opensync: make sure that the intermediate CA bundle is always installed

Signed-off-by: John Crispin <john@phrozen.org>

feeds/wifi-ax/hostapd/patches/f00-013-hapd-del_sta_before_add_if_sta_already_exist.patch

@@ -0,0 +1,28 @@
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ieee802_11.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+@@ -3675,6 +3675,13 @@ static int add_associated_sta(struct hos
+ 	 * drivers to accept the STA parameter configuration. Since this is
+ 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
+ 	 * reinstallation is not a concern for this case.
++	 *
++	 * If the STA was associated and authorized earlier, but came for a new
++	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
++	 * so that it can be re-added. This case is rarely seen when the AP could
++	 * not receive the deauth/disassoc frame from the STA. And the STA comes
++	 * back with new connection within a short period or before the inactive
++	 * STA entry is removed from the list.
+ 	 */
+ 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -3688,7 +3695,8 @@ static int add_associated_sta(struct hos
+ 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+-	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
+ 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ 		set = 0;

feeds/wifi-trunk/hostapd/patches/903-hapd-del_sta_before_add_if_sta_already_exist.patch

@@ -0,0 +1,28 @@
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ieee802_11.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+@@ -3675,6 +3675,13 @@ static int add_associated_sta(struct hos
+ 	 * drivers to accept the STA parameter configuration. Since this is
+ 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
+ 	 * reinstallation is not a concern for this case.
++	 *
++	 * If the STA was associated and authorized earlier, but came for a new
++	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
++	 * so that it can be re-added. This case is rarely seen when the AP could
++	 * not receive the deauth/disassoc frame from the STA. And the STA comes
++	 * back with new connection within a short period or before the inactive
++	 * STA entry is removed from the list.
+ 	 */
+ 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -3688,7 +3695,8 @@ static int add_associated_sta(struct hos
+ 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+-	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
+ 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ 		set = 0;

feeds/wlan-ap/apc/src/src/iface.c

@@ -168,7 +168,7 @@ void apc_iface_new( void )
 	ifa->priority = 0x11;
 	ifa->drip = MyIpAddr;
 	ifa->helloint = 4;
-	ifa->deadint = 16;
+	ifa->deadint = 12;
 	ifa->waitint = 16;
 	
 	ifa->type = APC_IT_BCAST;

feeds/wlan-ap/apc/src/src/neighbor.c

@@ -491,7 +491,8 @@ static void inactivity_timer_hook(struct _timer * tmr)
 		apc_ifa->drip = MyIpAddr;
 		apc_ifa->bdrip = 0;
 		memset(&ApcSpec, 0, sizeof(struct apc_spec));
-		WaitingToReelect = 12;
+		WaitingToReelect = 3;
+
 		return;
 	}
 	printf("Inactivity timer expired for nbr %x on %s", n->rid, 

feeds/wlan-ap/apc/src/src/ubus.c

@@ -14,10 +14,16 @@
 struct ubus_context *ubus_ctx = NULL;
 static struct blob_buf b;
 static struct blob_buf nb;
-static const char *ubus_path;
 timer *notify_timer;
 extern struct apc_iface * apc_ifa;
+/* Mandatorily Notify APC_State period */
 #define APC_NOTIFY_INTERVAL 10
+/* Check if any change in APC State and notify period */
+#define APC_NOTIFY_CHECK 1
+static ip_addr old_drip;
+static ip_addr old_bdrip;
+static u8 old_state;
+static unsigned int ucount = 0;
 
 struct apc_state {
 	char mode[4];
@@ -95,26 +101,44 @@ apc_info_handle(struct ubus_context *ctx, struct ubus_object *obj,
 }
 
 static char apc_mode[APC_MAX_MODE][8] = {"DOWN", "LOOP", "WT", "PTP", "OR", "BDR", "DR"};
-void apc_update_state()
+int apc_update_state(void)
 {
 	struct in_addr dr_addr;
 	struct in_addr bdr_addr;
-	dr_addr.s_addr = htonl(apc_ifa->drip);
-	bdr_addr.s_addr = htonl(apc_ifa->bdrip);
+	ip_addr cur_drip;
+	ip_addr cur_bdrip;
+	u8 cur_state;
+
+	cur_drip = apc_ifa->drip;
+	cur_bdrip = apc_ifa->bdrip;
+	cur_state = apc_ifa->state;
+	ucount++;
+
+	if (cur_drip == old_drip &&
+	    cur_bdrip == old_bdrip &&
+	    cur_state == old_state && ucount < APC_NOTIFY_INTERVAL) {
+		return -1;
+	}
+
+	printf("APC State update %u", ucount);
+	ucount = 0;
+
+	dr_addr.s_addr = htonl(cur_drip);
+	bdr_addr.s_addr = htonl(cur_bdrip);
 
 	state.enabled = true;
-	if ((apc_ifa->state == APC_IS_DR) ||
-	    (apc_ifa->state == APC_IS_BACKUP) ||
-	    (apc_ifa->state == APC_IS_DROTHER)) {
+	if ((cur_state == APC_IS_DR) ||
+	    (cur_state == APC_IS_BACKUP) ||
+	    (cur_state == APC_IS_DROTHER)) {
 		snprintf(state.mode, sizeof(state.mode), "%s",
-			 &apc_mode[apc_ifa->state][0]);
+			 &apc_mode[cur_state][0]);
 		snprintf(state.dr_addr, sizeof(state.dr_addr),
 			 "%s", inet_ntoa(dr_addr));
 		snprintf(state.bdr_addr, sizeof(state.bdr_addr),
 			 "%s", inet_ntoa(bdr_addr));
 	} else if (apc_ifa->state == APC_IS_WAITING) {
 		snprintf(state.mode, sizeof(state.mode), "%s",
-			 &apc_mode[apc_ifa->state][0]);
+			 &apc_mode[cur_state][0]);
 		snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
 		snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
 	} else {
@@ -122,11 +146,21 @@ void apc_update_state()
 		snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
 		snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
 	}
+
+	old_drip = cur_drip;
+	old_bdrip = cur_bdrip;
+	old_state = cur_state;
+
+	return 0;
 }
 
