hostapd: track ratelimit config and reload wifi when state changes

Fixes: WIFI-5701
Signed-off-by: John Crispin <john@phrozen.org>

backports/0012-libubox-update-to-latest-HEAD.patch

@@ -1,7 +1,7 @@
-From 2af08d2e85ee946de5f53bbd0ddf239de9b78f6d Mon Sep 17 00:00:00 2001
+From bb797fc82f8ade2a1c0b7a68dd7c920eae2f531f Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Tue, 18 May 2021 10:46:43 +0200
-Subject: [PATCH 12/27] libubox: update to latest HEAD
+Subject: [PATCH 01/74] libubox: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
@@ -9,7 +9,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/package/libs/libubox/Makefile b/package/libs/libubox/Makefile
-index d2c07783e1..33aa73eef7 100644
+index d2c07783e1..3b01930d6c 100644
 --- a/package/libs/libubox/Makefile
 +++ b/package/libs/libubox/Makefile
 @@ -5,9 +5,9 @@ PKG_RELEASE=2
@@ -19,9 +19,9 @@ index d2c07783e1..33aa73eef7 100644
 -PKG_MIRROR_HASH:=7dd1db1e0074a9c7c722db654cce3111b3bd3cff0bfd791c4497cb0f6c22d3ca
 -PKG_SOURCE_DATE:=2021-05-16
 -PKG_SOURCE_VERSION:=b14c4688612c05c78ce984d7bde633bce8703b1e
-+PKG_MIRROR_HASH:=1cdb91ac0ee925f133ee9f70eac131a99def312fe7cf0aed44df84eb1762e30b
++PKG_MIRROR_HASH:=82d84fb97e725b0a18ceac639cae0c17d922754bb648ff58c62069d92798a6cd
 +PKG_SOURCE_DATE:=2021-08-19
-+PKG_SOURCE_VERSION:=d716ac4bc4236031d4c3cc1ed362b502e20e3787
++PKG_SOURCE_VERSION:=c86a894ec63d83ecf2c373bbf9dc8fba9713d942
  PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
  CMAKE_INSTALL:=1
  

backports/0017-netifd-update-to-latest-HEAD.patch

@@ -1,16 +1,14 @@
-From c9e9ca475bc2eb90beb23a2c67c39389f8cb2527 Mon Sep 17 00:00:00 2001
+From 1496ca5ceb941ba725311c6c0366193092035f32 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Thu, 27 May 2021 13:24:47 +0200
-Subject: [PATCH 01/58] netifd: update to latest HEAD
+Subject: [PATCH 01/60] netifd: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
  package/network/config/netifd/Makefile        |  8 ++--
- .../netifd/patches/002-fix-dhcp-issue.patch   | 17 +++++++++
  .../config/netifd/patches/100-script.patch    | 21 +++++++++++
  .../config/netifd/patches/hairpin.patch       | 37 +++++++++++++++++++
- 4 files changed, 78 insertions(+), 5 deletions(-)
- create mode 100644 package/network/config/netifd/patches/002-fix-dhcp-issue.patch
+ 3 files changed, 61 insertions(+), 5 deletions(-)
  create mode 100644 package/network/config/netifd/patches/100-script.patch
  create mode 100644 package/network/config/netifd/patches/hairpin.patch
 
@@ -38,29 +36,6 @@ index 4b5f110da2..d41bddfd56 100644
  include $(INCLUDE_DIR)/package.mk
  include $(INCLUDE_DIR)/cmake.mk
  
-diff --git a/package/network/config/netifd/patches/002-fix-dhcp-issue.patch b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
-new file mode 100644
-index 0000000000..6f1d2e708e
---- /dev/null
-+++ b/package/network/config/netifd/patches/002-fix-dhcp-issue.patch
-@@ -0,0 +1,17 @@
-+Index: netifd-2019-08-05-5e02f944/interface.c
-+===================================================================
-+--- netifd-2019-08-05-5e02f944.orig/interface.c
-++++ netifd-2019-08-05-5e02f944/interface.c
-+@@ -424,7 +424,11 @@ interface_main_dev_cb(struct device_user
-+ 		interface_set_link_state(iface, false);
-+ 		break;
-+ 	case DEV_EVENT_TOPO_CHANGE:
-+-		interface_proto_event(iface->proto, PROTO_CMD_RENEW, false);
-++	/* This renews the dhcp lease when the bridge adds/deletes a
-++	 * new interface. It causes some dhcp servers to fail in
-++	 * case where there are many interfaces being added to the
-++	 * bridge frequently. Disabling this for now. */
-++	/*	interface_proto_event(iface->proto, PROTO_CMD_RENEW, false); */
-+ 		return;
-+ 	default:
-+ 		break;
 diff --git a/package/network/config/netifd/patches/100-script.patch b/package/network/config/netifd/patches/100-script.patch
 new file mode 100644
 index 0000000000..e7ba83f4bb

backports/0019-hostapd-update-to-latest-HEAD.patch

@@ -1,14 +1,14 @@
-From beaf8ac8acf93bc617d3ed141c750fe1d4f2b047 Mon Sep 17 00:00:00 2001
+From 6e3370a4c785c2c245b77832960f1dbed2736192 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Sat, 4 Sep 2021 05:48:27 +0200
-Subject: [PATCH 01/56] hostapd: update to latest HEAD
+Subject: [PATCH 01/70] hostapd: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
  package/network/services/hostapd/Makefile     |  15 +-
  .../hostapd/files/hostapd-basic.config        |   2 +-
  .../hostapd/files/hostapd-full.config         |   4 +-
- .../network/services/hostapd/files/hostapd.sh | 181 +++++++++---
+ .../network/services/hostapd/files/hostapd.sh | 188 +++++++++---
  ...-fix-frequency-setup-with-HE-enabled.patch | 196 -------------
  ...> 001-wolfssl-init-RNG-with-ECC-key.patch} |  11 +-
  ...-init-order-disable-pri-sec-channel-.patch | 126 --------
@@ -73,7 +73,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  .../services/hostapd/src/src/ap/ubus.c        | 214 +++++++++++++-
  .../services/hostapd/src/src/ap/ubus.h        |  16 +
  .../hostapd/src/src/utils/build_features.h    |   2 -
- 68 files changed, 1336 insertions(+), 2347 deletions(-)
+ 68 files changed, 1343 insertions(+), 2347 deletions(-)
  delete mode 100644 package/network/services/hostapd/patches/001-HE-VHT-fix-frequency-setup-with-HE-enabled.patch
  rename package/network/services/hostapd/patches/{802-wolfssl-init-RNG-with-ECC-key.patch => 001-wolfssl-init-RNG-with-ECC-key.patch} (76%)
  delete mode 100644 package/network/services/hostapd/patches/002-mesh-fix-channel-init-order-disable-pri-sec-channel-.patch
@@ -181,7 +181,7 @@ index df272e443a..61b6daf861 100644
  # EAP-SAKE for the integrated EAP server
  #CONFIG_EAP_SAKE=y
 diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
-index aa72e09eba..0265c0518a 100644
+index aa72e09eba..fe6af98f4d 100644
 --- a/package/network/services/hostapd/files/hostapd.sh
 +++ b/package/network/services/hostapd/files/hostapd.sh
 @@ -48,13 +48,17 @@ hostapd_append_wpa_key_mgmt() {
@@ -276,7 +276,7 @@ index aa72e09eba..0265c0518a 100644
  
  	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
  
-@@ -319,23 +336,33 @@ hostapd_common_add_bss_config() {
+@@ -319,23 +336,35 @@ hostapd_common_add_bss_config() {
  	config_add_int iw_ipaddr_type_availability iw_gas_address3
  	config_add_string iw_hessid iw_network_auth_type iw_qos_map_set
  	config_add_array iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
@@ -310,10 +310,12 @@ index aa72e09eba..0265c0518a 100644
 +
 +	config_add_int eap_server
 +	config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id
++	
++	config_add_boolean ratelimit
  }
  
  hostapd_set_vlan_file() {
-@@ -387,7 +414,7 @@ append_iw_anqp_3gpp_cell_net() {
+@@ -387,7 +416,7 @@ append_iw_anqp_3gpp_cell_net() {
  	if [ -z "$iw_anqp_3gpp_cell_net_conf" ]; then
  		iw_anqp_3gpp_cell_net_conf="$1"
  	else
@@ -322,7 +324,7 @@ index aa72e09eba..0265c0518a 100644
  	fi
  }
  
-@@ -399,10 +426,22 @@ append_iw_nai_realm() {
+@@ -399,10 +428,22 @@ append_iw_nai_realm() {
  	[ -n "$1" ] && append bss_conf "nai_realm=$1" "$N"
  }
  
@@ -345,7 +347,7 @@ index aa72e09eba..0265c0518a 100644
  append_osu_provider_service_desc() {
  	append bss_conf "osu_service_desc=$1" "$N"
  }
-@@ -450,6 +489,7 @@ append_osu_provider() {
+@@ -450,6 +491,7 @@ append_osu_provider() {
  	append bss_conf "osu_method_list=$osu_method_list" "$N"
  
  	config_list_foreach "$1" osu_service_desc append_osu_provider_service_desc
@@ -353,7 +355,7 @@ index aa72e09eba..0265c0518a 100644
  	config_list_foreach "$1" osu_icon append_osu_icon
  
  	append bss_conf "$N"
-@@ -459,6 +499,14 @@ append_hs20_conn_capab() {
+@@ -459,6 +501,14 @@ append_hs20_conn_capab() {
  	[ -n "$1" ] && append bss_conf "hs20_conn_capab=$1" "$N"
  }
  
@@ -368,7 +370,7 @@ index aa72e09eba..0265c0518a 100644
  append_airtime_sta_weight() {
  	[ -n "$1" ] && append bss_conf "airtime_sta_weight=$1" "$N"
  }
-@@ -482,10 +530,12 @@ hostapd_set_bss_options() {
+@@ -482,10 +532,12 @@ hostapd_set_bss_options() {
  		macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
  		iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
  		acct_server acct_secret acct_port acct_interval \
@@ -383,7 +385,7 @@ index aa72e09eba..0265c0518a 100644
  
  	set_default isolate 0
  	set_default maxassoc 0
-@@ -506,6 +556,7 @@ hostapd_set_bss_options() {
+@@ -506,6 +558,7 @@ hostapd_set_bss_options() {
  	set_default multi_ap 0
  	set_default airtime_bss_weight 0
  	set_default airtime_bss_limit 0
@@ -391,7 +393,7 @@ index aa72e09eba..0265c0518a 100644
  
  	append bss_conf "ctrl_interface=/var/run/hostapd"
  	if [ "$isolate" -gt 0 ]; then
-@@ -532,6 +583,7 @@ hostapd_set_bss_options() {
+@@ -532,6 +585,7 @@ hostapd_set_bss_options() {
  	append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N"
  	append bss_conf "utf8_ssid=$utf8_ssid" "$N"
  	append bss_conf "multi_ap=$multi_ap" "$N"
@@ -399,7 +401,7 @@ index aa72e09eba..0265c0518a 100644
  
  	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
  
-@@ -550,19 +602,21 @@ hostapd_set_bss_options() {
+@@ -550,19 +604,21 @@ hostapd_set_bss_options() {
  			append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
  		[ -n "$acct_interval" ] && \
  			append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
@@ -423,7 +425,7 @@ index aa72e09eba..0265c0518a 100644
  
  	local vlan_possible=""
  
-@@ -599,12 +653,12 @@ hostapd_set_bss_options() {
+@@ -599,12 +655,12 @@ hostapd_set_bss_options() {
  			vlan_possible=1
  			wps_possible=1
  		;;
@@ -438,7 +440,7 @@ index aa72e09eba..0265c0518a 100644
  
  			# radius can provide VLAN ID for clients
  			vlan_possible=1
-@@ -616,18 +670,22 @@ hostapd_set_bss_options() {
+@@ -616,18 +672,22 @@ hostapd_set_bss_options() {
  
  			set_default auth_port 1812
  			set_default dae_port 3799
@@ -465,7 +467,7 @@ index aa72e09eba..0265c0518a 100644
  
  			[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
  			[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
-@@ -699,7 +757,8 @@ hostapd_set_bss_options() {
+@@ -699,7 +759,8 @@ hostapd_set_bss_options() {
  	}
  
  	append bss_conf "ssid=$ssid" "$N"
@@ -475,7 +477,7 @@ index aa72e09eba..0265c0518a 100644
  	[ -n "$iapp_interface" ] && {
  		local ifname
  		network_get_device ifname "$iapp_interface" || ifname="$iapp_interface"
-@@ -740,7 +799,7 @@ hostapd_set_bss_options() {
+@@ -740,7 +801,7 @@ hostapd_set_bss_options() {
  			append bss_conf "ftm_responder=1" "$N"
  			[ "$stationary_ap" -eq "1" ] && append bss_conf "stationary_ap=1" "$N"
  			[ -n "$lci" ] && append bss_conf "lci=$lci" "$N"
@@ -484,7 +486,7 @@ index aa72e09eba..0265c0518a 100644
  		}
  	fi
  
-@@ -764,6 +823,7 @@ hostapd_set_bss_options() {
+@@ -764,6 +825,7 @@ hostapd_set_bss_options() {
  				;;
  			esac
  
@@ -492,7 +494,7 @@ index aa72e09eba..0265c0518a 100644
  			append bss_conf "mobility_domain=$mobility_domain" "$N"
  			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
  			append bss_conf "ft_over_ds=$ft_over_ds" "$N"
-@@ -778,6 +838,13 @@ hostapd_set_bss_options() {
+@@ -778,6 +840,13 @@ hostapd_set_bss_options() {
  				set_default r0_key_lifetime 10000
  				set_default pmk_r1_push 0
  
@@ -506,7 +508,7 @@ index aa72e09eba..0265c0518a 100644
  				[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
  				append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
  				append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
-@@ -822,7 +889,16 @@ hostapd_set_bss_options() {
+@@ -822,7 +891,16 @@ hostapd_set_bss_options() {
  				json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
  				append bss_conf "ieee80211w=$ieee80211w" "$N"
  				[ "$ieee80211w" -gt "0" ] && {
@@ -524,7 +526,7 @@ index aa72e09eba..0265c0518a 100644
  					[ -n "$ieee80211w_max_timeout" ] && \
  						append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
  					[ -n "$ieee80211w_retry_timeout" ] && \
-@@ -863,13 +939,17 @@ hostapd_set_bss_options() {
+@@ -863,13 +941,17 @@ hostapd_set_bss_options() {
  	}
  
  	[ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && {
@@ -544,7 +546,7 @@ index aa72e09eba..0265c0518a 100644
  		[ -n "$vlan_tagged_interface" ] && \
  			append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
  		[ -n "$vlan_file" ] && {
-@@ -882,6 +962,7 @@ hostapd_set_bss_options() {
+@@ -882,6 +964,7 @@ hostapd_set_bss_options() {
  	json_get_vars iw_hessid iw_venue_group iw_venue_type iw_network_auth_type
  	json_get_vars iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
  	json_get_vars iw_anqp_elem iw_qos_map_set iw_ipaddr_type_availability iw_gas_address3
@@ -552,7 +554,7 @@ index aa72e09eba..0265c0518a 100644
  
  	set_default iw_enabled 0
  	if [ "$iw_enabled" = "1" ]; then
-@@ -905,11 +986,12 @@ hostapd_set_bss_options() {
+@@ -905,11 +988,12 @@ hostapd_set_bss_options() {
  		[ -n "$iw_network_auth_type" ] && \
  			append bss_conf "network_auth_type=$iw_network_auth_type" "$N"
  		[ -n "$iw_gas_address3" ] && append bss_conf "gas_address3=$iw_gas_address3" "$N"
@@ -566,12 +568,16 @@ index aa72e09eba..0265c0518a 100644
  
  		iw_domain_name_conf=
  		json_for_each_item append_iw_domain_name iw_domain_name
-@@ -921,14 +1003,18 @@ hostapd_set_bss_options() {
- 		[ -n "$iw_anqp_3gpp_cell_net_conf" ] && \
+@@ -922,13 +1006,22 @@ hostapd_set_bss_options() {
  			append bss_conf "anqp_3gpp_cell_net=$iw_anqp_3gpp_cell_net_conf" "$N"
  	fi
-+	[ -n "$iw_qos_map_set" ] && append bss_conf "qos_map_set=$iw_qos_map_set" "$N"
  
++	set_default iw_qos_map_set 0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
++	case "$iw_qos_map_set" in
++		*,*);;
++		*) iw_qos_map_set="";;
++	esac
++	[ -n "$iw_qos_map_set" ] && append bss_conf "qos_map_set=$iw_qos_map_set" "$N"
  
  	local hs20 disable_dgaf osen anqp_domain_id hs20_deauth_req_timeout \
 -		osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
@@ -587,7 +593,7 @@ index aa72e09eba..0265c0518a 100644
  	set_default disable_dgaf $hs20
  	set_default osen 0
  	set_default anqp_domain_id 0
-@@ -936,6 +1022,7 @@ hostapd_set_bss_options() {
+@@ -936,6 +1029,7 @@ hostapd_set_bss_options() {
  	if [ "$hs20" = "1" ]; then
  		append bss_conf "hs20=1" "$N"
  		append_hs20_icons
@@ -595,7 +601,7 @@ index aa72e09eba..0265c0518a 100644
  		append bss_conf "disable_dgaf=$disable_dgaf" "$N"
  		append bss_conf "osen=$osen" "$N"
  		append bss_conf "anqp_domain_id=$anqp_domain_id" "$N"
-@@ -945,16 +1032,31 @@ hostapd_set_bss_options() {
+@@ -945,16 +1039,31 @@ hostapd_set_bss_options() {
  		[ -n "$hs20_operating_class" ] && append bss_conf "hs20_operating_class=$hs20_operating_class" "$N"
  		[ -n "$hs20_t_c_filename" ] && append bss_conf "hs20_t_c_filename=$hs20_t_c_filename" "$N"
  		[ -n "$hs20_t_c_timestamp" ] && append bss_conf "hs20_t_c_timestamp=$hs20_t_c_timestamp" "$N"
@@ -628,7 +634,7 @@ index aa72e09eba..0265c0518a 100644
  
  	set_default per_sta_vif 0
  	if [ "$per_sta_vif" -gt 0 ]; then
-@@ -1079,16 +1181,16 @@ wpa_supplicant_set_fixed_freq() {
+@@ -1079,16 +1188,16 @@ wpa_supplicant_set_fixed_freq() {
  	append network_data "frequency=$freq" "$N$T"
  	case "$htmode" in
  		NOHT) append network_data "disable_ht=1" "$N$T";;
@@ -649,7 +655,7 @@ index aa72e09eba..0265c0518a 100644
  		*) append network_data "disable_vht=1" "$N$T";;
  	esac
  }
-@@ -1106,19 +1208,21 @@ wpa_supplicant_add_network() {
+@@ -1106,19 +1215,21 @@ wpa_supplicant_add_network() {
  		ssid bssid key \
  		basic_rate mcast_rate \
  		ieee80211w ieee80211r \
@@ -674,7 +680,7 @@ index aa72e09eba..0265c0518a 100644
  
  	local key_mgmt='NONE'
  	local network_data=
-@@ -1150,7 +1254,10 @@ wpa_supplicant_add_network() {
+@@ -1150,7 +1261,10 @@ wpa_supplicant_add_network() {
  		scan_ssid=""
  	}
  
