop();
-				return 0;
-			}
-
-			if (!req.args.frequency)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			let freq_info = iface_freq_info(iface, config, req.args);
-			if (!freq_info)
-				return libubus.STATUS_UNKNOWN_ERROR;
-
-			let ret;
-			if (req.args.csa) {
-				freq_info.csa_count = req.args.csa_count ?? 10;
-				ret = iface.switch_channel(freq_info);
-			} else {
-				ret = iface.start(freq_info);
-			}
-			if (!ret)
-				return libubus.STATUS_UNKNOWN_ERROR;
-
-			return 0;
-		})
-	},
-	config_get_macaddr_list: {
-		args: {
-			phy: ""
-		},
-		call: ex_wrap(function(req) {
-			let phy = req.args.phy;
-			if (!phy)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			let ret = {
-				macaddr: [],
-			};
-
-			let config = hostapd.data.config[phy];
-			if (!config)
-				return ret;
-
-			ret.macaddr = map(config.bss, (bss) => bss.bssid);
-			return ret;
-		})
-	},
-	config_set: {
-		args: {
-			phy: "",
-			config: "",
-			prev_config: "",
-		},
-		call: ex_wrap(function(req) {
-			let phy = req.args.phy;
-			let file = req.args.config;
-			let prev_file = req.args.prev_config;
-
-			if (!phy)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			if (prev_file && !hostapd.data.config[phy]) {
-				let config = iface_load_config(prev_file);
-				if (config)
-					config.radio.data = [];
-				hostapd.data.config[phy] = config;
-			}
-
-			let config = iface_load_config(file);
-
-			hostapd.printf(`Set new config for phy ${phy}: ${file}`);
-			iface_set_config(phy, config);
-
-			return {
-				pid: hostapd.getpid()
-			};
-		})
-	},
-	config_add: {
-		args: {
-			iface: "",
-			config: "",
-		},
-		call: ex_wrap(function(req) {
-			if (!req.args.iface || !req.args.config)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			if (hostapd.add_iface(`bss_config=${req.args.iface}:${req.args.config}`) < 0)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			return {
-				pid: hostapd.getpid()
-			};
-		})
-	},
-	config_remove: {
-		args: {
-			iface: ""
-		},
-		call: ex_wrap(function(req) {
-			if (!req.args.iface)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			hostapd.remove_iface(req.args.iface);
-			return 0;
-		})
-	},
-};
-
-hostapd.data.ubus = ubus;
-hostapd.data.obj = ubus.publish("hostapd", main_obj);
-
-function bss_event(type, name, data) {
-	let ubus = hostapd.data.ubus;
-
-	data ??= {};
-	data.name = name;
-	hostapd.data.obj.notify(`bss.${type}`, data, null, null, null, -1);
-	ubus.call("service", "event", { type: `hostapd.${name}.${type}`, data: {} });
-}
-
-return {
-	shutdown: function() {
-		for (let phy in hostapd.data.config)
-			iface_set_config(phy, null);
-		hostapd.ubus.disconnect();
-	},
-	bss_add: function(name, obj) {
-		bss_event("add", name);
-	},
-	bss_reload: function(name, obj, reconf) {
-		bss_event("reload", name, { reconf: reconf != 0 });
-	},
-	bss_remove: function(name, obj) {
-		bss_event("remove", name);
-	}
-};

feeds/hostapd/hostapd/files/radius.clients

@@ -1 +0,0 @@
-0.0.0.0/0 radius

feeds/hostapd/hostapd/files/radius.config

@@ -1,9 +0,0 @@
-config radius
-	option disabled '1'
-	option ca_cert '/etc/radius/ca.pem'
-	option cert '/etc/radius/cert.pem'
-	option key '/etc/radius/key.pem'
-	option users '/etc/radius/users'
-	option clients '/etc/radius/clients'
-	option auth_port '1812'
-	option acct_port '1813'

feeds/hostapd/hostapd/files/radius.init

@@ -1,42 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=30
-
-USE_PROCD=1
-NAME=radius
-
-radius_start() {
-	local cfg="$1"
-
-	config_get_bool disabled "$cfg" disabled 0
-
-	[ "$disabled" -gt 0 ] && return
-
-	config_get ca "$cfg" ca_cert
-	config_get key "$cfg" key
-	config_get cert "$cfg" cert
-	config_get users "$cfg" users
-	config_get clients "$cfg" clients
-	config_get auth_port "$cfg" auth_port 1812
-	config_get acct_port "$cfg" acct_port 1813
-	config_get identity "$cfg" identity "$(cat /proc/sys/kernel/hostname)"
-
-	procd_open_instance $cfg
-	procd_set_param command /usr/sbin/hostapd-radius \
-		-C "$ca" \
-		-c "$cert" -k "$key" \
-		-s "$clients" -u "$users" \
-		-p "$auth_port" -P "$acct_port" \
-		-i "$identity"
-	procd_close_instance
-}
-
-start_service() {
-	config_load radius
-	config_foreach radius_start radius
-}
-
-service_triggers()
-{
-	procd_add_reload_trigger "radius"
-}

feeds/hostapd/hostapd/files/radius.users

@@ -1,14 +0,0 @@
-{
-	"phase1": {
-		"wildcard": [
-			{
-				"name": "*",
-				"methods": [ "PEAP" ]
-			}
-		]
-	},
-	"phase2": {
-		"users": {
-		}
-	}
-}

feeds/hostapd/hostapd/files/wdev.uc

@@ -1,207 +0,0 @@
-#!/usr/bin/env ucode
-'use strict';
-import { vlist_new, is_equal, wdev_create, wdev_remove, phy_open } from "/usr/share/hostap/common.uc";
-import { readfile, writefile, basename, readlink, glob } from "fs";
-let libubus = require("ubus");
-
-let keep_devices = {};
-let phy = shift(ARGV);
-let command = shift(ARGV);
-let phydev;
-
-const mesh_params = [
-	"mesh_retry_timeout", "mesh_confirm_timeout", "mesh_holding_timeout", "mesh_max_peer_links",
-	"mesh_max_retries", "mesh_ttl", "mesh_element_ttl", "mesh_hwmp_max_preq_retries",
-	"mesh_path_refresh_time", "mesh_min_discovery_timeout", "mesh_hwmp_active_path_timeout",
-	"mesh_hwmp_preq_min_interval", "mesh_hwmp_net_diameter_traversal_time", "mesh_hwmp_rootmode",
-	"mesh_hwmp_rann_interval", "mesh_gate_announcements", "mesh_sync_offset_max_neighor",
-	"mesh_rssi_threshold", "mesh_hwmp_active_path_to_root_timeout", "mesh_hwmp_root_interval",
-	"mesh_hwmp_confirmation_interval", "mesh_awake_window", "mesh_plink_timeout",
-	"mesh_auto_open_plinks", "mesh_fwding", "mesh_power_mode"
-];
-
-function iface_stop(wdev)
-{
-	if (keep_devices[wdev.ifname])
-		return;
-
-	wdev_remove(wdev.ifname);
-}
-
-function iface_start(wdev)
-{
-	let ifname = wdev.ifname;
-
-	if (readfile(`/sys/class/net/${ifname}/ifindex`)) {
-		system([ "ip", "link", "set", "dev", ifname, "down" ]);
-		wdev_remove(ifname);
-	}
-	let wdev_config = {};
-	for (let key in wdev)
-		wdev_config[key] = wdev[key];
-	if (!wdev_config.macaddr && wdev.mode != "monitor")
-		wdev_config.macaddr = phydev.macaddr_next();
-	wdev_create(phy, ifname, wdev_config);
-	system([ "ip", "link", "set", "dev", ifname, "up" ]);
-	if (wdev.freq)
-		system(`iw dev ${ifname} set freq ${wdev.freq} ${wdev.htmode}`);
-	if (wdev.mode == "adhoc") {
-		let cmd = ["iw", "dev", ifname, "ibss", "join", wdev.ssid, wdev.freq, wdev.htmode, "fixed-freq" ];
-		if (wdev.bssid)
-			push(cmd, wdev.bssid);
-		for (let key in [ "beacon-interval", "basic-rates", "mcast-rate", "keys" ])
-			if (wdev[key])
-				push(cmd, key, wdev[key]);
-		system(cmd);
-	} else if (wdev.mode == "mesh") {
-		let cmd = [ "iw", "dev", ifname, "mesh", "join", wdev.ssid, "freq", wdev.freq, wdev.htmode ];
-		for (let key in [ "mcast-rate", "beacon-interval" ])
-			if (wdev[key])
-				push(cmd, key, wdev[key]);
-		system(cmd);
-
-		cmd = ["iw", "dev", ifname, "set", "mesh_param" ];
-		let len = length(cmd);
-
-		for (let param in mesh_params)
-			if (wdev[param])
-				push(cmd, param, wdev[param]);
-
-		if (len == length(cmd))
-			return;
-
-		system(cmd);
-	}
-
-}
-
-function iface_cb(new_if, old_if)
-{
-	if (old_if && new_if && is_equal(old_if, new_if))
-		return;
-
-	if (old_if)
-		iface_stop(old_if);
-	if (new_if)
-		iface_start(new_if);
-}
-
-function drop_inactive(config)
-{
-	for (let key in config) {
-		if (!readfile(`/sys/class/net/${key}/ifindex`))
-			delete config[key];
-	}
-}
-
-function add_ifname(config)
-{
-	for (let key in config)
-		config[key].ifname = key;
-}
-
-function delete_ifname(config)
-{
-	for (let key in config)
-		delete config[key].ifname;
-}
-
-function add_existing(phy, config)
-{
-	let wdevs = glob(`/sys/class/ieee80211/${phy}/device/net/*`);
-	wdevs = map(wdevs, (arg) => basename(arg));
-	for (let wdev in wdevs) {
-		if (config[wdev])
-			continue;
-
-		if (basename(readlink(`/sys/class/net/${wdev}/phy80211`)) != phy)
-			continue;
-
-		if (trim(readfile(`/sys/class/net/${wdev}/operstate`)) == "down")
-			config[wdev] = {};
-	}
-}
-
-function usage()
-{
-	warn(`Usage: ${basename(sourcepath())} <phy> <command> [<arguments>]
-
-Commands:
-	set_config <config> [<device]...] - set phy configuration
-	get_macaddr <id>		  - get phy MAC address for vif index <id>
-`);
-	exit(1);
-}
-
-const commands = {
-	set_config: function(args) {
-		let statefile = `/var/run/wdev-${phy}.json`;
-
-		let new_config = shift(args);
-		for (let dev in ARGV)
-			keep_devices[dev] = true;
-
-		if (!new_config)
-			usage();
-
-		new_config = json(new_config);
-		if (!new_config) {
-			warn("Invalid configuration\n");
-			exit(1);
-		}
-
-		let old_config = readfile(statefile);
-		if (old_config)
-			old_config = json(old_config);
-
-		let config = vlist_new(iface_cb);
-		if (type(old_config) == "object")
-			config.data = old_config;
-
-		add_existing(phy, config.data);
-		add_ifname(config.data);
-		drop_inactive(config.data);
-
-		let ubus = libubus.connect();
-		let data = ubus.call("hostapd", "config_get_macaddr_list", { phy: phy });
-		let macaddr_list = [];
-		if (type(data) == "object" && data.macaddr)
-			macaddr_list = data.macaddr;
-		ubus.disconnect();
-		phydev.macaddr_init(macaddr_list);
-
-		add_ifname(new_config);
-		config.update(new_config);
-
-		drop_inactive(config.data);
-		delete_ifname(config.data);
-		writefile(statefile, sprintf("%J", config.data));
-	},
-	get_macaddr: function(args) {
-		let data = {};
-
-		for (let arg in args) {
-			arg = split(arg, "=", 2);
-			data[arg[0]] = arg[1];
-		}
-
-		let macaddr = phydev.macaddr_generate(data);
-		if (!macaddr) {
-			warn(`Could not get MAC address for phy ${phy}\n`);
-			exit(1);
-		}
-
-		print(macaddr + "\n");
-	},
-};
-
-if (!phy || !command | !commands[command])
-	usage();
-
-phydev = phy_open(phy);
-if (!phydev) {
-	warn(`PHY ${phy} does not exist\n`);
-	exit(1);
-}
-
-commands[command](ARGV);

