Merge pull request #462 from Telecominfraproject/main

Fixes for WIFI-9962 and others

.github/workflows/build-dev.yml

@@ -21,7 +21,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        target: ['actiontec_web7200', 'cig_wf188n', 'cig_wf194c', 'cig_wf194c4', 'cig_wf196', 'cig_wf610d', 'cig_wf808', 'cybertan_eww622-a1', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_ssw2ac2600', 'edgecore_spw2ac1200', 'edgecore_spw2ac1200-lan-poe', 'hfcl_ion4', 'hfcl_ion4xe', 'hfcl_ion4xi', 'indio_um-305ac', 'indio_um-305ax', 'indio_um-325ac', 'indio_um-510ac-v3', 'indio_um-550ac', 'linksys_ea6350-v4', 'linksys_e8450-ubi', 'linksys_ea8300', 'meshpp_s618_cp03', 'meshpp_s618_cp01', 'tp-link_ec420-g1', 'tplink_ex227', 'tplink_ex228', 'tplink_ex447', 'udaya_a5-id2', 'wallys_dr40x9', 'wallys_dr6018', 'x64_vm' ]
+        target: ['actiontec_web7200', 'cig_wf188n', 'cig_wf194c', 'cig_wf194c4', 'cig_wf196', 'cig_wf610d', 'cig_wf808', 'cybertan_eww622-a1', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_ssw2ac2600', 'edgecore_spw2ac1200', 'edgecore_spw2ac1200-lan-poe', 'hfcl_ion4', 'hfcl_ion4xe', 'hfcl_ion4xi', 'indio_um-305ac', 'indio_um-305ax', 'indio_um-325ac', 'indio_um-510ac-v3', 'indio_um-550ac', 'linksys_ea6350-v4', 'linksys_e8450-ubi', 'linksys_ea8300', 'tp-link_ec420-g1', 'tplink_ex227', 'tplink_ex228', 'tplink_ex447', 'udaya_a5-id2', 'wallys_dr40x9', 'x64_vm' ]
 
     steps:
     - uses: actions/checkout@v2

feeds/facebook/fbwifi/Makefile

@@ -0,0 +1,77 @@
+# Copyright (c) Facebook, Inc. and its affiliates.
+# All rights reserved.
+#
+# This source code is licensed under the license found in the
+# LICENSE file in the root directory of this source tree.
+#
+
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fbwifi
+PKG_VERSION:=2
+PKG_RELEASE:=0
+PKG_LICENSE:=GPL-2.0
+
+PKG_MAINTAINER:=Simon Kinane <skinane@fb.com>
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fbwifi
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+iptables +luasec +luasocket \
+	+libuci-lua +luaposix \
+	+lua-cjson +uhttpd
+  TITLE:=Facebook Wi-Fi
+  PKGARCH:=all
+endef
+
+define Package/fbwifi/description
+  Facebook Wi-Fi, an AP authorisation solution
+endef
+
+
+define Package/luci-app-fbwifi
+  SUBMENU:=3. Applications
+  SECTION:=luci
+  CATEGORY:=LuCI
+  TITLE:=LuCI support for Facebook Wi-Fi
+  DEPENDS:= \
+	+fbwifi \
+	+luci-base +luci-mod-network +luci-mod-status +luci-theme-bootstrap
+endef
+
+define Package/luci-app-fbwifi/description
+  LuCI support for Facebook Wi-Fi
+endef
+
+
+define Package/fbwifi/conffiles
+/etc/config/fbwifi
+endef
+
+define Build/Prepare
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/fbwifi/install
+	$(INSTALL_DIR) $(1)
+	$(CP) ./files/fbwifi/* $(1)/
+endef
+
+define Package/luci-app-fbwifi/install
+	$(INSTALL_DIR) $(1)
+	$(CP) ./files/luci-app-fbwifi/* $(1)
+endef
+
+$(eval $(call BuildPackage,fbwifi))
+$(eval $(call BuildPackage,luci-app-fbwifi))

feeds/facebook/fbwifi/README.md

@@ -0,0 +1,22 @@
+# Facebook Wi-Fi v2.0 Reference Implementation for OpenWrt 
+
+## Getting started
+
+Case studies for OEM customers are available at the official page of [Facebook Wi-Fi](https://www.facebook.com/facebook-wifi).
+
+For OEM engineers, start by reading the init script in [files/etc/init.d/fbwifi](https://github.com/facebookincubator/fbc_owrt_feed/blob/master/fbwifi/files/etc/init.d/fbwifi)
+
+To enable Facebook Wi-Fi, configure the gateway_token in `/etc/config/fbwifi`, and run `fbwifi enable`.
+To disable Facebook Wi-Fi, run `fbwifi disable`.
+
+## Contents
+
+The 'files' subdirectory contains two subdirectories, one for the fbwifi
+package that implements the Facebook Wi-Fi v2.0 standard for OpenWrt, and
+another one containing a LuCI application to configure Facebook Wi-Fi.
+
+The folder structures follow *nix conventions:
+- 'etc' is the boot time scripts and configuration
+- 'usr' contains procedural scripts, lua common code module and GUI prototype for luci
+- 'www' contains the HTTP endpoints as CGI handlers 
+

feeds/facebook/fbwifi/files/fbwifi/etc/config/fbwifi

@@ -0,0 +1,6 @@
+config fbwifi 'main'
+	option enabled '0'
+	option gateway_token 'FBWIFI:GATEWAY|123456789|0123456789|abcdeABCDE123456789'
+	option http_port '2060'
+	option https_port '2061'
+	option zone 'lan'

feeds/facebook/fbwifi/files/fbwifi/etc/hotplug.d/iface/50-fbwifi

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+[ "$ACTION" = ifup ] || exit 0
+
+/etc/init.d/fbwifi enabled || exit 0
+
+ip route get fibmatch 1.1.1.1 | grep -q "$DEVICE" || exit 0
+
+logger -t fbwifi "Reloading fbwifi due to $ACTION of $INTERFACE ($DEVICE)"
+/etc/init.d/fbwifi restart

feeds/facebook/fbwifi/files/fbwifi/etc/init.d/fbwifi

@@ -0,0 +1,43 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+
+USE_PROCD=1
+
+reload_service() {
+	restart
+}
+
+service_triggers() {
+	procd_add_reload_trigger fbwifi
+}
+
+start_service() {
+
+	config_load fbwifi
+	config_get_bool enabled 'main' 'enabled' '0'
+	[ "$enabled" -eq 0 ] && return
+
+	config_get http_port main http_port
+	[ -z "$http_port" ] && {
+		logger -t fbwifi "required option http_port not set"
+		exit 1
+	}
+
+	config_get https_port main https_port
+	[ -z "$https_port" ] && {
+		logger -t fbwifi "required option https_port not set"
+		exit 1
+	}
+
+	logger "[fbwifi] Enabled; starting"
+
+	mkdir -p /tmp/fbwifi
+
+	/usr/sbin/fbwifi reload
+
+	procd_open_instance
+	procd_set_param command /usr/sbin/fbwifi_validate_token_db
+	procd_set_param respawn 1 300 0
+	procd_close_instance
+}

feeds/facebook/fbwifi/files/fbwifi/usr/lib/lua/fbwifi.lua

@@ -0,0 +1,156 @@
+-- SPDX-License-Identifier: GPL-2.0-only
+-- Copyright (c) Facebook, Inc. and its affiliates.
+--
+-- FBWIFI Lua library
+-- function table
+local fbwifi = {}
+
+local http = require("ssl.https")
+local json = require("cjson")
+local log = require("posix.syslog")
+local uci = require("uci")
+
+function fbwifi.gateway_token()
+	token = uci.get("fbwifi.main.gateway_token")
+	if token and string.len(token) > 0 then
+		return token
+	else
+		log.syslog( log.LOG_WARNING, "[fbwifi] UCI option fbwifi.main.gateway_token is missing" )
+		return nil
+	end 
+end
+
+function fbwifi.validate_token( token )
+
+	local valid = false
+
+	if string.len(token or '' ) > 0 then
+
+	        GATEWAY_TOKEN = fbwifi.gateway_token()
+
+	        URL="https://api.fbwifi.com/v2.0/token"
+	        BODY="token="..token
+	        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+	        if code==200 then
+	                valid = true
+	        else
+	                log.syslog(log.LOG_WARNING, "[fbwifi] validate_token:"..body)
+	        end
+
+	end
+
+	return valid
+end
+
+local mac_to_purge=''
+function remove_client_by_mac(client)
+	state = uci.cursor("/var/state", "/tmp/fbwifi")
+
+	for key, value in pairs(client) do
+		if
+			key == 'mac' and
+			value == mac_to_purge
+		then
+			log.syslog(log.LOG_INFO, string.format("[fbwifi] Purging DB entry %s for MAC %s", client['.name'] or 'unknown', mac_to_purge) )
+			state:delete("fbwifi", client['.name'])
+			return
+		end
+	end
+end
+
+function fbwifi.instate_client_rule( token, client_mac )
+
+	log.syslog(log.LOG_INFO, "[fbwifi] Validating client "..client_mac)
+
+	state = uci.cursor("/var/state", "/tmp/fbwifi")
+	state_name = "token_" .. token
+
+	RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
+	RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
+	local RULE
+
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] Cleaning DB for MAC %s", client_mac) )
+	mac_to_purge = client_mac
+	state:foreach("fbwifi", "client", remove_client_by_mac)
+	
+		
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] Adding DB entry %s for MAC %s", state_name, client_mac) )
+	state:set("fbwifi", state_name, "client")
+	state:set("fbwifi", state_name, "token", token)
+	state:set("fbwifi", state_name, "mac", client_mac)
+	state:set("fbwifi", state_name, "authenticated", "true")
+				
+	-- verify a rule exists for the given client MAC, 
+	--   OR install it
+	RULE=string.format(RULE_COND.." || "..RULE_FMT, client_mac, "A", client_mac)
+
+	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Opening iptables for %s", client_mac ) )
+	res = os.execute(RULE)
+	if res ~= 0 then 
+		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
+	end
+	log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
+
+	state:save('fbwifi')
+	state:commit('fbwifi')
+end
+
+function fbwifi.revoke_client_rule( token )
+        
+        if (token == nil) then
+                log.syslog(log.LOG_INFO, "[fbwifi] Invalidating token, but token is Nil")
+                return
+        end
+
+	log.syslog(log.LOG_INFO, string.format( "[fbwifi] Invalidating token (%s)", token) )
+
+	state = uci.cursor("/var/state", "/tmp/fbwifi")
+	state_name = "token_" .. token
+	
+	client_mac = state:get("fbwifi", state_name, "mac")
+
+	if client_mac then
+		RULE_COND="iptables -w -L FBWIFI_CLIENT_TO_INTERNET -t mangle | grep -i -q \"%s\""
+		RULE_FMT="iptables -w -t mangle -%s FBWIFI_CLIENT_TO_INTERNET -m mac --mac-source \"%s\" -j MARK --set-mark 0xfb"
+
+		-- verify a rule exists for the given client MAC, 
+		--  AND delete it
+		RULE=string.format(RULE_COND.." && "..RULE_FMT, client_mac, "D", client_mac)
+
+		res = os.execute(RULE)
+		if res ~= 0 then 
+			log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Failed to update iptables (%s)", res ) )
+		end
+		log.syslog(log.LOG_INFO, "[fbwifi] "..RULE)
+
+		state:delete("fbwifi", state_name)
+		state:save('fbwifi')
+		state:commit('fbwifi')
+	else
+		log.syslog(log.LOG_WARNING, string.format( "[fbwifi] Client MAC not found in DB (%s)", state_name ) )
+	end
+end
+
+function fbwifi.reset()
+
+	local success = false
+        GATEWAY_TOKEN = fbwifi.gateway_token()
+        URL="https://api.fbwifi.com/v2.0/gateway/reset"
+	BODY="{}"
+        body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+        if code==200 then
+                log.syslog(log.LOG_INFO, "[fbwifi] Reset committed")
+                success = true
+        else
+                log.syslog(log.LOG_WARNING, "[fbwifi] Reset failed : "..body)
+        end
+
+	return success
+end
+
+--
+-- Return the function table to the host script
+--
+return fbwifi

feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+case "$1" in
+disable)
+	uci set fbwifi.main.enabled=0
+
+	uci delete firewall.fbwifi
+
+	uci delete uhttpd.fbwifi_redirect
+
+	uci delete uhttpd.main.json_script
+	uci set uhttpd.main.cert='/etc/uhttpd.crt'
+	uci set uhttpd.main.key='/etc/uhttpd.key'
+	uci set uhttpd.main.rfc1918_filter=1
+	;;
+enable)
+	uci set fbwifi.main.enabled=1
+
+	uci set firewall.fbwifi=include
+	uci set firewall.fbwifi.enabled=1
+	uci set firewall.fbwifi.family=ipv4
+	uci set firewall.fbwifi.path=/usr/share/fbwifi/firewall.include
+	uci set firewall.fbwifi.reload=1
+	uci set firewall.fbwifi.type=script
+
+	uci set uhttpd.fbwifi_redirect=uhttpd
+	uci set uhttpd.fbwifi_redirect.enabled=1
+	uci set uhttpd.fbwifi_redirect.cert='/tmp/fbwifi/https_server_cert'
+	uci set uhttpd.fbwifi_redirect.home='/dev/null'
+	uci set uhttpd.fbwifi_redirect.json_script='/tmp/fbwifi/uhttpd-redirect.json'
+	uci set uhttpd.fbwifi_redirect.key='/tmp/fbwifi/https_server_key'
+	uci set uhttpd.fbwifi_redirect.listen_http='0.0.0.0:2060'
+	uci set uhttpd.fbwifi_redirect.listen_https='0.0.0.0:2061'
+
+	uci set uhttpd.main.cert='/tmp/fbwifi/https_server_cert'
+	uci set uhttpd.main.json_script='/usr/share/fbwifi/uhttpd.json'
+	uci set uhttpd.main.key='/tmp/fbwifi/https_server_key'
+	uci set uhttpd.main.rfc1918_filter=0
+	;;
+reload)
+	/usr/sbin/fbwifi_get_config
+
+	login_url=$(uci -c /var/state get fbwifi.main.captive_portal_url)
+	[ -z "$login_url" ] && {
+		logger -t fbwifi "captive_portal_url not available yet"
+		exit 1
+	}
+	printf '{ "request": [ ["redirect", "%s", 302] ] }' "$login_url" > /tmp/fbwifi/uhttpd-redirect.json
+
+	/etc/init.d/uhttpd restart
+
+	exit 0
+	;;
+esac
+
+uci commit
+/etc/init.d/uhttpd restart
+reload_config

feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_debug_dump

@@ -0,0 +1,8 @@
+echo -e "Runtime configuration and token DB\n"
+uci -c /var/state export fbwifi
+
+echo -e "\nDynamic firewall flow rules\n"
+iptables -t mangle -L FBWIFI_CLIENT_TO_INTERNET
+
+echo -e "\nDHCP leases\n"
+cat /tmp/dhcp.leases

feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_gateway_info_update

@@ -0,0 +1,39 @@
+#!/usr/bin/lua
+
+http = require("ssl.https")
+json = require("cjson")
+log = require("posix.syslog")
+socket = require("socket")
+require("uci")
+fbwifi = require("fbwifi")
+
+GATEWAY_TOKEN = fbwifi.gateway_token()
+state = uci.cursor("/var/state", "/tmp/fbwifi")
+
+payload="name="..socket.dns.gethostname()
+
+function queue_ssid_update(iface)
+	bssid_file="/sys/class/net/br-"..iface["network"].."/address"
+	local file = io.open(bssid_file)
+        if file then
+            for line in file:lines() do
+		payload=payload.."&bssid[]="..line
+            end
+	    file:close()
+	    payload=payload.."ssid[]="..iface["ssid"]
+        else
+	    log.syslog(log.LOG_WARNING, "[fbwifi] Failed to find BSSID for interface br-"..iface["network"])
+        end
+end
+
+state:foreach("wireless", "wifi-iface", queue_ssid_update)
+
+URL="https://api.fbwifi.com/v2.0/gateway"
+body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN, payload)
+if code == 200 then 
+	log.syslog(log.LOG_INFO, "[fbwifi] gateway information updated "..body)
+	os.exit(0)
+else
+	log.syslog(log.LOG_WARNING, "[fbwifi] gateway API failed "..body)
+	os.exit(code)
+end

feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_get_config

@@ -0,0 +1,111 @@
+#!/usr/bin/lua
+http = require("ssl.https")
+json = require("cjson")
+require("uci")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+http_port = uci.get("fbwifi.main.http_port")
+https_port = uci.get("fbwifi.main.https_port")
+
+statefile = assert(io.open("/var/state/fbwifi", "a"), "could not create state file")
+statefile:close()
+
+state = uci.cursor("/var/state", "/tmp/fbwifi")
+
+URL="https://api.fbwifi.com/v2.0/gateway"
+body, code, headers = http.request(URL.."?access_token="..GATEWAY_TOKEN.."&fields=config,config_version")
+
+if code == 200 then
+	log.syslog(log.LOG_INFO, "[fbwifi] Got gateway config ("..code..")")
+else
+	log.syslog(log.LOG_CRIT, "[fbwifi] Failed to get gateway config ("..code..")")
+	os.exit(1)
+end
+
+obj = json.decode(body)
+
+function save_cert(name, value)
+	log.syslog(log.LOG_INFO, "[fbwifi] Saving cert "..name)
+	local f = assert(io.open("/tmp/fbwifi/"..name, "w"))
+	f:write(value)
+	f:close()
+end
+
+function process_redirect(ix, host)
+	IP_SET = "ip addr replace dev lo "..host
+	local result = os.execute(IP_SET)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Redirect address applied "..host)
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to apply redirect address "..host)
+	end
+
+	ip = string.match(host, '([0-9\.]*)/([0-9]*)')
+	RULE_FMT="grep -q \"%s\" /etc/hosts || echo \"%s\tstar.fbwifigateway.net\" >> /etc/hosts"
+	HOSTS_RULE = string.format(RULE_FMT, ip, ip)
+	result = os.execute(HOSTS_RULE)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Cached redirect host for DNS")
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to amend /etc/hosts")
+		log.syslog(log.LOG_INFO, "[fbwifi] "..HOSTS_RULE)
+	end
+
+	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 80 -d "..ip.." -j ACCEPT # REDIRECT --to-ports "..http_port)
+	--print(result)
+	result = os.execute("iptables -t nat -A FBWIFI_HOST_REDIRLIST -p tcp --dport 443 -d "..ip.."  -j ACCEPT # REDIRECT --to-ports "..https_port)
+	--print(result)
+end
+
+save_cert("https_server_cert", obj['config']['https_server_cert'])
+save_cert("https_server_key", obj['config']['https_server_key'])
+
+result = os.execute("iptables -t nat -F FBWIFI_HOST_REDIRLIST")
+--print(result)
+table.foreach(obj['config']['host_redirect_ips'], process_redirect)
+
+RULE_FORMAT = "iptables -t mangle -A FBWIFI_TRAFFIC_ALLOWLIST -d %s -p %s --dport %s -j MARK --set-mark 0xfb"
+function process_traffic_rule(ix, rule)
+	log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
+	
+	if rule["protocol"] == 6 then
+		PROTO = "tcp"
+	elseif rule["protocol"] == 17 then
+		PROTO = "udp"
+	end
+	RULE = string.format(RULE_FORMAT, rule["ip"], PROTO, rule["port"])
+	local result = os.execute(RULE)
+	if result == 0 then
+		log.syslog(log.LOG_INFO, "[fbwifi] Traffic rule "..ix)
+	else
+		log.syslog(log.LOG_WARNING, "[fbwifi] Failed to install traffic rule ; "..RULE)
+	end
+end
+
+local cross_origin_list = {}
+function process_cross_origin_rule(ix, url)
+	log.syslog(log.LOG_INFO, "[fbwifi] Cross origin rule "..url)
+	table.insert(cross_origin_list, url)
+end
+
+function process_url(url_purpose, fqdn)
+	log.syslog(log.LOG_INFO, "[fbwifi] Caching "..url_purpose)
+	state:set("fbwifi", "main", url_purpose, fqdn)	
+end
+
+state:set("fbwifi", "main", "config")
+
+result = os.execute("iptables -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST ")
+--print(result)
+table.foreach(obj['config']['traffic_allowlist'], process_traffic_rule)
+table.foreach(obj['config']['cross_origin_allowlist'], process_cross_origin_rule)
+table.foreach(obj['config']['urls'], process_url)
+
+state:set("fbwifi", "main", "cross_origin_allow_rules", cross_origin_list)
+state:set("fbwifi", "main", "config_version", obj['config_version'])
+
+state:save('fbwifi')
+state:commit('fbwifi')

feeds/facebook/fbwifi/files/fbwifi/usr/sbin/fbwifi_validate_token_db

@@ -0,0 +1,75 @@
+#!/usr/bin/lua
+
+https = require("ssl.https")
+json = require("cjson")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+require("uci")
+
+state = uci.cursor("/var/state", "/tmp/fbwifi")
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+request = { 
+	tokens = {}, 
+	traffic_type = "total",
+	config_version = state:get("fbwifi", "main", "config_version")
+}
+
+function queue_token(client)
+
+	request.tokens[client.token]={
+		incoming = json.null,
+		outgoing = json.null,
+		connected_time_sec = json.null,
+		inactive_time_sec = json.null,
+		signal_rssi_dbm = json.null,
+		--expected_tpus_mbps = json.null,
+		is_connected = true
+	}
+
+end
+
+state:foreach("fbwifi", "client", queue_token)
+print( "\nRequest:\n"..json.encode(request) )
+
+URL="https://api.fbwifi.com/v2.0/tokens"
+BODY=string.format(
+	"tokens=%s&traffic_type=%s&config_version=%s",
+	json.encode(request.tokens),
+	"total",
+	state:get("fbwifi", "main", "config_version")
+)
+
+body, code, headers = https.request(URL.."?access_token="..GATEWAY_TOKEN, BODY)
+
+if code then
+	print( "\nResponse:\n"..body )
+end
+
+response = json.decode(body)
+--print(response)
+--table.foreach(response,print)
+--table.foreach(response.tokens,print)
+
+if response.config_valid then
+	log.syslog(log.LOG_INFO, "[fbwifi] Config validated")
+else
+	log.syslog(log.LOG_WARNING, "[fbwifi] config is stale, refreshing config")
+        local result = os.execute("/usr/sbin/fbwifi reload")
+        if result == 0 then
+                log.syslog(log.LOG_INFO, "[fbwifi] successfully fetched and loaded new config ")
+        else
+                log.syslog(log.LOG_WARNING, "[fbwifi] failed to fetch and load new config, possible stale config")
+        end
+end
+
+function process_token(token, metadata)
+	table.foreach(metadata,print)
+	if metadata.valid then
+		print("OK: "..token)	
+	else
+		print("Nok: "..token)	
+		fbwifi.revoke_client_rule( token )
+	end
+end
+table.foreach(response.tokens,process_token)

feeds/facebook/fbwifi/files/fbwifi/usr/share/fbwifi/firewall.include

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+# SPDX-License-Identifier: GPL-2.0-only
+# Copyright (c) Facebook, Inc. and its affiliates.
+
+IPT4="/usr/sbin/iptables"
+
+set -- --wait 1 --wait-interval 100
+
+fbwifi_http_port="$(uci get fbwifi.main.http_port)"
+[ -n "$fbwifi_http_port" ] || {
+	logger -t fbwifi "required option http_port not set"
+	exit 1
+}
+
+fbwifi_https_port="$(uci get fbwifi.main.https_port)"
+[ -n "$fbwifi_https_port" ] || {
+	logger -t fbwifi "required option https_port not set"
+	exit 1
+}
+
+fbwifi_zone="$(uci get fbwifi.main.zone)"
+[ -n "$fbwifi_zone" ] || {
+	logger -t fbwifi "required option zone  not set"
+	exit 1
+}
+
+fbwifi_ifaces="$(fw3 -q zone "$fbwifi_zone")"
+
+## Create custom chains
+"$IPT4" "$@" -t filter -N FBWIFI_FORWARD 2>/dev/null
+"$IPT4" "$@" -t filter -N FBWIFI_INPUT 2>/dev/null
+"$IPT4" "$@" -t mangle -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
+"$IPT4" "$@" -t mangle -N FBWIFI_PREROUTING 2>/dev/null
+"$IPT4" "$@" -t mangle -N FBWIFI_TRAFFIC_ALLOWLIST 2>/dev/null
+"$IPT4" "$@" -t nat -N FBWIFI_CLIENT_TO_INTERNET 2>/dev/null
+"$IPT4" "$@" -t nat -N FBWIFI_PREROUTING 2>/dev/null
+"$IPT4" "$@" -t nat -N FBWIFI_HOST_REDIRLIST 2>/dev/null
+
+## Flush custom chains
+"$IPT4" "$@" -t filter -F FBWIFI_FORWARD
+"$IPT4" "$@" -t filter -F FBWIFI_INPUT
+"$IPT4" "$@" -t mangle -F FBWIFI_CLIENT_TO_INTERNET
+"$IPT4" "$@" -t mangle -F FBWIFI_PREROUTING
+"$IPT4" "$@" -t mangle -F FBWIFI_TRAFFIC_ALLOWLIST
+"$IPT4" "$@" -t nat -F FBWIFI_CLIENT_TO_INTERNET
+"$IPT4" "$@" -t nat -F FBWIFI_PREROUTING
+"$IPT4" "$@" -t nat -F FBWIFI_HOST_REDIRLIST
+
+## Populate custom chains
+"$IPT4" "$@" -t filter -A FBWIFI_FORWARD -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+"$IPT4" "$@" -t filter -A FBWIFI_FORWARD -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+"$IPT4" "$@" -t filter -A FBWIFI_FORWARD -j REJECT
+"$IPT4" "$@" -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_http_port" -m conntrack --ctstate NEW -j ACCEPT
+"$IPT4" "$@" -t filter -A FBWIFI_INPUT -p tcp --dport "$fbwifi_https_port"  -m conntrack --ctstate NEW -j ACCEPT
+"$IPT4" "$@" -t filter -A FBWIFI_INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
+"$IPT4" "$@" -t mangle -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
+"$IPT4" "$@" -t mangle -A FBWIFI_PREROUTING -j FBWIFI_TRAFFIC_ALLOWLIST
+"$IPT4" "$@" -t nat -A FBWIFI_PREROUTING -j FBWIFI_CLIENT_TO_INTERNET
+"$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
+"$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
+"$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p udp --dport 443 -m conntrack --ctstate NEW -j FBWIFI_HOST_REDIRLIST
+"$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+"$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 443 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+"$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p udp --dport 443 -m conntrack --ctstate NEW -m mark --mark 0xfb -j ACCEPT
+"$IPT4" "$@" -t nat -A FBWIFI_CLIENT_TO_INTERNET -p tcp --dport 80 -m conntrack --ctstate NEW -j REDIRECT --to-ports "$fbwifi_http_port"
+
+## Hook custom chains in firewall3 chains
+"$IPT4" "$@" -t filter -I "zone_${fbwifi_zone}_input" 2 -j FBWIFI_INPUT
+"$IPT4" "$@" -t filter -I "zone_${fbwifi_zone}_forward" 2 -j FBWIFI_FORWARD
+"$IPT4" "$@" -t nat -I "zone_${fbwifi_zone}_prerouting" 2 -j FBWIFI_PREROUTING
+# There are no firewall3 zone chains in the mangle table so we need to do this for all interfaces in the zone
+for iface in $fbwifi_ifaces; do
+	"$IPT4" "$@" -t mangle -I PREROUTING -i "$iface" -j FBWIFI_PREROUTING
+done

feeds/facebook/fbwifi/files/fbwifi/usr/share/fbwifi/uhttpd.json

@@ -0,0 +1,8 @@
+{
+  "request": [
+    [ "if",
+      [ "regex", "REQUEST_URI", "^/fbwifi" ],
+      [ "rewrite", "/cgi-bin%REQUEST_URI%" ]
+    ]
+  ]
+}

feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/auth

@@ -0,0 +1,70 @@
+#!/usr/bin/lua
+require("uci")
+log = require("posix.syslog")
+fbwifi = require("fbwifi")
+
+state = uci.cursor("/var/state", "/tmp/fbwifi")
+function process_cors()
+	origin = os.getenv("HTTP_ORIGIN")
+	log.syslog(log.LOG_INFO, string.format("[fbwifi] [auth] process_cors origin %s", origin or 'not found') )
+	if string.len(origin or '') > 0 then
+		allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
+		for _, value in pairs(allow_list) do
+    			if value == origin then
+				log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors Appending CORS Headers to HTTP")
+				print("Access-Control-Allow-Origin: "..origin)
+				print("Vary: Origin")
+				break
+			end
+		end
+	else	
+		log.syslog(log.LOG_INFO, "[fbwifi] [auth] process_cors No CORS Headers added to Response")
+	end
+end
+
+method = os.getenv("REQUEST_METHOD")
+if method == 'GET' then
+	log.syslog(log.LOG_INFO, "[fbwifi] [auth] GET handler")
+	print("Status: 302 Found")
+	print("Location: "..state:get("fbwifi", "main", "landing_page_url"))
+	process_cors()
+	print ('\n')
+
+elseif method == 'POST' then
+	local token
+	
+	log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler")
+	process_cors()
+	print("Status: 200 OK")
+
+	form_data=io.read()
+	while form_data do
+		token = string.match(form_data, '[%d]+')
+		if string.len(token or '') > 14 then
+
+			client = os.getenv("REMOTE_ADDR")
+			f = io.popen("awk '/"..client..".*0x2/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+			client_mac = assert(f:read('*a'))
+			f:close()
+
+			if fbwifi.validate_token(token) then
+                                log.syslog(log.LOG_INFO, string.format( "[fbwifi] [auth] POST handler : Validating Token (%s) for MAC (%s)", token or 'nil', client_mac or 'nil') )
+				fbwifi.instate_client_rule(token, client_mac)
+				print("\n{\"valid\":true}\n")
+			else
+                                log.syslog(log.LOG_WARNING, string.format( "[fbwifi] [auth] POST handler : ! Invalid token (%s) for mac (%s) !", token or 'nil', client_mac or 'nil') )
+				fbwifi.revoke_client_rule(token)
+				print("\n{\"valid\":false}\n")
+			end
+			log.syslog(log.LOG_INFO, "[fbwifi] [auth] POST handler completed")
+			return
+		end
+
+		form_data=io.read()
+	end
+	print ('\n')
+
+	log.syslog(log.LOG_WARNING, string.format("[fbwifi] [auth] POST handler : token not found" ))
+	fbwifi.revoke_client_rule(token)
+	print("\n{\"valid\":false}\n")
+end

feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/capport

@@ -0,0 +1,42 @@
+#!/usr/bin/lua
+json = require("cjson")
+require("uci")
+
+state = uci.cursor("/var/state", "/tmp/fbwifi")
+client_mac = ""
+token = ""
+
+response = {}
+response['venue-info-url'] = state:get("fbwifi", "main", "capport_venue_info_url")
+
+function map_remote_mac_to_token(client)
+        for key, value in pairs(client) do
+                if
+                        key == 'mac' and
+                        value == client_mac
+                then
+			token = client.token
+                        return false
+                end
+        end
+end
+
+function hasValidToken(client_ip)
+	f = io.popen("awk '/"..client_ip..".*0x2/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+	client_mac = assert(f:read('*a'))
+	f:close()
+	state:foreach("fbwifi", "client", map_remote_mac_to_token)
+
+	return 0 < string.len(token)
+end
+
+print("Content-type: application/captive+json; charset=utf-8\n")
+
+client = os.getenv("REMOTE_ADDR")
+response['captive'] = not hasValidToken(client)
+
+if response['captive'] then
+	response['user-portal-url'] = state:get("fbwifi", "main", "captive_portal_url")
+end
+
+print( json.encode(response) )

feeds/facebook/fbwifi/files/fbwifi/www/cgi-bin/fbwifi/v2.0/info

@@ -0,0 +1,57 @@
+#!/usr/bin/lua
+json = require("cjson")
+fbwifi = require("fbwifi")
+
+state = uci.cursor("/var/state", "/tmp/fbwifi")
+GATEWAY_TOKEN = fbwifi.gateway_token()
+
+response = { api_version = "2.0", token = json.null }
+client_mac = ""
+
+function process_cors()
+        origin = os.getenv("HTTP_ORIGIN")
+        if string.len(origin or '') > 0 then
+                allow_list = state:get("fbwifi", "main", "cross_origin_allow_rules")
+                for _, value in pairs(allow_list) do
+                        if value == origin then
+                                print("Access-Control-Allow-Origin: "..origin)
+                                print("Vary: Origin")
+                                break
+                        end
+                end
+        end
+end
+
+function map_remote_mac_to_token(client)
+
+	for key, value in pairs(client) do
+		if
+			key == 'mac' and
+			value == client_mac
+		then
+			response.token = client.token
+			return false -- escape outer loop
+		end
+	end
+end
+
+function getClientToken(client_ip)
+	f = io.popen("awk '/"..client_ip..".*0x2/ { printf(\"%s\", $4) }' /proc/net/arp", 'r')
+	client_mac = assert(f:read('*a'))
+	f:close()
+
+	state:foreach("fbwifi", "client", map_remote_mac_to_token)
+end
+
+function getGatewayId()
+	id = string.match(GATEWAY_TOKEN, 'FBWIFI:GATEWAY|[0-9]*|([0-9]*)')
+	return id
+end
+
+process_cors()
+print("Content-type: application/json; charset=utf-8\n")
+
+getClientToken(os.getenv("REMOTE_ADDR"))
+response.gateway_id = getGatewayId()
+
+print( json.encode(response) )

feeds/facebook/fbwifi/files/luci-app-fbwifi/usr/lib/lua/luci/controller/fbwifi.lua

@@ -0,0 +1,12 @@
+-- SPDX-License-Identifier: GPL-2.0-only
+-- Copyright (c) Facebook, Inc. and its affiliates.
+
+module("luci.controller.fbwifi", package.seeall)
+
+sys = require "luci.sys"
+ut = require "luci.util"
+
+function index()
+    entry({"admin", "network", "fbwifi"}, template("fbwifi"), "Facebook Wi-Fi", 90).dependent=false
+end
+

feeds/facebook/fbwifi/files/luci-app-fbwifi/usr/lib/lua/luci/view/fbwifi.htm

@@ -0,0 +1,16 @@
+<%#
+ Copyright
+ Licensed to the public under the GNU General Public License v2.
+-%>
+
+<%+header%>
+
+<h1>Facebook Wi-Fi</h1>
+<%
+	require("uci")
+	state = uci.cursor("/var/state", "/tmp/fbwifi")
+	url = state:get("fbwifi", "main", "captive_portal_config_url")
+%>
+<a href="<% print(url) %>">Configure FB business page</a>
+
+<%+footer%>

feeds/ipq807x/ipq807x/base-files/etc/board.d/02_network

@@ -34,9 +34,7 @@ qcom_setup_interfaces()
 	qcom,ipq5018-mp03.3|\
 	yuncore,ax840|\
 	motorola,q14|\
-	sercomm,wallaby|\
-	plasmacloud,pax1800-v1|\
-	plasmacloud,pax1800-v2)
+	sercomm,wallaby)
 		ucidef_set_interface_lan "eth0"
 		ucidef_set_interface_wan "eth1"
 		;;
@@ -58,9 +56,7 @@ qcom_setup_interfaces()
 		ucidef_set_interface_wan "eth4"
 		;;
 	wallys,dr6018-v4|\
-	glinet,ax1800|\
-	meshpp,s618-cp03|\
-	meshpp,s618-cp01)
+	glinet,ax1800)
 		ucidef_set_interface_lan "eth1 eth2 eth3 eth4"
 		ucidef_set_interface_wan "eth0"
 		;;
@@ -99,10 +95,6 @@ qcom_setup_macs()
 		ucidef_set_network_device_mac eth1 $lan_mac
 		ucidef_set_label_macaddr $wan_mac
 		;;
-	yuncore,ax840)
-		wan_mac=$(cat /sys/class/net/eth1/address)
-		lan_mac=$(macaddr_add "$wan_mac" 1)
-		;;
 	*)
 		wan_mac=$(cat /sys/class/net/eth0/address)
 		lan_mac=$(macaddr_add "$wan_mac" 1)

feeds/ipq807x/ipq807x/base-files/etc/hotplug.d/firmware/10-ath11k-caldata

@@ -49,15 +49,6 @@ ath11k_generate_macs_ion4x() {
 	echo -ne \\x${wifimac2//:/\\x} >> /lib/firmware/ath11k-macs
 }
 