@@ -686,7 +692,7 @@ index aa72e09eba..0265c0518a 100644
  
  	case "$auth_type" in
  		none) ;;
-@@ -1186,7 +1293,7 @@ wpa_supplicant_add_network() {
+@@ -1186,7 +1300,7 @@ wpa_supplicant_add_network() {
  			fi
  			append network_data "$passphrase" "$N$T"
  		;;

backports/0020-procd-add-uxc-support.patch

@@ -1,17 +1,17 @@
-From aab305d662fa77ef4495574c096cb1e065c1908a Mon Sep 17 00:00:00 2001
+From 006abf1773051ad355b52d70095f63f44a496b13 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Sun, 25 Jul 2021 13:32:37 +0200
-Subject: [PATCH 20/27] procd: add uxc support
+Subject: [PATCH 02/70] procd: add uxc support
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
- package/system/procd/Makefile       | 12 ++---
+ package/system/procd/Makefile       | 15 +++---
  package/system/procd/files/procd.sh | 79 +++++++++++++++++++++++++++++
  package/system/procd/files/uxc.init |  4 ++
- 3 files changed, 89 insertions(+), 6 deletions(-)
+ 3 files changed, 90 insertions(+), 8 deletions(-)
 
 diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
-index 30d5adf427..98f1ed1775 100644
+index 30d5adf427..b831f86639 100644
 --- a/package/system/procd/Makefile
 +++ b/package/system/procd/Makefile
 @@ -12,9 +12,9 @@ PKG_RELEASE:=$(AUTORELEASE)
@@ -21,9 +21,9 @@ index 30d5adf427..98f1ed1775 100644
 -PKG_SOURCE_DATE:=2021-02-23
 -PKG_SOURCE_VERSION:=37eed131e9967a35f47bacb3437a9d3c8a57b3f4
 -PKG_MIRROR_HASH:=2b0131ff9055ccf987cbeb5f36c2c2585dc780999df6be312fbbbcd61ce676d4
-+PKG_SOURCE_DATE:=2021-08-15
-+PKG_SOURCE_VERSION:=104b49d6ab25a8cf067e6d8d1f2da7defb9876d4
-+PKG_MIRROR_HASH:=d13b566a14e84f6babe8b7d3dfb88e34c3dff0e97d7770d6fe71174685bca628
++PKG_MIRROR_HASH:=0d51642d82d7bb4150355a6986e54504dce171c6fcb7eeff312d20a5d106bad8
++PKG_SOURCE_DATE:=2021-11-04
++PKG_SOURCE_VERSION:=0ee8e734a7f67220cf4a3412b60ff674b5fb20dd
  CMAKE_INSTALL:=1
  
  PKG_LICENSE:=GPL-2.0
@@ -36,21 +36,30 @@ index 30d5adf427..98f1ed1775 100644
  endif
  
  CMAKE_OPTIONS += -DEARLY_PATH="$(TARGET_INIT_PATH)"
-@@ -82,7 +82,7 @@ endef
+@@ -68,7 +68,7 @@ define Package/procd-ujail
+   SECTION:=base
+   CATEGORY:=Base system
+   DEPENDS:=@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS +@KERNEL_PID_NS \
+-	  +libubox +libubus +libblobmsg-json
++	  +libubox +libubus +libuci +libblobmsg-json
+   TITLE:=OpenWrt process jail helper
+ endef
+ 
+@@ -82,15 +82,14 @@ endef
  define Package/procd-seccomp
    SECTION:=base
    CATEGORY:=Base system
 -  DEPENDS:=@(arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
-+  DEPENDS:=@(aarch64||arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
- 	  @KERNEL_SECCOMP +libubox +libblobmsg-json
+-	  @KERNEL_SECCOMP +libubox +libblobmsg-json
++  DEPENDS:=@SECCOMP +libubox +libblobmsg-json
    TITLE:=OpenWrt process seccomp helper + utrace
  endef
-@@ -90,7 +90,7 @@ endef
+ 
  define Package/uxc
    SECTION:=base
    CATEGORY:=Base system
 -  DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json
-+  DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json +blockd +rpcd
++  DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json +blockd +PACKAGE_uxc:rpcd
    TITLE:=OpenWrt container management
    MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
  endef

backports/0031-ubus-update-to-the-latest-version.patch

@@ -0,0 +1,35 @@
+From d4e24006e05474b6dbe582f7c56a505cc0c45e81 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 1 Nov 2021 11:59:41 +0100
+Subject: [PATCH] ubus: update to the latest version
+
+b743a331421d ubusd: log ACL init errors
+2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg
+ef038488edc3 libubus: process pending messages in data handler if stack depth is 0
+a72457b61df0 libubus: increase stack depth for processing obj msgs
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ package/system/ubus/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/package/system/ubus/Makefile b/package/system/ubus/Makefile
+index 8a3fd1de7b..d5f86b6850 100644
+--- a/package/system/ubus/Makefile
++++ b/package/system/ubus/Makefile
+@@ -5,9 +5,9 @@ PKG_RELEASE:=2
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/ubus.git
+-PKG_SOURCE_DATE:=2021-06-30
+-PKG_SOURCE_VERSION:=4fc532c8a55ba8217ad67d7fd47c5eb9a8aba044
+-PKG_MIRROR_HASH:=a5c8205f2e2b2f1f9ad687592e66a6e2bf8900dc54cfe3ceefe6c297d18971a8
++PKG_SOURCE_DATE:=2021-08-09
++PKG_SOURCE_VERSION:=a72457b61df045d3c499a6211362b751710590d7
++PKG_MIRROR_HASH:=ac617577bcb2ff3dbc3039ad67200afcce910840223a2de15977d3224e6557fd
+ PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
+ CMAKE_INSTALL:=1
+ 
+-- 
+2.25.1
+

backports/0032-rpcd-bump-to-git-HEAD.patch

@@ -0,0 +1,34 @@
+From 49ceb8a8d7009e5c81599c68b8aacc16d17d2e62 Mon Sep 17 00:00:00 2001
+From: Stijn Tintel <stijn@linux-ipv6.be>
+Date: Tue, 9 Nov 2021 17:20:41 +0100
+Subject: [PATCH] rpcd: bump to git HEAD
+
+ 20bf958 session: use uloop_timeout_remaining64
+ d11ffe9 session: use blobmsg_get_u64 for RPC_DUMP_EXPIRES
+
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ package/system/rpcd/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/package/system/rpcd/Makefile b/package/system/rpcd/Makefile
+index 0896a7dada..af788dcfaa 100644
+--- a/package/system/rpcd/Makefile
++++ b/package/system/rpcd/Makefile
+@@ -12,10 +12,10 @@ PKG_RELEASE:=1
+ 
+ PKG_SOURCE_PROTO:=git
+ PKG_SOURCE_URL=$(PROJECT_GIT)/project/rpcd.git
+-PKG_SOURCE_DATE:=2021-03-11
+-PKG_SOURCE_VERSION:=ccb75178cf6a726896729c6904bd623636aa0b29
++PKG_MIRROR_HASH:=98071b4a1ce983a0e738d7e4a2f6e52b7f6db19f99510ddef430093314134ca4
++PKG_SOURCE_DATE:=2021-11-04
++PKG_SOURCE_VERSION:=d11ffe9383ae0ec34836421926364b24c1d891ca
+ PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+-PKG_MIRROR_HASH:=87b1839275c209f9767057d6da5272cae973a064767fa28f380a37fb65e2e643
+ 
+ PKG_LICENSE:=ISC
+ PKG_LICENSE_FILES:=
+-- 
+2.25.1
+

backports/0050-bpf-headers-add-a-package-with-kernel-headers-for-eb.patch

@@ -1,7 +1,8 @@
-From 705ea724f1dc4083665746a1cf4c9b0f317667ec Mon Sep 17 00:00:00 2001
+From 3937223beab0c3e4284fd916c0c3b6548c287e03 Mon Sep 17 00:00:00 2001
 From: Felix Fietkau <nbd@nbd.name>
 Date: Tue, 26 Oct 2021 20:41:22 +0200
-Subject: [PATCH] bpf-headers: add a package with kernel headers for ebpf
+Subject: [PATCH 050/102] bpf-headers: add a package with kernel headers for
+ ebpf
 
 In order to genererate suitable kernel headers, a 5.10 kernel tree is
 prepared with a default config for mips. The arch is forced to mips in
@@ -11,27 +12,32 @@ It also has the advantage of supporting both endian types
 
 Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---
- include/bpf.mk                                | 60 +++++++++++
+ include/bpf.mk                                | 65 ++++++++++++
  package/kernel/bpf-headers/Makefile           | 99 +++++++++++++++++++
  .../src/include/generated/bounds.h            | 14 +++
- 3 files changed, 173 insertions(+)
+ 3 files changed, 178 insertions(+)
  create mode 100644 include/bpf.mk
  create mode 100644 package/kernel/bpf-headers/Makefile
  create mode 100644 package/kernel/bpf-headers/src/include/generated/bounds.h
 
 diff --git a/include/bpf.mk b/include/bpf.mk
 new file mode 100644
-index 0000000000..4e227a11d0
+index 0000000000..3dc65c7685
 --- /dev/null
 +++ b/include/bpf.mk
-@@ -0,0 +1,60 @@
-+ifeq ($(CONFIG_BUILD_LLVM_BPF),)
-+export PATH:=/usr/local/opt/llvm/bin:$(PATH)
-+CLANG:=$(firstword $(shell PATH='$(PATH)' which clang clang-13 clang-12 clang-11 clang-10 clang-9))
-+LLVM_VER:=$(subst clang,,$(notdir $(CLANG)))
+@@ -0,0 +1,65 @@
++ifneq ($(CONFIG_BPF_TOOLCHAIN_HOST),)
++  BPF_TOOLCHAIN_HOST_PATH:=$(call qstrip,$(CONFIG_BPF_TOOLCHAIN_HOST_PATH))
++  ifneq ($(BPF_TOOLCHAIN_HOST_PATH),)
++    BPF_PATH:=$(BPF_TOOLCHAIN_HOST_PATH)/bin:$(PATH)
++  else
++    BPF_PATH:=$(BPF_PATH)
++  endif
++  CLANG:=$(firstword $(shell PATH='$(BPF_PATH)' which clang clang-13 clang-12 clang-11))
++  LLVM_VER:=$(subst clang,,$(notdir $(CLANG)))
 +else
-+CLANG:=$(STAGING_DIR_HOST)/bin/clang
-+LLVM_VER:=
++  CLANG:=$(STAGING_DIR_HOST)/bin/clang
++  LLVM_VER:=
 +endif
 +
 +LLVM_PATH:=$(dir $(CLANG))

backports/0051-bpf-headers-unset-PKG_CONFIG_PATH.patch

@@ -0,0 +1,29 @@
+From 32243b2148fd0dacd0630affaea59345c64df79a Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 2 Nov 2021 10:36:14 +0100
+Subject: [PATCH 051/102] bpf-headers: unset PKG_CONFIG_PATH
+
+This fixes an issue where the kernel would pick up an incompatible target
+libyaml for building host tools
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ package/kernel/bpf-headers/Makefile | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/package/kernel/bpf-headers/Makefile b/package/kernel/bpf-headers/Makefile
+index 5f5b89370d..df24bfa13f 100644
+--- a/package/kernel/bpf-headers/Makefile
++++ b/package/kernel/bpf-headers/Makefile
+@@ -41,6 +41,8 @@ define Package/bpf-headers
+   HIDDEN:=1
+ endef
+ 
++PKG_CONFIG_PATH:=
++
+ export HOST_EXTRACFLAGS=-I$(STAGING_DIR_HOST)/include
+ 
+ KERNEL_MAKE := \
+-- 
+2.25.1
+

backports/0052-tools-llvm-bpf-add-llvm-clang-build-suitable-for-com.patch

@@ -0,0 +1,99 @@
+From 1eb36bc2be4b54e4e4e4ceffc01be78d996205f0 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Sun, 17 Oct 2021 17:50:53 +0200
+Subject: [PATCH 052/102] tools/llvm-bpf: add llvm+clang build suitable for
+ compiling code to eBPF
+
+Preparation for building packages that ship eBPF code
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ toolchain/Config.in     |  7 +++++++
+ tools/Makefile          |  2 ++
+ tools/llvm-bpf/Makefile | 36 ++++++++++++++++++++++++++++++++++++
+ 3 files changed, 45 insertions(+)
+ create mode 100644 tools/llvm-bpf/Makefile
+
+diff --git a/toolchain/Config.in b/toolchain/Config.in
+index 6dda9af92d..9062d6f65e 100644
+--- a/toolchain/Config.in
++++ b/toolchain/Config.in
+@@ -37,6 +37,13 @@ menuconfig TARGET_OPTIONS
+ 
+ 		  Most people will answer N.
+ 
++config BUILD_LLVM_BPF
++	bool "Build LLVM toolchain for eBPF" if DEVEL
++	help
++	  If enabled, a LLVM toolchain for building eBPF binaries will be built.
++	  If this is not enabled, eBPF packages can only be built if the host
++	  has a suitable toolchain
++
+ 
+ menuconfig EXTERNAL_TOOLCHAIN
+ 	bool
+diff --git a/tools/Makefile b/tools/Makefile
+index a2665dbc9a..83147014c6 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -35,6 +35,7 @@ tools-$(CONFIG_TARGET_mxs) += elftosb sdimage
+ tools-$(CONFIG_TARGET_tegra) += cbootimage cbootimage-configs
+ tools-$(CONFIG_USES_MINOR) += kernel2minor
+ tools-$(CONFIG_USE_SPARSE) += sparse
++tools-$(CONFIG_BUILD_LLVM_BPF) += llvm-bpf
+ 
+ # builddir dependencies
+ $(curdir)/autoconf/compile := $(curdir)/m4/compile
+@@ -57,6 +58,7 @@ $(curdir)/libelf/compile := $(curdir)/libtool/compile
+ $(curdir)/libressl/compile := $(curdir)/pkgconf/compile
+ $(curdir)/libtool/compile := $(curdir)/m4/compile $(curdir)/autoconf/compile $(curdir)/automake/compile $(curdir)/missing-macros/compile
+ $(curdir)/lzma-old/compile := $(curdir)/zlib/compile
++$(curdir)/llvm-bpf/compile := $(curdir)/cmake/compile
+ $(curdir)/make-ext4fs/compile := $(curdir)/zlib/compile
+ $(curdir)/missing-macros/compile := $(curdir)/autoconf/compile
+ $(curdir)/mkimage/compile += $(curdir)/libressl/compile
+diff --git a/tools/llvm-bpf/Makefile b/tools/llvm-bpf/Makefile
+new file mode 100644
+index 0000000000..a5ba2a4cb7
+--- /dev/null
++++ b/tools/llvm-bpf/Makefile
+@@ -0,0 +1,36 @@
++#
++# Copyright (C) 2006-2016 OpenWrt.org
++#
++# This is free software, licensed under the GNU General Public License v2.
++# See /LICENSE for more information.
++#
++include $(TOPDIR)/rules.mk
++
++PKG_NAME:=llvm-project
++PKG_VERSION:=13.0.0
++PKG_RELEASE:=1
++
++PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).src.tar.xz
++PKG_SOURCE_URL:=https://github.com/llvm/llvm-project/releases/download/llvmorg-$(PKG_VERSION)
++PKG_HASH:=6075ad30f1ac0e15f07c1bf062c1e1268c241d674f11bd32cdf0e040c71f2bf3
++
++HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-$(PKG_VERSION).src
++
++HOST_BUILD_PARALLEL:=1
++
++CMAKE_BINARY_SUBDIR := build
++CMAKE_SOURCE_SUBDIR := llvm
++
++include $(INCLUDE_DIR)/host-build.mk
++include $(INCLUDE_DIR)/cmake.mk
++
++CMAKE_HOST_OPTIONS += \
++	-DLLVM_ENABLE_BINDINGS=OFF \
++	-DLLVM_INCLUDE_DOCS=OFF \
++	-DLLVM_INCLUDE_EXAMPLES=OFF \
++	-DLLVM_INCLUDE_TESTS=OFF \
++	-DLLVM_ENABLE_PROJECTS="clang;lld" \
++	-DLLVM_TARGETS_TO_BUILD=BPF \
++	-DCLANG_BUILD_EXAMPLES=OFF
++
++$(eval $(call HostBuild))
+-- 
+2.25.1
+