feeds/hostapd/hostapd/files/wpa_supplicant-basic.config

@@ -1,625 +0,0 @@
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# wpa_supplicant binary. All lines starting with # are ignored. Configuration
-# option lines must be commented out complete, if they are not to be included,
-# i.e., just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Driver interface for generic Linux wireless extensions
-# Note: WEXT is deprecated in the current Linux kernel version and no new
-# functionality is added to it. nl80211-based interface is the new
-# replacement for WEXT and its use allows wpa_supplicant to properly control
-# the driver to improve existing functionality like roaming and to support new
-# functionality.
-#CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for wired Ethernet drivers
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for MACsec capable Qualcomm Atheros drivers
-#CONFIG_DRIVER_MACSEC_QCA=y
-
-# Driver interface for Linux MACsec drivers
-#CONFIG_DRIVER_MACSEC_LINUX=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Solaris libraries
-#LIBS += -lsocket -ldlpi -lnsl
-#LIBS_c += -lsocket
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
-# MACsec is included)
-#CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-#CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-#CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-#CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-#CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-#CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-#CONFIG_EAP_FAST=y
-
-# EAP-TEAP
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# EAP-GTC
-#CONFIG_EAP_GTC=y
-
-# EAP-OTP
-#CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
-
-# Enable SIM simulator (Milenage) for EAP-SIM
-#CONFIG_SIM_SIMULATOR=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd (secure authentication using only a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-PAX
-#CONFIG_EAP_PAX=y
-
-# LEAP
-#CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
-#CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-#CONFIG_WPS=y
-# Enable WPS external registrar functionality
-#CONFIG_WPS_ER=y
-# Disable credentials for an open network by default when acting as a WPS
-# registrar.
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# EAP-EKE
-#CONFIG_EAP_EKE=y
-
-# MACsec
-#CONFIG_MACSEC=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-#CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-#CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-CONFIG_HT_OVERRIDES=y
-
-# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-CONFIG_VHT_OVERRIDES=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# udp6 = UDP IPv6 sockets using localhost (::1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
-# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
-#CONFIG_READLINE=y
-
-# Include internal line edit mode in wpa_cli. This can be used as a replacement
-# for GNU Readline to provide limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Simultaneous Authentication of Equals (SAE), WPA3-Personal
-#CONFIG_SAE=y
-
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-#	path is given on command line, not here; this option is just used to
-#	select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operating system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-#CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-#CONFIG_ELOOP=eloop
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-#CONFIG_L2_PACKET=linux
-
-# Disable Linux packet socket workaround applicable for station interface
-# in a bridge for EAPOL frames. This should be uncommented only if the kernel
-# is known to not have the regression issue in packet socket behavior with
-# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# IEEE 802.11w (management frame protection), also known as PMF
-# Driver support is also needed for IEEE 802.11w.
-#CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-CONFIG_OCV=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used. It should be noted that some existing TLS v1.0 -based
-# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms. It should be
-# noted that some existing TLS v1.0 -based implementation may not be compatible
-# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
-# will be used)
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for new DBus control interface
-# (fi.w1.hostap.wpa_supplicant1)
-#CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-# Set syslog facility for debug messages
-CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Add support for writing debug log to Android logcat instead of standard
-# output
-#CONFIG_ANDROID_LOG=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, uncomment these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, uncomment these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# wpa_supplicant depends on strong random number generation being available
-# from the operating system. os_get_random() function is used to fetch random
-# data when needed, e.g., for key generation. On Linux and BSD systems, this
-# works by reading /dev/urandom. It should be noted that the OS entropy pool
-# needs to be properly initialized before wpa_supplicant is started. This is
-# important especially on embedded devices that do not have a hardware random
-# number generator and may by default start up with minimal entropy available
-# for random number generation.
-#
-# As a safety net, wpa_supplicant is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data fetched
-# from the OS. This by itself is not considered to be very strong, but it may
-# help in cases where the system pool is not initialized properly. However, it
-# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generator or by
-# storing state over device reboots.
-#
-# wpa_supplicant can be configured to maintain its own entropy store over
-# restarts to enhance random number generation. This is not perfect, but it is
-# much more secure than using the same sequence of random numbers after every
-# reboot. This can be enabled with -e<entropy file> command line option. The
-# specified file needs to be readable and writable by wpa_supplicant.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal wpa_supplicant random pool can be
-# disabled. This will save some in binary size and CPU use. However, this
-# should only be considered for builds that are known to be used on devices
-# that meet the requirements described above.
-CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-CONFIG_GETRANDOM=y
-
-# IEEE 802.11n (High Throughput) support (mainly for AP mode)
-#CONFIG_IEEE80211N=y
-
-# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
-# (depends on CONFIG_IEEE80211N)
-#CONFIG_IEEE80211AC=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks (GAS/ANQP to learn more about the networks and network
-# selection based on available credentials).
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable interface matching in wpa_supplicant
-#CONFIG_MATCH_IFACE=y
-
-# Disable roaming in wpa_supplicant
-#CONFIG_NO_ROAMING=y
-
-# AP mode operations with wpa_supplicant
-# This can be used for controlling AP mode operations with wpa_supplicant. It
-# should be noted that this is mainly aimed at simple cases like
-# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
-# external RADIUS server can be supported with hostapd.
-#CONFIG_AP=y
-
-# P2P (Wi-Fi Direct)
-# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
-# more information on P2P operations.
-#CONFIG_P2P=y
-
-# Enable TDLS support
-#CONFIG_TDLS=y
-
-# Wi-Fi Display
-# This can be used to enable Wi-Fi Display extensions for P2P using an external
-# program to control the additional information exchanges in the messages.
-#CONFIG_WIFI_DISPLAY=y
-
-# Autoscan
-# This can be used to enable automatic scan support in wpa_supplicant.
-# See wpa_supplicant.conf for more information on autoscan usage.
-#
-# Enabling directly a module will enable autoscan support.
-# For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
-# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
-
-# Password (and passphrase, etc.) backend for external storage
-# These optional mechanisms can be used to add support for storing passwords
-# and other secrets in external (to wpa_supplicant) location. This allows, for
-# example, operating system specific key storage to be used
-#
-# External password backend for testing purposes (developer use)
-#CONFIG_EXT_PASSWORD_TEST=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# OS X builds. This is only for building eapol_test.
-#CONFIG_OSX=y
-
-# Automatic Channel Selection
-# This will allow wpa_supplicant to pick the channel automatically when channel
-# is set to "0".
-#
-# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
-# to "channel=0". This would enable us to eventually add other ACS algorithms in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
-# a newly to create wpa_supplicant.conf variable acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#CONFIG_ACS=y
-
-# Support Multi Band Operation
-#CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-#CONFIG_IBSS_RSN=y
-
-# External PMKSA cache control
-# This can be used to enable control interface commands that allow the current
-# PMKSA cache entries to be fetched and new entries to be added.
-#CONFIG_PMKSA_CACHE_EXTERNAL=y
-
-# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
-
-# Background scanning modules
-# These can be used to request wpa_supplicant to perform background scanning
-# operations for roaming within an ESS (same SSID). See the bgscan parameter in
-# the wpa_supplicant.conf file for more details.
-# Periodic background scans based on signal strength
-#CONFIG_BGSCAN_SIMPLE=y
-# Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Device Provisioning Protocol (DPP)
-# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
-# wpa_supplicant/README-DPP for details)
-#CONFIG_DPP=y
-
-# uBus IPC/RPC System
-# Services can connect to the bus and provide methods
-# that can be called by other services or clients.
-CONFIG_UBUS=y
-
-# OpenWrt patch 380-disable-ctrl-iface-mib.patch
-# leads to the MIB only being compiled in if
-# CONFIG_CTRL_IFACE_MIB is enabled.
-#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant-full.config

@@ -1,625 +0,0 @@
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# wpa_supplicant binary. All lines starting with # are ignored. Configuration
-# option lines must be commented out complete, if they are not to be included,
-# i.e., just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Driver interface for generic Linux wireless extensions
-# Note: WEXT is deprecated in the current Linux kernel version and no new
-# functionality is added to it. nl80211-based interface is the new
-# replacement for WEXT and its use allows wpa_supplicant to properly control
-# the driver to improve existing functionality like roaming and to support new
-# functionality.
-#CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for wired Ethernet drivers
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for MACsec capable Qualcomm Atheros drivers
-#CONFIG_DRIVER_MACSEC_QCA=y
-
-# Driver interface for Linux MACsec drivers
-#CONFIG_DRIVER_MACSEC_LINUX=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Solaris libraries
-#LIBS += -lsocket -ldlpi -lnsl
-#LIBS_c += -lsocket
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
-# MACsec is included)
-CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-CONFIG_EAP_FAST=y
-
-# EAP-TEAP
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# EAP-GTC
-CONFIG_EAP_GTC=y
-
-# EAP-OTP
-CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
-
-# Enable SIM simulator (Milenage) for EAP-SIM
-#CONFIG_SIM_SIMULATOR=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd (secure authentication using only a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-PAX
-#CONFIG_EAP_PAX=y
-
-# LEAP
-CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
-#CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable WPS external registrar functionality
-#CONFIG_WPS_ER=y
-# Disable credentials for an open network by default when acting as a WPS
-# registrar.
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# EAP-EKE
-#CONFIG_EAP_EKE=y
-
-# MACsec
-#CONFIG_MACSEC=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-CONFIG_HT_OVERRIDES=y
-
-# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-CONFIG_VHT_OVERRIDES=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# udp6 = UDP IPv6 sockets using localhost (::1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
-# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
-#CONFIG_READLINE=y
-
-# Include internal line edit mode in wpa_cli. This can be used as a replacement
-# for GNU Readline to provide limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Simultaneous Authentication of Equals (SAE), WPA3-Personal
-#CONFIG_SAE=y
-
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-#	path is given on command line, not here; this option is just used to
-#	select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-#CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operating system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-#CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-#CONFIG_ELOOP=eloop
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-#CONFIG_L2_PACKET=linux
-
-# Disable Linux packet socket workaround applicable for station interface
-# in a bridge for EAPOL frames. This should be uncommented only if the kernel
-# is known to not have the regression issue in packet socket behavior with
-# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# IEEE 802.11w (management frame protection), also known as PMF
-# Driver support is also needed for IEEE 802.11w.
-#CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-CONFIG_OCV=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used. It should be noted that some existing TLS v1.0 -based
-# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms. It should be
-# noted that some existing TLS v1.0 -based implementation may not be compatible
-# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
-# will be used)
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for new DBus control interface
-# (fi.w1.hostap.wpa_supplicant1)
-#CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-# Set syslog facility for debug messages
-CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Add support for writing debug log to Android logcat instead of standard
-# output
-#CONFIG_ANDROID_LOG=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, uncomment these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, uncomment these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# wpa_supplicant depends on strong random number generation being available
-# from the operating system. os_get_random() function is used to fetch random
-# data when needed, e.g., for key generation. On Linux and BSD systems, this
-# works by reading /dev/urandom. It should be noted that the OS entropy pool
-# needs to be properly initialized before wpa_supplicant is started. This is
-# important especially on embedded devices that do not have a hardware random
-# number generator and may by default start up with minimal entropy available
-# for random number generation.
-#
-# As a safety net, wpa_supplicant is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data fetched
-# from the OS. This by itself is not considered to be very strong, but it may
-# help in cases where the system pool is not initialized properly. However, it
-# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generator or by
-# storing state over device reboots.
-#
-# wpa_supplicant can be configured to maintain its own entropy store over
-# restarts to enhance random number generation. This is not perfect, but it is
-# much more secure than using the same sequence of random numbers after every
-# reboot. This can be enabled with -e<entropy file> command line option. The
-# specified file needs to be readable and writable by wpa_supplicant.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal wpa_supplicant random pool can be
-# disabled. This will save some in binary size and CPU use. However, this
-# should only be considered for builds that are known to be used on devices
-# that meet the requirements described above.
-CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-CONFIG_GETRANDOM=y
-
-# IEEE 802.11n (High Throughput) support (mainly for AP mode)
-#CONFIG_IEEE80211N=y
-
-# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
-# (depends on CONFIG_IEEE80211N)
-#CONFIG_IEEE80211AC=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-CONFIG_WNM=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks (GAS/ANQP to learn more about the networks and network
-# selection based on available credentials).
-CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-CONFIG_HS20=y
-
-# Enable interface matching in wpa_supplicant
-#CONFIG_MATCH_IFACE=y
-
-# Disable roaming in wpa_supplicant
-#CONFIG_NO_ROAMING=y
-
-# AP mode operations with wpa_supplicant
-# This can be used for controlling AP mode operations with wpa_supplicant. It
-# should be noted that this is mainly aimed at simple cases like
-# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
-# external RADIUS server can be supported with hostapd.
-#CONFIG_AP=y
-
-# P2P (Wi-Fi Direct)
-# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
-# more information on P2P operations.
-#CONFIG_P2P=y
-
-# Enable TDLS support
-#CONFIG_TDLS=y
-
-# Wi-Fi Display
-# This can be used to enable Wi-Fi Display extensions for P2P using an external
-# program to control the additional information exchanges in the messages.
-#CONFIG_WIFI_DISPLAY=y
-
-# Autoscan
-# This can be used to enable automatic scan support in wpa_supplicant.
-# See wpa_supplicant.conf for more information on autoscan usage.
-#
-# Enabling directly a module will enable autoscan support.
-# For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
-# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
-
-# Password (and passphrase, etc.) backend for external storage
-# These optional mechanisms can be used to add support for storing passwords
-# and other secrets in external (to wpa_supplicant) location. This allows, for
-# example, operating system specific key storage to be used
-#
-# External password backend for testing purposes (developer use)
-#CONFIG_EXT_PASSWORD_TEST=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# OS X builds. This is only for building eapol_test.
-#CONFIG_OSX=y
-
-# Automatic Channel Selection
-# This will allow wpa_supplicant to pick the channel automatically when channel
-# is set to "0".
-#
-# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
-# to "channel=0". This would enable us to eventually add other ACS algorithms in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
-# a newly to create wpa_supplicant.conf variable acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#CONFIG_ACS=y
-
-# Support Multi Band Operation
-#CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-CONFIG_IBSS_RSN=y
-
-# External PMKSA cache control
-# This can be used to enable control interface commands that allow the current
-# PMKSA cache entries to be fetched and new entries to be added.
-#CONFIG_PMKSA_CACHE_EXTERNAL=y
-
-# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
-
-# Background scanning modules
-# These can be used to request wpa_supplicant to perform background scanning
-# operations for roaming within an ESS (same SSID). See the bgscan parameter in
-# the wpa_supplicant.conf file for more details.
-# Periodic background scans based on signal strength
-#CONFIG_BGSCAN_SIMPLE=y
-# Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Device Provisioning Protocol (DPP)
-# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
-# wpa_supplicant/README-DPP for details)
-#CONFIG_DPP=y
-
-# uBus IPC/RPC System
-# Services can connect to the bus and provide methods
-# that can be called by other services or clients.
-CONFIG_UBUS=y
-
-# OpenWrt patch 380-disable-ctrl-iface-mib.patch
-# leads to the MIB only being compiled in if
-# CONFIG_CTRL_IFACE_MIB is enabled.
-CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant-mini.config

