ucentral-schema: update to latest HEAD

* minor fixes to handling of boolean values

Signed-off-by: John Crispin <john@phrozen.org>

.github/workflows/build-dev.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        target: ['cig_wf188', 'cig_wf194c', 'cig_wf160d', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_spw2ac1200', 'indio_um-305ac', 'linksys_e8450-ubi', 'linksys_ea8300', 'mikrotik_nand', 'tplink_cpe210_v3', 'tplink_cpe510_v3', 'tplink_eap225_outdoor_v1', 'tplink_ec420', 'tplink_ex227', 'tplink_ex228', 'tplink_ex447' ]
+        target: ['cig_wf188', 'cig_wf194c', 'cig_wf160d', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_ssw2ac2600', 'edgecore_spw2ac1200', 'indio_um-305ac', 'linksys_e8450-ubi', 'linksys_ea8300', 'mikrotik_nand', 'tplink_cpe210_v3', 'tplink_cpe510_v3', 'tplink_eap225_outdoor_v1', 'tplink_ec420', 'tplink_ex227', 'tplink_ex228', 'tplink_ex447', 'wallys_dr40x9' ]
 
     steps:
     - uses: actions/checkout@v2

backports/0001-build-build-kernel-image-before-building-modules-pac.patch

@@ -1,7 +1,7 @@
-From 08be0915e06fb6f2b62c022099e82bb4d849a8c6 Mon Sep 17 00:00:00 2001
+From c51ac602aff1a9b0093687fe39164a3b895fd4a2 Mon Sep 17 00:00:00 2001
 From: Felix Fietkau <nbd@nbd.name>
 Date: Thu, 22 Oct 2020 10:29:34 +0200
-Subject: [PATCH 1/9] build: build kernel image before building
+Subject: [PATCH 01/27] build: build kernel image before building
  modules/packages
 
 This is needed for linux 5.10, where modules.builtin is generated from
@@ -13,10 +13,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  1 file changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
-index e5a0ba367b..b069c1e671 100644
+index 3aa1baa761..c02e0d34ca 100644
 --- a/include/kernel-defaults.mk
 +++ b/include/kernel-defaults.mk
-@@ -113,7 +113,7 @@ endef
+@@ -115,7 +115,7 @@ endef
  
  define Kernel/CompileModules/Default
  	rm -f $(LINUX_DIR)/vmlinux $(LINUX_DIR)/System.map
@@ -25,7 +25,7 @@ index e5a0ba367b..b069c1e671 100644
  endef
  
  OBJCOPY_STRIP = -R .reginfo -R .notes -R .note -R .comment -R .mdebug -R .note.gnu.build-id
-@@ -137,7 +137,7 @@ endef
+@@ -139,7 +139,7 @@ endef
  
  define Kernel/CompileImage/Default
  	rm -f $(TARGET_DIR)/init
@@ -34,7 +34,7 @@ index e5a0ba367b..b069c1e671 100644
  	$(call Kernel/CopyImage)
  endef
  
-@@ -147,7 +147,7 @@ define Kernel/CompileImage/Initramfs
+@@ -149,7 +149,7 @@ define Kernel/CompileImage/Initramfs
  	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
  	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
  	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*

backports/0002-build-fix-build-with-CONFIG_STRIP_KERNEL_EXPORTS.patch

@@ -1,7 +1,7 @@
-From 6d2e2ff2778ca6360af9bf1e712d7ff276afa54b Mon Sep 17 00:00:00 2001
+From 6c50e27b166b30c0b3f7b730717ab4b7f446e4d0 Mon Sep 17 00:00:00 2001
 From: Felix Fietkau <nbd@nbd.name>
 Date: Wed, 17 Feb 2021 13:49:14 +0100
-Subject: [PATCH 2/9] build: fix build with CONFIG_STRIP_KERNEL_EXPORTS
+Subject: [PATCH 02/27] build: fix build with CONFIG_STRIP_KERNEL_EXPORTS
 
 Only use symtab.h on the final kernel link
 
@@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  1 file changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
-index b069c1e671..93eed54ae1 100644
+index c02e0d34ca..f9316fc3f9 100644
 --- a/include/kernel-defaults.mk
 +++ b/include/kernel-defaults.mk
 @@ -3,7 +3,7 @@
@@ -23,7 +23,7 @@ index b069c1e671..93eed54ae1 100644
  	EXTRA_LDSFLAGS="-I$(KERNEL_BUILD_DIR) -include symtab.h"
  endif
  
-@@ -137,7 +137,7 @@ endef
+@@ -139,7 +139,7 @@ endef
  
  define Kernel/CompileImage/Default
  	rm -f $(TARGET_DIR)/init
@@ -32,7 +32,7 @@ index b069c1e671..93eed54ae1 100644
  	$(call Kernel/CopyImage)
  endef
  
-@@ -147,7 +147,7 @@ define Kernel/CompileImage/Initramfs
+@@ -149,7 +149,7 @@ define Kernel/CompileImage/Initramfs
  	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
  	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
  	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*

backports/0003-kernel-add-linux-5.10-support.patch

@@ -1,7 +1,7 @@
-From 0f37bb5919d96aaca7b0d06b56d37dabba87b190 Mon Sep 17 00:00:00 2001
+From 369794a62050fadc47b617acb29e19d6f536fe3f Mon Sep 17 00:00:00 2001
 From: Felix Fietkau <nbd@nbd.name>
 Date: Sat, 24 Oct 2020 21:14:16 +0200
-Subject: [PATCH 01/45] kernel: add linux 5.10 support
+Subject: [PATCH 03/27] kernel: add linux 5.10 support
 
 Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---
@@ -422,7 +422,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  create mode 100644 target/linux/generic/pending-5.10/920-mangle_bootargs.patch
 
 diff --git a/include/image-commands.mk b/include/image-commands.mk
-index 51e745958e..bddbed6052 100644
+index 4d54a14ba4..2c917d613e 100644
 --- a/include/image-commands.mk
 +++ b/include/image-commands.mk
 @@ -200,11 +200,12 @@ define Build/fit
@@ -744,7 +744,7 @@ index b46fcebc08..e2bb1d0681 100644
    AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
    KCONFIG:= \
 diff --git a/package/kernel/linux/modules/usb.mk b/package/kernel/linux/modules/usb.mk
-index d050165df3..3dd20a0696 100644
+index 93f99f7cbe..4191590ba7 100644
 --- a/package/kernel/linux/modules/usb.mk
 +++ b/package/kernel/linux/modules/usb.mk
 @@ -1387,7 +1387,7 @@ define KernelPackage/usb-net-cdc-ncm
@@ -12418,10 +12418,10 @@ index 0000000000..4eb5607f17
 +# CONFIG_ZSMALLOC is not set
 +# CONFIG_ZX_TDM is not set
 diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4
-index 91dc0b0f49..d3e9325f71 100644
+index 50e627297e..da0e2e2186 100644
 --- a/target/linux/generic/config-5.4
 +++ b/target/linux/generic/config-5.4
-@@ -3273,6 +3273,7 @@ CONFIG_MTD_ROOTFS_ROOT_DEV=y
+@@ -3287,6 +3287,7 @@ CONFIG_MTD_ROOTFS_ROOT_DEV=y
  CONFIG_MTD_SPI_NOR_USE_4K_SECTORS_LIMIT=4096
  CONFIG_MTD_SPLIT=y
  # CONFIG_MTD_SPLIT_BCM_WFI_FW is not set

backports/0004-mediatek-update-to-latest-trunk-version.patch

@@ -1,7 +1,7 @@
-From 583b54e2f10ee14b5756d7035e641f7a1bb3095c Mon Sep 17 00:00:00 2001
+From 29f60bb65745d63e7d8cce273bd3f773fda251ff Mon Sep 17 00:00:00 2001
 From: Felix Fietkau <nbd@nbd.name>
 Date: Thu, 9 Apr 2020 09:53:24 +0200
-Subject: [PATCH 01/43] mediatek: update to latest trunk version
+Subject: [PATCH 04/27] mediatek: update to latest trunk version
 
 Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---
@@ -101957,7 +101957,7 @@ diff --git a/target/linux/mediatek/mt7622/config-5.4 b/target/linux/mediatek/mt7
 similarity index 67%
 rename from target/linux/mediatek/mt7622/config-5.4
 rename to target/linux/mediatek/mt7622/config-5.10
-index b873bdc40c..2d7f82ce23 100644
+index 282cd0bab5..e6696bd50a 100644
 --- a/target/linux/mediatek/mt7622/config-5.4
 +++ b/target/linux/mediatek/mt7622/config-5.10
 @@ -1,59 +1,6 @@
@@ -102116,7 +102116,7 @@ index b873bdc40c..2d7f82ce23 100644
  # CONFIG_FUJITSU_ERRATUM_010001 is not set
  CONFIG_FW_LOADER_PAGED_BUF=y
  CONFIG_GENERIC_ALLOCATOR=y
-@@ -267,102 +201,19 @@ CONFIG_GLOB=y
+@@ -267,103 +201,20 @@ CONFIG_GLOB=y
  CONFIG_GPIOLIB=y
  CONFIG_GRO_CELLS=y
  CONFIG_HANDLE_DOMAIN_IRQ=y
@@ -102184,6 +102184,7 @@ index b873bdc40c..2d7f82ce23 100644
 -CONFIG_HAVE_UID16=y
 -CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
  CONFIG_HOLES_IN_ZONE=y
+ # CONFIG_HW_RANDOM_MTK is not set
  CONFIG_HZ=250
  CONFIG_HZ_250=y
 -CONFIG_I2C=y
@@ -102219,7 +102220,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_IO_URING=y
  CONFIG_IRQCHIP=y
  CONFIG_IRQ_DOMAIN=y
-@@ -370,9 +221,10 @@ CONFIG_IRQ_DOMAIN_HIERARCHY=y
+@@ -371,9 +222,10 @@ CONFIG_IRQ_DOMAIN_HIERARCHY=y
  CONFIG_IRQ_FORCED_THREADING=y
  CONFIG_IRQ_TIME_ACCOUNTING=y
  CONFIG_IRQ_WORK=y
@@ -102231,7 +102232,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_LOCK_DEBUGGING_SUPPORT=y
  CONFIG_LOCK_SPIN_ON_OWNER=y
  CONFIG_LZO_COMPRESS=y
-@@ -380,21 +232,25 @@ CONFIG_LZO_DECOMPRESS=y
+@@ -381,21 +233,25 @@ CONFIG_LZO_DECOMPRESS=y
  CONFIG_MAGIC_SYSRQ=y
  CONFIG_MDIO_BUS=y
  CONFIG_MDIO_DEVICE=y
@@ -102259,7 +102260,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_MTD_RAW_NAND=y
  CONFIG_MTD_SPI_NAND=y
  CONFIG_MTD_SPI_NOR=y
-@@ -422,7 +278,6 @@ CONFIG_NET_DSA=y
+@@ -423,7 +279,6 @@ CONFIG_NET_DSA=y
  CONFIG_NET_DSA_MT7530=y
  CONFIG_NET_DSA_TAG_MTK=y
  CONFIG_NET_FLOW_LIMIT=y
@@ -102267,7 +102268,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_NET_MEDIATEK_SOC=y
  CONFIG_NET_SWITCHDEV=y
  CONFIG_NET_VENDOR_MEDIATEK=y
-@@ -447,7 +302,6 @@ CONFIG_PARTITION_PERCPU=y
+@@ -448,7 +303,6 @@ CONFIG_PARTITION_PERCPU=y
  CONFIG_PCI=y
  CONFIG_PCIEAER=y
  CONFIG_PCIEASPM=y
@@ -102275,7 +102276,7 @@ index b873bdc40c..2d7f82ce23 100644
  # CONFIG_PCIEASPM_DEFAULT is not set
  CONFIG_PCIEASPM_PERFORMANCE=y
  # CONFIG_PCIEASPM_POWERSAVE is not set
-@@ -460,6 +314,7 @@ CONFIG_PCI_DOMAINS=y
+@@ -461,6 +315,7 @@ CONFIG_PCI_DOMAINS=y
  CONFIG_PCI_DOMAINS_GENERIC=y
  CONFIG_PCI_MSI=y
  CONFIG_PCI_MSI_IRQ_DOMAIN=y
@@ -102283,7 +102284,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_PGTABLE_LEVELS=3
  CONFIG_PHYLIB=y
  CONFIG_PHYLINK=y
-@@ -477,7 +332,7 @@ CONFIG_PINCTRL_MT7622=y
+@@ -478,7 +333,7 @@ CONFIG_PINCTRL_MT7622=y
  CONFIG_PINCTRL_MT8516=y
  CONFIG_PINCTRL_MTK=y
  CONFIG_PINCTRL_MTK_MOORE=y
@@ -102292,7 +102293,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_PM=y
  CONFIG_PM_CLK=y
  CONFIG_PM_GENERIC_DOMAINS=y
-@@ -487,6 +342,20 @@ CONFIG_POWER_RESET=y
+@@ -488,6 +343,20 @@ CONFIG_POWER_RESET=y
  CONFIG_POWER_RESET_SYSCON=y
  CONFIG_POWER_SUPPLY=y
  CONFIG_PRINTK_TIME=y
@@ -102313,7 +102314,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_PWM=y
  CONFIG_PWM_MEDIATEK=y
  # CONFIG_PWM_MTK_DISP is not set
-@@ -499,7 +368,9 @@ CONFIG_RATIONAL=y
+@@ -500,7 +369,9 @@ CONFIG_RATIONAL=y
  CONFIG_RCU_NEED_SEGCBLIST=y
  CONFIG_RCU_STALL_COMMON=y
  CONFIG_REALTEK_PHY=y
@@ -102324,7 +102325,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_REGMAP=y
  CONFIG_REGMAP_MMIO=y
  CONFIG_REGULATOR=y
-@@ -552,7 +423,6 @@ CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
+@@ -555,7 +426,6 @@ CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
  CONFIG_THERMAL_EMULATION=y
  CONFIG_THERMAL_GOV_BANG_BANG=y
  CONFIG_THERMAL_GOV_FAIR_SHARE=y
@@ -102332,7 +102333,7 @@ index b873bdc40c..2d7f82ce23 100644
  CONFIG_THERMAL_GOV_STEP_WISE=y
  CONFIG_THERMAL_GOV_USER_SPACE=y
  CONFIG_THERMAL_OF=y
-@@ -584,6 +454,9 @@ CONFIG_WATCHDOG_PRETIMEOUT_GOV_PANIC=y
+@@ -587,6 +457,9 @@ CONFIG_WATCHDOG_PRETIMEOUT_GOV_PANIC=y
  CONFIG_WATCHDOG_PRETIMEOUT_GOV_SEL=m
  CONFIG_WATCHDOG_SYSFS=y
  CONFIG_XPS=y

backports/0005-sysupgrade-nand-allow-limiting-rootfs_data-by-settin.patch

@@ -1,7 +1,7 @@
-From 0a0953b5c81a2b5b366a3f0f543db71ffc81f713 Mon Sep 17 00:00:00 2001
+From 7ed003d57f1c5273fecddabcdc7bd6845c3854a0 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Sat, 20 Feb 2021 08:36:43 +0100
-Subject: [PATCH 5/9] sysupgrade-nand: allow limiting rootfs_data by setting
+Subject: [PATCH 05/27] sysupgrade-nand: allow limiting rootfs_data by setting
  env variable
 
 Check if firmware environment variable 'rootfs_data_max' exists and is

backports/0006-uboot-mediatek-add-support-for-linksys-e8450.patch

@@ -1,7 +1,7 @@
-From eed2e31cb32b565a3ebcc3bc2e9d7dc7a9550b4b Mon Sep 17 00:00:00 2001
+From 3c6515c9db444da27192c1182fa1e9ab8ba6e2f6 Mon Sep 17 00:00:00 2001
 From: Daniel Golle <daniel@makrotopia.org>
 Date: Sat, 30 Jan 2021 13:58:16 +0000
-Subject: [PATCH 01/36] uboot-mediatek: add support for linksys e8450
+Subject: [PATCH 06/27] uboot-mediatek: add support for linksys e8450
 
 Build U-Boot for the Linksys E8450 in order to have support for UBI.
 The loader has a default environment with scripts handling the reset

backports/0007-uboot-envtools-add-defaults-for-linksys-e8450-ubi.patch

@@ -1,7 +1,7 @@
-From 7837219939ea5d8ecab21acf943a8199bea7e89a Mon Sep 17 00:00:00 2001
+From 1a9921bab861dd2c89337c3e4833c716a0474653 Mon Sep 17 00:00:00 2001
 From: Daniel Golle <daniel@makrotopia.org>
 Date: Fri, 12 Feb 2021 03:09:39 +0000
-Subject: [PATCH 7/9] uboot-envtools: add defaults for linksys-e8450-ubi
+Subject: [PATCH 07/27] uboot-envtools: add defaults for linksys-e8450-ubi
 
 Add U-Boot environment configuration for the Linksys E8450 (UBI) to
 allow access to the bootloader environment from OpenWrt via
@@ -9,17 +9,16 @@ allow access to the bootloader environment from OpenWrt via
 
 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 ---
- package/boot/uboot-envtools/files/mediatek | 25 ++++++++++++++++++++++
- 1 file changed, 25 insertions(+)
+ package/boot/uboot-envtools/files/mediatek | 46 ++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
  create mode 100644 package/boot/uboot-envtools/files/mediatek
 
 diff --git a/package/boot/uboot-envtools/files/mediatek b/package/boot/uboot-envtools/files/mediatek
 new file mode 100644
-index 0000000000..92a04ea73d
+index 0000000000..495a837274
 --- /dev/null
 +++ b/package/boot/uboot-envtools/files/mediatek
-@@ -0,0 +1,25 @@
-+#!/bin/sh
+@@ -0,0 +1,46 @@
 +#
 +# Copyright (C) 2021 OpenWrt.org
 +#
@@ -34,10 +33,32 @@ index 0000000000..92a04ea73d
 +board=$(board_name)
 +
 +case "$board" in
-+"linksys,e8450,ubi")
++linksys,e8450-ubi)
 +	ubootenv_add_uci_config "/dev/ubi0_0" "0x0" "0x1f000" "0x1f000" "1"
 +	ubootenv_add_uci_config "/dev/ubi0_1" "0x0" "0x1f000" "0x1f000" "1"
 +	;;
++bananapi,bpi-r64)
++	. /lib/upgrade/common.sh
++	export_bootdevice
++	export_partdevice rootdev 0
++	case "$rootdev" in
++	mmc*)
++		local envdev=/dev/$(get_partition_by_name $rootdev ubootenv)
++		ubootenv_add_uci_config "$envdev" "0x0" "0x80000" "0x80000" "1"
++		ubootenv_add_uci_config "$envdev" "0x80000" "0x80000" "0x80000" "1"
++		;;
++	*)
++		ubootenv_add_uci_config "/dev/ubi0_0" "0x0" "0x1f000" "0x1f000" "1"
++		ubootenv_add_uci_config "/dev/ubi0_1" "0x0" "0x1f000" "0x1f000" "1"
++		;;
++	esac
++	;;
++buffalo,wsr-2533dhp2)
++	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x1000" "0x20000"
++	;;
++ubnt,unifi-6-lr-ubootmod)
++	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x4000" "0x10000"
++	;;
 +esac
 +
 +config_load ubootenv

backports/0009-include-set-kernel-version.mk.patch

@@ -1,7 +1,7 @@
-From 3b896a540de03ca8dfd5596881f9ec6dc15d72c9 Mon Sep 17 00:00:00 2001
+From 4ed9b7d04405d5109681643f3ceebbd25f3f28e2 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Wed, 7 Apr 2021 10:46:26 +0200
-Subject: [PATCH 01/32] include: set kernel-version.mk
+Subject: [PATCH 09/27] include: set kernel-version.mk
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
@@ -9,7 +9,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  1 file changed, 6 insertions(+)
 
 diff --git a/include/kernel-version.mk b/include/kernel-version.mk
-index 52e5c11d75..547f57fa11 100644
+index fe81dbf603..3c109c13c8 100644
 --- a/include/kernel-version.mk
 +++ b/include/kernel-version.mk
 @@ -6,9 +6,15 @@ ifdef CONFIG_TESTING_KERNEL
@@ -18,12 +18,12 @@ index 52e5c11d75..547f57fa11 100644
  
 +LINUX_VERSION-4.4 = .60
 +LINUX_VERSION-4.14 = .193
- LINUX_VERSION-5.4 = .111
+ LINUX_VERSION-5.4 = .142
 +LINUX_VERSION-5.10 = .27
  
 +LINUX_KERNEL_HASH-4.4.60 = 2cd8df6f1ac6a5329c5a286ec9b5956215977221a1b731597ed169fff74a9659
 +LINUX_KERNEL_HASH-4.14.193 = 0b0fb41d4430e1a42738b341cbfd2f41951aa5cd02acabbd53f076119c8b9f03
- LINUX_KERNEL_HASH-5.4.111 = 21626132658dc34cb41b7aa7b80ecf83751890a71ac1a63d77aea9d488271a03
+ LINUX_KERNEL_HASH-5.4.142 = 99785728968564ba27c7e552d024b560072dcbc885540912eabb5c021e231451
 +LINUX_KERNEL_HASH-5.10.27 = d99dc9662951299c53a0a8d8c8d0a72a16ff861d20e927c0f9b14f63282d69d9
  
  remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))

backports/0010-ar71xx-forward-port-target-to-get-routerboard-suppor.patch

@@ -1,7 +1,7 @@
-From b6a89df399cae510f531473e04b5fd938b811ed7 Mon Sep 17 00:00:00 2001
+From a5f4e99a365f392feca84f29b7011fb507771f0e Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Tue, 20 Apr 2021 11:13:20 +0200
-Subject: [PATCH 02/32] ar71xx: forward port target to get routerboard support
+Subject: [PATCH 10/27] ar71xx: forward port target to get routerboard support
 
 This is only a 1 month interim until the new nand driver for ath79 is ready
 
@@ -1462,7 +1462,7 @@ index 2921cd5bca..b869ccae70 100644
  			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_lantiq
  			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_mpc85xx
 diff --git a/package/kernel/linux/modules/usb.mk b/package/kernel/linux/modules/usb.mk
-index 3dd20a0696..d3752c22b4 100644
+index 4191590ba7..592affe494 100644
 --- a/package/kernel/linux/modules/usb.mk
 +++ b/package/kernel/linux/modules/usb.mk
 @@ -1590,7 +1590,7 @@ $(eval $(call KernelPackage,usbip-server))

backports/0011-backport-mkits.sh.patch

@@ -1,7 +1,7 @@
-From 43f832c25bb9dee1a817370ab11531e81348f177 Mon Sep 17 00:00:00 2001
+From ad860cb413d1934332de60658d5eb8fb64d19663 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Sun, 9 May 2021 12:23:00 +0200
-Subject: [PATCH 42/43] backport: mkits.sh
+Subject: [PATCH 11/27] backport: mkits.sh
 
 969083634481c3ab5fb80509f385ef10ab45b55f
 e991c1b8a2385397fc1e657ed73878938997d951
@@ -17,10 +17,10 @@ Signed-off-by: John Crispin <john@phrozen.org>
  5 files changed, 95 insertions(+), 12 deletions(-)
 
 diff --git a/include/image-commands.mk b/include/image-commands.mk
-index bde6e030bc..f97d4363d1 100644
+index 2c917d613e..c6e8eb0293 100644
 --- a/include/image-commands.mk
 +++ b/include/image-commands.mk
-@@ -204,7 +204,7 @@ define Build/fit
+@@ -203,7 +203,7 @@ define Build/fit
  		$(if $(word 3,$(1)),-r $(IMAGE_ROOTFS) -f $(subst _,$(comma),$(DEVICE_NAME))) \
  		-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
  		$(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \
@@ -30,7 +30,7 @@ index bde6e030bc..f97d4363d1 100644
  	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage $(if $(word 3,$(1)),-E -B 0x1000 -p 0x1000) -f $@.its $@.new
  	@mv $@.new $@
 diff --git a/include/image.mk b/include/image.mk
-index fc46012e87..7a48b789af 100644
+index b6e8ab3c84..7c2dcf0e8b 100644
 --- a/include/image.mk
 +++ b/include/image.mk
 @@ -139,7 +139,7 @@ endef

backports/0012-libubox-update-to-latest-HEAD.patch

@@ -0,0 +1,39 @@
+From 2af08d2e85ee946de5f53bbd0ddf239de9b78f6d Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Tue, 18 May 2021 10:46:43 +0200
+Subject: [PATCH 12/27] libubox: update to latest HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/libs/libubox/Makefile | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/package/libs/libubox/Makefile b/package/libs/libubox/Makefile
+index d2c07783e1..33aa73eef7 100644
+--- a/package/libs/libubox/Makefile
++++ b/package/libs/libubox/Makefile
+@@ -5,9 +5,9 @@ PKG_RELEASE=2
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/libubox.git
+-PKG_MIRROR_HASH:=7dd1db1e0074a9c7c722db654cce3111b3bd3cff0bfd791c4497cb0f6c22d3ca
+-PKG_SOURCE_DATE:=2021-05-16
+-PKG_SOURCE_VERSION:=b14c4688612c05c78ce984d7bde633bce8703b1e
++PKG_MIRROR_HASH:=1cdb91ac0ee925f133ee9f70eac131a99def312fe7cf0aed44df84eb1762e30b
++PKG_SOURCE_DATE:=2021-08-19
++PKG_SOURCE_VERSION:=d716ac4bc4236031d4c3cc1ed362b502e20e3787
+ PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
+ CMAKE_INSTALL:=1
+ 
+@@ -67,7 +67,7 @@ define Package/libubox-lua
+ endef
+ 
+ TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
+-CMAKE_OPTIONS = \
++CMAKE_OPTIONS += \
+ 	-DLUAPATH=/usr/lib/lua \
+ 	-DABIVERSION="$(PKG_ABI_VERSION)"
+ 
+-- 
+2.25.1
+