backports/0053-llvm-bpf-move-to-staging_dir-host-llvm-bpf.patch

@@ -0,0 +1,40 @@
+From 103a743e7ca4a2e98969d0f60d8aeb6cc7641f67 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 2 Nov 2021 19:38:12 +0100
+Subject: [PATCH 053/102] llvm-bpf: move to staging_dir/host/llvm-bpf
+
+This makes it easier to package it up for the download server
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ tools/llvm-bpf/Makefile | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/tools/llvm-bpf/Makefile b/tools/llvm-bpf/Makefile
+index a5ba2a4cb7..ae279d26d2 100644
+--- a/tools/llvm-bpf/Makefile
++++ b/tools/llvm-bpf/Makefile
+@@ -24,6 +24,8 @@ CMAKE_SOURCE_SUBDIR := llvm
+ include $(INCLUDE_DIR)/host-build.mk
+ include $(INCLUDE_DIR)/cmake.mk
+ 
++CMAKE_HOST_INSTALL_PREFIX = $(STAGING_DIR_HOST)/llvm-bpf
++
+ CMAKE_HOST_OPTIONS += \
+ 	-DLLVM_ENABLE_BINDINGS=OFF \
+ 	-DLLVM_INCLUDE_DOCS=OFF \
+@@ -31,6 +33,10 @@ CMAKE_HOST_OPTIONS += \
+ 	-DLLVM_INCLUDE_TESTS=OFF \
+ 	-DLLVM_ENABLE_PROJECTS="clang;lld" \
+ 	-DLLVM_TARGETS_TO_BUILD=BPF \
+-	-DCLANG_BUILD_EXAMPLES=OFF
++	-DCLANG_BUILD_EXAMPLES=OFF \
++	-DLLVM_INSTALL_TOOLCHAIN_ONLY=ON \
++	-DLLVM_LINK_LLVM_DYLIB=ON \
++	-DLLVM_TOOLCHAIN_TOOLS="llvm-objcopy;llvm-objdump;llvm-readelf;llvm-strip;llvm-ar;llvm-as;llvm-dis;llvm-link;llvm-nm;llvm-ranlib;llc;opt" \
++	-DCMAKE_SKIP_RPATH=OFF
+ 
+ $(eval $(call HostBuild))
+-- 
+2.25.1
+

backports/0054-build-fix-bpf-toolchain-dependency-for-qosify.patch

@@ -0,0 +1,103 @@
+From a368d456ba1e9198fd8f473b7e82c0e066e4eb82 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 1 Nov 2021 18:40:03 +0100
+Subject: [PATCH 054/102] build: fix bpf toolchain dependency for qosify
+
+Add hidden symbols to fix defaults with CONFIG_DEVEL unset
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ include/bpf.mk      |  2 ++
+ toolchain/Config.in | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ tools/Makefile      |  2 +-
+ 3 files changed, 48 insertions(+), 1 deletion(-)
+
+diff --git a/include/bpf.mk b/include/bpf.mk
+index 3dc65c7685..5211ec4434 100644
+--- a/include/bpf.mk
++++ b/include/bpf.mk
+@@ -1,3 +1,5 @@
++BPF_DEPENDS := @HAS_BPF_TOOLCHAIN
++
+ ifneq ($(CONFIG_BPF_TOOLCHAIN_HOST),)
+   BPF_TOOLCHAIN_HOST_PATH:=$(call qstrip,$(CONFIG_BPF_TOOLCHAIN_HOST_PATH))
+   ifneq ($(BPF_TOOLCHAIN_HOST_PATH),)
+diff --git a/toolchain/Config.in b/toolchain/Config.in
+index 9062d6f65e..997cff59e4 100644
+--- a/toolchain/Config.in
++++ b/toolchain/Config.in
+@@ -44,6 +44,32 @@ config BUILD_LLVM_BPF
+ 	  If this is not enabled, eBPF packages can only be built if the host
+ 	  has a suitable toolchain
+ 
++	choice BPF_TOOLCHAIN
++		prompt "BPF toolchain" if DEVEL
++		default BPF_TOOLCHAIN_NONE
++
++		config BPF_TOOLCHAIN_NONE
++			bool "None"
++
++		config BPF_TOOLCHAIN_HOST
++			select USE_LLVM_HOST
++			bool "Use host LLVM toolchain"
++
++		config BPF_TOOLCHAIN_BUILD_LLVM
++			select USE_LLVM_BUILD
++			bool "Build LLVM toolchain for eBPF"
++			help
++			  If enabled, a LLVM toolchain for building eBPF binaries will be built.
++			  If this is not enabled, eBPF packages can only be built if the host
++			  has a suitable toolchain
++	endchoice
++
++	config BPF_TOOLCHAIN_HOST_PATH
++		string
++		depends on BPF_TOOLCHAIN_HOST
++		prompt "Host LLVM toolchain path (prefix)" if DEVEL
++		default "/usr/local/opt/llvm" if HOST_OS_MACOS
++		default ""
+ 
+ menuconfig EXTERNAL_TOOLCHAIN
+ 	bool
+@@ -266,6 +292,25 @@ config GDB
+ 	help
+ 	  Enable if you want to build the gdb.
+ 
++config GDB_PYTHON
++	bool
++	depends on GDB
++	prompt "Build gdb with python binding"
++	
++	help
++	  Enable the python bindings for GDB to allow using python in the gdb shell.
++
++config HAS_BPF_TOOLCHAIN
++	bool
++
++config USE_LLVM_HOST
++	select HAS_BPF_TOOLCHAIN
++	bool
++
++config USE_LLVM_BUILD
++	select HAS_BPF_TOOLCHAIN
++	bool
++
+ config USE_GLIBC
+ 	default y if !TOOLCHAINOPTS && !EXTERNAL_TOOLCHAIN && !NATIVE_TOOLCHAIN && (arc)
+ 	bool
+diff --git a/tools/Makefile b/tools/Makefile
+index 83147014c6..ae3cc5dfd6 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -35,7 +35,7 @@ tools-$(CONFIG_TARGET_mxs) += elftosb sdimage
+ tools-$(CONFIG_TARGET_tegra) += cbootimage cbootimage-configs
+ tools-$(CONFIG_USES_MINOR) += kernel2minor
+ tools-$(CONFIG_USE_SPARSE) += sparse
+-tools-$(CONFIG_BUILD_LLVM_BPF) += llvm-bpf
++tools-$(CONFIG_USE_LLVM_BUILD) += llvm-bpf
+ 
+ # builddir dependencies
+ $(curdir)/autoconf/compile := $(curdir)/m4/compile
+-- 
+2.25.1
+

backports/0055-include-bpf.mk-fix-typo.patch

@@ -0,0 +1,26 @@
+From 2ae5b19a52da190ea342ec4210523407837c58ea Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 2 Nov 2021 09:56:10 +0100
+Subject: [PATCH 055/102] include/bpf.mk: fix typo
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ include/bpf.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/bpf.mk b/include/bpf.mk
+index 5211ec4434..6223648c5d 100644
+--- a/include/bpf.mk
++++ b/include/bpf.mk
+@@ -5,7 +5,7 @@ ifneq ($(CONFIG_BPF_TOOLCHAIN_HOST),)
+   ifneq ($(BPF_TOOLCHAIN_HOST_PATH),)
+     BPF_PATH:=$(BPF_TOOLCHAIN_HOST_PATH)/bin:$(PATH)
+   else
+-    BPF_PATH:=$(BPF_PATH)
++    BPF_PATH:=$(PATH)
+   endif
+   CLANG:=$(firstword $(shell PATH='$(BPF_PATH)' which clang clang-13 clang-12 clang-11))
+   LLVM_VER:=$(subst clang,,$(notdir $(CLANG)))
+-- 
+2.25.1
+

backports/0056-include-bpf.mk-fix-compile-for-big-endian-targets.patch

@@ -0,0 +1,39 @@
+From aff796bf3e60d7f09e5ca500cbf59221211dd218 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 2 Nov 2021 10:39:35 +0100
+Subject: [PATCH 056/102] include/bpf.mk: fix compile for big-endian targets
+
+llvm-opt and llc need endian flags in the target as well
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ include/bpf.mk | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/include/bpf.mk b/include/bpf.mk
+index 6223648c5d..9636ad5165 100644
+--- a/include/bpf.mk
++++ b/include/bpf.mk
+@@ -22,6 +22,7 @@ LLVM_STRIP:=$(LLVM_PATH)/llvm-strip$(LLVM_VER)
+ 
+ BPF_KARCH:=mips
+ BPF_ARCH:=mips$(if $(CONFIG_BIG_ENDIAN),,el)
++BPF_TARGET:=bpf$(if $(CONFIG_BIG_ENDIAN),eb,el)
+ 
+ BPF_HEADERS_DIR:=$(STAGING_DIR)/bpf-headers
+ 
+@@ -59,9 +60,9 @@ BPF_CFLAGS := \
+ define CompileBPF
+ 	$(CLANG) -g -target $(BPF_ARCH)-linux-gnu $(BPF_CFLAGS) $(2) \
+ 		-c $(1) -o $(patsubst %.c,%.bc,$(1))
+-	$(LLVM_OPT) -O2 -mtriple=bpf-pc-linux < $(patsubst %.c,%.bc,$(1)) > $(patsubst %.c,%.opt,$(1))
++	$(LLVM_OPT) -O2 -mtriple=$(BPF_TARGET) < $(patsubst %.c,%.bc,$(1)) > $(patsubst %.c,%.opt,$(1))
+ 	$(LLVM_DIS) < $(patsubst %.c,%.opt,$(1)) > $(patsubst %.c,%.S,$(1))
+-	$(LLVM_LLC) -march=bpf -filetype=obj -o $(patsubst %.c,%.o,$(1)) < $(patsubst %.c,%.S,$(1))
++	$(LLVM_LLC) -march=$(BPF_TARGET) -filetype=obj -o $(patsubst %.c,%.o,$(1)) < $(patsubst %.c,%.S,$(1))
+ 	$(LLVM_STRIP) --strip-debug $(patsubst %.c,%.o,$(1))
+ endef
+ 
+-- 
+2.25.1
+

backports/0057-include-bpf.mk-add-LD_LIBRARY_PATH.patch

@@ -0,0 +1,34 @@
+From d05fae42794c5fe76509935b1e8f900e1d17d9f0 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Fri, 5 Nov 2021 10:46:00 +0100
+Subject: [PATCH] include/bpf.mk: add LD_LIBRARY_PATH
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ include/bpf.mk | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/include/bpf.mk b/include/bpf.mk
+index 9636ad5165..2f797625b6 100644
+--- a/include/bpf.mk
++++ b/include/bpf.mk
+@@ -58,11 +58,16 @@ BPF_CFLAGS := \
+ 	-O2 -emit-llvm -Xclang -disable-llvm-passes
+ 
+ define CompileBPF
++	LD_LIBRARY_PATH=$(LD_LIBRARY_PATH):$(STAGING_DIR_HOST)/lib \
+ 	$(CLANG) -g -target $(BPF_ARCH)-linux-gnu $(BPF_CFLAGS) $(2) \
+ 		-c $(1) -o $(patsubst %.c,%.bc,$(1))
++	LD_LIBRARY_PATH=$(LD_LIBRARY_PATH):$(STAGING_DIR_HOST)/lib \
+ 	$(LLVM_OPT) -O2 -mtriple=$(BPF_TARGET) < $(patsubst %.c,%.bc,$(1)) > $(patsubst %.c,%.opt,$(1))
++	LD_LIBRARY_PATH=$(LD_LIBRARY_PATH):$(STAGING_DIR_HOST)/lib \
+ 	$(LLVM_DIS) < $(patsubst %.c,%.opt,$(1)) > $(patsubst %.c,%.S,$(1))
++	LD_LIBRARY_PATH=$(LD_LIBRARY_PATH):$(STAGING_DIR_HOST)/lib \
+ 	$(LLVM_LLC) -march=$(BPF_TARGET) -filetype=obj -o $(patsubst %.c,%.o,$(1)) < $(patsubst %.c,%.S,$(1))
++	LD_LIBRARY_PATH=$(LD_LIBRARY_PATH):$(STAGING_DIR_HOST)/lib \
+ 	$(LLVM_STRIP) --strip-debug $(patsubst %.c,%.o,$(1))
+ endef
+ 
+-- 
+2.25.1
+

docker/Dockerfile

@@ -6,6 +6,7 @@ RUN apt-get update \
             time git-core build-essential gcc-multilib clang \
             libncurses5-dev zlib1g-dev gawk flex gettext wget unzip python \
             python3 python3-pip python3-yaml libssl-dev rsync llvm llvm-12 \
+            clang-12 \
     && apt-get clean
 RUN git config --global user.email "you@example.com"
 RUN git config --global user.name "Your Name"

feeds/openflow/openvswitch/Makefile

@@ -17,7 +17,7 @@ include ./openvswitch.mk
 #
 PKG_NAME:=openvswitch
 PKG_VERSION:=$(ovs_version)
-PKG_RELEASE:=9
+PKG_RELEASE:=10
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
 PKG_HASH:=5c7baed537364d43af36c15dde298c95d35cb2cb3204b4d3fe9b0fc73c97f16d

feeds/openflow/openvswitch/files/openvswitch.init

@@ -121,6 +121,7 @@ ovs_bridge_port_add() {
 	}
 
 	ovs-vsctl --may-exist add-port "$name" "$port" ${type:+ -- set interface "$port" type="$type"}
+	ovs_bridge_port_up "$port"
 	__port_list="$__port_list ${port} "
 }
 
@@ -162,6 +163,7 @@ ovs_bridge_port_add_complex() {
 	ovs-vsctl --may-exist add-port "$bridge" "$port" ${tag:+tag="$tag"} \
 		${ofport:+ -- set interface "$port" ofport_request="$ofport"} \
 		${type:+ -- set interface "$port" type="$type"}
+	ovs_bridge_port_up "$port"
 	__port_list="$__port_list ${port} "
 }
 
@@ -174,6 +176,12 @@ ovs_bridge_port_cleanup() {
 	done
 }
 
+ovs_bridge_port_up() {
+	local port="$1"
+
+	ip link set dev "$port" up
+}
+
 ovs_bridge_validate_datapath_id() {
 	local dpid="$1"
 

feeds/tip/luci/luci-mod-ucentral/htdocs/luci-static/resources/view/ucentral/system.js

@@ -79,9 +79,10 @@ return view.extend({
 
 				var cntbtn = E('button', {
 					'class': 'btn cbi-button-action important',
-					'click': ui.createHandlerFn(this, 'handleSysupgradeConfirm', btn),
-					'disabled': !is_valid
+					'click': ui.createHandlerFn(this, 'handleSysupgradeConfirm', btn)
 				}, [ _('Continue') ]);
+				if (!is_valid)
+					cntbtn.disabled = true;
 
 				body.push(E('div', { 'class': 'right' }, [
 					E('button', {

feeds/tip/maverick/files/usr/libexec/ucentral/maverick.sh

@@ -45,8 +45,6 @@ config_foreach delete_forwarding forwarding
 
 uci commit
 
-/etc/init.d/uhttpd enable
 /etc/init.d/uhttpd start
-/etc/init.d/ucentral stop
 
 reload_config

feeds/ucentral/atfpolicy/Makefile

@@ -0,0 +1,36 @@
+#
+# Copyright (C) 2021 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=atfpolicy
+PKG_VERSION:=1
+
+PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/atfpolicy
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=A simple daemon for handling airtime fairness prioritization
+  DEPENDS:=+libubox +libubus +libnl-tiny 
+endef
+
+TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/libnl-tiny
+
+define Package/atfpolicy/install
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/atfpolicy $(1)/usr/sbin/
+	$(INSTALL_BIN) ./files/atfpolicy.init $(1)/etc/init.d/atfpolicy
+	$(INSTALL_DATA) ./files/atfpolicy.conf $(1)/etc/config/atfpolicy
+endef
+
+$(eval $(call BuildPackage,atfpolicy))

feeds/ucentral/atfpolicy/files/atfpolicy.conf

@@ -0,0 +1,8 @@
+config defaults
+	option vo_queue_weight 4
+	option update_pkt_threshold 100
+	option bulk_percent_thresh 50
+	option prio_percent_thresh 30
+	option weight_normal 256
+	option weight_prio 512
+	option weight_bulk 128

feeds/ucentral/atfpolicy/files/atfpolicy.init

@@ -0,0 +1,57 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2021 OpenWrt.org
+
+START=50
+
+USE_PROCD=1
+PROG=/usr/sbin/atfpolicy
+
+add_option() {
+	local type="$1"
+	local name="$2"
+
+	config_get val "$cfg" "$name"
+
+	[ -n "$val" ] && json_add_$type "$name" "$val"
+}
+
+add_defaults() {
+	cfg="$1"
+
+	json_add_boolean reset 1
+
+	add_option int vo_queue_weight
+	add_option int update_pkt_threshold
+	add_option int bulk_percent_thresh
+	add_option int prio_percent_thresh
+	add_option int weight_normal
+	add_option int weight_prio
+	add_option int weight_bulk
+}
+
+
+reload_service() {
+	json_init
+
+	config_load atfpolicy
+
+	config_foreach add_defaults defaults
+
+	ubus call atfpolicy config "$(json_dump)"
+}
+
+service_triggers() {
+	procd_add_reload_trigger atfpolicy
+}
+
+start_service() {
+	procd_open_instance
+	procd_set_param command "$PROG"
+	procd_set_param respawn
+	procd_close_instance
+}
+
+service_started() {
+	ubus -t 10 wait_for atfpolicy
+	[ $? = 0 ] && reload_service
+}

feeds/ucentral/atfpolicy/src/CMakeLists.txt

@@ -0,0 +1,15 @@
+cmake_minimum_required(VERSION 3.10)
+
+PROJECT(atfpolicy C)
+
+ADD_DEFINITIONS(-Os -Wall -Wno-unknown-warning-option -Wno-array-bounds -Wno-format-truncation -Werror --std=gnu99)
+
+SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+
+find_library(nl NAMES nl-tiny)
+ADD_EXECUTABLE(atfpolicy main.c ubus.c interface.c nl80211.c)
+TARGET_LINK_LIBRARIES(atfpolicy ${nl} ubox ubus)
+
+INSTALL(TARGETS atfpolicy
+	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
+)

