[Add wpa-supplicant and sync from Openwrt wpad package]
[Description]
Add wpa-supplicant and sync from Openwrt wpad package
1.base on :https://git.yoctoproject.org/poky/plain/meta/
recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
2.Add git url and sync patch from OpenWRT
[Release-log]
N/A
diff --git a/recipes-connectivity/wpa-supplicant/files/0001-Install-wpa_passphrase-when-not-disabled.patch b/recipes-connectivity/wpa-supplicant/files/0001-Install-wpa_passphrase-when-not-disabled.patch
new file mode 100644
index 0000000..c04c608
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/0001-Install-wpa_passphrase-when-not-disabled.patch
@@ -0,0 +1,33 @@
+From 57b12a1e43605f71239a21488cb9b541f0751dda Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alexk@zuma.ai>
+Date: Thu, 21 Apr 2022 10:15:29 +0100
+Subject: [PATCH] Install wpa_passphrase when not disabled
+
+As part of fixing CONFIG_NO_WPA_PASSPHRASE, whilst wpa_passphrase gets
+built, its not installed during `make install`.
+
+Fixes: cb41c214b78d ("build: Re-enable options for libwpa_client.so and wpa_passphrase")
+Signed-off-by: Alex Kiernan <alexk@zuma.ai>
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+Upstream-Status: Submitted [http://lists.infradead.org/pipermail/hostap/2022-April/040448.html]
+---
+ wpa_supplicant/Makefile | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index 0bab313f2355..12787c0c7d0f 100644
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -73,6 +73,9 @@ $(DESTDIR)$(BINDIR)/%: %
+
+ install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL))
+ $(MAKE) -C ../src install
++ifndef CONFIG_NO_WPA_PASSPHRASE
++ install -D wpa_passphrase $(DESTDIR)/$(BINDIR)/wpa_passphrase
++endif
+ ifdef CONFIG_BUILD_WPA_CLIENT_SO
+ install -m 0644 -D libwpa_client.so $(DESTDIR)/$(LIBDIR)/libwpa_client.so
+ install -m 0644 -D ../src/common/wpa_ctrl.h $(DESTDIR)/$(INCDIR)/wpa_ctrl.h
+--
+2.35.1
+
diff --git a/recipes-connectivity/wpa-supplicant/files/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch b/recipes-connectivity/wpa-supplicant/files/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch
new file mode 100644
index 0000000..6e930fc
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch
@@ -0,0 +1,73 @@
+From cb41c214b78d6df187a31950342e48a403dbd769 Mon Sep 17 00:00:00 2001
+From: Sergey Matyukevich <geomatsi@gmail.com>
+Date: Tue, 22 Feb 2022 11:52:19 +0300
+Subject: [PATCH 1/2] build: Re-enable options for libwpa_client.so and
+ wpa_passphrase
+
+Commit a41a29192e5d ("build: Pull common fragments into a build.rules
+file") introduced a regression into wpa_supplicant build process. The
+build target libwpa_client.so is not built regardless of whether the
+option CONFIG_BUILD_WPA_CLIENT_SO is set or not. This happens because
+this config option is used before it is imported from the configuration
+file. Moving its use after including build.rules does not help: the
+variable ALL is processed by build.rules and further changes are not
+applied. Similarly, option CONFIG_NO_WPA_PASSPHRASE also does not work
+as expected: wpa_passphrase is always built regardless of whether the
+option is set or not.
+
+Re-enable these options by adding both build targets to _all
+dependencies.
+
+Fixes: a41a29192e5d ("build: Pull common fragments into a build.rules file")
+Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
+Upstream-Status: Backport
+Signed-off-by: Alex Kiernan <alexk@zuma.ai>
+Signed-off-by: Alex Kiernan <alexk@gmail.com>
+---
+ wpa_supplicant/Makefile | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index cb66defac7c8..c456825ae75f 100644
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -1,24 +1,29 @@
+ BINALL=wpa_supplicant wpa_cli
+
+-ifndef CONFIG_NO_WPA_PASSPHRASE
+-BINALL += wpa_passphrase
+-endif
+-
+ ALL = $(BINALL)
+ ALL += systemd/wpa_supplicant.service
+ ALL += systemd/wpa_supplicant@.service
+ ALL += systemd/wpa_supplicant-nl80211@.service
+ ALL += systemd/wpa_supplicant-wired@.service
+ ALL += dbus/fi.w1.wpa_supplicant1.service
+-ifdef CONFIG_BUILD_WPA_CLIENT_SO
+-ALL += libwpa_client.so
+-endif
+
+ EXTRA_TARGETS=dynamic_eap_methods
+
+ CONFIG_FILE=.config
+ include ../src/build.rules
+
++ifdef CONFIG_BUILD_WPA_CLIENT_SO
++# add the dependency this way to allow CONFIG_BUILD_WPA_CLIENT_SO
++# being set in the config which is read by build.rules
++_all: libwpa_client.so
++endif
++
++ifndef CONFIG_NO_WPA_PASSPHRASE
++# add the dependency this way to allow CONFIG_NO_WPA_PASSPHRASE
++# being set in the config which is read by build.rules
++_all: wpa_passphrase
++endif
++
+ ifdef LIBS
+ # If LIBS is set with some global build system defaults, clone those for
+ # LIBS_c and LIBS_p to cover wpa_passphrase and wpa_cli as well.
+--
+2.35.1
+
diff --git a/recipes-connectivity/wpa-supplicant/files/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch b/recipes-connectivity/wpa-supplicant/files/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch
new file mode 100644
index 0000000..53b0fcd
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch
@@ -0,0 +1,26 @@
+From d001b301ba7987f4b39453a211631b85c48f2ff8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <quic_jouni@quicinc.com>
+Date: Thu, 3 Mar 2022 13:26:42 +0200
+Subject: [PATCH 2/2] Fix removal of wpa_passphrase on 'make clean'
+
+Fixes: 0430bc8267b4 ("build: Add a common-clean target")
+Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
+Upstream-Status: Backport
+Signed-off-by: Alex Kiernan <alexk@zuma.ai>
+Signed-off-by: Alex Kiernan <alexk@gmail.com>
+---
+ wpa_supplicant/Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index c456825ae75f..4b4688931b1d 100644
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -2077,3 +2077,4 @@ clean: common-clean
+ rm -f libwpa_client.a
+ rm -f libwpa_client.so
+ rm -f libwpa_test1 libwpa_test2
++ rm -f wpa_passphrase
+--
+2.35.1
+
diff --git a/recipes-connectivity/wpa-supplicant/files/001-rdkb-remove-ubus-support.patch b/recipes-connectivity/wpa-supplicant/files/001-rdkb-remove-ubus-support.patch
new file mode 100644
index 0000000..1de7c1d
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/001-rdkb-remove-ubus-support.patch
@@ -0,0 +1,28 @@
+diff -urN a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
+--- a/wpa_supplicant/wpa_supplicant_i.h 2022-05-05 11:09:32.099283258 +0800
++++ b/wpa_supplicant/wpa_supplicant_i.h 2022-05-05 11:18:09.402159866 +0800
+@@ -323,8 +323,9 @@
+ #endif /* CONFIG_WIFI_DISPLAY */
+
+ struct psk_list_entry *add_psk; /* From group formation */
+-
++#ifdef UBUS_SUPPORT
+ struct ubus_object ubus_global;
++#endif
+ };
+
+
+diff -urN a/src/ap/hostapd.h b/src/ap/hostapd.h
+--- a/src/ap/hostapd.h 2022-04-28 12:18:51.607377262 +0800
++++ b/src/ap/hostapd.h 2022-04-28 12:20:10.510028480 +0800
+@@ -81,7 +81,9 @@
+ #ifdef CONFIG_CTRL_IFACE_UDP
+ unsigned char ctrl_iface_cookie[CTRL_IFACE_COOKIE_LEN];
+ #endif /* CONFIG_CTRL_IFACE_UDP */
+- struct ubus_object ubus;
++#ifdef UBUS_SUPPORT
++ struct ubus_object ubus;
++#endif
+ };
+
+ enum hostapd_chan_status {
diff --git a/recipes-connectivity/wpa-supplicant/files/99_wpa_supplicant b/recipes-connectivity/wpa-supplicant/files/99_wpa_supplicant
new file mode 100644
index 0000000..6ff4dd8
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/99_wpa_supplicant
@@ -0,0 +1 @@
+d root root 0700 /var/run/wpa_supplicant none
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/001-wolfssl-init-RNG-with-ECC-key.patch b/recipes-connectivity/wpa-supplicant/files/patches/001-wolfssl-init-RNG-with-ECC-key.patch
new file mode 100644
index 0000000..994aa30
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/001-wolfssl-init-RNG-with-ECC-key.patch
@@ -0,0 +1,43 @@
+From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Wed, 5 May 2021 00:44:34 +0200
+Subject: [PATCH] wolfssl: add RNG to EC key
+
+Since upstream commit 6467de5a8840 ("Randomize z ordinates in
+scalar mult when timing resistant") WolfSSL requires a RNG for
+the EC key when built hardened which is the default.
+
+Set the RNG for the EC key to fix connections for OWE clients.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ src/crypto/crypto_wolfssl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -1307,6 +1307,7 @@ int ecc_projective_add_point(ecc_point *
+
+ struct crypto_ec {
+ ecc_key key;
++ WC_RNG rng;
+ mp_int a;
+ mp_int prime;
+ mp_int order;
+@@ -1361,6 +1362,8 @@ struct crypto_ec * crypto_ec_init(int gr
+ return NULL;
+
+ if (wc_ecc_init(&e->key) != 0 ||
++ wc_InitRng(&e->rng) != 0 ||
++ wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
+ wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
+ mp_init(&e->a) != MP_OKAY ||
+ mp_init(&e->prime) != MP_OKAY ||
+@@ -1392,6 +1395,7 @@ void crypto_ec_deinit(struct crypto_ec*
+ mp_clear(&e->order);
+ mp_clear(&e->prime);
+ mp_clear(&e->a);
++ wc_FreeRng(&e->rng);
+ wc_ecc_free(&e->key);
+ os_free(e);
+ }
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch b/recipes-connectivity/wpa-supplicant/files/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
new file mode 100644
index 0000000..16d24d1
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
@@ -0,0 +1,106 @@
+From 8de8cd8380af0c43d4fde67a668d79ef73b26b26 Mon Sep 17 00:00:00 2001
+From: Peter Oh <peter.oh@bowerswilkins.com>
+Date: Tue, 30 Jun 2020 14:18:58 +0200
+Subject: [PATCH 10/19] mesh: Allow DFS channels to be selected if dfs is
+ enabled
+
+Note: DFS is assumed to be usable if a country code has been set
+
+Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
+Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
+---
+ wpa_supplicant/wpa_supplicant.c | 25 +++++++++++++++++++------
+ 1 file changed, 19 insertions(+), 6 deletions(-)
+
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -2409,7 +2409,7 @@ static int drv_supports_vht(struct wpa_s
+ }
+
+
+-static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode)
++static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode, bool dfs_enabled)
+ {
+ int i;
+
+@@ -2418,7 +2418,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+
+ chan = hw_get_channel_chan(mode, i, NULL);
+ if (!chan ||
+- chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
++ chan->flag & HOSTAPD_CHAN_DISABLED)
++ return false;
++
++ if (!dfs_enabled && chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ return false;
+ }
+
+@@ -2447,6 +2450,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ int chwidth, seg0, seg1;
+ u32 vht_caps = 0;
+ bool is_24ghz, is_6ghz;
++ bool dfs_enabled = wpa_s->conf->country[0] &&
++ (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
+
+ freq->freq = ssid->frequency;
+
+@@ -2543,8 +2548,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ return;
+
+ /* Check primary channel flags */
+- if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
++ if (pri_chan->flag & HOSTAPD_CHAN_DISABLED)
+ return;
++ if (pri_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
++ if (!dfs_enabled)
++ return;
+
+ freq->channel = pri_chan->chan;
+
+@@ -2577,8 +2585,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ return;
+
+ /* Check secondary channel flags */
+- if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
++ if (sec_chan->flag & HOSTAPD_CHAN_DISABLED)
+ return;
++ if (sec_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
++ if (!dfs_enabled)
++ return;
+
+ if (ht40 == -1) {
+ if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
+@@ -2667,7 +2678,7 @@ skip_to_6ghz:
+ return;
+
+ /* Back to HT configuration if channel not usable */
+- if (!ibss_mesh_is_80mhz_avail(channel, mode))
++ if (!ibss_mesh_is_80mhz_avail(channel, mode, dfs_enabled))
+ return;
+
+ chwidth = CHANWIDTH_80MHZ;
+@@ -2681,7 +2692,7 @@ skip_to_6ghz:
+ * above; check the remaining four 20 MHz channels for the total
+ * of 160 MHz bandwidth.
+ */
+- if (!ibss_mesh_is_80mhz_avail(channel + 16, mode))
++ if (!ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled))
+ return;
+
+ for (j = 0; j < ARRAY_SIZE(bw160); j++) {
+@@ -2711,10 +2722,12 @@ skip_to_6ghz:
+ if (!chan)
+ continue;
+
+- if (chan->flag & (HOSTAPD_CHAN_DISABLED |
+- HOSTAPD_CHAN_NO_IR |
+- HOSTAPD_CHAN_RADAR))
++ if (chan->flag & HOSTAPD_CHAN_DISABLED)
+ continue;
++ if (chan->flag & (HOSTAPD_CHAN_RADAR |
++ HOSTAPD_CHAN_NO_IR))
++ if (!dfs_enabled)
++ continue;
+
+ /* Found a suitable second segment for 80+80 */
+ chwidth = CHANWIDTH_80P80MHZ;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch b/recipes-connectivity/wpa-supplicant/files/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch
new file mode 100644
index 0000000..1faeacf
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch
@@ -0,0 +1,81 @@
+From fc8ea40f6130ac18d9c66797de2cf1d5af55d496 Mon Sep 17 00:00:00 2001
+From: Markus Theil <markus.theil@tu-ilmenau.de>
+Date: Tue, 30 Jun 2020 14:19:07 +0200
+Subject: [PATCH 19/19] mesh: use deterministic channel on channel switch
+
+This patch uses a deterministic channel on DFS channel switch
+in mesh networks. Otherwise, when switching to a usable but not
+available channel, no CSA can be sent and a random channel is choosen
+without notification of other nodes. It is then quite likely, that
+the mesh network gets disconnected.
+
+Fix this by using a deterministic number, based on the sha256 hash
+of the mesh ID, in order to use at least a different number in each
+mesh network.
+
+Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
+---
+ src/ap/dfs.c | 20 +++++++++++++++++++-
+ src/drivers/driver_nl80211.c | 4 ++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+--- a/src/ap/dfs.c
++++ b/src/ap/dfs.c
+@@ -17,6 +17,7 @@
+ #include "ap_drv_ops.h"
+ #include "drivers/driver.h"
+ #include "dfs.h"
++#include "crypto/crypto.h"
+
+
+ static int dfs_get_used_n_chans(struct hostapd_iface *iface, int *seg1)
+@@ -483,9 +484,14 @@ dfs_get_valid_channel(struct hostapd_ifa
+ int num_available_chandefs;
+ int chan_idx, chan_idx2;
+ int sec_chan_idx_80p80 = -1;
++ bool is_mesh = false;
+ int i;
+ u32 _rand;
+
++#ifdef CONFIG_MESH
++ is_mesh = iface->mconf;
++#endif
++
+ wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
+ *secondary_channel = 0;
+ *oper_centr_freq_seg0_idx = 0;
+@@ -505,8 +511,20 @@ dfs_get_valid_channel(struct hostapd_ifa
+ if (num_available_chandefs == 0)
+ return NULL;
+
+- if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
++ /* try to use deterministic channel in mesh, so that both sides
++ * have a chance to switch to the same channel */
++ if (is_mesh) {
++#ifdef CONFIG_MESH
++ u64 hash[4];
++ const u8 *meshid[1] = { &iface->mconf->meshid[0] };
++ const size_t meshid_len = iface->mconf->meshid_len;
++
++ sha256_vector(1, meshid, &meshid_len, (u8 *)&hash[0]);
++ _rand = hash[0] + hash[1] + hash[2] + hash[3];
++#endif
++ } else if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
+ return NULL;
++
+ chan_idx = _rand % num_available_chandefs;
+ dfs_find_channel(iface, &chan, chan_idx, skip_radar);
+ if (!chan) {
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -9895,6 +9895,10 @@ static int nl80211_switch_channel(void *
+ if (ret)
+ goto error;
+
++ if (drv->nlmode == NL80211_IFTYPE_MESH_POINT) {
++ nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS);
++ }
++
+ /* beacon_csa params */
+ beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
+ if (!beacon_csa)
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/021-fix-sta-add-after-previous-connection.patch b/recipes-connectivity/wpa-supplicant/files/patches/021-fix-sta-add-after-previous-connection.patch
new file mode 100644
index 0000000..ac02ec5
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/021-fix-sta-add-after-previous-connection.patch
@@ -0,0 +1,26 @@
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4944,6 +4944,13 @@ static int add_associated_sta(struct hos
+ * drivers to accept the STA parameter configuration. Since this is
+ * after a new FT-over-DS exchange, a new TK has been derived, so key
+ * reinstallation is not a concern for this case.
++ *
++ * If the STA was associated and authorized earlier, but came for a new
++ * connection (!added_unassoc + !reassoc), remove the existing STA entry
++ * so that it can be re-added. This case is rarely seen when the AP could
++ * not receive the deauth/disassoc frame from the STA. And the STA comes
++ * back with new connection within a short period or before the inactive
++ * STA entry is removed from the list.
+ */
+ wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
+ " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
+@@ -4957,7 +4964,8 @@ static int add_associated_sta(struct hos
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
+ (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+- !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
++ !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
++ (!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ set = 0;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch b/recipes-connectivity/wpa-supplicant/files/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch
new file mode 100644
index 0000000..c7da33f
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch
@@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 8 Jul 2021 16:33:03 +0200
+Subject: [PATCH] hostapd: fix use of uninitialized stack variables
+
+When a CSA is performed on an 80 MHz channel, hostapd_change_config_freq
+unconditionally calls hostapd_set_oper_centr_freq_seg0/1_idx with seg0/1
+filled by ieee80211_freq_to_chan.
+However, if ieee80211_freq_to_chan fails (because the freq is 0 or invalid),
+seg0/1 remains uninitialized and filled with stack garbage, causing errors
+such as "hostapd: 80 MHz: center segment 1 configured"
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -3431,7 +3431,7 @@ static int hostapd_change_config_freq(st
+ struct hostapd_freq_params *old_params)
+ {
+ int channel;
+- u8 seg0, seg1;
++ u8 seg0 = 0, seg1 = 0;
+ struct hostapd_hw_modes *mode;
+
+ if (!params->channel) {
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/023-ndisc_snoop-call-dl_list_del-before-freeing-ipv6-add.patch b/recipes-connectivity/wpa-supplicant/files/patches/023-ndisc_snoop-call-dl_list_del-before-freeing-ipv6-add.patch
new file mode 100644
index 0000000..9ff9b23
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/023-ndisc_snoop-call-dl_list_del-before-freeing-ipv6-add.patch
@@ -0,0 +1,19 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 28 Jul 2021 05:43:29 +0200
+Subject: [PATCH] ndisc_snoop: call dl_list_del before freeing ipv6 addresses
+
+Fixes a segmentation fault on sta disconnect
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/ap/ndisc_snoop.c
++++ b/src/ap/ndisc_snoop.c
+@@ -61,6 +61,7 @@ void sta_ip6addr_del(struct hostapd_data
+ dl_list_for_each_safe(ip6addr, prev, &sta->ip6addr, struct ip6addr,
+ list) {
+ hostapd_drv_br_delete_ip_neigh(hapd, 6, (u8 *) &ip6addr->addr);
++ dl_list_del(&ip6addr->list);
+ os_free(ip6addr);
+ }
+ }
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch b/recipes-connectivity/wpa-supplicant/files/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
new file mode 100644
index 0000000..ade0b11
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
@@ -0,0 +1,275 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 28 Jul 2021 05:49:46 +0200
+Subject: [PATCH] driver_nl80211: rewrite neigh code to not depend on
+ libnl3-route
+
+Removes an unnecessary dependency and also makes the code smaller
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -16,9 +16,6 @@
+ #include <net/if.h>
+ #include <netlink/genl/genl.h>
+ #include <netlink/genl/ctrl.h>
+-#ifdef CONFIG_LIBNL3_ROUTE
+-#include <netlink/route/neighbour.h>
+-#endif /* CONFIG_LIBNL3_ROUTE */
+ #include <linux/rtnetlink.h>
+ #include <netpacket/packet.h>
+ #include <linux/errqueue.h>
+@@ -5300,26 +5297,29 @@ fail:
+
+ static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
+ {
+-#ifdef CONFIG_LIBNL3_ROUTE
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+- struct rtnl_neigh *rn;
+- struct nl_addr *nl_addr;
++ struct ndmsg nhdr = {
++ .ndm_state = NUD_PERMANENT,
++ .ndm_ifindex = bss->ifindex,
++ .ndm_family = AF_BRIDGE,
++ };
++ struct nl_msg *msg;
+ int err;
+
+- rn = rtnl_neigh_alloc();
+- if (!rn)
++ msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
++ if (!msg)
+ return;
+
+- rtnl_neigh_set_family(rn, AF_BRIDGE);
+- rtnl_neigh_set_ifindex(rn, bss->ifindex);
+- nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
+- if (!nl_addr) {
+- rtnl_neigh_put(rn);
+- return;
+- }
+- rtnl_neigh_set_lladdr(rn, nl_addr);
++ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
++ goto errout;
++
++ if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
++ goto errout;
++
++ if (nl_send_auto_complete(drv->rtnl_sk, msg) < 0)
++ goto errout;
+
+- err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
++ err = nl_wait_for_ack(drv->rtnl_sk);
+ if (err < 0) {
+ wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
+ MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
+@@ -5329,9 +5329,8 @@ static void rtnl_neigh_delete_fdb_entry(
+ MACSTR, MAC2STR(addr));
+ }
+
+- nl_addr_put(nl_addr);
+- rtnl_neigh_put(rn);
+-#endif /* CONFIG_LIBNL3_ROUTE */
++errout:
++ nlmsg_free(msg);
+ }
+
+
+@@ -7714,7 +7713,6 @@ static void *i802_init(struct hostapd_da
+ (params->num_bridge == 0 || !params->bridge[0]))
+ add_ifidx(drv, br_ifindex, drv->ifindex);
+
+-#ifdef CONFIG_LIBNL3_ROUTE
+ if (bss->added_if_into_bridge || bss->already_in_bridge) {
+ int err;
+
+@@ -7731,7 +7729,6 @@ static void *i802_init(struct hostapd_da
+ goto failed;
+ }
+ }
+-#endif /* CONFIG_LIBNL3_ROUTE */
+
+ if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
+ wpa_printf(MSG_DEBUG,
+@@ -10678,13 +10675,14 @@ static int wpa_driver_br_add_ip_neigh(vo
+ const u8 *ipaddr, int prefixlen,
+ const u8 *addr)
+ {
+-#ifdef CONFIG_LIBNL3_ROUTE
+ struct i802_bss *bss = priv;
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+- struct rtnl_neigh *rn;
+- struct nl_addr *nl_ipaddr = NULL;
+- struct nl_addr *nl_lladdr = NULL;
+- int family, addrsize;
++ struct ndmsg nhdr = {
++ .ndm_state = NUD_PERMANENT,
++ .ndm_ifindex = bss->br_ifindex,
++ };
++ struct nl_msg *msg;
++ int addrsize;
+ int res;
+
+ if (!ipaddr || prefixlen == 0 || !addr)
+@@ -10703,85 +10701,66 @@ static int wpa_driver_br_add_ip_neigh(vo
+ }
+
+ if (version == 4) {
+- family = AF_INET;
++ nhdr.ndm_family = AF_INET;
+ addrsize = 4;
+ } else if (version == 6) {
+- family = AF_INET6;
++ nhdr.ndm_family = AF_INET6;
+ addrsize = 16;
+ } else {
+ return -EINVAL;
+ }
+
+- rn = rtnl_neigh_alloc();
+- if (rn == NULL)
++ msg = nlmsg_alloc_simple(RTM_NEWNEIGH, NLM_F_CREATE);
++ if (!msg)
+ return -ENOMEM;
+
+- /* set the destination ip address for neigh */
+- nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
+- if (nl_ipaddr == NULL) {
+- wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
+- res = -ENOMEM;
++ res = -ENOMEM;
++ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
+ goto errout;
+- }
+- nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
+- res = rtnl_neigh_set_dst(rn, nl_ipaddr);
+- if (res) {
+- wpa_printf(MSG_DEBUG,
+- "nl80211: neigh set destination addr failed");
++
++ if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
+ goto errout;
+- }
+
+- /* set the corresponding lladdr for neigh */
+- nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
+- if (nl_lladdr == NULL) {
+- wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
+- res = -ENOMEM;
++ if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
+ goto errout;
+- }
+- rtnl_neigh_set_lladdr(rn, nl_lladdr);
+
+- rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
+- rtnl_neigh_set_state(rn, NUD_PERMANENT);
++ res = nl_send_auto_complete(drv->rtnl_sk, msg);
++ if (res < 0)
++ goto errout;
+
+- res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
++ res = nl_wait_for_ack(drv->rtnl_sk);
+ if (res) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Adding bridge ip neigh failed: %s",
+ nl_geterror(res));
+ }
+ errout:
+- if (nl_lladdr)
+- nl_addr_put(nl_lladdr);
+- if (nl_ipaddr)
+- nl_addr_put(nl_ipaddr);
+- if (rn)
+- rtnl_neigh_put(rn);
++ nlmsg_free(msg);
+ return res;
+-#else /* CONFIG_LIBNL3_ROUTE */
+- return -1;
+-#endif /* CONFIG_LIBNL3_ROUTE */
+ }
+
+
+ static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
+ const u8 *ipaddr)
+ {
+-#ifdef CONFIG_LIBNL3_ROUTE
+ struct i802_bss *bss = priv;
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+- struct rtnl_neigh *rn;
+- struct nl_addr *nl_ipaddr;
+- int family, addrsize;
++ struct ndmsg nhdr = {
++ .ndm_state = NUD_PERMANENT,
++ .ndm_ifindex = bss->br_ifindex,
++ };
++ struct nl_msg *msg;
++ int addrsize;
+ int res;
+
+ if (!ipaddr)
+ return -EINVAL;
+
+ if (version == 4) {
+- family = AF_INET;
++ nhdr.ndm_family = AF_INET;
+ addrsize = 4;
+ } else if (version == 6) {
+- family = AF_INET6;
++ nhdr.ndm_family = AF_INET6;
+ addrsize = 16;
+ } else {
+ return -EINVAL;
+@@ -10799,41 +10778,30 @@ static int wpa_driver_br_delete_ip_neigh
+ return -1;
+ }
+
+- rn = rtnl_neigh_alloc();
+- if (rn == NULL)
++ msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
++ if (!msg)
+ return -ENOMEM;
+
+- /* set the destination ip address for neigh */
+- nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
+- if (nl_ipaddr == NULL) {
+- wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
+- res = -ENOMEM;
++ res = -ENOMEM;
++ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
+ goto errout;
+- }
+- res = rtnl_neigh_set_dst(rn, nl_ipaddr);
+- if (res) {
+- wpa_printf(MSG_DEBUG,
+- "nl80211: neigh set destination addr failed");
++
++ if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
+ goto errout;
+- }
+
+- rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
++ res = nl_send_auto_complete(drv->rtnl_sk, msg);
++ if (res < 0)
++ goto errout;
+
+- res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
++ res = nl_wait_for_ack(drv->rtnl_sk);
+ if (res) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Deleting bridge ip neigh failed: %s",
+ nl_geterror(res));
+ }
+ errout:
+- if (nl_ipaddr)
+- nl_addr_put(nl_ipaddr);
+- if (rn)
+- rtnl_neigh_put(rn);
++ nlmsg_free(msg);
+ return res;
+-#else /* CONFIG_LIBNL3_ROUTE */
+- return -1;
+-#endif /* CONFIG_LIBNL3_ROUTE */
+ }
+
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/040-mesh-allow-processing-authentication-frames-in-block.patch b/recipes-connectivity/wpa-supplicant/files/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
new file mode 100644
index 0000000..6d9fd81
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
@@ -0,0 +1,34 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 18 Feb 2019 12:57:11 +0100
+Subject: [PATCH] mesh: allow processing authentication frames in blocked state
+
+If authentication fails repeatedly e.g. because of a weak signal, the link
+can end up in blocked state. If one of the nodes tries to establish a link
+again before it is unblocked on the other side, it will block the link to
+that other side. The same happens on the other side when it unblocks the
+link. In that scenario, the link never recovers on its own.
+
+To fix this, allow restarting authentication even if the link is in blocked
+state, but don't initiate the attempt until the blocked period is over.
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -3761,15 +3761,6 @@ static void handle_auth(struct hostapd_d
+ seq_ctrl);
+ return;
+ }
+-#ifdef CONFIG_MESH
+- if ((hapd->conf->mesh & MESH_ENABLED) &&
+- sta->plink_state == PLINK_BLOCKED) {
+- wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
+- " is blocked - drop Authentication frame",
+- MAC2STR(mgmt->sa));
+- return;
+- }
+-#endif /* CONFIG_MESH */
+ #ifdef CONFIG_PASN
+ if (auth_alg == WLAN_AUTH_PASN &&
+ (sta->flags & WLAN_STA_ASSOC)) {
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/050-build_fix.patch b/recipes-connectivity/wpa-supplicant/files/patches/050-build_fix.patch
new file mode 100644
index 0000000..2652a83
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/050-build_fix.patch
@@ -0,0 +1,20 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -323,6 +323,7 @@ ifdef CONFIG_FILS
+ CFLAGS += -DCONFIG_FILS
+ OBJS += ../src/ap/fils_hlp.o
+ NEED_SHA384=y
++NEED_HMAC_SHA384_KDF=y
+ NEED_AES_SIV=y
+ ifdef CONFIG_FILS_SK_PFS
+ CFLAGS += -DCONFIG_FILS_SK_PFS
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -312,6 +312,7 @@ endif
+ ifdef CONFIG_FILS
+ CFLAGS += -DCONFIG_FILS
+ NEED_SHA384=y
++NEED_HMAC_SHA384_KDF=y
+ NEED_AES_SIV=y
+ ifdef CONFIG_FILS_SK_PFS
+ CFLAGS += -DCONFIG_FILS_SK_PFS
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/100-daemonize_fix.patch b/recipes-connectivity/wpa-supplicant/files/patches/100-daemonize_fix.patch
new file mode 100644
index 0000000..687bd40
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/100-daemonize_fix.patch
@@ -0,0 +1,97 @@
+--- a/src/utils/os_unix.c
++++ b/src/utils/os_unix.c
+@@ -10,6 +10,7 @@
+
+ #include <time.h>
+ #include <sys/wait.h>
++#include <fcntl.h>
+
+ #ifdef ANDROID
+ #include <sys/capability.h>
+@@ -188,59 +189,46 @@ int os_gmtime(os_time_t t, struct os_tm
+ return 0;
+ }
+
+-
+-#ifdef __APPLE__
+-#include <fcntl.h>
+-static int os_daemon(int nochdir, int noclose)
++int os_daemonize(const char *pid_file)
+ {
+- int devnull;
++ int pid = 0, i, devnull;
+
+- if (chdir("/") < 0)
+- return -1;
++#if defined(__uClinux__) || defined(__sun__)
++ return -1;
++#else /* defined(__uClinux__) || defined(__sun__) */
+
+- devnull = open("/dev/null", O_RDWR);
+- if (devnull < 0)
++#ifndef __APPLE__
++ pid = fork();
++ if (pid < 0)
+ return -1;
++#endif
+
+- if (dup2(devnull, STDIN_FILENO) < 0) {
+- close(devnull);
+- return -1;
++ if (pid > 0) {
++ if (pid_file) {
++ FILE *f = fopen(pid_file, "w");
++ if (f) {
++ fprintf(f, "%u\n", pid);
++ fclose(f);
++ }
++ }
++ _exit(0);
+ }
+
+- if (dup2(devnull, STDOUT_FILENO) < 0) {
+- close(devnull);
++ if (setsid() < 0)
+ return -1;
+- }
+
+- if (dup2(devnull, STDERR_FILENO) < 0) {
+- close(devnull);
++ if (chdir("/") < 0)
+ return -1;
+- }
+-
+- return 0;
+-}
+-#else /* __APPLE__ */
+-#define os_daemon daemon
+-#endif /* __APPLE__ */
+
+-
+-int os_daemonize(const char *pid_file)
+-{
+-#if defined(__uClinux__) || defined(__sun__)
+- return -1;
+-#else /* defined(__uClinux__) || defined(__sun__) */
+- if (os_daemon(0, 0)) {
+- perror("daemon");
++ devnull = open("/dev/null", O_RDWR);
++ if (devnull < 0)
+ return -1;
+- }
+
+- if (pid_file) {
+- FILE *f = fopen(pid_file, "w");
+- if (f) {
+- fprintf(f, "%u\n", getpid());
+- fclose(f);
+- }
+- }
++ for (i = 0; i <= STDERR_FILENO; i++)
++ dup2(devnull, i);
++
++ if (devnull > 2)
++ close(devnull);
+
+ return -0;
+ #endif /* defined(__uClinux__) || defined(__sun__) */
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/200-multicall.patch b/recipes-connectivity/wpa-supplicant/files/patches/200-multicall.patch
new file mode 100644
index 0000000..ad82e02
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/200-multicall.patch
@@ -0,0 +1,355 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -1,6 +1,7 @@
+ ALL=hostapd hostapd_cli
+ CONFIG_FILE = .config
+
++-include $(if $(MULTICALL), ../wpa_supplicant/.config)
+ include ../src/build.rules
+
+ ifdef LIBS
+@@ -199,7 +200,8 @@ endif
+
+ ifdef CONFIG_NO_VLAN
+ CFLAGS += -DCONFIG_NO_VLAN
+-else
++endif
++ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
+ OBJS += ../src/ap/vlan_init.o
+ OBJS += ../src/ap/vlan_ifconfig.o
+ OBJS += ../src/ap/vlan.o
+@@ -350,10 +352,14 @@ CFLAGS += -DCONFIG_MBO
+ OBJS += ../src/ap/mbo_ap.o
+ endif
+
++ifndef MULTICALL
++CFLAGS += -DNO_SUPPLICANT
++endif
++
+ include ../src/drivers/drivers.mak
+-OBJS += $(DRV_AP_OBJS)
+-CFLAGS += $(DRV_AP_CFLAGS)
+-LDFLAGS += $(DRV_AP_LDFLAGS)
++OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS)))
++CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS))
++LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS))
+ LIBS += $(DRV_AP_LIBS)
+
+ ifdef CONFIG_L2_PACKET
+@@ -1281,6 +1287,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+ _OBJS_VAR := OBJS
+ include ../src/objs.mk
+
++hostapd_multi.a: $(BCHECK) $(OBJS)
++ $(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c
++ @$(E) " CC " $<
++ @rm -f $@
++ @$(AR) cr $@ hostapd_multi.o $(OBJS)
++
+ hostapd: $(OBJS)
+ $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+ @$(E) " LD " $@
+@@ -1355,6 +1367,12 @@ include ../src/objs.mk
+ _OBJS_VAR := SOBJS
+ include ../src/objs.mk
+
++dump_cflags:
++ @printf "%s " "$(CFLAGS)"
++
++dump_ldflags:
++ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
++
+ nt_password_hash: $(NOBJS)
+ $(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
+ @$(E) " LD " $@
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -17,6 +17,7 @@ endif
+ EXTRA_TARGETS=dynamic_eap_methods
+
+ CONFIG_FILE=.config
++-include $(if $(MULTICALL),../hostapd/.config)
+ include ../src/build.rules
+
+ ifdef LIBS
+@@ -363,7 +364,9 @@ endif
+ ifdef CONFIG_IBSS_RSN
+ NEED_RSN_AUTHENTICATOR=y
+ CFLAGS += -DCONFIG_IBSS_RSN
++ifndef MULTICALL
+ CFLAGS += -DCONFIG_NO_VLAN
++endif
+ OBJS += ibss_rsn.o
+ endif
+
+@@ -900,6 +903,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+ CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
+ LIBS += -ldl -rdynamic
+ endif
++else
++ ifdef MULTICALL
++ OBJS += ../src/eap_common/eap_common.o
++ endif
+ endif
+
+ ifdef CONFIG_AP
+@@ -907,9 +914,11 @@ NEED_EAP_COMMON=y
+ NEED_RSN_AUTHENTICATOR=y
+ CFLAGS += -DCONFIG_AP
+ OBJS += ap.o
++ifndef MULTICALL
+ CFLAGS += -DCONFIG_NO_RADIUS
+ CFLAGS += -DCONFIG_NO_ACCOUNTING
+ CFLAGS += -DCONFIG_NO_VLAN
++endif
+ OBJS += ../src/ap/hostapd.o
+ OBJS += ../src/ap/wpa_auth_glue.o
+ OBJS += ../src/ap/utils.o
+@@ -989,6 +998,12 @@ endif
+ ifdef CONFIG_HS20
+ OBJS += ../src/ap/hs20.o
+ endif
++else
++ ifdef MULTICALL
++ OBJS += ../src/eap_server/eap_server.o
++ OBJS += ../src/eap_server/eap_server_identity.o
++ OBJS += ../src/eap_server/eap_server_methods.o
++ endif
+ endif
+
+ ifdef CONFIG_MBO
+@@ -997,7 +1012,9 @@ CFLAGS += -DCONFIG_MBO
+ endif
+
+ ifdef NEED_RSN_AUTHENTICATOR
++ifndef MULTICALL
+ CFLAGS += -DCONFIG_NO_RADIUS
++endif
+ NEED_AES_WRAP=y
+ OBJS += ../src/ap/wpa_auth.o
+ OBJS += ../src/ap/wpa_auth_ie.o
+@@ -1891,6 +1908,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+
+ _OBJS_VAR := OBJS
+ include ../src/objs.mk
++wpa_supplicant_multi.a: .config $(BCHECK) $(OBJS) $(EXTRA_progs)
++ $(Q)$(CC) -c -o wpa_supplicant_multi.o -Dmain=wpa_supplicant_main $(CFLAGS) main.c
++ @$(E) " CC " $<
++ @rm -f $@
++ @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
++
+ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
+ $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
+ @$(E) " LD " $@
+@@ -2023,6 +2046,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+ $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
+ @$(E) " sed" $<
+
++dump_cflags:
++ @printf "%s " "$(CFLAGS)"
++
++dump_ldflags:
++ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
++
+ wpa_supplicant.exe: wpa_supplicant
+ mv -f $< $@
+ wpa_cli.exe: wpa_cli
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -6033,8 +6033,8 @@ union wpa_event_data {
+ * Driver wrapper code should call this function whenever an event is received
+ * from the driver.
+ */
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+- union wpa_event_data *data);
++extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+
+ /**
+ * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
+@@ -6046,7 +6046,7 @@ void wpa_supplicant_event(void *ctx, enu
+ * Same as wpa_supplicant_event(), but we search for the interface in
+ * wpa_global.