@@ -1,625 +0,0 @@
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# wpa_supplicant binary. All lines starting with # are ignored. Configuration
-# option lines must be commented out complete, if they are not to be included,
-# i.e., just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Driver interface for generic Linux wireless extensions
-# Note: WEXT is deprecated in the current Linux kernel version and no new
-# functionality is added to it. nl80211-based interface is the new
-# replacement for WEXT and its use allows wpa_supplicant to properly control
-# the driver to improve existing functionality like roaming and to support new
-# functionality.
-#CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for wired Ethernet drivers
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for MACsec capable Qualcomm Atheros drivers
-#CONFIG_DRIVER_MACSEC_QCA=y
-
-# Driver interface for Linux MACsec drivers
-#CONFIG_DRIVER_MACSEC_LINUX=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Solaris libraries
-#LIBS += -lsocket -ldlpi -lnsl
-#LIBS_c += -lsocket
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
-# MACsec is included)
-#CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-#CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-#CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-#CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-#CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-#CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-#CONFIG_EAP_FAST=y
-
-# EAP-TEAP
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# EAP-GTC
-#CONFIG_EAP_GTC=y
-
-# EAP-OTP
-#CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
-
-# Enable SIM simulator (Milenage) for EAP-SIM
-#CONFIG_SIM_SIMULATOR=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd (secure authentication using only a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-PAX
-#CONFIG_EAP_PAX=y
-
-# LEAP
-#CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
-#CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-#CONFIG_WPS=y
-# Enable WPS external registrar functionality
-#CONFIG_WPS_ER=y
-# Disable credentials for an open network by default when acting as a WPS
-# registrar.
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# EAP-EKE
-#CONFIG_EAP_EKE=y
-
-# MACsec
-#CONFIG_MACSEC=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-#CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-#CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-CONFIG_HT_OVERRIDES=y
-
-# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-CONFIG_VHT_OVERRIDES=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# udp6 = UDP IPv6 sockets using localhost (::1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
-# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
-#CONFIG_READLINE=y
-
-# Include internal line edit mode in wpa_cli. This can be used as a replacement
-# for GNU Readline to provide limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Simultaneous Authentication of Equals (SAE), WPA3-Personal
-#CONFIG_SAE=y
-
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-#	path is given on command line, not here; this option is just used to
-#	select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operating system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-#CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-#CONFIG_ELOOP=eloop
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-#CONFIG_L2_PACKET=linux
-
-# Disable Linux packet socket workaround applicable for station interface
-# in a bridge for EAPOL frames. This should be uncommented only if the kernel
-# is known to not have the regression issue in packet socket behavior with
-# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# IEEE 802.11w (management frame protection), also known as PMF
-# Driver support is also needed for IEEE 802.11w.
-#CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-#CONFIG_OCV=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used. It should be noted that some existing TLS v1.0 -based
-# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms. It should be
-# noted that some existing TLS v1.0 -based implementation may not be compatible
-# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
-# will be used)
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for new DBus control interface
-# (fi.w1.hostap.wpa_supplicant1)
-#CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-#CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-# Set syslog facility for debug messages
-CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Add support for writing debug log to Android logcat instead of standard
-# output
-#CONFIG_ANDROID_LOG=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, uncomment these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, uncomment these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# wpa_supplicant depends on strong random number generation being available
-# from the operating system. os_get_random() function is used to fetch random
-# data when needed, e.g., for key generation. On Linux and BSD systems, this
-# works by reading /dev/urandom. It should be noted that the OS entropy pool
-# needs to be properly initialized before wpa_supplicant is started. This is
-# important especially on embedded devices that do not have a hardware random
-# number generator and may by default start up with minimal entropy available
-# for random number generation.
-#
-# As a safety net, wpa_supplicant is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data fetched
-# from the OS. This by itself is not considered to be very strong, but it may
-# help in cases where the system pool is not initialized properly. However, it
-# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generator or by
-# storing state over device reboots.
-#
-# wpa_supplicant can be configured to maintain its own entropy store over
-# restarts to enhance random number generation. This is not perfect, but it is
-# much more secure than using the same sequence of random numbers after every
-# reboot. This can be enabled with -e<entropy file> command line option. The
-# specified file needs to be readable and writable by wpa_supplicant.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal wpa_supplicant random pool can be
-# disabled. This will save some in binary size and CPU use. However, this
-# should only be considered for builds that are known to be used on devices
-# that meet the requirements described above.
-CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-CONFIG_GETRANDOM=y
-
-# IEEE 802.11n (High Throughput) support (mainly for AP mode)
-#CONFIG_IEEE80211N=y
-
-# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
-# (depends on CONFIG_IEEE80211N)
-#CONFIG_IEEE80211AC=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks (GAS/ANQP to learn more about the networks and network
-# selection based on available credentials).
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable interface matching in wpa_supplicant
-#CONFIG_MATCH_IFACE=y
-
-# Disable roaming in wpa_supplicant
-#CONFIG_NO_ROAMING=y
-
-# AP mode operations with wpa_supplicant
-# This can be used for controlling AP mode operations with wpa_supplicant. It
-# should be noted that this is mainly aimed at simple cases like
-# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
-# external RADIUS server can be supported with hostapd.
-#CONFIG_AP=y
-
-# P2P (Wi-Fi Direct)
-# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
-# more information on P2P operations.
-#CONFIG_P2P=y
-
-# Enable TDLS support
-#CONFIG_TDLS=y
-
-# Wi-Fi Display
-# This can be used to enable Wi-Fi Display extensions for P2P using an external
-# program to control the additional information exchanges in the messages.
-#CONFIG_WIFI_DISPLAY=y
-
-# Autoscan
-# This can be used to enable automatic scan support in wpa_supplicant.
-# See wpa_supplicant.conf for more information on autoscan usage.
-#
-# Enabling directly a module will enable autoscan support.
-# For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
-# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
-
-# Password (and passphrase, etc.) backend for external storage
-# These optional mechanisms can be used to add support for storing passwords
-# and other secrets in external (to wpa_supplicant) location. This allows, for
-# example, operating system specific key storage to be used
-#
-# External password backend for testing purposes (developer use)
-#CONFIG_EXT_PASSWORD_TEST=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# OS X builds. This is only for building eapol_test.
-#CONFIG_OSX=y
-
-# Automatic Channel Selection
-# This will allow wpa_supplicant to pick the channel automatically when channel
-# is set to "0".
-#
-# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
-# to "channel=0". This would enable us to eventually add other ACS algorithms in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
-# a newly to create wpa_supplicant.conf variable acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#CONFIG_ACS=y
-
-# Support Multi Band Operation
-#CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-#CONFIG_IBSS_RSN=y
-
-# External PMKSA cache control
-# This can be used to enable control interface commands that allow the current
-# PMKSA cache entries to be fetched and new entries to be added.
-#CONFIG_PMKSA_CACHE_EXTERNAL=y
-
-# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
-
-# Background scanning modules
-# These can be used to request wpa_supplicant to perform background scanning
-# operations for roaming within an ESS (same SSID). See the bgscan parameter in
-# the wpa_supplicant.conf file for more details.
-# Periodic background scans based on signal strength
-#CONFIG_BGSCAN_SIMPLE=y
-# Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Device Provisioning Protocol (DPP)
-# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
-# wpa_supplicant/README-DPP for details)
-#CONFIG_DPP=y
-
-# uBus IPC/RPC System
-# Services can connect to the bus and provide methods
-# that can be called by other services or clients.
-CONFIG_UBUS=y
-
-# OpenWrt patch 380-disable-ctrl-iface-mib.patch
-# leads to the MIB only being compiled in if
-# CONFIG_CTRL_IFACE_MIB is enabled.
-#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant-p2p.config

