Merge pull request #480 from Telecominfraproject/main

Various updates
ipq807x: Support for Indio WiFi6 AP -indoor and outdoor models based on IPQ6000
2025-10-31 10:28:06 +00:00 · 2022-09-26 16:12:15 -04:00 · 2022-09-26 22:06:53 +02:00 · 2022-09-26 22:06:53 +02:00 · 2022-09-26 22:06:53 +02:00 · 2022-09-26 22:06:53 +02:00
190 changed files with 32350 additions and 1964 deletions
--- a/.github/workflows/build-dev.yml
+++ b/.github/workflows/build-dev.yml
@@ -21,7 +21,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        target: ['actiontec_web7200', 'cig_wf188n', 'cig_wf194c', 'cig_wf194c4', 'cig_wf196', 'cig_wf610d', 'cig_wf808', 'cybertan_eww622-a1', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_ssw2ac2600', 'edgecore_spw2ac1200', 'edgecore_spw2ac1200-lan-poe', 'hfcl_ion4', 'hfcl_ion4xe', 'hfcl_ion4xi', 'indio_um-305ac', 'indio_um-305ax', 'indio_um-325ac', 'indio_um-510ac-v3', 'indio_um-550ac', 'linksys_ea6350-v4', 'linksys_e8450-ubi', 'linksys_ea8300', 'tp-link_ec420-g1', 'tplink_ex227', 'tplink_ex228', 'tplink_ex447', 'udaya_a5-id2', 'wallys_dr40x9', 'x64_vm' ]
+        target: ['actiontec_web7200', 'cig_wf188n', 'cig_wf196', 'cig_wf610d', 'cig_wf808', 'cybertan_eww622-a1', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_ssw2ac2600', 'edgecore_spw2ac1200', 'edgecore_spw2ac1200-lan-poe', 'hfcl_ion4', 'hfcl_ion4xe', 'hfcl_ion4xi', 'indio_um-305ac', 'indio_um-305ax', 'indio_um-325ac', 'indio_um-510ac-v3', 'indio_um-550ac', 'linksys_ea6350-v4', 'linksys_e8450-ubi', 'linksys_ea8300', 'meshpp_s618_cp03', 'meshpp_s618_cp01', 'udaya_a5-id2', 'wallys_dr40x9', 'wallys_dr6018', 'x64_vm' ]
    steps:
    - uses: actions/checkout@v2
--- a/feeds/facebook/fbwifi/Makefile
+++ b/feeds/facebook/fbwifi/Makefile
@@ -1,77 +0,0 @@
 # Copyright (c) Facebook, Inc. and its affiliates.
 # All rights reserved.
 #
 # This source code is licensed under the license found in the
 # LICENSE file in the root directory of this source tree.
 #
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fbwifi
 PKG_VERSION:=2
 PKG_RELEASE:=0
 PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=Simon Kinane <skinane@fb.com>
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 include $(INCLUDE_DIR)/package.mk
 define Package/fbwifi
  SUBMENU:=Captive Portals
  SECTION:=net
  CATEGORY:=Network
  DEPENDS:=+iptables +luasec +luasocket \
 	+libuci-lua +luaposix \
 	+lua-cjson +uhttpd
  TITLE:=Facebook Wi-Fi
  PKGARCH:=all
 endef
 define Package/fbwifi/description
  Facebook Wi-Fi, an AP authorisation solution
 endef
 define Package/luci-app-fbwifi
  SUBMENU:=3. Applications
  SECTION:=luci
  CATEGORY:=LuCI
  TITLE:=LuCI support for Facebook Wi-Fi
  DEPENDS:= \
 	+fbwifi \
 	+luci-base +luci-mod-network +luci-mod-status +luci-theme-bootstrap
 endef
 define Package/luci-app-fbwifi/description
  LuCI support for Facebook Wi-Fi
 endef
 define Package/fbwifi/conffiles
 /etc/config/fbwifi
 endef
 define Build/Prepare
 endef
 define Build/Configure
 endef
 define Build/Compile
 endef
 define Package/fbwifi/install
 	$(INSTALL_DIR) $(1)
 	$(CP) ./files/fbwifi/* $(1)/
 endef
 define Package/luci-app-fbwifi/install
 	$(INSTALL_DIR) $(1)
 	$(CP) ./files/luci-app-fbwifi/* $(1)
 endef
 $(eval $(call BuildPackage,fbwifi))
 $(eval $(call BuildPackage,luci-app-fbwifi))
--- a/feeds/facebook/fbwifi/README.md
+++ b/feeds/facebook/fbwifi/README.md
@@ -1,22 +0,0 @@
 # Facebook Wi-Fi v2.0 Reference Implementation for OpenWrt 
 ## Getting started
 Case studies for OEM customers are available at the official page of [Facebook Wi-Fi](https://www.facebook.com/facebook-wifi).
 For OEM engineers, start by reading the init script in [files/etc/init.d/fbwifi](https://github.com/facebookincubator/fbc_owrt_feed/blob/master/fbwifi/files/etc/init.d/fbwifi)
 To enable Facebook Wi-Fi, configure the gateway_token in `/etc/config/fbwifi`, and run `fbwifi enable`.
 To disable Facebook Wi-Fi, run `fbwifi disable`.
 ## Contents
 The 'files' subdirectory contains two subdirectories, one for the fbwifi
 package that implements the Facebook Wi-Fi v2.0 standard for OpenWrt, and
 another one containing a LuCI application to configure Facebook Wi-Fi.
 The folder structures follow *nix conventions:
 - 'etc' is the boot time scripts and configuration
 - 'usr' contains procedural scripts, lua common code module and GUI prototype for luci
 - 'www' contains the HTTP endpoints as CGI handlers 
--- a/feeds/facebook/fbwifi/files/fbwifi/etc/config/fbwifi
+++ b/feeds/facebook/fbwifi/files/fbwifi/etc/config/fbwifi
@@ -1,6 +0,0 @@
 config fbwifi 'main'
 	option enabled '0'
 	option gateway_token 'FBWIFI:GATEWAY|123456789|0123456789|abcdeABCDE123456789'
 	option http_port '2060'
 	option https_port '2061'
 	option zone 'lan'
--- a/feeds/facebook/fbwifi/files/fbwifi/etc/hotplug.d/iface/50-fbwifi
+++ b/feeds/facebook/fbwifi/files/fbwifi/etc/hotplug.d/iface/50-fbwifi
@@ -1,10 +0,0 @@
 #!/bin/sh
 [ "$ACTION" = ifup ] || exit 0
 /etc/init.d/fbwifi enabled || exit 0
 ip route get fibmatch 1.1.1.1 | grep -q "$DEVICE" || exit 0
 logger -t fbwifi "Reloading fbwifi due to $ACTION of $INTERFACE ($DEVICE)"
 /etc/init.d/fbwifi restart
--- a/feeds/facebook/fbwifi/files/fbwifi/etc/init.d/fbwifi
+++ b/feeds/facebook/fbwifi/files/fbwifi/etc/init.d/fbwifi
@@ -1,43 +0,0 @@
 #!/bin/sh /etc/rc.common
 START=90
 USE_PROCD=1
 reload_service() {
 	restart
 }
 service_triggers() {
 	procd_add_reload_trigger fbwifi
 }
 start_service() {
 	config_load fbwifi
 	config_get_bool enabled 'main' 'enabled' '0'
 	[ "$enabled" -eq 0 ] && return
 	config_get http_port main http_port
 	[ -z "$http_port" ] && {
 		logger -t fbwifi "required option http_port not set"
 		exit 1
 	}
 	config_get https_port main https_port
 	[ -z "$https_port" ] && {
 		logger -t fbwifi "required option https_port not set"
 		exit 1
 	}
 	logger "[fbwifi] Enabled; starting"
 	mkdir -p /tmp/fbwifi
 	/usr/sbin/fbwifi reload
 	procd_open_instance
 	procd_set_param command /usr/sbin/fbwifi_validate_token_db
 	procd_set_param respawn 1 300 0
 	procd_close_instance
 }
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/lib/lua/fbwifi.lua
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/lib/lua/fbwifi.lua
@@ -1,156 +0,0 @@
 -- SPDX-License-Identifier: GPL-2.0-only
 -- Copyright (c) Facebook, Inc. and its affiliates.
 --
 -- FBWIFI Lua library
 -- function table
 local fbwifi = {}
 local http = require("ssl.https")
 local json = require("cjson")
 local log = require("posix.syslog")
 local uci = require("uci")
 function fbwifi.gateway_token()
 	token = uci.get("fbwifi.main.gateway_token")
 	if token and string.len(token) > 0 then
 		return token
 	else
 		log.syslog( log.LOG_WARNING, "[fbwifi] UCI option fbwifi.main.gateway_token is missing" )
 		return nil
 	end 
 end
 function fbwifi.validate_token( token )
 	local valid = false
 	if string.len(token or '' ) > 0 then
 	        GATEWAY_TOKEN = fbwifi.gateway_token()
 	        URL="https://api.fbwifi.com/v2.0/token"
 	        BODY="token="..token
 	        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
 	        if code==200 then
 	                valid = true
 	        else
 	                log.syslog(log.LOG_WARNING, "[fbwifi] validate_token:"..body)
 	        end
 	end
 	return valid
 end
 local mac_to_purge=''
 function remove_client_by_mac(client)
 	state = uci.cursor("/var/state", "/tmp/fbwifi")
 	for key, value in pairs(client) do
 		if
 			key == 'mac' and
 			value == mac_to_purge
 		then
 			log.syslog(log.LOG_INFO, string.format("[fbwifi] Purging DB entry %s for MAC %s", client['.name'] or 'unknown', mac_to_purge) )
 			state:delete("fbwifi", client['.name'])
 			return
 		end
 	end
 end
 function fbwifi.instate_client_rule( token, client_mac )
 	log.syslog(log.LOG_INFO, "[fbwifi] Validating client "..client_mac)
 	state = uci.cursor("/var/state", "/tmp/fbwifi")
 	state_name = "token_" .. token
 	RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
 	RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
 	local RULE
 	log.syslog(log.LOG_INFO, string.format("[fbwifi] Cleaning DB for MAC %s", client_mac) )
 	mac_to_purge = client_mac
 	state:foreach("fbwifi", "client", remove_client_by_mac)
 	log.syslog(log.LOG_INFO, string.format("[fbwifi] Adding DB entry %s for MAC %s", state_name, client_mac) )
 	state:set("fbwifi", state_name, "client")
 	state:set("fbwifi", state_name, "token", token)
 	state:set("fbwifi", state_name, "mac", client_mac)
 	state:set("fbwifi", state_name, "authenticated", "true")
 	-- verify a rule exists for the given client MAC, 
 	--   OR install it
 	RULE=string.format(RULE_COND.." || "..RULE_FMT, client_mac, "A", client_mac)
 	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Opening iptables for %s", client_mac ) )
 	res = os.execute(RULE)
 	if res ~= 0 then 
 		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
 	end
 	log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
 	state:save('fbwifi')
 	state:commit('fbwifi')
 end
 function fbwifi.revoke_client_rule( token )
        if (token == nil) then
                log.syslog(log.LOG_INFO, "[fbwifi] Invalidating token, but token is Nil")
                return
        end
 	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Invalidating token (%s)", token) )
 	state = uci.cursor("/var/state", "/tmp/fbwifi")
 	state_name = "token_" .. token
 	client_mac = state:get("fbwifi", state_name, "mac")
 	if client_mac then
 		RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
 		RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
 		-- verify a rule exists for the given client MAC, 
 		--  AND delete it
 		RULE=string.format(RULE_COND.." && "..RULE_FMT, client_mac, "D", client_mac)
 		res = os.execute(RULE)
 		if res ~= 0 then 
 			log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
 		end
 		log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
 		state:delete("fbwifi", state_name)
 		state:save('fbwifi')
 		state:commit('fbwifi')
 	else
 		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Client MAC not found in DB (%s)", state_name ) )
 	end
 end
 function fbwifi.reset()
 	local success = false
        GATEWAY_TOKEN = fbwifi.gateway_token()
        URL="https://api.fbwifi.com/v2.0/gateway/reset"
 	BODY="{}"
        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
        if code==200 then
                log.syslog(log.LOG_INFO, "[fbwifi] Reset committed")
                success = true
        else
                log.syslog(log.LOG_WARNING, "[fbwifi] Reset failed : "..body)
        end
 	return success
 end
 --
 -- Return the function table to the host script
 --
 return fbwifi
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi
@@ -1,58 +0,0 @@
 #!/bin/sh
 case "$1" in
 disable)
 	uci set fbwifi.main.enabled=0
 	uci delete firewall.fbwifi
 	uci delete uhttpd.fbwifi_redirect
 	uci delete uhttpd.main.json_script
 	uci set uhttpd.main.cert='/etc/uhttpd.crt'
 	uci set uhttpd.main.key='/etc/uhttpd.key'
 	uci set uhttpd.main.rfc1918_filter=1
 	;;
 enable)
 	uci set fbwifi.main.enabled=1
 	uci set firewall.fbwifi=include
 	uci set firewall.fbwifi.enabled=1
 	uci set firewall.fbwifi.family=ipv4
 	uci set firewall.fbwifi.path=/usr/share/fbwifi/firewall.include
 	uci set firewall.fbwifi.reload=1
 	uci set firewall.fbwifi.type=script
 	uci set uhttpd.fbwifi_redirect=uhttpd
 	uci set uhttpd.fbwifi_redirect.enabled=1
 	uci set uhttpd.fbwifi_redirect.cert='/tmp/fbwifi/https_server_cert'
 	uci set uhttpd.fbwifi_redirect.home='/dev/null'
 	uci set uhttpd.fbwifi_redirect.json_script='/tmp/fbwifi/uhttpd-redirect.json'
 	uci set uhttpd.fbwifi_redirect.key='/tmp/fbwifi/https_server_key'
 	uci set uhttpd.fbwifi_redirect.listen_http='0.0.0.0:2060'
 	uci set uhttpd.fbwifi_redirect.listen_https='0.0.0.0:2061'
 	uci set uhttpd.main.cert='/tmp/fbwifi/https_server_cert'
 	uci set uhttpd.main.json_script='/usr/share/fbwifi/uhttpd.json'
 	uci set uhttpd.main.key='/tmp/fbwifi/https_server_key'
 	uci set uhttpd.main.rfc1918_filter=0
 	;;
 reload)
 	/usr/sbin/fbwifi_get_config
 	login_url=$(uci -c /var/state get fbwifi.main.captive_portal_url)
 	[ -z "$login_url" ] && {
 		logger -t fbwifi "captive_portal_url not available yet"
 		exit 1
 	}
 	printf '{ "request": [ ["redirect", "%s", 302] ] }' "$login_url" > /tmp/fbwifi/uhttpd-redirect.json
 	/etc/init.d/uhttpd restart
 	exit 0
 	;;
 esac
 uci commit
 /etc/init.d/uhttpd restart
 reload_config
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_debug_dump
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_debug_dump
@@ -1,8 +0,0 @@
 echo -e "Runtime configuration and token DB\n"
 uci -c /var/state export fbwifi
 echo -e "\nDynamic firewall flow rules\n"
 iptables -t mangle -L FBWIFI_CLIENT_TO_INTERNET
 echo -e "\nDHCP leases\n"
 cat /tmp/dhcp.leases
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_gateway_info_update
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_gateway_info_update
@@ -1,39 +0,0 @@
 #!/usr/bin/lua
 http = require("ssl.https")
 json = require("cjson")
 log = require("posix.syslog")
 socket = require("socket")
 require("uci")
 fbwifi = require("fbwifi")
 GATEWAY_TOKEN = fbwifi.gateway_token()
 state = uci.cursor("/var/state", "/tmp/fbwifi")
 payload="name="..socket.dns.gethostname()
 function queue_ssid_update(iface)
 	bssid_file="/sys/class/net/br-"..iface["network"].."/address"
 	local file = io.open(bssid_file)
        if file then
            for line in file:lines() do
 		payload=payload.."&bssid[]="..line
            end
 	    file:close()
 	    payload=payload.."ssid[]="..iface["ssid"]
        else
 	    log.syslog(log.LOG_WARNING, "[fbwifi] Failed to find BSSID for interface br-"..iface["network"])
        end
 end
 state:foreach("wireless", "wifi-iface", queue_ssid_update)
 URL="https://api.fbwifi.com/v2.0/gateway"
 body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, payload)
 if code == 200 then 
 	log.syslog(log.LOG_INFO, "[fbwifi] gateway information updated "..body)
 	os.exit(0)
 else
 	log.syslog(log.LOG_WARNING, "[fbwifi] gateway API failed "..body)
 	os.exit(code)
 end
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_get_config
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_get_config
@@ -1,111 +0,0 @@
 #!/usr/bin/lua
 http = require("ssl.https")
 json = require("cjson")
 require("uci")
 log = require("posix.syslog")
 fbwifi = require("fbwifi")
 GATEWAY_TOKEN = fbwifi.gateway_token()
 http_port = uci.get("fbwifi.main.http_port")
 https_port = uci.get("fbwifi.main.https_port")
 statefile = assert(io.open("/var/state/fbwifi", "a"), "could not create state file")
 statefile:close()
 state = uci.cursor("/var/state", "/tmp/fbwifi")
 URL="https://api.fbwifi.com/v2.0/gateway"
 body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN.."&fields=config,config_version")
 if code == 200 then
 	log.syslog(log.LOG_INFO, "[fbwifi] Got gateway config ("..code..")")
 else
 	log.syslog(log.LOG_CRIT, "[fbwifi] Failed to get gateway config ("..code..")")
 	os.exit(1)
 end
 obj = json.decode(body)
 function save_cert(name, value)
 	log.syslog(log.LOG_INFO, "[fbwifi] Saving cert "..name)
 	local f = assert(io.open("/tmp/fbwifi/"..name, "w"))
 	f:write(value)
 	f:close()
 end
 function process_redirect(ix, host)
 	IP_SET = "ip addr replace dev lo "..host
 	local result = os.execute(IP_SET)
 	if result == 0 then
 		log.syslog(log.LOG_INFO, "[fbwifi] Redirect address applied "..host)
 	else
 		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to apply redirect address "..host)
 	end
 	ip = string.match(host, '([0-9\.]*)/([0-9]*)')
 	RULE_FMT="grep -q \"%s\" /etc/hosts || echo \"%s\tstar.fbwifigateway.net\" >> /etc/hosts"
 	HOSTS_RULE = string.format(RULE_FMT, ip, ip)
 	result = os.execute(HOSTS_RULE)
 	if result == 0 then
 		log.syslog(log.LOG_INFO, "[fbwifi] Cached redirect host for DNS")
 	else
 		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to amend /etc/hosts")
 		log.syslog(log.LOG_INFO, "[fbwifi] "..HOSTS_RULE)
 	end
 	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 80 -d "..ip.." -j ACCEPT # REDIRECT --to-ports "..http_port)
 	--print(result)
 	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 443 -d "..ip.."  -j ACCEPT # REDIRECT --to-ports "..https_port)
 	--print(result)
 end
 save_cert("https_server_cert", obj['config']['https_server_cert'])
 save_cert("https_server_key", obj['config']['https_server_key'])
 result = os.execute("iptables -t nat -F FBWIFI_HOST_REDIRLIST")
 --print(result)
 table.foreach(obj['config']['host_redirect_ips'], process_redirect)
 RULE_FORMAT = "iptables -t mangle -A FBWIFI_TRAFFIC_ALLOWLIST -d %s -p %s --dport %s -j MARK --set-mark 0xfb"
 function process_traffic_rule(ix, rule)
 	log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
 	if rule["protocol"] == 6 then
 		PROTO = "tcp"
 	elseif rule["protocol"] == 17 then
 		PROTO = "udp"
 	end
 	RULE = string.format(RULE_FORMAT, rule["ip"], PROTO, rule["port"])
 	local result = os.execute(RULE)
 	if result == 0 then
 		log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
 	else
 		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to install traffic rule ; "..RULE)
 	end
 end
 local cross_origin_list = {}
 function process_cross_origin_rule(ix, url)
 	log.syslog(log.LOG_INFO, "[fbwifi] Cross origin rule "..url)
 	table.insert(cross_origin_list, url)
 end
 function process_url(url_purpose, fqdn)
 	log.syslog(log.LOG_INFO, "[fbwifi] Caching "..url_purpose)
 	state:set("fbwifi", "main", url_purpose, fqdn)	
 end
 state:set("fbwifi", "main", "config")
 result = os.execute("iptables -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST ")
 --print(result)
 table.foreach(obj['config']['traffic_allowlist'], process_traffic_rule)
 table.foreach(obj['config']['cross_origin_allowlist'], process_cross_origin_rule)
 table.foreach(obj['config']['urls'], process_url)
 state:set("fbwifi", "main", "cross_origin_allow_rules", cross_origin_list)
 state:set("fbwifi", "main", "config_version", obj['config_version'])
 state:save('fbwifi')
 state:commit('fbwifi')
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_validate_token_db
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_validate_token_db
@@ -1,75 +0,0 @@
 #!/usr/bin/lua
 https = require("ssl.https")
 json = require("cjson")
 log = require("posix.syslog")
 fbwifi = require("fbwifi")
 require("uci")
 state = uci.cursor("/var/state", "/tmp/fbwifi")
 GATEWAY_TOKEN = fbwifi.gateway_token()
 request = { 
 	tokens = {}, 
 	traffic_type = "total",
 	config_version = state:get("fbwifi", "main", "config_version")
 }
 function queue_token(client)
 	request.tokens[client.token]={
 		incoming = json.null,
 		outgoing = json.null,
 		connected_time_sec = json.null,
 		inactive_time_sec = json.null,
 		signal_rssi_dbm = json.null,
 		--expected_tpus_mbps = json.null,
 		is_connected = true
 	}
 end
 state:foreach("fbwifi", "client", queue_token)
 print( "\nRequest:\n"..json.encode(request) )
 URL="https://api.fbwifi.com/v2.0/tokens"
 BODY=string.format(
 	"tokens=%s&traffic_type=%s&config_version=%s",
 	json.encode(request.tokens),
 	"total",
 	state:get("fbwifi", "main", "config_version")
 )
 body, code, headers = https.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
 if code then
 	print( "\nResponse:\n"..body )
 end
 response = json.decode(body)
 --print(response)
 --table.foreach(response,print)
 --table.foreach(response.tokens,print)
 if response.config_valid then
 	log.syslog(log.LOG_INFO, "[fbwifi] Config validated")
 else
 	log.syslog(log.LOG_WARNING, "[fbwifi] config is stale, refreshing config")
        local result = os.execute("/usr/sbin/fbwifi reload")
        if result == 0 then
                log.syslog(log.LOG_INFO, "[fbwifi] successfully fetched and loaded new config ")
        else
                log.syslog(log.LOG_WARNING, "[fbwifi] failed to fetch and load new config, possible stale config")
        end
 end
 function process_token(token, metadata)
 	table.foreach(metadata,print)
 	if metadata.valid then
 		print("OK: "..token)	
 	else
 		print("Nok: "..token)	
 		fbwifi.revoke_client_rule( token )
 	end
 end
 table.foreach(response.tokens,process_token)
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/share/fbwifi/firewall.include
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/share/fbwifi/firewall.include
@@ -1,75 +0,0 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-2.0-only
 # Copyright (c) Facebook, Inc. and its affiliates.
 IPT4="/usr/sbin/iptables"
 set -- --wait 1 --wait-interval 100
 fbwifi_http_port="$(uci get fbwifi.main.http_port)"
 [ -n "$fbwifi_http_port" ] || {
 	logger -t fbwifi "required option http_port not set"
 	exit 1
 }
 fbwifi_https_port="$(uci get fbwifi.main.https_port)"
 [ -n "$fbwifi_https_port" ] || {
 	logger -t fbwifi "required option https_port not set"
 	exit 1
 }
 fbwifi_zone="$(uci get fbwifi.main.zone)"
 [ -n "$fbwifi_zone" ] || {
 	logger -t fbwifi "required option zone  not set"
 	exit 1
 }
 fbwifi_ifaces="$(fw3 -q zone "$fbwifi_zone")"
 ## Create custom chains
 "$IPT4" "$@" -t filter -N FBWIFI_FORWARD 2>/dev/null
 "$IPT4" "$@" -t filter -N FBWIFI_INPUT 2>/dev/null
 "$IPT4" "$@" -t mangle -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
 "$IPT4" "$@" -t mangle -N FBWIFI_PREROUTING 2>/dev/null
 "$IPT4" "$@" -t mangle -N FBWIFI_TRAFFIC_ALLOWLIST 2>/dev/null
 "$IPT4" "$@" -t nat -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
 "$IPT4" "$@" -t nat -N FBWIFI_PREROUTING 2>/dev/null
 "$IPT4" "$@" -t nat -N FBWIFI_HOST_REDIRLIST 2>/dev/null
 ## Flush custom chains
 "$IPT4" "$@" -t filter -F FBWIFI_FORWARD
 "$IPT4" "$@" -t filter -F FBWIFI_INPUT
 "$IPT4" "$@" -t mangle -F FBWIFI_CLIENT_TO_INTERNET
 "$IPT4" "$@" -t mangle -F FBWIFI_PREROUTING
 "$IPT4" "$@" -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST
 "$IPT4" "$@" -t nat -F FBWIFI_CLIENT_TO_INTERNET
 "$IPT4" "$@" -t nat -F FBWIFI_PREROUTING
 "$IPT4" "$@" -t nat -F FBWIFI_HOST_REDIRLIST
 ## Populate custom chains
 "$IPT4" "$@" -t filter -A FBWIFI_FORWARD -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
 "$IPT4" "$@" -t filter -A FBWIFI_FORWARD -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
 "$IPT4" "$@" -t filter -A FBWIFI_FORWARD -j REJECT
 "$IPT4" "$@" -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_http_port" -m conntrack --ctstate NEW -j ACCEPT
 "$IPT4" "$@" -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_https_port"  -m conntrack --ctstate NEW -j ACCEPT
 "$IPT4" "$@" -t filter -A FBWIFI_INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
 "$IPT4" "$@" -t mangle -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
 "$IPT4" "$@" -t mangle -A FBWIFI_PREROUTING -j FBWIFI_TRAFFIC_ALLOWLIST
 "$IPT4" "$@" -t nat -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
 "$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
 "$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
 "$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p udp --dport 443 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
 "$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
 "$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
 "$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p udp --dport 443 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
 "$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j REDIRECT --to-ports "$fbwifi_http_port"
 ## Hook custom chains in firewall3 chains
 "$IPT4" "$@" -t filter -I "zone_${fbwifi_zone}_input" 2 -j FBWIFI_INPUT
 "$IPT4" "$@" -t filter -I "zone_${fbwifi_zone}_forward" 2 -j FBWIFI_FORWARD
 "$IPT4" "$@" -t nat -I "zone_${fbwifi_zone}_prerouting" 2 -j FBWIFI_PREROUTING
 # There are no firewall3 zone chains in the mangle table so we need to do this for all interfaces in the zone
 for iface in $fbwifi_ifaces; do
 	"$IPT4" "$@" -t mangle -I PREROUTING -i "$iface" -j FBWIFI_PREROUTING
 done
--- a/feeds/facebook/fbwifi/files/fbwifi/usr/share/fbwifi/uhttpd.json
+++ b/feeds/facebook/fbwifi/files/fbwifi/usr/share/fbwifi/uhttpd.json
@@ -1,8 +0,0 @@
 {
  "request": [
    [ "if",
      [ "regex", "REQUEST_URI", "^/fbwifi" ],
      [ "rewrite", "/cgi-bin%REQUEST_URI%" ]
    ]
  ]
 }
--- a/feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/auth
+++ b/feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/auth
@@ -1,70 +0,0 @@
 #!/usr/bin/lua
 require("uci")
 log = require("posix.syslog")
 fbwifi = require("fbwifi")
 state = uci.cursor("/var/state", "/tmp/fbwifi")
 function process_cors()
 	origin = os.getenv("HTTP_ORIGIN")
 	log.syslog(log.LOG_INFO, string.format("[fbwifi] [auth] process_cors origin %s", origin or 'not found') )
 	if string.len(origin or '') > 0 then
 		allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
 		for _, value in pairs(allow_list) do
    			if value == origin then
 				log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors Appending CORS Headers to HTTP")
 				print("Access-Control-Allow-Origin: "..origin)
 				print("Vary: Origin")
 				break
 			end
 		end
 	else	
 		log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors No CORS Headers added to Response")
 	end
 end
 method = os.getenv("REQUEST_METHOD")
 if method == 'GET' then
 	log.syslog(log.LOG_INFO, "[fbwifi] [auth] GET handler")
 	print("Status: 302 Found")
 	print("Location: "..state:get("fbwifi", "main", "landing_page_url"))
 	process_cors()
 	print ('\n')
 elseif method == 'POST' then
 	local token
 	log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler")
 	process_cors()
 	print("Status: 200 OK")
 	form_data=io.read()
 	while form_data do
 		token = string.match(form_data, '[%d]+')
 		if string.len(token or '') > 14 then
 			client = os.getenv("REMOTE_ADDR")
 			f = io.popen("awk '/"..client..".*0x2/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
 			client_mac = assert(f:read('*a'))
 			f:close()
 			if fbwifi.validate_token(token) then
                                log.syslog(log.LOG_INFO, string.format( "[fbwifi] [auth] POST handler : Validating Token (%s) for MAC (%s)", token or 'nil', client_mac or 'nil') )
 				fbwifi.instate_client_rule(token, client_mac)
 				print("\n{\"valid\":true}\n")
 			else
                                log.syslog(log.LOG_WARNING, string.format( "[fbwifi] [auth] POST handler : ! Invalid token (%s) for mac (%s) !", token or 'nil', client_mac or 'nil') )
 				fbwifi.revoke_client_rule(token)
 				print("\n{\"valid\":false}\n")
 			end
 			log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler completed")
 			return
 		end
 		form_data=io.read()
 	end
 	print ('\n')
 	log.syslog(log.LOG_WARNING, string.format("[fbwifi] [auth] POST handler : token not found" ))
 	fbwifi.revoke_client_rule(token)
 	print("\n{\"valid\":false}\n")
 end
--- a/feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/capport
+++ b/feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/capport
@@ -1,42 +0,0 @@
 #!/usr/bin/lua
 json = require("cjson")
 require("uci")
 state = uci.cursor("/var/state", "/tmp/fbwifi")
 client_mac = ""
 token = ""
 response = {}
 response['venue-info-url'] = state:get("fbwifi", "main", "capport_venue_info_url")
 function map_remote_mac_to_token(client)
        for key, value in pairs(client) do
                if
                        key == 'mac' and
                        value == client_mac
                then
 			token = client.token
                        return false
                end
        end
 end
 function hasValidToken(client_ip)
 	f = io.popen("awk '/"..client_ip..".*0x2/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
 	client_mac = assert(f:read('*a'))
 	f:close()
 	state:foreach("fbwifi", "client", map_remote_mac_to_token)
 	return 0 < string.len(token)
 end
 print("Content-type: application/captive+json; charset=utf-8\n")
 client = os.getenv("REMOTE_ADDR")
 response['captive'] = not hasValidToken(client)
 if response['captive'] then
 	response['user-portal-url'] = state:get("fbwifi", "main", "captive_portal_url")
 end
 print( json.encode(response) )
--- a/feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/info
+++ b/feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/info
@@ -1,57 +0,0 @@
 #!/usr/bin/lua
 json = require("cjson")
 fbwifi = require("fbwifi")
 state = uci.cursor("/var/state", "/tmp/fbwifi")
 GATEWAY_TOKEN = fbwifi.gateway_token()
 response = { api_version = "2.0", token = json.null }
 client_mac = ""
 function process_cors()
        origin = os.getenv("HTTP_ORIGIN")
        if string.len(origin or '') > 0 then
                allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
                for _, value in pairs(allow_list) do
                        if value == origin then
                                print("Access-Control-Allow-Origin: "..origin)
                                print("Vary: Origin")
                                break
                        end
                end
        end
 end
 function map_remote_mac_to_token(client)
 	for key, value in pairs(client) do
 		if
 			key == 'mac' and
 			value == client_mac
 		then
 			response.token = client.token
 			return false -- escape outer loop
 		end
 	end
 end
 function getClientToken(client_ip)
 	f = io.popen("awk '/"..client_ip..".*0x2/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
 	client_mac = assert(f:read('*a'))
 	f:close()
 	state:foreach("fbwifi", "client", map_remote_mac_to_token)
 end
 function getGatewayId()
 	id = string.match(GATEWAY_TOKEN, 'FBWIFI:GATEWAY|[0-9]*|([0-9]*)')
 	return id
 end
 process_cors()
 print("Content-type: application/json; charset=utf-8\n")
 getClientToken(os.getenv("REMOTE_ADDR"))
 response.gateway_id = getGatewayId()
 print( json.encode(response) )
--- a/feeds/facebook/fbwifi/files/luci-app-fbwifi/usr/lib/lua/luci/controller/fbwifi.lua
+++ b/feeds/facebook/fbwifi/files/luci-app-fbwifi/usr/lib/lua/luci/controller/fbwifi.lua
@@ -1,12 +0,0 @@
 -- SPDX-License-Identifier: GPL-2.0-only
 -- Copyright (c) Facebook, Inc. and its affiliates.
 module("luci.controller.fbwifi", package.seeall)
 sys = require "luci.sys"
 ut = require "luci.util"
 function index()
    entry({"admin", "network", "fbwifi"}, template("fbwifi"), "Facebook Wi-Fi", 90).dependent=false
 end
--- a/feeds/facebook/fbwifi/files/luci-app-fbwifi/usr/lib/lua/luci/view/fbwifi.htm
+++ b/feeds/facebook/fbwifi/files/luci-app-fbwifi/usr/lib/lua/luci/view/fbwifi.htm
@@ -1,16 +0,0 @@
 <%#
 Copyright
 Licensed to the public under the GNU General Public License v2.
 -%>
 <%+header%>
 <h1>Facebook Wi-Fi</h1>
 <%
 	require("uci")
 	state = uci.cursor("/var/state", "/tmp/fbwifi")
 	url = state:get("fbwifi", "main", "captive_portal_config_url")
 %>
 <a href="<% print(url) %>">Configure FB business page</a>
 <%+footer%>
--- a/feeds/ipq807x/ipq807x/base-files/etc/board.d/02_network
+++ b/feeds/ipq807x/ipq807x/base-files/etc/board.d/02_network
@@ -31,10 +31,15 @@ qcom_setup_interfaces()
 	cig,wf194c|\
 	cig,wf194c4|\
 	edgecore,eap106|\
 	indio,um-310ax-v1|\
 	indio,um-510axp-v1|\
 	indio,um-510axm-v1|\
 	qcom,ipq5018-mp03.3|\
 	yuncore,ax840|\
 	motorola,q14|\
-	sercomm,wallaby)
+	sercomm,wallaby|\
 	plasmacloud,pax1800-v1|\
 	plasmacloud,pax1800-v2)
 		ucidef_set_interface_lan "eth0"
 		ucidef_set_interface_wan "eth1"
 		;;
@@ -56,7 +61,9 @@ qcom_setup_interfaces()
 		ucidef_set_interface_wan "eth4"
 		;;
 	wallys,dr6018-v4|\
-	glinet,ax1800)
+	glinet,ax1800|\
 	meshpp,s618-cp03|\
 	meshpp,s618-cp01)
 		ucidef_set_interface_lan "eth1 eth2 eth3 eth4"
 		ucidef_set_interface_wan "eth0"
 		;;
@@ -95,6 +102,13 @@ qcom_setup_macs()
 		ucidef_set_network_device_mac eth1 $lan_mac
 		ucidef_set_label_macaddr $wan_mac
 		;;
 	indio,um-310ax-v1|\
 	indio,um-510axp-v1|\
 	indio,um-510axm-v1|\
 	yuncore,ax840)
 		wan_mac=$(cat /sys/class/net/eth1/address)
 		lan_mac=$(macaddr_add "$wan_mac" 1)
 		;;
 	*)
 		wan_mac=$(cat /sys/class/net/eth0/address)
 		lan_mac=$(macaddr_add "$wan_mac" 1)
--- a/feeds/ipq807x/ipq807x/base-files/etc/hotplug.d/firmware/10-ath11k-caldata
+++ b/feeds/ipq807x/ipq807x/base-files/etc/hotplug.d/firmware/10-ath11k-caldata
@@ -49,6 +49,15 @@ ath11k_generate_macs_ion4x() {
 	echo -ne \\x${wifimac2//:/\\x} >> /lib/firmware/ath11k-macs
 }
 ath11k_generate_macs_pax1800() {
 	touch /lib/firmware/ath11k-macs
 	eth=$(cat /sys/class/net/eth0/address)
 	mac1=$(macaddr_add $eth 10)
 	mac2=$(macaddr_add $eth 2)
 	echo -ne \\x${mac1//:/\\x} >> /lib/firmware/ath11k-macs
 	echo -ne \\x${mac2//:/\\x} >> /lib/firmware/ath11k-macs
 }
 caldata_die() {
        echo "caldata: " "$*"
        exit 1
@@ -77,6 +86,9 @@ case "$FIRMWARE" in
 	cig,wf196|\
 	edgecore,eap102 |\
 	edgecore,eap106 |\
 	indio,um-310ax-v1|\
 	indio,um-510axp-v1|\
 	indio,um-510axm-v1|\
 	qcom,ipq807x-hk01|\
 	qcom,ipq807x-hk14|\
 	tplink,ex227|\
@@ -96,9 +108,14 @@ case "$FIRMWARE" in
 	hfcl,ion4xe|\
 	wallys,dr6018|\
 	wallys,dr6018-v4|\
 	meshpp,ipq6018-cp01|\
 	meshpp,ipq6018-cp03|\
 	qcom,ipq6018-cp03|\
 	qcom,ipq6018-cp01|\
 	xiaomi,ax1800|\
-	glinet,ax1800)
+	glinet,ax1800|\
 	plasmacloud,pax1800-v1|\
 	plasmacloud,pax1800-v2)
                caldata_extract "0:ART" 0x1000 0x20000  
 		;;
 	esac
@@ -131,6 +148,7 @@ ath11k/qcn6122/hw1.0/caldata_2.bin)
 ath11k/QCN9074/hw1.0/caldata_1.bin)
 	case "$board" in
 	cig,wf196|\
 	wallys,dr6018-v4|\
 	cybertan,eww622-a1|\
 	qcom,ipq5018-mp03.1|\
 	qcom,ipq807x-hk14)
@@ -155,8 +173,12 @@ ath11k-macs)
 	edgecore,eap101)
 		ath11k_generate_macs_eap101
 		;;
 	yuncore,ax840|\
 	edgecore,eap102|\
 	edgecore,eap106|\
 	indio,um-310ax-v1|\
 	indio,um-510axp-v1|\
 	indio,um-510axm-v1|\
 	cig,wf188n)
 		ath11k_generate_macs
 		;;
@@ -164,6 +186,10 @@ ath11k-macs)
 	cig,wf194c)
 		ath11k_generate_macs_wf194
 		;;
 	plasmacloud,pax1800-v1|\
 	plasmacloud,pax1800-v2)
 		ath11k_generate_macs_pax1800
 		;;
 	esac
 	;;
 *)
--- a/feeds/ipq807x/ipq807x/base-files/lib/upgrade/dualboot_datachk.sh
+++ b/feeds/ipq807x/ipq807x/base-files/lib/upgrade/dualboot_datachk.sh
@@ -0,0 +1,126 @@
 # The U-Boot loader with the datachk patchset for dualbooting requires image
 # sizes and checksums to be provided in the U-Boot environment.
 # The devices come with 2 main partitions - while one is active
 # sysupgrade will flash the other. The boot order is changed to boot the
 # newly flashed partition. If the new partition can't be booted due to
 # upgrade failures the previously used partition is loaded.
 platform_post_upgrade_sanity_check()
 {
 	local part_name=$1
 	local inactive_mtd=$2
 	local cfg_md5=$3
 	local part_offset=$4
 	local part_size=$5
 	md5_part_disk=$(dd if=/dev/${inactive_mtd} bs=$((64*1024)) skip=$((part_offset / (64*1024))) count=$((part_size / (64*1024))) 2>&- | md5sum | awk '{print $1}')
 	if [ "${cfg_md5}" != "${md5_part_disk}" ]; then
 	      echo "post-flashing checksum mismatch: ${part_name}" >&2
 	      echo "${cfg_md5} != ${md5_part_disk}"
 	      return 1
 	fi
 	return 0
 }
 platform_do_upgrade_dualboot_datachk() {
 	local tar_file="$1"
 	local restore_backup
 	local primary_kernel_mtd
 	local setenv_script="/tmp/fw_env_upgrade"
 	local kernel_mtd="$(find_mtd_index $PART_NAME)"
 	local kernel_offset="$(cat /sys/class/mtd/mtd${kernel_mtd}/offset)"
 	local total_size="$(cat /sys/class/mtd/mtd${kernel_mtd}/size)"
 	# detect to which flash region the new image is written to.
 	#
 	# 1. check what is the mtd index for the first flash region on this
 	#    device
 	# 2. check if the target partition ("inactive") has the mtd index of
 	#    the first flash region
 	#
 	#    - when it is: the new bootseq will be 1,2 and the first region is
 	#      modified
 	#    - when it isnt: bootseq will be 2,1 and the second region is
 	#      modified
 	#
 	# The detection has to be done via the hardcoded mtd partition because
 	# the current boot might be done with the fallback region. Let us
 	# assume that the current bootseq is 1,2. The bootloader detected that
 	# the image in flash region 1 is corrupt and thus switches to flash
 	# region 2. The bootseq in the u-boot-env is now still the same and
 	# the sysupgrade code can now only rely on the actual mtd indexes and
 	# not the bootseq variable to detect the currently booted flash
 	# region/image.
 	#
 	# In the above example, an implementation which uses bootseq ("1,2") to
 	# detect the currently booted image would assume that region 1 is booted
 	# and then overwrite the variables for the wrong flash region (aka the
 	# one which isn't modified). This could result in a device which doesn't
 	# boot anymore to Linux until it was reflashed with ap51-flash.
 	local next_boot_part="1"
 	case "$(board_name)" in
 	plasmacloud,pax1800-v1|\
 	plasmacloud,pax1800-v2)
 		primary_kernel_mtd=9
 		;;
 	*)
 		echo "failed to detect primary kernel mtd partition for board"
 		return 1
 		;;
 	esac
 	[ "$kernel_mtd" = "$primary_kernel_mtd" ] || next_boot_part="2"
 	local board_dir=$(tar tf $tar_file | grep -m 1 '^sysupgrade-.*/$')
 	board_dir=${board_dir%/}
 	local kernel_length=$(tar xf $tar_file ${board_dir}/kernel -O | wc -c)
 	local rootfs_length=$(tar xf $tar_file ${board_dir}/root -O | wc -c)
 	# rootfs without EOF marker
 	rootfs_length=$((rootfs_length-4))
 	local kernel_md5=$(tar xf $tar_file ${board_dir}/kernel -O | md5sum); kernel_md5="${kernel_md5%% *}"
 	# md5 checksum of rootfs with EOF marker
 	local rootfs_md5=$(tar xf $tar_file ${board_dir}/root -O | dd bs=1 count=$rootfs_length | md5sum); rootfs_md5="${rootfs_md5%% *}"
