WIFI-2427 Preserve certs/redirector over factory-reset (minor fix)

Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>
WIFI-2427 Preserve certs and redirector over factory-reset
2025-10-31 10:28:06 +00:00 · 2021-05-25 12:39:44 -04:00 · 2021-05-25 11:35:43 -04:00 · 2021-05-22 22:20:15 -04:00 · 2021-05-19 16:52:35 -04:00 · 2021-04-30 12:32:38 -04:00
12 changed files with 168 additions and 263 deletions
--- a/feeds/wifi-ax/hostapd/files/hostapd.sh
+++ b/feeds/wifi-ax/hostapd/files/hostapd.sh
@@ -47,15 +47,6 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
-		eap-only)
-			append wpa_key_mgmt "WPA-EAP-SHA256"
-			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
-		;;
-		eap-transition)
-			append wpa_key_mgmt "WPA-EAP"
-			append wpa_key_mgmt "WPA-EAP-SHA256"
-			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
-		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -321,15 +312,14 @@ hostapd_common_add_bss_config() {
 	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp

 	config_add_boolean interworking internet
-	config_add_int access_network_type asra esr uesa venue_group venue_type  \
+	config_add_int access_network_type asra esr uesa venue_group venue_type ipaddr_type_availability \
 		gas_address3
-	config_add_string hessid network_auth_type ipaddr_type_availability \
+	config_add_string hessid network_auth_type \
 		anqp_3gpp_cell_net anqp_elem domain_name qos_map_set hs20_t_c_server_url

 	config_add_array airtime_sta_weight
 	config_add_int airtime_bss_weight airtime_bss_limit
 	config_add_int rts_threshold
-	config_add_boolean multicast_to_unicast proxy_arp
 }

 hostapd_set_vlan_file() {
@@ -496,8 +486,7 @@ hostapd_set_bss_options() {
 		bss_load_update_period chan_util_avg_period sae_require_mfp \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key \
 		airtime_bss_weight airtime_bss_limit airtime_sta_weight \
-		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold \
-		proxy_arp multicast_to_unicast
+		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold 

 	set_default isolate 0
 	set_default maxassoc 0
@@ -520,8 +509,7 @@ hostapd_set_bss_options() {
 	set_default rssi_reject_assoc_rssi 0
 	set_default rssi_ignore_probe_request 0
 	set_default rts_threshold -1
-	set_default proxy_arp 0
-	set_default multicast_to_unicast 0
+
 	append bss_conf "ctrl_interface=/var/run/hostapd"
 	if [ "$isolate" -gt 0 ]; then
 		append bss_conf "ap_isolate=$isolate" "$N"
@@ -550,9 +538,6 @@ hostapd_set_bss_options() {
 	append bss_conf "rssi_ignore_probe_request=$rssi_ignore_probe_request" "$N"
 	append bss_conf "rts_threshold=$rts_threshold" "$N"

-	[ -n "$proxy_arp" ] && append bss_conf "proxy_arp=$proxy_arp" "$N"
-	[ -n "$multicast_to_unicast" ] && append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
-
 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"

 	[ "$wpa" -gt 0 ] && {
@@ -573,11 +558,11 @@ hostapd_set_bss_options() {
 	}

 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192|eap-only)
+		sae|owe|eap192|eap-eap192)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae|eap-transition)
+		psk-sae)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -619,7 +604,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192|eap-only|eap-transition)
+		eap|eap192|eap-eap192)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
@@ -956,6 +941,7 @@ hostapd_set_bss_options() {
 	set_default access_network_type 0
 	set_default venue_group 0
 	set_default venue_type 0
+	set_default ipaddr_type_availability 0
 	set_default gas_address3 0
 	set_default hs20_deauth_req_timeout 60
 	if [ "$hs20" = "1" ]; then
@@ -987,7 +973,7 @@ hostapd_set_bss_options() {
 		[ "$uesa" -gt 0 ] && append bss_conf "uesa=$uesa" "$N"
 		[ "$venue_group" -gt 0 ] && append bss_conf "venue_group=$venue_group" "$N"
 		[ "$venue_type" -gt 0 ] && append bss_conf "venue_type=$venue_type" "$N"
-		[ -n "$ipaddr_type_availability" ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
+		[ "$ipaddr_type_availability" -gt 0 ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
 		[ "$gas_address3" -gt 0 ] && append bss_conf "gas_address3=$gas_address3" "$N"
 		[ -n "$hessid" ] && append bss_conf "hessid=$hessid" "$N"
 		[ -n "$network_auth_type" ] && append bss_conf "network_auth_type=$network_auth_type" "$N"
--- a/feeds/wifi-trunk/hostapd/files/hostapd.sh
+++ b/feeds/wifi-trunk/hostapd/files/hostapd.sh
@@ -47,15 +47,6 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
-		eap-only)
-			append wpa_key_mgmt "WPA-EAP-SHA256"
-			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
-		;;
-		eap-transition)
-			append wpa_key_mgmt "WPA-EAP"
-			append wpa_key_mgmt "WPA-EAP-SHA256"
-			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
-		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -304,17 +295,15 @@ hostapd_common_add_bss_config() {
 	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp

 	config_add_boolean interworking internet
-	config_add_int access_network_type asra esr uesa venue_group venue_type \
+	config_add_int access_network_type asra esr uesa venue_group venue_type ipaddr_type_availability \
 		gas_address3
-	config_add_string hessid network_auth_type ipaddr_type_availability \
+	config_add_string hessid network_auth_type \
 		anqp_3gpp_cell_net anqp_elem domain_name qos_map_set hs20_t_c_server_url

 	config_add_int airtime_bss_weight airtime_bss_limit
 	config_add_int rts_threshold
 	config_add_array radius_auth_req_attr
 	config_add_array radius_acct_req_attr
-
-	config_add_boolean multicast_to_unicast proxy_arp
 }

 hostapd_set_vlan_file() {
@@ -458,8 +447,7 @@ hostapd_set_bss_options() {
 		bss_load_update_period chan_util_avg_period sae_require_mfp \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key \
 		airtime_bss_weight airtime_bss_limit \
-		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold \
-		proxy_arp multicast_to_unicast
+		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold 

 	set_default isolate 0
 	set_default maxassoc 0
@@ -487,9 +475,6 @@ hostapd_set_bss_options() {
 	set_default signal_poll_time 5
 	set_default signal_drop_reason 3
 	set_default signal_strikes 3
-	set_default proxy_arp 0
-	set_default multicast_to_unicast 0
-

 	append bss_conf "ctrl_interface=/var/run/hostapd"
 	if [ "$isolate" -gt 0 ]; then
@@ -523,9 +508,6 @@ hostapd_set_bss_options() {
 	append bss_conf "signal_strikes=$signal_strikes" "$N"
 	append bss_conf "signal_drop_reason=$signal_drop_reason" "$N"

-	[ -n "$proxy_arp" ] && append bss_conf "proxy_arp=$proxy_arp" "$N"
-	[ -n "$multicast_to_unicast" ] && append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
-
 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"

 	[ "$wpa" -gt 0 ] && {
@@ -548,11 +530,11 @@ hostapd_set_bss_options() {
 	}

 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192|eap-only)
+		sae|owe|eap192|eap-eap192)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae|eap-transition)
+		psk-sae)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -594,7 +576,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192|eap-only|eap-transition)
+		eap|eap192|eap-eap192)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
@@ -890,6 +872,7 @@ hostapd_set_bss_options() {
 	set_default access_network_type 0
 	set_default venue_group 0
 	set_default venue_type 0
+	set_default ipaddr_type_availability 0
 	set_default gas_address3 0
 	set_default hs20_deauth_req_timeout 60
 	if [ "$hs20" = "1" ]; then
@@ -921,7 +904,7 @@ hostapd_set_bss_options() {
 		[ "$uesa" -gt 0 ] && append bss_conf "uesa=$uesa" "$N"
 		[ "$venue_group" -gt 0 ] && append bss_conf "venue_group=$venue_group" "$N"
 		[ "$venue_type" -gt 0 ] && append bss_conf "venue_type=$venue_type" "$N"
-		[ -n "$ipaddr_type_availability" ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
+		[ "$ipaddr_type_availability" -gt 0 ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
 		[ "$gas_address3" -gt 0 ] && append bss_conf "gas_address3=$gas_address3" "$N"
 		[ -n "$hessid" ] && append bss_conf "hessid=$hessid" "$N"
 		[ -n "$network_auth_type" ] && append bss_conf "network_auth_type=$network_auth_type" "$N"
--- a/feeds/wlan-ap/opensync/files/bin/wlan_ap_factory_reset.sh
+++ b/feeds/wlan-ap/opensync/files/bin/wlan_ap_factory_reset.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+tar czf /sysupgrade.tgz /usr/opensync/certs/
+jffs2reset -r -y -k
--- a/feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh
+++ b/feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh
@@ -1,12 +1,47 @@
 #!/bin/sh