@@ -1,625 +0,0 @@
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# wpa_supplicant binary. All lines starting with # are ignored. Configuration
-# option lines must be commented out complete, if they are not to be included,
-# i.e., just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Driver interface for generic Linux wireless extensions
-# Note: WEXT is deprecated in the current Linux kernel version and no new
-# functionality is added to it. nl80211-based interface is the new
-# replacement for WEXT and its use allows wpa_supplicant to properly control
-# the driver to improve existing functionality like roaming and to support new
-# functionality.
-#CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for wired Ethernet drivers
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for MACsec capable Qualcomm Atheros drivers
-#CONFIG_DRIVER_MACSEC_QCA=y
-
-# Driver interface for Linux MACsec drivers
-#CONFIG_DRIVER_MACSEC_LINUX=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Solaris libraries
-#LIBS += -lsocket -ldlpi -lnsl
-#LIBS_c += -lsocket
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
-# MACsec is included)
-CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-CONFIG_EAP_FAST=y
-
-# EAP-TEAP
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
-# EAP-GTC
-CONFIG_EAP_GTC=y
-
-# EAP-OTP
-CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
-
-# Enable SIM simulator (Milenage) for EAP-SIM
-#CONFIG_SIM_SIMULATOR=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd (secure authentication using only a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-PAX
-#CONFIG_EAP_PAX=y
-
-# LEAP
-CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
-#CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable WPS external registrar functionality
-#CONFIG_WPS_ER=y
-# Disable credentials for an open network by default when acting as a WPS
-# registrar.
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# EAP-EKE
-#CONFIG_EAP_EKE=y
-
-# MACsec
-#CONFIG_MACSEC=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-CONFIG_HT_OVERRIDES=y
-
-# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-CONFIG_VHT_OVERRIDES=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# udp6 = UDP IPv6 sockets using localhost (::1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
-# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
-#CONFIG_READLINE=y
-
-# Include internal line edit mode in wpa_cli. This can be used as a replacement
-# for GNU Readline to provide limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Simultaneous Authentication of Equals (SAE), WPA3-Personal
-#CONFIG_SAE=y
-
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-#	path is given on command line, not here; this option is just used to
-#	select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-#CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operating system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-#CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-#CONFIG_ELOOP=eloop
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-#CONFIG_L2_PACKET=linux
-
-# Disable Linux packet socket workaround applicable for station interface
-# in a bridge for EAPOL frames. This should be uncommented only if the kernel
-# is known to not have the regression issue in packet socket behavior with
-# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# IEEE 802.11w (management frame protection), also known as PMF
-# Driver support is also needed for IEEE 802.11w.
-CONFIG_IEEE80211W=y
-
-# Support Operating Channel Validation
-#CONFIG_OCV=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used. It should be noted that some existing TLS v1.0 -based
-# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms. It should be
-# noted that some existing TLS v1.0 -based implementation may not be compatible
-# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
-# will be used)
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for new DBus control interface
-# (fi.w1.hostap.wpa_supplicant1)
-#CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-#CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-#CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-# Set syslog facility for debug messages
-CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Add support for writing debug log to Android logcat instead of standard
-# output
-#CONFIG_ANDROID_LOG=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, uncomment these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, uncomment these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# wpa_supplicant depends on strong random number generation being available
-# from the operating system. os_get_random() function is used to fetch random
-# data when needed, e.g., for key generation. On Linux and BSD systems, this
-# works by reading /dev/urandom. It should be noted that the OS entropy pool
-# needs to be properly initialized before wpa_supplicant is started. This is
-# important especially on embedded devices that do not have a hardware random
-# number generator and may by default start up with minimal entropy available
-# for random number generation.
-#
-# As a safety net, wpa_supplicant is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data fetched
-# from the OS. This by itself is not considered to be very strong, but it may
-# help in cases where the system pool is not initialized properly. However, it
-# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generator or by
-# storing state over device reboots.
-#
-# wpa_supplicant can be configured to maintain its own entropy store over
-# restarts to enhance random number generation. This is not perfect, but it is
-# much more secure than using the same sequence of random numbers after every
-# reboot. This can be enabled with -e<entropy file> command line option. The
-# specified file needs to be readable and writable by wpa_supplicant.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal wpa_supplicant random pool can be
-# disabled. This will save some in binary size and CPU use. However, this
-# should only be considered for builds that are known to be used on devices
-# that meet the requirements described above.
-CONFIG_NO_RANDOM_POOL=y
-
-# Should we attempt to use the getrandom(2) call that provides more reliable
-# yet secure randomness source than /dev/random on Linux 3.17 and newer.
-# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-CONFIG_GETRANDOM=y
-
-# IEEE 802.11n (High Throughput) support (mainly for AP mode)
-#CONFIG_IEEE80211N=y
-
-# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
-# (depends on CONFIG_IEEE80211N)
-#CONFIG_IEEE80211AC=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks (GAS/ANQP to learn more about the networks and network
-# selection based on available credentials).
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable interface matching in wpa_supplicant
-#CONFIG_MATCH_IFACE=y
-
-# Disable roaming in wpa_supplicant
-#CONFIG_NO_ROAMING=y
-
-# AP mode operations with wpa_supplicant
-# This can be used for controlling AP mode operations with wpa_supplicant. It
-# should be noted that this is mainly aimed at simple cases like
-# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
-# external RADIUS server can be supported with hostapd.
-CONFIG_AP=y
-
-# P2P (Wi-Fi Direct)
-# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
-# more information on P2P operations.
-CONFIG_P2P=y
-
-# Enable TDLS support
-#CONFIG_TDLS=y
-
-# Wi-Fi Display
-# This can be used to enable Wi-Fi Display extensions for P2P using an external
-# program to control the additional information exchanges in the messages.
-#CONFIG_WIFI_DISPLAY=y
-
-# Autoscan
-# This can be used to enable automatic scan support in wpa_supplicant.
-# See wpa_supplicant.conf for more information on autoscan usage.
-#
-# Enabling directly a module will enable autoscan support.
-# For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
-# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
-
-# Password (and passphrase, etc.) backend for external storage
-# These optional mechanisms can be used to add support for storing passwords
-# and other secrets in external (to wpa_supplicant) location. This allows, for
-# example, operating system specific key storage to be used
-#
-# External password backend for testing purposes (developer use)
-#CONFIG_EXT_PASSWORD_TEST=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# OS X builds. This is only for building eapol_test.
-#CONFIG_OSX=y
-
-# Automatic Channel Selection
-# This will allow wpa_supplicant to pick the channel automatically when channel
-# is set to "0".
-#
-# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
-# to "channel=0". This would enable us to eventually add other ACS algorithms in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
-# a newly to create wpa_supplicant.conf variable acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#CONFIG_ACS=y
-
-# Support Multi Band Operation
-#CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-CONFIG_IBSS_RSN=y
-
-# External PMKSA cache control
-# This can be used to enable control interface commands that allow the current
-# PMKSA cache entries to be fetched and new entries to be added.
-#CONFIG_PMKSA_CACHE_EXTERNAL=y
-
-# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
-
-# Background scanning modules
-# These can be used to request wpa_supplicant to perform background scanning
-# operations for roaming within an ESS (same SSID). See the bgscan parameter in
-# the wpa_supplicant.conf file for more details.
-# Periodic background scans based on signal strength
-#CONFIG_BGSCAN_SIMPLE=y
-# Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
-
-# Device Provisioning Protocol (DPP)
-# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
-# wpa_supplicant/README-DPP for details)
-#CONFIG_DPP=y
-
-# uBus IPC/RPC System
-# Services can connect to the bus and provide methods
-# that can be called by other services or clients.
-CONFIG_UBUS=y
-
-# OpenWrt patch 380-disable-ctrl-iface-mib.patch
-# leads to the MIB only being compiled in if
-# CONFIG_CTRL_IFACE_MIB is enabled.
-CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant.uc

@@ -1,330 +0,0 @@
-let libubus = require("ubus");
-import { open, readfile } from "fs";
-import { wdev_create, wdev_remove, is_equal, vlist_new, phy_open } from "common";
-
-let ubus = libubus.connect();
-
-wpas.data.config = {};
-wpas.data.iface_phy = {};
-wpas.data.macaddr_list = {};
-
-function iface_stop(iface)
-{
-	let ifname = iface.config.iface;
-
-	if (!iface.running)
-		return;
-
-	delete wpas.data.iface_phy[ifname];
-	wpas.remove_iface(ifname);
-	wdev_remove(ifname);
-	iface.running = false;
-}
-
-function iface_start(phydev, iface, macaddr_list)
-{
-	let phy = phydev.name;
-
-	if (iface.running)
-		return;
-
-	let ifname = iface.config.iface;
-	let wdev_config = {};
-	for (let field in iface.config)
-		wdev_config[field] = iface.config[field];
-	if (!wdev_config.macaddr)
-		wdev_config.macaddr = phydev.macaddr_next();
-
-	wpas.data.iface_phy[ifname] = phy;
-	wdev_remove(ifname);
-	let ret = wdev_create(phy, ifname, wdev_config);
-	if (ret)
-		wpas.printf(`Failed to create device ${ifname}: ${ret}`);
-	wpas.add_iface(iface.config);
-	iface.running = true;
-}
-
-function iface_cb(new_if, old_if)
-{
-	if (old_if && new_if && is_equal(old_if.config, new_if.config)) {
-		new_if.running = old_if.running;
-		return;
-	}
-
-	if (new_if && old_if)
-		wpas.printf(`Update configuration for interface ${old_if.config.iface}`);
-	else if (old_if)
-		wpas.printf(`Remove interface ${old_if.config.iface}`);
-
-	if (old_if)
-		iface_stop(old_if);
-}
-
-function prepare_config(config)
-{
-	config.config_data = readfile(config.config);
-
-	return { config: config };
-}
-
-function set_config(phy_name, config_list)
-{
-	let phy = wpas.data.config[phy_name];
-
-	if (!phy) {
-		phy = vlist_new(iface_cb, false);
-		wpas.data.config[phy_name] = phy;
-	}
-
-	let values = [];
-	for (let config in config_list)
-		push(values, [ config.iface, prepare_config(config) ]);
-
-	phy.update(values);
-}
-
-function start_pending(phy_name)
-{
-	let phy = wpas.data.config[phy_name];
-	let ubus = wpas.data.ubus;
-
-	if (!phy || !phy.data)
-		return;
-
-	let phydev = phy_open(phy_name);
-	if (!phydev) {
-		wpas.printf(`Could not open phy ${phy_name}`);
-		return;
-	}
-
-	let macaddr_list = wpas.data.macaddr_list[phy_name];
-	phydev.macaddr_init(macaddr_list);
-
-	for (let ifname in phy.data)
-		iface_start(phydev, phy.data[ifname]);
-}
-
-let main_obj = {
-	phy_set_state: {
-		args: {
-			phy: "",
-			stop: true,
-		},
-		call: function(req) {
-			if (!req.args.phy || req.args.stop == null)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			let phy = wpas.data.config[req.args.phy];
-			if (!phy)
-				return libubus.STATUS_NOT_FOUND;
-
-			try {
-				if (req.args.stop) {
-					for (let ifname in phy.data)
-						iface_stop(phy.data[ifname]);
-				} else {
-					start_pending(req.args.phy);
-				}
-			} catch (e) {
-				wpas.printf(`Error chaging state: ${e}\n${e.stacktrace[0].context}`);
-				return libubus.STATUS_INVALID_ARGUMENT;
-			}
-			return 0;
-		}
-	},
-	phy_set_macaddr_list: {
-		args: {
-			phy: "",
-			macaddr: [],
-		},
-		call: function(req) {
-			let phy = req.args.phy;
-			if (!phy)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			wpas.data.macaddr_list[phy] = req.args.macaddr;
-			return 0;
-		}
-	},
-	phy_status: {
-		args: {
-			phy: ""
-		},
-		call: function(req) {
-			if (!req.args.phy)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			let phy = wpas.data.config[req.args.phy];
-			if (!phy)
-				return libubus.STATUS_NOT_FOUND;
-
-			for (let ifname in phy.data) {
-				try {
-					let iface = wpas.interfaces[ifname];
-					if (!iface)
-						continue;
-
-					let status = iface.status();
-					if (!status)
-						continue;
-
-					if (status.state == "INTERFACE_DISABLED")
-						continue;
-
-					status.ifname = ifname;
-					return status;
-				} catch (e) {
-					continue;
-				}
-			}
-
-			return libubus.STATUS_NOT_FOUND;
-		}
-	},
-	config_set: {
-		args: {
-			phy: "",
-			config: [],
-			defer: true,
-		},
-		call: function(req) {
-			if (!req.args.phy)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			wpas.printf(`Set new config for phy ${req.args.phy}`);
-			try {
-				if (req.args.config)
-					set_config(req.args.phy, req.args.config);
-
-				if (!req.args.defer)
-					start_pending(req.args.phy);
-			} catch (e) {
-				wpas.printf(`Error loading config: ${e}\n${e.stacktrace[0].context}`);
-				return libubus.STATUS_INVALID_ARGUMENT;
-			}
-
-			return {
-				pid: wpas.getpid()
-			};
-		}
-	},
-	config_add: {
-		args: {
-			driver: "",
-			iface: "",
-			bridge: "",
-			hostapd_ctrl: "",
-			ctrl: "",
-			config: "",
-		},
-		call: function(req) {
-			if (!req.args.iface || !req.args.config)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			if (wpas.add_iface(req.args) < 0)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			return {
-				pid: wpas.getpid()
-			};
-		}
-	},
-	config_remove: {
-		args: {
-			iface: ""
-		},
-		call: function(req) {
-			if (!req.args.iface)
-				return libubus.STATUS_INVALID_ARGUMENT;
-
-			wpas.remove_iface(req.args.iface);
-			return 0;
-		}
-	},
-};
-
-wpas.data.ubus = ubus;
-wpas.data.obj = ubus.publish("wpa_supplicant", main_obj);
-
-function iface_event(type, name, data) {
-	let ubus = wpas.data.ubus;
-
-	data ??= {};
-	data.name = name;
-	wpas.data.obj.notify(`iface.${type}`, data, null, null, null, -1);
-	ubus.call("service", "event", { type: `wpa_supplicant.${name}.${type}`, data: {} });
-}
-
-function iface_hostapd_notify(phy, ifname, iface, state)
-{
-	let ubus = wpas.data.ubus;
-	let status = iface.status();
-	let msg = { phy: phy };
-
-	switch (state) {
-	case "DISCONNECTED":
-	case "AUTHENTICATING":
-	case "SCANNING":
-		msg.up = false;
-		break;
-	case "INTERFACE_DISABLED":
-	case "INACTIVE":
-		msg.up = true;
-		break;
-	case "COMPLETED":
-		msg.up = true;
-		msg.frequency = status.frequency;
-		msg.sec_chan_offset = status.sec_chan_offset;
-		break;
-	default:
-		return;
-	}
-
-	ubus.call("hostapd", "apsta_state", msg);
-}
-
-function iface_channel_switch(phy, ifname, iface, info)
-{
-	let msg = {
-		phy: phy,
-		up: true,
-		csa: true,
-		csa_count: info.csa_count ? info.csa_count - 1 : 0,
-		frequency: info.frequency,
-		sec_chan_offset: info.sec_chan_offset,
-	};
-	ubus.call("hostapd", "apsta_state", msg);
-}
-
-return {
-	shutdown: function() {
-		for (let phy in wpas.data.config)
-			set_config(phy, []);
-		wpas.ubus.disconnect();
-	},
-	iface_add: function(name, obj) {
-		iface_event("add", name);
-	},
-	iface_remove: function(name, obj) {
-		iface_event("remove", name);
-	},
-	state: function(ifname, iface, state) {
-		let phy = wpas.data.iface_phy[ifname];
-		if (!phy) {
-			wpas.printf(`no PHY for ifname ${ifname}`);
-			return;
-		}
-
-		iface_hostapd_notify(phy, ifname, iface, state);
-	},
-	event: function(ifname, iface, ev, info) {
-		let phy = wpas.data.iface_phy[ifname];
-		if (!phy) {
-			wpas.printf(`no PHY for ifname ${ifname}`);
-			return;
-		}
-
-		if (ev == "CH_SWITCH_STARTED")
-			iface_channel_switch(phy, ifname, iface, info);
-	}
-};