-ath11k_generate_macs_pax1800() {
-	touch /lib/firmware/ath11k-macs
-	eth=$(cat /sys/class/net/eth0/address)
-	mac1=$(macaddr_add $eth 10)
-	mac2=$(macaddr_add $eth 2)
-	echo -ne \\x${mac1//:/\\x} >> /lib/firmware/ath11k-macs
-	echo -ne \\x${mac2//:/\\x} >> /lib/firmware/ath11k-macs
-}
-
 caldata_die() {
         echo "caldata: " "$*"
         exit 1
@@ -105,14 +96,9 @@ case "$FIRMWARE" in
 	hfcl,ion4xe|\
 	wallys,dr6018|\
 	wallys,dr6018-v4|\
-	meshpp,ipq6018-cp01|\
-	meshpp,ipq6018-cp03|\
-	qcom,ipq6018-cp03|\
 	qcom,ipq6018-cp01|\
 	xiaomi,ax1800|\
-	glinet,ax1800|\
-	plasmacloud,pax1800-v1|\
-	plasmacloud,pax1800-v2)
+	glinet,ax1800)
                 caldata_extract "0:ART" 0x1000 0x20000  
 		;;
 	esac
@@ -145,7 +131,6 @@ ath11k/qcn6122/hw1.0/caldata_2.bin)
 ath11k/QCN9074/hw1.0/caldata_1.bin)
 	case "$board" in
 	cig,wf196|\
-	wallys,dr6018-v4|\
 	cybertan,eww622-a1|\
 	qcom,ipq5018-mp03.1|\
 	qcom,ipq807x-hk14)
@@ -170,7 +155,6 @@ ath11k-macs)
 	edgecore,eap101)
 		ath11k_generate_macs_eap101
 		;;
-	yuncore,ax840|\
 	edgecore,eap102|\
 	edgecore,eap106|\
 	cig,wf188n)
@@ -180,10 +164,6 @@ ath11k-macs)
 	cig,wf194c)
 		ath11k_generate_macs_wf194
 		;;
-	plasmacloud,pax1800-v1|\
-	plasmacloud,pax1800-v2)
-		ath11k_generate_macs_pax1800
-		;;
 	esac
 	;;
 *)

feeds/ipq807x/ipq807x/base-files/lib/upgrade/dualboot_datachk.sh

@@ -1,126 +0,0 @@
-# The U-Boot loader with the datachk patchset for dualbooting requires image
-# sizes and checksums to be provided in the U-Boot environment.
-# The devices come with 2 main partitions - while one is active
-# sysupgrade will flash the other. The boot order is changed to boot the
-# newly flashed partition. If the new partition can't be booted due to
-# upgrade failures the previously used partition is loaded.
-
-platform_post_upgrade_sanity_check()
-{
-	local part_name=$1
-	local inactive_mtd=$2
-	local cfg_md5=$3
-	local part_offset=$4
-	local part_size=$5
-
-	md5_part_disk=$(dd if=/dev/${inactive_mtd} bs=$((64*1024)) skip=$((part_offset / (64*1024))) count=$((part_size / (64*1024))) 2>&- | md5sum | awk '{print $1}')
-
-	if [ "${cfg_md5}" != "${md5_part_disk}" ]; then
-	      echo "post-flashing checksum mismatch: ${part_name}" >&2
-	      echo "${cfg_md5} != ${md5_part_disk}"
-	      return 1
-	fi
-
-	return 0
-}
-
-platform_do_upgrade_dualboot_datachk() {
-	local tar_file="$1"
-	local restore_backup
-	local primary_kernel_mtd
-
-	local setenv_script="/tmp/fw_env_upgrade"
-
-	local kernel_mtd="$(find_mtd_index $PART_NAME)"
-	local kernel_offset="$(cat /sys/class/mtd/mtd${kernel_mtd}/offset)"
-	local total_size="$(cat /sys/class/mtd/mtd${kernel_mtd}/size)"
-
-	# detect to which flash region the new image is written to.
-	#
-	# 1. check what is the mtd index for the first flash region on this
-	#    device
-	# 2. check if the target partition ("inactive") has the mtd index of
-	#    the first flash region
-	#
-	#    - when it is: the new bootseq will be 1,2 and the first region is
-	#      modified
-	#    - when it isnt: bootseq will be 2,1 and the second region is
-	#      modified
-	#
-	# The detection has to be done via the hardcoded mtd partition because
-	# the current boot might be done with the fallback region. Let us
-	# assume that the current bootseq is 1,2. The bootloader detected that
-	# the image in flash region 1 is corrupt and thus switches to flash
-	# region 2. The bootseq in the u-boot-env is now still the same and
-	# the sysupgrade code can now only rely on the actual mtd indexes and
-	# not the bootseq variable to detect the currently booted flash
-	# region/image.
-	#
-	# In the above example, an implementation which uses bootseq ("1,2") to
-	# detect the currently booted image would assume that region 1 is booted
-	# and then overwrite the variables for the wrong flash region (aka the
-	# one which isn't modified). This could result in a device which doesn't
-	# boot anymore to Linux until it was reflashed with ap51-flash.
-	local next_boot_part="1"
-	case "$(board_name)" in
-	plasmacloud,pax1800-v1|\
-	plasmacloud,pax1800-v2)
-		primary_kernel_mtd=9
-		;;
-	*)
-		echo "failed to detect primary kernel mtd partition for board"
-		return 1
-		;;
-	esac
-	[ "$kernel_mtd" = "$primary_kernel_mtd" ] || next_boot_part="2"
-
-	local board_dir=$(tar tf $tar_file | grep -m 1 '^sysupgrade-.*/$')
-	board_dir=${board_dir%/}
-
-	local kernel_length=$(tar xf $tar_file ${board_dir}/kernel -O | wc -c)
-	local rootfs_length=$(tar xf $tar_file ${board_dir}/root -O | wc -c)
-	# rootfs without EOF marker
-	rootfs_length=$((rootfs_length-4))
-
-	local kernel_md5=$(tar xf $tar_file ${board_dir}/kernel -O | md5sum); kernel_md5="${kernel_md5%% *}"
-	# md5 checksum of rootfs with EOF marker
-	local rootfs_md5=$(tar xf $tar_file ${board_dir}/root -O | dd bs=1 count=$rootfs_length | md5sum); rootfs_md5="${rootfs_md5%% *}"
-
-	#
-	# add tar support to get_image() to use default_do_upgrade() instead?
-	#
-
-	# take care of restoring a saved config
-	[ -n "$UPGRADE_BACKUP" ] && restore_backup="${MTD_CONFIG_ARGS} -j ${UPGRADE_BACKUP}"
-
-	mtd -q erase inactive
-	tar xf $tar_file ${board_dir}/root -O | mtd -n -p $kernel_length $restore_backup write - $PART_NAME
-	tar xf $tar_file ${board_dir}/kernel -O | mtd -n write - $PART_NAME
-
-	platform_post_upgrade_sanity_check "kernel" "mtd${kernel_mtd}" $kernel_md5 0 $kernel_length || return 1
-	platform_post_upgrade_sanity_check "rootfs" "mtd${kernel_mtd}" $rootfs_md5 $kernel_length $rootfs_length || return 1
-
-	# prepare new u-boot env
-	if [ "$next_boot_part" = "1" ]; then
-		echo "bootseq 1,2" > $setenv_script
-	else
-		echo "bootseq 2,1" > $setenv_script
-	fi
-
-	printf "kernel_size_%i 0x%08x\n" $next_boot_part $kernel_length >> $setenv_script
-	printf "vmlinux_start_addr 0x%08x\n" ${kernel_offset} >> $setenv_script
-	printf "vmlinux_size 0x%08x\n" ${kernel_length} >> $setenv_script
-	printf "vmlinux_checksum %s\n" ${kernel_md5} >> $setenv_script
-
-	printf "rootfs_size_%i 0x%08x\n" $next_boot_part $((total_size-kernel_length)) >> $setenv_script
-	printf "rootfs_start_addr 0x%08x\n" $((kernel_offset+kernel_length)) >> $setenv_script
-	printf "rootfs_size 0x%08x\n" ${rootfs_length} >> $setenv_script
-	printf "rootfs_checksum %s\n" ${rootfs_md5} >> $setenv_script
-
-	# store u-boot env changes
-	mkdir -p /var/lock
-	fw_setenv -s $setenv_script || {
-		echo "failed to update U-Boot environment"
-		return 1
-	}
-}

feeds/ipq807x/ipq807x/base-files/lib/upgrade/platform.sh

@@ -1,8 +1,7 @@
 . /lib/functions/system.sh
 
-
-RAMFS_COPY_BIN='fw_setenv'
-RAMFS_COPY_DATA='/etc/fw_env.config /var/lock/fw_printenv.lock /tmp/downgrade'
+RAMFS_COPY_BIN='fw_printenv fw_setenv'
+RAMFS_COPY_DATA='/etc/fw_env.config /var/lock/fw_printenv.lock'
 
 qca_do_upgrade() {
         local tar_file="$1"
@@ -84,8 +83,6 @@ platform_check_image() {
 	edgecore,eap106|\
 	hfcl,ion4xi|\
 	hfcl,ion4xe|\
-	plasmacloud,pax1800-v1|\
-	plasmacloud,pax1800-v2|\
 	tplink,ex227|\
 	tplink,ex447|\
 	yuncore,ax840|\
@@ -129,9 +126,7 @@ platform_do_upgrade() {
 	wallys,dr6018-v4|\
 	yuncore,ax840|\
 	tplink,ex447|\
-	tplink,ex227|\
-	meshpp,s618-cp03|\
-	meshpp,s618-cp01)
+	tplink,ex227)	
 		nand_upgrade_tar "$1"
 		;;
 	hfcl,ion4xi|\
@@ -155,11 +150,7 @@ platform_do_upgrade() {
 		if [ "$(find_mtd_chardev rootfs)" ]; then
 			CI_UBIPART="rootfs"
 		else
-			if [ -e /tmp/downgrade ]; then
-				CI_UBIPART="rootfs1"
-				fw_setenv active 1 || exit 1
-				fw_setenv upgrade_available 0 || exit 1
-			elif grep -q rootfs1 /proc/cmdline; then
+			if grep -q rootfs1 /proc/cmdline; then
 				CI_UBIPART="rootfs2"
 				fw_setenv active 2 || exit 1
 			else
@@ -169,10 +160,5 @@ platform_do_upgrade() {
 		fi
 		nand_upgrade_tar "$1"
 		;;
-	plasmacloud,pax1800-v1|\
-	plasmacloud,pax1800-v2)
-		PART_NAME="inactive"
-		platform_do_upgrade_dualboot_datachk "$1"
-		;;
 	esac
 }

feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-meshpp-s618-cp01.dts

@@ -1,2 +0,0 @@
-#include "../../../arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp01.dts"
-#include "qcom-ipq6018.dtsi"

feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-meshpp-s618-cp03.dts

@@ -1,2 +0,0 @@
-#include "../../../arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp03.dts"
-#include "qcom-ipq6018.dtsi"

feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-pax1800-v1.dts

@@ -1,18 +0,0 @@
-/*
- * Copyright (c) 2019, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "../../../arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v1.dts"
-#include "qcom-ipq6018.dtsi"

feeds/ipq807x/ipq807x/files/arch/arm/boot/dts/qcom-ipq6018-pax1800-v2.dts

@@ -1,18 +0,0 @@
-/*
- * Copyright (c) 2019, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "../../../arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v2.dts"
-#include "qcom-ipq6018.dtsi"

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp01.dts

@@ -1,23 +0,0 @@
-/dts-v1/;
-/*
- * Copyright (c) 2022, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "qcom-ipq6018-meshpp-s618.dtsi"
-
-/ {
-	model = "MeshPlusPlus, Inc. S618 CP01";
-	compatible = "meshpp,s618-cp01", "qcom,ipq6018-cp01", "qcom,ipq6018";
-};

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618-cp03.dts

@@ -1,23 +0,0 @@
-/dts-v1/;
-/*
- * Copyright (c) 2022, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "qcom-ipq6018-meshpp-s618.dtsi"
-
-/ {
-	model = "MeshPlusPlus, Inc. S618 CP01";
-	compatible = "meshpp,s618-cp03", "qcom,ipq6018-cp03", "qcom,ipq6018";
-};

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-meshpp-s618.dtsi

@@ -1,789 +0,0 @@
-/*
- * Copyright (c) 2022, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "qcom-ipq6018.dtsi"
-#include <dt-bindings/input/input.h>
-
-/ {
-	#address-cells = <0x2>;
-	#size-cells = <0x2>;
-	interrupt-parent = <&intc>;
-	qcom,msm-id = <0x1A5 0x0>;
-
-	aliases {
-		ethernet0 = "/soc/dp1";
-		ethernet1 = "/soc/dp2";
-		ethernet2 = "/soc/dp3";
-		ethernet3 = "/soc/dp4";
-		ethernet4 = "/soc/dp5";
-
-		led-boot = &led_green;
-		led-running = &led_blue;
-		led-upgrade = &led_red;
-	};
-
-	chosen {
-		bootargs = "console=ttyMSM0,115200,n8 rw init=/init";
-
-#ifdef __IPQ_MEM_PROFILE_256_MB__
-                bootargs-append = " console=ttyMSM0,115200n8 panic=10 ubi.mtd=nand root=mtd:ubi_rootfs rootfstype=squashfs swiotlb=1 rootwait";
-#else
-                bootargs-append = " console=ttyMSM0,115200n8 panic=10 ubi.mtd=nand root=mtd:ubi_rootfs rootfstype=squashfs swiotlb=1 coherent_pool=2M rootwait";
-#endif
-	};
-
-
-	/*
-	 * +=========+==============+========================+
-	 * |        |              |                         |
-	 * | Region | Start Offset |          Size           |
-	 * |        |              |                         |
-	 * +--------+--------------+-------------------------+
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * | Linux  |  0x41000000  |         139MB           |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * +--------+--------------+-------------------------+
-	 * | TZ App |  0x49B00000  |           6MB           |
-	 * +--------+--------------+-------------------------+
-	 *
-	 * From the available 145 MB for Linux in the first 256 MB,
-	 * we are reserving 6 MB for TZAPP.
-	 *
-	 * Refer arch/arm64/boot/dts/qcom/qcom-ipq6018-memory.dtsi
-	 * for memory layout.
-	 */
-
-/* TZAPP is enabled only in default memory profile */
-	reserved-memory {
-#if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
-		tzapp:tzapp@49B00000 {	/* TZAPPS */
-			no-map;
-			reg = <0x0 0x49B00000 0x0 0x00600000>;
-		};
-#endif
-		qcn9000_pcie0@50200000 {
-			no-map;
-			reg = <0x0 0x50200000 0x0 0x03700000>;
-		};
-
-		mhi_region0: dma_pool0@53900000 {
-			compatible = "shared-dma-pool";
-			no-map;
-			reg = <0x0 0x53900000 0x0 0x01800000>;
-		};
-	};
-};
-
-&tlmm {
-	pinctrl-0 = <&sd_ldo_pins &generic_gpios &pcie_pins>;
-	pinctrl-names = "default";
-
-	uart_pins: uart_pins {
-		mux {
-			pins = "gpio44", "gpio45";
-			function = "blsp2_uart";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-	};
-
-	sd_ldo_pins: sd_ldo_pins {
-		mux {
-			pins = "gpio66";
-			function = "gpio";
-			drive-strength = <2>;
-			bias-disable;
-			output-low;
-		};
-	};
-
-	spi_0_pins: spi_0_pins {
-		mux {
-			pins = "gpio38", "gpio39", "gpio40", "gpio41";
-			function = "blsp0_spi";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-	};
-
-	spi_1_pins: spi_1_pins {
-		mux {
-			pins = "gpio69", "gpio71", "gpio72";
-			function = "blsp1_spi";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-		spi_cs {
-			pins = "gpio70";
-			function = "blsp1_spi";
-			drive-strength = <8>;
-			bias-disable;
-		};
-		quartz_interrupt {
-			pins = "gpio78";
-			function = "gpio";
-			input;
-			bias-disable;
-		};
-		quartz_reset {
-			pins = "gpio79";
-			function = "gpio";
-			output-low;
-			bias-disable;
-		};
-	};
-
-	button_pins: button_pins {
-		switch_button {
-			pins = "gpio9";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-		reset_button {
-			pins = "gpio19";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-	};
-
-	mdio_pins: mdio_pinmux {
-		mux_0 {
-			pins = "gpio64";
-			function = "mdc";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-		mux_1 {
-			pins = "gpio65";
-			function = "mdio";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-		mux_2 {
-			pins = "gpio75";
-			function = "gpio";
-			bias-pull-up;
-		};
-		mux_3 {
-			pins = "gpio77";
-			function = "gpio";
-			bias-pull-up;
-		};
-	};
-
-	leds_pins: leds_pins {
-		led_5g {
-			pins = "gpio35";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-		led_2g {
-			pins = "gpio37";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-
-		m2_1_regulator {
-			pins = "gpio29";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-
-		m2_1_pwr_en {
-			pins = "gpio49";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-
-		m2_1_reset_n {
-			pins = "gpio32";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-
-		led_red: red {
-			pins = "gpio50";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-
-		led_green: green {
-			pins = "gpio54";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-
-		led_blue: blue {
-			pins = "gpio57";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-	};
-
-	sd_pins: sd_pins {
-		mux_1 {
-			pins = "gpio62";
-			function = "sd_card";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-
-		mux_2 {
-			pins = "gpio23";
-			function = "gpio";
-			drive_strength = <8>;
-			bias-disable;
-			output-high;
-		};
-	};
-
-	extcon_usb_pins: extcon_usb_pins {
-		mux {
-			pins = "gpio26";
-			function = "gpio";
-			drive-strength = <2>;
-			bias-pull-down;
-		};
-	};
-
-	generic_gpios: generic_gpios {
-		gpio42 {
-			pins = "gpio42";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-disable;
-			output-high;
-		};
-	};
-
-	pcie_pins: pcie_pins {
-		pcie0_enable {
-			pins = "gpio34";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-disable;
-			output-high;
-		};
-	};
-
-        i2c_2_pins: i2c_2_pins {
-                mux {
-                        pins = "gpio55", "gpio56";
-                        function = "gpio";
-                        drive-strength = <16>;
-                        bias-pull-up;
-                        input-enable;
-                };
-
-                mux_2 {
-                        pins = "gpio48";
-                        function = "gpio";
-                        drive_strength = <16>;
-                        output-high;
-                };
-
-                mux_3 {
-                        pins = "gpio73";
-                        function = "gpio";
-                        drive-stength = <16>;
-                        output-low;
-                };
-        };
-};
-
-&soc {
-	extcon_usb: extcon_usb {
-		pinctrl-0 = <&extcon_usb_pins>;
-		pinctrl-names = "default";
-		id-gpio = <&tlmm 26 GPIO_ACTIVE_LOW>;
-		status = "ok";
-	};
-
-	mdio0: mdio@90000 {
-		pinctrl-0 = <&mdio_pins>;
-		pinctrl-names = "default";
-		phy-reset-gpio = <&tlmm 75 0 &tlmm 77 1>;
-		status = "ok";
-		phy0: ethernet-phy@0 {
-			reg = <0>;
-		};
-		phy1: ethernet-phy@1 {
-			reg = <1>;
-		};
-		phy2: ethernet-phy@2 {
-			reg = <2>;
-		};
-                phy3: ethernet-phy@3 {
-                        reg = <3>;
-                };
-                phy4: ethernet-phy@4 {
-                        reg = <4>;
-                };
-	};
-
-	ess0: ess-switch@3a000000 {
-		switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
-		switch_lan_bmp = <0x1e>; /* lan port bitmap */
-		switch_wan_bmp = <0x20>; /* wan port bitmap */
-		switch_inner_bmp = <0xc0>; /*inner port bitmap*/
-		switch_mac_mode = <0x0>; /* mac mode for uniphy instance0*/
-		switch_mac_mode1 = <0xff>; /* mac mode for uniphy instance1*/
-		switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
-		qcom,port_phyinfo {
-			port@0 {
-				port_id = <1>;
-				phy_address = <0>;
-			};
-			port@1 {
-				port_id = <2>;
-				phy_address = <1>;
-			};
-			port@2 {
-				port_id = <3>;
-				phy_address = <2>;
-			};
-			port@3 {
-				port_id = <4>;
-				phy_address = <3>;
-			};
-			port@4 {
-				port_id = <5>;
-				phy_address = <4>;
-			};
-		};
-	};
-
-	dp1 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <1>;
-		reg = <0x3a001000 0x200>;
-		qcom,mactype = <0>;
-		local-mac-address = [000000000000];
-		qcom,link-poll = <1>;
-		qcom,phy-mdio-addr = <0>;
-		phy-mode = "sgmii";
-	};
-
-	dp2 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <2>;
-		reg = <0x3a001200 0x200>;
-		qcom,mactype = <0>;
-		local-mac-address = [000000000000];
-		qcom,link-poll = <1>;
-		qcom,phy-mdio-addr = <1>;
-		phy-mode = "sgmii";
-	};
-
-	dp3 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <3>;
-		reg = <0x3a001400 0x200>;
-		qcom,mactype = <0>;
-		local-mac-address = [000000000000];
-		qcom,link-poll = <1>;
-		qcom,phy-mdio-addr = <2>;
-		phy-mode = "sgmii";
-	};
-
-	dp4 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <4>;
-		reg = <0x3a001600 0x200>;
-		qcom,mactype = <0>;
-		local-mac-address = [000000000000];
-		qcom,link-poll = <1>;
-		qcom,phy-mdio-addr = <3>;
-		phy-mode = "sgmii";
-	};
-
-	dp5 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <5>;
-		reg = <0x3a001800 0x200>;
-		qcom,mactype = <0>;
-		local-mac-address = [000000000000];
-		qcom,link-poll = <1>;
-		qcom,phy-mdio-addr = <4>;
-		phy-mode = "sgmii";
-	};
-
-	leds {
-		compatible = "gpio-leds";
-		pinctrl-0 = <&leds_pins>;
-		pinctrl-names = "default";
-
-		led@29 {
-			label = "m2_1_regulator";
-			gpios = <&tlmm 29 GPIO_ACTIVE_HIGH>;
-			linux,default-trigger = "none";
-			default-state = "on";
-		};
-
-		led@49 {
-			label = "m2_1_pwr_en";
-			gpios = <&tlmm 49 GPIO_ACTIVE_HIGH>;
-			linux,default-trigger = "none";
-			default-state = "on";
-		};
-
-		led@32 {
-			label = "m2_1_reset_n";
-			gpios = <&tlmm 32 GPIO_ACTIVE_LOW>;
-			linux,default-trigger = "none";
-			default-state = "off";
-		};
-
-		led@50 {
-			label = "red";
-			gpios = <&tlmm 50 GPIO_ACTIVE_HIGH>;
-			linux,default-trigger = "none";
-			default-state = "on";
-		};
-
-		led@54 {
-			label = "green";
-			gpios = <&tlmm 54 GPIO_ACTIVE_HIGH>;
-			linux,default-trigger = "none";
-			default-state = "on";
-		};
-
-		led@57 {
-			label = "blue";
-			gpios = <&tlmm 57 GPIO_ACTIVE_HIGH>;
-			linux,default-trigger = "none";
-			default-state = "off";
-		};
-	};
-
-	gpio_keys {
-		compatible = "gpio-keys";
-		pinctrl-0 = <&button_pins>;
-		pinctrl-names = "default";
-
-		switch {
-			label = "switch";
-			linux,code = <KEY_WPS_BUTTON>;
-			gpios = <&tlmm 9 GPIO_ACTIVE_LOW>;
-			linux,input-type = <1>;
-			debounce-interval = <60>;
-		};
-		reset {
-			label = "reset";
-			linux,code = <KEY_RESTART>;
-			gpios = <&tlmm 18 GPIO_ACTIVE_LOW>;
-			linux,input-type = <1>;
-			debounce-interval = <60>;
-		};
-	};
-
-	i2c_2: i2c@0 { /* i2c gpio */
-		pinctrl-0 = <&i2c_2_pins>;
-	        pinctrl-names = "default";
-		compatible = "i2c-gpio";
-		gpios = <&tlmm 56 0>, <&tlmm 55 0>;
-		i2c-gpio,scl-open-drain;
-		i2c-gpio,delay-us = <7>;
-		#address-cells = <1>;
-		#size-cells = <0>;
-		status = "ok";
-	};
-
-	wifi3: wifi3@f00000 {
-		qcom,wlan-ramdump-dynamic = <0x400000>;
-		mhi,max-channels = <30>;
-		mhi,timeout = <10000>;
-		#address-cells = <1>;
-		#size-cells = <0>;
-		qrtr_node_id = <0x20>;
-		qca,auto-restart;
-#ifdef __IPQ_MEM_PROFILE_512_MB__
-
-	      /* QCN9000 tgt-mem-mode=1 layout - 30MB
-	       * +=========+==============+=========+
-	       * |  Region | Start Offset |   Size  |
-	       * +---------+--------------+---------+
-	       * | BASE    |  0x4E400000  |   20MB  |
-	       * +---------+--------------+---------+
-	       * | M3 Dump |  0x4F800000  |   1MB   |
-	       * +---------+--------------+---------+
-	       * |  Caldb  |  0x4FA00000  |   8MB   |
-	       * +==================================+
-	       */
-
-		base-addr = <0x4E400000>;
-		m3-dump-addr = <0x4F800000>;
-		qcom,caldb-addr = <0x4FA00000>;
-#else
-
-	      /* QCN9000 tgt-mem-mode=0 layout - 55MB
-	       * +=========+==============+=========+
-	       * |  Region | Start Offset |   Size  |
-	       * +---------+--------------+---------+
-	       * | BASE    |  0x50200000  |   45MB  |
-	       * +---------+--------------+---------+
-	       * | M3 Dump |  0x52F00000  |   1MB   |
-	       * +---------+--------------+---------+
-	       * |  Caldb  |  0x53100000  |   8MB   |
-	       * +==================================+
-	       */
-
-		base-addr = <0x50200000>;
-		m3-dump-addr = <0x52F00000>;
-		qcom,caldb-addr = <0x53100000>;
-#endif
-		status = "ok";
-
-		mhi_channels {
-			mhi_chan@0 {
-				reg = <0>;
-				label = "LOOPBACK";
-				mhi,num-elements = <32>;
-				mhi,event-ring = <1>;
-				mhi,chan-dir = <1>;
-				mhi,data-type = <0>;
-				mhi,doorbell-mode = <2>;
-				mhi,ee = <0x14>;
-			};
-
-			mhi_chan@1 {
-				reg = <1>;
-				label = "LOOPBACK";
-				mhi,num-elements = <32>;
-				mhi,event-ring = <1>;
-				mhi,chan-dir = <2>;
-				mhi,data-type = <0>;
-				mhi,doorbell-mode = <2>;
-				mhi,ee = <0x14>;
-			};
-
-			mhi_chan@4 {
-				reg = <4>;
-				label = "DIAG";
-				mhi,num-elements = <32>;
-				mhi,event-ring = <1>;
-				mhi,chan-dir = <1>;
-				mhi,data-type = <0>;
-				mhi,doorbell-mode = <2>;
-				mhi,ee = <0x14>;
-			};
-
-			mhi_chan@5 {
-				reg = <5>;
-				label = "DIAG";
-				mhi,num-elements = <32>;
-				mhi,event-ring = <1>;
-				mhi,chan-dir = <2>;
-				mhi,data-type = <0>;
-				mhi,doorbell-mode = <2>;
-				mhi,ee = <0x14>;
-			};
-
-			mhi_chan@20 {
-				reg = <20>;
-				label = "IPCR";
-				mhi,num-elements = <32>;
-				mhi,event-ring = <1>;
-				mhi,chan-dir = <1>;
-				mhi,data-type = <1>;
-				mhi,doorbell-mode = <2>;
-				mhi,ee = <0x14>;
-				mhi,auto-start;
-			};
-
-			mhi_chan@21 {
-				reg = <21>;
-				label = "IPCR";
-				mhi,num-elements = <32>;
-				mhi,event-ring = <1>;
-				mhi,chan-dir = <2>;
-				mhi,data-type = <0>;
-				mhi,doorbell-mode = <2>;
-				mhi,ee = <0x14>;
-				mhi,auto-queue;
-				mhi,auto-start;
-			};
-		};
-
-		mhi_events {
-			mhi_event@0 {
-				mhi,num-elements = <32>;
-				mhi,intmod = <1>;
-				mhi,msi = <1>;
-				mhi,priority = <1>;
-				mhi,brstmode = <2>;
-				mhi,data-type = <1>;
-			};
-
-			mhi_event@1 {
-				mhi,num-elements = <256>;
-				mhi,intmod = <1>;
-				mhi,msi = <2>;
-				mhi,priority = <1>;
-				mhi,brstmode = <2>;
-			};
-		};
-
-		mhi_devices {
-			mhi_qrtr {
-				mhi,chan = "IPCR";
-				qcom,net-id = <0>;
-			};
-		};
-	};
-};
-
-&blsp1_uart3 {
-	pinctrl-0 = <&uart_pins>;
-	pinctrl-names = "default";
-	status = "ok";
-};
-
-&qpic_bam {
-	status = "ok";
-};
-
-&ssphy_0 {
-	status = "ok";
-};
-
-&qusb_phy_0 {
-	status = "ok";
-};
-
-&qusb_phy_1 {
-	status = "ok";
-};
-
-&usb2 {
-	status = "ok";
-};
-
-&usb3 {
-	status = "ok";
-};
-
-&nss_crypto {
-	status = "ok";
-};
-
-&CPU0 {
-	operating-points = <
-		/* kHz   uV (fixed) */
-		864000   1100000
-		1056000  1100000
-		1200000  1100000
-		1608000  1100000
-	>;
-	clock-latency = <200000>;
-};
-
-&CPU1 {
-	operating-points = <
-		/* kHz   uV (fixed) */
-		864000   1100000
-		1056000  1100000
-		1200000  1100000
-		1608000  1100000
-	>;
-	clock-latency = <200000>;
-};
-
-&CPU2 {
-	operating-points = <
-		/* kHz   uV (fixed) */
-		864000   1100000
-		1056000  1100000
-		1200000  1100000
-		1608000  1100000
-	>;
-	clock-latency = <200000>;
-};
-
-&CPU3 {
-	operating-points = <
-		/* kHz   uV (fixed) */
-		864000   1100000
-		1056000  1100000
-		1200000  1100000
-		1608000  1100000
-	>;
-	clock-latency = <200000>;
-};
-
-&wifi0 {
-        qcom,board_id = <0x10>;
-        status = "ok";
-};
-
-&pcie0 {
-	status = "ok";
-
-	pcie0_rp {
-		reg = <0 0 0 0 0>;
-		status = "ok";
-
-		mhi_0: qcom,mhi@0 {
-			reg = <0 0 0 0 0 >;
-			qrtr_instance_id = <0x20>;
-			qcom,board_id = <0xa4>;
-#if !defined(__IPQ_MEM_PROFILE_256_MB__)
-			memory-region = <&mhi_region0>;
-#endif
-		};
-	};
-};
-
-&pcie_phy {
-        status = "ok";
-};
-
-&spi_0 {
-	pinctrl-0 = <&spi_0_pins>;
-	pinctrl-names = "default";
-	cs-select = <0>;
-	status = "ok";
-
-	m25p80@0 {
-		#address-cells = <1>;
-		#size-cells = <1>;
-		reg = <0>;
-		compatible = "n25q128a11";
-		linux,modalias = "m25p80", "n25q128a11";
-		spi-max-frequency = <50000000>;
-		use-default-sizes;
-	};
-};

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v1.dts

@@ -1,23 +0,0 @@
-/dts-v1/;
-/*
- * Copyright (c) 2019, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "qcom-ipq6018-pax1800.dtsi"
-
-/ {
-	model = "Plasma Cloud PAX1800 v1";
-	compatible = "plasmacloud,pax1800-v1", "qcom,ipq6018-cp03", "qcom,ipq6018";
-};

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800-v2.dts

@@ -1,23 +0,0 @@
-/dts-v1/;
-/*
- * Copyright (c) 2019, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "qcom-ipq6018-pax1800.dtsi"
-
-/ {
-	model = "Plasma Cloud PAX1800 v2";
-	compatible = "plasmacloud,pax1800-v2", "qcom,ipq6018-cp03", "qcom,ipq6018";
-};

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-pax1800.dtsi

@@ -1,315 +0,0 @@
-/*
- * Copyright (c) 2019, The Linux Foundation. All rights reserved.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "qcom-ipq6018.dtsi"
-#include "qcom-ipq6018-rpm-regulator.dtsi"
-#include "qcom-ipq6018-cpr-regulator.dtsi"
-#include "qcom-ipq6018-cp-cpu.dtsi"
-#include <dt-bindings/input/input.h>
-
-/ {
-	#address-cells = <0x2>;
-	#size-cells = <0x2>;
-
-	interrupt-parent = <&intc>;
-	qcom,msm-id = <0x1A5 0x0>;
-
-	chosen {
-		bootargs = "console=ttyMSM0,115200,n8 rw init=/init";
-		bootargs-append = " swiotlb=1 coherent_pool=2M";
-	};
-
-	aliases {
-		serial0 = &blsp1_uart3;
-		/*
-		 * Aliases as required by u-boot
-		 * to patch MAC addresses
-		 */
-		ethernet0 = "/soc/dp1";
-		ethernet1 = "/soc/dp2";
-
-		led-boot = &led_status_green;
-		led-failsafe = &led_status_green;
-		led-running = &led_status_green;
-		led-upgrade = &led_status_green;
-		led-uplink = &led_status_blue;
-	};
-
-	gpio_keys {
-		compatible = "gpio-keys";
-		pinctrl-0 = <&button_pins>;
-		pinctrl-names = "default";
-
-		reset {
-			label = "reset";
-			linux,code = <KEY_RESTART>;
-			gpios = <&tlmm 24 GPIO_ACTIVE_LOW>;
-			linux,input-type = <1>;
-			debounce-interval = <60>;
-		};
-	};
-
-	leds {
-		compatible = "gpio-leds";
-		pinctrl-0 = <&leds_pins>;
-		pinctrl-names = "default";
-
-		status_red {
-			label = "red:status";
-			gpios = <&tlmm 25 GPIO_ACTIVE_HIGH>;
-			linux,default-trigger = "default-off";
-		};
-
-		led_status_green: status_green {
-			label = "green:status";
-			gpios = <&tlmm 35 GPIO_ACTIVE_HIGH>;
-		};
-
-		led_status_blue: status_blue {
-			label = "blue:status";
-			gpios = <&tlmm 37 GPIO_ACTIVE_HIGH>;
-			linux,default-trigger = "default-off";
-		};
-	};
-
-	watchdog {
-		compatible = "linux,wdt-gpio";
-		pinctrl-0 = <&watchdog_pins>;
-		pinctrl-names = "default";
-		gpios = <&tlmm 67 GPIO_ACTIVE_LOW>;
-		hw_algo = "toggle";
-		hw_margin_ms = <2000>;
-		always-running;
-	};
-
-	/*
-	 * +=========+==============+========================+
-	 * |        |              |                         |
-	 * | Region | Start Offset |          Size           |
-	 * |        |              |                         |
-	 * +--------+--------------+-------------------------+
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * | Linux  |  0x41000000  |         139MB           |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * |        |              |                         |
-	 * +--------+--------------+-------------------------+
-	 * | TZ App |  0x49B00000  |           6MB           |
-	 * +--------+--------------+-------------------------+
-	 *
-	 * From the available 145 MB for Linux in the first 256 MB,
-	 * we are reserving 6 MB for TZAPP.
-	 *
-	 * Refer arch/arm64/boot/dts/qcom/qcom-ipq6018-memory.dtsi
-	 * for memory layout.
-	 */
-
-/* TZAPP is enabled only in default memory profile */
-#if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
-	reserved-memory {
-		tzapp:tzapp@49B00000 {	/* TZAPPS */
-			no-map;
-			reg = <0x0 0x49B00000 0x0 0x00600000>;
-		};
-	};
-#endif
-};
-
-&tlmm {
-	uart_pins: uart_pins {
-		mux {
-			pins = "gpio44", "gpio45";
-			function = "blsp2_uart";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-	};
-
-	spi_0_pins: spi_0_pins {
-		mux {
-			pins = "gpio38", "gpio39", "gpio40", "gpio41";
-			function = "blsp0_spi";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-	};
-
-	button_pins: button_pins {
-		reset_button {
-			pins = "gpio24";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-	};
-
-	mdio_pins: mdio_pinmux {
-		mux_0 {
-			pins = "gpio64";
-			function = "mdc";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-		mux_1 {
-			pins = "gpio65";
-			function = "mdio";
-			drive-strength = <8>;
-			bias-pull-up;
-		};
-		mux_2 {
-			pins = "gpio75";
-			function = "gpio";
-			bias-pull-up;
-		};
-	};
-
-	leds_pins: led_pinmux {
-		led_power_green {
-			pins = "gpio25";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-		led_power_blue {
-			pins = "gpio35";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-		led_power_red {
-			pins = "gpio37";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-		};
-	};
-
-	watchdog_pins: watchdog_pinmux {
-		mux {
-			pins = "gpio67";
-			function = "gpio";
-			bias-none;
-			output-low;
-		};
-	};
-};
-
-&soc {
-	mdio@90000 {
-		pinctrl-0 = <&mdio_pins>;
-		pinctrl-names = "default";
-		phy-reset-gpio = <&tlmm 75 0>;
-		status = "ok";
-		phy0: ethernet-phy@0 {
-			reg = <3>;
-		};
-		phy1: ethernet-phy@1 {
-			reg = <4>;
-		};
-	};
-
-	ess-switch@3a000000 {
-		switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
-		switch_lan_bmp = <0x08>; /* lan port bitmap */
-		switch_wan_bmp = <0x10>; /* wan port bitmap */
-		switch_inner_bmp = <0xc0>; /*inner port bitmap*/
-		switch_mac_mode = <0x0>; /* mac mode for uniphy instance0*/
-		switch_mac_mode1 = <0xff>; /* mac mode for uniphy instance1*/
-		switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
-		qcom,port_phyinfo {
-			port@3 {
-				port_id = <3>;
-				phy_address = <4>;
-			};
-			port@4 {
-				port_id = <4>;
-				phy_address = <3>;
-			};
-		};
-	};
-
-	dp1 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <3>;
-		reg = <0x3a001400 0x200>;
-		qcom,mactype = <0>;
-		local-mac-address = [000000000000];
-		qcom,link-poll = <1>;
-		qcom,phy-mdio-addr = <4>;
-		phy-mode = "sgmii";
-	};
-
-	dp2 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <4>;
-		reg = <0x3a001600 0x200>;
-		qcom,mactype = <0>;
-		local-mac-address = [000000000000];
-		qcom,link-poll = <1>;
-		qcom,phy-mdio-addr = <3>;
-		phy-mode = "sgmii";
-	};
-};
-
-&blsp1_uart3 {
-	pinctrl-0 = <&uart_pins>;
-	pinctrl-names = "default";
-	status = "ok";
-};
-
-&spi_0 {
-	pinctrl-0 = <&spi_0_pins>;
-	pinctrl-names = "default";
-	cs-select = <0>;
-	status = "ok";
-
-	m25p80@0 {
-		#address-cells = <1>;
-		#size-cells = <1>;
-		reg = <0>;
-		compatible = "n25q128a11";
-		linux,modalias = "m25p80", "n25q128a11";
-		spi-max-frequency = <50000000>;
-		use-default-sizes;
-	};
-};
-
-&qpic_bam {
-	status = "ok";
-};
-
-&nss_crypto {
-	status = "ok";
-};
-
-/* TZAPP is enabled in default memory profile only */
-#if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
-&qseecom {
-	mem-start = <0x49B00000>;
-	mem-size = <0x600000>;
-	status = "ok";
-};
-#endif
-
-&wifi0 {
-	status = "okay";
-	qcom,ath11k-calibration-variant = "PlasmaCloud-PAX1800";
-};

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-wallys-dr6018-v4.dts

@@ -82,24 +82,14 @@
 	 */
 
 /* TZAPP is enabled only in default memory profile */
-	reserved-memory {
 #if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
+	reserved-memory {
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
-#endif
-		qcn9000_pcie0@50200000 {
-			no-map;
-			reg = <0x0 0x50200000 0x0 0x02D00000>;
-		};
-
-		mhi_region0: dma_pool0@52f00000 {
-			compatible = "shared-dma-pool";
-			no-map;
-			reg = <0x0 0x52F00000 0x0 0x01800000>;
-		};
 	};
+#endif
 };
 
