opensync: make sure that the intermediate CA bundle is always installed

Signed-off-by: John Crispin <john@phrozen.org>

feeds/wifi-ax/hostapd/files/hostapd.sh

@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
+		eap-only)
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
+		eap-transition)
+			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -312,14 +321,15 @@ hostapd_common_add_bss_config() {
 	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
 
 	config_add_boolean interworking internet
-	config_add_int access_network_type asra esr uesa venue_group venue_type ipaddr_type_availability \
+	config_add_int access_network_type asra esr uesa venue_group venue_type  \
 		gas_address3
-	config_add_string hessid network_auth_type \
+	config_add_string hessid network_auth_type ipaddr_type_availability \
 		anqp_3gpp_cell_net anqp_elem domain_name qos_map_set hs20_t_c_server_url
 
 	config_add_array airtime_sta_weight
 	config_add_int airtime_bss_weight airtime_bss_limit
 	config_add_int rts_threshold
+	config_add_boolean multicast_to_unicast proxy_arp
 }
 
 hostapd_set_vlan_file() {
@@ -486,7 +496,8 @@ hostapd_set_bss_options() {
 		bss_load_update_period chan_util_avg_period sae_require_mfp \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key \
 		airtime_bss_weight airtime_bss_limit airtime_sta_weight \
-		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold 
+		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold \
+		proxy_arp multicast_to_unicast
 
 	set_default isolate 0
 	set_default maxassoc 0
@@ -509,7 +520,8 @@ hostapd_set_bss_options() {
 	set_default rssi_reject_assoc_rssi 0
 	set_default rssi_ignore_probe_request 0
 	set_default rts_threshold -1
-
+	set_default proxy_arp 0
+	set_default multicast_to_unicast 0
 	append bss_conf "ctrl_interface=/var/run/hostapd"
 	if [ "$isolate" -gt 0 ]; then
 		append bss_conf "ap_isolate=$isolate" "$N"
@@ -538,6 +550,9 @@ hostapd_set_bss_options() {
 	append bss_conf "rssi_ignore_probe_request=$rssi_ignore_probe_request" "$N"
 	append bss_conf "rts_threshold=$rts_threshold" "$N"
 
+	[ -n "$proxy_arp" ] && append bss_conf "proxy_arp=$proxy_arp" "$N"
+	[ -n "$multicast_to_unicast" ] && append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
+
 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
 
 	[ "$wpa" -gt 0 ] && {
@@ -558,11 +573,11 @@ hostapd_set_bss_options() {
 	}
 
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -604,7 +619,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
@@ -941,7 +956,6 @@ hostapd_set_bss_options() {
 	set_default access_network_type 0
 	set_default venue_group 0
 	set_default venue_type 0
-	set_default ipaddr_type_availability 0
 	set_default gas_address3 0
 	set_default hs20_deauth_req_timeout 60
 	if [ "$hs20" = "1" ]; then
@@ -973,7 +987,7 @@ hostapd_set_bss_options() {
 		[ "$uesa" -gt 0 ] && append bss_conf "uesa=$uesa" "$N"
 		[ "$venue_group" -gt 0 ] && append bss_conf "venue_group=$venue_group" "$N"
 		[ "$venue_type" -gt 0 ] && append bss_conf "venue_type=$venue_type" "$N"
-		[ "$ipaddr_type_availability" -gt 0 ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
+		[ -n "$ipaddr_type_availability" ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
 		[ "$gas_address3" -gt 0 ] && append bss_conf "gas_address3=$gas_address3" "$N"
 		[ -n "$hessid" ] && append bss_conf "hessid=$hessid" "$N"
 		[ -n "$network_auth_type" ] && append bss_conf "network_auth_type=$network_auth_type" "$N"

feeds/wifi-ax/hostapd/patches/f00-013-hapd-del_sta_before_add_if_sta_already_exist.patch

@@ -0,0 +1,28 @@
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ieee802_11.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+@@ -3675,6 +3675,13 @@ static int add_associated_sta(struct hos
+ 	 * drivers to accept the STA parameter configuration. Since this is
+ 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
+ 	 * reinstallation is not a concern for this case.
++	 *
++	 * If the STA was associated and authorized earlier, but came for a new
++	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
++	 * so that it can be re-added. This case is rarely seen when the AP could
++	 * not receive the deauth/disassoc frame from the STA. And the STA comes
++	 * back with new connection within a short period or before the inactive
++	 * STA entry is removed from the list.
+ 	 */
+ 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -3688,7 +3695,8 @@ static int add_associated_sta(struct hos
+ 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+-	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
+ 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ 		set = 0;

feeds/wifi-trunk/hostapd/files/hostapd.sh

@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
+		eap-only)
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
+		eap-transition)
+			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -295,15 +304,17 @@ hostapd_common_add_bss_config() {
 	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
 
 	config_add_boolean interworking internet
-	config_add_int access_network_type asra esr uesa venue_group venue_type ipaddr_type_availability \
+	config_add_int access_network_type asra esr uesa venue_group venue_type \
 		gas_address3
-	config_add_string hessid network_auth_type \
+	config_add_string hessid network_auth_type ipaddr_type_availability \
 		anqp_3gpp_cell_net anqp_elem domain_name qos_map_set hs20_t_c_server_url
 
 	config_add_int airtime_bss_weight airtime_bss_limit
 	config_add_int rts_threshold
 	config_add_array radius_auth_req_attr
 	config_add_array radius_acct_req_attr
+
+	config_add_boolean multicast_to_unicast proxy_arp
 }
 
 hostapd_set_vlan_file() {
@@ -447,7 +458,8 @@ hostapd_set_bss_options() {
 		bss_load_update_period chan_util_avg_period sae_require_mfp \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key \
 		airtime_bss_weight airtime_bss_limit \
-		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold 
+		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold \
+		proxy_arp multicast_to_unicast
 
 	set_default isolate 0
 	set_default maxassoc 0
@@ -475,6 +487,9 @@ hostapd_set_bss_options() {
 	set_default signal_poll_time 5
 	set_default signal_drop_reason 3
 	set_default signal_strikes 3
+	set_default proxy_arp 0
+	set_default multicast_to_unicast 0
+
 
 	append bss_conf "ctrl_interface=/var/run/hostapd"
 	if [ "$isolate" -gt 0 ]; then
@@ -508,6 +523,9 @@ hostapd_set_bss_options() {
 	append bss_conf "signal_strikes=$signal_strikes" "$N"
 	append bss_conf "signal_drop_reason=$signal_drop_reason" "$N"
 
+	[ -n "$proxy_arp" ] && append bss_conf "proxy_arp=$proxy_arp" "$N"
+	[ -n "$multicast_to_unicast" ] && append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
+
 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
 
 	[ "$wpa" -gt 0 ] && {
@@ -530,11 +548,11 @@ hostapd_set_bss_options() {
 	}
 
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -576,7 +594,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
@@ -872,7 +890,6 @@ hostapd_set_bss_options() {
 	set_default access_network_type 0
 	set_default venue_group 0
 	set_default venue_type 0
-	set_default ipaddr_type_availability 0
 	set_default gas_address3 0
 	set_default hs20_deauth_req_timeout 60
 	if [ "$hs20" = "1" ]; then
@@ -904,7 +921,7 @@ hostapd_set_bss_options() {
 		[ "$uesa" -gt 0 ] && append bss_conf "uesa=$uesa" "$N"
 		[ "$venue_group" -gt 0 ] && append bss_conf "venue_group=$venue_group" "$N"
 		[ "$venue_type" -gt 0 ] && append bss_conf "venue_type=$venue_type" "$N"
-		[ "$ipaddr_type_availability" -gt 0 ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
+		[ -n "$ipaddr_type_availability" ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
 		[ "$gas_address3" -gt 0 ] && append bss_conf "gas_address3=$gas_address3" "$N"
 		[ -n "$hessid" ] && append bss_conf "hessid=$hessid" "$N"
 		[ -n "$network_auth_type" ] && append bss_conf "network_auth_type=$network_auth_type" "$N"

feeds/wifi-trunk/hostapd/patches/903-hapd-del_sta_before_add_if_sta_already_exist.patch

@@ -0,0 +1,28 @@
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ieee802_11.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+@@ -3675,6 +3675,13 @@ static int add_associated_sta(struct hos
+ 	 * drivers to accept the STA parameter configuration. Since this is
+ 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
+ 	 * reinstallation is not a concern for this case.
++	 *
++	 * If the STA was associated and authorized earlier, but came for a new
++	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
++	 * so that it can be re-added. This case is rarely seen when the AP could
++	 * not receive the deauth/disassoc frame from the STA. And the STA comes
++	 * back with new connection within a short period or before the inactive
++	 * STA entry is removed from the list.
+ 	 */
+ 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -3688,7 +3695,8 @@ static int add_associated_sta(struct hos
+ 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+-	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
+ 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ 		set = 0;

feeds/wlan-ap/apc/src/include/lib/timer.h

@@ -30,4 +30,9 @@ static inline timer * tm_new_set( void (*hook)(struct _timer *), void *data, uns
     return t;
 }
 
+static inline void tm_free(timer *t)
+{
+    free(t);
+}
+
 #endif

feeds/wlan-ap/apc/src/src/apc.c

@@ -27,6 +27,7 @@ static struct proto * apc_init(struct proto_config * c)
 {
 	struct proto * P = mb_allocz(sizeof(struct apc_proto));
 
+	printf("apc_init\n");
 	P->cf = c;
 	P->debug = c->debug;
 	P->mrtdump = c->mrtdump;

feeds/wlan-ap/apc/src/src/apc_main.c

@@ -253,6 +253,10 @@ static void check_timer_handler(struct uloop_timeout *timeout)
 		if (CheckIp && (MyIpAddr != CheckIp))
 		{
 			printf("IP address changed from %x to %x - restart APC election\n", MyIpAddr, CheckIp);
+			system("/usr/opensync/bin/ovsh u APC_State dr_addr:=0.0.0.0 bdr_addr:=0.0.0.0 enabled:=false mode:=NC");
+			uloop_done();
+			ubus_done();
+			interap_rcv_close();
 			exit(0);
 		}
 		
@@ -266,6 +270,9 @@ static void check_timer_handler(struct uloop_timeout *timeout)
 
 static void handle_signal(int signo)
 {
+	uloop_done();
+	ubus_done();
+	interap_rcv_close();
 	system("/usr/opensync/bin/ovsh u APC_State dr_addr:=0.0.0.0 bdr_addr:=0.0.0.0 enabled:=false mode:=NC");
 }
 
@@ -327,8 +334,10 @@ int main(int argc, char *const* argv)
 	callback cb = receive_from_socket;
 
 	if (interap_recv(IAC_APC_ELECTION_PORT, cb, 1000,
-			 NULL, NULL) < 0)
+			 NULL, NULL) < 0) {
 		printf("Error: Failed InterAP receive");
+		return 1;
+	}
 
 
 	memset(Timers, 0, sizeof(Timers));
@@ -351,6 +360,7 @@ int main(int argc, char *const* argv)
 	uloop_run();
 	uloop_done();
 	ubus_done();
+	interap_rcv_close();
 
 	return(1);
 }

feeds/wlan-ap/apc/src/src/hello.c

@@ -103,6 +103,7 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 	struct apc_hello2_packet ps;
 	unsigned int length, report = 0;
 	struct apc_spec ApcSpec;
+	char dst_ip[16];
 	
 	if (WaitingToReelect )
 		return;
@@ -188,8 +189,11 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 			else
 				ApcSpec.FloatIp = ApcSpecSaved.FloatIp;
 		}
-		else
+		else if (ApcSpec.IsApc == I_AM_BAPC )
 		{
+			ifa->priority = 0x12;
+		}
+		else {
 			ifa->priority = 0x11;
 			if ((ApcSpecSaved.IsApc == I_AM_APC) || BackingUpRadius )
 			{
@@ -203,7 +207,6 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 	length += i * sizeof(u32);
 
 	printf("HELLO packet sent via  %s\n", ifa->ifname );
-	char *dst_ip = malloc(16);
 	memset(dst_ip, 0, 16);
 	if ((get_current_ip(dst_ip, IAC_IFACE)) < 0) {
 		printf("Error: Cannot get IP for %s", IAC_IFACE);

feeds/wlan-ap/apc/src/src/iface.c

@@ -168,7 +168,7 @@ void apc_iface_new( void )
 	ifa->priority = 0x11;
 	ifa->drip = MyIpAddr;
 	ifa->helloint = 4;
-	ifa->deadint = 16;
+	ifa->deadint = 12;
 	ifa->waitint = 16;
 	
 	ifa->type = APC_IT_BCAST;

feeds/wlan-ap/apc/src/src/neighbor.c

@@ -36,7 +36,7 @@ reset_lists(struct apc_proto *p, struct apc_neighbor *n)
 struct apc_neighbor * apc_neighbor_new(struct apc_iface * ifa)
 {
 	struct apc_neighbor * n = mb_allocz(sizeof(struct apc_neighbor));
-	
+	printf("apc_new_neighbor\n");	
 	n->ifa = ifa;
 	add_tail(&ifa->neigh_list, NODE n);
 	n->adj = 0;
@@ -58,6 +58,8 @@ static void apc_neigh_down(struct apc_neighbor * n)
 	rem_node(NODE n);
 	
 	printf("Neighbor %x on %s removed", n->rid, ifa->ifname );
+	tm_free(n->inactim);
+	mb_free(n);
 }
 
