ipq807x_v5.4/ipq50xx: When device is booting, it causes lan/wan ports bridge together

Fixes: WIFI-14849
Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>

.github/workflows/build-dev.yml

@@ -15,17 +15,21 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       x64_vm_image_name: ${{ steps.package_and_upload_image.outputs.x64_vm_image_name }}
     strategy:
       fail-fast: false
       matrix:
-        target: ['actiontec_web7200', 'cig_wf188n', 'cig_wf196', 'cig_wf610d', 'cig_wf808', 'cybertan_eww622-a1', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'liteon_wpx8324', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'edgecore_ecw5410', 'edgecore_oap100', 'edgecore_ssw2ac2600', 'edgecore_spw2ac1200', 'edgecore_spw2ac1200-lan-poe', 'hfcl_ion4', 'hfcl_ion4xe', 'hfcl_ion4xi', 'hfcl_ion4x', 'hfcl_ion4x_2', 'indio_um-305ac', 'indio_um-305ax', 'indio_um-325ac', 'indio_um-510ac-v3', 'indio_um-550ac', 'indio_um-310ax-v1', 'indio_um-510axp-v1', 'indio_um-510axm-v1', 'linksys_ea6350-v4', 'linksys_e8450-ubi', 'linksys_ea8300', 'meshpp_s618_cp03', 'meshpp_s618_cp01', 'udaya_a5-id2', 'wallys_dr40x9', 'wallys_dr6018', 'wallys_dr6018_v4', 'x64_vm', 'yuncore_ax840', 'yuncore_fap640', 'yuncore_fap650' ]
-
+        target: [ 'cig_wf189h', 'cig_wf189w', 'cig_wf660a', 'cig_wf672', 'cig_wf186h', 'cig_wf186w', 'cig_wf188n', 'cig_wf189', 'cig_wf196', 'cig_wf196', 'cybertan_eww631-a1', 'cybertan_eww631-b1', 'sonicfi_rap630w-312g', 'sonicfi_rap63xc-211g', 'sonicfi_rap630c-311g', 'sonicfi_rap630w-311g', 'sonicfi_rap630w-211g', 'sonicfi_rap650c', 'sonicfi_rap7110c-341x', 'sonicfi_rap750e-h', 'sonicfi_rap750e-s', 'sonicfi_rap750w-311a', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_eap105', 'edgecore_eap111', 'edgecore_eap112', 'edgecore_oap101', 'edgecore_oap101-6e', 'edgecore_oap101e', 'edgecore_oap101e-6e', 'edgecore_oap103', 'hfcl_ion4xe', 'hfcl_ion4xi', 'hfcl_ion4x', 'hfcl_ion4x_2', 'hfcl_ion4x_3', 'hfcl_ion4xi_w', 'hfcl_ion4x_w', 'indio_um-305ax', 'senao_iap4300m', 'senao_iap2300m', 'senao_jeap6500', 'udaya_a6-id2', 'udaya_a6-od2', 'yuncore_ax820', 'yuncore_ax840', 'yuncore_fap640', 'yuncore_fap650', 'yuncore_fap655', 'emplus_wap588m', 'zyxel_nwa130be', 'sercomm_ap72tip-v4' ]
     steps:
     - uses: actions/checkout@v3
 
+    # Clean unnecessary files to save disk space
+    - name: clean unncessary files to save space
+      run: |
+        docker rmi `docker images -q` || true
+
     - name: Build image for ${{ matrix.target }}
       id: build
       run: |
@@ -76,7 +80,7 @@ jobs:
         fi
 
   trigger-testing:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs: build
     if: startsWith(github.ref, 'refs/tags/v')
     steps:
@@ -89,7 +93,7 @@ jobs:
         client-payload: '{"ref": "${GITHUB_REF#refs/tags/}", "sha": "${{ github.sha }}"}'
 
   create-x64_vm-ami:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs: build
     if: startsWith(github.ref, 'refs/tags/v')
     steps:

.github/workflows/x64_vm-build-test.yml

@@ -29,7 +29,7 @@ jobs:
       run: |
         git config --global user.email "you@example.com"
         git config --global user.name "Your Name"
-        make -j TARGET=${{ matrix.target }}
+        make -j TARGET=${{ matrix.target }}        make -j TARGET=${{ matrix.target }}
 
     - name: Package and upload image for ${{ matrix.target }}
       id: package_and_upload_image

LICENSE

@@ -0,0 +1,28 @@
+BSD 3-Clause License
+
+Copyright (c) 2024, Telecom Infra Project
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

config.yml

@@ -1,16 +1,7 @@
 repo:  https://github.com/openwrt/openwrt.git
-branch: openwrt-21.02
-revision: c67509efd7d0c43eb3f622f06c8a31aa28d22f6e
+branch: openwrt-23.05
+revision: e92cf0c46ffe3ac7fca936c18577bfb19eb4ce9e
 output_dir: ./output
 
 patch_folders:
-  - patches/backports/
-  - patches/base
-  - patches/wifi
-  - patches/ath79
-  - patches/ramips
-  - patches/ipq40xx
-  - patches/ipq806x
-  - patches/ipq807x
-  - patches/rtkmipsel
-  - patches/rest
+  - patches

feeds/bluetooth-cc2652/ble_scan/Makefile

@@ -0,0 +1,29 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ble_scan
+PKG_VERSION:=1.0
+PKG_BUILD_DIR:= $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ble_scan
+	SECTION:=base
+	CATEGORY:=Utilities
+	TITLE:=ble_scan
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./src/* $(PKG_BUILD_DIR)/
+endef
+
+define Package/ble_scan/install
+	$(INSTALL_DIR) $(1)/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ble_scan $(1)/bin/
+endef
+
+define Package/ble_scan/extra_provides
+    echo "libc.so.6";
+endef
+
+$(eval $(call BuildPackage,ble_scan))

feeds/bluetooth-cc2652/ble_scan/src/Makefile

@@ -0,0 +1,47 @@
+#all: ble_scan
+#ble_scan: ble_scan.o
+#	$(CC) $(LDFLAGS) ble_scan.o -o ble_scan
+#blescan.o: ble_scan.c
+#	$(CC) $(CFLAGS) -c ble_scan.c
+#clean:
+#	rm *.o ble_scan
+
+#
+#
+# Author: Teunis van Beelen
+#
+# email: teuniz@protonmail.com
+#
+#
+
+#CROSS-COMPILE:=../../../../../qsdk/staging_dir/toolchain-arm/bin/arm-openwrt-linux-
+#CC:=$(CROSS-COMPILE)gcc
+
+CC = gcc
+CFLAGS = -Wall -Wextra -Wshadow -Wformat-nonliteral -Wformat-security -Wtype-limits -O2
+
+objects = rs232.o
+
+all: ble_scan
+
+ble_scan : $(objects) ble_scan.o
+	$(CC) $(CFLAGS) $(objects) ble_scan.o -o ble_scan
+
+ble_scan.o : ble_scan.c rs232.h
+	$(CC) $(CFLAGS) -c ble_scan.c -o ble_scan.o
+
+rs232.o : rs232.h rs232.c
+	$(CC) $(CFLAGS) -c rs232.c -o rs232.o
+
+clean :
+	$(RM) ble_scan $(objects) ble_scan.o
+
+#
+#
+#
+#
+
+
+
+
+

feeds/bluetooth-cc2652/ble_scan/src/ble_scan.c

@@ -0,0 +1,387 @@
+
+/**************************************************
+
+file: ble_scan.c
+purpose: Send HCI command to do BLE scan
+
+compile with the command: gcc ble_scan.c rs232.c -Wall -Wextra -o2 -o ble_scan
+
+**************************************************/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+#ifdef _WIN32
+#include <Windows.h>
+#else
+#include <unistd.h>
+#endif
+
+#include "rs232.h"
+
+#define TX 0
+#define RX 1
+#define BUF_SIZE 4095
+#define FULL_BUF_SIZE BUF_SIZE*4
+
+//#define DEBUG
+
+#ifdef DEBUG
+#else
+#endif
+
+int print_hex(int mode, unsigned char *buf, int size);
+int rx_pkt_parser(unsigned char *buf, int size);
+
+
+struct rx_packet_h{
+	unsigned char rxType;
+	unsigned char rxEventCode;
+  unsigned char rxDataLen;
+	unsigned char Event[2];
+	unsigned char Status;
+};
+
+struct event_cmd_st_h{
+	unsigned char OpCode[2];
+	unsigned char DataLength;
+};
+
+struct event_scn_evnt_rep_h{
+  unsigned char EventId[4];
+	unsigned char AdvRptEventType;
+	unsigned char AddressType;
+	unsigned char Address[6];
+	unsigned char PrimaryPHY;
+	unsigned char SecondaryPHY;
+	unsigned char AdvSid;
+	unsigned char TxPower;
+	unsigned char RSSI;
+	unsigned char DirectAddrType;
+	unsigned char DirectAddr[6];
+	unsigned char PeriodicAdvInt[2];
+	unsigned char DataLength[2];
+	//unsigned char *DataPtr;
+};
+
+
+
+int main()
+{
+  int cport_nr,bdrate,n;
+	//cport_nr=0,        /* /dev/ttyS0 (COM1 on windows) */
+	//bdrate=9600;       /* 9600 baud */
+	cport_nr=39,          /*  (ttyMSM1 : 39) */
+	bdrate=115200;       /* 115200 baud */
+#ifdef DEBUG
+	clock_t t;
+#endif
+  char mode[]={'8','N','1',0};
+
+  unsigned char buf[BUF_SIZE];
+  unsigned char full_buf[FULL_BUF_SIZE];
+  int full_buf_ptr = 0;
+  unsigned char HCIExt_ResetSystemCmd[] = {0x01, 0x1D, 0xFC, 0x01, 0x00 };
+  int HCIExt_ResetSystemCmd_length = 5;
+
+  unsigned char GAP_DeviceInitCmd[] = {0x01, 0x00, 0xFE, 0x08, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+  int GAP_DeviceInitCmd_length = 12;
+
+  unsigned char GapScan_enableCmd[] = {0x01, 0x51, 0xFE, 0x06, 0x00, 0x00, 0xF4, 0x01, 0x28, 0x00 };
+  int GapScan_enableCmd_length = 10;
+
+  if(RS232_OpenComport(cport_nr, bdrate, mode, 0))
+  {
+    printf("Can not open comport\n");
+
+    return(0);
+  }
+
+  RS232_flushRXTX(cport_nr);
+
+  // send reset command
+#ifdef DEBUG
+  t=clock();
+  print_hex(TX, HCIExt_ResetSystemCmd, HCIExt_ResetSystemCmd_length);
+  t=clock()-t;
+  printf("t=%ld\n",t);  //60 
+#else
+  /* sleep for 60ms */
+    usleep(60000);
+#endif
+
+
+  RS232_SendBuf(cport_nr, HCIExt_ResetSystemCmd, HCIExt_ResetSystemCmd_length);
+  /* sleep for 1 Second */
+#ifdef DEBUG
+  t=clock();
+#endif
+  usleep(1000000);
+#ifdef DEBUG
+  t=clock()-t;
+  printf("CLOCKS_PER_SEC=%ld\n",t);
+#endif
+  n = RS232_PollComport(cport_nr, buf, BUF_SIZE);
+
+#ifdef DEBUG
+  t=clock();
+  print_hex(RX, buf, n);
+  t=clock()-t;
+  printf("t=%ld\n",t);
+#else
+  /* sleep for 300ms */
+    usleep(300000);
+#endif
+
+
+
+	// send device initial command
+#ifdef DEBUG
+  t=clock();
+  print_hex(TX, GAP_DeviceInitCmd, GAP_DeviceInitCmd_length);
+  t=clock()-t;
+  printf("t=%ld\n",t);
+#else
+  /* sleep for 250 ms */
+    usleep(250000);
+#endif
+
+
+
+  RS232_SendBuf(cport_nr, GAP_DeviceInitCmd, GAP_DeviceInitCmd_length);
+/* sleep for 0.5 Second */
+    usleep(500000);
+
+  n = RS232_PollComport(cport_nr, buf, BUF_SIZE);
+
+#ifdef DEBUG
+  t=clock();
+  print_hex(RX, buf, n);
+  t=clock()-t;
+  printf("t=%ld\n",t);
+#else
+  /* sleep for 500 ms */
+    usleep(500000);
+#endif
+
+
+  // send scan command
+#ifdef DEBUG
+  t=clock();
+  print_hex(TX, GapScan_enableCmd, GapScan_enableCmd_length);
+  t=clock()-t;
+  printf("t=%ld\n",t);
+#else
+  /* sleep for 30ms */
+    usleep(30000);
+#endif
+
+
+  RS232_SendBuf(cport_nr, GapScan_enableCmd, GapScan_enableCmd_length);
+
+	//read scan respone
+	while (n > 0)
+	{
+	/* sleep for 400 mS */
+      usleep(400000);
+
+	  n = RS232_PollComport(cport_nr, buf, BUF_SIZE);
+#ifdef DEBUG
+  t=clock();
+  print_hex(RX, buf, n); 
+  t=clock()-t;
+  printf("t=%ld\n",t);
+#endif
+		
+		if (full_buf_ptr+n>FULL_BUF_SIZE)
+		{
+#ifdef DEBUG
+			printf("buffer full. break.\n");
+#endif
+			break;
+		}
+		memcpy(full_buf+full_buf_ptr, buf, n);
+		full_buf_ptr+=n;
+
+#ifdef DEBUG
+		printf("n:%d, full_buf_ptr:%d\n",n, full_buf_ptr);
+#endif
+	}
+#ifdef DEBUG
+  print_hex(RX, full_buf, full_buf_ptr);
+#endif
+  rx_pkt_parser( full_buf, full_buf_ptr);
+#ifdef DEBUG
+	printf("n:%d, full_buf_ptr:%d\n",n, full_buf_ptr);
+#endif
+	RS232_flushRXTX(cport_nr);
+	RS232_CloseComport(cport_nr);
+  return(0);
+}
+/**************************************************
+Print buffer in HEX
+**************************************************/
+int print_hex(int mode, unsigned char *buf, int size)
+{
+
+	int ii,jj;
+
+	if (mode == TX)
+		printf("TX: ");
+	else
+		printf("RX: ");
+
+	for(ii=0,jj=0; ii < size; ii++,jj++)
+	{
+		printf("%02X ",buf[ii]);
+		if (jj==15)
+		{
+				printf("\n");
+				jj = 0;
+		}
+	}
+	printf("\n");
+
+	return(0);
+}
+
+
+int rx_pkt_parser(unsigned char *buf, int size)
+{
+	int pkt_index=0;
+	int pkt_size=0;
+	int temp_event=0;
+	int temp_EventId=0;
+	int total_device_count=0;
+	char szAddress[18];
+	struct rx_packet_h *rx_packet;
+	struct event_scn_evnt_rep_h *event_scn_evnt_rep;
+#ifdef DEBUG
+	int dump_i=0;
+	unsigned char *pkt_ptr;
+#endif
+	if(size<=0){printf("size error\n");return -1;}
+
+	printf("BLE scan start:\n");
+	rx_packet = (struct rx_packet_h *)(buf);
+
+	while(pkt_index<size)
+	{
+#ifdef DEBUG
+		printf("--------------------------------------------------------------------\n");
+		printf("-Type           : 0x%02X (%s)\n",rx_packet->rxType,rx_packet->rxType==0x4?"Event":"Unknown");
+
+		if(rx_packet->rxType!=0x4)
+		{
+			printf(" Type unknown, rxType:0x%02X, pkt_index:%d\n",rx_packet->rxType,pkt_index);
+		}
+
+		printf("-EventCode      : 0x%02X (%s)\n",rx_packet->rxEventCode,rx_packet->rxEventCode==0xff?"HCI_LE_ExtEvent":"Unknown");
+		if(rx_packet->rxEventCode!=0xff)
+		{
+			printf(" EventCode unknown, rxEventCode:0x%02X, pkt_index:%d\n",rx_packet->rxEventCode,pkt_index);
+		}
+
+		printf("-Data Length    : 0x%02X (%d) bytes(s)\n",rx_packet->rxDataLen,rx_packet->rxDataLen);
+#endif
+		temp_event = (rx_packet->Event[1]<<8)+rx_packet->Event[0] ;
+#ifdef DEBUG
+		printf(" Event          : 0x%02X%02X (%d) ",rx_packet->Event[1],rx_packet->Event[0],temp_event);
+		if(temp_event==0x067F)
+		{
+			printf("(GAP_HCI_ExtentionCommandStatus)\n");
+		}
+		else if(temp_event==0x0600)
+		{
+			printf("(GAP_DeviceInitDone)\n");
+		}
+		else if(temp_event==0x0613)
+		{
+			printf("(GAP_AdvertiserScannerEvent)\n");
+		}
+		else 
+		{
+			printf(" Event unknown, Event:0x%04X, pkt_index:%d\n",temp_event,pkt_index);
+		}
+		
+		printf(" Status         : 0x%02X (%d) (%s)\n",rx_packet->Status,rx_packet->Status,rx_packet->Status==0?"SUCCESS":"FAIL");
+#endif
+
+		if(temp_event==0x0613)
+		{
+			event_scn_evnt_rep = (struct event_scn_evnt_rep_h *)(&(rx_packet->Status) + 1);
+			temp_EventId = (event_scn_evnt_rep->EventId[3]<<24) + (event_scn_evnt_rep->EventId[2]<<16) +
+			               (event_scn_evnt_rep->EventId[1]<<8) + (event_scn_evnt_rep->EventId[0]) ;
+#ifdef DEBUG
+			printf(" EventId        : 0x%02X%02X%02X%02X (%d) ", event_scn_evnt_rep->EventId[3],
+																																	event_scn_evnt_rep->EventId[2],
+																																	event_scn_evnt_rep->EventId[1],
+																																	event_scn_evnt_rep->EventId[0],temp_EventId);
+
+			if(temp_EventId==0x00010000)
+			{
+				printf("(GAP_EVT_SCAN_ENABLED)\n");
+			}
+			else if(temp_EventId==0x00020000)
+			{
+				printf("(GAP_EVT_SCAN_DISABLED)\n");
+			}
+			else if(temp_EventId==0x00400000)
+			{
+				printf("(GAP_EVT_ADV_REPORT)\n");
+			}
+			else
+			{
+				printf(" EventId unknown, EventId:0x%08X, pkt_index:%d\n",temp_EventId,pkt_index);
+			}
+#endif
+			if(temp_EventId==0x00400000)
+			{
+				sprintf(szAddress,"%02X:%02X:%02X:%02X:%02X:%02X", event_scn_evnt_rep->Address[5],
+																																	event_scn_evnt_rep->Address[4],
+																																	event_scn_evnt_rep->Address[3],
+																																	event_scn_evnt_rep->Address[2],
+																																	event_scn_evnt_rep->Address[1],
+																																	event_scn_evnt_rep->Address[0]);
+#ifdef DEBUG
+				printf("%04d", total_device_count);
+				printf(" Address        : %s", szAddress);
+				printf(" RSSI           : 0x%02X (%d)(%d)",event_scn_evnt_rep->RSSI,event_scn_evnt_rep->RSSI,event_scn_evnt_rep->RSSI-256);
+#else
+				printf(" Address: %s RSSI: %d", szAddress, event_scn_evnt_rep->RSSI-256);
+#endif
+				printf("\n");
+				total_device_count++;
+			}
+		}
+
+
+		pkt_size = 3+rx_packet->rxDataLen;
+
+#ifdef DEBUG
+		pkt_ptr = (unsigned char *)rx_packet;
+		printf(" <Info   > Dump(Rx):");
+		for(dump_i=0; dump_i < pkt_size; dump_i++)
+		{
+			if (dump_i%16==0)
+			{
+					printf("\n");
+					printf("%04x:",dump_i);
+			}
+			printf("%02X ",pkt_ptr[dump_i]);
+		}
+		printf("\n");
+#endif
+		
+		pkt_index+=pkt_size;
+#ifdef DEBUG
+		printf(" pkt_size:%d, pkt_index:%d\n",pkt_size,pkt_index);
+#endif
+		rx_packet = (struct rx_packet_h *)(&(rx_packet->rxDataLen) + rx_packet->rxDataLen + 1);
+
+	}
+	printf("Total: %d Device found.\n",total_device_count);
+	return 0;
+}
+
+

feeds/bluetooth-cc2652/ble_scan/src/rs232.c

@@ -0,0 +1,879 @@
+/*
+***************************************************************************
+*
+* Author: Teunis van Beelen
+*
+* Copyright (C) 2005 - 2021 Teunis van Beelen
+*
+* Email: teuniz@protonmail.com
+*
+***************************************************************************
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+***************************************************************************
+*/
+
+
+/* Last revision: February 9, 2021 */
+/* For more info and how to use this library, visit: http://www.teuniz.net/RS-232/ */
+
+
+#include "rs232.h"
+
+
+#if defined(__linux__) || defined(__FreeBSD__)   /* Linux & FreeBSD */
+
+#define RS232_PORTNR  40
+
+
+int Cport[RS232_PORTNR],
+    error;
+
+struct termios new_port_settings,
+       old_port_settings[RS232_PORTNR];
+
+const char *comports[RS232_PORTNR]={"/dev/ttyS0","/dev/ttyS1","/dev/ttyS2","/dev/ttyS3","/dev/ttyS4","/dev/ttyS5",
+                                    "/dev/ttyS6","/dev/ttyS7","/dev/ttyS8","/dev/ttyS9","/dev/ttyS10","/dev/ttyS11",
+                                    "/dev/ttyS12","/dev/ttyS13","/dev/ttyS14","/dev/ttyS15","/dev/ttyUSB0",
+                                    "/dev/ttyUSB1","/dev/ttyUSB2","/dev/ttyUSB3","/dev/ttyUSB4","/dev/ttyUSB5",
+                                    "/dev/ttyAMA0","/dev/ttyAMA1","/dev/ttyACM0","/dev/ttyACM1",
+                                    "/dev/rfcomm0","/dev/rfcomm1","/dev/ircomm0","/dev/ircomm1",
+                                    "/dev/cuau0","/dev/cuau1","/dev/cuau2","/dev/cuau3",
+                                    "/dev/cuaU0","/dev/cuaU1","/dev/cuaU2","/dev/cuaU3",
+                                    "/dev/ttyMSM0","/dev/ttyMSM1"};
+int RS232_OpenComport(int comport_number, int baudrate, const char *mode, int flowctrl)
+{
+  int baudr,
+      status;
+
+  if((comport_number>=RS232_PORTNR)||(comport_number<0))
+  {
+    printf("illegal comport number\n");
+    return(1);
+  }
+
+  switch(baudrate)
+  {
+    case      50 : baudr = B50;
+                   break;
+    case      75 : baudr = B75;
+                   break;
+    case     110 : baudr = B110;
+                   break;
+    case     134 : baudr = B134;
+                   break;
+    case     150 : baudr = B150;
+                   break;
+    case     200 : baudr = B200;
+                   break;
+    case     300 : baudr = B300;
+                   break;
+    case     600 : baudr = B600;
+                   break;
+    case    1200 : baudr = B1200;
+                   break;
+    case    1800 : baudr = B1800;
+                   break;
+    case    2400 : baudr = B2400;
+                   break;
+    case    4800 : baudr = B4800;
+                   break;
+    case    9600 : baudr = B9600;
+                   break;
+    case   19200 : baudr = B19200;
+                   break;
+    case   38400 : baudr = B38400;
+                   break;
+    case   57600 : baudr = B57600;
+                   break;
+    case  115200 : baudr = B115200;
+                   break;
+    case  230400 : baudr = B230400;
+                   break;
+    case  460800 : baudr = B460800;
+                   break;
+#if defined(__linux__)
+    case  500000 : baudr = B500000;
+                   break;
+    case  576000 : baudr = B576000;
+                   break;
+    case  921600 : baudr = B921600;
+                   break;
+    case 1000000 : baudr = B1000000;
+                   break;
+    case 1152000 : baudr = B1152000;
+                   break;
+    case 1500000 : baudr = B1500000;
+                   break;
+    case 2000000 : baudr = B2000000;
+                   break;
+    case 2500000 : baudr = B2500000;
+                   break;
+    case 3000000 : baudr = B3000000;
+                   break;
+    case 3500000 : baudr = B3500000;
+                   break;
+    case 4000000 : baudr = B4000000;
+                   break;
+#endif
+    default      : printf("invalid baudrate\n");
+                   return(1);
+                   break;
+  }
+
+  int cbits=CS8,
+      cpar=0,
+      ipar=IGNPAR,
+      bstop=0;
+
+  if(strlen(mode) != 3)
+  {
+    printf("invalid mode \"%s\"\n", mode);
+    return(1);
+  }
+
+  switch(mode[0])
+  {
+    case '8': cbits = CS8;
+              break;
+    case '7': cbits = CS7;
+              break;
+    case '6': cbits = CS6;
+              break;
+    case '5': cbits = CS5;
+              break;
+    default : printf("invalid number of data-bits '%c'\n", mode[0]);
+              return(1);
+              break;
+  }
+
+  switch(mode[1])
+  {
+    case 'N':
+    case 'n': cpar = 0;
+              ipar = IGNPAR;
+              break;
+    case 'E':
+    case 'e': cpar = PARENB;
+              ipar = INPCK;
+              break;
+    case 'O':
+    case 'o': cpar = (PARENB | PARODD);
+              ipar = INPCK;
+              break;
+    default : printf("invalid parity '%c'\n", mode[1]);
+              return(1);
+              break;
+  }
+
+  switch(mode[2])
+  {
+    case '1': bstop = 0;
+              break;
+    case '2': bstop = CSTOPB;
+              break;
+    default : printf("invalid number of stop bits '%c'\n", mode[2]);
+              return(1);
+              break;
+  }
+
+/*
+http://pubs.opengroup.org/onlinepubs/7908799/xsh/termios.h.html
+
+http://man7.org/linux/man-pages/man3/termios.3.html
+*/
+
+  Cport[comport_number] = open(comports[comport_number], O_RDWR | O_NOCTTY | O_NDELAY);
+  if(Cport[comport_number]==-1)
+  {
+    perror("unable to open comport ");
+    return(1);
+  }
+
+  /* lock access so that another process can't also use the port */
+  if(flock(Cport[comport_number], LOCK_EX | LOCK_NB) != 0)
+  {
+    close(Cport[comport_number]);
+    perror("Another process has locked the comport.");
+    return(1);
+  }
+
+  error = tcgetattr(Cport[comport_number], old_port_settings + comport_number);
+  if(error==-1)
+  {
+    close(Cport[comport_number]);
+    flock(Cport[comport_number], LOCK_UN);  /* free the port so that others can use it. */
+    perror("unable to read portsettings ");
+    return(1);
+  }
+  memset(&new_port_settings, 0, sizeof(new_port_settings));  /* clear the new struct */
+
+  new_port_settings.c_cflag = cbits | cpar | bstop | CLOCAL | CREAD;
+  if(flowctrl)
+  {
+    new_port_settings.c_cflag |= CRTSCTS;
+  }
+  new_port_settings.c_iflag = ipar;
+  new_port_settings.c_oflag = 0;
+  new_port_settings.c_lflag = 0;
+  new_port_settings.c_cc[VMIN] = 0;      /* block untill n bytes are received */
+  new_port_settings.c_cc[VTIME] = 0;     /* block untill a timer expires (n * 100 mSec.) */
+
+  cfsetispeed(&new_port_settings, baudr);
+  cfsetospeed(&new_port_settings, baudr);
+
+  error = tcsetattr(Cport[comport_number], TCSANOW, &new_port_settings);
+  if(error==-1)
+  {
+    tcsetattr(Cport[comport_number], TCSANOW, old_port_settings + comport_number);
+    close(Cport[comport_number]);
+    flock(Cport[comport_number], LOCK_UN);  /* free the port so that others can use it. */
+    perror("unable to adjust portsettings ");
+    return(1);
+  }
+
+/* http://man7.org/linux/man-pages/man4/tty_ioctl.4.html */
+
+  if(ioctl(Cport[comport_number], TIOCMGET, &status) == -1)
+  {
+    tcsetattr(Cport[comport_number], TCSANOW, old_port_settings + comport_number);
+    flock(Cport[comport_number], LOCK_UN);  /* free the port so that others can use it. */
+    perror("unable to get portstatus");
+    return(1);
+  }
+
+  status |= TIOCM_DTR;    /* turn on DTR */
+  status |= TIOCM_RTS;    /* turn on RTS */
+
+  if(ioctl(Cport[comport_number], TIOCMSET, &status) == -1)
+  {
+    tcsetattr(Cport[comport_number], TCSANOW, old_port_settings + comport_number);
+    flock(Cport[comport_number], LOCK_UN);  /* free the port so that others can use it. */
+    perror("unable to set portstatus");
+    return(1);
+  }
+
+  return(0);
+}
+
+
+int RS232_PollComport(int comport_number, unsigned char *buf, int size)
+{
+  int n;
+
+  n = read(Cport[comport_number], buf, size);
+
+  if(n < 0)
+  {
+    if(errno == EAGAIN)  return 0;
+  }
+
+  return(n);
+}
+
+
+int RS232_SendByte(int comport_number, unsigned char byte)
+{
+  int n = write(Cport[comport_number], &byte, 1);
+  if(n < 0)
+  {
+    if(errno == EAGAIN)
+    {
+      return 0;
+    }
+    else
+    {
+      return 1;
+    }
+  }
+
+  return(0);
+}
+
+
+int RS232_SendBuf(int comport_number, unsigned char *buf, int size)
+{
+  int n = write(Cport[comport_number], buf, size);
+  if(n < 0)
+  {
+    if(errno == EAGAIN)
+    {
+      return 0;
+    }
+    else
+    {
+      return -1;
+    }
+  }
+
+  return(n);
+}
+
+
+void RS232_CloseComport(int comport_number)
+{
+  int status;
+
+  if(ioctl(Cport[comport_number], TIOCMGET, &status) == -1)
+  {
+    perror("unable to get portstatus");
+  }
+
+  status &= ~TIOCM_DTR;    /* turn off DTR */
+  status &= ~TIOCM_RTS;    /* turn off RTS */
+
+  if(ioctl(Cport[comport_number], TIOCMSET, &status) == -1)
+  {
+    perror("unable to set portstatus");
+  }
+
+  tcsetattr(Cport[comport_number], TCSANOW, old_port_settings + comport_number);
+  close(Cport[comport_number]);
+
+  flock(Cport[comport_number], LOCK_UN);  /* free the port so that others can use it. */
+}
+
+/*
+Constant  Description
+TIOCM_LE        DSR (data set ready/line enable)
+TIOCM_DTR       DTR (data terminal ready)
+TIOCM_RTS       RTS (request to send)
+TIOCM_ST        Secondary TXD (transmit)
+TIOCM_SR        Secondary RXD (receive)
+TIOCM_CTS       CTS (clear to send)
+TIOCM_CAR       DCD (data carrier detect)
+TIOCM_CD        see TIOCM_CAR
+TIOCM_RNG       RNG (ring)
+TIOCM_RI        see TIOCM_RNG
+TIOCM_DSR       DSR (data set ready)
+
+http://man7.org/linux/man-pages/man4/tty_ioctl.4.html
+*/
+
+int RS232_IsDCDEnabled(int comport_number)
+{
+  int status;
+
+  ioctl(Cport[comport_number], TIOCMGET, &status);
+
+  if(status&TIOCM_CAR) return(1);
+  else return(0);
+}
+
+
+int RS232_IsRINGEnabled(int comport_number)
+{
+  int status;
+
+  ioctl(Cport[comport_number], TIOCMGET, &status);
+
+  if(status&TIOCM_RNG) return(1);
+  else return(0);
+}
+
+
+int RS232_IsCTSEnabled(int comport_number)
+{
+  int status;
+
+  ioctl(Cport[comport_number], TIOCMGET, &status);
+
+  if(status&TIOCM_CTS) return(1);
+  else return(0);
+}
+
+
+int RS232_IsDSREnabled(int comport_number)
+{
+  int status;
+
+  ioctl(Cport[comport_number], TIOCMGET, &status);
+
+  if(status&TIOCM_DSR) return(1);
+  else return(0);
+}
+
+
+void RS232_enableDTR(int comport_number)
+{
+  int status;
+
+  if(ioctl(Cport[comport_number], TIOCMGET, &status) == -1)
+  {
+    perror("unable to get portstatus");
+  }
+
+  status |= TIOCM_DTR;    /* turn on DTR */
+
+  if(ioctl(Cport[comport_number], TIOCMSET, &status) == -1)
+  {
+    perror("unable to set portstatus");
+  }
+}
+
+
+void RS232_disableDTR(int comport_number)
+{
+  int status;
+
+  if(ioctl(Cport[comport_number], TIOCMGET, &status) == -1)
+  {
+    perror("unable to get portstatus");
+  }
+
+  status &= ~TIOCM_DTR;    /* turn off DTR */
+
+  if(ioctl(Cport[comport_number], TIOCMSET, &status) == -1)
+  {
+    perror("unable to set portstatus");
+  }
+}
+
+
+void RS232_enableRTS(int comport_number)
+{
+  int status;
+
+  if(ioctl(Cport[comport_number], TIOCMGET, &status) == -1)
+  {
+    perror("unable to get portstatus");
+  }
+
+  status |= TIOCM_RTS;    /* turn on RTS */
+
+  if(ioctl(Cport[comport_number], TIOCMSET, &status) == -1)
+  {
+    perror("unable to set portstatus");
+  }
+}
+
+
+void RS232_disableRTS(int comport_number)
+{
+  int status;
+
+  if(ioctl(Cport[comport_number], TIOCMGET, &status) == -1)
+  {
+    perror("unable to get portstatus");
+  }
+
+  status &= ~TIOCM_RTS;    /* turn off RTS */
+
+  if(ioctl(Cport[comport_number], TIOCMSET, &status) == -1)
+  {
+    perror("unable to set portstatus");
+  }
+}
+
+
+void RS232_flushRX(int comport_number)
+{
+  tcflush(Cport[comport_number], TCIFLUSH);
+}
+
+
+void RS232_flushTX(int comport_number)
+{
+  tcflush(Cport[comport_number], TCOFLUSH);
+}
+
+
+void RS232_flushRXTX(int comport_number)
+{
+  tcflush(Cport[comport_number], TCIOFLUSH);
+}
+
+
+#else  /* windows */
+
+#define RS232_PORTNR  32
+
+HANDLE Cport[RS232_PORTNR];
+
+
+const char *comports[RS232_PORTNR]={"\\\\.\\COM1",  "\\\\.\\COM2",  "\\\\.\\COM3",  "\\\\.\\COM4",
+                                    "\\\\.\\COM5",  "\\\\.\\COM6",  "\\\\.\\COM7",  "\\\\.\\COM8",
+                                    "\\\\.\\COM9",  "\\\\.\\COM10", "\\\\.\\COM11", "\\\\.\\COM12",
+                                    "\\\\.\\COM13", "\\\\.\\COM14", "\\\\.\\COM15", "\\\\.\\COM16",
+                                    "\\\\.\\COM17", "\\\\.\\COM18", "\\\\.\\COM19", "\\\\.\\COM20",
+                                    "\\\\.\\COM21", "\\\\.\\COM22", "\\\\.\\COM23", "\\\\.\\COM24",
+                                    "\\\\.\\COM25", "\\\\.\\COM26", "\\\\.\\COM27", "\\\\.\\COM28",
+                                    "\\\\.\\COM29", "\\\\.\\COM30", "\\\\.\\COM31", "\\\\.\\COM32"};
+
+char mode_str[128];
+
+
+int RS232_OpenComport(int comport_number, int baudrate, const char *mode, int flowctrl)
+{
+  if((comport_number>=RS232_PORTNR)||(comport_number<0))
+  {
+    printf("illegal comport number\n");
+    return(1);
+  }
+
+  switch(baudrate)
+  {
+    case     110 : strcpy(mode_str, "baud=110");
+                   break;
+    case     300 : strcpy(mode_str, "baud=300");
+                   break;
+    case     600 : strcpy(mode_str, "baud=600");
+                   break;
+    case    1200 : strcpy(mode_str, "baud=1200");
+                   break;
+    case    2400 : strcpy(mode_str, "baud=2400");
+                   break;
+    case    4800 : strcpy(mode_str, "baud=4800");
+                   break;
+    case    9600 : strcpy(mode_str, "baud=9600");
+                   break;
+    case   19200 : strcpy(mode_str, "baud=19200");
+                   break;
+    case   38400 : strcpy(mode_str, "baud=38400");
+                   break;
+    case   57600 : strcpy(mode_str, "baud=57600");
+                   break;
+    case  115200 : strcpy(mode_str, "baud=115200");
+                   break;
+    case  128000 : strcpy(mode_str, "baud=128000");
+                   break;
+    case  256000 : strcpy(mode_str, "baud=256000");
+                   break;
+    case  500000 : strcpy(mode_str, "baud=500000");
+                   break;
+    case  921600 : strcpy(mode_str, "baud=921600");
+                   break;
+    case 1000000 : strcpy(mode_str, "baud=1000000");
+                   break;
+    case 1500000 : strcpy(mode_str, "baud=1500000");
+                   break;
+    case 2000000 : strcpy(mode_str, "baud=2000000");
+                   break;
+    case 3000000 : strcpy(mode_str, "baud=3000000");
+                   break;
+    default      : printf("invalid baudrate\n");
+                   return(1);
+                   break;
+  }
+
+  if(strlen(mode) != 3)
+  {
+    printf("invalid mode \"%s\"\n", mode);
+    return(1);
+  }
+
+  switch(mode[0])
+  {
+    case '8': strcat(mode_str, " data=8");
+              break;
+    case '7': strcat(mode_str, " data=7");
+              break;
+    case '6': strcat(mode_str, " data=6");
+              break;
+    case '5': strcat(mode_str, " data=5");
+              break;
+    default : printf("invalid number of data-bits '%c'\n", mode[0]);
+              return(1);
+              break;
+  }
+
+  switch(mode[1])
+  {
+    case 'N':
+    case 'n': strcat(mode_str, " parity=n");
+              break;
+    case 'E':
+    case 'e': strcat(mode_str, " parity=e");
+              break;
+    case 'O':
+    case 'o': strcat(mode_str, " parity=o");
+              break;
+    default : printf("invalid parity '%c'\n", mode[1]);
+              return(1);
+              break;
+  }
+
+  switch(mode[2])
+  {
+    case '1': strcat(mode_str, " stop=1");
+              break;
+    case '2': strcat(mode_str, " stop=2");
+              break;
+    default : printf("invalid number of stop bits '%c'\n", mode[2]);
+              return(1);
+              break;
+  }
+
+  if(flowctrl)
+  {
+    strcat(mode_str, " xon=off to=off odsr=off dtr=on rts=off");
+  }
+  else
+  {
+    strcat(mode_str, " xon=off to=off odsr=off dtr=on rts=on");
+  }
+
+/*
+http://msdn.microsoft.com/en-us/library/windows/desktop/aa363145%28v=vs.85%29.aspx
+
+http://technet.microsoft.com/en-us/library/cc732236.aspx
+
+https://docs.microsoft.com/en-us/windows/desktop/api/winbase/ns-winbase-_dcb
+*/
+
+  Cport[comport_number] = CreateFileA(comports[comport_number],
+                      GENERIC_READ|GENERIC_WRITE,
+                      0,                          /* no share  */
+                      NULL,                       /* no security */
+                      OPEN_EXISTING,
+                      0,                          /* no threads */
+                      NULL);                      /* no templates */
+
+  if(Cport[comport_number]==INVALID_HANDLE_VALUE)
+  {
+    printf("unable to open comport\n");
+    return(1);
+  }
+
+  DCB port_settings;
+  memset(&port_settings, 0, sizeof(port_settings));  /* clear the new struct  */
+  port_settings.DCBlength = sizeof(port_settings);
+
+  if(!BuildCommDCBA(mode_str, &port_settings))
+  {
+    printf("unable to set comport dcb settings\n");
+    CloseHandle(Cport[comport_number]);
+    return(1);
+  }
+
+  if(flowctrl)
+  {
+    port_settings.fOutxCtsFlow = TRUE;
+    port_settings.fRtsControl = RTS_CONTROL_HANDSHAKE;
+  }
+
+  if(!SetCommState(Cport[comport_number], &port_settings))
+  {
+    printf("unable to set comport cfg settings\n");
+    CloseHandle(Cport[comport_number]);
+    return(1);
+  }
+
+  COMMTIMEOUTS Cptimeouts;
+
+  Cptimeouts.ReadIntervalTimeout         = MAXDWORD;
+  Cptimeouts.ReadTotalTimeoutMultiplier  = 0;
+  Cptimeouts.ReadTotalTimeoutConstant    = 0;
+  Cptimeouts.WriteTotalTimeoutMultiplier = 0;
+  Cptimeouts.WriteTotalTimeoutConstant   = 0;
+
+  if(!SetCommTimeouts(Cport[comport_number], &Cptimeouts))
+  {
+    printf("unable to set comport time-out settings\n");
+    CloseHandle(Cport[comport_number]);
+    return(1);
+  }
+
+  return(0);
+}
+
+
+int RS232_PollComport(int comport_number, unsigned char *buf, int size)
+{
+  int n;
+
+/* added the void pointer cast, otherwise gcc will complain about */
+/* "warning: dereferencing type-punned pointer will break strict aliasing rules" */
+
+  if(!ReadFile(Cport[comport_number], buf, size, (LPDWORD)((void *)&n), NULL))
+  {
+    return -1;
+  }
+
+  return(n);
+}
+
+
+int RS232_SendByte(int comport_number, unsigned char byte)
+{
+  int n;
+
+  if(!WriteFile(Cport[comport_number], &byte, 1, (LPDWORD)((void *)&n), NULL))
+  {
+    return(1);
+  }
+
+  if(n<0)  return(1);
+
+  return(0);
+}
+
+
+int RS232_SendBuf(int comport_number, unsigned char *buf, int size)
+{
+  int n;
+
+  if(WriteFile(Cport[comport_number], buf, size, (LPDWORD)((void *)&n), NULL))
+  {
+    return(n);
+  }
+
+  return(-1);
+}
+
+
+void RS232_CloseComport(int comport_number)
+{
+  CloseHandle(Cport[comport_number]);
+}
+
+/*
+http://msdn.microsoft.com/en-us/library/windows/desktop/aa363258%28v=vs.85%29.aspx
+*/
+
+int RS232_IsDCDEnabled(int comport_number)
+{
+  int status;
+
+  GetCommModemStatus(Cport[comport_number], (LPDWORD)((void *)&status));
+
+  if(status&MS_RLSD_ON) return(1);
+  else return(0);
+}
+
+
+int RS232_IsRINGEnabled(int comport_number)
+{
+  int status;
+
+  GetCommModemStatus(Cport[comport_number], (LPDWORD)((void *)&status));
+
+  if(status&MS_RING_ON) return(1);
+  else return(0);
+}
+
+
+int RS232_IsCTSEnabled(int comport_number)
+{
+  int status;
+
+  GetCommModemStatus(Cport[comport_number], (LPDWORD)((void *)&status));
+
+  if(status&MS_CTS_ON) return(1);
+  else return(0);
+}
+
+
+int RS232_IsDSREnabled(int comport_number)
+{
+  int status;
+
+  GetCommModemStatus(Cport[comport_number], (LPDWORD)((void *)&status));
+
+  if(status&MS_DSR_ON) return(1);
+  else return(0);
+}
+
+
+void RS232_enableDTR(int comport_number)
+{
+  EscapeCommFunction(Cport[comport_number], SETDTR);
+}
+
+
+void RS232_disableDTR(int comport_number)
+{
+  EscapeCommFunction(Cport[comport_number], CLRDTR);
+}
+
+
+void RS232_enableRTS(int comport_number)
+{
+  EscapeCommFunction(Cport[comport_number], SETRTS);
+}
+
+
+void RS232_disableRTS(int comport_number)
+{
+  EscapeCommFunction(Cport[comport_number], CLRRTS);
+}
+
+/*
+https://msdn.microsoft.com/en-us/library/windows/desktop/aa363428%28v=vs.85%29.aspx
+*/
+
+void RS232_flushRX(int comport_number)
+{
+  PurgeComm(Cport[comport_number], PURGE_RXCLEAR | PURGE_RXABORT);
+}
+
+
+void RS232_flushTX(int comport_number)
+{
+  PurgeComm(Cport[comport_number], PURGE_TXCLEAR | PURGE_TXABORT);
+}
+
+
+void RS232_flushRXTX(int comport_number)
+{
+  PurgeComm(Cport[comport_number], PURGE_RXCLEAR | PURGE_RXABORT);
+  PurgeComm(Cport[comport_number], PURGE_TXCLEAR | PURGE_TXABORT);
+}
+
+
+#endif
+
+
+void RS232_cputs(int comport_number, const char *text)  /* sends a string to serial port */
+{
+  while(*text != 0)   RS232_SendByte(comport_number, *(text++));
+}
+
+
+/* return index in comports matching to device name or -1 if not found */
+int RS232_GetPortnr(const char *devname)
+{
+  int i;
+
+  char str[32];
+
+#if defined(__linux__) || defined(__FreeBSD__)   /* Linux & FreeBSD */
+  strcpy(str, "/dev/");
+#else  /* windows */
+  strcpy(str, "\\\\.\\");
+#endif
+  strncat(str, devname, 16);
+  str[31] = 0;
+
+  for(i=0; i<RS232_PORTNR; i++)
+  {
+    if(!strcmp(comports[i], str))
+    {
+      return i;
+    }
+  }
+
+  return -1;  /* device not found */
+}
+
+
+
+
+
+
+
+
+
+
+

feeds/bluetooth-cc2652/ble_scan/src/rs232.h

@@ -0,0 +1,85 @@
+/*
+***************************************************************************
+*
+* Author: Teunis van Beelen
+*
+* Copyright (C) 2005 - 2021 Teunis van Beelen
+*
+* Email: teuniz@protonmail.com
+*
+***************************************************************************
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+***************************************************************************
+*/
+
+/* For more info and how to use this library, visit: http://www.teuniz.net/RS-232/ */
+
+
+#ifndef rs232_INCLUDED
+#define rs232_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+
+
+#if defined(__linux__) || defined(__FreeBSD__)
+
+#include <termios.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <limits.h>
+#include <sys/file.h>
+#include <errno.h>
+
+#else
+
+#include <windows.h>
+
+#endif
+
+int RS232_OpenComport(int, int, const char *, int);
+int RS232_PollComport(int, unsigned char *, int);
+int RS232_SendByte(int, unsigned char);
+int RS232_SendBuf(int, unsigned char *, int);
+void RS232_CloseComport(int);
+void RS232_cputs(int, const char *);
+int RS232_IsDCDEnabled(int);
+int RS232_IsRINGEnabled(int);
+int RS232_IsCTSEnabled(int);
+int RS232_IsDSREnabled(int);
+void RS232_enableDTR(int);
+void RS232_disableDTR(int);
+void RS232_enableRTS(int);
+void RS232_disableRTS(int);
+void RS232_flushRX(int);
+void RS232_flushTX(int);
+void RS232_flushRXTX(int);
+int RS232_GetPortnr(const char *);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif
+
+

feeds/bluetooth-cc2652/cc2652/Makefile

@@ -25,21 +25,12 @@ define Build/Prepare
 endef
 
 define Package/cc2652/install
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/tisbl.init $(1)/etc/init.d/tisbl
-
-	$(INSTALL_DIR) $(1)/etc/tifirmware
-	$(INSTALL_BIN) ./files/firmware/* $(1)/etc/tifirmware/
+	$(INSTALL_DIR) $(1)/lib/firmware/cc2562
+	$(INSTALL_BIN) ./files/firmware/* $(1)/lib/firmware/cc2562
 	
