network: sync wireless source code

package/network/services/hostapd/Config.in

@@ -4,20 +4,25 @@ config WPA_RFKILL_SUPPORT
 	depends on PACKAGE_wpa-supplicant || \
 		   PACKAGE_wpa-supplicant-openssl || \
 		   PACKAGE_wpa-supplicant-wolfssl || \
+		   PACKAGE_wpa-supplicant-mbedtls || \
 		   PACKAGE_wpa-supplicant-mesh-openssl || \
 		   PACKAGE_wpa-supplicant-mesh-wolfssl || \
+		   PACKAGE_wpa-supplicant-mesh-mbedtls || \
 		   PACKAGE_wpa-supplicant-basic || \
 		   PACKAGE_wpa-supplicant-mini || \
 		   PACKAGE_wpa-supplicant-p2p || \
 		   PACKAGE_wpad || \
 		   PACKAGE_wpad-openssl || \
 		   PACKAGE_wpad-wolfssl || \
+		   PACKAGE_wpad-mbedtls || \
 		   PACKAGE_wpad-basic || \
 		   PACKAGE_wpad-basic-openssl || \
 		   PACKAGE_wpad-basic-wolfssl || \
+		   PACKAGE_wpad-basic-mbedtls || \
 		   PACKAGE_wpad-mini || \
 		   PACKAGE_wpad-mesh-openssl || \
-		   PACKAGE_wpad-mesh-wolfssl
+		   PACKAGE_wpad-mesh-wolfssl || \
+		   PACKAGE_wpad-mesh-mbedtls
 	default n
 
 config WPA_MSG_MIN_PRIORITY
@@ -25,20 +30,25 @@ config WPA_MSG_MIN_PRIORITY
 	depends on PACKAGE_wpa-supplicant || \
 		   PACKAGE_wpa-supplicant-openssl || \
 		   PACKAGE_wpa-supplicant-wolfssl || \
+		   PACKAGE_wpa-supplicant-mbedtls || \
 		   PACKAGE_wpa-supplicant-mesh-openssl || \
 		   PACKAGE_wpa-supplicant-mesh-wolfssl || \
+		   PACKAGE_wpa-supplicant-mesh-mbedtls || \
 		   PACKAGE_wpa-supplicant-basic || \
 		   PACKAGE_wpa-supplicant-mini || \
 		   PACKAGE_wpa-supplicant-p2p || \
 		   PACKAGE_wpad || \
 		   PACKAGE_wpad-openssl || \
 		   PACKAGE_wpad-wolfssl || \
+		   PACKAGE_wpad-mbedtls || \
 		   PACKAGE_wpad-basic || \
 		   PACKAGE_wpad-basic-openssl || \
 		   PACKAGE_wpad-basic-wolfssl || \
+		   PACKAGE_wpad-basic-mbedtls || \
 		   PACKAGE_wpad-mini || \
 		   PACKAGE_wpad-mesh-openssl || \
-		   PACKAGE_wpad-mesh-wolfssl
+		   PACKAGE_wpad-mesh-wolfssl || \
+		   PACKAGE_wpad-mesh-mbedtls
 	default 3
 	help
 	  Useful values are:
@@ -65,10 +75,7 @@ config WPA_WOLFSSL
 
 config DRIVER_WEXT_SUPPORT
 	bool
-	default n
+	select KERNEL_WIRELESS_EXT
-
-config DRIVER_11N_SUPPORT
-	bool
 	default n
 
 config DRIVER_11AC_SUPPORT
@@ -78,6 +85,7 @@ config DRIVER_11AC_SUPPORT
 config DRIVER_11AX_SUPPORT
 	bool
 	default n
+	select WPA_MBO_SUPPORT
 
 config WPA_ENABLE_WEP
 	bool "Enable support for unsecure and obsolete WEP"
@@ -87,3 +95,19 @@ config WPA_ENABLE_WEP
 	  for anything anymore. The functionality needed to use WEP is available in the
 	  current hostapd release under this optional build parameter and completely
 	  removed in a future release.
+
+config WPA_MBO_SUPPORT
+	bool "Multi Band Operation (Agile Multiband)"
+	default PACKAGE_wpa-supplicant || \
+		PACKAGE_wpa-supplicant-openssl || \
+		PACKAGE_wpa-supplicant-wolfssl || \
+		PACKAGE_wpa-supplicant-mbedtls || \
+		PACKAGE_wpad || \
+		PACKAGE_wpad-openssl || \
+		PACKAGE_wpad-wolfssl || \
+		PACKAGE_wpad-mbedtls
+	help
+	  Multi Band Operation aka (Agile Multiband) enables features
+	  that facilitate efficient use of multiple frequency bands.
+	  Enabling MBO on an AP using RSN requires 802.11w to be enabled.
+	  Hostapd will refuse to start if MBO and RSN are enabled without 11w.

package/network/services/hostapd/Makefile

@@ -9,9 +9,9 @@ PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-01-16
+PKG_SOURCE_DATE:=2022-07-29
-PKG_SOURCE_VERSION:=cff80b4f7d3c0a47c052e8187d671710f48939e4
+PKG_SOURCE_VERSION:=b704dc72ef824dfdd96674b90179b274d1d38105
-PKG_MIRROR_HASH:=712965bfa11a2e601d3e1c9a51a2cf3cffc6db89abafb3df3eb0cfd83c64705b
+PKG_MIRROR_HASH:=6c9dd359ef5a4595b6576e07928566d6864957c4af6466d641d6c3f7717f4689
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause
@@ -28,11 +28,12 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_hostapd-mini \
 	CONFIG_WPA_RFKILL_SUPPORT \
 	CONFIG_DRIVER_WEXT_SUPPORT \
-	CONFIG_DRIVER_11N_SUPPORT \
 	CONFIG_DRIVER_11AC_SUPPORT \
 	CONFIG_DRIVER_11AX_SUPPORT \
 	CONFIG_WPA_ENABLE_WEP
 
+PKG_BUILD_FLAGS:=gc-sections lto
+
 EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
 
 SUPPLICANT_PROVIDERS:=
@@ -53,14 +54,16 @@ LOCAL_AND_LIB_VARIANT=$(patsubst hostapd-%,%,\
 LOCAL_VARIANT=$(patsubst %-internal,%,\
 	      $(patsubst %-openssl,%,\
 	      $(patsubst %-wolfssl,%,\
+	      $(patsubst %-mbedtls,%,\
 	      $(LOCAL_AND_LIB_VARIANT)\
-	      )))
+	      ))))
 
 SSL_VARIANT=$(strip \
 		$(if $(findstring openssl,$(LOCAL_AND_LIB_VARIANT)),openssl,\
 		$(if $(findstring wolfssl,$(LOCAL_AND_LIB_VARIANT)),wolfssl,\
+		$(if $(findstring mbedtls,$(LOCAL_AND_LIB_VARIANT)),mbedtls,\
 		internal\
-		)))
+		))))
 
 CONFIG_VARIANT:=$(LOCAL_VARIANT)
 ifeq ($(LOCAL_VARIANT),mesh)
@@ -71,11 +74,6 @@ include $(INCLUDE_DIR)/package.mk
 
 STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_$(CONFIG_WPA_MSG_MIN_PRIORITY)
 
-
-ifneq ($(CONFIG_DRIVER_11N_SUPPORT),)
-  HOSTAPD_IEEE80211N:=y
-endif
-
 ifneq ($(CONFIG_DRIVER_11AC_SUPPORT),)
   HOSTAPD_IEEE80211AC:=y
 endif
@@ -87,10 +85,10 @@ endif
 DRIVER_MAKEOPTS= \
 	CONFIG_ACS=$(CONFIG_PACKAGE_kmod-cfg80211) \
 	CONFIG_DRIVER_NL80211=$(CONFIG_PACKAGE_kmod-cfg80211) \
-	CONFIG_IEEE80211N=$(HOSTAPD_IEEE80211N) \
 	CONFIG_IEEE80211AC=$(HOSTAPD_IEEE80211AC) \
 	CONFIG_IEEE80211AX=$(HOSTAPD_IEEE80211AX) \
 	CONFIG_DRIVER_WEXT=$(CONFIG_DRIVER_WEXT_SUPPORT) \
+	CONFIG_MBO=$(CONFIG_WPA_MBO_SUPPORT)
 
 ifeq ($(SSL_VARIANT),openssl)
   DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
@@ -122,6 +120,21 @@ ifeq ($(SSL_VARIANT),wolfssl)
   endif
 endif
 
+ifeq ($(SSL_VARIANT),mbedtls)
+  DRIVER_MAKEOPTS += CONFIG_TLS=mbedtls CONFIG_SAE=y
+  TARGET_LDFLAGS += -lmbedcrypto -lmbedx509 -lmbedtls
+
+  ifeq ($(LOCAL_VARIANT),basic)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y
+  endif
+  ifeq ($(LOCAL_VARIANT),mesh)
+    DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
+  endif
+  ifeq ($(LOCAL_VARIANT),full)
+    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
+  endif
+endif
+
 ifneq ($(LOCAL_TYPE),hostapd)
   ifdef CONFIG_WPA_RFKILL_SUPPORT
     DRIVER_MAKEOPTS += NEED_RFKILL=y
@@ -160,7 +173,7 @@ define Package/hostapd-openssl
 $(call Package/hostapd/Default,$(1))
   TITLE+= (OpenSSL full)
   VARIANT:=full-openssl
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_hostapd-openssl:libopenssl
 endef
 
 Package/hostapd-openssl/description = $(Package/hostapd/description)
@@ -169,11 +182,20 @@ define Package/hostapd-wolfssl
 $(call Package/hostapd/Default,$(1))
   TITLE+= (wolfSSL full)
   VARIANT:=full-wolfssl
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_hostapd-wolfssl:libwolfssl
 endef
 
 Package/hostapd-wolfssl/description = $(Package/hostapd/description)
 
+define Package/hostapd-mbedtls
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=full-mbedtls
+  DEPENDS+=+PACKAGE_hostapd-mbedtls:libmbedtls
+endef
+
+Package/hostapd-mbedtls/description = $(Package/hostapd/description)
+
 define Package/hostapd-basic
 $(call Package/hostapd/Default,$(1))
   TITLE+= (WPA-PSK, 11r, 11w)
@@ -188,7 +210,7 @@ define Package/hostapd-basic-openssl
 $(call Package/hostapd/Default,$(1))
   TITLE+= (WPA-PSK, 11r and 11w)
   VARIANT:=basic-openssl
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_hostapd-basic-openssl:libopenssl
 endef
 
 define Package/hostapd-basic-openssl/description
@@ -199,13 +221,24 @@ define Package/hostapd-basic-wolfssl
 $(call Package/hostapd/Default,$(1))
   TITLE+= (WPA-PSK, 11r and 11w)
   VARIANT:=basic-wolfssl
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_hostapd-basic-wolfssl:libwolfssl
 endef
 
 define Package/hostapd-basic-wolfssl/description
  This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
 endef
 
+define Package/hostapd-basic-mbedtls
+$(call Package/hostapd/Default,$(1))
+  TITLE+= (WPA-PSK, 11r and 11w)
+  VARIANT:=basic-mbedtls
+  DEPENDS+=+PACKAGE_hostapd-basic-mbedtls:libmbedtls
+endef
+
+define Package/hostapd-basic-mbedtls/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
+endef
+
 define Package/hostapd-mini
 $(call Package/hostapd/Default,$(1))
   TITLE+= (WPA-PSK only)
@@ -247,7 +280,7 @@ define Package/wpad-openssl
 $(call Package/wpad/Default,$(1))
   TITLE+= (OpenSSL full)
   VARIANT:=wpad-full-openssl
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_wpad-openssl:libopenssl
 endef
 
 Package/wpad-openssl/description = $(Package/wpad/description)
@@ -256,11 +289,20 @@ define Package/wpad-wolfssl
 $(call Package/wpad/Default,$(1))
   TITLE+= (wolfSSL full)
   VARIANT:=wpad-full-wolfssl
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_wpad-wolfssl:libwolfssl
 endef
 
 Package/wpad-wolfssl/description = $(Package/wpad/description)
 
+define Package/wpad-mbedtls
+$(call Package/wpad/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=wpad-full-mbedtls
+  DEPENDS+=+PACKAGE_wpad-mbedtls:libmbedtls
+endef
+
+Package/wpad-mbedtls/description = $(Package/wpad/description)
+
 define Package/wpad-basic
 $(call Package/wpad/Default,$(1))
   TITLE+= (WPA-PSK, 11r, 11w)
@@ -275,7 +317,7 @@ define Package/wpad-basic-openssl
 $(call Package/wpad/Default,$(1))
   TITLE+= (OpenSSL, 11r, 11w)
   VARIANT:=wpad-basic-openssl
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_wpad-basic-openssl:libopenssl
 endef
 
 define Package/wpad-basic-openssl/description
@@ -286,13 +328,24 @@ define Package/wpad-basic-wolfssl
 $(call Package/wpad/Default,$(1))
   TITLE+= (wolfSSL, 11r, 11w)
   VARIANT:=wpad-basic-wolfssl
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_wpad-basic-wolfssl:libwolfssl
 endef
 
 define Package/wpad-basic-wolfssl/description
  This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
 endef
 
+define Package/wpad-basic-mbedtls
+$(call Package/wpad/Default,$(1))
+  TITLE+= (mbedTLS, 11r, 11w)
+  VARIANT:=wpad-basic-mbedtls
+  DEPENDS+=+PACKAGE_wpad-basic-mbedtls:libmbedtls
+endef
+
+define Package/wpad-basic-mbedtls/description
+ This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
+endef
+
 define Package/wpad-mini
 $(call Package/wpad/Default,$(1))
   TITLE+= (WPA-PSK only)
@@ -316,7 +369,7 @@ endef
 define Package/wpad-mesh-openssl
 $(call Package/wpad-mesh,$(1))
   TITLE+= (OpenSSL, 11s, SAE)
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_wpad-mesh-openssl:libopenssl
   VARIANT:=wpad-mesh-openssl
 endef
 
@@ -325,12 +378,21 @@ Package/wpad-mesh-openssl/description = $(Package/wpad-mesh/description)
 define Package/wpad-mesh-wolfssl
 $(call Package/wpad-mesh,$(1))
   TITLE+= (wolfSSL, 11s, SAE)
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_wpad-mesh-wolfssl:libwolfssl
   VARIANT:=wpad-mesh-wolfssl
 endef
 
 Package/wpad-mesh-wolfssl/description = $(Package/wpad-mesh/description)
 
+define Package/wpad-mesh-mbedtls
+$(call Package/wpad-mesh,$(1))
+  TITLE+= (mbedTLS, 11s, SAE)
+  DEPENDS+=+PACKAGE_wpad-mesh-mbedtls:libmbedtls
+  VARIANT:=wpad-mesh-mbedtls
+endef
+
+Package/wpad-mesh-mbedtls/description = $(Package/wpad-mesh/description)
+
 
 define Package/wpa-supplicant/Default
   SECTION:=net
@@ -356,14 +418,21 @@ define Package/wpa-supplicant-openssl
 $(call Package/wpa-supplicant/Default,$(1))
   TITLE+= (OpenSSL full)
   VARIANT:=supplicant-full-openssl
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_wpa-supplicant-openssl:libopenssl
 endef
 
 define Package/wpa-supplicant-wolfssl
 $(call Package/wpa-supplicant/Default,$(1))
   TITLE+= (wolfSSL full)
   VARIANT:=supplicant-full-wolfssl
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_wpa-supplicant-wolfssl:libwolfssl
+endef
+
+define Package/wpa-supplicant-mbedtls
+$(call Package/wpa-supplicant/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=supplicant-full-mbedtls
+  DEPENDS+=+PACKAGE_wpa-supplicant-mbedtls:libmbedtls
 endef
 
 define Package/wpa-supplicant/config
@@ -387,14 +456,21 @@ define Package/wpa-supplicant-mesh-openssl
 $(call Package/wpa-supplicant-mesh/Default,$(1))
   TITLE+= (OpenSSL, 11s, SAE)
   VARIANT:=supplicant-mesh-openssl
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_wpa-supplicant-mesh-openssl:libopenssl
 endef
 
 define Package/wpa-supplicant-mesh-wolfssl
 $(call Package/wpa-supplicant-mesh/Default,$(1))
   TITLE+= (wolfSSL, 11s, SAE)
   VARIANT:=supplicant-mesh-wolfssl
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_wpa-supplicant-mesh-wolfssl:libwolfssl
+endef
+
+define Package/wpa-supplicant-mesh-mbedtls
+$(call Package/wpa-supplicant-mesh/Default,$(1))
+  TITLE+= (mbedTLS, 11s, SAE)
+  VARIANT:=supplicant-mesh-mbedtls
+  DEPENDS+=+PACKAGE_wpa-supplicant-mesh-mbedtls:libmbedtls
 endef
 
 define Package/wpa-supplicant-basic
@@ -460,7 +536,7 @@ define Package/eapol-test-openssl
   TITLE+= (OpenSSL full)
   VARIANT:=supplicant-full-openssl
   CONFLICTS:=$(filter-out eapol-test-openssl ,$(EAPOL_TEST_PROVIDERS))
-  DEPENDS+=+libopenssl
+  DEPENDS+=+PACKAGE_eapol-test-openssl:libopenssl
   PROVIDES:=eapol-test
 endef
 
@@ -469,7 +545,16 @@ define Package/eapol-test-wolfssl
   TITLE+= (wolfSSL full)
   VARIANT:=supplicant-full-wolfssl
   CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-wolfssl ,$(EAPOL_TEST_PROVIDERS)))
-  DEPENDS+=+libwolfssl
+  DEPENDS+=+PACKAGE_eapol-test-wolfssl:libwolfssl
+  PROVIDES:=eapol-test
+endef
+
+define Package/eapol-test-mbedtls
+  $(call Package/eapol-test/Default,$(1))
+  TITLE+= (mbedTLS full)
+  VARIANT:=supplicant-full-mbedtls
+  CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-mbedtls ,$(EAPOL_TEST_PROVIDERS)))
+  DEPENDS+=+PACKAGE_eapol-test-mbedtls:libmbedtls
   PROVIDES:=eapol-test
 endef
 
@@ -502,8 +587,7 @@ TARGET_CPPFLAGS := \
 	-D_GNU_SOURCE \
 	$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
 
-TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
+TARGET_LDFLAGS += -lubox -lubus
-TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -fuse-linker-plugin -lubox -lubus
 
 ifdef CONFIG_PACKAGE_kmod-cfg80211
   TARGET_LDFLAGS += -lm -lnl-tiny
@@ -581,6 +665,12 @@ define Build/Compile/supplicant-full-wolfssl
 	)
 endef
 
+define Build/Compile/supplicant-full-mbedtls
+	+$(call Build/RunMake,wpa_supplicant, \
+		eapol_test \
+	)
+endef
+
 define Build/Compile
 	$(Build/Compile/$(LOCAL_TYPE))
 	$(Build/Compile/$(BUILD_VARIANT))
@@ -611,9 +701,11 @@ endef
 Package/hostapd-basic/install = $(Package/hostapd/install)
 Package/hostapd-basic-openssl/install = $(Package/hostapd/install)
 Package/hostapd-basic-wolfssl/install = $(Package/hostapd/install)
+Package/hostapd-basic-mbedtls/install = $(Package/hostapd/install)
 Package/hostapd-mini/install = $(Package/hostapd/install)
 Package/hostapd-openssl/install = $(Package/hostapd/install)
 Package/hostapd-wolfssl/install = $(Package/hostapd/install)
+Package/hostapd-mbedtls/install = $(Package/hostapd/install)
 
 ifneq ($(LOCAL_TYPE),supplicant)
   define Package/hostapd-utils/install
@@ -632,11 +724,14 @@ endef
 Package/wpad-basic/install = $(Package/wpad/install)
 Package/wpad-basic-openssl/install = $(Package/wpad/install)
 Package/wpad-basic-wolfssl/install = $(Package/wpad/install)
+Package/wpad-basic-mbedtls/install = $(Package/wpad/install)
 Package/wpad-mini/install = $(Package/wpad/install)
 Package/wpad-openssl/install = $(Package/wpad/install)
 Package/wpad-wolfssl/install = $(Package/wpad/install)
+Package/wpad-mbedtls/install = $(Package/wpad/install)
 Package/wpad-mesh-openssl/install = $(Package/wpad/install)
 Package/wpad-mesh-wolfssl/install = $(Package/wpad/install)
+Package/wpad-mesh-mbedtls/install = $(Package/wpad/install)
 
 define Package/wpa-supplicant/install
 	$(call Install/supplicant,$(1))
@@ -647,8 +742,10 @@ Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install)
 Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install)
 Package/wpa-supplicant-openssl/install = $(Package/wpa-supplicant/install)
 Package/wpa-supplicant-wolfssl/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-mbedtls/install = $(Package/wpa-supplicant/install)
 Package/wpa-supplicant-mesh-openssl/install = $(Package/wpa-supplicant/install)
 Package/wpa-supplicant-mesh-wolfssl/install = $(Package/wpa-supplicant/install)
+Package/wpa-supplicant-mesh-mbedtls/install = $(Package/wpa-supplicant/install)
 
 ifneq ($(LOCAL_TYPE),hostapd)
   define Package/wpa-cli/install
@@ -678,6 +775,13 @@ ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
   endef
 endif
 
+ifeq ($(BUILD_VARIANT),supplicant-full-mbedtls)
+  define Package/eapol-test-mbedtls/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
+  endef
+endif
+
 # Build hostapd-common before its dependents, to avoid
 # spurious rebuilds when building multiple variants.
 $(eval $(call BuildPackage,hostapd-common))
@@ -685,28 +789,36 @@ $(eval $(call BuildPackage,hostapd))
 $(eval $(call BuildPackage,hostapd-basic))
 $(eval $(call BuildPackage,hostapd-basic-openssl))
 $(eval $(call BuildPackage,hostapd-basic-wolfssl))
+$(eval $(call BuildPackage,hostapd-basic-mbedtls))
 $(eval $(call BuildPackage,hostapd-mini))
 $(eval $(call BuildPackage,hostapd-openssl))
 $(eval $(call BuildPackage,hostapd-wolfssl))
+$(eval $(call BuildPackage,hostapd-mbedtls))
 $(eval $(call BuildPackage,wpad))
 $(eval $(call BuildPackage,wpad-mesh-openssl))
 $(eval $(call BuildPackage,wpad-mesh-wolfssl))
+$(eval $(call BuildPackage,wpad-mesh-mbedtls))
 $(eval $(call BuildPackage,wpad-basic))
 $(eval $(call BuildPackage,wpad-basic-openssl))
 $(eval $(call BuildPackage,wpad-basic-wolfssl))
+$(eval $(call BuildPackage,wpad-basic-mbedtls))
 $(eval $(call BuildPackage,wpad-mini))
 $(eval $(call BuildPackage,wpad-openssl))
 $(eval $(call BuildPackage,wpad-wolfssl))
+$(eval $(call BuildPackage,wpad-mbedtls))
 $(eval $(call BuildPackage,wpa-supplicant))
 $(eval $(call BuildPackage,wpa-supplicant-mesh-openssl))
 $(eval $(call BuildPackage,wpa-supplicant-mesh-wolfssl))
+$(eval $(call BuildPackage,wpa-supplicant-mesh-mbedtls))
 $(eval $(call BuildPackage,wpa-supplicant-basic))
 $(eval $(call BuildPackage,wpa-supplicant-mini))
 $(eval $(call BuildPackage,wpa-supplicant-p2p))
 $(eval $(call BuildPackage,wpa-supplicant-openssl))
 $(eval $(call BuildPackage,wpa-supplicant-wolfssl))
+$(eval $(call BuildPackage,wpa-supplicant-mbedtls))
 $(eval $(call BuildPackage,wpa-cli))
 $(eval $(call BuildPackage,hostapd-utils))
 $(eval $(call BuildPackage,eapol-test))
 $(eval $(call BuildPackage,eapol-test-openssl))
 $(eval $(call BuildPackage,eapol-test-wolfssl))
+$(eval $(call BuildPackage,eapol-test-mbedtls))

package/network/services/hostapd/files/hostapd-basic.config

@@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Integrated EAP server
 #CONFIG_EAP=y

package/network/services/hostapd/files/hostapd-full.config

@@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Integrated EAP server
 CONFIG_EAP=y
@@ -142,7 +142,7 @@ CONFIG_PKCS12=y
 
 # RADIUS authentication server. This provides access to the integrated EAP
 # server from external hosts using RADIUS.
-#CONFIG_RADIUS_SERVER=y
+CONFIG_RADIUS_SERVER=y
 
 # Build IPv6 support for RADIUS operations
 CONFIG_IPV6=y
@@ -316,7 +316,7 @@ CONFIG_INTERNAL_LIBTOMMATH=y
 CONFIG_INTERWORKING=y
 
 # Hotspot 2.0
-#CONFIG_HS20=y
+CONFIG_HS20=y
 
 # Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
 #CONFIG_SQLITE=y

package/network/services/hostapd/files/hostapd.sh

@@ -24,12 +24,12 @@ hostapd_append_wep_key() {
 		[1234])
 			for idx in 1 2 3 4; do
 				local zidx
-				zidx=$(($idx - 1))
+				zidx="$(($idx - 1))"
 				json_get_var ckey "key${idx}"
 				[ -n "$ckey" ] && \
 					append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T"
 			done
-			wep_keyidx=$((key - 1))
+			wep_keyidx="$((key - 1))"
 		;;
 		*)
 			append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T"
@@ -132,9 +132,10 @@ hostapd_prepare_device_config() {
 
 	local base_cfg=
 
-	json_get_vars country country3 country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
+	json_get_vars country country3 country_ie beacon_int:100 doth require_mode legacy_rates \
 		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
-		rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc vendor_vht
+		rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc \
+		vendor_vht
 
 	hostapd_set_log_options base_cfg
 
@@ -234,7 +235,6 @@ hostapd_prepare_device_config() {
 	[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
 	append base_cfg "beacon_int=$beacon_int" "$N"
 	[ -n "$rts_threshold" ] && append base_cfg "rts_threshold=$rts_threshold" "$N"
-	append base_cfg "dtim_period=$dtim_period" "$N"
 	[ "$airtime_mode" -gt 0 ] && append base_cfg "airtime_mode=$airtime_mode" "$N"
 	[ -n "$maxassoc" ] && append base_cfg "iface_max_num_sta=$maxassoc" "$N"
 
@@ -251,7 +251,7 @@ EOF
 
 hostapd_common_add_bss_config() {
 	config_add_string 'bssid:macaddr' 'ssid:string'
-	config_add_boolean wds wmm uapsd hidden utf8_ssid
+	config_add_boolean wds wmm uapsd hidden utf8_ssid ppsk
 
 	config_add_int maxassoc max_inactivity
 	config_add_boolean disassoc_low_ack isolate short_preamble skip_inactivity_poll
@@ -268,11 +268,11 @@ hostapd_common_add_bss_config() {
 	config_add_int ieee80211w
 	config_add_int eapol_version
 
-	config_add_string 'auth_server:host' 'server:host'
+	config_add_array auth_server acct_server
+	config_add_string 'server:host'
 	config_add_string auth_secret key
 	config_add_int 'auth_port:port' 'port:port'
 
-	config_add_string acct_server
 	config_add_string acct_secret
 	config_add_int acct_port
 	config_add_int acct_interval
@@ -309,7 +309,7 @@ hostapd_common_add_bss_config() {
 	config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
 	config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
 
-	config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
+	config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition mbo
 	config_add_int time_advertisement
 	config_add_string time_zone
 	config_add_string vendor_elements
@@ -340,6 +340,7 @@ hostapd_common_add_bss_config() {
 	config_add_int sae_pwe
 
 	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
+	config_add_string owe_transition_ifname
 
 	config_add_boolean iw_enabled iw_internet iw_asra iw_esr iw_uesa
 	config_add_int iw_access_network_type iw_venue_group iw_venue_type
@@ -362,7 +363,7 @@ hostapd_common_add_bss_config() {
 	config_add_array airtime_sta_weight
 	config_add_int airtime_bss_weight airtime_bss_limit
 
-	config_add_boolean multicast_to_unicast proxy_arp per_sta_vif
+	config_add_boolean multicast_to_unicast multicast_to_unicast_all proxy_arp per_sta_vif
 
 	config_add_array hostapd_bss_options
 	config_add_boolean default_disabled
@@ -376,6 +377,8 @@ hostapd_common_add_bss_config() {
 
 	config_add_boolean fils
 	config_add_string fils_dhcp
+
+	config_add_int ocv
 }
 
 hostapd_set_vlan_file() {
@@ -524,6 +527,20 @@ append_airtime_sta_weight() {
 	[ -n "$1" ] && append bss_conf "airtime_sta_weight=$1" "$N"
 }
 
+append_auth_server() {
+	[ -n "$1" ] || return
+	append bss_conf "auth_server_addr=$1" "$N"
+	append bss_conf "auth_server_port=$auth_port" "$N"
+	[ -n "$auth_secret" ] && append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
+}
+
+append_acct_server() {
+	[ -n "$1" ] || return
+	append bss_conf "acct_server_addr=$1" "$N"
+	append bss_conf "acct_server_port=$acct_port" "$N"
+	[ -n "$acct_secret" ] && append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
+}
+
 hostapd_set_bss_options() {
 	local var="$1"
 	local phy="$2"
@@ -542,13 +559,13 @@ hostapd_set_bss_options() {
 		wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \
 		macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
 		iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
-		acct_server acct_secret acct_port acct_interval \
+		acct_secret acct_port acct_interval \
 		bss_load_update_period chan_util_avg_period sae_require_mfp sae_pwe \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key skip_inactivity_poll \
-		airtime_bss_weight airtime_bss_limit airtime_sta_weight \
+		ppsk airtime_bss_weight airtime_bss_limit airtime_sta_weight \
-		multicast_to_unicast proxy_arp per_sta_vif \
+		multicast_to_unicast_all proxy_arp per_sta_vif \
 		eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
-		vendor_elements fils
+		vendor_elements fils ocv
 
 	set_default fils 0
 	set_default isolate 0
@@ -568,6 +585,7 @@ hostapd_set_bss_options() {
 	set_default chan_util_avg_period 600
 	set_default utf8_ssid 1
 	set_default multi_ap 0
+	set_default ppsk 0
 	set_default airtime_bss_weight 0
 	set_default airtime_bss_limit 0
 	set_default eap_server 0
@@ -610,16 +628,15 @@ hostapd_set_bss_options() {
 		[ -n "$wpa_strict_rekey" ] && append bss_conf "wpa_strict_rekey=$wpa_strict_rekey" "$N"
 	}
 
-	[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N"
+	set_default nasid "${macaddr//\:}"
-	[ -n "$acct_server" ] && {
+	append bss_conf "nas_identifier=$nasid" "$N"
-		append bss_conf "acct_server_addr=$acct_server" "$N"
+
-		append bss_conf "acct_server_port=$acct_port" "$N"
-		[ -n "$acct_secret" ] && \
-			append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
 	[ -n "$acct_interval" ] && \
 		append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
+	json_for_each_item append_acct_server acct_server
 	json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
-	}
+
+	[ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
 
 	case "$auth_type" in
 		sae|owe|eap192|eap-eap192)
@@ -640,10 +657,11 @@ hostapd_set_bss_options() {
 
 	case "$auth_type" in
 		none|owe)
-			json_get_vars owe_transition_bssid owe_transition_ssid
+			json_get_vars owe_transition_bssid owe_transition_ssid owe_transition_ifname
 
 			[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
 			[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
+			[ -n "$owe_transition_ifname" ] && append bss_conf "owe_transition_ifname=$owe_transition_ifname" "$N"
 
 			wps_possible=1
 			# Here we make the assumption that if we're in open mode
@@ -652,7 +670,13 @@ hostapd_set_bss_options() {
 		;;
 		psk|sae|psk-sae)
 			json_get_vars key wpa_psk_file
-			if [ ${#key} -eq 64 ]; then
+			if [ "$auth_type" = "psk" ] && [ "$ppsk" -ne 0 ] ; then
+				json_get_vars auth_secret auth_port
+				set_default auth_port 1812
+				json_for_each_item append_auth_server auth_server
+				append bss_conf "macaddr_acl=2" "$N"
+				append bss_conf "wpa_psk_radius=2" "$N"
+			elif [ ${#key} -eq 64 ]; then
 				append bss_conf "wpa_psk=$key" "$N"
 			elif [ ${#key} -ge 8 ] && [ ${#key} -le 63 ]; then
 				append bss_conf "wpa_passphrase=$key" "$N"
@@ -675,7 +699,7 @@ hostapd_set_bss_options() {
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
-				ownip radius_client_addr \
+				dynamic_ownip ownip radius_client_addr \
 				eap_reauth_period request_cui \
 				erp_domain mobility_domain \
 				fils_realm fils_dhcp
@@ -683,6 +707,8 @@ hostapd_set_bss_options() {
 			# radius can provide VLAN ID for clients
 			vlan_possible=1
 
+			set_default dynamic_ownip 1
+
 			# legacy compatibility
 			[ -n "$auth_server" ] || json_get_var auth_server server
 			[ -n "$auth_port" ] || json_get_var auth_port port
@@ -716,12 +742,7 @@ hostapd_set_bss_options() {
 			set_default dae_port 3799
 			set_default request_cui 0
 
-			[ "$eap_server" -eq 0 ] && {
+			[ "$eap_server" -eq 0 ] && json_for_each_item append_auth_server auth_server
-				append bss_conf "auth_server_addr=$auth_server" "$N"
-				append bss_conf "auth_server_port=$auth_port" "$N"
-				append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
-			}
-
 			[ "$request_cui" -gt 0 ] && append bss_conf "radius_request_cui=$request_cui" "$N"
 			[ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N"
 
@@ -731,7 +752,12 @@ hostapd_set_bss_options() {
 			}
 			json_for_each_item append_radius_auth_req_attr radius_auth_req_attr
 
-			[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
+			if [ -n "$ownip" ]; then
+				append bss_conf "own_ip_addr=$ownip" "$N"
+			elif [ "$dynamic_ownip" -gt 0 ]; then
+				append bss_conf "dynamic_own_ip_addr=$dynamic_ownip" "$N"
+			fi
+
 			[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
 			append bss_conf "eapol_key_index_workaround=1" "$N"
 			append bss_conf "ieee8021x=1" "$N"
@@ -747,7 +773,24 @@ hostapd_set_bss_options() {
 		;;
 	esac
 
-	local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open))
+	case "$auth_type" in
+		none|owe|psk|sae|psk-sae|wep)
+			json_get_vars \
+			auth_server auth_port auth_secret \
+			ownip radius_client_addr
+
+			[ -n "$auth_server" ] &&  {
+				set_default auth_port 1812
+
+				json_for_each_item append_auth_server auth_server
+				[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
+				[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
+				append bss_conf "macaddr_acl=2" "$N"
+			}
+		;;
+	esac
+
+	local auth_algs="$((($auth_mode_shared << 1) | $auth_mode_open))"
 	append bss_conf "auth_algs=${auth_algs:-1}" "$N"
 	append bss_conf "wpa=$wpa" "$N"
 	[ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N"
@@ -809,10 +852,11 @@ hostapd_set_bss_options() {
 		append bss_conf "iapp_interface=$ifname" "$N"
 	}
 
-	json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
+	json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition mbo
 	set_default bss_transition 0
 	set_default wnm_sleep_mode 0
 	set_default wnm_sleep_mode_no_keys 0
+	set_default mbo 0
 
 	[ -n "$time_advertisement" ] && append bss_conf "time_advertisement=$time_advertisement" "$N"
 	[ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N"
@@ -821,6 +865,7 @@ hostapd_set_bss_options() {
 		[ "$wnm_sleep_mode_no_keys" -eq "1" ] && append bss_conf "wnm_sleep_mode_no_keys=1" "$N"
 	fi
 	[ "$bss_transition" -eq "1" ] && append bss_conf "bss_transition=1" "$N"
+	[ "$mbo" -eq 1 ] && append bss_conf "mbo=1" "$N"
 
 	json_get_vars ieee80211k rrm_neighbor_report rrm_beacon_report
 	set_default ieee80211k 0
@@ -855,7 +900,7 @@ hostapd_set_bss_options() {
 			json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
 
 			set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
-			set_default ft_over_ds 1
+			set_default ft_over_ds 0
 			set_default reassociation_deadline 1000
 
 			case "$auth_type" in
@@ -872,7 +917,6 @@ hostapd_set_bss_options() {
 			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
 			append bss_conf "ft_over_ds=$ft_over_ds" "$N"
 			append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
-			[ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N"
 
 			if [ "$ft_psk_generate_local" -eq "0" ]; then
 				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
@@ -1096,9 +1140,9 @@ hostapd_set_bss_options() {
 		[ -n "$server_id" ] && append bss_conf "server_id=$server_id" "$N"
 	fi
 
-	set_default multicast_to_unicast 0
+	set_default multicast_to_unicast_all 0
-	if [ "$multicast_to_unicast" -gt 0 ]; then
+	if [ "$multicast_to_unicast_all" -gt 0 ]; then
-		append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
+		append bss_conf "multicast_to_unicast=$multicast_to_unicast_all" "$N"
 	fi
 	set_default proxy_arp 0
 	if [ "$proxy_arp" -gt 0 ]; then
@@ -1115,7 +1159,7 @@ hostapd_set_bss_options() {
 		append bss_conf "$val" "$N"
 	done
 
-	bss_md5sum=$(echo $bss_conf | md5sum | cut -d" " -f1)
+	bss_md5sum="$(echo $bss_conf | md5sum | cut -d" " -f1)"
 	append bss_conf "config_id=$bss_md5sum" "$N"
 
 	append "$var" "$bss_conf" "$N"
@@ -1137,7 +1181,7 @@ hostapd_set_log_options() {
 	set_default log_iapp   1
 	set_default log_mlme   1
 
-	local log_mask=$(( \
+	local log_mask="$(( \
 		($log_80211  << 0) | \
 		($log_8021x  << 1) | \
 		($log_radius << 2) | \
@@ -1145,7 +1189,7 @@ hostapd_set_log_options() {
 		($log_driver << 4) | \
 		($log_iapp   << 5) | \
 		($log_mlme   << 6)   \
-	))
+	))"
 
 	append "$var" "logger_syslog=$log_mask" "$N"
 	append "$var" "logger_syslog_level=$log_level" "$N"
@@ -1254,7 +1298,7 @@ wpa_supplicant_add_network() {
 	json_get_vars \
 		ssid bssid key \
 		basic_rate mcast_rate \
-		ieee80211w ieee80211r fils \
+		ieee80211w ieee80211r fils ocv \
 		multi_ap \
 		default_disabled
 
@@ -1289,7 +1333,7 @@ wpa_supplicant_add_network() {
 	}
 
 	[ "$_w_mode" = "mesh" ] && {
-		json_get_vars mesh_id mesh_fwding mesh_rssi_threshold
+		json_get_vars mesh_id mesh_fwding mesh_rssi_threshold encryption
 		[ -n "$mesh_id" ] && ssid="${mesh_id}"
 
 		append network_data "mode=5" "$N$T"
@@ -1297,7 +1341,7 @@ wpa_supplicant_add_network() {
 		[ -n "$mesh_rssi_threshold" ] && append network_data "mesh_rssi_threshold=${mesh_rssi_threshold}" "$N$T"
 		[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode"
 		[ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T"
-		append wpa_key_mgmt "SAE"
+		[ "$encryption" = "none" -o -z "$encryption" ] || append wpa_key_mgmt "SAE"
 		scan_ssid=""
 	}
 
@@ -1306,6 +1350,8 @@ wpa_supplicant_add_network() {
 		[ "$default_disabled" = 1 ] && append network_data "disabled=1" "$N$T"
 	}
 