+ */
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+
+ /*
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -1842,8 +1842,8 @@ err:
+ #endif /* CONFIG_OWE */
+
+
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+- union wpa_event_data *data)
++void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data)
+ {
+ struct hostapd_data *hapd = ctx;
+ #ifndef CONFIG_NO_STDOUT_DEBUG
+@@ -2088,7 +2088,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+
+
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+ {
+ struct hapd_interfaces *interfaces = ctx;
+--- a/wpa_supplicant/wpa_priv.c
++++ b/wpa_supplicant/wpa_priv.c
+@@ -1038,8 +1038,8 @@ static void wpa_priv_send_ft_response(st
+ }
+
+
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+- union wpa_event_data *data)
++static void supplicant_event(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data)
+ {
+ struct wpa_priv_interface *iface = ctx;
+
+@@ -1102,7 +1102,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+
+
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+ {
+ struct wpa_priv_global *global = ctx;
+@@ -1215,6 +1215,8 @@ int main(int argc, char *argv[])
+ if (os_program_init())
+ return -1;
+
++ wpa_supplicant_event = supplicant_event;
++ wpa_supplicant_event_global = supplicant_event_global;
+ wpa_priv_fd_workaround();
+
+ os_memset(&global, 0, sizeof(global));
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -4891,8 +4891,8 @@ static void wpas_event_unprot_beacon(str
+ }
+
+
+-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
+- union wpa_event_data *data)
++void supplicant_event(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data)
+ {
+ struct wpa_supplicant *wpa_s = ctx;
+ int resched;
+@@ -5745,7 +5745,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+
+
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+ {
+ struct wpa_supplicant *wpa_s;
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -7043,7 +7043,6 @@ struct wpa_interface * wpa_supplicant_ma
+ return NULL;
+ }
+
+-
+ /**
+ * wpa_supplicant_match_existing - Match existing interfaces
+ * @global: Pointer to global data from wpa_supplicant_init()
+@@ -7078,6 +7077,11 @@ static int wpa_supplicant_match_existing
+
+ #endif /* CONFIG_MATCH_IFACE */
+
++extern void supplicant_event(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
++
++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+
+ /**
+ * wpa_supplicant_add_iface - Add a new network interface
+@@ -7334,6 +7338,8 @@ struct wpa_global * wpa_supplicant_init(
+ #ifndef CONFIG_NO_WPA_MSG
+ wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
+ #endif /* CONFIG_NO_WPA_MSG */
++ wpa_supplicant_event = supplicant_event;
++ wpa_supplicant_event_global = supplicant_event_global;
+
+ if (params->wpa_debug_file_path)
+ wpa_debug_open_file(params->wpa_debug_file_path);
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -590,6 +590,11 @@ fail:
+ return -1;
+ }
+
++void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
++
++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+
+ #ifdef CONFIG_WPS
+ static int gen_uuid(const char *txt_addr)
+@@ -683,6 +688,8 @@ int main(int argc, char *argv[])
+ return -1;
+ #endif /* CONFIG_DPP */
+
++ wpa_supplicant_event = hostapd_wpa_event;
++ wpa_supplicant_event_global = hostapd_wpa_event_global;
+ for (;;) {
+ c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
+ if (c < 0)
+--- a/src/drivers/drivers.c
++++ b/src/drivers/drivers.c
+@@ -10,6 +10,10 @@
+ #include "utils/common.h"
+ #include "driver.h"
+
++void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+
+ const struct wpa_driver_ops *const wpa_drivers[] =
+ {
+--- a/wpa_supplicant/eapol_test.c
++++ b/wpa_supplicant/eapol_test.c
+@@ -30,7 +30,12 @@
+ #include "ctrl_iface.h"
+ #include "pcsc_funcs.h"
+ #include "wpas_glue.h"
++#include "drivers/driver.h"
+
++void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+
+ const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
+
+@@ -1291,6 +1296,10 @@ static void usage(void)
+ "option several times.\n");
+ }
+
++extern void supplicant_event(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+
+ int main(int argc, char *argv[])
+ {
+@@ -1311,6 +1320,8 @@ int main(int argc, char *argv[])
+ if (os_program_init())
+ return -1;
+
++ wpa_supplicant_event = supplicant_event;
++ wpa_supplicant_event_global = supplicant_event_global;
+ hostapd_logger_register_cb(hostapd_logger_cb);
+
+ os_memset(&eapol_test, 0, sizeof(eapol_test));
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/300-noscan.patch b/recipes-connectivity/wpa-supplicant/files/patches/300-noscan.patch
new file mode 100644
index 0000000..01a33d0
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/300-noscan.patch
@@ -0,0 +1,58 @@
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3474,6 +3474,10 @@ static int hostapd_config_fill(struct ho
+ if (bss->ocv && !bss->ieee80211w)
+ bss->ieee80211w = 1;
+ #endif /* CONFIG_OCV */
++ } else if (os_strcmp(buf, "noscan") == 0) {
++ conf->noscan = atoi(pos);
++ } else if (os_strcmp(buf, "ht_coex") == 0) {
++ conf->no_ht_coex = !atoi(pos);
+ } else if (os_strcmp(buf, "ieee80211n") == 0) {
+ conf->ieee80211n = atoi(pos);
+ } else if (os_strcmp(buf, "ht_capab") == 0) {
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -1014,6 +1014,8 @@ struct hostapd_config {
+
+ int ht_op_mode_fixed;
+ u16 ht_capab;
++ int noscan;
++ int no_ht_coex;
+ int ieee80211n;
+ int secondary_channel;
+ int no_pri_sec_switch;
+--- a/src/ap/hw_features.c
++++ b/src/ap/hw_features.c
+@@ -517,7 +517,8 @@ static int ieee80211n_check_40mhz(struct
+ int ret;
+
+ /* Check that HT40 is used and PRI / SEC switch is allowed */
+- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
++ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
++ iface->conf->noscan)
+ return 0;
+
+ hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
+--- a/src/ap/ieee802_11_ht.c
++++ b/src/ap/ieee802_11_ht.c
+@@ -230,6 +230,9 @@ void hostapd_2040_coex_action(struct hos
+ return;
+ }
+
++ if (iface->conf->noscan || iface->conf->no_ht_coex)
++ return;
++
+ if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
+ wpa_printf(MSG_DEBUG,
+ "Ignore too short 20/40 BSS Coexistence Management frame");
+@@ -390,6 +393,9 @@ void ht40_intolerant_add(struct hostapd_
+ if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+ return;
+
++ if (iface->conf->noscan || iface->conf->no_ht_coex)
++ return;
++
+ wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR
+ " in Association Request", MAC2STR(sta->addr));
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/301-mesh-noscan.patch b/recipes-connectivity/wpa-supplicant/files/patches/301-mesh-noscan.patch
new file mode 100644
index 0000000..e682efb
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/301-mesh-noscan.patch
@@ -0,0 +1,71 @@
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2532,6 +2532,7 @@ static const struct parse_data ssid_fiel
+ #else /* CONFIG_MESH */
+ { INT_RANGE(mode, 0, 4) },
+ #endif /* CONFIG_MESH */
++ { INT_RANGE(noscan, 0, 1) },
+ { INT_RANGE(proactive_key_caching, 0, 1) },
+ { INT_RANGE(disabled, 0, 2) },
+ { STR(id_str) },
+--- a/wpa_supplicant/config_file.c
++++ b/wpa_supplicant/config_file.c
+@@ -769,6 +769,7 @@ static void wpa_config_write_network(FIL
+ #endif /* IEEE8021X_EAPOL */
+ INT(mode);
+ INT(no_auto_peer);
++ INT(noscan);
+ INT(mesh_fwding);
+ INT(frequency);
+ INT(enable_edmg);
+--- a/wpa_supplicant/mesh.c
++++ b/wpa_supplicant/mesh.c
+@@ -505,6 +505,8 @@ static int wpa_supplicant_mesh_init(stru
+ frequency);
+ goto out_free;
+ }
++ if (ssid->noscan)
++ conf->noscan = 1;
+
+ if (ssid->mesh_basic_rates == NULL) {
+ /*
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -2436,7 +2436,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
+ enum hostapd_hw_mode hw_mode;
+ struct hostapd_hw_modes *mode = NULL;
+- int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
++ int ht40plus[] = { 1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
+ 184, 192 };
+ int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
+ 6035, 6115, 6195, 6275, 6355, 6435, 6515,
+@@ -2444,7 +2444,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ int bw160[] = { 5955, 6115, 6275, 6435, 6595, 6755, 6915 };
+ struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
+ u8 channel;
+- int i, chan_idx, ht40 = -1, res, obss_scan = 1;
++ int i, chan_idx, ht40 = -1, res, obss_scan = !(ssid->noscan);
+ unsigned int j, k;
+ struct hostapd_freq_params vht_freq;
+ int chwidth, seg0, seg1;
+@@ -2535,7 +2535,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ #endif /* CONFIG_HE_OVERRIDES */
+
+ /* Setup higher BW only for 5 GHz */
+- if (mode->mode != HOSTAPD_MODE_IEEE80211A)
++ if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
+ return;
+
+ for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
+--- a/wpa_supplicant/config_ssid.h
++++ b/wpa_supplicant/config_ssid.h
+@@ -974,6 +974,8 @@ struct wpa_ssid {
+ */
+ int no_auto_peer;
+
++ int noscan;
++
+ /**
+ * mesh_rssi_threshold - Set mesh parameter mesh_rssi_threshold (dBm)
+ *
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/310-rescan_immediately.patch b/recipes-connectivity/wpa-supplicant/files/patches/310-rescan_immediately.patch
new file mode 100644
index 0000000..b0c1cb8
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/310-rescan_immediately.patch
@@ -0,0 +1,11 @@
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -5377,7 +5377,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+ if (wpa_s == NULL)
+ return NULL;
+ wpa_s->scan_req = INITIAL_SCAN_REQ;
+- wpa_s->scan_interval = 5;
++ wpa_s->scan_interval = 1;
+ wpa_s->new_connection = 1;
+ wpa_s->parent = parent ? parent : wpa_s;
+ wpa_s->p2pdev = wpa_s->parent;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/320-optional_rfkill.patch b/recipes-connectivity/wpa-supplicant/files/patches/320-optional_rfkill.patch
new file mode 100644
index 0000000..0153779
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/320-optional_rfkill.patch
@@ -0,0 +1,61 @@
+--- a/src/drivers/drivers.mak
++++ b/src/drivers/drivers.mak
+@@ -54,7 +54,6 @@ NEED_SME=y
+ NEED_AP_MLME=y
+ NEED_NETLINK=y
+ NEED_LINUX_IOCTL=y
+-NEED_RFKILL=y
+ NEED_RADIOTAP=y
+ NEED_LIBNL=y
+ endif
+@@ -111,7 +110,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
+ CONFIG_WIRELESS_EXTENSION=y
+ NEED_NETLINK=y
+ NEED_LINUX_IOCTL=y
+-NEED_RFKILL=y
+ endif
+
+ ifdef CONFIG_DRIVER_NDIS
+@@ -137,7 +135,6 @@ endif
+ ifdef CONFIG_WIRELESS_EXTENSION
+ DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION
+ DRV_WPA_OBJS += ../src/drivers/driver_wext.o
+-NEED_RFKILL=y
+ endif
+
+ ifdef NEED_NETLINK
+@@ -146,6 +143,7 @@ endif
+
+ ifdef NEED_RFKILL
+ DRV_OBJS += ../src/drivers/rfkill.o
++DRV_WPA_CFLAGS += -DCONFIG_RFKILL
+ endif
+
+ ifdef NEED_RADIOTAP
+--- a/src/drivers/rfkill.h
++++ b/src/drivers/rfkill.h
+@@ -18,8 +18,24 @@ struct rfkill_config {
+ void (*unblocked_cb)(void *ctx);
+ };
+
++#ifdef CONFIG_RFKILL
+ struct rfkill_data * rfkill_init(struct rfkill_config *cfg);
+ void rfkill_deinit(struct rfkill_data *rfkill);
+ int rfkill_is_blocked(struct rfkill_data *rfkill);
++#else
++static inline struct rfkill_data * rfkill_init(struct rfkill_config *cfg)
++{
++ return (void *) 1;
++}
++
++static inline void rfkill_deinit(struct rfkill_data *rfkill)
++{
++}
++
++static inline int rfkill_is_blocked(struct rfkill_data *rfkill)
++{
++ return 0;
++}
++#endif
+
+ #endif /* RFKILL_H */
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/330-nl80211_fix_set_freq.patch b/recipes-connectivity/wpa-supplicant/files/patches/330-nl80211_fix_set_freq.patch
new file mode 100644
index 0000000..37033c3
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/330-nl80211_fix_set_freq.patch
@@ -0,0 +1,11 @@
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -4986,7 +4986,7 @@ static int nl80211_set_channel(struct i8
+ freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
+ freq->bandwidth, freq->center_freq1, freq->center_freq2);
+
+- msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
++ msg = nl80211_bss_msg(bss, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
+ NL80211_CMD_SET_WIPHY);
+ if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
+ nlmsg_free(msg);
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/340-reload_freq_change.patch b/recipes-connectivity/wpa-supplicant/files/patches/340-reload_freq_change.patch
new file mode 100644
index 0000000..3d51a47
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/340-reload_freq_change.patch
@@ -0,0 +1,75 @@
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -115,6 +115,28 @@ static void hostapd_reload_bss(struct ho
+ #endif /* CONFIG_NO_RADIUS */
+
+ ssid = &hapd->conf->ssid;
++
++ hostapd_set_freq(hapd, hapd->iconf->hw_mode, hapd->iface->freq,
++ hapd->iconf->channel,
++ hapd->iconf->enable_edmg,
++ hapd->iconf->edmg_channel,
++ hapd->iconf->ieee80211n,
++ hapd->iconf->ieee80211ac,
++ hapd->iconf->ieee80211ax,
++ hapd->iconf->secondary_channel,
++ hostapd_get_oper_chwidth(hapd->iconf),
++ hostapd_get_oper_centr_freq_seg0_idx(hapd->iconf),
++ hostapd_get_oper_centr_freq_seg1_idx(hapd->iconf));
++
++ if (hapd->iface->current_mode) {
++ if (hostapd_prepare_rates(hapd->iface, hapd->iface->current_mode)) {
++ wpa_printf(MSG_ERROR, "Failed to prepare rates table.");
++ hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
++ HOSTAPD_LEVEL_WARNING,
++ "Failed to prepare rates table.");
++ }
++ }
++
+ if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
+ ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
+ /*
+@@ -216,6 +238,7 @@ int hostapd_reload_config(struct hostapd
+ struct hostapd_data *hapd = iface->bss[0];
+ struct hostapd_config *newconf, *oldconf;
+ size_t j;
++ int i;
+
+ if (iface->config_fname == NULL) {
+ /* Only in-memory config in use - assume it has been updated */
+@@ -266,24 +289,20 @@ int hostapd_reload_config(struct hostapd
+ }
+ iface->conf = newconf;
+
++ for (i = 0; i < iface->num_hw_features; i++) {
++ struct hostapd_hw_modes *mode = &iface->hw_features[i];
++ if (mode->mode == iface->conf->hw_mode) {
++ iface->current_mode = mode;
++ break;
++ }
++ }
++
++ if (iface->conf->channel)
++ iface->freq = hostapd_hw_get_freq(hapd, iface->conf->channel);
++
+ for (j = 0; j < iface->num_bss; j++) {
+ hapd = iface->bss[j];
+ hapd->iconf = newconf;
+- hapd->iconf->channel = oldconf->channel;
+- hapd->iconf->acs = oldconf->acs;
+- hapd->iconf->secondary_channel = oldconf->secondary_channel;
+- hapd->iconf->ieee80211n = oldconf->ieee80211n;
+- hapd->iconf->ieee80211ac = oldconf->ieee80211ac;
+- hapd->iconf->ht_capab = oldconf->ht_capab;
+- hapd->iconf->vht_capab = oldconf->vht_capab;
+- hostapd_set_oper_chwidth(hapd->iconf,
+- hostapd_get_oper_chwidth(oldconf));
+- hostapd_set_oper_centr_freq_seg0_idx(
+- hapd->iconf,
+- hostapd_get_oper_centr_freq_seg0_idx(oldconf));
+- hostapd_set_oper_centr_freq_seg1_idx(
+- hapd->iconf,
+- hostapd_get_oper_centr_freq_seg1_idx(oldconf));
+ hapd->conf = newconf->bss[j];
+ hostapd_reload_bss(hapd);
+ }
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/341-mesh-ctrl-iface-channel-switch.patch b/recipes-connectivity/wpa-supplicant/files/patches/341-mesh-ctrl-iface-channel-switch.patch
new file mode 100644
index 0000000..b13dcb0
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/341-mesh-ctrl-iface-channel-switch.patch
@@ -0,0 +1,39 @@
+--- a/wpa_supplicant/ap.c
++++ b/wpa_supplicant/ap.c
+@@ -1611,15 +1611,35 @@ int ap_switch_channel(struct wpa_supplic
+
+
+ #ifdef CONFIG_CTRL_IFACE
++
++static int __ap_ctrl_iface_chanswitch(struct hostapd_iface *iface,
++ struct csa_settings *settings)
++{
++#ifdef NEED_AP_MLME
++ if (!iface || !iface->bss[0])
++ return 0;
++
++ return hostapd_switch_channel(iface->bss[0], settings);
++#else
++ return -1;
++#endif
++}
++
++
+ int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *pos)
+ {
+ struct csa_settings settings;
+ int ret = hostapd_parse_csa_settings(pos, &settings);
+
++ if (!(wpa_s->ap_iface && wpa_s->ap_iface->bss[0]) &&
++ !(wpa_s->ifmsh && wpa_s->ifmsh->bss[0]))
++ return -1;
++
++ ret = __ap_ctrl_iface_chanswitch(wpa_s->ap_iface, &settings);
+ if (ret)
+ return ret;
+
+- return ap_switch_channel(wpa_s, &settings);
++ return __ap_ctrl_iface_chanswitch(wpa_s->ifmsh, &settings);
+ }
+ #endif /* CONFIG_CTRL_IFACE */
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/350-nl80211_del_beacon_bss.patch b/recipes-connectivity/wpa-supplicant/files/patches/350-nl80211_del_beacon_bss.patch
new file mode 100644
index 0000000..3556783
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/350-nl80211_del_beacon_bss.patch
@@ -0,0 +1,54 @@
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -2931,10 +2931,15 @@ static int wpa_driver_nl80211_del_beacon
+ struct nl_msg *msg;
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+
++ if (!bss->beacon_set)
++ return 0;
++
++ bss->beacon_set = 0;
++
+ wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
+- drv->ifindex);
++ bss->ifindex);
+ nl80211_put_wiphy_data_ap(bss);
+- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
++ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
+ return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
+ }
+
+@@ -5617,7 +5622,7 @@ static void nl80211_teardown_ap(struct i
+ nl80211_mgmt_unsubscribe(bss, "AP teardown");
+
+ nl80211_put_wiphy_data_ap(bss);
+- bss->beacon_set = 0;
++ wpa_driver_nl80211_del_beacon(bss);
+ }
+
+
+@@ -8071,8 +8076,6 @@ static int wpa_driver_nl80211_if_remove(
+ } else {
+ wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
+ nl80211_teardown_ap(bss);
+- if (!bss->added_if && !drv->first_bss->next)
+- wpa_driver_nl80211_del_beacon(bss);
+ nl80211_destroy_bss(bss);
+ if (!bss->added_if)
+ i802_set_iface_flags(bss, 0);
+@@ -8469,7 +8472,6 @@ static int wpa_driver_nl80211_deinit_ap(
+ if (!is_ap_interface(drv->nlmode))
+ return -1;
+ wpa_driver_nl80211_del_beacon(bss);
+- bss->beacon_set = 0;
+
+ /*
+ * If the P2P GO interface was dynamically added, then it is
+@@ -8489,7 +8491,6 @@ static int wpa_driver_nl80211_stop_ap(vo
+ if (!is_ap_interface(drv->nlmode))
+ return -1;
+ wpa_driver_nl80211_del_beacon(bss);
+- bss->beacon_set = 0;
+ return 0;
+ }
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/360-ctrl_iface_reload.patch b/recipes-connectivity/wpa-supplicant/files/patches/360-ctrl_iface_reload.patch
new file mode 100644
index 0000000..7f3aa91
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/360-ctrl_iface_reload.patch
@@ -0,0 +1,106 @@
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -67,6 +67,7 @@
+ #include "fst/fst_ctrl_iface.h"
+ #include "config_file.h"
+ #include "ctrl_iface.h"
++#include "config_file.h"
+
+
+ #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
+@@ -82,6 +83,7 @@ static void hostapd_ctrl_iface_send(stru
+ enum wpa_msg_type type,
+ const char *buf, size_t len);
+
++static char *reload_opts = NULL;
+
+ static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
+ struct sockaddr_storage *from,
+@@ -133,6 +135,61 @@ static int hostapd_ctrl_iface_new_sta(st
+ return 0;
+ }
+
++static char *get_option(char *opt, char *str)
++{
++ int len = strlen(str);
++
++ if (!strncmp(opt, str, len))
++ return opt + len;
++ else
++ return NULL;
++}
++
++static struct hostapd_config *hostapd_ctrl_iface_config_read(const char *fname)
++{
++ struct hostapd_config *conf;
++ char *opt, *val;
++
++ conf = hostapd_config_read(fname);
++ if (!conf)
++ return NULL;
++
++ for (opt = strtok(reload_opts, " ");
++ opt;
++ opt = strtok(NULL, " ")) {
++
++ if ((val = get_option(opt, "channel=")))
++ conf->channel = atoi(val);
++ else if ((val = get_option(opt, "ht_capab=")))
++ conf->ht_capab = atoi(val);
++ else if ((val = get_option(opt, "ht_capab_mask=")))
++ conf->ht_capab &= atoi(val);
++ else if ((val = get_option(opt, "sec_chan=")))
++ conf->secondary_channel = atoi(val);
++ else if ((val = get_option(opt, "hw_mode=")))
++ conf->hw_mode = atoi(val);
++ else if ((val = get_option(opt, "ieee80211n=")))
++ conf->ieee80211n = atoi(val);
++ else
++ break;
++ }
++
++ return conf;
++}
++
++static int hostapd_ctrl_iface_update(struct hostapd_data *hapd, char *txt)
++{
++ struct hostapd_config * (*config_read_cb)(const char *config_fname);
++ struct hostapd_iface *iface = hapd->iface;
++
++ config_read_cb = iface->interfaces->config_read_cb;
++ iface->interfaces->config_read_cb = hostapd_ctrl_iface_config_read;
++ reload_opts = txt;
++
++ hostapd_reload_config(iface);
++
++ iface->interfaces->config_read_cb = config_read_cb;
++}
+
+ #ifdef NEED_AP_MLME
+ static int hostapd_ctrl_iface_sa_query(struct hostapd_data *hapd,
+@@ -3771,6 +3828,8 @@ static int hostapd_ctrl_iface_receive_pr
+ } else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
+ reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
+ reply_size);
++ } else if (os_strncmp(buf, "UPDATE ", 7) == 0) {
++ hostapd_ctrl_iface_update(hapd, buf + 7);
+ } else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
+ ieee802_1x_erp_flush(hapd);
+ #ifdef RADIUS_SERVER
+--- a/src/ap/ctrl_iface_ap.c
++++ b/src/ap/ctrl_iface_ap.c
+@@ -927,7 +927,13 @@ int hostapd_parse_csa_settings(const cha
+
+ int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
+ {
+- return hostapd_drv_stop_ap(hapd);
++ struct hostapd_iface *iface = hapd->iface;
++ int i;
++
++ for (i = 0; i < iface->num_bss; i++)
++ hostapd_drv_stop_ap(iface->bss[i]);
++
++ return 0;
+ }
+
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/370-ap_sta_support.patch b/recipes-connectivity/wpa-supplicant/files/patches/370-ap_sta_support.patch
new file mode 100644
index 0000000..c81c841
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/370-ap_sta_support.patch
@@ -0,0 +1,393 @@
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -108,6 +108,8 @@ OBJS_c += ../src/utils/common.o
+ OBJS_c += ../src/common/cli.o
+ OBJS += wmm_ac.o
+
++OBJS += ../src/common/wpa_ctrl.o
++
+ ifndef CONFIG_OS
+ ifdef CONFIG_NATIVE_WINDOWS
+ CONFIG_OS=win32
+--- a/wpa_supplicant/bss.c
++++ b/wpa_supplicant/bss.c
+@@ -11,6 +11,7 @@
+ #include "utils/common.h"
+ #include "utils/eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "drivers/driver.h"
+ #include "eap_peer/eap.h"
+ #include "wpa_supplicant_i.h"
+@@ -282,6 +283,10 @@ void calculate_update_time(const struct
+ static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
+ struct os_reltime *fetch_time)
+ {
++ struct ieee80211_ht_capabilities *capab;
++ struct ieee80211_ht_operation *oper;
++ struct ieee802_11_elems elems;
++
+ dst->flags = src->flags;
+ os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
+ dst->freq = src->freq;
+@@ -294,6 +299,15 @@ static void wpa_bss_copy_res(struct wpa_
+ dst->est_throughput = src->est_throughput;
+ dst->snr = src->snr;
+
++ memset(&elems, 0, sizeof(elems));
++ ieee802_11_parse_elems((u8 *) (src + 1), src->ie_len, &elems, 0);
++ capab = (struct ieee80211_ht_capabilities *) elems.ht_capabilities;
++ oper = (struct ieee80211_ht_operation *) elems.ht_operation;
++ if (capab)
++ dst->ht_capab = le_to_host16(capab->ht_capabilities_info);
++ if (oper)
++ dst->ht_param = oper->ht_param;
++
+ calculate_update_time(fetch_time, src->age, &dst->last_update);
+ }
+
+--- a/wpa_supplicant/bss.h
++++ b/wpa_supplicant/bss.h
+@@ -94,6 +94,10 @@ struct wpa_bss {
+ u8 ssid[SSID_MAX_LEN];
+ /** Length of SSID */
+ size_t ssid_len;
++ /** HT capabilities */
++ u16 ht_capab;
++ /* Five octets of HT Operation Information */
++ u8 ht_param;
+ /** Frequency of the channel in MHz (e.g., 2412 = channel 1) */
+ int freq;
+ /** Beacon interval in TUs (host byte order) */
+--- a/wpa_supplicant/main.c
++++ b/wpa_supplicant/main.c
+@@ -34,7 +34,7 @@ static void usage(void)
+ "vW] [-P<pid file>] "
+ "[-g<global ctrl>] \\\n"
+ " [-G<group>] \\\n"
+- " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] "
++ " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-H<hostapd path>] "
+ "[-p<driver_param>] \\\n"
+ " [-b<br_ifname>] [-e<entropy file>]"
+ #ifdef CONFIG_DEBUG_FILE
+@@ -74,6 +74,7 @@ static void usage(void)
+ " -g = global ctrl_interface\n"
+ " -G = global ctrl_interface group\n"
+ " -h = show this help text\n"
++ " -H = connect to a hostapd instance to manage state changes\n"
+ " -i = interface name\n"
+ " -I = additional configuration file\n"
+ " -K = include keys (passwords, etc.) in debug output\n"
+@@ -201,7 +202,7 @@ int main(int argc, char *argv[])
+
+ for (;;) {
+ c = getopt(argc, argv,
+- "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
+ if (c < 0)
+ break;
+ switch (c) {
+@@ -248,6 +249,9 @@ int main(int argc, char *argv[])
+ usage();
+ exitcode = 0;
+ goto out;
++ case 'H':
++ iface->hostapd_ctrl = optarg;
++ break;
+ case 'i':
+ iface->ifname = optarg;
+ break;
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -130,6 +130,54 @@ static void wpas_update_fils_connect_par
+ static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
+ #endif /* CONFIG_OWE */
+
++static int hostapd_stop(struct wpa_supplicant *wpa_s)
++{
++ const char *cmd = "STOP_AP";
++ char buf[256];
++ size_t len = sizeof(buf);
++
++ if (wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL) < 0) {
++ wpa_printf(MSG_ERROR, "\nFailed to stop hostapd AP interfaces\n");
++ return -1;
++ }
++ return 0;
++}
++
++static int hostapd_reload(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
++{
++ char *cmd = NULL;
++ char buf[256];
++ size_t len = sizeof(buf);
++ enum hostapd_hw_mode hw_mode;
++ u8 channel;
++ int sec_chan = 0;
++ int ret;
++
++ if (!bss)
++ return -1;
++
++ if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
++ int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
++ if (sec == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
++ sec_chan = 1;
++ else if (sec == HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
++ sec_chan = -1;
++ }
++
++ hw_mode = ieee80211_freq_to_chan(bss->freq, &channel);
++ if (asprintf(&cmd, "UPDATE channel=%d sec_chan=%d hw_mode=%d",
++ channel, sec_chan, hw_mode) < 0)
++ return -1;
++
++ ret = wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL);
++ free(cmd);
++
++ if (ret < 0) {
++ wpa_printf(MSG_ERROR, "\nFailed to reload hostapd AP interfaces\n");
++ return -1;
++ }
++ return 0;
++}
+
+ #ifdef CONFIG_WEP
+ /* Configure default/group WEP keys for static WEP */
+@@ -1015,6 +1063,8 @@ void wpa_supplicant_set_state(struct wpa
+
+ sme_sched_obss_scan(wpa_s, 1);
+
++ if (wpa_s->hostapd)
++ hostapd_reload(wpa_s, wpa_s->current_bss);
+ #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
+ if (!fils_hlp_sent && ssid && ssid->eap.erp)
+ update_fils_connect_params = true;
+@@ -1025,6 +1075,8 @@ void wpa_supplicant_set_state(struct wpa
+ #endif /* CONFIG_OWE */
+ } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
+ state == WPA_ASSOCIATED) {
++ if (wpa_s->hostapd)
++ hostapd_stop(wpa_s);
+ wpa_s->new_connection = 1;
+ wpa_drv_set_operstate(wpa_s, 0);
+ #ifndef IEEE8021X_EAPOL
+@@ -2308,6 +2360,8 @@ void wpa_supplicant_associate(struct wpa
+ return;
+ }
+ wpa_s->current_bss = bss;
++ if (wpa_s->hostapd)
++ hostapd_reload(wpa_s, wpa_s->current_bss);
+ #else /* CONFIG_MESH */
+ wpa_msg(wpa_s, MSG_ERROR,
+ "mesh mode support not included in the build");
+@@ -6650,6 +6704,16 @@ static int wpa_supplicant_init_iface(str
+ sizeof(wpa_s->bridge_ifname));
+ }
+
++ if (iface->hostapd_ctrl) {
++ wpa_s->hostapd = wpa_ctrl_open(iface->hostapd_ctrl);
++ if (!wpa_s->hostapd) {
++ wpa_printf(MSG_ERROR, "\nFailed to connect to hostapd\n");
++ return -1;
++ }
++ if (hostapd_stop(wpa_s) < 0)
++ return -1;
++ }
++
+ /* RSNA Supplicant Key Management - INITIALIZE */
+ eapol_sm_notify_portEnabled(wpa_s->eapol, false);
+ eapol_sm_notify_portValid(wpa_s->eapol, false);
+@@ -6987,6 +7051,11 @@ static void wpa_supplicant_deinit_iface(
+ if (terminate)
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
+
++ if (wpa_s->hostapd) {
++ wpa_ctrl_close(wpa_s->hostapd);
++ wpa_s->hostapd = NULL;
++ }
++
+ wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
+
+--- a/wpa_supplicant/wpa_supplicant_i.h
++++ b/wpa_supplicant/wpa_supplicant_i.h
+@@ -104,6 +104,11 @@ struct wpa_interface {
+ const char *ifname;
+
+ /**
++ * hostapd_ctrl - path to hostapd control socket for notification
++ */
++ const char *hostapd_ctrl;
++
++ /**
+ * bridge_ifname - Optional bridge interface name
+ *
+ * If the driver interface (ifname) is included in a Linux bridge
+@@ -718,6 +723,8 @@ struct wpa_supplicant {
+ #endif /* CONFIG_CTRL_IFACE_BINDER */
+ char bridge_ifname[16];
+
++ struct wpa_ctrl *hostapd;
++
+ char *confname;
+ char *confanother;
+
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -2889,6 +2889,12 @@ static int hostapd_ctrl_iface_chan_switc
+ return 0;
+ }
+
++ if (os_strstr(pos, " auto-ht")) {
++ settings.freq_params.ht_enabled = iface->conf->ieee80211n;
++ settings.freq_params.vht_enabled = iface->conf->ieee80211ac;
++ settings.freq_params.he_enabled = iface->conf->ieee80211ax;
++ }
++
+ for (i = 0; i < iface->num_bss; i++) {
+
+ /* Save CHAN_SWITCH VHT and HE config */
+--- a/src/ap/beacon.c
++++ b/src/ap/beacon.c
+@@ -1791,11 +1791,6 @@ static int __ieee802_11_set_beacon(struc
+ return -1;
+ }
+
+- if (hapd->csa_in_progress) {
+- wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period");
+- return -1;
+- }
+-
+ hapd->beacon_set_done = 1;
+
+ if (ieee802_11_build_ap_params(hapd, ¶ms) < 0)
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -4891,6 +4891,60 @@ static void wpas_event_unprot_beacon(str
+ }
+
+
++static void
++supplicant_ch_switch_started(struct wpa_supplicant *wpa_s,
++ union wpa_event_data *data)
++{
++ char buf[256];
++ size_t len = sizeof(buf);
++ char *cmd = NULL;
++ int width = 20;
++ int ret;
++
++ if (!wpa_s->hostapd)
++ return;
++
++ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CHANNEL_SWITCH
++ "count=%d freq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d",
++ data->ch_switch.count,
++ data->ch_switch.freq,
++ data->ch_switch.ht_enabled,
++ data->ch_switch.ch_offset,
++ channel_width_to_string(data->ch_switch.ch_width),
++ data->ch_switch.cf1,
++ data->ch_switch.cf2);
++
++ switch (data->ch_switch.ch_width) {
++ case CHAN_WIDTH_20_NOHT:
++ case CHAN_WIDTH_20:
++ width = 20;
++ break;
++ case CHAN_WIDTH_40:
++ width = 40;
++ break;
++ case CHAN_WIDTH_80:
++ width = 80;
++ break;
++ case CHAN_WIDTH_160:
++ case CHAN_WIDTH_80P80:
++ width = 160;
++ break;
++ }
++
++ asprintf(&cmd, "CHAN_SWITCH %d %d sec_channel_offset=%d center_freq1=%d center_freq2=%d, bandwidth=%d auto-ht\n",
++ data->ch_switch.count - 1,
++ data->ch_switch.freq,
++ data->ch_switch.ch_offset,
++ data->ch_switch.cf1,
++ data->ch_switch.cf2,
++ width);
++ ret = wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL);
++ free(cmd);
++
++ if (ret < 0)
++ wpa_printf(MSG_ERROR, "\nFailed to reload hostapd AP interfaces\n");
++}
++
+ void supplicant_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+ {
+@@ -5206,8 +5260,10 @@ void supplicant_event(void *ctx, enum wp
+ channel_width_to_string(data->ch_switch.ch_width),
+ data->ch_switch.cf1,
+ data->ch_switch.cf2);
+- if (event == EVENT_CH_SWITCH_STARTED)
++ if (event == EVENT_CH_SWITCH_STARTED) {
++ supplicant_ch_switch_started(wpa_s, data);
+ break;
++ }
+
+ wpa_s->assoc_freq = data->ch_switch.freq;
+ wpa_s->current_ssid->frequency = data->ch_switch.freq;
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -5837,6 +5837,7 @@ union wpa_event_data {
+
+ /**
+ * struct ch_switch
++ * @count: Count until channel switch activates
+ * @freq: Frequency of new channel in MHz
+ * @ht_enabled: Whether this is an HT channel
+ * @ch_offset: Secondary channel offset
+@@ -5845,6 +5846,7 @@ union wpa_event_data {
+ * @cf2: Center frequency 2
+ */
+ struct ch_switch {
++ int count;
+ int freq;
+ int ht_enabled;
+ int ch_offset;
+--- a/src/drivers/driver_nl80211_event.c
++++ b/src/drivers/driver_nl80211_event.c
+@@ -684,7 +684,7 @@ static void mlme_event_ch_switch(struct
+ struct nlattr *ifindex, struct nlattr *freq,
+ struct nlattr *type, struct nlattr *bw,
+ struct nlattr *cf1, struct nlattr *cf2,
+- int finished)
++ struct nlattr *count, int finished)
+ {
+ struct i802_bss *bss;
+ union wpa_event_data data;
+@@ -745,6 +745,8 @@ static void mlme_event_ch_switch(struct
+ data.ch_switch.cf1 = nla_get_u32(cf1);
+ if (cf2)
+ data.ch_switch.cf2 = nla_get_u32(cf2);
++ if (count)
++ data.ch_switch.count = nla_get_u32(count);
+
+ if (finished)
+ bss->freq = data.ch_switch.freq;
+@@ -3003,6 +3005,7 @@ static void do_process_drv_event(struct
+ tb[NL80211_ATTR_CHANNEL_WIDTH],
+ tb[NL80211_ATTR_CENTER_FREQ1],
+ tb[NL80211_ATTR_CENTER_FREQ2],
++ tb[NL80211_ATTR_CH_SWITCH_COUNT],
+ 0);
+ break;
+ case NL80211_CMD_CH_SWITCH_NOTIFY:
+@@ -3013,6 +3016,7 @@ static void do_process_drv_event(struct
+ tb[NL80211_ATTR_CHANNEL_WIDTH],
+ tb[NL80211_ATTR_CENTER_FREQ1],
+ tb[NL80211_ATTR_CENTER_FREQ2],
++ NULL,
+ 1);
+ break;
+ case NL80211_CMD_DISCONNECT:
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/380-disable_ctrl_iface_mib.patch b/recipes-connectivity/wpa-supplicant/files/patches/380-disable_ctrl_iface_mib.patch
new file mode 100644
index 0000000..92b52a6
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/380-disable_ctrl_iface_mib.patch
@@ -0,0 +1,193 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -221,6 +221,9 @@ endif
+ ifdef CONFIG_NO_CTRL_IFACE
+ CFLAGS += -DCONFIG_NO_CTRL_IFACE
+ else
++ifdef CONFIG_CTRL_IFACE_MIB
++CFLAGS += -DCONFIG_CTRL_IFACE_MIB
++endif
+ ifeq ($(CONFIG_CTRL_IFACE), udp)
+ CFLAGS += -DCONFIG_CTRL_IFACE_UDP
+ else
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -3587,6 +3587,7 @@ static int hostapd_ctrl_iface_receive_pr
+ reply_size);
+ } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
+ reply_len = hostapd_drv_status(hapd, reply, reply_size);
++#ifdef CONFIG_CTRL_IFACE_MIB
+ } else if (os_strcmp(buf, "MIB") == 0) {
+ reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
+ if (reply_len >= 0) {
+@@ -3628,6 +3629,7 @@ static int hostapd_ctrl_iface_receive_pr
+ } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
+ reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
+ reply_size);
++#endif
+ } else if (os_strcmp(buf, "ATTACH") == 0) {
+ if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
+ reply_len = -1;
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -958,6 +958,9 @@ ifdef CONFIG_FILS
+ OBJS += ../src/ap/fils_hlp.o
+ endif
+ ifdef CONFIG_CTRL_IFACE
++ifdef CONFIG_CTRL_IFACE_MIB
++CFLAGS += -DCONFIG_CTRL_IFACE_MIB
++endif
+ OBJS += ../src/ap/ctrl_iface_ap.o
+ endif
+
+--- a/wpa_supplicant/ctrl_iface.c
++++ b/wpa_supplicant/ctrl_iface.c
+@@ -2314,7 +2314,7 @@ static int wpa_supplicant_ctrl_iface_sta
+ pos += ret;
+ }
+
+-#ifdef CONFIG_AP
++#if defined(CONFIG_AP) && defined(CONFIG_CTRL_IFACE_MIB)
+ if (wpa_s->ap_iface) {
+ pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
+ end - pos,
+@@ -11494,6 +11494,7 @@ char * wpa_supplicant_ctrl_iface_process
+ reply_len = -1;
+ } else if (os_strncmp(buf, "NOTE ", 5) == 0) {
+ wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
++#ifdef CONFIG_CTRL_IFACE_MIB
+ } else if (os_strcmp(buf, "MIB") == 0) {
+ reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
+ if (reply_len >= 0) {
+@@ -11506,6 +11507,7 @@ char * wpa_supplicant_ctrl_iface_process
+ reply_size - reply_len);
+ #endif /* CONFIG_MACSEC */
+ }
++#endif
+ } else if (os_strncmp(buf, "STATUS", 6) == 0) {
+ reply_len = wpa_supplicant_ctrl_iface_status(
+ wpa_s, buf + 6, reply, reply_size);
+@@ -11994,6 +11996,7 @@ char * wpa_supplicant_ctrl_iface_process
+ reply_len = wpa_supplicant_ctrl_iface_bss(
+ wpa_s, buf + 4, reply, reply_size);
+ #ifdef CONFIG_AP
++#ifdef CONFIG_CTRL_IFACE_MIB
+ } else if (os_strcmp(buf, "STA-FIRST") == 0) {
+ reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
+ } else if (os_strncmp(buf, "STA ", 4) == 0) {
+@@ -12002,12 +12005,15 @@ char * wpa_supplicant_ctrl_iface_process
+ } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
+ reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
+ reply_size);
++#endif
++#ifdef CONFIG_CTRL_IFACE_MIB
+ } else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
+ if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
+ if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13))
+ reply_len = -1;
++#endif
+ } else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
+ if (ap_ctrl_iface_chanswitch(wpa_s, buf + 12))
+ reply_len = -1;
+--- a/src/ap/ctrl_iface_ap.c
++++ b/src/ap/ctrl_iface_ap.c
+@@ -25,6 +25,7 @@
+ #include "mbo_ap.h"
+ #include "taxonomy.h"
+
++#ifdef CONFIG_CTRL_IFACE_MIB
+
+ static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
+ size_t curr_len, const u8 *mcs_set)
+@@ -459,6 +460,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+ return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
+ }
+
++#endif
+
+ #ifdef CONFIG_P2P_MANAGER
+ static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
+@@ -815,12 +817,12 @@ int hostapd_ctrl_iface_status(struct hos
+ return len;
+ len += ret;
+ }
+-
++#ifdef CONFIG_CTRL_IFACE_MIB
+ if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
+ len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
+ mode->mcs_set);
+ }
+-
++#endif /* CONFIG_CTRL_IFACE_MIB */
+ if (iface->current_rates && iface->num_rates) {
+ ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
+ if (os_snprintf_error(buflen - len, ret))
+--- a/src/ap/ieee802_1x.c
++++ b/src/ap/ieee802_1x.c
+@@ -2712,6 +2712,7 @@ static const char * bool_txt(bool val)
+ return val ? "TRUE" : "FALSE";
+ }
+
++#ifdef CONFIG_CTRL_IFACE_MIB
+
+ int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
+ {
+@@ -2898,6 +2899,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+ return len;
+ }
+
++#endif
+
+ #ifdef CONFIG_HS20
+ static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -4519,6 +4519,7 @@ static const char * wpa_bool_txt(int val
+ return val ? "TRUE" : "FALSE";
+ }
+
++#ifdef CONFIG_CTRL_IFACE_MIB
+
+ #define RSN_SUITE "%02x-%02x-%02x-%d"
+ #define RSN_SUITE_ARG(s) \
+@@ -4669,7 +4670,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+
+ return len;
+ }
+-
++#endif
+
+ void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
+ {
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2777,6 +2777,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+ }
+
+
++#ifdef CONFIG_CTRL_IFACE_MIB
++
+ #define RSN_SUITE "%02x-%02x-%02x-%d"
+ #define RSN_SUITE_ARG(s) \
+ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
+@@ -2858,6 +2860,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+
+ return (int) len;
+ }
++#endif
+ #endif /* CONFIG_CTRL_IFACE */
+
+
+--- a/wpa_supplicant/ap.c
++++ b/wpa_supplicant/ap.c
+@@ -1462,7 +1462,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+ #endif /* CONFIG_WPS */
+
+
+-#ifdef CONFIG_CTRL_IFACE
++#if defined(CONFIG_CTRL_IFACE) && defined(CONFIG_CTRL_IFACE_MIB)
+
+ int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s,
+ char *buf, size_t buflen)
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch b/recipes-connectivity/wpa-supplicant/files/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch
new file mode 100644
index 0000000..d2414fa
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch
@@ -0,0 +1,11 @@
+--- a/hostapd/hostapd_cli.c
++++ b/hostapd/hostapd_cli.c
+@@ -744,7 +744,7 @@ static int wpa_ctrl_command_sta(struct w
+ }
+
+ buf[len] = '\0';
+- if (memcmp(buf, "FAIL", 4) == 0)
++ if (memcmp(buf, "FAIL", 4) == 0 || memcmp(buf, "UNKNOWN COMMAND", 15) == 0)
+ return -1;
+ if (print)
+ printf("%s", buf);
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/390-wpa_ie_cap_workaround.patch b/recipes-connectivity/wpa-supplicant/files/patches/390-wpa_ie_cap_workaround.patch
new file mode 100644
index 0000000..65a8b07
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/390-wpa_ie_cap_workaround.patch
@@ -0,0 +1,56 @@
+--- a/src/common/wpa_common.c
++++ b/src/common/wpa_common.c
+@@ -2444,6 +2444,31 @@ u32 wpa_akm_to_suite(int akm)
+ }
+
+
++static void wpa_fixup_wpa_ie_rsn(u8 *assoc_ie, const u8 *wpa_msg_ie,
++ size_t rsn_ie_len)
++{
++ int pos, count;
++
++ pos = sizeof(struct rsn_ie_hdr) + RSN_SELECTOR_LEN;
++ if (rsn_ie_len < pos + 2)
++ return;
++
++ count = WPA_GET_LE16(wpa_msg_ie + pos);
++ pos += 2 + count * RSN_SELECTOR_LEN;
++ if (rsn_ie_len < pos + 2)
++ return;
++
++ count = WPA_GET_LE16(wpa_msg_ie + pos);
++ pos += 2 + count * RSN_SELECTOR_LEN;
++ if (rsn_ie_len < pos + 2)
++ return;
++
++ if (!assoc_ie[pos] && !assoc_ie[pos + 1] &&
++ (wpa_msg_ie[pos] || wpa_msg_ie[pos + 1]))
++ memcpy(&assoc_ie[pos], &wpa_msg_ie[pos], 2);
++}
++
++
+ int wpa_compare_rsn_ie(int ft_initial_assoc,
+ const u8 *ie1, size_t ie1len,
+ const u8 *ie2, size_t ie2len)
+@@ -2451,8 +2476,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+ if (ie1 == NULL || ie2 == NULL)
+ return -1;
+
+- if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0)
+- return 0; /* identical IEs */
++ if (ie1len == ie2len) {
++ u8 *ie_tmp;
++
++ if (os_memcmp(ie1, ie2, ie1len) == 0)
++ return 0; /* identical IEs */
++
++ ie_tmp = alloca(ie1len);
++ memcpy(ie_tmp, ie1, ie1len);
++ wpa_fixup_wpa_ie_rsn(ie_tmp, ie2, ie1len);
++
++ if (os_memcmp(ie_tmp, ie2, ie1len) == 0)
++ return 0; /* only mismatch in RSN capabilties */
++ }
+
+ #ifdef CONFIG_IEEE80211R
+ if (ft_initial_assoc) {
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/400-wps_single_auth_enc_type.patch b/recipes-connectivity/wpa-supplicant/files/patches/400-wps_single_auth_enc_type.patch
new file mode 100644
index 0000000..f708bf3
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/400-wps_single_auth_enc_type.patch
@@ -0,0 +1,23 @@
+--- a/src/ap/wps_hostapd.c
++++ b/src/ap/wps_hostapd.c
+@@ -394,9 +394,8 @@ static int hapd_wps_reconfig_in_memory(s
+ bss->wpa_pairwise |= WPA_CIPHER_GCMP;
+ else
+ bss->wpa_pairwise |= WPA_CIPHER_CCMP;
+- }
+ #ifndef CONFIG_NO_TKIP
+- if (cred->encr_type & WPS_ENCR_TKIP)
++ } else if (cred->encr_type & WPS_ENCR_TKIP)
+ bss->wpa_pairwise |= WPA_CIPHER_TKIP;
+ #endif /* CONFIG_NO_TKIP */
+ bss->rsn_pairwise = bss->wpa_pairwise;
+@@ -1180,8 +1179,7 @@ int hostapd_init_wps(struct hostapd_data
+ WPA_CIPHER_GCMP_256)) {
+ wps->encr_types |= WPS_ENCR_AES;
+ wps->encr_types_rsn |= WPS_ENCR_AES;
+- }
+- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
++ } else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
+ #ifdef CONFIG_NO_TKIP
+ wpa_printf(MSG_INFO, "WPS: TKIP not supported");
+ goto fail;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/410-limit_debug_messages.patch b/recipes-connectivity/wpa-supplicant/files/patches/410-limit_debug_messages.patch
new file mode 100644
index 0000000..d2713fc
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/410-limit_debug_messages.patch
@@ -0,0 +1,210 @@
+--- a/src/utils/wpa_debug.c
++++ b/src/utils/wpa_debug.c
+@@ -206,7 +206,7 @@ void wpa_debug_close_linux_tracing(void)
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+-void wpa_printf(int level, const char *fmt, ...)