 void apc_send_notification(struct _timer * tmr)
 {
-	apc_update_state();
+	int ustate = 0;
+
+	ustate = apc_update_state();
+	if(ustate != 0)
+		return;
 
 	printf("APC send ubus notification\n");
 	blob_buf_init(&nb, 0);
@@ -159,10 +193,10 @@ ubus_init(void) {
 #endif
 	add_object(&apc_object);
 	notify_timer = tm_new_set(apc_send_notification, NULL,
-				  0, APC_NOTIFY_INTERVAL);
+				  0, APC_NOTIFY_CHECK);
 	if (notify_timer) {
-		printf("APC Start notify timer\n");
-		tm_start(notify_timer, APC_NOTIFY_INTERVAL);
+		printf("APC Start state check and notify timer\n");
+		tm_start(notify_timer, APC_NOTIFY_CHECK);
 	}
 
 	ubus_ctx->connection_lost = ubus_connection_lost;

feeds/wlan-ap/opensync/files/bin/check_wan_link.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if="$(uci get network.wan.ifname)"
+[ "$(cat /sys/class/net/"${if}"/carrier)" = 0 ] && {
+	return 0
+}
+return 1

feeds/wlan-ap/opensync/files/bin/wlan_ap_factory_reset.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+tar czf /sysupgrade.tgz /usr/opensync/certs/
+jffs2reset -r -y -k

feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh

@@ -1,12 +1,49 @@
 #!/bin/sh
 
-if [ $# -ne 1 ] ; then
-	echo "Usage: $0 <redirector address>" >&2
-	exit 1
+AP_PRIVATE_KEY_FILE="/usr/opensync/certs/client_dec.key"
+AP_CERTIFICATE_FILE="/usr/opensync/certs/client.pem"
+AP_DEVICE_ID_FILE="/usr/opensync/certs/client_deviceid.txt"
+DIGICERT_API_URI="clientauth.one.digicert.com"
+
+if [ "$1" = "-h" ]; then
+  echo "Usage: $0 [redirector address]" >&2
+  exit 1
 fi
 
-redirector_addr=$1
+# Query DigiCert's API if redirector wasn't specified
+if [ -z "$1" ]; then
+  if [ ! -f "$AP_DEVICE_ID_FILE" ]; then
+      echo "Device ID file $AP_DEVICE_ID_FILE does not exist. Make sure to create it or specify the redirector address manually."
+      exit 1
+  fi
 
+  digicert_device_id=`cat ${AP_DEVICE_ID_FILE}`
+  device_data=`curl -s \
+    --retry 5 \
+    --show-error \
+    --key "${AP_PRIVATE_KEY_FILE}" \
+    --cert "${AP_CERTIFICATE_FILE}" \
+    "https://${DIGICERT_API_URI}/iot/api/v2/device/${digicert_device_id}"`
+
+  controller_url=`echo ${device_data} | jsonfilter -e '@.fields[@.name="Redirector"].value'`
+  if [ -z "$controller_url" ]; then
+    echo "No redirector found for this device"
+    exit 1
+  fi
+  controller_port=`echo ${controller_url} | cut -s -d ":" -f2)`
+  if [ -z "$controller_port" ]; then
+    redirector_addr="ssl:${controller_url}:6643"
+  else
+    redirector_addr="ssl:${controller_url}"
+  fi
+else
+  redirector_addr=$1
+fi
+
+echo "${redirector_addr}" > /usr/opensync/certs/redirector.txt
+/etc/init.d/uhttpd enable
+/etc/init.d/uhttpd start
 uci set system.tip.redirector="${redirector_addr}"
+uci set system.tip.deployed=0
 uci commit system
 /etc/init.d/opensync restart

feeds/wlan-ap/opensync/files/etc/logrotate.d/ovsdb.conf

@@ -0,0 +1,10 @@
+/tmp/log/openvswitch/* {
+    daily
+    rotate 5
+    size 1M
+    compress
+    delaycompress
+    dateext
+    dateformat -%d%m%Y
+    notifempty
+}