+	[ -n "$ocv" ] && append network_data "ocv=$ocv" "$N$T"
+
 	case "$auth_type" in
 		none) ;;
 		owe)
@@ -1329,11 +1375,11 @@ wpa_supplicant_add_network() {
 
 			key_mgmt="$wpa_key_mgmt"
 
+			if [ "$_w_mode" = "mesh" ] || [ "$auth_type" = "sae" ]; then
+				passphrase="sae_password=\"${key}\""
+			else
 				if [ ${#key} -eq 64 ]; then
 					passphrase="psk=${key}"
-			else
-				if [ "$_w_mode" = "mesh" ]; then
-					passphrase="sae_password=\"${key}\""
 				else
 					passphrase="psk=\"${key}\""
 				fi

package/network/services/hostapd/files/wpa_supplicant-basic.config

@@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Select TLS implementation
 # openssl = OpenSSL (default)

package/network/services/hostapd/files/wpa_supplicant-full.config

@@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Select TLS implementation
 # openssl = OpenSSL (default)

package/network/services/hostapd/files/wpa_supplicant-p2p.config

@@ -622,4 +622,4 @@ CONFIG_UBUS=y
 # OpenWrt patch 380-disable-ctrl-iface-mib.patch
 # leads to the MIB only being compiled in if
 # CONFIG_CTRL_IFACE_MIB is enabled.
-#CONFIG_CTRL_IFACE_MIB=y
+CONFIG_CTRL_IFACE_MIB=y

package/network/services/hostapd/files/wpad.init

@@ -13,6 +13,7 @@ start_service() {
 		procd_open_instance hostapd
 		procd_set_param command /usr/sbin/hostapd -s -g /var/run/hostapd/global
 		procd_set_param respawn 3600 1 0
+		procd_set_param limits core="unlimited"
 		[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
 			procd_add_jail hostapd
 			procd_set_param capabilities /etc/capabilities/wpad.json
@@ -29,6 +30,7 @@ start_service() {
 		procd_open_instance supplicant
 		procd_set_param command /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_supplicant/global
 		procd_set_param respawn 3600 1 0
+		procd_set_param limits core="unlimited"
 		[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
 			procd_add_jail wpa_supplicant
 			procd_set_param capabilities /etc/capabilities/wpad.json

package/network/services/hostapd/patches/0001-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch

@@ -1,406 +0,0 @@
-From f5c8697c04576b1995d109abf96fddffbd3b4f1e Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Wed, 9 Feb 2022 20:15:30 +0200
-Subject: [PATCH] Sync with mac80211-next.git include/uapi/linux/nl80211.h
-
-This brings in nl80211 definitions as of 2022-01-04. In addition, update
-nl80211_command_to_string() to cover the new defined commands.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/drivers/driver_nl80211_event.c |   7 +
- src/drivers/nl80211_copy.h         | 230 +++++++++++++++++++++++++++--
- 2 files changed, 226 insertions(+), 11 deletions(-)
-
---- a/src/drivers/driver_nl80211_event.c
-+++ b/src/drivers/driver_nl80211_event.c
-@@ -172,6 +172,13 @@ static const char * nl80211_command_to_s
- 	C2S(NL80211_CMD_UNPROT_BEACON)
- 	C2S(NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS)
- 	C2S(NL80211_CMD_SET_SAR_SPECS)
-+	C2S(NL80211_CMD_OBSS_COLOR_COLLISION)
-+	C2S(NL80211_CMD_COLOR_CHANGE_REQUEST)
-+	C2S(NL80211_CMD_COLOR_CHANGE_STARTED)
-+	C2S(NL80211_CMD_COLOR_CHANGE_ABORTED)
-+	C2S(NL80211_CMD_COLOR_CHANGE_COMPLETED)
-+	C2S(NL80211_CMD_SET_FILS_AAD)
-+	C2S(NL80211_CMD_ASSOC_COMEBACK)
- 	C2S(__NL80211_CMD_AFTER_LAST)
- 	}
- #undef C2S
---- a/src/drivers/nl80211_copy.h
-+++ b/src/drivers/nl80211_copy.h
-@@ -11,7 +11,7 @@
-  * Copyright 2008 Jouni Malinen <jouni.malinen@atheros.com>
-  * Copyright 2008 Colin McCabe <colin@cozybit.com>
-  * Copyright 2015-2017	Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
-  *
-  * Permission to use, copy, modify, and/or distribute this software for any
-  * purpose with or without fee is hereby granted, provided that the above
-@@ -301,6 +301,29 @@
-  */
- 
- /**
-+ * DOC: FILS shared key crypto offload
-+ *
-+ * This feature is applicable to drivers running in AP mode.
-+ *
-+ * FILS shared key crypto offload can be advertised by drivers by setting
-+ * @NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD flag. The drivers that support
-+ * FILS shared key crypto offload should be able to encrypt and decrypt
-+ * association frames for FILS shared key authentication as per IEEE 802.11ai.
-+ * With this capability, for FILS key derivation, drivers depend on userspace.
-+ *
-+ * After FILS key derivation, userspace shares the FILS AAD details with the
-+ * driver and the driver stores the same to use in decryption of association
-+ * request and in encryption of association response. The below parameters
-+ * should be given to the driver in %NL80211_CMD_SET_FILS_AAD.
-+ *	%NL80211_ATTR_MAC - STA MAC address, used for storing FILS AAD per STA
-+ *	%NL80211_ATTR_FILS_KEK - Used for encryption or decryption
-+ *	%NL80211_ATTR_FILS_NONCES - Used for encryption or decryption
-+ *			(STA Nonce 16 bytes followed by AP Nonce 16 bytes)
-+ *
-+ * Once the association is done, the driver cleans the FILS AAD data.
-+ */
-+
-+/**
-  * enum nl80211_commands - supported nl80211 commands
-  *
-  * @NL80211_CMD_UNSPEC: unspecified command to catch errors
-@@ -337,7 +360,10 @@
-  * @NL80211_CMD_DEL_INTERFACE: Virtual interface was deleted, has attributes
-  *	%NL80211_ATTR_IFINDEX and %NL80211_ATTR_WIPHY. Can also be sent from
-  *	userspace to request deletion of a virtual interface, then requires
-- *	attribute %NL80211_ATTR_IFINDEX.
-+ *	attribute %NL80211_ATTR_IFINDEX. If multiple BSSID advertisements are
-+ *	enabled using %NL80211_ATTR_MBSSID_CONFIG, %NL80211_ATTR_MBSSID_ELEMS,
-+ *	and if this command is used for the transmitting interface, then all
-+ *	the non-transmitting interfaces are deleted as well.
-  *
-  * @NL80211_CMD_GET_KEY: Get sequence counter information for a key specified
-  *	by %NL80211_ATTR_KEY_IDX and/or %NL80211_ATTR_MAC.
-@@ -1185,6 +1211,32 @@
-  *	passed using %NL80211_ATTR_SAR_SPEC. %NL80211_ATTR_WIPHY is used to
-  *	specify the wiphy index to be applied to.
-  *
-+ * @NL80211_CMD_OBSS_COLOR_COLLISION: This notification is sent out whenever
-+ *	mac80211/drv detects a bss color collision.
-+ *
-+ * @NL80211_CMD_COLOR_CHANGE_REQUEST: This command is used to indicate that
-+ *	userspace wants to change the BSS color.
-+ *
-+ * @NL80211_CMD_COLOR_CHANGE_STARTED: Notify userland, that a color change has
-+ *	started
-+ *
-+ * @NL80211_CMD_COLOR_CHANGE_ABORTED: Notify userland, that the color change has
-+ *	been aborted
-+ *
-+ * @NL80211_CMD_COLOR_CHANGE_COMPLETED: Notify userland that the color change
-+ *	has completed
-+ *
-+ * @NL80211_CMD_SET_FILS_AAD: Set FILS AAD data to the driver using -
-+ *	&NL80211_ATTR_MAC - for STA MAC address
-+ *	&NL80211_ATTR_FILS_KEK - for KEK
-+ *	&NL80211_ATTR_FILS_NONCES - for FILS Nonces
-+ *		(STA Nonce 16 bytes followed by AP Nonce 16 bytes)
-+ *
-+ * @NL80211_CMD_ASSOC_COMEBACK: notification about an association
-+ *      temporal rejection with comeback. The event includes %NL80211_ATTR_MAC
-+ *      to describe the BSSID address of the AP and %NL80211_ATTR_TIMEOUT to
-+ *      specify the timeout value.
-+ *
-  * @NL80211_CMD_MAX: highest used command number
-  * @__NL80211_CMD_AFTER_LAST: internal use
-  */
-@@ -1417,6 +1469,18 @@ enum nl80211_commands {
- 
- 	NL80211_CMD_SET_SAR_SPECS,
- 
-+	NL80211_CMD_OBSS_COLOR_COLLISION,
-+
-+	NL80211_CMD_COLOR_CHANGE_REQUEST,
-+
-+	NL80211_CMD_COLOR_CHANGE_STARTED,
-+	NL80211_CMD_COLOR_CHANGE_ABORTED,
-+	NL80211_CMD_COLOR_CHANGE_COMPLETED,
-+
-+	NL80211_CMD_SET_FILS_AAD,
-+
-+	NL80211_CMD_ASSOC_COMEBACK,
-+
- 	/* add new commands above here */
- 
- 	/* used to define NL80211_CMD_MAX below */
-@@ -2413,7 +2477,9 @@ enum nl80211_commands {
-  *	space supports external authentication. This attribute shall be used
-  *	with %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP request. The driver
-  *	may offload authentication processing to user space if this capability
-- *	is indicated in the respective requests from the user space.
-+ *	is indicated in the respective requests from the user space. (This flag
-+ *	attribute deprecated for %NL80211_CMD_START_AP, use
-+ *	%NL80211_ATTR_AP_SETTINGS_FLAGS)
-  *
-  * @NL80211_ATTR_NSS: Station's New/updated  RX_NSS value notified using this
-  *	u8 attribute. This is used with %NL80211_CMD_STA_OPMODE_CHANGED.
-@@ -2560,6 +2626,39 @@ enum nl80211_commands {
-  *	disassoc events to indicate that an immediate reconnect to the AP
-  *	is desired.
-  *
-+ * @NL80211_ATTR_OBSS_COLOR_BITMAP: bitmap of the u64 BSS colors for the
-+ *	%NL80211_CMD_OBSS_COLOR_COLLISION event.
-+ *
-+ * @NL80211_ATTR_COLOR_CHANGE_COUNT: u8 attribute specifying the number of TBTT's
-+ *	until the color switch event.
-+ * @NL80211_ATTR_COLOR_CHANGE_COLOR: u8 attribute specifying the color that we are
-+ *	switching to
-+ * @NL80211_ATTR_COLOR_CHANGE_ELEMS: Nested set of attributes containing the IE
-+ *	information for the time while performing a color switch.
-+ *
-+ * @NL80211_ATTR_MBSSID_CONFIG: Nested attribute for multiple BSSID
-+ *	advertisements (MBSSID) parameters in AP mode.
-+ *	Kernel uses this attribute to indicate the driver's support for MBSSID
-+ *	and enhanced multi-BSSID advertisements (EMA AP) to the userspace.
-+ *	Userspace should use this attribute to configure per interface MBSSID
-+ *	parameters.
-+ *	See &enum nl80211_mbssid_config_attributes for details.
-+ *
-+ * @NL80211_ATTR_MBSSID_ELEMS: Nested parameter to pass multiple BSSID elements.
-+ *	Mandatory parameter for the transmitting interface to enable MBSSID.
-+ *	Optional for the non-transmitting interfaces.
-+ *
-+ * @NL80211_ATTR_RADAR_BACKGROUND: Configure dedicated offchannel chain
-+ *	available for radar/CAC detection on some hw. This chain can't be used
-+ *	to transmit or receive frames and it is bounded to a running wdev.
-+ *	Background radar/CAC detection allows to avoid the CAC downtime
-+ *	switching on a different channel during CAC detection on the selected
-+ *	radar channel.
-+ *
-+ * @NL80211_ATTR_AP_SETTINGS_FLAGS: u32 attribute contains ap settings flags,
-+ *	enumerated in &enum nl80211_ap_settings_flags. This attribute shall be
-+ *	used with %NL80211_CMD_START_AP request.
-+ *
-  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
-  * @NL80211_ATTR_MAX: highest attribute number currently defined
-  * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3057,6 +3156,19 @@ enum nl80211_attrs {
- 
- 	NL80211_ATTR_DISABLE_HE,
- 
-+	NL80211_ATTR_OBSS_COLOR_BITMAP,
-+
-+	NL80211_ATTR_COLOR_CHANGE_COUNT,
-+	NL80211_ATTR_COLOR_CHANGE_COLOR,
-+	NL80211_ATTR_COLOR_CHANGE_ELEMS,
-+
-+	NL80211_ATTR_MBSSID_CONFIG,
-+	NL80211_ATTR_MBSSID_ELEMS,
-+
-+	NL80211_ATTR_RADAR_BACKGROUND,
-+
-+	NL80211_ATTR_AP_SETTINGS_FLAGS,
-+
- 	/* add attributes here, update the policy in nl80211.c */
- 
- 	__NL80211_ATTR_AFTER_LAST,
-@@ -3650,11 +3762,12 @@ enum nl80211_mpath_info {
-  *     capabilities IE
-  * @NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE: HE PPE thresholds information as
-  *     defined in HE capabilities IE
-- * @NL80211_BAND_IFTYPE_ATTR_MAX: highest band HE capability attribute currently
-- *     defined
-  * @NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA: HE 6GHz band capabilities (__le16),
-  *	given for all 6 GHz band channels
-+ * @NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS: vendor element capabilities that are
-+ *	advertised on this band/for this iftype (binary)
-  * @__NL80211_BAND_IFTYPE_ATTR_AFTER_LAST: internal use
-+ * @NL80211_BAND_IFTYPE_ATTR_MAX: highest band attribute currently defined
-  */
- enum nl80211_band_iftype_attr {
- 	__NL80211_BAND_IFTYPE_ATTR_INVALID,
-@@ -3665,6 +3778,7 @@ enum nl80211_band_iftype_attr {
- 	NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
- 	NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
- 	NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
-+	NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
- 
- 	/* keep last */
- 	__NL80211_BAND_IFTYPE_ATTR_AFTER_LAST,
-@@ -4887,6 +5001,7 @@ enum nl80211_txrate_gi {
-  * @NL80211_BAND_60GHZ: around 60 GHz band (58.32 - 69.12 GHz)
-  * @NL80211_BAND_6GHZ: around 6 GHz band (5.9 - 7.2 GHz)
-  * @NL80211_BAND_S1GHZ: around 900MHz, supported by S1G PHYs
-+ * @NL80211_BAND_LC: light communication band (placeholder)
-  * @NUM_NL80211_BANDS: number of bands, avoid using this in userspace
-  *	since newer kernel versions may support more bands
-  */
-@@ -4896,6 +5011,7 @@ enum nl80211_band {
- 	NL80211_BAND_60GHZ,
- 	NL80211_BAND_6GHZ,
- 	NL80211_BAND_S1GHZ,
-+	NL80211_BAND_LC,
- 
- 	NUM_NL80211_BANDS,
- };
-@@ -5462,7 +5578,7 @@ enum nl80211_iface_limit_attrs {
-  *	=> allows 8 of AP/GO that can have BI gcd >= min gcd
-  *
-  *	numbers = [ #{STA} <= 2 ], channels = 2, max = 2
-- *	=> allows two STAs on different channels
-+ *	=> allows two STAs on the same or on different channels
-  *
-  *	numbers = [ #{STA} <= 1, #{P2P-client,P2P-GO} <= 3 ], max = 4
-  *	=> allows a STA plus three P2P interfaces
-@@ -5507,7 +5623,7 @@ enum nl80211_if_combination_attrs {
-  * @NL80211_PLINK_ESTAB: mesh peer link is established
-  * @NL80211_PLINK_HOLDING: mesh peer link is being closed or cancelled
-  * @NL80211_PLINK_BLOCKED: all frames transmitted from this mesh
-- *	plink are discarded
-+ *	plink are discarded, except for authentication frames
-  * @NUM_NL80211_PLINK_STATES: number of peer link states
-  * @MAX_NL80211_PLINK_STATES: highest numerical value of plink states
-  */
-@@ -5644,13 +5760,15 @@ enum nl80211_tdls_operation {
- 	NL80211_TDLS_DISABLE_LINK,
- };
- 
--/*
-+/**
-  * enum nl80211_ap_sme_features - device-integrated AP features
-- * Reserved for future use, no bits are defined in
-- * NL80211_ATTR_DEVICE_AP_SME yet.
-+ * @NL80211_AP_SME_SA_QUERY_OFFLOAD: SA Query procedures offloaded to driver
-+ *	when user space indicates support for SA Query procedures offload during
-+ *	"start ap" with %NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT.
-+ */
- enum nl80211_ap_sme_features {
-+	NL80211_AP_SME_SA_QUERY_OFFLOAD		= 1 << 0,
- };
-- */
- 
- /**
-  * enum nl80211_feature_flags - device/driver features
-@@ -5950,6 +6068,17 @@ enum nl80211_feature_flags {
-  *      frame protection for all management frames exchanged during the
-  *      negotiation and range measurement procedure.
-  *
-+ * @NL80211_EXT_FEATURE_BSS_COLOR: The driver supports BSS color collision
-+ *	detection and change announcemnts.
-+ *
-+ * @NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD: Driver running in AP mode supports
-+ *	FILS encryption and decryption for (Re)Association Request and Response
-+ *	frames. Userspace has to share FILS AAD details to the driver by using
-+ *	@NL80211_CMD_SET_FILS_AAD.
-+ *
-+ * @NL80211_EXT_FEATURE_RADAR_BACKGROUND: Device supports background radar/CAC
-+ *	detection.
-+ *
-  * @NUM_NL80211_EXT_FEATURES: number of extended features.
-  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
-  */
-@@ -6014,6 +6143,9 @@ enum nl80211_ext_feature_index {
- 	NL80211_EXT_FEATURE_SECURE_LTF,
- 	NL80211_EXT_FEATURE_SECURE_RTT,
- 	NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
-+	NL80211_EXT_FEATURE_BSS_COLOR,
-+	NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD,
-+	NL80211_EXT_FEATURE_RADAR_BACKGROUND,
- 
- 	/* add new features before the definition below */
- 	NUM_NL80211_EXT_FEATURES,
-@@ -6912,6 +7044,9 @@ enum nl80211_peer_measurement_ftm_capa {
-  * @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK: negotiate for LMR feedback. Only
-  *	valid if either %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED or
-  *	%NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set.
-+ * @NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR: optional. The BSS color of the
-+ *	responder. Only valid if %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED
-+ *	or %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED is set.
-  *
-  * @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal
-  * @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number
-@@ -6931,6 +7066,7 @@ enum nl80211_peer_measurement_ftm_req {
- 	NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED,
- 	NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED,
- 	NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK,
-+	NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR,
- 
- 	/* keep last */
- 	NUM_NL80211_PMSR_FTM_REQ_ATTR,
-@@ -7299,4 +7435,76 @@ enum nl80211_sar_specs_attrs {
- 	NL80211_SAR_ATTR_SPECS_MAX = __NL80211_SAR_ATTR_SPECS_LAST - 1,
- };
- 
-+/**
-+ * enum nl80211_mbssid_config_attributes - multiple BSSID (MBSSID) and enhanced
-+ * multi-BSSID advertisements (EMA) in AP mode.
-+ * Kernel uses some of these attributes to advertise driver's support for
-+ * MBSSID and EMA.
-+ * Remaining attributes should be used by the userspace to configure the
-+ * features.
-+ *
-+ * @__NL80211_MBSSID_CONFIG_ATTR_INVALID: Invalid
-+ *
-+ * @NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES: Used by the kernel to advertise
-+ *	the maximum number of MBSSID interfaces supported by the driver.
-+ *	Driver should indicate MBSSID support by setting
-+ *	wiphy->mbssid_max_interfaces to a value more than or equal to 2.
-+ *
-+ * @NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY: Used by the kernel
-+ *	to advertise the maximum profile periodicity supported by the driver
-+ *	if EMA is enabled. Driver should indicate EMA support to the userspace
-+ *	by setting wiphy->ema_max_profile_periodicity to
-+ *	a non-zero value.
-+ *
-+ * @NL80211_MBSSID_CONFIG_ATTR_INDEX: Mandatory parameter to pass the index of
-+ *	this BSS (u8) in the multiple BSSID set.
-+ *	Value must be set to 0 for the transmitting interface and non-zero for
-+ *	all non-transmitting interfaces. The userspace will be responsible
-+ *	for using unique indices for the interfaces.
-+ *	Range: 0 to wiphy->mbssid_max_interfaces-1.
-+ *
-+ * @NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX: Mandatory parameter for
-+ *	a non-transmitted profile which provides the interface index (u32) of
-+ *	the transmitted profile. The value must match one of the interface
-+ *	indices advertised by the kernel. Optional if the interface being set up
-+ *	is the transmitting one, however, if provided then the value must match
-+ *	the interface index of the same.
-+ *
-+ * @NL80211_MBSSID_CONFIG_ATTR_EMA: Flag used to enable EMA AP feature.
-+ *	Setting this flag is permitted only if the driver advertises EMA support
-+ *	by setting wiphy->ema_max_profile_periodicity to non-zero.
-+ *
-+ * @__NL80211_MBSSID_CONFIG_ATTR_LAST: Internal
-+ * @NL80211_MBSSID_CONFIG_ATTR_MAX: highest attribute
-+ */
-+enum nl80211_mbssid_config_attributes {
-+	__NL80211_MBSSID_CONFIG_ATTR_INVALID,
-+
-+	NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
-+	NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
-+	NL80211_MBSSID_CONFIG_ATTR_INDEX,
-+	NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX,
-+	NL80211_MBSSID_CONFIG_ATTR_EMA,
-+
-+	/* keep last */
-+	__NL80211_MBSSID_CONFIG_ATTR_LAST,
-+	NL80211_MBSSID_CONFIG_ATTR_MAX = __NL80211_MBSSID_CONFIG_ATTR_LAST - 1,
-+};
-+
-+/**
-+ * enum nl80211_ap_settings_flags - AP settings flags
-+ *
-+ * @NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT: AP supports external
-+ *	authentication.
-+ * @NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT: Userspace supports SA Query
-+ *	procedures offload to driver. If driver advertises
-+ *	%NL80211_AP_SME_SA_QUERY_OFFLOAD in AP SME features, userspace shall
-+ *	ignore SA Query procedures and validations when this flag is set by
-+ *	userspace.
-+ */
-+enum nl80211_ap_settings_flags {
-+	NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT	= 1 << 0,
-+	NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT	= 1 << 1,
-+};
-+
- #endif /* __LINUX_NL80211_H */

package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch

@@ -16,7 +16,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
 
 --- a/src/crypto/crypto_wolfssl.c
 +++ b/src/crypto/crypto_wolfssl.c
-@@ -1307,6 +1307,7 @@ int ecc_projective_add_point(ecc_point *
+@@ -1340,6 +1340,7 @@ int ecc_projective_add_point(ecc_point *
  
  struct crypto_ec {
  	ecc_key key;
@@ -24,7 +24,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
  	mp_int a;
  	mp_int prime;
  	mp_int order;
-@@ -1361,6 +1362,8 @@ struct crypto_ec * crypto_ec_init(int gr
+@@ -1394,6 +1395,8 @@ struct crypto_ec * crypto_ec_init(int gr
  		return NULL;
  
  	if (wc_ecc_init(&e->key) != 0 ||
@@ -33,7 +33,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
  	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
  	    mp_init(&e->a) != MP_OKAY ||
  	    mp_init(&e->prime) != MP_OKAY ||
-@@ -1392,6 +1395,7 @@ void crypto_ec_deinit(struct crypto_ec*
+@@ -1425,6 +1428,7 @@ void crypto_ec_deinit(struct crypto_ec*
  	mp_clear(&e->order);
  	mp_clear(&e->prime);
  	mp_clear(&e->a);

package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -14,7 +14,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2409,7 +2409,7 @@ static int drv_supports_vht(struct wpa_s
+@@ -2436,7 +2436,7 @@ static int drv_supports_vht(struct wpa_s
  }
  
  
@@ -23,7 +23,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  {
  	int i;
  
-@@ -2418,7 +2418,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+@@ -2445,7 +2445,10 @@ static bool ibss_mesh_is_80mhz_avail(int
  
  		chan = hw_get_channel_chan(mode, i, NULL);
  		if (!chan ||
@@ -35,7 +35,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  			return false;
  	}
  
-@@ -2447,6 +2450,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2474,6 +2477,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int chwidth, seg0, seg1;
  	u32 vht_caps = 0;
  	bool is_24ghz, is_6ghz;
@@ -44,7 +44,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	freq->freq = ssid->frequency;
  
-@@ -2543,8 +2548,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2570,8 +2575,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
  		return;
  
  	/* Check primary channel flags */
@@ -57,7 +57,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	freq->channel = pri_chan->chan;
  
-@@ -2577,8 +2585,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2604,8 +2612,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
  		return;
  
  	/* Check secondary channel flags */
@@ -70,7 +70,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	if (ht40 == -1) {
  		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2667,7 +2678,7 @@ skip_to_6ghz:
+@@ -2694,7 +2705,7 @@ skip_to_6ghz:
  		return;
  
  	/* Back to HT configuration if channel not usable */
@@ -78,8 +78,8 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +	if (!ibss_mesh_is_80mhz_avail(channel, mode, dfs_enabled))
  		return;
  
- 	chwidth = CHANWIDTH_80MHZ;
+ 	chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -2681,7 +2692,7 @@ skip_to_6ghz:
+@@ -2708,7 +2719,7 @@ skip_to_6ghz:
  		 * above; check the remaining four 20 MHz channels for the total
  		 * of 160 MHz bandwidth.
  		 */
@@ -88,7 +88,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  			return;
  
  		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
-@@ -2711,10 +2722,12 @@ skip_to_6ghz:
+@@ -2738,10 +2749,12 @@ skip_to_6ghz:
  				if (!chan)
  					continue;
  
@@ -103,4 +103,4 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +						continue;
  
  				/* Found a suitable second segment for 80+80 */
- 				chwidth = CHANWIDTH_80P80MHZ;
+ 				chwidth = CONF_OPER_CHWIDTH_80P80MHZ;

package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch

@@ -28,8 +28,8 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
 +#include "crypto/crypto.h"
  
  
- static int dfs_get_used_n_chans(struct hostapd_iface *iface, int *seg1)
+ enum dfs_channel_type {
-@@ -483,9 +484,14 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -515,9 +516,14 @@ dfs_get_valid_channel(struct hostapd_ifa
  	int num_available_chandefs;
  	int chan_idx, chan_idx2;
  	int sec_chan_idx_80p80 = -1;
@@ -44,7 +44,7 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
  	wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
  	*secondary_channel = 0;
  	*oper_centr_freq_seg0_idx = 0;
-@@ -505,8 +511,20 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -537,8 +543,20 @@ dfs_get_valid_channel(struct hostapd_ifa
  	if (num_available_chandefs == 0)
  		return NULL;
  
@@ -64,11 +64,11 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
  		return NULL;
 +
  	chan_idx = _rand % num_available_chandefs;
- 	dfs_find_channel(iface, &chan, chan_idx, skip_radar);
+ 	dfs_find_channel(iface, &chan, chan_idx, type);
  	if (!chan) {
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -9895,6 +9895,10 @@ static int nl80211_switch_channel(void *
+@@ -9948,6 +9948,10 @@ static int nl80211_switch_channel(void *
  	if (ret)
  		goto error;
  

package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -4944,6 +4944,13 @@ static int add_associated_sta(struct hos
+@@ -4963,6 +4963,13 @@ static int add_associated_sta(struct hos
  	 * drivers to accept the STA parameter configuration. Since this is
  	 * after a new FT-over-DS exchange, a new TK has been derived, so key
  	 * reinstallation is not a concern for this case.
@@ -14,7 +14,7 @@
  	 */
  	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
  		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -4957,7 +4964,8 @@ static int add_associated_sta(struct hos
+@@ -4976,7 +4983,8 @@ static int add_associated_sta(struct hos
  	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
  	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
  	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&

package/network/services/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch

@@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -3431,7 +3431,7 @@ static int hostapd_change_config_freq(st
+@@ -3453,7 +3453,7 @@ static int hostapd_change_config_freq(st
  				      struct hostapd_freq_params *old_params)
  {
  	int channel;

package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch

@@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #include <linux/rtnetlink.h>
  #include <netpacket/packet.h>
  #include <linux/errqueue.h>
-@@ -5300,26 +5297,29 @@ fail:
+@@ -5344,26 +5341,29 @@ fail:
  
  static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
  {
@@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (err < 0) {
  		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
  			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
-@@ -5329,9 +5329,8 @@ static void rtnl_neigh_delete_fdb_entry(
+@@ -5373,9 +5373,8 @@ static void rtnl_neigh_delete_fdb_entry(
  			   MACSTR, MAC2STR(addr));
  	}
  
@@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  }
  
  
-@@ -7714,7 +7713,6 @@ static void *i802_init(struct hostapd_da
+@@ -7763,7 +7762,6 @@ static void *i802_init(struct hostapd_da
  	    (params->num_bridge == 0 || !params->bridge[0]))
  		add_ifidx(drv, br_ifindex, drv->ifindex);
  
@@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (bss->added_if_into_bridge || bss->already_in_bridge) {
  		int err;
  
-@@ -7731,7 +7729,6 @@ static void *i802_init(struct hostapd_da
+@@ -7780,7 +7778,6 @@ static void *i802_init(struct hostapd_da
  			goto failed;
  		}
  	}
@@ -92,7 +92,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
  		wpa_printf(MSG_DEBUG,
-@@ -10678,13 +10675,14 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -10813,13 +10810,14 @@ static int wpa_driver_br_add_ip_neigh(vo
  				      const u8 *ipaddr, int prefixlen,
  				      const u8 *addr)
  {
@@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	int res;
  
  	if (!ipaddr || prefixlen == 0 || !addr)
-@@ -10703,85 +10701,66 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -10838,85 +10836,66 @@ static int wpa_driver_br_add_ip_neigh(vo
  	}
  
  	if (version == 4) {
@@ -220,7 +220,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		addrsize = 16;
  	} else {
  		return -EINVAL;
-@@ -10799,41 +10778,30 @@ static int wpa_driver_br_delete_ip_neigh
+@@ -10934,41 +10913,30 @@ static int wpa_driver_br_delete_ip_neigh
  		return -1;
  	}
  

package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch

@@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -3761,15 +3761,6 @@ static void handle_auth(struct hostapd_d
+@@ -3781,15 +3781,6 @@ static void handle_auth(struct hostapd_d
  				       seq_ctrl);
  			return;
  		}

package/network/services/hostapd/patches/050-build_fix.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -323,6 +323,7 @@ ifdef CONFIG_FILS
+@@ -324,6 +324,7 @@ ifdef CONFIG_FILS
  CFLAGS += -DCONFIG_FILS
  OBJS += ../src/ap/fils_hlp.o
  NEED_SHA384=y
@@ -10,7 +10,7 @@
  CFLAGS += -DCONFIG_FILS_SK_PFS
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -312,6 +312,7 @@ endif
+@@ -320,6 +320,7 @@ endif
  ifdef CONFIG_FILS
  CFLAGS += -DCONFIG_FILS
  NEED_SHA384=y

package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch

@@ -0,0 +1,114 @@
+From c8dba4bd750269bcc80fed3d546e2077cb4cdf0e Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Tue, 19 Jul 2022 20:02:21 -0400
+Subject: [PATCH 2/7] mbedtls: fips186_2_prf()
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ hostapd/Makefile            |  4 ---
+ src/crypto/crypto_mbedtls.c | 60 +++++++++++++++++++++++++++++++++++++
+ wpa_supplicant/Makefile     |  4 ---
+ 3 files changed, 60 insertions(+), 8 deletions(-)
+
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -759,10 +759,6 @@ endif
+ OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+-ifdef NEED_FIPS186_2_PRF
+-OBJS += ../src/crypto/fips_prf_internal.o
+-SHA1OBJS += ../src/crypto/sha1-internal.o
+-endif
+ ifeq ($(CONFIG_CRYPTO), mbedtls)
+ ifdef CONFIG_DPP
+ LIBS += -lmbedx509
+--- a/src/crypto/crypto_mbedtls.c
++++ b/src/crypto/crypto_mbedtls.c
+@@ -132,6 +132,12 @@
+ #define CRYPTO_MBEDTLS_HMAC_KDF_SHA512
+ #endif
+ 
++#if defined(EAP_SIM) || defined(EAP_SIM_DYNAMIC) || defined(EAP_SERVER_SIM) \
++ || defined(EAP_AKA) || defined(EAP_AKA_DYNAMIC) || defined(EAP_SERVER_AKA)
++/* EAP_SIM=y EAP_AKA=y */
++#define CRYPTO_MBEDTLS_FIPS186_2_PRF
++#endif
++
+ #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) \
+  || defined(EAP_TEAP) || defined(EAP_TEAP_DYNAMIC) || defined(EAP_SERVER_FAST)
+ #define CRYPTO_MBEDTLS_SHA1_T_PRF
+@@ -813,6 +819,60 @@ int sha1_t_prf(const u8 *key, size_t key
+ 
+ #endif /* CRYPTO_MBEDTLS_SHA1_T_PRF */
+ 
++#ifdef CRYPTO_MBEDTLS_FIPS186_2_PRF
++
++/* fips_prf_internal.c sha1-internal.c */
++
++/* used only by src/eap_common/eap_sim_common.c:eap_sim_prf()
++ * for eap_sim_derive_keys() and eap_sim_derive_keys_reauth()
++ * where xlen is 160 */
++
++int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
++{
++	/* FIPS 186-2 + change notice 1 */
++
++	mbedtls_sha1_context ctx;
++	u8 * const xkey = ctx.MBEDTLS_PRIVATE(buffer);
++	u32 * const xstate = ctx.MBEDTLS_PRIVATE(state);
++	const u32 xstate_init[] =
++	  { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 };
++
++	mbedtls_sha1_init(&ctx);
++	os_memcpy(xkey, seed, seed_len < 64 ? seed_len : 64);
++
++	/* note: does not fill extra bytes if (xlen % 20) (SHA1_MAC_LEN) */
++	for (; xlen >= 20; xlen -= 20) {
++		/* XSEED_j = 0 */
++		/* XVAL = (XKEY + XSEED_j) mod 2^b */
++
++		/* w_i = G(t, XVAL) */
++		os_memcpy(xstate, xstate_init, sizeof(xstate_init));
++		mbedtls_internal_sha1_process(&ctx, xkey);
++
++	  #if __BYTE_ORDER == __LITTLE_ENDIAN
++		xstate[0] = host_to_be32(xstate[0]);
++		xstate[1] = host_to_be32(xstate[1]);
++		xstate[2] = host_to_be32(xstate[2]);
++		xstate[3] = host_to_be32(xstate[3]);
++		xstate[4] = host_to_be32(xstate[4]);
++	  #endif
++		os_memcpy(x, xstate, 20);
++		if (xlen == 20) /*(done; skip prep for next loop)*/
++			break;
++
++		/* XKEY = (1 + XKEY + w_i) mod 2^b */
++		for (u32 carry = 1, k = 20; k-- > 0; carry >>= 8)
++			xkey[k] = (carry += xkey[k] + x[k]) & 0xff;
++		x += 20;
++		/* x_j = w_0|w_1 (each pair of iterations through loop)*/
++	}
++
++	mbedtls_sha1_free(&ctx);
++	return 0;
++}
++
++#endif /* CRYPTO_MBEDTLS_FIPS186_2_PRF */
++
+ #endif /* MBEDTLS_SHA1_C */
+ 
+ 
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -1160,10 +1160,6 @@ endif
+ OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+-ifdef NEED_FIPS186_2_PRF
+-OBJS += ../src/crypto/fips_prf_internal.o
+-SHA1OBJS += ../src/crypto/sha1-internal.o
+-endif
+ ifeq ($(CONFIG_CRYPTO), mbedtls)
+ LIBS += -lmbedcrypto
+ LIBS_p += -lmbedcrypto

package/network/services/hostapd/patches/130-mbedtls-annotate-with-TEST_FAIL-for-hwsim-tests.patch

