WIFI-2681: Allow re-trying a failed upgrade

Signed-off-by: Owen Anderson <owenthomasanderson@gmail.com>

feeds/ipq807x/qca-nss-clients/Makefile

@@ -0,0 +1,626 @@
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=qca-nss-clients
+PKG_SOURCE_PROTO:=git
+PKG_BRANCH:=master
+PKG_RELEASE:=2
+PKG_SOURCE_URL:=https://source.codeaurora.org/quic/qsdk/oss/lklm/nss-clients/
+PKG_VERSION:=9136ef60bf68ceed760781d3acbeddb05470e432
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+
+#PKG_BUILD_DEPENDS := PACKAGE_kmod-qca-nss-crypto:kmod-qca-nss-crypto
+MAKE_OPTS:=
+
+include $(INCLUDE_DIR)/package.mk
+
+# Keep default as ipq806x for branches that does not have subtarget framework
+ifeq ($(CONFIG_TARGET_ipq),y)
+subtarget:=$(SUBTARGET)
+else
+subtarget:=$(CONFIG_TARGET_BOARD)
+endif
+
+ifneq (, $(findstring $(subtarget), "ipq807x" "ipq807x_ipq807x" "ipq60xx" "ipq807x_ipq60xx"))
+# DTLS Manager v2.0 for Hawkeye/Cypress
+  DTLSMGR_DIR:=v2.0
+# IPsec Manager v2.0 for Hawkeye/Cypress
+  IPSECMGR_DIR:=v2.0
+else
+# DTLS Manager v1.0 for Akronite.
+  DTLSMGR_DIR:=v1.0
+# IPsec Manager v1.0 for Akronite.
+  IPSECMGR_DIR:=v1.0
+endif
+
+define KernelPackage/qca-nss-drv-tun6rd
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - tun6rd
+  DEPENDS:=+kmod-qca-nss-drv +kmod-sit @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/qca-nss-tun6rd.ko
+  AUTOLOAD:=$(call AutoLoad,60,qca-nss-tun6rd)
+endef
+
+define KernelPackage/qca-nss-drv-tun6rd/Description
+Kernel modules for NSS connection manager - Support for 6rd tunnel
+endef
+
+define KernelPackage/qca-nss-drv-dtlsmgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - dtlsmgr
+  DEPENDS:=+kmod-qca-nss-drv +kmod-qca-nss-cfi-cryptoapi @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/dtls/$(DTLSMGR_DIR)/qca-nss-dtlsmgr.ko
+endef
+
+define KernelPackage/qca-nss-drv-dtls/Description
+Kernel modules for NSS connection manager - Support for DTLS sessions
+endef
+
+define KernelPackage/qca-nss-drv-tlsmgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - tlsmgr
+  DEPENDS:=@TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq807x||TARGET_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx +kmod-qca-nss-drv +kmod-qca-nss-cfi @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/tls/qca-nss-tlsmgr.ko
+endef
+
+define KernelPackage/qca-nss-drv-tls/Description
+Kernel modules for NSS connection manager - Support for TLS sessions
+endef
+
+define KernelPackage/qca-nss-drv-l2tpv2
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - l2tp
+  DEPENDS:=+kmod-qca-nss-drv +kmod-ppp +kmod-l2tp @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/l2tp/l2tpv2/qca-nss-l2tpv2.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-l2tpv2)
+endef
+
+define KernelPackage/qca-nss-drv-l2tp/Description
+Kernel modules for NSS connection manager - Support for l2tp tunnel
+endef
+
+define KernelPackage/qca-nss-drv-pptp
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - PPTP
+  DEPENDS:=+kmod-qca-nss-drv +kmod-pptp @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/pptp/qca-nss-pptp.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-pptp)
+endef
+
+define KernelPackage/qca-nss-drv-pptp/Description
+Kernel modules for NSS connection manager - Support for PPTP tunnel
+endef
+
+define KernelPackage/qca-nss-drv-pppoe
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - PPPoE
+  DEPENDS:=+kmod-qca-nss-drv +kmod-pppoe @!LINUX_3_18 \
+		+!(TARGET_ipq_ipq807x_QSDK_256||TARGET_ipq_ipq60xx_QSDK_256):kmod-bonding
+  FILES:=$(PKG_BUILD_DIR)/pppoe/qca-nss-pppoe.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-pppoe)
+endef
+
+define KernelPackage/qca-nss-drv-pppoe/Description
+Kernel modules for NSS connection manager - Support for PPPoE
+endef
+
+define KernelPackage/qca-nss-drv-map-t
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - MAP-T
+  DEPENDS:=+kmod-qca-nss-drv +kmod-nat46 @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/map/map-t/qca-nss-map-t.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-map-t)
+endef
+
+define KernelPackage/qca-nss-drv-map-t/Description
+Kernel modules for NSS connection manager - Support for MAP-T
+endef
+
+define KernelPackage/qca-nss-drv-gre
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - GRE
+  DEPENDS:=@TARGET_ipq_ipq806x||TARGET_ipq806x||TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq807x||TARGET_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx||TARGET_ipq_ipq50xx||TARGET_ipq_ipq50xx_64 \
+	   +kmod-qca-nss-drv @!LINUX_3_18 +kmod-gre6
+  FILES:=$(PKG_BUILD_DIR)/gre/qca-nss-gre.ko $(PKG_BUILD_DIR)/gre/test/qca-nss-gre-test.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-gre)
+endef
+
+define KernelPackage/qca-nss-drv-gre/Description
+Kernel modules for NSS connection manager - Support for GRE
+endef
+
+define KernelPackage/qca-nss-drv-tunipip6
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (connection manager) - DS-lite and ipip6 Tunnel
+  DEPENDS:=+kmod-qca-nss-drv +kmod-iptunnel6 +kmod-ip6-tunnel @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/tunipip6/qca-nss-tunipip6.ko
+  AUTOLOAD:=$(call AutoLoad,60,qca-nss-tunipip6)
+endef
+
+define KernelPackage/qca-nss-drv-tunipip6/Description
+Kernel modules for NSS connection manager
+Add support for DS-lite and ipip6 tunnel
+endef
+
+define KernelPackage/qca-nss-drv-profile
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  DEPENDS:=+kmod-qca-nss-drv @!LINUX_3_18
+  TITLE:=Profiler for QCA NSS driver (IPQ806x)
+  FILES:=$(PKG_BUILD_DIR)/profiler/qca-nss-profile-drv.ko
+endef
+
+define KernelPackage/qca-nss-drv-profile/Description
+This package contains a NSS driver profiler for QCA chipset
+endef
+
+define KernelPackage/qca-nss-drv-ipsecmgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (ipsec manager) - ipsecmgr
+  DEPENDS:=@TARGET_ipq806x||TARGET_ipq_ipq806x||TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq807x||TARGET_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx \
+		+kmod-qca-nss-drv +kmod-qca-nss-cfi-cryptoapi +kmod-qca-nss-cfi-ocf @!LINUX_3_18
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2),)
+  DEPENDS:=+kmod-qca-nss-drv-l2tpv2
+endif
+  FILES:=$(PKG_BUILD_DIR)/ipsecmgr/$(IPSECMGR_DIR)/qca-nss-ipsecmgr.ko
+  AUTOLOAD:=$(call AutoLoad,60,qca-nss-ipsecmgr)
+endef
+
+define KernelPackage/qca-nss-drv-ipsecmgr/Description
+Kernel module for NSS IPsec offload manager
+endef
+
+define KernelPackage/qca-nss-drv-ipsecmgr-klips
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS (ipsec klips)
+  DEPENDS:=@TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx \
+		+kmod-qca-nss-drv-ipsecmgr kmod-qca-nss-ecm
+  FILES:=$(PKG_BUILD_DIR)/ipsecmgr/$(IPSECMGR_DIR)/plugins/klips/qca-nss-ipsec-klips.ko
+endef
+
+define KernelPackage/qca-nss-drv-ipsecmgr-klips/Description
+NSS Kernel module for IPsec klips offload
+endef
+
+
+define KernelPackage/qca-nss-drv-capwapmgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  DEPENDS:=+kmod-qca-nss-drv +kmod-qca-nss-drv-dtlsmgr @!LINUX_3_18
+  TITLE:=NSS CAPWAP Manager for QCA NSS driver (IPQ806x)
+  FILES:=$(PKG_BUILD_DIR)/capwapmgr/qca-nss-capwapmgr.ko
+endef
+
+define KernelPackage/qca-nss-drv-capwapmgr/Description
+This package contains a NSS CAPWAP Manager
+endef
+
+define KernelPackage/qca-nss-drv-bridge-mgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS bridge manager
+  DEPENDS:=@TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq807x||TARGET_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx \
+		+TARGET_ipq_ipq807x:kmod-qca-nss-drv-vlan-mgr \
+		+TARGET_ipq_ipq807x_ipq807x:kmod-qca-nss-drv-vlan-mgr \
+		+TARGET_ipq807x:kmod-qca-nss-drv-vlan-mgr \
+		+TARGET_ipq807x_ipq807x:kmod-qca-nss-drv-vlan-mgr \
+		+TARGET_ipq_ipq60xx:kmod-qca-nss-drv-vlan-mgr \
+		+TARGET_ipq807x_ipq60xx:kmod-qca-nss-drv-vlan-mgr @!LINUX_3_18 \
+		+!(TARGET_ipq_ipq807x_QSDK_256||TARGET_ipq_ipq60xx_QSDK_256):kmod-bonding
+  FILES:=$(PKG_BUILD_DIR)/bridge/qca-nss-bridge-mgr.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-bridge-mgr)
+endef
+
+define KernelPackage/qca-nss-drv-bridge-mgr/Description
+Kernel modules for NSS bridge manager
+endef
+
+define KernelPackage/qca-nss-drv-vlan-mgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS vlan manager
+  DEPENDS:=@TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq807x||TARGET_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx +kmod-qca-nss-drv @!LINUX_3_18 \
+		+!(TARGET_ipq_ipq807x_QSDK_256||TARGET_ipq_ipq60xx_QSDK_256):kmod-bonding
+  FILES:=$(PKG_BUILD_DIR)/vlan/qca-nss-vlan.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-vlan)
+endef
+
+define KernelPackage/qca-nss-drv-vlan-mgr/Description
+Kernel modules for NSS vlan manager
+endef
+
+define KernelPackage/qca-nss-drv-qdisc
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Support
+  TITLE:=Qdisc for configuring shapers in NSS
+  DEPENDS:=+kmod-qca-nss-drv @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/nss_qdisc/qca-nss-qdisc.ko
+  AUTOLOAD:=$(call AutoLoad,58,qca-nss-qdisc)
+endef
+
+define KernelPackage/qca-nss-drv-qdisc/Description
+Linux qdisc that aids in configuring shapers in the NSS
+endef
+
+define KernelPackage/qca-nss-drv-igs
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Support
+  TITLE:=Action for offloading traffic to an IFB interface to perform ingress shaping.
+  DEPENDS:=@TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx||TARGET_ipq_ipq50xx||TARGET_ipq_ipq50xx_64 \
+	+kmod-qca-nss-drv +kmod-sched-core +kmod-ifb +kmod-qca-nss-drv-qdisc @!LINUX_3_18
+  FILES:=$(PKG_BUILD_DIR)/nss_qdisc/igs/act_nssmirred.ko
+endef
+
+define KernelPackage/qca-nss-drv-igs/Description
+Linux action that helps in offloading traffic to an IFB interface to perform ingress shaping.
+endef
+
+define KernelPackage/qca-nss-drv-lag-mgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS LAG manager
+  DEPENDS:=+kmod-qca-nss-drv  @!LINUX_3_18 \
+	   +TARGET_ipq_ipq807x:kmod-qca-nss-drv-vlan-mgr \
+	   +TARGET_ipq_ipq807x_ipq807x:kmod-qca-nss-drv-vlan-mgr @!LINUX_3_18 \
+	   +TARGET_ipq807x:kmod-qca-nss-drv-vlan-mgr \
+	   +TARGET_ipq807x_ipq807x:kmod-qca-nss-drv-vlan-mgr @!LINUX_3_18 \
+	   +TARGET_ipq_ipq60xx:kmod-qca-nss-drv-vlan-mgr @!LINUX_3_18 \
+	   +TARGET_ipq807x_ipq60xx:kmod-qca-nss-drv-vlan-mgr @!LINUX_3_18 \
+	   +kmod-bonding
+  FILES:=$(PKG_BUILD_DIR)/lag/qca-nss-lag-mgr.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-lag-mgr)
+endef
+
+define KernelPackage/qca-nss-drv-lag-mgr/Description
+Kernel modules for NSS LAG manager
+endef
+
+define KernelPackage/qca-nss-drv-netlink
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  DEPENDS:=@TARGET_ipq807x||TARGET_ipq_ipq807x||TARGET_ipq807x_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx||TARGET_ipq_ipq50xx||TARGET_ipq_ipq50xx_64 \
+		+kmod-qca-nss-drv @!LINUX_3_18 \
+		+PACKAGE_kmod-qca-nss-drv-ipsecmgr:kmod-qca-nss-drv-ipsecmgr \
+		+PACKAGE_kmod-qca-nss-drv-dtlsmgr:kmod-qca-nss-drv-dtlsmgr \
+		+PACKAGE_kmod-qca-nss-drv-capwapmgr:kmod-qca-nss-drv-capwapmgr @!LINUX_3_18
+  TITLE:=NSS NETLINK Manager for QCA NSS driver
+  FILES:=$(PKG_BUILD_DIR)/netlink/qca-nss-netlink.ko
+endef
+
+define KernelPackage/qca-nss-drv-netlink/Description
+Kernel module for NSS netlink manager
+endef
+
+define KernelPackage/qca-nss-drv-ovpn-mgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for NSS OpenVPN manager
+  DEPENDS:=+kmod-qca-nss-drv +kmod-qca-nss-cfi +kmod-tun +kmod-ipt-conntrack @!LINUX_3_18 \
+	  @TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx
+  FILES:=$(PKG_BUILD_DIR)/openvpn/src/qca-nss-ovpn-mgr.ko
+endef
+
+define KernelPackage/qca-nss-drv-ovpn-mgr/Description
+Kernel module for NSS OpenVPN manager
+endef
+
+define KernelPackage/qca-nss-drv-ovpn-link
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  TITLE:=Kernel driver for interfacing NSS OpenVPN manager with ECM
+  DEPENDS:=+kmod-qca-nss-drv-ovpn-mgr +kmod-qca-nss-ecm-premium @!LINUX_3_18 \
+	  @TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_ipq807x||TARGET_ipq_ipq60xx||TARGET_ipq807x_ipq60xx
+  FILES:=$(PKG_BUILD_DIR)/openvpn/plugins/qca-nss-ovpn-link.ko
+endef
+
+define KernelPackage/qca-nss-drv-ovpn-link/Description
+This module registers with ECM and communicates with NSS OpenVPN manager for supporting OpenVPN offload.
+endef
+
+define KernelPackage/qca-nss-drv-pvxlanmgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  DEPENDS:=+kmod-qca-nss-drv @!LINUX_3_18
+  TITLE:=NSS PVXLAN Manager for QCA NSS driver
+  FILES:=$(PKG_BUILD_DIR)/pvxlanmgr/qca-nss-pvxlanmgr.ko
+endef
+
+define KernelPackage/qca-nss-drv-pvxlanmgr/Description
+Kernel module for managing NSS PVxLAN
+endef
+
+define KernelPackage/qca-nss-drv-eogremgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  DEPENDS:=+kmod-qca-nss-drv +kmod-qca-nss-drv-gre @!LINUX_3_18
+  TITLE:=NSS EOGRE Manager for QCA NSS driver
+  FILES:=$(PKG_BUILD_DIR)/eogremgr/qca-nss-eogremgr.ko
+endef
+
+define KernelPackage/qca-nss-drv-eogremgr/Description
+Kernel module for managing NSS EoGRE
+endef
+
+define KernelPackage/qca-nss-drv-clmapmgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  DEPENDS:=+kmod-qca-nss-drv +kmod-qca-nss-drv-eogremgr @!LINUX_3_18
+  TITLE:=NSS clmap Manager for QCA NSS driver
+  FILES:=$(PKG_BUILD_DIR)/clmapmgr/qca-nss-clmapmgr.ko
+endef
+
+define KernelPackage/qca-nss-drv-clmapmgr/Description
+Kernel module for managing NSS clmap
+endef
+
+define KernelPackage/qca-nss-drv-vxlanmgr
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Devices
+  DEPENDS:=+kmod-qca-nss-drv +kmod-vxlan @!LINUX_3_18
+  TITLE:=NSS VxLAN Manager for QCA NSS driver
+  FILES:=$(PKG_BUILD_DIR)/vxlanmgr/qca-nss-vxlanmgr.ko
+  AUTOLOAD:=$(call AutoLoad,51,qca-nss-vxlanmgr)
+endef
+
+define KernelPackage/qca-nss-drv-vxlanmgr/Description
+Kernel module for managing NSS VxLAN
+endef
+
+define KernelPackage/qca-nss-drv-match
+ SECTION:=kernel
+ CATEGORY:=Kernel modules
+ SUBMENU:=Network Devices
+ DEPENDS:=+kmod-qca-nss-drv @!LINUX_3_18
+ TITLE:=NSS Match for QCA NSS driver
+ FILES:=$(PKG_BUILD_DIR)/match/qca-nss-match.ko
+endef
+
+define KernelPackage/qca-nss-drv-match/Description
+Kernel module for managing NSS Match
+endef
+
+define KernelPackage/qca-nss-drv-mirror
+ SECTION:=kernel
+ CATEGORY:=Kernel modules
+ SUBMENU:=Network Support
+ TITLE:=Module for mirroring packets from NSS to host.
+ DEPENDS:=+kmod-qca-nss-drv @!LINUX_3_18
+ FILES:=$(PKG_BUILD_DIR)/mirror/qca-nss-mirror.ko
+endef
+
+define KernelPackage/qca-nss-drv-mirror/Description
+Kernel module for managing NSS Mirror
+endef
+
+define Build/InstallDev/qca-nss-clients
+	$(INSTALL_DIR) $(1)/usr/include/qca-nss-clients
+	$(CP) $(PKG_BUILD_DIR)/netlink/include/* $(1)/usr/include/qca-nss-clients/
+	$(CP) $(PKG_BUILD_DIR)/exports/* $(1)/usr/include/qca-nss-clients/
+endef
+
+define Build/InstallDev
+	$(call Build/InstallDev/qca-nss-clients,$(1))
+endef
+
+define KernelPackage/qca-nss-drv-ovpn-mgr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/qca-nss-ovpn.init $(1)/etc/init.d/qca-nss-ovpn
+endef
+
+define KernelPackage/qca-nss-drv-ipsecmgr-klips/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/qca-nss-ipsec $(1)/etc/init.d/qca-nss-ipsec
+endef
+
+define KernelPackage/qca-nss-drv-igs/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/qca-nss-mirred.init $(1)/etc/init.d/qca-nss-mirred
+endef
+
+EXTRA_CFLAGS+= \
+	-I$(STAGING_DIR)/usr/include/qca-nss-drv \
+	-I$(STAGING_DIR)/usr/include/qca-nss-crypto \
+	-I$(STAGING_DIR)/usr/include/qca-nss-cfi \
+	-I$(STAGING_DIR)/usr/include/qca-nss-gmac \
+	-I$(STAGING_DIR)/usr/include/qca-ssdk \
+	-I$(STAGING_DIR)/usr/include/qca-ssdk/fal \
+	-I$(STAGING_DIR)/usr/include/nat46
+
+# Build individual packages if selected
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-profile),)
+MAKE_OPTS+=profile=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-capwapmgr),)
+MAKE_OPTS+=capwapmgr=y
+EXTRA_CFLAGS += -DNSS_CAPWAPMGR_ONE_NETDEV
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-tun6rd),)
+MAKE_OPTS+=tun6rd=m
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-dtlsmgr),)
+MAKE_OPTS+=dtlsmgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-tlsmgr),)
+MAKE_OPTS+=tlsmgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2),)
+MAKE_OPTS+=l2tpv2=y
+EXTRA_CFLAGS += -DNSS_L2TPV2_ENABLED
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-pptp),)
+MAKE_OPTS+=pptp=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-map-t),)
+MAKE_OPTS+=map-t=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6),)
+MAKE_OPTS+=tunipip6=m
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc),)
+MAKE_OPTS+=qdisc=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-igs),)
+MAKE_OPTS+=igs=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ipsecmgr),)
+EXTRA_CFLAGS+= -I$(PKG_BUILD_DIR)/exports
+MAKE_OPTS+=ipsecmgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ipsecmgr-klips),)
+EXTRA_CFLAGS+= -I$(STAGING_DIR)/usr/include/qca-nss-ecm
+MAKE_OPTS+=ipsecmgr-klips=m
+endif
+
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-bridge-mgr),)
+MAKE_OPTS+=bridge-mgr=y
+#enable OVS bridge if ovsmgr is enabled
+ifneq ($(CONFIG_PACKAGE_kmod-qca-ovsmgr),)
+MAKE_OPTS+= NSS_BRIDGE_MGR_OVS_ENABLE=y
+EXTRA_CFLAGS+= -I$(STAGING_DIR)/usr/include/qca-ovsmgr
+endif
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-vlan-mgr),)
+MAKE_OPTS+=vlan-mgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-lag-mgr),)
+MAKE_OPTS+=lag-mgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-gre),)
+EXTRA_CFLAGS+= -I$(PKG_BUILD_DIR)/exports
+MAKE_OPTS+=gre=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe),)
+MAKE_OPTS+=pppoe=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-netlink),)
+MAKE_OPTS+=netlink=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ovpn-mgr),)
+MAKE_OPTS+=ovpn-mgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ovpn-link),)
+MAKE_OPTS+=ovpn-link=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-pvxlanmgr),)
+MAKE_OPTS+=pvxlanmgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-eogremgr),)
+MAKE_OPTS+=eogremgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-clmapmgr),)
+MAKE_OPTS+=clmapmgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-vxlanmgr),)
+MAKE_OPTS+=vxlanmgr=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-match),)
+MAKE_OPTS+=match=y
+endif
+
+ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-mirror),)
+MAKE_OPTS+=mirror=y
+endif
+
+define Build/Compile
+	$(MAKE) -C "$(LINUX_DIR)" $(strip $(MAKE_OPTS)) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		ARCH="$(LINUX_KARCH)" \
+		M="$(PKG_BUILD_DIR)" \
+		EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
+		SoC="$(subtarget)" \
+		DTLSMGR_DIR="$(DTLSMGR_DIR)" \
+		IPSECMGR_DIR="$(IPSECMGR_DIR)" \
+		modules
+endef
+
+$(eval $(call KernelPackage,qca-nss-drv-profile))
+#$(eval $(call KernelPackage,qca-nss-drv-capwapmgr))
+$(eval $(call KernelPackage,qca-nss-drv-tun6rd))
+#$(eval $(call KernelPackage,qca-nss-drv-dtlsmgr))
+$(eval $(call KernelPackage,qca-nss-drv-l2tpv2))
+$(eval $(call KernelPackage,qca-nss-drv-pptp))
+$(eval $(call KernelPackage,qca-nss-drv-pppoe))
+$(eval $(call KernelPackage,qca-nss-drv-map-t))
+$(eval $(call KernelPackage,qca-nss-drv-tunipip6))
+$(eval $(call KernelPackage,qca-nss-drv-qdisc))
+$(eval $(call KernelPackage,qca-nss-drv-igs))
+#$(eval $(call KernelPackage,qca-nss-drv-netlink))
+#$(eval $(call KernelPackage,qca-nss-drv-ipsecmgr))
+#$(eval $(call KernelPackage,qca-nss-drv-ipsecmgr-klips))
+$(eval $(call KernelPackage,qca-nss-drv-bridge-mgr))
+$(eval $(call KernelPackage,qca-nss-drv-vlan-mgr))
+$(eval $(call KernelPackage,qca-nss-drv-lag-mgr))
+$(eval $(call KernelPackage,qca-nss-drv-gre))
+#$(eval $(call KernelPackage,qca-nss-drv-ovpn-mgr))
+#$(eval $(call KernelPackage,qca-nss-drv-ovpn-link))
+$(eval $(call KernelPackage,qca-nss-drv-pvxlanmgr))
+$(eval $(call KernelPackage,qca-nss-drv-eogremgr))
+$(eval $(call KernelPackage,qca-nss-drv-clmapmgr))
+$(eval $(call KernelPackage,qca-nss-drv-vxlanmgr))
+$(eval $(call KernelPackage,qca-nss-drv-match))
+#$(eval $(call KernelPackage,qca-nss-drv-tlsmgr))
+$(eval $(call KernelPackage,qca-nss-drv-mirror))

feeds/ipq807x/qca-nss-clients/files/qca-nss-ipsec

@@ -0,0 +1,92 @@
+#!/bin/sh  /etc/rc.common
+#
+# Copyright (c) 2018-2019 The Linux Foundation. All rights reserved.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+NSS_IPSEC_LOG_FILE=/tmp/.nss_ipsec_log
+NSS_IPSEC_LOG_STR_ECM="ECM_Loaded"
+
+ecm_load () {
+	if [ ! -d /sys/module/ecm ]; then
+		/etc/init.d/qca-nss-ecm start
+		if [ -d /sys/module/ecm ]; then
+			echo ${NSS_IPSEC_LOG_STR_ECM} >> ${NSS_IPSEC_LOG_FILE}
+		fi
+	fi
+}
+
+ecm_unload () {
+	if [ -f /tmp/.nss_ipsec_log ]; then
+		str=`grep ${NSS_IPSEC_LOG_STR_ECM} ${NSS_IPSEC_LOG_FILE}`
+		if [[ $str == ${NSS_IPSEC_LOG_STR_ECM} ]]; then
+			/etc/init.d/qca-nss-ecm stop
+			`sed 's/${NSS_IPSEC_LOG_STR_ECM}/ /g' $NSS_IPSEC_LOG_FILE >  $NSS_IPSEC_LOG_FILE`
+		fi
+	fi
+}
+
+ecm_disable() {
+
+	if [ ! -d /sys/module/ecm ]; then
+		return;
+	fi
+
+	echo 1 > /sys/kernel/debug/ecm/front_end_ipv4_stop
+	echo 1 > /sys/kernel/debug/ecm/front_end_ipv6_stop
+	echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all
+	sleep 2
+}
+
+ecm_enable() {
+	if [ ! -d /sys/module/ecm ]; then
+		return;
+	fi
+
+	echo 0 > /sys/kernel/debug/ecm/ecm_db/defunct_all
+	echo 0 > /sys/kernel/debug/ecm/front_end_ipv4_stop
+	echo 0 > /sys/kernel/debug/ecm/front_end_ipv6_stop
+}
+
+start() {
+	ecm_load
+
+	local kernel_version=$(uname -r)
+
+	insmod /lib/modules/${kernel_version}/qca-nss-ipsec-klips.ko
+	if [ "$?" -gt 0 ]; then
+		echo "Failed to load plugin. Please start ecm if not done already"
+		ecm_enable
+		return
+	fi
+
+	/etc/init.d/ipsec start
+	sleep 2
+	ipsec eroute
+
+	ecm_enable
+}
+
+stop() {
+	ecm_disable
+
+	/etc/init.d/ipsec stop
+	rmmod qca-nss-ipsec-klips
+
+	ecm_unload
+}
+
+restart() {
+	stop
+	start
+}

feeds/ipq807x/qca-nss-clients/files/qca-nss-mirred.init

@@ -0,0 +1,28 @@
+#!/bin/sh /etc/rc.common
+
+###########################################################################
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Permission to use, copy, modify, and/or distribute this software for
+# any purpose with or without fee is hereby granted, provided that the
+# above copyright notice and this permission notice appear in all copies.
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+###########################################################################
+
+restart() {
+	rmmod act_nssmirred.ko
+	insmod act_nssmirred.ko
+}
+
+start() {
+	insmod act_nssmirred.ko
+}
+
+stop() {
+	rmmod act_nssmirred.ko
+}

feeds/ipq807x/qca-nss-clients/files/qca-nss-ovpn.init

@@ -0,0 +1,69 @@
+#!/bin/sh /etc/rc.common
+
+###########################################################################
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Permission to use, copy, modify, and/or distribute this software for
+# any purpose with or without fee is hereby granted, provided that the
+# above copyright notice and this permission notice appear in all copies.
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+###########################################################################
+
+ecm_disable() {
+	if [ ! -d /sys/module/ecm ]; then
+	   return
+	fi
+
+	echo 1 > /sys/kernel/debug/ecm/front_end_ipv4_stop
+	echo 1 > /sys/kernel/debug/ecm/front_end_ipv6_stop
+	echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all
+	sleep 2
+}
+
+ecm_enable() {
+	if [ ! -d /sys/module/ecm ]; then
+	   return
+	fi
+
+	echo 0 > /sys/kernel/debug/ecm/ecm_db/defunct_all
+	echo 0 > /sys/kernel/debug/ecm/front_end_ipv4_stop
+	echo 0 > /sys/kernel/debug/ecm/front_end_ipv6_stop
+}
+
+restart() {
+	ecm_disable
+
+	/etc/init.d/openvpn stop
+	rmmod qca-nss-ovpn-link
+	rmmod qca-nss-ovpn-mgr
+
+	insmod qca-nss-ovpn-mgr
+	insmod qca-nss-ovpn-link
+
+	if [ "$?" -gt 0 ]; then
+		echo "Failed to load plugin. Please start ecm if not done already"
+		ecm_enable
+		return
+	fi
+
+	ecm_enable
+}
+
+start() {
+	restart
+}
+
+stop() {
+	ecm_disable
+
+	/etc/init.d/openvpn stop
+	rmmod qca-nss-ovpn-link
+	rmmod qca-nss-ovpn-mgr
+
+	ecm_enable
+}

feeds/wifi-ax/hostapd/files/hostapd.sh

@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
+		eap-only)
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
+		eap-transition)
+			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -205,6 +214,9 @@ hostapd_common_add_bss_config() {
 	config_add_int maxassoc max_inactivity
 	config_add_boolean disassoc_low_ack isolate short_preamble
 
+config_add_int signal_connect signal_stay signal_poll_time \
+		signal_drop_reason signal_strikes
+
 	config_add_int \
 		wep_rekey eap_reauth_period \
 		wpa_group_rekey wpa_pair_rekey wpa_master_rekey
@@ -312,14 +324,15 @@ hostapd_common_add_bss_config() {
 	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
 
 	config_add_boolean interworking internet
-	config_add_int access_network_type asra esr uesa venue_group venue_type ipaddr_type_availability \
+	config_add_int access_network_type asra esr uesa venue_group venue_type  \
 		gas_address3
-	config_add_string hessid network_auth_type \
+	config_add_string hessid network_auth_type ipaddr_type_availability \
 		anqp_3gpp_cell_net anqp_elem domain_name qos_map_set hs20_t_c_server_url
 
 	config_add_array airtime_sta_weight
 	config_add_int airtime_bss_weight airtime_bss_limit
 	config_add_int rts_threshold
+	config_add_boolean multicast_to_unicast proxy_arp
 }
 
 hostapd_set_vlan_file() {
@@ -475,6 +488,7 @@ hostapd_set_bss_options() {
 	local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
 
 	json_get_vars \
+	signal_connect signal_stay signal_poll_time signal_drop_reason signal_strikes \
 		wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_strict_rekey \
 		wpa_disable_eapol_key_retries tdls_prohibit \
 		maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
@@ -486,7 +500,8 @@ hostapd_set_bss_options() {
 		bss_load_update_period chan_util_avg_period sae_require_mfp \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key \
 		airtime_bss_weight airtime_bss_limit airtime_sta_weight \
-		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold 
+		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold \
+		proxy_arp multicast_to_unicast
 
 	set_default isolate 0
 	set_default maxassoc 0
@@ -509,6 +524,14 @@ hostapd_set_bss_options() {
 	set_default rssi_reject_assoc_rssi 0
 	set_default rssi_ignore_probe_request 0
 	set_default rts_threshold -1
+	set_default signal_connect -128
+	set_default signal_stay -128
+	set_default signal_poll_time 5
+	set_default signal_drop_reason 3
+	set_default signal_strikes 3
+	set_default proxy_arp 0
+	set_default multicast_to_unicast 0
+
 
 	append bss_conf "ctrl_interface=/var/run/hostapd"
 	if [ "$isolate" -gt 0 ]; then
@@ -537,6 +560,14 @@ hostapd_set_bss_options() {
 	append bss_conf "rssi_reject_assoc_rssi=$rssi_reject_assoc_rssi" "$N"
 	append bss_conf "rssi_ignore_probe_request=$rssi_ignore_probe_request" "$N"
 	append bss_conf "rts_threshold=$rts_threshold" "$N"
+	append bss_conf "signal_connect=$signal_connect" "$N"
+	append bss_conf "signal_stay=$signal_stay" "$N"
+	append bss_conf "signal_poll_time=$signal_poll_time" "$N"
+	append bss_conf "signal_strikes=$signal_strikes" "$N"
+	append bss_conf "signal_drop_reason=$signal_drop_reason" "$N"
+
+	[ -n "$proxy_arp" ] && append bss_conf "proxy_arp=$proxy_arp" "$N"
+	[ -n "$multicast_to_unicast" ] && append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
 