 /**
@@ -480,13 +482,17 @@ static void inactivity_timer_hook(struct _timer * tmr)
 			n_neigh += 1;
 			//Radius stuff
 			BackingUpRadius = 1;
+			apc_ifa->priority = 0x33;
 		}
+		else
+			apc_ifa->priority = 0x11;
+
 
 		apc_ifa->drip = MyIpAddr;
-		apc_ifa->priority = 0x11;
 		apc_ifa->bdrip = 0;
 		memset(&ApcSpec, 0, sizeof(struct apc_spec));
-		WaitingToReelect = 12;
+		WaitingToReelect = 3;
+
 		return;
 	}
 	printf("Inactivity timer expired for nbr %x on %s", n->rid, 

feeds/wlan-ap/apc/src/src/ubus.c

@@ -14,10 +14,16 @@
 struct ubus_context *ubus_ctx = NULL;
 static struct blob_buf b;
 static struct blob_buf nb;
-static const char *ubus_path;
 timer *notify_timer;
 extern struct apc_iface * apc_ifa;
-#define APC_NOTIFY_INTERVAL 30
+/* Mandatorily Notify APC_State period */
+#define APC_NOTIFY_INTERVAL 10
+/* Check if any change in APC State and notify period */
+#define APC_NOTIFY_CHECK 1
+static ip_addr old_drip;
+static ip_addr old_bdrip;
+static u8 old_state;
+static unsigned int ucount = 0;
 
 struct apc_state {
 	char mode[4];
@@ -94,35 +100,67 @@ apc_info_handle(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }
 
-static char apc_mode[APC_MAX_MODE][8] = {"DOWN", "LOOP", "WAITING", "PTP", "OR", "BDR", "DR"};
-void apc_update_state()
+static char apc_mode[APC_MAX_MODE][8] = {"DOWN", "LOOP", "WT", "PTP", "OR", "BDR", "DR"};
+int apc_update_state(void)
 {
 	struct in_addr dr_addr;
 	struct in_addr bdr_addr;
-	dr_addr.s_addr = htonl(apc_ifa->drip);
-	bdr_addr.s_addr = htonl(apc_ifa->bdrip);
+	ip_addr cur_drip;
+	ip_addr cur_bdrip;
+	u8 cur_state;
+
+	cur_drip = apc_ifa->drip;
+	cur_bdrip = apc_ifa->bdrip;
+	cur_state = apc_ifa->state;
+	ucount++;
+
+	if (cur_drip == old_drip &&
+	    cur_bdrip == old_bdrip &&
+	    cur_state == old_state && ucount < APC_NOTIFY_INTERVAL) {
+		return -1;
+	}
+
+	printf("APC State update %u", ucount);
+	ucount = 0;
+
+	dr_addr.s_addr = htonl(cur_drip);
+	bdr_addr.s_addr = htonl(cur_bdrip);
 
 	state.enabled = true;
-	if ((apc_ifa->state == APC_IS_DR) ||
-	    (apc_ifa->state == APC_IS_BACKUP) ||
-	    (apc_ifa->state == APC_IS_DROTHER)) {
+	if ((cur_state == APC_IS_DR) ||
+	    (cur_state == APC_IS_BACKUP) ||
+	    (cur_state == APC_IS_DROTHER)) {
 		snprintf(state.mode, sizeof(state.mode), "%s",
-			 &apc_mode[apc_ifa->state][0]);
+			 &apc_mode[cur_state][0]);
 		snprintf(state.dr_addr, sizeof(state.dr_addr),
 			 "%s", inet_ntoa(dr_addr));
 		snprintf(state.bdr_addr, sizeof(state.bdr_addr),
 			 "%s", inet_ntoa(bdr_addr));
-	}
-	else {
+	} else if (apc_ifa->state == APC_IS_WAITING) {
+		snprintf(state.mode, sizeof(state.mode), "%s",
+			 &apc_mode[cur_state][0]);
+		snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
+		snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
+	} else {
 		snprintf(state.mode, sizeof(state.mode), "NC");
 		snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
 		snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
 	}
+
+	old_drip = cur_drip;
+	old_bdrip = cur_bdrip;
+	old_state = cur_state;
+
+	return 0;
 }
 
 void apc_send_notification(struct _timer * tmr)
 {
-	apc_update_state();
+	int ustate = 0;
+
+	ustate = apc_update_state();
+	if(ustate != 0)
+		return;
 
 	printf("APC send ubus notification\n");
 	blob_buf_init(&nb, 0);
@@ -155,10 +193,10 @@ ubus_init(void) {
 #endif
 	add_object(&apc_object);
 	notify_timer = tm_new_set(apc_send_notification, NULL,
-				  0, APC_NOTIFY_INTERVAL);
+				  0, APC_NOTIFY_CHECK);
 	if (notify_timer) {
-		printf("APC Start notify timer\n");
-		tm_start(notify_timer, APC_NOTIFY_INTERVAL);
+		printf("APC Start state check and notify timer\n");
+		tm_start(notify_timer, APC_NOTIFY_CHECK);
 	}
 
 	ubus_ctx->connection_lost = ubus_connection_lost;

feeds/wlan-ap/interAPcomm/Makefile

@@ -30,5 +30,8 @@ endef
 define Package/libinterapcomm/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libinterapcomm.so $(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/interap.init $(1)/etc/init.d/interap
+
 endef
 $(eval $(call BuildPackage,libinterapcomm))

feeds/wlan-ap/interAPcomm/files/interap.init

@@ -0,0 +1,35 @@
+#!/bin/sh /etc/rc.common
+
+START=12
+STOP=12
+
+start() {
+	apc=`cat /etc/config/firewall | grep Allow-APC`
+	ucc=`cat /etc/config/firewall | grep Allow-UCC`
+
+	if [ -z "$apc" ]; then
+		uci add firewall rule
+		uci set firewall.@rule[-1].name='Allow-APC'
+		uci set firewall.@rule[-1].src='wan'
+		uci set firewall.@rule[-1].proto='udp'
+		uci set firewall.@rule[-1].dst_port='50010'
+		uci set firewall.@rule[-1].target='ACCEPT'
+		uci set firewall.@rule[-1].family='ipv4'
+		uci commit firewall
+	fi
+
+	if [ -z "$ucc" ]; then
+		uci add firewall rule
+		uci set firewall.@rule[-1].name='Allow-UCC'
+		uci set firewall.@rule[-1].src='wan'
+		uci set firewall.@rule[-1].proto='udp'
+		uci set firewall.@rule[-1].dst_port='50000'
+		uci set firewall.@rule[-1].target='ACCEPT'
+		uci set firewall.@rule[-1].family='ipv4'
+		uci commit firewall
+	fi
+}
+
+stop() {
+	echo stop
+}

feeds/wlan-ap/interAPcomm/src/include/interAPcomm.h

@@ -5,6 +5,7 @@ int interap_send(unsigned short port, char *dst_ip,
 int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t),
 		 unsigned int len, struct ev_loop *loop,
 		 ev_io *io);
+void interap_rcv_close(void);
 
 typedef int (*callback)(void *, ssize_t);
 typedef struct recv_arg {

feeds/wlan-ap/interAPcomm/src/src/interAPcomm.c

@@ -22,10 +22,13 @@ static void receive_data_uloop(struct uloop_fd *fd, unsigned int events)
 	recv_data = malloc(ra.len);
 	memset(recv_data, 0, ra.len);
 	if ((recv_data_len = recvfrom(recv_sock, recv_data, ra.len,
-				      0, NULL, 0)) < 0)
+				      0, NULL, 0)) < 0) {
 		printf("recvfrom() failed");
+		return;
+	}
 
 	ra.cb(recv_data, recv_data_len);
+	free(recv_data);
 
 }
 
@@ -41,6 +44,7 @@ static void receive_data(struct ev_loop *ev, ev_io *io, int event)
 		printf("recvfrom() failed");
 
 	ra.cb(recv_data, recv_data_len);
+	free(recv_data);
 
 }
 
@@ -97,6 +101,11 @@ int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t),
 	return 0;
 }
 
+void interap_rcv_close(void)
+{
+	close(recv_sock);
+}
+
 int interap_send(unsigned short port, char *dst_ip, void *data,
 		 unsigned int len)
 {

feeds/wlan-ap/opensync/files/bin/check_wan_link.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if="$(uci get network.wan.ifname)"
+[ "$(cat /sys/class/net/"${if}"/carrier)" = 0 ] && {
+	return 0
+}
+return 1

feeds/wlan-ap/opensync/files/bin/wlan_ap_factory_reset.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+tar czf /sysupgrade.tgz /usr/opensync/certs/
+jffs2reset -r -y -k

feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh

@@ -1,12 +1,49 @@
 #!/bin/sh
 
-if [ $# -ne 1 ] ; then
-	echo "Usage: $0 <redirector address>" >&2
+AP_PRIVATE_KEY_FILE="/usr/opensync/certs/client_dec.key"
+AP_CERTIFICATE_FILE="/usr/opensync/certs/client.pem"
+AP_DEVICE_ID_FILE="/usr/opensync/certs/client_deviceid.txt"
+DIGICERT_API_URI="clientauth.one.digicert.com"
+
+if [ "$1" = "-h" ]; then
+  echo "Usage: $0 [redirector address]" >&2
   exit 1
 fi
 
-redirector_addr=$1
+# Query DigiCert's API if redirector wasn't specified
+if [ -z "$1" ]; then
+  if [ ! -f "$AP_DEVICE_ID_FILE" ]; then
+      echo "Device ID file $AP_DEVICE_ID_FILE does not exist. Make sure to create it or specify the redirector address manually."
+      exit 1
+  fi
 
+  digicert_device_id=`cat ${AP_DEVICE_ID_FILE}`
+  device_data=`curl -s \
+    --retry 5 \
+    --show-error \
+    --key "${AP_PRIVATE_KEY_FILE}" \
+    --cert "${AP_CERTIFICATE_FILE}" \
+    "https://${DIGICERT_API_URI}/iot/api/v2/device/${digicert_device_id}"`
+
+  controller_url=`echo ${device_data} | jsonfilter -e '@.fields[@.name="Redirector"].value'`
+  if [ -z "$controller_url" ]; then
+    echo "No redirector found for this device"
+    exit 1
+  fi
+  controller_port=`echo ${controller_url} | cut -s -d ":" -f2)`
+  if [ -z "$controller_port" ]; then
+    redirector_addr="ssl:${controller_url}:6643"
+  else
+    redirector_addr="ssl:${controller_url}"
+  fi
+else
+  redirector_addr=$1
+fi
+
+echo "${redirector_addr}" > /usr/opensync/certs/redirector.txt
+/etc/init.d/uhttpd enable
+/etc/init.d/uhttpd start
 uci set system.tip.redirector="${redirector_addr}"
+uci set system.tip.deployed=0
 uci commit system
 /etc/init.d/opensync restart

feeds/wlan-ap/opensync/files/etc/logrotate.d/ovsdb.conf

@@ -0,0 +1,10 @@
+/tmp/log/openvswitch/* {
+    daily
+    rotate 5
+    size 1M
+    compress
+    delaycompress
+    dateext
+    dateformat -%d%m%Y
+    notifempty
+}