feeds/hostapd/hostapd/files/wpad.init

@@ -1,43 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=19
-STOP=21
-
-USE_PROCD=1
-NAME=wpad
-
-start_service() {
-	if [ -x "/usr/sbin/hostapd" ]; then
-		mkdir -p /var/run/hostapd
-		chown network:network /var/run/hostapd
-		procd_open_instance hostapd
-		procd_set_param command /usr/sbin/hostapd -s -g /var/run/hostapd/global
-		procd_set_param respawn 3600 1 0
-		procd_set_param limits core="unlimited"
-		[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
-			procd_add_jail hostapd
-			procd_set_param capabilities /etc/capabilities/wpad.json
-			procd_set_param user network
-			procd_set_param group network
-			procd_set_param no_new_privs 1
-		}
-		procd_close_instance
-	fi
-
-	if [ -x "/usr/sbin/wpa_supplicant" ]; then
-		mkdir -p /var/run/wpa_supplicant
-		chown network:network /var/run/wpa_supplicant
-		procd_open_instance supplicant
-		procd_set_param command /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_supplicant/global
-		procd_set_param respawn 3600 1 0
-		procd_set_param limits core="unlimited"
-		[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
-			procd_add_jail wpa_supplicant
-			procd_set_param capabilities /etc/capabilities/wpad.json
-			procd_set_param user network
-			procd_set_param group network
-			procd_set_param no_new_privs 1
-		}
-		procd_close_instance
-	fi
-}

feeds/hostapd/hostapd/files/wpad.json

@@ -1,22 +0,0 @@
-{
-	"bounding": [
-		"CAP_NET_ADMIN",
-		"CAP_NET_RAW"
-	],
-	"effective": [
-		"CAP_NET_ADMIN",
-		"CAP_NET_RAW"
-	],
-	"ambient": [
-		"CAP_NET_ADMIN",
-		"CAP_NET_RAW"
-	],
-	"permitted": [
-		"CAP_NET_ADMIN",
-		"CAP_NET_RAW"
-	],
-	"inheritable": [
-		"CAP_NET_ADMIN",
-		"CAP_NET_RAW"
-	]
-}

feeds/hostapd/hostapd/files/wpad_acl.json

@@ -1,16 +0,0 @@
-{
-	"user": "network",
-	"access": {
-		"service": {
-			"methods": [ "event" ]
-		},
-		"wpa_supplicant": {
-			"methods": [ "phy_set_state", "phy_set_macaddr_list", "phy_status" ]
-		},
-		"hostapd": {
-			"methods": [ "apsta_state" ]
-		}
-	},
-	"publish": [ "hostapd", "hostapd.*", "wpa_supplicant", "wpa_supplicant.*" ],
-	"send": [ "bss.*", "wps_credentials" ]
-}

feeds/hostapd/hostapd/files/wps-hotplug.sh

@@ -1,69 +0,0 @@
-#!/bin/sh
-
-wps_catch_credentials() {
-	local iface ifaces ifc ifname ssid encryption key radio radios
-	local found=0
-
-	. /usr/share/libubox/jshn.sh
-	ubus -S -t 30 listen wps_credentials | while read creds; do
-		json_init
-		json_load "$creds"
-		json_select wps_credentials || continue
-		json_get_vars ifname ssid key encryption
-		local ifcname="$ifname"
-		json_init
-		json_load "$(ubus -S call network.wireless status)"
-		json_get_keys radios
-		for radio in $radios; do
-			json_select $radio
-			json_select interfaces
-			json_get_keys ifaces
-			for ifc in $ifaces; do
-				json_select $ifc
-				json_get_vars ifname
-				[ "$ifname" = "$ifcname" ] && {
-					ubus -S call uci set "{\"config\":\"wireless\", \"type\":\"wifi-iface\",		\
-								\"match\": { \"device\": \"$radio\", \"encryption\": \"wps\" },	\
-								\"values\": { \"encryption\": \"$encryption\", 			\
-										\"ssid\": \"$ssid\", 				\
-										\"key\": \"$key\" } }"
-					ubus -S call uci commit '{"config": "wireless"}'
-					ubus -S call uci apply
-				}
-				json_select ..
-			done
-			json_select ..
-			json_select ..
-		done
-	done
-}
-
-if [ "$ACTION" = "released" ] && [ "$BUTTON" = "wps" ]; then
-	# If the button was pressed for 3 seconds or more, trigger WPS on
-	# wpa_supplicant only, no matter if hostapd is running or not.  If
-	# was pressed for less than 3 seconds, try triggering on
-	# hostapd. If there is no hostapd instance to trigger it on or WPS
-	# is not enabled on them, trigger it on wpa_supplicant.
-	if [ "$SEEN" -lt 3 ] ; then
-		wps_done=0
-		ubusobjs="$( ubus -S list hostapd.* )"
-		for ubusobj in $ubusobjs; do
-			ubus -S call $ubusobj wps_start && wps_done=1
-		done
-		[ $wps_done = 0 ] || return 0
-	fi
-	wps_done=0
-	ubusobjs="$( ubus -S list wpa_supplicant.* )"
-	for ubusobj in $ubusobjs; do
-		ifname="$(echo $ubusobj | cut -d'.' -f2 )"
-		multi_ap=""
-		if [ -e "/var/run/wpa_supplicant-${ifname}.conf.is_multiap" ]; then
-			ubus -S call $ubusobj wps_start '{ "multi_ap": true }' && wps_done=1
-		else
-			ubus -S call $ubusobj wps_start && wps_done=1
-		fi
-	done
-	[ $wps_done = 0 ] || wps_catch_credentials &
-fi
-
-return 0

feeds/hostapd/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch

@@ -1,43 +0,0 @@
-From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
-From: David Bauer <mail@david-bauer.net>
-Date: Wed, 5 May 2021 00:44:34 +0200
-Subject: [PATCH] wolfssl: add RNG to EC key
-
-Since upstream commit 6467de5a8840 ("Randomize z ordinates in
-scalar mult when timing resistant") WolfSSL requires a RNG for
-the EC key when built hardened which is the default.
-
-Set the RNG for the EC key to fix connections for OWE clients.
-
-Signed-off-by: David Bauer <mail@david-bauer.net>
----
- src/crypto/crypto_wolfssl.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
---- a/src/crypto/crypto_wolfssl.c
-+++ b/src/crypto/crypto_wolfssl.c
-@@ -1340,6 +1340,7 @@ int ecc_projective_add_point(ecc_point *
- 
- struct crypto_ec {
- 	ecc_key key;
-+	WC_RNG rng;
- 	mp_int a;
- 	mp_int prime;
- 	mp_int order;
-@@ -1394,6 +1395,8 @@ struct crypto_ec * crypto_ec_init(int gr
- 		return NULL;
- 
- 	if (wc_ecc_init(&e->key) != 0 ||
-+	    wc_InitRng(&e->rng) != 0 ||
-+	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
- 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
- 	    mp_init(&e->a) != MP_OKAY ||
- 	    mp_init(&e->prime) != MP_OKAY ||
-@@ -1425,6 +1428,7 @@ void crypto_ec_deinit(struct crypto_ec*
- 	mp_clear(&e->order);
- 	mp_clear(&e->prime);
- 	mp_clear(&e->a);
-+	wc_FreeRng(&e->rng);
- 	wc_ecc_free(&e->key);
- 	os_free(e);
- }

feeds/hostapd/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -1,135 +0,0 @@
-From 8de8cd8380af0c43d4fde67a668d79ef73b26b26 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 30 Jun 2020 14:18:58 +0200
-Subject: [PATCH 10/19] mesh: Allow DFS channels to be selected if dfs is
- enabled
-
-Note: DFS is assumed to be usable if a country code has been set
-
-Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/wpa_supplicant.c | 25 +++++++++++++++++++------
- 1 file changed, 19 insertions(+), 6 deletions(-)
-
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2638,7 +2638,7 @@ static int drv_supports_vht(struct wpa_s
- }
- 
- 
--static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode)
-+static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode, bool dfs_enabled)
- {
- 	int i;
- 
-@@ -2647,7 +2647,10 @@ static bool ibss_mesh_is_80mhz_avail(int
- 
- 		chan = hw_get_channel_chan(mode, i, NULL);
- 		if (!chan ||
--		    chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
-+		    chan->flag & HOSTAPD_CHAN_DISABLED)
-+			return false;
-+		
-+		if (!dfs_enabled && chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
- 			return false;
- 	}
- 
-@@ -2774,7 +2777,7 @@ static void ibss_mesh_select_40mhz(struc
- 				   const struct wpa_ssid *ssid,
- 				   struct hostapd_hw_modes *mode,
- 				   struct hostapd_freq_params *freq,
--				   int obss_scan) {
-+				   int obss_scan, bool dfs_enabled) {
- 	int chan_idx;
- 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
- 	int i, res;
-@@ -2798,8 +2801,11 @@ static void ibss_mesh_select_40mhz(struc
- 		return;
- 
- 	/* Check primary channel flags */
--	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
-+	if (pri_chan->flag & HOSTAPD_CHAN_DISABLED)
- 		return;
-+	if (pri_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
-+		if (!dfs_enabled)
-+			return;
- 
- #ifdef CONFIG_HT_OVERRIDES
- 	if (ssid->disable_ht40)
-@@ -2825,8 +2831,11 @@ static void ibss_mesh_select_40mhz(struc
- 		return;
- 
- 	/* Check secondary channel flags */
--	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
-+	if (sec_chan->flag & HOSTAPD_CHAN_DISABLED)
- 		return;
-+	if (sec_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
-+		if (!dfs_enabled)
-+			return;
- 
- 	if (ht40 == -1) {
- 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2880,7 +2889,7 @@ static bool ibss_mesh_select_80_160mhz(s
- 				       const struct wpa_ssid *ssid,
- 				       struct hostapd_hw_modes *mode,
- 				       struct hostapd_freq_params *freq,
--				       int ieee80211_mode, bool is_6ghz) {
-+				       int ieee80211_mode, bool is_6ghz, bool dfs_enabled) {
- 	static const int bw80[] = {
- 		5180, 5260, 5500, 5580, 5660, 5745, 5825,
- 		5955, 6035, 6115, 6195, 6275, 6355, 6435,
-@@ -2925,7 +2934,7 @@ static bool ibss_mesh_select_80_160mhz(s
- 		goto skip_80mhz;
- 
- 	/* Use 40 MHz if channel not usable */
--	if (!ibss_mesh_is_80mhz_avail(channel, mode))
-+	if (!ibss_mesh_is_80mhz_avail(channel, mode, dfs_enabled))
- 		goto skip_80mhz;
- 
- 	chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -2939,7 +2948,7 @@ static bool ibss_mesh_select_80_160mhz(s
- 	if ((mode->he_capab[ieee80211_mode].phy_cap[
- 		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
- 	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
--	    ibss_mesh_is_80mhz_avail(channel + 16, mode)) {
-+	    ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled)) {
- 		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
- 			if (freq->freq == bw160[j]) {
- 				chwidth = CONF_OPER_CHWIDTH_160MHZ;
-@@ -2967,10 +2976,12 @@ static bool ibss_mesh_select_80_160mhz(s
- 				if (!chan)
- 					continue;
- 
--				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
--						  HOSTAPD_CHAN_NO_IR |
--						  HOSTAPD_CHAN_RADAR))
-+				if (chan->flag & HOSTAPD_CHAN_DISABLED)
- 					continue;
-+				if (chan->flag & (HOSTAPD_CHAN_RADAR |
-+						  HOSTAPD_CHAN_NO_IR))
-+					if (!dfs_enabled)
-+						continue;
- 
- 				/* Found a suitable second segment for 80+80 */
- 				chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
-@@ -3025,6 +3036,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 	int i, obss_scan = 1;
- 	u8 channel;
- 	bool is_6ghz;
-+	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
- 
- 	freq->freq = ssid->frequency;
- 
-@@ -3070,9 +3082,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 	freq->channel = channel;
- 	/* Setup higher BW only for 5 GHz */
- 	if (mode->mode == HOSTAPD_MODE_IEEE80211A) {
--		ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan);
-+		ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan, dfs_enabled);
- 		if (!ibss_mesh_select_80_160mhz(wpa_s, ssid, mode, freq,
--						ieee80211_mode, is_6ghz))
-+						ieee80211_mode, is_6ghz, dfs_enabled))
- 			freq->he_enabled = freq->vht_enabled = false;
- 	}
- 

