WIFI-2427 Preserve certs and redirector over factory-reset

Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>

feeds/wifi-ax/hostapd/files/hostapd.sh

@@ -49,6 +49,7 @@ hostapd_append_wpa_key_mgmt() {
 		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
 		;;
 		eap-eap192)

feeds/wifi-ax/hostapd/patches/f00-011-ubus-multi-bss-chan-switch.patch

@@ -0,0 +1,24 @@
+--- a/src/ap/ubus.c
++++ b/src/ap/ubus.c
+@@ -722,6 +722,7 @@ hostapd_switch_chan(struct ubus_context
+ 	struct blob_attr *tb[__CSA_MAX];
+ 	struct hostapd_data *hapd = get_hapd_from_object(obj);
+ 	struct csa_settings css;
++	int i;
+ 
+ 	blobmsg_parse(csa_policy, __CSA_MAX, tb, blob_data(msg), blob_len(msg));
+ 
+@@ -746,9 +747,10 @@ hostapd_switch_chan(struct ubus_context
+ 	SET_CSA_SETTING(CSA_VHT, freq_params.vht_enabled, bool);
+ 	SET_CSA_SETTING(CSA_BLOCK_TX, block_tx, bool);
+ 
+-
+-	if (hostapd_switch_channel(hapd, &css) != 0)
+-		return UBUS_STATUS_NOT_SUPPORTED;
++	for (i = 0; i < hapd->iface->num_bss; i++) {
++		if (hostapd_switch_channel(hapd->iface->bss[i], &css) != 0)
++			return UBUS_STATUS_NOT_SUPPORTED;
++	}
+ 	return UBUS_STATUS_OK;
+ #undef SET_CSA_SETTING
+ }

feeds/wifi-ax/hostapd/patches/f00-012-hapd-ubus-channel-switch-event.patch

@@ -0,0 +1,186 @@
+--- a/src/ap/dfs.c
++++ b/src/ap/dfs.c
+@@ -19,7 +19,7 @@
+ #include "dfs.h"
+ #include "beacon.h"
+ #include "eloop.h"
+-
++#include "ubus.h"
+ 
+ static int dfs_get_used_n_chans(struct hostapd_iface *iface, int *seg1)
+ {
+@@ -1207,6 +1207,11 @@ static int hostapd_dfs_start_channel_swi
+ 			break;
+ 	}
+ 
++	if (!err) {
++		wpa_printf(MSG_DEBUG, "Reporting DFS event to ubus");
++		hostapd_ubus_handle_channel_switch_event(iface, HOSTAPD_UBUS_DFS_SWITCH,  channel->freq);
++	}
++
+ 	if (err) {
+ 		wpa_printf(MSG_WARNING, "DFS failed to schedule CSA (%d) - trying fallback",
+ 			   err);
+--- a/src/ap/ubus.c
++++ b/src/ap/ubus.c
+@@ -29,6 +29,8 @@ static int ctx_ref;
+ static char** bss_lst = NULL;
+ static size_t bss_nr = 0;
+ 
++static LIST_HEAD(chan_events);
++
+ static inline struct hapd_interfaces *get_hapd_interfaces_from_object(struct ubus_object *obj)
+ {
+ 	return container_of(obj, struct hapd_interfaces, ubus);
+@@ -714,6 +716,42 @@ static int hostapd_sessions(struct ubus_
+ 	return 0;
+ }
+ 
++static int hostapd_get_chan_switch_events(struct ubus_context *ctx,
++					  struct ubus_object *obj,
++					  struct ubus_request_data *req,
++					  const char *method,
++					  struct blob_attr *msg)
++{
++	void *a = NULL;
++	void *t = NULL;
++	struct hostapd_chan_event_list *entry, *tmp;
++
++	blob_buf_init(&b_ev, 0);
++	a = blobmsg_open_table(&b_ev, "chan_switch_event");
++	list_for_each_entry(entry, &chan_events, list) {
++		t = blobmsg_open_table(&b_ev, "event");
++		blobmsg_add_u32(&b_ev, "radio_name", entry->records.band);
++		blobmsg_add_u32(&b_ev, "reason", entry->records.reason);
++		blobmsg_add_u64(&b_ev, "timestamp", entry->records.ts);
++		blobmsg_add_u32(&b_ev, "frequency", entry->records.freq);
++		blobmsg_close_table(&b_ev, t);
++	}
++
++	blobmsg_close_table(&b_ev, a);
++	ubus_send_reply(ctx, req, b_ev.head);
++
++	/*delete list*/
++
++	if (!list_empty(&chan_events)) {
++		list_for_each_entry_safe(entry, tmp, &chan_events, list) {
++			list_del(&entry->list);
++			free(entry);
++		}
++	}
++
++	return 0;
++}
++
+ static int
+ hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
+ 		    struct ubus_request_data *req, const char *method,
+@@ -751,6 +789,9 @@ hostapd_switch_chan(struct ubus_context
+ 		if (hostapd_switch_channel(hapd->iface->bss[i], &css) != 0)
+ 			return UBUS_STATUS_NOT_SUPPORTED;
+ 	}
++
++	hostapd_ubus_handle_channel_switch_event(hapd->iface, HOSTAPD_UBUS_HIGH_INTERFERENCE, css.freq_params.freq);
++
+ 	return UBUS_STATUS_OK;
+ #undef SET_CSA_SETTING
+ }
+@@ -1446,6 +1487,7 @@ static const struct ubus_method daemon_m
+ 	UBUS_METHOD("config_add", hostapd_config_add, config_add_policy),
+ 	UBUS_METHOD("config_remove", hostapd_config_remove, config_remove_policy),
+ 	UBUS_METHOD_NOARG("get_bss_list", hostapd_get_bss_list),
++	UBUS_METHOD_NOARG("get_chan_switch_events", hostapd_get_chan_switch_events),
+ };
+ 
+ static struct ubus_object_type daemon_object_type =
+@@ -1509,6 +1551,26 @@ ubus_event_cb(struct ubus_notify_request
+ 	ureq->resp = ret;
+ }
+ 
++void hostapd_ubus_handle_channel_switch_event(struct hostapd_iface *iface, int reason,
++					      int freq)
++{
++	struct hostapd_chan_event_list *rec = NULL;
++	struct timespec ts;
++	uint64_t timestamp = 0;
++
++	clock_gettime(CLOCK_REALTIME, &ts);
++	timestamp = get_time_in_ms(&ts);
++
++	rec = os_zalloc(sizeof(struct hostapd_chan_event_list));
++
++	rec->records.reason = reason;
++	rec->records.band = iface->freq;
++	rec->records.ts = timestamp;
++	rec->records.freq = freq;
++
++	list_add_tail(&rec->list, &chan_events);
++}
++
+ int hostapd_ubus_handle_rt_event(struct hostapd_data *hapd,
+ 				 struct hostapd_ubus_request *req)
+ {
+--- a/src/ap/ubus.h
++++ b/src/ap/ubus.h
+@@ -17,9 +17,15 @@ enum hostapd_ubus_event_type {
+ 	HOSTAPD_UBUS_DEAUTH_REQ,
+ 	HOSTAPD_UBUS_FDATA_REQ,
+ 	HOSTAPD_UBUS_IP_REQ,
++	HOSTAPD_UBUS_CHAN_SWITCH,
+ 	HOSTAPD_UBUS_TYPE_MAX
+ };
+ 
++enum hostapd_ubus_chan_event_reason {
++	HOSTAPD_UBUS_DFS_SWITCH,
++	HOSTAPD_UBUS_HIGH_INTERFERENCE
++};
++
+ struct hostapd_ubus_request {
+ 	enum hostapd_ubus_event_type type;
+ 	const struct ieee80211_mgmt *mgmt_frame;
+@@ -40,6 +46,7 @@ struct rrm_measurement_beacon_report;
+ 
+ #include <libubox/avl.h>
+ #include <libubus.h>
++#include <libubox/list.h>
+ 
+ struct hostapd_ubus_bss {
+ 	struct ubus_object obj;
+@@ -121,11 +128,24 @@ struct hostapd_event_avl_rec {
+ 	struct avl_node avl;
+ };
+ 
++struct channel_switch_event {
++	int band; /* Radio name*/
++	uint8_t reason;
++	uint64_t ts;
++	uint32_t freq;
++};
++
++struct hostapd_chan_event_list {
++	struct channel_switch_event records;
++	struct list_head list;
++};
++
+ void hostapd_ubus_add_iface(struct hostapd_iface *iface);
+ void hostapd_ubus_free_iface(struct hostapd_iface *iface);
+ void hostapd_ubus_add_bss(struct hostapd_data *hapd);
+ void hostapd_ubus_free_bss(struct hostapd_data *hapd);
+-
++void hostapd_ubus_handle_channel_switch_event(struct hostapd_iface *iface,
++					      int reason, int channel);
+ int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
+ int hostapd_ubus_handle_rt_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
+ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
+@@ -157,6 +177,11 @@ static inline void hostapd_ubus_free_bss
+ {
+ }
+ 
++static inline void hostapd_ubus_handle_channel_switch_event(struct hostapd_iface *iface,
++							    int reason, int channel)
++{
++}
++
+ static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req)
+ {
+ 	return 0;

feeds/wifi-trunk/ath10k-ct/Makefile

@@ -8,8 +8,8 @@ PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/greearb/ath10k-ct.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2020-08-26
-PKG_SOURCE_VERSION:=13319ff0b5dc3c86e8313f49fca583b829878736
+PKG_SOURCE_DATE:=2021-05-22b
+PKG_SOURCE_VERSION:=54a9ac02f1139596ea4361ebbc3e444955d86cfd
 #PKG_MIRROR_HASH:=97cf22a4a57381c7eb7a9b8a8b1e347e9711ce51c89db971b4ab9a35af476ece
 
 # Build the 5.4 ath10k-ct driver version.  Other option is "-4.19".

feeds/wifi-trunk/hostapd/files/hostapd.sh

@@ -49,6 +49,7 @@ hostapd_append_wpa_key_mgmt() {
 		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
 		;;
 		eap-eap192)

feeds/wifi-trunk/hostapd/patches/901-hapd-ubus-channel-switch.patch

@@ -1,7 +1,5 @@
-Index: hostapd-2020-06-08-5a8b3662/src/ap/dfs.c
-===================================================================
---- hostapd-2020-06-08-5a8b3662.orig/src/ap/dfs.c
-+++ hostapd-2020-06-08-5a8b3662/src/ap/dfs.c
+--- a/src/ap/dfs.c
++++ b/src/ap/dfs.c
 @@ -18,7 +18,7 @@
  #include "drivers/driver.h"
  #include "dfs.h"
@@ -23,10 +21,8 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/dfs.c
  	if (err) {
  		wpa_printf(MSG_WARNING, "DFS failed to schedule CSA (%d) - trying fallback",
  			   err);
-Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
-===================================================================
---- hostapd-2020-06-08-5a8b3662.orig/src/ap/ubus.c
-+++ hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
+--- a/src/ap/ubus.c
++++ b/src/ap/ubus.c
 @@ -29,6 +29,8 @@ static int ctx_ref;
  static char** bss_lst = NULL;
  static size_t bss_nr = 0;
@@ -36,7 +32,7 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
  static inline struct hapd_interfaces *get_hapd_interfaces_from_object(struct ubus_object *obj)
  {
  	return container_of(obj, struct hapd_interfaces, ubus);
-@@ -714,6 +716,43 @@ static int hostapd_sessions(struct ubus_
+@@ -714,6 +716,44 @@ static int hostapd_sessions(struct ubus_
  	return 0;
  }
  
@@ -48,7 +44,7 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
 +{
 +	void *a = NULL;
 +	void *t = NULL;
-+	struct hostapd_chan_event_list *entry;
++	struct hostapd_chan_event_list *entry, *tmp;
 +
 +	blob_buf_init(&b_ev, 0);
 +	a = blobmsg_open_table(&b_ev, "chan_switch_event");
@@ -68,9 +64,10 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
 +	/*delete list*/
 +
 +	if (!list_empty(&chan_events)) {
-+	list_for_each_entry(entry, &chan_events, list)
++	list_for_each_entry_safe(entry, tmp, &chan_events, list)
 +		{
 +			list_del(&entry->list);
++			free(entry);
 +		}
 +	}
 +
@@ -80,7 +77,7 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
  static int
  hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
  		    struct ubus_request_data *req, const char *method,
-@@ -749,6 +788,9 @@ hostapd_switch_chan(struct ubus_context
+@@ -749,6 +789,9 @@ hostapd_switch_chan(struct ubus_context
  
  	if (hostapd_switch_channel(hapd, &css) != 0)
  		return UBUS_STATUS_NOT_SUPPORTED;
@@ -90,7 +87,7 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
  	return UBUS_STATUS_OK;
  #undef SET_CSA_SETTING
  }
-@@ -1444,6 +1486,7 @@ static const struct ubus_method daemon_m
+@@ -1444,6 +1487,7 @@ static const struct ubus_method daemon_m
  	UBUS_METHOD("config_add", hostapd_config_add, config_add_policy),
  	UBUS_METHOD("config_remove", hostapd_config_remove, config_remove_policy),
  	UBUS_METHOD_NOARG("get_bss_list", hostapd_get_bss_list),
@@ -98,7 +95,7 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
  };
  
  static struct ubus_object_type daemon_object_type =
-@@ -1507,6 +1550,28 @@ ubus_event_cb(struct ubus_notify_request
+@@ -1507,6 +1551,28 @@ ubus_event_cb(struct ubus_notify_request
  	ureq->resp = ret;
  }
  
@@ -127,10 +124,8 @@ Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.c
  int hostapd_ubus_handle_rt_event(struct hostapd_data *hapd,
  				 struct hostapd_ubus_request *req)
  {
-Index: hostapd-2020-06-08-5a8b3662/src/ap/ubus.h
-===================================================================
---- hostapd-2020-06-08-5a8b3662.orig/src/ap/ubus.h
-+++ hostapd-2020-06-08-5a8b3662/src/ap/ubus.h
+--- a/src/ap/ubus.h
++++ b/src/ap/ubus.h
 @@ -17,9 +17,15 @@ enum hostapd_ubus_event_type {
  	HOSTAPD_UBUS_DEAUTH_REQ,
  	HOSTAPD_UBUS_FDATA_REQ,

feeds/wifi-trunk/hostapd/patches/902-ubus-multi-bss-chan-switch.patch

@@ -0,0 +1,23 @@
+--- a/src/ap/ubus.c
++++ b/src/ap/ubus.c
+@@ -762,6 +762,7 @@ hostapd_switch_chan(struct ubus_context
+ 	struct blob_attr *tb[__CSA_MAX];
+ 	struct hostapd_data *hapd = get_hapd_from_object(obj);
+ 	struct csa_settings css;
++	int i;
+ 
+ 	blobmsg_parse(csa_policy, __CSA_MAX, tb, blob_data(msg), blob_len(msg));
+ 
+@@ -787,8 +788,10 @@ hostapd_switch_chan(struct ubus_context
+ 	SET_CSA_SETTING(CSA_BLOCK_TX, block_tx, bool);
+ 
+ 
+-	if (hostapd_switch_channel(hapd, &css) != 0)
+-		return UBUS_STATUS_NOT_SUPPORTED;
++	for (i = 0; i < hapd->iface->num_bss; i++) {
++		if (hostapd_switch_channel(hapd->iface->bss[i], &css) != 0)
++			return UBUS_STATUS_NOT_SUPPORTED;
++	}
+ 
+ 	hostapd_ubus_handle_channel_switch_event(hapd->iface,HOSTAPD_UBUS_HIGH_INTERFERENCE,  css.freq_params.freq);
+ 

feeds/wlan-ap/apc/Makefile

@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/package.mk
 
 define Package/apc
   SECTION:=base
-  DEPENDS:=+libev +libinterapcomm
+  DEPENDS:=+libev +libinterapcomm +libubus +libubox
   CATEGORY:=Base system
   TITLE:=Access Point Coordinator
 endef
@@ -33,5 +33,11 @@ endef
 define Package/apc/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/apc $(1)/usr/bin
+	chmod 0700 $(1)/usr/bin/apc
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/apc.init $(1)/etc/init.d/apc
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_BIN) ./files/apc.config $(1)/etc/config/apc
+
 endef
 $(eval $(call BuildPackage,apc))

feeds/wlan-ap/apc/files/apc.init

@@ -0,0 +1,20 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=40
+STOP=40
+
+PROG="/usr/bin/apc"
+
+start_service() {
+    procd_open_instance
+    echo "Starting APC"
+    procd_set_param command ${PROG}
+    procd_set_param respawn
+    procd_close_instance
+}
+
+stop_service() {
+    echo "Killing APC"
+    killall -s SIGTERM apc
+}

feeds/wlan-ap/apc/src/Makefile

@@ -3,19 +3,21 @@ srcdir ?= .
 VPATH ?= $(srcdir)/src
 
 
-LIBS = -lpthread -lrt -linterapcomm -lev
+LIBS = -lpthread -lrt -linterapcomm -lev -lubus -lubox
 $(call output,usr/sbin/wc-apc)
 
 CFLAGS += -I./include/ \
 	-I../include/
 
+CFLAGS += -DUBUS_SUPPORT
+
 CFLAGS  += -Wall -g
 CFLAGS += -MMD -Wall -g -Wpointer-arith -Wcast-qual -Wshadow \
 				-Waggregate-return -Wnested-externs -Wstrict-prototypes \
 				-fno-omit-frame-pointer -g -rdynamic -fexceptions -funwind-tables -funsigned-char
 
 OBJS := apc_main.o \
-               hello.o iface.o neighbor.o apc.o
+               hello.o iface.o neighbor.o apc.o ubus.o
 
 all: apc
 

feeds/wlan-ap/apc/src/include/apc.h

@@ -262,6 +262,8 @@ struct apc_neighbor
 #define APC_IS_DROTHER 4   /* I'm on BCAST or NBMA and I'm not DR */
 #define APC_IS_BACKUP  5   /* I'm BDR */
 #define APC_IS_DR      6   /* I'm DR */
+#define APC_MAX_MODE   7
+
 
 /* Definitions for interface state machine */
 #define ISM_UP      0   /* Interface Up */

feeds/wlan-ap/apc/src/include/lib/timer.h

@@ -30,4 +30,9 @@ static inline timer * tm_new_set( void (*hook)(struct _timer *), void *data, uns
     return t;
 }
 
+static inline void tm_free(timer *t)
+{
+    free(t);
+}
+
 #endif

feeds/wlan-ap/apc/src/include/ubus.h

@@ -0,0 +1,22 @@
+/*
+ * netifd - network interface daemon
+ * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+#ifndef __NETIFD_UBUS_H
+#define __NETIFD_UBUS_H
+
+extern struct ubus_context *ubus_ctx;
+
+int ubus_init();
+void ubus_done(void);
+
+#endif

feeds/wlan-ap/apc/src/src/apc.c

@@ -26,7 +26,8 @@ static void apc_dump( struct proto * P )
 static struct proto * apc_init(struct proto_config * c)
 {
 	struct proto * P = mb_allocz(sizeof(struct apc_proto));
-	
+
+	printf("apc_init\n");
 	P->cf = c;
 	P->debug = c->debug;
 	P->mrtdump = c->mrtdump;

feeds/wlan-ap/apc/src/src/apc_main.c

@@ -21,9 +21,11 @@
 #include <nest/apcn.h>
 #include <apc.h>
 #include <protocol.h>
+#include <ubus.h>
 
-static ev_io iac_io;
-static ev_timer  check_timer;
+#include <libubus.h>
+static struct uloop_timeout check_timer;
+static void check_timer_handler(struct uloop_timeout *timeout);
 static unsigned int CheckIp;
 static int CheckCount;
 
@@ -228,8 +230,7 @@ int set_socket(void)
 /*************************************/
 
 
-static void check_timer_handler(struct ev_loop *loop, ev_timer *timer,
-				 int revents) 
+static void check_timer_handler(struct uloop_timeout *timeout)
 {
 	timers_go();
 	if (WaitingToReelect)
@@ -256,25 +257,45 @@ static void check_timer_handler(struct ev_loop *loop, ev_timer *timer,
 		}
 		
 		CheckCount = 0;
-		if (ApcSpecSaved.IsApc == I_AM_APC)
-		{
-		//Radius stuff
-		}
 	}
+
+	uloop_timeout_set(&check_timer, 1000);
+	uloop_timeout_add(&check_timer);
+
 }
 
+static void handle_signal(int signo)
+{
+	system("/usr/opensync/bin/ovsh u APC_State dr_addr:=0.0.0.0 bdr_addr:=0.0.0.0 enabled:=false mode:=NC");
+}
+
+static void set_signals(void)
+{
+	struct sigaction s;
+
+	memset(&s, 0, sizeof(s));
+	s.sa_handler = handle_signal;
+	s.sa_flags = 0;
+	sigaction(SIGINT, &s, NULL);
+	sigaction(SIGTERM, &s, NULL);
+	sigaction(SIGPIPE, &s, NULL);
+}
+
+extern struct ubus_context *ubus_ctx;
+
 int main(int argc, char *const* argv)
 {
 	struct proto_config c;
 	struct proto * apc_proto;
-	struct ev_loop *loop = EV_DEFAULT;
+	uloop_init();
+	/*init term signals*/
+	set_signals();
 
 	/*Socket*/
 	set_socket();
 
 	/*Radius stuff*/
 
-	printf("Basic MAC\n");
 	memset(MyBasicMac, 0, 6);
 	if (get_mac_addr("br-wan", MyBasicMac) == 0) {
 		printf("APC: br-wan mac:%02X:%02X:%02X:%02X:%02X:%02X\n",
@@ -291,6 +312,7 @@ int main(int argc, char *const* argv)
 
 	/*get local ip of br-wan*/
 	MyIpAddr = 0;
+	printf("Getting br-wan IP\n");
 	while(1)
 	{
 		GetLocalIpv4Addr((unsigned char *)&MyIpAddr, "br-wan");
@@ -303,10 +325,12 @@ int main(int argc, char *const* argv)
 
 	/*listening interAP*/
 	callback cb = receive_from_socket;
+
 	if (interap_recv(IAC_APC_ELECTION_PORT, cb, 1000,
-			 loop, &iac_io) < 0)
+			 NULL, NULL) < 0)
 		printf("Error: Failed InterAP receive");
 