 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
 
@@ -558,11 +589,11 @@ hostapd_set_bss_options() {
 	}
 
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -604,7 +635,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
@@ -816,7 +847,15 @@ hostapd_set_bss_options() {
 				json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
 				append bss_conf "ieee80211w=$ieee80211w" "$N"
 				[ "$ieee80211w" -gt "0" ] && {
-					append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+					case "$auth_type" in
+						eap192)
+							append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N"
+							append bss_conf "group_cipher=GCMP-256" "$N"
+						;;
+						*)
+							append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+						;;
+					esac
 					[ -n "$ieee80211w_max_timeout" ] && \
 						append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
 					[ -n "$ieee80211w_retry_timeout" ] && \
@@ -941,16 +980,15 @@ hostapd_set_bss_options() {
 	set_default access_network_type 0
 	set_default venue_group 0
 	set_default venue_type 0
-	set_default ipaddr_type_availability 0
 	set_default gas_address3 0
 	set_default hs20_deauth_req_timeout 60
 	if [ "$hs20" = "1" ]; then
 		append bss_conf "hs20=1" "$N"
 		append_hs20_icons
-		[ -n "$disable_dgaf"] && append bss_conf "disable_dgaf=$disable_dgaf" "$N"
-		[ -n "$osen"] && append bss_conf "osen=$osen" "$N"
+		[ -n "$disable_dgaf" ] && append bss_conf "disable_dgaf=$disable_dgaf" "$N"
+		[ -n "$osen" ] && append bss_conf "osen=$osen" "$N"
 		[ "$anqp_domain_id" -gt 0 ] && append bss_conf "anqp_domain_id=$anqp_domain_id" "$N"
-		[ -n "$hs20_deauth_req_timeout"] && append bss_conf "hs20_deauth_req_timeout=$hs20_deauth_req_timeout" "$N"
+		[ -n "$hs20_deauth_req_timeout" ] && append bss_conf "hs20_deauth_req_timeout=$hs20_deauth_req_timeout" "$N"
 		[ -n "$osu_ssid" ] && append bss_conf "osu_ssid=$osu_ssid" "$N"
 		[ -n "$hs20_wan_metrics" ] && append bss_conf "hs20_wan_metrics=$hs20_wan_metrics" "$N"
 		[ -n "$hs20_operating_class" ] && append bss_conf "hs20_operating_class=$hs20_operating_class" "$N"
@@ -973,7 +1011,7 @@ hostapd_set_bss_options() {
 		[ "$uesa" -gt 0 ] && append bss_conf "uesa=$uesa" "$N"
 		[ "$venue_group" -gt 0 ] && append bss_conf "venue_group=$venue_group" "$N"
 		[ "$venue_type" -gt 0 ] && append bss_conf "venue_type=$venue_type" "$N"
-		[ "$ipaddr_type_availability" -gt 0 ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
+		[ -n "$ipaddr_type_availability" ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
 		[ "$gas_address3" -gt 0 ] && append bss_conf "gas_address3=$gas_address3" "$N"
 		[ -n "$hessid" ] && append bss_conf "hessid=$hessid" "$N"
 		[ -n "$network_auth_type" ] && append bss_conf "network_auth_type=$network_auth_type" "$N"

feeds/wifi-ax/hostapd/patches/f00-013-hapd-del_sta_before_add_if_sta_already_exist.patch

@@ -0,0 +1,28 @@
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ieee802_11.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+@@ -3675,6 +3675,13 @@ static int add_associated_sta(struct hos
+ 	 * drivers to accept the STA parameter configuration. Since this is
+ 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
+ 	 * reinstallation is not a concern for this case.
++	 *
++	 * If the STA was associated and authorized earlier, but came for a new
++	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
++	 * so that it can be re-added. This case is rarely seen when the AP could
++	 * not receive the deauth/disassoc frame from the STA. And the STA comes
++	 * back with new connection within a short period or before the inactive
++	 * STA entry is removed from the list.
+ 	 */
+ 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -3688,7 +3695,8 @@ static int add_associated_sta(struct hos
+ 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+-	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
+ 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ 		set = 0;

feeds/wifi-ax/hostapd/patches/f00-014-fix-ubus-assoc.patch

@@ -0,0 +1,32 @@
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4463,6 +4463,14 @@ static void handle_assoc(struct hostapd_
+ 			ieee802_11_set_beacons(hapd->iface);
+ 	}
+ 
++	ubus_resp = hostapd_ubus_handle_event(hapd, &req);
++	if (ubus_resp) {
++		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
++		       MAC2STR(mgmt->sa));
++		resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
++		goto fail;
++	}
++
+ 	update_ht_state(hapd, sta);
+ 
+ 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+@@ -4568,14 +4576,6 @@ static void handle_assoc(struct hostapd_
+ 					    pos, left, rssi, omit_rsnxe);
+ 	os_free(tmp);
+ 
+-	ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+-	if (ubus_resp) {
+-		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+-		       MAC2STR(mgmt->sa));
+-		resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+-		goto fail;
+-	}
+-
+ 	/*
+ 	 * Remove the station in case tranmission of a success response fails
+ 	 * (the STA was added associated to the driver) or if the station was

feeds/wifi-ax/mac80211/patches/pending/212-ath11k-clear-frag-cache-on-key-install.patch

@@ -0,0 +1,84 @@
+From 0e23a88c63d6abbeaef8ec90bd29584b7c5068bd Mon Sep 17 00:00:00 2001
+From: Sriram R <srirrama@codeaurora.org>
+Date: Thu, 10 Dec 2020 14:20:50 +0530
+Subject: [PATCH] ath11k: Clear the fragment cache during key install
+
+Currently the fragment cache setup during peer assoc is
+cleared during peer delete. In case a key reinstallation
+happens with the same peer, possibilitites are same fragment cache
+where some fragments were added before key installation could be clubbed
+with fragments received after. In ideal cases where
+this could result in wrong PN since we expect all fragments to
+have incrementing PN, this behavior could be explioted
+to mix fragments of different data resulting in a proper
+unintended reassembled packet to be passed up the stack.
+
+Signed-off-by: Sriram R <srirrama@codeaurora.org>
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 19 +++++++++++++++++++
+ drivers/net/wireless/ath/ath11k/dp_rx.h |  1 +
+ drivers/net/wireless/ath/ath11k/mac.c   |  6 ++++++
+ 3 files changed, 26 insertions(+)
+
+diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c
+index 0fa25c1..06bbd6e 100644
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -844,6 +844,25 @@ static void ath11k_dp_rx_frags_cleanup(struct dp_rx_tid *rx_tid, bool rel_link_d
+ 	__skb_queue_purge(&rx_tid->rx_frags);
+ }
+ 
++void ath11k_peer_frags_flush(struct ath11k *ar, struct ath11k_peer *peer)
++{
++	struct dp_rx_tid *rx_tid;
++	int i;
++
++	lockdep_assert_held(&ar->ab->base_lock);
++
++	for (i = 0; i <= IEEE80211_NUM_TIDS; i++) {
++		rx_tid = &peer->rx_tid[i];
++
++		spin_unlock_bh(&ar->ab->base_lock);
++		del_timer_sync(&rx_tid->frag_timer);
++		spin_lock_bh(&ar->ab->base_lock);
++
++		ath11k_dp_rx_frags_cleanup(rx_tid, true);
++
++	}
++}
++
+ void ath11k_peer_rx_tid_cleanup(struct ath11k *ar, struct ath11k_peer *peer)
+ {
+ 	struct dp_rx_tid *rx_tid;
+diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.h b/drivers/net/wireless/ath/ath11k/dp_rx.h
+index f005ded..732f9a7 100644
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.h
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.h
+@@ -68,6 +68,7 @@ int ath11k_dp_peer_rx_pn_replay_config(struct ath11k_vif *arvif,
+ 				       const u8 *peer_addr,
+ 				       enum set_key_cmd key_cmd,
+ 				       struct ieee80211_key_conf *key);
++void ath11k_peer_frags_flush(struct ath11k *ar, struct ath11k_peer *peer);
+ void ath11k_peer_rx_tid_cleanup(struct ath11k *ar, struct ath11k_peer *peer);
+ void ath11k_peer_rx_tid_delete(struct ath11k *ar,
+ 			       struct ath11k_peer *peer, u8 tid);
+diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
+index 4c88eab..91d645e 100644
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -3707,6 +3707,12 @@ static int ath11k_mac_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
+ 	 */
+ 	spin_lock_bh(&ab->base_lock);
+ 	peer = ath11k_peer_find(ab, arvif->vdev_id, peer_addr);
++
++	/* flush the fragments cache during key (re)install to
++	 * ensure all frags in the new frag list  belong to the same key.
++	 */
++	if (peer && cmd == SET_KEY)
++		ath11k_peer_frags_flush(ar, peer);
+ 	spin_unlock_bh(&ab->base_lock);
+ 
+ 	if (!peer) {
+-- 
+2.7.4
+

feeds/wifi-ax/mac80211/patches/pending/213-mac80211-frag.patch

@@ -0,0 +1,242 @@
+From patchwork Tue May 11 18:02:44 2021
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Johannes Berg <johannes@sipsolutions.net>
+X-Patchwork-Id: 12251641
+X-Patchwork-Delegate: johannes@sipsolutions.net
+Return-Path: <linux-wireless-owner@kernel.org>
+X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
+	aws-us-west-2-korg-lkml-1.web.codeaurora.org
+X-Spam-Level: 
+X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,
+	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
+	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT
+	autolearn=unavailable autolearn_force=no version=3.4.0
+Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
+	by smtp.lore.kernel.org (Postfix) with ESMTP id 5E0C4C43617
+	for <linux-wireless@archiver.kernel.org>;
+ Tue, 11 May 2021 18:03:20 +0000 (UTC)
+Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
+	by mail.kernel.org (Postfix) with ESMTP id 2E1D461625
+	for <linux-wireless@archiver.kernel.org>;
+ Tue, 11 May 2021 18:03:20 +0000 (UTC)
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+        id S231693AbhEKSEZ (ORCPT
+        <rfc822;linux-wireless@archiver.kernel.org>);
+        Tue, 11 May 2021 14:04:25 -0400
+Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41156 "EHLO
+        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
+        with ESMTP id S231561AbhEKSEV (ORCPT
+        <rfc822;linux-wireless@vger.kernel.org>);
+        Tue, 11 May 2021 14:04:21 -0400
+Received: from sipsolutions.net (s3.sipsolutions.net
+ [IPv6:2a01:4f8:191:4433::2])
+        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D055CC06175F;
+        Tue, 11 May 2021 11:03:10 -0700 (PDT)
+Received: by sipsolutions.net with esmtpsa
+ (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
+        (Exim 4.94.2)
+        (envelope-from <johannes@sipsolutions.net>)
+        id 1lgWir-007aAS-9o; Tue, 11 May 2021 20:03:09 +0200
+From: Johannes Berg <johannes@sipsolutions.net>
+To: linux-wireless@vger.kernel.org
+Cc: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>, stable@vger.kernel.org
+Subject: [PATCH 03/18] mac80211: properly handle A-MSDUs that start with an
+ RFC 1042 header
+Date: Tue, 11 May 2021 20:02:44 +0200
+Message-Id: 
+ <20210511200110.0b2b886492f0.I23dd5d685fe16d3b0ec8106e8f01b59f499dffed@changeid>
+X-Mailer: git-send-email 2.30.2
+In-Reply-To: <20210511180259.159598-1-johannes@sipsolutions.net>
+References: <20210511180259.159598-1-johannes@sipsolutions.net>
+MIME-Version: 1.0
+Precedence: bulk
+List-ID: <linux-wireless.vger.kernel.org>
+X-Mailing-List: linux-wireless@vger.kernel.org
+
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+
+Properly parse A-MSDUs whose first 6 bytes happen to equal a rfc1042
+header. This can occur in practice when the destination MAC address
+equals AA:AA:03:00:00:00. More importantly, this simplifies the next
+patch to mitigate A-MSDU injection attacks.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ include/net/cfg80211.h | 4 ++--
+ net/mac80211/rx.c      | 2 +-
+ net/wireless/util.c    | 4 ++--
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+Index: backports-20200902_001-4.4.60-931c337125/include/net/cfg80211.h
+===================================================================
+--- backports-20200902_001-4.4.60-931c337125.orig/include/net/cfg80211.h
++++ backports-20200902_001-4.4.60-931c337125/include/net/cfg80211.h
+@@ -5631,7 +5631,7 @@ unsigned int ieee80211_get_mesh_hdrlen(s
+  */
+ int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
+ 				  const u8 *addr, enum nl80211_iftype iftype,
+-				  u8 data_offset);
++				  u8 data_offset, bool is_amsdu);
+ 
+ /**
+  * ieee80211_data_to_8023 - convert an 802.11 data frame to 802.3
+@@ -5643,7 +5643,7 @@ int ieee80211_data_to_8023_exthdr(struct
+ static inline int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
+ 					 enum nl80211_iftype iftype)
+ {
+-	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0);
++	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0, false);
+ }
+ 
+ /**
+Index: backports-20200902_001-4.4.60-931c337125/net/mac80211/rx.c
+===================================================================
+--- backports-20200902_001-4.4.60-931c337125.orig/net/mac80211/rx.c
++++ backports-20200902_001-4.4.60-931c337125/net/mac80211/rx.c
+@@ -6,7 +6,7 @@
+  * Copyright 2007-2010	Johannes Berg <johannes@sipsolutions.net>
+  * Copyright 2013-2014  Intel Mobile Communications GmbH
+  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
+- * Copyright (C) 2018-2020 Intel Corporation
++ * Copyright (C) 2018-2021 Intel Corporation
+  */
+ 
+ #include <linux/jiffies.h>
+@@ -2555,13 +2555,13 @@ static bool ieee80211_frame_allowed(stru
+ 	struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
+ 
+ 	/*
+-	 * Allow EAPOL frames to us/the PAE group address regardless
+-	 * of whether the frame was encrypted or not.
+-	 */
+-	if (ehdr->h_proto == rx->sdata->control_port_protocol &&
+-	    (ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
+-	     ether_addr_equal(ehdr->h_dest, pae_group_addr)))
+-		return true;
++	 * Allow EAPOL frames to us/the PAE group address regardless of
++	 * whether the frame was encrypted or not, and always disallow
++	 * all other destination addresses for them.
++	 */
++	if (unlikely(ehdr->h_proto == rx->sdata->control_port_protocol))
++		return ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
++		       ether_addr_equal(ehdr->h_dest, pae_group_addr);
+ 
+ 	if (ieee80211_802_1x_port_control(rx) ||
+ 	    ieee80211_drop_unencrypted(rx, fc))
+@@ -2632,7 +2632,26 @@ static void ieee80211_deliver_skb_to_loc
+ 		cfg80211_rx_control_port(dev, skb, noencrypt);
+ 		dev_kfree_skb(skb);
+ 	} else {
++		struct ethhdr *ehdr = (void *)skb_mac_header(skb);
+ 		memset(skb->cb, 0, sizeof(skb->cb));
++		/*
++		 * 802.1X over 802.11 requires that the authenticator address
++		 * be used for EAPOL frames. However, 802.1X allows the use of
++		 * the PAE group address instead. If the interface is part of
++		 * a bridge and we pass the frame with the PAE group address,
++		 * then the bridge will forward it to the network (even if the
++		 * client was not associated yet), which isn't supposed to
++		 * happen.
++		 * To avoid that, rewrite the destination address to our own
++		 * address, so that the authenticator (e.g. hostapd) will see
++		 * the frame, but bridge won't forward it anywhere else. Note
++		 * that due to earlier filtering, the only other address can
++		 * be the PAE group address.
++		 */
++		if (unlikely(skb->protocol == sdata->control_port_protocol &&
++			     !ether_addr_equal(ehdr->h_dest, sdata->vif.addr)))
++			ether_addr_copy(ehdr->h_dest, sdata->vif.addr);
++
+ 		netif_rx_nss(rx, skb);
+ 	}
+ }
+@@ -2672,6 +2691,7 @@ ieee80211_deliver_skb(struct ieee80211_r
+ 	if ((sdata->vif.type == NL80211_IFTYPE_AP ||
+ 	     sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
+ 	    !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
++	    ehdr->h_proto != rx->sdata->control_port_protocol &&
+ 	    (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
+ 		if (is_multicast_ether_addr(ehdr->h_dest) &&
+ 		    ieee80211_vif_get_num_mcast_if(sdata) != 0) {
+@@ -2781,7 +2801,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_
+ 	if (ieee80211_data_to_8023_exthdr(skb, &ethhdr,
+ 					  rx->sdata->vif.addr,
+ 					  rx->sdata->vif.type,
+-					  data_offset))
++					  data_offset, true))
+ 		return RX_DROP_UNUSABLE;
+ 
+ 	ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
+@@ -2838,6 +2858,23 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx
+ 	if (is_multicast_ether_addr(hdr->addr1))
+ 		return RX_DROP_UNUSABLE;
+ 
++	if (rx->key) {
++		/*
++		 * We should not receive A-MSDUs on pre-HT connections,
++		 * and HT connections cannot use old ciphers. Thus drop
++		 * them, as in those cases we couldn't even have SPP
++		 * A-MSDUs or such.
++		 */
++		switch (rx->key->conf.cipher) {
++		case WLAN_CIPHER_SUITE_WEP40:
++		case WLAN_CIPHER_SUITE_WEP104:
++		case WLAN_CIPHER_SUITE_TKIP:
++			return RX_DROP_UNUSABLE;
++		default:
++			break;
++		}
++	}
++
+ 	return __ieee80211_rx_h_amsdu(rx, 0);
+ }
+ 
+Index: backports-20200902_001-4.4.60-931c337125/net/wireless/util.c
+===================================================================
+--- backports-20200902_001-4.4.60-931c337125.orig/net/wireless/util.c
++++ backports-20200902_001-4.4.60-931c337125/net/wireless/util.c
+@@ -474,7 +474,7 @@ EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen)
+ 
+ int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
+ 				  const u8 *addr, enum nl80211_iftype iftype,
+-				  u8 data_offset)
++				  u8 data_offset, bool is_amsdu)
+ {
+ 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ 	struct {
+@@ -562,7 +562,7 @@ int ieee80211_data_to_8023_exthdr(struct
+ 	skb_copy_bits(skb, hdrlen, &payload, sizeof(payload));
+ 	tmp.h_proto = payload.proto;
+ 
+-	if (likely((ether_addr_equal(payload.hdr, rfc1042_header) &&
++	if (likely((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
+ 		    tmp.h_proto != htons(ETH_P_AARP) &&
+ 		    tmp.h_proto != htons(ETH_P_IPX)) ||
+ 		   ether_addr_equal(payload.hdr, bridge_tunnel_header)))
+@@ -708,6 +708,9 @@ void ieee80211_amsdu_to_8023s(struct sk_
+ 		remaining = skb->len - offset;
+ 		if (subframe_len > remaining)
+ 			goto purge;
++		/* mitigate A-MSDU aggregation injection attacks */
++		if (ether_addr_equal(eth.h_dest, rfc1042_header))
++			goto purge;
+ 
+ 		offset += sizeof(struct ethhdr);
+ 		last = remaining <= subframe_len + padding;
+Index: backports-20200902_001-4.4.60-931c337125/drivers/net/wireless/ath/ath11k/nss.c
+===================================================================
+--- backports-20200902_001-4.4.60-931c337125.orig/drivers/net/wireless/ath/ath11k/nss.c
++++ backports-20200902_001-4.4.60-931c337125/drivers/net/wireless/ath/ath11k/nss.c
+@@ -477,7 +477,7 @@ static int ath11k_nss_deliver_rx(struct
+ 	}
+ 
+ 	if (ieee80211_data_to_8023_exthdr(skb, NULL, vif->addr, vif->type,
+-					  data_offs - hdr_len)) {
++					  data_offs - hdr_len, false)) {
+ 		dev_kfree_skb_any(skb);
+ 		return -EINVAL;
+ 	}

feeds/wifi-ax/mac80211/patches/qca/225-ath11k-add_cmd_processing_time_for_scan_timeout.patch

@@ -0,0 +1,22 @@
+diff -Naur a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
+--- a/drivers/net/wireless/ath/ath11k/mac.c	2021-06-09 10:02:12.040840722 -0400
++++ b/drivers/net/wireless/ath/ath11k/mac.c	2021-06-10 10:40:12.094003411 -0400
+@@ -3472,13 +3472,14 @@
+ 		scan_timeout = min_t(u32, arg->max_rest_time *
+ 				    (arg->chan_list.num_chan - 1) + (req->duration +
+ 				     ATH11K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
+-				     arg->chan_list.num_chan, arg->max_scan_time +
+-				     ATH11K_MAC_SCAN_TIMEOUT_MSECS);
++				     arg->chan_list.num_chan, arg->max_scan_time);
+ 	} else {
+-		/* Add a 200ms margin to account for event/command processing */
+-		scan_timeout = arg->max_scan_time + ATH11K_MAC_SCAN_TIMEOUT_MSECS;
++		scan_timeout = arg->max_scan_time;
+ 	}
+ 
++	/* Add a 200ms margin to account for event/command processing */
++	scan_timeout += ATH11K_MAC_SCAN_TIMEOUT_MSECS;
++
+ 	ret = ath11k_start_scan(ar, arg);
+ 	if (ret) {
+ 		ath11k_warn(ar->ab, "failed to start hw scan: %d\n", ret);

feeds/wifi-trunk/ath10k-ct/patches/960-0012-ath10k-add_cmd_processing_time_for_scan_timeout.patch

@@ -0,0 +1,22 @@
+diff -Naur a/ath10k-5.7/mac.c b/ath10k-5.7/mac.c
+--- a/ath10k-5.7/mac.c	2021-06-09 16:30:17.793556032 -0400
++++ b/ath10k-5.7/mac.c	2021-06-09 17:38:08.587733979 -0400
+@@ -7103,13 +7103,15 @@
+ 		scan_timeout = min_t(u32, arg.max_rest_time *
+ 				(arg.n_channels - 1) + (req->duration +
+ 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
+-				arg.n_channels, arg.max_scan_time + 200);
++				arg.n_channels, arg.max_scan_time);
+ 
+ 	} else {
+-		/* Add a 200ms margin to account for event/command processing */
+-		scan_timeout = arg.max_scan_time + 200;
++		scan_timeout = arg.max_scan_time;
+ 	}
+ 
++	/* Add a 200ms margin to account for event/command processing */
++	scan_timeout += 200;
++
+ 	ret = ath10k_start_scan(ar, &arg);
+ 	if (ret) {
+ 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);

feeds/wifi-trunk/hostapd/files/hostapd.sh

@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
+		eap-only)
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
+		eap-transition)
+			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -295,15 +304,17 @@ hostapd_common_add_bss_config() {
 	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
 
 	config_add_boolean interworking internet
-	config_add_int access_network_type asra esr uesa venue_group venue_type ipaddr_type_availability \
+	config_add_int access_network_type asra esr uesa venue_group venue_type \
 		gas_address3
-	config_add_string hessid network_auth_type \
+	config_add_string hessid network_auth_type ipaddr_type_availability \
 		anqp_3gpp_cell_net anqp_elem domain_name qos_map_set hs20_t_c_server_url
 
 	config_add_int airtime_bss_weight airtime_bss_limit
 	config_add_int rts_threshold
 	config_add_array radius_auth_req_attr
 	config_add_array radius_acct_req_attr
+
+	config_add_boolean multicast_to_unicast proxy_arp
 }
 
 hostapd_set_vlan_file() {
@@ -447,7 +458,8 @@ hostapd_set_bss_options() {
 		bss_load_update_period chan_util_avg_period sae_require_mfp \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key \
 		airtime_bss_weight airtime_bss_limit \
-		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold 
+		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold \
+		proxy_arp multicast_to_unicast
 
 	set_default isolate 0
 	set_default maxassoc 0
@@ -475,6 +487,9 @@ hostapd_set_bss_options() {
 	set_default signal_poll_time 5
 	set_default signal_drop_reason 3
 	set_default signal_strikes 3
+	set_default proxy_arp 0
+	set_default multicast_to_unicast 0
+
 
 	append bss_conf "ctrl_interface=/var/run/hostapd"
 	if [ "$isolate" -gt 0 ]; then
@@ -508,6 +523,9 @@ hostapd_set_bss_options() {
 	append bss_conf "signal_strikes=$signal_strikes" "$N"
 	append bss_conf "signal_drop_reason=$signal_drop_reason" "$N"
 
+	[ -n "$proxy_arp" ] && append bss_conf "proxy_arp=$proxy_arp" "$N"
+	[ -n "$multicast_to_unicast" ] && append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
+
 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
 
 	[ "$wpa" -gt 0 ] && {
@@ -530,11 +548,11 @@ hostapd_set_bss_options() {
 	}
 
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -576,7 +594,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
@@ -792,7 +810,15 @@ hostapd_set_bss_options() {
 				json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
 				append bss_conf "ieee80211w=$ieee80211w" "$N"
 				[ "$ieee80211w" -gt "0" ] && {
-					append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+					case "$auth_type" in
+						eap192)
+							append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N"
+							append bss_conf "group_cipher=GCMP-256" "$N"
+						;;
+						*)
+							append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+						;;
+					esac
 					[ -n "$ieee80211w_max_timeout" ] && \
 						append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
 					[ -n "$ieee80211w_retry_timeout" ] && \
@@ -872,16 +898,15 @@ hostapd_set_bss_options() {
 	set_default access_network_type 0
 	set_default venue_group 0
 	set_default venue_type 0
-	set_default ipaddr_type_availability 0
 	set_default gas_address3 0
 	set_default hs20_deauth_req_timeout 60
 	if [ "$hs20" = "1" ]; then
 		append bss_conf "hs20=1" "$N"
 		append_hs20_icons
-		[ -n "$disable_dgaf"] && append bss_conf "disable_dgaf=$disable_dgaf" "$N"
-		[ -n "$osen"] && append bss_conf "osen=$osen" "$N"
+		[ -n "$disable_dgaf" ] && append bss_conf "disable_dgaf=$disable_dgaf" "$N"
+		[ -n "$osen" ] && append bss_conf "osen=$osen" "$N"
 		[ "$anqp_domain_id" -gt 0 ] && append bss_conf "anqp_domain_id=$anqp_domain_id" "$N"
-		[ -n "$hs20_deauth_req_timeout"] && append bss_conf "hs20_deauth_req_timeout=$hs20_deauth_req_timeout" "$N"
+		[ -n "$hs20_deauth_req_timeout" ] && append bss_conf "hs20_deauth_req_timeout=$hs20_deauth_req_timeout" "$N"
 		[ -n "$osu_ssid" ] && append bss_conf "osu_ssid=$osu_ssid" "$N"
 		[ -n "$hs20_wan_metrics" ] && append bss_conf "hs20_wan_metrics=$hs20_wan_metrics" "$N"
 		[ -n "$hs20_operating_class" ] && append bss_conf "hs20_operating_class=$hs20_operating_class" "$N"
@@ -904,7 +929,7 @@ hostapd_set_bss_options() {
 		[ "$uesa" -gt 0 ] && append bss_conf "uesa=$uesa" "$N"
 		[ "$venue_group" -gt 0 ] && append bss_conf "venue_group=$venue_group" "$N"
 		[ "$venue_type" -gt 0 ] && append bss_conf "venue_type=$venue_type" "$N"
-		[ "$ipaddr_type_availability" -gt 0 ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
+		[ -n "$ipaddr_type_availability" ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
 		[ "$gas_address3" -gt 0 ] && append bss_conf "gas_address3=$gas_address3" "$N"
 		[ -n "$hessid" ] && append bss_conf "hessid=$hessid" "$N"
 		[ -n "$network_auth_type" ] && append bss_conf "network_auth_type=$network_auth_type" "$N"

feeds/wifi-trunk/hostapd/patches/903-hapd-del_sta_before_add_if_sta_already_exist.patch

@@ -0,0 +1,28 @@
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ieee802_11.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+@@ -3675,6 +3675,13 @@ static int add_associated_sta(struct hos
+ 	 * drivers to accept the STA parameter configuration. Since this is
+ 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
+ 	 * reinstallation is not a concern for this case.
++	 *
++	 * If the STA was associated and authorized earlier, but came for a new
++	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
++	 * so that it can be re-added. This case is rarely seen when the AP could
++	 * not receive the deauth/disassoc frame from the STA. And the STA comes
++	 * back with new connection within a short period or before the inactive
++	 * STA entry is removed from the list.
+ 	 */
+ 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -3688,7 +3695,8 @@ static int add_associated_sta(struct hos
+ 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+-	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
+ 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ 		set = 0;

feeds/wifi-trunk/hostapd/patches/904-fix-ubus-assoc.patch

@@ -0,0 +1,32 @@
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4463,6 +4463,14 @@ static void handle_assoc(struct hostapd_
+ 			ieee802_11_set_beacons(hapd->iface);
+ 	}
+ 
++	ubus_resp = hostapd_ubus_handle_event(hapd, &req);
++	if (ubus_resp) {
++		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
++		       MAC2STR(mgmt->sa));
++		resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
++		goto fail;
++	}
++
+ 	update_ht_state(hapd, sta);
+ 
+ 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+@@ -4568,14 +4576,6 @@ static void handle_assoc(struct hostapd_
+ 					    pos, left, rssi, omit_rsnxe);
+ 	os_free(tmp);
+ 
+-	ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+-	if (ubus_resp) {
+-		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+-		       MAC2STR(mgmt->sa));
+-		resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+-		goto fail;
+-	}
+-
+ 	/*
+ 	 * Remove the station in case tranmission of a success response fails
+ 	 * (the STA was added associated to the driver) or if the station was

feeds/wlan-ap/apc/src/include/lib/timer.h

@@ -30,4 +30,9 @@ static inline timer * tm_new_set( void (*hook)(struct _timer *), void *data, uns
     return t;
 }
 
+static inline void tm_free(timer *t)
+{
+    free(t);
+}
+
 #endif

feeds/wlan-ap/apc/src/src/apc.c

@@ -26,7 +26,8 @@ static void apc_dump( struct proto * P )
 static struct proto * apc_init(struct proto_config * c)
 {
 	struct proto * P = mb_allocz(sizeof(struct apc_proto));
-	
+
+	printf("apc_init\n");
 	P->cf = c;
 	P->debug = c->debug;
 	P->mrtdump = c->mrtdump;

feeds/wlan-ap/apc/src/src/apc_main.c

@@ -253,6 +253,10 @@ static void check_timer_handler(struct uloop_timeout *timeout)
 		if (CheckIp && (MyIpAddr != CheckIp))
 		{
 			printf("IP address changed from %x to %x - restart APC election\n", MyIpAddr, CheckIp);
+			system("/usr/opensync/bin/ovsh u APC_State dr_addr:=0.0.0.0 bdr_addr:=0.0.0.0 enabled:=false mode:=NC");
+			uloop_done();
+			ubus_done();
+			interap_rcv_close();
 			exit(0);
 		}
 		