feeds/ucentral/atfpolicy/src/atf.h

@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
+#ifndef __ATF_H
+#define __ATF_H
+
+#include <net/if.h>
+#include <stdint.h>
+
+#include <libubox/avl.h>
+
+#define ATF_AVG_SCALE	12
+
+#define ATF_AVG_WEIGHT_FACTOR	3
+#define ATF_AVG_WEIGHT_DIV	4
+
+#define MAC_ADDR_FMT "%02x:%02x:%02x:%02x:%02x:%02x"
+#define MAC_ADDR_DATA(_a) \
+	((const uint8_t *)(_a))[0], \
+	((const uint8_t *)(_a))[1], \
+	((const uint8_t *)(_a))[2], \
+	((const uint8_t *)(_a))[3], \
+	((const uint8_t *)(_a))[4], \
+	((const uint8_t *)(_a))[5]
+
+#define D(format, ...) do { \
+	if (debug_flag) \
+		fprintf(stderr, "DEBUG: %s(%d) " format "\n", __func__, __LINE__, ## __VA_ARGS__); \
+	} while (0)
+
+struct atf_config {
+	int voice_queue_weight;
+	int min_pkt_thresh;
+
+	int bulk_percent_thresh;
+	int prio_percent_thresh;
+
+	int weight_normal;
+	int weight_prio;
+	int weight_bulk;
+};
+
+struct atf_interface {
+	struct avl_node avl;
+
+	char ifname[IFNAMSIZ + 1];
+	uint32_t ubus_obj;
+
+	struct avl_tree stations;
+};
+
+struct atf_stats {
+	uint64_t bulk, normal, prio;
+};
+
+struct atf_station {
+	struct avl_node avl;
+	uint8_t macaddr[6];
+	bool present;
+
+	uint8_t stats_idx;
+	struct atf_stats stats[2];
+
+	uint16_t avg_bulk;
+	uint16_t avg_prio;
+
+	int weight;
+};
+
+extern struct atf_config config;
+extern int debug_flag;
+
+void reset_config(void);
+
+struct atf_interface *atf_interface_get(const char *ifname);
+void atf_interface_sta_update(struct atf_interface *iface);
+struct atf_station *atf_interface_sta_get(struct atf_interface *iface, uint8_t *macaddr);
+void atf_interface_sta_changed(struct atf_interface *iface, struct atf_station *sta);
+void atf_interface_sta_flush(struct atf_interface *iface);
+void atf_interface_update_all(void);
+
+int atf_ubus_init(void);
+void atf_ubus_stop(void);
+void atf_ubus_set_sta_weight(struct atf_interface *iface, struct atf_station *sta);
+
+int atf_nl80211_init(void);
+int atf_nl80211_interface_update(struct atf_interface *iface);
+
+#endif

feeds/ucentral/atfpolicy/src/interface.c

@@ -0,0 +1,108 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
+#include <string.h>
+#include <stdlib.h>
+
+#include <libubox/avl-cmp.h>
+
+#include "atf.h"
+
+static AVL_TREE(interfaces, avl_strcmp, false, NULL);
+
+#ifndef container_of_safe
+#define container_of_safe(ptr, type, member) \
+	(ptr ? container_of(ptr, type, member) : NULL)
+#endif
+
+static int avl_macaddr_cmp(const void *k1, const void *k2, void *ptr)
+{
+	return memcmp(k1, k2, 6);
+}
+
+void atf_interface_sta_update(struct atf_interface *iface)
+{
+	struct atf_station *sta;
+
+	avl_for_each_element(&iface->stations, sta, avl)
+		sta->present = false;
+}
+
+struct atf_station *atf_interface_sta_get(struct atf_interface *iface, uint8_t *macaddr)
+{
+	struct atf_station *sta;
+
+	sta = avl_find_element(&iface->stations, macaddr, sta, avl);
+	if (sta)
+		goto out;
+
+	sta = calloc(1, sizeof(*sta));
+	memcpy(sta->macaddr, macaddr, sizeof(sta->macaddr));
+	sta->avl.key = sta->macaddr;
+	sta->weight = -1;
+	avl_insert(&iface->stations, &sta->avl);
+
+out:
+	sta->present = true;
+	return sta;
+}
+
+void atf_interface_sta_flush(struct atf_interface *iface)
+{
+	struct atf_station *sta, *tmp;
+
+	avl_for_each_element_safe(&iface->stations, sta, avl, tmp) {
+		if (sta->present)
+			continue;
+
+		avl_delete(&iface->stations, &sta->avl);
+		free(sta);
+	}
+}
+
+void atf_interface_sta_changed(struct atf_interface *iface, struct atf_station *sta)
+{
+	int weight;
+
+	if (sta->avg_prio > config.prio_percent_thresh)
+		weight = config.weight_prio;
+	else if (sta->avg_prio > config.bulk_percent_thresh)
+		weight = config.weight_bulk;
+	else
+		weight = config.weight_normal;
+
+	if (sta->weight == weight)
+		return;
+
+	sta->weight = weight;
+	atf_ubus_set_sta_weight(iface, sta);
+}
+
+struct atf_interface *atf_interface_get(const char *ifname)
+{
+	struct atf_interface *iface;
+
+	iface = avl_find_element(&interfaces, ifname, iface, avl);
+	if (iface)
+		return iface;
+
+	if (strlen(ifname) + 1 > sizeof(iface->ifname))
+		return NULL;
+
+	iface = calloc(1, sizeof(*iface));
+	strcpy(iface->ifname, ifname);
+	iface->avl.key = iface->ifname;
+	avl_init(&iface->stations, avl_macaddr_cmp, false, NULL);
+	avl_insert(&interfaces, &iface->avl);
+
+	return iface;
+}
+
+void atf_interface_update_all(void)
+{
+	struct atf_interface *iface, *tmp;
+
+	avl_for_each_element_safe(&interfaces, iface, avl, tmp)
+		atf_nl80211_interface_update(iface);
+}

feeds/ucentral/atfpolicy/src/main.c

@@ -0,0 +1,62 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
+#include <stdio.h>
+#include <string.h>
+#include <getopt.h>
+
+#include <libubox/uloop.h>
+
+#include "atf.h"
+
+struct atf_config config;
+int debug_flag;
+
+void reset_config(void)
+{
+	memset(&config, 0, sizeof(config));
+
+	config.voice_queue_weight = 4;
+	config.min_pkt_thresh = 100;
+
+	config.bulk_percent_thresh = (50 << ATF_AVG_SCALE) / 100;
+	config.prio_percent_thresh = (30 << ATF_AVG_SCALE) / 100;
+
+	config.weight_normal = 256;
+	config.weight_bulk = 128;
+	config.weight_prio = 512;
+}
+
+static void atf_update_cb(struct uloop_timeout *t)
+{
+	atf_interface_update_all();
+	uloop_timeout_set(t, 1000);
+}
+
+int main(int argc, char **argv)
+{
+	static struct uloop_timeout update_timer = {
+		.cb = atf_update_cb,
+	};
+	int ch;
+
+	while ((ch = getopt(argc, argv, "d")) != -1) {
+		switch (ch) {
+		case 'd':
+			debug_flag = 1;
+			break;
+		}
+	}
+
+	reset_config();
+	uloop_init();
+	atf_ubus_init();
+	atf_nl80211_init();
+	atf_update_cb(&update_timer);
+	uloop_run();
+	atf_ubus_stop();
+	uloop_done();
+
+	return 0;
+}

feeds/ucentral/atfpolicy/src/nl80211.c

@@ -0,0 +1,174 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
+#define _GNU_SOURCE
+#include <linux/nl80211.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <net/if.h>
+#include <unl.h>
+
+#include "atf.h"
+
+static struct unl unl;
+
+static void
+atf_parse_tid_stats(struct atf_interface *iface, struct atf_stats *stats,
+		    int tid, struct nlattr *attr)
+{
+	struct nlattr *tb[NL80211_TID_STATS_MAX + 1];
+	uint64_t msdu;
+
+	if (nla_parse_nested(tb, NL80211_TID_STATS_MAX, attr, NULL))
+		return;
+
+	if (!tb[NL80211_TID_STATS_TX_MSDU])
+		return;
+
+	msdu = nla_get_u64(tb[NL80211_TID_STATS_TX_MSDU]);
+	switch (tid) {
+	case 0:
+	case 3:
+		/* BE */
+		stats->normal += msdu;
+		break;
+	case 1:
+	case 2:
+		/* BK */
+		stats->bulk += msdu;
+		break;
+	case 4:
+	case 5:
+		/* VI */
+		stats->prio += msdu;
+		break;
+	case 6:
+	case 7:
+		stats->prio += msdu * config.voice_queue_weight;
+		/* VO */
+		break;
+	default:
+		break;
+	}
+}
+
+static uint64_t atf_stats_total(struct atf_stats *stats)
+{
+	return stats->normal + stats->prio + stats->bulk;
+}
+
+static void atf_stats_diff(struct atf_stats *dest, struct atf_stats *cur, struct atf_stats *prev)
+{
+	dest->normal = cur->normal - prev->normal;
+	dest->prio = cur->prio - prev->prio;
+	dest->bulk = cur->bulk - prev->bulk;
+}
+
+static uint16_t atf_stats_avg(uint16_t avg, uint64_t cur, uint32_t total)
+{
+	cur <<= ATF_AVG_SCALE;
+	cur /= total;
+
+	if (!avg)
+		return (uint16_t)cur;
+
+	avg *= ATF_AVG_WEIGHT_FACTOR;
+	avg += cur * (ATF_AVG_WEIGHT_DIV - ATF_AVG_WEIGHT_FACTOR);
+	avg /= ATF_AVG_WEIGHT_DIV;
+
+	if (!avg)
+		avg = 1;
+
+	return avg;
+}
+
+
+static void atf_sta_update_avg(struct atf_station *sta, struct atf_stats *cur)
+{
+	uint64_t total = atf_stats_total(cur);
+
+	D("sta "MAC_ADDR_FMT" total pkts: total=%d bulk=%d normal=%d prio=%d",
+		MAC_ADDR_DATA(sta->macaddr), (uint32_t)total,
+		(uint32_t)cur->bulk, (uint32_t)cur->normal, (uint32_t)cur->prio);
+	if (total < config.min_pkt_thresh)
+		return;
+
+	sta->avg_bulk = atf_stats_avg(sta->avg_bulk, cur->bulk, total);
+	sta->avg_prio = atf_stats_avg(sta->avg_prio, cur->prio, total);
+	D("avg bulk=%d prio=%d",
+		(sta->avg_bulk * 100) >> ATF_AVG_SCALE,
+		(sta->avg_prio * 100) >> ATF_AVG_SCALE);
+	sta->stats_idx = !sta->stats_idx;
+}
+
+static int
+atf_sta_cb(struct nl_msg *msg, void *arg)
+{
+	struct atf_interface *iface = arg;
+	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+	struct nlattr *tb[NL80211_ATTR_MAX + 1];
+	struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
+	struct atf_station *sta;
+	struct atf_stats *stats, diff = {};
+	struct nlattr *cur;
+	int idx = 0;
+	int rem;
+
+	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+		  genlmsg_attrlen(gnlh, 0), NULL);
+
+	if (!tb[NL80211_ATTR_STA_INFO] || !tb[NL80211_ATTR_MAC])
+		return NL_SKIP;
+
+	if (nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
+			     tb[NL80211_ATTR_STA_INFO], NULL))
+		return NL_SKIP;
+
+	if (!sinfo[NL80211_STA_INFO_TID_STATS])
+		return NL_SKIP;
+
+	sta = atf_interface_sta_get(iface, nla_data(tb[NL80211_ATTR_MAC]));
+	if (!sta)
+		return NL_SKIP;
+
+	stats = &sta->stats[sta->stats_idx];
+	memset(stats, 0, sizeof(*stats));
+	nla_for_each_nested(cur, sinfo[NL80211_STA_INFO_TID_STATS], rem)
+		atf_parse_tid_stats(iface, stats, idx++, cur);
+
+	atf_stats_diff(&diff, stats, &sta->stats[!sta->stats_idx]);
+	atf_sta_update_avg(sta, &diff);
+	atf_interface_sta_changed(iface, sta);
+
+	return NL_SKIP;
+}
+
+int atf_nl80211_interface_update(struct atf_interface *iface)
+{
+	struct nl_msg *msg;
+	int ifindex;
+
+	ifindex = if_nametoindex(iface->ifname);
+	if (!ifindex)
+		return -1;
+
+	atf_interface_sta_update(iface);
+
+	msg = unl_genl_msg(&unl, NL80211_CMD_GET_STATION, true);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
+	unl_genl_request(&unl, msg, atf_sta_cb, iface);
+
+	atf_interface_sta_flush(iface);
+
+	return 0;
+
+nla_put_failure:
+	nlmsg_free(msg);
+	return -1;
+}
+
+int atf_nl80211_init(void)
+{
+	return unl_genl_init(&unl, "nl80211");
+}

feeds/ucentral/atfpolicy/src/ubus.c

@@ -0,0 +1,164 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
+#include <libubus.h>
+
+#include "atf.h"
+
+#define HOSTAPD_PREFIX "hostapd."
+
+static struct ubus_auto_conn conn;
+static struct blob_buf b;
+
+enum {
+	ATF_CONFIG_RESET,
+	ATF_CONFIG_VO_Q_WEIGHT,
+	ATF_CONFIG_MIN_PKT_THRESH,
+	ATF_CONFIG_BULK_PERCENT_THR,
+	ATF_CONFIG_PRIO_PERCENT_THR,
+
+	ATF_CONFIG_WEIGHT_NORMAL,
+	ATF_CONFIG_WEIGHT_PRIO,
+	ATF_CONFIG_WEIGHT_BULK,
+	__ATF_CONFIG_MAX
+};
+
+static const struct blobmsg_policy atf_config_policy[__ATF_CONFIG_MAX] = {
+	[ATF_CONFIG_VO_Q_WEIGHT] = { "vo_queue_weight", BLOBMSG_TYPE_INT32 },
+	[ATF_CONFIG_MIN_PKT_THRESH] = { "update_pkt_threshold", BLOBMSG_TYPE_INT32 },
+	[ATF_CONFIG_BULK_PERCENT_THR] = { "bulk_percent_thresh", BLOBMSG_TYPE_INT32 },
+	[ATF_CONFIG_PRIO_PERCENT_THR] = { "prio_percent_thresh", BLOBMSG_TYPE_INT32 },
+	[ATF_CONFIG_WEIGHT_NORMAL] = { "weight_normal", BLOBMSG_TYPE_INT32 },
+	[ATF_CONFIG_WEIGHT_PRIO] = { "weight_prio", BLOBMSG_TYPE_INT32 },
+	[ATF_CONFIG_WEIGHT_BULK] = { "weight_bulk", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+atf_ubus_config(struct ubus_context *ctx, struct ubus_object *obj,
+		struct ubus_request_data *req, const char *method,
+		struct blob_attr *msg)
+{
+	struct blob_attr *tb[__ATF_CONFIG_MAX];
+	struct blob_attr *cur;
+	static const struct {
+		int id;
+		int *field;
+	} field_map[] = {
+		{ ATF_CONFIG_VO_Q_WEIGHT, &config.voice_queue_weight },
+		{ ATF_CONFIG_MIN_PKT_THRESH, &config.min_pkt_thresh },
+		{ ATF_CONFIG_BULK_PERCENT_THR, &config.bulk_percent_thresh },
+		{ ATF_CONFIG_PRIO_PERCENT_THR, &config.prio_percent_thresh },
+		{ ATF_CONFIG_WEIGHT_NORMAL, &config.weight_normal },
+		{ ATF_CONFIG_WEIGHT_PRIO, &config.weight_prio },
+		{ ATF_CONFIG_WEIGHT_BULK, &config.weight_bulk },
+	};
+	bool reset = false;
+	int i;
+
+	blobmsg_parse(atf_config_policy, __ATF_CONFIG_MAX, tb,
+		      blobmsg_data(msg), blobmsg_len(msg));
+
+	if ((cur = tb[ATF_CONFIG_RESET]) != NULL)
+		reset = blobmsg_get_bool(cur);
+
+	if (reset)
+		reset_config();
+
+	for (i = 0; i < ARRAY_SIZE(field_map); i++) {
+		if ((cur = tb[field_map[i].id]) != NULL)
+			*(field_map[i].field) = blobmsg_get_u32(cur);
+	}
+
+	return 0;
+}
+
+
+static const struct ubus_method atf_methods[] = {
+	UBUS_METHOD("config", atf_ubus_config, atf_config_policy),
+};
+
+static struct ubus_object_type atf_object_type =
+	UBUS_OBJECT_TYPE("atfpolicy", atf_methods);
+
+static struct ubus_object atf_object = {
+	.name = "atfpolicy",
+	.type = &atf_object_type,
+	.methods = atf_methods,
+	.n_methods = ARRAY_SIZE(atf_methods),
+};
+
+static void
+atf_ubus_add_interface(struct ubus_context *ctx, const char *name)
+{
+	struct atf_interface *iface;
+
+	iface = atf_interface_get(name + strlen(HOSTAPD_PREFIX));
+	if (!iface)
+		return;
+
+	iface->ubus_obj = 0;
+	ubus_lookup_id(ctx, name, &iface->ubus_obj);
+	D("add interface %s", name + strlen(HOSTAPD_PREFIX));
+}
+
+static void
+atf_ubus_lookup_cb(struct ubus_context *ctx, struct ubus_object_data *obj,
+		   void *priv)
+{
+	if (!strncmp(obj->path, HOSTAPD_PREFIX, strlen(HOSTAPD_PREFIX)))
+		atf_ubus_add_interface(ctx, obj->path);
+}
+
+void atf_ubus_set_sta_weight(struct atf_interface *iface, struct atf_station *sta)
+{
+	D("set sta "MAC_ADDR_FMT" weight=%d", MAC_ADDR_DATA(sta->macaddr), sta->weight);
+	blob_buf_init(&b, 0);
+	blobmsg_printf(&b, "sta", MAC_ADDR_FMT, MAC_ADDR_DATA(sta->macaddr));
+	blobmsg_add_u32(&b, "weight", sta->weight);
+	if (ubus_invoke(&conn.ctx, iface->ubus_obj, "update_airtime", b.head, NULL, NULL, 100))
+		D("set airtime weight failed");
+}
+
+static void
+atf_ubus_event_cb(struct ubus_context *ctx, struct ubus_event_handler *ev,
+		  const char *type, struct blob_attr *msg)
+{
+	static const struct blobmsg_policy policy =
+		{ "path", BLOBMSG_TYPE_STRING };
+	struct ubus_object_data obj;
+	struct blob_attr *attr;
+
+	blobmsg_parse(&policy, 1, &attr, blobmsg_data(msg), blobmsg_len(msg));
+
+	if (!attr)
+		return;
+
+	obj.path = blobmsg_get_string(attr);
+	atf_ubus_lookup_cb(ctx, &obj, NULL);
+}
+
+static void
+ubus_connect_handler(struct ubus_context *ctx)
+{
+	static struct ubus_event_handler ev = {
+		.cb = atf_ubus_event_cb
+	};
+
+	ubus_add_object(ctx, &atf_object);
+	ubus_register_event_handler(ctx, &ev, "ubus.object.add");
+	ubus_lookup(ctx, "hostapd.*", atf_ubus_lookup_cb, NULL);
+}
+
+int atf_ubus_init(void)
+{
+	conn.cb = ubus_connect_handler;
+	ubus_auto_connect(&conn);
+
+	return 0;
+}
+
+void atf_ubus_stop(void)
+{
+	ubus_auto_shutdown(&conn);
+}