backports/0013-iw-update-to-latest-HEAD.patch

@@ -1,167 +0,0 @@
-From 0ddce2498be815e098154867d0b18293fe613f12 Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Thu, 27 May 2021 11:57:10 +0200
-Subject: [PATCH 13/13] iw: update to latest HEAD
-
-Signed-off-by: John Crispin <john@phrozen.org>
----
- package/network/utils/iw/Makefile             | 11 +++----
- .../utils/iw/patches/200-reduce_size.patch    | 30 +++++++++----------
- 2 files changed, 21 insertions(+), 20 deletions(-)
-
-diff --git a/package/network/utils/iw/Makefile b/package/network/utils/iw/Makefile
-index 6db9aaf105..8e11046189 100644
---- a/package/network/utils/iw/Makefile
-+++ b/package/network/utils/iw/Makefile
-@@ -8,12 +8,13 @@
- include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=iw
--PKG_VERSION:=5.9
--PKG_RELEASE:=1
-+PKG_VERSION:=5.9-8fab0c9e
-+PKG_RELEASE:=$(AUTORELEASE)
- 
--PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
--PKG_SOURCE_URL:=@KERNEL/software/network/iw
--PKG_HASH:=293a07109aeb7e36267cf59e3ce52857e9ffae3a6666eb8ac77894b1839fe1f2
-+PKG_SOURCE_PROTO:=git
-+PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git
-+PKG_SOURCE_VERSION:=8fab0c9ee9db217587a58efcc37421c86edcb638
-+PKG_MIRROR_HASH:=797b322bc03952f3127ae0a7da476c14ada1bbe9a9ae234a56dd6f864c568e16
- 
- PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
- PKG_LICENSE:=GPL-2.0
-diff --git a/package/network/utils/iw/patches/200-reduce_size.patch b/package/network/utils/iw/patches/200-reduce_size.patch
-index af30876012..83e11405cb 100644
---- a/package/network/utils/iw/patches/200-reduce_size.patch
-+++ b/package/network/utils/iw/patches/200-reduce_size.patch
-@@ -1,6 +1,6 @@
- --- a/event.c
- +++ b/event.c
--@@ -944,6 +944,7 @@ static int print_event(struct nl_msg *ms
-+@@ -956,6 +956,7 @@ static int print_event(struct nl_msg *ms
-  	}
-  
-  	switch (gnlh->cmd) {
-@@ -8,7 +8,7 @@
-  	case NL80211_CMD_NEW_WIPHY:
-  		printf("renamed to %s\n", nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]));
-  		break;
--@@ -979,6 +980,7 @@ static int print_event(struct nl_msg *ms
-+@@ -991,6 +992,7 @@ static int print_event(struct nl_msg *ms
-  	case NL80211_CMD_SCHED_SCAN_RESULTS:
-  		printf("got scheduled scan results\n");
-  		break;
-@@ -16,7 +16,7 @@
-  	case NL80211_CMD_WIPHY_REG_CHANGE:
-  	case NL80211_CMD_REG_CHANGE:
-  		if (gnlh->cmd == NL80211_CMD_WIPHY_REG_CHANGE)
--@@ -1061,6 +1063,7 @@ static int print_event(struct nl_msg *ms
-+@@ -1073,6 +1075,7 @@ static int print_event(struct nl_msg *ms
-  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
-  		printf("del station %s\n", macbuf);
-  		break;
-@@ -24,7 +24,7 @@
-  	case NL80211_CMD_JOIN_IBSS:
-  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
-  		printf("IBSS %s joined\n", macbuf);
--@@ -1254,9 +1257,9 @@ static int print_event(struct nl_msg *ms
-+@@ -1271,9 +1274,9 @@ static int print_event(struct nl_msg *ms
-  	case NL80211_CMD_CH_SWITCH_NOTIFY:
-  		parse_ch_switch_notify(tb, gnlh->cmd);
-  		break;
-@@ -134,7 +134,7 @@
-  {
- --- a/scan.c
- +++ b/scan.c
--@@ -1297,6 +1297,9 @@ static void print_ht_op(const uint8_t ty
-+@@ -1306,6 +1306,9 @@ static void print_ht_op(const uint8_t ty
-  	printf("\t\t * secondary channel offset: %s\n",
-  		ht_secondary_offset[data[1] & 0x3]);
-  	printf("\t\t * STA channel width: %s\n", sta_chan_width[(data[1] & 0x4)>>2]);
-@@ -144,7 +144,7 @@
-  	printf("\t\t * RIFS: %d\n", (data[1] & 0x8)>>3);
-  	printf("\t\t * HT protection: %s\n", protection[data[2] & 0x3]);
-  	printf("\t\t * non-GF present: %d\n", (data[2] & 0x4) >> 2);
--@@ -1707,6 +1710,14 @@ static void print_ie(const struct ie_pri
-+@@ -1716,6 +1719,14 @@ static void print_ie(const struct ie_pri
-  
-  static const struct ie_print ieprinters[] = {
-  	[0] = { "SSID", print_ssid, 0, 32, BIT(PRINT_SCAN) | BIT(PRINT_LINK), },
-@@ -159,7 +159,7 @@
-  	[1] = { "Supported rates", print_supprates, 0, 255, BIT(PRINT_SCAN), },
-  	[3] = { "DS Parameter set", print_ds, 1, 1, BIT(PRINT_SCAN), },
-  	[5] = { "TIM", print_tim, 4, 255, BIT(PRINT_SCAN), },
--@@ -1716,26 +1727,20 @@ static const struct ie_print ieprinters[
-+@@ -1725,26 +1736,20 @@ static const struct ie_print ieprinters[
-  	[32] = { "Power constraint", print_powerconstraint, 1, 1, BIT(PRINT_SCAN), },
-  	[35] = { "TPC report", print_tpcreport, 2, 2, BIT(PRINT_SCAN), },
-  	[42] = { "ERP", print_erp, 1, 255, BIT(PRINT_SCAN), },
-@@ -187,15 +187,15 @@
-  };
-  
-  static void print_wifi_wpa(const uint8_t type, uint8_t len, const uint8_t *data,
--@@ -2279,6 +2284,7 @@ void print_ies(unsigned char *ie, int ie
-+@@ -2326,6 +2331,7 @@ void print_ies(unsigned char *ie, int ie
-  		    ieprinters[ie[0]].flags & BIT(ptype)) {
-  			print_ie(&ieprinters[ie[0]],
-  				 ie[0], ie[1], ie + 2, &ie_buffer);
- +#ifdef IW_FULL
-  		} else if (ie[0] == 221 /* vendor */) {
-  			print_vendor(ie[1], ie + 2, unknown, ptype);
-- 		} else if (unknown) {
--@@ -2288,6 +2294,7 @@ void print_ies(unsigned char *ie, int ie
-+ 		} else if (ie[0] == 255 /* extension */) {
-+@@ -2337,6 +2343,7 @@ void print_ies(unsigned char *ie, int ie
-  			for (i=0; i<ie[1]; i++)
-  				printf(" %.2x", ie[2+i]);
-  			printf("\n");
-@@ -203,7 +203,7 @@
-  		}
-  		ielen -= ie[1] + 2;
-  		ie += ie[1] + 2;
--@@ -2328,6 +2335,7 @@ static void print_capa_non_dmg(__u16 cap
-+@@ -2377,6 +2384,7 @@ static void print_capa_non_dmg(__u16 cap
-  		printf(" ESS");
-  	if (capa & WLAN_CAPABILITY_IBSS)
-  		printf(" IBSS");
-@@ -211,7 +211,7 @@
-  	if (capa & WLAN_CAPABILITY_CF_POLLABLE)
-  		printf(" CfPollable");
-  	if (capa & WLAN_CAPABILITY_CF_POLL_REQUEST)
--@@ -2356,6 +2364,7 @@ static void print_capa_non_dmg(__u16 cap
-+@@ -2405,6 +2413,7 @@ static void print_capa_non_dmg(__u16 cap
-  		printf(" DelayedBACK");
-  	if (capa & WLAN_CAPABILITY_IMM_BACK)
-  		printf(" ImmediateBACK");
-@@ -219,7 +219,7 @@
-  }
-  
-  static int print_bss_handler(struct nl_msg *msg, void *arg)
--@@ -2440,8 +2449,10 @@ static int print_bss_handler(struct nl_m
-+@@ -2489,8 +2498,10 @@ static int print_bss_handler(struct nl_m
-  	if (bss[NL80211_BSS_FREQUENCY]) {
-  		int freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
-  		printf("\tfreq: %d\n", freq);
-@@ -230,7 +230,7 @@
-  	}
-  	if (bss[NL80211_BSS_BEACON_INTERVAL])
-  		printf("\tbeacon interval: %d TUs\n",
--@@ -2635,6 +2646,7 @@ static int handle_stop_sched_scan(struct
-+@@ -2684,6 +2695,7 @@ static int handle_stop_sched_scan(struct
-  	return 0;
-  }
-  
-@@ -238,7 +238,7 @@
-  COMMAND(scan, sched_start,
-  	SCHED_SCAN_OPTIONS,
-  	NL80211_CMD_START_SCHED_SCAN, 0, CIB_NETDEV, handle_start_sched_scan,
--@@ -2645,3 +2657,4 @@ COMMAND(scan, sched_start,
-+@@ -2694,3 +2706,4 @@ COMMAND(scan, sched_start,
-  COMMAND(scan, sched_stop, "",
-  	NL80211_CMD_STOP_SCHED_SCAN, 0, CIB_NETDEV, handle_stop_sched_scan,
-  	"Stop an ongoing scheduled scan.");
--- 
-2.25.1
-

backports/0013-umdns-update-to-latest-HEAD.patch

@@ -1,7 +1,7 @@
-From e413c12b77acc0012a79e8981b553e35d4a2b20e Mon Sep 17 00:00:00 2001
+From 41db6b8282d09bd9d7ee453f54e592003904ab0e Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Wed, 30 Jun 2021 14:21:23 +0200
-Subject: [PATCH] umdns: update to latest HEAD
+Subject: [PATCH 13/27] umdns: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---

backports/0014-kernel-add-bdpu-filter-support.patch

@@ -0,0 +1,242 @@
+From 9df1500bde8e609dcbbecbefa0eb5a29d9e6f7f5 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Fri, 27 Aug 2021 16:52:34 +0200
+Subject: [PATCH 14/27] kernel: add bdpu filter support
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ ...l-knob-for-filtering-rx-tx-BPDU-pack.patch | 107 ++++++++++++++++++
+ ...l-knob-for-filtering-rx-tx-BPDU-pack.patch | 107 ++++++++++++++++++
+ 2 files changed, 214 insertions(+)
+ create mode 100644 target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+ create mode 100644 target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+
+diff --git a/target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch b/target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+new file mode 100644
+index 0000000000..918ae05d12
+--- /dev/null
++++ b/target/linux/generic/pending-5.10/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+@@ -0,0 +1,107 @@
++From: Felix Fietkau <nbd@nbd.name>
++Date: Fri, 27 Aug 2021 12:22:32 +0200
++Subject: [PATCH] bridge: add sysctl knob for filtering rx/tx BPDU packets on a
++ port
++
++Some devices (e.g. wireless APs) can't have devices behind them be part of
++a bridge topology with redundant links, due to address limitations.
++Additionally, broadcast traffic on these devices is somewhat expensive, due to
++the low data rate and wakeups of clients in powersave mode.
++This sysctl knob can be used to ensure that BPDU packets are never sent
++or forwarded to/from these devices
++
++Signed-off-by: Felix Fietkau <nbd@nbd.name>
++---
++
++--- a/include/linux/if_bridge.h
+++++ b/include/linux/if_bridge.h
++@@ -56,6 +56,7 @@ struct br_ip_list {
++ #define BR_MRP_AWARE		BIT(17)
++ #define BR_MRP_LOST_CONT	BIT(18)
++ #define BR_MRP_LOST_IN_CONT	BIT(19)
+++#define BR_BPDU_FILTER		BIT(20)
++ 
++ #define BR_DEFAULT_AGEING_TIME	(300 * HZ)
++ 
++--- a/net/bridge/br_forward.c
+++++ b/net/bridge/br_forward.c
++@@ -191,6 +191,7 @@ out:
++ void br_flood(struct net_bridge *br, struct sk_buff *skb,
++ 	      enum br_pkt_type pkt_type, bool local_rcv, bool local_orig)
++ {
+++	const unsigned char *dest = eth_hdr(skb)->h_dest;
++ 	struct net_bridge_port *prev = NULL;
++ 	struct net_bridge_port *p;
++ 
++@@ -206,6 +207,10 @@ void br_flood(struct net_bridge *br, str
++ 		case BR_PKT_MULTICAST:
++ 			if (!(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev)
++ 				continue;
+++			if ((p->flags & BR_BPDU_FILTER) &&
+++			    unlikely(is_link_local_ether_addr(dest) &&
+++				     dest[5] == 0))
+++				continue;
++ 			break;
++ 		case BR_PKT_BROADCAST:
++ 			if (!(p->flags & BR_BCAST_FLOOD) && skb->dev != br->dev)
++--- a/net/bridge/br_input.c
+++++ b/net/bridge/br_input.c
++@@ -305,6 +305,8 @@ static rx_handler_result_t br_handle_fra
++ 		fwd_mask |= p->group_fwd_mask;
++ 		switch (dest[5]) {
++ 		case 0x00:	/* Bridge Group Address */
+++			if (p->flags & BR_BPDU_FILTER)
+++				goto drop;
++ 			/* If STP is turned off,
++ 			   then must forward to keep loop detection */
++ 			if (p->br->stp_enabled == BR_NO_STP ||
++--- a/net/bridge/br_sysfs_if.c
+++++ b/net/bridge/br_sysfs_if.c
++@@ -233,6 +233,7 @@ BRPORT_ATTR_FLAG(multicast_flood, BR_MCA
++ BRPORT_ATTR_FLAG(broadcast_flood, BR_BCAST_FLOOD);
++ BRPORT_ATTR_FLAG(neigh_suppress, BR_NEIGH_SUPPRESS);
++ BRPORT_ATTR_FLAG(isolated, BR_ISOLATED);
+++BRPORT_ATTR_FLAG(bpdu_filter, BR_BPDU_FILTER);
++ 
++ #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
++ static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf)
++@@ -285,6 +286,7 @@ static const struct brport_attribute *br
++ 	&brport_attr_group_fwd_mask,
++ 	&brport_attr_neigh_suppress,
++ 	&brport_attr_isolated,
+++	&brport_attr_bpdu_filter,
++ 	&brport_attr_backup_port,
++ 	NULL
++ };
++--- a/net/bridge/br_stp_bpdu.c
+++++ b/net/bridge/br_stp_bpdu.c
++@@ -80,7 +80,8 @@ void br_send_config_bpdu(struct net_brid
++ {
++ 	unsigned char buf[35];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -127,7 +128,8 @@ void br_send_tcn_bpdu(struct net_bridge_
++ {
++ 	unsigned char buf[4];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -172,6 +174,9 @@ void br_stp_rcv(const struct stp_proto *
++ 	if (!(br->dev->flags & IFF_UP))
++ 		goto out;
++ 
+++	if (p->flags & BR_BPDU_FILTER)
+++		goto out;
+++
++ 	if (p->state == BR_STATE_DISABLED)
++ 		goto out;
++ 
+diff --git a/target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch b/target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+new file mode 100644
+index 0000000000..586d264cd5
+--- /dev/null
++++ b/target/linux/generic/pending-5.4/710-bridge-add-sysctl-knob-for-filtering-rx-tx-BPDU-pack.patch
+@@ -0,0 +1,107 @@
++From: Felix Fietkau <nbd@nbd.name>
++Date: Fri, 27 Aug 2021 12:22:32 +0200
++Subject: [PATCH] bridge: add sysctl knob for filtering rx/tx BPDU packets on a
++ port
++
++Some devices (e.g. wireless APs) can't have devices behind them be part of
++a bridge topology with redundant links, due to address limitations.
++Additionally, broadcast traffic on these devices is somewhat expensive, due to
++the low data rate and wakeups of clients in powersave mode.
++This sysctl knob can be used to ensure that BPDU packets are never sent
++or forwarded to/from these devices
++
++Signed-off-by: Felix Fietkau <nbd@nbd.name>
++---
++
++--- a/include/linux/if_bridge.h
+++++ b/include/linux/if_bridge.h
++@@ -47,6 +47,7 @@ struct br_ip_list {
++ #define BR_BCAST_FLOOD		BIT(14)
++ #define BR_NEIGH_SUPPRESS	BIT(15)
++ #define BR_ISOLATED		BIT(16)
+++#define BR_BPDU_FILTER		BIT(17)
++ 
++ #define BR_DEFAULT_AGEING_TIME	(300 * HZ)
++ 
++--- a/net/bridge/br_forward.c
+++++ b/net/bridge/br_forward.c
++@@ -191,6 +191,7 @@ out:
++ void br_flood(struct net_bridge *br, struct sk_buff *skb,
++ 	      enum br_pkt_type pkt_type, bool local_rcv, bool local_orig)
++ {
+++	const unsigned char *dest = eth_hdr(skb)->h_dest;
++ 	struct net_bridge_port *prev = NULL;
++ 	struct net_bridge_port *p;
++ 
++@@ -206,6 +207,10 @@ void br_flood(struct net_bridge *br, str
++ 		case BR_PKT_MULTICAST:
++ 			if (!(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev)
++ 				continue;
+++			if ((p->flags & BR_BPDU_FILTER) &&
+++			    unlikely(is_link_local_ether_addr(dest) &&
+++				     dest[5] == 0))
+++				continue;
++ 			break;
++ 		case BR_PKT_BROADCAST:
++ 			if (!(p->flags & BR_BCAST_FLOOD) && skb->dev != br->dev)
++--- a/net/bridge/br_input.c
+++++ b/net/bridge/br_input.c
++@@ -300,6 +300,8 @@ rx_handler_result_t br_handle_frame(stru
++ 		fwd_mask |= p->group_fwd_mask;
++ 		switch (dest[5]) {
++ 		case 0x00:	/* Bridge Group Address */
+++			if (p->flags & BR_BPDU_FILTER)
+++				goto drop;
++ 			/* If STP is turned off,
++ 			   then must forward to keep loop detection */
++ 			if (p->br->stp_enabled == BR_NO_STP ||
++--- a/net/bridge/br_sysfs_if.c
+++++ b/net/bridge/br_sysfs_if.c
++@@ -233,6 +233,7 @@ BRPORT_ATTR_FLAG(multicast_flood, BR_MCA
++ BRPORT_ATTR_FLAG(broadcast_flood, BR_BCAST_FLOOD);
++ BRPORT_ATTR_FLAG(neigh_suppress, BR_NEIGH_SUPPRESS);
++ BRPORT_ATTR_FLAG(isolated, BR_ISOLATED);
+++BRPORT_ATTR_FLAG(bpdu_filter, BR_BPDU_FILTER);
++ 
++ #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
++ static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf)
++@@ -285,6 +286,7 @@ static const struct brport_attribute *br
++ 	&brport_attr_group_fwd_mask,
++ 	&brport_attr_neigh_suppress,
++ 	&brport_attr_isolated,
+++	&brport_attr_bpdu_filter,
++ 	&brport_attr_backup_port,
++ 	NULL
++ };
++--- a/net/bridge/br_stp_bpdu.c
+++++ b/net/bridge/br_stp_bpdu.c
++@@ -80,7 +80,8 @@ void br_send_config_bpdu(struct net_brid
++ {
++ 	unsigned char buf[35];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -125,7 +126,8 @@ void br_send_tcn_bpdu(struct net_bridge_
++ {
++ 	unsigned char buf[4];
++ 
++-	if (p->br->stp_enabled != BR_KERNEL_STP)
+++	if (p->br->stp_enabled != BR_KERNEL_STP ||
+++	    (p->flags & BR_BPDU_FILTER))
++ 		return;
++ 
++ 	buf[0] = 0;
++@@ -168,6 +170,9 @@ void br_stp_rcv(const struct stp_proto *
++ 	if (!(br->dev->flags & IFF_UP))
++ 		goto out;
++ 
+++	if (p->flags & BR_BPDU_FILTER)
+++		goto out;
+++
++ 	if (p->state == BR_STATE_DISABLED)
++ 		goto out;
++ 
+-- 
+2.25.1
+

backports/0014-libubox-update-to-latest-HEAD.patch

@@ -1,32 +0,0 @@
-From 5171503cfa4387370fd4c33bbcf0d8c4b6ec86e4 Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Tue, 18 May 2021 10:46:43 +0200
-Subject: [PATCH] libubox: update to latest HEAD
-
-Signed-off-by: John Crispin <john@phrozen.org>
----
- package/libs/libubox/Makefile                 |   4 +-
- package/network/config/netifd/Makefile        |   4 +-
- .../config/netifd/patches/100-8021x.patch     | 421 ++++++++++++++++++
- 3 files changed, 425 insertions(+), 4 deletions(-)
- create mode 100644 package/network/config/netifd/patches/100-8021x.patch
-
-diff --git a/package/libs/libubox/Makefile b/package/libs/libubox/Makefile
-index 4d582eacfd..8644764d59 100644
---- a/package/libs/libubox/Makefile
-+++ b/package/libs/libubox/Makefile
-@@ -5,9 +5,9 @@ PKG_RELEASE=1
- 
- PKG_SOURCE_PROTO:=git
- PKG_SOURCE_URL=$(PROJECT_GIT)/project/libubox.git
--PKG_MIRROR_HASH:=97dc4eba01cf2c5d6a6d0db3747e0cdc0d95cb87e51b3115272e7d3e69a8b255
-+#PKG_MIRROR_HASH:=97dc4eba01cf2c5d6a6d0db3747e0cdc0d95cb87e51b3115272e7d3e69a8b255
- PKG_SOURCE_DATE:=2020-12-12
--PKG_SOURCE_VERSION:=357877693ca363b12e6e7e14d345639b2440cd07
-+PKG_SOURCE_VERSION:=b14c4688612c05c78ce984d7bde633bce8703b1e
- PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
- CMAKE_INSTALL:=1
- 
--- 
-2.25.1
-

backports/0015-uhttpd-add-config-option-for-json_script.patch

@@ -0,0 +1,33 @@
+From 8ba5feb6aaba50bda126db027490c7d37e428e3b Mon Sep 17 00:00:00 2001
+From: Stijn Tintel <stijn@linux-ipv6.be>
+Date: Fri, 20 Aug 2021 16:11:12 +0300
+Subject: [PATCH 15/27] uhttpd: add config option for json_script
+
+Add a config option for json_script instead of unconditionally including
+all json files in /etc/uhttpd in every uhttpd instance. This makes it
+possible to configure a single instance with an unconditional redirect,
+which is currently not possible as it would render all other uhttpd
+instances unusable.
+
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ package/network/services/uhttpd/files/uhttpd.init | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
+index 869f79bea2..7020912c6c 100755
+--- a/package/network/services/uhttpd/files/uhttpd.init
++++ b/package/network/services/uhttpd/files/uhttpd.init
+@@ -195,7 +195,8 @@ start_instance()
+ 		append_bool "$cfg" redirect_https "-q" 0
+ 	}
+ 
+-	for file in /etc/uhttpd/*.json; do
++	config_get json_script "$cfg" json_script
++	for file in $json_script; do
+ 		[ -s "$file" ] && procd_append_param command -H "$file"
+ 	done
+ 
+-- 
+2.25.1
+

backports/0016-iwinfo-update-to-latest-git-HEAD.patch

@@ -0,0 +1,41 @@
+From 63281b982b3692828ff453dcb9e68b8e43d628e5 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Mon, 21 Jun 2021 12:53:28 +0200
+Subject: [PATCH 16/27] iwinfo: update to latest git HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/network/utils/iwinfo/Makefile | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/package/network/utils/iwinfo/Makefile b/package/network/utils/iwinfo/Makefile
+index 815c477988..d235f07da9 100644
+--- a/package/network/utils/iwinfo/Makefile
++++ b/package/network/utils/iwinfo/Makefile
+@@ -11,12 +11,20 @@ PKG_RELEASE:=2.1
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git
+-PKG_SOURCE_DATE:=2021-04-30
+-PKG_SOURCE_VERSION:=c45f0b584b4b86f8250f90ea19afca271c114fa2
+-PKG_MIRROR_HASH:=24ad04791254a0523cd15a4fec6116d9ff121e006c93e5e41459f91347b33ec2
++PKG_SOURCE_DATE:=2021-06-09
++PKG_SOURCE_VERSION:=c0414642fead263a4a6a686ad3cb7e965ec8a23a
++PKG_MIRROR_HASH:=c5686bbae86753c53db03a686b034bbb80d31107cc359ebd8522ea1c82db35ea
+ PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+ PKG_LICENSE:=GPL-2.0
+ 
++PKG_FLAGS := nonshared
++
++PKG_CONFIG_DEPENDS := \
++	CONFIG_PACKAGE_kmod-brcm-wl \
++	CONFIG_PACKAGE_kmod-brcm-wl-mini \
++	CONFIG_PACKAGE_kmod-brcm-wl-mimo \
++	CONFIG_PACKAGE_kmod-cfg80211
++
+ IWINFO_ABI_VERSION:=20210430
+ 
+ include $(INCLUDE_DIR)/package.mk
+-- 
+2.25.1
+

backports/0016-kernel-modules-move-act_gact-into-kmod-sched-core.patch

@@ -1,45 +0,0 @@
-From 6c7e11cccbd28224a9a473a36df1102b4257d356 Mon Sep 17 00:00:00 2001
-From: DENG Qingfang <dqfext@gmail.com>
-Date: Fri, 9 Apr 2021 12:25:08 +0800
-Subject: [PATCH 5/6] kernel/modules: move act_gact into kmod-sched-core
-
-As the name suggests, act_gact has the generic actions such as dropping
-and accepting packets, so move it into kmod-sched-core.
-
-Signed-off-by: DENG Qingfang <dqfext@gmail.com>
----
- package/kernel/linux/modules/netsupport.mk | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk
-index 9fd49c1392..4343e850e9 100644
---- a/package/kernel/linux/modules/netsupport.mk
-+++ b/package/kernel/linux/modules/netsupport.mk
-@@ -721,7 +721,7 @@ $(eval $(call KernelPackage,mppe))
- 
- 
- SCHED_MODULES = $(patsubst $(LINUX_DIR)/net/sched/%.ko,%,$(wildcard $(LINUX_DIR)/net/sched/*.ko))
--SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit cls_matchall
-+SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_gact act_mirred act_skbedit cls_matchall
- SCHED_MODULES_FILTER = $(SCHED_MODULES_CORE) act_connmark act_ctinfo sch_cake sch_netem sch_mqprio em_ipset cls_bpf cls_flower act_bpf act_vlan
- SCHED_MODULES_EXTRA = $(filter-out $(SCHED_MODULES_FILTER),$(SCHED_MODULES))
- SCHED_FILES = $(patsubst %,$(LINUX_DIR)/net/sched/%.ko,$(filter $(SCHED_MODULES_CORE),$(SCHED_MODULES)))
-@@ -745,6 +745,7 @@ define KernelPackage/sched-core
- 	CONFIG_NET_CLS_ROUTE4 \
- 	CONFIG_NET_CLS_TCINDEX \
- 	CONFIG_NET_CLS_U32 \
-+	CONFIG_NET_ACT_GACT \
- 	CONFIG_NET_ACT_MIRRED \
- 	CONFIG_NET_ACT_SKBEDIT \
- 	CONFIG_NET_CLS_MATCHALL \
-@@ -899,7 +900,6 @@ define KernelPackage/sched
- 	CONFIG_NET_SCH_FQ \
- 	CONFIG_NET_SCH_PIE \
- 	CONFIG_NET_ACT_POLICE \
--	CONFIG_NET_ACT_GACT \
- 	CONFIG_NET_ACT_IPT \
- 	CONFIG_NET_ACT_PEDIT \
- 	CONFIG_NET_ACT_SIMP \
--- 
-2.25.1
-

backports/0017-netifd-update-to-latest-HEAD.patch

@@ -0,0 +1,62 @@
+From 3bc625814c04a24cdf16587c2adb2060a77a5e1a Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 27 May 2021 13:24:47 +0200
+Subject: [PATCH 17/27] netifd: update to latest HEAD
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/network/config/netifd/Makefile          |  8 +++-----
+ .../netifd/patches/002-fix-dhcp-issue.patch     | 17 +++++++++++++++++
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+ create mode 100644 package/network/config/netifd/patches/002-fix-dhcp-issue.patch
+
+diff --git a/package/network/config/netifd/Makefile b/package/network/config/netifd/Makefile
+index 4b5f110da2..13c1d96ed7 100644
+--- a/package/network/config/netifd/Makefile
++++ b/package/network/config/netifd/Makefile
+@@ -5,16 +5,14 @@ PKG_RELEASE:=1
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
+-PKG_SOURCE_DATE:=2021-07-26
+-PKG_SOURCE_VERSION:=440eb0647708274cc8d7d9e7c2bb0cfdfba90023
+-PKG_MIRROR_HASH:=eed957036ab608fdc49bdf801fc5b4405fcd2a3a5e5d3343ec39898e156c10e9
++PKG_SOURCE_DATE:=2021-09-01
++PKG_SOURCE_VERSION:=300b1220fab38600f102bb8cfcc59a29ce41b095
++PKG_MIRROR_HASH:=310fa90059795b1c956f9822db712ecc58bc19725b0f05f98c9e0a6824c8ca36
+ PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+ 
+ PKG_LICENSE:=GPL-2.0
+ PKG_LICENSE_FILES:=
+ 
+-PKG_BUILD_PARALLEL:=1
+-
+ include $(INCLUDE_DIR)/package.mk
+ include $(INCLUDE_DIR)/cmake.mk
+ 
+diff --git a/package/network/config/netifd/patches/002-fix-dhcp-issue.patch b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
+new file mode 100644
+index 0000000000..6f1d2e708e
+--- /dev/null
++++ b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
+@@ -0,0 +1,17 @@
++Index: netifd-2019-08-05-5e02f944/interface.c
++===================================================================
++--- netifd-2019-08-05-5e02f944.orig/interface.c
+++++ netifd-2019-08-05-5e02f944/interface.c
++@@ -424,7 +424,11 @@ interface_main_dev_cb(struct device_user
++ 		interface_set_link_state(iface, false);
++ 		break;
++ 	case DEV_EVENT_TOPO_CHANGE:
++-		interface_proto_event(iface->proto, PROTO_CMD_RENEW, false);
+++	/* This renews the dhcp lease when the bridge adds/deletes a
+++	 * new interface. It causes some dhcp servers to fail in
+++	 * case where there are many interfaces being added to the
+++	 * bridge frequently. Disabling this for now. */
+++	/*	interface_proto_event(iface->proto, PROTO_CMD_RENEW, false); */
++ 		return;
++ 	default:
++ 		break;
+-- 
+2.25.1
+

backports/0019-hostapd-update-to-latest-HEAD.patch

@@ -1,16 +1,16 @@
-From 84b526991e77774e21c3eb1a193ca3087b624e83 Mon Sep 17 00:00:00 2001
+From 3b094ed6b1602969f0dd71b48ed220d0caace7ab Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
-Date: Thu, 27 May 2021 13:25:19 +0200
-Subject: [PATCH 01/41] hostapd: upsate to latest HEAD
+Date: Sat, 4 Sep 2021 05:48:27 +0200
+Subject: [PATCH 19/27] hostapd: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
  package/network/services/hostapd/Makefile     |  15 +-
  .../hostapd/files/hostapd-basic.config        |   2 +-
  .../hostapd/files/hostapd-full.config         |   4 +-
- .../network/services/hostapd/files/hostapd.sh | 156 ++++++++--
+ .../network/services/hostapd/files/hostapd.sh | 141 +++++++--
  ...-fix-frequency-setup-with-HE-enabled.patch | 196 -------------
- .../001-wolfssl-init-RNG-with-ECC-key.patch   |  43 +++
+ ...> 001-wolfssl-init-RNG-with-ECC-key.patch} |  11 +-
  ...-init-order-disable-pri-sec-channel-.patch | 126 --------
  ...andle-HT40-and-mode-downgrade-in-AP-.patch | 102 -------
  ...ix-frequency-config-for-non-p2p-vht-.patch |  63 ----
@@ -66,15 +66,15 @@ Signed-off-by: John Crispin <john@phrozen.org>
  .../720-ACS-fix-channel-100-frequency.patch   |  30 ++
  .../patches/720-iface_max_num_sta.patch       |  82 ++++++
  .../hostapd/patches/730-ft_iface.patch        |  38 +++
- .../hostapd/patches/740-snoop_iface.patch     |  37 +++
+ .../hostapd/patches/740-snoop_iface.patch     |  66 +++++
  ...ate-if-no-available-channel-is-found.patch |  37 ---
  ...of-secondary-device-types-for-P2P-gr.patch |  33 ---
- .../services/hostapd/src/src/ap/ubus.c        | 217 +++++++++++++-
+ .../services/hostapd/src/src/ap/ubus.c        | 214 +++++++++++++-
  .../services/hostapd/src/src/ap/ubus.h        |  16 +
  .../hostapd/src/src/utils/build_features.h    |   2 -
- 67 files changed, 1302 insertions(+), 2330 deletions(-)
+ 67 files changed, 1277 insertions(+), 2334 deletions(-)
  delete mode 100644 package/network/services/hostapd/patches/001-HE-VHT-fix-frequency-setup-with-HE-enabled.patch
- create mode 100644 package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch
+ rename package/network/services/hostapd/patches/{802-wolfssl-init-RNG-with-ECC-key.patch => 001-wolfssl-init-RNG-with-ECC-key.patch} (76%)
  delete mode 100644 package/network/services/hostapd/patches/002-mesh-fix-channel-init-order-disable-pri-sec-channel-.patch
  delete mode 100644 package/network/services/hostapd/patches/003-wpa_supplicant-handle-HT40-and-mode-downgrade-in-AP-.patch
  delete mode 100644 package/network/services/hostapd/patches/004-wpa_supplicant-fix-frequency-config-for-non-p2p-vht-.patch
@@ -111,7 +111,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  delete mode 100644 package/network/services/hostapd/patches/801-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
 
 diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
-index bd2a7c96ad..fee6889b40 100644
+index 67ea89c339..fee6889b40 100644
 --- a/package/network/services/hostapd/Makefile
 +++ b/package/network/services/hostapd/Makefile
 @@ -1,19 +1,17 @@
@@ -126,7 +126,7 @@ index bd2a7c96ad..fee6889b40 100644
  include $(TOPDIR)/rules.mk
  