 	#
 	# add tar support to get_image() to use default_do_upgrade() instead?
 	#
 	# take care of restoring a saved config
 	[ -n "$UPGRADE_BACKUP" ] && restore_backup="${MTD_CONFIG_ARGS} -j ${UPGRADE_BACKUP}"
 	mtd -q erase inactive
 	tar xf $tar_file ${board_dir}/root -O | mtd -n -p $kernel_length $restore_backup write - $PART_NAME
 	tar xf $tar_file ${board_dir}/kernel -O | mtd -n write - $PART_NAME
 	platform_post_upgrade_sanity_check "kernel" "mtd${kernel_mtd}" $kernel_md5 0 $kernel_length || return 1
 	platform_post_upgrade_sanity_check "rootfs" "mtd${kernel_mtd}" $rootfs_md5 $kernel_length $rootfs_length || return 1
 	# prepare new u-boot env
 	if [ "$next_boot_part" = "1" ]; then
 		echo "bootseq 1,2" > $setenv_script
 	else
 		echo "bootseq 2,1" > $setenv_script
 	fi
 	printf "kernel_size_%i 0x%08x\n" $next_boot_part $kernel_length >> $setenv_script
 	printf "vmlinux_start_addr 0x%08x\n" ${kernel_offset} >> $setenv_script
 	printf "vmlinux_size 0x%08x\n" ${kernel_length} >> $setenv_script
 	printf "vmlinux_checksum %s\n" ${kernel_md5} >> $setenv_script
 	printf "rootfs_size_%i 0x%08x\n" $next_boot_part $((total_size-kernel_length)) >> $setenv_script
 	printf "rootfs_start_addr 0x%08x\n" $((kernel_offset+kernel_length)) >> $setenv_script
 	printf "rootfs_size 0x%08x\n" ${rootfs_length} >> $setenv_script
 	printf "rootfs_checksum %s\n" ${rootfs_md5} >> $setenv_script
 	# store u-boot env changes
 	mkdir -p /var/lock
 	fw_setenv -s $setenv_script || {
 		echo "failed to update U-Boot environment"
 		return 1
 	}
 }
--- a/feeds/ipq807x/ipq807x/base-files/lib/upgrade/platform.sh
+++ b/feeds/ipq807x/ipq807x/base-files/lib/upgrade/platform.sh
@@ -1,7 +1,8 @@
 . /lib/functions/system.sh
-RAMFS_COPY_BIN='fw_printenv fw_setenv'
+
-RAMFS_COPY_DATA='/etc/fw_env.config /var/lock/fw_printenv.lock'
+RAMFS_COPY_BIN='fw_setenv'
 RAMFS_COPY_DATA='/etc/fw_env.config /var/lock/fw_printenv.lock /tmp/downgrade'
 qca_do_upgrade() {
        local tar_file="$1"
@@ -75,6 +76,9 @@ platform_check_image() {
 	cybertan,eww622-a1|\
 	glinet,ax1800|\
 	glinet,axt1800|\
 	indio,um-310ax-v1|\
 	indio,um-510axp-v1|\
 	indio,um-510axm-v1|\
 	wallys,dr6018|\
 	wallys,dr6018-v4|\
 	edgecore,eap101|\
@@ -83,6 +87,8 @@ platform_check_image() {
 	edgecore,eap106|\
 	hfcl,ion4xi|\
 	hfcl,ion4xe|\
 	plasmacloud,pax1800-v1|\
 	plasmacloud,pax1800-v2|\
 	tplink,ex227|\
 	tplink,ex447|\
 	yuncore,ax840|\
@@ -115,9 +121,11 @@ platform_do_upgrade() {
 	cig,wf194c4|\
 	cig,wf196|\
 	cybertan,eww622-a1|\
 	edgecore,eap104|\
 	glinet,ax1800|\
 	glinet,axt1800|\
 	indio,um-310ax-v1|\
 	indio,um-510axp-v1|\
 	indio,um-510axm-v1|\
 	qcom,ipq6018-cp01|\
 	qcom,ipq807x-hk01|\
 	qcom,ipq807x-hk14|\
@@ -126,7 +134,9 @@ platform_do_upgrade() {
 	wallys,dr6018-v4|\
 	yuncore,ax840|\
 	tplink,ex447|\
-	tplink,ex227)	
+	tplink,ex227|\
 	meshpp,s618-cp03|\
 	meshpp,s618-cp01)
 		nand_upgrade_tar "$1"
 		;;
 	hfcl,ion4xi|\
@@ -140,6 +150,7 @@ platform_do_upgrade() {
 		fi
 		nand_upgrade_tar "$1"
 		;;
 	edgecore,eap104|\
 	edgecore,eap106)
 		CI_UBIPART="rootfs1"
 		[ "$(find_mtd_chardev rootfs)" ] && CI_UBIPART="rootfs"
@@ -150,7 +161,11 @@ platform_do_upgrade() {
 		if [ "$(find_mtd_chardev rootfs)" ]; then
 			CI_UBIPART="rootfs"
 		else
-			if grep -q rootfs1 /proc/cmdline; then
+			if [ -e /tmp/downgrade ]; then
 				CI_UBIPART="rootfs1"
 				fw_setenv active 1 || exit 1
 				fw_setenv upgrade_available 0 || exit 1
 			elif grep -q rootfs1 /proc/cmdline; then
 				CI_UBIPART="rootfs2"
 				fw_setenv active 2 || exit 1
 			else
@@ -160,5 +175,10 @@ platform_do_upgrade() {
 		fi
 		nand_upgrade_tar "$1"
 		;;
 	plasmacloud,pax1800-v1|\
 	plasmacloud,pax1800-v2)
 		PART_NAME="inactive"
 		platform_do_upgrade_dualboot_datachk "$1"
 		;;
 	esac
 }
--- a/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-indio-um-310ax-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-indio-um-310ax-v1.dts
@@ -0,0 +1,18 @@
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "../../../arm64/boot/dts/qcom/qcom-ipq6018-indio-um-310ax-v1.dts"
 #include "qcom-ipq6018.dtsi"
--- a/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-indio-um-510axm-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-indio-um-510axm-v1.dts
@@ -0,0 +1,18 @@
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "../../../arm64/boot/dts/qcom/qcom-ipq6018-indio-um-510axm-v1.dts"
 #include "qcom-ipq6018.dtsi"
--- a/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-indio-um-510axp-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-indio-um-510axp-v1.dts
@@ -0,0 +1,18 @@
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "../../../arm64/boot/dts/qcom/qcom-ipq6018-indio-um-510axp-v1.dts"
 #include "qcom-ipq6018.dtsi"
--- a/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-meshpp-s618-cp01.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-meshpp-s618-cp01.dts
@@ -0,0 +1,2 @@
 #include "../../../arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp01.dts"
 #include "qcom-ipq6018.dtsi"
--- a/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-meshpp-s618-cp03.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-meshpp-s618-cp03.dts
@@ -0,0 +1,2 @@
 #include "../../../arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp03.dts"
 #include "qcom-ipq6018.dtsi"
--- a/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-pax1800-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-pax1800-v1.dts
@@ -0,0 +1,18 @@
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "../../../arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v1.dts"
 #include "qcom-ipq6018.dtsi"
--- a/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-pax1800-v2.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-pax1800-v2.dts
@@ -0,0 +1,18 @@
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "../../../arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v2.dts"
 #include "qcom-ipq6018.dtsi"
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-indio-um-310ax-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-indio-um-310ax-v1.dts
@@ -0,0 +1,379 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 /dts-v1/;
 #include "qcom-ipq6018.dtsi"
 #include "qcom-ipq6018-rpm-regulator.dtsi"
 #include "qcom-ipq6018-cpr-regulator.dtsi"
 #include "qcom-ipq6018-cp-cpu.dtsi"
 #include <dt-bindings/input/input.h>
 #include <dt-bindings/gpio/gpio.h>
 / {
 	model = "Indio UM-310AX V1";
 	compatible = "indio,um-310ax-v1", "qcom,ipq6018-cp03", "qcom,ipq6018";
 	#address-cells = <0x2>;
 	#size-cells = <0x2>;
 	interrupt-parent = <&intc>;
 	aliases {
 		/* Aliases as required by u-boot to patch MAC addresses */
 		ethernet0 = "/soc/dp2";
 		ethernet1 = "/soc/dp1";
 		serial0 = &blsp1_uart3;
 		serial1 = &blsp1_uart2;
 		led-boot = &led_system;
 		led-failsafe = &led_system;
 		led-running = &led_system;
 		led-upgrade = &led_system;
 	};
 	chosen {
 		bootargs = "console=ttyMSM0,115200,n8 rw init=/init";
 		bootargs-append = " swiotlb=1 coherent_pool=2M";
 	};
 /* TZAPP is enabled only in default memory profile */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 	reserved-memory {
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 	};
 #endif
 };
 &tlmm {
 	uart_pins: uart_pins {
 		mux {
 			pins = "gpio44", "gpio45";
 			function = "blsp2_uart";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	spi_0_pins: spi_0_pins {
 		mux {
 			pins = "gpio38", "gpio39", "gpio40", "gpio41";
 			function = "blsp0_spi";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	qpic_pins: qpic_pins {
 		data_0 {
 			pins = "gpio15";
 			function = "qpic_pad0";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_1 {
 			pins = "gpio12";
 			function = "qpic_pad1";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_2 {
 			pins = "gpio13";
 			function = "qpic_pad2";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_3 {
 			pins = "gpio14";
 			function = "qpic_pad3";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_4 {
 			pins = "gpio5";
 			function = "qpic_pad4";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_5 {
 			pins = "gpio6";
 			function = "qpic_pad5";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_6 {
 			pins = "gpio7";
 			function = "qpic_pad6";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_7 {
 			pins = "gpio8";
 			function = "qpic_pad7";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		qpic_pad {
 			pins = "gpio1",  "gpio3",  "gpio4",
 			       "gpio10", "gpio11", "gpio17";
 			function = "qpic_pad";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	button_pins: button_pins {
 		rst_button {
 			pins = "gpio19";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 	};
 	mdio_pins: mdio_pinmux {
 		mux_0 {
 			pins = "gpio64";
 			function = "mdc";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_1 {
 			pins = "gpio65";
 			function = "mdio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_2 {
 			pins = "gpio75";
 			function = "gpio";
 			bias-pull-up;
 		};
 	};
 	modem_power_pins {
 		mux {
 			pins = "gpio27";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 			output-high;
 		};
 	};
 	leds_pins: leds_pins {
 		led_blue {
 			pins = "gpio35";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 		led_green {
 			pins = "gpio37";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 		led_red {
 			pins = "gpio32";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 	};
 };
 &soc {
 	mdio: mdio@90000 {
 		status = "ok";
 		pinctrl-0 = <&mdio_pins>;
 		pinctrl-names = "default";
 		phy-reset-gpio = <&tlmm 75 0>;
 		ethernet-phy@0 {
 			reg = <0x03>;
 		};
 		ethernet-phy@1 {
 			reg = <0x04>;
 		};
 	};
 	ess-switch@3a000000 {
 		switch_cpu_bmp =   <0x01>; /* cpu port bitmap */
 		switch_lan_bmp =   <0x10>; /* lan port bitmap */
 		switch_wan_bmp =   <0x20>; /* wan port bitmap */
 		switch_inner_bmp = <0x80>; /*inner port bitmap*/
 		switch_mac_mode =  <0x00>; /* mac mode for uniphy instance0*/
 		switch_mac_mode1 = <0xff>; /* mac mode for uniphy instance1*/
 		switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
 		qcom,port_phyinfo {
 			port@3 {
 				port_id = <0x04>;
 				phy_address = <0x03>;
 			};
 			port@4 {
 				port_id = <0x05>;
 				phy_address = <0x04>;
 			};
 		};
 	};
 	dp1 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x04>;
 		reg = <0x3a001600 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x03>;
 		phy-mode = "sgmii";
 	};
 	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x05>;
 		reg = <0x3a001800 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x04>;
 		phy-mode = "sgmii";
 	};
 	gpio_keys {
 		compatible = "gpio-keys";
 		pinctrl-0 = <&button_pins>;
 		pinctrl-names = "default";
 		reset {
 			label = "reset";
 			linux,code = <KEY_RESTART>;
 			gpios = <&tlmm 19 GPIO_ACTIVE_LOW>;
 			linux,input-type = <1>;
 			debounce-interval = <60>;
 		};
 	};
 	leds {
 		compatible = "gpio-leds";
 		pinctrl-0 = <&leds_pins>;
 		pinctrl-names = "default";
 		led_system: system {
 			label = "green:system";
 			gpio = <&tlmm 37 GPIO_ACTIVE_HIGH>;
 		};
 		wlan2g {
 			label = "blue:wlan2g";
 			gpio = <&tlmm 35 GPIO_ACTIVE_HIGH>;
 		};
 		wlan5g {
 			label = "red:wlan5g";
 			gpio = <&tlmm 32 GPIO_ACTIVE_HIGH>;
 		};
 	};
 };
 &blsp1_uart3 {
 	pinctrl-0 = <&uart_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &spi_0 {
 	pinctrl-0 = <&spi_0_pins>;
 	pinctrl-names = "default";
 	cs-select = <0>;
 	status = "ok";
 	m25p80@0 {
 		#address-cells = <1>;
 		#size-cells = <1>;
 		reg = <0>;
 		compatible = "n25q128a11";
 		linux,modalias = "m25p80", "n25q128a11";
 		spi-max-frequency = <50000000>;
 		use-default-sizes;
 	};
 };
 &qpic_bam {
 	status = "ok";
 };
 &nand {
 	pinctrl-0 = <&qpic_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &nss_crypto {
 	status = "ok";
 };
 &cpu0_opp_table {
 	compatible = "operating-points-v2";
 	opp-shared;
 	opp03 {
 		opp-hz = /bits/ 64 <1200000000>;
 		opp-microvolt = <3>;
 		clock-latency-ns = <200000>;
 	};
 	/delete-node/ opp04;
 	/delete-node/ opp05;
 	/delete-node/ opp06;
 };
 /* TZAPP is enabled in default memory profile only */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 &qseecom {
 	mem-start = <0x49B00000>;
 	mem-size = <0x600000>;
 	status = "ok";
 };
 #endif
 &ssphy_0 {
 	status = "ok";
 };
 &qusb_phy_0 {
 	status = "ok";
 };
 &qusb_phy_1 {
 	status = "ok";
 };
 &usb2 {
 	status = "ok";
 };
 &usb3 {
 	status = "ok";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-indio-um-510axm-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-indio-um-510axm-v1.dts
@@ -0,0 +1,379 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 /dts-v1/;
 #include "qcom-ipq6018.dtsi"
 #include "qcom-ipq6018-rpm-regulator.dtsi"
 #include "qcom-ipq6018-cpr-regulator.dtsi"
 #include "qcom-ipq6018-cp-cpu.dtsi"
 #include <dt-bindings/input/input.h>
 #include <dt-bindings/gpio/gpio.h>
 / {
 	model = "Indio UM-510AXM V1";
 	compatible = "indio,um-510axm-v1", "qcom,ipq6018-cp03", "qcom,ipq6018";
 	#address-cells = <0x2>;
 	#size-cells = <0x2>;
 	interrupt-parent = <&intc>;
 	aliases {
 		/* Aliases as required by u-boot to patch MAC addresses */
 		ethernet0 = "/soc/dp2";
 		ethernet1 = "/soc/dp1";
 		serial0 = &blsp1_uart3;
 		serial1 = &blsp1_uart2;
 		led-boot = &led_system;
 		led-failsafe = &led_system;
 		led-running = &led_system;
 		led-upgrade = &led_system;
 	};
 	chosen {
 		bootargs = "console=ttyMSM0,115200,n8 rw init=/init";
 		bootargs-append = " swiotlb=1 coherent_pool=2M";
 	};
 /* TZAPP is enabled only in default memory profile */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 	reserved-memory {
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 	};
 #endif
 };
 &tlmm {
 	uart_pins: uart_pins {
 		mux {
 			pins = "gpio44", "gpio45";
 			function = "blsp2_uart";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	spi_0_pins: spi_0_pins {
 		mux {
 			pins = "gpio38", "gpio39", "gpio40", "gpio41";
 			function = "blsp0_spi";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	qpic_pins: qpic_pins {
 		data_0 {
 			pins = "gpio15";
 			function = "qpic_pad0";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_1 {
 			pins = "gpio12";
 			function = "qpic_pad1";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_2 {
 			pins = "gpio13";
 			function = "qpic_pad2";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_3 {
 			pins = "gpio14";
 			function = "qpic_pad3";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_4 {
 			pins = "gpio5";
 			function = "qpic_pad4";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_5 {
 			pins = "gpio6";
 			function = "qpic_pad5";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_6 {
 			pins = "gpio7";
 			function = "qpic_pad6";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_7 {
 			pins = "gpio8";
 			function = "qpic_pad7";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		qpic_pad {
 			pins = "gpio1",  "gpio3",  "gpio4",
 			       "gpio10", "gpio11", "gpio17";
 			function = "qpic_pad";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	button_pins: button_pins {
 		rst_button {
 			pins = "gpio19";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 	};
 	mdio_pins: mdio_pinmux {
 		mux_0 {
 			pins = "gpio64";
 			function = "mdc";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_1 {
 			pins = "gpio65";
 			function = "mdio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_2 {
 			pins = "gpio75";
 			function = "gpio";
 			bias-pull-up;
 		};
 	};
 	modem_power_pins {
 		mux {
 			pins = "gpio27";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 			output-high;
 		};
 	};
 	leds_pins: leds_pins {
 		led_blue {
 			pins = "gpio35";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 		led_green {
 			pins = "gpio37";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 		led_red {
 			pins = "gpio32";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 	};
 };
 &soc {
 	mdio: mdio@90000 {
 		status = "ok";
 		pinctrl-0 = <&mdio_pins>;
 		pinctrl-names = "default";
 		phy-reset-gpio = <&tlmm 75 0>;
 		ethernet-phy@0 {
 			reg = <0x03>;
 		};
 		ethernet-phy@1 {
 			reg = <0x04>;
 		};
 	};
 	ess-switch@3a000000 {
 		switch_cpu_bmp =   <0x01>; /* cpu port bitmap */
 		switch_lan_bmp =   <0x10>; /* lan port bitmap */
 		switch_wan_bmp =   <0x20>; /* wan port bitmap */
 		switch_inner_bmp = <0x80>; /*inner port bitmap*/
 		switch_mac_mode =  <0x00>; /* mac mode for uniphy instance0*/
 		switch_mac_mode1 = <0xff>; /* mac mode for uniphy instance1*/
 		switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
 		qcom,port_phyinfo {
 			port@3 {
 				port_id = <0x04>;
 				phy_address = <0x03>;
 			};
 			port@4 {
 				port_id = <0x05>;
 				phy_address = <0x04>;
 			};
 		};
 	};
 	dp1 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x04>;
 		reg = <0x3a001600 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x03>;
 		phy-mode = "sgmii";
 	};
 	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x05>;
 		reg = <0x3a001800 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x04>;
 		phy-mode = "sgmii";
 	};
 	gpio_keys {
 		compatible = "gpio-keys";
 		pinctrl-0 = <&button_pins>;
 		pinctrl-names = "default";
 		reset {
 			label = "reset";
 			linux,code = <KEY_RESTART>;
 			gpios = <&tlmm 19 GPIO_ACTIVE_LOW>;
 			linux,input-type = <1>;
 			debounce-interval = <60>;
 		};
 	};
 	leds {
 		compatible = "gpio-leds";
 		pinctrl-0 = <&leds_pins>;
 		pinctrl-names = "default";
 		led_system: system {
 			label = "green:system";
 			gpio = <&tlmm 37 GPIO_ACTIVE_HIGH>;
 		};
 		wlan2g {
 			label = "blue:wlan2g";
 			gpio = <&tlmm 35 GPIO_ACTIVE_HIGH>;
 		};
 		wlan5g {
 			label = "red:wlan5g";
 			gpio = <&tlmm 32 GPIO_ACTIVE_HIGH>;
 		};
 	};
 };
 &blsp1_uart3 {
 	pinctrl-0 = <&uart_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &spi_0 {
 	pinctrl-0 = <&spi_0_pins>;
 	pinctrl-names = "default";
 	cs-select = <0>;
 	status = "ok";
 	m25p80@0 {
 		#address-cells = <1>;
 		#size-cells = <1>;
 		reg = <0>;
 		compatible = "n25q128a11";
 		linux,modalias = "m25p80", "n25q128a11";
 		spi-max-frequency = <50000000>;
 		use-default-sizes;
 	};
 };
 &qpic_bam {
 	status = "ok";
 };
 &nand {
 	pinctrl-0 = <&qpic_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &nss_crypto {
 	status = "ok";
 };
 &cpu0_opp_table {
 	compatible = "operating-points-v2";
 	opp-shared;
 	opp03 {
 		opp-hz = /bits/ 64 <1200000000>;
 		opp-microvolt = <3>;
 		clock-latency-ns = <200000>;
 	};
 	/delete-node/ opp04;
 	/delete-node/ opp05;
 	/delete-node/ opp06;
 };
 /* TZAPP is enabled in default memory profile only */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 &qseecom {
 	mem-start = <0x49B00000>;
 	mem-size = <0x600000>;
 	status = "ok";
 };
 #endif
 &ssphy_0 {
 	status = "ok";
 };
 &qusb_phy_0 {
 	status = "ok";
 };
 &qusb_phy_1 {
 	status = "ok";
 };
 &usb2 {
 	status = "ok";
 };
 &usb3 {
 	status = "ok";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-indio-um-510axp-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-indio-um-510axp-v1.dts
@@ -0,0 +1,379 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 /dts-v1/;
 #include "qcom-ipq6018.dtsi"
 #include "qcom-ipq6018-rpm-regulator.dtsi"
 #include "qcom-ipq6018-cpr-regulator.dtsi"
 #include "qcom-ipq6018-cp-cpu.dtsi"
 #include <dt-bindings/input/input.h>
 #include <dt-bindings/gpio/gpio.h>
 / {
 	model = "Indio UM-510AXP V1";
 	compatible = "indio,um-510axp-v1", "qcom,ipq6018-cp03", "qcom,ipq6018";
 	#address-cells = <0x2>;
 	#size-cells = <0x2>;
 	interrupt-parent = <&intc>;
 	aliases {
 		/* Aliases as required by u-boot to patch MAC addresses */
 		ethernet0 = "/soc/dp2";
 		ethernet1 = "/soc/dp1";
 		serial0 = &blsp1_uart3;
 		serial1 = &blsp1_uart2;
 		led-boot = &led_system;
 		led-failsafe = &led_system;
 		led-running = &led_system;
 		led-upgrade = &led_system;
 	};
 	chosen {
 		bootargs = "console=ttyMSM0,115200,n8 rw init=/init";
 		bootargs-append = " swiotlb=1 coherent_pool=2M";
 	};
 /* TZAPP is enabled only in default memory profile */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 	reserved-memory {
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 	};
 #endif
 };
 &tlmm {
 	uart_pins: uart_pins {
 		mux {
 			pins = "gpio44", "gpio45";
 			function = "blsp2_uart";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	spi_0_pins: spi_0_pins {
 		mux {
 			pins = "gpio38", "gpio39", "gpio40", "gpio41";
 			function = "blsp0_spi";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	qpic_pins: qpic_pins {
 		data_0 {
 			pins = "gpio15";
 			function = "qpic_pad0";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_1 {
 			pins = "gpio12";
 			function = "qpic_pad1";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_2 {
 			pins = "gpio13";
 			function = "qpic_pad2";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_3 {
 			pins = "gpio14";
 			function = "qpic_pad3";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_4 {
 			pins = "gpio5";
 			function = "qpic_pad4";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_5 {
 			pins = "gpio6";
 			function = "qpic_pad5";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_6 {
 			pins = "gpio7";
 			function = "qpic_pad6";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		data_7 {
 			pins = "gpio8";
 			function = "qpic_pad7";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		qpic_pad {
 			pins = "gpio1",  "gpio3",  "gpio4",
 			       "gpio10", "gpio11", "gpio17";
 			function = "qpic_pad";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	button_pins: button_pins {
 		rst_button {
 			pins = "gpio19";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 	};
 	mdio_pins: mdio_pinmux {
 		mux_0 {
 			pins = "gpio64";
 			function = "mdc";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_1 {
 			pins = "gpio65";
 			function = "mdio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_2 {
 			pins = "gpio75";
 			function = "gpio";
 			bias-pull-up;
 		};
 	};
 	modem_power_pins {
 		mux {
 			pins = "gpio27";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 			output-high;
 		};
 	};
 	leds_pins: leds_pins {
 		led_blue {
 			pins = "gpio35";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 		led_green {
 			pins = "gpio37";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 		led_red {
 			pins = "gpio32";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 	};
 };
 &soc {
 	mdio: mdio@90000 {
 		status = "ok";
 		pinctrl-0 = <&mdio_pins>;
 		pinctrl-names = "default";
 		phy-reset-gpio = <&tlmm 75 0>;
 		ethernet-phy@0 {
 			reg = <0x03>;
 		};
 		ethernet-phy@1 {
 			reg = <0x04>;
 		};
 	};
 	ess-switch@3a000000 {
 		switch_cpu_bmp =   <0x01>; /* cpu port bitmap */
 		switch_lan_bmp =   <0x10>; /* lan port bitmap */
 		switch_wan_bmp =   <0x20>; /* wan port bitmap */
 		switch_inner_bmp = <0x80>; /*inner port bitmap*/
 		switch_mac_mode =  <0x00>; /* mac mode for uniphy instance0*/
 		switch_mac_mode1 = <0xff>; /* mac mode for uniphy instance1*/
 		switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
 		qcom,port_phyinfo {
 			port@3 {
 				port_id = <0x04>;
 				phy_address = <0x03>;
 			};
 			port@4 {
 				port_id = <0x05>;
 				phy_address = <0x04>;
 			};
 		};
 	};
 	dp1 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x04>;
 		reg = <0x3a001600 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x03>;
 		phy-mode = "sgmii";
 	};
 	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x05>;
 		reg = <0x3a001800 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x04>;
 		phy-mode = "sgmii";
 	};
 	gpio_keys {
 		compatible = "gpio-keys";
 		pinctrl-0 = <&button_pins>;
 		pinctrl-names = "default";
 		reset {
 			label = "reset";
 			linux,code = <KEY_RESTART>;
 			gpios = <&tlmm 19 GPIO_ACTIVE_LOW>;
 			linux,input-type = <1>;
 			debounce-interval = <60>;
 		};
 	};
 	leds {
 		compatible = "gpio-leds";
 		pinctrl-0 = <&leds_pins>;
 		pinctrl-names = "default";
 		led_system: system {
 			label = "green:system";
 			gpio = <&tlmm 37 GPIO_ACTIVE_HIGH>;
 		};
 		wlan2g {
 			label = "blue:wlan2g";
 			gpio = <&tlmm 35 GPIO_ACTIVE_HIGH>;
 		};
 		wlan5g {
 			label = "red:wlan5g";
 			gpio = <&tlmm 32 GPIO_ACTIVE_HIGH>;
 		};
 	};
 };
 &blsp1_uart3 {
 	pinctrl-0 = <&uart_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &spi_0 {
 	pinctrl-0 = <&spi_0_pins>;
 	pinctrl-names = "default";
 	cs-select = <0>;
 	status = "ok";
 	m25p80@0 {
 		#address-cells = <1>;
 		#size-cells = <1>;
 		reg = <0>;
 		compatible = "n25q128a11";
 		linux,modalias = "m25p80", "n25q128a11";
 		spi-max-frequency = <50000000>;
 		use-default-sizes;
 	};
 };
 &qpic_bam {
 	status = "ok";
 };
 &nand {
 	pinctrl-0 = <&qpic_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &nss_crypto {
 	status = "ok";
 };
 &cpu0_opp_table {
 	compatible = "operating-points-v2";
 	opp-shared;
 	opp03 {
 		opp-hz = /bits/ 64 <1200000000>;
 		opp-microvolt = <3>;
 		clock-latency-ns = <200000>;
 	};
 	/delete-node/ opp04;
 	/delete-node/ opp05;
 	/delete-node/ opp06;
 };
 /* TZAPP is enabled in default memory profile only */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 &qseecom {
 	mem-start = <0x49B00000>;
 	mem-size = <0x600000>;
 	status = "ok";
 };
 #endif
 &ssphy_0 {
 	status = "ok";
 };
 &qusb_phy_0 {
 	status = "ok";
 };
 &qusb_phy_1 {
 	status = "ok";
 };
 &usb2 {
 	status = "ok";
 };
 &usb3 {
 	status = "ok";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp01.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp01.dts
@@ -0,0 +1,23 @@
 /dts-v1/;
 /*
 * Copyright (c) 2022, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "qcom-ipq6018-meshpp-s618.dtsi"
 / {
 	model = "MeshPlusPlus, Inc. S618 CP01";
 	compatible = "meshpp,s618-cp01", "qcom,ipq6018-cp01", "qcom,ipq6018";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp03.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp03.dts
@@ -0,0 +1,23 @@
 /dts-v1/;
 /*
 * Copyright (c) 2022, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "qcom-ipq6018-meshpp-s618.dtsi"
 / {
 	model = "MeshPlusPlus, Inc. S618 CP01";
 	compatible = "meshpp,s618-cp03", "qcom,ipq6018-cp03", "qcom,ipq6018";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618.dtsi
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618.dtsi
@@ -0,0 +1,789 @@
 /*
 * Copyright (c) 2022, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "qcom-ipq6018.dtsi"
 #include <dt-bindings/input/input.h>
 / {
 	#address-cells = <0x2>;
 	#size-cells = <0x2>;
 	interrupt-parent = <&intc>;
 	qcom,msm-id = <0x1A5 0x0>;
 	aliases {
 		ethernet0 = "/soc/dp1";
 		ethernet1 = "/soc/dp2";
 		ethernet2 = "/soc/dp3";
 		ethernet3 = "/soc/dp4";
 		ethernet4 = "/soc/dp5";
 		led-boot = &led_green;
 		led-running = &led_blue;
 		led-upgrade = &led_red;
 	};
 	chosen {
 		bootargs = "console=ttyMSM0,115200,n8 rw init=/init";
 #ifdef __IPQ_MEM_PROFILE_256_MB__
                bootargs-append = " console=ttyMSM0,115200n8 panic=10 ubi.mtd=nand root=mtd:ubi_rootfs rootfstype=squashfs swiotlb=1 rootwait";
 #else
                bootargs-append = " console=ttyMSM0,115200n8 panic=10 ubi.mtd=nand root=mtd:ubi_rootfs rootfstype=squashfs swiotlb=1 coherent_pool=2M rootwait";
 #endif
 	};
 	/*
 	 * +=========+==============+========================+
 	 * |        |              |                         |
 	 * | Region | Start Offset |          Size           |
 	 * |        |              |                         |
 	 * +--------+--------------+-------------------------+
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * | Linux  |  0x41000000  |         139MB           |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * +--------+--------------+-------------------------+
 	 * | TZ App |  0x49B00000  |           6MB           |
 	 * +--------+--------------+-------------------------+
 	 *
 	 * From the available 145 MB for Linux in the first 256 MB,
 	 * we are reserving 6 MB for TZAPP.
 	 *
 	 * Refer arch/arm64/boot/dts/qcom/qcom-ipq6018-memory.dtsi
 	 * for memory layout.
 	 */
 /* TZAPP is enabled only in default memory profile */
 	reserved-memory {
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 #endif
 		qcn9000_pcie0@50200000 {
 			no-map;
 			reg = <0x0 0x50200000 0x0 0x03700000>;
 		};
 		mhi_region0: dma_pool0@53900000 {
 			compatible = "shared-dma-pool";
 			no-map;
 			reg = <0x0 0x53900000 0x0 0x01800000>;
 		};
 	};
 };
 &tlmm {
 	pinctrl-0 = <&sd_ldo_pins &generic_gpios &pcie_pins>;
 	pinctrl-names = "default";
 	uart_pins: uart_pins {
 		mux {
 			pins = "gpio44", "gpio45";
 			function = "blsp2_uart";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	sd_ldo_pins: sd_ldo_pins {
 		mux {
 			pins = "gpio66";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-disable;
 			output-low;
 		};
 	};
 	spi_0_pins: spi_0_pins {
 		mux {
 			pins = "gpio38", "gpio39", "gpio40", "gpio41";
 			function = "blsp0_spi";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	spi_1_pins: spi_1_pins {
 		mux {
 			pins = "gpio69", "gpio71", "gpio72";
 			function = "blsp1_spi";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		spi_cs {
 			pins = "gpio70";
 			function = "blsp1_spi";
 			drive-strength = <8>;
 			bias-disable;
 		};
 		quartz_interrupt {
 			pins = "gpio78";
 			function = "gpio";
 			input;
 			bias-disable;
 		};
 		quartz_reset {
 			pins = "gpio79";
 			function = "gpio";
 			output-low;
 			bias-disable;
 		};
 	};
 	button_pins: button_pins {
 		switch_button {
 			pins = "gpio9";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		reset_button {
 			pins = "gpio19";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 	};
 	mdio_pins: mdio_pinmux {
 		mux_0 {
 			pins = "gpio64";
 			function = "mdc";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_1 {
 			pins = "gpio65";
 			function = "mdio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_2 {
 			pins = "gpio75";
 			function = "gpio";
 			bias-pull-up;
 		};
 		mux_3 {
 			pins = "gpio77";
 			function = "gpio";
 			bias-pull-up;
 		};
 	};
 	leds_pins: leds_pins {
 		led_5g {
 			pins = "gpio35";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		led_2g {
 			pins = "gpio37";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		m2_1_regulator {
 			pins = "gpio29";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		m2_1_pwr_en {
 			pins = "gpio49";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		m2_1_reset_n {
 			pins = "gpio32";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		led_red: red {
 			pins = "gpio50";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		led_green: green {
 			pins = "gpio54";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		led_blue: blue {
 			pins = "gpio57";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	sd_pins: sd_pins {
 		mux_1 {
 			pins = "gpio62";
 			function = "sd_card";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_2 {
 			pins = "gpio23";
 			function = "gpio";
 			drive_strength = <8>;
 			bias-disable;
 			output-high;
 		};
 	};
 	extcon_usb_pins: extcon_usb_pins {
 		mux {
 			pins = "gpio26";
 			function = "gpio";
 			drive-strength = <2>;
 			bias-pull-down;
 		};
 	};
 	generic_gpios: generic_gpios {
 		gpio42 {
 			pins = "gpio42";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-disable;
 			output-high;
 		};
 	};
 	pcie_pins: pcie_pins {
 		pcie0_enable {
 			pins = "gpio34";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-disable;
 			output-high;
 		};
 	};
        i2c_2_pins: i2c_2_pins {
                mux {
                        pins = "gpio55", "gpio56";
                        function = "gpio";
                        drive-strength = <16>;
                        bias-pull-up;
                        input-enable;
                };
                mux_2 {
                        pins = "gpio48";
                        function = "gpio";
                        drive_strength = <16>;
                        output-high;
                };
                mux_3 {
                        pins = "gpio73";
                        function = "gpio";
                        drive-stength = <16>;
                        output-low;
                };
        };
 };
 &soc {
 	extcon_usb: extcon_usb {
 		pinctrl-0 = <&extcon_usb_pins>;
 		pinctrl-names = "default";
 		id-gpio = <&tlmm 26 GPIO_ACTIVE_LOW>;
 		status = "ok";
 	};
 	mdio0: mdio@90000 {
 		pinctrl-0 = <&mdio_pins>;
 		pinctrl-names = "default";
 		phy-reset-gpio = <&tlmm 75 0 &tlmm 77 1>;
 		status = "ok";
 		phy0: ethernet-phy@0 {
 			reg = <0>;
 		};
 		phy1: ethernet-phy@1 {
 			reg = <1>;
 		};
 		phy2: ethernet-phy@2 {
 			reg = <2>;
 		};
                phy3: ethernet-phy@3 {
                        reg = <3>;
                };
                phy4: ethernet-phy@4 {
                        reg = <4>;
                };
 	};
 	ess0: ess-switch@3a000000 {
 		switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
 		switch_lan_bmp = <0x1e>; /* lan port bitmap */
 		switch_wan_bmp = <0x20>; /* wan port bitmap */
 		switch_inner_bmp = <0xc0>; /*inner port bitmap*/
 		switch_mac_mode = <0x0>; /* mac mode for uniphy instance0*/
 		switch_mac_mode1 = <0xff>; /* mac mode for uniphy instance1*/
 		switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
 		qcom,port_phyinfo {
 			port@0 {
 				port_id = <1>;
 				phy_address = <0>;
 			};
 			port@1 {
 				port_id = <2>;
 				phy_address = <1>;
 			};
 			port@2 {
 				port_id = <3>;
 				phy_address = <2>;
 			};
 			port@3 {
 				port_id = <4>;
 				phy_address = <3>;
 			};
 			port@4 {
 				port_id = <5>;
 				phy_address = <4>;
 			};
 		};
 	};
 	dp1 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <1>;
 		reg = <0x3a001000 0x200>;
 		qcom,mactype = <0>;
 		local-mac-address = [000000000000];
 		qcom,link-poll = <1>;
 		qcom,phy-mdio-addr = <0>;
 		phy-mode = "sgmii";
 	};
 	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <2>;
 		reg = <0x3a001200 0x200>;
 		qcom,mactype = <0>;
 		local-mac-address = [000000000000];
 		qcom,link-poll = <1>;
 		qcom,phy-mdio-addr = <1>;
 		phy-mode = "sgmii";
 	};
 	dp3 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <3>;
 		reg = <0x3a001400 0x200>;
 		qcom,mactype = <0>;
 		local-mac-address = [000000000000];
 		qcom,link-poll = <1>;
 		qcom,phy-mdio-addr = <2>;
 		phy-mode = "sgmii";
 	};
 	dp4 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <4>;
 		reg = <0x3a001600 0x200>;
 		qcom,mactype = <0>;
 		local-mac-address = [000000000000];
 		qcom,link-poll = <1>;
 		qcom,phy-mdio-addr = <3>;
 		phy-mode = "sgmii";
 	};
 	dp5 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <5>;
 		reg = <0x3a001800 0x200>;
 		qcom,mactype = <0>;
 		local-mac-address = [000000000000];
 		qcom,link-poll = <1>;
 		qcom,phy-mdio-addr = <4>;
 		phy-mode = "sgmii";
 	};
 	leds {
 		compatible = "gpio-leds";
 		pinctrl-0 = <&leds_pins>;
 		pinctrl-names = "default";
 		led@29 {
 			label = "m2_1_regulator";
 			gpios = <&tlmm 29 GPIO_ACTIVE_HIGH>;
 			linux,default-trigger = "none";
 			default-state = "on";
 		};
 		led@49 {
 			label = "m2_1_pwr_en";
 			gpios = <&tlmm 49 GPIO_ACTIVE_HIGH>;
 			linux,default-trigger = "none";
 			default-state = "on";
 		};
 		led@32 {
 			label = "m2_1_reset_n";
 			gpios = <&tlmm 32 GPIO_ACTIVE_LOW>;
 			linux,default-trigger = "none";
 			default-state = "off";
 		};
 		led@50 {
 			label = "red";
 			gpios = <&tlmm 50 GPIO_ACTIVE_HIGH>;
 			linux,default-trigger = "none";
 			default-state = "on";
 		};
 		led@54 {
 			label = "green";
 			gpios = <&tlmm 54 GPIO_ACTIVE_HIGH>;
 			linux,default-trigger = "none";
 			default-state = "on";
 		};
 		led@57 {
 			label = "blue";
 			gpios = <&tlmm 57 GPIO_ACTIVE_HIGH>;
 			linux,default-trigger = "none";
 			default-state = "off";
 		};
 	};
 	gpio_keys {
 		compatible = "gpio-keys";
 		pinctrl-0 = <&button_pins>;
 		pinctrl-names = "default";
 		switch {
 			label = "switch";
 			linux,code = <KEY_WPS_BUTTON>;
 			gpios = <&tlmm 9 GPIO_ACTIVE_LOW>;
 			linux,input-type = <1>;
 			debounce-interval = <60>;
 		};
 		reset {
 			label = "reset";
 			linux,code = <KEY_RESTART>;
 			gpios = <&tlmm 18 GPIO_ACTIVE_LOW>;
 			linux,input-type = <1>;
 			debounce-interval = <60>;
 		};
 	};
 	i2c_2: i2c@0 { /* i2c gpio */
 		pinctrl-0 = <&i2c_2_pins>;
 	        pinctrl-names = "default";
 		compatible = "i2c-gpio";
 		gpios = <&tlmm 56 0>, <&tlmm 55 0>;
 		i2c-gpio,scl-open-drain;
 		i2c-gpio,delay-us = <7>;
 		#address-cells = <1>;
 		#size-cells = <0>;
 		status = "ok";
 	};
 	wifi3: wifi3@f00000 {
 		qcom,wlan-ramdump-dynamic = <0x400000>;
 		mhi,max-channels = <30>;
 		mhi,timeout = <10000>;
 		#address-cells = <1>;
 		#size-cells = <0>;
 		qrtr_node_id = <0x20>;
 		qca,auto-restart;
 #ifdef __IPQ_MEM_PROFILE_512_MB__
 	      /* QCN9000 tgt-mem-mode=1 layout - 30MB
 	       * +=========+==============+=========+
 	       * |  Region | Start Offset |   Size  |
 	       * +---------+--------------+---------+
 	       * | BASE    |  0x4E400000  |   20MB  |
 	       * +---------+--------------+---------+
 	       * | M3 Dump |  0x4F800000  |   1MB   |
 	       * +---------+--------------+---------+
 	       * |  Caldb  |  0x4FA00000  |   8MB   |
 	       * +==================================+
 	       */
 		base-addr = <0x4E400000>;
 		m3-dump-addr = <0x4F800000>;
 		qcom,caldb-addr = <0x4FA00000>;
 #else
 	      /* QCN9000 tgt-mem-mode=0 layout - 55MB
 	       * +=========+==============+=========+
 	       * |  Region | Start Offset |   Size  |
 	       * +---------+--------------+---------+
 	       * | BASE    |  0x50200000  |   45MB  |
 	       * +---------+--------------+---------+
 	       * | M3 Dump |  0x52F00000  |   1MB   |
 	       * +---------+--------------+---------+
 	       * |  Caldb  |  0x53100000  |   8MB   |
 	       * +==================================+
 	       */
 		base-addr = <0x50200000>;
 		m3-dump-addr = <0x52F00000>;
 		qcom,caldb-addr = <0x53100000>;
 #endif
 		status = "ok";
 		mhi_channels {
 			mhi_chan@0 {
 				reg = <0>;
 				label = "LOOPBACK";
 				mhi,num-elements = <32>;
 				mhi,event-ring = <1>;
 				mhi,chan-dir = <1>;
 				mhi,data-type = <0>;
 				mhi,doorbell-mode = <2>;
 				mhi,ee = <0x14>;
 			};
 			mhi_chan@1 {
 				reg = <1>;
 				label = "LOOPBACK";
 				mhi,num-elements = <32>;
 				mhi,event-ring = <1>;
 				mhi,chan-dir = <2>;
 				mhi,data-type = <0>;
 				mhi,doorbell-mode = <2>;
 				mhi,ee = <0x14>;
 			};
 			mhi_chan@4 {
 				reg = <4>;
 				label = "DIAG";
 				mhi,num-elements = <32>;
 				mhi,event-ring = <1>;
 				mhi,chan-dir = <1>;
 				mhi,data-type = <0>;
 				mhi,doorbell-mode = <2>;
 				mhi,ee = <0x14>;
 			};
 			mhi_chan@5 {
 				reg = <5>;
 				label = "DIAG";
 				mhi,num-elements = <32>;
 				mhi,event-ring = <1>;
 				mhi,chan-dir = <2>;
 				mhi,data-type = <0>;
 				mhi,doorbell-mode = <2>;
 				mhi,ee = <0x14>;
 			};
 			mhi_chan@20 {
 				reg = <20>;
 				label = "IPCR";
 				mhi,num-elements = <32>;
 				mhi,event-ring = <1>;
 				mhi,chan-dir = <1>;
 				mhi,data-type = <1>;
 				mhi,doorbell-mode = <2>;
 				mhi,ee = <0x14>;
 				mhi,auto-start;
 			};
 			mhi_chan@21 {
 				reg = <21>;
 				label = "IPCR";
 				mhi,num-elements = <32>;
 				mhi,event-ring = <1>;
 				mhi,chan-dir = <2>;
 				mhi,data-type = <0>;
 				mhi,doorbell-mode = <2>;
 				mhi,ee = <0x14>;
 				mhi,auto-queue;
 				mhi,auto-start;
 			};
 		};
 		mhi_events {
 			mhi_event@0 {
 				mhi,num-elements = <32>;
 				mhi,intmod = <1>;
 				mhi,msi = <1>;
 				mhi,priority = <1>;
 				mhi,brstmode = <2>;
 				mhi,data-type = <1>;
 			};
 			mhi_event@1 {
 				mhi,num-elements = <256>;
 				mhi,intmod = <1>;
 				mhi,msi = <2>;
 				mhi,priority = <1>;
 				mhi,brstmode = <2>;
 			};
 		};
 		mhi_devices {
 			mhi_qrtr {
 				mhi,chan = "IPCR";
 				qcom,net-id = <0>;
 			};
 		};
 	};
 };
 &blsp1_uart3 {
 	pinctrl-0 = <&uart_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &qpic_bam {
 	status = "ok";
 };
 &ssphy_0 {
 	status = "ok";
 };
 &qusb_phy_0 {
 	status = "ok";
 };
 &qusb_phy_1 {
 	status = "ok";
 };
 &usb2 {
 	status = "ok";
 };
 &usb3 {
 	status = "ok";
 };
 &nss_crypto {
 	status = "ok";
 };
 &CPU0 {
 	operating-points = <
 		/* kHz   uV (fixed) */
 		864000   1100000
 		1056000  1100000
 		1200000  1100000
 		1608000  1100000
 	>;
 	clock-latency = <200000>;
 };
 &CPU1 {
 	operating-points = <
 		/* kHz   uV (fixed) */
 		864000   1100000
 		1056000  1100000
 		1200000  1100000
 		1608000  1100000
 	>;
 	clock-latency = <200000>;
 };
 &CPU2 {
 	operating-points = <
 		/* kHz   uV (fixed) */
 		864000   1100000
 		1056000  1100000
 		1200000  1100000
 		1608000  1100000
 	>;
 	clock-latency = <200000>;
 };
 &CPU3 {
 	operating-points = <
 		/* kHz   uV (fixed) */
 		864000   1100000
 		1056000  1100000
 		1200000  1100000
 		1608000  1100000
 	>;
 	clock-latency = <200000>;
 };
 &wifi0 {
        qcom,board_id = <0x10>;
        status = "ok";
 };
 &pcie0 {
 	status = "ok";
 	pcie0_rp {
 		reg = <0 0 0 0 0>;
 		status = "ok";
 		mhi_0: qcom,mhi@0 {
 			reg = <0 0 0 0 0 >;
 			qrtr_instance_id = <0x20>;
 			qcom,board_id = <0xa4>;
 #if !defined(__IPQ_MEM_PROFILE_256_MB__)
 			memory-region = <&mhi_region0>;
 #endif
 		};
 	};
 };
 &pcie_phy {
        status = "ok";
 };
 &spi_0 {
 	pinctrl-0 = <&spi_0_pins>;
 	pinctrl-names = "default";
 	cs-select = <0>;
 	status = "ok";
 	m25p80@0 {
 		#address-cells = <1>;
 		#size-cells = <1>;
 		reg = <0>;
 		compatible = "n25q128a11";
 		linux,modalias = "m25p80", "n25q128a11";
 		spi-max-frequency = <50000000>;
 		use-default-sizes;
 	};
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v1.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v1.dts
@@ -0,0 +1,23 @@
 /dts-v1/;
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "qcom-ipq6018-pax1800.dtsi"
 / {
 	model = "Plasma Cloud PAX1800 v1";
 	compatible = "plasmacloud,pax1800-v1", "qcom,ipq6018-cp03", "qcom,ipq6018";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v2.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v2.dts
@@ -0,0 +1,23 @@
 /dts-v1/;
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "qcom-ipq6018-pax1800.dtsi"
 / {
 	model = "Plasma Cloud PAX1800 v2";
 	compatible = "plasmacloud,pax1800-v2", "qcom,ipq6018-cp03", "qcom,ipq6018";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800.dtsi
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800.dtsi
@@ -0,0 +1,315 @@
 /*
 * Copyright (c) 2019, The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "qcom-ipq6018.dtsi"
 #include "qcom-ipq6018-rpm-regulator.dtsi"
 #include "qcom-ipq6018-cpr-regulator.dtsi"
 #include "qcom-ipq6018-cp-cpu.dtsi"
 #include <dt-bindings/input/input.h>
 / {
 	#address-cells = <0x2>;
 	#size-cells = <0x2>;
 	interrupt-parent = <&intc>;
 	qcom,msm-id = <0x1A5 0x0>;
 	chosen {
 		bootargs = "console=ttyMSM0,115200,n8 rw init=/init";
 		bootargs-append = " swiotlb=1 coherent_pool=2M";
 	};
 	aliases {
 		serial0 = &blsp1_uart3;
 		/*
 		 * Aliases as required by u-boot
 		 * to patch MAC addresses
 		 */
 		ethernet0 = "/soc/dp1";
 		ethernet1 = "/soc/dp2";
 		led-boot = &led_status_green;
 		led-failsafe = &led_status_green;
 		led-running = &led_status_green;
 		led-upgrade = &led_status_green;
 		led-uplink = &led_status_blue;
 	};
 	gpio_keys {
 		compatible = "gpio-keys";
 		pinctrl-0 = <&button_pins>;
 		pinctrl-names = "default";
 		reset {
 			label = "reset";
 			linux,code = <KEY_RESTART>;
 			gpios = <&tlmm 24 GPIO_ACTIVE_LOW>;
 			linux,input-type = <1>;
 			debounce-interval = <60>;
 		};
 	};
 	leds {
 		compatible = "gpio-leds";
 		pinctrl-0 = <&leds_pins>;
 		pinctrl-names = "default";
 		status_red {
 			label = "red:status";
 			gpios = <&tlmm 25 GPIO_ACTIVE_HIGH>;
 			linux,default-trigger = "default-off";
 		};
 		led_status_green: status_green {
 			label = "green:status";
 			gpios = <&tlmm 35 GPIO_ACTIVE_HIGH>;
 		};
 		led_status_blue: status_blue {
 			label = "blue:status";
 			gpios = <&tlmm 37 GPIO_ACTIVE_HIGH>;
 			linux,default-trigger = "default-off";
 		};
 	};
 	watchdog {
 		compatible = "linux,wdt-gpio";
 		pinctrl-0 = <&watchdog_pins>;
 		pinctrl-names = "default";
 		gpios = <&tlmm 67 GPIO_ACTIVE_LOW>;
 		hw_algo = "toggle";
 		hw_margin_ms = <2000>;
 		always-running;
 	};
 	/*
 	 * +=========+==============+========================+
 	 * |        |              |                         |
 	 * | Region | Start Offset |          Size           |
 	 * |        |              |                         |
 	 * +--------+--------------+-------------------------+
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * | Linux  |  0x41000000  |         139MB           |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * |        |              |                         |
 	 * +--------+--------------+-------------------------+
 	 * | TZ App |  0x49B00000  |           6MB           |
 	 * +--------+--------------+-------------------------+
 	 *
 	 * From the available 145 MB for Linux in the first 256 MB,
 	 * we are reserving 6 MB for TZAPP.