feeds/wlan-ap/opensync/files/usr/opensync/certs/ca.pem

@@ -0,0 +1,75 @@
+-----BEGIN CERTIFICATE-----
+MIIEcTCCA1mgAwIBAgIUJFhIMlIJHJ7hW4gEzZuLBUaWjNcwDQYJKoZIhvcNAQEL
+BQAwbDELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSkwJwYDVQQDEyBUZWxlY29tIEluZnJhIFBy
+b2plY3QgSXNzdWluZyBDQTAeFw0yMTA0MjUyMDMzNTRaFw0yNjA0MTMyMjM4NDZa
+MCMxITAfBgNVBAMTGGNhY2VydHMub25lLmRpZ2ljZXJ0LmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJwKRHdkdEQkp32bNi9TdgN4FNRG0nRppguQ
+mdCysJHA6/SuyAXNwKSbENysjFrcBkfYTlALjvIMqSu4d26ix6Mv4HnVxLjDzapV
+TZhOhfxIbRQa3HNieNup2vMi8jJvgwLcK/4CwhBJsbEMkB5lbyL8UnCBxzW9GGbM
+IvurvDFkUDUpUmiFg47nTpjub79KME6NqK38DxKzlUHvJge1TKFM73kZ3YkfWExQ
+yRQPRiU5KxMi/Wkr30FOf/rMTx4XNacOgyTJvzcStGwrlr0iGr8eLC1/XVXoOQz3
+0lyOeUzTB+HPU1Z2JrbPW5PnGxcQ0f7v/3qkWV1B2wuvFcQk+D0CAwEAAaOCAVIw
+ggFOMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIj2Mhdk10e46DeI+aEZKSSK8Hj+
+MB8GA1UdIwQYMBaAFLMbVLjgR6s98ziA5Dzl/QBhbdHoMA4GA1UdDwEB/wQEAwIE
+8DAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjCBhgYIKwYBBQUHAQEEejB4MCgGCCsG
+AQUFBzABhhxodHRwOi8vb2NzcC5vbmUuZGlnaWNlcnQuY29tMEwGCCsGAQUFBzAC
+hkBodHRwOi8vY2FjZXJ0cy5vbmUuZGlnaWNlcnQuY29tL1RlbGVjb21JbmZyYVBy
+b2plY3RJc3N1aW5nQ0EuY3J0ME0GA1UdHwRGMEQwQqBAoD6GPGh0dHA6Ly9jcmwu
+b25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQcm9qZWN0SXNzdWluZ0NBLmNy
+bDANBgkqhkiG9w0BAQsFAAOCAQEADlFwshNPkeI2Gl6ooIauZL9d+6k+RWa5RTle
+JWziYL23XVEBT11+dvp4IB9HwVw5dByl3XAfTd1r4qyncwgXQpc6j2X8e45E8izI
+z2S1zhLMe1bA2lOiZz/sdpbonvxIHdiISyQI7q3mWQsvNkpkbjivjxLAJTcGPmOS
+gc/95YL+2xqPV45XAnPcl5qkLThtmb57Xst1sLWiSS2fUId6HMVuCgZa5su+aAl9
+iMXv9YfHcvyfwXBaOtoBlItyMGl60uy0E/Fr5uEhEWi53EIqhty6KQckQBB7wdjQ
+eiXNI5Ox5cf+TFdesuKPaoEn3WNpFL9PCA3S5nGegJlZQ4N9Eg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+5IOM7ItsRmen6u3qu+JXros54e4juQ==
+-----END CERTIFICATE-----

feeds/wlan-ap/opensync/src/platform/openwrt/rootfs/common/etc/init.d/opensync

@@ -37,6 +37,20 @@ start_service() {
     echo "Setting certificates"
     mkdir -p ${CERTS_DEST_PATH}
     cp ${CERTS_SRC_PATH}/* ${CERTS_DEST_PATH}/
+    echo "Checking Redirector"
+    redirector=$(uci get system.tip.redirector)
+    if [ -z "$redirector" ]; then
+        [[ -f /usr/opensync/certs/redirector.txt ]] && redirector=$(cat /usr/opensync/certs/redirector.txt | tr -d '\r\n')
+        if [ -z "$redirector" ]; then
+            logger -t opensync "Contacting DigiCert for redirector address"
+            wlan_ap_redirector.sh
+        else
+            logger -t opensync "Restoring redirector ${redirector} after factory reset"
+            wlan_ap_redirector.sh ${redirector}
+        fi
+    fi
+    [[ -f /usr/opensync/certs/redirector.txt ]] || echo "${redirector}" > /usr/opensync/certs/redirector.txt
+ 
     echo "Starting OpenSync"
     procd_set_param command ${PROG}
     procd_close_instance

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/vif.h

@@ -37,5 +37,6 @@ void vif_hs20_update(struct schema_Hotspot20_Config *hs2conf);
 void vif_hs20_osu_update(struct schema_Hotspot20_OSU_Providers *hs2osuconf);
 void vif_hs20_icon_update(struct schema_Hotspot20_Icon_Config *hs2iconconf);
 void vif_section_del(char *section_name);
+void vif_check_radius_proxy(void);
 
 #endif

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/captive.c

@@ -525,7 +525,6 @@ void opennds_section_del(char *section_name)
 	uci_commit(nds_ctx, &opennds, false);
 	uci_unload(nds_ctx, opennds);
 	uci_free_context(nds_ctx);
-	reload_config = 1;
 }
 
 void vif_captive_portal_set(const struct schema_Wifi_VIF_Config *vconf, char *ifname)

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio.c

@@ -31,10 +31,12 @@
 ovsdb_table_t table_Hotspot20_Config;
 ovsdb_table_t table_Hotspot20_OSU_Providers;
 ovsdb_table_t table_Hotspot20_Icon_Config;
+ovsdb_table_t table_Radius_Proxy_Config;
 
 ovsdb_table_t table_APC_Config;
 ovsdb_table_t table_APC_State;
 unsigned int radproxy_apc = 0;
+extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
 