@@ -0,0 +1,421 @@
+From 31bd19e0e0254b910cccfd3ddc6a6a9222bbcfc0 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sun, 9 Oct 2022 05:12:17 -0400
+Subject: [PATCH 3/7] mbedtls: annotate with TEST_FAIL() for hwsim tests
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/crypto/crypto_mbedtls.c | 124 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 124 insertions(+)
+
+--- a/src/crypto/crypto_mbedtls.c
++++ b/src/crypto/crypto_mbedtls.c
+@@ -280,6 +280,9 @@ __attribute_noinline__
+ static int md_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+                      u8 *mac, mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_md_context_t ctx;
+ 	mbedtls_md_init(&ctx);
+ 	if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 0) != 0){
+@@ -343,6 +346,9 @@ __attribute_noinline__
+ static int sha384_512_vector(size_t num_elem, const u8 *addr[],
+                              const size_t *len, u8 *mac, int is384)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_sha512_context ctx;
+ 	mbedtls_sha512_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -375,6 +381,9 @@ int sha384_vector(size_t num_elem, const
+ #include <mbedtls/sha256.h>
+ int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_sha256_context ctx;
+ 	mbedtls_sha256_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -397,6 +406,9 @@ int sha256_vector(size_t num_elem, const
+ #include <mbedtls/sha1.h>
+ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_sha1_context ctx;
+ 	mbedtls_sha1_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -419,6 +431,9 @@ int sha1_vector(size_t num_elem, const u
+ #include <mbedtls/md5.h>
+ int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_md5_context ctx;
+ 	mbedtls_md5_init(&ctx);
+   #if MBEDTLS_VERSION_MAJOR >= 3
+@@ -441,6 +456,9 @@ int md5_vector(size_t num_elem, const u8
+ #include <mbedtls/md4.h>
+ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	struct mbedtls_md4_context ctx;
+ 	mbedtls_md4_init(&ctx);
+ 	mbedtls_md4_starts_ret(&ctx);
+@@ -460,6 +478,9 @@ static int hmac_vector(const u8 *key, si
+                        const u8 *addr[], const size_t *len, u8 *mac,
+                        mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_md_context_t ctx;
+ 	mbedtls_md_init(&ctx);
+ 	if (mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 1) != 0){
+@@ -571,6 +592,9 @@ static int hmac_kdf_expand(const u8 *prk
+                            const char *label, const u8 *info, size_t info_len,
+                            u8 *okm, size_t okm_len, mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
+   #ifdef MBEDTLS_HKDF_C
+ 	if (label == NULL)  /* RFC 5869 HKDF-Expand when (label == NULL) */
+@@ -663,6 +687,9 @@ static int hmac_prf_bits(const u8 *key,
+                          const u8 *data, size_t data_len, u8 *buf,
+                          size_t buf_len_bits, mbedtls_md_type_t md_type)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_md_context_t ctx;
+ 	mbedtls_md_init(&ctx);
+ 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
+@@ -938,6 +965,9 @@ int pbkdf2_sha1(const char *passphrase,
+ 
+ static void *aes_crypt_init_mode(const u8 *key, size_t len, int mode)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_aes_context *aes = os_malloc(sizeof(*aes));
+ 	if (!aes)
+ 		return NULL;
+@@ -996,6 +1026,9 @@ void aes_decrypt_deinit(void *ctx)
+ /* aes-wrap.c */
+ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_nist_kw_context ctx;
+ 	mbedtls_nist_kw_init(&ctx);
+ 	size_t olen;
+@@ -1010,6 +1043,9 @@ int aes_wrap(const u8 *kek, size_t kek_l
+ /* aes-unwrap.c */
+ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, u8 *plain)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_nist_kw_context ctx;
+ 	mbedtls_nist_kw_init(&ctx);
+ 	size_t olen;
+@@ -1041,6 +1077,9 @@ int omac1_aes_vector(
+     const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[],
+     const size_t *len, u8 *mac)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_cipher_type_t cipher_type;
+ 	switch (key_len) {
+ 	case 16: cipher_type = MBEDTLS_CIPHER_AES_128_ECB; break;
+@@ -1103,6 +1142,9 @@ int omac1_aes_256(const u8 *key, const u
+ /* aes-encblock.c */
+ int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_aes_context aes;
+ 	mbedtls_aes_init(&aes);
+ 	int ret = mbedtls_aes_setkey_enc(&aes, key, 128)
+@@ -1118,6 +1160,9 @@ int aes_128_encrypt_block(const u8 *key,
+ int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce,
+ 		    u8 *data, size_t data_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	unsigned char counter[MBEDTLS_AES_BLOCK_SIZE];
+ 	unsigned char stream_block[MBEDTLS_AES_BLOCK_SIZE];
+ 	os_memcpy(counter, nonce, MBEDTLS_AES_BLOCK_SIZE);/*(must be writable)*/
+@@ -1160,11 +1205,17 @@ static int aes_128_cbc_oper(const u8 *ke
+ 
+ int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_ENCRYPT);
+ }
+ 
+ int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return aes_128_cbc_oper(key, iv, data, data_len, MBEDTLS_AES_DECRYPT);
+ }
+ 
+@@ -1407,6 +1458,10 @@ int crypto_hash_finish(struct crypto_has
+ 	}
+ 	mbedtls_md_free(mctx);
+ 	os_free(mctx);
++
++	if (TEST_FAIL())
++		return -1;
++
+ 	return 0;
+ }
+ 
+@@ -1421,6 +1476,9 @@ int crypto_hash_finish(struct crypto_has
+ 
+ struct crypto_bignum *crypto_bignum_init(void)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_mpi *bn = os_malloc(sizeof(*bn));
+ 	if (bn)
+ 		mbedtls_mpi_init(bn);
+@@ -1429,6 +1487,9 @@ struct crypto_bignum *crypto_bignum_init
+ 
+ struct crypto_bignum *crypto_bignum_init_set(const u8 *buf, size_t len)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_mpi *bn = os_malloc(sizeof(*bn));
+ 	if (bn) {
+ 		mbedtls_mpi_init(bn);
+@@ -1442,6 +1503,9 @@ struct crypto_bignum *crypto_bignum_init
+ 
+ struct crypto_bignum *crypto_bignum_init_uint(unsigned int val)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+   #if 0 /*(hostap use of this interface passes int, not uint)*/
+ 	val = host_to_be32(val);
+ 	return crypto_bignum_init_set((const u8 *)&val, sizeof(val));
+@@ -1467,6 +1531,9 @@ void crypto_bignum_deinit(struct crypto_
+ int crypto_bignum_to_bin(const struct crypto_bignum *a,
+ 			 u8 *buf, size_t buflen, size_t padlen)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	size_t n = mbedtls_mpi_size((mbedtls_mpi *)a);
+ 	if (n < padlen)
+ 		n = padlen;
+@@ -1477,6 +1544,9 @@ int crypto_bignum_to_bin(const struct cr
+ 
+ int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/*assert(r != m);*//* r must not be same as m for mbedtls_mpi_random()*/
+   #if MBEDTLS_VERSION_NUMBER >= 0x021B0000 /* mbedtls 2.27.0 */
+ 	return mbedtls_mpi_random((mbedtls_mpi *)r, 0, (mbedtls_mpi *)m,
+@@ -1513,6 +1583,9 @@ int crypto_bignum_exptmod(const struct c
+ 			  const struct crypto_bignum *c,
+ 			  struct crypto_bignum *d)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/* (check if input params match d; d is the result) */
+ 	/* (a == d) is ok in current mbedtls implementation */
+ 	if (b == d || c == d) { /*(not ok; store result in intermediate)*/
+@@ -1540,6 +1613,9 @@ int crypto_bignum_inverse(const struct c
+ 			  const struct crypto_bignum *b,
+ 			  struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_inv_mod((mbedtls_mpi *)c,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b) ? -1 : 0;
+@@ -1549,6 +1625,9 @@ int crypto_bignum_sub(const struct crypt
+ 		      const struct crypto_bignum *b,
+ 		      struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_sub_mpi((mbedtls_mpi *)c,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b) ? -1 : 0;
+@@ -1558,6 +1637,9 @@ int crypto_bignum_div(const struct crypt
+ 		      const struct crypto_bignum *b,
+ 		      struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/*(most current use of this crypto.h interface has a == c (result),
+ 	 * so store result in an intermediate to avoid overwritten input)*/
+ 	mbedtls_mpi R;
+@@ -1575,6 +1657,9 @@ int crypto_bignum_addmod(const struct cr
+ 			 const struct crypto_bignum *c,
+ 			 struct crypto_bignum *d)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_add_mpi((mbedtls_mpi *)d,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b)
+@@ -1588,6 +1673,9 @@ int crypto_bignum_mulmod(const struct cr
+ 			 const struct crypto_bignum *c,
+ 			 struct crypto_bignum *d)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_mpi_mul_mpi((mbedtls_mpi *)d,
+ 				   (const mbedtls_mpi *)a,
+ 				   (const mbedtls_mpi *)b)
+@@ -1600,6 +1688,9 @@ int crypto_bignum_sqrmod(const struct cr
+ 			 const struct crypto_bignum *b,
+ 			 struct crypto_bignum *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+   #if 1
+ 	return crypto_bignum_mulmod(a, a, b, c);
+   #else
+@@ -1650,6 +1741,9 @@ int crypto_bignum_is_odd(const struct cr
+ int crypto_bignum_legendre(const struct crypto_bignum *a,
+ 			   const struct crypto_bignum *p)
+ {
++	if (TEST_FAIL())
++		return -2;
++
+ 	/* Security Note:
+ 	 * mbedtls_mpi_exp_mod() is not documented to run in constant time,
+ 	 * though mbedtls/library/bignum.c uses constant_time_internal.h funcs.
+@@ -1702,6 +1796,9 @@ int crypto_mod_exp(const u8 *base, size_
+ 		   const u8 *modulus, size_t modulus_len,
+ 		   u8 *result, size_t *result_len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result;
+ 	mbedtls_mpi_init(&bn_base);
+ 	mbedtls_mpi_init(&bn_exp);
+@@ -1769,6 +1866,9 @@ static int crypto_mbedtls_dh_init_public
+ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
+ 		   u8 *pubkey)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+   #if 0 /*(crypto_dh_init() duplicated (and identical) in crypto_*.c modules)*/
+ 	size_t pubkey_len, pad;
+ 
+@@ -1810,6 +1910,9 @@ int crypto_dh_derive_secret(u8 generator
+ 			    const u8 *pubkey, size_t pubkey_len,
+ 			    u8 *secret, size_t *len)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+   #if 0
+ 	if (pubkey_len > prime_len ||
+ 	    (pubkey_len == prime_len &&
+@@ -2512,6 +2615,9 @@ const struct crypto_ec_point * crypto_ec
+ 
+ struct crypto_ec_point *crypto_ec_point_init(struct crypto_ec *e)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_ecp_point *p = os_malloc(sizeof(*p));
+ 	if (p != NULL)
+ 		mbedtls_ecp_point_init(p);
+@@ -2536,6 +2642,9 @@ int crypto_ec_point_x(struct crypto_ec *
+ int crypto_ec_point_to_bin(struct crypto_ec *e,
+ 			   const struct crypto_ec_point *point, u8 *x, u8 *y)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/* crypto.h documents crypto_ec_point_to_bin() output is big-endian */
+ 	size_t len = CRYPTO_EC_plen(e);
+ 	if (x) {
+@@ -2563,6 +2672,9 @@ int crypto_ec_point_to_bin(struct crypto
+ struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e,
+ 						  const u8 *val)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	size_t len = CRYPTO_EC_plen(e);
+ 	mbedtls_ecp_point *p = os_malloc(sizeof(*p));
+ 	u8 buf[1+MBEDTLS_MPI_MAX_SIZE*2];
+@@ -2615,6 +2727,9 @@ int crypto_ec_point_add(struct crypto_ec
+ 			const struct crypto_ec_point *b,
+ 			struct crypto_ec_point *c)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	/* mbedtls does not provide an mbedtls_ecp_point add function */
+ 	mbedtls_mpi one;
+ 	mbedtls_mpi_init(&one);
+@@ -2631,6 +2746,9 @@ int crypto_ec_point_mul(struct crypto_ec
+ 			const struct crypto_bignum *b,
+ 			struct crypto_ec_point *res)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	return mbedtls_ecp_mul(
+ 		(mbedtls_ecp_group *)e, (mbedtls_ecp_point *)res,
+ 		(const mbedtls_mpi *)b, (const mbedtls_ecp_point *)p,
+@@ -2639,6 +2757,9 @@ int crypto_ec_point_mul(struct crypto_ec
+ 
+ int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p)
+ {
++	if (TEST_FAIL())
++		return -1;
++
+ 	if (mbedtls_ecp_get_type((mbedtls_ecp_group *)e)
+ 	    == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+ 		/* e.g. MBEDTLS_ECP_DP_CURVE25519 and MBEDTLS_ECP_DP_CURVE448 */
+@@ -2751,6 +2872,9 @@ struct crypto_bignum *
+ crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
+ 			      const struct crypto_bignum *x)
+ {
++	if (TEST_FAIL())
++		return NULL;
++
+ 	mbedtls_mpi *y2 = os_malloc(sizeof(*y2));
+ 	if (y2 == NULL)
+ 		return NULL;

package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch

@@ -0,0 +1,45 @@
+From 33afce36c54b0cad38643629ded10ff5d727f077 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Fri, 12 Aug 2022 05:34:47 -0400
+Subject: [PATCH 5/7] add NULL checks (encountered during tests/hwsim)
+
+sae_derive_commit_element_ecc NULL pwe_ecc check
+dpp_gen_keypair() NULL curve check
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/common/dpp_crypto.c | 6 ++++++
+ src/common/sae.c        | 7 +++++++
+ 2 files changed, 13 insertions(+)
+
+--- a/src/common/dpp_crypto.c
++++ b/src/common/dpp_crypto.c
+@@ -248,6 +248,12 @@ struct crypto_ec_key * dpp_set_pubkey_po
+ 
+ struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
+ {
++	if (curve == NULL) {
++		wpa_printf(MSG_DEBUG,
++		           "DPP: %s curve must be initialized", __func__);
++		return NULL;
++	}
++
+ 	struct crypto_ec_key *key;
+ 
+ 	wpa_printf(MSG_DEBUG, "DPP: Generating a keypair");
+--- a/src/common/sae.c
++++ b/src/common/sae.c
+@@ -1278,6 +1278,13 @@ void sae_deinit_pt(struct sae_pt *pt)
+ static int sae_derive_commit_element_ecc(struct sae_data *sae,
+ 					 struct crypto_bignum *mask)
+ {
++	if (sae->tmp->pwe_ecc == NULL) {
++		wpa_printf(MSG_DEBUG,
++		           "SAE: %s sae->tmp->pwe_ecc must be initialized",
++		           __func__);
++		return -1;
++	}
++
+ 	/* COMMIT-ELEMENT = inverse(scalar-op(mask, PWE)) */
+ 	if (!sae->tmp->own_commit_element_ecc) {
+ 		sae->tmp->own_commit_element_ecc =

package/network/services/hostapd/patches/160-dpp_pkex-EC-point-mul-w-value-prime.patch

@@ -0,0 +1,26 @@
+From 54211caa2e0e5163aefef390daf88a971367a702 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Tue, 4 Oct 2022 17:09:24 -0400
+Subject: [PATCH 6/7] dpp_pkex: EC point mul w/ value < prime
+
+crypto_ec_point_mul() with mbedtls requires point
+be multiplied by a multiplicand with value < prime
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/common/dpp_crypto.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/common/dpp_crypto.c
++++ b/src/common/dpp_crypto.c
+@@ -1567,7 +1567,9 @@ dpp_pkex_derive_Qr(const struct dpp_curv
+ 	Pr = crypto_ec_key_get_public_key(Pr_key);
+ 	Qr = crypto_ec_point_init(ec);
+ 	hash_bn = crypto_bignum_init_set(hash, curve->hash_len);
+-	if (!Pr || !Qr || !hash_bn || crypto_ec_point_mul(ec, Pr, hash_bn, Qr))
++	if (!Pr || !Qr || !hash_bn ||
++	    crypto_bignum_mod(hash_bn, crypto_ec_get_prime(ec), hash_bn) ||
++	    crypto_ec_point_mul(ec, Pr, hash_bn, Qr))
+ 		goto fail;
+ 
+ 	if (crypto_ec_point_is_at_infinity(ec, Qr)) {

package/network/services/hostapd/patches/170-DPP-fix-memleak-of-intro.peer_key.patch

@@ -0,0 +1,32 @@
+From 639bb1bb912029ec4ff110c3ed807b62f583d6bf Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sun, 9 Oct 2022 04:02:44 -0400
+Subject: [PATCH 7/7] DPP: fix memleak of intro.peer_key
+
+fix memleak of intro.peer_key in wpas_dpp_rx_peer_disc_resp()
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ wpa_supplicant/dpp_supplicant.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/wpa_supplicant/dpp_supplicant.c
++++ b/wpa_supplicant/dpp_supplicant.c
+@@ -2610,6 +2610,8 @@ static void wpas_dpp_rx_peer_disc_resp(s
+ 		return;
+ 	}
+ 
++	os_memset(&intro, 0, sizeof(intro));
++
+ 	trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
+ 			       &trans_id_len);
+ 	if (!trans_id || trans_id_len != 1) {
+@@ -2720,7 +2722,7 @@ static void wpas_dpp_rx_peer_disc_resp(s
+ 		wpa_supplicant_req_scan(wpa_s, 0, 0);
+ 	}
+ fail:
+-	os_memset(&intro, 0, sizeof(intro));
++	dpp_peer_intro_deinit(&intro);
+ }
+ 
+ 

package/network/services/hostapd/patches/200-multicall.patch

@@ -18,7 +18,7 @@
  OBJS += ../src/ap/vlan_init.o
  OBJS += ../src/ap/vlan_ifconfig.o
  OBJS += ../src/ap/vlan.o
-@@ -350,10 +352,14 @@ CFLAGS += -DCONFIG_MBO
+@@ -357,10 +359,14 @@ CFLAGS += -DCONFIG_MBO
  OBJS += ../src/ap/mbo_ap.o
  endif
  
@@ -36,7 +36,7 @@
  LIBS += $(DRV_AP_LIBS)
  
  ifdef CONFIG_L2_PACKET
-@@ -1281,6 +1287,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1378,6 +1384,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
  _OBJS_VAR := OBJS
  include ../src/objs.mk
  
@@ -49,7 +49,7 @@
  hostapd: $(OBJS)
  	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
  	@$(E) "  LD " $@
-@@ -1355,6 +1367,12 @@ include ../src/objs.mk
+@@ -1458,6 +1470,12 @@ include ../src/objs.mk
  _OBJS_VAR := SOBJS
  include ../src/objs.mk
  
@@ -64,15 +64,15 @@
  	@$(E) "  LD " $@
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -17,6 +17,7 @@ endif
+@@ -10,6 +10,7 @@ ALL += dbus/fi.w1.wpa_supplicant1.servic
  EXTRA_TARGETS=dynamic_eap_methods
  
  CONFIG_FILE=.config
 +-include $(if $(MULTICALL),../hostapd/.config)
  include ../src/build.rules
  
- ifdef LIBS
+ ifdef CONFIG_BUILD_WPA_CLIENT_SO
-@@ -363,7 +364,9 @@ endif
+@@ -371,7 +372,9 @@ endif
  ifdef CONFIG_IBSS_RSN
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_IBSS_RSN
@@ -82,7 +82,7 @@
  OBJS += ibss_rsn.o
  endif
  
-@@ -900,6 +903,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+@@ -912,6 +915,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
  CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
  LIBS += -ldl -rdynamic
  endif
@@ -93,7 +93,7 @@
  endif
  
  ifdef CONFIG_AP
-@@ -907,9 +914,11 @@ NEED_EAP_COMMON=y
+@@ -919,9 +926,11 @@ NEED_EAP_COMMON=y
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_AP
  OBJS += ap.o
@@ -105,7 +105,7 @@
  OBJS += ../src/ap/hostapd.o
  OBJS += ../src/ap/wpa_auth_glue.o
  OBJS += ../src/ap/utils.o
-@@ -989,6 +998,12 @@ endif
+@@ -1008,6 +1017,12 @@ endif
  ifdef CONFIG_HS20
  OBJS += ../src/ap/hs20.o
  endif
@@ -118,7 +118,7 @@
  endif
  
  ifdef CONFIG_MBO
-@@ -997,7 +1012,9 @@ CFLAGS += -DCONFIG_MBO
+@@ -1016,7 +1031,9 @@ CFLAGS += -DCONFIG_MBO
  endif
  
  ifdef NEED_RSN_AUTHENTICATOR
@@ -128,7 +128,7 @@
  NEED_AES_WRAP=y
  OBJS += ../src/ap/wpa_auth.o
  OBJS += ../src/ap/wpa_auth_ie.o
-@@ -1891,6 +1908,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -1996,6 +2013,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
  
  _OBJS_VAR := OBJS
  include ../src/objs.mk
@@ -141,7 +141,7 @@
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
  	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
  	@$(E) "  LD " $@
-@@ -2023,6 +2046,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+@@ -2128,6 +2151,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
  	$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
  	@$(E) "  sed" $<
  
@@ -156,7 +156,7 @@
  wpa_cli.exe: wpa_cli
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -6033,8 +6033,8 @@ union wpa_event_data {
+@@ -6171,8 +6171,8 @@ union wpa_event_data {
   * Driver wrapper code should call this function whenever an event is received
   * from the driver.
   */
@@ -167,7 +167,7 @@
  
  /**
   * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -6046,7 +6046,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6184,7 +6184,7 @@ void wpa_supplicant_event(void *ctx, enu
   * Same as wpa_supplicant_event(), but we search for the interface in
   * wpa_global.
   */
@@ -178,7 +178,7 @@
  /*
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
-@@ -1842,8 +1842,8 @@ err:
+@@ -1872,8 +1872,8 @@ err:
  #endif /* CONFIG_OWE */
  
  
@@ -189,7 +189,7 @@
  {
  	struct hostapd_data *hapd = ctx;
  #ifndef CONFIG_NO_STDOUT_DEBUG
-@@ -2088,7 +2088,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -2145,7 +2145,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -220,7 +220,7 @@
  				 union wpa_event_data *data)
  {
  	struct wpa_priv_global *global = ctx;
-@@ -1215,6 +1215,8 @@ int main(int argc, char *argv[])
+@@ -1216,6 +1216,8 @@ int main(int argc, char *argv[])
  	if (os_program_init())
  		return -1;
  
@@ -231,7 +231,7 @@
  	os_memset(&global, 0, sizeof(global));
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -4891,8 +4891,8 @@ static void wpas_event_unprot_beacon(str
+@@ -4953,8 +4953,8 @@ static void wpas_event_unprot_beacon(str
  }
  
  
@@ -242,7 +242,7 @@
  {
  	struct wpa_supplicant *wpa_s = ctx;
  	int resched;
-@@ -5745,7 +5745,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -5813,7 +5813,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -253,7 +253,7 @@
  	struct wpa_supplicant *wpa_s;
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7043,7 +7043,6 @@ struct wpa_interface * wpa_supplicant_ma
+@@ -7087,7 +7087,6 @@ struct wpa_interface * wpa_supplicant_ma
  	return NULL;
  }
  
@@ -261,7 +261,7 @@
  /**
   * wpa_supplicant_match_existing - Match existing interfaces
   * @global: Pointer to global data from wpa_supplicant_init()
-@@ -7078,6 +7077,11 @@ static int wpa_supplicant_match_existing
+@@ -7122,6 +7121,11 @@ static int wpa_supplicant_match_existing
  
  #endif /* CONFIG_MATCH_IFACE */
  
@@ -273,7 +273,7 @@
  
  /**
   * wpa_supplicant_add_iface - Add a new network interface
-@@ -7334,6 +7338,8 @@ struct wpa_global * wpa_supplicant_init(
+@@ -7378,6 +7382,8 @@ struct wpa_global * wpa_supplicant_init(
  #ifndef CONFIG_NO_WPA_MSG
  	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
  #endif /* CONFIG_NO_WPA_MSG */
@@ -284,7 +284,7 @@
  		wpa_debug_open_file(params->wpa_debug_file_path);
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -590,6 +590,11 @@ fail:
+@@ -591,6 +591,11 @@ fail:
  	return -1;
  }
  
@@ -296,14 +296,14 @@
  
  #ifdef CONFIG_WPS
  static int gen_uuid(const char *txt_addr)
-@@ -683,6 +688,8 @@ int main(int argc, char *argv[])
+@@ -684,6 +689,8 @@ int main(int argc, char *argv[])
  		return -1;
  #endif /* CONFIG_DPP */
  
 +	wpa_supplicant_event = hostapd_wpa_event;
 +	wpa_supplicant_event_global = hostapd_wpa_event_global;
  	for (;;) {
- 		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
+ 		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:q");
  		if (c < 0)
 --- a/src/drivers/drivers.c
 +++ b/src/drivers/drivers.c
@@ -320,7 +320,7 @@
  {
 --- a/wpa_supplicant/eapol_test.c
 +++ b/wpa_supplicant/eapol_test.c
-@@ -30,7 +30,12 @@
+@@ -31,7 +31,12 @@
  #include "ctrl_iface.h"
  #include "pcsc_funcs.h"
  #include "wpas_glue.h"
@@ -333,7 +333,7 @@
  
  const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
  
-@@ -1291,6 +1296,10 @@ static void usage(void)
+@@ -1303,6 +1308,10 @@ static void usage(void)
  	       "option several times.\n");
  }
  
@@ -344,7 +344,7 @@
  
  int main(int argc, char *argv[])
  {
-@@ -1311,6 +1320,8 @@ int main(int argc, char *argv[])
+@@ -1323,6 +1332,8 @@ int main(int argc, char *argv[])
  	if (os_program_init())
  		return -1;
  

package/network/services/hostapd/patches/300-noscan.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3474,6 +3474,10 @@ static int hostapd_config_fill(struct ho
+@@ -3439,6 +3439,10 @@ static int hostapd_config_fill(struct ho
  		if (bss->ocv && !bss->ieee80211w)
  			bss->ieee80211w = 1;
  #endif /* CONFIG_OCV */
@@ -13,7 +13,7 @@
  	} else if (os_strcmp(buf, "ht_capab") == 0) {
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -1014,6 +1014,8 @@ struct hostapd_config {
+@@ -1043,6 +1043,8 @@ struct hostapd_config {
  
  	int ht_op_mode_fixed;
  	u16 ht_capab;

package/network/services/hostapd/patches/301-mesh-noscan.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/config.c
 +++ b/wpa_supplicant/config.c
-@@ -2532,6 +2532,7 @@ static const struct parse_data ssid_fiel
+@@ -2555,6 +2555,7 @@ static const struct parse_data ssid_fiel
  #else /* CONFIG_MESH */
  	{ INT_RANGE(mode, 0, 4) },
  #endif /* CONFIG_MESH */
@@ -10,7 +10,7 @@
  	{ STR(id_str) },
 --- a/wpa_supplicant/config_file.c
 +++ b/wpa_supplicant/config_file.c
-@@ -769,6 +769,7 @@ static void wpa_config_write_network(FIL
+@@ -766,6 +766,7 @@ static void wpa_config_write_network(FIL
  #endif /* IEEE8021X_EAPOL */
  	INT(mode);
  	INT(no_auto_peer);
@@ -20,7 +20,7 @@
  	INT(enable_edmg);
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -505,6 +505,8 @@ static int wpa_supplicant_mesh_init(stru
+@@ -506,6 +506,8 @@ static int wpa_supplicant_mesh_init(stru
  			   frequency);
  		goto out_free;
  	}
@@ -31,7 +31,7 @@
  		/*
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2436,7 +2436,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2463,7 +2463,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
  	enum hostapd_hw_mode hw_mode;
  	struct hostapd_hw_modes *mode = NULL;
@@ -40,7 +40,7 @@
  			   184, 192 };
  	int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
  		       6035, 6115, 6195, 6275, 6355, 6435, 6515,
-@@ -2444,7 +2444,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2471,7 +2471,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int bw160[] = { 5955, 6115, 6275, 6435, 6595, 6755, 6915 };
  	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
  	u8 channel;
@@ -49,7 +49,7 @@
  	unsigned int j, k;
  	struct hostapd_freq_params vht_freq;
  	int chwidth, seg0, seg1;
-@@ -2535,7 +2535,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2562,7 +2562,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  #endif /* CONFIG_HE_OVERRIDES */
  
  	/* Setup higher BW only for 5 GHz */
@@ -60,7 +60,7 @@
  	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
 --- a/wpa_supplicant/config_ssid.h
 +++ b/wpa_supplicant/config_ssid.h
-@@ -974,6 +974,8 @@ struct wpa_ssid {
+@@ -981,6 +981,8 @@ struct wpa_ssid {
  	 */
  	int no_auto_peer;
  

package/network/services/hostapd/patches/310-rescan_immediately.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -5377,7 +5377,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -5419,7 +5419,7 @@ wpa_supplicant_alloc(struct wpa_supplica
  	if (wpa_s == NULL)
  		return NULL;
  	wpa_s->scan_req = INITIAL_SCAN_REQ;

package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch

@@ -1,8 +1,8 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -4986,7 +4986,7 @@ static int nl80211_set_channel(struct i8
+@@ -5022,7 +5022,7 @@ static int nl80211_set_channel(struct i8
- 		   freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
+ 		   freq->he_enabled, freq->eht_enabled, freq->bandwidth,
- 		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
+ 		   freq->center_freq1, freq->center_freq2);
  
 -	msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
 +	msg = nl80211_bss_msg(bss, 0, set_chan ? NL80211_CMD_SET_CHANNEL :

package/network/services/hostapd/patches/340-reload_freq_change.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -115,6 +115,28 @@ static void hostapd_reload_bss(struct ho
+@@ -119,6 +119,29 @@ static void hostapd_reload_bss(struct ho
  #endif /* CONFIG_NO_RADIUS */
  
  	ssid = &hapd->conf->ssid;
@@ -12,6 +12,7 @@
 +			 hapd->iconf->ieee80211n,
 +			 hapd->iconf->ieee80211ac,
 +			 hapd->iconf->ieee80211ax,
++			 hapd->iconf->ieee80211be,
 +			 hapd->iconf->secondary_channel,
 +			 hostapd_get_oper_chwidth(hapd->iconf),
 +			 hostapd_get_oper_centr_freq_seg0_idx(hapd->iconf),
@@ -29,7 +30,7 @@
  	if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
  	    ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
  		/*
-@@ -216,6 +238,7 @@ int hostapd_reload_config(struct hostapd
+@@ -220,6 +243,7 @@ int hostapd_reload_config(struct hostapd
  	struct hostapd_data *hapd = iface->bss[0];
  	struct hostapd_config *newconf, *oldconf;
  	size_t j;
@@ -37,7 +38,7 @@
  
  	if (iface->config_fname == NULL) {
  		/* Only in-memory config in use - assume it has been updated */
-@@ -266,24 +289,20 @@ int hostapd_reload_config(struct hostapd
+@@ -270,24 +294,20 @@ int hostapd_reload_config(struct hostapd
  	}
  	iface->conf = newconf;
  

package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1611,15 +1611,35 @@ int ap_switch_channel(struct wpa_supplic
+@@ -1803,15 +1803,35 @@ int ap_switch_channel(struct wpa_supplic
  
  
  #ifdef CONFIG_CTRL_IFACE

package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch

@@ -1,24 +1,20 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -2931,10 +2931,15 @@ static int wpa_driver_nl80211_del_beacon
+@@ -2938,11 +2938,11 @@ static int wpa_driver_nl80211_del_beacon
- 	struct nl_msg *msg;
  	struct wpa_driver_nl80211_data *drv = bss->drv;
  
-+	if (!bss->beacon_set)
-+		return 0;
-+
-+	bss->beacon_set = 0;
-+
  	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
 -		   drv->ifindex);
 +		   bss->ifindex);
+ 	bss->beacon_set = 0;
+ 	bss->freq = 0;
  	nl80211_put_wiphy_data_ap(bss);
 -	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
 +	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
  	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
  }
  
-@@ -5617,7 +5622,7 @@ static void nl80211_teardown_ap(struct i
+@@ -5661,7 +5661,7 @@ static void nl80211_teardown_ap(struct i
  		nl80211_mgmt_unsubscribe(bss, "AP teardown");
  
  	nl80211_put_wiphy_data_ap(bss);
@@ -27,7 +23,7 @@
  }
  
  
-@@ -8071,8 +8076,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -8120,8 +8120,6 @@ static int wpa_driver_nl80211_if_remove(
  	} else {
  		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
  		nl80211_teardown_ap(bss);
@@ -36,19 +32,3 @@
  		nl80211_destroy_bss(bss);
  		if (!bss->added_if)
  			i802_set_iface_flags(bss, 0);
-@@ -8469,7 +8472,6 @@ static int wpa_driver_nl80211_deinit_ap(
- 	if (!is_ap_interface(drv->nlmode))
- 		return -1;
- 	wpa_driver_nl80211_del_beacon(bss);
--	bss->beacon_set = 0;
- 
- 	/*
- 	 * If the P2P GO interface was dynamically added, then it is
-@@ -8489,7 +8491,6 @@ static int wpa_driver_nl80211_stop_ap(vo
- 	if (!is_ap_interface(drv->nlmode))
- 		return -1;
- 	wpa_driver_nl80211_del_beacon(bss);
--	bss->beacon_set = 0;
- 	return 0;
- }
- 

package/network/services/hostapd/patches/360-ctrl_iface_reload.patch

@@ -78,7 +78,7 @@
  
  #ifdef NEED_AP_MLME
  static int hostapd_ctrl_iface_sa_query(struct hostapd_data *hapd,
-@@ -3771,6 +3828,8 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3449,6 +3506,8 @@ static int hostapd_ctrl_iface_receive_pr
  	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
  		reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
  						      reply_size);
@@ -89,7 +89,7 @@
  #ifdef RADIUS_SERVER
 --- a/src/ap/ctrl_iface_ap.c
 +++ b/src/ap/ctrl_iface_ap.c
-@@ -927,7 +927,13 @@ int hostapd_parse_csa_settings(const cha
+@@ -945,7 +945,13 @@ int hostapd_parse_csa_settings(const cha
  
  int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
  {

package/network/services/hostapd/patches/370-ap_sta_support.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -108,6 +108,8 @@ OBJS_c += ../src/utils/common.o
+@@ -115,6 +115,8 @@ OBJS_c += ../src/utils/common.o
  OBJS_c += ../src/common/cli.o
  OBJS += wmm_ac.o
  
@@ -30,7 +30,7 @@
  	dst->flags = src->flags;
  	os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
  	dst->freq = src->freq;
-@@ -294,6 +299,15 @@ static void wpa_bss_copy_res(struct wpa_
+@@ -295,6 +300,15 @@ static void wpa_bss_copy_res(struct wpa_
  	dst->est_throughput = src->est_throughput;
  	dst->snr = src->snr;
  
@@ -61,7 +61,7 @@
  	/** Beacon interval in TUs (host byte order) */
 --- a/wpa_supplicant/main.c
 +++ b/wpa_supplicant/main.c
-@@ -34,7 +34,7 @@ static void usage(void)
+@@ -35,7 +35,7 @@ static void usage(void)
  	       "vW] [-P<pid file>] "
  	       "[-g<global ctrl>] \\\n"
  	       "        [-G<group>] \\\n"
@@ -70,7 +70,7 @@
  	       "[-p<driver_param>] \\\n"
  	       "        [-b<br_ifname>] [-e<entropy file>]"
  #ifdef CONFIG_DEBUG_FILE
-@@ -74,6 +74,7 @@ static void usage(void)
+@@ -75,6 +75,7 @@ static void usage(void)
  	       "  -g = global ctrl_interface\n"
  	       "  -G = global ctrl_interface group\n"
  	       "  -h = show this help text\n"
@@ -78,7 +78,7 @@
  	       "  -i = interface name\n"
  	       "  -I = additional configuration file\n"
  	       "  -K = include keys (passwords, etc.) in debug output\n"
-@@ -201,7 +202,7 @@ int main(int argc, char *argv[])
+@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
  
  	for (;;) {
  		c = getopt(argc, argv,
@@ -87,7 +87,7 @@
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -248,6 +249,9 @@ int main(int argc, char *argv[])
+@@ -249,6 +250,9 @@ int main(int argc, char *argv[])
  			usage();
  			exitcode = 0;
  			goto out;
@@ -99,7 +99,7 @@
  			break;
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -130,6 +130,54 @@ static void wpas_update_fils_connect_par
+@@ -131,6 +131,54 @@ static void wpas_update_fils_connect_par
  static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
  #endif /* CONFIG_OWE */
  
@@ -154,7 +154,7 @@
  
  #ifdef CONFIG_WEP
  /* Configure default/group WEP keys for static WEP */
-@@ -1015,6 +1063,8 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1016,6 +1064,8 @@ void wpa_supplicant_set_state(struct wpa
  
  		sme_sched_obss_scan(wpa_s, 1);
  
@@ -163,7 +163,7 @@
  #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
  		if (!fils_hlp_sent && ssid && ssid->eap.erp)
  			update_fils_connect_params = true;
-@@ -1025,6 +1075,8 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1026,6 +1076,8 @@ void wpa_supplicant_set_state(struct wpa
  #endif /* CONFIG_OWE */
  	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
  		   state == WPA_ASSOCIATED) {
@@ -172,7 +172,7 @@
  		wpa_s->new_connection = 1;
  		wpa_drv_set_operstate(wpa_s, 0);
  #ifndef IEEE8021X_EAPOL
-@@ -2308,6 +2360,8 @@ void wpa_supplicant_associate(struct wpa
+@@ -2335,6 +2387,8 @@ void wpa_supplicant_associate(struct wpa
  			return;
  		}
  		wpa_s->current_bss = bss;
@@ -181,7 +181,7 @@
  #else /* CONFIG_MESH */
  		wpa_msg(wpa_s, MSG_ERROR,
  			"mesh mode support not included in the build");
-@@ -6650,6 +6704,16 @@ static int wpa_supplicant_init_iface(str
+@@ -6693,6 +6747,16 @@ static int wpa_supplicant_init_iface(str
  			   sizeof(wpa_s->bridge_ifname));
  	}
  
@@ -198,7 +198,7 @@
  	/* RSNA Supplicant Key Management - INITIALIZE */
  	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
  	eapol_sm_notify_portValid(wpa_s->eapol, false);
-@@ -6987,6 +7051,11 @@ static void wpa_supplicant_deinit_iface(
+@@ -7031,6 +7095,11 @@ static void wpa_supplicant_deinit_iface(
  	if (terminate)
  		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
  
@@ -212,7 +212,7 @@
  
 --- a/wpa_supplicant/wpa_supplicant_i.h
 +++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -104,6 +104,11 @@ struct wpa_interface {
+@@ -105,6 +105,11 @@ struct wpa_interface {
  	const char *ifname;
  
  	/**
@@ -224,7 +224,7 @@
  	 * bridge_ifname - Optional bridge interface name
  	 *
  	 * If the driver interface (ifname) is included in a Linux bridge
-@@ -718,6 +723,8 @@ struct wpa_supplicant {
+@@ -717,6 +722,8 @@ struct wpa_supplicant {
  #endif /* CONFIG_CTRL_IFACE_BINDER */
  	char bridge_ifname[16];
  
@@ -235,7 +235,7 @@
  
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -2889,6 +2889,12 @@ static int hostapd_ctrl_iface_chan_switc
+@@ -2641,6 +2641,12 @@ static int hostapd_ctrl_iface_chan_switc
  		return 0;
  	}
  
@@ -247,10 +247,10 @@
 +
  	for (i = 0; i < iface->num_bss; i++) {
  
- 		/* Save CHAN_SWITCH VHT and HE config */
+ 		/* Save CHAN_SWITCH VHT, HE, and EHT config */
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -1791,11 +1791,6 @@ static int __ieee802_11_set_beacon(struc
+@@ -1903,11 +1903,6 @@ static int __ieee802_11_set_beacon(struc
  		return -1;
  	}
  
@@ -264,7 +264,7 @@
  	if (ieee802_11_build_ap_params(hapd, &params) < 0)
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -4891,6 +4891,60 @@ static void wpas_event_unprot_beacon(str
+@@ -4953,6 +4953,60 @@ static void wpas_event_unprot_beacon(str
  }
  
  
@@ -325,7 +325,7 @@
  void supplicant_event(void *ctx, enum wpa_event_type event,
  		      union wpa_event_data *data)
  {
-@@ -5206,8 +5260,10 @@ void supplicant_event(void *ctx, enum wp
+@@ -5268,8 +5322,10 @@ void supplicant_event(void *ctx, enum wp
  			channel_width_to_string(data->ch_switch.ch_width),
  			data->ch_switch.cf1,
  			data->ch_switch.cf2);
@@ -339,7 +339,7 @@
  		wpa_s->current_ssid->frequency = data->ch_switch.freq;
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -5837,6 +5837,7 @@ union wpa_event_data {
+@@ -5968,6 +5968,7 @@ union wpa_event_data {
  
  	/**
  	 * struct ch_switch
@@ -347,7 +347,7 @@
  	 * @freq: Frequency of new channel in MHz
  	 * @ht_enabled: Whether this is an HT channel
  	 * @ch_offset: Secondary channel offset
-@@ -5845,6 +5846,7 @@ union wpa_event_data {
+@@ -5976,6 +5977,7 @@ union wpa_event_data {
  	 * @cf2: Center frequency 2
  	 */
  	struct ch_switch {
@@ -357,7 +357,7 @@
  		int ch_offset;
 --- a/src/drivers/driver_nl80211_event.c
 +++ b/src/drivers/driver_nl80211_event.c
-@@ -691,7 +691,7 @@ static void mlme_event_ch_switch(struct
+@@ -694,7 +694,7 @@ static void mlme_event_ch_switch(struct
  				 struct nlattr *ifindex, struct nlattr *freq,
  				 struct nlattr *type, struct nlattr *bw,
  				 struct nlattr *cf1, struct nlattr *cf2,
@@ -366,7 +366,7 @@
  {
  	struct i802_bss *bss;
  	union wpa_event_data data;
-@@ -752,6 +752,8 @@ static void mlme_event_ch_switch(struct
+@@ -755,6 +755,8 @@ static void mlme_event_ch_switch(struct
  		data.ch_switch.cf1 = nla_get_u32(cf1);
  	if (cf2)
  		data.ch_switch.cf2 = nla_get_u32(cf2);
@@ -375,7 +375,7 @@
  
  	if (finished)
  		bss->freq = data.ch_switch.freq;
-@@ -3010,6 +3012,7 @@ static void do_process_drv_event(struct
+@@ -3113,6 +3115,7 @@ static void do_process_drv_event(struct
  				     tb[NL80211_ATTR_CHANNEL_WIDTH],
  				     tb[NL80211_ATTR_CENTER_FREQ1],
  				     tb[NL80211_ATTR_CENTER_FREQ2],
@@ -383,7 +383,7 @@
  				     0);
  		break;
  	case NL80211_CMD_CH_SWITCH_NOTIFY:
-@@ -3020,6 +3023,7 @@ static void do_process_drv_event(struct
+@@ -3123,6 +3126,7 @@ static void do_process_drv_event(struct
  				     tb[NL80211_ATTR_CHANNEL_WIDTH],
  				     tb[NL80211_ATTR_CENTER_FREQ1],
  				     tb[NL80211_ATTR_CENTER_FREQ2],

package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch

@@ -12,7 +12,7 @@
  else
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -3587,6 +3587,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3265,6 +3265,7 @@ static int hostapd_ctrl_iface_receive_pr
  						      reply_size);
  	} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
  		reply_len = hostapd_drv_status(hapd, reply, reply_size);
@@ -20,7 +20,7 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -3628,6 +3629,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3306,6 +3307,7 @@ static int hostapd_ctrl_iface_receive_pr
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
  							reply_size);
@@ -30,7 +30,7 @@
  			reply_len = -1;
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -958,6 +958,9 @@ ifdef CONFIG_FILS
+@@ -973,6 +973,9 @@ ifdef CONFIG_FILS
  OBJS += ../src/ap/fils_hlp.o
  endif
  ifdef CONFIG_CTRL_IFACE
@@ -42,7 +42,7 @@
  