feeds/wlan-ap/opensync/files/usr/opensync/certs/ca.pem

@@ -0,0 +1,75 @@
+-----BEGIN CERTIFICATE-----
+MIIEcTCCA1mgAwIBAgIUJFhIMlIJHJ7hW4gEzZuLBUaWjNcwDQYJKoZIhvcNAQEL
+BQAwbDELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSkwJwYDVQQDEyBUZWxlY29tIEluZnJhIFBy
+b2plY3QgSXNzdWluZyBDQTAeFw0yMTA0MjUyMDMzNTRaFw0yNjA0MTMyMjM4NDZa
+MCMxITAfBgNVBAMTGGNhY2VydHMub25lLmRpZ2ljZXJ0LmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJwKRHdkdEQkp32bNi9TdgN4FNRG0nRppguQ
+mdCysJHA6/SuyAXNwKSbENysjFrcBkfYTlALjvIMqSu4d26ix6Mv4HnVxLjDzapV
+TZhOhfxIbRQa3HNieNup2vMi8jJvgwLcK/4CwhBJsbEMkB5lbyL8UnCBxzW9GGbM
+IvurvDFkUDUpUmiFg47nTpjub79KME6NqK38DxKzlUHvJge1TKFM73kZ3YkfWExQ
+yRQPRiU5KxMi/Wkr30FOf/rMTx4XNacOgyTJvzcStGwrlr0iGr8eLC1/XVXoOQz3
+0lyOeUzTB+HPU1Z2JrbPW5PnGxcQ0f7v/3qkWV1B2wuvFcQk+D0CAwEAAaOCAVIw
+ggFOMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIj2Mhdk10e46DeI+aEZKSSK8Hj+
+MB8GA1UdIwQYMBaAFLMbVLjgR6s98ziA5Dzl/QBhbdHoMA4GA1UdDwEB/wQEAwIE
+8DAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjCBhgYIKwYBBQUHAQEEejB4MCgGCCsG
+AQUFBzABhhxodHRwOi8vb2NzcC5vbmUuZGlnaWNlcnQuY29tMEwGCCsGAQUFBzAC
+hkBodHRwOi8vY2FjZXJ0cy5vbmUuZGlnaWNlcnQuY29tL1RlbGVjb21JbmZyYVBy
+b2plY3RJc3N1aW5nQ0EuY3J0ME0GA1UdHwRGMEQwQqBAoD6GPGh0dHA6Ly9jcmwu
+b25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQcm9qZWN0SXNzdWluZ0NBLmNy
+bDANBgkqhkiG9w0BAQsFAAOCAQEADlFwshNPkeI2Gl6ooIauZL9d+6k+RWa5RTle
+JWziYL23XVEBT11+dvp4IB9HwVw5dByl3XAfTd1r4qyncwgXQpc6j2X8e45E8izI
+z2S1zhLMe1bA2lOiZz/sdpbonvxIHdiISyQI7q3mWQsvNkpkbjivjxLAJTcGPmOS
+gc/95YL+2xqPV45XAnPcl5qkLThtmb57Xst1sLWiSS2fUId6HMVuCgZa5su+aAl9
+iMXv9YfHcvyfwXBaOtoBlItyMGl60uy0E/Fr5uEhEWi53EIqhty6KQckQBB7wdjQ
+eiXNI5Ox5cf+TFdesuKPaoEn3WNpFL9PCA3S5nGegJlZQ4N9Eg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+5IOM7ItsRmen6u3qu+JXros54e4juQ==
+-----END CERTIFICATE-----

feeds/wlan-ap/opensync/patches/33-add-apc-radsecproxy-schema.patch

@@ -2,7 +2,7 @@ Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
 ===================================================================
 --- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
 +++ opensync-2.0.5.0/interfaces/opensync.ovsschema
-@@ -9368,6 +9368,68 @@
+@@ -9368,6 +9368,69 @@
              }
         },
        "isRoot": true
@@ -57,6 +57,7 @@ Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
 +                  "DR",
 +                  "BDR",
 +                  "OR",
++                  "WT",
 +                  "NC"
 +                ]
 +              ]

feeds/wlan-ap/opensync/patches/34-radsec-schema-consts.patch

@@ -1,6 +1,6 @@
 --- a/interfaces/opensync.ovsschema
 +++ b/interfaces/opensync.ovsschema
-@@ -9439,6 +9439,110 @@
+@@ -9492,6 +9492,137 @@
        },
        "isRoot": true,
        "maxRows": 1
@@ -52,6 +52,33 @@
 +                "max": 1
 +              }
 +            },
++            "acct_server": {
++                "type": {
++                "key": {
++                  "type": "string"
++                },
++                "min": 0,
++                "max": 1
++              }
++            },
++            "acct_port": {
++              "type": {
++                "key": {
++                  "type": "integer"
++                },
++                "min": 0,
++                "max": 1
++              }
++            },
++            "acct_secret": {
++                "type": {
++                "key": {
++                  "type": "string"
++                },
++                "min": 0,
++                "max": 1
++              }
++            },
 +            "ca_cert": {
 +                "type": {
 +                    "key": {

feeds/wlan-ap/opensync/patches/35-add-proxy-arp-schema.patch

@@ -0,0 +1,13 @@
+Index: opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
+===================================================================
+--- opensync-2.0.5.0.orig/src/lib/schema/inc/schema_consts.h
++++ opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
+@@ -155,6 +155,8 @@ typedef enum {
+ #define SCHEMA_CONSTS_IEEE80211k	"ieee80211k"
+ #define SCHEMA_CONSTS_DYNAMIC_VLAN	"dynamic_vlan"
+ #define SCHEMA_CONSTS_RADPROXY	"radproxy"
++#define SCHEMA_CONSTS_PROXY_ARP		"proxy_arp"
++#define SCHEMA_CONSTS_MCAST_TO_UCAST	"mcast_to_ucast"
+ 
+ /* radio Custom options */
+ #define SCHEMA_CONSTS_LOCAL_PWR_CONSTRAINT "local_pwr_constraint"

feeds/wlan-ap/opensync/patches/36-add-channel-hop-config.patch

@@ -0,0 +1,66 @@
+Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
+===================================================================
+--- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
++++ opensync-2.0.5.0/interfaces/opensync.ovsschema
+@@ -8982,6 +8982,61 @@
+                     "min": 0,
+                     "max": 1
+                 }
++            },
++            "noise_floor_thresh": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": -90,
++                        "maxInteger": -10
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "noise_floor_time": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 60,
++                        "maxInteger": 600
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "non_wifi_thresh": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 0,
++                        "maxInteger": 100
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "non_wifi_time": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 60,
++                        "maxInteger": 600
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "obss_hop_mode": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 1,
++                        "maxInteger": 2
++                    },
++                    "min": 0,
++                    "max": 1
++                }
+             }
+         },
+         "isRoot": true

feeds/wlan-ap/opensync/src/platform/openwrt/rootfs/common/etc/init.d/opensync

@@ -37,6 +37,20 @@ start_service() {
     echo "Setting certificates"
     mkdir -p ${CERTS_DEST_PATH}
     cp ${CERTS_SRC_PATH}/* ${CERTS_DEST_PATH}/
+    echo "Checking Redirector"
+    redirector=$(uci get system.tip.redirector)
+    if [ -z "$redirector" ]; then
+        [[ -f /usr/opensync/certs/redirector.txt ]] && redirector=$(cat /usr/opensync/certs/redirector.txt | tr -d '\r\n')
+        if [ -z "$redirector" ]; then
+            logger -t opensync "Contacting DigiCert for redirector address"
+            wlan_ap_redirector.sh
+        else
+            logger -t opensync "Restoring redirector ${redirector} after factory reset"
+            wlan_ap_redirector.sh ${redirector}
+        fi
+    fi
+    [[ -f /usr/opensync/certs/redirector.txt ]] || echo "${redirector}" > /usr/opensync/certs/redirector.txt
+ 
     echo "Starting OpenSync"
     procd_set_param command ${PROG}
     procd_close_instance

feeds/wlan-ap/opensync/src/platform/openwrt/src/command/src/cmd_tcpdump.c

@@ -215,6 +215,7 @@ pid_t cmd_handler_tcpdump_wifi(struct task *task)
 	char *argv[] = { "/usr/sbin/tcpdump", "-c", "1000", "-G", duration, "-W", "1", "-w", pcap, "-i", phy, NULL };
 	char iw[128];
 	pid_t pid;
+	int ret = 0;
 
 	task->arg = SCHEMA_KEY_VAL(task->conf.payload, "wifi");
 	if (!task->arg) {
@@ -225,15 +226,23 @@ pid_t cmd_handler_tcpdump_wifi(struct task *task)
 
 	blob_buf_init(&b, 0);
 	uci = uci_alloc_context();
-	uci_load(uci, "wireless", &p);
+
+	ret = uci_load(uci, "wireless", &p);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		uci_free_context(uci);
+		return -1;
+	}
 	s = uci_lookup_section(uci, p, task->arg);
 	if (!s) {
 		task_status(task, TASK_FAILED, "unknown wifi");
+		uci_unload(uci, p);
 		uci_free_context(uci);
 		return -1;
 	}
 
 	uci_to_blob(&b, s, &phy_param);
+	uci_unload(uci, p);
 	uci_free_context(uci);
 
 	blobmsg_parse(phy_policy, __PHY_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));

feeds/wlan-ap/opensync/src/platform/openwrt/src/command/src/node_config.c

@@ -88,9 +88,14 @@ static void syslog_state(int config)
 	struct uci_element *e = NULL;
 	struct uci_section *s = NULL;
 	char val[128];
+	int ret = 0;
 
 	blob_buf_init(&b, 0);
-	uci_load(uci, "system", &system);
+	ret = uci_load(uci, "system", &system);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		return;
+	}
 	uci_foreach_element(&system->sections, e) {
 		s = uci_to_section(e);
 		if (!strcmp(s->type, "system"))
@@ -179,14 +184,20 @@ static void ntp_state(int config)
         struct uci_section *s;
 	struct blob_attr *cur = NULL;
 	char val[128] = {};
-	int first = 1, rem = 0;
+	int first = 1, rem = 0, ret = 0;
 
 	blob_buf_init(&b, 0);
-	uci_load(uci, "system", &p);
+	ret = uci_load(uci, "system", &p);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		return;
+	}
 
 	s = uci_lookup_section(uci, p, "ntp");
-	if (!s)
+	if (!s) {
+		uci_unload(uci, p);
 		return;
+	}
 
 	uci_to_blob(&b, s, &ntp_param);
 	blobmsg_parse(ntp_policy, __NTP_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/vif.h

@@ -37,5 +37,6 @@ void vif_hs20_update(struct schema_Hotspot20_Config *hs2conf);
 void vif_hs20_osu_update(struct schema_Hotspot20_OSU_Providers *hs2osuconf);
 void vif_hs20_icon_update(struct schema_Hotspot20_Icon_Config *hs2iconconf);
 void vif_section_del(char *section_name);
+void vif_check_radius_proxy(void);
 
 #endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/captive.c

@@ -501,26 +501,30 @@ void opennds_parameters(char *ifname)
 void opennds_section_del(char *section_name)
 {
 	struct uci_package *opennds;
+	struct uci_context *nds_ctx;
 	struct uci_element *e = NULL, *tmp = NULL;
-	int ret=0;
+	int ret = 0;
 
-	ret= uci_load(uci, "opennds", &opennds);
+	nds_ctx = uci_alloc_context();
+	ret = uci_load(nds_ctx, "opennds", &opennds);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", section_name, ret);
+		LOGE("%s: %s uci_load() failed with rc %d", section_name, __func__, ret);
+		uci_free_context(nds_ctx);
 		return;
 	}
 	uci_foreach_element_safe(&opennds->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 		if (!strcmp(s->e.name, section_name)) {
-			uci_section_del(uci, "vif", "opennds", (char *)s->e.name, section_name);
+			uci_section_del(nds_ctx, "vif", "opennds", (char *)s->e.name, section_name);
 		}
 		else {
 			continue;
 		}
 	}
-	uci_commit(uci, &opennds, false);
-	uci_unload(uci, opennds);
-	reload_config = 1;
+
+	uci_commit(nds_ctx, &opennds, false);
+	uci_unload(nds_ctx, opennds);
+	uci_free_context(nds_ctx);
 }
 
 void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *ifname)

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio.c

@@ -31,10 +31,12 @@
 ovsdb_table_t table_Hotspot20_Config;
 ovsdb_table_t table_Hotspot20_OSU_Providers;
 ovsdb_table_t table_Hotspot20_Icon_Config;
+ovsdb_table_t table_Radius_Proxy_Config;
 
 ovsdb_table_t table_APC_Config;
 ovsdb_table_t table_APC_State;
-unsigned int radproxy_apc;
+unsigned int radproxy_apc = 0;
+extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
 
 static struct uci_package *wireless;
 struct uci_context *uci;
@@ -445,6 +447,7 @@ static void periodic_task(void *arg)
 {
 	static int counter = 0;
 	struct uci_element *e = NULL, *tmp = NULL;
+	int ret = 0;
 
 	if ((counter % 15) && !reload_config)
 		goto done;
@@ -461,16 +464,19 @@ static void periodic_task(void *arg)
 	}
 
 	if (reload_config) {
-		LOGT("periodic: reload config");
+		LOGD("periodic: reload_config");
 		reload_config = 0;
 		uci_commit_all(uci);
 		sync();
 		system("reload_config");
 	}
 