 	 *
 	 * Refer arch/arm64/boot/dts/qcom/qcom-ipq6018-memory.dtsi
 	 * for memory layout.
 	 */
 /* TZAPP is enabled only in default memory profile */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 	reserved-memory {
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 	};
 #endif
 };
 &tlmm {
 	uart_pins: uart_pins {
 		mux {
 			pins = "gpio44", "gpio45";
 			function = "blsp2_uart";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	spi_0_pins: spi_0_pins {
 		mux {
 			pins = "gpio38", "gpio39", "gpio40", "gpio41";
 			function = "blsp0_spi";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	button_pins: button_pins {
 		reset_button {
 			pins = "gpio24";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 	};
 	mdio_pins: mdio_pinmux {
 		mux_0 {
 			pins = "gpio64";
 			function = "mdc";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_1 {
 			pins = "gpio65";
 			function = "mdio";
 			drive-strength = <8>;
 			bias-pull-up;
 		};
 		mux_2 {
 			pins = "gpio75";
 			function = "gpio";
 			bias-pull-up;
 		};
 	};
 	leds_pins: led_pinmux {
 		led_power_green {
 			pins = "gpio25";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		led_power_blue {
 			pins = "gpio35";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 		led_power_red {
 			pins = "gpio37";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 		};
 	};
 	watchdog_pins: watchdog_pinmux {
 		mux {
 			pins = "gpio67";
 			function = "gpio";
 			bias-none;
 			output-low;
 		};
 	};
 };
 &soc {
 	mdio@90000 {
 		pinctrl-0 = <&mdio_pins>;
 		pinctrl-names = "default";
 		phy-reset-gpio = <&tlmm 75 0>;
 		status = "ok";
 		phy0: ethernet-phy@0 {
 			reg = <3>;
 		};
 		phy1: ethernet-phy@1 {
 			reg = <4>;
 		};
 	};
 	ess-switch@3a000000 {
 		switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
 		switch_lan_bmp = <0x08>; /* lan port bitmap */
 		switch_wan_bmp = <0x10>; /* wan port bitmap */
 		switch_inner_bmp = <0xc0>; /*inner port bitmap*/
 		switch_mac_mode = <0x0>; /* mac mode for uniphy instance0*/
 		switch_mac_mode1 = <0xff>; /* mac mode for uniphy instance1*/
 		switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
 		qcom,port_phyinfo {
 			port@3 {
 				port_id = <3>;
 				phy_address = <4>;
 			};
 			port@4 {
 				port_id = <4>;
 				phy_address = <3>;
 			};
 		};
 	};
 	dp1 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <3>;
 		reg = <0x3a001400 0x200>;
 		qcom,mactype = <0>;
 		local-mac-address = [000000000000];
 		qcom,link-poll = <1>;
 		qcom,phy-mdio-addr = <4>;
 		phy-mode = "sgmii";
 	};
 	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <4>;
 		reg = <0x3a001600 0x200>;
 		qcom,mactype = <0>;
 		local-mac-address = [000000000000];
 		qcom,link-poll = <1>;
 		qcom,phy-mdio-addr = <3>;
 		phy-mode = "sgmii";
 	};
 };
 &blsp1_uart3 {
 	pinctrl-0 = <&uart_pins>;
 	pinctrl-names = "default";
 	status = "ok";
 };
 &spi_0 {
 	pinctrl-0 = <&spi_0_pins>;
 	pinctrl-names = "default";
 	cs-select = <0>;
 	status = "ok";
 	m25p80@0 {
 		#address-cells = <1>;
 		#size-cells = <1>;
 		reg = <0>;
 		compatible = "n25q128a11";
 		linux,modalias = "m25p80", "n25q128a11";
 		spi-max-frequency = <50000000>;
 		use-default-sizes;
 	};
 };
 &qpic_bam {
 	status = "ok";
 };
 &nss_crypto {
 	status = "ok";
 };
 /* TZAPP is enabled in default memory profile only */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 &qseecom {
 	mem-start = <0x49B00000>;
 	mem-size = <0x600000>;
 	status = "ok";
 };
 #endif
 &wifi0 {
 	status = "okay";
 	qcom,ath11k-calibration-variant = "PlasmaCloud-PAX1800";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-wallys-dr6018-v4.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-wallys-dr6018-v4.dts
@@ -82,14 +82,24 @@
 	 */
 /* TZAPP is enabled only in default memory profile */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 	reserved-memory {
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 	};
 #endif
 		qcn9000_pcie0@50200000 {
 			no-map;
 			reg = <0x0 0x50200000 0x0 0x02D00000>;
 		};
 		mhi_region0: dma_pool0@52f00000 {
 			compatible = "shared-dma-pool";
 			no-map;
 			reg = <0x0 0x52F00000 0x0 0x01800000>;
 		};
 	};
 };
 &tlmm {
@@ -490,3 +500,49 @@
 	//vqmmc-supply = <&ipq6018_l2_corner>;
 	status = "ok";
 };
 &wifi1 {
 	base-addr = <0x50200000>;
 	m3-dump-addr = <0x52500000>;
 	etr-addr = <0x52600000>;
 	caldb-addr = <0x52700000>;
 	hremote-size = <0x2300000>;
 	tgt-mem-mode = <0x0>;
 	board_id = <0xa4>;
 	caldb-size = <0x800000>;
 	status = "ok";
 };
 &pcie0 {
 	status = "ok";
 	interrupts = <0 52 0>, <0 416 0>, <0 417 0>,
                     <0 418 0>, <0 419 0>, <0 420 0>,
                     <0 421 0>, <0 422 0>, <0 423 0>,
                     <0 424 0>, <0 425 0>, <0 426 0>,
                     <0 427 0>, <0 428 0>, <0 429 0>,
                     <0 430 0>, <0 431 0>;
        interrupt-names = "msi", "msi_0", "msi_1",
                          "msi_2", "msi_3", "msi_4",
                          "msi_5", "msi_6", "msi_7",
                          "msi_8", "msi_9", "msi_10",
                          "msi_11", "msi_12", "msi_13",
                          "msi_14", "msi_15";
        qcom,msi-gicm-addr = <0x0B00A040>;
        qcom,msi-gicm-base = <0x1c0>;
 };
 &pcie0_rp {
        status = "ok";
        mhi_0: qcom,mhi@0 {
                reg = <0 0 0 0 0 >;
                qrtr_instance_id = <0x20>;
                memory-region = <&mhi_region0>;
        };
 };
 &pcie_phy {
        status = "ok";
 };
--- a/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-yuncore-ax840.dts
+++ b/feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-yuncore-ax840.dts
@@ -35,12 +35,15 @@
 		bootargs-append = " swiotlb=1 coherent_pool=2M";
 	};
 /* TZAPP is enabled only in default memory profile */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 	reserved-memory {
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 	};
 #endif
 };
 &tlmm {
@@ -159,6 +162,16 @@
 		};
 	};
 	modem_power_pins {
 		mux {
 			pins = "gpio27";
 			function = "gpio";
 			drive-strength = <8>;
 			bias-pull-down;
 			output-high;
 		};
 	};
 	leds_pins: leds_pins {
 		led_blue {
 			pins = "gpio35";
@@ -223,18 +236,6 @@
 	};
 	dp1 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x05>;
 		reg = <0x3a001800 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x04>;
 		phy-mode = "sgmii";
 	};
 	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x04>;
@@ -246,6 +247,18 @@
 		phy-mode = "sgmii";
 	};
 	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x05>;
 		reg = <0x3a001800 0x200>;
 		qcom,mactype = <0x00>;
 		local-mac-address = [00 00 00 00 00 00];
 		qcom,link-poll = <0x01>;
 		qcom,phy-mdio-addr = <0x04>;
 		phy-mode = "sgmii";
 	};
 	gpio_keys {
 		compatible = "gpio-keys";
@@ -268,17 +281,17 @@
 		pinctrl-names = "default";
 		led_system: system {
-			label = "ax860:green:system";
+			label = "green:system";
 			gpio = <&tlmm 37 GPIO_ACTIVE_HIGH>;
 		};
 		wlan2g {
-			label = "ax860:blue:wlan2g";
+			label = "blue:wlan2g";
 			gpio = <&tlmm 35 GPIO_ACTIVE_HIGH>;
 		};
 		wlan5g {
-			label = "ax860:red:wlan5g";
+			label = "red:wlan5g";
 			gpio = <&tlmm 32 GPIO_ACTIVE_HIGH>;
 		};
 	};
@@ -336,8 +349,31 @@
 	/delete-node/ opp06;
 };
 /* TZAPP is enabled in default memory profile only */
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 &qseecom {
 	mem-start = <0x49B00000>;
 	mem-size = <0x600000>;
 	status = "ok";
 };
 #endif
 &ssphy_0 {
 	status = "ok";
 };
 &qusb_phy_0 {
 	status = "ok";
 };
 &qusb_phy_1 {
 	status = "ok";
 };
 &usb2 {
 	status = "ok";
 };
 &usb3 {
 	status = "ok";
 };
--- a/feeds/ipq807x/ipq807x/image/ipq60xx.mk
+++ b/feeds/ipq807x/ipq807x/image/ipq60xx.mk
@@ -1,5 +1,7 @@
 KERNEL_LOADADDR := 0x41008000
 DEVICE_VARS += CE_TYPE
 define Device/cig_wf188n
  DEVICE_TITLE := Cigtech WF-188n
  DEVICE_DTS := qcom-ipq6018-cig-wf188n
@@ -23,7 +25,7 @@ define Device/hfcl_ion4xi
  DEVICE_DTS := qcom-ipq6018-hfcl-ion4xi
  DEVICE_DTS_CONFIG := config@cp01-c1
  SUPPORTED_DEVICES := hfcl,ion4xi
-  DEVICE_PACKAGES := ath11k-wifi-qcom-ipq6018 uboot-envtools
+  DEVICE_PACKAGES := ath11k-wifi-hfcl-ion4xi uboot-envtools
 endef
 TARGET_DEVICES += hfcl_ion4xi
@@ -36,6 +38,33 @@ define Device/edgecore_eap101
 endef
 TARGET_DEVICES += edgecore_eap101
 define Device/indio_um-310ax-v1
  DEVICE_TITLE := Indio UM-310AX V1
  DEVICE_DTS := qcom-ipq6018-indio-um-310ax-v1
  DEVICE_DTS_CONFIG := config@cp03-c1
  SUPPORTED_DEVICES := indio,um-310ax-v1
  DEVICE_PACKAGES := ath11k-wifi-indio-um-310ax-v1 uboot-env
 endef
 TARGET_DEVICES += indio_um-310ax-v1
 define Device/indio_um-510axp-v1
  DEVICE_TITLE := Indio UM-510AXP V1
  DEVICE_DTS := qcom-ipq6018-indio-um-510axp-v1
  DEVICE_DTS_CONFIG := config@cp03-c1
  SUPPORTED_DEVICES := indio,um-510axp-v1
  DEVICE_PACKAGES := ath11k-wifi-indio-um-510axp-v1 uboot-env
 endef
 TARGET_DEVICES += indio_um-510axp-v1
 define Device/indio_um-510axm-v1
  DEVICE_TITLE := Indio UM-510AXM V1
  DEVICE_DTS := qcom-ipq6018-indio-um-510axm-v1
  DEVICE_DTS_CONFIG := config@cp03-c1
  SUPPORTED_DEVICES := indio,um-510axm-v1
  DEVICE_PACKAGES := ath11k-wifi-indio-um-510axm-v1 uboot-env
 endef
 TARGET_DEVICES += indio_um-510axm-v1
 define Device/wallys_dr6018
  DEVICE_TITLE := Wallys DR6018
  DEVICE_DTS := qcom-ipq6018-wallys-dr6018
@@ -50,7 +79,7 @@ define Device/wallys_dr6018_v4
  DEVICE_DTS := qcom-ipq6018-wallys-dr6018-v4
  DEVICE_DTS_CONFIG := config@cp01-c4
  SUPPORTED_DEVICES := wallys,dr6018-v4
-  DEVICE_PACKAGES := ath11k-wifi-wallys-dr6018-v4 uboot-envtools
+  DEVICE_PACKAGES := ath11k-wifi-wallys-dr6018-v4 uboot-envtools ath11k-firmware-qcn9000
 endef
 TARGET_DEVICES += wallys_dr6018_v4
@@ -88,3 +117,53 @@ define Device/yuncore_ax840
  DEVICE_PACKAGES := ath11k-wifi-yuncore-ax840 uboot-env
 endef
 TARGET_DEVICES += yuncore_ax840
 define Device/plasmacloud_common_64k
  DEVICE_PACKAGES := uboot-envtools
  CE_TYPE :=
  BLOCKSIZE := 64k
  IMAGES := sysupgrade.tar factory.bin
  IMAGE/factory.bin := append-rootfs | pad-rootfs | openmesh-image ce_type=$$$$(CE_TYPE)
  IMAGE/sysupgrade.tar := append-rootfs | pad-rootfs | sysupgrade-tar rootfs=$$$$@ | append-metadata
  KERNEL += | pad-to $$(BLOCKSIZE)
 endef
 define Device/plasmacloud_pax1800-v1
  $(Device/plasmacloud_common_64k)
  DEVICE_TITLE := Plasma Cloud PAX1800 v1
  DEVICE_DTS := qcom-ipq6018-pax1800-v1
  SUPPORTED_DEVICES := plasmacloud,pax1800-v1
  DEVICE_DTS_CONFIG := config@cp03-c1
  CE_TYPE := PAX1800
  DEVICE_PACKAGES += ath11k-wifi-plasmacloud-pax1800
 endef
 TARGET_DEVICES += plasmacloud_pax1800-v1
 define Device/plasmacloud_pax1800-v2
  $(Device/plasmacloud_common_64k)
  DEVICE_TITLE := Plasma Cloud PAX1800 v2
  DEVICE_DTS := qcom-ipq6018-pax1800-v2
  SUPPORTED_DEVICES := plasmacloud,pax1800-v2
  DEVICE_DTS_CONFIG := config@plasmacloud.pax1800v2
  CE_TYPE := PAX1800v2
  DEVICE_PACKAGES += ath11k-wifi-plasmacloud-pax1800
 endef
 TARGET_DEVICES += plasmacloud_pax1800-v2
 define Device/meshpp_s618_cp03
  DEVICE_TITLE := S618 cp03
  DEVICE_DTS := qcom-ipq6018-meshpp-s618-cp03
  SUPPORTED_DEVICES := meshpp,s618-cp03
  DEVICE_DTS_CONFIG := config@cp03-c1
  DEVICE_PACKAGES := ath11k-wifi-meshpp-s618 -kmod-usb-dwc3-of-simple kmod-usb-dwc3-qcom kmod-usb3
 endef
 TARGET_DEVICES += meshpp_s618_cp03
 define Device/meshpp_s618_cp01
  DEVICE_TITLE := S618 cp01
  DEVICE_DTS := qcom-ipq6018-meshpp-s618-cp01
  SUPPORTED_DEVICES := meshpp,s618-cp01
  DEVICE_DTS_CONFIG := config@cp01-c1
  DEVICE_PACKAGES := ath11k-wifi-meshpp-s618 -kmod-usb-dwc3-of-simple kmod-usb-dwc3-qcom kmod-usb3
 endef
 TARGET_DEVICES += meshpp_s618_cp01
--- a/feeds/ipq807x/ipq807x/patches/200-bpf_backport.patch
+++ b/feeds/ipq807x/ipq807x/patches/200-bpf_backport.patch
@@ -32856,7 +32856,7 @@
 +
 +	new_range = dst_reg->off;
 +	if (range_right_open)
-+		new_range--;
+		new_range++;
 +
 +	/* Examples for register markings:
 +	 *
--- a/feeds/ipq807x/ipq807x/patches/224-clear-skbuffs-cb-for-incoming-packets.patch
+++ b/feeds/ipq807x/ipq807x/patches/224-clear-skbuffs-cb-for-incoming-packets.patch
@@ -0,0 +1,30 @@
 From a0d398a7373b395a2cbdc865815560671d1e8a08 Mon Sep 17 00:00:00 2001
 From: Venkat Chimata <venkata@shasta.cloud>
 Date: Fri, 12 Aug 2022 15:42:40 +0530
 Subject: [PATCH] sk_buff's cb should be cleared in the entry point for both
 incoming and outgoing packets at each layer. At bridge, it is already handled
 in the outgoing path, but not in the incoming path. We have seen cases where
 proxyarp_replied was 1 on sk_buffs coming from the WLAN driver and they were
 getting dropped in forwarding path.
 Signed-off-by: Venkat Chimata <venkata@shasta.cloud>
 ---
 net/bridge/br_input.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
 index e6b745b7..09cd5b72 100644
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
@@ -282,6 +282,8 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
 	if (!skb)
 		return RX_HANDLER_CONSUMED;
 +	memset(skb->cb, 0, sizeof(struct br_input_skb_cb));
 +
 	p = br_port_get_rcu(skb->dev);
 	if (unlikely(is_link_local_ether_addr(dest))) {
 -- 
 2.34.1
--- a/feeds/ipq807x/ipq807x/patches/230-ipv4-route-Ignore-output-interface-in-FIB-lookup-for.patch
+++ b/feeds/ipq807x/ipq807x/patches/230-ipv4-route-Ignore-output-interface-in-FIB-lookup-for.patch
@@ -0,0 +1,72 @@
 From: Stefano Brivio <sbrivio@redhat.com>
 Date: Tue, 4 Aug 2020 07:53:42 +0200
 Subject: [PATCH] ipv4: route: Ignore output interface in FIB lookup for PMTU
 route
 Currently, processes sending traffic to a local bridge with an
 encapsulation device as a port don't get ICMP errors if they exceed
 the PMTU of the encapsulated link.
 David Ahern suggested this as a hack, but it actually looks like
 the correct solution: when we update the PMTU for a given destination
 by means of updating or creating a route exception, the encapsulation
 might trigger this because of PMTU discovery happening either on the
 encapsulation device itself, or its lower layer. This happens on
 bridged encapsulations only.
 The output interface shouldn't matter, because we already have a
 valid destination. Drop the output interface restriction from the
 associated route lookup.
 For UDP tunnels, we will now have a route exception created for the
 encapsulation itself, with a MTU value reflecting its headroom, which
 allows a bridge forwarding IP packets originated locally to deliver
 errors back to the sending socket.
 The behaviour is now consistent with IPv6 and verified with selftests
 pmtu_ipv{4,6}_br_{geneve,vxlan}{4,6}_exception introduced later in
 this series.
 v2:
 - reset output interface only for bridge ports (David Ahern)
 - add and use netif_is_any_bridge_port() helper (David Ahern)
 Suggested-by: David Ahern <dsahern@gmail.com>
 Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 Reviewed-by: David Ahern <dsahern@gmail.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
@@ -4015,6 +4015,16 @@ static inline bool netif_is_ovs_master(c
 	return dev->priv_flags & IFF_OPENVSWITCH;
 }
 +static inline bool netif_is_ovs_port(const struct net_device *dev)
 +{
 +	return dev->priv_flags & IFF_OVS_DATAPATH;
 +}
 +
 +static inline bool netif_is_any_bridge_port(const struct net_device *dev)
 +{
 +	return netif_is_bridge_port(dev) || netif_is_ovs_port(dev);
 +}
 +
 static inline bool netif_is_ifb_dev(const struct net_device *dev)
 {
 	return dev->priv_flags_ext & IFF_EXT_IFB;
 --- a/net/ipv4/route.c
 +++ b/net/ipv4/route.c
@@ -1004,6 +1004,11 @@ static void ip_rt_update_pmtu(struct dst
 	struct flowi4 fl4;
 	ip_rt_build_flow_key(&fl4, sk, skb);
 +
 +	/* Don't make lookup fail for bridged encapsulations */
 +	if (skb && netif_is_any_bridge_port(skb->dev))
 +		fl4.flowi4_oif = 0;
 +
 	__ip_rt_update_pmtu(rt, &fl4, mtu);
 }
--- a/feeds/ipq807x/ipq807x/patches/231-icmp-add-helpers-to-recognize-ICMP-error-packets.patch
+++ b/feeds/ipq807x/ipq807x/patches/231-icmp-add-helpers-to-recognize-ICMP-error-packets.patch
@@ -0,0 +1,57 @@
 From: Matteo Croce <mcroce@redhat.com>
 Date: Sat, 2 Nov 2019 01:12:03 +0100
 Subject: [PATCH] icmp: add helpers to recognize ICMP error packets
 Add two helper functions, one for IPv4 and one for IPv6, to recognize
 the ICMP packets which are error responses.
 This packets are special because they have as payload the original
 header of the packet which generated it (RFC 792 says at least 8 bytes,
 but Linux actually includes much more than that).
 Signed-off-by: Matteo Croce <mcroce@redhat.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 --- a/include/linux/icmp.h
 +++ b/include/linux/icmp.h
@@ -24,4 +24,19 @@ static inline struct icmphdr *icmp_hdr(c
 {
 	return (struct icmphdr *)skb_transport_header(skb);
 }
 +
 +static inline bool icmp_is_err(int type)
 +{
 +	switch (type) {
 +	case ICMP_DEST_UNREACH:
 +	case ICMP_SOURCE_QUENCH:
 +	case ICMP_REDIRECT:
 +	case ICMP_TIME_EXCEEDED:
 +	case ICMP_PARAMETERPROB:
 +		return true;
 +	}
 +
 +	return false;
 +}
 +
 #endif	/* _LINUX_ICMP_H */
 --- a/include/linux/icmpv6.h
 +++ b/include/linux/icmpv6.h
@@ -42,4 +42,18 @@ extern void				icmpv6_flow_init(struct s
 							 const struct in6_addr *saddr,
 							 const struct in6_addr *daddr,
 							 int oif);
 +
 +static inline bool icmpv6_is_err(int type)
 +{
 +	switch (type) {
 +	case ICMPV6_DEST_UNREACH:
 +	case ICMPV6_PKT_TOOBIG:
 +	case ICMPV6_TIME_EXCEED:
 +	case ICMPV6_PARAMPROB:
 +		return true;
 +	}
 +
 +	return false;
 +}
 +
 #endif
--- a/feeds/ipq807x/ipq807x/patches/232-tunnels-PMTU-discovery-support-for-directly-bridged-.patch
+++ b/feeds/ipq807x/ipq807x/patches/232-tunnels-PMTU-discovery-support-for-directly-bridged-.patch
@@ -0,0 +1,360 @@
 From: Stefano Brivio <sbrivio@redhat.com>
 Date: Tue, 4 Aug 2020 07:53:43 +0200
 Subject: [PATCH] tunnels: PMTU discovery support for directly bridged IP
 packets
 It's currently possible to bridge Ethernet tunnels carrying IP
 packets directly to external interfaces without assigning them
 addresses and routes on the bridged network itself: this is the case
 for UDP tunnels bridged with a standard bridge or by Open vSwitch.
 PMTU discovery is currently broken with those configurations, because
 the encapsulation effectively decreases the MTU of the link, and
 while we are able to account for this using PMTU discovery on the
 lower layer, we don't have a way to relay ICMP or ICMPv6 messages
 needed by the sender, because we don't have valid routes to it.
 On the other hand, as a tunnel endpoint, we can't fragment packets
 as a general approach: this is for instance clearly forbidden for
 VXLAN by RFC 7348, section 4.3:
   VTEPs MUST NOT fragment VXLAN packets.  Intermediate routers may
   fragment encapsulated VXLAN packets due to the larger frame size.
   The destination VTEP MAY silently discard such VXLAN fragments.
 The same paragraph recommends that the MTU over the physical network
 accomodates for encapsulations, but this isn't a practical option for
 complex topologies, especially for typical Open vSwitch use cases.
 Further, it states that:
   Other techniques like Path MTU discovery (see [RFC1191] and
   [RFC1981]) MAY be used to address this requirement as well.
 Now, PMTU discovery already works for routed interfaces, we get
 route exceptions created by the encapsulation device as they receive
 ICMP Fragmentation Needed and ICMPv6 Packet Too Big messages, and
 we already rebuild those messages with the appropriate MTU and route
 them back to the sender.
 Add the missing bits for bridged cases:
 - checks in skb_tunnel_check_pmtu() to understand if it's appropriate
  to trigger a reply according to RFC 1122 section 3.2.2 for ICMP and
  RFC 4443 section 2.4 for ICMPv6. This function is already called by
  UDP tunnels
 - a new function generating those ICMP or ICMPv6 replies. We can't
  reuse icmp_send() and icmp6_send() as we don't see the sender as a
  valid destination. This doesn't need to be generic, as we don't
  cover any other type of ICMP errors given that we only provide an
  encapsulation function to the sender
 While at it, make the MTU check in skb_tunnel_check_pmtu() accurate:
 we might receive GSO buffers here, and the passed headroom already
 includes the inner MAC length, so we don't have to account for it
 a second time (that would imply three MAC headers on the wire, but
 there are just two).
 This issue became visible while bridging IPv6 packets with 4500 bytes
 of payload over GENEVE using IPv4 with a PMTU of 4000. Given the 50
 bytes of encapsulation headroom, we would advertise MTU as 3950, and
 we would reject fragmented IPv6 datagrams of 3958 bytes size on the
 wire. We're exclusively dealing with network MTU here, though, so we
 could get Ethernet frames up to 3964 octets in that case.
 v2:
 - moved skb_tunnel_check_pmtu() to ip_tunnel_core.c (David Ahern)
 - split IPv4/IPv6 functions (David Ahern)
 Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 Reviewed-by: David Ahern <dsahern@gmail.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 --- a/include/net/ip_tunnels.h
 +++ b/include/net/ip_tunnels.h
@@ -279,6 +279,8 @@ int iptunnel_xmit(struct sock *sk, struc
 		  u8 tos, u8 ttl, __be16 df, bool xnet);
 struct metadata_dst *iptunnel_metadata_reply(struct metadata_dst *md,
 					     gfp_t flags);
 +int skb_tunnel_check_pmtu(struct sk_buff *skb, struct dst_entry *encap_dst,
 +			  int headroom, bool reply);
 struct sk_buff *iptunnel_handle_offloads(struct sk_buff *skb, bool gre_csum,
 					 int gso_type_mask);
 --- a/net/ipv4/ip_tunnel_core.c
 +++ b/net/ipv4/ip_tunnel_core.c
@@ -204,6 +204,252 @@ error:
 }
 EXPORT_SYMBOL_GPL(iptunnel_handle_offloads);
 +/**
 + * iptunnel_pmtud_build_icmp() - Build ICMP error message for PMTUD
 + * @skb:	Original packet with L2 header
 + * @mtu:	MTU value for ICMP error
 + *
 + * Return: length on success, negative error code if message couldn't be built.
 + */
 +static int iptunnel_pmtud_build_icmp(struct sk_buff *skb, int mtu)
 +{
 +	const struct iphdr *iph = ip_hdr(skb);
 +	struct icmphdr *icmph;
 +	struct iphdr *niph;
 +	struct ethhdr eh;
 +	int len, err;
 +
 +	if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct iphdr)))
 +		return -EINVAL;
 +
 +	skb_copy_bits(skb, skb_mac_header(skb) - skb->data, &eh, ETH_HLEN);
 +	pskb_pull(skb, ETH_HLEN);
 +	skb_reset_network_header(skb);
 +
 +	err = pskb_trim(skb, 576 - sizeof(*niph) - sizeof(*icmph));
 +	if (err)
 +		return err;
 +
 +	len = skb->len + sizeof(*icmph);
 +	err = skb_cow(skb, sizeof(*niph) + sizeof(*icmph) + ETH_HLEN);
 +	if (err)
 +		return err;
 +
 +	icmph = (struct icmphdr *)skb_push(skb, sizeof(*icmph));
 +	*icmph = (struct icmphdr) {
 +		.type			= ICMP_DEST_UNREACH,
 +		.code			= ICMP_FRAG_NEEDED,
 +		.checksum		= 0,
 +		.un.frag.__unused	= 0,
 +		.un.frag.mtu		= ntohs(mtu),
 +	};
 +	icmph->checksum = ip_compute_csum(icmph, len);
 +	skb_reset_transport_header(skb);
 +
 +	niph = (struct iphdr *)skb_push(skb, sizeof(*niph));
 +	*niph = (struct iphdr) {
 +		.ihl			= sizeof(*niph) / 4u,
 +		.version 		= 4,
 +		.tos 			= 0,
 +		.tot_len		= htons(len + sizeof(*niph)),
 +		.id			= 0,
 +		.frag_off		= htons(IP_DF),
 +		.ttl			= iph->ttl,
 +		.protocol		= IPPROTO_ICMP,
 +		.saddr			= iph->daddr,
 +		.daddr			= iph->saddr,
 +	};
 +	ip_send_check(niph);
 +	skb_reset_network_header(skb);
 +
 +	skb->ip_summed = CHECKSUM_NONE;
 +
 +	eth_header(skb, skb->dev, htons(eh.h_proto), eh.h_source, eh.h_dest, 0);
 +	skb_reset_mac_header(skb);
 +
 +	return skb->len;
 +}
 +
 +/**
 + * iptunnel_pmtud_check_icmp() - Trigger ICMP reply if needed and allowed
 + * @skb:	Buffer being sent by encapsulation, L2 headers expected
 + * @mtu:	Network MTU for path
 + *
 + * Return: 0 for no ICMP reply, length if built, negative value on error.
 + */
 +static int iptunnel_pmtud_check_icmp(struct sk_buff *skb, int mtu)
 +{
 +	const struct icmphdr *icmph = icmp_hdr(skb);
 +	const struct iphdr *iph = ip_hdr(skb);
 +
 +	if (mtu <= 576 || iph->frag_off != htons(IP_DF))
 +		return 0;
 +
 +	if (ipv4_is_lbcast(iph->daddr)  || ipv4_is_multicast(iph->daddr) ||
 +	    ipv4_is_zeronet(iph->saddr) || ipv4_is_loopback(iph->saddr)  ||
 +	    ipv4_is_lbcast(iph->saddr)  || ipv4_is_multicast(iph->saddr))
 +		return 0;
 +
 +	if (iph->protocol == IPPROTO_ICMP && icmp_is_err(icmph->type))
 +		return 0;
 +
 +	return iptunnel_pmtud_build_icmp(skb, mtu);
 +}
 +
 +#if IS_ENABLED(CONFIG_IPV6)
 +/**
 + * iptunnel_pmtud_build_icmpv6() - Build ICMPv6 error message for PMTUD
 + * @skb:	Original packet with L2 header
 + * @mtu:	MTU value for ICMPv6 error
 + *
 + * Return: length on success, negative error code if message couldn't be built.
 + */
 +static int iptunnel_pmtud_build_icmpv6(struct sk_buff *skb, int mtu)
 +{
 +	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
 +	struct icmp6hdr *icmp6h;
 +	struct ipv6hdr *nip6h;
 +	struct ethhdr eh;
 +	int len, err;
 +	__wsum csum;
 +
 +	if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct ipv6hdr)))
 +		return -EINVAL;
 +
 +	skb_copy_bits(skb, skb_mac_header(skb) - skb->data, &eh, ETH_HLEN);
 +	pskb_pull(skb, ETH_HLEN);
 +	skb_reset_network_header(skb);
 +
 +	err = pskb_trim(skb, IPV6_MIN_MTU - sizeof(*nip6h) - sizeof(*icmp6h));
 +	if (err)
 +		return err;
 +
 +	len = skb->len + sizeof(*icmp6h);
 +	err = skb_cow(skb, sizeof(*nip6h) + sizeof(*icmp6h) + ETH_HLEN);
 +	if (err)
 +		return err;
 +
 +	icmp6h = (struct icmp6hdr *)skb_push(skb, sizeof(*icmp6h));
 +	*icmp6h = (struct icmp6hdr) {
 +		.icmp6_type		= ICMPV6_PKT_TOOBIG,
 +		.icmp6_code		= 0,
 +		.icmp6_cksum		= 0,
 +		.icmp6_mtu		= htonl(mtu),
 +	};
 +	skb_reset_transport_header(skb);
 +
 +	nip6h = (struct ipv6hdr *)skb_push(skb, sizeof(*nip6h));
 +	*nip6h = (struct ipv6hdr) {
 +		.priority		= 0,
 +		.version		= 6,
 +		.flow_lbl		= { 0 },
 +		.payload_len		= htons(len),
 +		.nexthdr		= IPPROTO_ICMPV6,
 +		.hop_limit		= ip6h->hop_limit,
 +		.saddr			= ip6h->daddr,
 +		.daddr			= ip6h->saddr,
 +	};
 +	skb_reset_network_header(skb);
 +
 +	csum = csum_partial(icmp6h, len, 0);
 +	icmp6h->icmp6_cksum = csum_ipv6_magic(&nip6h->saddr, &nip6h->daddr, len,
 +					      IPPROTO_ICMPV6, csum);
 +
 +	skb->ip_summed = CHECKSUM_NONE;
 +
 +	eth_header(skb, skb->dev, htons(eh.h_proto), eh.h_source, eh.h_dest, 0);
 +	skb_reset_mac_header(skb);
 +
 +	return skb->len;
 +}
 +
 +/**
 + * iptunnel_pmtud_check_icmpv6() - Trigger ICMPv6 reply if needed and allowed
 + * @skb:	Buffer being sent by encapsulation, L2 headers expected
 + * @mtu:	Network MTU for path
 + *
 + * Return: 0 for no ICMPv6 reply, length if built, negative value on error.
 + */
 +static int iptunnel_pmtud_check_icmpv6(struct sk_buff *skb, int mtu)
 +{
 +	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
 +	int stype = ipv6_addr_type(&ip6h->saddr);
 +	u8 proto = ip6h->nexthdr;
 +	__be16 frag_off;
 +	int offset;
 +
 +	if (mtu <= IPV6_MIN_MTU)
 +		return 0;
 +
 +	if (stype == IPV6_ADDR_ANY || stype == IPV6_ADDR_MULTICAST ||
 +	    stype == IPV6_ADDR_LOOPBACK)
 +		return 0;
 +
 +	offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &proto,
 +				  &frag_off);
 +	if (offset < 0 || (frag_off & htons(~0x7)))
 +		return 0;
 +
 +	if (proto == IPPROTO_ICMPV6) {
 +		struct icmp6hdr *icmp6h;
 +
 +		if (!pskb_may_pull(skb, skb_network_header(skb) +
 +					offset + 1 - skb->data))
 +			return 0;
 +
 +		icmp6h = (struct icmp6hdr *)(skb_network_header(skb) + offset);
 +		if (icmpv6_is_err(icmp6h->icmp6_type) ||
 +		    icmp6h->icmp6_type == NDISC_REDIRECT)
 +			return 0;
 +	}
 +
 +	return iptunnel_pmtud_build_icmpv6(skb, mtu);
 +}
 +#endif /* IS_ENABLED(CONFIG_IPV6) */
 +
 +/**
 + * skb_tunnel_check_pmtu() - Check, update PMTU and trigger ICMP reply as needed
 + * @skb:	Buffer being sent by encapsulation, L2 headers expected
 + * @encap_dst:	Destination for tunnel encapsulation (outer IP)
 + * @headroom:	Encapsulation header size, bytes
 + * @reply:	Build matching ICMP or ICMPv6 message as a result
 + *
 + * L2 tunnel implementations that can carry IP and can be directly bridged
 + * (currently UDP tunnels) can't always rely on IP forwarding paths to handle
 + * PMTU discovery. In the bridged case, ICMP or ICMPv6 messages need to be built
 + * based on payload and sent back by the encapsulation itself.
 + *
 + * For routable interfaces, we just need to update the PMTU for the destination.