 &tlmm {
@@ -500,49 +490,3 @@
 	//vqmmc-supply = <&ipq6018_l2_corner>;
 	status = "ok";
 };
-
-&wifi1 {
-	base-addr = <0x50200000>;
-	m3-dump-addr = <0x52500000>;
-	etr-addr = <0x52600000>;
-	caldb-addr = <0x52700000>;
-	hremote-size = <0x2300000>;
-	tgt-mem-mode = <0x0>;
-	board_id = <0xa4>;
-	caldb-size = <0x800000>;
-	status = "ok";
-};
-
-&pcie0 {
-	status = "ok";
-	interrupts = <0 52 0>, <0 416 0>, <0 417 0>,
-                     <0 418 0>, <0 419 0>, <0 420 0>,
-                     <0 421 0>, <0 422 0>, <0 423 0>,
-                     <0 424 0>, <0 425 0>, <0 426 0>,
-                     <0 427 0>, <0 428 0>, <0 429 0>,
-                     <0 430 0>, <0 431 0>;
-
-        interrupt-names = "msi", "msi_0", "msi_1",
-                          "msi_2", "msi_3", "msi_4",
-                          "msi_5", "msi_6", "msi_7",
-                          "msi_8", "msi_9", "msi_10",
-                          "msi_11", "msi_12", "msi_13",
-                          "msi_14", "msi_15";
-
-        qcom,msi-gicm-addr = <0x0B00A040>;
-        qcom,msi-gicm-base = <0x1c0>;
-};
-
-&pcie0_rp {
-        status = "ok";
-
-        mhi_0: qcom,mhi@0 {
-                reg = <0 0 0 0 0 >;
-                qrtr_instance_id = <0x20>;
-                memory-region = <&mhi_region0>;
-        };
-};
-
-&pcie_phy {
-        status = "ok";
-};

feeds/ipq807x/ipq807x/files/arch/arm64/boot/dts/qcom/qcom-ipq6018-yuncore-ax840.dts

@@ -35,15 +35,12 @@
 		bootargs-append = " swiotlb=1 coherent_pool=2M";
 	};
 
-/* TZAPP is enabled only in default memory profile */
-#if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 	reserved-memory {
 		tzapp:tzapp@49B00000 {	/* TZAPPS */
 			no-map;
 			reg = <0x0 0x49B00000 0x0 0x00600000>;
 		};
 	};
-#endif
 };
 
 &tlmm {
@@ -162,16 +159,6 @@
 		};
 	};
 
-	modem_power_pins {
-		mux {
-			pins = "gpio27";
-			function = "gpio";
-			drive-strength = <8>;
-			bias-pull-down;
-			output-high;
-		};
-	};
-
 	leds_pins: leds_pins {
 		led_blue {
 			pins = "gpio35";
@@ -236,18 +223,6 @@
 	};
 
 	dp1 {
-		device_type = "network";
-		compatible = "qcom,nss-dp";
-		qcom,id = <0x04>;
-		reg = <0x3a001600 0x200>;
-		qcom,mactype = <0x00>;
-		local-mac-address = [00 00 00 00 00 00];
-		qcom,link-poll = <0x01>;
-		qcom,phy-mdio-addr = <0x03>;
-		phy-mode = "sgmii";
-	};
-
-	dp2 {
 		device_type = "network";
 		compatible = "qcom,nss-dp";
 		qcom,id = <0x05>;
@@ -259,6 +234,18 @@
 		phy-mode = "sgmii";
 	};
 
+	dp2 {
+		device_type = "network";
+		compatible = "qcom,nss-dp";
+		qcom,id = <0x04>;
+		reg = <0x3a001600 0x200>;
+		qcom,mactype = <0x00>;
+		local-mac-address = [00 00 00 00 00 00];
+		qcom,link-poll = <0x01>;
+		qcom,phy-mdio-addr = <0x03>;
+		phy-mode = "sgmii";
+	};
+
 	gpio_keys {
 		compatible = "gpio-keys";
 
@@ -281,17 +268,17 @@
 		pinctrl-names = "default";
 
 		led_system: system {
-			label = "green:system";
+			label = "ax860:green:system";
 			gpio = <&tlmm 37 GPIO_ACTIVE_HIGH>;
 		};
 
 		wlan2g {
-			label = "blue:wlan2g";
+			label = "ax860:blue:wlan2g";
 			gpio = <&tlmm 35 GPIO_ACTIVE_HIGH>;
 		};
 
 		wlan5g {
-			label = "red:wlan5g";
+			label = "ax860:red:wlan5g";
 			gpio = <&tlmm 32 GPIO_ACTIVE_HIGH>;
 		};
 	};
@@ -349,31 +336,8 @@
 	/delete-node/ opp06;
 };
 
-/* TZAPP is enabled in default memory profile only */
-#if !defined(__IPQ_MEM_PROFILE_256_MB__) && !defined(__IPQ_MEM_PROFILE_512_MB__)
 &qseecom {
 	mem-start = <0x49B00000>;
 	mem-size = <0x600000>;
 	status = "ok";
 };
-#endif
-
-&ssphy_0 {
-	status = "ok";
-};
-
-&qusb_phy_0 {
-	status = "ok";
-};
-
-&qusb_phy_1 {
-	status = "ok";
-};
-
-&usb2 {
-	status = "ok";
-};
-
-&usb3 {
-	status = "ok";
-};

feeds/ipq807x/ipq807x/image/ipq60xx.mk

@@ -1,7 +1,5 @@
 KERNEL_LOADADDR := 0x41008000
 
-DEVICE_VARS += CE_TYPE
-
 define Device/cig_wf188n
   DEVICE_TITLE := Cigtech WF-188n
   DEVICE_DTS := qcom-ipq6018-cig-wf188n
@@ -25,7 +23,7 @@ define Device/hfcl_ion4xi
   DEVICE_DTS := qcom-ipq6018-hfcl-ion4xi
   DEVICE_DTS_CONFIG := config@cp01-c1
   SUPPORTED_DEVICES := hfcl,ion4xi
-  DEVICE_PACKAGES := ath11k-wifi-hfcl-ion4xi uboot-envtools
+  DEVICE_PACKAGES := ath11k-wifi-qcom-ipq6018 uboot-envtools
 endef
 TARGET_DEVICES += hfcl_ion4xi
 
@@ -52,7 +50,7 @@ define Device/wallys_dr6018_v4
   DEVICE_DTS := qcom-ipq6018-wallys-dr6018-v4
   DEVICE_DTS_CONFIG := config@cp01-c4
   SUPPORTED_DEVICES := wallys,dr6018-v4
-  DEVICE_PACKAGES := ath11k-wifi-wallys-dr6018-v4 uboot-envtools ath11k-firmware-qcn9000
+  DEVICE_PACKAGES := ath11k-wifi-wallys-dr6018-v4 uboot-envtools
 endef
 TARGET_DEVICES += wallys_dr6018_v4
 
@@ -90,53 +88,3 @@ define Device/yuncore_ax840
   DEVICE_PACKAGES := ath11k-wifi-yuncore-ax840 uboot-env
 endef
 TARGET_DEVICES += yuncore_ax840
-
-define Device/plasmacloud_common_64k
-  DEVICE_PACKAGES := uboot-envtools
-  CE_TYPE :=
-  BLOCKSIZE := 64k
-  IMAGES := sysupgrade.tar factory.bin
-  IMAGE/factory.bin := append-rootfs | pad-rootfs | openmesh-image ce_type=$$$$(CE_TYPE)
-  IMAGE/sysupgrade.tar := append-rootfs | pad-rootfs | sysupgrade-tar rootfs=$$$$@ | append-metadata
-  KERNEL += | pad-to $$(BLOCKSIZE)
-endef
-
-define Device/plasmacloud_pax1800-v1
-  $(Device/plasmacloud_common_64k)
-  DEVICE_TITLE := Plasma Cloud PAX1800 v1
-  DEVICE_DTS := qcom-ipq6018-pax1800-v1
-  SUPPORTED_DEVICES := plasmacloud,pax1800-v1
-  DEVICE_DTS_CONFIG := config@cp03-c1
-  CE_TYPE := PAX1800
-  DEVICE_PACKAGES += ath11k-wifi-plasmacloud-pax1800
-endef
-TARGET_DEVICES += plasmacloud_pax1800-v1
-
-define Device/plasmacloud_pax1800-v2
-  $(Device/plasmacloud_common_64k)
-  DEVICE_TITLE := Plasma Cloud PAX1800 v2
-  DEVICE_DTS := qcom-ipq6018-pax1800-v2
-  SUPPORTED_DEVICES := plasmacloud,pax1800-v2
-  DEVICE_DTS_CONFIG := config@plasmacloud.pax1800v2
-  CE_TYPE := PAX1800v2
-  DEVICE_PACKAGES += ath11k-wifi-plasmacloud-pax1800
-endef
-TARGET_DEVICES += plasmacloud_pax1800-v2
-
-define Device/meshpp_s618_cp03
-  DEVICE_TITLE := S618 cp03
-  DEVICE_DTS := qcom-ipq6018-meshpp-s618-cp03
-  SUPPORTED_DEVICES := meshpp,s618-cp03
-  DEVICE_DTS_CONFIG := config@cp03-c1
-  DEVICE_PACKAGES := ath11k-wifi-meshpp-s618 -kmod-usb-dwc3-of-simple kmod-usb-dwc3-qcom kmod-usb3
-endef
-TARGET_DEVICES += meshpp_s618_cp03
-
-define Device/meshpp_s618_cp01
-  DEVICE_TITLE := S618 cp01
-  DEVICE_DTS := qcom-ipq6018-meshpp-s618-cp01
-  SUPPORTED_DEVICES := meshpp,s618-cp01
-  DEVICE_DTS_CONFIG := config@cp01-c1
-  DEVICE_PACKAGES := ath11k-wifi-meshpp-s618 -kmod-usb-dwc3-of-simple kmod-usb-dwc3-qcom kmod-usb3
-endef
-TARGET_DEVICES += meshpp_s618_cp01

feeds/ipq807x/ipq807x/patches/200-bpf_backport.patch

@@ -32856,7 +32856,7 @@
 +
 +	new_range = dst_reg->off;
 +	if (range_right_open)
-+		new_range++;
++		new_range--;
 +
 +	/* Examples for register markings:
 +	 *

feeds/ipq807x/ipq807x/patches/224-clear-skbuffs-cb-for-incoming-packets.patch

@@ -1,30 +0,0 @@
-From a0d398a7373b395a2cbdc865815560671d1e8a08 Mon Sep 17 00:00:00 2001
-From: Venkat Chimata <venkata@shasta.cloud>
-Date: Fri, 12 Aug 2022 15:42:40 +0530
-Subject: [PATCH] sk_buff's cb should be cleared in the entry point for both
- incoming and outgoing packets at each layer. At bridge, it is already handled
- in the outgoing path, but not in the incoming path. We have seen cases where
- proxyarp_replied was 1 on sk_buffs coming from the WLAN driver and they were
- getting dropped in forwarding path.
-
-Signed-off-by: Venkat Chimata <venkata@shasta.cloud>
----
- net/bridge/br_input.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
-index e6b745b7..09cd5b72 100644
---- a/net/bridge/br_input.c
-+++ b/net/bridge/br_input.c
-@@ -282,6 +282,8 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
- 	if (!skb)
- 		return RX_HANDLER_CONSUMED;
- 
-+	memset(skb->cb, 0, sizeof(struct br_input_skb_cb));
-+
- 	p = br_port_get_rcu(skb->dev);
- 
- 	if (unlikely(is_link_local_ether_addr(dest))) {
--- 
-2.34.1
-

feeds/ipq807x/ipq807x/patches/230-ipv4-route-Ignore-output-interface-in-FIB-lookup-for.patch

@@ -1,72 +0,0 @@
-From: Stefano Brivio <sbrivio@redhat.com>
-Date: Tue, 4 Aug 2020 07:53:42 +0200
-Subject: [PATCH] ipv4: route: Ignore output interface in FIB lookup for PMTU
- route
-
-Currently, processes sending traffic to a local bridge with an
-encapsulation device as a port don't get ICMP errors if they exceed
-the PMTU of the encapsulated link.
-
-David Ahern suggested this as a hack, but it actually looks like
-the correct solution: when we update the PMTU for a given destination
-by means of updating or creating a route exception, the encapsulation
-might trigger this because of PMTU discovery happening either on the
-encapsulation device itself, or its lower layer. This happens on
-bridged encapsulations only.
-
-The output interface shouldn't matter, because we already have a
-valid destination. Drop the output interface restriction from the
-associated route lookup.
-
-For UDP tunnels, we will now have a route exception created for the
-encapsulation itself, with a MTU value reflecting its headroom, which
-allows a bridge forwarding IP packets originated locally to deliver
-errors back to the sending socket.
-
-The behaviour is now consistent with IPv6 and verified with selftests
-pmtu_ipv{4,6}_br_{geneve,vxlan}{4,6}_exception introduced later in
-this series.
-
-v2:
-- reset output interface only for bridge ports (David Ahern)
-- add and use netif_is_any_bridge_port() helper (David Ahern)
-
-Suggested-by: David Ahern <dsahern@gmail.com>
-Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-Reviewed-by: David Ahern <dsahern@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-
---- a/include/linux/netdevice.h
-+++ b/include/linux/netdevice.h
-@@ -4015,6 +4015,16 @@ static inline bool netif_is_ovs_master(c
- 	return dev->priv_flags & IFF_OPENVSWITCH;
- }
- 
-+static inline bool netif_is_ovs_port(const struct net_device *dev)
-+{
-+	return dev->priv_flags & IFF_OVS_DATAPATH;
-+}
-+
-+static inline bool netif_is_any_bridge_port(const struct net_device *dev)
-+{
-+	return netif_is_bridge_port(dev) || netif_is_ovs_port(dev);
-+}
-+
- static inline bool netif_is_ifb_dev(const struct net_device *dev)
- {
- 	return dev->priv_flags_ext & IFF_EXT_IFB;
---- a/net/ipv4/route.c
-+++ b/net/ipv4/route.c
-@@ -1004,6 +1004,11 @@ static void ip_rt_update_pmtu(struct dst
- 	struct flowi4 fl4;
- 
- 	ip_rt_build_flow_key(&fl4, sk, skb);
-+
-+	/* Don't make lookup fail for bridged encapsulations */
-+	if (skb && netif_is_any_bridge_port(skb->dev))
-+		fl4.flowi4_oif = 0;
-+
- 	__ip_rt_update_pmtu(rt, &fl4, mtu);
- }
- 

feeds/ipq807x/ipq807x/patches/231-icmp-add-helpers-to-recognize-ICMP-error-packets.patch

@@ -1,57 +0,0 @@
-From: Matteo Croce <mcroce@redhat.com>
-Date: Sat, 2 Nov 2019 01:12:03 +0100
-Subject: [PATCH] icmp: add helpers to recognize ICMP error packets
-
-Add two helper functions, one for IPv4 and one for IPv6, to recognize
-the ICMP packets which are error responses.
-This packets are special because they have as payload the original
-header of the packet which generated it (RFC 792 says at least 8 bytes,
-but Linux actually includes much more than that).
-
-Signed-off-by: Matteo Croce <mcroce@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-
---- a/include/linux/icmp.h
-+++ b/include/linux/icmp.h
-@@ -24,4 +24,19 @@ static inline struct icmphdr *icmp_hdr(c
- {
- 	return (struct icmphdr *)skb_transport_header(skb);
- }
-+
-+static inline bool icmp_is_err(int type)
-+{
-+	switch (type) {
-+	case ICMP_DEST_UNREACH:
-+	case ICMP_SOURCE_QUENCH:
-+	case ICMP_REDIRECT:
-+	case ICMP_TIME_EXCEEDED:
-+	case ICMP_PARAMETERPROB:
-+		return true;
-+	}
-+
-+	return false;
-+}
-+
- #endif	/* _LINUX_ICMP_H */
---- a/include/linux/icmpv6.h
-+++ b/include/linux/icmpv6.h
-@@ -42,4 +42,18 @@ extern void				icmpv6_flow_init(struct s
- 							 const struct in6_addr *saddr,
- 							 const struct in6_addr *daddr,
- 							 int oif);
-+
-+static inline bool icmpv6_is_err(int type)
-+{
-+	switch (type) {
-+	case ICMPV6_DEST_UNREACH:
-+	case ICMPV6_PKT_TOOBIG:
-+	case ICMPV6_TIME_EXCEED:
-+	case ICMPV6_PARAMPROB:
-+		return true;
-+	}
-+
-+	return false;
-+}
-+
- #endif

feeds/ipq807x/ipq807x/patches/232-tunnels-PMTU-discovery-support-for-directly-bridged-.patch

@@ -1,360 +0,0 @@
-From: Stefano Brivio <sbrivio@redhat.com>
-Date: Tue, 4 Aug 2020 07:53:43 +0200
-Subject: [PATCH] tunnels: PMTU discovery support for directly bridged IP
- packets
-
-It's currently possible to bridge Ethernet tunnels carrying IP
-packets directly to external interfaces without assigning them
-addresses and routes on the bridged network itself: this is the case
-for UDP tunnels bridged with a standard bridge or by Open vSwitch.
-
-PMTU discovery is currently broken with those configurations, because
-the encapsulation effectively decreases the MTU of the link, and
-while we are able to account for this using PMTU discovery on the
-lower layer, we don't have a way to relay ICMP or ICMPv6 messages
-needed by the sender, because we don't have valid routes to it.
-
-On the other hand, as a tunnel endpoint, we can't fragment packets
-as a general approach: this is for instance clearly forbidden for
-VXLAN by RFC 7348, section 4.3:
-
-   VTEPs MUST NOT fragment VXLAN packets.  Intermediate routers may
-   fragment encapsulated VXLAN packets due to the larger frame size.
-   The destination VTEP MAY silently discard such VXLAN fragments.
-
-The same paragraph recommends that the MTU over the physical network
-accomodates for encapsulations, but this isn't a practical option for
-complex topologies, especially for typical Open vSwitch use cases.
-
-Further, it states that:
-
-   Other techniques like Path MTU discovery (see [RFC1191] and
-   [RFC1981]) MAY be used to address this requirement as well.
-
-Now, PMTU discovery already works for routed interfaces, we get
-route exceptions created by the encapsulation device as they receive
-ICMP Fragmentation Needed and ICMPv6 Packet Too Big messages, and
-we already rebuild those messages with the appropriate MTU and route
-them back to the sender.
-
-Add the missing bits for bridged cases:
-
-- checks in skb_tunnel_check_pmtu() to understand if it's appropriate
-  to trigger a reply according to RFC 1122 section 3.2.2 for ICMP and
-  RFC 4443 section 2.4 for ICMPv6. This function is already called by
-  UDP tunnels
-
-- a new function generating those ICMP or ICMPv6 replies. We can't
-  reuse icmp_send() and icmp6_send() as we don't see the sender as a
-  valid destination. This doesn't need to be generic, as we don't
-  cover any other type of ICMP errors given that we only provide an
-  encapsulation function to the sender
-
-While at it, make the MTU check in skb_tunnel_check_pmtu() accurate:
-we might receive GSO buffers here, and the passed headroom already
-includes the inner MAC length, so we don't have to account for it
-a second time (that would imply three MAC headers on the wire, but
-there are just two).
-
-This issue became visible while bridging IPv6 packets with 4500 bytes
-of payload over GENEVE using IPv4 with a PMTU of 4000. Given the 50
-bytes of encapsulation headroom, we would advertise MTU as 3950, and
-we would reject fragmented IPv6 datagrams of 3958 bytes size on the
-wire. We're exclusively dealing with network MTU here, though, so we
-could get Ethernet frames up to 3964 octets in that case.
-
-v2:
-- moved skb_tunnel_check_pmtu() to ip_tunnel_core.c (David Ahern)
-- split IPv4/IPv6 functions (David Ahern)
-
-Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-Reviewed-by: David Ahern <dsahern@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-
---- a/include/net/ip_tunnels.h
-+++ b/include/net/ip_tunnels.h
-@@ -279,6 +279,8 @@ int iptunnel_xmit(struct sock *sk, struc
- 		  u8 tos, u8 ttl, __be16 df, bool xnet);
- struct metadata_dst *iptunnel_metadata_reply(struct metadata_dst *md,
- 					     gfp_t flags);
-+int skb_tunnel_check_pmtu(struct sk_buff *skb, struct dst_entry *encap_dst,
-+			  int headroom, bool reply);
- 
- struct sk_buff *iptunnel_handle_offloads(struct sk_buff *skb, bool gre_csum,
- 					 int gso_type_mask);
---- a/net/ipv4/ip_tunnel_core.c
-+++ b/net/ipv4/ip_tunnel_core.c
-@@ -204,6 +204,252 @@ error:
- }
- EXPORT_SYMBOL_GPL(iptunnel_handle_offloads);
- 
-+/**
-+ * iptunnel_pmtud_build_icmp() - Build ICMP error message for PMTUD
-+ * @skb:	Original packet with L2 header
-+ * @mtu:	MTU value for ICMP error
-+ *
-+ * Return: length on success, negative error code if message couldn't be built.
-+ */
-+static int iptunnel_pmtud_build_icmp(struct sk_buff *skb, int mtu)
-+{
-+	const struct iphdr *iph = ip_hdr(skb);
-+	struct icmphdr *icmph;
-+	struct iphdr *niph;
-+	struct ethhdr eh;
-+	int len, err;
-+
-+	if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct iphdr)))
-+		return -EINVAL;
-+
-+	skb_copy_bits(skb, skb_mac_header(skb) - skb->data, &eh, ETH_HLEN);
-+	pskb_pull(skb, ETH_HLEN);
-+	skb_reset_network_header(skb);
-+
-+	err = pskb_trim(skb, 576 - sizeof(*niph) - sizeof(*icmph));
-+	if (err)
-+		return err;
-+
-+	len = skb->len + sizeof(*icmph);
-+	err = skb_cow(skb, sizeof(*niph) + sizeof(*icmph) + ETH_HLEN);
-+	if (err)
-+		return err;
-+
-+	icmph = (struct icmphdr *)skb_push(skb, sizeof(*icmph));
-+	*icmph = (struct icmphdr) {
-+		.type			= ICMP_DEST_UNREACH,
-+		.code			= ICMP_FRAG_NEEDED,
-+		.checksum		= 0,
-+		.un.frag.__unused	= 0,
-+		.un.frag.mtu		= ntohs(mtu),
-+	};
-+	icmph->checksum = ip_compute_csum(icmph, len);
-+	skb_reset_transport_header(skb);
-+
-+	niph = (struct iphdr *)skb_push(skb, sizeof(*niph));
-+	*niph = (struct iphdr) {
-+		.ihl			= sizeof(*niph) / 4u,
-+		.version 		= 4,
-+		.tos 			= 0,
-+		.tot_len		= htons(len + sizeof(*niph)),
-+		.id			= 0,
-+		.frag_off		= htons(IP_DF),
-+		.ttl			= iph->ttl,
-+		.protocol		= IPPROTO_ICMP,
-+		.saddr			= iph->daddr,
-+		.daddr			= iph->saddr,
-+	};
-+	ip_send_check(niph);
-+	skb_reset_network_header(skb);
-+
-+	skb->ip_summed = CHECKSUM_NONE;
-+
-+	eth_header(skb, skb->dev, htons(eh.h_proto), eh.h_source, eh.h_dest, 0);
-+	skb_reset_mac_header(skb);
-+
-+	return skb->len;
-+}
-+
-+/**
-+ * iptunnel_pmtud_check_icmp() - Trigger ICMP reply if needed and allowed
-+ * @skb:	Buffer being sent by encapsulation, L2 headers expected
-+ * @mtu:	Network MTU for path
-+ *
-+ * Return: 0 for no ICMP reply, length if built, negative value on error.
-+ */
-+static int iptunnel_pmtud_check_icmp(struct sk_buff *skb, int mtu)
-+{
-+	const struct icmphdr *icmph = icmp_hdr(skb);
-+	const struct iphdr *iph = ip_hdr(skb);
-+
-+	if (mtu <= 576 || iph->frag_off != htons(IP_DF))
-+		return 0;
-+
-+	if (ipv4_is_lbcast(iph->daddr)  || ipv4_is_multicast(iph->daddr) ||
-+	    ipv4_is_zeronet(iph->saddr) || ipv4_is_loopback(iph->saddr)  ||
-+	    ipv4_is_lbcast(iph->saddr)  || ipv4_is_multicast(iph->saddr))
-+		return 0;
-+
-+	if (iph->protocol == IPPROTO_ICMP && icmp_is_err(icmph->type))
-+		return 0;
-+
-+	return iptunnel_pmtud_build_icmp(skb, mtu);
-+}
-+
-+#if IS_ENABLED(CONFIG_IPV6)
-+/**
-+ * iptunnel_pmtud_build_icmpv6() - Build ICMPv6 error message for PMTUD
-+ * @skb:	Original packet with L2 header
-+ * @mtu:	MTU value for ICMPv6 error
-+ *
-+ * Return: length on success, negative error code if message couldn't be built.
-+ */
-+static int iptunnel_pmtud_build_icmpv6(struct sk_buff *skb, int mtu)
-+{
-+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
-+	struct icmp6hdr *icmp6h;
-+	struct ipv6hdr *nip6h;
-+	struct ethhdr eh;
-+	int len, err;
-+	__wsum csum;
-+
-+	if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct ipv6hdr)))
-+		return -EINVAL;
-+
-+	skb_copy_bits(skb, skb_mac_header(skb) - skb->data, &eh, ETH_HLEN);
-+	pskb_pull(skb, ETH_HLEN);
-+	skb_reset_network_header(skb);
-+
-+	err = pskb_trim(skb, IPV6_MIN_MTU - sizeof(*nip6h) - sizeof(*icmp6h));
-+	if (err)
-+		return err;
-+
-+	len = skb->len + sizeof(*icmp6h);
-+	err = skb_cow(skb, sizeof(*nip6h) + sizeof(*icmp6h) + ETH_HLEN);
-+	if (err)
-+		return err;
-+
-+	icmp6h = (struct icmp6hdr *)skb_push(skb, sizeof(*icmp6h));
-+	*icmp6h = (struct icmp6hdr) {
-+		.icmp6_type		= ICMPV6_PKT_TOOBIG,
-+		.icmp6_code		= 0,
-+		.icmp6_cksum		= 0,
-+		.icmp6_mtu		= htonl(mtu),
-+	};
-+	skb_reset_transport_header(skb);
-+
-+	nip6h = (struct ipv6hdr *)skb_push(skb, sizeof(*nip6h));
-+	*nip6h = (struct ipv6hdr) {
-+		.priority		= 0,
-+		.version		= 6,
-+		.flow_lbl		= { 0 },
-+		.payload_len		= htons(len),
-+		.nexthdr		= IPPROTO_ICMPV6,
-+		.hop_limit		= ip6h->hop_limit,
-+		.saddr			= ip6h->daddr,
-+		.daddr			= ip6h->saddr,
-+	};
-+	skb_reset_network_header(skb);
-+
-+	csum = csum_partial(icmp6h, len, 0);
-+	icmp6h->icmp6_cksum = csum_ipv6_magic(&nip6h->saddr, &nip6h->daddr, len,
-+					      IPPROTO_ICMPV6, csum);
-+
-+	skb->ip_summed = CHECKSUM_NONE;
-+
-+	eth_header(skb, skb->dev, htons(eh.h_proto), eh.h_source, eh.h_dest, 0);
-+	skb_reset_mac_header(skb);
-+
-+	return skb->len;
-+}
-+
-+/**
-+ * iptunnel_pmtud_check_icmpv6() - Trigger ICMPv6 reply if needed and allowed
-+ * @skb:	Buffer being sent by encapsulation, L2 headers expected
-+ * @mtu:	Network MTU for path
-+ *
-+ * Return: 0 for no ICMPv6 reply, length if built, negative value on error.
-+ */
-+static int iptunnel_pmtud_check_icmpv6(struct sk_buff *skb, int mtu)
-+{
-+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
-+	int stype = ipv6_addr_type(&ip6h->saddr);
-+	u8 proto = ip6h->nexthdr;
-+	__be16 frag_off;
-+	int offset;
-+
-+	if (mtu <= IPV6_MIN_MTU)
-+		return 0;
-+
-+	if (stype == IPV6_ADDR_ANY || stype == IPV6_ADDR_MULTICAST ||
-+	    stype == IPV6_ADDR_LOOPBACK)
-+		return 0;
-+
-+	offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &proto,
-+				  &frag_off);
-+	if (offset < 0 || (frag_off & htons(~0x7)))
-+		return 0;
-+
-+	if (proto == IPPROTO_ICMPV6) {
-+		struct icmp6hdr *icmp6h;
-+
-+		if (!pskb_may_pull(skb, skb_network_header(skb) +
-+					offset + 1 - skb->data))
-+			return 0;
-+
-+		icmp6h = (struct icmp6hdr *)(skb_network_header(skb) + offset);
-+		if (icmpv6_is_err(icmp6h->icmp6_type) ||
-+		    icmp6h->icmp6_type == NDISC_REDIRECT)
-+			return 0;
-+	}
-+
-+	return iptunnel_pmtud_build_icmpv6(skb, mtu);
-+}
-+#endif /* IS_ENABLED(CONFIG_IPV6) */
-+
-+/**
-+ * skb_tunnel_check_pmtu() - Check, update PMTU and trigger ICMP reply as needed
-+ * @skb:	Buffer being sent by encapsulation, L2 headers expected
-+ * @encap_dst:	Destination for tunnel encapsulation (outer IP)
-+ * @headroom:	Encapsulation header size, bytes
-+ * @reply:	Build matching ICMP or ICMPv6 message as a result
-+ *
-+ * L2 tunnel implementations that can carry IP and can be directly bridged
-+ * (currently UDP tunnels) can't always rely on IP forwarding paths to handle
-+ * PMTU discovery. In the bridged case, ICMP or ICMPv6 messages need to be built
-+ * based on payload and sent back by the encapsulation itself.
-+ *
-+ * For routable interfaces, we just need to update the PMTU for the destination.
-+ *
-+ * Return: 0 if ICMP error not needed, length if built, negative value on error
-+ */
-+int skb_tunnel_check_pmtu(struct sk_buff *skb, struct dst_entry *encap_dst,
-+			  int headroom, bool reply)
-+{
-+	struct dst_entry *dst = skb_dst(skb);
-+	u32 mtu = dst_mtu(encap_dst) - headroom;
-+
-+	if ((skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu) ||
-+	    (!skb_is_gso(skb) && (skb->len - skb_mac_header_len(skb)) <= mtu))
-+		return 0;
-+
-+	if (dst && dst->ops->update_pmtu)
-+		dst->ops->update_pmtu(dst, NULL, skb, mtu);
-+
-+	if (!reply || skb->pkt_type == PACKET_HOST)
-+		return 0;
-+
-+	if (skb->protocol == htons(ETH_P_IP))
-+		return iptunnel_pmtud_check_icmp(skb, mtu);
-+
-+#if IS_ENABLED(CONFIG_IPV6)
-+	if (skb->protocol == htons(ETH_P_IPV6))
-+		return iptunnel_pmtud_check_icmpv6(skb, mtu);
-+#endif
-+	return 0;
-+}
-+EXPORT_SYMBOL(skb_tunnel_check_pmtu);
-+
- /* Often modified stats are per cpu, other are shared (netdev->stats) */
- struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev,
- 						struct rtnl_link_stats64 *tot)
---- a/drivers/net/vxlan.c
-+++ b/drivers/net/vxlan.c
-@@ -2076,6 +2076,8 @@ static void vxlan_xmit_one(struct sk_buf
- 		/* Reset the skb_iif to Tunnels interface index */
- 		skb->skb_iif = dev->ifindex;
- 
-+		skb_tunnel_check_pmtu(skb, &rt->dst, VXLAN_HEADROOM, false);
-+
- 		tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
- 		ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
- 		err = vxlan_xmit_skb(rt, sk, skb, fl4.saddr,
-@@ -2141,6 +2143,8 @@ static void vxlan_xmit_one(struct sk_buf
- 				flags |= VXLAN_F_UDP_ZERO_CSUM6_TX;
- 		}
- 
-+		skb_tunnel_check_pmtu(skb, ndst, VXLAN6_HEADROOM, false);
-+
- 		ttl = ttl ? : ip6_dst_hoplimit(ndst);
- 		err = vxlan6_xmit_skb(ndst, sk, skb, dev, &saddr, &dst->sin6.sin6_addr,
- 				      0, ttl, src_port, dst_port, htonl(vni << 8), md,

feeds/ipq807x/ipq807x/patches/233-vxlan-simplify-RTF_LOCAL-handling.patch

@@ -1,114 +0,0 @@
-From: pravin shelar <pshelar@ovn.org>
-Date: Sun, 13 Nov 2016 20:43:56 -0800
-Subject: [PATCH] vxlan: simplify RTF_LOCAL handling.
-
-Avoid code duplicate code for handling RTF_LOCAL routes.
-
-Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
-Acked-by: Jiri Benc <jbenc@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-
---- a/drivers/net/vxlan.c
-+++ b/drivers/net/vxlan.c
-@@ -1946,6 +1946,40 @@ static void vxlan_encap_bypass(struct sk
- 	}
- }
- 
-+static int encap_bypass_if_local(struct sk_buff *skb, struct net_device *dev,
-+				 struct vxlan_dev *vxlan, union vxlan_addr *daddr,
-+				 __be32 dst_port, __be32 vni, struct dst_entry *dst,
-+				 u32 rt_flags)
-+{
-+#if IS_ENABLED(CONFIG_IPV6)
-+	/* IPv6 rt-flags are checked against RTF_LOCAL, but the value of
-+	 * RTF_LOCAL is equal to RTCF_LOCAL. So to keep code simple
-+	 * we can use RTCF_LOCAL which works for ipv4 and ipv6 route entry.
-+	 */
-+	BUILD_BUG_ON(RTCF_LOCAL != RTF_LOCAL);
-+#endif
-+	/* Bypass encapsulation if the destination is local */
-+	if (rt_flags & RTCF_LOCAL &&
-+	    !(rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
-+		struct vxlan_dev *dst_vxlan;
-+
-+		dst_release(dst);
-+		dst_vxlan = vxlan_find_vni(vxlan->net, vni,
-+					   daddr->sa.sa_family, dst_port,
-+					   vxlan->flags);
-+		if (!dst_vxlan) {
-+			dev->stats.tx_errors++;
-+			kfree_skb(skb);
-+
-+			return -ENOENT;
-+		}
-+		vxlan_encap_bypass(skb, vxlan, dst_vxlan);
-+		return 1;
-+	}
-+
-+	return 0;
-+}
-+
- static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
- 			   struct vxlan_rdst *rdst, bool did_rsc)
- {
-@@ -2059,18 +2093,12 @@ static void vxlan_xmit_one(struct sk_buf
- 		}
- 
- 		/* Bypass encapsulation if the destination is local */
--		if (rt->rt_flags & RTCF_LOCAL &&
--		    !(rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
--			struct vxlan_dev *dst_vxlan;
--
--			ip_rt_put(rt);
--			dst_vxlan = vxlan_find_vni(vxlan->net, vni,
--						   dst->sa.sa_family, dst_port,
--						   vxlan->flags);
--			if (!dst_vxlan)
--				goto tx_error;
--			vxlan_encap_bypass(skb, vxlan, dst_vxlan);
--			return;
-+		if (!info) {
-+			err = encap_bypass_if_local(skb, dev, vxlan, dst,
-+						    dst_port, vni, &rt->dst,
-+						    rt->rt_flags);
-+			if (err)
-+				return;
- 		}
- 
- 		/* Reset the skb_iif to Tunnels interface index */
-@@ -2096,7 +2124,6 @@ static void vxlan_xmit_one(struct sk_buf
- 	} else {
- 		struct dst_entry *ndst;
- 		struct in6_addr saddr;
--		u32 rt6i_flags;
- 
- 		if (!vxlan->vn6_sock)
- 			goto drop;
-@@ -2121,19 +2148,14 @@ static void vxlan_xmit_one(struct sk_buf
- 		}
- 
- 		/* Bypass encapsulation if the destination is local */
--		rt6i_flags = ((struct rt6_info *)ndst)->rt6i_flags;
--		if (rt6i_flags & RTF_LOCAL &&
--		    !(rt6i_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
--			struct vxlan_dev *dst_vxlan;
-+		if (!info) {
-+			u32 rt6i_flags = ((struct rt6_info *)ndst)->rt6i_flags;
- 
--			dst_release(ndst);
--			dst_vxlan = vxlan_find_vni(vxlan->net, vni,
--						   dst->sa.sa_family, dst_port,
--						   vxlan->flags);
--			if (!dst_vxlan)
--				goto tx_error;
--			vxlan_encap_bypass(skb, vxlan, dst_vxlan);
--			return;
-+			err = encap_bypass_if_local(skb, dev, vxlan, dst,
-+						    dst_port, vni, ndst,
-+						    rt6i_flags);
-+			if (err)
-+				return;
- 		}
- 
- 		if (info) {

feeds/ipq807x/ipq807x/patches/234-vxlan-Support-for-PMTU-discovery-on-directly-bridged.patch