-	LOGT("periodic: start state update ");
-
-	uci_load(uci, "wireless", &wireless);
+	LOGD("periodic: start state update ");
+	ret = uci_load(uci, "wireless", &wireless);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		return;
+	}
 	uci_foreach_element_safe(&wireless->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 
@@ -485,7 +491,7 @@ static void periodic_task(void *arg)
 			vif_state_update(s, NULL);
 	}
 	uci_unload(uci, wireless);
-	LOGT("periodic: stop state update ");
+	LOGD("periodic: stop state update ");
 
 done:
 	counter++;
@@ -691,43 +697,34 @@ const struct uci_blob_param_list apc_param = {
 
 void APC_config_update(struct schema_APC_Config *conf)
 {
-	struct uci_package *apc;
 	struct blob_buf apcb = { };
-	int rc = 0;
+	struct uci_context *apc_uci;
 
-	LOGD("APC: APC_config_update");
-
-	rc = uci_load(uci, "apc", &apc);
-	if (rc)
-	{
-		LOGD("%s: uci_load failed with rc %d", __func__, rc);
-	}
+	apc_uci = uci_alloc_context();
 
 	blob_buf_init(&apcb, 0);
-
- 	if (conf->enabled_changed) {
-		if (conf->enabled == true) {
+	if (conf && conf->enabled == true) {
 		blobmsg_add_bool(&apcb, "enabled", 1);
 		system("/etc/init.d/apc start");
-		}
-		else {
+	} else {
 		blobmsg_add_bool(&apcb, "enabled", 0);
 		system("/etc/init.d/apc stop");
 	}
-	}
 
-        blob_to_uci_section(uci, "apc", "apc", "apc",
+	blob_to_uci_section(apc_uci, "apc", "apc", "apc",
 			apcb.head, &apc_param, NULL);
 
-	uci_commit(uci, &apc, false);
-	uci_unload(uci, apc);
+	uci_commit_all(apc_uci);
+	uci_free_context(apc_uci);
 }
 
 static void callback_APC_Config(ovsdb_update_monitor_t *mon,
                                 struct schema_APC_Config *old,
                                 struct schema_APC_Config *conf)
 {
-	if (mon->mon_type != OVSDB_UPDATE_DEL)
+	if (mon->mon_type == OVSDB_UPDATE_DEL)
+		APC_config_update(NULL);
+	else
 		APC_config_update(conf);
 
 }
@@ -747,6 +744,10 @@ static void callback_APC_State(ovsdb_update_monitor_t *mon,
 		radproxy_apc = 0;
 		system("ubus call service event '{\"type\": \"config.change\", \"data\": { \"package\": \"wireless\" }}'");
 	}
+
+	/* APC changed: start / stop radius proxy service if needed */
+	vif_check_radius_proxy();
+
 }
 
 struct schema_APC_State apc_state;
@@ -780,12 +781,12 @@ void apc_state_set(struct blob_attr *msg)
 			       blobmsg_get_string(tb[APC_ATTR_MODE]));
 	}
 	if (tb[APC_ATTR_DR_ADDR]) {
-		LOGD("APC br-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
+		LOGD("APC dr-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
 		SCHEMA_SET_STR(apc_state.dr_addr,
 			       blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
 	}
 	if (tb[APC_ATTR_BDR_ADDR]) {
-		LOGD("APC dbr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
+		LOGD("APC bdr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
 		SCHEMA_SET_STR(apc_state.bdr_addr,
 			       blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
 	}
@@ -799,21 +800,120 @@ void apc_state_set(struct blob_attr *msg)
 		}
 	}
 
-	LOGD("APC_state Updating");
+	LOGI("APC_state Updating: mode: %s, dr-addr: %s bdr-addr: %s", 
+	     apc_state.mode, apc_state.dr_addr, apc_state.bdr_addr);
+
 	if (!ovsdb_table_update(&table_APC_State, &apc_state))
 		LOG(ERR, "APC_state: failed to update");
+
 }
 
+static ovsdb_table_t table_Manager;
+static int conn_since = 0;
+#define APC_CLOUD_MON_PERIOD 60
+
+static void apc_enable(bool flag) {
+
+	SCHEMA_SET_INT(apc_conf.enabled, flag);
+	if (!ovsdb_table_update(&table_APC_Config, &apc_conf)) {
+		LOG(ERR, "%s:APC_Config: failed to update", __func__);
+		return;
+	}
+	LOGI("APC %s: %s APC", __func__, flag?"enable":"disable");
+
+}
+
+static void
+apc_cld_mon_cb(struct schema_Manager *mgr)
+{
+	int i = 0;
+	conn_since = 0;
+	struct schema_APC_State apc_state;
+	json_t *where;
+	int ret = 0;
+	int link = 1;
+
+	where = ovsdb_table_where(&table_APC_State, &apc_state);
+	if (false == ovsdb_table_select_one_where(&table_APC_State,
+						  where, &apc_state)) {
+		LOG(ERR, "%s: APC_State read failed", __func__);
+		return;
+	}
+
+
+	/*Checks if wan ethernet port is down and disables apc*/
+	ret = system("/bin/check_wan_link.sh");
+	if (WIFEXITED(ret)) {
+		LOGI("The return value: %d\n", WEXITSTATUS(ret));
+		link = WEXITSTATUS(ret);
+		if (link == 0) {
+			apc_enable(false);
+			return;
+		}
+	}
+
+	/*if cloud conn is false then disable apc*/
+	if (mgr->is_connected == false) {
+			apc_enable(false);
+	}
+	else {
+		for(i=0; i < mgr->status_len; i++) {
+			if(!strncmp(mgr->status_keys[i] , "sec_since_connect",
+					       strlen("sec_since_connect"))) {
+				conn_since = atoi(mgr->status[i]);
+				LOGI("conn_since: %d", conn_since);
+				break;
+			}
+		}
+
+		/*if the APC was stopped earlier, start it if connection good
+		 * for atleast 60 secs*/
+		if (!apc_state.enabled && conn_since > APC_CLOUD_MON_PERIOD) {
+			apc_enable(true);
+		}
+	}
+}
+
+/*Monitor the cloud connection*/
+static void callback_Manager(ovsdb_update_monitor_t *mon,
+			     struct schema_Manager *old,
+			     struct schema_Manager *conf)
+{
+	switch (mon->mon_type)
+	{
+	case OVSDB_UPDATE_NEW:
+	case OVSDB_UPDATE_MODIFY:
+		apc_cld_mon_cb(conf);
+		break;
+
+	case OVSDB_UPDATE_DEL:
+		apc_enable(false);
+		break;
+
+	default:
+		break;
+	}
+	return;
+}
+
+void cloud_disconn_mon(void)
+{
+	OVSDB_TABLE_INIT_NO_KEY(Manager);
+	OVSDB_TABLE_MONITOR(Manager, false);
+}
 
 void apc_init()
 {
 	/* APC Config */
-	OVSDB_TABLE_INIT(APC_Config, _uuid);
+	OVSDB_TABLE_INIT_NO_KEY(APC_Config);
 	OVSDB_TABLE_MONITOR(APC_Config, false);
-	SCHEMA_SET_INT(apc_conf.enabled, true);
+	/* Disable APC by default, enable when cloud connected*/
+	SCHEMA_SET_INT(apc_conf.enabled, false);
 	LOGI("APC state/config Initialize");
-	if (!ovsdb_table_insert(&table_APC_Config, &apc_conf))
+	if (!ovsdb_table_insert(&table_APC_Config, &apc_conf)) {
 		LOG(ERR, "APC_Config: failed to initialize");
+		return;
+	}
 
 	/* APC State */
 	OVSDB_TABLE_INIT_NO_KEY(APC_State);
@@ -822,8 +922,16 @@ void apc_init()
 	SCHEMA_SET_STR(apc_state.dr_addr, "0.0.0.0");
 	SCHEMA_SET_STR(apc_state.bdr_addr, "0.0.0.0");
 	SCHEMA_SET_INT(apc_state.enabled, false);
-	if (!ovsdb_table_insert(&table_APC_State, &apc_state))
+	if (!ovsdb_table_insert(&table_APC_State, &apc_state)) {
 		LOG(ERR, "APC_state: failed to initialize");
+		return;
+	}
+
+	/* Cloud connection monitor - if cloud unreachable
+	 * for certain time, disable APC and enable after the
+	 * cloud connection becomes stable. */
+	cloud_disconn_mon();
+
 }
 
 bool target_radio_init(const struct target_radio_ops *ops)
@@ -854,12 +962,12 @@ bool target_radio_init(const struct target_radio_ops *ops)
 	OVSDB_TABLE_INIT(Radius_Proxy_Config, _uuid);
 	OVSDB_TABLE_MONITOR(Radius_Proxy_Config, false);
 
-	apc_init();
 
 	evsched_task(&periodic_task, NULL, EVSCHED_SEC(5));
 
 	radio_nl80211_init();
 	radio_ubus_init();
+	apc_init();
 
 	clock_gettime(CLOCK_MONOTONIC, &startup_time);
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio_nl80211.c

@@ -50,7 +50,8 @@
 extern struct ev_loop *wifihal_evloop;
 extern ovsdb_table_t table_Wifi_VIF_State;
 extern ovsdb_table_t table_Wifi_Associated_Clients;
-static struct unl unl;
+static struct unl unl_req;
+static struct unl unl_notify;
 static ev_io unl_io;
 
 static int avl_addrcmp(const void *k1, const void *k2, void *ptr)
@@ -471,10 +472,10 @@ int nl80211_channel_get(char *name, unsigned int *chan)
 	if (!idx)
 		return -1;
 
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_INTERFACE, true);
 	nla_put_u32(msg, NL80211_ATTR_IFINDEX, idx);
 
-	unl_genl_request(&unl, msg, nl80211_channel_recv, chan);
+	unl_genl_request(&unl_req, msg, nl80211_channel_recv, chan);
 
 	phy->current_channel = *chan;
 
@@ -562,7 +563,7 @@ static void nl80211_ev(struct ev_loop *ev, struct ev_io *io, int event)
 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, NULL);
 	nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
 	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, nl80211_recv, NULL);
-	nl_recvmsgs(unl.sock, cb);
+	nl_recvmsgs(unl_notify.sock, cb);
 	nl_cb_put(cb);
 }
 
@@ -580,24 +581,33 @@ int radio_nl80211_init(void)
 {
 	struct nl_msg *msg;
 
-	if (unl_genl_init(&unl, "nl80211") < 0) {
+	if (unl_genl_init(&unl_req, "nl80211") < 0) {
 		syslog(0, "nl80211: failed to connect\n");
 		return -1;
 	}
 
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_WIPHY, true);
-	unl_genl_request(&unl, msg, nl80211_recv, NULL);
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
-	unl_genl_request(&unl, msg, nl80211_recv, NULL);
+	if (unl_genl_init(&unl_notify, "nl80211") < 0) {
+		syslog(0, "nl80211: failed to connect\n");
+		return -1;
+	}
 
-	unl_genl_subscribe(&unl, "config");
-	unl_genl_subscribe(&unl, "mlme");
-	unl_genl_subscribe(&unl, "vendor");
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_WIPHY, true);
+	unl_genl_request(&unl_req, msg, nl80211_recv, NULL);
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_INTERFACE, true);
+	unl_genl_request(&unl_req, msg, nl80211_recv, NULL);
 
-	if (nl_socket_set_buffer_size(unl.sock, 262144, 0) < 0)
+	unl_genl_subscribe(&unl_notify, "config");
+	unl_genl_subscribe(&unl_notify, "mlme");
+	unl_genl_subscribe(&unl_notify, "vendor");
+
+
+	if (nl_socket_set_buffer_size(unl_notify.sock, 262144, 0) < 0)
 		LOGE("radio_nl80211: Failed to set nl socket buffer size");
 
-	ev_io_init(&unl_io, nl80211_ev, unl.sock->s_fd, EV_READ);
+	if (nl_socket_set_nonblocking(unl_notify.sock))
+		LOGE("radio_nl80211: Failed to set socket in the non blocking mode");
+
+	ev_io_init(&unl_io, nl80211_ev, unl_notify.sock->s_fd, EV_READ);
         ev_io_start(wifihal_evloop, &unl_io);
 	evsched_task(&vif_poll_stations, NULL, EVSCHED_SEC(5));
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radius_proxy.c

@@ -27,7 +27,6 @@
 #include "utils.h"
 #include "radius_proxy.h"
 