 static struct uci_package *wireless;
 struct uci_context *uci;
@@ -77,7 +79,7 @@ static const struct blobmsg_policy wifi_device_policy[__WDEV_ATTR_MAX] = {
 	[WDEV_ATTR_RX_ANTENNA] = { .name = "rxantenna", .type = BLOBMSG_TYPE_INT32 },
 	[WDEV_ATTR_FREQ_BAND] = { .name = "freq_band", .type = BLOBMSG_TYPE_STRING },
 	[WDEV_AATR_CHANNELS] = {.name = "channels", .type = BLOBMSG_TYPE_ARRAY},
-        [WDEV_ATTR_DISABLE_B_RATES] = { .name = "legacy_rates", .type = BLOBMSG_TYPE_BOOL },
+	[WDEV_ATTR_DISABLE_B_RATES] = { .name = "legacy_rates", .type = BLOBMSG_TYPE_BOOL },
 	[WDEV_ATTR_MAXASSOC_CLIENTS] = { .name = "maxassoc", .type = BLOBMSG_TYPE_INT32 },
 	[WDEV_ATTR_LOCAL_PWR_CONSTRAINT] = { .name = "local_pwr_constraint", .type = BLOBMSG_TYPE_INT32 },
 };
@@ -462,7 +464,7 @@ static void periodic_task(void *arg)
 	}
 
 	if (reload_config) {
-		LOGT("periodic: reload config");
+		LOGD("periodic: reload_config");
 		reload_config = 0;
 		uci_commit_all(uci);
 		sync();
@@ -742,6 +744,10 @@ static void callback_APC_State(ovsdb_update_monitor_t *mon,
 		radproxy_apc = 0;
 		system("ubus call service event '{\"type\": \"config.change\", \"data\": { \"package\": \"wireless\" }}'");
 	}
+
+	/* APC changed: start / stop radius proxy service if needed */
+	vif_check_radius_proxy();
+
 }
 
 struct schema_APC_State apc_state;
@@ -775,12 +781,12 @@ void apc_state_set(struct blob_attr *msg)
 			       blobmsg_get_string(tb[APC_ATTR_MODE]));
 	}
 	if (tb[APC_ATTR_DR_ADDR]) {
-		LOGD("APC br-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
+		LOGD("APC dr-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
 		SCHEMA_SET_STR(apc_state.dr_addr,
 			       blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
 	}
 	if (tb[APC_ATTR_BDR_ADDR]) {
-		LOGD("APC dbr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
+		LOGD("APC bdr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
 		SCHEMA_SET_STR(apc_state.bdr_addr,
 			       blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
 	}
@@ -794,21 +800,120 @@ void apc_state_set(struct blob_attr *msg)
 		}
 	}
 
-	LOGD("APC_state Updating");
+	LOGI("APC_state Updating: mode: %s, dr-addr: %s bdr-addr: %s", 
+	     apc_state.mode, apc_state.dr_addr, apc_state.bdr_addr);
+
 	if (!ovsdb_table_update(&table_APC_State, &apc_state))
 		LOG(ERR, "APC_state: failed to update");
+
 }
 
+static ovsdb_table_t table_Manager;
+static int conn_since = 0;
+#define APC_CLOUD_MON_PERIOD 60
+
+static void apc_enable(bool flag) {
+
+	SCHEMA_SET_INT(apc_conf.enabled, flag);
+	if (!ovsdb_table_update(&table_APC_Config, &apc_conf)) {
+		LOG(ERR, "%s:APC_Config: failed to update", __func__);
+		return;
+	}
+	LOGI("APC %s: %s APC", __func__, flag?"enable":"disable");
+
+}
+
+static void
+apc_cld_mon_cb(struct schema_Manager *mgr)
+{
+	int i = 0;
+	conn_since = 0;
+	struct schema_APC_State apc_state;
+	json_t *where;
+	int ret = 0;
+	int link = 1;
+
+	where = ovsdb_table_where(&table_APC_State, &apc_state);
+	if (false == ovsdb_table_select_one_where(&table_APC_State,
+						  where, &apc_state)) {
+		LOG(ERR, "%s: APC_State read failed", __func__);
+		return;
+	}
+
+
+	/*Checks if wan ethernet port is down and disables apc*/
+	ret = system("/bin/check_wan_link.sh");
+	if (WIFEXITED(ret)) {
+		LOGI("The return value: %d\n", WEXITSTATUS(ret));
+		link = WEXITSTATUS(ret);
+		if (link == 0) {
+			apc_enable(false);
+			return;
+		}
+	}
+
+	/*if cloud conn is false then disable apc*/
+	if (mgr->is_connected == false) {
+			apc_enable(false);
+	}
+	else {
+		for(i=0; i < mgr->status_len; i++) {
+			if(!strncmp(mgr->status_keys[i] , "sec_since_connect",
+					       strlen("sec_since_connect"))) {
+				conn_since = atoi(mgr->status[i]);
+				LOGI("conn_since: %d", conn_since);
+				break;
+			}
+		}
+
+		/*if the APC was stopped earlier, start it if connection good
+		 * for atleast 60 secs*/
+		if (!apc_state.enabled && conn_since > APC_CLOUD_MON_PERIOD) {
+			apc_enable(true);
+		}
+	}
+}
+
+/*Monitor the cloud connection*/
+static void callback_Manager(ovsdb_update_monitor_t *mon,
+			     struct schema_Manager *old,
+			     struct schema_Manager *conf)
+{
+	switch (mon->mon_type)
+	{
+	case OVSDB_UPDATE_NEW:
+	case OVSDB_UPDATE_MODIFY:
+		apc_cld_mon_cb(conf);
+		break;
+
+	case OVSDB_UPDATE_DEL:
+		apc_enable(false);
+		break;
+
+	default:
+		break;
+	}
+	return;
+}
+
+void cloud_disconn_mon(void)
+{
+	OVSDB_TABLE_INIT_NO_KEY(Manager);
+	OVSDB_TABLE_MONITOR(Manager, false);
+}
 
 void apc_init()
 {
 	/* APC Config */
-	OVSDB_TABLE_INIT(APC_Config, _uuid);
+	OVSDB_TABLE_INIT_NO_KEY(APC_Config);
 	OVSDB_TABLE_MONITOR(APC_Config, false);
-	SCHEMA_SET_INT(apc_conf.enabled, true);
+	/* Disable APC by default, enable when cloud connected*/
+	SCHEMA_SET_INT(apc_conf.enabled, false);
 	LOGI("APC state/config Initialize");
-	if (!ovsdb_table_insert(&table_APC_Config, &apc_conf))
+	if (!ovsdb_table_insert(&table_APC_Config, &apc_conf)) {
 		LOG(ERR, "APC_Config: failed to initialize");
+		return;
+	}
 