feeds/hostapd/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch

@@ -1,81 +0,0 @@
-From fc8ea40f6130ac18d9c66797de2cf1d5af55d496 Mon Sep 17 00:00:00 2001
-From: Markus Theil <markus.theil@tu-ilmenau.de>
-Date: Tue, 30 Jun 2020 14:19:07 +0200
-Subject: [PATCH 19/19] mesh: use deterministic channel on channel switch
-
-This patch uses a deterministic channel on DFS channel switch
-in mesh networks. Otherwise, when switching to a usable but not
-available channel, no CSA can be sent and a random channel is choosen
-without notification of other nodes. It is then quite likely, that
-the mesh network gets disconnected.
-
-Fix this by using a deterministic number, based on the sha256 hash
-of the mesh ID, in order to use at least a different number in each
-mesh network.
-
-Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
----
- src/ap/dfs.c                 | 20 +++++++++++++++++++-
- src/drivers/driver_nl80211.c |  4 ++++
- 2 files changed, 23 insertions(+), 1 deletion(-)
-
---- a/src/ap/dfs.c
-+++ b/src/ap/dfs.c
-@@ -17,6 +17,7 @@
- #include "ap_drv_ops.h"
- #include "drivers/driver.h"
- #include "dfs.h"
-+#include "crypto/crypto.h"
- 
- 
- enum dfs_channel_type {
-@@ -526,9 +527,14 @@ dfs_get_valid_channel(struct hostapd_ifa
- 	int num_available_chandefs;
- 	int chan_idx, chan_idx2;
- 	int sec_chan_idx_80p80 = -1;
-+	bool is_mesh = false;
- 	int i;
- 	u32 _rand;
- 
-+#ifdef CONFIG_MESH
-+	is_mesh = iface->mconf;
-+#endif
-+
- 	wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
- 	*secondary_channel = 0;
- 	*oper_centr_freq_seg0_idx = 0;
-@@ -548,8 +554,20 @@ dfs_get_valid_channel(struct hostapd_ifa
- 	if (num_available_chandefs == 0)
- 		return NULL;
- 
--	if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
-+	/* try to use deterministic channel in mesh, so that both sides
-+	 * have a chance to switch to the same channel */
-+	if (is_mesh) {
-+#ifdef CONFIG_MESH
-+		u64 hash[4];
-+		const u8 *meshid[1] = { &iface->mconf->meshid[0] };
-+		const size_t meshid_len = iface->mconf->meshid_len;
-+
-+		sha256_vector(1, meshid, &meshid_len, (u8 *)&hash[0]);
-+		_rand = hash[0] + hash[1] + hash[2] + hash[3];
-+#endif
-+	} else if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
- 		return NULL;
-+
- 	chan_idx = _rand % num_available_chandefs;
- 	dfs_find_channel(iface, &chan, chan_idx, type);
- 	if (!chan) {
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -11017,6 +11017,10 @@ static int nl80211_switch_channel(void *
- 	if (ret)
- 		goto error;
- 
-+	if (drv->nlmode == NL80211_IFTYPE_MESH_POINT) {
-+		nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS);
-+	}
-+
- 	/* beacon_csa params */
- 	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
- 	if (!beacon_csa)

feeds/hostapd/hostapd/patches/021-fix-sta-add-after-previous-connection.patch

@@ -1,26 +0,0 @@
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -4621,6 +4621,13 @@ static int add_associated_sta(struct hos
- 	 * drivers to accept the STA parameter configuration. Since this is
- 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
- 	 * reinstallation is not a concern for this case.
-+	 *
-+	 * If the STA was associated and authorized earlier, but came for a new
-+	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
-+	 * so that it can be re-added. This case is rarely seen when the AP could
-+	 * not receive the deauth/disassoc frame from the STA. And the STA comes
-+	 * back with new connection within a short period or before the inactive
-+	 * STA entry is removed from the list.
- 	 */
- 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
- 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -4634,7 +4641,8 @@ static int add_associated_sta(struct hos
- 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
- 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
- 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
--	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
-+	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
-+	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
- 		hostapd_drv_sta_remove(hapd, sta->addr);
- 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
- 		set = 0;

feeds/hostapd/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch

@@ -1,25 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Thu, 8 Jul 2021 16:33:03 +0200
-Subject: [PATCH] hostapd: fix use of uninitialized stack variables
-
-When a CSA is performed on an 80 MHz channel, hostapd_change_config_freq
-unconditionally calls hostapd_set_oper_centr_freq_seg0/1_idx with seg0/1
-filled by ieee80211_freq_to_chan.
-However, if ieee80211_freq_to_chan fails (because the freq is 0 or invalid),
-seg0/1 remains uninitialized and filled with stack garbage, causing errors
-such as "hostapd: 80 MHz: center segment 1 configured"
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/ap/hostapd.c
-+++ b/src/ap/hostapd.c
-@@ -3764,7 +3764,7 @@ static int hostapd_change_config_freq(st
- 				      struct hostapd_freq_params *old_params)
- {
- 	int channel;
--	u8 seg0, seg1;
-+	u8 seg0 = 0, seg1 = 0;
- 	struct hostapd_hw_modes *mode;
- 
- 	if (!params->channel) {

feeds/hostapd/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch

@@ -1,275 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 28 Jul 2021 05:49:46 +0200
-Subject: [PATCH] driver_nl80211: rewrite neigh code to not depend on
- libnl3-route
-
-Removes an unnecessary dependency and also makes the code smaller
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -16,9 +16,6 @@
- #include <net/if.h>
- #include <netlink/genl/genl.h>
- #include <netlink/genl/ctrl.h>
--#ifdef CONFIG_LIBNL3_ROUTE
--#include <netlink/route/neighbour.h>
--#endif /* CONFIG_LIBNL3_ROUTE */
- #include <linux/rtnetlink.h>
- #include <netpacket/packet.h>
- #include <linux/errqueue.h>
-@@ -5783,26 +5780,29 @@ fail:
- 
- static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
- {
--#ifdef CONFIG_LIBNL3_ROUTE
- 	struct wpa_driver_nl80211_data *drv = bss->drv;
--	struct rtnl_neigh *rn;
--	struct nl_addr *nl_addr;
-+	struct ndmsg nhdr = {
-+		.ndm_state = NUD_PERMANENT,
-+		.ndm_ifindex = bss->ifindex,
-+		.ndm_family = AF_BRIDGE,
-+	};
-+	struct nl_msg *msg;
- 	int err;
- 
--	rn = rtnl_neigh_alloc();
--	if (!rn)
-+	msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
-+	if (!msg)
- 		return;
- 
--	rtnl_neigh_set_family(rn, AF_BRIDGE);
--	rtnl_neigh_set_ifindex(rn, bss->ifindex);
--	nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
--	if (!nl_addr) {
--		rtnl_neigh_put(rn);
--		return;
--	}
--	rtnl_neigh_set_lladdr(rn, nl_addr);
-+	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
-+		goto errout;
-+
-+	if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
-+		goto errout;
-+
-+	if (nl_send_auto_complete(drv->rtnl_sk, msg) < 0)
-+		goto errout;
- 
--	err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
-+	err = nl_wait_for_ack(drv->rtnl_sk);
- 	if (err < 0) {
- 		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
- 			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
-@@ -5812,9 +5812,8 @@ static void rtnl_neigh_delete_fdb_entry(
- 			   MACSTR, MAC2STR(addr));
- 	}
- 
--	nl_addr_put(nl_addr);
--	rtnl_neigh_put(rn);
--#endif /* CONFIG_LIBNL3_ROUTE */
-+errout:
-+	nlmsg_free(msg);
- }
- 
- 
-@@ -8492,7 +8491,6 @@ static void *i802_init(struct hostapd_da
- 	    (params->num_bridge == 0 || !params->bridge[0]))
- 		add_ifidx(drv, br_ifindex, drv->ifindex);
- 
--#ifdef CONFIG_LIBNL3_ROUTE
- 	if (bss->added_if_into_bridge || bss->already_in_bridge) {
- 		int err;
- 
-@@ -8509,7 +8507,6 @@ static void *i802_init(struct hostapd_da
- 			goto failed;
- 		}
- 	}
--#endif /* CONFIG_LIBNL3_ROUTE */
- 
- 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
- 		wpa_printf(MSG_DEBUG,
-@@ -11883,13 +11880,14 @@ static int wpa_driver_br_add_ip_neigh(vo
- 				      const u8 *ipaddr, int prefixlen,
- 				      const u8 *addr)
- {
--#ifdef CONFIG_LIBNL3_ROUTE
- 	struct i802_bss *bss = priv;
- 	struct wpa_driver_nl80211_data *drv = bss->drv;
--	struct rtnl_neigh *rn;
--	struct nl_addr *nl_ipaddr = NULL;
--	struct nl_addr *nl_lladdr = NULL;
--	int family, addrsize;
-+	struct ndmsg nhdr = {
-+		.ndm_state = NUD_PERMANENT,
-+		.ndm_ifindex = bss->br_ifindex,
-+	};
-+	struct nl_msg *msg;
-+	int addrsize;
- 	int res;
- 
- 	if (!ipaddr || prefixlen == 0 || !addr)
-@@ -11908,85 +11906,66 @@ static int wpa_driver_br_add_ip_neigh(vo
- 	}
- 
- 	if (version == 4) {
--		family = AF_INET;
-+		nhdr.ndm_family = AF_INET;
- 		addrsize = 4;
- 	} else if (version == 6) {
--		family = AF_INET6;
-+		nhdr.ndm_family = AF_INET6;
- 		addrsize = 16;
- 	} else {
- 		return -EINVAL;
- 	}
- 
--	rn = rtnl_neigh_alloc();
--	if (rn == NULL)
-+	msg = nlmsg_alloc_simple(RTM_NEWNEIGH, NLM_F_CREATE);
-+	if (!msg)
- 		return -ENOMEM;
- 
--	/* set the destination ip address for neigh */
--	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
--	if (nl_ipaddr == NULL) {
--		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
--		res = -ENOMEM;
-+	res = -ENOMEM;
-+	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
- 		goto errout;
--	}
--	nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
--	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
--	if (res) {
--		wpa_printf(MSG_DEBUG,
--			   "nl80211: neigh set destination addr failed");
-+
-+	if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
- 		goto errout;
--	}
- 
--	/* set the corresponding lladdr for neigh */
--	nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
--	if (nl_lladdr == NULL) {
--		wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
--		res = -ENOMEM;
-+	if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
- 		goto errout;
--	}
--	rtnl_neigh_set_lladdr(rn, nl_lladdr);
- 
--	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
--	rtnl_neigh_set_state(rn, NUD_PERMANENT);
-+	res = nl_send_auto_complete(drv->rtnl_sk, msg);
-+	if (res < 0)
-+		goto errout;
- 
--	res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
-+	res = nl_wait_for_ack(drv->rtnl_sk);
- 	if (res) {
- 		wpa_printf(MSG_DEBUG,
- 			   "nl80211: Adding bridge ip neigh failed: %s",
- 			   nl_geterror(res));
- 	}
- errout:
--	if (nl_lladdr)
--		nl_addr_put(nl_lladdr);
--	if (nl_ipaddr)
--		nl_addr_put(nl_ipaddr);
--	if (rn)
--		rtnl_neigh_put(rn);
-+	nlmsg_free(msg);
- 	return res;
--#else /* CONFIG_LIBNL3_ROUTE */
--	return -1;
--#endif /* CONFIG_LIBNL3_ROUTE */
- }
- 
- 
- static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
- 					 const u8 *ipaddr)
- {
--#ifdef CONFIG_LIBNL3_ROUTE
- 	struct i802_bss *bss = priv;
- 	struct wpa_driver_nl80211_data *drv = bss->drv;
--	struct rtnl_neigh *rn;
--	struct nl_addr *nl_ipaddr;
--	int family, addrsize;
-+	struct ndmsg nhdr = {
-+		.ndm_state = NUD_PERMANENT,
-+		.ndm_ifindex = bss->br_ifindex,
-+	};
-+	struct nl_msg *msg;
-+	int addrsize;
- 	int res;
- 
- 	if (!ipaddr)
- 		return -EINVAL;
- 
- 	if (version == 4) {
--		family = AF_INET;
-+		nhdr.ndm_family = AF_INET;
- 		addrsize = 4;
- 	} else if (version == 6) {
--		family = AF_INET6;
-+		nhdr.ndm_family = AF_INET6;
- 		addrsize = 16;
- 	} else {
- 		return -EINVAL;
-@@ -12004,41 +11983,30 @@ static int wpa_driver_br_delete_ip_neigh
- 		return -1;
- 	}
- 
--	rn = rtnl_neigh_alloc();
--	if (rn == NULL)
-+	msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
-+	if (!msg)
- 		return -ENOMEM;
- 
--	/* set the destination ip address for neigh */
--	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
--	if (nl_ipaddr == NULL) {
--		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
--		res = -ENOMEM;
-+	res = -ENOMEM;
-+	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
- 		goto errout;
--	}
--	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
--	if (res) {
--		wpa_printf(MSG_DEBUG,
--			   "nl80211: neigh set destination addr failed");
-+
-+	if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
- 		goto errout;
--	}
- 
--	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
-+	res = nl_send_auto_complete(drv->rtnl_sk, msg);
-+	if (res < 0)
-+		goto errout;
- 
--	res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
-+	res = nl_wait_for_ack(drv->rtnl_sk);
- 	if (res) {
- 		wpa_printf(MSG_DEBUG,
- 			   "nl80211: Deleting bridge ip neigh failed: %s",
- 			   nl_geterror(res));
- 	}
- errout:
--	if (nl_ipaddr)
--		nl_addr_put(nl_ipaddr);
--	if (rn)
--		rtnl_neigh_put(rn);
-+	nlmsg_free(msg);
- 	return res;
--#else /* CONFIG_LIBNL3_ROUTE */
--	return -1;
--#endif /* CONFIG_LIBNL3_ROUTE */
- }
- 
- 