  PKG_NAME:=hostapd
--PKG_RELEASE:=32
+-PKG_RELEASE:=35
 +PKG_RELEASE:=$(AUTORELEASE)
  
  PKG_SOURCE_URL:=http://w1.fi/hostap.git
@@ -179,7 +179,7 @@ index df272e443a..61b6daf861 100644
  # EAP-SAKE for the integrated EAP server
  #CONFIG_EAP_SAKE=y
 diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
-index 45a49b8faa..4591958b6f 100644
+index aa72e09eba..e941fa4f77 100644
 --- a/package/network/services/hostapd/files/hostapd.sh
 +++ b/package/network/services/hostapd/files/hostapd.sh
 @@ -49,6 +49,7 @@ hostapd_append_wpa_key_mgmt() {
@@ -190,17 +190,15 @@ index 45a49b8faa..4591958b6f 100644
  		;;
  		eap-eap192)
  			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
-@@ -91,14 +92,19 @@ hostapd_add_log_config() {
+@@ -91,6 +92,7 @@ hostapd_add_log_config() {
  hostapd_common_add_device_config() {
  	config_add_array basic_rate
  	config_add_array supported_rates
 +	config_add_string beacon_rate
  
--	config_add_string country
-+	config_add_string country country3
+ 	config_add_string country country3
  	config_add_boolean country_ie doth
- 	config_add_boolean spectrum_mgmt_required
- 	config_add_int local_pwr_constraint
+@@ -99,6 +101,10 @@ hostapd_common_add_device_config() {
  	config_add_string require_mode
  	config_add_boolean legacy_rates
  	config_add_int cell_density
@@ -211,27 +209,17 @@ index 45a49b8faa..4591958b6f 100644
  
  	config_add_string acs_chan_bias
  	config_add_array hostapd_options
-@@ -114,8 +120,9 @@ hostapd_prepare_device_config() {
- 
+@@ -115,7 +121,8 @@ hostapd_prepare_device_config() {
  	local base_cfg=
  
--	json_get_vars country country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
+ 	json_get_vars country country3 country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
 -		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density
-+	json_get_vars country country3 country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
 +		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
 +		rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc
  
  	hostapd_set_log_options base_cfg
  
-@@ -128,6 +135,7 @@ hostapd_prepare_device_config() {
- 
- 	[ -n "$country" ] && {
- 		append base_cfg "country_code=$country" "$N"
-+		[ -n "$country3" ] && append base_cfg "country3=$country3" "$N"
- 
- 		[ "$country_ie" -gt 0 ] && {
- 			append base_cfg "ieee80211d=1" "$N"
-@@ -206,11 +214,16 @@ hostapd_prepare_device_config() {
+@@ -207,11 +214,16 @@ hostapd_prepare_device_config() {
  		hostapd_add_rate brlist "$br"
  	done
  
@@ -248,16 +236,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	json_get_values opts hostapd_options
  	for val in $opts; do
-@@ -251,6 +264,8 @@ hostapd_common_add_bss_config() {
- 	config_add_int acct_port
- 	config_add_int acct_interval
- 
-+	config_add_int bss_load_update_period chan_util_avg_period
-+
- 	config_add_string dae_client
- 	config_add_string dae_secret
- 	config_add_int dae_port
-@@ -266,7 +281,7 @@ hostapd_common_add_bss_config() {
+@@ -269,7 +281,7 @@ hostapd_common_add_bss_config() {
  	config_add_array domain_match domain_match2 domain_suffix_match domain_suffix_match2
  	config_add_string ieee80211w_mgmt_cipher
  
@@ -266,19 +245,15 @@ index 45a49b8faa..4591958b6f 100644
  	config_add_string vlan_tagged_interface vlan_bridge
  	config_add_string vlan_file
  
-@@ -281,9 +296,10 @@ hostapd_common_add_bss_config() {
- 	config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
- 	config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
- 
--	config_add_boolean wnm_sleep_mode bss_transition
-+	config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
+@@ -287,6 +299,7 @@ hostapd_common_add_bss_config() {
+ 	config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
  	config_add_int time_advertisement
  	config_add_string time_zone
 +	config_add_string vendor_elements
  
  	config_add_boolean ieee80211k rrm_neighbor_report rrm_beacon_report
  
-@@ -308,6 +324,7 @@ hostapd_common_add_bss_config() {
+@@ -311,6 +324,7 @@ hostapd_common_add_bss_config() {
  	config_add_array supported_rates
  
  	config_add_boolean sae_require_mfp
@@ -286,7 +261,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
  
-@@ -316,7 +333,7 @@ hostapd_common_add_bss_config() {
+@@ -319,7 +333,7 @@ hostapd_common_add_bss_config() {
  	config_add_int iw_ipaddr_type_availability iw_gas_address3
  	config_add_string iw_hessid iw_network_auth_type iw_qos_map_set
  	config_add_array iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
@@ -295,7 +270,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	config_add_boolean hs20 disable_dgaf osen
  	config_add_int anqp_domain_id
-@@ -327,12 +344,22 @@ hostapd_common_add_bss_config() {
+@@ -330,12 +344,22 @@ hostapd_common_add_bss_config() {
  	config_add_array hs20_conn_capab
  	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
  
@@ -319,7 +294,7 @@ index 45a49b8faa..4591958b6f 100644
  }
  
  hostapd_set_vlan_file() {
-@@ -384,7 +411,7 @@ append_iw_anqp_3gpp_cell_net() {
+@@ -387,7 +411,7 @@ append_iw_anqp_3gpp_cell_net() {
  	if [ -z "$iw_anqp_3gpp_cell_net_conf" ]; then
  		iw_anqp_3gpp_cell_net_conf="$1"
  	else
@@ -328,7 +303,7 @@ index 45a49b8faa..4591958b6f 100644
  	fi
  }
  
-@@ -396,10 +423,22 @@ append_iw_nai_realm() {
+@@ -399,10 +423,22 @@ append_iw_nai_realm() {
  	[ -n "$1" ] && append bss_conf "nai_realm=$1" "$N"
  }
  
@@ -351,7 +326,7 @@ index 45a49b8faa..4591958b6f 100644
  append_osu_provider_service_desc() {
  	append bss_conf "osu_service_desc=$1" "$N"
  }
-@@ -447,6 +486,7 @@ append_osu_provider() {
+@@ -450,6 +486,7 @@ append_osu_provider() {
  	append bss_conf "osu_method_list=$osu_method_list" "$N"
  
  	config_list_foreach "$1" osu_service_desc append_osu_provider_service_desc
@@ -359,7 +334,7 @@ index 45a49b8faa..4591958b6f 100644
  	config_list_foreach "$1" osu_icon append_osu_icon
  
  	append bss_conf "$N"
-@@ -456,6 +496,14 @@ append_hs20_conn_capab() {
+@@ -459,6 +496,14 @@ append_hs20_conn_capab() {
  	[ -n "$1" ] && append bss_conf "hs20_conn_capab=$1" "$N"
  }
  
@@ -374,7 +349,7 @@ index 45a49b8faa..4591958b6f 100644
  append_airtime_sta_weight() {
  	[ -n "$1" ] && append bss_conf "airtime_sta_weight=$1" "$N"
  }
-@@ -479,10 +527,12 @@ hostapd_set_bss_options() {
+@@ -482,10 +527,12 @@ hostapd_set_bss_options() {
  		macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
  		iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
  		acct_server acct_secret acct_port acct_interval \
@@ -389,7 +364,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	set_default isolate 0
  	set_default maxassoc 0
-@@ -503,6 +553,7 @@ hostapd_set_bss_options() {
+@@ -506,6 +553,7 @@ hostapd_set_bss_options() {
  	set_default multi_ap 0
  	set_default airtime_bss_weight 0
  	set_default airtime_bss_limit 0
@@ -397,7 +372,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	append bss_conf "ctrl_interface=/var/run/hostapd"
  	if [ "$isolate" -gt 0 ]; then
-@@ -529,6 +580,7 @@ hostapd_set_bss_options() {
+@@ -532,6 +580,7 @@ hostapd_set_bss_options() {
  	append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N"
  	append bss_conf "utf8_ssid=$utf8_ssid" "$N"
  	append bss_conf "multi_ap=$multi_ap" "$N"
@@ -405,7 +380,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
  
-@@ -547,6 +599,7 @@ hostapd_set_bss_options() {
+@@ -550,6 +599,7 @@ hostapd_set_bss_options() {
  			append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
  		[ -n "$acct_interval" ] && \
  			append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
@@ -413,7 +388,7 @@ index 45a49b8faa..4591958b6f 100644
  	}
  
  	case "$auth_type" in
-@@ -560,6 +613,7 @@ hostapd_set_bss_options() {
+@@ -563,6 +613,7 @@ hostapd_set_bss_options() {
  		;;
  	esac
  	[ -n "$sae_require_mfp" ] && append bss_conf "sae_require_mfp=$sae_require_mfp" "$N"
@@ -421,7 +396,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	local vlan_possible=""
  
-@@ -601,7 +655,7 @@ hostapd_set_bss_options() {
+@@ -604,7 +655,7 @@ hostapd_set_bss_options() {
  				auth_server auth_secret auth_port \
  				dae_client dae_secret dae_port \
  				ownip radius_client_addr \
@@ -430,7 +405,7 @@ index 45a49b8faa..4591958b6f 100644
  
  			# radius can provide VLAN ID for clients
  			vlan_possible=1
-@@ -613,18 +667,22 @@ hostapd_set_bss_options() {
+@@ -616,18 +667,22 @@ hostapd_set_bss_options() {
  
  			set_default auth_port 1812
  			set_default dae_port 3799
@@ -457,7 +432,7 @@ index 45a49b8faa..4591958b6f 100644
  
  			[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
  			[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
-@@ -697,19 +755,24 @@ hostapd_set_bss_options() {
+@@ -700,6 +755,7 @@ hostapd_set_bss_options() {
  
  	append bss_conf "ssid=$ssid" "$N"
  	[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
@@ -465,26 +440,7 @@ index 45a49b8faa..4591958b6f 100644
  	[ -n "$iapp_interface" ] && {
  		local ifname
  		network_get_device ifname "$iapp_interface" || ifname="$iapp_interface"
- 		append bss_conf "iapp_interface=$ifname" "$N"
- 	}
- 
--	json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition
-+	json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
- 	set_default bss_transition 0
- 	set_default wnm_sleep_mode 0
-+	set_default wnm_sleep_mode_no_keys 0
- 
- 	[ -n "$time_advertisement" ] && append bss_conf "time_advertisement=$time_advertisement" "$N"
- 	[ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N"
--	[ "$wnm_sleep_mode" -eq "1" ] && append bss_conf "wnm_sleep_mode=1" "$N"
-+	if [ "$wnm_sleep_mode" -eq "1" ]; then
-+		append bss_conf "wnm_sleep_mode=1" "$N"
-+		[ "$wnm_sleep_mode_no_keys" -eq "1" ] && append bss_conf "wnm_sleep_mode_no_keys=1" "$N"
-+	fi
- 	[ "$bss_transition" -eq "1" ] && append bss_conf "bss_transition=1" "$N"
- 
- 	json_get_vars ieee80211k rrm_neighbor_report rrm_beacon_report
-@@ -733,7 +796,7 @@ hostapd_set_bss_options() {
+@@ -740,7 +796,7 @@ hostapd_set_bss_options() {
  			append bss_conf "ftm_responder=1" "$N"
  			[ "$stationary_ap" -eq "1" ] && append bss_conf "stationary_ap=1" "$N"
  			[ -n "$lci" ] && append bss_conf "lci=$lci" "$N"
@@ -493,7 +449,7 @@ index 45a49b8faa..4591958b6f 100644
  		}
  	fi
  
-@@ -757,6 +820,7 @@ hostapd_set_bss_options() {
+@@ -764,6 +820,7 @@ hostapd_set_bss_options() {
  				;;
  			esac
  
@@ -501,7 +457,7 @@ index 45a49b8faa..4591958b6f 100644
  			append bss_conf "mobility_domain=$mobility_domain" "$N"
  			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
  			append bss_conf "ft_over_ds=$ft_over_ds" "$N"
-@@ -771,6 +835,13 @@ hostapd_set_bss_options() {
+@@ -778,6 +835,13 @@ hostapd_set_bss_options() {
  				set_default r0_key_lifetime 10000
  				set_default pmk_r1_push 0
  
@@ -515,7 +471,7 @@ index 45a49b8faa..4591958b6f 100644
  				[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
  				append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
  				append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
-@@ -856,13 +927,17 @@ hostapd_set_bss_options() {
+@@ -863,13 +927,17 @@ hostapd_set_bss_options() {
  	}
  
  	[ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && {
@@ -535,7 +491,7 @@ index 45a49b8faa..4591958b6f 100644
  		[ -n "$vlan_tagged_interface" ] && \
  			append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
  		[ -n "$vlan_file" ] && {
-@@ -875,6 +950,7 @@ hostapd_set_bss_options() {
+@@ -882,6 +950,7 @@ hostapd_set_bss_options() {
  	json_get_vars iw_hessid iw_venue_group iw_venue_type iw_network_auth_type
  	json_get_vars iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
  	json_get_vars iw_anqp_elem iw_qos_map_set iw_ipaddr_type_availability iw_gas_address3
@@ -543,7 +499,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	set_default iw_enabled 0
  	if [ "$iw_enabled" = "1" ]; then
-@@ -903,6 +979,8 @@ hostapd_set_bss_options() {
+@@ -910,6 +979,8 @@ hostapd_set_bss_options() {
  		json_for_each_item append_iw_roaming_consortium iw_roaming_consortium
  		json_for_each_item append_iw_anqp_elem iw_anqp_elem
  		json_for_each_item append_iw_nai_realm iw_nai_realm
@@ -552,7 +508,7 @@ index 45a49b8faa..4591958b6f 100644
  
  		iw_domain_name_conf=
  		json_for_each_item append_iw_domain_name iw_domain_name
-@@ -917,9 +995,11 @@ hostapd_set_bss_options() {
+@@ -924,9 +995,11 @@ hostapd_set_bss_options() {
  
  
  	local hs20 disable_dgaf osen anqp_domain_id hs20_deauth_req_timeout \
@@ -566,7 +522,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	set_default hs20 0
  	set_default disable_dgaf $hs20
-@@ -938,16 +1018,31 @@ hostapd_set_bss_options() {
+@@ -945,16 +1018,31 @@ hostapd_set_bss_options() {
  		[ -n "$hs20_operating_class" ] && append bss_conf "hs20_operating_class=$hs20_operating_class" "$N"
  		[ -n "$hs20_t_c_filename" ] && append bss_conf "hs20_t_c_filename=$hs20_t_c_filename" "$N"
  		[ -n "$hs20_t_c_timestamp" ] && append bss_conf "hs20_t_c_timestamp=$hs20_t_c_timestamp" "$N"
@@ -599,7 +555,15 @@ index 45a49b8faa..4591958b6f 100644
  
  	set_default per_sta_vif 0
  	if [ "$per_sta_vif" -gt 0 ]; then
-@@ -1079,9 +1174,9 @@ wpa_supplicant_set_fixed_freq() {
+@@ -1079,16 +1167,16 @@ wpa_supplicant_set_fixed_freq() {
+ 	append network_data "frequency=$freq" "$N$T"
+ 	case "$htmode" in
+ 		NOHT) append network_data "disable_ht=1" "$N$T";;
+-		HT20|VHT20) append network_data "disable_ht40=1" "$N$T";;
++		HT20|VHT20|HE20) append network_data "disable_ht40=1" "$N$T";;
+ 		HT40*|VHT40*|VHT80*|VHT160*) append network_data "ht40=1" "$N$T";;
+ 	esac
+ 	case "$htmode" in
  		VHT*) append network_data "vht=1" "$N$T";;
  	esac
  	case "$htmode" in
@@ -612,7 +576,7 @@ index 45a49b8faa..4591958b6f 100644
  		*) append network_data "disable_vht=1" "$N$T";;
  	esac
  }
-@@ -1099,7 +1194,8 @@ wpa_supplicant_add_network() {
+@@ -1106,7 +1194,8 @@ wpa_supplicant_add_network() {
  		ssid bssid key \
  		basic_rate mcast_rate \
  		ieee80211w ieee80211r \
@@ -622,7 +586,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	case "$auth_type" in
  		sae|owe|eap192|eap-eap192)
-@@ -1112,6 +1208,7 @@ wpa_supplicant_add_network() {
+@@ -1119,6 +1208,7 @@ wpa_supplicant_add_network() {
  
  	set_default ieee80211r 0
  	set_default multi_ap 0
@@ -630,7 +594,7 @@ index 45a49b8faa..4591958b6f 100644
  
  	local key_mgmt='NONE'
  	local network_data=
-@@ -1143,7 +1240,10 @@ wpa_supplicant_add_network() {
+@@ -1150,7 +1240,10 @@ wpa_supplicant_add_network() {
  		scan_ssid=""
  	}
  
@@ -844,55 +808,51 @@ index 37c17c50af..0000000000
 - 
 - 	if (ssid->mesh_basic_rates == NULL) {
 - 		/*
-diff --git a/package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch b/package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch
-new file mode 100644
-index 0000000000..84fc1c9351
---- /dev/null
+diff --git a/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch b/package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch
+similarity index 76%
+rename from package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch
+rename to package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch
+index 89d111e991..84fc1c9351 100644
+--- a/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch
 +++ b/package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch
-@@ -0,0 +1,43 @@
-+From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
-+From: David Bauer <mail@david-bauer.net>
-+Date: Wed, 5 May 2021 00:44:34 +0200
-+Subject: [PATCH] wolfssl: add RNG to EC key
-+
-+Since upstream commit 6467de5a8840 ("Randomize z ordinates in
-+scalar mult when timing resistant") WolfSSL requires a RNG for
-+the EC key when built hardened which is the default.
-+
-+Set the RNG for the EC key to fix connections for OWE clients.
-+
-+Signed-off-by: David Bauer <mail@david-bauer.net>
-+---
-+ src/crypto/crypto_wolfssl.c | 4 ++++
-+ 1 file changed, 4 insertions(+)
-+
-+--- a/src/crypto/crypto_wolfssl.c
-++++ b/src/crypto/crypto_wolfssl.c
+@@ -14,11 +14,9 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
+  src/crypto/crypto_wolfssl.c | 4 ++++
+  1 file changed, 4 insertions(+)
+ 
+-diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+-index 2e4bf8962..ed2528159 100644
+ --- a/src/crypto/crypto_wolfssl.c
+ +++ b/src/crypto/crypto_wolfssl.c
+-@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
 +@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *
-+ 
-+ struct crypto_ec {
-+ 	ecc_key key;
-++	WC_RNG rng;
-+ 	mp_int a;
-+ 	mp_int prime;
-+ 	mp_int order;
+  
+  struct crypto_ec {
+  	ecc_key key;
+@@ -26,7 +24,7 @@ index 2e4bf8962..ed2528159 100644
+  	mp_int a;
+  	mp_int prime;
+  	mp_int order;
+-@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group)
 +@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int gr
-+ 		return NULL;
-+ 
-+ 	if (wc_ecc_init(&e->key) != 0 ||
-++	    wc_InitRng(&e->rng) != 0 ||
-++	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
-+ 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
-+ 	    mp_init(&e->a) != MP_OKAY ||
-+ 	    mp_init(&e->prime) != MP_OKAY ||
+  		return NULL;
+  
+  	if (wc_ecc_init(&e->key) != 0 ||
+@@ -35,7 +33,7 @@ index 2e4bf8962..ed2528159 100644
+  	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
+  	    mp_init(&e->a) != MP_OKAY ||
+  	    mp_init(&e->prime) != MP_OKAY ||
+-@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e)
 +@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec*
-+ 	mp_clear(&e->order);
-+ 	mp_clear(&e->prime);
-+ 	mp_clear(&e->a);
-++	wc_FreeRng(&e->rng);
-+ 	wc_ecc_free(&e->key);
-+ 	os_free(e);
-+ }
+  	mp_clear(&e->order);
+  	mp_clear(&e->prime);
+  	mp_clear(&e->a);
+@@ -43,6 +41,3 @@ index 2e4bf8962..ed2528159 100644
+  	wc_ecc_free(&e->key);
+  	os_free(e);
+  }
+--- 
+-2.31.1
+-
 diff --git a/package/network/services/hostapd/patches/002-mesh-fix-channel-init-order-disable-pri-sec-channel-.patch b/package/network/services/hostapd/patches/002-mesh-fix-channel-init-order-disable-pri-sec-channel-.patch
 deleted file mode 100644
 index c7101b1dbc..0000000000
@@ -5317,10 +5277,10 @@ index 0000000000..793e8e0194
 + 		if (!hapd->l2) {
 diff --git a/package/network/services/hostapd/patches/740-snoop_iface.patch b/package/network/services/hostapd/patches/740-snoop_iface.patch
 new file mode 100644
-index 0000000000..722d1e713a
+index 0000000000..8d928f8505
 --- /dev/null
 +++ b/package/network/services/hostapd/patches/740-snoop_iface.patch
-@@ -0,0 +1,37 @@
+@@ -0,0 +1,66 @@
 +--- a/src/ap/ap_config.h
 ++++ b/src/ap/ap_config.h
 +@@ -278,6 +278,7 @@ struct hostapd_bss_config {
@@ -5333,7 +5293,36 @@ index 0000000000..722d1e713a
 + 
 +--- a/src/ap/x_snoop.c
 ++++ b/src/ap/x_snoop.c
-+@@ -71,8 +71,12 @@ x_snoop_get_l2_packet(struct hostapd_dat
++@@ -31,14 +31,16 @@ int x_snoop_init(struct hostapd_data *ha
++ 		return -1;
++ 	}
++ 
++-	if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
+++	if (!conf->snoop_iface[0] &&
+++	    hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
++ 					 1)) {
++ 		wpa_printf(MSG_DEBUG,
++ 			   "x_snoop: Failed to enable hairpin_mode on the bridge port");
++ 		return -1;
++ 	}
++ 
++-	if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 1)) {
+++	if (!conf->snoop_iface[0] &&
+++	    hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 1)) {
++ 		wpa_printf(MSG_DEBUG,
++ 			   "x_snoop: Failed to enable proxyarp on the bridge port");
++ 		return -1;
++@@ -52,7 +54,8 @@ int x_snoop_init(struct hostapd_data *ha
++ 	}
++ 
++ #ifdef CONFIG_IPV6
++-	if (hostapd_drv_br_set_net_param(hapd, DRV_BR_MULTICAST_SNOOPING, 1)) {
+++	if (!conf->snoop_iface[0] &&
+++	    hostapd_drv_br_set_net_param(hapd, DRV_BR_MULTICAST_SNOOPING, 1)) {
++ 		wpa_printf(MSG_DEBUG,
++ 			   "x_snoop: Failed to enable multicast snooping on the bridge");
++ 		return -1;
++@@ -71,8 +74,12 @@ x_snoop_get_l2_packet(struct hostapd_dat
 + {
 + 	struct hostapd_bss_config *conf = hapd->conf;
 + 	struct l2_packet_data *l2;
@@ -5441,7 +5430,7 @@ index 944f7d71c9..0000000000
 - 		  dev->info.wps_sec_dev_type_list_len);
 - }
 diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c
-index d03b848f94..07c366508c 100644
+index d03b848f94..09b25a29e5 100644
 --- a/package/network/services/hostapd/src/src/ap/ubus.c
 +++ b/package/network/services/hostapd/src/src/ap/ubus.c
 @@ -21,6 +21,7 @@
@@ -5733,7 +5722,7 @@ index d03b848f94..07c366508c 100644
  static const struct ubus_method daemon_methods[] = {
  	UBUS_METHOD("config_add", hostapd_config_add, config_add_policy),
  	UBUS_METHOD("config_remove", hostapd_config_remove, config_remove_policy),
-@@ -1550,3 +1734,24 @@ void hostapd_ubus_notify_beacon_report(
+@@ -1550,3 +1734,21 @@ void hostapd_ubus_notify_beacon_report(
  
  	ubus_notify(ctx, &hapd->ubus.obj, "beacon-report", b.head, -1);
  }
@@ -5744,9 +5733,6 @@ index d03b848f94..07c366508c 100644
 +	struct hostapd_data *hapd;
 +	int i;
 +
-+	if (!hapd->ubus.obj.has_subscribers)
-+		return;
-+
 +	blob_buf_init(&b, 0);
 +	blobmsg_add_u16(&b, "frequency", frequency);
 +	blobmsg_add_u16(&b, "width", chan_width);

backports/0020-procd-add-uxc-support.patch

@@ -0,0 +1,170 @@
+From aab305d662fa77ef4495574c096cb1e065c1908a Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Sun, 25 Jul 2021 13:32:37 +0200
+Subject: [PATCH 20/27] procd: add uxc support
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/system/procd/Makefile       | 12 ++---
+ package/system/procd/files/procd.sh | 79 +++++++++++++++++++++++++++++
+ package/system/procd/files/uxc.init |  4 ++
+ 3 files changed, 89 insertions(+), 6 deletions(-)
+
+diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
+index 30d5adf427..98f1ed1775 100644
+--- a/package/system/procd/Makefile
++++ b/package/system/procd/Makefile
+@@ -12,9 +12,9 @@ PKG_RELEASE:=$(AUTORELEASE)
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git
+-PKG_SOURCE_DATE:=2021-02-23
+-PKG_SOURCE_VERSION:=37eed131e9967a35f47bacb3437a9d3c8a57b3f4
+-PKG_MIRROR_HASH:=2b0131ff9055ccf987cbeb5f36c2c2585dc780999df6be312fbbbcd61ce676d4
++PKG_SOURCE_DATE:=2021-08-15
++PKG_SOURCE_VERSION:=104b49d6ab25a8cf067e6d8d1f2da7defb9876d4
++PKG_MIRROR_HASH:=d13b566a14e84f6babe8b7d3dfb88e34c3dff0e97d7770d6fe71174685bca628
+ CMAKE_INSTALL:=1
+ 
+ PKG_LICENSE:=GPL-2.0
+@@ -32,7 +32,7 @@ include $(INCLUDE_DIR)/package.mk
+ include $(INCLUDE_DIR)/cmake.mk
+ 
+ ifeq ($(DUMP),)
+-  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | mkhash md5)
++  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | $(MKHASH) md5)
+ endif
+ 
+ CMAKE_OPTIONS += -DEARLY_PATH="$(TARGET_INIT_PATH)"
+@@ -82,7 +82,7 @@ endef
+ define Package/procd-seccomp
+   SECTION:=base
+   CATEGORY:=Base system
+-  DEPENDS:=@(arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
++  DEPENDS:=@(aarch64||arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
+ 	  @KERNEL_SECCOMP +libubox +libblobmsg-json
+   TITLE:=OpenWrt process seccomp helper + utrace
+ endef
+@@ -90,7 +90,7 @@ endef
+ define Package/uxc
+   SECTION:=base
+   CATEGORY:=Base system
+-  DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json
++  DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json +blockd +rpcd
+   TITLE:=OpenWrt container management
+   MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+ endef
+diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh
+index d86b7219da..3549a5a914 100644
+--- a/package/system/procd/files/procd.sh
++++ b/package/system/procd/files/procd.sh
+@@ -329,6 +329,82 @@ _procd_add_config_trigger() {
+ 	json_close_array
+ }
+ 
++_procd_add_mount_trigger() {
++	json_add_array
++	_procd_add_array_data "$1"
++	local action="$2"
++	local multi=0
++	shift ; shift
++
++	json_add_array
++	_procd_add_array_data "if"
++
++	if [ "$2" ]; then
++		json_add_array
++		_procd_add_array_data "or"
++		multi=1
++	fi
++
++	while [ "$1" ]; do
++		json_add_array
++		_procd_add_array_data "eq" "target" "$1"
++		shift
++		json_close_array
++	done
++
++	[ $multi = 1 ] && json_close_array
++
++	json_add_array
++	_procd_add_array_data "run_script" /etc/init.d/$name $action
++	json_close_array
++
++	json_close_array
++	_procd_add_timeout
++	json_close_array
++}
++
++_procd_add_action_mount_trigger() {
++	local script=$(readlink "$initscript")
++	local name=$(basename ${script:-$initscript})
++	local action="$1"
++	local mpath
++	shift
++
++	_procd_open_trigger
++	_procd_add_mount_trigger mount.add $action "$@"
++	_procd_close_trigger
++}
++
++procd_get_mountpoints() {
++	(
++		__procd_check_mount() {
++			local cfg="$1"
++			local path="${2%%/}/"
++			local target
++			config_get target "$cfg" target
++			target="${target%%/}/"
++			[ "$path" != "${path##$target}" ] && echo "${target%%/}"
++		}
++
++		config_load fstab
++		for mpath in "$@"; do
++			config_foreach __procd_check_mount mount "$mpath"
++		done
++	) | sort -u
++}
++
++_procd_add_restart_mount_trigger() {
++	local mountpoints="$(procd_get_mountpoints "$@")"
++	[ "${mountpoints//[[:space:]]}" ] &&
++		_procd_add_action_mount_trigger restart $mountpoints
++}
++
++_procd_add_reload_mount_trigger() {
++	local mountpoints="$(procd_get_mountpoints "$@")"
++	[ "${mountpoints//[[:space:]]}" ] &&
++		_procd_add_action_mount_trigger reload $mountpoints
++}
++
+ _procd_add_raw_trigger() {
+ 	json_add_array
+ 	_procd_add_array_data "$1"
+@@ -560,8 +636,11 @@ _procd_wrapper \
+ 	procd_add_raw_trigger \
+ 	procd_add_config_trigger \
+ 	procd_add_interface_trigger \
++	procd_add_mount_trigger \
+ 	procd_add_reload_trigger \
+ 	procd_add_reload_interface_trigger \
++	procd_add_reload_mount_trigger \
++	procd_add_restart_mount_trigger \
+ 	procd_open_trigger \
+ 	procd_close_trigger \
+ 	procd_open_instance \
+diff --git a/package/system/procd/files/uxc.init b/package/system/procd/files/uxc.init
+index 035c8b0b9e..1e75b796f8 100644
+--- a/package/system/procd/files/uxc.init
++++ b/package/system/procd/files/uxc.init
+@@ -16,3 +16,7 @@ boot() {
+ 	__BOOT_UXC=1
+ 	start
+ }
++
++service_triggers() {
++	procd_add_raw_trigger "mount.add" 3000 /etc/init.d/uxc boot
++}
+-- 
+2.25.1
+