@@ -266,6 +270,9 @@ static void check_timer_handler(struct uloop_timeout *timeout)
 
 static void handle_signal(int signo)
 {
+	uloop_done();
+	ubus_done();
+	interap_rcv_close();
 	system("/usr/opensync/bin/ovsh u APC_State dr_addr:=0.0.0.0 bdr_addr:=0.0.0.0 enabled:=false mode:=NC");
 }
 
@@ -327,8 +334,10 @@ int main(int argc, char *const* argv)
 	callback cb = receive_from_socket;
 
 	if (interap_recv(IAC_APC_ELECTION_PORT, cb, 1000,
-			 NULL, NULL) < 0)
+			 NULL, NULL) < 0) {
 		printf("Error: Failed InterAP receive");
+		return 1;
+	}
 
 
 	memset(Timers, 0, sizeof(Timers));
@@ -351,6 +360,7 @@ int main(int argc, char *const* argv)
 	uloop_run();
 	uloop_done();
 	ubus_done();
+	interap_rcv_close();
 
 	return(1);
 }

feeds/wlan-ap/apc/src/src/hello.c

@@ -103,6 +103,7 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 	struct apc_hello2_packet ps;
 	unsigned int length, report = 0;
 	struct apc_spec ApcSpec;
+	char dst_ip[16];
 	
 	if (WaitingToReelect )
 		return;
@@ -188,8 +189,11 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 			else
 				ApcSpec.FloatIp = ApcSpecSaved.FloatIp;
 		}
-		else
+		else if (ApcSpec.IsApc == I_AM_BAPC )
 		{
+			ifa->priority = 0x12;
+		}
+		else {
 			ifa->priority = 0x11;
 			if ((ApcSpecSaved.IsApc == I_AM_APC) || BackingUpRadius )
 			{
@@ -202,8 +206,7 @@ void apc_send_hello(struct apc_iface * ifa, int kind )
 
 	length += i * sizeof(u32);
 
-	printf("HELLO packet sent via %s\n", ifa->ifname );
-	char *dst_ip = malloc(16);
+	printf("HELLO packet sent via  %s\n", ifa->ifname );
 	memset(dst_ip, 0, 16);
 	if ((get_current_ip(dst_ip, IAC_IFACE)) < 0) {
 		printf("Error: Cannot get IP for %s", IAC_IFACE);

feeds/wlan-ap/apc/src/src/iface.c

@@ -168,7 +168,7 @@ void apc_iface_new( void )
 	ifa->priority = 0x11;
 	ifa->drip = MyIpAddr;
 	ifa->helloint = 4;
-	ifa->deadint = 16;
+	ifa->deadint = 12;
 	ifa->waitint = 16;
 	
 	ifa->type = APC_IT_BCAST;

feeds/wlan-ap/apc/src/src/neighbor.c

@@ -36,7 +36,7 @@ reset_lists(struct apc_proto *p, struct apc_neighbor *n)
 struct apc_neighbor * apc_neighbor_new(struct apc_iface * ifa)
 {
 	struct apc_neighbor * n = mb_allocz(sizeof(struct apc_neighbor));
-	
+	printf("apc_new_neighbor\n");	
 	n->ifa = ifa;
 	add_tail(&ifa->neigh_list, NODE n);
 	n->adj = 0;
@@ -58,6 +58,8 @@ static void apc_neigh_down(struct apc_neighbor * n)
 	rem_node(NODE n);
 	
 	printf("Neighbor %x on %s removed", n->rid, ifa->ifname );
+	tm_free(n->inactim);
+	mb_free(n);
 }
 
 /**
@@ -480,13 +482,17 @@ static void inactivity_timer_hook(struct _timer * tmr)
 			n_neigh += 1;
 			//Radius stuff
 			BackingUpRadius = 1;
+			apc_ifa->priority = 0x33;
 		}
+		else
+			apc_ifa->priority = 0x11;
+
 
 		apc_ifa->drip = MyIpAddr;
-		apc_ifa->priority = 0x11;
 		apc_ifa->bdrip = 0;
 		memset(&ApcSpec, 0, sizeof(struct apc_spec));
-		WaitingToReelect = 12;
+		WaitingToReelect = 3;
+
 		return;
 	}
 	printf("Inactivity timer expired for nbr %x on %s", n->rid, 

feeds/wlan-ap/apc/src/src/ubus.c

@@ -14,10 +14,16 @@
 struct ubus_context *ubus_ctx = NULL;
 static struct blob_buf b;
 static struct blob_buf nb;
-static const char *ubus_path;
 timer *notify_timer;
 extern struct apc_iface * apc_ifa;
-#define APC_NOTIFY_INTERVAL 30
+/* Mandatorily Notify APC_State period */
+#define APC_NOTIFY_INTERVAL 10
+/* Check if any change in APC State and notify period */
+#define APC_NOTIFY_CHECK 1
+static ip_addr old_drip;
+static ip_addr old_bdrip;
+static u8 old_state;
+static unsigned int ucount = 0;
 
 struct apc_state {
 	char mode[4];
@@ -94,35 +100,67 @@ apc_info_handle(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }
 
-static char apc_mode[APC_MAX_MODE][8] = {"DOWN", "LOOP", "WAITING", "PTP", "OR", "BDR", "DR"};
-void apc_update_state()
+static char apc_mode[APC_MAX_MODE][8] = {"DOWN", "LOOP", "WT", "PTP", "OR", "BDR", "DR"};
+int apc_update_state(void)
 {
 	struct in_addr dr_addr;
 	struct in_addr bdr_addr;
-	dr_addr.s_addr = htonl(apc_ifa->drip);
-	bdr_addr.s_addr = htonl(apc_ifa->bdrip);
+	ip_addr cur_drip;
+	ip_addr cur_bdrip;
+	u8 cur_state;
+
+	cur_drip = apc_ifa->drip;
+	cur_bdrip = apc_ifa->bdrip;
+	cur_state = apc_ifa->state;
+	ucount++;
+
+	if (cur_drip == old_drip &&
+	    cur_bdrip == old_bdrip &&
+	    cur_state == old_state && ucount < APC_NOTIFY_INTERVAL) {
+		return -1;
+	}
+
+	printf("APC State update %u", ucount);
+	ucount = 0;
+
+	dr_addr.s_addr = htonl(cur_drip);
+	bdr_addr.s_addr = htonl(cur_bdrip);
 
 	state.enabled = true;
-	if ((apc_ifa->state == APC_IS_DR) ||
-	    (apc_ifa->state == APC_IS_BACKUP) ||
-	    (apc_ifa->state == APC_IS_DROTHER)) {
+	if ((cur_state == APC_IS_DR) ||
+	    (cur_state == APC_IS_BACKUP) ||
+	    (cur_state == APC_IS_DROTHER)) {
 		snprintf(state.mode, sizeof(state.mode), "%s",
-			 &apc_mode[apc_ifa->state][0]);
+			 &apc_mode[cur_state][0]);
 		snprintf(state.dr_addr, sizeof(state.dr_addr),
 			 "%s", inet_ntoa(dr_addr));
 		snprintf(state.bdr_addr, sizeof(state.bdr_addr),
 			 "%s", inet_ntoa(bdr_addr));
-	}
-	else {
+	} else if (apc_ifa->state == APC_IS_WAITING) {
+		snprintf(state.mode, sizeof(state.mode), "%s",
+			 &apc_mode[cur_state][0]);
+		snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
+		snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
+	} else {
 		snprintf(state.mode, sizeof(state.mode), "NC");
 		snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
 		snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
 	}
+
+	old_drip = cur_drip;
+	old_bdrip = cur_bdrip;
+	old_state = cur_state;
+
+	return 0;
 }
 
 void apc_send_notification(struct _timer * tmr)
 {
-	apc_update_state();
+	int ustate = 0;
+
+	ustate = apc_update_state();
+	if(ustate != 0)
+		return;
 
 	printf("APC send ubus notification\n");
 	blob_buf_init(&nb, 0);
@@ -155,10 +193,10 @@ ubus_init(void) {
 #endif
 	add_object(&apc_object);
 	notify_timer = tm_new_set(apc_send_notification, NULL,
-				  0, APC_NOTIFY_INTERVAL);
+				  0, APC_NOTIFY_CHECK);
 	if (notify_timer) {
-		printf("APC Start notify timer\n");
-		tm_start(notify_timer, APC_NOTIFY_INTERVAL);
+		printf("APC Start state check and notify timer\n");
+		tm_start(notify_timer, APC_NOTIFY_CHECK);
 	}
 
 	ubus_ctx->connection_lost = ubus_connection_lost;

feeds/wlan-ap/interAPcomm/Makefile

@@ -30,5 +30,8 @@ endef
 define Package/libinterapcomm/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libinterapcomm.so $(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/interap.init $(1)/etc/init.d/interap
+
 endef
 $(eval $(call BuildPackage,libinterapcomm))

feeds/wlan-ap/interAPcomm/files/interap.init

@@ -0,0 +1,35 @@
+#!/bin/sh /etc/rc.common
+
+START=12
+STOP=12
+
+start() {
+	apc=`cat /etc/config/firewall | grep Allow-APC`
+	ucc=`cat /etc/config/firewall | grep Allow-UCC`
+
+	if [ -z "$apc" ]; then
+		uci add firewall rule
+		uci set firewall.@rule[-1].name='Allow-APC'
+		uci set firewall.@rule[-1].src='wan'
+		uci set firewall.@rule[-1].proto='udp'
+		uci set firewall.@rule[-1].dst_port='50010'
+		uci set firewall.@rule[-1].target='ACCEPT'
+		uci set firewall.@rule[-1].family='ipv4'
+		uci commit firewall
+	fi
+
+	if [ -z "$ucc" ]; then
+		uci add firewall rule
+		uci set firewall.@rule[-1].name='Allow-UCC'
+		uci set firewall.@rule[-1].src='wan'
+		uci set firewall.@rule[-1].proto='udp'
+		uci set firewall.@rule[-1].dst_port='50000'
+		uci set firewall.@rule[-1].target='ACCEPT'
+		uci set firewall.@rule[-1].family='ipv4'
+		uci commit firewall
+	fi
+}
+
+stop() {
+	echo stop
+}

feeds/wlan-ap/interAPcomm/src/include/interAPcomm.h

@@ -5,6 +5,7 @@ int interap_send(unsigned short port, char *dst_ip,
 int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t),
 		 unsigned int len, struct ev_loop *loop,
 		 ev_io *io);
+void interap_rcv_close(void);
 
 typedef int (*callback)(void *, ssize_t);
 typedef struct recv_arg {

feeds/wlan-ap/interAPcomm/src/src/interAPcomm.c

@@ -22,10 +22,13 @@ static void receive_data_uloop(struct uloop_fd *fd, unsigned int events)
 	recv_data = malloc(ra.len);
 	memset(recv_data, 0, ra.len);
 	if ((recv_data_len = recvfrom(recv_sock, recv_data, ra.len,
-				      0, NULL, 0)) < 0)
+				      0, NULL, 0)) < 0) {
 		printf("recvfrom() failed");
+		return;
+	}
 
 	ra.cb(recv_data, recv_data_len);
+	free(recv_data);
 
 }
 
@@ -41,6 +44,7 @@ static void receive_data(struct ev_loop *ev, ev_io *io, int event)
 		printf("recvfrom() failed");
 
 	ra.cb(recv_data, recv_data_len);
+	free(recv_data);
 
 }
 
@@ -97,6 +101,11 @@ int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t),
 	return 0;
 }
 
+void interap_rcv_close(void)
+{
+	close(recv_sock);
+}
+
 int interap_send(unsigned short port, char *dst_ip, void *data,
 		 unsigned int len)
 {

feeds/wlan-ap/luci/luci-mod-simple/htdocs/luci-static/resources/view/setup.js

@@ -444,6 +444,10 @@ return view.extend({
 		o.datatype = 'ip4addr("nomask")';
 		o.depends('proto', 'static');
 
+		o = s.option(form.Button, 'save', _(''));
+		o.inputtitle = _('Save Settings');
+		o.onclick = ui.createHandlerFn(this, 'handleSettingsSave', m);
+
 		s = m.section(form.NamedSection, 'lan', 'lan', _('LAN'));
 
 		o = s.option(form.Value, 'addr', _('IP Address'));
@@ -456,7 +460,7 @@ return view.extend({
 
 		o = s.option(form.Button, 'save', _(''));
 		o.inputtitle = _('Save Settings');
-		o.onclick = ui.createHandlerFn(this, 'handleSettingsSave', m);
+		o.onclick = ui.createHandlerFn(this, 'handleLANSettingsSave', m);
 
 		s = m.section(form.NamedSection, 'maintenance', 'maintenance', _('System Maintenance'));
 

feeds/wlan-ap/luci/luci-theme-tip/htdocs/luci-static/tip/cascade.css

@@ -1,4 +1,12 @@
-@import url('https://fonts.googleapis.com/css2?family=Montserrat&display=swap');
+/* latin */
+@font-face {
+	font-family: 'Montserrat';
+	font-style: normal;
+	font-weight: 400;
+	font-display: swap;
+	src: url(Montserrat_latin.woff2) format('woff2');
+	unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+}
 
 :root {
 	--main-bright-color: #1B465C;

feeds/wlan-ap/opennds/Makefile

@@ -52,7 +52,6 @@ define Package/opennds/install
 	$(INSTALL_DIR) $(1)/usr/lib/opennds
 
 	$(CP) ./files/lib/splash.css $(1)/etc/opennds/htdocs/
-	$(CP) ./files/lib/Tip.png $(1)/etc/opennds/htdocs/images/
 	$(CP) ./files/lib/opennds $(1)/etc/config/
 	$(CP) ./files/etc/init.d/opennds $(1)/etc/init.d/
 	$(CP) ./files/lib/login.sh $(1)/usr/lib/opennds/

feeds/wlan-ap/opensync/files/bin/auto-conf

@@ -0,0 +1,17 @@
+#!/bin/sh
+# Finds the highest settings an AP can support for various settings when set to "auto" in config
+
+find_auto_hwmode() {
+	# This function finds the highest mode (hw_mode) that the AP can support
+
+	# Arguments
+	device=$1
+
+	mode='11n'
+	iw phy "$device" info | grep -q 'VHT Capabilities*' && mode="11ac"
+	iw phy "$device" info | grep -q 'HE.*Capabilities' && mode="11ax"
+
+	echo "$mode"
+}
+
+find_auto_hwmode $1

feeds/wlan-ap/opensync/files/bin/check_wan_link.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if="$(uci get network.wan.ifname)"
+[ "$(cat /sys/class/net/"${if}"/carrier)" = 0 ] && {
+	return 0
+}
+return 1

feeds/wlan-ap/opensync/files/bin/dynamic_lookup.sh

@@ -0,0 +1,55 @@
+#! /bin/sh
+
+usage() {
+   echo "Usage: ${0} <realm>"
+   exit 1
+}
+
+test -n "${1}" || usage
+
+REALM="${1}"
+DIGCMD=$(command -v dig)
+PRINTCMD=$(command -v printf)
+
+validate_host() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
+}
+
+validate_port() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
+}
+
+srv_lookup() {
+   ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 |
+   while read line ; do
+      set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
+      if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then 
+         $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+      fi
+   done
+}
+
+naptr_lookup() {
+    ${DIGCMD} +short naptr ${REALM} | grep aaa+auth:radius.tls.tcp | sort -n -k1 |
+    while read line; do
+    set $line ; TYPE=$3 ; HOST=$6
+    if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+        SRV_HOST=${HOST%.}
+        srv_lookup
+    fi
+    done
+}
+
+if test -x "${DIGCMD}" ; then
+   SERVERS=$(naptr_lookup)
+else
+   echo "${0} requires \"dig\" command."
+   exit 1
+fi
+
+if test -n "${SERVERS}" ; then
+        $PRINTCMD "server dynamic_radsec.${REALM} {\n${SERVERS}\n\ttype TLS\n}\n"
+        exit 0
+fi
+
+exit 10				# No server found.

feeds/wlan-ap/opensync/files/bin/flash-firmware

@@ -24,7 +24,8 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-IMGFILE="$(ls ${1}.*)"
+# Get the most recent upgrade file available
+IMGFILE="$(ls -t1 ${1}.* | head -n 1)"
 
 if [ -z "$IMGFILE" ] || [ ! -f "$IMGFILE" ] ; then
   echo
@@ -34,11 +35,14 @@ fi
 
 # Set the current version as inactive before the upgrade
 FW_VERSION=`sed -n 's/FW_IMAGE_ACTIVE:\(.*\)/\1/p' < /usr/opensync/.versions`
+FW_BACKUP=$(uci get system.tip.inactivefw)
 uci set system.tip.inactivefw="${FW_VERSION}"
-uci commit
+uci commit system
 
 /sbin/sysupgrade $IMGFILE
 if [ "$?" != "0" ] ; then
+  uci set system.tip.inactivefw="${FW_BACKUP}"
+  uci commit system
   echo "$0: Sysupgrade failed."
   exit 1
 fi

feeds/wlan-ap/opensync/files/bin/wlan_ap_factory_reset.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+tar czf /sysupgrade.tgz /usr/opensync/certs/
+jffs2reset -r -y -k

feeds/wlan-ap/opensync/files/bin/wlan_ap_led.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+#Blink AP's LED
+/usr/opensync/tools/ovsh insert Node_Config module:="led" key:="led_blink" value:="on"
+
+#Turnoff AP's LED
+/usr/opensync/tools/ovsh insert Node_Config module:="led" key:="led_off" value:="off"

feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh

@@ -1,12 +1,49 @@
 #!/bin/sh
 
-if [ $# -ne 1 ] ; then
-	echo "Usage: $0 <redirector address>" >&2
-	exit 1
+AP_PRIVATE_KEY_FILE="/usr/opensync/certs/client_dec.key"
+AP_CERTIFICATE_FILE="/usr/opensync/certs/client.pem"
+AP_DEVICE_ID_FILE="/usr/opensync/certs/client_deviceid.txt"
+DIGICERT_API_URI="clientauth.one.digicert.com"
+
+if [ "$1" = "-h" ]; then
+  echo "Usage: $0 [redirector address]" >&2
+  exit 1
 fi
 
-redirector_addr=$1
+# Query DigiCert's API if redirector wasn't specified
+if [ -z "$1" ]; then
+  if [ ! -f "$AP_DEVICE_ID_FILE" ]; then
+      echo "Device ID file $AP_DEVICE_ID_FILE does not exist. Make sure to create it or specify the redirector address manually."
+      exit 1
+  fi
 
+  digicert_device_id=`cat ${AP_DEVICE_ID_FILE}`
+  device_data=`curl -s \
+    --retry 5 \
+    --show-error \
+    --key "${AP_PRIVATE_KEY_FILE}" \
+    --cert "${AP_CERTIFICATE_FILE}" \
+    "https://${DIGICERT_API_URI}/iot/api/v2/device/${digicert_device_id}"`
+
+  controller_url=`echo ${device_data} | jsonfilter -e '@.fields[@.name="Redirector"].value'`
+  if [ -z "$controller_url" ]; then
+    echo "No redirector found for this device"
+    exit 1
+  fi
+  controller_port=`echo ${controller_url} | cut -s -d ":" -f2)`
+  if [ -z "$controller_port" ]; then
+    redirector_addr="ssl:${controller_url}:6643"
+  else
+    redirector_addr="ssl:${controller_url}"
+  fi
+else
+  redirector_addr=$1
+fi
+
+echo "${redirector_addr}" > /usr/opensync/certs/redirector.txt
+/etc/init.d/uhttpd enable
+/etc/init.d/uhttpd start
 uci set system.tip.redirector="${redirector_addr}"
+uci set system.tip.deployed=0
 uci commit system
 /etc/init.d/opensync restart

feeds/wlan-ap/opensync/files/etc/logrotate.d/ovsdb.conf

@@ -0,0 +1,10 @@
+/tmp/log/openvswitch/*.log {
+    daily
+    rotate 5
+    size 1M
+    compress
+    delaycompress
+    dateext
+    dateformat -%s
+    notifempty
+}

feeds/wlan-ap/opensync/files/usr/opensync/certs/ca.pem

@@ -0,0 +1,75 @@
+-----BEGIN CERTIFICATE-----
+MIIEcTCCA1mgAwIBAgIUJFhIMlIJHJ7hW4gEzZuLBUaWjNcwDQYJKoZIhvcNAQEL
+BQAwbDELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSkwJwYDVQQDEyBUZWxlY29tIEluZnJhIFBy
+b2plY3QgSXNzdWluZyBDQTAeFw0yMTA0MjUyMDMzNTRaFw0yNjA0MTMyMjM4NDZa
+MCMxITAfBgNVBAMTGGNhY2VydHMub25lLmRpZ2ljZXJ0LmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJwKRHdkdEQkp32bNi9TdgN4FNRG0nRppguQ
+mdCysJHA6/SuyAXNwKSbENysjFrcBkfYTlALjvIMqSu4d26ix6Mv4HnVxLjDzapV
+TZhOhfxIbRQa3HNieNup2vMi8jJvgwLcK/4CwhBJsbEMkB5lbyL8UnCBxzW9GGbM
+IvurvDFkUDUpUmiFg47nTpjub79KME6NqK38DxKzlUHvJge1TKFM73kZ3YkfWExQ
+yRQPRiU5KxMi/Wkr30FOf/rMTx4XNacOgyTJvzcStGwrlr0iGr8eLC1/XVXoOQz3
+0lyOeUzTB+HPU1Z2JrbPW5PnGxcQ0f7v/3qkWV1B2wuvFcQk+D0CAwEAAaOCAVIw
+ggFOMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIj2Mhdk10e46DeI+aEZKSSK8Hj+
+MB8GA1UdIwQYMBaAFLMbVLjgR6s98ziA5Dzl/QBhbdHoMA4GA1UdDwEB/wQEAwIE
+8DAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjCBhgYIKwYBBQUHAQEEejB4MCgGCCsG
+AQUFBzABhhxodHRwOi8vb2NzcC5vbmUuZGlnaWNlcnQuY29tMEwGCCsGAQUFBzAC
+hkBodHRwOi8vY2FjZXJ0cy5vbmUuZGlnaWNlcnQuY29tL1RlbGVjb21JbmZyYVBy
+b2plY3RJc3N1aW5nQ0EuY3J0ME0GA1UdHwRGMEQwQqBAoD6GPGh0dHA6Ly9jcmwu
+b25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQcm9qZWN0SXNzdWluZ0NBLmNy
+bDANBgkqhkiG9w0BAQsFAAOCAQEADlFwshNPkeI2Gl6ooIauZL9d+6k+RWa5RTle
+JWziYL23XVEBT11+dvp4IB9HwVw5dByl3XAfTd1r4qyncwgXQpc6j2X8e45E8izI
+z2S1zhLMe1bA2lOiZz/sdpbonvxIHdiISyQI7q3mWQsvNkpkbjivjxLAJTcGPmOS
+gc/95YL+2xqPV45XAnPcl5qkLThtmb57Xst1sLWiSS2fUId6HMVuCgZa5su+aAl9
+iMXv9YfHcvyfwXBaOtoBlItyMGl60uy0E/Fr5uEhEWi53EIqhty6KQckQBB7wdjQ
+eiXNI5Ox5cf+TFdesuKPaoEn3WNpFL9PCA3S5nGegJlZQ4N9Eg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+5IOM7ItsRmen6u3qu+JXros54e4juQ==
+-----END CERTIFICATE-----

feeds/wlan-ap/opensync/patches/33-add-apc-radsecproxy-schema.patch

@@ -2,7 +2,7 @@ Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
 ===================================================================
 --- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
 +++ opensync-2.0.5.0/interfaces/opensync.ovsschema
-@@ -9368,6 +9368,68 @@
+@@ -9368,6 +9368,69 @@
              }
         },
        "isRoot": true
@@ -57,6 +57,7 @@ Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
 +                  "DR",
 +                  "BDR",
 +                  "OR",
++                  "WT",
 +                  "NC"
 +                ]
 +              ]

feeds/wlan-ap/opensync/patches/34-radsec-schema-consts.patch

@@ -1,6 +1,6 @@
 --- a/interfaces/opensync.ovsschema
 +++ b/interfaces/opensync.ovsschema
-@@ -9439,6 +9439,110 @@
+@@ -9493,6 +9493,146 @@
        },
        "isRoot": true,
        "maxRows": 1
@@ -25,6 +25,15 @@
 +                "max": 1
 +              }
 +            },
++            "auto_discover": {
++                "type": {
++                "key": {
++                  "type": "boolean"
++                },
++                "min": 1,
++                "max": 1
++              }
++            },
 +            "server": {
 +                "type": {
 +                "key": {
@@ -52,6 +61,33 @@
 +                "max": 1
 +              }
 +            },
++            "acct_server": {
++                "type": {
++                "key": {
++                  "type": "string"
++                },
++                "min": 0,
++                "max": 1
++              }
++            },
++            "acct_port": {
++              "type": {
++                "key": {
++                  "type": "integer"
++                },
++                "min": 0,
++                "max": 1
++              }
++            },
++            "acct_secret": {
++                "type": {
++                "key": {
++                  "type": "string"
++                },
++                "min": 0,
++                "max": 1
++              }
++            },
 +            "ca_cert": {
 +                "type": {
 +                    "key": {

feeds/wlan-ap/opensync/patches/35-add-proxy-arp-schema.patch

@@ -0,0 +1,13 @@
+Index: opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
+===================================================================
+--- opensync-2.0.5.0.orig/src/lib/schema/inc/schema_consts.h
++++ opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
+@@ -155,6 +155,8 @@ typedef enum {
+ #define SCHEMA_CONSTS_IEEE80211k	"ieee80211k"
+ #define SCHEMA_CONSTS_DYNAMIC_VLAN	"dynamic_vlan"
+ #define SCHEMA_CONSTS_RADPROXY	"radproxy"
++#define SCHEMA_CONSTS_PROXY_ARP		"proxy_arp"
++#define SCHEMA_CONSTS_MCAST_TO_UCAST	"mcast_to_ucast"
+ 
+ /* radio Custom options */
+ #define SCHEMA_CONSTS_LOCAL_PWR_CONSTRAINT "local_pwr_constraint"

feeds/wlan-ap/opensync/patches/36-add-channel-hop-config.patch

@@ -0,0 +1,66 @@
+Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
+===================================================================
+--- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
++++ opensync-2.0.5.0/interfaces/opensync.ovsschema
+@@ -8982,6 +8982,61 @@
+                     "min": 0,
+                     "max": 1
+                 }
++            },
++            "noise_floor_thresh": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": -90,
++                        "maxInteger": -10
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "noise_floor_time": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 60,
++                        "maxInteger": 600
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "non_wifi_thresh": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 0,
++                        "maxInteger": 100
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "non_wifi_time": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 60,
++                        "maxInteger": 600
++                    },
++                    "min": 0,
++                    "max": 1
++                }
++            },
++            "obss_hop_mode": {
++                "type": {
++                    "key": {
++                        "type": "integer",
++                        "minInteger": 1,
++                        "maxInteger": 2
++                    },
++                    "min": 0,
++                    "max": 1
++                }
+             }
+         },
+         "isRoot": true

feeds/wlan-ap/opensync/patches/37-add-auto-hw_mode.patch

@@ -0,0 +1,12 @@
+--- a/interfaces/opensync.ovsschema
++++ b/interfaces/opensync.ovsschema
+@@ -1357,7 +1357,8 @@
+                   "11n",
+                   "11ab",
+                   "11ac",
+-                  "11ax"
++                  "11ax",
++                  "auto"
+                 ]
+               ]
+             },

feeds/wlan-ap/opensync/patches/37-add-channel-max-power.patch

@@ -0,0 +1,19 @@
+--- a/interfaces/opensync.ovsschema
++++ b/interfaces/opensync.ovsschema
+@@ -1880,7 +1880,15 @@
+             "min": 0,
+             "max": "unlimited"
+           }
+-        }
++        },
++        "channel_max_power": {
++          "type": {
++            "key": "integer",
++            "value": "integer",
++            "min": 0,
++            "max": "unlimited"
++          }
++        }
+       },
+       "isRoot": true,
+       "maxRows": 256

feeds/wlan-ap/opensync/patches/37-cpu-utilization.patch

@@ -0,0 +1,13 @@
+Index: opensync-2.0.5.0/src/lib/target/src/target_linux.c
+===================================================================
+--- opensync-2.0.5.0.orig/src/lib/target/src/target_linux.c
++++ opensync-2.0.5.0/src/lib/target/src/target_linux.c
+@@ -249,7 +249,7 @@ static bool linux_device_cpuutil_get(dpp
+         }
+ 
+         /* Calculate percentage and round */
+-        busy = (1.0 - ((double)diff.hz_idle / (double)hz_total_diff)) * 100.0;
++       	busy = (100.0 - (((double)diff.hz_idle *100.0) / (double)hz_total_diff));
+ 
+         cpuutil->cpu_util = (uint32_t) (busy + 0.5);
+ 

feeds/wlan-ap/opensync/patches/38-correcting-scan-type-max-count.patch

@@ -0,0 +1,16 @@
+Index: opensync-2.0.5.0/src/lib/datapipeline/inc/dpp_types.h
+===================================================================
+--- opensync-2.0.5.0.orig/src/lib/datapipeline/inc/dpp_types.h
++++ opensync-2.0.5.0/src/lib/datapipeline/inc/dpp_types.h
+@@ -148,10 +148,9 @@ typedef enum
+     RADIO_SCAN_TYPE_FULL,
+     RADIO_SCAN_TYPE_ONCHAN,
+     RADIO_SCAN_TYPE_OFFCHAN,
++    RADIO_SCAN_MAX_TYPE_QTY
+ } radio_scan_type_t;
+ 
+-#define RADIO_SCAN_MAX_TYPE_QTY       3
+-
+ typedef enum
+ {
+     RADIO_QUEUE_TYPE_VI = 0,

feeds/wlan-ap/opensync/patches/39-allow-upgrade-retry.patch

@@ -0,0 +1,12 @@
+--- a/src/um/src/um_ovsdb.c
++++ b/src/um/src/um_ovsdb.c
+@@ -356,7 +356,8 @@ static void callback_AWLAN_Node(
+                 //TODO Is there something that needs to be done here?
+             }
+ 
+-            if(awlan_node->upgrade_timer_changed){
++            if(awlan_node->upgrade_timer_changed
++                || ((awlan_node->firmware_url_changed) && (strlen(awlan_node->firmware_url) > 0))) {
+                 if (awlan_node->upgrade_timer > 0)
+                 {
+                     /* if there is active timer, stop it to set new value   */

feeds/wlan-ap/opensync/patches/40-reboot-factory-reset-status-codes.patch

@@ -0,0 +1,32 @@
+--- a/src/um/inc/um.h
++++ b/src/um/inc/um.h
+@@ -32,6 +32,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBI
+ 
+ #define UM_STS_FW_DL_START     (10)    /* FW download started                      */
+ #define UM_STS_FW_DL_END       (11)    /* FW download successfully completed       */
++#define UM_STS_RB_END          (12)    /* Reboot has been started                  */
++#define UM_STS_FR_END          (13)    /* Factory reset has been started           */
+ #define UM_STS_FW_WR_START     (20)    /* FW write on alt partition started        */
+ #define UM_STS_FW_WR_END       (21)    /* FW image write successfully completed    */
+ #define UM_STS_FW_BC_START     (30)    /* Bootconfig partition update started      */
+--- a/src/um/src/um_ovsdb.c
++++ b/src/um/src/um_ovsdb.c
+@@ -248,8 +248,16 @@ static void cb_upg(const osp_upg_op_t op
+         case OSP_UPG_DL:
+             if (status == OSP_UPG_OK)
+             {
+-                LOG(INFO, "Download successfully completed");
+-                ret_status = UM_STS_FW_DL_END;
++                if (!strcmp(upg_url, "reboot")) {
++                    LOG(INFO, "Reboot successfully initiated");
++                    ret_status = UM_STS_RB_END;
++                } else if (!strcmp(upg_url, "factory"))  {
++                    LOG(INFO, "Factory reset successfully initiated");
++                    ret_status = UM_STS_FR_END;
++                } else {
++                    LOG(INFO, "Download successfully completed");
++                    ret_status = UM_STS_FW_DL_END;
++                }
+             }
+             else
+             {

feeds/wlan-ap/opensync/patches/41-log-supression.patch

@@ -0,0 +1,11 @@
+--- a/src/lib/ovsdb/src/ovsdb_table.c
++++ b/src/lib/ovsdb/src/ovsdb_table.c
+@@ -560,7 +560,7 @@ void ovsdb_table_update_cb(ovsdb_update_
+         return;
+     }
+ 
+-    LOG(INFO, "MON upd: %s table: %s row: %s", typestr, table->table_name, mon_uuid );
++    LOG(TRACE, "MON upd: %s table: %s row: %s", typestr, table->table_name, mon_uuid );
+ 
+     if (LOG_SEVERITY_TRACE <= log_module_severity_get(MODULE_ID))
+     {

feeds/wlan-ap/opensync/src/platform/openwrt/rootfs/common/etc/init.d/opensync

@@ -37,6 +37,23 @@ start_service() {
     echo "Setting certificates"
     mkdir -p ${CERTS_DEST_PATH}
     cp ${CERTS_SRC_PATH}/* ${CERTS_DEST_PATH}/
+    echo "Checking Redirector"
+    redirector=$(uci get system.tip.redirector)
+    if [ -z "$redirector" ]; then
+        [[ -f /usr/opensync/certs/redirector.txt ]] && saved_redirector=$(cat /usr/opensync/certs/redirector.txt | tr -d '\r\n')
+        logger -t opensync "Contacting DigiCert for redirector address"
+        wlan_ap_redirector.sh
+        new_redirector=$(uci get system.tip.redirector)
+        if [ -z "$new_redirector" && -n "$saved_redirector" ]; then
+            logger -t opensync "No response from DigiCert, using saved redirector address ${saved_redirector}"
+            wlan_ap_redirector.sh ${saved_redirector}
+        else
+            logger -t opensync "DigiCert returned redirector address ${new_redirector}"
+        fi
+    else
+        logger -t opensync "Using existing redirector address ${redirector}"
+        [[ -f /usr/opensync/certs/redirector.txt ]] || echo "${redirector}" > /usr/opensync/certs/redirector.txt
+    fi
     echo "Starting OpenSync"
     procd_set_param command ${PROG}
     procd_close_instance

feeds/wlan-ap/opensync/src/platform/openwrt/src/command/src/cmd_tcpdump.c

@@ -215,6 +215,7 @@ pid_t cmd_handler_tcpdump_wifi(struct task *task)
 	char *argv[] = { "/usr/sbin/tcpdump", "-c", "1000", "-G", duration, "-W", "1", "-w", pcap, "-i", phy, NULL };
 	char iw[128];
 	pid_t pid;
+	int ret = 0;
 
 	task->arg = SCHEMA_KEY_VAL(task->conf.payload, "wifi");
 	if (!task->arg) {
@@ -225,15 +226,23 @@ pid_t cmd_handler_tcpdump_wifi(struct task *task)
 
 	blob_buf_init(&b, 0);
 	uci = uci_alloc_context();
-	uci_load(uci, "wireless", &p);
-	s = uci_lookup_section(uci, p, task->arg);
-        if (!s) {
-		task_status(task, TASK_FAILED, "unknown wifi");
+
+	ret = uci_load(uci, "wireless", &p);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
 		uci_free_context(uci);
-                return -1;
+		return -1;
+	}
+	s = uci_lookup_section(uci, p, task->arg);
+	if (!s) {
+		task_status(task, TASK_FAILED, "unknown wifi");
+		uci_unload(uci, p);
+		uci_free_context(uci);
+		return -1;
 	}
 