+
 	memset(Timers, 0, sizeof(Timers));
 	
 	memset(&c, 0, sizeof(struct proto_config));
@@ -319,11 +343,14 @@ int main(int argc, char *const* argv)
 	ApcProto = (struct apc_proto *)apc_proto;
 	proto_apc.start(apc_proto);
 
-	ev_timer_init(&check_timer, check_timer_handler, 1, 1);
+	check_timer.cb = check_timer_handler;
+	uloop_timeout_set(&check_timer, 1000);
+	uloop_timeout_add(&check_timer);
 
-	ev_timer_start(loop, &check_timer);
-
-	ev_run(loop, 0);
+	ubus_init();
+	uloop_run();
+	uloop_done();
+	ubus_done();
 
 	return(1);
 }

feeds/wlan-ap/apc/src/src/hello.c

@@ -103,6 +103,7 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 	struct apc_hello2_packet ps;
 	unsigned int length, report = 0;
 	struct apc_spec ApcSpec;
+	char dst_ip[16];
 	
 	if (WaitingToReelect )
 		return;
@@ -202,8 +203,7 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 
 	length += i * sizeof(u32);
 
-	printf("HELLO packet sent via %s\n", ifa->ifname );
-	char *dst_ip = malloc(16);
+	printf("HELLO packet sent via  %s\n", ifa->ifname );
 	memset(dst_ip, 0, 16);
 	if ((get_current_ip(dst_ip, IAC_IFACE)) < 0) {
 		printf("Error: Cannot get IP for %s", IAC_IFACE);

feeds/wlan-ap/apc/src/src/iface.c

@@ -65,7 +65,7 @@ void apc_iface_chstate(struct apc_iface * ifa, u8 state)
 	
 	if (state == oldstate)
 		return;
-	
+
 	printf("Interface %s changed state from %s to %s\n",
 		ifa->ifname, apc_is_names[oldstate], apc_is_names[state]);
 	

feeds/wlan-ap/apc/src/src/neighbor.c

@@ -33,11 +33,10 @@ reset_lists(struct apc_proto *p, struct apc_neighbor *n)
 {
 }
 
-
 struct apc_neighbor * apc_neighbor_new(struct apc_iface * ifa)
 {
 	struct apc_neighbor * n = mb_allocz(sizeof(struct apc_neighbor));
-	
+	printf("apc_new_neighbor\n");	
 	n->ifa = ifa;
 	add_tail(&ifa->neigh_list, NODE n);
 	n->adj = 0;
@@ -52,7 +51,6 @@ struct apc_neighbor * apc_neighbor_new(struct apc_iface * ifa)
 	return(n);
 }
 
-
 static void apc_neigh_down(struct apc_neighbor * n)
 {
 	struct apc_iface * ifa = n->ifa;
@@ -60,9 +58,10 @@ static void apc_neigh_down(struct apc_neighbor * n)
 	rem_node(NODE n);
 	
 	printf("Neighbor %x on %s removed", n->rid, ifa->ifname );
+	tm_free(n->inactim);
+	mb_free(n);
 }
 
-
 /**
  * apc_neigh_chstate - handles changes related to new or lod state of neighbor
  * @n: APC neighbor
@@ -81,7 +80,8 @@ static void apc_neigh_chstate(struct apc_neighbor * n, u8 state)
 		return;
 	
 	printf("Neighbor %x on %s changed state from %s to %s\n",
-	                n->rid, ifa->ifname, apc_ns_names[old_state], apc_ns_names[state] );
+	                n->rid, ifa->ifname, apc_ns_names[old_state],
+			apc_ns_names[state]);
 	
 	n->state = state;
 
@@ -121,7 +121,6 @@ static void apc_neigh_chstate(struct apc_neighbor * n, u8 state)
 		apc_iface_sm(ifa, ISM_NEICH);
 }
 
-
 /**
  * apc_neigh_sm - apc neighbor state machine
  * @n: neighor
@@ -218,7 +217,6 @@ void apc_neigh_sm(struct apc_neighbor * n, int event)
 	}
 }
 
-
 static int can_do_adj(struct apc_neighbor * n)
 {
 	struct apc_iface * ifa = n->ifa;
@@ -257,13 +255,11 @@ static int can_do_adj(struct apc_neighbor * n)
 	return i;
 }
 
-
 static inline u32 neigh_get_id(struct apc_proto *p, struct apc_neighbor *n)
 {
 	return ipa_to_u32(n->ip);
 }
 
-
 static struct apc_neighbor * elect_bdr( struct apc_proto * p, list nl)
 {
     struct apc_neighbor *neigh, *n1, *n2;
@@ -271,7 +267,7 @@ static struct apc_neighbor * elect_bdr( struct apc_proto * p, list nl)
 
     n1 = NULL;
     n2 = NULL;
-    WALK_LIST( neigh, nl )                      /* First try those decl. themselves */
+    WALK_LIST( neigh, nl )                /* First try those decl. themselves */
     {
         nid = neigh_get_id( p, neigh );
 
@@ -317,7 +313,6 @@ static struct apc_neighbor * elect_bdr( struct apc_proto * p, list nl)
     return( n1 );
 }
 
-
 static struct apc_neighbor * elect_dr( struct apc_proto * p, list nl )
 {
     struct apc_neighbor *neigh, *n;
@@ -351,7 +346,6 @@ static struct apc_neighbor * elect_dr( struct apc_proto * p, list nl )
     return( n );
 }
 
-
 /**
  * apc_dr_election - (Backup) Designed Router election
  * @ifa: actual interface
@@ -450,7 +444,6 @@ void apc_dr_election(struct apc_iface * ifa)
 	}
 }
 
-
 struct apc_neighbor * find_neigh_by_ip(struct apc_iface * ifa, ip_addr ip)
 {
 	struct apc_neighbor * n;
@@ -463,7 +456,6 @@ struct apc_neighbor * find_neigh_by_ip(struct apc_iface * ifa, ip_addr ip)
 	return NULL;
 }
 
-
 static void inactivity_timer_hook(struct _timer * tmr)
 {
 	struct apc_neighbor * n = (struct apc_neighbor *) tmr->data;

feeds/wlan-ap/apc/src/src/ubus.c

@@ -0,0 +1,173 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+#define _GNU_SOURCE
+
+#include <arpa/inet.h>
+#include <string.h>
+#include <stdio.h>
+#include <ev.h>
+#include "ubus.h"
+#include <libubus.h>
+#include <libubox/blobmsg.h>
+#include <apc.h>
+#include <libubox/uloop.h>
+
+struct ubus_context *ubus_ctx = NULL;
+static struct blob_buf b;
+static struct blob_buf nb;
+static const char *ubus_path;
+timer *notify_timer;
+extern struct apc_iface * apc_ifa;
+#define APC_NOTIFY_INTERVAL 30
+
+struct apc_state {
+	char mode[4];
+	char dr_addr[17];
+	char bdr_addr[17];
+	bool enabled;
+} state;
+
+static int
+apc_info_handle(struct ubus_context *ctx, struct ubus_object *obj,
+			  struct ubus_request_data *req, const char *method,
+			  struct blob_attr *msg);
+
+static void ubus_reconnect_timer(struct uloop_timeout *timeout);
+static struct uloop_timeout reconnect = {
+	.cb = ubus_reconnect_timer,
+};
+
+static void ubus_reconnect_timer(struct uloop_timeout *timeout)
+{
+        if (ubus_reconnect(ubus_ctx, NULL) != 0) {
+                printf("APC ubus failed to reconnect\n");
+                uloop_timeout_set(&reconnect, 2000);
+                return;
+        }
+
+        printf("APC ubus reconnected\n");
+#ifdef FD_CLOEXEC
+	fcntl(ubus_ctx->sock.fd, F_SETFD,
+	      fcntl(ubus_ctx->sock.fd, F_GETFD) | FD_CLOEXEC);
+#endif
+}
+
+static void ubus_connection_lost(struct ubus_context *ctx)
+{
+	printf("APC ubus connection lost\n");
+        ubus_reconnect_timer(NULL);
+}
+
+static const struct blobmsg_policy apc_policy = {
+	.name = "info",
+	.type = BLOBMSG_TYPE_STRING,
+};
+
+static struct ubus_method apc_object_methods[] = {
+	UBUS_METHOD_NOARG("info", apc_info_handle),
+};
+
+static struct ubus_object_type apc_object_type =
+	UBUS_OBJECT_TYPE("apc", apc_object_methods);
+
+static struct ubus_object apc_object = {
+	.name = "apc",
+	.type = &apc_object_type,
+	.methods = apc_object_methods,
+	.n_methods = ARRAY_SIZE(apc_object_methods),
+};
+
+static int
+apc_info_handle(struct ubus_context *ctx, struct ubus_object *obj,
+			  struct ubus_request_data *req, const char *method,
+			  struct blob_attr *msg)
+{
+	blob_buf_init(&b, 0);
+	blobmsg_add_string(&b, "mode", state.mode);
+	blobmsg_add_string(&b, "dr_addr", state.dr_addr);
+	blobmsg_add_string(&b, "bdr_addr", state.bdr_addr);
+	blobmsg_add_u8(&b, "enabled", state.enabled);
+
+	ubus_notify(ctx, &apc_object, "apc", b.head, -1);
+	ubus_send_event(ctx, "apc", b.head);
+	ubus_send_reply(ctx, req, b.head);
+
+	return 0;
+}
+
+static char apc_mode[APC_MAX_MODE][8] = {"DOWN", "LOOP", "WAITING", "PTP", "OR", "BDR", "DR"};
+void apc_update_state()
+{
+	struct in_addr dr_addr;
+	struct in_addr bdr_addr;
+	dr_addr.s_addr = htonl(apc_ifa->drip);
+	bdr_addr.s_addr = htonl(apc_ifa->bdrip);
+
+	state.enabled = true;
+	if ((apc_ifa->state == APC_IS_DR) ||
+	    (apc_ifa->state == APC_IS_BACKUP) ||
+	    (apc_ifa->state == APC_IS_DROTHER)) {
+		snprintf(state.mode, sizeof(state.mode), "%s",
+			 &apc_mode[apc_ifa->state][0]);
+		snprintf(state.dr_addr, sizeof(state.dr_addr),
+			 "%s", inet_ntoa(dr_addr));
+		snprintf(state.bdr_addr, sizeof(state.bdr_addr),
+			 "%s", inet_ntoa(bdr_addr));
+	}
+	else {
+		snprintf(state.mode, sizeof(state.mode), "NC");
+		snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
+		snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
+	}
+}
+
+void apc_send_notification(struct _timer * tmr)
+{
+	apc_update_state();
+
+	printf("APC send ubus notification\n");
+	blob_buf_init(&nb, 0);
+	blobmsg_add_string(&nb, "mode", state.mode);
+	blobmsg_add_string(&nb, "dr_addr", state.dr_addr);
+	blobmsg_add_string(&nb, "bdr_addr", state.bdr_addr);
+	blobmsg_add_u8(&nb, "enabled", state.enabled);
+	ubus_notify(ubus_ctx, &apc_object, "apc", nb.head, -1);
+}
+
+static void add_object(struct ubus_object *obj)
+{
+	int ret = ubus_add_object(ubus_ctx, obj);
+
+	if (ret != 0)
+		fprintf(stderr, "Add object fail '%s': %s\n",
+			obj->name, ubus_strerror(ret));
+}
+
+int
+ubus_init(void) {
+	ubus_ctx = ubus_connect(NULL);
+	if (!ubus_ctx)
+		return -EIO;
+
+	ubus_add_uloop(ubus_ctx);
+#ifdef FD_CLOEXEC
+	fcntl(ubus_ctx->sock.fd, F_SETFD,
+	      fcntl(ubus_ctx->sock.fd, F_GETFD) | FD_CLOEXEC);
+#endif
+	add_object(&apc_object);
+	notify_timer = tm_new_set(apc_send_notification, NULL,
+				  0, APC_NOTIFY_INTERVAL);
+	if (notify_timer) {
+		printf("APC Start notify timer\n");
+		tm_start(notify_timer, APC_NOTIFY_INTERVAL);
+	}
+
+	ubus_ctx->connection_lost = ubus_connection_lost;
+
+	return 0;
+}
+
+void
+ubus_done(void)
+{
+	ubus_free(ubus_ctx);
+}

feeds/wlan-ap/interAPcomm/Makefile

@@ -11,6 +11,7 @@ include $(INCLUDE_DIR)/package.mk
 
 define Package/libinterapcomm
   SECTION:=libs
+  DEPENDS:=+libev +libubox +libubus
   CATEGORY:=Libraries
   TITLE:=Inter AP communication library
 endef

feeds/wlan-ap/interAPcomm/src/Makefile

@@ -6,7 +6,7 @@ subdirs=src/test
 
 CFLAGS += -O -Wall -Werror -Wshadow
 CFLAGS += -I./include/
-LIBS = -lev
+LIBS = -lev -lubox -lubus
 
 all: $(LIBNAME) $(subdirs)
 

feeds/wlan-ap/interAPcomm/src/src/interAPcomm.c

@@ -7,12 +7,29 @@
 #include <string.h>
 #include <unistd.h>
 #include <interAPcomm.h>
+#include <libubox/uloop.h>
 
 /*Receiver socket*/
 int recv_sock = -1;
 
 recv_arg ra;
 
+static void receive_data_uloop(struct uloop_fd *fd, unsigned int events)
+{
+	void *recv_data;
+	ssize_t recv_data_len;
+
+	recv_data = malloc(ra.len);
+	memset(recv_data, 0, ra.len);
+	if ((recv_data_len = recvfrom(recv_sock, recv_data, ra.len,
+				      0, NULL, 0)) < 0)
+		printf("recvfrom() failed");
+
+	ra.cb(recv_data, recv_data_len);
+	free(recv_data);
+
+}
+
 static void receive_data(struct ev_loop *ev, ev_io *io, int event)
 {
 	void *recv_data;
@@ -25,11 +42,14 @@ static void receive_data(struct ev_loop *ev, ev_io *io, int event)
 		printf("recvfrom() failed");
 
 	ra.cb(recv_data, recv_data_len);
+	free(recv_data);
 
 }
 
-int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t), unsigned int len,
-		 struct ev_loop *loop, ev_io *io)
+static struct uloop_fd server;
+
+int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t),
+		 unsigned int len, struct ev_loop *loop, ev_io *io)
 {
 	struct sockaddr_in addr;
 	int bcast_perm;
@@ -65,8 +85,16 @@ int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t), unsigned
 	}
 
 	printf("Interap recving: p:%d\n", port);
-	ev_io_init(io, receive_data, recv_sock, EV_READ);
-	ev_io_start(loop, io);
+
+	if (io && loop) {
+		ev_io_init(io, receive_data, recv_sock, EV_READ);
+		ev_io_start(loop, io);
+	} else {
+
+		server.cb = receive_data_uloop;
+		server.fd = recv_sock;
+		uloop_fd_add(&server, ULOOP_READ);
+	}
 
 	return 0;
 }

feeds/wlan-ap/interAPcomm/src/src/test/Makefile

@@ -3,7 +3,7 @@ OBJS = interapcommtest.o
 
 CFLAGS += -Wall $(EXTRA_CFLAGS) $(extra_cflags-y)
 
-LIBS =	-L ../../ -linterapcomm -lev
+LIBS =	-L ../../ -linterapcomm -lev -lubox -lubus
 
 CFLAGS += -I. \
 	-I../../include/

feeds/wlan-ap/interAPcomm/src/src/test/interapcommtest.c

@@ -6,6 +6,8 @@
 #include <ev.h>
 #include <interAPcomm.h>
 
+#include <libubus.h>
+
 struct my_data {
 	int x;
 	char y;
@@ -13,7 +15,8 @@ struct my_data {
 };
 
 
-int recv_process(void *data) {
+int recv_process(void *data, ssize_t n)
+{
 	struct my_data *dat = (struct my_data*) data;
 
 	printf("Recv process: %d, %c, %d\n", dat->x, dat->y, dat->z);
@@ -22,34 +25,37 @@ int recv_process(void *data) {
 
 int main (int argc, char *argv[ ])
 {
-	unsigned int send = atoi(argv[1]);   /* First arg: broadcast port */
-	unsigned short port = 50000;
+	unsigned int send = atoi(argv[1]);
+	unsigned short port = 50020;
 //	char *dst_ip = "255.255.255.255";
-	char *dst_ip = "192.168.9.255";
+	char *dst_ip = "10.42.0.255";
 //	char *data = "InterAP Hello";
 	struct my_data data;
 	data.x = 1001;
 	data.y = 'H';
 	data.z = 3003;
 
-//	callback cb = recv_process;
-
-
-	printf("arg1 = %d\n", send);
+	printf("send = %d\n", send);
 
 	if (send) {
 		printf("Send");
-		interap_send(port, dst_ip, &data, sizeof(data));
+		while (1)
+		{
+			sleep(3);
+			printf("Sending...\n");
+			interap_send(port, dst_ip, &data, sizeof(data));
+		}
 	}
 	else {
 		printf("Recieve");
-//		interap_recv(port, cb, sizeof(struct my_data));
+		uloop_init();
+		callback cb = recv_process;
+
+		interap_recv(port, cb, sizeof(struct my_data), NULL, NULL);
+		uloop_run();
+		uloop_done();
+
 	}
 
-	while (1)
-	{
-		sleep(3);
-		printf("In while loop\n");
-	}
 	return 1;
 }

feeds/wlan-ap/nft-qos/Makefile

@@ -48,13 +48,8 @@ define Package/nft-qos/install
 	$(INSTALL_DIR) $(1)/lib/nft-qos
 	$(INSTALL_DATA) ./files/lib/* $(1)/lib/nft-qos/
 	chmod 0700 $(1)/lib/nft-qos/mac-rate.sh
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_CONF) ./files/nft-qos.config $(1)/etc/config/nft-qos
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/nft-qos.init $(1)/etc/init.d/nft-qos
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/dhcp
-	$(INSTALL_BIN) ./files/nft-qos-monitor.hotplug $(1)/etc/hotplug.d/dhcp/00-nft-qos-monitor
-	$(INSTALL_BIN) ./files/nft-qos-dynamic.hotplug $(1)/etc/hotplug.d/dhcp/01-nft-qos-dynamic
 endef
 
 $(eval $(call BuildPackage,nft-qos))

feeds/wlan-ap/nft-qos/files/lib/mac-rate.sh

@@ -27,23 +27,31 @@ if [ -z "$1" -o -z "$2" -o -z "$3" ]; then
 	exit 1
 fi
 
-logger -t "$1 $2 $3"
+logger -t "mac-rate" "$1 $2 $3"
+
+bridge=`uci get wireless.$iface.network`
+if [ "$bridge" == "lan" ]; then
+	dlchain="download_nat"
+        ulchain="upload_nat"
+else
+        dlchain="download"
+        ulchain="upload"
+fi
 
 if [ "$1" == "add" ]; then
 	config_load wireless
 
 	config_foreach handle_interface wifi-iface download
-
-	exists=`nft list chain bridge nft-qos-ssid-lan-bridge download  -a | grep -ic $3`
+	exists=`nft list chain bridge nft-qos-ssid-lan-bridge $dlchain  -a | grep -ic $3`
 	logger -t "mac-rate" "exists = $exists"
 	if [ "$exists" -ne 0 ]; then
-		old_drate=`nft list chain bridge nft-qos-ssid-lan-bridge download -a | grep -i $3 |  awk -F'kbytes' '{print $1}' | awk '{print $NF}'`
+		old_drate=`nft list chain bridge nft-qos-ssid-lan-bridge $dlchain -a | grep -i $3 |  awk -F'kbytes' '{print $1}' | awk '{print $NF}'`
 		logger -t "mac-rate" "old_drate=$old_drate"
 		if [ "$old_drate" -ne "$rate" ]; then
 			changed=1
-			id=`nft list chain bridge nft-qos-ssid-lan-bridge download  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
+			id=`nft list chain bridge nft-qos-ssid-lan-bridge $dlchain  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
 			if [ -n "$id" ]; then
-				nft delete rule bridge nft-qos-ssid-lan-bridge download handle $id
+				nft delete rule bridge nft-qos-ssid-lan-bridge $dlchain handle $id
 			fi
 			logger -t "mac-rate" "changed DL $old_drate to $rate, del $3"
 		else
@@ -54,19 +62,19 @@ if [ "$1" == "add" ]; then
 
         if [ "$exists" == 0 -o "$changed" == 1 ]; then
 	        if [ "$rate" -ne 0 ]; then
-			dok=`nft add rule bridge nft-qos-ssid-lan-bridge download ether daddr $3 limit rate over $rate kbytes/second drop`
+			dok=`nft add rule bridge nft-qos-ssid-lan-bridge $dlchain ether daddr $3 limit rate over $rate kbytes/second drop`
 	        fi
         fi
 
 	config_foreach handle_interface wifi-iface upload
-	exists=`nft list chain bridge nft-qos-ssid-lan-bridge upload  -a | grep -ic $3`
+	exists=`nft list chain bridge nft-qos-ssid-lan-bridge $ulchain  -a | grep -ic $3`
 	if [ "$exists" -ne 0 ]; then
-		old_urate=`nft list chain bridge nft-qos-ssid-lan-bridge upload -a | grep -i $3 |  awk -F'kbytes' '{print $1}' | awk '{print $NF}'`
+		old_urate=`nft list chain bridge nft-qos-ssid-lan-bridge $ulchain -a | grep -i $3 |  awk -F'kbytes' '{print $1}' | awk '{print $NF}'`
 		if [ "$old_urate" -ne "$rate" ]; then
 			changed=1
-			id=`nft list chain bridge nft-qos-ssid-lan-bridge upload  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
+			id=`nft list chain bridge nft-qos-ssid-lan-bridge $ulchain  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
 			if [ -n "$id" ]; then
-				nft delete rule bridge nft-qos-ssid-lan-bridge upload handle $id
+				nft delete rule bridge nft-qos-ssid-lan-bridge $ulchain handle $id
 			fi
 
 			logger -t "mac-rate" "changed UL $old_urate to $rate del $3"
@@ -78,20 +86,20 @@ if [ "$1" == "add" ]; then
 
         if [ "$exists" == 0 -o "$changed" == 1 ]; then
         	if [ "$rate" -ne 0 ]; then
-			uok=`nft add rule bridge nft-qos-ssid-lan-bridge upload ether saddr $3 limit rate over $rate kbytes/second drop`
+			uok=`nft add rule bridge nft-qos-ssid-lan-bridge $ulchain ether saddr $3 limit rate over $rate kbytes/second drop`
 		fi
 	fi
 
 elif [ "$1" == "del" ]; then
-	id=`nft list chain bridge nft-qos-ssid-lan-bridge download  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
+	id=`nft list chain bridge nft-qos-ssid-lan-bridge $dlchain  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
 	logger -t "mac-rate" "$id $3"
 	if [ -n "$id" ]; then
-		nft delete rule bridge nft-qos-ssid-lan-bridge download handle $id
+		nft delete rule bridge nft-qos-ssid-lan-bridge $dlchain handle $id
 	fi
 