backports/0021-build-create-APK-files-parrallel-to-IPK.patch

@@ -0,0 +1,174 @@
+From 23c15e2536d0fa5ed81c5bdfe7623d3370dca997 Mon Sep 17 00:00:00 2001
+From: Paul Spooren <mail@aparcar.org>
+Date: Fri, 2 Oct 2020 23:30:30 -1000
+Subject: [PATCH 21/27] build: create APK files parrallel to IPK
+
+Create APK files based on the folder and control files of IPK packages.
+
+Signed-off-by: Paul Spooren <mail@aparcar.org>
+---
+ include/package-ipkg.mk     | 48 +++++++++++++++++++++++++------------
+ package/Makefile            |  2 ++
+ package/base-files/Makefile |  4 ++++
+ rules.mk                    |  2 ++
+ scripts/apk-make-index.sh   | 20 ++++++++++++++++
+ 5 files changed, 61 insertions(+), 15 deletions(-)
+ create mode 100755 scripts/apk-make-index.sh
+
+diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
+index e972b7de0b..5c31b1774f 100644
+--- a/include/package-ipkg.mk
++++ b/include/package-ipkg.mk
+@@ -102,6 +102,7 @@ ifeq ($(DUMP),)
+     ABIV_$(1):=$(call FormatABISuffix,$(1),$(ABI_VERSION))
+     PDIR_$(1):=$(call FeedPackageDir,$(1))
+     IPKG_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).ipk
++    APK_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).apk
+     IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1)
+     KEEP_$(1):=$(strip $(call Package/$(1)/conffiles))
+ 
+@@ -200,7 +201,7 @@ $(_endef)
+     $(PKG_INFO_DIR)/$(1).provides $$(IPKG_$(1)): $(STAMP_BUILT) $(INCLUDE_DIR)/package-ipkg.mk
+ 	@rm -rf $$(IDIR_$(1)); \
+ 		$$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_ipkg_wildcard,$(1))))
+-	mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/CONTROL $(PKG_INFO_DIR)
++	mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1)) $(PKG_INFO_DIR)
+ 	$(call Package/$(1)/install,$$(IDIR_$(1)))
+ 	$(if $(Package/$(1)/install-overlay),mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/rootfs-overlay)
+ 	$(call Package/$(1)/install-overlay,$$(IDIR_$(1))/rootfs-overlay)
+@@ -226,6 +227,37 @@ $(_endef)
+ 		) || true \
+ 	)
+     endif
++
++    ifneq ($$(KEEP_$(1)),)
++		@( \
++			keepfiles=""; \
++			for x in $$(KEEP_$(1)); do \
++				[ -f "$$(IDIR_$(1))/$$$$x" ] || keepfiles="$$$${keepfiles:+$$$$keepfiles }$$$$x"; \
++			done; \
++			[ -z "$$$$keepfiles" ] || { \
++				mkdir -p $$(IDIR_$(1))/lib/upgrade/keep.d; \
++				for x in $$$$keepfiles; do echo $$$$x >> $$(IDIR_$(1))/lib/upgrade/keep.d/$(1); done; \
++			}; \
++		)
++    endif
++
++	$(INSTALL_DIR) $$(PDIR_$(1))
++
++	$(FAKEROOT) apk mkpkg \
++	  --info "name:$(1)" \
++	  --info "version:$(VERSION)" \
++	  --info "description:$()" \
++	  --info "arch:$(PKGARCH)" \
++	  --info "license:$(LICENSE)" \
++	  --info "origin:$(SOURCE)" \
++	  --info "maintainer:$(MAINTAINER)" \
++	  $$(foreach dep,$$(Package/$(1)/DEPENDS),--info "depends:$$(subst $$(comma),,$$(dep))") \
++	  --files "$$(IDIR_$(1))" \
++	  --output "$$(APK_$(1))" \
++	  --sign "$(BUILD_KEY_APK_SEC)"
++
++	mkdir -p $$(IDIR_$(1))/CONTROL
++
+ 	(cd $$(IDIR_$(1))/CONTROL; \
+ 		( \
+ 			echo "$$$$CONTROL"; \
+@@ -249,20 +281,6 @@ $(_endef)
+ 		$($(1)_COMMANDS) \
+ 	)
+ 
+-    ifneq ($$(KEEP_$(1)),)
+-		@( \
+-			keepfiles=""; \
+-			for x in $$(KEEP_$(1)); do \
+-				[ -f "$$(IDIR_$(1))/$$$$x" ] || keepfiles="$$$${keepfiles:+$$$$keepfiles }$$$$x"; \
+-			done; \
+-			[ -z "$$$$keepfiles" ] || { \
+-				mkdir -p $$(IDIR_$(1))/lib/upgrade/keep.d; \
+-				for x in $$$$keepfiles; do echo $$$$x >> $$(IDIR_$(1))/lib/upgrade/keep.d/$(1); done; \
+-			}; \
+-		)
+-    endif
+-
+-	$(INSTALL_DIR) $$(PDIR_$(1))
+ 	$(FAKEROOT) $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
+ 	@[ -f $$(IPKG_$(1)) ]
+ 
+diff --git a/package/Makefile b/package/Makefile
+index ec503dc527..18a19fff13 100644
+--- a/package/Makefile
++++ b/package/Makefile
+@@ -60,6 +60,7 @@ $(curdir)/merge-index: $(curdir)/merge
+ 
+ ifndef SDK
+   $(curdir)/compile: $(curdir)/system/opkg/host/compile
++  $(patsubst %,$(curdir)/%/compile,$(filter-out %/apk/host,$($(curdir)/builddirs))): $(curdir)/system/apk/host/compile
+ endif
+ 
+ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DEVICE_ROOTFS),$(curdir)/merge-index)
+@@ -84,6 +85,7 @@ $(curdir)/index: FORCE
+ 	@for d in $(PACKAGE_SUBDIRS); do ( \
+ 		mkdir -p $$d; \
+ 		cd $$d || continue; \
++		$(SCRIPT_DIR)/apk-make-index.sh . 2>&1; \
+ 		$(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages.manifest; \
+ 		grep -vE '^(Maintainer|LicenseFiles|Source|SourceName|Require|SourceDateEpoch)' Packages.manifest > Packages; \
+ 		case "$$(((64 + $$(stat -L -c%s Packages)) % 128))" in 110|111) \
+diff --git a/package/base-files/Makefile b/package/base-files/Makefile
+index 8a1ddf96f5..9db4812981 100644
+--- a/package/base-files/Makefile
++++ b/package/base-files/Makefile
+@@ -107,6 +107,10 @@ ifdef CONFIG_SIGNED_PACKAGES
+ 	[ -s $(BUILD_KEY).ucert ] || \
+ 		$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p $(BUILD_KEY).pub -s $(BUILD_KEY)
+ 
++	[ -s $(BUILD_KEY_APK_SEC) -a -s $(BUILD_KEY_APK_PUB) ] || \
++		openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC); \
++		openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB)
++
+   endef
+ 
+ ifndef CONFIG_BUILDBOT
+diff --git a/rules.mk b/rules.mk
+index f31d9bb113..de81b65d46 100644
+--- a/rules.mk
++++ b/rules.mk
+@@ -258,6 +258,8 @@ else
+ endif
+ 
+ BUILD_KEY=$(TOPDIR)/key-build
++BUILD_KEY_APK_SEC=$(TOPDIR)/private-key.pem
++BUILD_KEY_APK_PUB=$(TOPDIR)/public-key.pem
+ 
+ FAKEROOT:=$(STAGING_DIR_HOST)/bin/fakeroot
+ 
+diff --git a/scripts/apk-make-index.sh b/scripts/apk-make-index.sh
+new file mode 100755
+index 0000000000..df1f1a2e2b
+--- /dev/null
++++ b/scripts/apk-make-index.sh
+@@ -0,0 +1,20 @@
++#!/usr/bin/env bash
++set -e
++
++pkg_dir=$1
++
++if [ -z "$pkg_dir" ] || [ ! -d "$pkg_dir" ]; then
++	echo "Usage: apk-make-index <package_directory>" >&2
++	exit 1
++fi
++
++(
++	cd "$pkg_dir" || exit 1
++	GLOBIGNORE="kernel*:libc*"
++	set -- *.apk
++	if [ "$1" = '*.apk' ]; then
++		echo "No APK packages found"
++	fi
++	apk index --output APKINDEX.tar.gz "$@"
++	unset GLOBIGNORE
++)
+-- 
+2.25.1
+

backports/0022-fstools-update-to-git-HEAD.patch

@@ -0,0 +1,69 @@
+From 8e8b3e443a7f1d0644f43888c8683698f26d4d13 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sun, 25 Jul 2021 01:20:31 +0100
+Subject: [PATCH 22/27] fstools: update to git HEAD
+
+ bad1835 fstools: add partname volume driver
+ 19d7d93 libfstools: partname: several fixes
+ 3c38f0c libfstools: fix build with glibc
+ d05ad93 libfstools: remove superflus include
+ 964d1e3 partname: allow skipping existing 'rootfs_data' partition
+ c44b40b overlay: fix syncronizing typo
+ b5397a1 fstools: block: fix segfault on mount with no target
+ bd7cc8d block: use dynamically allocated target string
+ 6d8450e blockd: use allocated strings instead of fixed buffers
+ d47909e libblkid-tiny: fix buffer overflow
+ 67d2297 block: match device path instead of assuming /dev/%s
+ 2aeba88 block: allow autofs and umount commands also on MTD/UBI
+ 3d40a1b blockd: add missing #define _GNU_SOURCE
+ 4d4dcfb blockd: detect mountpoint of /dev/mapper/*
+ 2f42515 block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging
+ 39558a1 blockd: also send ubus notification on mount hotplug
+ 3386b6b blockd: fix trigger name
+ cdc9939 blockd: move to its own POSIX process group
+ 59f7c11 blockd: create mountpoint parent folder if needed
+ 9cc96af Revert "block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging"
+ 06334ac Revert "blockd: detect mountpoint of /dev/mapper/*"
+ 9ab3551 block: use /dev/dm-* instead of /dev/mapper/*
+ 5114595 block: allow remove hotplug event to arrive at blockd
+ a846c6b blockd: fix length of timeout int passed to ioctl
+ 1d681ca block: support umount device basename
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ package/system/fstools/Makefile          | 6 +++---
+ package/system/fstools/files/blockd.init | 1 +
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/package/system/fstools/Makefile b/package/system/fstools/Makefile
+index 2da508d541..b582a17bae 100644
+--- a/package/system/fstools/Makefile
++++ b/package/system/fstools/Makefile
+@@ -12,9 +12,9 @@ PKG_RELEASE:=1
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/fstools.git
+-PKG_MIRROR_HASH:=a485792d90c71cd4fb396ce97f42a57ee4d2a3d78e5f3fd0748270ffb14209e6
+-PKG_SOURCE_DATE:=2021-01-04
+-PKG_SOURCE_VERSION:=c53b18820756f6f32ad0782d3bf489422b7c4ad3
++PKG_MIRROR_HASH:=6a457b812166e04e2244ee1be92a4957666b5d1554315c0e18db1b30376cc617
++PKG_SOURCE_DATE:=2021-07-28
++PKG_SOURCE_VERSION:=cc63933faedd8d4fcdabb872cf4661ac04fe4ba2
+ CMAKE_INSTALL:=1
+ 
+ PKG_LICENSE:=GPL-2.0
+diff --git a/package/system/fstools/files/blockd.init b/package/system/fstools/files/blockd.init
+index a4ce57d40d..bdd8bbf622 100755
+--- a/package/system/fstools/files/blockd.init
++++ b/package/system/fstools/files/blockd.init
+@@ -16,6 +16,7 @@ reload_service() {
+ start_service() {
+ 	procd_open_instance
+ 	procd_set_param command "$PROG"
++	procd_set_param watch block
+ 	procd_set_param respawn
+ 	procd_close_instance
+ }
+-- 
+2.25.1
+

backports/0023-tools-libressl-update-to-3.3.3.patch

@@ -0,0 +1,40 @@
+From 873052b99d6597209957ec32898fa56324cf34a4 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 19 Jun 2021 14:45:11 -0700
+Subject: [PATCH 23/27] tools/libressl: update to 3.3.3
+
+Fix wrong FPIC variable usage. Fixes compilation under sparc64 host.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+(cherry picked from commit bf4dbbb55e2b8e23f186e1334f1e9ce6a3a8ddfe)
+---
+ tools/libressl/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tools/libressl/Makefile b/tools/libressl/Makefile
+index 2b5a33450c..e25b5661ee 100644
+--- a/tools/libressl/Makefile
++++ b/tools/libressl/Makefile
+@@ -8,8 +8,8 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=libressl
+-PKG_VERSION:=3.3.1
+-PKG_HASH:=a6d331865e0164a13ac85a228e52517f7cf8f8488f2f95f34e7857302f97cfdb
++PKG_VERSION:=3.3.3
++PKG_HASH:=a471565b36ccd1a70d0bd7d37c6e95c43a26a62829b487d9d2cdebfe58be3066
+ PKG_RELEASE:=1
+ 
+ PKG_CPE_ID:=cpe:/a:openbsd:libressl
+@@ -25,7 +25,7 @@ include $(INCLUDE_DIR)/host-build.mk
+ 
+ HOSTCC := $(HOSTCC_NOCACHE)
+ HOST_CONFIGURE_ARGS += --enable-static --disable-shared --disable-tests
+-HOST_CFLAGS += $(FPIC)
++HOST_CFLAGS += $(HOST_FPIC)
+ 
+ ifeq ($(GNU_HOST_NAME),x86_64-linux-gnux32)
+ HOST_CONFIGURE_ARGS += --disable-asm
+-- 
+2.25.1
+

backports/0025-apk-backport-package.patch

@@ -0,0 +1,312 @@
+From bf98d3c1de524ca50cbc09f825a4b0648e353624 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Fri, 13 Aug 2021 08:47:11 +0200
+Subject: [PATCH 25/27] apk: backport package
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/system/apk/Makefile                   | 93 +++++++++++++++++++
+ ...vel@lists.alpinelinux.org-4a6a0840.rsa.pub |  9 ++
+ ...vel@lists.alpinelinux.org-5243ef4b.rsa.pub |  9 ++
+ ...vel@lists.alpinelinux.org-5261cecb.rsa.pub |  9 ++
+ package/system/apk/files/alpine-repositories  |  3 +
+ .../apk/patches/000-Makefile-version.patch    | 11 +++
+ .../patches/0001-remove-doc-generation.patch  | 21 +++++
+ package/system/apk/patches/100-link.patch     | 16 ++++
+ package/system/apk/patches/100-phtread.patch  | 12 +++
+ ...ude-limits.h-to-fix-build-with-glibc.patch | 20 ++++
+ package/system/apk/test.sh                    |  9 ++
+ 11 files changed, 212 insertions(+)
+ create mode 100644 package/system/apk/Makefile
+ create mode 100644 package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+ create mode 100644 package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+ create mode 100644 package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+ create mode 100644 package/system/apk/files/alpine-repositories
+ create mode 100644 package/system/apk/patches/000-Makefile-version.patch
+ create mode 100644 package/system/apk/patches/0001-remove-doc-generation.patch
+ create mode 100644 package/system/apk/patches/100-link.patch
+ create mode 100644 package/system/apk/patches/100-phtread.patch
+ create mode 100644 package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch
+ create mode 100644 package/system/apk/test.sh
+
+diff --git a/package/system/apk/Makefile b/package/system/apk/Makefile
+new file mode 100644
+index 0000000000..335f50c155
+--- /dev/null
++++ b/package/system/apk/Makefile
+@@ -0,0 +1,93 @@
++include $(TOPDIR)/rules.mk
++
++PKG_NAME:=apk
++PKG_VERSION:=3.0.0_pre0
++
++PKG_SOURCE_PROTO:=git
++PKG_SOURCE_URL:=https://git.alpinelinux.org/apk-tools.git
++PKG_SOURCE_DATE:=2021-08-17
++PKG_SOURCE_VERSION:=a46043bcc4cc15b456ef1eac5c5f9d93bd905d53
++PKG_MIRROR_HASH:=e16fd04b18043e78a177acd8c6958fa03fd1484b62c879c2dd0bed8ce9c50625
++PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_DATE)-$(call version_abbrev,$(PKG_SOURCE_VERSION))
++PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
++HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_SOURCE_SUBDIR)
++PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.xz
++PKG_RELEASE:=r$(PKG_SOURCE_DATE)-$(call version_abbrev,$(PKG_SOURCE_VERSION))-$(AUTORELEASE)
++
++PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
++PKG_LICENSE:=GPL-2.0-only
++PKG_LICENSE_FILES:=LICENSE
++
++PKG_INSTALL:=1
++PKG_BUILD_PARALLEL:=1
++
++HOST_BUILD_DEPENDS:=lua/host lua-lzlib/host
++PKG_BUILD_DEPENDS:=$(HOST_BUILD_DEPENDS)
++
++include $(INCLUDE_DIR)/package.mk
++include $(INCLUDE_DIR)/host-build.mk
++
++define Package/apk
++  SECTION:=utils
++  CATEGORY:=Utilities
++  TITLE:=apk package manager
++  DEPENDS:=+liblua +libopenssl +zlib @!arc
++  URL:=$(PKG_SOURCE_URL)
++endef
++
++define Package/alpine-keys
++  SECTION:=utils
++  CATEGORY:=Utilities
++  TITLE:=Alpine apk public signing keys
++  DEPENDS:=apk
++endef
++
++define Package/alpine-repositories
++  SECTION:=utils
++  CATEGORY:=Utilities
++  TITLE:=Official Alpine repositories
++  DEPENDS:=apk
++endef
++
++MAKE_FLAGS += \
++	LUA=$(STAGING_DIR_HOSTPKG)/bin/lua \
++	LUA_VERSION=5.1 \
++	LUA_PC=lua
++
++HOST_MAKE_FLAGS += \
++	LUA=$(STAGING_DIR_HOSTPKG)/bin/lua \
++	LUA_VERSION=5.1 \
++	DESTDIR=$(STAGING_DIR_HOSTPKG) \
++	SBINDIR=/bin \
++	PREFIX=
++
++HOST_LDFLAGS+=-Wl,-rpath=$(STAGING_DIR_HOSTPKG)/lib -lpthread
++
++define Package/apk/install
++	$(INSTALL_DIR) $(1)/lib/apk/db
++
++	$(INSTALL_DIR) $(1)/bin
++	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/apk $(1)/bin/apk
++
++	$(INSTALL_DIR) $(1)/usr/lib
++	$(CP) $(PKG_INSTALL_DIR)/lib/*.so.* $(1)/usr/lib/
++
++	$(INSTALL_DIR) $(1)/etc/apk/
++	echo $(ARCH) > $(1)/etc/apk/arch
++	touch $(1)/etc/apk/world
++endef
++
++define Package/alpine-keys/install
++	$(INSTALL_DIR) $(1)/etc/apk/keys
++	$(INSTALL_DATA) ./files/alpine-keys/* $(1)/etc/apk/keys
++endef
++
++define Package/alpine-repositories/install
++	$(INSTALL_DIR) $(1)/etc/apk/keys
++	$(INSTALL_DATA) ./files/alpine-repositories $(1)/etc/apk/repositories
++endef
++
++$(eval $(call BuildPackage,apk))
++$(eval $(call BuildPackage,alpine-keys))
++$(eval $(call BuildPackage,alpine-repositories))
++$(eval $(call HostBuild))
+diff --git a/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+new file mode 100644
+index 0000000000..bb4bdc80fd
+--- /dev/null
++++ b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+@@ -0,0 +1,9 @@
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe
++qxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O
++Q0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA
++jixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R
++L5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo
++GuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B
++ywIDAQAB
++-----END PUBLIC KEY-----
+diff --git a/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+new file mode 100644
+index 0000000000..6cbfad7441
+--- /dev/null
++++ b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+@@ -0,0 +1,9 @@
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNijDxJ8kloskKQpJdx+
++mTMVFFUGDoDCbulnhZMJoKNkSuZOzBoFC94omYPtxnIcBdWBGnrm6ncbKRlR+6oy
++DO0W7c44uHKCFGFqBhDasdI4RCYP+fcIX/lyMh6MLbOxqS22TwSLhCVjTyJeeH7K
++aA7vqk+QSsF4TGbYzQDDpg7+6aAcNzg6InNePaywA6hbT0JXbxnDWsB+2/LLSF2G
++mnhJlJrWB1WGjkz23ONIWk85W4S0XB/ewDefd4Ly/zyIciastA7Zqnh7p3Ody6Q0
++sS2MJzo7p3os1smGjUF158s6m/JbVh4DN6YIsxwl2OjDOz9R0OycfJSDaBVIGZzg
++cQIDAQAB
++-----END PUBLIC KEY-----
+diff --git a/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+new file mode 100644
+index 0000000000..83f0658e9c
+--- /dev/null
++++ b/package/system/apk/files/alpine-keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+@@ -0,0 +1,9 @@
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0
++cGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX
++yHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j
++g01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB
++Ca1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY
++sWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw
++wwIDAQAB
++-----END PUBLIC KEY-----
+diff --git a/package/system/apk/files/alpine-repositories b/package/system/apk/files/alpine-repositories
+new file mode 100644
+index 0000000000..5babbb23b4
+--- /dev/null
++++ b/package/system/apk/files/alpine-repositories
+@@ -0,0 +1,3 @@
++https://dl-cdn.alpinelinux.org/alpine/edge/main
++https://dl-cdn.alpinelinux.org/alpine/edge/community
++
+diff --git a/package/system/apk/patches/000-Makefile-version.patch b/package/system/apk/patches/000-Makefile-version.patch
+new file mode 100644
+index 0000000000..2e7f5b0f15
+--- /dev/null
++++ b/package/system/apk/patches/000-Makefile-version.patch
+@@ -0,0 +1,11 @@
++--- a/Makefile
+++++ b/Makefile
++@@ -4,7 +4,7 @@
++ -include config.mk
++ 
++ PACKAGE := apk-tools
++-VERSION := 2.12.0
+++VERSION := 3.0.0_pre0
++ 
++ export VERSION
++ 
+diff --git a/package/system/apk/patches/0001-remove-doc-generation.patch b/package/system/apk/patches/0001-remove-doc-generation.patch
+new file mode 100644
+index 0000000000..dee05c56f2
+--- /dev/null
++++ b/package/system/apk/patches/0001-remove-doc-generation.patch
+@@ -0,0 +1,21 @@
++From b05a93c48fdbb50f0c464310dc2ce45777d32ea2 Mon Sep 17 00:00:00 2001
++From: Paul Spooren <mail@aparcar.org>
++Date: Fri, 2 Oct 2020 14:08:52 -1000
++Subject: [PATCH] remove doc generation
++
++Signed-off-by: Paul Spooren <mail@aparcar.org>
++---
++ Makefile | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++--- a/Makefile
+++++ b/Makefile
++@@ -25,7 +25,7 @@ export DESTDIR SBINDIR LIBDIR CONFDIR MA
++ ##
++ # Top-level subdirs
++ 
++-subdirs		:= libfetch/ src/ doc/
+++subdirs		:= libfetch/ src/
++ 
++ ##
++ # Include all rules and stuff
+diff --git a/package/system/apk/patches/100-link.patch b/package/system/apk/patches/100-link.patch
+new file mode 100644
+index 0000000000..9cae2787d9
+--- /dev/null
++++ b/package/system/apk/patches/100-link.patch
+@@ -0,0 +1,16 @@
++diff -urN apk-2021-08-17-a46043bc.orig/src/Makefile apk-2021-08-17-a46043bc/src/Makefile
++--- apk-2021-08-17-a46043bc.orig/src/Makefile	2021-08-17 14:21:04.117760513 +0200
+++++ apk-2021-08-17-a46043bc/src/Makefile	2021-08-17 14:21:16.653830180 +0200
++@@ -65,7 +65,11 @@
++ 	app_convdb.o app_convndx.o app_del.o app_dot.o app_extract.o app_fetch.o \
++ 	app_fix.o app_index.o app_info.o app_list.o app_manifest.o app_mkndx.o \
++ 	app_mkpkg.o app_policy.o app_update.o app_upgrade.o app_search.o \
++-	app_stats.o app_verify.o app_version.o app_vertest.o applet.o
+++	app_stats.o app_verify.o app_version.o app_vertest.o applet.o \
+++	adb.o adb_comp.o adb_walk_adb.o adb_walk_genadb.o adb_walk_gentext.o adb_walk_text.o apk_adb.o \
+++	atom.o blob.o commit.o common.o context.o crypto_openssl.o database.o hash.o \
+++	extract.o extract_v2.o extract_v3.o io.o io_gunzip.o io_url.o tar.o \
+++	package.o pathbuilder.o print.o solver.o trust.o version.o
++ 
++ ifeq ($(ADB),y)
++ libapk.so.$(libapk_soname)-objs += apk_adb.o
+diff --git a/package/system/apk/patches/100-phtread.patch b/package/system/apk/patches/100-phtread.patch
+new file mode 100644
+index 0000000000..c252e14dc1
+--- /dev/null
++++ b/package/system/apk/patches/100-phtread.patch
+@@ -0,0 +1,12 @@
++diff -urN apk-2021-07-23-3d203e8f.orig/src/Makefile apk-2021-07-23-3d203e8f/src/Makefile
++--- apk-2021-07-23-3d203e8f.orig/src/Makefile	2021-07-25 12:55:05.576564663 +0200
+++++ apk-2021-07-23-3d203e8f/src/Makefile	2021-07-25 12:55:48.660862181 +0200
++@@ -87,7 +87,7 @@
++ apk.static-libs		:= $(apk-static-libs)
++ LDFLAGS_apk.static	:= -static
++ LIBS_apk.static		:= -Wl,--as-needed -ldl -Wl,--no-as-needed
++-LDFLAGS_apk		+= -L$(obj)
+++LDFLAGS_apk		+= -L$(obj) -pthread
++ LDFLAGS_apk-test	+= -L$(obj)
++ 
++ CFLAGS_ALL		+= $(OPENSSL_CFLAGS) $(ZLIB_CFLAGS)
+diff --git a/package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch b/package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch
+new file mode 100644
+index 0000000000..43ec7d5f1a
+--- /dev/null
++++ b/package/system/apk/patches/100-tar-include-limits.h-to-fix-build-with-glibc.patch
+@@ -0,0 +1,20 @@
++From c72ea983e287ec1d8b1f2b3aab1bf40aa7a30b03 Mon Sep 17 00:00:00 2001
++From: Daniel Golle <daniel@makrotopia.org>
++Date: Wed, 4 Aug 2021 21:37:40 +0100
++Subject: [PATCH] tar: include <limits.h> to fix build with glibc
++
++Signed-off-by: Daniel Golle <daniel@makrotopia.org>
++---
++ src/tar.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/src/tar.c
+++++ b/src/tar.c
++@@ -9,6 +9,7 @@
++ 
++ #include <sys/stat.h>
++ #include <sys/sysmacros.h>
+++#include <limits.h> /* for SSIZE_MAX with glibc */
++ 
++ #include "apk_defines.h"
++ #include "apk_tar.h"
+diff --git a/package/system/apk/test.sh b/package/system/apk/test.sh
+new file mode 100644
+index 0000000000..814777fd70
+--- /dev/null
++++ b/package/system/apk/test.sh
+@@ -0,0 +1,9 @@
++#!/bin/sh
++
++case "$1" in
++    "apk")
++        apk --version | grep "${2/-r*/}"
++        ;;
++    *)
++        return 0;
++esac
+-- 
+2.25.1
+