-        uci_to_blob(&b, s, &phy_param);
+	uci_to_blob(&b, s, &phy_param);
+	uci_unload(uci, p);
 	uci_free_context(uci);
 
 	blobmsg_parse(phy_policy, __PHY_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));

feeds/wlan-ap/opensync/src/platform/openwrt/src/command/src/node_config.c

@@ -1,6 +1,9 @@
 /* SPDX-License-Identifier: BSD-3-Clause */
 
 #include <string.h>
+#include <glob.h>
+#include <linux/limits.h>
+#include <libgen.h>
 
 #include "uci.h"
 #include "command.h"
@@ -88,9 +91,14 @@ static void syslog_state(int config)
 	struct uci_element *e = NULL;
 	struct uci_section *s = NULL;
 	char val[128];
+	int ret = 0;
 
 	blob_buf_init(&b, 0);
-	uci_load(uci, "system", &system);
+	ret = uci_load(uci, "system", &system);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		return;
+	}
 	uci_foreach_element(&system->sections, e) {
 		s = uci_to_section(e);
 		if (!strcmp(s->type, "system"))
@@ -151,7 +159,6 @@ static void syslog_handler(int type,
 	blob_to_uci_section(uci, "system", "@system[-1]", "system",
 			    b.head, &log_param, NULL);
 	uci_commit_all(uci);
-	system("/sbin/reload_config");
 	if (del)
 		node_state_del("syslog");
 	else
@@ -179,14 +186,20 @@ static void ntp_state(int config)
         struct uci_section *s;
 	struct blob_attr *cur = NULL;
 	char val[128] = {};
-	int first = 1, rem = 0;
+	int first = 1, rem = 0, ret = 0;
 
 	blob_buf_init(&b, 0);
-	uci_load(uci, "system", &p);
+	ret = uci_load(uci, "system", &p);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		return;
+	}
 
 	s = uci_lookup_section(uci, p, "ntp");
-	if (!s)
+	if (!s) {
+		uci_unload(uci, p);
 		return;
+	}
 
 	uci_to_blob(&b, s, &ntp_param);
 	blobmsg_parse(ntp_policy, __NTP_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));
@@ -238,10 +251,132 @@ static void ntp_handler(int type,
 	blob_to_uci_section(uci, "system", "ntp", "timeserver",
 			    b.head, &ntp_param, NULL);
 	uci_commit_all(uci);
-	system("/sbin/reload_config");
 	ntp_state(0);
 }
 
+enum {
+	LED_ATTR_SYSFS,
+	LED_ATTR_TRIGGER,
+	LED_ATTR_DELAYON,
+	LED_ATTR_DELAYOFF,
+	LED_ATTR_VALUE,
+	LED_ATTR_KEY,
+	__LED_ATTR_MAX,
+};
+
+static const struct blobmsg_policy led_policy[__LED_ATTR_MAX] = {
+	[LED_ATTR_SYSFS] = { .name = "sysfs", .type = BLOBMSG_TYPE_STRING },
+	[LED_ATTR_TRIGGER] = { .name = "trigger", .type = BLOBMSG_TYPE_STRING },
+	[LED_ATTR_DELAYON] = { .name = "delayon", .type = BLOBMSG_TYPE_STRING},
+	[LED_ATTR_DELAYOFF] = { .name = "delayoff", .type = BLOBMSG_TYPE_STRING},
+	[LED_ATTR_VALUE] = { .name = "value", .type = BLOBMSG_TYPE_STRING},
+	[LED_ATTR_KEY] = { .name = "key", .type = BLOBMSG_TYPE_STRING},
+};
+
+static const struct uci_blob_param_list led_param = {
+	.n_params = __LED_ATTR_MAX,
+	.params = led_policy,
+};
+
+static char led[][8]={"lan", "wan", "eth", "wifi2", "wifi5", "wlan2g", "wlan5g", "power","eth0",
+			  "status", "eth1", "wifi2g", "eth2", "wifi5g", "plug", "world", "usb", "linksys", "wps", "bt"};
+
+static void led_state(int config)
+{
+	struct blob_attr *tb[__LED_ATTR_MAX] = { };
+	struct uci_package *system;
+	struct uci_section *s = NULL;
+	struct uci_element *e = NULL;
+	char val[8];
+	char key[16];
+	blob_buf_init(&b, 0);
+	uci_load(uci, "system", &system);
+	uci_foreach_element(&system->sections, e) {
+		s = uci_to_section(e);
+		if (!strcmp(s->type, "led")) {
+			uci_to_blob(&b, s, &led_param);
+			blobmsg_parse(led_policy, __LED_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));
+			if(tb[LED_ATTR_KEY])
+				strcpy(key, blobmsg_get_string(tb[LED_ATTR_KEY]));
+			if(tb[LED_ATTR_VALUE])
+				strcpy(val, blobmsg_get_string(tb[LED_ATTR_VALUE]));
+			break;
+		}
+		s = NULL;
+	}
+	if (!s)
+		goto out;
+	if (config)
+		node_config_set("led", key, val);
+	node_state_set("led", key, val);
+out:
+	uci_unload(uci, system);
+}
+
+int available_led_check(char *led_name)
+{
+	unsigned int i;
+	for (i = 0; i < ARRAY_SIZE(led); i++) {
+		if(!strcmp(led_name,led[i])) {
+			return 1;
+		}
+	}
+	return 0;
+}
+
+static void set_led_config(char *trigger_name, char *key, char* value, char* led_string, char* led_section)
+{
+	blob_buf_init(&b, 0);
+	blobmsg_add_string(&b, "sysfs", led_string);
+	blobmsg_add_string(&b, "trigger", trigger_name);
+	blobmsg_add_string(&b, "value", value);
+	blobmsg_add_string(&b, "key", key);
+	blob_to_uci_section(uci, "system", led_section, "led", b.head, &led_param, NULL);
+	return;
+}
+
+static void led_handler(int type,
+			struct schema_Node_Config *old,
+			struct schema_Node_Config *conf)
+{
+	char led_string[32];
+	char ap_name[16];
+	char color[16];
+	char led_section[16];
+	char sys[8];
+	char class[8];
+	char leds[8];
+	char sysled[PATH_MAX];
+	glob_t gl;
+	unsigned int i;
+
+	switch (type) {
+	case OVSDB_UPDATE_NEW:
+	case OVSDB_UPDATE_MODIFY:
+		if (!strcmp(conf->key, "led_blink") || !strcmp(conf->key, "led_off"))
+		{
+			if (glob("/sys/class/leds/*", GLOB_NOSORT, NULL, &gl))
+				return;
+			for (i = 0; i < gl.gl_pathc; i++) {
+				strncpy(sysled, gl.gl_pathv[i], sizeof(sysled));
+				sscanf(sysled,"/%[^/]/%[^/]/%[^/]/%s", sys, class, leds, led_string);
+				sscanf(led_string,"%[^:]:%[^:]:%s",ap_name, color, led_section);
+				if(available_led_check(led_section)) {
+					if(!strcmp(conf->key, "led_blink")) {
+						set_led_config("heartbeat", conf->key, conf->value, led_string, led_section);
+					}
+					else if(!strcmp(conf->key, "led_off")) {
+						set_led_config("none", conf->key, conf->value, led_string, led_section);
+					}
+				}
+			}
+		}
+		globfree(&gl);
+	}
+	uci_commit_all(uci);
+	led_state(0);
+}
+
 static struct node_handler {
 	char *name;
 	void (*handler)(int type,
@@ -259,6 +394,11 @@ static struct node_handler {
 		.handler = ntp_handler,
 		.state = ntp_state,
 	},
+	{
+		.name = "led",
+		.handler = led_handler,
+		.state = led_state,
+	},
 };
 
 static void callback_Node_Config(ovsdb_update_monitor_t *mon,

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/captive.h

@@ -10,7 +10,7 @@ extern const struct schema_Wifi_VIF_Config *vconf;
 extern void vif_captive_portal_set (const struct schema_Wifi_VIF_Config *vconf, char *ifname);
 extern void vif_state_captive_portal_options_get(struct schema_Wifi_VIF_State *vstate);
 extern void captive_portal_init();
-extern void splash_page_logo(char* dest_file,char* src_url);
+extern void captive_portal_files_download(char* dest_file,char* src_url);
 extern void vif_dhcp_opennds_allowlist_set(const struct schema_Wifi_VIF_Config *vconf, char *ifname);
 extern void vif_state_dhcp_allowlist_get(struct schema_Wifi_VIF_State *vstate);
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/fixup.h

@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#ifndef _FIXUP_H__
+#define _FIXUP_H__
+
+struct vif_fixup {
+        struct avl_node avl;
+        char name[IF_NAMESIZE];
+        bool has_captive;
+};
+
+struct vif_fixup * vif_fixup_find(const char *name);
+void vif_fixup_del(char *ifname);
+
+
+bool vif_fixup_captive_enabled(void);
+bool vif_fixup_iface_captive_enabled(const char *ifname);
+void vif_fixup_set_iface_captive(const char *ifname, bool en);
+#endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/phy.h

@@ -5,13 +5,14 @@
 
 extern int phy_from_path(char *path, char *phy);
 extern int phy_get_mac(char *phy, char *mac);
-extern int phy_find_hwmon(char *path, char *hwmon);
+extern int phy_find_hwmon(char *phy, char *hwmon, bool *DegreesNotMilliDegrees);
 extern int phy_get_tx_chainmask(const char *name);
 extern int phy_get_rx_chainmask(const char *name);
 extern int phy_get_tx_available_antenna(const char *name);
 extern int phy_get_rx_available_antenna(const char *name);
 extern int phy_get_max_tx_power(const char *name , int channel);
 extern int phy_get_channels(const char *name, int *channel);
+extern int phy_get_dfs_channels(const char *name, int *channel);
 extern int phy_get_channels_state(const char *name,
 			struct schema_Wifi_Radio_State *rstate);
 extern int phy_get_band(const char *name, char *band);

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/radio.h

@@ -3,6 +3,10 @@
 #ifndef _RADIO_H__
 #define _RADIO_H__
 
+#include "ovsdb_update.h"
+
+#define CONFIG_APPLY_TIMEOUT 35
+
 struct rrm_neighbor {
 	char *mac;
 	char *ssid;
@@ -10,7 +14,6 @@ struct rrm_neighbor {
 };
 
 extern const struct target_radio_ops *radio_ops;
-extern int reload_config;
 extern struct blob_buf b;
 extern struct uci_context *uci;
 
@@ -22,5 +25,8 @@ extern int hapd_rrm_set_neighbors(char *name, struct rrm_neighbor *neigh, int co
 extern void radio_maverick(void *arg);
 
 int nl80211_channel_get(char *name, unsigned int *chan);
+void set_config_apply_timeout(ovsdb_update_monitor_t *mon);
+bool apc_read_conf(struct schema_APC_Config *apcconf);
+bool apc_read_state(struct schema_APC_State *apcst);
 
 #endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/timer.h

@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#ifndef __TIMER_H__
+#define __TIMER_H__
+
+#include <sys/time.h>
+
+struct timeout;
+typedef void (*timeout_handler)(struct timeout *t);
+
+struct timeout {
+	bool pending;
+	timeout_handler cb;
+	struct timeval time;
+};
+
+int timeout_set(struct timeout *timeout, int msecs);
+void timer_expiry_check(struct timeout *timeout);
+
+#endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/utils.h

@@ -41,4 +41,7 @@ extern int net_get_mtu(char *iface);
 extern int net_get_mac(char *iface, char *mac);
 extern int net_is_bridge(char *iface);
 extern char* get_max_channel_bw_channel(int channel_freq, const char* htmode);
+int phy_find_hwmon_helper(char *dir, char *file, char *hwmon);
+extern double dBm_to_mwatts(double dBm);
+extern double mWatts_to_dBm(double mW);
 #endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/vif.h

@@ -19,6 +19,7 @@
 #define OVSDB_SECURITY_ENCRYPTION_WPA_SAE   "WPA-SAE"
 #define OVSDB_SECURITY_ENCRYPTION_WPA_EAP   "WPA-EAP"
 #define OVSDB_SECURITY_ENCRYPTION_WPA3_EAP  "WPA3-EAP"
+#define OVSDB_SECURITY_ENCRYPTION_WPA3_EAP_192  "WPA3-EAP-192"
 #define OVSDB_SECURITY_RADIUS_SERVER_IP     "radius_server_ip"
 #define OVSDB_SECURITY_RADIUS_SERVER_PORT   "radius_server_port"
 #define OVSDB_SECURITY_RADIUS_SERVER_SECRET "radius_server_secret"
@@ -37,5 +38,6 @@ void vif_hs20_update(struct schema_Hotspot20_Config *hs2conf);
 void vif_hs20_osu_update(struct schema_Hotspot20_OSU_Providers *hs2osuconf);
 void vif_hs20_icon_update(struct schema_Hotspot20_Icon_Config *hs2iconconf);
 void vif_section_del(char *section_name);
+void vif_check_radius_proxy(void);
 
 #endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/override.mk

@@ -47,6 +47,8 @@ UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/dhcpdiscovery.c
 UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/radius_probe.c
 UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/rrm_config.c
 UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/radius_proxy.c
+UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/timer.c
+UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/fixup.c
 
 CONFIG_USE_KCONFIG=y
 CONFIG_INET_ETH_LINUX=y

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/captive.c

@@ -20,10 +20,18 @@
 #include "nl80211.h"
 #include "utils.h"
 #include "captive.h"
+#include <libubox/avl-cmp.h>
+#include <libubox/avl.h>
+#include <libubox/vlist.h>
+#include <net/if.h>
+#include "fixup.h"
 
-struct blob_buf cap={ };
+static struct blob_buf cap={ };
+static struct blob_buf cap_blob={ };
+static struct blob_buf url_buf={ };
 static struct uci_package *opennds;
-static struct uci_context *cap_uci;
+static struct uci_context *caps_uci;
+static struct uci_context *capg_uci;
 struct blob_attr *d;
 
 #define SCHEMA_CAPTIVE_PORTAL_OPT_SZ            255
@@ -140,6 +148,10 @@ void vif_state_dhcp_allowlist_get(struct schema_Wifi_VIF_State *vstate)
 	char read_ifname[8];
 	char set[8];
 	struct blob_attr *td[__DNS_ATTR_MAX] = { };
+
+	if (vif_fixup_iface_captive_enabled(vstate->if_name) == false)
+		return;
+
 	uci_load(dns, "dhcp", &dhcp);
 	ip_section = uci_lookup_section(dns, dhcp,"dnsmasq");
 	if(!ip_section) {
@@ -182,12 +194,16 @@ void vif_dhcp_opennds_allowlist_set(const struct schema_Wifi_VIF_Config *vconf,
 	int i;
 	char ips[128];
 	char buff[64];
+
+	if (vif_fixup_iface_captive_enabled(vconf->if_name) == false)
+		return;
+
 	ipset_flush(ifname);
 	e = blobmsg_open_array(&dnsmas, "ipset");
 	for (i = 0; i < vconf->captive_allowlist_len; i++)
 	{
 		strcpy(buff,(char*)vconf->captive_allowlist[i]);
-		sprintf(ips,"/%s/set_%s", buff,"opennds");
+		snprintf(ips, sizeof(ips), "/%s/set_%s", buff,"opennds");
 		blobmsg_add_string(&dnsmas, NULL,ips);
 	}
 	blobmsg_close_array(&dnsmas, e);
@@ -235,10 +251,13 @@ void vif_state_captive_portal_options_get(struct schema_Wifi_VIF_State *vstate)
 	struct blob_attr *tc[__NDS_ATTR_MAX] = { };
 	struct uci_section *cp_section;
 
-	uci_load(cap_uci, "opennds", &opennds);
-	cp_section = uci_lookup_section(cap_uci, opennds,"opennds");
+	if (vif_fixup_iface_captive_enabled(vstate->if_name) == false)
+		return;
+
+	uci_load(capg_uci, "opennds", &opennds);
+	cp_section = uci_lookup_section(capg_uci, opennds,"opennds");
 	if(!cp_section) {
-		uci_unload(cap_uci, opennds);
+		uci_unload(capg_uci, opennds);
 		return;
 	}
 	blob_buf_init(&cap, 0);
@@ -351,15 +370,14 @@ void vif_state_captive_portal_options_get(struct schema_Wifi_VIF_State *vstate)
 			}
 		}
 	}
-uci_unload(cap_uci, opennds);
+uci_unload(capg_uci, opennds);
 return;
 }
 
-void clean_up(CURL *curl,FILE* imagefile, FILE* headerfile)
+void clean_up(CURL *curl,FILE* imagefile)
 {
 	curl_easy_cleanup(curl);
 	fclose(imagefile);
-	fclose(headerfile);
 	return;
 }
 
@@ -368,33 +386,27 @@ size_t write_data(void *ptr, size_t size, size_t nmemb, FILE *stream) {
     return written;
 }
 
-void splash_page_logo(char* dest_file, char* src_url)
+void captive_portal_files_download(char* dest_file, char* src_url)
 {
 	CURL *curl;
 	CURLcode res;
 	FILE *imagefile;
-	FILE *headerfile;
-	static const char *clientcert = "/usr/opensync/certs/client.pem";
+	const char *clientcert = "/usr/opensync/certs/client.pem";
 	const char *clientkey = "/usr/opensync/certs/client_dec.key";
-	static const char *pHeaderFile = "/etc/opennds/splashlogo_header";
 	const char *keytype = "PEM";
-	char errbuf[CURL_ERROR_SIZE];
-	headerfile = fopen(pHeaderFile, "wb");
+
 	imagefile = fopen(dest_file, "wb");
 	if(imagefile == NULL){
 		LOG(ERR, "fopen failed");
-		if(headerfile)
-			fclose(headerfile);
 		return;
 	}
 	curl = curl_easy_init();
 
 	if (curl == NULL){
 		LOG(ERR, "curl_easy_init failed");
-		clean_up(curl,imagefile,headerfile);
+		clean_up(curl,imagefile);
 		return;
 	}
-	curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
 	curl_easy_setopt(curl, CURLOPT_URL, src_url);
 	curl_easy_setopt(curl, CURLOPT_SSLCERT, clientcert);
 	curl_easy_setopt(curl, CURLOPT_SSLKEY, clientkey);
@@ -403,23 +415,22 @@ void splash_page_logo(char* dest_file, char* src_url)
 	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, imagefile);
-	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
 	curl_easy_setopt(curl, CURLOPT_HEADER, 0L);
 
 	res = curl_easy_perform(curl);
 	if (res != CURLE_OK){
-		clean_up(curl,imagefile,headerfile);
+		clean_up(curl,imagefile);
 		remove(dest_file);
 		return;
 	}
-	clean_up(curl,imagefile,headerfile);
+	clean_up(curl,imagefile);
 	return ;
 }
 
 int ipset_create(char *ifnds)
 {
 	char command[64];
-	sprintf(command,"ipset create set_%s hash:ip", ifnds);
+	snprintf(command, sizeof(command), "ipset create set_%s hash:ip", ifnds);
 	return (system(command));
 }
 
@@ -427,18 +438,19 @@ void captive_portal_get_current_urls(char *ifname, char *splash_logo, char *back
 {
 	char *buf = NULL;
 	struct blob_attr *tc[__NDS_ATTR_MAX] = { };
-	struct blob_buf url_buf={ };
-	struct uci_section *cp_section;
+	struct uci_section *cp_section = NULL;
+	struct uci_package *opennds = NULL;
 
-	uci_load(cap_uci, "opennds", &opennds);
-	cp_section = uci_lookup_section(cap_uci, opennds,"opennds");
+	uci_load(caps_uci, "opennds", &opennds);
+	cp_section = uci_lookup_section(caps_uci, opennds,"opennds");
 	if(!cp_section) {
-		uci_unload(cap_uci, opennds);
+		uci_unload(caps_uci, opennds);
 		return;
 	}
 
 	blob_buf_init(&url_buf, 0);
 	uci_to_blob(&url_buf, cp_section, &opennds_param);
+
 	blobmsg_parse(opennds_policy, __NDS_ATTR_MAX, tc, blob_data(url_buf.head), blob_len(url_buf.head));
 
 	if (tc[NDS_ATTR_SPLASH_PAGE_LOGO]) {
@@ -460,7 +472,8 @@ void captive_portal_get_current_urls(char *ifname, char *splash_logo, char *back
 	} else {
 		user_file[0]=0;
 	}
-	uci_unload(cap_uci, opennds);
+	uci_unload(caps_uci, opennds);
+
 	return;
 }
 void opennds_parameters(char *ifname)
@@ -469,7 +482,7 @@ void opennds_parameters(char *ifname)
 	char users_router[7][64] = { "allow tcp port 53","allow udp port 53",
 				"allow udp port 67","allow tcp port 22",
 				"allow tcp port 23", "allow tcp port 80", "allow tcp port 443"};
-	struct blob_buf cap_blob={ };
+
 	blob_buf_init(&cap_blob, 0);
 
 	blobmsg_add_string(&cap_blob, "fwhook_enabled","1");
@@ -493,8 +506,8 @@ void opennds_parameters(char *ifname)
 		blobmsg_add_string(&cap_blob, NULL, users_router[i]);
 	}
 	blobmsg_close_array(&cap_blob, d);
-	blob_to_uci_section(cap_uci, "opennds", "opennds", "opennds", cap_blob.head, &opennds_param, NULL);
-	uci_commit_all(cap_uci);
+	blob_to_uci_section(caps_uci, "opennds", "opennds", "opennds", cap_blob.head, &opennds_param, NULL);
+	uci_commit_all(caps_uci);
 	return;
 }
 
@@ -502,25 +515,26 @@ void opennds_section_del(char *section_name)
 {
 	struct uci_package *opennds;
 	struct uci_element *e = NULL, *tmp = NULL;
-	int ret=0;
+	int ret = 0;
 
-	ret= uci_load(uci, "opennds", &opennds);
+	ret = uci_load(caps_uci, "opennds", &opennds);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", section_name, ret);
+		LOGE("%s: %s uci_load() failed with rc %d", section_name, __func__, ret);
+		uci_unload(caps_uci, opennds);
 		return;
 	}
 	uci_foreach_element_safe(&opennds->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 		if (!strcmp(s->e.name, section_name)) {
-			uci_section_del(uci, "vif", "opennds", (char *)s->e.name, section_name);
+			uci_section_del(caps_uci, "vif", "opennds", (char *)s->e.name, section_name);
 		}
 		else {
 			continue;
 		}
 	}
-	uci_commit(uci, &opennds, false);
-	uci_unload(uci, opennds);
-	reload_config = 1;
+
+	uci_commit(caps_uci, &opennds, false);
+	uci_unload(caps_uci, opennds);
 }
 
 void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *ifname)
@@ -530,23 +544,26 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 	const char *opt;
 	const char *val;
 	blob_buf_init(&cap, 0);
-	char path[64];
-	char webroot[64];
+	char path[64] = {0};
+	char webroot[64] = {0};
+
 	char ipset_tcp80[64];
 	char ipset_tcp443[64];
-	char splash_logo[84];
-	char back_image[84];
-	char user_file[84];
 
-	sprintf(path,"/etc/opennds/htdocs/images/");
-	sprintf(webroot,"/etc/opennds/htdocs");
-	sprintf(ipset_tcp80,"allow tcp port 80 ipset set_opennds");
-	sprintf(ipset_tcp443,"allow tcp port 443 ipset set_opennds");
+	char splash_logo[84] = {0};
+	char back_image[84] = {0};
+	char user_file[84] = {0};
+
+	snprintf(path, sizeof(path), "/etc/opennds/htdocs/images/");
+	snprintf(webroot, sizeof(webroot), "/etc/opennds/htdocs");
+
+	snprintf(ipset_tcp80, sizeof(ipset_tcp80),"allow tcp port 80 ipset set_opennds");
+	snprintf(ipset_tcp443, sizeof(ipset_tcp443), "allow tcp port 443 ipset set_opennds");
+
 	char file_path[128];
 	struct stat st = {0};
 	if (stat(path, &st) == -1)
 		mkdir(path, 0755);
-
 	captive_portal_get_current_urls(ifname, splash_logo, back_image, user_file);
 
 	for (j = 0; j < SCHEMA_CAPTIVE_PORTAL_OPTS_MAX; j++) {
@@ -571,6 +588,7 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 				blobmsg_add_string(&cap, NULL, ipset_tcp80);
 				blobmsg_add_string(&cap, NULL, ipset_tcp443);
 				blobmsg_close_array(&cap, d);
+				vif_fixup_set_iface_captive(ifname, true);
 
 			} else if (strcmp(value,"username")==0) {
 				blobmsg_add_string(&cap, "webroot",webroot);
@@ -585,6 +603,8 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 				blobmsg_add_string(&cap, NULL, ipset_tcp443);
 				blobmsg_close_array(&cap, d);
 
+				vif_fixup_set_iface_captive(ifname, true);
+
 			} else if (strcmp(value,"radius")==0)  {
 				blobmsg_add_string(&cap, "webroot",webroot);
 				opennds_parameters("opennds");
@@ -592,14 +612,19 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 				blobmsg_add_string(&cap, "enabled", "1");
 				blobmsg_add_string(&cap, "gatewayinterface","br-lan");
 				blobmsg_add_string(&cap, "preauth", "/usr/lib/opennds/radius.sh");
+
 				ipset_create("opennds");
 				d = blobmsg_open_array(&cap, "preauthenticated_users");
 				blobmsg_add_string(&cap, NULL, ipset_tcp80);
 				blobmsg_add_string(&cap, NULL, ipset_tcp443);
 				blobmsg_close_array(&cap, d);
+
+				vif_fixup_set_iface_captive(ifname, true);
 			}
 			else {
-				opennds_section_del("opennds");
+				vif_fixup_set_iface_captive(ifname, false);
+				if (vif_fixup_captive_enabled() == false)
+					opennds_section_del("opennds");
 				return;
 			}
 		}
@@ -626,17 +651,21 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 			blobmsg_add_string(&cap, "gatewayname", value);
 
 		else if (strcmp(opt, "splash_page_logo") == 0) {
-			blobmsg_add_string(&cap, "splash_page_logo", value);
-			if (strcmp(splash_logo,value) !=0) {
-				sprintf(file_path,"%s%s",path,"TipLogo.png");
-				splash_page_logo(file_path,value);
+			if (value[0] != '\0') {
+				blobmsg_add_string(&cap, "splash_page_logo", value);
+				if (strcmp(splash_logo,value) !=0) {
+					snprintf(file_path, sizeof(file_path), "%s%s",path,"TipLogo.png");
+					captive_portal_files_download(file_path,value);
+				}
 			}
 
 		} else if (strcmp(opt, "splash_page_background_logo") == 0) {
-			blobmsg_add_string(&cap, "page_background_logo", value);
-			if (strcmp(back_image,value) !=0) {
-				sprintf(file_path,"%s%s",path,"TipBackLogo.png");
-				splash_page_logo(file_path,value);
+			if (value[0] != '\0') {
+				blobmsg_add_string(&cap, "page_background_logo", value);
+				if (strcmp(back_image,value) !=0) {
+					snprintf(file_path, sizeof(file_path),"%s%s",path,"TipBackLogo.png");
+					captive_portal_files_download(file_path,value);
+				}
 			}
 		}
 
@@ -654,20 +683,24 @@ void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *if
 			blobmsg_add_string(&cap, "login_success_text", value);
 
 		else if (strcmp(opt, "username_password_file") == 0) {
-			blobmsg_add_string(&cap, "username_password_file", value);
-			if (strcmp(user_file,value) !=0) {
-				sprintf(file_path,"%s%s",path,"userpass.dat");
-				splash_page_logo(file_path,value);
+			if (value[0] != '\0') {
+				blobmsg_add_string(&cap, "username_password_file", value);
+				if (strcmp(user_file,value) !=0) {
+					snprintf(file_path, sizeof(file_path),"%s%s",path,"userpass.dat");
+					captive_portal_files_download(file_path,value);
+				}
 			}
 		}
 	}
-	blob_to_uci_section(cap_uci, "opennds", "opennds", "opennds", cap.head, &opennds_param, NULL);
-	uci_commit_all(cap_uci);
+	blob_to_uci_section(caps_uci, "opennds", "opennds", "opennds", cap.head, &opennds_param, NULL);
+	uci_commit_all(caps_uci);
 	return;
 }
+
 void captive_portal_init()
 {
-	cap_uci=uci_alloc_context();
+	caps_uci=uci_alloc_context();
+	capg_uci=uci_alloc_context();
 	dns=uci_alloc_context();
 	return;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/fixup.c