++void _wpa_printf(int level, const char *fmt, ...)
+ {
+ va_list ap;
+
+@@ -255,7 +255,7 @@ void wpa_printf(int level, const char *f
+ }
+
+
+-static void _wpa_hexdump(int level, const char *title, const u8 *buf,
++void _wpa_hexdump(int level, const char *title, const u8 *buf,
+ size_t len, int show, int only_syslog)
+ {
+ size_t i;
+@@ -382,19 +382,7 @@ static void _wpa_hexdump(int level, cons
+ #endif /* CONFIG_ANDROID_LOG */
+ }
+
+-void wpa_hexdump(int level, const char *title, const void *buf, size_t len)
+-{
+- _wpa_hexdump(level, title, buf, len, 1, 0);
+-}
+-
+-
+-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len)
+-{
+- _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys, 0);
+-}
+-
+-
+-static void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
++void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
+ size_t len, int show)
+ {
+ size_t i, llen;
+@@ -507,20 +495,6 @@ file_done:
+ }
+
+
+-void wpa_hexdump_ascii(int level, const char *title, const void *buf,
+- size_t len)
+-{
+- _wpa_hexdump_ascii(level, title, buf, len, 1);
+-}
+-
+-
+-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf,
+- size_t len)
+-{
+- _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
+-}
+-
+-
+ #ifdef CONFIG_DEBUG_FILE
+ static char *last_path = NULL;
+ #endif /* CONFIG_DEBUG_FILE */
+@@ -636,7 +610,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
+ }
+
+
+-void wpa_msg(void *ctx, int level, const char *fmt, ...)
++void _wpa_msg(void *ctx, int level, const char *fmt, ...)
+ {
+ va_list ap;
+ char *buf;
+@@ -674,7 +648,7 @@ void wpa_msg(void *ctx, int level, const
+ }
+
+
+-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
++void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+ {
+ va_list ap;
+ char *buf;
+--- a/src/utils/wpa_debug.h
++++ b/src/utils/wpa_debug.h
+@@ -50,6 +50,17 @@ int wpa_debug_reopen_file(void);
+ void wpa_debug_close_file(void);
+ void wpa_debug_setup_stdout(void);
+
++/* internal */
++void _wpa_hexdump(int level, const char *title, const u8 *buf,
++ size_t len, int show, int only_syslog);
++void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
++ size_t len, int show);
++extern int wpa_debug_show_keys;
++
++#ifndef CONFIG_MSG_MIN_PRIORITY
++#define CONFIG_MSG_MIN_PRIORITY 0
++#endif
++
+ /**
+ * wpa_debug_printf_timestamp - Print timestamp for debug output
+ *
+@@ -70,9 +81,15 @@ void wpa_debug_print_timestamp(void);
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+-void wpa_printf(int level, const char *fmt, ...)
++void _wpa_printf(int level, const char *fmt, ...)
+ PRINTF_FORMAT(2, 3);
+
++#define wpa_printf(level, ...) \
++ do { \
++ if (level >= CONFIG_MSG_MIN_PRIORITY) \
++ _wpa_printf(level, __VA_ARGS__); \
++ } while(0)
++
+ /**
+ * wpa_hexdump - conditional hex dump
+ * @level: priority level (MSG_*) of the message
+@@ -84,7 +101,13 @@ PRINTF_FORMAT(2, 3);
+ * output may be directed to stdout, stderr, and/or syslog based on
+ * configuration. The contents of buf is printed out has hex dump.
+ */
+-void wpa_hexdump(int level, const char *title, const void *buf, size_t len);
++static inline void wpa_hexdump(int level, const char *title, const void *buf, size_t len)
++{
++ if (level < CONFIG_MSG_MIN_PRIORITY)
++ return;
++
++ _wpa_hexdump(level, title, buf, len, 1, 1);
++}
+
+ static inline void wpa_hexdump_buf(int level, const char *title,
+ const struct wpabuf *buf)
+@@ -106,7 +129,13 @@ static inline void wpa_hexdump_buf(int l
+ * like wpa_hexdump(), but by default, does not include secret keys (passwords,
+ * etc.) in debug output.
+ */
+-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len);
++static inline void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len)
++{
++ if (level < CONFIG_MSG_MIN_PRIORITY)
++ return;
++
++ _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys, 1);
++}
+
+ static inline void wpa_hexdump_buf_key(int level, const char *title,
+ const struct wpabuf *buf)
+@@ -128,8 +157,14 @@ static inline void wpa_hexdump_buf_key(i
+ * the hex numbers and ASCII characters (for printable range) are shown. 16
+ * bytes per line will be shown.
+ */
+-void wpa_hexdump_ascii(int level, const char *title, const void *buf,
+- size_t len);
++static inline void wpa_hexdump_ascii(int level, const char *title,
++ const u8 *buf, size_t len)
++{
++ if (level < CONFIG_MSG_MIN_PRIORITY)
++ return;
++
++ _wpa_hexdump_ascii(level, title, buf, len, 1);
++}
+
+ /**
+ * wpa_hexdump_ascii_key - conditional hex dump, hide keys
+@@ -145,8 +180,14 @@ void wpa_hexdump_ascii(int level, const
+ * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
+ * default, does not include secret keys (passwords, etc.) in debug output.
+ */
+-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf,
+- size_t len);
++static inline void wpa_hexdump_ascii_key(int level, const char *title,
++ const u8 *buf, size_t len)
++{
++ if (level < CONFIG_MSG_MIN_PRIORITY)
++ return;
++
++ _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
++}
+
+ /*
+ * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
+@@ -183,7 +224,12 @@ void wpa_hexdump_ascii_key(int level, co
+ *
+ * Note: New line '\n' is added to the end of the text when printing to stdout.
+ */
+-void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
++void _wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
++#define wpa_msg(ctx, level, ...) \
++ do { \
++ if (level >= CONFIG_MSG_MIN_PRIORITY) \
++ _wpa_msg(ctx, level, __VA_ARGS__); \
++ } while(0)
+
+ /**
+ * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
+@@ -197,8 +243,13 @@ void wpa_msg(void *ctx, int level, const
+ * attached ctrl_iface monitors. In other words, it can be used for frequent
+ * events that do not need to be sent to syslog.
+ */
+-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
++void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+ PRINTF_FORMAT(3, 4);
++#define wpa_msg_ctrl(ctx, level, ...) \
++ do { \
++ if (level >= CONFIG_MSG_MIN_PRIORITY) \
++ _wpa_msg_ctrl(ctx, level, __VA_ARGS__); \
++ } while(0)
+
+ /**
+ * wpa_msg_global - Global printf for ctrl_iface monitors
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/420-indicate-features.patch b/recipes-connectivity/wpa-supplicant/files/patches/420-indicate-features.patch
new file mode 100644
index 0000000..f9dff66
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/420-indicate-features.patch
@@ -0,0 +1,62 @@
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -15,6 +15,7 @@
+ #include "utils/common.h"
+ #include "utils/eloop.h"
+ #include "utils/uuid.h"
++#include "utils/build_features.h"
+ #include "crypto/random.h"
+ #include "crypto/tls.h"
+ #include "common/version.h"
+@@ -691,7 +692,7 @@ int main(int argc, char *argv[])
+ wpa_supplicant_event = hostapd_wpa_event;
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
+ for (;;) {
+- c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
++ c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:v::");
+ if (c < 0)
+ break;
+ switch (c) {
+@@ -728,6 +729,8 @@ int main(int argc, char *argv[])
+ break;
+ #endif /* CONFIG_DEBUG_LINUX_TRACING */
+ case 'v':
++ if (optarg)
++ exit(!has_feature(optarg));
+ show_version();
+ exit(1);
+ break;
+--- a/wpa_supplicant/main.c
++++ b/wpa_supplicant/main.c
+@@ -12,6 +12,7 @@
+ #endif /* __linux__ */
+
+ #include "common.h"
++#include "build_features.h"
+ #include "fst/fst.h"
+ #include "wpa_supplicant_i.h"
+ #include "driver_i.h"
+@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
+
+ for (;;) {
+ c = getopt(argc, argv,
+- "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W");
+ if (c < 0)
+ break;
+ switch (c) {
+@@ -305,8 +306,12 @@ int main(int argc, char *argv[])
+ break;
+ #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
+ case 'v':
+- printf("%s\n", wpa_supplicant_version);
+- exitcode = 0;
++ if (optarg) {
++ exitcode = !has_feature(optarg);
++ } else {
++ printf("%s\n", wpa_supplicant_version);
++ exitcode = 0;
++ }
+ goto out;
+ case 'W':
+ params.wait_for_monitor++;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/430-hostapd_cli_ifdef.patch b/recipes-connectivity/wpa-supplicant/files/patches/430-hostapd_cli_ifdef.patch
new file mode 100644
index 0000000..dc1fa3d
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/430-hostapd_cli_ifdef.patch
@@ -0,0 +1,56 @@
+--- a/hostapd/hostapd_cli.c
++++ b/hostapd/hostapd_cli.c
+@@ -388,7 +388,6 @@ static int hostapd_cli_cmd_disassociate(
+ }
+
+
+-#ifdef CONFIG_TAXONOMY
+ static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+ {
+@@ -401,7 +400,6 @@ static int hostapd_cli_cmd_signature(str
+ os_snprintf(buf, sizeof(buf), "SIGNATURE %s", argv[0]);
+ return wpa_ctrl_command(ctrl, buf);
+ }
+-#endif /* CONFIG_TAXONOMY */
+
+
+ static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
+@@ -418,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(stru
+ }
+
+
+-#ifdef CONFIG_WPS
+ static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+ {
+@@ -644,7 +641,6 @@ static int hostapd_cli_cmd_wps_config(st
+ ssid_hex, argv[1]);
+ return wpa_ctrl_command(ctrl, buf);
+ }
+-#endif /* CONFIG_WPS */
+
+
+ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
+@@ -1579,13 +1575,10 @@ static const struct hostapd_cli_cmd host
+ { "disassociate", hostapd_cli_cmd_disassociate,
+ hostapd_complete_stations,
+ "<addr> = disassociate a station" },
+-#ifdef CONFIG_TAXONOMY
+ { "signature", hostapd_cli_cmd_signature, hostapd_complete_stations,
+ "<addr> = get taxonomy signature for a station" },
+-#endif /* CONFIG_TAXONOMY */
+ { "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
+ "<addr> = send SA Query to a station" },
+-#ifdef CONFIG_WPS
+ { "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
+ "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
+ { "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
+@@ -1610,7 +1603,6 @@ static const struct hostapd_cli_cmd host
+ "<SSID> <auth> <encr> <key> = configure AP" },
+ { "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
+ "= show current WPS status" },
+-#endif /* CONFIG_WPS */
+ { "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent, NULL,
+ "= send Disassociation Imminent notification" },
+ { "ess_disassoc", hostapd_cli_cmd_ess_disassoc, NULL,
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/431-wpa_cli_ifdef.patch b/recipes-connectivity/wpa-supplicant/files/patches/431-wpa_cli_ifdef.patch
new file mode 100644
index 0000000..65c31c5
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/431-wpa_cli_ifdef.patch
@@ -0,0 +1,18 @@
+--- a/wpa_supplicant/wpa_cli.c
++++ b/wpa_supplicant/wpa_cli.c
+@@ -26,6 +26,15 @@
+ #include <cutils/properties.h>
+ #endif /* ANDROID */
+
++#ifndef CONFIG_P2P
++#define CONFIG_P2P
++#endif
++#ifndef CONFIG_AP
++#define CONFIG_AP
++#endif
++#ifndef CONFIG_MESH
++#define CONFIG_MESH
++#endif
+
+ static const char *const wpa_cli_version =
+ "wpa_cli v" VERSION_STR "\n"
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/432-missing-typedef.patch b/recipes-connectivity/wpa-supplicant/files/patches/432-missing-typedef.patch
new file mode 100644
index 0000000..7a100f1
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/432-missing-typedef.patch
@@ -0,0 +1,10 @@
+--- a/src/drivers/linux_wext.h
++++ b/src/drivers/linux_wext.h
+@@ -26,6 +26,7 @@ typedef int32_t __s32;
+ typedef uint16_t __u16;
+ typedef int16_t __s16;
+ typedef uint8_t __u8;
++typedef int8_t __s8;
+ #ifndef __user
+ #define __user
+ #endif /* __user */
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/450-scan_wait.patch b/recipes-connectivity/wpa-supplicant/files/patches/450-scan_wait.patch
new file mode 100644
index 0000000..ac874ad
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/450-scan_wait.patch
@@ -0,0 +1,73 @@
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -39,6 +39,8 @@ struct hapd_global {
+ };
+
+ static struct hapd_global global;
++static int daemonize = 0;
++static char *pid_file = NULL;
+
+
+ #ifndef CONFIG_NO_HOSTAPD_LOGGER
+@@ -146,6 +148,14 @@ static void hostapd_logger_cb(void *ctx,
+ }
+ #endif /* CONFIG_NO_HOSTAPD_LOGGER */
+
++static void hostapd_setup_complete_cb(void *ctx)
++{
++ if (daemonize && os_daemonize(pid_file)) {
++ perror("daemon");
++ return;
++ }
++ daemonize = 0;
++}
+
+ /**
+ * hostapd_driver_init - Preparate driver interface
+@@ -164,6 +174,8 @@ static int hostapd_driver_init(struct ho
+ return -1;
+ }
+
++ hapd->setup_complete_cb = hostapd_setup_complete_cb;
++
+ /* Initialize the driver interface */
+ if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
+ b = NULL;
+@@ -404,8 +416,6 @@ static void hostapd_global_deinit(const
+ #endif /* CONFIG_NATIVE_WINDOWS */
+
+ eap_server_unregister_methods();
+-
+- os_daemonize_terminate(pid_file);
+ }
+
+
+@@ -431,18 +441,6 @@ static int hostapd_global_run(struct hap
+ }
+ #endif /* EAP_SERVER_TNC */
+
+- if (daemonize) {
+- if (os_daemonize(pid_file)) {
+- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
+- return -1;
+- }
+- if (eloop_sock_requeue()) {
+- wpa_printf(MSG_ERROR, "eloop_sock_requeue: %s",
+- strerror(errno));
+- return -1;
+- }
+- }
+-
+ eloop_run();
+
+ return 0;
+@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
+ struct hapd_interfaces interfaces;
+ int ret = 1;
+ size_t i, j;
+- int c, debug = 0, daemonize = 0;
+- char *pid_file = NULL;
++ int c, debug = 0;
+ const char *log_file = NULL;
+ const char *entropy_file = NULL;
+ char **bss_config = NULL, **tmp_bss;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/recipes-connectivity/wpa-supplicant/files/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
new file mode 100644
index 0000000..28f07c7
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
@@ -0,0 +1,189 @@
+From 4bb69d15477e0f2b00e166845341dc933de47c58 Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <ordex@autistici.org>
+Date: Sun, 3 Jun 2012 18:22:56 +0200
+Subject: [PATCHv2 601/602] wpa_supplicant: add new config params to be used
+ with the ibss join command
+
+Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+---
+ src/drivers/driver.h | 6 +++
+ wpa_supplicant/config.c | 96 +++++++++++++++++++++++++++++++++++++++
+ wpa_supplicant/config_ssid.h | 6 +++
+ wpa_supplicant/wpa_supplicant.c | 23 +++++++---
+ 4 files changed, 124 insertions(+), 7 deletions(-)
+
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -19,6 +19,7 @@
+
+ #define WPA_SUPPLICANT_DRIVER_VERSION 4
+
++#include "ap/sta_info.h"
+ #include "common/defs.h"
+ #include "common/ieee802_11_defs.h"
+ #include "common/wpa_common.h"
+@@ -857,6 +858,9 @@ struct wpa_driver_associate_params {
+ * responsible for selecting with which BSS to associate. */
+ const u8 *bssid;
+
++ unsigned char rates[WLAN_SUPP_RATES_MAX];
++ int mcast_rate;
++
+ /**
+ * bssid_hint - BSSID of a proposed AP
+ *
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -18,6 +18,7 @@
+ #include "eap_peer/eap.h"
+ #include "p2p/p2p.h"
+ #include "fst/fst.h"
++#include "ap/sta_info.h"
+ #include "config.h"
+
+
+@@ -2321,6 +2322,97 @@ static char * wpa_config_write_peerkey(c
+ #endif /* NO_CONFIG_WRITE */
+
+
++static int wpa_config_parse_mcast_rate(const struct parse_data *data,
++ struct wpa_ssid *ssid, int line,
++ const char *value)
++{
++ ssid->mcast_rate = (int)(strtod(value, NULL) * 10);
++
++ return 0;
++}
++
++#ifndef NO_CONFIG_WRITE
++static char * wpa_config_write_mcast_rate(const struct parse_data *data,
++ struct wpa_ssid *ssid)
++{
++ char *value;
++ int res;
++
++ if (!ssid->mcast_rate == 0)
++ return NULL;
++
++ value = os_malloc(6); /* longest: 300.0 */
++ if (value == NULL)
++ return NULL;
++ res = os_snprintf(value, 5, "%.1f", (double)ssid->mcast_rate / 10);
++ if (res < 0) {
++ os_free(value);
++ return NULL;
++ }
++ return value;
++}
++#endif /* NO_CONFIG_WRITE */
++
++static int wpa_config_parse_rates(const struct parse_data *data,
++ struct wpa_ssid *ssid, int line,
++ const char *value)
++{
++ int i;
++ char *pos, *r, *sptr, *end;
++ double rate;
++
++ pos = (char *)value;
++ r = strtok_r(pos, ",", &sptr);
++ i = 0;
++ while (pos && i < WLAN_SUPP_RATES_MAX) {
++ rate = 0.0;
++ if (r)
++ rate = strtod(r, &end);
++ ssid->rates[i] = rate * 2;
++ if (*end != '\0' || rate * 2 != ssid->rates[i])
++ return 1;
++
++ i++;
++ r = strtok_r(NULL, ",", &sptr);
++ }
++
++ return 0;
++}
++
++#ifndef NO_CONFIG_WRITE
++static char * wpa_config_write_rates(const struct parse_data *data,
++ struct wpa_ssid *ssid)
++{
++ char *value, *pos;
++ int res, i;
++
++ if (ssid->rates[0] <= 0)
++ return NULL;
++
++ value = os_malloc(6 * WLAN_SUPP_RATES_MAX + 1);
++ if (value == NULL)
++ return NULL;
++ pos = value;
++ for (i = 0; i < WLAN_SUPP_RATES_MAX - 1; i++) {
++ res = os_snprintf(pos, 6, "%.1f,", (double)ssid->rates[i] / 2);
++ if (res < 0) {
++ os_free(value);
++ return NULL;
++ }
++ pos += res;
++ }
++ res = os_snprintf(pos, 6, "%.1f",
++ (double)ssid->rates[WLAN_SUPP_RATES_MAX - 1] / 2);
++ if (res < 0) {
++ os_free(value);
++ return NULL;
++ }
++
++ value[6 * WLAN_SUPP_RATES_MAX] = '\0';
++ return value;
++}
++#endif /* NO_CONFIG_WRITE */
++
+ /* Helper macros for network block parser */
+
+ #ifdef OFFSET
+@@ -2606,6 +2698,8 @@ static const struct parse_data ssid_fiel
+ { INT(ap_max_inactivity) },
+ { INT(dtim_period) },
+ { INT(beacon_int) },
++ { FUNC(rates) },
++ { FUNC(mcast_rate) },
+ #ifdef CONFIG_MACSEC
+ { INT_RANGE(macsec_policy, 0, 1) },
+ { INT_RANGE(macsec_integ_only, 0, 1) },
+--- a/wpa_supplicant/config_ssid.h
++++ b/wpa_supplicant/config_ssid.h
+@@ -10,8 +10,10 @@
+ #define CONFIG_SSID_H
+
+ #include "common/defs.h"
++#include "ap/sta_info.h"
+ #include "utils/list.h"
+ #include "eap_peer/eap_config.h"
++#include "drivers/nl80211_copy.h"
+
+
+ #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
+@@ -846,6 +848,9 @@ struct wpa_ssid {
+ */
+ void *parent_cred;
+
++ unsigned char rates[WLAN_SUPP_RATES_MAX];
++ double mcast_rate;
++
+ #ifdef CONFIG_MACSEC
+ /**
+ * macsec_policy - Determines the policy for MACsec secure session
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -3865,6 +3865,12 @@ static void wpas_start_assoc_cb(struct w
+ params.beacon_int = ssid->beacon_int;
+ else
+ params.beacon_int = wpa_s->conf->beacon_int;
++ int i = 0;
++ while (i < WLAN_SUPP_RATES_MAX) {
++ params.rates[i] = ssid->rates[i];
++ i++;
++ }
++ params.mcast_rate = ssid->mcast_rate;
+ }
+
+ if (bss && ssid->enable_edmg)
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/recipes-connectivity/wpa-supplicant/files/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
new file mode 100644
index 0000000..0be77f9
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
@@ -0,0 +1,59 @@
+From ffc4445958a3ed4064f2e1bf73fa478a61c5cf7b Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <ordex@autistici.org>
+Date: Sun, 3 Jun 2012 18:42:25 +0200
+Subject: [PATCHv2 602/602] driver_nl80211: use new parameters during ibss join
+
+Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+---
+ src/drivers/driver_nl80211.c | 33 ++++++++++++++++++++++++++++++++-
+ 1 file changed, 32 insertions(+), 1 deletion(-)
+
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -5966,7 +5966,7 @@ static int wpa_driver_nl80211_ibss(struc
+ struct wpa_driver_associate_params *params)
+ {
+ struct nl_msg *msg;
+- int ret = -1;
++ int ret = -1, i;
+ int count = 0;
+
+ wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
+@@ -5993,6 +5993,37 @@ retry:
+ nl80211_put_beacon_int(msg, params->beacon_int))
+ goto fail;
+
++ if (params->fixed_freq) {
++ wpa_printf(MSG_DEBUG, " * fixed_freq");
++ nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED);
++ }
++
++ if (params->beacon_int > 0) {
++ wpa_printf(MSG_DEBUG, " * beacon_int=%d",
++ params->beacon_int);
++ nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
++ params->beacon_int);
++ }
++
++ if (params->rates[0] > 0) {
++ wpa_printf(MSG_DEBUG, " * basic_rates:");
++ i = 0;
++ while (i < NL80211_MAX_SUPP_RATES &&
++ params->rates[i] > 0) {
++ wpa_printf(MSG_DEBUG, " %.1f",
++ (double)params->rates[i] / 2);
++ i++;
++ }
++ nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, i,
++ params->rates);
++ }
++
++ if (params->mcast_rate > 0) {
++ wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f",
++ (double)params->mcast_rate / 10);
++ nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
++ }
++
+ ret = nl80211_set_conn_keys(params, msg);
+ if (ret)
+ goto fail;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/463-add-mcast_rate-to-11s.patch b/recipes-connectivity/wpa-supplicant/files/patches/463-add-mcast_rate-to-11s.patch
new file mode 100644
index 0000000..bd1d4d7
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/463-add-mcast_rate-to-11s.patch
@@ -0,0 +1,68 @@
+From: Sven Eckelmann <sven.eckelmann@openmesh.com>
+Date: Thu, 11 May 2017 08:21:45 +0200
+Subject: [PATCH] set mcast_rate in mesh mode
+
+The wpa_supplicant code for IBSS allows to set the mcast rate. It is
+recommended to increase this value from 1 or 6 Mbit/s to something higher
+when using a mesh protocol on top which uses the multicast packet loss as
+indicator for the link quality.
+
+This setting was unfortunately not applied for mesh mode. But it would be
+beneficial when wpa_supplicant would behave similar to IBSS mode and set
+this argument during mesh join like authsae already does. At least it is
+helpful for companies/projects which are currently switching to 802.11s
+(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
+because newer drivers seem to support 802.11s but not IBSS anymore.