-ovsdb_table_t table_Radius_Proxy_Config;
 struct blob_buf uci_buf = {};
 struct blob_attr *n;
 extern ovsdb_table_t table_APC_State;
@@ -35,11 +34,13 @@ extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
 
 enum {
 	RADIUS_PROXY_OPTIONS_LISTEN_UDP,
+	RADIUS_PROXY_OPTIONS_NAME,
 	__RADIUS_PROXY_OPTIONS_MAX
 };
 
 enum {
 	RADIUS_PROXY_CLIENT_NAME,
+	RADIUS_PROXY_CLIENT_HOST,
 	RADIUS_PROXY_CLIENT_TYPE,
 	RADIUS_PROXY_CLIENT_SECRET,
 	__RADIUS_PROXY_CLIENT_MAX
@@ -47,8 +48,10 @@ enum {
 
 enum {
 	RADIUS_PROXY_SERVER_NAME,
+	RADIUS_PROXY_SERVER_HOST,
 	RADIUS_PROXY_SERVER_TYPE,
 	RADIUS_PROXY_SERVER_SECRET,
+	RADIUS_PROXY_SERVER_PORT,
 	RADIUS_PROXY_SERVER_STATUS,
 	RADIUS_PROXY_SERVER_TLS,
 	RADIUS_PROXY_SERVER_CERT_NAME_CHECK,
@@ -74,10 +77,12 @@ enum {
 
 static const struct blobmsg_policy radius_proxy_options_policy[__RADIUS_PROXY_OPTIONS_MAX] = {
 		[RADIUS_PROXY_OPTIONS_LISTEN_UDP] = { .name = "ListenUDP", BLOBMSG_TYPE_ARRAY },
+		[RADIUS_PROXY_OPTIONS_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
 };
 
 static const struct blobmsg_policy radius_proxy_client_policy[__RADIUS_PROXY_CLIENT_MAX] = {
 		[RADIUS_PROXY_CLIENT_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_CLIENT_HOST] = { .name = "host", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_CLIENT_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_CLIENT_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
 };
@@ -92,8 +97,10 @@ static const struct blobmsg_policy radius_proxy_tls_policy[__RADIUS_PROXY_TLS_MA
 
 static const struct blobmsg_policy radius_proxy_server_policy[__RADIUS_PROXY_SERVER_MAX] = {
 		[RADIUS_PROXY_SERVER_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_HOST] = { .name = "host", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_SERVER_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_SERVER_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_PORT] = { .name = "port", BLOBMSG_TYPE_INT32 },
 		[RADIUS_PROXY_SERVER_STATUS] = { .name = "statusServer", BLOBMSG_TYPE_BOOL },
 		[RADIUS_PROXY_SERVER_TLS] = { .name = "tls", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_SERVER_CERT_NAME_CHECK] = { .name = "certificateNameCheck", BLOBMSG_TYPE_BOOL },
@@ -140,21 +147,31 @@ static bool radsec_download_cert(char *cert_name, char *dir_name, char *cert_url
 {
 	CURL *curl;
 	FILE *fp;
-	CURLcode res;
+	CURLcode curl_ret;
 	char path[200];
+	char dir_path[200];
 	char name[32];
 	char dir[32];
 	char *gw_clientcert = "/usr/opensync/certs/client.pem";
 	char *gw_clientkey = "/usr/opensync/certs/client_dec.key";
+	struct stat stat_buf;
 
 	strcpy(name, cert_name);
 	strcpy(dir, dir_name);
+	sprintf(dir_path, "/tmp/radsec/certs/%s", dir);
 	sprintf(path, "/tmp/radsec/certs/%s/%s", dir, name);
 
+	if (stat(dir_path, &stat_buf) == -1)
+	{
+		char cmd[200];
+		sprintf(cmd, "mkdir -p %s", dir_path);
+		system(cmd);
+	}
+
 	curl = curl_easy_init();
 	if (curl)
 	{
-		fp = fopen(path,"wb");
+		fp = fopen(path, "wb");
 
 		if (fp == NULL)
 		{
@@ -177,23 +194,34 @@ static bool radsec_download_cert(char *cert_name, char *dir_name, char *cert_url
 		curl_easy_setopt(curl, CURLOPT_URL, cert_url);
 		curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, file_write);
 		curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);
-		res = curl_easy_perform(curl);
+		curl_ret = curl_easy_perform(curl);
+
+		if (curl_ret != CURLE_OK)
+		{
+			LOGE("radsec: certificate download failed %s", curl_easy_strerror(curl_ret));
+			curl_easy_cleanup(curl);
+			fclose(fp);
+			remove(path);
+			return false;
+		}
+
 		curl_easy_cleanup(curl);
 		fclose(fp);
-		return res;
 	}
 
 	return true;
 }
 
-static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
+static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf)
 {
-	int i=0;
+	int i = 0;
 	char path[200];
 	char name[256];
+	char server_name[256] = {};
+	char acct_server_name[256] = {};
+	char tls_name[256] = {};
 	struct schema_APC_State apc_conf;
 
-	/* Configure only if APC selects this as master AP (DR) */
 	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
 	if (false == ovsdb_table_select_one_where(&table_APC_State,
 			where, &apc_conf)) {
@@ -201,31 +229,33 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		return false;
 	}
 
-	if (!strncmp(apc_conf.mode, "OR", 2) || !strncmp(apc_conf.mode, "BDR", 2))
-		return false;
-
 	/* Configure options block */
 	blob_buf_init(&uci_buf, 0);
 	n = blobmsg_open_array(&uci_buf,"ListenUDP");
-	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1812");
-	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1813");
+	blobmsg_add_string(&uci_buf, NULL, "*:1812");
+	blobmsg_add_string(&uci_buf, NULL, "*:1813");
 	blobmsg_close_array(&uci_buf, n);
 	memset(name, '\0', sizeof(name));
 	sprintf(name, "%s%s", conf->radius_config_name, "options");
+	blobmsg_add_string(&uci_buf, "name", name);
 	blob_to_uci_section(uci, "radsecproxy", name, "options",
 			uci_buf.head, &radius_proxy_options_param, NULL);
 
 	/* Configure client block */
 	blob_buf_init(&uci_buf, 0);
-	blobmsg_add_string(&uci_buf, "name", "localhost");
+	blobmsg_add_string(&uci_buf, "host", "0.0.0.0/0");
 	blobmsg_add_string(&uci_buf, "type", "udp");
 	blobmsg_add_string(&uci_buf, "secret", "secret");
 	memset(name, '\0', sizeof(name));
 	sprintf(name, "%s%s", conf->radius_config_name, "client");
+	blobmsg_add_string(&uci_buf, "name", name);
 	blob_to_uci_section(uci, "radsecproxy", name, "client",
 			uci_buf.head, &radius_proxy_client_param, NULL);
 
 	/* Configure TLS/non-TLS and server blocks */
+	sprintf(server_name, "%s%s", conf->radius_config_name, "server");
+	sprintf(acct_server_name, "%s%s", conf->radius_config_name, "Acctserver");
+	sprintf(tls_name, "%s%s", conf->radius_config_name, "tls");
 	if (conf->radsec)
 	{
 		blob_buf_init(&uci_buf, 0);
@@ -236,7 +266,7 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		radsec_download_cert("clientdec.key",
 				conf->radius_config_name, conf->client_key);
 
-		blobmsg_add_string(&uci_buf, "name", conf->server);
+		blobmsg_add_string(&uci_buf, "name", tls_name);
 
 		memset(path, '\0', sizeof(path));
 		sprintf(path, "/tmp/radsec/certs/%s/cacert.pem",
@@ -256,34 +286,49 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		if (strlen(conf->passphrase) > 0)
 			blobmsg_add_string(&uci_buf, "certificateKeyPassword", conf->passphrase);
 
-		memset(name, '\0', sizeof(name));
-		sprintf(name, "%s%s", conf->radius_config_name, "tls");
-		blob_to_uci_section(uci, "radsecproxy", name,
+		blob_to_uci_section(uci, "radsecproxy", tls_name,
 				"tls", uci_buf.head, &radius_proxy_tls_param, NULL);
 
 		blob_buf_init(&uci_buf, 0);
-		blobmsg_add_string(&uci_buf, "name", conf->server);
+		blobmsg_add_string(&uci_buf, "name", server_name);
+		blobmsg_add_string(&uci_buf, "host", conf->server);
 		blobmsg_add_string(&uci_buf, "type", "tls");
-		blobmsg_add_string(&uci_buf, "tls", conf->server);
+		blobmsg_add_string(&uci_buf, "tls", tls_name);
+		blobmsg_add_u32(&uci_buf, "port", conf->port);
 		blobmsg_add_string(&uci_buf, "secret", "radsec");
 		blobmsg_add_bool(&uci_buf, "statusServer", 0);
 		blobmsg_add_bool(&uci_buf, "certificateNameCheck", 0);
-		memset(name, '\0', sizeof(name));
-		sprintf(name, "%s%s", conf->radius_config_name, "server");
-		blob_to_uci_section(uci, "radsecproxy", name, "server",
+		blob_to_uci_section(uci, "radsecproxy", server_name, "server",
 				uci_buf.head, &radius_proxy_server_param, NULL);
 	}
 	else /* non-TLS block */
 	{
+		/* Authentication server */
 		blob_buf_init(&uci_buf, 0);
-		blobmsg_add_string(&uci_buf, "name", conf->server);
+		blobmsg_add_string(&uci_buf, "name", server_name);
+		blobmsg_add_string(&uci_buf, "host", conf->server);
 		blobmsg_add_string(&uci_buf, "type", "udp");
 		if (strlen(conf->secret) > 0)
 			blobmsg_add_string(&uci_buf, "secret", conf->secret);
-		memset(name, '\0', sizeof(name));
-		sprintf(name, "%s%s", conf->radius_config_name, "server");
-		blob_to_uci_section(uci, "radsecproxy", name, "server",
+		if (conf->port > 0)
+			blobmsg_add_u32(&uci_buf, "port", conf->port);
+		blob_to_uci_section(uci, "radsecproxy", server_name, "server",
 				uci_buf.head, &radius_proxy_server_param, NULL);
+
+		/* Accounting server */
+		if (strlen(conf->acct_server) > 0)
+		{
+			blob_buf_init(&uci_buf, 0);
+			blobmsg_add_string(&uci_buf, "name", acct_server_name);
+			blobmsg_add_string(&uci_buf, "host", conf->acct_server);
+			blobmsg_add_string(&uci_buf, "type", "udp");
+			if (strlen(conf->secret) > 0)
+				blobmsg_add_string(&uci_buf, "secret", conf->acct_secret);
+			if (conf->acct_port > 0)
+				blobmsg_add_u32(&uci_buf, "port", conf->acct_port);
+			blob_to_uci_section(uci, "radsecproxy", acct_server_name, "server",
+								uci_buf.head, &radius_proxy_server_param, NULL);
+		}
 	}
 
 	/* Configure realm block */
@@ -292,11 +337,20 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		blob_buf_init(&uci_buf, 0);
 		blobmsg_add_string(&uci_buf, "name", conf->realm[i]);
 		n = blobmsg_open_array(&uci_buf,"server");
-		blobmsg_add_string(&uci_buf, NULL, conf->server);
+		blobmsg_add_string(&uci_buf, NULL, server_name);
 		blobmsg_close_array(&uci_buf, n);
-		n = blobmsg_open_array(&uci_buf,"accountingServer");
-		blobmsg_add_string(&uci_buf, NULL, conf->server);
+		if (conf->radsec)
+		{ /* Accounting server same as auth server */
+			n = blobmsg_open_array(&uci_buf, "accountingServer");
+			blobmsg_add_string(&uci_buf, NULL, server_name);
 			blobmsg_close_array(&uci_buf, n);
+		}
+		else if (strlen(conf->acct_server) > 0)
+		{ /* non-TLS case where accounting server is configured */
+			n = blobmsg_open_array(&uci_buf, "accountingServer");
+			blobmsg_add_string(&uci_buf, NULL, acct_server_name);
+			blobmsg_close_array(&uci_buf, n);
+		}
 		memset(name, '\0', sizeof(name));
 		sprintf(name, "%s%s%d", conf->radius_config_name, "realm", i);
 		blob_to_uci_section(uci, "radsecproxy", name, "realm",
@@ -310,22 +364,27 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 static bool radius_proxy_config_delete()
 {
 	struct uci_package *radsecproxy;
+	struct uci_context *rad_uci;
 	struct uci_element *e = NULL, *tmp = NULL;
-	int ret=0;
+	int ret = 0;
 