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tisbl $(1)/usr/bin/
 	$(INSTALL_BIN) ./files/*.sh $(1)/usr/bin/
-
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_BIN) ./files/tisbl.config $(1)/etc/config/tisbl
-
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./files/tisbl.defaults $(1)/etc/uci-defaults
 endef
 
 $(eval $(call BuildPackage,cc2652))

feeds/bluetooth-cc2652/cc2652/files/ble-scan-rx-parser.sh

@@ -1,124 +0,0 @@
-#!/usr/bin/lua
---[[
-ByteCnt:  1    1         1          2     1      4
-          ---- --------- ---------- ----- ------ -------
-FieldName:Type EventCode DataLength Event Status EventId
---]]
-
---Type
-Command = 0x01
-Event = 0x04
-
---OpCode
-GapScan_enable = 0xFE51
-
---EventCode
-HCI_LE_ExtEvent = 0xff
-
---Status
-SUCCESS = 0x00
-
---Event
-GAP_HCI_ExtentionCommandStatus = 0x067F
-GAP_AdvertiserScannerEvent = 0x0613
-
---EventId 
-GAP_EVT_ADV_REPORT = 0x00400000
-GAP_EVT_SCAN_ENABLED = 0x00010000
-
-local write = io.write
-function print(...)
-    local n = select("#",...)
-    for i = 1,n do
-        local v = tostring(select(i,...))
-        write(v)
-        if i~=n then write'\t' end
-    end
---    write'\n'
-end
-
-function printf(str, ...)
-	return print(str:format(...))
-end
-
-function lshift(x, by)
-  return x * 2 ^ by
-end
-
-function GetUint8(Payload, position)
-	return string.byte(Payload, position)
-end	
-
-function GetUint32(Payload, position)
-	return (lshift(string.byte(Payload, position+3),24) + lshift(string.byte(Payload, position+2),16) + lshift(string.byte(Payload, position+1),8) + string.byte(Payload, position))
-end
-
-function GetUint16(Payload, position)
-	return (lshift(string.byte(Payload, position+1),8) + string.byte(Payload, position))
-end
-
-function hexdump(Payload,separator)
-	for i=1,Payload:len(), 1 do
-		io.write(string.format("%02X", Payload:byte(i)))
-		if (i< Payload:len()) then
-			io.write(separator)
-		end	
-	end
-end
-
-ibeacon_hdr=string.char(0x1A,0xFF,0x4C,0x00,0x02,0x15)
-
-function DumpAdvertiserData(Payload)
---[[
-Len(1byte)+Type(1byte)+Data(Len bytes)
---]]
-	while( Payload:len() > 0 ) do
-		local Len = GetUint8(Payload,1)
-		if (GetUint8(Payload,2) == 0xff) then -- manufacturer data
-			print(" MFR=")
-			hexdump(Payload:sub(1,Len+1),'')
-			if (Payload:sub(1,6) == ibeacon_hdr) then
-				print(" [ibeacon]")
-			end	
-		end
-		Payload = string.sub(Payload,Len+2,-1)
-	end
-end
-
-function DumpAdvertiserScannerEvent(Payload)
-	local Status = GetUint8(Payload,3)
-	local EventId = GetUint32(Payload,4)
-	if((EventId==GAP_EVT_ADV_REPORT) and (Status==SUCCESS))
-	then
-		local MAC = string.sub(Payload,10,15)
-		local TxPower = GetUint8(Payload,19)
-		local RSSI = GetUint8(Payload,20)
-		printf("MAC=%02X%02X%02X%02X%02X%02X RSI=%d PWR=%d",string.byte(MAC,6),string.byte(MAC,5),string.byte(MAC,4),
-			string.byte(MAC,3),string.byte(MAC,2),string.byte(MAC,1),RSSI,TxPower)
-		local DataLength = GetUint16(Payload,30)
-		DumpAdvertiserData(string.sub(Payload,32,-1))
-		print("\n")
-	end
-end	
-
-function hci_event_paser()
-	while true do
-		local Header = io.read(3)
-		if not Header then break end
-		local EventType = GetUint8(Header,1)
-		local EventCode = GetUint8(Header,2)
-		local DataLength = GetUint8(Header,3)
-		
-		local Data = io.read(DataLength)
-		local Event = GetUint16(Data,1)
---		print(EventType,EventCode,DataLength,Event)
-		if not Data then break end
-        if(Event==GAP_AdvertiserScannerEvent)
-		then
-			DumpAdvertiserScannerEvent(Data)
---			hexdump(ibeacon_hdr)
-		end
-	end
-end
-
-hci_event_paser()

feeds/bluetooth-cc2652/cc2652/files/blescan.sh

@@ -1,8 +0,0 @@
-#!/bin/sh
-com-wr.sh /dev/ttyMSM1 3 "\x01\x1D\xFC\x01\x00" > /dev/null # this command dealy time must >= 3, if small then 3, the following commands  will be something wrong
-com-wr.sh /dev/ttyMSM1 1 "\x01\x00\xFE\x08\x08\x00\x00\x00\x00\x00\x00\x00" > /dev/null
-com-wr.sh /dev/ttyMSM1 1 "\x01\x61\xFE\x02\x01\x02" > /dev/null
-com-wr.sh /dev/ttyMSM1 1 "\x01\x61\xFE\x02\x01\x03" > /dev/null 
-com-wr.sh /dev/ttyMSM1 1 "\x01\x61\xFE\x02\x01\x04" > /dev/null
-com-wr.sh /dev/ttyMSM1 1 "\x01\x61\xFE\x02\x01\x05" > /dev/null 
-com-wr.sh /dev/ttyMSM1 3 "\x01\x51\xFE\x06\x00\x00\xF4\x01\x28\x00" | tee /tmp/blescan.data | ble-scan-rx-parser.sh 

feeds/bluetooth-cc2652/cc2652/files/cc2562-flash-broadcaster.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+if [ -f /sys/class/gpio/ble_enable/value ]; then
+	echo 1 > /sys/class/gpio/ble_enable/value
+fi
+echo 0 > /sys/class/gpio/ble_backdoor/value
+echo 1 > /sys/class/gpio/ble_reset/value
+echo 0 > /sys/class/gpio/ble_reset/value
+sleep 1
+echo 1 > /sys/class/gpio/ble_reset/value
+sleep 1
+echo 1 > /sys/class/gpio/ble_backdoor/value
+tisbl /dev/ttyMSM1 115200 2652 /lib/firmware/cc2562/simple_broadcaster_bd9.bin 

feeds/bluetooth-cc2652/cc2652/files/cc2562-flash-scanner.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+if [ -f /sys/class/gpio/ble_enable/value ]; then
+	echo 1 > /sys/class/gpio/ble_enable/value
+fi
+echo 0 > /sys/class/gpio/ble_backdoor/value
+echo 1 > /sys/class/gpio/ble_reset/value
+echo 0 > /sys/class/gpio/ble_reset/value
+sleep 1
+echo 1 > /sys/class/gpio/ble_reset/value
+sleep 1
+echo 1 > /sys/class/gpio/ble_backdoor/value
+tisbl /dev/ttyMSM1 115200 2652 /lib/firmware/cc2562/ble5_host_test_bd9.bin 

feeds/bluetooth-cc2652/cc2652/files/cc2562-reset.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if [ -f /sys/class/gpio/ble_enable/value ]; then
+	echo 1 > /sys/class/gpio/ble_enable/value
+fi
+echo 1 > /sys/class/gpio/ble_backdoor/value
+echo 1 > /sys/class/gpio/ble_reset/value
+sleep 1
+echo 1 > /sys/class/gpio/ble_reset/value
+sleep 1

feeds/bluetooth-cc2652/cc2652/files/hexdump.sh

@@ -1,11 +0,0 @@
-#!/usr/bin/lua
-local block = 16
-while true do
-  local bytes = io.read(block)
-  if not bytes then break end
-  for b in string.gfind(bytes, ".") do
-        io.write(string.format("%02X ", string.byte(b)))
-  end
-  io.write(string.rep("   ", block - string.len(bytes) + 1))
-  io.write(string.gsub(bytes, "%c", "."), "\n")
-end

feeds/bluetooth-cc2652/cc2652/files/ibeacon-broadcaster.sh

@@ -1,20 +1,28 @@
 #!/bin/sh
-#         script---------------- UUID---------------------------------------------------------------------- MAJOR----- MINOR----- POWER-
-#example: ibeacon-broadcaster.sh "\xE2\x0A\x39\xF4\x73\xF5\x4B\xC4\xA1\x2F\x17\xD1\xAD\x07\xA9\x61" "\x01\x23" "\x45\x67" "\xC8" 
-if [ "$#" -eq 4 ]; then
-	UUID=$1
-	MAJOR=$2
-	MINOR=$3
-	POWER=$4
-else
-	UUID="\xE2\x0A\x39\xF4\x73\xF5\x4B\xC4\xA1\x2F\x17\xD1\xAD\x07\xA9\x61"
-	MAJOR="\x01\x23"
-	MINOR="\x45\x67"
-	POWER="\xC8"
-fi	
+function iBeconScan() {
+	if [ "$#" -eq 4 ]; then
+		UUID=$1
+		MAJOR=$2
+		MINOR=$3
+		POWER=$4
+	else
+		UUID="\xE2\x0A\x39\xF4\x73\xF5\x4B\xC4\xA1\x2F\x17\xD1\xAD\x07\xA9\x61"
+		MAJOR="\x01\x23"
+		MINOR="\x45\x67"
+		POWER="\xC8"
+	fi	
 
-com-wr.sh /dev/ttyMSM1 3 "\x01\x1D\xFC\x01\x00" > /dev/null # this command dealy time must >= 3, if small then 3, the following commands  will be something wrong
-com-wr.sh /dev/ttyMSM1 1 "\x01\x00\xFE\x08\x01\x00\x00\x00\x00\x00\x00\x00" > /dev/null 
-com-wr.sh /dev/ttyMSM1 1 "\x01\x3E\xFE\x15\x12\x00\xA0\x00\x00\xA0\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x7F\x01\x01\x00" > /dev/null
-com-wr.sh /dev/ttyMSM1 1 "\x09\x44\xFE\x23\x00\x00\x00\x1E\x00\x02\x01\x1A\x1A\xFF\x4C\x00\x02\x15${UUID}${MAJOR}${MINOR}${POWER}\x00" > /dev/null
-com-wr.sh /dev/ttyMSM1 1 "\x01\x3F\xFE\x04\x00\x00\x00\x00" | hexdump.sh 
+	cc2562-wr.sh /dev/ttyMSM1 3 "\x01\x1D\xFC\x01\x00" > /dev/null # this command dealy time must >= 3, if small then 3, the following commands  will be something wrong
+	cc2562-wr.sh /dev/ttyMSM1 1 "\x01\x00\xFE\x08\x01\x00\x00\x00\x00\x00\x00\x00" > /dev/null 
+	cc2562-wr.sh /dev/ttyMSM1 1 "\x01\x3E\xFE\x15\x12\x00\xA0\x00\x00\xA0\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x7F\x01\x01\x00" > /dev/null
+	cc2562-wr.sh /dev/ttyMSM1 1 "\x09\x44\xFE\x23\x00\x00\x00\x1E\x00\x02\x01\x1A\x1A\xFF\x4C\x00\x02\x15${UUID}${MAJOR}${MINOR}${POWER}\x00" > /dev/null
+	cc2562-wr.sh /dev/ttyMSM1 1 "\x01\x3F\xFE\x04\x00\x00\x00\x00"
+}
+
+cc2562-reset.sh
+
+while true
+do
+        iBeconScan
+        sleep 1
+done

feeds/bluetooth-cc2652/cc2652/files/ti-hosttest2net.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-killall -9 ser2net
-tisbl.sh /dev/ttyMSM1 115200 2652 /etc/tifirmware/ble5_host_test_bd9.bin 79 34
-echo "7000:telnet:0:/dev/ttyMSM1:115200 8DATABITS NONE 1STOPBIT remctl" > /tmp/ser2net.conf
-ser2net -c /tmp/ser2net.conf

feeds/bluetooth-cc2652/cc2652/files/tisbl.config

@@ -1,7 +0,0 @@
-config tisbl 'tisbl'
-	option firmware '/etc/tifirmware/ble5_host_test_bd9.bin'
-	option tty '/dev/ttyMSM1'
-	option tichip '2652'
-	option baudrate '115200'
-	option resetpin '79'
-	option backdoorpin '34'

feeds/bluetooth-cc2652/cc2652/files/tisbl.defaults

@@ -1,13 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /lib/functions/system.sh
-
-board=$(board_name)
-
-case $board in
-edgecore,eap104)
-        uci set tisbl.tisbl.backdoorpin=31
-        uci set tisbl.tisbl.resetpin=35
-        ;;
-esac

feeds/bluetooth-cc2652/cc2652/files/tisbl.init

@@ -1,21 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2007 OpenWrt.org
-
-#start after dbus (60)
-START=62
-USE_PROCD=1
-
-start_service() {
-	firmware="$(uci -q get tisbl.tisbl.firmware)"
-	tty="$(uci -q get tisbl.tisbl.tty)"
-	tichip="$(uci -q get tisbl.tisbl.tichip)"
-	baudrate="$(uci -q get tisbl.tisbl.baudrate)"
-	resetpin="$(uci -q get tisbl.tisbl.resetpin)"
-	backdoorpin="$(uci -q get tisbl.tisbl.backdoorpin)"
-	tisbl.sh $tty $baudrate $tichip $firmware $resetpin $backdoorpin
-}
-
-service_triggers()
-{
-    procd_add_reload_trigger "tisbl" 
-}

feeds/bluetooth-cc2652/cc2652/files/tisbl.sh

@@ -1,43 +0,0 @@
-#!/bin/sh
-# tisbl.sh $tty $baudrate $tichip $firmware $resetpin $backdoorpin
-# tisbl.sh /dev/ttyMSM1 115200 2652 /etc/tifirmware/blinky_bd13.bin 79 67
-
-#assumption: resetpin and backdoorpin are low active
-tty=$1 
-baudrate=$2
-tichip=$3
-firmware=$4
-resetpin=$5
-backdoorpin=$6
-
-ti_reset() #assumption:resetpin is low active 
-{
-    if [ ! -e /sys/class/gpio/gpio${resetpin} ]; then
-        echo ${resetpin} > /sys/class/gpio/export
-    fi
-    echo out > /sys/class/gpio/gpio${resetpin}/direction
-
-    echo 1 > /sys/class/gpio/gpio${resetpin}/value
-    echo 0 > /sys/class/gpio/gpio${resetpin}/value
-    sleep 1
-    echo 1 > /sys/class/gpio/gpio${resetpin}/value
-}
-
-ti_goto_bootloader() #assumption:backdoorpin is low active 
-{
-    if [ ! -e /sys/class/gpio/gpio${backdoorpin} ]; then
-        echo ${backdoorpin} > /sys/class/gpio/export
-    fi
-    echo out > /sys/class/gpio/gpio${backdoorpin}/direction
-
-    echo 0 > /sys/class/gpio/gpio${backdoorpin}/value
-    ti_reset
-    sleep 1
-    echo 1 > /sys/class/gpio/gpio${backdoorpin}/value
-}
-
-if [ -e $firmware ]; then 
-	ti_goto_bootloader
-	tisbl $tty $baudrate $tichip $firmware #try to upgrade firmware
-fi	
-

feeds/bluetooth/nrf52840/files/etc/init.d/nrf52840

@@ -5,7 +5,9 @@ START=80
 boot() {
 	. /lib/functions/system.sh
 	case $(board_name) in
-	edgecore,eap102)
+	edgecore,eap102|\
+	edgecore,oap102|\
+	edgecore,oap103)
 		echo 54 > /sys/class/gpio/export
 		echo out > /sys/class/gpio/gpio54/direction
 		echo 0 > /sys/class/gpio/gpio54/value

feeds/edgecore/eltt2/Makefile

@@ -0,0 +1,29 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=eltt2
+PKG_VERSION:=1.0
+PKG_BUILD_DIR:= $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/eltt2
+	SECTION:=base
+	CATEGORY:=Utilities
+	TITLE:=eltt2
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./src/* $(PKG_BUILD_DIR)/
+endef
+
+define Package/eltt2/install
+	$(INSTALL_DIR) $(1)/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/eltt2 $(1)/bin/
+endef
+
+define Package/eltt2/extra_provides
+    echo "libc.so.6";
+endef
+
+$(eval $(call BuildPackage,eltt2))

feeds/edgecore/eltt2/src/License.txt

@@ -0,0 +1,27 @@
+Copyright (c) 2014, Infineon Technologies AG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

feeds/edgecore/eltt2/src/Makefile

@@ -0,0 +1,15 @@
+# Makefile for Embedded Linux TPM Toolbox 2 (ELTT2)
+# Copyright (c) Infineon Technologies AG
+
+#CROSS-COMPILE:=../../../../../qsdk/staging_dir/toolchain-arm/bin/arm-openwrt-linux-
+#CC:=$(CROSS-COMPILE)gcc
+CC = gcc
+CFLAGS=-Wall -Wextra -std=c99 -g
+
+all: eltt2
+
+eltt2: eltt2.c eltt2.h
+	$(CC) $(CFLAGS) eltt2.c -o eltt2
+
+clean:
+	rm -rf eltt2

feeds/edgecore/eltt2/src/README.md

@@ -0,0 +1,230 @@
+# ELTT2 - Infineon Embedded Linux TPM Toolbox 2 for TPM 2.0
+ 
+
+All information in this document is Copyright (c) 2014-2022, Infineon Technologies AG <br>
+All rights reserved.
+
+
+# 1. Welcome
+
+Welcome to Embedded Linux TPM Toolbox 2 (ELTT2). ELTT2 is a single-file executable program intended for testing, performing diagnosis and basic state changes of the Infineon Technologies TPM 2.0.
+
+
+## 1.1 Prerequisites
+
+To build and run ELTT2 you need GCC and a Linux system capable of hosting a TPM.
+
+ELTT2 may run on many other little-endian hardware and software configurations capable of running Linux and hosting a TPM, but this has not been tested.
+
+ELTT2 does not support machines with a big-endian CPU.
+
+## 1.2 Getting Started
+
+A TPM 2.0 evaluation board can be ordered in the [Hitex Webshop](https://www.ehitex.de/evaluation-boards/infineon/2564/iridium-9670-tpm2.0-spi).
+
+
+<p align="center">
+  <img src="https://cloud.githubusercontent.com/assets/19730245/25651091/77a84744-2fe1-11e7-91bd-a2e39678202d.JPG" width="350"/>
+</p>
+
+In order to execute ELTT2, you need to compile it first:
+1. Switch to the directory with the ELTT2 source code
+2. Compile the source code by typing the following command:
+    make
+
+Due to hardware (and thus TPM) access restrictions for normal users, ELTT2 requires root (aka superuser or administrator) privileges. They can be obtained e.g. by using the 'sudo' command on Debian Linux derivates.
+
+The Infineon [TPM 2.0 Application Note](https://www.infineon.com/dgdl/Infineon-App-Note-SLx9670-TPM2.0_Embedded_RPi_DI_SLx-AN-v01_20-EN.pdf?fileId=5546d46267c74c9a01684b96e69f5d7b) shows how the TPM device driver can be set up (e.g. for Linux Kernel 4.14).
+
+
+
+# 2. Usage of ELTT2
+
+## 2.1 Generic Usage
+
+ELTT2 is operated as follows:
+
+Call: `./eltt2 <option(s)>`
+
+For example: `./eltt2 -g` or `./eltt2 -gc`
+
+For getting an overview of the possible commands, run `./eltt2 -h`
+
+Some options require the TPM to be in a specific state. This state is shown in brackets ("[]") behind each command line option in the list below:
+
+\[-\]: none <br>
+\[\*\]: the TPM platform hierarchy authorization value is not set (i.e., empty buffer) <br>
+\[l\]: the required PCR bank is allocated <br>
+\[u\]: started <br>
+
+To get the TPM into the required state, call ELTT2 with the corresponding commands ("x" for a state means that whether this state is required or not depends on the actual command or the command parameters sent eventually to the TPM).
+
+ Command line option                                 | Explanation                                       | Precondition
+ ---                                                 | ---                                               | ---
+ `-a [hash algorithm] <data bytes>`                  | Hash Sequence SHA-1/256/384 \[default: SHA-1\]    | \[u\]
+ `-A <data bytes>`                                   | Hash Sequence SHA-256                             | \[u\]
+ `-b <command bytes>`                                | Enter your own TPM command                        | \[u\]
+ `-c`                                                | Read Clock                                        | \[u\]
+ `-d <shutdown type>`                                | Shutdown                                          | \[u\]
+ `-e [hash algorithm] <PCR index> <PCR digest>`      | PCR Extend SHA-1/256/384 \[default: SHA-1\]       | \[u\], \[l\]
+ `-E <PCR index> <PCR digest>`                       | PCR Extend SHA-256                                | \[u\], \[l\]
+ `-g`                                                | Get fixed capability values                       | \[u\]
+ `-v`                                                | Get variable capability values                    | \[u\]
+ `-G <data length>`                                  | Get Random                                        | \[u\]
+ `-h`                                                | Help                                              | \[-\]
+ `-l <hash algorithm>`                               | PCR Allocate SHA-1/256/384                        | \[u\], \[\*\]
+ `-r [hash algorithm] <PCR index>`                   | PCR Read SHA-1/256/384 \[default: SHA-1\]         | \[u\], \[l\]
+ `-R <PCR index>`                                    | PCR Read SHA-256                                  | \[u\], \[l\]
+ `-s [hash algorithm] <data bytes>`                  | Hash SHA-1/256/384 \[default: SHA-1\]             | \[u\]
+ `-S <data bytes>`                                   | Hash SHA-256                                      | \[u\]
+ `-t <test type>`                                    | Self Test                                         | \[u\]
+ `-T`                                                | Get Test Result                                   | \[u\]
+ `-u <startup type>`                                 | Startup                                           | \[-\]
+ `-z <PCR index>`                                    | PCR Reset                                         | \[u\]
+
+
+ Additional information:
+
+`-a`: <br>
+With the "-a" command you can hash given data with the SHA-1/256/384 hash algorithm. This hash sequence sends 3 commands \[start, update, complete\] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
+`./eltt2 -a 41624364` Hash given data with SHA-1 hash algorithm. <br>
+or <br>
+`./eltt2 -a sha1 41624364` Hash given data with SHA-1 hash algorithm. <br>
+`./eltt2 -a sha256 41624364` Hash given data with SHA-256 hash algorithm. <br>
+`./eltt2 -a sha384 41624364` Hash given data with SHA-384 hash algorithm. <br>
+
+`-A`: <br>
+With the "-A" command you can hash given data with the SHA-256 hash algorithm. This hash sequence sends 3 commands \[start, update, complete\] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
+`./eltt2 -A 41624364`
+
+`-b`: <br>
+With the "-b" command you can enter your own TPM command bytes and read the TPM response. For example, use the following command to send a TPM2_Startup with startup type CLEAR to the TPM: <br>
+ `./eltt2 -b 80010000000C000001440000`
+
+`-c`: <br>
+With the "-c" command you can read the clock values of the TPM. 
+
+`-d`: <br>
+With the "-d" command you can issue a TPM shutdown. It has 2 options: <br>
+`./eltt2 -d` <br>
+or <br>
+`./eltt2 -d clear`    send a TPM2_Shutdown command with shutdown type CLEAR to the TPM. <br>
+`./eltt2 -d state`    send a TPM2_Shutdown command with shutdown type STATE to the TPM. <br>
+
+ `-e`: <br>
+ With the "-e" command you can extend bytes in the selected PCR with SHA-1/256/384. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 20/32/48 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-1/256/384 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}: <br>
+`./eltt2 -e 17 41624364` Extend bytes in PCR 23 with SHA-1. <br>
+or <br>
+`./eltt2 -e sha1 17 41624364` Extend bytes in PCR 23 with SHA-1. <br>
+`./eltt2 -e sha256 17 41624364` Extend bytes in PCR 23 with SHA-256. <br>
+`./eltt2 -e sha384 17 41624364` Extend bytes in PCR 23 with SHA-384. <br>
+
+`-E`: <br>
+With the "-E" command you can extend bytes in the selected PCR with SHA-256. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 32 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-256 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}: <br>
+ `./eltt2 -E 17 41624364`
+
+`-g`: <br>
+With the "-g" command you can read the TPM's fixed properties.
+
+`-v`: <br>
+With the "-v" command you can read the TPM's variable properties.
+
+`-G`: <br>
+With the "-G" command you can get a given amount of random bytes. Note that you can only request a maximum amount of 32 random bytes at once. For example, use the following command to get 20 (0x14) random bytes: <br>
+ `./eltt2 -G 14`
+
+`-l`: <br>
+With the "-l" command you can allocate the SHA-1/256/384 PCR bank. Take note of two things. Firstly, the command requires a platform authorization value and it is set to an empty buffer; hence the command cannot be used if the TPM platform authorization value is set (e.g., by UEFI). Secondly, when the command is executed successfully a TPM reset has to follow for it to take effect. For example, use the following command to allocate a PCR bank: <br>
+`./eltt2 -l sha1` Allocate SHA-1 PCR bank. <br>
+`./eltt2 -l sha256` Allocate SHA-256 PCR bank. <br>
+`./eltt2 -l sha384` Allocate SHA-384 PCR bank. <br>
+
+`-r`: <br>
+With the "-r" command you can read data from a selected SHA-1/256/384 PCR. For example, use the following command to read data from PCR 23 (0x17): <br>
+`./eltt2 -r 17` Read data from SHA-1 PCR 23. <br>
+or <br>
+`./eltt2 -r sha1 17` Read data from SHA-1 PCR 23. <br>
+`./eltt2 -r sha256 17` Read data from SHA-256 PCR 23. <br>
+`./eltt2 -r sha384 17` Read data from SHA-384 PCR 23. <br>
+
+`-R`: <br>
+With the "-R" command you can read data from a selected SHA-256 PCR. For example, use the following command to read data from PCR 23 (0x17): <br>
+ `./eltt2 -R 17`
+
+`-s`: <br>
+With the "-s" command you can hash given data with the SHA-1/256/384 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM's maximum input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
+`./eltt2 -s 41624364` Hash given data with SHA-1 hash algorithm. <br>
+or <br>
+`./eltt2 -s sha1 41624364` Hash given data with SHA-1 hash algorithm. <br>
+`./eltt2 -s sha256 41624364` Hash given data with SHA-256 hash algorithm. <br>
+`./eltt2 -s sha384 41624364` Hash given data with SHA-384 hash algorithm. <br>
+
+`-S`: <br>
+With the "-S" command you can hash given data with the SHA-256 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: <br>
+ `./eltt2 -S 41624364`
+
+`-t`: <br>
+With the "-t" command you can issue a TPM selftest. It has 3 options: <br>
+`./eltt2 -t` <br>
+or<br>
+`./eltt2 -t not_full` Perform a partial TPM2_Selftest to test previously untested TPM capabilities. <br>
+`./eltt2 -t full` Perform a full TPM2_Selftest to test all TPM capabilities. <br>
+`./eltt2 -t incremental`  Perform a test of selected algorithms. 
+
+`-T`: <br>
+With the "-T" command you can read the results of a previously run selftest.
+
+`-u`: <br>
+With the "-u" command you can issue a TPM startup command. It has 2 options: <br>
+`./eltt2 -u` <br>
+or <br>
+`./eltt2 -u clear` send a TPM2_Startup with startup type CLEAR to the TPM. <br>
+`./eltt2 -u state` send a TPM2_Startup with startup type STATE to the TPM.
+
+`-z`: <br>
+With the "-z" command you can reset a selected PCR. Note that you can only reset PCRs 16 and 23. For example, use the following command to reset PCR 23 (0x17): <br>
+ `./eltt2 -z 17`
+
+## 2.2 Examples:
+
+In order to work with the TPM, perform the following steps:
+- Send the TPM2_Startup command: `./eltt2 -u`
+
+
+# 3. If you have questions
+
+If you have any questions or problems, please read the section "FAQ and
+Troubleshooting" in this document.
+In case you still have questions, contact your local Infineon
+Representative.
+Further information is available at <https://www.infineon.com/tpm>.
+
+
+# 4. FAQ and Troubleshooting
+
+If you encounter any error, please make sure that
+- the TPM is properly connected.
+- the TPM driver is loaded, i.e. check that "/dev/tpm0" exists. In case of driver loading problems (e.g. shown by "Error opening device"), reboot your system and try to load the driver again.
+- ELTT2 has been started with root permissions. Please note that ELTT2 needs root permissions for all commands.
+- the TPM is started. (See section 2.2 in this document on how to do this.)
+
+
+The following list shows the most common errors and their solution:
+
+The ELTT2 response is "Error opening the device.":
+- You need to load a TPM driver before you can work with ELTT2.
+- You need to start ELTT2 with root permissions.
+
+The ELTT2 responds with error code 0x100.
+- You need to send the TPM2_Startup command, or you did send it twice. In
+  case you have not sent it yet, do so with `./eltt2 -u`.
+
+The TPM does not change any of the permanent flags shown by sending the "-g"
+command , e.g. after a force clear.
+- The TPM requires a reset in order to change any of the permanent flags.
+  Press the reset button or disconnect the TPM to do so.
+
+The value of a PCR does not change after sending PCR extend or reset.
+- With the application permissions you cannot modify every PCR. For more
+  details, please refer to the description for the different PCR commands
+  in this file.

feeds/edgecore/eltt2/src/README.txt

@@ -0,0 +1,362 @@
+--------------------------------------------------------------------------------
+        Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0 v1.1
+                            Infineon Technologies AG
+
+All information in this document is Copyright (c) 2014, Infineon Technologies AG
+All rights reserved.
+--------------------------------------------------------------------------------
+
+Contents:
+
+1.   Welcome
+1.1  Prerequisites
+1.2  Contents of the package
+1.3  Getting Started
+
+2.   Usage of Embedded Linux TPM Toolbox 2 (ELTT2)
+2.1  Generic Usage
+2.2  Examples
+
+3.   If you have questions
+
+4.   Release Info
+
+5.   FAQ
+
+================================================================================
+
+
+
+1. Welcome
+
+    Welcome to Embedded Linux TPM Toolbox 2 (ELTT2).
+    ELTT2 is a single-file executable program intended for testing, performing
+    diagnosis and basic state changes of the Infineon Technologies TPM 2.0.
+
+
+1.1 Prerequisites
+
+    To build and run ELTT2 you need GCC and a Linux system capable of hosting a
+    TPM 2.0.
+
+    Tested PC Platforms (x86):
+      - Ubuntu (R) Linux 12.04 LTS - 64 bit (modified Kernel 3.15.4)
+        with Infineon TPM 2.0 SLB9665 Firmware 5.22
+
+    Tested Embedded Platforms (ARM):
+      - Android 6.0 "Marshmallow" - 64 bit (modified Kernel 3.18.0+) on HiKey
+        with Prototype Infineon I2C TPM 2.0 for Embedded Platforms
+
+    ELTT2 may run on many other little-endian hardware and software
+    configurations capable of running Linux and hosting a TPM 2.0, but this has
+    not been tested.
+
+    ELTT2 does not support machines with a big-endian CPU.
+
+
+1.2 Contents of Package
+
+    ELTT2 consists of the following files:
+    - eltt2.c
+      Contains all method implementations of ELTT2.
+    - eltt2.h
+      Contains all constant definitions, method and command byte declarations
+      for the operation of ELTT2.
+    - License.txt
+      Contains the license agreement for ELTT2.
+    - Makefile
+      Contains the command to compile ELTT2.
+    - README.txt
+      This file.
+
+
+1.3 Getting Started
+
+    In order to execute ELTT2, you need to compile it first:
+      1. Switch to the directory with the ELTT2 source code
+      2. Compile the source code by typing the following command:
+         make
+
+    Due to hardware (and thus TPM) access restrictions for normal users, ELTT2
+    requires root (aka superuser or administrator) privileges. They can be
+    obtained e.g. by using the 'sudo' command on Debian Linux derivates.
+
+
+2. Usage of ELTT2
+
+
+2.1 Generic Usage
+
+    ELTT2 is operated as follows:
+
+    Call: ./eltt2 <option(s)>
+
+    For example: ./eltt2 -g or ./eltt2 -gc
+
+    For getting an overview of the possible commands, run ./eltt2 -h
+
+    Some options require the TPM to be in a specific state. This state is shown
+    in brackets ("[]") behind each command line option in the list below:
+
+    [-]: none 
+    [*]: the TPM platform hierarchy authorization value is not set (i.e., empty buffer)
+    [l]: the required PCR bank is allocated
+    [u]: started
+
+    To get the TPM into the required state, call ELTT2 with the corresponding
+    commands ("x" for a state means that whether this state is required or not
+    depends on the actual command or the command parameters sent eventually to
+    the TPM).
+
+
+    Command line options:                                                                          Preconditions:
+
+    -a [hash algorithm] <data bytes>: Hash Sequence SHA-1/256/384 [default: SHA-1]                 [u]
+
+    -A <data bytes>: Hash Sequence SHA-256                                                         [u]
+
+    -b <command bytes>: Enter your own TPM command                                                 [u]
+
+    -c: Read Clock                                                                                 [u]
+
+    -d <shutdown type>: Shutdown                                                                   [u]
+
+    -e [hash algorithm] <PCR index> <PCR digest>: PCR Extend SHA-1/256/384 [default: SHA-1]        [u], [l]
+
+    -E <PCR index> <PCR digest>: PCR Extend SHA-256                                                [u], [l]
+
+    -g: Get fixed capability values                                                                [u]
+
+    -v: Get variable capability values                                                             [u]
+
+    -G <data length>: Get Random                                                                   [u]
+
+    -h: Help                                                                                       [-]
+
+    -l <hash algorithm>: PCR Allocate SHA-1/256/384                                                [u], [*]
+
+    -r [hash algorithm] <PCR index>: PCR Read SHA-1/256/384 [default: SHA-1]                       [u], [l]
+
+    -R <PCR index>: PCR Read SHA-256                                                               [u], [l]
+
+    -s [hash algorithm] <data bytes>: Hash SHA-1/SHA256 [default: SHA-1]                           [u]
+
+    -S <data bytes>: Hash SHA-256                                                                  [u]
+
+    -t <test type>: Self Test                                                                      [u]
+
+    -T: Get Test Result                                                                            [u]
+
+    -u <startup type>: Startup                                                                     [-]
+
+    -z <PCR index>: PCR Reset                                                                      [u]
+
+
+    Additional information:
+
+    -a:
+    With the "-a" command you can hash given data with the SHA-1/256/384 hash
+    algorithm. This hash sequence sends 3 commands [start, update, complete]
+    to the TPM and allows to hash an arbitrary amount of data.
+    For example, use the following command to hash the byte sequence {0x41,
+    0x62, 0x43, 0x64}:
+    ./eltt2 -a 41624364           Hash given data with SHA-1 hash algorithm.
+    or
+    ./eltt2 -a sha1 41624364      Hash given data with SHA-1 hash algorithm.
+    ./eltt2 -a sha256 41624364    Hash given data with SHA-256 hash algorithm.
+
+    -A:
+    With the "-A" command you can hash given data with the SHA-256 hash
+    algorithm. This hash sequence sends 3 commands [start, update, complete] to
+    the TPM and allows to hash an arbitrary amount of data.
+    For example, use the following command to hash the byte sequence {0x41,
+    0x62, 0x43, 0x64}:
+    ./eltt2 -A 41624364
+
+    -b:
+    With the "-b" command you can enter your own TPM command bytes and read the
+    TPM response.
+    For example, use the following command to send a TPM2_Startup with startup
+    type CLEAR to the TPM:
+    ./eltt2 -b 80010000000C000001440000
+
+    -c:
+    With the "-c" command you can read the clock values of the TPM.
+
+    -d:
+    With the "-d" command you can issue a TPM shutdown. It has 2 options:
+    ./eltt2 -d
+    or
+    ./eltt2 -d clear    send a TPM2_Shutdown command with shutdown type CLEAR to
+                        the TPM.
+    ./eltt2 -d state    send a TPM2_Shutdown command with shutdown type STATE to
+                        the TPM.
+
+    -e:
+    With the "-e" command you can extend bytes in the selected PCR with SHA-1/256/384.
+    To do so, you have to enter the index of PCR in hexadecimal that you like to
+    extend and the digest you want to extend the selected PCR with. Note that
+    you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
+    must have a length of 20/32/48 bytes (will be padded with 0 if necessary).
+    The TPM then builds an SHA-1/256/384 hash over the PCR data in the selected PCR
+    and the digest you provided and writes the result back to the selected PCR.
+    For example, use the following command to extend PCR 23 (0x17) with the byte
+    sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
+    ./eltt2 -e 17 41624364           Extend bytes in PCR 23 with SHA-1.
+    or
+    ./eltt2 -e sha1 17 41624364      Extend bytes in PCR 23 with SHA-1.
+    ./eltt2 -e sha256 17 41624364    Extend bytes in PCR 23 with SHA-256.
+
+    -E:
+    With the "-E" command you can extend bytes in the selected PCR with SHA-256.
+    To do so, you have to enter the index of PCR in hexadecimal that you like to
+    extend and the digest you want to extend the selected PCR with. Note that
+    you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
+    must have a length of 32 bytes (will be padded with 0 if necessary).
+    The TPM then builds an SHA-256 hash over the PCR data in the selected PCR
+    and the digest you provided and writes the result back to the selected PCR.
+    For example, use the following command to extend PCR 23 (0x17) with the byte
+    sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
+    ./eltt2 -E 17 41624364
+
+    -g:
+    With the "-g" command you can read the TPM's fixed properties.
+
+    -v:
+    With the "-v" command you can read the TPM's variable properties.
+
+    -G:
+    With the "-G" command you can get a given amount of random bytes. Note that
+    you can only request a maximum amount of 32 random bytes at once.
+    For example, use the following command to get 20 (0x14) random bytes:
+    ./eltt2 -G 14
+
+    -l:
+    With the "-l" command you can allocate the SHA-1/256/384 PCR bank.
+    Take note of two things. Firstly, the command requires a platform
+    authorization value and it is set to an empty buffer; hence the command
+    cannot be used if the TPM platform authorization value is set (e.g., by UEFI).
+    Secondly, when the command is executed successfully a TPM reset has to
+    follow for it to take effect. For example, use the following command to
+    allocate a PCR bank:
+    ./eltt2 -l sha1      Allocate SHA-1 PCR bank.
+    ./eltt2 -l sha256    Allocate SHA-256 PCR bank.
+    ./eltt2 -l sha384    Allocate SHA-384 PCR bank.
+
+    -r:
+    With the "-r" command you can read data from a selected SHA-1/256/384 PCR.
+    For example, use the following command to read data from PCR 23 (0x17):
+    ./eltt2 -r 17           Read data from SHA-1 PCR 23.
+    or
+    ./eltt2 -r sha1 17      Read data from SHA-1 PCR 23.
+    ./eltt2 -r sha256 17    Read data from SHA-256 PCR 23.
+
+    -R:
+    With the "-R" command you can read data from a selected SHA-256 PCR.
+    For example, use the following command to read data from PCR 23 (0x17):
+    ./eltt2 -R 17
+
+    -s:
+    With the "-s" command you can hash given data with the SHA-1/256/384 hash
+    algorithm. This command only allows a limited amount of data to be hashed
+    (depending on the TPM's maximum input buffer size).
+    For example, use the following command to hash the byte sequence {0x41,
+    0x62, 0x43, 0x64}:
+    ./eltt2 -s 41624364         Hash given data with SHA-1 hash algorithm.
+    or
+    ./eltt2 -s sha1 41624364    Hash given data with SHA-1 hash algorithm.
+    ./eltt2 -s sha256 41624364  Hash given data with SHA-256 hash algorithm.
+
+    -S:
+    With the "-S" command you can hash given data with the SHA-256 hash
+    algorithm. This command only allows a limited amount of data to be hashed
+    (depending on the TPM input buffer size).
+    For example, use the following command to hash the byte sequence {0x41,
+    0x62, 0x43, 0x64}:
+    ./eltt2 -S 41624364
+
+    -t:
+    With the "-t" command you can issue a TPM selftest. It has 3 options:
+    ./eltt2 -t
+    or
+    ./eltt2 -t not_full     Perform a partial TPM2_Selftest to test previously
+                            untested TPM capabilities.
+    ./eltt2 -t full         Perform a full TPM2_Selftest to test all TPM
+                            capabilities.
+    ./eltt2 -t incremental  Perform a test of selected algorithms.
+
+    -T:
+    With the "-T" command you can read the results of a previously run selftest.
+
+    -u:
+    With the "-u" command you can issue a TPM startup command. It has 2 options:
+    ./eltt2 -u
+    or
+    ./eltt2 -u clear    send a TPM2_Startup with startup type CLEAR to the TPM.
+    ./eltt2 -u state    send a TPM2_Startup with startup type STATE to the TPM.
+
+    -z:
+    With the "-z" command you can reset a selected PCR. Note that you can only
+    reset PCRs 16 and 23 and that the PCR is going to be reset in both banks
+	(SHA-1 and SHA-256).
+    For example, use the following command to reset PCR 23 (0x17):
+    ./eltt2 -z 17
+
+
+2.2 Examples:
+
+    In order to work with the TPM, perform the following steps:
+    - Send the TPM2_Startup command: ./eltt2 -u
+
+
+
+3. If you have questions
+
+    If you have any questions or problems, please read the section "FAQ and
+    Troubleshooting" in this document.
+    In case you still have questions, contact your local Infineon
+    Representative.
+    Further information is available at http://www.infineon.com/tpm.
+
+
+
+4. Release Info
+
+    This is version 1.1. This version is a general release.
+
+
+
+5. FAQ and Troubleshooting
+
+    If you encounter any error, please make sure that
+    - the TPM is properly connected.
+    - the TPM driver is loaded, i.e. check that "/dev/tpm0" exists. In case of
+      driver loading problems (e.g. shown by "Error opening device"), reboot
+      your system and try to load the driver again.
+    - ELTT2 has been started with root permissions. Please note that ELTT2 needs
+      root permissions for all commands.
+    - the TPM is started. (See section 2.2 in this document on how to do this.)
+    - Trousers do not run anymore. In some cases the Kernel starts Trousers by
+      booting.
+      Shut down Trousers by entering the following command:
+      sudo pkill tcsd
+
+    The following list shows the most common errors and their solution:
+
+    The ELTT2 response is "Error opening the device.":
+    - You need to load a TPM driver before you can work with ELTT2.
+    - You need to start ELTT2 with root permissions.
+
+    The ELTT2 responds with error code 0x100.
+    - You need to send the TPM2_Startup command, or you did send it twice. In
+      case you have not sent it yet, do so with "./eltt2 -u".
+
+    The TPM does not change any of the permanent flags shown by sending the "-g"
+    command , e.g. after a force clear.
+    - The TPM requires a reset in order to change any of the permanent flags.
+      Press the reset button or disconnect the TPM to do so.
+
+    The value of a PCR does not change after sending PCR extend or reset.
+    - With the application permissions you cannot modify every PCR. For more
+      details, please refer to the description for the different PCR commands
+      in this file.

