Merge pull request #462 from Telecominfraproject/main

Fixes for WIFI-9962 and others

feeds/ucentral/radius-gw-proxy/src/CMakeLists.txt

@@ -11,7 +11,7 @@ ADD_DEFINITIONS(-Os -std=gnu99 -g3 -Wmissing-declarations -Wno-unused-parameter
 
 SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
 
-SET(SOURCES main.c)
+SET(SOURCES main.c ubus.c)
 
 FIND_LIBRARY(ubus NAMES ubus)
 FIND_LIBRARY(ubox NAMES ubox)

feeds/ucentral/radius-gw-proxy/src/main.c

@@ -1,3 +1,5 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
 #define _GNU_SOURCE
 
 #include <sys/types.h>
@@ -13,25 +15,16 @@
 
 #include <libubox/uloop.h>
 #include <libubox/usock.h>
-
-#include <libubox/avl.h>
-#include <libubox/avl-cmp.h>
+#include <libubox/ulog.h>
 
 #include <libubus.h>
 
+#include "ubus.h"
+
 #define RAD_PROX_BUFLEN		(4 * 1024)
 
-#define TLV_STATION_ID		30
-#define TLV_VENDOR		26
-#define TLV_TIP_SERVER_V4	2
-
-#define TIP_VENDOR		58888
-
-enum socket_type {
-	RADIUS_AUTH = 0,
-	RADIUS_ACCT,
-	RADIUS_DAS
-};
+#define TLV_NAS_IP		4
+#define TLV_PROXY_STATE		33
 
 struct radius_socket {
 	struct uloop_fd fd;
@@ -52,53 +45,53 @@ struct radius_tlv {
 	char data[];
 };
 
-struct radius_station_id {
+struct radius_proxy_state_key {
 	char id[256];
 	enum socket_type type;
 };
 
-struct radius_station {
+struct radius_proxy_state {
 	struct avl_node avl;
-	struct radius_station_id key;
+	struct radius_proxy_state_key key;
 	int port;
 };
 
-static struct ubus_auto_conn conn;
-static uint32_t ucentral;
-static struct blob_buf b;
+static struct radius_socket *sock_auth;
+static struct radius_socket *sock_acct;
+static struct radius_socket *sock_dae;
 
 static int
 avl_memcmp(const void *k1, const void *k2, void *ptr)
 {
-	return memcmp(k1, k2, sizeof(struct radius_station_id));
+	return memcmp(k1, k2, sizeof(struct radius_proxy_state_key));
 }
 
-static AVL_TREE(radius_stations, avl_memcmp, false, NULL);
+static AVL_TREE(radius_proxy_states, avl_memcmp, false, NULL);
+static struct blob_buf b;
 
 static void
-radius_station_add(char *id, int port, enum socket_type type)
+radius_proxy_state_add(char *id, int port, enum socket_type type)
 {
-	struct radius_station *station;
-	struct radius_station_id key = { .type = type };
+	struct radius_proxy_state *station;
+	struct radius_proxy_state_key key = { .type = type };
 
 	strcpy(key.id, id);
-	station = avl_find_element(&radius_stations, &key, station, avl);
+	station = avl_find_element(&radius_proxy_states, &key, station, avl);
 
 	if (!station) {
-		printf("new station/port, adding to avl tree\n");
+		ULOG_INFO("new station/port, adding to avl tree\n");
 		station = malloc(sizeof(*station));
 		memset(station, 0, sizeof(*station));
 		strcpy(station->key.id, id);
 		station->key.type = type;
 		station->avl.key = &station->key;
-		avl_insert(&radius_stations, &station->avl);
+		avl_insert(&radius_proxy_states, &station->avl);
 	}
 	station->port = port;
 }
 
-
 static char *
-b64(char *src, int len)
+b64enc(char *src, int len)
 {
 	char *dst;
 	int ret;
@@ -114,14 +107,25 @@ b64(char *src, int len)
 	return dst;
 }
 