-if [ $# -ne 1 ] ; then
-	echo "Usage: $0 <redirector address>" >&2
-	exit 1
+AP_PRIVATE_KEY_FILE="/usr/opensync/certs/client_dec.key"
+AP_CERTIFICATE_FILE="/usr/opensync/certs/client.pem"
+AP_DEVICE_ID_FILE="/usr/opensync/certs/client_deviceid.txt"
+DIGICERT_API_URI="clientauth.one.digicert.com"
+
+if [ "$1" = "-h" ]; then
+  echo "Usage: $0 [redirector address]" >&2
+  exit 1
 fi

-redirector_addr=$1
+# Query DigiCert's API if redirector wasn't specified
+if [ -z "$1" ]; then
+  if [ ! -f "$AP_DEVICE_ID_FILE" ]; then
+      echo "Device ID file $AP_DEVICE_ID_FILE does not exist. Make sure to create it or specify the redirector address manually."
+      exit 1
+  fi

+  digicert_device_id=`cat ${AP_DEVICE_ID_FILE}`
+  device_data=`curl -s \
+    --retry 5 \
+    --show-error \
+    --key "${AP_PRIVATE_KEY_FILE}" \
+    --cert "${AP_CERTIFICATE_FILE}" \
+    "https://${DIGICERT_API_URI}/iot/api/v2/device/${digicert_device_id}"`
+
+  controller_url=`echo ${device_data} | jsonfilter -e '@.fields[@.name="Redirector"].value'`
+  if [ -z "$controller_url" ]; then
+    echo "No redirector found for this device"
+    exit 1
+  fi
+  controller_port=`echo ${controller_url} | cut -s -d ":" -f2)`
+  if [ -z "$controller_port" ]; then
+    redirector_addr="ssl:${controller_url}:6643"
+  else
+    redirector_addr="ssl:${controller_url}"
+  fi
+else
+  redirector_addr=$1
+fi
+
+echo "${redirector_addr}" > /usr/opensync/certs/redirector.txt
 uci set system.tip.redirector="${redirector_addr}"
+uci set system.tip.deployed=0
 uci commit system
 /etc/init.d/opensync restart
--- a/feeds/wlan-ap/opensync/patches/35-add-proxy-arp-schema.patch
+++ b/feeds/wlan-ap/opensync/patches/35-add-proxy-arp-schema.patch
@@ -1,13 +0,0 @@
-Index: opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
-===================================================================
--- opensync-2.0.5.0.orig/src/lib/schema/inc/schema_consts.h
-+++ opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
-@@ -155,6 +155,8 @@ typedef enum {
- #define SCHEMA_CONSTS_IEEE80211k	"ieee80211k"
- #define SCHEMA_CONSTS_DYNAMIC_VLAN	"dynamic_vlan"
- #define SCHEMA_CONSTS_RADPROXY	"radproxy"
-+#define SCHEMA_CONSTS_PROXY_ARP		"proxy_arp"
-+#define SCHEMA_CONSTS_MCAST_TO_UCAST	"mcast_to_ucast"
- 
- /* radio Custom options */
- #define SCHEMA_CONSTS_LOCAL_PWR_CONSTRAINT "local_pwr_constraint"
--- a/feeds/wlan-ap/opensync/patches/36-add-channel-hop-config.patch
+++ b/feeds/wlan-ap/opensync/patches/36-add-channel-hop-config.patch
@@ -1,66 +0,0 @@
-Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
-===================================================================
--- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
-+++ opensync-2.0.5.0/interfaces/opensync.ovsschema
-@@ -8982,6 +8982,61 @@
-                     "min": 0,
-                     "max": 1
-                 }
-+            },
-+            "noise_floor_thresh": {
-+                "type": {
-+                    "key": {
-+                        "type": "integer",
-+                        "minInteger": -90,
-+                        "maxInteger": -10
-+                    },
-+                    "min": 0,
-+                    "max": 1
-+                }
-+            },
-+            "noise_floor_time": {
-+                "type": {
-+                    "key": {