feeds/edgecore/eltt2/src/eltt2.h

@@ -0,0 +1,634 @@
+#ifndef _ELTT2_H_
+#define _ELTT2_H_
+/**
+  * @brief		Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0
+  * @details		eltt2.h implements all TPM byte commands and the prototype declarations for eltt2.c.
+  * @file		eltt2.h
+  * @date		2014/06/26
+  * @copyright	Copyright (c) 2014 - 2017 Infineon Technologies AG ( www.infineon.com ).\n
+  * All rights reserved.\n
+  * \n
+  * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
+  * conditions are met:\n
+  * \n
+  * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following
+  * disclaimer.\n
+  * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
+  * disclaimer in the documentation and/or other materials provided with the distribution.\n
+  * 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products
+  * derived from this software without specific prior written permission.\n
+  * \n
+  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+
+// this is the main page for doxygen documentation.
+/** @mainpage	Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0 Documentation
+  *
+  * @section	Welcome
+  * Welcome to Infineon TPM 2.0 Software-Tool "Embedded Linux TPM Toolbox 2 (ELTT2)".\n
+  * \n
+  * @section	Introduction
+  * ELTT2 is a single file-executable program
+  * intended for test, diagnosis and basic state changes of the Infineon
+  * Technologies TPM 2.0.\n
+  * \n
+  * @section	Copyright
+  * Copyright (c) 2014 - 2017 Infineon Technologies AG ( www.infineon.com ).\n
+  * All rights reserved.\n
+  * \n
+  * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
+  * conditions are met:\n
+  * \n
+  * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following
+  * disclaimer.\n
+  * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
+  * disclaimer in the documentation and/or other materials provided with the distribution.\n
+  * 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products
+  * derived from this software without specific prior written permission.\n
+  * \n
+  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <ctype.h>
+#include <string.h>
+#include <strings.h>
+#include <inttypes.h>
+
+//-------------"Defines"-------------
+#define TPM_RESP_MAX_SIZE		4096	///< This is the maximum possible TPM response size in bytes.
+#define TPM_REQ_MAX_SIZE		1024	///< This is the maximum possible TPM request size in bytes. TBD: Find out correct value.
+#define ERR_COMMUNICATION		-1	///< Return error check for read and write to the TPM.
+#define ERR_BAD_CMD			-2	///< Error code for a bad command line argument or option.
+#define TPM_SHA1_DIGEST_SIZE		20	///< For all SHA-1 operations the digest's size is always 20 bytes.
+#define TPM_SHA256_DIGEST_SIZE		32	///< For all SHA-256 operations the digest's size is always 32 bytes.
+#define TPM_SHA384_DIGEST_SIZE		48	///< For all SHA-384 operations the digest's size is always 48 bytes.
+#define TPM_CMD_HEADER_SIZE		10	///< The size of a standard TPM command header is 10 bytes.
+#define TPM_CMD_SIZE_OFFSET		2	///< The offset of a TPM command's size value is 2 bytes.
+#define HEX_BYTE_STRING_LENGTH		2	///< A byte can be represented by two hexadecimal characters.
+#ifndef INT_MAX
+#define INT_MAX 0x7FFFFFF			///< The maximum value of a signed 32-bit integer.
+#endif
+// TPM Return codes
+#define TPM_RC_SUCCESS			0x00000000	///< The response error code for TPM_SUCCESS.
+#define TPM_RC_BAD_TAG			0x0000001E	///< The response error code for TPM_RC_BAD_TAG.
+#define TPM_RC_SIZE			0x00000095	///< The response error code for TPM_RC_SIZE.
+#define TPM_RC_INITIALIZE		0x00000100	///< The response error code for TPM_RC_INITIALIZE.
+#define TPM_RC_FAILURE			0x00000101	///< The response error code for TPM_RC_FAILURE.
+#define TPM_RC_LOCALITY			0x00000907	///< The response error code for TPM_RC_LOCALITY.
+#define FU_FIRMWARE_VALID_FLAG		4		///< If this flag is set, the firmware is valid.
+#define FU_OWNER_FLAG			1		///< If this flag is set, the owner is set.
+// print_response_buf options
+#define PRINT_RESPONSE_CLEAR			1	///< Prints response unformatted.
+#define PRINT_RESPONSE_HEADERBLOCKS		2	///< Prints response in commented blocks.
+#define PRINT_RESPONSE_HEX_BLOCK		3	///< Prints response in rows of 16 bytes and shows the line number.
+#define PRINT_RESPONSE_HASH			4	///< Prints response of Hash
+#define PRINT_RESPONSE_WITHOUT_HEADER		12	///< Prints the response buffer from byte 12.
+#define PRINT_RESPONSE_HASH_WITHOUT_HEADER	16	///< Prints the response buffer from byte 16.
+#define PRINT_RESPONSE_WITH_HEADER		0	///< Prints the response buffer from byte 0.
+#define PRINT_RESPONSE_PCR_WITHOUT_HEADER	30	///< Prints the pcr buffer from pcr_read.
+// time conversion
+#define YEAR_SECONDS			31536000	///< Number of seconds in one year
+#define DAY_SECONDS			86400		///< Number of seconds in one day
+#define HOUR_SECONDS			3600		///< Number of seconds in one hour
+#define MINUTE_SECONDS			60		///< Number of seconds in one minute
+#define MILISECOND_TO_SECOND		1000		///< Convertion from miliseconds to seconds
+// hash
+#define STD_CC_HASH_SIZE		18		///< Hash command size
+// TPM_PT constants
+#define PT_FIXED_SELECTOR		1		///< Fixed GetCapability Flags
+#define PT_VAR_SELECTOR			2		///< Variable GetCapability Flags
+
+//-------------"Macros"-------------
+// Null pointer check
+#define NULL_POINTER_CHECK(x) if (NULL == x) { ret_val = EINVAL; fprintf(stderr, "Error: Invalid argument.\n"); break; }	///< Argument NULL check.
+#define MALLOC_ERROR_CHECK(x) if (NULL == x) { ret_val = errno; fprintf(stderr, "Error (re)allocating memory.\n"); break; }	///< Malloc error check.
+#define MEMSET_FREE(x, y) if (NULL != x) { memset(x, 0, y); free(x); x = NULL; } ///< Sets memory to 0, frees memory and sets pointer to NULL.
+// Return value check
+#define RET_VAL_CHECK(x) if (EXIT_SUCCESS != x) { break; } ///< Return value check
+// Command line option parser for hash algorithm
+#define HASH_ALG_PARSER(o, c) \
+	do { \
+		if (o == option) \
+		{ \
+			if (c == argc) \
+			{ \
+				hash_algo = ALG_SHA1; \
+			} \
+			else \
+			{ \
+				if (0 == strcasecmp(optarg, "sha1")) \
+				{ \
+					hash_algo = ALG_SHA1; \
+				} \
+				else if (0 == strcasecmp(optarg, "sha256")) \
+				{ \
+					hash_algo = ALG_SHA256; \
+				} \
+				else if (0 == strcasecmp(optarg, "sha384")) \
+				{ \
+					hash_algo = ALG_SHA384; \
+				} \
+				else \
+				{ \
+					ret_val = ERR_BAD_CMD; \
+					fprintf(stderr, "Unknown option. Use '-h' for more information.\n"); \
+					break; \
+				} \
+				if (argc > optind) \
+				{ \
+					optarg = argv[optind++]; \
+				} \
+			} \
+		} \
+		else \
+		{ \
+			hash_algo = ALG_SHA256; \
+		} \
+	} while (0)
+
+//--------------"Enums"--------------
+// Hash algorithms
+typedef enum hash_algo_enum
+{
+	ALG_NULL,
+	ALG_SHA1,
+	ALG_SHA256,
+	ALG_SHA384,
+} hash_algo_enum;
+
+//-------------"Methods"-------------
+/**
+  * @brief	Convert (max.) 8 byte buffer to an unsigned 64-bit integer.
+  * @param	[in]	*input_buffer		Input buffer. Make sure that its size is at least as high as offset + length.
+  * @param	[in]	offset			Start byte for conversion.
+  * @param	[in]	length			Amount of bytes to be converted.
+  * @param	[out]	*output_value		Return the converted unsigned 64-bit integer.
+  * @param	[in]	input_buffer_size	Size of input_buffer in bytes.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer or length is greater than 8.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @date	2014/06/26
+  */
+static int buf_to_uint64(uint8_t *input_buffer, uint32_t offset, uint32_t length, uint64_t *output_value, uint32_t input_buffer_size);
+
+/**
+  * @brief	Convert a hexadecimal string representation of bytes like "0A1F" and
+		returns an array containing the actual byte values as an array (e.g. { 0x0A, 0x1F }).
+  * @param	[in]	*byte_string		Incoming bytes as string.
+  * @param	[out]	*byte_values		Byte array representation of given input string.
+  * 						Must be allocated by caller with the length given in byte_values_size.
+  * @param	[in]	byte_values_size	Size of byte_values array.
+  * @return	One of the listed return codes.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	value of errno			In case parsing error.
+  * @date	2014/06/26
+  */
+static int hexstr_to_bytearray(char *byte_string, uint8_t *byte_values, size_t byte_values_size);
+
+/**
+  * @brief	Convert a number to a byte buffer.
+  * @param	[in]	input			User input.
+  * @param	[in]	input_size		Size of input data type in bytes.
+  * @param	[out]	*output_byte		Return buffer for the converted integer.
+						Must be allocated by the caller with at least a size of 'input_size'.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @date	2014/06/26
+  */
+static int int_to_bytearray(uint64_t input, uint32_t input_size, uint8_t *output_byte);
+
+/**
+  * @brief	Create the PCR_Extend command.
+  * @param	[in]	*pcr_index_str		User input string for PCR index.
+  * @param	[in]	*pcr_digest_str		User input string of value to extend the selected PCR with.
+  * @param	[out]	*pcr_cmd_buf		Return buffer for the complete command. Must be allocated by caller.
+  * @param	[in]	*pcr_cmd_buf_size	Size of memory allocated at pcr_cmd_buf in bytes.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for extending with SHA-1,
+						ALG_SHA256 for SHA-256, and ALG_SHA384 for SHA-384.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer or an invalid option.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	ERR_BAD_CMD			In case of bad user input.
+  * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
+  * @date	2014/06/26
+  */
+static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, hash_algo_enum hash_algo);
+
+/**
+  * @brief	Create the PCR_Allocate command.
+  * @param	[out]	*pcr_cmd_buf		Return buffer for the complete command.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 to allocate SHA-1,
+						ALG_SHA256 for SHA-256, and ALG_SHA384 for SHA-384.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer or an invalid option.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @date	2022/05/09
+  */
+static int pcr_allocate(uint8_t *pcr_cmd_buf, hash_algo_enum hash_algo);
+
+/**
+  * @brief	Create the PCR_Read command.
+  * @param	[in]	*pcr_index_str		User input string for PCR index.
+  * @param	[out]	*pcr_cmd_buf		Return buffer for the complete command.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for reading with SHA-1,
+						ALG_SHA256 for SHA-256, and ALG_SHA384 for SHA-384.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer or an invalid option.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	ERR_BAD_CMD			In case of bad user input.
+  * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
+  * @date	2014/06/26
+  */
+static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, hash_algo_enum hash_algo);
+
+/**
+  * @brief	Create the PCR_Reset command.
+  * @param	[in]	*pcr_index_str		User input string for PCR index.
+  * @param	[out]	*pcr_cmd_buf		Return buffer for the complete command.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	ERR_BAD_CMD			In case of bad user input.
+  * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
+  * @date	2014/06/26
+  */
+static int pcr_reset(char *pcr_index_str, uint8_t *pcr_cmd_buf);
+
+/**
+  * @brief	Print the command line usage and switches.
+  * @date	2014/06/26
+  */
+static void print_help();
+
+/**
+  * @brief	Print the response buffer in different formats.
+  * @param	[in]	*response_buf		TPM response.
+  * @param	[in]	resp_size		TPM response size.
+  * @param	[in]	offset			Starting point for printing buffer.
+  * @param	[in]	format			Select the output format.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer or an unknown output format has been transfered.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	buf_to_uint64			All error codes from buf_to_uint64.
+  * @date	2014/06/26
+  */
+static int print_response_buf(uint8_t *response_buf, size_t resp_size, uint32_t offset, int format);
+
+/**
+  * @brief	Print a TPM response.
+  * @param	[in]	*response_buf		TPM response.
+  * @param	[in]	resp_size		TPM response size.
+  * @param	[in]	option			Defines appearance of output. Can have the following values:\n
+						- PRINT_RESPONSE_CLEAR
+						- PRINT_RESPONSE_HEADERBLOCKS
+						- PRINT_RESPONSE_HEX_BLOCK
+						- PRINT_RESPONSE_WITHOUT_HEADER
+						- PRINT_RESPONSE_WITH_HEADER
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	print_response_buf		All error codes from print_response_buf.
+  * @retval	print_clock_info		All error codes from print_clock_info.
+  * @retval	print_capability_flags		All error codes from print_capability_flags.
+  * @date	2014/06/26
+  */
+static int response_print(uint8_t *response_buf, size_t resp_size, int option);
+
+/**
+  * @brief	Check a TPM response for errors.
+  * @param	[in]	*response_buf		TPM response. Must have at least a size of TPM_CMD_HEADER_SIZE bytes.
+  * @return	Returns the TPM return code extracted from the given TPM response or one of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	buf_to_uint64			All error codes from buf_to_uint64.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @date	2014/06/26
+  */
+static int return_error_handling(uint8_t *response_buf);
+
+/**
+  * @brief	Transmit TPM command to /dev/tpm0 and get the response.
+  * @param	[in]	*buf			TPM request.
+  * @param	[in]	length			TPM request length.
+  * @param	[out]	*response		TPM response.
+  * @param	[out]	*resp_length		TPM response length.
+  * @return	One of the listed return codes or the error code stored in the global errno system variable.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @date	2014/06/26
+  */
+static int tpmtool_transmit(const uint8_t *buf, ssize_t length, uint8_t *response, ssize_t *resp_length);
+
+/**
+  * @brief	Print the capability flags.
+  * @param	[in]	*response_buf		TPM response.
+  * @param	[in]	cap_selector		Type of capabilities to print.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	buf_to_uint64			All error codes from buf_to_uint64.
+  * @date	2014/06/26
+  */
+static int print_capability_flags(uint8_t *response_buf, uint8_t cap_selector);
+
+/**
+  * @brief	Print the clock info.
+  * @param	[in]	*response_buf		TPM response.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	buf_to_uint64			All error codes from buf_to_uint64.
+  * @date	2014/06/26
+  */
+static int print_clock_info(uint8_t *response_buf);
+
+/**
+  * @brief	Create the get_random command.
+  * @param	[in]	*data_length_string	User input string for random data length.
+  * @param	[out]	*response_buf		Return buffer for the complete command.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	ERR_BAD_CMD			In case of bad user input.
+  * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
+  * @date	2014/06/26
+  */
+static int get_random(char *data_length_string, uint8_t *response_buf);
+
+/**
+  * @brief	Create the simple hash command.
+  * @param	[in]	*data_string		User input string of data to be hashed.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for hashing with SHA-1,
+						ALG_SHA256 for SHA-256, and ALG_SHA384 for SHA-384.
+  * @param	[out]	*hash_cmd_buf		Return buffer for the complete command.
+  * @param	[in]	hash_cmd_buf_size	Return buffer size.
+  * @return	One of the listed return codes.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
+  * @retval	int_to_bytearray		All error codes from int_to_bytearray.
+  * @date	2014/06/26
+  */
+static int create_hash(char *data_string, hash_algo_enum hash_algo, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size);
+
+/**
+  * @brief	Create and transmit a sequence of TPM commands for hashing larger amounts of data.
+  * @param	[in]	*data_string		User input string of data to be hashed.
+  * @param	[in]	hash_algo		Set to ALG_SHA1 for hashing with SHA-1,
+						ALG_SHA256 for SHA-256, and ALG_SHA384 for SHA-384.
+  * @param	[out]	*tpm_response_buf	TPM response.
+  * @param	[out]	*tpm_response_buf_size	Size of tpm_response_buf.
+  * @return	One of the listed return codes or the error code stored in the global errno system variable.
+  * @retval	EINVAL				In case of a NULL pointer.
+  * @retval	EXIT_SUCCESS			In case of success.
+  * @retval	value of errno			In case of memory allocation error.
+  * @retval	buf_to_uint64			All error codes from buf_to_uint64.
+  * @retval	hexstr_to_bytearray		All error codes from hexstr_to_bytearray.
+  * @retval	int_to_bytearray		All error codes from int_to_bytearray.
+  * @retval	tpmtool_transmit		All error codes from tpmtool_transmit.
+  * @retval	print_response_buf		All error codes from print_response_buf
+  * @date	2014/06/26
+  */
+static int create_hash_sequence(char *data_string, hash_algo_enum hash_algo, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size);
+
+//-------------"command bytes"-------------
+static const uint8_t tpm2_startup_clear[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0C,		// commandSize
+	0x00, 0x00, 0x01, 0x44,		// TPM_CC_Startup
+	0x00, 0x00			// TPM_SU_CLEAR
+};
+
+static const uint8_t tpm2_startup_state[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0C,		// commandSize
+	0x00, 0x00, 0x01, 0x44,		// TPM_CC_Startup
+	0x00, 0x01			// TPM_SU_STATE
+};
+
+static const uint8_t tpm_cc_shutdown_clear[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0C,		// commandSize
+	0x00, 0x00, 0x01, 0x45,		// TPM_CC_Shutdown
+	0x00, 0x00			// TPM_SU_CLEAR
+};
+
+static const uint8_t tpm_cc_shutdown_state[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0C,		// commandSize
+	0x00, 0x00, 0x01, 0x45,		// TPM_CC_Shutdown
+	0x00, 0x01			// TPM_SU_STATE
+};
+
+static const uint8_t tpm2_self_test[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0B,		// commandSize
+	0x00, 0x00, 0x01, 0x43,		// TPM_CC_SelfTest
+	0x00				// fullTest=No
+};
+
+static const uint8_t tpm2_self_test_full[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0B,		// commandSize
+	0x00, 0x00, 0x01, 0x43,		// TPM_CC_SelfTest
+	0x01				// fullTest=Yes
+};
+
+static const uint8_t tpm_cc_get_test_result[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0A,		// commandSize
+	0x00, 0x00, 0x01, 0x7C		// TPM_CC_GetTestResult
+};
+
+static const uint8_t tpm2_self_test_incremental[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x2A,		// commandSize
+	0x00, 0x00, 0x01, 0x42,		// TPM_CC_IncrementalSelfTest
+	0x00, 0x00, 0x00, 0x0E,		// Count of Algorithm
+	0x00, 0x01, 0x00, 0x04,		// Algorithm two per line
+	0x00, 0x05, 0x00, 0x06,
+	0x00, 0x08, 0x00, 0x0A,
+	0x00, 0x0B, 0x00, 0x14,
+	0x00, 0x15, 0x00, 0x16,
+	0x00, 0x17, 0x00, 0x22,
+	0x00, 0x25, 0x00, 0x43
+};
+
+static const uint8_t tpm2_getrandom[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0C,		// commandSize
+	0x00, 0x00, 0x01, 0x7B,		// TPM_CC_GetRandom
+	0x00, 0x00			// bytesRequested (will be set later)
+};
+
+static const uint8_t tpm_cc_readclock[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0A,		// commandSize
+	0x00, 0x00, 0x01, 0x81		// TPM_CC_ReadClock
+};
+
+static const uint8_t tpm2_getcapability_fixed[] ={
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x16,		// commandSize
+	0x00, 0x00, 0x01, 0x7A,		// TPM_CC_GetCapability
+	0x00, 0x00, 0x00, 0x06,		// TPM_CAP_TPM_PROPERTIES (Property Type: TPM_PT)
+	0x00, 0x00, 0x01, 0x00,		// Property: TPM_PT_FAMILY_INDICATOR: PT_GROUP * 1 + 0
+	0x00, 0x00, 0x00, 0x66		// PropertyCount 102 (from 100 - 201)
+};
+
+static const uint8_t tpm2_getcapability_var[] ={
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x16,		// commandSize
+	0x00, 0x00, 0x01, 0x7A,		// TPM_CC_GetCapability
+	0x00, 0x00, 0x00, 0x06,		// TPM_CAP_TPM_PROPERTIES (Property Type: TPM_PT)
+	0x00, 0x00, 0x02, 0x00,		// Property: TPM_PT_FAMILY_INDICATOR: PT_GROUP * 2 + 0
+	0x00, 0x00, 0x00, 0x02		// PropertyCount 02 (from 200 - 201)
+};
+
+// Hash
+static const uint8_t tpm2_hash[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0e,		// commandSize
+	0x00, 0x00, 0x01, 0x7D,		// TPM_CC_Hash
+	0x00, 0x00,			// size (will be set later)
+					// buffer (will be added later)
+	0x00, 0x00,			// hashAlg (will be added later)
+	0x00, 0x00, 0x00, 0x00		// hierarchy of the ticket (TPM_RH_NULL; will be added later)
+};
+
+// HashSequence
+static uint8_t tpm2_hash_sequence_start[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x0e,		// commandSize
+	0x00, 0x00, 0x01, 0x86,		// TPM_CC_HashSequenceStart
+	0x00, 0x00,			// authSize (NULL Password)
+					// null (indicate a NULL Password)
+	0x00, 0x00			// hashAlg (will be set later)
+};
+
+static uint8_t tpm2_sequence_update[] = {
+	0x80, 0x02,			// TPM_ST_SESSIONS
+	0x00, 0x00, 0x00, 0x00,		// commandSize (will be set later)
+	0x00, 0x00, 0x01, 0x5c,		// TPM_CC_SequenceUpdate
+	0x00, 0x00, 0x00, 0x00,		// sequenceHandle (will be set later)
+	0x00, 0x00,			// authSize (NULL Password)
+					// null (indicate a NULL Password)
+	0x00, 0x09,			// authSize (password authorization session)
+	0x40, 0x00, 0x00, 0x09,		// TPM_RS_PW (indicate a password authorization session)
+	0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x00			// size (will be set later)
+					// buffer (will be added later)
+};
+
+static uint8_t tpm2_sequence_complete[] = {
+	0x80, 0x02,			// TPM_ST_SESSIONS
+	0x00, 0x00, 0x00, 0x21,		// commandSize
+	0x00, 0x00, 0x01, 0x3e,		// TPM_CC_SequenceComplete
+	0x00, 0x00, 0x00, 0x00,		// sequenceHandle (will be set later)
+	0x00, 0x00,			// authSize (NULL Password)
+					// null (indicate a NULL Password)
+	0x00, 0x09,			// authSize (password authorization session)
+	0x40, 0x00, 0x00, 0x09,		// TPM_RS_PW (indicate a password authorization session)
+	0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x00,			// size (NULL buffer)
+					// null (indicate an empty buffer buffer)
+	0x40, 0x00, 0x00, 0x07		// hierarchy of the ticket (TPM_RH_NULL)
+};
+
+static const uint8_t sha1_alg[] = {
+	0x00, 0x04			// command for sha1 alg
+};
+
+static const uint8_t sha256_alg[] = {
+	0x00, 0x0B			// command for sha256 alg
+};
+
+static const uint8_t sha384_alg[] = {
+	0x00, 0x0C			// command for sha384 alg
+};
+
+static const uint8_t tpm_cc_hash_hierarchy[] = {
+	0x40, 0x00, 0x00, 0x07		// hierarchy of the ticket (TPM_RH_NULL)
+};
+
+//PCR_Command
+static const uint8_t tpm2_pcr_allocate[] = {
+	0x80, 0x02,			// TPM_ST_SESSIONS
+	0x00, 0x00, 0x00, 0x31,		// commandSize
+	0x00, 0x00, 0x01, 0x2B,		// TPM_CC_PCR_Allocate
+	0x40, 0x00, 0x00, 0x0C,		// TPM_RH_PLATFORM
+	0x00, 0x00,			// authSize (NULL Password)
+					// null (indicate a NULL Password)
+	0x00, 0x09,			// authSize (password authorization session)
+	0x40, 0x00, 0x00, 0x09,		// TPM_RS_PW (indicate a password authorization session)
+	0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x03,		// count (TPML_PCR_SELECTION)
+	0x00, 0x04,			// hash (TPMS_PCR_SELECTION; SHA-1)
+	0x03,				// sizeofSelect (TPMS_PCR_SELECTION)
+	0x00, 0x00, 0x00,		// pcrSelect (TPMS_PCR_SELECTION; will be set later)
+	0x00, 0x0B,			// hash (TPMS_PCR_SELECTION; SHA-256)
+	0x03,				// sizeofSelect (TPMS_PCR_SELECTION)
+	0x00, 0x00, 0x00,		// pcrSelect (TPMS_PCR_SELECTION; will be set later)
+	0x00, 0x0C,			// hash (TPMS_PCR_SELECTION; SHA-384)
+	0x03,				// sizeofSelect (TPMS_PCR_SELECTION)
+	0x00, 0x00, 0x00		// pcrSelect (TPMS_PCR_SELECTION; will be set later)
+};
+
+static const uint8_t tpm2_pcr_read[] = {
+	0x80, 0x01,			// TPM_ST_NO_SESSIONS
+	0x00, 0x00, 0x00, 0x14,		// commandSize
+	0x00, 0x00, 0x01, 0x7E,		// TPM_CC_PCR_Read
+	0x00, 0x00, 0x00, 0x01,		// count (TPML_PCR_SELECTION)
+	0x00, 0x00,			// hash (TPMS_PCR_SELECTION; will be set later)
+	0x03,				// sizeofSelect (TPMS_PCR_SELECTION)
+	0x00, 0x00, 0x00		// pcrSelect (TPMS_PCR_SELECTION)
+};
+
+static const uint8_t tpm2_pcr_extend[] = {
+	0x80, 0x02,			// TPM_ST_SESSIONS
+	0x00, 0x00, 0x00, 0x00,		// commandSize (will be set later)
+	0x00, 0x00, 0x01, 0x82,		// TPM_CC_PCR_Extend
+	0x00, 0x00, 0x00, 0x00,		// {PCR_FIRST:PCR_LAST} (TPMI_DH_PCR)
+	0x00, 0x00,			// authSize (NULL Password)
+					// null (indicate a NULL Password)
+	0x00, 0x09,			// authSize (password authorization session)
+	0x40, 0x00, 0x00, 0x09,		// TPM_RS_PW (indicate a password authorization session)
+	0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x01,		// count (TPML_DIGEST_VALUES)
+	0x00, 0x00			// hashAlg (TPMT_HA; will be set later)
+					// digest (TPMT_HA; will be added later)
+};
+
+static const uint8_t tpm2_pcr_reset[] = {
+	0x80, 0x02,			// TPM_ST_SESSIONS
+	0x00, 0x00, 0x00, 0x1B,		// commandSize
+	0x00, 0x00, 0x01, 0x3D,		// TPM_CC_PCR_Reset
+	0x00, 0x00, 0x00, 0x00,		// {PCR_FIRST:PCR_LAST} (TPMI_DH_PCR)
+	0x00, 0x00,			// authSize (NULL Password)
+					// null (indicate a NULL Password)
+	0x00, 0x09,			// authSize (password authorization session)
+	0x40, 0x00, 0x00, 0x09,		// TPM_RS_PW (indicate a password authorization session)
+	0x00, 0x00, 0x01, 0x00, 0x00
+};
+
+#endif /* _ELTT2_H_ */

feeds/hfcl/hfcl/Makefile

@@ -0,0 +1,29 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=hfcl
+PKG_VERSION:=1.0
+PKG_BUILD_DIR:= $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/hfcl
+        SECTION:=base
+        CATEGORY:=Utilities
+        TITLE:=hfcl
+endef
+
+define Build/Prepare
+        mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile/Default
+
+endef
+
+Build/Compile = $(Build/Compile/Default)
+
+define Package/hfcl/install
+	cp -rf ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,hfcl))

feeds/hfcl/hfcl/files/etc/ucentral_check.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+echo "Start Websocket check/recovery script"
+
+ucentral_conn=$(netstat -atulpn | grep -i ucentral | awk '{print $6}')
+hostname_AP=$(uci get system.@system[0].hostname)
+uc_file_check=$(du /etc/config/ucentral | awk '{print $1}' )
+sleep 20
+
+curr_date=$(date)
+
+if [[ "$uc_file_check" = 0 ]]
+then
+	echo "[[$curr_date]]  empty ucentral file found, need to factory reset"
+	ubi_mount=$(mount | grep ubifs | grep noatime | awk '{print $1}')
+	if [[ "$ubi_mount" != "/dev/ubi0_3" ]]
+	then
+		echo "[[$curr_date]]  ubifs not mounted, need to reboot before factory reset, mount was $ubi_mount"
+		/sbin/reboot
+	else
+		/sbin/jffs2reset -y -r
+	fi
+elif [[ "$hostname_AP" = "OpenWrt" ]]
+then
+	echo "[[$curr_date]] hostname set to openwrt, doing ucentral and capabilities load"
+	/usr/share/ucentral/capabilities.uc
+	rlink=$(readlink -f /etc/ucentral/ucentral.active)
+	/usr/share/ucentral/ucentral.uc /etc/ucentral/ucentral.active
+	rm -rf /etc/ucentral/ucentral.active
+	ln -s $rlink /etc/ucentral/ucentral.active
+	sleep 60
+	ucentral_check=$(netstat -atulpn | grep -i ucentral | awk '{print $6}')
+	if [[ "$ucentral_check" != "ESTABLIHED" ]]
+	then
+		echo "[[$curr_date]] loading didn't work, need to factory reset"
+		/sbin/jffs2reset -y -r
+	fi
+elif [[ "$ucentral_conn" != "ESTABLISHED" ]]
+then
+	echo "[[$curr_date]]  Ucentral either crashed or stopped, restarting the same"
+        /etc/init.d/ucentral restart
+else
+        echo "[[$curr_date]]  Ucentral working all fine, nothing to do"
+fi

feeds/hfcl/hfcl/files/etc/uci-defaults/abc-hfcl-ucentral

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#rm -f /etc/rc.local
+#cp -f /etc/loop.local /etc/rc.local
+
+crontab -r
+
+/etc/init.d/cron enable
+
+/etc/init.d/cron start
+
+sleep 60
+
+crontab -l | { cat; echo "*/3 * * * * /bin/sh /etc/ucentral_check.sh >> /tmp/ucentral_check";} | crontab -
+
+crontab -l | { cat; echo "* */4 * * * rm -rf /tmp/ucentral_check";} | crontab -
+
+/etc/init.d/cron restart

feeds/hostapd/hostapd/Config.in

@@ -0,0 +1,108 @@
+# wpa_supplicant config
+config WPA_RFKILL_SUPPORT
+	bool "Add rfkill support"
+	depends on PACKAGE_wpa-supplicant || \
+		   PACKAGE_wpa-supplicant-openssl || \
+		   PACKAGE_wpa-supplicant-wolfssl || \
+		   PACKAGE_wpa-supplicant-mbedtls || \
+		   PACKAGE_wpa-supplicant-mesh-openssl || \
+		   PACKAGE_wpa-supplicant-mesh-wolfssl || \
+		   PACKAGE_wpa-supplicant-mesh-mbedtls || \
+		   PACKAGE_wpa-supplicant-basic || \
+		   PACKAGE_wpa-supplicant-mini || \
+		   PACKAGE_wpa-supplicant-p2p || \
+		   PACKAGE_wpad || \
+		   PACKAGE_wpad-openssl || \
+		   PACKAGE_wpad-wolfssl || \
+		   PACKAGE_wpad-mbedtls || \
+		   PACKAGE_wpad-basic || \
+		   PACKAGE_wpad-basic-openssl || \
+		   PACKAGE_wpad-basic-wolfssl || \
+		   PACKAGE_wpad-basic-mbedtls || \
+		   PACKAGE_wpad-mini || \
+		   PACKAGE_wpad-mesh-openssl || \
+		   PACKAGE_wpad-mesh-wolfssl || \
+		   PACKAGE_wpad-mesh-mbedtls
+	default n
+
+config WPA_MSG_MIN_PRIORITY
+	int "Minimum debug message priority"
+	depends on PACKAGE_wpa-supplicant || \
+		   PACKAGE_wpa-supplicant-openssl || \
+		   PACKAGE_wpa-supplicant-wolfssl || \
+		   PACKAGE_wpa-supplicant-mbedtls || \
+		   PACKAGE_wpa-supplicant-mesh-openssl || \
+		   PACKAGE_wpa-supplicant-mesh-wolfssl || \
+		   PACKAGE_wpa-supplicant-mesh-mbedtls || \
+		   PACKAGE_wpa-supplicant-basic || \
+		   PACKAGE_wpa-supplicant-mini || \
+		   PACKAGE_wpa-supplicant-p2p || \
+		   PACKAGE_wpad || \
+		   PACKAGE_wpad-openssl || \
+		   PACKAGE_wpad-wolfssl || \
+		   PACKAGE_wpad-mbedtls || \
+		   PACKAGE_wpad-basic || \
+		   PACKAGE_wpad-basic-openssl || \
+		   PACKAGE_wpad-basic-wolfssl || \
+		   PACKAGE_wpad-basic-mbedtls || \
+		   PACKAGE_wpad-mini || \
+		   PACKAGE_wpad-mesh-openssl || \
+		   PACKAGE_wpad-mesh-wolfssl || \
+		   PACKAGE_wpad-mesh-mbedtls
+	default 3
+	help
+	  Useful values are:
+	    0 = all messages
+		1 = raw message dumps
+		2 = most debugging messages
+		3 = info messages
+		4 = warnings
+		5 = errors
+
+config WPA_WOLFSSL
+	bool
+	default PACKAGE_wpa-supplicant-wolfssl ||\
+	        PACKAGE_wpad-wolfssl ||\
+	        PACKAGE_wpad-basic-wolfssl || \
+	        PACKAGE_wpad-mesh-wolfssl ||\
+	        PACKAGE_eapol-test-wolfssl
+	select WOLFSSL_HAS_AES_CCM
+	select WOLFSSL_HAS_ARC4
+	select WOLFSSL_HAS_DH
+	select WOLFSSL_HAS_OCSP
+	select WOLFSSL_HAS_SESSION_TICKET
+	select WOLFSSL_HAS_WPAS
+
+config DRIVER_11AC_SUPPORT
+	bool
+	default n
+
+config DRIVER_11AX_SUPPORT
+	bool
+	default n
+	select WPA_MBO_SUPPORT
+
+config WPA_ENABLE_WEP
+	bool "Enable support for unsecure and obsolete WEP"
+	help
+	  Wired equivalent privacy (WEP) is an obsolete cryptographic data
+	  confidentiality algorithm that is not considered secure. It should not be used
+	  for anything anymore. The functionality needed to use WEP is available in the
+	  current hostapd release under this optional build parameter and completely
+	  removed in a future release.
+
+config WPA_MBO_SUPPORT
+	bool "Multi Band Operation (Agile Multiband)"
+	default PACKAGE_wpa-supplicant || \
+		PACKAGE_wpa-supplicant-openssl || \
+		PACKAGE_wpa-supplicant-wolfssl || \
+		PACKAGE_wpa-supplicant-mbedtls || \
+		PACKAGE_wpad || \
+		PACKAGE_wpad-openssl || \
+		PACKAGE_wpad-wolfssl || \
+		PACKAGE_wpad-mbedtls
+	help
+	  Multi Band Operation aka (Agile Multiband) enables features
+	  that facilitate efficient use of multiple frequency bands.
+	  Enabling MBO on an AP using RSN requires 802.11w to be enabled.
+	  Hostapd will refuse to start if MBO and RSN are enabled without 11w.