+
+Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
+Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
+
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -1624,6 +1624,7 @@ struct wpa_driver_mesh_join_params {
+ #define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
+ unsigned int flags;
+ bool handle_dfs;
++ int mcast_rate;
+ };
+
+ struct wpa_driver_set_key_params {
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -10496,6 +10496,18 @@ static int nl80211_put_mesh_id(struct nl
+ }
+
+
++static int nl80211_put_mcast_rate(struct nl_msg *msg, int mcast_rate)
++{
++ if (mcast_rate > 0) {
++ wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f",
++ (double)mcast_rate / 10);
++ return nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, mcast_rate);
++ }
++
++ return 0;
++}
++
++
+ static int nl80211_put_mesh_config(struct nl_msg *msg,
+ struct wpa_driver_mesh_bss_params *params)
+ {
+@@ -10557,6 +10569,7 @@ static int nl80211_join_mesh(struct i802
+ nl80211_put_basic_rates(msg, params->basic_rates) ||
+ nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
+ nl80211_put_beacon_int(msg, params->beacon_int) ||
++ nl80211_put_mcast_rate(msg, params->mcast_rate) ||
+ nl80211_put_dtim_period(msg, params->dtim_period))
+ goto fail;
+
+--- a/wpa_supplicant/mesh.c
++++ b/wpa_supplicant/mesh.c
+@@ -631,6 +631,7 @@ int wpa_supplicant_join_mesh(struct wpa_
+
+ params->meshid = ssid->ssid;
+ params->meshid_len = ssid->ssid_len;
++ params->mcast_rate = ssid->mcast_rate;
+ ibss_mesh_setup_freq(wpa_s, ssid, ¶ms->freq);
+ wpa_s->mesh_ht_enabled = !!params->freq.ht_enabled;
+ wpa_s->mesh_vht_enabled = !!params->freq.vht_enabled;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/464-fix-mesh-obss-check.patch b/recipes-connectivity/wpa-supplicant/files/patches/464-fix-mesh-obss-check.patch
new file mode 100644
index 0000000..4807727
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/464-fix-mesh-obss-check.patch
@@ -0,0 +1,19 @@
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -2512,11 +2512,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ for (j = 0; j < wpa_s->last_scan_res_used; j++) {
+ struct wpa_bss *bss = wpa_s->last_scan_res[j];
+
+- if (ssid->mode != WPAS_MODE_IBSS)
++ /* Don't adjust control freq in case of fixed_freq */
++ if (ssid->fixed_freq) {
++ obss_scan = 0;
+ break;
++ }
+
+- /* Don't adjust control freq in case of fixed_freq */
+- if (ssid->fixed_freq)
++ if (ssid->mode != WPAS_MODE_IBSS)
+ break;
+
+ if (!bss_is_ibss(bss))
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/470-survey_data_fallback.patch b/recipes-connectivity/wpa-supplicant/files/patches/470-survey_data_fallback.patch
new file mode 100644
index 0000000..359b5f3
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/470-survey_data_fallback.patch
@@ -0,0 +1,25 @@
+--- a/src/ap/acs.c
++++ b/src/ap/acs.c
+@@ -420,20 +420,19 @@ static int acs_usable_bw160_chan(const s
+ static int acs_survey_is_sufficient(struct freq_survey *survey)
+ {
+ if (!(survey->filled & SURVEY_HAS_NF)) {
++ survey->nf = -95;
+ wpa_printf(MSG_INFO, "ACS: Survey is missing noise floor");
+- return 0;
+ }
+
+ if (!(survey->filled & SURVEY_HAS_CHAN_TIME)) {
++ survey->channel_time = 0;
+ wpa_printf(MSG_INFO, "ACS: Survey is missing channel time");
+- return 0;
+ }
+
+ if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
+ !(survey->filled & SURVEY_HAS_CHAN_TIME_RX)) {
+ wpa_printf(MSG_INFO,
+ "ACS: Survey is missing RX and busy time (at least one is required)");
+- return 0;
+ }
+
+ return 1;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/500-lto-jobserver-support.patch b/recipes-connectivity/wpa-supplicant/files/patches/500-lto-jobserver-support.patch
new file mode 100644
index 0000000..c51db01
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/500-lto-jobserver-support.patch
@@ -0,0 +1,59 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -1297,7 +1297,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
+ @$(AR) cr $@ hostapd_multi.o $(OBJS)
+
+ hostapd: $(OBJS)
+- $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
++ +$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+ @$(E) " LD " $@
+
+ ifdef CONFIG_WPA_TRACE
+@@ -1308,7 +1308,7 @@ _OBJS_VAR := OBJS_c
+ include ../src/objs.mk
+
+ hostapd_cli: $(OBJS_c)
+- $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
++ +$(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
+ @$(E) " LD " $@
+
+ NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -1920,31 +1920,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
+ @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
+
+ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
+- $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
++ +$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
+ @$(E) " LD " $@
+
+ _OBJS_VAR := OBJS_t
+ include ../src/objs.mk
+ eapol_test: $(OBJS_t)
+- $(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS)
++ +$(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS)
+ @$(E) " LD " $@
+
+ _OBJS_VAR := OBJS_t2
+ include ../src/objs.mk
+ preauth_test: $(OBJS_t2)
+- $(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS)
++ +$(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS)
+ @$(E) " LD " $@
+
+ _OBJS_VAR := OBJS_p
+ include ../src/objs.mk
+ wpa_passphrase: $(OBJS_p)
+- $(Q)$(LDO) $(LDFLAGS) -o wpa_passphrase $(OBJS_p) $(LIBS_p) $(LIBS)
++ +$(Q)$(LDO) $(LDFLAGS) -o wpa_passphrase $(OBJS_p) $(LIBS_p) $(LIBS)
+ @$(E) " LD " $@
+
+ _OBJS_VAR := OBJS_c
+ include ../src/objs.mk
+ wpa_cli: $(OBJS_c)
+- $(Q)$(LDO) $(LDFLAGS) -o wpa_cli $(OBJS_c) $(LIBS_c)
++ +$(Q)$(LDO) $(LDFLAGS) -o wpa_cli $(OBJS_c) $(LIBS_c)
+ @$(E) " LD " $@
+
+ LIBCTRL += ../src/common/wpa_ctrl.o
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/590-rrm-wnm-statistics.patch b/recipes-connectivity/wpa-supplicant/files/patches/590-rrm-wnm-statistics.patch
new file mode 100644
index 0000000..ee3ab79
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/590-rrm-wnm-statistics.patch
@@ -0,0 +1,92 @@
+--- a/src/ap/hostapd.h
++++ b/src/ap/hostapd.h
+@@ -150,6 +150,21 @@ struct hostapd_sae_commit_queue {
+ };
+
+ /**
++ * struct hostapd_openwrt_stats - OpenWrt custom STA/AP statistics
++ */
++struct hostapd_openwrt_stats {
++ struct {
++ u64 neighbor_report_tx;
++ } rrm;
++
++ struct {
++ u64 bss_transition_query_rx;
++ u64 bss_transition_request_tx;
++ u64 bss_transition_response_rx;
++ } wnm;
++};
++
++/**
+ * struct hostapd_data - hostapd per-BSS data structure
+ */
+ struct hostapd_data {
+@@ -163,6 +178,9 @@ struct hostapd_data {
+
+ u8 own_addr[ETH_ALEN];
+
++ /* OpenWrt specific statistics */
++ struct hostapd_openwrt_stats openwrt_stats;
++
+ int num_sta; /* number of entries in sta_list */
+ struct sta_info *sta_list; /* STA info list head */
+ #define STA_HASH_SIZE 256
+--- a/src/ap/wnm_ap.c
++++ b/src/ap/wnm_ap.c
+@@ -386,6 +386,7 @@ static int ieee802_11_send_bss_trans_mgm
+ mgmt->u.action.u.bss_tm_req.validity_interval = 1;
+ pos = mgmt->u.action.u.bss_tm_req.variable;
+
++ hapd->openwrt_stats.wnm.bss_transition_request_tx++;
+ wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
+ MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
+ "validity_interval=%u",
+@@ -646,10 +647,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
+
+ switch (action) {
+ case WNM_BSS_TRANS_MGMT_QUERY:
++ hapd->openwrt_stats.wnm.bss_transition_query_rx++;
+ ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload,
+ plen);
+ return 0;
+ case WNM_BSS_TRANS_MGMT_RESP:
++ hapd->openwrt_stats.wnm.bss_transition_response_rx++;
+ ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
+ plen);
+ return 0;
+@@ -696,6 +699,7 @@ int wnm_send_disassoc_imminent(struct ho
+
+ pos = mgmt->u.action.u.bss_tm_req.variable;
+
++ hapd->openwrt_stats.wnm.bss_transition_request_tx++;
+ wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
+ MACSTR, disassoc_timer, MAC2STR(sta->addr));
+ if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
+@@ -777,6 +781,7 @@ int wnm_send_ess_disassoc_imminent(struc
+ return -1;
+ }
+
++ hapd->openwrt_stats.wnm.bss_transition_request_tx++;
+ if (disassoc_timer) {
+ /* send disassociation frame after time-out */
+ set_disassoc_timer(hapd, sta, disassoc_timer);
+@@ -857,6 +862,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
+ }
+ os_free(buf);
+
++ hapd->openwrt_stats.wnm.bss_transition_request_tx++;
+ if (disassoc_timer) {
+ /* send disassociation frame after time-out */
+ set_disassoc_timer(hapd, sta, disassoc_timer);
+--- a/src/ap/rrm.c
++++ b/src/ap/rrm.c
+@@ -269,6 +269,8 @@ static void hostapd_send_nei_report_resp
+ }
+ }
+
++ hapd->openwrt_stats.rrm.neighbor_report_tx++;
++
+ hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
+ wpabuf_head(buf), wpabuf_len(buf));
+ wpabuf_free(buf);
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/599-wpa_supplicant-fix-warnings.patch b/recipes-connectivity/wpa-supplicant/files/patches/599-wpa_supplicant-fix-warnings.patch
new file mode 100644
index 0000000..e70dc61
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/599-wpa_supplicant-fix-warnings.patch
@@ -0,0 +1,19 @@
+--- a/wpa_supplicant/wps_supplicant.h
++++ b/wpa_supplicant/wps_supplicant.h
+@@ -9,6 +9,7 @@
+ #ifndef WPS_SUPPLICANT_H
+ #define WPS_SUPPLICANT_H
+
++struct wpa_bss;
+ struct wpa_scan_results;
+
+ #ifdef CONFIG_WPS
+@@ -16,8 +17,6 @@ struct wpa_scan_results;
+ #include "wps/wps.h"
+ #include "wps/wps_defs.h"
+
+-struct wpa_bss;
+-
+ struct wps_new_ap_settings {
+ const char *ssid_hex;
+ const char *auth;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/600-ubus_support.patch b/recipes-connectivity/wpa-supplicant/files/patches/600-ubus_support.patch
new file mode 100644
index 0000000..4abb688
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/600-ubus_support.patch
@@ -0,0 +1,565 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -166,6 +166,11 @@ OBJS += ../src/common/hw_features_common
+
+ OBJS += ../src/eapol_auth/eapol_auth_sm.o
+
++ifdef CONFIG_UBUS
++CFLAGS += -DUBUS_SUPPORT
++OBJS += ../src/ap/ubus.o
++LIBS += -lubox -lubus
++endif
+
+ ifdef CONFIG_CODE_COVERAGE
+ CFLAGS += -O0 -fprofile-arcs -ftest-coverage
+--- a/src/ap/hostapd.h
++++ b/src/ap/hostapd.h
+@@ -17,6 +17,7 @@
+ #include "utils/list.h"
+ #include "ap_config.h"
+ #include "drivers/driver.h"
++#include "ubus.h"
+
+ #define OCE_STA_CFON_ENABLED(hapd) \
+ ((hapd->conf->oce & OCE_STA_CFON) && \
+@@ -80,7 +81,7 @@ struct hapd_interfaces {
+ #ifdef CONFIG_CTRL_IFACE_UDP
+ unsigned char ctrl_iface_cookie[CTRL_IFACE_COOKIE_LEN];
+ #endif /* CONFIG_CTRL_IFACE_UDP */
+-
++ struct ubus_object ubus;
+ };
+
+ enum hostapd_chan_status {
+@@ -171,6 +172,7 @@ struct hostapd_data {
+ struct hostapd_iface *iface;
+ struct hostapd_config *iconf;
+ struct hostapd_bss_config *conf;
++ struct hostapd_ubus_bss ubus;
+ int interface_added; /* virtual interface added for this BSS */
+ unsigned int started:1;
+ unsigned int disabled:1;
+@@ -630,6 +632,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+ struct hostapd_bss_config *bss);
+ int hostapd_setup_interface(struct hostapd_iface *iface);
+ int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
++void hostapd_set_own_neighbor_report(struct hostapd_data *hapd);
+ void hostapd_interface_deinit(struct hostapd_iface *iface);
+ void hostapd_interface_free(struct hostapd_iface *iface);
+ struct hostapd_iface * hostapd_alloc_iface(void);
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -396,6 +396,7 @@ void hostapd_free_hapd_data(struct hosta
+ hapd->beacon_set_done = 0;
+
+ wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
++ hostapd_ubus_free_bss(hapd);
+ accounting_deinit(hapd);
+ hostapd_deinit_wpa(hapd);
+ vlan_deinit(hapd);
+@@ -1422,6 +1423,8 @@ static int hostapd_setup_bss(struct host
+ if (hapd->driver && hapd->driver->set_operstate)
+ hapd->driver->set_operstate(hapd->drv_priv, 1);
+
++ hostapd_ubus_add_bss(hapd);
++
+ return 0;
+ }
+
+@@ -2028,6 +2031,7 @@ static int hostapd_setup_interface_compl
+ if (err)
+ goto fail;
+
++ hostapd_ubus_add_iface(iface);
+ wpa_printf(MSG_DEBUG, "Completing interface initialization");
+ if (iface->freq) {
+ #ifdef NEED_AP_MLME
+@@ -2225,6 +2229,7 @@ dfs_offload:
+
+ fail:
+ wpa_printf(MSG_ERROR, "Interface initialization failed");
++ hostapd_ubus_free_iface(iface);
+ hostapd_set_state(iface, HAPD_IFACE_DISABLED);
+ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
+ #ifdef CONFIG_FST
+@@ -2700,6 +2705,7 @@ void hostapd_interface_deinit_free(struc
+ (unsigned int) iface->conf->num_bss);
+ driver = iface->bss[0]->driver;
+ drv_priv = iface->bss[0]->drv_priv;
++ hostapd_ubus_free_iface(iface);
+ hostapd_interface_deinit(iface);
+ wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit",
+ __func__, driver, drv_priv);
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -3553,13 +3553,18 @@ static void handle_auth(struct hostapd_d
+ u16 auth_alg, auth_transaction, status_code;
+ u16 resp = WLAN_STATUS_SUCCESS;
+ struct sta_info *sta = NULL;
+- int res, reply_res;
++ int res, reply_res, ubus_resp;
+ u16 fc;
+ const u8 *challenge = NULL;
+ u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
+ size_t resp_ies_len = 0;
+ u16 seq_ctrl;
+ struct radius_sta rad_info;
++ struct hostapd_ubus_request req = {
++ .type = HOSTAPD_UBUS_AUTH_REQ,
++ .mgmt_frame = mgmt,
++ .ssi_signal = rssi,
++ };
+
+ if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
+ wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
+@@ -3727,6 +3732,13 @@ static void handle_auth(struct hostapd_d
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
++ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
++ if (ubus_resp) {
++ wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n",
++ MAC2STR(mgmt->sa));
++ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
++ goto fail;
++ }
+ if (res == HOSTAPD_ACL_PENDING)
+ return;
+
+@@ -5447,7 +5459,7 @@ static void handle_assoc(struct hostapd_
+ int resp = WLAN_STATUS_SUCCESS;
+ u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ const u8 *pos;
+- int left, i;
++ int left, i, ubus_resp;
+ struct sta_info *sta;
+ u8 *tmp = NULL;
+ #ifdef CONFIG_FILS
+@@ -5660,6 +5672,11 @@ static void handle_assoc(struct hostapd_
+ left = res;
+ }
+ #endif /* CONFIG_FILS */
++ struct hostapd_ubus_request req = {
++ .type = HOSTAPD_UBUS_ASSOC_REQ,
++ .mgmt_frame = mgmt,
++ .ssi_signal = rssi,
++ };
+
+ /* followed by SSID and Supported rates; and HT capabilities if 802.11n
+ * is used */
+@@ -5758,6 +5775,13 @@ static void handle_assoc(struct hostapd_
+ }
+ #endif /* CONFIG_FILS */
+
++ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
++ if (ubus_resp) {
++ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
++ MAC2STR(mgmt->sa));
++ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
++ goto fail;
++ }
+ fail:
+
+ /*
+@@ -5851,6 +5875,7 @@ static void handle_disassoc(struct hosta
+ wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
+ MAC2STR(mgmt->sa),
+ le_to_host16(mgmt->u.disassoc.reason_code));
++ hostapd_ubus_notify(hapd, "disassoc", mgmt->sa);
+
+ sta = ap_get_sta(hapd, mgmt->sa);
+ if (sta == NULL) {
+@@ -5920,6 +5945,8 @@ static void handle_deauth(struct hostapd
+ /* Clear the PTKSA cache entries for PASN */
+ ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
+
++ hostapd_ubus_notify(hapd, "deauth", mgmt->sa);
++
+ sta = ap_get_sta(hapd, mgmt->sa);
+ if (sta == NULL) {
+ wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
+--- a/src/ap/beacon.c
++++ b/src/ap/beacon.c
+@@ -852,6 +852,12 @@ void handle_probe_req(struct hostapd_dat
+ u16 csa_offs[2];
+ size_t csa_offs_len;
+ struct radius_sta rad_info;
++ struct hostapd_ubus_request req = {
++ .type = HOSTAPD_UBUS_PROBE_REQ,
++ .mgmt_frame = mgmt,
++ .ssi_signal = ssi_signal,
++ .elems = &elems,
++ };
+
+ if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
+ ssi_signal < hapd->iconf->rssi_ignore_probe_request)
+@@ -1038,6 +1044,12 @@ void handle_probe_req(struct hostapd_dat
+ }
+ #endif /* CONFIG_P2P */
+
++ if (hostapd_ubus_handle_event(hapd, &req)) {
++ wpa_printf(MSG_DEBUG, "Probe request for " MACSTR " rejected by ubus handler.\n",
++ MAC2STR(mgmt->sa));
++ return;
++ }
++
+ /* TODO: verify that supp_rates contains at least one matching rate
+ * with AP configuration */
+
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -145,6 +145,10 @@ int hostapd_notif_assoc(struct hostapd_d
+ u16 reason = WLAN_REASON_UNSPECIFIED;
+ int status = WLAN_STATUS_SUCCESS;
+ const u8 *p2p_dev_addr = NULL;
++ struct hostapd_ubus_request req = {
++ .type = HOSTAPD_UBUS_ASSOC_REQ,
++ .addr = addr,
++ };
+
+ if (addr == NULL) {
+ /*
+@@ -237,6 +241,12 @@ int hostapd_notif_assoc(struct hostapd_d
+ goto fail;
+ }
+
++ if (hostapd_ubus_handle_event(hapd, &req)) {
++ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
++ MAC2STR(req.addr));
++ goto fail;
++ }
++
+ #ifdef CONFIG_P2P
+ if (elems.p2p) {
+ wpabuf_free(sta->p2p_ie);
+--- a/src/ap/sta_info.c
++++ b/src/ap/sta_info.c
+@@ -458,6 +458,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_INFO, "deauthenticated due to "
+ "local deauth request");
++ hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
+ ap_free_sta(hapd, sta);
+ return;
+ }
+@@ -613,6 +614,7 @@ skip_poll:
+ mlme_deauthenticate_indication(
+ hapd, sta,
+ WLAN_REASON_PREV_AUTH_NOT_VALID);
++ hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
+ ap_free_sta(hapd, sta);
+ break;
+ }
+@@ -1329,6 +1331,7 @@ void ap_sta_set_authorized(struct hostap
+ buf, ip_addr, keyid_buf);
+ } else {
+ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
++ hostapd_ubus_notify(hapd, "disassoc", sta->addr);
+
+ if (hapd->msg_ctx_parent &&
+ hapd->msg_ctx_parent != hapd->msg_ctx)
+--- a/src/ap/wpa_auth_glue.c
++++ b/src/ap/wpa_auth_glue.c
+@@ -265,6 +265,7 @@ static void hostapd_wpa_auth_psk_failure
+ struct hostapd_data *hapd = ctx;
+ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
+ MAC2STR(addr));
++ hostapd_ubus_notify(hapd, "key-mismatch", addr);
+ }
+
+
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -176,6 +176,12 @@ ifdef CONFIG_EAPOL_TEST
+ CFLAGS += -Werror -DEAPOL_TEST
+ endif
+
++ifdef CONFIG_UBUS
++CFLAGS += -DUBUS_SUPPORT
++OBJS += ubus.o
++LIBS += -lubox -lubus
++endif
++
+ ifdef CONFIG_CODE_COVERAGE
+ CFLAGS += -O0 -fprofile-arcs -ftest-coverage
+ LIBS += -lgcov
+@@ -962,6 +968,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
+ CFLAGS += -DCONFIG_CTRL_IFACE_MIB
+ endif
+ OBJS += ../src/ap/ctrl_iface_ap.o
++ifdef CONFIG_UBUS
++OBJS += ../src/ap/ubus.o
++endif
+ endif
+
+ CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -7241,6 +7241,8 @@ struct wpa_supplicant * wpa_supplicant_a
+ }
+ #endif /* CONFIG_P2P */
+
++ wpas_ubus_add_bss(wpa_s);
++
+ return wpa_s;
+ }
+
+@@ -7267,6 +7269,8 @@ int wpa_supplicant_remove_iface(struct w
+ struct wpa_supplicant *parent = wpa_s->parent;
+ #endif /* CONFIG_MESH */
+
++ wpas_ubus_free_bss(wpa_s);
++
+ /* Remove interface from the global list of interfaces */
+ prev = global->ifaces;
+ if (prev == wpa_s) {
+@@ -7570,8 +7574,12 @@ int wpa_supplicant_run(struct wpa_global
+ eloop_register_signal_terminate(wpa_supplicant_terminate, global);
+ eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
+
++ wpas_ubus_add(global);
++
+ eloop_run();
+
++ wpas_ubus_free(global);
++
+ return 0;
+ }
+
+--- a/wpa_supplicant/wpa_supplicant_i.h
++++ b/wpa_supplicant/wpa_supplicant_i.h
+@@ -19,6 +19,7 @@
+ #include "wps/wps_defs.h"
+ #include "config_ssid.h"
+ #include "wmm_ac.h"
++#include "ubus.h"
+
+ extern const char *const wpa_supplicant_version;
+ extern const char *const wpa_supplicant_license;
+@@ -322,6 +323,8 @@ struct wpa_global {
+ #endif /* CONFIG_WIFI_DISPLAY */
+
+ struct psk_list_entry *add_psk; /* From group formation */
++
++ struct ubus_object ubus_global;
+ };
+
+
+@@ -708,6 +711,7 @@ struct wpa_supplicant {
+ unsigned char own_addr[ETH_ALEN];
+ unsigned char perm_addr[ETH_ALEN];
+ char ifname[100];
++ struct wpas_ubus_bss ubus;
+ #ifdef CONFIG_MATCH_IFACE
+ int matched;
+ #endif /* CONFIG_MATCH_IFACE */
+--- a/wpa_supplicant/wps_supplicant.c
++++ b/wpa_supplicant/wps_supplicant.c
+@@ -33,6 +33,7 @@
+ #include "p2p/p2p.h"
+ #include "p2p_supplicant.h"
+ #include "wps_supplicant.h"
++#include "ubus.h"
+
+
+ #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
+@@ -393,6 +394,8 @@ static int wpa_supplicant_wps_cred(void
+ wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
+ cred->cred_attr, cred->cred_attr_len);
+
++ wpas_ubus_notify(wpa_s, cred);
++
+ if (wpa_s->conf->wps_cred_processing == 1)
+ return 0;
+
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -895,6 +895,7 @@ int main(int argc, char *argv[])
+ }
+
+ hostapd_global_ctrl_iface_init(&interfaces);
++ hostapd_ubus_add(&interfaces);
+
+ if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
+ wpa_printf(MSG_ERROR, "Failed to start eloop");
+@@ -904,6 +905,7 @@ int main(int argc, char *argv[])
+ ret = 0;
+
+ out:
++ hostapd_ubus_free(&interfaces);
+ hostapd_global_ctrl_iface_deinit(&interfaces);
+ /* Deinitialize all interfaces */
+ for (i = 0; i < interfaces.count; i++) {
+--- a/wpa_supplicant/main.c
++++ b/wpa_supplicant/main.c
+@@ -203,7 +203,7 @@ int main(int argc, char *argv[])
+
+ for (;;) {
+ c = getopt(argc, argv,
+- "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W");
++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:nNo:O:p:P:qsTtuv::W");
+ if (c < 0)
+ break;
+ switch (c) {
+@@ -271,6 +271,9 @@ int main(int argc, char *argv[])
+ params.conf_p2p_dev = optarg;
+ break;
+ #endif /* CONFIG_P2P */
++ case 'n':
++ iface_count = 0;
++ break;
+ case 'o':
+ params.override_driver = optarg;
+ break;
+--- a/src/ap/rrm.c
++++ b/src/ap/rrm.c
+@@ -89,6 +89,9 @@ static void hostapd_handle_beacon_report
+ return;
+ wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_RESP_RX MACSTR " %u %02x %s",
+ MAC2STR(addr), token, rep_mode, report);
++ if (len < sizeof(struct rrm_measurement_beacon_report))
++ return;
++ hostapd_ubus_notify_beacon_report(hapd, addr, token, rep_mode, (struct rrm_measurement_beacon_report*) pos, len);
+ }
+
+
+@@ -352,6 +355,9 @@ void hostapd_handle_radio_measurement(st
+ mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
+
+ switch (mgmt->u.action.u.rrm.action) {
++ case WLAN_RRM_LINK_MEASUREMENT_REPORT:
++ hostapd_ubus_handle_link_measurement(hapd, buf, len);
++ break;
+ case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
+ hostapd_handle_radio_msmt_report(hapd, buf, len);
+ break;
+--- a/src/ap/vlan_init.c
++++ b/src/ap/vlan_init.c
+@@ -22,6 +22,7 @@
+ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
+ int existsok)
+ {
++ bool vlan_exists = iface_exists(vlan->ifname);
+ int ret;
+ #ifdef CONFIG_WEP
+ int i;
+@@ -36,7 +37,7 @@ static int vlan_if_add(struct hostapd_da
+ }
+ #endif /* CONFIG_WEP */
+
+- if (!iface_exists(vlan->ifname))
++ if (!vlan_exists)
+ ret = hostapd_vlan_if_add(hapd, vlan->ifname);
+ else if (!existsok)
+ return -1;
+@@ -51,6 +52,9 @@ static int vlan_if_add(struct hostapd_da
+ if (hapd->wpa_auth)
+ ret = wpa_auth_ensure_group(hapd->wpa_auth, vlan->vlan_id);
+
++ if (!ret && !vlan_exists)
++ hostapd_ubus_add_vlan(hapd, vlan);
++
+ if (ret == 0)
+ return ret;
+
+@@ -77,6 +81,8 @@ int vlan_if_remove(struct hostapd_data *
+ "WPA deinitialization for VLAN %d failed (%d)",
+ vlan->vlan_id, ret);
+
++ hostapd_ubus_remove_vlan(hapd, vlan);
++
+ return hostapd_vlan_if_remove(hapd, vlan->ifname);
+ }
+
+--- a/src/ap/dfs.c
++++ b/src/ap/dfs.c
+@@ -1196,6 +1196,8 @@ int hostapd_dfs_radar_detected(struct ho
+ "freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
+ freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
+
++ hostapd_ubus_notify_radar_detected(iface, freq, chan_width, cf1, cf2);
++
+ /* Proceed only if DFS is not offloaded to the driver */
+ if (iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD)
+ return 0;
+--- a/src/ap/airtime_policy.c
++++ b/src/ap/airtime_policy.c
+@@ -112,8 +112,14 @@ static void set_sta_weights(struct hosta
+ {
+ struct sta_info *sta;
+
+- for (sta = hapd->sta_list; sta; sta = sta->next)
+- sta_set_airtime_weight(hapd, sta, weight);
++ for (sta = hapd->sta_list; sta; sta = sta->next) {
++ unsigned int sta_weight = weight;
++
++ if (sta->dyn_airtime_weight)
++ sta_weight = (weight * sta->dyn_airtime_weight) / 256;
++
++ sta_set_airtime_weight(hapd, sta, sta_weight);
++ }
+ }
+
+
+@@ -244,7 +250,10 @@ int airtime_policy_new_sta(struct hostap
+ unsigned int weight;
+
+ if (hapd->iconf->airtime_mode == AIRTIME_MODE_STATIC) {
+- weight = get_weight_for_sta(hapd, sta->addr);
++ if (sta->dyn_airtime_weight)
++ weight = sta->dyn_airtime_weight;
++ else
++ weight = get_weight_for_sta(hapd, sta->addr);
+ if (weight)
+ return sta_set_airtime_weight(hapd, sta, weight);
+ }
+--- a/src/ap/sta_info.h
++++ b/src/ap/sta_info.h
+@@ -324,6 +324,7 @@ struct sta_info {
+ #endif /* CONFIG_TESTING_OPTIONS */
+ #ifdef CONFIG_AIRTIME_POLICY
+ unsigned int airtime_weight;
++ unsigned int dyn_airtime_weight;
+ struct os_reltime backlogged_until;
+ #endif /* CONFIG_AIRTIME_POLICY */
+
+--- a/src/ap/wnm_ap.c
++++ b/src/ap/wnm_ap.c
+@@ -442,7 +442,8 @@ static void ieee802_11_rx_bss_trans_mgmt
+ wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
+ pos, end - pos);
+
+- ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
++ if (!hostapd_ubus_notify_bss_transition_query(hapd, addr, dialog_token, reason, pos, end - pos))
++ ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
+ }
+
+
+@@ -464,7 +465,7 @@ static void ieee802_11_rx_bss_trans_mgmt
+ size_t len)
+ {
+ u8 dialog_token, status_code, bss_termination_delay;
+- const u8 *pos, *end;
++ const u8 *pos, *end, *target_bssid = NULL;
+ int enabled = hapd->conf->bss_transition;
+ struct sta_info *sta;
+
+@@ -511,6 +512,7 @@ static void ieee802_11_rx_bss_trans_mgmt
+ wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
+ return;
+ }
++ target_bssid = pos;
+ sta->agreed_to_steer = 1;
+ eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
+ eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
+@@ -530,6 +532,10 @@ static void ieee802_11_rx_bss_trans_mgmt
+ MAC2STR(addr), status_code, bss_termination_delay);
+ }
+
++ hostapd_ubus_notify_bss_transition_response(hapd, sta->addr, dialog_token,
++ status_code, bss_termination_delay,
++ target_bssid, pos, end - pos);
++
+ wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
+ pos, end - pos);
+ }
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/610-hostapd_cli_ujail_permission.patch b/recipes-connectivity/wpa-supplicant/files/patches/610-hostapd_cli_ujail_permission.patch
new file mode 100644
index 0000000..a03fcc9
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/610-hostapd_cli_ujail_permission.patch
@@ -0,0 +1,33 @@
+--- a/src/common/wpa_ctrl.c
++++ b/src/common/wpa_ctrl.c
+@@ -135,7 +135,7 @@ try_again:
+ return NULL;
+ }
+ tries++;
+-#ifdef ANDROID
++
+ /* Set client socket file permissions so that bind() creates the client
+ * socket with these permissions and there is no need to try to change
+ * them with chmod() after bind() which would have potential issues with
+@@ -147,7 +147,7 @@ try_again:
+ * operations to allow the response to go through. Those are using the
+ * no-deference-symlinks version to avoid races. */
+ fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+-#endif /* ANDROID */
++
+ if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
+ sizeof(ctrl->local)) < 0) {
+ if (errno == EADDRINUSE && tries < 2) {
+@@ -165,7 +165,11 @@ try_again:
+ return NULL;
+ }
+
+-#ifdef ANDROID
++#ifndef ANDROID
++ /* Set group even if we do not have privileges to change owner */
++ lchown(ctrl->local.sun_path, -1, 101);
++ lchown(ctrl->local.sun_path, 101, 101);
++#else
+ /* Set group even if we do not have privileges to change owner */
+ lchown(ctrl->local.sun_path, -1, AID_WIFI);
+ lchown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI);
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/700-wifi-reload.patch b/recipes-connectivity/wpa-supplicant/files/patches/700-wifi-reload.patch
new file mode 100644
index 0000000..e6d7c2f
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/700-wifi-reload.patch
@@ -0,0 +1,220 @@
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -2458,6 +2458,8 @@ static int hostapd_config_fill(struct ho
+ bss->isolate = atoi(pos);
+ } else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
+ bss->ap_max_inactivity = atoi(pos);
++ } else if (os_strcmp(buf, "config_id") == 0) {
++ bss->config_id = os_strdup(pos);
+ } else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
+ bss->skip_inactivity_poll = atoi(pos);
+ } else if (os_strcmp(buf, "country_code") == 0) {
+@@ -3158,6 +3160,8 @@ static int hostapd_config_fill(struct ho
+ }
+ } else if (os_strcmp(buf, "acs_exclude_dfs") == 0) {
+ conf->acs_exclude_dfs = atoi(pos);
++ } else if (os_strcmp(buf, "radio_config_id") == 0) {
++ conf->config_id = os_strdup(pos);
+ } else if (os_strcmp(buf, "op_class") == 0) {
+ conf->op_class = atoi(pos);
+ } else if (os_strcmp(buf, "channel") == 0) {
+--- a/src/ap/ap_config.c
++++ b/src/ap/ap_config.c
+@@ -792,6 +792,7 @@ void hostapd_config_free_bss(struct host
+ os_free(conf->radius_req_attr_sqlite);
+ os_free(conf->rsn_preauth_interfaces);
+ os_free(conf->ctrl_interface);
++ os_free(conf->config_id);
+ os_free(conf->ca_cert);
+ os_free(conf->server_cert);
+ os_free(conf->server_cert2);
+@@ -988,6 +989,7 @@ void hostapd_config_free(struct hostapd_
+
+ for (i = 0; i < conf->num_bss; i++)
+ hostapd_config_free_bss(conf->bss[i]);
++ os_free(conf->config_id);
+ os_free(conf->bss);
+ os_free(conf->supported_rates);
+ os_free(conf->basic_rates);
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -279,6 +279,8 @@ struct hostapd_bss_config {
+ char vlan_bridge[IFNAMSIZ + 1];
+ char wds_bridge[IFNAMSIZ + 1];
+
++ char *config_id;
++
+ enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
+
+ unsigned int logger_syslog; /* module bitfield */
+@@ -942,6 +944,7 @@ struct spatial_reuse {
+ struct hostapd_config {
+ struct hostapd_bss_config **bss, *last_bss;
+ size_t num_bss;
++ char *config_id;
+
+ u16 beacon_int;
+ int rts_threshold;
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -219,6 +219,10 @@ static int hostapd_iface_conf_changed(st
+ {
+ size_t i;
+
++ if (newconf->config_id != oldconf->config_id)
++ if (strcmp(newconf->config_id, oldconf->config_id))
++ return 1;
++
+ if (newconf->num_bss != oldconf->num_bss)
+ return 1;
+
+@@ -232,7 +236,7 @@ static int hostapd_iface_conf_changed(st
+ }
+
+
+-int hostapd_reload_config(struct hostapd_iface *iface)
++int hostapd_reload_config(struct hostapd_iface *iface, int reconf)
+ {
+ struct hapd_interfaces *interfaces = iface->interfaces;
+ struct hostapd_data *hapd = iface->bss[0];
+@@ -255,13 +259,16 @@ int hostapd_reload_config(struct hostapd
+ if (newconf == NULL)
+ return -1;
+
+- hostapd_clear_old(iface);
+-
+ oldconf = hapd->iconf;
+ if (hostapd_iface_conf_changed(newconf, oldconf)) {
+ char *fname;
+ int res;
+
++ if (reconf)
++ return -1;
++
++ hostapd_clear_old(iface);
++
+ wpa_printf(MSG_DEBUG,
+ "Configuration changes include interface/BSS modification - force full disable+enable sequence");
+ fname = os_strdup(iface->config_fname);
+@@ -286,6 +293,24 @@ int hostapd_reload_config(struct hostapd
+ wpa_printf(MSG_ERROR,
+ "Failed to enable interface on config reload");
+ return res;
++ } else {
++ for (j = 0; j < iface->num_bss; j++) {
++ hapd = iface->bss[j];
++ if (!hapd->config_id || strcmp(hapd->config_id, newconf->bss[j]->config_id)) {
++ hostapd_flush_old_stations(iface->bss[j],
++ WLAN_REASON_PREV_AUTH_NOT_VALID);
++#ifdef CONFIG_WEP
++ hostapd_broadcast_wep_clear(iface->bss[j]);
++#endif
++
++#ifndef CONFIG_NO_RADIUS
++ /* TODO: update dynamic data based on changed configuration
++ * items (e.g., open/close sockets, etc.) */
++ radius_client_flush(iface->bss[j]->radius, 0);
++#endif /* CONFIG_NO_RADIUS */
++ wpa_printf(MSG_INFO, "bss %zu changed", j);
++ }
++ }
+ }
+ iface->conf = newconf;
+
+@@ -302,6 +327,12 @@ int hostapd_reload_config(struct hostapd
+
+ for (j = 0; j < iface->num_bss; j++) {
+ hapd = iface->bss[j];
++ if (hapd->config_id) {
++ os_free(hapd->config_id);
++ hapd->config_id = NULL;
++ }
++ if (newconf->bss[j]->config_id)
++ hapd->config_id = strdup(newconf->bss[j]->config_id);
+ hapd->iconf = newconf;
+ hapd->conf = newconf->bss[j];
+ hostapd_reload_bss(hapd);
+@@ -2397,6 +2428,10 @@ hostapd_alloc_bss_data(struct hostapd_if
+ hapd->iconf = conf;
+ hapd->conf = bss;
+ hapd->iface = hapd_iface;
++ if (bss && bss->config_id)
++ hapd->config_id = strdup(bss->config_id);
++ else
++ hapd->config_id = NULL;
+ if (conf)
+ hapd->driver = conf->driver;
+ hapd->ctrl_sock = -1;
+--- a/src/ap/hostapd.h
++++ b/src/ap/hostapd.h
+@@ -46,7 +46,7 @@ struct mesh_conf;
+ struct hostapd_iface;
+
+ struct hapd_interfaces {
+- int (*reload_config)(struct hostapd_iface *iface);
++ int (*reload_config)(struct hostapd_iface *iface, int reconf);
+ struct hostapd_config * (*config_read_cb)(const char *config_fname);
+ int (*ctrl_iface_init)(struct hostapd_data *hapd);
+ void (*ctrl_iface_deinit)(struct hostapd_data *hapd);
+@@ -173,6 +173,7 @@ struct hostapd_data {
+ struct hostapd_config *iconf;
+ struct hostapd_bss_config *conf;
+ struct hostapd_ubus_bss ubus;
++ char *config_id;
+ int interface_added; /* virtual interface added for this BSS */
+ unsigned int started:1;
+ unsigned int disabled:1;
+@@ -624,7 +625,7 @@ struct hostapd_iface {
+ int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
+ int (*cb)(struct hostapd_iface *iface,
+ void *ctx), void *ctx);
+-int hostapd_reload_config(struct hostapd_iface *iface);
++int hostapd_reload_config(struct hostapd_iface *iface, int reconf);
+ void hostapd_reconfig_encryption(struct hostapd_data *hapd);
+ struct hostapd_data *
+ hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -4833,6 +4833,9 @@ static int wpa_driver_nl80211_set_ap(voi
+ if (ret) {
+ wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
+ ret, strerror(-ret));
++ if (!bss->beacon_set)
++ ret = 0;
++ bss->beacon_set = 0;
+ } else {
+ bss->beacon_set = 1;
+ nl80211_set_bss(bss, params->cts_protect, params->preamble,
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -186,7 +186,7 @@ static int hostapd_ctrl_iface_update(str
+ iface->interfaces->config_read_cb = hostapd_ctrl_iface_config_read;
+ reload_opts = txt;
+
+- hostapd_reload_config(iface);
++ hostapd_reload_config(iface, 0);
+
+ iface->interfaces->config_read_cb = config_read_cb;
+ }
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -317,7 +317,7 @@ static void handle_term(int sig, void *s
+
+ static int handle_reload_iface(struct hostapd_iface *iface, void *ctx)
+ {
+- if (hostapd_reload_config(iface) < 0) {
++ if (hostapd_reload_config(iface, 0) < 0) {
+ wpa_printf(MSG_WARNING, "Failed to read new configuration "
+ "file - continuing with old.");
+ }
+--- a/src/ap/wps_hostapd.c
++++ b/src/ap/wps_hostapd.c
+@@ -315,7 +315,7 @@ static void wps_reload_config(void *eloo
+
+ wpa_printf(MSG_DEBUG, "WPS: Reload configuration data");
+ if (iface->interfaces == NULL ||
+- iface->interfaces->reload_config(iface) < 0) {
++ iface->interfaces->reload_config(iface, 1) < 0) {
+ wpa_printf(MSG_WARNING, "WPS: Failed to reload the updated "
+ "configuration");
+ }
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/710-vlan_no_bridge.patch b/recipes-connectivity/wpa-supplicant/files/patches/710-vlan_no_bridge.patch
new file mode 100644
index 0000000..856dc8b
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/710-vlan_no_bridge.patch
@@ -0,0 +1,41 @@
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -115,6 +115,7 @@ struct hostapd_ssid {
+ #define DYNAMIC_VLAN_OPTIONAL 1