backports/0026-lua-lzlib-backport-package.patch

@@ -0,0 +1,104 @@
+From ec862d472fca676cc04ce71b640e880ecefdd477 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Fri, 13 Aug 2021 08:48:02 +0200
+Subject: [PATCH 26/27] lua-lzlib: backport package
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/libs/lua-lzlib/Makefile               | 64 +++++++++++++++++++
+ .../patches/001-allow_optim_flags.patch       | 12 ++++
+ 2 files changed, 76 insertions(+)
+ create mode 100644 package/libs/lua-lzlib/Makefile
+ create mode 100644 package/libs/lua-lzlib/patches/001-allow_optim_flags.patch
+
+diff --git a/package/libs/lua-lzlib/Makefile b/package/libs/lua-lzlib/Makefile
+new file mode 100644
+index 0000000000..5e0a16b135
+--- /dev/null
++++ b/package/libs/lua-lzlib/Makefile
+@@ -0,0 +1,64 @@
++#
++# Copyright (C) 2015 OpenWrt.org
++#
++# This is free software, licensed under the GNU General Public License v2.
++# See /LICENSE for more information.
++#
++
++include $(TOPDIR)/rules.mk
++
++PKG_NAME:=lua-lzlib
++PKG_VERSION:=0.4.3
++PKG_RELEASE:=1
++PKG_MAINTAINER:=Dirk Chang <dirk@kooiot.com>
++PKG_LICENSE:=MIT
++
++PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
++PKG_MIRROR_HASH:=b6ef5e3f04b7f2137b39931a175ee802489a2486e70537770919bcccca10e723
++PKG_SOURCE_URL:=https://github.com/LuaDist/lzlib.git
++PKG_SOURCE_PROTO:=git
++PKG_SOURCE_VERSION:=79329a07d8f79c19eadd7ea2752b4c4e1574b015
++PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
++
++HOST_BUILD_DEPENDS:=lua/host
++
++include $(INCLUDE_DIR)/package.mk
++include $(INCLUDE_DIR)/host-build.mk
++
++define Package/lua-lzlib
++  SUBMENU:=Lua
++  SECTION:=lang
++  CATEGORY:=Languages
++  TITLE:=Lua zlib binding
++  URL:=http://github.com/LuaDist/lzlib
++  DEPENDS:= +lua +zlib
++endef
++
++define Package/lua-lzlib/description
++	A library to access zlib library functions and also to read/write gzip files using an interface similar to the base io package. 
++endef
++
++MAKE_FLAGS += \
++	LUA="$(STAGING_DIR)/usr" \
++	OFLAGS="$(TARGET_CFLAGS)" \
++
++HOST_MAKE_FLAGS += \
++	LUA="$(STAGING_DIR_HOSTPKG)" \
++	OFLAGS="$(HOST_CFLAGS)" \
++
++define Package/lua-lzlib/install
++	$(INSTALL_DIR) $(1)/usr/lib/lua
++	$(INSTALL_BIN) $(PKG_BUILD_DIR)/zlib.so $(1)/usr/lib/lua/
++
++	$(INSTALL_DATA) $(PKG_BUILD_DIR)/gzip.lua $(1)/usr/lib/lua/
++endef
++
++define Host/Install
++	$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/lib/lua/5.1
++	$(INSTALL_BIN) $(HOST_BUILD_DIR)/zlib.so $(STAGING_DIR_HOSTPKG)/lib/lua/5.1
++
++	$(INSTALL_DATA) $(HOST_BUILD_DIR)/gzip.lua $(STAGING_DIR_HOSTPKG)/lib/lua/5.1
++endef
++
++$(eval $(call BuildPackage,lua-lzlib))
++$(eval $(call HostBuild))
+diff --git a/package/libs/lua-lzlib/patches/001-allow_optim_flags.patch b/package/libs/lua-lzlib/patches/001-allow_optim_flags.patch
+new file mode 100644
+index 0000000000..78f981d237
+--- /dev/null
++++ b/package/libs/lua-lzlib/patches/001-allow_optim_flags.patch
+@@ -0,0 +1,12 @@
++--- a/Makefile
+++++ b/Makefile
++@@ -14,7 +14,8 @@ LUABIN= $(LUA)/bin
++ ZLIB=../zlib-1.2.3
++ 
++ # no need to change anything below here
++-CFLAGS= $(INCS) $(DEFS) $(WARN) -O0 -fPIC
+++CFLAGS= $(INCS) $(DEFS) $(WARN) $(OFLAGS) -fPIC
+++OFLAGS= -O0
++ WARN= -g -Werror -Wall -pedantic #-ansi
++ INCS= -I$(LUAINC) -I$(ZLIB)
++ LIBS= -L$(ZLIB) -lz -L$(LUALIB) -L$(LUABIN) #-llua51
+-- 
+2.25.1
+

backports/0027-lua-make-it-easier-to-detect-host-built-Lua.patch

@@ -0,0 +1,35 @@
+From 5fc717aa60b36934892d6d77c0637fc53aa7f761 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sat, 10 Jul 2021 20:21:26 +0100
+Subject: [PATCH 27/27] lua: make it easier to detect host-built Lua
+
+Install pkg-config file also for host-build, clean up Lua symlinks.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+(cherry picked from commit 315f52e0f3bfa3d65ad14ca21a696c6d31c4edcd)
+---
+ package/utils/lua/Makefile | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/package/utils/lua/Makefile b/package/utils/lua/Makefile
+index d262d1e1fc..e15142d8d2 100644
+--- a/package/utils/lua/Makefile
++++ b/package/utils/lua/Makefile
+@@ -134,8 +134,12 @@ define Host/Install
+ 		INSTALL_TOP="$(STAGING_DIR_HOSTPKG)" \
+ 		install
+ 
+-	$(LN) $(STAGING_DIR_HOSTPKG)/bin/lua5.1 $(STAGING_DIR_HOSTPKG)/bin/lua
+-	$(LN) $(STAGING_DIR_HOSTPKG)/bin/luac5.1 $(STAGING_DIR_HOSTPKG)/bin/luac
++	$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/lib/pkgconfig
++	$(CP) $(HOST_BUILD_DIR)/etc/lua.pc $(STAGING_DIR_HOSTPKG)/lib/pkgconfig/lua5.1.pc
++
++	$(LN) lua5.1 $(STAGING_DIR_HOSTPKG)/bin/lua
++	$(LN) luac5.1 $(STAGING_DIR_HOSTPKG)/bin/luac
++	$(LN) lua5.1.pc $(STAGING_DIR_HOSTPKG)/lib/pkgconfig/lua.pc
+ endef
+ 
+ define Build/InstallDev
+-- 
+2.25.1
+

backports/0036-iwinfo-update-to-latest-git-HEAD.patch

@@ -1,39 +0,0 @@
-From c90fec205137d8d8c1197722a39d5c700ae3f6b1 Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Mon, 21 Jun 2021 12:53:28 +0200
-Subject: [PATCH 02/36] iwinfo: update to latest git HEAD
-
-Signed-off-by: John Crispin <john@phrozen.org>
----
- package/network/utils/iwinfo/Makefile | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/package/network/utils/iwinfo/Makefile b/package/network/utils/iwinfo/Makefile
-index 3454d615a9..b7c8370bba 100644
---- a/package/network/utils/iwinfo/Makefile
-+++ b/package/network/utils/iwinfo/Makefile
-@@ -11,9 +11,9 @@ PKG_RELEASE:=1
- 
- PKG_SOURCE_PROTO:=git
- PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git
--PKG_SOURCE_DATE:=2021-01-31
--PKG_SOURCE_VERSION:=4a32b33e9606f1bc1125f4bc24b0581349e55f2e
--PKG_MIRROR_HASH:=414e5d150efaadba21103e66f862be66a94dcf83c16a2850f7c05051a9b0739d
-+PKG_SOURCE_DATE:=2021-06-09
-+PKG_SOURCE_VERSION:=c0414642fead263a4a6a686ad3cb7e965ec8a23a
-+PKG_MIRROR_HASH:=c5686bbae86753c53db03a686b034bbb80d31107cc359ebd8522ea1c82db35ea
- PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
- PKG_LICENSE:=GPL-2.0
- 
-@@ -25,7 +25,7 @@ PKG_CONFIG_DEPENDS := \
- 	CONFIG_PACKAGE_kmod-brcm-wl-mimo \
- 	CONFIG_PACKAGE_kmod-cfg80211
- 
--IWINFO_ABI_VERSION:=20210106
-+IWINFO_ABI_VERSION:=20210430
- 
- include $(INCLUDE_DIR)/package.mk
- 
--- 
-2.25.1
-

backports/0037-netifd-update-to-latest-HEAD.patch

@@ -1,98 +0,0 @@
-From ddaf9ee904b614f79c87f6d67d6c7b09c5d46eca Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Thu, 27 May 2021 13:24:47 +0200
-Subject: [PATCH 01/44] netifd: update to latest HEAD
-
-Signed-off-by: John Crispin <john@phrozen.org>
----
- package/network/config/netifd/Makefile          | 12 +++++++++---
- .../network/config/netifd/files/etc/udhcpc.user |  1 +
- .../config/netifd/files/lib/netifd/dhcp.script  |  3 +++
- .../netifd/patches/002-fix-dhcp-issue.patch     | 17 +++++++++++++++++
- 4 files changed, 30 insertions(+), 3 deletions(-)
- create mode 100644 package/network/config/netifd/files/etc/udhcpc.user
- create mode 100644 package/network/config/netifd/patches/002-fix-dhcp-issue.patch
-
-diff --git a/package/network/config/netifd/Makefile b/package/network/config/netifd/Makefile
-index 7061456b08..5717a400be 100644
---- a/package/network/config/netifd/Makefile
-+++ b/package/network/config/netifd/Makefile
-@@ -5,9 +5,9 @@ PKG_RELEASE:=1
- 
- PKG_SOURCE_PROTO:=git
- PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
--PKG_SOURCE_DATE:=2021-01-09
--PKG_SOURCE_VERSION:=c00c8335d6188daa326ecfe5a62da15a9b9987e1
--PKG_MIRROR_HASH:=c740e51e0cec13eec336ba1c7a643db3b64a9a2235f8c1b73a566cb89e841190
-+PKG_SOURCE_DATE:=2021-05-26
-+PKG_SOURCE_VERSION:=440eb0647708274cc8d7d9e7c2bb0cfdfba90023
-+PKG_MIRROR_HASH:=
- PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
- 
- PKG_LICENSE:=GPL-2.0
-@@ -25,6 +25,11 @@ define Package/netifd
-   TITLE:=OpenWrt Network Interface Configuration Daemon
- endef
- 
-+define Package/netifd/conffiles
-+/etc/udhcpc.user
-+/etc/udhcpc.user.d/
-+endef
-+
- TARGET_CFLAGS += \
- 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
- 	-I$(STAGING_DIR)/usr/include \
-@@ -40,6 +45,7 @@ define Package/netifd/install
- 	$(INSTALL_DIR) $(1)/sbin
- 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/netifd $(1)/sbin/
- 	$(CP) ./files/* $(1)/
-+	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d/
- 	$(CP) $(PKG_BUILD_DIR)/scripts/* $(1)/lib/netifd/
- endef
- 
-diff --git a/package/network/config/netifd/files/etc/udhcpc.user b/package/network/config/netifd/files/etc/udhcpc.user
-new file mode 100644
-index 0000000000..78e2ba5f18
---- /dev/null
-+++ b/package/network/config/netifd/files/etc/udhcpc.user
-@@ -0,0 +1 @@
-+# This script is sourced by udhcpc's dhcp.script at every DHCP event.
-diff --git a/package/network/config/netifd/files/lib/netifd/dhcp.script b/package/network/config/netifd/files/lib/netifd/dhcp.script
-index 6585b641d6..e46005d84c 100755
---- a/package/network/config/netifd/files/lib/netifd/dhcp.script
-+++ b/package/network/config/netifd/files/lib/netifd/dhcp.script
-@@ -112,5 +112,8 @@ esac
- 
- # user rules
- [ -f /etc/udhcpc.user ] && . /etc/udhcpc.user "$@"
-+for f in /etc/udhcpc.user.d/*; do
-+	[ -f "$f" ] && (. "$f" "$@")
-+done
- 
- exit 0
-diff --git a/package/network/config/netifd/patches/002-fix-dhcp-issue.patch b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
-new file mode 100644
-index 0000000000..6f1d2e708e
---- /dev/null
-+++ b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
-@@ -0,0 +1,17 @@
-+Index: netifd-2019-08-05-5e02f944/interface.c
-+===================================================================
-+--- netifd-2019-08-05-5e02f944.orig/interface.c
-++++ netifd-2019-08-05-5e02f944/interface.c
-+@@ -424,7 +424,11 @@ interface_main_dev_cb(struct device_user
-+ 		interface_set_link_state(iface, false);
-+ 		break;
-+ 	case DEV_EVENT_TOPO_CHANGE:
-+-		interface_proto_event(iface->proto, PROTO_CMD_RENEW, false);
-++	/* This renews the dhcp lease when the bridge adds/deletes a
-++	 * new interface. It causes some dhcp servers to fail in
-++	 * case where there are many interfaces being added to the
-++	 * bridge frequently. Disabling this for now. */
-++	/*	interface_proto_event(iface->proto, PROTO_CMD_RENEW, false); */
-+ 		return;
-+ 	default:
-+ 		break;
--- 
-2.25.1
-

backports/0040-mt76-update-to-latest-HEAD.patch

@@ -1,51 +0,0 @@
-From e01de214b2492e1b8001d6057211017b5f0f6f49 Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Thu, 27 May 2021 13:25:41 +0200
-Subject: [PATCH 04/44] mt76: update to latest HEAD
-
-Signed-off-by: John Crispin <john@phrozen.org>
----
- package/kernel/mt76/Makefile | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/package/kernel/mt76/Makefile b/package/kernel/mt76/Makefile
-index e9e95fa9b3..431c57a240 100644
---- a/package/kernel/mt76/Makefile
-+++ b/package/kernel/mt76/Makefile
-@@ -8,11 +8,12 @@ PKG_LICENSE_FILES:=
- 
- PKG_SOURCE_URL:=https://github.com/openwrt/mt76
- PKG_SOURCE_PROTO:=git
--PKG_SOURCE_DATE:=2021-04-11
--PKG_SOURCE_VERSION:=bf45b30d891961dd7c4139dddb58b909ea2c2b5a
--PKG_MIRROR_HASH:=431cecf80dafa986e805f809522721c2bb26289867d6770695d49baf8b471bea
-+PKG_SOURCE_DATE:=2021-07-15
-+PKG_SOURCE_VERSION:=bbebea7d6dc64313132226adc3f7369d36e9359d
-+PKG_MIRROR_HASH:=17cd74e72c1f6c8742b698bf6772afacc6fba71b233af8c4d59530600cf44d5b
- 
- PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
-+PKG_USE_NINJA:=0
- PKG_BUILD_PARALLEL:=1
- 
- PKG_CONFIG_DEPENDS += \
-@@ -155,7 +156,7 @@ define KernelPackage/mt7615-common
-   $(KernelPackage/mt76-default)
-   TITLE:=MediaTek MT7615 wireless driver common code
-   HIDDEN:=1
--  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac
-+  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac +kmod-hwmon-core
-   FILES:= $(PKG_BUILD_DIR)/mt7615/mt7615-common.ko
- endef
- 
-@@ -213,7 +214,7 @@ endef
- define KernelPackage/mt7915e
-   $(KernelPackage/mt76-default)
-   TITLE:=MediaTek MT7915e wireless driver
--  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +@DRIVER_11AX_SUPPORT
-+  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +kmod-hwmon-core +kmod-thermal +@DRIVER_11AX_SUPPORT
-   FILES:= $(PKG_BUILD_DIR)/mt7915/mt7915e.ko
-   AUTOLOAD:=$(call AutoProbe,mt7915e)
- endef
--- 
-2.25.1
-

backports/0041-ar71xx-hacks.patch

@@ -1,39 +0,0 @@
-From 26aedfa7e2aa5ab583c68638539d5fc173af173f Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Mon, 12 Jul 2021 13:09:25 +0200
-Subject: [PATCH 36/37] ar71xx: hacks
-
-Signed-off-by: John Crispin <john@phrozen.org>
----
- package/kernel/linux/modules/crypto.mk | 2 +-
- package/kernel/mac80211/ath.mk         | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk
-index c277c6b8ec..9bee6fd8a9 100644
---- a/package/kernel/linux/modules/crypto.mk
-+++ b/package/kernel/linux/modules/crypto.mk
-@@ -885,7 +885,7 @@ define KernelPackage/crypto-sha256
- 	CONFIG_CRYPTO_SHA256_SSSE3
-   FILES:= \
- 	$(LINUX_DIR)/crypto/sha256_generic.ko \
--	$(LINUX_DIR)/lib/crypto/libsha256.ko
-+	$(LINUX_DIR)/lib/crypto/libsha256.ko@ge4.15
-   AUTOLOAD:=$(call AutoLoad,09,sha256_generic)
-   $(call AddDepends/crypto)
- endef
-diff --git a/package/kernel/mac80211/ath.mk b/package/kernel/mac80211/ath.mk
-index ba03ae11a6..ad2860a98e 100644
---- a/package/kernel/mac80211/ath.mk
-+++ b/package/kernel/mac80211/ath.mk
-@@ -43,6 +43,7 @@ config-$(call config_package,ath9k) += ATH9K
- config-$(call config_package,ath9k-common) += ATH9K_COMMON
- config-$(call config_package,owl-loader) += ATH9K_PCI_NO_EEPROM
- config-$(CONFIG_TARGET_ath79) += ATH9K_AHB
-+config-$(CONFIG_TARGET_ar71xx) += ATH9K_AHB
- config-$(CONFIG_TARGET_ipq40xx) += ATH10K_AHB
- config-$(CONFIG_PCI) += ATH9K_PCI
- config-$(CONFIG_ATH_USER_REGD) += ATH_USER_REGD ATH_REG_DYNAMIC_USER_REG_HINTS
--- 
-2.25.1
-

config.yml

@@ -1,6 +1,6 @@
 repo:  https://github.com/openwrt/openwrt.git
 branch: openwrt-21.02
-revision: 6fd65c657351908302b37447675ee352ec927d93
+revision: 378769b5551714ccaa821b481bfeecbf362f351e
 output_dir: ./output
 
 patch_folders:

feeds/facebook/fbwifi/Makefile

@@ -0,0 +1,56 @@
+# Copyright (c) Facebook, Inc. and its affiliates.
+# All rights reserved.
+#
+# This source code is licensed under the license found in the
+# LICENSE file in the root directory of this source tree.
+#
+
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fbwifi
+PKG_VERSION:=2
+PKG_RELEASE:=0
+PKG_LICENSE:=GPL-2.0
+
+PKG_MAINTAINER:=Simon Kinane <skinane@fb.com>
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fbwifi
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+iptables +luasec +luasocket \
+	+luci-base +libuci-lua +luaposix \
+	+luci-mod-network +luci-mod-status +luci-theme-bootstrap \
+	+lua-cjson +uhttpd
+  TITLE:=Facebook Wi-Fi
+  PKGARCH:=all
+endef
+
+define Package/fbwifi/description
+  Facebook Wi-Fi, an AP authorisation solution
+endef
+
+define Package/fbwifi/conffiles
+/etc/config/fbwifi
+endef
+
+define Build/Prepare
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/fbwifi/install
+	$(INSTALL_DIR) $(1)
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fbwifi))

feeds/facebook/fbwifi/README.md

@@ -0,0 +1,55 @@
+# Facebook Wi-Fi v2.0 Reference Implementation for OpenWrt 
+
+## Getting started
+
+Case studies for OEM customers are available at the official page of [Facebook Wi-Fi](https://www.facebook.com/facebook-wifi).
+
+For OEM engineers, start by reading the init script in [files/etc/init.d/fbwifi](https://github.com/facebookincubator/fbc_owrt_feed/blob/master/fbwifi/files/etc/init.d/fbwifi)
+
+## Contents
+
+The 'files' subdirectory contains all the configuration, script and code 
+that implements the Facebook Wi-Fi v2.0 standard for OpenWrt.
+
+The folder structure follows *nix conventions :
+- 'etc' is the boot time scripts and configuration
+- 'usr' contains procedural scripts, lua common code module and GUI prototype for luci
+- 'www' contains the HTTP endpoints as CGI handlers 
+
+```
+files/
+├── etc
+│   ├── config
+│   │   └── fbwifi
+│   ├── hotplug.d
+│   │   └── iface
+│   │       └── 50-fbwifi
+│   ├── init.d
+│   │   └── fbwifi
+├── usr
+│   ├── lib
+│   │   └── lua
+│   │       ├── fbwifi.lua
+│   │       └── luci
+│   │           ├── controller
+│   │           │   └── fbwifi.lua
+│   │           └── view
+│   │               └── fbwifi.htm
+│   ├── sbin
+│   │   ├── fbwifi
+│   │   ├── fbwifi_debug_dump
+│   │   ├── fbwifi_gateway_info_update
+│   │   ├── fbwifi_get_config
+│   │   └── fbwifi_validate_token_db
+│   └── share
+│       └── fbwifi
+│           ├── firewall.include
+│           └── uhttpd.json
+└── www
+    └── cgi-bin
+        └── fbwifi
+            └── v2.0
+                ├── auth
+                ├── capport
+                └── info
+```

feeds/facebook/fbwifi/files/etc/config/fbwifi

@@ -0,0 +1,6 @@
+config fbwifi 'main'
+	option enabled '0'
+	option gateway_token 'FBWIFI:GATEWAY|123456789|0123456789|abcdeABCDE123456789'
+	option http_port '2060'
+	option https_port '2061'
+	option zone 'lan'

feeds/facebook/fbwifi/files/etc/hotplug.d/iface/50-fbwifi

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+[ "$ACTION" = ifup ] || exit 0
+
+/etc/init.d/fbwifi enabled || exit 0
+
+ip route get fibmatch 1.1.1.1 | grep -q "$DEVICE" || exit 0
+
+logger -t fbwifi "Reloading fbwifi due to $ACTION of $INTERFACE ($DEVICE)"
+/etc/init.d/fbwifi restart

feeds/facebook/fbwifi/files/etc/init.d/fbwifi

@@ -0,0 +1,43 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+
+USE_PROCD=1
+
+reload_service() {
+	restart
+}
+
+service_triggers() {
+	procd_add_reload_trigger fbwifi
+}
+
+start_service() {
+
+	config_load fbwifi
+	config_get_bool enabled 'main' 'enabled' '0'
+	[ "$enabled" -eq 0 ] && return
+
+	config_get http_port main http_port
+	[ -z "$http_port" ] && {
+		logger -t fbwifi "required option http_port not set"
+		exit 1
+	}
+
+	config_get https_port main https_port
+	[ -z "$https_port" ] && {
+		logger -t fbwifi "required option https_port not set"
+		exit 1
+	}
+
+	logger "[fbwifi] Enabled; starting"
+
+	mkdir -p /tmp/fbwifi
+
+	/usr/sbin/fbwifi reload
+
+	procd_open_instance
+	procd_set_param command /usr/sbin/fbwifi_validate_token_db
+	procd_set_param respawn 1 300 0
+	procd_close_instance
+}

feeds/facebook/fbwifi/files/usr/lib/lua/fbwifi.lua

@@ -0,0 +1,153 @@
+-- FBWIFI Lua library
+-- function table
+local fbwifi = {}
+
+local http = require("ssl.https")
+local json = require("cjson")
+local log = require("posix.syslog")
+local uci = require("uci")
+
+function fbwifi.gateway_token()
+
+	state = uci.cursor(nil, "/var/state")
+	token = state:get("fbwifi", "main", "gateway_token")
+	if token and string.len(token) > 0 then
+		return token
+	else
+		log.syslog( log.LOG_WARNING, "[fbwifi] UCI option fbwifi.main.gateway_token is missing" )
+		return nil
+	end 
+end
+
+function fbwifi.validate_token( token )
+
+	local valid = false
+
+	if string.len(token or '' ) > 0 then
+
+	        GATEWAY_TOKEN = fbwifi.gateway_token()
+
+	        URL="https://api.fbwifi.com/v2.0/token"
+	        BODY="token="..token
+	        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+	        if code==200 then
+	                valid = true
+	        else
+	                log.syslog(log.LOG_WARNING, "[fbwifi] validate_token:"..body)
+	        end
+
+	end
+
+	return valid
+end
+
+local mac_to_purge=''
+function remove_client_by_mac(client)
+	state = uci.cursor(nil, "/var/state")
+
+	for key, value in pairs(client) do
+		if
+			key == 'mac' and
+			value == mac_to_purge
+		then
+			log.syslog(log.LOG_INFO, string.format("[fbwifi] Purging DB entry %s for MAC %s", client['.name'] or 'unknown', mac_to_purge) )
+			state:delete("fbwifi", client['.name'])
+			return
+		end
+	end
+end
+
+function fbwifi.instate_client_rule( token, client_mac )
+
+	log.syslog(log.LOG_INFO, "[fbwifi] Validating client "..client_mac)
+
+	state = uci.cursor(nil, "/var/state")
+	state_name = "token_" .. token
+
+	RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
+	RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
+	local RULE
+
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] Cleaning DB for MAC %s", client_mac) )
+	mac_to_purge = client_mac
+	state:foreach("fbwifi", "client", remove_client_by_mac)
+	
+		
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] Adding DB entry %s for MAC %s", state_name, client_mac) )
+	state:set("fbwifi", state_name, "client")
+	state:set("fbwifi", state_name, "token", token)
+	state:set("fbwifi", state_name, "mac", client_mac)
+	state:set("fbwifi", state_name, "authenticated", "true")
+				
+	-- verify a rule exists for the given client MAC, 
+	--   OR install it
+	RULE=string.format(RULE_COND.." || "..RULE_FMT, client_mac, "A", client_mac)
+
+	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Opening iptables for %s", client_mac ) )
+	res = os.execute(RULE)
+	if res ~= 0 then 
+		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
+	end
+	log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
+	
+	state:save('fbwifi')
+end
+
+function fbwifi.revoke_client_rule( token )
+        
+        if (token == nil) then
+                log.syslog(log.LOG_INFO, "[fbwifi] Invalidating token, but token is Nil")
+                return
+        end
+
+	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Invalidating token (%s)", token) )
+
+	state = uci.cursor(nil, "/var/state")
+	state_name = "token_" .. token
+	
+	client_mac = state:get("fbwifi", state_name, "mac")
+
+	if client_mac then
+		RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
+		RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
+
+		-- verify a rule exists for the given client MAC, 
+		--  AND delete it
+		RULE=string.format(RULE_COND.." && "..RULE_FMT, client_mac, "D", client_mac)
+
+		res = os.execute(RULE)
+		if res ~= 0 then 
+			log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
+		end
+		log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
+
+		state:delete("fbwifi", state_name)
+		state:save('fbwifi')
+	else
+		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Client MAC not found in DB (%s)", state_name ) )
+	end
+end
+
+function fbwifi.reset()
+
+	local success = false
+        GATEWAY_TOKEN = fbwifi.gateway_token()
+        URL="https://api.fbwifi.com/v2.0/gateway/reset"
+	BODY="{}"
+        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+        if code==200 then
+                log.syslog(log.LOG_INFO, "[fbwifi] Reset committed")
+                success = true
+        else
+                log.syslog(log.LOG_WARNING, "[fbwifi] Reset failed : "..body)
+        end
+
+	return success
+end
+
+--
+-- Return the function table to the host script
+--
+return fbwifi

feeds/facebook/fbwifi/files/usr/lib/lua/luci/controller/fbwifi.lua

@@ -0,0 +1,12 @@
+-- Copyright 
+-- Licensed to the public under the GNU General Public License v2.
+
+module("luci.controller.fbwifi", package.seeall)
+
+sys = require "luci.sys"
+ut = require "luci.util"
+
+function index()
+    entry({"admin", "network", "fbwifi"}, template("fbwifi"), "Facebook Wi-Fi", 90).dependent=false
+end
+

feeds/facebook/fbwifi/files/usr/lib/lua/luci/view/fbwifi.htm

@@ -0,0 +1,16 @@
+<%#
+ Copyright
+ Licensed to the public under the GNU General Public License v2.
+-%>
+
+<%+header%>
+
+<h1>Facebook Wi-Fi</h1>
+<%
+	require("uci")
+	state = uci.cursor(nil, "/var/state")
+	url = state:get("fbwifi", "main", "captive_portal_config_url")
+%>
+<a href="<% print(url) %>">Configure FB business page</a>
+
+<%+footer%>

feeds/facebook/fbwifi/files/usr/sbin/fbwifi

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+case "$1" in
+disable)
+	uci set fbwifi.main.enabled=0
+
+	uci delete firewall.fbwifi
+
+	uci delete uhttpd.fbwifi_redirect
+
+	uci delete uhttpd.main.json_script
+	uci set uhttpd.main.cert='/etc/uhttpd.crt'
+	uci set uhttpd.main.key='/etc/uhttpd.key'
+	uci set uhttpd.main.rfc1918_filter=1
+	;;
+enable)
+	uci set fbwifi.main.enabled=1
+
+	uci set firewall.fbwifi=include
+	uci set firewall.fbwifi.enabled=1
+	uci set firewall.fbwifi.family=ipv4
+	uci set firewall.fbwifi.path=/usr/share/fbwifi/firewall.include
+	uci set firewall.fbwifi.reload=1
+	uci set firewall.fbwifi.type=script
+
+	uci set uhttpd.fbwifi_redirect=uhttpd
+	uci set uhttpd.fbwifi_redirect.enabled=1
+	uci set uhttpd.fbwifi_redirect.cert='/tmp/fbwifi/https_server_cert'
+	uci set uhttpd.fbwifi_redirect.json_script='/tmp/fbwifi/uhttpd-redirect.json'
+	uci set uhttpd.fbwifi_redirect.key='/tmp/fbwifi/https_server_key'
+	uci set uhttpd.fbwifi_redirect.listen_http='0.0.0.0:2060'
+	uci set uhttpd.fbwifi_redirect.listen_https='0.0.0.0:2061'
+
+	uci set uhttpd.main.cert='/tmp/fbwifi/https_server_cert'
+	uci set uhttpd.main.json_script='/usr/share/fbwifi/uhttpd.json'
+	uci set uhttpd.main.key='/tmp/fbwifi/https_server_key'
+	uci set uhttpd.main.rfc1918_filter=0
+	;;
+reload)
+	/usr/sbin/fbwifi_get_config
+
+	login_url=$(uci -p /var/state get fbwifi.main.captive_portal_url)
+	[ -z "$login_url" ] && {
+		logger -t fbwifi "captive_portal_url not available yet"
+		exit 1
+	}
+	printf '{ "request": [ ["redirect", "%s", 302] ] }' "$login_url" > /tmp/fbwifi/uhttpd-redirect.json
+
+	/etc/init.d/uhttpd restart
+
+	exit 0
+	;;
+esac
+
+uci commit
+/etc/init.d/uhttpd restart
+reload_config