feeds/hostapd/hostapd/Makefile

@@ -0,0 +1,851 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2006-2021 OpenWrt.org
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=hostapd
+PKG_RELEASE:=4
+
+PKG_SOURCE_URL:=http://w1.fi/hostap.git
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2023-09-08
+PKG_SOURCE_VERSION:=e5ccbfc69ecf297590341ae8b461edba9d8e964c
+PKG_MIRROR_HASH:=fcc6550f46c7f8bbdbf71e63f8f699b9a0878565ad1b90a17855f5ec21283b8f
+
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+PKG_LICENSE:=BSD-3-Clause
+PKG_CPE_ID:=cpe:/a:w1.fi:hostapd
+
+PKG_BUILD_PARALLEL:=1
+PKG_ASLR_PIE_REGULAR:=1
+
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_PACKAGE_hostapd \
+	CONFIG_PACKAGE_hostapd-basic \
+	CONFIG_PACKAGE_hostapd-mini \
+	CONFIG_WPA_RFKILL_SUPPORT \
+	CONFIG_DRIVER_11AC_SUPPORT \
+	CONFIG_DRIVER_11AX_SUPPORT \
+	CONFIG_WPA_ENABLE_WEP
+
+PKG_BUILD_FLAGS:=gc-sections lto
+
+EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
+
+SUPPLICANT_PROVIDERS:=
+HOSTAPD_PROVIDERS:=
+
+LOCAL_TYPE=$(strip \
+		$(if $(findstring wpad,$(BUILD_VARIANT)),wpad, \
+		$(if $(findstring supplicant,$(BUILD_VARIANT)),supplicant, \
+		hostapd \
+		)))
+
+LOCAL_AND_LIB_VARIANT=$(patsubst hostapd-%,%,\
+		      $(patsubst wpad-%,%,\
+		      $(patsubst supplicant-%,%,\
+		      $(BUILD_VARIANT)\
+		      )))
+
+LOCAL_VARIANT=$(patsubst %-internal,%,\
+	      $(patsubst %-openssl,%,\
+	      $(patsubst %-wolfssl,%,\
+	      $(patsubst %-mbedtls,%,\
+	      $(LOCAL_AND_LIB_VARIANT)\
+	      ))))
+
+SSL_VARIANT=$(strip \
+		$(if $(findstring openssl,$(LOCAL_AND_LIB_VARIANT)),openssl,\
+		$(if $(findstring wolfssl,$(LOCAL_AND_LIB_VARIANT)),wolfssl,\
+		$(if $(findstring mbedtls,$(LOCAL_AND_LIB_VARIANT)),mbedtls,\
+		internal\
+		))))
+
+CONFIG_VARIANT:=$(LOCAL_VARIANT)
+ifeq ($(LOCAL_VARIANT),mesh)
+  CONFIG_VARIANT:=full
+endif
+
+include $(INCLUDE_DIR)/package.mk
+
+STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_$(CONFIG_WPA_MSG_MIN_PRIORITY)
+
+ifneq ($(CONFIG_DRIVER_11AC_SUPPORT),)
+  HOSTAPD_IEEE80211AC:=y
+endif
+
+ifneq ($(CONFIG_DRIVER_11AX_SUPPORT),)
+  HOSTAPD_IEEE80211AX:=y
+endif
+
+CORE_DEPENDS = +ucode +libubus +libucode +ucode-mod-fs +ucode-mod-nl80211 +ucode-mod-rtnl +ucode-mod-ubus +ucode-mod-uloop +libblobmsg-json
+OPENSSL_DEPENDS = +PACKAGE_$(1):libopenssl +PACKAGE_$(1):libopenssl-legacy
+
+DRIVER_MAKEOPTS= \
+	CONFIG_ACS=y CONFIG_DRIVER_NL80211=y \
+	CONFIG_IEEE80211AC=$(HOSTAPD_IEEE80211AC) \
+	CONFIG_IEEE80211AX=$(HOSTAPD_IEEE80211AX) \
+	CONFIG_MBO=$(CONFIG_WPA_MBO_SUPPORT) \
+	CONFIG_UCODE=y
+
+ifeq ($(SSL_VARIANT),openssl)
+  DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
+  TARGET_LDFLAGS += -lcrypto -lssl
+
+  ifeq ($(LOCAL_VARIANT),basic)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y
+  endif
+  ifeq ($(LOCAL_VARIANT),mesh)
+    DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y
+  endif
+  ifeq ($(LOCAL_VARIANT),full)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
+  endif
+endif
+
+ifeq ($(SSL_VARIANT),wolfssl)
+  DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_SAE=y
+  TARGET_LDFLAGS += -lwolfssl
+
+  ifeq ($(LOCAL_VARIANT),basic)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y
+  endif
+  ifeq ($(LOCAL_VARIANT),mesh)
+    DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
+  endif
+  ifeq ($(LOCAL_VARIANT),full)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
+  endif
+endif
+
+ifeq ($(SSL_VARIANT),mbedtls)
+  DRIVER_MAKEOPTS += CONFIG_TLS=mbedtls CONFIG_SAE=y
+  TARGET_LDFLAGS += -lmbedcrypto -lmbedx509 -lmbedtls
+
+  ifeq ($(LOCAL_VARIANT),basic)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y
+  endif
+  ifeq ($(LOCAL_VARIANT),mesh)
+    DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
+  endif
+  ifeq ($(LOCAL_VARIANT),full)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
+  endif
+endif
+
+ifneq ($(LOCAL_TYPE),hostapd)
+  ifdef CONFIG_WPA_RFKILL_SUPPORT
+    DRIVER_MAKEOPTS += NEED_RFKILL=y
+  endif
+endif
+
+DRV_DEPENDS:=+libnl-tiny
+
+
+define Package/hostapd/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=WirelessAPD
+  TITLE:=IEEE 802.1x Authenticator
+  URL:=http://hostap.epitest.fi/
+  DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
+  EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-$(PKG_RELEASE))
+  USERID:=network=101:network=101
+  PROVIDES:=hostapd
+  CONFLICTS:=$(HOSTAPD_PROVIDERS)
+  HOSTAPD_PROVIDERS+=$(1)
+endef
+
+define Package/hostapd
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (built-in full)
+  VARIANT:=full-internal
+endef
+
+define Package/hostapd/description
+ This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
+ Authenticator.
+endef
+
+define Package/hostapd-openssl
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (OpenSSL full)
+  VARIANT:=full-openssl
+  DEPENDS+=$(OPENSSL_DEPENDS)
+endef
+
+Package/hostapd-openssl/description = $(Package/hostapd/description)
+
+define Package/hostapd-wolfssl
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (wolfSSL full)
+  VARIANT:=full-wolfssl
+  DEPENDS+=+PACKAGE_hostapd-wolfssl:libwolfssl
+endef
+
+Package/hostapd-wolfssl/description = $(Package/hostapd/description)
+
+define Package/hostapd-mbedtls
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=full-mbedtls
+  DEPENDS+=+PACKAGE_hostapd-mbedtls:libmbedtls
+endef
+
+Package/hostapd-mbedtls/description = $(Package/hostapd/description)
+
+define Package/hostapd-basic
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (WPA-PSK, 11r, 11w)
+  VARIANT:=basic
+endef
+
+define Package/hostapd-basic/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
+endef
+
+define Package/hostapd-basic-openssl
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (WPA-PSK, 11r and 11w)
+  VARIANT:=basic-openssl
+  DEPENDS+=+PACKAGE_hostapd-basic-openssl:libopenssl
+endef
+
+define Package/hostapd-basic-openssl/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
+endef
+
+define Package/hostapd-basic-wolfssl
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (WPA-PSK, 11r and 11w)
+  VARIANT:=basic-wolfssl
+  DEPENDS+=+PACKAGE_hostapd-basic-wolfssl:libwolfssl
+endef
+
+define Package/hostapd-basic-wolfssl/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
+endef
+
+define Package/hostapd-basic-mbedtls
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (WPA-PSK, 11r and 11w)
+  VARIANT:=basic-mbedtls
+  DEPENDS+=+PACKAGE_hostapd-basic-mbedtls:libmbedtls
+endef
+
+define Package/hostapd-basic-mbedtls/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
+endef
+
+define Package/hostapd-mini
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (WPA-PSK only)
+  VARIANT:=mini
+endef
+
+define Package/hostapd-mini/description
+ This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only).
+endef
+
+
+define Package/wpad/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=WirelessAPD
+  TITLE:=IEEE 802.1x Auth/Supplicant
+  DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
+  EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-$(PKG_RELEASE))
+  USERID:=network=101:network=101
+  URL:=http://hostap.epitest.fi/
+  PROVIDES:=hostapd wpa-supplicant
+  CONFLICTS:=$(HOSTAPD_PROVIDERS) $(SUPPLICANT_PROVIDERS)
+  HOSTAPD_PROVIDERS+=$(1)
+  SUPPLICANT_PROVIDERS+=$(1)
+endef
+
+define Package/wpad
+$(call Package/wpad/Default,$(1))
+  TITLE+= (built-in full)
+  VARIANT:=wpad-full-internal
+endef
+
+define Package/wpad/description
+ This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
+ Authenticator and Supplicant
+endef
+
+define Package/wpad-openssl
+$(call Package/wpad/Default,$(1))
+  TITLE+= (OpenSSL full)
+  VARIANT:=wpad-full-openssl
+  DEPENDS+=$(OPENSSL_DEPENDS)
+endef
+
+Package/wpad-openssl/description = $(Package/wpad/description)
+
+define Package/wpad-wolfssl
+$(call Package/wpad/Default,$(1))
+  TITLE+= (wolfSSL full)
+  VARIANT:=wpad-full-wolfssl
+  DEPENDS+=+PACKAGE_wpad-wolfssl:libwolfssl
+endef
+
+Package/wpad-wolfssl/description = $(Package/wpad/description)
+
+define Package/wpad-mbedtls
+$(call Package/wpad/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=wpad-full-mbedtls
+  DEPENDS+=+PACKAGE_wpad-mbedtls:libmbedtls
+endef
+
+Package/wpad-mbedtls/description = $(Package/wpad/description)
+
+define Package/wpad-basic
+$(call Package/wpad/Default,$(1))
+  TITLE+= (WPA-PSK, 11r, 11w)
+  VARIANT:=wpad-basic
+endef
+
+define Package/wpad-basic/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, 802.11r and 802.11w support.
+endef
+
+define Package/wpad-basic-openssl
+$(call Package/wpad/Default,$(1))
+  TITLE+= (OpenSSL, 11r, 11w)
+  VARIANT:=wpad-basic-openssl
+  DEPENDS+=$(OPENSSL_DEPENDS)
+endef
+
+define Package/wpad-basic-openssl/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
+endef
+
+define Package/wpad-basic-wolfssl
+$(call Package/wpad/Default,$(1))
+  TITLE+= (wolfSSL, 11r, 11w)
+  VARIANT:=wpad-basic-wolfssl
+  DEPENDS+=+PACKAGE_wpad-basic-wolfssl:libwolfssl
+endef
+
+define Package/wpad-basic-wolfssl/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
+endef
+
+define Package/wpad-basic-mbedtls
+$(call Package/wpad/Default,$(1))
+  TITLE+= (mbedTLS, 11r, 11w)
+  VARIANT:=wpad-basic-mbedtls
+  DEPENDS+=+PACKAGE_wpad-basic-mbedtls:libmbedtls
+endef
+
+define Package/wpad-basic-mbedtls/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
+endef
+
+define Package/wpad-mini
+$(call Package/wpad/Default,$(1))
+  TITLE+= (WPA-PSK only)
+  VARIANT:=wpad-mini
+endef
+
+define Package/wpad-mini/description
+ This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (WPA-PSK only).
+endef
+
+define Package/wpad-mesh
+$(call Package/wpad/Default,$(1))
+  DEPENDS+=@(!TARGET_uml||BROKEN)
+  PROVIDES+=wpa-supplicant-mesh wpad-mesh
+endef
+
+define Package/wpad-mesh/description
+ This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
+endef
+
+define Package/wpad-mesh-openssl
+$(call Package/wpad-mesh,$(1))
+  TITLE+= (OpenSSL, 11s, SAE)
+  DEPENDS+=$(OPENSSL_DEPENDS)
+  VARIANT:=wpad-mesh-openssl
+endef
+
+Package/wpad-mesh-openssl/description = $(Package/wpad-mesh/description)
+
+define Package/wpad-mesh-wolfssl
+$(call Package/wpad-mesh,$(1))
+  TITLE+= (wolfSSL, 11s, SAE)
+  DEPENDS+=+PACKAGE_wpad-mesh-wolfssl:libwolfssl
+  VARIANT:=wpad-mesh-wolfssl
+endef
+
+Package/wpad-mesh-wolfssl/description = $(Package/wpad-mesh/description)
+
+define Package/wpad-mesh-mbedtls
+$(call Package/wpad-mesh,$(1))
+  TITLE+= (mbedTLS, 11s, SAE)
+  DEPENDS+=+PACKAGE_wpad-mesh-mbedtls:libmbedtls
+  VARIANT:=wpad-mesh-mbedtls
+endef
+
+Package/wpad-mesh-mbedtls/description = $(Package/wpad-mesh/description)
+
+
+define Package/wpa-supplicant/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=WirelessAPD
+  TITLE:=WPA Supplicant
+  URL:=http://hostap.epitest.fi/wpa_supplicant/
+  DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
+  EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-$(PKG_RELEASE))
+  USERID:=network=101:network=101
+  PROVIDES:=wpa-supplicant
+  CONFLICTS:=$(SUPPLICANT_PROVIDERS)
+  SUPPLICANT_PROVIDERS+=$(1)
+endef
+
+define Package/wpa-supplicant
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (built-in full)
+  VARIANT:=supplicant-full-internal
+endef
+
+define Package/wpa-supplicant-openssl
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (OpenSSL full)
+  VARIANT:=supplicant-full-openssl
+  DEPENDS+=$(OPENSSL_DEPENDS)
+endef
+
+define Package/wpa-supplicant-wolfssl
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (wolfSSL full)
+  VARIANT:=supplicant-full-wolfssl
+  DEPENDS+=+PACKAGE_wpa-supplicant-wolfssl:libwolfssl
+endef
+
+define Package/wpa-supplicant-mbedtls
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=supplicant-full-mbedtls
+  DEPENDS+=+PACKAGE_wpa-supplicant-mbedtls:libmbedtls
+endef
+
+define Package/wpa-supplicant/config
+	source "$(SOURCE)/Config.in"
+endef
+
+define Package/wpa-supplicant-p2p
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (Wi-Fi P2P support)
+  VARIANT:=supplicant-p2p-internal
+endef
+
+define Package/wpa-supplicant-mesh/Default
+$(call Package/wpa-supplicant/Default,$(1))
+  DEPENDS+=@(!TARGET_uml||BROKEN)
+  PROVIDES+=wpa-supplicant-mesh
+endef
+
+define Package/wpa-supplicant-mesh-openssl
+$(call Package/wpa-supplicant-mesh/Default,$(1))
+  TITLE+= (OpenSSL, 11s, SAE)
+  VARIANT:=supplicant-mesh-openssl
+  DEPENDS+=$(OPENSSL_DEPENDS)
+endef
+
+define Package/wpa-supplicant-mesh-wolfssl
+$(call Package/wpa-supplicant-mesh/Default,$(1))
+  TITLE+= (wolfSSL, 11s, SAE)
+  VARIANT:=supplicant-mesh-wolfssl
+  DEPENDS+=+PACKAGE_wpa-supplicant-mesh-wolfssl:libwolfssl
+endef
+
+define Package/wpa-supplicant-mesh-mbedtls
+$(call Package/wpa-supplicant-mesh/Default,$(1))
+  TITLE+= (mbedTLS, 11s, SAE)
+  VARIANT:=supplicant-mesh-mbedtls
+  DEPENDS+=+PACKAGE_wpa-supplicant-mesh-mbedtls:libmbedtls
+endef
+
+define Package/wpa-supplicant-basic
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (11r, 11w)
+  VARIANT:=supplicant-basic
+endef
+
+define Package/wpa-supplicant-mini
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (minimal)
+  VARIANT:=supplicant-mini
+endef
+
+
+define Package/hostapd-common
+  TITLE:=hostapd/wpa_supplicant common support files
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=WirelessAPD
+endef
+
+define Package/hostapd-utils
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=WirelessAPD
+  TITLE:=IEEE 802.1x Authenticator (utils)
+  URL:=http://hostap.epitest.fi/
+  DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(HOSTAPD_PROVIDERS),PACKAGE_$(pkg)))
+  VARIANT:=*
+endef
+
+define Package/hostapd-utils/description
+ This package contains a command line utility to control the
+ IEEE 802.1x/WPA/EAP/RADIUS Authenticator.
+endef
+
+define Package/wpa-cli
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=WirelessAPD
+  DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(SUPPLICANT_PROVIDERS),PACKAGE_$(pkg)))
+  TITLE:=WPA Supplicant command line control utility
+  VARIANT:=*
+endef
+
+define Package/eapol-test/Default
+  TITLE:=802.1x auth test utility
+  SECTION:=net
+  SUBMENU:=WirelessAPD
+  CATEGORY:=Network
+  DEPENDS:=$(DRV_DEPENDS) $(CORE_DEPENDS)
+endef
+
+define Package/eapol-test
+  $(call Package/eapol-test/Default,$(1))
+  TITLE+= (built-in full)
+  VARIANT:=supplicant-full-internal
+endef
+
+define Package/eapol-test-openssl
+  $(call Package/eapol-test/Default,$(1))
+  TITLE+= (OpenSSL full)
+  VARIANT:=supplicant-full-openssl
+  CONFLICTS:=$(filter-out eapol-test-openssl ,$(EAPOL_TEST_PROVIDERS))
+  DEPENDS+=$(OPENSSL_DEPENDS)
+  PROVIDES:=eapol-test
+endef
+
+define Package/eapol-test-wolfssl
+  $(call Package/eapol-test/Default,$(1))
+  TITLE+= (wolfSSL full)
+  VARIANT:=supplicant-full-wolfssl
+  CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-wolfssl ,$(EAPOL_TEST_PROVIDERS)))
+  DEPENDS+=+PACKAGE_eapol-test-wolfssl:libwolfssl
+  PROVIDES:=eapol-test
+endef
+
+define Package/eapol-test-mbedtls
+  $(call Package/eapol-test/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=supplicant-full-mbedtls
+  CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-mbedtls ,$(EAPOL_TEST_PROVIDERS)))
+  DEPENDS+=+PACKAGE_eapol-test-mbedtls:libmbedtls
+  PROVIDES:=eapol-test
+endef
+
+
+ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
+  define Build/Configure/rebuild
+	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.a | $(XARGS) rm -f
+	rm -f $(PKG_BUILD_DIR)/hostapd/hostapd
+	rm -f $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant
+	rm -f $(PKG_BUILD_DIR)/.config_*
+	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
+  endef
+endif
+
+define Build/Configure
+	$(Build/Configure/rebuild)
+	$(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \
+		$(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
+	)
+	$(if $(wildcard ./files/wpa_supplicant-$(CONFIG_VARIANT).config), \
+		$(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
+	)
+endef
+
+TARGET_CPPFLAGS := \
+	-I$(STAGING_DIR)/usr/include/libnl-tiny \
+	-I$(PKG_BUILD_DIR)/src/crypto \
+	$(TARGET_CPPFLAGS) \
+	-DCONFIG_LIBNL20 \
+	-D_GNU_SOURCE \
+	$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
+
+TARGET_LDFLAGS += -lubox -lubus -lblobmsg_json -lucode -lm -lnl-tiny
+
+ifdef CONFIG_WPA_ENABLE_WEP
+    DRIVER_MAKEOPTS += CONFIG_WEP=y
+endif
+
+define Build/RunMake
+	CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
+	$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \
+		$(TARGET_CONFIGURE_OPTS) \
+		$(DRIVER_MAKEOPTS) \
+		LIBS="$(TARGET_LDFLAGS)" \
+		LIBS_c="$(TARGET_LDFLAGS_C)" \
+		AR="$(TARGET_CROSS)gcc-ar" \
+		BCHECK= \
+		$(if $(findstring s,$(OPENWRT_VERBOSE)),V=1) \
+		$(2)
+endef
+
+define Build/Compile/wpad
+	echo ` \
+		$(call Build/RunMake,hostapd,-s MULTICALL=1 dump_cflags); \
+		$(call Build/RunMake,wpa_supplicant,-s MULTICALL=1 dump_cflags) | \
+		sed -e 's,-n ,,g' -e 's^$(TARGET_CFLAGS)^^' \
+	` > $(PKG_BUILD_DIR)/.cflags
+	sed -i 's/"/\\"/g' $(PKG_BUILD_DIR)/.cflags
+	+$(call Build/RunMake,hostapd, \
+		CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
+		MULTICALL=1 \
+		hostapd_cli hostapd_multi.a \
+	)
+	+$(call Build/RunMake,wpa_supplicant, \
+		CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
+		MULTICALL=1 \
+		wpa_cli wpa_supplicant_multi.a \
+	)
+	+export MAKEFLAGS="$(MAKE_JOBSERVER)"; $(TARGET_CC) -o $(PKG_BUILD_DIR)/wpad \
+		$(TARGET_CFLAGS) \
+		./files/multicall.c \
+		$(PKG_BUILD_DIR)/hostapd/hostapd_multi.a \
+		$(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant_multi.a \
+		$(TARGET_LDFLAGS)
+endef
+
+define Build/Compile/hostapd
+	+$(call Build/RunMake,hostapd, \
+		hostapd hostapd_cli \
+	)
+endef
+
+define Build/Compile/supplicant
+	+$(call Build/RunMake,wpa_supplicant, \
+		wpa_cli wpa_supplicant \
+	)
+endef
+
+define Build/Compile/supplicant-full-internal
+	+$(call Build/RunMake,wpa_supplicant, \
+		eapol_test \
+	)
+endef
+
+define Build/Compile/supplicant-full-openssl
+	+$(call Build/RunMake,wpa_supplicant, \
+		eapol_test \
+	)
+endef
+
+define Build/Compile/supplicant-full-wolfssl
+	+$(call Build/RunMake,wpa_supplicant, \
+		eapol_test \
+	)
+endef
+
+define Build/Compile/supplicant-full-mbedtls
+	+$(call Build/RunMake,wpa_supplicant, \
+		eapol_test \
+	)
+endef
+
+define Build/Compile
+	$(Build/Compile/$(LOCAL_TYPE))
+	$(Build/Compile/$(BUILD_VARIANT))
+endef
+
+define Install/hostapd/full
+	$(INSTALL_DIR) $(1)/etc/init.d $(1)/etc/config $(1)/etc/radius
+	ln -sf hostapd $(1)/usr/sbin/hostapd-radius
+	$(INSTALL_BIN) ./files/radius.init $(1)/etc/init.d/radius
+	$(INSTALL_DATA) ./files/radius.config $(1)/etc/config/radius
+	$(INSTALL_DATA) ./files/radius.clients $(1)/etc/radius/clients
+	$(INSTALL_DATA) ./files/radius.users $(1)/etc/radius/users
+endef
+
+define Package/hostapd-full/conffiles
+/etc/config/radius
+/etc/radius
+endef
+
+ifeq ($(CONFIG_VARIANT),full)
+Package/wpad-mesh-openssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-mesh-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-mesh-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-openssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd-openssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
+endif
+
+define Install/hostapd
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/share/hostap
+	$(INSTALL_DATA) ./files/hostapd.uc $(1)/usr/share/hostap/
+	$(if $(findstring full,$(CONFIG_VARIANT)),$(Install/hostapd/full))
+endef
+
+define Install/supplicant
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/share/hostap
+	$(INSTALL_DATA) ./files/wpa_supplicant.uc $(1)/usr/share/hostap/
+endef
+
+define Package/hostapd-common/install
+	$(INSTALL_DIR) $(1)/etc/capabilities $(1)/etc/rc.button $(1)/etc/hotplug.d/ieee80211 $(1)/etc/init.d $(1)/lib/netifd  $(1)/usr/share/acl.d $(1)/usr/share/hostap
+	$(INSTALL_BIN) ./files/dhcp-get-server.sh $(1)/lib/netifd/dhcp-get-server.sh
+	$(INSTALL_DATA) ./files/hostapd.sh $(1)/lib/netifd/hostapd.sh
+	$(INSTALL_BIN) ./files/wpad.init $(1)/etc/init.d/wpad
+	$(INSTALL_BIN) ./files/wps-hotplug.sh $(1)/etc/rc.button/wps
+	$(INSTALL_DATA) ./files/wpad_acl.json $(1)/usr/share/acl.d
+	$(INSTALL_DATA) ./files/wpad.json $(1)/etc/capabilities
+	$(INSTALL_DATA) ./files/common.uc $(1)/usr/share/hostap/
+	$(INSTALL_DATA) ./files/wdev.uc $(1)/usr/share/hostap/
+endef
+
+define Package/hostapd/install
+	$(call Install/hostapd,$(1))
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/
+endef
+Package/hostapd-basic/install = $(Package/hostapd/install)
+Package/hostapd-basic-openssl/install = $(Package/hostapd/install)
+Package/hostapd-basic-wolfssl/install = $(Package/hostapd/install)
+Package/hostapd-basic-mbedtls/install = $(Package/hostapd/install)
+Package/hostapd-mini/install = $(Package/hostapd/install)
+Package/hostapd-openssl/install = $(Package/hostapd/install)
+Package/hostapd-wolfssl/install = $(Package/hostapd/install)
+Package/hostapd-mbedtls/install = $(Package/hostapd/install)
+
+ifneq ($(LOCAL_TYPE),supplicant)
+  define Package/hostapd-utils/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd_cli $(1)/usr/sbin/
+  endef
+endif
+
+define Package/wpad/install
+	$(call Install/hostapd,$(1))
+	$(call Install/supplicant,$(1))
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpad $(1)/usr/sbin/
+	$(LN) wpad $(1)/usr/sbin/hostapd
+	$(LN) wpad $(1)/usr/sbin/wpa_supplicant
+endef
+Package/wpad-basic/install = $(Package/wpad/install)
+Package/wpad-basic-openssl/install = $(Package/wpad/install)
+Package/wpad-basic-wolfssl/install = $(Package/wpad/install)
+Package/wpad-basic-mbedtls/install = $(Package/wpad/install)
+Package/wpad-mini/install = $(Package/wpad/install)
+Package/wpad-openssl/install = $(Package/wpad/install)
+Package/wpad-wolfssl/install = $(Package/wpad/install)
+Package/wpad-mbedtls/install = $(Package/wpad/install)
+Package/wpad-mesh-openssl/install = $(Package/wpad/install)
+Package/wpad-mesh-wolfssl/install = $(Package/wpad/install)
+Package/wpad-mesh-mbedtls/install = $(Package/wpad/install)
+
+define Package/wpa-supplicant/install
+	$(call Install/supplicant,$(1))
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant $(1)/usr/sbin/
+endef
+Package/wpa-supplicant-basic/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-openssl/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-wolfssl/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-mbedtls/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-mesh-openssl/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-mesh-wolfssl/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-mesh-mbedtls/install = $(Package/wpa-supplicant/install)
+
+ifneq ($(LOCAL_TYPE),hostapd)
+  define Package/wpa-cli/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_cli $(1)/usr/sbin/
+  endef
+endif
+
+ifeq ($(BUILD_VARIANT),supplicant-full-internal)
+  define Package/eapol-test/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
+  endef
+endif
+
+ifeq ($(BUILD_VARIANT),supplicant-full-openssl)
+  define Package/eapol-test-openssl/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
+  endef
+endif
+
+ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
+  define Package/eapol-test-wolfssl/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
+  endef
+endif
+
+ifeq ($(BUILD_VARIANT),supplicant-full-mbedtls)
+  define Package/eapol-test-mbedtls/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
+  endef
+endif
+
+# Build hostapd-common before its dependents, to avoid
+# spurious rebuilds when building multiple variants.
+$(eval $(call BuildPackage,hostapd-common))
+$(eval $(call BuildPackage,hostapd))
+$(eval $(call BuildPackage,hostapd-basic))
+$(eval $(call BuildPackage,hostapd-basic-openssl))
+$(eval $(call BuildPackage,hostapd-basic-wolfssl))
+$(eval $(call BuildPackage,hostapd-basic-mbedtls))
+$(eval $(call BuildPackage,hostapd-mini))
+$(eval $(call BuildPackage,hostapd-openssl))
+$(eval $(call BuildPackage,hostapd-wolfssl))
+$(eval $(call BuildPackage,hostapd-mbedtls))
+$(eval $(call BuildPackage,wpad))
+$(eval $(call BuildPackage,wpad-mesh-openssl))
+$(eval $(call BuildPackage,wpad-mesh-wolfssl))
+$(eval $(call BuildPackage,wpad-mesh-mbedtls))
+$(eval $(call BuildPackage,wpad-basic))
+$(eval $(call BuildPackage,wpad-basic-openssl))
+$(eval $(call BuildPackage,wpad-basic-wolfssl))
+$(eval $(call BuildPackage,wpad-basic-mbedtls))
+$(eval $(call BuildPackage,wpad-mini))
+$(eval $(call BuildPackage,wpad-openssl))
+$(eval $(call BuildPackage,wpad-wolfssl))
+$(eval $(call BuildPackage,wpad-mbedtls))
+$(eval $(call BuildPackage,wpa-supplicant))
+$(eval $(call BuildPackage,wpa-supplicant-mesh-openssl))
+$(eval $(call BuildPackage,wpa-supplicant-mesh-wolfssl))
+$(eval $(call BuildPackage,wpa-supplicant-mesh-mbedtls))
+$(eval $(call BuildPackage,wpa-supplicant-basic))
+$(eval $(call BuildPackage,wpa-supplicant-mini))
+$(eval $(call BuildPackage,wpa-supplicant-p2p))
+$(eval $(call BuildPackage,wpa-supplicant-openssl))
+$(eval $(call BuildPackage,wpa-supplicant-wolfssl))
+$(eval $(call BuildPackage,wpa-supplicant-mbedtls))
+$(eval $(call BuildPackage,wpa-cli))
+$(eval $(call BuildPackage,hostapd-utils))
+$(eval $(call BuildPackage,eapol-test))
+$(eval $(call BuildPackage,eapol-test-openssl))
+$(eval $(call BuildPackage,eapol-test-wolfssl))
+$(eval $(call BuildPackage,eapol-test-mbedtls))

feeds/hostapd/hostapd/README.md

@@ -0,0 +1,419 @@
+# UBUS methods - hostapd
+
+## bss_mgmt_enable
+Enable 802.11k/v features.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| neighbor_report | bool | no | enable 802.11k neighbor reports |
+| beacon_report | bool | no | enable 802.11k beacon reports |
+| link_measurements | bool | no | enable 802.11k link measurements |
+| bss_transition | bool | no | enable 802.11v BSS transition support |
+
+### example
+`ubus call hostapd.wl5-fb bss_mgmt_enable '{ "neighbor_report": true, "beacon_report": true, "link_measurements": true, "bss_transition": true
+}'`
+
+
+## bss_transition_request
+Initiate an 802.11v transition request.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| disassociation_imminent | bool | no | set Disassociation Imminent bit |
+| disassociation_timer | int32 | no | disassociate client if it doesn't roam after this time |
+| validity_period | int32 | no | validity of the BSS Transition Candiate List |
+| neighbors | array | no | BSS Transition Candidate List |
+| abridged | bool | no | prefer APs in the BSS Transition Candidate List |
+| dialog_token | int32 | no | identifier for the request/report transaction |
+| mbo_reason | int32 | no | MBO Transition Reason Code Attribute |
+| cell_pref | int32 | no | MBO Cellular Data Connection Preference Attribute |
+| reassoc_delay | int32 | no | MBO Re-association retry delay |
+
+### example
+`ubus call hostapd.wl5-fb bss_transition_request '{ "addr": "68:2F:67:8B:98:ED", "disassociation_imminent": false, "disassociation_timer": 0, "validity_period": 30, "neighbors": ["b6a7b9cbeebabf5900008064090603026a00"], "abridged": 1 }'`
+
+
+## config_add
+Dynamically load a BSS configuration from a file. This is used by netifd's mac80211 support script to configure BSSes on multiple PHYs in a single hostapd instance.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| iface | string | yes | WiFi interface name |
+| config | string | yes | path to hostapd config file |
+
+
+## config_remove
+Dynamically remove a BSS configuration.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| iface | string | yes | WiFi interface name |
+
+
+## del_client
+Kick a client off the network.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| reason | int32 | no | 802.11 reason code |
+| deauth | bool | no | deauthenticates client instead of disassociating |
+| ban_time | int32 | no | ban client for N milliseconds |
+
+### example
+`ubus call hostapd.wl5-fb del_client '{ "addr": "68:2f:67:8b:98:ed", "reason": 5, "deauth": true, "ban_time": 10000 }'`
+
+
+## get_clients
+Show associated clients.
+
+### example
+`ubus call hostapd.wl5-fb get_clients`
+
+### output
+```json
+{
+        "freq": 5260,
+        "clients": {
+                "68:2f:67:8b:98:ed": {
+                        "auth": true,
+                        "assoc": true,
+                        "authorized": true,
+                        "preauth": false,
+                        "wds": false,
+                        "wmm": true,
+                        "ht": true,
+                        "vht": true,
+                        "he": false,
+                        "wps": false,
+                        "mfp": true,
+                        "rrm": [
+                                0,
+                                0,
+                                0,
+                                0,
+                                0
+                        ],
+                        "extended_capabilities": [
+                                0,
+                                0,
+                                0,
+                                0,
+                                0,
+                                0,
+                                0,
+                                64
+                        ],
+                        "aid": 3,
+                        "signature": "wifi4|probe:0,1,45,127,107,191,221(0017f2,10),221(001018,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,extcap:0000008000000040|assoc:0,1,33,36,48,45,127,191,221(0017f2,10),221(001018,2),221(0050f2,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,txpow:14f9,extcap:0000000000000040",
+                        "bytes": {
+                                "rx": 1933667,
+                                "tx": 746805
+                        },
+                        "airtime": {
+                                "rx": 208863,
+                                "tx": 9037883
+                        },
+                        "packets": {
+                                "rx": 3587,
+                                "tx": 2185
+                        },
+                        "rate": {
+                                "rx": 866700,
+                                "tx": 866700
+                        },
+                        "signal": -50,
+                        "capabilities": {
+                                "vht": {
+                                        "su_beamformee": true,
+                                        "mu_beamformee": false,
+                                        "mcs_map": {
+                                                "rx": {
+                                                        "1ss": 9,
+                                                        "2ss": 9,
+                                                        "3ss": 9,
+                                                        "4ss": -1,
+                                                        "5ss": -1,
+                                                        "6ss": -1,
+                                                        "7ss": -1,
+                                                        "8ss": -1
+                                                },
+                                                "tx": {
+                                                        "1ss": 9,
+                                                        "2ss": 9,
+                                                        "3ss": 9,
+                                                        "4ss": -1,
+                                                        "5ss": -1,
+                                                        "6ss": -1,
+                                                        "7ss": -1,
+                                                        "8ss": -1
+                                                }
+                                        }
+                                }
+                        }
+                }
+        }
+}
+```
+
+
+## get_features
+Show HT/VHT support.
+
+### example
+`ubus call hostapd.wl5-fb get_features`
+
+### output
+```json
+{
+        "ht_supported": true,
+        "vht_supported": true
+}
+```
+
+
+## get_status
+Get BSS status.
+
+### example
+`ubus call hostapd.wl5-fb get_status`
+
+### output
+```json
+{
+        "status": "ENABLED",
+        "bssid": "b6:a7:b9:cb:ee:bc",
+        "ssid": "fb",
+        "freq": 5260,
+        "channel": 52,
+        "op_class": 128,
+        "beacon_interval": 100,
+        "phy": "wl5-lan",
+        "rrm": {
+                "neighbor_report_tx": 0
+        },
+        "wnm": {
+                "bss_transition_query_rx": 0,
+                "bss_transition_request_tx": 0,
+                "bss_transition_response_rx": 0
+        },
+        "airtime": {
+                "time": 259561738,
+                "time_busy": 2844249,
+                "utilization": 0
+        },
+        "dfs": {
+                "cac_seconds": 60,
+                "cac_active": false,
+                "cac_seconds_left": 0
+        }
+}
+```
+
+
+## link_measurement_req
+Initiate an 802.11k Link Measurement Request.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| tx-power-used | int32 | no | transmit power used to transmit the Link Measurement Request frame |
+| tx-power-max | int32 | no | upper limit of transmit power to be used by the client |
+
+
+## list_bans
+List banned clients.
+
+### example
+`ubus call hostapd.wl5-fb list_bans`
+
+### output
+```json
+{
+        "clients": [
+                "68:2f:67:8b:98:ed"
+        ]
+}
+```
+
+
+## notify_response
+When enabled, hostapd will send a ubus notification and wait for a response before responding to various requests. This is used by e.g. usteer to make it possible to ignore probe requests.
+
+:warning: enabling this will cause hostapd to stop responding to probe requests unless a ubus subscriber responds to the ubus notifications.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| notify_response | int32 | yes | disable (0) or enable (!0) |
+
+### example
+`ubus call hostapd.wl5-fb notify_response '{ "notify_response": 1 }'`
+
+## reload
+Reload BSS configuration.
+
+:warning: this can cause problems for certain configurations:
+
+```
+Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
+Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
+Mon May 16 16:09:08 2022 daemon.err hostapd: Wrong coupling between HT and VHT/HE channel setting
+```
+
+### example
+`ubus call hostapd.wl5-fb reload`
+
+
+## rrm_beacon_req
+Send a Beacon Measurement Request to a client.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| op_class | int32 | yes | the Regulatory Class for which this Measurement Request applies |
+| channel | int32 | yes | channel to measure |
+| duration | int32 | yes | compile Beacon Measurement Report after N TU |
+| mode | int32 | yes | mode to be used for measurement (0: passive, 1: active, 2: beacon table) |
+| bssid | string | no | filter BSSes in Beacon Measurement Report by BSSID |
+| ssid | string | no | filter BSSes in Beacon Measurement Report by SSID|
+
+
+## rrm_nr_get_own
+Show Neighbor Report Element for this BSS.
+
+### example
+`ubus call hostapd.wl5-fb rrm_nr_get_own`
+
+### output
+```json
+{
+        "value": [
+                "b6:a7:b9:cb:ee:bc",
+                "fb",
+                "b6a7b9cbeebcaf5900008095090603029b00"
+        ]
+}
+```
+
+
+## rrm_nr_list
+Show Neighbor Report Elements for other BSSes in this ESS.
+
+### example
+`ubus call hostapd.wl5-fb rrm_nr_list`
+
+### output
+```json
+{
+        "list": [
+                [
+                        "b6:a7:b9:cb:ee:ba",
+                        "fb",
+                        "b6a7b9cbeebabf5900008064090603026a00"
+                ]
+        ]
+}
+```
+
+## rrm_nr_set
+Set the Neighbor Report Elements. An element for the node on which this command is executed will always be added.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| list | array | yes | array of Neighbor Report Elements in the format of the rrm_nr_list output |
+
+### example
+`ubus call hostapd.wl5-fb rrm_nr_set '{ "list": [ [ "b6:a7:b9:cb:ee:ba", "fb", "b6a7b9cbeebabf5900008064090603026a00" ] ] }'`
+
+
+## set_vendor_elements
+Configure Vendor-specific Information Elements for BSS.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| vendor_elements | string | yes | Vendor-specific Information Elements as hex string |
+
+### example
+`ubus call hostapd.wl5-fb set_vendor_elements '{ "vendor_elements": "dd054857dd6662" }'`
+
+
+## switch_chan
+Initiate a channel switch.
+
+:warning: trying to switch to the channel that is currently in use will fail: `Command failed: Operation not supported`
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| freq | int32 | yes | frequency in MHz to switch to |
+| bcn_count | int32 | no | count in Beacon frames (TBTT) to perform the switch |
+| center_freq1 | int32 | no | segment 0 center frequency in MHz (valid for HT and VHT) |
+| center_freq2 | int32 | no | segment 1 center frequency in MHz (valid only for 80 MHz channel width and an 80+80 channel) |
+| bandwidth | int32 | no | channel width to use |
+| sec_channel_offset| int32 | no | secondary channel offset for HT40 (0 = disabled, 1 = HT40+, -1 = HT40-) |
+| ht | bool | no | enable 802.11n |
+| vht | bool | no | enable 802.11ac |
+| he | bool | no | enable 802.11ax |
+| block_tx | bool | no | block transmission during CSA period |
+| csa_force | bool | no | restart the interface in case the CSA fails |
+
+## example
+`ubus call hostapd.wl5-fb switch_chan '{ "freq": 5180, "bcn_count": 10, "center_freq1": 5210, "bandwidth": 80, "he": 1, "block_tx": 1, "csa_force": 0 }'`
+
+
+## update_airtime
+Set dynamic airtime weight for client.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| sta | string | yes | client MAC address |
+| weight | int32 | yes | airtime weight |
+
+
+## update_beacon
+Force beacon frame content to be updated and to start beaconing on an interface that uses start_disabled=1.
+
+### example
+`ubus call hostapd.wl5-fb update_beacon`
+
+
+## wps_status
+Get WPS status for BSS.
+
+### example
+`ubus call hostapd.wl5-fb wps_status`
+
+### output
+```json
+{
+        "pbc_status": "Disabled",
+        "last_wps_result": "None"
+}
+```
+
+
+## wps_cancel
+Cancel WPS Push Button Configuration.
+
+### example
+`ubus call hostapd.wl5-fb wps_cancel`
+
+
+## wps_start
+Start WPS Push Button Configuration.
+
+### example
+`ubus call hostapd.wl5-fb wps_start`