 + *
 + * Return: 0 if ICMP error not needed, length if built, negative value on error
 + */
 +int skb_tunnel_check_pmtu(struct sk_buff *skb, struct dst_entry *encap_dst,
 +			  int headroom, bool reply)
 +{
 +	struct dst_entry *dst = skb_dst(skb);
 +	u32 mtu = dst_mtu(encap_dst) - headroom;
 +
 +	if ((skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu) ||
 +	    (!skb_is_gso(skb) && (skb->len - skb_mac_header_len(skb)) <= mtu))
 +		return 0;
 +
 +	if (dst && dst->ops->update_pmtu)
 +		dst->ops->update_pmtu(dst, NULL, skb, mtu);
 +
 +	if (!reply || skb->pkt_type == PACKET_HOST)
 +		return 0;
 +
 +	if (skb->protocol == htons(ETH_P_IP))
 +		return iptunnel_pmtud_check_icmp(skb, mtu);
 +
 +#if IS_ENABLED(CONFIG_IPV6)
 +	if (skb->protocol == htons(ETH_P_IPV6))
 +		return iptunnel_pmtud_check_icmpv6(skb, mtu);
 +#endif
 +	return 0;
 +}
 +EXPORT_SYMBOL(skb_tunnel_check_pmtu);
 +
 /* Often modified stats are per cpu, other are shared (netdev->stats) */
 struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev,
 						struct rtnl_link_stats64 *tot)
 --- a/drivers/net/vxlan.c
 +++ b/drivers/net/vxlan.c
@@ -2076,6 +2076,8 @@ static void vxlan_xmit_one(struct sk_buf
 		/* Reset the skb_iif to Tunnels interface index */
 		skb->skb_iif = dev->ifindex;
 +		skb_tunnel_check_pmtu(skb, &rt->dst, VXLAN_HEADROOM, false);
 +
 		tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
 		ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
 		err = vxlan_xmit_skb(rt, sk, skb, fl4.saddr,
@@ -2141,6 +2143,8 @@ static void vxlan_xmit_one(struct sk_buf
 				flags |= VXLAN_F_UDP_ZERO_CSUM6_TX;
 		}
 +		skb_tunnel_check_pmtu(skb, ndst, VXLAN6_HEADROOM, false);
 +
 		ttl = ttl ? : ip6_dst_hoplimit(ndst);
 		err = vxlan6_xmit_skb(ndst, sk, skb, dev, &saddr, &dst->sin6.sin6_addr,
 				      0, ttl, src_port, dst_port, htonl(vni << 8), md,
--- a/feeds/ipq807x/ipq807x/patches/233-vxlan-simplify-RTF_LOCAL-handling.patch
+++ b/feeds/ipq807x/ipq807x/patches/233-vxlan-simplify-RTF_LOCAL-handling.patch
@@ -0,0 +1,114 @@
 From: pravin shelar <pshelar@ovn.org>
 Date: Sun, 13 Nov 2016 20:43:56 -0800
 Subject: [PATCH] vxlan: simplify RTF_LOCAL handling.
 Avoid code duplicate code for handling RTF_LOCAL routes.
 Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
 Acked-by: Jiri Benc <jbenc@redhat.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 --- a/drivers/net/vxlan.c
 +++ b/drivers/net/vxlan.c
@@ -1946,6 +1946,40 @@ static void vxlan_encap_bypass(struct sk
 	}
 }
 +static int encap_bypass_if_local(struct sk_buff *skb, struct net_device *dev,
 +				 struct vxlan_dev *vxlan, union vxlan_addr *daddr,
 +				 __be32 dst_port, __be32 vni, struct dst_entry *dst,
 +				 u32 rt_flags)
 +{
 +#if IS_ENABLED(CONFIG_IPV6)
 +	/* IPv6 rt-flags are checked against RTF_LOCAL, but the value of
 +	 * RTF_LOCAL is equal to RTCF_LOCAL. So to keep code simple
 +	 * we can use RTCF_LOCAL which works for ipv4 and ipv6 route entry.
 +	 */
 +	BUILD_BUG_ON(RTCF_LOCAL != RTF_LOCAL);
 +#endif
 +	/* Bypass encapsulation if the destination is local */
 +	if (rt_flags & RTCF_LOCAL &&
 +	    !(rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
 +		struct vxlan_dev *dst_vxlan;
 +
 +		dst_release(dst);
 +		dst_vxlan = vxlan_find_vni(vxlan->net, vni,
 +					   daddr->sa.sa_family, dst_port,
 +					   vxlan->flags);
 +		if (!dst_vxlan) {
 +			dev->stats.tx_errors++;
 +			kfree_skb(skb);
 +
 +			return -ENOENT;
 +		}
 +		vxlan_encap_bypass(skb, vxlan, dst_vxlan);
 +		return 1;
 +	}
 +
 +	return 0;
 +}
 +
 static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
 			   struct vxlan_rdst *rdst, bool did_rsc)
 {
@@ -2059,18 +2093,12 @@ static void vxlan_xmit_one(struct sk_buf
 		}
 		/* Bypass encapsulation if the destination is local */
 -		if (rt->rt_flags & RTCF_LOCAL &&
 -		    !(rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
 -			struct vxlan_dev *dst_vxlan;
 -
 -			ip_rt_put(rt);
 -			dst_vxlan = vxlan_find_vni(vxlan->net, vni,
 -						   dst->sa.sa_family, dst_port,
 -						   vxlan->flags);
 -			if (!dst_vxlan)
 -				goto tx_error;
 -			vxlan_encap_bypass(skb, vxlan, dst_vxlan);
 -			return;
 +		if (!info) {
 +			err = encap_bypass_if_local(skb, dev, vxlan, dst,
 +						    dst_port, vni, &rt->dst,
 +						    rt->rt_flags);
 +			if (err)
 +				return;
 		}
 		/* Reset the skb_iif to Tunnels interface index */
@@ -2096,7 +2124,6 @@ static void vxlan_xmit_one(struct sk_buf
 	} else {
 		struct dst_entry *ndst;
 		struct in6_addr saddr;
 -		u32 rt6i_flags;
 		if (!vxlan->vn6_sock)
 			goto drop;
@@ -2121,19 +2148,14 @@ static void vxlan_xmit_one(struct sk_buf
 		}
 		/* Bypass encapsulation if the destination is local */
 -		rt6i_flags = ((struct rt6_info *)ndst)->rt6i_flags;
 -		if (rt6i_flags & RTF_LOCAL &&
 -		    !(rt6i_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
 -			struct vxlan_dev *dst_vxlan;
 +		if (!info) {
 +			u32 rt6i_flags = ((struct rt6_info *)ndst)->rt6i_flags;
 -			dst_release(ndst);
 -			dst_vxlan = vxlan_find_vni(vxlan->net, vni,
 -						   dst->sa.sa_family, dst_port,
 -						   vxlan->flags);
 -			if (!dst_vxlan)
 -				goto tx_error;
 -			vxlan_encap_bypass(skb, vxlan, dst_vxlan);
 -			return;
 +			err = encap_bypass_if_local(skb, dev, vxlan, dst,
 +						    dst_port, vni, ndst,
 +						    rt6i_flags);
 +			if (err)
 +				return;
 		}
 		if (info) {
--- a/feeds/ipq807x/ipq807x/patches/234-vxlan-Support-for-PMTU-discovery-on-directly-bridged.patch
+++ b/feeds/ipq807x/ipq807x/patches/234-vxlan-Support-for-PMTU-discovery-on-directly-bridged.patch
@@ -0,0 +1,140 @@
 From: Stefano Brivio <sbrivio@redhat.com>
 Date: Tue, 4 Aug 2020 07:53:44 +0200
 Subject: [PATCH] vxlan: Support for PMTU discovery on directly bridged links
 If the interface is a bridge or Open vSwitch port, and we can't
 forward a packet because it exceeds the local PMTU estimate,
 trigger an ICMP or ICMPv6 reply to the sender, using the same
 interface to forward it back.
 If metadata collection is enabled, reverse destination and source
 addresses, so that Open vSwitch is able to match this packet against
 the existing, reverse flow.
 v2: Use netif_is_any_bridge_port() (David Ahern)
 Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 --- a/drivers/net/vxlan.c
 +++ b/drivers/net/vxlan.c
@@ -1903,7 +1903,7 @@ static struct dst_entry *vxlan6_get_rout
 /* Bypass encapsulation if the destination is local */
 static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
 -			       struct vxlan_dev *dst_vxlan)
 +			       struct vxlan_dev *dst_vxlan, bool snoop)
 {
 	struct pcpu_sw_netstats *tx_stats, *rx_stats;
 	union vxlan_addr loopback;
@@ -1928,7 +1928,7 @@ static void vxlan_encap_bypass(struct sk
 #endif
 	}
 -	if (dst_vxlan->flags & VXLAN_F_LEARN)
 +	if ((dst_vxlan->flags & VXLAN_F_LEARN) && snoop)
 		vxlan_snoop(skb->dev, &loopback, eth_hdr(skb)->h_source);
 	u64_stats_update_begin(&tx_stats->syncp);
@@ -1973,7 +1973,7 @@ static int encap_bypass_if_local(struct
 			return -ENOENT;
 		}
 -		vxlan_encap_bypass(skb, vxlan, dst_vxlan);
 +		vxlan_encap_bypass(skb, vxlan, dst_vxlan, true);
 		return 1;
 	}
@@ -1990,7 +1990,7 @@ static void vxlan_xmit_one(struct sk_buf
 	const struct iphdr *old_iph;
 	struct flowi4 fl4;
 	union vxlan_addr *dst;
 -	union vxlan_addr remote_ip;
 +	union vxlan_addr remote_ip, local_ip;
 	struct vxlan_metadata _md;
 	struct vxlan_metadata *md = &_md;
 	__be16 src_port = 0, dst_port;
@@ -2006,6 +2006,7 @@ static void vxlan_xmit_one(struct sk_buf
 		dst_port = rdst->remote_port ? rdst->remote_port : vxlan->cfg.dst_port;
 		vni = rdst->remote_vni;
 		dst = &rdst->remote_ip;
 +		local_ip = vxlan->cfg.saddr;
 	} else {
 		if (!info) {
 			WARN_ONCE(1, "%s: Missing encapsulation instructions\n",
@@ -2015,17 +2016,20 @@ static void vxlan_xmit_one(struct sk_buf
 		dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
 		vni = be64_to_cpu(info->key.tun_id);
 		remote_ip.sa.sa_family = ip_tunnel_info_af(info);
 -		if (remote_ip.sa.sa_family == AF_INET)
 +		if (remote_ip.sa.sa_family == AF_INET) {
 			remote_ip.sin.sin_addr.s_addr = info->key.u.ipv4.dst;
 -		else
 +			local_ip.sin.sin_addr.s_addr = info->key.u.ipv4.src;
 +		} else {
 			remote_ip.sin6.sin6_addr = info->key.u.ipv6.dst;
 +			local_ip.sin6.sin6_addr = info->key.u.ipv6.src;
 +		}
 		dst = &remote_ip;
 	}
 	if (vxlan_addr_any(dst)) {
 		if (did_rsc) {
 			/* short-circuited back to local bridge */
 -			vxlan_encap_bypass(skb, vxlan, vxlan);
 +			vxlan_encap_bypass(skb, vxlan, vxlan, true);
 			return;
 		}
 		goto drop;
@@ -2104,7 +2108,23 @@ static void vxlan_xmit_one(struct sk_buf
 		/* Reset the skb_iif to Tunnels interface index */
 		skb->skb_iif = dev->ifindex;
 -		skb_tunnel_check_pmtu(skb, &rt->dst, VXLAN_HEADROOM, false);
 +		err = skb_tunnel_check_pmtu(skb, &rt->dst, VXLAN_HEADROOM,
 +					    netif_is_any_bridge_port(dev));
 +		if (err < 0) {
 +			goto tx_error;
 +		} else if (err) {
 +			if (info) {
 +				struct in_addr src, dst;
 +
 +				src = remote_ip.sin.sin_addr;
 +				dst = local_ip.sin.sin_addr;
 +				info->key.u.ipv4.src = src.s_addr;
 +				info->key.u.ipv4.dst = dst.s_addr;
 +			}
 +			vxlan_encap_bypass(skb, vxlan, vxlan, false);
 +			ip_rt_put(rt);
 +			return;
 +		}
 		tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
 		ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
@@ -2165,7 +2185,24 @@ static void vxlan_xmit_one(struct sk_buf
 				flags |= VXLAN_F_UDP_ZERO_CSUM6_TX;
 		}
 -		skb_tunnel_check_pmtu(skb, ndst, VXLAN6_HEADROOM, false);
 +		err = skb_tunnel_check_pmtu(skb, ndst, VXLAN6_HEADROOM,
 +					    netif_is_any_bridge_port(dev));
 +		if (err < 0) {
 +			goto tx_error;
 +		} else if (err) {
 +			if (info) {
 +				struct in6_addr src, dst;
 +
 +				src = remote_ip.sin6.sin6_addr;
 +				dst = local_ip.sin6.sin6_addr;
 +				info->key.u.ipv6.src = src;
 +				info->key.u.ipv6.dst = dst;
 +			}
 +
 +			vxlan_encap_bypass(skb, vxlan, vxlan, false);
 +			ip_rt_put(rt);
 +			return;
 +		}
 		ttl = ttl ? : ip6_dst_hoplimit(ndst);
 		err = vxlan6_xmit_skb(ndst, sk, skb, dev, &saddr, &dst->sin6.sin6_addr,
--- a/feeds/ipq807x/ipq807x/patches/235-generic-Fix-per-interface-nf_call_iptables-setting.patch
+++ b/feeds/ipq807x/ipq807x/patches/235-generic-Fix-per-interface-nf_call_iptables-setting.patch
@@ -0,0 +1,234 @@
 From: Sven Eckelmann <sven@open-mesh.com>
 Date: Wed, 2 Sep 2015 19:47:43 +0200
 Subject: generic: Fix per interface nf_call_iptables setting
 commit r30917 ("kernel: bypass all netfilter hooks if the sysctls for that
 functionality have been disabled - eliminates the overhead of enabling
 CONFIG_BRIDGE_NETFILTER in the kernel config") introduced an optimization
 which should reduce/eliminate the overhead for traffic send over bridges on
 kernels compiled with CONFIG_BRIDGE_NETFILTER=y. But this optimization
 breaks the nf_call_iptables per bridge setting which is more fine grained
 than the global sysctl net.bridge.bridge-nf-call-iptables setting.
 A test reflecting a real world setup was created to identify if this really
 eliminates the overhead and if per-bridge nf_call_iptables could be used in
 some setups to increase the throughput. A Qualcomm Atheros QCA9558 based
 system with one ethernet and an ath9k wifi 3x3 in HT40 mode was used.
 Cables from the AP to the wifi station were used to reduce interference
 problems during the tests.
 The wlan interface was put in one bridge interface called br-wlan. This
 bridge usually contains some more wlan interfaces. The eth0 was put in a
 second bridge called br-lan. This usually contains some other privileged
 wlan or mesh interfaces. Routing was added between br-lan and br-wlan.
 Three kernels were tested:
 * (default) OpenWrt kernel for this device
 * (brfilter-global) OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y
 * (brfilter-local)  OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y and
    without 644-bridge_optimize_netfilter_hooks.patch
 The changes to the the netfilter settings of the bridge were done via:
 * (brfilter-global) /sbin/sysctl -w net.bridge.bridge-nf-call-iptables=1
 * (brfilter-lobal) echo 1 > /sys/class/net/br-lan/bridge/nf_call_iptables
   and/or echo 1 > /sys/class/net/br-wan/bridge/nf_call_iptables
 A station connected to the wlan0 (AP) interface was used to send traffic to
 a PC connected via ethernet. iperf with 3 concurrent transmissions was used
 to generate the traffic.
 | kernel          | br-nf-* global | nf-call* iface | download | upload   |
 |-----------------|----------------|----------------|----------|----------|
 | default         | 0              | -              |      209 |      268 |
 | brfilter-global | 0              | -              |      185 |      243 |
 | brfilter-local  | 0              | -              |      187 |      243 |
 | brfilter-local  | 0              | br-lan         |      157 |      226 |
 | brfilter-local  | 0              | br-lan br-wlan |      139 |      161 |
 | brfilter-global | 1              | -              |      136 |      162 |
 Download/upload results in Mibit/s
 It can be seen that the patch doesn't eliminate the overhead. It can also
 be seen that the throughput of brfilter-global and brfilter-local with
 disabled filtering is the roughly the same. Also the throughput for
 brfilter-global and brfilter-local for enabled filtering on all bridges is
 roughly the same.
 But also the brfilter-local throughput is higher when only br-lan requires
 the filtering. This setting would not be possible with
 644-bridge_optimize_netfilter_hooks.patch applied and thus can only be
 compared with brfilter-global and filtering enabled for all interfaces.
 Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
 Forwarded: https://patchwork.ozlabs.org/patch/513592/
 Applied-Upstream: https://dev.openwrt.org/changeset/46835
 --- a/net/bridge/br_forward.c
 +++ b/net/bridge/br_forward.c
@@ -69,7 +69,7 @@ EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit
 int br_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
 -	return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING,
 +	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING,
 		       net, sk, skb, NULL, skb->dev,
 		       br_dev_queue_push_xmit);
@@ -97,7 +97,7 @@ static void __br_deliver(const struct ne
 		return;
 	}
 -	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
 +	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
 		dev_net(skb->dev), NULL, skb,NULL, skb->dev,
 		br_forward_finish);
 }
@@ -121,7 +121,7 @@ static void __br_forward(const struct ne
 	skb->dev = to->dev;
 	skb_forward_csum(skb);
 -	BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD,
 +	NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD,
 		dev_net(indev), NULL, skb, indev, skb->dev,
 		br_forward_finish);
 }
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
@@ -70,7 +70,7 @@ int br_pass_frame_up(struct sk_buff *skb
 	if (!skb)
 		return NET_RX_DROP;
 -	return BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
 +	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
 		       dev_net(indev), NULL, skb, indev, NULL,
 		       br_netif_receive_skb);
 }
@@ -320,7 +320,7 @@ rx_handler_result_t br_handle_frame(stru
 		}
 		/* Deliver packet to local host only */
 -		if (BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
 +		if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
 			    dev_net(skb->dev), NULL, skb, skb->dev, NULL,
 			    br_handle_local_finish)) {
 			return RX_HANDLER_CONSUMED; /* consumed by filter */
@@ -337,7 +337,7 @@ forward:
 			if (ether_addr_equal(p->br->dev->dev_addr, dest))
 				skb->pkt_type = PACKET_HOST;
 -			if (BR_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, dev_net(skb->dev), NULL,
 +			if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, dev_net(skb->dev), NULL,
 				skb, skb->dev, NULL, br_handle_local_finish))
 				break;
@@ -361,7 +361,7 @@ forward:
 		if (ether_addr_equal(p->br->dev->dev_addr, dest))
 			skb->pkt_type = PACKET_HOST;
 -		BR_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING,
 +		NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING,
 			dev_net(skb->dev), NULL, skb, skb->dev, NULL,
 			br_handle_frame_finish);
 		break;
 --- a/net/bridge/br_multicast.c
 +++ b/net/bridge/br_multicast.c
@@ -856,7 +856,7 @@ static void __br_multicast_send_query(st
 	if (port) {
 		skb->dev = port->dev;
 -		BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
 +		NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
 			dev_net(port->dev), NULL, skb, NULL, skb->dev,
 			br_dev_queue_push_xmit);
 	} else {
 --- a/net/bridge/br_netfilter_hooks.c
 +++ b/net/bridge/br_netfilter_hooks.c
@@ -72,15 +72,6 @@ static int brnf_pass_vlan_indev __read_m
 #define IS_ARP(skb) \
 	(!skb_vlan_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
 -int brnf_call_ebtables __read_mostly;
 -EXPORT_SYMBOL_GPL(brnf_call_ebtables);
 -
 -bool br_netfilter_run_hooks(void)
 -{
 -	return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables |
 -		brnf_call_ebtables | brnf_call_custom;
 -}
 -
 static inline __be16 vlan_proto(const struct sk_buff *skb)
 {
 	if (skb_vlan_tag_present(skb))
 --- a/net/bridge/br_private.h
 +++ b/net/bridge/br_private.h
@@ -909,29 +909,15 @@ extern const struct nf_br_ops __rcu *nf_
 /* br_netfilter.c */
 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
 -extern int brnf_call_ebtables;
 int br_nf_core_init(void);
 void br_nf_core_fini(void);
 void br_netfilter_rtable_init(struct net_bridge *);
 -bool br_netfilter_run_hooks(void);
 #else
 static inline int br_nf_core_init(void) { return 0; }
 static inline void br_nf_core_fini(void) {}
 #define br_netfilter_rtable_init(x)
 -#define br_netfilter_run_hooks()	false
 #endif
 -static inline int
 -BR_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
 -	struct sk_buff *skb, struct net_device *in, struct net_device *out,
 -	int (*okfn)(struct net *, struct sock *, struct sk_buff *))
 -{
 -	if (!br_netfilter_run_hooks())
 -		return okfn(net, sk, skb);
 -
 -	return NF_HOOK(pf, hook, net, sk, skb, in, out, okfn);
 -}
 -
 /* br_stp.c */
 void br_log_state(const struct net_bridge_port *p);
 void br_set_state(struct net_bridge_port *p, unsigned int state);
 --- a/net/bridge/br_stp_bpdu.c
 +++ b/net/bridge/br_stp_bpdu.c
@@ -60,7 +60,7 @@ static void br_send_bpdu(struct net_brid
 	skb_reset_mac_header(skb);
 -	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
 +	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
 		dev_net(p->dev), NULL, skb, NULL, skb->dev,
 		br_send_bpdu_finish);
 }
 --- a/net/bridge/netfilter/ebtables.c
 +++ b/net/bridge/netfilter/ebtables.c
@@ -2416,13 +2416,11 @@ static int __init ebtables_init(void)
 	}
 	printk(KERN_INFO "Ebtables v2.0 registered\n");
 -	brnf_call_ebtables = 1;
 	return 0;
 }
 static void __exit ebtables_fini(void)
 {
 -	brnf_call_ebtables = 0;
 	nf_unregister_sockopt(&ebt_sockopts);
 	xt_unregister_target(&ebt_standard_target);
 	printk(KERN_INFO "Ebtables v2.0 unregistered\n");
 --- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
 +++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
@@ -310,7 +310,7 @@ nf_nat_ipv4_fn(void *priv, struct sk_buf
 		 * nf_bridge will be set and nf_bridge->physoutdev is not null,
 		 * We can assume that it is not expecting NAT operation.
 		 *
 -		 * when BR_HOOK is enabled, multicast packets will reach
 +		 * when NF_HOOK is enabled, multicast packets will reach
 		 * postrouting twice,the first time is when it is forwarded
 		 * between ports of a bridge, the second time is that it is
 		 * forwarded to upstream port.
--- a/feeds/ipq807x/xtables-addons/Makefile
+++ b/feeds/ipq807x/xtables-addons/Makefile
@@ -0,0 +1,179 @@
 #
 # Copyright (C) 2009-2013 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=xtables-addons
 PKG_VERSION:=2.14
 PKG_RELEASE:=8
 PKG_HASH:=d215a9a8b8e66aae04b982fa2e1228e8a71e7dfe42320df99e34e5000cbdf152
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@SF/xtables-addons
 PKG_BUILD_DEPENDS:=iptables
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
 PKG_CHECK_FORMAT_SECURITY:=0
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0
 PKG_FIXUP:=autoreconf
 include $(INCLUDE_DIR)/package.mk
 define Package/xtables-addons
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=Firewall
  TITLE:=Extensions not distributed in the main Xtables
  URL:=http://xtables-addons.sourceforge.net/
 endef
 # uses GNU configure
 CONFIGURE_ARGS+= \
 	--with-kbuild="$(LINUX_DIR)" \
 	--with-xtlibdir="/usr/lib/iptables"
 ifdef CONFIG_EXTERNAL_TOOLCHAIN
 MAKE_FLAGS:= \
 	$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
 	DEPMOD="/bin/true"
 MAKE_INSTALL_FLAGS:= \
 	$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
 	DEPMOD="/bin/true"
 else
 define Build/Compile
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 		$(KERNEL_MAKE_FLAGS) \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		DEPMOD="/bin/true" \
 		all
 endef
 define Build/Install
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		$(KERNEL_MAKE_FLAGS) \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		DEPMOD="/bin/true" \
 		install
 endef
 endif
 # 1: extension/module suffix used in package name
 # 2: extension/module display name used in package title/description
 # 3: list of extensions to package
 # 4: list of modules to package
 # 5: module load priority
 # 6: module depends
 define BuildTemplate
 ifneq ($(3),)
  define Package/iptables-mod-$(1)
    $$(call Package/xtables-addons)
    CATEGORY:=Network
    TITLE:=$(2) iptables extension
    DEPENDS:=iptables $(if $(4),+kmod-ipt-$(1))
  endef
  define Package/iptables-mod-$(1)/install
 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
 	for m in $(3); do \
 		$(CP) \
 			$(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so \
 			$$(1)/usr/lib/iptables/ ; \
 	done
  endef
  $$(eval $$(call BuildPackage,iptables-mod-$(1)))
 endif
 ifneq ($(4),)
  define KernelPackage/ipt-$(1)
    SUBMENU:=Netfilter Extensions
    TITLE:=$(2) netfilter module
    DEPENDS:=+kmod-ipt-core $(5)
    FILES:=$(foreach mod,$(4),$(PKG_BUILD_DIR)/extensions/$(mod).$(LINUX_KMOD_SUFFIX))
    AUTOLOAD:=$(call AutoProbe,$(notdir $(4)))
  endef
  $$(eval $$(call KernelPackage,ipt-$(1)))
 endif
 endef
 define Package/iptaccount
  $(call Package/xtables-addons)
  CATEGORY:=Network
  TITLE:=iptables-mod-account control utility
  DEPENDS:=iptables +iptables-mod-account
 endef
 define Package/iptaccount/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/lib/libxt_ACCOUNT_cl.so* \
 		$(1)/usr/lib/
 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/sbin/iptaccount \
 		$(1)/usr/sbin/
 endef
 define Package/iptgeoip
  $(call Package/xtables-addons)
  CATEGORY:=Network
  TITLE:=iptables-mod-geoip support scripts for MaxMind GeoIP databases
  # we could also use wget-nossl but that's more complicated than our
  # syntax of dependencies permits...
  DEPENDS:=iptables +iptables-mod-geoip \
 		+perl +perlbase-getopt +perlbase-io +perl-text-csv_xs \
 		+!BUSYBOX_CONFIG_WGET:wget +!BUSYBOX_CONFIG_GZIP:gzip +!BUSYBOX_CONFIG_UNZIP:unzip
 endef
 define Package/iptgeoip/install
 	$(INSTALL_DIR) $(1)/usr/lib/xtables-addons
 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/lib/xtables-addons/xt_geoip_{build,dl} \
 		$(1)/usr/lib/xtables-addons/
 	$(INSTALL_DIR) $(1)/usr/share/xt_geoip
 endef
 #$(eval $(call BuildTemplate,SUFFIX,DESCRIPTION,EXTENSION,MODULE,PRIORITY,DEPENDS))
 $(eval $(call BuildTemplate,compat-xtables,API compatibilty layer,,compat_xtables,+IPV6:kmod-ip6tables))
 $(eval $(call BuildTemplate,nathelper-rtsp,RTSP Conntrack and NAT,,rtsp/nf_conntrack_rtsp rtsp/nf_nat_rtsp,+kmod-ipt-conntrack-extra +kmod-ipt-nat))
 $(eval $(call BuildTemplate,account,ACCOUNT,xt_ACCOUNT,ACCOUNT/xt_ACCOUNT,+kmod-ipt-compat-xtables))
 $(eval $(call BuildTemplate,chaos,CHAOS,xt_CHAOS,xt_CHAOS,+kmod-ipt-compat-xtables +kmod-ipt-delude +kmod-ipt-tarpit))
 $(eval $(call BuildTemplate,condition,Condition,xt_condition,xt_condition,))
 $(eval $(call BuildTemplate,delude,DELUDE,xt_DELUDE,xt_DELUDE,+kmod-ipt-compat-xtables))
 $(eval $(call BuildTemplate,dhcpmac,DHCPMAC,xt_DHCPMAC,xt_DHCPMAC,+kmod-ipt-compat-xtables))
 $(eval $(call BuildTemplate,dnetmap,DNETMAP,xt_DNETMAP,xt_DNETMAP,+kmod-ipt-compat-xtables +kmod-ipt-nat))
 $(eval $(call BuildTemplate,fuzzy,fuzzy,xt_fuzzy,xt_fuzzy,))
 $(eval $(call BuildTemplate,geoip,geoip,xt_geoip,xt_geoip,))
 $(eval $(call BuildTemplate,iface,iface,xt_iface,xt_iface,))
 $(eval $(call BuildTemplate,ipmark,IPMARK,xt_IPMARK,xt_IPMARK,+kmod-ipt-compat-xtables))
 $(eval $(call BuildTemplate,ipp2p,IPP2P,xt_ipp2p,xt_ipp2p,+kmod-ipt-compat-xtables))
 $(eval $(call BuildTemplate,ipv4options,ipv4options,xt_ipv4options,xt_ipv4options,))
 $(eval $(call BuildTemplate,length2,length2,xt_length2,xt_length2,+kmod-ipt-compat-xtables))
 $(eval $(call BuildTemplate,logmark,LOGMARK,xt_LOGMARK,xt_LOGMARK,+kmod-ipt-compat-xtables))
 $(eval $(call BuildTemplate,lscan,lscan,xt_lscan,xt_lscan,))
 $(eval $(call BuildTemplate,lua,Lua PacketScript,xt_LUA,LUA/xt_LUA,+kmod-ipt-conntrack-extra))
 $(eval $(call BuildTemplate,psd,psd,xt_psd,xt_psd,))
 $(eval $(call BuildTemplate,quota2,quota2,xt_quota2,xt_quota2,))
 $(eval $(call BuildTemplate,sysrq,SYSRQ,xt_SYSRQ,xt_SYSRQ,+kmod-ipt-compat-xtables +kmod-crypto-hash))
 $(eval $(call BuildTemplate,tarpit,TARPIT,xt_TARPIT,xt_TARPIT,+kmod-ipt-compat-xtables))
 $(eval $(call BuildPackage,iptaccount))
 $(eval $(call BuildPackage,iptgeoip))
--- a/feeds/ipq807x/xtables-addons/patches/001-fix-kernel-version-detection.patch
+++ b/feeds/ipq807x/xtables-addons/patches/001-fix-kernel-version-detection.patch
@@ -0,0 +1,11 @@
 --- a/configure.ac
 +++ b/configure.ac
@@ -44,7 +44,7 @@ regular_CFLAGS="-Wall -Waggregate-return
 if test -n "$kbuilddir"; then
 	AC_MSG_CHECKING([kernel version that we will build against])
 -	krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
 +	krel="$(make -sC "$kbuilddir" M=$PWD kernelversion | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
 	save_IFS="$IFS"
 	IFS='.'
 	set x $krel
--- a/feeds/ipq807x/xtables-addons/patches/002-build-support-for-Linux-4.15.patch
+++ b/feeds/ipq807x/xtables-addons/patches/002-build-support-for-Linux-4.15.patch
@@ -0,0 +1,50 @@
 From 2b76b68c65c97fc11409088c3c30993324df8500 Mon Sep 17 00:00:00 2001
 From: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
 Date: Thu, 4 Jan 2018 18:50:50 +0100
 Subject: [PATCH] build: support for Linux 4.15
 Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
 ---
 extensions/pknock/xt_pknock.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)
 diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
 index 6fbdea4..31d4bc8 100644
 --- a/extensions/pknock/xt_pknock.c
 +++ b/extensions/pknock/xt_pknock.c
@@ -358,10 +358,20 @@ has_logged_during_this_minute(const struct peer *peer)
  * @r: rule
  */
 static void
 -peer_gc(unsigned long r)
 +peer_gc(
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
 +	struct timer_list *tl
 +#else
 +	unsigned long r
 +#endif
 +)
 {
 	unsigned int i;
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
 +	struct xt_pknock_rule *rule = from_timer(rule, tl, timer);
 +#else
 	struct xt_pknock_rule *rule = (struct xt_pknock_rule *)r;
 +#endif
 	struct peer *peer;
 	struct list_head *pos, *n;
@@ -469,9 +479,13 @@ add_rule(struct xt_pknock_mtinfo *info)
 	if (rule->peer_head == NULL)
 		goto out;
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
 +	timer_setup(&rule->timer, peer_gc, 0);
 +#else
 	init_timer(&rule->timer);
 	rule->timer.function	= peer_gc;
 	rule->timer.data	= (unsigned long)rule;
 +#endif
 	rule->status_proc = proc_create_data(info->rule_name, 0, pde,
 	                    &pknock_proc_ops, rule);
--- a/feeds/ipq807x/xtables-addons/patches/003-build-add-support-for-Linux-4.18.patch
+++ b/feeds/ipq807x/xtables-addons/patches/003-build-add-support-for-Linux-4.18.patch
@@ -0,0 +1,25 @@
 From 3ea761a1ed338241fbc79bef8e433307e108b6cd Mon Sep 17 00:00:00 2001
 From: Jan Engelhardt <jengelh@inai.de>
 Date: Tue, 14 Aug 2018 14:29:30 +0200
 Subject: [PATCH] build: add support for Linux 4.18
 ---
 extensions/xt_DNETMAP.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/extensions/xt_DNETMAP.c b/extensions/xt_DNETMAP.c
 index 1b415c3..de7d4ec 100644
 --- a/extensions/xt_DNETMAP.c
 +++ b/extensions/xt_DNETMAP.c
@@ -367,7 +367,11 @@ dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	__be32 prenat_ip, postnat_ip, prenat_ip_prev;
 	const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
 	const struct nf_nat_range *mr = &tginfo->prefix;
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 18, 0)
 +	struct nf_nat_range2 newrange;
 +#else
 	struct nf_nat_range newrange;
 +#endif
 	struct dnetmap_entry *e;
 	struct dnetmap_prefix *p;
 	__s32 jttl;
--- a/feeds/ipq807x/xtables-addons/patches/100-add-rtsp-conntrack.patch
+++ b/feeds/ipq807x/xtables-addons/patches/100-add-rtsp-conntrack.patch
--- a/feeds/ipq807x/xtables-addons/patches/200-add-lua-packetscript.patch
+++ b/feeds/ipq807x/xtables-addons/patches/200-add-lua-packetscript.patch
--- a/feeds/ipq807x/xtables-addons/patches/201-fix-lua-packetscript.patch
+++ b/feeds/ipq807x/xtables-addons/patches/201-fix-lua-packetscript.patch
@@ -0,0 +1,127 @@
 --- a/extensions/LUA/xt_LUA_target.c
 +++ b/extensions/LUA/xt_LUA_target.c
@@ -19,7 +19,7 @@
 #include <linux/kernel.h>
 #include <linux/slab.h>
 #include <linux/module.h>
 -#include <asm/uaccess.h>
 +#include <linux/uaccess.h>
 #include <net/ip.h>
 #include <linux/netfilter/x_tables.h>
 #include "xt_LUA.h"
@@ -64,10 +64,10 @@ uint32_t  lua_state_refs[LUA_STATE_ARRAY
  * XT_CONTINUE inside the *register_lua_packet_lib* function.
  */
 -spinlock_t lock = SPIN_LOCK_UNLOCKED;
 +DEFINE_SPINLOCK(lock);
 static uint32_t 
 -lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
 +lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
 {
 	uint32_t  verdict;
 	lua_packet_segment *p;
@@ -88,11 +88,11 @@ lua_tg(struct sk_buff *pskb, const struc
 	/* push the lua_packet_segment as a parameter */
 	p = (lua_packet_segment *)lua_newuserdata(L, sizeof(lua_packet_segment));
 	if (pskb->mac_header)
 -		p->start = pskb->mac_header;
 +		p->start = skb_mac_header(pskb);
 	else if (pskb->network_header)
 -		p->start = pskb->network_header;
 +		p->start = skb_network_header(pskb);
 	else if (pskb->transport_header)
 -		p->start = pskb->transport_header;
 +		p->start = skb_transport_header(pskb);
 	p->offset = 0;
 	p->length = (unsigned long)pskb->tail - (unsigned long)p->start;
 	p->changes = NULL;
@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
  * some workqueue initialization. So far this is done each time this function
  * is called, subject to change.
  */
 -static bool
 +static int
 lua_tg_checkentry(const struct xt_tgchk_param *par)
 {
 	const struct xt_lua_tginfo *info = par->targinfo;
 	if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
 		lua_state_refs[info->state_id]++;
 -		return true;
 +		return 0;
 	}
 -	return false;
 +	return -EINVAL;
 }
 /*::*
 --- a/extensions/LUA/lua/llimits.h
 +++ b/extensions/LUA/lua/llimits.h
@@ -8,7 +8,6 @@
 #define llimits_h
 #include <stddef.h>
 -#include <limits.h>
 #include "lua.h"
 --- a/extensions/LUA/lua/lapi.c
 +++ b/extensions/LUA/lua/lapi.c
@@ -4,9 +4,6 @@
 ** See Copyright Notice in lua.h
 */
 -#include <stdarg.h>
 -#include <math.h>
 -#include <assert.h>
 #include <string.h>
 #define lapi_c
 --- a/extensions/LUA/lua/ltable.c
 +++ b/extensions/LUA/lua/ltable.c
@@ -18,7 +18,6 @@
 ** Hence even when the load factor reaches 100%, performance remains good.
 */
 -#include <math.h>
 #include <string.h>
 #define ltable_c
 --- a/extensions/LUA/lua/luaconf.h
 +++ b/extensions/LUA/lua/luaconf.h
@@ -13,8 +13,12 @@
 #if !defined(__KERNEL__)
 #include <limits.h>
 #else
 +#include <linux/kernel.h>
 +
 +#undef UCHAR_MAX
 +#undef BUFSIZ
 +#undef NO_FPU
 #define UCHAR_MAX	255
 -#define SHRT_MAX        32767
 #define BUFSIZ 		8192
 #define NO_FPU
 #endif
@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l;
 */
 #if defined(__KERNEL__)
 #undef LUA_USE_ULONGJMP
 +#define setjmp __builtin_setjmp
 +#define longjmp __builtin_longjmp
 #endif
 #if defined(__cplusplus)
 --- a/extensions/LUA/lua/llex.h
 +++ b/extensions/LUA/lua/llex.h
@@ -10,6 +10,8 @@
 #include "lobject.h"
 #include "lzio.h"
 +/* prevent conflict with definition from asm/current.h */
 +#undef current
 #define FIRST_RESERVED	257
--- a/feeds/ipq807x/xtables-addons/patches/300-geoip-endian-detection.patch
+++ b/feeds/ipq807x/xtables-addons/patches/300-geoip-endian-detection.patch
@@ -0,0 +1,18 @@
 --- a/extensions/libxt_geoip.c
 +++ b/extensions/libxt_geoip.c
@@ -59,13 +59,13 @@ geoip_get_subnets(const char *code, uint
 	/* Use simple integer vector files */
 	if (nfproto == NFPROTO_IPV6) {
 -#if __BYTE_ORDER == _BIG_ENDIAN
 +#if BYTE_ORDER == BIG_ENDIAN
 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv6", code);
 #else
 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv6", code);
 #endif
 	} else {
 -#if __BYTE_ORDER == _BIG_ENDIAN
 +#if BYTE_ORDER == BIG_ENDIAN
 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv4", code);
 #else
 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv4", code);
--- a/feeds/openflow/openvswitch/Config.in
+++ b/feeds/openflow/openvswitch/Config.in
@@ -1,8 +0,0 @@
 menu "Configuration"
 	depends on PACKAGE_openvswitch
 	config	OPENVSWITCH_WITH_LIBUNBOUND
 		bool
 		default y
 		prompt "Build with libunbound library."