-	ret= uci_load(uci, "radsecproxy", &radsecproxy);
+	rad_uci = uci_alloc_context();
+
+	ret = uci_load(rad_uci, "radsecproxy", &radsecproxy);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", __func__, ret);
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		uci_free_context(rad_uci);
 		return false;
 	}
 	uci_foreach_element_safe(&radsecproxy->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 		if ((s == NULL) || (s->type == NULL)) continue;
-		uci_section_del(uci, "radsecproxy", "radsecproxy",
+		uci_section_del(rad_uci, "radsecproxy", "radsecproxy",
 				(char *)s->e.name, s->type);
 	}
-	uci_commit(uci, &radsecproxy, false);
-	uci_unload(uci, radsecproxy);
+	uci_commit(rad_uci, &radsecproxy, false);
+	uci_unload(rad_uci, radsecproxy);
+	uci_free_context(rad_uci);
 	reload_config = 1;
 	return true;
 }
@@ -339,11 +398,12 @@ void callback_Radius_Proxy_Config(ovsdb_update_monitor_t *self,
 	case OVSDB_UPDATE_NEW:
 	case OVSDB_UPDATE_MODIFY:
 		(void) radius_proxy_config_set(conf);
+		vif_check_radius_proxy();
 		break;
 
 	case OVSDB_UPDATE_DEL:
 		(void) radius_proxy_config_delete();
-		(void) radius_proxy_config_set(conf);
+		vif_check_radius_proxy();
 		break;
 
 	default:

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/rrm_config.c

@@ -47,8 +47,19 @@ void rrm_config_vif(struct blob_buf *b, struct blob_buf *del, const char * freq_
 		blobmsg_add_u32(b, "rssi_ignore_probe_request", conf.probe_resp_threshold);
 		blobmsg_add_u32(b, "signal_connect", conf.client_disconnect_threshold);
 		blobmsg_add_u32(b, "signal_stay", conf.client_disconnect_threshold);
-		blobmsg_add_u32(b, "bcn_rate", conf.beacon_rate);
 		blobmsg_add_u32(b, "mcast_rate", conf.mcast_rate);
+
+		if (conf.beacon_rate == 0) {
+			// Default to the lowest possible bit rate for each frequency band
+			if (!strcmp(freq_band, "2.4G")) {
+				blobmsg_add_u32(b, "bcn_rate", 10);
+			} else {
+				blobmsg_add_u32(b, "bcn_rate", 60);
+			}
+		} else {
+			blobmsg_add_u32(b, "bcn_rate", conf.beacon_rate);
+		}
+		
 	}
 	return;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/sysupgrade.c

@@ -291,7 +291,7 @@ static void cb_osp_start_factory_reboot(EV_P_ ev_timer *w, int events)
 	if (!strcmp(upg_url, "reboot"))
 		system("reboot");
 	else
-		system("jffs2reset -y -r");
+		system("wlan_ap_factory_reset.sh");
 
 	upg_running = false;
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/uci.c

@@ -210,8 +210,10 @@ int uci_section_to_blob(struct uci_context *uci, char *package, char *section,
 
 	if (uci_load(uci, package, &p))
 		p = uci_lookup_package(uci, package);
-	if (!p)
+	if (!p) {
+		uci_unload(uci, p);
 		return -1;
+	}
 	s = uci_lookup_section(uci, p, section);
 	if (!s)
 		goto out;

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c

@@ -32,6 +32,7 @@
 
 extern ovsdb_table_t table_Wifi_VIF_Config;
 extern ovsdb_table_t table_Hotspot20_Icon_Config;
+extern ovsdb_table_t table_Radius_Proxy_Config;
 
 extern struct blob_buf b;
 extern struct blob_buf del;
@@ -94,6 +95,7 @@ enum {
 	WIF_ATTR_VENUE_URL,
 	WIF_ATTR_NETWORK_AUTH_TYPE,
 	WIF_ATTR_IPADDR_TYPE_AVAILABILITY,
+	WIF_ATTR_CONNECTION_CAPABILITY,
 	WIF_ATTR_DOMAIN_NAME,
 	WIF_ATTR_MCC_MNC,
 	WIF_ATTR_NAI_REALM,
@@ -132,6 +134,8 @@ enum {
 	WIF_ATTR_11R_R0KH,
 	WIF_ATTR_11R_R1KH,
 	WIF_ATTR_RADPROXY,
+	WIF_ATTR_PROXY_ARP,
+	WIF_ATTR_MCAST_TO_UCAST,
 	__WIF_ATTR_MAX,
 };
 
@@ -187,7 +191,8 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
 	[WIF_ATTR_VENUE_TYPE] = { .name = "venue_type", BLOBMSG_TYPE_INT32 },
 	[WIF_ATTR_VENUE_URL] = { .name = "venue_url", BLOBMSG_TYPE_ARRAY },
 	[WIF_ATTR_NETWORK_AUTH_TYPE] = { .name = "network_auth_type", BLOBMSG_TYPE_STRING },
-	[WIF_ATTR_IPADDR_TYPE_AVAILABILITY] = { .name = "ipaddr_type_availability", BLOBMSG_TYPE_INT32 },
+	[WIF_ATTR_IPADDR_TYPE_AVAILABILITY] = { .name = "ipaddr_type_availability", BLOBMSG_TYPE_STRING },
+	[WIF_ATTR_CONNECTION_CAPABILITY] = { .name = "hs20_conn_capab", BLOBMSG_TYPE_ARRAY },
 	[WIF_ATTR_DOMAIN_NAME] = { .name = "domain_name", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_MCC_MNC] = { .name = "anqp_3gpp_cell_net", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_NAI_REALM] = { .name = "nai_realm", BLOBMSG_TYPE_ARRAY },
@@ -226,6 +231,8 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
 	[WIF_ATTR_11R_R0KH] = { .name = "r0kh", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_11R_R1KH] = { .name = "r1kh", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_RADPROXY] = { .name = "radproxy", BLOBMSG_TYPE_STRING },
+	[WIF_ATTR_PROXY_ARP] = { .name = "proxy_arp", BLOBMSG_TYPE_BOOL },
+	[WIF_ATTR_MCAST_TO_UCAST] = { .name = "multicast_to_unicast", BLOBMSG_TYPE_BOOL },
 };
 
 const struct uci_blob_param_list wifi_iface_param = {
@@ -313,7 +320,7 @@ static struct vif_crypto {
 	{ "wpa-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 	{ "sae", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_WPA3, 0 },
 	{ "sae-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_MIXED, 0 },
-	{ "wpa3", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
+	{ "wpa3-only", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
 	{ "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 };
 
@@ -323,7 +330,7 @@ extern unsigned int radproxy_apc;
 
 /* Custom options table */
 #define SCHEMA_CUSTOM_OPT_SZ            20
-#define SCHEMA_CUSTOM_OPTS_MAX          13
+#define SCHEMA_CUSTOM_OPTS_MAX          15
 
 const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
 {
@@ -340,6 +347,8 @@ const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
 	SCHEMA_CONSTS_RADIUS_NAS_IP,
 	SCHEMA_CONSTS_DYNAMIC_VLAN,
 	SCHEMA_CONSTS_RADPROXY,
+	SCHEMA_CONSTS_PROXY_ARP,
+	SCHEMA_CONSTS_MCAST_TO_UCAST,
 };
 
 static bool vif_config_custom_opt_get_proxy(
@@ -654,8 +663,19 @@ static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
 				strncpy(value, "br-wan.", 20);
 				blobmsg_add_string(del, "vlan_bridge", value);
 			}
-		} else if (strcmp(opt, "radproxy") == 0)
+		} else if (strcmp(opt, "radproxy") == 0) {
 			blobmsg_add_string(b, "radproxy", value);
+		} else if (strcmp(opt, "proxy_arp") == 0) {
+			if (strcmp(value, "1") == 0)
+				blobmsg_add_bool(b, "proxy_arp", 1);
+			else if (strcmp(value, "0") == 0)
+				blobmsg_add_bool(del, "proxy_arp", 1);
+		} else if (strcmp(opt, "mcast_to_ucast") == 0) {
+			if (strcmp(value, "1") == 0)
+				blobmsg_add_bool(b, "multicast_to_unicast", 1);
+			else if (strcmp(value, "0") == 0)
+				blobmsg_add_bool(del, "multicast_to_unicast", 1);
+		}
 	}
 
 	/* No NASID was found from blob, so use BSSID as NASID */
@@ -805,8 +825,33 @@ static void vif_state_custom_options_get(struct schema_Wifi_VIF_State *vstate,
 							custom_options_table[i],
 							buf);
 			}
-		}
 
+
+		} else if (strcmp(opt, "proxy_arp") == 0) {
+			if (tb[WIF_ATTR_PROXY_ARP]) {
+				if (blobmsg_get_bool(tb[WIF_ATTR_PROXY_ARP])) {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"1");
+				} else {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"0");
+				}
+			}
+		} else if (strcmp(opt, "mcast_to_ucast") == 0) {
+			if (tb[WIF_ATTR_MCAST_TO_UCAST]) {
+				if (blobmsg_get_bool(tb[WIF_ATTR_MCAST_TO_UCAST])) {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"1");
+				} else {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"0");
+				}
+			}
+		}
 	}
 }
 
@@ -976,40 +1021,38 @@ size_t write_file(void *ptr, size_t size, size_t nmemb, FILE *stream) {
 
 void vif_section_del(char *section_name)
 {
-
 	struct uci_package *wireless;
+	struct uci_context *sec_ctx;
 	struct uci_element *e = NULL, *tmp = NULL;
 	int ret=0;
-
-	ret= uci_load(uci, "wireless", &wireless);
+	sec_ctx = uci_alloc_context();
+	ret= uci_load(sec_ctx, "wireless", &wireless);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", section_name, ret);
+		LOGE("%s: %s uci_load() failed with rc %d", section_name, __func__, ret);
+		uci_free_context(sec_ctx);
 		return;
 	}
 	uci_foreach_element_safe(&wireless->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 		if ((s == NULL) || (s->type == NULL)) continue;
 		if (!strcmp(s->type, section_name)) {
-			uci_section_del(uci, "vif", "wireless", (char *)s->e.name, section_name);
+			uci_section_del(sec_ctx, "vif", "wireless", (char *)s->e.name, section_name);
 		}
 		else {
 			continue;
 		}
 	}
-	uci_commit(uci, &wireless, false);
-	uci_unload(uci, wireless);
+	uci_commit(sec_ctx, &wireless, false);
+	uci_unload(sec_ctx, wireless);
+	uci_free_context(sec_ctx);
 	reload_config = 1;
-
 }
 
-static void vif_check_radius_proxy()
+void vif_check_radius_proxy()
 {
-	struct uci_context *uci_ctx;
-	struct uci_package *wireless;
 	struct schema_APC_State apc_conf;
-	struct uci_element *e = NULL, *tmp = NULL;
-	char *buf = NULL;
-	int rc = 0;
+	int n = 0;
+	void *buf = NULL;
 
 	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
 	if (false == ovsdb_table_select_one_where(&table_APC_State, where, &apc_conf))
@@ -1018,51 +1061,29 @@ static void vif_check_radius_proxy()
 		return;
 	}
 
-	uci_ctx = uci_alloc_context();
-
-	rc = uci_load(uci_ctx, "wireless", &wireless);
-
-	if (rc)
+	buf = ovsdb_table_select_where(&table_Radius_Proxy_Config, NULL, &n);
+	if (!buf)
 	{
-		LOGD("%s: uci_load() failed with rc %d", __func__, rc);
-		goto free;
+		LOGI("Radius_Proxy_Config table doesn't exist.  Stop radsecproxy service.");
+		system("/etc/init.d/radsecproxy stop");
+		return;
 	}
-
-	uci_foreach_element_safe(&wireless->sections, tmp, e)
-	{
-		struct blob_attr *tb[__WIF_ATTR_MAX];
-		struct uci_section *s = uci_to_section(e);
-		if ((s == NULL) || (s->type == NULL))
-			continue;
-
-		if (strcmp(s->type, "wifi-iface"))
-			continue;
-
-		blob_buf_init(&b, 0);
-		uci_to_blob(&b, s, &wifi_iface_param);
-		blobmsg_parse(wifi_iface_policy, __WIF_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));
-
-		if (tb[WIF_ATTR_RADPROXY])
-		{
-			buf = blobmsg_get_string(tb[WIF_ATTR_RADPROXY]);
-
-			if (!strcmp(buf, "1") && !strcmp(apc_conf.mode, "DR"))
+	else if (!strcmp(apc_conf.mode, "DR"))
 	{
 		if (!system("pidof radsecproxy"))
-					goto free;
+			goto out;
 
+		LOGI("Start radsecproxy service.");
 		system("/etc/init.d/radsecproxy start");
-
-				goto free;
 	}
-		}
-	}
-
+	else
+	{
+		LOGI("Not DR. Stop radsecproxy service.");
 		system("/etc/init.d/radsecproxy stop");
+	}
 
-free:
-	uci_unload(uci_ctx, wireless);
-	uci_free_context(uci_ctx);
+out:
+	free(buf);
 	return;
 }
 