+static char *
+b64dec(char *src, int *ret)
+{
+	int len = strlen(src);
+	char *dst = malloc(len);
+	*ret = b64_decode(src, dst, len);
+	if (*ret < 0)
+		return NULL;
+	return dst;
+}
+
 static void
-radius_forward(char *buf, char *server, enum socket_type type)
+radius_forward_gw(char *buf, enum socket_type type)
 {
 	struct radius_header *hdr = (struct radius_header *) buf;
 	struct ubus_request async = { };
-	char *data = b64(buf, hdr->len);
+	char *data = b64enc(buf, ntohs(hdr->len));
 
-	if (!data)
+	if (!data || !ucentral)
 		return;
 
 	blob_buf_init(&b, 0);
@@ -132,12 +136,14 @@ radius_forward(char *buf, char *server, enum socket_type type)
 	case RADIUS_ACCT:
 		blobmsg_add_string(&b, "radius", "acct");
 		break;
+	case RADIUS_DAS:
+		blobmsg_add_string(&b, "radius", "coa");
+		break;
 	default:
 		return;
 	}
 
 	blobmsg_add_string(&b, "data", data);
-	blobmsg_add_string(&b, "dst", server);
 
 	ubus_invoke_async(&conn.ctx, ucentral, "radius", b.head, &async);
 	ubus_abort_request(&conn.ctx, &async);
@@ -146,22 +152,21 @@ radius_forward(char *buf, char *server, enum socket_type type)
 }
 
 static int
-radius_parse(char *buf, int len, int port, enum socket_type type)
+radius_parse(char *buf, int len, int port, enum socket_type type, int tx)
 {
 	struct radius_header *hdr = (struct radius_header *) buf;
-	struct radius_tlv *station_id = NULL;
-	char station_id_str[256] = {};
-	char server_ip_str[256] = {};
+	struct radius_tlv *proxy_state = NULL;
+	char proxy_state_str[256] = {};
 	void *avp = hdr->avp;
+	int len_orig = ntohs(hdr->len);
+	uint8_t localhost[] = { 0x7f, 0, 0, 1 };
 
-	hdr->len = ntohs(hdr->len);
-
-	if (hdr->len != len) {
-		printf("invalid header length\n");
+	if (len_orig != len) {
+		ULOG_ERR("invalid header length, %d %d\n", len_orig, len);
 		return -1;
 	}
 
-	printf("\tcode:%d, id:%d, len:%d\n", hdr->code, hdr->id, hdr->len);
+	printf("\tcode:%d, id:%d, len:%d\n", hdr->code, hdr->id, len_orig);
 
 	len -= sizeof(*hdr);
 
@@ -169,41 +174,105 @@ radius_parse(char *buf, int len, int port, enum socket_type type)
 		struct radius_tlv *tlv = (struct radius_tlv *)avp;
 
 		if (len < tlv->len) {
-			printf("invalid TLV length\n");
+			ULOG_ERR("invalid TLV length\n");
 			return -1;
 		}
 
-		if (tlv->id == TLV_STATION_ID)
-			station_id = tlv;
-		if (tlv->id == TLV_VENDOR && ntohl(*(uint32_t *) tlv->data) == TIP_VENDOR) {
-			struct radius_tlv *vendor = (struct radius_tlv *) &tlv->data[6];
+		if (tlv->id == TLV_PROXY_STATE)
+			proxy_state = tlv;
 
-			if (vendor->id == TLV_TIP_SERVER_V4)
-				strncpy(server_ip_str, vendor->data, vendor->len - 2);
-		}
+		if (type == RADIUS_DAS && tlv->id == TLV_NAS_IP && tlv->len == 6)
+			memcpy(tlv->data, &localhost, 4);
 
 		printf("\tID:%d, len:%d\n", tlv->id, tlv->len);
 		avp += tlv->len;
 		len -= tlv->len;
 	}
 