 endmenu
--- a/feeds/openflow/openvswitch/Makefile
+++ b/feeds/openflow/openvswitch/Makefile
@@ -1,282 +0,0 @@
 #
 # Copyright (C) 2013 Julius Schulz-Zander <julius@net.t-labs.tu-berlin.de>
 # Copyright (C) 2014-2017 OpenWrt.org
 # Copyright (C) 2018-2020 Yousong Zhou <yszhou4tech@gmail.com>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 include ./openvswitch.mk
 # Checklist on version bump
 #
 #  - Check acinclude.m4 for range of supported kernel versions: "but version newer than .* is not supported"
 #  - Check and update kmod dependencies when necessary (runtime module load check in the least)
 #
 PKG_NAME:=openvswitch
 PKG_VERSION:=$(ovs_version)
 PKG_RELEASE:=10
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
 PKG_HASH:=5c7baed537364d43af36c15dde298c95d35cb2cb3204b4d3fe9b0fc73c97f16d
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:openvswitch:openvswitch
 PKG_BUILD_DIR:=$(ovs_builddir)
 PKG_BUILD_DEPENDS+=python3/host python-six/host
 PKG_USE_MIPS16:=0
 PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
 PYTHON3_PKG_BUILD:=0
 PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>
 include $(INCLUDE_DIR)/package.mk
 include $(TOPDIR)/feeds/packages/lang/python/python3-host.mk
 include $(TOPDIR)/feeds/packages/lang/python/python3-package.mk
 define Package/openvswitch/config
 source "$(SOURCE)/Config.in"
 endef
 ovs_kmod_packages:=
 ovs_kmod_intree_kernel_patchver_min:=3.10
 ovs_kmod_intree_kernel_patchver_max:=5.5
 ovs_kmod_intree_not_supported:=$(strip $(call kernel_patchver_lt,$(ovs_kmod_intree_kernel_patchver_min))$(call kernel_patchver_gt,$(ovs_kmod_intree_kernel_patchver_max)))
 ovs_kmod_intree_dir:=$(PKG_BUILD_DIR)/datapath/linux
 ovs_kmod_upstream_dir:=$(LINUX_DIR)/net/openvswitch
 ovs_kmod_package_name=$(if $(filter openvswitch,$(1)),openvswitch,$(1))
 ovs_kmod_is_intree=$(filter %-intree,$(1))
 ovs_kmod_upstream_name=kmod-$(call ovs_kmod_package_name,$(patsubst %-intree,%,$(1)))
 ovs_kmod_package_provides=$(call ovs_kmod_upstream_name,$(1))
 define OvsKmodPackageTemplate
 ifeq ($(if $(call ovs_kmod_is_intree,$(1)),$(ovs_kmod_intree_not_supported)),)
  define KernelPackage/$(call ovs_kmod_package_name,$(1))
     SECTION:=kernel
     CATEGORY:=Kernel modules
     SUBMENU:=Network Support
     TITLE:=$(ovs_kmod_$(1)_title)
     DEPENDS:=$(ovs_kmod_$(1)_depends) $(if $(call ovs_kmod_is_intree,$(1)),@IPV6 @DEVEL)
     PROVIDES:=$(call ovs_kmod_package_provides,$(1))
     KCONFIG:=$(ovs_kmod_$(1)_kconfig)
     FILES:=$(ovs_kmod_$(1)_files)
     AUTOLOAD:=$(call AutoProbe,$(foreach m,$(ovs_kmod_$(1)_files),$(notdir $(patsubst %.ko,%,$(basename $(m))))))
  endef
  ovs_kmod_packages+=$(call ovs_kmod_package_name,$(1))
 endif
 endef
 ovs_kmod_openvswitch_title:=Open vSwitch kernel datapath (upstream)
 ovs_kmod_openvswitch_kconfig:=CONFIG_OPENVSWITCH
 ovs_kmod_openvswitch_depends:=\
 	  +kmod-lib-crc32c \
 	  +kmod-nf-nat \
 	  +IPV6:kmod-nf-nat6 \
 	  +kmod-nf-conntrack \
 	  +IPV6:kmod-nf-conntrack6 \
 	  +kmod-nsh \
 	  +kmod-ipt-conntrack-extra \
 ovs_kmod_openvswitch_files:=$(ovs_kmod_upstream_dir)/openvswitch.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch))
 ovs_kmod_openvswitch-gre_title:=Open vSwitch GRE tunneling support (upstream)
 ovs_kmod_openvswitch-gre_kconfig:= CONFIG_OPENVSWITCH_GRE
 ovs_kmod_openvswitch-gre_depends:= +kmod-openvswitch +kmod-gre
 ovs_kmod_openvswitch-gre_files:= $(ovs_kmod_upstream_dir)/vport-gre.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-gre))
 ovs_kmod_openvswitch-vxlan_title:=Open vSwitch VXLAN tunneling support (upstream)
 ovs_kmod_openvswitch-vxlan_kconfig:= CONFIG_OPENVSWITCH_VXLAN
 ovs_kmod_openvswitch-vxlan_depends:= +kmod-openvswitch +kmod-vxlan
 ovs_kmod_openvswitch-vxlan_files:= $(ovs_kmod_upstream_dir)/vport-vxlan.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-vxlan))
 ovs_kmod_openvswitch-geneve_title:=Open vSwitch Geneve tunneling support (upstream)
 ovs_kmod_openvswitch-geneve_kconfig:= CONFIG_OPENVSWITCH_GENEVE
 ovs_kmod_openvswitch-geneve_depends:= +kmod-openvswitch +kmod-geneve
 ovs_kmod_openvswitch-geneve_files:= $(ovs_kmod_upstream_dir)/vport-geneve.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-geneve))
 # NOTE depends
 #
 #  - kmod-ipt-conntrack-extra: required for nf_conncount.ko
 #
 ovs_kmod_openvswitch-intree_title:=Open vSwitch kernel datapath (in tree)
 ovs_kmod_openvswitch-intree_depends:=\
 	  +kmod-lib-crc32c \
 	  +kmod-nf-nat \
 	  +IPV6:kmod-nf-nat6 \
 	  +kmod-nf-conntrack \
 	  +kmod-udptunnel4 \
 	  +kmod-ipt-conntrack-extra \
 ovs_kmod_openvswitch-intree_files:= $(ovs_kmod_intree_dir)/openvswitch.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-intree))
 ovs_kmod_openvswitch-gre-intree_title:=Open vSwitch GRE tunneling support (in tree)
 ovs_kmod_openvswitch-gre-intree_depends:= +kmod-openvswitch-intree +kmod-gre
 ovs_kmod_openvswitch-gre-intree_files:= $(ovs_kmod_intree_dir)/vport-gre.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-gre-intree))
 ovs_kmod_openvswitch-vxlan-intree_title:=Open vSwitch VXLAN tunneling support (in tree)
 ovs_kmod_openvswitch-vxlan-intree_depends:= +kmod-openvswitch-intree +kmod-vxlan
 ovs_kmod_openvswitch-vxlan-intree_files:= $(ovs_kmod_intree_dir)/vport-vxlan.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-vxlan-intree))
 ovs_kmod_openvswitch-geneve-intree_title:=Open vSwitch Geneve tunneling support (in tree)
 ovs_kmod_openvswitch-geneve-intree_depends:= +kmod-openvswitch-intree +kmod-geneve
 ovs_kmod_openvswitch-geneve-intree_files:= $(ovs_kmod_intree_dir)/vport-geneve.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-geneve-intree))
 ovs_kmod_openvswitch-stt-intree_title:=Open vSwitch STT tunneling support (in tree)
 ovs_kmod_openvswitch-stt-intree_depends:= +kmod-openvswitch-intree
 ovs_kmod_openvswitch-stt-intree_files:= $(ovs_kmod_intree_dir)/vport-stt.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-stt-intree))
 ovs_kmod_openvswitch-lisp-intree_title:=Open vSwitch LISP tunneling support (in tree)
 ovs_kmod_openvswitch-lisp-intree_depends:= +kmod-openvswitch-intree
 ovs_kmod_openvswitch-lisp-intree_files:= $(ovs_kmod_intree_dir)/vport-lisp.ko
 $(eval $(call OvsKmodPackageTemplate,openvswitch-lisp-intree))
 # Dependency review
 #
 #	for f in sbin/*;   do echo $f; readelf -d $f | grep -i shared; done
 #	for f in bin/*;    do echo $f; readelf -d $f | grep -i shared; done
 #	for f in lib/*.so; do echo $f; readelf -d $f | grep -i shared; done
 #
 ovs_libopenvswitch_title:=Open vSwitch (libopenvswitch.so)
 ovs_libopenvswitch_hidden:=1
 ovs_libopenvswitch_depends:=+libopenssl +!(arc||arceb):libunwind
 ovs_libopenvswitch_depends+=+libatomic
 ifeq ($(CONFIG_OPENVSWITCH_WITH_LIBUNBOUND),y)
 ovs_libopenvswitch_depends+=+libunbound
 endif
 ovs_libopenvswitch_files:=usr/lib/libopenvswitch*.so*
 $(eval $(call OvsPackageTemplate,libopenvswitch))
 ovs_libofproto_title:=Open vSwitch (libofproto.so libsflow.so)
 ovs_libofproto_hidden:=1
 ovs_libofproto_depends+=+libatomic
 ovs_libofproto_files:=usr/lib/libofproto*.so* usr/lib/libsflow*.so*
 $(eval $(call OvsPackageTemplate,libofproto))
 ovs_libovsdb_title:=Open vSwitch (libovsdb.so)
 ovs_libovsdb_hidden:=1
 ovs_libovsdb_depends+=+libatomic
 ovs_libovsdb_files:=usr/lib/libovsdb*.so*
 $(eval $(call OvsPackageTemplate,libovsdb))
 ovs_vswitchd_title:=Open vSwitch (ovs-vswitchd)
 ovs_vswitchd_hidden:=1
 ovs_vswitchd_depends:=+openvswitch-libopenvswitch +openvswitch-libofproto
 ovs_vswitchd_depends+=+libatomic
 ovs_vswitchd_files:=usr/sbin/ovs-vswitchd
 $(eval $(call OvsPackageTemplate,vswitchd))
 ovs_ovsdb_title:=Open vSwitch (ovsdb-server)
 ovs_ovsdb_hidden:=1
 ovs_ovsdb_depends:=+openvswitch-libopenvswitch +openvswitch-libovsdb
 ovs_ovsdb_depends+=+libatomic
 ovs_ovsdb_files:=usr/sbin/ovsdb-server
 $(eval $(call OvsPackageTemplate,ovsdb))
 ovs_common_title:=Open vSwitch (common files)
 ovs_common_hidden:=1
 ovs_common_depends:=+openvswitch-libopenvswitch +openvswitch-libofproto +openvswitch-libovsdb
 ovs_common_depends+=+libatomic
 ovs_common_files:= \
 	usr/share/openvswitch/scripts/ovs-lib \
 	usr/share/openvswitch/scripts/ovs-ctl \
 	usr/share/openvswitch/scripts/ovs-kmod-ctl \
 	usr/share/openvswitch/scripts/ovs-save \
 	$(foreach b,ovs-appctl ovs-dpctl ovs-ofctl ovs-vsctl ovsdb-client ovsdb-tool,usr/bin/$(b))
 define ovs_common_install
 	$$(INSTALL_DIR) $$(1)/etc/openvswitch
 	$$(INSTALL_DIR) $$(1)/etc/init.d
 	$$(INSTALL_BIN) ./files/openvswitch.init $$(1)/etc/init.d/openvswitch
 	$$(INSTALL_DIR) $$(1)/etc/config
 	$$(INSTALL_DATA) ./files/openvswitch.config $$(1)/etc/config/openvswitch
 	$$(INSTALL_DIR) $$(1)/usr/share/openvswitch/scripts
 	$$(INSTALL_BIN) ./files/ovs-ctl-wrapper $$(1)/usr/share/openvswitch/scripts/
 	$$(LN) /usr/share/openvswitch/scripts/ovs-ctl-wrapper $$(1)/usr/bin/ovs-ctl
 	$$(LN) /usr/share/openvswitch/scripts/ovs-ctl-wrapper $$(1)/usr/bin/ovs-kmod-ctl
 endef
 define Package/openvswitch-common/conffiles
 /etc/config/openvswitch
 /etc/openvswitch
 endef
 $(eval $(call OvsPackageTemplate,common))
 # coreutils-sleep is required by ovs-lib for sleeping a fraction of second
 #
 # uuidgen is required for generating system-id
 ovs_openvswitch_title:=Open vSwitch
 ovs_openvswitch_hidden:=
 ovs_openvswitch_depends:=+coreutils +coreutils-sleep +uuidgen \
 	+openvswitch-common +openvswitch-vswitchd +openvswitch-ovsdb +kmod-openvswitch
 ovs_openvswitch_depends+=+libatomic
 ovs_openvswitch_files:= usr/share/openvswitch/vswitch.ovsschema
 $(eval $(call OvsPackageTemplate,openvswitch))
 ovs_python3_title:=Open vSwitch (Python3 library)
 ovs_python3_hidden:=
 ovs_python3_depends:=+PACKAGE_openvswitch-python3:python3 +PACKAGE_openvswitch-python3:python3-six
 define ovs_python3_install
 	$$(INSTALL_DIR) $$(1)$$(PYTHON3_PKG_DIR)
 	$$(CP) $$(PKG_INSTALL_DIR)/usr/share/openvswitch/python/ovs $$(1)$$(PYTHON3_PKG_DIR)
 endef
 $(eval $(call OvsPackageTemplate,python3))
 CONFIGURE_ARGS+= \
 	--enable-ndebug \
 	--enable-shared \
 	--disable-libcapng \
 	--disable-silent-rules \
 CONFIGURE_VARS += \
 	$(if $(CONFIG_OPENVSWITCH_WITH_LIBUNBOUND),,ac_cv_lib_unbound_ub_ctx_create=no) \
 	ovs_cv_flake8=no \
 	ovs_cv_python3=$(PYTHON3) \
 	ovs_cv_python3_host=$(HOST_PYTHON3_BIN) \
 	SPHINXBUILD=none \
 	KARCH=$(LINUX_KARCH) \
 ovs_intree_kmod_configs:=CONFIG_PACKAGE_kmod-openvswitch-intree
 ovs_intree_kmod_enabled:=$(strip $(foreach c,$(ovs_intree_kmod_configs),$($(c))))
 PKG_CONFIG_DEPENDS+=$(ovs_intree_kmod_configs)
 ifneq ($(ovs_intree_kmod_enabled),)
  ifeq ($(ovs_kmod_intree_not_supported),)
    CONFIGURE_ARGS += --with-linux=$(LINUX_DIR)
  else
    $(warning XXX: openvswitch: intree kmods selected but not supported)
  endif
 endif
 TARGET_CFLAGS += -flto -std=gnu99
 MAKE_VARS += PYTHONPATH="$(HOST_PYTHON3PATH)"
 export OVS_KERNEL_MAKE_FLAGS=$(KERNEL_MAKE_FLAGS)
 override CONFIG_AUTOREMOVE=
 $(foreach p,$(ovs_kmod_packages),\
  $(eval $(call KernelPackage,$(p)))\
 )
 $(foreach p,$(ovs_packages),\
  $(eval $(call BuildPackage,$(p)))\
 )
--- a/feeds/openflow/openvswitch/README.md
+++ b/feeds/openflow/openvswitch/README.md
@@ -1,106 +0,0 @@
 # Which packages to install
 Install `openvswitch` if you need OpenFlow virtual switch function.  It
 contains ovs-vswitchd, ovsdb-server and helper utilities such as ovs-vsctl,
 ovs-ofctl, ovs-ctl etc.
 Linux kernel datapath module openvswitch.ko will also be installed along with
 package `openvswitch`.  Tunnel encap support for gre, geneve, vxlan can be
 included by installing `kmod-openvswitch-{gre,geneve,vxlan}` respectively
 For OVN deployment
 - Install `openvswitch-ovn-north` for ovs-northd, ovsdb-server, ovn helper utitlies
 - Install `openvswitch-ovn-host` for ovn-controller and `openvswitch`
 # How to use them
 Open vSwitch provides a few very useful helper script in
 `/usr/share/openvswitch/scripts/`.  A simple initscript is provided.  It's
 mainly a wrapper around `ovs-ctl` and `ovn-ctl` with simple knobs from
 `/etc/config/openvswitch`.  Procd is not used here.
 	/etc/init.d/openvswitch start
 	/etc/init.d/openvswitch stop
 	/etc/init.d/openvswitch stop north
 	/etc/init.d/openvswitch restart ovs
 	/etc/init.d/openvswitch status
 Use `ovs-ctl` and `ovn-ctl` directly for more functionalities
 # Open vSwitch in-tree Linux datapath modules
 The Open vSwitch build system uses regexp and conditional-compilation
 heuristics to support building the shipped kernel module source code against a
 wide range of kernels, as of openvswitch-2.10, the list is supposed to include
 vanilla linux 3.10 to 4.15, plus a few distro kernels.
 It may NOT work
 - Sometimes the code does not compile
 - Sometimes the code compiles but insmod will fail
 - Sometimes modules are loaded okay but actually does not function right
 For these reasons, the in-tree datapath modules are NOT visible/enabled by
 default.
 Building and using in-tree datapath modules requires some level of devel
 abilities to proceed.  You are expected to configure build options and build
 the code on your own
 E.g. pair openvswitch userspace with in-tree datapath module
 	CONFIG_DEVEL=y
 	CONFIG_PACKAGE_openvswitch=y
 	# CONFIG_PACKAGE_kmod-openvswitch is not set
 	CONFIG_PACKAGE_kmod-openvswitch-intree=y
 E.g. replace in-tree datapath module with upstream version
 	opkg remove --force-depends kmod-openvswitch-intree
 	opkg install kmod-openvswitch
 	ovs-ctl force-reload-kmod
 # UCI configuration options
 There are 5 config section types in package openvswitch:
 ovs ovn_northd, ovn_controller & ovs_bridge.
 Each of these supports a disabled option, which should be 
 set to 0 to launch the respective daemons.
 The ovs section section also supports the options below, to configure a set of
 SSL CA, certificate and private key. After adding these to Open vSwitch, you
 may specify ssl: connection methods for e.g. the OpenFlow controller. Note that
 Open vSwitch only reads these files during startup, so it needs to be restarted
 after adding or changing these options.
 | Name     | Type    | Required | Default | Description                       |
 |----------|---------|----------|---------|-----------------------------------|
 | disabled | boolean | no       | 0       | If set to 1, do not configure SSL |
 | ca       | string  | no       | (none)  | Path to CA certificate            |
 | cert     | string  | no       | (none)  | Path to certificate               |
 | key      | string  | no       | (none)  | Path to private key               |
 The ovs_bridge section also supports the options below,
 for initialising a virtual bridge with an OpenFlow controller.
 | Name          | Type    | Required | Default                        | Description                                                |
 |---------------|---------|----------|--------------------------------|------------------------------------------------------------|
 | disabled      | boolean | no       | 0                              | If set to true, disable initialisation of the named bridge |
 | name          | string  | no       | Inherits UCI config block name | The name of the switch in the OVS daemon                   |
 | controller    | string  | no       | (none)                         | The endpoint of an OpenFlow controller for this bridge     |
 | datapath_id   | string  | no       | (none)                         | The OpenFlow datapath ID for this bridge                   |
 | datapath_desc | string  | no       | (none)                         | The OpenFlow datapath description for this bridge          |
 | fail_mode     | string  | no       | standalone                     | The bridge failure mode                                    |
 The ovs_port section can be used to add ports to a bridge. It supports the options below.
 | Name     | Type    | Required | Default | Description
 | ---------|---------|----------|---------|------------------------------------------------|
 | disabled | boolean | no       | 0       | If set to 1, do not add the port to the bridge |
 | bridge   | string  | yes      | (none)  | Name of the bridge to add the port to          |
 | port     | string  | yes      | (none)  | Name of the port to add to the bridge          |
 | ofport   | integer | no       | (none)  | OpenFlow port number to be used by the port    |
 | tag      | integer | no       | (none)  | 802.1Q VLAN tag to set on the port             |
 | type     | string  | no       | (none)  | Port type, e.g. internal, erspan, type, ...    |
--- a/feeds/openflow/openvswitch/files/openvswitch.config
+++ b/feeds/openflow/openvswitch/files/openvswitch.config
@@ -1,27 +0,0 @@
 config ovs ovs
 	option disabled 1
 	option ca '/etc/openvswitch/example_ca.crt'
 	option cert '/etc/openvswitch/example_cert.crt'
 	option key '/etc/openvswitch/example_key.crt'
 config ovn_northd north
 	option disabled 1
 config ovn_controller controller
 	option disabled 1
 config ovs_bridge
 	option disabled 1
 	option name 'my-bridge'
 	option controller 'tcp:192.168.0.1'
 	option datapath_desc ''
 	option datapath_id ''
 	option fail_mode 'standalone'
 config ovs_port
 	option disabled 1
 	option bridge 'my-bridge'
 	option port 'ovs-port1'
 	option ofport '1'
 	option tag '123'
 	option type 'internal'
--- a/feeds/openflow/openvswitch/files/openvswitch.init
+++ b/feeds/openflow/openvswitch/files/openvswitch.init
@@ -1,281 +0,0 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2013 Julius Schulz-Zander <julius@net.t-labs.tu-berlin.de>
 # Copyright (C) 2014-2017 OpenWrt.org
 # Copyright (C) 2018 Yousong Zhou <yszhou4tech@gmail.com>
 # Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
 . /lib/functions/procd.sh
 START=15
 basescript=$(readlink "$initscript")
 ovs_ctl="/usr/share/openvswitch/scripts/ovs-ctl"; [ -x "$ovs_ctl" ] || ovs_ctl=:
 ovn_ctl="/usr/share/ovn/scripts/ovn-ctl"; [ -x "$ovn_ctl" ] || ovn_ctl=:
 extra_command "status" "Get status information"
 service_triggers() {
 	procd_add_reload_trigger openvswitch
 }
 init_triggers() {
 	procd_open_service "$(basename ${basescript:-$initscript})" "$initscript"
 	procd_close_service set
 }
 start() {
 	init_triggers
 	ovs_action start "$@"
 }
 reload() {
 	start
 }
 running() {
 	return 0
 }
 stop() {
 	procd_kill "$(basename ${basescript:-$initscript})"
 	ovs_action stop "$@"
 }
 restart() {
 	init_triggers
 	ovs_action restart "$@"
 }
 status() {
 	ovs_action status "$@"
 }
 ovs_action_cfgs=
 ovs_action() {
 	local action="$1"; shift
 	local cfgtype
 	ovs_action_cfgs="$*"
 	config_load openvswitch
 	for cfgtype in ovs ovn_northd ovn_controller; do
 		config_foreach "ovs_xx" "$cfgtype" "$action" "$cfgtype"
 	done
 	case "$action" in
 		restart|start)
 			config_foreach ovs_bridge_init "ovs_bridge"
 			;;
 	esac
 }
 ovs_xx() {
 	local cfg="$1"
 	local action="$2"
 	local cfgtype="$3"
 	local disabled
 	if [ -n "$ovs_action_cfgs" ] && ! list_contains "ovs_action_cfgs" "$cfg"; then
 		return
 	fi
 	case "$action" in
 		status|stop) ;;
 		*)
 			config_get_bool disabled "$cfg" disabled 0
 			[ "$disabled" == "0" ] || return
 			;;
 	esac
 	case "$cfgtype" in
 		ovs)
 			"$ovs_ctl" "$action" \
 				--system-id=random 1000>&-
 			ovs_set_ssl
 			;;
 		ovn_*)
 			"$ovn_ctl" "${action}_${cfgtype#ovn_}"
 			;;
 	esac
 }
 ovs_bridge_parse_port() {
 	case "$1" in
 		*:*)
 			port="${1%%:*}"
 			type="${1#*:}"
 		;;
 		*)
 			port="$1"
 			type=""
 		;;
 	esac
 }
 ovs_bridge_port_add() {
 	[ -n "$1" ] || return
 	ovs_bridge_parse_port "$1"
 	cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"
 	[ "$?" = 0 ] && {
 		[ "$type" = "$cur_type" ] || ovs-vsctl del-port "$port"
 	}
 	ovs-vsctl --may-exist add-port "$name" "$port" ${type:+ -- set interface "$port" type="$type"}
 	ovs_bridge_port_up "$port"
 	__port_list="$__port_list ${port} "
 }
 ovs_bridge_port_add_complex() {
 	local cfg="$1"
 	local cur_bridge="$2"
 	local bridge disabled ofport port tag type
 	local cur_tag cur_type del_port
 	config_get_bool disabled "$cfg" disabled 0
 	[ "$disabled" = "0" ] || return
 	config_get bridge "$cfg" bridge
 	[ "$bridge" = "$cur_bridge" ] || return
 	ovs-vsctl br-exists "$bridge" || return
 	config_get port "$cfg" port
 	[ -n "$port" ] || return
 	config_get ofport "$cfg" ofport
 	config_get tag "$cfg" tag
 	if [ -n "$tag" ]; then
 		if cur_tag="$(ovs-vsctl get port "$port" tag 2>/dev/null)"; then
 			[ "$tag" = "$cur_tag" ] || del_port=1
 		fi
 	fi
 	config_get type "$cfg" type
 	if [ -n "$type" ]; then
 		if cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"; then
 			[ "$type" = "$cur_type" ] || del_port=1
 		fi
 	fi
 	[ "${del_port:-0}" -eq 1 ] && ovs-vsctl --if-exists del-port "$bridge" "$port"
 	ovs-vsctl --may-exist add-port "$bridge" "$port" ${tag:+tag="$tag"} \
 		${ofport:+ -- set interface "$port" ofport_request="$ofport"} \
 		${type:+ -- set interface "$port" type="$type"}
 	ovs_bridge_port_up "$port"
 	__port_list="$__port_list ${port} "
 }
 ovs_bridge_port_cleanup() {
 	for port in `ovs-vsctl list-ports "$name"`; do
 		case "$__port_list" in
 			*" $port "*);;
 			*) ovs-vsctl del-port "$port";;
 		esac
 	done
 }
 ovs_bridge_port_up() {
 	local port="$1"
 	ip link set dev "$port" up
 }
 ovs_bridge_validate_datapath_id() {
 	local dpid="$1"
 	if expr "$dpid" : '[[:xdigit:]]\{16\}$' > /dev/null; then
 		return 0
 	elif expr "$dpid" : '0x[[:xdigit:]]\{1,16\}$' > /dev/null; then
 		return 0
 	else
 		logger -t openvswitch "invalid datapath_id: $dpid"
 		return 1
 	fi
 }
 ovs_bridge_validate_datapath_desc() {
 	local dpdesc="$1"
 	if [ "$(echo $dpdesc | wc -c)" -le 255 ]; then
 		return 0
 	else
 		logger -t openvswitch "invalid datapath_desc: $dpdesc"
 		return 1
 	fi
 }
 ovs_bridge_validate_fail_mode() {
 	local fail_mode="$1"
 	case "$fail_mode" in
 		secure|standalone)
 			return 0
 			;;
 		*)
 			logger -t openvswitch "invalid fail_mode: $fail_mode"
 			return 1
 			;;
 	esac
 }
 ovs_bridge_init() {
 	local cfg="$1"
 	local disabled
 	local name
 	local controller
 	local datapath_id
 	config_get_bool disabled "$cfg" disabled 0
 	[ "$disabled" == "0" ] || return
 	config_get name "$cfg" name $cfg
 	ovs-vsctl --may-exist add-br "$name"
 	config_get datapath_id "$cfg" datapath_id
 	[ -n "$datapath_id" ] && {
 		ovs_bridge_validate_datapath_id "$datapath_id" && {
 			ovs-vsctl --if-exists set bridge "$name" other-config:datapath-id="$datapath_id"
 		}
 	}
 	config_get datapath_desc "$cfg" datapath_desc
 	[ -n "$datapath_desc" ] && {
 		ovs_bridge_validate_datapath_desc "$datapath_desc" && {
 			ovs-vsctl --if-exists set bridge "$name" other-config:dp-desc="$datapath_desc"
 		}
 	}
 	config_get fail_mode "$cfg" fail_mode
 	[ -n "$fail_mode" ] && {
 		ovs_bridge_validate_fail_mode "$fail_mode" && {
 			ovs-vsctl set-fail-mode "$name" "$fail_mode" 2> /dev/null
 		} || {
 			ovs-vsctl del-fail-mode "$name" 2> /dev/null
 		}
 	} || {
 		ovs-vsctl del-fail-mode "$name" 2> /dev/null
 	}
 	config_list_foreach "$cfg" "ports" ovs_bridge_port_add
 	config_foreach ovs_bridge_port_add_complex ovs_port "$name"
 	config_get_bool drop "$cfg" "drop_unknown_ports" 0
 	[ "$drop" == 1 ] && ovs_bridge_port_cleanup
 	config_get controller "$cfg" controller
 	[ -n "$controller" ] && \
 		ovs-vsctl set-controller "$name" "$controller"
 }
 ovs_set_ssl() {
 	local ca="$(uci -q get openvswitch.ovs.ca)"
 	[ -f "$ca" ] || return
 	local cert="$(uci get openvswitch.ovs.cert)"
 	[ -f "$cert" ] || return
 	local key="$(uci get openvswitch.ovs.key)"
 	[ -f "$key" ] || return
 	ovs-vsctl set-ssl "$key" "$cert" "$ca"
 }
--- a/feeds/openflow/openvswitch/files/ovs-ctl-wrapper
+++ b/feeds/openflow/openvswitch/files/ovs-ctl-wrapper
@@ -1,9 +0,0 @@
 #!/bin/sh
 s=/usr/share/openvswitch/scripts
 case "$0" in
 	*ovs-ctl) "$s/ovs-ctl" "$@" ;;
 	*ovs-kmod-ctl) "$s/ovs-kmod-ctl" "$@" ;;
 	*ovn-ctl) "/usr/share/ovn/scripts/ovn-ctl" "$@" ;;
 	*) exit 1;;
 esac
--- a/feeds/openflow/openvswitch/openvswitch.mk
+++ b/feeds/openflow/openvswitch/openvswitch.mk
@@ -1,36 +0,0 @@
 # Copyright (C) 2020 Yousong Zhou <yszhou4tech@gmail.com>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 # Versions
 ovs_version:=2.15.1
 ovs_builddir=$(KERNEL_BUILD_DIR)/openvswitch-$(ovs_version)
 # Shared vars, macros
 ovs_packages:=
 ovs_package_name=$(if $(filter openvswitch,$(1)),openvswitch,openvswitch-$(1))
 define OvsPackageTemplate
  define Package/$(call ovs_package_name,$(1))
     SECTION:=net
     SUBMENU:=Open vSwitch
     CATEGORY:=Network
     URL:=https://www.openvswitch.org
     TITLE:=$(ovs_$(1)_title)
     HIDDEN:=$(ovs_$(1)_hidden)
     DEPENDS:=$(ovs_$(1)_depends)
  endef
  define Package/$(call ovs_package_name,$(1))/install
 	$(foreach f,$(ovs_$(1)_files),
 		$(INSTALL_DIR) $$(1)/$(dir $(f))
 		$(CP) $(PKG_INSTALL_DIR)/$(f) $$(1)/$(dir $(f))
 	)
 	$(ovs_$(1)_install)
  endef
  ovs_packages+=$(call ovs_package_name,$(1))
 endef
--- a/feeds/openflow/openvswitch/patches/0001-netdev-linux-Let-interface-flag-survive-internal-por.patch
+++ b/feeds/openflow/openvswitch/patches/0001-netdev-linux-Let-interface-flag-survive-internal-por.patch
@@ -1,35 +0,0 @@
 From 974dc36a87274d7bae13e7dddd3364fecf5b3e7c Mon Sep 17 00:00:00 2001
 From: Helmut Schaa <helmut.schaa@googlemail.com>
 Date: Wed, 8 Jan 2014 13:48:49 +0100
 Subject: [PATCH] netdev-linux: Let interface flag survive internal port setup
 Due to a race condition when bringing up an internal port on Linux
 some interface flags (e.g. IFF_MULTICAST) are falsely reset. This
 happens because netlink events may be processed after the according
 netdev has been brought up (which sets interface flags).
 Fix this by reading the interface flags just before updating them
 if they have not been updated by from the kernel yet.
 Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
 ---
 lib/netdev-linux.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 --- a/lib/netdev-linux.c
 +++ b/lib/netdev-linux.c
@@ -3469,7 +3469,13 @@ update_flags(struct netdev_linux *netdev
     unsigned int old_flags, new_flags;
     int error = 0;
 -    old_flags = netdev->ifi_flags;
 +    if (!(netdev->cache_valid & VALID_DRVINFO)) {
 +        /* Most likely the debvice flags are not in sync yet, fetch them now */
 +        get_flags(&netdev->up, &old_flags);
 +    } else {
 +        old_flags = netdev->ifi_flags;
 +    }
 +
     *old_flagsp = iff_to_nd_flags(old_flags);
     new_flags = (old_flags & ~nd_to_iff_flags(off)) | nd_to_iff_flags(on);
     if (new_flags != old_flags) {
--- a/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch
+++ b/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch
@@ -1,33 +0,0 @@
 From 54484e79aca0981ebc42ddc68487e6531da9b59d Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Fri, 20 Mar 2020 15:11:31 +0800
 Subject: [PATCH] python: separate host/target python for cross-compile
 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 Makefile.am       | 2 +-
 m4/openvswitch.m4 | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -60,7 +60,7 @@ endif
 # foo/__init__.pyc will cause Python to ignore foo.py.
 run_python = \
 	PYTHONPATH=$(top_srcdir)/python$(psep)$$PYTHONPATH \
 -	PYTHONDONTWRITEBYTECODE=yes $(PYTHON3)
 +	PYTHONDONTWRITEBYTECODE=yes $(PYTHON3_HOST)
 ALL_LOCAL =
 BUILT_SOURCES =
 --- a/m4/openvswitch.m4
 +++ b/m4/openvswitch.m4
@@ -372,6 +372,8 @@ else:
      AC_MSG_ERROR([Python 3.4 or later is required but not found in $PATH, please install it or set $PYTHON3 to point to it])
    fi
    AC_ARG_VAR([PYTHON3])
 +   PYTHON3_HOST=$ovs_cv_python3_host
 +   AM_MISSING_PROG([PYTHON3_HOST], [python3])
    PYTHON3=$ovs_cv_python3])
 dnl Checks for flake8.
--- a/feeds/openflow/openvswitch/patches/0003-ovs-lib-fix-install_dir.patch
+++ b/feeds/openflow/openvswitch/patches/0003-ovs-lib-fix-install_dir.patch
@@ -1,26 +0,0 @@
 From 444991b95ed25d58c3cd1646fa823620380b6ce6 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 14 Mar 2018 16:44:13 +0800
 Subject: [PATCH] ovs-lib: fix install_dir()
 The command "install" is not available in OpenWrt by default
 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 utilities/ovs-lib.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 --- a/utilities/ovs-lib.in
 +++ b/utilities/ovs-lib.in
@@ -159,7 +159,10 @@ install_dir () {
     [ "${OVS_USER##*:}" != "" ] && INSTALL_GROUP="${OVS_USER##*:}"
     if test ! -d "$DIR"; then
 -        install -d -m "$INSTALL_MODE" -o "$INSTALL_USER" -g "$INSTALL_GROUP" "$DIR"
 +        mkdir -p "$DIR"
 +        chmod "$INSTALL_MODE" "$DIR"
 +        chown "$INSTALL_USER" "$DIR"
 +        chgrp "$INSTALL_GROUP" "$DIR"
         restorecon "$DIR" >/dev/null 2>&1
     fi
 }
--- a/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch
+++ b/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch
@@ -1,25 +0,0 @@
 From 31514742de07d595ac23c2b0abf0e092f8b26140 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <zhouyousong@yunionyun.com>
 Date: Tue, 21 Aug 2018 13:02:21 +0000
 Subject: [PATCH] build: trim build
 Signed-off-by: Yousong Zhou <zhouyousong@yunionyun.com>
 ---
 Makefile.am | 2 --
 1 file changed, 2 deletions(-)
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -477,12 +477,10 @@ dist-docs:
 	VERSION=$(VERSION) MAKE='$(MAKE)' $(srcdir)/build-aux/dist-docs $(srcdir) $(docs)
 .PHONY: dist-docs
 -include Documentation/automake.mk
 include m4/automake.mk
 include lib/automake.mk
 include ofproto/automake.mk
 include utilities/automake.mk
 -include tests/automake.mk
 include include/automake.mk
 include third-party/automake.mk
 include debian/automake.mk
--- a/feeds/openflow/openvswitch/patches/0006-datapath-allow-passing-additional-OVS_KERNEL_MAKE_FL.patch
+++ b/feeds/openflow/openvswitch/patches/0006-datapath-allow-passing-additional-OVS_KERNEL_MAKE_FL.patch
@@ -1,23 +0,0 @@
 From 1df5a0eaf78e93e21d21f1438afbe5fa8a37ea61 Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Tue, 26 May 2020 22:45:53 +0800
 Subject: [PATCH] datapath: allow passing additional $(OVS_KERNEL_MAKE_FLAGS)
 This can be useful for passing args like -iremap for reproducible builds
 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 datapath/linux/Makefile.main.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 --- a/datapath/linux/Makefile.main.in
 +++ b/datapath/linux/Makefile.main.in
@@ -68,7 +68,7 @@ ifeq (,$(wildcard $(CONFIG_FILE)))
 endif
 default:
 -	$(MAKE) -C $(KSRC) $(if @KARCH@,ARCH=@KARCH@) M=$(builddir) modules
 +	$(MAKE) -C $(KSRC) $(OVS_KERNEL_MAKE_FLAGS) $(if @KARCH@,ARCH=@KARCH@) M=$(builddir) modules
 modules_install:
 	$(MAKE) -C $(KSRC) $(if @KARCH@,ARCH=@KARCH@) M=$(builddir) modules_install
--- a/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch
+++ b/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch
@@ -1,54 +0,0 @@
 From e81ccb671014db62bf622cd8f960d7930d27d9dc Mon Sep 17 00:00:00 2001
 From: Yousong Zhou <yszhou4tech@gmail.com>
 Date: Wed, 29 Jul 2020 17:29:14 +0800
 Subject: [PATCH] build: only link libopenvswitch with libunwind, libunbound
 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 ---
 lib/automake.mk          | 2 ++
 lib/libopenvswitch.pc.in | 2 +-
 m4/openvswitch.m4        | 6 ++++--
 3 files changed, 7 insertions(+), 3 deletions(-)
 --- a/lib/automake.mk
 +++ b/lib/automake.mk
@@ -10,6 +10,8 @@ lib_LTLIBRARIES += lib/libopenvswitch.la
 lib_libopenvswitch_la_LIBADD = $(SSL_LIBS)
 lib_libopenvswitch_la_LIBADD += $(CAPNG_LDADD)
 lib_libopenvswitch_la_LIBADD += $(LIBBPF_LDADD)
 +lib_libopenvswitch_la_LIBADD += $(LIBUNBOUND_LDADD)
 +lib_libopenvswitch_la_LIBADD += $(LIBUNWIND_LDADD)
 if WIN32
 --- a/lib/libopenvswitch.pc.in
 +++ b/lib/libopenvswitch.pc.in
@@ -7,5 +7,5 @@ Name: libopenvswitch
 Description: Open vSwitch library
 Version: @VERSION@
 Libs: -L${libdir} -lopenvswitch
 -Libs.private: @LIBS@
 +Libs.private: @LIBS@ @SSL_LIBS@ @CAPNG_LDADD@ @LIBBPF_LDADD@ @LIBUNBOUND_LDADD@ @LIBUNWIND_LDADD@
 Cflags: -I${includedir}/openvswitch
 --- a/m4/openvswitch.m4
 +++ b/m4/openvswitch.m4
@@ -646,7 +646,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND],
   [AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes], [HAVE_UNBOUND=no])
    if test "$HAVE_UNBOUND" = yes; then
      AC_DEFINE([HAVE_UNBOUND], [1], [Define to 1 if unbound is detected.])
 -     LIBS="$LIBS -lunbound"
 +     LIBUNBOUND_LDADD="-lunbound"
 +     AC_SUBST(LIBUNBOUND_LDADD)
    fi
    AM_CONDITIONAL([HAVE_UNBOUND], [test "$HAVE_UNBOUND" = yes])
    AC_SUBST([HAVE_UNBOUND])])
@@ -658,7 +659,8 @@ AC_DEFUN([OVS_CHECK_UNWIND],
    [HAVE_UNWIND=no])
    if test "$HAVE_UNWIND" = yes; then
      AC_DEFINE([HAVE_UNWIND], [1], [Define to 1 if unwind is detected.])