-	id=`nft list chain bridge nft-qos-ssid-lan-bridge upload  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
+	id=`nft list chain bridge nft-qos-ssid-lan-bridge $ulchain  -a | grep -i $3  | awk -F "handle " '{print $2;exit}'`
 	if [ -n "$id" ]; then
-		nft delete rule bridge nft-qos-ssid-lan-bridge upload handle $id
+		nft delete rule bridge nft-qos-ssid-lan-bridge $ulchain handle $id
 	fi
 
 fi

feeds/wlan-ap/nft-qos/files/lib/ssid_ratelimit.sh

@@ -42,8 +42,20 @@ qosdef_append_rule_ssid() { # <section> <operator> <bridge>
 		rate=$((rate/8))
 	fi
 
-	if [ -z "$iface" -o -z "$rate" -o $rate == 0 ]; then
-		logger -t "nft-qos" "Error: No interface $iface or rate $rate present"
+	if [ -z "$iface" ]; then
+		logger -t "nft-qos" "Error: No interface $iface present"
+		return
+	fi
+
+	if [ -z "$rate" -o $rate == 0 ]; then
+		logger -t "nft-qos" "ssid-rate disabled $iface, configure client-rate"
+	        maclist=`iwinfo $iface assoclist | grep dBm | cut -f 1 -s -d" "`
+
+		for mac in $maclist
+		do
+			logger -t "nft-qos" "Add $mac"
+			/lib/nft-qos/mac-rate.sh add $iface $mac
+		done
 		return
 	fi
 

feeds/wlan-ap/nft-qos/files/nft-qos.init

@@ -4,49 +4,26 @@
 #
 
 . /lib/nft-qos/core.sh
-. /lib/nft-qos/monitor.sh
-. /lib/nft-qos/dynamic.sh
-. /lib/nft-qos/static.sh
-. /lib/nft-qos/priority.sh
 . /lib/nft-qos/ssid_ratelimit.sh
 
 START=99
 USE_PROCD=1
 
 service_triggers() {
-#	procd_add_reload_trigger nft-qos wireless
-#	procd_add_reload_trigger wireless
 
 	procd_open_validate
-#	qosdef_validate_dynamic
-#	qosdef_validate_static
-#	qosdef_validate_priority
 	procd_close_validate
 }
 
 start_service() {
 	config_load nft-qos
-
-#	qosdef_init_env
-#	qosdef_flush_static
-#	qosdef_flush_dynamic
 	qosdef_flush_ssid_ratelimit
-#	qosdef_remove_priority
-
-#	qosdef_init_header
-#	qosdef_init_monitor
-#	qosdef_validate_dynamic default qosdef_init_dynamic
-#	qosdef_validate_static default qosdef_init_static
-#	qosdef_validate_priority default qosdef_init_priority
 	qosdef_init_ssid_ratelimit
 	qosdef_init_done
 	qosdef_start
 }
 
 stop_service() {
-#	qosdef_flush_dynamic
-#	qosdef_flush_static
-#	qosdef_remove_priority
 	qosdef_flush_ssid_ratelimit
 	qosdef_clean_cache
 }

feeds/wlan-ap/opensync/files/bin/wlan_ap_factory_reset.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+tar czf /sysupgrade.tgz /usr/opensync/certs/
+jffs2reset -r -y -k

feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh

@@ -1,12 +1,47 @@
 #!/bin/sh
 
-if [ $# -ne 1 ] ; then
-	echo "Usage: $0 <redirector address>" >&2
-	exit 1
+AP_PRIVATE_KEY_FILE="/usr/opensync/certs/client_dec.key"
+AP_CERTIFICATE_FILE="/usr/opensync/certs/client.pem"
+AP_DEVICE_ID_FILE="/usr/opensync/certs/client_deviceid.txt"
+DIGICERT_API_URI="clientauth.one.digicert.com"
+
+if [ "$1" = "-h" ]; then
+  echo "Usage: $0 [redirector address]" >&2
+  exit 1
 fi
 
-redirector_addr=$1
+# Query DigiCert's API if redirector wasn't specified
+if [ -z "$1" ]; then
+  if [ ! -f "$AP_DEVICE_ID_FILE" ]; then
+      echo "Device ID file $AP_DEVICE_ID_FILE does not exist. Make sure to create it or specify the redirector address manually."
+      exit 1
+  fi
 
+  digicert_device_id=`cat ${AP_DEVICE_ID_FILE}`
+  device_data=`curl -s \
+    --retry 5 \
+    --show-error \
+    --key "${AP_PRIVATE_KEY_FILE}" \
+    --cert "${AP_CERTIFICATE_FILE}" \
+    "https://${DIGICERT_API_URI}/iot/api/v2/device/${digicert_device_id}"`
+
+  controller_url=`echo ${device_data} | jsonfilter -e '@.fields[@.name="Redirector"].value'`
+  if [ -z "$controller_url" ]; then
+    echo "No redirector found for this device"
+    exit 1
+  fi
+  controller_port=`echo ${controller_url} | cut -s -d ":" -f2)`
+  if [ -z "$controller_port" ]; then
+    redirector_addr="ssl:${controller_url}:6643"
+  else
+    redirector_addr="ssl:${controller_url}"
+  fi
+else
+  redirector_addr=$1
+fi
+
+echo "${redirector_addr}" > /usr/opensync/certs/redirector.txt
 uci set system.tip.redirector="${redirector_addr}"
+uci set system.tip.deployed=0
 uci commit system
 /etc/init.d/opensync restart

feeds/wlan-ap/opensync/files/etc/hotplug.d/net/90-set-tx-rates

@@ -10,11 +10,11 @@ hwmode=$(uci get wireless.${radio}.hwmode)
 
 [ "${hwmode}" = "11a" ] && band=5 || band=2
 
-bcn_rate=$(uci get wireless.${DEVICENAME}.bcn_rate)
+bcn_rate=$(($(uci get wireless.${DEVICENAME}.bcn_rate)/10))
 mcast_rate=$(uci get wireless.${DEVICENAME}.mcast_rate)
 
 # ath10k rate-codes: 0x43 1M, 0x42 2M, 0x41 5.5M, 0x40 11M, 0x3 6M, 0x7 9M, 0x2 12M, 0x6 18M, 0x1 24M, 0x5 36M, 0x0 48M, 0x4 54M, 0xFF default
-rate_codes="1:0x43 2:0x42 5.5:0x41 11:0x40 6:0x3 9:0x7 12:0x2 18:0x6 24:0x1 36:0x5 48:0x0 54:0x4"
+rate_codes="1:0x43 2:0x42 5:0x41 11:0x40 6:0x3 9:0x7 12:0x2 18:0x6 24:0x1 36:0x5 48:0x0 54:0x4"
 
 # Default codes
 beacon_code=0xFF
@@ -33,6 +33,6 @@ done
 
 # set rates
 logger -t hotplug "Set Tx rates for device ${DEVICENAME}"
-sleep 5
+sleep 20
 echo "${DEVICENAME} beacon ${band} ${beacon_code}" > /sys/kernel/debug/ieee80211/${phy}/ath10k/set_rates
 echo "${DEVICENAME} mcast ${band} ${mcast_code}" > /sys/kernel/debug/ieee80211/${phy}/ath10k/set_rates

feeds/wlan-ap/opensync/patches/30-fix-ipv4-string-to-bytes-conversion

@@ -1,6 +1,6 @@
 --- a/src/lib/datapipeline/src/dppline.c
 +++ b/src/lib/datapipeline/src/dppline.c
-@@ -2147,9 +2147,10 @@ static void dppline_add_stat_events(Sts_
+@@ -2147,9 +2147,11 @@ static void dppline_add_stat_events(Sts_
  			ipe->timestamp_ms = cs_rec->ip_event->timestamp;
  
  			if (cs_rec->ip_event->ip_addr) {
@@ -10,11 +10,12 @@
 +				uint8_t ip[IPV4_BYTES_LEN] = {0};
 +				sscanf(cs_rec->ip_event->ip_addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]);
 +				ipe->ip_addr.data = malloc(IPV4_BYTES_LEN);
++				memcpy(ipe->ip_addr.data, ip, IPV4_BYTES_LEN);
 +				ipe->ip_addr.len = IPV4_BYTES_LEN;
  				ipe->has_ip_addr = true;
  			}
  		}
-@@ -2224,10 +2225,10 @@ static void dppline_add_stat_events(Sts_
+@@ -2224,10 +2226,11 @@ static void dppline_add_stat_events(Sts_
  			}
  
  			if (cs_rec->connect_event->ip_addr) {
@@ -25,6 +26,7 @@
 +				uint8_t ip[IPV4_BYTES_LEN] = {0};
 +				sscanf(cs_rec->connect_event->ip_addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]);
 +				coe->ip_addr.data = malloc(IPV4_BYTES_LEN);
++				memcpy(coe->ip_addr.data, ip, IPV4_BYTES_LEN);
 +				coe->ip_addr.len = IPV4_BYTES_LEN;
  				coe->has_ip_addr = true;
  			}

feeds/wlan-ap/opensync/patches/33-add-apc-radsecproxy-schema.patch

@@ -0,0 +1,142 @@
+Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
+===================================================================
+--- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
++++ opensync-2.0.5.0/interfaces/opensync.ovsschema
+@@ -9368,6 +9368,68 @@
+             }
+        },
+       "isRoot": true
++    },
++    "APC_Config": {
++      "columns": {
++        "enabled": {
++          "type": {
++            "key": {
++              "type": "boolean"
++            },
++            "min": 0,
++            "max": 1
++          }
++        }
++      },
++      "isRoot": true,
++      "maxRows": 1
++    },
++    "APC_State": {
++      "columns": {
++        "dr_addr": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
++        },
++        "bdr_addr": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
++        },
++        "enabled": {
++          "type": {
++            "key": {
++              "type": "boolean"
++            },
++            "min": 0,
++            "max": 1
++          }
++        },
++        "mode": {
++          "type": {
++            "key": {
++              "type": "string",
++              "enum": [
++                "set",
++                [
++                  "DR",
++                  "BDR",
++                  "OR",
++                  "NC"
++                ]
++              ]
++            },
++            "min": 0,
++            "max": 1
++          }
++        }
++      },
++      "isRoot": true,
++      "maxRows": 1
+     }
+   }
+ }
+Index: opensync-2.0.5.0/platform/openwrt/src/lib/target/src/radio_ubus.c
+===================================================================
+--- opensync-2.0.5.0.orig/platform/openwrt/src/lib/target/src/radio_ubus.c
++++ opensync-2.0.5.0/platform/openwrt/src/lib/target/src/radio_ubus.c
+@@ -10,6 +10,7 @@
+ extern struct ev_loop *wifihal_evloop;
+ static struct ubus_context *ubus;
+ extern struct ev_loop *wifihal_evloop;
++extern void apc_state_set(struct blob_attr *msg);
+ 
+ int hapd_rrm_enable(char *name, int neighbor, int beacon)
+ {
+@@ -179,6 +180,7 @@ radio_ubus_add_vif_cb(struct ubus_contex
+ 	return UBUS_STATUS_OK;
+ }
+ 
++
+ static const struct ubus_method radio_ubus_methods[] = {
+         UBUS_METHOD("dbg_add_vif", radio_ubus_add_vif_cb, add_vif_policy),
+         UBUS_METHOD("dummy", radio_ubus_dummy_cb, dummy_policy),
+@@ -201,8 +203,36 @@ static void radio_ubus_connect(struct ub
+ 	ubus_add_object(ubus, &radio_ubus_object);
+ }
+ 
++static int radio_ubus_notify(struct ubus_context *ctx, struct ubus_object *obj,
++			     struct ubus_request_data *req, const char *method,
++			     struct blob_attr *msg)
++{
++	char *str;
++
++	str = blobmsg_format_json(msg, true);
++	LOGD("ubus: Received ubus notify '%s': %s\n", method, str);
++	free(str);
++
++	if (!strncmp(method, "apc", 3)) {
++		LOGD("APC notification Received");
++		apc_state_set(msg);
++	}
++
++	return 0;
++}
++
++
++
+ static struct ubus_instance ubus_instance = {
+ 	.connect = radio_ubus_connect,
++	.notify = radio_ubus_notify,
++	.list = {
++			{
++				.path = "apc",
++			},
++		},
++	.len = 1,
++
+ };
+ 
+ int radio_ubus_init(void)
+Index: opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
+===================================================================
+--- opensync-2.0.5.0.orig/src/lib/schema/inc/schema_consts.h
++++ opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
+@@ -154,6 +154,7 @@ typedef enum {
+ #define SCHEMA_CONSTS_DISABLE_B_RATES	"disable_b_rates"
+ #define SCHEMA_CONSTS_IEEE80211k	"ieee80211k"
+ #define SCHEMA_CONSTS_DYNAMIC_VLAN	"dynamic_vlan"
++#define SCHEMA_CONSTS_RADPROXY	"radproxy"
+ 
+ /* radio Custom options */
+ #define SCHEMA_CONSTS_LOCAL_PWR_CONSTRAINT "local_pwr_constraint"

feeds/wlan-ap/opensync/patches/33-add-new-manufacturing-data.patch

@@ -0,0 +1,270 @@
+Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
+===================================================================
+--- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
++++ opensync-2.0.5.0/interfaces/opensync.ovsschema
+@@ -199,6 +199,59 @@
+               "type": "integer"
+             }
+           }
++        },
++        "qr_code": {
++          "type": {
++            "key": "string",
++            "value": {
++               "type": "string",
++               "maxLength": 128
++            },
++            "min": 0,
++            "max": "unlimited"
++          }
++        },
++        "model_description": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
++        },
++        "manufacturer_name": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
++        },
++        "manufacturer_date": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
++        },
++        "manufacturer_url": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
++        },
++        "reference_design": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
++        },
++        "certification_region": {
++          "type": {
++            "key": {
++              "type": "string"
++            }
++          }
+         }
+       },
+       "isRoot": true,
+Index: opensync-2.0.5.0/src/lib/target/inc/target.h
+===================================================================
+--- opensync-2.0.5.0.orig/src/lib/target/inc/target.h
++++ opensync-2.0.5.0/src/lib/target/inc/target.h
+@@ -332,6 +332,115 @@ bool target_hw_revision_get(void *buff,
+  */
+ bool target_platform_version_get(void *buff, size_t buffsz);
+ 
++/**
++ * @brief Return device model revision
++ *
++ * This function provides a null terminated byte string containing the
++ * model revision. The model revision is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_model_revision_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device model description
++ *
++ * This function provides a null terminated byte string containing the
++ * model description. The model description is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_model_description_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device manufacturer name
++ *
++ * This function provides a null terminated byte string containing the
++ * manufacturer name. The manufacturer name is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_manuf_name_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device manufacturer date
++ *
++ * This function provides a null terminated byte string containing the
++ * manufacturer date. The manufacturer date is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_manuf_date_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device manufacturer url
++ *
++ * This function provides a null terminated byte string containing the
++ * manufacturer url. The manufacturer url is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_manuf_url_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device manufacturer name abbreviation
++ *
++ * This function provides a null terminated byte string containing the
++ * manufacturer name abbreviation. This is one of the pieces that form
++ * the QR code entry which is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_manuf_abbr_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device reference design
++ *
++ * This function provides a null terminated byte string containing the
++ * reference design. The reference design is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_ref_design_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device certification region
++ *
++ * This function provides a null terminated byte string containing the
++ * certification region. The certification region is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_cert_region_get(void *buff, size_t buffsz);
++
++/**
++ * @brief Return device mac address
++ *
++ * This function provides a null terminated byte string containing the
++ * mac address. The mac address is a part of AWLAN_Node table.
++ *
++ * @param buff   pointer to a string buffer
++ * @param buffsz size of string buffer
++ * @return true on success
++ */
++bool target_mac_addr_get(void *buff, size_t buffsz);
++
+ /// @} LIB_TARGET_ENTITY
+ 
+ /// @defgroup LIB_TARGET_MAP Interface Mapping API
+Index: opensync-2.0.5.0/src/dm/src/dm_ovsdb.c
+===================================================================
+--- opensync-2.0.5.0.orig/src/dm/src/dm_ovsdb.c
++++ opensync-2.0.5.0/src/dm/src/dm_ovsdb.c
+@@ -326,7 +326,7 @@ void fill_entity_data(struct schema_AWLA
+         s_awlan_node->sku_number_exists = true;
+     }
+ 
+-    if (true == target_hw_revision_get(buff, sizeof(buff)))
++    if (true == target_model_revision_get(buff, sizeof(buff)))
+     {
+         STRSCPY(s_awlan_node->revision, buff);
+     }
+@@ -359,6 +359,58 @@ void fill_entity_data(struct schema_AWLA
+     }
+     s_awlan_node->model_exists = true;
+ 
++    if (true == target_model_description_get(buff, sizeof(buff)))
++    {
++        STRSCPY(s_awlan_node->model_description, buff);
++        s_awlan_node->model_description_exists = true;
++    }
++
++    if (true == target_manuf_name_get(buff, sizeof(buff)))
++    {
++        STRSCPY(s_awlan_node->manufacturer_name, buff);
++        s_awlan_node->manufacturer_name_exists = true;
++    }
++
++    if (true == target_manuf_date_get(buff, sizeof(buff)))
++    {
++        STRSCPY(s_awlan_node->manufacturer_date, buff);
++        s_awlan_node->manufacturer_date_exists = true;
++    }
++
++    if (true == target_manuf_url_get(buff, sizeof(buff)))
++    {
++        STRSCPY(s_awlan_node->manufacturer_url, buff);
++        s_awlan_node->manufacturer_url_exists = true;
++    }
++
++    if (true == target_ref_design_get(buff, sizeof(buff)))
++    {
++        STRSCPY(s_awlan_node->reference_design, buff);
++        s_awlan_node->reference_design_exists = true;
++    }
++
++    if (true == target_cert_region_get(buff, sizeof(buff)))
++    {
++        STRSCPY(s_awlan_node->certification_region, buff);
++        s_awlan_node->certification_region_exists = true;
++    }
++
++    if (true == target_mac_addr_get(buff, sizeof(buff)))
++    {
++        STRSCPY(s_awlan_node->id, buff);
++        s_awlan_node->id_exists = true;
++    }
++
++    SCHEMA_KEY_VAL_APPEND(s_awlan_node->qr_code, "DT", "AP");
++    SCHEMA_KEY_VAL_APPEND(s_awlan_node->qr_code, "DM", s_awlan_node->id);
++    if (true == target_manuf_abbr_get(buff, sizeof(buff)))
++    {
++    	SCHEMA_KEY_VAL_APPEND(s_awlan_node->qr_code, "VN", buff);
++    }
++    SCHEMA_KEY_VAL_APPEND(s_awlan_node->qr_code, "SN", s_awlan_node->serial_number);
++    SCHEMA_KEY_VAL_APPEND(s_awlan_node->qr_code, "MN", s_awlan_node->model);
++    SCHEMA_KEY_VAL_APPEND(s_awlan_node->qr_code, "HW", s_awlan_node->revision);
++
+     LOG(NOTICE, "Device entity {serial=%s id=%s version=%s platform=%s sku=%s}",
+             s_awlan_node->serial_number,
+             s_awlan_node->id,
+@@ -422,6 +474,13 @@ bool act_update_entity (void)
+                                  "sku_number",
+                                  "upgrade_status",
+                                  "upgrade_timer",
++                                 "qr_code",
++                                 "model_description",
++                                 "manufacturer_name",
++                                 "manufacturer_date",
++                                 "manufacturer_url",
++                                 "reference_design",
++                                 "certification_region",
+                                  NULL)
+                              );
+ 

feeds/wlan-ap/opensync/patches/34-radsec-schema-consts.patch

@@ -0,0 +1,113 @@
+--- a/interfaces/opensync.ovsschema
++++ b/interfaces/opensync.ovsschema
+@@ -9439,6 +9439,110 @@
+       },
+       "isRoot": true,
+       "maxRows": 1
++    },
++    "Radius_Proxy_Config": {
++        "columns": {
++            "radius_config_name": {
++                "type": {
++                "key": {
++                  "type": "string"
++                },
++                "min": 1,
++                "max": 1
++              }
++            },
++            "radsec": {
++                "type": {
++                "key": {
++                  "type": "boolean"
++                },
++                "min": 1,
++                "max": 1
++              }
++            },
++            "server": {
++                "type": {
++                "key": {
++                  "type": "string"
++                },
++                "min": 1,
++                "max": 1
++              }
++            },
++            "port": {
++              "type": {
++                "key": {
++                  "type": "integer"
++                },
++                "min": 1,
++                "max": 1
++              }
++            },
++            "secret": {
++                "type": {
++                "key": {
++                  "type": "string"
++                },
++                "min": 1,
++                "max": 1
++              }
++            },
++            "ca_cert": {
++                "type": {
++                    "key": {
++                        "type": "string",
++                        "minLength": 1,
++                        "maxLength": 256
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++              },
++            "client_cert": {
++                "type": {
++                    "key": {
++                        "type": "string",
++                        "minLength": 1,
++                        "maxLength": 256
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++              },
++            "client_key": {
++                "type": {
++                    "key": {
++                        "type": "string",
++                        "minLength": 1,
++                        "maxLength": 256
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++              },
++            "passphrase": {
++                "type": {
++                    "key": {
++                        "type": "string",
++                        "minLength": 0,
++                        "maxLength": 128
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++              },
++            "realm": {
++              "type": {
++                "key": {
++                  "type": "string",
++                  "maxLength": 256
++                },
++                "min": 0,
++                "max": 16
++              }
++            }
++         },
++        "isRoot": true
+     }
+   }
+ }

feeds/wlan-ap/opensync/patches/35-channel-switch-fix.patch

@@ -0,0 +1,34 @@
+Index: opensync-2.0.5.0/src/lib/datapipeline/src/dppline.c
+===================================================================
+--- opensync-2.0.5.0.orig/src/lib/datapipeline/src/dppline.c
++++ opensync-2.0.5.0/src/lib/datapipeline/src/dppline.c
+@@ -652,8 +652,8 @@ static bool dppline_copysts(dppline_stat
+ 			dst->u.events.client_event_qty++;
+ 		}
+ 
+-		size = dst->u.events.client_event_qty * sizeof(dpp_event_record_session_t);
+-		dst->u.events.client_event_list = calloc(1, size);
++		int size_cl = dst->u.events.client_event_qty * sizeof(dpp_event_record_session_t);
++		dst->u.events.client_event_list = calloc(1, size_cl);
+ 		int count = 0;
+ 		ds_dlist_foreach(&report_data->client_event_list, result)
+ 		{
+@@ -671,8 +671,8 @@ static bool dppline_copysts(dppline_stat
+ 			dst->u.events.channel_event_qty++;
+ 		}
+ 
+-		size = dst->u.events.channel_event_qty * sizeof(dpp_event_record_channel_switch_t);
+-		dst->u.events.channel_event_list = calloc(1, size);
++		int size_ch = dst->u.events.channel_event_qty * sizeof(dpp_event_record_channel_switch_t);
++		dst->u.events.channel_event_list = calloc(1, size_ch);
+ 		ds_dlist_foreach(&report_data->channel_switch_list, channel_result)
+ 		{
+ 			assert(count < (int)dst->u.events.channel_event_qty);
+@@ -680,6 +680,7 @@ static bool dppline_copysts(dppline_stat
+ 			       sizeof(dpp_event_record_channel_switch_t));
+ 			count++;
+ 		}
++		size = size_cl + size_ch;
+ 
+ 	} break;
+ 

feeds/wlan-ap/opensync/src/platform/openwrt/rootfs/common/etc/init.d/opensync

@@ -37,6 +37,20 @@ start_service() {
     echo "Setting certificates"
     mkdir -p ${CERTS_DEST_PATH}
     cp ${CERTS_SRC_PATH}/* ${CERTS_DEST_PATH}/
+    echo "Checking Redirector"
+    redirector=$(uci get system.tip.redirector)
+    if [ -z "$redirector" ]; then
+        [[ -f /usr/opensync/certs/redirector.txt ]] && redirector=$(cat /usr/opensync/certs/redirector.txt | tr -d '\r\n')
+        if [ -z "$redirector" ]; then
+            logger -t opensync "Contacting DigiCert for redirector address"
+            wlan_ap_redirector.sh
+        else
+            logger -t opensync "Restoring redirector ${redirector} after factory reset"
+            wlan_ap_redirector.sh ${redirector}
+        fi
+    fi
+    [[ -f /usr/opensync/certs/redirector.txt ]] || echo "${redirector_addr}" > /usr/opensync/certs/redirector.txt
+ 
     echo "Starting OpenSync"
     procd_set_param command ${PROG}
     procd_close_instance