 	/* APC State */
 	OVSDB_TABLE_INIT_NO_KEY(APC_State);
@@ -817,8 +922,16 @@ void apc_init()
 	SCHEMA_SET_STR(apc_state.dr_addr, "0.0.0.0");
 	SCHEMA_SET_STR(apc_state.bdr_addr, "0.0.0.0");
 	SCHEMA_SET_INT(apc_state.enabled, false);
-	if (!ovsdb_table_insert(&table_APC_State, &apc_state))
+	if (!ovsdb_table_insert(&table_APC_State, &apc_state)) {
 		LOG(ERR, "APC_state: failed to initialize");
+		return;
+	}
+
+	/* Cloud connection monitor - if cloud unreachable
+	 * for certain time, disable APC and enable after the
+	 * cloud connection becomes stable. */
+	cloud_disconn_mon();
+
 }
 
 bool target_radio_init(const struct target_radio_ops *ops)
@@ -849,12 +962,12 @@ bool target_radio_init(const struct target_radio_ops *ops)
 	OVSDB_TABLE_INIT(Radius_Proxy_Config, _uuid);
 	OVSDB_TABLE_MONITOR(Radius_Proxy_Config, false);
 
-	apc_init();
 
 	evsched_task(&periodic_task, NULL, EVSCHED_SEC(5));
 
 	radio_nl80211_init();
 	radio_ubus_init();
+	apc_init();
 
 	clock_gettime(CLOCK_MONOTONIC, &startup_time);
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio_nl80211.c

@@ -50,7 +50,8 @@
 extern struct ev_loop *wifihal_evloop;
 extern ovsdb_table_t table_Wifi_VIF_State;
 extern ovsdb_table_t table_Wifi_Associated_Clients;
-static struct unl unl;
+static struct unl unl_req;
+static struct unl unl_notify;
 static ev_io unl_io;
 
 static int avl_addrcmp(const void *k1, const void *k2, void *ptr)
@@ -471,10 +472,10 @@ int nl80211_channel_get(char *name, unsigned int *chan)
 	if (!idx)
 		return -1;
 
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_INTERFACE, true);
 	nla_put_u32(msg, NL80211_ATTR_IFINDEX, idx);
 
-	unl_genl_request(&unl, msg, nl80211_channel_recv, chan);
+	unl_genl_request(&unl_req, msg, nl80211_channel_recv, chan);
 
 	phy->current_channel = *chan;
 
@@ -562,7 +563,7 @@ static void nl80211_ev(struct ev_loop *ev, struct ev_io *io, int event)
 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, NULL);
 	nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
 	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, nl80211_recv, NULL);
-	nl_recvmsgs(unl.sock, cb);
+	nl_recvmsgs(unl_notify.sock, cb);
 	nl_cb_put(cb);
 }
 
@@ -580,24 +581,33 @@ int radio_nl80211_init(void)
 {
 	struct nl_msg *msg;
 
-	if (unl_genl_init(&unl, "nl80211") < 0) {
+	if (unl_genl_init(&unl_req, "nl80211") < 0) {
 		syslog(0, "nl80211: failed to connect\n");
 		return -1;
 	}
 
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_WIPHY, true);
-	unl_genl_request(&unl, msg, nl80211_recv, NULL);
-	msg = unl_genl_msg(&unl, NL80211_CMD_GET_INTERFACE, true);
-	unl_genl_request(&unl, msg, nl80211_recv, NULL);
+	if (unl_genl_init(&unl_notify, "nl80211") < 0) {
+		syslog(0, "nl80211: failed to connect\n");
+		return -1;
+	}
 
-	unl_genl_subscribe(&unl, "config");
-	unl_genl_subscribe(&unl, "mlme");
-	unl_genl_subscribe(&unl, "vendor");
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_WIPHY, true);
+	unl_genl_request(&unl_req, msg, nl80211_recv, NULL);
+	msg = unl_genl_msg(&unl_req, NL80211_CMD_GET_INTERFACE, true);
+	unl_genl_request(&unl_req, msg, nl80211_recv, NULL);
 
-	if (nl_socket_set_buffer_size(unl.sock, 262144, 0) < 0)
+	unl_genl_subscribe(&unl_notify, "config");
+	unl_genl_subscribe(&unl_notify, "mlme");
+	unl_genl_subscribe(&unl_notify, "vendor");
+
+
+	if (nl_socket_set_buffer_size(unl_notify.sock, 262144, 0) < 0)
 		LOGE("radio_nl80211: Failed to set nl socket buffer size");
 
-	ev_io_init(&unl_io, nl80211_ev, unl.sock->s_fd, EV_READ);
+	if (nl_socket_set_nonblocking(unl_notify.sock))
+		LOGE("radio_nl80211: Failed to set socket in the non blocking mode");
+
+	ev_io_init(&unl_io, nl80211_ev, unl_notify.sock->s_fd, EV_READ);
         ev_io_start(wifihal_evloop, &unl_io);
 	evsched_task(&vif_poll_stations, NULL, EVSCHED_SEC(5));
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radius_proxy.c