@@ -1,140 +0,0 @@
-From: Stefano Brivio <sbrivio@redhat.com>
-Date: Tue, 4 Aug 2020 07:53:44 +0200
-Subject: [PATCH] vxlan: Support for PMTU discovery on directly bridged links
-
-If the interface is a bridge or Open vSwitch port, and we can't
-forward a packet because it exceeds the local PMTU estimate,
-trigger an ICMP or ICMPv6 reply to the sender, using the same
-interface to forward it back.
-
-If metadata collection is enabled, reverse destination and source
-addresses, so that Open vSwitch is able to match this packet against
-the existing, reverse flow.
-
-v2: Use netif_is_any_bridge_port() (David Ahern)
-
-Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-
---- a/drivers/net/vxlan.c
-+++ b/drivers/net/vxlan.c
-@@ -1903,7 +1903,7 @@ static struct dst_entry *vxlan6_get_rout
- 
- /* Bypass encapsulation if the destination is local */
- static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
--			       struct vxlan_dev *dst_vxlan)
-+			       struct vxlan_dev *dst_vxlan, bool snoop)
- {
- 	struct pcpu_sw_netstats *tx_stats, *rx_stats;
- 	union vxlan_addr loopback;
-@@ -1928,7 +1928,7 @@ static void vxlan_encap_bypass(struct sk
- #endif
- 	}
- 
--	if (dst_vxlan->flags & VXLAN_F_LEARN)
-+	if ((dst_vxlan->flags & VXLAN_F_LEARN) && snoop)
- 		vxlan_snoop(skb->dev, &loopback, eth_hdr(skb)->h_source);
- 
- 	u64_stats_update_begin(&tx_stats->syncp);
-@@ -1973,7 +1973,7 @@ static int encap_bypass_if_local(struct
- 
- 			return -ENOENT;
- 		}
--		vxlan_encap_bypass(skb, vxlan, dst_vxlan);
-+		vxlan_encap_bypass(skb, vxlan, dst_vxlan, true);
- 		return 1;
- 	}
- 
-@@ -1990,7 +1990,7 @@ static void vxlan_xmit_one(struct sk_buf
- 	const struct iphdr *old_iph;
- 	struct flowi4 fl4;
- 	union vxlan_addr *dst;
--	union vxlan_addr remote_ip;
-+	union vxlan_addr remote_ip, local_ip;
- 	struct vxlan_metadata _md;
- 	struct vxlan_metadata *md = &_md;
- 	__be16 src_port = 0, dst_port;
-@@ -2006,6 +2006,7 @@ static void vxlan_xmit_one(struct sk_buf
- 		dst_port = rdst->remote_port ? rdst->remote_port : vxlan->cfg.dst_port;
- 		vni = rdst->remote_vni;
- 		dst = &rdst->remote_ip;
-+		local_ip = vxlan->cfg.saddr;
- 	} else {
- 		if (!info) {
- 			WARN_ONCE(1, "%s: Missing encapsulation instructions\n",
-@@ -2015,17 +2016,20 @@ static void vxlan_xmit_one(struct sk_buf
- 		dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
- 		vni = be64_to_cpu(info->key.tun_id);
- 		remote_ip.sa.sa_family = ip_tunnel_info_af(info);
--		if (remote_ip.sa.sa_family == AF_INET)
-+		if (remote_ip.sa.sa_family == AF_INET) {
- 			remote_ip.sin.sin_addr.s_addr = info->key.u.ipv4.dst;
--		else
-+			local_ip.sin.sin_addr.s_addr = info->key.u.ipv4.src;
-+		} else {
- 			remote_ip.sin6.sin6_addr = info->key.u.ipv6.dst;
-+			local_ip.sin6.sin6_addr = info->key.u.ipv6.src;
-+		}
- 		dst = &remote_ip;
- 	}
- 
- 	if (vxlan_addr_any(dst)) {
- 		if (did_rsc) {
- 			/* short-circuited back to local bridge */
--			vxlan_encap_bypass(skb, vxlan, vxlan);
-+			vxlan_encap_bypass(skb, vxlan, vxlan, true);
- 			return;
- 		}
- 		goto drop;
-@@ -2104,7 +2108,23 @@ static void vxlan_xmit_one(struct sk_buf
- 		/* Reset the skb_iif to Tunnels interface index */
- 		skb->skb_iif = dev->ifindex;
- 
--		skb_tunnel_check_pmtu(skb, &rt->dst, VXLAN_HEADROOM, false);
-+		err = skb_tunnel_check_pmtu(skb, &rt->dst, VXLAN_HEADROOM,
-+					    netif_is_any_bridge_port(dev));
-+		if (err < 0) {
-+			goto tx_error;
-+		} else if (err) {
-+			if (info) {
-+				struct in_addr src, dst;
-+
-+				src = remote_ip.sin.sin_addr;
-+				dst = local_ip.sin.sin_addr;
-+				info->key.u.ipv4.src = src.s_addr;
-+				info->key.u.ipv4.dst = dst.s_addr;
-+			}
-+			vxlan_encap_bypass(skb, vxlan, vxlan, false);
-+			ip_rt_put(rt);
-+			return;
-+		}
- 
- 		tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
- 		ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
-@@ -2165,7 +2185,24 @@ static void vxlan_xmit_one(struct sk_buf
- 				flags |= VXLAN_F_UDP_ZERO_CSUM6_TX;
- 		}
- 
--		skb_tunnel_check_pmtu(skb, ndst, VXLAN6_HEADROOM, false);
-+		err = skb_tunnel_check_pmtu(skb, ndst, VXLAN6_HEADROOM,
-+					    netif_is_any_bridge_port(dev));
-+		if (err < 0) {
-+			goto tx_error;
-+		} else if (err) {
-+			if (info) {
-+				struct in6_addr src, dst;
-+
-+				src = remote_ip.sin6.sin6_addr;
-+				dst = local_ip.sin6.sin6_addr;
-+				info->key.u.ipv6.src = src;
-+				info->key.u.ipv6.dst = dst;
-+			}
-+
-+			vxlan_encap_bypass(skb, vxlan, vxlan, false);
-+			ip_rt_put(rt);
-+			return;
-+		}
- 
- 		ttl = ttl ? : ip6_dst_hoplimit(ndst);
- 		err = vxlan6_xmit_skb(ndst, sk, skb, dev, &saddr, &dst->sin6.sin6_addr,

feeds/ipq807x/ipq807x/patches/235-generic-Fix-per-interface-nf_call_iptables-setting.patch

@@ -1,234 +0,0 @@
-From: Sven Eckelmann <sven@open-mesh.com>
-Date: Wed, 2 Sep 2015 19:47:43 +0200
-Subject: generic: Fix per interface nf_call_iptables setting
-
-commit r30917 ("kernel: bypass all netfilter hooks if the sysctls for that
-functionality have been disabled - eliminates the overhead of enabling
-CONFIG_BRIDGE_NETFILTER in the kernel config") introduced an optimization
-which should reduce/eliminate the overhead for traffic send over bridges on
-kernels compiled with CONFIG_BRIDGE_NETFILTER=y. But this optimization
-breaks the nf_call_iptables per bridge setting which is more fine grained
-than the global sysctl net.bridge.bridge-nf-call-iptables setting.
-
-A test reflecting a real world setup was created to identify if this really
-eliminates the overhead and if per-bridge nf_call_iptables could be used in
-some setups to increase the throughput. A Qualcomm Atheros QCA9558 based
-system with one ethernet and an ath9k wifi 3x3 in HT40 mode was used.
-Cables from the AP to the wifi station were used to reduce interference
-problems during the tests.
-
-The wlan interface was put in one bridge interface called br-wlan. This
-bridge usually contains some more wlan interfaces. The eth0 was put in a
-second bridge called br-lan. This usually contains some other privileged
-wlan or mesh interfaces. Routing was added between br-lan and br-wlan.
-
-Three kernels were tested:
-
- * (default) OpenWrt kernel for this device
- * (brfilter-global) OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y
- * (brfilter-local)  OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y and
-    without 644-bridge_optimize_netfilter_hooks.patch
-
-The changes to the the netfilter settings of the bridge were done via:
-
- * (brfilter-global) /sbin/sysctl -w net.bridge.bridge-nf-call-iptables=1
- * (brfilter-lobal) echo 1 > /sys/class/net/br-lan/bridge/nf_call_iptables
-   and/or echo 1 > /sys/class/net/br-wan/bridge/nf_call_iptables
-
-A station connected to the wlan0 (AP) interface was used to send traffic to
-a PC connected via ethernet. iperf with 3 concurrent transmissions was used
-to generate the traffic.
-
-| kernel          | br-nf-* global | nf-call* iface | download | upload   |
-|-----------------|----------------|----------------|----------|----------|
-| default         | 0              | -              |      209 |      268 |
-| brfilter-global | 0              | -              |      185 |      243 |
-| brfilter-local  | 0              | -              |      187 |      243 |
-| brfilter-local  | 0              | br-lan         |      157 |      226 |
-| brfilter-local  | 0              | br-lan br-wlan |      139 |      161 |
-| brfilter-global | 1              | -              |      136 |      162 |
-
-Download/upload results in Mibit/s
-
-It can be seen that the patch doesn't eliminate the overhead. It can also
-be seen that the throughput of brfilter-global and brfilter-local with
-disabled filtering is the roughly the same. Also the throughput for
-brfilter-global and brfilter-local for enabled filtering on all bridges is
-roughly the same.
-
-But also the brfilter-local throughput is higher when only br-lan requires
-the filtering. This setting would not be possible with
-644-bridge_optimize_netfilter_hooks.patch applied and thus can only be
-compared with brfilter-global and filtering enabled for all interfaces.
-
-Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
-
-Forwarded: https://patchwork.ozlabs.org/patch/513592/
-Applied-Upstream: https://dev.openwrt.org/changeset/46835
-
---- a/net/bridge/br_forward.c
-+++ b/net/bridge/br_forward.c
-@@ -69,7 +69,7 @@ EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit
- 
- int br_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
- {
--	return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING,
-+	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING,
- 		       net, sk, skb, NULL, skb->dev,
- 		       br_dev_queue_push_xmit);
- 
-@@ -97,7 +97,7 @@ static void __br_deliver(const struct ne
- 		return;
- 	}
- 
--	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
-+	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
- 		dev_net(skb->dev), NULL, skb,NULL, skb->dev,
- 		br_forward_finish);
- }
-@@ -121,7 +121,7 @@ static void __br_forward(const struct ne
- 	skb->dev = to->dev;
- 	skb_forward_csum(skb);
- 
--	BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD,
-+	NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD,
- 		dev_net(indev), NULL, skb, indev, skb->dev,
- 		br_forward_finish);
- }
---- a/net/bridge/br_input.c
-+++ b/net/bridge/br_input.c
-@@ -70,7 +70,7 @@ int br_pass_frame_up(struct sk_buff *skb
- 	if (!skb)
- 		return NET_RX_DROP;
- 
--	return BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
-+	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
- 		       dev_net(indev), NULL, skb, indev, NULL,
- 		       br_netif_receive_skb);
- }
-@@ -320,7 +320,7 @@ rx_handler_result_t br_handle_frame(stru
- 		}
- 
- 		/* Deliver packet to local host only */
--		if (BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
-+		if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
- 			    dev_net(skb->dev), NULL, skb, skb->dev, NULL,
- 			    br_handle_local_finish)) {
- 			return RX_HANDLER_CONSUMED; /* consumed by filter */
-@@ -337,7 +337,7 @@ forward:
- 			if (ether_addr_equal(p->br->dev->dev_addr, dest))
- 				skb->pkt_type = PACKET_HOST;
- 
--			if (BR_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, dev_net(skb->dev), NULL,
-+			if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, dev_net(skb->dev), NULL,
- 				skb, skb->dev, NULL, br_handle_local_finish))
- 				break;
- 
-@@ -361,7 +361,7 @@ forward:
- 		if (ether_addr_equal(p->br->dev->dev_addr, dest))
- 			skb->pkt_type = PACKET_HOST;
- 
--		BR_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING,
-+		NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING,
- 			dev_net(skb->dev), NULL, skb, skb->dev, NULL,
- 			br_handle_frame_finish);
- 		break;
---- a/net/bridge/br_multicast.c
-+++ b/net/bridge/br_multicast.c
-@@ -856,7 +856,7 @@ static void __br_multicast_send_query(st
- 
- 	if (port) {
- 		skb->dev = port->dev;
--		BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
-+		NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
- 			dev_net(port->dev), NULL, skb, NULL, skb->dev,
- 			br_dev_queue_push_xmit);
- 	} else {
---- a/net/bridge/br_netfilter_hooks.c
-+++ b/net/bridge/br_netfilter_hooks.c
-@@ -72,15 +72,6 @@ static int brnf_pass_vlan_indev __read_m
- #define IS_ARP(skb) \
- 	(!skb_vlan_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
- 
--int brnf_call_ebtables __read_mostly;
--EXPORT_SYMBOL_GPL(brnf_call_ebtables);
--
--bool br_netfilter_run_hooks(void)
--{
--	return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables |
--		brnf_call_ebtables | brnf_call_custom;
--}
--
- static inline __be16 vlan_proto(const struct sk_buff *skb)
- {
- 	if (skb_vlan_tag_present(skb))
---- a/net/bridge/br_private.h
-+++ b/net/bridge/br_private.h
-@@ -909,29 +909,15 @@ extern const struct nf_br_ops __rcu *nf_
- 
- /* br_netfilter.c */
- #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
--extern int brnf_call_ebtables;
- int br_nf_core_init(void);
- void br_nf_core_fini(void);
- void br_netfilter_rtable_init(struct net_bridge *);
--bool br_netfilter_run_hooks(void);
- #else
- static inline int br_nf_core_init(void) { return 0; }
- static inline void br_nf_core_fini(void) {}
- #define br_netfilter_rtable_init(x)
--#define br_netfilter_run_hooks()	false
- #endif
- 
--static inline int
--BR_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
--	struct sk_buff *skb, struct net_device *in, struct net_device *out,
--	int (*okfn)(struct net *, struct sock *, struct sk_buff *))
--{
--	if (!br_netfilter_run_hooks())
--		return okfn(net, sk, skb);
--
--	return NF_HOOK(pf, hook, net, sk, skb, in, out, okfn);
--}
--
- /* br_stp.c */
- void br_log_state(const struct net_bridge_port *p);
- void br_set_state(struct net_bridge_port *p, unsigned int state);
---- a/net/bridge/br_stp_bpdu.c
-+++ b/net/bridge/br_stp_bpdu.c
-@@ -60,7 +60,7 @@ static void br_send_bpdu(struct net_brid
- 
- 	skb_reset_mac_header(skb);
- 
--	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
-+	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT,
- 		dev_net(p->dev), NULL, skb, NULL, skb->dev,
- 		br_send_bpdu_finish);
- }
---- a/net/bridge/netfilter/ebtables.c
-+++ b/net/bridge/netfilter/ebtables.c
-@@ -2416,13 +2416,11 @@ static int __init ebtables_init(void)
- 	}
- 
- 	printk(KERN_INFO "Ebtables v2.0 registered\n");
--	brnf_call_ebtables = 1;
- 	return 0;
- }
- 
- static void __exit ebtables_fini(void)
- {
--	brnf_call_ebtables = 0;
- 	nf_unregister_sockopt(&ebt_sockopts);
- 	xt_unregister_target(&ebt_standard_target);
- 	printk(KERN_INFO "Ebtables v2.0 unregistered\n");
---- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
-+++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
-@@ -310,7 +310,7 @@ nf_nat_ipv4_fn(void *priv, struct sk_buf
- 		 * nf_bridge will be set and nf_bridge->physoutdev is not null,
- 		 * We can assume that it is not expecting NAT operation.
- 		 *
--		 * when BR_HOOK is enabled, multicast packets will reach
-+		 * when NF_HOOK is enabled, multicast packets will reach
- 		 * postrouting twice,the first time is when it is forwarded
- 		 * between ports of a bridge, the second time is that it is
- 		 * forwarded to upstream port.

feeds/ipq807x/xtables-addons/Makefile

@@ -1,179 +0,0 @@
-#
-# Copyright (C) 2009-2013 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=xtables-addons
-PKG_VERSION:=2.14
-PKG_RELEASE:=8
-PKG_HASH:=d215a9a8b8e66aae04b982fa2e1228e8a71e7dfe42320df99e34e5000cbdf152
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=@SF/xtables-addons
-PKG_BUILD_DEPENDS:=iptables
-PKG_INSTALL:=1
-PKG_BUILD_PARALLEL:=1
-PKG_CHECK_FORMAT_SECURITY:=0
-
-PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
-PKG_LICENSE:=GPL-2.0
-
-PKG_FIXUP:=autoreconf
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/xtables-addons
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=Firewall
-  TITLE:=Extensions not distributed in the main Xtables
-  URL:=http://xtables-addons.sourceforge.net/
-endef
-
-# uses GNU configure
-
-CONFIGURE_ARGS+= \
-	--with-kbuild="$(LINUX_DIR)" \
-	--with-xtlibdir="/usr/lib/iptables"
-
-ifdef CONFIG_EXTERNAL_TOOLCHAIN
-MAKE_FLAGS:= \
-	$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
-	DEPMOD="/bin/true"
-
-MAKE_INSTALL_FLAGS:= \
-	$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
-	DEPMOD="/bin/true"
-else
-define Build/Compile
-	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
-		$(KERNEL_MAKE_FLAGS) \
-		DESTDIR="$(PKG_INSTALL_DIR)" \
-		DEPMOD="/bin/true" \
-		all
-endef
-
-define Build/Install
-	$(MAKE) -C $(PKG_BUILD_DIR) \
-		$(KERNEL_MAKE_FLAGS) \
-		DESTDIR="$(PKG_INSTALL_DIR)" \
-		DEPMOD="/bin/true" \
-		install
-endef
-endif
-
-# 1: extension/module suffix used in package name
-# 2: extension/module display name used in package title/description
-# 3: list of extensions to package
-# 4: list of modules to package
-# 5: module load priority
-# 6: module depends
-define BuildTemplate
-
- ifneq ($(3),)
-  define Package/iptables-mod-$(1)
-    $$(call Package/xtables-addons)
-    CATEGORY:=Network
-    TITLE:=$(2) iptables extension
-    DEPENDS:=iptables $(if $(4),+kmod-ipt-$(1))
-  endef
-
-  define Package/iptables-mod-$(1)/install
-	$(INSTALL_DIR) $$(1)/usr/lib/iptables
-	for m in $(3); do \
-		$(CP) \
-			$(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so \
-			$$(1)/usr/lib/iptables/ ; \
-	done
-  endef
-
-  $$(eval $$(call BuildPackage,iptables-mod-$(1)))
- endif
-
- ifneq ($(4),)
-  define KernelPackage/ipt-$(1)
-    SUBMENU:=Netfilter Extensions
-    TITLE:=$(2) netfilter module
-    DEPENDS:=+kmod-ipt-core $(5)
-    FILES:=$(foreach mod,$(4),$(PKG_BUILD_DIR)/extensions/$(mod).$(LINUX_KMOD_SUFFIX))
-    AUTOLOAD:=$(call AutoProbe,$(notdir $(4)))
-  endef
-
-  $$(eval $$(call KernelPackage,ipt-$(1)))
- endif
-
-endef
-
-
-define Package/iptaccount
-  $(call Package/xtables-addons)
-  CATEGORY:=Network
-  TITLE:=iptables-mod-account control utility
-  DEPENDS:=iptables +iptables-mod-account
-endef
-
-define Package/iptaccount/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/libxt_ACCOUNT_cl.so* \
-		$(1)/usr/lib/
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/sbin/iptaccount \
-		$(1)/usr/sbin/
-endef
-
-
-define Package/iptgeoip
-  $(call Package/xtables-addons)
-  CATEGORY:=Network
-  TITLE:=iptables-mod-geoip support scripts for MaxMind GeoIP databases
-  # we could also use wget-nossl but that's more complicated than our
-  # syntax of dependencies permits...
-  DEPENDS:=iptables +iptables-mod-geoip \
-		+perl +perlbase-getopt +perlbase-io +perl-text-csv_xs \
-		+!BUSYBOX_CONFIG_WGET:wget +!BUSYBOX_CONFIG_GZIP:gzip +!BUSYBOX_CONFIG_UNZIP:unzip
-endef
-
-define Package/iptgeoip/install
-	$(INSTALL_DIR) $(1)/usr/lib/xtables-addons
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/xtables-addons/xt_geoip_{build,dl} \
-		$(1)/usr/lib/xtables-addons/
-	$(INSTALL_DIR) $(1)/usr/share/xt_geoip
-endef
-
-
-#$(eval $(call BuildTemplate,SUFFIX,DESCRIPTION,EXTENSION,MODULE,PRIORITY,DEPENDS))
-
-$(eval $(call BuildTemplate,compat-xtables,API compatibilty layer,,compat_xtables,+IPV6:kmod-ip6tables))
-$(eval $(call BuildTemplate,nathelper-rtsp,RTSP Conntrack and NAT,,rtsp/nf_conntrack_rtsp rtsp/nf_nat_rtsp,+kmod-ipt-conntrack-extra +kmod-ipt-nat))
-
-$(eval $(call BuildTemplate,account,ACCOUNT,xt_ACCOUNT,ACCOUNT/xt_ACCOUNT,+kmod-ipt-compat-xtables))
-$(eval $(call BuildTemplate,chaos,CHAOS,xt_CHAOS,xt_CHAOS,+kmod-ipt-compat-xtables +kmod-ipt-delude +kmod-ipt-tarpit))
-$(eval $(call BuildTemplate,condition,Condition,xt_condition,xt_condition,))
-$(eval $(call BuildTemplate,delude,DELUDE,xt_DELUDE,xt_DELUDE,+kmod-ipt-compat-xtables))
-$(eval $(call BuildTemplate,dhcpmac,DHCPMAC,xt_DHCPMAC,xt_DHCPMAC,+kmod-ipt-compat-xtables))
-$(eval $(call BuildTemplate,dnetmap,DNETMAP,xt_DNETMAP,xt_DNETMAP,+kmod-ipt-compat-xtables +kmod-ipt-nat))
-$(eval $(call BuildTemplate,fuzzy,fuzzy,xt_fuzzy,xt_fuzzy,))
-$(eval $(call BuildTemplate,geoip,geoip,xt_geoip,xt_geoip,))
-$(eval $(call BuildTemplate,iface,iface,xt_iface,xt_iface,))
-$(eval $(call BuildTemplate,ipmark,IPMARK,xt_IPMARK,xt_IPMARK,+kmod-ipt-compat-xtables))
-$(eval $(call BuildTemplate,ipp2p,IPP2P,xt_ipp2p,xt_ipp2p,+kmod-ipt-compat-xtables))
-$(eval $(call BuildTemplate,ipv4options,ipv4options,xt_ipv4options,xt_ipv4options,))
-$(eval $(call BuildTemplate,length2,length2,xt_length2,xt_length2,+kmod-ipt-compat-xtables))
-$(eval $(call BuildTemplate,logmark,LOGMARK,xt_LOGMARK,xt_LOGMARK,+kmod-ipt-compat-xtables))
-$(eval $(call BuildTemplate,lscan,lscan,xt_lscan,xt_lscan,))
-$(eval $(call BuildTemplate,lua,Lua PacketScript,xt_LUA,LUA/xt_LUA,+kmod-ipt-conntrack-extra))
-$(eval $(call BuildTemplate,psd,psd,xt_psd,xt_psd,))
-$(eval $(call BuildTemplate,quota2,quota2,xt_quota2,xt_quota2,))
-$(eval $(call BuildTemplate,sysrq,SYSRQ,xt_SYSRQ,xt_SYSRQ,+kmod-ipt-compat-xtables +kmod-crypto-hash))
-$(eval $(call BuildTemplate,tarpit,TARPIT,xt_TARPIT,xt_TARPIT,+kmod-ipt-compat-xtables))
-
-$(eval $(call BuildPackage,iptaccount))
-$(eval $(call BuildPackage,iptgeoip))

feeds/ipq807x/xtables-addons/patches/001-fix-kernel-version-detection.patch

@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -44,7 +44,7 @@ regular_CFLAGS="-Wall -Waggregate-return
- 
- if test -n "$kbuilddir"; then
- 	AC_MSG_CHECKING([kernel version that we will build against])
--	krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
-+	krel="$(make -sC "$kbuilddir" M=$PWD kernelversion | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
- 	save_IFS="$IFS"
- 	IFS='.'
- 	set x $krel

feeds/ipq807x/xtables-addons/patches/002-build-support-for-Linux-4.15.patch

@@ -1,50 +0,0 @@
-From 2b76b68c65c97fc11409088c3c30993324df8500 Mon Sep 17 00:00:00 2001
-From: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
-Date: Thu, 4 Jan 2018 18:50:50 +0100
-Subject: [PATCH] build: support for Linux 4.15
-
-Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
----
- extensions/pknock/xt_pknock.c | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
-index 6fbdea4..31d4bc8 100644
---- a/extensions/pknock/xt_pknock.c
-+++ b/extensions/pknock/xt_pknock.c
-@@ -358,10 +358,20 @@ has_logged_during_this_minute(const struct peer *peer)
-  * @r: rule
-  */
- static void
--peer_gc(unsigned long r)
-+peer_gc(
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
-+	struct timer_list *tl
-+#else
-+	unsigned long r
-+#endif
-+)
- {
- 	unsigned int i;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
-+	struct xt_pknock_rule *rule = from_timer(rule, tl, timer);
-+#else
- 	struct xt_pknock_rule *rule = (struct xt_pknock_rule *)r;
-+#endif
- 	struct peer *peer;
- 	struct list_head *pos, *n;
- 
-@@ -469,9 +479,13 @@ add_rule(struct xt_pknock_mtinfo *info)
- 	if (rule->peer_head == NULL)
- 		goto out;
- 
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
-+	timer_setup(&rule->timer, peer_gc, 0);
-+#else
- 	init_timer(&rule->timer);
- 	rule->timer.function	= peer_gc;
- 	rule->timer.data	= (unsigned long)rule;
-+#endif
- 
- 	rule->status_proc = proc_create_data(info->rule_name, 0, pde,
- 	                    &pknock_proc_ops, rule);

feeds/ipq807x/xtables-addons/patches/003-build-add-support-for-Linux-4.18.patch

@@ -1,25 +0,0 @@
-From 3ea761a1ed338241fbc79bef8e433307e108b6cd Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Tue, 14 Aug 2018 14:29:30 +0200
-Subject: [PATCH] build: add support for Linux 4.18
-
----
- extensions/xt_DNETMAP.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/extensions/xt_DNETMAP.c b/extensions/xt_DNETMAP.c
-index 1b415c3..de7d4ec 100644
---- a/extensions/xt_DNETMAP.c
-+++ b/extensions/xt_DNETMAP.c
-@@ -367,7 +367,11 @@ dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
- 	__be32 prenat_ip, postnat_ip, prenat_ip_prev;
- 	const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
- 	const struct nf_nat_range *mr = &tginfo->prefix;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 18, 0)
-+	struct nf_nat_range2 newrange;
-+#else
- 	struct nf_nat_range newrange;
-+#endif
- 	struct dnetmap_entry *e;
- 	struct dnetmap_prefix *p;
- 	__s32 jttl;

feeds/ipq807x/xtables-addons/patches/201-fix-lua-packetscript.patch

@@ -1,127 +0,0 @@
---- a/extensions/LUA/xt_LUA_target.c
-+++ b/extensions/LUA/xt_LUA_target.c
-@@ -19,7 +19,7 @@
- #include <linux/kernel.h>
- #include <linux/slab.h>
- #include <linux/module.h>
--#include <asm/uaccess.h>
-+#include <linux/uaccess.h>
- #include <net/ip.h>
- #include <linux/netfilter/x_tables.h>
- #include "xt_LUA.h"
-@@ -64,10 +64,10 @@ uint32_t  lua_state_refs[LUA_STATE_ARRAY
-  * XT_CONTINUE inside the *register_lua_packet_lib* function.
-  */
- 
--spinlock_t lock = SPIN_LOCK_UNLOCKED;
-+DEFINE_SPINLOCK(lock);
- 
- static uint32_t 
--lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
-+lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
- {
- 	uint32_t  verdict;
- 	lua_packet_segment *p;
-@@ -88,11 +88,11 @@ lua_tg(struct sk_buff *pskb, const struc
- 	/* push the lua_packet_segment as a parameter */
- 	p = (lua_packet_segment *)lua_newuserdata(L, sizeof(lua_packet_segment));
- 	if (pskb->mac_header)
--		p->start = pskb->mac_header;
-+		p->start = skb_mac_header(pskb);
- 	else if (pskb->network_header)
--		p->start = pskb->network_header;
-+		p->start = skb_network_header(pskb);
- 	else if (pskb->transport_header)
--		p->start = pskb->transport_header;
-+		p->start = skb_transport_header(pskb);
- 	p->offset = 0;
- 	p->length = (unsigned long)pskb->tail - (unsigned long)p->start;
- 	p->changes = NULL;
-@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
-  * some workqueue initialization. So far this is done each time this function
-  * is called, subject to change.
-  */
--static bool
-+static int
- lua_tg_checkentry(const struct xt_tgchk_param *par)
- {
- 	const struct xt_lua_tginfo *info = par->targinfo;
- 
- 	if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
- 		lua_state_refs[info->state_id]++;
--		return true;
-+		return 0;
- 	}
--	return false;
-+	return -EINVAL;
- }
- 
- /*::*
---- a/extensions/LUA/lua/llimits.h
-+++ b/extensions/LUA/lua/llimits.h
-@@ -8,7 +8,6 @@
- #define llimits_h
- 
- #include <stddef.h>
--#include <limits.h>
- 
- #include "lua.h"
- 
---- a/extensions/LUA/lua/lapi.c
-+++ b/extensions/LUA/lua/lapi.c
-@@ -4,9 +4,6 @@
- ** See Copyright Notice in lua.h
- */
- 
--#include <stdarg.h>
--#include <math.h>
--#include <assert.h>
- #include <string.h>
- 
- #define lapi_c
---- a/extensions/LUA/lua/ltable.c
-+++ b/extensions/LUA/lua/ltable.c
-@@ -18,7 +18,6 @@
- ** Hence even when the load factor reaches 100%, performance remains good.
- */
- 
--#include <math.h>
- #include <string.h>
- 
- #define ltable_c
---- a/extensions/LUA/lua/luaconf.h
-+++ b/extensions/LUA/lua/luaconf.h
-@@ -13,8 +13,12 @@
- #if !defined(__KERNEL__)
- #include <limits.h>
- #else
-+#include <linux/kernel.h>
-+
-+#undef UCHAR_MAX
-+#undef BUFSIZ
-+#undef NO_FPU
- #define UCHAR_MAX	255
--#define SHRT_MAX        32767
- #define BUFSIZ 		8192
- #define NO_FPU
- #endif
-@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l;
- */
- #if defined(__KERNEL__)
- #undef LUA_USE_ULONGJMP
-+#define setjmp __builtin_setjmp
-+#define longjmp __builtin_longjmp
- #endif
- 
- #if defined(__cplusplus)
---- a/extensions/LUA/lua/llex.h
-+++ b/extensions/LUA/lua/llex.h
-@@ -10,6 +10,8 @@
- #include "lobject.h"
- #include "lzio.h"
- 
-+/* prevent conflict with definition from asm/current.h */
-+#undef current
- 
- #define FIRST_RESERVED	257
- 

feeds/ipq807x/xtables-addons/patches/300-geoip-endian-detection.patch

@@ -1,18 +0,0 @@
---- a/extensions/libxt_geoip.c
-+++ b/extensions/libxt_geoip.c
-@@ -59,13 +59,13 @@ geoip_get_subnets(const char *code, uint
- 
- 	/* Use simple integer vector files */
- 	if (nfproto == NFPROTO_IPV6) {
--#if __BYTE_ORDER == _BIG_ENDIAN
-+#if BYTE_ORDER == BIG_ENDIAN
- 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv6", code);
- #else
- 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv6", code);
- #endif
- 	} else {
--#if __BYTE_ORDER == _BIG_ENDIAN
-+#if BYTE_ORDER == BIG_ENDIAN
- 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/BE/%s.iv4", code);
- #else
- 		snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/LE/%s.iv4", code);

feeds/openflow/openvswitch/Config.in

@@ -0,0 +1,8 @@
+menu "Configuration"
+	depends on PACKAGE_openvswitch
+
+	config	OPENVSWITCH_WITH_LIBUNBOUND
+		bool
+		default y
+		prompt "Build with libunbound library."
+endmenu

feeds/openflow/openvswitch/Makefile

@@ -0,0 +1,282 @@
+#
+# Copyright (C) 2013 Julius Schulz-Zander <julius@net.t-labs.tu-berlin.de>
+# Copyright (C) 2014-2017 OpenWrt.org
+# Copyright (C) 2018-2020 Yousong Zhou <yszhou4tech@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+include ./openvswitch.mk
+
+# Checklist on version bump
+#
+#  - Check acinclude.m4 for range of supported kernel versions: "but version newer than .* is not supported"
+#  - Check and update kmod dependencies when necessary (runtime module load check in the least)
+#
+PKG_NAME:=openvswitch
+PKG_VERSION:=$(ovs_version)
+PKG_RELEASE:=10
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
+PKG_HASH:=5c7baed537364d43af36c15dde298c95d35cb2cb3204b4d3fe9b0fc73c97f16d
+
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:openvswitch:openvswitch
+
+PKG_BUILD_DIR:=$(ovs_builddir)
+PKG_BUILD_DEPENDS+=python3/host python-six/host
+PKG_USE_MIPS16:=0
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+PYTHON3_PKG_BUILD:=0
+
+PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/packages/lang/python/python3-host.mk
+include $(TOPDIR)/feeds/packages/lang/python/python3-package.mk
+
+define Package/openvswitch/config
+source "$(SOURCE)/Config.in"
+endef
+
+ovs_kmod_packages:=
+ovs_kmod_intree_kernel_patchver_min:=3.10
+ovs_kmod_intree_kernel_patchver_max:=5.5
+ovs_kmod_intree_not_supported:=$(strip $(call kernel_patchver_lt,$(ovs_kmod_intree_kernel_patchver_min))$(call kernel_patchver_gt,$(ovs_kmod_intree_kernel_patchver_max)))
+ovs_kmod_intree_dir:=$(PKG_BUILD_DIR)/datapath/linux
+ovs_kmod_upstream_dir:=$(LINUX_DIR)/net/openvswitch
+ovs_kmod_package_name=$(if $(filter openvswitch,$(1)),openvswitch,$(1))
+ovs_kmod_is_intree=$(filter %-intree,$(1))
+ovs_kmod_upstream_name=kmod-$(call ovs_kmod_package_name,$(patsubst %-intree,%,$(1)))
+ovs_kmod_package_provides=$(call ovs_kmod_upstream_name,$(1))
+define OvsKmodPackageTemplate
+ifeq ($(if $(call ovs_kmod_is_intree,$(1)),$(ovs_kmod_intree_not_supported)),)
+  define KernelPackage/$(call ovs_kmod_package_name,$(1))
+     SECTION:=kernel
+     CATEGORY:=Kernel modules
+     SUBMENU:=Network Support
+     TITLE:=$(ovs_kmod_$(1)_title)
+     DEPENDS:=$(ovs_kmod_$(1)_depends) $(if $(call ovs_kmod_is_intree,$(1)),@IPV6 @DEVEL)
+     PROVIDES:=$(call ovs_kmod_package_provides,$(1))
+     KCONFIG:=$(ovs_kmod_$(1)_kconfig)
+     FILES:=$(ovs_kmod_$(1)_files)
+     AUTOLOAD:=$(call AutoProbe,$(foreach m,$(ovs_kmod_$(1)_files),$(notdir $(patsubst %.ko,%,$(basename $(m))))))
+  endef
+
+  ovs_kmod_packages+=$(call ovs_kmod_package_name,$(1))
+endif
+endef
+
+ovs_kmod_openvswitch_title:=Open vSwitch kernel datapath (upstream)
+ovs_kmod_openvswitch_kconfig:=CONFIG_OPENVSWITCH
+ovs_kmod_openvswitch_depends:=\
+	  +kmod-lib-crc32c \
+	  +kmod-nf-nat \
+	  +IPV6:kmod-nf-nat6 \
+	  +kmod-nf-conntrack \
+	  +IPV6:kmod-nf-conntrack6 \
+	  +kmod-nsh \
+	  +kmod-ipt-conntrack-extra \
+
+ovs_kmod_openvswitch_files:=$(ovs_kmod_upstream_dir)/openvswitch.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch))
+
+ovs_kmod_openvswitch-gre_title:=Open vSwitch GRE tunneling support (upstream)
+ovs_kmod_openvswitch-gre_kconfig:= CONFIG_OPENVSWITCH_GRE
+ovs_kmod_openvswitch-gre_depends:= +kmod-openvswitch +kmod-gre
+ovs_kmod_openvswitch-gre_files:= $(ovs_kmod_upstream_dir)/vport-gre.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-gre))
+
+ovs_kmod_openvswitch-vxlan_title:=Open vSwitch VXLAN tunneling support (upstream)
+ovs_kmod_openvswitch-vxlan_kconfig:= CONFIG_OPENVSWITCH_VXLAN
+ovs_kmod_openvswitch-vxlan_depends:= +kmod-openvswitch +kmod-vxlan
+ovs_kmod_openvswitch-vxlan_files:= $(ovs_kmod_upstream_dir)/vport-vxlan.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-vxlan))
+
+ovs_kmod_openvswitch-geneve_title:=Open vSwitch Geneve tunneling support (upstream)
+ovs_kmod_openvswitch-geneve_kconfig:= CONFIG_OPENVSWITCH_GENEVE
+ovs_kmod_openvswitch-geneve_depends:= +kmod-openvswitch +kmod-geneve
+ovs_kmod_openvswitch-geneve_files:= $(ovs_kmod_upstream_dir)/vport-geneve.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-geneve))
+
+# NOTE depends
+#
+#  - kmod-ipt-conntrack-extra: required for nf_conncount.ko
+#
+ovs_kmod_openvswitch-intree_title:=Open vSwitch kernel datapath (in tree)
+ovs_kmod_openvswitch-intree_depends:=\
+	  +kmod-lib-crc32c \
+	  +kmod-nf-nat \
+	  +IPV6:kmod-nf-nat6 \
+	  +kmod-nf-conntrack \
+	  +kmod-udptunnel4 \
+	  +kmod-ipt-conntrack-extra \
+
+ovs_kmod_openvswitch-intree_files:= $(ovs_kmod_intree_dir)/openvswitch.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-intree))
+
+ovs_kmod_openvswitch-gre-intree_title:=Open vSwitch GRE tunneling support (in tree)
+ovs_kmod_openvswitch-gre-intree_depends:= +kmod-openvswitch-intree +kmod-gre
+ovs_kmod_openvswitch-gre-intree_files:= $(ovs_kmod_intree_dir)/vport-gre.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-gre-intree))
+
+ovs_kmod_openvswitch-vxlan-intree_title:=Open vSwitch VXLAN tunneling support (in tree)
+ovs_kmod_openvswitch-vxlan-intree_depends:= +kmod-openvswitch-intree +kmod-vxlan
+ovs_kmod_openvswitch-vxlan-intree_files:= $(ovs_kmod_intree_dir)/vport-vxlan.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-vxlan-intree))
+
+ovs_kmod_openvswitch-geneve-intree_title:=Open vSwitch Geneve tunneling support (in tree)
+ovs_kmod_openvswitch-geneve-intree_depends:= +kmod-openvswitch-intree +kmod-geneve
+ovs_kmod_openvswitch-geneve-intree_files:= $(ovs_kmod_intree_dir)/vport-geneve.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-geneve-intree))
+
+ovs_kmod_openvswitch-stt-intree_title:=Open vSwitch STT tunneling support (in tree)
+ovs_kmod_openvswitch-stt-intree_depends:= +kmod-openvswitch-intree
+ovs_kmod_openvswitch-stt-intree_files:= $(ovs_kmod_intree_dir)/vport-stt.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-stt-intree))
+
+ovs_kmod_openvswitch-lisp-intree_title:=Open vSwitch LISP tunneling support (in tree)
+ovs_kmod_openvswitch-lisp-intree_depends:= +kmod-openvswitch-intree
+ovs_kmod_openvswitch-lisp-intree_files:= $(ovs_kmod_intree_dir)/vport-lisp.ko
+$(eval $(call OvsKmodPackageTemplate,openvswitch-lisp-intree))
+
+# Dependency review
+#
+#	for f in sbin/*;   do echo $f; readelf -d $f | grep -i shared; done
+#	for f in bin/*;    do echo $f; readelf -d $f | grep -i shared; done
+#	for f in lib/*.so; do echo $f; readelf -d $f | grep -i shared; done
+#
+ovs_libopenvswitch_title:=Open vSwitch (libopenvswitch.so)
+ovs_libopenvswitch_hidden:=1
+ovs_libopenvswitch_depends:=+libopenssl +!(arc||arceb):libunwind
+ovs_libopenvswitch_depends+=+libatomic
+ifeq ($(CONFIG_OPENVSWITCH_WITH_LIBUNBOUND),y)
+ovs_libopenvswitch_depends+=+libunbound
+endif
+ovs_libopenvswitch_files:=usr/lib/libopenvswitch*.so*
+$(eval $(call OvsPackageTemplate,libopenvswitch))
+
+
+ovs_libofproto_title:=Open vSwitch (libofproto.so libsflow.so)
+ovs_libofproto_hidden:=1
+ovs_libofproto_depends+=+libatomic
+ovs_libofproto_files:=usr/lib/libofproto*.so* usr/lib/libsflow*.so*
+$(eval $(call OvsPackageTemplate,libofproto))
+
+
+ovs_libovsdb_title:=Open vSwitch (libovsdb.so)
+ovs_libovsdb_hidden:=1
+ovs_libovsdb_depends+=+libatomic
+ovs_libovsdb_files:=usr/lib/libovsdb*.so*
+$(eval $(call OvsPackageTemplate,libovsdb))
+
+
+ovs_vswitchd_title:=Open vSwitch (ovs-vswitchd)
+ovs_vswitchd_hidden:=1
+ovs_vswitchd_depends:=+openvswitch-libopenvswitch +openvswitch-libofproto
+ovs_vswitchd_depends+=+libatomic
+ovs_vswitchd_files:=usr/sbin/ovs-vswitchd
+$(eval $(call OvsPackageTemplate,vswitchd))
+
+
+ovs_ovsdb_title:=Open vSwitch (ovsdb-server)
+ovs_ovsdb_hidden:=1
+ovs_ovsdb_depends:=+openvswitch-libopenvswitch +openvswitch-libovsdb
+ovs_ovsdb_depends+=+libatomic
+ovs_ovsdb_files:=usr/sbin/ovsdb-server
+$(eval $(call OvsPackageTemplate,ovsdb))
+
+
+ovs_common_title:=Open vSwitch (common files)
+ovs_common_hidden:=1
+ovs_common_depends:=+openvswitch-libopenvswitch +openvswitch-libofproto +openvswitch-libovsdb
+ovs_common_depends+=+libatomic
+ovs_common_files:= \
+	usr/share/openvswitch/scripts/ovs-lib \
+	usr/share/openvswitch/scripts/ovs-ctl \
+	usr/share/openvswitch/scripts/ovs-kmod-ctl \
+	usr/share/openvswitch/scripts/ovs-save \
+	$(foreach b,ovs-appctl ovs-dpctl ovs-ofctl ovs-vsctl ovsdb-client ovsdb-tool,usr/bin/$(b))
+define ovs_common_install
+	$$(INSTALL_DIR) $$(1)/etc/openvswitch
+	$$(INSTALL_DIR) $$(1)/etc/init.d
+	$$(INSTALL_BIN) ./files/openvswitch.init $$(1)/etc/init.d/openvswitch
+	$$(INSTALL_DIR) $$(1)/etc/config
+	$$(INSTALL_DATA) ./files/openvswitch.config $$(1)/etc/config/openvswitch
+	$$(INSTALL_DIR) $$(1)/usr/share/openvswitch/scripts
+	$$(INSTALL_BIN) ./files/ovs-ctl-wrapper $$(1)/usr/share/openvswitch/scripts/
+	$$(LN) /usr/share/openvswitch/scripts/ovs-ctl-wrapper $$(1)/usr/bin/ovs-ctl
+	$$(LN) /usr/share/openvswitch/scripts/ovs-ctl-wrapper $$(1)/usr/bin/ovs-kmod-ctl
+endef
+define Package/openvswitch-common/conffiles
+/etc/config/openvswitch
+/etc/openvswitch
+endef
+$(eval $(call OvsPackageTemplate,common))
+
+
+# coreutils-sleep is required by ovs-lib for sleeping a fraction of second
+#
+# uuidgen is required for generating system-id
+ovs_openvswitch_title:=Open vSwitch
+ovs_openvswitch_hidden:=
+ovs_openvswitch_depends:=+coreutils +coreutils-sleep +uuidgen \
+	+openvswitch-common +openvswitch-vswitchd +openvswitch-ovsdb +kmod-openvswitch
+ovs_openvswitch_depends+=+libatomic
+ovs_openvswitch_files:= usr/share/openvswitch/vswitch.ovsschema
+$(eval $(call OvsPackageTemplate,openvswitch))
+
+
+ovs_python3_title:=Open vSwitch (Python3 library)
+ovs_python3_hidden:=
+ovs_python3_depends:=+PACKAGE_openvswitch-python3:python3 +PACKAGE_openvswitch-python3:python3-six
+define ovs_python3_install
+	$$(INSTALL_DIR) $$(1)$$(PYTHON3_PKG_DIR)
+	$$(CP) $$(PKG_INSTALL_DIR)/usr/share/openvswitch/python/ovs $$(1)$$(PYTHON3_PKG_DIR)
+endef
+$(eval $(call OvsPackageTemplate,python3))
+
+
+CONFIGURE_ARGS+= \
+	--enable-ndebug \
+	--enable-shared \
+	--disable-libcapng \
+	--disable-silent-rules \
+
+CONFIGURE_VARS += \
+	$(if $(CONFIG_OPENVSWITCH_WITH_LIBUNBOUND),,ac_cv_lib_unbound_ub_ctx_create=no) \
+	ovs_cv_flake8=no \
+	ovs_cv_python3=$(PYTHON3) \
+	ovs_cv_python3_host=$(HOST_PYTHON3_BIN) \
+	SPHINXBUILD=none \
+	KARCH=$(LINUX_KARCH) \
+
+ovs_intree_kmod_configs:=CONFIG_PACKAGE_kmod-openvswitch-intree
+ovs_intree_kmod_enabled:=$(strip $(foreach c,$(ovs_intree_kmod_configs),$($(c))))
+PKG_CONFIG_DEPENDS+=$(ovs_intree_kmod_configs)
+ifneq ($(ovs_intree_kmod_enabled),)
+  ifeq ($(ovs_kmod_intree_not_supported),)
+    CONFIGURE_ARGS += --with-linux=$(LINUX_DIR)
+  else
+    $(warning XXX: openvswitch: intree kmods selected but not supported)
+  endif
+endif
+
+TARGET_CFLAGS += -flto -std=gnu99
+MAKE_VARS += PYTHONPATH="$(HOST_PYTHON3PATH)"
+
+export OVS_KERNEL_MAKE_FLAGS=$(KERNEL_MAKE_FLAGS)
+
+override CONFIG_AUTOREMOVE=
+
+$(foreach p,$(ovs_kmod_packages),\
+  $(eval $(call KernelPackage,$(p)))\
+)
+$(foreach p,$(ovs_packages),\
+  $(eval $(call BuildPackage,$(p)))\
+)