-	if (!station_id) {
-		printf("no station ID found\n");
-		return -1;
-	}
-	if (!*server_ip_str) {
-		printf("no server ip found\n");
-		return -1;
-	}
-	memcpy(station_id_str, station_id->data, station_id->len - 2);
-	printf("\tcalling station id:%s, server ip:%s\n", station_id_str, server_ip_str);
-	radius_station_add(station_id_str, port, type);
+	if (type == RADIUS_DAS) {
+		if (tx) {
+			radius_forward_gw(buf, type);
+		} else {
+			struct sockaddr_in dest;
 
-	radius_forward(buf, server_ip_str, type);
+			memset(&dest, 0, sizeof(dest));
+			dest.sin_family = AF_INET;
+			dest.sin_port = htons(3799);
+			inet_pton(AF_INET, "127.0.0.1", &(dest.sin_addr.s_addr));
+
+			if (sendto(sock_dae->fd.fd, buf, len_orig,
+				   MSG_DONTWAIT, (struct sockaddr*)&dest, sizeof(dest)) < 0)
+				ULOG_ERR("failed to deliver DAS frame to localhost\n");
+		}
+		return 0;
+	}
+
+	if (!proxy_state) {
+		ULOG_ERR("no proxy_state found\n");
+		return -1;
+	}
+	memcpy(proxy_state_str, proxy_state->data, proxy_state->len - 2);
+	printf("\tfowarding to %s, prox_state:%s\n", tx ? "gateway" : "hostapd", proxy_state_str);
+	if (tx) {
+		radius_proxy_state_add(proxy_state_str, port, type);
+		radius_forward_gw(buf, type);
+	} else {
+		struct radius_proxy_state *proxy = avl_find_element(&radius_proxy_states, proxy_state, proxy, avl);
+		struct radius_proxy_state_key key = {};
+		struct sockaddr_in dest;
+		struct radius_socket *sock;
+
+		switch(type) {
+		case RADIUS_AUTH:
+			sock = sock_auth;
+			break;
+
+		case RADIUS_ACCT:
+			sock = sock_acct;
+			break;
+		default:
+			ULOG_ERR("bad socket type\n");
+			return -1;
+		}
+
+		strcpy(key.id, proxy_state_str);
+		key.type = type;
+		proxy = avl_find_element(&radius_proxy_states, &key, proxy, avl);
+
+		if (!proxy) {
+			ULOG_ERR("unknown proxy_state, dropping frame\n");
+			return -1;
+		}
+		memset(&dest, 0, sizeof(dest));
+		dest.sin_family = AF_INET;
+		dest.sin_port = proxy->port;
+		inet_pton(AF_INET, "127.0.0.1", &(dest.sin_addr.s_addr));
+
+		if (sendto(sock->fd.fd, buf, len_orig,
+			   MSG_DONTWAIT, (struct sockaddr*)&dest, sizeof(dest)) < 0)
+			ULOG_ERR("failed to deliver frame to localhost\n");
+	}
 
 	return 0;
 }
 
+void
+gateway_recv(char *data, enum socket_type type)
+{
+	int len = 0;
+	char *frame;
+
+	frame = b64dec(data, &len);
+
+	if (!frame) {
+		ULOG_ERR("failed to b64_decode frame\n");
+		return;
+	}
+
+	radius_parse(frame, len, 0, type, 0);
+	free(frame);
+}
+
 static void
 sock_recv(struct uloop_fd *u, unsigned int events)
 {
@@ -223,13 +292,10 @@ sock_recv(struct uloop_fd *u, unsigned int events)
 		.msg_control = cmsg_buf,
 		.msg_controllen = sizeof(cmsg_buf),
 	};
-	struct cmsghdr *cmsg;
 	struct radius_socket *sock = container_of(u, struct radius_socket, fd);
 	int len;
 
 	do {
-		struct in_pktinfo *pkti = NULL;
-
 		len = recvmsg(u->fd, &msg, 0);
 		if (len < 0) {
 			switch (errno) {
@@ -244,21 +310,9 @@ sock_recv(struct uloop_fd *u, unsigned int events)
 			}
 		}
 