+ #define DYNAMIC_VLAN_REQUIRED 2
+ int dynamic_vlan;
++ int vlan_no_bridge;
+ #define DYNAMIC_VLAN_NAMING_WITHOUT_DEVICE 0
+ #define DYNAMIC_VLAN_NAMING_WITH_DEVICE 1
+ #define DYNAMIC_VLAN_NAMING_END 2
+--- a/src/ap/vlan_full.c
++++ b/src/ap/vlan_full.c
+@@ -475,6 +475,9 @@ void vlan_newlink(const char *ifname, st
+ if (!vlan)
+ return;
+
++ if (hapd->conf->ssid.vlan_no_bridge)
++ goto out;
++
+ vlan->configured = 1;
+
+ notempty = vlan->vlan_desc.notempty;
+@@ -506,6 +509,7 @@ void vlan_newlink(const char *ifname, st
+ ifname, br_name, tagged[i], hapd);
+ }
+
++out:
+ ifconfig_up(ifname);
+ }
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3381,6 +3381,8 @@ static int hostapd_config_fill(struct ho
+ #ifndef CONFIG_NO_VLAN
+ } else if (os_strcmp(buf, "dynamic_vlan") == 0) {
+ bss->ssid.dynamic_vlan = atoi(pos);
++ } else if (os_strcmp(buf, "vlan_no_bridge") == 0) {
++ bss->ssid.vlan_no_bridge = atoi(pos);
+ } else if (os_strcmp(buf, "per_sta_vif") == 0) {
+ bss->ssid.per_sta_vif = atoi(pos);
+ } else if (os_strcmp(buf, "vlan_file") == 0) {
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/711-wds_bridge_force.patch b/recipes-connectivity/wpa-supplicant/files/patches/711-wds_bridge_force.patch
new file mode 100644
index 0000000..a22580c
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/711-wds_bridge_force.patch
@@ -0,0 +1,22 @@
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -2358,6 +2358,8 @@ static int hostapd_config_fill(struct ho
+ sizeof(conf->bss[0]->iface));
+ } else if (os_strcmp(buf, "bridge") == 0) {
+ os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
++ if (!bss->wds_bridge[0])
++ os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
+ } else if (os_strcmp(buf, "vlan_bridge") == 0) {
+ os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
+ } else if (os_strcmp(buf, "wds_bridge") == 0) {
+--- a/src/ap/ap_drv_ops.c
++++ b/src/ap/ap_drv_ops.c
+@@ -340,8 +340,6 @@ int hostapd_set_wds_sta(struct hostapd_d
+ return -1;
+ if (hapd->conf->wds_bridge[0])
+ bridge = hapd->conf->wds_bridge;
+- else if (hapd->conf->bridge[0])
+- bridge = hapd->conf->bridge;
+ return hapd->driver->set_wds_sta(hapd->drv_priv, addr, aid, val,
+ bridge, ifname_wds);
+ }
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/720-iface_max_num_sta.patch b/recipes-connectivity/wpa-supplicant/files/patches/720-iface_max_num_sta.patch
new file mode 100644
index 0000000..106f9d7
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/720-iface_max_num_sta.patch
@@ -0,0 +1,82 @@
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -2880,6 +2880,14 @@ static int hostapd_config_fill(struct ho
+ line, bss->max_num_sta, MAX_STA_COUNT);
+ return 1;
+ }
++ } else if (os_strcmp(buf, "iface_max_num_sta") == 0) {
++ conf->max_num_sta = atoi(pos);
++ if (conf->max_num_sta < 0 ||
++ conf->max_num_sta > MAX_STA_COUNT) {
++ wpa_printf(MSG_ERROR, "Line %d: Invalid max_num_sta=%d; allowed range 0..%d",
++ line, conf->max_num_sta, MAX_STA_COUNT);
++ return 1;
++ }
+ } else if (os_strcmp(buf, "wpa") == 0) {
+ bss->wpa = atoi(pos);
+ } else if (os_strcmp(buf, "extended_key_id") == 0) {
+--- a/src/ap/hostapd.h
++++ b/src/ap/hostapd.h
+@@ -668,6 +668,7 @@ void hostapd_cleanup_cs_params(struct ho
+ void hostapd_periodic_iface(struct hostapd_iface *iface);
+ int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
+ void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
++int hostapd_check_max_sta(struct hostapd_data *hapd);
+
+ /* utils.c */
+ int hostapd_register_probereq_cb(struct hostapd_data *hapd,
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -236,6 +236,30 @@ static int hostapd_iface_conf_changed(st
+ }
+
+
++static inline int hostapd_iface_num_sta(struct hostapd_iface *iface)
++{
++ int num_sta = 0;
++ int i;
++
++ for (i = 0; i < iface->num_bss; i++)
++ num_sta += iface->bss[i]->num_sta;
++
++ return num_sta;
++}
++
++
++int hostapd_check_max_sta(struct hostapd_data *hapd)
++{
++ if (hapd->num_sta >= hapd->conf->max_num_sta)
++ return 1;
++
++ if (hapd->iconf->max_num_sta &&
++ hostapd_iface_num_sta(hapd->iface) >= hapd->iconf->max_num_sta)
++ return 1;
++
++ return 0;
++}
++
+ int hostapd_reload_config(struct hostapd_iface *iface, int reconf)
+ {
+ struct hapd_interfaces *interfaces = iface->interfaces;
+--- a/src/ap/beacon.c
++++ b/src/ap/beacon.c
+@@ -1068,7 +1068,7 @@ void handle_probe_req(struct hostapd_dat
+ if (hapd->conf->no_probe_resp_if_max_sta &&
+ is_multicast_ether_addr(mgmt->da) &&
+ is_multicast_ether_addr(mgmt->bssid) &&
+- hapd->num_sta >= hapd->conf->max_num_sta &&
++ hostapd_check_max_sta(hapd) &&
+ !ap_get_sta(hapd, mgmt->sa)) {
+ wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR
+ " since no room for additional STA",
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -981,6 +981,8 @@ struct hostapd_config {
+ unsigned int track_sta_max_num;
+ unsigned int track_sta_max_age;
+
++ int max_num_sta;
++
+ char country[3]; /* first two octets: country code as described in
+ * ISO/IEC 3166-1. Third octet:
+ * ' ' (ascii 32): all environments
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/730-ft_iface.patch b/recipes-connectivity/wpa-supplicant/files/patches/730-ft_iface.patch
new file mode 100644
index 0000000..b580922
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/730-ft_iface.patch
@@ -0,0 +1,38 @@
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3038,6 +3038,8 @@ static int hostapd_config_fill(struct ho
+ wpa_printf(MSG_INFO,
+ "Line %d: Obsolete peerkey parameter ignored", line);
+ #ifdef CONFIG_IEEE80211R_AP
++ } else if (os_strcmp(buf, "ft_iface") == 0) {
++ os_strlcpy(bss->ft_iface, pos, sizeof(bss->ft_iface));
+ } else if (os_strcmp(buf, "mobility_domain") == 0) {
+ if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
+ hexstr2bin(pos, bss->mobility_domain,
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -277,6 +277,7 @@ struct airtime_sta_weight {
+ struct hostapd_bss_config {
+ char iface[IFNAMSIZ + 1];
+ char bridge[IFNAMSIZ + 1];
++ char ft_iface[IFNAMSIZ + 1];
+ char vlan_bridge[IFNAMSIZ + 1];
+ char wds_bridge[IFNAMSIZ + 1];
+
+--- a/src/ap/wpa_auth_glue.c
++++ b/src/ap/wpa_auth_glue.c
+@@ -1566,8 +1566,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+ wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
+ const char *ft_iface;
+
+- ft_iface = hapd->conf->bridge[0] ? hapd->conf->bridge :
+- hapd->conf->iface;
++ if (hapd->conf->ft_iface[0])
++ ft_iface = hapd->conf->ft_iface;
++ else if (hapd->conf->bridge[0])
++ ft_iface = hapd->conf->bridge;
++ else
++ ft_iface = hapd->conf->iface;
+ hapd->l2 = l2_packet_init(ft_iface, NULL, ETH_P_RRB,
+ hostapd_rrb_receive, hapd, 1);
+ if (!hapd->l2) {
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/740-snoop_iface.patch b/recipes-connectivity/wpa-supplicant/files/patches/740-snoop_iface.patch
new file mode 100644
index 0000000..2ed7375
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/740-snoop_iface.patch
@@ -0,0 +1,66 @@
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -278,6 +278,7 @@ struct hostapd_bss_config {
+ char iface[IFNAMSIZ + 1];
+ char bridge[IFNAMSIZ + 1];
+ char ft_iface[IFNAMSIZ + 1];
++ char snoop_iface[IFNAMSIZ + 1];
+ char vlan_bridge[IFNAMSIZ + 1];
+ char wds_bridge[IFNAMSIZ + 1];
+
+--- a/src/ap/x_snoop.c
++++ b/src/ap/x_snoop.c
+@@ -31,14 +31,16 @@ int x_snoop_init(struct hostapd_data *ha
+ return -1;
+ }
+
+- if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
++ if (!conf->snoop_iface[0] &&
++ hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
+ 1)) {
+ wpa_printf(MSG_DEBUG,
+ "x_snoop: Failed to enable hairpin_mode on the bridge port");
+ return -1;
+ }
+
+- if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 1)) {
++ if (!conf->snoop_iface[0] &&
++ hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 1)) {
+ wpa_printf(MSG_DEBUG,
+ "x_snoop: Failed to enable proxyarp on the bridge port");
+ return -1;
+@@ -52,7 +54,8 @@ int x_snoop_init(struct hostapd_data *ha
+ }
+
+ #ifdef CONFIG_IPV6
+- if (hostapd_drv_br_set_net_param(hapd, DRV_BR_MULTICAST_SNOOPING, 1)) {
++ if (!conf->snoop_iface[0] &&
++ hostapd_drv_br_set_net_param(hapd, DRV_BR_MULTICAST_SNOOPING, 1)) {
+ wpa_printf(MSG_DEBUG,
+ "x_snoop: Failed to enable multicast snooping on the bridge");
+ return -1;
+@@ -71,8 +74,12 @@ x_snoop_get_l2_packet(struct hostapd_dat
+ {
+ struct hostapd_bss_config *conf = hapd->conf;
+ struct l2_packet_data *l2;
++ const char *ifname = conf->bridge;
+
+- l2 = l2_packet_init(conf->bridge, NULL, ETH_P_ALL, handler, hapd, 1);
++ if (conf->snoop_iface[0])
++ ifname = conf->snoop_iface;
++
++ l2 = l2_packet_init(ifname, NULL, ETH_P_ALL, handler, hapd, 1);
+ if (l2 == NULL) {
+ wpa_printf(MSG_DEBUG,
+ "x_snoop: Failed to initialize L2 packet processing %s",
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -2360,6 +2360,8 @@ static int hostapd_config_fill(struct ho
+ os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
+ if (!bss->wds_bridge[0])
+ os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
++ } else if (os_strcmp(buf, "snoop_iface") == 0) {
++ os_strlcpy(bss->snoop_iface, pos, sizeof(bss->snoop_iface));
+ } else if (os_strcmp(buf, "vlan_bridge") == 0) {
+ os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
+ } else if (os_strcmp(buf, "wds_bridge") == 0) {
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/750-qos_map_set_without_interworking.patch b/recipes-connectivity/wpa-supplicant/files/patches/750-qos_map_set_without_interworking.patch
new file mode 100644
index 0000000..43a4ea7
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/750-qos_map_set_without_interworking.patch
@@ -0,0 +1,112 @@
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -1644,6 +1644,8 @@ static int parse_anqp_elem(struct hostap
+ return 0;
+ }
+
++#endif /* CONFIG_INTERWORKING */
++
+
+ static int parse_qos_map_set(struct hostapd_bss_config *bss,
+ char *buf, int line)
+@@ -1685,8 +1687,6 @@ static int parse_qos_map_set(struct host
+ return 0;
+ }
+
+-#endif /* CONFIG_INTERWORKING */
+-
+
+ #ifdef CONFIG_HS20
+ static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
+@@ -4077,10 +4077,10 @@ static int hostapd_config_fill(struct ho
+ bss->gas_frag_limit = val;
+ } else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
+ bss->gas_comeback_delay = atoi(pos);
++#endif /* CONFIG_INTERWORKING */
+ } else if (os_strcmp(buf, "qos_map_set") == 0) {
+ if (parse_qos_map_set(bss, pos, line) < 0)
+ return 1;
+-#endif /* CONFIG_INTERWORKING */
+ #ifdef CONFIG_RADIUS_TEST
+ } else if (os_strcmp(buf, "dump_msk_file") == 0) {
+ os_free(bss->dump_msk_file);
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -1415,6 +1415,7 @@ static int hostapd_setup_bss(struct host
+ wpa_printf(MSG_ERROR, "GAS server initialization failed");
+ return -1;
+ }
++#endif /* CONFIG_INTERWORKING */
+
+ if (conf->qos_map_set_len &&
+ hostapd_drv_set_qos_map(hapd, conf->qos_map_set,
+@@ -1422,7 +1423,6 @@ static int hostapd_setup_bss(struct host
+ wpa_printf(MSG_ERROR, "Failed to initialize QoS Map");
+ return -1;
+ }
+-#endif /* CONFIG_INTERWORKING */
+
+ if (conf->bss_load_update_period && bss_load_update_init(hapd)) {
+ wpa_printf(MSG_ERROR, "BSS Load initialization failed");
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -271,12 +271,10 @@ int hostapd_notif_assoc(struct hostapd_d
+ }
+ #endif /* NEED_AP_MLME */
+
+-#ifdef CONFIG_INTERWORKING
+ if (elems.ext_capab && elems.ext_capab_len > 4) {
+ if (elems.ext_capab[4] & 0x01)
+ sta->qos_map_enabled = 1;
+ }
+-#endif /* CONFIG_INTERWORKING */
+
+ #ifdef CONFIG_HS20
+ wpabuf_free(sta->hs20_ie);
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4129,13 +4129,11 @@ static u16 copy_supp_rates(struct hostap
+ static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
+ const u8 *ext_capab_ie, size_t ext_capab_ie_len)
+ {
+-#ifdef CONFIG_INTERWORKING
+ /* check for QoS Map support */
+ if (ext_capab_ie_len >= 5) {
+ if (ext_capab_ie[4] & 0x01)
+ sta->qos_map_enabled = 1;
+ }
+-#endif /* CONFIG_INTERWORKING */
+
+ if (ext_capab_ie_len > 0) {
+ sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -2540,8 +2540,6 @@ void wnm_bss_keep_alive_deinit(struct wp
+ }
+
+
+-#ifdef CONFIG_INTERWORKING
+-
+ static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
+ size_t len)
+ {
+@@ -2574,8 +2572,6 @@ static void interworking_process_assoc_r
+ }
+ }
+
+-#endif /* CONFIG_INTERWORKING */
+-
+
+ static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
+ const u8 *ies, size_t ies_len)
+@@ -2908,10 +2904,8 @@ static int wpa_supplicant_event_associnf
+ wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
+ data->assoc_info.resp_ies_len);
+ #endif /* CONFIG_WNM */
+-#ifdef CONFIG_INTERWORKING
+ interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
+ data->assoc_info.resp_ies_len);
+-#endif /* CONFIG_INTERWORKING */
+ if (wpa_s->hw_capab == CAPAB_VHT &&
+ get_ie(data->assoc_info.resp_ies,
+ data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/751-qos_map_ignore_when_unsupported.patch b/recipes-connectivity/wpa-supplicant/files/patches/751-qos_map_ignore_when_unsupported.patch
new file mode 100644
index 0000000..8af5a0a
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/751-qos_map_ignore_when_unsupported.patch
@@ -0,0 +1,12 @@
+--- a/src/ap/ap_drv_ops.c
++++ b/src/ap/ap_drv_ops.c
+@@ -850,7 +850,8 @@ int hostapd_start_dfs_cac(struct hostapd
+ int hostapd_drv_set_qos_map(struct hostapd_data *hapd,
+ const u8 *qos_map_set, u8 qos_map_set_len)
+ {
+- if (!hapd->driver || !hapd->driver->set_qos_map || !hapd->drv_priv)
++ if (!hapd->driver || !hapd->driver->set_qos_map || !hapd->drv_priv ||
++ !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING))
+ return 0;
+ return hapd->driver->set_qos_map(hapd->drv_priv, qos_map_set,
+ qos_map_set_len);
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/900-master-sync-include-uapi-linux-nl80211.patch b/recipes-connectivity/wpa-supplicant/files/patches/900-master-sync-include-uapi-linux-nl80211.patch
new file mode 100644
index 0000000..fe47b57
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/900-master-sync-include-uapi-linux-nl80211.patch
@@ -0,0 +1,57 @@
+diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
+index f962c06..f7be755 100644
+--- a/src/drivers/nl80211_copy.h
++++ b/src/drivers/nl80211_copy.h
+@@ -2560,6 +2560,19 @@ enum nl80211_commands {
+ * disassoc events to indicate that an immediate reconnect to the AP
+ * is desired.
+ *
++ * @NL80211_ATTR_OBSS_COLOR_BITMAP: bitmap of the u64 BSS colors for the
++ * %NL80211_CMD_OBSS_COLOR_COLLISION event.
++ *
++ * @NL80211_ATTR_COLOR_CHANGE_COUNT: u8 attribute specifying the number of TBTT's
++ * until the color switch event.
++ * @NL80211_ATTR_COLOR_CHANGE_COLOR: u8 attribute specifying the color that we are
++ * switching to
++ * @NL80211_ATTR_COLOR_CHANGE_ELEMS: Nested set of attributes containing the IE
++ * information for the time while performing a color switch.
++ *
++ * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce
++ * transmit power to stay within regulatory limits. u32, dBi.
++ *
+ * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+ * @NL80211_ATTR_MAX: highest attribute number currently defined
+ * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3057,6 +3070,14 @@ enum nl80211_attrs {
+
+ NL80211_ATTR_DISABLE_HE,
+
++ NL80211_ATTR_OBSS_COLOR_BITMAP,
++
++ NL80211_ATTR_COLOR_CHANGE_COUNT,
++ NL80211_ATTR_COLOR_CHANGE_COLOR,
++ NL80211_ATTR_COLOR_CHANGE_ELEMS,
++
++ NL80211_ATTR_WIPHY_ANTENNA_GAIN,
++
+ /* add attributes here, update the policy in nl80211.c */
+
+ __NL80211_ATTR_AFTER_LAST,
+@@ -5950,6 +5971,9 @@ enum nl80211_feature_flags {
+ * frame protection for all management frames exchanged during the
+ * negotiation and range measurement procedure.
+ *
++ * @NL80211_EXT_FEATURE_BSS_COLOR: The driver supports BSS color collision
++ * detection and change announcemnts.
++ *
+ * @NUM_NL80211_EXT_FEATURES: number of extended features.
+ * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+ */
+@@ -6014,6 +6038,7 @@ enum nl80211_ext_feature_index {
+ NL80211_EXT_FEATURE_SECURE_LTF,
+ NL80211_EXT_FEATURE_SECURE_RTT,
+ NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
++ NL80211_EXT_FEATURE_BSS_COLOR,
+
+ /* add new features before the definition below */
+ NUM_NL80211_EXT_FEATURES,
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/901-master-zero-wait_dfs.patch b/recipes-connectivity/wpa-supplicant/files/patches/901-master-zero-wait_dfs.patch
new file mode 100644
index 0000000..cb11aee
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/901-master-zero-wait_dfs.patch
@@ -0,0 +1,851 @@
+diff --git a/hostapd/config_file.c b/hostapd/config_file.c
+index 1e1b685..8f6281a 100644
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -2476,6 +2476,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
+ conf->ieee80211d = atoi(pos);
+ } else if (os_strcmp(buf, "ieee80211h") == 0) {
+ conf->ieee80211h = atoi(pos);
++ } else if (os_strcmp(buf, "radar_offchan") == 0) {
++ conf->radar_offchan = atoi(pos);
+ } else if (os_strcmp(buf, "ieee8021x") == 0) {
+ bss->ieee802_1x = atoi(pos);
+ } else if (os_strcmp(buf, "eapol_version") == 0) {
+diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
+index a89ce9b..0c951a9 100644
+--- a/hostapd/hostapd.conf
++++ b/hostapd/hostapd.conf
+@@ -143,6 +143,13 @@ ssid=test
+ # ieee80211d=1 and local_pwr_constraint configured.
+ #spectrum_mgmt_required=1
+
++# Enable radar/CAC detection through a dedicated offchannel chain available on
++# some hw. The chain can't be used to transmits or receives frames.
++# This feature allows to avoid CAC downtime switching on a different channel
++# during CAC detection on the selected radar channel.
++# (default: 0 = disabled, 1 = enabled)
++#radar_offchan=0
++
+ # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
+ # g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
+ # with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
+diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
+index 28b7efe..ffc3c2c 100644
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -993,6 +993,7 @@ struct hostapd_config {
+ int ieee80211d;
+
+ int ieee80211h; /* DFS */
++ int radar_offchan;
+
+ /*
+ * Local power constraint is an octet encoded as an unsigned integer in
+diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
+index bc49079..c97ee39 100644
+--- a/src/ap/ap_drv_ops.c
++++ b/src/ap/ap_drv_ops.c
+@@ -810,7 +810,8 @@ int hostapd_start_dfs_cac(struct hostapd_iface *iface,
+ int channel, int ht_enabled, int vht_enabled,
+ int he_enabled,
+ int sec_channel_offset, int oper_chwidth,
+- int center_segment0, int center_segment1)
++ int center_segment0, int center_segment1,
++ int radar_offchan)
+ {
+ struct hostapd_data *hapd = iface->bss[0];
+ struct hostapd_freq_params data;
+@@ -836,10 +837,14 @@ int hostapd_start_dfs_cac(struct hostapd_iface *iface,
+ wpa_printf(MSG_ERROR, "Can't set freq params");
+ return -1;
+ }
++ data.radar_offchan = radar_offchan;
+
+ res = hapd->driver->start_dfs_cac(hapd->drv_priv, &data);
+ if (!res) {
+- iface->cac_started = 1;
++ if (radar_offchan)
++ iface->radar_offchan.cac_started = 1;
++ else
++ iface->cac_started = 1;
+ os_get_reltime(&iface->dfs_cac_start);
+ }
+
+diff --git a/src/ap/ap_drv_ops.h b/src/ap/ap_drv_ops.h
+index 61c8f64..92842a1 100644
+--- a/src/ap/ap_drv_ops.h
++++ b/src/ap/ap_drv_ops.h
+@@ -130,7 +130,8 @@ int hostapd_start_dfs_cac(struct hostapd_iface *iface,
+ int channel, int ht_enabled, int vht_enabled,
+ int he_enabled,
+ int sec_channel_offset, int oper_chwidth,
+- int center_segment0, int center_segment1);
++ int center_segment0, int center_segment1,
++ int radar_offchan);
+ int hostapd_drv_do_acs(struct hostapd_data *hapd);
+ int hostapd_drv_update_dh_ie(struct hostapd_data *hapd, const u8 *peer,
+ u16 reason_code, const u8 *ie, size_t ielen);
+diff --git a/src/ap/dfs.c b/src/ap/dfs.c
+index eccda1a..3b1276f 100644
+--- a/src/ap/dfs.c
++++ b/src/ap/dfs.c
+@@ -51,16 +51,31 @@ static int dfs_get_used_n_chans(struct hostapd_iface *iface, int *seg1)
+ return n_chans;
+ }
+
+-
++/*
++ * flags:
++ * - 0: any channel
++ * - 1: non-radar channel or radar available one
++ * - 2: radar-only channel not yet available
++ */
+ static int dfs_channel_available(struct hostapd_channel_data *chan,
+- int skip_radar)
++ int flags)
+ {
++ if (flags == 2) {
++ /* Select only radar channel where CAC has not been
++ * performed yet
++ */
++ if ((chan->flag & HOSTAPD_CHAN_RADAR) &&
++ (chan->flag & HOSTAPD_CHAN_DFS_MASK) ==
++ HOSTAPD_CHAN_DFS_USABLE)
++ return 1;
++ return 0;
++ }
+ /*
+ * When radar detection happens, CSA is performed. However, there's no
+ * time for CAC, so radar channels must be skipped when finding a new
+ * channel for CSA, unless they are available for immediate use.
+ */
+- if (skip_radar && (chan->flag & HOSTAPD_CHAN_RADAR) &&
++ if (flags && (chan->flag & HOSTAPD_CHAN_RADAR) &&
+ ((chan->flag & HOSTAPD_CHAN_DFS_MASK) !=
+ HOSTAPD_CHAN_DFS_AVAILABLE))
+ return 0;
+@@ -136,10 +151,15 @@ dfs_get_chan_data(struct hostapd_hw_modes *mode, int freq, int first_chan_idx)
+ return NULL;
+ }
+
+-
++/*
++ * flags:
++ * - 0: any channel
++ * - 1: non-radar channel or radar available one
++ * - 2: radar-only channel not yet available
++ */
+ static int dfs_chan_range_available(struct hostapd_hw_modes *mode,
+ int first_chan_idx, int num_chans,
+- int skip_radar)
++ int flags)
+ {
+ struct hostapd_channel_data *first_chan, *chan;
+ int i;
+@@ -178,7 +198,7 @@ static int dfs_chan_range_available(struct hostapd_hw_modes *mode,
+ return 0;
+ }
+
+- if (!dfs_channel_available(chan, skip_radar)) {
++ if (!dfs_channel_available(chan, flags)) {
+ wpa_printf(MSG_DEBUG, "DFS: channel not available %d",
+ first_chan->freq + i * 20);
+ return 0;
+@@ -205,10 +225,15 @@ static int is_in_chanlist(struct hostapd_iface *iface,
+ * - hapd->secondary_channel
+ * - hapd->vht/he_oper_centr_freq_seg0_idx
+ * - hapd->vht/he_oper_centr_freq_seg1_idx
++ *
++ * flags:
++ * - 0: any channel
++ * - 1: non-radar channel or radar available one
++ * - 2: radar-only channel not yet available
+ */
+ static int dfs_find_channel(struct hostapd_iface *iface,
+ struct hostapd_channel_data **ret_chan,
+- int idx, int skip_radar)
++ int idx, int flags)
+ {
+ struct hostapd_hw_modes *mode;
+ struct hostapd_channel_data *chan;
+@@ -233,7 +258,7 @@ static int dfs_find_channel(struct hostapd_iface *iface,
+ }
+
+ /* Skip incompatible chandefs */
+- if (!dfs_chan_range_available(mode, i, n_chans, skip_radar)) {
++ if (!dfs_chan_range_available(mode, i, n_chans, flags)) {
+ wpa_printf(MSG_DEBUG,
+ "DFS: range not available for %d (%d)",
+ chan->freq, chan->chan);
+@@ -467,13 +492,18 @@ static int dfs_check_chans_unavailable(struct hostapd_iface *iface,
+ return res;
+ }
+
+-
++/*
++ * flags:
++ * - 0: any channel
++ * - 1: non-radar channel or radar available one
++ * - 2: radar-only channel not yet available
++ */
+ static struct hostapd_channel_data *
+ dfs_get_valid_channel(struct hostapd_iface *iface,
+ int *secondary_channel,
+ u8 *oper_centr_freq_seg0_idx,
+ u8 *oper_centr_freq_seg1_idx,
+- int skip_radar)
++ int flags)
+ {
+ struct hostapd_hw_modes *mode;
+ struct hostapd_channel_data *chan = NULL;
+@@ -502,7 +532,7 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
+ return NULL;
+
+ /* Get the count first */
+- num_available_chandefs = dfs_find_channel(iface, NULL, 0, skip_radar);
++ num_available_chandefs = dfs_find_channel(iface, NULL, 0, flags);
+ wpa_printf(MSG_DEBUG, "DFS: num_available_chandefs=%d",
+ num_available_chandefs);
+ if (num_available_chandefs == 0)
+@@ -523,7 +553,7 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
+ return NULL;
+
+ chan_idx = _rand % num_available_chandefs;
+- dfs_find_channel(iface, &chan, chan_idx, skip_radar);
++ dfs_find_channel(iface, &chan, chan_idx, flags);
+ if (!chan) {
+ wpa_printf(MSG_DEBUG, "DFS: no random channel found");
+ return NULL;
+@@ -552,7 +582,7 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
+ for (i = 0; i < num_available_chandefs - 1; i++) {
+ /* start from chan_idx + 1, end when chan_idx - 1 */
+ chan_idx2 = (chan_idx + 1 + i) % num_available_chandefs;
+- dfs_find_channel(iface, &chan2, chan_idx2, skip_radar);
++ dfs_find_channel(iface, &chan2, chan_idx2, flags);
+ if (chan2 && abs(chan2->chan - chan->chan) > 12) {
+ /* two channels are not adjacent */
+ sec_chan_idx_80p80 = chan2->chan;
+@@ -582,6 +612,27 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
+ return chan;
+ }
+
++static int dfs_set_valid_channel(struct hostapd_iface *iface, int skip_radar)
++{
++ struct hostapd_channel_data *channel;
++ u8 cf1 = 0, cf2 = 0;
++ int sec = 0;
++
++ channel = dfs_get_valid_channel(iface, &sec, &cf1, &cf2,
++ skip_radar);
++ if (!channel) {
++ wpa_printf(MSG_ERROR, "could not get valid channel");
++ return -1;
++ }
++
++ iface->freq = channel->freq;
++ iface->conf->channel = channel->chan;
++ iface->conf->secondary_channel = sec;
++ hostapd_set_oper_centr_freq_seg0_idx(iface->conf, cf1);
++ hostapd_set_oper_centr_freq_seg1_idx(iface->conf, cf2);
++
++ return 0;
++}
+
+ static int set_dfs_state_freq(struct hostapd_iface *iface, int freq, u32 state)
+ {
+@@ -761,6 +812,11 @@ static unsigned int dfs_get_cac_time(struct hostapd_iface *iface,
+ return cac_time_ms;
+ }
+
++static int hostapd_is_radar_offchan_enabled(struct hostapd_iface *iface)
++{
++ return (iface->drv_flags2 & WPA_DRIVER_RADAR_OFFCHAN) &&
++ iface->conf->radar_offchan;
++}
+
+ /*
+ * Main DFS handler
+@@ -770,9 +826,8 @@ static unsigned int dfs_get_cac_time(struct hostapd_iface *iface,
+ */
+ int hostapd_handle_dfs(struct hostapd_iface *iface)
+ {
+- struct hostapd_channel_data *channel;
+ int res, n_chans, n_chans1, start_chan_idx, start_chan_idx1;
+- int skip_radar = 0;
++ int skip_radar = 0, radar_offchan;
+
+ if (is_6ghz_freq(iface->freq))
+ return 1;
+@@ -825,28 +880,18 @@ int hostapd_handle_dfs(struct hostapd_iface *iface)
+ wpa_printf(MSG_DEBUG, "DFS %d chans unavailable - choose other channel: %s",
+ res, res ? "yes": "no");
+ if (res) {
+- int sec = 0;
+- u8 cf1 = 0, cf2 = 0;
+-
+- channel = dfs_get_valid_channel(iface, &sec, &cf1, &cf2,
+- skip_radar);
+- if (!channel) {
+- wpa_printf(MSG_ERROR, "could not get valid channel");
++ if (dfs_set_valid_channel(iface, skip_radar) < 0) {
+ hostapd_set_state(iface, HAPD_IFACE_DFS);
+ return 0;
+ }
+-
+- iface->freq = channel->freq;
+- iface->conf->channel = channel->chan;
+- iface->conf->secondary_channel = sec;
+- hostapd_set_oper_centr_freq_seg0_idx(iface->conf, cf1);
+- hostapd_set_oper_centr_freq_seg1_idx(iface->conf, cf2);
+ }
+ } while (res);
+
+ /* Finally start CAC */
+ hostapd_set_state(iface, HAPD_IFACE_DFS);
+- wpa_printf(MSG_DEBUG, "DFS start CAC on %d MHz", iface->freq);
++ radar_offchan = hostapd_is_radar_offchan_enabled(iface);
++ wpa_printf(MSG_DEBUG, "DFS start CAC on %d MHz offchan %d",
++ iface->freq, radar_offchan);
+ wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_CAC_START
+ "freq=%d chan=%d sec_chan=%d, width=%d, seg0=%d, seg1=%d, cac_time=%ds",
+ iface->freq,
+@@ -863,13 +908,37 @@ int hostapd_handle_dfs(struct hostapd_iface *iface)
+ iface->conf->secondary_channel,
+ hostapd_get_oper_chwidth(iface->conf),
+ hostapd_get_oper_centr_freq_seg0_idx(iface->conf),
+- hostapd_get_oper_centr_freq_seg1_idx(iface->conf));
++ hostapd_get_oper_centr_freq_seg1_idx(iface->conf),
++ radar_offchan);
+
+ if (res) {
+ wpa_printf(MSG_ERROR, "DFS start_dfs_cac() failed, %d", res);
+ return -1;
+ }
+
++ if (radar_offchan) {
++ /* Cache offchannel radar parameters */
++ iface->radar_offchan.channel = iface->conf->channel;
++ iface->radar_offchan.secondary_channel =
++ iface->conf->secondary_channel;
++ iface->radar_offchan.freq = iface->freq;
++ iface->radar_offchan.centr_freq_seg0_idx =
++ hostapd_get_oper_centr_freq_seg0_idx(iface->conf);
++ iface->radar_offchan.centr_freq_seg1_idx =
++ hostapd_get_oper_centr_freq_seg1_idx(iface->conf);
++
++ /*
++ * Let's select a random channel for the moment
++ * and perform CAC on dedicated radar chain
++ */
++ res = dfs_set_valid_channel(iface, 1);
++ if (res < 0)
++ return res;
++
++ iface->radar_offchan.temp_ch = 1;
++ return 1;
++ }
++
+ return 0;
+ }
+
+@@ -890,6 +959,157 @@ int hostapd_is_dfs_chan_available(struct hostapd_iface *iface)
+ return dfs_check_chans_available(iface, start_chan_idx, n_chans);
+ }
+
++static int hostapd_dfs_request_channel_switch(struct hostapd_iface *iface,
++ int channel, int freq,
++ int secondary_channel,
++ u8 oper_centr_freq_seg0_idx,
++ u8 oper_centr_freq_seg1_idx)
++{
++ struct hostapd_hw_modes *cmode = iface->current_mode;
++ int ieee80211_mode = IEEE80211_MODE_AP, err, i;
++ struct csa_settings csa_settings;
++ u8 new_vht_oper_chwidth;
++
++ wpa_printf(MSG_DEBUG, "DFS will switch to a new channel %d", channel);
++ wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_NEW_CHANNEL
++ "freq=%d chan=%d sec_chan=%d", freq, channel,
++ secondary_channel);
++
++ new_vht_oper_chwidth = hostapd_get_oper_chwidth(iface->conf);
++ hostapd_set_oper_chwidth(iface->conf,
++ hostapd_get_oper_chwidth(iface->conf));
++
++ /* Setup CSA request */
++ os_memset(&csa_settings, 0, sizeof(csa_settings));
++ csa_settings.cs_count = 5;
++ csa_settings.block_tx = 1;
++#ifdef CONFIG_MESH
++ if (iface->mconf)
++ ieee80211_mode = IEEE80211_MODE_MESH;
++#endif /* CONFIG_MESH */
++ err = hostapd_set_freq_params(&csa_settings.freq_params,
++ iface->conf->hw_mode,
++ freq, channel,
++ iface->conf->enable_edmg,
++ iface->conf->edmg_channel,
++ iface->conf->ieee80211n,
++ iface->conf->ieee80211ac,
++ iface->conf->ieee80211ax,
++ secondary_channel,
++ new_vht_oper_chwidth,
++ oper_centr_freq_seg0_idx,
++ oper_centr_freq_seg1_idx,
++ cmode->vht_capab,
++ &cmode->he_capab[ieee80211_mode]);
++
++ if (err) {
++ wpa_printf(MSG_ERROR, "DFS failed to calculate CSA freq params");
++ hostapd_disable_iface(iface);
++ return err;
++ }
++
++ for (i = 0; i < iface->num_bss; i++) {
++ err = hostapd_switch_channel(iface->bss[i], &csa_settings);
++ if (err)
++ break;
++ }
++
++ if (err) {
++ wpa_printf(MSG_WARNING, "DFS failed to schedule CSA (%d) - trying fallback",
++ err);
++ iface->freq = freq;
++ iface->conf->channel = channel;
++ iface->conf->secondary_channel = secondary_channel;
++ hostapd_set_oper_chwidth(iface->conf, new_vht_oper_chwidth);
++ hostapd_set_oper_centr_freq_seg0_idx(iface->conf,
++ oper_centr_freq_seg0_idx);
++ hostapd_set_oper_centr_freq_seg1_idx(iface->conf,
++ oper_centr_freq_seg1_idx);
++
++ hostapd_disable_iface(iface);
++ hostapd_enable_iface(iface);
++
++ return 0;
++ }
++
++ /* Channel configuration will be updated once CSA completes and
++ * ch_switch_notify event is received */
++ wpa_printf(MSG_DEBUG, "DFS waiting channel switch event");
++
++ return 0;
++}
++
++static struct hostapd_channel_data *
++dfs_downgrade_bandwidth(struct hostapd_iface *iface, int *secondary_channel,
++ u8 *oper_centr_freq_seg0_idx,
++ u8 *oper_centr_freq_seg1_idx, int *skip_radar);
++
++static void
++hostpad_dfs_update_offchannel_chain(struct hostapd_iface *iface)
++{
++ struct hostapd_channel_data *channel;
++ int sec = 0, flags = 2;
++ u8 cf1 = 0, cf2 = 0;
++
++ channel = dfs_get_valid_channel(iface, &sec, &cf1, &cf2, 2);
++ if (!channel || channel->chan == iface->conf->channel)
++ channel = dfs_downgrade_bandwidth(iface, &sec, &cf1, &cf2,
++ &flags);
++ if (!channel ||
++ hostapd_start_dfs_cac(iface, iface->conf->hw_mode,
++ channel->freq, channel->chan,
++ iface->conf->ieee80211n,
++ iface->conf->ieee80211ac,
++ iface->conf->ieee80211ax,
++ sec, hostapd_get_oper_chwidth(iface->conf),
++ cf1, cf2, 1)) {
++ /*
++ * Toggle interface state to enter DFS state
++ * until NOP is finished.
++ */
++ wpa_printf(MSG_ERROR, "DFS failed start CAC offchannel");
++ return;
++ }
++
++ wpa_printf(MSG_DEBUG, "%s: setting offchannel chain to chan %d (%d MHz)",
++ __func__, channel->chan, channel->freq);
++
++ iface->radar_offchan.channel = channel->chan;
++ iface->radar_offchan.freq = channel->freq;
++ iface->radar_offchan.secondary_channel = sec;
++ iface->radar_offchan.centr_freq_seg0_idx = cf1;
++ iface->radar_offchan.centr_freq_seg1_idx = cf2;
++}
++
++/* FIXME: check if all channel bandwith */
++static int
++hostapd_dfs_is_offchan_event(struct hostapd_iface *iface, int freq)
++{
++ if (iface->radar_offchan.freq != freq)
++ return 0;
++
++ return 1;
++}
++
++static int
++hostapd_dfs_start_channel_switch_offchan(struct hostapd_iface *iface)
++{
++ iface->conf->channel = iface->radar_offchan.channel;
++ iface->freq = iface->radar_offchan.freq;
++ iface->conf->secondary_channel =
++ iface->radar_offchan.secondary_channel;
++ hostapd_set_oper_centr_freq_seg0_idx(iface->conf,
++ iface->radar_offchan.centr_freq_seg0_idx);
++ hostapd_set_oper_centr_freq_seg1_idx(iface->conf,
++ iface->radar_offchan.centr_freq_seg1_idx);
++
++ hostpad_dfs_update_offchannel_chain(iface);
++
++ return hostapd_dfs_request_channel_switch(iface, iface->conf->channel,
++ iface->freq, iface->conf->secondary_channel,
++ hostapd_get_oper_centr_freq_seg0_idx(iface->conf),
++ hostapd_get_oper_centr_freq_seg1_idx(iface->conf));
++}
+
+ int hostapd_dfs_complete_cac(struct hostapd_iface *iface, int success, int freq,
+ int ht_enabled, int chan_offset, int chan_width,
+@@ -911,6 +1131,23 @@ int hostapd_dfs_complete_cac(struct hostapd_iface *iface, int success, int freq,
+ set_dfs_state(iface, freq, ht_enabled, chan_offset,
+ chan_width, cf1, cf2,
+ HOSTAPD_CHAN_DFS_AVAILABLE);
++
++ /*
++ * radar event from offchannel chain for selected
++ * channel. Perfrom CSA, move main chain to selected
++ * channel and configure offchannel chain to a new DFS
++ * channel
++ */
++ if (hostapd_is_radar_offchan_enabled(iface) &&
++ hostapd_dfs_is_offchan_event(iface, freq)) {
++ iface->radar_offchan.cac_started = 0;
++ if (iface->radar_offchan.temp_ch) {
++ iface->radar_offchan.temp_ch = 0;
++ return hostapd_dfs_start_channel_switch_offchan(iface);
++ }
++ return 0;
++ }
++
+ /*
+ * Just mark the channel available when CAC completion
+ * event is received in enabled state. CAC result could
+@@ -927,6 +1164,10 @@ int hostapd_dfs_complete_cac(struct hostapd_iface *iface, int success, int freq,
+ iface->cac_started = 0;
+ }
+ }
++ } else if (hostapd_is_radar_offchan_enabled(iface) &&
++ hostapd_dfs_is_offchan_event(iface, freq)) {
++ iface->radar_offchan.cac_started = 0;
++ hostpad_dfs_update_offchannel_chain(iface);
+ }
+
+ return 0;
+@@ -1036,6 +1277,44 @@ static int hostapd_dfs_start_channel_switch_cac(struct hostapd_iface *iface)
+ return err;
+ }
+
++static int
++hostapd_dfs_offchan_start_channel_switch(struct hostapd_iface *iface, int freq)
++{
++ if (!hostapd_is_radar_offchan_enabled(iface))
++ return -1; /* Offchannel chain not supported */
++
++ wpa_printf(MSG_DEBUG,
++ "%s called (offchannel CAC active: %s, CSA active: %s)",
++ __func__, iface->radar_offchan.cac_started ? "yes" : "no",
++ hostapd_csa_in_progress(iface) ? "yes" : "no");
++
++ /* Check if CSA in progress */
++ if (hostapd_csa_in_progress(iface))
++ return 0;
++
++ /*
++ * If offchannel radar detation is supported and radar channel
++ * monitored by offchain is available switch to it without waiting
++ * for the CAC otherwise let's keep a random channel.
++ * If radar pattern is reported on offchannel chain, just switch to
++ * monitor another radar channel.
++ */
++ if (hostapd_dfs_is_offchan_event(iface, freq)) {
++ hostpad_dfs_update_offchannel_chain(iface);
++ return 0;
++ }
++
++ /* Offchannel not availanle yet. Perform CAC on main chain */
++ if (iface->radar_offchan.cac_started) {
++ /* We want to switch to monitored channel as soon as
++ * CAC is completed.