feeds/openflow/openvswitch/README.md

@@ -0,0 +1,106 @@
+# Which packages to install
+
+Install `openvswitch` if you need OpenFlow virtual switch function.  It
+contains ovs-vswitchd, ovsdb-server and helper utilities such as ovs-vsctl,
+ovs-ofctl, ovs-ctl etc.
+
+Linux kernel datapath module openvswitch.ko will also be installed along with
+package `openvswitch`.  Tunnel encap support for gre, geneve, vxlan can be
+included by installing `kmod-openvswitch-{gre,geneve,vxlan}` respectively
+
+For OVN deployment
+
+- Install `openvswitch-ovn-north` for ovs-northd, ovsdb-server, ovn helper utitlies
+- Install `openvswitch-ovn-host` for ovn-controller and `openvswitch`
+
+# How to use them
+
+Open vSwitch provides a few very useful helper script in
+`/usr/share/openvswitch/scripts/`.  A simple initscript is provided.  It's
+mainly a wrapper around `ovs-ctl` and `ovn-ctl` with simple knobs from
+`/etc/config/openvswitch`.  Procd is not used here.
+
+	/etc/init.d/openvswitch start
+	/etc/init.d/openvswitch stop
+	/etc/init.d/openvswitch stop north
+	/etc/init.d/openvswitch restart ovs
+	/etc/init.d/openvswitch status
+
+Use `ovs-ctl` and `ovn-ctl` directly for more functionalities
+
+# Open vSwitch in-tree Linux datapath modules
+
+The Open vSwitch build system uses regexp and conditional-compilation
+heuristics to support building the shipped kernel module source code against a
+wide range of kernels, as of openvswitch-2.10, the list is supposed to include
+vanilla linux 3.10 to 4.15, plus a few distro kernels.
+
+It may NOT work
+
+ - Sometimes the code does not compile
+ - Sometimes the code compiles but insmod will fail
+ - Sometimes modules are loaded okay but actually does not function right
+
+For these reasons, the in-tree datapath modules are NOT visible/enabled by
+default.
+
+Building and using in-tree datapath modules requires some level of devel
+abilities to proceed.  You are expected to configure build options and build
+the code on your own
+
+E.g. pair openvswitch userspace with in-tree datapath module
+
+	CONFIG_DEVEL=y
+	CONFIG_PACKAGE_openvswitch=y
+	# CONFIG_PACKAGE_kmod-openvswitch is not set
+	CONFIG_PACKAGE_kmod-openvswitch-intree=y
+
+E.g. replace in-tree datapath module with upstream version
+
+	opkg remove --force-depends kmod-openvswitch-intree
+	opkg install kmod-openvswitch
+	ovs-ctl force-reload-kmod
+
+# UCI configuration options
+
+There are 5 config section types in package openvswitch:
+ovs ovn_northd, ovn_controller & ovs_bridge.
+
+Each of these supports a disabled option, which should be 
+set to 0 to launch the respective daemons.
+
+The ovs section section also supports the options below, to configure a set of
+SSL CA, certificate and private key. After adding these to Open vSwitch, you
+may specify ssl: connection methods for e.g. the OpenFlow controller. Note that
+Open vSwitch only reads these files during startup, so it needs to be restarted
+after adding or changing these options.
+
+| Name     | Type    | Required | Default | Description                       |
+|----------|---------|----------|---------|-----------------------------------|
+| disabled | boolean | no       | 0       | If set to 1, do not configure SSL |
+| ca       | string  | no       | (none)  | Path to CA certificate            |
+| cert     | string  | no       | (none)  | Path to certificate               |
+| key      | string  | no       | (none)  | Path to private key               |
+
+The ovs_bridge section also supports the options below,
+for initialising a virtual bridge with an OpenFlow controller.
+
+| Name          | Type    | Required | Default                        | Description                                                |
+|---------------|---------|----------|--------------------------------|------------------------------------------------------------|
+| disabled      | boolean | no       | 0                              | If set to true, disable initialisation of the named bridge |
+| name          | string  | no       | Inherits UCI config block name | The name of the switch in the OVS daemon                   |
+| controller    | string  | no       | (none)                         | The endpoint of an OpenFlow controller for this bridge     |
+| datapath_id   | string  | no       | (none)                         | The OpenFlow datapath ID for this bridge                   |
+| datapath_desc | string  | no       | (none)                         | The OpenFlow datapath description for this bridge          |
+| fail_mode     | string  | no       | standalone                     | The bridge failure mode                                    |
+
+The ovs_port section can be used to add ports to a bridge. It supports the options below.
+
+| Name     | Type    | Required | Default | Description
+| ---------|---------|----------|---------|------------------------------------------------|
+| disabled | boolean | no       | 0       | If set to 1, do not add the port to the bridge |
+| bridge   | string  | yes      | (none)  | Name of the bridge to add the port to          |
+| port     | string  | yes      | (none)  | Name of the port to add to the bridge          |
+| ofport   | integer | no       | (none)  | OpenFlow port number to be used by the port    |
+| tag      | integer | no       | (none)  | 802.1Q VLAN tag to set on the port             |
+| type     | string  | no       | (none)  | Port type, e.g. internal, erspan, type, ...    |

feeds/openflow/openvswitch/files/openvswitch.config

@@ -0,0 +1,27 @@
+config ovs ovs
+	option disabled 1
+	option ca '/etc/openvswitch/example_ca.crt'
+	option cert '/etc/openvswitch/example_cert.crt'
+	option key '/etc/openvswitch/example_key.crt'
+
+config ovn_northd north
+	option disabled 1
+
+config ovn_controller controller
+	option disabled 1
+
+config ovs_bridge
+	option disabled 1
+	option name 'my-bridge'
+	option controller 'tcp:192.168.0.1'
+	option datapath_desc ''
+	option datapath_id ''
+	option fail_mode 'standalone'
+
+config ovs_port
+	option disabled 1
+	option bridge 'my-bridge'
+	option port 'ovs-port1'
+	option ofport '1'
+	option tag '123'
+	option type 'internal'

feeds/openflow/openvswitch/files/openvswitch.init

@@ -0,0 +1,281 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2013 Julius Schulz-Zander <julius@net.t-labs.tu-berlin.de>
+# Copyright (C) 2014-2017 OpenWrt.org
+# Copyright (C) 2018 Yousong Zhou <yszhou4tech@gmail.com>
+# Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
+
+. /lib/functions/procd.sh
+START=15
+
+basescript=$(readlink "$initscript")
+
+ovs_ctl="/usr/share/openvswitch/scripts/ovs-ctl"; [ -x "$ovs_ctl" ] || ovs_ctl=:
+ovn_ctl="/usr/share/ovn/scripts/ovn-ctl"; [ -x "$ovn_ctl" ] || ovn_ctl=:
+
+extra_command "status" "Get status information"
+
+service_triggers() {
+	procd_add_reload_trigger openvswitch
+}
+
+init_triggers() {
+	procd_open_service "$(basename ${basescript:-$initscript})" "$initscript"
+	procd_close_service set
+}
+
+start() {
+	init_triggers
+	ovs_action start "$@"
+}
+
+reload() {
+	start
+}
+
+running() {
+	return 0
+}
+
+stop() {
+	procd_kill "$(basename ${basescript:-$initscript})"
+	ovs_action stop "$@"
+}
+
+restart() {
+	init_triggers
+	ovs_action restart "$@"
+}
+
+status() {
+	ovs_action status "$@"
+}
+
+ovs_action_cfgs=
+ovs_action() {
+	local action="$1"; shift
+	local cfgtype
+
+	ovs_action_cfgs="$*"
+	config_load openvswitch
+	for cfgtype in ovs ovn_northd ovn_controller; do
+		config_foreach "ovs_xx" "$cfgtype" "$action" "$cfgtype"
+	done
+
+	case "$action" in
+		restart|start)
+			config_foreach ovs_bridge_init "ovs_bridge"
+			;;
+	esac
+
+}
+
+ovs_xx() {
+	local cfg="$1"
+	local action="$2"
+	local cfgtype="$3"
+	local disabled
+
+	if [ -n "$ovs_action_cfgs" ] && ! list_contains "ovs_action_cfgs" "$cfg"; then
+		return
+	fi
+	case "$action" in
+		status|stop) ;;
+		*)
+			config_get_bool disabled "$cfg" disabled 0
+			[ "$disabled" == "0" ] || return
+			;;
+	esac
+
+	case "$cfgtype" in
+		ovs)
+			"$ovs_ctl" "$action" \
+				--system-id=random 1000>&-
+			ovs_set_ssl
+			;;
+		ovn_*)
+			"$ovn_ctl" "${action}_${cfgtype#ovn_}"
+			;;
+	esac
+}
+
+ovs_bridge_parse_port() {
+	case "$1" in
+		*:*)
+			port="${1%%:*}"
+			type="${1#*:}"
+		;;
+		*)
+			port="$1"
+			type=""
+		;;
+	esac
+}
+
+ovs_bridge_port_add() {
+	[ -n "$1" ] || return
+
+	ovs_bridge_parse_port "$1"
+	cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"
+	[ "$?" = 0 ] && {
+		[ "$type" = "$cur_type" ] || ovs-vsctl del-port "$port"
+	}
+
+	ovs-vsctl --may-exist add-port "$name" "$port" ${type:+ -- set interface "$port" type="$type"}
+	ovs_bridge_port_up "$port"
+	__port_list="$__port_list ${port} "
+}
+
+ovs_bridge_port_add_complex() {
+	local cfg="$1"
+	local cur_bridge="$2"
+
+	local bridge disabled ofport port tag type
+	local cur_tag cur_type del_port
+
+	config_get_bool disabled "$cfg" disabled 0
+	[ "$disabled" = "0" ] || return
+
+	config_get bridge "$cfg" bridge
+	[ "$bridge" = "$cur_bridge" ] || return
+	ovs-vsctl br-exists "$bridge" || return
+
+	config_get port "$cfg" port
+	[ -n "$port" ] || return
+
+	config_get ofport "$cfg" ofport
+
+	config_get tag "$cfg" tag
+	if [ -n "$tag" ]; then
+		if cur_tag="$(ovs-vsctl get port "$port" tag 2>/dev/null)"; then
+			[ "$tag" = "$cur_tag" ] || del_port=1
+		fi
+	fi
+
+	config_get type "$cfg" type
+	if [ -n "$type" ]; then
+		if cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"; then
+			[ "$type" = "$cur_type" ] || del_port=1
+		fi
+	fi
+
+	[ "${del_port:-0}" -eq 1 ] && ovs-vsctl --if-exists del-port "$bridge" "$port"
+
+	ovs-vsctl --may-exist add-port "$bridge" "$port" ${tag:+tag="$tag"} \
+		${ofport:+ -- set interface "$port" ofport_request="$ofport"} \
+		${type:+ -- set interface "$port" type="$type"}
+	ovs_bridge_port_up "$port"
+	__port_list="$__port_list ${port} "
+}
+
+ovs_bridge_port_cleanup() {
+	for port in `ovs-vsctl list-ports "$name"`; do
+		case "$__port_list" in
+			*" $port "*);;
+			*) ovs-vsctl del-port "$port";;
+		esac
+	done
+}
+
+ovs_bridge_port_up() {
+	local port="$1"
+
+	ip link set dev "$port" up
+}
+
+ovs_bridge_validate_datapath_id() {
+	local dpid="$1"
+
+	if expr "$dpid" : '[[:xdigit:]]\{16\}$' > /dev/null; then
+		return 0
+	elif expr "$dpid" : '0x[[:xdigit:]]\{1,16\}$' > /dev/null; then
+		return 0
+	else
+		logger -t openvswitch "invalid datapath_id: $dpid"
+		return 1
+	fi
+}
+
+ovs_bridge_validate_datapath_desc() {
+	local dpdesc="$1"
+
+	if [ "$(echo $dpdesc | wc -c)" -le 255 ]; then
+		return 0
+	else
+		logger -t openvswitch "invalid datapath_desc: $dpdesc"
+		return 1
+	fi
+}
+
+ovs_bridge_validate_fail_mode() {
+	local fail_mode="$1"
+
+	case "$fail_mode" in
+		secure|standalone)
+			return 0
+			;;
+		*)
+			logger -t openvswitch "invalid fail_mode: $fail_mode"
+			return 1
+			;;
+	esac
+}
+
+ovs_bridge_init() {
+	local cfg="$1"
+
+	local disabled
+	local name
+	local controller
+	local datapath_id
+
+	config_get_bool disabled "$cfg" disabled 0
+	[ "$disabled" == "0" ] || return
+
+	config_get name "$cfg" name $cfg
+	ovs-vsctl --may-exist add-br "$name"
+
+	config_get datapath_id "$cfg" datapath_id
+	[ -n "$datapath_id" ] && {
+		ovs_bridge_validate_datapath_id "$datapath_id" && {
+			ovs-vsctl --if-exists set bridge "$name" other-config:datapath-id="$datapath_id"
+		}
+	}
+
+	config_get datapath_desc "$cfg" datapath_desc
+	[ -n "$datapath_desc" ] && {
+		ovs_bridge_validate_datapath_desc "$datapath_desc" && {
+			ovs-vsctl --if-exists set bridge "$name" other-config:dp-desc="$datapath_desc"
+		}
+	}
+
+	config_get fail_mode "$cfg" fail_mode
+	[ -n "$fail_mode" ] && {
+		ovs_bridge_validate_fail_mode "$fail_mode" && {
+			ovs-vsctl set-fail-mode "$name" "$fail_mode" 2> /dev/null
+		} || {
+			ovs-vsctl del-fail-mode "$name" 2> /dev/null
+		}
+	} || {
+		ovs-vsctl del-fail-mode "$name" 2> /dev/null
+	}
+
+	config_list_foreach "$cfg" "ports" ovs_bridge_port_add
+	config_foreach ovs_bridge_port_add_complex ovs_port "$name"
+	config_get_bool drop "$cfg" "drop_unknown_ports" 0
+	[ "$drop" == 1 ] && ovs_bridge_port_cleanup
+
+	config_get controller "$cfg" controller
+	[ -n "$controller" ] && \
+		ovs-vsctl set-controller "$name" "$controller"
+}
+
+ovs_set_ssl() {
+	local ca="$(uci -q get openvswitch.ovs.ca)"
+	[ -f "$ca" ] || return
+	local cert="$(uci get openvswitch.ovs.cert)"
+	[ -f "$cert" ] || return
+	local key="$(uci get openvswitch.ovs.key)"
+	[ -f "$key" ] || return
+
+	ovs-vsctl set-ssl "$key" "$cert" "$ca"
+}

feeds/openflow/openvswitch/files/ovs-ctl-wrapper

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+s=/usr/share/openvswitch/scripts
+case "$0" in
+	*ovs-ctl) "$s/ovs-ctl" "$@" ;;
+	*ovs-kmod-ctl) "$s/ovs-kmod-ctl" "$@" ;;
+	*ovn-ctl) "/usr/share/ovn/scripts/ovn-ctl" "$@" ;;
+	*) exit 1;;
+esac

feeds/openflow/openvswitch/openvswitch.mk

@@ -0,0 +1,36 @@
+# Copyright (C) 2020 Yousong Zhou <yszhou4tech@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+
+# Versions
+
+ovs_version:=2.15.1
+ovs_builddir=$(KERNEL_BUILD_DIR)/openvswitch-$(ovs_version)
+
+# Shared vars, macros
+
+ovs_packages:=
+
+ovs_package_name=$(if $(filter openvswitch,$(1)),openvswitch,openvswitch-$(1))
+define OvsPackageTemplate
+  define Package/$(call ovs_package_name,$(1))
+     SECTION:=net
+     SUBMENU:=Open vSwitch
+     CATEGORY:=Network
+     URL:=https://www.openvswitch.org
+     TITLE:=$(ovs_$(1)_title)
+     HIDDEN:=$(ovs_$(1)_hidden)
+     DEPENDS:=$(ovs_$(1)_depends)
+  endef
+
+  define Package/$(call ovs_package_name,$(1))/install
+	$(foreach f,$(ovs_$(1)_files),
+		$(INSTALL_DIR) $$(1)/$(dir $(f))
+		$(CP) $(PKG_INSTALL_DIR)/$(f) $$(1)/$(dir $(f))
+	)
+	$(ovs_$(1)_install)
+  endef
+
+  ovs_packages+=$(call ovs_package_name,$(1))
+endef

feeds/openflow/openvswitch/patches/0001-netdev-linux-Let-interface-flag-survive-internal-por.patch

@@ -0,0 +1,35 @@
+From 974dc36a87274d7bae13e7dddd3364fecf5b3e7c Mon Sep 17 00:00:00 2001
+From: Helmut Schaa <helmut.schaa@googlemail.com>
+Date: Wed, 8 Jan 2014 13:48:49 +0100
+Subject: [PATCH] netdev-linux: Let interface flag survive internal port setup
+
+Due to a race condition when bringing up an internal port on Linux
+some interface flags (e.g. IFF_MULTICAST) are falsely reset. This
+happens because netlink events may be processed after the according
+netdev has been brought up (which sets interface flags).
+
+Fix this by reading the interface flags just before updating them
+if they have not been updated by from the kernel yet.
+
+Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
+---
+ lib/netdev-linux.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/lib/netdev-linux.c
++++ b/lib/netdev-linux.c
+@@ -3469,7 +3469,13 @@ update_flags(struct netdev_linux *netdev
+     unsigned int old_flags, new_flags;
+     int error = 0;
+ 
+-    old_flags = netdev->ifi_flags;
++    if (!(netdev->cache_valid & VALID_DRVINFO)) {
++        /* Most likely the debvice flags are not in sync yet, fetch them now */
++        get_flags(&netdev->up, &old_flags);
++    } else {
++        old_flags = netdev->ifi_flags;
++    }
++
+     *old_flagsp = iff_to_nd_flags(old_flags);
+     new_flags = (old_flags & ~nd_to_iff_flags(off)) | nd_to_iff_flags(on);
+     if (new_flags != old_flags) {

feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch

@@ -0,0 +1,33 @@
+From 54484e79aca0981ebc42ddc68487e6531da9b59d Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Fri, 20 Mar 2020 15:11:31 +0800
+Subject: [PATCH] python: separate host/target python for cross-compile
+
+Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
+---
+ Makefile.am       | 2 +-
+ m4/openvswitch.m4 | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -60,7 +60,7 @@ endif
+ # foo/__init__.pyc will cause Python to ignore foo.py.
+ run_python = \
+ 	PYTHONPATH=$(top_srcdir)/python$(psep)$$PYTHONPATH \
+-	PYTHONDONTWRITEBYTECODE=yes $(PYTHON3)
++	PYTHONDONTWRITEBYTECODE=yes $(PYTHON3_HOST)
+ 
+ ALL_LOCAL =
+ BUILT_SOURCES =
+--- a/m4/openvswitch.m4
++++ b/m4/openvswitch.m4
+@@ -372,6 +372,8 @@ else:
+      AC_MSG_ERROR([Python 3.4 or later is required but not found in $PATH, please install it or set $PYTHON3 to point to it])
+    fi
+    AC_ARG_VAR([PYTHON3])
++   PYTHON3_HOST=$ovs_cv_python3_host
++   AM_MISSING_PROG([PYTHON3_HOST], [python3])
+    PYTHON3=$ovs_cv_python3])
+ 
+ dnl Checks for flake8.

feeds/openflow/openvswitch/patches/0003-ovs-lib-fix-install_dir.patch

@@ -0,0 +1,26 @@
+From 444991b95ed25d58c3cd1646fa823620380b6ce6 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Wed, 14 Mar 2018 16:44:13 +0800
+Subject: [PATCH] ovs-lib: fix install_dir()
+
+The command "install" is not available in OpenWrt by default
+
+Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
+---
+ utilities/ovs-lib.in | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/utilities/ovs-lib.in
++++ b/utilities/ovs-lib.in
+@@ -159,7 +159,10 @@ install_dir () {
+     [ "${OVS_USER##*:}" != "" ] && INSTALL_GROUP="${OVS_USER##*:}"
+ 
+     if test ! -d "$DIR"; then
+-        install -d -m "$INSTALL_MODE" -o "$INSTALL_USER" -g "$INSTALL_GROUP" "$DIR"
++        mkdir -p "$DIR"
++        chmod "$INSTALL_MODE" "$DIR"
++        chown "$INSTALL_USER" "$DIR"
++        chgrp "$INSTALL_GROUP" "$DIR"
+         restorecon "$DIR" >/dev/null 2>&1
+     fi
+ }

feeds/openflow/openvswitch/patches/0004-build-trim-build.patch

@@ -0,0 +1,25 @@
+From 31514742de07d595ac23c2b0abf0e092f8b26140 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <zhouyousong@yunionyun.com>
+Date: Tue, 21 Aug 2018 13:02:21 +0000
+Subject: [PATCH] build: trim build
+
+Signed-off-by: Yousong Zhou <zhouyousong@yunionyun.com>
+---
+ Makefile.am | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -477,12 +477,10 @@ dist-docs:
+ 	VERSION=$(VERSION) MAKE='$(MAKE)' $(srcdir)/build-aux/dist-docs $(srcdir) $(docs)
+ .PHONY: dist-docs
+ 
+-include Documentation/automake.mk
+ include m4/automake.mk
+ include lib/automake.mk
+ include ofproto/automake.mk
+ include utilities/automake.mk
+-include tests/automake.mk
+ include include/automake.mk
+ include third-party/automake.mk
+ include debian/automake.mk

feeds/openflow/openvswitch/patches/0006-datapath-allow-passing-additional-OVS_KERNEL_MAKE_FL.patch

@@ -0,0 +1,23 @@
+From 1df5a0eaf78e93e21d21f1438afbe5fa8a37ea61 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Tue, 26 May 2020 22:45:53 +0800
+Subject: [PATCH] datapath: allow passing additional $(OVS_KERNEL_MAKE_FLAGS)
+
+This can be useful for passing args like -iremap for reproducible builds
+
+Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
+---
+ datapath/linux/Makefile.main.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/datapath/linux/Makefile.main.in
++++ b/datapath/linux/Makefile.main.in
+@@ -68,7 +68,7 @@ ifeq (,$(wildcard $(CONFIG_FILE)))
+ endif
+ 
+ default:
+-	$(MAKE) -C $(KSRC) $(if @KARCH@,ARCH=@KARCH@) M=$(builddir) modules
++	$(MAKE) -C $(KSRC) $(OVS_KERNEL_MAKE_FLAGS) $(if @KARCH@,ARCH=@KARCH@) M=$(builddir) modules
+ 
+ modules_install:
+ 	$(MAKE) -C $(KSRC) $(if @KARCH@,ARCH=@KARCH@) M=$(builddir) modules_install

feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch

@@ -0,0 +1,54 @@
+From e81ccb671014db62bf622cd8f960d7930d27d9dc Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Wed, 29 Jul 2020 17:29:14 +0800
+Subject: [PATCH] build: only link libopenvswitch with libunwind, libunbound
+
+Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
+---
+ lib/automake.mk          | 2 ++
+ lib/libopenvswitch.pc.in | 2 +-
+ m4/openvswitch.m4        | 6 ++++--
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+
+--- a/lib/automake.mk
++++ b/lib/automake.mk
+@@ -10,6 +10,8 @@ lib_LTLIBRARIES += lib/libopenvswitch.la
+ lib_libopenvswitch_la_LIBADD = $(SSL_LIBS)
+ lib_libopenvswitch_la_LIBADD += $(CAPNG_LDADD)
+ lib_libopenvswitch_la_LIBADD += $(LIBBPF_LDADD)
++lib_libopenvswitch_la_LIBADD += $(LIBUNBOUND_LDADD)
++lib_libopenvswitch_la_LIBADD += $(LIBUNWIND_LDADD)
+ 
+ 
+ if WIN32
+--- a/lib/libopenvswitch.pc.in
++++ b/lib/libopenvswitch.pc.in
+@@ -7,5 +7,5 @@ Name: libopenvswitch
+ Description: Open vSwitch library
+ Version: @VERSION@
+ Libs: -L${libdir} -lopenvswitch
+-Libs.private: @LIBS@
++Libs.private: @LIBS@ @SSL_LIBS@ @CAPNG_LDADD@ @LIBBPF_LDADD@ @LIBUNBOUND_LDADD@ @LIBUNWIND_LDADD@
+ Cflags: -I${includedir}/openvswitch
+--- a/m4/openvswitch.m4
++++ b/m4/openvswitch.m4
+@@ -646,7 +646,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND],
+   [AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes], [HAVE_UNBOUND=no])
+    if test "$HAVE_UNBOUND" = yes; then
+      AC_DEFINE([HAVE_UNBOUND], [1], [Define to 1 if unbound is detected.])
+-     LIBS="$LIBS -lunbound"
++     LIBUNBOUND_LDADD="-lunbound"
++     AC_SUBST(LIBUNBOUND_LDADD)
+    fi
+    AM_CONDITIONAL([HAVE_UNBOUND], [test "$HAVE_UNBOUND" = yes])
+    AC_SUBST([HAVE_UNBOUND])])
+@@ -658,7 +659,8 @@ AC_DEFUN([OVS_CHECK_UNWIND],
+    [HAVE_UNWIND=no])
+    if test "$HAVE_UNWIND" = yes; then
+      AC_DEFINE([HAVE_UNWIND], [1], [Define to 1 if unwind is detected.])
+-     LIBS="$LIBS -lunwind"
++     LIBUNWIND_LDADD="-lunwind"
++     AC_SUBST(LIBUNWIND_LDADD)
+    fi
+    AM_CONDITIONAL([HAVE_UNWIND], [test "$HAVE_UNWIND" = yes])
+    AC_SUBST([HAVE_UNWIND])])

feeds/tip/firstcontact/files/usr/share/ucentral/firstcontact.uc

@@ -7,8 +7,39 @@ if (!fd) {
 devid = fd.read("all");
 fd.close();
 
+ret = system(sprintf('/usr/sbin/firstcontact -i %s', devid));
+
+if (ret) {
+	warn("firstcontact failed to contact redirector\n");
+	exit(1);
+}
+
+let redirector = { };
+let fd = fs.open("/etc/ucentral/redirector.json", "r");
+if (fd) {
+	let data = fd.read("all");
+	fd.close();
+
+	try {
+		redirector = json(data);
+	}
+	catch (e) {
+		warn("firstcontact: Unable to parse JSON data in %s: %s", path, e);
+
+		exit(1);
+	}
+}
 let config = {};
 
+for (let r in redirector.fields)
+	if (r.name && r.value)
+		config[r.name] = r.value;
+if (!config.Redirector) {
+	warn("Reply is missing Redirector field\n");
+
+	exit(1);
+}
+
 function store_config(path) {
 	let cursor = uci.cursor(path);
 	let redir = split(config.Redirector, ":");
@@ -19,44 +50,6 @@ function store_config(path) {
 	cursor.commit();
 }
 
-ret = system(sprintf('/usr/sbin/firstcontact -i %s', devid));
-if (ret) {
-	warn("firstcontact failed to contact redirector, check DHCP option\n");
-	let fd = fs.open("/tmp/capwap/dhcp_opt.txt", "r");
-	if (!fd) {
-		warn("No redirector found\n");
-		exit(1);
-	} else {
-		config.Redirector = fd.read("all");
-		fd.close();
-	}
-} else {
-	let redirector = { };
-	let fd = fs.open("/etc/ucentral/redirector.json", "r");
-	if (fd) {
-		let data = fd.read("all");
-		fd.close();
-
-		try {
-			redirector = json(data);
-		}
-		catch (e) {
-			warn("firstcontact: Unable to parse JSON data in %s: %s", path, e);
-
-			exit(1);
-		}
-	}
-
-	for (let r in redirector.fields)
-		if (r.name && r.value)
-			config[r.name] = r.value;
-	if (!config.Redirector) {
-		warn("Reply is missing Redirector field\n");
-		exit(1);
-	}
-
-}
-
 store_config();
 store_config("/etc/config-shadow/");
 

feeds/ucentral/dynamic-vlan/Makefile

@@ -4,10 +4,10 @@ PKG_NAME:=dynamic-vlan
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/blogic/dynamic-vlan.git
-PKG_MIRROR_HASH:=2129d5e4b397afad76825a042dab6fb57c63e57c686d354f3d0d77a5754ab760
+PKG_MIRROR_HASH:=448890cdf182bd1b47edffca242e607594d0d17f6f5017a6fd021aab79f3c351
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-06-04
-PKG_SOURCE_VERSION:=7202189d1b710c52f8ddc3c7040821708c3f438b
+PKG_SOURCE_VERSION:=55d78d3e7215b601084980d922349bcfdcf9cf20
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

feeds/ucentral/dynamic-vlan/files/dynamic-vlan

@@ -7,12 +7,8 @@ PROG=/usr/sbin/dynamic-vlan
 
 start_service() {
 	wan=$(cat /etc/board.json | jsonfilter -e '@.network.wan.device')
-	[ -z "$wan" ] && eval $(jsonfilter -i /etc/board.json -e 'wan=@.network.wan.ports.*')
 	procd_open_instance
-	procd_set_param command "$PROG"
-	for w in $wan; do
-		procd_append_param command $w
-	done
+	procd_set_param command "$PROG" $wan
 	procd_set_param respawn
 	procd_close_instance
 }

feeds/ucentral/ieee8021x/Makefile

@@ -7,10 +7,10 @@ PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 
 PKG_SOURCE_URL=https://github.com/blogic/ieee8021x.git
-PKG_MIRROR_HASH:=5a47c355366fb7cfaa0d622c4ea1fa6a867b0fb30e624343727d5f8722c79f7b
+PKG_MIRROR_HASH:=7e14e320714b4759f5c393f90165a69d133633612b57d408b3ab6535710bf53c
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-04-12
-PKG_SOURCE_VERSION:=c526967cbc14ba5528c817d5f6115156c2da94b9
+PKG_SOURCE_VERSION:=c1f36559dc0ed2deeac0531a3d5854f1955ae928
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

feeds/ucentral/qosify/Makefile

@@ -11,9 +11,9 @@ include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=qosify
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/qosify.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-04-08
-PKG_SOURCE_VERSION:=ef82defaae26619e5b2ebddfdd86e9de61c399f1
-PKG_MIRROR_HASH:=8e4ca65d23a85aad774af51dc62cfaa4615111ffd2c7922258ac8f026a62b013
+PKG_SOURCE_DATE:=2022-03-06
+PKG_SOURCE_VERSION:=f13b67c9a786567df240a8f3f608e2724ddaadba
+PKG_MIRROR_HASH:=3d8629e711e46a6be79a46a6394165fd1761687f24b8ed954dc4f16f177cd90f
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_LICENSE:=GPL-2.0
@@ -31,17 +31,9 @@ define Package/qosify
   SECTION:=utils
   CATEGORY:=Base system
   TITLE:=A simple QoS solution based eBPF + CAKE
-  DEPENDS:=+libbpf +libubox +libubus +libnl-tiny +kmod-sched-cake +kmod-sched-bpf +kmod-ifb +tc $(BPF_DEPENDS)
+  DEPENDS:=+libbpf +libubox +libubus +kmod-sched-cake +kmod-sched-bpf +kmod-ifb +tc-full $(BPF_DEPENDS)
 endef
 
-TARGET_CFLAGS += \
-	-Wno-error=deprecated-declarations \
-	-I$(STAGING_DIR)/usr/include/libnl-tiny \
-	-I$(STAGING_DIR)/usr/include
-
-CMAKE_OPTIONS += \
-	-DLIBNL_LIBS=-lnl-tiny
-
 define Build/Compile
 	$(call CompileBPF,$(PKG_BUILD_DIR)/qosify-bpf.c)
 	$(Build/Compile/Default)

feeds/ucentral/radius-gw-proxy/src/main.c

@@ -353,7 +353,7 @@ int main(int argc, char **argv)
 
 	sock_auth = sock_open("1812", RADIUS_AUTH);
 	sock_acct = sock_open("1813", RADIUS_ACCT);
-	sock_dae = sock_open("3379", RADIUS_DAS);
+	sock_dae = sock_open("1814", RADIUS_DAS);
 
 	uloop_run();
 	uloop_end();

feeds/ucentral/ratelimit/files/usr/bin/ratelimit

@@ -28,13 +28,15 @@ delclient() {
 	local mac=$2
 	local id=$3
 	
-	logger "ratelimit: delete old client entries $1 $2"
+	logger "ratelimit: delete old client entries"
 
-	id=$(get_id ${mac//:})
+	[ -z "$id" ] && id=$(get_id ${mac//:})
 
 	TC filter del dev $iface protocol all parent 1: prio 1 u32 match ether dst $mac flowid 1:$id
+	TC class del dev $iface parent 1:1 classid 1:$id
 	
 	TC filter del dev $ifb protocol all parent 1: prio 1 u32 match ether src $mac flowid 1:$id
+	TC class del dev $ifb parent 1:1 classid 1:$id
 }
 
 ingress=0
@@ -70,7 +72,7 @@ addclient() {
 
 	local id=$(get_id ${mac//:})
 
-	logger "ratelimit: add new client entries for $1 $2 $egress $ingress"
+	logger "ratelimit: add new client entries for $2 $egress $ingress"
 