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_debug_dump

@@ -0,0 +1,8 @@
+echo -e "Runtime configuration and token DB\n"
+uci -p /var/state export fbwifi
+
+echo -e "\nDynamic firewall flow rules\n"
+iptables -t mangle -L FBWIFI_CLIENT_TO_INTERNET
+
+echo -e "\nDHCP leases\n"
+cat /tmp/dhcp.leases

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_gateway_info_update

@@ -0,0 +1,38 @@
+#!/usr/bin/lua
+
+http = require("ssl.https")
+json = require("cjson")
+log = require("posix.syslog")
+socket = require("socket")
+require("uci")
+fbwifi = require("fbwifi")
+
+GATEWAY_TOKEN = fbwifi.gateway_token()
+state = uci.cursor(nil, "/var/state")
+
+payload="name="..socket.dns.gethostname()
+
+function queue_ssid_update(iface)
+	bssid_file="/sys/class/net/br-"..iface["network"].."/address"
+	local file = io.open(bssid_file)
+        if file then
+            for line in file:lines() do
+		payload=payload.."&bssid[]="..line
+            end
+	    payload=payload.."ssid[]="..iface["ssid"]
+        else
+	    log.syslog(log.LOG_WARNING, "[fbwifi] Failed to find BSSID for interface br-"..iface["network"])
+        end
+end
+
+state:foreach("wireless", "wifi-iface", queue_ssid_update)
+
+URL="https://api.fbwifi.com/v2.0/gateway"
+body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, payload)
+if code == 200 then 
+	log.syslog(log.LOG_INFO, "[fbwifi] gateway information updated "..body)
+	os.exit(0)
+else
+	log.syslog(log.LOG_WARNING, "[fbwifi] gateway API failed "..body)
+	os.exit(code)
+end

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_get_config

@@ -0,0 +1,106 @@
+#!/usr/bin/lua
+http = require("ssl.https")
+json = require("cjson")
+require("uci")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+http_port = uci.get("fbwifi.main.http_port")
+https_port = uci.get("fbwifi.main.https_port")
+
+state = uci.cursor(nil, "/var/state")
+
+URL="https://api.fbwifi.com/v2.0/gateway"
+body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN.."&fields=config,config_version")
+
+if code == 200 then
+	log.syslog(log.LOG_INFO, "[fbwifi] Got gateway config ("..code..")")
+else
+	log.syslog(log.LOG_CRIT, "[fbwifi] Failed to get gateway config ("..code..")")
+	os.exit(1)
+end
+
+obj = json.decode(body)
+
+function save_cert(name, value)
+	log.syslog(log.LOG_INFO, "[fbwifi] Saving cert "..name)
+	local f = assert(io.open("/tmp/fbwifi/"..name, "w"))
+	f:write(value)
+	f:close()
+end
+
+function process_redirect(ix, host)
+	IP_SET = "ip addr replace dev lo "..host
+	local result = os.execute(IP_SET)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Redirect address applied "..host)
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to apply redirect address "..host)
+	end
+
+	ip = string.match(host, '([0-9\.]*)/([0-9]*)')
+	RULE_FMT="grep -q \"%s\" /etc/hosts || echo \"%s\tstar.fbwifigateway.net\" >> /etc/hosts"
+	HOSTS_RULE = string.format(RULE_FMT, ip, ip)
+	result = os.execute(HOSTS_RULE)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Cached redirect host for DNS")
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to amend /etc/hosts")
+		log.syslog(log.LOG_INFO, "[fbwifi] "..HOSTS_RULE)
+	end
+
+	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 80 -d "..ip.." -j ACCEPT # REDIRECT --to-ports "..http_port)
+	--print(result)
+	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 443 -d "..ip.."  -j ACCEPT # REDIRECT --to-ports "..https_port)
+	--print(result)
+end
+
+save_cert("https_server_cert", obj['config']['https_server_cert'])
+save_cert("https_server_key", obj['config']['https_server_key'])
+
+result = os.execute("iptables -t nat -F FBWIFI_HOST_REDIRLIST")
+--print(result)
+table.foreach(obj['config']['host_redirect_ips'], process_redirect)
+
+RULE_FORMAT = "iptables -t mangle -A FBWIFI_TRAFFIC_ALLOWLIST -d %s -p %s --dport %s -j MARK --set-mark 0xfb"
+function process_traffic_rule(ix, rule)
+	log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
+	
+	if rule["protocol"] == 6 then
+		PROTO = "tcp"
+	elseif rule["protocol"] == 17 then
+		PROTO = "udp"
+	end
+	RULE = string.format(RULE_FORMAT, rule["ip"], PROTO, rule["port"])
+	local result = os.execute(RULE)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to install traffic rule ; "..RULE)
+	end
+end
+
+local cross_origin_list = {}
+function process_cross_origin_rule(ix, url)
+	log.syslog(log.LOG_INFO, "[fbwifi] Cross origin rule "..url)
+	table.insert(cross_origin_list, url)
+end
+
+function process_url(url_purpose, fqdn)
+	log.syslog(log.LOG_INFO, "[fbwifi] Caching "..url_purpose)
+	state:set("fbwifi", "main", url_purpose, fqdn)	
+end
+
+state:set("fbwifi", "main", "config")
+
+result = os.execute("iptables -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST ")
+--print(result)
+table.foreach(obj['config']['traffic_allowlist'], process_traffic_rule)
+table.foreach(obj['config']['cross_origin_allowlist'], process_cross_origin_rule)
+table.foreach(obj['config']['urls'], process_url)
+state:set("fbwifi", "main", "cross_origin_allow_rules", cross_origin_list)
+
+state:set("fbwifi", "main", "config_version", obj['config_version'])
+state:save('fbwifi')

feeds/facebook/fbwifi/files/usr/sbin/fbwifi_validate_token_db

@@ -0,0 +1,75 @@
+#!/usr/bin/lua
+
+https = require("ssl.https")
+json = require("cjson")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+require("uci")
+
+state = uci.cursor(nil, "/var/state")
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+request = { 
+	tokens = {}, 
+	traffic_type = "total",
+	config_version = state:get("fbwifi", "main", "config_version")
+}
+
+function queue_token(client)
+
+	request.tokens[client.token]={
+		incoming = json.null,
+		outgoing = json.null,
+		connected_time_sec = json.null,
+		inactive_time_sec = json.null,
+		signal_rssi_dbm = json.null,
+		--expected_tpus_mbps = json.null,
+		is_connected = true
+	}
+
+end
+
+state:foreach("fbwifi", "client", queue_token)
+print( "\nRequest:\n"..json.encode(request) )
+
+URL="https://api.fbwifi.com/v2.0/tokens"
+BODY=string.format(
+	"tokens=%s&traffic_type=%s&config_version=%s",
+	json.encode(request.tokens),
+	"'total'",
+	state:get("fbwifi", "main", "config_version")
+)
+
+body, code, headers = https.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+if code then
+	print( "\nResponse:\n"..body )
+end
+
+response = json.decode(body)
+--print(response)
+--table.foreach(response,print)
+--table.foreach(response.tokens,print)
+
+if response.config_valid then
+	log.syslog(log.LOG_INFO, "[fbwifi] Config validated")
+else
+	log.syslog(log.LOG_WARNING, "[fbwifi] config is stale, refreshing config")
+        local result = os.execute("/usr/sbin/fbwifi reload")
+        if result == 0 then
+                log.syslog(log.LOG_INFO, "[fbwifi] successfully fetched and loaded new config ")
+        else
+                log.syslog(log.LOG_WARNING, "[fbwifi] failed to fetch and load new config, possible stale config")
+        end
+end
+
+function process_token(token, metadata)
+	table.foreach(metadata,print)
+	if metadata.valid then
+		print("OK: "..token)	
+	else
+		print("Nok: "..token)	
+		fbwifi.revoke_client_rule( token )
+	end
+end
+table.foreach(response.tokens,process_token)

feeds/facebook/fbwifi/files/usr/share/fbwifi/firewall.include

@@ -0,0 +1,67 @@
+#!/bin/sh
+
+IPT4="/usr/sbin/iptables"
+
+fbwifi_http_port="$(uci get fbwifi.main.http_port)"
+[ -n "$fbwifi_http_port" ] || {
+	logger -t fbwifi "required option http_port not set"
+	exit 1
+}
+
+fbwifi_https_port="$(uci get fbwifi.main.https_port)"
+[ -n "$fbwifi_https_port" ] || {
+	logger -t fbwifi "required option https_port not set"
+	exit 1
+}
+
+fbwifi_zone="$(uci get fbwifi.main.zone)"
+[ -n "$fbwifi_zone" ] || {
+	logger -t fbwifi "required option zone  not set"
+	exit 1
+}
+
+fbwifi_ifaces="$(fw3 -q zone "$fbwifi_zone")"
+
+## Create custom chains
+$IPT4 -t filter -N FBWIFI_FORWARD 2>/dev/null
+$IPT4 -t filter -N FBWIFI_INPUT 2>/dev/null
+$IPT4 -t mangle -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
+$IPT4 -t mangle -N FBWIFI_PREROUTING 2>/dev/null
+$IPT4 -t mangle -N FBWIFI_TRAFFIC_ALLOWLIST 2>/dev/null
+$IPT4 -t nat -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
+$IPT4 -t nat -N FBWIFI_PREROUTING 2>/dev/null
+$IPT4 -t nat -N FBWIFI_HOST_REDIRLIST 2>/dev/null
+
+## Flush custom chains
+$IPT4 -t filter -F FBWIFI_FORWARD
+$IPT4 -t filter -F FBWIFI_INPUT
+$IPT4 -t mangle -F FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t mangle -F FBWIFI_PREROUTING
+$IPT4 -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST
+$IPT4 -t nat -F FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t nat -F FBWIFI_PREROUTING
+$IPT4 -t nat -F FBWIFI_HOST_REDIRLIST
+
+## Populate custom chains
+$IPT4 -t filter -A FBWIFI_FORWARD -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+$IPT4 -t filter -A FBWIFI_FORWARD -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+$IPT4 -t filter -A FBWIFI_FORWARD -j REJECT
+$IPT4 -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_http_port" -m conntrack --ctstate NEW -j ACCEPT
+$IPT4 -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_https_port"  -m conntrack --ctstate NEW -j ACCEPT
+$IPT4 -t mangle -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t mangle -A FBWIFI_PREROUTING -j FBWIFI_TRAFFIC_ALLOWLIST
+$IPT4 -t nat -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+$IPT4 -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j REDIRECT --to-ports "$fbwifi_http_port"
+
+## Hook custom chains in firewall3 chains
+$IPT4 -t filter -I "zone_${fbwifi_zone}_input" 2 -j FBWIFI_INPUT
+$IPT4 -t filter -I "zone_${fbwifi_zone}_forward" 2 -j FBWIFI_FORWARD
+$IPT4 -t nat -I "zone_${fbwifi_zone}_prerouting" 2 -j FBWIFI_PREROUTING
+# There are no firewall3 zone chains in the mangle table so we need to do this for all interfaces in the zone
+for iface in $fbwifi_ifaces; do
+	$IPT4 -t mangle -I PREROUTING -i "$iface" -j FBWIFI_PREROUTING
+done

feeds/facebook/fbwifi/files/usr/share/fbwifi/uhttpd.json

@@ -0,0 +1,8 @@
+{
+  "request": [
+    [ "if",
+      [ "regex", "REQUEST_URI", "^/fbwifi" ],
+      [ "rewrite", "/cgi-bin%REQUEST_URI%" ]
+    ]
+  ]
+}

feeds/facebook/fbwifi/files/www/cgi-bin/fbwifi/v2.0/auth

@@ -0,0 +1,69 @@
+#!/usr/bin/lua
+require("uci")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+
+state = uci.cursor(nil, "/var/state")
+function process_cors()
+	origin = os.getenv("HTTP_ORIGIN")
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] [auth] process_cors origin %s", origin or 'not found') )
+	if string.len(origin or '') > 0 then
+		allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
+		for _, value in pairs(allow_list) do
+    			if value == origin then
+				log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors Appending CORS Headers to HTTP")
+				print("Access-Control-Allow-Origin: "..origin)
+				print("Vary: Origin")
+				break
+			end
+		end
+	else	
+		log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors No CORS Headers added to Response")
+	end
+end
+
+method = os.getenv("REQUEST_METHOD")
+if method == 'GET' then
+	log.syslog(log.LOG_INFO, "[fbwifi] [auth] GET handler")
+	print("Status: 302")
+	print("Location: "..state:get("fbwifi", "main", "landing_page_url"))
+	process_cors()
+	print ('\n')
+
+elseif method == 'POST' then
+	local token
+	
+	log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler")
+	process_cors()
+	print("Status: 200")
+
+	form_data=io.read()
+	while form_data do
+		token = string.match(form_data, '[%d]+')
+		if string.len(token or '') > 14 then
+
+			client = os.getenv("REMOTE_ADDR")
+			f = io.popen("awk '/"..client.."/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+			client_mac = assert(f:read('*a'))
+
+			if fbwifi.validate_token(token) then
+                                log.syslog(log.LOG_INFO, string.format( "[fbwifi] [auth] POST handler : Validating Token (%s) for MAC (%s)", token or 'nil', client_mac or 'nil') )
+				fbwifi.instate_client_rule(token, client_mac)
+				print("\n{\"valid\":true}\n")
+			else
+                                log.syslog(log.LOG_WARNING, string.format( "[fbwifi] [auth] POST handler : ! Invalid token (%s) for mac (%s) !", token or 'nil', client_mac or 'nil') )
+				fbwifi.revoke_client_rule(token)
+				print("\n{\"valid\":false}\n")
+			end
+			log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler completed")
+			return
+		end
+
+		form_data=io.read()
+	end
+	print ('\n')
+
+	log.syslog(log.LOG_WARNING, string.format("[fbwifi] [auth] POST handler : token not found" ))
+	fbwifi.revoke_client_rule(token)
+	print("\n{\"valid\":false}\n")
+end

feeds/facebook/fbwifi/files/www/cgi-bin/fbwifi/v2.0/capport

@@ -0,0 +1,41 @@
+#!/usr/bin/lua
+json = require("cjson")
+require("uci")
+
+state = uci.cursor(nil, "/var/state")
+client_mac = ""
+token = ""
+
+response = {}
+response['venue-info-url'] = state:get("fbwifi", "main", "capport_venue_info_url")
+
+function map_remote_mac_to_token(client)
+        for key, value in pairs(client) do
+                if
+                        key == 'mac' and
+                        value == client_mac
+                then
+			token = client.token
+                        return false
+                end
+        end
+end
+
+function hasValidToken(client_ip)
+	f = io.popen("awk '/"..client_ip.."/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+	client_mac = assert(f:read('*a'))
+	state:foreach("fbwifi", "client", map_remote_mac_to_token)
+
+	return 0 < string.len(token)
+end
+
+print("Content-type: application/captive+json; charset=utf-8\n")
+
+client = os.getenv("REMOTE_ADDR")
+response['captive'] = not hasValidToken(client)
+
+if response['captive'] then
+	response['user-portal-url'] = state:get("fbwifi", "main", "captive_portal_url")
+end
+
+print( json.encode(response) )

feeds/facebook/fbwifi/files/www/cgi-bin/fbwifi/v2.0/info

@@ -0,0 +1,58 @@
+#!/usr/bin/lua
+require "luci.cacheloader"
+require "luci.sgi.cgi"
+json = require("cjson")
+fbwifi = require("fbwifi")
+
+state = uci.cursor(nil, "/var/state")
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+response = { api_version = "2.0", token = json.null }
+client_mac = ""
+
+function process_cors()
+        origin = os.getenv("HTTP_ORIGIN")
+        if string.len(origin or '') > 0 then
+                allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
+                for _, value in pairs(allow_list) do
+                        if value == origin then
+                                print("Access-Control-Allow-Origin: "..origin)
+                                print("Vary: Origin")
+                                break
+                        end
+                end
+        end
+end
+
+function map_remote_mac_to_token(client)
+
+	for key, value in pairs(client) do
+		if
+			key == 'mac' and
+			value == client_mac
+		then
+			response.token = client.token
+			return false -- escape outer loop
+		end
+	end
+end
+
+function getClientToken(client_ip)
+	f = io.popen("awk '/"..client_ip.."/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+	client_mac = assert(f:read('*a'))
+
+	state:foreach("fbwifi", "client", map_remote_mac_to_token)
+end
+
+function getGatewayId()
+	id = string.match(GATEWAY_TOKEN, 'FBWIFI:GATEWAY|[0-9]*|([0-9]*)')
+	return id
+end
+
+process_cors()
+print("Content-type: application/json; charset=utf-8\n")
+
+getClientToken(os.getenv("REMOTE_ADDR"))
+response.gateway_id = getGatewayId()
+
+print( json.encode(response) )

feeds/openflow/openvswitch/Config.in

@@ -0,0 +1,8 @@
+menu "Configuration"
+	depends on PACKAGE_openvswitch
+
+	config	OPENVSWITCH_WITH_LIBUNBOUND
+		bool
+		default y
+		prompt "Build with libunbound library."
+endmenu

feeds/openflow/openvswitch/Makefile

@@ -17,10 +17,10 @@ include ./openvswitch.mk
 #
 PKG_NAME:=openvswitch
 PKG_VERSION:=$(ovs_version)
-PKG_RELEASE:=1
+PKG_RELEASE:=6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
-PKG_HASH:=7d5797f2bf2449c6a266149e88f72123540f7fe7f31ad52902057ae8d8f88c38
+PKG_HASH:=55e3b7e59b3e52eeecccc783266be39780e1f693c0a974f180b4ec8256f48d6a
 
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
@@ -40,6 +40,9 @@ include $(INCLUDE_DIR)/package.mk
 include $(TOPDIR)/feeds/packages/lang/python/python3-host.mk
 include $(TOPDIR)/feeds/packages/lang/python/python3-package.mk
 
+define Package/openvswitch/config
+source "$(SOURCE)/Config.in"
+endef
 
 ovs_kmod_packages:=
 ovs_kmod_intree_kernel_patchver_min:=3.10
@@ -150,8 +153,11 @@ $(eval $(call OvsKmodPackageTemplate,openvswitch-lisp-intree))
 #
 ovs_libopenvswitch_title:=Open vSwitch (libopenvswitch.so)
 ovs_libopenvswitch_hidden:=1
-ovs_libopenvswitch_depends:=+libopenssl +libunbound +!(arc||arceb):libunwind
+ovs_libopenvswitch_depends:=+libopenssl +!(arc||arceb):libunwind
 ovs_libopenvswitch_depends+=+libatomic
+ifeq ($(CONFIG_KEEPALIVED_ROUTES),y)
+ovs_libopenvswitch_depends+=+libunbound
+endif
 ovs_libopenvswitch_files:=usr/lib/libopenvswitch*.so*
 $(eval $(call OvsPackageTemplate,libopenvswitch))
 
@@ -243,6 +249,7 @@ CONFIGURE_ARGS+= \
 	--disable-silent-rules \
 
 CONFIGURE_VARS += \
+	$(if $(CONFIG_OPENVSWITCH_WITH_LIBUNBOUND),,ac_cv_lib_unbound_ub_ctx_create=no) \
 	ovs_cv_flake8=no \
 	ovs_cv_python3=$(PYTHON3) \
 	ovs_cv_python3_host=$(HOST_PYTHON3_BIN) \

feeds/openflow/openvswitch/README.md

@@ -63,17 +63,42 @@ E.g. replace in-tree datapath module with upstream version
 
 # UCI configuration options
 
-There are 4 config section types in package openvswitch:
+There are 5 config section types in package openvswitch:
 ovs ovn_northd, ovn_controller & ovs_bridge.
 
 Each of these supports a disabled option, which should be 
 set to 0 to launch the respective daemons.
 
+The ovs section section also supports the options below, to configure a set of
+SSL CA, certificate and private key. After adding these to Open vSwitch, you
+may specify ssl: connection methods for e.g. the OpenFlow controller. Note that
+Open vSwitch only reads these files during startup, so it needs to be restarted
+after adding or changing these options.
+
+| Name     | Type    | Required | Default | Description                       |
+|----------|---------|----------|---------|-----------------------------------|
+| disabled | boolean | no       | 0       | If set to 1, do not configure SSL |
+| ca       | string  | no       | (none)  | Path to CA certificate            |
+| cert     | string  | no       | (none)  | Path to certificate               |
+| key      | string  | no       | (none)  | Path to private key               |
+
 The ovs_bridge section also supports the options below,
 for initialising a virtual bridge with an OpenFlow controller.
 
-| Name       | Type    | Required | Default                        | Description                                                |
-|------------|---------|----------|--------------------------------|------------------------------------------------------------|
-| disabled   | boolean | no       | 0                              | If set to true, disable initialisation of the named bridge |
-| name       | string  | no       | Inherits UCI config block name | The name of the switch in the OVS daemon                   |
-| controller | string  | no       | (none)                         | The endpoint of an OpenFlow controller for this bridge     |
+| Name        | Type    | Required | Default                        | Description                                                |
+|-------------|---------|----------|--------------------------------|------------------------------------------------------------|
+| disabled    | boolean | no       | 0                              | If set to true, disable initialisation of the named bridge |
+| name        | string  | no       | Inherits UCI config block name | The name of the switch in the OVS daemon                   |
+| controller  | string  | no       | (none)                         | The endpoint of an OpenFlow controller for this bridge     |
+| datapath_id | string  | no       | (none)                         | The OpenFlow datapath ID for this bridge                   |
+
+The ovs_port section can be used to add ports to a bridge. It supports the options below.
+
+| Name     | Type    | Required | Default | Description
+| ---------|---------|----------|---------|------------------------------------------------|
+| disabled | boolean | no       | 0       | If set to 1, do not add the port to the bridge |
+| bridge   | string  | yes      | (none)  | Name of the bridge to add the port to          |
+| port     | string  | yes      | (none)  | Name of the port to add to the bridge          |
+| ofport   | integer | no       | (none)  | OpenFlow port number to be used by the port    |
+| tag      | integer | no       | (none)  | 802.1Q VLAN tag to set on the port             |
+| type     | string  | no       | (none)  | Port type, e.g. internal, erspan, type, ...    |

feeds/openflow/openvswitch/files/openvswitch.config

@@ -1,5 +1,8 @@
 config ovs ovs
 	option disabled 1
+	option ca '/etc/openvswitch/example_ca.crt'
+	option cert '/etc/openvswitch/example_cert.crt'
+	option key '/etc/openvswitch/example_key.crt'
 
 config ovn_northd north
 	option disabled 1
@@ -10,4 +13,13 @@ config ovn_controller controller
 config ovs_bridge
 	option disabled 1
 	option name 'my-bridge'
-	option controller 'tcp:192.168.0.1'
+	option controller 'tcp:192.168.0.1'
+	option datapath_id ''
+
+config ovs_port
+	option disabled 1
+	option bridge 'my-bridge'
+	option port 'ovs-port1'
+	option ofport '1'
+	option tag '123'
+	option type 'internal'

feeds/openflow/openvswitch/files/openvswitch.init

@@ -7,6 +7,8 @@
 . /lib/functions/procd.sh
 START=15
 
+basescript=$(readlink "$initscript")
+
 ovs_ctl="/usr/share/openvswitch/scripts/ovs-ctl"; [ -x "$ovs_ctl" ] || ovs_ctl=:
 ovn_ctl="/usr/share/ovn/scripts/ovn-ctl"; [ -x "$ovn_ctl" ] || ovn_ctl=:
 
@@ -59,7 +61,12 @@ ovs_action() {
 		config_foreach "ovs_xx" "$cfgtype" "$action" "$cfgtype"
 	done
 
-	config_foreach ovs_bridge_init "ovs_bridge"
+	case "$action" in
+		restart|start)
+			config_foreach ovs_bridge_init "ovs_bridge"
+			;;
+	esac
+
 }
 
 ovs_xx() {
@@ -83,6 +90,7 @@ ovs_xx() {
 		ovs)
 			"$ovs_ctl" "$action" \
 				--system-id=random 1000>&-
+			ovs_set_ssl
 			;;
 		ovn_*)
 			"$ovn_ctl" "${action}_${cfgtype#ovn_}"
@@ -116,6 +124,47 @@ ovs_bridge_port_add() {
 	__port_list="$__port_list ${port} "
 }
 
+ovs_bridge_port_add_complex() {
+	local cfg="$1"
+	local cur_bridge="$2"
+
+	local bridge disabled ofport port tag type
+	local cur_tag cur_type del_port
+
+	config_get_bool disabled "$cfg" disabled 0
+	[ "$disabled" = "0" ] || return
+
+	config_get bridge "$cfg" bridge
+	[ "$bridge" = "$cur_bridge" ] || return
+	ovs-vsctl br-exists "$bridge" || return
+
+	config_get port "$cfg" port
+	[ -n "$port" ] || return
+
+	config_get ofport "$cfg" ofport
+
+	config_get tag "$cfg" tag
+	if [ -n "$tag" ]; then
+		if cur_tag="$(ovs-vsctl get port "$port" tag 2>/dev/null)"; then
+			[ "$tag" = "$cur_tag" ] || del_port=1
+		fi
+	fi
+
+	config_get type "$cfg" type
+	if [ -n "$type" ]; then
+		if cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"; then
+			[ "$type" = "$cur_type" ] || del_port=1
+		fi
+	fi
+
+	[ "${del_port:-0}" -eq 1 ] && ovs-vsctl --if-exists del-port "$bridge" "$port"
+
+	ovs-vsctl --may-exist add-port "$bridge" "$port" ${tag:+tag="$tag"} \
+		${ofport:+ -- set interface "$port" ofport_request="$ofport"} \
+		${type:+ -- set interface "$port" type="$type"}
+	__port_list="$__port_list ${port} "
+}
+
 ovs_bridge_port_cleanup() {
 	for port in `ovs-vsctl list-ports "$name"`; do
 		case "$__port_list" in
@@ -125,12 +174,26 @@ ovs_bridge_port_cleanup() {
 	done
 }
 
+ovs_bridge_validate_datapath_id() {
+	local dpid="$1"
+
+	if expr "$dpid" : '[[:xdigit:]]\{16\}$' > /dev/null; then
+		return 0
+	elif expr "$dpid" : '0x[[:xdigit:]]\{1,16\}$' > /dev/null; then
+		return 0
+	else
+		logger -t openvswitch "invalid datapath_id: $dpid"
+		return 1
+	fi
+}
+
 ovs_bridge_init() {
 	local cfg="$1"
 
 	local disabled
 	local name
 	local controller
+	local datapath_id
 
 	config_get_bool disabled "$cfg" disabled 0
 	[ "$disabled" == "0" ] || return
@@ -138,7 +201,15 @@ ovs_bridge_init() {
 	config_get name "$cfg" name $cfg
 	ovs-vsctl --may-exist add-br "$name"
 
+	config_get datapath_id "$cfg" datapath_id
+	[ -n "$datapath_id" ] && {
+		ovs_bridge_validate_datapath_id "$datapath_id" && {
+			ovs-vsctl --if-exists set bridge "$name" other-config:datapath-id="$datapath_id"
+		}
+	}
+
 	config_list_foreach "$cfg" "ports" ovs_bridge_port_add
+	config_foreach ovs_bridge_port_add_complex ovs_port "$name"
 	config_get_bool drop "$cfg" "drop_unknown_ports" 0
 	[ "$drop" == 1 ] && ovs_bridge_port_cleanup
 
@@ -146,3 +217,14 @@ ovs_bridge_init() {
 	[ -n "$controller" ] && \
 		ovs-vsctl set-controller "$name" "$controller"
 }
+
+ovs_set_ssl() {
+	local ca="$(uci -q get openvswitch.ovs.ca)"
+	[ -f "$ca" ] || return
+	local cert="$(uci get openvswitch.ovs.cert)"
+	[ -f "$cert" ] || return
+	local key="$(uci get openvswitch.ovs.key)"
+	[ -f "$key" ] || return
+
+	ovs-vsctl set-ssl "$key" "$cert" "$ca"
+}

feeds/openflow/openvswitch/openvswitch.mk

@@ -5,7 +5,7 @@
 
 # Versions
 
-ovs_version:=2.15.0
+ovs_version:=2.16.0
 ovs_builddir=$(KERNEL_BUILD_DIR)/openvswitch-$(ovs_version)
 