feeds/ucentral/qosify/files/qosify.conf

@@ -1,10 +1,12 @@
 config defaults
 	list defaults /etc/qosify-defaults.conf
 	option dscp_prio CS5
+	option dscp_icmp CS6
 	option dscp_bulk CS0
 	option dscp_default_udp	CS4
 	option bulk_trigger_timeout 5
-	option bulk_trigger_pps	0
+	option bulk_trigger_pps	100
+	option prio_max_avg_pkt_len 500
 
 config interface wan
 	option name wan

feeds/ucentral/qosify/files/qosify.init

@@ -30,10 +30,12 @@ add_defaults() {
 	add_option int timeout
 	add_option string dscp_prio
 	add_option string dscp_bulk
+	add_option string dscp_icmp
 	add_option string dscp_default_udp
 	add_option string dscp_default_tcp
 	add_option int bulk_trigger_timeout 
 	add_option int bulk_trigger_pps
+	add_option int prio_max_avg_pkt_len
 }
 
 add_interface() {

feeds/ucentral/qosify/src/README

@@ -0,0 +1,112 @@
+QoSify is simple daemon for setting up and managing CAKE along with a custom
+eBPF based classifier that sets DSCP fields of packets.
+
+It supports the following features:
+- simple TCP/UDP port based mapping
+- IP address based mapping
+- priority boosting based on average packet size
+- bulk flow detection based on number of packets per second
+- dynamically add IP entries with timeout
+- dns regex entries and ubus api for providing dns lookup results
+
+It can be configured via ubus call qosify config.
+
+This call supports the following parameters:
+- "reset": BOOL
+	Reset the config to defaults instead of only updating supplied values
+
+- "files": ARRAY of STRING
+	List of files with port/IP/host mappings
+
+- "timeout": INT32
+	Default timeout for dynamically added entries
+
+- "dscp_default_udp": STRING
+	Default DSCP value for UDP packets
+
+- "dscp_default_tcp": STRING
+	Default DSCP value for TCP packets
+
+- "dscp_prio": STRING
+	DSCP value for priority-marked packets
+
+- "dscp_bulk": STRING
+	DSCP value for bulk-marked packets
+
+- "dscp_icmp": STRING
+	DSCP value for ICMP packets
+
+- "bulk_trigger_pps": INT32
+	Number of packets per second to trigger bulk flow detection
+
+- "bulk_trigger_timeout": INT32
+	Time below bulk_trigger_pps threshold until a bulk flow mark is removed
+
+- "prio_max_avg_pkt_len": INT32
+	Maximum average packet length for marking a flow as priority
+
+- "interfaces": TABLE of TABLE
+	netifd interfaces to enable QoS on
+
+- "devices": TABLE of TABLE
+	netdevs to enable QoS on
+
+
+interface/device properties:
+- "bandwidth_up": STRING
+	Uplink bandwidth (same format as tc)
+
+- "bandwidth_down": STRING
+	Downlink bandwidth (same format as tc)
+
+- "ingress": BOOL
+	Enable ingress shaping
+
+- "egress": BOOL
+	Enable egress shaping
+
+- "mode": STRING
+	CAKE diffserv mode
+
+- "nat": BOOL
+	Enable CAKE NAT host detection via conntrack
+
+- "host_isolate": BOOL
+	Enable CAKE host isolation
+
+- "autorate_ingress": BOOL
+	Enable CAKE automatic rate estimation for ingress
+
+- "ingress_options": STRING
+	CAKE ingress options
+
+- "egress_options": STRING
+	CAKE egress options
+
+- "options": STRING
+	CAKE options for ingress + egress
+
+
+Mapping file syntax:
+
+Each line has two whitespace separated fields, match and dscp
+match is one of:
+- tcp:<port>[-<endport>]
+	TCP single port, or range from <port> to <endport>
+- udp:<port>[-<endport>]
+	UDP single port, or range from <port> to <endport>
+- <ipaddr>
+	IPv4 address, e.g. 1.1.1.1
+- <ipv6addr>
+	IPv6 address, e.g. ff01::1
+- dns:<regex>
+	POSIX.2 extended regular expression for matching hostnames
+	Only works, if dns lookups are passed to qosify via the add_dns_host ubus call.
+
+dscp can be a raw value, or a codepoint like CS0
+Adding a + in front of the value tells qosify to only override the DSCP value if it is zero
+
+
+Planned features:
+- Integration with dnsmasq to support hostname pattern based DSCP marking
+- Support for LAN host based priority

feeds/ucentral/qosify/src/interface.c

@@ -1,3 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
@@ -130,8 +134,9 @@ static const char *check_str(struct blob_attr *attr)
 }
 
 static void
-iface_config_set(struct qosify_iface_config *cfg, struct blob_attr *attr)
+iface_config_set(struct qosify_iface *iface, struct blob_attr *attr)
 {
+	struct qosify_iface_config *cfg = &iface->config;
 	struct blob_attr *tb[__IFACE_ATTR_MAX];
 	struct blob_attr *cur;
 
@@ -145,6 +150,7 @@ iface_config_set(struct qosify_iface_config *cfg, struct blob_attr *attr)
 	cfg->egress = true;
 	cfg->host_isolate = true;
 	cfg->autorate_ingress = true;
+	cfg->nat = !iface->device;
 
 	if ((cur = tb[IFACE_ATTR_BW_UP]) != NULL)
 		cfg->bandwidth_up = check_str(cur);
@@ -386,7 +392,7 @@ static void
 interface_set_config(struct qosify_iface *iface, struct blob_attr *config)
 {
 	iface->config_data = blob_memdup(config);
-	iface_config_set(&iface->config, iface->config_data);
+	iface_config_set(iface, iface->config_data);
 	interface_start(iface);
 }
 

feeds/ucentral/qosify/src/loader.c

@@ -1,3 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <arpa/inet.h>
@@ -35,24 +39,17 @@ static void qosify_fill_rodata(struct bpf_object *obj, uint32_t flags)
 }
 
 static int
-qosify_create_program(const char *suffix, uint32_t flags, bool *force_init)
+qosify_create_program(const char *suffix, uint32_t flags)
 {
 	DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts,
 		.pin_root_path = CLASSIFY_DATA_PATH,
 	);
 	struct bpf_program *prog;
 	struct bpf_object *obj;
-	struct stat st;
 	char path[256];
 	int err;
 
 	snprintf(path, sizeof(path), CLASSIFY_PIN_PATH "_" "%s", suffix);
-	if (!*force_init) {
-		if (stat(path, &st) == 0)
-			return 0;
-
-		*force_init = true;
-	}
 
 	obj = bpf_object__open_file(CLASSIFY_PROG_PATH, &opts);
 	err = libbpf_get_error(obj);
@@ -91,7 +88,7 @@ qosify_create_program(const char *suffix, uint32_t flags, bool *force_init)
 	return 0;
 }
 
-int qosify_loader_init(bool force_init)
+int qosify_loader_init(void)
 {
 	static const struct {
 		const char *suffix;
@@ -105,8 +102,7 @@ int qosify_loader_init(bool force_init)
 	glob_t g;
 	int i;
 
-	if (force_init &&
-	    glob(CLASSIFY_DATA_PATH "/*", 0, NULL, &g) == 0) {
+	if (glob(CLASSIFY_DATA_PATH "/*", 0, NULL, &g) == 0) {
 		for (i = 0; i < g.gl_pathc; i++)
 			unlink(g.gl_pathv[i]);
 	}
@@ -117,8 +113,7 @@ int qosify_loader_init(bool force_init)
 	qosify_init_env();
 
 	for (i = 0; i < ARRAY_SIZE(progs); i++) {
-		if (qosify_create_program(progs[i].suffix, progs[i].flags,
-				      &force_init))
+		if (qosify_create_program(progs[i].suffix, progs[i].flags))
 			return -1;
 	}
 

feeds/ucentral/qosify/src/main.c

@@ -1,3 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #include <stdio.h>
 #include <unistd.h>
 #include <stdint.h>
@@ -10,7 +14,6 @@ static int usage(const char *progname)
 {
 	fprintf(stderr, "Usage: %s [options]\n"
 		"Options:\n"
-		"	-f:		force reload of BPF programs\n"
 		"	-l <file>	Load defaults from <file>\n"
 		"	-o		only load program/maps without running as daemon\n"
 		"\n", progname);
@@ -21,14 +24,12 @@ static int usage(const char *progname)
 int main(int argc, char **argv)
 {
 	const char *load_file = NULL;
-	bool force_init = false;
 	bool oneshot = false;
 	int ch;
 
 	while ((ch = getopt(argc, argv, "fl:o")) != -1) {
 		switch (ch) {
 		case 'f':
-			force_init = true;
 			break;
 		case 'l':
 			load_file = optarg;
@@ -41,7 +42,7 @@ int main(int argc, char **argv)
 		}
 	}
 
-	if (qosify_loader_init(force_init))
+	if (qosify_loader_init())
 		return 2;
 
 	if (qosify_map_init())

feeds/ucentral/qosify/src/map.c

@@ -1,3 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #include <arpa/inet.h>
 
 #include <errno.h>
@@ -17,7 +21,8 @@ static AVL_TREE(map_data, qosify_map_entry_cmp, false, NULL);
 static LIST_HEAD(map_files);
 static uint32_t next_timeout;
 static uint8_t qosify_dscp_default[2] = { 0xff, 0xff };
-int qosify_map_timeout = 3600;
+int qosify_map_timeout;
+int qosify_active_timeout;
 struct qosify_config config;
 
 struct qosify_map_file {
@@ -34,6 +39,37 @@ static const struct {
 	[CL_MAP_IPV4_ADDR] = { "ipv4_map", "ipv4_addr" },
 	[CL_MAP_IPV6_ADDR] = { "ipv6_map", "ipv6_addr" },
 	[CL_MAP_CONFIG] = { "config", "config" },
+	[CL_MAP_DNS] = { "dns", "dns" },
+};
+
+static const struct {
+	const char name[5];
+	uint8_t val;
+} codepoints[] = {
+	{ "CS0", 0 },
+	{ "CS1", 8 },
+	{ "CS2", 16 },
+	{ "CS3", 24 },
+	{ "CS4", 32 },
+	{ "CS5", 40 },
+	{ "CS6", 48 },
+	{ "CS7", 56 },
+	{ "AF11", 10 },
+	{ "AF12", 12 },
+	{ "AF13", 14 },
+	{ "AF21", 18 },
+	{ "AF22", 20 },
+	{ "AF22", 22 },
+	{ "AF31", 26 },
+	{ "AF32", 28 },
+	{ "AF33", 30 },
+	{ "AF41", 34 },
+	{ "AF42", 36 },
+	{ "AF43", 38 },
+	{ "EF", 46 },
+	{ "VA", 44 },
+	{ "LE", 1 },
+	{ "DF", 0 },
 };
 
 static void qosify_map_timer_cb(struct uloop_timeout *t)
@@ -104,6 +140,8 @@ static void __qosify_map_set_dscp_default(enum qosify_map_id id, uint8_t val)
 	int fd = qosify_map_fds[id];
 	int i;
 
+	val |= QOSIFY_DSCP_DEFAULT_FLAG;
+
 	for (i = 0; i < (1 << 16); i++) {
 		data.addr.port = htons(i);
 		if (avl_find(&map_data, &data))
@@ -135,7 +173,7 @@ int qosify_map_init(void)
 {
 	int i;
 
-	for (i = 0; i < ARRAY_SIZE(qosify_map_fds); i++) {
+	for (i = 0; i < CL_MAP_DNS; i++) {
 		qosify_map_fds[i] = qosify_map_get_fd(i);
 		if (qosify_map_fds[i] < 0)
 			return -1;
@@ -159,38 +197,11 @@ static char *str_skip(char *str, bool space)
 static int
 qosify_map_codepoint(const char *val)
 {
-	static const struct {
-		const char name[5];
-		uint8_t val;
-	} cp[] = {
-		{ "CS0", 0 },
-		{ "CS1", 8 },
-		{ "CS2", 16 },
-		{ "CS3", 24 },
-		{ "CS4", 32 },
-		{ "CS5", 40 },
-		{ "CS6", 48 },
-		{ "CS7", 56 },
-		{ "AF11", 10 },
-		{ "AF12", 12 },
-		{ "AF13", 14 },
-		{ "AF21", 18 },
-		{ "AF22", 20 },
-		{ "AF22", 22 },
-		{ "AF31", 26 },
-		{ "AF32", 28 },
-		{ "AF33", 30 },
-		{ "AF41", 34 },
-		{ "AF42", 36 },
-		{ "AF43", 38 },
-		{ "EF", 46 },
-		{ "VA", 44 },
-	};
 	int i;
 
-	for (i = 0; i < ARRAY_SIZE(cp); i++)
-		if (!strcmp(cp[i].name, val))
-			return cp[i].val;
+	for (i = 0; i < ARRAY_SIZE(codepoints); i++)
+		if (!strcmp(codepoints[i].name, val))
+			return codepoints[i].val;
 
 	return 0xff;
 }
@@ -203,9 +214,37 @@ static int qosify_map_entry_cmp(const void *k1, const void *k2, void *ptr)
 	if (d1->id != d2->id)
 		return d2->id - d1->id;
 
+	if (d1->id == CL_MAP_DNS)
+		return strcmp(d1->addr.dns.pattern, d2->addr.dns.pattern);
+
 	return memcmp(&d1->addr, &d2->addr, sizeof(d1->addr));
 }
 
+static struct qosify_map_entry *
+__qosify_map_alloc_entry(struct qosify_map_data *data)
+{
+	struct qosify_map_entry *e;
+	char *pattern;
+
+	if (data->id < CL_MAP_DNS) {
+		e = calloc(1, sizeof(*e));
+		memcpy(&e->data.addr, &data->addr, sizeof(e->data.addr));
+
+		return e;
+	}
+
+	e = calloc_a(sizeof(*e), &pattern, strlen(data->addr.dns.pattern) + 1);
+	strcpy(pattern, data->addr.dns.pattern);
+	e->data.addr.dns.pattern = pattern;
+	if (regcomp(&e->data.addr.dns.regex, pattern,
+		    REG_EXTENDED | REG_ICASE | REG_NOSUB)) {
+		free(e);
+		return NULL;
+	}
+
+	return e;
+}
+
 static void __qosify_map_set_entry(struct qosify_map_data *data)
 {
 	int fd = qosify_map_fds[data->id];
@@ -220,10 +259,12 @@ static void __qosify_map_set_entry(struct qosify_map_data *data)
 		if (!add)
 			return;
 
-		e = calloc(1, sizeof(*e));
+		e = __qosify_map_alloc_entry(data);
+		if (!e)
+			return;
+
 		e->avl.key = &e->data;
 		e->data.id = data->id;
-		memcpy(&e->data.addr, &data->addr, sizeof(e->data.addr));
 		avl_insert(&map_data, &e->avl);
 	} else {
 		prev_dscp = e->data.dscp;
@@ -243,8 +284,14 @@ static void __qosify_map_set_entry(struct qosify_map_data *data)
 		e->data.dscp = e->data.file_dscp;
 	}
 
-	if (e->data.dscp != prev_dscp)
-		bpf_map_update_elem(fd, &data->addr, &e->data.dscp, BPF_ANY);
+	if (e->data.dscp != prev_dscp && data->id < CL_MAP_DNS) {
+		struct qosify_ip_map_val val = {
+			.dscp = e->data.dscp,
+			.seen = 1,
+		};
+
+		bpf_map_update_elem(fd, &data->addr, &val, BPF_ANY);
+	}
 
 	if (add) {
 		if (qosify_map_timeout == ~0 || file) {
@@ -313,6 +360,9 @@ int qosify_map_set_entry(enum qosify_map_id id, bool file, const char *str, uint
 	};
 
 	switch (id) {
+	case CL_MAP_DNS:
+		data.addr.dns.pattern = str;
+		break;
 	case CL_MAP_TCP_PORTS:
 	case CL_MAP_UDP_PORTS:
 		return qosify_map_set_port(&data, str);
@@ -351,6 +401,28 @@ int qosify_map_dscp_value(const char *val)
 	return dscp + (fallback << 6);
 }
 
+static void
+qosify_map_dscp_codepoint_str(char *dest, int len, uint8_t dscp)
+{
+	int i;
+
+	if (dscp & QOSIFY_DSCP_FALLBACK_FLAG) {
+		*(dest++) = '+';
+		len--;
+		dscp &= ~QOSIFY_DSCP_FALLBACK_FLAG;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(codepoints); i++) {
+		if (codepoints[i].val != dscp)
+			continue;
+
+		snprintf(dest, len, "%s", codepoints[i].name);
+		return;
+	}
+
+	snprintf(dest, len, "0x%x", dscp);
+}
+
 static void
 qosify_map_parse_line(char *str)
 {
@@ -372,6 +444,8 @@ qosify_map_parse_line(char *str)
 	if (dscp < 0)
 		return;
 
+	if (!strncmp(key, "dns:", 4))
+		qosify_map_set_entry(CL_MAP_DNS, true, key + 4, dscp);
 	if (!strncmp(key, "tcp:", 4))
 		qosify_map_set_entry(CL_MAP_TCP_PORTS, true, key + 4, dscp);
 	else if (!strncmp(key, "udp:", 4))
@@ -458,6 +532,7 @@ void qosify_map_reset_config(void)
 	qosify_map_set_dscp_default(CL_MAP_TCP_PORTS, 0);
 	qosify_map_set_dscp_default(CL_MAP_UDP_PORTS, 0);
 	qosify_map_timeout = 3600;
+	qosify_active_timeout = 300;
 
 	memset(&config, 0, sizeof(config));
 	config.dscp_prio = 0xff;
@@ -477,12 +552,44 @@ void qosify_map_reload(void)
 	qosify_map_gc();
 }
 