-+                        "type": "integer",
-+                        "minInteger": 60,
-+                        "maxInteger": 600
-+                    },
-+                    "min": 0,
-+                    "max": 1
-+                }
-+            },
-+            "non_wifi_thresh": {
-+                "type": {
-+                    "key": {
-+                        "type": "integer",
-+                        "minInteger": 0,
-+                        "maxInteger": 100
-+                    },
-+                    "min": 0,
-+                    "max": 1
-+                }
-+            },
-+            "non_wifi_time": {
-+                "type": {
-+                    "key": {
-+                        "type": "integer",
-+                        "minInteger": 60,
-+                        "maxInteger": 600
-+                    },
-+                    "min": 0,
-+                    "max": 1
-+                }
-+            },
-+            "obss_hop_mode": {
-+                "type": {
-+                    "key": {
-+                        "type": "integer",
-+                        "minInteger": 1,
-+                        "maxInteger": 2
-+                    },
-+                    "min": 0,
-+                    "max": 1
-+                }
-             }
-         },
-         "isRoot": true
--- a/feeds/wlan-ap/opensync/src/platform/openwrt/rootfs/common/etc/init.d/opensync
+++ b/feeds/wlan-ap/opensync/src/platform/openwrt/rootfs/common/etc/init.d/opensync
@@ -37,6 +37,20 @@ start_service() {
    echo "Setting certificates"
    mkdir -p ${CERTS_DEST_PATH}
    cp ${CERTS_SRC_PATH}/* ${CERTS_DEST_PATH}/
+    echo "Checking Redirector"
+    redirector=$(uci get system.tip.redirector)
+    if [ -z "$redirector" ]; then
+        [[ -f /usr/opensync/certs/redirector.txt ]] && redirector=$(cat /usr/opensync/certs/redirector.txt | tr -d '\r\n')
+        if [ -z "$redirector" ]; then
+            logger -t opensync "Contacting DigiCert for redirector address"
+            wlan_ap_redirector.sh
+        else
+            logger -t opensync "Restoring redirector ${redirector} after factory reset"
+            wlan_ap_redirector.sh ${redirector}
+        fi
+    fi
+    [[ -f /usr/opensync/certs/redirector.txt ]] || echo "${redirector}" > /usr/opensync/certs/redirector.txt
+ 
    echo "Starting OpenSync"
    procd_set_param command ${PROG}
    procd_close_instance
--- a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/sysupgrade.c
+++ b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/sysupgrade.c
@@ -291,7 +291,7 @@ static void cb_osp_start_factory_reboot(EV_P_ ev_timer *w, int events)
 	if (!strcmp(upg_url, "reboot"))
 		system("reboot");
 	else
-		system("jffs2reset -y -r");
+		system("wlan_ap_factory_reset.sh");

 	upg_running = false;

--- a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c
+++ b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c
@@ -94,7 +94,6 @@ enum {
 	WIF_ATTR_VENUE_URL,
 	WIF_ATTR_NETWORK_AUTH_TYPE,
 	WIF_ATTR_IPADDR_TYPE_AVAILABILITY,
-	WIF_ATTR_CONNECTION_CAPABILITY,
 	WIF_ATTR_DOMAIN_NAME,
 	WIF_ATTR_MCC_MNC,
 	WIF_ATTR_NAI_REALM,
@@ -133,8 +132,6 @@ enum {
 	WIF_ATTR_11R_R0KH,
 	WIF_ATTR_11R_R1KH,
 	WIF_ATTR_RADPROXY,
-	WIF_ATTR_PROXY_ARP,
-	WIF_ATTR_MCAST_TO_UCAST,
 	__WIF_ATTR_MAX,
 };