@@ -27,7 +27,6 @@
 #include "utils.h"
 #include "radius_proxy.h"
 
-ovsdb_table_t table_Radius_Proxy_Config;
 struct blob_buf uci_buf = {};
 struct blob_attr *n;
 extern ovsdb_table_t table_APC_State;
@@ -35,11 +34,13 @@ extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
 
 enum {
 	RADIUS_PROXY_OPTIONS_LISTEN_UDP,
+	RADIUS_PROXY_OPTIONS_NAME,
 	__RADIUS_PROXY_OPTIONS_MAX
 };
 
 enum {
 	RADIUS_PROXY_CLIENT_NAME,
+	RADIUS_PROXY_CLIENT_HOST,
 	RADIUS_PROXY_CLIENT_TYPE,
 	RADIUS_PROXY_CLIENT_SECRET,
 	__RADIUS_PROXY_CLIENT_MAX
@@ -76,10 +77,12 @@ enum {
 
 static const struct blobmsg_policy radius_proxy_options_policy[__RADIUS_PROXY_OPTIONS_MAX] = {
 		[RADIUS_PROXY_OPTIONS_LISTEN_UDP] = { .name = "ListenUDP", BLOBMSG_TYPE_ARRAY },
+		[RADIUS_PROXY_OPTIONS_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
 };
 
 static const struct blobmsg_policy radius_proxy_client_policy[__RADIUS_PROXY_CLIENT_MAX] = {
 		[RADIUS_PROXY_CLIENT_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
+		[RADIUS_PROXY_CLIENT_HOST] = { .name = "host", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_CLIENT_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
 		[RADIUS_PROXY_CLIENT_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
 };
@@ -209,9 +212,9 @@ static bool radsec_download_cert(char *cert_name, char *dir_name, char *cert_url
 	return true;
 }
 
-static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
+static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf)
 {
-	int i=0;
+	int i = 0;
 	char path[200];
 	char name[256];
 	char server_name[256] = {};
@@ -219,7 +222,6 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 	char tls_name[256] = {};
 	struct schema_APC_State apc_conf;
 
-	/* Configure only if APC selects this as master AP (DR) */
 	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
 	if (false == ovsdb_table_select_one_where(&table_APC_State,
 			where, &apc_conf)) {
@@ -227,27 +229,26 @@ static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
 		return false;
 	}
 
-	if (!strncmp(apc_conf.mode, "OR", 2) || !strncmp(apc_conf.mode, "BDR", 2))
-		return false;
-
 	/* Configure options block */
 	blob_buf_init(&uci_buf, 0);
 	n = blobmsg_open_array(&uci_buf,"ListenUDP");
-	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1812");
-	blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1813");
+	blobmsg_add_string(&uci_buf, NULL, "*:1812");
+	blobmsg_add_string(&uci_buf, NULL, "*:1813");
 	blobmsg_close_array(&uci_buf, n);
 	memset(name, '\0', sizeof(name));
 	sprintf(name, "%s%s", conf->radius_config_name, "options");
+	blobmsg_add_string(&uci_buf, "name", name);
 	blob_to_uci_section(uci, "radsecproxy", name, "options",
 			uci_buf.head, &radius_proxy_options_param, NULL);
 
 	/* Configure client block */
 	blob_buf_init(&uci_buf, 0);
-	blobmsg_add_string(&uci_buf, "name", "localhost");
+	blobmsg_add_string(&uci_buf, "host", "0.0.0.0/0");
 	blobmsg_add_string(&uci_buf, "type", "udp");
 	blobmsg_add_string(&uci_buf, "secret", "secret");
 	memset(name, '\0', sizeof(name));
 	sprintf(name, "%s%s", conf->radius_config_name, "client");
+	blobmsg_add_string(&uci_buf, "name", name);
 	blob_to_uci_section(uci, "radsecproxy", name, "client",
 			uci_buf.head, &radius_proxy_client_param, NULL);
 
@@ -397,11 +398,12 @@ void callback_Radius_Proxy_Config(ovsdb_update_monitor_t *self,
 	case OVSDB_UPDATE_NEW:
 	case OVSDB_UPDATE_MODIFY:
 		(void) radius_proxy_config_set(conf);
+		vif_check_radius_proxy();
 		break;
 
 	case OVSDB_UPDATE_DEL:
 		(void) radius_proxy_config_delete();
-		(void) radius_proxy_config_set(conf);
+		vif_check_radius_proxy();
 		break;
 
 	default:

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/sysupgrade.c

@@ -291,7 +291,7 @@ static void cb_osp_start_factory_reboot(EV_P_ ev_timer *w, int events)
 	if (!strcmp(upg_url, "reboot"))
 		system("reboot");
 	else
-		system("jffs2reset -y -r");
+		system("wlan_ap_factory_reset.sh");
 
 	upg_running = false;
 

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c

@@ -32,6 +32,7 @@
 
 extern ovsdb_table_t table_Wifi_VIF_Config;
 extern ovsdb_table_t table_Hotspot20_Icon_Config;
+extern ovsdb_table_t table_Radius_Proxy_Config;
 
 extern struct blob_buf b;
 extern struct blob_buf del;
@@ -1047,14 +1048,11 @@ void vif_section_del(char *section_name)
 	reload_config = 1;
 }
 