feeds/hostapd/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch

@@ -1,34 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Mon, 18 Feb 2019 12:57:11 +0100
-Subject: [PATCH] mesh: allow processing authentication frames in blocked state
-
-If authentication fails repeatedly e.g. because of a weak signal, the link
-can end up in blocked state. If one of the nodes tries to establish a link
-again before it is unblocked on the other side, it will block the link to
-that other side. The same happens on the other side when it unblocks the
-link. In that scenario, the link never recovers on its own.
-
-To fix this, allow restarting authentication even if the link is in blocked
-state, but don't initiate the attempt until the blocked period is over.
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -3020,15 +3020,6 @@ static void handle_auth(struct hostapd_d
- 				       seq_ctrl);
- 			return;
- 		}
--#ifdef CONFIG_MESH
--		if ((hapd->conf->mesh & MESH_ENABLED) &&
--		    sta->plink_state == PLINK_BLOCKED) {
--			wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
--				   " is blocked - drop Authentication frame",
--				   MAC2STR(sa));
--			return;
--		}
--#endif /* CONFIG_MESH */
- #ifdef CONFIG_PASN
- 		if (auth_alg == WLAN_AUTH_PASN &&
- 		    (sta->flags & WLAN_STA_ASSOC)) {

feeds/hostapd/hostapd/patches/050-build_fix.patch

@@ -1,20 +0,0 @@
---- a/hostapd/Makefile
-+++ b/hostapd/Makefile
-@@ -324,6 +324,7 @@ ifdef CONFIG_FILS
- CFLAGS += -DCONFIG_FILS
- OBJS += ../src/ap/fils_hlp.o
- NEED_SHA384=y
-+NEED_HMAC_SHA384_KDF=y
- NEED_AES_SIV=y
- ifdef CONFIG_FILS_SK_PFS
- CFLAGS += -DCONFIG_FILS_SK_PFS
---- a/wpa_supplicant/Makefile
-+++ b/wpa_supplicant/Makefile
-@@ -331,6 +331,7 @@ endif
- ifdef CONFIG_FILS
- CFLAGS += -DCONFIG_FILS
- NEED_SHA384=y
-+NEED_HMAC_SHA384_KDF=y
- NEED_AES_SIV=y
- ifdef CONFIG_FILS_SK_PFS
- CFLAGS += -DCONFIG_FILS_SK_PFS

feeds/hostapd/hostapd/patches/120-mbedtls-fips186_2_prf.patch

@@ -1,114 +0,0 @@
-From c8dba4bd750269bcc80fed3d546e2077cb4cdf0e Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Tue, 19 Jul 2022 20:02:21 -0400
-Subject: [PATCH 2/7] mbedtls: fips186_2_prf()
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- hostapd/Makefile            |  4 ---
- src/crypto/crypto_mbedtls.c | 60 +++++++++++++++++++++++++++++++++++++
- wpa_supplicant/Makefile     |  4 ---
- 3 files changed, 60 insertions(+), 8 deletions(-)
-
---- a/hostapd/Makefile
-+++ b/hostapd/Makefile
-@@ -759,10 +759,6 @@ endif
- OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
- HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
- SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
--ifdef NEED_FIPS186_2_PRF
--OBJS += ../src/crypto/fips_prf_internal.o
--SHA1OBJS += ../src/crypto/sha1-internal.o
--endif
- ifeq ($(CONFIG_CRYPTO), mbedtls)
- ifdef CONFIG_DPP
- LIBS += -lmbedx509
---- a/src/crypto/crypto_mbedtls.c
-+++ b/src/crypto/crypto_mbedtls.c
-@@ -132,6 +132,12 @@
- #define CRYPTO_MBEDTLS_HMAC_KDF_SHA512
- #endif
- 
-+#if defined(EAP_SIM) || defined(EAP_SIM_DYNAMIC) || defined(EAP_SERVER_SIM) \
-+ || defined(EAP_AKA) || defined(EAP_AKA_DYNAMIC) || defined(EAP_SERVER_AKA)
-+/* EAP_SIM=y EAP_AKA=y */
-+#define CRYPTO_MBEDTLS_FIPS186_2_PRF
-+#endif
-+
- #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) \
-  || defined(EAP_TEAP) || defined(EAP_TEAP_DYNAMIC) || defined(EAP_SERVER_FAST)
- #define CRYPTO_MBEDTLS_SHA1_T_PRF
-@@ -813,6 +819,60 @@ int sha1_t_prf(const u8 *key, size_t key
- 
- #endif /* CRYPTO_MBEDTLS_SHA1_T_PRF */
- 
-+#ifdef CRYPTO_MBEDTLS_FIPS186_2_PRF
-+
-+/* fips_prf_internal.c sha1-internal.c */
-+
-+/* used only by src/eap_common/eap_sim_common.c:eap_sim_prf()
-+ * for eap_sim_derive_keys() and eap_sim_derive_keys_reauth()
-+ * where xlen is 160 */
-+
-+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
-+{
-+	/* FIPS 186-2 + change notice 1 */
-+
-+	mbedtls_sha1_context ctx;
-+	u8 * const xkey = ctx.MBEDTLS_PRIVATE(buffer);
-+	u32 * const xstate = ctx.MBEDTLS_PRIVATE(state);
-+	const u32 xstate_init[] =
-+	  { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 };
-+
-+	mbedtls_sha1_init(&ctx);
-+	os_memcpy(xkey, seed, seed_len < 64 ? seed_len : 64);
-+
-+	/* note: does not fill extra bytes if (xlen % 20) (SHA1_MAC_LEN) */
-+	for (; xlen >= 20; xlen -= 20) {
-+		/* XSEED_j = 0 */
-+		/* XVAL = (XKEY + XSEED_j) mod 2^b */
-+
-+		/* w_i = G(t, XVAL) */
-+		os_memcpy(xstate, xstate_init, sizeof(xstate_init));
-+		mbedtls_internal_sha1_process(&ctx, xkey);
-+
-+	  #if __BYTE_ORDER == __LITTLE_ENDIAN
-+		xstate[0] = host_to_be32(xstate[0]);
-+		xstate[1] = host_to_be32(xstate[1]);
-+		xstate[2] = host_to_be32(xstate[2]);
-+		xstate[3] = host_to_be32(xstate[3]);
-+		xstate[4] = host_to_be32(xstate[4]);
-+	  #endif
-+		os_memcpy(x, xstate, 20);
-+		if (xlen == 20) /*(done; skip prep for next loop)*/
-+			break;
-+
-+		/* XKEY = (1 + XKEY + w_i) mod 2^b */
-+		for (u32 carry = 1, k = 20; k-- > 0; carry >>= 8)
-+			xkey[k] = (carry += xkey[k] + x[k]) & 0xff;
-+		x += 20;
-+		/* x_j = w_0|w_1 (each pair of iterations through loop)*/
-+	}
-+
-+	mbedtls_sha1_free(&ctx);
-+	return 0;
-+}
-+
-+#endif /* CRYPTO_MBEDTLS_FIPS186_2_PRF */
-+
- #endif /* MBEDTLS_SHA1_C */
- 
- 
---- a/wpa_supplicant/Makefile
-+++ b/wpa_supplicant/Makefile
-@@ -1174,10 +1174,6 @@ endif
- OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
- OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
- OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
--ifdef NEED_FIPS186_2_PRF
--OBJS += ../src/crypto/fips_prf_internal.o
--SHA1OBJS += ../src/crypto/sha1-internal.o
--endif
- ifeq ($(CONFIG_CRYPTO), mbedtls)
- LIBS += -lmbedcrypto
- LIBS_p += -lmbedcrypto

feeds/hostapd/hostapd/patches/130-mbedtls-annotate-with-TEST_FAIL-for-hwsim-tests.patch