 -     LIBS="$LIBS -lunwind"
 +     LIBUNWIND_LDADD="-lunwind"
 +     AC_SUBST(LIBUNWIND_LDADD)
    fi
    AM_CONDITIONAL([HAVE_UNWIND], [test "$HAVE_UNWIND" = yes])
    AC_SUBST([HAVE_UNWIND])])
--- a/feeds/tip/firstcontact/files/usr/share/ucentral/firstcontact.uc
+++ b/feeds/tip/firstcontact/files/usr/share/ucentral/firstcontact.uc
@@ -7,39 +7,8 @@ if (!fd) {
 devid = fd.read("all");
 fd.close();
 ret = system(sprintf('/usr/sbin/firstcontact -i %s', devid));
 if (ret) {
 	warn("firstcontact failed to contact redirector\n");
 	exit(1);
 }
 let redirector = { };
 let fd = fs.open("/etc/ucentral/redirector.json", "r");
 if (fd) {
 	let data = fd.read("all");
 	fd.close();
 	try {
 		redirector = json(data);
 	}
 	catch (e) {
 		warn("firstcontact: Unable to parse JSON data in %s: %s", path, e);
 		exit(1);
 	}
 }
 let config = {};
 for (let r in redirector.fields)
 	if (r.name && r.value)
 		config[r.name] = r.value;
 if (!config.Redirector) {
 	warn("Reply is missing Redirector field\n");
 	exit(1);
 }
 function store_config(path) {
 	let cursor = uci.cursor(path);
 	let redir = split(config.Redirector, ":");
@@ -50,6 +19,44 @@ function store_config(path) {
 	cursor.commit();
 }
 ret = system(sprintf('/usr/sbin/firstcontact -i %s', devid));
 if (ret) {
 	warn("firstcontact failed to contact redirector, check DHCP option\n");
 	let fd = fs.open("/tmp/capwap/dhcp_opt.txt", "r");
 	if (!fd) {
 		warn("No redirector found\n");
 		exit(1);
 	} else {
 		config.Redirector = fd.read("all");
 		fd.close();
 	}
 } else {
 	let redirector = { };
 	let fd = fs.open("/etc/ucentral/redirector.json", "r");
 	if (fd) {
 		let data = fd.read("all");
 		fd.close();
 		try {
 			redirector = json(data);
 		}
 		catch (e) {
 			warn("firstcontact: Unable to parse JSON data in %s: %s", path, e);
 			exit(1);
 		}
 	}
 	for (let r in redirector.fields)
 		if (r.name && r.value)
 			config[r.name] = r.value;
 	if (!config.Redirector) {
 		warn("Reply is missing Redirector field\n");
 		exit(1);
 	}
 }
 store_config();
 store_config("/etc/config-shadow/");
--- a/feeds/ucentral/dynamic-vlan/Makefile
+++ b/feeds/ucentral/dynamic-vlan/Makefile
@@ -4,10 +4,10 @@ PKG_NAME:=dynamic-vlan
 PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/dynamic-vlan.git
-PKG_MIRROR_HASH:=448890cdf182bd1b47edffca242e607594d0d17f6f5017a6fd021aab79f3c351
+PKG_MIRROR_HASH:=2129d5e4b397afad76825a042dab6fb57c63e57c686d354f3d0d77a5754ab760
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-06-04
-PKG_SOURCE_VERSION:=55d78d3e7215b601084980d922349bcfdcf9cf20
+PKG_SOURCE_VERSION:=7202189d1b710c52f8ddc3c7040821708c3f438b
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause
--- a/feeds/ucentral/dynamic-vlan/files/dynamic-vlan
+++ b/feeds/ucentral/dynamic-vlan/files/dynamic-vlan
@@ -7,8 +7,12 @@ PROG=/usr/sbin/dynamic-vlan
 start_service() {
 	wan=$(cat /etc/board.json | jsonfilter -e '@.network.wan.device')
 	[ -z "$wan" ] && eval $(jsonfilter -i /etc/board.json -e 'wan=@.network.wan.ports.*')
 	procd_open_instance
-	procd_set_param command "$PROG" $wan
+	procd_set_param command "$PROG"
 	for w in $wan; do
 		procd_append_param command $w
 	done
 	procd_set_param respawn
 	procd_close_instance
 }
--- a/feeds/ucentral/ieee8021x/Makefile
+++ b/feeds/ucentral/ieee8021x/Makefile
@@ -7,10 +7,10 @@ PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_SOURCE_URL=https://github.com/blogic/ieee8021x.git
-PKG_MIRROR_HASH:=7e14e320714b4759f5c393f90165a69d133633612b57d408b3ab6535710bf53c
+PKG_MIRROR_HASH:=5a47c355366fb7cfaa0d622c4ea1fa6a867b0fb30e624343727d5f8722c79f7b
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-04-12
-PKG_SOURCE_VERSION:=c1f36559dc0ed2deeac0531a3d5854f1955ae928
+PKG_SOURCE_VERSION:=c526967cbc14ba5528c817d5f6115156c2da94b9
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
--- a/feeds/ucentral/qosify/Makefile
+++ b/feeds/ucentral/qosify/Makefile
@@ -11,9 +11,9 @@ include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=qosify
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/qosify.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-03-06
+PKG_SOURCE_DATE:=2022-09-26
-PKG_SOURCE_VERSION:=f13b67c9a786567df240a8f3f608e2724ddaadba
+PKG_SOURCE_VERSION:=9c625ae96f2d204f7417d6c9b7092b9e4ac653a8
-PKG_MIRROR_HASH:=3d8629e711e46a6be79a46a6394165fd1761687f24b8ed954dc4f16f177cd90f
+PKG_MIRROR_HASH:=f7cd52b6749d0dc81d6d710ee5f85597a3ff084a78e2622336c16dc138fdc854
 PKG_RELEASE:=$(AUTORELEASE)
 PKG_LICENSE:=GPL-2.0
@@ -31,9 +31,17 @@ define Package/qosify
  SECTION:=utils
  CATEGORY:=Base system
  TITLE:=A simple QoS solution based eBPF + CAKE
-  DEPENDS:=+libbpf +libubox +libubus +kmod-sched-cake +kmod-sched-bpf +kmod-ifb +tc-full $(BPF_DEPENDS)
+  DEPENDS:=+libbpf +libubox +libubus +libnl-tiny +kmod-sched-cake +kmod-sched-bpf +kmod-ifb +tc $(BPF_DEPENDS)
 endef
 TARGET_CFLAGS += \
 	-Wno-error=deprecated-declarations \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
 	-I$(STAGING_DIR)/usr/include
 CMAKE_OPTIONS += \
 	-DLIBNL_LIBS=-lnl-tiny
 define Build/Compile
 	$(call CompileBPF,$(PKG_BUILD_DIR)/qosify-bpf.c)
 	$(Build/Compile/Default)
--- a/feeds/ucentral/radius-gw-proxy/src/main.c
+++ b/feeds/ucentral/radius-gw-proxy/src/main.c
@@ -353,7 +353,7 @@ int main(int argc, char **argv)
 	sock_auth = sock_open("1812", RADIUS_AUTH);
 	sock_acct = sock_open("1813", RADIUS_ACCT);
-	sock_dae = sock_open("1814", RADIUS_DAS);
+	sock_dae = sock_open("3379", RADIUS_DAS);
 	uloop_run();
 	uloop_end();
--- a/feeds/ucentral/ratelimit/files/usr/bin/ratelimit
+++ b/feeds/ucentral/ratelimit/files/usr/bin/ratelimit
@@ -28,15 +28,13 @@ delclient() {
 	local mac=$2
 	local id=$3
-	logger "ratelimit: delete old client entries"
+	logger "ratelimit: delete old client entries $1 $2"
-	[ -z "$id" ] && id=$(get_id ${mac//:})
+	id=$(get_id ${mac//:})
 	TC filter del dev $iface protocol all parent 1: prio 1 u32 match ether dst $mac flowid 1:$id
 	TC class del dev $iface parent 1:1 classid 1:$id
 	TC filter del dev $ifb protocol all parent 1: prio 1 u32 match ether src $mac flowid 1:$id
 	TC class del dev $ifb parent 1:1 classid 1:$id
 }
 ingress=0
@@ -72,7 +70,7 @@ addclient() {
 	local id=$(get_id ${mac//:})
-	logger "ratelimit: add new client entries for $2 $egress $ingress"
+	logger "ratelimit: add new client entries for $1 $2 $egress $ingress"
 	TC class add dev $iface parent 1:1 classid 1:$id htb rate 1mbit ceil ${egress}mbit burst 2k prio 1
 	TC qdisc add dev $iface parent 1:$id handle $id: sfq perturb 10
--- a/feeds/ucentral/spotfilter/Makefile
+++ b/feeds/ucentral/spotfilter/Makefile
@@ -0,0 +1,57 @@
 #
 # Copyright (C) 2021 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=spotfilter
 PKG_VERSION:=1
 PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_BUILD_DEPENDS:=bpf-headers
 PKG_FLAGS:=nonshared
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 include $(INCLUDE_DIR)/bpf.mk
 include $(INCLUDE_DIR)/nls.mk
 define Package/spotfilter
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=Network filter for hotspot services
  DEPENDS:=+libbpf +libubox +libubus +libnl-tiny +kmod-sched-cake +kmod-sched-bpf $(BPF_DEPENDS)
 endef
 TARGET_CFLAGS += \
 	-Wno-error=deprecated-declarations \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
 	-I$(STAGING_DIR)/usr/include -g3
 CMAKE_OPTIONS += \
 	-DLIBNL_LIBS=-lnl-tiny
 define Build/Compile
 	$(call CompileBPF,$(PKG_BUILD_DIR)/spotfilter-bpf.c)
 	$(Build/Compile/Default)
 endef
 define Package/spotfilter/install
 	$(INSTALL_DIR) \
 		$(1)/etc/hotplug.d/net \
 		$(1)/etc/init.d \
 		$(1)/lib/bpf \
 		$(1)/usr/sbin
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/spotfilter-bpf.o $(1)/lib/bpf
 	$(INSTALL_BIN) ./files/spotfilter.init $(1)/etc/init.d/spotfilter
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/spotfilter $(1)/usr/sbin/
 	$(INSTALL_DATA) ./files/spotfilter.hotplug $(1)/etc/hotplug.d/net/10-spotfilter
 endef
 $(eval $(call BuildPackage,spotfilter))
--- a/feeds/ucentral/spotfilter/files/spotfilter.hotplug
+++ b/feeds/ucentral/spotfilter/files/spotfilter.hotplug
@@ -0,0 +1,2 @@
 #!/bin/sh
 ubus call spotfilter check_devices
--- a/feeds/ucentral/spotfilter/files/spotfilter.init
+++ b/feeds/ucentral/spotfilter/files/spotfilter.init
@@ -0,0 +1,23 @@
 #!/bin/sh /etc/rc.common
 # Copyright (c) 2021 OpenWrt.org
 START=18
 USE_PROCD=1
 PROG=/usr/sbin/spotfilter
 reload_service() {
 	ubus call spotfilter interface_add "$(cat /tmp/spotfilter.json)"
 }
 start_service() {
 	procd_open_instance
 	procd_set_param command "$PROG"
 	procd_set_param respawn
 	procd_close_instance
 }
 service_started() {
 	ubus -t 10 wait_for spotfilter
 	[ $? = 0 ] && reload_service
 }
--- a/feeds/ucentral/spotfilter/src/CMakeLists.txt
+++ b/feeds/ucentral/spotfilter/src/CMakeLists.txt
@@ -0,0 +1,24 @@
 cmake_minimum_required(VERSION 3.10)
 PROJECT(spotfilter C)
 ADD_DEFINITIONS(-Os -Wall -Wno-unknown-warning-option -Wno-array-bounds -Wno-format-truncation -Werror --std=gnu99)
 SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
 IF (NOT DEFINED LIBNL_LIBS)
 	include(FindPkgConfig)
 	pkg_search_module(LIBNL libnl-3.0 libnl-3 libnl nl-3 nl)
 	IF (LIBNL_FOUND)
 		include_directories(${LIBNL_INCLUDE_DIRS})
 		SET(LIBNL_LIBS ${LIBNL_LIBRARIES})
 	ENDIF()
 ENDIF()
 find_library(bpf NAMES bpf)
 ADD_EXECUTABLE(spotfilter main.c bpf.c ubus.c rtnl.c interface.c snoop.c client.c dhcpv4.c icmpv6.c nl80211.c)
 TARGET_LINK_LIBRARIES(spotfilter ${bpf} ubox ubus ${LIBNL_LIBS})
 INSTALL(TARGETS spotfilter
 	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
 )
--- a/feeds/ucentral/spotfilter/src/bpf.c
+++ b/feeds/ucentral/spotfilter/src/bpf.c
@@ -0,0 +1,196 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <arpa/inet.h>
 #include <glob.h>
 #include <unistd.h>
 #include "spotfilter.h"
 static int spotfilter_bpf_pr(enum libbpf_print_level level, const char *format,
 		     va_list args)
 {
 	return vfprintf(stderr, format, args);
 }
 static void
 spotfilter_fill_rodata(struct bpf_object *obj, struct spotfilter_bpf_config *val)
 {
 	struct bpf_map *map = NULL;
 	while ((map = bpf_object__next_map(obj, map)) != NULL) {
 		if (!strstr(bpf_map__name(map), ".rodata"))
 			continue;
 		bpf_map__set_initial_value(map, val, sizeof(*val));
 	}
 }
 static void spotfilter_init_env(void)
 {
 	struct rlimit limit = {
 		.rlim_cur = RLIM_INFINITY,
 		.rlim_max = RLIM_INFINITY,
 	};
 	setrlimit(RLIMIT_MEMLOCK, &limit);
 }
 int spotfilter_bpf_load(struct interface *iface)
 {
 	DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts);
 	struct spotfilter_bpf_config config = {
 		.snoop_ifindex = spotfilter_ifb_ifindex
 	};
 	struct bpf_program *prog_i, *prog_e;
 	struct bpf_object *obj;
 	int err;
 	libbpf_set_print(spotfilter_bpf_pr);
 	spotfilter_init_env();
 	obj = bpf_object__open_file(SPOTFILTER_PROG_PATH, &opts);
 	err = libbpf_get_error(obj);
 	if (err) {
 		perror("bpf_object__open_file");
 		return -1;
 	}
 	prog_i = bpf_object__find_program_by_name(obj, "spotfilter_in");
 	if (!prog_i) {
 		fprintf(stderr, "Can't find ingress classifier\n");
 		goto error;
 	}
 	prog_e = bpf_object__find_program_by_name(obj, "spotfilter_out");
 	if (!prog_e) {
 		fprintf(stderr, "Can't find egress classifier\n");
 		goto error;
 	}
 	bpf_program__set_type(prog_i, BPF_PROG_TYPE_SCHED_CLS);
 	bpf_program__set_type(prog_e, BPF_PROG_TYPE_SCHED_CLS);
 	spotfilter_fill_rodata(obj, &config);
 	err = bpf_object__load(obj);
 	if (err) {
 		perror("bpf_object__load");
 		goto error;
 	}
 	iface->bpf.prog_ingress = bpf_program__fd(prog_i);
 	iface->bpf.prog_egress = bpf_program__fd(prog_e);
 	if ((iface->bpf.map_class = bpf_object__find_map_fd_by_name(obj, "class")) < 0 ||
 	    (iface->bpf.map_client = bpf_object__find_map_fd_by_name(obj, "client")) < 0 ||
 	    (iface->bpf.map_whitelist_v4 = bpf_object__find_map_fd_by_name(obj, "whitelist_ipv4")) < 0 ||
 	    (iface->bpf.map_whitelist_v6 = bpf_object__find_map_fd_by_name(obj, "whitelist_ipv6")) < 0) {
 		perror("bpf_object__find_map_fd_by_name");
 		goto error;
 	}
 	iface->bpf.obj = obj;
 	return 0;
 error:
 	bpf_object__close(obj);
 	return -1;
 }
 int spotfilter_bpf_get_client(struct interface *iface,
 			      const struct spotfilter_client_key *key,
 			      struct spotfilter_client_data *data)
 {
 	return bpf_map_lookup_elem(iface->bpf.map_client, key, data);
 }
 int spotfilter_bpf_set_client(struct interface *iface,
 			      const struct spotfilter_client_key *key,
 			      const struct spotfilter_client_data *data)
 {
 	if (!data)
 		return bpf_map_delete_elem(iface->bpf.map_client, key);
 	return bpf_map_update_elem(iface->bpf.map_client, key, data, BPF_ANY);
 }
 static void
 __spotfilter_bpf_set_device(struct interface *iface, int ifindex, bool egress, bool enabled)
 {
 	DECLARE_LIBBPF_OPTS(bpf_tc_hook, hook,
 			    .attach_point = egress ? BPF_TC_EGRESS : BPF_TC_INGRESS,
 			    .ifindex = ifindex);
 	DECLARE_LIBBPF_OPTS(bpf_tc_opts, attach_tc,
 			    .handle = 1,
 			    .priority = SPOTFILTER_PRIO_BASE);
 	if (!enabled) {
 		bpf_tc_detach(&hook, &attach_tc);
 		return;
 	}
 	if (egress)
 		attach_tc.prog_fd = iface->bpf.prog_egress;
 	else
 		attach_tc.prog_fd = iface->bpf.prog_ingress;
 	bpf_tc_hook_create(&hook);
 	bpf_tc_attach(&hook, &attach_tc);
 }
 void spotfilter_bpf_set_device(struct interface *iface, int ifindex, bool enabled)
 {
 	if (enabled)
 		spotfilter_bpf_set_device(iface, ifindex, false);
 	__spotfilter_bpf_set_device(iface, ifindex, true, enabled);
 	__spotfilter_bpf_set_device(iface, ifindex, false, enabled);
 }
 void spotfilter_bpf_update_class(struct interface *iface, uint32_t index)
 {
 	bpf_map_update_elem(iface->bpf.map_class, &index, &iface->cdata[index], BPF_ANY);
 }
 bool spotfilter_bpf_whitelist_seen(struct interface *iface, const void *addr, bool ipv6)
 {
 	int fd = ipv6 ? iface->bpf.map_whitelist_v6 : iface->bpf.map_whitelist_v4;
 	struct spotfilter_whitelist_entry e;
 	bpf_map_lookup_elem(fd, addr, &e);
 	if (!e.seen)
 	    return false;
 	e.seen = 0;
 	bpf_map_update_elem(fd, addr, &e, BPF_ANY);
 	return true;
 }
 void spotfilter_bpf_set_whitelist(struct interface *iface, const void *addr,
 				  bool ipv6, const uint8_t *state)
 {
 	int fd = ipv6 ? iface->bpf.map_whitelist_v6 : iface->bpf.map_whitelist_v4;
 	struct spotfilter_whitelist_entry e = {};
 	if (!state) {
 		bpf_map_delete_elem(fd, addr);
 		return;
 	}
 	e.val = *state;
 	bpf_map_update_elem(fd, addr, &e, BPF_ANY);
 }
 void spotfilter_bpf_free(struct interface *iface)
 {
 	if (!iface->bpf.obj)
 		return;
 	bpf_object__close(iface->bpf.obj);
 	iface->bpf.obj = NULL;
 }
--- a/feeds/ucentral/spotfilter/src/bpf.h
+++ b/feeds/ucentral/spotfilter/src/bpf.h
@@ -0,0 +1,24 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #ifndef __SPOTFILTER_BPF_H
 #define __SPOTFILTER_BPF_H
 struct interface;
 int spotfilter_bpf_load(struct interface *iface);
 void spotfilter_bpf_free(struct interface *iface);
 void spotfilter_bpf_set_device(struct interface *iface, int ifindex, bool enabled);
 void spotfilter_bpf_update_class(struct interface *iface, uint32_t index);
 int spotfilter_bpf_get_client(struct interface *iface,
 			      const struct spotfilter_client_key *key,
 			      struct spotfilter_client_data *data);
 int spotfilter_bpf_set_client(struct interface *iface,
 			      const struct spotfilter_client_key *key,
 			      const struct spotfilter_client_data *data);
 void spotfilter_bpf_set_whitelist(struct interface *iface, const void *addr,
 				  bool ipv6, const uint8_t *state);
 bool spotfilter_bpf_whitelist_seen(struct interface *iface, const void *addr, bool ipv6);
 #endif
--- a/feeds/ucentral/spotfilter/src/bpf_skb_utils.h
+++ b/feeds/ucentral/spotfilter/src/bpf_skb_utils.h
@@ -0,0 +1,173 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #ifndef __BPF_SKB_UTILS_H
 #define __BPF_SKB_UTILS_H
 #include <uapi/linux/bpf.h>
 #include <uapi/linux/if_ether.h>
 #include <uapi/linux/ip.h>
 #include <uapi/linux/ipv6.h>
 #include <linux/ip.h>
 #include <net/ipv6.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_endian.h>
 struct skb_parser_info {
 	struct __sk_buff *skb;
 	__u32 offset;
 	int proto;
 };
 static __always_inline void *__skb_data(struct __sk_buff *skb)
 {
 	return (void *)(long)READ_ONCE(skb->data);
 }
 static __always_inline void *
 skb_ptr(struct __sk_buff *skb, __u32 offset, __u32 len)
 {
 	void *ptr = __skb_data(skb) + offset;
 	void *end = (void *)(long)(skb->data_end);
 	if (ptr + len >= end)
 		return NULL;
 	return ptr;
 }
 static __always_inline void *
 skb_info_ptr(struct skb_parser_info *info, __u32 len)
 {
 	__u32 offset = info->offset;
 	return skb_ptr(info->skb, offset, len);
 }
 static __always_inline void
 skb_parse_init(struct skb_parser_info *info, struct __sk_buff *skb)
 {
 	*info = (struct skb_parser_info){
 		.skb = skb
 	};
 }
 static __always_inline struct ethhdr *
 skb_parse_ethernet(struct skb_parser_info *info)
 {
 	struct ethhdr *eth;
 	int len;
 	len = sizeof(*eth) + 2 * sizeof(struct vlan_hdr) + sizeof(struct ipv6hdr);
 	if (len > info->skb->len)
 		len = info->skb->len;
 	bpf_skb_pull_data(info->skb, len);
 	eth = skb_info_ptr(info, sizeof(*eth));
 	if (!eth)
 		return NULL;
 	info->proto = eth->h_proto;
 	info->offset += sizeof(*eth);
 	return eth;
 }
 static __always_inline struct vlan_hdr *
 skb_parse_vlan(struct skb_parser_info *info)
 {
 	struct vlan_hdr *vlh;
 	if (info->proto != bpf_htons(ETH_P_8021Q) &&
 	    info->proto != bpf_htons(ETH_P_8021AD))
 		return NULL;
 	vlh = skb_info_ptr(info, sizeof(*vlh));
 	if (!vlh)
 		return NULL;
 	info->proto = vlh->h_vlan_encapsulated_proto;
 	info->offset += sizeof(*vlh);
 	return vlh;
 }
 static __always_inline struct iphdr *
 skb_parse_ipv4(struct skb_parser_info *info, int min_l4_bytes)
 {
 	struct iphdr *iph;
 	int proto, hdr_len;
 	__u32 pull_len;
 	if (info->proto != bpf_htons(ETH_P_IP))
 		return NULL;
 	iph = skb_info_ptr(info, sizeof(*iph));
 	if (!iph)
 		return NULL;
 	hdr_len = iph->ihl * 4;
 	if (hdr_len < sizeof(*iph))
 		return NULL;
 	pull_len = info->offset + hdr_len + min_l4_bytes;
 	if (pull_len > info->skb->len)
 		pull_len = info->skb->len;
 	if (bpf_skb_pull_data(info->skb, pull_len))
 		return NULL;
 	iph = skb_info_ptr(info, sizeof(*iph));
 	if (!iph)
 		return NULL;
 	info->proto = iph->protocol;
 	info->offset += hdr_len;
 	return iph;
 }
 static __always_inline struct ipv6hdr *
 skb_parse_ipv6(struct skb_parser_info *info, int max_l4_bytes)
 {
 	struct ipv6hdr *ip6h;
 	__u32 pull_len;
 	if (info->proto != bpf_htons(ETH_P_IPV6))
 		return NULL;
 	pull_len = info->offset + sizeof(*ip6h) + max_l4_bytes;
 	if (pull_len > info->skb->len)
 		pull_len = info->skb->len;
 	if (bpf_skb_pull_data(info->skb, pull_len))
 		return NULL;
 	ip6h = skb_info_ptr(info, sizeof(*ip6h));
 	if (!ip6h)
 		return NULL;
 	info->proto = READ_ONCE(ip6h->nexthdr);
 	info->offset += sizeof(*ip6h);
 	return ip6h;
 }
 static __always_inline struct tcphdr *
 skb_parse_tcp(struct skb_parser_info *info)
 {
 	struct tcphdr *tcph;
 	if (info->proto != IPPROTO_TCP)
 		return NULL;
 	tcph = skb_info_ptr(info, sizeof(*tcph));
 	if (!tcph)
 		return NULL;
 	info->offset += tcph->doff * 4;
 	return tcph;
 }
 #endif
--- a/feeds/ucentral/spotfilter/src/client.c
+++ b/feeds/ucentral/spotfilter/src/client.c
@@ -0,0 +1,203 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include <netinet/if_ether.h>
 #include <libubox/uloop.h>
 #include <libubox/avl-cmp.h>
 #include "spotfilter.h"
 #define CACHE_TIMEOUT 10
 struct cache_entry {
 	struct avl_node node;
 	uint8_t macaddr[ETH_ALEN];
 	uint32_t ip4addr;
 	uint32_t ip6addr[4];
 	uint32_t time;
 };
 static int avl_mac_cmp(const void *k1, const void *k2, void *priv)
 {
 	return memcmp(k1, k2, ETH_ALEN);
 }
 static AVL_TREE(cache, avl_mac_cmp, false, NULL);
 static uint32_t client_gettime(void)
 {
 	struct timespec ts;
 	clock_gettime(CLOCK_MONOTONIC, &ts);
 	return ts.tv_sec;
 }
 static void client_gc(struct uloop_timeout *t)
 {
 	struct cache_entry *c, *tmp;
 	uint32_t now = client_gettime();
 	avl_for_each_element_safe(&cache, c, node, tmp) {
 		uint32_t diff;
 		diff = now - c->time;
 		if (diff < CACHE_TIMEOUT)
 			continue;
 		avl_delete(&cache, &c->node);
 		free(c);
 	}
 	if (!avl_is_empty(&cache))
 		uloop_timeout_set(t, 1000);
 }
 void client_init_interface(struct interface *iface)
 {
 	avl_init(&iface->clients, avl_mac_cmp, false, NULL);
 	avl_init(&iface->client_ids, avl_strcmp, false, NULL);
 }
 static void __client_free(struct interface *iface, struct client *cl)
 {
 	if (cl->id_node.key)
 		avl_delete(&iface->client_ids, &cl->id_node);
 	avl_delete(&iface->clients, &cl->node);
 	kvlist_free(&cl->kvdata);
 	spotfilter_bpf_set_client(iface, &cl->key, NULL);
 	free(cl);
 }
 void client_free(struct interface *iface, struct client *cl)
 {
 	spotfilter_ubus_notify(iface, cl, "client_delete");
 	__client_free(iface, cl);
 }
 static void client_set_id(struct interface *iface, struct client *cl, const char *id)
 {
 	if (id == cl->id_node.key)
 		return;
 	if (id && cl->id_node.key && !strcmp(id, cl->id_node.key))
 		return;
 	if (cl->id_node.key) {
 		avl_delete(&iface->client_ids, &cl->id_node);
 		free((void *) cl->id_node.key);
 		cl->id_node.key = NULL;
 	}
 	if (!id)
 		return;
 	cl->id_node.key = strdup(id);
 	avl_insert(&iface->client_ids, &cl->id_node);
 }
 int client_set(struct interface *iface, const void *addr, const char *id,
 	       int state, int dns_state, int accounting, struct blob_attr *data)
 {
 	struct cache_entry *c;
 	struct blob_attr *cur;
 	struct client *cl;
 	bool new_client = false;
 	int rem;
 	cl = avl_find_element(&iface->clients, addr, cl, node);
 	if (!cl) {
 		cl = calloc(1, sizeof(*cl));
 		cl->node.key = &cl->key.addr;
 		memcpy(cl->key.addr, addr, ETH_ALEN);
 		avl_insert(&iface->clients, &cl->node);
 		cl->data.cur_class = iface->default_class;
 		cl->data.dns_class = iface->default_dns_class;
 		kvlist_init(&cl->kvdata, kvlist_blob_len);
 		new_client = true;
 	}
 	client_set_id(iface, cl, id);
 	if (!new_client)
 		spotfilter_bpf_get_client(iface, &cl->key, &cl->data);
 	c = avl_find_element(&cache, addr, c, node);
 	if (c) {
 		if (!cl->data.ip4addr)
 			cl->data.ip4addr = c->ip4addr;
 		if (!cl->data.ip6addr[0])
 			memcpy(cl->data.ip6addr, c->ip6addr, sizeof(cl->data.ip6addr));
 	}
 	if (state >= SPOTFILTER_NUM_CLASS || dns_state >= SPOTFILTER_NUM_CLASS) {
 		if (new_client)
 			__client_free(iface, cl);
 		return -1;
 	}
 	blobmsg_for_each_attr(cur, data, rem) {
 		if (!blobmsg_check_attr(cur, true))
 			continue;
 		kvlist_set(&cl->kvdata, blobmsg_name(cur), cur);
 	}
 	if (state >= 0)
 		cl->data.cur_class = state;
 	if (dns_state >= 0)
 		cl->data.dns_class = dns_state;
 	if (accounting >= 0)
 		cl->data.flags = accounting;
 	spotfilter_bpf_set_client(iface, &cl->key, &cl->data);
 	if (new_client)
 		spotfilter_ubus_notify(iface, cl, "client_add");
 	return 0;
 }
 void client_set_ipaddr(const void *mac, const void *addr, bool ipv6)
 {
 	static struct uloop_timeout gc_timer = {
 		.cb = client_gc
 	};
 	struct interface *iface;
 	struct cache_entry *c;
 	struct client *cl;
 	c = avl_find_element(&cache, mac, c, node);
 	if (!c) {
 		c = calloc(1, sizeof(*c));
 		memcpy(c->macaddr, mac, ETH_ALEN);
 		c->node.key = c->macaddr;
 		avl_insert(&cache, &c->node);
 		if (!gc_timer.pending)
 			uloop_timeout_set(&gc_timer, CACHE_TIMEOUT * 1000);
 	}
 	if (!ipv6 && !c->ip4addr)
 		memcpy(&c->ip4addr, addr, sizeof(c->ip4addr));
 	else if (ipv6 && !c->ip6addr[0])
 		memcpy(&c->ip6addr, addr, sizeof(c->ip6addr));
 	else
 		return;
 	c->time = client_gettime();
 	avl_for_each_element(&interfaces, iface, node) {
 		cl = avl_find_element(&iface->clients, mac, cl, node);
 		if (!cl)
 			continue;
 		spotfilter_bpf_get_client(iface, &cl->key, &cl->data);
 		if (!ipv6 && !cl->data.ip4addr)
 			memcpy(&cl->data.ip4addr, addr, sizeof(cl->data.ip4addr));
 		else if (ipv6 && !cl->data.ip6addr[0])
 			memcpy(&cl->data.ip6addr, addr, sizeof(cl->data.ip6addr));
 		else
 			continue;
 		spotfilter_bpf_set_client(iface, &cl->key, &cl->data);
 	}
 }
--- a/feeds/ucentral/spotfilter/src/client.h
+++ b/feeds/ucentral/spotfilter/src/client.h
@@ -0,0 +1,28 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #ifndef __SPOTFILTER_CLIENT_H
 #define __SPOTFILTER_CLIENT_H
 #include <netinet/if_ether.h>
 #include <libubox/kvlist.h>
 struct client {
 	struct avl_node node;
 	struct avl_node id_node;
 	struct kvlist kvdata;
 	int idle;
 	struct spotfilter_client_key key;
 	struct spotfilter_client_data data;
 };
 int client_set(struct interface *iface, const void *addr, const char *id,
 	       int state, int dns_state, int accounting, struct blob_attr *data);
 void client_free(struct interface *iface, struct client *cl);
 void client_set_ipaddr(const void *mac, const void *addr, bool ipv6);
 void client_init_interface(struct interface *iface);
 #endif
--- a/feeds/ucentral/spotfilter/src/dhcpv4.c
+++ b/feeds/ucentral/spotfilter/src/dhcpv4.c
@@ -0,0 +1,111 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include "spotfilter.h"
 enum dhcpv4_msg {
 	DHCPV4_MSG_DISCOVER = 1,
 	DHCPV4_MSG_OFFER = 2,
 	DHCPV4_MSG_REQUEST = 3,
 	DHCPV4_MSG_DECLINE = 4,
 	DHCPV4_MSG_ACK = 5,
 	DHCPV4_MSG_NAK = 6,
 	DHCPV4_MSG_RELEASE = 7,
 	DHCPV4_MSG_INFORM = 8,
 	DHCPV4_MSG_FORCERENEW = 9,
 };
 enum dhcpv4_opt {
 	DHCPV4_OPT_PAD = 0,
 	DHCPV4_OPT_NETMASK = 1,
 	DHCPV4_OPT_ROUTER = 3,
 	DHCPV4_OPT_DNSSERVER = 6,
 	DHCPV4_OPT_DOMAIN = 15,
 	DHCPV4_OPT_MTU = 26,
 	DHCPV4_OPT_BROADCAST = 28,
 	DHCPV4_OPT_NTPSERVER = 42,
 	DHCPV4_OPT_LEASETIME = 51,
 	DHCPV4_OPT_MESSAGE = 53,
 	DHCPV4_OPT_SERVERID = 54,
 	DHCPV4_OPT_REQOPTS = 55,
 	DHCPV4_OPT_RENEW = 58,
 	DHCPV4_OPT_REBIND = 59,
 	DHCPV4_OPT_IPADDRESS = 50,
 	DHCPV4_OPT_MSG_TYPE = 53,
 	DHCPV4_OPT_HOSTNAME = 12,
 	DHCPV4_OPT_REQUEST = 17,
 	DHCPV4_OPT_USER_CLASS = 77,
 	DHCPV4_OPT_AUTHENTICATION = 90,
 	DHCPV4_OPT_SEARCH_DOMAIN = 119,
 	DHCPV4_OPT_FORCERENEW_NONCE_CAPABLE = 145,
 	DHCPV4_OPT_END = 255,
 };
 struct dhcpv4_message {
 	uint8_t op;
 	uint8_t htype;
 	uint8_t hlen;
 	uint8_t hops;
 	uint32_t xid;
 	uint16_t secs;
 	uint16_t flags;
 	struct in_addr ciaddr;
 	struct in_addr yiaddr;
 	struct in_addr siaddr;
 	struct in_addr giaddr;
 	uint8_t chaddr[16];
 	char sname[64];
 	char file[128];
 	uint32_t magic;
 	uint8_t options[];
 } __attribute__((packed));
 #define DHCPV4_MAGIC 0x63825363
 struct dhcpv4_option {
 	uint8_t type;
 	uint8_t len;
 	uint8_t data[];
 };
 #define dhcpv4_for_each_option(opt, start, end)				\
 	for (opt = (const struct dhcpv4_option *)(start);		\
 	     &opt[1] <= (const struct dhcpv4_option *)(end) &&		\
 	     &opt->data[opt->len] <= (const uint8_t *)(end);		\
 	     opt = (const struct dhcpv4_option *)&opt->data[opt->len])
 void spotfilter_recv_dhcpv4(const void *msgdata, int len, const void *eth_addr)
 {
 	const struct dhcpv4_message *msg = msgdata;
 	const struct dhcpv4_option *opt;
 	uint8_t bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 	int op = -1;
 	if (ntohl(msg->magic) != DHCPV4_MAGIC)
 		return;
 	if (msg->op != 2 || msg->htype != 1 || msg->hlen != 6)
 		return;
 	if (memcmp(eth_addr, bcast_addr, ETH_ALEN) != 0 &&
 	    memcmp(eth_addr, msg->chaddr, ETH_ALEN) != 0)
 		return;
 	dhcpv4_for_each_option(opt, msg->options, msgdata + len) {
 		switch (opt->type) {
 		case DHCPV4_OPT_MESSAGE:
 			if (opt->len != 1)
 				break;
 			op = opt->data[0];
 			break;
 		}
 	}
 	if (op != DHCPV4_MSG_ACK)
 		return;
 	client_set_ipaddr(msg->chaddr, (uint32_t *)&msg->yiaddr, false);
 }
--- a/feeds/ucentral/spotfilter/src/example.json
+++ b/feeds/ucentral/spotfilter/src/example.json
@@ -0,0 +1,36 @@
 {
 	"name": "hotspot",
 	"devices": [ "wlan1" ],
 	"config": {
 		"class": [
 			{
 				"index": 0
 			},
 			{
 				"index": 1,
 				"device_macaddr": "br-test"
 			},
 			{
 				"index": 2,
 				"macaddr": "00:11:22:33:44:55"
 			},
 			{
 				"index": 3,
 				"fwmark": 1,
 				"fwmark_mask": 127
 			},
 			{
 				"index": 4,
 				"redirect": "up0v2"
 			}
 		],
 		"default_class": 1,
 		"default_dns_class": 0,
 		"whitelist": [
 			{
 				"class": 0,
 				"hosts": [ "*.google.de", "*.google.com" ]
 			}
 		]
 	}
 }
--- a/feeds/ucentral/spotfilter/src/icmpv6.c
+++ b/feeds/ucentral/spotfilter/src/icmpv6.c
@@ -0,0 +1,46 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include <netinet/icmp6.h>
 #include "spotfilter.h"
 struct icmpv6_opt {
 	uint8_t type;
 	uint8_t len;
 	uint8_t data[6];
 };
 #define icmpv6_for_each_option(opt, start, end)					\
 	for (opt = (const struct icmpv6_opt*)(start);				\
 	     (const void *)(opt + 1) <= (const void *)(end) && opt->len > 0 &&	\
 	     (const void *)(opt + opt->len) <= (const void *)(end); opt += opt->len)
 void spotfilter_recv_icmpv6(const void *data, int len, const uint8_t *src, const uint8_t *dest)
 {
 	const struct nd_neighbor_advert *nd = data;
 	const struct icmp6_hdr *hdr = data;
 	const struct icmpv6_opt *opt;
 	if (len < sizeof(*nd) || hdr->icmp6_code)
 		return;
 	if (hdr->icmp6_type != ND_NEIGHBOR_ADVERT)
 		return;
 	icmpv6_for_each_option(opt, &nd[1], data + len) {
 		if (opt->type != ND_OPT_TARGET_LINKADDR || opt->len != 1)
 			continue;
 		if (memcmp(opt->data, src, ETH_ALEN))
 			return;
 	}
 	if ((nd->nd_na_target.s6_addr[0] & 0xe0) != 0x20)
 		return;
 	if (opt != (const struct icmpv6_opt *)(data + len))
 		return;
 	client_set_ipaddr(src, &nd->nd_na_target, true);
 }
--- a/feeds/ucentral/spotfilter/src/interface.c
+++ b/feeds/ucentral/spotfilter/src/interface.c
@@ -0,0 +1,369 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <netinet/ether.h>
 #include <net/if.h>
 #include <libubox/avl-cmp.h>
 #include "spotfilter.h"
 AVL_TREE(interfaces, avl_strcmp, false, NULL);
 void interface_free(struct interface *iface)
 {
 	struct client *cl, *tmp;
 	spotfilter_dns_free(iface);
 	vlist_flush_all(&iface->devices);
 	avl_for_each_element_safe(&iface->clients, cl, node, tmp)
 		client_free(iface, cl);
 	spotfilter_bpf_free(iface);
 	avl_delete(&interfaces, &iface->node);
 	free(iface->config);
 	free(iface);
 }
 static inline const char *
 device_name(struct device *dev)
 {
 	return dev->node.avl.key;
 }
 static void
 interface_check_device(struct interface *iface, struct device *dev)
 {
 	int old_ifindex = dev->ifindex;
 	dev->ifindex = if_nametoindex(device_name(dev));
 	if (dev->ifindex != old_ifindex)
 		spotfilter_bpf_set_device(iface, dev->ifindex, true);
 }
 static void
 device_update_cb(struct vlist_tree *tree,
 		 struct vlist_node *node_new,
 		 struct vlist_node *node_old)
 {
 	struct interface *iface = container_of(tree, struct interface, devices);
 	struct device *dev_new = container_of_safe(node_new, struct device, node);
 	struct device *dev_old = container_of_safe(node_old, struct device, node);
 	if (dev_new) {
 		if (dev_old)
 			dev_new->ifindex = dev_old->ifindex;
 		interface_check_device(iface, dev_new);
 	}
 	if (dev_old) {
 		if (!dev_new && dev_old->ifindex)
 			spotfilter_bpf_set_device(iface, dev_old->ifindex, false);
 		free(dev_old);
 	}
 }
 static int
 interface_parse_class(struct spotfilter_bpf_class *cdata, struct blob_attr *attr)
 {
 	enum {
 		CLASS_ATTR_INDEX,
 		CLASS_ATTR_DEV_MAC,
 		CLASS_ATTR_MAC,
 		CLASS_ATTR_REDIRECT,
 		CLASS_ATTR_FWMARK,
 		CLASS_ATTR_FWMARK_MASK,
 		__CLASS_ATTR_MAX,
 	};
 	static const struct blobmsg_policy policy[__CLASS_ATTR_MAX] = {
 		[CLASS_ATTR_INDEX] = { "index", BLOBMSG_TYPE_INT32 },
 		[CLASS_ATTR_DEV_MAC] = { "device_macaddr", BLOBMSG_TYPE_STRING },
 		[CLASS_ATTR_MAC] = { "macaddr", BLOBMSG_TYPE_STRING },
 		[CLASS_ATTR_REDIRECT] = { "redirect", BLOBMSG_TYPE_STRING },
 		[CLASS_ATTR_FWMARK] = { "fwmark", BLOBMSG_TYPE_INT32 },
 		[CLASS_ATTR_FWMARK_MASK] = { "fwmark_mask", BLOBMSG_TYPE_INT32 },
 	};
 	struct blob_attr *tb[__CLASS_ATTR_MAX];
 	struct blob_attr *cur;
 	unsigned int index;
 	if (blobmsg_type(attr) != BLOBMSG_TYPE_TABLE)
 		return -1;
 	blobmsg_parse(policy, __CLASS_ATTR_MAX, tb,
 		      blobmsg_data(attr), blobmsg_len(attr));
 	if ((cur = tb[CLASS_ATTR_INDEX]) != NULL)
 		index = blobmsg_get_u32(cur);
 	else
 		return -1;
 	if (index >= SPOTFILTER_NUM_CLASS)
 		return -1;
 	if ((cur = tb[CLASS_ATTR_MAC]) != NULL) {
 		void *addr;
 		addr = ether_aton(blobmsg_get_string(cur));
 		if (!addr)
 			goto invalid;
 		memcpy(cdata->dest_mac, addr, sizeof(cdata->dest_mac));
 		cdata->actions |= SPOTFILTER_ACTION_SET_DEST_MAC;
 	} else if ((cur = tb[CLASS_ATTR_DEV_MAC]) != NULL) {
 		const char *name = blobmsg_get_string(cur);
 		struct ifreq ifr = {};
 		int sock;
 		int ret;
 		if (strlen(name) > IFNAMSIZ)
 			goto invalid;
 		strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
 		sock = socket(AF_INET, SOCK_DGRAM, 0);
 		ret = ioctl(sock, SIOCGIFHWADDR, &ifr);
 		if (ret < 0)
 			perror("ioctl");
 		close(sock);
 		if (ret < 0)
 			goto invalid;
 		if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER)
 			goto invalid;
 		memcpy(cdata->dest_mac, ifr.ifr_hwaddr.sa_data, sizeof(cdata->dest_mac));
 		cdata->actions |= SPOTFILTER_ACTION_SET_DEST_MAC;
 	}
 	if ((cur = tb[CLASS_ATTR_REDIRECT]) != NULL) {
 		unsigned int ifindex = if_nametoindex(blobmsg_get_string(cur));
 		if (!ifindex)
 			goto invalid;
 		cdata->redirect_ifindex = ifindex;
 		cdata->actions |= SPOTFILTER_ACTION_REDIRECT;
 	}
 	if ((cur = tb[CLASS_ATTR_FWMARK_MASK]) != NULL)
 		cdata->fwmark_mask = blobmsg_get_u32(cur);
 	else
 		cdata->fwmark_mask = ~0;
 	if ((cur = tb[CLASS_ATTR_FWMARK]) != NULL) {
 		cdata->fwmark_val = blobmsg_get_u32(cur);
 		cdata->actions |= SPOTFILTER_ACTION_FWMARK;
 	}
 	cdata->actions |= SPOTFILTER_ACTION_VALID;
 	return index;
 invalid:
 	cdata->actions = 0;
 	return index;
 }
 static bool
 __interface_check_whitelist(struct blob_attr *attr)
 {
 	enum {
 		WL_ATTR_CLASS,
 		WL_ATTR_HOSTS,
 		__WL_ATTR_MAX
 	};
 	static const struct blobmsg_policy policy[__WL_ATTR_MAX] = {
 		[WL_ATTR_CLASS] = { "class", BLOBMSG_TYPE_INT32 },
 		[WL_ATTR_HOSTS] = { "hosts", BLOBMSG_TYPE_ARRAY },
 	};
 	struct blob_attr *tb[__WL_ATTR_MAX];
 	blobmsg_parse(policy, __WL_ATTR_MAX, tb, blobmsg_data(attr), blobmsg_len(attr));
 	if (!tb[WL_ATTR_CLASS] || !tb[WL_ATTR_HOSTS])
 		return false;
 	return blobmsg_check_array(tb[WL_ATTR_HOSTS], BLOBMSG_TYPE_STRING) >= 0;
 }
 static bool
 interface_check_whitelist(struct blob_attr *attr)
 {
 	struct blob_attr *cur;
 	int rem;
 	if (blobmsg_check_array(attr, BLOBMSG_TYPE_TABLE) <= 0)
 		return false;
 	blobmsg_for_each_attr(cur, attr, rem) {
 		if (!__interface_check_whitelist(cur))
 			return false;
 	}
 	return true;
 }
 static void
 interface_set_config(struct interface *iface, bool iface_init)
 {
 	enum {
 		CONFIG_ATTR_CLASS,
 		CONFIG_ATTR_WHITELIST,
 		CONFIG_ATTR_ACTIVE_TIMEOUT,
 		CONFIG_ATTR_CLIENT_AUTOCREATE,
 		CONFIG_ATTR_CLIENT_AUTOREMOVE,
 		CONFIG_ATTR_CLIENT_TIMEOUT,
 		CONFIG_ATTR_DEFAULT_CLASS,
 		CONFIG_ATTR_DEFAULT_DNS_CLASS,
 		__CONFIG_ATTR_MAX,
 	};
 	static const struct blobmsg_policy policy[__CONFIG_ATTR_MAX] = {
 		[CONFIG_ATTR_CLASS] = { "class", BLOBMSG_TYPE_ARRAY },
 		[CONFIG_ATTR_WHITELIST] = { "whitelist", BLOBMSG_TYPE_ARRAY },
 		[CONFIG_ATTR_ACTIVE_TIMEOUT] = { "active_timeout", BLOBMSG_TYPE_INT32 },
 		[CONFIG_ATTR_CLIENT_TIMEOUT] = { "client_timeout", BLOBMSG_TYPE_INT32 },