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/radio.h

@@ -21,4 +21,6 @@ extern int hapd_rrm_set_neighbors(char *name, struct rrm_neighbor *neigh, int co
 
 extern void radio_maverick(void *arg);
 
+int nl80211_channel_get(char *name, unsigned int *chan);
+
 #endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/radius_proxy.h

@@ -0,0 +1,38 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#ifndef RADIUS_PROXY_H_INCLUDED
+#define RADIUS_PROXY_H_INCLUDED
+
+#include <stdbool.h>
+#include <jansson.h>
+#include <ev.h>
+#include <sys/time.h>
+#include <syslog.h>
+
+#include "log.h"
+#include "os_nif.h"
+
+#include "target.h"
+#include "dppline.h"
+
+#include "os.h"
+#include "util.h"
+#include "ovsdb.h"
+#include "ovsdb_update.h"
+#include "ovsdb_sync.h"
+#include "ovsdb_table.h"
+#include "ovsdb_cache.h"
+#include "schema.h"
+#include "target.h"
+
+#include "utils.h"
+#include <libubox/list.h>
+#include <evsched.h>
+
+extern ovsdb_table_t table_Radius_Proxy_Config;
+
+void callback_Radius_Proxy_Config(ovsdb_update_monitor_t *mon,
+		struct schema_Radius_Proxy_Config *old, struct schema_Radius_Proxy_Config *conf);
+
+#endif /* RADIUS_PROXY_H_INCLUDED */
+

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/utils.h

@@ -13,6 +13,7 @@ struct mode_map {
 	char *ucihwmode;
 	char *htmode;
 	char *ucihtmode;
+	int  sec_channel_offset;
 };
 
 extern struct mode_map *mode_map_get_uci(const char *band, const char *htmode, const char *hwmode);
@@ -20,6 +21,7 @@ extern struct mode_map *mode_map_get_cloud(const char *htmode, const char *hwmod
 
 extern int vif_get_mac(char *vap, char *mac);
 extern int vif_is_ready(const char *name);
+bool vif_get_key_for_key_distr(const char *secret, char *key_str);
 
 #define blobmsg_add_bool blobmsg_add_u8
 extern int blobmsg_add_hex16(struct blob_buf *buf, const char *name, uint16_t val);
@@ -38,4 +40,5 @@ extern int iface_is_up(const char *ifname);
 extern int net_get_mtu(char *iface);
 extern int net_get_mac(char *iface, char *mac);
 extern int net_is_bridge(char *iface);
+extern char* get_max_channel_bw_channel(int channel_freq, const char* htmode);
 #endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/override.mk

@@ -46,6 +46,7 @@ UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/sysupgrade.c
 UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/dhcpdiscovery.c
 UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/radius_probe.c
 UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/rrm_config.c
+UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/radius_proxy.c
 
 CONFIG_USE_KCONFIG=y
 CONFIG_INET_ETH_LINUX=y

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/captive.c

@@ -258,12 +258,8 @@ void vif_state_captive_portal_options_get(struct schema_Wifi_VIF_State *vstate)
 		} else if (!strcmp(opt, "authentication")) {
 			if(tc[NDS_ATTR_AUTHENTICATION]) {
 				buf = blobmsg_get_string(tc[NDS_ATTR_AUTHENTICATION]);
-				if (!strcmp(buf, "None")) {
+				if (!strcmp(buf, "None") || !strcmp(buf, "username") || !strcmp(buf, "radius")) {
 
-					set_captive_portal_state(vstate, &index,
-							captive_portal_options_table[i],
-							buf);
-				} else if (!strcmp(buf,"username")) {
 					set_captive_portal_state(vstate, &index,
 							captive_portal_options_table[i],
 							buf);
@@ -596,7 +592,7 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 				blobmsg_add_string(&cap, "enabled", "1");
 				blobmsg_add_string(&cap, "gatewayinterface","br-lan");
 				blobmsg_add_string(&cap, "preauth", "/usr/lib/opennds/radius.sh");
-				ipset_create(ifname);
+				ipset_create("opennds");
 				d = blobmsg_open_array(&cap, "preauthenticated_users");
 				blobmsg_add_string(&cap, NULL, ipset_tcp80);
 				blobmsg_add_string(&cap, NULL, ipset_tcp443);
@@ -616,8 +612,12 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 		else if (strcmp(opt, "radius_server_secret") == 0)
 			blobmsg_add_string(&cap, "radius_server_secret", value);
 
-		else if (strcmp(opt, "radius_auth_type") == 0)
-			blobmsg_add_string(&cap, "radius_auth_type", value);
+		else if (strcmp(opt, "radius_auth_type") == 0) {
+			if(!strcmp(value, "MSCHAPv2"))
+				blobmsg_add_string(&cap, "radius_auth_type", "MSCHAPV2");
+			else
+				blobmsg_add_string(&cap, "radius_auth_type", value);
+		}
 
 		else if (strcmp(opt, "session_timeout") == 0)
 			blobmsg_add_string(&cap, "sessiontimeout", value);

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio.c

@@ -26,11 +26,16 @@
 #include "captive.h"
 #include "rrm_config.h"
 #include "vlan.h"
+#include "radius_proxy.h"
 
 ovsdb_table_t table_Hotspot20_Config;
 ovsdb_table_t table_Hotspot20_OSU_Providers;
 ovsdb_table_t table_Hotspot20_Icon_Config;
 
+ovsdb_table_t table_APC_Config;
+ovsdb_table_t table_APC_State;
+unsigned int radproxy_apc;
+
 static struct uci_package *wireless;
 struct uci_context *uci;
 struct blob_buf b = { };
@@ -186,7 +191,7 @@ static bool radio_state_update(struct uci_section *s, struct schema_Wifi_Radio_C
 	struct schema_Wifi_Radio_State  rstate;
 	char phy[6];
 	int antenna;
-	int32_t chan;
+	uint32_t chan = 0;
 
 	LOGT("%s: get state", s->e.name);
 
@@ -211,7 +216,7 @@ static bool radio_state_update(struct uci_section *s, struct schema_Wifi_Radio_C
 	}
 
 	if (tb[WDEV_ATTR_CHANNEL]) {
-		chan = get_current_channel(phy);
+		nl80211_channel_get(phy, &chan);
 		if(chan)
 			SCHEMA_SET_INT(rstate.channel, chan);
 		else
@@ -401,8 +406,9 @@ bool target_radio_config_set2(const struct schema_Wifi_Radio_Config *rconf,
 	}
 
 	if ((changed->ht_mode) || (changed->hw_mode) || (changed->freq_band)) {
-		struct mode_map *m = mode_map_get_uci(rconf->freq_band, rconf->ht_mode,
-						      rconf->hw_mode);
+		int channel_freq;
+		channel_freq = ieee80211_channel_to_frequency(rconf->channel);
+		struct mode_map *m = mode_map_get_uci(rconf->freq_band, get_max_channel_bw_channel(channel_freq, rconf->ht_mode), rconf->hw_mode);
 		if (m) {
 			blobmsg_add_string(&b, "htmode", m->ucihtmode);
 			blobmsg_add_string(&b, "hwmode", m->ucihwmode);
@@ -669,6 +675,157 @@ static void callback_Hotspot20_Icon_Config(ovsdb_update_monitor_t *mon,
 
 }
 
+enum {
+	WIF_APC_ENABLE,
+	__WIF_APC_MAX,
+};
+
+static const struct blobmsg_policy apc_enpolicy[__WIF_APC_MAX] = {
+		[WIF_APC_ENABLE] = { .name = "enabled", BLOBMSG_TYPE_BOOL },
+};
+
+const struct uci_blob_param_list apc_param = {
+	.n_params = __WIF_APC_MAX,
+	.params = apc_enpolicy,
+};
+
+void APC_config_update(struct schema_APC_Config *conf)
+{
+	struct uci_package *apc;
+	struct blob_buf apcb = { };
+	int rc = 0;
+
+	LOGD("APC: APC_config_update");
+
+	rc = uci_load(uci, "apc", &apc);
+	if (rc)
+	{
+		LOGD("%s: uci_load failed with rc %d", __func__, rc);
+	}
+
+	blob_buf_init(&apcb, 0);
+
+ 	if (conf->enabled_changed) {
+		if (conf->enabled == true) {
+			blobmsg_add_bool(&apcb, "enabled", 1);
+			system("/etc/init.d/apc start");
+		}
+		else {
+			blobmsg_add_bool(&apcb, "enabled", 0);
+			system("/etc/init.d/apc stop");
+		}
+	}
+
+        blob_to_uci_section(uci, "apc", "apc", "apc",
+                            apcb.head, &apc_param, NULL);
+
+	uci_commit(uci, &apc, false);
+	uci_unload(uci, apc);
+}
+
+static void callback_APC_Config(ovsdb_update_monitor_t *mon,
+                                struct schema_APC_Config *old,
+                                struct schema_APC_Config *conf)
+{
+	if (mon->mon_type != OVSDB_UPDATE_DEL)
+		APC_config_update(conf);
+
+}
+
+static void callback_APC_State(ovsdb_update_monitor_t *mon,
+                                struct schema_APC_State *old,
+                                struct schema_APC_State *conf)
+{
+	LOGN("APC_state: enabled:%s dr_addr:%s bdr_addr:%s mode:%s",
+	     (conf->enabled_changed)? "changed":"unchanged", 
+	     (conf->dr_addr_changed)? "changed":"unchanged",
+	     (conf->bdr_addr_changed)? "changed":"unchanged",
+	     (conf->mode_changed)? "changed":"unchanged");
+
+	/* APC changed: if radproxy enabled then restart wireless */
+	if (radproxy_apc) {
+		radproxy_apc = 0;
+		system("ubus call service event '{\"type\": \"config.change\", \"data\": { \"package\": \"wireless\" }}'");
+	}
+}
+
+struct schema_APC_State apc_state;
+enum {
+	APC_ATTR_MODE,
+	APC_ATTR_DR_ADDR,
+	APC_ATTR_BDR_ADDR,
+	APC_ATTR_ENABLED,
+	__APC_ATTR_MAX,
+};
+
+static const struct blobmsg_policy apc_policy[__APC_ATTR_MAX] = {
+	[APC_ATTR_MODE] = { .name = "mode", .type = BLOBMSG_TYPE_STRING },
+	[APC_ATTR_DR_ADDR] = { .name = "dr_addr", .type = BLOBMSG_TYPE_STRING },
+	[APC_ATTR_BDR_ADDR] = { .name = "bdr_addr", .type = BLOBMSG_TYPE_STRING },
+	[APC_ATTR_ENABLED] = { .name = "enabled", .type = BLOBMSG_TYPE_BOOL },
+};
+
+struct schema_APC_Config apc_conf;
+
+void apc_state_set(struct blob_attr *msg)
+{
+	struct blob_attr *tb[__APC_ATTR_MAX] = { };
+
+	blobmsg_parse(apc_policy, __APC_ATTR_MAX, tb,
+		      blob_data(msg), blob_len(msg));
+
+	if (tb[APC_ATTR_MODE]) {
+		LOGD("APC mode: %s", blobmsg_get_string(tb[APC_ATTR_MODE]));
+		SCHEMA_SET_STR(apc_state.mode,
+			       blobmsg_get_string(tb[APC_ATTR_MODE]));
+	}
+	if (tb[APC_ATTR_DR_ADDR]) {
+		LOGD("APC br-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
+		SCHEMA_SET_STR(apc_state.dr_addr,
+			       blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
+	}
+	if (tb[APC_ATTR_BDR_ADDR]) {
+		LOGD("APC dbr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
+		SCHEMA_SET_STR(apc_state.bdr_addr,
+			       blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
+	}
+	if (tb[APC_ATTR_ENABLED]) {
+		LOGD("APC enabled: %d", blobmsg_get_bool(tb[APC_ATTR_ENABLED]));
+		if (blobmsg_get_bool(tb[APC_ATTR_ENABLED])) {
+			SCHEMA_SET_INT(apc_state.enabled, true);
+		}
+		else {
+			SCHEMA_SET_INT(apc_state.enabled, false);
+		}
+	}
+
+	LOGD("APC_state Updating");
+	if (!ovsdb_table_update(&table_APC_State, &apc_state))
+		LOG(ERR, "APC_state: failed to update");
+}
+
+
+void apc_init()
+{
+	/* APC Config */
+	OVSDB_TABLE_INIT(APC_Config, _uuid);
+	OVSDB_TABLE_MONITOR(APC_Config, false);
+	SCHEMA_SET_INT(apc_conf.enabled, true);
+	LOGI("APC state/config Initialize");
+	if (!ovsdb_table_insert(&table_APC_Config, &apc_conf))
+		LOG(ERR, "APC_Config: failed to initialize");
+
+	/* APC State */
+	OVSDB_TABLE_INIT_NO_KEY(APC_State);
+	OVSDB_TABLE_MONITOR(APC_State, false);
+	SCHEMA_SET_STR(apc_state.mode, "NC");
+	SCHEMA_SET_STR(apc_state.dr_addr, "0.0.0.0");
+	SCHEMA_SET_STR(apc_state.bdr_addr, "0.0.0.0");
+	SCHEMA_SET_INT(apc_state.enabled, false);
+	if (!ovsdb_table_insert(&table_APC_State, &apc_state))
+		LOG(ERR, "APC_state: failed to initialize");
+}
+
 bool target_radio_init(const struct target_radio_ops *ops)
 {
 	uci = uci_alloc_context();
@@ -691,8 +848,13 @@ bool target_radio_init(const struct target_radio_ops *ops)
 	OVSDB_TABLE_INIT(Hotspot20_Icon_Config, _uuid);
 	OVSDB_TABLE_MONITOR(Hotspot20_Icon_Config, false);
 
-        OVSDB_TABLE_INIT(Wifi_RRM_Config, _uuid);
-        OVSDB_TABLE_MONITOR(Wifi_RRM_Config, false);
+	OVSDB_TABLE_INIT(Wifi_RRM_Config, _uuid);
+	OVSDB_TABLE_MONITOR(Wifi_RRM_Config, false);
+
+	OVSDB_TABLE_INIT(Radius_Proxy_Config, _uuid);
+	OVSDB_TABLE_MONITOR(Radius_Proxy_Config, false);
+
+	apc_init();
 
 	evsched_task(&periodic_task, NULL, EVSCHED_SEC(5));
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio_nl80211.c

@@ -103,7 +103,7 @@ static void vif_add_sta_rate_rule(uint8_t *addr, char *ifname)
 	char *rule;
 	ssize_t rule_sz;
 
-	LOGI("Add mac rate rule: %s %02X:%02X:%02X:%02X:%02X:%02X",
+	LOGI("Add mac rate rule:%s: %02X:%02X:%02X:%02X:%02X:%02X",
 	     ifname, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
 
 	rule_sz = snprintf(NULL, 0, "/lib/nft-qos/mac-rate.sh add %s %02X:%02X:%02X:%02X:%02X:%02X",
@@ -123,7 +123,7 @@ static void vif_del_sta_rate_rule(uint8_t *addr, char *ifname)
 	char *rule;
 	ssize_t rule_sz;
 
-	LOGI("Del mac rate rule: %s %02X:%02X:%02X:%02X:%02X:%02X",
+	LOGI("Del mac rate rule:%s: %02X:%02X:%02X:%02X:%02X:%02X",
 	     ifname, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
 
 	rule_sz = snprintf(NULL, 0, "/lib/nft-qos/mac-rate.sh del %s %02X:%02X:%02X:%02X:%02X:%02X",
@@ -147,11 +147,10 @@ static void nl80211_add_station(struct nlattr **tb, char *ifname)
 		return;
 
 	addr = nla_data(tb[NL80211_ATTR_MAC]);
+	vif_add_sta_rate_rule(addr, ifname);
 	sta = avl_find_element(&sta_tree, addr, sta, avl);
-	if (sta) {
-		vif_add_sta_rate_rule(addr, ifname);
+	if (sta)
 		return;
-	}
 
 	wif = avl_find_element(&wif_tree, ifname, wif, avl);
 	if (!wif)
@@ -168,7 +167,6 @@ static void nl80211_add_station(struct nlattr **tb, char *ifname)
 	list_add(&sta->iface, &wif->stas);
 
 	vif_add_station(sta, ifname, 1);
-	vif_add_sta_rate_rule(addr, ifname);
 }
 
 static void _nl80211_del_station(char *ifname, struct wifi_station *sta)
@@ -432,15 +430,55 @@ static void nl80211_del_phy(struct nlattr **tb, char *name)
 	free(phy);
 }
 
-static void nl80211_update_current_channel(struct nlattr **tb, char *name, int freq)
+static int nl80211_channel_recv(struct nl_msg *msg, void *arg)
 {
+	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+	struct nlattr *tb[NL80211_ATTR_MAX + 1];
+	unsigned int *chan = (unsigned int *)arg;
+
+	memset(tb, 0, sizeof(tb));
+	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+		  genlmsg_attrlen(gnlh, 0), NULL);
+
+	if (tb[NL80211_ATTR_WIPHY_FREQ]) {
+		*chan = ieee80211_frequency_to_channel(nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]));
+	}
+
+	return NL_OK;
+}
+
+int nl80211_channel_get(char *name, unsigned int *chan)
+{
+	struct nl_msg *msg;
 	struct wifi_phy *phy;
+	struct wifi_iface *wif=NULL;
+	int idx = 0;
 
 	phy = avl_find_element(&phy_tree, name, phy, avl);
 	if (!phy)
-		return;
+		return -1;
 
-	phy->current_channel = ieee80211_frequency_to_channel(freq);
+	if (list_empty(&phy->wifs))
+		return -1;
+
+	wif = list_first_entry(&phy->wifs, struct wifi_iface, phy);
+
+	if (!wif)
+		return -1;
+
+	idx = if_nametoindex(wif->name);
+
+	if (!idx)
+		return -1;
+
+	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
+	nla_put_u32(msg, NL80211_ATTR_IFINDEX, idx);
+
+	unl_genl_request(&unl, msg, nl80211_channel_recv, chan);
+
+	phy->current_channel = *chan;
+
+	return NL_OK;
 }
 
 static int nl80211_recv(struct nl_msg *msg, void *arg)
@@ -451,7 +489,6 @@ static int nl80211_recv(struct nl_msg *msg, void *arg)
 	char *pif_name=NULL;
 	char phyname[IFNAMSIZ] = {};
 	int ifidx = -1, phy = -1;
-	int freq = 0;
 	memset(tb, 0, sizeof(tb));
 