@@ -1120,6 +1141,7 @@ static void hs20_vif_config(struct blob_buf *b,
 	int i = 0;
 	unsigned int len = 0;
 	char domain_name[256];
+	char str[3] = {};
 
 	if (hs2conf->enable) {
 		blobmsg_add_bool(b, "interworking", 1);
@@ -1232,6 +1254,20 @@ static void hs20_vif_config(struct blob_buf *b,
 	if (strlen(hs2conf->wan_metrics))
 		blobmsg_add_string(b, "hs20_wan_metrics", hs2conf->wan_metrics);
 
+	len = strlen(hs2conf->ipaddr_type_availability);
+	if (len)
+	{
+		if (len == 1)
+		{
+			snprintf(str, sizeof(str), "0%s", hs2conf->ipaddr_type_availability);
+			blobmsg_add_string(b, "ipaddr_type_availability", str);
+		}
+		else
+		{
+			blobmsg_add_string(b, "ipaddr_type_availability", hs2conf->ipaddr_type_availability);
+		}
+	}
+
 	n = blobmsg_open_array(b, "hs20_oper_friendly_name");
 	for (i = 0; i < hs2conf->operator_friendly_name_len; i++)
 	{
@@ -1248,6 +1284,13 @@ static void hs20_vif_config(struct blob_buf *b,
 		blobmsg_add_u32(b, "venue_type", venue_type);
 	}
 
+	n = blobmsg_open_array(b, "hs20_conn_capab");
+	for (i = 0; i < hs2conf->connection_capability_len; i++)
+	{
+		blobmsg_add_string(b, NULL, hs2conf->connection_capability[i]);
+	}
+	blobmsg_close_array(b, n);
+
 	if (hs2conf->operator_icons_len)
 	{
 		n = blobmsg_open_array(b, "operator_icon");
@@ -1268,14 +1311,17 @@ static void hs20_vif_config(struct blob_buf *b,
 bool target_vif_config_del(const struct schema_Wifi_VIF_Config *vconf)
 {
 	struct uci_package *wireless;
+	struct uci_context *vif_ctx;
 	struct uci_element *e = NULL, *tmp = NULL;
 	const char *ifname;
-	int ret=0;
+	int ret = 0;
 
 	vlan_del((char *)vconf->if_name);
-	ret= uci_load(uci, "wireless", &wireless);
+	vif_ctx = uci_alloc_context();
+	ret= uci_load(vif_ctx, "wireless", &wireless);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", vconf->if_name, ret);
+		LOGE("%s: %s uci_load() failed with rc %d", vconf->if_name, __func__, ret);
+		uci_free_context(vif_ctx);
 		return false;
 	}
 	uci_foreach_element_safe(&wireless->sections, tmp, e) {
@@ -1283,14 +1329,15 @@ bool target_vif_config_del(const struct schema_Wifi_VIF_Config *vconf)
 		if ((s == NULL) || (s->type == NULL)) continue; 
 		if (strcmp(s->type, "wifi-iface")) continue;
 
-		ifname = uci_lookup_option_string( uci, s, "ifname" );
+		ifname = uci_lookup_option_string( vif_ctx, s, "ifname" );
 		if (!strcmp(ifname,vconf->if_name)) {
-			uci_section_del(uci, "vif", "wireless", (char *)s->e.name, "wifi-iface");
+			uci_section_del(vif_ctx, "vif", "wireless", (char *)s->e.name, "wifi-iface");
 			break;
 		}
 	}
-	uci_commit(uci, &wireless, false);
-	uci_unload(uci, wireless);
+	uci_commit(vif_ctx, &wireless, false);
+	uci_unload(vif_ctx, wireless);
+	uci_free_context(vif_ctx);
 	reload_config = 1;
 	return true;
 }
@@ -1483,7 +1530,6 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 
 	blob_buf_init(&b, 0);
 	blob_buf_init(&del,0);
-
 	blobmsg_add_string(&b, "ifname", vconf->if_name);
 	blobmsg_add_string(&b, "device", rconf->if_name);
 	blobmsg_add_string(&b, "mode", "ap");
@@ -1592,9 +1638,6 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 		vif_dhcp_opennds_allowlist_set(vconf,(char*)vconf->if_name);
 	}
 
-	if (changed->custom_options)
-		vif_check_radius_proxy();
-
 	reload_config = 1;
 	return 0;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/ucc_detect/src/main.c

@@ -130,6 +130,7 @@ static int rx_msg(struct nl_msg *msg, void* arg)
 	struct nlattr *attr[GENL_UCC_ATTR_MAX+1];
 
 	struct voip_session *data;
+	char dst_ip[16];
 	genlmsg_parse(nlmsg_hdr(msg), 0, attr, 
 			GENL_UCC_ATTR_MAX, genl_ucc_policy);
 
@@ -140,7 +141,6 @@ static int rx_msg(struct nl_msg *msg, void* arg)
 		return NL_OK;
 	}
 
-	char *dst_ip = malloc(16);
 	memset(dst_ip, 0, 16);
 	if((get_current_ip(dst_ip, IAC_IFACE)) < 0) {
 		LOGI("Error: Cannot get IP for %s", IAC_IFACE);
@@ -249,48 +249,31 @@ int main(int argc, char ** argv)
 	backtrace_init();
 
 	json_memdbg_init(loop);
-#if 0
-	if (!dpp_init())
-	{
-        	LOG(ERR,
-            	"Initializing SM "
-            	"(Failed to init DPP library)");
-		return -1;
-	}
 
-	if (!uccm_mqtt_init())
-	{
-		LOG(ERR,
-		"Initializing SM "
-		"(Failed to start MQTT)");
-		return -1;
-	}
-#endif
 	if (!ovsdb_init_loop(loop, "UCCM")) {
 		LOGEM("Initializing UCCM (Failed to initialize OVSDB)");
 		return -1;
 	}
-	evsched_init(loop);
 
 	callback cb = recv_process;
 	LOGI("Call interap_recv");
 	if( interap_recv(IAC_VOIP_PORT, cb, sizeof(struct voip_session),
-			 loop, &iac_io) < 0)
+			 loop, &iac_io) < 0) {
+		interap_rcv_close();
 		LOGI("Error: Failed InterAP receive");
+		return 1;
+	}
 
-//	task_init();
+	evsched_init(loop);
 	netlink_listen(loop);
-//	command_ubus_init(loop);
 
 	ev_run(loop, 0);
 
 	if (!ovsdb_stop_loop(loop))
 		LOGE("Stopping UCCM (Failed to stop OVSDB");
-#if 0
-	uccm_mqtt_stop();
-#endif
 	ev_default_destroy();
 
+	interap_rcv_close();
 	LOGN("Exiting UCCM");
 
 	return 0;

feeds/wlan-ap/wlan-ap-config/files/etc/hotplug.d/iface/40-fix-lan-wan-ip-conflict

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
+[ "$INTERFACE" = wan ] || exit 0
+
+conflict=0
+wan_ipaddr="$(ubus call network.interface.wan status | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
+lan_ipaddr="$(ubus call network.interface.lan status | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
+logger -t hotplug "$ACTION of $INTERFACE ($DEVICE) $wan_ipaddr"
+
+[ "$wan_ipaddr" = "192.168.1" ] && [ "$lan_ipaddr" = "192.168.1" ] && {
+    conflict=1
+    dest_ip="192.168.0.1"
+}
+[ "$wan_ipaddr" = "192.168.0" ] && [ "$lan_ipaddr" = "192.168.0" ] && {
+    conflict=1
+    dest_ip="192.168.1.1"
+}
+[ $conflict = 1 ] && {
+    logger -t hotplug "IP conflict with br-wan.  Switch br-lan to $dest_ip"
+    uci set network.lan.ipaddr="$dest_ip"
+    uci_commit
+    reload_config
+}
+exit 0

feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-data

@@ -3,9 +3,9 @@
 . /lib/functions.sh
 
 SKU="unknown"
-MODEL="unknown"
+MODEL=""
 PLATFORM="unknown"
-SERIAL="unknown"
+SERIAL=""
 MODEL_REV="unknown"
 MODEL_DESCR="unknown"
 MANUF_NAME="unknown"
@@ -19,9 +19,12 @@ ID=""
 case "$(board_name)" in
 edgecore,ecw5211|\
 edgecore,ecw5410)
-	MODEL=$(cat /tmp/sysinfo/board_name | sed "s/edgecore,//" | tr [a-z] [A-Z])
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd5 | grep serial_number | cut -d "=" -f2)
+	MODEL=$(cat /dev/mtd5 | grep "model=" | cut -d "=" -f2)
+	if [ ! $MODEL ]; then
+		MODEL=$(cat /tmp/sysinfo/board_name | sed "s/edgecore,//" | tr [a-z] [A-Z])
+	fi
 	SKU=$(cat /dev/mtd5 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd5 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd5 | grep mac_address | cut -d "=" -f2)
@@ -37,12 +40,12 @@ edgecore,ecw5410)
 	REF_DESIGN=$(cat /dev/mtd5 | grep reference_design | cut -d "=" -f2)
 	;;
 cig,wf194c)
-	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd14 | grep serial_number | cut -d "=" -f2)
 	if [ ! $SERIAL ]; then
 		SERIAL=$(cat /dev/mtd14 | grep BaseMacAddress | cut -dx -f2)
 	fi
+	MODEL=$(cat /dev/mtd14 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd14 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd14 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd14 | grep mac_address | cut -d "=" -f2)
@@ -58,9 +61,9 @@ cig,wf194c)
 	REF_DESIGN=$(cat /dev/mtd14 | grep reference_design | cut -d "=" -f2)
 	;;
 cig,wf188n)
-	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd12 | grep serial_number | cut -d "=" -f2)
+	MODEL=$(cat /dev/mtd12 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd12 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd12 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd12 | grep mac_address | cut -d "=" -f2)
@@ -97,9 +100,9 @@ linksys,ea8300)
 	MANUF_DATE="$DAY-$MONTH-$YEAR"
 	;;
 tp-link,ec420-g1)
-	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd9 | grep serial_number | cut -d "=" -f2)
+	MODEL=$(cat /dev/mtd9 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd9 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd9 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd9 | grep mac_address | cut -d "=" -f2)
@@ -133,11 +136,22 @@ if [ ! $ID ]; then
 	ID=$(cat /sys/class/net/eth0/address)
 fi
 
+# fallback check to get the model if flash does not contain this info.
+if [ ! $MODEL ]; then
+	MODEL=$(cat /tmp/sysinfo/board_name)
+fi
+
+# Read the active firmware version info
+FIRMWARE=$(cat /usr/opensync/.versions | grep FW_IMAGE_ACTIVE | grep -o '[^-]*$')
+if [ ! $FIRMWARE ]; then
+	FIRMWARE=$(cat /usr/opensync/.versions | grep FW_VERSION | cut -d ":" -f2)
+fi
+
 uci set system.tip=tip
 uci set system.tip.serial="${SERIAL}"
 uci set system.tip.model="${MODEL}"
 uci set system.tip.platform="${PLATFORM}"
-uci set system.tip.firmware='0.1.0'
+uci set system.tip.firmware="${FIRMWARE}"
 uci set system.tip.sku_number="${SKU}"
 uci set system.tip.revision="${MODEL_REV}"
 uci set system.tip.model_description="${MODEL_DESCR}"

feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-network

@@ -2,6 +2,8 @@
 
 uci set network.wan.type=bridge
 uci set network.wan6.ifname=@wan
+uci set network.wan.metric=1
+uci set network.lan.metric=10
 uci set network.wan.vlan_filtering=1
 uci set network.lan.vlan_filtering=1
 exit 0

patches/0027-ipq807x-add-the-Qualcomm-AX-target-support.patch

@@ -12281,14 +12281,14 @@ index 0000000000..6b0eb2f831
 ++		pinctrl-names = "default";
 ++
 ++		led@25 {
-++			label = "wifi5g";
-++			gpios = <&tlmm 35 GPIO_ACTIVE_HIGH>;
+++			label = "green:wifi5";
+++			gpios = <&tlmm 35 GPIO_ACTIVE_LOW>;
 ++			linux,default-trigger = "wf188:green:5g";
 ++			default-state = "off";
 ++		};
 ++		led@24 {
-++			label = "wifi2g";
-++			gpios = <&tlmm 37 GPIO_ACTIVE_HIGH>;
+++			label = "green:wifi2";
+++			gpios = <&tlmm 37 GPIO_ACTIVE_LOW>;
 ++			linux,default-trigger = "wf188:green:2g";
 ++			default-state = "off";
 ++		};