 		[CONFIG_ATTR_CLIENT_AUTOCREATE] = { "client_autocreate", BLOBMSG_TYPE_BOOL },
 		[CONFIG_ATTR_CLIENT_AUTOREMOVE] = { "client_autoremove", BLOBMSG_TYPE_BOOL },
 		[CONFIG_ATTR_DEFAULT_CLASS] = { "default_class", BLOBMSG_TYPE_INT32 },
 		[CONFIG_ATTR_DEFAULT_DNS_CLASS] = { "default_dns_class", BLOBMSG_TYPE_INT32 },
 	};
 	struct blob_attr *tb[__CONFIG_ATTR_MAX];
 	struct blob_attr *cur;
 	uint32_t class_mask = 0;
 	int i, rem;
 	blobmsg_parse(policy, __CONFIG_ATTR_MAX, tb,
 		      blobmsg_data(iface->config), blobmsg_len(iface->config));
 	if ((cur = tb[CONFIG_ATTR_DEFAULT_CLASS]) != NULL &&
 	    blobmsg_get_u32(cur) < SPOTFILTER_NUM_CLASS)
 		iface->default_class = blobmsg_get_u32(cur);
 	else
 		iface->default_class = 0;
 	if ((cur = tb[CONFIG_ATTR_DEFAULT_DNS_CLASS]) != NULL &&
 	    blobmsg_get_u32(cur) < SPOTFILTER_NUM_CLASS)
 		iface->default_dns_class = blobmsg_get_u32(cur);
 	else
 		iface->default_dns_class = 0;
 	if ((cur = tb[CONFIG_ATTR_WHITELIST]) != NULL && interface_check_whitelist(cur))
 		iface->whitelist = cur;
 	else
 		iface->whitelist = NULL;
 	if ((cur = tb[CONFIG_ATTR_ACTIVE_TIMEOUT]) != NULL)
 		iface->active_timeout = blobmsg_get_u32(cur);
 	else
 		iface->active_timeout = 300;
 	if ((cur = tb[CONFIG_ATTR_CLIENT_TIMEOUT]) != NULL)
 		iface->client_timeout = blobmsg_get_u32(cur);
 	else
 		iface->client_timeout = 30;
 	if ((cur = tb[CONFIG_ATTR_CLIENT_AUTOCREATE]) != NULL)
 		iface->client_autocreate = blobmsg_get_u8(cur);
 	else
 		iface->client_autocreate = true;
 	if ((cur = tb[CONFIG_ATTR_CLIENT_AUTOREMOVE]) != NULL)
 		iface->client_autoremove = blobmsg_get_u8(cur);
 	else
 		iface->client_autoremove = true;
 	blobmsg_for_each_attr(cur, tb[CONFIG_ATTR_CLASS], rem) {
 		struct spotfilter_bpf_class cdata = {};
 		int index;
 		index = interface_parse_class(&cdata, cur);
 		if (index < 0)
 			continue;
 		if (iface_init ||
 		    memcmp(&iface->cdata[index], &cdata, sizeof(cdata)) != 0) {
 			memcpy(&iface->cdata[index], &cdata, sizeof(cdata));
 			spotfilter_bpf_update_class(iface, index);
 		}
 		class_mask |= 1 << index;
 	}
 	for (i = 0; i < SPOTFILTER_NUM_CLASS; i++) {
 		if (class_mask & (1 << i))
 			continue;
 		memset(&iface->cdata[i], 0, sizeof(iface->cdata[i]));
 		spotfilter_bpf_update_class(iface, i);
 	}
 }
 void interface_check_devices(void)
 {
 	struct interface *iface;
 	struct device *dev;
 	avl_for_each_element(&interfaces, iface, node) {
 		interface_set_config(iface, false);
 		vlist_for_each_element(&iface->devices, dev, node)
 			interface_check_device(iface, dev);
 	}
 }
 void interface_add(const char *name, struct blob_attr *config,
 		   struct blob_attr *devices)
 {
 	struct interface *iface;
 	struct blob_attr *cur;
 	char *name_buf;
 	bool iface_init = false;
 	int rem;
 	iface = avl_find_element(&interfaces, name, iface, node);
 	if (!iface) {
 		iface = calloc_a(sizeof(*iface), &name_buf, strlen(name) + 1);
 		iface->node.key = strcpy(name_buf, name);
 		vlist_init(&iface->devices, avl_strcmp, device_update_cb);
 		client_init_interface(iface);
 		spotfilter_dns_init(iface);
 		if (spotfilter_bpf_load(iface)) {
 			free(iface);
 			return;
 		}
 		avl_insert(&interfaces, &iface->node);
 		iface_init = true;
 	}
 	if (config && !blob_attr_equal(iface->config, config)) {
 		free(iface->config);
 		iface->config = blob_memdup(config);
 		interface_set_config(iface, iface_init);
 	}
 	blobmsg_for_each_attr(cur, devices, rem) {
 		struct device *dev;
 		const char *name = blobmsg_get_string(cur);
 		dev = calloc_a(sizeof(*dev), &name_buf, strlen(name) + 1);
 		vlist_add(&iface->devices, &dev->node, strcpy(name_buf, name));
 	}
 }
 void interface_done(void)
 {
 	struct interface *iface, *tmp;
 	avl_for_each_element_safe(&interfaces, iface, node, tmp)
 		interface_free(iface);
 }
--- a/feeds/ucentral/spotfilter/src/interface.h
+++ b/feeds/ucentral/spotfilter/src/interface.h
@@ -0,0 +1,73 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #ifndef __SPOTFILTER_INTERFACE_H
 #define __SPOTFILTER_INTERFACE_H
 #include <libubox/vlist.h>
 #include <libubox/blobmsg.h>
 #include <libubox/uloop.h>
 struct bpf_object;
 struct interface {
 	struct avl_node node;
 	struct blob_attr *config;
 	struct blob_attr *whitelist;
 	struct avl_tree cname_cache;
 	struct avl_tree addr_map;
 	struct uloop_timeout addr_gc;
 	uint32_t next_gc;
 	uint32_t active_timeout;
 	uint8_t default_class;
 	uint8_t default_dns_class;
 	bool client_autocreate;
 	bool client_autoremove;
 	int client_timeout;
 	struct {
 		struct bpf_object *obj;
 		int prog_ingress;
 		int prog_egress;
 		int map_class;
 		int map_client;
 		int map_whitelist_v4;
 		int map_whitelist_v6;
 	} bpf;
 	struct spotfilter_bpf_class cdata[SPOTFILTER_NUM_CLASS];
 	struct vlist_tree devices;
 	struct avl_tree clients;
 	struct avl_tree client_ids;
 };
 struct device {
 	struct vlist_node node;
 	int ifindex;
 };
 extern struct avl_tree interfaces;
 static inline const char *interface_name(struct interface *iface)
 {
 	return iface->node.key;
 }
 void interface_add(const char *name, struct blob_attr *config,
 		   struct blob_attr *devices);
 void interface_free(struct interface *iface);
 void interface_check_devices(void);
 void interface_done(void);
 #endif
--- a/feeds/ucentral/spotfilter/src/main.c
+++ b/feeds/ucentral/spotfilter/src/main.c
@@ -0,0 +1,120 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include <sys/wait.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <stdint.h>
 #include <libubox/uloop.h>
 #include "spotfilter.h"
 int spotfilter_run_cmd(char *cmd, bool ignore_error)
 {
 	char *argv[] = { "sh", "-c", cmd, NULL };
 	bool first = true;
 	int status = -1;
 	char buf[512];
 	int fds[2];
 	FILE *f;
 	int pid;
 	if (pipe(fds))
 		return -1;
 	pid = fork();
 	if (!pid) {
 		close(fds[0]);
 		if (fds[1] != STDOUT_FILENO)
 			dup2(fds[1], STDOUT_FILENO);
 		if (fds[1] != STDERR_FILENO)
 			dup2(fds[1], STDERR_FILENO);
 		if (fds[1] > STDERR_FILENO)
 			close(fds[1]);
 		execv("/bin/sh", argv);
 		exit(1);
 	}
 	if (pid < 0)
 		return -1;
 	close(fds[1]);
 	f = fdopen(fds[0], "r");
 	if (!f) {
 		close(fds[0]);
 		goto out;
 	}
 	while (fgets(buf, sizeof(buf), f) != NULL) {
 		if (!strlen(buf))
 			break;
 		if (ignore_error)
 			continue;
 		if (first) {
 			ULOG_WARN("Command: %s\n", cmd);
 			first = false;
 		}
 		ULOG_WARN("%s%s", buf, strchr(buf, '\n') ? "" : "\n");
 	}
 	fclose(f);
 out:
 	while (waitpid(pid, &status, 0) < 0)
 		if (errno != EINTR)
 			break;
 	return status;
 }
 static int usage(const char *progname)
 {
 	fprintf(stderr, "Usage: %s [options]\n"
 		"Options:\n"
 		"\n", progname);
 	return 1;
 }
 int main(int argc, char **argv)
 {
 	int ret = 2;
 	int ch;
 	while ((ch = getopt(argc, argv, "")) != -1) {
 		switch (ch) {
 		default:
 			return usage(argv[0]);
 		}
 	}
 	ulog_open(ULOG_SYSLOG, LOG_DAEMON, "spotfilter");
 	uloop_init();
 	if (rtnl_init())
 		return 1;
 	if (spotfilter_nl80211_init())
 		return 1;
 	if (spotfilter_dev_init())
 		return 1;
 	if (spotfilter_ubus_init())
 		goto out;
 	ret = 0;
 	uloop_run();
 	spotfilter_ubus_stop();
 out:
 	interface_done();
 	spotfilter_dev_done();
 	spotfilter_nl80211_done();
 	uloop_done();
 	return ret;
 }
--- a/feeds/ucentral/spotfilter/src/nl80211.c
+++ b/feeds/ucentral/spotfilter/src/nl80211.c
@@ -0,0 +1,276 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #define _GNU_SOURCE
 #include <linux/netlink.h>
 #include <netlink/genl/genl.h>
 #include <netlink/genl/family.h>
 #include <netlink/genl/ctrl.h>
 #include <netlink/msg.h>
 #include <netlink/attr.h>
 #include <linux/nl80211.h>
 #include <errno.h>
 #include <libubox/uloop.h>
 #include "spotfilter.h"
 static struct nl_sock *genl;
 static struct nl_cb *genl_cb;
 static struct uloop_fd genl_fd;
 static struct uloop_timeout update_timer;
 static int nl80211_id;
 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
 			 void *arg)
 {
 	int *ret = arg;
 	*ret = err->error;
 	return NL_STOP;
 }
 static int ack_handler(struct nl_msg *msg, void *arg)
 {
 	int *ret = arg;
 	*ret = 0;
 	return NL_STOP;
 }
 struct handler_args {
 	const char *group;
 	int id;
 };
 static int family_handler(struct nl_msg *msg, void *arg)
 {
 	struct handler_args *grp = arg;
 	struct nlattr *tb[CTRL_ATTR_MAX + 1];
 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
 	struct nlattr *mcgrp;
 	int rem_mcgrp;
 	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
 		  genlmsg_attrlen(gnlh, 0), NULL);
 	if (!tb[CTRL_ATTR_MCAST_GROUPS])
 		return NL_SKIP;
 	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], rem_mcgrp) {
 		struct nlattr *tb_mcgrp[CTRL_ATTR_MCAST_GRP_MAX + 1];
 		nla_parse(tb_mcgrp, CTRL_ATTR_MCAST_GRP_MAX,
 			  nla_data(mcgrp), nla_len(mcgrp), NULL);
 		if (!tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME] ||
 		    !tb_mcgrp[CTRL_ATTR_MCAST_GRP_ID])
 			continue;
 		if (strncmp(nla_data(tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME]),
 			    grp->group, nla_len(tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME])))
 			continue;
 		grp->id = nla_get_u32(tb_mcgrp[CTRL_ATTR_MCAST_GRP_ID]);
 		break;
 	}
 	return NL_SKIP;
 }
 static int nl_get_multicast_id(struct nl_sock *sock, const char *family, const char *group)
 {
 	struct nl_msg *msg;
 	struct nl_cb *cb;
 	struct handler_args grp = {
 		.group = group,
 		.id = -ENOENT,
 	};
 	int ret, ctrlid;
 	msg = nlmsg_alloc();
 	if (!msg)
 		return -ENOMEM;
 	cb = nl_cb_alloc(NL_CB_DEFAULT);
 	if (!cb) {
 		ret = -ENOMEM;
 		goto out_fail_cb;
 	}
 	ctrlid = genl_ctrl_resolve(sock, "nlctrl");
 	genlmsg_put(msg, 0, 0, ctrlid, 0,
 		    0, CTRL_CMD_GETFAMILY, 0);
 	ret = -ENOBUFS;
 	NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
 	ret = nl_send_auto_complete(sock, msg);
 	if (ret < 0)
 		goto out;
 	ret = 1;
 	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &ret);
 	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &ret);
 	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, family_handler, &grp);
 	while (ret > 0)
 		nl_recvmsgs(sock, cb);
 	if (ret == 0)
 		ret = grp.id;
 nla_put_failure:
 out:
 	nl_cb_put(cb);
 out_fail_cb:
 	nlmsg_free(msg);
 	return ret;
 }
 static void
 nl80211_sock_cb(struct uloop_fd *fd, unsigned int events)
 {
 	nl_recvmsgs(genl, genl_cb);
 }
 static void
 nl80211_device_update(struct interface *iface, struct device *dev)
 {
 	struct nl_msg *msg;
 	msg = nlmsg_alloc();
 	genlmsg_put(msg, NL_AUTO_PID, NL_AUTO_SEQ, nl80211_id, 0, NLM_F_DUMP,
 		    NL80211_CMD_GET_STATION, 0);
 	nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
 	nl_send_auto_complete(genl, msg);
 	nlmsg_free(msg);
 }
 static void
 nl80211_interface_update(struct interface *iface)
 {
 	struct client *cl, *tmp;
 	struct device *dev;
 	if (!iface->client_autoremove)
 		return;
 	avl_for_each_element_safe(&iface->clients, cl, node, tmp) {
 		if (cl->idle++ < iface->client_timeout)
 			continue;
 		client_free(iface, cl);
 	}
 	vlist_for_each_element(&iface->devices, dev, node)
 		nl80211_device_update(iface, dev);
 }
 static void spotfilter_nl80211_update(struct uloop_timeout *t)
 {
 	struct interface *iface;
 	avl_for_each_element(&interfaces, iface, node)
 		nl80211_interface_update(iface);
 	uloop_timeout_set(t, 1000);
 }
 static int no_seq_check(struct nl_msg *msg, void *arg)
 {
 	return NL_OK;
 }
 static int valid_msg(struct nl_msg *msg, void *arg)
 {
 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
 	struct interface *iface;
 	struct device *dev;
 	struct client *cl;
 	const void *addr;
 	int ifindex;
 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
 		  genlmsg_attrlen(gnlh, 0), NULL);
 	if (gnlh->cmd != NL80211_CMD_NEW_STATION)
 		return NL_SKIP;
 	if (!tb[NL80211_ATTR_IFINDEX] || !tb[NL80211_ATTR_MAC])
 		return NL_SKIP;
 	ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
 	addr = nla_data(tb[NL80211_ATTR_MAC]);
 	avl_for_each_element(&interfaces, iface, node)
 		vlist_for_each_element(&iface->devices, dev, node)
 			if (dev->ifindex == ifindex)
 				goto found;
 	return NL_SKIP;
 found:
 	cl = avl_find_element(&iface->clients, addr, cl, node);
 	if (cl)
 		cl->idle = 0;
 	else if (iface->client_autocreate)
 		client_set(iface, addr, NULL, -1, -1, -1, NULL);
 	return NL_SKIP;
 }
 int spotfilter_nl80211_init(void)
 {
 	int id;
 	genl = nl_socket_alloc();
 	if (!genl)
 		return -1;
 	nl_socket_set_buffer_size(genl, 16384, 16384);
 	if (genl_connect(genl))
 		goto error;
 	nl80211_id = genl_ctrl_resolve(genl, "nl80211");
 	if (nl80211_id < 0)
 		goto error;
 	id = nl_get_multicast_id(genl, "nl80211", "mlme");
 	if (id < 0)
 		goto error;
 	if (nl_socket_add_membership(genl, id) < 0)
 		goto error;
 	genl_cb = nl_cb_alloc(NL_CB_DEFAULT);
 	nl_cb_set(genl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
 	nl_cb_set(genl_cb, NL_CB_VALID, NL_CB_CUSTOM, valid_msg, NULL);
 	genl_fd.fd = nl_socket_get_fd(genl);
 	genl_fd.cb = nl80211_sock_cb;
 	uloop_fd_add(&genl_fd, ULOOP_READ);
 	update_timer.cb = spotfilter_nl80211_update;
 	uloop_timeout_set(&update_timer, 1);
 	return 0;
 error:
 	spotfilter_nl80211_done();
 	return -1;
 }
 void spotfilter_nl80211_done(void)
 {
 	if (!genl)
 		return;
 	uloop_timeout_cancel(&update_timer);
 	uloop_fd_delete(&genl_fd);
 	nl_socket_free(genl);
 	genl = NULL;
 }
--- a/feeds/ucentral/spotfilter/src/rtnl.c
+++ b/feeds/ucentral/spotfilter/src/rtnl.c
@@ -0,0 +1,99 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netlink/msg.h>
 #include <netlink/attr.h>
 #include <netlink/socket.h>
 #include <linux/rtnetlink.h>
 #include "spotfilter.h"
 static struct nl_sock *rtnl;
 bool rtnl_ignore_errors;
 static int
 spotfilter_nl_error_cb(struct sockaddr_nl *nla, struct nlmsgerr *err,
 		   void *arg)
 {
 	struct nlmsghdr *nlh = (struct nlmsghdr *) err - 1;
 	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
 	struct nlattr *attrs;
 	int ack_len = sizeof(*nlh) + sizeof(int) + sizeof(*nlh);
 	int len = nlh->nlmsg_len;
 	const char *errstr = "(unknown)";
 	if (rtnl_ignore_errors)
 		return NL_STOP;
 	if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
 		return NL_STOP;
 	if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
 		ack_len += err->msg.nlmsg_len - sizeof(*nlh);
 	attrs = (void *) ((unsigned char *) nlh + ack_len);
 	len -= ack_len;
 	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, len, NULL);
 	if (tb[NLMSGERR_ATTR_MSG])
 		errstr = nla_data(tb[NLMSGERR_ATTR_MSG]);
 	fprintf(stderr, "Netlink error(%d): %s\n", err->error, errstr);
 	return NL_STOP;
 }
 int rtnl_call(struct nl_msg *msg)
 {
 	int ret;
 	ret = nl_send_auto_complete(rtnl, msg);
 	nlmsg_free(msg);
 	if (ret < 0)
 		return ret;
 	return nl_wait_for_ack(rtnl);
 }
 int rtnl_fd(void)
 {
 	return nl_socket_get_fd(rtnl);
 }
 int rtnl_init(void)
 {
 	int fd, opt;
 	if (rtnl)
 		return 0;
 	rtnl = nl_socket_alloc();
 	if (!rtnl)
 		return -1;
 	if (nl_connect(rtnl, NETLINK_ROUTE))
 		goto free;
 	nl_socket_disable_seq_check(rtnl);
 	nl_socket_set_buffer_size(rtnl, 65536, 0);
 	nl_cb_err(nl_socket_get_cb(rtnl), NL_CB_CUSTOM, spotfilter_nl_error_cb, NULL);
 	fd = nl_socket_get_fd(rtnl);
 	opt = 1;
 	setsockopt(fd, SOL_NETLINK, NETLINK_EXT_ACK, &opt, sizeof(opt));
 	opt = 1;
 	setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &opt, sizeof(opt));
 	return 0;
 free:
 	nl_socket_free(rtnl);
 	rtnl = NULL;
 	return -1;
 }
--- a/feeds/ucentral/spotfilter/src/snoop.c
+++ b/feeds/ucentral/spotfilter/src/snoop.c
@@ -0,0 +1,626 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include <netinet/if_ether.h>
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <netinet/ip6.h>
 #include <netinet/udp.h>
 #include <netpacket/packet.h>
 #include <net/if.h>
 #include <arpa/inet.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <fnmatch.h>
 #include <resolv.h>
 #include <libubox/uloop.h>
 #include "spotfilter.h"
 #define FLAG_RESPONSE		0x8000
 #define FLAG_OPCODE		0x7800
 #define FLAG_AUTHORATIVE	0x0400
 #define FLAG_RCODE		0x000f
 #define TYPE_A			0x0001
 #define TYPE_CNAME		0x0005
 #define TYPE_PTR		0x000c
 #define TYPE_TXT		0x0010
 #define TYPE_AAAA		0x001c
 #define TYPE_SRV		0x0021
 #define TYPE_ANY		0x00ff
 #define IS_COMPRESSED(x)	((x & 0xc0) == 0xc0)
 #define CLASS_FLUSH		0x8000
 #define CLASS_UNICAST		0x8000
 #define CLASS_IN		0x0001
 #define MAX_NAME_LEN            256
 #define MAX_DATA_LEN            8096
 int spotfilter_ifb_ifindex;
 static struct uloop_fd ufd;
 static struct uloop_timeout cname_gc_timer;
 struct vlan_hdr {
 	uint16_t tci;
 	uint16_t proto;
 };
 struct packet {
 	void *head;
 	void *buffer;
 	unsigned int len;
 };
 struct dns_header {
 	uint16_t id;
 	uint16_t flags;
 	uint16_t questions;
 	uint16_t answers;
 	uint16_t authority;
 	uint16_t additional;
 } __packed;
 struct dns_question {
 	uint16_t type;
 	uint16_t class;
 } __packed;
 struct dns_answer {
 	uint16_t type;
 	uint16_t class;
 	uint32_t ttl;
 	uint16_t rdlength;
 } __packed;
 struct addr_entry_data {
 	union {
 		struct {
 			uint32_t _pad;
 			uint32_t ip4addr;
 		};
 		uint32_t ip6addr[4];
 	};
 	uint32_t timeout;
 };
 struct addr_entry {
 	struct avl_node node;
 	struct addr_entry_data data;
 };
 struct cname_entry {
 	struct avl_node node;
 	uint8_t class;
 	uint8_t age;
 };
 static uint32_t spotfilter_gettime(void)
 {
 	struct timespec ts;
 	clock_gettime(CLOCK_MONOTONIC, &ts);
 	return ts.tv_sec;
 }
 static void *
 pkt_peek(struct packet *pkt, unsigned int len)
 {
 	if (len > pkt->len)
 		return NULL;
 	return pkt->buffer;
 }
 static void *
 pkt_pull(struct packet *pkt, unsigned int len)
 {
 	void *ret = pkt_peek(pkt, len);
 	if (!ret)
 		return NULL;
 	pkt->buffer += len;
 	pkt->len -= len;
 	return ret;
 }
 static bool
 proto_is_vlan(uint16_t proto)
 {
 	return proto == ETH_P_8021Q || proto == ETH_P_8021AD;
 }
 static int pkt_pull_name(struct packet *pkt, const void *hdr, char *dest)
 {
 	int len;
 	if (dest)
 		len = dn_expand(hdr, pkt->buffer + pkt->len, pkt->buffer,
 				(void *)dest, MAX_NAME_LEN);
 	else
 		len = dn_skipname(pkt->buffer, pkt->buffer + pkt->len - 1);
 	if (len < 0 || !pkt_pull(pkt, len))
 		return -1;
 	return 0;
 }
 static void
 cname_cache_set(struct interface *iface, const char *name, int class)
 {
 	struct cname_entry *e;
 	if (class < 0)
 		return;
 	e = avl_find_element(&iface->cname_cache, name, e, node);
 	if (!e) {
 		char *name_buf;
 		e = calloc_a(sizeof(*e), &name_buf, strlen(name) + 1);
 		e->node.key = strcpy(name_buf, name);
 		avl_insert(&iface->cname_cache, &e->node);
 	}
 	e->age = 0;
 	e->class = (uint8_t)class;
 }
 static int
 cname_cache_get(struct interface *iface, const char *name, int *class)
 {
 	struct cname_entry *e;
 	e = avl_find_element(&iface->cname_cache, name, e, node);
 	if (!e)
 		return -1;
 	if (*class < 0)
 		*class = e->class;
 	return 0;
 }
 static bool
 __spotfilter_dns_whitelist_lookup(struct blob_attr *attr, const char *name, int *class)
 {
 	enum {
 		WL_ATTR_CLASS,
 		WL_ATTR_HOSTS,
 		__WL_ATTR_MAX
 	};
 	static const struct blobmsg_policy policy[__WL_ATTR_MAX] = {
 		[WL_ATTR_CLASS] = { "class", BLOBMSG_TYPE_INT32 },
 		[WL_ATTR_HOSTS] = { "hosts", BLOBMSG_TYPE_ARRAY },
 	};
 	struct blob_attr *tb[__WL_ATTR_MAX];
 	struct blob_attr *cur;
 	int rem;
 	blobmsg_parse(policy, __WL_ATTR_MAX, tb, blobmsg_data(attr), blobmsg_len(attr));
 	if (!tb[WL_ATTR_CLASS] || !tb[WL_ATTR_HOSTS])
 		return false;
 	blobmsg_for_each_attr(cur, tb[WL_ATTR_HOSTS], rem) {
 		if (fnmatch(blobmsg_get_string(cur), name, 0))
 			continue;
 		*class = blobmsg_get_u32(tb[WL_ATTR_CLASS]);
 		return true;
 	}
 	return false;
 }
 static void
 spotfilter_dns_whitelist_lookup(struct interface *iface, const char *name, int *class)
 {
 	struct blob_attr *cur;
 	int rem;
 	if (!iface->whitelist)
 		return;
 	blobmsg_for_each_attr(cur, iface->whitelist, rem) {
 		if (__spotfilter_dns_whitelist_lookup(cur, name, class))
 			return;
 	}
 }
 static void
 spotfilter_dns_whitelist_map_add(struct interface *iface, const struct addr_entry_data *data,
 				 bool ipv6, int class)
 {
 	struct addr_entry *e;
 	uint8_t val = (uint8_t)class;
 	int32_t delta;
 	if (class < 0)
 		return;
 	e = avl_find_element(&iface->addr_map, data, e, node);
 	if (!e) {
 		e = calloc(1, sizeof(*e));
 		memcpy(&e->data, data, sizeof(e->data));
 		e->node.key = &e->data;
 		avl_insert(&iface->addr_map, &e->node);
 	}
 	spotfilter_bpf_set_whitelist(iface, ipv6 ? data->ip6addr : &data->ip4addr, ipv6, &val);
 	e->data.timeout = spotfilter_gettime() + data->timeout;
 	delta = e->data.timeout - iface->next_gc;
 	if (iface->next_gc && delta < 0)
 		uloop_timeout_set(&iface->addr_gc, data->timeout);
 }
 static int
 dns_parse_question(struct interface *iface, struct packet *pkt, const void *hdr, int *class)
 {
 	char qname[MAX_NAME_LEN];
 	if (pkt_pull_name(pkt, hdr, qname) ||
 	    !pkt_pull(pkt, sizeof(struct dns_question)))
 		return -1;
 	cname_cache_get(iface, qname, class);
 	spotfilter_dns_whitelist_lookup(iface, qname, class);
 	return 0;
 }
 static int
 dns_parse_answer(struct interface *iface, struct packet *pkt, void *hdr, int *class)
 {
 	char cname[MAX_NAME_LEN];
 	struct dns_answer *a;
 	struct addr_entry_data data = {};
 	bool ipv6 = false;
 	void *rdata;
 	int len;
 	if (pkt_pull_name(pkt, hdr, NULL))
 		return -1;
 	a = pkt_pull(pkt, sizeof(*a));
 	if (!a)
 		return -1;
 	len = be16_to_cpu(a->rdlength);
 	rdata = pkt_pull(pkt, len);
 	if (!rdata)
 		return -1;
 	switch (be16_to_cpu(a->type)) {
 	case TYPE_CNAME:
 		if (dn_expand(hdr, pkt->buffer + pkt->len, rdata,
 			      cname, sizeof(cname)) < 0)
 			return -1;
 		spotfilter_dns_whitelist_lookup(iface, cname, class);
 		cname_cache_set(iface, cname, *class);
 		return 0;
 	case TYPE_A:
 		memcpy(&data.ip4addr, rdata, 4);
 		if (!data.ip4addr)
 			return 0;
 		break;
 	case TYPE_AAAA:
 		ipv6 = true;
 		memcpy(&data.ip6addr, rdata, 16);
 		if (!data.ip6addr[0])
 			return 0;
 		break;
 	default:
 		return 0;
 	}
 	if (class < 0)
 	    return 0;
 	data.timeout = be32_to_cpu(a->ttl);
 	spotfilter_dns_whitelist_map_add(iface, &data, ipv6, *class);
 	return 0;
 }
 static void
 spotfilter_dns_iface_recv(struct interface *iface, struct packet *pkt)
 {
 	struct dns_header *h;
 	int class = -1;
 	int i;
 	h = pkt_pull(pkt, sizeof(*h));
 	if (!h)
 		return;
 	if ((h->flags & cpu_to_be16(FLAG_RESPONSE | FLAG_OPCODE | FLAG_RCODE)) !=
 	    cpu_to_be16(FLAG_RESPONSE))
 		return;
 	if (h->questions != cpu_to_be16(1))
 		return;
 	if (dns_parse_question(iface, pkt, h, &class))
 		return;
 	for (i = 0; i < be16_to_cpu(h->answers); i++)
 		if (dns_parse_answer(iface, pkt, h, &class))
 			return;
 }
 static void
 spotfilter_dns_recv(struct packet *pkt)
 {
 	struct interface *iface;
 	avl_for_each_element(&interfaces, iface, node) {
 		struct packet tmp_pkt = *pkt;
 		spotfilter_dns_iface_recv(iface, &tmp_pkt);
 	}
 }
 static void
 spotfilter_parse_udp_v4(struct packet *pkt, uint16_t src_port, uint16_t dst_port)
 {
 	struct ethhdr *eth = pkt->head;
 	if (src_port != 67 || dst_port != 68)
 		return;
 	spotfilter_recv_dhcpv4(pkt->buffer, pkt->len, eth->h_dest);
 }
 static void
 spotfilter_packet_cb(struct packet *pkt)
 {
 	uint16_t proto, src_port, dst_port;
 	struct ethhdr *eth;
 	struct ip6_hdr *ip6;
 	struct ip *ip;
 	struct udphdr *udp;
 	bool ipv4;
 	eth = pkt_pull(pkt, sizeof(*eth));
 	if (!eth)
 		return;
 	proto = be16_to_cpu(eth->h_proto);
 	if (proto_is_vlan(proto)) {
 		struct vlan_hdr *vlan;
 		vlan = pkt_pull(pkt, sizeof(*vlan));
 		if (!vlan)
 			return;
 		proto = be16_to_cpu(vlan->proto);
 	}
 	switch (proto) {
 	case ETH_P_IP:
 		ip = pkt_peek(pkt, sizeof(struct ip));
 		if (!ip)
 			return;
 		if (!pkt_pull(pkt, ip->ip_hl * 4))
 			return;
 		proto = ip->ip_p;
 		ipv4 = true;
 		break;
 	case ETH_P_IPV6:
 		ip6 = pkt_pull(pkt, sizeof(*ip6));
 		if (!ip6)
 			return;
 		proto = ip6->ip6_nxt;
 		if (proto == IPPROTO_ICMPV6) {
 			if (ip6->ip6_hlim != 255)
 				return;
 			spotfilter_recv_icmpv6(pkt->buffer, pkt->len, eth->h_source, eth->h_dest);
 			return;
 		}
 		break;
 	default:
 		return;
 	}
 	if (proto != IPPROTO_UDP)
 		return;
 	udp = pkt_pull(pkt, sizeof(struct udphdr));
 	if (!udp)
 		return;
 	src_port = ntohs(udp->uh_sport);
 	dst_port = ntohs(udp->uh_dport);
 	if (ipv4)
 		spotfilter_parse_udp_v4(pkt, src_port, dst_port);
 	if (src_port == 53)
 		spotfilter_dns_recv(pkt);
 }
 static void
 spotfilter_socket_cb(struct uloop_fd *fd, unsigned int events)
 {
 	static uint8_t buf[8192];
 	struct packet pkt = {
 		.head = buf,
 		.buffer = buf,
 	};
 	int len;
 retry:
 	len = recvfrom(fd->fd, buf, sizeof(buf), MSG_DONTWAIT, NULL, NULL);
 	if (len < 0) {
 		if (errno == EINTR)
 			goto retry;
 		return;
 	}
 	if (!len)
 		return;
 	pkt.len = len;
 	spotfilter_packet_cb(&pkt);
 }
 static int
 spotfilter_open_socket(void)
 {
 	struct sockaddr_ll sll = {
 		.sll_family = AF_PACKET,
 		.sll_protocol = htons(ETH_P_ALL),
 	};
 	int sock;
 	sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
 	if (sock == -1) {
 		ULOG_ERR("failed to create raw socket: %s\n", strerror(errno));
 		return -1;
 	}
 	sll.sll_ifindex = if_nametoindex(SPOTFILTER_IFB_NAME);
 	if (bind(sock, (struct sockaddr *)&sll, sizeof(sll))) {
 		ULOG_ERR("failed to bind socket to "SPOTFILTER_IFB_NAME": %s\n",
 			 strerror(errno));
 		goto error;
 	}
 	fcntl(sock, F_SETFL, fcntl(sock, F_GETFL) | O_NONBLOCK);
 	ufd.fd = sock;
 	ufd.cb = spotfilter_socket_cb;
 	uloop_fd_add(&ufd, ULOOP_READ);
 	return 0;
 error:
 	close(sock);
 	return -1;
 }
 static void
 spotfilter_addr_gc(struct uloop_timeout *t)
 {
 	struct interface *iface = container_of(t, struct interface, addr_gc);
 	struct addr_entry *e, *tmp;
 	uint32_t now = spotfilter_gettime();
 	int32_t timeout = 0;
 	iface->next_gc = 0;
 	avl_for_each_element_safe(&iface->addr_map, e, node, tmp) {
 		const void *addr = e->data.ip6addr[0] ? &e->data.ip6addr[0] : &e->data.ip4addr;
 		bool ipv6 = !!e->data.ip6addr[0];
 		int32_t cur_timeout;
 		cur_timeout = e->data.timeout - now;
 		if (cur_timeout <= 0) {
 			if (!spotfilter_bpf_whitelist_seen(iface, addr, ipv6)) {
 				spotfilter_bpf_set_whitelist(iface, addr, ipv6, NULL);
 				avl_delete(&iface->addr_map, &e->node);
 				free(e);
 				continue;
 			}
 			e->data.timeout = now + iface->active_timeout;
 		}
 		if (!timeout || cur_timeout < timeout) {
 			timeout = cur_timeout;
 			iface->next_gc = e->data.timeout;
 		}
 	}
 	if (!timeout)
 		return;
 	uloop_timeout_set(&iface->addr_gc, timeout * 1000);
 }
 static void
 spotfilter_cname_cache_gc(struct uloop_timeout *timeout)
 {
 	struct interface *iface;
 	struct cname_entry *e, *tmp;
 	avl_for_each_element(&interfaces, iface, node) {
 		avl_for_each_element_safe(&iface->cname_cache, e, node, tmp) {
 			if (e->age++ < 5)
 				continue;
 			avl_delete(&iface->cname_cache, &e->node);
 			free(e);
 		}
 	}
 	uloop_timeout_set(timeout, 1000);
 }
 static int avl_addr_cmp(const void *k1, const void *k2, void *ptr)
 {
 	return memcmp(k1, k2, 16);
 }
 void spotfilter_dns_init(struct interface *iface)
 {
 	avl_init(&iface->cname_cache, avl_strcmp, false, NULL);
 	avl_init(&iface->addr_map, avl_addr_cmp, false, NULL);
 	iface->addr_gc.cb = spotfilter_addr_gc;
 }
 void spotfilter_dns_free(struct interface *iface)
 {
 	struct cname_entry *e, *tmp;
 	avl_remove_all_elements(&iface->cname_cache, e, node, tmp)
 		free(e);
 }
 int spotfilter_dev_init(void)
 {
 	cname_gc_timer.cb = spotfilter_cname_cache_gc;
 	spotfilter_cname_cache_gc(&cname_gc_timer);
 	spotfilter_dev_done();
 	if (spotfilter_run_cmd("ip link add "SPOTFILTER_IFB_NAME" type ifb", false) ||
 	    spotfilter_run_cmd("ip link set dev "SPOTFILTER_IFB_NAME" up", false) ||
 	    spotfilter_open_socket())
 		return -1;
 	spotfilter_ifb_ifindex = if_nametoindex(SPOTFILTER_IFB_NAME);
 	return 0;
 }
 void spotfilter_dev_done(void)
 {
 	if (ufd.registered) {
 		uloop_fd_delete(&ufd);
 		close(ufd.fd);
 	}
 	spotfilter_run_cmd("ip link del "SPOTFILTER_IFB_NAME, true);
 }
--- a/feeds/ucentral/spotfilter/src/spotfilter-bpf.c
+++ b/feeds/ucentral/spotfilter/src/spotfilter-bpf.c
@@ -0,0 +1,287 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #define KBUILD_MODNAME "foo"
 #include <uapi/linux/bpf.h>
 #include <uapi/linux/if_ether.h>
 #include <uapi/linux/if_packet.h>
 #include <uapi/linux/ip.h>
 #include <uapi/linux/ipv6.h>
 #include <uapi/linux/in.h>
 #include <uapi/linux/tcp.h>
 #include <uapi/linux/udp.h>
 #include <uapi/linux/icmpv6.h>
 #include <uapi/linux/filter.h>
 #include <uapi/linux/pkt_cls.h>
 #include <linux/ip.h>
 #include <net/ipv6.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_endian.h>
 #include "bpf_skb_utils.h"
 #include "spotfilter-bpf.h"
 static const volatile struct spotfilter_bpf_config config = {};
 struct {
 	__uint(type, BPF_MAP_TYPE_ARRAY);
 	__uint(key_size, sizeof(uint32_t));
 	__type(value, struct spotfilter_bpf_class);
 	__uint(max_entries, SPOTFILTER_NUM_CLASS);
 } class SEC(".maps");
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(key_size, sizeof(struct spotfilter_client_key));
 	__type(value, struct spotfilter_client_data);
 	__uint(max_entries, 1000);
 	__uint(map_flags, BPF_F_NO_PREALLOC);
 } client SEC(".maps");
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(key_size, sizeof(struct in_addr));
 	__type(value, struct spotfilter_whitelist_entry);
 	__uint(max_entries, 10000);
 	__uint(map_flags, BPF_F_NO_PREALLOC);
 } whitelist_ipv4 SEC(".maps");
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(key_size, sizeof(struct in6_addr));
 	__type(value, struct spotfilter_whitelist_entry);
 	__uint(max_entries, 10000);
 	__uint(map_flags, BPF_F_NO_PREALLOC);
 } whitelist_ipv6 SEC(".maps");
 static bool
 is_dhcpv4_port(uint16_t port)
 {
 	return port == bpf_htons(67) || port == bpf_htons(68);
 }
 static __always_inline bool
 check_ipv4_control(struct skb_parser_info *info)
 {
 	struct udphdr *udph;
 	if (info->proto != IPPROTO_UDP)
 		return false;
 	udph = skb_info_ptr(info, sizeof(*udph));
 	if (!udph)
 		return false;
 	return is_dhcpv4_port(udph->source) && is_dhcpv4_port(udph->dest);
 }
 static bool
 is_dhcpv6_port(uint16_t port)
 {
 	return port == bpf_htons(546) || port == bpf_htons(547);
 }
 static bool
 is_icmpv6_control(uint8_t type)
 {
 	switch (type) {
 	case ICMPV6_PKT_TOOBIG:
 	case NDISC_ROUTER_SOLICITATION:
 	case NDISC_ROUTER_ADVERTISEMENT:
 	case NDISC_NEIGHBOUR_SOLICITATION:
 	case NDISC_NEIGHBOUR_ADVERTISEMENT:
 	case NDISC_REDIRECT:
 	case ICMPV6_MGM_QUERY:
 	case ICMPV6_MGM_REPORT:
 		return true;
 	default:
 		return false;
 	}
 }
 static __always_inline bool
 check_ipv6_control(struct skb_parser_info *info)
 {
 	if (info->proto == IPPROTO_UDP) {
 		struct udphdr *udph;
 		udph = skb_info_ptr(info, sizeof(*udph));
 		if (!udph)
 			return false;
 		return is_dhcpv6_port(udph->source) && is_dhcpv6_port(udph->dest);
 	}
 	if (info->proto == IPPROTO_ICMPV6) {
 		struct icmp6hdr *icmp6h;
 		icmp6h = skb_info_ptr(info, sizeof(*icmp6h));
 		if (!icmp6h)
 			return false;
 		return is_icmpv6_control(icmp6h->icmp6_type);
 	}
 	return false;
 }
 static __always_inline bool
 check_dns(struct skb_parser_info *info, bool ingress)
 {
 	struct udphdr *udph;
 	if (info->proto != IPPROTO_UDP)
 		return false;
 	udph = skb_info_ptr(info, sizeof(*udph));
 	if (!udph)
 		return false;
 	if (ingress)
 		return udph->dest == bpf_htons(53);
 	return udph->source == bpf_htons(53);
 }
 SEC("tc/egress")
 int spotfilter_out(struct __sk_buff *skb)
 {
 	struct spotfilter_client_data *cl;
 	struct skb_parser_info info;
 	struct ethhdr *eth;
 	bool is_control = false;
 	bool is_dns = false;
 	skb_parse_init(&info, skb);
 	eth = skb_parse_ethernet(&info);
 	if (!eth)
 		return TC_ACT_UNSPEC;
 	cl = bpf_map_lookup_elem(&client, eth->h_dest);
 	if (cl) {
 		if (cl->flags & SPOTFILTER_CLIENT_F_ACCT_DL)
 			cl->bytes_dl += skb->len;
 	}
 	skb_parse_vlan(&info);
 	if (skb_parse_ipv4(&info, sizeof(struct udphdr))) {
 		is_control = check_ipv4_control(&info);
 		is_dns = check_dns(&info, false);
 	} else if (skb_parse_ipv6(&info, sizeof(struct icmp6hdr))) {
 		is_control = check_ipv6_control(&info);
 		is_dns = check_dns(&info, false);
 	} else {
 		return TC_ACT_UNSPEC;
 	}
 	if (is_control || is_dns)
 		bpf_clone_redirect(skb, config.snoop_ifindex, BPF_F_INGRESS);
 	return TC_ACT_UNSPEC;
 }
 SEC("tc/ingress")
 int spotfilter_in(struct __sk_buff *skb)
 {
 	struct spotfilter_client_data *cl, cldata = {};
 	struct spotfilter_bpf_class *c, cdata;
 	struct skb_parser_info info;
 	struct ipv6hdr *ip6h;
 	struct ethhdr *eth;
 	struct iphdr *iph;
 	bool addr_match = false;
 	bool is_control = false;
 	bool has_vlan = false;
 	bool is_dns = false;
 	struct spotfilter_whitelist_entry *wl_val = NULL;
 	uint32_t cur_class;
 	skb_parse_init(&info, skb);
 	eth = skb_parse_ethernet(&info);
 	if (!eth)
 		return TC_ACT_UNSPEC;
 	cl = bpf_map_lookup_elem(&client, eth->h_source);
 	if (cl) {
 		cldata = *cl;
 		if (cl->flags & SPOTFILTER_CLIENT_F_ACCT_UL)
 			cl->bytes_ul += skb->len;
 	}
 	has_vlan = !!skb_parse_vlan(&info);
 	if ((iph = skb_parse_ipv4(&info, sizeof(struct udphdr))) != NULL) {
 		addr_match = iph->saddr == cldata.ip4addr;
 		is_control = check_ipv4_control(&info);
 		is_dns = check_dns(&info, true);
 		if (!is_control)
 			wl_val = bpf_map_lookup_elem(&whitelist_ipv4, &iph->daddr);
 	} else if ((ip6h = skb_parse_ipv6(&info, sizeof(struct icmp6hdr))) != NULL) {
 		addr_match = ipv6_addr_equal(&ip6h->saddr, (struct in6_addr *)&cldata.ip6addr);
 		if ((ip6h->saddr.s6_addr[0] & 0xe0) != 0x20)
 			addr_match = true;
 		is_control = check_ipv6_control(&info);
 		is_dns = check_dns(&info, true);
 		if (!is_control)
 			wl_val = bpf_map_lookup_elem(&whitelist_ipv6, &ip6h->daddr);
 	} else {
 			return TC_ACT_UNSPEC;
 	}
 	if (wl_val) {
 		cldata.cur_class = wl_val->val;
 		cldata.dns_class = wl_val->val;
 		wl_val->seen = 1;
 	}
 	if (is_control) {
 		bpf_clone_redirect(skb, config.snoop_ifindex, BPF_F_INGRESS);
 		return TC_ACT_UNSPEC;
 	}
 	if (!addr_match) {
 		if (!is_control)
 			return TC_ACT_SHOT;
 		memset(&cldata, 0, sizeof(cldata));
 	}
 	cur_class = is_dns ? cldata.dns_class : cldata.cur_class;
 	c = bpf_map_lookup_elem(&class, &cur_class);
 	if (c)
 		cdata = *c;
 	else
 		return TC_ACT_UNSPEC;
 	if (!(cdata.actions & SPOTFILTER_ACTION_VALID))
 		return TC_ACT_SHOT;
 	if (cdata.actions & SPOTFILTER_ACTION_SET_DEST_MAC) {
 		eth = skb_ptr(skb, 0, sizeof(*eth));
 		if (!eth)
 			return TC_ACT_UNSPEC;
 		memcpy(eth->h_dest, cdata.dest_mac, ETH_ALEN);
 	}
 	if (cdata.actions & SPOTFILTER_ACTION_FWMARK)
 		skb->mark = (skb->mark & ~cdata.fwmark_mask) | cdata.fwmark_val;
 	if (cdata.actions & SPOTFILTER_ACTION_REDIRECT) {
 		if (cdata.actions & SPOTFILTER_ACTION_REDIRECT_VLAN) {
 			if (has_vlan && bpf_skb_vlan_pop(skb))
 				return -1;
 			if (cdata.redirect_vlan_proto &&
 				bpf_skb_vlan_push(skb, cdata.redirect_vlan_proto, cdata.redirect_vlan))
 				return -1;
 		}
 		return bpf_redirect(cdata.redirect_ifindex, 0);
 	}
 	return TC_ACT_UNSPEC;
 }
 char _license[] SEC("license") = "GPL";
--- a/feeds/ucentral/spotfilter/src/spotfilter-bpf.h
+++ b/feeds/ucentral/spotfilter/src/spotfilter-bpf.h
@@ -0,0 +1,57 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #ifndef __BPF_SPOTFILTER_H
 #define __BPF_SPOTFILTER_H
 struct spotfilter_client_key {
 	uint8_t addr[6];
 };