@@ -190,8 +187,7 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
 	[WIF_ATTR_VENUE_TYPE] = { .name = "venue_type", BLOBMSG_TYPE_INT32 },
 	[WIF_ATTR_VENUE_URL] = { .name = "venue_url", BLOBMSG_TYPE_ARRAY },
 	[WIF_ATTR_NETWORK_AUTH_TYPE] = { .name = "network_auth_type", BLOBMSG_TYPE_STRING },
-	[WIF_ATTR_IPADDR_TYPE_AVAILABILITY] = { .name = "ipaddr_type_availability", BLOBMSG_TYPE_STRING },
-	[WIF_ATTR_CONNECTION_CAPABILITY] = { .name = "hs20_conn_capab", BLOBMSG_TYPE_ARRAY },
+	[WIF_ATTR_IPADDR_TYPE_AVAILABILITY] = { .name = "ipaddr_type_availability", BLOBMSG_TYPE_INT32 },
 	[WIF_ATTR_DOMAIN_NAME] = { .name = "domain_name", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_MCC_MNC] = { .name = "anqp_3gpp_cell_net", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_NAI_REALM] = { .name = "nai_realm", BLOBMSG_TYPE_ARRAY },
@@ -230,8 +226,6 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
 	[WIF_ATTR_11R_R0KH] = { .name = "r0kh", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_11R_R1KH] = { .name = "r1kh", BLOBMSG_TYPE_STRING },
 	[WIF_ATTR_RADPROXY] = { .name = "radproxy", BLOBMSG_TYPE_STRING },
-	[WIF_ATTR_PROXY_ARP] = { .name = "proxy_arp", BLOBMSG_TYPE_BOOL },
-	[WIF_ATTR_MCAST_TO_UCAST] = { .name = "multicast_to_unicast", BLOBMSG_TYPE_BOOL },
 };

 const struct uci_blob_param_list wifi_iface_param = {
@@ -319,7 +313,7 @@ static struct vif_crypto {
 	{ "wpa-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 	{ "sae", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_WPA3, 0 },
 	{ "sae-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_MIXED, 0 },
-	{ "wpa3-only", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
+	{ "wpa3", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
 	{ "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 };

@@ -329,7 +323,7 @@ extern unsigned int radproxy_apc;

 /* Custom options table */
 #define SCHEMA_CUSTOM_OPT_SZ            20
-#define SCHEMA_CUSTOM_OPTS_MAX          15
+#define SCHEMA_CUSTOM_OPTS_MAX          13

 const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
 {
@@ -346,8 +340,6 @@ const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
 	SCHEMA_CONSTS_RADIUS_NAS_IP,
 	SCHEMA_CONSTS_DYNAMIC_VLAN,
 	SCHEMA_CONSTS_RADPROXY,
-	SCHEMA_CONSTS_PROXY_ARP,
-	SCHEMA_CONSTS_MCAST_TO_UCAST,
 };

 static bool vif_config_custom_opt_get_proxy(
@@ -662,19 +654,8 @@ static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
 				strncpy(value, "br-wan.", 20);
 				blobmsg_add_string(del, "vlan_bridge", value);
 			}
-		} else if (strcmp(opt, "radproxy") == 0) {
+		} else if (strcmp(opt, "radproxy") == 0)
 			blobmsg_add_string(b, "radproxy", value);
-		} else if (strcmp(opt, "proxy_arp") == 0) {
-			if (strcmp(value, "1") == 0)
-				blobmsg_add_bool(b, "proxy_arp", 1);
-			else if (strcmp(value, "0") == 0)
-				blobmsg_add_bool(del, "proxy_arp", 1);
-		} else if (strcmp(opt, "mcast_to_ucast") == 0) {
-			if (strcmp(value, "1") == 0)
-				blobmsg_add_bool(b, "multicast_to_unicast", 1);
-			else if (strcmp(value, "0") == 0)
-				blobmsg_add_bool(del, "multicast_to_unicast", 1);
-		}
 	}