 	TC class add dev $iface parent 1:1 classid 1:$id htb rate 1mbit ceil ${egress}mbit burst 2k prio 1
 	TC qdisc add dev $iface parent 1:$id handle $id: sfq perturb 10

feeds/ucentral/spotfilter/Makefile

@@ -1,57 +0,0 @@
-#
-# Copyright (C) 2021 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=spotfilter
-PKG_VERSION:=1
-
-PKG_LICENSE:=GPL-2.0
-PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
-
-PKG_BUILD_DEPENDS:=bpf-headers
-PKG_FLAGS:=nonshared
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-include $(INCLUDE_DIR)/bpf.mk
-include $(INCLUDE_DIR)/nls.mk
-
-define Package/spotfilter
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=Network filter for hotspot services
-  DEPENDS:=+libbpf +libubox +libubus +libnl-tiny +kmod-sched-cake +kmod-sched-bpf $(BPF_DEPENDS)
-endef
-
-TARGET_CFLAGS += \
-	-Wno-error=deprecated-declarations \
-	-I$(STAGING_DIR)/usr/include/libnl-tiny \
-	-I$(STAGING_DIR)/usr/include -g3
-
-CMAKE_OPTIONS += \
-	-DLIBNL_LIBS=-lnl-tiny
-
-define Build/Compile
-	$(call CompileBPF,$(PKG_BUILD_DIR)/spotfilter-bpf.c)
-	$(Build/Compile/Default)
-endef
-
-define Package/spotfilter/install
-	$(INSTALL_DIR) \
-		$(1)/etc/hotplug.d/net \
-		$(1)/etc/init.d \
-		$(1)/lib/bpf \
-		$(1)/usr/sbin
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/spotfilter-bpf.o $(1)/lib/bpf
-	$(INSTALL_BIN) ./files/spotfilter.init $(1)/etc/init.d/spotfilter
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/spotfilter $(1)/usr/sbin/
-	$(INSTALL_DATA) ./files/spotfilter.hotplug $(1)/etc/hotplug.d/net/10-spotfilter
-endef
-
-$(eval $(call BuildPackage,spotfilter))

feeds/ucentral/spotfilter/files/spotfilter.hotplug

@@ -1,2 +0,0 @@
-#!/bin/sh
-ubus call spotfilter check_devices

feeds/ucentral/spotfilter/files/spotfilter.init

@@ -1,23 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (c) 2021 OpenWrt.org
-
-START=18
-
-USE_PROCD=1
-PROG=/usr/sbin/spotfilter
-
-reload_service() {
-	ubus call spotfilter interface_add "$(cat /tmp/spotfilter.json)"
-}
-
-start_service() {
-	procd_open_instance
-	procd_set_param command "$PROG"
-	procd_set_param respawn
-	procd_close_instance
-}
-
-service_started() {
-	ubus -t 10 wait_for spotfilter
-	[ $? = 0 ] && reload_service
-}

feeds/ucentral/spotfilter/src/CMakeLists.txt

@@ -1,24 +0,0 @@
-cmake_minimum_required(VERSION 3.10)
-
-PROJECT(spotfilter C)
-
-ADD_DEFINITIONS(-Os -Wall -Wno-unknown-warning-option -Wno-array-bounds -Wno-format-truncation -Werror --std=gnu99)
-
-SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
-
-IF (NOT DEFINED LIBNL_LIBS)
-	include(FindPkgConfig)
-	pkg_search_module(LIBNL libnl-3.0 libnl-3 libnl nl-3 nl)
-	IF (LIBNL_FOUND)
-		include_directories(${LIBNL_INCLUDE_DIRS})
-		SET(LIBNL_LIBS ${LIBNL_LIBRARIES})
-	ENDIF()
-ENDIF()
-
-find_library(bpf NAMES bpf)
-ADD_EXECUTABLE(spotfilter main.c bpf.c ubus.c rtnl.c interface.c snoop.c client.c dhcpv4.c icmpv6.c nl80211.c)
-TARGET_LINK_LIBRARIES(spotfilter ${bpf} ubox ubus ${LIBNL_LIBS})
-
-INSTALL(TARGETS spotfilter
-	RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
-)

feeds/ucentral/spotfilter/src/bpf.c

@@ -1,196 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include <sys/resource.h>
-#include <sys/stat.h>
-#include <arpa/inet.h>
-#include <glob.h>
-#include <unistd.h>
-
-#include "spotfilter.h"
-
-static int spotfilter_bpf_pr(enum libbpf_print_level level, const char *format,
-		     va_list args)
-{
-	return vfprintf(stderr, format, args);
-}
-
-static void
-spotfilter_fill_rodata(struct bpf_object *obj, struct spotfilter_bpf_config *val)
-{
-	struct bpf_map *map = NULL;
-
-	while ((map = bpf_object__next_map(obj, map)) != NULL) {
-		if (!strstr(bpf_map__name(map), ".rodata"))
-			continue;
-
-		bpf_map__set_initial_value(map, val, sizeof(*val));
-	}
-}
-
-static void spotfilter_init_env(void)
-{
-	struct rlimit limit = {
-		.rlim_cur = RLIM_INFINITY,
-		.rlim_max = RLIM_INFINITY,
-	};
-
-	setrlimit(RLIMIT_MEMLOCK, &limit);
-}
-
-int spotfilter_bpf_load(struct interface *iface)
-{
-	DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts);
-	struct spotfilter_bpf_config config = {
-		.snoop_ifindex = spotfilter_ifb_ifindex
-	};
-	struct bpf_program *prog_i, *prog_e;
-	struct bpf_object *obj;
-	int err;
-
-	libbpf_set_print(spotfilter_bpf_pr);
-
-	spotfilter_init_env();
-
-	obj = bpf_object__open_file(SPOTFILTER_PROG_PATH, &opts);
-	err = libbpf_get_error(obj);
-	if (err) {
-		perror("bpf_object__open_file");
-		return -1;
-	}
-
-	prog_i = bpf_object__find_program_by_name(obj, "spotfilter_in");
-	if (!prog_i) {
-		fprintf(stderr, "Can't find ingress classifier\n");
-		goto error;
-	}
-
-	prog_e = bpf_object__find_program_by_name(obj, "spotfilter_out");
-	if (!prog_e) {
-		fprintf(stderr, "Can't find egress classifier\n");
-		goto error;
-	}
-
-	bpf_program__set_type(prog_i, BPF_PROG_TYPE_SCHED_CLS);
-	bpf_program__set_type(prog_e, BPF_PROG_TYPE_SCHED_CLS);
-
-	spotfilter_fill_rodata(obj, &config);
-
-	err = bpf_object__load(obj);
-	if (err) {
-		perror("bpf_object__load");
-		goto error;
-	}
-
-	iface->bpf.prog_ingress = bpf_program__fd(prog_i);
-	iface->bpf.prog_egress = bpf_program__fd(prog_e);
-	if ((iface->bpf.map_class = bpf_object__find_map_fd_by_name(obj, "class")) < 0 ||
-	    (iface->bpf.map_client = bpf_object__find_map_fd_by_name(obj, "client")) < 0 ||
-	    (iface->bpf.map_whitelist_v4 = bpf_object__find_map_fd_by_name(obj, "whitelist_ipv4")) < 0 ||
-	    (iface->bpf.map_whitelist_v6 = bpf_object__find_map_fd_by_name(obj, "whitelist_ipv6")) < 0) {
-		perror("bpf_object__find_map_fd_by_name");
-		goto error;
-	}
-	iface->bpf.obj = obj;
-
-	return 0;
-
-error:
-	bpf_object__close(obj);
-	return -1;
-}
-
-int spotfilter_bpf_get_client(struct interface *iface,
-			      const struct spotfilter_client_key *key,
-			      struct spotfilter_client_data *data)
-{
-	return bpf_map_lookup_elem(iface->bpf.map_client, key, data);
-}
-
-int spotfilter_bpf_set_client(struct interface *iface,
-			      const struct spotfilter_client_key *key,
-			      const struct spotfilter_client_data *data)
-{
-	if (!data)
-		return bpf_map_delete_elem(iface->bpf.map_client, key);
-
-	return bpf_map_update_elem(iface->bpf.map_client, key, data, BPF_ANY);
-}
-
-static void
-__spotfilter_bpf_set_device(struct interface *iface, int ifindex, bool egress, bool enabled)
-{
-	DECLARE_LIBBPF_OPTS(bpf_tc_hook, hook,
-			    .attach_point = egress ? BPF_TC_EGRESS : BPF_TC_INGRESS,
-			    .ifindex = ifindex);
-	DECLARE_LIBBPF_OPTS(bpf_tc_opts, attach_tc,
-			    .handle = 1,
-			    .priority = SPOTFILTER_PRIO_BASE);
-
-	if (!enabled) {
-		bpf_tc_detach(&hook, &attach_tc);
-		return;
-	}
-
-	if (egress)
-		attach_tc.prog_fd = iface->bpf.prog_egress;
-	else
-		attach_tc.prog_fd = iface->bpf.prog_ingress;
-
-	bpf_tc_hook_create(&hook);
-	bpf_tc_attach(&hook, &attach_tc);
-}
-
-void spotfilter_bpf_set_device(struct interface *iface, int ifindex, bool enabled)
-{
-	if (enabled)
-		spotfilter_bpf_set_device(iface, ifindex, false);
-
-	__spotfilter_bpf_set_device(iface, ifindex, true, enabled);
-	__spotfilter_bpf_set_device(iface, ifindex, false, enabled);
-}
-
-void spotfilter_bpf_update_class(struct interface *iface, uint32_t index)
-{
-	bpf_map_update_elem(iface->bpf.map_class, &index, &iface->cdata[index], BPF_ANY);
-}
-
-bool spotfilter_bpf_whitelist_seen(struct interface *iface, const void *addr, bool ipv6)
-{
-	int fd = ipv6 ? iface->bpf.map_whitelist_v6 : iface->bpf.map_whitelist_v4;
-	struct spotfilter_whitelist_entry e;
-
-	bpf_map_lookup_elem(fd, addr, &e);
-	if (!e.seen)
-	    return false;
-
-	e.seen = 0;
-	bpf_map_update_elem(fd, addr, &e, BPF_ANY);
-
-	return true;
-}
-
-void spotfilter_bpf_set_whitelist(struct interface *iface, const void *addr,
-				  bool ipv6, const uint8_t *state)
-{
-	int fd = ipv6 ? iface->bpf.map_whitelist_v6 : iface->bpf.map_whitelist_v4;
-	struct spotfilter_whitelist_entry e = {};
-
-	if (!state) {
-		bpf_map_delete_elem(fd, addr);
-		return;
-	}
-
-	e.val = *state;
-	bpf_map_update_elem(fd, addr, &e, BPF_ANY);
-}
-
-void spotfilter_bpf_free(struct interface *iface)
-{
-	if (!iface->bpf.obj)
-		return;
-
-	bpf_object__close(iface->bpf.obj);
-	iface->bpf.obj = NULL;
-}

feeds/ucentral/spotfilter/src/bpf.h

@@ -1,24 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#ifndef __SPOTFILTER_BPF_H
-#define __SPOTFILTER_BPF_H
-
-struct interface;
-
-int spotfilter_bpf_load(struct interface *iface);
-void spotfilter_bpf_free(struct interface *iface);
-void spotfilter_bpf_set_device(struct interface *iface, int ifindex, bool enabled);
-void spotfilter_bpf_update_class(struct interface *iface, uint32_t index);
-int spotfilter_bpf_get_client(struct interface *iface,
-			      const struct spotfilter_client_key *key,
-			      struct spotfilter_client_data *data);
-int spotfilter_bpf_set_client(struct interface *iface,
-			      const struct spotfilter_client_key *key,
-			      const struct spotfilter_client_data *data);
-void spotfilter_bpf_set_whitelist(struct interface *iface, const void *addr,
-				  bool ipv6, const uint8_t *state);
-bool spotfilter_bpf_whitelist_seen(struct interface *iface, const void *addr, bool ipv6);
-
-#endif

feeds/ucentral/spotfilter/src/bpf_skb_utils.h

@@ -1,173 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#ifndef __BPF_SKB_UTILS_H
-#define __BPF_SKB_UTILS_H
-
-#include <uapi/linux/bpf.h>
-#include <uapi/linux/if_ether.h>
-#include <uapi/linux/ip.h>
-#include <uapi/linux/ipv6.h>
-#include <linux/ip.h>
-#include <net/ipv6.h>
-#include <bpf/bpf_helpers.h>
-#include <bpf/bpf_endian.h>
-
-struct skb_parser_info {
-	struct __sk_buff *skb;
-	__u32 offset;
-	int proto;
-};
-
-static __always_inline void *__skb_data(struct __sk_buff *skb)
-{
-	return (void *)(long)READ_ONCE(skb->data);
-}
-
-static __always_inline void *
-skb_ptr(struct __sk_buff *skb, __u32 offset, __u32 len)
-{
-	void *ptr = __skb_data(skb) + offset;
-	void *end = (void *)(long)(skb->data_end);
-
-	if (ptr + len >= end)
-		return NULL;
-
-	return ptr;
-}
-
-static __always_inline void *
-skb_info_ptr(struct skb_parser_info *info, __u32 len)
-{
-	__u32 offset = info->offset;
-	return skb_ptr(info->skb, offset, len);
-}
-
-static __always_inline void
-skb_parse_init(struct skb_parser_info *info, struct __sk_buff *skb)
-{
-	*info = (struct skb_parser_info){
-		.skb = skb
-	};
-}
-
-static __always_inline struct ethhdr *
-skb_parse_ethernet(struct skb_parser_info *info)
-{
-	struct ethhdr *eth;
-	int len;
-
-	len = sizeof(*eth) + 2 * sizeof(struct vlan_hdr) + sizeof(struct ipv6hdr);
-	if (len > info->skb->len)
-		len = info->skb->len;
-	bpf_skb_pull_data(info->skb, len);
-
-	eth = skb_info_ptr(info, sizeof(*eth));
-	if (!eth)
-		return NULL;
-
-	info->proto = eth->h_proto;
-	info->offset += sizeof(*eth);
-
-	return eth;
-}
-
-static __always_inline struct vlan_hdr *
-skb_parse_vlan(struct skb_parser_info *info)
-{
-	struct vlan_hdr *vlh;
-
-	if (info->proto != bpf_htons(ETH_P_8021Q) &&
-	    info->proto != bpf_htons(ETH_P_8021AD))
-		return NULL;
-
-	vlh = skb_info_ptr(info, sizeof(*vlh));
-	if (!vlh)
-		return NULL;
-
-	info->proto = vlh->h_vlan_encapsulated_proto;
-	info->offset += sizeof(*vlh);
-
-	return vlh;
-}
-
-static __always_inline struct iphdr *
-skb_parse_ipv4(struct skb_parser_info *info, int min_l4_bytes)
-{
-	struct iphdr *iph;
-	int proto, hdr_len;
-	__u32 pull_len;
-
-	if (info->proto != bpf_htons(ETH_P_IP))
-		return NULL;
-
-	iph = skb_info_ptr(info, sizeof(*iph));
-	if (!iph)
-		return NULL;
-
-	hdr_len = iph->ihl * 4;
-	if (hdr_len < sizeof(*iph))
-		return NULL;
-
-	pull_len = info->offset + hdr_len + min_l4_bytes;
-	if (pull_len > info->skb->len)
-		pull_len = info->skb->len;
-
-	if (bpf_skb_pull_data(info->skb, pull_len))
-		return NULL;
-
-	iph = skb_info_ptr(info, sizeof(*iph));
-	if (!iph)
-		return NULL;
-
-	info->proto = iph->protocol;
-	info->offset += hdr_len;
-
-	return iph;
-}
-
-static __always_inline struct ipv6hdr *
-skb_parse_ipv6(struct skb_parser_info *info, int max_l4_bytes)
-{
-	struct ipv6hdr *ip6h;
-	__u32 pull_len;
-
-	if (info->proto != bpf_htons(ETH_P_IPV6))
-		return NULL;
-
-	pull_len = info->offset + sizeof(*ip6h) + max_l4_bytes;
-	if (pull_len > info->skb->len)
-		pull_len = info->skb->len;
-
-	if (bpf_skb_pull_data(info->skb, pull_len))
-		return NULL;
-
-	ip6h = skb_info_ptr(info, sizeof(*ip6h));
-	if (!ip6h)
-		return NULL;
-
-	info->proto = READ_ONCE(ip6h->nexthdr);
-	info->offset += sizeof(*ip6h);
-
-	return ip6h;
-}
-
-static __always_inline struct tcphdr *
-skb_parse_tcp(struct skb_parser_info *info)
-{
-	struct tcphdr *tcph;
-
-	if (info->proto != IPPROTO_TCP)
-		return NULL;
-
-	tcph = skb_info_ptr(info, sizeof(*tcph));
-	if (!tcph)
-		return NULL;
-
-	info->offset += tcph->doff * 4;
-
-	return tcph;
-}
-
-#endif

feeds/ucentral/spotfilter/src/client.c

@@ -1,203 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include <netinet/if_ether.h>
-#include <libubox/uloop.h>
-#include <libubox/avl-cmp.h>
-#include "spotfilter.h"
-
-#define CACHE_TIMEOUT 10
-
-struct cache_entry {
-	struct avl_node node;
-	uint8_t macaddr[ETH_ALEN];
-	uint32_t ip4addr;
-	uint32_t ip6addr[4];
-	uint32_t time;
-};
-
-static int avl_mac_cmp(const void *k1, const void *k2, void *priv)
-{
-	return memcmp(k1, k2, ETH_ALEN);
-}
-
-static AVL_TREE(cache, avl_mac_cmp, false, NULL);
-
-static uint32_t client_gettime(void)
-{
-	struct timespec ts;
-
-	clock_gettime(CLOCK_MONOTONIC, &ts);
-
-	return ts.tv_sec;
-}
-
-static void client_gc(struct uloop_timeout *t)
-{
-	struct cache_entry *c, *tmp;
-	uint32_t now = client_gettime();
-
-	avl_for_each_element_safe(&cache, c, node, tmp) {
-		uint32_t diff;
-
-		diff = now - c->time;
-		if (diff < CACHE_TIMEOUT)
-			continue;
-
-		avl_delete(&cache, &c->node);
-		free(c);
-	}
-
-	if (!avl_is_empty(&cache))
-		uloop_timeout_set(t, 1000);
-}
-
-void client_init_interface(struct interface *iface)
-{
-	avl_init(&iface->clients, avl_mac_cmp, false, NULL);
-	avl_init(&iface->client_ids, avl_strcmp, false, NULL);
-}
-
-static void __client_free(struct interface *iface, struct client *cl)
-{
-	if (cl->id_node.key)
-		avl_delete(&iface->client_ids, &cl->id_node);
-	avl_delete(&iface->clients, &cl->node);
-	kvlist_free(&cl->kvdata);
-	spotfilter_bpf_set_client(iface, &cl->key, NULL);
-	free(cl);
-}
-
-void client_free(struct interface *iface, struct client *cl)
-{
-	spotfilter_ubus_notify(iface, cl, "client_delete");
-	__client_free(iface, cl);
-}
-
-static void client_set_id(struct interface *iface, struct client *cl, const char *id)
-{
-	if (id == cl->id_node.key)
-		return;
-
-	if (id && cl->id_node.key && !strcmp(id, cl->id_node.key))
-		return;
-
-	if (cl->id_node.key) {
-		avl_delete(&iface->client_ids, &cl->id_node);
-		free((void *) cl->id_node.key);
-		cl->id_node.key = NULL;
-	}
-
-	if (!id)
-		return;
-
-	cl->id_node.key = strdup(id);
-	avl_insert(&iface->client_ids, &cl->id_node);
-}
-
-int client_set(struct interface *iface, const void *addr, const char *id,
-	       int state, int dns_state, int accounting, struct blob_attr *data)
-{
-	struct cache_entry *c;
-	struct blob_attr *cur;
-	struct client *cl;
-	bool new_client = false;
-	int rem;
-
-	cl = avl_find_element(&iface->clients, addr, cl, node);
-	if (!cl) {
-		cl = calloc(1, sizeof(*cl));
-		cl->node.key = &cl->key.addr;
-		memcpy(cl->key.addr, addr, ETH_ALEN);
-		avl_insert(&iface->clients, &cl->node);
-		cl->data.cur_class = iface->default_class;
-		cl->data.dns_class = iface->default_dns_class;
-		kvlist_init(&cl->kvdata, kvlist_blob_len);
-		new_client = true;
-	}
-
-	client_set_id(iface, cl, id);
-	if (!new_client)
-		spotfilter_bpf_get_client(iface, &cl->key, &cl->data);
-
-	c = avl_find_element(&cache, addr, c, node);
-	if (c) {
-		if (!cl->data.ip4addr)
-			cl->data.ip4addr = c->ip4addr;
-		if (!cl->data.ip6addr[0])
-			memcpy(cl->data.ip6addr, c->ip6addr, sizeof(cl->data.ip6addr));
-	}
-
-	if (state >= SPOTFILTER_NUM_CLASS || dns_state >= SPOTFILTER_NUM_CLASS) {
-		if (new_client)
-			__client_free(iface, cl);
-
-		return -1;
-	}
-
-	blobmsg_for_each_attr(cur, data, rem) {
-		if (!blobmsg_check_attr(cur, true))
-			continue;
-
-		kvlist_set(&cl->kvdata, blobmsg_name(cur), cur);
-	}
-	if (state >= 0)
-		cl->data.cur_class = state;
-	if (dns_state >= 0)
-		cl->data.dns_class = dns_state;
-	if (accounting >= 0)
-		cl->data.flags = accounting;
-	spotfilter_bpf_set_client(iface, &cl->key, &cl->data);
-
-	if (new_client)
-		spotfilter_ubus_notify(iface, cl, "client_add");
-
-	return 0;
-}
-
-void client_set_ipaddr(const void *mac, const void *addr, bool ipv6)
-{
-	static struct uloop_timeout gc_timer = {
-		.cb = client_gc
-	};
-	struct interface *iface;
-	struct cache_entry *c;
-	struct client *cl;
-
-	c = avl_find_element(&cache, mac, c, node);
-	if (!c) {
-		c = calloc(1, sizeof(*c));
-		memcpy(c->macaddr, mac, ETH_ALEN);
-		c->node.key = c->macaddr;
-		avl_insert(&cache, &c->node);
-		if (!gc_timer.pending)
-			uloop_timeout_set(&gc_timer, CACHE_TIMEOUT * 1000);
-	}
-
-	if (!ipv6 && !c->ip4addr)
-		memcpy(&c->ip4addr, addr, sizeof(c->ip4addr));
-	else if (ipv6 && !c->ip6addr[0])
-		memcpy(&c->ip6addr, addr, sizeof(c->ip6addr));
-	else
-		return;
-
-	c->time = client_gettime();
-
-	avl_for_each_element(&interfaces, iface, node) {
-		cl = avl_find_element(&iface->clients, mac, cl, node);
-		if (!cl)
-			continue;
-
-		spotfilter_bpf_get_client(iface, &cl->key, &cl->data);
-
-		if (!ipv6 && !cl->data.ip4addr)
-			memcpy(&cl->data.ip4addr, addr, sizeof(cl->data.ip4addr));
-		else if (ipv6 && !cl->data.ip6addr[0])
-			memcpy(&cl->data.ip6addr, addr, sizeof(cl->data.ip6addr));
-		else
-			continue;
-
-		spotfilter_bpf_set_client(iface, &cl->key, &cl->data);
-	}
-}

feeds/ucentral/spotfilter/src/client.h

@@ -1,28 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#ifndef __SPOTFILTER_CLIENT_H
-#define __SPOTFILTER_CLIENT_H
-
-#include <netinet/if_ether.h>
-#include <libubox/kvlist.h>
-
-struct client {
-	struct avl_node node;
-	struct avl_node id_node;
-
-	struct kvlist kvdata;
-	int idle;
-
-	struct spotfilter_client_key key;
-	struct spotfilter_client_data data;
-};
-
-int client_set(struct interface *iface, const void *addr, const char *id,
-	       int state, int dns_state, int accounting, struct blob_attr *data);
-void client_free(struct interface *iface, struct client *cl);
-void client_set_ipaddr(const void *mac, const void *addr, bool ipv6);
-void client_init_interface(struct interface *iface);
-
-#endif

feeds/ucentral/spotfilter/src/dhcpv4.c

@@ -1,111 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include "spotfilter.h"
-
-enum dhcpv4_msg {
-	DHCPV4_MSG_DISCOVER = 1,
-	DHCPV4_MSG_OFFER = 2,
-	DHCPV4_MSG_REQUEST = 3,
-	DHCPV4_MSG_DECLINE = 4,
-	DHCPV4_MSG_ACK = 5,
-	DHCPV4_MSG_NAK = 6,
-	DHCPV4_MSG_RELEASE = 7,
-	DHCPV4_MSG_INFORM = 8,
-	DHCPV4_MSG_FORCERENEW = 9,
-};
-
-enum dhcpv4_opt {
-	DHCPV4_OPT_PAD = 0,
-	DHCPV4_OPT_NETMASK = 1,
-	DHCPV4_OPT_ROUTER = 3,
-	DHCPV4_OPT_DNSSERVER = 6,
-	DHCPV4_OPT_DOMAIN = 15,
-	DHCPV4_OPT_MTU = 26,
-	DHCPV4_OPT_BROADCAST = 28,
-	DHCPV4_OPT_NTPSERVER = 42,
-	DHCPV4_OPT_LEASETIME = 51,
-	DHCPV4_OPT_MESSAGE = 53,
-	DHCPV4_OPT_SERVERID = 54,
-	DHCPV4_OPT_REQOPTS = 55,
-	DHCPV4_OPT_RENEW = 58,
-	DHCPV4_OPT_REBIND = 59,
-	DHCPV4_OPT_IPADDRESS = 50,
-	DHCPV4_OPT_MSG_TYPE = 53,
-	DHCPV4_OPT_HOSTNAME = 12,
-	DHCPV4_OPT_REQUEST = 17,
-	DHCPV4_OPT_USER_CLASS = 77,
-	DHCPV4_OPT_AUTHENTICATION = 90,
-	DHCPV4_OPT_SEARCH_DOMAIN = 119,
-	DHCPV4_OPT_FORCERENEW_NONCE_CAPABLE = 145,
-	DHCPV4_OPT_END = 255,
-};
-
-struct dhcpv4_message {
-	uint8_t op;
-	uint8_t htype;
-	uint8_t hlen;
-	uint8_t hops;
-	uint32_t xid;
-	uint16_t secs;
-	uint16_t flags;
-	struct in_addr ciaddr;
-	struct in_addr yiaddr;
-	struct in_addr siaddr;
-	struct in_addr giaddr;
-	uint8_t chaddr[16];
-	char sname[64];
-	char file[128];
-	uint32_t magic;
-	uint8_t options[];
-} __attribute__((packed));
-
-#define DHCPV4_MAGIC 0x63825363
-
-struct dhcpv4_option {
-	uint8_t type;
-	uint8_t len;
-	uint8_t data[];
-};
-
-#define dhcpv4_for_each_option(opt, start, end)				\
-	for (opt = (const struct dhcpv4_option *)(start);		\
-	     &opt[1] <= (const struct dhcpv4_option *)(end) &&		\
-	     &opt->data[opt->len] <= (const uint8_t *)(end);		\
-	     opt = (const struct dhcpv4_option *)&opt->data[opt->len])
-
-void spotfilter_recv_dhcpv4(const void *msgdata, int len, const void *eth_addr)
-{
-	const struct dhcpv4_message *msg = msgdata;
-	const struct dhcpv4_option *opt;
-	uint8_t bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-	int op = -1;
-
-	if (ntohl(msg->magic) != DHCPV4_MAGIC)
-		return;
-
-	if (msg->op != 2 || msg->htype != 1 || msg->hlen != 6)
-		return;
-
-	if (memcmp(eth_addr, bcast_addr, ETH_ALEN) != 0 &&
-	    memcmp(eth_addr, msg->chaddr, ETH_ALEN) != 0)
-		return;
-
-	dhcpv4_for_each_option(opt, msg->options, msgdata + len) {
-		switch (opt->type) {
-		case DHCPV4_OPT_MESSAGE:
-			if (opt->len != 1)
-				break;
-
-			op = opt->data[0];
-			break;
-		}
-	}
-
-	if (op != DHCPV4_MSG_ACK)
-		return;
-
-	client_set_ipaddr(msg->chaddr, (uint32_t *)&msg->yiaddr, false);
-}
-

feeds/ucentral/spotfilter/src/example.json

@@ -1,36 +0,0 @@
-{
-	"name": "hotspot",
-	"devices": [ "wlan1" ],
-	"config": {
-		"class": [
-			{
-				"index": 0
-			},
-			{
-				"index": 1,
-				"device_macaddr": "br-test"
-			},
-			{
-				"index": 2,
-				"macaddr": "00:11:22:33:44:55"
-			},
-			{
-				"index": 3,
-				"fwmark": 1,
-				"fwmark_mask": 127
-			},
-			{
-				"index": 4,
-				"redirect": "up0v2"
-			}
-		],
-		"default_class": 1,
-		"default_dns_class": 0,
-		"whitelist": [
-			{
-				"class": 0,
-				"hosts": [ "*.google.de", "*.google.com" ]
-			}
-		]
-	}
-}

feeds/ucentral/spotfilter/src/icmpv6.c

@@ -1,46 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include <netinet/icmp6.h>
-#include "spotfilter.h"
-
-struct icmpv6_opt {
-	uint8_t type;
-	uint8_t len;
-	uint8_t data[6];
-};
-
-#define icmpv6_for_each_option(opt, start, end)					\
-	for (opt = (const struct icmpv6_opt*)(start);				\
-	     (const void *)(opt + 1) <= (const void *)(end) && opt->len > 0 &&	\
-	     (const void *)(opt + opt->len) <= (const void *)(end); opt += opt->len)
-
-void spotfilter_recv_icmpv6(const void *data, int len, const uint8_t *src, const uint8_t *dest)
-{
-	const struct nd_neighbor_advert *nd = data;
-	const struct icmp6_hdr *hdr = data;
-	const struct icmpv6_opt *opt;
-
-	if (len < sizeof(*nd) || hdr->icmp6_code)
-		return;
-
-	if (hdr->icmp6_type != ND_NEIGHBOR_ADVERT)
-		return;
-
-	icmpv6_for_each_option(opt, &nd[1], data + len) {
-		if (opt->type != ND_OPT_TARGET_LINKADDR || opt->len != 1)
-			continue;
-
-		if (memcmp(opt->data, src, ETH_ALEN))
-			return;
-	}
-
-	if ((nd->nd_na_target.s6_addr[0] & 0xe0) != 0x20)
-		return;
-
-	if (opt != (const struct icmpv6_opt *)(data + len))
-		return;
-
-	client_set_ipaddr(src, &nd->nd_na_target, true);
-}

feeds/ucentral/spotfilter/src/interface.c

@@ -1,369 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <netinet/ether.h>
-#include <net/if.h>
-
-#include <libubox/avl-cmp.h>
-
-#include "spotfilter.h"
-
-AVL_TREE(interfaces, avl_strcmp, false, NULL);
-
-void interface_free(struct interface *iface)
-{
-	struct client *cl, *tmp;
-
-	spotfilter_dns_free(iface);
-
-	vlist_flush_all(&iface->devices);
-
-	avl_for_each_element_safe(&iface->clients, cl, node, tmp)
-		client_free(iface, cl);
-
-	spotfilter_bpf_free(iface);
-
-	avl_delete(&interfaces, &iface->node);
-	free(iface->config);
-	free(iface);
-}
-
-static inline const char *
-device_name(struct device *dev)
-{
-	return dev->node.avl.key;
-}
-
-static void
-interface_check_device(struct interface *iface, struct device *dev)
-{
-	int old_ifindex = dev->ifindex;
-
-	dev->ifindex = if_nametoindex(device_name(dev));
-	if (dev->ifindex != old_ifindex)
-		spotfilter_bpf_set_device(iface, dev->ifindex, true);
-}
-
-static void
-device_update_cb(struct vlist_tree *tree,
-		 struct vlist_node *node_new,
-		 struct vlist_node *node_old)
-{
-	struct interface *iface = container_of(tree, struct interface, devices);
-	struct device *dev_new = container_of_safe(node_new, struct device, node);
-	struct device *dev_old = container_of_safe(node_old, struct device, node);
-
-	if (dev_new) {
-		if (dev_old)
-			dev_new->ifindex = dev_old->ifindex;
-		interface_check_device(iface, dev_new);
-	}
-
-	if (dev_old) {
-		if (!dev_new && dev_old->ifindex)
-			spotfilter_bpf_set_device(iface, dev_old->ifindex, false);
-		free(dev_old);
-	}
-}
-
-static int
-interface_parse_class(struct spotfilter_bpf_class *cdata, struct blob_attr *attr)
-{
-	enum {
-		CLASS_ATTR_INDEX,
-		CLASS_ATTR_DEV_MAC,
-		CLASS_ATTR_MAC,
-		CLASS_ATTR_REDIRECT,
-		CLASS_ATTR_FWMARK,
-		CLASS_ATTR_FWMARK_MASK,
-		__CLASS_ATTR_MAX,
-	};
-	static const struct blobmsg_policy policy[__CLASS_ATTR_MAX] = {
-		[CLASS_ATTR_INDEX] = { "index", BLOBMSG_TYPE_INT32 },
-		[CLASS_ATTR_DEV_MAC] = { "device_macaddr", BLOBMSG_TYPE_STRING },
-		[CLASS_ATTR_MAC] = { "macaddr", BLOBMSG_TYPE_STRING },
-		[CLASS_ATTR_REDIRECT] = { "redirect", BLOBMSG_TYPE_STRING },
-		[CLASS_ATTR_FWMARK] = { "fwmark", BLOBMSG_TYPE_INT32 },
-		[CLASS_ATTR_FWMARK_MASK] = { "fwmark_mask", BLOBMSG_TYPE_INT32 },
-	};
-	struct blob_attr *tb[__CLASS_ATTR_MAX];
-	struct blob_attr *cur;
-	unsigned int index;
-
-	if (blobmsg_type(attr) != BLOBMSG_TYPE_TABLE)
-		return -1;
-
-	blobmsg_parse(policy, __CLASS_ATTR_MAX, tb,
-		      blobmsg_data(attr), blobmsg_len(attr));
-
-	if ((cur = tb[CLASS_ATTR_INDEX]) != NULL)
-		index = blobmsg_get_u32(cur);
-	else
-		return -1;
-
-	if (index >= SPOTFILTER_NUM_CLASS)
-		return -1;
-
-	if ((cur = tb[CLASS_ATTR_MAC]) != NULL) {
-		void *addr;
-
-		addr = ether_aton(blobmsg_get_string(cur));
-		if (!addr)
-			goto invalid;
-
-		memcpy(cdata->dest_mac, addr, sizeof(cdata->dest_mac));
-		cdata->actions |= SPOTFILTER_ACTION_SET_DEST_MAC;
-	} else if ((cur = tb[CLASS_ATTR_DEV_MAC]) != NULL) {
-		const char *name = blobmsg_get_string(cur);
-		struct ifreq ifr = {};
-		int sock;
-		int ret;
-
-		if (strlen(name) > IFNAMSIZ)
-			goto invalid;
-
-		strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
-
-		sock = socket(AF_INET, SOCK_DGRAM, 0);
-		ret = ioctl(sock, SIOCGIFHWADDR, &ifr);
-		if (ret < 0)
-			perror("ioctl");
-		close(sock);
-
-		if (ret < 0)
-			goto invalid;
-
-		if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER)
-			goto invalid;
-
-		memcpy(cdata->dest_mac, ifr.ifr_hwaddr.sa_data, sizeof(cdata->dest_mac));
-		cdata->actions |= SPOTFILTER_ACTION_SET_DEST_MAC;
-	}
-
-	if ((cur = tb[CLASS_ATTR_REDIRECT]) != NULL) {
-		unsigned int ifindex = if_nametoindex(blobmsg_get_string(cur));
-
-		if (!ifindex)
-			goto invalid;
-
-		cdata->redirect_ifindex = ifindex;
-		cdata->actions |= SPOTFILTER_ACTION_REDIRECT;
-	}
-
-	if ((cur = tb[CLASS_ATTR_FWMARK_MASK]) != NULL)
-		cdata->fwmark_mask = blobmsg_get_u32(cur);
-	else
-		cdata->fwmark_mask = ~0;
-
-	if ((cur = tb[CLASS_ATTR_FWMARK]) != NULL) {
-		cdata->fwmark_val = blobmsg_get_u32(cur);
-		cdata->actions |= SPOTFILTER_ACTION_FWMARK;
-	}
-
-	cdata->actions |= SPOTFILTER_ACTION_VALID;
-	return index;
-
-invalid:
-	cdata->actions = 0;
-	return index;
-}
-
-static bool
-__interface_check_whitelist(struct blob_attr *attr)
-{
-	enum {
-		WL_ATTR_CLASS,
-		WL_ATTR_HOSTS,
-		__WL_ATTR_MAX
-	};
-	static const struct blobmsg_policy policy[__WL_ATTR_MAX] = {
-		[WL_ATTR_CLASS] = { "class", BLOBMSG_TYPE_INT32 },
-		[WL_ATTR_HOSTS] = { "hosts", BLOBMSG_TYPE_ARRAY },
-	};
-	struct blob_attr *tb[__WL_ATTR_MAX];
-
-	blobmsg_parse(policy, __WL_ATTR_MAX, tb, blobmsg_data(attr), blobmsg_len(attr));
-
-	if (!tb[WL_ATTR_CLASS] || !tb[WL_ATTR_HOSTS])
-		return false;
-
-	return blobmsg_check_array(tb[WL_ATTR_HOSTS], BLOBMSG_TYPE_STRING) >= 0;
-}
-
-static bool
-interface_check_whitelist(struct blob_attr *attr)
-{
-	struct blob_attr *cur;
-	int rem;
-
-	if (blobmsg_check_array(attr, BLOBMSG_TYPE_TABLE) <= 0)
-		return false;
-
-	blobmsg_for_each_attr(cur, attr, rem) {
-		if (!__interface_check_whitelist(cur))
-			return false;
-	}
-
-	return true;
-}
-
-static void
-interface_set_config(struct interface *iface, bool iface_init)
-{
-	enum {
-		CONFIG_ATTR_CLASS,
-		CONFIG_ATTR_WHITELIST,
-		CONFIG_ATTR_ACTIVE_TIMEOUT,
-		CONFIG_ATTR_CLIENT_AUTOCREATE,
-		CONFIG_ATTR_CLIENT_AUTOREMOVE,
-		CONFIG_ATTR_CLIENT_TIMEOUT,
-		CONFIG_ATTR_DEFAULT_CLASS,
-		CONFIG_ATTR_DEFAULT_DNS_CLASS,
-		__CONFIG_ATTR_MAX,
-	};
-	static const struct blobmsg_policy policy[__CONFIG_ATTR_MAX] = {
-		[CONFIG_ATTR_CLASS] = { "class", BLOBMSG_TYPE_ARRAY },
-		[CONFIG_ATTR_WHITELIST] = { "whitelist", BLOBMSG_TYPE_ARRAY },
-		[CONFIG_ATTR_ACTIVE_TIMEOUT] = { "active_timeout", BLOBMSG_TYPE_INT32 },
-		[CONFIG_ATTR_CLIENT_TIMEOUT] = { "client_timeout", BLOBMSG_TYPE_INT32 },
-		[CONFIG_ATTR_CLIENT_AUTOCREATE] = { "client_autocreate", BLOBMSG_TYPE_BOOL },
-		[CONFIG_ATTR_CLIENT_AUTOREMOVE] = { "client_autoremove", BLOBMSG_TYPE_BOOL },
-		[CONFIG_ATTR_DEFAULT_CLASS] = { "default_class", BLOBMSG_TYPE_INT32 },
-		[CONFIG_ATTR_DEFAULT_DNS_CLASS] = { "default_dns_class", BLOBMSG_TYPE_INT32 },
-	};
-	struct blob_attr *tb[__CONFIG_ATTR_MAX];
-	struct blob_attr *cur;
-	uint32_t class_mask = 0;
-	int i, rem;
-
-	blobmsg_parse(policy, __CONFIG_ATTR_MAX, tb,
-		      blobmsg_data(iface->config), blobmsg_len(iface->config));
-
-	if ((cur = tb[CONFIG_ATTR_DEFAULT_CLASS]) != NULL &&
-	    blobmsg_get_u32(cur) < SPOTFILTER_NUM_CLASS)
-		iface->default_class = blobmsg_get_u32(cur);
-	else
-		iface->default_class = 0;
-
-	if ((cur = tb[CONFIG_ATTR_DEFAULT_DNS_CLASS]) != NULL &&
-	    blobmsg_get_u32(cur) < SPOTFILTER_NUM_CLASS)
-		iface->default_dns_class = blobmsg_get_u32(cur);
-	else
-		iface->default_dns_class = 0;
-
-	if ((cur = tb[CONFIG_ATTR_WHITELIST]) != NULL && interface_check_whitelist(cur))
-		iface->whitelist = cur;
-	else
-		iface->whitelist = NULL;
-
-	if ((cur = tb[CONFIG_ATTR_ACTIVE_TIMEOUT]) != NULL)
-		iface->active_timeout = blobmsg_get_u32(cur);
-	else
-		iface->active_timeout = 300;
-
-	if ((cur = tb[CONFIG_ATTR_CLIENT_TIMEOUT]) != NULL)
-		iface->client_timeout = blobmsg_get_u32(cur);
-	else
-		iface->client_timeout = 30;
-
-	if ((cur = tb[CONFIG_ATTR_CLIENT_AUTOCREATE]) != NULL)
-		iface->client_autocreate = blobmsg_get_u8(cur);
-	else
-		iface->client_autocreate = true;
-
-	if ((cur = tb[CONFIG_ATTR_CLIENT_AUTOREMOVE]) != NULL)
-		iface->client_autoremove = blobmsg_get_u8(cur);
-	else
-		iface->client_autoremove = true;
-
-	blobmsg_for_each_attr(cur, tb[CONFIG_ATTR_CLASS], rem) {
-		struct spotfilter_bpf_class cdata = {};
-		int index;
-
-		index = interface_parse_class(&cdata, cur);
-		if (index < 0)
-			continue;
-
-		if (iface_init ||
-		    memcmp(&iface->cdata[index], &cdata, sizeof(cdata)) != 0) {
-			memcpy(&iface->cdata[index], &cdata, sizeof(cdata));
-			spotfilter_bpf_update_class(iface, index);
-		}
-
-		class_mask |= 1 << index;
-	}
-
-	for (i = 0; i < SPOTFILTER_NUM_CLASS; i++) {
-		if (class_mask & (1 << i))
-			continue;
-
-		memset(&iface->cdata[i], 0, sizeof(iface->cdata[i]));
-		spotfilter_bpf_update_class(iface, i);
-	}
-}
-
-void interface_check_devices(void)
-{
-	struct interface *iface;
-	struct device *dev;
-
-	avl_for_each_element(&interfaces, iface, node) {
-		interface_set_config(iface, false);
-
-		vlist_for_each_element(&iface->devices, dev, node)
-			interface_check_device(iface, dev);
-	}
-}
-
-void interface_add(const char *name, struct blob_attr *config,
-		   struct blob_attr *devices)
-{
-	struct interface *iface;
-	struct blob_attr *cur;
-	char *name_buf;
-	bool iface_init = false;
-	int rem;
-
-	iface = avl_find_element(&interfaces, name, iface, node);
-	if (!iface) {
-		iface = calloc_a(sizeof(*iface), &name_buf, strlen(name) + 1);
-		iface->node.key = strcpy(name_buf, name);
-		vlist_init(&iface->devices, avl_strcmp, device_update_cb);
-		client_init_interface(iface);
-		spotfilter_dns_init(iface);
-
-		if (spotfilter_bpf_load(iface)) {
-			free(iface);
-			return;
-		}
-
-		avl_insert(&interfaces, &iface->node);
-		iface_init = true;
-	}
-
-	if (config && !blob_attr_equal(iface->config, config)) {
-		free(iface->config);
-		iface->config = blob_memdup(config);
-		interface_set_config(iface, iface_init);
-	}
-
-	blobmsg_for_each_attr(cur, devices, rem) {
-		struct device *dev;
-		const char *name = blobmsg_get_string(cur);
-
-		dev = calloc_a(sizeof(*dev), &name_buf, strlen(name) + 1);
-		vlist_add(&iface->devices, &dev->node, strcpy(name_buf, name));
-	}
-}
-
-void interface_done(void)
-{
-	struct interface *iface, *tmp;
-
-	avl_for_each_element_safe(&interfaces, iface, node, tmp)
-		interface_free(iface);
-}