++ */
++ iface->radar_offchan.temp_ch = 1;
++ return -1;
++ }
++
++ return hostapd_dfs_start_channel_switch_offchan(iface);
++}
+
+ static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
+ {
+@@ -1043,13 +1322,7 @@ static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
+ int secondary_channel;
+ u8 oper_centr_freq_seg0_idx;
+ u8 oper_centr_freq_seg1_idx;
+- u8 new_vht_oper_chwidth;
+ int skip_radar = 1;
+- struct csa_settings csa_settings;
+- unsigned int i;
+- int err = 1;
+- struct hostapd_hw_modes *cmode = iface->current_mode;
+- u8 current_vht_oper_chwidth = hostapd_get_oper_chwidth(iface->conf);
+ int ieee80211_mode = IEEE80211_MODE_AP;
+
+ wpa_printf(MSG_DEBUG, "%s called (CAC active: %s, CSA active: %s)",
+@@ -1113,73 +1386,16 @@ static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
+ }
+ }
+
+- wpa_printf(MSG_DEBUG, "DFS will switch to a new channel %d",
+- channel->chan);
+- wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_NEW_CHANNEL
+- "freq=%d chan=%d sec_chan=%d", channel->freq,
+- channel->chan, secondary_channel);
+-
+- new_vht_oper_chwidth = hostapd_get_oper_chwidth(iface->conf);
+- hostapd_set_oper_chwidth(iface->conf, current_vht_oper_chwidth);
+-
+- /* Setup CSA request */
+- os_memset(&csa_settings, 0, sizeof(csa_settings));
+- csa_settings.cs_count = 5;
+- csa_settings.block_tx = 1;
+ #ifdef CONFIG_MESH
+ if (iface->mconf)
+ ieee80211_mode = IEEE80211_MODE_MESH;
+ #endif /* CONFIG_MESH */
+- err = hostapd_set_freq_params(&csa_settings.freq_params,
+- iface->conf->hw_mode,
+- channel->freq,
+- channel->chan,
+- iface->conf->enable_edmg,
+- iface->conf->edmg_channel,
+- iface->conf->ieee80211n,
+- iface->conf->ieee80211ac,
+- iface->conf->ieee80211ax,
+- secondary_channel,
+- new_vht_oper_chwidth,
+- oper_centr_freq_seg0_idx,
+- oper_centr_freq_seg1_idx,
+- cmode->vht_capab,
+- &cmode->he_capab[ieee80211_mode]);
+-
+- if (err) {
+- wpa_printf(MSG_ERROR, "DFS failed to calculate CSA freq params");
+- hostapd_disable_iface(iface);
+- return err;
+- }
+
+- for (i = 0; i < iface->num_bss; i++) {
+- err = hostapd_switch_channel(iface->bss[i], &csa_settings);
+- if (err)
+- break;
+- }
+-
+- if (err) {
+- wpa_printf(MSG_WARNING, "DFS failed to schedule CSA (%d) - trying fallback",
+- err);
+- iface->freq = channel->freq;
+- iface->conf->channel = channel->chan;
+- iface->conf->secondary_channel = secondary_channel;
+- hostapd_set_oper_chwidth(iface->conf, new_vht_oper_chwidth);
+- hostapd_set_oper_centr_freq_seg0_idx(iface->conf,
+- oper_centr_freq_seg0_idx);
+- hostapd_set_oper_centr_freq_seg1_idx(iface->conf,
+- oper_centr_freq_seg1_idx);
+-
+- hostapd_disable_iface(iface);
+- hostapd_enable_iface(iface);
+- return 0;
+- }
+-
+- /* Channel configuration will be updated once CSA completes and
+- * ch_switch_notify event is received */
+-
+- wpa_printf(MSG_DEBUG, "DFS waiting channel switch event");
+- return 0;
++ return hostapd_dfs_request_channel_switch(iface, channel->chan,
++ channel->freq,
++ secondary_channel,
++ oper_centr_freq_seg0_idx,
++ oper_centr_freq_seg1_idx);
+ }
+
+
+@@ -1208,15 +1424,19 @@ int hostapd_dfs_radar_detected(struct hostapd_iface *iface, int freq,
+ if (!res)
+ return 0;
+
+- /* Skip if reported radar event not overlapped our channels */
+- res = dfs_are_channels_overlapped(iface, freq, chan_width, cf1, cf2);
+- if (!res)
+- return 0;
++ if (!hostapd_dfs_is_offchan_event(iface, freq)) {
++ /* Skip if reported radar event not overlapped our channels */
++ res = dfs_are_channels_overlapped(iface, freq, chan_width,
++ cf1, cf2);
++ if (!res)
++ return 0;
++ }
+
+- /* radar detected while operating, switch the channel. */
+- res = hostapd_dfs_start_channel_switch(iface);
++ if (hostapd_dfs_offchan_start_channel_switch(iface, freq))
++ /* radar detected while operating, switch the channel. */
++ return hostapd_dfs_start_channel_switch(iface);
+
+- return res;
++ return 0;
+ }
+
+
+@@ -1284,7 +1504,11 @@ int hostapd_dfs_start_cac(struct hostapd_iface *iface, int freq,
+ "seg1=%d cac_time=%ds",
+ freq, (freq - 5000) / 5, chan_offset, chan_width, cf1, cf2,
+ iface->dfs_cac_ms / 1000);
+- iface->cac_started = 1;
++
++ if (hostapd_dfs_is_offchan_event(iface, freq))
++ iface->radar_offchan.cac_started = 1;
++ else
++ iface->cac_started = 1;
+ os_get_reltime(&iface->dfs_cac_start);
+ return 0;
+ }
+diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
+index 27b985d..1c6c94e 100644
+--- a/src/ap/hostapd.h
++++ b/src/ap/hostapd.h
+@@ -521,6 +521,21 @@ struct hostapd_iface {
+ int *basic_rates;
+ int freq;
+
++ /* Offchanel chain configuration */
++ struct {
++ int channel;
++ int secondary_channel;
++ int freq;
++ int centr_freq_seg0_idx;
++ int centr_freq_seg1_idx;
++ /* Main chain is on temporary channel during
++ * CAC detection on radar offchain
++ */
++ unsigned int temp_ch:1;
++ /* CAC started on radar offchain */
++ unsigned int cac_started:1;
++ } radar_offchan;
++
+ u16 hw_flags;
+
+ /* Number of associated Non-ERP stations (i.e., stations using 802.11b
+diff --git a/src/drivers/driver.h b/src/drivers/driver.h
+index 6d9194f..7ed47c0 100644
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -777,6 +777,11 @@ struct hostapd_freq_params {
+ * for IEEE 802.11ay EDMG configuration.
+ */
+ struct ieee80211_edmg_config edmg;
++
++ /**
++ * radar_offchan - Whether radar/CAC offchannel is requested
++ */
++ int radar_offchan;
+ };
+
+ /**
+@@ -2026,6 +2031,8 @@ struct wpa_driver_capa {
+ #define WPA_DRIVER_FLAGS2_OCV 0x0000000000000080ULL
+ /** Driver expects user space implementation of SME in AP mode */
+ #define WPA_DRIVER_FLAGS2_AP_SME 0x0000000000000100ULL
++/** Driver supports offchannel radar/CAC detection */
++#define WPA_DRIVER_RADAR_OFFCHAN 0x0000000000000200ULL
+ u64 flags2;
+
+ #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
+diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
+index 4db8cce..62c3cd8 100644
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -4885,6 +4885,7 @@ static int nl80211_put_freq_params(struct nl_msg *msg,
+ wpa_printf(MSG_DEBUG, " * he_enabled=%d", freq->he_enabled);
+ wpa_printf(MSG_DEBUG, " * vht_enabled=%d", freq->vht_enabled);
+ wpa_printf(MSG_DEBUG, " * ht_enabled=%d", freq->ht_enabled);
++ wpa_printf(MSG_DEBUG, " * radar_offchan=%d", freq->radar_offchan);
+
+ hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
+ is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
+@@ -4962,6 +4963,9 @@ static int nl80211_put_freq_params(struct nl_msg *msg,
+ NL80211_CHAN_NO_HT))
+ return -ENOBUFS;
+ }
++ if (freq->radar_offchan)
++ nla_put_flag(msg, NL80211_ATTR_RADAR_OFFCHAN);
++
+ return 0;
+ }
+
+diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
+index cd596e3..e370ef3 100644
+--- a/src/drivers/driver_nl80211_capa.c
++++ b/src/drivers/driver_nl80211_capa.c
+@@ -665,6 +665,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION))
+ capa->flags2 |= WPA_DRIVER_FLAGS2_OCV;
++
++ if (ext_feature_isset(ext_features, len,
++ NL80211_EXT_FEATURE_RADAR_OFFCHAN))
++ capa->flags2 |= WPA_DRIVER_RADAR_OFFCHAN;
+ }
+
+
+diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
+index f7be755..736b483 100644
+--- a/src/drivers/nl80211_copy.h
++++ b/src/drivers/nl80211_copy.h
+@@ -2573,6 +2573,10 @@ enum nl80211_commands {
+ * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce
+ * transmit power to stay within regulatory limits. u32, dBi.
+ *
++ * @NL80211_ATTR_RADAR_OFFCHAN: Configure dedicated chain available for radar
++ * detection on some hw. The chain can't be used to transmits or receives
++ * frames. The driver is supposed to implement CAC management in sw or fw.
++ *
+ * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+ * @NL80211_ATTR_MAX: highest attribute number currently defined
+ * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3078,6 +3082,8 @@ enum nl80211_attrs {
+
+ NL80211_ATTR_WIPHY_ANTENNA_GAIN,
+
++ NL80211_ATTR_RADAR_OFFCHAN,
++
+ /* add attributes here, update the policy in nl80211.c */
+
+ __NL80211_ATTR_AFTER_LAST,
+@@ -5974,6 +5980,9 @@ enum nl80211_feature_flags {
+ * @NL80211_EXT_FEATURE_BSS_COLOR: The driver supports BSS color collision
+ * detection and change announcemnts.
+ *
++ * @NL80211_EXT_FEATURE_RADAR_OFFCHAN: Device supports offchannel radar/CAC
++ * detection.
++ *
+ * @NUM_NL80211_EXT_FEATURES: number of extended features.
+ * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+ */
+@@ -6039,6 +6048,7 @@ enum nl80211_ext_feature_index {
+ NL80211_EXT_FEATURE_SECURE_RTT,
+ NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
+ NL80211_EXT_FEATURE_BSS_COLOR,
++ NL80211_EXT_FEATURE_RADAR_OFFCHAN,
+
+ /* add new features before the definition below */
+ NUM_NL80211_EXT_FEATURES,
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/902-master-Add-hostapd_neighbor_count-and-hostapd_neighbor_inse.patch b/recipes-connectivity/wpa-supplicant/files/patches/902-master-Add-hostapd_neighbor_count-and-hostapd_neighbor_inse.patch
new file mode 100644
index 0000000..e761c00
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/902-master-Add-hostapd_neighbor_count-and-hostapd_neighbor_inse.patch
@@ -0,0 +1,72 @@
+From 413cb1d917383c5f4cb4bb6b94310c4f193a9187 Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 19:18:07 +0800
+Subject: [PATCH 1/9] Add hostapd_neighbor_count() and
+ hostapd_neighbor_insert_buffer ()
+
+The first function can count the number of neighbor report in neighbore report
+database. The second can iterate neighbor report database to build up neighbor
+report data.
+---
+ src/ap/neighbor_db.c | 32 ++++++++++++++++++++++++++++++++
+ src/ap/neighbor_db.h | 3 +++
+ 2 files changed, 35 insertions(+)
+
+diff --git a/src/ap/neighbor_db.c b/src/ap/neighbor_db.c
+index 229edd2..ce6865d 100644
+--- a/src/ap/neighbor_db.c
++++ b/src/ap/neighbor_db.c
+@@ -89,6 +89,38 @@ int hostapd_neighbor_show(struct hostapd_data *hapd, char *buf, size_t buflen)
+ }
+
+
++int hostapd_neighbor_count(struct hostapd_data *hapd)
++{
++ struct hostapd_neighbor_entry *nr;
++ int count = 0;
++
++ dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
++ list) {
++ count++;
++ }
++ return count;
++}
++
++
++int hostapd_neighbor_insert_buffer(struct hostapd_data *hapd, char *buf,
++ size_t buflen)
++{
++ struct hostapd_neighbor_entry *nr;
++ char *pos = buf;
++
++ dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
++ list) {
++ /* For neighbor report IE, we only need bssid and nr*/
++ *pos++ = WLAN_EID_NEIGHBOR_REPORT;
++ *pos++ = wpabuf_len(nr->nr);
++ os_memcpy(pos, wpabuf_head(nr->nr), wpabuf_len(nr->nr));
++ pos += wpabuf_len(nr->nr);
++ }
++
++ return pos - buf;
++}
++
++
+ static void hostapd_neighbor_clear_entry(struct hostapd_neighbor_entry *nr)
+ {
+ wpabuf_free(nr->nr);
+diff --git a/src/ap/neighbor_db.h b/src/ap/neighbor_db.h
+index 992671b..1ae194d 100644
+--- a/src/ap/neighbor_db.h
++++ b/src/ap/neighbor_db.h
+@@ -24,4 +24,7 @@ int hostapd_neighbor_remove(struct hostapd_data *hapd, const u8 *bssid,
+ const struct wpa_ssid_value *ssid);
+ void hostapd_free_neighbor_db(struct hostapd_data *hapd);
+
++int hostapd_neighbor_count(struct hostapd_data *hapd);
++int hostapd_neighbor_insert_buffer(struct hostapd_data *hapd, char *buf,
++ size_t buflen);
+ #endif /* NEIGHBOR_DB_H */
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/903-master-Support-including-neighbor-report-elements-in-ANQP-r.patch b/recipes-connectivity/wpa-supplicant/files/patches/903-master-Support-including-neighbor-report-elements-in-ANQP-r.patch
new file mode 100644
index 0000000..3e6506a
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/903-master-Support-including-neighbor-report-elements-in-ANQP-r.patch
@@ -0,0 +1,95 @@
+From adacd810f97a89472f26b454805cd67d0e6f5d31 Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 19:25:05 +0800
+Subject: [PATCH 2/9] Support including neighbor report elements in ANQP
+ response
+
+---
+ src/ap/gas_serv.c | 29 +++++++++++++++++++++++++++++
+ src/ap/gas_serv.h | 2 ++
+ 2 files changed, 31 insertions(+)
+
+diff --git a/src/ap/gas_serv.c b/src/ap/gas_serv.c
+index 90f1577..5845ff8 100644
+--- a/src/ap/gas_serv.c
++++ b/src/ap/gas_serv.c
+@@ -19,6 +19,7 @@
+ #include "dpp_hostapd.h"
+ #include "sta_info.h"
+ #include "gas_serv.h"
++#include "neighbor_db.h"
+
+
+ #ifdef CONFIG_DPP
+@@ -369,6 +370,24 @@ static void anqp_add_network_auth_type(struct hostapd_data *hapd,
+ }
+ }
+
++static void anqp_add_neighbor_report(struct hostapd_data *hapd,
++ struct wpabuf *buf)
++{
++ struct hostapd_neighbor_entry *nr;
++ u8 *len_pos = gas_anqp_add_element(buf, ANQP_NEIGHBOR_REPORT);
++ if (dl_list_empty(&hapd->nr_db)) {
++ wpabuf_put_le16(buf, 0);
++ }
++ else {
++ dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry, list ) {
++ wpabuf_put_u8(buf, WLAN_EID_NEIGHBOR_REPORT);
++ wpabuf_put_u8(buf, wpabuf_len(nr->nr));
++ wpabuf_put_buf(buf, nr->nr);
++ }
++ }
++ gas_anqp_set_element_len(buf, len_pos);
++}
++
+
+ static void anqp_add_roaming_consortium(struct hostapd_data *hapd,
+ struct wpabuf *buf)
+@@ -986,6 +1005,9 @@ gas_serv_build_gas_resp_payload(struct hostapd_data *hapd,
+ len += 1000;
+ if (request & ANQP_REQ_ICON_REQUEST)
+ len += 65536;
++ if (request & ANQP_REQ_NEIGHBOR_REPORT) {
++ len += (40 * hostapd_neighbor_count(hapd));
++ }
+ #ifdef CONFIG_FILS
+ if (request & ANQP_FILS_REALM_INFO)
+ len += 2 * dl_list_len(&hapd->conf->fils_realms);
+@@ -1028,6 +1050,8 @@ gas_serv_build_gas_resp_payload(struct hostapd_data *hapd,
+ anqp_add_elem(hapd, buf, ANQP_TDLS_CAPABILITY);
+ if (request & ANQP_REQ_EMERGENCY_NAI)
+ anqp_add_elem(hapd, buf, ANQP_EMERGENCY_NAI);
++ if (request & ANQP_REQ_NEIGHBOR_REPORT)
++ anqp_add_neighbor_report(hapd, buf);
+
+ for (i = 0; i < num_extra_req; i++) {
+ #ifdef CONFIG_FILS
+@@ -1172,6 +1196,11 @@ static void rx_anqp_query_list_id(struct hostapd_data *hapd, u16 info_id,
+ "Emergency NAI",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
++ case ANQP_NEIGHBOR_REPORT:
++ set_anqp_req(ANQP_REQ_NEIGHBOR_REPORT,
++ "Neighbor Report",
++ get_anqp_elem(hapd, info_id) != NULL, qi);
++ break;
+ default:
+ #ifdef CONFIG_FILS
+ if (info_id == ANQP_FILS_REALM_INFO &&
+diff --git a/src/ap/gas_serv.h b/src/ap/gas_serv.h
+index 1528af4..d0241f2 100644
+--- a/src/ap/gas_serv.h
++++ b/src/ap/gas_serv.h
+@@ -40,6 +40,8 @@
+ (1 << (ANQP_TDLS_CAPABILITY - ANQP_QUERY_LIST))
+ #define ANQP_REQ_EMERGENCY_NAI \
+ (1 << (ANQP_EMERGENCY_NAI - ANQP_QUERY_LIST))
++#define ANQP_REQ_NEIGHBOR_REPORT \
++ (1 << (ANQP_NEIGHBOR_REPORT - ANQP_QUERY_LIST))
+ /*
+ * First 15 Hotspot 2.0 vendor specific ANQP-elements can be included in the
+ * optimized bitmap.
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/904-master-Support-including-neignbor-report-elements-in-BTM-re.patch b/recipes-connectivity/wpa-supplicant/files/patches/904-master-Support-including-neignbor-report-elements-in-BTM-re.patch
new file mode 100644
index 0000000..86d8fd1
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/904-master-Support-including-neignbor-report-elements-in-BTM-re.patch
@@ -0,0 +1,68 @@
+From 4a7b4a0fe05dd01ae64dd4e291d05de6d5f05bb7 Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 19:49:09 +0800
+Subject: [PATCH 3/9] Support including neignbor report elements in BTM
+ response
+
+---
+ src/ap/wnm_ap.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
+index 72cd126..b55b3f3 100644
+--- a/src/ap/wnm_ap.c
++++ b/src/ap/wnm_ap.c
+@@ -20,6 +20,7 @@
+ #include "ap/wpa_auth.h"
+ #include "mbo_ap.h"
+ #include "wnm_ap.h"
++#include "ap/neighbor_db.h"
+
+ #define MAX_TFS_IE_LEN 1024
+
+@@ -370,9 +371,21 @@ static int ieee802_11_send_bss_trans_mgmt_request(struct hostapd_data *hapd,
+ u8 *pos;
+ int res;
+
+- mgmt = os_zalloc(sizeof(*mgmt));
+- if (mgmt == NULL)
++ int nr_num = hostapd_neighbor_count(hapd);
++ int nr_size = ETH_ALEN + 4 + 1 + 1 + 1 + 5;
++ int total_nr_size = nr_num * nr_size;
++ u8 *nr_data = os_malloc(total_nr_size);
++ int nr_data_len = 0;
++ if(nr_data == NULL) {
++ wpa_printf (MSG_ERROR, "Failed to allocate memory");
++ } else {
++ nr_data_len = hostapd_neighbor_insert_buffer(hapd, nr_data, total_nr_size);
++ }
++ mgmt = os_zalloc(sizeof(*mgmt) + nr_data_len);
++ if (mgmt == NULL) {
++ wpa_printf (MSG_ERROR, "Failed to allocate memory for mgmt frame");
+ return -1;
++ }
+ os_memcpy(mgmt->da, addr, ETH_ALEN);
+ os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
+ os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
+@@ -382,10 +395,18 @@ static int ieee802_11_send_bss_trans_mgmt_request(struct hostapd_data *hapd,
+ mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
+ mgmt->u.action.u.bss_tm_req.dialog_token = dialog_token;
+ mgmt->u.action.u.bss_tm_req.req_mode = 0;
++ if(nr_num) {
++ mgmt->u.action.u.bss_tm_req.req_mode |= WNM_BSS_TM_REQ_PREF_CAND_LIST_INCLUDED;
++ }
+ mgmt->u.action.u.bss_tm_req.disassoc_timer = host_to_le16(0);
+ mgmt->u.action.u.bss_tm_req.validity_interval = 1;
+ pos = mgmt->u.action.u.bss_tm_req.variable;
+
++ if(nr_num) {
++ os_memcpy(pos, nr_data, nr_data_len);
++ pos += nr_data_len;
++ }
++
+ hapd->openwrt_stats.wnm.bss_transition_request_tx++;
+ wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
+ MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/905-master-Support-configuring-BSS-Termination-TSF-by-using-hos.patch b/recipes-connectivity/wpa-supplicant/files/patches/905-master-Support-configuring-BSS-Termination-TSF-by-using-hos.patch
new file mode 100644
index 0000000..f6832e3
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/905-master-Support-configuring-BSS-Termination-TSF-by-using-hos.patch
@@ -0,0 +1,66 @@
+From 56613ad9b568a3ac7467105beaa162c68ffbbf70 Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 20:20:03 +0800
+Subject: [PATCH 4/9] Support configuring BSS Termination TSF by using
+ hostapd_cli command
+
+---
+ hostapd/ctrl_iface.c | 9 +++++++++
+ src/ap/ap_config.c | 1 +
+ src/ap/ap_config.h | 1 +
+ 3 files changed, 11 insertions(+)
+
+diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
+index f50fafb..1b5a091 100644
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -954,6 +954,10 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd,
+ wpa_printf(MSG_DEBUG, "Invalid bss_term data");
+ return -1;
+ }
++ if (hapd->conf->bss_termination_tsf) {
++ WPA_PUT_LE64(&bss_term_dur[2], hapd->conf->bss_termination_tsf);
++ }
++
+ end++;
+ WPA_PUT_LE16(&bss_term_dur[10], atoi(end));
+ }
+@@ -1589,6 +1593,11 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
+ #endif /* CONFIG_DPP */
+ } else if (os_strcasecmp(cmd, "setband") == 0) {
+ ret = hostapd_ctrl_iface_set_band(hapd, value);
++ } else if (os_strcasecmp(cmd, "bss_termination_tsf") == 0) {
++ int termination_sec = atoi(value);
++ hapd->conf->bss_termination_tsf = termination_sec;
++ wpa_printf(MSG_DEBUG, "BSS Termination TSF: value = %d",
++ termination_sec);
+ } else {
+ ret = hostapd_set_iface(hapd->iconf, hapd->conf, cmd, value);
+ if (ret)
+diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
+index 1f04686..078a3fc 100644
+--- a/src/ap/ap_config.c
++++ b/src/ap/ap_config.c
+@@ -170,6 +170,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
+ /* comeback after 10 TUs */
+ bss->pasn_comeback_after = 10;
+ #endif /* CONFIG_PASN */
++ bss->bss_termination_tsf = 0;
+ }
+
+
+diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
+index f3aff36..7301bbb 100644
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -549,6 +549,7 @@ struct hostapd_bss_config {
+ int wnm_sleep_mode;
+ int wnm_sleep_mode_no_keys;
+ int bss_transition;
++ unsigned int bss_termination_tsf;
+
+ /* IEEE 802.11u - Interworking */
+ int interworking;
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/906-master-Disable-interface-if-BSS-Termination-TSF-is-set.patch b/recipes-connectivity/wpa-supplicant/files/patches/906-master-Disable-interface-if-BSS-Termination-TSF-is-set.patch
new file mode 100644
index 0000000..0d28e4e
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/906-master-Disable-interface-if-BSS-Termination-TSF-is-set.patch
@@ -0,0 +1,47 @@
+From dcedb231bc62949d458792530a14ceddfee20e96 Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 21:03:38 +0800
+Subject: [PATCH 5/9] Disable interface if BSS Termination TSF is set
+
+---
+ src/ap/wnm_ap.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
+index b55b3f3..6eac3ac 100644
+--- a/src/ap/wnm_ap.c
++++ b/src/ap/wnm_ap.c
+@@ -767,6 +767,22 @@ static void set_disassoc_timer(struct hostapd_data *hapd, struct sta_info *sta,
+ }
+
+
++void bss_termination_disable_iface(void *eloop_ctx, void *timeout_ctx)
++{
++ struct hostapd_data *hapd = eloop_ctx;
++ hostapd_disable_iface(hapd->iface);
++}
++
++
++static void set_disable_iface_timer(struct hostapd_data *hapd, struct sta_info *sta,
++ int disable_iface_timer)
++{
++ wpa_printf(MSG_DEBUG, "Disable interface timer set to %d secs", disable_iface_timer);
++ eloop_register_timeout(disable_iface_timer, 0,
++ bss_termination_disable_iface, hapd, NULL);
++}
++
++
+ int wnm_send_ess_disassoc_imminent(struct hostapd_data *hapd,
+ struct sta_info *sta, const char *url,
+ int disassoc_timer)
+@@ -856,6 +872,7 @@ int wnm_send_bss_tm_req(struct hostapd_data *hapd, struct sta_info *sta,
+ bss_term_dur) {
+ os_memcpy(pos, bss_term_dur, 12);
+ pos += 12;
++ set_disable_iface_timer(hapd, sta, hapd->conf->bss_termination_tsf);
+ }
+
+ if (url) {
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/907-master-Add-set_send_disassoc_frame_timer-to-send-disassocia.patch b/recipes-connectivity/wpa-supplicant/files/patches/907-master-Add-set_send_disassoc_frame_timer-to-send-disassocia.patch
new file mode 100644
index 0000000..be0f823
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/907-master-Add-set_send_disassoc_frame_timer-to-send-disassocia.patch
@@ -0,0 +1,63 @@
+From cb31775e39eaa2b8a0bd36f5e195ac8bff967535 Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 21:15:07 +0800
+Subject: [PATCH 6/9] Add set_send_disassoc_frame_timer() to send disassociate
+ frame
+
+Function set_disassoc_timer() may fail if key was deleted first. This new
+function will not ask to delete key as set_disassoc_timer() did.
+---
+ src/ap/wnm_ap.c | 30 +++++++++++++++++++++++++++++-
+ 1 file changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
+index 6eac3ac..fad132c 100644
+--- a/src/ap/wnm_ap.c
++++ b/src/ap/wnm_ap.c
+@@ -767,6 +767,34 @@ static void set_disassoc_timer(struct hostapd_data *hapd, struct sta_info *sta,
+ }
+
+
++static void set_send_disassoc_frame_timer(struct hostapd_data *hapd, struct sta_info *sta,
++ int disassoc_timer)
++{
++ int timeout, beacon_int;
++
++ /*
++ * Prevent STA from reconnecting using cached PMKSA to force
++ * full authentication with the authentication server (which may
++ * decide to reject the connection),
++ */
++ wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
++
++ beacon_int = hapd->iconf->beacon_int;
++ if (beacon_int < 1)
++ beacon_int = 100; /* best guess */
++ /* Calculate timeout in ms based on beacon_int in TU */
++ timeout = disassoc_timer * beacon_int * 128 / 125;
++ wpa_printf(MSG_DEBUG, "Disassociation timer for " MACSTR
++ " set to %d ms", MAC2STR(sta->addr), timeout);
++
++ u16 reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
++
++ hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
++ if (sta)
++ ap_sta_disassociate(hapd, sta, reason);
++}
++
++
+ void bss_termination_disable_iface(void *eloop_ctx, void *timeout_ctx)
+ {
+ struct hostapd_data *hapd = eloop_ctx;
+@@ -909,7 +937,7 @@ int wnm_send_bss_tm_req(struct hostapd_data *hapd, struct sta_info *sta,
+ hapd->openwrt_stats.wnm.bss_transition_request_tx++;
+ if (disassoc_timer) {
+ /* send disassociation frame after time-out */
+- set_disassoc_timer(hapd, sta, disassoc_timer);
++ set_send_disassoc_frame_timer(hapd, sta, disassoc_timer);
+ }
+
+ return 0;
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/908-master-Support-including-neighbor-report-elements-in-BTM-re.patch b/recipes-connectivity/wpa-supplicant/files/patches/908-master-Support-including-neighbor-report-elements-in-BTM-re.patch
new file mode 100644
index 0000000..1bf102a
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/908-master-Support-including-neighbor-report-elements-in-BTM-re.patch
@@ -0,0 +1,31 @@
+From 9043eff145701c6324ae48966301681adacb89c4 Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 21:16:45 +0800
+Subject: [PATCH 7/9] Support including neighbor report elements in BTM request
+
+---
+ hostapd/ctrl_iface.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
+index 1b5a091..5a82ae6 100644
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -984,8 +984,13 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd,
+ req_mode |= WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT;
+ }
+
+- if (os_strstr(cmd, " pref=1"))
++ if (os_strstr(cmd, " pref=1")) {
+ req_mode |= WNM_BSS_TM_REQ_PREF_CAND_LIST_INCLUDED;
++ if (nei_len == 0) {
++ // Add neigibor report from neighbor report db to nei_rep buffer
++ nei_len = hostapd_neighbor_insert_buffer (hapd, nei_rep, 1000);
++ }
++ }
+ if (os_strstr(cmd, " abridged=1"))
+ req_mode |= WNM_BSS_TM_REQ_ABRIDGED;
+ if (os_strstr(cmd, " disassoc_imminent=1"))
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/909-master-Add-hostapd_neighbor_set_own_report_pref.patch b/recipes-connectivity/wpa-supplicant/files/patches/909-master-Add-hostapd_neighbor_set_own_report_pref.patch
new file mode 100644
index 0000000..14571fe
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/909-master-Add-hostapd_neighbor_set_own_report_pref.patch
@@ -0,0 +1,88 @@
+From 6fc069a54efb892e486dfde59cb97e0023dbbf5d Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 21:27:55 +0800
+Subject: [PATCH 8/9] Add hostapd_neighbor_set_own_report_pref()
+
+If my own BSS is going to terminate itself, the preference value of neighbor
+report must be set to 0.
+---
+ hostapd/ctrl_iface.c | 5 ++++-
+ src/ap/neighbor_db.c | 36 ++++++++++++++++++++++++++++++++++++
+ src/ap/neighbor_db.h | 2 ++
+ 3 files changed, 42 insertions(+), 1 deletion(-)
+
+diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
+index 5a82ae6..3146a25 100644
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -993,8 +993,11 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd,
+ }
+ if (os_strstr(cmd, " abridged=1"))
+ req_mode |= WNM_BSS_TM_REQ_ABRIDGED;
+- if (os_strstr(cmd, " disassoc_imminent=1"))
++ if (os_strstr(cmd, " disassoc_imminent=1")) {
+ req_mode |= WNM_BSS_TM_REQ_DISASSOC_IMMINENT;
++ /* Set own BSS neighbor report preference value as 0 */
++ hostapd_neighbor_set_own_report_pref(hapd, nei_rep, nei_len, 0);
++ }
+
+ #ifdef CONFIG_MBO
+ pos = os_strstr(cmd, "mbo=");
+diff --git a/src/ap/neighbor_db.c b/src/ap/neighbor_db.c
+index ce6865d..bc1b163 100644
+--- a/src/ap/neighbor_db.c
++++ b/src/ap/neighbor_db.c
+@@ -352,3 +352,39 @@ void hostapd_neighbor_set_own_report(struct hostapd_data *hapd)
+ wpabuf_free(nr);
+ #endif /* NEED_AP_MLME */
+ }
++
++
++void hostapd_neighbor_set_own_report_pref(struct hostapd_data *hapd, char *nei_buf,
++ size_t buflen, const int pref)
++{
++ struct hostapd_neighbor_entry *nr;
++ char *pos, *next_nr;
++
++ pos = nei_buf;
++ next_nr = nei_buf;
++
++ dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
++ list) {
++ pos = next_nr;
++ next_nr = pos + 2 + wpabuf_len(nr->nr);
++ /* Shift 2 bytes for Element ID and Neighbor report length */
++ pos = pos + 2;
++ if(os_memcmp(pos, hapd->own_addr, ETH_ALEN) == 0) {
++ /* Shift for BSSID + BSSID info + Op_class + channel num + PHY type */
++ pos = pos + 6 + 4 + 1 + 1 + 1;
++
++ /* Iterate Subelement */
++ while (next_nr - pos > 0) {
++ if (*pos == 3) {
++ pos = pos + 2;
++ *pos = pref;
++ return;
++ } else {
++ pos++;
++ int shift_len = *pos++;
++ pos = pos + shift_len;
++ }
++ }
++ }
++ }
++}
+diff --git a/src/ap/neighbor_db.h b/src/ap/neighbor_db.h
+index 1ae194d..2e16f72 100644
+--- a/src/ap/neighbor_db.h
++++ b/src/ap/neighbor_db.h
+@@ -27,4 +27,6 @@ void hostapd_free_neighbor_db(struct hostapd_data *hapd);
+ int hostapd_neighbor_count(struct hostapd_data *hapd);
+ int hostapd_neighbor_insert_buffer(struct hostapd_data *hapd, char *buf,
+ size_t buflen);
++void hostapd_neighbor_set_own_report_pref(struct hostapd_data *hapd, char *nei_buf,
++ size_t buflen, const int pref);
+ #endif /* NEIGHBOR_DB_H */
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/910-master-Add-hostapd_neighbor_set_pref_by_non_pref_chan.patch b/recipes-connectivity/wpa-supplicant/files/patches/910-master-Add-hostapd_neighbor_set_pref_by_non_pref_chan.patch
new file mode 100644
index 0000000..632475c
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/910-master-Add-hostapd_neighbor_set_pref_by_non_pref_chan.patch
@@ -0,0 +1,101 @@
+From 7aab6cf66cfb7dea480d16e312e0f0eb08e758ab Mon Sep 17 00:00:00 2001
+From: "howard.hsu" <howard-yh.hsu@mediatek.com>
+Date: Wed, 19 Jan 2022 21:32:17 +0800
+Subject: [PATCH 9/9] Add hostapd_neighbor_set_pref_by_non_pref_chan()
+
+The preference value of neighbor report shall be modified according to struct
+non_pref_chan_info.
+---
+ hostapd/ctrl_iface.c | 2 ++
+ src/ap/neighbor_db.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
+ src/ap/neighbor_db.h | 4 ++++
+ 3 files changed, 57 insertions(+)
+
+diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
+index 3146a25..974e5b9 100644
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -1000,6 +1000,8 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd,
+ }
+
+ #ifdef CONFIG_MBO
++ hostapd_neighbor_set_pref_by_non_pref_chan(hapd, sta, nei_rep, nei_len);
++
+ pos = os_strstr(cmd, "mbo=");
+ if (pos) {
+ unsigned int mbo_reason, cell_pref, reassoc_delay;
+diff --git a/src/ap/neighbor_db.c b/src/ap/neighbor_db.c
+index bc1b163..75b6fcc 100644
+--- a/src/ap/neighbor_db.c
++++ b/src/ap/neighbor_db.c
+@@ -388,3 +388,54 @@ void hostapd_neighbor_set_own_report_pref(struct hostapd_data *hapd, char *nei_b
+ }
+ }
+ }
++
++#ifdef CONFIG_MBO
++void hostapd_neighbor_set_pref_by_non_pref_chan(struct hostapd_data *hapd,
++ struct sta_info* sta, char *nei_buf, size_t buflen)
++{
++ struct hostapd_neighbor_entry *nr;
++ struct mbo_non_pref_chan_info *info;
++ u8 i;
++
++ for(info = sta->non_pref_chan; info; info = info->next) {
++ /* Check OP_Class and Channel num */
++ for(i = 0; i < info->num_channels; i++) {
++ char *pos, *next_nr;
++
++ pos = nei_buf;
++ next_nr = nei_buf;
++
++ /* Iterate Neighbor report database */
++ dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
++ list) {
++ pos = next_nr;
++ next_nr = pos + 2 + wpabuf_len(nr->nr);
++ /**
++ * Shift 12 bytes for Element ID, Neighbor report length,
++ * BSSID and BSSID info.
++ */
++ pos = pos + 12;
++ int nr_op_class = *pos++;
++ int nr_channel = *pos;
++ if(info->op_class == nr_op_class && info->channels[i] == nr_channel) {
++ /* Shift for Channel Num + PHY type */
++ pos = pos + 1 + 1;
++
++ // Iterate Subelement
++ while(next_nr - pos > 0) {
++ if(*pos == 3) {
++ pos = pos + 2;
++ *pos = info->pref;
++ break;
++ }else {
++ pos++;
++ int shift_len = *pos++;
++ pos = pos + shift_len;
++ }
++ }
++ }
++ }
++ }
++ }
++}
++#endif
+diff --git a/src/ap/neighbor_db.h b/src/ap/neighbor_db.h
+index 2e16f72..a1ddc07 100644
+--- a/src/ap/neighbor_db.h
++++ b/src/ap/neighbor_db.h
+@@ -29,4 +29,8 @@ int hostapd_neighbor_insert_buffer(struct hostapd_data *hapd, char *buf,
+ size_t buflen);
+ void hostapd_neighbor_set_own_report_pref(struct hostapd_data *hapd, char *nei_buf,
+ size_t buflen, const int pref);
++#ifdef CONFIG_MBO
++void hostapd_neighbor_set_pref_by_non_pref_chan(struct hostapd_data *hapd,
++ struct sta_info* sta, char *nei_buf, size_t buflen);
++#endif
+ #endif /* NEIGHBOR_DB_H */
+--
+2.18.0
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/911-master-print-sae-groups-by-hostapd-ctrl.patch b/recipes-connectivity/wpa-supplicant/files/patches/911-master-print-sae-groups-by-hostapd-ctrl.patch
new file mode 100644
index 0000000..859fdbf
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/911-master-print-sae-groups-by-hostapd-ctrl.patch
@@ -0,0 +1,22 @@
+--- a/hostapd/ctrl_iface.c
++++ b/hostapd/ctrl_iface.c
+@@ -1584,6 +1584,19 @@ static int hostapd_ctrl_iface_get(struct
+ if (os_snprintf_error(buflen, res))
+ return -1;
+ return res;
++ } else if (os_strcmp(cmd, "sae_group_capability") == 0) {
++#ifdef CONFIG_SAE
++ /* see sae_set_group() */
++ res = os_snprintf(buf, buflen, "%s%s%s%s19 20 21",
++ dh_groups_get(15) ? "15 ": "",
++ dh_groups_get(16) ? "16 ": "",
++ dh_groups_get(17) ? "17 ": "",
++ dh_groups_get(18) ? "18 ": "");
++
++ if (os_snprintf_error(buflen, res))
++ return -1;
++ return res;
++#endif /* CONFIG_SAE */
+ }
+
+ return -1;
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/912-master-add-destination-address-of-unsolicited-probe.patch b/recipes-connectivity/wpa-supplicant/files/patches/912-master-add-destination-address-of-unsolicited-probe.patch
new file mode 100644
index 0000000..ae57f36
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/912-master-add-destination-address-of-unsolicited-probe.patch
@@ -0,0 +1,31 @@
+From b5928412d6debbaf624f9d91650b3a60443e3099 Mon Sep 17 00:00:00 2001
+From: MeiChia Chiu <meichia.chiu@mediatek.com>
+Date: Tue, 26 Apr 2022 11:21:14 +0800
+Subject: [PATCH] hostapd: add destination address of unsolicited probe
+ response
+
+without this patch, hostapd generates probe responses with
+null destination address when ap enables unsolicited probe response.