 	/* No NASID was found from blob, so use BSSID as NASID */
@@ -824,33 +805,8 @@ static void vif_state_custom_options_get(struct schema_Wifi_VIF_State *vstate,
 							custom_options_table[i],
 							buf);
 			}
-
-
-		} else if (strcmp(opt, "proxy_arp") == 0) {
-			if (tb[WIF_ATTR_PROXY_ARP]) {
-				if (blobmsg_get_bool(tb[WIF_ATTR_PROXY_ARP])) {
-					set_custom_option_state(vstate, &index,
-								custom_options_table[i],
-								"1");
-				} else {
-					set_custom_option_state(vstate, &index,
-								custom_options_table[i],
-								"0");
-				}
-			}
-		} else if (strcmp(opt, "mcast_to_ucast") == 0) {
-			if (tb[WIF_ATTR_MCAST_TO_UCAST]) {
-				if (blobmsg_get_bool(tb[WIF_ATTR_MCAST_TO_UCAST])) {
-					set_custom_option_state(vstate, &index,
-								custom_options_table[i],
-								"1");
-				} else {
-					set_custom_option_state(vstate, &index,
-								custom_options_table[i],
-								"0");
-				}
-			}
 		}
+
 	}
 }

@@ -1164,7 +1120,6 @@ static void hs20_vif_config(struct blob_buf *b,
 	int i = 0;
 	unsigned int len = 0;
 	char domain_name[256];
-	char str[3] = {};

 	if (hs2conf->enable) {
 		blobmsg_add_bool(b, "interworking", 1);
@@ -1277,20 +1232,6 @@ static void hs20_vif_config(struct blob_buf *b,
 	if (strlen(hs2conf->wan_metrics))
 		blobmsg_add_string(b, "hs20_wan_metrics", hs2conf->wan_metrics);

-	len = strlen(hs2conf->ipaddr_type_availability);
-	if (len)
-	{
-		if (len == 1)
-		{
-			snprintf(str, sizeof(str), "0%s", hs2conf->ipaddr_type_availability);
-			blobmsg_add_string(b, "ipaddr_type_availability", str);
-		}
-		else
-		{
-			blobmsg_add_string(b, "ipaddr_type_availability", hs2conf->ipaddr_type_availability);
-		}
-	}
-
 	n = blobmsg_open_array(b, "hs20_oper_friendly_name");
 	for (i = 0; i < hs2conf->operator_friendly_name_len; i++)
 	{
@@ -1307,13 +1248,6 @@ static void hs20_vif_config(struct blob_buf *b,
 		blobmsg_add_u32(b, "venue_type", venue_type);
 	}

-	n = blobmsg_open_array(b, "hs20_conn_capab");
-	for (i = 0; i < hs2conf->connection_capability_len; i++)
-	{
-		blobmsg_add_string(b, NULL, hs2conf->connection_capability[i]);
-	}
-	blobmsg_close_array(b, n);
-
 	if (hs2conf->operator_icons_len)
 	{
 		n = blobmsg_open_array(b, "operator_icon");
--- a/feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-data
+++ b/feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-data
@@ -3,9 +3,9 @@
 . /lib/functions.sh

 SKU="unknown"
-MODEL=""
+MODEL="unknown"
 PLATFORM="unknown"
-SERIAL=""
+SERIAL="unknown"
 MODEL_REV="unknown"
 MODEL_DESCR="unknown"
 MANUF_NAME="unknown"
@@ -19,12 +19,9 @@ ID=""
 case "$(board_name)" in
 edgecore,ecw5211|\
 edgecore,ecw5410)
+	MODEL=$(cat /tmp/sysinfo/board_name | sed "s/edgecore,//" | tr [a-z] [A-Z])
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd5 | grep serial_number | cut -d "=" -f2)
-	MODEL=$(cat /dev/mtd5 | grep "model=" | cut -d "=" -f2)
-	if [ ! $MODEL ]; then
-		MODEL=$(cat /tmp/sysinfo/board_name | sed "s/edgecore,//" | tr [a-z] [A-Z])
-	fi
 	SKU=$(cat /dev/mtd5 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd5 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd5 | grep mac_address | cut -d "=" -f2)
@@ -40,12 +37,12 @@ edgecore,ecw5410)
 	REF_DESIGN=$(cat /dev/mtd5 | grep reference_design | cut -d "=" -f2)
 	;;
 cig,wf194c)
+	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd14 | grep serial_number | cut -d "=" -f2)
 	if [ ! $SERIAL ]; then
 		SERIAL=$(cat /dev/mtd14 | grep BaseMacAddress | cut -dx -f2)
 	fi
-	MODEL=$(cat /dev/mtd14 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd14 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd14 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd14 | grep mac_address | cut -d "=" -f2)
@@ -61,9 +58,9 @@ cig,wf194c)
 	REF_DESIGN=$(cat /dev/mtd14 | grep reference_design | cut -d "=" -f2)
 	;;
 cig,wf188n)
+	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd12 | grep serial_number | cut -d "=" -f2)
-	MODEL=$(cat /dev/mtd12 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd12 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd12 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd12 | grep mac_address | cut -d "=" -f2)
@@ -100,9 +97,9 @@ linksys,ea8300)
 	MANUF_DATE="$DAY-$MONTH-$YEAR"
 	;;
 tp-link,ec420-g1)
+	MODEL=$(cat /tmp/sysinfo/board_name)
 	PLATFORM=$(cat /tmp/sysinfo/model)
 	SERIAL=$(cat /dev/mtd9 | grep serial_number | cut -d "=" -f2)
-	MODEL=$(cat /dev/mtd9 | grep "model=" | cut -d "=" -f2)
 	SKU=$(cat /dev/mtd9 | grep sku | cut -d "=" -f2)
 	CERT_REGION=$(cat /dev/mtd9 | grep certification_region | cut -d "=" -f2)
 	ID=$(cat /dev/mtd9 | grep mac_address | cut -d "=" -f2)
@@ -136,22 +133,11 @@ if [ ! $ID ]; then
 	ID=$(cat /sys/class/net/eth0/address)
 fi