+static void qosify_map_free_entry(struct qosify_map_entry *e)
+{
+	int fd = qosify_map_fds[e->data.id];
+
+	avl_delete(&map_data, &e->avl);
+	if (e->data.id < CL_MAP_DNS)
+		bpf_map_delete_elem(fd, &e->data.addr);
+	free(e);
+}
+
+static bool
+qosify_map_entry_refresh_timeout(struct qosify_map_entry *e)
+{
+	struct qosify_ip_map_val val;
+	int fd = qosify_map_fds[e->data.id];
+
+	if (e->data.id != CL_MAP_IPV4_ADDR &&
+	    e->data.id != CL_MAP_IPV6_ADDR)
+		return false;
+
+	if (bpf_map_lookup_elem(fd, &e->data.addr, &val))
+		return false;
+
+	if (!val.seen)
+		return false;
+
+	e->timeout = qosify_gettime() + qosify_active_timeout;
+	val.seen = 0;
+	bpf_map_update_elem(fd, &e->data.addr, &val, BPF_ANY);
+
+	return true;
+}
+
 void qosify_map_gc(void)
 {
 	struct qosify_map_entry *e, *tmp;
 	int32_t timeout = 0;
 	uint32_t cur_time = qosify_gettime();
-	int fd;
 
 	next_timeout = 0;
 	avl_for_each_element_safe(&map_data, e, avl, tmp) {
@@ -490,6 +597,9 @@ void qosify_map_gc(void)
 
 		if (e->data.user && e->timeout != ~0) {
 			cur_timeout = e->timeout - cur_time;
+			if (cur_timeout <= 0 &&
+			    qosify_map_entry_refresh_timeout(e))
+				cur_timeout = e->timeout - cur_time;
 			if (cur_timeout <= 0) {
 				e->data.user = false;
 				e->data.dscp = e->data.file_dscp;
@@ -502,10 +612,7 @@ void qosify_map_gc(void)
 		if (e->data.file || e->data.user)
 			continue;
 
-		avl_delete(&map_data, &e->avl);
-		fd = qosify_map_fds[e->data.id];
-		bpf_map_delete_elem(fd, &e->data.addr);
-		free(e);
+		qosify_map_free_entry(e);
 	}
 
 	if (!timeout)
@@ -514,6 +621,52 @@ void qosify_map_gc(void)
 	uloop_timeout_set(&qosify_map_timer, timeout * 1000);
 }
 
+
+int qosify_map_add_dns_host(const char *host, const char *addr, const char *type, int ttl)
+{
+	struct qosify_map_data data = {
+		.id = CL_MAP_DNS,
+		.addr.dns.pattern = "",
+	};
+	struct qosify_map_entry *e;
+	int prev_timeout = qosify_map_timeout;
+
+	e = avl_find_ge_element(&map_data, &data, e, avl);
+	if (!e)
+		return 0;
+
+	memset(&data, 0, sizeof(data));
+	data.user = true;
+	if (!strcmp(type, "A"))
+		data.id = CL_MAP_IPV4_ADDR;
+	else if (!strcmp(type, "AAAA"))
+		data.id = CL_MAP_IPV6_ADDR;
+	else
+		return 0;
+
+	if (qosify_map_fill_ip(&data, addr))
+		return -1;
+
+	avl_for_element_to_last(&map_data, e, e, avl) {
+		regex_t *regex = &e->data.addr.dns.regex;
+
+		if (e->data.id != CL_MAP_DNS)
+			return 0;
+
+		if (regexec(regex, host, 0, NULL, 0) != 0)
+			continue;
+
+		if (ttl)
+			qosify_map_timeout = ttl;
+		data.dscp = e->data.dscp;
+		__qosify_map_set_entry(&data);
+		qosify_map_timeout = prev_timeout;
+	}
+
+	return 0;
+}
+
+
 void qosify_map_dump(struct blob_buf *b)
 {
 	struct qosify_map_entry *e;
@@ -543,24 +696,31 @@ void qosify_map_dump(struct blob_buf *b)
 		blobmsg_add_u8(b, "file", e->data.file);
 		blobmsg_add_u8(b, "user", e->data.user);
 
+		buf = blobmsg_alloc_string_buffer(b, "dscp", buf_len);
+		qosify_map_dscp_codepoint_str(buf, buf_len, e->data.dscp);
+		blobmsg_add_string_buffer(b);
+
 		blobmsg_add_string(b, "type", qosify_map_info[e->data.id].type_name);
 
-		buf = blobmsg_alloc_string_buffer(b, "value", buf_len);
 		switch (e->data.id) {
 		case CL_MAP_TCP_PORTS:
 		case CL_MAP_UDP_PORTS:
-			snprintf(buf, buf_len, "%d", ntohs(e->data.addr.port));
+			blobmsg_printf(b, "addr", "%d", ntohs(e->data.addr.port));
 			break;
 		case CL_MAP_IPV4_ADDR:
 		case CL_MAP_IPV6_ADDR:
+			buf = blobmsg_alloc_string_buffer(b, "addr", buf_len);
 			af = e->data.id == CL_MAP_IPV6_ADDR ? AF_INET6 : AF_INET;
 			inet_ntop(af, &e->data.addr, buf, buf_len);
+			blobmsg_add_string_buffer(b);
+			break;
+		case CL_MAP_DNS:
+			blobmsg_add_string(b, "addr", e->data.addr.dns.pattern);
 			break;
 		default:
 			*buf = 0;
 			break;
 		}
-		blobmsg_add_string_buffer(b);
 		blobmsg_close_table(b, c);
 	}
 	blobmsg_close_array(b, a);

feeds/ucentral/qosify/src/qosify-bpf.c

@@ -1,3 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #define KBUILD_MODNAME "foo"
 #include <uapi/linux/bpf.h>
 #include <uapi/linux/if_ether.h>
@@ -16,7 +20,6 @@
 #include "qosify-bpf.h"
 
 #define INET_ECN_MASK 3
-#define DSCP_FALLBACK_FLAG	BIT(6)
 
 #define FLOW_CHECK_INTERVAL	((u32)((1000000000ULL) >> 24))
 #define FLOW_TIMEOUT		((u32)((30ULL * 1000000000ULL) >> 24))
@@ -65,7 +68,7 @@ struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(pinning, 1);
 	__uint(key_size, sizeof(struct in_addr));
-	__type(value, __u8);
+	__type(value, struct qosify_ip_map_val);
 	__uint(max_entries, 100000);
 	__uint(map_flags, BPF_F_NO_PREALLOC);
 } ipv4_map SEC(".maps");
@@ -74,7 +77,7 @@ struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(pinning, 1);
 	__uint(key_size, sizeof(struct in6_addr));
-	__type(value, __u8);
+	__type(value, struct qosify_ip_map_val);
 	__uint(max_entries, 100000);
 	__uint(map_flags, BPF_F_NO_PREALLOC);
 } ipv6_map SEC(".maps");
@@ -211,33 +214,37 @@ static void
 parse_l4proto(struct qosify_config *config, struct __sk_buff *skb,
 	      __u32 offset, __u8 proto, __u8 *dscp_out)
 {
-	struct udphdr *udp = skb_ptr(skb, offset);
-	__u32 key;
+	struct udphdr *udp;
+	__u32 src, dest, key;
 	__u8 *value;
 
+	udp = skb_ptr(skb, offset);
 	if (skb_check(skb, &udp->len))
 		return;
 
-	if (module_flags & QOSIFY_INGRESS)
-		key = udp->source;
-	else
-		key = udp->dest;
-
-	if (proto == IPPROTO_TCP)
-		value = bpf_map_lookup_elem(&tcp_ports, &key);
-	else if (proto == IPPROTO_UDP)
-		value = bpf_map_lookup_elem(&udp_ports, &key);
-	else {
-		if ((proto == IPPROTO_ICMP || proto == IPPROTO_ICMPV6) &&
-		    config && config->dscp_icmp != 0xff)
-			*dscp_out = config->dscp_icmp;
+	if (config && (proto == IPPROTO_ICMP || proto == IPPROTO_ICMPV6)) {
+		*dscp_out = config->dscp_icmp;
 		return;
 	}
 
-	if (!value)
-		return;
+	src = udp->source;
+	dest = udp->dest;
 
-	if ((*value & DSCP_FALLBACK_FLAG) && *dscp_out)
+	if (module_flags & QOSIFY_INGRESS)
+		key = src;
+	else
+		key = dest;
+
+	if (proto == IPPROTO_TCP) {
+		value = bpf_map_lookup_elem(&tcp_ports, &key);
+	} else {
+		if (proto != IPPROTO_UDP)
+			key = 0;
+
+		value = bpf_map_lookup_elem(&udp_ports, &key);
+	}
+
+	if (!value)
 		return;
 
 	*dscp_out = *value;
@@ -253,9 +260,16 @@ check_flow(struct qosify_config *config, struct __sk_buff *skb,
 	__u32 hash;
 	__u32 time;
 
+	if (!(*dscp & QOSIFY_DSCP_DEFAULT_FLAG))
+		return;
+
 	if (!config)
 		return;
 
+	if (!config->bulk_trigger_pps &&
+	    !config->prio_max_avg_pkt_len)
+		return;
+
 	time = cur_time();
 	hash = bpf_get_hash_recalc(skb);
 	flow = bpf_map_lookup_elem(&flow_map, &hash);
@@ -287,7 +301,8 @@ check_flow(struct qosify_config *config, struct __sk_buff *skb,
 	if (flow->pkt_count < 0xffff)
 		flow->pkt_count++;
 
-	if (flow->pkt_count > config->bulk_trigger_pps) {
+	if (config->bulk_trigger_pps &&
+	    flow->pkt_count > config->bulk_trigger_pps) {
 		flow->dscp = config->dscp_bulk;
 		flow->bulk_timeout = config->bulk_trigger_timeout;
 	}
@@ -302,8 +317,7 @@ out:
 			flow->dscp = 0xff;
 	}
 
-	if (flow->dscp != 0xff &&
-	    !(*dscp && (flow->dscp & DSCP_FALLBACK_FLAG)))
+	if (flow->dscp != 0xff)
 		*dscp = flow->dscp;
 
 	return;
@@ -322,10 +336,12 @@ static __always_inline void
 parse_ipv4(struct __sk_buff *skb, __u32 *offset)
 {
 	struct qosify_config *config;
+	struct qosify_ip_map_val *ip_val;
 	const __u32 zero_port = 0;
 	struct iphdr *iph;
-	__u8 dscp = 0;
+	__u8 dscp = 0xff;
 	__u8 *value;
+	__u8 ipproto;
 	int hdr_len;
 	void *key;
 	bool force;
@@ -337,7 +353,7 @@ parse_ipv4(struct __sk_buff *skb, __u32 *offset)
 		return;
 
 	hdr_len = iph->ihl * 4;
-	if (bpf_skb_pull_data(skb, *offset + hdr_len))
+	if (bpf_skb_pull_data(skb, *offset + hdr_len + sizeof(struct udphdr)))
 		return;
 
 	iph = skb_ptr(skb, *offset);
@@ -346,23 +362,29 @@ parse_ipv4(struct __sk_buff *skb, __u32 *offset)
 	if (skb_check(skb, (void *)(iph + 1)))
 		return;
 
-	parse_l4proto(config, skb, *offset, iph->protocol, &dscp);
+	ipproto = iph->protocol;
+	parse_l4proto(config, skb, *offset, ipproto, &dscp);
 
 	if (module_flags & QOSIFY_INGRESS)
 		key = &iph->saddr;
 	else
 		key = &iph->daddr;
 
-	value = bpf_map_lookup_elem(&ipv4_map, key);
-	/* use udp port 0 entry as fallback for non-tcp/udp */
-	if (!value)
+	ip_val = bpf_map_lookup_elem(&ipv4_map, key);
+	if (ip_val) {
+		if (!ip_val->seen)
+			ip_val->seen = 1;
+		dscp = ip_val->dscp;
+	} else if (dscp == 0xff) {
+		/* use udp port 0 entry as fallback for non-tcp/udp */
 		value = bpf_map_lookup_elem(&udp_ports, &zero_port);
-	if (value)
-		dscp = *value;
+		if (value)
+			dscp = *value;
+	}
 
 	check_flow(config, skb, &dscp);
 
-	force = !(dscp & DSCP_FALLBACK_FLAG);
+	force = !(dscp & QOSIFY_DSCP_FALLBACK_FLAG);
 	dscp &= GENMASK(5, 0);
 
 	ipv4_change_dsfield(iph, INET_ECN_MASK, dscp << 2, force);
@@ -372,16 +394,18 @@ static __always_inline void
 parse_ipv6(struct __sk_buff *skb, __u32 *offset)
 {
 	struct qosify_config *config;
+	struct qosify_ip_map_val *ip_val;
 	const __u32 zero_port = 0;
 	struct ipv6hdr *iph;
 	__u8 dscp = 0;
 	__u8 *value;
+	__u8 ipproto;
 	void *key;
 	bool force;
 
 	config = get_config();
 
-	if (bpf_skb_pull_data(skb, *offset + sizeof(*iph)))
+	if (bpf_skb_pull_data(skb, *offset + sizeof(*iph) + sizeof(struct udphdr)))
 		return;
 
 	iph = skb_ptr(skb, *offset);
@@ -390,24 +414,29 @@ parse_ipv6(struct __sk_buff *skb, __u32 *offset)
 	if (skb_check(skb, (void *)(iph + 1)))
 		return;
 
+	ipproto = iph->nexthdr;
 	if (module_flags & QOSIFY_INGRESS)
 		key = &iph->saddr;
 	else
 		key = &iph->daddr;
 
-	parse_l4proto(config, skb, *offset, iph->nexthdr, &dscp);
+	parse_l4proto(config, skb, *offset, ipproto, &dscp);
 
-	value = bpf_map_lookup_elem(&ipv6_map, key);
-
-	/* use udp port 0 entry as fallback for non-tcp/udp */
-	if (!value)
+	ip_val = bpf_map_lookup_elem(&ipv6_map, key);
+	if (ip_val) {
+		if (!ip_val->seen)
+			ip_val->seen = 1;
+		dscp = ip_val->dscp;
+	} else if (dscp == 0xff) {
+		/* use udp port 0 entry as fallback for non-tcp/udp */
 		value = bpf_map_lookup_elem(&udp_ports, &zero_port);
-	if (value)
-		dscp = *value;
+		if (value)
+			dscp = *value;
+	}
 
 	check_flow(config, skb, &dscp);
 
-	force = !(dscp & DSCP_FALLBACK_FLAG);
+	force = !(dscp & QOSIFY_DSCP_FALLBACK_FLAG);
 	dscp &= GENMASK(5, 0);
 
 	ipv6_change_dsfield(iph, INET_ECN_MASK, dscp << 2, force);

feeds/ucentral/qosify/src/qosify-bpf.h

@@ -1,3 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #ifndef __BPF_QOSIFY_H
 #define __BPF_QOSIFY_H
 
@@ -11,6 +15,10 @@
 #define QOSIFY_INGRESS			(1 << 0)
 #define QOSIFY_IP_ONLY			(1 << 1)
 
+
+#define QOSIFY_DSCP_FALLBACK_FLAG	(1 << 6)
+#define QOSIFY_DSCP_DEFAULT_FLAG	(1 << 7)
+
 /* global config data */
 struct qosify_config {
 	uint8_t dscp_prio;
@@ -23,4 +31,9 @@ struct qosify_config {
 	uint16_t prio_max_avg_pkt_len;
 };
 
+struct qosify_ip_map_val {
+	uint8_t dscp; /* must be first */
+	uint8_t seen;
+};
+
 #endif

feeds/ucentral/qosify/src/qosify.h

@@ -1,7 +1,12 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #ifndef __QOS_CLASSIFY_H
 #define __QOS_CLASSIFY_H
 
 #include <stdbool.h>
+#include <regex.h>
 
 #include <bpf/bpf.h>
 #include <bpf/libbpf.h>
@@ -25,6 +30,7 @@ enum qosify_map_id {
 	CL_MAP_IPV4_ADDR,
 	CL_MAP_IPV6_ADDR,
 	CL_MAP_CONFIG,
+	CL_MAP_DNS,
 	__CL_MAP_MAX,
 };
 
@@ -41,6 +47,10 @@ struct qosify_map_data {
 		uint32_t port;
 		struct in_addr ip;
 		struct in6_addr ip6;
+		struct {
+			const char *pattern;
+			regex_t regex;
+		} dns;
 	} addr;
 };
 
@@ -54,9 +64,10 @@ struct qosify_map_entry {
 
 
 extern int qosify_map_timeout;
+extern int qosify_active_timeout;
 extern struct qosify_config config;
 
-int qosify_loader_init(bool force_init);
+int qosify_loader_init(void);
 
 int qosify_map_init(void);
 int qosify_map_dscp_value(const char *val);
@@ -69,6 +80,7 @@ void qosify_map_dump(struct blob_buf *b);
 void qosify_map_set_dscp_default(enum qosify_map_id id, uint8_t val);
 void qosify_map_reset_config(void);
 void qosify_map_update_config(void);
+int qosify_map_add_dns_host(const char *host, const char *addr, const char *type, int ttl);
 
 int qosify_iface_init(void);
 void qosify_iface_config_update(struct blob_attr *ifaces, struct blob_attr *devs);

feeds/ucentral/qosify/src/ubus.c

@@ -1,3 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+ */
 #include <libubus.h>
 
 #include "qosify.h"
@@ -46,6 +50,7 @@ enum {
 	CL_ADD_IPV6,
 	CL_ADD_TCP_PORT,
 	CL_ADD_UDP_PORT,
+	CL_ADD_DNS,
 	__CL_ADD_MAX
 };
 
@@ -56,6 +61,7 @@ static const struct blobmsg_policy qosify_add_policy[__CL_ADD_MAX] = {
 	[CL_ADD_IPV6] = { "ipv6", BLOBMSG_TYPE_ARRAY },
 	[CL_ADD_TCP_PORT] = { "tcp_port", BLOBMSG_TYPE_ARRAY },
 	[CL_ADD_UDP_PORT] = { "udp_port", BLOBMSG_TYPE_ARRAY },
+	[CL_ADD_DNS] = { "dns", BLOBMSG_TYPE_ARRAY },
 };
 
 
@@ -113,6 +119,10 @@ qosify_ubus_add(struct ubus_context *ctx, struct ubus_object *obj,
 	    (ret = qosify_ubus_add_array(cur, dscp, CL_MAP_UDP_PORTS) != 0))
 		return ret;
 
+	if ((cur = tb[CL_ADD_DNS]) != NULL &&
+	    (ret = qosify_ubus_add_array(cur, dscp, CL_MAP_DNS) != 0))
+		return ret;
+
 	qosify_map_timeout = prev_timemout;
 
 	return 0;
@@ -254,12 +264,6 @@ qosify_ubus_status(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }
 