feeds/ucentral/spotfilter/src/interface.h

@@ -1,73 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#ifndef __SPOTFILTER_INTERFACE_H
-#define __SPOTFILTER_INTERFACE_H
-
-#include <libubox/vlist.h>
-#include <libubox/blobmsg.h>
-#include <libubox/uloop.h>
-
-struct bpf_object;
-
-struct interface {
-	struct avl_node node;
-
-	struct blob_attr *config;
-	struct blob_attr *whitelist;
-
-	struct avl_tree cname_cache;
-	struct avl_tree addr_map;
-
-	struct uloop_timeout addr_gc;
-	uint32_t next_gc;
-
-	uint32_t active_timeout;
-
-	uint8_t default_class;
-	uint8_t default_dns_class;
-
-	bool client_autocreate;
-	bool client_autoremove;
-	int client_timeout;
-
-	struct {
-		struct bpf_object *obj;
-
-		int prog_ingress;
-		int prog_egress;
-		int map_class;
-		int map_client;
-		int map_whitelist_v4;
-		int map_whitelist_v6;
-	} bpf;
-
-	struct spotfilter_bpf_class cdata[SPOTFILTER_NUM_CLASS];
-
-	struct vlist_tree devices;
-
-	struct avl_tree clients;
-	struct avl_tree client_ids;
-};
-
-struct device {
-	struct vlist_node node;
-
-	int ifindex;
-};
-
-extern struct avl_tree interfaces;
-
-static inline const char *interface_name(struct interface *iface)
-{
-	return iface->node.key;
-}
-
-void interface_add(const char *name, struct blob_attr *config,
-		   struct blob_attr *devices);
-void interface_free(struct interface *iface);
-void interface_check_devices(void);
-void interface_done(void);
-
-#endif

feeds/ucentral/spotfilter/src/main.c

@@ -1,120 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include <sys/wait.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <stdint.h>
-
-#include <libubox/uloop.h>
-
-#include "spotfilter.h"
-
-int spotfilter_run_cmd(char *cmd, bool ignore_error)
-{
-	char *argv[] = { "sh", "-c", cmd, NULL };
-	bool first = true;
-	int status = -1;
-	char buf[512];
-	int fds[2];
-	FILE *f;
-	int pid;
-
-	if (pipe(fds))
-		return -1;
-
-	pid = fork();
-	if (!pid) {
-		close(fds[0]);
-		if (fds[1] != STDOUT_FILENO)
-			dup2(fds[1], STDOUT_FILENO);
-		if (fds[1] != STDERR_FILENO)
-			dup2(fds[1], STDERR_FILENO);
-		if (fds[1] > STDERR_FILENO)
-			close(fds[1]);
-		execv("/bin/sh", argv);
-		exit(1);
-	}
-
-	if (pid < 0)
-		return -1;
-
-	close(fds[1]);
-	f = fdopen(fds[0], "r");
-	if (!f) {
-		close(fds[0]);
-		goto out;
-	}
-
-	while (fgets(buf, sizeof(buf), f) != NULL) {
-		if (!strlen(buf))
-			break;
-		if (ignore_error)
-			continue;
-		if (first) {
-			ULOG_WARN("Command: %s\n", cmd);
-			first = false;
-		}
-		ULOG_WARN("%s%s", buf, strchr(buf, '\n') ? "" : "\n");
-	}
-
-	fclose(f);
-
-out:
-	while (waitpid(pid, &status, 0) < 0)
-		if (errno != EINTR)
-			break;
-
-	return status;
-}
-
-static int usage(const char *progname)
-{
-	fprintf(stderr, "Usage: %s [options]\n"
-		"Options:\n"
-		"\n", progname);
-
-	return 1;
-}
-
-int main(int argc, char **argv)
-{
-	int ret = 2;
-	int ch;
-
-	while ((ch = getopt(argc, argv, "")) != -1) {
-		switch (ch) {
-		default:
-			return usage(argv[0]);
-		}
-	}
-
-	ulog_open(ULOG_SYSLOG, LOG_DAEMON, "spotfilter");
-	uloop_init();
-
-	if (rtnl_init())
-		return 1;
-
-	if (spotfilter_nl80211_init())
-		return 1;
-
-	if (spotfilter_dev_init())
-		return 1;
-
-	if (spotfilter_ubus_init())
-		goto out;
-
-	ret = 0;
-	uloop_run();
-
-	spotfilter_ubus_stop();
-
-out:
-	interface_done();
-	spotfilter_dev_done();
-	spotfilter_nl80211_done();
-	uloop_done();
-
-	return ret;
-}

feeds/ucentral/spotfilter/src/nl80211.c

@@ -1,276 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#define _GNU_SOURCE
-#include <linux/netlink.h>
-
-#include <netlink/genl/genl.h>
-#include <netlink/genl/family.h>
-#include <netlink/genl/ctrl.h>
-#include <netlink/msg.h>
-#include <netlink/attr.h>
-
-#include <linux/nl80211.h>
-
-#include <errno.h>
-
-#include <libubox/uloop.h>
-
-#include "spotfilter.h"
-
-static struct nl_sock *genl;
-static struct nl_cb *genl_cb;
-static struct uloop_fd genl_fd;
-static struct uloop_timeout update_timer;
-static int nl80211_id;
-
-static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
-			 void *arg)
-{
-	int *ret = arg;
-	*ret = err->error;
-	return NL_STOP;
-}
-
-static int ack_handler(struct nl_msg *msg, void *arg)
-{
-	int *ret = arg;
-	*ret = 0;
-	return NL_STOP;
-}
-
-struct handler_args {
-	const char *group;
-	int id;
-};
-
-static int family_handler(struct nl_msg *msg, void *arg)
-{
-	struct handler_args *grp = arg;
-	struct nlattr *tb[CTRL_ATTR_MAX + 1];
-	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-	struct nlattr *mcgrp;
-	int rem_mcgrp;
-
-	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
-		  genlmsg_attrlen(gnlh, 0), NULL);
-
-	if (!tb[CTRL_ATTR_MCAST_GROUPS])
-		return NL_SKIP;
-
-	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], rem_mcgrp) {
-		struct nlattr *tb_mcgrp[CTRL_ATTR_MCAST_GRP_MAX + 1];
-
-		nla_parse(tb_mcgrp, CTRL_ATTR_MCAST_GRP_MAX,
-			  nla_data(mcgrp), nla_len(mcgrp), NULL);
-
-		if (!tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME] ||
-		    !tb_mcgrp[CTRL_ATTR_MCAST_GRP_ID])
-			continue;
-		if (strncmp(nla_data(tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME]),
-			    grp->group, nla_len(tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME])))
-			continue;
-		grp->id = nla_get_u32(tb_mcgrp[CTRL_ATTR_MCAST_GRP_ID]);
-		break;
-	}
-
-	return NL_SKIP;
-}
-
-static int nl_get_multicast_id(struct nl_sock *sock, const char *family, const char *group)
-{
-	struct nl_msg *msg;
-	struct nl_cb *cb;
-	struct handler_args grp = {
-		.group = group,
-		.id = -ENOENT,
-	};
-	int ret, ctrlid;
-
-	msg = nlmsg_alloc();
-	if (!msg)
-		return -ENOMEM;
-
-	cb = nl_cb_alloc(NL_CB_DEFAULT);
-	if (!cb) {
-		ret = -ENOMEM;
-		goto out_fail_cb;
-	}
-
-	ctrlid = genl_ctrl_resolve(sock, "nlctrl");
-
-	genlmsg_put(msg, 0, 0, ctrlid, 0,
-		    0, CTRL_CMD_GETFAMILY, 0);
-
-	ret = -ENOBUFS;
-	NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
-
-	ret = nl_send_auto_complete(sock, msg);
-	if (ret < 0)
-		goto out;
-
-	ret = 1;
-
-	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &ret);
-	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &ret);
-	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, family_handler, &grp);
-
-	while (ret > 0)
-		nl_recvmsgs(sock, cb);
-
-	if (ret == 0)
-		ret = grp.id;
- nla_put_failure:
- out:
-	nl_cb_put(cb);
- out_fail_cb:
-	nlmsg_free(msg);
-	return ret;
-}
-
-static void
-nl80211_sock_cb(struct uloop_fd *fd, unsigned int events)
-{
-	nl_recvmsgs(genl, genl_cb);
-}
-
-static void
-nl80211_device_update(struct interface *iface, struct device *dev)
-{
-	struct nl_msg *msg;
-
-	msg = nlmsg_alloc();
-	genlmsg_put(msg, NL_AUTO_PID, NL_AUTO_SEQ, nl80211_id, 0, NLM_F_DUMP,
-		    NL80211_CMD_GET_STATION, 0);
-	nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
-
-	nl_send_auto_complete(genl, msg);
-	nlmsg_free(msg);
-}
-
-static void
-nl80211_interface_update(struct interface *iface)
-{
-	struct client *cl, *tmp;
-	struct device *dev;
-
-	if (!iface->client_autoremove)
-		return;
-
-	avl_for_each_element_safe(&iface->clients, cl, node, tmp) {
-		if (cl->idle++ < iface->client_timeout)
-			continue;
-
-		client_free(iface, cl);
-	}
-
-	vlist_for_each_element(&iface->devices, dev, node)
-		nl80211_device_update(iface, dev);
-}
-
-static void spotfilter_nl80211_update(struct uloop_timeout *t)
-{
-	struct interface *iface;
-
-	avl_for_each_element(&interfaces, iface, node)
-		nl80211_interface_update(iface);
-
-	uloop_timeout_set(t, 1000);
-}
-
-static int no_seq_check(struct nl_msg *msg, void *arg)
-{
-	return NL_OK;
-}
-
-static int valid_msg(struct nl_msg *msg, void *arg)
-{
-	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
-	struct nlattr *tb[NL80211_ATTR_MAX + 1];
-	struct interface *iface;
-	struct device *dev;
-	struct client *cl;
-	const void *addr;
-	int ifindex;
-
-	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
-		  genlmsg_attrlen(gnlh, 0), NULL);
-
-	if (gnlh->cmd != NL80211_CMD_NEW_STATION)
-		return NL_SKIP;
-
-	if (!tb[NL80211_ATTR_IFINDEX] || !tb[NL80211_ATTR_MAC])
-		return NL_SKIP;
-
-	ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
-	addr = nla_data(tb[NL80211_ATTR_MAC]);
-
-	avl_for_each_element(&interfaces, iface, node)
-		vlist_for_each_element(&iface->devices, dev, node)
-			if (dev->ifindex == ifindex)
-				goto found;
-
-	return NL_SKIP;
-
-found:
-	cl = avl_find_element(&iface->clients, addr, cl, node);
-	if (cl)
-		cl->idle = 0;
-	else if (iface->client_autocreate)
-		client_set(iface, addr, NULL, -1, -1, -1, NULL);
-
-	return NL_SKIP;
-}
-
-int spotfilter_nl80211_init(void)
-{
-	int id;
-
-	genl = nl_socket_alloc();
-	if (!genl)
-		return -1;
-
-	nl_socket_set_buffer_size(genl, 16384, 16384);
-	if (genl_connect(genl))
-		goto error;
-
-	nl80211_id = genl_ctrl_resolve(genl, "nl80211");
-	if (nl80211_id < 0)
-		goto error;
-
-	id = nl_get_multicast_id(genl, "nl80211", "mlme");
-	if (id < 0)
-		goto error;
-
-	if (nl_socket_add_membership(genl, id) < 0)
-		goto error;
-
-	genl_cb = nl_cb_alloc(NL_CB_DEFAULT);
-	nl_cb_set(genl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
-	nl_cb_set(genl_cb, NL_CB_VALID, NL_CB_CUSTOM, valid_msg, NULL);
-
-	genl_fd.fd = nl_socket_get_fd(genl);
-	genl_fd.cb = nl80211_sock_cb;
-	uloop_fd_add(&genl_fd, ULOOP_READ);
-
-	update_timer.cb = spotfilter_nl80211_update;
-	uloop_timeout_set(&update_timer, 1);
-
-	return 0;
-
-error:
-	spotfilter_nl80211_done();
-	return -1;
-}
-
-void spotfilter_nl80211_done(void)
-{
-	if (!genl)
-		return;
-
-	uloop_timeout_cancel(&update_timer);
-	uloop_fd_delete(&genl_fd);
-	nl_socket_free(genl);
-	genl = NULL;
-}

feeds/ucentral/spotfilter/src/rtnl.c

@@ -1,99 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#define _GNU_SOURCE
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netlink/msg.h>
-#include <netlink/attr.h>
-#include <netlink/socket.h>
-#include <linux/rtnetlink.h>
-#include "spotfilter.h"
-
-static struct nl_sock *rtnl;
-bool rtnl_ignore_errors;
-
-static int
-spotfilter_nl_error_cb(struct sockaddr_nl *nla, struct nlmsgerr *err,
-		   void *arg)
-{
-	struct nlmsghdr *nlh = (struct nlmsghdr *) err - 1;
-	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
-	struct nlattr *attrs;
-	int ack_len = sizeof(*nlh) + sizeof(int) + sizeof(*nlh);
-	int len = nlh->nlmsg_len;
-	const char *errstr = "(unknown)";
-
-	if (rtnl_ignore_errors)
-		return NL_STOP;
-
-	if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
-		return NL_STOP;
-
-	if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
-		ack_len += err->msg.nlmsg_len - sizeof(*nlh);
-
-	attrs = (void *) ((unsigned char *) nlh + ack_len);
-	len -= ack_len;
-
-	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, len, NULL);
-	if (tb[NLMSGERR_ATTR_MSG])
-		errstr = nla_data(tb[NLMSGERR_ATTR_MSG]);
-
-	fprintf(stderr, "Netlink error(%d): %s\n", err->error, errstr);
-
-	return NL_STOP;
-}
-
-int rtnl_call(struct nl_msg *msg)
-{
-	int ret;
-
-	ret = nl_send_auto_complete(rtnl, msg);
-	nlmsg_free(msg);
-
-	if (ret < 0)
-		return ret;
-
-	return nl_wait_for_ack(rtnl);
-}
-
-int rtnl_fd(void)
-{
-	return nl_socket_get_fd(rtnl);
-}
-
-int rtnl_init(void)
-{
-	int fd, opt;
-
-	if (rtnl)
-		return 0;
-
-	rtnl = nl_socket_alloc();
-	if (!rtnl)
-		return -1;
-
-	if (nl_connect(rtnl, NETLINK_ROUTE))
-		goto free;
-
-	nl_socket_disable_seq_check(rtnl);
-	nl_socket_set_buffer_size(rtnl, 65536, 0);
-	nl_cb_err(nl_socket_get_cb(rtnl), NL_CB_CUSTOM, spotfilter_nl_error_cb, NULL);
-
-	fd = nl_socket_get_fd(rtnl);
-
-	opt = 1;
-	setsockopt(fd, SOL_NETLINK, NETLINK_EXT_ACK, &opt, sizeof(opt));
-
-	opt = 1;
-	setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &opt, sizeof(opt));
-
-	return 0;
-
-free:
-	nl_socket_free(rtnl);
-	rtnl = NULL;
-	return -1;
-}

feeds/ucentral/spotfilter/src/snoop.c

@@ -1,626 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include <netinet/if_ether.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/ip6.h>
-#include <netinet/udp.h>
-#include <netpacket/packet.h>
-#include <net/if.h>
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <fnmatch.h>
-#include <resolv.h>
-
-#include <libubox/uloop.h>
-
-#include "spotfilter.h"
-
-#define FLAG_RESPONSE		0x8000
-#define FLAG_OPCODE		0x7800
-#define FLAG_AUTHORATIVE	0x0400
-#define FLAG_RCODE		0x000f
-
-#define TYPE_A			0x0001
-#define TYPE_CNAME		0x0005
-#define TYPE_PTR		0x000c
-#define TYPE_TXT		0x0010
-#define TYPE_AAAA		0x001c
-#define TYPE_SRV		0x0021
-#define TYPE_ANY		0x00ff
-
-#define IS_COMPRESSED(x)	((x & 0xc0) == 0xc0)
-
-#define CLASS_FLUSH		0x8000
-#define CLASS_UNICAST		0x8000
-#define CLASS_IN		0x0001
-
-#define MAX_NAME_LEN            256
-#define MAX_DATA_LEN            8096
-
-int spotfilter_ifb_ifindex;
-static struct uloop_fd ufd;
-static struct uloop_timeout cname_gc_timer;
-
-struct vlan_hdr {
-	uint16_t tci;
-	uint16_t proto;
-};
-
-struct packet {
-	void *head;
-	void *buffer;
-	unsigned int len;
-};
-
-struct dns_header {
-	uint16_t id;
-	uint16_t flags;
-	uint16_t questions;
-	uint16_t answers;
-	uint16_t authority;
-	uint16_t additional;
-} __packed;
-
-struct dns_question {
-	uint16_t type;
-	uint16_t class;
-} __packed;
-
-struct dns_answer {
-	uint16_t type;
-	uint16_t class;
-	uint32_t ttl;
-	uint16_t rdlength;
-} __packed;
-
-struct addr_entry_data {
-	union {
-		struct {
-			uint32_t _pad;
-			uint32_t ip4addr;
-		};
-		uint32_t ip6addr[4];
-	};
-	uint32_t timeout;
-};
-
-struct addr_entry {
-	struct avl_node node;
-	struct addr_entry_data data;
-};
-
-struct cname_entry {
-	struct avl_node node;
-	uint8_t class;
-	uint8_t age;
-};
-
-static uint32_t spotfilter_gettime(void)
-{
-	struct timespec ts;
-
-	clock_gettime(CLOCK_MONOTONIC, &ts);
-
-	return ts.tv_sec;
-}
-
-
-static void *
-pkt_peek(struct packet *pkt, unsigned int len)
-{
-	if (len > pkt->len)
-		return NULL;
-
-	return pkt->buffer;
-}
-
-
-static void *
-pkt_pull(struct packet *pkt, unsigned int len)
-{
-	void *ret = pkt_peek(pkt, len);
-
-	if (!ret)
-		return NULL;
-
-	pkt->buffer += len;
-	pkt->len -= len;
-
-	return ret;
-}
-
-static bool
-proto_is_vlan(uint16_t proto)
-{
-	return proto == ETH_P_8021Q || proto == ETH_P_8021AD;
-}
-
-static int pkt_pull_name(struct packet *pkt, const void *hdr, char *dest)
-{
-	int len;
-
-	if (dest)
-		len = dn_expand(hdr, pkt->buffer + pkt->len, pkt->buffer,
-				(void *)dest, MAX_NAME_LEN);
-	else
-		len = dn_skipname(pkt->buffer, pkt->buffer + pkt->len - 1);
-
-	if (len < 0 || !pkt_pull(pkt, len))
-		return -1;
-
-	return 0;
-}
-
-static void
-cname_cache_set(struct interface *iface, const char *name, int class)
-{
-	struct cname_entry *e;
-
-	if (class < 0)
-		return;
-
-	e = avl_find_element(&iface->cname_cache, name, e, node);
-	if (!e) {
-		char *name_buf;
-
-		e = calloc_a(sizeof(*e), &name_buf, strlen(name) + 1);
-		e->node.key = strcpy(name_buf, name);
-		avl_insert(&iface->cname_cache, &e->node);
-	}
-
-	e->age = 0;
-	e->class = (uint8_t)class;
-}
-
-static int
-cname_cache_get(struct interface *iface, const char *name, int *class)
-{
-	struct cname_entry *e;
-
-	e = avl_find_element(&iface->cname_cache, name, e, node);
-	if (!e)
-		return -1;
-
-	if (*class < 0)
-		*class = e->class;
-
-	return 0;
-}
-
-static bool
-__spotfilter_dns_whitelist_lookup(struct blob_attr *attr, const char *name, int *class)
-{
-	enum {
-		WL_ATTR_CLASS,
-		WL_ATTR_HOSTS,
-		__WL_ATTR_MAX
-	};
-	static const struct blobmsg_policy policy[__WL_ATTR_MAX] = {
-		[WL_ATTR_CLASS] = { "class", BLOBMSG_TYPE_INT32 },
-		[WL_ATTR_HOSTS] = { "hosts", BLOBMSG_TYPE_ARRAY },
-	};
-	struct blob_attr *tb[__WL_ATTR_MAX];
-	struct blob_attr *cur;
-	int rem;
-
-	blobmsg_parse(policy, __WL_ATTR_MAX, tb, blobmsg_data(attr), blobmsg_len(attr));
-
-	if (!tb[WL_ATTR_CLASS] || !tb[WL_ATTR_HOSTS])
-		return false;
-
-	blobmsg_for_each_attr(cur, tb[WL_ATTR_HOSTS], rem) {
-		if (fnmatch(blobmsg_get_string(cur), name, 0))
-			continue;
-
-		*class = blobmsg_get_u32(tb[WL_ATTR_CLASS]);
-		return true;
-	}
-
-	return false;
-}
-
-static void
-spotfilter_dns_whitelist_lookup(struct interface *iface, const char *name, int *class)
-{
-	struct blob_attr *cur;
-	int rem;
-
-	if (!iface->whitelist)
-		return;
-
-	blobmsg_for_each_attr(cur, iface->whitelist, rem) {
-		if (__spotfilter_dns_whitelist_lookup(cur, name, class))
-			return;
-	}
-}
-
-static void
-spotfilter_dns_whitelist_map_add(struct interface *iface, const struct addr_entry_data *data,
-				 bool ipv6, int class)
-{
-	struct addr_entry *e;
-	uint8_t val = (uint8_t)class;
-	int32_t delta;
-
-	if (class < 0)
-		return;
-
-	e = avl_find_element(&iface->addr_map, data, e, node);
-	if (!e) {
-		e = calloc(1, sizeof(*e));
-		memcpy(&e->data, data, sizeof(e->data));
-		e->node.key = &e->data;
-		avl_insert(&iface->addr_map, &e->node);
-	}
-
-	spotfilter_bpf_set_whitelist(iface, ipv6 ? data->ip6addr : &data->ip4addr, ipv6, &val);
-	e->data.timeout = spotfilter_gettime() + data->timeout;
-
-	delta = e->data.timeout - iface->next_gc;
-	if (iface->next_gc && delta < 0)
-		uloop_timeout_set(&iface->addr_gc, data->timeout);
-}
-
-static int
-dns_parse_question(struct interface *iface, struct packet *pkt, const void *hdr, int *class)
-{
-	char qname[MAX_NAME_LEN];
-
-	if (pkt_pull_name(pkt, hdr, qname) ||
-	    !pkt_pull(pkt, sizeof(struct dns_question)))
-		return -1;
-
-	cname_cache_get(iface, qname, class);
-	spotfilter_dns_whitelist_lookup(iface, qname, class);
-
-	return 0;
-}
-
-static int
-dns_parse_answer(struct interface *iface, struct packet *pkt, void *hdr, int *class)
-{
-	char cname[MAX_NAME_LEN];
-	struct dns_answer *a;
-	struct addr_entry_data data = {};
-	bool ipv6 = false;
-	void *rdata;
-	int len;
-
-	if (pkt_pull_name(pkt, hdr, NULL))
-		return -1;
-
-	a = pkt_pull(pkt, sizeof(*a));
-	if (!a)
-		return -1;
-
-	len = be16_to_cpu(a->rdlength);
-	rdata = pkt_pull(pkt, len);
-	if (!rdata)
-		return -1;
-
-	switch (be16_to_cpu(a->type)) {
-	case TYPE_CNAME:
-		if (dn_expand(hdr, pkt->buffer + pkt->len, rdata,
-			      cname, sizeof(cname)) < 0)
-			return -1;
-
-		spotfilter_dns_whitelist_lookup(iface, cname, class);
-		cname_cache_set(iface, cname, *class);
-		return 0;
-	case TYPE_A:
-		memcpy(&data.ip4addr, rdata, 4);
-		if (!data.ip4addr)
-			return 0;
-		break;
-	case TYPE_AAAA:
-		ipv6 = true;
-		memcpy(&data.ip6addr, rdata, 16);
-		if (!data.ip6addr[0])
-			return 0;
-		break;
-	default:
-		return 0;
-	}
-
-	if (class < 0)
-	    return 0;
-
-	data.timeout = be32_to_cpu(a->ttl);
-	spotfilter_dns_whitelist_map_add(iface, &data, ipv6, *class);
-
-	return 0;
-}
-
-static void
-spotfilter_dns_iface_recv(struct interface *iface, struct packet *pkt)
-{
-	struct dns_header *h;
-	int class = -1;
-	int i;
-
-	h = pkt_pull(pkt, sizeof(*h));
-	if (!h)
-		return;
-
-	if ((h->flags & cpu_to_be16(FLAG_RESPONSE | FLAG_OPCODE | FLAG_RCODE)) !=
-	    cpu_to_be16(FLAG_RESPONSE))
-		return;
-
-	if (h->questions != cpu_to_be16(1))
-		return;
-
-	if (dns_parse_question(iface, pkt, h, &class))
-		return;
-
-	for (i = 0; i < be16_to_cpu(h->answers); i++)
-		if (dns_parse_answer(iface, pkt, h, &class))
-			return;
-}
-
-static void
-spotfilter_dns_recv(struct packet *pkt)
-{
-	struct interface *iface;
-
-	avl_for_each_element(&interfaces, iface, node) {
-		struct packet tmp_pkt = *pkt;
-
-		spotfilter_dns_iface_recv(iface, &tmp_pkt);
-	}
-}
-
-static void
-spotfilter_parse_udp_v4(struct packet *pkt, uint16_t src_port, uint16_t dst_port)
-{
-	struct ethhdr *eth = pkt->head;
-
-	if (src_port != 67 || dst_port != 68)
-		return;
-
-	spotfilter_recv_dhcpv4(pkt->buffer, pkt->len, eth->h_dest);
-}
-
-static void
-spotfilter_packet_cb(struct packet *pkt)
-{
-	uint16_t proto, src_port, dst_port;
-	struct ethhdr *eth;
-	struct ip6_hdr *ip6;
-	struct ip *ip;
-	struct udphdr *udp;
-	bool ipv4;
-
-	eth = pkt_pull(pkt, sizeof(*eth));
-	if (!eth)
-		return;
-
-	proto = be16_to_cpu(eth->h_proto);
-	if (proto_is_vlan(proto)) {
-		struct vlan_hdr *vlan;
-
-		vlan = pkt_pull(pkt, sizeof(*vlan));
-		if (!vlan)
-			return;
-
-		proto = be16_to_cpu(vlan->proto);
-	}
-
-	switch (proto) {
-	case ETH_P_IP:
-		ip = pkt_peek(pkt, sizeof(struct ip));
-		if (!ip)
-			return;
-
-		if (!pkt_pull(pkt, ip->ip_hl * 4))
-			return;
-
-		proto = ip->ip_p;
-		ipv4 = true;
-		break;
-	case ETH_P_IPV6:
-		ip6 = pkt_pull(pkt, sizeof(*ip6));
-		if (!ip6)
-			return;
-
-		proto = ip6->ip6_nxt;
-		if (proto == IPPROTO_ICMPV6) {
-			if (ip6->ip6_hlim != 255)
-				return;
-
-			spotfilter_recv_icmpv6(pkt->buffer, pkt->len, eth->h_source, eth->h_dest);
-			return;
-		}
-		break;
-	default:
-		return;
-	}
-
-	if (proto != IPPROTO_UDP)
-		return;
-
-	udp = pkt_pull(pkt, sizeof(struct udphdr));
-	if (!udp)
-		return;
-
-	src_port = ntohs(udp->uh_sport);
-	dst_port = ntohs(udp->uh_dport);
-
-	if (ipv4)
-		spotfilter_parse_udp_v4(pkt, src_port, dst_port);
-
-	if (src_port == 53)
-		spotfilter_dns_recv(pkt);
-}
-
-static void
-spotfilter_socket_cb(struct uloop_fd *fd, unsigned int events)
-{
-	static uint8_t buf[8192];
-	struct packet pkt = {
-		.head = buf,
-		.buffer = buf,
-	};
-	int len;
-
-retry:
-	len = recvfrom(fd->fd, buf, sizeof(buf), MSG_DONTWAIT, NULL, NULL);
-	if (len < 0) {
-		if (errno == EINTR)
-			goto retry;
-		return;
-	}
-
-	if (!len)
-		return;
-
-	pkt.len = len;
-	spotfilter_packet_cb(&pkt);
-}
-
-static int
-spotfilter_open_socket(void)
-{
-	struct sockaddr_ll sll = {
-		.sll_family = AF_PACKET,
-		.sll_protocol = htons(ETH_P_ALL),
-	};
-	int sock;
-
-	sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
-	if (sock == -1) {
-		ULOG_ERR("failed to create raw socket: %s\n", strerror(errno));
-		return -1;
-	}
-
-	sll.sll_ifindex = if_nametoindex(SPOTFILTER_IFB_NAME);
-	if (bind(sock, (struct sockaddr *)&sll, sizeof(sll))) {
-		ULOG_ERR("failed to bind socket to "SPOTFILTER_IFB_NAME": %s\n",
-			 strerror(errno));
-		goto error;
-	}
-
-	fcntl(sock, F_SETFL, fcntl(sock, F_GETFL) | O_NONBLOCK);
-
-	ufd.fd = sock;
-	ufd.cb = spotfilter_socket_cb;
-	uloop_fd_add(&ufd, ULOOP_READ);
-
-	return 0;
-
-error:
-	close(sock);
-	return -1;
-}
-
-
-static void
-spotfilter_addr_gc(struct uloop_timeout *t)
-{
-	struct interface *iface = container_of(t, struct interface, addr_gc);
-	struct addr_entry *e, *tmp;
-	uint32_t now = spotfilter_gettime();
-	int32_t timeout = 0;
-
-	iface->next_gc = 0;
-	avl_for_each_element_safe(&iface->addr_map, e, node, tmp) {
-		const void *addr = e->data.ip6addr[0] ? &e->data.ip6addr[0] : &e->data.ip4addr;
-		bool ipv6 = !!e->data.ip6addr[0];
-		int32_t cur_timeout;
-
-		cur_timeout = e->data.timeout - now;
-		if (cur_timeout <= 0) {
-			if (!spotfilter_bpf_whitelist_seen(iface, addr, ipv6)) {
-				spotfilter_bpf_set_whitelist(iface, addr, ipv6, NULL);
-				avl_delete(&iface->addr_map, &e->node);
-				free(e);
-				continue;
-			}
-
-			e->data.timeout = now + iface->active_timeout;
-		}
-
-		if (!timeout || cur_timeout < timeout) {
-			timeout = cur_timeout;
-			iface->next_gc = e->data.timeout;
-		}
-	}
-
-	if (!timeout)
-		return;
-
-	uloop_timeout_set(&iface->addr_gc, timeout * 1000);
-}
-
-static void
-spotfilter_cname_cache_gc(struct uloop_timeout *timeout)
-{
-	struct interface *iface;
-	struct cname_entry *e, *tmp;
-
-	avl_for_each_element(&interfaces, iface, node) {
-		avl_for_each_element_safe(&iface->cname_cache, e, node, tmp) {
-			if (e->age++ < 5)
-				continue;
-
-			avl_delete(&iface->cname_cache, &e->node);
-			free(e);
-		}
-	}
-
-	uloop_timeout_set(timeout, 1000);
-}
-
-static int avl_addr_cmp(const void *k1, const void *k2, void *ptr)
-{
-	return memcmp(k1, k2, 16);
-}
-
-
-void spotfilter_dns_init(struct interface *iface)
-{
-	avl_init(&iface->cname_cache, avl_strcmp, false, NULL);
-	avl_init(&iface->addr_map, avl_addr_cmp, false, NULL);
-	iface->addr_gc.cb = spotfilter_addr_gc;
-}
-
-void spotfilter_dns_free(struct interface *iface)
-{
-	struct cname_entry *e, *tmp;
-
-	avl_remove_all_elements(&iface->cname_cache, e, node, tmp)
-		free(e);
-}
-
-int spotfilter_dev_init(void)
-{
-	cname_gc_timer.cb = spotfilter_cname_cache_gc;
-	spotfilter_cname_cache_gc(&cname_gc_timer);
-
-	spotfilter_dev_done();
-
-	if (spotfilter_run_cmd("ip link add "SPOTFILTER_IFB_NAME" type ifb", false) ||
-	    spotfilter_run_cmd("ip link set dev "SPOTFILTER_IFB_NAME" up", false) ||
-	    spotfilter_open_socket())
-		return -1;
-
-	spotfilter_ifb_ifindex = if_nametoindex(SPOTFILTER_IFB_NAME);
-
-	return 0;
-}
-
-void spotfilter_dev_done(void)
-{
-	if (ufd.registered) {
-		uloop_fd_delete(&ufd);
-		close(ufd.fd);
-	}
-
-	spotfilter_run_cmd("ip link del "SPOTFILTER_IFB_NAME, true);
-}