 # Shared vars, macros

feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch

@@ -22,7 +22,7 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
  BUILT_SOURCES =
 --- a/m4/openvswitch.m4
 +++ b/m4/openvswitch.m4
-@@ -383,6 +383,8 @@ else:
+@@ -372,6 +372,8 @@ else:
       AC_MSG_ERROR([Python 3.4 or later is required but not found in $PATH, please install it or set $PYTHON3 to point to it])
     fi
     AC_ARG_VAR([PYTHON3])

feeds/openflow/openvswitch/patches/0004-build-trim-build.patch

@@ -10,7 +10,7 @@ Signed-off-by: Yousong Zhou <zhouyousong@yunionyun.com>
 
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -475,12 +475,10 @@ dist-docs:
+@@ -477,12 +477,10 @@ dist-docs:
  	VERSION=$(VERSION) MAKE='$(MAKE)' $(srcdir)/build-aux/dist-docs $(srcdir) $(docs)
  .PHONY: dist-docs
  

feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch

@@ -32,7 +32,7 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
  Cflags: -I${includedir}/openvswitch
 --- a/m4/openvswitch.m4
 +++ b/m4/openvswitch.m4
-@@ -657,7 +657,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND],
+@@ -646,7 +646,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND],
    [AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes], [HAVE_UNBOUND=no])
     if test "$HAVE_UNBOUND" = yes; then
       AC_DEFINE([HAVE_UNBOUND], [1], [Define to 1 if unbound is detected.])
@@ -42,7 +42,7 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
     fi
     AM_CONDITIONAL([HAVE_UNBOUND], [test "$HAVE_UNBOUND" = yes])
     AC_SUBST([HAVE_UNBOUND])])
-@@ -669,7 +670,8 @@ AC_DEFUN([OVS_CHECK_UNWIND],
+@@ -658,7 +659,8 @@ AC_DEFUN([OVS_CHECK_UNWIND],
     [HAVE_UNWIND=no])
     if test "$HAVE_UNWIND" = yes; then
       AC_DEFINE([HAVE_UNWIND], [1], [Define to 1 if unwind is detected.])

feeds/third-party/chilli-redirect/Makefile

@@ -0,0 +1,35 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=chilli-redirect
+PKG_RELEASE:=1
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/chilli-redirect
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Chilli-Redirect
+endef
+
+define Package/chilli-redirect/description
+ Chilli Captive portal redirect support.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile/Default
+
+endef
+Build/Compile = $(Build/Compile/Default)
+
+define Package/chilli-redirect/install
+	$(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,chilli-redirect))

feeds/third-party/chilli-redirect/files/etc/uci-defaults/99-chilli

@@ -0,0 +1,23 @@
+#!/bin/sh
+rm /etc/config/chilli
+cat > /etc/config/chilli <<EOF
+config chilli
+	option disabled '0'
+	option domain 'lan'
+	option uamanydns '1'
+	option lease '900'
+	option redir '1'
+	option papalwaysok '1'
+	option adminupdatefile '/var/run/chilli/local.conf'
+	option wwwdir '/etc/chilli/www'
+	option wwwbin '/etc/chilli/wwwsh'
+	option conup '/etc/chilli/conup.sh'
+	option condown '/etc/chilli/condown.sh'
+	option ipup '/etc/chilli/up.sh'
+	option ipdown '/etc/chilli/down.sh'
+	option cmdsocket '/var/run/chilli/chilli.sock'
+	option unixipc 'ipc.sock'
+	option pidfile '/var/run/chilli/chilli.pid'
+	option kname 'chilli'
+	option debug 0
+EOF

feeds/third-party/chilli-redirect/files/usr/share/ucentral/templates/third-party/chilli-redirect.uc

@@ -0,0 +1,55 @@
+{%
+let interfaces = services.lookup_interfaces("chilli-redirect");
+let enable = length(interfaces);
+services.set_enabled("chilli", enable);
+if (!enable)
+	return;
+let name = ethernet.calculate_name(interfaces[0]);
+let keys = {
+	uamport: 3990,
+	radiusauthport: 1812,
+	radiusacctport: 1813,
+	radiusserver1: false,
+	radiusserver2: false,
+	radiusnasid: false,
+	uamallowed: false,
+	uamdomain: false,
+	defidletimeout: 0,
+	definteriminterval: 300,
+	acctupdate: 9,
+	uamserver: false,
+	radiussecret: false,
+	nasmac: false,
+	macauth: false,
+	macpassword: false,
+};
+
+function get_value(key, value) {
+	if (key in chilli_redirect)
+		return chilli_redirect[key];
+
+	return value ? value : '';
+}
+
+%}
+
+set chilli.@chilli[0].dhcpif='{{ name }}'
+
+{% if (interfaces[0].role == "upstream"): %}
+set chilli.@chilli[0].net='198.18.0.0/255.255.254.0'
+set chilli.@chilli[0].statip='198.18.0.0/255.255.254.0'
+set chilli.@chilli[0].uamlisten='198.18.0.1'
+set chilli.@chilli[0].uamanyip='1'
+set chilli.@chilli[0].dns1='198.18.0.1'
+set chilli.@chilli[0].nasip='198.18.0.1'
+{% else %}
+set chilli.@chilli[0].net='10.0.0.0/255.255.254.0'
+set chilli.@chilli[0].statip='10.0.0.0/255.255.254.0'
+set chilli.@chilli[0].uamlisten='10.0.0.1'
+set chilli.@chilli[0].dns1='10.0.0.1'
+set chilli.@chilli[0].nasip='10.0.0.1'
+{% endif %}
+
+{% for (let k, v in keys): %}
+set chilli.@chilli[0].{{ k }}='{{ get_value(k, v) }}'
+{% endfor %}

feeds/third-party/coova-chilli/Config.in

@@ -0,0 +1,48 @@
+# CoovaChilli advanced configuration
+
+if PACKAGE_coova-chilli
+
+config COOVACHILLI_PROXY
+	bool "Enable support for chilli proxy. Required for AAA Proxy through http"
+	default n
+
+config COOVACHILLI_REDIR
+	bool "Enable support for redir server. Required for uamregex"
+	default n
+
+config COOVACHILLI_MINIPORTAL
+	bool "Enable support Coova miniportal"
+	default n
+
+config COOVACHILLI_USERAGENT
+	bool "Enable recording user-agent"
+	default n
+
+config COOVACHILLI_UAMDOMAINFILE
+	bool "Enable loading of mass uamdomains from file"
+	default n
+
+config COOVACHILLI_LARGELIMITS
+	bool "Enable larger limits for use with non-embedded systems"
+	default n
+
+config COOVACHILLI_JSONINTERFACE
+	bool "Enable the JSON interface for the CoovaChilli Controller"
+	default n
+
+choice
+	prompt "SSL library"
+	default COOVACHILLI_NOSSL
+
+config COOVACHILLI_NOSSL
+	bool "No SSL support"
+
+config COOVACHILLI_WOLFSSL
+	bool "wolfSSL"
+
+config COOVACHILLI_OPENSSL
+	bool "OpenSSL"
+
+endchoice
+
+endif

feeds/third-party/coova-chilli/Makefile

@@ -0,0 +1,153 @@
+#
+# Copyright (C) 2007-2018 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=coova-chilli
+PKG_VERSION:=1.5
+PKG_RELEASE:=4
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/coova/coova-chilli/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=75e15fd00a870b8a95df1440977c688a05a109f90b57bf679b931101d427d0fb
+
+PKG_MAINTAINER:=Jaehoon You <teslamint@gmail.com>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=0
+
+PKG_CONFIG_DEPENDS:= \
+  COOVACHILLI_JSONINTERFACE \
+  COOVACHILLI_LARGELIMITS \
+  COOVACHILLI_MINIPORTAL \
+  COOVACHILLI_NOSSL \
+  COOVACHILLI_OPENSSL \
+  COOVACHILLI_PROXY \
+  COOVACHILLI_REDIR \
+  COOVACHILLI_UAMDOMAINFILE \
+  COOVACHILLI_USERAGENT \
+  COOVACHILLI_WOLFSSL \
+  IPV6
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+define Package/coova-chilli
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+kmod-tun +librt +COOVACHILLI_MINIPORTAL:haserl \
+  +COOVACHILLI_WOLFSSL:libwolfssl +COOVACHILLI_OPENSSL:libopenssl \
+  +COOVACHILLI_JSONINTERFACE:libjson-c
+  TITLE:=Wireless LAN HotSpot controller (Coova Chilli Version)
+  URL:=https://coova.github.io/
+  MENU:=1
+endef
+
+define Package/coova-chilli/description
+	CoovaChilli is an open source access controller for wireless LAN
+	access points and is based on ChilliSpot. It is used for authenticating
+	users of a wireless (or wired) LAN. It supports web based login (UAM)
+	which is today's standard for public HotSpots and it supports Wireless
+	Protected Access (WPA) which is the standard of the future.
+	Authentication,	authorization and accounting (AAA) is handled by your
+	favorite radius server.
+endef
+
+define Package/coova-chilli/config
+  source "$(SOURCE)/Config.in"
+endef
+
+define KernelPackage/ipt-coova
+  URL:=http://www.coova.org/CoovaChilli
+  SUBMENU:=Netfilter Extensions
+  DEPENDS:=coova-chilli +kmod-ipt-core +libxtables
+  TITLE:=Coova netfilter module
+  FILES:=$(PKG_BUILD_DIR)/src/linux/xt_*.$(LINUX_KMOD_SUFFIX)
+  AUTOLOAD:=$(call AutoProbe,xt_coova)
+endef
+
+define KernelPackage/ipt-coova/description
+	Netfilter kernel module for CoovaChilli
+	Includes:
+	- coova
+endef
+
+DISABLE_NLS=
+
+TARGET_CFLAGS += $(FPIC) -Wno-error
+
+CONFIGURE_VARS += \
+       ARCH="$(LINUX_KARCH)" \
+       KERNEL_DIR="$(LINUX_DIR)"
+
+MAKE_FLAGS += \
+       ARCH="$(LINUX_KARCH)" \
+       KERNEL_DIR="$(LINUX_DIR)"
+
+MAKE_INSTALL_FLAGS += \
+       ARCH="$(LINUX_KARCH)" \
+       KERNEL_DIR="$(LINUX_DIR)" \
+       INSTALL_MOD_PATH="$(PKG_INSTALL_DIR)"
+
+define Build/Prepare
+$(call Build/Prepare/Default)
+	( cd $(PKG_BUILD_DIR) ; \
+		[ -f ./configure ] || { \
+			./bootstrap ; \
+		} \
+	)
+endef
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+	$(if $(CONFIG_COOVACHILLI_PROXY),--enable,--disable)-chilliproxy \
+	$(if $(CONFIG_COOVACHILLI_REDIR),--enable,--disable)-chilliredir \
+	$(if $(CONFIG_COOVACHILLI_MINIPORTAL),--enable,--disable)-miniportal \
+	$(if $(CONFIG_COOVACHILLI_USERAGENT),--enable,--disable)-useragent \
+	$(if $(CONFIG_COOVACHILLI_LARGELIMITS),--enable,--disable)-largelimits \
+	$(if $(CONFIG_COOVACHILLI_JSONINTERFACE),--enable,--disable)-libjson \
+	$(if $(CONFIG_COOVACHILLI_JSONINTERFACE),--enable,--disable)-json \
+	$(if $(CONFIG_COOVACHILLI_UAMDOMAINFILE),--enable,--disable)-uamdomainfile \
+	$(if $(CONFIG_IPV6),--with,--without)-ipv6 \
+	$(if $(CONFIG_COOVACHILLI_WOLFSSL),--with,--without)-cyassl \
+	$(if $(CONFIG_COOVACHILLI_OPENSSL),--with,--without)-openssl \
+	$(if $(CONFIG_PACKAGE_kmod-ipt-coova),--with-nfcoova) \
+	--enable-chilliredir\
+	)
+endef
+
+define Package/coova-chilli/conffiles
+/etc/config/chilli
+endef
+
+define Package/coova-chilli/install
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/chilli.conf $(1)/etc/
+	$(INSTALL_DIR) $(1)/etc/chilli
+	$(CP) $(PKG_INSTALL_DIR)/etc/chilli/* $(1)/etc/chilli/
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DATA) ./files/chilli.hotplug $(1)/etc/hotplug.d/iface/30-chilli
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/chilli* $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/
+	$(if $(CONFIG_PACKAGE_kmod-ipt-coova), \
+		$(INSTALL_DIR) $(1)/usr/lib/iptables; \
+		$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib*.so $(1)/usr/lib/iptables/ \
+	)
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) files/chilli.init $(1)/etc/init.d/chilli
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) files/chilli.config $(1)/etc/config/chilli
+endef
+
+$(eval $(call BuildPackage,coova-chilli))
+$(eval $(call KernelPackage,ipt-coova))

feeds/third-party/coova-chilli/files/chilli.config

@@ -0,0 +1,226 @@
+#
+# Sample Coova-Chilli configuration file
+#
+
+config chilli
+    # disable to running chilli. remove this option before running.
+    option disabled 1
+
+    # name of TUN device name. required.
+    option tundev 'tun0'
+
+    # name of network interface
+    option network ''
+
+    # Include this flag to include debug information.
+    #option debug 1
+
+    # Re-read configuration file at this interval. Will also cause new domain
+    # name lookups to be performed. Value is given in seconds.
+    #option interval 3600
+
+    # Directory to use for nonvolatile storage.
+    # The program must have write access to this directory.
+    # this option is currently ignored
+    #option statedir ./
+
+
+    # TUN parameters
+
+    # IP network address of external packet data network
+    # Used to allocate dynamic IP addresses and set up routing.
+    # Normally you do not need to uncomment this option.
+    #option net 192.168.182.0/24
+
+    # Dynamic IP address pool
+    # Used to allocate dynamic IP addresses to clients.
+    # If not set it defaults to the net tag.
+    # Do not uncomment this option unless you are an experienced user!
+    #option dynip 192.168.182.0/24
+
+    # Static IP address pool
+    # Used to allocate static IP addresses to clients.
+    # Do not uncomment this option unless you are an experienced user!
+    #option statip 192.168.182.0/24
+
+
+    # Primary DNS server.
+    # Will be suggested to the client.
+    # If omitted the system default will be used.
+    # Normally you do not need to uncomment this option.
+    #option dns1 172.16.0.5
+
+    # Secondary DNS server.
+    # Will be suggested to the client.
+    # If omitted the system default will be used.
+    # Normally you do not need to uncomment this option.
+    #option dns2 172.16.0.6
+
+    # Domain name
+    # Will be suggested to the client.
+    # Normally you do not need to uncomment this option.
+    #option domain key.chillispot.org
+
+    # Script executed after network interface has been brought up.
+    # Executed with the following parameters: <devicename> <ip address>
+    # <mask>
+    # Normally you do not need to modify this option.
+    option ipup /etc/chilli/up.sh
+
+    # Script executed after network interface has been taken down.
+    # Executed with the following parameters: <devicename> <ip address>
+    # <mask>
+    # Normally you do not need to modify this option.
+    option ipdown /etc/chilli/down.sh
+
+
+    # Radius parameters
+
+    # IP address to listen to
+    # Normally you do not need to uncomment this option.
+    #option radiuslisten 127.0.0.1
+
+    # IP address of radius server 1
+    # For most installations you need to modify this option.
+    option radiusserver1 rad01.chillispot.org
+
+    # IP address of radius server 2
+    # If you have only one radius server you should set radiusserver2 to the
+    # same value as radiusserver1.
+    # For most installations you need to modify this option.
+    option radiusserver2 rad02.chillispot.org
+
+    # Radius authentication port
+    # The UDP port number to use for radius authentication requests.
+    # The same port number is used for both radiusserver1 and radiusserver2.
+    # Normally you do not need to uncomment this option.
+    #option radiusauthport 1812
+
+    # Radius accounting port
+    # The UDP port number to use for radius accounting requests.
+    # The same port number is used for both radiusserver1 and radiusserver2.
+    # Normally you do not need to uncomment this option.
+    #option radiusacctport 1813
+
+    # Radius shared secret for both servers
+    # For all installations you should modify this option.
+    #option radiussecret testing123
+
+    # Radius NAS-Identifier
+    # Normally you do not need to uncomment this option.
+    #option radiusnasid nas01
+
+    # WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
+    # cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
+    # Normally you do not need to uncomment this option.
+    #option radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport
+
+    # WISPr Location Name. Should be in the format:
+    # <HOTSPOT_OPERATOR_NAME>,<LOCATION>
+    # Normally you do not need to uncomment this option.
+    #option radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport
+
+
+    # Radius proxy parameters
+
+    # IP address to listen to
+    # Normally you do not need to uncomment this option.
+    #option proxylisten 10.0.0.1
+
+    # UDP port to listen to.
+    # If not specified a port will be selected by the system
+    # Normally you do not need to uncomment this option.
+    #option proxyport 1645
+
+    # Client(s) from which we accept radius requests
+    # Normally you do not need to uncomment this option.
+    #option proxyclient 10.0.0.1/24
+
+    # Radius proxy shared secret for all clients
+    # If not specified defaults to radiussecret
+    # Normally you do not need to uncomment this option.
+    #option proxysecret testing123
+
+
+    # DHCP Parameters
+
+    # Ethernet interface to listen to.
+    # This is the network interface which is connected to the access points.
+    # In a typical configuration this option should be set to eth1.
+    option dhcpif eth1
+
+    # Use specified MAC address.
+    # An address in the range  00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
+    # within the IANA range of addresses and is not allocated for other
+    # purposes.
+    # Normally you do not need to uncomment this option.
+    #option dhcpmac 00:00:5E:00:02:00
+
+    # Time before DHCP lease expires
+    # Normally you do not need to uncomment this option.
+    #option lease 600
+
+
+    # Universal access method (UAM) parameters
+
+    # URL of web server handling authentication.
+    option uamserver https://radius.chillispot.org/hotspotlogin
+
+    # URL of welcome homepage.
+    # Unauthenticated users will be redirected to this URL. If not specified
+    # users will be redirected to the uamserver instead.
+    # Normally you do not need to uncomment this option.
+    #option uamhomepage http://192.168.182.1/welcome.html
+
+    # Shared between chilli and authentication web server
+    #option uamsecret ht2eb8ej6s4et3rg1ulp
+
+    # IP address to listen to for authentication requests
+    # Do not uncomment this option unless you are an experienced user!
+    #option uamlisten 192.168.182.1
+
+    # TCP port to listen to for authentication requests
+    # Do not uncomment this option unless you are an experienced user!
+    #option uamport 3990
+
+    # Comma separated list of domain names, IP addresses or network segments
+    # the client can access without first authenticating.
+    # It is possible to specify this option multiple times.
+    # Normally you do not need to uncomment this option.
+    #option uamallowed www.chillispot.org,10.11.12.0/24
+
+    # Comma separated list of domain names
+    # the client can access without first authenticating.
+    # It is possible to specify this option multiple times.
+    # Normally you do not need to uncomment this option.
+    #option uamdomain .chillispot.org,.coova.org
+
+    # If this flag is given unauthenticated users are allowed to use
+    # any DNS server.
+    # Normally you do not need to uncomment this option.
+    #option uamanydns
+
+
+    # MAC authentication
+
+    # If this flag is given users will be authenticated only on their MAC
+    # address.
+    # Normally you do not need to uncomment this option.
+    #option macauth
+
+    # List of MAC addresses.
+    # The MAC addresses specified in this list will be authenticated only on
+    # their MAC address.
+    # this option is ignored if the macauth tag is given.
+    # It is possible to specify this option multiple times.
+    # Normally you do not need to uncomment this option.
+    #option macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9
+
+    # Password to use for MAC authentication.
+    # Normally you do not need to uncomment this option.
+    #option macpasswd password
+
+    # Suffix to add to MAC address in order to form the username.
+    # Normally you do not need to uncomment this option.
+    #option macsuffix suffix
+

feeds/third-party/coova-chilli/files/chilli.hotplug

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+[ "$ACTION" == "ifup" ] || exit 0
+
+[ "$INTERFACE" = "wan" ] && {
+	/etc/init.d/chilli restart
+}

feeds/third-party/coova-chilli/files/chilli.init

@@ -0,0 +1,93 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+STOP=89
+USE_PROCD=1
+
+service_triggers() {
+	procd_add_reload_trigger "chilli"
+}
+
+config_cb() {
+	chilli_conf="/var/run/chilli_${2}.conf"
+	[ -e "$chilli_conf" ] && rm -f "$chilli_conf"
+}
+
+option_cb() {
+	case "$1" in
+		# ignored/internal settings
+		disabled)
+			;;
+		# UCI settings
+		network)
+			. /lib/functions/network.sh
+			local ifname
+			network_get_device ifname "$2"
+			echo "dhcpif=\"$ifname\"" >> "$chilli_conf"
+			;;
+		# boolean settings
+		acctupdate|chillixml|coanoipcheck|debug|dhcpbroadcast|dhcpmacset|dhcpnotidle|\
+		dhcpradius|dnsparanoia|domaindnslocal|eapolenable|fg|forgiving|framedservice|\
+		ieee8021q|injectwispr|ipv6|ipv6only|layer3|locationcopycalled|\
+		locationimmediateupdate|locationopt82|locationstopstart|macallowlocal|\
+		macauth|macauthdeny|macreauth|mmapring|mschapv2|noarpentries|noc2c|nochallenge|\
+		nodynip|noradallow|nosystemdns|nouamsuccess|nousergardendata|nowispr1|nowispr2|\
+		only8021q|openidauth|papalwaysok|patricia|postauthproxyssl|proxymacaccept|\
+		proxyonacct|radiusoriginalurl|radsec|redir|redirdnsreq|redirssl|redirurl|reload|\
+		routeonetone|scalewin|seskeepalive|statusfilesave|strictdhcp|strictmacauth|\
+		swapoctets|uamallowpost|uamanydns|uamanyip|uamauthedallowed|uamgardendata|\
+		uamnatanyip|uamotherdata|uamuissl|usetap|vlanlocation|wpaguests)
+			[ "$2" = "true" -o "$2" = "1" ] && echo "$1" >> "$chilli_conf"
+			;;
+		*)
+			echo "$1=\"$2\"" >> "$chilli_conf"
+			;;
+	esac
+}
+
+start_chilli() {
+	local cfg="$1"
+	local base="/var/run/chilli_${cfg}"
+
+	config_get_bool disabled "$1" 'disabled' 0
+	[ $disabled = 1 ] && return
+
+	procd_open_instance "$cfg"
+	procd_set_param command /usr/sbin/chilli
+	procd_set_param file "$chilli_conf"
+	procd_append_param command \
+		--fg \
+		--conf "${base}.conf" \
+		--pidfile "${base}.pid" \
+		--cmdsocket "${base}.sock" \
+		--unixipc "${base}.ipc"
+	procd_set_param respawn
+	procd_set_param stdout 1
+	procd_set_param stderr 1
+	procd_close_instance
+}
+
+start_service() {
+	config_load chilli
+	config_foreach start_chilli chilli
+}
+
+stop_service() {
+	rm -f /var/run/chilli_*
+}
+
+reload_chilli() {
+	local pid
+	local cfg="$1"
+	local base="/var/run/chilli_${cfg}"
+	if [ -f "${base}.pid" ]; then
+		pid="$(cat "${base}.pid")"
+		[ -f "/var/run/chilli.${pid}.cfg.bin" ] && rm -f "/var/run/chilli.${pid}.cfg.bin"
+		chilli_query -s "${base}.sock" reload
+	fi
+}
+
+reload_service() {
+	config_load chilli
+	config_foreach reload_chilli chilli
+}

feeds/third-party/coova-chilli/patches/100-fix_compile_kmod.patch

@@ -0,0 +1,13 @@
+--- a/src/linux/Makefile
++++ b/src/linux/Makefile
+@@ -25,8 +25,8 @@ lib%.o: lib%.c
+ 	$(CC) $(CFLAGS) -fPIC -O2 -Wall -D_INIT=lib$*_init -c -o $@ $<;
+ 
+ install: modules_install libxt_coova.so
+-	mkdir -p $(DESTDIR)/lib/xtables/
+-	cp libxt_coova.so $(DESTDIR)/lib/xtables/
++	mkdir -p $(DESTDIR)/usr/lib/iptables/
++	cp libxt_coova.so $(DESTDIR)/usr/lib/iptables/
+ 
+ distdir:
+ 

feeds/third-party/coova-chilli/patches/200-wolfssl.patch

@@ -0,0 +1,53 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -397,7 +397,7 @@ AC_ARG_WITH([cyassl],
+  [AS_HELP_STRING([--with-cyassl], [enable support for cyassl])],[],[with_cyassl=no])
+ 
+ AS_IF([test x"$with_cyassl" != xno],
+-  [AC_CHECK_LIB([cyassl], [CyaSSL_Init],
++  [AC_CHECK_LIB([cyassl], [wolfSSL_Init],
+               [AC_SUBST([LIBSSL], ["-lcyassl"])
+                AC_DEFINE([HAVE_CYASSL], [1],
+                          [Define if you have cyassl])
+--- a/src/ippool.c
++++ b/src/ippool.c
+@@ -35,6 +35,7 @@ int ippool_print(int fd, struct ippool_t
+   char * sep = "-- %-15s ------------------------------------------------------------\n";
+ 
+ #define ERR 0
++#undef USED /* defined in <wolfssl/wolfcrypt/integer.h> */
+ #define USED 1
+ #define FREE 2
+ #define LIST 3
+--- a/src/md5.h
++++ b/src/md5.h
+@@ -35,7 +35,6 @@
+ #define MD5Update MD5_Update
+ #define MD5Final MD5_Final
+ 
+-typedef struct CYASSL_MD5_CTX MD5_CTX;
+ #else
+ 
+ struct MD5Context {
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -131,7 +131,7 @@ _openssl_env_init(openssl_env *env, char
+    */
+   const long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
+   env->meth = SSLv23_method();
+-  env->ctx = SSL_CTX_new(env->meth);
++  env->ctx = SSL_CTX_new((void *)env->meth);
+   SSL_CTX_set_options(env->ctx, options);
+   if (_options.sslciphers) {
+     SSL_CTX_set_cipher_list(env->ctx, _options.sslciphers);
+--- a/src/ssl.h
++++ b/src/ssl.h
+@@ -48,6 +48,8 @@ typedef struct {
+ #include <time.h>
+ #include <string.h>
+ 
++#define OPENSSL_NO_ENGINE
++#include <cyassl/options.h>
+ #include <cyassl/ssl.h>
+ #include <cyassl/openssl/bio.h>
+ #include <cyassl/openssl/crypto.h>

feeds/third-party/coova-chilli/patches/300-sysinfo.patch

@@ -0,0 +1,23 @@
+From 196b783b5ea7f8d6cf57ddbd41dc1881ef47a1c4 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Wed, 11 Dec 2019 19:33:58 -0800
+Subject: [PATCH] system.h: Fix compilation with kernel 4.19 + musl
+
+<linux/netlink.h> includes <linux/sysinfo.h> , which redefines struct sysinfo, leading to an error.
+Define the linux header as included to solve compilation.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ src/system.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/system.h
++++ b/src/system.h
+@@ -114,6 +114,7 @@
+ 
+ #ifdef HAVE_SYS_SYSINFO_H
+ #include <sys/sysinfo.h>
++#define _LINUX_SYSINFO_H
+ #else
+ #ifdef HAVE_LINUX_SYSINFO_H
+ #define _LINUX_KERNEL_H

feeds/third-party/coova-chilli/patches/400-fix-version.patch

@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -2,7 +2,7 @@
+ # Process this file with autoconf to produce a configure script.
+ 
+ AC_PREREQ([2.59])
+-AC_INIT([coova-chilli],[1.4],[https://github.com/coova/coova-chilli/issues])
++AC_INIT([coova-chilli],[1.5],[https://github.com/coova/coova-chilli/issues])
+ AC_CONFIG_SRCDIR([src/chilli.c])
+ 
+ AM_INIT_AUTOMAKE

feeds/tip/firstcontact/files/usr/share/ucentral/firstcontact.uc

@@ -43,8 +43,11 @@ if (!config.Redirector) {
 
 function store_config(path) {
 	let cursor = uci.cursor(path);
+	let redir = split(config.Redirector, ":");
+
 	cursor.load("ucentral");
-	cursor.set("ucentral", "config", "server", config.Redirector);
+	cursor.set("ucentral", "config", "server", redir[0]);
+	cursor.set("ucentral", "config", "port", redir[1] || 15002);
 	cursor.commit();
 }
 

feeds/tip/firstcontact/src/firstcontact.c

@@ -1,5 +1,6 @@
 #define _GNU_SOURCE
 #include <stdio.h>
+#include <unistd.h>
 #include <getopt.h>
 
 #include <curl/curl.h>
@@ -20,6 +21,8 @@ int main(int argc, char **argv)
 	char *devid = NULL;
 	char *url;
 
+	alarm(15);
+
 	while (1) {
 		int option = getopt(argc, argv, "k:c:o:hi:");
 