patches/0036-Preserve-certs-and-redirector-over-factory-reboot.patch

@@ -0,0 +1,81 @@
+From 1f9978564420818d4ce4bdbb08fce2eca7c13d8e Mon Sep 17 00:00:00 2001
+From: Rick Sommerville <rick.sommerville@netexperience.com>
+Date: Sun, 23 May 2021 14:36:03 -0400
+Subject: [PATCH] Preserve certificates and redirector over factory-reset
+
+---
+ package/base-files/files/etc/rc.button/reset  |  2 +-
+ .../patches/001-jffs2reset-keep-option        | 48 +++++++++++++++++++
+ 2 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 package/system/fstools/patches/001-jffs2reset-keep-option
+
+diff --git a/package/base-files/files/etc/rc.button/reset b/package/base-files/files/etc/rc.button/reset
+index 2403122ad2..56c0548ec9 100755
+--- a/package/base-files/files/etc/rc.button/reset
++++ b/package/base-files/files/etc/rc.button/reset
+@@ -23,7 +23,7 @@ released)
+ 	elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
+ 	then
+ 		echo "FACTORY RESET" > /dev/console
+-		jffs2reset -y && reboot &
++		wlan_ap_factory_reset.sh
+ 	fi
+ ;;
+ esac
+diff --git a/package/system/fstools/patches/001-jffs2reset-keep-option b/package/system/fstools/patches/001-jffs2reset-keep-option
+new file mode 100644
+index 0000000000..50209ea276
+--- /dev/null
++++ b/package/system/fstools/patches/001-jffs2reset-keep-option
+@@ -0,0 +1,48 @@
++--- a/jffs2reset.c
+++++ b/jffs2reset.c
++@@ -40,7 +40,7 @@ ask_user(void)
++ 	return 0;
++ }
++ 
++-static int jffs2_reset(struct volume *v, int reset)
+++static int jffs2_reset(struct volume *v, int reset, int keep)
++ {
++ 	char *mp;
++ 
++@@ -48,7 +48,7 @@ static int jffs2_reset(struct volume *v,
++ 	if (mp) {
++ 		ULOG_INFO("%s is mounted as %s, only erasing files\n", v->blk, mp);
++ 		fs_state_set("/overlay", FS_STATE_PENDING);
++-		overlay_delete(mp, false);
+++		overlay_delete(mp, keep);
++ 		mount(mp, "/", NULL, MS_REMOUNT, 0);
++ 	} else {
++ 		ULOG_INFO("%s is not mounted\n", v->blk);
++@@ -93,8 +93,8 @@ static int jffs2_mark(struct volume *v)
++ int main(int argc, char **argv)
++ {
++ 	struct volume *v;
++-	int ch, yes = 0, reset = 0;
++-	while ((ch = getopt(argc, argv, "yr")) != -1) {
+++	int ch, yes = 0, reset = 0, keep = 0;
+++	while ((ch = getopt(argc, argv, "yrk")) != -1) {
++ 		switch(ch) {
++ 		case 'y':
++ 			yes = 1;
++@@ -102,6 +102,9 @@ int main(int argc, char **argv)
++ 		case 'r':
++ 			reset = 1;
++ 			break;
+++                case 'k':
+++                        keep = 1;
+++                        break;
++ 		}
++ 
++ 	}
++@@ -128,5 +131,5 @@ int main(int argc, char **argv)
++ 	volume_init(v);
++ 	if (!strcmp(*argv, "jffs2mark"))
++ 		return jffs2_mark(v);
++-	return jffs2_reset(v, reset);
+++	return jffs2_reset(v, reset, keep);
++ }
+-- 
+2.17.1
+

patches/0052-netifd-Add-WPA3-Enterprise-modes.patch

@@ -0,0 +1,39 @@
+From dc2e1e24e5a69face7d154fea6d3ecbee6c90e45 Mon Sep 17 00:00:00 2001
+From: Arif Alam <arif.alam@netexperience.com>
+Date: Wed, 28 Apr 2021 19:29:23 -0400
+Subject: [PATCH] netifd: Add WPA3 Enterprise modes
+
+Add configuration options for:
+- WPA3 Enterprise Only mode
+- WPA3 Enterprise Transition mode
+
+Signed-off-by: Arif Alam <arif.alam@netexperience.com>
+---
+ .../patches/0105-add-wpa3-enterprise-modes.patch  | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+ create mode 100644 package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+
+diff --git a/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+new file mode 100644
+index 0000000000..9018365807
+--- /dev/null
++++ b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+@@ -0,0 +1,15 @@
++--- a/scripts/netifd-wireless.sh
+++++ b/scripts/netifd-wireless.sh
++@@ -244,8 +244,11 @@ wireless_vif_parse_encryption() {
++ 		owe*)
++ 			auth_type=owe
++ 		;;
+++		wpa3-only*)
+++			auth_type=eap-only
+++		;;
++ 		wpa3-mixed*)
++-			auth_type=eap-eap192
+++			auth_type=eap-transition
++ 		;;
++ 		wpa3*)
++ 			auth_type=eap192
+-- 
+2.25.1
+

patches/0053-ipq807x-fix-edgecore-eap102.patch

@@ -0,0 +1,156 @@
+From 4a5ac0aa04a5e6cf9316ce7c16843f0f4a4128ce Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Wed, 12 May 2021 07:00:18 +0200
+Subject: [PATCH] ipq807x: fix edgecore eap102
+
+* import the fixes for the update hardware revision
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ target/linux/ipq807x/base-files/etc/board.d/02_network    | 5 +----
+ target/linux/ipq807x/base-files/etc/init.d/bootcount      | 3 ++-
+ target/linux/ipq807x/base-files/lib/upgrade/platform.sh   | 4 ++--
+ .../arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts      | 8 ++++----
+ target/linux/ipq807x/image/ipq60xx.mk                     | 6 +++---
+ target/linux/ipq807x/image/ipq807x.mk                     | 2 +-
+ 6 files changed, 13 insertions(+), 15 deletions(-)
+
+diff --git a/target/linux/ipq807x/base-files/etc/board.d/02_network b/target/linux/ipq807x/base-files/etc/board.d/02_network
+index f23a9f3eac..e90a73f7bf 100755
+--- a/target/linux/ipq807x/base-files/etc/board.d/02_network
++++ b/target/linux/ipq807x/base-files/etc/board.d/02_network
+@@ -28,6 +28,7 @@ qcom_setup_interfaces()
+                 ucidef_set_interface_wan "eth0"
+                 ;;
+ 	cig,wf194c|\
++	edgecore,eap102|\
+ 	sercomm,wallaby)
+ 		ucidef_set_interface_lan "eth0"
+ 		ucidef_set_interface_wan "eth1"
+@@ -36,10 +37,6 @@ qcom_setup_interfaces()
+ 		ucidef_set_interface_lan "eth1 eth2"
+ 		ucidef_set_interface_wan "eth0"
+ 		;;
+-	edgecore,eap102)
+-		ucidef_set_interface_lan "eth1"
+-		ucidef_set_interface_wan "eth0"
+-		;;
+ 	esac
+ }
+ 
+diff --git a/target/linux/ipq807x/base-files/etc/init.d/bootcount b/target/linux/ipq807x/base-files/etc/init.d/bootcount
+index ac345d6d4a..a24f27353e 100755
+--- a/target/linux/ipq807x/base-files/etc/init.d/bootcount
++++ b/target/linux/ipq807x/base-files/etc/init.d/bootcount
+@@ -4,7 +4,8 @@ START=99
+ 
+ boot() {
+ 	case "$(board_name)" in
+-	edgecore,eap101)
++	edgecore,eap101|\
++	edgecore,eap102)
+ 		fw_setenv bootcount 0
+ 		;;
+ 	esac
+diff --git a/target/linux/ipq807x/base-files/lib/upgrade/platform.sh b/target/linux/ipq807x/base-files/lib/upgrade/platform.sh
+index 59d1578925..a520df40d7 100755
+--- a/target/linux/ipq807x/base-files/lib/upgrade/platform.sh
++++ b/target/linux/ipq807x/base-files/lib/upgrade/platform.sh
+@@ -48,7 +48,6 @@ platform_do_upgrade() {
+ 		;;
+ 	cig,wf188n|\
+ 	cig,wf194c|\
+-	edgecore,eap102|\
+ 	qcom,ipq6018-cp01|\
+ 	qcom,ipq807x-hk01|\
+ 	sercomm,wallaby|\
+@@ -56,7 +55,8 @@ platform_do_upgrade() {
+ 	tplink,ex227)
+ 		nand_upgrade_tar "$1"
+ 		;;
+-	edgecore,eap101)
++	edgecore,eap101|\
++	edgecore,eap102)
+ 		CI_UBIPART="rootfs1"
+ 		nand_upgrade_tar "$1"
+ 		;;
+diff --git a/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts b/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
+index e8157f5514..cf822c246e 100755
+--- a/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
++++ b/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
+@@ -32,8 +32,8 @@
+ 		 * Aliases as required by u-boot
+ 		 * to patch MAC addresses
+ 		 */
+-		ethernet0 = "/soc/dp5";
+-		ethernet1 = "/soc/dp6";
++		ethernet0 = "/soc/dp6";
++		ethernet1 = "/soc/dp5";
+ 
+ 		led-boot = &led_power;
+ 		led-failsafe = &led_power;
+@@ -593,7 +593,7 @@
+ 		};
+ 	};
+ 
+-	dp1 {
++/*	dp1 {
+ 		device_type = "network";
+ 		compatible = "qcom,nss-dp";
+ 		qcom,id = <1>;
+@@ -639,7 +639,7 @@
+ 		qcom,link-poll = <1>;
+ 		qcom,phy-mdio-addr = <3>;
+ 		phy-mode = "sgmii";
+-	};
++	};*/
+ 
+ 	dp5 {
+ 		device_type = "network";
+diff --git a/target/linux/ipq807x/image/ipq60xx.mk b/target/linux/ipq807x/image/ipq60xx.mk
+index c536a174f8..201885a760 100644
+--- a/target/linux/ipq807x/image/ipq60xx.mk
++++ b/target/linux/ipq807x/image/ipq60xx.mk
+@@ -7,7 +7,7 @@ define Device/cig_wf188
+   SUPPORTED_DEVICES := cig,wf188
+   IMAGES := sysupgrade.tar
+   IMAGE/sysupgrade.tar/squashfs := append-rootfs | pad-rootfs | sysupgrade-tar rootfs=$$$$@ | append-metadata
+-  DEVICE_PACKAGES := ath11k-wifi-cig-wf188 uboot-env
++  DEVICE_PACKAGES := ath11k-wifi-cig-wf188 uboot-envtools
+ endef
+ TARGET_DEVICES += cig_wf188
+ 
+@@ -16,7 +16,7 @@ define Device/cig_wf188n
+   DEVICE_DTS := qcom-ipq6018-cig-wf188n
+   DEVICE_DTS_CONFIG := config@cp03-c1
+   SUPPORTED_DEVICES := cig,wf188n
+-  DEVICE_PACKAGES := ath11k-wifi-cig-wf188n uboot-env
++  DEVICE_PACKAGES := ath11k-wifi-cig-wf188n uboot-envtools
+ endef
+ TARGET_DEVICES += cig_wf188n
+ 
+@@ -25,7 +25,7 @@ define Device/edgecore_eap101
+   DEVICE_DTS := qcom-ipq6018-edgecore-eap101
+   DEVICE_DTS_CONFIG := config@cp01-c1
+   SUPPORTED_DEVICES := edgecore,eap101
+-  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap101 uboot-env
++  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap101 uboot-envtools
+ endef
+ TARGET_DEVICES += edgecore_eap101
+ 
+diff --git a/target/linux/ipq807x/image/ipq807x.mk b/target/linux/ipq807x/image/ipq807x.mk
+index 7081769407..000d2793c9 100644
+--- a/target/linux/ipq807x/image/ipq807x.mk
++++ b/target/linux/ipq807x/image/ipq807x.mk
+@@ -41,7 +41,7 @@ define Device/edgecore_eap102
+   DEVICE_DTS := qcom-ipq807x-eap102
+   DEVICE_DTS_CONFIG=config@ac02
+   SUPPORTED_DEVICES := edgecore,eap102
+-  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap102 kmod-usb3 kmod-usb2
++  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap102 kmod-usb2 uboot-envtools
+ endef
+ TARGET_DEVICES += edgecore_eap102
+ define Device/tplink_ex227
+-- 
+2.25.1
+

profiles-20.x/wlan-ap.yml

@@ -60,6 +60,7 @@ packages:
   - kmod-ip6-tunnel
   - kmod-iptunnel
   - kmod-iptunnel6
+  - logrotate
 
 diffconfig: |
   CONFIG_OPENSSL_ENGINE=y

profiles/wlan-ap.yml

@@ -80,6 +80,7 @@ packages:
   - eapol-test
   - apc
   - radsecproxy
+  - logrotate
 
 diffconfig: |
   CONFIG_OPENSSL_ENGINE=y