 --- a/wpa_supplicant/ctrl_iface.c
 +++ b/wpa_supplicant/ctrl_iface.c
-@@ -2314,7 +2314,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -2325,7 +2325,7 @@ static int wpa_supplicant_ctrl_iface_sta
  			pos += ret;
  		}
  
@@ -51,7 +51,7 @@
  		if (wpa_s->ap_iface) {
  			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
  							    end - pos,
-@@ -11494,6 +11494,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -11565,6 +11565,7 @@ char * wpa_supplicant_ctrl_iface_process
  			reply_len = -1;
  	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
  		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
@@ -59,7 +59,7 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -11506,6 +11507,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -11577,6 +11578,7 @@ char * wpa_supplicant_ctrl_iface_process
  				reply_size - reply_len);
  #endif /* CONFIG_MACSEC */
  		}
@@ -67,7 +67,7 @@
  	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
  		reply_len = wpa_supplicant_ctrl_iface_status(
  			wpa_s, buf + 6, reply, reply_size);
-@@ -11994,6 +11996,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12065,6 +12067,7 @@ char * wpa_supplicant_ctrl_iface_process
  		reply_len = wpa_supplicant_ctrl_iface_bss(
  			wpa_s, buf + 4, reply, reply_size);
  #ifdef CONFIG_AP
@@ -75,7 +75,7 @@
  	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
  		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
  	} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -12002,12 +12005,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12073,12 +12076,15 @@ char * wpa_supplicant_ctrl_iface_process
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
  						   reply_size);
@@ -93,15 +93,15 @@
  			reply_len = -1;
 --- a/src/ap/ctrl_iface_ap.c
 +++ b/src/ap/ctrl_iface_ap.c
-@@ -25,6 +25,7 @@
+@@ -26,6 +26,7 @@
- #include "mbo_ap.h"
  #include "taxonomy.h"
+ #include "wnm_ap.h"
  
 +#ifdef CONFIG_CTRL_IFACE_MIB
  
  static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
  					   size_t curr_len, const u8 *mcs_set)
-@@ -459,6 +460,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+@@ -460,6 +461,7 @@ int hostapd_ctrl_iface_sta_next(struct h
  	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
  }
  
@@ -109,7 +109,7 @@
  
  #ifdef CONFIG_P2P_MANAGER
  static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
-@@ -815,12 +817,12 @@ int hostapd_ctrl_iface_status(struct hos
+@@ -832,12 +834,12 @@ int hostapd_ctrl_iface_status(struct hos
  			return len;
  		len += ret;
  	}
@@ -126,7 +126,7 @@
  		if (os_snprintf_error(buflen - len, ret))
 --- a/src/ap/ieee802_1x.c
 +++ b/src/ap/ieee802_1x.c
-@@ -2712,6 +2712,7 @@ static const char * bool_txt(bool val)
+@@ -2740,6 +2740,7 @@ static const char * bool_txt(bool val)
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -134,7 +134,7 @@
  
  int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
  {
-@@ -2898,6 +2899,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -2926,6 +2927,7 @@ int ieee802_1x_get_mib_sta(struct hostap
  	return len;
  }
  
@@ -144,7 +144,7 @@
  static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
 --- a/src/ap/wpa_auth.c
 +++ b/src/ap/wpa_auth.c
-@@ -4519,6 +4519,7 @@ static const char * wpa_bool_txt(int val
+@@ -4559,6 +4559,7 @@ static const char * wpa_bool_txt(int val
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -152,7 +152,7 @@
  
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
-@@ -4669,7 +4670,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -4709,7 +4710,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
  
  	return len;
  }
@@ -163,7 +163,7 @@
  {
 --- a/src/rsn_supp/wpa.c
 +++ b/src/rsn_supp/wpa.c
-@@ -2777,6 +2777,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -2802,6 +2802,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
  }
  
  
@@ -172,7 +172,7 @@
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
  ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -2858,6 +2860,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -2883,6 +2885,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
  
  	return (int) len;
  }
@@ -182,7 +182,7 @@
  
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1462,7 +1462,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1477,7 +1477,7 @@ int wpas_ap_wps_nfc_report_handover(stru
  #endif /* CONFIG_WPS */
  
  

package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch

@@ -1,6 +1,6 @@
 --- a/src/common/wpa_common.c
 +++ b/src/common/wpa_common.c
-@@ -2444,6 +2444,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -2529,6 +2529,31 @@ u32 wpa_akm_to_suite(int akm)
  }
  
  
@@ -32,7 +32,7 @@
  int wpa_compare_rsn_ie(int ft_initial_assoc,
  		       const u8 *ie1, size_t ie1len,
  		       const u8 *ie2, size_t ie2len)
-@@ -2451,8 +2476,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -2536,8 +2561,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
  	if (ie1 == NULL || ie2 == NULL)
  		return -1;
  

package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch

@@ -11,7 +11,7 @@
  			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
  #endif /* CONFIG_NO_TKIP */
  		bss->rsn_pairwise = bss->wpa_pairwise;
-@@ -1180,8 +1179,7 @@ int hostapd_init_wps(struct hostapd_data
+@@ -1181,8 +1180,7 @@ int hostapd_init_wps(struct hostapd_data
  					  WPA_CIPHER_GCMP_256)) {
  			wps->encr_types |= WPS_ENCR_AES;
  			wps->encr_types_rsn |= WPS_ENCR_AES;

package/network/services/hostapd/patches/420-indicate-features.patch

@@ -1,23 +1,24 @@
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -15,6 +15,7 @@
+@@ -31,7 +31,7 @@
- #include "utils/common.h"
+ #include "config_file.h"
- #include "utils/eloop.h"
+ #include "eap_register.h"
- #include "utils/uuid.h"
+ #include "ctrl_iface.h"
-+#include "utils/build_features.h"
+-
- #include "crypto/random.h"
++#include "build_features.h"
- #include "crypto/tls.h"
+ 
- #include "common/version.h"
+ struct hapd_global {
-@@ -691,7 +692,7 @@ int main(int argc, char *argv[])
+ 	void **drv_priv;
+@@ -692,7 +692,7 @@ int main(int argc, char *argv[])
  	wpa_supplicant_event = hostapd_wpa_event;
  	wpa_supplicant_event_global = hostapd_wpa_event_global;
  	for (;;) {
--		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
+-		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:q");
-+		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:v::");
++		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:qv::");
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -728,6 +729,8 @@ int main(int argc, char *argv[])
+@@ -729,6 +729,8 @@ int main(int argc, char *argv[])
  			break;
  #endif /* CONFIG_DEBUG_LINUX_TRACING */
  		case 'v':
@@ -25,7 +26,7 @@
 +				exit(!has_feature(optarg));
  			show_version();
  			exit(1);
- 			break;
+ 		case 'g':
 --- a/wpa_supplicant/main.c
 +++ b/wpa_supplicant/main.c
 @@ -12,6 +12,7 @@
@@ -33,10 +34,10 @@
  
  #include "common.h"
 +#include "build_features.h"
+ #include "crypto/crypto.h"
  #include "fst/fst.h"
  #include "wpa_supplicant_i.h"
- #include "driver_i.h"
+@@ -203,7 +204,7 @@ int main(int argc, char *argv[])
-@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
  
  	for (;;) {
  		c = getopt(argc, argv,
@@ -45,7 +46,7 @@
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -305,8 +306,12 @@ int main(int argc, char *argv[])
+@@ -306,8 +307,12 @@ int main(int argc, char *argv[])
  			break;
  #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
  		case 'v':

package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch

@@ -32,7 +32,7 @@
  
  
  static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1579,13 +1575,10 @@ static const struct hostapd_cli_cmd host
+@@ -1588,13 +1584,10 @@ static const struct hostapd_cli_cmd host
  	{ "disassociate", hostapd_cli_cmd_disassociate,
  	  hostapd_complete_stations,
  	  "<addr> = disassociate a station" },
@@ -46,7 +46,7 @@
  	{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
  	  "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
  	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
-@@ -1610,7 +1603,6 @@ static const struct hostapd_cli_cmd host
+@@ -1619,7 +1612,6 @@ static const struct hostapd_cli_cmd host
  	  "<SSID> <auth> <encr> <key> = configure AP" },
  	{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
  	  "= show current WPS status" },

package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch

@@ -22,7 +22,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  #include "common/defs.h"
  #include "common/ieee802_11_defs.h"
  #include "common/wpa_common.h"
-@@ -857,6 +858,9 @@ struct wpa_driver_associate_params {
+@@ -894,6 +895,9 @@ struct wpa_driver_associate_params {
  	 * responsible for selecting with which BSS to associate. */
  	const u8 *bssid;
  
@@ -42,7 +42,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  #include "config.h"
  
  
-@@ -2321,6 +2322,97 @@ static char * wpa_config_write_peerkey(c
+@@ -2345,6 +2346,97 @@ static char * wpa_config_write_peerkey(c
  #endif /* NO_CONFIG_WRITE */
  
  
@@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  /* Helper macros for network block parser */
  
  #ifdef OFFSET
-@@ -2606,6 +2698,8 @@ static const struct parse_data ssid_fiel
+@@ -2629,6 +2721,8 @@ static const struct parse_data ssid_fiel
  	{ INT(ap_max_inactivity) },
  	{ INT(dtim_period) },
  	{ INT(beacon_int) },
@@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  	 * macsec_policy - Determines the policy for MACsec secure session
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3865,6 +3865,12 @@ static void wpas_start_assoc_cb(struct w
+@@ -3899,6 +3899,12 @@ static void wpas_start_assoc_cb(struct w
  			params.beacon_int = ssid->beacon_int;
  		else
  			params.beacon_int = wpa_s->conf->beacon_int;

package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch

@@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -5966,7 +5966,7 @@ static int wpa_driver_nl80211_ibss(struc
+@@ -6005,7 +6005,7 @@ static int wpa_driver_nl80211_ibss(struc
  				   struct wpa_driver_associate_params *params)
  {
  	struct nl_msg *msg;
@@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  	int count = 0;
  
  	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
-@@ -5993,6 +5993,37 @@ retry:
+@@ -6032,6 +6032,37 @@ retry:
  	    nl80211_put_beacon_int(msg, params->beacon_int))
  		goto fail;
  

package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch

@@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1624,6 +1624,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1661,6 +1661,7 @@ struct wpa_driver_mesh_join_params {
  #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
  	unsigned int flags;
  	bool handle_dfs;
@@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
  struct wpa_driver_set_key_params {
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -10496,6 +10496,18 @@ static int nl80211_put_mesh_id(struct nl
+@@ -10627,6 +10627,18 @@ static int nl80211_put_mesh_id(struct nl
  }
  
  
@@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
  static int nl80211_put_mesh_config(struct nl_msg *msg,
  				   struct wpa_driver_mesh_bss_params *params)
  {
-@@ -10557,6 +10569,7 @@ static int nl80211_join_mesh(struct i802
+@@ -10688,6 +10700,7 @@ static int nl80211_join_mesh(struct i802
  	    nl80211_put_basic_rates(msg, params->basic_rates) ||
  	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
  	    nl80211_put_beacon_int(msg, params->beacon_int) ||
@@ -58,7 +58,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
  
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -631,6 +631,7 @@ int wpa_supplicant_join_mesh(struct wpa_
+@@ -632,6 +632,7 @@ int wpa_supplicant_join_mesh(struct wpa_
  
  	params->meshid = ssid->ssid;
  	params->meshid_len = ssid->ssid_len;

package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2512,11 +2512,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2539,11 +2539,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
  		struct wpa_bss *bss = wpa_s->last_scan_res[j];
  

package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch

@@ -0,0 +1,24 @@
+From c9304d3303d563ad6d2619f4e07864ed12f96889 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Sat, 14 May 2022 21:41:03 +0200
+Subject: [PATCH] hostapd: config: support random BSS color
+
+Configure the HE BSS color to a random value in case the config defines
+a BSS color which exceeds the max BSS color (63).
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ hostapd/config_file.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3489,6 +3489,8 @@ static int hostapd_config_fill(struct ho
+ 	} else if (os_strcmp(buf, "he_bss_color") == 0) {
+ 		conf->he_op.he_bss_color = atoi(pos) & 0x3f;
+ 		conf->he_op.he_bss_color_disabled = 0;
++		if (atoi(pos) > 63)
++			conf->he_op.he_bss_color = os_random() % 63 + 1;
+ 	} else if (os_strcmp(buf, "he_bss_color_partial") == 0) {
+ 		conf->he_op.he_bss_color_partial = atoi(pos);
+ 	} else if (os_strcmp(buf, "he_default_pe_duration") == 0) {

package/network/services/hostapd/patches/500-lto-jobserver-support.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -1297,7 +1297,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
+@@ -1394,7 +1394,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
  	@$(AR) cr $@ hostapd_multi.o $(OBJS)
  
  hostapd: $(OBJS)
@@ -9,7 +9,7 @@
  	@$(E) "  LD " $@
  
  ifdef CONFIG_WPA_TRACE
-@@ -1308,7 +1308,7 @@ _OBJS_VAR := OBJS_c
+@@ -1405,7 +1405,7 @@ _OBJS_VAR := OBJS_c
  include ../src/objs.mk
  
  hostapd_cli: $(OBJS_c)
@@ -20,7 +20,7 @@
  NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1920,31 +1920,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
+@@ -2025,31 +2025,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
  	@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
  
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)

package/network/services/hostapd/patches/590-rrm-wnm-statistics.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/hostapd.h
 +++ b/src/ap/hostapd.h
-@@ -150,6 +150,21 @@ struct hostapd_sae_commit_queue {
+@@ -162,6 +162,21 @@ struct hostapd_sae_commit_queue {
  };
  
  /**
@@ -22,7 +22,7 @@
   * struct hostapd_data - hostapd per-BSS data structure
   */
  struct hostapd_data {
-@@ -163,6 +178,9 @@ struct hostapd_data {
+@@ -175,6 +190,9 @@ struct hostapd_data {
  
  	u8 own_addr[ETH_ALEN];
  
@@ -42,7 +42,7 @@
  	wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
  		   MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
  		   "validity_interval=%u",
-@@ -646,10 +647,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
+@@ -659,10 +660,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
  
  	switch (action) {
  	case WNM_BSS_TRANS_MGMT_QUERY:
@@ -55,7 +55,7 @@
  		ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
  						  plen);
  		return 0;
-@@ -696,6 +699,7 @@ int wnm_send_disassoc_imminent(struct ho
+@@ -709,6 +712,7 @@ int wnm_send_disassoc_imminent(struct ho
  
  	pos = mgmt->u.action.u.bss_tm_req.variable;
  
@@ -63,7 +63,7 @@
  	wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
  		   MACSTR, disassoc_timer, MAC2STR(sta->addr));
  	if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
-@@ -777,6 +781,7 @@ int wnm_send_ess_disassoc_imminent(struc
+@@ -790,6 +794,7 @@ int wnm_send_ess_disassoc_imminent(struc
  		return -1;
  	}
  
@@ -71,7 +71,7 @@
  	if (disassoc_timer) {
  		/* send disassociation frame after time-out */
  		set_disassoc_timer(hapd, sta, disassoc_timer);
-@@ -857,6 +862,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
+@@ -870,6 +875,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
  	}
  	os_free(buf);
  

package/network/services/hostapd/patches/600-ubus_support.patch

@@ -14,7 +14,7 @@
  CFLAGS += -O0 -fprofile-arcs -ftest-coverage
 --- a/src/ap/hostapd.h
 +++ b/src/ap/hostapd.h
-@@ -17,6 +17,7 @@
+@@ -18,6 +18,7 @@
  #include "utils/list.h"
  #include "ap_config.h"
  #include "drivers/driver.h"
@@ -22,7 +22,7 @@
  
  #define OCE_STA_CFON_ENABLED(hapd) \
  	((hapd->conf->oce & OCE_STA_CFON) && \
-@@ -80,7 +81,7 @@ struct hapd_interfaces {
+@@ -92,7 +93,7 @@ struct hapd_interfaces {
  #ifdef CONFIG_CTRL_IFACE_UDP
         unsigned char ctrl_iface_cookie[CTRL_IFACE_COOKIE_LEN];
  #endif /* CONFIG_CTRL_IFACE_UDP */
@@ -31,7 +31,7 @@
  };
  
  enum hostapd_chan_status {
-@@ -171,6 +172,7 @@ struct hostapd_data {
+@@ -183,6 +184,7 @@ struct hostapd_data {
  	struct hostapd_iface *iface;
  	struct hostapd_config *iconf;
  	struct hostapd_bss_config *conf;
@@ -39,7 +39,7 @@
  	int interface_added; /* virtual interface added for this BSS */
  	unsigned int started:1;
  	unsigned int disabled:1;
-@@ -630,6 +632,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -673,6 +675,7 @@ hostapd_alloc_bss_data(struct hostapd_if
  		       struct hostapd_bss_config *bss);
  int hostapd_setup_interface(struct hostapd_iface *iface);
  int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
@@ -49,7 +49,7 @@
  struct hostapd_iface * hostapd_alloc_iface(void);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -396,6 +396,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -401,6 +401,7 @@ void hostapd_free_hapd_data(struct hosta
  	hapd->beacon_set_done = 0;
  
  	wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
@@ -57,7 +57,7 @@
  	accounting_deinit(hapd);
  	hostapd_deinit_wpa(hapd);
  	vlan_deinit(hapd);
-@@ -1422,6 +1423,8 @@ static int hostapd_setup_bss(struct host
+@@ -1431,6 +1432,8 @@ static int hostapd_setup_bss(struct host
  	if (hapd->driver && hapd->driver->set_operstate)
  		hapd->driver->set_operstate(hapd->drv_priv, 1);
  
@@ -66,7 +66,7 @@
  	return 0;
  }
  
-@@ -2028,6 +2031,7 @@ static int hostapd_setup_interface_compl
+@@ -2050,6 +2053,7 @@ static int hostapd_setup_interface_compl
  	if (err)
  		goto fail;
  
@@ -74,7 +74,7 @@
  	wpa_printf(MSG_DEBUG, "Completing interface initialization");
  	if (iface->freq) {
  #ifdef NEED_AP_MLME
-@@ -2225,6 +2229,7 @@ dfs_offload:
+@@ -2248,6 +2252,7 @@ dfs_offload:
  
  fail:
  	wpa_printf(MSG_ERROR, "Interface initialization failed");
@@ -82,7 +82,7 @@
  	hostapd_set_state(iface, HAPD_IFACE_DISABLED);
  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
  #ifdef CONFIG_FST
-@@ -2700,6 +2705,7 @@ void hostapd_interface_deinit_free(struc
+@@ -2723,6 +2728,7 @@ void hostapd_interface_deinit_free(struc
  		   (unsigned int) iface->conf->num_bss);
  	driver = iface->bss[0]->driver;
  	drv_priv = iface->bss[0]->drv_priv;
@@ -92,7 +92,7 @@
  		   __func__, driver, drv_priv);
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -3553,13 +3553,18 @@ static void handle_auth(struct hostapd_d
+@@ -3573,13 +3573,18 @@ static void handle_auth(struct hostapd_d
  	u16 auth_alg, auth_transaction, status_code;
  	u16 resp = WLAN_STATUS_SUCCESS;
  	struct sta_info *sta = NULL;
@@ -112,7 +112,7 @@
  
  	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
  		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -3727,6 +3732,13 @@ static void handle_auth(struct hostapd_d
+@@ -3747,6 +3752,13 @@ static void handle_auth(struct hostapd_d
  		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
  		goto fail;
  	}
@@ -126,7 +126,7 @@
  	if (res == HOSTAPD_ACL_PENDING)
  		return;
  
-@@ -5447,7 +5459,7 @@ static void handle_assoc(struct hostapd_
+@@ -5488,7 +5500,7 @@ static void handle_assoc(struct hostapd_
  	int resp = WLAN_STATUS_SUCCESS;
  	u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
  	const u8 *pos;
@@ -135,7 +135,7 @@
  	struct sta_info *sta;
  	u8 *tmp = NULL;
  #ifdef CONFIG_FILS
-@@ -5660,6 +5672,11 @@ static void handle_assoc(struct hostapd_
+@@ -5701,6 +5713,11 @@ static void handle_assoc(struct hostapd_
  		left = res;
  	}
  #endif /* CONFIG_FILS */
@@ -147,7 +147,7 @@
  
  	/* followed by SSID and Supported rates; and HT capabilities if 802.11n
  	 * is used */
-@@ -5758,6 +5775,13 @@ static void handle_assoc(struct hostapd_
+@@ -5799,6 +5816,13 @@ static void handle_assoc(struct hostapd_
  	}
  #endif /* CONFIG_FILS */
  
@@ -161,7 +161,7 @@
   fail:
  
  	/*
-@@ -5851,6 +5875,7 @@ static void handle_disassoc(struct hosta
+@@ -5892,6 +5916,7 @@ static void handle_disassoc(struct hosta
  	wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
  		   MAC2STR(mgmt->sa),
  		   le_to_host16(mgmt->u.disassoc.reason_code));
@@ -169,7 +169,7 @@
  
  	sta = ap_get_sta(hapd, mgmt->sa);
  	if (sta == NULL) {
-@@ -5920,6 +5945,8 @@ static void handle_deauth(struct hostapd
+@@ -5961,6 +5986,8 @@ static void handle_deauth(struct hostapd
  	/* Clear the PTKSA cache entries for PASN */
  	ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
  
@@ -180,7 +180,7 @@
  		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -852,6 +852,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -919,6 +919,12 @@ void handle_probe_req(struct hostapd_dat
  	u16 csa_offs[2];
  	size_t csa_offs_len;
  	struct radius_sta rad_info;
@@ -193,7 +193,7 @@
  
  	if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
  	    ssi_signal < hapd->iconf->rssi_ignore_probe_request)
-@@ -1038,6 +1044,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1105,6 +1111,12 @@ void handle_probe_req(struct hostapd_dat
  	}
  #endif /* CONFIG_P2P */
  
@@ -234,7 +234,7 @@
  		wpabuf_free(sta->p2p_ie);
 --- a/src/ap/sta_info.c
 +++ b/src/ap/sta_info.c
-@@ -458,6 +458,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -460,6 +460,7 @@ void ap_handle_timer(void *eloop_ctx, vo
  		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
  			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
  			       "local deauth request");
@@ -242,7 +242,7 @@
  		ap_free_sta(hapd, sta);
  		return;
  	}
-@@ -613,6 +614,7 @@ skip_poll:
+@@ -615,6 +616,7 @@ skip_poll:
  		mlme_deauthenticate_indication(
  			hapd, sta,
  			WLAN_REASON_PREV_AUTH_NOT_VALID);
@@ -250,8 +250,62 @@
  		ap_free_sta(hapd, sta);
  		break;
  	}
-@@ -1329,6 +1331,7 @@ void ap_sta_set_authorized(struct hostap
+@@ -1298,12 +1300,25 @@ void ap_sta_set_authorized(struct hostap
- 					  buf, ip_addr, keyid_buf);
+ 					sta->addr, authorized, dev_addr);
+ 
+ 	if (authorized) {
++		static const char * const auth_algs[] = {
++			[WLAN_AUTH_OPEN] = "open",
++			[WLAN_AUTH_SHARED_KEY] = "shared",
++			[WLAN_AUTH_FT] = "ft",
++			[WLAN_AUTH_SAE] = "sae",
++			[WLAN_AUTH_FILS_SK] = "fils-sk",
++			[WLAN_AUTH_FILS_SK_PFS] = "fils-sk-pfs",
++			[WLAN_AUTH_FILS_PK] = "fils-pk",
++			[WLAN_AUTH_PASN] = "pasn",
++		};
++		const char *auth_alg = NULL;
+ 		const char *keyid;
+ 		char keyid_buf[100];
+ 		char ip_addr[100];
++		char alg_buf[100];
+ 
+ 		keyid_buf[0] = '\0';
+ 		ip_addr[0] = '\0';
++		alg_buf[0] = '\0';
+ #ifdef CONFIG_P2P
+ 		if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
+ 			os_snprintf(ip_addr, sizeof(ip_addr),
+@@ -1313,22 +1328,31 @@ void ap_sta_set_authorized(struct hostap
+ 		}
+ #endif /* CONFIG_P2P */
+ 
++		if (sta->auth_alg < ARRAY_SIZE(auth_algs))
++			auth_alg = auth_algs[sta->auth_alg];
++
++		if (auth_alg)
++			os_snprintf(alg_buf, sizeof(alg_buf),
++				    " auth_alg=%s", auth_alg);
++
+ 		keyid = ap_sta_wpa_get_keyid(hapd, sta);
+ 		if (keyid) {
+ 			os_snprintf(keyid_buf, sizeof(keyid_buf),
+ 				    " keyid=%s", keyid);
+ 		}
+ 
+-		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
+-			buf, ip_addr, keyid_buf);
++		hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
++		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
++			buf, ip_addr, keyid_buf, alg_buf);
+ 
+ 		if (hapd->msg_ctx_parent &&
+ 		    hapd->msg_ctx_parent != hapd->msg_ctx)
+ 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
+-					  AP_STA_CONNECTED "%s%s%s",
+-					  buf, ip_addr, keyid_buf);
++					  AP_STA_CONNECTED "%s%s%s%s",
++					  buf, ip_addr, keyid_buf, alg_buf);
  	} else {
  		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
 +		hostapd_ubus_notify(hapd, "disassoc", sta->addr);
@@ -260,7 +314,7 @@
  		    hapd->msg_ctx_parent != hapd->msg_ctx)
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -265,6 +265,7 @@ static void hostapd_wpa_auth_psk_failure
+@@ -268,6 +268,7 @@ static void hostapd_wpa_auth_psk_failure
  	struct hostapd_data *hapd = ctx;
  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
  		MAC2STR(addr));
@@ -270,7 +324,7 @@
  
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -176,6 +176,12 @@ ifdef CONFIG_EAPOL_TEST
+@@ -183,6 +183,12 @@ ifdef CONFIG_EAPOL_TEST
  CFLAGS += -Werror -DEAPOL_TEST
  endif
  
@@ -283,7 +337,7 @@
  ifdef CONFIG_CODE_COVERAGE
  CFLAGS += -O0 -fprofile-arcs -ftest-coverage
  LIBS += -lgcov
-@@ -962,6 +968,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
+@@ -977,6 +983,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
  CFLAGS += -DCONFIG_CTRL_IFACE_MIB
  endif
  OBJS += ../src/ap/ctrl_iface_ap.o
@@ -295,7 +349,7 @@
  CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7241,6 +7241,8 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -7285,6 +7285,8 @@ struct wpa_supplicant * wpa_supplicant_a
  	}
  #endif /* CONFIG_P2P */
  
@@ -304,7 +358,7 @@
  	return wpa_s;
  }
  
-@@ -7267,6 +7269,8 @@ int wpa_supplicant_remove_iface(struct w
+@@ -7311,6 +7313,8 @@ int wpa_supplicant_remove_iface(struct w
  	struct wpa_supplicant *parent = wpa_s->parent;
  #endif /* CONFIG_MESH */
  
@@ -313,7 +367,7 @@
  	/* Remove interface from the global list of interfaces */
  	prev = global->ifaces;
  	if (prev == wpa_s) {
-@@ -7570,8 +7574,12 @@ int wpa_supplicant_run(struct wpa_global
+@@ -7614,8 +7618,12 @@ int wpa_supplicant_run(struct wpa_global
  	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
  	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
  
@@ -328,7 +382,7 @@
  
 --- a/wpa_supplicant/wpa_supplicant_i.h
 +++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -19,6 +19,7 @@
+@@ -20,6 +20,7 @@
  #include "wps/wps_defs.h"
  #include "config_ssid.h"
  #include "wmm_ac.h"
@@ -336,7 +390,7 @@
  
  extern const char *const wpa_supplicant_version;
  extern const char *const wpa_supplicant_license;
-@@ -322,6 +323,8 @@ struct wpa_global {
+@@ -323,6 +324,8 @@ struct wpa_global {
  #endif /* CONFIG_WIFI_DISPLAY */
  
  	struct psk_list_entry *add_psk; /* From group formation */
@@ -345,7 +399,7 @@
  };
  
  
-@@ -708,6 +711,7 @@ struct wpa_supplicant {
+@@ -707,6 +710,7 @@ struct wpa_supplicant {
  	unsigned char own_addr[ETH_ALEN];
  	unsigned char perm_addr[ETH_ALEN];
  	char ifname[100];
@@ -363,7 +417,7 @@
  
  
  #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
-@@ -393,6 +394,8 @@ static int wpa_supplicant_wps_cred(void
+@@ -391,6 +392,8 @@ static int wpa_supplicant_wps_cred(void
  	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
  			cred->cred_attr, cred->cred_attr_len);
  
@@ -374,7 +428,7 @@
  
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -895,6 +895,7 @@ int main(int argc, char *argv[])
+@@ -897,6 +897,7 @@ int main(int argc, char *argv[])
  	}
  
  	hostapd_global_ctrl_iface_init(&interfaces);
@@ -382,7 +436,7 @@
  
  	if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
  		wpa_printf(MSG_ERROR, "Failed to start eloop");
-@@ -904,6 +905,7 @@ int main(int argc, char *argv[])
+@@ -906,6 +907,7 @@ int main(int argc, char *argv[])
  	ret = 0;
  
   out:
@@ -392,7 +446,7 @@
  	for (i = 0; i < interfaces.count; i++) {
 --- a/wpa_supplicant/main.c
 +++ b/wpa_supplicant/main.c
-@@ -203,7 +203,7 @@ int main(int argc, char *argv[])
+@@ -204,7 +204,7 @@ int main(int argc, char *argv[])
  
  	for (;;) {
  		c = getopt(argc, argv,
@@ -401,7 +455,7 @@
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -271,6 +271,9 @@ int main(int argc, char *argv[])
+@@ -272,6 +272,9 @@ int main(int argc, char *argv[])
  			params.conf_p2p_dev = optarg;
  			break;
  #endif /* CONFIG_P2P */
@@ -423,6 +477,16 @@
  }
  
  
+@@ -352,6 +355,9 @@ void hostapd_handle_radio_measurement(st
+ 		   mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
+ 
+ 	switch (mgmt->u.action.u.rrm.action) {
++	case WLAN_RRM_LINK_MEASUREMENT_REPORT:
++		hostapd_ubus_handle_link_measurement(hapd, buf, len);
++		break;
+ 	case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
+ 		hostapd_handle_radio_msmt_report(hapd, buf, len);
+ 		break;
 --- a/src/ap/vlan_init.c
 +++ b/src/ap/vlan_init.c
 @@ -22,6 +22,7 @@
@@ -463,7 +527,7 @@
  
 --- a/src/ap/dfs.c
 +++ b/src/ap/dfs.c
-@@ -1196,6 +1196,8 @@ int hostapd_dfs_radar_detected(struct ho
+@@ -1203,6 +1203,8 @@ int hostapd_dfs_pre_cac_expired(struct h
  		"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
  		freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
  
@@ -505,7 +569,7 @@
  	}
 --- a/src/ap/sta_info.h
 +++ b/src/ap/sta_info.h
-@@ -324,6 +324,7 @@ struct sta_info {
+@@ -328,6 +328,7 @@ struct sta_info {
  #endif /* CONFIG_TESTING_OPTIONS */
  #ifdef CONFIG_AIRTIME_POLICY
  	unsigned int airtime_weight;
@@ -515,9 +579,9 @@
  
 --- a/src/ap/wnm_ap.c
 +++ b/src/ap/wnm_ap.c
-@@ -442,7 +442,8 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -455,7 +455,8 @@ static void ieee802_11_rx_bss_trans_mgmt
- 	wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
+ 		MAC2STR(addr), reason, hex ? " neighbor=" : "", hex);
- 		    pos, end - pos);
+ 	os_free(hex);
  
 -	ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
 +	if (!hostapd_ubus_notify_bss_transition_query(hapd, addr, dialog_token, reason, pos, end - pos))
@@ -525,7 +589,7 @@
  }
  
  
-@@ -464,7 +465,7 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -477,7 +478,7 @@ static void ieee802_11_rx_bss_trans_mgmt
  					      size_t len)
  {
  	u8 dialog_token, status_code, bss_termination_delay;
@@ -534,7 +598,7 @@
  	int enabled = hapd->conf->bss_transition;
  	struct sta_info *sta;
  
-@@ -511,6 +512,7 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -524,6 +525,7 @@ static void ieee802_11_rx_bss_trans_mgmt
  			wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
  			return;
  		}
@@ -542,7 +606,7 @@
  		sta->agreed_to_steer = 1;
  		eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
  		eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
-@@ -530,6 +532,10 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -543,6 +545,10 @@ static void ieee802_11_rx_bss_trans_mgmt
  			MAC2STR(addr), status_code, bss_termination_delay);
  	}
  

package/network/services/hostapd/patches/700-wifi-reload.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2458,6 +2458,8 @@ static int hostapd_config_fill(struct ho
+@@ -2416,6 +2416,8 @@ static int hostapd_config_fill(struct ho
  		bss->isolate = atoi(pos);
  	} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
  		bss->ap_max_inactivity = atoi(pos);
@@ -9,7 +9,7 @@
  	} else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
  		bss->skip_inactivity_poll = atoi(pos);
  	} else if (os_strcmp(buf, "country_code") == 0) {
-@@ -3158,6 +3160,8 @@ static int hostapd_config_fill(struct ho
+@@ -3121,6 +3123,8 @@ static int hostapd_config_fill(struct ho
  		}
  	} else if (os_strcmp(buf, "acs_exclude_dfs") == 0) {
  		conf->acs_exclude_dfs = atoi(pos);
@@ -20,7 +20,7 @@
  	} else if (os_strcmp(buf, "channel") == 0) {
 --- a/src/ap/ap_config.c
 +++ b/src/ap/ap_config.c
-@@ -792,6 +792,7 @@ void hostapd_config_free_bss(struct host
+@@ -796,6 +796,7 @@ void hostapd_config_free_bss(struct host
  	os_free(conf->radius_req_attr_sqlite);
  	os_free(conf->rsn_preauth_interfaces);
  	os_free(conf->ctrl_interface);
@@ -28,7 +28,7 @@
  	os_free(conf->ca_cert);
  	os_free(conf->server_cert);
  	os_free(conf->server_cert2);
-@@ -988,6 +989,7 @@ void hostapd_config_free(struct hostapd_
+@@ -995,6 +996,7 @@ void hostapd_config_free(struct hostapd_
  
  	for (i = 0; i < conf->num_bss; i++)
  		hostapd_config_free_bss(conf->bss[i]);
@@ -38,7 +38,7 @@
  	os_free(conf->basic_rates);
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -279,6 +279,8 @@ struct hostapd_bss_config {
+@@ -285,6 +285,8 @@ struct hostapd_bss_config {
  	char vlan_bridge[IFNAMSIZ + 1];
  	char wds_bridge[IFNAMSIZ + 1];
  
@@ -47,7 +47,7 @@
  	enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
  
  	unsigned int logger_syslog; /* module bitfield */
-@@ -942,6 +944,7 @@ struct spatial_reuse {
+@@ -969,6 +971,7 @@ struct eht_phy_capabilities_info {
  struct hostapd_config {
  	struct hostapd_bss_config **bss, *last_bss;
  	size_t num_bss;
@@ -57,7 +57,7 @@
  	int rts_threshold;
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -219,6 +219,10 @@ static int hostapd_iface_conf_changed(st
+@@ -224,6 +224,10 @@ static int hostapd_iface_conf_changed(st
  {
  	size_t i;
  
@@ -68,7 +68,7 @@
  	if (newconf->num_bss != oldconf->num_bss)
  		return 1;
  
-@@ -232,7 +236,7 @@ static int hostapd_iface_conf_changed(st
+@@ -237,7 +241,7 @@ static int hostapd_iface_conf_changed(st
  }
  
  
@@ -77,7 +77,7 @@
  {
  	struct hapd_interfaces *interfaces = iface->interfaces;
  	struct hostapd_data *hapd = iface->bss[0];
-@@ -255,13 +259,16 @@ int hostapd_reload_config(struct hostapd
+@@ -260,13 +264,16 @@ int hostapd_reload_config(struct hostapd
  	if (newconf == NULL)
  		return -1;
  
@@ -96,7 +96,7 @@
  		wpa_printf(MSG_DEBUG,
  			   "Configuration changes include interface/BSS modification - force full disable+enable sequence");
  		fname = os_strdup(iface->config_fname);
-@@ -286,6 +293,24 @@ int hostapd_reload_config(struct hostapd
+@@ -291,6 +298,24 @@ int hostapd_reload_config(struct hostapd
  			wpa_printf(MSG_ERROR,
  				   "Failed to enable interface on config reload");
  		return res;
@@ -121,7 +121,7 @@
  	}
  	iface->conf = newconf;
  
-@@ -302,6 +327,12 @@ int hostapd_reload_config(struct hostapd
+@@ -307,6 +332,12 @@ int hostapd_reload_config(struct hostapd
  
  	for (j = 0; j < iface->num_bss; j++) {
  		hapd = iface->bss[j];
@@ -134,7 +134,7 @@
  		hapd->iconf = newconf;
  		hapd->conf = newconf->bss[j];
  		hostapd_reload_bss(hapd);
-@@ -2397,6 +2428,10 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -2420,6 +2451,10 @@ hostapd_alloc_bss_data(struct hostapd_if
  	hapd->iconf = conf;
  	hapd->conf = bss;
  	hapd->iface = hapd_iface;
@@ -147,7 +147,7 @@
  	hapd->ctrl_sock = -1;
 --- a/src/ap/hostapd.h
 +++ b/src/ap/hostapd.h
-@@ -46,7 +46,7 @@ struct mesh_conf;
+@@ -47,7 +47,7 @@ struct mesh_conf;
  struct hostapd_iface;
  
  struct hapd_interfaces {
@@ -156,7 +156,7 @@
  	struct hostapd_config * (*config_read_cb)(const char *config_fname);
  	int (*ctrl_iface_init)(struct hostapd_data *hapd);
  	void (*ctrl_iface_deinit)(struct hostapd_data *hapd);
-@@ -173,6 +173,7 @@ struct hostapd_data {
+@@ -185,6 +185,7 @@ struct hostapd_data {
  	struct hostapd_config *iconf;
  	struct hostapd_bss_config *conf;
  	struct hostapd_ubus_bss ubus;
@@ -164,7 +164,7 @@
  	int interface_added; /* virtual interface added for this BSS */
  	unsigned int started:1;
  	unsigned int disabled:1;
-@@ -624,7 +625,7 @@ struct hostapd_iface {
+@@ -667,7 +668,7 @@ struct hostapd_iface {
  int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
  			       int (*cb)(struct hostapd_iface *iface,
  					 void *ctx), void *ctx);
@@ -175,7 +175,7 @@
  hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -4833,6 +4833,9 @@ static int wpa_driver_nl80211_set_ap(voi
+@@ -4852,6 +4852,9 @@ static int wpa_driver_nl80211_set_ap(voi
  	if (ret) {
  		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
  			   ret, strerror(-ret));

package/network/services/hostapd/patches/710-vlan_no_bridge.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -115,6 +115,7 @@ struct hostapd_ssid {
+@@ -121,6 +121,7 @@ struct hostapd_ssid {
  #define DYNAMIC_VLAN_OPTIONAL 1
  #define DYNAMIC_VLAN_REQUIRED 2
  	int dynamic_vlan;
@@ -30,7 +30,7 @@
  