 #define SPOTFILTER_CLIENT_F_ACCT_UL	(1 << 0)
 #define SPOTFILTER_CLIENT_F_ACCT_DL	(1 << 1)
 struct spotfilter_client_data {
 	uint32_t ip4addr;
 	uint32_t ip6addr[4];
 	uint8_t cur_class;
 	uint8_t dns_class;
 	uint8_t flags;
 	uint64_t bytes_ul;
 	uint64_t bytes_dl;
 };
 struct spotfilter_bpf_config {
 	uint32_t snoop_ifindex;
 };
 struct spotfilter_whitelist_entry {
 	uint8_t val;
 	uint8_t seen;
 };
 #define SPOTFILTER_NUM_CLASS 16
 #define SPOTFILTER_ACTION_FWMARK	(1 << 0)
 #define SPOTFILTER_ACTION_REDIRECT	(1 << 1)
 #define SPOTFILTER_ACTION_REDIRECT_VLAN	(1 << 2)
 #define SPOTFILTER_ACTION_SET_DEST_MAC	(1 << 3)
 #define SPOTFILTER_ACTION_VALID		(1 << 15)
 struct spotfilter_bpf_class {
 	uint16_t actions;
 	uint8_t dest_mac[6];
 	uint32_t fwmark_val;
 	uint32_t fwmark_mask;
 	uint32_t redirect_ifindex;
 	uint16_t redirect_vlan;
 	uint16_t redirect_vlan_proto;
 };
 #endif
--- a/feeds/ucentral/spotfilter/src/spotfilter.h
+++ b/feeds/ucentral/spotfilter/src/spotfilter.h
@@ -0,0 +1,59 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #ifndef __SPOTFILTER_H
 #define __SPOTFILTER_H
 #include <stdbool.h>
 #include <stdint.h>
 #include <regex.h>
 #include <bpf/bpf.h>
 #include <bpf/libbpf.h>
 #include <libubox/utils.h>
 #include <libubox/avl.h>
 #include <libubox/vlist.h>
 #include <libubox/blobmsg.h>
 #include <libubox/ulog.h>
 #include <netinet/in.h>
 #include "spotfilter-bpf.h"
 #include "interface.h"
 #include "bpf.h"
 #include "client.h"
 #define SPOTFILTER_IFB_NAME	"spotfilter-ifb"
 #define SPOTFILTER_PROG_PATH	"/lib/bpf/spotfilter-bpf.o"
 #define SPOTFILTER_PRIO_BASE	0x120
 extern int spotfilter_ifb_ifindex;
 struct nl_msg;
 int rtnl_init(void);
 int rtnl_fd(void);
 int rtnl_call(struct nl_msg *msg);
 int spotfilter_run_cmd(char *cmd, bool ignore_error);
 int spotfilter_ubus_init(void);
 void spotfilter_ubus_stop(void);
 void spotfilter_ubus_notify(struct interface *iface, struct client *cl, const char *type);
 int spotfilter_dev_init(void);
 void spotfilter_dev_done(void);
 void spotfilter_dns_init(struct interface *iface);
 void spotfilter_dns_free(struct interface *iface);
 void spotfilter_recv_dhcpv4(const void *msg, int len, const void *eth_addr);
 void spotfilter_recv_icmpv6(const void *data, int len, const uint8_t *src, const uint8_t *dest);
 int spotfilter_nl80211_init(void);
 void spotfilter_nl80211_done(void);
 #endif
--- a/feeds/ucentral/spotfilter/src/ubus.c
+++ b/feeds/ucentral/spotfilter/src/ubus.c
@@ -0,0 +1,470 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
 */
 #include <libubus.h>
 #include <arpa/inet.h>
 #include <netinet/ether.h>
 #include <net/if.h>
 #include "spotfilter.h"
 static struct blob_buf b;
 enum {
 	IFACE_ATTR_NAME,
 	IFACE_ATTR_CONFIG,
 	IFACE_ATTR_DEVICES,
 	__IFACE_ATTR_MAX,
 };
 static const struct blobmsg_policy iface_policy[__IFACE_ATTR_MAX] = {
 	[IFACE_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING },
 	[IFACE_ATTR_CONFIG] = { "config", BLOBMSG_TYPE_TABLE },
 	[IFACE_ATTR_DEVICES] = { "devices", BLOBMSG_TYPE_ARRAY },
 };
 static int
 interface_ubus_add(struct ubus_context *ctx, struct ubus_object *obj,
 		   struct ubus_request_data *req, const char *method,
 		   struct blob_attr *msg)
 {
 	struct blob_attr *tb[__IFACE_ATTR_MAX];
 	struct blob_attr *cur;
 	const char *name;
 	blobmsg_parse(iface_policy, __IFACE_ATTR_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
 	if ((cur = tb[IFACE_ATTR_NAME]) != NULL)
 		name = blobmsg_get_string(tb[IFACE_ATTR_NAME]);
 	else
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	if ((cur = tb[IFACE_ATTR_DEVICES]) != NULL &&
 	    blobmsg_check_array(cur, BLOBMSG_TYPE_STRING) < 0)
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	interface_add(name, tb[IFACE_ATTR_CONFIG], tb[IFACE_ATTR_DEVICES]);
 	return 0;
 }
 static int
 interface_ubus_remove(struct ubus_context *ctx, struct ubus_object *obj,
 		      struct ubus_request_data *req, const char *method,
 		      struct blob_attr *msg)
 {
 	struct interface *iface;
 	struct blob_attr *tb;
 	blobmsg_parse(&iface_policy[IFACE_ATTR_NAME], 1, &tb,
 		      blobmsg_data(msg), blobmsg_len(msg));
 	if (tb)
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	iface = avl_find_element(&interfaces, blobmsg_get_string(tb), iface, node);
 	if (!iface)
 		return UBUS_STATUS_NOT_FOUND;
 	interface_free(iface);
 	return 0;
 }
 static int
 check_devices(struct ubus_context *ctx, struct ubus_object *obj,
 	      struct ubus_request_data *req, const char *method,
 	      struct blob_attr *msg)
 {
 	interface_check_devices();
 	return 0;
 }
 enum {
 	CLIENT_ATTR_IFACE,
 	CLIENT_ATTR_ADDR,
 	CLIENT_ATTR_ID,
 	CLIENT_ATTR_STATE,
 	CLIENT_ATTR_DNS_STATE,
 	CLIENT_ATTR_ACCOUNTING,
 	CLIENT_ATTR_DATA,
 	__CLIENT_ATTR_MAX
 };
 static const struct blobmsg_policy client_policy[__CLIENT_ATTR_MAX] = {
 	[CLIENT_ATTR_IFACE] = { "interface", BLOBMSG_TYPE_STRING },
 	[CLIENT_ATTR_ADDR] = { "address", BLOBMSG_TYPE_STRING },
 	[CLIENT_ATTR_ID] = { "id", BLOBMSG_TYPE_STRING },
 	[CLIENT_ATTR_STATE] = { "state", BLOBMSG_TYPE_INT32 },
 	[CLIENT_ATTR_DNS_STATE] = { "dns_state", BLOBMSG_TYPE_INT32 },
 	[CLIENT_ATTR_ACCOUNTING] = { "accounting", BLOBMSG_TYPE_ARRAY },
 	[CLIENT_ATTR_DATA] = { "data", BLOBMSG_TYPE_TABLE },
 };
 static int
 client_ubus_init(struct blob_attr *msg, struct blob_attr **tb,
 		 struct interface **iface, const void **addr,
 		 const char **id, struct client **cl)
 {
 	struct blob_attr *cur;
 	blobmsg_parse(client_policy, __CLIENT_ATTR_MAX, tb,
 		      blobmsg_data(msg), blobmsg_len(msg));
 	if ((cur = tb[CLIENT_ATTR_IFACE]) != NULL)
 		*iface = avl_find_element(&interfaces, blobmsg_get_string(cur),
 					  *iface, node);
 	else
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	if (!*iface)
 		return UBUS_STATUS_NOT_FOUND;
 	if ((cur = tb[CLIENT_ATTR_ADDR]) != NULL)
 		*addr = ether_aton(blobmsg_get_string(cur));
 	else
 		*addr = NULL;
 	if ((cur = tb[CLIENT_ATTR_ID]) != NULL)
 		*id = blobmsg_get_string(cur);
 	else
 		*id = NULL;
 	if (*addr)
 		*cl = avl_find_element(&(*iface)->clients, *addr, *cl, node);
 	else if (*id)
 		*cl = avl_find_element(&(*iface)->client_ids, *id, *cl, id_node);
 	else
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	if (*cl && !*addr)
 		*addr = (*cl)->node.key;
 	return 0;
 }
 static int
 client_accounting_flags(struct blob_attr *attr)
 {
 	struct blob_attr *cur;
 	int flags = 0;
 	int rem;
 	blobmsg_for_each_attr(cur, attr, rem) {
 		const char *val = blobmsg_get_string(cur);
 		if (!strcmp(val, "ul"))
 			flags |= SPOTFILTER_CLIENT_F_ACCT_UL;
 		else if (!strcmp(val, "dl"))
 			flags |= SPOTFILTER_CLIENT_F_ACCT_DL;
 	}
 	return flags;
 }
 static int
 client_ubus_update(struct ubus_context *ctx, struct ubus_object *obj,
 		   struct ubus_request_data *req, const char *method,
 		   struct blob_attr *msg)
 {
 	struct blob_attr *tb[__CLIENT_ATTR_MAX];
 	struct interface *iface = NULL;
 	struct blob_attr *cur;
 	struct client *cl = NULL;
 	const void *addr = NULL;
 	const char *id = NULL;
 	int state = -1, dns_state = -1;
 	int accounting = -1;
 	int ret;
 	ret = client_ubus_init(msg, tb, &iface, &addr, &id, &cl);
 	if (ret)
 		return ret;
 	if ((cur = tb[CLIENT_ATTR_STATE]) != NULL)
 		dns_state = state = blobmsg_get_u32(cur);
 	if ((cur = tb[CLIENT_ATTR_DNS_STATE]) != NULL)
 		dns_state = blobmsg_get_u32(cur);
 	if ((cur = tb[CLIENT_ATTR_ACCOUNTING]) != NULL &&
 	    blobmsg_check_array(cur, BLOBMSG_TYPE_STRING) >= 0)
 		accounting = client_accounting_flags(cur);
 	if (!strcmp(method, "client_remove")) {
 		if (!cl)
 			return UBUS_STATUS_NOT_FOUND;
 		client_free(iface, cl);
 		return 0;
 	}
 	if (!addr)
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	client_set(iface, addr, id, state, dns_state, accounting,
 		   tb[CLIENT_ATTR_DATA]);
 	return 0;
 }
 static void
 interface_dump_action(struct blob_buf *buf, struct interface *iface, uint8_t class)
 {
 	struct spotfilter_bpf_class *c = &iface->cdata[class];
 	char ifname[IFNAMSIZ + 1];
 	if (!(c->actions & SPOTFILTER_ACTION_VALID)) {
 		blobmsg_add_u8(buf, "invalid", 1);
 		return;
 	}
 	if (c->actions & SPOTFILTER_ACTION_FWMARK) {
 		blobmsg_add_u32(buf, "fwmark", c->fwmark_val);
 		blobmsg_add_u32(buf, "fwmark_mask", c->fwmark_mask);
 	}
 	if (c->actions & SPOTFILTER_ACTION_REDIRECT)
 		blobmsg_add_string(buf, "redirect", if_indextoname(c->redirect_ifindex, ifname));
 	if (c->actions & SPOTFILTER_ACTION_SET_DEST_MAC)
 		blobmsg_add_string(buf, "dest_mac", ether_ntoa((const void *)c->dest_mac));
 }
 static void client_dump(struct interface *iface, struct client *cl)
 {
 	struct blob_attr *val;
 	const char *name;
 	char *buf;
 	void *c;
 	spotfilter_bpf_get_client(iface, &cl->key, &cl->data);
 	if (iface->client_autoremove)
 		blobmsg_add_u32(&b, "idle", cl->idle);
 	blobmsg_add_u32(&b, "state", cl->data.cur_class);
 	blobmsg_add_u32(&b, "dns_state", cl->data.dns_class);
 	if (cl->id_node.key)
 		blobmsg_add_string(&b, "id", (const char *)cl->id_node.key);
 	if (cl->data.ip4addr) {
 		buf = blobmsg_alloc_string_buffer(&b, "ip4addr", INET6_ADDRSTRLEN);
 		inet_ntop(AF_INET, (const void *)&cl->data.ip4addr, buf, INET6_ADDRSTRLEN);
 		blobmsg_add_string_buffer(&b);
 	}
 	if (cl->data.ip6addr[0]) {
 		buf = blobmsg_alloc_string_buffer(&b, "ip6addr", INET6_ADDRSTRLEN);
 		inet_ntop(AF_INET6, (const void *)cl->data.ip6addr, buf, INET6_ADDRSTRLEN);
 		blobmsg_add_string_buffer(&b);
 	}
 	c = blobmsg_open_array(&b, "accounting");
 	if (cl->data.flags & SPOTFILTER_CLIENT_F_ACCT_UL)
 		blobmsg_add_string(&b, NULL, "ul");
 	if (cl->data.flags & SPOTFILTER_CLIENT_F_ACCT_DL)
 		blobmsg_add_string(&b, NULL, "dl");
 	blobmsg_close_table(&b, c);
 	c = blobmsg_open_table(&b, "data");
 	kvlist_for_each(&cl->kvdata, name, val)
 		blobmsg_add_blob(&b, val);
 	blobmsg_close_table(&b, c);
 	c = blobmsg_open_table(&b, "action");
 	interface_dump_action(&b, iface, cl->data.cur_class);
 	blobmsg_close_table(&b, c);
 	c = blobmsg_open_table(&b, "dns_action");
 	interface_dump_action(&b, iface, cl->data.dns_class);
 	blobmsg_close_table(&b, c);
 	blobmsg_add_u64(&b, "bytes_ul", cl->data.bytes_ul);
 	blobmsg_add_u64(&b, "bytes_dl", cl->data.bytes_dl);
 }
 static int
 client_ubus_get(struct ubus_context *ctx, struct ubus_object *obj,
 		struct ubus_request_data *req, const char *method,
 		struct blob_attr *msg)
 {
 	struct blob_attr *tb[__CLIENT_ATTR_MAX];
 	struct interface *iface = NULL;
 	const void *addr = NULL;
 	const char *id = NULL;
 	struct client *cl = NULL;
 	int ret;
 	ret = client_ubus_init(msg, tb, &iface, &addr, &id, &cl);
 	if (ret)
 		return ret;
 	if (!cl)
 		return UBUS_STATUS_NOT_FOUND;
 	blob_buf_init(&b, 0);
 	blobmsg_add_string(&b, "address", ether_ntoa(cl->node.key));
 	client_dump(iface, cl);
 	ubus_send_reply(ctx, req, b.head);
 	return 0;
 }
 static int
 client_ubus_list(struct ubus_context *ctx, struct ubus_object *obj,
 		 struct ubus_request_data *req, const char *method,
 		 struct blob_attr *msg)
 {
 	struct blob_attr *iface_attr;
 	struct interface *iface;
 	struct client *cl;
 	blobmsg_parse(&client_policy[CLIENT_ATTR_IFACE], 1, &iface_attr,
 		      blobmsg_data(msg), blobmsg_len(msg));
 	if (!iface_attr)
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	iface = avl_find_element(&interfaces, blobmsg_get_string(iface_attr),
 				 iface, node);
 	if (!iface)
 		return UBUS_STATUS_NOT_FOUND;
 	blob_buf_init(&b, 0);
 	avl_for_each_element(&iface->clients, cl, node) {
 		void *c;
 		c = blobmsg_open_table(&b, ether_ntoa(cl->node.key));
 		client_dump(iface, cl);
 		blobmsg_close_table(&b, c);
 	}
 	ubus_send_reply(ctx, req, b.head);
 	return 0;
 }
 enum {
 	WHITELIST_ATTR_IFACE,
 	WHITELIST_ATTR_ADDR,
 	WHITELIST_ATTR_STATE,
 	__WHITELIST_ATTR_MAX
 };
 static const struct blobmsg_policy whitelist_policy[__WHITELIST_ATTR_MAX] = {
 	[WHITELIST_ATTR_IFACE] = { "interface", BLOBMSG_TYPE_STRING },
 	[WHITELIST_ATTR_ADDR] = { "address", BLOBMSG_TYPE_ARRAY },
 	[WHITELIST_ATTR_STATE] = { "state", BLOBMSG_TYPE_INT32 },
 };
 static int
 whitelist_update(struct ubus_context *ctx, struct ubus_object *obj,
 		 struct ubus_request_data *req, const char *method,
 		 struct blob_attr *msg)
 {
 	struct blob_attr *tb[__WHITELIST_ATTR_MAX];
 	struct interface *iface;
 	struct blob_attr *cur;
 	uint8_t state = 0;
 	const uint8_t *val = &state;
 	int rem;
 	blobmsg_parse(whitelist_policy, __WHITELIST_ATTR_MAX, tb,
 		      blobmsg_data(msg), blobmsg_len(msg));
 	if ((cur = tb[WHITELIST_ATTR_IFACE]) != NULL)
 		iface = avl_find_element(&interfaces, blobmsg_get_string(cur),
 					 iface, node);
 	else
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	if ((cur = tb[WHITELIST_ATTR_STATE]) != NULL)
 		state = blobmsg_get_u32(cur);
 	if ((cur = tb[WHITELIST_ATTR_ADDR]) == NULL ||
 	    blobmsg_check_array(cur, BLOBMSG_TYPE_STRING) < 0)
 		return UBUS_STATUS_INVALID_ARGUMENT;
 	if (!strcmp(method, "whitelist_remove"))
 		val = NULL;
 	blobmsg_for_each_attr(cur, tb[WHITELIST_ATTR_ADDR], rem) {
 		const char *addrstr = blobmsg_get_string(cur);
 		bool ipv6 = strchr(addrstr, ':');
 		union {
 			struct in_addr in;
 			struct in6_addr in6;
 		} addr = {};
 		if (inet_pton(ipv6 ? AF_INET6 : AF_INET, addrstr, &addr) != 1)
 			continue;
 		spotfilter_bpf_set_whitelist(iface, &addr, ipv6, val);
 	}
 	return 0;
 }
 static const struct ubus_method spotfilter_methods[] = {
 	UBUS_METHOD_NOARG("check_devices", check_devices),
 	UBUS_METHOD("client_set", client_ubus_update, client_policy),
 	UBUS_METHOD_MASK("client_remove", client_ubus_update, client_policy,
 			 (1 << CLIENT_ATTR_IFACE) | (1 << CLIENT_ATTR_ADDR)),
 	UBUS_METHOD_MASK("client_get", client_ubus_get, client_policy,
 			 (1 << CLIENT_ATTR_IFACE) | (1 << CLIENT_ATTR_ADDR)),
 	UBUS_METHOD_MASK("client_list", client_ubus_list, client_policy,
 			 (1 << CLIENT_ATTR_IFACE)),
 	UBUS_METHOD("interface_add", interface_ubus_add, iface_policy),
 	UBUS_METHOD_MASK("interface_remove", interface_ubus_remove,
 			 iface_policy, 1 << IFACE_ATTR_NAME),
 	UBUS_METHOD("whitelist_add", whitelist_update, whitelist_policy),
 	UBUS_METHOD_MASK("whitelist_remove", whitelist_update, whitelist_policy,
 			 (1 << WHITELIST_ATTR_IFACE) | (1 << WHITELIST_ATTR_ADDR)),
 };
 static struct ubus_object_type spotfilter_object_type =
 	UBUS_OBJECT_TYPE("spotfilter", spotfilter_methods);
 static struct ubus_object spotfilter_object = {
 	.name = "spotfilter",
 	.type = &spotfilter_object_type,
 	.methods = spotfilter_methods,
 	.n_methods = ARRAY_SIZE(spotfilter_methods),
 };
 static void
 ubus_connect_handler(struct ubus_context *ctx)
 {
 	ubus_add_object(ctx, &spotfilter_object);
 }
 static struct ubus_auto_conn conn;
 void spotfilter_ubus_notify(struct interface *iface, struct client *cl, const char *type)
 {
 	blob_buf_init(&b, 0);
 	blobmsg_add_string(&b, "interface", interface_name(iface));
 	if (cl) {
 		blobmsg_add_string(&b, "address", ether_ntoa(cl->node.key));
 		if (cl->id_node.key)
 			blobmsg_add_string(&b, "id", cl->id_node.key);
 	}
 	ubus_notify(&conn.ctx, &spotfilter_object, type, b.head, -1);
 }
 int spotfilter_ubus_init(void)
 {
 	conn.cb = ubus_connect_handler;
 	ubus_auto_connect(&conn);
 	return 0;
 }
 void spotfilter_ubus_stop(void)
 {
 	ubus_auto_shutdown(&conn);
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
jaspreetsachdev	9ea3e4ce9b	Merge pull request #480 from Telecominfraproject/main Various updates	2022-09-26 16:12:15 -04:00
Sohail Ahmad	c56b7adea8	ipq807x: Support for Indio WiFi6 AP -indoor and outdoor models based on IPQ6000 Fixes: WIFI-10802 Signed-off-by: Sohail Ahmad <sohail.ahmad@wifi-soft.com>	2022-09-26 22:06:53 +02:00
Felix Fietkau	84d31765db	qosify: update to the latest version Signed-off-by: Felix Fietkau <nbd@nbd.name>	2022-09-26 22:06:53 +02:00
Arif Alam	fb617ea136	ipq807x: Fix EAP104 upgrade Signed-off-by: Arif Alam <arif.alam@netexperience.com>	2022-09-26 22:06:53 +02:00
John Crispin	47468145c6	spotfilter: add a maissing v5.4 kernel backport fixes an off-by-one bug in the validator Signed-off-by: John Crispin <john@phrozen.org>	2022-09-26 22:06:53 +02:00
John Crispin	854c8a44d4	ucentral-client: update to latest HEAD update wifi-scan timeout to 120s Signed-off-by: John Crispin <john@phrozen.org>	2022-09-26 22:06:53 +02:00
John Crispin	86948e1052	ucentral-schema: update to latest HEAD 55b8272 add support for overriding country codes Signed-off-by: John Crispin <john@phrozen.org>	2022-09-26 22:06:53 +02:00
Felix Fietkau	39053d366d	qosify: update to the latest version fixes classification on linux 4.4 Signed-off-by: Felix Fietkau <nbd@nbd.name>	2022-09-26 22:06:53 +02:00
Felix Fietkau	daaed910da	wifi-ax: backport mac80211 WME classification fix Signed-off-by: Felix Fietkau <nbd@nbd.name>	2022-09-26 22:06:53 +02:00
John Crispin	bf6abd80dd	mac80211: fix multiple bssid mac addresses Fixes: WIFI-10596 Signed-off-by: John Crispin <john@phrozen.org>	2022-09-26 22:06:53 +02:00
Jaspreet Sachdev	e74e22e184	.github/workflows: Removed deprecated targets Signed-off-by: Jaspreet Sachdev <jaspreetsachdev@fb.com>	2022-09-26 22:06:53 +02:00
John Crispin	b8f5e17e38	uspot: fix a typo causing config to not load correctly Signed-off-by: John Crispin <john@phrozen.org>	2022-09-26 22:06:53 +02:00
Simon Kinane	956a31db8f	uspot: Improve HTML for captive portal UI Signed-off-by: Simon Kinane <skinane@fb.com>	2022-09-26 22:06:15 +02:00
John Crispin	26be5ba20e	udhcpsnoop: fix an endianness error Signed-off-by: John Crispin <john@phrozen.org>	2022-09-16 17:06:54 +02:00
John Crispin	dc2feb3cc7	ucentral-client: update to latest HEAD 90d276f force SIGKILL when terminating a runqueu task Signed-off-by: John Crispin <john@phrozen.org>	2022-09-09 13:40:03 +02:00
John Crispin	ed397f5ce4	ucentral-client: update to latest HEAD f5e5a61 propagate "cancelled" when a runqueue job timed out Fixes: WIFI-10768 Signed-off-by: John Crispin <john@phrozen.org>	2022-09-09 13:40:03 +02:00
John Crispin	19f0260c0a	ucentral-schema: update to latest HEAD b27df64 add support for setting an interfaces MTU Fixes: WIFI-10556 Signed-off-by: John Crispin <john@phrozen.org>	2022-09-09 13:40:03 +02:00
John Crispin	49c55bdec5	ucentral-schema: update to latest HEAD 19df069 update fils-discovery-interval max value Fixes: WIFI-10710 Signed-off-by: John Crispin <john@phrozen.org>	2022-09-09 13:40:03 +02:00
John Crispin	2ab86ee29d	ucentral-client: update to latest HEAD b0e7432 proto: limit wifiscans to 30s 597aab3 task: add an additional runqueue for admin commands Signed-off-by: John Crispin <john@phrozen.org>	2022-09-09 13:40:02 +02:00
Krishna	888aa40057	ipq807x: Add support for Mesh++ S618 devices Mesh++ S618 has below products based on Qualcomm IPQ6018: * cp03-c1 * cp01-c1 These are Wi-Fi 6 (IEEE 80211.ax) dual band 2x2 mesh routers. Fixes: WIFI-10561 Signed-off-by: Krishna <krishna@meshplusplus.com> Signed-off-by: Edward Cheung <edward@meshplusplus.com> Signed-off-by: Alex Ballmer <alexb@meshplusplus.com>	2022-09-08 12:49:58 +02:00
Sven Eckelmann	2291ccf198	ipq807x: Fix build of kmod-br-netfilter QCA is still backporting the old OpenWrt hack for BR_HOOK to newer kernels. This change was identified as a source for bugs and also caused performance problems in certain scenarios. And since OpenWrt is now building the bridge as part of the kernel and the br-netfilter code as module, the build of the QCA kernel fork will also fail because the kernel binary is depending on a module: net/built-in.o: in function `BR_HOOK': net/bridge/br_private.h:929: undefined reference to `br_netfilter_run_hooks' net/bridge/br_private.h:929: undefined reference to `br_netfilter_run_hooks' net/bridge/br_private.h:929: undefined reference to `br_netfilter_run_hooks' net/bridge/br_private.h:929: undefined reference to `br_netfilter_run_hooks' net/bridge/br_private.h:929: undefined reference to `br_netfilter_run_hooks' net/built-in.o:net/bridge/br_private.h:929: more undefined references to `br_netfilter_run_hooks' follow Just getting rid of this patch (as OpenWrt did) is therefore the best option. Signed-off-by: Sven Eckelmann <sven@narfation.org>	2022-09-08 12:49:27 +02:00
John Crispin	1d031a0535	unetd: add bpf-headers dependency This fixes a spurious build issue Signed-off-by: John Crispin <john@phrozen.org>	2022-09-08 12:49:27 +02:00
John Crispin	cb7ed7a37b	hostapd: backport multicast_to_unicast patch Fixes: WIFI-10766 Signed-off-by: John Crispin <john@phrozen.org>	2022-09-08 12:49:27 +02:00
John Crispin	e692aea19e	uspot: refactor code * add a common.uc class * add ucode ubus calls Signed-off-by: John Crispin <john@phrozen.org>	2022-09-08 12:49:27 +02:00
John Crispin	a8bb06fb1c	ath1kk-wifi: update the WF188n BDF file This is the BDF that passed FCC certification. Signed-off-by: John Crispin <john@phrozen.org>	2022-09-08 12:49:27 +02:00
John Crispin	63b5803086	uspot: add MS CHAP support * extend the radius-client to also support MS CHAP Signed-off-by: John Crispin <john@phrozen.org>	2022-09-08 12:49:27 +02:00
John Crispin	68689674b7	uspot: various fixes * add web-root override support * various cleanups Signed-off-by: John Crispin <john@phrozen.org>	2022-08-30 15:35:54 +02:00
John Crispin	fccdccdba3	ipq807x: add firmware downgrade support for eap101/2 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-30 08:29:07 +02:00
Tanya Singh	21176badf7	firstcontact: Zero touch provisioning with DHCP option 138 Fixes: WIFI-7266 Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2022-08-30 07:22:25 +02:00
John Crispin	87adc56e60	ipq807x: make wifi 6e work on wallytech dr6018-v4 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-25 10:01:28 +02:00
John Crispin	0f8be3bbde	hostapd: do not enforce multiple_bssid on 6G band Signed-off-by: John Crispin <john@phrozen.org>	2022-08-24 10:28:39 +02:00
John Crispin	a3fc407f25	hostapd: manually generate roaming keys when SAE is used Fixes: WIFI-10570 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 17:09:08 +02:00
John Crispin	30c2c68579	ucentral-schema: update to latest HEAD bab27cb add support for advanced captive-portal Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 15:09:35 +02:00
John Crispin	736e3e58cf	uhttp: update to latest HEAD and add 2 pending fixes Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 15:09:35 +02:00
John Crispin	b38cd9bb9f	profiles: switch from OpenNDS to uSpot for captive portal Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 15:09:35 +02:00
John Crispin	d69a8f159d	spotfilter: add advance captive packet filter Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 15:09:35 +02:00
John Crispin	baaa31f445	uspot: add advanced captive http components Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 15:09:35 +02:00
John Crispin	cf18242ee5	mac80211-qsdk: default multiple_ssid to 1 if not set Fixes: WIFI-10597 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 09:14:06 +02:00
John Crispin	fdcfffd81d	luci: update to version used in 22.03-rc6 Fixes: WIFI-10390 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 09:14:02 +02:00
John Crispin	c9a76b8d76	openssl: update to 22.03-rc6 version Fixes: WIFI-10390 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 09:01:07 +02:00
John Crispin	9bd53e7d91	ucentral-schema: update to latest HEAD b2ce495 ucentral-schema: set passpoint version Fixes: WIFI-10575 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-23 07:23:07 +02:00
John Crispin	812fb18160	ath11k-wifi: update cig wf196 BDF files to latest FCC version Signed-off-by: John Crispin <john@phrozen.org>	2022-08-22 10:36:10 +02:00
Kishan	0571cc73da	ath11k-wifi: add hfcl-ion4xi specific BDF Signed-off-by: Kishan Shukla <kishan.shukla@hfcl.com>	2022-08-22 10:36:08 +02:00
John Crispin	6bdd93ce0f	radius-gw-proxy: fix CoA port Signed-off-by: John Crispin <john@phrozen.org>	2022-08-19 08:17:00 +02:00
John Crispin	0603953d9f	hostapd: add multi CoA support Signed-off-by: John Crispin <john@phrozen.org>	2022-08-19 08:17:00 +02:00
John Crispin	098c81376f	udhcpsnoop: look at more options for the cache expiry make the code look for leasetime, rebind and renew options to determine the cache expiry time. Signed-off-by: John Crispin <john@phrozen.org>	2022-08-16 17:57:46 +02:00
John Crispin	7ef10fcfb4	ucentral-schema: update to latest HEAD a074cc0 improve dhcp probe on GRE tunnels 2a66b4c enable the noscan flag on radios to make 40MHz work 4c36050 improve ipv4 wifi client reporting in bridge mode aed8805 remove openflow support 4597721 add dhcp discovery on gre tunnel interface Fixes: WIFI-7838 Fixes: WIFI-10549 Fixes: WIFI-10538 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-15 11:42:09 +02:00
Venkat Chimata	823ac590ff	ipq807x: fix proxy_arp sk_buff's cb should be cleared in the entry point for both incoming and outgoing packets at each layer. At bridge, it is already handled in the outgoing path, but not in the incoming path. We have seen cases where proxyarp_replied was 1 on sk_buffs coming from the WLAN driver and they were getting dropped in forwarding path. Fixes: WIFI-10552 Signed-off-by: Venkat Chimata <venkata@shasta.cloud>	2022-08-15 11:41:43 +02:00
John Crispin	9b68205dc0	ucentral-schema: rename psk-radius.json to psk2-radius.json Signed-off-by: John Crispin <john@phrozen.org>	2022-08-15 11:41:43 +02:00
John Crispin	d8216dc583	ucentral-schema: update to latest HEAD 9b24058 fix gre for non vlan setups Signed-off-by: John Crispin <john@phrozen.org>	2022-08-15 11:41:43 +02:00
John Crispin	2e3c52160c	ipq807x: backport an off-by-one error inside the BFP verifier Signed-off-by: John Crispin <john@phrozen.org>	2022-08-15 11:41:43 +02:00
John Crispin	8686846a09	hostapd: backport several CVE fixes Fixes: WIFI-10412 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-15 11:41:41 +02:00
John Crispin	8de22ca44b	ucentral-schema: update to latest HEAD 52e27a1 enable unicast conversion on wifi instead of bridge layer Fixes: WIFI-10430 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-10 06:45:51 +02:00
Sven Eckelmann	3e692ed95a	ipq807x: Add support for Plasma Cloud PAX1800 v1 Device specifications: ====================== * Qualcomm IPQ6000 * 256 MB of RAM * 64 MB of SPI NOR flash - 2x 28 MB available; but one of the 28 MB regions is the recovery image * 2T2R 2.4 GHz Wi-Fi (11ax) * 2T2R 5 GHz Wi-Fi (11ax) * multi-color LED (controlled via red/green/blue GPIOs) * 1x GPIO-button (reset) * external h/w watchdog (enabled by default)) * TTL pins are on board * 2x ethernet - eth0 + 1000 Mbps Ethernet + used as LAN interface - eth1 + 1000 Mbps Ethernet + 802.3at POE + used as WAN interface * 12 2A DC * internal antennas This device is not exported via a profile in TIP because there were concerns about the 256MB limitations. But the actual OpenWrt support is still added for interested parties. Flashing instructions: ====================== Various methods can be used to install the actual image on the flash. Two easy ones are: ap51-flash ---------- The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be used to transfer the image to the u-boot when the device boots up. initramfs from TFTP ------------------- The serial console must be used to access the u-boot shell during bootup. It can then be used to first boot up the initramfs image from a TFTP server (here with the IP 192.168.1.21): setenv serverip 192.168.1.21 setenv ipaddr 192.168.1.1 setenv bootargs 'console=ttyMSM0,115200n8 rootfstype=squashfs,jffs2 board=PAX1800 root=31:10 mtdparts=spi32766.0:768k(0:SBL1),64k(0:MIBIB),1664k(0:QSEE),64k(0:DEVCFG),128k(0:RPM),64k(0:CDT),64k(0:APPSBLENV),640k(0:APPSBL),256k(0:ART),28672k(inactive),28672k(inactive2),64k(custom),64k(0:KEYS),2304k(0:WIFIFW)' tftpboot <filename-of-initramfs-kernel>.bin && bootm The actual sysupgrade image can then be transferred (on the LAN port) to the device via scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/ On the device, the sysupgrade must then be started using sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin Signed-off-by: Sven Eckelmann <sven@narfation.org>	2022-08-10 06:45:51 +02:00
Marek Lindner	128bd3a17e	ipq807x: Add post-flash check of written data If it already looks to the system that the flashing of the image data failed, it is not a good idea to inform the u-boot to switch the inactive (newly flashed) partition to the active one Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch> Signed-off-by: Sven Eckelmann <sven@narfation.org>	2022-08-10 06:45:51 +02:00
Sven Eckelmann	cc54c8654f	ipq807x: Add support for Plasma Cloud PAX1800 v2 Device specifications: ====================== * Qualcomm IPQ6000 * 512 MB of RAM * 64 MB of SPI NOR flash - 2x 28 MB available; but one of the 28 MB regions is the recovery image * 2T2R 2.4 GHz Wi-Fi (11ax) * 2T2R 5 GHz Wi-Fi (11ax) * multi-color LED (controlled via red/green/blue GPIOs) * 1x GPIO-button (reset) * external h/w watchdog (enabled by default)) * TTL pins are on board * 2x ethernet - eth0 + 1000 Mbps Ethernet + used as LAN interface - eth1 + 1000 Mbps Ethernet + 802.3at POE + used as WAN interface * 12 2A DC * internal antennas Flashing instructions: ====================== Various methods can be used to install the actual image on the flash. Two easy ones are: ap51-flash ---------- The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be used to transfer the image to the u-boot when the device boots up. initramfs from TFTP ------------------- The serial console must be used to access the u-boot shell during bootup. It can then be used to first boot up the initramfs image from a TFTP server (here with the IP 192.168.1.21): setenv serverip 192.168.1.21 setenv ipaddr 192.168.1.1 setenv bootargs 'console=ttyMSM0,115200n8 rootfstype=squashfs,jffs2 board=PAX1800v2 root=31:10 mtdparts=spi32766.0:768k(0:SBL1),64k(0:MIBIB),1664k(0:QSEE),64k(0:DEVCFG),128k(0:RPM),64k(0:CDT),64k(0:APPSBLENV),640k(0:APPSBL),256k(0:ART),28672k(inactive),28672k(inactive2),64k(custom),64k(0:KEYS),2304k(0:WIFIFW)' tftpboot <filename-of-initramfs-kernel>.bin && bootm The actual sysupgrade image can then be transferred (on the LAN port) to the device via scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/ On the device, the sysupgrade must then be started using sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin Signed-off-by: Sven Eckelmann <sven@narfation.org>	2022-08-10 06:45:51 +02:00
Sven Eckelmann	200f627a9c	ipq807x: Fix installation of FTBFS gcc 5.5 patch The toolchain path will not automatically be copied to OpenWrt. So the build will still fail on recent Debian unstable version. Instead, it must be applied during the setup.py process via the normal patch procedure. Reported-by: Marek Lindner <marek.lindner@plasma-cloud.com> Fixes: `6f6b40a94f` ("toolchain/gcc: fix building gcc 5.5 on newer systems") Signed-off-by: Sven Eckelmann <sven@narfation.org>	2022-08-10 06:45:51 +02:00
John Crispin	0134c1cb64	ucentral-wifi: update to latest HEAD d55f2d5 nl80211: increase IEEE80211_CHAN_MAX to 234 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-10 06:45:50 +02:00
John Crispin	5519ab913b	ucentral-schema: update to latest HEAD 37707f1 allow OWE encryption on 6G band Fixes: WIFI-10426 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-10 06:45:50 +02:00
John Crispin	530332fb51	fix packet captures when packet count is set Fixes: WIFI-10290 Signed-off-by: John Crispin <john@phrozen.org>	2022-08-07 14:55:32 +02:00
John Crispin	8bb8c16b34	drop openflow support Signed-off-by: John Crispin <john@phrozen.org>	2022-08-07 14:55:32 +02:00
John Crispin	a6a7d82607	drop fbwifi support Signed-off-by: John Crispin <john@phrozen.org>	2022-08-07 14:55:32 +02:00
John Crispin	f78dc0cd77	ucentral-schema: update to latest HEAD 21c2709 add owe-transition support Signed-off-by: John Crispin <john@phrozen.org>	2022-08-07 14:55:32 +02:00
John Crispin	aaf830ae27	ucentral-schema: update to latest HEAD 29cfbca owe: hide the encrypted BSS ec4284b expose PMKSA caching via the data model Fixes: WIFI-10235 Fixes: WIFI-10233 Signed-off-by: John Crispin <john@phrozen.org>	2022-07-22 11:10:55 +02:00
John Crispin	555e1a2b1b	.github/workflow: add wallys_dr6018 to CI builds Signed-off-by: John Crispin <john@phrozen.org>	2022-07-21 18:53:24 +02:00
John Crispin	0fbe2e9089	ratelimit: fix flowid generation on flow delete The ID was not properly generated causing the code to delete all flow rules. Signed-off-by: John Crispin <john@phrozen.org>	2022-07-18 10:35:05 +02:00
John Crispin	e87c1ca2dd	ipq8074: fix yuncore ax840 port mapping and wifi macs Signed-off-by: John Crispin <john@phrozen.org>	2022-07-15 16:36:17 +02:00
John Crispin	c0b3e38215	ucentral-schema: update to latest HEAD Fixes: WIFI-4237 Signed-off-by: John Crispin <john@phrozen.org>	2022-07-12 10:44:57 +02:00
John Crispin	0bf5ea74b3	xtables-addon: import version 2.14 This is only used for the v4.4 QCA kernel. Fixes: WIFI-10095 Signed-off-by: John Crispin <john@phrozen.org>	2022-07-12 10:44:57 +02:00
John Crispin	1c4c82a9df	bpftools: backport latest version from OpenWrt HEAD Signed-off-by: John Crispin <john@phrozen.org>	2022-07-12 10:44:57 +02:00
John Crispin	4d1022f29b	ucentral-schema: update to latest HEAD 5d5bc06 enable igmp snooping and unicast conversion by default Fixes: WIFI-7723 Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 17:35:42 +02:00
John Crispin	a652e6c8d2	ucentral-schema: add OWE encryption example Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 14:02:04 +02:00
John Crispin	7b91863cba	ucentral-schema: update to latest HEAD 257185a state: make sure that snooped IP addresses are also shown inside the clients table 7f157d8 qos: use fn_match instead of regex 6a68c03 wireguard-overlay: use correct default port for vxlan Fixes: WIFI-7838 Fixes: WIFI-7208 Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 14:01:30 +02:00
John Crispin	c7ad6eaf2c	ieee8021x: update to latest HEAD c526967 improve reconnect logic Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 14:01:30 +02:00
John Crispin	c06923a022	dynamic-vlan: add support for multiple wan ports the code did not handle devices that have more than one uplink device. Fixes: WIFI-9954 Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 14:01:27 +02:00
Tanya Singh	d9a8e771ae	firstcontact: Zero touch provisioning with DHCP option 138 Fixes: WIFI-7266 Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2022-07-11 07:45:23 +02:00
Jianhui Zhao	7e2cec9d91	ath11k-wifi: update GL-AXT1800 BDF Signed-off-by: Jianhui Zhao <jianhui.zhao@gl-inet.com>	2022-07-11 07:42:23 +02:00
John Crispin	84add765fe	ucentral-schema: update to latest HEAD Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 07:41:47 +02:00
John Crispin	f050d53ed4	ucode: update to latest HEAD Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 07:41:47 +02:00
John Crispin	26be8ab162	qosify: update to latest HEAD Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 07:41:47 +02:00
John Crispin	3f93f7c972	unetd: update to latest HEAD this makes vxlan work Fixes: WIFI-7571 Signed-off-by: John Crispin <john@phrozen.org>	2022-07-11 07:41:47 +02:00
Felix Fietkau	7bab50dd3c	ipq807x: backport vxlan path mtu changes Fixes: WIFI-7571 Signed-off-by: Felix Fietkau <nbd@nbd.name>	2022-07-11 07:40:09 +02:00
		`@@ -0,0 +1,2 @@`
							`#include "../../../arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp01.dts"`
							`#include "qcom-ipq6018.dtsi"`
		`@@ -0,0 +1,2 @@`
							`#!/bin/sh`
							`ubus call spotfilter check_devices`