 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
@@ -467,16 +504,11 @@ static int nl80211_recv(struct nl_msg *msg, void *arg)
 
 	if (tb[NL80211_ATTR_WIPHY]) {
 		phy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
-		if (tb[NL80211_ATTR_WIPHY_NAME])
-			strncpy(phyname, nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), IFNAMSIZ);
-		else
-			snprintf(phyname, sizeof(phyname), "phy%d", phy);
-	}
-
-	if(tb[NL80211_ATTR_WIPHY_FREQ]) {
-		freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
 		snprintf(phyname, sizeof(phyname), "phy%d", phy);
-		nl80211_update_current_channel(tb, phyname, freq);
+	} else if (tb[NL80211_ATTR_WIPHY_NAME]) {
+			strncpy(phyname, nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), IFNAMSIZ);
+	} else if (sscanf(ifname, "wlan%d", &phy)) {
+			snprintf(phyname, sizeof(phyname), "phy%d", phy);
 	}
 
 	switch (gnlh->cmd) {

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radius_proxy.c

@@ -0,0 +1,357 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <time.h>
+
+#include <uci.h>
+#include <uci_blob.h>
+
+#include <target.h>
+
+#include <curl/curl.h>
+
+#include "ovsdb.h"
+#include "ovsdb_update.h"
+#include "ovsdb_sync.h"
+#include "ovsdb_table.h"
+#include "ovsdb_cache.h"
+
+#include "nl80211.h"
+#include "radio.h"
+#include "vif.h"
+#include "phy.h"
+#include "log.h"
+#include "evsched.h"
+#include "uci.h"
+#include "utils.h"
+#include "radius_proxy.h"
+
+ovsdb_table_t table_Radius_Proxy_Config;
+struct blob_buf uci_buf = {};
+struct blob_attr *n;
+extern ovsdb_table_t table_APC_State;
+extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
+
+enum {
+	RADIUS_PROXY_OPTIONS_LISTEN_UDP,
+	__RADIUS_PROXY_OPTIONS_MAX
+};
+
+enum {
+	RADIUS_PROXY_CLIENT_NAME,
+	RADIUS_PROXY_CLIENT_TYPE,
+	RADIUS_PROXY_CLIENT_SECRET,
+	__RADIUS_PROXY_CLIENT_MAX
+};
+
+enum {
+	RADIUS_PROXY_SERVER_NAME,
+	RADIUS_PROXY_SERVER_TYPE,
+	RADIUS_PROXY_SERVER_SECRET,
+	RADIUS_PROXY_SERVER_STATUS,
+	RADIUS_PROXY_SERVER_TLS,
+	RADIUS_PROXY_SERVER_CERT_NAME_CHECK,
+	__RADIUS_PROXY_SERVER_MAX
+};
+
+enum {
+	RADIUS_PROXY_TLS_NAME,
+	RADIUS_PROXY_TLS_CA_CERT,
+	RADIUS_PROXY_TLS_CLIENT_CERT,
+	RADIUS_PROXY_TLS_CLIENT_KEY,
+	RADIUS_PROXY_TLS_CERT_PASSWORD,
+	__RADIUS_PROXY_TLS_MAX,
+};
+
+enum {
+	RADIUS_PROXY_REALM_NAME,
+	RADIUS_PROXY_REALM_AUTH_SERVER,
+	RADIUS_PROXY_REALM_ACCT_SERVER,
+	__RADIUS_PROXY_REALM_MAX
+};
+
+
+static const struct blobmsg_policy radius_proxy_options_policy[__RADIUS_PROXY_OPTIONS_MAX] = {
+		[RADIUS_PROXY_OPTIONS_LISTEN_UDP] = { .name = "ListenUDP", BLOBMSG_TYPE_ARRAY },
+};
+
+static const struct blobmsg_policy radius_proxy_client_policy[__RADIUS_PROXY_CLIENT_MAX] = {
+		[RADIUS_PROXY_CLIENT_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_CLIENT_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_CLIENT_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
+};
+
+static const struct blobmsg_policy radius_proxy_tls_policy[__RADIUS_PROXY_TLS_MAX] = {
+		[RADIUS_PROXY_TLS_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_TLS_CA_CERT] = { .name = "CACertificateFile", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_TLS_CLIENT_CERT] = { .name = "certificateFile", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_TLS_CLIENT_KEY] = { .name = "certificateKeyFile", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_TLS_CERT_PASSWORD] = { .name = "certificateKeyPassword", BLOBMSG_TYPE_STRING },
+};
+
+static const struct blobmsg_policy radius_proxy_server_policy[__RADIUS_PROXY_SERVER_MAX] = {
+		[RADIUS_PROXY_SERVER_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_STATUS] = { .name = "statusServer", BLOBMSG_TYPE_BOOL },
+		[RADIUS_PROXY_SERVER_TLS] = { .name = "tls", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_CERT_NAME_CHECK] = { .name = "certificateNameCheck", BLOBMSG_TYPE_BOOL },
+};
+
+static const struct blobmsg_policy radius_proxy_realm_policy[__RADIUS_PROXY_REALM_MAX] = {
+		[RADIUS_PROXY_REALM_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_REALM_AUTH_SERVER] = { .name = "server", BLOBMSG_TYPE_ARRAY },
+		[RADIUS_PROXY_REALM_ACCT_SERVER] = { .name = "accountingServer", BLOBMSG_TYPE_ARRAY },
+};
+
+const struct uci_blob_param_list radius_proxy_options_param = {
+	.n_params = __RADIUS_PROXY_OPTIONS_MAX,
+	.params = radius_proxy_options_policy,
+};
+
+const struct uci_blob_param_list radius_proxy_client_param = {
+	.n_params = __RADIUS_PROXY_CLIENT_MAX,
+	.params = radius_proxy_client_policy,
+};
+
+const struct uci_blob_param_list radius_proxy_tls_param = {
+	.n_params = __RADIUS_PROXY_TLS_MAX,
+	.params = radius_proxy_tls_policy,
+};
+
+const struct uci_blob_param_list radius_proxy_server_param = {
+	.n_params = __RADIUS_PROXY_SERVER_MAX,
+	.params = radius_proxy_server_policy,
+};
+
+const struct uci_blob_param_list radius_proxy_realm_param = {
+	.n_params = __RADIUS_PROXY_REALM_MAX,
+	.params = radius_proxy_realm_policy,
+};
+
+
+size_t file_write(void *ptr, size_t size, size_t nmemb, FILE *stream) {
+	size_t written = fwrite(ptr, size, nmemb, stream);
+	return written;
+}
+
+static bool radsec_download_cert(char *cert_name, char *dir_name, char *cert_url)
+{
+	CURL *curl;
+	FILE *fp;
+	CURLcode res;
+	char path[200];
+	char name[32];
+	char dir[32];
+	char *gw_clientcert = "/usr/opensync/certs/client.pem";
+	char *gw_clientkey = "/usr/opensync/certs/client_dec.key";
+
+	strcpy(name, cert_name);
+	strcpy(dir, dir_name);
+	sprintf(path, "/tmp/radsec/certs/%s/%s", dir, name);
+
+	curl = curl_easy_init();
+	if (curl)
+	{
+		fp = fopen(path,"wb");
+
+		if (fp == NULL)
+		{
+			curl_easy_cleanup(curl);
+			return false;
+		}
+
+		if (cert_url == NULL)
+		{
+			curl_easy_cleanup(curl);
+			fclose(fp);
+			return false;
+		}
+
+		curl_easy_setopt(curl, CURLOPT_SSLCERT, gw_clientcert);
+		curl_easy_setopt(curl, CURLOPT_SSLKEY, gw_clientkey);
+		curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+		curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+		curl_easy_setopt(curl, CURLOPT_HEADER, 0L);
+		curl_easy_setopt(curl, CURLOPT_URL, cert_url);
+		curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, file_write);
+		curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);
+		res = curl_easy_perform(curl);
+		curl_easy_cleanup(curl);
+		fclose(fp);
+		return res;
+	}
+
+	return true;
+}
+
+static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
+{
+	int i=0;
+	char path[200];
+	char name[256];
+	struct schema_APC_State apc_conf;
+
+	/* Configure only if APC selects this as master AP (DR) */
+	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
+	if (false == ovsdb_table_select_one_where(&table_APC_State,
+			where, &apc_conf)) {
+		LOG(INFO, "APC_State read failed");
+		return false;
+	}
+
+	if (!strncmp(apc_conf.mode, "OR", 2) || !strncmp(apc_conf.mode, "BDR", 2))
+		return false;
+
+	/* Configure options block */
+	blob_buf_init(&uci_buf, 0);
+	n = blobmsg_open_array(&uci_buf,"ListenUDP");
+	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1812");
+	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1813");
+	blobmsg_close_array(&uci_buf, n);
+	memset(name, '\0', sizeof(name));
+	sprintf(name, "%s%s", conf->radius_config_name, "options");
+	blob_to_uci_section(uci, "radsecproxy", name, "options",
+			uci_buf.head, &radius_proxy_options_param, NULL);
+
+	/* Configure client block */
+	blob_buf_init(&uci_buf, 0);
+	blobmsg_add_string(&uci_buf, "name", "localhost");
+	blobmsg_add_string(&uci_buf, "type", "udp");
+	blobmsg_add_string(&uci_buf, "secret", "secret");
+	memset(name, '\0', sizeof(name));
+	sprintf(name, "%s%s", conf->radius_config_name, "client");
+	blob_to_uci_section(uci, "radsecproxy", name, "client",
+			uci_buf.head, &radius_proxy_client_param, NULL);
+
+	/* Configure TLS/non-TLS and server blocks */
+	if (conf->radsec)
+	{
+		blob_buf_init(&uci_buf, 0);
+		radsec_download_cert("cacert.pem",
+				conf->radius_config_name, conf->ca_cert);
+		radsec_download_cert("clientcert.pem",
+				conf->radius_config_name, conf->client_cert);
+		radsec_download_cert("clientdec.key",
+				conf->radius_config_name, conf->client_key);
+
+		blobmsg_add_string(&uci_buf, "name", conf->server);
+
+		memset(path, '\0', sizeof(path));
+		sprintf(path, "/tmp/radsec/certs/%s/cacert.pem",
+				conf->radius_config_name);
+		blobmsg_add_string(&uci_buf, "CACertificateFile", path);
+
+		memset(path, '\0', sizeof(path));
+		sprintf(path, "/tmp/radsec/certs/%s/clientcert.pem",
+				conf->radius_config_name);
+		blobmsg_add_string(&uci_buf, "certificateFile", path);
+
+		memset(path, '\0', sizeof(path));
+		sprintf(path, "/tmp/radsec/certs/%s/clientdec.key",
+				conf->radius_config_name);
+		blobmsg_add_string(&uci_buf, "certificateKeyFile", path);
+
+		if (strlen(conf->passphrase) > 0)
+			blobmsg_add_string(&uci_buf, "certificateKeyPassword", conf->passphrase);
+
+		memset(name, '\0', sizeof(name));
+		sprintf(name, "%s%s", conf->radius_config_name, "tls");
+		blob_to_uci_section(uci, "radsecproxy", name,
+				"tls", uci_buf.head, &radius_proxy_tls_param, NULL);
+
+		blob_buf_init(&uci_buf, 0);
+		blobmsg_add_string(&uci_buf, "name", conf->server);
+		blobmsg_add_string(&uci_buf, "type", "tls");
+		blobmsg_add_string(&uci_buf, "tls", conf->server);
+		blobmsg_add_string(&uci_buf, "secret", "radsec");
+		blobmsg_add_bool(&uci_buf, "statusServer", 0);
+		blobmsg_add_bool(&uci_buf, "certificateNameCheck", 0);
+		memset(name, '\0', sizeof(name));
+		sprintf(name, "%s%s", conf->radius_config_name, "server");
+		blob_to_uci_section(uci, "radsecproxy", name, "server",
+				uci_buf.head, &radius_proxy_server_param, NULL);
+	}
+	else /* non-TLS block */
+	{
+		blob_buf_init(&uci_buf, 0);
+		blobmsg_add_string(&uci_buf, "name", conf->server);
+		blobmsg_add_string(&uci_buf, "type", "udp");
+		if (strlen(conf->secret) > 0)
+			blobmsg_add_string(&uci_buf, "secret", conf->secret);
+		memset(name, '\0', sizeof(name));
+		sprintf(name, "%s%s", conf->radius_config_name, "server");
+		blob_to_uci_section(uci, "radsecproxy", name, "server",
+				uci_buf.head, &radius_proxy_server_param, NULL);
+	}
+
+	/* Configure realm block */
+	for (i = 0; i < conf->realm_len; i++)
+	{
+		blob_buf_init(&uci_buf, 0);
+		blobmsg_add_string(&uci_buf, "name", conf->realm[i]);
+		n = blobmsg_open_array(&uci_buf,"server");
+		blobmsg_add_string(&uci_buf, NULL, conf->server);
+		blobmsg_close_array(&uci_buf, n);
+		n = blobmsg_open_array(&uci_buf,"accountingServer");
+		blobmsg_add_string(&uci_buf, NULL, conf->server);
+		blobmsg_close_array(&uci_buf, n);
+		memset(name, '\0', sizeof(name));
+		sprintf(name, "%s%s%d", conf->radius_config_name, "realm", i);
+		blob_to_uci_section(uci, "radsecproxy", name, "realm",
+				uci_buf.head, &radius_proxy_realm_param, NULL);
+	}
+
+	uci_commit_all(uci);
+	return true;
+}
+
+static bool radius_proxy_config_delete()
+{
+	struct uci_package *radsecproxy;
+	struct uci_element *e = NULL, *tmp = NULL;
+	int ret=0;
+
+	ret= uci_load(uci, "radsecproxy", &radsecproxy);
+	if (ret) {
+		LOGD("%s: uci_load() failed with rc %d", __func__, ret);
+		return false;
+	}
+	uci_foreach_element_safe(&radsecproxy->sections, tmp, e) {
+		struct uci_section *s = uci_to_section(e);
+		if ((s == NULL) || (s->type == NULL)) continue;
+		uci_section_del(uci, "radsecproxy", "radsecproxy",
+				(char *)s->e.name, s->type);
+	}
+	uci_commit(uci, &radsecproxy, false);
+	uci_unload(uci, radsecproxy);
+	reload_config = 1;
+	return true;
+}
+
+void callback_Radius_Proxy_Config(ovsdb_update_monitor_t *self,
+				 struct schema_Radius_Proxy_Config *old,
+				 struct schema_Radius_Proxy_Config *conf)
+{
+	switch (self->mon_type)
+	{
+	case OVSDB_UPDATE_NEW:
+	case OVSDB_UPDATE_MODIFY:
+		(void) radius_proxy_config_set(conf);
+		break;
+
+	case OVSDB_UPDATE_DEL:
+		(void) radius_proxy_config_delete();
+		(void) radius_proxy_config_set(conf);
+		break;
+
+	default:
+		LOG(ERR, "Radius_Proxy_Config: unexpected mon_type %d %s",
+				self->mon_type, self->mon_uuid);
+		break;
+	}	
+	return;
+}
+
+

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/stats_nl80211.c

@@ -547,7 +547,7 @@ int nl80211_scan_trigger(struct nl_call_param *nl_call_param, uint32_t *chan_lis
 {
 	struct nl_msg *msg = nl80211_call_vif(nl_call_param, NL80211_CMD_TRIGGER_SCAN, false);
 	struct nlattr *freq;
-	unsigned int i;
+	unsigned int i, flags = 0;
 	int ret = 0;
 
 	if (!msg)
@@ -555,6 +555,11 @@ int nl80211_scan_trigger(struct nl_call_param *nl_call_param, uint32_t *chan_lis
 
 	LOGT("%s: not setting dwell time\n", nl_call_param->ifname);
 	//nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION, dwell_time);
+
+	/* Add the ap-force flag, otherwise the scan fails on wifi6 APs */
+	flags |= NL80211_SCAN_FLAG_AP;
+	nla_put(msg, NL80211_ATTR_SCAN_FLAGS, sizeof(uint32_t), &flags);
+
 	freq = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
 	for (i = 0; i < chan_num; i ++)
 		nla_put_u32(msg, i, ieee80211_channel_to_frequency(chan_list[i]));

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/sysupgrade.c

@@ -291,7 +291,7 @@ static void cb_osp_start_factory_reboot(EV_P_ ev_timer *w, int events)
 	if (!strcmp(upg_url, "reboot"))
 		system("reboot");
 	else
-		system("jffs2reset -y -r");
+		system("wlan_ap_factory_reset.sh");
 
 	upg_running = false;
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/utils.c

@@ -23,41 +23,79 @@
 #include "vif.h"
 
 static struct mode_map mode_map[] = {
-	{ 0, "11b", "11b", NULL, "NOHT" },
-	{ 0, "11g", "11g", NULL, "NOHT" },
-	{ 1, "11a", "11a", NULL, "NOHT" },
-	{ 0, "11n", "11g", "HT20", "HT20" },
-	{ 0, "11n", "11g", "HT40", "HT40" },
-	{ 0, "11n", "11g", "HT40-", "HT40-" },
-	{ 0, "11n", "11g", "HT40+", "HT40+" },
-	{ 0, "11n", "11g", "HT80", "HT40" },
-	{ 0, "11n", "11g", "HT160", "HT40" },
-	{ 1, "11n", "11a", "HT20", "HT20" },
-	{ 1, "11n", "11a", "HT40", "HT40" },
-	{ 1, "11n", "11a", "HT40-", "HT40-" },
-	{ 1, "11n", "11a", "HT40+", "HT40+" },
-	{ 1, "11n", "11a", "HT80", "HT40" },
-	{ 1, "11n", "11a", "HT160", "HT40" },
-	{ 1, "11ac", "11a", "HT20", "VHT20" },
-	{ 1, "11ac", "11a", "HT40", "VHT40" },
-	{ 1, "11ac", "11a", "HT40-", "VHT40" },
-	{ 1, "11ac", "11a", "HT40+", "VHT40" },
-	{ 1, "11ac", "11a", "HT80", "VHT80" },
-	{ 1, "11ac", "11a", "HT160", "VHT160" },
-	{ 0, "11ax", "11g", "HT20", "HE20" },
-	{ 0, "11ax", "11g", "HT40", "HE40" },
-	{ 0, "11ax", "11g", "HT40-", "HE40" },
-	{ 0, "11ax", "11g", "HT40+", "HE40" },
-	{ 0, "11ax", "11g", "HT80", "HE80" },
-	{ 0, "11ax", "11g", "HT160", "HE80" },
-	{ 1, "11ax", "11a", "HT20", "HE20" },
-	{ 1, "11ax", "11a", "HT40", "HE40" },
-	{ 1, "11ax", "11a", "HT40-", "HE40" },
-	{ 1, "11ax", "11a", "HT40+", "HE40" },
-	{ 1, "11ax", "11a", "HT80", "HE80" },
-	{ 1, "11ax", "11a", "HT160", "HE160" },
+	{ 0, "11b", "11b", NULL, "NOHT", 0 },
+	{ 0, "11g", "11g", NULL, "NOHT", 0 },
+	{ 1, "11a", "11a", NULL, "NOHT", 0 },
+	{ 0, "11n", "11g", "HT20", "HT20", 0 },
+	{ 0, "11n", "11g", "HT40", "HT40", 1 },
+	{ 0, "11n", "11g", "HT40-", "HT40-", 1 },
+	{ 0, "11n", "11g", "HT40+", "HT40+", 1 },
+	{ 0, "11n", "11g", "HT80", "HT40", 1 },
+	{ 0, "11n", "11g", "HT160", "HT40", 1 },
+	{ 1, "11n", "11a", "HT20", "HT20", 0 },
+	{ 1, "11n", "11a", "HT40", "HT40", 1 },
+	{ 1, "11n", "11a", "HT40-", "HT40-", 1 },
+	{ 1, "11n", "11a", "HT40+", "HT40+", 1 },
+	{ 1, "11n", "11a", "HT80", "HT40", 1 },
+	{ 1, "11n", "11a", "HT160", "HT40", 1 },
+	{ 1, "11ac", "11a", "HT20", "VHT20", 0 },
+	{ 1, "11ac", "11a", "HT40", "VHT40", 1 },
+	{ 1, "11ac", "11a", "HT40-", "VHT40", 1 },
+	{ 1, "11ac", "11a", "HT40+", "VHT40", 1 },
+	{ 1, "11ac", "11a", "HT80", "VHT80", 1 },
+	{ 1, "11ac", "11a", "HT160", "VHT160", 1 },
+	{ 0, "11ax", "11g", "HT20", "HE20", 0 },
+	{ 0, "11ax", "11g", "HT40", "HE40", 1 },
+	{ 0, "11ax", "11g", "HT40-", "HE40", 1 },
+	{ 0, "11ax", "11g", "HT40+", "HE40", 1 },
+	{ 0, "11ax", "11g", "HT80", "HE80", 1 },
+	{ 0, "11ax", "11g", "HT160", "HE80", 1 },
+	{ 1, "11ax", "11a", "HT20", "HE20", 0 },
+	{ 1, "11ax", "11a", "HT40", "HE40", 1 },
+	{ 1, "11ax", "11a", "HT40-", "HE40", 1 },
+	{ 1, "11ax", "11a", "HT40+", "HE40", 1 },
+	{ 1, "11ax", "11a", "HT80", "HE80", 1 },
+	{ 1, "11ax", "11a", "HT160", "HE160", 1 },
 };
 
+typedef enum {
+	MHz20=0,
+	MHz40 = 1,
+	MHz80 = 2,
+	MHz160 = 4
+} bm_AllowedBw;
+
+typedef struct {
+	int freq;
+	bm_AllowedBw bw;
+} freqBwListEntry;
+
+freqBwListEntry freqBwList[] ={{2412, MHz20},{2417, MHz20},{2422, MHz20},{2427, MHz20},{2432, MHz20},{2437, MHz20},{2442, MHz20},{2447, MHz20},{2452, MHz20},{2457, MHz20},{2462, MHz20},{2467, MHz20},{2472, MHz20}, {2484, MHz20},
+		{ 5180, MHz20|MHz40|MHz80},{5200, MHz20},{5220, MHz20|MHz40},{5240, MHz20},{5260, MHz20|MHz40|MHz80},{5280, MHz20},{5300,MHz20|MHz40},{5320, MHz20},{5500, MHz20|MHz40|MHz80},{5520, MHz20},{5540,  MHz20|MHz40}, {5560, MHz20},
+		{5580, MHz20|MHz40|MHz80},{5600, MHz20},{5620, MHz20|MHz40},{5640, MHz20},{5660, MHz20|MHz40|MHz80},{5680, MHz20},{5700, MHz20|MHz40},{5720, MHz20},{5745, MHz20|MHz40|MHz80},{5765, MHz20},{5785, MHz20|MHz40},{5805, MHz20},{5825, MHz20}};
+
+#define REQ_BW(htmode) (!strcmp(htmode, "HT20") ? MHz20 : !strcmp(htmode, "HT40") ? MHz40 : !strcmp(htmode, "HT80") ? MHz80 : !strcmp(htmode, "HT160") ? MHz160 : MHz20)
+#define REQ_MODE(bw) (bw==MHz20 ? "HT20": bw==MHz40 ? "HT40" : bw==MHz80 ? "HT80" : bw==MHz160 ? "HT160" : "HT20")
+
+char * get_max_channel_bw_channel(int channel_freq, const char* htmode)
+{
+	unsigned int i;
+	bm_AllowedBw requestedBw;
+
+	requestedBw = REQ_BW(htmode);
+
+	for ( i = 0; i < ARRAY_SIZE(freqBwList); i++) {
+		if(freqBwList[i].freq == channel_freq) {
+			while (requestedBw) {
+				if (freqBwList[i].bw & requestedBw) {
+					return REQ_MODE(requestedBw);
+				}
+				requestedBw >>= 1;
+			}
+		}
+	}
+	return "HT20";
+}
 struct mode_map *mode_map_get_uci(const char *band, const char *htmode, const char *hwmode)
 {
 	unsigned int i;
@@ -624,3 +662,22 @@ bool vif_get_security(struct schema_Wifi_VIF_State *vstate,  char *mode,  char *
 	return true;
 