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3381,6 +3381,8 @@ static int hostapd_config_fill(struct ho
+@@ -3346,6 +3346,8 @@ static int hostapd_config_fill(struct ho
  #ifndef CONFIG_NO_VLAN
  	} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
  		bss->ssid.dynamic_vlan = atoi(pos);

package/network/services/hostapd/patches/711-wds_bridge_force.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2358,6 +2358,8 @@ static int hostapd_config_fill(struct ho
+@@ -2316,6 +2316,8 @@ static int hostapd_config_fill(struct ho
  			   sizeof(conf->bss[0]->iface));
  	} else if (os_strcmp(buf, "bridge") == 0) {
  		os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));

package/network/services/hostapd/patches/720-iface_max_num_sta.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2880,6 +2880,14 @@ static int hostapd_config_fill(struct ho
+@@ -2841,6 +2841,14 @@ static int hostapd_config_fill(struct ho
  				   line, bss->max_num_sta, MAX_STA_COUNT);
  			return 1;
  		}
@@ -17,17 +17,17 @@
  	} else if (os_strcmp(buf, "extended_key_id") == 0) {
 --- a/src/ap/hostapd.h
 +++ b/src/ap/hostapd.h
-@@ -668,6 +668,7 @@ void hostapd_cleanup_cs_params(struct ho
+@@ -711,6 +711,7 @@ void hostapd_cleanup_cs_params(struct ho
  void hostapd_periodic_iface(struct hostapd_iface *iface);
  int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
  void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
 +int hostapd_check_max_sta(struct hostapd_data *hapd);
  
- /* utils.c */
+ void hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap);
- int hostapd_register_probereq_cb(struct hostapd_data *hapd,
+ void hostapd_cleanup_cca_params(struct hostapd_data *hapd);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -236,6 +236,30 @@ static int hostapd_iface_conf_changed(st
+@@ -241,6 +241,30 @@ static int hostapd_iface_conf_changed(st
  }
  
  
@@ -60,7 +60,7 @@
  	struct hapd_interfaces *interfaces = iface->interfaces;
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -1068,7 +1068,7 @@ void handle_probe_req(struct hostapd_dat
+@@ -1135,7 +1135,7 @@ void handle_probe_req(struct hostapd_dat
  	if (hapd->conf->no_probe_resp_if_max_sta &&
  	    is_multicast_ether_addr(mgmt->da) &&
  	    is_multicast_ether_addr(mgmt->bssid) &&
@@ -71,7 +71,7 @@
  			   " since no room for additional STA",
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -981,6 +981,8 @@ struct hostapd_config {
+@@ -1010,6 +1010,8 @@ struct hostapd_config {
  	unsigned int track_sta_max_num;
  	unsigned int track_sta_max_age;
  

package/network/services/hostapd/patches/730-ft_iface.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3038,6 +3038,8 @@ static int hostapd_config_fill(struct ho
+@@ -3000,6 +3000,8 @@ static int hostapd_config_fill(struct ho
  		wpa_printf(MSG_INFO,
  			   "Line %d: Obsolete peerkey parameter ignored", line);
  #ifdef CONFIG_IEEE80211R_AP
@@ -11,7 +11,7 @@
  		    hexstr2bin(pos, bss->mobility_domain,
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -277,6 +277,7 @@ struct airtime_sta_weight {
+@@ -283,6 +283,7 @@ struct airtime_sta_weight {
  struct hostapd_bss_config {
  	char iface[IFNAMSIZ + 1];
  	char bridge[IFNAMSIZ + 1];
@@ -21,7 +21,7 @@
  
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -1566,8 +1566,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1595,8 +1595,12 @@ int hostapd_setup_wpa(struct hostapd_dat
  	    wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
  		const char *ft_iface;
  

package/network/services/hostapd/patches/740-snoop_iface.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -278,6 +278,7 @@ struct hostapd_bss_config {
+@@ -284,6 +284,7 @@ struct hostapd_bss_config {
  	char iface[IFNAMSIZ + 1];
  	char bridge[IFNAMSIZ + 1];
  	char ft_iface[IFNAMSIZ + 1];
@@ -10,9 +10,9 @@
  
 --- a/src/ap/x_snoop.c
 +++ b/src/ap/x_snoop.c
-@@ -31,14 +31,16 @@ int x_snoop_init(struct hostapd_data *ha
+@@ -33,14 +33,16 @@ int x_snoop_init(struct hostapd_data *ha
- 		return -1;
+ 
- 	}
+ 	hapd->x_snoop_initialized = true;
  
 -	if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
 +	if (!conf->snoop_iface[0] &&
@@ -29,7 +29,7 @@
  		wpa_printf(MSG_DEBUG,
  			   "x_snoop: Failed to enable proxyarp on the bridge port");
  		return -1;
-@@ -52,7 +54,8 @@ int x_snoop_init(struct hostapd_data *ha
+@@ -54,7 +56,8 @@ int x_snoop_init(struct hostapd_data *ha
  	}
  
  #ifdef CONFIG_IPV6
@@ -39,7 +39,7 @@
  		wpa_printf(MSG_DEBUG,
  			   "x_snoop: Failed to enable multicast snooping on the bridge");
  		return -1;
-@@ -71,8 +74,12 @@ x_snoop_get_l2_packet(struct hostapd_dat
+@@ -73,8 +76,12 @@ x_snoop_get_l2_packet(struct hostapd_dat
  {
  	struct hostapd_bss_config *conf = hapd->conf;
  	struct l2_packet_data *l2;
@@ -55,7 +55,7 @@
  			   "x_snoop: Failed to initialize L2 packet processing %s",
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2360,6 +2360,8 @@ static int hostapd_config_fill(struct ho
+@@ -2318,6 +2318,8 @@ static int hostapd_config_fill(struct ho
  		os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
  		if (!bss->wds_bridge[0])
  			os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));

package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -1644,6 +1644,8 @@ static int parse_anqp_elem(struct hostap
+@@ -1602,6 +1602,8 @@ static int parse_anqp_elem(struct hostap
  	return 0;
  }
  
@@ -9,7 +9,7 @@
  
  static int parse_qos_map_set(struct hostapd_bss_config *bss,
  			     char *buf, int line)
-@@ -1685,8 +1687,6 @@ static int parse_qos_map_set(struct host
+@@ -1643,8 +1645,6 @@ static int parse_qos_map_set(struct host
  	return 0;
  }
  
@@ -18,7 +18,7 @@
  
  #ifdef CONFIG_HS20
  static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
-@@ -4077,10 +4077,10 @@ static int hostapd_config_fill(struct ho
+@@ -4046,10 +4046,10 @@ static int hostapd_config_fill(struct ho
  		bss->gas_frag_limit = val;
  	} else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
  		bss->gas_comeback_delay = atoi(pos);
@@ -32,7 +32,7 @@
  		os_free(bss->dump_msk_file);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -1415,6 +1415,7 @@ static int hostapd_setup_bss(struct host
+@@ -1424,6 +1424,7 @@ static int hostapd_setup_bss(struct host
  		wpa_printf(MSG_ERROR, "GAS server initialization failed");
  		return -1;
  	}
@@ -40,7 +40,7 @@
  
  	if (conf->qos_map_set_len &&
  	    hostapd_drv_set_qos_map(hapd, conf->qos_map_set,
-@@ -1422,7 +1423,6 @@ static int hostapd_setup_bss(struct host
+@@ -1431,7 +1432,6 @@ static int hostapd_setup_bss(struct host
  		wpa_printf(MSG_ERROR, "Failed to initialize QoS Map");
  		return -1;
  	}
@@ -48,25 +48,41 @@
  
  	if (conf->bss_load_update_period && bss_load_update_init(hapd)) {
  		wpa_printf(MSG_ERROR, "BSS Load initialization failed");
---- a/src/ap/drv_callbacks.c
+--- a/wpa_supplicant/events.c
-+++ b/src/ap/drv_callbacks.c
++++ b/wpa_supplicant/events.c
-@@ -271,12 +271,10 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -2586,8 +2586,6 @@ void wnm_bss_keep_alive_deinit(struct wp
  }
- #endif /* NEED_AP_MLME */
+ 
  
 -#ifdef CONFIG_INTERWORKING
- 	if (elems.ext_capab && elems.ext_capab_len > 4) {
+-
- 		if (elems.ext_capab[4] & 0x01)
+ static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
- 			sta->qos_map_enabled = 1;
+ 			    size_t len)
+ {
+@@ -2620,8 +2618,6 @@ static void interworking_process_assoc_r
+ 	}
  }
--#endif /* CONFIG_INTERWORKING */
  
- #ifdef CONFIG_HS20
+-#endif /* CONFIG_INTERWORKING */
- 	wpabuf_free(sta->hs20_ie);
+-
---- a/src/ap/ieee802_11.c
+ 
-+++ b/src/ap/ieee802_11.c
+ static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
-@@ -4129,13 +4129,11 @@ static u16 copy_supp_rates(struct hostap
+ 					const u8 *ies, size_t ies_len)
- static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
+@@ -2954,10 +2950,8 @@ static int wpa_supplicant_event_associnf
+ 		wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
+ 				       data->assoc_info.resp_ies_len);
+ #endif /* CONFIG_WNM */
+-#ifdef CONFIG_INTERWORKING
+ 		interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
+ 						data->assoc_info.resp_ies_len);
+-#endif /* CONFIG_INTERWORKING */
+ 		if (wpa_s->hw_capab == CAPAB_VHT &&
+ 		    get_ie(data->assoc_info.resp_ies,
+ 			   data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
+--- a/src/ap/ieee802_11_shared.c
++++ b/src/ap/ieee802_11_shared.c
+@@ -1100,13 +1100,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
+ u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
  		    const u8 *ext_capab_ie, size_t ext_capab_ie_len)
  {
 -#ifdef CONFIG_INTERWORKING
@@ -79,34 +95,3 @@
  
  	if (ext_capab_ie_len > 0) {
  		sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
---- a/wpa_supplicant/events.c
-+++ b/wpa_supplicant/events.c
-@@ -2540,8 +2540,6 @@ void wnm_bss_keep_alive_deinit(struct wp
- }
- 
- 
--#ifdef CONFIG_INTERWORKING
--
- static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
- 			    size_t len)
- {
-@@ -2574,8 +2572,6 @@ static void interworking_process_assoc_r
- 	}
- }
- 
--#endif /* CONFIG_INTERWORKING */
--
- 
- static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
- 					const u8 *ies, size_t ies_len)
-@@ -2908,10 +2904,8 @@ static int wpa_supplicant_event_associnf
- 		wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
- 				       data->assoc_info.resp_ies_len);
- #endif /* CONFIG_WNM */
--#ifdef CONFIG_INTERWORKING
- 		interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
- 						data->assoc_info.resp_ies_len);
--#endif /* CONFIG_INTERWORKING */
- 		if (wpa_s->hw_capab == CAPAB_VHT &&
- 		    get_ie(data->assoc_info.resp_ies,
- 			   data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))

package/network/services/hostapd/patches/751-qos_map_ignore_when_unsupported.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ap_drv_ops.c
 +++ b/src/ap/ap_drv_ops.c
-@@ -850,7 +850,8 @@ int hostapd_start_dfs_cac(struct hostapd
+@@ -864,7 +864,8 @@ int hostapd_start_dfs_cac(struct hostapd
  int hostapd_drv_set_qos_map(struct hostapd_data *hapd,
  			    const u8 *qos_map_set, u8 qos_map_set_len)
  {

package/network/services/hostapd/patches/760-dynamic_own_ip.patch

@@ -0,0 +1,109 @@
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -311,6 +311,7 @@ struct hostapd_bss_config {
+ 	unsigned int eap_sim_db_timeout;
+ 	int eap_server_erp; /* Whether ERP is enabled on internal EAP server */
+ 	struct hostapd_ip_addr own_ip_addr;
++	int dynamic_own_ip_addr;
+ 	char *nas_identifier;
+ 	struct hostapd_radius_servers *radius;
+ 	int acct_interim_interval;
+--- a/src/radius/radius_client.c
++++ b/src/radius/radius_client.c
+@@ -163,6 +163,8 @@ struct radius_client_data {
+ 	 */
+ 	void *ctx;
+ 
++	struct hostapd_ip_addr local_ip;
++
+ 	/**
+ 	 * conf - RADIUS client configuration (list of RADIUS servers to use)
+ 	 */
+@@ -720,6 +722,30 @@ static void radius_client_list_add(struc
+ 
+ 
+ /**
++ * radius_client_send - Get local address for the RADIUS auth socket
++ * @radius: RADIUS client context from radius_client_init()
++ * @addr: pointer to store the address
++ *
++ * This function returns the local address for the connection to the RADIUS
++ * auth server. It also opens the socket if it's not available yet.
++ */
++int radius_client_get_local_addr(struct radius_client_data *radius,
++				 struct hostapd_ip_addr *addr)
++{
++	struct hostapd_radius_servers *conf = radius->conf;
++
++	if (conf->auth_server && radius->auth_sock < 0)
++		radius_client_init_auth(radius);
++
++	if (radius->auth_sock < 0)
++		return -1;
++
++	memcpy(addr, &radius->local_ip, sizeof(*addr));
++
++	return 0;
++}
++
++/**
+  * radius_client_send - Send a RADIUS request
+  * @radius: RADIUS client context from radius_client_init()
+  * @msg: RADIUS message to be sent
+@@ -1238,6 +1264,10 @@ radius_change_server(struct radius_clien
+ 			wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u",
+ 				   inet_ntoa(claddr.sin_addr),
+ 				   ntohs(claddr.sin_port));
++			if (auth) {
++				radius->local_ip.af = AF_INET;
++				radius->local_ip.u.v4 = claddr.sin_addr;
++			}
+ 		}
+ 		break;
+ #ifdef CONFIG_IPV6
+@@ -1249,6 +1279,10 @@ radius_change_server(struct radius_clien
+ 				   inet_ntop(AF_INET6, &claddr6.sin6_addr,
+ 					     abuf, sizeof(abuf)),
+ 				   ntohs(claddr6.sin6_port));
++			if (auth) {
++				radius->local_ip.af = AF_INET6;
++				radius->local_ip.u.v6 = claddr6.sin6_addr;
++			}
+ 		}
+ 		break;
+ 	}
+--- a/src/radius/radius_client.h
++++ b/src/radius/radius_client.h
+@@ -249,6 +249,8 @@ int radius_client_register(struct radius
+ void radius_client_set_interim_error_cb(struct radius_client_data *radius,
+ 					void (*cb)(const u8 *addr, void *ctx),
+ 					void *ctx);
++int radius_client_get_local_addr(struct radius_client_data *radius,
++				 struct hostapd_ip_addr * addr);
+ int radius_client_send(struct radius_client_data *radius,
+ 		       struct radius_msg *msg,
+ 		       RadiusType msg_type, const u8 *addr);
+--- a/src/ap/ieee802_1x.c
++++ b/src/ap/ieee802_1x.c
+@@ -535,6 +535,10 @@ int add_common_radius_attr(struct hostap
+ 	struct hostapd_radius_attr *attr;
+ 	int len;
+ 
++	if (hapd->conf->dynamic_own_ip_addr)
++		radius_client_get_local_addr(hapd->radius,
++					     &hapd->conf->own_ip_addr);
++
+ 	if (!hostapd_config_get_radius_attr(req_attr,
+ 					    RADIUS_ATTR_NAS_IP_ADDRESS) &&
+ 	    hapd->conf->own_ip_addr.af == AF_INET &&
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -2681,6 +2681,8 @@ static int hostapd_config_fill(struct ho
+ 	} else if (os_strcmp(buf, "iapp_interface") == 0) {
+ 		wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
+ #endif /* CONFIG_IAPP */
++	} else if (os_strcmp(buf, "dynamic_own_ip_addr") == 0) {
++		bss->dynamic_own_ip_addr = atoi(pos);
+ 	} else if (os_strcmp(buf, "own_ip_addr") == 0) {
+ 		if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
+ 			wpa_printf(MSG_ERROR,

package/network/services/hostapd/patches/761-shared_das_port.patch

@@ -0,0 +1,298 @@
+--- a/src/radius/radius_das.h
++++ b/src/radius/radius_das.h
+@@ -44,6 +44,7 @@ struct radius_das_attrs {
+ struct radius_das_conf {
+ 	int port;
+ 	const u8 *shared_secret;
++	const u8 *nas_identifier;
+ 	size_t shared_secret_len;
+ 	const struct hostapd_ip_addr *client_addr;
+ 	unsigned int time_window;
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -1367,6 +1367,7 @@ static int hostapd_setup_bss(struct host
+ 		struct radius_das_conf das_conf;
+ 		os_memset(&das_conf, 0, sizeof(das_conf));
+ 		das_conf.port = conf->radius_das_port;
++		das_conf.nas_identifier = conf->nas_identifier;
+ 		das_conf.shared_secret = conf->radius_das_shared_secret;
+ 		das_conf.shared_secret_len =
+ 			conf->radius_das_shared_secret_len;
+--- a/src/radius/radius_das.c
++++ b/src/radius/radius_das.c
+@@ -12,13 +12,26 @@
+ #include "utils/common.h"
+ #include "utils/eloop.h"
+ #include "utils/ip_addr.h"
++#include "utils/list.h"
+ #include "radius.h"
+ #include "radius_das.h"
+ 
+ 
+-struct radius_das_data {
++static struct dl_list das_ports = DL_LIST_HEAD_INIT(das_ports);
++
++struct radius_das_port {
++	struct dl_list list;
++	struct dl_list das_data;
++
++	int port;
+ 	int sock;
++};
++
++struct radius_das_data {
++	struct dl_list list;
++	struct radius_das_port *port;
+ 	u8 *shared_secret;
++	u8 *nas_identifier;
+ 	size_t shared_secret_len;
+ 	struct hostapd_ip_addr client_addr;
+ 	unsigned int time_window;
+@@ -378,56 +391,17 @@ fail:
+ }
+ 
+ 
+-static void radius_das_receive(int sock, void *eloop_ctx, void *sock_ctx)
++static void
++radius_das_receive_msg(struct radius_das_data *das, struct radius_msg *msg,
++		       struct sockaddr *from, socklen_t fromlen,
++		       char *abuf, int from_port)
+ {
+-	struct radius_das_data *das = eloop_ctx;
+-	u8 buf[1500];
+-	union {
+-		struct sockaddr_storage ss;
+-		struct sockaddr_in sin;
+-#ifdef CONFIG_IPV6
+-		struct sockaddr_in6 sin6;
+-#endif /* CONFIG_IPV6 */
+-	} from;
+-	char abuf[50];
+-	int from_port = 0;
+-	socklen_t fromlen;
+-	int len;
+-	struct radius_msg *msg, *reply = NULL;
++	struct radius_msg *reply = NULL;
+ 	struct radius_hdr *hdr;
+ 	struct wpabuf *rbuf;
++	struct os_time now;
+ 	u32 val;
+ 	int res;
+-	struct os_time now;
+-
+-	fromlen = sizeof(from);
+-	len = recvfrom(sock, buf, sizeof(buf), 0,
+-		       (struct sockaddr *) &from.ss, &fromlen);
+-	if (len < 0) {
+-		wpa_printf(MSG_ERROR, "DAS: recvfrom: %s", strerror(errno));
+-		return;
+-	}
+-
+-	os_strlcpy(abuf, inet_ntoa(from.sin.sin_addr), sizeof(abuf));
+-	from_port = ntohs(from.sin.sin_port);
+-
+-	wpa_printf(MSG_DEBUG, "DAS: Received %d bytes from %s:%d",
+-		   len, abuf, from_port);
+-	if (das->client_addr.u.v4.s_addr &&
+-	    das->client_addr.u.v4.s_addr != from.sin.sin_addr.s_addr) {
+-		wpa_printf(MSG_DEBUG, "DAS: Drop message from unknown client");
+-		return;
+-	}
+-
+-	msg = radius_msg_parse(buf, len);
+-	if (msg == NULL) {
+-		wpa_printf(MSG_DEBUG, "DAS: Parsing incoming RADIUS packet "
+-			   "from %s:%d failed", abuf, from_port);
+-		return;
+-	}
+-
+-	if (wpa_debug_level <= MSG_MSGDUMP)
+-		radius_msg_dump(msg);
+ 
+ 	if (radius_msg_verify_das_req(msg, das->shared_secret,
+ 				       das->shared_secret_len,
+@@ -494,9 +468,8 @@ static void radius_das_receive(int sock,
+ 			radius_msg_dump(reply);
+ 
+ 		rbuf = radius_msg_get_buf(reply);
+-		res = sendto(das->sock, wpabuf_head(rbuf),
+-			     wpabuf_len(rbuf), 0,
+-			     (struct sockaddr *) &from.ss, fromlen);
++		res = sendto(das->port->sock, wpabuf_head(rbuf),
++			     wpabuf_len(rbuf), 0, from, fromlen);
+ 		if (res < 0) {
+ 			wpa_printf(MSG_ERROR, "DAS: sendto(to %s:%d): %s",
+ 				   abuf, from_port, strerror(errno));
+@@ -508,6 +481,72 @@ fail:
+ 	radius_msg_free(reply);
+ }
+ 
++static void radius_das_receive(int sock, void *eloop_ctx, void *sock_ctx)
++{
++	struct radius_das_port *p = eloop_ctx;
++	struct radius_das_data *das;
++	u8 buf[1500];
++	union {
++		struct sockaddr_storage ss;
++		struct sockaddr_in sin;
++#ifdef CONFIG_IPV6
++		struct sockaddr_in6 sin6;
++#endif /* CONFIG_IPV6 */
++	} from;
++	struct radius_msg *msg;
++	size_t nasid_len = 0;
++	u8 *nasid_buf = NULL;
++	char abuf[50];
++	int from_port = 0;
++	socklen_t fromlen;
++	int found = 0;
++	int len;
++
++	fromlen = sizeof(from);
++	len = recvfrom(sock, buf, sizeof(buf), 0,
++		       (struct sockaddr *) &from.ss, &fromlen);
++	if (len < 0) {
++		wpa_printf(MSG_ERROR, "DAS: recvfrom: %s", strerror(errno));
++		return;
++	}
++
++	os_strlcpy(abuf, inet_ntoa(from.sin.sin_addr), sizeof(abuf));
++	from_port = ntohs(from.sin.sin_port);
++
++	msg = radius_msg_parse(buf, len);
++	if (msg == NULL) {
++		wpa_printf(MSG_DEBUG, "DAS: Parsing incoming RADIUS packet "
++			   "from %s:%d failed", abuf, from_port);
++		return;
++	}
++
++	wpa_printf(MSG_DEBUG, "DAS: Received %d bytes from %s:%d",
++		   len, abuf, from_port);
++
++	if (wpa_debug_level <= MSG_MSGDUMP)
++		radius_msg_dump(msg);
++
++	radius_msg_get_attr_ptr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
++				&nasid_buf, &nasid_len, NULL);
++	dl_list_for_each(das, &p->das_data, struct radius_das_data, list) {
++		if (das->client_addr.u.v4.s_addr &&
++		    das->client_addr.u.v4.s_addr != from.sin.sin_addr.s_addr)
++			continue;
++
++		if (das->nas_identifier && nasid_buf &&
++		    (nasid_len != os_strlen(das->nas_identifier) ||
++		     os_memcmp(das->nas_identifier, nasid_buf, nasid_len) != 0))
++			continue;
++
++		found = 1;
++		radius_das_receive_msg(das, msg, (struct sockaddr *)&from.ss,
++				       fromlen, abuf, from_port);
++	}
++
++	if (!found)
++		wpa_printf(MSG_DEBUG, "DAS: Drop message from unknown client");
++}
++
+ 
+ static int radius_das_open_socket(int port)
+ {
+@@ -533,6 +572,49 @@ static int radius_das_open_socket(int po
+ }
+ 
+ 
++static struct radius_das_port *
++radius_das_open_port(int port)
++{
++	struct radius_das_port *p;
++
++	dl_list_for_each(p, &das_ports, struct radius_das_port, list) {
++		if (p->port == port)
++			return p;
++	}
++
++	p = os_zalloc(sizeof(*p));
++	if (p == NULL)
++		return NULL;
++
++	dl_list_init(&p->das_data);
++	p->port = port;
++	p->sock = radius_das_open_socket(port);
++	if (p->sock < 0)
++		goto free_port;
++
++	if (eloop_register_read_sock(p->sock, radius_das_receive, p, NULL))
++		goto close_port;
++
++	dl_list_add(&das_ports, &p->list);
++
++	return p;
++
++close_port:
++	close(p->sock);
++free_port:
++	os_free(p);
++
++	return NULL;
++}
++
++static void radius_das_close_port(struct radius_das_port *p)
++{
++	dl_list_del(&p->list);
++	eloop_unregister_read_sock(p->sock);
++	close(p->sock);
++	free(p);
++}
++
+ struct radius_das_data *
+ radius_das_init(struct radius_das_conf *conf)
+ {
+@@ -553,6 +635,8 @@ radius_das_init(struct radius_das_conf *
+ 	das->ctx = conf->ctx;
+ 	das->disconnect = conf->disconnect;
+ 	das->coa = conf->coa;
++	if (conf->nas_identifier)
++		das->nas_identifier = os_strdup(conf->nas_identifier);
+ 
+ 	os_memcpy(&das->client_addr, conf->client_addr,
+ 		  sizeof(das->client_addr));
+@@ -565,19 +649,15 @@ radius_das_init(struct radius_das_conf *
+ 	}
+ 	das->shared_secret_len = conf->shared_secret_len;
+ 
+-	das->sock = radius_das_open_socket(conf->port);
+-	if (das->sock < 0) {
++	das->port = radius_das_open_port(conf->port);
++	if (!das->port) {
+ 		wpa_printf(MSG_ERROR, "Failed to open UDP socket for RADIUS "
+ 			   "DAS");
+ 		radius_das_deinit(das);
+ 		return NULL;
+ 	}
+ 
+-	if (eloop_register_read_sock(das->sock, radius_das_receive, das, NULL))
+-	{
+-		radius_das_deinit(das);
+-		return NULL;
+-	}
++	dl_list_add(&das->port->das_data, &das->list);
+ 
+ 	return das;
+ }
+@@ -588,11 +668,14 @@ void radius_das_deinit(struct radius_das
+ 	if (das == NULL)
+ 		return;
+ 
+-	if (das->sock >= 0) {
+-		eloop_unregister_read_sock(das->sock);
+-		close(das->sock);
++	if (das->port) {
++		dl_list_del(&das->list);
++
++		if (dl_list_empty(&das->port->das_data))
++			radius_das_close_port(das->port);
+ 	}
+ 
++	os_free(das->nas_identifier);
+ 	os_free(das->shared_secret);
+ 	os_free(das);
+ }

package/network/services/hostapd/patches/800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch

@@ -0,0 +1,58 @@
+From 37528a5205cb0b9e2238b7d97fb2ff5457448f1c Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Thu, 8 Sep 2022 01:45:41 +0200
+Subject: [PATCH] acs: don't select indoor channel on outdoor operation
+
+Don't select channels designated for exclusive-indoor use when the
+country3 element is set on outdoor operation.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ src/ap/acs.c | 9 +++++++++
+ src/ap/dfs.c | 3 +++
+ 2 files changed, 12 insertions(+)
+
+--- a/src/ap/acs.c
++++ b/src/ap/acs.c
+@@ -552,6 +552,9 @@ static void acs_survey_mode_interference
+ 		if (chan->max_tx_power < iface->conf->min_tx_power)
+ 			continue;
+ 
++		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
++			continue;
++
+ 		wpa_printf(MSG_DEBUG, "ACS: Survey analysis for channel %d (%d MHz)",
+ 			   chan->chan, chan->freq);
+ 
+@@ -686,6 +689,9 @@ acs_find_ideal_chan_mode(struct hostapd_
+ 		if (chan->max_tx_power < iface->conf->min_tx_power)
+ 			continue;
+ 
++		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
++			continue;
++
+ 		if (!chan_bw_allowed(chan, bw, 1, 1)) {
+ 			wpa_printf(MSG_DEBUG,
+ 				   "ACS: Channel %d: BW %u is not supported",
+@@ -1067,6 +1073,9 @@ static int * acs_request_scan_add_freqs(
+ 		if (chan->max_tx_power < iface->conf->min_tx_power)
+ 			continue;
+ 
++		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
++			continue;
++
+ 		*freq++ = chan->freq;
+ 	}
+ 
+--- a/src/ap/dfs.c
++++ b/src/ap/dfs.c
+@@ -282,6 +282,9 @@ static int dfs_find_channel(struct hosta
+ 		if (chan->max_tx_power < iface->conf->min_tx_power)
+ 			continue;
+ 
++		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
++			continue;
++
+ 		if (ret_chan && idx == channel_idx) {
+ 			wpa_printf(MSG_DEBUG, "Selected channel %d (%d)",
+ 				   chan->freq, chan->chan);

package/network/services/hostapd/patches/800-hostapd-2.10-lar.patch

@@ -1,87 +0,0 @@
-diff -ru a/src/ap/hw_features.c b/src/ap/hw_features.c
---- a/src/ap/hw_features.c	2022-01-16 15:51:29.000000000 -0500
-+++ b/src/ap/hw_features.c	2022-07-06 22:57:53.007315518 -0500
-@@ -24,6 +24,19 @@
- #include "beacon.h"
- #include "hw_features.h"
- 
-+#ifdef CONFIG_IWLWIFI
-+static void ieee80211n_do_nothing(struct hostapd_iface *iface)
-+{
-+			wpa_printf(MSG_DEBUG,
-+				   "Scan finished!");
-+}
-+
-+static void ieee80211n_scan_channels_2g4(struct hostapd_iface *iface,
-+					 struct wpa_driver_scan_params *params);
-+static void ieee80211n_scan_channels_5g(struct hostapd_iface *iface,
-+					struct wpa_driver_scan_params *params);
-+
-+#endif
- 
- void hostapd_free_hw_features(struct hostapd_hw_modes *hw_features,
- 			      size_t num_hw_features)
-@@ -82,6 +93,35 @@
- 
- 	if (hostapd_drv_none(hapd))
- 		return -1;
-+#ifdef CONFIG_IWLWIFI
-+
-+
-+	if (!iface->conf->noscan) { 
-+        // scan
-+	struct wpa_driver_scan_params params;
-+	int ret1;
-+
-+	os_memset(&params, 0, sizeof(params));
-+	ieee80211n_scan_channels_5g(iface, &params);
-+
-+	ret1 = hostapd_driver_scan(iface->bss[0], &params);
-+       
-+        if (ret1 == -EBUSY) {
-+                wpa_printf(MSG_ERROR,
-+                           "Failed to request a scan of neighboring BSSes ret=%d (%s)!",
-+                           ret1, strerror(-ret1));
-+        }
-+
-+        if (ret1 == 0) {
-+                iface->scan_cb = ieee80211n_do_nothing;
-+                wpa_printf(MSG_DEBUG,
-+                           "Sleeping...");
-+                for (int i=0; i<110; i++) {
-+                  usleep(100000);
-+                }
-+        } 
-+	}
-+#endif
- 	modes = hostapd_get_hw_feature_data(hapd, &num_modes, &flags,
- 					    &dfs_domain);
- 	if (modes == NULL) {
-@@ -518,8 +556,15 @@
- 
- 	/* Check that HT40 is used and PRI / SEC switch is allowed */
- 	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
-+#ifdef CONFIG_IWLWIFI
-+		iface->conf->noscan) {
-+                wpa_printf(MSG_DEBUG, "Not scanning due to noscan?");
-+		return 0;
-+	}
-+#else
- 		iface->conf->noscan)
- 		return 0;
-+#endif
- 
- 	hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
- 	wpa_printf(MSG_DEBUG, "Scan for neighboring BSSes prior to enabling "
-@@ -916,7 +954,11 @@
- 	if (!hostapd_is_usable_edmg(iface))
- 		return 0;
- 
-+#ifdef CONFIG_IWLWIFI
-+	if (!iface->conf->secondary_channel || iface->conf->noscan)
-+#else
- 	if (!iface->conf->secondary_channel)
-+#endif
- 		return 1;
- 
- 	if (hostapd_is_usable_chan(iface, iface->freq +

package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

@@ -0,0 +1,33 @@
+From f0e9f5aab52b3eab85d28338cc996972ced4c39c Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Tue, 17 May 2022 23:07:59 +0200
+Subject: [PATCH] ctrl: make WNM_AP functions dependant on CONFIG_AP
+
+This fixes linking errors found when compiling wpa_supplicant with
+CONFIG_WNM_AP enabled but CONFIG_AP disabled.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ wpa_supplicant/ctrl_iface.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/wpa_supplicant/ctrl_iface.c
++++ b/wpa_supplicant/ctrl_iface.c
+@@ -12241,7 +12241,7 @@ char * wpa_supplicant_ctrl_iface_process
+ 		if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18))
+ 			reply_len = -1;
+ #endif /* CONFIG_WNM */
+-#ifdef CONFIG_WNM_AP
++#if defined(CONFIG_AP) && defined(CONFIG_WNM_AP)
+ 	} else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) {
+ 		if (ap_ctrl_iface_disassoc_imminent(wpa_s, buf + 18))
+ 			reply_len = -1;
+@@ -12251,7 +12251,7 @@ char * wpa_supplicant_ctrl_iface_process
+ 	} else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) {
+ 		if (ap_ctrl_iface_bss_tm_req(wpa_s, buf + 11))
+ 			reply_len = -1;
+-#endif /* CONFIG_WNM_AP */
++#endif /* CONFIG_AP && CONFIG_WNM_AP */
+ 	} else if (os_strcmp(buf, "FLUSH") == 0) {
+ 		wpa_supplicant_ctrl_iface_flush(wpa_s);
+ 	} else if (os_strncmp(buf, "RADIO_WORK ", 11) == 0) {

package/network/services/hostapd/patches/992-openssl-include-rsa.patch

@@ -0,0 +1,32 @@
+From f374d52079111a4340acb6df835f45ac6b5f3f60 Mon Sep 17 00:00:00 2001
+From: Andre Heider <a.heider@gmail.com>
+Date: Wed, 22 Jun 2022 14:13:55 +0200
+Subject: OpenSSL: Include rsa.h for all OpenSSL versions
+
+This fixes the build with OpenSSL 1.1.1:
+../src/crypto/crypto_openssl.c: In function 'crypto_rsa_oaep_sha256_decrypt':
+../src/crypto/crypto_openssl.c:4404:49: error: 'RSA_PKCS1_OAEP_PADDING' undeclared (first use in this function)
+
+Signed-off-by: Andre Heider <a.heider@gmail.com>
+---
+ src/crypto/crypto_openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/crypto/crypto_openssl.c
++++ b/src/crypto/crypto_openssl.c
+@@ -16,6 +16,7 @@
+ #include <openssl/dh.h>
+ #include <openssl/hmac.h>
+ #include <openssl/rand.h>
++#include <openssl/rsa.h>
+ #include <openssl/pem.h>
+ #ifdef CONFIG_ECC
+ #include <openssl/ec.h>
+@@ -25,7 +26,6 @@
+ #include <openssl/provider.h>
+ #include <openssl/core_names.h>
+ #include <openssl/param_build.h>
+-#include <openssl/rsa.h>
+ #include <openssl/encoder.h>
+ #include <openssl/decoder.h>
+ #else /* OpenSSL version >= 3.0 */

package/network/services/hostapd/patches/v2-1-5-bss-coloring-add-support-for-handling-collision-events-and-triggering-CCA.patch