@@ -0,0 +1,89 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <stdio.h>
+#include <string.h>
+#include <fcntl.h>
+#include <ctype.h>
+#include <stdbool.h>
+#include <errno.h>
+#include <stdlib.h>
+
+#include "log.h"
+#include "const.h"
+#include "target.h"
+
+#include <libubox/avl-cmp.h>
+#include <libubox/avl.h>
+#include <libubox/vlist.h>
+#include <net/if.h>
+
+#include "fixup.h"
+
+
+/*
+ * VIF Fixup
+ */
+
+static struct avl_tree vif_fixup_tree = AVL_TREE_INIT(vif_fixup_tree, avl_strcmp, false, NULL);
+
+struct vif_fixup * vif_fixup_find(const char *ifname)
+{
+        struct vif_fixup *vif = avl_find_element(&vif_fixup_tree, ifname, vif, avl);
+        if (vif)
+                return vif;
+
+	/* Not found, add */
+        vif = malloc(sizeof(*vif));
+        if (!vif)
+                return NULL;
+
+        memset(vif, 0, sizeof(*vif));
+        strncpy(vif->name, ifname, IF_NAMESIZE);
+        vif->avl.key = vif->name;
+        avl_insert(&vif_fixup_tree, &vif->avl);
+        return vif;
+}
+
+void vif_fixup_del(char *ifname)
+{
+        struct vif_fixup *vif = NULL;
+        vif = avl_find_element(&vif_fixup_tree, ifname, vif, avl);
+        if (vif) {
+		avl_delete(&vif_fixup_tree, &vif->avl);
+		free(vif);
+	}
+}
+
+bool vif_fixup_captive_enabled(void)
+{
+        struct vif_fixup *vif_ptr = NULL;
+        struct vif_fixup *vif = NULL;
+
+	avl_for_each_element_safe(&vif_fixup_tree, vif, avl, vif_ptr) {
+		if (vif->has_captive == true)
+			return true;
+	}
+	return false;
+}
+
+bool vif_fixup_iface_captive_enabled(const char *ifname)
+{
+	struct vif_fixup * vif = NULL;
+
+	vif = vif_fixup_find(ifname);
+
+	if (vif)
+		return vif->has_captive;
+	else
+		return false;
+}
+
+void vif_fixup_set_iface_captive(const char *ifname, bool en)
+{
+	struct vif_fixup * vif = NULL;
+
+	vif = vif_fixup_find(ifname);
+
+	if (vif)
+		vif->has_captive = en;
+}

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio.c

@@ -27,20 +27,25 @@
 #include "rrm_config.h"
 #include "vlan.h"
 #include "radius_proxy.h"
+#include "timer.h"
 
 ovsdb_table_t table_Hotspot20_Config;
 ovsdb_table_t table_Hotspot20_OSU_Providers;
 ovsdb_table_t table_Hotspot20_Icon_Config;
+ovsdb_table_t table_Radius_Proxy_Config;
 
 ovsdb_table_t table_APC_Config;
 ovsdb_table_t table_APC_State;
-unsigned int radproxy_apc;
+ovsdb_table_t table_Wifi_VIF_Config;
+ovsdb_table_t table_Wifi_Inet_Config;
+ovsdb_table_t table_Node_Config;
+
+unsigned int radproxy_apc = 0;
 
 static struct uci_package *wireless;
 struct uci_context *uci;
 struct blob_buf b = { };
 struct blob_buf del = { };
-int reload_config = 0;
 static struct timespec startup_time;
 
 enum {
@@ -77,7 +82,7 @@ static const struct blobmsg_policy wifi_device_policy[__WDEV_ATTR_MAX] = {
 	[WDEV_ATTR_RX_ANTENNA] = { .name = "rxantenna", .type = BLOBMSG_TYPE_INT32 },
 	[WDEV_ATTR_FREQ_BAND] = { .name = "freq_band", .type = BLOBMSG_TYPE_STRING },
 	[WDEV_AATR_CHANNELS] = {.name = "channels", .type = BLOBMSG_TYPE_ARRAY},
-        [WDEV_ATTR_DISABLE_B_RATES] = { .name = "legacy_rates", .type = BLOBMSG_TYPE_BOOL },
+	[WDEV_ATTR_DISABLE_B_RATES] = { .name = "legacy_rates", .type = BLOBMSG_TYPE_BOOL },
 	[WDEV_ATTR_MAXASSOC_CLIENTS] = { .name = "maxassoc", .type = BLOBMSG_TYPE_INT32 },
 	[WDEV_ATTR_LOCAL_PWR_CONSTRAINT] = { .name = "local_pwr_constraint", .type = BLOBMSG_TYPE_INT32 },
 };
@@ -180,6 +185,36 @@ static void radio_state_custom_options_get(struct schema_Wifi_Radio_State *rstat
 	}
 }
 
+static void set_channel_max_power(struct schema_Wifi_Radio_State *rstate,
+                                    int *index, int channel,
+                                    int max_power)
+{
+	rstate->channel_max_power_keys[*index] = channel;
+	rstate->channel_max_power[*index] = max_power;
+	*index += 1;
+	rstate->channel_max_power_len = *index;
+}
+
+// Update the entire channel_max_power map in the radio state
+static void update_channel_max_power(char* phy, struct schema_Wifi_Radio_State *rstate) {
+	int channels[64];
+	int channel_count = phy_get_channels(phy, channels);
+	channel_count += phy_get_dfs_channels(phy, channels + channel_count);
+
+	// Clear the data previously stored in channel_max_power
+	memset(rstate->channel_max_power_keys, 0, sizeof(rstate->channel_max_power_keys));
+	memset(rstate->channel_max_power, 0, sizeof(rstate->channel_max_power));
+	rstate->channel_max_power_len = 0;
+
+	// Set the new values for channel_max_power
+	int i, index = 0;
+	for (i = 0; i < channel_count && i < 64; i++) {
+		int channel = channels[i];
+		int max_tx_power = phy_get_max_tx_power(phy, channel);
+		set_channel_max_power(rstate, &index, channel, max_tx_power);
+	}
+}
+
 const struct uci_blob_param_list wifi_device_param = {
 	.n_params = __WDEV_ATTR_MAX,
 	.params = wifi_device_policy,
@@ -215,6 +250,8 @@ static bool radio_state_update(struct uci_section *s, struct schema_Wifi_Radio_C
 		return false;
 	}
 
+	update_channel_max_power(phy, &rstate);
+
 	if (tb[WDEV_ATTR_CHANNEL]) {
 		nl80211_channel_get(phy, &chan);
 		if(chan)
@@ -407,8 +444,26 @@ bool target_radio_config_set2(const struct schema_Wifi_Radio_Config *rconf,
 
 	if ((changed->ht_mode) || (changed->hw_mode) || (changed->freq_band)) {
 		int channel_freq;
+		char buffer[8];
+		FILE *confFile_p;
+		const char* hw_mode = rconf->hw_mode;
+
 		channel_freq = ieee80211_channel_to_frequency(rconf->channel);
-		struct mode_map *m = mode_map_get_uci(rconf->freq_band, get_max_channel_bw_channel(channel_freq, rconf->ht_mode), rconf->hw_mode);
+		if (!strcmp(rconf->hw_mode, "auto")) {
+			char command[] = "auto-conf ";
+			strcat(command, phy);
+			confFile_p = popen(command, "r");
+			
+			if (confFile_p)
+			{
+				fgets(buffer, sizeof(buffer), confFile_p);
+				pclose(confFile_p);
+				buffer[strlen(buffer) - 1] = '\0'; // Remove extra \n that got added from 'echo' in script
+				hw_mode = buffer;
+			}
+		}
+
+		struct mode_map *m = mode_map_get_uci(rconf->freq_band, get_max_channel_bw_channel(channel_freq, rconf->ht_mode), hw_mode);
 		if (m) {
 			blobmsg_add_string(&b, "htmode", m->ucihtmode);
 			blobmsg_add_string(&b, "hwmode", m->ucihwmode);
@@ -436,19 +491,14 @@ bool target_radio_config_set2(const struct schema_Wifi_Radio_Config *rconf,
 	blob_to_uci_section(uci, "wireless", rconf->if_name, "wifi-device",
 			    b.head, &wifi_device_param, del.head);
 
-	reload_config = 1;
-
+	uci_commit_all(uci);
 	return true;
 }
 
 static void periodic_task(void *arg)
 {
-	static int counter = 0;
+	int ret = 0;
 	struct uci_element *e = NULL, *tmp = NULL;
-
-	if ((counter % 15) && !reload_config)
-		goto done;
-
 	if (startup_time.tv_sec) {
 		static struct timespec current_time;
 
@@ -459,18 +509,12 @@ static void periodic_task(void *arg)
 			radio_maverick(NULL);
 		}
 	}
-
-	if (reload_config) {
-		LOGT("periodic: reload config");
-		reload_config = 0;
-		uci_commit_all(uci);
-		sync();
-		system("reload_config");
+	LOGD("periodic: start state update ");
+	ret = uci_load(uci, "wireless", &wireless);
+	if (ret) {
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		goto out;
 	}
-
-	LOGT("periodic: start state update ");
-
-	uci_load(uci, "wireless", &wireless);
 	uci_foreach_element_safe(&wireless->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 
@@ -485,11 +529,10 @@ static void periodic_task(void *arg)
 			vif_state_update(s, NULL);
 	}
 	uci_unload(uci, wireless);
-	LOGT("periodic: stop state update ");
+	LOGD("periodic: stop state update ");
 
-done:
-	counter++;
-	evsched_task_reschedule_ms(EVSCHED_SEC(1));
+out:
+	evsched_task_reschedule_ms(EVSCHED_SEC(15));
 }
 
 bool target_radio_config_init2(void)
@@ -522,7 +565,6 @@ bool target_radio_config_init2(void)
 	}
 	if (invalidVifFound) {
 		uci_commit(uci, &wireless, false);
-		reload_config = 1;
 	}
 	uci_unload(uci, wireless);
 
@@ -605,6 +647,7 @@ void radio_maverick(void *arg)
 	uci_unload(uci, wireless);
 }
 
+
 static void callback_Hotspot20_Config(ovsdb_update_monitor_t *mon,
 				 struct schema_Hotspot20_Config *old,
 				 struct schema_Hotspot20_Config *conf)
@@ -624,6 +667,7 @@ static void callback_Hotspot20_Config(ovsdb_update_monitor_t *mon,
 		LOG(ERR, "Hotspot20_Config: unexpected mon_type %d %s", mon->mon_type, mon->mon_uuid);
 		break;
 	}
+	set_config_apply_timeout(mon);
 	return;
 }
 
@@ -647,6 +691,7 @@ static void callback_Hotspot20_OSU_Providers(ovsdb_update_monitor_t *mon,
 				mon->mon_type, mon->mon_uuid);
 		break;
 	}
+	set_config_apply_timeout(mon);
 	return;
 }
 
@@ -671,6 +716,7 @@ static void callback_Hotspot20_Icon_Config(ovsdb_update_monitor_t *mon,
 				mon->mon_type, mon->mon_uuid);
 		break;
 	}
+	set_config_apply_timeout(mon);
 	return;
 
 }
@@ -691,43 +737,34 @@ const struct uci_blob_param_list apc_param = {
 
 void APC_config_update(struct schema_APC_Config *conf)
 {
-	struct uci_package *apc;
 	struct blob_buf apcb = { };
-	int rc = 0;
+	struct uci_context *apc_uci;
 
-	LOGD("APC: APC_config_update");
-
-	rc = uci_load(uci, "apc", &apc);
-	if (rc)
-	{
-		LOGD("%s: uci_load failed with rc %d", __func__, rc);
-	}
+	apc_uci = uci_alloc_context();
 
 	blob_buf_init(&apcb, 0);
-
- 	if (conf->enabled_changed) {
-		if (conf->enabled == true) {
-			blobmsg_add_bool(&apcb, "enabled", 1);
-			system("/etc/init.d/apc start");
-		}
-		else {
-			blobmsg_add_bool(&apcb, "enabled", 0);
-			system("/etc/init.d/apc stop");
-		}
+	if (conf && conf->enabled == true) {
+		blobmsg_add_bool(&apcb, "enabled", 1);
+		system("/etc/init.d/apc start");
+	} else {
+		blobmsg_add_bool(&apcb, "enabled", 0);
+		system("/etc/init.d/apc stop");
 	}
 
-        blob_to_uci_section(uci, "apc", "apc", "apc",
-                            apcb.head, &apc_param, NULL);
+	blob_to_uci_section(apc_uci, "apc", "apc", "apc",
+			apcb.head, &apc_param, NULL);
 
-	uci_commit(uci, &apc, false);
-	uci_unload(uci, apc);
+	uci_commit_all(apc_uci);
+	uci_free_context(apc_uci);
 }
 
 static void callback_APC_Config(ovsdb_update_monitor_t *mon,
                                 struct schema_APC_Config *old,
                                 struct schema_APC_Config *conf)
 {
-	if (mon->mon_type != OVSDB_UPDATE_DEL)
+	if (mon->mon_type == OVSDB_UPDATE_DEL)
+		APC_config_update(NULL);
+	else
 		APC_config_update(conf);
 
 }
@@ -747,6 +784,10 @@ static void callback_APC_State(ovsdb_update_monitor_t *mon,
 		radproxy_apc = 0;
 		system("ubus call service event '{\"type\": \"config.change\", \"data\": { \"package\": \"wireless\" }}'");
 	}
+
+	/* APC changed: start / stop radius proxy service if needed */
+	vif_check_radius_proxy();
+
 }
 
 struct schema_APC_State apc_state;
@@ -767,9 +808,105 @@ static const struct blobmsg_policy apc_policy[__APC_ATTR_MAX] = {
 
 struct schema_APC_Config apc_conf;
 
+
+bool apc_read_conf(struct schema_APC_Config *apcconf)
+{
+	json_t *jrows;
+	int cnt = 0;
+	int i = 0;
+	pjs_errmsg_t perr;
+
+	jrows = ovsdb_sync_select_where(SCHEMA_TABLE(APC_Config), NULL);
+	if(!jrows)
+	{
+		return false;
+	}
+	cnt = json_array_size(jrows);
+	if(!cnt)
+	{
+		json_decref(jrows);
+		return false;
+	}
+
+	for (i = 0; i < cnt; i++)
+	{
+		if(!schema_APC_Config_from_json(apcconf, json_array_get(jrows, i),
+						false, perr))
+		{
+			LOGE("Unable to parse APC Config column: %s", perr);
+			json_decref(jrows);
+			return false;
+		}
+	}
+	json_decref(jrows);
+
+	return true;
+}
+
+bool apc_read_state(struct schema_APC_State *apcst)
+{
+	json_t *jrows;
+	int cnt = 0;
+	int i = 0;
+	pjs_errmsg_t perr;
+
+	jrows = ovsdb_sync_select_where(SCHEMA_TABLE(APC_State), NULL);
+	if(!jrows)
+	{
+		return false;
+	}
+	cnt = json_array_size(jrows);
+	if(!cnt)
+	{
+		json_decref(jrows);
+		return false;
+	}
+
+	for (i = 0; i < cnt; i++)
+	{
+		if(!schema_APC_State_from_json(apcst, json_array_get(jrows, i),
+						false, perr))
+		{
+			LOGE("Unable to parse APC State column: %s", perr);
+			json_decref(jrows);
+			return false;
+		}
+	}
+	json_decref(jrows);
+
+	return true;
+}
+
+/* Check if apc conf is disabled, if disabled the update state
+ * with NC mode and return, this is to avoid the apc ubus
+ * notifications which come after the APC is disabled */
+bool apc_conf_en()
+{
+	struct schema_APC_Config apcconf;
+	struct schema_APC_State apc_state;
+
+	if(apc_read_conf(&apcconf) == false)
+		return true;
+
+	if (apcconf.enabled == false) {
+		SCHEMA_SET_STR(apc_state.mode, "NC");
+		SCHEMA_SET_STR(apc_state.dr_addr, "0.0.0.0");
+		SCHEMA_SET_STR(apc_state.bdr_addr, "0.0.0.0");
+		SCHEMA_SET_INT(apc_state.enabled, false);
+		if (!ovsdb_table_update(&table_APC_State, &apc_state))
+			LOG(ERR, "APC_state: failed to update");
+		return false;
+	}
+	return true;
+}
+
 void apc_state_set(struct blob_attr *msg)
 {
 	struct blob_attr *tb[__APC_ATTR_MAX] = { };
+	struct schema_APC_State apc_state;
+
+	if(apc_conf_en() == false)
+		return;
 
 	blobmsg_parse(apc_policy, __APC_ATTR_MAX, tb,
 		      blob_data(msg), blob_len(msg));
@@ -780,12 +917,12 @@ void apc_state_set(struct blob_attr *msg)
 			       blobmsg_get_string(tb[APC_ATTR_MODE]));
 	}
 	if (tb[APC_ATTR_DR_ADDR]) {
-		LOGD("APC br-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
+		LOGD("APC dr-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
 		SCHEMA_SET_STR(apc_state.dr_addr,
 			       blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
 	}
 	if (tb[APC_ATTR_BDR_ADDR]) {
-		LOGD("APC dbr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
+		LOGD("APC bdr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
 		SCHEMA_SET_STR(apc_state.bdr_addr,
 			       blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
 	}
@@ -799,21 +936,137 @@ void apc_state_set(struct blob_attr *msg)
 		}
 	}
 
-	LOGD("APC_state Updating");
+	LOGI("APC_state Updating: mode: %s, dr-addr: %s bdr-addr: %s", 
+	     apc_state.mode, apc_state.dr_addr, apc_state.bdr_addr);
+
 	if (!ovsdb_table_update(&table_APC_State, &apc_state))
 		LOG(ERR, "APC_state: failed to update");
+
 }
 
+static ovsdb_table_t table_Manager;
+static int conn_since = 0;
+#define APC_CLOUD_MON_PERIOD 60
+
+static void apc_enable(bool flag) {
+
+	struct schema_APC_State apc_state;
+	
+	LOGI("APC %s: %s APC", __func__, flag?"enable":"disable");
+	if (flag == false) {
+		if(apc_read_state(&apc_state) == false) {
+			LOG(ERR, "%s: APC_State read failed", __func__);
+			apc_state.enabled = true;
+		}
+
+		if (apc_state.enabled == true) {
+			SCHEMA_SET_INT(apc_conf.enabled, flag);
+			if (!ovsdb_table_update(&table_APC_Config, &apc_conf)) {
+				LOG(ERR, "%s:APC_Config: failed to update", __func__);
+				return;
+			}
+			SCHEMA_SET_STR(apc_state.mode, "NC");
+			SCHEMA_SET_STR(apc_state.dr_addr, "0.0.0.0");
+			SCHEMA_SET_STR(apc_state.bdr_addr, "0.0.0.0");
+			SCHEMA_SET_INT(apc_state.enabled, false);
+			if (!ovsdb_table_update(&table_APC_State, &apc_state))
+				LOG(ERR, "APC_state: failed to update");
+		}
+	} else {
+		SCHEMA_SET_INT(apc_conf.enabled, flag);
+		if (!ovsdb_table_update(&table_APC_Config, &apc_conf)) {
+			LOG(ERR, "%s:APC_Config: failed to update", __func__);
+			return;
+		}
+	}
+}
+
+static void
+apc_cld_mon_cb(struct schema_Manager *mgr)
+{
+	int i = 0;
+	conn_since = 0;
+	struct schema_APC_State apc_state;
+	int ret = 0;
+	int link = 1;
+
+	if(apc_read_state(&apc_state) == false) {
+		LOG(ERR, "%s: APC_State read failed", __func__);
+		return;
+	}
+
+	/*Checks if wan ethernet port is down and disables apc*/
+	ret = system("/bin/check_wan_link.sh");
+	if (WIFEXITED(ret)) {
+		link = WEXITSTATUS(ret);
+		if (link == 0) {
+			LOGD("APC link down");
+			apc_enable(false);
+			return;
+		}
+	}
+
+	/*if cloud conn is false then disable apc*/
+	if (mgr->is_connected == false) {
+			apc_enable(false);
+	}
+	else {
+		for(i=0; i < mgr->status_len; i++) {
+			if(!strncmp(mgr->status_keys[i] , "sec_since_connect",
+					       strlen("sec_since_connect"))) {
+				conn_since = atoi(mgr->status[i]);
+				break;
+			}
+		}
+
+		/*if the APC was stopped earlier, start it if connection good
+		 * for atleast 60 secs*/
+		if (!apc_state.enabled && conn_since > APC_CLOUD_MON_PERIOD) {
+			apc_enable(true);
+		}
+	}
+}
+
+/*Monitor the cloud connection*/
+static void callback_Manager(ovsdb_update_monitor_t *mon,
+			     struct schema_Manager *old,
+			     struct schema_Manager *conf)
+{
+	switch (mon->mon_type)
+	{
+	case OVSDB_UPDATE_NEW:
+	case OVSDB_UPDATE_MODIFY:
+		apc_cld_mon_cb(conf);
+		break;
+
+	case OVSDB_UPDATE_DEL:
+		apc_enable(false);
+		break;
+
+	default:
+		break;
+	}
+	return;
+}
+
+void cloud_disconn_mon(void)
+{
+	OVSDB_TABLE_INIT_NO_KEY(Manager);
+	OVSDB_TABLE_MONITOR(Manager, false);
+}
 
 void apc_init()
 {
 	/* APC Config */
-	OVSDB_TABLE_INIT(APC_Config, _uuid);
+	OVSDB_TABLE_INIT_NO_KEY(APC_Config);
 	OVSDB_TABLE_MONITOR(APC_Config, false);
-	SCHEMA_SET_INT(apc_conf.enabled, true);
+	/* Disable APC by default, enable when cloud connected*/
+	SCHEMA_SET_INT(apc_conf.enabled, false);
 	LOGI("APC state/config Initialize");
-	if (!ovsdb_table_insert(&table_APC_Config, &apc_conf))
+	if (!ovsdb_table_insert(&table_APC_Config, &apc_conf)) {
 		LOG(ERR, "APC_Config: failed to initialize");
+		return;
+	}
 
 	/* APC State */
 	OVSDB_TABLE_INIT_NO_KEY(APC_State);
@@ -822,8 +1075,61 @@ void apc_init()
 	SCHEMA_SET_STR(apc_state.dr_addr, "0.0.0.0");
 	SCHEMA_SET_STR(apc_state.bdr_addr, "0.0.0.0");
 	SCHEMA_SET_INT(apc_state.enabled, false);
-	if (!ovsdb_table_insert(&table_APC_State, &apc_state))
+	if (!ovsdb_table_insert(&table_APC_State, &apc_state)) {
 		LOG(ERR, "APC_state: failed to initialize");
+		return;
+	}
+
+	/* Cloud connection monitor - if cloud unreachable
+	 * for certain time, disable APC and enable after the
+	 * cloud connection becomes stable. */
+	cloud_disconn_mon();
+
+}
+
+static void apply_config_handler(struct timeout *timeout)
+{
+	uci_commit_all(uci);
+	sync();
+	LOGI("====Calling reload_config====");
+	system("/sbin/reload_config");
+}
+
+static struct timeout config_timer = {
+		.cb = apply_config_handler
+};
+
+static void config_timer_task(void *arg)
+{
+	timer_expiry_check(&config_timer);
+	evsched_task_reschedule_ms(EVSCHED_SEC(1));
+}
+
+void set_config_apply_timeout(ovsdb_update_monitor_t *mon)
+{
+	static bool firstconfig = true;
+	LOGI("=====Received config update - table:%s uuid:%s Action:%d======", mon->mon_table, mon->mon_uuid, mon->mon_type);
+	if(firstconfig) {
+		firstconfig = false;
+		timeout_set(&config_timer, CONFIG_APPLY_TIMEOUT * 1000);
+		evsched_task(&config_timer_task, NULL, EVSCHED_SEC(1));
+	} else {
+		timeout_set(&config_timer, CONFIG_APPLY_TIMEOUT * 1000);
+	}
+}
+
+static void callback_Wifi_Inet_Config(ovsdb_update_monitor_t *mon,
+		struct schema_Wifi_Inet_Config *old_rec,
+		struct schema_Wifi_Inet_Config *iconf)
+{
+	set_config_apply_timeout(mon);
+}
+
+static void callback_Node_Config(ovsdb_update_monitor_t *mon,
+		struct schema_Node_Config *old,
+		struct schema_Node_Config *conf)
+{
+	set_config_apply_timeout(mon);
 }
 
 bool target_radio_init(const struct target_radio_ops *ops)
@@ -854,12 +1160,17 @@ bool target_radio_init(const struct target_radio_ops *ops)
 	OVSDB_TABLE_INIT(Radius_Proxy_Config, _uuid);
 	OVSDB_TABLE_MONITOR(Radius_Proxy_Config, false);
 
-	apc_init();
+	OVSDB_TABLE_INIT(Wifi_Inet_Config, _uuid);
+	OVSDB_TABLE_MONITOR(Wifi_Inet_Config, false);
+
+	OVSDB_TABLE_INIT(Node_Config, _uuid);
+	OVSDB_TABLE_MONITOR(Node_Config, false);
 
 	evsched_task(&periodic_task, NULL, EVSCHED_SEC(5));
 
 	radio_nl80211_init();
 	radio_ubus_init();
+	apc_init();
 
 	clock_gettime(CLOCK_MONOTONIC, &startup_time);
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio_nl80211.c

@@ -50,7 +50,8 @@
 extern struct ev_loop *wifihal_evloop;
 extern ovsdb_table_t table_Wifi_VIF_State;
 extern ovsdb_table_t table_Wifi_Associated_Clients;
-static struct unl unl;
+static struct unl unl_req;
+static struct unl unl_notify;
 static ev_io unl_io;
 
 static int avl_addrcmp(const void *k1, const void *k2, void *ptr)
@@ -394,6 +395,7 @@ static void nl80211_add_phy(struct nlattr **tb, char *name)
 
 					if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) {
 						phy->chandfs[chan] = 1;
+						phy->chanpwr[chan] = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]);
 						phy->chandisabled[chan] = 0;
 						LOG(DEBUG, "%s: found dfs channel %d", phy->name, chan);
 						continue;
@@ -471,10 +473,10 @@ int nl80211_channel_get(char *name, unsigned int *chan)
 	if (!idx)
 		return -1;
 
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_INTERFACE, true);
 	nla_put_u32(msg, NL80211_ATTR_IFINDEX, idx);
 
-	unl_genl_request(&unl, msg, nl80211_channel_recv, chan);
+	unl_genl_request(&unl_req, msg, nl80211_channel_recv, chan);
 
 	phy->current_channel = *chan;
 
@@ -562,7 +564,7 @@ static void nl80211_ev(struct ev_loop *ev, struct ev_io *io, int event)
 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, NULL);
 	nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
 	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, nl80211_recv, NULL);
-	nl_recvmsgs(unl.sock, cb);
+	nl_recvmsgs(unl_notify.sock, cb);
 	nl_cb_put(cb);
 }
 
@@ -580,24 +582,33 @@ int radio_nl80211_init(void)
 {
 	struct nl_msg *msg;
 
-	if (unl_genl_init(&unl, "nl80211") < 0) {
+	if (unl_genl_init(&unl_req, "nl80211") < 0) {
 		syslog(0, "nl80211: failed to connect\n");
 		return -1;
 	}
 
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_WIPHY, true);
-	unl_genl_request(&unl, msg, nl80211_recv, NULL);
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
-	unl_genl_request(&unl, msg, nl80211_recv, NULL);
+	if (unl_genl_init(&unl_notify, "nl80211") < 0) {
+		syslog(0, "nl80211: failed to connect\n");
+		return -1;
+	}
 
-	unl_genl_subscribe(&unl, "config");
-	unl_genl_subscribe(&unl, "mlme");
-	unl_genl_subscribe(&unl, "vendor");
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_WIPHY, true);
+	unl_genl_request(&unl_req, msg, nl80211_recv, NULL);
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_INTERFACE, true);
+	unl_genl_request(&unl_req, msg, nl80211_recv, NULL);
 
-	if (nl_socket_set_buffer_size(unl.sock, 262144, 0) < 0)
+	unl_genl_subscribe(&unl_notify, "config");
+	unl_genl_subscribe(&unl_notify, "mlme");
+	unl_genl_subscribe(&unl_notify, "vendor");
+
+
+	if (nl_socket_set_buffer_size(unl_notify.sock, 262144, 0) < 0)
 		LOGE("radio_nl80211: Failed to set nl socket buffer size");
 
-	ev_io_init(&unl_io, nl80211_ev, unl.sock->s_fd, EV_READ);
+	if (nl_socket_set_nonblocking(unl_notify.sock))
+		LOGE("radio_nl80211: Failed to set socket in the non blocking mode");
+
+	ev_io_init(&unl_io, nl80211_ev, unl_notify.sock->s_fd, EV_READ);
         ev_io_start(wifihal_evloop, &unl_io);
 	evsched_task(&vif_poll_stations, NULL, EVSCHED_SEC(5));
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radius_proxy.c

@@ -27,7 +27,6 @@
 #include "utils.h"
 #include "radius_proxy.h"
 
-ovsdb_table_t table_Radius_Proxy_Config;
 struct blob_buf uci_buf = {};
 struct blob_attr *n;
 extern ovsdb_table_t table_APC_State;
@@ -35,11 +34,13 @@ extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
 
 enum {
 	RADIUS_PROXY_OPTIONS_LISTEN_UDP,
+	RADIUS_PROXY_OPTIONS_NAME,
 	__RADIUS_PROXY_OPTIONS_MAX
 };
 
 enum {
 	RADIUS_PROXY_CLIENT_NAME,
+	RADIUS_PROXY_CLIENT_HOST,
 	RADIUS_PROXY_CLIENT_TYPE,
 	RADIUS_PROXY_CLIENT_SECRET,
 	__RADIUS_PROXY_CLIENT_MAX
@@ -47,11 +48,14 @@ enum {
 
 enum {
 	RADIUS_PROXY_SERVER_NAME,
+	RADIUS_PROXY_SERVER_HOST,
 	RADIUS_PROXY_SERVER_TYPE,
 	RADIUS_PROXY_SERVER_SECRET,
+	RADIUS_PROXY_SERVER_PORT,
 	RADIUS_PROXY_SERVER_STATUS,
 	RADIUS_PROXY_SERVER_TLS,
 	RADIUS_PROXY_SERVER_CERT_NAME_CHECK,
+	RADIUS_PROXY_SERVER_DYNAMIC_LOOKUP,
 	__RADIUS_PROXY_SERVER_MAX
 };
 