feeds/ucentral/spotfilter/src/spotfilter-bpf.c

@@ -1,287 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#define KBUILD_MODNAME "foo"
-#include <uapi/linux/bpf.h>
-#include <uapi/linux/if_ether.h>
-#include <uapi/linux/if_packet.h>
-#include <uapi/linux/ip.h>
-#include <uapi/linux/ipv6.h>
-#include <uapi/linux/in.h>
-#include <uapi/linux/tcp.h>
-#include <uapi/linux/udp.h>
-#include <uapi/linux/icmpv6.h>
-#include <uapi/linux/filter.h>
-#include <uapi/linux/pkt_cls.h>
-#include <linux/ip.h>
-#include <net/ipv6.h>
-#include <bpf/bpf_helpers.h>
-#include <bpf/bpf_endian.h>
-#include "bpf_skb_utils.h"
-#include "spotfilter-bpf.h"
-
-static const volatile struct spotfilter_bpf_config config = {};
-
-struct {
-	__uint(type, BPF_MAP_TYPE_ARRAY);
-	__uint(key_size, sizeof(uint32_t));
-	__type(value, struct spotfilter_bpf_class);
-	__uint(max_entries, SPOTFILTER_NUM_CLASS);
-} class SEC(".maps");
-
-struct {
-	__uint(type, BPF_MAP_TYPE_HASH);
-	__uint(key_size, sizeof(struct spotfilter_client_key));
-	__type(value, struct spotfilter_client_data);
-	__uint(max_entries, 1000);
-	__uint(map_flags, BPF_F_NO_PREALLOC);
-} client SEC(".maps");
-
-struct {
-	__uint(type, BPF_MAP_TYPE_HASH);
-	__uint(key_size, sizeof(struct in_addr));
-	__type(value, struct spotfilter_whitelist_entry);
-	__uint(max_entries, 10000);
-	__uint(map_flags, BPF_F_NO_PREALLOC);
-} whitelist_ipv4 SEC(".maps");
-
-struct {
-	__uint(type, BPF_MAP_TYPE_HASH);
-	__uint(key_size, sizeof(struct in6_addr));
-	__type(value, struct spotfilter_whitelist_entry);
-	__uint(max_entries, 10000);
-	__uint(map_flags, BPF_F_NO_PREALLOC);
-} whitelist_ipv6 SEC(".maps");
-
-static bool
-is_dhcpv4_port(uint16_t port)
-{
-	return port == bpf_htons(67) || port == bpf_htons(68);
-}
-
-static __always_inline bool
-check_ipv4_control(struct skb_parser_info *info)
-{
-	struct udphdr *udph;
-
-	if (info->proto != IPPROTO_UDP)
-		return false;
-
-	udph = skb_info_ptr(info, sizeof(*udph));
-	if (!udph)
-		return false;
-
-	return is_dhcpv4_port(udph->source) && is_dhcpv4_port(udph->dest);
-}
-
-static bool
-is_dhcpv6_port(uint16_t port)
-{
-	return port == bpf_htons(546) || port == bpf_htons(547);
-}
-
-static bool
-is_icmpv6_control(uint8_t type)
-{
-	switch (type) {
-	case ICMPV6_PKT_TOOBIG:
-	case NDISC_ROUTER_SOLICITATION:
-	case NDISC_ROUTER_ADVERTISEMENT:
-	case NDISC_NEIGHBOUR_SOLICITATION:
-	case NDISC_NEIGHBOUR_ADVERTISEMENT:
-	case NDISC_REDIRECT:
-	case ICMPV6_MGM_QUERY:
-	case ICMPV6_MGM_REPORT:
-		return true;
-	default:
-		return false;
-	}
-}
-
-static __always_inline bool
-check_ipv6_control(struct skb_parser_info *info)
-{
-	if (info->proto == IPPROTO_UDP) {
-		struct udphdr *udph;
-
-		udph = skb_info_ptr(info, sizeof(*udph));
-		if (!udph)
-			return false;
-
-		return is_dhcpv6_port(udph->source) && is_dhcpv6_port(udph->dest);
-	}
-
-	if (info->proto == IPPROTO_ICMPV6) {
-		struct icmp6hdr *icmp6h;
-
-		icmp6h = skb_info_ptr(info, sizeof(*icmp6h));
-		if (!icmp6h)
-			return false;
-
-		return is_icmpv6_control(icmp6h->icmp6_type);
-	}
-
-	return false;
-}
-
-static __always_inline bool
-check_dns(struct skb_parser_info *info, bool ingress)
-{
-	struct udphdr *udph;
-
-	if (info->proto != IPPROTO_UDP)
-		return false;
-
-	udph = skb_info_ptr(info, sizeof(*udph));
-	if (!udph)
-		return false;
-
-	if (ingress)
-		return udph->dest == bpf_htons(53);
-
-	return udph->source == bpf_htons(53);
-}
-
-SEC("tc/egress")
-int spotfilter_out(struct __sk_buff *skb)
-{
-	struct spotfilter_client_data *cl;
-	struct skb_parser_info info;
-	struct ethhdr *eth;
-	bool is_control = false;
-	bool is_dns = false;
-
-	skb_parse_init(&info, skb);
-	eth = skb_parse_ethernet(&info);
-	if (!eth)
-		return TC_ACT_UNSPEC;
-
-	cl = bpf_map_lookup_elem(&client, eth->h_dest);
-	if (cl) {
-		if (cl->flags & SPOTFILTER_CLIENT_F_ACCT_DL)
-			cl->bytes_dl += skb->len;
-	}
-
-	skb_parse_vlan(&info);
-	if (skb_parse_ipv4(&info, sizeof(struct udphdr))) {
-		is_control = check_ipv4_control(&info);
-		is_dns = check_dns(&info, false);
-	} else if (skb_parse_ipv6(&info, sizeof(struct icmp6hdr))) {
-		is_control = check_ipv6_control(&info);
-		is_dns = check_dns(&info, false);
-	} else {
-		return TC_ACT_UNSPEC;
-	}
-
-	if (is_control || is_dns)
-		bpf_clone_redirect(skb, config.snoop_ifindex, BPF_F_INGRESS);
-
-	return TC_ACT_UNSPEC;
-}
-
-SEC("tc/ingress")
-int spotfilter_in(struct __sk_buff *skb)
-{
-	struct spotfilter_client_data *cl, cldata = {};
-	struct spotfilter_bpf_class *c, cdata;
-	struct skb_parser_info info;
-	struct ipv6hdr *ip6h;
-	struct ethhdr *eth;
-	struct iphdr *iph;
-	bool addr_match = false;
-	bool is_control = false;
-	bool has_vlan = false;
-	bool is_dns = false;
-	struct spotfilter_whitelist_entry *wl_val = NULL;
-	uint32_t cur_class;
-
-	skb_parse_init(&info, skb);
-	eth = skb_parse_ethernet(&info);
-	if (!eth)
-		return TC_ACT_UNSPEC;
-
-	cl = bpf_map_lookup_elem(&client, eth->h_source);
-	if (cl) {
-		cldata = *cl;
-		if (cl->flags & SPOTFILTER_CLIENT_F_ACCT_UL)
-			cl->bytes_ul += skb->len;
-	}
-
-	has_vlan = !!skb_parse_vlan(&info);
-	if ((iph = skb_parse_ipv4(&info, sizeof(struct udphdr))) != NULL) {
-		addr_match = iph->saddr == cldata.ip4addr;
-		is_control = check_ipv4_control(&info);
-		is_dns = check_dns(&info, true);
-
-		if (!is_control)
-			wl_val = bpf_map_lookup_elem(&whitelist_ipv4, &iph->daddr);
-	} else if ((ip6h = skb_parse_ipv6(&info, sizeof(struct icmp6hdr))) != NULL) {
-		addr_match = ipv6_addr_equal(&ip6h->saddr, (struct in6_addr *)&cldata.ip6addr);
-		if ((ip6h->saddr.s6_addr[0] & 0xe0) != 0x20)
-			addr_match = true;
-		is_control = check_ipv6_control(&info);
-		is_dns = check_dns(&info, true);
-
-		if (!is_control)
-			wl_val = bpf_map_lookup_elem(&whitelist_ipv6, &ip6h->daddr);
-	} else {
-			return TC_ACT_UNSPEC;
-	}
-
-	if (wl_val) {
-		cldata.cur_class = wl_val->val;
-		cldata.dns_class = wl_val->val;
-		wl_val->seen = 1;
-	}
-
-	if (is_control) {
-		bpf_clone_redirect(skb, config.snoop_ifindex, BPF_F_INGRESS);
-		return TC_ACT_UNSPEC;
-	}
-
-	if (!addr_match) {
-		if (!is_control)
-			return TC_ACT_SHOT;
-
-		memset(&cldata, 0, sizeof(cldata));
-	}
-
-	cur_class = is_dns ? cldata.dns_class : cldata.cur_class;
-	c = bpf_map_lookup_elem(&class, &cur_class);
-	if (c)
-		cdata = *c;
-	else
-		return TC_ACT_UNSPEC;
-
-	if (!(cdata.actions & SPOTFILTER_ACTION_VALID))
-		return TC_ACT_SHOT;
-
-	if (cdata.actions & SPOTFILTER_ACTION_SET_DEST_MAC) {
-		eth = skb_ptr(skb, 0, sizeof(*eth));
-		if (!eth)
-			return TC_ACT_UNSPEC;
-
-		memcpy(eth->h_dest, cdata.dest_mac, ETH_ALEN);
-	}
-
-	if (cdata.actions & SPOTFILTER_ACTION_FWMARK)
-		skb->mark = (skb->mark & ~cdata.fwmark_mask) | cdata.fwmark_val;
-
-	if (cdata.actions & SPOTFILTER_ACTION_REDIRECT) {
-		if (cdata.actions & SPOTFILTER_ACTION_REDIRECT_VLAN) {
-			if (has_vlan && bpf_skb_vlan_pop(skb))
-				return -1;
-
-			if (cdata.redirect_vlan_proto &&
-				bpf_skb_vlan_push(skb, cdata.redirect_vlan_proto, cdata.redirect_vlan))
-				return -1;
-		}
-
-		return bpf_redirect(cdata.redirect_ifindex, 0);
-	}
-
-	return TC_ACT_UNSPEC;
-}
-
-char _license[] SEC("license") = "GPL";

feeds/ucentral/spotfilter/src/spotfilter-bpf.h

@@ -1,57 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#ifndef __BPF_SPOTFILTER_H
-#define __BPF_SPOTFILTER_H
-
-struct spotfilter_client_key {
-	uint8_t addr[6];
-};
-
-#define SPOTFILTER_CLIENT_F_ACCT_UL	(1 << 0)
-#define SPOTFILTER_CLIENT_F_ACCT_DL	(1 << 1)
-
-struct spotfilter_client_data {
-	uint32_t ip4addr;
-	uint32_t ip6addr[4];
-	uint8_t cur_class;
-	uint8_t dns_class;
-	uint8_t flags;
-
-	uint64_t bytes_ul;
-	uint64_t bytes_dl;
-};
-
-struct spotfilter_bpf_config {
-	uint32_t snoop_ifindex;
-};
-
-struct spotfilter_whitelist_entry {
-	uint8_t val;
-	uint8_t seen;
-};
-
-#define SPOTFILTER_NUM_CLASS 16
-
-#define SPOTFILTER_ACTION_FWMARK	(1 << 0)
-#define SPOTFILTER_ACTION_REDIRECT	(1 << 1)
-#define SPOTFILTER_ACTION_REDIRECT_VLAN	(1 << 2)
-#define SPOTFILTER_ACTION_SET_DEST_MAC	(1 << 3)
-
-#define SPOTFILTER_ACTION_VALID		(1 << 15)
-
-
-struct spotfilter_bpf_class {
-	uint16_t actions;
-	uint8_t dest_mac[6];
-
-	uint32_t fwmark_val;
-	uint32_t fwmark_mask;
-
-	uint32_t redirect_ifindex;
-	uint16_t redirect_vlan;
-	uint16_t redirect_vlan_proto;
-};
-
-#endif

feeds/ucentral/spotfilter/src/spotfilter.h

@@ -1,59 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#ifndef __SPOTFILTER_H
-#define __SPOTFILTER_H
-
-#include <stdbool.h>
-#include <stdint.h>
-#include <regex.h>
-
-#include <bpf/bpf.h>
-#include <bpf/libbpf.h>
-
-#include <libubox/utils.h>
-#include <libubox/avl.h>
-#include <libubox/vlist.h>
-#include <libubox/blobmsg.h>
-#include <libubox/ulog.h>
-
-#include <netinet/in.h>
-
-#include "spotfilter-bpf.h"
-#include "interface.h"
-#include "bpf.h"
-#include "client.h"
-
-#define SPOTFILTER_IFB_NAME	"spotfilter-ifb"
-
-#define SPOTFILTER_PROG_PATH	"/lib/bpf/spotfilter-bpf.o"
-
-#define SPOTFILTER_PRIO_BASE	0x120
-
-extern int spotfilter_ifb_ifindex;
-struct nl_msg;
-
-int rtnl_init(void);
-int rtnl_fd(void);
-int rtnl_call(struct nl_msg *msg);
-
-int spotfilter_run_cmd(char *cmd, bool ignore_error);
-
-int spotfilter_ubus_init(void);
-void spotfilter_ubus_stop(void);
-void spotfilter_ubus_notify(struct interface *iface, struct client *cl, const char *type);
-
-int spotfilter_dev_init(void);
-void spotfilter_dev_done(void);
-
-void spotfilter_dns_init(struct interface *iface);
-void spotfilter_dns_free(struct interface *iface);
-
-void spotfilter_recv_dhcpv4(const void *msg, int len, const void *eth_addr);
-void spotfilter_recv_icmpv6(const void *data, int len, const uint8_t *src, const uint8_t *dest);
-
-int spotfilter_nl80211_init(void);
-void spotfilter_nl80211_done(void);
-
-#endif

feeds/ucentral/spotfilter/src/ubus.c

@@ -1,470 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
- */
-#include <libubus.h>
-#include <arpa/inet.h>
-#include <netinet/ether.h>
-#include <net/if.h>
-
-#include "spotfilter.h"
-
-static struct blob_buf b;
-
-enum {
-	IFACE_ATTR_NAME,
-	IFACE_ATTR_CONFIG,
-	IFACE_ATTR_DEVICES,
-	__IFACE_ATTR_MAX,
-};
-
-static const struct blobmsg_policy iface_policy[__IFACE_ATTR_MAX] = {
-	[IFACE_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING },
-	[IFACE_ATTR_CONFIG] = { "config", BLOBMSG_TYPE_TABLE },
-	[IFACE_ATTR_DEVICES] = { "devices", BLOBMSG_TYPE_ARRAY },
-};
-
-static int
-interface_ubus_add(struct ubus_context *ctx, struct ubus_object *obj,
-		   struct ubus_request_data *req, const char *method,
-		   struct blob_attr *msg)
-{
-	struct blob_attr *tb[__IFACE_ATTR_MAX];
-	struct blob_attr *cur;
-	const char *name;
-
-	blobmsg_parse(iface_policy, __IFACE_ATTR_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
-
-	if ((cur = tb[IFACE_ATTR_NAME]) != NULL)
-		name = blobmsg_get_string(tb[IFACE_ATTR_NAME]);
-	else
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if ((cur = tb[IFACE_ATTR_DEVICES]) != NULL &&
-	    blobmsg_check_array(cur, BLOBMSG_TYPE_STRING) < 0)
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	interface_add(name, tb[IFACE_ATTR_CONFIG], tb[IFACE_ATTR_DEVICES]);
-
-	return 0;
-}
-
-static int
-interface_ubus_remove(struct ubus_context *ctx, struct ubus_object *obj,
-		      struct ubus_request_data *req, const char *method,
-		      struct blob_attr *msg)
-{
-	struct interface *iface;
-	struct blob_attr *tb;
-
-	blobmsg_parse(&iface_policy[IFACE_ATTR_NAME], 1, &tb,
-		      blobmsg_data(msg), blobmsg_len(msg));
-
-	if (tb)
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	iface = avl_find_element(&interfaces, blobmsg_get_string(tb), iface, node);
-	if (!iface)
-		return UBUS_STATUS_NOT_FOUND;
-
-	interface_free(iface);
-	return 0;
-}
-
-static int
-check_devices(struct ubus_context *ctx, struct ubus_object *obj,
-	      struct ubus_request_data *req, const char *method,
-	      struct blob_attr *msg)
-{
-	interface_check_devices();
-	return 0;
-}
-
-enum {
-	CLIENT_ATTR_IFACE,
-	CLIENT_ATTR_ADDR,
-	CLIENT_ATTR_ID,
-	CLIENT_ATTR_STATE,
-	CLIENT_ATTR_DNS_STATE,
-	CLIENT_ATTR_ACCOUNTING,
-	CLIENT_ATTR_DATA,
-	__CLIENT_ATTR_MAX
-};
-
-static const struct blobmsg_policy client_policy[__CLIENT_ATTR_MAX] = {
-	[CLIENT_ATTR_IFACE] = { "interface", BLOBMSG_TYPE_STRING },
-	[CLIENT_ATTR_ADDR] = { "address", BLOBMSG_TYPE_STRING },
-	[CLIENT_ATTR_ID] = { "id", BLOBMSG_TYPE_STRING },
-	[CLIENT_ATTR_STATE] = { "state", BLOBMSG_TYPE_INT32 },
-	[CLIENT_ATTR_DNS_STATE] = { "dns_state", BLOBMSG_TYPE_INT32 },
-	[CLIENT_ATTR_ACCOUNTING] = { "accounting", BLOBMSG_TYPE_ARRAY },
-	[CLIENT_ATTR_DATA] = { "data", BLOBMSG_TYPE_TABLE },
-};
-
-static int
-client_ubus_init(struct blob_attr *msg, struct blob_attr **tb,
-		 struct interface **iface, const void **addr,
-		 const char **id, struct client **cl)
-{
-	struct blob_attr *cur;
-
-	blobmsg_parse(client_policy, __CLIENT_ATTR_MAX, tb,
-		      blobmsg_data(msg), blobmsg_len(msg));
-
-	if ((cur = tb[CLIENT_ATTR_IFACE]) != NULL)
-		*iface = avl_find_element(&interfaces, blobmsg_get_string(cur),
-					  *iface, node);
-	else
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (!*iface)
-		return UBUS_STATUS_NOT_FOUND;
-
-	if ((cur = tb[CLIENT_ATTR_ADDR]) != NULL)
-		*addr = ether_aton(blobmsg_get_string(cur));
-	else
-		*addr = NULL;
-
-	if ((cur = tb[CLIENT_ATTR_ID]) != NULL)
-		*id = blobmsg_get_string(cur);
-	else
-		*id = NULL;
-
-	if (*addr)
-		*cl = avl_find_element(&(*iface)->clients, *addr, *cl, node);
-	else if (*id)
-		*cl = avl_find_element(&(*iface)->client_ids, *id, *cl, id_node);
-	else
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (*cl && !*addr)
-		*addr = (*cl)->node.key;
-
-	return 0;
-}
-
-static int
-client_accounting_flags(struct blob_attr *attr)
-{
-	struct blob_attr *cur;
-	int flags = 0;
-	int rem;
-
-	blobmsg_for_each_attr(cur, attr, rem) {
-		const char *val = blobmsg_get_string(cur);
-
-		if (!strcmp(val, "ul"))
-			flags |= SPOTFILTER_CLIENT_F_ACCT_UL;
-		else if (!strcmp(val, "dl"))
-			flags |= SPOTFILTER_CLIENT_F_ACCT_DL;
-	}
-
-	return flags;
-}
-
-
-static int
-client_ubus_update(struct ubus_context *ctx, struct ubus_object *obj,
-		   struct ubus_request_data *req, const char *method,
-		   struct blob_attr *msg)
-{
-	struct blob_attr *tb[__CLIENT_ATTR_MAX];
-	struct interface *iface = NULL;
-	struct blob_attr *cur;
-	struct client *cl = NULL;
-	const void *addr = NULL;
-	const char *id = NULL;
-	int state = -1, dns_state = -1;
-	int accounting = -1;
-	int ret;
-
-	ret = client_ubus_init(msg, tb, &iface, &addr, &id, &cl);
-	if (ret)
-		return ret;
-
-	if ((cur = tb[CLIENT_ATTR_STATE]) != NULL)
-		dns_state = state = blobmsg_get_u32(cur);
-
-	if ((cur = tb[CLIENT_ATTR_DNS_STATE]) != NULL)
-		dns_state = blobmsg_get_u32(cur);
-
-	if ((cur = tb[CLIENT_ATTR_ACCOUNTING]) != NULL &&
-	    blobmsg_check_array(cur, BLOBMSG_TYPE_STRING) >= 0)
-		accounting = client_accounting_flags(cur);
-
-	if (!strcmp(method, "client_remove")) {
-		if (!cl)
-			return UBUS_STATUS_NOT_FOUND;
-
-		client_free(iface, cl);
-		return 0;
-	}
-
-	if (!addr)
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	client_set(iface, addr, id, state, dns_state, accounting,
-		   tb[CLIENT_ATTR_DATA]);
-
-	return 0;
-}
-
-static void
-interface_dump_action(struct blob_buf *buf, struct interface *iface, uint8_t class)
-{
-	struct spotfilter_bpf_class *c = &iface->cdata[class];
-	char ifname[IFNAMSIZ + 1];
-
-	if (!(c->actions & SPOTFILTER_ACTION_VALID)) {
-		blobmsg_add_u8(buf, "invalid", 1);
-		return;
-	}
-
-	if (c->actions & SPOTFILTER_ACTION_FWMARK) {
-		blobmsg_add_u32(buf, "fwmark", c->fwmark_val);
-		blobmsg_add_u32(buf, "fwmark_mask", c->fwmark_mask);
-	}
-
-	if (c->actions & SPOTFILTER_ACTION_REDIRECT)
-		blobmsg_add_string(buf, "redirect", if_indextoname(c->redirect_ifindex, ifname));
-
-	if (c->actions & SPOTFILTER_ACTION_SET_DEST_MAC)
-		blobmsg_add_string(buf, "dest_mac", ether_ntoa((const void *)c->dest_mac));
-}
-
-static void client_dump(struct interface *iface, struct client *cl)
-{
-	struct blob_attr *val;
-	const char *name;
-	char *buf;
-	void *c;
-
-	spotfilter_bpf_get_client(iface, &cl->key, &cl->data);
-
-	if (iface->client_autoremove)
-		blobmsg_add_u32(&b, "idle", cl->idle);
-
-	blobmsg_add_u32(&b, "state", cl->data.cur_class);
-	blobmsg_add_u32(&b, "dns_state", cl->data.dns_class);
-	if (cl->id_node.key)
-		blobmsg_add_string(&b, "id", (const char *)cl->id_node.key);
-
-	if (cl->data.ip4addr) {
-		buf = blobmsg_alloc_string_buffer(&b, "ip4addr", INET6_ADDRSTRLEN);
-		inet_ntop(AF_INET, (const void *)&cl->data.ip4addr, buf, INET6_ADDRSTRLEN);
-		blobmsg_add_string_buffer(&b);
-	}
-
-	if (cl->data.ip6addr[0]) {
-		buf = blobmsg_alloc_string_buffer(&b, "ip6addr", INET6_ADDRSTRLEN);
-		inet_ntop(AF_INET6, (const void *)cl->data.ip6addr, buf, INET6_ADDRSTRLEN);
-		blobmsg_add_string_buffer(&b);
-	}
-
-	c = blobmsg_open_array(&b, "accounting");
-	if (cl->data.flags & SPOTFILTER_CLIENT_F_ACCT_UL)
-		blobmsg_add_string(&b, NULL, "ul");
-	if (cl->data.flags & SPOTFILTER_CLIENT_F_ACCT_DL)
-		blobmsg_add_string(&b, NULL, "dl");
-	blobmsg_close_table(&b, c);
-
-	c = blobmsg_open_table(&b, "data");
-	kvlist_for_each(&cl->kvdata, name, val)
-		blobmsg_add_blob(&b, val);
-	blobmsg_close_table(&b, c);
-
-	c = blobmsg_open_table(&b, "action");
-	interface_dump_action(&b, iface, cl->data.cur_class);
-	blobmsg_close_table(&b, c);
-
-	c = blobmsg_open_table(&b, "dns_action");
-	interface_dump_action(&b, iface, cl->data.dns_class);
-	blobmsg_close_table(&b, c);
-
-	blobmsg_add_u64(&b, "bytes_ul", cl->data.bytes_ul);
-	blobmsg_add_u64(&b, "bytes_dl", cl->data.bytes_dl);
-}
-
-static int
-client_ubus_get(struct ubus_context *ctx, struct ubus_object *obj,
-		struct ubus_request_data *req, const char *method,
-		struct blob_attr *msg)
-{
-	struct blob_attr *tb[__CLIENT_ATTR_MAX];
-	struct interface *iface = NULL;
-	const void *addr = NULL;
-	const char *id = NULL;
-	struct client *cl = NULL;
-	int ret;
-
-	ret = client_ubus_init(msg, tb, &iface, &addr, &id, &cl);
-	if (ret)
-		return ret;
-
-	if (!cl)
-		return UBUS_STATUS_NOT_FOUND;
-
-	blob_buf_init(&b, 0);
-	blobmsg_add_string(&b, "address", ether_ntoa(cl->node.key));
-	client_dump(iface, cl);
-
-	ubus_send_reply(ctx, req, b.head);
-
-	return 0;
-}
-
-static int
-client_ubus_list(struct ubus_context *ctx, struct ubus_object *obj,
-		 struct ubus_request_data *req, const char *method,
-		 struct blob_attr *msg)
-{
-	struct blob_attr *iface_attr;
-	struct interface *iface;
-	struct client *cl;
-
-	blobmsg_parse(&client_policy[CLIENT_ATTR_IFACE], 1, &iface_attr,
-		      blobmsg_data(msg), blobmsg_len(msg));
-
-	if (!iface_attr)
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	iface = avl_find_element(&interfaces, blobmsg_get_string(iface_attr),
-				 iface, node);
-	if (!iface)
-		return UBUS_STATUS_NOT_FOUND;
-
-	blob_buf_init(&b, 0);
-	avl_for_each_element(&iface->clients, cl, node) {
-		void *c;
-
-		c = blobmsg_open_table(&b, ether_ntoa(cl->node.key));
-		client_dump(iface, cl);
-		blobmsg_close_table(&b, c);
-	}
-
-	ubus_send_reply(ctx, req, b.head);
-
-	return 0;
-}
-
-enum {
-	WHITELIST_ATTR_IFACE,
-	WHITELIST_ATTR_ADDR,
-	WHITELIST_ATTR_STATE,
-	__WHITELIST_ATTR_MAX
-};
-
-static const struct blobmsg_policy whitelist_policy[__WHITELIST_ATTR_MAX] = {
-	[WHITELIST_ATTR_IFACE] = { "interface", BLOBMSG_TYPE_STRING },
-	[WHITELIST_ATTR_ADDR] = { "address", BLOBMSG_TYPE_ARRAY },
-	[WHITELIST_ATTR_STATE] = { "state", BLOBMSG_TYPE_INT32 },
-};
-
-static int
-whitelist_update(struct ubus_context *ctx, struct ubus_object *obj,
-		 struct ubus_request_data *req, const char *method,
-		 struct blob_attr *msg)
-{
-	struct blob_attr *tb[__WHITELIST_ATTR_MAX];
-	struct interface *iface;
-	struct blob_attr *cur;
-	uint8_t state = 0;
-	const uint8_t *val = &state;
-	int rem;
-
-	blobmsg_parse(whitelist_policy, __WHITELIST_ATTR_MAX, tb,
-		      blobmsg_data(msg), blobmsg_len(msg));
-
-	if ((cur = tb[WHITELIST_ATTR_IFACE]) != NULL)
-		iface = avl_find_element(&interfaces, blobmsg_get_string(cur),
-					 iface, node);
-	else
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if ((cur = tb[WHITELIST_ATTR_STATE]) != NULL)
-		state = blobmsg_get_u32(cur);
-
-	if ((cur = tb[WHITELIST_ATTR_ADDR]) == NULL ||
-	    blobmsg_check_array(cur, BLOBMSG_TYPE_STRING) < 0)
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (!strcmp(method, "whitelist_remove"))
-		val = NULL;
-
-	blobmsg_for_each_attr(cur, tb[WHITELIST_ATTR_ADDR], rem) {
-		const char *addrstr = blobmsg_get_string(cur);
-		bool ipv6 = strchr(addrstr, ':');
-		union {
-			struct in_addr in;
-			struct in6_addr in6;
-		} addr = {};
-
-		if (inet_pton(ipv6 ? AF_INET6 : AF_INET, addrstr, &addr) != 1)
-			continue;
-
-		spotfilter_bpf_set_whitelist(iface, &addr, ipv6, val);
-	}
-
-	return 0;
-}
-
-static const struct ubus_method spotfilter_methods[] = {
-	UBUS_METHOD_NOARG("check_devices", check_devices),
-	UBUS_METHOD("client_set", client_ubus_update, client_policy),
-	UBUS_METHOD_MASK("client_remove", client_ubus_update, client_policy,
-			 (1 << CLIENT_ATTR_IFACE) | (1 << CLIENT_ATTR_ADDR)),
-	UBUS_METHOD_MASK("client_get", client_ubus_get, client_policy,
-			 (1 << CLIENT_ATTR_IFACE) | (1 << CLIENT_ATTR_ADDR)),
-	UBUS_METHOD_MASK("client_list", client_ubus_list, client_policy,
-			 (1 << CLIENT_ATTR_IFACE)),
-	UBUS_METHOD("interface_add", interface_ubus_add, iface_policy),
-	UBUS_METHOD_MASK("interface_remove", interface_ubus_remove,
-			 iface_policy, 1 << IFACE_ATTR_NAME),
-	UBUS_METHOD("whitelist_add", whitelist_update, whitelist_policy),
-	UBUS_METHOD_MASK("whitelist_remove", whitelist_update, whitelist_policy,
-			 (1 << WHITELIST_ATTR_IFACE) | (1 << WHITELIST_ATTR_ADDR)),
-};
-
-static struct ubus_object_type spotfilter_object_type =
-	UBUS_OBJECT_TYPE("spotfilter", spotfilter_methods);
-
-static struct ubus_object spotfilter_object = {
-	.name = "spotfilter",
-	.type = &spotfilter_object_type,
-	.methods = spotfilter_methods,
-	.n_methods = ARRAY_SIZE(spotfilter_methods),
-};
-
-static void
-ubus_connect_handler(struct ubus_context *ctx)
-{
-	ubus_add_object(ctx, &spotfilter_object);
-}
-
-static struct ubus_auto_conn conn;
-
-void spotfilter_ubus_notify(struct interface *iface, struct client *cl, const char *type)
-{
-	blob_buf_init(&b, 0);
-	blobmsg_add_string(&b, "interface", interface_name(iface));
-	if (cl) {
-		blobmsg_add_string(&b, "address", ether_ntoa(cl->node.key));
-		if (cl->id_node.key)
-			blobmsg_add_string(&b, "id", cl->id_node.key);
-	}
-
-	ubus_notify(&conn.ctx, &spotfilter_object, type, b.head, -1);
-}
-
-int spotfilter_ubus_init(void)
-{
-	conn.cb = ubus_connect_handler;
-	ubus_auto_connect(&conn);
-
-	return 0;
-}
-
-void spotfilter_ubus_stop(void)
-{
-	ubus_auto_shutdown(&conn);
-}

feeds/ucentral/ucentral-client/Makefile

@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-client
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-client.git
-PKG_MIRROR_HASH:=cc453333a37f79a42d036187f8c23dc977ff2467dd7b7ae24d025b560076288c
+PKG_MIRROR_HASH:=2fc20dd3b5c8a7d93e17a843a2feaa823a6f8e902fdca96df62aa3f12efdfbaa
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2022-06-22
-PKG_SOURCE_VERSION:=90d276feb03bcda38c48f114021b78e7d62b7a6f
+PKG_SOURCE_VERSION:=68fe6c21f2c2643de79ecd5558a51ffb84168f75
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

feeds/ucentral/ucentral-schema/Makefile

@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-schema
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
-PKG_MIRROR_HASH:=16cac9b483aa0ab14b2f1d5ab450307b8357baf351c18695046078c9f52661bf
+PKG_MIRROR_HASH:=3603ddd26026d3a5b0febe7fbae22fd28fd6d7370793ecf979561d8886be2af4
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2022-05-29
-PKG_SOURCE_VERSION:=b27df6432c75b05f1721a8afde36f3181362e55b
+PKG_SOURCE_VERSION:=9691cc6860c25ba7d62142846da44bd09c17acc0
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/captive-click.json

@@ -1,97 +0,0 @@
-{
-	"uuid": 2,
-	"radios": [
-		{
-			"band": "6G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "5G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "2G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		}
-	],
-
-	"interfaces": [
-		{
-			"name": "WAN",
-			"role": "upstream",
-			"ethernet": [
-				{
-					"select-ports": [
-						"WAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "dynamic"
-			},
-			"ssids": [
-				{
-					"name": "OpenWifi-hotspot",
-					"services": [ "captive" ],
-					"wifi-bands": [
-						"5G",
-						"2G"
-					],
-					"bss-mode": "ap",
-					"encryption": {
-						"proto": "psk2",
-						"key": "OpenWifi",
-						"ieee80211w": "optional"
-					}
-				}
-			]
-		},
-		{
-			"name": "LAN",
-			"role": "downstream",
-			"services": [ "ssh" ],
-			"ethernet": [
-				{
-					"select-ports": [
-						"LAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "static",
-				"subnet": "192.168.1.1/24",
-				"dhcp": {
-					"lease-first": 10,
-					"lease-count": 100,
-					"lease-time": "6h"
-				}
-			}
-		}
-	],
-	"metrics": {
-		"statistics": {
-			"interval": 120,
-			"types": [ "ssids", "lldp", "clients" ]
-		},
-		"health": {
-			"interval": 120
-		}
-	},
-	"services": {
-		"ssh": {
-			"port": 22
-		},
-		"captive": {
-			"auth-mode": "click-to-continue",
-			"walled-garden-fqdn": [
-				"*.google.com", "telecominfraproject.com"
-			]
-		}
-	}
-}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/captive-credentials.json

@@ -1,103 +0,0 @@
-{
-	"uuid": 2,
-	"radios": [
-		{
-			"band": "6G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "5G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "2G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		}
-	],
-
-	"interfaces": [
-		{
-			"name": "WAN",
-			"role": "upstream",
-			"ethernet": [
-				{
-					"select-ports": [
-						"WAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "dynamic"
-			},
-			"ssids": [
-				{
-					"name": "OpenWifi-hotspot",
-					"services": [ "captive" ],
-					"wifi-bands": [
-						"5G",
-						"2G"
-					],
-					"bss-mode": "ap",
-					"encryption": {
-						"proto": "psk2",
-						"key": "OpenWifi",
-						"ieee80211w": "optional"
-					}
-				}
-			]
-		},
-		{
-			"name": "LAN",
-			"role": "downstream",
-			"services": [ "ssh" ],
-			"ethernet": [
-				{
-					"select-ports": [
-						"LAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "static",
-				"subnet": "192.168.1.1/24",
-				"dhcp": {
-					"lease-first": 10,
-					"lease-count": 100,
-					"lease-time": "6h"
-				}
-			}
-		}
-	],
-	"metrics": {
-		"statistics": {
-			"interval": 120,
-			"types": [ "ssids", "lldp", "clients" ]
-		},
-		"health": {
-			"interval": 120
-		}
-	},
-	"services": {
-		"ssh": {
-			"port": 22
-		},
-		"captive": {
-			"auth-mode": "credentials",
-			"credentials": [
-				{
-					"username": "abc",
-					"password": "def"
-				}
-			],
-			"walled-garden-fqdn": [
-				"*.google.com", "telecominfraproject.com"
-			]
-		}
-	}
-}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/captive-radius.json

@@ -1,100 +0,0 @@
-{
-	"uuid": 2,
-	"radios": [
-		{
-			"band": "6G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "5G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "2G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		}
-	],
-
-	"interfaces": [
-		{
-			"name": "WAN",
-			"role": "upstream",
-			"ethernet": [
-				{
-					"select-ports": [
-						"WAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "dynamic"
-			},
-			"ssids": [
-				{
-					"name": "OpenWifi-hotspot",
-					"services": [ "captive" ],
-					"wifi-bands": [
-						"5G",
-						"2G"
-					],
-					"bss-mode": "ap",
-					"encryption": {
-						"proto": "psk2",
-						"key": "OpenWifi",
-						"ieee80211w": "optional"
-					}
-				}
-			]
-		},
-		{
-			"name": "LAN",
-			"role": "downstream",
-			"services": [ "ssh" ],
-			"ethernet": [
-				{
-					"select-ports": [
-						"LAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "static",
-				"subnet": "192.168.1.1/24",
-				"dhcp": {
-					"lease-first": 10,
-					"lease-count": 100,
-					"lease-time": "6h"
-				}
-			}
-		}
-	],
-	"metrics": {
-		"statistics": {
-			"interval": 120,
-			"types": [ "ssids", "lldp", "clients" ]
-		},
-		"health": {
-			"interval": 120
-		}
-	},
-	"services": {
-		"ssh": {
-			"port": 22
-		},
-		"captive": {
-			"auth-mode": "radius",
-			"auth-server": "212.24.98.232",
-			"auth-port": 1812,
-			"auth-secret": "secret",
-			"walled-garden-fqdn": [
-				"*.google.com", "telecominfraproject.com"
-			]
-		}
-	}
-}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/captive-uam.json

@@ -1,104 +0,0 @@
-{
-	"uuid": 2,
-	"radios": [
-		{
-			"band": "6G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "5G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		},
-		{
-			"band": "2G",
-			"country": "CA",
-			"channel-mode": "HE",
-			"channel-width": 80
-		}
-	],
-
-	"interfaces": [
-		{
-			"name": "WAN",
-			"role": "upstream",
-			"ethernet": [
-				{
-					"select-ports": [
-						"WAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "dynamic"
-			},
-			"ssids": [
-				{
-					"name": "OpenWifi-hotspot",
-					"services": [ "captive" ],
-					"wifi-bands": [
-						"5G",
-						"2G"
-					],
-					"bss-mode": "ap",
-					"encryption": {
-						"proto": "psk2",
-						"key": "OpenWifi",
-						"ieee80211w": "optional"
-					}
-				}
-			]
-		},
-		{
-			"name": "LAN",
-			"role": "downstream",
-			"services": [ "ssh" ],
-			"ethernet": [
-				{
-					"select-ports": [
-						"LAN*"
-					]
-				}
-			],
-			"ipv4": {
-				"addressing": "static",
-				"subnet": "192.168.1.1/24",
-				"dhcp": {
-					"lease-first": 10,
-					"lease-count": 100,
-					"lease-time": "6h"
-				}
-			}
-		}
-	],
-	"metrics": {
-		"statistics": {
-			"interval": 120,
-			"types": [ "ssids", "lldp", "clients" ]
-		},
-		"health": {
-			"interval": 120
-		}
-	},
-	"services": {
-		"ssh": {
-			"port": 22
-		},
-		"captive": {
-			"auth-mode": "uam",
-			"uam-port": 3990,
-			"uam-secret": "hotsys123",
-			"uam-server": "https://customer.hotspotsystem.com/customer/hotspotlogin.php",
-			"nasid": "AlmondLabs",
-			"auth-server": "radius.hotspotsystem.com",
-			"auth-port": 1812,
-			"auth-secret": "hotsys123",
-			"walled-garden-fqdn": [
-				"*.google.com", "telecominfraproject.com", "customer.hotspotsystem.com"
-			]
-		}
-	}
-}