-		for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
-			if (cmsg->cmsg_type != IP_PKTINFO)
-				continue;
-
-			pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
-		}
-
-		if (!pkti) {
-			printf("Received packet without ifindex\n");
-			continue;
-		}
-
 		inet_ntop(AF_INET, &sin.sin_addr, addr_str, sizeof(addr_str));
 		printf("RX: src:%s:%d, len=%d\n", addr_str, sin.sin_port, len);
-		radius_parse(buf, len, sin.sin_port, sock->type);
+		radius_parse(buf, len, sin.sin_port, sock->type, 1);
 	} while (1);
 }
 
@@ -266,7 +320,6 @@ static struct radius_socket *
 sock_open(char *port, enum socket_type type)
 {
 	struct radius_socket *sock = malloc(sizeof(*sock));
-	int yes = 1;
 
 	if (!sock)
 		return NULL;
@@ -281,8 +334,6 @@ sock_open(char *port, enum socket_type type)
 		free(sock);
                 return NULL;
         }
-        if (setsockopt(sock->fd.fd, IPPROTO_IP, IP_PKTINFO, &yes, sizeof(yes)) < 0)
-		perror("setsockopt(IP_PKTINFO)");
 
 	sock->type = type;
 	sock->fd.cb = sock_recv;
@@ -292,65 +343,21 @@ sock_open(char *port, enum socket_type type)
 	return sock;
 }
 
-static void
-ubus_event_handler_cb(struct ubus_context *ctx,  struct ubus_event_handler *ev,
-		      const char *type, struct blob_attr *msg)
-{
-	enum {
-		EVENT_ID,
-		EVENT_PATH,
-		__EVENT_MAX
-	};
-
-	static const struct blobmsg_policy status_policy[__EVENT_MAX] = {
-		[EVENT_ID] = { .name = "id", .type = BLOBMSG_TYPE_INT32 },
-		[EVENT_PATH] = { .name = "path", .type = BLOBMSG_TYPE_STRING },
-	};
-
-	struct blob_attr *tb[__EVENT_MAX];
-	char *path;
-	uint32_t id;
-
-	blobmsg_parse(status_policy, __EVENT_MAX, tb, blob_data(msg), blob_len(msg));
-
-	if (!tb[EVENT_ID] || !tb[EVENT_PATH])
-		return;
-
-	path = blobmsg_get_string(tb[EVENT_PATH]);
-	id = blobmsg_get_u32(tb[EVENT_ID]);
-
-	if (strcmp(path, "ucentral"))
-		return;
-	if (!strcmp("ubus.object.remove", type))
-		ucentral = 0;
-	else
-		ucentral = id;
-}
-
-static struct ubus_event_handler ubus_event_handler = { .cb = ubus_event_handler_cb };
-
-static void
-ubus_connect_handler(struct ubus_context *ctx)
-{
-	ubus_register_event_handler(ctx, &ubus_event_handler, "ubus.object.add");
-	ubus_register_event_handler(ctx, &ubus_event_handler, "ubus.object.remove");
-
-	ubus_lookup_id(ctx, "ucentral", &ucentral);
-}
-
 int main(int argc, char **argv)
 {
+	ulog_open(ULOG_STDIO | ULOG_SYSLOG, LOG_DAEMON, "radius-gw-proxy");
 
 	uloop_init();
 
-	conn.cb = ubus_connect_handler;
-	ubus_auto_connect(&conn);
+	ubus_init();
 