@@ -74,10 +78,12 @@ enum {
 
 static const struct blobmsg_policy radius_proxy_options_policy[__RADIUS_PROXY_OPTIONS_MAX] = {
 		[RADIUS_PROXY_OPTIONS_LISTEN_UDP] = { .name = "ListenUDP", BLOBMSG_TYPE_ARRAY },
+		[RADIUS_PROXY_OPTIONS_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
 };
 
 static const struct blobmsg_policy radius_proxy_client_policy[__RADIUS_PROXY_CLIENT_MAX] = {
 		[RADIUS_PROXY_CLIENT_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_CLIENT_HOST] = { .name = "host", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_CLIENT_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_CLIENT_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
 };
@@ -92,11 +98,14 @@ static const struct blobmsg_policy radius_proxy_tls_policy[__RADIUS_PROXY_TLS_MA
 
 static const struct blobmsg_policy radius_proxy_server_policy[__RADIUS_PROXY_SERVER_MAX] = {
 		[RADIUS_PROXY_SERVER_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_HOST] = { .name = "host", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_SERVER_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_SERVER_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_SERVER_PORT] = { .name = "port", BLOBMSG_TYPE_INT32 },
 		[RADIUS_PROXY_SERVER_STATUS] = { .name = "statusServer", BLOBMSG_TYPE_BOOL },
 		[RADIUS_PROXY_SERVER_TLS] = { .name = "tls", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_SERVER_CERT_NAME_CHECK] = { .name = "certificateNameCheck", BLOBMSG_TYPE_BOOL },
+		[RADIUS_PROXY_SERVER_DYNAMIC_LOOKUP] = { .name = "dynamicLookupCommand", BLOBMSG_TYPE_STRING },
 };
 
 static const struct blobmsg_policy radius_proxy_realm_policy[__RADIUS_PROXY_REALM_MAX] = {
@@ -140,21 +149,31 @@ static bool radsec_download_cert(char *cert_name, char *dir_name, char *cert_url
 {
 	CURL *curl;
 	FILE *fp;
-	CURLcode res;
+	CURLcode curl_ret;
 	char path[200];
+	char dir_path[200];
 	char name[32];
 	char dir[32];
 	char *gw_clientcert = "/usr/opensync/certs/client.pem";
 	char *gw_clientkey = "/usr/opensync/certs/client_dec.key";
+	struct stat stat_buf;
 
 	strcpy(name, cert_name);
 	strcpy(dir, dir_name);
+	sprintf(dir_path, "/tmp/radsec/certs/%s", dir);
 	sprintf(path, "/tmp/radsec/certs/%s/%s", dir, name);
 
+	if (stat(dir_path, &stat_buf) == -1)
+	{
+		char cmd[200];
+		sprintf(cmd, "mkdir -p %s", dir_path);
+		system(cmd);
+	}
+
 	curl = curl_easy_init();
 	if (curl)
 	{
-		fp = fopen(path,"wb");
+		fp = fopen(path, "wb");
 
 		if (fp == NULL)
 		{
@@ -177,55 +196,60 @@ static bool radsec_download_cert(char *cert_name, char *dir_name, char *cert_url
 		curl_easy_setopt(curl, CURLOPT_URL, cert_url);
 		curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, file_write);
 		curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);
-		res = curl_easy_perform(curl);
+		curl_ret = curl_easy_perform(curl);
+
+		if (curl_ret != CURLE_OK)
+		{
+			LOGE("radsec: certificate download failed %s", curl_easy_strerror(curl_ret));
+			curl_easy_cleanup(curl);
+			fclose(fp);
+			remove(path);
+			return false;
+		}
+
 		curl_easy_cleanup(curl);
 		fclose(fp);
-		return res;
 	}
 
 	return true;
 }
 
-static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
+static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf)
 {
-	int i=0;
+	int i = 0;
 	char path[200];
 	char name[256];
-	struct schema_APC_State apc_conf;
-
-	/* Configure only if APC selects this as master AP (DR) */
-	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
-	if (false == ovsdb_table_select_one_where(&table_APC_State,
-			where, &apc_conf)) {
-		LOG(INFO, "APC_State read failed");
-		return false;
-	}
-
-	if (!strncmp(apc_conf.mode, "OR", 2) || !strncmp(apc_conf.mode, "BDR", 2))
-		return false;
+	char server_name[256] = {};
+	char acct_server_name[256] = {};
+	char tls_name[256] = {};
 
 	/* Configure options block */
 	blob_buf_init(&uci_buf, 0);
 	n = blobmsg_open_array(&uci_buf,"ListenUDP");
-	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1812");
-	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1813");
+	blobmsg_add_string(&uci_buf, NULL, "*:1812");
+	blobmsg_add_string(&uci_buf, NULL, "*:1813");
 	blobmsg_close_array(&uci_buf, n);
 	memset(name, '\0', sizeof(name));
 	sprintf(name, "%s%s", conf->radius_config_name, "options");
+	blobmsg_add_string(&uci_buf, "name", name);
 	blob_to_uci_section(uci, "radsecproxy", name, "options",
 			uci_buf.head, &radius_proxy_options_param, NULL);
 
 	/* Configure client block */
 	blob_buf_init(&uci_buf, 0);
-	blobmsg_add_string(&uci_buf, "name", "localhost");
+	blobmsg_add_string(&uci_buf, "host", "0.0.0.0/0");
 	blobmsg_add_string(&uci_buf, "type", "udp");
 	blobmsg_add_string(&uci_buf, "secret", "secret");
 	memset(name, '\0', sizeof(name));
 	sprintf(name, "%s%s", conf->radius_config_name, "client");
+	blobmsg_add_string(&uci_buf, "name", name);
 	blob_to_uci_section(uci, "radsecproxy", name, "client",
 			uci_buf.head, &radius_proxy_client_param, NULL);
 
 	/* Configure TLS/non-TLS and server blocks */
+	sprintf(server_name, "%s%s", conf->radius_config_name, "server");
+	sprintf(acct_server_name, "%s%s", conf->radius_config_name, "Acctserver");
+	sprintf(tls_name, "%s%s", conf->radius_config_name, "tls");
 	if (conf->radsec)
 	{
 		blob_buf_init(&uci_buf, 0);
@@ -236,7 +260,7 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		radsec_download_cert("clientdec.key",
 				conf->radius_config_name, conf->client_key);
 
-		blobmsg_add_string(&uci_buf, "name", conf->server);
+		blobmsg_add_string(&uci_buf, "name", tls_name);
 
 		memset(path, '\0', sizeof(path));
 		sprintf(path, "/tmp/radsec/certs/%s/cacert.pem",
@@ -256,34 +280,56 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		if (strlen(conf->passphrase) > 0)
 			blobmsg_add_string(&uci_buf, "certificateKeyPassword", conf->passphrase);
 
-		memset(name, '\0', sizeof(name));
-		sprintf(name, "%s%s", conf->radius_config_name, "tls");
-		blob_to_uci_section(uci, "radsecproxy", name,
+		blob_to_uci_section(uci, "radsecproxy", tls_name,
 				"tls", uci_buf.head, &radius_proxy_tls_param, NULL);
 
 		blob_buf_init(&uci_buf, 0);
-		blobmsg_add_string(&uci_buf, "name", conf->server);
+		if (conf->auto_discover)
+		{ /* auto discover radsec server address via realm DNS NAPTR record */
+			blobmsg_add_string(&uci_buf, "dynamicLookupCommand", "/bin/dynamic_lookup.sh");
+		}
+		else
+		{
+			blobmsg_add_string(&uci_buf, "host", conf->server);
+			blobmsg_add_u32(&uci_buf, "port", conf->port);
+			blobmsg_add_string(&uci_buf, "secret", "radsec");
+		}
+		blobmsg_add_string(&uci_buf, "name", server_name);
 		blobmsg_add_string(&uci_buf, "type", "tls");
-		blobmsg_add_string(&uci_buf, "tls", conf->server);
-		blobmsg_add_string(&uci_buf, "secret", "radsec");
+		blobmsg_add_string(&uci_buf, "tls", tls_name);
 		blobmsg_add_bool(&uci_buf, "statusServer", 0);
 		blobmsg_add_bool(&uci_buf, "certificateNameCheck", 0);
-		memset(name, '\0', sizeof(name));
-		sprintf(name, "%s%s", conf->radius_config_name, "server");
-		blob_to_uci_section(uci, "radsecproxy", name, "server",
+		blob_to_uci_section(uci, "radsecproxy", server_name, "server",
 				uci_buf.head, &radius_proxy_server_param, NULL);
 	}
 	else /* non-TLS block */
 	{
+		/* Authentication server */
 		blob_buf_init(&uci_buf, 0);
-		blobmsg_add_string(&uci_buf, "name", conf->server);
+		blobmsg_add_string(&uci_buf, "name", server_name);
+		blobmsg_add_string(&uci_buf, "host", conf->server);
 		blobmsg_add_string(&uci_buf, "type", "udp");
 		if (strlen(conf->secret) > 0)
 			blobmsg_add_string(&uci_buf, "secret", conf->secret);
-		memset(name, '\0', sizeof(name));
-		sprintf(name, "%s%s", conf->radius_config_name, "server");
-		blob_to_uci_section(uci, "radsecproxy", name, "server",
+		if (conf->port > 0)
+			blobmsg_add_u32(&uci_buf, "port", conf->port);
+		blob_to_uci_section(uci, "radsecproxy", server_name, "server",
 				uci_buf.head, &radius_proxy_server_param, NULL);
+
+		/* Accounting server */
+		if (strlen(conf->acct_server) > 0)
+		{
+			blob_buf_init(&uci_buf, 0);
+			blobmsg_add_string(&uci_buf, "name", acct_server_name);
+			blobmsg_add_string(&uci_buf, "host", conf->acct_server);
+			blobmsg_add_string(&uci_buf, "type", "udp");
+			if (strlen(conf->secret) > 0)
+				blobmsg_add_string(&uci_buf, "secret", conf->acct_secret);
+			if (conf->acct_port > 0)
+				blobmsg_add_u32(&uci_buf, "port", conf->acct_port);
+			blob_to_uci_section(uci, "radsecproxy", acct_server_name, "server",
+								uci_buf.head, &radius_proxy_server_param, NULL);
+		}
 	}
 
 	/* Configure realm block */
@@ -292,17 +338,25 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		blob_buf_init(&uci_buf, 0);
 		blobmsg_add_string(&uci_buf, "name", conf->realm[i]);
 		n = blobmsg_open_array(&uci_buf,"server");
-		blobmsg_add_string(&uci_buf, NULL, conf->server);
-		blobmsg_close_array(&uci_buf, n);
-		n = blobmsg_open_array(&uci_buf,"accountingServer");
-		blobmsg_add_string(&uci_buf, NULL, conf->server);
+		blobmsg_add_string(&uci_buf, NULL, server_name);
 		blobmsg_close_array(&uci_buf, n);
+		if (conf->radsec)
+		{ /* Accounting server same as auth server */
+			n = blobmsg_open_array(&uci_buf, "accountingServer");
+			blobmsg_add_string(&uci_buf, NULL, server_name);
+			blobmsg_close_array(&uci_buf, n);
+		}
+		else if (strlen(conf->acct_server) > 0)
+		{ /* non-TLS case where accounting server is configured */
+			n = blobmsg_open_array(&uci_buf, "accountingServer");
+			blobmsg_add_string(&uci_buf, NULL, acct_server_name);
+			blobmsg_close_array(&uci_buf, n);
+		}
 		memset(name, '\0', sizeof(name));
 		sprintf(name, "%s%s%d", conf->radius_config_name, "realm", i);
 		blob_to_uci_section(uci, "radsecproxy", name, "realm",
 				uci_buf.head, &radius_proxy_realm_param, NULL);
 	}
-
 	uci_commit_all(uci);
 	return true;
 }
@@ -310,23 +364,27 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 static bool radius_proxy_config_delete()
 {
 	struct uci_package *radsecproxy;
+	struct uci_context *rad_uci;
 	struct uci_element *e = NULL, *tmp = NULL;
-	int ret=0;
+	int ret = 0;
 
-	ret= uci_load(uci, "radsecproxy", &radsecproxy);
+	rad_uci = uci_alloc_context();
+
+	ret = uci_load(rad_uci, "radsecproxy", &radsecproxy);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", __func__, ret);
+		LOGE("%s: uci_load() failed with rc %d", __func__, ret);
+		uci_free_context(rad_uci);
 		return false;
 	}
 	uci_foreach_element_safe(&radsecproxy->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 		if ((s == NULL) || (s->type == NULL)) continue;
-		uci_section_del(uci, "radsecproxy", "radsecproxy",
+		uci_section_del(rad_uci, "radsecproxy", "radsecproxy",
 				(char *)s->e.name, s->type);
 	}
-	uci_commit(uci, &radsecproxy, false);
-	uci_unload(uci, radsecproxy);
-	reload_config = 1;
+	uci_commit(rad_uci, &radsecproxy, false);
+	uci_unload(rad_uci, radsecproxy);
+	uci_free_context(rad_uci);
 	return true;
 }
 
@@ -339,18 +397,20 @@ void callback_Radius_Proxy_Config(ovsdb_update_monitor_t *self,
 	case OVSDB_UPDATE_NEW:
 	case OVSDB_UPDATE_MODIFY:
 		(void) radius_proxy_config_set(conf);
+		vif_check_radius_proxy();
 		break;
 
 	case OVSDB_UPDATE_DEL:
 		(void) radius_proxy_config_delete();
-		(void) radius_proxy_config_set(conf);
+		vif_check_radius_proxy();
 		break;
 
 	default:
 		LOG(ERR, "Radius_Proxy_Config: unexpected mon_type %d %s",
 				self->mon_type, self->mon_uuid);
 		break;
-	}	
+	}
+	set_config_apply_timeout(self);
 	return;
 }
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/rrm_config.c

@@ -47,8 +47,19 @@ void rrm_config_vif(struct blob_buf *b, struct blob_buf *del, const char * freq_
 		blobmsg_add_u32(b, "rssi_ignore_probe_request", conf.probe_resp_threshold);
 		blobmsg_add_u32(b, "signal_connect", conf.client_disconnect_threshold);
 		blobmsg_add_u32(b, "signal_stay", conf.client_disconnect_threshold);
-		blobmsg_add_u32(b, "bcn_rate", conf.beacon_rate);
 		blobmsg_add_u32(b, "mcast_rate", conf.mcast_rate);
+
+		if (conf.beacon_rate == 0) {
+			// Default to the lowest possible bit rate for each frequency band
+			if (!strcmp(freq_band, "2.4G")) {
+				blobmsg_add_u32(b, "bcn_rate", 10);
+			} else {
+				blobmsg_add_u32(b, "bcn_rate", 60);
+			}
+		} else {
+			blobmsg_add_u32(b, "bcn_rate", conf.beacon_rate);
+		}
+		
 	}
 	return;
 }
@@ -167,7 +178,8 @@ void callback_Wifi_RRM_Config(ovsdb_update_monitor_t *self,
 	default:
 		LOG(ERR, "Wifi_RRM_Config: unexpected mon_type %d %s", self->mon_type, self->mon_uuid);
 		break;
-	}	
+	}
+	set_config_apply_timeout(self);
 	return;
 }
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/stats.c

@@ -350,12 +350,12 @@ bool target_stats_device_temp_get(radio_entry_t *radio_cfg, dpp_device_temp_t *t
 	char hwmon_path[PATH_MAX];
 	int32_t temperature;
 	FILE *fp = NULL;
+	bool DegreesNotMilliDegrees;
 
-	if (phy_find_hwmon(target_map_ifname(radio_cfg->phy_name), hwmon_path)) {
+	if (phy_find_hwmon(target_map_ifname(radio_cfg->phy_name), hwmon_path, &DegreesNotMilliDegrees)) {
 		LOG(ERR, "%s: hwmon is missing", radio_cfg->phy_name);
 		return false;
 	}
-
 	fp = fopen(hwmon_path, "r");
 	if (!fp) {
 		LOG(ERR, "%s: Failed to open temp input files", radio_cfg->phy_name);
@@ -372,7 +372,10 @@ bool target_stats_device_temp_get(radio_entry_t *radio_cfg, dpp_device_temp_t *t
 
 	fclose(fp);
 	temp_entry->type  = radio_cfg->type;
-	temp_entry->value = temperature / 1000;
+	if(DegreesNotMilliDegrees)
+		temp_entry->value = temperature;
+	else
+		temp_entry->value = temperature / 1000;
 
 	return true;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/stats_nl80211.c

@@ -38,7 +38,8 @@
 
 extern struct ev_loop *wifihal_evloop;
 static int nl80211_scan_started;
-static struct unl unl;
+static struct unl unl_req;
+static struct unl unl_notify;
 static ev_io unl_io;
 
 struct nl80211_scan {
@@ -345,7 +346,7 @@ static struct nl_msg *nl80211_call_phy(char *name, int cmd, bool dump)
 	if (idx < 0)
 		return NULL;
 
-	msg = unl_genl_msg(&unl, cmd, dump);
+	msg = unl_genl_msg(&unl_req, cmd, dump);
 	nla_put_u32(msg, NL80211_ATTR_WIPHY, idx);
 
 	return msg;
@@ -461,7 +462,7 @@ static void nl80211_ev(struct ev_loop *ev, struct ev_io *io, int event)
 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, NULL);
 	nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
 	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, nl80211_recv, NULL);
-	nl_recvmsgs(unl.sock, cb);
+	nl_recvmsgs(unl_notify.sock, cb);
 	nl_cb_put(cb);
 }
 
@@ -471,9 +472,9 @@ static struct nl_msg *nl80211_call_vif(struct nl_call_param *nl_call_param, int
 	struct nl_msg *msg;
 
 	if (!nl80211_scan_started) {
-		unl_genl_subscribe(&unl, "scan");
+		unl_genl_subscribe(&unl_notify, "scan");
 
-		ev_io_init(&unl_io, nl80211_ev, unl.sock->s_fd, EV_READ);
+		ev_io_init(&unl_io, nl80211_ev, unl_notify.sock->s_fd, EV_READ);
 		ev_io_start(wifihal_evloop, &unl_io);
 		nl80211_scan_started = 1;
 	}
@@ -481,7 +482,7 @@ static struct nl_msg *nl80211_call_vif(struct nl_call_param *nl_call_param, int
 	if (!idx)
 		return NULL;
 
-	msg = unl_genl_msg(&unl, cmd, dump);
+	msg = unl_genl_msg(&unl_req, cmd, dump);
 	nla_put_u32(msg, NL80211_ATTR_IFINDEX, idx);
 
 	return msg;
@@ -494,7 +495,7 @@ int nl80211_get_tx_chainmask(char *name, unsigned int *mask)
 	if (!msg)
 		return -1;
 
-	return unl_genl_request(&unl, msg, nl80211_chainmask_recv, mask);
+	return unl_genl_request(&unl_req, msg, nl80211_chainmask_recv, mask);
 }
 
 int nl80211_get_oper_channel(char *name, unsigned int *chan)
@@ -505,10 +506,10 @@ int nl80211_get_oper_channel(char *name, unsigned int *chan)
 	if (!idx)
 		return -1;
 
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_INTERFACE, true);
 	nla_put_u32(msg, NL80211_ATTR_IFINDEX, idx);
 
-	return unl_genl_request(&unl, msg, nl80211_channel_recv, chan);
+	return unl_genl_request(&unl_req, msg, nl80211_channel_recv, chan);
 }
 
 int nl80211_get_ssid(struct nl_call_param *nl_call_param)
@@ -518,7 +519,7 @@ int nl80211_get_ssid(struct nl_call_param *nl_call_param)
         if (!msg)
                 return -1;
 
-        return unl_genl_request(&unl, msg, nl80211_interface_recv, nl_call_param);
+        return unl_genl_request(&unl_req, msg, nl80211_interface_recv, nl_call_param);
 }
 
 int nl80211_get_assoclist(struct nl_call_param *nl_call_param)
@@ -528,7 +529,7 @@ int nl80211_get_assoclist(struct nl_call_param *nl_call_param)
 	if (!msg)
 		return -1;
 
-	return unl_genl_request(&unl, msg, nl80211_assoclist_recv, nl_call_param);
+	return unl_genl_request(&unl_req, msg, nl80211_assoclist_recv, nl_call_param);
 }
 
 int nl80211_get_survey(struct nl_call_param *nl_call_param)
@@ -538,7 +539,7 @@ int nl80211_get_survey(struct nl_call_param *nl_call_param)
 	if (!msg)
 		return -1;
 
-	return unl_genl_request(&unl, msg, nl80211_survey_recv, nl_call_param);
+	return unl_genl_request(&unl_req, msg, nl80211_survey_recv, nl_call_param);
 }
 
 int nl80211_scan_trigger(struct nl_call_param *nl_call_param, uint32_t *chan_list, uint32_t chan_num,
@@ -549,20 +550,39 @@ int nl80211_scan_trigger(struct nl_call_param *nl_call_param, uint32_t *chan_lis
 	struct nlattr *freq;
 	unsigned int i, flags = 0;
 	int ret = 0;
+	uint32_t oper_chan;
 
 	if (!msg)
 		return -1;
 
-	LOGT("%s: not setting dwell time\n", nl_call_param->ifname);
-	//nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION, dwell_time);
+	if (nl80211_get_oper_channel(nl_call_param->ifname, &oper_chan) < 0) {
+		/* Could not get the current operating channel */
+		oper_chan = 0;
+		LOGE("%s: Could not get the current operating channel\n",
+			nl_call_param->ifname);
+	}
 
 	/* Add the ap-force flag, otherwise the scan fails on wifi6 APs */
 	flags |= NL80211_SCAN_FLAG_AP;
 	nla_put(msg, NL80211_ATTR_SCAN_FLAGS, sizeof(uint32_t), &flags);
 
+	if ((scan_type == RADIO_SCAN_TYPE_OFFCHAN) && dwell_time)
+		nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION, dwell_time);
+
 	freq = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
-	for (i = 0; i < chan_num; i ++)
-		nla_put_u32(msg, i, ieee80211_channel_to_frequency(chan_list[i]));
+	for (i = 0; i < chan_num; i ++) {
+		if (!oper_chan || (scan_type == RADIO_SCAN_TYPE_FULL)) {
+			nla_put_u32(msg, i, ieee80211_channel_to_frequency(chan_list[i]));
+		}
+		else if ((scan_type == RADIO_SCAN_TYPE_OFFCHAN) &&
+			(chan_list[i] != oper_chan)) {
+			nla_put_u32(msg, i, ieee80211_channel_to_frequency(chan_list[i]));
+		}
+		else if ((scan_type == RADIO_SCAN_TYPE_ONCHAN) &&
+			(chan_list[i] == oper_chan)) {
+			nla_put_u32(msg, i, ieee80211_channel_to_frequency(chan_list[i]));
+		}
+	}
 	nla_nest_end(msg, freq);
 
 	ret = nl80211_scan_add(nl_call_param->ifname, scan_cb, scan_ctx); 
@@ -571,8 +591,10 @@ int nl80211_scan_trigger(struct nl_call_param *nl_call_param, uint32_t *chan_lis
 		return -1;
 	}
 
-	ret = unl_genl_request(&unl, msg, nl80211_scan_trigger_recv, NULL);
-	if (ret)	LOG(DEBUG, "%s: scan request failed %d\n", nl_call_param->ifname, ret);
+	ret = unl_genl_request(&unl_req, msg, nl80211_scan_trigger_recv, NULL);
+	if (ret)
+		LOG(DEBUG, "%s: scan request failed %d\n", nl_call_param->ifname, ret);
+
 	return ret;
 }
 
@@ -587,7 +609,7 @@ int nl80211_scan_abort(struct nl_call_param *nl_call_param)
 	if (nl80211_scan)
 		nl80211_scan_del(nl80211_scan);
 
-	return unl_genl_request(&unl, msg, nl80211_scan_abort_recv, NULL);
+	return unl_genl_request(&unl_req, msg, nl80211_scan_abort_recv, NULL);
 }
 
 int nl80211_scan_dump(struct nl_call_param *nl_call_param)
@@ -597,18 +619,26 @@ int nl80211_scan_dump(struct nl_call_param *nl_call_param)
 	if (!msg)
 		return -1;
 
-	return unl_genl_request(&unl, msg, nl80211_scan_dump_recv, nl_call_param);
+	return unl_genl_request(&unl_req, msg, nl80211_scan_dump_recv, nl_call_param);
 }
 
 int stats_nl80211_init(void)
 {
-	if (unl_genl_init(&unl, "nl80211") < 0) {
+	if (unl_genl_init(&unl_req, "nl80211") < 0) {
 		LOGE("failed to spawn nl80211");
 		return -1;
 	}
 
-	if (nl_socket_set_buffer_size(unl.sock, 262144, 0) < 0)
+	if (unl_genl_init(&unl_notify, "nl80211") < 0) {
+		LOGE("failed to spawn nl80211");
+		return -1;
+	}
+
+	if (nl_socket_set_buffer_size(unl_notify.sock, 262144, 0) < 0)
 		LOGE("stats_nl80211: Failed to set nl socket buffer size");
 
+	if (nl_socket_set_nonblocking(unl_notify.sock))
+		LOGE("stats_nl80211: Failed to set stats nl socket in the non blocking mode");
+
 	return 0;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/sysupgrade.c

@@ -291,7 +291,7 @@ static void cb_osp_start_factory_reboot(EV_P_ ev_timer *w, int events)
 	if (!strcmp(upg_url, "reboot"))
 		system("reboot");
 	else
-		system("jffs2reset -y -r");
+		system("wlan_ap_factory_reset.sh");
 
 	upg_running = false;
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/timer.c

@@ -0,0 +1,62 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <time.h>
+
+#include "log.h"
+#include "evsched.h"
+
+#include "timer.h"
+
+static int tv_diff(struct timeval *t1, struct timeval *t2)
+{
+	return
+			(t1->tv_sec - t2->tv_sec) * 1000 +
+			(t1->tv_usec - t2->tv_usec) / 1000;
+}
+
+static void gettime(struct timeval *tv)
+{
+	struct timespec ts;
+
+	clock_gettime(CLOCK_MONOTONIC, &ts);
+	tv->tv_sec = ts.tv_sec;
+	tv->tv_usec = ts.tv_nsec / 1000;
+}
+
+int timeout_set(struct timeout *timeout, int msecs)
+{
+	if (!timeout) {
+		LOGE("%s No timer data", __func__);
+		return -1;
+	}
+	struct timeval *time = &timeout->time;
+
+	if (timeout->pending)
+		timeout->pending = false;
+
+	gettime(time);
+
+	time->tv_sec += msecs / 1000;
+	time->tv_usec += (msecs % 1000) * 1000;
+
+	if (time->tv_usec > 1000000) {
+		time->tv_sec++;
+		time->tv_usec -= 1000000;
+	}
+	timeout->pending = true;
+	return 0;
+}
+
+void timer_expiry_check(struct timeout *t)
+{
+	struct timeval tv;
+	gettime(&tv);
+	if (t->pending && tv_diff(&t->time, &tv) <= 0) {
+		t->pending = false;
+		LOGI("%s Timer Expired..Executing callback", __func__);
+		if (t->cb)
+			t->cb(t);
+	}
+}

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/uci.c

@@ -210,8 +210,10 @@ int uci_section_to_blob(struct uci_context *uci, char *package, char *section,
 
 	if (uci_load(uci, package, &p))
 		p = uci_lookup_package(uci, package);
-	if (!p)
+	if (!p) {
+		uci_unload(uci, p);
 		return -1;
+	}
 	s = uci_lookup_section(uci, p, section);
 	if (!s)
 		goto out;

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/utils.c

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause */
 
 #include <string.h>
+#include <math.h>
 #include <glob.h>
 #include <libgen.h>
 #include <fcntl.h>
@@ -195,24 +196,36 @@ int phy_from_path(char *_path, char *phy, unsigned int idx)
 	return ret;
 }
 
-int phy_find_hwmon(char *phy, char *hwmon)
+int phy_find_hwmon_helper(char *dir, char *file, char *hwmon)
 {
-	char tmp[PATH_MAX];
 	glob_t gl;
-
-	*hwmon = '\0';
-	snprintf(tmp, sizeof(tmp), "/sys/class/ieee80211/%s/device/hwmon/*", phy);
-	if (glob(tmp, GLOB_NOSORT | GLOB_MARK, NULL, &gl))
-                return -1;
+	if (glob(dir, GLOB_NOSORT | GLOB_MARK, NULL, &gl))
+		return -1;
 	if (gl.gl_pathc) {
 		strcpy(hwmon, gl.gl_pathv[0]);
-		strncat(hwmon, "temp1_input", PATH_MAX);
+		strncat(hwmon, file, PATH_MAX);
 	}
 	globfree(&gl);
-
 	return 0;
 }
 
+int phy_find_hwmon(char *phy, char *hwmon, bool *DegreesNotMilliDegrees)
+{
+	char tmp[PATH_MAX];
+	*hwmon = '\0';
+	snprintf(tmp, sizeof(tmp), "/sys/class/ieee80211/%s/device/hwmon/*", phy);
+	if (!phy_find_hwmon_helper(tmp, "temp1_input", hwmon)) {
+		*DegreesNotMilliDegrees=false;
+		return 0;
+	}
+	snprintf(tmp, sizeof(tmp), "/sys/class/ieee80211/%s/cooling_device/subsystem/thermal_zone0/", phy);
+	if (!phy_find_hwmon_helper(tmp, "temp", hwmon)) {
+		*DegreesNotMilliDegrees=true;
+		return 0;
+	}
+	return -1;
+}
+
 int phy_get_mac(char *phy, char *mac)
 {
 	int sz = ETH_ALEN * 3;
@@ -296,6 +309,21 @@ int phy_get_channels(const char *name, int *channel)
 	return j;
 }
 
+// Gets all the dfs channels avaible for a radio
+int phy_get_dfs_channels(const char *name, int *dfs_channels)
+{
+	struct wifi_phy *phy = phy_find(name);
+	int i, j = 0;
+
+	if (!phy)
+		return 0;
+
+	for (i = 0; (i < IEEE80211_CHAN_MAX) && (j < 64); i++)
+		if (phy->chandfs[i])
+			dfs_channels[j++] = i;
+	return j;
+}
+
 static void update_channels_state(struct schema_Wifi_Radio_State *rstate,
 			int *index, const char *key, int *value, int value_len)
 {
@@ -484,6 +512,17 @@ bool vif_state_to_conf(struct schema_Wifi_VIF_State *vstate,
 	}
 	vconf->custom_options_len = vstate->custom_options_len;
 
+	for (i = 0; i < vstate->captive_allowlist_len; i++)
+		STRSCPY(vconf->captive_allowlist[i], vstate->captive_allowlist[i]);
+	vconf->captive_allowlist_len = vstate->captive_allowlist_len;
+
+	for (i = 0; i < vstate->captive_portal_len; i++) {
+		STRSCPY(vconf->captive_portal_keys[i],
+			vstate->captive_portal_keys[i]);
+		STRSCPY(vconf->captive_portal[i], vstate->captive_portal[i]);
+	}
+	vconf->captive_portal_len = vstate->captive_portal_len;
+
 	return true;
 
 #undef VIF_COPY
@@ -681,3 +720,14 @@ bool vif_get_key_for_key_distr(const char *secret, char *key_str)
 	fclose(fp);
 	return err;
 }
+
+double dBm_to_mwatts(double dBm)
+{
+	return (pow(10,(dBm/10)));
+}
+
+double mWatts_to_dBm(double mW)
+{
+	return (10*log10(mW));
+}
+

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c

@@ -26,12 +26,14 @@
 #include "ovsdb_table.h"
 #include "ovsdb_sync.h"
 #include "rrm_config.h"
+#include "fixup.h"
 
 #define MODULE_ID LOG_MODULE_ID_VIF
 #define UCI_BUFFER_SIZE 80
 
 extern ovsdb_table_t table_Wifi_VIF_Config;
 extern ovsdb_table_t table_Hotspot20_Icon_Config;
+extern ovsdb_table_t table_Radius_Proxy_Config;
 
 extern struct blob_buf b;
 extern struct blob_buf del;
@@ -94,6 +96,7 @@ enum {
 	WIF_ATTR_VENUE_URL,
 	WIF_ATTR_NETWORK_AUTH_TYPE,
 	WIF_ATTR_IPADDR_TYPE_AVAILABILITY,
+	WIF_ATTR_CONNECTION_CAPABILITY,
 	WIF_ATTR_DOMAIN_NAME,
 	WIF_ATTR_MCC_MNC,
 	WIF_ATTR_NAI_REALM,
@@ -132,6 +135,9 @@ enum {
 	WIF_ATTR_11R_R0KH,
 	WIF_ATTR_11R_R1KH,
 	WIF_ATTR_RADPROXY,
+	WIF_ATTR_PROXY_ARP,
+	WIF_ATTR_MCAST_TO_UCAST,
+	WIF_ATTR_AUTH_CACHE,
 	__WIF_ATTR_MAX,
 };
 