-# fallback check to get the model if flash does not contain this info.
-if [ ! $MODEL ]; then
-	MODEL=$(cat /tmp/sysinfo/board_name)
-fi
-
-# Read the active firmware version info
-FIRMWARE=$(cat /usr/opensync/.versions | grep FW_IMAGE_ACTIVE | grep -o '[^-]*$')
-if [ ! $FIRMWARE ]; then
-	FIRMWARE=$(cat /usr/opensync/.versions | grep FW_VERSION | cut -d ":" -f2)
-fi
-
 uci set system.tip=tip
 uci set system.tip.serial="${SERIAL}"
 uci set system.tip.model="${MODEL}"
 uci set system.tip.platform="${PLATFORM}"
-uci set system.tip.firmware="${FIRMWARE}"
+uci set system.tip.firmware='0.1.0'
 uci set system.tip.sku_number="${SKU}"
 uci set system.tip.revision="${MODEL_REV}"
 uci set system.tip.model_description="${MODEL_DESCR}"
--- a/patches/0036-Preserve-certs-and-redirector-over-factory-reboot.patch
+++ b/patches/0036-Preserve-certs-and-redirector-over-factory-reboot.patch
@@ -0,0 +1,81 @@
+From 1f9978564420818d4ce4bdbb08fce2eca7c13d8e Mon Sep 17 00:00:00 2001
+From: Rick Sommerville <rick.sommerville@netexperience.com>
+Date: Sun, 23 May 2021 14:36:03 -0400
+Subject: [PATCH] Preserve certificates and redirector over factory-reset
+
+---
+ package/base-files/files/etc/rc.button/reset  |  2 +-
+ .../patches/001-jffs2reset-keep-option        | 48 +++++++++++++++++++
+ 2 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 package/system/fstools/patches/001-jffs2reset-keep-option
+
+diff --git a/package/base-files/files/etc/rc.button/reset b/package/base-files/files/etc/rc.button/reset
+index 2403122ad2..56c0548ec9 100755
+--- a/package/base-files/files/etc/rc.button/reset
+++ b/package/base-files/files/etc/rc.button/reset
+@@ -23,7 +23,7 @@ released)
+ 	elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
+ 	then
+ 		echo "FACTORY RESET" > /dev/console
+-		jffs2reset -y && reboot &
+		wlan_ap_factory_reset.sh
+ 	fi
+ ;;
+ esac
+diff --git a/package/system/fstools/patches/001-jffs2reset-keep-option b/package/system/fstools/patches/001-jffs2reset-keep-option
+new file mode 100644
+index 0000000000..50209ea276
+--- /dev/null
+++ b/package/system/fstools/patches/001-jffs2reset-keep-option
+@@ -0,0 +1,48 @@
+--- a/jffs2reset.c
++++ b/jffs2reset.c
+@@ -40,7 +40,7 @@ ask_user(void)
+ 	return 0;
+ }
+ 
+-static int jffs2_reset(struct volume *v, int reset)
++static int jffs2_reset(struct volume *v, int reset, int keep)
+ {
+ 	char *mp;
+ 
+@@ -48,7 +48,7 @@ static int jffs2_reset(struct volume *v,
+ 	if (mp) {
+ 		ULOG_INFO("%s is mounted as %s, only erasing files\n", v->blk, mp);
+ 		fs_state_set("/overlay", FS_STATE_PENDING);
+-		overlay_delete(mp, false);
++		overlay_delete(mp, keep);
+ 		mount(mp, "/", NULL, MS_REMOUNT, 0);
+ 	} else {
+ 		ULOG_INFO("%s is not mounted\n", v->blk);
+@@ -93,8 +93,8 @@ static int jffs2_mark(struct volume *v)
+ int main(int argc, char **argv)
+ {
+ 	struct volume *v;