@@ -85,6 +88,7 @@ int main(int argc, char **argv)
 	curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
 	curl_easy_setopt(curl, CURLOPT_SSLKEY, file_key);
 	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
+	curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L);
 
 	res = curl_easy_perform(curl);
 	if (res != CURLE_OK)

feeds/ucentral/poco/Makefile

@@ -1,110 +0,0 @@
-#
-# Copyright (C) 2007-2016 OpenWrt.org
-# Copyright (C) 2017 Daniel Engberg <daniel.engberg.lists@pyret.net>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=poco
-PKG_RELEASE:=2
-PKG_VERSION:=1.10.1
-
-ifeq ($(BUILD_VARIANT),all)
-_PKG_VERSION:=${PKG_VERSION}-all
-PKG_HASH:=2cde4b50778013ab3b7a522aa59bccaa7e85a8ccfc654a354c4d9611b6ce1758
-else
-_PKG_VERSION:=${PKG_VERSION}
-PKG_HASH:=a0a5a03d87c585f1a43def33bfc52c0c34a528e43a7b13bc83841a7c00adde39
-endif
-
-PKG_SOURCE:=$(PKG_NAME)-$(_PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=https://pocoproject.org/releases/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_LICENSE:=BSL-1.0
-PKG_LICENSE_FILES:=LICENSE
-PKG_CPE_ID:=cpe:/a:pocoproject:poco
-
-PKG_BUILD_PARALLEL:=1
-PKG_INSTALL:=1
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(_PKG_VERSION)
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-define Package/poco
-  SECTION:=libs
-  CATEGORY:=Libraries
-  TITLE:=Poco C++ libraries
-  URL:=https://www.pocoproject.org/
-  DEPENDS:=+libstdcpp +libpthread +librt @!arc
-  MAINTAINER:=Jean-Michel Julien <jean-michel.julien@trilliantinc.com>
-  VARIANT:=minimal
-endef
-
-define Package/poco/description
-  POrtable COmponents, a modern and powerful open source C++ class libraries
-  and frameworks for building network and internet-based applications that
-  run on desktop, server and embedded systems.
-endef
-
-define Package/poco-all
-  $(call Package/poco)
-  SECTION:=libs
-  CATEGORY:=Libraries
-  TITLE+=(Complete Edition)
-  DEPENDS+=+libopenssl
-  VARIANT:=all
-endef
-
-define Package/poco-all/description
-  POrtable COmponents, a modern and powerful open source C++ class libraries
-  and frameworks for building network and internet-based applications that
-  run on desktop, server and embedded systems. The Complete Edition contains
-  all libraries.
-endef
-
-CONFIGURE_ARGS += \
-	--config=Linux \
-	--no-tests \
-	--no-samples \
-	--no-fpenvironment \
-	--no-sharedmemory \
-	--no-wstring \
-	--shared
-
-ifeq ($(BUILD_VARIANT),all)
-	CONFIGURE_ARGS += \
-		--typical
-	POCO_LIBS={Foundation,XML,JSON,Net,Util,Crypto,NetSSL,Encodings,Util,Data,DataSQLite,JWT}
-else
-	CONFIGURE_ARGS += \
-		--poquito \
-		--minimal
-	POCO_LIBS={Foundation,XML,JSON,Net,Util}
-endif
-
-define Package/poco/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libPoco$(POCO_LIBS).so* $(1)/usr/lib/
-endef
-
-define Package/poco-all/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libPoco$(POCO_LIBS).so* $(1)/usr/lib/
-endef
-
-define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/include
-	$(CP) $(PKG_INSTALL_DIR)/usr/include/Poco $(1)/usr/include/
-
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libPoco$(POCO_LIBS).so* $(1)/usr/lib/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/cmake $(1)/usr/lib/
-endef
-
-
-$(eval $(call BuildPackage,poco))
-$(eval $(call BuildPackage,poco-all))

feeds/ucentral/poco/patches/100-configure.patch

@@ -1,15 +0,0 @@
---- a/configure
-+++ b/configure
-@@ -237,9 +237,9 @@ while [ $# -ge 1 ]; do
- 		;;
- 
- 	*)
--		showhelp
--		exit 1
--		;;
-+#		showhelp
-+#		exit 1
-+#		;;
- 	esac
- 
-  	shift

feeds/ucentral/poco/patches/200-strerror.patch

@@ -1,11 +0,0 @@
---- a/Foundation/src/Error.cpp
-+++ b/Foundation/src/Error.cpp
-@@ -70,7 +70,7 @@ namespace Poco {
- 
- #if (_XOPEN_SOURCE >= 600) || POCO_OS == POCO_OS_ANDROID || __APPLE__
- 			setMessage(strerror_r(err, _buffer, sizeof(_buffer)));
--#elif _GNU_SOURCE
-+#elif (_GNU_SOURCE && (defined __GLIBC__ || defined __UCLIBC__))
- 			setMessage(strerror_r(err, _buffer, sizeof(_buffer)));
- #else
- 			setMessage(strerror(err));

feeds/ucentral/poco/patches/300-fp-support-environments-without-hardware-floating-po.patch

@@ -1,122 +0,0 @@
-From: =?utf-8?q?Andr=C3=A9_Draszik?= <git@andred.net>
-Date: Wed, 22 Mar 2017 11:07:16 +0000
-Subject: fp: support environments without hardware floating point
-
-| cd <build>/Foundation && \
-|    mipsel-poky-linux-musl-g++   -DFoundation_EXPORTS -DHAVE_PTHREAD_SETAFFINITY_NP -DHAVE_THREE_PARAM_SCHED_SETAFFINITY \
-|         -DPCRE_STATIC -DPOCO_HAVE_FD_EPOLL -DPOCO_NO_AUTOMATIC_LIBS -DPOCO_OS_FAMILY_UNIX -DPOCO_UNBUNDLED \
-|         -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -D_REENTRANT -D_THREAD_SAFE -D_XOPEN_SOURCE=500 \
-|         -I<sysroot>/usr/include -I<poco>/Foundation/include -I<poco>/Foundation/src  \
-|         -mel -mabi=32 -msoft-float -march=mips32r2 -mno-mips16  -minterlink-compressed -mtune=24kec -mdsp  \
-|         --sysroot=<sysroot> -O2 -pipe -g -feliminate-unused-debug-types \
-|         -fstack-protector-strong -pie -fpie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security \
-|         -fvisibility-inlines-hidden  -mel -mabi=32 -msoft-float -march=mips32r2 -mno-mips16  -minterlink-compressed \
-|         -mtune=24kec -mdsp  --sysroot=<sysroot> -O2 -g -DNDEBUG -fPIC   \
-|         -o CMakeFiles/Foundation.dir/src/ArchiveStrategy.cpp.o \
-|         -c <poco>/Foundation/src/ArchiveStrategy.cpp
-| In file included from <poco>/Foundation/include/Poco/FPEnvironment.h:33:0,
-|                  from <poco>/Foundation/include/Poco/NumericString.h:25,
-|                  from <poco>/Foundation/include/Poco/NumberFormatter.h:24,
-|                  from <poco>/Foundation/include/Poco/ArchiveStrategy.h:27,
-|                  from <poco>/Foundation/src/ArchiveStrategy.cpp:17:
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:36:30: error: 'FE_DOWNWARD' was not declared in this scope
-|    FP_ROUND_DOWNWARD_IMPL   = FE_DOWNWARD,
-|                               ^~~~~~~~~~~
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:37:30: error: 'FE_UPWARD' was not declared in this scope
-|    FP_ROUND_UPWARD_IMPL     = FE_UPWARD,
-|                               ^~~~~~~~~
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:39:30: error: 'FE_TOWARDZERO' was not declared in this scope
-|    FP_ROUND_TOWARDZERO_IMPL = FE_TOWARDZERO
-|                               ^~~~~~~~~~~~~
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:43:28: error: 'FE_DIVBYZERO' was not declared in this scope
-|    FP_DIVIDE_BY_ZERO_IMPL = FE_DIVBYZERO,
-|                             ^~~~~~~~~~~~
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:44:28: error: 'FE_INEXACT' was not declared in this scope
-|    FP_INEXACT_IMPL        = FE_INEXACT,
-|                             ^~~~~~~~~~
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:45:28: error: 'FE_OVERFLOW' was not declared in this scope
-|    FP_OVERFLOW_IMPL       = FE_OVERFLOW,
-|                             ^~~~~~~~~~~
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:46:28: error: 'FE_UNDERFLOW' was not declared in this scope
-|    FP_UNDERFLOW_IMPL      = FE_UNDERFLOW,
-|                             ^~~~~~~~~~~~
-| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:47:28: error: 'FE_INVALID' was not declared in this scope
-|    FP_INVALID_IMPL        = FE_INVALID
-|                             ^~~~~~~~~~
-
-The reason is that some (notably FPU-less) architectures,
-including mips*-nf, don't define/implement some of the
-floating point constants, even though fenv.h is
-available.
-
-The key point is:
-  A fully standards conforming fenv.h does not have to
-  define any FE_* macros, and if it does define them,
-  then it defines macros only for the FP exceptions it
-  actually supports.
-
-See similar issue in boost:
-  https://svn.boost.org/trac/boost/ticket/11756
----
- Foundation/include/Poco/FPEnvironment_C99.h | 36 +++++++++++++++++++++++++++++
- 1 file changed, 36 insertions(+)
-
-diff --git a/Foundation/include/Poco/FPEnvironment_C99.h b/Foundation/include/Poco/FPEnvironment_C99.h
-index 0b192f5..402e6af 100644
---- a/Foundation/include/Poco/FPEnvironment_C99.h
-+++ b/Foundation/include/Poco/FPEnvironment_C99.h
-@@ -31,18 +31,54 @@ class FPEnvironmentImpl
- protected:
- 	enum RoundingModeImpl
- 	{
-+#if defined(FE_DOWNWARD)
- 		FP_ROUND_DOWNWARD_IMPL   = FE_DOWNWARD,
-+#else
-+		FP_ROUND_DOWNWARD_IMPL   = 0,
-+#endif
-+#if defined(FE_UPWARD)
- 		FP_ROUND_UPWARD_IMPL     = FE_UPWARD,
-+#else
-+		FP_ROUND_UPWARD_IMPL     = 0,
-+#endif
-+#if defined(FE_TONEAREST)
- 		FP_ROUND_TONEAREST_IMPL  = FE_TONEAREST,
-+#else
-+		FP_ROUND_TONEAREST_IMPL  = 0,
-+#endif
-+#if defined(FE_TOWARDZERO)
- 		FP_ROUND_TOWARDZERO_IMPL = FE_TOWARDZERO
-+#else
-+		FP_ROUND_TOWARDZERO_IMPL = 0
-+#endif
- 	};
- 	enum FlagImpl
- 	{
-+#if defined(FE_DIVBYZERO)
- 		FP_DIVIDE_BY_ZERO_IMPL = FE_DIVBYZERO,
-+#else
-+		FP_DIVIDE_BY_ZERO_IMPL = 0,
-+#endif
-+#if defined(FE_INEXACT)
- 		FP_INEXACT_IMPL        = FE_INEXACT,
-+#else
-+		FP_INEXACT_IMPL        = 0,
-+#endif
-+#if defined(FE_OVERFLOW)
- 		FP_OVERFLOW_IMPL       = FE_OVERFLOW,
-+#else
-+		FP_OVERFLOW_IMPL       = 0,
-+#endif
-+#if defined(FE_UNDERFLOW)
- 		FP_UNDERFLOW_IMPL      = FE_UNDERFLOW,
-+#else
-+		FP_UNDERFLOW_IMPL      = 0,
-+#endif
-+#if defined(FE_INVALID)
- 		FP_INVALID_IMPL        = FE_INVALID
-+#else
-+		FP_INVALID_IMPL        = 0
-+#endif
- 	};
- 	FPEnvironmentImpl();
- 	FPEnvironmentImpl(const FPEnvironmentImpl& env);

feeds/ucentral/switch-fabric/Makefile

@@ -0,0 +1,34 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=switch-fabric
+PKG_RELEASE:=1
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/switch-fabric
+  SECTION:=ucentral
+  CATEGORY:=uCentral
+  TITLE:=switch-fabric
+endef
+
+define Package/switch-fabric/description
+ Allow configuring HW specific switch fabric features.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile/Default
+
+endef
+Build/Compile = $(Build/Compile/Default)
+
+define Package/switch-fabric/install
+	$(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,switch-fabric))

feeds/ucentral/switch-fabric/files/etc/init.d/switch-fabric

@@ -0,0 +1,19 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+USE_PROCD=1
+PROG=/usr/libexec/switch.sh
+
+reload_service() {
+	restart
+}
+
+service_triggers() {
+	procd_add_reload_trigger switch
+}
+
+start_service() {
+	procd_open_instance
+	procd_set_param command "$PROG"
+	procd_close_instance
+}

feeds/ucentral/switch-fabric/files/usr/libexec/switch.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+port_mirror() {
+	for lan in $(ls -d /sys/class/net/lan* | cut -dn -f3 |sort -n); do
+		tc qdisc del dev lan$lan clsact
+	done
+
+	monitor=$(uci get switch.mirror.monitor)
+	analysis=$(uci get switch.mirror.analysis)
+
+	[ -n "$monitor" -a -n "$analysis" ] || return
+
+	ifconfig $analysis up
+	for port in $monitor; do
+		tc qdisc add dev $port clsact
+		tc filter add dev $port ingress matchall skip_sw action mirred egress mirror dev $analysis
+		tc filter add dev $port egress matchall skip_sw action mirred egress mirror dev $analysis
+	done
+}
+
+port_mirror

feeds/ucentral/ucentral-client/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-client.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=6e51960fe1d803ef93363882c9e11a75fc1c1805
+PKG_SOURCE_VERSION:=8cfed4cd068a3c08795ce08099993a66a1a1f1cf
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

feeds/ucentral/ucentral-schema/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=b3c69b5ff1c57ac5b9b0e2f9359ea1f7b4b12d4c
+PKG_SOURCE_VERSION:=8dd7c83a1c7a290edf0575cbcba450d3bc91bbbe
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/loop-detect.json

@@ -0,0 +1,104 @@
+{
+	"uuid": 2,
+	"radios": [
+		{
+			"band": "2G",
+			"country": "CA",
+			"channel-mode": "HE",
+			"channel-width": 80,
+			"channel": 32
+		}
+	],
+
+	"switch": {
+		"loop-detection": {
+			"roles": [ "downstream" ]
+		}
+	},
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"services": [ "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"2G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "psk2",
+						"key": "OpenWifi",
+						"ieee80211w": "optional"
+					}
+				}
+			]
+		},
+		{
+			"name": "LAN",
+			"role": "downstream",
+			"services": [ "ssh", "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"LAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "static",
+				"subnet": "192.168.1.1/24",
+				"dhcp": {
+					"lease-first": 10,
+					"lease-count": 100,
+					"lease-time": "6h"
+				}
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"2G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "psk2",
+						"key": "OpenWifi",
+						"ieee80211w": "optional"
+					}
+				}
+			]
+
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"lldp": {
+			"describe": "uCentral",
+			"location": "universe"
+		},
+		"ssh": {
+			"port": 22
+		}
+	}
+}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/switch-fabric.json

@@ -0,0 +1,46 @@
+{
+	"uuid": 2,
+
+	"switch": {
+		"port-mirror": {
+			"monitor-ports": [ "WAN2" ],
+			"analysis-port": "WAN3"
+		}
+	},
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"services": [ "lldp", "ssh" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			}
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"lldp": {
+			"describe": "uCentral",
+			"location": "universe"
+		},
+		"ssh": {
+			"port": 22
+		}
+	}
+}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/switch-ports.json

@@ -0,0 +1,63 @@
+{
+	"uuid": 2,
+
+	"ethernet": [
+		{
+			"select-ports": [
+				"WAN1"
+			],
+			"speed": 100,
+			"duplex": "half"
+		},
+		{
+			"select-ports": [
+				"WAN2"
+			],
+			"speed": 1000,
+			"duplex": "full"
+		},
+		{
+			"select-ports": [
+				"WAN3"
+			],
+			"speed": 100,
+			"duplex": "half"
+		}
+	],
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"services": [ "lldp", "ssh" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			}
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"lldp": {
+			"describe": "uCentral",
+			"location": "universe"
+		},
+		"ssh": {
+			"port": 22
+		}
+	}
+}

feeds/ucentral/ucentral-wifi/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-wifi.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-04-13
-PKG_SOURCE_VERSION:=a7e2f706d37a6e0b996d2af49c3b8663becb3f08
+PKG_SOURCE_VERSION:=b47ad92ff36faacbf4047904a9971f7361262a06
 #PKG_MIRROR_HASH:=a8000b3cf43ce9ebfa7305661475fec98ec1dba2dc7b062028c2e17d7c2ec50b
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

feeds/ucentral/ucentralgw/Makefile

@@ -1,52 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=ucentralgw
-PKG_RELEASE:=1
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL=git@github.com:Telecominfraproject/wlan-cloud-ucentralgw.git
-PKG_SOURCE_DATE:=2021-03-28
-PKG_SOURCE_VERSION:=555b5fefc6337f6bc7eab9988b2d05fdc76b2381
-CMAKE_INSTALL:=1
-
-PKG_LICENSE:=BSD-3-Clause
-PKG_MAINTAINER:=John Crispin <john@phrozen.org>
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-CMAKE_SHARED_LDFLAGS=""
-
-define Package/ucentralgw
-  SECTION:=ucentral
-  CATEGORY:=uCentral
-  DEPENDS:=+libstdcpp +poco-all +boost +boost-system +libyaml-cpp +zlib
-  TITLE:= uCentral Gateway
-endef
-
-define Package/mdadm/conffiles
-/etc/ucentral/
-endef
-
-TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
-CMAKE_OPTIONS += \
-	-DSMALL_BUILD=1
-
-ifeq ($(ARCH),aarch64)
-  CMAKE_OPTIONS+=-DCMAKE_SYSTEM_PROCESSOR=aarch64
-endif
-
-define Package/lldpd/conffiles
-/etc/ucentral/
-endef
-
-define Package/ucentralgw/install
-	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/libexec/ucentral/
-
-	$(CP) ./files/* $(1)
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ucentralgw $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/cert_scripts/* $(1)/usr/libexec/ucentral/
-endef
-
-$(eval $(call BuildPackage,ucentralgw))

feeds/ucentral/ucentralgw/files/etc/init.d/ucentralgw

@@ -1,15 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=80
-
-USE_PROCD=1
-PROG=/usr/bin/ucentralgw
-
-start_service() {
-	procd_open_instance
-	procd_set_param command "$PROG"
-	procd_append_param command --file /etc/ucentral/ucentral.properties
-	procd_set_param respawn 3600 5 0
-	procd_add_mdns "ucentral" "tcp" "15002" "daemon=ucentralgw"
-	procd_close_instance
-}

feeds/ucentral/ucentralgw/files/etc/ucentral/ucentral.properties

@@ -1,153 +0,0 @@
-#
-# uCentral protocol server for devices. This is where you point
-# all your devices. You can replace the * for address by the specific
-# address of one of your interfaces
-#
-ucentral.websocket.host.0.backlog = 500
-ucentral.websocket.host.0.rootca = /etc/ucentral/certs/root.pem
-ucentral.websocket.host.0.issuer = /etc/ucentral/certs/issuer.pem
-ucentral.websocket.host.0.cert = /etc/ucentral/certs/websocket-cert.pem
-ucentral.websocket.host.0.key = /etc/ucentral/certs/websocket-key.pem
-ucentral.websocket.host.0.clientcas = /etc/ucentral/certs/clientcas.pem
-ucentral.websocket.host.0.cas = /etc/ucentral/certs/cas
-ucentral.websocket.host.0.address = *
-ucentral.websocket.host.0.port = 15002
-ucentral.websocket.host.0.security = relaxed
-ucentral.websocket.host.0.key.password = mypassword
-ucentral.websocket.maxreactors = 20
-
-#
-# REST API access
-#
-ucentral.restapi.host.0.backlog = 100
-ucentral.restapi.host.0.security = relaxed
-ucentral.restapi.host.0.rootca = /etc/ucentral/certs/restapi-ca.pem
-ucentral.restapi.host.0.address = *
-ucentral.restapi.host.0.port = 16001
-ucentral.restapi.host.0.cert = /etc/ucentral/certs/restapi-cert.pem
-ucentral.restapi.host.0.key = /etc/ucentral/certs/restapi-key.pem
-ucentral.restapi.host.0.key.password = mypassword
-
-#
-# Used to upload files to the service.
-# You should replace the 'name' vaalue with the IP address of your gateway or an FQDN
-# that your devices can reach
-#
-ucentral.fileuploader.host.0.backlog = 100
-ucentral.fileuploader.host.0.rootca = /etc/ucentral/certs/restapi-ca.pem
-ucentral.fileuploader.host.0.security = relaxed
-ucentral.fileuploader.host.0.address = *
-ucentral.fileuploader.host.0.name = 192.168.1.176
-ucentral.fileuploader.host.0.port = 16003
-ucentral.fileuploader.host.0.cert = /etc/ucentral/certs/restapi-cert.pem
-ucentral.fileuploader.host.0.key = /etc/ucentral/certs/restapi-key.pem
-ucentral.fileuploader.host.0.key.password = mypassword
-ucentral.fileuploader.path = /etc/ucentral/uploads
-ucentral.fileuploader.maxsize = 10000
-
-#
-# This section descrive how to do autoprovisioning
-# When enabled, it will allow devices that are not in the system
-# to be managed and serviced
-#
-ucentral.autoprovisioning = true
-ucentral.autoprovisioning.type.0 = AP:ea8300,edge
-ucentral.autoprovisioning.type.1 = IOT:ea8301,edge2
-ucentral.autoprovisioning.type.2 = AP:ea8302,edge6
-ucentral.service.key = /etc/ucentral/certs/websocket-key.pem
-
-#
-# Kafka
-#
-ucentral.kafka.enable = false
-ucentral.kafka.brokerlist = 127.0.0.1:9092
-
-#
-# This section select which form of persistence you need
-# Only one selected at a time. If you select multiple, this service will die if a horrible
-# death and might make your beer flat.
-#
-storage.type = sqlite
-#storage.type = postgresql
-#storage.type = mysql
-#storage.type = odbc
-
-storage.type.sqlite.db = /etc/ucentral/devices.db
-storage.type.sqlite.idletime = 120
-storage.type.sqlite.maxsessions = 128
-
-storage.type.postgresql.maxsessions = 64
-storage.type.postgresql.idletime = 60
-storage.type.postgresql.host = localhost
-storage.type.postgresql.username = stephb
-storage.type.postgresql.password = snoopy99
-storage.type.postgresql.database = ucentral
-storage.type.postgresql.port = 5432
-storage.type.postgresql.connectiontimeout = 60
-
-storage.type.mysql.maxsessions = 64
-storage.type.mysql.idletime = 60
-storage.type.mysql.host = localhost
-storage.type.mysql.username = stephb
-storage.type.mysql.password = snoopy99
-storage.type.mysql.database = ucentral
-storage.type.mysql.port = 3306
-storage.type.mysql.connectiontimeout = 60
-
-#
-# Authentication
-#
-authentication.enabled = true
-authentication.default.username = support@example.com
-authentication.default.password = support
-authentication.default.access = master
-authentication.service.type = internal
-
-ucentral.system.debug = true
-ucentral.system.id = 1
-ucentral.system.commandchannel = /tmp/app.ucentralgw
-ucentral.system.host.0.path = https://host2.com:9010
-ucentral.system.host.0.id = 2
-ucentral.system.host.1.path = https://host3.com:9010
-ucentral.system.host.1.id = 3
-ucentral.system.host.2.path = https://host4.com:9010
-ucentral.system.host.2.id = 4
-
-########################################################################
-########################################################################
-#
-# Thw following sections apply to the uCentral service
-#
-# Logging: please leave as is for now.
-#
-########################################################################
-########################################################################
-
-logging.formatters.f1.class = PatternFormatter
-logging.formatters.f1.pattern = %s: [%p] %t
-logging.formatters.f1.times = UTC
-logging.channels.c1.class = ConsoleChannel
-logging.channels.c1.formatter = f1
-logging.channels.c2.class = FileChannel
-# This is where the logs will be written. This path MUST exist
-logging.channels.c2.path = /tmp/ucentral.log
-logging.channels.c2.formatter.class = PatternFormatter
-logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.channels.c3.class = ConsoleChannel
-logging.channels.c3.pattern = %s: [%p] %t
-# External Channel
-logging.loggers.root.channel = c2
-logging.loggers.root.level = information
-# Inline Channel with PatternFormatter
-# logging.loggers.l1.name = logger1
-# logging.loggers.l1.channel.class = ConsoleChannel
-# logging.loggers.l1.channel.pattern = %s: [%p] %t
-# logging.loggers.l1.level = information
-# SplitterChannel
-# logging.channels.splitter.class = SplitterChannel
-# logging.channels.splitter.channels = l1,l2
-# logging.loggers.l2.name = logger2
-# logging.loggers.l2.channel = splitter
-
-
-

feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-certs

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-[ -f /etc/ucentral/certs/server-key.pem ] && exit 0
-/usr/libexec/ucentral/create_certificates.sh
-
-exit 0

feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-firewall

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-uci set firewall.wan.input=ACCEPT
-uci commit firewall
-
-exit 0

feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-hostname

@@ -1,4 +0,0 @@
-#!/bin/sh
-
-hname=$(cat /sys/class/net/eth0/address | tr -d : | awk '{print tolower($0)}')
-uci set system.@system[-1].hostname="ucentral-$hname"

feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-mdns

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-uci add_list umdns.@umdns[-1].network=foo
-uci commit umdns
-
-exit 0

feeds/ucentral/ucentralgw/patches/100-bash.patch

@@ -1,67 +0,0 @@
-Index: ucentralgw-2021-03-28-555b5fef/cert_scripts/clean.sh
-===================================================================
---- ucentralgw-2021-03-28-555b5fef.orig/cert_scripts/clean.sh
-+++ ucentralgw-2021-03-28-555b5fef/cert_scripts/clean.sh
-@@ -1,3 +1,3 @@
--#!/bin/bash
-+#!/bin/sh
- 
- rm *.pem *.csr
-Index: ucentralgw-2021-03-28-555b5fef/cert_scripts/create_certificates.sh
-===================================================================
---- ucentralgw-2021-03-28-555b5fef.orig/cert_scripts/create_certificates.sh
-+++ ucentralgw-2021-03-28-555b5fef/cert_scripts/create_certificates.sh
-@@ -1,15 +1,27 @@
--#!/bin/bash
-+#!/bin/sh
- 
--hn=$(hostname)
-+mkdir -p /etc/ucentral/certs/cas
-+
-+hn=$(cat /proc/sys/kernel/hostname)
- howmany=10
--cert_life=365
--subject="/C=CA/ST=British Columbia/L=Vancouver/O=Arilia Wireless/OU=Engineering/CN=$hn/emailAddress=support@example.com"
-+cert_life=1825
-+subject="/C=uC/ST=uCentral/L=uCentral/O=uCentral/OU=uCentral/CN=$hn/emailAddress=support@example.com"
-+
-+openssl genrsa -out /etc/ucentral/certs/server-key.pem 2048
-+openssl req -new -key /etc/ucentral/certs/server-key.pem -subj "$subject" -out /etc/ucentral/certs/server.csr
-+openssl x509 -req -days $cert_life -in /etc/ucentral/certs/server.csr -signkey /etc/ucentral/certs/server-key.pem -out /etc/ucentral/certs/server-cert.pem
-+
-+for a in clientcas.pem issuer.pem restapi-ca.pem restapi-cert.pem root.pem websocket-cert.pem; do
-+	cp /etc/ucentral/certs/server-cert.pem /etc/ucentral/certs/$a
-+done
-+
-+for a in restapi-key.pem websocket-key.pem; do
-+	cp /etc/ucentral/certs/server-key.pem /etc/ucentral/certs/$a
-+done
- 
--openssl genrsa -out server-key.pem 2048
--openssl req -new -key server-key.pem -subj "$subject" -out server.csr
--openssl x509 -req -days $cert_life -in server.csr -signkey server-key.pem -out server-cert.pem
-+cp  /etc/ucentral/certs/server-cert.pem /etc/ucentral/certs/cas/
- 
--for i in `eval echo {1..$howmany}`
-+for i in `seq 1 $howmany`
- do
--  openssl x509 -signkey server-key.pem -in server.csr -req -days $cert_life -out dev-$i-cert.pem
-+  openssl x509 -signkey /etc/ucentral/certs/server-key.pem -in /etc/ucentral/certs/server.csr -req -days $cert_life -out /etc/ucentral/certs/dev-$i-cert.pem
- done
-Index: ucentralgw-2021-03-28-555b5fef/cert_scripts/more_devices.sh
-===================================================================
---- ucentralgw-2021-03-28-555b5fef.orig/cert_scripts/more_devices.sh
-+++ ucentralgw-2021-03-28-555b5fef/cert_scripts/more_devices.sh
-@@ -1,4 +1,4 @@
--#!/usr/bin/env bash
-+#!/bin/sh
- 
- start=11
- finish=50
-@@ -7,4 +7,4 @@ cert_life=365
- for i in `eval echo {$start..$finish}`
- do
-   openssl x509 -signkey server-key.pem -in server.csr -req -days $cert_life -out dev-$i-cert.pem
--done
-\ No newline at end of file
-+done

feeds/ucentral/ucentralgw/patches/200-jwt.patch

@@ -1,20 +0,0 @@
-Index: ucentralgw-2021-03-28-555b5fef/CMakeLists.txt
-===================================================================
---- ucentralgw-2021-03-28-555b5fef.orig/CMakeLists.txt
-+++ ucentralgw-2021-03-28-555b5fef/CMakeLists.txt
-@@ -40,7 +40,7 @@ find_package(ZLIB REQUIRED)
- find_package(Lua REQUIRED)
- 
- if(SMALL_BUILD)
--    find_package(Poco REQUIRED COMPONENTS Crypto Net Util NetSSL Data DataSQLite)
-+    find_package(Poco REQUIRED COMPONENTS Crypto JWT Net Util NetSSL Data DataSQLite)
- else()
-     find_package(CppKafka REQUIRED)
-     find_package(PostgreSQL REQUIRED)
-@@ -81,4 +81,4 @@ if(NOT SMALL_BUILD)
-             ${MySQL_LIBRARIES} ${ODBC_LIBRARIES} ${ZLIB_LIBRARIES} ${LUA_LIBRARIES}
-             CppKafka::cppkafka
-              )
--endif()
-\ No newline at end of file
-+endif()