 }
+
+bool vif_get_key_for_key_distr(const char *secret, char *key_str)
+{
+	bool err = false;
+	FILE *fp;
+	char cmd_buf[256] = "openssl aes-128-cbc -nosalt -k ";
+
+	strcat(cmd_buf, secret);
+	strcat(cmd_buf, " -P 2>/dev/null | grep key | cut -d = -f2");
+	fp = popen(cmd_buf, "r");
+
+	
+	if (fp && fscanf(fp, "%s", key_str)) {
+		err = true;
+	}
+
+	fclose(fp);
+	return err;
+}

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c

@@ -129,6 +129,9 @@ enum {
 	WIF_ATTR_DVLAN_NAMING,
 	WIF_ATTR_DVLAN_BRIDGE,
 	WIF_ATTR_MIN_HW_MODE,
+	WIF_ATTR_11R_R0KH,
+	WIF_ATTR_11R_R1KH,
+	WIF_ATTR_RADPROXY,
 	__WIF_ATTR_MAX,
 };
 
@@ -220,6 +223,9 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
 	[WIF_ATTR_DVLAN_NAMING] = { .name = "vlan_naming", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_DVLAN_BRIDGE] = { .name = "vlan_bridge", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_MIN_HW_MODE] = { .name = "min_hw_mode", BLOBMSG_TYPE_STRING },
+	[WIF_ATTR_11R_R0KH] = { .name = "r0kh", BLOBMSG_TYPE_STRING },
+	[WIF_ATTR_11R_R1KH] = { .name = "r1kh", BLOBMSG_TYPE_STRING },
+	[WIF_ATTR_RADPROXY] = { .name = "radproxy", BLOBMSG_TYPE_STRING },
 };
 
 const struct uci_blob_param_list wifi_iface_param = {
@@ -311,6 +317,61 @@ static struct vif_crypto {
 	{ "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 };
 
+extern ovsdb_table_t table_APC_State;
+extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
+extern unsigned int radproxy_apc;
+
+/* Custom options table */
+#define SCHEMA_CUSTOM_OPT_SZ            20
+#define SCHEMA_CUSTOM_OPTS_MAX          13
+
+const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
+{
+	SCHEMA_CONSTS_RATE_LIMIT,
+	SCHEMA_CONSTS_RATE_DL,
+	SCHEMA_CONSTS_RATE_UL,
+	SCHEMA_CONSTS_CLIENT_RATE_DL,
+	SCHEMA_CONSTS_CLIENT_RATE_UL,
+	SCHEMA_CONSTS_IEEE80211k,
+	SCHEMA_CONSTS_RTS_THRESHOLD,
+	SCHEMA_CONSTS_DTIM_PERIOD,
+	SCHEMA_CONSTS_RADIUS_OPER_NAME,
+	SCHEMA_CONSTS_RADIUS_NAS_ID,
+	SCHEMA_CONSTS_RADIUS_NAS_IP,
+	SCHEMA_CONSTS_DYNAMIC_VLAN,
+	SCHEMA_CONSTS_RADPROXY,
+};
+
+static bool vif_config_custom_opt_get_proxy(
+		const struct schema_Wifi_VIF_Config *vconf)
+{
+	int i;
+	const char *opt;
+	const char *val;
+	char value[20];
+
+	for (i = 0; i < SCHEMA_CUSTOM_OPTS_MAX; i++) {
+		opt = custom_options_table[i];
+		val = SCHEMA_KEY_VAL(vconf->custom_options, opt);
+		if (!val)
+			strncpy(value, "0", 20);
+		else
+			strncpy(value, val, 20);
+
+		if (strcmp(opt, "radproxy") == 0) {
+			if (strcmp(value, "1") == 0) {
+				radproxy_apc |= 1;
+				return true;
+			}
+			else {
+				radproxy_apc |= 0;
+				return false;
+			}
+		}
+	}
+	return false;
+}
+
 static int vif_config_security_set(struct blob_buf *b,
 				    const struct schema_Wifi_VIF_Config *vconf)
 {
@@ -318,7 +379,10 @@ static int vif_config_security_set(struct blob_buf *b,
 	const char *mode = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_MODE);
 	unsigned int i;
 	unsigned int acct_interval;
-	const char *auth_server, *auth_port, *auth_secret, *security_key;
+	const char *auth_server, *auth_port, *auth_secret, *security_key, *acct_server;
+	char key_str[64], key_holder_str[128];
+	struct schema_APC_State apc_conf;
+	const char *local_server = "127.0.0.1";
 
 	if (!strcmp(encryption, OVSDB_SECURITY_ENCRYPTION_OPEN) || !mode)
 		goto open;
@@ -336,20 +400,48 @@ static int vif_config_security_set(struct blob_buf *b,
 		}
 
 		if (vif_crypto[i].enterprise) {
+
+			if (vif_config_custom_opt_get_proxy(vconf)) {
+				LOGN("%s: Apply Proxy Security Settings", vconf->if_name);
+				json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
+				if (false == ovsdb_table_select_one_where(&table_APC_State,
+						where, &apc_conf)) {
+					LOG(INFO, "APC_State read failed");
+					return -1;
+				}
+				if (!strncmp(apc_conf.mode, "DR", 2)) {
+					auth_server = local_server;
+					acct_server = local_server;
+				} else if (!strncmp(apc_conf.mode, "OR", 2) ||
+					   !strncmp(apc_conf.mode, "BDR", 2)) {
+					auth_server = apc_conf.dr_addr;
+					acct_server = apc_conf.dr_addr;
+				}
+				else {
+					auth_server = local_server;
+					acct_server = local_server;
+				}
+			}
+			else
+			{
+				auth_server = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_IP);
+				acct_server = SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_IP);
+			}
+
 			acct_interval = 0;
-			auth_server = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_IP);
 			auth_port   = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_PORT);
 			auth_secret = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_SECRET);
+
 			LOGT("%s: Server IP %s port %s secret %s", vconf->if_name, auth_server, auth_port, auth_secret);
 			if (!auth_server[0] || !auth_port[0] || !auth_secret[0]) {
 				LOGI("%s: Incomplete RADIUS security config - SSID not created", vconf->if_name);
 				return -1;
 			}
+
 			blobmsg_add_string(b, "auth_server", auth_server);
 			blobmsg_add_string(b, "auth_port",   auth_port );
 			blobmsg_add_string(b, "auth_secret", auth_secret );
-			blobmsg_add_string(b, "acct_server",
-					   SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_IP));
+			blobmsg_add_string(b, "acct_server", acct_server);
 			blobmsg_add_string(b, "acct_port",
 					   SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_PORT));
 			blobmsg_add_string(b, "acct_secret",
@@ -361,6 +453,26 @@ static int vif_config_security_set(struct blob_buf *b,
 			{
 				blobmsg_add_u32(b, "acct_interval", acct_interval);
 			}
+
+			/*
+			 * If Radius is configured and Roaming is enabled,
+			 * - disable ft_psk_generate_local. This is required for hostapd to populate R0/R1.
+			 * - populate r0KH and r1KH with broadcast addressing so that the corresponding
+			 * Key Holders are auto-generated
+			 */
+			if (vconf->ft_mobility_domain) {
+				blobmsg_add_bool(b, "ft_psk_generate_local", 0);
+
+				vif_get_key_for_key_distr(auth_secret, key_str);
+
+				strcpy(key_holder_str, "ff:ff:ff:ff:ff:ff,*,");
+				strcat(key_holder_str, key_str);
+				blobmsg_add_string(b, "r0kh", key_holder_str);
+
+				strcpy(key_holder_str, "00:00:00:00:00:00,00:00:00:00:00:00,");
+				strcat(key_holder_str, key_str);
+				blobmsg_add_string(b, "r1kh", key_holder_str);
+			}
 		} else {
 			security_key = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_KEY);
 			if (security_key == NULL) {
@@ -368,6 +480,8 @@ static int vif_config_security_set(struct blob_buf *b,
 				return -1;
 			}
 			blobmsg_add_string(b, "key", security_key);
+			if (vconf->ft_mobility_domain)
+				blobmsg_add_bool(b, "ft_psk_generate_local", vconf->ft_psk);
 		}
 	}
 	return 0;
@@ -454,25 +568,6 @@ out_none:
 				  OVSDB_SECURITY_ENCRYPTION_OPEN);
 }
 
-/* Custom options table */
-#define SCHEMA_CUSTOM_OPT_SZ            20
-#define SCHEMA_CUSTOM_OPTS_MAX          12
-
-const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
-{
-	SCHEMA_CONSTS_RATE_LIMIT,
-	SCHEMA_CONSTS_RATE_DL,
-	SCHEMA_CONSTS_RATE_UL,
-	SCHEMA_CONSTS_CLIENT_RATE_DL,
-	SCHEMA_CONSTS_CLIENT_RATE_UL,
-	SCHEMA_CONSTS_IEEE80211k,
-	SCHEMA_CONSTS_RTS_THRESHOLD,
-	SCHEMA_CONSTS_DTIM_PERIOD,
-	SCHEMA_CONSTS_RADIUS_OPER_NAME,
-	SCHEMA_CONSTS_RADIUS_NAS_ID,
-	SCHEMA_CONSTS_RADIUS_NAS_IP,
-	SCHEMA_CONSTS_DYNAMIC_VLAN,
-};
 
 static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
                                       const struct schema_Wifi_VIF_Config *vconf)
@@ -483,6 +578,9 @@ static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
 	const char *opt;
 	const char *val;
 	struct blob_attr *n;
+	bool found_nasid = false;
+	char mac[ETH_ALEN * 3];
+	struct blob_attr *tb[__WIF_ATTR_MAX] = { };
 
 	for (i = 0; i < SCHEMA_CUSTOM_OPTS_MAX; i++) {
 		opt = custom_options_table[i];
@@ -517,8 +615,12 @@ static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
 			blobmsg_add_string(b, "rts_threshold", value);
 		else if (strcmp(opt, "dtim_period") == 0)
 			blobmsg_add_string(b, "dtim_period", value);
-		else if (strcmp(opt, "radius_nas_id") == 0)
-			blobmsg_add_string(b, "nasid", value);
+		else if (strcmp(opt, "radius_nas_id") == 0) {
+			if (strcmp(value, "\0") != 0) {
+				blobmsg_add_string(b, "nasid", value);
+				found_nasid = true;
+			}
+		}
 		else if (strcmp(opt, "radius_nas_ip") == 0)
 			blobmsg_add_string(b, "ownip", value);
 		else if (strcmp(opt, "radius_oper_name") == 0 && strlen(value) > 0)
@@ -552,7 +654,17 @@ static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
 				strncpy(value, "br-wan.", 20);
 				blobmsg_add_string(del, "vlan_bridge", value);
 			}
-		}
+		} else if (strcmp(opt, "radproxy") == 0)
+			blobmsg_add_string(b, "radproxy", value);
+	}
+
+	/* No NASID was found from blob, so use BSSID as NASID */
+	if (found_nasid == false) {
+		blobmsg_parse(wifi_iface_policy, __WIF_ATTR_MAX, tb, blob_data(b->head), blob_len(b->head));
+		if (tb[WIF_ATTR_IFNAME] && !vif_get_mac(blobmsg_get_string(tb[WIF_ATTR_IFNAME]), mac))
+			blobmsg_add_string(b, "nasid", mac);
+		else
+			LOGE("Failed to get base BSSID (mac)\n");
 	}
 }
 
@@ -686,7 +798,15 @@ static void vif_state_custom_options_get(struct schema_Wifi_VIF_State *vstate,
 							custom_options_table[i],
 							buf);
 			}
+		} else if (strcmp(opt, "radproxy") == 0) {
+			if (tb[WIF_ATTR_RADPROXY]) {
+				buf = blobmsg_get_string(tb[WIF_ATTR_RADPROXY]);
+				set_custom_option_state(vstate, &index,
+							custom_options_table[i],
+							buf);
+			}
 		}
+
 	}
 }
 
@@ -697,7 +817,7 @@ bool vif_state_update(struct uci_section *s, struct schema_Wifi_VIF_Config *vcon
 	char mac[ETH_ALEN * 3];
 	char *ifname, radio[IF_NAMESIZE];
 	bool vifIsActive = false;
-	char network_name[8];
+	char network_name[IF_NAMESIZE];
 
 	LOGT("%s: get state", s->e.name);
 
@@ -766,8 +886,8 @@ bool vif_state_update(struct uci_section *s, struct schema_Wifi_VIF_Config *vcon
 //		SCHEMA_SET_INT(vstate.uapsd_enable, false);
 
 	if (tb[WIF_ATTR_NETWORK]) {
-		SCHEMA_SET_STR(vstate.bridge, blobmsg_get_string(tb[WIF_ATTR_NETWORK]));
-		strcpy(network_name, blobmsg_get_string(tb[WIF_ATTR_NETWORK]));
+		strncpy(network_name, blobmsg_get_string(tb[WIF_ATTR_NETWORK]), IF_NAMESIZE);
+		SCHEMA_SET_STR(vstate.bridge, network_name);
 	}
 	else
 		LOGW("%s: unknown bridge/network", s->e.name);
@@ -882,6 +1002,70 @@ void vif_section_del(char *section_name)
 
 }
 
+static void vif_check_radius_proxy()
+{
+	struct uci_context *uci_ctx;
+	struct uci_package *wireless;
+	struct schema_APC_State apc_conf;
+	struct uci_element *e = NULL, *tmp = NULL;
+	char *buf = NULL;
+	int rc = 0;
+
+	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
+	if (false == ovsdb_table_select_one_where(&table_APC_State, where, &apc_conf))
+	{
+		LOGI("APC_State read failed");
+		return;
+	}
+
+	uci_ctx = uci_alloc_context();
+
+	rc = uci_load(uci_ctx, "wireless", &wireless);
+
+	if (rc)
+	{
+		LOGD("%s: uci_load() failed with rc %d", __func__, rc);
+		goto free;
+	}
+
+	uci_foreach_element_safe(&wireless->sections, tmp, e)
+	{
+		struct blob_attr *tb[__WIF_ATTR_MAX];
+		struct uci_section *s = uci_to_section(e);
+		if ((s == NULL) || (s->type == NULL))
+			continue;
+
+		if (strcmp(s->type, "wifi-iface"))
+			continue;
+
+		blob_buf_init(&b, 0);
+		uci_to_blob(&b, s, &wifi_iface_param);
+		blobmsg_parse(wifi_iface_policy, __WIF_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));
+
+		if (tb[WIF_ATTR_RADPROXY])
+		{
+			buf = blobmsg_get_string(tb[WIF_ATTR_RADPROXY]);
+
+			if (!strcmp(buf, "1") && !strcmp(apc_conf.mode, "DR"))
+			{
+				if (!system("pidof radsecproxy"))
+					goto free;
+
+				system("/etc/init.d/radsecproxy start");
+
+				goto free;
+			}
+		}
+	}
+
+	system("/etc/init.d/radsecproxy stop");
+
+free:
+	uci_unload(uci_ctx, wireless);
+	uci_free_context(uci_ctx);
+	return;
+}
+
 static bool hs20_download_icon(char *icon_name, char *icon_url)
 {
 	CURL *curl;
@@ -1335,10 +1519,9 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 		blobmsg_add_string(&b, "min_hw_mode", vconf->min_hw_mode);
 
 	if (changed->ft_psk || changed->ft_mobility_domain) {
-		if (vconf->ft_psk && vconf->ft_mobility_domain) {
+		if (vconf->ft_mobility_domain) {
 			blobmsg_add_bool(&b, "ieee80211r", 1);
 			blobmsg_add_hex16(&b, "mobility_domain", vconf->ft_mobility_domain);
-			blobmsg_add_bool(&b, "ft_psk_generate_local", vconf->ft_psk);
 			blobmsg_add_bool(&b, "ft_over_ds", 0);
 			blobmsg_add_bool(&b, "reassociation_deadline", 1);
 		} else {
@@ -1385,9 +1568,8 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 	blobmsg_add_bool(&b, "wpa_disable_eapol_key_retries", 1);
 	blobmsg_add_u32(&b, "channel", rconf->channel);
 
-	if (vif_config_security_set(&b, vconf)) {
-                return -1;
-        }
+	if (vif_config_security_set(&b, vconf))
+		return -1;
 
 	if (changed->custom_options)
 		vif_config_custom_opt_set(&b, &del, vconf);
@@ -1410,6 +1592,9 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 		vif_dhcp_opennds_allowlist_set(vconf,(char*)vconf->if_name);
 	}
 
+	if (changed->custom_options)
+		vif_check_radius_proxy();
+
 	reload_config = 1;
 	return 0;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/rrm/inc/rrm.h

@@ -75,7 +75,7 @@ int rrm_setup_monitor(void);
 void rrm_channel_init(void);
 int rrm_ubus_init(struct ev_loop *loop);
 int ubus_get_noise(const char *if_name, uint32_t *noise);
-int ubus_set_channel_switch(const char *if_name, uint32_t frequency);
+int ubus_set_channel_switch(const char *if_name, uint32_t frequency, int channel_bandwidth, int sec_chan_offset);
 void set_rrm_parameters(rrm_entry_t *rrm_data);
 ds_tree_t* rrm_get_rrm_config_list(void);
 ds_tree_t* rrm_get_radio_list(void);

feeds/wlan-ap/opensync/src/platform/openwrt/src/rrm/src/rrm_channel.c

@@ -94,6 +94,15 @@ radio_entry_t* rrm_get_radio_config(radio_type_t band)
 	}
 	return NULL;
 }
+void get_channel_bandwidth(const char* htmode, int *channel_bandwidth)
+{
+	if(!strcmp(htmode, "HT20"))
+		*channel_bandwidth=20;
+	else if (!strcmp(htmode, "HT40"))
+		*channel_bandwidth=40;
+	else if(!strcmp(htmode, "HT80"))
+		*channel_bandwidth=80;
+}
 
 void rrm_nf_timer_handler(struct ev_loop *loop, ev_timer *timer, int revents)
 {
@@ -154,16 +163,26 @@ void rrm_nf_timer_handler(struct ev_loop *loop, ev_timer *timer, int revents)
 
 		if (nf > nf_drop_threshold)
 		{
-			LOGD("[%s] backup=%d nf=%d nf_lwm=%d drop=%d thresh=%d",
+			LOGI("Interference detected on [%s], switching to backup_channel=%d nf=%d nf_lwm=%d drop=%d thresh=%d",
 					radio->config.if_name,
 					rrm_config->rrm_data.backup_channel,
 					nf,
 					rrm_config->rrm_data.noise_lwm,
 					rrm_config->rrm_data.snr_percentage_drop,
 					nf_drop_threshold);
+			int channel_bandwidth;
+			int sec_chan_offset=0;
+			struct mode_map *m = mode_map_get_uci(radio->schema.freq_band, get_max_channel_bw_channel(ieee80211_channel_to_frequency(rrm_config->rrm_data.backup_channel),
+						radio->schema.ht_mode), radio->schema.hw_mode);
+			if (m) {
+				sec_chan_offset = m->sec_channel_offset;
+			} else
+				 LOGE("failed to get channel offset");
 
+			get_channel_bandwidth(get_max_channel_bw_channel(ieee80211_channel_to_frequency(rrm_config->rrm_data.backup_channel),
+					radio->schema.ht_mode), &channel_bandwidth);
 			ubus_set_channel_switch(radio->config.if_name,
-					ieee80211_channel_to_frequency(rrm_config->rrm_data.backup_channel));
+					ieee80211_channel_to_frequency(rrm_config->rrm_data.backup_channel), channel_bandwidth, sec_chan_offset);
 		}
 	}
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/rrm/src/rrm_ubus.c

@@ -51,7 +51,7 @@ int ubus_get_noise(const char *if_name, uint32_t *noise)
 
 }
 
-int ubus_set_channel_switch(const char *if_name, uint32_t frequency)
+int ubus_set_channel_switch(const char *if_name, uint32_t frequency, int channel_bandwidth, int sec_chan_offset)
 {
 	uint32_t id;
 	static struct blob_buf b;
@@ -61,10 +61,21 @@ int ubus_set_channel_switch(const char *if_name, uint32_t frequency)
 
 	if (ubus_lookup_id(ubus, path, &id))
 		return -1;
-
 	blob_buf_init(&b, 0);
+
+	if (channel_bandwidth == 20 || channel_bandwidth == 40) {
+		blobmsg_add_bool(&b, "ht", 1);
+	} else if (channel_bandwidth == 80) {
+		blobmsg_add_bool(&b, "vht", 1);
+	}
+	if (channel_bandwidth == 40 || channel_bandwidth == 80) {
+		blobmsg_add_u32(&b, "center_freq1", frequency+30);
+	}
+
 	blobmsg_add_u32(&b, "freq", frequency);
-	blobmsg_add_u32(&b, "bcn_count", 1);
+	blobmsg_add_u32(&b, "bcn_count", 5);
+	blobmsg_add_u32(&b, "bandwidth", channel_bandwidth);
+	blobmsg_add_u32(&b, "sec_channel_offset", sec_chan_offset);
 	return ubus_invoke(ubus, id, "switch_chan", b.head, NULL, NULL, 1000);
 }
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/ucc_detect/src/main.c