feeds/hostapd/hostapd/files/common.uc

@@ -0,0 +1,318 @@
+import * as nl80211 from "nl80211";
+import * as rtnl from "rtnl";
+import { readfile, glob, basename, readlink } from "fs";
+
+const iftypes = {
+	ap: nl80211.const.NL80211_IFTYPE_AP,
+	mesh: nl80211.const.NL80211_IFTYPE_MESH_POINT,
+	sta: nl80211.const.NL80211_IFTYPE_STATION,
+	adhoc: nl80211.const.NL80211_IFTYPE_ADHOC,
+	monitor: nl80211.const.NL80211_IFTYPE_MONITOR,
+};
+
+function wdev_remove(name)
+{
+	nl80211.request(nl80211.const.NL80211_CMD_DEL_INTERFACE, 0, { dev: name });
+}
+
+function __phy_is_fullmac(phyidx)
+{
+	let data = nl80211.request(nl80211.const.NL80211_CMD_GET_WIPHY, 0, { wiphy: phyidx });
+
+	return !data.software_iftypes.ap_vlan;
+}
+
+function phy_is_fullmac(phy)
+{
+	let phyidx = int(trim(readfile(`/sys/class/ieee80211/${phy}/index`)));
+
+	return __phy_is_fullmac(phyidx);
+}
+
+function find_reusable_wdev(phyidx)
+{
+	if (!__phy_is_fullmac(phyidx))
+		return null;
+
+	let data = nl80211.request(
+		nl80211.const.NL80211_CMD_GET_INTERFACE,
+		nl80211.const.NLM_F_DUMP,
+		{ wiphy: phyidx });
+	for (let res in data)
+		if (trim(readfile(`/sys/class/net/${res.ifname}/operstate`)) == "down")
+			return res.ifname;
+	return null;
+}
+
+function wdev_create(phy, name, data)
+{
+	let phyidx = int(readfile(`/sys/class/ieee80211/${phy}/index`));
+
+	wdev_remove(name);
+
+	if (!iftypes[data.mode])
+		return `Invalid mode: ${data.mode}`;
+
+	let req = {
+		wiphy: phyidx,
+		ifname: name,
+		iftype: iftypes[data.mode],
+	};
+
+	if (data["4addr"])
+		req["4addr"] = data["4addr"];
+	if (data.macaddr)
+		req.mac = data.macaddr;
+
+	nl80211.error();
+
+	let reuse_ifname = find_reusable_wdev(phyidx);
+	if (reuse_ifname &&
+	    (reuse_ifname == name ||
+	     rtnl.request(rtnl.const.RTM_SETLINK, 0, { dev: reuse_ifname, ifname: name}) != false))
+		nl80211.request(
+			nl80211.const.NL80211_CMD_SET_INTERFACE, 0, {
+				wiphy: phyidx,
+				dev: name,
+				iftype: iftypes[data.mode],
+			});
+	else
+		nl80211.request(
+			nl80211.const.NL80211_CMD_NEW_INTERFACE,
+			nl80211.const.NLM_F_CREATE,
+			req);
+
+	let error = nl80211.error();
+	if (error)
+		return error;
+
+	if (data.powersave != null) {
+		nl80211.request(nl80211.const.NL80211_CMD_SET_POWER_SAVE, 0,
+			{ dev: name, ps_state: data.powersave ? 1 : 0});
+	}
+
+	return null;
+}
+
+function phy_sysfs_file(phy, name)
+{
+	return trim(readfile(`/sys/class/ieee80211/${phy}/${name}`));
+}
+
+function macaddr_split(str)
+{
+	return map(split(str, ":"), (val) => hex(val));
+}
+
+function macaddr_join(addr)
+{
+	return join(":", map(addr, (val) => sprintf("%02x", val)));
+}
+
+function wdev_macaddr(wdev)
+{
+	return trim(readfile(`/sys/class/net/${wdev}/address`));
+}
+
+const phy_proto = {
+	macaddr_init: function(used, options) {
+		this.macaddr_options = options ?? {};
+		this.macaddr_list = {};
+
+		if (type(used) == "object")
+			for (let addr in used)
+				this.macaddr_list[addr] = used[addr];
+		else
+			for (let addr in used)
+				this.macaddr_list[addr] = -1;
+
+		this.for_each_wdev((wdev) => {
+			let macaddr = wdev_macaddr(wdev);
+			this.macaddr_list[macaddr] ??= -1;
+		});
+
+		return this.macaddr_list;
+	},
+
+	macaddr_generate: function(data) {
+		let phy = this.name;
+		let idx = int(data.id ?? 0);
+		let mbssid = int(data.mbssid ?? 0) > 0;
+		let num_global = int(data.num_global ?? 1);
+		let use_global = !mbssid && idx < num_global;
+
+		let base_addr = phy_sysfs_file(phy, "macaddress");
+		if (!base_addr)
+			return null;
+
+		if (!idx && !mbssid)
+			return base_addr;
+
+		let base_mask = phy_sysfs_file(phy, "address_mask");
+		if (!base_mask)
+			return null;
+
+		if (base_mask == "00:00:00:00:00:00" && idx >= num_global) {
+			let addrs = split(phy_sysfs_file(phy, "addresses"), "\n");
+
+			if (idx < length(addrs))
+				return addrs[idx];
+
+			base_mask = "ff:ff:ff:ff:ff:ff";
+		}
+
+		let addr = macaddr_split(base_addr);
+		let mask = macaddr_split(base_mask);
+		let type;
+
+		if (mbssid)
+			type = "b5";
+		else if (use_global)
+			type = "add";
+		else if (mask[0] > 0)
+			type = "b1";
+		else if (mask[5] < 0xff)
+			type = "b5";
+		else
+			type = "add";
+
+		switch (type) {
+		case "b1":
+			if (!(addr[0] & 2))
+				idx--;
+			addr[0] |= 2;
+			addr[0] ^= idx << 2;
+			break;
+		case "b5":
+			if (mbssid)
+				addr[0] |= 2;
+			addr[5] ^= idx;
+			break;
+		default:
+			for (let i = 5; i > 0; i--) {
+				addr[i] += idx;
+				if (addr[i] < 256)
+					break;
+				addr[i] %= 256;
+			}
+			break;
+		}
+
+		return macaddr_join(addr);
+	},
+
+	macaddr_next: function(val) {
+		let data = this.macaddr_options ?? {};
+		let list = this.macaddr_list;
+
+		for (let i = 0; i < 32; i++) {
+			data.id = i;
+
+			let mac = this.macaddr_generate(data);
+			if (!mac)
+				return null;
+
+			if (list[mac] != null)
+				continue;
+
+			list[mac] = val != null ? val : -1;
+			return mac;
+		}
+	},
+
+	for_each_wdev: function(cb) {
+		let wdevs = glob(`/sys/class/ieee80211/${this.name}/device/net/*`);
+		wdevs = map(wdevs, (arg) => basename(arg));
+		for (let wdev in wdevs) {
+			if (basename(readlink(`/sys/class/net/${wdev}/phy80211`)) != this.name)
+				continue;
+
+			cb(wdev);
+		}
+	}
+};
+
+function phy_open(phy)
+{
+	let phyidx = readfile(`/sys/class/ieee80211/${phy}/index`);
+	if (!phyidx)
+		return null;
+
+	return proto({
+		name: phy,
+		idx: int(phyidx)
+	}, phy_proto);
+}
+
+const vlist_proto = {
+	update: function(values, arg) {
+		let data = this.data;
+		let cb = this.cb;
+		let seq = { };
+		let new_data = {};
+		let old_data = {};
+
+		this.data = new_data;
+
+		if (type(values) == "object") {
+			for (let key in values) {
+				old_data[key] = data[key];
+				new_data[key] = values[key];
+				delete data[key];
+			}
+		} else {
+			for (let val in values) {
+				let cur_key = val[0];
+				let cur_obj = val[1];
+
+				old_data[cur_key] = data[cur_key];
+				new_data[cur_key] = val[1];
+				delete data[cur_key];
+			}
+		}
+
+		for (let key in data) {
+			cb(null, data[key], arg);
+			delete data[key];
+		}
+		for (let key in new_data)
+			cb(new_data[key], old_data[key], arg);
+	}
+};
+
+function is_equal(val1, val2) {
+	let t1 = type(val1);
+
+	if (t1 != type(val2))
+		return false;
+
+	if (t1 == "array") {
+		if (length(val1) != length(val2))
+			return false;
+
+		for (let i = 0; i < length(val1); i++)
+			if (!is_equal(val1[i], val2[i]))
+				return false;
+
+		return true;
+	} else if (t1 == "object") {
+		for (let key in val1)
+			if (!is_equal(val1[key], val2[key]))
+				return false;
+		for (let key in val2)
+			if (val1[key] == null)
+				return false;
+		return true;
+	} else {
+		return val1 == val2;
+	}
+}
+
+function vlist_new(cb) {
+	return proto({
+			cb: cb,
+			data: {}
+		}, vlist_proto);
+}
+
+export { wdev_remove, wdev_create, is_equal, vlist_new, phy_is_fullmac, phy_open };

feeds/hostapd/hostapd/files/dhcp-get-server.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+[ "$1" = bound ] && echo "$serverid"

feeds/hostapd/hostapd/files/hostapd-basic.config

@@ -0,0 +1,404 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+#CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+#CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# IEEE 802.11w (management frame protection)
+#CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+CONFIG_OCV=y
+
+# Integrated EAP server
+#CONFIG_EAP=y
+
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+#CONFIG_ERP=y
+
+# EAP-MD5 for the integrated EAP server
+#CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+#CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+#CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+#CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+#CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+#CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+#CONFIG_EAP_FAST=y
+
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# Wi-Fi Protected Setup (WPS)
+#CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+#CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+#CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+#CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
+#CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# IEEE 802.11ax HE support
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+#CONFIG_IEEE80211AX=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y
+
+# Multiband Operation support
+# These extentions facilitate efficient use of multiple frequency bands
+# available to the AP and the devices that may associate with it.
+#CONFIG_MBO=y
+
+# Client Taxonomy
+# Has the AP retain the Probe Request and (Re)Association Request frames from
+# a client, from which a signature can be produced which can identify the model
+# of client device like "Nexus 6P" or "iPhone 5s".
+#CONFIG_TAXONOMY=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Include internal line edit mode in hostapd_cli. This can be used to provide
+# limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Airtime policy support
+CONFIG_AIRTIME_POLICY=y
+
+# Proxy ARP support
+#CONFIG_PROXYARP=y
+
+# Override default value for the wpa_disable_eapol_key_retries configuration
+# parameter. See that parameter in hostapd.conf for more details.
+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/hostapd-full.config

@@ -0,0 +1,404 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+#CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# IEEE 802.11w (management frame protection)
+#CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+CONFIG_OCV=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+CONFIG_ERP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+CONFIG_EAP_FAST=y
+
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
+#CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# IEEE 802.11ax HE support
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+#CONFIG_IEEE80211AX=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y
+
+# Multiband Operation support
+# These extentions facilitate efficient use of multiple frequency bands
+# available to the AP and the devices that may associate with it.
+#CONFIG_MBO=y
+
+# Client Taxonomy
+# Has the AP retain the Probe Request and (Re)Association Request frames from
+# a client, from which a signature can be produced which can identify the model
+# of client device like "Nexus 6P" or "iPhone 5s".
+CONFIG_TAXONOMY=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Include internal line edit mode in hostapd_cli. This can be used to provide
+# limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Airtime policy support
+CONFIG_AIRTIME_POLICY=y
+
+# Proxy ARP support
+CONFIG_PROXYARP=y
+
+# Override default value for the wpa_disable_eapol_key_retries configuration
+# parameter. See that parameter in hostapd.conf for more details.
+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/hostapd-mini.config

@@ -0,0 +1,404 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+#CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+#CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# IEEE 802.11w (management frame protection)
+#CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
+# Integrated EAP server
+#CONFIG_EAP=y
+
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+#CONFIG_ERP=y
+
+# EAP-MD5 for the integrated EAP server
+#CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+#CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+#CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+#CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+#CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+#CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+#CONFIG_EAP_FAST=y
+
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# Wi-Fi Protected Setup (WPS)
+#CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+#CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+#CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+#CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
+#CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# IEEE 802.11ax HE support
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+#CONFIG_IEEE80211AX=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y
+
+# Multiband Operation support
+# These extentions facilitate efficient use of multiple frequency bands
+# available to the AP and the devices that may associate with it.
+#CONFIG_MBO=y
+
+# Client Taxonomy
+# Has the AP retain the Probe Request and (Re)Association Request frames from
+# a client, from which a signature can be produced which can identify the model
+# of client device like "Nexus 6P" or "iPhone 5s".
+#CONFIG_TAXONOMY=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Include internal line edit mode in hostapd_cli. This can be used to provide
+# limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
+# Proxy ARP support
+#CONFIG_PROXYARP=y
+
+# Override default value for the wpa_disable_eapol_key_retries configuration
+# parameter. See that parameter in hostapd.conf for more details.
+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/hostapd.uc

@@ -0,0 +1,812 @@
+let libubus = require("ubus");
+import { open, readfile } from "fs";
+import { wdev_create, wdev_remove, is_equal, vlist_new, phy_is_fullmac, phy_open } from "common";
+
+let ubus = libubus.connect();
+
+hostapd.data.config = {};
+
+hostapd.data.file_fields = {
+	vlan_file: true,
+	wpa_psk_file: true,
+	accept_mac_file: true,
+	deny_mac_file: true,
+	eap_user_file: true,
+	ca_cert: true,
+	server_cert: true,
+	server_cert2: true,
+	private_key: true,
+	private_key2: true,
+	dh_file: true,
+	eap_sim_db: true,
+};
+
+function iface_remove(cfg)
+{
+	if (!cfg || !cfg.bss || !cfg.bss[0] || !cfg.bss[0].ifname)
+		return;
+
+	for (let bss in cfg.bss)
+		wdev_remove(bss.ifname);
+}
+
+function iface_gen_config(phy, config, start_disabled)
+{
+	let str = `data:
+${join("\n", config.radio.data)}
+channel=${config.radio.channel}
+`;
+
+	for (let i = 0; i < length(config.bss); i++) {
+		let bss = config.bss[i];
+		let type = i > 0 ? "bss" : "interface";
+		let nasid = bss.nasid ?? replace(bss.bssid, ":", "");
+
+		str += `
+${type}=${bss.ifname}
+bssid=${bss.bssid}
+${join("\n", bss.data)}
+nas_identifier=${nasid}
+`;
+		if (start_disabled)
+			str += `
+start_disabled=1
+`;
+	}
+
+	return str;
+}
+
+function iface_freq_info(iface, config, params)
+{
+	let freq = params.frequency;
+	if (!freq)
+		return null;
+
+	let sec_offset = params.sec_chan_offset;
+	if (sec_offset != -1 && sec_offset != 1)
+		sec_offset = 0;
+
+	let width = 0;
+	for (let line in config.radio.data) {
+		if (!sec_offset && match(line, /^ht_capab=.*HT40/)) {
+			sec_offset = null; // auto-detect
+			continue;
+		}
+
+		let val = match(line, /^(vht_oper_chwidth|he_oper_chwidth)=(\d+)/);
+		if (!val)
+			continue;
+
+		val = int(val[2]);
+		if (val > width)
+			width = val;
+	}
+
+	if (freq < 4000)
+		width = 0;
+
+	return hostapd.freq_info(freq, sec_offset, width);
+}
+
+function iface_add(phy, config, phy_status)
+{
+	let config_inline = iface_gen_config(phy, config, !!phy_status);
+
+	let bss = config.bss[0];
+	let ret = hostapd.add_iface(`bss_config=${phy}:${config_inline}`);
+	if (ret < 0)
+		return false;
+
+	if (!phy_status)
+		return true;
+
+	let iface = hostapd.interfaces[phy];
+	if (!iface)
+		return false;
+
+	let freq_info = iface_freq_info(iface, config, phy_status);
+
+	return iface.start(freq_info) >= 0;
+}
+
+function iface_config_macaddr_list(config)
+{
+	let macaddr_list = {};
+	for (let i = 0; i < length(config.bss); i++) {
+		let bss = config.bss[i];
+		if (!bss.default_macaddr)
+			macaddr_list[bss.bssid] = i;
+	}
+
+	return macaddr_list;
+}
+
+function iface_update_supplicant_macaddr(phy, config)
+{
+	let macaddr_list = [];
+	for (let i = 0; i < length(config.bss); i++)
+		push(macaddr_list, config.bss[i].bssid);
+	ubus.call("wpa_supplicant", "phy_set_macaddr_list", { phy: phy, macaddr: macaddr_list });
+}
+
+function iface_restart(phydev, config, old_config)
+{
+	let phy = phydev.name;
+
+	hostapd.remove_iface(phy);
+	iface_remove(old_config);
+	iface_remove(config);
+
+	if (!config.bss || !config.bss[0]) {
+		hostapd.printf(`No bss for phy ${phy}`);
+		return;
+	}
+
+	phydev.macaddr_init(iface_config_macaddr_list(config));
+	for (let i = 0; i < length(config.bss); i++) {
+		let bss = config.bss[i];
+		if (bss.default_macaddr)
+			bss.bssid = phydev.macaddr_next();
+	}
+
+	iface_update_supplicant_macaddr(phy, config);
+
+	let bss = config.bss[0];
+	let err = wdev_create(phy, bss.ifname, { mode: "ap" });
+	if (err)
+		hostapd.printf(`Failed to create ${bss.ifname} on phy ${phy}: ${err}`);
+
+	let ubus = hostapd.data.ubus;
+	let phy_status = ubus.call("wpa_supplicant", "phy_status", { phy: phy });
+	if (phy_status && phy_status.state == "COMPLETED") {
+		if (iface_add(phy, config, phy_status))
+			return;
+
+		hostapd.printf(`Failed to bring up phy ${phy} ifname=${bss.ifname} with supplicant provided frequency`);
+	}
+
+	ubus.call("wpa_supplicant", "phy_set_state", { phy: phy, stop: true });
+	if (!iface_add(phy, config))
+		hostapd.printf(`hostapd.add_iface failed for phy ${phy} ifname=${bss.ifname}`);
+	ubus.call("wpa_supplicant", "phy_set_state", { phy: phy, stop: false });
+}
+
+function array_to_obj(arr, key, start)
+{
+	let obj = {};
+
+	start ??= 0;
+	for (let i = start; i < length(arr); i++) {
+		let cur = arr[i];
+		obj[cur[key]] = cur;
+	}
+
+	return obj;
+}
+
+function find_array_idx(arr, key, val)
+{
+	for (let i = 0; i < length(arr); i++)
+		if (arr[i][key] == val)
+			return i;
+
+	return -1;
+}
+
+function bss_reload_psk(bss, config, old_config)
+{
+	if (is_equal(old_config.hash.wpa_psk_file, config.hash.wpa_psk_file))
+		return;
+
+	old_config.hash.wpa_psk_file = config.hash.wpa_psk_file;
+	if (!is_equal(old_config, config))
+		return;
+
+	let ret = bss.ctrl("RELOAD_WPA_PSK");
+	ret ??= "failed";
+
+	hostapd.printf(`Reload WPA PSK file for bss ${config.ifname}: ${ret}`);
+}
+
+function remove_file_fields(config)
+{
+	return filter(config, (line) => !hostapd.data.file_fields[split(line, "=")[0]]);
+}
+
+function bss_remove_file_fields(config)
+{
+	let new_cfg = {};
+
+	for (let key in config)
+		new_cfg[key] = config[key];
+	new_cfg.data = remove_file_fields(new_cfg.data);
+	new_cfg.hash = {};
+	for (let key in config.hash)
+		new_cfg.hash[key] = config.hash[key];
+	delete new_cfg.hash.wpa_psk_file;
+	delete new_cfg.hash.vlan_file;
+
+	return new_cfg;
+}
+
+function bss_config_hash(config)
+{
+	return hostapd.sha1(remove_file_fields(config) + "");
+}
+
+function bss_find_existing(config, prev_config, prev_hash)
+{
+	let hash = bss_config_hash(config.data);
+
+	for (let i = 0; i < length(prev_config.bss); i++) {
+		if (!prev_hash[i] || hash != prev_hash[i])
+			continue;
+
+		prev_hash[i] = null;
+		return i;
+	}
+
+	return -1;
+}
+
+function get_config_bss(config, idx)
+{
+	if (!config.bss[idx]) {
+		hostapd.printf(`Invalid bss index ${idx}`);
+		return null;
+	}
+
+	let ifname = config.bss[idx].ifname;
+	if (!ifname)
+		hostapd.printf(`Could not find bss ${config.bss[idx].ifname}`);
+
+	return hostapd.bss[ifname];
+}
+
+function iface_reload_config(phydev, config, old_config)
+{
+	let phy = phydev.name;
+
+	if (!old_config || !is_equal(old_config.radio, config.radio))
+		return false;
+
+	if (is_equal(old_config.bss, config.bss))
+		return true;
+
+	if (!old_config.bss || !old_config.bss[0])
+		return false;
+
+	let iface = hostapd.interfaces[phy];
+	if (!iface) {
+		hostapd.printf(`Could not find previous interface ${iface_name}`);
+		return false;
+	}
+
+	let iface_name = old_config.bss[0].ifname;
+	let first_bss = hostapd.bss[iface_name];
+	if (!first_bss) {
+		hostapd.printf(`Could not find bss of previous interface ${iface_name}`);
+		return false;
+	}
+
+	let macaddr_list = iface_config_macaddr_list(config);
+	let bss_list = [];
+	let bss_list_cfg = [];
+	let prev_bss_hash = [];
+
+	for (let bss in old_config.bss) {
+		let hash = bss_config_hash(bss.data);
+		push(prev_bss_hash, bss_config_hash(bss.data));
+	}
+
+	// Step 1: find (possibly renamed) interfaces with the same config
+	// and store them in the new order (with gaps)
+	for (let i = 0; i < length(config.bss); i++) {
+		let prev;
+
+		// For fullmac devices, the first interface needs to be preserved,
+		// since it's treated as the master
+		if (!i && phy_is_fullmac(phy)) {
+			prev = 0;
+			prev_bss_hash[0] = null;
+		} else {
+			prev = bss_find_existing(config.bss[i], old_config, prev_bss_hash);
+		}
+		if (prev < 0)
+			continue;
+
+		let cur_config = config.bss[i];
+		let prev_config = old_config.bss[prev];
+
+		let prev_bss = get_config_bss(old_config, prev);
+		if (!prev_bss)
+			return false;
+
+		// try to preserve MAC address of this BSS by reassigning another
+		// BSS if necessary
+		if (cur_config.default_macaddr &&
+		    !macaddr_list[prev_config.bssid]) {
+			macaddr_list[prev_config.bssid] = i;
+			cur_config.bssid = prev_config.bssid;
+		}
+
+		bss_list[i] = prev_bss;
+		bss_list_cfg[i] = old_config.bss[prev];
+	}
+
+	if (config.mbssid && !bss_list_cfg[0]) {
+		hostapd.printf("First BSS changed with MBSSID enabled");
+		return false;
+	}
+
+	// Step 2: if none were found, rename and preserve the first one
+	if (length(bss_list) == 0) {
+		// can't change the bssid of the first bss
+		if (config.bss[0].bssid != old_config.bss[0].bssid) {
+			if (!config.bss[0].default_macaddr) {
+				hostapd.printf(`BSSID of first interface changed: ${lc(old_config.bss[0].bssid)} -> ${lc(config.bss[0].bssid)}`);
+				return false;
+			}
+
+			config.bss[0].bssid = old_config.bss[0].bssid;
+		}
+
+		let prev_bss = get_config_bss(old_config, 0);
+		if (!prev_bss)
+			return false;
+
+		macaddr_list[config.bss[0].bssid] = 0;
+		bss_list[0] = prev_bss;
+		bss_list_cfg[0] = old_config.bss[0];
+		prev_bss_hash[0] = null;
+	}
+
+	// Step 3: delete all unused old interfaces
+	for (let i = 0; i < length(prev_bss_hash); i++) {
+		if (!prev_bss_hash[i])
+			continue;
+
+		let prev_bss = get_config_bss(old_config, i);
+		if (!prev_bss)
+			return false;
+
+		let ifname = old_config.bss[i].ifname;
+		hostapd.printf(`Remove bss '${ifname}' on phy '${phy}'`);
+		prev_bss.delete();
+		wdev_remove(ifname);
+	}
+
+	// Step 4: rename preserved interfaces, use temporary name on duplicates
+	let rename_list = [];
+	for (let i = 0; i < length(bss_list); i++) {
+		if (!bss_list[i])
+			continue;
+
+		let old_ifname = bss_list_cfg[i].ifname;
+		let new_ifname = config.bss[i].ifname;
+		if (old_ifname == new_ifname)
+			continue;
+
+		if (hostapd.bss[new_ifname]) {
+			new_ifname = "tmp_" + substr(hostapd.sha1(new_ifname), 0, 8);
+			push(rename_list, i);
+		}
+
+		hostapd.printf(`Rename bss ${old_ifname} to ${new_ifname}`);
+		if (!bss_list[i].rename(new_ifname)) {
+			hostapd.printf(`Failed to rename bss ${old_ifname} to ${new_ifname}`);
+			return false;
+		}
+
+		bss_list_cfg[i].ifname = new_ifname;
+	}
+
+	// Step 5: rename interfaces with temporary names
+	for (let i in rename_list) {
+		let new_ifname = config.bss[i].ifname;
+		if (!bss_list[i].rename(new_ifname)) {
+			hostapd.printf(`Failed to rename bss to ${new_ifname}`);
+			return false;
+		}
+		bss_list_cfg[i].ifname = new_ifname;
+	}
+
+	// Step 6: assign BSSID for newly created interfaces
+	let macaddr_data = {
+		num_global: config.num_global_macaddr ?? 1,
+		mbssid: config.mbssid ?? 0,
+	};
+	macaddr_list = phydev.macaddr_init(macaddr_list, macaddr_data);
+	for (let i = 0; i < length(config.bss); i++) {
+		if (bss_list[i])
+			continue;
+		let bsscfg = config.bss[i];
+
+		let mac_idx = macaddr_list[bsscfg.bssid];
+		if (mac_idx < 0)
+			macaddr_list[bsscfg.bssid] = i;
+		if (mac_idx == i)
+			continue;
+
+		// statically assigned bssid of the new interface is in conflict
+		// with the bssid of a reused interface. reassign the reused interface
+		if (!bsscfg.default_macaddr) {
+			// can't update bssid of the first BSS, need to restart
+			if (!mac_idx < 0)
+				return false;
+
+			bsscfg = config.bss[mac_idx];
+		}
+
+		let addr = phydev.macaddr_next(i);
+		if (!addr) {
+			hostapd.printf(`Failed to generate mac address for phy ${phy}`);
+			return false;
+		}
+		bsscfg.bssid = addr;
+	}
+
+	let config_inline = iface_gen_config(phy, config);
+
+	// Step 7: fill in the gaps with new interfaces
+	for (let i = 0; i < length(config.bss); i++) {
+		let ifname = config.bss[i].ifname;
+		let bss = bss_list[i];
+
+		if (bss)
+			continue;
+
+		hostapd.printf(`Add bss ${ifname} on phy ${phy}`);
+		bss_list[i] = iface.add_bss(config_inline, i);
+		if (!bss_list[i]) {
+			hostapd.printf(`Failed to add new bss ${ifname} on phy ${phy}`);
+			return false;
+		}
+	}
+
+	// Step 8: update interface bss order
+	if (!iface.set_bss_order(bss_list)) {
+		hostapd.printf(`Failed to update BSS order on phy '${phy}'`);
+		return false;
+	}
+
+	// Step 9: update config
+	for (let i = 0; i < length(config.bss); i++) {
+		if (!bss_list_cfg[i])
+			continue;
+
+		let ifname = config.bss[i].ifname;
+		let bss = bss_list[i];
+
+		if (is_equal(config.bss[i], bss_list_cfg[i]))
+			continue;
+
+		if (is_equal(bss_remove_file_fields(config.bss[i]),
+		             bss_remove_file_fields(bss_list_cfg[i]))) {
+			hostapd.printf(`Update config data files for bss ${ifname}`);
+			if (bss.set_config(config_inline, i, true) < 0) {
+				hostapd.printf(`Could not update config data files for bss ${ifname}`);
+				return false;
+			} else {
+				bss.ctrl("RELOAD_WPA_PSK");
+				continue;
+			}
+		}
+
+		bss_reload_psk(bss, config.bss[i], bss_list_cfg[i]);
+		if (is_equal(config.bss[i], bss_list_cfg[i]))
+			continue;
+
+		hostapd.printf(`Reload config for bss '${config.bss[0].ifname}' on phy '${phy}'`);
+		if (bss.set_config(config_inline, i) < 0) {
+			hostapd.printf(`Failed to set config for bss ${ifname}`);
+			return false;
+		}
+	}
+
+	return true;
+}
+
+function iface_set_config(phy, config)
+{
+	let old_config = hostapd.data.config[phy];
+
+	hostapd.data.config[phy] = config;
+
+	if (!config) {
+		hostapd.remove_iface(phy);
+		return iface_remove(old_config);
+	}
+
+	let phydev = phy_open(phy);
+	if (!phydev) {
+		hostapd.printf(`Failed to open phy ${phy}`);
+		return false;
+	}
+
+	try {
+		let ret = iface_reload_config(phydev, config, old_config);
+		if (ret) {
+			iface_update_supplicant_macaddr(phy, config);
+			hostapd.printf(`Reloaded settings for phy ${phy}`);
+			return 0;
+		}
+	} catch (e) {
+			hostapd.printf(`Error reloading config: ${e}\n${e.stacktrace[0].context}`);
+	}
+
+	hostapd.printf(`Restart interface for phy ${phy}`);
+	let ret = iface_restart(phydev, config, old_config);
+
+	return ret;
+}
+
+function config_add_bss(config, name)
+{
+	let bss = {
+		ifname: name,
+		data: [],
+		hash: {}
+	};
+
+	push(config.bss, bss);
+
+	return bss;
+}
+
+function iface_load_config(filename)
+{
+	let f = open(filename, "r");
+	if (!f)
+		return null;
+
+	let config = {
+		radio: {
+			data: []
+		},
+		bss: [],
+		orig_file: filename,
+	};
+
+	let bss;
+	let line;
+	while ((line = trim(f.read("line"))) != null) {
+		let val = split(line, "=", 2);
+		if (!val[0])
+			continue;
+
+		if (val[0] == "interface") {
+			bss = config_add_bss(config, val[1]);
+			break;
+		}
+
+		if (val[0] == "channel") {
+			config.radio.channel = val[1];
+			continue;
+		}
+
+		if (val[0] == "#num_global_macaddr" ||
+		    val[0] == "mbssid")
+			config[val[0]] = int(val[1]);
+
+		push(config.radio.data, line);
+	}
+
+	while ((line = trim(f.read("line"))) != null) {
+		if (line == "#default_macaddr")
+			bss.default_macaddr = true;
+
+		let val = split(line, "=", 2);
+		if (!val[0])
+			continue;
+
+		if (val[0] == "bssid") {
+			bss.bssid = lc(val[1]);
+			continue;
+		}
+
+		if (val[0] == "nas_identifier")
+			bss.nasid = val[1];
+
+		if (val[0] == "bss") {
+			bss = config_add_bss(config, val[1]);
+			continue;
+		}
+
+		if (hostapd.data.file_fields[val[0]])
+			bss.hash[val[0]] = hostapd.sha1(readfile(val[1]));
+
+		push(bss.data, line);
+	}
+	f.close();
+
+	return config;
+}
+
+function ex_wrap(func) {
+	return (req) => {
+		try {
+			let ret = func(req);
+			return ret;
+		} catch(e) {
+			hostapd.printf(`Exception in ubus function: ${e}\n${e.stacktrace[0].context}`);
+		}
+		return libubus.STATUS_UNKNOWN_ERROR;
+	};
+}
+
+let main_obj = {
+	reload: {
+		args: {
+			phy: "",
+		},
+		call: ex_wrap(function(req) {
+			let phy_list = req.args.phy ? [ req.args.phy ] : keys(hostapd.data.config);
+			for (let phy_name in phy_list) {
+				let phy = hostapd.data.config[phy_name];
+				let config = iface_load_config(phy.orig_file);
+				iface_set_config(phy_name, config);
+			}
+
+			return 0;
+		})
+	},
+	apsta_state: {
+		args: {
+			phy: "",
+			up: true,
+			frequency: 0,
+			sec_chan_offset: 0,
+			csa: true,
+			csa_count: 0,
+		},
+		call: ex_wrap(function(req) {
+			if (req.args.up == null || !req.args.phy)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			let phy = req.args.phy;
+			let config = hostapd.data.config[phy];
+			if (!config || !config.bss || !config.bss[0] || !config.bss[0].ifname)
+				return 0;
+
+			let iface = hostapd.interfaces[phy];
+			if (!iface)
+				return 0;
+
+			if (!req.args.up) {
+				iface.stop();
+				return 0;
+			}
+
+			if (!req.args.frequency)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			let freq_info = iface_freq_info(iface, config, req.args);
+			if (!freq_info)
+				return libubus.STATUS_UNKNOWN_ERROR;
+
+			let ret;
+			if (req.args.csa) {
+				freq_info.csa_count = req.args.csa_count ?? 10;
+				ret = iface.switch_channel(freq_info);
+			} else {
+				ret = iface.start(freq_info);
+			}
+			if (!ret)
+				return libubus.STATUS_UNKNOWN_ERROR;
+
+			return 0;
+		})
+	},
+	config_get_macaddr_list: {
+		args: {
+			phy: ""
+		},
+		call: ex_wrap(function(req) {
+			let phy = req.args.phy;
+			if (!phy)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			let ret = {
+				macaddr: [],
+			};
+
+			let config = hostapd.data.config[phy];
+			if (!config)
+				return ret;
+
+			ret.macaddr = map(config.bss, (bss) => bss.bssid);
+			return ret;
+		})
+	},
+	config_set: {
+		args: {
+			phy: "",
+			config: "",
+			prev_config: "",
+		},
+		call: ex_wrap(function(req) {
+			let phy = req.args.phy;
+			let file = req.args.config;
+			let prev_file = req.args.prev_config;
+
+			if (!phy)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			if (prev_file && !hostapd.data.config[phy]) {
+				let config = iface_load_config(prev_file);
+				if (config)
+					config.radio.data = [];
+				hostapd.data.config[phy] = config;
+			}
+
+			let config = iface_load_config(file);
+
+			hostapd.printf(`Set new config for phy ${phy}: ${file}`);
+			iface_set_config(phy, config);
+
+			return {
+				pid: hostapd.getpid()
+			};
+		})
+	},
+	config_add: {
+		args: {
+			iface: "",
+			config: "",
+		},
+		call: ex_wrap(function(req) {
+			if (!req.args.iface || !req.args.config)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			if (hostapd.add_iface(`bss_config=${req.args.iface}:${req.args.config}`) < 0)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			return {
+				pid: hostapd.getpid()
+			};
+		})
+	},
+	config_remove: {
+		args: {
+			iface: ""
+		},
+		call: ex_wrap(function(req) {
+			if (!req.args.iface)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			hostapd.remove_iface(req.args.iface);
+			return 0;
+		})
+	},
+};
+
+hostapd.data.ubus = ubus;
+hostapd.data.obj = ubus.publish("hostapd", main_obj);
+
+function bss_event(type, name, data) {
+	let ubus = hostapd.data.ubus;
+
+	data ??= {};
+	data.name = name;
+	hostapd.data.obj.notify(`bss.${type}`, data, null, null, null, -1);
+	ubus.call("service", "event", { type: `hostapd.${name}.${type}`, data: {} });
+}
+
+return {
+	shutdown: function() {
+		for (let phy in hostapd.data.config)
+			iface_set_config(phy, null);
+		hostapd.ubus.disconnect();
+	},
+	bss_add: function(name, obj) {
+		bss_event("add", name);
+	},
+	bss_reload: function(name, obj, reconf) {
+		bss_event("reload", name, { reconf: reconf != 0 });
+	},
+	bss_remove: function(name, obj) {
+		bss_event("remove", name);
+	}
+};

feeds/hostapd/hostapd/files/radius.clients

@@ -0,0 +1 @@
+0.0.0.0/0 radius

feeds/hostapd/hostapd/files/radius.config

@@ -0,0 +1,9 @@
+config radius
+	option disabled '1'
+	option ca_cert '/etc/radius/ca.pem'
+	option cert '/etc/radius/cert.pem'
+	option key '/etc/radius/key.pem'
+	option users '/etc/radius/users'
+	option clients '/etc/radius/clients'
+	option auth_port '1812'
+	option acct_port '1813'

feeds/hostapd/hostapd/files/radius.init

@@ -0,0 +1,42 @@
+#!/bin/sh /etc/rc.common
+
+START=30
+
+USE_PROCD=1
+NAME=radius
+
+radius_start() {
+	local cfg="$1"
+
+	config_get_bool disabled "$cfg" disabled 0
+
+	[ "$disabled" -gt 0 ] && return
+
+	config_get ca "$cfg" ca_cert
+	config_get key "$cfg" key
+	config_get cert "$cfg" cert
+	config_get users "$cfg" users
+	config_get clients "$cfg" clients
+	config_get auth_port "$cfg" auth_port 1812
+	config_get acct_port "$cfg" acct_port 1813
+	config_get identity "$cfg" identity "$(cat /proc/sys/kernel/hostname)"
+
+	procd_open_instance $cfg
+	procd_set_param command /usr/sbin/hostapd-radius \
+		-C "$ca" \
+		-c "$cert" -k "$key" \
+		-s "$clients" -u "$users" \
+		-p "$auth_port" -P "$acct_port" \
+		-i "$identity"
+	procd_close_instance
+}
+
+start_service() {
+	config_load radius
+	config_foreach radius_start radius
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "radius"
+}

feeds/hostapd/hostapd/files/radius.users

@@ -0,0 +1,14 @@
+{
+	"phase1": {
+		"wildcard": [
+			{
+				"name": "*",
+				"methods": [ "PEAP" ]
+			}
+		]
+	},
+	"phase2": {
+		"users": {
+		}
+	}
+}

feeds/hostapd/hostapd/files/wdev.uc

@@ -0,0 +1,207 @@
+#!/usr/bin/env ucode
+'use strict';
+import { vlist_new, is_equal, wdev_create, wdev_remove, phy_open } from "/usr/share/hostap/common.uc";
+import { readfile, writefile, basename, readlink, glob } from "fs";
+let libubus = require("ubus");
+
+let keep_devices = {};
+let phy = shift(ARGV);
+let command = shift(ARGV);
+let phydev;
+
+const mesh_params = [
+	"mesh_retry_timeout", "mesh_confirm_timeout", "mesh_holding_timeout", "mesh_max_peer_links",
+	"mesh_max_retries", "mesh_ttl", "mesh_element_ttl", "mesh_hwmp_max_preq_retries",
+	"mesh_path_refresh_time", "mesh_min_discovery_timeout", "mesh_hwmp_active_path_timeout",
+	"mesh_hwmp_preq_min_interval", "mesh_hwmp_net_diameter_traversal_time", "mesh_hwmp_rootmode",
+	"mesh_hwmp_rann_interval", "mesh_gate_announcements", "mesh_sync_offset_max_neighor",
+	"mesh_rssi_threshold", "mesh_hwmp_active_path_to_root_timeout", "mesh_hwmp_root_interval",
+	"mesh_hwmp_confirmation_interval", "mesh_awake_window", "mesh_plink_timeout",
+	"mesh_auto_open_plinks", "mesh_fwding", "mesh_power_mode"
+];
+
+function iface_stop(wdev)
+{
+	if (keep_devices[wdev.ifname])
+		return;
+
+	wdev_remove(wdev.ifname);
+}
+
+function iface_start(wdev)
+{
+	let ifname = wdev.ifname;
+
+	if (readfile(`/sys/class/net/${ifname}/ifindex`)) {
+		system([ "ip", "link", "set", "dev", ifname, "down" ]);
+		wdev_remove(ifname);
+	}
+	let wdev_config = {};
+	for (let key in wdev)
+		wdev_config[key] = wdev[key];
+	if (!wdev_config.macaddr && wdev.mode != "monitor")
+		wdev_config.macaddr = phydev.macaddr_next();
+	wdev_create(phy, ifname, wdev_config);
+	system([ "ip", "link", "set", "dev", ifname, "up" ]);
+	if (wdev.freq)
+		system(`iw dev ${ifname} set freq ${wdev.freq} ${wdev.htmode}`);
+	if (wdev.mode == "adhoc") {
+		let cmd = ["iw", "dev", ifname, "ibss", "join", wdev.ssid, wdev.freq, wdev.htmode, "fixed-freq" ];
+		if (wdev.bssid)
+			push(cmd, wdev.bssid);
+		for (let key in [ "beacon-interval", "basic-rates", "mcast-rate", "keys" ])
+			if (wdev[key])
+				push(cmd, key, wdev[key]);
+		system(cmd);
+	} else if (wdev.mode == "mesh") {
+		let cmd = [ "iw", "dev", ifname, "mesh", "join", wdev.ssid, "freq", wdev.freq, wdev.htmode ];
+		for (let key in [ "mcast-rate", "beacon-interval" ])
+			if (wdev[key])
+				push(cmd, key, wdev[key]);
+		system(cmd);
+
+		cmd = ["iw", "dev", ifname, "set", "mesh_param" ];
+		let len = length(cmd);
+
+		for (let param in mesh_params)
+			if (wdev[param])
+				push(cmd, param, wdev[param]);
+
+		if (len == length(cmd))
+			return;
+
+		system(cmd);
+	}
+
+}
+
+function iface_cb(new_if, old_if)
+{
+	if (old_if && new_if && is_equal(old_if, new_if))
+		return;
+
+	if (old_if)
+		iface_stop(old_if);
+	if (new_if)
+		iface_start(new_if);
+}
+
+function drop_inactive(config)
+{
+	for (let key in config) {
+		if (!readfile(`/sys/class/net/${key}/ifindex`))
+			delete config[key];
+	}
+}
+
+function add_ifname(config)
+{
+	for (let key in config)
+		config[key].ifname = key;
+}
+
+function delete_ifname(config)
+{
+	for (let key in config)
+		delete config[key].ifname;
+}
+
+function add_existing(phy, config)
+{
+	let wdevs = glob(`/sys/class/ieee80211/${phy}/device/net/*`);
+	wdevs = map(wdevs, (arg) => basename(arg));
+	for (let wdev in wdevs) {
+		if (config[wdev])
+			continue;
+
+		if (basename(readlink(`/sys/class/net/${wdev}/phy80211`)) != phy)
+			continue;
+
+		if (trim(readfile(`/sys/class/net/${wdev}/operstate`)) == "down")
+			config[wdev] = {};
+	}
+}
+
+function usage()
+{
+	warn(`Usage: ${basename(sourcepath())} <phy> <command> [<arguments>]
+
+Commands:
+	set_config <config> [<device]...] - set phy configuration
+	get_macaddr <id>		  - get phy MAC address for vif index <id>
+`);
+	exit(1);
+}
+
+const commands = {
+	set_config: function(args) {
+		let statefile = `/var/run/wdev-${phy}.json`;
+
+		let new_config = shift(args);
+		for (let dev in ARGV)
+			keep_devices[dev] = true;
+
+		if (!new_config)
+			usage();
+
+		new_config = json(new_config);
+		if (!new_config) {
+			warn("Invalid configuration\n");
+			exit(1);
+		}
+
+		let old_config = readfile(statefile);
+		if (old_config)
+			old_config = json(old_config);
+
+		let config = vlist_new(iface_cb);
+		if (type(old_config) == "object")
+			config.data = old_config;
+
+		add_existing(phy, config.data);
+		add_ifname(config.data);
+		drop_inactive(config.data);
+
+		let ubus = libubus.connect();
+		let data = ubus.call("hostapd", "config_get_macaddr_list", { phy: phy });
+		let macaddr_list = [];
+		if (type(data) == "object" && data.macaddr)
+			macaddr_list = data.macaddr;
+		ubus.disconnect();
+		phydev.macaddr_init(macaddr_list);
+
+		add_ifname(new_config);
+		config.update(new_config);
+
+		drop_inactive(config.data);
+		delete_ifname(config.data);
+		writefile(statefile, sprintf("%J", config.data));
+	},
+	get_macaddr: function(args) {
+		let data = {};
+
+		for (let arg in args) {
+			arg = split(arg, "=", 2);
+			data[arg[0]] = arg[1];
+		}
+
+		let macaddr = phydev.macaddr_generate(data);
+		if (!macaddr) {
+			warn(`Could not get MAC address for phy ${phy}\n`);
+			exit(1);
+		}
+
+		print(macaddr + "\n");
+	},
+};
+
+if (!phy || !command | !commands[command])
+	usage();
+
+phydev = phy_open(phy);
+if (!phydev) {
+	warn(`PHY ${phy} does not exist\n`);
+	exit(1);
+}
+
+commands[command](ARGV);

feeds/hostapd/hostapd/files/wpa_supplicant-basic.config

@@ -0,0 +1,625 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# wpa_supplicant binary. All lines starting with # are ignored. Configuration
+# option lines must be commented out complete, if they are not to be included,
+# i.e., just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+#CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
+#CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+#CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+#CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+#CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+#CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+#CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+#CONFIG_EAP_FAST=y
+
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# EAP-GTC
+#CONFIG_EAP_GTC=y
+
+# EAP-OTP
+#CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+#CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+#CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# MACsec
+#CONFIG_MACSEC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+#CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+#CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+#	path is given on command line, not here; this option is just used to
+#	select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+CONFIG_OCV=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+#CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+#CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+#CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+#CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant-full.config