-static void vif_check_radius_proxy()
+void vif_check_radius_proxy()
 {
-	struct uci_context *uci_ctx;
-	struct uci_package *wireless;
 	struct schema_APC_State apc_conf;
-	struct uci_element *e = NULL, *tmp = NULL;
-	char *buf = NULL;
-	int rc = 0;
+	int n = 0;
+	void *buf = NULL;
 
 	json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
 	if (false == ovsdb_table_select_one_where(&table_APC_State, where, &apc_conf))
@@ -1063,49 +1061,29 @@ static void vif_check_radius_proxy()
 		return;
 	}
 
-	uci_ctx = uci_alloc_context();
-	rc = uci_load(uci_ctx, "wireless", &wireless);
-
-	if (rc) {
-		LOGE("%s: uci_load() failed with rc %d", __func__, rc);
-		goto free;
-	}
-
-	uci_foreach_element_safe(&wireless->sections, tmp, e)
+	buf = ovsdb_table_select_where(&table_Radius_Proxy_Config, NULL, &n);
+	if (!buf)
 	{
-		struct blob_attr *tb[__WIF_ATTR_MAX];
-		struct uci_section *s = uci_to_section(e);
-		if ((s == NULL) || (s->type == NULL))
-			continue;
+		LOGI("Radius_Proxy_Config table doesn't exist.  Stop radsecproxy service.");
+		system("/etc/init.d/radsecproxy stop");
+		return;
+	}
+	else if (!strcmp(apc_conf.mode, "DR"))
+	{
+		if (!system("pidof radsecproxy"))
+			goto out;
 
-		if (strcmp(s->type, "wifi-iface"))
-			continue;
-
-		blob_buf_init(&b, 0);
-		uci_to_blob(&b, s, &wifi_iface_param);
-		blobmsg_parse(wifi_iface_policy, __WIF_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));
-
-		if (tb[WIF_ATTR_RADPROXY])
-		{
-			buf = blobmsg_get_string(tb[WIF_ATTR_RADPROXY]);
-
-			if (!strcmp(buf, "1") && !strcmp(apc_conf.mode, "DR"))
-			{
-				if (!system("pidof radsecproxy"))
-					goto free;
-
-				system("/etc/init.d/radsecproxy start");
-
-				goto free;
-			}
-		}
+		LOGI("Start radsecproxy service.");
+		system("/etc/init.d/radsecproxy start");
+	}
+	else
+	{
+		LOGI("Not DR. Stop radsecproxy service.");
+		system("/etc/init.d/radsecproxy stop");
 	}
 
-	system("/etc/init.d/radsecproxy stop");
-
-free:
-	uci_unload(uci_ctx, wireless);
-	uci_free_context(uci_ctx);
+out:
+	free(buf);
 	return;
 }
 
@@ -1660,9 +1638,6 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
 		vif_dhcp_opennds_allowlist_set(vconf,(char*)vconf->if_name);
 	}
 
-	if (changed->custom_options)
-		vif_check_radius_proxy();
-
 	reload_config = 1;
 	return 0;
 }

feeds/wlan-ap/opensync/src/platform/openwrt/src/ucc_detect/src/main.c

@@ -249,48 +249,28 @@ int main(int argc, char ** argv)
 	backtrace_init();
 
 	json_memdbg_init(loop);
-#if 0
-	if (!dpp_init())
-	{
-        	LOG(ERR,
-            	"Initializing SM "
-            	"(Failed to init DPP library)");
-		return -1;
-	}
 
-	if (!uccm_mqtt_init())
-	{
-		LOG(ERR,
-		"Initializing SM "
-		"(Failed to start MQTT)");
-		return -1;
-	}
-#endif
 	if (!ovsdb_init_loop(loop, "UCCM")) {
 		LOGEM("Initializing UCCM (Failed to initialize OVSDB)");
 		return -1;
 	}
-	evsched_init(loop);
 
 	callback cb = recv_process;
 	LOGI("Call interap_recv");
 	if( interap_recv(IAC_VOIP_PORT, cb, sizeof(struct voip_session),
 			 loop, &iac_io) < 0) {
+		interap_rcv_close();
 		LOGI("Error: Failed InterAP receive");
 		return 1;
 	}
 
-//	task_init();
+	evsched_init(loop);
 	netlink_listen(loop);
-//	command_ubus_init(loop);
 
 	ev_run(loop, 0);
 
 	if (!ovsdb_stop_loop(loop))
 		LOGE("Stopping UCCM (Failed to stop OVSDB");
-#if 0
-	uccm_mqtt_stop();
-#endif
 	ev_default_destroy();
 
 	interap_rcv_close();

feeds/wlan-ap/wlan-ap-config/files/etc/hotplug.d/iface/40-fix-lan-wan-ip-conflict

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
+[ "$INTERFACE" = wan ] || exit 0
+
+conflict=0
+wan_ipaddr="$(ubus call network.interface.wan status | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
+lan_ipaddr="$(ubus call network.interface.lan status | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
+logger -t hotplug "$ACTION of $INTERFACE ($DEVICE) $wan_ipaddr"
+
+[ "$wan_ipaddr" = "192.168.1" ] && [ "$lan_ipaddr" = "192.168.1" ] && {
+    conflict=1
+    dest_ip="192.168.0.1"
+}
+[ "$wan_ipaddr" = "192.168.0" ] && [ "$lan_ipaddr" = "192.168.0" ] && {
+    conflict=1
+    dest_ip="192.168.1.1"
+}
+[ $conflict = 1 ] && {
+    logger -t hotplug "IP conflict with br-wan.  Switch br-lan to $dest_ip"
+    uci set network.lan.ipaddr="$dest_ip"
+    uci_commit
+    reload_config
+}
+exit 0