@@ -130,6 +130,7 @@ static int rx_msg(struct nl_msg *msg, void* arg)
 	struct nlattr *attr[GENL_UCC_ATTR_MAX+1];
 
 	struct voip_session *data;
+	char dst_ip[16];
 	genlmsg_parse(nlmsg_hdr(msg), 0, attr, 
 			GENL_UCC_ATTR_MAX, genl_ucc_policy);
 
@@ -140,7 +141,6 @@ static int rx_msg(struct nl_msg *msg, void* arg)
 		return NL_OK;
 	}
 
-	char *dst_ip = malloc(16);
 	memset(dst_ip, 0, 16);
 	if((get_current_ip(dst_ip, IAC_IFACE)) < 0) {
 		LOGI("Error: Cannot get IP for %s", IAC_IFACE);

feeds/wlan-ap/opensync/src/src/lib/datapipeline/inc/dpp_events.h

@@ -463,6 +463,19 @@ dpp_event_record_alloc()
 	return record;
 }
 
+static inline dpp_event_channel_switch_t *
+dpp_event_channel_switch_alloc()
+{
+	dpp_event_channel_switch_t *record = NULL;
+
+	record = calloc(1, sizeof(dpp_event_channel_switch_t));
+	if (record) {
+		memset(record, 0, sizeof(dpp_event_channel_switch_t));
+	}
+	return record;
+}
+
+
 static inline void
 dpp_event_channel_record_free(dpp_event_channel_switch_t *record)
 {

feeds/wlan-ap/opensync/src/src/sm/src/sm_events_report.c

@@ -105,7 +105,6 @@ static void sm_events_report_clear_client(ds_dlist_t *report_list)
 static void sm_events_report_clear_channel(ds_dlist_t *report_list)
 {
 	if (!ds_dlist_is_empty(report_list)) {
-
 		dpp_event_channel_switch_t      *record = NULL;
 		ds_dlist_iter_t                 record_iter;
 
@@ -129,6 +128,8 @@ static void sm_events_report(EV_P_ ev_timer *w, int revents)
 	/* Event Record */
 	dpp_event_record_t *dpp_record = NULL;
 	dpp_event_record_t *sm_record = NULL;
+	dpp_event_channel_switch_t *dpp_record_cs = NULL;
+	dpp_event_channel_switch_t *sm_record_cs = NULL;
 	ds_dlist_iter_t record_iter;
 
 	dpp_events_report_timer_restart(report_timer);
@@ -153,8 +154,23 @@ static void sm_events_report(EV_P_ ev_timer *w, int revents)
 		ds_dlist_insert_tail(&report_ctx->client_event_list, dpp_record);
 	}
 
-	if(!ds_dlist_is_empty(&g_event_report.channel_switch_list))
-		report_ctx->channel_switch_list = g_event_report.channel_switch_list;
+	for (sm_record_cs = ds_dlist_ifirst(&record_iter, &g_event_report.channel_switch_list); sm_record_cs != NULL; sm_record_cs = ds_dlist_inext(&record_iter)) {
+		dpp_record_cs = dpp_event_channel_switch_alloc();
+
+		dpp_record_cs->channel_event.band = sm_record_cs->channel_event.band;
+		dpp_record_cs->channel_event.reason =  sm_record_cs->channel_event.reason;
+		dpp_record_cs->channel_event.freq =  sm_record_cs->channel_event.freq;
+		dpp_record_cs->channel_event.timestamp =  sm_record_cs->channel_event.timestamp;
+
+		ds_dlist_iremove(&record_iter);
+		dpp_event_channel_record_free(sm_record_cs);
+		sm_record_cs = NULL;
+
+		if (ds_dlist_is_empty(&report_ctx->channel_switch_list)) {
+			ds_dlist_init(&report_ctx->channel_switch_list, dpp_event_channel_switch_t, node);
+		}
+		ds_dlist_insert_tail(&report_ctx->channel_switch_list, dpp_record_cs);
+	}
 
 	if (!ds_dlist_is_empty(&report_ctx->client_event_list) || !ds_dlist_is_empty(&report_ctx->channel_switch_list)) {
 		LOG(DEBUG, "Sending events report...");

feeds/wlan-ap/opensync/src/vendor/tip/src/lib/target/src/entity.c

@@ -19,6 +19,16 @@ enum {
 	SYSTEM_ATTR_FIRMWARE,
 	SYSTEM_ATTR_REDIRECTOR,
 	SYSTEM_ATTR_INACTIVEFW,
+	SYSTEM_ATTR_SKU,
+	SYSTEM_ATTR_MODEL_REV,
+	SYSTEM_ATTR_MODEL_DESCR,
+	SYSTEM_ATTR_MANUFACT_NAME,
+	SYSTEM_ATTR_MANUFACT_DATE,
+	SYSTEM_ATTR_MANUFACT_URL,
+	SYSTEM_ATTR_MANUF_ABBR,
+	SYSTEM_ATTR_REF_DESIGN,
+	SYSTEM_ATTR_CERT_REGION,
+	SYSTEM_ATTR_MAC_ADDR,
 	__SYSTEM_ATTR_MAX,
 };
 
@@ -29,6 +39,16 @@ static const struct blobmsg_policy system_policy[__SYSTEM_ATTR_MAX] = {
 	[SYSTEM_ATTR_FIRMWARE] = { .name = "firmware", .type = BLOBMSG_TYPE_STRING },
 	[SYSTEM_ATTR_REDIRECTOR] = { .name = "redirector", .type = BLOBMSG_TYPE_STRING },
 	[SYSTEM_ATTR_INACTIVEFW] = { .name = "inactivefw", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_SKU] = { .name = "sku_number", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_MODEL_REV] = { .name = "revision", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_MODEL_DESCR] = { .name = "model_description", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_MANUFACT_NAME] = { .name = "manufacturer_name", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_MANUFACT_DATE] = { .name = "manufacturer_date", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_MANUFACT_URL] = { .name = "manufacturer_url", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_MANUF_ABBR] = { .name = "manuf_abbr", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_REF_DESIGN] = { .name = "reference_design", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_CERT_REGION] = { .name = "certification_region", .type = BLOBMSG_TYPE_STRING },
+	[SYSTEM_ATTR_MAC_ADDR] = { .name = "id", .type = BLOBMSG_TYPE_STRING },
 };
 
 const struct uci_blob_param_list system_param = {
@@ -110,6 +130,56 @@ bool target_platform_version_get(void *buf, size_t len)
 	return copy_data(SYSTEM_ATTR_PLATFORM, buf, len);
 }
 
+bool target_sku_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_SKU, buf, len);
+}
+
+bool target_model_revision_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_MODEL_REV, buf, len);
+}
+
+bool target_model_description_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_MODEL_DESCR, buf, len);
+}
+
+bool target_manuf_name_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_MANUFACT_NAME, buf, len);
+}
+
+bool target_manuf_date_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_MANUFACT_DATE, buf, len);
+}
+
+bool target_manuf_url_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_MANUFACT_URL, buf, len);
+}
+
+bool target_manuf_abbr_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_MANUF_ABBR, buf, len);
+}
+
+bool target_ref_design_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_REF_DESIGN, buf, len);
+}
+
+bool target_cert_region_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_CERT_REGION, buf, len);
+}
+
+bool target_mac_addr_get(void *buf, size_t len)
+{
+	return copy_data(SYSTEM_ATTR_MAC_ADDR, buf, len);
+}
+
 bool target_device_config_register(void *awlan_cb)
 {
 	struct schema_AWLAN_Node awlan;

feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-data

@@ -2,22 +2,117 @@
 
 . /lib/functions.sh
 
+SKU="unknown"
+MODEL="unknown"
+PLATFORM="unknown"
+SERIAL="unknown"
+MODEL_REV="unknown"
+MODEL_DESCR="unknown"
+MANUF_NAME="unknown"
+MANUF_DATE="unknown"
+MANUF_URL="unknown"
+MANUF_DESIGN="unknown"
+REF_DESIGN="unknown"
+CERT_REGION="unknown"
+ID=""
+
 case "$(board_name)" in
 edgecore,ecw5211|\
 edgecore,ecw5410)
 	MODEL=$(cat /tmp/sysinfo/board_name | sed "s/edgecore,//" | tr [a-z] [A-Z])
-	SERIAL=$(cat /sys/class/net/eth0/address | tr -d :)
 	PLATFORM=$(cat /tmp/sysinfo/model)
+	SERIAL=$(cat /dev/mtd5 | grep serial_number | cut -d "=" -f2)
+	SKU=$(cat /dev/mtd5 | grep sku | cut -d "=" -f2)
+	CERT_REGION=$(cat /dev/mtd5 | grep certification_region | cut -d "=" -f2)
+	ID=$(cat /dev/mtd5 | grep mac_address | cut -d "=" -f2)
+	MANUF_DATE=$(cat /dev/mtd5 | grep manufacturer_date | cut -d "=" -f2)
+	MANUF_NAME=$(cat /dev/mtd5 | grep manufacturer_name | cut -d "=" -f2)
+	if [ ! $MANUF_NAME ]; then
+		MANUF_NAME="Edge-Core"
+	fi
+	MANUF_ABBR="EC"
+	MANUF_URL=$(cat /dev/mtd5 | grep manufacturer_url | cut -d "=" -f2)
+	MODEL_DESCR=$(cat /dev/mtd5 | grep model_description | cut -d "=" -f2)
+	MODEL_REV=$(cat /dev/mtd5 | grep model_revision | cut -d "=" -f2)
+	REF_DESIGN=$(cat /dev/mtd5 | grep reference_design | cut -d "=" -f2)
 	;;
 cig,wf194c)
 	MODEL=$(cat /tmp/sysinfo/board_name)
-	SERIAL=$(cat cat /dev/mtd14 | grep BaseMacAddress | cut -dx -f2 | tr -d '\r\n')
 	PLATFORM=$(cat /tmp/sysinfo/model)
+	SERIAL=$(cat /dev/mtd14 | grep serial_number | cut -d "=" -f2)
+	if [ ! $SERIAL ]; then
+		SERIAL=$(cat /dev/mtd14 | grep BaseMacAddress | cut -dx -f2)
+	fi
+	SKU=$(cat /dev/mtd14 | grep sku | cut -d "=" -f2)
+	CERT_REGION=$(cat /dev/mtd14 | grep certification_region | cut -d "=" -f2)
+	ID=$(cat /dev/mtd14 | grep mac_address | cut -d "=" -f2)
+	MANUF_DATE=$(cat /dev/mtd14 | grep manufacturer_date | cut -d "=" -f2)
+	MANUF_NAME=$(cat /dev/mtd14 | grep manufacturer_name | cut -d "=" -f2)
+	if [ ! $MANUF_NAME ]; then
+		MANUF_NAME="CIG"
+	fi
+	MANUF_ABBR="CIG"
+	MANUF_URL=$(cat /dev/mtd14 | grep manufacturer_url | cut -d "=" -f2)
+	MODEL_DESCR=$(cat /dev/mtd14 | grep model_description | cut -d "=" -f2)
+	MODEL_REV=$(cat /dev/mtd14 | grep model_revision | cut -d "=" -f2)
+	REF_DESIGN=$(cat /dev/mtd14 | grep reference_design | cut -d "=" -f2)
+	;;
+cig,wf188n)
+	MODEL=$(cat /tmp/sysinfo/board_name)
+	PLATFORM=$(cat /tmp/sysinfo/model)
+	SERIAL=$(cat /dev/mtd12 | grep serial_number | cut -d "=" -f2)
+	SKU=$(cat /dev/mtd12 | grep sku | cut -d "=" -f2)
+	CERT_REGION=$(cat /dev/mtd12 | grep certification_region | cut -d "=" -f2)
+	ID=$(cat /dev/mtd12 | grep mac_address | cut -d "=" -f2)
+	MANUF_DATE=$(cat /dev/mtd12 | grep manufacturer_date | cut -d "=" -f2)
+	MANUF_NAME=$(cat /dev/mtd12 | grep manufacturer_name | cut -d "=" -f2)
+	if [ ! $MANUF_NAME ]; then
+		MANUF_NAME="CIG"
+	fi
+	MANUF_ABBR="CIG"
+	MANUF_URL=$(cat /dev/mtd12 | grep manufacturer_url | cut -d "=" -f2)
+	MODEL_DESCR=$(cat /dev/mtd12 | grep model_description | cut -d "=" -f2)
+	MODEL_REV=$(cat /dev/mtd12 | grep model_revision | cut -d "=" -f2)
+	REF_DESIGN=$(cat /dev/mtd12 | grep reference_design | cut -d "=" -f2)
 	;;
 linksys,ea8300)
 	MODEL=$(grep modelNumber= /dev/mtd9 | tr -d '\r\n' | sed "s/modelNumber=//")
 	SERIAL=$(grep serial_number= /dev/mtd9 | tr -d '\r\n' | sed "s/serial_number=//")
-	PLATFORM=OPENWRT_EA8300
+	PLATFORM="OPENWRT_EA8300"
+	MODEL_REV=$(cat /dev/mtd9 | grep hw_revision | cut -d "=" -f2 | tr -d '\r\n')
+	MODEL_DESCR=$(cat /dev/mtd9 | grep modelDescription | cut -d "=" -f2 | tr -d '\r\n')
+	MANUF_URL=$(cat /dev/mtd9 | grep manufacturerURL | cut -d "=" -f2 | tr -d '\r\n')
+	CERT_REGION=$(cat /dev/mtd9 | grep cert_region | cut -d "=" -f2 | tr -d '\r\n')
+	ID=$(cat /dev/mtd9 | grep hw_mac_addr | cut -d "=" -f2 | tr -d '\r\n')
+	MANUF_NAME=$(cat /dev/mtd9 | grep "manufacturer=" | cut -d "=" -f2 | tr -d '\r\n')
+	if [ ! $MANUF_NAME ]; then
+		MANUF_NAME="Linksys"
+	fi
+	MANUF_ABBR="LS"
+
+	MANUF_DATE=$(cat /dev/mtd9 | grep manufacturer_date | cut -d "=" -f2 | tr -d '\r\n')
+	YEAR=$(echo "$MANUF_DATE" | cut -d "/" -f1)
+	MONTH=$(echo "$MANUF_DATE" | cut -d "/" -f2)
+	DAY=$(echo "$MANUF_DATE" | cut -d "/" -f3)
+	MANUF_DATE="$DAY-$MONTH-$YEAR"
+	;;
+tp-link,ec420-g1)
+	MODEL=$(cat /tmp/sysinfo/board_name)
+	PLATFORM=$(cat /tmp/sysinfo/model)
+	SERIAL=$(cat /dev/mtd9 | grep serial_number | cut -d "=" -f2)
+	SKU=$(cat /dev/mtd9 | grep sku | cut -d "=" -f2)
+	CERT_REGION=$(cat /dev/mtd9 | grep certification_region | cut -d "=" -f2)
+	ID=$(cat /dev/mtd9 | grep mac_address | cut -d "=" -f2)
+	MANUF_DATE=$(cat /dev/mtd9 | grep manufacturer_date | cut -d "=" -f2)
+	MANUF_NAME=$(cat /dev/mtd9 | grep manufacturer_name | cut -d "=" -f2)
+	if [ ! $MANUF_NAME ]; then
+		MANUF_NAME="Proware (TP-Link)"
+	fi
+	MANUF_ABBR="PW"
+	MANUF_URL=$(cat /dev/mtd9 | grep manufacturer_url | cut -d "=" -f2)
+	MODEL_DESCR=$(cat /dev/mtd9 | grep model_description | cut -d "=" -f2)
+	MODEL_REV=$(cat /dev/mtd9 | grep model_revision | cut -d "=" -f2)
+	REF_DESIGN=$(cat /dev/mtd9 | grep reference_design | cut -d "=" -f2)
 	;;
 *)
 	MODEL=$(cat /tmp/sysinfo/board_name)
@@ -28,9 +123,30 @@ esac
 
 MODEL=$(echo $MODEL | sed "s/.*,//" | tr [a-z] [A-Z])
 
+# fallback check to get the serial number from mac address if flash does not contain this info.
+if [ ! $SERIAL ]; then
+	SERIAL=$(cat /sys/class/net/eth0/address | tr -d :)
+fi
+
+# fallback check to get the id from mac address if flash does not contain this info.
+if [ ! $ID ]; then
+	ID=$(cat /sys/class/net/eth0/address)
+fi
+
 uci set system.tip=tip
 uci set system.tip.serial="${SERIAL}"
 uci set system.tip.model="${MODEL}"
 uci set system.tip.platform="${PLATFORM}"
 uci set system.tip.firmware='0.1.0'
+uci set system.tip.sku_number="${SKU}"
+uci set system.tip.revision="${MODEL_REV}"
+uci set system.tip.model_description="${MODEL_DESCR}"
+uci set system.tip.manufacturer_name="${MANUF_NAME}"
+uci set system.tip.manufacturer_date="${MANUF_DATE}"
+uci set system.tip.manufacturer_url="${MANUF_URL}"
+uci set system.tip.reference_design="${REF_DESIGN}"
+uci set system.tip.certification_region="${CERT_REGION}"
+uci set system.tip.id="${ID}"
+uci set system.tip.manuf_abbr="${MANUF_ABBR}"
+
 uci commit

patches/0036-Preserve-certs-and-redirector-over-factory-reboot.patch

@@ -0,0 +1,81 @@
+From 1f9978564420818d4ce4bdbb08fce2eca7c13d8e Mon Sep 17 00:00:00 2001
+From: Rick Sommerville <rick.sommerville@netexperience.com>
+Date: Sun, 23 May 2021 14:36:03 -0400
+Subject: [PATCH] Preserve certificates and redirector over factory-reset
+
+---
+ package/base-files/files/etc/rc.button/reset  |  2 +-
+ .../patches/001-jffs2reset-keep-option        | 48 +++++++++++++++++++
+ 2 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 package/system/fstools/patches/001-jffs2reset-keep-option
+
+diff --git a/package/base-files/files/etc/rc.button/reset b/package/base-files/files/etc/rc.button/reset
+index 2403122ad2..56c0548ec9 100755
+--- a/package/base-files/files/etc/rc.button/reset
++++ b/package/base-files/files/etc/rc.button/reset
+@@ -23,7 +23,7 @@ released)
+ 	elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
+ 	then
+ 		echo "FACTORY RESET" > /dev/console
+-		jffs2reset -y && reboot &
++		wlan_ap_factory_reset.sh
+ 	fi
+ ;;
+ esac
+diff --git a/package/system/fstools/patches/001-jffs2reset-keep-option b/package/system/fstools/patches/001-jffs2reset-keep-option
+new file mode 100644
+index 0000000000..50209ea276
+--- /dev/null
++++ b/package/system/fstools/patches/001-jffs2reset-keep-option
+@@ -0,0 +1,48 @@
++--- a/jffs2reset.c
+++++ b/jffs2reset.c
++@@ -40,7 +40,7 @@ ask_user(void)
++ 	return 0;
++ }
++ 
++-static int jffs2_reset(struct volume *v, int reset)
+++static int jffs2_reset(struct volume *v, int reset, int keep)
++ {
++ 	char *mp;
++ 
++@@ -48,7 +48,7 @@ static int jffs2_reset(struct volume *v,
++ 	if (mp) {
++ 		ULOG_INFO("%s is mounted as %s, only erasing files\n", v->blk, mp);
++ 		fs_state_set("/overlay", FS_STATE_PENDING);
++-		overlay_delete(mp, false);
+++		overlay_delete(mp, keep);
++ 		mount(mp, "/", NULL, MS_REMOUNT, 0);
++ 	} else {
++ 		ULOG_INFO("%s is not mounted\n", v->blk);
++@@ -93,8 +93,8 @@ static int jffs2_mark(struct volume *v)
++ int main(int argc, char **argv)
++ {
++ 	struct volume *v;
++-	int ch, yes = 0, reset = 0;
++-	while ((ch = getopt(argc, argv, "yr")) != -1) {
+++	int ch, yes = 0, reset = 0, keep = 0;
+++	while ((ch = getopt(argc, argv, "yrk")) != -1) {
++ 		switch(ch) {
++ 		case 'y':
++ 			yes = 1;
++@@ -102,6 +102,9 @@ int main(int argc, char **argv)
++ 		case 'r':
++ 			reset = 1;
++ 			break;
+++                case 'k':
+++                        keep = 1;
+++                        break;
++ 		}
++ 
++ 	}
++@@ -128,5 +131,5 @@ int main(int argc, char **argv)
++ 	volume_init(v);
++ 	if (!strcmp(*argv, "jffs2mark"))
++ 		return jffs2_mark(v);
++-	return jffs2_reset(v, reset);
+++	return jffs2_reset(v, reset, keep);
++ }
+-- 
+2.17.1
+

patches/0047-openwrt-Revert-UBUS-pending-list-iteration-method.patch

@@ -0,0 +1,47 @@
+From 23be9eda1f87b77a772d24510d7096c565021e16 Mon Sep 17 00:00:00 2001
+From: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+Date: Mon, 29 Mar 2021 19:22:55 -0400
+Subject: [PATCH] openwrt: Revert UBUS pending list iteration method
+
+This commit partially reverts the earlier patch:
+"workaround possibly false positive uses of memory after it is freed"
+
+This fixed the crash while freeing a list item in
+ubus_process_pending_msg due to a double free.
+
+Signed-off-by: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+---
+ ...revert-pending-list-iteration-method.patch | 21 +++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+ create mode 100644 package/system/ubus/patches/revert-pending-list-iteration-method.patch
+
+diff --git a/package/system/ubus/patches/revert-pending-list-iteration-method.patch b/package/system/ubus/patches/revert-pending-list-iteration-method.patch
+new file mode 100644
+index 0000000000..ccc13fd9f2
+--- /dev/null
++++ b/package/system/ubus/patches/revert-pending-list-iteration-method.patch
+@@ -0,0 +1,21 @@
++Index: ubus-2019-12-27-041c9d1c/libubus.c
++===================================================================
++--- ubus-2019-12-27-041c9d1c.orig/libubus.c
+++++ ubus-2019-12-27-041c9d1c/libubus.c
++@@ -115,12 +115,11 @@ ubus_process_msg(struct ubus_context *ct
++ static void ubus_process_pending_msg(struct uloop_timeout *timeout)
++ {
++ 	struct ubus_context *ctx = container_of(timeout, struct ubus_context, pending_timer);
++-	struct ubus_pending_msg *pending, *tmp;
++-
++-	list_for_each_entry_safe(pending, tmp, &ctx->pending, list) {
++-		if (ctx->stack_depth)
++-			break;
+++
+++	struct ubus_pending_msg *pending;
++
+++	while (!ctx->stack_depth && !list_empty(&ctx->pending)) {
+++		pending = list_first_entry(&ctx->pending, struct ubus_pending_msg, list);
++ 		list_del(&pending->list);
++ 		ubus_process_msg(ctx, &pending->hdr, -1);
++ 		free(pending);
+--
+2.25.1
+