+-	int ch, yes = 0, reset = 0;
+-	while ((ch = getopt(argc, argv, "yr")) != -1) {
++	int ch, yes = 0, reset = 0, keep = 0;
++	while ((ch = getopt(argc, argv, "yrk")) != -1) {
+ 		switch(ch) {
+ 		case 'y':
+ 			yes = 1;
+@@ -102,6 +102,9 @@ int main(int argc, char **argv)
+ 		case 'r':
+ 			reset = 1;
+ 			break;
++                case 'k':
++                        keep = 1;
++                        break;
+ 		}
+ 
+ 	}
+@@ -128,5 +131,5 @@ int main(int argc, char **argv)
+ 	volume_init(v);
+ 	if (!strcmp(*argv, "jffs2mark"))
+ 		return jffs2_mark(v);
+-	return jffs2_reset(v, reset);
++	return jffs2_reset(v, reset, keep);
+ }
+-- 
+2.17.1
+
--- a/patches/0052-netifd-Add-WPA3-Enterprise-modes.patch
+++ b/patches/0052-netifd-Add-WPA3-Enterprise-modes.patch
@@ -1,39 +0,0 @@
-From dc2e1e24e5a69face7d154fea6d3ecbee6c90e45 Mon Sep 17 00:00:00 2001
-From: Arif Alam <arif.alam@netexperience.com>
-Date: Wed, 28 Apr 2021 19:29:23 -0400
-Subject: [PATCH] netifd: Add WPA3 Enterprise modes
-
-Add configuration options for:
- WPA3 Enterprise Only mode
- WPA3 Enterprise Transition mode
-
-Signed-off-by: Arif Alam <arif.alam@netexperience.com>
---
- .../patches/0105-add-wpa3-enterprise-modes.patch  | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
- create mode 100644 package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
-
-diff --git a/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
-new file mode 100644
-index 0000000000..9018365807
--- /dev/null
-+++ b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
-@@ -0,0 +1,15 @@
-+--- a/scripts/netifd-wireless.sh
-++++ b/scripts/netifd-wireless.sh
-+@@ -244,8 +244,11 @@ wireless_vif_parse_encryption() {
-+ 		owe*)
-+ 			auth_type=owe
-+ 		;;
-++		wpa3-only*)
-++			auth_type=eap-only
-++		;;
-+ 		wpa3-mixed*)
-+-			auth_type=eap-eap192
-++			auth_type=eap-transition
-+ 		;;
-+ 		wpa3*)
-+ 			auth_type=eap192
-- 
-2.25.1
-
Author	SHA1	Message	Date
Rick Sommerville	f273ec572e	WIFI-2427 Preserve certs/redirector over factory-reset (minor fix) Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>	2021-05-25 12:39:44 -04:00
Rick Sommerville	5fd49f6b64	WIFI-2427 Preserve certs and redirector over factory-reset Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>	2021-05-25 11:35:43 -04:00
Rick Sommerville	f3fc398eac	WIFI-2416 Automatically get redirector from DigiCert Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>	2021-05-22 22:20:15 -04:00
Rick Sommerville	7aea689d9a	WIFI-2381: Query DigiCert's API for Redirector's address Signed-off-by: Max Brenner <xamrennerb@gmail.com> Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>	2021-05-19 16:52:35 -04:00
Chaitanya Godavarthi	7a634d80ed	APC: Fix memory leaks Fixed memory leaks in apc and interapcomm modules. Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>	2021-04-30 12:32:38 -04:00