feeds/wlan-ap/wlan-ap-config/files/etc/uci-defaults/99-tip-network

@@ -2,6 +2,8 @@
 
 uci set network.wan.type=bridge
 uci set network.wan6.ifname=@wan
+uci set network.wan.metric=1
+uci set network.lan.metric=10
 uci set network.wan.vlan_filtering=1
 uci set network.lan.vlan_filtering=1
 exit 0

patches/0027-ipq807x-add-the-Qualcomm-AX-target-support.patch

@@ -12281,14 +12281,14 @@ index 0000000000..6b0eb2f831
 ++		pinctrl-names = "default";
 ++
 ++		led@25 {
-++			label = "wifi5g";
-++			gpios = <&tlmm 35 GPIO_ACTIVE_HIGH>;
+++			label = "green:wifi5";
+++			gpios = <&tlmm 35 GPIO_ACTIVE_LOW>;
 ++			linux,default-trigger = "wf188:green:5g";
 ++			default-state = "off";
 ++		};
 ++		led@24 {
-++			label = "wifi2g";
-++			gpios = <&tlmm 37 GPIO_ACTIVE_HIGH>;
+++			label = "green:wifi2";
+++			gpios = <&tlmm 37 GPIO_ACTIVE_LOW>;
 ++			linux,default-trigger = "wf188:green:2g";
 ++			default-state = "off";
 ++		};

patches/0036-Preserve-certs-and-redirector-over-factory-reboot.patch

@@ -0,0 +1,81 @@
+From 1f9978564420818d4ce4bdbb08fce2eca7c13d8e Mon Sep 17 00:00:00 2001
+From: Rick Sommerville <rick.sommerville@netexperience.com>
+Date: Sun, 23 May 2021 14:36:03 -0400
+Subject: [PATCH] Preserve certificates and redirector over factory-reset
+
+---
+ package/base-files/files/etc/rc.button/reset  |  2 +-
+ .../patches/001-jffs2reset-keep-option        | 48 +++++++++++++++++++
+ 2 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 package/system/fstools/patches/001-jffs2reset-keep-option
+
+diff --git a/package/base-files/files/etc/rc.button/reset b/package/base-files/files/etc/rc.button/reset
+index 2403122ad2..56c0548ec9 100755
+--- a/package/base-files/files/etc/rc.button/reset
++++ b/package/base-files/files/etc/rc.button/reset
+@@ -23,7 +23,7 @@ released)
+ 	elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
+ 	then
+ 		echo "FACTORY RESET" > /dev/console
+-		jffs2reset -y && reboot &
++		wlan_ap_factory_reset.sh
+ 	fi
+ ;;
+ esac
+diff --git a/package/system/fstools/patches/001-jffs2reset-keep-option b/package/system/fstools/patches/001-jffs2reset-keep-option
+new file mode 100644
+index 0000000000..50209ea276
+--- /dev/null
++++ b/package/system/fstools/patches/001-jffs2reset-keep-option
+@@ -0,0 +1,48 @@
++--- a/jffs2reset.c
+++++ b/jffs2reset.c
++@@ -40,7 +40,7 @@ ask_user(void)
++ 	return 0;
++ }
++ 
++-static int jffs2_reset(struct volume *v, int reset)
+++static int jffs2_reset(struct volume *v, int reset, int keep)
++ {
++ 	char *mp;
++ 
++@@ -48,7 +48,7 @@ static int jffs2_reset(struct volume *v,
++ 	if (mp) {
++ 		ULOG_INFO("%s is mounted as %s, only erasing files\n", v->blk, mp);
++ 		fs_state_set("/overlay", FS_STATE_PENDING);
++-		overlay_delete(mp, false);
+++		overlay_delete(mp, keep);
++ 		mount(mp, "/", NULL, MS_REMOUNT, 0);
++ 	} else {
++ 		ULOG_INFO("%s is not mounted\n", v->blk);
++@@ -93,8 +93,8 @@ static int jffs2_mark(struct volume *v)
++ int main(int argc, char **argv)
++ {
++ 	struct volume *v;
++-	int ch, yes = 0, reset = 0;
++-	while ((ch = getopt(argc, argv, "yr")) != -1) {
+++	int ch, yes = 0, reset = 0, keep = 0;
+++	while ((ch = getopt(argc, argv, "yrk")) != -1) {
++ 		switch(ch) {
++ 		case 'y':
++ 			yes = 1;
++@@ -102,6 +102,9 @@ int main(int argc, char **argv)
++ 		case 'r':
++ 			reset = 1;
++ 			break;
+++                case 'k':
+++                        keep = 1;
+++                        break;
++ 		}
++ 
++ 	}
++@@ -128,5 +131,5 @@ int main(int argc, char **argv)
++ 	volume_init(v);
++ 	if (!strcmp(*argv, "jffs2mark"))
++ 		return jffs2_mark(v);
++-	return jffs2_reset(v, reset);
+++	return jffs2_reset(v, reset, keep);
++ }
+-- 
+2.17.1
+

profiles-20.x/wlan-ap.yml

@@ -60,6 +60,7 @@ packages:
   - kmod-ip6-tunnel
   - kmod-iptunnel
   - kmod-iptunnel6
+  - logrotate
 
 diffconfig: |
   CONFIG_OPENSSL_ENGINE=y

profiles/wlan-ap.yml

@@ -80,6 +80,7 @@ packages:
   - eapol-test
   - apc
   - radsecproxy
+  - logrotate
 
 diffconfig: |
   CONFIG_OPENSSL_ENGINE=y