+
+Signed-off-by: MeiChia Chiu <meichia.chiu@mediatek.com>
+---
+ src/ap/beacon.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/ap/beacon.c b/src/ap/beacon.c
+index 8cd1c4170..3c49653cc 100644
+--- a/src/ap/beacon.c
++++ b/src/ap/beacon.c
+@@ -484,6 +484,9 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
+ WLAN_FC_STYPE_PROBE_RESP);
+ if (req)
+ os_memcpy(resp->da, req->sa, ETH_ALEN);
++ else if (hapd->conf->unsol_bcast_probe_resp_interval > 0)
++ os_memset(resp->da, 0xff, ETH_ALEN);
++
+ os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
+
+ os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
+--
+2.29.2
+
diff --git a/recipes-connectivity/wpa-supplicant/files/patches/patches.inc b/recipes-connectivity/wpa-supplicant/files/patches/patches.inc
new file mode 100644
index 0000000..8db63c7
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/patches/patches.inc
@@ -0,0 +1,65 @@
+#patch patches (come from openwrt/lede/target/linux/mediatek)
+SRC_URI_append = " \
+ file://001-wolfssl-init-RNG-with-ECC-key.patch \
+ file://010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch \
+ file://011-mesh-use-deterministic-channel-on-channel-switch.patch \
+ file://021-fix-sta-add-after-previous-connection.patch \
+ file://022-hostapd-fix-use-of-uninitialized-stack-variables.patch \
+ file://023-ndisc_snoop-call-dl_list_del-before-freeing-ipv6-add.patch \
+ file://030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch \
+ file://040-mesh-allow-processing-authentication-frames-in-block.patch \
+ file://050-build_fix.patch \
+ file://100-daemonize_fix.patch \
+ file://200-multicall.patch \
+ file://300-noscan.patch \
+ file://301-mesh-noscan.patch \
+ file://310-rescan_immediately.patch \
+ file://320-optional_rfkill.patch \
+ file://330-nl80211_fix_set_freq.patch \
+ file://340-reload_freq_change.patch \
+ file://341-mesh-ctrl-iface-channel-switch.patch \
+ file://350-nl80211_del_beacon_bss.patch \
+ file://360-ctrl_iface_reload.patch \
+ file://370-ap_sta_support.patch \
+ file://380-disable_ctrl_iface_mib.patch \
+ file://381-hostapd_cli_UNKNOWN-COMMAND.patch \
+ file://390-wpa_ie_cap_workaround.patch \
+ file://400-wps_single_auth_enc_type.patch \
+ file://410-limit_debug_messages.patch \
+ file://420-indicate-features.patch \
+ file://430-hostapd_cli_ifdef.patch \
+ file://431-wpa_cli_ifdef.patch \
+ file://432-missing-typedef.patch \
+ file://450-scan_wait.patch;apply=no \
+ file://460-wpa_supplicant-add-new-config-params-to-be-used-with.patch \
+ file://461-driver_nl80211-use-new-parameters-during-ibss-join.patch \
+ file://463-add-mcast_rate-to-11s.patch \
+ file://464-fix-mesh-obss-check.patch \
+ file://470-survey_data_fallback.patch \
+ file://500-lto-jobserver-support.patch \
+ file://590-rrm-wnm-statistics.patch \
+ file://599-wpa_supplicant-fix-warnings.patch \
+ file://600-ubus_support.patch \
+ file://610-hostapd_cli_ujail_permission.patch \
+ file://700-wifi-reload.patch \
+ file://710-vlan_no_bridge.patch \
+ file://711-wds_bridge_force.patch \
+ file://720-iface_max_num_sta.patch \
+ file://730-ft_iface.patch \
+ file://740-snoop_iface.patch \
+ file://750-qos_map_set_without_interworking.patch \
+ file://751-qos_map_ignore_when_unsupported.patch \
+ file://900-master-sync-include-uapi-linux-nl80211.patch \
+ file://901-master-zero-wait_dfs.patch \
+ file://902-master-Add-hostapd_neighbor_count-and-hostapd_neighbor_inse.patch \
+ file://903-master-Support-including-neighbor-report-elements-in-ANQP-r.patch \
+ file://904-master-Support-including-neignbor-report-elements-in-BTM-re.patch \
+ file://905-master-Support-configuring-BSS-Termination-TSF-by-using-hos.patch \
+ file://906-master-Disable-interface-if-BSS-Termination-TSF-is-set.patch \
+ file://907-master-Add-set_send_disassoc_frame_timer-to-send-disassocia.patch \
+ file://908-master-Support-including-neighbor-report-elements-in-BTM-re.patch \
+ file://909-master-Add-hostapd_neighbor_set_own_report_pref.patch \
+ file://910-master-Add-hostapd_neighbor_set_pref_by_non_pref_chan.patch \
+ file://911-master-print-sae-groups-by-hostapd-ctrl.patch \
+ file://912-master-add-destination-address-of-unsolicited-probe.patch \
+ "
diff --git a/recipes-connectivity/wpa-supplicant/files/src/src/ap/ubus.c b/recipes-connectivity/wpa-supplicant/files/src/src/ap/ubus.c
new file mode 100644
index 0000000..fa325ea
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/src/src/ap/ubus.c
@@ -0,0 +1,2087 @@
+/*
+ * hostapd / ubus support
+ * Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "utils/wpabuf.h"
+#include "common/ieee802_11_defs.h"
+#include "common/hw_features_common.h"
+#include "hostapd.h"
+#include "neighbor_db.h"
+#include "wps_hostapd.h"
+#include "sta_info.h"
+#include "ubus.h"
+#include "ap_drv_ops.h"
+#include "beacon.h"
+#include "rrm.h"
+#include "wnm_ap.h"
+#include "taxonomy.h"
+#include "airtime_policy.h"
+#include "hw_features.h"
+
+static struct ubus_context *ctx;
+static struct blob_buf b;
+static int ctx_ref;
+
+static inline struct hapd_interfaces *get_hapd_interfaces_from_object(struct ubus_object *obj)
+{
+ return container_of(obj, struct hapd_interfaces, ubus);
+}
+
+static inline struct hostapd_data *get_hapd_from_object(struct ubus_object *obj)
+{
+ return container_of(obj, struct hostapd_data, ubus.obj);
+}
+
+struct ubus_banned_client {
+ struct avl_node avl;
+ u8 addr[ETH_ALEN];
+};
+
+static void ubus_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct ubus_context *ctx = eloop_ctx;
+ ubus_handle_event(ctx);
+}
+
+static void ubus_reconnect_timeout(void *eloop_data, void *user_ctx)
+{
+ if (ubus_reconnect(ctx, NULL)) {
+ eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL);
+ return;
+ }
+
+ eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL);
+}
+
+static void hostapd_ubus_connection_lost(struct ubus_context *ctx)
+{
+ eloop_unregister_read_sock(ctx->sock.fd);
+ eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL);
+}
+
+static bool hostapd_ubus_init(void)
+{
+ if (ctx)
+ return true;
+
+ ctx = ubus_connect(NULL);
+ if (!ctx)
+ return false;
+
+ ctx->connection_lost = hostapd_ubus_connection_lost;
+ eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL);
+ return true;
+}
+
+static void hostapd_ubus_ref_inc(void)
+{
+ ctx_ref++;
+}
+
+static void hostapd_ubus_ref_dec(void)
+{
+ ctx_ref--;
+ if (!ctx)
+ return;
+
+ if (ctx_ref)
+ return;
+
+ eloop_unregister_read_sock(ctx->sock.fd);
+ ubus_free(ctx);
+ ctx = NULL;
+}
+
+void hostapd_ubus_add_iface(struct hostapd_iface *iface)
+{
+ if (!hostapd_ubus_init())
+ return;
+}
+
+void hostapd_ubus_free_iface(struct hostapd_iface *iface)
+{
+ if (!ctx)
+ return;
+}
+
+static void hostapd_notify_ubus(struct ubus_object *obj, char *bssname, char *event)
+{
+ char *event_type;
+
+ if (!ctx || !obj)
+ return;
+
+ if (asprintf(&event_type, "bss.%s", event) < 0)
+ return;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_string(&b, "name", bssname);
+ ubus_notify(ctx, obj, event_type, b.head, -1);
+ free(event_type);
+}
+
+static void hostapd_send_procd_event(char *bssname, char *event)
+{
+ char *name, *s;
+ uint32_t id;
+ void *v;
+
+ if (!ctx || ubus_lookup_id(ctx, "service", &id))
+ return;
+
+ if (asprintf(&name, "hostapd.%s.%s", bssname, event) < 0)
+ return;
+
+ blob_buf_init(&b, 0);
+
+ s = blobmsg_alloc_string_buffer(&b, "type", strlen(name) + 1);
+ sprintf(s, "%s", name);
+ blobmsg_add_string_buffer(&b);
+
+ v = blobmsg_open_table(&b, "data");
+ blobmsg_close_table(&b, v);
+
+ ubus_invoke(ctx, id, "event", b.head, NULL, NULL, 1000);
+
+ free(name);
+}
+
+static void hostapd_send_shared_event(struct ubus_object *obj, char *bssname, char *event)
+{
+ hostapd_send_procd_event(bssname, event);
+ hostapd_notify_ubus(obj, bssname, event);
+}
+
+static void
+hostapd_bss_del_ban(void *eloop_data, void *user_ctx)
+{
+ struct ubus_banned_client *ban = eloop_data;
+ struct hostapd_data *hapd = user_ctx;
+
+ avl_delete(&hapd->ubus.banned, &ban->avl);
+ free(ban);
+}
+
+static void
+hostapd_bss_ban_client(struct hostapd_data *hapd, u8 *addr, int time)
+{
+ struct ubus_banned_client *ban;
+
+ if (time < 0)
+ time = 0;
+
+ ban = avl_find_element(&hapd->ubus.banned, addr, ban, avl);
+ if (!ban) {
+ if (!time)
+ return;
+
+ ban = os_zalloc(sizeof(*ban));
+ memcpy(ban->addr, addr, sizeof(ban->addr));
+ ban->avl.key = ban->addr;
+ avl_insert(&hapd->ubus.banned, &ban->avl);
+ } else {
+ eloop_cancel_timeout(hostapd_bss_del_ban, ban, hapd);
+ if (!time) {
+ hostapd_bss_del_ban(ban, hapd);
+ return;
+ }
+ }
+
+ eloop_register_timeout(0, time * 1000, hostapd_bss_del_ban, ban, hapd);
+}
+
+static int
+hostapd_bss_reload(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ int ret = hostapd_reload_config(hapd->iface, 1);
+
+ hostapd_send_shared_event(&hapd->iface->interfaces->ubus, hapd->conf->iface, "reload");
+ return ret;
+}
+
+
+static void
+hostapd_parse_vht_map_blobmsg(uint16_t map)
+{
+ char label[4];
+ int16_t val;
+ int i;
+
+ for (i = 0; i < 8; i++) {
+ snprintf(label, 4, "%dss", i + 1);
+
+ val = (map & (BIT(1) | BIT(0))) + 7;
+ blobmsg_add_u16(&b, label, val == 10 ? -1 : val);
+ map = map >> 2;
+ }
+}
+
+static void
+hostapd_parse_vht_capab_blobmsg(struct ieee80211_vht_capabilities *vhtc)
+{
+ void *supported_mcs;
+ void *map;
+ int i;
+
+ static const struct {
+ const char *name;
+ uint32_t flag;
+ } vht_capas[] = {
+ { "su_beamformee", VHT_CAP_SU_BEAMFORMEE_CAPABLE },
+ { "mu_beamformee", VHT_CAP_MU_BEAMFORMEE_CAPABLE },
+ };
+
+ for (i = 0; i < ARRAY_SIZE(vht_capas); i++)
+ blobmsg_add_u8(&b, vht_capas[i].name,
+ !!(vhtc->vht_capabilities_info & vht_capas[i].flag));
+
+ supported_mcs = blobmsg_open_table(&b, "mcs_map");
+
+ /* RX map */
+ map = blobmsg_open_table(&b, "rx");
+ hostapd_parse_vht_map_blobmsg(le_to_host16(vhtc->vht_supported_mcs_set.rx_map));
+ blobmsg_close_table(&b, map);
+
+ /* TX map */
+ map = blobmsg_open_table(&b, "tx");
+ hostapd_parse_vht_map_blobmsg(le_to_host16(vhtc->vht_supported_mcs_set.tx_map));
+ blobmsg_close_table(&b, map);
+
+ blobmsg_close_table(&b, supported_mcs);
+}
+
+static void
+hostapd_parse_capab_blobmsg(struct sta_info *sta)
+{
+ void *r, *v;
+
+ v = blobmsg_open_table(&b, "capabilities");
+
+ if (sta->vht_capabilities) {
+ r = blobmsg_open_table(&b, "vht");
+ hostapd_parse_vht_capab_blobmsg(sta->vht_capabilities);
+ blobmsg_close_table(&b, r);
+ }
+
+ /* ToDo: Add HT / HE capability parsing */
+
+ blobmsg_close_table(&b, v);
+}
+
+static int
+hostapd_bss_get_clients(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct hostap_sta_driver_data sta_driver_data;
+ struct sta_info *sta;
+ void *list, *c;
+ char mac_buf[20];
+ static const struct {
+ const char *name;
+ uint32_t flag;
+ } sta_flags[] = {
+ { "auth", WLAN_STA_AUTH },
+ { "assoc", WLAN_STA_ASSOC },
+ { "authorized", WLAN_STA_AUTHORIZED },
+ { "preauth", WLAN_STA_PREAUTH },
+ { "wds", WLAN_STA_WDS },
+ { "wmm", WLAN_STA_WMM },
+ { "ht", WLAN_STA_HT },
+ { "vht", WLAN_STA_VHT },
+ { "he", WLAN_STA_HE },
+ { "wps", WLAN_STA_WPS },
+ { "mfp", WLAN_STA_MFP },
+ };
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_u32(&b, "freq", hapd->iface->freq);
+ list = blobmsg_open_table(&b, "clients");
+ for (sta = hapd->sta_list; sta; sta = sta->next) {
+ void *r;
+ int i;
+
+ sprintf(mac_buf, MACSTR, MAC2STR(sta->addr));
+ c = blobmsg_open_table(&b, mac_buf);
+ for (i = 0; i < ARRAY_SIZE(sta_flags); i++)
+ blobmsg_add_u8(&b, sta_flags[i].name,
+ !!(sta->flags & sta_flags[i].flag));
+
+ r = blobmsg_open_array(&b, "rrm");
+ for (i = 0; i < ARRAY_SIZE(sta->rrm_enabled_capa); i++)
+ blobmsg_add_u32(&b, "", sta->rrm_enabled_capa[i]);
+ blobmsg_close_array(&b, r);
+
+ r = blobmsg_open_array(&b, "extended_capabilities");
+ /* Check if client advertises extended capabilities */
+ if (sta->ext_capability && sta->ext_capability[0] > 0) {
+ for (i = 0; i < sta->ext_capability[0]; i++) {
+ blobmsg_add_u32(&b, "", sta->ext_capability[1 + i]);
+ }
+ }
+ blobmsg_close_array(&b, r);
+
+ blobmsg_add_u32(&b, "aid", sta->aid);
+#ifdef CONFIG_TAXONOMY
+ r = blobmsg_alloc_string_buffer(&b, "signature", 1024);
+ if (retrieve_sta_taxonomy(hapd, sta, r, 1024) > 0)
+ blobmsg_add_string_buffer(&b);
+#endif
+
+ /* Driver information */
+ if (hostapd_drv_read_sta_data(hapd, &sta_driver_data, sta->addr) >= 0) {
+ r = blobmsg_open_table(&b, "bytes");
+ blobmsg_add_u64(&b, "rx", sta_driver_data.rx_bytes);
+ blobmsg_add_u64(&b, "tx", sta_driver_data.tx_bytes);
+ blobmsg_close_table(&b, r);
+ r = blobmsg_open_table(&b, "airtime");
+ blobmsg_add_u64(&b, "rx", sta_driver_data.rx_airtime);
+ blobmsg_add_u64(&b, "tx", sta_driver_data.tx_airtime);
+ blobmsg_close_table(&b, r);
+ r = blobmsg_open_table(&b, "packets");
+ blobmsg_add_u32(&b, "rx", sta_driver_data.rx_packets);
+ blobmsg_add_u32(&b, "tx", sta_driver_data.tx_packets);
+ blobmsg_close_table(&b, r);
+ r = blobmsg_open_table(&b, "rate");
+ /* Rate in kbits */
+ blobmsg_add_u32(&b, "rx", sta_driver_data.current_rx_rate * 100);
+ blobmsg_add_u32(&b, "tx", sta_driver_data.current_tx_rate * 100);
+ blobmsg_close_table(&b, r);
+ blobmsg_add_u32(&b, "signal", sta_driver_data.signal);
+ }
+
+ hostapd_parse_capab_blobmsg(sta);
+
+ blobmsg_close_table(&b, c);
+ }
+ blobmsg_close_array(&b, list);
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+static int
+hostapd_bss_get_features(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_u8(&b, "ht_supported", ht_supported(hapd->iface->hw_features));
+ blobmsg_add_u8(&b, "vht_supported", vht_supported(hapd->iface->hw_features));
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+/* Imported from iw/util.c
+ * https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/tree/util.c?id=4b25ae3537af48dbf9d0abf94132e5ba01b32c18#n200
+ */
+int ieee80211_frequency_to_channel(int freq)
+{
+ /* see 802.11-2007 17.3.8.3.2 and Annex J */
+ if (freq == 2484)
+ return 14;
+ /* see 802.11ax D6.1 27.3.23.2 and Annex E */
+ else if (freq == 5935)
+ return 2;
+ else if (freq < 2484)
+ return (freq - 2407) / 5;
+ else if (freq >= 4910 && freq <= 4980)
+ return (freq - 4000) / 5;
+ else if (freq < 5950)
+ return (freq - 5000) / 5;
+ else if (freq <= 45000) /* DMG band lower limit */
+ /* see 802.11ax D6.1 27.3.23.2 */
+ return (freq - 5950) / 5;
+ else if (freq >= 58320 && freq <= 70200)
+ return (freq - 56160) / 2160;
+ else
+ return 0;
+}
+
+static int
+hostapd_bss_get_status(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ void *airtime_table, *dfs_table, *rrm_table, *wnm_table;
+ struct os_reltime now;
+ char ssid[SSID_MAX_LEN + 1];
+ char phy_name[17];
+ size_t ssid_len = SSID_MAX_LEN;
+ u8 channel = 0, op_class = 0;
+
+ if (hapd->conf->ssid.ssid_len < SSID_MAX_LEN)
+ ssid_len = hapd->conf->ssid.ssid_len;
+
+ ieee80211_freq_to_channel_ext(hapd->iface->freq,
+ hapd->iconf->secondary_channel,
+ hostapd_get_oper_chwidth(hapd->iconf),
+ &op_class, &channel);
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_string(&b, "status", hostapd_state_text(hapd->iface->state));
+ blobmsg_printf(&b, "bssid", MACSTR, MAC2STR(hapd->conf->bssid));
+
+ memset(ssid, 0, SSID_MAX_LEN + 1);
+ memcpy(ssid, hapd->conf->ssid.ssid, ssid_len);
+ blobmsg_add_string(&b, "ssid", ssid);
+
+ blobmsg_add_u32(&b, "freq", hapd->iface->freq);
+ blobmsg_add_u32(&b, "channel", channel);
+ blobmsg_add_u32(&b, "op_class", op_class);
+ blobmsg_add_u32(&b, "beacon_interval", hapd->iconf->beacon_int);
+
+ snprintf(phy_name, 17, "%s", hapd->iface->phy);
+ blobmsg_add_string(&b, "phy", phy_name);
+
+ /* RRM */
+ rrm_table = blobmsg_open_table(&b, "rrm");
+ blobmsg_add_u64(&b, "neighbor_report_tx", hapd->openwrt_stats.rrm.neighbor_report_tx);
+ blobmsg_close_table(&b, rrm_table);
+
+ /* WNM */
+ wnm_table = blobmsg_open_table(&b, "wnm");
+ blobmsg_add_u64(&b, "bss_transition_query_rx", hapd->openwrt_stats.wnm.bss_transition_query_rx);
+ blobmsg_add_u64(&b, "bss_transition_request_tx", hapd->openwrt_stats.wnm.bss_transition_request_tx);
+ blobmsg_add_u64(&b, "bss_transition_response_rx", hapd->openwrt_stats.wnm.bss_transition_response_rx);
+ blobmsg_close_table(&b, wnm_table);
+
+ /* Airtime */
+ airtime_table = blobmsg_open_table(&b, "airtime");
+ blobmsg_add_u64(&b, "time", hapd->iface->last_channel_time);
+ blobmsg_add_u64(&b, "time_busy", hapd->iface->last_channel_time_busy);
+ blobmsg_add_u16(&b, "utilization", hapd->iface->channel_utilization);
+ blobmsg_close_table(&b, airtime_table);
+
+ /* DFS */
+ dfs_table = blobmsg_open_table(&b, "dfs");
+ blobmsg_add_u32(&b, "cac_seconds", hapd->iface->dfs_cac_ms / 1000);
+ blobmsg_add_u8(&b, "cac_active", !!(hapd->iface->cac_started));
+ os_reltime_age(&hapd->iface->dfs_cac_start, &now);
+ blobmsg_add_u32(&b, "cac_seconds_left",
+ hapd->iface->cac_started ? hapd->iface->dfs_cac_ms / 1000 - now.sec : 0);
+ blobmsg_close_table(&b, dfs_table);
+
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+enum {
+ NOTIFY_RESPONSE,
+ __NOTIFY_MAX
+};
+
+static const struct blobmsg_policy notify_policy[__NOTIFY_MAX] = {
+ [NOTIFY_RESPONSE] = { "notify_response", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+hostapd_notify_response(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__NOTIFY_MAX];
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
+ struct wpabuf *elems;
+ const char *pos;
+ size_t len;
+
+ blobmsg_parse(notify_policy, __NOTIFY_MAX, tb,
+ blob_data(msg), blob_len(msg));
+
+ if (!tb[NOTIFY_RESPONSE])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ hapd->ubus.notify_response = blobmsg_get_u32(tb[NOTIFY_RESPONSE]);
+
+ return UBUS_STATUS_OK;
+}
+
+enum {
+ DEL_CLIENT_ADDR,
+ DEL_CLIENT_REASON,
+ DEL_CLIENT_DEAUTH,
+ DEL_CLIENT_BAN_TIME,
+ __DEL_CLIENT_MAX
+};
+
+static const struct blobmsg_policy del_policy[__DEL_CLIENT_MAX] = {
+ [DEL_CLIENT_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
+ [DEL_CLIENT_REASON] = { "reason", BLOBMSG_TYPE_INT32 },
+ [DEL_CLIENT_DEAUTH] = { "deauth", BLOBMSG_TYPE_INT8 },
+ [DEL_CLIENT_BAN_TIME] = { "ban_time", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+hostapd_bss_del_client(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__DEL_CLIENT_MAX];
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct sta_info *sta;
+ bool deauth = false;
+ int reason;
+ u8 addr[ETH_ALEN];
+
+ blobmsg_parse(del_policy, __DEL_CLIENT_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[DEL_CLIENT_ADDR])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (hwaddr_aton(blobmsg_data(tb[DEL_CLIENT_ADDR]), addr))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (tb[DEL_CLIENT_REASON])
+ reason = blobmsg_get_u32(tb[DEL_CLIENT_REASON]);
+
+ if (tb[DEL_CLIENT_DEAUTH])
+ deauth = blobmsg_get_bool(tb[DEL_CLIENT_DEAUTH]);
+
+ sta = ap_get_sta(hapd, addr);
+ if (sta) {
+ if (deauth) {
+ hostapd_drv_sta_deauth(hapd, addr, reason);
+ ap_sta_deauthenticate(hapd, sta, reason);
+ } else {
+ hostapd_drv_sta_disassoc(hapd, addr, reason);
+ ap_sta_disassociate(hapd, sta, reason);
+ }
+ }
+
+ if (tb[DEL_CLIENT_BAN_TIME])
+ hostapd_bss_ban_client(hapd, addr, blobmsg_get_u32(tb[DEL_CLIENT_BAN_TIME]));
+
+ return 0;
+}
+
+static void
+blobmsg_add_macaddr(struct blob_buf *buf, const char *name, const u8 *addr)
+{
+ char *s;
+
+ s = blobmsg_alloc_string_buffer(buf, name, 20);
+ sprintf(s, MACSTR, MAC2STR(addr));
+ blobmsg_add_string_buffer(buf);
+}
+
+static int
+hostapd_bss_list_bans(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct ubus_banned_client *ban;
+ void *c;
+
+ blob_buf_init(&b, 0);
+ c = blobmsg_open_array(&b, "clients");
+ avl_for_each_element(&hapd->ubus.banned, ban, avl)
+ blobmsg_add_macaddr(&b, NULL, ban->addr);
+ blobmsg_close_array(&b, c);
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+#ifdef CONFIG_WPS
+static int
+hostapd_bss_wps_start(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ int rc;
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+
+ rc = hostapd_wps_button_pushed(hapd, NULL);
+
+ if (rc != 0)
+ return UBUS_STATUS_NOT_SUPPORTED;
+
+ return 0;
+}
+
+
+static const char * pbc_status_enum_str(enum pbc_status status)
+{
+ switch (status) {
+ case WPS_PBC_STATUS_DISABLE:
+ return "Disabled";
+ case WPS_PBC_STATUS_ACTIVE:
+ return "Active";
+ case WPS_PBC_STATUS_TIMEOUT:
+ return "Timed-out";
+ case WPS_PBC_STATUS_OVERLAP:
+ return "Overlap";
+ default:
+ return "Unknown";
+ }
+}
+
+static int
+hostapd_bss_wps_status(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ int rc;
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+
+ blob_buf_init(&b, 0);
+
+ blobmsg_add_string(&b, "pbc_status", pbc_status_enum_str(hapd->wps_stats.pbc_status));
+ blobmsg_add_string(&b, "last_wps_result",
+ (hapd->wps_stats.status == WPS_STATUS_SUCCESS ?
+ "Success":
+ (hapd->wps_stats.status == WPS_STATUS_FAILURE ?
+ "Failed" : "None")));
+
+ /* If status == Failure - Add possible Reasons */
+ if(hapd->wps_stats.status == WPS_STATUS_FAILURE &&
+ hapd->wps_stats.failure_reason > 0)
+ blobmsg_add_string(&b, "reason", wps_ei_str(hapd->wps_stats.failure_reason));
+
+ if (hapd->wps_stats.status)
+ blobmsg_printf(&b, "peer_address", MACSTR, MAC2STR(hapd->wps_stats.peer_addr));
+
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+static int
+hostapd_bss_wps_cancel(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ int rc;
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+
+ rc = hostapd_wps_cancel(hapd);
+
+ if (rc != 0)
+ return UBUS_STATUS_NOT_SUPPORTED;
+
+ return 0;
+}
+#endif /* CONFIG_WPS */
+
+static int
+hostapd_bss_update_beacon(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ int rc;
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+
+ rc = ieee802_11_set_beacon(hapd);
+
+ if (rc != 0)
+ return UBUS_STATUS_NOT_SUPPORTED;
+
+ return 0;
+}
+
+enum {
+ CONFIG_IFACE,
+ CONFIG_FILE,
+ __CONFIG_MAX
+};
+
+static const struct blobmsg_policy config_add_policy[__CONFIG_MAX] = {
+ [CONFIG_IFACE] = { "iface", BLOBMSG_TYPE_STRING },
+ [CONFIG_FILE] = { "config", BLOBMSG_TYPE_STRING },
+};
+
+static int
+hostapd_config_add(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__CONFIG_MAX];
+ struct hapd_interfaces *interfaces = get_hapd_interfaces_from_object(obj);
+ char buf[128];
+
+ blobmsg_parse(config_add_policy, __CONFIG_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[CONFIG_FILE] || !tb[CONFIG_IFACE])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ snprintf(buf, sizeof(buf), "bss_config=%s:%s",
+ blobmsg_get_string(tb[CONFIG_IFACE]),
+ blobmsg_get_string(tb[CONFIG_FILE]));
+
+ if (hostapd_add_iface(interfaces, buf))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_u32(&b, "pid", getpid());
+ ubus_send_reply(ctx, req, b.head);
+
+ return UBUS_STATUS_OK;
+}
+
+enum {
+ CONFIG_REM_IFACE,
+ __CONFIG_REM_MAX
+};
+
+static const struct blobmsg_policy config_remove_policy[__CONFIG_REM_MAX] = {
+ [CONFIG_REM_IFACE] = { "iface", BLOBMSG_TYPE_STRING },
+};
+
+static int
+hostapd_config_remove(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__CONFIG_REM_MAX];
+ struct hapd_interfaces *interfaces = get_hapd_interfaces_from_object(obj);
+ char buf[128];
+
+ blobmsg_parse(config_remove_policy, __CONFIG_REM_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[CONFIG_REM_IFACE])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (hostapd_remove_iface(interfaces, blobmsg_get_string(tb[CONFIG_REM_IFACE])))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ return UBUS_STATUS_OK;
+}
+
+enum {
+ CSA_FREQ,
+ CSA_BCN_COUNT,
+ CSA_CENTER_FREQ1,
+ CSA_CENTER_FREQ2,
+ CSA_BANDWIDTH,
+ CSA_SEC_CHANNEL_OFFSET,
+ CSA_HT,
+ CSA_VHT,
+ CSA_HE,
+ CSA_BLOCK_TX,
+ CSA_FORCE,
+ __CSA_MAX
+};
+
+static const struct blobmsg_policy csa_policy[__CSA_MAX] = {
+ [CSA_FREQ] = { "freq", BLOBMSG_TYPE_INT32 },
+ [CSA_BCN_COUNT] = { "bcn_count", BLOBMSG_TYPE_INT32 },
+ [CSA_CENTER_FREQ1] = { "center_freq1", BLOBMSG_TYPE_INT32 },
+ [CSA_CENTER_FREQ2] = { "center_freq2", BLOBMSG_TYPE_INT32 },
+ [CSA_BANDWIDTH] = { "bandwidth", BLOBMSG_TYPE_INT32 },
+ [CSA_SEC_CHANNEL_OFFSET] = { "sec_channel_offset", BLOBMSG_TYPE_INT32 },
+ [CSA_HT] = { "ht", BLOBMSG_TYPE_BOOL },
+ [CSA_VHT] = { "vht", BLOBMSG_TYPE_BOOL },
+ [CSA_HE] = { "he", BLOBMSG_TYPE_BOOL },
+ [CSA_BLOCK_TX] = { "block_tx", BLOBMSG_TYPE_BOOL },
+ [CSA_FORCE] = { "force", BLOBMSG_TYPE_BOOL },
+};
+
+
+static void switch_chan_fallback_cb(void *eloop_data, void *user_ctx)
+{
+ struct hostapd_iface *iface = eloop_data;
+ struct hostapd_freq_params *freq_params = user_ctx;
+
+ hostapd_switch_channel_fallback(iface, freq_params);
+}
+
+#ifdef NEED_AP_MLME
+static int
+hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__CSA_MAX];
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
+ struct hostapd_config *iconf = hapd->iface->conf;
+ struct hostapd_freq_params *freq_params;
+ struct hostapd_hw_modes *mode = hapd->iface->current_mode;
+ struct csa_settings css = {
+ .freq_params = {
+ .ht_enabled = iconf->ieee80211n,
+ .vht_enabled = iconf->ieee80211ac,
+ .he_enabled = iconf->ieee80211ax,
+ .sec_channel_offset = iconf->secondary_channel,
+ }
+ };
+ u8 chwidth = hostapd_get_oper_chwidth(iconf);
+ u8 seg0 = 0, seg1 = 0;
+ int ret = UBUS_STATUS_OK;
+ int i;
+
+ blobmsg_parse(csa_policy, __CSA_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[CSA_FREQ])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ switch (iconf->vht_oper_chwidth) {
+ case CHANWIDTH_USE_HT:
+ if (iconf->secondary_channel)
+ css.freq_params.bandwidth = 40;
+ else
+ css.freq_params.bandwidth = 20;
+ break;
+ case CHANWIDTH_160MHZ:
+ css.freq_params.bandwidth = 160;
+ break;
+ default:
+ css.freq_params.bandwidth = 80;
+ break;
+ }
+
+ css.freq_params.freq = blobmsg_get_u32(tb[CSA_FREQ]);
+
+#define SET_CSA_SETTING(name, field, type) \
+ do { \
+ if (tb[name]) \
+ css.field = blobmsg_get_ ## type(tb[name]); \
+ } while(0)
+
+ SET_CSA_SETTING(CSA_BCN_COUNT, cs_count, u32);
+ SET_CSA_SETTING(CSA_CENTER_FREQ1, freq_params.center_freq1, u32);
+ SET_CSA_SETTING(CSA_CENTER_FREQ2, freq_params.center_freq2, u32);
+ SET_CSA_SETTING(CSA_BANDWIDTH, freq_params.bandwidth, u32);
+ SET_CSA_SETTING(CSA_SEC_CHANNEL_OFFSET, freq_params.sec_channel_offset, u32);
+ SET_CSA_SETTING(CSA_HT, freq_params.ht_enabled, bool);
+ SET_CSA_SETTING(CSA_VHT, freq_params.vht_enabled, bool);
+ SET_CSA_SETTING(CSA_HE, freq_params.he_enabled, bool);
+ SET_CSA_SETTING(CSA_BLOCK_TX, block_tx, bool);
+
+ css.freq_params.channel = hostapd_hw_get_channel(hapd, css.freq_params.freq);
+ if (!css.freq_params.channel)
+ return UBUS_STATUS_NOT_SUPPORTED;
+
+ switch (css.freq_params.bandwidth) {
+ case 160:
+ chwidth = CHANWIDTH_160MHZ;
+ break;
+ case 80:
+ chwidth = css.freq_params.center_freq2 ? CHANWIDTH_80P80MHZ : CHANWIDTH_80MHZ;
+ break;
+ default:
+ chwidth = CHANWIDTH_USE_HT;
+ break;
+ }
+
+ hostapd_set_freq_params(&css.freq_params, iconf->hw_mode,
+ css.freq_params.freq,
+ css.freq_params.channel, iconf->enable_edmg,
+ iconf->edmg_channel,
+ css.freq_params.ht_enabled,
+ css.freq_params.vht_enabled,
+ css.freq_params.he_enabled,
+ css.freq_params.sec_channel_offset,
+ chwidth, seg0, seg1,
+ iconf->vht_capab,
+ mode ? &mode->he_capab[IEEE80211_MODE_AP] :
+ NULL);
+
+ for (i = 0; i < hapd->iface->num_bss; i++) {
+ struct hostapd_data *bss = hapd->iface->bss[i];
+
+ if (hostapd_switch_channel(bss, &css) != 0)
+ ret = UBUS_STATUS_NOT_SUPPORTED;
+ }
+
+ if (!ret || !tb[CSA_FORCE] || !blobmsg_get_bool(tb[CSA_FORCE]))
+ return ret;
+
+ freq_params = malloc(sizeof(*freq_params));
+ memcpy(freq_params, &css.freq_params, sizeof(*freq_params));
+ eloop_register_timeout(0, 1, switch_chan_fallback_cb,
+ hapd->iface, freq_params);
+
+ return 0;
+#undef SET_CSA_SETTING
+}
+#endif
+
+enum {
+ VENDOR_ELEMENTS,
+ __VENDOR_ELEMENTS_MAX
+};
+
+static const struct blobmsg_policy ve_policy[__VENDOR_ELEMENTS_MAX] = {
+ /* vendor elements are provided as hex-string */
+ [VENDOR_ELEMENTS] = { "vendor_elements", BLOBMSG_TYPE_STRING },
+};
+
+static int
+hostapd_vendor_elements(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__VENDOR_ELEMENTS_MAX];
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
+ struct hostapd_bss_config *bss = hapd->conf;
+ struct wpabuf *elems;
+ const char *pos;
+ size_t len;
+
+ blobmsg_parse(ve_policy, __VENDOR_ELEMENTS_MAX, tb,
+ blob_data(msg), blob_len(msg));
+
+ if (!tb[VENDOR_ELEMENTS])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ pos = blobmsg_data(tb[VENDOR_ELEMENTS]);
+ len = os_strlen(pos);
+ if (len & 0x01)
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ len /= 2;
+ if (len == 0) {
+ wpabuf_free(bss->vendor_elements);
+ bss->vendor_elements = NULL;
+ return 0;
+ }
+
+ elems = wpabuf_alloc(len);
+ if (elems == NULL)
+ return 1;
+
+ if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
+ wpabuf_free(elems);
+ return UBUS_STATUS_INVALID_ARGUMENT;
+ }
+
+ wpabuf_free(bss->vendor_elements);
+ bss->vendor_elements = elems;
+
+ /* update beacons if vendor elements were set successfully */
+ if (ieee802_11_update_beacons(hapd->iface) != 0)
+ return UBUS_STATUS_NOT_SUPPORTED;
+ return UBUS_STATUS_OK;
+}
+
+static void
+hostapd_rrm_print_nr(struct hostapd_neighbor_entry *nr)
+{
+ const u8 *data;
+ char *str;
+ int len;
+
+ blobmsg_printf(&b, "", MACSTR, MAC2STR(nr->bssid));
+
+ str = blobmsg_alloc_string_buffer(&b, "", nr->ssid.ssid_len + 1);
+ memcpy(str, nr->ssid.ssid, nr->ssid.ssid_len);
+ str[nr->ssid.ssid_len] = 0;
+ blobmsg_add_string_buffer(&b);
+
+ len = wpabuf_len(nr->nr);
+ str = blobmsg_alloc_string_buffer(&b, "", 2 * len + 1);
+ wpa_snprintf_hex(str, 2 * len + 1, wpabuf_head_u8(nr->nr), len);
+ blobmsg_add_string_buffer(&b);
+}
+
+enum {
+ BSS_MGMT_EN_NEIGHBOR,
+ BSS_MGMT_EN_BEACON,
+ BSS_MGMT_EN_LINK_MEASUREMENT,
+#ifdef CONFIG_WNM_AP
+ BSS_MGMT_EN_BSS_TRANSITION,
+#endif
+ __BSS_MGMT_EN_MAX
+};
+
+static bool
+__hostapd_bss_mgmt_enable_f(struct hostapd_data *hapd, int flag)
+{
+ struct hostapd_bss_config *bss = hapd->conf;
+ uint32_t flags;
+
+ switch (flag) {
+ case BSS_MGMT_EN_NEIGHBOR:
+ if (bss->radio_measurements[0] &
+ WLAN_RRM_CAPS_NEIGHBOR_REPORT)
+ return false;
+
+ bss->radio_measurements[0] |=
+ WLAN_RRM_CAPS_NEIGHBOR_REPORT;
+ hostapd_neighbor_set_own_report(hapd);
+ return true;
+ case BSS_MGMT_EN_BEACON:
+ flags = WLAN_RRM_CAPS_BEACON_REPORT_PASSIVE |
+ WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE |
+ WLAN_RRM_CAPS_BEACON_REPORT_TABLE;
+
+ if (bss->radio_measurements[0] & flags == flags)
+ return false;
+
+ bss->radio_measurements[0] |= (u8) flags;
+ return true;
+ case BSS_MGMT_EN_LINK_MEASUREMENT:
+ flags = WLAN_RRM_CAPS_LINK_MEASUREMENT;
+
+ if (bss->radio_measurements[0] & flags == flags)
+ return false;
+
+ bss->radio_measurements[0] |= (u8) flags;
+ return true;
+#ifdef CONFIG_WNM_AP
+ case BSS_MGMT_EN_BSS_TRANSITION:
+ if (bss->bss_transition)
+ return false;
+
+ bss->bss_transition = 1;
+ return true;