@@ -1,419 +0,0 @@
-From patchwork Mon Nov  8 03:04:22 2021
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Ryder Lee <ryder.lee@mediatek.com>
-X-Patchwork-Id: 1552115
-Return-Path: 
- <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
-X-Original-To: incoming@patchwork.ozlabs.org
-Delivered-To: patchwork-incoming@bilbo.ozlabs.org
-Authentication-Results: bilbo.ozlabs.org;
-	dkim=pass (2048-bit key;
- secure) header.d=lists.infradead.org header.i=@lists.infradead.org
- header.a=rsa-sha256 header.s=bombadil.20210309 header.b=TdjSI8dB;
-	dkim-atps=neutral
-Authentication-Results: ozlabs.org;
- spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
- (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
- envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
- receiver=<UNKNOWN>)
-Received: from bombadil.infradead.org (bombadil.infradead.org
- [IPv6:2607:7c80:54:e::133])
-	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
-	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
- SHA256)
-	(No client certificate requested)
-	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Hnbbl2GBWz9sR4
-	for <incoming@patchwork.ozlabs.org>; Mon,  8 Nov 2021 14:06:11 +1100 (AEDT)
-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
-	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
-	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
-	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC
-	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
-	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
-	List-Owner; bh=jJbGlY/UjiOWDJu0LYiULCtBponRgB2rvIsYJaolOJc=; b=TdjSI8dBSKP247
-	l5QD34cAO9uWzUWoVC+tdBlaW1aby3k85d/nEEMtTcHWs4iVB1XkTTDnizxiADCA8QmZs4avo49De
-	FuPTgYekOV5QrTcMCYXQbUs4MP+J0t9IRB8nzfg9ZPmjK8os5S8X6Ofa+5FZqr/NAqltHVaVTXDUs
-	HOrKINWu1ER8b2CnrBV1aEMyR8CZB3jXELW/zvAB3eyzeMUQ3F3i5cXlOVKjoyHarqJ7KyolLh/zk
-	FdnmnVeKttaTQGaJbW45XnCwowirMKa+rwvGf7aC0Vogxms+teN/9QNnUkE6q2VdgHGgbiciEzkSF
-	Ez5Fi4ll8M2oap6VJaRg==;
-Received: from localhost ([::1] helo=bombadil.infradead.org)
-	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
-	id 1mjuxn-00FLFN-D3; Mon, 08 Nov 2021 03:04:51 +0000
-Received: from mailgw01.mediatek.com ([216.200.240.184])
- by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
- id 1mjuxc-00FLDp-GA
- for hostap@lists.infradead.org; Mon, 08 Nov 2021 03:04:42 +0000
-X-UUID: 2f3a392f63dc4f7596cff8bcd834ff56-20211107
-X-UUID: 2f3a392f63dc4f7596cff8bcd834ff56-20211107
-Received: from mtkcas68.mediatek.inc [(172.29.94.19)] by mailgw01.mediatek.com
- (envelope-from <ryder.lee@mediatek.com>)
- (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
- with ESMTP id 238529206; Sun, 07 Nov 2021 20:04:34 -0700
-Received: from MTKMBS07N2.mediatek.inc (172.21.101.141) by
- MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Sun, 7 Nov 2021 19:04:32 -0800
-Received: from mtkmbs10n1.mediatek.inc (172.21.101.34) by
- mtkmbs07n2.mediatek.inc (172.21.101.141) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Mon, 8 Nov 2021 11:04:31 +0800
-Received: from mtksdccf07.mediatek.inc (172.21.84.99) by
- mtkmbs10n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
- 15.2.792.15 via Frontend Transport; Mon, 8 Nov 2021 11:04:31 +0800
-From: Ryder Lee <ryder.lee@mediatek.com>
-To: Jouni Malinen <jouni@codeaurora.org>
-CC: Felix Fietkau <nbd@nbd.name>, Lorenzo Bianconi
- <lorenzo.bianconi@redhat.com>, Shayne Chen <shayne.chen@mediatek.com>,
- "Evelyn Tsai" <evelyn.tsai@mediatek.com>, <hostap@lists.infradead.org>, John
- Crispin <john@phrozen.org>, Lorenzo Bianconi <lorenzo@kernel.org>, Ryder Lee
- <ryder.lee@mediatek.com>
-Subject: [PATCH v2 1/5] bss coloring: add support for handling collision
- events and triggering CCA
-Date: Mon, 8 Nov 2021 11:04:22 +0800
-Message-ID: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-X-Mailer: git-send-email 2.18.0
-MIME-Version: 1.0
-X-MTK: N
-X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
-X-CRM114-CacheID: sfid-20211107_190440_578484_445A5D3D 
-X-CRM114-Status: GOOD (  27.51  )
-X-Spam-Score: 0.0 (/)
-X-Spam-Report: Spam detection software,
- running on the system "bombadil.infradead.org",
- has NOT identified this incoming email as spam.  The original
- message has been attached to this so you can view it or label
- similar future email.  If you have any questions, see
- the administrator of that system for details.
- Content preview: From: John Crispin <john@phrozen.org> Add the core code for
- handling bss color collision events and triggering CCA inside the kernel.
- The caller of hostapd_switch_color() will be added in the following commits.
- Content analysis details:   (0.0 points, 5.0 required)
- pts rule name              description
- ---- ----------------------
- --------------------------------------------------
- -0.0 SPF_PASS               SPF: sender matches SPF record
- 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
- 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
- lines
-X-BeenThere: hostap@lists.infradead.org
-X-Mailman-Version: 2.1.34
-Precedence: list
-List-Id: <hostap.lists.infradead.org>
-List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
-List-Archive: <http://lists.infradead.org/pipermail/hostap/>
-List-Post: <mailto:hostap@lists.infradead.org>
-List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
-List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=subscribe>
-Sender: "Hostap" <hostap-bounces@lists.infradead.org>
-Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
-
-From: John Crispin <john@phrozen.org>
-
-Add the core code for handling bss color collision events and triggering
-CCA inside the kernel. The caller of hostapd_switch_color() will be added
-in the following commits.
-
-Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
-Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: John Crispin <john@phrozen.org>
-Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
----
-changes since v2 -
-- use os_get_reltime and os_reltime instead.
-- use bool cca_in_progress.
-- use random BSS color to avoid hardcoded BSS color value of 1.
-- modify comment for DOT11BSS_COLOR_COLLISION_AP_PERIOD.
-- add a note for collision behavior.
-- fix compiler warnings.
-- Be clear in the commit message regarding hostapd_switch_color().
----
- src/ap/ap_drv_ops.h          |  12 ++++
- src/ap/hostapd.c             | 134 ++++++++++++++++++++++++++++++++++-
- src/ap/hostapd.h             |  16 +++++
- src/common/ieee802_11_defs.h |   6 ++
- src/drivers/driver.h         |  31 ++++++++
- 5 files changed, 198 insertions(+), 1 deletion(-)
-
---- a/src/ap/ap_drv_ops.h
-+++ b/src/ap/ap_drv_ops.h
-@@ -299,6 +299,18 @@ static inline int hostapd_drv_switch_cha
- 	return hapd->driver->switch_channel(hapd->drv_priv, settings);
- }
- 
-+#ifdef CONFIG_IEEE80211AX
-+static inline int hostapd_drv_switch_color(struct hostapd_data *hapd,
-+					   struct cca_settings *settings)
-+{
-+	if (hapd->driver == NULL || hapd->driver->switch_color == NULL ||
-+	    hapd->drv_priv == NULL)
-+		return -1;
-+
-+	return hapd->driver->switch_color(hapd->drv_priv, settings);
-+}
-+#endif
-+
- static inline int hostapd_drv_status(struct hostapd_data *hapd, char *buf,
- 				     size_t buflen)
- {
---- a/src/ap/hostapd.c
-+++ b/src/ap/hostapd.c
-@@ -66,7 +66,10 @@ static int setup_interface2(struct hosta
- static void channel_list_update_timeout(void *eloop_ctx, void *timeout_ctx);
- static void hostapd_interface_setup_failure_handler(void *eloop_ctx,
- 						    void *timeout_ctx);
--
-+#ifdef CONFIG_IEEE80211AX
-+static void
-+hostapd_switch_color_timeout_handler(void *eloop_data, void *user_ctx);
-+#endif
- 
- int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
- 			       int (*cb)(struct hostapd_iface *iface,
-@@ -537,6 +540,9 @@ void hostapd_free_hapd_data(struct hosta
- 	}
- 	eloop_cancel_timeout(auth_sae_process_commit, hapd, NULL);
- #endif /* CONFIG_SAE */
-+#ifdef CONFIG_IEEE80211AX
-+	eloop_cancel_timeout(hostapd_switch_color_timeout_handler, hapd, NULL);
-+#endif
- }
- 
- 
-@@ -3790,6 +3796,132 @@ hostapd_switch_channel_fallback(struct h
- 	hostapd_enable_iface(iface);
- }
- 
-+
-+#ifdef CONFIG_IEEE80211AX
-+void hostapd_cleanup_cca_params(struct hostapd_data *hapd)
-+{
-+	hapd->cca_count = 0;
-+	hapd->cca_color = 0;
-+	hapd->cca_c_off_beacon = 0;
-+	hapd->cca_c_off_proberesp = 0;
-+	hapd->cca_in_progress = false;
-+}
-+
-+
-+static int hostapd_fill_cca_settings(struct hostapd_data *hapd,
-+				     struct cca_settings *settings)
-+{
-+	struct hostapd_iface *iface = hapd->iface;
-+	u8 old_color;
-+	int ret;
-+
-+	if (!iface || iface->conf->he_op.he_bss_color_disabled)
-+		return -1;
-+
-+        old_color = iface->conf->he_op.he_bss_color;
-+	iface->conf->he_op.he_bss_color = hapd->cca_color;
-+	ret = hostapd_build_beacon_data(hapd, &settings->beacon_after);
-+	iface->conf->he_op.he_bss_color = old_color;
-+
-+	settings->cca_count = hapd->cca_count;
-+	settings->cca_color = hapd->cca_color,
-+	hapd->cca_in_progress = true;
-+
-+	ret = hostapd_build_beacon_data(hapd, &settings->beacon_cca);
-+	if (ret) {
-+		free_beacon_data(&settings->beacon_after);
-+		return ret;
-+	}
-+
-+	settings->counter_offset_beacon = hapd->cca_c_off_beacon;
-+	settings->counter_offset_presp = hapd->cca_c_off_proberesp;
-+
-+	return 0;
-+}
-+
-+
-+static void
-+hostapd_switch_color_timeout_handler(void *eloop_data, void *user_ctx)
-+{
-+	struct hostapd_data *hapd = (struct hostapd_data *) eloop_data;
-+	struct cca_settings settings;
-+	struct os_reltime now;
-+	unsigned int b;
-+	int i, r, ret;
-+
-+	if (os_get_reltime(&now))
-+		return;
-+
-+	/* 10s window is the approximate margin of collision persistent
-+	 * as an initial implementation. CCA can only be triggered once
-+	 * handler constantly receives collision events to update the
-+	 * last_color_collision.sec. How does it work -
-+	 *
-+	 * 1. BSS color collision persistent for at least 50 seconds.
-+	 * 2. The BSS Color Disabled subfield is set to 1.
-+	 * 3. CCA.
-+	 *
-+	 * TODO: implement other 'persistent' computation methods.
-+	 */
-+	if (now.sec - hapd->last_color_collision.sec >= 10)
-+		return;
-+
-+	r = os_random() % HE_OPERATION_BSS_COLOR_MAX;
-+	for (i = 0; i < HE_OPERATION_BSS_COLOR_MAX; i++) {
-+		if (r && (hapd->color_collision_bitmap & (1 << r)) == 0)
-+			break;
-+		r = (r + 1) % HE_OPERATION_BSS_COLOR_MAX;
-+	}
-+
-+	if (i == HE_OPERATION_BSS_COLOR_MAX) {
-+		/* there are no free colors so turn bss coloring off */
-+		wpa_printf(MSG_INFO, "no free colors left, turning of BSS coloring");
-+		hapd->iface->conf->he_op.he_bss_color_disabled = 1;
-+		hapd->iface->conf->he_op.he_bss_color = os_random() % 63 + 1;
-+		for (b = 0; b < hapd->iface->num_bss; b++)
-+			ieee802_11_set_beacon(hapd->iface->bss[b]);
-+		return;
-+	}
-+
-+	for (b = 0; b < hapd->iface->num_bss; b++) {
-+		struct hostapd_data *bss = hapd->iface->bss[b];
-+
-+		hostapd_cleanup_cca_params(bss);
-+		bss->cca_color = r;
-+		bss->cca_count = 10;
-+
-+		if (hostapd_fill_cca_settings(bss, &settings)) {
-+			hostapd_cleanup_cca_params(bss);
-+			continue;
-+		}
-+
-+		ret = hostapd_drv_switch_color(bss, &settings);
-+		free_beacon_data(&settings.beacon_cca);
-+		free_beacon_data(&settings.beacon_after);
-+
-+		if (ret)
-+			hostapd_cleanup_cca_params(bss);
-+	}
-+}
-+
-+
-+void
-+hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap)
-+{
-+	if (hapd->cca_in_progress)
-+		return;
-+
-+	if (os_get_reltime(&hapd->last_color_collision))
-+		return;
-+
-+	hapd->color_collision_bitmap = bitmap;
-+
-+	if (!eloop_is_timeout_registered(hostapd_switch_color_timeout_handler, hapd, NULL))
-+		eloop_register_timeout(DOT11BSS_COLOR_COLLISION_AP_PERIOD, 0,
-+				       hostapd_switch_color_timeout_handler, hapd, NULL);
-+}
-+#endif
-+
- #endif /* NEED_AP_MLME */
- 
- 
---- a/src/ap/hostapd.h
-+++ b/src/ap/hostapd.h
-@@ -315,6 +315,16 @@ struct hostapd_data {
- 	unsigned int cs_c_off_ecsa_beacon;
- 	unsigned int cs_c_off_ecsa_proberesp;
- 
-+#ifdef CONFIG_IEEE80211AX
-+	bool cca_in_progress;
-+	u8 cca_count;
-+	u8 cca_color;
-+	unsigned int cca_c_off_beacon;
-+	unsigned int cca_c_off_proberesp;
-+	struct os_reltime last_color_collision;
-+	u64 color_collision_bitmap;
-+#endif
-+
- #ifdef CONFIG_P2P
- 	struct p2p_data *p2p;
- 	struct p2p_group *p2p_group;
-@@ -670,6 +680,12 @@ int hostapd_owe_trans_get_info(struct ho
- void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
- int hostapd_check_max_sta(struct hostapd_data *hapd);
- 
-+
-+#ifdef CONFIG_IEEE80211AX
-+void hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap);
-+void hostapd_cleanup_cca_params(struct hostapd_data *hapd);
-+#endif
-+
- /* utils.c */
- int hostapd_register_probereq_cb(struct hostapd_data *hapd,
- 				 int (*cb)(void *ctx, const u8 *sa,
---- a/src/common/ieee802_11_defs.h
-+++ b/src/common/ieee802_11_defs.h
-@@ -2305,6 +2305,7 @@ struct ieee80211_spatial_reuse {
- #define HE_OPERATION_BSS_COLOR_PARTIAL		((u32) BIT(30))
- #define HE_OPERATION_BSS_COLOR_DISABLED		((u32) BIT(31))
- #define HE_OPERATION_BSS_COLOR_OFFSET		24
-+#define HE_OPERATION_BSS_COLOR_MAX		64
- 
- /* Spatial Reuse defines */
- #define SPATIAL_REUSE_SRP_DISALLOWED		BIT(0)
-@@ -2470,6 +2471,11 @@ enum mscs_description_subelem {
-  */
- #define FD_MAX_INTERVAL_6GHZ                  20 /* TUs */
- 
-+/* IEEE802.11/D6.0 - 26.17.3.5.1, AP needs to wait and see the collision
-+ * persists for at least the minimum default timeout
-+ */
-+#define DOT11BSS_COLOR_COLLISION_AP_PERIOD	50
-+
- /* Protected Vendor-specific QoS Management Action frame identifiers - WFA */
- #define QM_ACTION_VENDOR_TYPE 0x506f9a1a
- #define QM_ACTION_OUI_TYPE 0x1a
---- a/src/drivers/driver.h
-+++ b/src/drivers/driver.h
-@@ -2402,6 +2402,26 @@ struct csa_settings {
- 	u16 counter_offset_presp[2];
- };
- 
-+/**
-+ * struct cca_settings - Settings for color switch command
-+ * @cca_count: Count in Beacon frames (TBTT) to perform the switch
-+ * @cca_color: The new color that we are switching to
-+ * @beacon_cca: Beacon/probe resp/asooc resp info for color switch period
-+ * @beacon_after: Next beacon/probe resp/asooc resp info
-+ * @counter_offset_beacon: Offset to the count field in beacon's tail
-+ * @counter_offset_presp: Offset to the count field in probe resp.
-+ */
-+struct cca_settings {
-+	u8 cca_count;
-+	u8 cca_color;
-+
-+	struct beacon_data beacon_cca;
-+	struct beacon_data beacon_after;
-+
-+	u16 counter_offset_beacon;
-+	u16 counter_offset_presp;
-+};
-+
- /* TDLS peer capabilities for send_tdls_mgmt() */
- enum tdls_peer_capability {
- 	TDLS_PEER_HT = BIT(0),
-@@ -3985,6 +4005,17 @@ struct wpa_driver_ops {
- 	int (*switch_channel)(void *priv, struct csa_settings *settings);
- 
- 	/**
-+	 * switch_color - Announce color switch and migrate the BSS to the
-+	 * given color
-+	 * @priv: Private driver interface data
-+	 * @settings: Settings for CCA period and new color
-+	 * Returns: 0 on success, -1 on failure
-+	 *
-+	 * This function is used to move the BSS to its new color.
-+	 */
-+	int (*switch_color)(void *priv, struct cca_settings *settings);
-+
-+	/**
- 	 * add_tx_ts - Add traffic stream
- 	 * @priv: Private driver interface data
- 	 * @tsid: Traffic stream ID

package/network/services/hostapd/patches/v2-2-5-bss_coloring-add-the-code-required-to-generate-the-CCA-IE.patch

@@ -1,222 +0,0 @@
-From patchwork Mon Nov  8 03:04:23 2021
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Ryder Lee <ryder.lee@mediatek.com>
-X-Patchwork-Id: 1552114
-Return-Path: 
- <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
-X-Original-To: incoming@patchwork.ozlabs.org
-Delivered-To: patchwork-incoming@bilbo.ozlabs.org
-Authentication-Results: bilbo.ozlabs.org;
-	dkim=pass (2048-bit key;
- secure) header.d=lists.infradead.org header.i=@lists.infradead.org
- header.a=rsa-sha256 header.s=bombadil.20210309 header.b=FNYbWSBm;
-	dkim-atps=neutral
-Authentication-Results: ozlabs.org;
- spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
- (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
- envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
- receiver=<UNKNOWN>)
-Received: from bombadil.infradead.org (bombadil.infradead.org
- [IPv6:2607:7c80:54:e::133])
-	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
-	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
- SHA256)
-	(No client certificate requested)
-	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Hnbbf3YQVz9sR4
-	for <incoming@patchwork.ozlabs.org>; Mon,  8 Nov 2021 14:06:06 +1100 (AEDT)
-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
-	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
-	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
-	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
-	Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description:
-	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
-	List-Owner; bh=zQnS3Zfye3rrdWsY67X+kqgEkt7sw7eyXA+j3iDImIs=; b=FNYbWSBmAKVGTL
-	G/vix+Ug5vQJ1C4MkodN488cA5n54x7wwD6nEXcYUir7i/Jo9DDP7toOFkmNye+/fWwsF3mopTfmD
-	mKcm57p5fg0Pl4v6C3K16WtgravMpwrr979HtbIHjMcaIX8UpdKF0atOg1CMcT3yfog+8MModkZyk
-	Duas/c2biGmKCPws+APX6cMLI4F/c0f8eMrTGmzFXBMpyTitjmG+q6SMsjvsq+7lxZpos+XFTO1QX
-	IVcBjVF+9tUuk3c0x8MA5r8kJfg0XhP/F7lufL8cWiwitTf1FRxLmblj6tp2PZH9aQpvxxTtzy3I+
-	GEBz8oRaZzYLQvevdyiQ==;
-Received: from localhost ([::1] helo=bombadil.infradead.org)
-	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
-	id 1mjuxf-00FLEj-VJ; Mon, 08 Nov 2021 03:04:44 +0000
-Received: from mailgw01.mediatek.com ([216.200.240.184])
- by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
- id 1mjuxb-00FLDo-7a
- for hostap@lists.infradead.org; Mon, 08 Nov 2021 03:04:41 +0000
-X-UUID: d5fc02cf516e4810a7ad38409f469145-20211107
-X-UUID: d5fc02cf516e4810a7ad38409f469145-20211107
-Received: from mtkcas68.mediatek.inc [(172.29.94.19)] by mailgw01.mediatek.com
- (envelope-from <ryder.lee@mediatek.com>)
- (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
- with ESMTP id 1005168563; Sun, 07 Nov 2021 20:04:34 -0700
-Received: from MTKMBS07N2.mediatek.inc (172.21.101.141) by
- MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Sun, 7 Nov 2021 19:04:33 -0800
-Received: from mtkmbs10n1.mediatek.inc (172.21.101.34) by
- mtkmbs07n2.mediatek.inc (172.21.101.141) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Mon, 8 Nov 2021 11:04:31 +0800
-Received: from mtksdccf07.mediatek.inc (172.21.84.99) by
- mtkmbs10n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
- 15.2.792.15 via Frontend Transport; Mon, 8 Nov 2021 11:04:31 +0800
-From: Ryder Lee <ryder.lee@mediatek.com>
-To: Jouni Malinen <jouni@codeaurora.org>
-CC: Felix Fietkau <nbd@nbd.name>, Lorenzo Bianconi
- <lorenzo.bianconi@redhat.com>, Shayne Chen <shayne.chen@mediatek.com>,
- "Evelyn Tsai" <evelyn.tsai@mediatek.com>, <hostap@lists.infradead.org>, John
- Crispin <john@phrozen.org>, Lorenzo Bianconi <lorenzo@kernel.org>, Ryder Lee
- <ryder.lee@mediatek.com>
-Subject: [PATCH v2 2/5] bss_coloring: add the code required to generate the
- CCA IE
-Date: Mon, 8 Nov 2021 11:04:23 +0800
-Message-ID: 
- <d7a95338df080b7abafb3f796a0521130818f5e1.1636093546.git.ryder.lee@mediatek.com>
-X-Mailer: git-send-email 2.18.0
-In-Reply-To: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-References: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-MIME-Version: 1.0
-X-MTK: N
-X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
-X-CRM114-CacheID: sfid-20211107_190439_311523_23A01681 
-X-CRM114-Status: GOOD (  13.18  )
-X-Spam-Score: 0.0 (/)
-X-Spam-Report: Spam detection software,
- running on the system "bombadil.infradead.org",
- has NOT identified this incoming email as spam.  The original
- message has been attached to this so you can view it or label
- similar future email.  If you have any questions, see
- the administrator of that system for details.
- Content preview: From: John Crispin <john@phrozen.org> This IE is similar to
- the CSA one. It contains a counter and the target color. Once the counter
- expired,
- the change to the new color happens. Just note the current implementation
- is based on CCA counter attributes that only takes beacon and prob_resp into
- account, as for the assoc_resp frames will be added in the future patches.
- Content analysis details:   (0.0 points, 5.0 required)
- pts rule name              description
- ---- ----------------------
- --------------------------------------------------
- -0.0 SPF_PASS               SPF: sender matches SPF record
- 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
- 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
- lines
-X-BeenThere: hostap@lists.infradead.org
-X-Mailman-Version: 2.1.34
-Precedence: list
-List-Id: <hostap.lists.infradead.org>
-List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
-List-Archive: <http://lists.infradead.org/pipermail/hostap/>
-List-Post: <mailto:hostap@lists.infradead.org>
-List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
-List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=subscribe>
-Sender: "Hostap" <hostap-bounces@lists.infradead.org>
-Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
-
-From: John Crispin <john@phrozen.org>
-
-This IE is similar to the CSA one. It contains a counter and the target
-color. Once the counter expired, the change to the new color happens.
-
-Just note the current implementation is based on CCA counter attributes
-that only takes beacon and prob_resp into account, as for the assoc_resp
-frames will be added in the future patches.
-
-Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
-Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: John Crispin <john@phrozen.org>
-Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
----
-changes since v2 -
-- fix the position of CCA IE.
----
- src/ap/beacon.c              | 18 ++++++++++++++++++
- src/ap/ieee802_11.h          |  1 +
- src/ap/ieee802_11_he.c       | 14 ++++++++++++++
- src/common/ieee802_11_defs.h |  1 +
- 4 files changed, 34 insertions(+)
-
---- a/src/ap/beacon.c
-+++ b/src/ap/beacon.c
-@@ -578,8 +578,17 @@ static u8 * hostapd_gen_probe_resp(struc
- 
- #ifdef CONFIG_IEEE80211AX
- 	if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
-+		u8 *cca_pos;
-+
- 		pos = hostapd_eid_he_capab(hapd, pos, IEEE80211_MODE_AP);
- 		pos = hostapd_eid_he_operation(hapd, pos);
-+
-+		/* CCA IE */
-+		cca_pos = hostapd_eid_cca(hapd, pos);
-+		if (cca_pos != pos)
-+			hapd->cca_c_off_proberesp = cca_pos - (u8 *) resp - 2;
-+		pos = cca_pos;
-+
- 		pos = hostapd_eid_spatial_reuse(hapd, pos);
- 		pos = hostapd_eid_he_mu_edca_parameter_set(hapd, pos);
- 		pos = hostapd_eid_he_6ghz_band_cap(hapd, pos);
-@@ -1612,9 +1621,18 @@ int ieee802_11_build_ap_params(struct ho
- 
- #ifdef CONFIG_IEEE80211AX
- 	if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
-+		u8 *cca_pos;
-+
- 		tailpos = hostapd_eid_he_capab(hapd, tailpos,
- 					       IEEE80211_MODE_AP);
- 		tailpos = hostapd_eid_he_operation(hapd, tailpos);
-+
-+		/* CCA IE */
-+		cca_pos = hostapd_eid_cca(hapd, tailpos);
-+		if (cca_pos != tailpos)
-+			hapd->cca_c_off_beacon = cca_pos - tail - 2;
-+		tailpos = cca_pos;
-+
- 		tailpos = hostapd_eid_spatial_reuse(hapd, tailpos);
- 		tailpos = hostapd_eid_he_mu_edca_parameter_set(hapd, tailpos);
- 		tailpos = hostapd_eid_he_6ghz_band_cap(hapd, tailpos);
---- a/src/ap/ieee802_11.h
-+++ b/src/ap/ieee802_11.h
-@@ -100,6 +100,7 @@ u16 copy_sta_he_6ghz_capab(struct hostap
- 			   const u8 *he_6ghz_capab);
- int hostapd_get_he_twt_responder(struct hostapd_data *hapd,
- 				 enum ieee80211_op_mode mode);
-+u8 * hostapd_eid_cca(struct hostapd_data *hapd, u8 *eid);
- void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
- 		       const u8 *buf, size_t len, int ack);
- void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
---- a/src/ap/ieee802_11_he.c
-+++ b/src/ap/ieee802_11_he.c
-@@ -520,3 +520,17 @@ int hostapd_get_he_twt_responder(struct
- 	return !!(mac_cap[HE_MAC_CAPAB_0] & HE_MACCAP_TWT_RESPONDER) &&
- 		hapd->iface->conf->he_op.he_twt_responder;
- }
-+
-+u8 * hostapd_eid_cca(struct hostapd_data *hapd, u8 *eid)
-+{
-+	if (!hapd->cca_in_progress)
-+		return eid;
-+
-+	*eid++ = WLAN_EID_EXTENSION;
-+	*eid++ = 3;
-+	*eid++ = WLAN_EID_EXT_COLOR_CHANGE_ANNOUNCEMENT;
-+	*eid++ = hapd->cca_count;
-+	*eid++ = hapd->cca_color;
-+
-+	return eid;
-+}
---- a/src/common/ieee802_11_defs.h
-+++ b/src/common/ieee802_11_defs.h
-@@ -479,6 +479,7 @@
- #define WLAN_EID_EXT_HE_OPERATION 36
- #define WLAN_EID_EXT_HE_MU_EDCA_PARAMS 38
- #define WLAN_EID_EXT_SPATIAL_REUSE 39
-+#define WLAN_EID_EXT_COLOR_CHANGE_ANNOUNCEMENT 42
- #define WLAN_EID_EXT_OCV_OCI 54
- #define WLAN_EID_EXT_SHORT_SSID_LIST 58
- #define WLAN_EID_EXT_HE_6GHZ_BAND_CAP 59

package/network/services/hostapd/patches/v2-3-5-bss-coloring-disable-BSS-color-during-CCA.patch

@@ -1,144 +0,0 @@
-From patchwork Mon Nov  8 03:04:24 2021
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Ryder Lee <ryder.lee@mediatek.com>
-X-Patchwork-Id: 1552124
-Return-Path: 
- <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
-X-Original-To: incoming@patchwork.ozlabs.org
-Delivered-To: patchwork-incoming@bilbo.ozlabs.org
-Authentication-Results: bilbo.ozlabs.org;
-	dkim=pass (2048-bit key;
- secure) header.d=lists.infradead.org header.i=@lists.infradead.org
- header.a=rsa-sha256 header.s=bombadil.20210309 header.b=zkbh7Ryq;
-	dkim-atps=neutral
-Authentication-Results: ozlabs.org;
- spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
- (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
- envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
- receiver=<UNKNOWN>)
-Received: from bombadil.infradead.org (bombadil.infradead.org
- [IPv6:2607:7c80:54:e::133])
-	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
-	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
- SHA256)
-	(No client certificate requested)
-	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Hnbq56ZSDz9sRK
-	for <incoming@patchwork.ozlabs.org>; Mon,  8 Nov 2021 14:16:01 +1100 (AEDT)
-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
-	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
-	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
-	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
-	Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description:
-	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
-	List-Owner; bh=ZbtBLdHqwnNjHBoOMRI6QOzOvTzZ+TO1Kw2XqvWwciA=; b=zkbh7RyqMn3A0m
-	KrUfa6c2piAsXpi54eURNi1+HMN1X6VOkOST8pXCmNxzhQ+ywBLnhl1eDmq8rNnrZg43TSncySEBf
-	dbkHP2/41t02SSF4nsJlaOhLjUg5rXfsxiCxSG9QJoxETJPeb+3WaLhpVUd32cjw8tWHNp8FnN5Aa
-	V5UPt2BHi7yPjb3JQCqKXNgIhXIJyCzk02tN8R9RDGKgYnqVHdWMrCVDWyEDIeg0cBfGr3GKgZtty
-	NAMF25PGe24HOzn3vL/P2Cvhbr9fQQ7u4o9u8XISJt6VKXolXfYuY3RM4EFhNdPIGS2K6GBFRhzus
-	DkgEqnKizFTxUots4cKQ==;
-Received: from localhost ([::1] helo=bombadil.infradead.org)
-	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
-	id 1mjv7R-00FM0A-2A; Mon, 08 Nov 2021 03:14:49 +0000
-Received: from mailgw02.mediatek.com ([216.200.240.185])
- by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
- id 1mjv7O-00FLzJ-CZ
- for hostap@lists.infradead.org; Mon, 08 Nov 2021 03:14:47 +0000
-X-UUID: 5aa40d43241f42da8848d056b8fa9b18-20211107
-X-UUID: 5aa40d43241f42da8848d056b8fa9b18-20211107
-Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by
- mailgw02.mediatek.com
- (envelope-from <ryder.lee@mediatek.com>)
- (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
- with ESMTP id 361743472; Sun, 07 Nov 2021 20:14:42 -0700
-Received: from mtkexhb02.mediatek.inc (172.21.101.103) by
- MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Sun, 7 Nov 2021 19:04:40 -0800
-Received: from mtkmbs10n1.mediatek.inc (172.21.101.34) by
- mtkexhb02.mediatek.inc (172.21.101.103) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Mon, 8 Nov 2021 11:04:32 +0800
-Received: from mtksdccf07.mediatek.inc (172.21.84.99) by
- mtkmbs10n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
- 15.2.792.15 via Frontend Transport; Mon, 8 Nov 2021 11:04:32 +0800
-From: Ryder Lee <ryder.lee@mediatek.com>
-To: Jouni Malinen <jouni@codeaurora.org>
-CC: Felix Fietkau <nbd@nbd.name>, Lorenzo Bianconi
- <lorenzo.bianconi@redhat.com>, Shayne Chen <shayne.chen@mediatek.com>,
- "Evelyn Tsai" <evelyn.tsai@mediatek.com>, <hostap@lists.infradead.org>, John
- Crispin <john@phrozen.org>, Lorenzo Bianconi <lorenzo@kernel.org>, Ryder Lee
- <ryder.lee@mediatek.com>
-Subject: [PATCH v2 3/5] bss coloring: disable BSS color during CCA
-Date: Mon, 8 Nov 2021 11:04:24 +0800
-Message-ID: 
- <9ac28de67dc46471179ef84d516727a153dc89c0.1636093546.git.ryder.lee@mediatek.com>
-X-Mailer: git-send-email 2.18.0
-In-Reply-To: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-References: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-MIME-Version: 1.0
-X-MTK: N
-X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
-X-CRM114-CacheID: sfid-20211107_191446_479100_E5E06374 
-X-CRM114-Status: GOOD (  10.72  )
-X-Spam-Score: 0.0 (/)
-X-Spam-Report: Spam detection software,
- running on the system "bombadil.infradead.org",
- has NOT identified this incoming email as spam.  The original
- message has been attached to this so you can view it or label
- similar future email.  If you have any questions, see
- the administrator of that system for details.
- Content preview: From: John Crispin <john@phrozen.org> While we are doing CCA
- the bss color disable bit inside the he oper field needs to be set.
- Tested-by:
- Peter Chiu <chui-hao.chiu@mediatek.com> Co-developed-by: Lorenzo Bianconi
- <lorenzo@kernel.org> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
- Signed-off-by: John Crispin <john@phrozen [...]
- Content analysis details:   (0.0 points, 5.0 required)
- pts rule name              description
- ---- ----------------------
- --------------------------------------------------
- -0.0 SPF_PASS               SPF: sender matches SPF record
- 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
- 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
- lines
-X-BeenThere: hostap@lists.infradead.org
-X-Mailman-Version: 2.1.34
-Precedence: list
-List-Id: <hostap.lists.infradead.org>
-List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
-List-Archive: <http://lists.infradead.org/pipermail/hostap/>
-List-Post: <mailto:hostap@lists.infradead.org>
-List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
-List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=subscribe>
-Sender: "Hostap" <hostap-bounces@lists.infradead.org>
-Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
-
-From: John Crispin <john@phrozen.org>
-
-While we are doing CCA the bss color disable bit inside the he oper field
-needs to be set.
-
-Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
-Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: John Crispin <john@phrozen.org>
-Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
----
- src/ap/ieee802_11_he.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/ap/ieee802_11_he.c
-+++ b/src/ap/ieee802_11_he.c
-@@ -195,7 +195,7 @@ u8 * hostapd_eid_he_operation(struct hos
- 	if (hapd->iface->conf->he_op.he_er_su_disable)
- 		params |= HE_OPERATION_ER_SU_DISABLE;
- 
--	if (hapd->iface->conf->he_op.he_bss_color_disabled)
-+	if (hapd->iface->conf->he_op.he_bss_color_disabled || hapd->cca_in_progress)
- 		params |= HE_OPERATION_BSS_COLOR_DISABLED;
- 	if (hapd->iface->conf->he_op.he_bss_color_partial)
- 		params |= HE_OPERATION_BSS_COLOR_PARTIAL;

package/network/services/hostapd/patches/v2-4-5-bss-coloring-add-the-switch_color-handler-to-the-nl80211-driver.patch

@@ -1,229 +0,0 @@
-From patchwork Mon Nov  8 03:04:25 2021
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Ryder Lee <ryder.lee@mediatek.com>
-X-Patchwork-Id: 1552126
-Return-Path: 
- <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
-X-Original-To: incoming@patchwork.ozlabs.org
-Delivered-To: patchwork-incoming@bilbo.ozlabs.org
-Authentication-Results: bilbo.ozlabs.org;
-	dkim=pass (2048-bit key;
- secure) header.d=lists.infradead.org header.i=@lists.infradead.org
- header.a=rsa-sha256 header.s=bombadil.20210309 header.b=f3dR9QlK;
-	dkim-atps=neutral
-Authentication-Results: ozlabs.org;
- spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
- (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
- envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
- receiver=<UNKNOWN>)
-Received: from bombadil.infradead.org (bombadil.infradead.org
- [IPv6:2607:7c80:54:e::133])
-	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
-	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
- SHA256)
-	(No client certificate requested)
-	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Hnbq80ldSz9sR4
-	for <incoming@patchwork.ozlabs.org>; Mon,  8 Nov 2021 14:16:04 +1100 (AEDT)
-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
-	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
-	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
-	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
-	Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description:
-	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
-	List-Owner; bh=pw/A1cFLx8vLCo09Sq0Z+nCWXPyM//TvHXXD1rCuOU8=; b=f3dR9QlKtxY6ba
-	AcO4VQpOa4TvVe0xvGqZSGNWrfx8hxo03JWio6vRj/Ni9kAIhIrrd6ycBrFEKER2Iw+8QMokIJ7+y
-	PajahCVWGUhkw0NDVp4qDPNNTVpsuWpFT/ZeC8T1Ow8eMdNuDxc/WBI3pT9uhxmS32IIOn1031Ksb
-	aTct90u5uaSupi39B/17JtQ/Mt4K1XBx7/2hRzweT5iOf+1/qdie3AhS0U8EAZAu61mVMvYoXBmZN
-	OwfJkSqPBTmVvVmr+0KWb3/1iIC09BG985varDaFqtTX7MPpjoF6nzSNiaB7M7XLeW12FxHdh3ZPu
-	oykuvkOqAYHm9+9tVA9g==;
-Received: from localhost ([::1] helo=bombadil.infradead.org)
-	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
-	id 1mjv7Y-00FM0Q-JV; Mon, 08 Nov 2021 03:14:56 +0000
-Received: from mailgw02.mediatek.com ([216.200.240.185])
- by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
- id 1mjv7O-00FLzO-Gd
- for hostap@lists.infradead.org; Mon, 08 Nov 2021 03:14:48 +0000
-X-UUID: f0f035fe35ce4f3c98817633a53a1a8b-20211107
-X-UUID: f0f035fe35ce4f3c98817633a53a1a8b-20211107
-Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by
- mailgw02.mediatek.com
- (envelope-from <ryder.lee@mediatek.com>)
- (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
- with ESMTP id 492139916; Sun, 07 Nov 2021 20:14:42 -0700
-Received: from mtkexhb02.mediatek.inc (172.21.101.103) by
- MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Sun, 7 Nov 2021 19:04:41 -0800
-Received: from mtkmbs10n1.mediatek.inc (172.21.101.34) by
- mtkexhb02.mediatek.inc (172.21.101.103) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Mon, 8 Nov 2021 11:04:33 +0800
-Received: from mtksdccf07.mediatek.inc (172.21.84.99) by
- mtkmbs10n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
- 15.2.792.15 via Frontend Transport; Mon, 8 Nov 2021 11:04:33 +0800
-From: Ryder Lee <ryder.lee@mediatek.com>
-To: Jouni Malinen <jouni@codeaurora.org>
-CC: Felix Fietkau <nbd@nbd.name>, Lorenzo Bianconi
- <lorenzo.bianconi@redhat.com>, Shayne Chen <shayne.chen@mediatek.com>,
- "Evelyn Tsai" <evelyn.tsai@mediatek.com>, <hostap@lists.infradead.org>, John
- Crispin <john@phrozen.org>, Lorenzo Bianconi <lorenzo@kernel.org>, Ryder Lee
- <ryder.lee@mediatek.com>
-Subject: [PATCH v2 4/5] bss coloring: add the switch_color handler to the
- nl80211 driver
-Date: Mon, 8 Nov 2021 11:04:25 +0800
-Message-ID: 
- <c67dddcce3b58082415f4f967441c5c80663943c.1636093546.git.ryder.lee@mediatek.com>
-X-Mailer: git-send-email 2.18.0
-In-Reply-To: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-References: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-MIME-Version: 1.0
-X-MTK: N
-X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
-X-CRM114-CacheID: sfid-20211107_191446_582339_568C31F9 
-X-CRM114-Status: GOOD (  13.79  )
-X-Spam-Score: 0.0 (/)
-X-Spam-Report: Spam detection software,
- running on the system "bombadil.infradead.org",
- has NOT identified this incoming email as spam.  The original
- message has been attached to this so you can view it or label
- similar future email.  If you have any questions, see
- the administrator of that system for details.
- Content preview: From: John Crispin <john@phrozen.org> In order to start the
- CCA process we need to send NL80211_CMD_COLOR_CHANGE to the kernel. This
- patch adds the required code. Tested-by: Peter Chiu
- <chui-hao.chiu@mediatek.com>
- Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Lorenzo
- Bianconi <lorenzo@kernel.org> Signed-off-by: John Crispin <john@phrozen [...]
- Content analysis details:   (0.0 points, 5.0 required)
- pts rule name              description
- ---- ----------------------
- --------------------------------------------------
- -0.0 SPF_PASS               SPF: sender matches SPF record
- 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
- 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
- lines
-X-BeenThere: hostap@lists.infradead.org
-X-Mailman-Version: 2.1.34
-Precedence: list
-List-Id: <hostap.lists.infradead.org>
-List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
-List-Archive: <http://lists.infradead.org/pipermail/hostap/>
-List-Post: <mailto:hostap@lists.infradead.org>
-List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
-List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=subscribe>
-Sender: "Hostap" <hostap-bounces@lists.infradead.org>
-Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
-
-From: John Crispin <john@phrozen.org>
-
-In order to start the CCA process we need to send NL80211_CMD_COLOR_CHANGE
-to the kernel. This patch adds the required code.
-
-Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
-Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: John Crispin <john@phrozen.org>
-Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
----
- src/drivers/driver_nl80211.c | 79 ++++++++++++++++++++++++++++++++++++
- 1 file changed, 79 insertions(+)
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -9966,6 +9966,82 @@ error:
- }
- 
- 
-+#ifdef CONFIG_IEEE80211AX
-+static int nl80211_switch_color(void *priv, struct cca_settings *settings)
-+{
-+	struct nl_msg *msg;
-+	struct i802_bss *bss = priv;
-+	struct wpa_driver_nl80211_data *drv = bss->drv;
-+	struct nlattr *beacon_cca;
-+	int ret = -ENOBUFS;
-+
-+	wpa_printf(MSG_DEBUG, "nl80211: Color change request (cca_count=%u color=%d)",
-+		   settings->cca_count, settings->cca_color);
-+
-+	if (drv->nlmode != NL80211_IFTYPE_AP)
-+		return -EOPNOTSUPP;
-+
-+	if (!settings->beacon_cca.tail)
-+		return -EINVAL;
-+
-+	if ((settings->beacon_cca.tail_len <= settings->counter_offset_beacon) ||
-+	    (settings->beacon_cca.tail[settings->counter_offset_beacon] !=
-+		     settings->cca_count))
-+		return -EINVAL;
-+
-+	if (settings->beacon_cca.probe_resp &&
-+	    ((settings->beacon_cca.probe_resp_len <=
-+			settings->counter_offset_presp) ||
-+	     (settings->beacon_cca.probe_resp[settings->counter_offset_presp] !=
-+			settings->cca_count)))
-+		return -EINVAL;
-+
-+	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_COLOR_CHANGE_REQUEST)) ||
-+	    nla_put_u8(msg, NL80211_ATTR_COLOR_CHANGE_COUNT,
-+			settings->cca_count) ||
-+	    nla_put_u8(msg, NL80211_ATTR_COLOR_CHANGE_COLOR,
-+			settings->cca_color))
-+		goto error;
-+
-+	/* beacon_after params */
-+	ret = set_beacon_data(msg, &settings->beacon_after);
-+	if (ret)
-+		goto error;
-+
-+	/* beacon_csa params */
-+	beacon_cca = nla_nest_start(msg, NL80211_ATTR_COLOR_CHANGE_ELEMS);
-+	if (!beacon_cca)
-+		goto fail;
-+
-+	ret = set_beacon_data(msg, &settings->beacon_cca);
-+	if (ret)
-+		goto error;
-+
-+	if (nla_put_u16(msg, NL80211_ATTR_CNTDWN_OFFS_BEACON,
-+			settings->counter_offset_beacon) ||
-+	    (settings->beacon_cca.probe_resp &&
-+	     nla_put_u16(msg, NL80211_ATTR_CNTDWN_OFFS_PRESP,
-+			 settings->counter_offset_presp)))
-+		goto fail;
-+
-+	nla_nest_end(msg, beacon_cca);
-+	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
-+	if (ret) {
-+		wpa_printf(MSG_DEBUG, "nl80211: switch_color failed err=%d (%s)",
-+			   ret, strerror(-ret));
-+	}
-+	return ret;
-+
-+fail:
-+	ret = -ENOBUFS;
-+error:
-+	nlmsg_free(msg);
-+	wpa_printf(MSG_DEBUG, "nl80211: Could not build color switch request");
-+	return ret;
-+}
-+#endif
-+
-+
- static int nl80211_add_ts(void *priv, u8 tsid, const u8 *addr,
- 			  u8 user_priority, u16 admitted_time)
- {
-@@ -12215,6 +12291,9 @@ const struct wpa_driver_ops wpa_driver_n
- 	.get_survey = wpa_driver_nl80211_get_survey,
- 	.status = wpa_driver_nl80211_status,
- 	.switch_channel = nl80211_switch_channel,
-+#ifdef CONFIG_IEEE80211AX
-+	.switch_color = nl80211_switch_color,
-+#endif
- #ifdef ANDROID_P2P
- 	.set_noa = wpa_driver_set_p2p_noa,
- 	.get_noa = wpa_driver_get_p2p_noa,

package/network/services/hostapd/patches/v2-5-5-bss-coloring-handle-the-collision-and-CCA-events-coming-from-the-kernel.patch