@@ -1,421 +0,0 @@
-From 31bd19e0e0254b910cccfd3ddc6a6a9222bbcfc0 Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Sun, 9 Oct 2022 05:12:17 -0400
-Subject: [PATCH 3/7] mbedtls: annotate with TEST_FAIL() for hwsim tests
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- src/crypto/crypto_mbedtls.c | 124 ++++++++++++++++++++++++++++++++++++
- 1 file changed, 124 insertions(+)
-
---- a/src/crypto/crypto_mbedtls.c
-+++ b/src/crypto/crypto_mbedtls.c
-@@ -280,6 +280,9 @@ __attribute_noinline__
- static int md_vector(size_t num_elem, const u8 *addr[], const size_t *len,
-                      u8 *mac, mbedtls_md_type_t md_type)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_md_context_t ctx;
- 	mbedtls_md_init(&ctx);
- 	if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 0) != 0){
-@@ -343,6 +346,9 @@ __attribute_noinline__
- static int sha384_512_vector(size_t num_elem, const u8 *addr[],
-                              const size_t *len, u8 *mac, int is384)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	struct mbedtls_sha512_context ctx;
- 	mbedtls_sha512_init(&ctx);
-   #if MBEDTLS_VERSION_MAJOR >= 3
-@@ -375,6 +381,9 @@ int sha384_vector(size_t num_elem, const
- #include <mbedtls/sha256.h>
- int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	struct mbedtls_sha256_context ctx;
- 	mbedtls_sha256_init(&ctx);
-   #if MBEDTLS_VERSION_MAJOR >= 3
-@@ -397,6 +406,9 @@ int sha256_vector(size_t num_elem, const
- #include <mbedtls/sha1.h>
- int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	struct mbedtls_sha1_context ctx;
- 	mbedtls_sha1_init(&ctx);
-   #if MBEDTLS_VERSION_MAJOR >= 3
-@@ -419,6 +431,9 @@ int sha1_vector(size_t num_elem, const u
- #include <mbedtls/md5.h>
- int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	struct mbedtls_md5_context ctx;
- 	mbedtls_md5_init(&ctx);
-   #if MBEDTLS_VERSION_MAJOR >= 3
-@@ -441,6 +456,9 @@ int md5_vector(size_t num_elem, const u8
- #include <mbedtls/md4.h>
- int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	struct mbedtls_md4_context ctx;
- 	mbedtls_md4_init(&ctx);
- 	mbedtls_md4_starts_ret(&ctx);
-@@ -460,6 +478,9 @@ static int hmac_vector(const u8 *key, si
-                        const u8 *addr[], const size_t *len, u8 *mac,
-                        mbedtls_md_type_t md_type)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_md_context_t ctx;
- 	mbedtls_md_init(&ctx);
- 	if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 1) != 0){
-@@ -571,6 +592,9 @@ static int hmac_kdf_expand(const u8 *prk
-                            const char *label, const u8 *info, size_t info_len,
-                            u8 *okm, size_t okm_len, mbedtls_md_type_t md_type)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
-   #ifdef MBEDTLS_HKDF_C
- 	if (label == NULL)  /* RFC 5869 HKDF-Expand when (label == NULL) */
-@@ -663,6 +687,9 @@ static int hmac_prf_bits(const u8 *key,
-                          const u8 *data, size_t data_len, u8 *buf,
-                          size_t buf_len_bits, mbedtls_md_type_t md_type)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_md_context_t ctx;
- 	mbedtls_md_init(&ctx);
- 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
-@@ -938,6 +965,9 @@ int pbkdf2_sha1(const char *passphrase,
- 
- static void *aes_crypt_init_mode(const u8 *key, size_t len, int mode)
- {
-+	if (TEST_FAIL())
-+		return NULL;
-+
- 	mbedtls_aes_context *aes = os_malloc(sizeof(*aes));
- 	if (!aes)
- 		return NULL;
-@@ -996,6 +1026,9 @@ void aes_decrypt_deinit(void *ctx)
- /* aes-wrap.c */
- int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_nist_kw_context ctx;
- 	mbedtls_nist_kw_init(&ctx);
- 	size_t olen;
-@@ -1010,6 +1043,9 @@ int aes_wrap(const u8 *kek, size_t kek_l
- /* aes-unwrap.c */
- int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, u8 *plain)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_nist_kw_context ctx;
- 	mbedtls_nist_kw_init(&ctx);
- 	size_t olen;
-@@ -1041,6 +1077,9 @@ int omac1_aes_vector(
-     const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[],
-     const size_t *len, u8 *mac)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_cipher_type_t cipher_type;
- 	switch (key_len) {
- 	case 16: cipher_type = MBEDTLS_CIPHER_AES_128_ECB; break;
-@@ -1103,6 +1142,9 @@ int omac1_aes_256(const u8 *key, const u
- /* aes-encblock.c */
- int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_aes_context aes;
- 	mbedtls_aes_init(&aes);
- 	int ret = mbedtls_aes_setkey_enc(&aes, key, 128)
-@@ -1118,6 +1160,9 @@ int aes_128_encrypt_block(const u8 *key,
- int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce,
- 		    u8 *data, size_t data_len)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	unsigned char counter[MBEDTLS_AES_BLOCK_SIZE];
- 	unsigned char stream_block[MBEDTLS_AES_BLOCK_SIZE];
- 	os_memcpy(counter, nonce, MBEDTLS_AES_BLOCK_SIZE);/*(must be writable)*/
-@@ -1160,11 +1205,17 @@ static int aes_128_cbc_oper(const u8 *ke
- 
- int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_ENCRYPT);
- }
- 
- int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_DECRYPT);
- }
- 
-@@ -1407,6 +1458,10 @@ int crypto_hash_finish(struct crypto_has
- 	}
- 	mbedtls_md_free(mctx);
- 	os_free(mctx);
-+
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return 0;
- }
- 
-@@ -1421,6 +1476,9 @@ int crypto_hash_finish(struct crypto_has
- 
- struct crypto_bignum *crypto_bignum_init(void)
- {
-+	if (TEST_FAIL())
-+		return NULL;
-+
- 	mbedtls_mpi *bn = os_malloc(sizeof(*bn));
- 	if (bn)
- 		mbedtls_mpi_init(bn);
-@@ -1429,6 +1487,9 @@ struct crypto_bignum *crypto_bignum_init
- 
- struct crypto_bignum *crypto_bignum_init_set(const u8 *buf, size_t len)
- {
-+	if (TEST_FAIL())
-+		return NULL;
-+
- 	mbedtls_mpi *bn = os_malloc(sizeof(*bn));
- 	if (bn) {
- 		mbedtls_mpi_init(bn);
-@@ -1442,6 +1503,9 @@ struct crypto_bignum *crypto_bignum_init
- 
- struct crypto_bignum *crypto_bignum_init_uint(unsigned int val)
- {
-+	if (TEST_FAIL())
-+		return NULL;
-+
-   #if 0 /*(hostap use of this interface passes int, not uint)*/
- 	val = host_to_be32(val);
- 	return crypto_bignum_init_set((const u8 *)&val, sizeof(val));
-@@ -1467,6 +1531,9 @@ void crypto_bignum_deinit(struct crypto_
- int crypto_bignum_to_bin(const struct crypto_bignum *a,
- 			 u8 *buf, size_t buflen, size_t padlen)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	size_t n = mbedtls_mpi_size((mbedtls_mpi *)a);
- 	if (n < padlen)
- 		n = padlen;
-@@ -1477,6 +1544,9 @@ int crypto_bignum_to_bin(const struct cr
- 
- int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	/*assert(r != m);*//* r must not be same as m for mbedtls_mpi_random()*/
-   #if MBEDTLS_VERSION_NUMBER >= 0x021B0000 /* mbedtls 2.27.0 */
- 	return mbedtls_mpi_random((mbedtls_mpi *)r, 0, (mbedtls_mpi *)m,
-@@ -1513,6 +1583,9 @@ int crypto_bignum_exptmod(const struct c
- 			  const struct crypto_bignum *c,
- 			  struct crypto_bignum *d)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	/* (check if input params match d; d is the result) */
- 	/* (a == d) is ok in current mbedtls implementation */
- 	if (b == d || c == d) { /*(not ok; store result in intermediate)*/
-@@ -1540,6 +1613,9 @@ int crypto_bignum_inverse(const struct c
- 			  const struct crypto_bignum *b,
- 			  struct crypto_bignum *c)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return mbedtls_mpi_inv_mod((mbedtls_mpi *)c,
- 				   (const mbedtls_mpi *)a,
- 				   (const mbedtls_mpi *)b) ? -1 : 0;
-@@ -1549,6 +1625,9 @@ int crypto_bignum_sub(const struct crypt
- 		      const struct crypto_bignum *b,
- 		      struct crypto_bignum *c)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return mbedtls_mpi_sub_mpi((mbedtls_mpi *)c,
- 				   (const mbedtls_mpi *)a,
- 				   (const mbedtls_mpi *)b) ? -1 : 0;
-@@ -1558,6 +1637,9 @@ int crypto_bignum_div(const struct crypt
- 		      const struct crypto_bignum *b,
- 		      struct crypto_bignum *c)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	/*(most current use of this crypto.h interface has a == c (result),
- 	 * so store result in an intermediate to avoid overwritten input)*/
- 	mbedtls_mpi R;
-@@ -1575,6 +1657,9 @@ int crypto_bignum_addmod(const struct cr
- 			 const struct crypto_bignum *c,
- 			 struct crypto_bignum *d)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return mbedtls_mpi_add_mpi((mbedtls_mpi *)d,
- 				   (const mbedtls_mpi *)a,
- 				   (const mbedtls_mpi *)b)
-@@ -1588,6 +1673,9 @@ int crypto_bignum_mulmod(const struct cr
- 			 const struct crypto_bignum *c,
- 			 struct crypto_bignum *d)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return mbedtls_mpi_mul_mpi((mbedtls_mpi *)d,
- 				   (const mbedtls_mpi *)a,
- 				   (const mbedtls_mpi *)b)
-@@ -1600,6 +1688,9 @@ int crypto_bignum_sqrmod(const struct cr
- 			 const struct crypto_bignum *b,
- 			 struct crypto_bignum *c)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
-   #if 1
- 	return crypto_bignum_mulmod(a, a, b, c);
-   #else
-@@ -1650,6 +1741,9 @@ int crypto_bignum_is_odd(const struct cr
- int crypto_bignum_legendre(const struct crypto_bignum *a,
- 			   const struct crypto_bignum *p)
- {
-+	if (TEST_FAIL())
-+		return -2;
-+
- 	/* Security Note:
- 	 * mbedtls_mpi_exp_mod() is not documented to run in constant time,
- 	 * though mbedtls/library/bignum.c uses constant_time_internal.h funcs.
-@@ -1702,6 +1796,9 @@ int crypto_mod_exp(const u8 *base, size_
- 		   const u8 *modulus, size_t modulus_len,
- 		   u8 *result, size_t *result_len)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result;
- 	mbedtls_mpi_init(&bn_base);
- 	mbedtls_mpi_init(&bn_exp);
-@@ -1769,6 +1866,9 @@ static int crypto_mbedtls_dh_init_public
- int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
- 		   u8 *pubkey)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
-   #if 0 /*(crypto_dh_init() duplicated (and identical) in crypto_*.c modules)*/
- 	size_t pubkey_len, pad;
- 
-@@ -1810,6 +1910,9 @@ int crypto_dh_derive_secret(u8 generator
- 			    const u8 *pubkey, size_t pubkey_len,
- 			    u8 *secret, size_t *len)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
-   #if 0
- 	if (pubkey_len > prime_len ||
- 	    (pubkey_len == prime_len &&
-@@ -2512,6 +2615,9 @@ const struct crypto_ec_point * crypto_ec
- 
- struct crypto_ec_point *crypto_ec_point_init(struct crypto_ec *e)
- {
-+	if (TEST_FAIL())
-+		return NULL;
-+
- 	mbedtls_ecp_point *p = os_malloc(sizeof(*p));
- 	if (p != NULL)
- 		mbedtls_ecp_point_init(p);
-@@ -2536,6 +2642,9 @@ int crypto_ec_point_x(struct crypto_ec *
- int crypto_ec_point_to_bin(struct crypto_ec *e,
- 			   const struct crypto_ec_point *point, u8 *x, u8 *y)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	/* crypto.h documents crypto_ec_point_to_bin() output is big-endian */
- 	size_t len = CRYPTO_EC_plen(e);
- 	if (x) {
-@@ -2563,6 +2672,9 @@ int crypto_ec_point_to_bin(struct crypto
- struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e,
- 						  const u8 *val)
- {
-+	if (TEST_FAIL())
-+		return NULL;
-+
- 	size_t len = CRYPTO_EC_plen(e);
- 	mbedtls_ecp_point *p = os_malloc(sizeof(*p));
- 	u8 buf[1+MBEDTLS_MPI_MAX_SIZE*2];
-@@ -2615,6 +2727,9 @@ int crypto_ec_point_add(struct crypto_ec
- 			const struct crypto_ec_point *b,
- 			struct crypto_ec_point *c)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	/* mbedtls does not provide an mbedtls_ecp_point add function */
- 	mbedtls_mpi one;
- 	mbedtls_mpi_init(&one);
-@@ -2631,6 +2746,9 @@ int crypto_ec_point_mul(struct crypto_ec
- 			const struct crypto_bignum *b,
- 			struct crypto_ec_point *res)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	return mbedtls_ecp_mul(
- 		(mbedtls_ecp_group *)e, (mbedtls_ecp_point *)res,
- 		(const mbedtls_mpi *)b, (const mbedtls_ecp_point *)p,
-@@ -2639,6 +2757,9 @@ int crypto_ec_point_mul(struct crypto_ec
- 
- int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p)
- {
-+	if (TEST_FAIL())
-+		return -1;
-+
- 	if (mbedtls_ecp_get_type((mbedtls_ecp_group *)e)
- 	    == MBEDTLS_ECP_TYPE_MONTGOMERY) {
- 		/* e.g. MBEDTLS_ECP_DP_CURVE25519 and MBEDTLS_ECP_DP_CURVE448 */
-@@ -2751,6 +2872,9 @@ struct crypto_bignum *
- crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
- 			      const struct crypto_bignum *x)
- {
-+	if (TEST_FAIL())
-+		return NULL;
-+
- 	mbedtls_mpi *y2 = os_malloc(sizeof(*y2));
- 	if (y2 == NULL)
- 		return NULL;