@@ -0,0 +1,625 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# wpa_supplicant binary. All lines starting with # are ignored. Configuration
+# option lines must be commented out complete, if they are not to be included,
+# i.e., just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+#CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+CONFIG_EAP_FAST=y
+
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# MACsec
+#CONFIG_MACSEC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+#	path is given on command line, not here; this option is just used to
+#	select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+CONFIG_OCV=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+#CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+#CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+#CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant-mini.config

@@ -0,0 +1,625 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# wpa_supplicant binary. All lines starting with # are ignored. Configuration
+# option lines must be commented out complete, if they are not to be included,
+# i.e., just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+#CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
+#CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+#CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+#CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+#CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+#CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+#CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+#CONFIG_EAP_FAST=y
+
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# EAP-GTC
+#CONFIG_EAP_GTC=y
+
+# EAP-OTP
+#CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+#CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+#CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# MACsec
+#CONFIG_MACSEC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+#CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+#CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+#	path is given on command line, not here; this option is just used to
+#	select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+#CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+#CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+#CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+#CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+#CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+#CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant-p2p.config

@@ -0,0 +1,625 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# wpa_supplicant binary. All lines starting with # are ignored. Configuration
+# option lines must be commented out complete, if they are not to be included,
+# i.e., just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+#CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+CONFIG_EAP_FAST=y
+
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# MACsec
+#CONFIG_MACSEC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+#	path is given on command line, not here; this option is just used to
+#	select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+#CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+#CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+CONFIG_CTRL_IFACE_MIB=y

feeds/hostapd/hostapd/files/wpa_supplicant.uc

@@ -0,0 +1,330 @@
+let libubus = require("ubus");
+import { open, readfile } from "fs";
+import { wdev_create, wdev_remove, is_equal, vlist_new, phy_open } from "common";
+
+let ubus = libubus.connect();
+
+wpas.data.config = {};
+wpas.data.iface_phy = {};
+wpas.data.macaddr_list = {};
+
+function iface_stop(iface)
+{
+	let ifname = iface.config.iface;
+
+	if (!iface.running)
+		return;
+
+	delete wpas.data.iface_phy[ifname];
+	wpas.remove_iface(ifname);
+	wdev_remove(ifname);
+	iface.running = false;
+}
+
+function iface_start(phydev, iface, macaddr_list)
+{
+	let phy = phydev.name;
+
+	if (iface.running)
+		return;
+
+	let ifname = iface.config.iface;
+	let wdev_config = {};
+	for (let field in iface.config)
+		wdev_config[field] = iface.config[field];
+	if (!wdev_config.macaddr)
+		wdev_config.macaddr = phydev.macaddr_next();
+
+	wpas.data.iface_phy[ifname] = phy;
+	wdev_remove(ifname);
+	let ret = wdev_create(phy, ifname, wdev_config);
+	if (ret)
+		wpas.printf(`Failed to create device ${ifname}: ${ret}`);
+	wpas.add_iface(iface.config);
+	iface.running = true;
+}
+
+function iface_cb(new_if, old_if)
+{
+	if (old_if && new_if && is_equal(old_if.config, new_if.config)) {
+		new_if.running = old_if.running;
+		return;
+	}
+
+	if (new_if && old_if)
+		wpas.printf(`Update configuration for interface ${old_if.config.iface}`);
+	else if (old_if)
+		wpas.printf(`Remove interface ${old_if.config.iface}`);
+
+	if (old_if)
+		iface_stop(old_if);
+}
+
+function prepare_config(config)
+{
+	config.config_data = readfile(config.config);
+
+	return { config: config };
+}
+
+function set_config(phy_name, config_list)
+{
+	let phy = wpas.data.config[phy_name];
+
+	if (!phy) {
+		phy = vlist_new(iface_cb, false);
+		wpas.data.config[phy_name] = phy;
+	}
+
+	let values = [];
+	for (let config in config_list)
+		push(values, [ config.iface, prepare_config(config) ]);
+
+	phy.update(values);
+}
+
+function start_pending(phy_name)
+{
+	let phy = wpas.data.config[phy_name];
+	let ubus = wpas.data.ubus;
+
+	if (!phy || !phy.data)
+		return;
+
+	let phydev = phy_open(phy_name);
+	if (!phydev) {
+		wpas.printf(`Could not open phy ${phy_name}`);
+		return;
+	}
+
+	let macaddr_list = wpas.data.macaddr_list[phy_name];
+	phydev.macaddr_init(macaddr_list);
+
+	for (let ifname in phy.data)
+		iface_start(phydev, phy.data[ifname]);
+}
+
+let main_obj = {
+	phy_set_state: {
+		args: {
+			phy: "",
+			stop: true,
+		},
+		call: function(req) {
+			if (!req.args.phy || req.args.stop == null)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			let phy = wpas.data.config[req.args.phy];
+			if (!phy)
+				return libubus.STATUS_NOT_FOUND;
+
+			try {
+				if (req.args.stop) {
+					for (let ifname in phy.data)
+						iface_stop(phy.data[ifname]);
+				} else {
+					start_pending(req.args.phy);
+				}
+			} catch (e) {
+				wpas.printf(`Error chaging state: ${e}\n${e.stacktrace[0].context}`);
+				return libubus.STATUS_INVALID_ARGUMENT;
+			}
+			return 0;
+		}
+	},
+	phy_set_macaddr_list: {
+		args: {
+			phy: "",
+			macaddr: [],
+		},
+		call: function(req) {
+			let phy = req.args.phy;
+			if (!phy)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			wpas.data.macaddr_list[phy] = req.args.macaddr;
+			return 0;
+		}
+	},
+	phy_status: {
+		args: {
+			phy: ""
+		},
+		call: function(req) {
+			if (!req.args.phy)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			let phy = wpas.data.config[req.args.phy];
+			if (!phy)
+				return libubus.STATUS_NOT_FOUND;
+
+			for (let ifname in phy.data) {
+				try {
+					let iface = wpas.interfaces[ifname];
+					if (!iface)
+						continue;
+
+					let status = iface.status();
+					if (!status)
+						continue;
+
+					if (status.state == "INTERFACE_DISABLED")
+						continue;
+
+					status.ifname = ifname;
+					return status;
+				} catch (e) {
+					continue;
+				}
+			}
+
+			return libubus.STATUS_NOT_FOUND;
+		}
+	},
+	config_set: {
+		args: {
+			phy: "",
+			config: [],
+			defer: true,
+		},
+		call: function(req) {
+			if (!req.args.phy)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			wpas.printf(`Set new config for phy ${req.args.phy}`);
+			try {
+				if (req.args.config)
+					set_config(req.args.phy, req.args.config);
+
+				if (!req.args.defer)
+					start_pending(req.args.phy);
+			} catch (e) {
+				wpas.printf(`Error loading config: ${e}\n${e.stacktrace[0].context}`);
+				return libubus.STATUS_INVALID_ARGUMENT;
+			}
+
+			return {
+				pid: wpas.getpid()
+			};
+		}
+	},
+	config_add: {
+		args: {
+			driver: "",
+			iface: "",
+			bridge: "",
+			hostapd_ctrl: "",
+			ctrl: "",
+			config: "",
+		},
+		call: function(req) {
+			if (!req.args.iface || !req.args.config)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			if (wpas.add_iface(req.args) < 0)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			return {
+				pid: wpas.getpid()
+			};
+		}
+	},
+	config_remove: {
+		args: {
+			iface: ""
+		},
+		call: function(req) {
+			if (!req.args.iface)
+				return libubus.STATUS_INVALID_ARGUMENT;
+
+			wpas.remove_iface(req.args.iface);
+			return 0;
+		}
+	},
+};
+
+wpas.data.ubus = ubus;
+wpas.data.obj = ubus.publish("wpa_supplicant", main_obj);
+
+function iface_event(type, name, data) {
+	let ubus = wpas.data.ubus;
+
+	data ??= {};
+	data.name = name;
+	wpas.data.obj.notify(`iface.${type}`, data, null, null, null, -1);
+	ubus.call("service", "event", { type: `wpa_supplicant.${name}.${type}`, data: {} });
+}
+
+function iface_hostapd_notify(phy, ifname, iface, state)
+{
+	let ubus = wpas.data.ubus;
+	let status = iface.status();
+	let msg = { phy: phy };
+
+	switch (state) {
+	case "DISCONNECTED":
+	case "AUTHENTICATING":
+	case "SCANNING":
+		msg.up = false;
+		break;
+	case "INTERFACE_DISABLED":
+	case "INACTIVE":
+		msg.up = true;
+		break;
+	case "COMPLETED":
+		msg.up = true;
+		msg.frequency = status.frequency;
+		msg.sec_chan_offset = status.sec_chan_offset;
+		break;
+	default:
+		return;
+	}
+
+	ubus.call("hostapd", "apsta_state", msg);
+}
+
+function iface_channel_switch(phy, ifname, iface, info)
+{
+	let msg = {
+		phy: phy,
+		up: true,
+		csa: true,
+		csa_count: info.csa_count ? info.csa_count - 1 : 0,
+		frequency: info.frequency,
+		sec_chan_offset: info.sec_chan_offset,
+	};
+	ubus.call("hostapd", "apsta_state", msg);
+}
+
+return {
+	shutdown: function() {
+		for (let phy in wpas.data.config)
+			set_config(phy, []);
+		wpas.ubus.disconnect();
+	},
+	iface_add: function(name, obj) {
+		iface_event("add", name);
+	},
+	iface_remove: function(name, obj) {
+		iface_event("remove", name);
+	},
+	state: function(ifname, iface, state) {
+		let phy = wpas.data.iface_phy[ifname];
+		if (!phy) {
+			wpas.printf(`no PHY for ifname ${ifname}`);
+			return;
+		}
+
+		iface_hostapd_notify(phy, ifname, iface, state);
+	},
+	event: function(ifname, iface, ev, info) {
+		let phy = wpas.data.iface_phy[ifname];
+		if (!phy) {
+			wpas.printf(`no PHY for ifname ${ifname}`);
+			return;
+		}
+
+		if (ev == "CH_SWITCH_STARTED")
+			iface_channel_switch(phy, ifname, iface, info);
+	}
+};

feeds/hostapd/hostapd/files/wpad.init

@@ -0,0 +1,43 @@
+#!/bin/sh /etc/rc.common
+
+START=19
+STOP=21
+
+USE_PROCD=1
+NAME=wpad
+
+start_service() {
+	if [ -x "/usr/sbin/hostapd" ]; then
+		mkdir -p /var/run/hostapd
+		chown network:network /var/run/hostapd
+		procd_open_instance hostapd
+		procd_set_param command /usr/sbin/hostapd -s -g /var/run/hostapd/global
+		procd_set_param respawn 3600 1 0
+		procd_set_param limits core="unlimited"
+		[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
+			procd_add_jail hostapd
+			procd_set_param capabilities /etc/capabilities/wpad.json
+			procd_set_param user network
+			procd_set_param group network
+			procd_set_param no_new_privs 1
+		}
+		procd_close_instance
+	fi
+
+	if [ -x "/usr/sbin/wpa_supplicant" ]; then
+		mkdir -p /var/run/wpa_supplicant
+		chown network:network /var/run/wpa_supplicant
+		procd_open_instance supplicant
+		procd_set_param command /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_supplicant/global
+		procd_set_param respawn 3600 1 0
+		procd_set_param limits core="unlimited"
+		[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
+			procd_add_jail wpa_supplicant
+			procd_set_param capabilities /etc/capabilities/wpad.json
+			procd_set_param user network
+			procd_set_param group network
+			procd_set_param no_new_privs 1
+		}
+		procd_close_instance
+	fi
+}

feeds/hostapd/hostapd/files/wpad_acl.json

@@ -0,0 +1,16 @@
+{
+	"user": "network",
+	"access": {
+		"service": {
+			"methods": [ "event" ]
+		},
+		"wpa_supplicant": {
+			"methods": [ "phy_set_state", "phy_set_macaddr_list", "phy_status" ]
+		},
+		"hostapd": {
+			"methods": [ "apsta_state" ]
+		}
+	},
+	"publish": [ "hostapd", "hostapd.*", "wpa_supplicant", "wpa_supplicant.*" ],
+	"send": [ "bss.*", "wps_credentials" ]
+}

feeds/hostapd/hostapd/files/wps-hotplug.sh

@@ -0,0 +1,69 @@
+#!/bin/sh
+
+wps_catch_credentials() {
+	local iface ifaces ifc ifname ssid encryption key radio radios
+	local found=0
+
+	. /usr/share/libubox/jshn.sh
+	ubus -S -t 30 listen wps_credentials | while read creds; do
+		json_init
+		json_load "$creds"
+		json_select wps_credentials || continue
+		json_get_vars ifname ssid key encryption
+		local ifcname="$ifname"
+		json_init
+		json_load "$(ubus -S call network.wireless status)"
+		json_get_keys radios
+		for radio in $radios; do
+			json_select $radio
+			json_select interfaces
+			json_get_keys ifaces
+			for ifc in $ifaces; do
+				json_select $ifc
+				json_get_vars ifname
+				[ "$ifname" = "$ifcname" ] && {
+					ubus -S call uci set "{\"config\":\"wireless\", \"type\":\"wifi-iface\",		\
+								\"match\": { \"device\": \"$radio\", \"encryption\": \"wps\" },	\
+								\"values\": { \"encryption\": \"$encryption\", 			\
+										\"ssid\": \"$ssid\", 				\
+										\"key\": \"$key\" } }"
+					ubus -S call uci commit '{"config": "wireless"}'
+					ubus -S call uci apply
+				}
+				json_select ..
+			done
+			json_select ..
+			json_select ..
+		done
+	done
+}
+
+if [ "$ACTION" = "released" ] && [ "$BUTTON" = "wps" ]; then
+	# If the button was pressed for 3 seconds or more, trigger WPS on
+	# wpa_supplicant only, no matter if hostapd is running or not.  If
+	# was pressed for less than 3 seconds, try triggering on
+	# hostapd. If there is no hostapd instance to trigger it on or WPS
+	# is not enabled on them, trigger it on wpa_supplicant.
+	if [ "$SEEN" -lt 3 ] ; then
+		wps_done=0
+		ubusobjs="$( ubus -S list hostapd.* )"
+		for ubusobj in $ubusobjs; do
+			ubus -S call $ubusobj wps_start && wps_done=1
+		done
+		[ $wps_done = 0 ] || return 0
+	fi
+	wps_done=0
+	ubusobjs="$( ubus -S list wpa_supplicant.* )"
+	for ubusobj in $ubusobjs; do
+		ifname="$(echo $ubusobj | cut -d'.' -f2 )"
+		multi_ap=""
+		if [ -e "/var/run/wpa_supplicant-${ifname}.conf.is_multiap" ]; then
+			ubus -S call $ubusobj wps_start '{ "multi_ap": true }' && wps_done=1
+		else
+			ubus -S call $ubusobj wps_start && wps_done=1
+		fi
+	done
+	[ $wps_done = 0 ] || wps_catch_credentials &
+fi
+
+return 0

feeds/hostapd/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch

@@ -0,0 +1,43 @@
+From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Wed, 5 May 2021 00:44:34 +0200
+Subject: [PATCH] wolfssl: add RNG to EC key
+
+Since upstream commit 6467de5a8840 ("Randomize z ordinates in
+scalar mult when timing resistant") WolfSSL requires a RNG for
+the EC key when built hardened which is the default.
+
+Set the RNG for the EC key to fix connections for OWE clients.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ src/crypto/crypto_wolfssl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -1340,6 +1340,7 @@ int ecc_projective_add_point(ecc_point *
+ 
+ struct crypto_ec {
+ 	ecc_key key;
++	WC_RNG rng;
+ 	mp_int a;
+ 	mp_int prime;
+ 	mp_int order;
+@@ -1394,6 +1395,8 @@ struct crypto_ec * crypto_ec_init(int gr
+ 		return NULL;
+ 
+ 	if (wc_ecc_init(&e->key) != 0 ||
++	    wc_InitRng(&e->rng) != 0 ||
++	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
+ 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
+ 	    mp_init(&e->a) != MP_OKAY ||
+ 	    mp_init(&e->prime) != MP_OKAY ||
+@@ -1425,6 +1428,7 @@ void crypto_ec_deinit(struct crypto_ec*
+ 	mp_clear(&e->order);
+ 	mp_clear(&e->prime);
+ 	mp_clear(&e->a);
++	wc_FreeRng(&e->rng);
+ 	wc_ecc_free(&e->key);
+ 	os_free(e);
+ }

feeds/hostapd/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -0,0 +1,135 @@
+From 8de8cd8380af0c43d4fde67a668d79ef73b26b26 Mon Sep 17 00:00:00 2001
+From: Peter Oh <peter.oh@bowerswilkins.com>
+Date: Tue, 30 Jun 2020 14:18:58 +0200
+Subject: [PATCH 10/19] mesh: Allow DFS channels to be selected if dfs is
+ enabled
+
+Note: DFS is assumed to be usable if a country code has been set
+
+Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
+Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
+---
+ wpa_supplicant/wpa_supplicant.c | 25 +++++++++++++++++++------
+ 1 file changed, 19 insertions(+), 6 deletions(-)
+
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -2638,7 +2638,7 @@ static int drv_supports_vht(struct wpa_s
+ }
+ 
+ 
+-static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode)
++static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode, bool dfs_enabled)
+ {
+ 	int i;
+ 
+@@ -2647,7 +2647,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+ 
+ 		chan = hw_get_channel_chan(mode, i, NULL);
+ 		if (!chan ||
+-		    chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
++		    chan->flag & HOSTAPD_CHAN_DISABLED)
++			return false;
++		
++		if (!dfs_enabled && chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ 			return false;
+ 	}
+ 
+@@ -2774,7 +2777,7 @@ static void ibss_mesh_select_40mhz(struc
+ 				   const struct wpa_ssid *ssid,
+ 				   struct hostapd_hw_modes *mode,
+ 				   struct hostapd_freq_params *freq,
+-				   int obss_scan) {
++				   int obss_scan, bool dfs_enabled) {
+ 	int chan_idx;
+ 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
+ 	int i, res;
+@@ -2798,8 +2801,11 @@ static void ibss_mesh_select_40mhz(struc
+ 		return;
+ 
+ 	/* Check primary channel flags */
+-	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
++	if (pri_chan->flag & HOSTAPD_CHAN_DISABLED)
+ 		return;
++	if (pri_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
++		if (!dfs_enabled)
++			return;
+ 
+ #ifdef CONFIG_HT_OVERRIDES
+ 	if (ssid->disable_ht40)
+@@ -2825,8 +2831,11 @@ static void ibss_mesh_select_40mhz(struc
+ 		return;
+ 
+ 	/* Check secondary channel flags */
+-	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
++	if (sec_chan->flag & HOSTAPD_CHAN_DISABLED)
+ 		return;
++	if (sec_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
++		if (!dfs_enabled)
++			return;
+ 
+ 	if (ht40 == -1) {
+ 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
+@@ -2880,7 +2889,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ 				       const struct wpa_ssid *ssid,
+ 				       struct hostapd_hw_modes *mode,
+ 				       struct hostapd_freq_params *freq,
+-				       int ieee80211_mode, bool is_6ghz) {
++				       int ieee80211_mode, bool is_6ghz, bool dfs_enabled) {
+ 	static const int bw80[] = {
+ 		5180, 5260, 5500, 5580, 5660, 5745, 5825,
+ 		5955, 6035, 6115, 6195, 6275, 6355, 6435,
+@@ -2925,7 +2934,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ 		goto skip_80mhz;
+ 
+ 	/* Use 40 MHz if channel not usable */
+-	if (!ibss_mesh_is_80mhz_avail(channel, mode))
++	if (!ibss_mesh_is_80mhz_avail(channel, mode, dfs_enabled))
+ 		goto skip_80mhz;
+ 
+ 	chwidth = CONF_OPER_CHWIDTH_80MHZ;
+@@ -2939,7 +2948,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ 	if ((mode->he_capab[ieee80211_mode].phy_cap[
+ 		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ 	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
+-	    ibss_mesh_is_80mhz_avail(channel + 16, mode)) {
++	    ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled)) {
+ 		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
+ 			if (freq->freq == bw160[j]) {
+ 				chwidth = CONF_OPER_CHWIDTH_160MHZ;
+@@ -2967,10 +2976,12 @@ static bool ibss_mesh_select_80_160mhz(s
+ 				if (!chan)
+ 					continue;
+ 
+-				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
+-						  HOSTAPD_CHAN_NO_IR |
+-						  HOSTAPD_CHAN_RADAR))
++				if (chan->flag & HOSTAPD_CHAN_DISABLED)
+ 					continue;
++				if (chan->flag & (HOSTAPD_CHAN_RADAR |
++						  HOSTAPD_CHAN_NO_IR))
++					if (!dfs_enabled)
++						continue;
+ 
+ 				/* Found a suitable second segment for 80+80 */
+ 				chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
+@@ -3025,6 +3036,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	int i, obss_scan = 1;
+ 	u8 channel;
+ 	bool is_6ghz;
++	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
+ 
+ 	freq->freq = ssid->frequency;
+ 
+@@ -3070,9 +3082,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	freq->channel = channel;
+ 	/* Setup higher BW only for 5 GHz */
+ 	if (mode->mode == HOSTAPD_MODE_IEEE80211A) {
+-		ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan);
++		ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan, dfs_enabled);
+ 		if (!ibss_mesh_select_80_160mhz(wpa_s, ssid, mode, freq,
+-						ieee80211_mode, is_6ghz))
++						ieee80211_mode, is_6ghz, dfs_enabled))
+ 			freq->he_enabled = freq->vht_enabled = false;
+ 	}
+ 

feeds/hostapd/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch

@@ -0,0 +1,81 @@
+From fc8ea40f6130ac18d9c66797de2cf1d5af55d496 Mon Sep 17 00:00:00 2001
+From: Markus Theil <markus.theil@tu-ilmenau.de>
+Date: Tue, 30 Jun 2020 14:19:07 +0200
+Subject: [PATCH 19/19] mesh: use deterministic channel on channel switch
+
+This patch uses a deterministic channel on DFS channel switch
+in mesh networks. Otherwise, when switching to a usable but not
+available channel, no CSA can be sent and a random channel is choosen
+without notification of other nodes. It is then quite likely, that
+the mesh network gets disconnected.
+
+Fix this by using a deterministic number, based on the sha256 hash
+of the mesh ID, in order to use at least a different number in each
+mesh network.
+
+Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
+---
+ src/ap/dfs.c                 | 20 +++++++++++++++++++-
+ src/drivers/driver_nl80211.c |  4 ++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+--- a/src/ap/dfs.c
++++ b/src/ap/dfs.c
+@@ -17,6 +17,7 @@
+ #include "ap_drv_ops.h"
+ #include "drivers/driver.h"
+ #include "dfs.h"
++#include "crypto/crypto.h"
+ 
+ 
+ enum dfs_channel_type {
+@@ -526,9 +527,14 @@ dfs_get_valid_channel(struct hostapd_ifa
+ 	int num_available_chandefs;
+ 	int chan_idx, chan_idx2;
+ 	int sec_chan_idx_80p80 = -1;
++	bool is_mesh = false;
+ 	int i;
+ 	u32 _rand;
+ 
++#ifdef CONFIG_MESH
++	is_mesh = iface->mconf;
++#endif
++
+ 	wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
+ 	*secondary_channel = 0;
+ 	*oper_centr_freq_seg0_idx = 0;
+@@ -548,8 +554,20 @@ dfs_get_valid_channel(struct hostapd_ifa
+ 	if (num_available_chandefs == 0)
+ 		return NULL;
+ 
+-	if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
++	/* try to use deterministic channel in mesh, so that both sides
++	 * have a chance to switch to the same channel */
++	if (is_mesh) {
++#ifdef CONFIG_MESH
++		u64 hash[4];
++		const u8 *meshid[1] = { &iface->mconf->meshid[0] };
++		const size_t meshid_len = iface->mconf->meshid_len;
++
++		sha256_vector(1, meshid, &meshid_len, (u8 *)&hash[0]);
++		_rand = hash[0] + hash[1] + hash[2] + hash[3];
++#endif
++	} else if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
+ 		return NULL;
++
+ 	chan_idx = _rand % num_available_chandefs;
+ 	dfs_find_channel(iface, &chan, chan_idx, type);
+ 	if (!chan) {
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -11017,6 +11017,10 @@ static int nl80211_switch_channel(void *
+ 	if (ret)
+ 		goto error;
+ 
++	if (drv->nlmode == NL80211_IFTYPE_MESH_POINT) {
++		nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS);
++	}
++
+ 	/* beacon_csa params */
+ 	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
+ 	if (!beacon_csa)

feeds/hostapd/hostapd/patches/021-fix-sta-add-after-previous-connection.patch

@@ -0,0 +1,26 @@
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4621,6 +4621,13 @@ static int add_associated_sta(struct hos
+ 	 * drivers to accept the STA parameter configuration. Since this is
+ 	 * after a new FT-over-DS exchange, a new TK has been derived, so key
+ 	 * reinstallation is not a concern for this case.
++	 *
++	 * If the STA was associated and authorized earlier, but came for a new
++	 * connection (!added_unassoc + !reassoc), remove the existing STA entry
++	 * so that it can be re-added. This case is rarely seen when the AP could
++	 * not receive the deauth/disassoc frame from the STA. And the STA comes
++	 * back with new connection within a short period or before the inactive
++	 * STA entry is removed from the list.
+ 	 */
+ 	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ 		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -4634,7 +4641,8 @@ static int add_associated_sta(struct hos
+ 	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ 	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ 	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+-	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++	      !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++	     (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
+ 		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ 		set = 0;

feeds/hostapd/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch

@@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 8 Jul 2021 16:33:03 +0200
+Subject: [PATCH] hostapd: fix use of uninitialized stack variables
+
+When a CSA is performed on an 80 MHz channel, hostapd_change_config_freq
+unconditionally calls hostapd_set_oper_centr_freq_seg0/1_idx with seg0/1
+filled by ieee80211_freq_to_chan.
+However, if ieee80211_freq_to_chan fails (because the freq is 0 or invalid),
+seg0/1 remains uninitialized and filled with stack garbage, causing errors
+such as "hostapd: 80 MHz: center segment 1 configured"
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -3764,7 +3764,7 @@ static int hostapd_change_config_freq(st
+ 				      struct hostapd_freq_params *old_params)
+ {
+ 	int channel;
+-	u8 seg0, seg1;
++	u8 seg0 = 0, seg1 = 0;
+ 	struct hostapd_hw_modes *mode;
+ 
+ 	if (!params->channel) {

feeds/hostapd/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch

@@ -0,0 +1,275 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 28 Jul 2021 05:49:46 +0200
+Subject: [PATCH] driver_nl80211: rewrite neigh code to not depend on
+ libnl3-route
+
+Removes an unnecessary dependency and also makes the code smaller
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -16,9 +16,6 @@
+ #include <net/if.h>
+ #include <netlink/genl/genl.h>
+ #include <netlink/genl/ctrl.h>
+-#ifdef CONFIG_LIBNL3_ROUTE
+-#include <netlink/route/neighbour.h>
+-#endif /* CONFIG_LIBNL3_ROUTE */
+ #include <linux/rtnetlink.h>
+ #include <netpacket/packet.h>
+ #include <linux/errqueue.h>
+@@ -5783,26 +5780,29 @@ fail:
+ 
+ static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
+ {
+-#ifdef CONFIG_LIBNL3_ROUTE
+ 	struct wpa_driver_nl80211_data *drv = bss->drv;
+-	struct rtnl_neigh *rn;
+-	struct nl_addr *nl_addr;
++	struct ndmsg nhdr = {
++		.ndm_state = NUD_PERMANENT,
++		.ndm_ifindex = bss->ifindex,
++		.ndm_family = AF_BRIDGE,
++	};
++	struct nl_msg *msg;
+ 	int err;
+ 
+-	rn = rtnl_neigh_alloc();
+-	if (!rn)
++	msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
++	if (!msg)
+ 		return;
+ 
+-	rtnl_neigh_set_family(rn, AF_BRIDGE);
+-	rtnl_neigh_set_ifindex(rn, bss->ifindex);
+-	nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
+-	if (!nl_addr) {
+-		rtnl_neigh_put(rn);
+-		return;
+-	}
+-	rtnl_neigh_set_lladdr(rn, nl_addr);
++	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
++		goto errout;
++
++	if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
++		goto errout;
++
++	if (nl_send_auto_complete(drv->rtnl_sk, msg) < 0)
++		goto errout;
+ 
+-	err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
++	err = nl_wait_for_ack(drv->rtnl_sk);
+ 	if (err < 0) {
+ 		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
+ 			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
+@@ -5812,9 +5812,8 @@ static void rtnl_neigh_delete_fdb_entry(
+ 			   MACSTR, MAC2STR(addr));
+ 	}
+ 
+-	nl_addr_put(nl_addr);
+-	rtnl_neigh_put(rn);
+-#endif /* CONFIG_LIBNL3_ROUTE */
++errout:
++	nlmsg_free(msg);
+ }
+ 
+ 
+@@ -8492,7 +8491,6 @@ static void *i802_init(struct hostapd_da
+ 	    (params->num_bridge == 0 || !params->bridge[0]))
+ 		add_ifidx(drv, br_ifindex, drv->ifindex);
+ 
+-#ifdef CONFIG_LIBNL3_ROUTE
+ 	if (bss->added_if_into_bridge || bss->already_in_bridge) {
+ 		int err;
+ 
+@@ -8509,7 +8507,6 @@ static void *i802_init(struct hostapd_da
+ 			goto failed;
+ 		}
+ 	}
+-#endif /* CONFIG_LIBNL3_ROUTE */
+ 
+ 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
+ 		wpa_printf(MSG_DEBUG,
+@@ -11883,13 +11880,14 @@ static int wpa_driver_br_add_ip_neigh(vo
+ 				      const u8 *ipaddr, int prefixlen,
+ 				      const u8 *addr)
+ {
+-#ifdef CONFIG_LIBNL3_ROUTE
+ 	struct i802_bss *bss = priv;
+ 	struct wpa_driver_nl80211_data *drv = bss->drv;
+-	struct rtnl_neigh *rn;
+-	struct nl_addr *nl_ipaddr = NULL;
+-	struct nl_addr *nl_lladdr = NULL;
+-	int family, addrsize;
++	struct ndmsg nhdr = {
++		.ndm_state = NUD_PERMANENT,
++		.ndm_ifindex = bss->br_ifindex,
++	};
++	struct nl_msg *msg;
++	int addrsize;
+ 	int res;
+ 
+ 	if (!ipaddr || prefixlen == 0 || !addr)
+@@ -11908,85 +11906,66 @@ static int wpa_driver_br_add_ip_neigh(vo
+ 	}
+ 
+ 	if (version == 4) {
+-		family = AF_INET;
++		nhdr.ndm_family = AF_INET;
+ 		addrsize = 4;
+ 	} else if (version == 6) {
+-		family = AF_INET6;
++		nhdr.ndm_family = AF_INET6;
+ 		addrsize = 16;
+ 	} else {
+ 		return -EINVAL;
+ 	}
+ 
+-	rn = rtnl_neigh_alloc();
+-	if (rn == NULL)
++	msg = nlmsg_alloc_simple(RTM_NEWNEIGH, NLM_F_CREATE);
++	if (!msg)
+ 		return -ENOMEM;
+ 
+-	/* set the destination ip address for neigh */
+-	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
+-	if (nl_ipaddr == NULL) {
+-		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
+-		res = -ENOMEM;
++	res = -ENOMEM;
++	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
+ 		goto errout;
+-	}
+-	nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
+-	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
+-	if (res) {
+-		wpa_printf(MSG_DEBUG,
+-			   "nl80211: neigh set destination addr failed");
++
++	if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
+ 		goto errout;
+-	}
+ 
+-	/* set the corresponding lladdr for neigh */
+-	nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
+-	if (nl_lladdr == NULL) {
+-		wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
+-		res = -ENOMEM;
++	if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
+ 		goto errout;
+-	}
+-	rtnl_neigh_set_lladdr(rn, nl_lladdr);
+ 
+-	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
+-	rtnl_neigh_set_state(rn, NUD_PERMANENT);
++	res = nl_send_auto_complete(drv->rtnl_sk, msg);
++	if (res < 0)
++		goto errout;
+ 
+-	res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
++	res = nl_wait_for_ack(drv->rtnl_sk);
+ 	if (res) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "nl80211: Adding bridge ip neigh failed: %s",
+ 			   nl_geterror(res));
+ 	}
+ errout:
+-	if (nl_lladdr)
+-		nl_addr_put(nl_lladdr);
+-	if (nl_ipaddr)
+-		nl_addr_put(nl_ipaddr);
+-	if (rn)
+-		rtnl_neigh_put(rn);
++	nlmsg_free(msg);
+ 	return res;
+-#else /* CONFIG_LIBNL3_ROUTE */
+-	return -1;
+-#endif /* CONFIG_LIBNL3_ROUTE */
+ }
+ 
+ 
+ static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
+ 					 const u8 *ipaddr)
+ {
+-#ifdef CONFIG_LIBNL3_ROUTE
+ 	struct i802_bss *bss = priv;
+ 	struct wpa_driver_nl80211_data *drv = bss->drv;
+-	struct rtnl_neigh *rn;
+-	struct nl_addr *nl_ipaddr;
+-	int family, addrsize;
++	struct ndmsg nhdr = {
++		.ndm_state = NUD_PERMANENT,
++		.ndm_ifindex = bss->br_ifindex,
++	};
++	struct nl_msg *msg;
++	int addrsize;
+ 	int res;
+ 
+ 	if (!ipaddr)
+ 		return -EINVAL;
+ 
+ 	if (version == 4) {
+-		family = AF_INET;
++		nhdr.ndm_family = AF_INET;
+ 		addrsize = 4;
+ 	} else if (version == 6) {
+-		family = AF_INET6;
++		nhdr.ndm_family = AF_INET6;
+ 		addrsize = 16;
+ 	} else {
+ 		return -EINVAL;
+@@ -12004,41 +11983,30 @@ static int wpa_driver_br_delete_ip_neigh
+ 		return -1;
+ 	}
+ 
+-	rn = rtnl_neigh_alloc();
+-	if (rn == NULL)
++	msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
++	if (!msg)
+ 		return -ENOMEM;
+ 
+-	/* set the destination ip address for neigh */
+-	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
+-	if (nl_ipaddr == NULL) {
+-		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
+-		res = -ENOMEM;
++	res = -ENOMEM;
++	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
+ 		goto errout;
+-	}
+-	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
+-	if (res) {
+-		wpa_printf(MSG_DEBUG,
+-			   "nl80211: neigh set destination addr failed");
++
++	if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
+ 		goto errout;
+-	}
+ 
+-	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
++	res = nl_send_auto_complete(drv->rtnl_sk, msg);
++	if (res < 0)
++		goto errout;
+ 
+-	res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
++	res = nl_wait_for_ack(drv->rtnl_sk);
+ 	if (res) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "nl80211: Deleting bridge ip neigh failed: %s",
+ 			   nl_geterror(res));
+ 	}
+ errout:
+-	if (nl_ipaddr)
+-		nl_addr_put(nl_ipaddr);
+-	if (rn)
+-		rtnl_neigh_put(rn);
++	nlmsg_free(msg);
+ 	return res;
+-#else /* CONFIG_LIBNL3_ROUTE */
+-	return -1;
+-#endif /* CONFIG_LIBNL3_ROUTE */
+ }
+ 
+ 

feeds/hostapd/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch

@@ -0,0 +1,34 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 18 Feb 2019 12:57:11 +0100
+Subject: [PATCH] mesh: allow processing authentication frames in blocked state
+
+If authentication fails repeatedly e.g. because of a weak signal, the link
+can end up in blocked state. If one of the nodes tries to establish a link
+again before it is unblocked on the other side, it will block the link to
+that other side. The same happens on the other side when it unblocks the
+link. In that scenario, the link never recovers on its own.
+
+To fix this, allow restarting authentication even if the link is in blocked
+state, but don't initiate the attempt until the blocked period is over.
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -3020,15 +3020,6 @@ static void handle_auth(struct hostapd_d
+ 				       seq_ctrl);
+ 			return;
+ 		}
+-#ifdef CONFIG_MESH
+-		if ((hapd->conf->mesh & MESH_ENABLED) &&
+-		    sta->plink_state == PLINK_BLOCKED) {
+-			wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
+-				   " is blocked - drop Authentication frame",
+-				   MAC2STR(sa));
+-			return;
+-		}
+-#endif /* CONFIG_MESH */
+ #ifdef CONFIG_PASN
+ 		if (auth_alg == WLAN_AUTH_PASN &&
+ 		    (sta->flags & WLAN_STA_ASSOC)) {

feeds/hostapd/hostapd/patches/050-build_fix.patch

@@ -0,0 +1,20 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -324,6 +324,7 @@ ifdef CONFIG_FILS
+ CFLAGS += -DCONFIG_FILS
+ OBJS += ../src/ap/fils_hlp.o
+ NEED_SHA384=y
++NEED_HMAC_SHA384_KDF=y
+ NEED_AES_SIV=y
+ ifdef CONFIG_FILS_SK_PFS
+ CFLAGS += -DCONFIG_FILS_SK_PFS
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -331,6 +331,7 @@ endif
+ ifdef CONFIG_FILS
+ CFLAGS += -DCONFIG_FILS
+ NEED_SHA384=y
++NEED_HMAC_SHA384_KDF=y
+ NEED_AES_SIV=y
+ ifdef CONFIG_FILS_SK_PFS
+ CFLAGS += -DCONFIG_FILS_SK_PFS

feeds/hostapd/hostapd/patches/120-mbedtls-fips186_2_prf.patch

@@ -0,0 +1,114 @@
+From c8dba4bd750269bcc80fed3d546e2077cb4cdf0e Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Tue, 19 Jul 2022 20:02:21 -0400
+Subject: [PATCH 2/7] mbedtls: fips186_2_prf()
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ hostapd/Makefile            |  4 ---
+ src/crypto/crypto_mbedtls.c | 60 +++++++++++++++++++++++++++++++++++++
+ wpa_supplicant/Makefile     |  4 ---
+ 3 files changed, 60 insertions(+), 8 deletions(-)
+
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -759,10 +759,6 @@ endif
+ OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+-ifdef NEED_FIPS186_2_PRF
+-OBJS += ../src/crypto/fips_prf_internal.o
+-SHA1OBJS += ../src/crypto/sha1-internal.o
+-endif
+ ifeq ($(CONFIG_CRYPTO), mbedtls)
+ ifdef CONFIG_DPP
+ LIBS += -lmbedx509
+--- a/src/crypto/crypto_mbedtls.c
++++ b/src/crypto/crypto_mbedtls.c
+@@ -132,6 +132,12 @@
+ #define CRYPTO_MBEDTLS_HMAC_KDF_SHA512
+ #endif
+ 
++#if defined(EAP_SIM) || defined(EAP_SIM_DYNAMIC) || defined(EAP_SERVER_SIM) \
++ || defined(EAP_AKA) || defined(EAP_AKA_DYNAMIC) || defined(EAP_SERVER_AKA)
++/* EAP_SIM=y EAP_AKA=y */
++#define CRYPTO_MBEDTLS_FIPS186_2_PRF
++#endif
++
+ #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) \
+  || defined(EAP_TEAP) || defined(EAP_TEAP_DYNAMIC) || defined(EAP_SERVER_FAST)
+ #define CRYPTO_MBEDTLS_SHA1_T_PRF
+@@ -813,6 +819,60 @@ int sha1_t_prf(const u8 *key, size_t key
+ 
+ #endif /* CRYPTO_MBEDTLS_SHA1_T_PRF */
+ 
++#ifdef CRYPTO_MBEDTLS_FIPS186_2_PRF
++
++/* fips_prf_internal.c sha1-internal.c */
++
++/* used only by src/eap_common/eap_sim_common.c:eap_sim_prf()
++ * for eap_sim_derive_keys() and eap_sim_derive_keys_reauth()
++ * where xlen is 160 */
++
++int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
++{
++	/* FIPS 186-2 + change notice 1 */
++
++	mbedtls_sha1_context ctx;
++	u8 * const xkey = ctx.MBEDTLS_PRIVATE(buffer);
++	u32 * const xstate = ctx.MBEDTLS_PRIVATE(state);
++	const u32 xstate_init[] =
++	  { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 };
++
++	mbedtls_sha1_init(&ctx);
++	os_memcpy(xkey, seed, seed_len < 64 ? seed_len : 64);
++
++	/* note: does not fill extra bytes if (xlen % 20) (SHA1_MAC_LEN) */
++	for (; xlen >= 20; xlen -= 20) {
++		/* XSEED_j = 0 */
++		/* XVAL = (XKEY + XSEED_j) mod 2^b */
++
++		/* w_i = G(t, XVAL) */
++		os_memcpy(xstate, xstate_init, sizeof(xstate_init));
++		mbedtls_internal_sha1_process(&ctx, xkey);
++
++	  #if __BYTE_ORDER == __LITTLE_ENDIAN
++		xstate[0] = host_to_be32(xstate[0]);
++		xstate[1] = host_to_be32(xstate[1]);
++		xstate[2] = host_to_be32(xstate[2]);
++		xstate[3] = host_to_be32(xstate[3]);
++		xstate[4] = host_to_be32(xstate[4]);
++	  #endif
++		os_memcpy(x, xstate, 20);
++		if (xlen == 20) /*(done; skip prep for next loop)*/
++			break;
++
++		/* XKEY = (1 + XKEY + w_i) mod 2^b */
++		for (u32 carry = 1, k = 20; k-- > 0; carry >>= 8)
++			xkey[k] = (carry += xkey[k] + x[k]) & 0xff;
++		x += 20;
++		/* x_j = w_0|w_1 (each pair of iterations through loop)*/
++	}
++
++	mbedtls_sha1_free(&ctx);
++	return 0;
++}
++
++#endif /* CRYPTO_MBEDTLS_FIPS186_2_PRF */
++
+ #endif /* MBEDTLS_SHA1_C */
+ 
+ 
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -1174,10 +1174,6 @@ endif
+ OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+-ifdef NEED_FIPS186_2_PRF
+-OBJS += ../src/crypto/fips_prf_internal.o
+-SHA1OBJS += ../src/crypto/sha1-internal.o
+-endif
+ ifeq ($(CONFIG_CRYPTO), mbedtls)
+ LIBS += -lmbedcrypto
+ LIBS_p += -lmbedcrypto

feeds/hostapd/hostapd/patches/130-mbedtls-annotate-with-TEST_FAIL-for-hwsim-tests.patch