@@ -1,336 +0,0 @@
-From patchwork Mon Nov  8 03:04:26 2021
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Ryder Lee <ryder.lee@mediatek.com>
-X-Patchwork-Id: 1552125
-Return-Path: 
- <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
-X-Original-To: incoming@patchwork.ozlabs.org
-Delivered-To: patchwork-incoming@bilbo.ozlabs.org
-Authentication-Results: bilbo.ozlabs.org;
-	dkim=pass (2048-bit key;
- secure) header.d=lists.infradead.org header.i=@lists.infradead.org
- header.a=rsa-sha256 header.s=bombadil.20210309 header.b=D1mJI/T4;
-	dkim-atps=neutral
-Authentication-Results: ozlabs.org;
- spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
- (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
- envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
- receiver=<UNKNOWN>)
-Received: from bombadil.infradead.org (bombadil.infradead.org
- [IPv6:2607:7c80:54:e::133])
-	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
-	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
- SHA256)
-	(No client certificate requested)
-	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Hnbq567wgz9sR4
-	for <incoming@patchwork.ozlabs.org>; Mon,  8 Nov 2021 14:16:01 +1100 (AEDT)
-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
-	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
-	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
-	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
-	Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description:
-	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
-	List-Owner; bh=wYRX2JnpcX17NK4J2dl70g2OWXCWSPrMEhBFqXI5ge0=; b=D1mJI/T45cfwA/
-	hsfbvB5VRQswEDYH6zK0Fh57vwI7DQBcysxmyy+t6NVMVL8di0KZeNNKIE+TqwFv3arP4mce21KW2
-	XtPpzdO6QyjOgz3tSl8Po5XCycgDV5KsjSYgdqcuwTzYOw+Al75NdVX4qDEZ0afDxTMeen7BQqQhW
-	Wz9V20cvUZzGWjtzkt9ZEXXeFDQ5HWc9tNa9/SZ6WvVN42uomljzuKpOOsSpup/2Hrieefb7QCVgO
-	7c1PUeErYl+0Bu/MZxZBN8XeEmkXIFveBJWdQhrF4sjOQE2Zlab8sx4oefblg9e8Ec3oBd0/cz/oj
-	PRL9UQRkhtXO/xIyZAEw==;
-Received: from localhost ([::1] helo=bombadil.infradead.org)
-	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
-	id 1mjv7h-00FM1G-JN; Mon, 08 Nov 2021 03:15:05 +0000
-Received: from mailgw02.mediatek.com ([216.200.240.185])
- by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
- id 1mjv7P-00FLzJ-Su
- for hostap@lists.infradead.org; Mon, 08 Nov 2021 03:14:49 +0000
-X-UUID: 2942c98c91a646489611659c32262e8a-20211107
-X-UUID: 2942c98c91a646489611659c32262e8a-20211107
-Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by
- mailgw02.mediatek.com
- (envelope-from <ryder.lee@mediatek.com>)
- (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
- with ESMTP id 1260652155; Sun, 07 Nov 2021 20:14:42 -0700
-Received: from mtkexhb02.mediatek.inc (172.21.101.103) by
- MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Sun, 7 Nov 2021 19:04:41 -0800
-Received: from mtkmbs10n1.mediatek.inc (172.21.101.34) by
- mtkexhb02.mediatek.inc (172.21.101.103) with Microsoft SMTP Server (TLS) id
- 15.0.1497.2; Mon, 8 Nov 2021 11:04:33 +0800
-Received: from mtksdccf07.mediatek.inc (172.21.84.99) by
- mtkmbs10n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
- 15.2.792.15 via Frontend Transport; Mon, 8 Nov 2021 11:04:33 +0800
-From: Ryder Lee <ryder.lee@mediatek.com>
-To: Jouni Malinen <jouni@codeaurora.org>
-CC: Felix Fietkau <nbd@nbd.name>, Lorenzo Bianconi
- <lorenzo.bianconi@redhat.com>, Shayne Chen <shayne.chen@mediatek.com>,
- "Evelyn Tsai" <evelyn.tsai@mediatek.com>, <hostap@lists.infradead.org>, John
- Crispin <john@phrozen.org>, Lorenzo Bianconi <lorenzo@kernel.org>, Ryder Lee
- <ryder.lee@mediatek.com>
-Subject: [PATCH v2 5/5] bss coloring: handle the collision and CCA events
- coming from the kernel
-Date: Mon, 8 Nov 2021 11:04:26 +0800
-Message-ID: 
- <d77b2a2deaf750ca5d212de576acdfe7eb9e559a.1636093546.git.ryder.lee@mediatek.com>
-X-Mailer: git-send-email 2.18.0
-In-Reply-To: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-References: 
- <2d69afce2fd6f44ae08ac75d5715fa9e43fe2a77.1636093546.git.ryder.lee@mediatek.com>
-MIME-Version: 1.0
-X-MTK: N
-X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
-X-CRM114-CacheID: sfid-20211107_191447_973506_8BA7C4BD 
-X-CRM114-Status: GOOD (  17.58  )
-X-Spam-Score: 0.0 (/)
-X-Spam-Report: Spam detection software,
- running on the system "bombadil.infradead.org",
- has NOT identified this incoming email as spam.  The original
- message has been attached to this so you can view it or label
- similar future email.  If you have any questions, see
- the administrator of that system for details.
- Content preview:  From: John Crispin <john@phrozen.org> This patch activates
- the functionality of the previous patches by handling the actual events that
- will trigger the CCA process. Tested-by: Peter Chiu
- <chui-hao.chiu@mediatek.com>
- Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Lorenzo
- Bianconi <lorenzo@kernel.org> Signed-off-by: John Crispin <john@phrozen [...]
- Content analysis details:   (0.0 points, 5.0 required)
- pts rule name              description
- ---- ----------------------
- --------------------------------------------------
- -0.0 SPF_PASS               SPF: sender matches SPF record
- 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
- 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
- lines
-X-BeenThere: hostap@lists.infradead.org
-X-Mailman-Version: 2.1.34
-Precedence: list
-List-Id: <hostap.lists.infradead.org>
-List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
-List-Archive: <http://lists.infradead.org/pipermail/hostap/>
-List-Post: <mailto:hostap@lists.infradead.org>
-List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
-List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
- <mailto:hostap-request@lists.infradead.org?subject=subscribe>
-Sender: "Hostap" <hostap-bounces@lists.infradead.org>
-Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
-
-From: John Crispin <john@phrozen.org>
-
-This patch activates the functionality of the previous patches by handling
-the actual events that will trigger the CCA process.
-
-Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
-Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
-Signed-off-by: John Crispin <john@phrozen.org>
-Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
----
- src/ap/drv_callbacks.c             | 45 ++++++++++++++++++++-
- src/drivers/driver.h               | 27 +++++++++++++
- src/drivers/driver_common.c        |  4 ++
- src/drivers/driver_nl80211_event.c | 64 ++++++++++++++++++++++++++++++
- 4 files changed, 139 insertions(+), 1 deletion(-)
-
---- a/src/ap/drv_callbacks.c
-+++ b/src/ap/drv_callbacks.c
-@@ -43,7 +43,6 @@
- #include "fils_hlp.h"
- #include "neighbor_db.h"
- 
--
- #ifdef CONFIG_FILS
- void hostapd_notify_assoc_fils_finish(struct hostapd_data *hapd,
- 				      struct sta_info *sta)
-@@ -1783,6 +1782,39 @@ static void hostapd_event_wds_sta_interf
- }
- 
- 
-+#ifdef CONFIG_IEEE80211AX
-+static void hostapd_event_bss_color_collision(struct hostapd_data *hapd,
-+					      u64 bitmap)
-+{
-+	/* the bss color is shared amongst all BBSs on a specific phy.
-+	 * therefore we always start the color change on the primary BSS
-+	 */
-+	wpa_printf(MSG_DEBUG, "BSS color collision on %s", hapd->conf->iface);
-+	hostapd_switch_color(hapd->iface->bss[0], bitmap);
-+}
-+
-+static void hostapd_event_cca(struct hostapd_data *hapd, enum wpa_event_type event)
-+{
-+	switch (event) {
-+	case EVENT_CCA_STARTED_NOTIFY:
-+		wpa_printf(MSG_DEBUG, "CCA started on on %s", hapd->conf->iface);
-+		break;
-+	case EVENT_CCA_NOTIFY:
-+		wpa_printf(MSG_DEBUG, "CCA finished on on %s", hapd->conf->iface);
-+		hapd->iface->conf->he_op.he_bss_color = hapd->cca_color;
-+		hostapd_cleanup_cca_params(hapd);
-+		break;
-+	case EVENT_CCA_ABORTED_NOTIFY:
-+		wpa_printf(MSG_DEBUG, "CCA aborted on on %s", hapd->conf->iface);
-+		hostapd_cleanup_cca_params(hapd);
-+		break;
-+	default:
-+		break;
-+	}
-+}
-+#endif
-+
-+
- #ifdef CONFIG_OWE
- static int hostapd_notif_update_dh_ie(struct hostapd_data *hapd,
- 				      const u8 *peer, const u8 *ie,
-@@ -2089,6 +2121,17 @@ void hostapd_wpa_event(void *ctx, enum w
- 			data->wds_sta_interface.ifname,
- 			data->wds_sta_interface.sta_addr);
- 		break;
-+#ifdef CONFIG_IEEE80211AX
-+	case EVENT_BSS_COLOR_COLLISION:
-+		hostapd_event_bss_color_collision(hapd,
-+						  data->bss_color_collision.bitmap);
-+		break;
-+	case EVENT_CCA_STARTED_NOTIFY:
-+	case EVENT_CCA_ABORTED_NOTIFY:
-+	case EVENT_CCA_NOTIFY:
-+		hostapd_event_cca(hapd, event);
-+		break;
-+#endif
- 	default:
- 		wpa_printf(MSG_DEBUG, "Unknown event %d", event);
- 		break;
---- a/src/drivers/driver.h
-+++ b/src/drivers/driver.h
-@@ -5165,6 +5165,26 @@ enum wpa_event_type {
- 	 * is required to provide more details of the frame.
- 	 */
- 	EVENT_UNPROT_BEACON,
-+
-+	/**
-+	  * EVENT_BSS_COLOR_COLLISION - Notification of a BSS color collision
-+	  */
-+	EVENT_BSS_COLOR_COLLISION,
-+
-+	/**
-+	 * EVENT_CCA_STARTED_NOTIFY - Notification that CCA has started
-+	 */
-+	EVENT_CCA_STARTED_NOTIFY,
-+
-+	/**
-+	 * EVENT_CCA_ABORTED_NOTIFY - Notification that CCA has aborted
-+	 */
-+	EVENT_CCA_ABORTED_NOTIFY,
-+
-+	/**
-+	 * EVENT_CCA_NOTIFY - Notification that CCA has completed
-+	 */
-+	EVENT_CCA_NOTIFY,
- };
- 
- 
-@@ -6059,6 +6079,13 @@ union wpa_event_data {
- 	struct unprot_beacon {
- 		const u8 *sa;
- 	} unprot_beacon;
-+
-+	/**
-+	 * struct bss_color_collision - Data for EVENT_BSS_COLOR_COLLISION
-+	 */
-+	struct bss_color_collision {
-+		u64 bitmap;
-+	} bss_color_collision;
- };
- 
- /**
---- a/src/drivers/driver_common.c
-+++ b/src/drivers/driver_common.c
-@@ -90,6 +90,10 @@ const char * event_to_string(enum wpa_ev
- 	E2S(WDS_STA_INTERFACE_STATUS);
- 	E2S(UPDATE_DH);
- 	E2S(UNPROT_BEACON);
-+	E2S(BSS_COLOR_COLLISION);
-+	E2S(CCA_STARTED_NOTIFY);
-+	E2S(CCA_ABORTED_NOTIFY);
-+	E2S(CCA_NOTIFY);
- 	}
- 
- 	return "UNKNOWN";
---- a/src/drivers/driver_nl80211_event.c
-+++ b/src/drivers/driver_nl80211_event.c
-@@ -2863,6 +2863,51 @@ nl80211_control_port_frame_tx_status(str
- 	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
- }
- 
-+#ifdef CONFIG_IEEE80211AX
-+static void mlme_event_obss_color_collision(struct wpa_driver_nl80211_data *drv,
-+					    struct nlattr *tb[])
-+{
-+	union wpa_event_data data;
-+
-+	if (!tb[NL80211_ATTR_OBSS_COLOR_BITMAP])
-+		return;
-+
-+	os_memset(&data, 0, sizeof(data));
-+	data.bss_color_collision.bitmap = nla_get_u64(tb[NL80211_ATTR_OBSS_COLOR_BITMAP]);
-+
-+	wpa_printf(MSG_DEBUG, "nl80211: BSS color collision - bitmap %08lx",
-+		   data.bss_color_collision.bitmap);
-+
-+	wpa_supplicant_event(drv->ctx, EVENT_BSS_COLOR_COLLISION, &data);
-+}
-+
-+static void mlme_event_color_change_announcement_started(struct wpa_driver_nl80211_data *drv)
-+{
-+	union wpa_event_data data = {};
-+
-+	wpa_printf(MSG_DEBUG, "nl80211: CCA started");
-+
-+	wpa_supplicant_event(drv->ctx, EVENT_CCA_STARTED_NOTIFY, &data);
-+}
-+
-+static void mlme_event_color_change_announcement_aborted(struct wpa_driver_nl80211_data *drv)
-+{
-+	union wpa_event_data data = {};
-+
-+	wpa_printf(MSG_DEBUG, "nl80211: CCA aborted");
-+
-+	wpa_supplicant_event(drv->ctx, EVENT_CCA_ABORTED_NOTIFY, &data);
-+}
-+
-+static void mlme_event_color_change_announcement_completed(struct wpa_driver_nl80211_data *drv)
-+{
-+	union wpa_event_data data = {};
-+
-+	wpa_printf(MSG_DEBUG, "nl80211: CCA completed");
-+
-+	wpa_supplicant_event(drv->ctx, EVENT_CCA_NOTIFY, &data);
-+}
-+#endif
- 
- static void do_process_drv_event(struct i802_bss *bss, int cmd,
- 				 struct nlattr **tb)
-@@ -3112,6 +3157,20 @@ static void do_process_drv_event(struct
- 						     tb[NL80211_ATTR_ACK],
- 						     tb[NL80211_ATTR_COOKIE]);
- 		break;
-+#ifdef CONFIG_IEEE80211AX
-+	case NL80211_CMD_OBSS_COLOR_COLLISION:
-+		mlme_event_obss_color_collision(drv, tb);
-+		break;
-+	case NL80211_CMD_COLOR_CHANGE_STARTED:
-+		mlme_event_color_change_announcement_started(drv);
-+		break;
-+	case NL80211_CMD_COLOR_CHANGE_ABORTED:
-+		mlme_event_color_change_announcement_aborted(drv);
-+		break;
-+	case NL80211_CMD_COLOR_CHANGE_COMPLETED:
-+		mlme_event_color_change_announcement_completed(drv);
-+		break;
-+#endif
- 	default:
- 		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
- 			"(cmd=%d)", cmd);

package/network/services/hostapd/src/src/ap/ubus.c

@@ -318,6 +318,10 @@ hostapd_bss_get_clients(struct ubus_context *ctx, struct ubus_object *obj,
 			blobmsg_add_u8(&b, sta_flags[i].name,
 				       !!(sta->flags & sta_flags[i].flag));
 
+#ifdef CONFIG_MBO
+		blobmsg_add_u8(&b, "mbo", !!(sta->cell_capa));
+#endif
+
 		r = blobmsg_open_array(&b, "rrm");
 		for (i = 0; i < ARRAY_SIZE(sta->rrm_enabled_capa); i++)
 			blobmsg_add_u32(&b, "", sta->rrm_enabled_capa[i]);
@@ -386,32 +390,6 @@ hostapd_bss_get_features(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }
 
-/* Imported from iw/util.c
- *  https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/tree/util.c?id=4b25ae3537af48dbf9d0abf94132e5ba01b32c18#n200
- */
-int ieee80211_frequency_to_channel(int freq)
-{
-	/* see 802.11-2007 17.3.8.3.2 and Annex J */
-	if (freq == 2484)
-		return 14;
-	/* see 802.11ax D6.1 27.3.23.2 and Annex E */
-	else if (freq == 5935)
-		return 2;
-	else if (freq < 2484)
-		return (freq - 2407) / 5;
-	else if (freq >= 4910 && freq <= 4980)
-		return (freq - 4000) / 5;
-	else if (freq < 5950)
-		return (freq - 5000) / 5;
-	else if (freq <= 45000) /* DMG band lower limit */
-		/* see 802.11ax D6.1 27.3.23.2 */
-		return (freq - 5950) / 5;
-	else if (freq >= 58320 && freq <= 70200)
-		return (freq - 56160) / 2160;
-	else
-		return 0;
-}
-
 static int
 hostapd_bss_get_status(struct ubus_context *ctx, struct ubus_object *obj,
 		       struct ubus_request_data *req, const char *method,
@@ -445,6 +423,12 @@ hostapd_bss_get_status(struct ubus_context *ctx, struct ubus_object *obj,
 	blobmsg_add_u32(&b, "channel", channel);
 	blobmsg_add_u32(&b, "op_class", op_class);
 	blobmsg_add_u32(&b, "beacon_interval", hapd->iconf->beacon_int);
+#ifdef CONFIG_IEEE80211AX
+	blobmsg_add_u32(&b, "bss_color", hapd->iface->conf->he_op.he_bss_color_disabled ? -1 :
+					 hapd->iface->conf->he_op.he_bss_color);
+#else
+	blobmsg_add_u32(&b, "bss_color", -1);
+#endif
 
 	snprintf(phy_name, 17, "%s", hapd->iface->phy);
 	blobmsg_add_string(&b, "phy", phy_name);
@@ -888,10 +872,13 @@ hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
 				css.freq_params.ht_enabled,
 				css.freq_params.vht_enabled,
 				css.freq_params.he_enabled,
+				css.freq_params.eht_enabled,
 				css.freq_params.sec_channel_offset,
 				chwidth, seg0, seg1,
 				iconf->vht_capab,
 				mode ? &mode->he_capab[IEEE80211_MODE_AP] :
+				NULL,
+				mode ? &mode->eht_capab[IEEE80211_MODE_AP] :
 				NULL);
 
 	for (i = 0; i < hapd->iface->num_bss; i++) {
@@ -995,6 +982,7 @@ hostapd_rrm_print_nr(struct hostapd_neighbor_entry *nr)
 enum {
 	BSS_MGMT_EN_NEIGHBOR,
 	BSS_MGMT_EN_BEACON,
+	BSS_MGMT_EN_LINK_MEASUREMENT,
 #ifdef CONFIG_WNM_AP
 	BSS_MGMT_EN_BSS_TRANSITION,
 #endif
@@ -1022,6 +1010,14 @@ __hostapd_bss_mgmt_enable_f(struct hostapd_data *hapd, int flag)
 			WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE |
 			WLAN_RRM_CAPS_BEACON_REPORT_TABLE;
 
+		if (bss->radio_measurements[0] & flags == flags)
+			return false;
+
+		bss->radio_measurements[0] |= (u8) flags;
+		return true;
+	case BSS_MGMT_EN_LINK_MEASUREMENT:
+		flags = WLAN_RRM_CAPS_LINK_MEASUREMENT;
+
 		if (bss->radio_measurements[0] & flags == flags)
 			return false;
 
@@ -1059,6 +1055,7 @@ __hostapd_bss_mgmt_enable(struct hostapd_data *hapd, uint32_t flags)
 static const struct blobmsg_policy bss_mgmt_enable_policy[__BSS_MGMT_EN_MAX] = {
 	[BSS_MGMT_EN_NEIGHBOR] = { "neighbor_report", BLOBMSG_TYPE_BOOL },
 	[BSS_MGMT_EN_BEACON] = { "beacon_report", BLOBMSG_TYPE_BOOL },
+	[BSS_MGMT_EN_LINK_MEASUREMENT] = { "link_measurement", BLOBMSG_TYPE_BOOL },
 #ifdef CONFIG_WNM_AP
 	[BSS_MGMT_EN_BSS_TRANSITION] = { "bss_transition", BLOBMSG_TYPE_BOOL },
 #endif
@@ -1087,6 +1084,8 @@ hostapd_bss_mgmt_enable(struct ubus_context *ctx, struct ubus_object *obj,
 	}
 
 	__hostapd_bss_mgmt_enable(hapd, flags);
+
+	return 0;
 }
 
 
@@ -1337,13 +1336,105 @@ hostapd_rrm_beacon_req(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }
 
+enum {
+	LM_REQ_ADDR,
+	LM_REQ_TX_POWER_USED,
+	LM_REQ_TX_POWER_MAX,
+	__LM_REQ_MAX,
+};
+
+static const struct blobmsg_policy lm_req_policy[__LM_REQ_MAX] = {
+	[LM_REQ_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
+	[LM_REQ_TX_POWER_USED] = { "tx-power-used", BLOBMSG_TYPE_INT32 },
+	[LM_REQ_TX_POWER_MAX] = { "tx-power-max", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+hostapd_rrm_lm_req(struct ubus_context *ctx, struct ubus_object *obj,
+		   struct ubus_request_data *ureq, const char *method,
+		   struct blob_attr *msg)
+{
+	struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+	struct blob_attr *tb[__LM_REQ_MAX];
+	struct wpabuf *buf;
+	u8 addr[ETH_ALEN];
+	int ret;
+	int8_t txp_used, txp_max;
+
+	txp_used = 0;
+	txp_max = 0;
+
+	blobmsg_parse(lm_req_policy, __LM_REQ_MAX, tb, blob_data(msg), blob_len(msg));
+
+	if (!tb[LM_REQ_ADDR])
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	if (tb[LM_REQ_TX_POWER_USED])
+		txp_used = (int8_t) blobmsg_get_u32(tb[LM_REQ_TX_POWER_USED]);
+
+	if (tb[LM_REQ_TX_POWER_MAX])
+		txp_max = (int8_t) blobmsg_get_u32(tb[LM_REQ_TX_POWER_MAX]);
+
+	if (hwaddr_aton(blobmsg_data(tb[LM_REQ_ADDR]), addr))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	buf = wpabuf_alloc(5);
+	if (!buf)
+		return UBUS_STATUS_UNKNOWN_ERROR;
+
+	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
+	wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REQUEST);
+	wpabuf_put_u8(buf, 1);
+	/* TX-Power used */
+	wpabuf_put_u8(buf, txp_used);
+	/* Max TX Power */
+	wpabuf_put_u8(buf, txp_max);
+
+	ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
+				      wpabuf_head(buf), wpabuf_len(buf));
+
+	wpabuf_free(buf);
+	if (ret < 0)
+		return -ret;
+
+	return 0;
+}
+
+
+void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len)
+{
+	const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) data;
+	const u8 *pos, *end;
+	u8 token;
+
+	end = data + len;
+	token = mgmt->u.action.u.rrm.dialog_token;
+	pos = mgmt->u.action.u.rrm.variable;
+
+	if (end - pos < 8)
+		return;
+
+	if (!hapd->ubus.obj.has_subscribers)
+		return;
+
+	blob_buf_init(&b, 0);
+	blobmsg_add_macaddr(&b, "address", mgmt->sa);
+	blobmsg_add_u16(&b, "dialog-token", token);
+	blobmsg_add_u16(&b, "rx-antenna-id", pos[4]);
+	blobmsg_add_u16(&b, "tx-antenna-id", pos[5]);
+	blobmsg_add_u16(&b, "rcpi", pos[6]);
+	blobmsg_add_u16(&b, "rsni", pos[7]);
+
+	ubus_notify(ctx, &hapd->ubus.obj, "link-measurement-report", b.head, -1);
+}
+
 
 #ifdef CONFIG_WNM_AP
 
 static int
 hostapd_bss_tr_send(struct hostapd_data *hapd, u8 *addr, bool disassoc_imminent, bool abridged,
 		    u16 disassoc_timer, u8 validity_period, u8 dialog_token,
-		    struct blob_attr *neighbors)
+		    struct blob_attr *neighbors, u8 mbo_reason, u8 cell_pref, u8 reassoc_delay)
 {
 	struct blob_attr *cur;
 	struct sta_info *sta;
@@ -1351,6 +1442,8 @@ hostapd_bss_tr_send(struct hostapd_data *hapd, u8 *addr, bool disassoc_imminent,
 	int rem;
 	u8 *nr = NULL;
 	u8 req_mode = 0;
+	u8 mbo[10];
+	size_t mbo_len = 0;
 
 	sta = ap_get_sta(hapd, addr);
 	if (!sta)
@@ -1402,8 +1495,37 @@ hostapd_bss_tr_send(struct hostapd_data *hapd, u8 *addr, bool disassoc_imminent,
 	if (disassoc_imminent)
 		req_mode |= WNM_BSS_TM_REQ_DISASSOC_IMMINENT;
 
+#ifdef CONFIG_MBO
+	u8 *mbo_pos = mbo;
+
+	if (mbo_reason > MBO_TRANSITION_REASON_PREMIUM_AP)
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	if (cell_pref != 0 && cell_pref != 1 && cell_pref != 255)
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	if (reassoc_delay > 65535 || (reassoc_delay && !disassoc_imminent))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	*mbo_pos++ = MBO_ATTR_ID_TRANSITION_REASON;
+	*mbo_pos++ = 1;
+	*mbo_pos++ = mbo_reason;
+	*mbo_pos++ = MBO_ATTR_ID_CELL_DATA_PREF;
+	*mbo_pos++ = 1;
+	*mbo_pos++ = cell_pref;
+
+	if (reassoc_delay) {
+		*mbo_pos++ = MBO_ATTR_ID_ASSOC_RETRY_DELAY;
+		*mbo_pos++ = 2;
+		WPA_PUT_LE16(mbo_pos, reassoc_delay);
+		mbo_pos += 2;
+	}
+
+	mbo_len = mbo_pos - mbo;
+#endif
+
 	if (wnm_send_bss_tm_req(hapd, sta, req_mode, disassoc_timer, validity_period, NULL,
-				dialog_token, NULL, nr, nr_len, NULL, 0))
+				dialog_token, NULL, nr, nr_len, mbo_len ? mbo : NULL, mbo_len))
 		return UBUS_STATUS_UNKNOWN_ERROR;
 
 	return 0;
@@ -1417,6 +1539,11 @@ enum {
 	BSS_TR_NEIGHBORS,
 	BSS_TR_ABRIDGED,
 	BSS_TR_DIALOG_TOKEN,
+#ifdef CONFIG_MBO
+	BSS_TR_MBO_REASON,
+	BSS_TR_CELL_PREF,
+	BSS_TR_REASSOC_DELAY,
+#endif
 	__BSS_TR_DISASSOC_MAX
 };
 
@@ -1428,6 +1555,11 @@ static const struct blobmsg_policy bss_tr_policy[__BSS_TR_DISASSOC_MAX] = {
 	[BSS_TR_NEIGHBORS] = { "neighbors", BLOBMSG_TYPE_ARRAY },
 	[BSS_TR_ABRIDGED] = { "abridged", BLOBMSG_TYPE_BOOL },
 	[BSS_TR_DIALOG_TOKEN] = { "dialog_token", BLOBMSG_TYPE_INT32 },
+#ifdef CONFIG_MBO
+	[BSS_TR_MBO_REASON] = { "mbo_reason", BLOBMSG_TYPE_INT32 },
+	[BSS_TR_CELL_PREF] = { "cell_pref", BLOBMSG_TYPE_INT32 },
+	[BSS_TR_REASSOC_DELAY] = { "reassoc_delay", BLOBMSG_TYPE_INT32 },
+#endif
 };
 
 static int
@@ -1444,6 +1576,9 @@ hostapd_bss_transition_request(struct ubus_context *ctx, struct ubus_object *obj
 	u32 dialog_token = 1;
 	bool abridged;
 	bool da_imminent;
+	u8 mbo_reason;
+	u8 cell_pref;
+	u8 reassoc_delay;
 
 	blobmsg_parse(bss_tr_policy, __BSS_TR_DISASSOC_MAX, tb, blob_data(msg), blob_len(msg));
 
@@ -1465,52 +1600,19 @@ hostapd_bss_transition_request(struct ubus_context *ctx, struct ubus_object *obj
 	da_imminent = !!(tb[BSS_TR_DA_IMMINENT] && blobmsg_get_bool(tb[BSS_TR_DA_IMMINENT]));
 	abridged = !!(tb[BSS_TR_ABRIDGED] && blobmsg_get_bool(tb[BSS_TR_ABRIDGED]));
 
+#ifdef CONFIG_MBO
+	if (tb[BSS_TR_MBO_REASON])
+		mbo_reason = blobmsg_get_u32(tb[BSS_TR_MBO_REASON]);
+
+	if (tb[BSS_TR_CELL_PREF])
+		cell_pref = blobmsg_get_u32(tb[BSS_TR_CELL_PREF]);
+
+	if (tb[BSS_TR_REASSOC_DELAY])
+		reassoc_delay = blobmsg_get_u32(tb[BSS_TR_REASSOC_DELAY]);
+#endif
+
 	return hostapd_bss_tr_send(hapd, addr, da_imminent, abridged, da_timer, valid_period,
-				   dialog_token, tb[BSS_TR_NEIGHBORS]);
+				   dialog_token, tb[BSS_TR_NEIGHBORS], mbo_reason, cell_pref, reassoc_delay);
-}
-
-enum {
-	WNM_DISASSOC_ADDR,
-	WNM_DISASSOC_DURATION,
-	WNM_DISASSOC_NEIGHBORS,
-	WNM_DISASSOC_ABRIDGED,
-	__WNM_DISASSOC_MAX,
-};
-
-static const struct blobmsg_policy wnm_disassoc_policy[__WNM_DISASSOC_MAX] = {
-	[WNM_DISASSOC_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
-	[WNM_DISASSOC_DURATION] { "duration", BLOBMSG_TYPE_INT32 },
-	[WNM_DISASSOC_NEIGHBORS] { "neighbors", BLOBMSG_TYPE_ARRAY },
-	[WNM_DISASSOC_ABRIDGED] { "abridged", BLOBMSG_TYPE_BOOL },
-};
-
-static int
-hostapd_wnm_disassoc_imminent(struct ubus_context *ctx, struct ubus_object *obj,
-			      struct ubus_request_data *ureq, const char *method,
-			      struct blob_attr *msg)
-{
-	struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
-	struct blob_attr *tb[__WNM_DISASSOC_MAX];
-	struct sta_info *sta;
-	int duration = 10;
-	u8 addr[ETH_ALEN];
-	bool abridged;
-
-	blobmsg_parse(wnm_disassoc_policy, __WNM_DISASSOC_MAX, tb, blob_data(msg), blob_len(msg));
-
-	if (!tb[WNM_DISASSOC_ADDR])
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (hwaddr_aton(blobmsg_data(tb[WNM_DISASSOC_ADDR]), addr))
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (tb[WNM_DISASSOC_DURATION])
-		duration = blobmsg_get_u32(tb[WNM_DISASSOC_DURATION]);
-
-	abridged = !!(tb[WNM_DISASSOC_ABRIDGED] && blobmsg_get_bool(tb[WNM_DISASSOC_ABRIDGED]));
-
-	return hostapd_bss_tr_send(hapd, addr, true, abridged, duration, duration,
-				   1, tb[WNM_DISASSOC_NEIGHBORS]);
 }
 #endif
 
@@ -1594,8 +1696,8 @@ static const struct ubus_method bss_methods[] = {
 	UBUS_METHOD_NOARG("rrm_nr_list", hostapd_rrm_nr_list),
 	UBUS_METHOD("rrm_nr_set", hostapd_rrm_nr_set, nr_set_policy),
 	UBUS_METHOD("rrm_beacon_req", hostapd_rrm_beacon_req, beacon_req_policy),
+	UBUS_METHOD("link_measurement_req", hostapd_rrm_lm_req, lm_req_policy),
 #ifdef CONFIG_WNM_AP
-	UBUS_METHOD("wnm_disassoc_imminent", hostapd_wnm_disassoc_imminent, wnm_disassoc_policy),
 	UBUS_METHOD("bss_transition_request", hostapd_bss_transition_request, bss_tr_policy),
 #endif
 };
@@ -1857,6 +1959,20 @@ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *
 	ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
 }
 
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+				    const char *auth_alg)
+{
+	if (!hapd->ubus.obj.has_subscribers)
+		return;
+
+	blob_buf_init(&b, 0);
+	blobmsg_add_macaddr(&b, "address", sta->addr);
+	if (auth_alg)
+		blobmsg_add_string(&b, "auth-alg", auth_alg);
+
+	ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1);
+}
+
 void hostapd_ubus_notify_beacon_report(
 	struct hostapd_data *hapd, const u8 *addr, u8 token, u8 rep_mode,
 	struct rrm_measurement_beacon_report *rep, size_t len)
@@ -1879,6 +1995,7 @@ void hostapd_ubus_notify_beacon_report(
 	blobmsg_add_macaddr(&b, "bssid", rep->bssid);
 	blobmsg_add_u16(&b, "antenna-id", rep->antenna_id);
 	blobmsg_add_u16(&b, "parent-tsf", rep->parent_tsf);
+	blobmsg_add_u16(&b, "rep-mode", rep_mode);
 
 	ubus_notify(ctx, &hapd->ubus.obj, "beacon-report", b.head, -1);
 }

package/network/services/hostapd/src/src/ap/ubus.h

@@ -47,6 +47,7 @@ void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
 void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);
 
 int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
+void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len);
 void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
 void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
 				       const u8 *addr, u8 token, u8 rep_mode,
@@ -64,6 +65,8 @@ void hostapd_ubus_free(struct hapd_interfaces *interfaces);
 int hostapd_ubus_notify_bss_transition_query(
 	struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
 	const u8 *candidate_list, u16 candidate_list_len);
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+				    const char *auth_alg);
 
 #else
 
@@ -98,6 +101,10 @@ static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct ho
 	return 0;
 }
 
+static inline void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len)
+{
+}
+
 static inline void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac)
 {
 }
@@ -135,6 +142,13 @@ static inline int hostapd_ubus_notify_bss_transition_query(
 {
 	return 0;
 }
+
+static inline void
+hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+			       const char *auth_alg)
+{
+}
+
 #endif
 
 #endif

package/network/services/hostapd/src/src/utils/build_features.h

@@ -7,10 +7,6 @@ static inline int has_feature(const char *feat)
 	if (!strcmp(feat, "eap"))
 		return 1;
 #endif
-#ifdef CONFIG_IEEE80211N
-	if (!strcmp(feat, "11n"))
-		return 1;
-#endif
 #ifdef CONFIG_IEEE80211AC
 	if (!strcmp(feat, "11ac"))
 		return 1;
@@ -54,6 +50,14 @@ static inline int has_feature(const char *feat)
 #ifdef CONFIG_FILS
 	if (!strcmp(feat, "fils"))
 		return 1;
+#endif
+#ifdef CONFIG_OCV
+	if (!strcmp(feat, "ocv"))
+		return 1;
+#endif
+#ifdef CONFIG_MESH
+	if (!strcmp(feat, "mesh"))
+		return 1;
 #endif
 	return 0;
 }

package/network/utils/iw/Makefile

@@ -8,16 +8,18 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iw
-PKG_VERSION:=5.16
+PKG_VERSION:=5.19
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/software/network/iw
-PKG_HASH:=4c44e42762f903f9094ba5a598998c800a97a62afd6fd31ec1e0a799e308659c
+PKG_HASH:=f167bbe947dd53bb9ebc0c1dcef5db6ad73ac1d6084f2c6f9376c5c360cc4d4e
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=GPL-2.0
 
+PKG_BUILD_FLAGS:=gc-sections lto
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/iw
@@ -46,8 +48,7 @@ TARGET_CPPFLAGS:= \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
 	$(TARGET_CPPFLAGS) \
 	-DCONFIG_LIBNL20 \
-	-D_GNU_SOURCE \
+	-D_GNU_SOURCE
-	-flto
 
 ifeq ($(BUILD_VARIANT),full)
   TARGET_CPPFLAGS += -DIW_FULL
@@ -55,8 +56,8 @@ ifeq ($(BUILD_VARIANT),full)
 endif
 
 MAKE_FLAGS += \
-	CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -ffunction-sections -fdata-sections" \
+	CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
-	LDFLAGS="$(TARGET_LDFLAGS) -Wl,--gc-sections -flto" \
+	LDFLAGS="$(TARGET_LDFLAGS)" \
 	NL1FOUND="" NL2FOUND=Y \
 	NLLIBNAME="libnl-tiny" \
 	LIBS="-lm -lnl-tiny" \

package/network/utils/iw/patches/001-nl80211_h_sync.patch

@@ -1,137 +1,259 @@
 --- a/nl80211.h
 +++ b/nl80211.h
-@@ -301,29 +301,6 @@
+@@ -324,6 +324,17 @@
   */
  