-enum {
-	CL_DEV_EVENT_NAME,
-	CL_DEV_EVENT_ADD,
-	__CL_DEV_EVENT_MAX,
-};
-
 static int
 qosify_ubus_check_devices(struct ubus_context *ctx, struct ubus_object *obj,
 			  struct ubus_request_data *req, const char *method,
@@ -270,6 +274,48 @@ qosify_ubus_check_devices(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }
 
+enum {
+	CL_DNS_HOST_NAME,
+	CL_DNS_HOST_TYPE,
+	CL_DNS_HOST_ADDR,
+	CL_DNS_HOST_TTL,
+	__CL_DNS_HOST_MAX
+};
+
+static const struct blobmsg_policy qosify_dns_policy[__CL_DNS_HOST_MAX] = {
+	[CL_DNS_HOST_NAME] = { "name", BLOBMSG_TYPE_STRING },
+	[CL_DNS_HOST_TYPE] = { "type", BLOBMSG_TYPE_STRING },
+	[CL_DNS_HOST_ADDR] = { "address", BLOBMSG_TYPE_STRING },
+	[CL_DNS_HOST_TTL] = { "ttl", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+qosify_ubus_add_dns_host(struct ubus_context *ctx, struct ubus_object *obj,
+			 struct ubus_request_data *req, const char *method,
+			 struct blob_attr *msg)
+{
+	struct blob_attr *tb[__CL_DNS_HOST_MAX];
+	struct blob_attr *cur;
+	uint32_t ttl = 0;
+
+	blobmsg_parse(qosify_dns_policy, __CL_DNS_HOST_MAX, tb,
+		      blobmsg_data(msg), blobmsg_len(msg));
+
+	if (!tb[CL_DNS_HOST_NAME] || !tb[CL_DNS_HOST_TYPE] ||
+	    !tb[CL_DNS_HOST_ADDR])
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	if ((cur = tb[CL_DNS_HOST_TTL]) != NULL)
+		ttl = blobmsg_get_u32(cur);
+
+	if (qosify_map_add_dns_host(blobmsg_get_string(tb[CL_DNS_HOST_NAME]),
+				    blobmsg_get_string(tb[CL_DNS_HOST_ADDR]),
+				    blobmsg_get_string(tb[CL_DNS_HOST_TYPE]),
+				    ttl))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	return 0;
+}
 
 static const struct ubus_method qosify_methods[] = {
 	UBUS_METHOD_NOARG("reload", qosify_ubus_reload),
@@ -279,6 +325,7 @@ static const struct ubus_method qosify_methods[] = {
 	UBUS_METHOD("config", qosify_ubus_config, qosify_config_policy),
 	UBUS_METHOD_NOARG("dump", qosify_ubus_dump),
 	UBUS_METHOD_NOARG("status", qosify_ubus_status),
+	UBUS_METHOD("add_dns_host", qosify_ubus_add_dns_host, qosify_dns_policy),
 	UBUS_METHOD_NOARG("check_devices", qosify_ubus_check_devices),
 };
 

feeds/ucentral/ratelimit/files/usr/bin/ratelimit

@@ -39,8 +39,8 @@ delclient() {
 	TC class del dev $ifb parent 1:1 classid 1:$id
 }
 
-ingress=
-egress=
+ingress=0
+egress=0
 
 getrate() {
 	config_get ssid $1 ssid
@@ -55,12 +55,17 @@ addclient() {
 	local mac=$2
 	local ssid=$(cat /tmp/ratelimit.$iface)
 
+	egress=$3
+	ingress=$4
+
 	logger "ratelimit: adding client"
 
-	config_load ratelimit
-	config_foreach getrate rate $ssid
+	[ "$egress" -eq 0 -o $ingress -eq 0 ] && {
+		config_load ratelimit
+		config_foreach getrate rate $ssid
+	}
 
-	[ -z "$egress" -o -z $ingress ] && {
+	[ "$egress" -eq 0 -o $ingress -eq 0 ] && {
 		logger "ratelimit: no valid rates"
 		exit 1
 	}

feeds/ucentral/ratelimit/files/usr/libexec/ratelimit.sh

@@ -2,7 +2,7 @@
 
 case $2 in
 AP-STA-CONNECTED)
-	ratelimit addclient $1 $3
+	ratelimit addclient $1 $3 $4 $5
 	;;
 AP-STA-DISCONNECTED)
 	ratelimit delclient $1 $3

feeds/ucentral/ucentral-client/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-client.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=0179c0f98039b0fe6492b6f98e321c7e80dff42d
+PKG_SOURCE_VERSION:=e27356216c6baecda9424b81ad90242505e16f08
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

feeds/ucentral/ucentral-client/files/etc/init.d/ucentral-wdt

@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+USE_PROCD=1
+PROG=/usr/libexec/ucentral-wdt.sh
+
+start_service() {
+	active=$(readlink  /etc/ucentral/ucentral.active)
+	[ -n "$active" -a "$active" != "/etc/ucentral/ucentral.cfg.0000000001" ] && return 0
+	procd_open_instance
+	procd_set_param command "$PROG"
+	procd_close_instance
+}

feeds/ucentral/ucentral-client/files/usr/libexec/ucentral-wdt.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+sleep 60
+
+[ -f /etc/ucentral/redirector.json ] || return 0
+
+active=$(ubus call ucentral status | jsonfilter -e '@.active')
+
+[ -n "$active" -a ! "$active" -eq 1 ] && {
+	logger ucentral-wdt: all good
+	exit 0
+}
+
+logger ucentral-wdt: restarting client
+
+/etc/init.d/ucentral restart

feeds/ucentral/ucentral-schema/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=1bdc8de73f66d5b846cc07c2697959c0cfda6aee
+PKG_SOURCE_VERSION:=a78cad29ffd3635d80d2dfc414051ec8a9dbb6b0
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/dual-stack.json

@@ -0,0 +1,107 @@
+{
+	"uuid": 2,
+	"radios": [
+		{
+			"band": "2G",
+			"country": "CA",
+			"channel-mode": "HE",
+			"channel-width": 80,
+			"channel": 32
+		}
+	],
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"services": [ "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			},
+			"ipv6": {
+				"addressing": "dynamic"
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"2G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "psk2",
+						"key": "OpenWifi",
+						"ieee80211w": "optional"
+					}
+				}
+			]
+		},
+		{
+			"name": "LAN",
+			"role": "downstream",
+			"services": [ "ssh", "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"LAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "static",
+				"subnet": "192.168.1.1/24",
+				"dhcp": {
+					"lease-first": 10,
+					"lease-count": 100,
+					"lease-time": "6h"
+				}
+			},
+			"ipv6": {
+				"addressing": "static",
+				"dhcpv6": {
+					"mode": "hybrid"
+				}
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"2G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "psk2",
+						"key": "OpenWifi",
+						"ieee80211w": "optional"
+					}
+				}
+			]
+
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"lldp": {
+			"describe": "uCentral",
+			"location": "universe"
+		},
+		"ssh": {
+			"port": 22
+		}
+	}
+}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/qos.json

@@ -2,14 +2,7 @@
 	"uuid": 2,
 	"globals": {
 		"wireless-multimedia": {
-			"UP0": [ "DF"],
-			"UP1": [ "CS1" ],
-			"UP2": [ "AF11", "AF12", "AF13" ],
-			"UP3": [ "CS2", "AF21", "AF22", "AF23" ],
-			"UP4": [ "CS3", "AF31", "AF32", "AF33" ],
-			"UP5": [ "CS5", "AF41", "AF42", "AF43" ],
-			"UP6": [ "CS4", "EF" ],
-			"UP7": [ "CS6" ]
+			"profile": "rfc8325"
 		}
 	},
 	"radios": [
@@ -110,27 +103,36 @@
 			"select-ports": [ "WAN" ],
 			"bandwidth_up": 1000,
 			"bandwidth_down": 1000,
+			"bulk-detection": {
+				"dscp": "CS1",
+				"packets-per-second": 500
+			},
 			"classifier": [
 				{
-					"dscp":  "CS0",
+					"dscp":  "CS1",
 					"ports": [
 						{ "protocol": "any", "port": 53 },
 						{ "protocol": "tcp", "port": 80 }
 					],
 					"dns": [
-						"telecominfraproject.com"
+						{ "fqdn": "telecominfraproject.com", "suffix-matching": false }
 					]
 				}, {
-					"dscp":  "CS1",
-					"ports": [
-						{ "protocol": "any", "port": 53, "range-end": 80 },
-						{ "protocol": "udp", "port": 80, "reclassify": true }
-					],
+					"dscp":  "AF41",
 					"dns": [
-						"telecominfraproject.com"
+						{ "fqdn": "zoom.us" }
 					]
 				}
 			]
+		},
+		"airtime-fairness": {
+			"voice-weight": 4,
+			"packet-threshold": 100,
+			"bulk-threshold": 50,
+			"priority-threshold": 30,
+			"weight-normal": 256,
+			"weight-priority": 384,
+			"weight-bulk": 128
 		}
 	}
 }

feeds/ucentral/udnssnoop/Makefile

@@ -0,0 +1,30 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=udnssnoop
+PKG_RELEASE:=1
+
+PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+
+PKG_SOURCE_URL=https://github.com/blogic/udnssnoop.git
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2021-04-12
+PKG_SOURCE_VERSION:=852a5246af43d321905979fc850e654718a56061
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/udnssnoop
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=DNS Snooping Daemon
+  DEPENDS:=+libubox +libubus
+endef
+
+define Package/udnssnoop/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/udnssnoop $(1)/usr/sbin/
+	$(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,udnssnoop))

feeds/ucentral/udnssnoop/files/etc/init.d/dnssnoop

@@ -0,0 +1,24 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+
+USE_PROCD=1
+PROG=/usr/sbin/udnssnoop
+
+service_triggers() {
+	procd_add_reload_trigger qosify
+}
+
+start_service() {
+	local device=$(uci get qosify.@device[0].name)
+	[ -z "$device" ] && return
+
+	procd_open_instance
+	procd_set_param command "$PROG" $device
+	procd_set_param respawn
+	procd_close_instance
+}
+
+reload_service() {
+	restart
+}

feeds/wifi-ax/hostapd/files/hostapd.sh

@@ -114,6 +114,7 @@ hostapd_common_add_device_config() {
 
 	config_add_int airtime_mode
 
+	config_add_boolean rnr_beacon he_co_locate
 	hostapd_add_log_config
 }
 
@@ -125,7 +126,8 @@ hostapd_prepare_device_config() {
 
 	json_get_vars country country3 country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
 		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
-		rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc
+		rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc \
+		he_co_locate rnr_beacon
 
 	hostapd_set_log_options base_cfg
 
@@ -135,6 +137,8 @@ hostapd_prepare_device_config() {
 	set_default legacy_rates 0
 	set_default airtime_mode 0
 	set_default cell_density 0
+	set_default he_co_locate 0
+	set_default rnr_beacon 0
 
 	[ -n "$country" ] && {
 		append base_cfg "country_code=$country" "$N"
@@ -227,6 +231,8 @@ hostapd_prepare_device_config() {
 	append base_cfg "dtim_period=$dtim_period" "$N"
 	[ "$airtime_mode" -gt 0 ] && append base_cfg "airtime_mode=$airtime_mode" "$N"
 	[ -n "$maxassoc" ] && append base_cfg "iface_max_num_sta=$maxassoc" "$N"
+	[ "$rnr_beacon" -gt 0 ] && append base_cfg "rnr_beacon=$rnr_beacon" "$N"
+	[ "$he_co_locate" -gt 0 ] && append base_cfg "he_co_locate=$he_co_locate" "$N"
 
 	json_get_values opts hostapd_options
 	for val in $opts; do
@@ -363,6 +369,8 @@ hostapd_common_add_bss_config() {
 
 	config_add_int eap_server
 	config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id
+
+	config_add_boolean ratelimit
 }
 
 hostapd_set_vlan_file() {
@@ -1003,8 +1011,13 @@ hostapd_set_bss_options() {
 		[ -n "$iw_anqp_3gpp_cell_net_conf" ] && \
 			append bss_conf "anqp_3gpp_cell_net=$iw_anqp_3gpp_cell_net_conf" "$N"
 	fi
-	[ -n "$iw_qos_map_set" ] && append bss_conf "qos_map_set=$iw_qos_map_set" "$N"
 
+	set_default iw_qos_map_set 0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
+	case "$iw_qos_map_set" in
+		*,*);;
+		*) iw_qos_map_set="";;
+	esac
+	[ -n "$iw_qos_map_set" ] && append bss_conf "qos_map_set=$iw_qos_map_set" "$N"
 
 	local hs20 disable_dgaf osen anqp_domain_id hs20_deauth_req_timeout \
 		osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp \

feeds/wifi-ax/hostapd/patches/750-wispr.patch

@@ -0,0 +1,126 @@
+Index: hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/ieee802_1x.c
++++ hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
+@@ -1904,6 +1904,25 @@ static int ieee802_1x_update_vlan(struct
+ }
+ #endif /* CONFIG_NO_VLAN */
+ 
++static int ieee802_1x_update_wispr(struct hostapd_data *hapd,
++				   struct sta_info *sta,
++				   struct radius_msg *msg)
++{
++	memset(sta->bandwidth, 0, sizeof(sta->bandwidth));
++
++	if (radius_msg_get_wispr(msg, &sta->bandwidth))
++		return 0;
++
++	if (!sta->bandwidth[0] && !sta->bandwidth[1])
++		return 0;
++
++	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
++		       HOSTAPD_LEVEL_INFO,
++		       "received wispr bandwidth from RADIUS server %d/%d",
++		       sta->bandwidth[0], sta->bandwidth[1]);
++
++	return 0;
++}
+ 
+ /**
+  * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
+@@ -2029,6 +2048,7 @@ ieee802_1x_receive_auth(struct radius_ms
+ 		ieee802_1x_check_hs20(hapd, sta, msg,
+ 				      session_timeout_set ?
+ 				      (int) session_timeout : -1);
++		ieee802_1x_update_wispr(hapd, sta, msg);
+ 		break;
+ 	case RADIUS_CODE_ACCESS_REJECT:
+ 		sm->eap_if->aaaFail = true;
+Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.h
++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
+@@ -117,6 +117,7 @@ struct sta_info {
+ 	u8 supported_rates[WLAN_SUPP_RATES_MAX];
+ 	int supported_rates_len;
+ 	u8 qosinfo; /* Valid when WLAN_STA_WMM is set */
++	u32 bandwidth[2];
+ 
+ #ifdef CONFIG_MESH
+ 	enum mesh_plink_state plink_state;
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.c
++++ hostapd-2021-02-20-59e9794c/src/radius/radius.c
+@@ -1182,6 +1182,35 @@ radius_msg_get_cisco_keys(struct radius_
+ 	return keys;
+ }
+ 
++#define RADIUS_VENDOR_ID_WISPR	14122
++#define RADIUS_WISPR_AV_BW_UP	7
++#define RADIUS_WISPR_AV_BW_DOWN	8
++
++int
++radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth)
++{
++	int i;
++
++	if (msg == NULL || bandwidth == NULL)
++		return 1;
++
++	for (i = 0; i < 2; i++) {
++		size_t keylen;
++		u8 *key;
++
++		key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_WISPR,
++						 RADIUS_WISPR_AV_BW_UP + i, &keylen);
++		if (!key)
++			continue;
++
++		if (keylen == 4)
++			bandwidth[i] = ntohl(*((u32 *)key));
++		os_free(key);
++	}
++
++	return 0;
++}
++
+ 
+ int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ 			     const u8 *req_authenticator,
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius.h
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.h
++++ hostapd-2021-02-20-59e9794c/src/radius/radius.h
+@@ -205,6 +205,10 @@ enum {
+ 	RADIUS_VENDOR_ATTR_WFA_HS20_T_C_URL = 10,
+ };
+ 
++#define RADIUS_VENDOR_ID_WISPR	14122
++#define RADIUS_WISPR_AV_BW_UP	7
++#define RADIUS_WISPR_AV_BW_DOWN	8
++
+ #ifdef _MSC_VER
+ #pragma pack(pop)
+ #endif /* _MSC_VER */
+@@ -277,6 +281,7 @@ radius_msg_get_ms_keys(struct radius_msg
+ struct radius_ms_mppe_keys *
+ radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
+ 			  const u8 *secret, size_t secret_len);
++int radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth);
+ int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ 			     const u8 *req_authenticator,
+ 			     const u8 *secret, size_t secret_len,
+Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.c
++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
+@@ -1292,7 +1292,7 @@ void ap_sta_set_authorized(struct hostap
+ 			    MAC2STR(sta->addr), MAC2STR(dev_addr));
+ 	else
+ #endif /* CONFIG_P2P */
+-		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
++		os_snprintf(buf, sizeof(buf), MACSTR " %d %d", MAC2STR(sta->addr), sta->bandwidth[0] / 1000, sta->bandwidth[1] / 1000);
+ 
+ 	if (hapd->sta_authorized_cb)
+ 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,