-	sock_open("1812", RADIUS_AUTH);
-	sock_open("1813", RADIUS_ACCT);
+	sock_auth = sock_open("1812", RADIUS_AUTH);
+	sock_acct = sock_open("1813", RADIUS_ACCT);
+	sock_dae = sock_open("1814", RADIUS_DAS);
 
 	uloop_run();
 	uloop_end();
+	ubus_deinit();
 
 	return 0;
 }

feeds/ucentral/radius-gw-proxy/src/ubus.c

@@ -0,0 +1,124 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <string.h>
+
+#include <libubox/ulog.h>
+#include <libubus.h>
+#include "ubus.h"
+
+struct ubus_auto_conn conn;
+uint32_t ucentral;
+
+enum {
+	RADIUS_TYPE,
+	RADIUS_DATA,
+	__RADIUS_MAX,
+};
+
+static const struct blobmsg_policy frame_policy[__RADIUS_MAX] = {
+	[RADIUS_TYPE] = { .name = "radius", .type = BLOBMSG_TYPE_STRING },
+	[RADIUS_DATA] = { .name = "data", .type = BLOBMSG_TYPE_STRING },
+};
+
+static int ubus_frame_cb(struct ubus_context *ctx,
+			 struct ubus_object *obj,
+			 struct ubus_request_data *req,
+			 const char *method, struct blob_attr *msg)
+{
+	struct blob_attr *tb[__RADIUS_MAX] = {};
+	enum socket_type type;
+	char *radius, *data;
+
+	blobmsg_parse(frame_policy, __RADIUS_MAX, tb, blobmsg_data(msg), blobmsg_data_len(msg));
+	if (!tb[RADIUS_TYPE] || !tb[RADIUS_DATA])
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	radius = blobmsg_get_string(tb[RADIUS_TYPE]);
+	data = blobmsg_get_string(tb[RADIUS_DATA]);
+
+	if (!strcmp(radius, "auth"))
+		type = RADIUS_AUTH;
+	else if (!strcmp(radius, "acct"))
+		type = RADIUS_ACCT;
+	else if (!strcmp(radius, "coa"))
+		type = RADIUS_DAS;
+	else
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	gateway_recv(data, type);
+
+	return UBUS_STATUS_OK;
+}
+static const struct ubus_method ucentral_methods[] = {
+	UBUS_METHOD("frame", ubus_frame_cb, frame_policy),
+};
+
+static struct ubus_object_type ubus_object_type =
+	UBUS_OBJECT_TYPE("radius.proxy", ucentral_methods);
+
+struct ubus_object ubus_object = {
+	.name = "radius.proxy",
+	.type = &ubus_object_type,
+	.methods = ucentral_methods,
+	.n_methods = ARRAY_SIZE(ucentral_methods),
+};
+
+static void
+ubus_event_handler_cb(struct ubus_context *ctx,  struct ubus_event_handler *ev,
+		      const char *type, struct blob_attr *msg)
+{
+	enum {
+		EVENT_ID,
+		EVENT_PATH,
+		__EVENT_MAX
+	};
+
+	static const struct blobmsg_policy status_policy[__EVENT_MAX] = {
+		[EVENT_ID] = { .name = "id", .type = BLOBMSG_TYPE_INT32 },
+		[EVENT_PATH] = { .name = "path", .type = BLOBMSG_TYPE_STRING },
+	};
+
+	struct blob_attr *tb[__EVENT_MAX];
+	char *path;
+	uint32_t id;
+
+	blobmsg_parse(status_policy, __EVENT_MAX, tb, blob_data(msg), blob_len(msg));
+
+	if (!tb[EVENT_ID] || !tb[EVENT_PATH])
+		return;
+
+	path = blobmsg_get_string(tb[EVENT_PATH]);
+	id = blobmsg_get_u32(tb[EVENT_ID]);
+
+	if (strcmp(path, "ucentral"))
+		return;
+	if (!strcmp("ubus.object.remove", type))
+		ucentral = 0;
+	else
+		ucentral = id;
+}
+
+static struct ubus_event_handler ubus_event_handler = { .cb = ubus_event_handler_cb };
+
+static void
+ubus_connect_handler(struct ubus_context *ctx)
+{
+	ubus_add_object(ctx, &ubus_object);
+	ubus_register_event_handler(ctx, &ubus_event_handler, "ubus.object.add");
+	ubus_register_event_handler(ctx, &ubus_event_handler, "ubus.object.remove");
+
+	ubus_lookup_id(ctx, "ucentral", &ucentral);
+}
+
+void ubus_init(void)
+{
+	memset(&conn, 0, sizeof(conn));
+	ucentral = 0;
+	conn.cb = ubus_connect_handler;
+	ubus_auto_connect(&conn);
+}
+
+void ubus_deinit(void)
+{
+	ubus_auto_shutdown(&conn);
+}