  /**
-- * DOC: FILS shared key crypto offload
++ * DOC: Multi-Link Operation
-- *
++ *
-- * This feature is applicable to drivers running in AP mode.
++ * In Multi-Link Operation, a connection between to MLDs utilizes multiple
-- *
++ * links. To use this in nl80211, various commands and responses now need
-- * FILS shared key crypto offload can be advertised by drivers by setting
++ * to or will include the new %NL80211_ATTR_MLO_LINKS attribute.
-- * @NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD flag. The drivers that support
++ * Additionally, various commands that need to operate on a specific link
-- * FILS shared key crypto offload should be able to encrypt and decrypt
++ * now need to be given the %NL80211_ATTR_MLO_LINK_ID attribute, e.g. to
-- * association frames for FILS shared key authentication as per IEEE 802.11ai.
++ * use %NL80211_CMD_START_AP or similar functions.
-- * With this capability, for FILS key derivation, drivers depend on userspace.
++ */
-- *
++
-- * After FILS key derivation, userspace shares the FILS AAD details with the
++/**
-- * driver and the driver stores the same to use in decryption of association
-- * request and in encryption of association response. The below parameters
-- * should be given to the driver in %NL80211_CMD_SET_FILS_AAD.
-- *	%NL80211_ATTR_MAC - STA MAC address, used for storing FILS AAD per STA
-- *	%NL80211_ATTR_FILS_KEK - Used for encryption or decryption
-- *	%NL80211_ATTR_FILS_NONCES - Used for encryption or decryption
-- *			(STA Nonce 16 bytes followed by AP Nonce 16 bytes)
-- *
-- * Once the association is done, the driver cleans the FILS AAD data.
-- */
--
--/**
   * enum nl80211_commands - supported nl80211 commands
   *
   * @NL80211_CMD_UNSPEC: unspecified command to catch errors
-@@ -1226,12 +1203,6 @@
+@@ -366,14 +377,22 @@
-  * @NL80211_CMD_COLOR_CHANGE_COMPLETED: Notify userland that the color change
+  *	the non-transmitting interfaces are deleted as well.
-  *	has completed
   *
-- * @NL80211_CMD_SET_FILS_AAD: Set FILS AAD data to the driver using -
+  * @NL80211_CMD_GET_KEY: Get sequence counter information for a key specified
-- *	&NL80211_ATTR_MAC - for STA MAC address
+- *	by %NL80211_ATTR_KEY_IDX and/or %NL80211_ATTR_MAC.
-- *	&NL80211_ATTR_FILS_KEK - for KEK
++ *	by %NL80211_ATTR_KEY_IDX and/or %NL80211_ATTR_MAC. %NL80211_ATTR_MAC
-- *	&NL80211_ATTR_FILS_NONCES - for FILS Nonces
++ *	represents peer's MLD address for MLO pairwise key. For MLO group key,
-- *		(STA Nonce 16 bytes followed by AP Nonce 16 bytes)
++ *	the link is identified by %NL80211_ATTR_MLO_LINK_ID.
-- *
+  * @NL80211_CMD_SET_KEY: Set key attributes %NL80211_ATTR_KEY_DEFAULT,
+  *	%NL80211_ATTR_KEY_DEFAULT_MGMT, or %NL80211_ATTR_KEY_THRESHOLD.
++ *	For MLO connection, the link to set default key is identified by
++ *	%NL80211_ATTR_MLO_LINK_ID.
+  * @NL80211_CMD_NEW_KEY: add a key with given %NL80211_ATTR_KEY_DATA,
+  *	%NL80211_ATTR_KEY_IDX, %NL80211_ATTR_MAC, %NL80211_ATTR_KEY_CIPHER,
+- *	and %NL80211_ATTR_KEY_SEQ attributes.
++ *	and %NL80211_ATTR_KEY_SEQ attributes. %NL80211_ATTR_MAC represents
++ *	peer's MLD address for MLO pairwise key. The link to add MLO
++ *	group key is identified by %NL80211_ATTR_MLO_LINK_ID.
+  * @NL80211_CMD_DEL_KEY: delete a key identified by %NL80211_ATTR_KEY_IDX
+- *	or %NL80211_ATTR_MAC.
++ *	or %NL80211_ATTR_MAC. %NL80211_ATTR_MAC represents peer's MLD address
++ *	for MLO pairwise key. The link to delete group key is identified by
++ *	%NL80211_ATTR_MLO_LINK_ID.
+  *
+  * @NL80211_CMD_GET_BEACON: (not used)
+  * @NL80211_CMD_SET_BEACON: change the beacon on an access point interface
+@@ -753,6 +772,13 @@
+  *	%NL80211_ATTR_CSA_C_OFFSETS_TX is an array of offsets to CSA
+  *	counters which will be updated to the current value. This attribute
+  *	is used during CSA period.
++ *	For TX on an MLD, the frequency can be omitted and the link ID be
++ *	specified, or if transmitting to a known peer MLD (with MLD addresses
++ *	in the frame) both can be omitted and the link will be selected by
++ *	lower layers.
++ *	For RX notification, %NL80211_ATTR_RX_HW_TIMESTAMP may be included to
++ *	indicate the frame RX timestamp and %NL80211_ATTR_TX_HW_TIMESTAMP may
++ *	be included to indicate the ack TX timestamp.
+  * @NL80211_CMD_FRAME_WAIT_CANCEL: When an off-channel TX was requested, this
+  *	command may be used with the corresponding cookie to cancel the wait
+  *	time if it is known that it is no longer necessary.  This command is
+@@ -763,7 +789,9 @@
+  *	transmitted with %NL80211_CMD_FRAME. %NL80211_ATTR_COOKIE identifies
+  *	the TX command and %NL80211_ATTR_FRAME includes the contents of the
+  *	frame. %NL80211_ATTR_ACK flag is included if the recipient acknowledged
+- *	the frame.
++ *	the frame. %NL80211_ATTR_TX_HW_TIMESTAMP may be included to indicate the
++ *	tx timestamp and %NL80211_ATTR_RX_HW_TIMESTAMP may be included to
++ *	indicate the ack RX timestamp.
+  * @NL80211_CMD_ACTION_TX_STATUS: Alias for @NL80211_CMD_FRAME_TX_STATUS for
+  *	backward compatibility.
+  *
+@@ -1108,6 +1136,12 @@
+  *	has been received. %NL80211_ATTR_FRAME is used to specify the
+  *	frame contents.  The frame is the raw EAPoL data, without ethernet or
+  *	802.11 headers.
++ *	For an MLD transmitter, the %NL80211_ATTR_MLO_LINK_ID may be given and
++ *	its effect will depend on the destination: If the destination is known
++ *	to be an MLD, this will be used as a hint to select the link to transmit
++ *	the frame on. If the destination is not an MLD, this will select both
++ *	the link to transmit on and the source address will be set to the link
++ *	address of that link.
+  *	When used as an event indication %NL80211_ATTR_CONTROL_PORT_ETHERTYPE,
+  *	%NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT and %NL80211_ATTR_MAC are added
+  *	indicating the protocol type of the received frame; whether the frame
+@@ -1237,6 +1271,16 @@
+  *      to describe the BSSID address of the AP and %NL80211_ATTR_TIMEOUT to
+  *      specify the timeout value.
+  *
++ * @NL80211_CMD_ADD_LINK: Add a new link to an interface. The
++ *	%NL80211_ATTR_MLO_LINK_ID attribute is used for the new link.
++ * @NL80211_CMD_REMOVE_LINK: Remove a link from an interface. This may come
++ *	without %NL80211_ATTR_MLO_LINK_ID as an easy way to remove all links
++ *	in preparation for e.g. roaming to a regular (non-MLO) AP.
++ *
++ * @NL80211_CMD_ADD_LINK_STA: Add a link to an MLD station
++ * @NL80211_CMD_MODIFY_LINK_STA: Modify a link of an MLD station
++ * @NL80211_CMD_REMOVE_LINK_STA: Remove a link of an MLD station
++ *
   * @NL80211_CMD_MAX: highest used command number
   * @__NL80211_CMD_AFTER_LAST: internal use
   */
-@@ -1472,8 +1443,6 @@ enum nl80211_commands {
+@@ -1481,6 +1525,13 @@ enum nl80211_commands {
- 	NL80211_CMD_COLOR_CHANGE_ABORTED,
- 	NL80211_CMD_COLOR_CHANGE_COMPLETED,
  
--	NL80211_CMD_SET_FILS_AAD,
+ 	NL80211_CMD_ASSOC_COMEBACK,
--
+ 
++	NL80211_CMD_ADD_LINK,
++	NL80211_CMD_REMOVE_LINK,
++
++	NL80211_CMD_ADD_LINK_STA,
++	NL80211_CMD_MODIFY_LINK_STA,
++	NL80211_CMD_REMOVE_LINK_STA,
++
  	/* add new commands above here */
  
  	/* used to define NL80211_CMD_MAX below */
-@@ -2639,6 +2608,9 @@ enum nl80211_commands {
+@@ -2340,8 +2391,10 @@ enum nl80211_commands {
-  *	Mandatory parameter for the transmitting interface to enable MBSSID.
-  *	Optional for the non-transmitting interfaces.
   *
+  * @NL80211_ATTR_IFTYPE_EXT_CAPA: Nested attribute of the following attributes:
+  *	%NL80211_ATTR_IFTYPE, %NL80211_ATTR_EXT_CAPA,
+- *	%NL80211_ATTR_EXT_CAPA_MASK, to specify the extended capabilities per
+- *	interface type.
++ *	%NL80211_ATTR_EXT_CAPA_MASK, to specify the extended capabilities and
++ *	other interface-type specific capabilities per interface type. For MLO,
++ *	%NL80211_ATTR_EML_CAPABILITY and %NL80211_ATTR_MLD_CAPA_AND_OPS are
++ *	present.
+  *
+  * @NL80211_ATTR_MU_MIMO_GROUP_DATA: array of 24 bytes that defines a MU-MIMO
+  *	groupID for monitor mode.
+@@ -2663,6 +2716,44 @@ enum nl80211_commands {
+  *	association request when used with NL80211_CMD_NEW_STATION). Can be set
+  *	only if %NL80211_STA_FLAG_WME is set.
+  *
++ * @NL80211_ATTR_MLO_LINK_ID: A (u8) link ID for use with MLO, to be used with
++ *	various commands that need a link ID to operate.
++ * @NL80211_ATTR_MLO_LINKS: A nested array of links, each containing some
++ *	per-link information and a link ID.
++ * @NL80211_ATTR_MLD_ADDR: An MLD address, used with various commands such as
++ *	authenticate/associate.
++ *
++ * @NL80211_ATTR_MLO_SUPPORT: Flag attribute to indicate user space supports MLO
++ *	connection. Used with %NL80211_CMD_CONNECT. If this attribute is not
++ *	included in NL80211_CMD_CONNECT drivers must not perform MLO connection.
++ *
++ * @NL80211_ATTR_MAX_NUM_AKM_SUITES: U16 attribute. Indicates maximum number of
++ *	AKM suites allowed for %NL80211_CMD_CONNECT, %NL80211_CMD_ASSOCIATE and
++ *	%NL80211_CMD_START_AP in %NL80211_CMD_GET_WIPHY response. If this
++ *	attribute is not present userspace shall consider maximum number of AKM
++ *	suites allowed as %NL80211_MAX_NR_AKM_SUITES which is the legacy maximum
++ *	number prior to the introduction of this attribute.
++ *
++ * @NL80211_ATTR_EML_CAPABILITY: EML Capability information (u16)
++ * @NL80211_ATTR_MLD_CAPA_AND_OPS: MLD Capabilities and Operations (u16)
++ *
++ * @NL80211_ATTR_TX_HW_TIMESTAMP: Hardware timestamp for TX operation in
++ *	nanoseconds (u64). This is the device clock timestamp so it will
++ *	probably reset when the device is stopped or the firmware is reset.
++ *	When used with %NL80211_CMD_FRAME_TX_STATUS, indicates the frame TX
++ *	timestamp. When used with %NL80211_CMD_FRAME RX notification, indicates
++ *	the ack TX timestamp.
++ * @NL80211_ATTR_RX_HW_TIMESTAMP: Hardware timestamp for RX operation in
++ *	nanoseconds (u64). This is the device clock timestamp so it will
++ *	probably reset when the device is stopped or the firmware is reset.
++ *	When used with %NL80211_CMD_FRAME_TX_STATUS, indicates the ack RX
++ *	timestamp. When used with %NL80211_CMD_FRAME RX notification, indicates
++ *	the incoming frame RX timestamp.
++ * @NL80211_ATTR_TD_BITMAP: Transition Disable bitmap, for subsequent
++ *	(re)associations.
 + * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce
 + *	transmit power to stay within regulatory limits. u32, dBi.
 + *
   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
   * @NL80211_ATTR_MAX: highest attribute number currently defined
   * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3145,6 +3117,8 @@ enum nl80211_attrs {
+@@ -3177,6 +3268,23 @@ enum nl80211_attrs {
- 	NL80211_ATTR_MBSSID_CONFIG,
- 	NL80211_ATTR_MBSSID_ELEMS,
  
+ 	NL80211_ATTR_DISABLE_EHT,
+ 
++	NL80211_ATTR_MLO_LINKS,
++	NL80211_ATTR_MLO_LINK_ID,
++	NL80211_ATTR_MLD_ADDR,
++
++	NL80211_ATTR_MLO_SUPPORT,
++
++	NL80211_ATTR_MAX_NUM_AKM_SUITES,
++
++	NL80211_ATTR_EML_CAPABILITY,
++	NL80211_ATTR_MLD_CAPA_AND_OPS,
++
++	NL80211_ATTR_TX_HW_TIMESTAMP,
++	NL80211_ATTR_RX_HW_TIMESTAMP,
++	NL80211_ATTR_TD_BITMAP,
++
 +	NL80211_ATTR_WIPHY_ANTENNA_GAIN,
 +
  	/* add attributes here, update the policy in nl80211.c */
  
  	__NL80211_ATTR_AFTER_LAST,
-@@ -4978,7 +4952,6 @@ enum nl80211_txrate_gi {
+@@ -3231,6 +3339,11 @@ enum nl80211_attrs {
-  * @NL80211_BAND_60GHZ: around 60 GHz band (58.32 - 69.12 GHz)
+ #define NL80211_HE_MIN_CAPABILITY_LEN           16
-  * @NL80211_BAND_6GHZ: around 6 GHz band (5.9 - 7.2 GHz)
+ #define NL80211_HE_MAX_CAPABILITY_LEN           54
-  * @NL80211_BAND_S1GHZ: around 900MHz, supported by S1G PHYs
+ #define NL80211_MAX_NR_CIPHER_SUITES		5
-- * @NL80211_BAND_LC: light communication band (placeholder)
++
-  * @NUM_NL80211_BANDS: number of bands, avoid using this in userspace
++/*
-  *	since newer kernel versions may support more bands
++ * NL80211_MAX_NR_AKM_SUITES is obsolete when %NL80211_ATTR_MAX_NUM_AKM_SUITES
++ * present in %NL80211_CMD_GET_WIPHY response.
++ */
+ #define NL80211_MAX_NR_AKM_SUITES		2
+ #define NL80211_EHT_MIN_CAPABILITY_LEN          13
+ #define NL80211_EHT_MAX_CAPABILITY_LEN          51
+@@ -4853,6 +4966,8 @@ enum nl80211_bss_scan_width {
+  *	Contains a nested array of signal strength attributes (u8, dBm),
+  *	using the nesting index as the antenna number.
+  * @NL80211_BSS_FREQUENCY_OFFSET: frequency offset in KHz
++ * @NL80211_BSS_MLO_LINK_ID: MLO link ID of the BSS (u8).
++ * @NL80211_BSS_MLD_ADDR: MLD address of this BSS if connected to it.
+  * @__NL80211_BSS_AFTER_LAST: internal
+  * @NL80211_BSS_MAX: highest BSS attribute
   */
-@@ -4988,7 +4961,6 @@ enum nl80211_band {
+@@ -4878,6 +4993,8 @@ enum nl80211_bss {
- 	NL80211_BAND_60GHZ,
+ 	NL80211_BSS_PARENT_BSSID,
- 	NL80211_BAND_6GHZ,
+ 	NL80211_BSS_CHAIN_SIGNAL,
- 	NL80211_BAND_S1GHZ,
+ 	NL80211_BSS_FREQUENCY_OFFSET,
--	NL80211_BAND_LC,
++	NL80211_BSS_MLO_LINK_ID,
++	NL80211_BSS_MLD_ADDR,
  
- 	NUM_NL80211_BANDS,
+ 	/* keep last */
- };
+ 	__NL80211_BSS_AFTER_LAST,
-@@ -6046,11 +6018,6 @@ enum nl80211_feature_flags {
+@@ -5874,7 +5991,7 @@ enum nl80211_ap_sme_features {
-  * @NL80211_EXT_FEATURE_BSS_COLOR: The driver supports BSS color collision
+  * @NL80211_FEATURE_INACTIVITY_TIMER: This driver takes care of freeing up
-  *	detection and change announcemnts.
+  *	the connected inactive stations in AP mode.
+  * @NL80211_FEATURE_CELL_BASE_REG_HINTS: This driver has been tested
+- *	to work properly to suppport receiving regulatory hints from
++ *	to work properly to support receiving regulatory hints from
+  *	cellular base stations.
+  * @NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL: (no longer available, only
+  *	here to reserve the value for API/ABI compatibility)
+@@ -6174,6 +6291,14 @@ enum nl80211_feature_flags {
+  * @NL80211_EXT_FEATURE_RADAR_BACKGROUND: Device supports background radar/CAC
+  *	detection.
   *
-- * @NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD: Driver running in AP mode supports
++ * @NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE: Device can perform a MAC address
-- *	FILS encryption and decryption for (Re)Association Request and Response
++ *	change without having to bring the underlying network device down
-- *	frames. Userspace has to share FILS AAD details to the driver by using
++ *	first. For example, in station mode this can be used to vary the
-- *	@NL80211_CMD_SET_FILS_AAD.
++ *	origin MAC address prior to a connection to a new AP for privacy
-- *
++ *	or other reasons. Note that certain driver specific restrictions
++ *	might apply, e.g. no scans in progress, no offchannel operations
++ *	in progress, and no active connections.
++ *
   * @NUM_NL80211_EXT_FEATURES: number of extended features.
   * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
   */
-@@ -6116,7 +6083,6 @@ enum nl80211_ext_feature_index {
+@@ -6241,6 +6366,7 @@ enum nl80211_ext_feature_index {
- 	NL80211_EXT_FEATURE_SECURE_RTT,
- 	NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
  	NL80211_EXT_FEATURE_BSS_COLOR,
--	NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD,
+ 	NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD,
+ 	NL80211_EXT_FEATURE_RADAR_BACKGROUND,
++	NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE,
  
  	/* add new features before the definition below */
  	NUM_NL80211_EXT_FEATURES,
-@@ -7424,7 +7390,7 @@ enum nl80211_sar_specs_attrs {
-  * @NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY: Used by the kernel
-  *	to advertise the maximum profile periodicity supported by the driver
-  *	if EMA is enabled. Driver should indicate EMA support to the userspace
-- *	by setting wiphy->ema_max_profile_periodicity to
-+ *	by setting wiphy->mbssid_max_ema_profile_periodicity to
-  *	a non-zero value.
-  *
-  * @NL80211_MBSSID_CONFIG_ATTR_INDEX: Mandatory parameter to pass the index of
-@@ -7443,7 +7409,7 @@ enum nl80211_sar_specs_attrs {
-  *
-  * @NL80211_MBSSID_CONFIG_ATTR_EMA: Flag used to enable EMA AP feature.
-  *	Setting this flag is permitted only if the driver advertises EMA support
-- *	by setting wiphy->ema_max_profile_periodicity to non-zero.
-+ *	by setting wiphy->mbssid_max_ema_profile_periodicity to non-zero.
-  *
-  * @__NL80211_MBSSID_CONFIG_ATTR_LAST: Internal
-  * @NL80211_MBSSID_CONFIG_ATTR_MAX: highest attribute
---- a/info.c
-+++ b/info.c
-@@ -701,7 +701,6 @@ broken_combination:
- 		ext_feat_print(tb, OPERATING_CHANNEL_VALIDATION, "Operating Channel Validation (OCV) support");
- 		ext_feat_print(tb, 4WAY_HANDSHAKE_AP_PSK, "AP mode PSK offload support");
- 		ext_feat_print(tb, BSS_COLOR, "BSS coloring support");
--		ext_feat_print(tb, FILS_CRYPTO_OFFLOAD, "FILS crypto offload");
- 	}
- 
- 	if (tb_msg[NL80211_ATTR_COALESCE_RULE]) {

package/network/utils/iw/patches/200-reduce_size.patch

@@ -1,6 +1,6 @@
 --- a/event.c
 +++ b/event.c
-@@ -956,6 +956,7 @@ static int print_event(struct nl_msg *ms
+@@ -971,6 +971,7 @@ static int print_event(struct nl_msg *ms
  	}
  
  	switch (gnlh->cmd) {
@@ -8,7 +8,7 @@
  	case NL80211_CMD_NEW_WIPHY:
  		printf("renamed to %s\n", nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]));
  		break;
-@@ -991,6 +992,7 @@ static int print_event(struct nl_msg *ms
+@@ -1006,6 +1007,7 @@ static int print_event(struct nl_msg *ms
  	case NL80211_CMD_SCHED_SCAN_RESULTS:
  		printf("got scheduled scan results\n");
  		break;
@@ -16,7 +16,7 @@
  	case NL80211_CMD_WIPHY_REG_CHANGE:
  	case NL80211_CMD_REG_CHANGE:
  		if (gnlh->cmd == NL80211_CMD_WIPHY_REG_CHANGE)
-@@ -1073,6 +1075,7 @@ static int print_event(struct nl_msg *ms
+@@ -1088,6 +1090,7 @@ static int print_event(struct nl_msg *ms
  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
  		printf("del station %s\n", macbuf);
  		break;
@@ -24,9 +24,9 @@
  	case NL80211_CMD_JOIN_IBSS:
  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
  		printf("IBSS %s joined\n", macbuf);
-@@ -1271,9 +1274,9 @@ static int print_event(struct nl_msg *ms
+@@ -1295,9 +1298,9 @@ static int print_event(struct nl_msg *ms
- 	case NL80211_CMD_CH_SWITCH_NOTIFY:
+ 	case NL80211_CMD_ASSOC_COMEBACK: /* 147 */
- 		parse_ch_switch_notify(tb, gnlh->cmd);
+ 		parse_assoc_comeback(tb, gnlh->cmd);
  		break;
 +#endif
  	default:
@@ -38,7 +38,7 @@
  
 --- a/info.c
 +++ b/info.c
-@@ -215,6 +215,7 @@ next:
+@@ -309,6 +309,7 @@ next:
  				}
  			}
  
@@ -46,7 +46,7 @@
  			if (tb_band[NL80211_BAND_ATTR_RATES]) {
  			printf("\t\tBitrates (non-HT):\n");
  			nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
-@@ -231,6 +232,7 @@ next:
+@@ -325,6 +326,7 @@ next:
  				printf("\n");
  			}
  			}
@@ -54,7 +54,7 @@
  		}
  	}
  
-@@ -296,6 +298,7 @@ next:
+@@ -390,6 +392,7 @@ next:
  		printf("\tCoverage class: %d (up to %dm)\n", coverage, 450 * coverage);
  	}
  
@@ -62,7 +62,7 @@
  	if (tb_msg[NL80211_ATTR_CIPHER_SUITES]) {
  		int num = nla_len(tb_msg[NL80211_ATTR_CIPHER_SUITES]) / sizeof(__u32);
  		int i;
-@@ -307,6 +310,7 @@ next:
+@@ -401,6 +404,7 @@ next:
  					cipher_name(ciphers[i]));
  		}
  	}
@@ -70,7 +70,7 @@
  
  	if (tb_msg[NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX] &&
  	    tb_msg[NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX])
-@@ -324,9 +328,11 @@ next:
+@@ -418,9 +422,11 @@ next:
  		print_iftype_list("\tSupported interface modes", "\t\t",
  				  tb_msg[NL80211_ATTR_SUPPORTED_IFTYPES]);
  
@@ -82,7 +82,7 @@
  
  	if (tb_msg[NL80211_ATTR_INTERFACE_COMBINATIONS]) {
  		struct nlattr *nl_combi;
-@@ -416,6 +422,7 @@ broken_combination:
+@@ -510,6 +516,7 @@ broken_combination:
  			printf("\tinterface combinations are not supported\n");
  	}
  
@@ -90,7 +90,7 @@
  	if (tb_msg[NL80211_ATTR_SUPPORTED_COMMANDS]) {
  		printf("\tSupported commands:\n");
  		nla_for_each_nested(nl_cmd, tb_msg[NL80211_ATTR_SUPPORTED_COMMANDS], rem_cmd)
-@@ -513,6 +520,7 @@ broken_combination:
+@@ -607,6 +614,7 @@ broken_combination:
  				printf("\t\t * wake up on TCP connection\n");
  		}
  	}
@@ -98,7 +98,7 @@
  
  	if (tb_msg[NL80211_ATTR_ROAM_SUPPORT])
  		printf("\tDevice supports roaming.\n");
-@@ -551,6 +559,7 @@ broken_combination:
+@@ -645,6 +653,7 @@ broken_combination:
  		}
  	}
  
@@ -106,7 +106,7 @@
  	if (tb_msg[NL80211_ATTR_FEATURE_FLAGS]) {
  		unsigned int features = nla_get_u32(tb_msg[NL80211_ATTR_FEATURE_FLAGS]);
  
-@@ -615,6 +624,7 @@ broken_combination:
+@@ -709,6 +718,7 @@ broken_combination:
  		if (features & NL80211_FEATURE_ND_RANDOM_MAC_ADDR)
  			printf("\tDevice supports randomizing MAC-addr in net-detect scans.\n");
  	}
@@ -114,7 +114,7 @@
  
  	if (tb_msg[NL80211_ATTR_TDLS_SUPPORT])
  		printf("\tDevice supports T-DLS.\n");
-@@ -751,6 +761,7 @@ TOPLEVEL(list, NULL, NL80211_CMD_GET_WIP
+@@ -774,6 +784,7 @@ TOPLEVEL(list, NULL, NL80211_CMD_GET_WIP
  	 "List all wireless devices and their capabilities.");
  TOPLEVEL(phy, NULL, NL80211_CMD_GET_WIPHY, NLM_F_DUMP, CIB_NONE, handle_info, NULL);
  
@@ -122,7 +122,7 @@
  static int handle_commands(struct nl80211_state *state, struct nl_msg *msg,
  			   int argc, char **argv, enum id_input id)
  {
-@@ -762,6 +773,7 @@ static int handle_commands(struct nl8021
+@@ -785,6 +796,7 @@ static int handle_commands(struct nl8021
  }
  TOPLEVEL(commands, NULL, NL80211_CMD_GET_WIPHY, 0, CIB_NONE, handle_commands,
  	 "list all known commands and their decimal & hex value");
@@ -292,7 +292,7 @@
  ifeq ($(NO_PKG_CONFIG),)
 --- a/station.c
 +++ b/station.c
-@@ -777,10 +777,12 @@ static int handle_station_set_plink(stru
+@@ -791,10 +791,12 @@ static int handle_station_set_plink(stru
   nla_put_failure:
  	return -ENOBUFS;
  }
@@ -305,7 +305,7 @@
  
  static int handle_station_set_vlan(struct nl80211_state *state,
  				   struct nl_msg *msg,
-@@ -875,11 +877,13 @@ static int handle_station_set_mesh_power
+@@ -889,11 +891,13 @@ static int handle_station_set_mesh_power
  nla_put_failure:
  	return -ENOBUFS;
  }
@@ -321,7 +321,7 @@
  					     struct nl_msg *msg,
 --- a/interface.c
 +++ b/interface.c
-@@ -627,9 +627,11 @@ static int handle_interface_wds_peer(str
+@@ -629,9 +629,11 @@ static int handle_interface_wds_peer(str
   nla_put_failure:
  	return -ENOBUFS;
  }
@@ -333,7 +333,7 @@
  
  static int set_mcast_rate(struct nl80211_state *state,
  			  struct nl_msg *msg,
-@@ -719,6 +721,7 @@ static int handle_chan(struct nl80211_st
+@@ -721,6 +723,7 @@ static int handle_chan(struct nl80211_st
  	return handle_chanfreq(state, msg, true, argc, argv, id);
  }
  
@@ -341,7 +341,7 @@
  SECTION(switch);
  COMMAND(switch, freq,
  	"<freq> [NOHT|HT20|HT40+|HT40-|5MHz|10MHz|80MHz] [beacons <count>] [block-tx]\n"
-@@ -990,3 +993,4 @@ COMMAND(set, tidconf, "[peer <MAC addres
+@@ -992,3 +995,4 @@ COMMAND(set, tidconf, "[peer <MAC addres
  	"  $ iw dev wlan0 set tidconf peer xx:xx:xx:xx:xx:xx tids 0x2 bitrates auto\n"
  	"  $ iw dev wlan0 set tidconf peer xx:xx:xx:xx:xx:xx tids 0x2 bitrates limit vht-mcs-5 4:9\n"
  	);

package/network/utils/iwinfo/Makefile

@@ -7,26 +7,23 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libiwinfo
-PKG_RELEASE:=5
+PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git
-PKG_SOURCE_DATE:=2021-06-28
+PKG_SOURCE_DATE:=2023-02-06
-PKG_SOURCE_VERSION:=c9b1672f5a83c8dcb14fdbaee651f775a7defe52
+PKG_SOURCE_VERSION:=c7eb8ebe33de2ff2d08064258edb047e5ac09f29
-PKG_MIRROR_HASH:=f33779035153da6bd0b2f100f402f62f1554ab87ed6fbbd938d41df6b9947a1f
+PKG_MIRROR_HASH:=f1124cf305710b0f04e2ea6dd42ba96ba4a3367da4d4afb4c19d5af9905b1cc2
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0
 
 PKG_FLAGS := nonshared
 
 PKG_CONFIG_DEPENDS := \
-	CONFIG_PACKAGE_kmod-brcm-wl \
-	CONFIG_PACKAGE_kmod-brcm-wl-mini \
-	CONFIG_PACKAGE_kmod-brcm-wl-mimo \
 	CONFIG_PACKAGE_kmod-mt7615d_dbdc \
 	CONFIG_PACKAGE_kmod-cfg80211
 
-IWINFO_ABI_VERSION:=20210430
+IWINFO_ABI_VERSION:=20230121
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -35,13 +32,13 @@ define Package/libiwinfo
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=Generalized Wireless Information Library (iwinfo)
-  DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny +libuci +libubus
+  DEPENDS:=+libnl-tiny +libuci +libubus +libiwinfo-data
   ABI_VERSION:=$(IWINFO_ABI_VERSION)
 endef
 
 define Package/libiwinfo/description
-  Wireless information library with consistent interface for proprietary Broadcom,
+  Wireless information library with simplified API for nl80211
-  nl80211 and wext driver interfaces.
+  and wext driver interfaces.
 endef
 
 
@@ -59,6 +56,12 @@ define Package/libiwinfo-lua/description
 endef
 
 
+define Package/libiwinfo-data
+  TITLE:=libiwinfo Lua binding
+  HIDDEN:=1
+endef
+
+
 define Package/iwinfo
   SECTION:=utils
   CATEGORY:=Utilities
@@ -75,9 +78,6 @@ define Build/Configure
 endef
 
 IWINFO_BACKENDS := \
-	$(if $(CONFIG_PACKAGE_kmod-brcm-wl),wl) \
-	$(if $(CONFIG_PACKAGE_kmod-brcm-wl-mini),wl) \
-	$(if $(CONFIG_PACKAGE_kmod-brcm-wl-mimo),wl) \
 	$(if $(CONFIG_PACKAGE_kmod-mt7615d_dbdc),ra) \
 	$(if $(CONFIG_PACKAGE_kmod-cfg80211),nl80211)
 
@@ -106,8 +106,6 @@ endef
 define Package/libiwinfo/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libiwinfo.so.$(IWINFO_ABI_VERSION) $(1)/usr/lib/libiwinfo.so.$(IWINFO_ABI_VERSION)
-	$(INSTALL_DIR) $(1)/usr/share/libiwinfo
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/hardware.txt $(1)/usr/share/libiwinfo/hardware.txt
 endef
 
 define Package/libiwinfo-lua/install
@@ -115,6 +113,11 @@ define Package/libiwinfo-lua/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/iwinfo.so $(1)/usr/lib/lua/iwinfo.so
 endef
 
+define Package/libiwinfo-data/install
+	$(INSTALL_DIR) $(1)/usr/share/libiwinfo
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/devices.txt $(1)/usr/share/libiwinfo/devices.txt
+endef
+
 define Package/iwinfo/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/iwinfo $(1)/usr/bin/iwinfo
@@ -122,4 +125,5 @@ endef
 
 $(eval $(call BuildPackage,libiwinfo))
 $(eval $(call BuildPackage,libiwinfo-lua))
+$(eval $(call BuildPackage,libiwinfo-data))
 $(eval $(call BuildPackage,iwinfo))

package/network/utils/iwinfo/patches/002-devices-add-MT7986.patch

@@ -1,39 +0,0 @@
-From 46f04f3808e8b8c9608d0974c4cede1e78110b7f Mon Sep 17 00:00:00 2001
-From: Daniel Golle <daniel@makrotopia.org>
-Date: Mon, 25 Jul 2022 04:17:44 +0200
-Subject: [PATCH 1/1] devices: add MediaTek MT7986 WiSoC
-
-Add detection of the MediaTek MT7986 WiSoC using the compatible string
-from device tree.
-
-Signed-off-by: Daniel Golle <daniel@makrotopia.org>
----
- devices.txt      | 1 +
- iwinfo_nl80211.c | 6 ++++++
- 2 files changed, 7 insertions(+)
-
---- a/hardware.txt
-+++ b/hardware.txt
-@@ -225,5 +225,6 @@
- 0x14c3 0x7650 0x14c3 0x7650    0      0  "MediaTek" "MT7610E"
- 0x14c3 0x7662 0x14c3 0x7662    0      0  "MediaTek" "MT76x2E"
- 0x14c3 0x7915 0x14c3 0x7915    0      0  "MediaTek" "MT7915E"
-+0x14c3 0x7986 0x14c3 0x7986    0      0  "MediaTek" "MT7986"
- 0x14e4 0xaa52 0x14e4 0xaa52    0      0  "Broadcom" "BCM43602"
- 0x1ae9 0x0310 0x1ae9 0x0000    0      0  "Wilocity" "Wil6210"
---- a/iwinfo_nl80211.c
-+++ b/iwinfo_nl80211.c
-@@ -3386,7 +3386,13 @@ static int nl80211_hardware_id_from_fdt(
- 		id->device_id = 0x7622;
- 		id->subsystem_vendor_id = 0x14c3;
- 		id->subsystem_device_id = 0x7622;
-+	} else if (!strcmp(compat, "mediatek,mt7986-wmac")) {
-+		id->vendor_id = 0x14c3;
-+		id->device_id = 0x7986;
-+		id->subsystem_vendor_id = 0x14c3;
-+		id->subsystem_device_id = 0x7986;
- 	}
-+
- 	return (id->vendor_id && id->device_id) ? 0 : -1;
- }
- 

package/network/utils/iwinfo/patches/003-devices-add-IPQ8074.patch

@@ -1,37 +0,0 @@
-From: Robert Marko <robimarko@gmail.com>
-Date: Fri, 6 Jan 2023 09:56:54 +0000 (+0100)
-Subject: iwinfo: devices: add Qualcomm Atheros IPQ8074 WiSoC
-X-Git-Url: http://git.openwrt.org/?p=project%2Fiwinfo.git;a=commitdiff_plain;h=5914d7113ecf77de63eb21fc233684d1a1a52ca5
-
-iwinfo: devices: add Qualcomm Atheros IPQ8074 WiSoC
-
-Add detection of the Qualcomm Atheros IPQ8074 WiSoC using the compatible
-string from device tree.
-
-Signed-off-by: Robert Marko <robimarko@gmail.com>
----
-
---- a/hardware.txt
-+++ b/hardware.txt
-@@ -167,6 +167,7 @@
- 0x168c 0x003c 0x1a56 0x1420    0      0  "Qualcomm Atheros" "QCA9862"
- 0x168c 0x003c 0x19b6 0xd03c    0      0  "Mikrotik" "R11e-5HacT"
- 0x168c 0x003c 0x168c 0x4019    0      0  "Qualcomm Atheros" "IPQ4019"
-+0x168c 0x8074 0x168c 0x8074    0      0  "Qualcomm Atheros" "IPQ8074"
- 0x168c 0x003c 0x19b6 0xd075    0      0  "Mikrotik" "R11e-5HacD"
- 0x168c 0x0040 0x168c 0x0002    0      0  "Qualcomm Atheros" "QCA9990"
- 0x168c 0x0046 0x168c 0xcafe    0      0  "Qualcomm Atheros" "QCA9984"
---- a/iwinfo_nl80211.c
-+++ b/iwinfo_nl80211.c
-@@ -3381,6 +3381,11 @@ static int nl80211_hardware_id_from_fdt(
- 		id->device_id = 0x003c;
- 		id->subsystem_vendor_id = 0x168c;
- 		id->subsystem_device_id = 0x4019;
-+	} else if (!strcmp(compat, "qcom,ipq8074-wifi")) {
-+		id->vendor_id = 0x168c;
-+		id->device_id = 0x8074;
-+		id->subsystem_vendor_id = 0x168c;
-+		id->subsystem_device_id = 0x8074;
- 	} else if (!strcmp(compat, "mediatek,mt7622-wmac")) {
- 		id->vendor_id = 0x14c3;
- 		id->device_id = 0x7622;

package/network/utils/iwinfo/patches/004-devices-add-QCNxxxx.patch

@@ -1,23 +0,0 @@
-From: Robert Marko <robimarko@gmail.com>
-Date: Fri, 6 Jan 2023 16:33:55 +0000 (+0100)
-Subject: devices: add Qualcomm Atheros QCN6024/9024/9074 cards
-X-Git-Url: http://git.openwrt.org/?p=project%2Fiwinfo.git;a=commitdiff_plain;h=c7b420a2f33c6f1034c3e2191eba0cb0374af7b6
-
-devices: add Qualcomm Atheros QCN6024/9024/9074 cards
-
-Add Qualcomm Atheros QCN6024/9024/9074 PCI ID, they all are compatible and
-use the same ID.
-
-Signed-off-by: Robert Marko <robimarko@gmail.com>
----
-
---- a/hardware.txt
-+++ b/hardware.txt
-@@ -173,6 +173,7 @@
- 0x168c 0x0046 0x168c 0xcafe    0      0  "Qualcomm Atheros" "QCA9984"
- 0x168c 0x0050 0x0000 0x0000    0      0  "Qualcomm Atheros" "QCA9887"
- 0x168c 0x0056 0x0000 0x0000    0      0  "Qualcomm Atheros" "QCA9886"
-+0x17cb 0x1104 0x17cb 0x1104    0      0  "Qualcomm Atheros" "QCN6024/9024/9074"
- 0x1814 0x3050 0x1814 0x0005    0      0  "Ralink"   "Rt3050"
- 0x1814 0x3051 0x1814 0x0007    0      0  "Ralink"   "Rt3051"
- 0x1814 0x3052 0x1814 0x0008    0      0  "Ralink"   "Rt3052"

package/system/rpcd/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/rpcd.git
-PKG_MIRROR_HASH:=18137fa6904b1a7aec03a16a4c25fd9b9689b24ee14d431bacdda9f093339071
+PKG_MIRROR_HASH:=7038ab08dc67f7440effbf04ab2f083915c819f758ab16b0fbdf846bd3b87773
-PKG_SOURCE_DATE:=2022-09-21
+PKG_SOURCE_DATE:=2023-01-21
-PKG_SOURCE_VERSION:=8c852b656bf1622dee1ae2cfa4c083f730c1c539
+PKG_SOURCE_VERSION:=c0df2a7af7d6284f4a446de15d0dab17124d9448
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 
 PKG_LICENSE:=ISC