@@ -0,0 +1,421 @@
+From 31bd19e0e0254b910cccfd3ddc6a6a9222bbcfc0 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sun, 9 Oct 2022 05:12:17 -0400
+Subject: [PATCH 3/7] mbedtls: annotate with TEST_FAIL() for hwsim tests
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/crypto/crypto_mbedtls.c | 124 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 124 insertions(+)
+
+--- a/src/crypto/crypto_mbedtls.c
++++ b/src/crypto/crypto_mbedtls.c
+@@ -280,6 +280,9 @@ __attribute_noinline__
+ static int md_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+                      u8 *mac, mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_md_context_t ctx;
+ 	mbedtls_md_init(&ctx);
+ 	if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 0) != 0){
+@@ -343,6 +346,9 @@ __attribute_noinline__
+ static int sha384_512_vector(size_t num_elem, const u8 *addr[],
+                              const size_t *len, u8 *mac, int is384)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_sha512_context ctx;
+ 	mbedtls_sha512_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -375,6 +381,9 @@ int sha384_vector(size_t num_elem, const
+ #include <mbedtls/sha256.h>
+ int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_sha256_context ctx;
+ 	mbedtls_sha256_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -397,6 +406,9 @@ int sha256_vector(size_t num_elem, const
+ #include <mbedtls/sha1.h>
+ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_sha1_context ctx;
+ 	mbedtls_sha1_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -419,6 +431,9 @@ int sha1_vector(size_t num_elem, const u
+ #include <mbedtls/md5.h>
+ int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_md5_context ctx;
+ 	mbedtls_md5_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -441,6 +456,9 @@ int md5_vector(size_t num_elem, const u8
+ #include <mbedtls/md4.h>
+ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_md4_context ctx;
+ 	mbedtls_md4_init(&ctx);
+ 	mbedtls_md4_starts_ret(&ctx);
+@@ -460,6 +478,9 @@ static int hmac_vector(const u8 *key, si
+                        const u8 *addr[], const size_t *len, u8 *mac,
+                        mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_md_context_t ctx;
+ 	mbedtls_md_init(&ctx);
+ 	if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 1) != 0){
+@@ -571,6 +592,9 @@ static int hmac_kdf_expand(const u8 *prk
+                            const char *label, const u8 *info, size_t info_len,
+                            u8 *okm, size_t okm_len, mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
+   #ifdef MBEDTLS_HKDF_C
+ 	if (label == NULL)  /* RFC 5869 HKDF-Expand when (label == NULL) */
+@@ -663,6 +687,9 @@ static int hmac_prf_bits(const u8 *key,
+                          const u8 *data, size_t data_len, u8 *buf,
+                          size_t buf_len_bits, mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_md_context_t ctx;
+ 	mbedtls_md_init(&ctx);
+ 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
+@@ -938,6 +965,9 @@ int pbkdf2_sha1(const char *passphrase,
+ 
+ static void *aes_crypt_init_mode(const u8 *key, size_t len, int mode)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_aes_context *aes = os_malloc(sizeof(*aes));
+ 	if (!aes)
+ 		return NULL;
+@@ -996,6 +1026,9 @@ void aes_decrypt_deinit(void *ctx)
+ /* aes-wrap.c */
+ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_nist_kw_context ctx;
+ 	mbedtls_nist_kw_init(&ctx);
+ 	size_t olen;
+@@ -1010,6 +1043,9 @@ int aes_wrap(const u8 *kek, size_t kek_l
+ /* aes-unwrap.c */
+ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, u8 *plain)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_nist_kw_context ctx;
+ 	mbedtls_nist_kw_init(&ctx);
+ 	size_t olen;
+@@ -1041,6 +1077,9 @@ int omac1_aes_vector(
+     const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[],
+     const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_cipher_type_t cipher_type;
+ 	switch (key_len) {
+ 	case 16: cipher_type = MBEDTLS_CIPHER_AES_128_ECB; break;
+@@ -1103,6 +1142,9 @@ int omac1_aes_256(const u8 *key, const u
+ /* aes-encblock.c */
+ int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_aes_context aes;
+ 	mbedtls_aes_init(&aes);
+ 	int ret = mbedtls_aes_setkey_enc(&aes, key, 128)
+@@ -1118,6 +1160,9 @@ int aes_128_encrypt_block(const u8 *key,
+ int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce,
+ 		    u8 *data, size_t data_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	unsigned char counter[MBEDTLS_AES_BLOCK_SIZE];
+ 	unsigned char stream_block[MBEDTLS_AES_BLOCK_SIZE];
+ 	os_memcpy(counter, nonce, MBEDTLS_AES_BLOCK_SIZE);/*(must be writable)*/
+@@ -1160,11 +1205,17 @@ static int aes_128_cbc_oper(const u8 *ke
+ 
+ int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_ENCRYPT);
+ }
+ 
+ int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_DECRYPT);
+ }
+ 
+@@ -1407,6 +1458,10 @@ int crypto_hash_finish(struct crypto_has
+ 	}
+ 	mbedtls_md_free(mctx);
+ 	os_free(mctx);
++
++	if (TEST_FAIL())
++		return -1;
++
+ 	return 0;
+ }
+ 
+@@ -1421,6 +1476,9 @@ int crypto_hash_finish(struct crypto_has
+ 
+ struct crypto_bignum *crypto_bignum_init(void)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_mpi *bn = os_malloc(sizeof(*bn));
+ 	if (bn)
+ 		mbedtls_mpi_init(bn);
+@@ -1429,6 +1487,9 @@ struct crypto_bignum *crypto_bignum_init
+ 
+ struct crypto_bignum *crypto_bignum_init_set(const u8 *buf, size_t len)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_mpi *bn = os_malloc(sizeof(*bn));
+ 	if (bn) {
+ 		mbedtls_mpi_init(bn);
+@@ -1442,6 +1503,9 @@ struct crypto_bignum *crypto_bignum_init
+ 
+ struct crypto_bignum *crypto_bignum_init_uint(unsigned int val)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+   #if 0 /*(hostap use of this interface passes int, not uint)*/
+ 	val = host_to_be32(val);
+ 	return crypto_bignum_init_set((const u8 *)&val, sizeof(val));
+@@ -1467,6 +1531,9 @@ void crypto_bignum_deinit(struct crypto_
+ int crypto_bignum_to_bin(const struct crypto_bignum *a,
+ 			 u8 *buf, size_t buflen, size_t padlen)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	size_t n = mbedtls_mpi_size((mbedtls_mpi *)a);
+ 	if (n < padlen)
+ 		n = padlen;
+@@ -1477,6 +1544,9 @@ int crypto_bignum_to_bin(const struct cr
+ 
+ int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/*assert(r != m);*//* r must not be same as m for mbedtls_mpi_random()*/
+   #if MBEDTLS_VERSION_NUMBER >= 0x021B0000 /* mbedtls 2.27.0 */
+ 	return mbedtls_mpi_random((mbedtls_mpi *)r, 0, (mbedtls_mpi *)m,
+@@ -1513,6 +1583,9 @@ int crypto_bignum_exptmod(const struct c
+ 			  const struct crypto_bignum *c,
+ 			  struct crypto_bignum *d)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/* (check if input params match d; d is the result) */
+ 	/* (a == d) is ok in current mbedtls implementation */
+ 	if (b == d || c == d) { /*(not ok; store result in intermediate)*/
+@@ -1540,6 +1613,9 @@ int crypto_bignum_inverse(const struct c
+ 			  const struct crypto_bignum *b,
+ 			  struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_inv_mod((mbedtls_mpi *)c,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b) ? -1 : 0;
+@@ -1549,6 +1625,9 @@ int crypto_bignum_sub(const struct crypt
+ 		      const struct crypto_bignum *b,
+ 		      struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_sub_mpi((mbedtls_mpi *)c,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b) ? -1 : 0;
+@@ -1558,6 +1637,9 @@ int crypto_bignum_div(const struct crypt
+ 		      const struct crypto_bignum *b,
+ 		      struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/*(most current use of this crypto.h interface has a == c (result),
+ 	 * so store result in an intermediate to avoid overwritten input)*/
+ 	mbedtls_mpi R;
+@@ -1575,6 +1657,9 @@ int crypto_bignum_addmod(const struct cr
+ 			 const struct crypto_bignum *c,
+ 			 struct crypto_bignum *d)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_add_mpi((mbedtls_mpi *)d,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b)
+@@ -1588,6 +1673,9 @@ int crypto_bignum_mulmod(const struct cr
+ 			 const struct crypto_bignum *c,
+ 			 struct crypto_bignum *d)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_mul_mpi((mbedtls_mpi *)d,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b)
+@@ -1600,6 +1688,9 @@ int crypto_bignum_sqrmod(const struct cr
+ 			 const struct crypto_bignum *b,
+ 			 struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+   #if 1
+ 	return crypto_bignum_mulmod(a, a, b, c);
+   #else
+@@ -1650,6 +1741,9 @@ int crypto_bignum_is_odd(const struct cr
+ int crypto_bignum_legendre(const struct crypto_bignum *a,
+ 			   const struct crypto_bignum *p)
+ {
++	if (TEST_FAIL())
++		return -2;
++
+ 	/* Security Note:
+ 	 * mbedtls_mpi_exp_mod() is not documented to run in constant time,
+ 	 * though mbedtls/library/bignum.c uses constant_time_internal.h funcs.
+@@ -1702,6 +1796,9 @@ int crypto_mod_exp(const u8 *base, size_
+ 		   const u8 *modulus, size_t modulus_len,
+ 		   u8 *result, size_t *result_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result;
+ 	mbedtls_mpi_init(&bn_base);
+ 	mbedtls_mpi_init(&bn_exp);
+@@ -1769,6 +1866,9 @@ static int crypto_mbedtls_dh_init_public
+ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
+ 		   u8 *pubkey)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+   #if 0 /*(crypto_dh_init() duplicated (and identical) in crypto_*.c modules)*/
+ 	size_t pubkey_len, pad;
+ 
+@@ -1810,6 +1910,9 @@ int crypto_dh_derive_secret(u8 generator
+ 			    const u8 *pubkey, size_t pubkey_len,
+ 			    u8 *secret, size_t *len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+   #if 0
+ 	if (pubkey_len > prime_len ||
+ 	    (pubkey_len == prime_len &&
+@@ -2512,6 +2615,9 @@ const struct crypto_ec_point * crypto_ec
+ 
+ struct crypto_ec_point *crypto_ec_point_init(struct crypto_ec *e)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_ecp_point *p = os_malloc(sizeof(*p));
+ 	if (p != NULL)
+ 		mbedtls_ecp_point_init(p);
+@@ -2536,6 +2642,9 @@ int crypto_ec_point_x(struct crypto_ec *
+ int crypto_ec_point_to_bin(struct crypto_ec *e,
+ 			   const struct crypto_ec_point *point, u8 *x, u8 *y)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/* crypto.h documents crypto_ec_point_to_bin() output is big-endian */
+ 	size_t len = CRYPTO_EC_plen(e);
+ 	if (x) {
+@@ -2563,6 +2672,9 @@ int crypto_ec_point_to_bin(struct crypto
+ struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e,
+ 						  const u8 *val)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	size_t len = CRYPTO_EC_plen(e);
+ 	mbedtls_ecp_point *p = os_malloc(sizeof(*p));
+ 	u8 buf[1+MBEDTLS_MPI_MAX_SIZE*2];
+@@ -2615,6 +2727,9 @@ int crypto_ec_point_add(struct crypto_ec
+ 			const struct crypto_ec_point *b,
+ 			struct crypto_ec_point *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/* mbedtls does not provide an mbedtls_ecp_point add function */
+ 	mbedtls_mpi one;
+ 	mbedtls_mpi_init(&one);
+@@ -2631,6 +2746,9 @@ int crypto_ec_point_mul(struct crypto_ec
+ 			const struct crypto_bignum *b,
+ 			struct crypto_ec_point *res)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_ecp_mul(
+ 		(mbedtls_ecp_group *)e, (mbedtls_ecp_point *)res,
+ 		(const mbedtls_mpi *)b, (const mbedtls_ecp_point *)p,
+@@ -2639,6 +2757,9 @@ int crypto_ec_point_mul(struct crypto_ec
+ 
+ int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	if (mbedtls_ecp_get_type((mbedtls_ecp_group *)e)
+ 	    == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ 		/* e.g. MBEDTLS_ECP_DP_CURVE25519 and MBEDTLS_ECP_DP_CURVE448 */
+@@ -2751,6 +2872,9 @@ struct crypto_bignum *
+ crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
+ 			      const struct crypto_bignum *x)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_mpi *y2 = os_malloc(sizeof(*y2));
+ 	if (y2 == NULL)
+ 		return NULL;

feeds/hostapd/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch

@@ -0,0 +1,45 @@
+From 33afce36c54b0cad38643629ded10ff5d727f077 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Fri, 12 Aug 2022 05:34:47 -0400
+Subject: [PATCH 5/7] add NULL checks (encountered during tests/hwsim)
+
+sae_derive_commit_element_ecc NULL pwe_ecc check
+dpp_gen_keypair() NULL curve check
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/common/dpp_crypto.c | 6 ++++++
+ src/common/sae.c        | 7 +++++++
+ 2 files changed, 13 insertions(+)
+
+--- a/src/common/dpp_crypto.c
++++ b/src/common/dpp_crypto.c
+@@ -269,6 +269,12 @@ int dpp_get_pubkey_hash(struct crypto_ec
+ 
+ struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
+ {
++	if (curve == NULL) {
++		wpa_printf(MSG_DEBUG,
++		           "DPP: %s curve must be initialized", __func__);
++		return NULL;
++	}
++
+ 	struct crypto_ec_key *key;
+ 
+ 	wpa_printf(MSG_DEBUG, "DPP: Generating a keypair");
+--- a/src/common/sae.c
++++ b/src/common/sae.c
+@@ -1278,6 +1278,13 @@ void sae_deinit_pt(struct sae_pt *pt)
+ static int sae_derive_commit_element_ecc(struct sae_data *sae,
+ 					 struct crypto_bignum *mask)
+ {
++	if (sae->tmp->pwe_ecc == NULL) {
++		wpa_printf(MSG_DEBUG,
++		           "SAE: %s sae->tmp->pwe_ecc must be initialized",
++		           __func__);
++		return -1;
++	}
++
+ 	/* COMMIT-ELEMENT = inverse(scalar-op(mask, PWE)) */
+ 	if (!sae->tmp->own_commit_element_ecc) {
+ 		sae->tmp->own_commit_element_ecc =

feeds/hostapd/hostapd/patches/160-dpp_pkex-EC-point-mul-w-value-prime.patch

@@ -0,0 +1,26 @@
+From 54211caa2e0e5163aefef390daf88a971367a702 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Tue, 4 Oct 2022 17:09:24 -0400
+Subject: [PATCH 6/7] dpp_pkex: EC point mul w/ value < prime
+
+crypto_ec_point_mul() with mbedtls requires point
+be multiplied by a multiplicand with value < prime
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/common/dpp_crypto.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/common/dpp_crypto.c
++++ b/src/common/dpp_crypto.c
+@@ -1588,7 +1588,9 @@ dpp_pkex_derive_Qr(const struct dpp_curv
+ 	Pr = crypto_ec_key_get_public_key(Pr_key);
+ 	Qr = crypto_ec_point_init(ec);
+ 	hash_bn = crypto_bignum_init_set(hash, curve->hash_len);
+-	if (!Pr || !Qr || !hash_bn || crypto_ec_point_mul(ec, Pr, hash_bn, Qr))
++	if (!Pr || !Qr || !hash_bn ||
++	    crypto_bignum_mod(hash_bn, crypto_ec_get_prime(ec), hash_bn) ||
++	    crypto_ec_point_mul(ec, Pr, hash_bn, Qr))
+ 		goto fail;
+ 
+ 	if (crypto_ec_point_is_at_infinity(ec, Qr)) {

feeds/hostapd/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch

@@ -0,0 +1,141 @@
+From d4c4ef302f98fd6bce173b8636e7e350d8b44981 Mon Sep 17 00:00:00 2001
+From: P Praneesh <ppranees@codeaurora.org>
+Date: Fri, 19 Mar 2021 12:17:27 +0530
+Subject: [PATCH] hostapd: update cfs0 and cfs1 for 160MHz
+
+As per standard Draft P802.11ax_D8.0,( Table 26-9—Setting
+of the VHT Channel Width and VHT NSS at an HE STA
+transmitting the OM Control subfield ), center frequency of
+160MHz should be published in HT information subset 2 of
+HT information when EXT NSS BW field is enabled.
+
+If the supported number of NSS in 160MHz is at least max NSS
+support, then center_freq_seg0 indicates the center frequency of 80MHz and
+center_freq_seg1 indicates the center frequency of 160MHz.
+
+If the supported number of NSS in 160MHz is less than max NSS
+support, then center_freq_seg0 indicates the center frequency of 80MHz and
+center_freq_seg1 is 0. The center frequency of 160MHz is published in HT
+operation information element instead.
+
+Signed-off-by: P Praneesh <ppranees@codeaurora.org>
+---
+ hostapd/config_file.c           |  2 ++
+ src/ap/ieee802_11_ht.c          |  7 +++++++
+ src/ap/ieee802_11_vht.c         | 16 ++++++++++++++++
+ src/common/hw_features_common.c |  1 +
+ src/common/ieee802_11_defs.h    |  1 +
+ 5 files changed, 27 insertions(+)
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -1153,6 +1153,8 @@ static int hostapd_config_vht_capab(stru
+ 		conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
+ 	if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
+ 		conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
++	if (os_strstr(capab, "[EXT-NSS-BW-SUPP]"))
++		conf->vht_capab |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
+ 	return 0;
+ }
+ #endif /* CONFIG_IEEE80211AC */
+--- a/src/ap/ieee802_11_ht.c
++++ b/src/ap/ieee802_11_ht.c
+@@ -82,7 +82,9 @@ u8 * hostapd_eid_ht_capabilities(struct
+ u8 * hostapd_eid_ht_operation(struct hostapd_data *hapd, u8 *eid)
+ {
+ 	struct ieee80211_ht_operation *oper;
++	le32 vht_capabilities_info;
+ 	u8 *pos = eid;
++	u8 chwidth;
+ 
+ 	if (!hapd->iconf->ieee80211n || hapd->conf->disable_11n ||
+ 	    is_6ghz_op_class(hapd->iconf->op_class))
+@@ -103,6 +105,13 @@ u8 * hostapd_eid_ht_operation(struct hos
+ 		oper->ht_param |= HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW |
+ 			HT_INFO_HT_PARAM_STA_CHNL_WIDTH;
+ 
++	vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
++	chwidth = hostapd_get_oper_chwidth(hapd->iconf);
++	if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT
++		&& ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
++		oper->operation_mode = host_to_le16(hapd->iconf->vht_oper_centr_freq_seg0_idx << 5);
++	}
++
+ 	pos += sizeof(*oper);
+ 
+ 	return pos;
+--- a/src/ap/ieee802_11_vht.c
++++ b/src/ap/ieee802_11_vht.c
+@@ -25,6 +25,7 @@ u8 * hostapd_eid_vht_capabilities(struct
+ 	struct ieee80211_vht_capabilities *cap;
+ 	struct hostapd_hw_modes *mode = hapd->iface->current_mode;
+ 	u8 *pos = eid;
++	u8 chwidth;
+ 
+ 	if (!mode || is_6ghz_op_class(hapd->iconf->op_class))
+ 		return eid;
+@@ -62,6 +63,17 @@ u8 * hostapd_eid_vht_capabilities(struct
+ 			host_to_le32(nsts << VHT_CAP_BEAMFORMEE_STS_OFFSET);
+ 	}
+ 
++	chwidth = hostapd_get_oper_chwidth(hapd->iconf);
++	if (((host_to_le32(mode->vht_capab)) & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
++		&& ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
++		cap->vht_capabilities_info |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
++		cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ));
++		cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160MHZ));
++		cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_MASK));
++	} else {
++		cap->vht_capabilities_info &= ~VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK;
++	}
++
+ 	/* Supported MCS set comes from hw */
+ 	os_memcpy(&cap->vht_supported_mcs_set, mode->vht_mcs_set, 8);
+ 
+@@ -74,6 +86,7 @@ u8 * hostapd_eid_vht_capabilities(struct
+ u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
+ {
+ 	struct ieee80211_vht_operation *oper;
++	le32 vht_capabilities_info;
+ 	u8 *pos = eid;
+ 	enum oper_chan_width oper_chwidth =
+ 		hostapd_get_oper_chwidth(hapd->iconf);
+@@ -106,6 +119,7 @@ u8 * hostapd_eid_vht_operation(struct ho
+ 	oper->vht_op_info_chan_center_freq_seg1_idx = seg1;
+ 
+ 	oper->vht_op_info_chwidth = oper_chwidth;
++	vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
+ 	if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ) {
+ 		/*
+ 		 * Convert 160 MHz channel width to new style as interop
+@@ -119,6 +133,9 @@ u8 * hostapd_eid_vht_operation(struct ho
+ 			oper->vht_op_info_chan_center_freq_seg0_idx -= 8;
+ 		else
+ 			oper->vht_op_info_chan_center_freq_seg0_idx += 8;
++
++		if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
++			oper->vht_op_info_chan_center_freq_seg1_idx = 0;
+ 	} else if (oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ) {
+ 		/*
+ 		 * Convert 80+80 MHz channel width to new style as interop
+--- a/src/common/hw_features_common.c
++++ b/src/common/hw_features_common.c
+@@ -811,6 +811,7 @@ int ieee80211ac_cap_check(u32 hw, u32 co
+ 	VHT_CAP_CHECK(VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB);
+ 	VHT_CAP_CHECK(VHT_CAP_RX_ANTENNA_PATTERN);
+ 	VHT_CAP_CHECK(VHT_CAP_TX_ANTENNA_PATTERN);
++	VHT_CAP_CHECK(VHT_CAP_EXTENDED_NSS_BW_SUPPORT);
+ 
+ #undef VHT_CAP_CHECK
+ #undef VHT_CAP_CHECK_MAX
+--- a/src/common/ieee802_11_defs.h
++++ b/src/common/ieee802_11_defs.h
+@@ -1349,6 +1349,8 @@ struct ieee80211_ampe_ie {
+ #define VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB     ((u32) BIT(26) | BIT(27))
+ #define VHT_CAP_RX_ANTENNA_PATTERN                  ((u32) BIT(28))
+ #define VHT_CAP_TX_ANTENNA_PATTERN                  ((u32) BIT(29))
++#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT		    ((u32) BIT(30))
++#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK	    ((u32) BIT(30) | BIT(31))
+ 
+ #define VHT_OPMODE_CHANNEL_WIDTH_MASK		    ((u8) BIT(0) | BIT(1))
+ #define VHT_OPMODE_CHANNEL_RxNSS_MASK		    ((u8) BIT(4) | BIT(5) | \

feeds/hostapd/hostapd/patches/180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch

@@ -0,0 +1,20 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 14 Sep 2023 10:53:50 +0200
+Subject: [PATCH] driver_nl80211: fix setting QoS map on secondary BSSs
+
+The setting is per-BSS, not per PHY
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -11341,7 +11341,7 @@ static int nl80211_set_qos_map(void *pri
+ 	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
+ 		    qos_map_set, qos_map_set_len);
+ 
+-	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_QOS_MAP)) ||
++	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_QOS_MAP)) ||
+ 	    nla_put(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set)) {
+ 		nlmsg_free(msg);
+ 		return -ENOBUFS;

feeds/hostapd/hostapd/patches/181-driver_nl80211-update-drv-ifindex-on-removing-the-fi.patch

@@ -0,0 +1,18 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 14 Sep 2023 11:28:03 +0200
+Subject: [PATCH] driver_nl80211: update drv->ifindex on removing the first
+ BSS
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -8867,6 +8867,7 @@ static int wpa_driver_nl80211_if_remove(
+ 		if (drv->first_bss->next) {
+ 			drv->first_bss = drv->first_bss->next;
+ 			drv->ctx = drv->first_bss->ctx;
++			drv->ifindex = drv->first_bss->ifindex;
+ 			os_free(bss);
+ 		} else {
+ 			wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");

feeds/hostapd/hostapd/patches/182-nl80211-move-nl80211_put_freq_params-call-outside-of.patch

@@ -0,0 +1,34 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 18 Sep 2023 16:47:41 +0200
+Subject: [PATCH] nl80211: move nl80211_put_freq_params call outside of
+ 802.11ax #ifdef
+
+The relevance of this call is not specific to 802.11ax, so it should be done
+even with CONFIG_IEEE80211AX disabled.
+
+Fixes: b3921db426ea ("nl80211: Add frequency info in start AP command")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -5226,6 +5226,9 @@ static int wpa_driver_nl80211_set_ap(voi
+ 		nla_nest_end(msg, ftm);
+ 	}
+ 
++	if (params->freq && nl80211_put_freq_params(msg, params->freq) < 0)
++		goto fail;
++
+ #ifdef CONFIG_IEEE80211AX
+ 	if (params->he_spr_ctrl) {
+ 		struct nlattr *spr;
+@@ -5260,9 +5263,6 @@ static int wpa_driver_nl80211_set_ap(voi
+ 		nla_nest_end(msg, spr);
+ 	}
+ 
+-	if (params->freq && nl80211_put_freq_params(msg, params->freq) < 0)
+-		goto fail;
+-
+ 	if (params->freq && params->freq->he_enabled) {
+ 		struct nlattr *bss_color;
+ 

feeds/hostapd/hostapd/patches/183-hostapd-cancel-channel_list_update_timeout-in-hostap.patch

@@ -0,0 +1,28 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 20 Sep 2023 13:41:10 +0200
+Subject: [PATCH] hostapd: cancel channel_list_update_timeout in
+ hostapd_cleanup_iface_partial
+
+Fixes a crash when disabling an interface during channel list update
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -569,6 +569,7 @@ static void sta_track_deinit(struct host
+ void hostapd_cleanup_iface_partial(struct hostapd_iface *iface)
+ {
+ 	wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
++	eloop_cancel_timeout(channel_list_update_timeout, iface, NULL);
+ #ifdef NEED_AP_MLME
+ 	hostapd_stop_setup_timers(iface);
+ #endif /* NEED_AP_MLME */
+@@ -598,7 +599,6 @@ void hostapd_cleanup_iface_partial(struc
+ static void hostapd_cleanup_iface(struct hostapd_iface *iface)
+ {
+ 	wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
+-	eloop_cancel_timeout(channel_list_update_timeout, iface, NULL);
+ 	eloop_cancel_timeout(hostapd_interface_setup_failure_handler, iface,
+ 			     NULL);
+ 

feeds/hostapd/hostapd/patches/200-multicall.patch

@@ -0,0 +1,355 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -1,6 +1,7 @@
+ ALL=hostapd hostapd_cli
+ CONFIG_FILE = .config
+ 
++-include $(if $(MULTICALL), ../wpa_supplicant/.config)
+ include ../src/build.rules
+ 
+ ifdef LIBS
+@@ -199,7 +200,8 @@ endif
+ 
+ ifdef CONFIG_NO_VLAN
+ CFLAGS += -DCONFIG_NO_VLAN
+-else
++endif
++ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
+ OBJS += ../src/ap/vlan_init.o
+ OBJS += ../src/ap/vlan_ifconfig.o
+ OBJS += ../src/ap/vlan.o
+@@ -357,10 +359,14 @@ CFLAGS += -DCONFIG_MBO
+ OBJS += ../src/ap/mbo_ap.o
+ endif
+ 
++ifndef MULTICALL
++CFLAGS += -DNO_SUPPLICANT
++endif
++
+ include ../src/drivers/drivers.mak
+-OBJS += $(DRV_AP_OBJS)
+-CFLAGS += $(DRV_AP_CFLAGS)
+-LDFLAGS += $(DRV_AP_LDFLAGS)
++OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS)))
++CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS))
++LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS))
+ LIBS += $(DRV_AP_LIBS)
+ 
+ ifdef CONFIG_L2_PACKET
+@@ -1380,6 +1386,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+ _OBJS_VAR := OBJS
+ include ../src/objs.mk
+ 
++hostapd_multi.a: $(BCHECK) $(OBJS)
++	$(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c
++	@$(E) "  CC " $<
++	@rm -f $@
++	@$(AR) cr $@ hostapd_multi.o $(OBJS)
++
+ hostapd: $(OBJS)
+ 	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+ 	@$(E) "  LD " $@
+@@ -1460,6 +1472,12 @@ include ../src/objs.mk
+ _OBJS_VAR := SOBJS
+ include ../src/objs.mk
+ 
++dump_cflags:
++	@printf "%s " "$(CFLAGS)"
++
++dump_ldflags:
++	@printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
++
+ nt_password_hash: $(NOBJS)
+ 	$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
+ 	@$(E) "  LD " $@
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -10,6 +10,7 @@ ALL += dbus/fi.w1.wpa_supplicant1.servic
+ EXTRA_TARGETS=dynamic_eap_methods
+ 
+ CONFIG_FILE=.config
++-include $(if $(MULTICALL),../hostapd/.config)
+ include ../src/build.rules
+ 
+ ifdef CONFIG_BUILD_PASN_SO
+@@ -382,7 +383,9 @@ endif
+ ifdef CONFIG_IBSS_RSN
+ NEED_RSN_AUTHENTICATOR=y
+ CFLAGS += -DCONFIG_IBSS_RSN
++ifndef MULTICALL
+ CFLAGS += -DCONFIG_NO_VLAN
++endif
+ OBJS += ibss_rsn.o
+ endif
+ 
+@@ -924,6 +927,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+ CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
+ LIBS += -ldl -rdynamic
+ endif
++else
++  ifdef MULTICALL
++    OBJS += ../src/eap_common/eap_common.o
++  endif
+ endif
+ 
+ ifdef CONFIG_AP
+@@ -931,9 +938,11 @@ NEED_EAP_COMMON=y
+ NEED_RSN_AUTHENTICATOR=y
+ CFLAGS += -DCONFIG_AP
+ OBJS += ap.o
++ifndef MULTICALL
+ CFLAGS += -DCONFIG_NO_RADIUS
+ CFLAGS += -DCONFIG_NO_ACCOUNTING
+ CFLAGS += -DCONFIG_NO_VLAN
++endif
+ OBJS += ../src/ap/hostapd.o
+ OBJS += ../src/ap/wpa_auth_glue.o
+ OBJS += ../src/ap/utils.o
+@@ -1022,6 +1031,12 @@ endif
+ ifdef CONFIG_HS20
+ OBJS += ../src/ap/hs20.o
+ endif
++else
++  ifdef MULTICALL
++    OBJS += ../src/eap_server/eap_server.o
++    OBJS += ../src/eap_server/eap_server_identity.o
++    OBJS += ../src/eap_server/eap_server_methods.o
++  endif
+ endif
+ 
+ ifdef CONFIG_MBO
+@@ -1030,7 +1045,9 @@ CFLAGS += -DCONFIG_MBO
+ endif
+ 
+ ifdef NEED_RSN_AUTHENTICATOR
++ifndef MULTICALL
+ CFLAGS += -DCONFIG_NO_RADIUS
++endif
+ NEED_AES_WRAP=y
+ OBJS += ../src/ap/wpa_auth.o
+ OBJS += ../src/ap/wpa_auth_ie.o
+@@ -2010,6 +2027,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+ 
+ _OBJS_VAR := OBJS
+ include ../src/objs.mk
++wpa_supplicant_multi.a: .config $(BCHECK) $(OBJS) $(EXTRA_progs)
++	$(Q)$(CC) -c -o wpa_supplicant_multi.o -Dmain=wpa_supplicant_main $(CFLAGS) main.c
++	@$(E) "  CC " $<
++	@rm -f $@
++	@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
++
+ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
+ 	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
+ 	@$(E) "  LD " $@
+@@ -2142,6 +2165,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+ 	$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
+ 	@$(E) "  sed" $<
+ 
++dump_cflags:
++	@printf "%s " "$(CFLAGS)"
++
++dump_ldflags:
++	@printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
++
+ wpa_supplicant.exe: wpa_supplicant
+ 	mv -f $< $@
+ wpa_cli.exe: wpa_cli
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -6667,8 +6667,8 @@ union wpa_event_data {
+  * Driver wrapper code should call this function whenever an event is received
+  * from the driver.
+  */
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+-			  union wpa_event_data *data);
++extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
++				    union wpa_event_data *data);
+ 
+ /**
+  * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
+@@ -6680,7 +6680,7 @@ void wpa_supplicant_event(void *ctx, enu
+  * Same as wpa_supplicant_event(), but we search for the interface in
+  * wpa_global.
+  */
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
+ 				 union wpa_event_data *data);
+ 
+ /*
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -2184,8 +2184,8 @@ err:
+ #endif /* CONFIG_OWE */
+ 
+ 
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+-			  union wpa_event_data *data)
++void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
++		       union wpa_event_data *data)
+ {
+ 	struct hostapd_data *hapd = ctx;
+ #ifndef CONFIG_NO_STDOUT_DEBUG
+@@ -2489,7 +2489,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+ 
+ 
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
+ 				 union wpa_event_data *data)
+ {
+ 	struct hapd_interfaces *interfaces = ctx;
+--- a/wpa_supplicant/wpa_priv.c
++++ b/wpa_supplicant/wpa_priv.c
+@@ -1039,8 +1039,8 @@ static void wpa_priv_send_ft_response(st
+ }
+ 
+ 
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+-			  union wpa_event_data *data)
++static void supplicant_event(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data)
+ {
+ 	struct wpa_priv_interface *iface = ctx;
+ 
+@@ -1103,7 +1103,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+ 
+ 
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ 				 union wpa_event_data *data)
+ {
+ 	struct wpa_priv_global *global = ctx;
+@@ -1217,6 +1217,8 @@ int main(int argc, char *argv[])
+ 	if (os_program_init())
+ 		return -1;
+ 
++	wpa_supplicant_event = supplicant_event;
++	wpa_supplicant_event_global = supplicant_event_global;
+ 	wpa_priv_fd_workaround();
+ 
+ 	os_memset(&global, 0, sizeof(global));
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -5353,8 +5353,8 @@ static void wpas_link_reconfig(struct wp
+ }
+ 
+ 
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+-			  union wpa_event_data *data)
++void supplicant_event(void *ctx, enum wpa_event_type event,
++		      union wpa_event_data *data)
+ {
+ 	struct wpa_supplicant *wpa_s = ctx;
+ 	int resched;
+@@ -6272,7 +6272,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+ 
+ 
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ 				 union wpa_event_data *data)
+ {
+ 	struct wpa_supplicant *wpa_s;
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -7462,7 +7462,6 @@ struct wpa_interface * wpa_supplicant_ma
+ 	return NULL;
+ }
+ 
+-
+ /**
+  * wpa_supplicant_match_existing - Match existing interfaces
+  * @global: Pointer to global data from wpa_supplicant_init()
+@@ -7497,6 +7496,11 @@ static int wpa_supplicant_match_existing
+ 
+ #endif /* CONFIG_MATCH_IFACE */
+ 
++extern void supplicant_event(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data);
++
++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
++ 				 union wpa_event_data *data);
+ 
+ /**
+  * wpa_supplicant_add_iface - Add a new network interface
+@@ -7753,6 +7757,8 @@ struct wpa_global * wpa_supplicant_init(
+ #ifndef CONFIG_NO_WPA_MSG
+ 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
+ #endif /* CONFIG_NO_WPA_MSG */
++	wpa_supplicant_event = supplicant_event;
++	wpa_supplicant_event_global = supplicant_event_global;
+ 
+ 	if (params->wpa_debug_file_path)
+ 		wpa_debug_open_file(params->wpa_debug_file_path);
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -698,6 +698,11 @@ fail:
+ 	return -1;
+ }
+ 
++void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
++                       union wpa_event_data *data);
++
++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
++ 				 union wpa_event_data *data);
+ 
+ #ifdef CONFIG_WPS
+ static int gen_uuid(const char *txt_addr)
+@@ -791,6 +796,8 @@ int main(int argc, char *argv[])
+ 		return -1;
+ #endif /* CONFIG_DPP */
+ 
++	wpa_supplicant_event = hostapd_wpa_event;
++	wpa_supplicant_event_global = hostapd_wpa_event_global;
+ 	for (;;) {
+ 		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:q");
+ 		if (c < 0)
+--- a/src/drivers/drivers.c
++++ b/src/drivers/drivers.c
+@@ -10,6 +10,10 @@
+ #include "utils/common.h"
+ #include "driver.h"
+ 
++void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data);
++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data);
+ 
+ const struct wpa_driver_ops *const wpa_drivers[] =
+ {
+--- a/wpa_supplicant/eapol_test.c
++++ b/wpa_supplicant/eapol_test.c
+@@ -31,7 +31,12 @@
+ #include "ctrl_iface.h"
+ #include "pcsc_funcs.h"
+ #include "wpas_glue.h"
++#include "drivers/driver.h"
+ 
++void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data);
++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data);
+ 
+ const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
+ 
+@@ -1303,6 +1308,10 @@ static void usage(void)
+ 	       "option several times.\n");
+ }
+ 
++extern void supplicant_event(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data);
++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
++			     union wpa_event_data *data);
+ 
+ int main(int argc, char *argv[])
+ {
+@@ -1323,6 +1332,8 @@ int main(int argc, char *argv[])
+ 	if (os_program_init())
+ 		return -1;
+ 
++	wpa_supplicant_event = supplicant_event;
++	wpa_supplicant_event_global = supplicant_event_global;
+ 	hostapd_logger_register_cb(hostapd_logger_cb);
+ 
+ 	os_memset(&eapol_test, 0, sizeof(eapol_test));

feeds/hostapd/hostapd/patches/300-noscan.patch

@@ -0,0 +1,58 @@
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3448,6 +3448,10 @@ static int hostapd_config_fill(struct ho
+ 		if (bss->ocv && !bss->ieee80211w)
+ 			bss->ieee80211w = 1;
+ #endif /* CONFIG_OCV */
++	} else if (os_strcmp(buf, "noscan") == 0) {
++		conf->noscan = atoi(pos);
++	} else if (os_strcmp(buf, "ht_coex") == 0) {
++		conf->no_ht_coex = !atoi(pos);
+ 	} else if (os_strcmp(buf, "ieee80211n") == 0) {
+ 		conf->ieee80211n = atoi(pos);
+ 	} else if (os_strcmp(buf, "ht_capab") == 0) {
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -1075,6 +1075,8 @@ struct hostapd_config {
+ 
+ 	int ht_op_mode_fixed;
+ 	u16 ht_capab;
++	int noscan;
++	int no_ht_coex;
+ 	int ieee80211n;
+ 	int secondary_channel;
+ 	int no_pri_sec_switch;
+--- a/src/ap/hw_features.c
++++ b/src/ap/hw_features.c
+@@ -546,7 +546,8 @@ static int ieee80211n_check_40mhz(struct
+ 	int ret;
+ 
+ 	/* Check that HT40 is used and PRI / SEC switch is allowed */
+-	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
++	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
++		iface->conf->noscan)
+ 		return 0;
+ 
+ 	hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
+--- a/src/ap/ieee802_11_ht.c
++++ b/src/ap/ieee802_11_ht.c
+@@ -239,6 +239,9 @@ void hostapd_2040_coex_action(struct hos
+ 		return;
+ 	}
+ 
++	if (iface->conf->noscan || iface->conf->no_ht_coex)
++		return;
++
+ 	if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "Ignore too short 20/40 BSS Coexistence Management frame");
+@@ -399,6 +402,9 @@ void ht40_intolerant_add(struct hostapd_
+ 	if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+ 		return;
+ 
++	if (iface->conf->noscan || iface->conf->no_ht_coex)
++		return;
++
+ 	wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR
+ 		   " in Association Request", MAC2STR(sta->addr));
+ 