@@ -187,7 +193,8 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
 	[WIF_ATTR_VENUE_TYPE] = { .name = "venue_type", BLOBMSG_TYPE_INT32 },
 	[WIF_ATTR_VENUE_URL] = { .name = "venue_url", BLOBMSG_TYPE_ARRAY },
 	[WIF_ATTR_NETWORK_AUTH_TYPE] = { .name = "network_auth_type", BLOBMSG_TYPE_STRING },
-	[WIF_ATTR_IPADDR_TYPE_AVAILABILITY] = { .name = "ipaddr_type_availability", BLOBMSG_TYPE_INT32 },
+	[WIF_ATTR_IPADDR_TYPE_AVAILABILITY] = { .name = "ipaddr_type_availability", BLOBMSG_TYPE_STRING },
+	[WIF_ATTR_CONNECTION_CAPABILITY] = { .name = "hs20_conn_capab", BLOBMSG_TYPE_ARRAY },
 	[WIF_ATTR_DOMAIN_NAME] = { .name = "domain_name", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_MCC_MNC] = { .name = "anqp_3gpp_cell_net", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_NAI_REALM] = { .name = "nai_realm", BLOBMSG_TYPE_ARRAY },
@@ -226,6 +233,9 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
 	[WIF_ATTR_11R_R0KH] = { .name = "r0kh", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_11R_R1KH] = { .name = "r1kh", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_RADPROXY] = { .name = "radproxy", BLOBMSG_TYPE_STRING },
+	[WIF_ATTR_PROXY_ARP] = { .name = "proxy_arp", BLOBMSG_TYPE_BOOL },
+	[WIF_ATTR_MCAST_TO_UCAST] = { .name = "multicast_to_unicast", BLOBMSG_TYPE_BOOL },
+	[WIF_ATTR_AUTH_CACHE] = { .name = "auth_cache", BLOBMSG_TYPE_BOOL },
 };
 
 const struct uci_blob_param_list wifi_iface_param = {
@@ -313,17 +323,17 @@ static struct vif_crypto {
 	{ "wpa-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 	{ "sae", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_WPA3, 0 },
 	{ "sae-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_MIXED, 0 },
-	{ "wpa3", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
+	{ "wpa3-only", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
 	{ "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
+	{ "wpa3", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP_192, OVSDB_SECURITY_MODE_WPA3, 1 },
 };
 
 extern ovsdb_table_t table_APC_State;
-extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
 extern unsigned int radproxy_apc;
 
 /* Custom options table */
 #define SCHEMA_CUSTOM_OPT_SZ            20
-#define SCHEMA_CUSTOM_OPTS_MAX          13
+#define SCHEMA_CUSTOM_OPTS_MAX          15
 
 const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
 {
@@ -340,6 +350,8 @@ const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
 	SCHEMA_CONSTS_RADIUS_NAS_IP,
 	SCHEMA_CONSTS_DYNAMIC_VLAN,
 	SCHEMA_CONSTS_RADPROXY,
+	SCHEMA_CONSTS_PROXY_ARP,
+	SCHEMA_CONSTS_MCAST_TO_UCAST,
 };
 
 static bool vif_config_custom_opt_get_proxy(
@@ -379,7 +391,8 @@ static int vif_config_security_set(struct blob_buf *b,
 	const char *mode = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_MODE);
 	unsigned int i;
 	unsigned int acct_interval;
-	const char *auth_server, *auth_port, *auth_secret, *security_key, *acct_server;
+	const char *auth_server, *auth_port, *auth_secret, *security_key;
+	const char *acct_server, *acct_port, *acct_secret;
 	char key_str[64], key_holder_str[128];
 	struct schema_APC_State apc_conf;
 	const char *local_server = "127.0.0.1";
@@ -401,14 +414,14 @@ static int vif_config_security_set(struct blob_buf *b,
 
 		if (vif_crypto[i].enterprise) {
 
-			if (vif_config_custom_opt_get_proxy(vconf)) {
+			if (vif_config_custom_opt_get_proxy(vconf)) { /* Radius Proxy Enabled */
 				LOGN("%s: Apply Proxy Security Settings", vconf->if_name);
-				json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
-				if (false == ovsdb_table_select_one_where(&table_APC_State,
-						where, &apc_conf)) {
-					LOG(INFO, "APC_State read failed");
+				if(apc_read_state(&apc_conf) == false)
+				{
+					LOGI("APC_State read failed");
 					return -1;
 				}
+
 				if (!strncmp(apc_conf.mode, "DR", 2)) {
 					auth_server = local_server;
 					acct_server = local_server;
@@ -421,16 +434,22 @@ static int vif_config_security_set(struct blob_buf *b,
 					auth_server = local_server;
 					acct_server = local_server;
 				}
+				auth_port = "1812";
+				auth_secret = "secret";
+				acct_port = "1813";
+				acct_secret = "secret";
 			}
-			else
+			else /* Radius Proxy Disabled */
 			{
 				auth_server = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_IP);
 				acct_server = SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_IP);
+				auth_port   = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_PORT);
+				auth_secret = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_SECRET);
+				acct_port = SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_PORT);
+				acct_secret = SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_SECRET);
 			}
 
 			acct_interval = 0;
-			auth_port   = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_PORT);
-			auth_secret = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_SECRET);
 
 			LOGT("%s: Server IP %s port %s secret %s", vconf->if_name, auth_server, auth_port, auth_secret);
 			if (!auth_server[0] || !auth_port[0] || !auth_secret[0]) {
@@ -442,10 +461,8 @@ static int vif_config_security_set(struct blob_buf *b,
 			blobmsg_add_string(b, "auth_port",   auth_port );
 			blobmsg_add_string(b, "auth_secret", auth_secret );
 			blobmsg_add_string(b, "acct_server", acct_server);
-			blobmsg_add_string(b, "acct_port",
-					   SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_PORT));
-			blobmsg_add_string(b, "acct_secret",
-					   SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_SECRET));
+			blobmsg_add_string(b, "acct_port", acct_port);
+			blobmsg_add_string(b, "acct_secret", acct_secret);
 			blobmsg_add_bool(b, "request_cui", 1);
 			acct_interval = atoi(SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_INTERVAL));
 
@@ -473,6 +490,7 @@ static int vif_config_security_set(struct blob_buf *b,
 				strcat(key_holder_str, key_str);
 				blobmsg_add_string(b, "r1kh", key_holder_str);
 			}
+			blobmsg_add_bool(b, "auth_cache", 1);
 		} else {
 			security_key = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_KEY);
 			if (security_key == NULL) {
@@ -654,8 +672,19 @@ static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
 				strncpy(value, "br-wan.", 20);
 				blobmsg_add_string(del, "vlan_bridge", value);
 			}
-		} else if (strcmp(opt, "radproxy") == 0)
+		} else if (strcmp(opt, "radproxy") == 0) {
 			blobmsg_add_string(b, "radproxy", value);
+		} else if (strcmp(opt, "proxy_arp") == 0) {
+			if (strcmp(value, "1") == 0)
+				blobmsg_add_bool(b, "proxy_arp", 1);
+			else if (strcmp(value, "0") == 0)
+				blobmsg_add_bool(del, "proxy_arp", 1);
+		} else if (strcmp(opt, "mcast_to_ucast") == 0) {
+			if (strcmp(value, "1") == 0)
+				blobmsg_add_bool(b, "multicast_to_unicast", 1);
+			else if (strcmp(value, "0") == 0)
+				blobmsg_add_bool(del, "multicast_to_unicast", 1);
+		}
 	}
 
 	/* No NASID was found from blob, so use BSSID as NASID */
@@ -805,8 +834,33 @@ static void vif_state_custom_options_get(struct schema_Wifi_VIF_State *vstate,
 							custom_options_table[i],
 							buf);
 			}
-		}
 
+
+		} else if (strcmp(opt, "proxy_arp") == 0) {
+			if (tb[WIF_ATTR_PROXY_ARP]) {
+				if (blobmsg_get_bool(tb[WIF_ATTR_PROXY_ARP])) {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"1");
+				} else {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"0");
+				}
+			}
+		} else if (strcmp(opt, "mcast_to_ucast") == 0) {
+			if (tb[WIF_ATTR_MCAST_TO_UCAST]) {
+				if (blobmsg_get_bool(tb[WIF_ATTR_MCAST_TO_UCAST])) {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"1");
+				} else {
+					set_custom_option_state(vstate, &index,
+								custom_options_table[i],
+								"0");
+				}
+			}
+		}
 	}
 }
 
@@ -976,93 +1030,69 @@ size_t write_file(void *ptr, size_t size, size_t nmemb, FILE *stream) {
 
 void vif_section_del(char *section_name)
 {
-
 	struct uci_package *wireless;
+	struct uci_context *sec_ctx;
 	struct uci_element *e = NULL, *tmp = NULL;
 	int ret=0;
-
-	ret= uci_load(uci, "wireless", &wireless);
+	sec_ctx = uci_alloc_context();
+	ret= uci_load(sec_ctx, "wireless", &wireless);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", section_name, ret);
+		LOGE("%s: %s uci_load() failed with rc %d", section_name, __func__, ret);
+		if (sec_ctx)
+			uci_free_context(sec_ctx);
 		return;
 	}
 	uci_foreach_element_safe(&wireless->sections, tmp, e) {
 		struct uci_section *s = uci_to_section(e);
 		if ((s == NULL) || (s->type == NULL)) continue;
 		if (!strcmp(s->type, section_name)) {
-			uci_section_del(uci, "vif", "wireless", (char *)s->e.name, section_name);
+			uci_section_del(sec_ctx, "vif", "wireless", (char *)s->e.name, section_name);
 		}
 		else {
 			continue;
 		}
 	}
-	uci_commit(uci, &wireless, false);
-	uci_unload(uci, wireless);
-	reload_config = 1;
-
+	uci_commit(sec_ctx, &wireless, false);
+	uci_unload(sec_ctx, wireless);
+	if (sec_ctx)
+		uci_free_context(sec_ctx);
 }
 
-static void vif_check_radius_proxy()
+void vif_check_radius_proxy()
 {
-	struct uci_context *uci_ctx;
-	struct uci_package *wireless;
 	struct schema_APC_State apc_conf;
-	struct uci_element *e = NULL, *tmp = NULL;
-	char *buf = NULL;
-	int rc = 0;
+	int n = 0;
+	void *buf = NULL;
 
-	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
-	if (false == ovsdb_table_select_one_where(&table_APC_State, where, &apc_conf))
+	if(apc_read_state(&apc_conf) == false)
 	{
 		LOGI("APC_State read failed");
 		return;
 	}
 
-	uci_ctx = uci_alloc_context();
-
-	rc = uci_load(uci_ctx, "wireless", &wireless);
-
-	if (rc)
+	buf = ovsdb_table_select_where(&table_Radius_Proxy_Config, NULL, &n);
+	if (!buf)
 	{
-		LOGD("%s: uci_load() failed with rc %d", __func__, rc);
-		goto free;
+		LOGI("Radius_Proxy_Config table doesn't exist.  Stop radsecproxy service.");
+		system("/etc/init.d/radsecproxy stop");
+		return;
+	}
+	else if (!strcmp(apc_conf.mode, "DR"))
+	{
+		if (!system("pidof radsecproxy"))
+			goto out;
+
+		LOGI("Start radsecproxy service.");
+		system("/etc/init.d/radsecproxy start");
+	}
+	else
+	{
+		LOGI("Not DR. Stop radsecproxy service.");
+		system("/etc/init.d/radsecproxy stop");
 	}
 
-	uci_foreach_element_safe(&wireless->sections, tmp, e)
-	{
-		struct blob_attr *tb[__WIF_ATTR_MAX];
-		struct uci_section *s = uci_to_section(e);
-		if ((s == NULL) || (s->type == NULL))
-			continue;
-
-		if (strcmp(s->type, "wifi-iface"))
-			continue;
-
-		blob_buf_init(&b, 0);
-		uci_to_blob(&b, s, &wifi_iface_param);
-		blobmsg_parse(wifi_iface_policy, __WIF_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));
-
-		if (tb[WIF_ATTR_RADPROXY])
-		{
-			buf = blobmsg_get_string(tb[WIF_ATTR_RADPROXY]);
-
-			if (!strcmp(buf, "1") && !strcmp(apc_conf.mode, "DR"))
-			{
-				if (!system("pidof radsecproxy"))
-					goto free;
-
-				system("/etc/init.d/radsecproxy start");
-
-				goto free;
-			}
-		}
-	}
-
-	system("/etc/init.d/radsecproxy stop");
-
-free:
-	uci_unload(uci_ctx, wireless);
-	uci_free_context(uci_ctx);
+out:
+	free(buf);
 	return;
 }
 
@@ -1120,6 +1150,7 @@ static void hs20_vif_config(struct blob_buf *b,
 	int i = 0;
 	unsigned int len = 0;
 	char domain_name[256];
+	char str[3] = {};
 
 	if (hs2conf->enable) {
 		blobmsg_add_bool(b, "interworking", 1);
@@ -1232,6 +1263,20 @@ static void hs20_vif_config(struct blob_buf *b,
 	if (strlen(hs2conf->wan_metrics))
 		blobmsg_add_string(b, "hs20_wan_metrics", hs2conf->wan_metrics);
 
+	len = strlen(hs2conf->ipaddr_type_availability);
+	if (len)
+	{
+		if (len == 1)
+		{
+			snprintf(str, sizeof(str), "0%s", hs2conf->ipaddr_type_availability);
+			blobmsg_add_string(b, "ipaddr_type_availability", str);
+		}
+		else
+		{
+			blobmsg_add_string(b, "ipaddr_type_availability", hs2conf->ipaddr_type_availability);
+		}
+	}
+
 	n = blobmsg_open_array(b, "hs20_oper_friendly_name");
 	for (i = 0; i < hs2conf->operator_friendly_name_len; i++)
 	{
@@ -1248,6 +1293,13 @@ static void hs20_vif_config(struct blob_buf *b,
 		blobmsg_add_u32(b, "venue_type", venue_type);
 	}
 
+	n = blobmsg_open_array(b, "hs20_conn_capab");
+	for (i = 0; i < hs2conf->connection_capability_len; i++)
+	{
+		blobmsg_add_string(b, NULL, hs2conf->connection_capability[i]);
+	}
+	blobmsg_close_array(b, n);
+
 	if (hs2conf->operator_icons_len)
 	{
 		n = blobmsg_open_array(b, "operator_icon");
@@ -1268,14 +1320,19 @@ static void hs20_vif_config(struct blob_buf *b,
 bool target_vif_config_del(const struct schema_Wifi_VIF_Config *vconf)
 {
 	struct uci_package *wireless;
+	struct uci_context *vif_ctx;
 	struct uci_element *e = NULL, *tmp = NULL;
 	const char *ifname;
-	int ret=0;
+	int ret = 0;
 
+	vif_fixup_del((char *)vconf->if_name);
 	vlan_del((char *)vconf->if_name);
-	ret= uci_load(uci, "wireless", &wireless);
+	vif_ctx = uci_alloc_context();
+	ret= uci_load(vif_ctx, "wireless", &wireless);
 	if (ret) {
-		LOGD("%s: uci_load() failed with rc %d", vconf->if_name, ret);
+		LOGE("%s: %s uci_load() failed with rc %d", vconf->if_name, __func__, ret);
+		if (vif_ctx)
+			uci_free_context(vif_ctx);
 		return false;
 	}
 	uci_foreach_element_safe(&wireless->sections, tmp, e) {
@@ -1283,15 +1340,20 @@ bool target_vif_config_del(const struct schema_Wifi_VIF_Config *vconf)
 		if ((s == NULL) || (s->type == NULL)) continue; 
 		if (strcmp(s->type, "wifi-iface")) continue;
 
-		ifname = uci_lookup_option_string( uci, s, "ifname" );
-		if (!strcmp(ifname,vconf->if_name)) {
-			uci_section_del(uci, "vif", "wireless", (char *)s->e.name, "wifi-iface");
+		ifname = uci_lookup_option_string( vif_ctx, s, "ifname" );
+		if (ifname == NULL) {
+			/* Delete this section because it doesn't have an ifname - it is invalid */
+			uci_section_del(vif_ctx, "vif", "wireless", (char *)s->e.name, "wifi-iface");
+		} else if (!strcmp(ifname,vconf->if_name)) {
+			/* Delete this section because it matches the if_name we are trying to delete */
+			uci_section_del(vif_ctx, "vif", "wireless", (char *)s->e.name, "wifi-iface");
 			break;
 		}
 	}
-	uci_commit(uci, &wireless, false);
-	uci_unload(uci, wireless);
-	reload_config = 1;
+	uci_commit(vif_ctx, &wireless, false);
+	uci_unload(vif_ctx, wireless);
+	if (vif_ctx)
+		uci_free_context(vif_ctx);
 	return true;
 }
 
@@ -1346,7 +1408,7 @@ void vif_hs20_osu_update(struct schema_Hotspot20_OSU_Providers *osuconf)
 
 	blob_to_uci_section(uci, "wireless", osuconf->osu_provider_name, "osu-provider",
 			osu.head, &wifi_hs20_osu_param, NULL);
-	reload_config = 1;
+	uci_commit_all(uci);
 }
 
 
@@ -1377,7 +1439,7 @@ void vif_hs20_icon_update(struct schema_Hotspot20_Icon_Config *iconconf)
 
 		blob_to_uci_section(uci, "wireless", iconconf->icon_config_name, "hs20-icon",
 				hs20.head, &wifi_hs20_icon_param, NULL);
-		reload_config = 1;
+		uci_commit_all(uci);
 	}
 }
 
@@ -1400,9 +1462,9 @@ void vif_hs20_update(struct schema_Hotspot20_Config *hs2conf)
 			hs20_vif_config(&b, hs2conf);
 			blob_to_uci_section(uci, "wireless", vconf.if_name, "wifi-iface",
 					b.head, &wifi_iface_param, NULL);
-			reload_config = 1;
 		}
 	}
+	uci_commit_all(uci);
 }
 
 /* Mesh options table */
@@ -1470,8 +1532,7 @@ static int mesh_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 	blobmsg_add_string(&mesh, "master", "bat0");
 	blob_to_uci_section(uci, "network", vconf->if_name, "interface",
 			mesh.head, &wifi_mesh_param, NULL);
-
-	reload_config = 1;
+	uci_commit_all(uci);
 	return 0;
 }
 
@@ -1483,7 +1544,6 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 
 	blob_buf_init(&b, 0);
 	blob_buf_init(&del,0);
-
 	blobmsg_add_string(&b, "ifname", vconf->if_name);
 	blobmsg_add_string(&b, "device", rconf->if_name);
 	blobmsg_add_string(&b, "mode", "ap");
@@ -1591,11 +1651,7 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 	{
 		vif_dhcp_opennds_allowlist_set(vconf,(char*)vconf->if_name);
 	}
-
-	if (changed->custom_options)
-		vif_check_radius_proxy();
-
-	reload_config = 1;
+	uci_commit_all(uci);
 	return 0;
 }
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/netifd/src/wifi_inet_config.c

@@ -75,7 +75,6 @@ const struct uci_blob_param_list network_param = {
 	.params = network_policy,
 };
 
-int reload_config = 0;
 ovsdb_table_t table_Wifi_Inet_Config;
 struct blob_buf b = { };
 struct blob_buf del = { };
@@ -342,7 +341,6 @@ static int wifi_inet_conf_add(struct schema_Wifi_Inet_Config *iconf)
 	}
 
 	uci_commit_all(uci);
-	reload_config = 1;
 
 	return 0;
 }
@@ -361,7 +359,6 @@ static void wifi_inet_conf_del(struct schema_Wifi_Inet_Config *iconf)
 
 	uci_section_del(uci, "network", "network", iconf->if_name, "interface");
 	uci_commit_all(uci);
-	reload_config = 1;
 }
 
 static void callback_Wifi_Inet_Config(ovsdb_update_monitor_t *mon,
@@ -388,17 +385,6 @@ static void callback_Wifi_Inet_Config(ovsdb_update_monitor_t *mon,
 	return;
 }
 
-static void periodic_task(void *arg)
-{
-	if (reload_config) {
-		uci_commit_all(uci);
-		system("reload_config");
-		reload_config = 0;
-	}
-
-	evsched_task_reschedule_ms(EVSCHED_SEC(5));
-}
-
 void wifi_inet_config_init(void)
 {
 	struct uci_element *e = NULL;
@@ -418,7 +404,6 @@ void wifi_inet_config_init(void)
 	}
 	uci_unload(uci, network);
 	OVSDB_TABLE_MONITOR(Wifi_Inet_Config, false);
-	evsched_task(&periodic_task, NULL, EVSCHED_SEC(5));
 
 	return;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/rrm/inc/rrm.h

@@ -48,6 +48,12 @@ typedef struct
 	ds_tree_node_t                  node;
 } rrm_vif_state_t;
 
+#define RRM_CHANNEL_INTERVAL     15
+
+#define RRM_MAX_NF_SAMPLES 100
+#define RRM_OBSS_HOP_MODE_NON_WIFI		1
+#define RRM_OBSS_HOP_MODE_NON_WIFI_AND_OBSS	2
+
 typedef struct
 {
 	// Cached data
@@ -59,9 +65,17 @@ typedef struct
 	uint32_t min_load;
 	uint32_t beacon_rate;
 	uint32_t mcast_rate;
+	int32_t noise_floor_thresh;
+	uint32_t noise_floor_time;
+	int32_t non_wifi_thresh;
+	uint32_t non_wifi_time;
+	uint32_t obss_hop_mode;
 
 	// Internal state data
-	int32_t noise_lwm;
+	int32_t avg_nf;
+	int32_t rrm_chan_nf_next_el;
+	int32_t rrm_chan_nf_num_el;
+	double rrm_chan_nf_samples[RRM_MAX_NF_SAMPLES];
 } rrm_entry_t;
 
 typedef struct
@@ -80,5 +94,6 @@ void set_rrm_parameters(rrm_entry_t *rrm_data);
 ds_tree_t* rrm_get_rrm_config_list(void);
 ds_tree_t* rrm_get_radio_list(void);
 ds_tree_t* rrm_get_vif_list(void);
+void rrm_reset_noise_floor_samples(rrm_entry_t *rrm_data);
 
 #endif /* RRM_H_INCLUDED */

feeds/wlan-ap/opensync/src/platform/openwrt/src/rrm/src/rrm_channel.c

@@ -9,8 +9,6 @@
 #include "uci.h"
 #include "utils.h"
 
-#define RRM_CHANNEL_INTERVAL     15.0
-
 struct blob_buf b = { };
 struct blob_buf del = { };
 struct uci_context *uci;
@@ -103,6 +101,57 @@ void get_channel_bandwidth(const char* htmode, int *channel_bandwidth)
 	else if(!strcmp(htmode, "HT80"))
 		*channel_bandwidth=80;
 }
+/*
+ * A simple average is calculated against the Noise floor samples.
+ * - Returns a zero, if there are not enough samples in the list.
+ * - Or, returns a calculated avg of the noise samples.
+ * - A circular buffer is considered for storing the samples. New elements replace the
+ * old ones in this buffer.
+ * - The number of samples required is an integer value calculated based on the
+ * configuration time and the sample time.
+ * Example: If the config_time is 120 sec, and sample time is 15 sec, then number of
+ * samples required for averaging is 120/15 = 8 samples.
+ */
+int rrm_calculate_avg_noise_floor(rrm_entry_t *rrm_data, int nf, int config_time, int sample_time)
+{
+	int ii;
+	double avg_mW = 0;
+	int num_samples = config_time/sample_time;
+
+	if (num_samples >= RRM_MAX_NF_SAMPLES)
+		num_samples = RRM_MAX_NF_SAMPLES;
+
+	/*
+	 * Convert dBm to milliWatts, 
+	 * and replace the oldest element in the list with the new element
+	 */
+	rrm_data->rrm_chan_nf_samples[rrm_data->rrm_chan_nf_next_el] = dBm_to_mwatts(nf);
+
+	/* Update the index to the oldest element index taking care of the boundary */
+	rrm_data->rrm_chan_nf_next_el = (rrm_data->rrm_chan_nf_next_el+1)%num_samples;
+
+	if (rrm_data->rrm_chan_nf_num_el < num_samples)
+	{
+		rrm_data->rrm_chan_nf_num_el++;
+		return 0;
+	}
+
+	/* calculate average */
+	for (ii = 0; ii < num_samples; ii++)
+	{
+		avg_mW += rrm_data->rrm_chan_nf_samples[ii];
+	}
+	avg_mW = avg_mW/num_samples;
+
+	 /* convert the averaged milliWats back to dBm */
+	return ((int)(mWatts_to_dBm(avg_mW)));
+}
+
+void rrm_reset_noise_floor_samples(rrm_entry_t *rrm_data)
+{
+	rrm_data->rrm_chan_nf_next_el = 0;
+	rrm_data->rrm_chan_nf_num_el = 0;
+}
 
 void rrm_nf_timer_handler(struct ev_loop *loop, ev_timer *timer, int revents)
 {
@@ -113,7 +162,6 @@ void rrm_nf_timer_handler(struct ev_loop *loop, ev_timer *timer, int revents)
 	rrm_radio_state_t       *radio = NULL;
 	uint32_t                 noise;
 	int32_t                  nf;
-	int32_t                  nf_drop_threshold;
 	rrm_config_t             *rrm_config;
 
 	ds_tree_t *radio_list = rrm_get_radio_list();
@@ -122,14 +170,13 @@ void rrm_nf_timer_handler(struct ev_loop *loop, ev_timer *timer, int revents)
 	{
 		noise = 0;
 		rrm_config = NULL;
-		nf_drop_threshold = 0;
 
 		if (ubus_get_noise(radio->config.if_name, &noise))
 			continue;
 
 		nf = (int32_t)noise;
 
-		if (nf > -1 || nf < -120)
+		if ((nf > -10) || (nf < -120))
 			continue;
 
 		rrm_config = rrm_get_rrm_config(radio->config.type);
@@ -137,43 +184,39 @@ void rrm_nf_timer_handler(struct ev_loop *loop, ev_timer *timer, int revents)
 		if (rrm_config == NULL)
 			continue;
 
-		if (nf < rrm_config->rrm_data.noise_lwm )
-		{
-			rrm_config->rrm_data.noise_lwm = nf;
-			LOGD("[%s] noise_lwm set to %d", radio->config.if_name, nf);
-			continue;
-		}
-
-		if (rrm_config->rrm_data.snr_percentage_drop == 0)
+		if ((rrm_config->rrm_data.backup_channel == 0) ||
+			(rrm_config->rrm_data.backup_channel == radio->config.chan))
 			continue;
 
-		if (rrm_config->rrm_data.backup_channel == 0)
+		if (rrm_config->rrm_data.noise_floor_thresh == 0)
 			continue;
 
-		nf_drop_threshold = ((int32_t)(100 - rrm_config->rrm_data.snr_percentage_drop) *
-				rrm_config->rrm_data.noise_lwm) / 100;
+		if (rrm_config->rrm_data.noise_floor_time == 0)
+			continue;
 
-		LOGD("[%s] backup=%d nf=%d nf_lwm=%d drop=%d thresh=%d",
+		LOGD("[%s] backup=%d nf=%d nf_thresh=%d",
 				radio->config.if_name,
 				rrm_config->rrm_data.backup_channel,
 				nf,
-				rrm_config->rrm_data.noise_lwm,
-				rrm_config->rrm_data.snr_percentage_drop,
-				nf_drop_threshold);
+				rrm_config->rrm_data.noise_floor_thresh);
 
-		if (nf > nf_drop_threshold)
+		rrm_config->rrm_data.avg_nf = rrm_calculate_avg_noise_floor(&(rrm_config->rrm_data), 
+			nf, rrm_config->rrm_data.noise_floor_time, RRM_CHANNEL_INTERVAL);
+
+		if (rrm_config->rrm_data.avg_nf &&
+			(rrm_config->rrm_data.avg_nf > rrm_config->rrm_data.noise_floor_thresh))
 		{
-			LOGI("Interference detected on [%s], switching to backup_channel=%d nf=%d nf_lwm=%d drop=%d thresh=%d",
+			LOGI("Interference detected on [%s],"
+				" switching to backup_channel=%d avg_nf=%d nfthresh=%d",
 					radio->config.if_name,
 					rrm_config->rrm_data.backup_channel,
-					nf,
-					rrm_config->rrm_data.noise_lwm,
-					rrm_config->rrm_data.snr_percentage_drop,
-					nf_drop_threshold);
+					rrm_config->rrm_data.avg_nf,
+					rrm_config->rrm_data.noise_floor_thresh);
 			int channel_bandwidth;
 			int sec_chan_offset=0;
-			struct mode_map *m = mode_map_get_uci(radio->schema.freq_band, get_max_channel_bw_channel(ieee80211_channel_to_frequency(rrm_config->rrm_data.backup_channel),
-						radio->schema.ht_mode), radio->schema.hw_mode);
+			struct mode_map *m = mode_map_get_uci(radio->schema.freq_band,
+					get_max_channel_bw_channel(ieee80211_channel_to_frequency(rrm_config->rrm_data.backup_channel),
+					radio->schema.ht_mode), radio->schema.hw_mode);
 			if (m) {
 				sec_chan_offset = m->sec_channel_offset;
 			} else
@@ -183,6 +226,8 @@ void rrm_nf_timer_handler(struct ev_loop *loop, ev_timer *timer, int revents)
 					radio->schema.ht_mode), &channel_bandwidth);
 			ubus_set_channel_switch(radio->config.if_name,
 					ieee80211_channel_to_frequency(rrm_config->rrm_data.backup_channel), channel_bandwidth, sec_chan_offset);
+
+			rrm_reset_noise_floor_samples(&(rrm_config->rrm_data));
 		}
 	}
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/rrm/src/rrm_ovsdb.c

@@ -124,6 +124,21 @@ void rrm_config_update(void)
 		rrm_data.min_load = rrm->schema.min_load;
 		rrm_data.beacon_rate = rrm->schema.beacon_rate;
 		rrm_data.mcast_rate = rrm->schema.mcast_rate;
+		rrm_data.noise_floor_thresh = rrm->schema.noise_floor_thresh;
+		rrm_data.noise_floor_time = rrm->schema.noise_floor_time;
+		if (rrm_data.noise_floor_time/RRM_CHANNEL_INTERVAL > RRM_MAX_NF_SAMPLES)
+		{
+			LOG(WARN, "RRM Config: Noise floor time too high."
+					" nf_time:%d, sampling_interval:%d, max_num_samples:%d",
+					rrm_data.noise_floor_time, RRM_CHANNEL_INTERVAL,
+					RRM_MAX_NF_SAMPLES);
+		}
+		rrm_data.non_wifi_thresh = rrm->schema.non_wifi_thresh;
+		rrm_data.non_wifi_time = rrm->schema.non_wifi_time;
+		rrm_data.obss_hop_mode = rrm->schema.obss_hop_mode;
+
+		rrm_data.avg_nf = 0;
+		rrm_reset_noise_floor_samples(&rrm_data);
 
 		/* Update cache config */
 		rrm->rrm_data = rrm_data;
@@ -408,13 +423,7 @@ void rrm_update_rrm_config_cb(ovsdb_update_monitor_t *self)
 			return;
 		}
 		/* Reset configuration */
-		rrm_config->schema.backup_channel = 0;
-		rrm_config->schema.min_load = 0;
-		rrm_config->schema.beacon_rate = 0;
-		rrm_config->schema.mcast_rate = 0;
-		rrm_config->schema.snr_percentage_drop = 0;
-		rrm_config->schema.client_disconnect_threshold = 0;
-		rrm_config->schema.probe_resp_threshold = 0;
+		memset(&(rrm_config->schema), 0, sizeof(rrm_config->schema));
 
 		ds_tree_remove(&rrm_config_list, rrm_config);
 		free(rrm_config);

feeds/wlan-ap/opensync/src/platform/openwrt/src/ucc_detect/src/main.c

@@ -130,6 +130,7 @@ static int rx_msg(struct nl_msg *msg, void* arg)
 	struct nlattr *attr[GENL_UCC_ATTR_MAX+1];
 
 	struct voip_session *data;
+	char dst_ip[16];
 	genlmsg_parse(nlmsg_hdr(msg), 0, attr, 
 			GENL_UCC_ATTR_MAX, genl_ucc_policy);
 