patches/0017-ipq807x-add-the-Qualcomm-AX-target-support.patch

@@ -1,7 +1,7 @@
-From 640973dcc794f43d99df7674209d9532711c49b4 Mon Sep 17 00:00:00 2001
+From 85462b8b429bbd0bd5b56ac58ea861b9eef32a2e Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Sat, 18 Jul 2020 08:53:44 +0200
-Subject: [PATCH 01/30] ipq807x: add the Qualcomm AX target support
+Subject: [PATCH 01/34] ipq807x: add the Qualcomm AX target support
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
@@ -13,8 +13,9 @@ Signed-off-by: John Crispin <john@phrozen.org>
  target/linux/ipq807x/109-logspam.patch        |    24 +
  target/linux/ipq807x/Makefile                 |    22 +
  .../ipq807x/base-files/etc/board.d/01_leds    |    38 +
- .../ipq807x/base-files/etc/board.d/02_network |    82 +
+ .../ipq807x/base-files/etc/board.d/02_network |    80 +
  .../etc/hotplug.d/firmware/10-ath11k-caldata  |    95 +
+ .../ipq807x/base-files/etc/hotplug.d/net/macs |     3 +
  .../ipq807x/base-files/etc/init.d/aq_phy      |    16 +
  .../ipq807x/base-files/etc/init.d/bootcount   |    12 +
  .../linux/ipq807x/base-files/etc/init.d/wdt   |    14 +
@@ -63,15 +64,16 @@ Signed-off-by: John Crispin <john@phrozen.org>
  .../ipq807x/patches/110-add-esmt-nand.patch   |    37 +
  target/linux/ipq807x/patches/111-eap106.patch |   765 +
  target/linux/ipq807x/patches/112-pstore.patch |   147 +
- .../ipq807x/patches/200-bpf_backport.patch    | 44763 ++++++++++++++++
+ .../ipq807x/patches/200-bpf_backport.patch    | 44780 ++++++++++++++++
  toolchain/kernel-headers/Makefile             |     8 +
- 60 files changed, 56667 insertions(+), 2 deletions(-)
+ 61 files changed, 56685 insertions(+), 2 deletions(-)
  create mode 100644 package/boot/uboot-envtools/files/ipq807x
  create mode 100644 target/linux/ipq807x/109-logspam.patch
  create mode 100644 target/linux/ipq807x/Makefile
  create mode 100755 target/linux/ipq807x/base-files/etc/board.d/01_leds
  create mode 100755 target/linux/ipq807x/base-files/etc/board.d/02_network
  create mode 100755 target/linux/ipq807x/base-files/etc/hotplug.d/firmware/10-ath11k-caldata
+ create mode 100644 target/linux/ipq807x/base-files/etc/hotplug.d/net/macs
  create mode 100755 target/linux/ipq807x/base-files/etc/init.d/aq_phy
  create mode 100755 target/linux/ipq807x/base-files/etc/init.d/bootcount
  create mode 100755 target/linux/ipq807x/base-files/etc/init.d/wdt
@@ -342,10 +344,10 @@ index 0000000000..1f1797b0c6
 +exit 0
 diff --git a/target/linux/ipq807x/base-files/etc/board.d/02_network b/target/linux/ipq807x/base-files/etc/board.d/02_network
 new file mode 100755
-index 0000000000..2c30b01aab
+index 0000000000..9d7dd4e61e
 --- /dev/null
 +++ b/target/linux/ipq807x/base-files/etc/board.d/02_network
-@@ -0,0 +1,82 @@
+@@ -0,0 +1,80 @@
 +#!/bin/sh
 +
 +. /lib/functions.sh
@@ -408,8 +410,6 @@ index 0000000000..2c30b01aab
 +		lan_mac=$(macaddr_add "$wan_mac" 1)
 +		ucidef_set_network_device_mac eth0 $lan_mac
 +		ucidef_set_network_device_mac eth1 $wan_mac
-+		ip link set eth0 address $lan_mac
-+		ip link set eth1 address $wan_mac
 +		;;
 +	*)
 +		wan_mac=$(cat /sys/class/net/eth0/address)
@@ -529,6 +529,15 @@ index 0000000000..1788908ab0
 +	exit 1
 +	;;
 +esac
+diff --git a/target/linux/ipq807x/base-files/etc/hotplug.d/net/macs b/target/linux/ipq807x/base-files/etc/hotplug.d/net/macs
+new file mode 100644
+index 0000000000..13e95ec947
+--- /dev/null
++++ b/target/linux/ipq807x/base-files/etc/hotplug.d/net/macs
+@@ -0,0 +1,3 @@
++#!/bin/sh
++mac=$(cat /etc/board.json | jsonfilter -e '@["network-device"]["'$DEVICENAME'"]'.macaddr)
++[ -n "$mac" ] && ip link set $DEVICENAME address $mac
 diff --git a/target/linux/ipq807x/base-files/etc/init.d/aq_phy b/target/linux/ipq807x/base-files/etc/init.d/aq_phy
 new file mode 100755
 index 0000000000..e64755b5d6
@@ -16570,10 +16579,10 @@ index 0000000000..dc3960306d
 +  * The following routines scan a subtree and registers a device for
 diff --git a/target/linux/ipq807x/patches/200-bpf_backport.patch b/target/linux/ipq807x/patches/200-bpf_backport.patch
 new file mode 100644
-index 0000000000..915f965fa0
+index 0000000000..4357369c29
 --- /dev/null
 +++ b/target/linux/ipq807x/patches/200-bpf_backport.patch
-@@ -0,0 +1,44763 @@
+@@ -0,0 +1,44780 @@
 +--- a/arch/arm/Kconfig
 ++++ b/arch/arm/Kconfig
 +@@ -38,7 +38,7 @@ config ARM
@@ -61337,6 +61346,23 @@ index 0000000000..915f965fa0
 + 	} else {
 + 		if (unlikely((skb->protocol != htons(ETH_P_8021Q) &&
 + 			      skb->protocol != htons(ETH_P_8021AD)) ||
++--- a/include/net/sock.h
+++++ b/include/net/sock.h
++@@ -1484,6 +1484,14 @@ do {									\
++ 	lockdep_init_map(&(sk)->sk_lock.dep_map, (name), (key), 0);	\
++ } while (0)
++ 
+++#ifdef CONFIG_LOCKDEP
+++static inline bool lockdep_sock_is_held(struct sock *sk)
+++{
+++	return lockdep_is_held(&sk->sk_lock) ||
+++	       lockdep_is_held(&sk->sk_lock.slock);
+++}
+++#endif
+++
++ void lock_sock_nested(struct sock *sk, int subclass);
++ 
++ static inline void lock_sock(struct sock *sk)
 diff --git a/toolchain/kernel-headers/Makefile b/toolchain/kernel-headers/Makefile
 index c33f26d46d..06236b5a47 100644
 --- a/toolchain/kernel-headers/Makefile

patches/0047-scripts-gen_config.py-add-host_dependencies-option.patch

@@ -0,0 +1,78 @@
+From b144b80999d1e1facf299b57c5fa3305cdfd9ee8 Mon Sep 17 00:00:00 2001
+From: Paul Spooren <mail@aparcar.org>
+Date: Thu, 4 Nov 2021 12:48:04 -1000
+Subject: [PATCH] scripts: gen_config.py add host_dependencies option
+
+In case a package/image requres specific host dependencies it is
+possible to define entries in the `host_dependencies` array. Each entry
+is an object containing at least `name` and `which`. The `which` array
+contains tools to be checked in the current `PATH`.
+
+Optionally the two options `success_diffconfig` and
+`fallback_diffconfig` can be set. The former is optionally added in case
+the tool is found. The latter is added if the dependency is not
+available.
+
+If the dependecy is not available and no `fallback_diffconfig` is set,
+the config generation is considered impossible and stopped.
+
+Signed-off-by: Paul Spooren <mail@aparcar.org>
+---
+ scripts/gen_config.py | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/gen_config.py b/scripts/gen_config.py
+index a348386124..5572de80c7 100755
+--- a/scripts/gen_config.py
++++ b/scripts/gen_config.py
+@@ -2,7 +2,7 @@
+ 
+ from os import getenv
+ from pathlib import Path
+-from shutil import rmtree
++from shutil import rmtree, which
+ from subprocess import run
+ import sys
+ import yaml
+@@ -36,7 +36,27 @@ def usage(code: int = 0):
+     sys.exit(code)
+ 
+ 
+-def load_yaml(fname: str, profile: dict, include = True):
++def process_host_dependency(dependecy: dict, profile: dict):
++    print(f"Checking host dependecy {dependecy['name']}")
++    found = False
++    for w in dependecy["which"]:
++        if which(w):
++            print(f"-> Found {w}")
++            found = True
++            break
++
++    if found:
++        profile["diffconfig"] += dependecy.get("success_diffconfig", "")
++    else:
++        print(f"-> Could not find host dependecy {dependecy['name']}.")
++        print(f"  -> Please make sure one of {dependecy['which']} is available")
++        if "fallback_diffconfig" in dependecy:
++            profile["diffconfig"] += dependecy["fallback_diffconfig"]
++        else:
++            die("Can't continue without dependency and no `fallback_diffconfig` set")
++
++
++def load_yaml(fname: str, profile: dict, include=True):
+     profile_file = (profile_folder / fname).with_suffix(".yml")
+ 
+     if not profile_file.is_file():
+@@ -59,6 +79,9 @@ def load_yaml(fname: str, profile: dict, include = True):
+                 if f.get("name", "") == "" or (f.get("uri", "") == "" and f.get("path", "") == ""):
+                     die(f"Found bad feed {f}")
+                 profile["feeds"][f.get("name")] = f
++        elif n in {"host_dependecies"}:
++            for d in new.get(n):
++                process_host_dependency(d, profile)
+ 
+     if "include" in new and include:
+         for i in range(len(new["include"])):
+-- 
+2.30.2
+

patches/0048-scripts-gen_config-allow-explicit-warning-message.patch

@@ -0,0 +1,54 @@
+From bcb6e18b492d4fa055c136729ad85c53c725f241 Mon Sep 17 00:00:00 2001
+From: Paul Spooren <mail@aparcar.org>
+Date: Fri, 5 Nov 2021 12:12:25 -1000
+Subject: [PATCH] scripts: gen_config allow explicit warning message
+
+Instead of generically mentioning a missing dependency the host
+dependency can also be explained by defining a `warning`.
+
+Warning messages are collected and printed at the end.
+
+Signed-off-by: Paul Spooren <mail@aparcar.org>
+---
+ scripts/gen_config.py | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/gen_config.py b/scripts/gen_config.py
+index 5572de80c7..071e00bb4d 100755
+--- a/scripts/gen_config.py
++++ b/scripts/gen_config.py
+@@ -8,6 +8,7 @@ import sys
+ import yaml
+ 
+ profile_folder = Path(getenv("PROFILES", "./profiles")).absolute()
++warnings = []
+ 
+ 
+ def die(msg: str):
+@@ -48,8 +49,13 @@ def process_host_dependency(dependecy: dict, profile: dict):
+     if found:
+         profile["diffconfig"] += dependecy.get("success_diffconfig", "")
+     else:
+-        print(f"-> Could not find host dependecy {dependecy['name']}.")
+-        print(f"  -> Please make sure one of {dependecy['which']} is available")
++        if "warning" in dependecy:
++            warnings.append(f"Dependecy {dependecy['name']}: {dependecy['warning']}")
++        else:
++            warnings.append(
++                f"Dependecy {dependecy['name']}: Please install {dependecy['which']}"
++            )
++
+         if "fallback_diffconfig" in dependecy:
+             profile["diffconfig"] += dependecy["fallback_diffconfig"]
+         else:
+@@ -220,3 +226,7 @@ if __name__ == "__main__":
+     print("Running make defconfig")
+     if run(["make", "defconfig"]).returncode:
+         die(f"Error running make defconfig")
++
++    print("#########################\n" * 3)
++    print("\n".join(warnings))
++    print("#########################\n" * 3)
+-- 
+2.30.2
+

patches/0049-hostapd-add-wispr-bandwidth-patch.patch

@@ -0,0 +1,146 @@
+From 844a6bacb1c416ad5f56ee60142e786548dd659c Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Tue, 9 Nov 2021 12:49:43 +0100
+Subject: [PATCH] hostapd: add wispr bandwidth patch
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ .../services/hostapd/patches/750-wispr.patch  | 126 ++++++++++++++++++
+ 1 file changed, 126 insertions(+)
+ create mode 100644 package/network/services/hostapd/patches/750-wispr.patch
+
+diff --git a/package/network/services/hostapd/patches/750-wispr.patch b/package/network/services/hostapd/patches/750-wispr.patch
+new file mode 100644
+index 0000000000..f2f4a933d7
+--- /dev/null
++++ b/package/network/services/hostapd/patches/750-wispr.patch
+@@ -0,0 +1,126 @@
++Index: hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
++===================================================================
++--- hostapd-2021-02-20-59e9794c.orig/src/ap/ieee802_1x.c
+++++ hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
++@@ -1904,6 +1904,25 @@ static int ieee802_1x_update_vlan(struct
++ }
++ #endif /* CONFIG_NO_VLAN */
++ 
+++static int ieee802_1x_update_wispr(struct hostapd_data *hapd,
+++				   struct sta_info *sta,
+++				   struct radius_msg *msg)
+++{
+++	memset(sta->bandwidth, 0, sizeof(sta->bandwidth));
+++
+++	if (radius_msg_get_wispr(msg, &sta->bandwidth))
+++		return 0;
+++
+++	if (!sta->bandwidth[0] && !sta->bandwidth[1])
+++		return 0;
+++
+++	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+++		       HOSTAPD_LEVEL_INFO,
+++		       "received wispr bandwidth from RADIUS server %d/%d",
+++		       sta->bandwidth[0], sta->bandwidth[1]);
+++
+++	return 0;
+++}
++ 
++ /**
++  * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
++@@ -2029,6 +2048,7 @@ ieee802_1x_receive_auth(struct radius_ms
++ 		ieee802_1x_check_hs20(hapd, sta, msg,
++ 				      session_timeout_set ?
++ 				      (int) session_timeout : -1);
+++		ieee802_1x_update_wispr(hapd, sta, msg);
++ 		break;
++ 	case RADIUS_CODE_ACCESS_REJECT:
++ 		sm->eap_if->aaaFail = true;
++Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
++===================================================================
++--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.h
+++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
++@@ -117,6 +117,7 @@ struct sta_info {
++ 	u8 supported_rates[WLAN_SUPP_RATES_MAX];
++ 	int supported_rates_len;
++ 	u8 qosinfo; /* Valid when WLAN_STA_WMM is set */
+++	u32 bandwidth[2];
++ 
++ #ifdef CONFIG_MESH
++ 	enum mesh_plink_state plink_state;
++Index: hostapd-2021-02-20-59e9794c/src/radius/radius.c
++===================================================================
++--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.c
+++++ hostapd-2021-02-20-59e9794c/src/radius/radius.c
++@@ -1182,6 +1182,35 @@ radius_msg_get_cisco_keys(struct radius_
++ 	return keys;
++ }
++ 
+++#define RADIUS_VENDOR_ID_WISPR	14122
+++#define RADIUS_WISPR_AV_BW_UP	7
+++#define RADIUS_WISPR_AV_BW_DOWN	8
+++
+++int
+++radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth)
+++{
+++	int i;
+++
+++	if (msg == NULL || bandwidth == NULL)
+++		return 1;
+++
+++	for (i = 0; i < 2; i++) {
+++		size_t keylen;
+++		u8 *key;
+++
+++		key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_WISPR,
+++						 RADIUS_WISPR_AV_BW_UP + i, &keylen);
+++		if (!key)
+++			continue;
+++
+++		if (keylen == 4)
+++			bandwidth[i] = ntohl(*((u32 *)key));
+++		os_free(key);
+++	}
+++
+++	return 0;
+++}
+++
++ 
++ int radius_msg_add_mppe_keys(struct radius_msg *msg,
++ 			     const u8 *req_authenticator,
++Index: hostapd-2021-02-20-59e9794c/src/radius/radius.h
++===================================================================
++--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.h
+++++ hostapd-2021-02-20-59e9794c/src/radius/radius.h
++@@ -205,6 +205,10 @@ enum {
++ 	RADIUS_VENDOR_ATTR_WFA_HS20_T_C_URL = 10,
++ };
++ 
+++#define RADIUS_VENDOR_ID_WISPR	14122
+++#define RADIUS_WISPR_AV_BW_UP	7
+++#define RADIUS_WISPR_AV_BW_DOWN	8
+++
++ #ifdef _MSC_VER
++ #pragma pack(pop)
++ #endif /* _MSC_VER */
++@@ -277,6 +281,7 @@ radius_msg_get_ms_keys(struct radius_msg
++ struct radius_ms_mppe_keys *
++ radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
++ 			  const u8 *secret, size_t secret_len);
+++int radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth);
++ int radius_msg_add_mppe_keys(struct radius_msg *msg,
++ 			     const u8 *req_authenticator,
++ 			     const u8 *secret, size_t secret_len,
++Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
++===================================================================
++--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.c
+++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
++@@ -1292,7 +1292,7 @@ void ap_sta_set_authorized(struct hostap
++ 			    MAC2STR(sta->addr), MAC2STR(dev_addr));
++ 	else
++ #endif /* CONFIG_P2P */
++-		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
+++		os_snprintf(buf, sizeof(buf), MACSTR " %d %d", MAC2STR(sta->addr), sta->bandwidth[0] / 1000, sta->bandwidth[1] / 1000);
++ 
++ 	if (hapd->sta_authorized_cb)
++ 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
+-- 
+2.25.1
+

profiles/qosify.yml

@@ -0,0 +1,23 @@
+---
+description: Add qosify package
+packages:
+  - qosify
+
+host_dependecies:
+  - name: llvm/clang-12
+
+    warning: >
+      Building llvm/clang, this will take 1hr+, please install clang/llvm-12+
+      on your system
+
+    which:
+      - clang-13
+      - clang-12
+
+    success_diffconfig: |
+      CONFIG_DEVEL=y
+      CONFIG_BPF_TOOLCHAIN_HOST=y
+
+    fallback_diffconfig: |
+      CONFIG_DEVEL=y
+      CONFIG_BPF_TOOLCHAIN_BUILD_LLVM=y

profiles/ucentral-ap-light.yml

@@ -8,6 +8,7 @@ feeds:
 
 include:
   - webui
+  - qosify
 
 packages:
   - kmod-batman-adv
@@ -16,7 +17,6 @@ packages:
   - ip-bridge
   - maverick
   - ratelimit
-  - qosify
   - tip-defaults
   - ucentral-client
   - ucentral-event

profiles/ucentral-ap-mikrotik.yml

@@ -8,6 +8,7 @@ feeds:
 
 include:
   - webui
+  - qosify
 
 packages:
   - firstcontact
@@ -16,7 +17,6 @@ packages:
   - maverick
   - ratelimit
   - rtty-openssl
-  - qosify
   - tip-defaults
   - ucentral-client
   - ucentral-event

profiles/ucentral-ap.yml

@@ -11,8 +11,10 @@ include:
   - openflow
   - fbwifi
   - chilli-redirect
+  - qosify
 
 packages:
+  - atfpolicy
   - kmod-batman-adv
   - batctl-default
   - cJSON
@@ -28,7 +30,6 @@ packages:
   - lldpd
   - maverick
   - opennds
-  - qosify
   - radsecproxy
   - ratelimit
   - rtty-openssl
@@ -43,6 +44,7 @@ packages:
   - ucentral-tools
   - ucode
   - udhcpsnoop
+  - udnssnoop
   - usteer
   - ustp
   - libustream-openssl