feeds/ucentral/radius-gw-proxy/src/ubus.h

@@ -0,0 +1,13 @@
+enum socket_type {
+	RADIUS_AUTH = 0,
+	RADIUS_ACCT,
+	RADIUS_DAS
+};
+
+extern struct ubus_auto_conn conn;
+extern uint32_t ucentral;
+
+void ubus_init(void);
+void ubus_deinit(void);
+void gateway_recv(char *data, enum socket_type type);
+

feeds/ucentral/ucentral-client/Makefile

@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-client
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-client.git
-PKG_MIRROR_HASH:=afcdce6a4ea24405b98147bac342a24c21ad6ba91e57a2a966018949ece9a294
+PKG_MIRROR_HASH:=2fc20dd3b5c8a7d93e17a843a2feaa823a6f8e902fdca96df62aa3f12efdfbaa
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-05-29
-PKG_SOURCE_VERSION:=a4671bbe7d30b1286b718e08573d73dae4df344a
+PKG_SOURCE_DATE:=2022-06-22
+PKG_SOURCE_VERSION:=68fe6c21f2c2643de79ecd5558a51ffb84168f75
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

feeds/ucentral/ucentral-schema/Makefile

@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-schema
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
-PKG_MIRROR_HASH:=e2b3842b59c778cd902845ac2c1196859ad19d79bb0f9611044416ecbe1a502f
+PKG_MIRROR_HASH:=3603ddd26026d3a5b0febe7fbae22fd28fd6d7370793ecf979561d8886be2af4
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2022-05-29
-PKG_SOURCE_VERSION:=4df03737d616e9d6672504e12877b4b7945769f0
+PKG_SOURCE_VERSION:=9691cc6860c25ba7d62142846da44bd09c17acc0
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

feeds/wifi-ax/hostapd/files/hostapd.sh

@@ -355,6 +355,7 @@ hostapd_common_add_bss_config() {
 	config_add_int sae_pwe
 
 	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
+	config_add_string owe_transition_ifname
 
 	config_add_boolean iw_enabled iw_internet iw_asra iw_esr iw_uesa
 	config_add_int iw_access_network_type iw_venue_group iw_venue_type
@@ -718,10 +719,11 @@ hostapd_set_bss_options() {
 
 	case "$auth_type" in
 		none|owe)
-			json_get_vars owe_transition_bssid owe_transition_ssid
+			json_get_vars owe_transition_bssid owe_transition_ssid owe_transition_ifname
 