@@ -140,7 +141,6 @@ static int rx_msg(struct nl_msg *msg, void* arg)
 		return NL_OK;
 	}
 
-	char *dst_ip = malloc(16);
 	memset(dst_ip, 0, 16);
 	if((get_current_ip(dst_ip, IAC_IFACE)) < 0) {
 		LOGI("Error: Cannot get IP for %s", IAC_IFACE);
@@ -249,48 +249,31 @@ int main(int argc, char ** argv)
 	backtrace_init();
 
 	json_memdbg_init(loop);
-#if 0
-	if (!dpp_init())
-	{
-        	LOG(ERR,
-            	"Initializing SM "
-            	"(Failed to init DPP library)");
-		return -1;
-	}
 
-	if (!uccm_mqtt_init())
-	{
-		LOG(ERR,
-		"Initializing SM "
-		"(Failed to start MQTT)");
-		return -1;
-	}
-#endif
 	if (!ovsdb_init_loop(loop, "UCCM")) {
 		LOGEM("Initializing UCCM (Failed to initialize OVSDB)");
 		return -1;
 	}
-	evsched_init(loop);
 
 	callback cb = recv_process;
 	LOGI("Call interap_recv");
 	if( interap_recv(IAC_VOIP_PORT, cb, sizeof(struct voip_session),
-			 loop, &iac_io) < 0)
+			 loop, &iac_io) < 0) {
+		interap_rcv_close();
 		LOGI("Error: Failed InterAP receive");
+		return 1;
+	}
 
-//	task_init();
+	evsched_init(loop);
 	netlink_listen(loop);
-//	command_ubus_init(loop);
 
 	ev_run(loop, 0);
 
 	if (!ovsdb_stop_loop(loop))
 		LOGE("Stopping UCCM (Failed to stop OVSDB");
-#if 0
-	uccm_mqtt_stop();
-#endif
 	ev_default_destroy();
 
+	interap_rcv_close();
 	LOGN("Exiting UCCM");
 
 	return 0;

feeds/wlan-ap/wlan-ap-config/files/etc/hotplug.d/iface/40-fix-lan-wan-ip-conflict

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
+[ "$INTERFACE" = wan ] || exit 0
+
+conflict=0
+wan_ipaddr="$(ubus call network.interface.wan status | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
+lan_ipaddr="$(ubus call network.interface.lan status | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
+logger -t hotplug "$ACTION of $INTERFACE ($DEVICE) $wan_ipaddr"
+
+[ "$wan_ipaddr" = "192.168.1" ] && [ "$lan_ipaddr" = "192.168.1" ] && {
+    conflict=1
+    dest_ip="192.168.0.1"
+}
+[ "$wan_ipaddr" = "192.168.0" ] && [ "$lan_ipaddr" = "192.168.0" ] && {
+    conflict=1
+    dest_ip="192.168.1.1"
+}
+[ $conflict = 1 ] && {
+    logger -t hotplug "IP conflict with br-wan.  Switch br-lan to $dest_ip"
+    uci set network.lan.ipaddr="$dest_ip"
+    uci_commit
+    reload_config
+}
+exit 0

feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-data

@@ -3,9 +3,9 @@
 . /lib/functions.sh
 
 SKU="unknown"
-MODEL="unknown"
+MODEL=""
 PLATFORM="unknown"
-SERIAL="unknown"
+SERIAL=""
 MODEL_REV="unknown"
 MODEL_DESCR="unknown"
 MANUF_NAME="unknown"
@@ -19,9 +19,12 @@ ID=""
 case "$(board_name)" in
 edgecore,ecw5211|\
 edgecore,ecw5410)
-	MODEL=$(cat /tmp/sysinfo/board_name | sed "s/edgecore,//" | tr [a-z] [A-Z])
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd5 | grep serial_number | cut -d "=" -f2)
+	MODEL=$(cat /dev/mtd5 | grep "model=" | cut -d "=" -f2)
+	if [ ! $MODEL ]; then
+		MODEL=$(cat /tmp/sysinfo/board_name | sed "s/edgecore,//" | tr [a-z] [A-Z])
+	fi
 	SKU=$(cat /dev/mtd5 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd5 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd5 | grep mac_address | cut -d "=" -f2)
@@ -37,12 +40,12 @@ edgecore,ecw5410)
 	REF_DESIGN=$(cat /dev/mtd5 | grep reference_design | cut -d "=" -f2)
 	;;
 cig,wf194c)
-	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd14 | grep serial_number | cut -d "=" -f2)
 	if [ ! $SERIAL ]; then
 		SERIAL=$(cat /dev/mtd14 | grep BaseMacAddress | cut -dx -f2)
 	fi
+	MODEL=$(cat /dev/mtd14 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd14 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd14 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd14 | grep mac_address | cut -d "=" -f2)
@@ -58,9 +61,9 @@ cig,wf194c)
 	REF_DESIGN=$(cat /dev/mtd14 | grep reference_design | cut -d "=" -f2)
 	;;
 cig,wf188n)
-	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd12 | grep serial_number | cut -d "=" -f2)
+	MODEL=$(cat /dev/mtd12 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd12 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd12 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd12 | grep mac_address | cut -d "=" -f2)
@@ -83,7 +86,9 @@ linksys,ea8300)
 	MODEL_DESCR=$(cat /dev/mtd9 | grep modelDescription | cut -d "=" -f2 | tr -d '\r\n')
 	MANUF_URL=$(cat /dev/mtd9 | grep manufacturerURL | cut -d "=" -f2 | tr -d '\r\n')
 	CERT_REGION=$(cat /dev/mtd9 | grep cert_region | cut -d "=" -f2 | tr -d '\r\n')
-	ID=$(cat /dev/mtd9 | grep hw_mac_addr | cut -d "=" -f2 | tr -d '\r\n')
+	# Commenting out below, because hw_mac_addr is used for eth0/LAN interface
+	# whereas ID corresponds to the mac address of WAN interface.
+	#ID=$(cat /dev/mtd9 | grep hw_mac_addr | cut -d "=" -f2 | tr -d '\r\n')
 	MANUF_NAME=$(cat /dev/mtd9 | grep "manufacturer=" | cut -d "=" -f2 | tr -d '\r\n')
 	if [ ! $MANUF_NAME ]; then
 		MANUF_NAME="Linksys"
@@ -97,9 +102,9 @@ linksys,ea8300)
 	MANUF_DATE="$DAY-$MONTH-$YEAR"
 	;;
 tp-link,ec420-g1)
-	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd9 | grep serial_number | cut -d "=" -f2)
+	MODEL=$(cat /dev/mtd9 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd9 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd9 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd9 | grep mac_address | cut -d "=" -f2)
@@ -130,14 +135,29 @@ fi
 
 # fallback check to get the id from mac address if flash does not contain this info.
 if [ ! $ID ]; then
-	ID=$(cat /sys/class/net/eth0/address)
+	if [ $(board_name) == "cig,wf194c" ] || [ $(board_name) == "edgecore,eap102" ] || [ $(board_name) == "linksys,ea8300" ]; then
+		ID=$(cat /sys/class/net/eth1/address)
+	else
+		ID=$(cat /sys/class/net/eth0/address)
+	fi
+fi
+
+# fallback check to get the model if flash does not contain this info.
+if [ ! $MODEL ]; then
+	MODEL=$(cat /tmp/sysinfo/board_name | cut -d "," -f2 | awk '{print toupper($0)}')
+fi
+
+# Read the active firmware version info
+FIRMWARE=$(cat /usr/opensync/.versions | grep FW_IMAGE_ACTIVE | grep -o '[^-]*$')
+if [ ! $FIRMWARE ]; then
+	FIRMWARE=$(cat /usr/opensync/.versions | grep FW_VERSION | cut -d ":" -f2)
 fi
 
 uci set system.tip=tip
 uci set system.tip.serial="${SERIAL}"
 uci set system.tip.model="${MODEL}"
 uci set system.tip.platform="${PLATFORM}"
-uci set system.tip.firmware='0.1.0'
+uci set system.tip.firmware="${FIRMWARE}"
 uci set system.tip.sku_number="${SKU}"
 uci set system.tip.revision="${MODEL_REV}"
 uci set system.tip.model_description="${MODEL_DESCR}"

feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-network

@@ -2,6 +2,8 @@
 
 uci set network.wan.type=bridge
 uci set network.wan6.ifname=@wan
+uci set network.wan.metric=1
+uci set network.lan.metric=10
 uci set network.wan.vlan_filtering=1
 uci set network.lan.vlan_filtering=1
 exit 0

patches/0027-ipq807x-add-the-Qualcomm-AX-target-support.patch

@@ -175,7 +175,7 @@ index 0000000000..90df1f8a9a
 +	kmod-usb-phy-ipq807x kmod-usb-dwc3-of-simple \
 +	kmod-ath11k-ahb kmod-qrtr_mproc wpad \
 +	kmod-gpio-button-hotplug \
-+	qca-thermald-10.4 qca-ssdk-shell
++	qca-thermald-10.4 qca-ssdk-shell kmod-qca-nss-drv-bridge-mgr
 +
 +$(eval $(call BuildTarget))
 diff --git a/target/linux/ipq807x/base-files/etc/board.d/01_leds b/target/linux/ipq807x/base-files/etc/board.d/01_leds
@@ -12281,14 +12281,14 @@ index 0000000000..6b0eb2f831
 ++		pinctrl-names = "default";
 ++
 ++		led@25 {
-++			label = "wifi5g";
-++			gpios = <&tlmm 35 GPIO_ACTIVE_HIGH>;
+++			label = "green:wifi5";
+++			gpios = <&tlmm 35 GPIO_ACTIVE_LOW>;
 ++			linux,default-trigger = "wf188:green:5g";
 ++			default-state = "off";
 ++		};
 ++		led@24 {
-++			label = "wifi2g";
-++			gpios = <&tlmm 37 GPIO_ACTIVE_HIGH>;
+++			label = "green:wifi2";
+++			gpios = <&tlmm 37 GPIO_ACTIVE_LOW>;
 ++			linux,default-trigger = "wf188:green:2g";
 ++			default-state = "off";
 ++		};

patches/0036-Preserve-certs-and-redirector-over-factory-reboot.patch

@@ -0,0 +1,81 @@
+From 1f9978564420818d4ce4bdbb08fce2eca7c13d8e Mon Sep 17 00:00:00 2001
+From: Rick Sommerville <rick.sommerville@netexperience.com>
+Date: Sun, 23 May 2021 14:36:03 -0400
+Subject: [PATCH] Preserve certificates and redirector over factory-reset
+
+---
+ package/base-files/files/etc/rc.button/reset  |  2 +-
+ .../patches/001-jffs2reset-keep-option        | 48 +++++++++++++++++++
+ 2 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 package/system/fstools/patches/001-jffs2reset-keep-option
+
+diff --git a/package/base-files/files/etc/rc.button/reset b/package/base-files/files/etc/rc.button/reset
+index 2403122ad2..56c0548ec9 100755
+--- a/package/base-files/files/etc/rc.button/reset
++++ b/package/base-files/files/etc/rc.button/reset
+@@ -23,7 +23,7 @@ released)
+ 	elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
+ 	then
+ 		echo "FACTORY RESET" > /dev/console
+-		jffs2reset -y && reboot &
++		wlan_ap_factory_reset.sh
+ 	fi
+ ;;
+ esac
+diff --git a/package/system/fstools/patches/001-jffs2reset-keep-option b/package/system/fstools/patches/001-jffs2reset-keep-option
+new file mode 100644
+index 0000000000..50209ea276
+--- /dev/null
++++ b/package/system/fstools/patches/001-jffs2reset-keep-option
+@@ -0,0 +1,48 @@
++--- a/jffs2reset.c
+++++ b/jffs2reset.c
++@@ -40,7 +40,7 @@ ask_user(void)
++ 	return 0;
++ }
++ 
++-static int jffs2_reset(struct volume *v, int reset)
+++static int jffs2_reset(struct volume *v, int reset, int keep)
++ {
++ 	char *mp;
++ 
++@@ -48,7 +48,7 @@ static int jffs2_reset(struct volume *v,
++ 	if (mp) {
++ 		ULOG_INFO("%s is mounted as %s, only erasing files\n", v->blk, mp);
++ 		fs_state_set("/overlay", FS_STATE_PENDING);
++-		overlay_delete(mp, false);
+++		overlay_delete(mp, keep);
++ 		mount(mp, "/", NULL, MS_REMOUNT, 0);
++ 	} else {
++ 		ULOG_INFO("%s is not mounted\n", v->blk);
++@@ -93,8 +93,8 @@ static int jffs2_mark(struct volume *v)
++ int main(int argc, char **argv)
++ {
++ 	struct volume *v;
++-	int ch, yes = 0, reset = 0;
++-	while ((ch = getopt(argc, argv, "yr")) != -1) {
+++	int ch, yes = 0, reset = 0, keep = 0;
+++	while ((ch = getopt(argc, argv, "yrk")) != -1) {
++ 		switch(ch) {
++ 		case 'y':
++ 			yes = 1;
++@@ -102,6 +102,9 @@ int main(int argc, char **argv)
++ 		case 'r':
++ 			reset = 1;
++ 			break;
+++                case 'k':
+++                        keep = 1;
+++                        break;
++ 		}
++ 
++ 	}
++@@ -128,5 +131,5 @@ int main(int argc, char **argv)
++ 	volume_init(v);
++ 	if (!strcmp(*argv, "jffs2mark"))
++ 		return jffs2_mark(v);
++-	return jffs2_reset(v, reset);
+++	return jffs2_reset(v, reset, keep);
++ }
+-- 
+2.17.1
+

patches/0052-netifd-Add-WPA3-Enterprise-modes.patch

@@ -0,0 +1,39 @@
+From dc2e1e24e5a69face7d154fea6d3ecbee6c90e45 Mon Sep 17 00:00:00 2001
+From: Arif Alam <arif.alam@netexperience.com>
+Date: Wed, 28 Apr 2021 19:29:23 -0400
+Subject: [PATCH] netifd: Add WPA3 Enterprise modes
+
+Add configuration options for:
+- WPA3 Enterprise Only mode
+- WPA3 Enterprise Transition mode
+
+Signed-off-by: Arif Alam <arif.alam@netexperience.com>
+---
+ .../patches/0105-add-wpa3-enterprise-modes.patch  | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+ create mode 100644 package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+
+diff --git a/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+new file mode 100644
+index 0000000000..9018365807
+--- /dev/null
++++ b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+@@ -0,0 +1,15 @@
++--- a/scripts/netifd-wireless.sh
+++++ b/scripts/netifd-wireless.sh
++@@ -244,8 +244,11 @@ wireless_vif_parse_encryption() {
++ 		owe*)
++ 			auth_type=owe
++ 		;;
+++		wpa3-only*)
+++			auth_type=eap-only
+++		;;
++ 		wpa3-mixed*)
++-			auth_type=eap-eap192
+++			auth_type=eap-transition
++ 		;;
++ 		wpa3*)
++ 			auth_type=eap192
+-- 
+2.25.1
+

patches/0053-ipq807x-fix-edgecore-eap102.patch

@@ -0,0 +1,156 @@
+From 4a5ac0aa04a5e6cf9316ce7c16843f0f4a4128ce Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Wed, 12 May 2021 07:00:18 +0200
+Subject: [PATCH] ipq807x: fix edgecore eap102
+
+* import the fixes for the update hardware revision
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ target/linux/ipq807x/base-files/etc/board.d/02_network    | 5 +----
+ target/linux/ipq807x/base-files/etc/init.d/bootcount      | 3 ++-
+ target/linux/ipq807x/base-files/lib/upgrade/platform.sh   | 4 ++--
+ .../arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts      | 8 ++++----
+ target/linux/ipq807x/image/ipq60xx.mk                     | 6 +++---
+ target/linux/ipq807x/image/ipq807x.mk                     | 2 +-
+ 6 files changed, 13 insertions(+), 15 deletions(-)
+
+diff --git a/target/linux/ipq807x/base-files/etc/board.d/02_network b/target/linux/ipq807x/base-files/etc/board.d/02_network
+index f23a9f3eac..e90a73f7bf 100755
+--- a/target/linux/ipq807x/base-files/etc/board.d/02_network
++++ b/target/linux/ipq807x/base-files/etc/board.d/02_network
+@@ -28,6 +28,7 @@ qcom_setup_interfaces()
+                 ucidef_set_interface_wan "eth0"
+                 ;;
+ 	cig,wf194c|\
++	edgecore,eap102|\
+ 	sercomm,wallaby)
+ 		ucidef_set_interface_lan "eth0"
+ 		ucidef_set_interface_wan "eth1"
+@@ -36,10 +37,6 @@ qcom_setup_interfaces()
+ 		ucidef_set_interface_lan "eth1 eth2"
+ 		ucidef_set_interface_wan "eth0"
+ 		;;
+-	edgecore,eap102)
+-		ucidef_set_interface_lan "eth1"
+-		ucidef_set_interface_wan "eth0"
+-		;;
+ 	esac
+ }
+ 
+diff --git a/target/linux/ipq807x/base-files/etc/init.d/bootcount b/target/linux/ipq807x/base-files/etc/init.d/bootcount
+index ac345d6d4a..a24f27353e 100755
+--- a/target/linux/ipq807x/base-files/etc/init.d/bootcount
++++ b/target/linux/ipq807x/base-files/etc/init.d/bootcount
+@@ -4,7 +4,8 @@ START=99
+ 
+ boot() {
+ 	case "$(board_name)" in
+-	edgecore,eap101)
++	edgecore,eap101|\
++	edgecore,eap102)
+ 		fw_setenv bootcount 0
+ 		;;
+ 	esac
+diff --git a/target/linux/ipq807x/base-files/lib/upgrade/platform.sh b/target/linux/ipq807x/base-files/lib/upgrade/platform.sh
+index 59d1578925..a520df40d7 100755
+--- a/target/linux/ipq807x/base-files/lib/upgrade/platform.sh
++++ b/target/linux/ipq807x/base-files/lib/upgrade/platform.sh
+@@ -48,7 +48,6 @@ platform_do_upgrade() {
+ 		;;
+ 	cig,wf188n|\
+ 	cig,wf194c|\
+-	edgecore,eap102|\
+ 	qcom,ipq6018-cp01|\
+ 	qcom,ipq807x-hk01|\
+ 	sercomm,wallaby|\
+@@ -56,7 +55,8 @@ platform_do_upgrade() {
+ 	tplink,ex227)
+ 		nand_upgrade_tar "$1"
+ 		;;
+-	edgecore,eap101)
++	edgecore,eap101|\
++	edgecore,eap102)
+ 		CI_UBIPART="rootfs1"
+ 		nand_upgrade_tar "$1"
+ 		;;
+diff --git a/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts b/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
+index e8157f5514..cf822c246e 100755
+--- a/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
++++ b/target/linux/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
+@@ -32,8 +32,8 @@
+ 		 * Aliases as required by u-boot
+ 		 * to patch MAC addresses
+ 		 */
+-		ethernet0 = "/soc/dp5";
+-		ethernet1 = "/soc/dp6";
++		ethernet0 = "/soc/dp6";
++		ethernet1 = "/soc/dp5";
+ 
+ 		led-boot = &led_power;
+ 		led-failsafe = &led_power;
+@@ -593,7 +593,7 @@
+ 		};
+ 	};
+ 
+-	dp1 {
++/*	dp1 {
+ 		device_type = "network";
+ 		compatible = "qcom,nss-dp";
+ 		qcom,id = <1>;
+@@ -639,7 +639,7 @@
+ 		qcom,link-poll = <1>;
+ 		qcom,phy-mdio-addr = <3>;
+ 		phy-mode = "sgmii";
+-	};
++	};*/
+ 
+ 	dp5 {
+ 		device_type = "network";
+diff --git a/target/linux/ipq807x/image/ipq60xx.mk b/target/linux/ipq807x/image/ipq60xx.mk
+index c536a174f8..201885a760 100644
+--- a/target/linux/ipq807x/image/ipq60xx.mk
++++ b/target/linux/ipq807x/image/ipq60xx.mk
+@@ -7,7 +7,7 @@ define Device/cig_wf188
+   SUPPORTED_DEVICES := cig,wf188
+   IMAGES := sysupgrade.tar
+   IMAGE/sysupgrade.tar/squashfs := append-rootfs | pad-rootfs | sysupgrade-tar rootfs=$$$$@ | append-metadata
+-  DEVICE_PACKAGES := ath11k-wifi-cig-wf188 uboot-env
++  DEVICE_PACKAGES := ath11k-wifi-cig-wf188 uboot-envtools
+ endef
+ TARGET_DEVICES += cig_wf188
+ 
+@@ -16,7 +16,7 @@ define Device/cig_wf188n
+   DEVICE_DTS := qcom-ipq6018-cig-wf188n
+   DEVICE_DTS_CONFIG := config@cp03-c1
+   SUPPORTED_DEVICES := cig,wf188n
+-  DEVICE_PACKAGES := ath11k-wifi-cig-wf188n uboot-env
++  DEVICE_PACKAGES := ath11k-wifi-cig-wf188n uboot-envtools
+ endef
+ TARGET_DEVICES += cig_wf188n
+ 
+@@ -25,7 +25,7 @@ define Device/edgecore_eap101
+   DEVICE_DTS := qcom-ipq6018-edgecore-eap101
+   DEVICE_DTS_CONFIG := config@cp01-c1
+   SUPPORTED_DEVICES := edgecore,eap101
+-  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap101 uboot-env
++  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap101 uboot-envtools
+ endef
+ TARGET_DEVICES += edgecore_eap101
+ 
+diff --git a/target/linux/ipq807x/image/ipq807x.mk b/target/linux/ipq807x/image/ipq807x.mk
+index 7081769407..000d2793c9 100644
+--- a/target/linux/ipq807x/image/ipq807x.mk
++++ b/target/linux/ipq807x/image/ipq807x.mk
+@@ -41,7 +41,7 @@ define Device/edgecore_eap102
+   DEVICE_DTS := qcom-ipq807x-eap102
+   DEVICE_DTS_CONFIG=config@ac02
+   SUPPORTED_DEVICES := edgecore,eap102
+-  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap102 kmod-usb3 kmod-usb2
++  DEVICE_PACKAGES := ath11k-wifi-edgecore-eap102 kmod-usb2 uboot-envtools
+ endef
+ TARGET_DEVICES += edgecore_eap102
+ define Device/tplink_ex227
+-- 
+2.25.1
+

patches/0054-WiFi6-Aps-LEDs-Label-Name-Change.patch

@@ -0,0 +1,201 @@
+From 82c689a779db76c74893be4d6249b663d70d80d8 Mon Sep 17 00:00:00 2001
+From: Nagendrababu <nagendrababu.bonkuri@connectus.ai>
+Date: Fri, 21 May 2021 16:38:07 -0400
+Subject: [PATCH] WiFi6-APs-Label-Name-Change
+
+---
+ .../111-WiFi6-APs-LED-Label-Name-Change.patch | 182 ++++++++++++++++++
+ 1 file changed, 182 insertions(+)
+ create mode 100644 target/linux/ipq807x/patches/111-WiFi6-APs-LED-Label-Name-Change.patch
+
+diff --git a/target/linux/ipq807x/patches/111-WiFi6-APs-LED-Label-Name-Change.patch b/target/linux/ipq807x/patches/111-WiFi6-APs-LED-Label-Name-Change.patch
+new file mode 100644
+index 0000000000..2396067aac
+--- /dev/null
++++ b/target/linux/ipq807x/patches/111-WiFi6-APs-LED-Label-Name-Change.patch
+@@ -0,0 +1,182 @@
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq6018-cig-wf188.dts
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/arch/arm64/boot/dts/qcom/qcom-ipq6018-cig-wf188.dts
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq6018-cig-wf188.dts
++@@ -309,26 +309,26 @@
++ 		pinctrl-names = "default";
++ 
++ 		led@25 {
++-			label = "led_5g";
++-			gpios = <&tlmm 25 GPIO_ACTIVE_HIGH>;
++-			linux,default-trigger = "wf188:green:5g";
+++			label = "wf188:green:wifi5g";
+++			gpios = <&tlmm 25 GPIO_ACTIVE_LOW>;
+++			linux,default-trigger = "wf188:green:wifi5g";
++ 			default-state = "off";
++ 		};
++ 		led@24 {
++-			label = "led_2g";
++-			gpios = <&tlmm 24 GPIO_ACTIVE_HIGH>;
++-			linux,default-trigger = "wf188:green:2g";
+++			label = "wf188:green:wifi2g";
+++			gpios = <&tlmm 24 GPIO_ACTIVE_LOW>;
+++			linux,default-trigger = "wf188:green:wifi2g";
++ 			default-state = "off";
++ 		};
++ 		led@18 {
++-			label = "led_eth";
++-			gpios = <&tlmm 18 GPIO_ACTIVE_HIGH>;
+++			label = "wf188:green:eth";
+++			gpios = <&tlmm 18 GPIO_ACTIVE_LOW>;
++ 			linux,default-trigger = "wf188:green:eth";
++ 			default-state = "off";
++ 		};
++                 led_power: led@16 {
++-                        label = "led_pwr";
++-                        gpios = <&tlmm 16 GPIO_ACTIVE_HIGH>;
+++                        label = "wf188:green:power";
+++                        gpios = <&tlmm 16 GPIO_ACTIVE_LOW>;
++                         linux,default-trigger = "wf188:green:power";
++ 			default-state = "off";
++ 		};
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq6018-cig-wf188n.dts
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/arch/arm64/boot/dts/qcom/qcom-ipq6018-cig-wf188n.dts
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq6018-cig-wf188n.dts
++@@ -309,26 +309,26 @@
++ 		pinctrl-names = "default";
++ 
++ 		led@25 {
++-			label = "led_5g";
++-			gpios = <&tlmm 25 GPIO_ACTIVE_HIGH>;
++-			linux,default-trigger = "wf188:green:5g";
+++			label = "wf188:green:wifi5g";
+++			gpios = <&tlmm 25 GPIO_ACTIVE_LOW>;
+++			linux,default-trigger = "wf188:green:wifi5g";
++ 			default-state = "off";
++ 		};
++ 		led@24 {
++-			label = "led_2g";
++-			gpios = <&tlmm 24 GPIO_ACTIVE_HIGH>;
++-			linux,default-trigger = "wf188:green:2g";
+++			label = "wf188:green:wifi2g";
+++			gpios = <&tlmm 24 GPIO_ACTIVE_LOW>;
+++			linux,default-trigger = "wf188:green:wifi2g";
++ 			default-state = "off";
++ 		};
++ 		led@18 {
++-			label = "led_eth";
++-			gpios = <&tlmm 18 GPIO_ACTIVE_HIGH>;
+++			label = "wf188:green:eth";
+++			gpios = <&tlmm 18 GPIO_ACTIVE_LOW>;
++ 			linux,default-trigger = "wf188:green:eth";
++ 			default-state = "off";
++ 		};
++                 led_power: led@16 {
++-                        label = "led_pwr";
++-                        gpios = <&tlmm 16 GPIO_ACTIVE_HIGH>;
+++                        label = "wf188:green:power";
+++                        gpios = <&tlmm 16 GPIO_ACTIVE_LOW>;
++                         linux,default-trigger = "wf188:green:power";
++ 			default-state = "off";
++ 		};
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq6018-edgecore-eap101.dts
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/arch/arm64/boot/dts/qcom/qcom-ipq6018-edgecore-eap101.dts
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq6018-edgecore-eap101.dts
++@@ -337,21 +337,21 @@
++ 		pinctrl-names = "default";
++ 
++ 		led@25 {
++-			label = "green:wifi5";
+++			label = "eap101:green:wifi5g";
++ 			gpios = <&tlmm 35 GPIO_ACTIVE_LOW>;
++-			linux,default-trigger = "wf188:green:5g";
+++			linux,default-trigger = "eap101:green:wifi5g";
++ 			default-state = "off";
++ 		};
++ 		led@24 {
++-			label = "green:wifi2";
+++			label = "eap101:green:wifi2g";
++ 			gpios = <&tlmm 37 GPIO_ACTIVE_LOW>;
++-			linux,default-trigger = "wf188:green:2g";
+++			linux,default-trigger = "eap101:green:wifi2g";
++ 			default-state = "off";
++ 		};
++                 led_power: led@16 {
++-                        label = "led_pwr";
++-                        gpios = <&tlmm 74 GPIO_ACTIVE_HIGH>;
++-                        linux,default-trigger = "green:power";
+++                        label = "eap101:green:power";
+++                        gpios = <&tlmm 74 GPIO_ACTIVE_LOW>;
+++                        linux,default-trigger = "eap101:green:power";
++ 			default-state = "off";
++ 		};
++ 	};
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq807x-eap102.dts
++@@ -671,29 +671,27 @@
++ 		pinctrl-names = "default";
++ 
++ 			led_power: led_pwr {
++-				label = "green:power";
+++				label = "eap102:green:power";
++ 				gpios = <&tlmm 46 GPIO_ACTIVE_HIGH>;
++ 				default-state = "on";
++-				linux,default-trigger = "led_pwr";
++ 			};
++ 
++ 			led_2g {
++-				label = "green:wifi2";
+++				label = "eap102:green:wifi2g";
++ 				gpio = <&tlmm 47 GPIO_ACTIVE_HIGH>;
++-				default-state = "off";
+++				default-state = "on";
++ 			};
++ 
++ 			led_5g {
++-				label = "green:wifi5";
+++				label = "eap102:green:wifi5g";
++ 				gpio = <&tlmm 48 GPIO_ACTIVE_HIGH>;
++-				default-state = "off";
+++				default-state = "on";
++ 			};
++ 
++ 			led_bt {
+++				label = "eap102:green:bt";
++ 				gpios = <&tlmm 50 GPIO_ACTIVE_HIGH>;
++-				label = "green:bt";
++-				default-state = "off";
++-				linux,default-trigger = "led_bt";
+++				default-state = "on";
++ 			};
++ 	};
++ 	nss-macsec0 {
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq807x-ex227.dts
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/arch/arm64/boot/dts/qcom/qcom-ipq807x-ex227.dts
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq807x-ex227.dts
++@@ -600,7 +600,7 @@
++ 		pinctrl-names = "default";
++ 
++ 		led_power {
++-			label = "led_power";
+++			label = "ex227:blue:power";
++ 			gpio = <&tlmm 42 GPIO_ACTIVE_HIGH>;
++ 			default-state = "on";
++ 		};
++Index: linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq807x-ex447.dts
++===================================================================
++--- linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce.orig/arch/arm64/boot/dts/qcom/qcom-ipq807x-ex447.dts
+++++ linux-4.4.60-qsdk-10fd7d14853b7020b804acae690c8acec5d954ce/arch/arm64/boot/dts/qcom/qcom-ipq807x-ex447.dts
++@@ -600,7 +600,7 @@
++ 		pinctrl-names = "default";
++ 
++ 		led_power {
++-			label = "led_power";
+++			label = "ex447:blue:power";
++ 			gpio = <&tlmm 42 GPIO_ACTIVE_HIGH>;
++ 			default-state = "on";
++ 		};
+-- 
+2.25.1
+

profiles-20.x/wlan-ap.yml

@@ -60,6 +60,7 @@ packages:
   - kmod-ip6-tunnel
   - kmod-iptunnel
   - kmod-iptunnel6
+  - logrotate
 
 diffconfig: |
   CONFIG_OPENSSL_ENGINE=y

profiles/wlan-ap.yml

@@ -80,6 +80,9 @@ packages:
   - eapol-test
   - apc
   - radsecproxy
+  - logrotate
+  - kmod-ledtrig-heartbeat
+  - bind-dig
 
 diffconfig: |
   CONFIG_OPENSSL_ENGINE=y