patches/0048-Add-ESMT-nand-support.patch

@@ -0,0 +1,59 @@
+From 71f57ba133f983f059fc4daacb4bec67fb35cc09 Mon Sep 17 00:00:00 2001
+From: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+Date: Tue, 30 Mar 2021 08:59:14 -0400
+Subject: [PATCH] Add ESMT nand support
+
+Add ESMT nand support
+
+Signed-off-by: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+---
+ .../ipq807x/patches/110-add-esmt-nand.patch   | 37 +++++++++++++++++++
+ 1 file changed, 37 insertions(+)
+ create mode 100644 target/linux/ipq807x/patches/110-add-esmt-nand.patch
+
+diff --git a/target/linux/ipq807x/patches/110-add-esmt-nand.patch b/target/linux/ipq807x/patches/110-add-esmt-nand.patch
+new file mode 100644
+index 0000000000..d47a4d0d16
+--- /dev/null
++++ b/target/linux/ipq807x/patches/110-add-esmt-nand.patch
+@@ -0,0 +1,37 @@
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/drivers/mtd/nand/nand_ids.c
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/drivers/mtd/nand/nand_ids.c
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/drivers/mtd/nand/nand_ids.c
++@@ -62,6 +62,12 @@ struct nand_flash_dev nand_flash_ids[] =
++ 	{"TH58NYG3S0H 8G 1.8V 8-bit",
++ 		{ .id = {0x98, 0xa3, 0x91, 0x26} },
++ 		  SZ_4K, SZ_1K, SZ_256K, 0, 4, 256, NAND_ECC_INFO(8, SZ_512) },
+++
+++	{"F59D2G81KA 2G 1.8V 8-bit",
+++		{ .id = {0xc8, 0x5a, 0x90, 0x04} },
+++		SZ_2K, SZ_256, SZ_128K, 0, 4, 128, NAND_ECC_INFO(8, SZ_512) },
+++
+++
++ 	LEGACY_ID_NAND("NAND 4MiB 5V 8-bit",   0x6B, 4, SZ_8K, SP_OPTIONS),
++ 	LEGACY_ID_NAND("NAND 4MiB 3,3V 8-bit", 0xE3, 4, SZ_8K, SP_OPTIONS),
++ 	LEGACY_ID_NAND("NAND 4MiB 3,3V 8-bit", 0xE5, 4, SZ_8K, SP_OPTIONS),
++@@ -190,6 +196,7 @@ struct nand_manufacturers nand_manuf_ids
++ 	{NAND_MFR_SANDISK, "SanDisk"},
++ 	{NAND_MFR_INTEL, "Intel"},
++ 	{NAND_MFR_ATO, "ATO"},
+++	{NAND_MFR_ESMT, "ESMT"},
++ 	{NAND_MFR_GIGA, "GigaDevice"},
++ 	{NAND_MFR_ATO, "ATO"},
++ 	{NAND_MFR_WINBOND, "Winbond"},
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/include/linux/mtd/nand.h
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/include/linux/mtd/nand.h
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/include/linux/mtd/nand.h
++@@ -778,6 +778,7 @@ static inline struct mtd_info *nand_to_m
++ #define NAND_MFR_ATO		0x9b
++ #define NAND_MFR_WINBOND	0xef
++ #define NAND_MFR_FIDELIX	0xe5
+++#define NAND_MFR_ESMT		0xc8
++ 
++ /* The maximum expected count of bytes in the NAND ID sequence */
++ #define NAND_MAX_ID_LEN 8
+-- 
+2.25.1
+

patches/0048-Fix-ssid-ratelimiting-in-wifi6-AP.patch

@@ -0,0 +1,258 @@
+From 22c8d560c380cb3b188d2177c96121b9cd1835bd Mon Sep 17 00:00:00 2001
+From: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+Date: Sun, 4 Apr 2021 15:11:22 -0400
+Subject: [PATCH] Fix ssid ratelimiting in wifi6 AP
+
+This patch backports some fixes in
+netfilter ratelimiting module for linux v4.4.60.
+These fixes are ported from until following commit id
+6e323887565fe8a23c6c85faf9e395a24affd05c in
+the mainline kernel.
+
+Signed-off-by: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+---
+ .../patches/110-nf-ratelimit-fix.patch        | 232 ++++++++++++++++++
+ 1 file changed, 232 insertions(+)
+ create mode 100644 target/linux/ipq807x/patches/110-nf-ratelimit-fix.patch
+
+diff --git a/target/linux/ipq807x/patches/110-nf-ratelimit-fix.patch b/target/linux/ipq807x/patches/110-nf-ratelimit-fix.patch
+new file mode 100644
+index 0000000000..d4506944b8
+--- /dev/null
++++ b/target/linux/ipq807x/patches/110-nf-ratelimit-fix.patch
+@@ -0,0 +1,232 @@
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/include/uapi/linux/netfilter/nf_tables.h
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/include/uapi/linux/netfilter/nf_tables.h
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/include/uapi/linux/netfilter/nf_tables.h
++@@ -761,6 +761,10 @@ enum nft_limit_type {
++ 	NFT_LIMIT_PKT_BYTES
++ };
++ 
+++enum nft_limit_flags {
+++        NFT_LIMIT_F_INV = (1 << 0),
+++};
+++
++ /**
++  * enum nft_limit_attributes - nf_tables limit expression netlink attributes
++  *
++@@ -768,6 +772,7 @@ enum nft_limit_type {
++  * @NFTA_LIMIT_UNIT: refill unit (NLA_U64)
++  * @NFTA_LIMIT_BURST: burst (NLA_U32)
++  * @NFTA_LIMIT_TYPE: type of limit (NLA_U32: enum nft_limit_type)
+++ * @NFTA_LIMIT_FLAGS: flags (NLA_U32: enum nft_limit_flags)
++  */
++ enum nft_limit_attributes {
++ 	NFTA_LIMIT_UNSPEC,
++@@ -775,6 +780,8 @@ enum nft_limit_attributes {
++ 	NFTA_LIMIT_UNIT,
++ 	NFTA_LIMIT_BURST,
++ 	NFTA_LIMIT_TYPE,
+++	NFTA_LIMIT_FLAGS,
+++	NFTA_LIMIT_PAD,
++ 	__NFTA_LIMIT_MAX
++ };
++ #define NFTA_LIMIT_MAX		(__NFTA_LIMIT_MAX - 1)
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/net/netfilter/nft_limit.c
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/net/netfilter/nft_limit.c
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/net/netfilter/nft_limit.c
++@@ -17,15 +17,15 @@
++ #include <linux/netfilter/nf_tables.h>
++ #include <net/netfilter/nf_tables.h>
++ 
++-static DEFINE_SPINLOCK(limit_lock);
++-
++ struct nft_limit {
+++	spinlock_t	lock;
++ 	u64		last;
++ 	u64		tokens;
++ 	u64		tokens_max;
++ 	u64		rate;
++ 	u64		nsecs;
++ 	u32		burst;
+++	bool		invert;
++ };
++ 
++ static inline bool nft_limit_eval(struct nft_limit *limit, u64 cost)
++@@ -33,7 +33,7 @@ static inline bool nft_limit_eval(struct
++ 	u64 now, tokens;
++ 	s64 delta;
++ 
++-	spin_lock_bh(&limit_lock);
+++	spin_lock_bh(&limit->lock);
++ 	now = ktime_get_ns();
++ 	tokens = limit->tokens + now - limit->last;
++ 	if (tokens > limit->tokens_max)
++@@ -43,12 +43,12 @@ static inline bool nft_limit_eval(struct
++ 	delta = tokens - cost;
++ 	if (delta >= 0) {
++ 		limit->tokens = delta;
++-		spin_unlock_bh(&limit_lock);
++-		return false;
+++		spin_unlock_bh(&limit->lock);
+++		return limit->invert;
++ 	}
++ 	limit->tokens = tokens;
++-	spin_unlock_bh(&limit_lock);
++-	return true;
+++	spin_unlock_bh(&limit->lock);
+++	return !limit->invert;
++ }
++ 
++ static int nft_limit_init(struct nft_limit *limit,
++@@ -65,20 +65,31 @@ static int nft_limit_init(struct nft_lim
++ 	limit->nsecs = unit * NSEC_PER_SEC;
++ 	if (limit->rate == 0 || limit->nsecs < unit)
++ 		return -EOVERFLOW;
++-	limit->tokens = limit->tokens_max = limit->nsecs;
++-
++-	if (tb[NFTA_LIMIT_BURST]) {
++-		u64 rate;
++ 
+++	if (tb[NFTA_LIMIT_BURST])
++ 		limit->burst = ntohl(nla_get_be32(tb[NFTA_LIMIT_BURST]));
+++	else
+++		limit->burst = 0;
+++
+++	if (limit->rate + limit->burst < limit->rate)
+++		return -EOVERFLOW;
+++
+++	/* The token bucket size limits the number of tokens can be
+++	 * accumulated. tokens_max specifies the bucket size.
+++	 * tokens_max = unit * (rate + burst) / rate.
+++	 */
+++	limit->tokens = div_u64(limit->nsecs * (limit->rate + limit->burst),
+++				limit->rate);
+++	limit->tokens_max = limit->tokens;
++ 
++-		rate = limit->rate + limit->burst;
++-		if (rate < limit->rate)
++-			return -EOVERFLOW;
+++	if (tb[NFTA_LIMIT_FLAGS]) {
+++		u32 flags = ntohl(nla_get_be32(tb[NFTA_LIMIT_FLAGS]));
++ 
++-		limit->rate = rate;
+++		if (flags & NFT_LIMIT_F_INV)
+++			limit->invert = true;
++ 	}
++ 	limit->last = ktime_get_ns();
+++	spin_lock_init(&limit->lock);
++ 
++ 	return 0;
++ }
++@@ -86,13 +97,14 @@ static int nft_limit_init(struct nft_lim
++ static int nft_limit_dump(struct sk_buff *skb, const struct nft_limit *limit,
++ 			  enum nft_limit_type type)
++ {
+++	u32 flags = limit->invert ? NFT_LIMIT_F_INV : 0;
++ 	u64 secs = div_u64(limit->nsecs, NSEC_PER_SEC);
++-	u64 rate = limit->rate - limit->burst;
++ 
++-	if (nla_put_be64(skb, NFTA_LIMIT_RATE, cpu_to_be64(rate)) ||
+++	if (nla_put_be64(skb, NFTA_LIMIT_RATE, cpu_to_be64(limit->rate)) ||
++ 	    nla_put_be64(skb, NFTA_LIMIT_UNIT, cpu_to_be64(secs)) ||
++ 	    nla_put_be32(skb, NFTA_LIMIT_BURST, htonl(limit->burst)) ||
++-	    nla_put_be32(skb, NFTA_LIMIT_TYPE, htonl(type)))
+++	    nla_put_be32(skb, NFTA_LIMIT_TYPE, htonl(type)) ||
+++	    nla_put_be32(skb, NFTA_LIMIT_FLAGS, htonl(flags)))
++ 		goto nla_put_failure;
++ 	return 0;
++ 
++@@ -120,6 +132,7 @@ static const struct nla_policy nft_limit
++ 	[NFTA_LIMIT_UNIT]	= { .type = NLA_U64 },
++ 	[NFTA_LIMIT_BURST]	= { .type = NLA_U32 },
++ 	[NFTA_LIMIT_TYPE]	= { .type = NLA_U32 },
+++	[NFTA_LIMIT_FLAGS]	= { .type = NLA_U32 },
++ };
++ 
++ static int nft_limit_pkts_init(const struct nft_ctx *ctx,
++@@ -133,7 +146,7 @@ static int nft_limit_pkts_init(const str
++ 	if (err < 0)
++ 		return err;
++ 
++-	priv->cost = div_u64(priv->limit.nsecs, priv->limit.rate);
+++	priv->cost = div64_u64(priv->limit.nsecs, priv->limit.rate);
++ 	return 0;
++ }
++ 
++@@ -153,40 +166,40 @@ static const struct nft_expr_ops nft_lim
++ 	.dump		= nft_limit_pkts_dump,
++ };
++ 
++-static void nft_limit_pkt_bytes_eval(const struct nft_expr *expr,
++-				     struct nft_regs *regs,
++-				     const struct nft_pktinfo *pkt)
+++static void nft_limit_bytes_eval(const struct nft_expr *expr,
+++				 struct nft_regs *regs,
+++				 const struct nft_pktinfo *pkt)
++ {
++ 	struct nft_limit *priv = nft_expr_priv(expr);
++-	u64 cost = div_u64(priv->nsecs * pkt->skb->len, priv->rate);
+++	u64 cost = div64_u64(priv->nsecs * pkt->skb->len, priv->rate);
++ 
++ 	if (nft_limit_eval(priv, cost))
++ 		regs->verdict.code = NFT_BREAK;
++ }
++ 
++-static int nft_limit_pkt_bytes_init(const struct nft_ctx *ctx,
++-				    const struct nft_expr *expr,
++-				    const struct nlattr * const tb[])
+++static int nft_limit_bytes_init(const struct nft_ctx *ctx,
+++				const struct nft_expr *expr,
+++				const struct nlattr * const tb[])
++ {
++ 	struct nft_limit *priv = nft_expr_priv(expr);
++ 
++ 	return nft_limit_init(priv, tb);
++ }
++ 
++-static int nft_limit_pkt_bytes_dump(struct sk_buff *skb,
++-				    const struct nft_expr *expr)
+++static int nft_limit_bytes_dump(struct sk_buff *skb,
+++				const struct nft_expr *expr)
++ {
++ 	const struct nft_limit *priv = nft_expr_priv(expr);
++ 
++ 	return nft_limit_dump(skb, priv, NFT_LIMIT_PKT_BYTES);
++ }
++ 
++-static const struct nft_expr_ops nft_limit_pkt_bytes_ops = {
+++static const struct nft_expr_ops nft_limit_bytes_ops = {
++ 	.type		= &nft_limit_type,
++ 	.size		= NFT_EXPR_SIZE(sizeof(struct nft_limit)),
++-	.eval		= nft_limit_pkt_bytes_eval,
++-	.init		= nft_limit_pkt_bytes_init,
++-	.dump		= nft_limit_pkt_bytes_dump,
+++	.eval		= nft_limit_bytes_eval,
+++	.init		= nft_limit_bytes_init,
+++	.dump		= nft_limit_bytes_dump,
++ };
++ 
++ static const struct nft_expr_ops *
++@@ -200,7 +213,7 @@ nft_limit_select_ops(const struct nft_ct
++ 	case NFT_LIMIT_PKTS:
++ 		return &nft_limit_pkts_ops;
++ 	case NFT_LIMIT_PKT_BYTES:
++-		return &nft_limit_pkt_bytes_ops;
+++		return &nft_limit_bytes_ops;
++ 	}
++ 	return ERR_PTR(-EOPNOTSUPP);
++ }
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/net/bridge/br_private.h
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/net/bridge/br_private.h
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/net/bridge/br_private.h
++@@ -926,9 +926,6 @@ BR_HOOK(uint8_t pf, unsigned int hook, s
++ 	struct sk_buff *skb, struct net_device *in, struct net_device *out,
++ 	int (*okfn)(struct net *, struct sock *, struct sk_buff *))
++ {
++-	if (!br_netfilter_run_hooks())
++-		return okfn(net, sk, skb);
++-
++ 	return NF_HOOK(pf, hook, net, sk, skb, in, out, okfn);
++ }
++ 
+-- 
+2.25.1
+

patches/0049-openwrt-Add-ubi-images-for-ex227-ex447.patch

@@ -0,0 +1,38 @@
+From 2fa0a5779dbc4a614b19cc690a8fa14f1ca33b33 Mon Sep 17 00:00:00 2001
+From: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+Date: Thu, 1 Apr 2021 15:05:13 -0400
+Subject: [PATCH] openwrt: Add ubi images for ex227, ex447
+
+Add ubi images for ex227, ex447
+---
+ target/linux/ipq807x/image/ipq807x.mk | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/target/linux/ipq807x/image/ipq807x.mk b/target/linux/ipq807x/image/ipq807x.mk
+index 65bf99dd9c..7081769407 100644
+--- a/target/linux/ipq807x/image/ipq807x.mk
++++ b/target/linux/ipq807x/image/ipq807x.mk
+@@ -50,6 +50,10 @@ define Device/tplink_ex227
+   DEVICE_DTS_CONFIG=config@hk07
+   SUPPORTED_DEVICES := tplink,ex227
+   DEVICE_PACKAGES := ath11k-wifi-tplink-ex227
++  IMAGES := sysupgrade.tar nand-factory.bin nand-factory.ubi
++  IMAGE/sysupgrade.tar := sysupgrade-tar | append-metadata
++  IMAGE/nand-factory.bin := append-ubi | qsdk-ipq-factory-nand
++  IMAGE/nand-factory.ubi := append-ubi
+ endef
+ TARGET_DEVICES += tplink_ex227
+ 
+@@ -59,5 +63,9 @@ define Device/tplink_ex447
+   DEVICE_DTS_CONFIG=config@hk09
+   SUPPORTED_DEVICES := tplink,ex447
+   DEVICE_PACKAGES := ath11k-wifi-tplink-ex447
++  IMAGES := sysupgrade.tar nand-factory.bin nand-factory.ubi
++  IMAGE/sysupgrade.tar := sysupgrade-tar | append-metadata
++  IMAGE/nand-factory.bin := append-ubi | qsdk-ipq-factory-nand
++  IMAGE/nand-factory.ubi := append-ubi
+ endef
+ TARGET_DEVICES += tplink_ex447
+-- 
+2.25.1
+

patches/0050-netifd-Dont-renew-dhcp-on-bridge-topo-change.patch

@@ -0,0 +1,46 @@
+From 5380b0204d97a79669243b46a8750e038e6a0a19 Mon Sep 17 00:00:00 2001
+From: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+Date: Wed, 14 Apr 2021 11:14:45 -0400
+Subject: [PATCH] netifd: Dont renew dhcp on bridge topo change
+
+Do not renew the dhcp on bridge topology change
+as this causes some of the dhcp servers to fail.
+This occurs when many interfaces are added on to
+a bridge and for every interface there is a dhcp
+renew. The server considers receiving renew many
+times in a quick succession as a DOS attack. So for
+now we disable dhcp lease renew when a new interface
+is added.
+
+Signed-off-by: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
+---
+ .../netifd/patches/0104-fix-dhcp-issue.patch    | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+ create mode 100644 package/network/config/netifd/patches/0104-fix-dhcp-issue.patch
+
+diff --git a/package/network/config/netifd/patches/0104-fix-dhcp-issue.patch b/package/network/config/netifd/patches/0104-fix-dhcp-issue.patch
+new file mode 100644
+index 0000000000..6f1d2e708e
+--- /dev/null
++++ b/package/network/config/netifd/patches/0104-fix-dhcp-issue.patch
+@@ -0,0 +1,17 @@
++Index: netifd-2019-08-05-5e02f944/interface.c
++===================================================================
++--- netifd-2019-08-05-5e02f944.orig/interface.c
+++++ netifd-2019-08-05-5e02f944/interface.c
++@@ -424,7 +424,11 @@ interface_main_dev_cb(struct device_user
++ 		interface_set_link_state(iface, false);
++ 		break;
++ 	case DEV_EVENT_TOPO_CHANGE:
++-		interface_proto_event(iface->proto, PROTO_CMD_RENEW, false);
+++	/* This renews the dhcp lease when the bridge adds/deletes a
+++	 * new interface. It causes some dhcp servers to fail in
+++	 * case where there are many interfaces being added to the
+++	 * bridge frequently. Disabling this for now. */
+++	/*	interface_proto_event(iface->proto, PROTO_CMD_RENEW, false); */
++ 		return;
++ 	default:
++ 		break;
+-- 
+2.25.1
+

patches/0051-base-files-Increase-Socket-buffer-memory-size.patch

@@ -0,0 +1,31 @@
+From 4a85624a667c4027bf09f6155fbb046ac588a20a Mon Sep 17 00:00:00 2001
+From: ravi vaishnav <ravi.vaishnav@netexperience.com>
+Date: Thu, 22 Apr 2021 16:36:52 -0400
+Subject: [PATCH] base-files: Increase Socket buffer memory size
+
+When configuring 16 VLAN, we see hostapd complaining
+about No buffer space available while handling receive
+events. Hence, increasing the socket buffer memory size
+to 512KB.
+
+Signed-off-by: ravi vaishnav <ravi.vaishnav@netexperience.com>
+---
+ package/base-files/files/etc/sysctl.d/10-default.conf | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
+index bc8c579695..aeda9153a8 100644
+--- a/package/base-files/files/etc/sysctl.d/10-default.conf
++++ b/package/base-files/files/etc/sysctl.d/10-default.conf
+@@ -25,3 +25,8 @@ net.ipv4.tcp_dsack=1
+ 
+ net.ipv6.conf.default.forwarding=1
+ net.ipv6.conf.all.forwarding=1
++
++net.core.wmem_default = 524288
++net.core.rmem_default = 524288
++net.core.wmem_max = 524288
++net.core.rmem_max = 524288
+-- 
+2.25.1
+

profiles/wlan-ap.yml

@@ -39,6 +39,7 @@ packages:
   - luci-mod-simple
   - luci-theme-tip
   - nft-qos
+  - openssl-util
   - openvswitch
   - openvswitch-common
   - openvswitch-libofproto
@@ -77,6 +78,8 @@ packages:
   - kmod-iptunnel
   - kmod-iptunnel6
   - eapol-test
+  - apc
+  - radsecproxy
 
 diffconfig: |
   CONFIG_OPENSSL_ENGINE=y