 			[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
 			[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
+			[ -n "$owe_transition_ifname" ] && append bss_conf "owe_transition_ifname=$owe_transition_ifname" "$N"
 
 			wps_possible=1
 			# Here we make the assumption that if we're in open mode

feeds/wifi-ax/hostapd/patches/900-coa.patch

@@ -0,0 +1,24 @@
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius_das.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius_das.c
++++ hostapd-2021-02-20-59e9794c/src/radius/radius_das.c
+@@ -48,6 +48,8 @@ static struct radius_msg * radius_das_di
+ 		RADIUS_ATTR_EVENT_TIMESTAMP,
+ 		RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+ 		RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
++		RADIUS_ATTR_VENDOR_SPECIFIC,
++		RADIUS_ATTR_CALLED_STATION_ID,
+ #ifdef CONFIG_IPV6
+ 		RADIUS_ATTR_NAS_IPV6_ADDRESS,
+ #endif /* CONFIG_IPV6 */
+@@ -205,9 +207,8 @@ static struct radius_msg * radius_das_co
+ 		RADIUS_ATTR_EVENT_TIMESTAMP,
+ 		RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+ 		RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
+-#ifdef CONFIG_HS20
+ 		RADIUS_ATTR_VENDOR_SPECIFIC,
+-#endif /* CONFIG_HS20 */
++		RADIUS_ATTR_CALLED_STATION_ID,
+ #ifdef CONFIG_IPV6
+ 		RADIUS_ATTR_NAS_IPV6_ADDRESS,
+ #endif /* CONFIG_IPV6 */

patches/backports/0034-hostapd-add-owe_transition_ifname.patch

@@ -0,0 +1,66 @@
+From 574539ee2cdbb3dd54086423c6dfdd19bb1c06a6 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Thu, 16 Jun 2022 01:55:26 +0200
+Subject: [PATCH] hostapd: add owe_transition_ifname
+
+Add the owe_transition_ifname config option to wifi-ifaces.
+
+This allows to configure OWE transition VAPs without adding SSID / BSSID
+to the uci conifg but instead autodiscovering these parameters from
+other networks on the same PHY.
+
+The following configuration creates a OWE transition mode network
+constellation.
+
+config wifi-iface 'open0'
+	option device 'radio0'
+	option ifname 'open0'
+	option network 'lan'
+	option mode 'ap'
+	option ssid 'FreeNet'
+	option encryption 'none'
+	option owe_transition_ifname 'owe0'
+
+config wifi-iface 'owe0'
+	option device 'radio0'
+	option ifname 'owe0'
+	option network 'lan'
+	option mode 'ap'
+	option ssid 'owe_tm.FreeNet'
+	option encryption 'owe'
+	option hidden '1'
+	option owe_transition_ifname 'open0'
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ package/network/services/hostapd/files/hostapd.sh | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
+index e5f816a55b..fa344bd2dd 100644
+--- a/package/network/services/hostapd/files/hostapd.sh
++++ b/package/network/services/hostapd/files/hostapd.sh
+@@ -335,6 +335,7 @@ hostapd_common_add_bss_config() {
+ 	config_add_int sae_pwe
+ 
+ 	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
++	config_add_string owe_transition_ifname
+ 
+ 	config_add_boolean iw_enabled iw_internet iw_asra iw_esr iw_uesa
+ 	config_add_int iw_access_network_type iw_venue_group iw_venue_type
+@@ -635,10 +636,11 @@ hostapd_set_bss_options() {
+ 
+ 	case "$auth_type" in
+ 		none|owe)
+-			json_get_vars owe_transition_bssid owe_transition_ssid
++			json_get_vars owe_transition_bssid owe_transition_ssid owe_transition_ifname
+ 
+ 			[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
+ 			[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
++			[ -n "$owe_transition_ifname" ] && append bss_conf "owe_transition_ifname=$owe_transition_ifname" "$N"
+ 
+ 			wps_possible=1
+ 			# Here we make the assumption that if we're in open mode
+-- 
+2.25.1
+

profiles/ucentral-ap.yml

@@ -17,6 +17,7 @@ packages:
   - atfpolicy
   - kmod-batman-adv
   - batctl-default
+  - bind-dig
   - cJSON
   - curl
   - dnsmasq-full
@@ -52,6 +53,7 @@ packages:
   - libustream-openssl
   - udevmand
   - umdns
+  - oping
   - vxlan
   - wpad-openssl
 diffconfig: |