feeds/hostapd/hostapd/patches/301-mesh-noscan.patch

@@ -0,0 +1,71 @@
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2600,6 +2600,7 @@ static const struct parse_data ssid_fiel
+ #else /* CONFIG_MESH */
+ 	{ INT_RANGE(mode, 0, 4) },
+ #endif /* CONFIG_MESH */
++	{ INT_RANGE(noscan, 0, 1) },
+ 	{ INT_RANGE(proactive_key_caching, 0, 1) },
+ 	{ INT_RANGE(disabled, 0, 2) },
+ 	{ STR(id_str) },
+--- a/wpa_supplicant/config_file.c
++++ b/wpa_supplicant/config_file.c
+@@ -775,6 +775,7 @@ static void wpa_config_write_network(FIL
+ #endif /* IEEE8021X_EAPOL */
+ 	INT(mode);
+ 	INT(no_auto_peer);
++	INT(noscan);
+ 	INT(mesh_fwding);
+ 	INT(frequency);
+ 	INT(enable_edmg);
+--- a/wpa_supplicant/mesh.c
++++ b/wpa_supplicant/mesh.c
+@@ -506,6 +506,8 @@ static int wpa_supplicant_mesh_init(stru
+ 			   frequency);
+ 		goto out_free;
+ 	}
++	if (ssid->noscan)
++		conf->noscan = 1;
+ 
+ 	if (ssid->mesh_basic_rates == NULL) {
+ 		/*
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -2710,7 +2710,7 @@ static bool ibss_mesh_can_use_vht(struct
+ 				  const struct wpa_ssid *ssid,
+ 				  struct hostapd_hw_modes *mode)
+ {
+-	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
++	if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
+ 		return false;
+ 
+ 	if (!drv_supports_vht(wpa_s, ssid))
+@@ -2783,7 +2783,7 @@ static void ibss_mesh_select_40mhz(struc
+ 	int i, res;
+ 	unsigned int j;
+ 	static const int ht40plus[] = {
+-		36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
++		1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
+ 		184, 192
+ 	};
+ 	int ht40 = -1;
+@@ -3033,7 +3033,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
+ 	enum hostapd_hw_mode hw_mode;
+ 	struct hostapd_hw_modes *mode = NULL;
+-	int i, obss_scan = 1;
++	int i, obss_scan = !(ssid->noscan);
+ 	u8 channel;
+ 	bool is_6ghz;
+ 	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
+--- a/wpa_supplicant/config_ssid.h
++++ b/wpa_supplicant/config_ssid.h
+@@ -1035,6 +1035,8 @@ struct wpa_ssid {
+ 	 */
+ 	int no_auto_peer;
+ 
++	int noscan;
++
+ 	/**
+ 	 * mesh_rssi_threshold - Set mesh parameter mesh_rssi_threshold (dBm)
+ 	 *

feeds/hostapd/hostapd/patches/310-rescan_immediately.patch

@@ -0,0 +1,11 @@
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -5767,7 +5767,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+ 	if (wpa_s == NULL)
+ 		return NULL;
+ 	wpa_s->scan_req = INITIAL_SCAN_REQ;
+-	wpa_s->scan_interval = 5;
++	wpa_s->scan_interval = 1;
+ 	wpa_s->new_connection = 1;
+ 	wpa_s->parent = parent ? parent : wpa_s;
+ 	wpa_s->p2pdev = wpa_s->parent;

feeds/hostapd/hostapd/patches/330-nl80211_fix_set_freq.patch

@@ -0,0 +1,11 @@
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -5407,7 +5407,7 @@ static int nl80211_set_channel(struct i8
+ 		   freq->he_enabled, freq->eht_enabled, freq->bandwidth,
+ 		   freq->center_freq1, freq->center_freq2);
+ 
+-	msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
++	msg = nl80211_bss_msg(bss, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
+ 			      NL80211_CMD_SET_WIPHY);
+ 	if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
+ 		nlmsg_free(msg);

feeds/hostapd/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch

@@ -0,0 +1,39 @@
+--- a/wpa_supplicant/ap.c
++++ b/wpa_supplicant/ap.c
+@@ -1825,15 +1825,35 @@ int ap_switch_channel(struct wpa_supplic
+ 
+ 
+ #ifdef CONFIG_CTRL_IFACE
++
++static int __ap_ctrl_iface_chanswitch(struct hostapd_iface *iface,
++				      struct csa_settings *settings)
++{
++#ifdef NEED_AP_MLME
++	if (!iface || !iface->bss[0])
++		return 0;
++
++	return hostapd_switch_channel(iface->bss[0], settings);
++#else
++	return -1;
++#endif
++}
++
++
+ int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *pos)
+ {
+ 	struct csa_settings settings;
+ 	int ret = hostapd_parse_csa_settings(pos, &settings);
+ 
++	if (!(wpa_s->ap_iface && wpa_s->ap_iface->bss[0]) &&
++	    !(wpa_s->ifmsh && wpa_s->ifmsh->bss[0]))
++		return -1;
++
++	ret = __ap_ctrl_iface_chanswitch(wpa_s->ap_iface, &settings);
+ 	if (ret)
+ 		return ret;
+ 
+-	return ap_switch_channel(wpa_s, &settings);
++	return __ap_ctrl_iface_chanswitch(wpa_s->ifmsh, &settings);
+ }
+ #endif /* CONFIG_CTRL_IFACE */
+ 

feeds/hostapd/hostapd/patches/350-nl80211_del_beacon_bss.patch

@@ -0,0 +1,35 @@
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -3008,12 +3008,12 @@ static int wpa_driver_nl80211_del_beacon
+ 		return 0;
+ 
+ 	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
+-		   drv->ifindex);
++		   bss->ifindex);
+ 	link->beacon_set = 0;
+ 	link->freq = 0;
+ 
+ 	nl80211_put_wiphy_data_ap(bss);
+-	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
++	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
+ 	if (!msg)
+ 		return -ENOBUFS;
+ 
+@@ -6100,7 +6100,7 @@ static void nl80211_teardown_ap(struct i
+ 		nl80211_mgmt_unsubscribe(bss, "AP teardown");
+ 
+ 	nl80211_put_wiphy_data_ap(bss);
+-	bss->flink->beacon_set = 0;
++	wpa_driver_nl80211_del_beacon_all(bss);
+ }
+ 
+ 
+@@ -8859,8 +8859,6 @@ static int wpa_driver_nl80211_if_remove(
+ 	} else {
+ 		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
+ 		nl80211_teardown_ap(bss);
+-		if (!bss->added_if && !drv->first_bss->next)
+-			wpa_driver_nl80211_del_beacon_all(bss);
+ 		nl80211_destroy_bss(bss);
+ 		if (!bss->added_if)
+ 			i802_set_iface_flags(bss, 0);

feeds/hostapd/hostapd/patches/380-disable_ctrl_iface_mib.patch

@@ -0,0 +1,239 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -221,6 +221,9 @@ endif
+ ifdef CONFIG_NO_CTRL_IFACE
+ CFLAGS += -DCONFIG_NO_CTRL_IFACE
+ else
++ifdef CONFIG_CTRL_IFACE_MIB
++CFLAGS += -DCONFIG_CTRL_IFACE_MIB
++endif
+ ifeq ($(CONFIG_CTRL_IFACE), udp)
+ CFLAGS += -DCONFIG_CTRL_IFACE_UDP
+ else
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -3314,6 +3314,7 @@ static int hostapd_ctrl_iface_receive_pr
+ 						      reply_size);
+ 	} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
+ 		reply_len = hostapd_drv_status(hapd, reply, reply_size);
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 	} else if (os_strcmp(buf, "MIB") == 0) {
+ 		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
+ 		if (reply_len >= 0) {
+@@ -3355,6 +3356,7 @@ static int hostapd_ctrl_iface_receive_pr
+ 	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
+ 		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
+ 							reply_size);
++#endif
+ 	} else if (os_strcmp(buf, "ATTACH") == 0) {
+ 		if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
+ 			reply_len = -1;
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -983,6 +983,9 @@ ifdef CONFIG_FILS
+ OBJS += ../src/ap/fils_hlp.o
+ endif
+ ifdef CONFIG_CTRL_IFACE
++ifdef CONFIG_CTRL_IFACE_MIB
++CFLAGS += -DCONFIG_CTRL_IFACE_MIB
++endif
+ OBJS += ../src/ap/ctrl_iface_ap.o
+ endif
+ 
+--- a/wpa_supplicant/ctrl_iface.c
++++ b/wpa_supplicant/ctrl_iface.c
+@@ -2326,7 +2326,7 @@ static int wpa_supplicant_ctrl_iface_sta
+ 			pos += ret;
+ 		}
+ 
+-#ifdef CONFIG_AP
++#if defined(CONFIG_AP) && defined(CONFIG_CTRL_IFACE_MIB)
+ 		if (wpa_s->ap_iface) {
+ 			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
+ 							    end - pos,
+@@ -12087,6 +12087,7 @@ char * wpa_supplicant_ctrl_iface_process
+ 			reply_len = -1;
+ 	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
+ 		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 	} else if (os_strcmp(buf, "MIB") == 0) {
+ 		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
+ 		if (reply_len >= 0) {
+@@ -12099,6 +12100,7 @@ char * wpa_supplicant_ctrl_iface_process
+ 				reply_size - reply_len);
+ #endif /* CONFIG_MACSEC */
+ 		}
++#endif
+ 	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
+ 		reply_len = wpa_supplicant_ctrl_iface_status(
+ 			wpa_s, buf + 6, reply, reply_size);
+@@ -12587,6 +12589,7 @@ char * wpa_supplicant_ctrl_iface_process
+ 		reply_len = wpa_supplicant_ctrl_iface_bss(
+ 			wpa_s, buf + 4, reply, reply_size);
+ #ifdef CONFIG_AP
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
+ 		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
+ 	} else if (os_strncmp(buf, "STA ", 4) == 0) {
+@@ -12595,12 +12598,15 @@ char * wpa_supplicant_ctrl_iface_process
+ 	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
+ 		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
+ 						   reply_size);
++#endif
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 	} else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
+ 		if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15))
+ 			reply_len = -1;
+ 	} else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
+ 		if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13))
+ 			reply_len = -1;
++#endif
+ 	} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
+ 		if (ap_ctrl_iface_chanswitch(wpa_s, buf + 12))
+ 			reply_len = -1;
+--- a/src/ap/ctrl_iface_ap.c
++++ b/src/ap/ctrl_iface_ap.c
+@@ -26,6 +26,26 @@
+ #include "taxonomy.h"
+ #include "wnm_ap.h"
+ 
++static const char * hw_mode_str(enum hostapd_hw_mode mode)
++{
++	switch (mode) {
++	case HOSTAPD_MODE_IEEE80211B:
++		return "b";
++	case HOSTAPD_MODE_IEEE80211G:
++		return "g";
++	case HOSTAPD_MODE_IEEE80211A:
++		return "a";
++	case HOSTAPD_MODE_IEEE80211AD:
++		return "ad";
++	case HOSTAPD_MODE_IEEE80211ANY:
++		return "any";
++	case NUM_HOSTAPD_MODES:
++		return "invalid";
++	}
++	return "unknown";
++}
++
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 
+ static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
+ 					   size_t curr_len, const u8 *mcs_set)
+@@ -212,26 +232,6 @@ static const char * timeout_next_str(int
+ }
+ 
+ 
+-static const char * hw_mode_str(enum hostapd_hw_mode mode)
+-{
+-	switch (mode) {
+-	case HOSTAPD_MODE_IEEE80211B:
+-		return "b";
+-	case HOSTAPD_MODE_IEEE80211G:
+-		return "g";
+-	case HOSTAPD_MODE_IEEE80211A:
+-		return "a";
+-	case HOSTAPD_MODE_IEEE80211AD:
+-		return "ad";
+-	case HOSTAPD_MODE_IEEE80211ANY:
+-		return "any";
+-	case NUM_HOSTAPD_MODES:
+-		return "invalid";
+-	}
+-	return "unknown";
+-}
+-
+-
+ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
+ 				      struct sta_info *sta,
+ 				      char *buf, size_t buflen)
+@@ -493,6 +493,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+ 	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
+ }
+ 
++#endif
+ 
+ #ifdef CONFIG_P2P_MANAGER
+ static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
+@@ -884,12 +885,12 @@ int hostapd_ctrl_iface_status(struct hos
+ 			return len;
+ 		len += ret;
+ 	}
+-
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 	if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
+ 		len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
+ 						   mode->mcs_set);
+ 	}
+-
++#endif /* CONFIG_CTRL_IFACE_MIB */
+ 	if (iface->current_rates && iface->num_rates) {
+ 		ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
+ 		if (os_snprintf_error(buflen - len, ret))
+--- a/src/ap/ieee802_1x.c
++++ b/src/ap/ieee802_1x.c
+@@ -2834,6 +2834,7 @@ static const char * bool_txt(bool val)
+ 	return val ? "TRUE" : "FALSE";
+ }
+ 
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 
+ int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
+ {
+@@ -3020,6 +3021,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+ 	return len;
+ }
+ 
++#endif
+ 
+ #ifdef CONFIG_HS20
+ static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -5328,6 +5328,7 @@ static const char * wpa_bool_txt(int val
+ 	return val ? "TRUE" : "FALSE";
+ }
+ 
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 
+ #define RSN_SUITE "%02x-%02x-%02x-%d"
+ #define RSN_SUITE_ARG(s) \
+@@ -5480,7 +5481,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+ 
+ 	return len;
+ }
+-
++#endif
+ 
+ void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
+ {
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -3834,6 +3834,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+ }
+ 
+ 
++#ifdef CONFIG_CTRL_IFACE_MIB
++
+ #define RSN_SUITE "%02x-%02x-%02x-%d"
+ #define RSN_SUITE_ARG(s) \
+ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
+@@ -3915,6 +3917,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+ 
+ 	return (int) len;
+ }
++#endif
+ #endif /* CONFIG_CTRL_IFACE */
+ 
+ 
+--- a/wpa_supplicant/ap.c
++++ b/wpa_supplicant/ap.c
+@@ -1499,7 +1499,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+ #endif /* CONFIG_WPS */
+ 
+ 
+-#ifdef CONFIG_CTRL_IFACE
++#if defined(CONFIG_CTRL_IFACE) && defined(CONFIG_CTRL_IFACE_MIB)
+ 
+ int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s,
+ 			    char *buf, size_t buflen)

feeds/hostapd/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch

@@ -0,0 +1,11 @@
+--- a/hostapd/hostapd_cli.c
++++ b/hostapd/hostapd_cli.c
+@@ -757,7 +757,7 @@ static int wpa_ctrl_command_sta(struct w
+ 	}
+ 
+ 	buf[len] = '\0';
+-	if (memcmp(buf, "FAIL", 4) == 0)
++	if (memcmp(buf, "FAIL", 4) == 0 || memcmp(buf, "UNKNOWN COMMAND", 15) == 0)
+ 		return -1;
+ 	if (print)
+ 		printf("%s", buf);

feeds/hostapd/hostapd/patches/390-wpa_ie_cap_workaround.patch

@@ -0,0 +1,56 @@
+--- a/src/common/wpa_common.c
++++ b/src/common/wpa_common.c
+@@ -2841,6 +2841,31 @@ u32 wpa_akm_to_suite(int akm)
+ }
+ 
+ 
++static void wpa_fixup_wpa_ie_rsn(u8 *assoc_ie, const u8 *wpa_msg_ie,
++				 size_t rsn_ie_len)
++{
++	int pos, count;
++
++	pos = sizeof(struct rsn_ie_hdr) + RSN_SELECTOR_LEN;
++	if (rsn_ie_len < pos + 2)
++		return;
++
++	count = WPA_GET_LE16(wpa_msg_ie + pos);
++	pos += 2 + count * RSN_SELECTOR_LEN;
++	if (rsn_ie_len < pos + 2)
++		return;
++
++	count = WPA_GET_LE16(wpa_msg_ie + pos);
++	pos += 2 + count * RSN_SELECTOR_LEN;
++	if (rsn_ie_len < pos + 2)
++		return;
++
++	if (!assoc_ie[pos] && !assoc_ie[pos + 1] &&
++	    (wpa_msg_ie[pos] || wpa_msg_ie[pos + 1]))
++		memcpy(&assoc_ie[pos], &wpa_msg_ie[pos], 2);
++}
++
++
+ int wpa_compare_rsn_ie(int ft_initial_assoc,
+ 		       const u8 *ie1, size_t ie1len,
+ 		       const u8 *ie2, size_t ie2len)
+@@ -2848,8 +2873,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+ 	if (ie1 == NULL || ie2 == NULL)
+ 		return -1;
+ 
+-	if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0)
+-		return 0; /* identical IEs */
++	if (ie1len == ie2len) {
++		u8 *ie_tmp;
++
++		if (os_memcmp(ie1, ie2, ie1len) == 0)
++			return 0; /* identical IEs */
++
++		ie_tmp = alloca(ie1len);
++		memcpy(ie_tmp, ie1, ie1len);
++		wpa_fixup_wpa_ie_rsn(ie_tmp, ie2, ie1len);
++
++		if (os_memcmp(ie_tmp, ie2, ie1len) == 0)
++			return 0; /* only mismatch in RSN capabilties */
++	}
+ 
+ #ifdef CONFIG_IEEE80211R
+ 	if (ft_initial_assoc) {

feeds/hostapd/hostapd/patches/400-wps_single_auth_enc_type.patch

@@ -0,0 +1,23 @@
+--- a/src/ap/wps_hostapd.c
++++ b/src/ap/wps_hostapd.c
+@@ -394,9 +394,8 @@ static int hapd_wps_reconfig_in_memory(s
+ 				bss->wpa_pairwise |= WPA_CIPHER_GCMP;
+ 			else
+ 				bss->wpa_pairwise |= WPA_CIPHER_CCMP;
+-		}
+ #ifndef CONFIG_NO_TKIP
+-		if (cred->encr_type & WPS_ENCR_TKIP)
++		} else if (cred->encr_type & WPS_ENCR_TKIP)
+ 			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
+ #endif /* CONFIG_NO_TKIP */
+ 		bss->rsn_pairwise = bss->wpa_pairwise;
+@@ -1181,8 +1180,7 @@ int hostapd_init_wps(struct hostapd_data
+ 					  WPA_CIPHER_GCMP_256)) {
+ 			wps->encr_types |= WPS_ENCR_AES;
+ 			wps->encr_types_rsn |= WPS_ENCR_AES;
+-		}
+-		if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
++		} else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
+ #ifdef CONFIG_NO_TKIP
+ 			wpa_printf(MSG_INFO, "WPS: TKIP not supported");
+ 			goto fail;

feeds/hostapd/hostapd/patches/410-limit_debug_messages.patch

@@ -0,0 +1,210 @@
+--- a/src/utils/wpa_debug.c
++++ b/src/utils/wpa_debug.c
+@@ -206,7 +206,7 @@ void wpa_debug_close_linux_tracing(void)
+  *
+  * Note: New line '\n' is added to the end of the text when printing to stdout.
+  */
+-void wpa_printf(int level, const char *fmt, ...)
++void _wpa_printf(int level, const char *fmt, ...)
+ {
+ 	va_list ap;
+ 
+@@ -255,7 +255,7 @@ void wpa_printf(int level, const char *f
+ }
+ 
+ 
+-static void _wpa_hexdump(int level, const char *title, const u8 *buf,
++void _wpa_hexdump(int level, const char *title, const u8 *buf,
+ 			 size_t len, int show, int only_syslog)
+ {
+ 	size_t i;
+@@ -382,19 +382,7 @@ static void _wpa_hexdump(int level, cons
+ #endif /* CONFIG_ANDROID_LOG */
+ }
+ 
+-void wpa_hexdump(int level, const char *title, const void *buf, size_t len)
+-{
+-	_wpa_hexdump(level, title, buf, len, 1, 0);
+-}
+-
+-
+-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len)
+-{
+-	_wpa_hexdump(level, title, buf, len, wpa_debug_show_keys, 0);
+-}
+-
+-
+-static void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
++void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
+ 			       size_t len, int show)
+ {
+ 	size_t i, llen;
+@@ -507,20 +495,6 @@ file_done:
+ }
+ 
+ 
+-void wpa_hexdump_ascii(int level, const char *title, const void *buf,
+-		       size_t len)
+-{
+-	_wpa_hexdump_ascii(level, title, buf, len, 1);
+-}
+-
+-
+-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf,
+-			   size_t len)
+-{
+-	_wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
+-}
+-
+-
+ #ifdef CONFIG_DEBUG_FILE
+ static char *last_path = NULL;
+ #endif /* CONFIG_DEBUG_FILE */
+@@ -644,7 +618,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
+ }
+ 
+ 
+-void wpa_msg(void *ctx, int level, const char *fmt, ...)
++void _wpa_msg(void *ctx, int level, const char *fmt, ...)
+ {
+ 	va_list ap;
+ 	char *buf;
+@@ -682,7 +656,7 @@ void wpa_msg(void *ctx, int level, const
+ }
+ 
+ 
+-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
++void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+ {
+ 	va_list ap;
+ 	char *buf;
+--- a/src/utils/wpa_debug.h
++++ b/src/utils/wpa_debug.h
+@@ -51,6 +51,17 @@ void wpa_debug_close_file(void);
+ void wpa_debug_setup_stdout(void);
+ void wpa_debug_stop_log(void);
+ 
++/* internal */
++void _wpa_hexdump(int level, const char *title, const u8 *buf,
++		  size_t len, int show, int only_syslog);
++void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
++			size_t len, int show);
++extern int wpa_debug_show_keys;
++
++#ifndef CONFIG_MSG_MIN_PRIORITY
++#define CONFIG_MSG_MIN_PRIORITY 0
++#endif
++
+ /**
+  * wpa_debug_printf_timestamp - Print timestamp for debug output
+  *
+@@ -71,9 +82,15 @@ void wpa_debug_print_timestamp(void);
+  *
+  * Note: New line '\n' is added to the end of the text when printing to stdout.
+  */
+-void wpa_printf(int level, const char *fmt, ...)
++void _wpa_printf(int level, const char *fmt, ...)
+ PRINTF_FORMAT(2, 3);
+ 
++#define wpa_printf(level, ...)						\
++	do {								\
++		if (level >= CONFIG_MSG_MIN_PRIORITY)			\
++			_wpa_printf(level, __VA_ARGS__);		\
++	} while(0)
++
+ /**
+  * wpa_hexdump - conditional hex dump
+  * @level: priority level (MSG_*) of the message
+@@ -85,7 +102,13 @@ PRINTF_FORMAT(2, 3);
+  * output may be directed to stdout, stderr, and/or syslog based on
+  * configuration. The contents of buf is printed out has hex dump.
+  */
+-void wpa_hexdump(int level, const char *title, const void *buf, size_t len);
++static inline void wpa_hexdump(int level, const char *title, const void *buf, size_t len)
++{
++	if (level < CONFIG_MSG_MIN_PRIORITY)
++		return;
++
++	_wpa_hexdump(level, title, buf, len, 1, 1);
++}
+ 
+ static inline void wpa_hexdump_buf(int level, const char *title,
+ 				   const struct wpabuf *buf)
+@@ -107,7 +130,13 @@ static inline void wpa_hexdump_buf(int l
+  * like wpa_hexdump(), but by default, does not include secret keys (passwords,
+  * etc.) in debug output.
+  */
+-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len);
++static inline void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len)
++{
++	if (level < CONFIG_MSG_MIN_PRIORITY)
++		return;
++
++	_wpa_hexdump(level, title, buf, len, wpa_debug_show_keys, 1);
++}
+ 
+ static inline void wpa_hexdump_buf_key(int level, const char *title,
+ 				       const struct wpabuf *buf)
+@@ -129,8 +158,14 @@ static inline void wpa_hexdump_buf_key(i
+  * the hex numbers and ASCII characters (for printable range) are shown. 16
+  * bytes per line will be shown.
+  */
+-void wpa_hexdump_ascii(int level, const char *title, const void *buf,
+-		       size_t len);
++static inline void wpa_hexdump_ascii(int level, const char *title,
++				     const u8 *buf, size_t len)
++{
++	if (level < CONFIG_MSG_MIN_PRIORITY)
++		return;
++
++	_wpa_hexdump_ascii(level, title, buf, len, 1);
++}
+ 
+ /**
+  * wpa_hexdump_ascii_key - conditional hex dump, hide keys
+@@ -146,8 +181,14 @@ void wpa_hexdump_ascii(int level, const
+  * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
+  * default, does not include secret keys (passwords, etc.) in debug output.
+  */
+-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf,
+-			   size_t len);
++static inline void wpa_hexdump_ascii_key(int level, const char *title,
++					 const u8 *buf, size_t len)
++{
++	if (level < CONFIG_MSG_MIN_PRIORITY)
++		return;
++
++	_wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
++}
+ 
+ /*
+  * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
+@@ -184,7 +225,12 @@ void wpa_hexdump_ascii_key(int level, co
+  *
+  * Note: New line '\n' is added to the end of the text when printing to stdout.
+  */
+-void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
++void _wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
++#define wpa_msg(ctx, level, ...)					\
++	do {								\
++		if (level >= CONFIG_MSG_MIN_PRIORITY)			\
++			_wpa_msg(ctx, level, __VA_ARGS__);		\
++	} while(0)
+ 
+ /**
+  * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
+@@ -198,8 +244,13 @@ void wpa_msg(void *ctx, int level, const
+  * attached ctrl_iface monitors. In other words, it can be used for frequent
+  * events that do not need to be sent to syslog.
+  */
+-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
++void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+ PRINTF_FORMAT(3, 4);
++#define wpa_msg_ctrl(ctx, level, ...)					\
++	do {								\
++		if (level >= CONFIG_MSG_MIN_PRIORITY)			\
++			_wpa_msg_ctrl(ctx, level, __VA_ARGS__);		\
++	} while(0)
+ 
+ /**
+  * wpa_msg_global - Global printf for ctrl_iface monitors

feeds/hostapd/hostapd/patches/420-indicate-features.patch

@@ -0,0 +1,63 @@
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -31,7 +31,7 @@
+ #include "config_file.h"
+ #include "eap_register.h"
+ #include "ctrl_iface.h"
+-
++#include "build_features.h"
+ 
+ struct hapd_global {
+ 	void **drv_priv;
+@@ -799,7 +799,7 @@ int main(int argc, char *argv[])
+ 	wpa_supplicant_event = hostapd_wpa_event;
+ 	wpa_supplicant_event_global = hostapd_wpa_event_global;
+ 	for (;;) {
+-		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:q");
++		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:qv::");
+ 		if (c < 0)
+ 			break;
+ 		switch (c) {
+@@ -836,6 +836,8 @@ int main(int argc, char *argv[])
+ 			break;
+ #endif /* CONFIG_DEBUG_LINUX_TRACING */
+ 		case 'v':
++			if (optarg)
++				exit(!has_feature(optarg));
+ 			show_version();
+ 			exit(1);
+ 		case 'g':
+--- a/wpa_supplicant/main.c
++++ b/wpa_supplicant/main.c
+@@ -12,6 +12,7 @@
+ #endif /* __linux__ */
+ 
+ #include "common.h"
++#include "build_features.h"
+ #include "crypto/crypto.h"
+ #include "fst/fst.h"
+ #include "wpa_supplicant_i.h"
+@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
+ 
+ 	for (;;) {
+ 		c = getopt(argc, argv,
+-			   "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
++			   "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuv::W");
+ 		if (c < 0)
+ 			break;
+ 		switch (c) {
+@@ -302,8 +303,12 @@ int main(int argc, char *argv[])
+ 			break;
+ #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
+ 		case 'v':
+-			printf("%s\n", wpa_supplicant_version);
+-			exitcode = 0;
++			if (optarg) {
++				exitcode = !has_feature(optarg);
++			} else {
++				printf("%s\n", wpa_supplicant_version);
++				exitcode = 0;
++			}
+ 			goto out;
+ 		case 'W':
+ 			params.wait_for_monitor++;

feeds/hostapd/hostapd/patches/430-hostapd_cli_ifdef.patch

@@ -0,0 +1,56 @@
+--- a/hostapd/hostapd_cli.c
++++ b/hostapd/hostapd_cli.c
+@@ -401,7 +401,6 @@ static int hostapd_cli_cmd_disassociate(
+ }
+ 
+ 
+-#ifdef CONFIG_TAXONOMY
+ static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
+ 				     char *argv[])
+ {
+@@ -414,7 +413,6 @@ static int hostapd_cli_cmd_signature(str
+ 	os_snprintf(buf, sizeof(buf), "SIGNATURE %s", argv[0]);
+ 	return wpa_ctrl_command(ctrl, buf);
+ }
+-#endif /* CONFIG_TAXONOMY */
+ 
+ 
+ static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
+@@ -431,7 +429,6 @@ static int hostapd_cli_cmd_sa_query(stru
+ }
+ 
+ 
+-#ifdef CONFIG_WPS
+ static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
+ 				   char *argv[])
+ {
+@@ -657,7 +654,6 @@ static int hostapd_cli_cmd_wps_config(st
+ 			 ssid_hex, argv[1]);
+ 	return wpa_ctrl_command(ctrl, buf);
+ }
+-#endif /* CONFIG_WPS */
+ 
+ 
+ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
+@@ -1610,13 +1606,10 @@ static const struct hostapd_cli_cmd host
+ 	{ "disassociate", hostapd_cli_cmd_disassociate,
+ 	  hostapd_complete_stations,
+ 	  "<addr> = disassociate a station" },
+-#ifdef CONFIG_TAXONOMY
+ 	{ "signature", hostapd_cli_cmd_signature, hostapd_complete_stations,
+ 	  "<addr> = get taxonomy signature for a station" },
+-#endif /* CONFIG_TAXONOMY */
+ 	{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
+ 	  "<addr> = send SA Query to a station" },
+-#ifdef CONFIG_WPS
+ 	{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
+ 	  "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
+ 	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
+@@ -1641,7 +1634,6 @@ static const struct hostapd_cli_cmd host
+ 	  "<SSID> <auth> <encr> <key> = configure AP" },
+ 	{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
+ 	  "= show current WPS status" },
+-#endif /* CONFIG_WPS */
+ 	{ "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent, NULL,
+ 	  "= send Disassociation Imminent notification" },
+ 	{ "ess_disassoc", hostapd_cli_cmd_ess_disassoc, NULL,

feeds/hostapd/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch

@@ -0,0 +1,189 @@
+From 4bb69d15477e0f2b00e166845341dc933de47c58 Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <ordex@autistici.org>
+Date: Sun, 3 Jun 2012 18:22:56 +0200
+Subject: [PATCHv2 601/602] wpa_supplicant: add new config params to be used
+ with the ibss join command
+
+Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+---
+ src/drivers/driver.h            |    6 +++
+ wpa_supplicant/config.c         |   96 +++++++++++++++++++++++++++++++++++++++
+ wpa_supplicant/config_ssid.h    |    6 +++
+ wpa_supplicant/wpa_supplicant.c |   23 +++++++---
+ 4 files changed, 124 insertions(+), 7 deletions(-)
+
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -19,6 +19,7 @@
+ 
+ #define WPA_SUPPLICANT_DRIVER_VERSION 4
+ 
++#include "ap/sta_info.h"
+ #include "common/defs.h"
+ #include "common/ieee802_11_defs.h"
+ #include "common/wpa_common.h"
+@@ -953,6 +954,9 @@ struct wpa_driver_associate_params {
+ 	 * responsible for selecting with which BSS to associate. */
+ 	const u8 *bssid;
+ 
++	unsigned char rates[WLAN_SUPP_RATES_MAX];
++	int mcast_rate;
++
+ 	/**
+ 	 * bssid_hint - BSSID of a proposed AP
+ 	 *
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -18,6 +18,7 @@
+ #include "eap_peer/eap.h"
+ #include "p2p/p2p.h"
+ #include "fst/fst.h"
++#include "ap/sta_info.h"
+ #include "config.h"
+ 
+ 
+@@ -2389,6 +2390,97 @@ static char * wpa_config_write_mac_value
+ #endif /* NO_CONFIG_WRITE */
+ 
+ 
++static int wpa_config_parse_mcast_rate(const struct parse_data *data,
++				       struct wpa_ssid *ssid, int line,
++				       const char *value)
++{
++	ssid->mcast_rate = (int)(strtod(value, NULL) * 10);
++
++	return 0;
++}
++
++#ifndef NO_CONFIG_WRITE
++static char * wpa_config_write_mcast_rate(const struct parse_data *data,
++					  struct wpa_ssid *ssid)
++{
++	char *value;
++	int res;
++
++	if (!ssid->mcast_rate == 0)
++		return NULL;
++
++	value = os_malloc(6); /* longest: 300.0 */
++	if (value == NULL)
++		return NULL;
++	res = os_snprintf(value, 5, "%.1f", (double)ssid->mcast_rate / 10);
++	if (res < 0) {
++		os_free(value);
++		return NULL;
++	}
++	return value;
++}
++#endif /* NO_CONFIG_WRITE */
++
++static int wpa_config_parse_rates(const struct parse_data *data,
++				  struct wpa_ssid *ssid, int line,
++				  const char *value)
++{
++	int i;
++	char *pos, *r, *sptr, *end;
++	double rate;
++
++	pos = (char *)value;
++	r = strtok_r(pos, ",", &sptr);
++	i = 0;
++	while (pos && i < WLAN_SUPP_RATES_MAX) {
++		rate = 0.0;
++		if (r)
++			rate = strtod(r, &end);
++		ssid->rates[i] = rate * 2;
++		if (*end != '\0' || rate * 2 != ssid->rates[i])
++			return 1;
++
++		i++;
++		r = strtok_r(NULL, ",", &sptr);
++	}
++
++	return 0;
++}
++
++#ifndef NO_CONFIG_WRITE
++static char * wpa_config_write_rates(const struct parse_data *data,
++				     struct wpa_ssid *ssid)
++{
++	char *value, *pos;
++	int res, i;
++
++	if (ssid->rates[0] <= 0)
++		return NULL;
++
++	value = os_malloc(6 * WLAN_SUPP_RATES_MAX + 1);
++	if (value == NULL)
++		return NULL;
++	pos = value;
++	for (i = 0; i < WLAN_SUPP_RATES_MAX - 1; i++) {
++		res = os_snprintf(pos, 6, "%.1f,", (double)ssid->rates[i] / 2);
++		if (res < 0) {
++			os_free(value);
++			return NULL;
++		}
++		pos += res;
++	}
++	res = os_snprintf(pos, 6, "%.1f",
++			  (double)ssid->rates[WLAN_SUPP_RATES_MAX - 1] / 2);
++	if (res < 0) {
++		os_free(value);
++		return NULL;
++	}
++
++	value[6 * WLAN_SUPP_RATES_MAX] = '\0';
++	return value;
++}
++#endif /* NO_CONFIG_WRITE */
++
+ /* Helper macros for network block parser */
+ 
+ #ifdef OFFSET
+@@ -2674,6 +2766,8 @@ static const struct parse_data ssid_fiel
+ 	{ INT(ap_max_inactivity) },
+ 	{ INT(dtim_period) },
+ 	{ INT(beacon_int) },
++	{ FUNC(rates) },
++	{ FUNC(mcast_rate) },
+ #ifdef CONFIG_MACSEC
+ 	{ INT_RANGE(macsec_policy, 0, 1) },
+ 	{ INT_RANGE(macsec_integ_only, 0, 1) },
+--- a/wpa_supplicant/config_ssid.h
++++ b/wpa_supplicant/config_ssid.h
+@@ -10,8 +10,10 @@
+ #define CONFIG_SSID_H
+ 
+ #include "common/defs.h"
++#include "ap/sta_info.h"
+ #include "utils/list.h"
+ #include "eap_peer/eap_config.h"
++#include "drivers/nl80211_copy.h"
+ 
+ 
+ #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
+@@ -879,6 +881,9 @@ struct wpa_ssid {
+ 	 */
+ 	void *parent_cred;
+ 
++	unsigned char rates[WLAN_SUPP_RATES_MAX];
++	double mcast_rate;
++
+ #ifdef CONFIG_MACSEC
+ 	/**
+ 	 * macsec_policy - Determines the policy for MACsec secure session
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -4175,6 +4175,12 @@ static void wpas_start_assoc_cb(struct w
+ 			params.beacon_int = ssid->beacon_int;
+ 		else
+ 			params.beacon_int = wpa_s->conf->beacon_int;
++		int i = 0;
++		while (i < WLAN_SUPP_RATES_MAX) {
++			params.rates[i] = ssid->rates[i];
++			i++;
++		}
++		params.mcast_rate = ssid->mcast_rate;
+ 	}
+ 
+ 	if (bss && ssid->enable_edmg)

feeds/hostapd/hostapd/patches/463-add-mcast_rate-to-11s.patch

@@ -0,0 +1,68 @@
+From: Sven Eckelmann <sven.eckelmann@openmesh.com>
+Date: Thu, 11 May 2017 08:21:45 +0200
+Subject: [PATCH] set mcast_rate in mesh mode
+
+The wpa_supplicant code for IBSS allows to set the mcast rate. It is
+recommended to increase this value from 1 or 6 Mbit/s to something higher
+when using a mesh protocol on top which uses the multicast packet loss as
+indicator for the link quality.
+
+This setting was unfortunately not applied for mesh mode. But it would be
+beneficial when wpa_supplicant would behave similar to IBSS mode and set
+this argument during mesh join like authsae already does. At least it is
+helpful for companies/projects which are currently switching to 802.11s
+(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
+because newer drivers seem to support 802.11s but not IBSS anymore.
+
+Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
+Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
+
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -1827,6 +1827,7 @@ struct wpa_driver_mesh_join_params {
+ #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
+ 	unsigned int flags;
+ 	bool handle_dfs;
++	int mcast_rate;
+ };
+ 
+ struct wpa_driver_set_key_params {
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -11667,6 +11667,18 @@ static int nl80211_put_mesh_id(struct nl
+ }
+ 
+ 
++static int nl80211_put_mcast_rate(struct nl_msg *msg, int mcast_rate)
++{
++	if (mcast_rate > 0) {
++		wpa_printf(MSG_DEBUG, "  * mcast_rate=%.1f",
++			   (double)mcast_rate / 10);
++		return nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, mcast_rate);
++	}
++
++	return 0;
++}
++
++
+ static int nl80211_put_mesh_config(struct nl_msg *msg,
+ 				   struct wpa_driver_mesh_bss_params *params)
+ {
+@@ -11728,6 +11740,7 @@ static int nl80211_join_mesh(struct i802
+ 	    nl80211_put_basic_rates(msg, params->basic_rates) ||
+ 	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
+ 	    nl80211_put_beacon_int(msg, params->beacon_int) ||
++	    nl80211_put_mcast_rate(msg, params->mcast_rate) ||
+ 	    nl80211_put_dtim_period(msg, params->dtim_period))
+ 		goto fail;
+ 
+--- a/wpa_supplicant/mesh.c
++++ b/wpa_supplicant/mesh.c
+@@ -632,6 +632,7 @@ int wpa_supplicant_join_mesh(struct wpa_
+ 
+ 	params->meshid = ssid->ssid;
+ 	params->meshid_len = ssid->ssid_len;
++	params->mcast_rate = ssid->mcast_rate;
+ 	ibss_mesh_setup_freq(wpa_s, ssid, &params->freq);
+ 	wpa_s->mesh_ht_enabled = !!params->freq.ht_enabled;
+ 	wpa_s->mesh_vht_enabled = !!params->freq.vht_enabled;

feeds/hostapd/hostapd/patches/464-fix-mesh-obss-check.patch

@@ -0,0 +1,13 @@
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -3040,6 +3040,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 
+ 	freq->freq = ssid->frequency;
+ 
++	if (ssid->fixed_freq) {
++		obss_scan = 0;
++	}
++
+ 	if (ssid->mode == WPAS_MODE_IBSS && !ssid->fixed_freq) {
+ 		struct wpa_bss *bss = ibss_find_existing_bss(wpa_s, ssid);
+ 

feeds/hostapd/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch

@@ -0,0 +1,24 @@
+From c9304d3303d563ad6d2619f4e07864ed12f96889 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Sat, 14 May 2022 21:41:03 +0200
+Subject: [PATCH] hostapd: config: support random BSS color
+
+Configure the HE BSS color to a random value in case the config defines
+a BSS color which exceeds the max BSS color (63).
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ hostapd/config_file.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3500,6 +3500,8 @@ static int hostapd_config_fill(struct ho
+ 	} else if (os_strcmp(buf, "he_bss_color") == 0) {
+ 		conf->he_op.he_bss_color = atoi(pos) & 0x3f;
+ 		conf->he_op.he_bss_color_disabled = 0;
++		if (atoi(pos) > 63)
++			conf->he_op.he_bss_color = os_random() % 63 + 1;
+ 	} else if (os_strcmp(buf, "he_bss_color_partial") == 0) {
+ 		conf->he_op.he_bss_color_partial = atoi(pos);
+ 	} else if (os_strcmp(buf, "he_default_pe_duration") == 0) {

feeds/hostapd/hostapd/patches/470-survey_data_fallback.patch

@@ -0,0 +1,30 @@
+--- a/src/ap/acs.c
++++ b/src/ap/acs.c
+@@ -455,17 +455,17 @@ static int acs_get_bw_center_chan(int fr
+ static int acs_survey_is_sufficient(struct freq_survey *survey)
+ {
+ 	if (!(survey->filled & SURVEY_HAS_NF)) {
++		survey->nf = -95;
+ 		wpa_printf(MSG_INFO,
+ 			   "ACS: Survey for freq %d is missing noise floor",
+ 			   survey->freq);
+-		return 0;
+ 	}
+ 
+ 	if (!(survey->filled & SURVEY_HAS_CHAN_TIME)) {
++		survey->channel_time = 0;
+ 		wpa_printf(MSG_INFO,
+ 			   "ACS: Survey for freq %d is missing channel time",
+ 			   survey->freq);
+-		return 0;
+ 	}
+ 
+ 	if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
+@@ -473,7 +473,6 @@ static int acs_survey_is_sufficient(stru
+ 		wpa_printf(MSG_INFO,
+ 			   "ACS: Survey for freq %d is missing RX and busy time (at least one is required)",
+ 			   survey->freq);
+-		return 0;
+ 	}
+ 
+ 	return 1;