+#endif
+ }
+}
+
+static void
+__hostapd_bss_mgmt_enable(struct hostapd_data *hapd, uint32_t flags)
+{
+ bool update = false;
+ int i;
+
+ for (i = 0; i < __BSS_MGMT_EN_MAX; i++) {
+ if (!(flags & (1 << i)))
+ continue;
+
+ update |= __hostapd_bss_mgmt_enable_f(hapd, i);
+ }
+
+ if (update)
+ ieee802_11_update_beacons(hapd->iface);
+}
+
+
+static const struct blobmsg_policy bss_mgmt_enable_policy[__BSS_MGMT_EN_MAX] = {
+ [BSS_MGMT_EN_NEIGHBOR] = { "neighbor_report", BLOBMSG_TYPE_BOOL },
+ [BSS_MGMT_EN_BEACON] = { "beacon_report", BLOBMSG_TYPE_BOOL },
+ [BSS_MGMT_EN_LINK_MEASUREMENT] = { "link_measurement", BLOBMSG_TYPE_BOOL },
+#ifdef CONFIG_WNM_AP
+ [BSS_MGMT_EN_BSS_TRANSITION] = { "bss_transition", BLOBMSG_TYPE_BOOL },
+#endif
+};
+
+static int
+hostapd_bss_mgmt_enable(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+
+{
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
+ struct blob_attr *tb[__BSS_MGMT_EN_MAX];
+ struct blob_attr *cur;
+ uint32_t flags = 0;
+ int i;
+ bool neigh = false, beacon = false;
+
+ blobmsg_parse(bss_mgmt_enable_policy, __BSS_MGMT_EN_MAX, tb, blob_data(msg), blob_len(msg));
+
+ for (i = 0; i < ARRAY_SIZE(tb); i++) {
+ if (!tb[i] || !blobmsg_get_bool(tb[i]))
+ continue;
+
+ flags |= (1 << i);
+ }
+
+ __hostapd_bss_mgmt_enable(hapd, flags);
+}
+
+
+static void
+hostapd_rrm_nr_enable(struct hostapd_data *hapd)
+{
+ __hostapd_bss_mgmt_enable(hapd, 1 << BSS_MGMT_EN_NEIGHBOR);
+}
+
+static int
+hostapd_rrm_nr_get_own(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
+ struct hostapd_neighbor_entry *nr;
+ void *c;
+
+ hostapd_rrm_nr_enable(hapd);
+
+ nr = hostapd_neighbor_get(hapd, hapd->own_addr, NULL);
+ if (!nr)
+ return UBUS_STATUS_NOT_FOUND;
+
+ blob_buf_init(&b, 0);
+
+ c = blobmsg_open_array(&b, "value");
+ hostapd_rrm_print_nr(nr);
+ blobmsg_close_array(&b, c);
+
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+static int
+hostapd_rrm_nr_list(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
+ struct hostapd_neighbor_entry *nr;
+ void *c;
+
+ hostapd_rrm_nr_enable(hapd);
+ blob_buf_init(&b, 0);
+
+ c = blobmsg_open_array(&b, "list");
+ dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry, list) {
+ void *cur;
+
+ if (!memcmp(nr->bssid, hapd->own_addr, ETH_ALEN))
+ continue;
+
+ cur = blobmsg_open_array(&b, NULL);
+ hostapd_rrm_print_nr(nr);
+ blobmsg_close_array(&b, cur);
+ }
+ blobmsg_close_array(&b, c);
+
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+enum {
+ NR_SET_LIST,
+ __NR_SET_LIST_MAX
+};
+
+static const struct blobmsg_policy nr_set_policy[__NR_SET_LIST_MAX] = {
+ [NR_SET_LIST] = { "list", BLOBMSG_TYPE_ARRAY },
+};
+
+
+static void
+hostapd_rrm_nr_clear(struct hostapd_data *hapd)
+{
+ struct hostapd_neighbor_entry *nr;
+
+restart:
+ dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry, list) {
+ if (!memcmp(nr->bssid, hapd->own_addr, ETH_ALEN))
+ continue;
+
+ hostapd_neighbor_remove(hapd, nr->bssid, &nr->ssid);
+ goto restart;
+ }
+}
+
+static int
+hostapd_rrm_nr_set(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ static const struct blobmsg_policy nr_e_policy[] = {
+ { .type = BLOBMSG_TYPE_STRING },
+ { .type = BLOBMSG_TYPE_STRING },
+ { .type = BLOBMSG_TYPE_STRING },
+ };
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
+ struct blob_attr *tb_l[__NR_SET_LIST_MAX];
+ struct blob_attr *tb[ARRAY_SIZE(nr_e_policy)];
+ struct blob_attr *cur;
+ int rem;
+
+ hostapd_rrm_nr_enable(hapd);
+
+ blobmsg_parse(nr_set_policy, __NR_SET_LIST_MAX, tb_l, blob_data(msg), blob_len(msg));
+ if (!tb_l[NR_SET_LIST])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ hostapd_rrm_nr_clear(hapd);
+ blobmsg_for_each_attr(cur, tb_l[NR_SET_LIST], rem) {
+ struct wpa_ssid_value ssid;
+ struct wpabuf *data;
+ u8 bssid[ETH_ALEN];
+ char *s, *nr_s;
+
+ blobmsg_parse_array(nr_e_policy, ARRAY_SIZE(nr_e_policy), tb, blobmsg_data(cur), blobmsg_data_len(cur));
+ if (!tb[0] || !tb[1] || !tb[2])
+ goto invalid;
+
+ /* Neighbor Report binary */
+ nr_s = blobmsg_get_string(tb[2]);
+ data = wpabuf_parse_bin(nr_s);
+ if (!data)
+ goto invalid;
+
+ /* BSSID */
+ s = blobmsg_get_string(tb[0]);
+ if (strlen(s) == 0) {
+ /* Copy BSSID from neighbor report */
+ if (hwaddr_compact_aton(nr_s, bssid))
+ goto invalid;
+ } else if (hwaddr_aton(s, bssid)) {
+ goto invalid;
+ }
+
+ /* SSID */
+ s = blobmsg_get_string(tb[1]);
+ if (strlen(s) == 0) {
+ /* Copy SSID from hostapd BSS conf */
+ memcpy(&ssid, &hapd->conf->ssid, sizeof(ssid));
+ } else {
+ ssid.ssid_len = strlen(s);
+ if (ssid.ssid_len > sizeof(ssid.ssid))
+ goto invalid;
+
+ memcpy(&ssid, s, ssid.ssid_len);
+ }
+
+ hostapd_neighbor_set(hapd, bssid, &ssid, data, NULL, NULL, 0, 0);
+ wpabuf_free(data);
+ continue;
+
+invalid:
+ return UBUS_STATUS_INVALID_ARGUMENT;
+ }
+
+ return 0;
+}
+
+enum {
+ BEACON_REQ_ADDR,
+ BEACON_REQ_MODE,
+ BEACON_REQ_OP_CLASS,
+ BEACON_REQ_CHANNEL,
+ BEACON_REQ_DURATION,
+ BEACON_REQ_BSSID,
+ BEACON_REQ_SSID,
+ __BEACON_REQ_MAX,
+};
+
+static const struct blobmsg_policy beacon_req_policy[__BEACON_REQ_MAX] = {
+ [BEACON_REQ_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
+ [BEACON_REQ_OP_CLASS] { "op_class", BLOBMSG_TYPE_INT32 },
+ [BEACON_REQ_CHANNEL] { "channel", BLOBMSG_TYPE_INT32 },
+ [BEACON_REQ_DURATION] { "duration", BLOBMSG_TYPE_INT32 },
+ [BEACON_REQ_MODE] { "mode", BLOBMSG_TYPE_INT32 },
+ [BEACON_REQ_BSSID] { "bssid", BLOBMSG_TYPE_STRING },
+ [BEACON_REQ_SSID] { "ssid", BLOBMSG_TYPE_STRING },
+};
+
+static int
+hostapd_rrm_beacon_req(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *ureq, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct blob_attr *tb[__BEACON_REQ_MAX];
+ struct blob_attr *cur;
+ struct wpabuf *req;
+ u8 bssid[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ u8 addr[ETH_ALEN];
+ int mode, rem, ret;
+ int buf_len = 13;
+
+ blobmsg_parse(beacon_req_policy, __BEACON_REQ_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[BEACON_REQ_ADDR] || !tb[BEACON_REQ_MODE] || !tb[BEACON_REQ_DURATION] ||
+ !tb[BEACON_REQ_OP_CLASS] || !tb[BEACON_REQ_CHANNEL])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (tb[BEACON_REQ_SSID])
+ buf_len += blobmsg_data_len(tb[BEACON_REQ_SSID]) + 2 - 1;
+
+ mode = blobmsg_get_u32(tb[BEACON_REQ_MODE]);
+ if (hwaddr_aton(blobmsg_data(tb[BEACON_REQ_ADDR]), addr))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (tb[BEACON_REQ_BSSID] &&
+ hwaddr_aton(blobmsg_data(tb[BEACON_REQ_BSSID]), bssid))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ req = wpabuf_alloc(buf_len);
+ if (!req)
+ return UBUS_STATUS_UNKNOWN_ERROR;
+
+ /* 1: regulatory class */
+ wpabuf_put_u8(req, blobmsg_get_u32(tb[BEACON_REQ_OP_CLASS]));
+
+ /* 2: channel number */
+ wpabuf_put_u8(req, blobmsg_get_u32(tb[BEACON_REQ_CHANNEL]));
+
+ /* 3-4: randomization interval */
+ wpabuf_put_le16(req, 0);
+
+ /* 5-6: duration */
+ wpabuf_put_le16(req, blobmsg_get_u32(tb[BEACON_REQ_DURATION]));
+
+ /* 7: mode */
+ wpabuf_put_u8(req, blobmsg_get_u32(tb[BEACON_REQ_MODE]));
+
+ /* 8-13: BSSID */
+ wpabuf_put_data(req, bssid, ETH_ALEN);
+
+ if ((cur = tb[BEACON_REQ_SSID]) != NULL) {
+ wpabuf_put_u8(req, WLAN_EID_SSID);
+ wpabuf_put_u8(req, blobmsg_data_len(cur) - 1);
+ wpabuf_put_data(req, blobmsg_data(cur), blobmsg_data_len(cur) - 1);
+ }
+
+ ret = hostapd_send_beacon_req(hapd, addr, 0, req);
+ if (ret < 0)
+ return -ret;
+
+ return 0;
+}
+
+enum {
+ LM_REQ_ADDR,
+ LM_REQ_TX_POWER_USED,
+ LM_REQ_TX_POWER_MAX,
+ __LM_REQ_MAX,
+};
+
+static const struct blobmsg_policy lm_req_policy[__LM_REQ_MAX] = {
+ [LM_REQ_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
+ [LM_REQ_TX_POWER_USED] = { "tx-power-used", BLOBMSG_TYPE_INT32 },
+ [LM_REQ_TX_POWER_MAX] = { "tx-power-max", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+hostapd_rrm_lm_req(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *ureq, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct blob_attr *tb[__LM_REQ_MAX];
+ struct wpabuf *buf;
+ u8 addr[ETH_ALEN];
+ int ret;
+ int8_t txp_used, txp_max;
+
+ txp_used = 0;
+ txp_max = 0;
+
+ blobmsg_parse(lm_req_policy, __LM_REQ_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[LM_REQ_ADDR])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (tb[LM_REQ_TX_POWER_USED])
+ txp_used = (int8_t) blobmsg_get_u32(tb[LM_REQ_TX_POWER_USED]);
+
+ if (tb[LM_REQ_TX_POWER_MAX])
+ txp_max = (int8_t) blobmsg_get_u32(tb[LM_REQ_TX_POWER_MAX]);
+
+ if (hwaddr_aton(blobmsg_data(tb[LM_REQ_ADDR]), addr))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ buf = wpabuf_alloc(5);
+ if (!buf)
+ return UBUS_STATUS_UNKNOWN_ERROR;
+
+ wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
+ wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REQUEST);
+ wpabuf_put_u8(buf, 1);
+ /* TX-Power used */
+ wpabuf_put_u8(buf, txp_used);
+ /* Max TX Power */
+ wpabuf_put_u8(buf, txp_max);
+
+ ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
+ wpabuf_head(buf), wpabuf_len(buf));
+
+ wpabuf_free(buf);
+ if (ret < 0)
+ return -ret;
+
+ return 0;
+}
+
+
+void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len)
+{
+ const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) data;
+ const u8 *pos, *end;
+ u8 token;
+
+ end = data + len;
+ token = mgmt->u.action.u.rrm.dialog_token;
+ pos = mgmt->u.action.u.rrm.variable;
+
+ if (end - pos < 8)
+ return;
+
+ if (!hapd->ubus.obj.has_subscribers)
+ return;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_macaddr(&b, "address", mgmt->sa);
+ blobmsg_add_u16(&b, "dialog-token", token);
+ blobmsg_add_u16(&b, "rx-antenna-id", pos[4]);
+ blobmsg_add_u16(&b, "tx-antenna-id", pos[5]);
+ blobmsg_add_u16(&b, "rcpi", pos[6]);
+ blobmsg_add_u16(&b, "rsni", pos[7]);
+
+ ubus_notify(ctx, &hapd->ubus.obj, "link-measurement-report", b.head, -1);
+}
+
+
+#ifdef CONFIG_WNM_AP
+
+static int
+hostapd_bss_tr_send(struct hostapd_data *hapd, u8 *addr, bool disassoc_imminent, bool abridged,
+ u16 disassoc_timer, u8 validity_period, u8 dialog_token,
+ struct blob_attr *neighbors)
+{
+ struct blob_attr *cur;
+ struct sta_info *sta;
+ int nr_len = 0;
+ int rem;
+ u8 *nr = NULL;
+ u8 req_mode = 0;
+
+ sta = ap_get_sta(hapd, addr);
+ if (!sta)
+ return UBUS_STATUS_NOT_FOUND;
+
+ if (neighbors) {
+ u8 *nr_cur;
+
+ if (blobmsg_check_array(neighbors,
+ BLOBMSG_TYPE_STRING) < 0)
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ blobmsg_for_each_attr(cur, neighbors, rem) {
+ int len = strlen(blobmsg_get_string(cur));
+
+ if (len % 2)
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ nr_len += (len / 2) + 2;
+ }
+
+ if (nr_len) {
+ nr = os_zalloc(nr_len);
+ if (!nr)
+ return UBUS_STATUS_UNKNOWN_ERROR;
+ }
+
+ nr_cur = nr;
+ blobmsg_for_each_attr(cur, neighbors, rem) {
+ int len = strlen(blobmsg_get_string(cur)) / 2;
+
+ *nr_cur++ = WLAN_EID_NEIGHBOR_REPORT;
+ *nr_cur++ = (u8) len;
+ if (hexstr2bin(blobmsg_data(cur), nr_cur, len)) {
+ free(nr);
+ return UBUS_STATUS_INVALID_ARGUMENT;
+ }
+
+ nr_cur += len;
+ }
+ }
+
+ if (nr)
+ req_mode |= WNM_BSS_TM_REQ_PREF_CAND_LIST_INCLUDED;
+
+ if (abridged)
+ req_mode |= WNM_BSS_TM_REQ_ABRIDGED;
+
+ if (disassoc_imminent)
+ req_mode |= WNM_BSS_TM_REQ_DISASSOC_IMMINENT;
+
+ if (wnm_send_bss_tm_req(hapd, sta, req_mode, disassoc_timer, validity_period, NULL,
+ dialog_token, NULL, nr, nr_len, NULL, 0))
+ return UBUS_STATUS_UNKNOWN_ERROR;
+
+ return 0;
+}
+
+enum {
+ BSS_TR_ADDR,
+ BSS_TR_DA_IMMINENT,
+ BSS_TR_DA_TIMER,
+ BSS_TR_VALID_PERIOD,
+ BSS_TR_NEIGHBORS,
+ BSS_TR_ABRIDGED,
+ BSS_TR_DIALOG_TOKEN,
+ __BSS_TR_DISASSOC_MAX
+};
+
+static const struct blobmsg_policy bss_tr_policy[__BSS_TR_DISASSOC_MAX] = {
+ [BSS_TR_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
+ [BSS_TR_DA_IMMINENT] = { "disassociation_imminent", BLOBMSG_TYPE_BOOL },
+ [BSS_TR_DA_TIMER] = { "disassociation_timer", BLOBMSG_TYPE_INT32 },
+ [BSS_TR_VALID_PERIOD] = { "validity_period", BLOBMSG_TYPE_INT32 },
+ [BSS_TR_NEIGHBORS] = { "neighbors", BLOBMSG_TYPE_ARRAY },
+ [BSS_TR_ABRIDGED] = { "abridged", BLOBMSG_TYPE_BOOL },
+ [BSS_TR_DIALOG_TOKEN] = { "dialog_token", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+hostapd_bss_transition_request(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *ureq, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct blob_attr *tb[__BSS_TR_DISASSOC_MAX];
+ struct sta_info *sta;
+ u32 da_timer = 0;
+ u32 valid_period = 0;
+ u8 addr[ETH_ALEN];
+ u32 dialog_token = 1;
+ bool abridged;
+ bool da_imminent;
+
+ blobmsg_parse(bss_tr_policy, __BSS_TR_DISASSOC_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[BSS_TR_ADDR])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (hwaddr_aton(blobmsg_data(tb[BSS_TR_ADDR]), addr))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (tb[BSS_TR_DA_TIMER])
+ da_timer = blobmsg_get_u32(tb[BSS_TR_DA_TIMER]);
+
+ if (tb[BSS_TR_VALID_PERIOD])
+ valid_period = blobmsg_get_u32(tb[BSS_TR_VALID_PERIOD]);
+
+ if (tb[BSS_TR_DIALOG_TOKEN])
+ dialog_token = blobmsg_get_u32(tb[BSS_TR_DIALOG_TOKEN]);
+
+ da_imminent = !!(tb[BSS_TR_DA_IMMINENT] && blobmsg_get_bool(tb[BSS_TR_DA_IMMINENT]));
+ abridged = !!(tb[BSS_TR_ABRIDGED] && blobmsg_get_bool(tb[BSS_TR_ABRIDGED]));
+
+ return hostapd_bss_tr_send(hapd, addr, da_imminent, abridged, da_timer, valid_period,
+ dialog_token, tb[BSS_TR_NEIGHBORS]);
+}
+
+enum {
+ WNM_DISASSOC_ADDR,
+ WNM_DISASSOC_DURATION,
+ WNM_DISASSOC_NEIGHBORS,
+ WNM_DISASSOC_ABRIDGED,
+ __WNM_DISASSOC_MAX,
+};
+
+static const struct blobmsg_policy wnm_disassoc_policy[__WNM_DISASSOC_MAX] = {
+ [WNM_DISASSOC_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
+ [WNM_DISASSOC_DURATION] { "duration", BLOBMSG_TYPE_INT32 },
+ [WNM_DISASSOC_NEIGHBORS] { "neighbors", BLOBMSG_TYPE_ARRAY },
+ [WNM_DISASSOC_ABRIDGED] { "abridged", BLOBMSG_TYPE_BOOL },
+};
+
+static int
+hostapd_wnm_disassoc_imminent(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *ureq, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct blob_attr *tb[__WNM_DISASSOC_MAX];
+ struct sta_info *sta;
+ int duration = 10;
+ u8 addr[ETH_ALEN];
+ bool abridged;
+
+ blobmsg_parse(wnm_disassoc_policy, __WNM_DISASSOC_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[WNM_DISASSOC_ADDR])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (hwaddr_aton(blobmsg_data(tb[WNM_DISASSOC_ADDR]), addr))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (tb[WNM_DISASSOC_DURATION])
+ duration = blobmsg_get_u32(tb[WNM_DISASSOC_DURATION]);
+
+ abridged = !!(tb[WNM_DISASSOC_ABRIDGED] && blobmsg_get_bool(tb[WNM_DISASSOC_ABRIDGED]));
+
+ return hostapd_bss_tr_send(hapd, addr, true, abridged, duration, duration,
+ 1, tb[WNM_DISASSOC_NEIGHBORS]);
+}
+#endif
+
+#ifdef CONFIG_AIRTIME_POLICY
+enum {
+ UPDATE_AIRTIME_STA,
+ UPDATE_AIRTIME_WEIGHT,
+ __UPDATE_AIRTIME_MAX,
+};
+
+
+static const struct blobmsg_policy airtime_policy[__UPDATE_AIRTIME_MAX] = {
+ [UPDATE_AIRTIME_STA] = { "sta", BLOBMSG_TYPE_STRING },
+ [UPDATE_AIRTIME_WEIGHT] = { "weight", BLOBMSG_TYPE_INT32 },
+};
+
+static int
+hostapd_bss_update_airtime(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *ureq, const char *method,
+ struct blob_attr *msg)
+{
+ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+ struct blob_attr *tb[__UPDATE_AIRTIME_MAX];
+ struct sta_info *sta = NULL;
+ u8 addr[ETH_ALEN];
+ int weight;
+
+ blobmsg_parse(airtime_policy, __UPDATE_AIRTIME_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[UPDATE_AIRTIME_WEIGHT])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ weight = blobmsg_get_u32(tb[UPDATE_AIRTIME_WEIGHT]);
+
+ if (!tb[UPDATE_AIRTIME_STA]) {
+ if (!weight)
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ hapd->conf->airtime_weight = weight;
+ return 0;
+ }
+
+ if (hwaddr_aton(blobmsg_data(tb[UPDATE_AIRTIME_STA]), addr))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ sta = ap_get_sta(hapd, addr);
+ if (!sta)
+ return UBUS_STATUS_NOT_FOUND;
+
+ sta->dyn_airtime_weight = weight;
+ airtime_policy_new_sta(hapd, sta);
+
+ return 0;
+}
+#endif
+
+
+static const struct ubus_method bss_methods[] = {
+ UBUS_METHOD_NOARG("reload", hostapd_bss_reload),
+ UBUS_METHOD_NOARG("get_clients", hostapd_bss_get_clients),
+ UBUS_METHOD_NOARG("get_status", hostapd_bss_get_status),
+ UBUS_METHOD("del_client", hostapd_bss_del_client, del_policy),
+#ifdef CONFIG_AIRTIME_POLICY
+ UBUS_METHOD("update_airtime", hostapd_bss_update_airtime, airtime_policy),
+#endif
+ UBUS_METHOD_NOARG("list_bans", hostapd_bss_list_bans),
+#ifdef CONFIG_WPS
+ UBUS_METHOD_NOARG("wps_start", hostapd_bss_wps_start),
+ UBUS_METHOD_NOARG("wps_status", hostapd_bss_wps_status),
+ UBUS_METHOD_NOARG("wps_cancel", hostapd_bss_wps_cancel),
+#endif
+ UBUS_METHOD_NOARG("update_beacon", hostapd_bss_update_beacon),
+ UBUS_METHOD_NOARG("get_features", hostapd_bss_get_features),
+#ifdef NEED_AP_MLME
+ UBUS_METHOD("switch_chan", hostapd_switch_chan, csa_policy),
+#endif
+ UBUS_METHOD("set_vendor_elements", hostapd_vendor_elements, ve_policy),
+ UBUS_METHOD("notify_response", hostapd_notify_response, notify_policy),
+ UBUS_METHOD("bss_mgmt_enable", hostapd_bss_mgmt_enable, bss_mgmt_enable_policy),
+ UBUS_METHOD_NOARG("rrm_nr_get_own", hostapd_rrm_nr_get_own),
+ UBUS_METHOD_NOARG("rrm_nr_list", hostapd_rrm_nr_list),
+ UBUS_METHOD("rrm_nr_set", hostapd_rrm_nr_set, nr_set_policy),
+ UBUS_METHOD("rrm_beacon_req", hostapd_rrm_beacon_req, beacon_req_policy),
+ UBUS_METHOD("link_measurement_req", hostapd_rrm_lm_req, lm_req_policy),
+#ifdef CONFIG_WNM_AP
+ UBUS_METHOD("wnm_disassoc_imminent", hostapd_wnm_disassoc_imminent, wnm_disassoc_policy),
+ UBUS_METHOD("bss_transition_request", hostapd_bss_transition_request, bss_tr_policy),
+#endif
+};
+
+static struct ubus_object_type bss_object_type =
+ UBUS_OBJECT_TYPE("hostapd_bss", bss_methods);
+
+static int avl_compare_macaddr(const void *k1, const void *k2, void *ptr)
+{
+ return memcmp(k1, k2, ETH_ALEN);
+}
+
+void hostapd_ubus_add_bss(struct hostapd_data *hapd)
+{
+ struct ubus_object *obj = &hapd->ubus.obj;
+ char *name;
+ int ret;
+
+#ifdef CONFIG_MESH
+ if (hapd->conf->mesh & MESH_ENABLED)
+ return;
+#endif
+
+ if (!hostapd_ubus_init())
+ return;
+
+ if (asprintf(&name, "hostapd.%s", hapd->conf->iface) < 0)
+ return;
+
+ avl_init(&hapd->ubus.banned, avl_compare_macaddr, false, NULL);
+ obj->name = name;
+ obj->type = &bss_object_type;
+ obj->methods = bss_object_type.methods;
+ obj->n_methods = bss_object_type.n_methods;
+ ret = ubus_add_object(ctx, obj);
+ hostapd_ubus_ref_inc();
+
+ hostapd_send_shared_event(&hapd->iface->interfaces->ubus, hapd->conf->iface, "add");
+}
+
+void hostapd_ubus_free_bss(struct hostapd_data *hapd)
+{
+ struct ubus_object *obj = &hapd->ubus.obj;
+ char *name = (char *) obj->name;
+
+#ifdef CONFIG_MESH
+ if (hapd->conf->mesh & MESH_ENABLED)
+ return;
+#endif
+
+ if (!ctx)
+ return;
+
+ hostapd_send_shared_event(&hapd->iface->interfaces->ubus, hapd->conf->iface, "remove");
+
+ if (obj->id) {
+ ubus_remove_object(ctx, obj);
+ hostapd_ubus_ref_dec();
+ }
+
+ free(name);
+}
+
+static void
+hostapd_ubus_vlan_action(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
+ const char *action)
+{
+ struct vlan_description *desc = &vlan->vlan_desc;
+ void *c;
+ int i;
+
+ if (!hapd->ubus.obj.has_subscribers)
+ return;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_string(&b, "ifname", vlan->ifname);
+ blobmsg_add_string(&b, "bridge", vlan->bridge);
+ blobmsg_add_u32(&b, "vlan_id", vlan->vlan_id);
+
+ if (desc->notempty) {
+ blobmsg_add_u32(&b, "untagged", desc->untagged);
+ c = blobmsg_open_array(&b, "tagged");
+ for (i = 0; i < ARRAY_SIZE(desc->tagged) && desc->tagged[i]; i++)
+ blobmsg_add_u32(&b, "", desc->tagged[i]);
+ blobmsg_close_array(&b, c);
+ }
+
+ ubus_notify(ctx, &hapd->ubus.obj, action, b.head, -1);
+}
+
+void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
+{
+ hostapd_ubus_vlan_action(hapd, vlan, "vlan_add");
+}
+
+void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
+{
+ hostapd_ubus_vlan_action(hapd, vlan, "vlan_remove");
+}
+
+static const struct ubus_method daemon_methods[] = {
+ UBUS_METHOD("config_add", hostapd_config_add, config_add_policy),
+ UBUS_METHOD("config_remove", hostapd_config_remove, config_remove_policy),
+};
+
+static struct ubus_object_type daemon_object_type =
+ UBUS_OBJECT_TYPE("hostapd", daemon_methods);
+
+void hostapd_ubus_add(struct hapd_interfaces *interfaces)
+{
+ struct ubus_object *obj = &interfaces->ubus;
+ int ret;
+
+ if (!hostapd_ubus_init())
+ return;
+
+ obj->name = strdup("hostapd");
+
+ obj->type = &daemon_object_type;
+ obj->methods = daemon_object_type.methods;
+ obj->n_methods = daemon_object_type.n_methods;
+ ret = ubus_add_object(ctx, obj);
+ hostapd_ubus_ref_inc();
+}
+
+void hostapd_ubus_free(struct hapd_interfaces *interfaces)
+{
+ struct ubus_object *obj = &interfaces->ubus;
+ char *name = (char *) obj->name;
+
+ if (!ctx)
+ return;
+
+ if (obj->id) {
+ ubus_remove_object(ctx, obj);
+ hostapd_ubus_ref_dec();
+ }
+
+ free(name);
+}
+
+struct ubus_event_req {
+ struct ubus_notify_request nreq;
+ int resp;
+};
+
+static void
+ubus_event_cb(struct ubus_notify_request *req, int idx, int ret)
+{
+ struct ubus_event_req *ureq = container_of(req, struct ubus_event_req, nreq);
+
+ ureq->resp = ret;
+}
+
+int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req)
+{
+ struct ubus_banned_client *ban;
+ const char *types[HOSTAPD_UBUS_TYPE_MAX] = {
+ [HOSTAPD_UBUS_PROBE_REQ] = "probe",
+ [HOSTAPD_UBUS_AUTH_REQ] = "auth",
+ [HOSTAPD_UBUS_ASSOC_REQ] = "assoc",
+ };
+ const char *type = "mgmt";
+ struct ubus_event_req ureq = {};
+ const u8 *addr;
+
+ if (req->mgmt_frame)
+ addr = req->mgmt_frame->sa;
+ else
+ addr = req->addr;
+
+ ban = avl_find_element(&hapd->ubus.banned, addr, ban, avl);
+ if (ban)
+ return WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
+
+ if (!hapd->ubus.obj.has_subscribers)
+ return WLAN_STATUS_SUCCESS;
+
+ if (req->type < ARRAY_SIZE(types))
+ type = types[req->type];
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_macaddr(&b, "address", addr);
+ if (req->mgmt_frame)
+ blobmsg_add_macaddr(&b, "target", req->mgmt_frame->da);
+ if (req->ssi_signal)
+ blobmsg_add_u32(&b, "signal", req->ssi_signal);
+ blobmsg_add_u32(&b, "freq", hapd->iface->freq);
+
+ if (req->elems) {
+ if(req->elems->ht_capabilities)
+ {
+ struct ieee80211_ht_capabilities *ht_capabilities;
+ void *ht_cap, *ht_cap_mcs_set, *mcs_set;
+
+
+ ht_capabilities = (struct ieee80211_ht_capabilities*) req->elems->ht_capabilities;
+ ht_cap = blobmsg_open_table(&b, "ht_capabilities");
+ blobmsg_add_u16(&b, "ht_capabilities_info", ht_capabilities->ht_capabilities_info);
+ ht_cap_mcs_set = blobmsg_open_table(&b, "supported_mcs_set");
+ blobmsg_add_u16(&b, "a_mpdu_params", ht_capabilities->a_mpdu_params);
+ blobmsg_add_u16(&b, "ht_extended_capabilities", ht_capabilities->ht_extended_capabilities);
+ blobmsg_add_u32(&b, "tx_bf_capability_info", ht_capabilities->tx_bf_capability_info);
+ blobmsg_add_u16(&b, "asel_capabilities", ht_capabilities->asel_capabilities);
+ mcs_set = blobmsg_open_array(&b, "supported_mcs_set");
+ for (int i = 0; i < 16; i++) {
+ blobmsg_add_u16(&b, NULL, (u16) ht_capabilities->supported_mcs_set[i]);
+ }
+ blobmsg_close_array(&b, mcs_set);
+ blobmsg_close_table(&b, ht_cap_mcs_set);
+ blobmsg_close_table(&b, ht_cap);
+ }
+ if(req->elems->vht_capabilities)
+ {
+ struct ieee80211_vht_capabilities *vht_capabilities;
+ void *vht_cap, *vht_cap_mcs_set;
+
+ vht_capabilities = (struct ieee80211_vht_capabilities*) req->elems->vht_capabilities;
+ vht_cap = blobmsg_open_table(&b, "vht_capabilities");
+ blobmsg_add_u32(&b, "vht_capabilities_info", vht_capabilities->vht_capabilities_info);
+ vht_cap_mcs_set = blobmsg_open_table(&b, "vht_supported_mcs_set");
+ blobmsg_add_u16(&b, "rx_map", vht_capabilities->vht_supported_mcs_set.rx_map);
+ blobmsg_add_u16(&b, "rx_highest", vht_capabilities->vht_supported_mcs_set.rx_highest);
+ blobmsg_add_u16(&b, "tx_map", vht_capabilities->vht_supported_mcs_set.tx_map);
+ blobmsg_add_u16(&b, "tx_highest", vht_capabilities->vht_supported_mcs_set.tx_highest);
+ blobmsg_close_table(&b, vht_cap_mcs_set);
+ blobmsg_close_table(&b, vht_cap);
+ }
+ }
+
+ if (!hapd->ubus.notify_response) {
+ ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
+ return WLAN_STATUS_SUCCESS;
+ }
+
+ if (ubus_notify_async(ctx, &hapd->ubus.obj, type, b.head, &ureq.nreq))
+ return WLAN_STATUS_SUCCESS;
+
+ ureq.nreq.status_cb = ubus_event_cb;
+ ubus_complete_request(ctx, &ureq.nreq.req, 100);
+
+ if (ureq.resp)
+ return ureq.resp;
+
+ return WLAN_STATUS_SUCCESS;
+}
+
+void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *addr)
+{
+ if (!hapd->ubus.obj.has_subscribers)
+ return;
+
+ if (!addr)
+ return;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_macaddr(&b, "address", addr);
+
+ ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
+}
+
+void hostapd_ubus_notify_beacon_report(
+ struct hostapd_data *hapd, const u8 *addr, u8 token, u8 rep_mode,
+ struct rrm_measurement_beacon_report *rep, size_t len)
+{
+ if (!hapd->ubus.obj.has_subscribers)
+ return;
+
+ if (!addr || !rep)
+ return;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_macaddr(&b, "address", addr);
+ blobmsg_add_u16(&b, "op-class", rep->op_class);
+ blobmsg_add_u16(&b, "channel", rep->channel);
+ blobmsg_add_u64(&b, "start-time", rep->start_time);
+ blobmsg_add_u16(&b, "duration", rep->duration);
+ blobmsg_add_u16(&b, "report-info", rep->report_info);
+ blobmsg_add_u16(&b, "rcpi", rep->rcpi);
+ blobmsg_add_u16(&b, "rsni", rep->rsni);
+ blobmsg_add_macaddr(&b, "bssid", rep->bssid);
+ blobmsg_add_u16(&b, "antenna-id", rep->antenna_id);
+ blobmsg_add_u16(&b, "parent-tsf", rep->parent_tsf);
+
+ ubus_notify(ctx, &hapd->ubus.obj, "beacon-report", b.head, -1);
+}
+
+void hostapd_ubus_notify_radar_detected(struct hostapd_iface *iface, int frequency,
+ int chan_width, int cf1, int cf2)
+{
+ struct hostapd_data *hapd;
+ int i;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_u16(&b, "frequency", frequency);
+ blobmsg_add_u16(&b, "width", chan_width);
+ blobmsg_add_u16(&b, "center1", cf1);
+ blobmsg_add_u16(&b, "center2", cf2);
+
+ for (i = 0; i < iface->num_bss; i++) {
+ hapd = iface->bss[i];
+ ubus_notify(ctx, &hapd->ubus.obj, "radar-detected", b.head, -1);
+ }
+}
+
+#ifdef CONFIG_WNM_AP
+static void hostapd_ubus_notify_bss_transition_add_candidate_list(
+ const u8 *candidate_list, u16 candidate_list_len)
+{
+ char *cl_str;
+ int i;
+
+ if (candidate_list_len == 0)
+ return;
+
+ cl_str = blobmsg_alloc_string_buffer(&b, "candidate-list", candidate_list_len * 2 + 1);
+ for (i = 0; i < candidate_list_len; i++)
+ snprintf(&cl_str[i*2], 3, "%02X", candidate_list[i]);
+ blobmsg_add_string_buffer(&b);
+
+}
+#endif
+
+void hostapd_ubus_notify_bss_transition_response(
+ struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 status_code,
+ u8 bss_termination_delay, const u8 *target_bssid,
+ const u8 *candidate_list, u16 candidate_list_len)
+{
+#ifdef CONFIG_WNM_AP
+ u16 i;
+
+ if (!hapd->ubus.obj.has_subscribers)
+ return;
+
+ if (!addr)
+ return;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_macaddr(&b, "address", addr);
+ blobmsg_add_u8(&b, "dialog-token", dialog_token);
+ blobmsg_add_u8(&b, "status-code", status_code);
+ blobmsg_add_u8(&b, "bss-termination-delay", bss_termination_delay);
+ if (target_bssid)
+ blobmsg_add_macaddr(&b, "target-bssid", target_bssid);
+
+ hostapd_ubus_notify_bss_transition_add_candidate_list(candidate_list, candidate_list_len);
+
+ ubus_notify(ctx, &hapd->ubus.obj, "bss-transition-response", b.head, -1);
+#endif
+}
+
+int hostapd_ubus_notify_bss_transition_query(
+ struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
+ const u8 *candidate_list, u16 candidate_list_len)
+{
+#ifdef CONFIG_WNM_AP
+ struct ubus_event_req ureq = {};
+ char *cl_str;
+ u16 i;
+
+ if (!hapd->ubus.obj.has_subscribers)
+ return 0;
+
+ if (!addr)
+ return 0;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_macaddr(&b, "address", addr);
+ blobmsg_add_u8(&b, "dialog-token", dialog_token);
+ blobmsg_add_u8(&b, "reason", reason);
+ hostapd_ubus_notify_bss_transition_add_candidate_list(candidate_list, candidate_list_len);
+
+ if (!hapd->ubus.notify_response) {
+ ubus_notify(ctx, &hapd->ubus.obj, "bss-transition-query", b.head, -1);
+ return 0;
+ }
+
+ if (ubus_notify_async(ctx, &hapd->ubus.obj, "bss-transition-query", b.head, &ureq.nreq))
+ return 0;
+
+ ureq.nreq.status_cb = ubus_event_cb;
+ ubus_complete_request(ctx, &ureq.nreq.req, 100);
+
+ return ureq.resp;
+#endif
+}
diff --git a/recipes-connectivity/wpa-supplicant/files/src/src/ap/ubus.h b/recipes-connectivity/wpa-supplicant/files/src/src/ap/ubus.h
new file mode 100644
index 0000000..5a33b62
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/src/src/ap/ubus.h
@@ -0,0 +1,145 @@
+/*
+ * hostapd / ubus support
+ * Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+#ifndef __HOSTAPD_UBUS_H
+#define __HOSTAPD_UBUS_H
+
+enum hostapd_ubus_event_type {
+ HOSTAPD_UBUS_PROBE_REQ,
+ HOSTAPD_UBUS_AUTH_REQ,
+ HOSTAPD_UBUS_ASSOC_REQ,
+ HOSTAPD_UBUS_TYPE_MAX
+};
+
+struct hostapd_ubus_request {
+ enum hostapd_ubus_event_type type;
+ const struct ieee80211_mgmt *mgmt_frame;
+ const struct ieee802_11_elems *elems;
+ int ssi_signal; /* dBm */
+ const u8 *addr;
+};
+
+struct hostapd_iface;
+struct hostapd_data;
+struct hapd_interfaces;
+struct rrm_measurement_beacon_report;
+
+#ifdef UBUS_SUPPORT
+
+#include <libubox/avl.h>
+#include <libubus.h>
+
+struct hostapd_ubus_bss {
+ struct ubus_object obj;
+ struct avl_tree banned;
+ int notify_response;
+};
+
+void hostapd_ubus_add_iface(struct hostapd_iface *iface);
+void hostapd_ubus_free_iface(struct hostapd_iface *iface);
+void hostapd_ubus_add_bss(struct hostapd_data *hapd);
+void hostapd_ubus_free_bss(struct hostapd_data *hapd);
+void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);
+void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);
+
+int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
+void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len);
+void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
+void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
+ const u8 *addr, u8 token, u8 rep_mode,
+ struct rrm_measurement_beacon_report *rep,
+ size_t len);
+void hostapd_ubus_notify_radar_detected(struct hostapd_iface *iface, int frequency,
+ int chan_width, int cf1, int cf2);
+
+void hostapd_ubus_notify_bss_transition_response(
+ struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 status_code,
+ u8 bss_termination_delay, const u8 *target_bssid,
+ const u8 *candidate_list, u16 candidate_list_len);
+void hostapd_ubus_add(struct hapd_interfaces *interfaces);
+void hostapd_ubus_free(struct hapd_interfaces *interfaces);
+int hostapd_ubus_notify_bss_transition_query(
+ struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
+ const u8 *candidate_list, u16 candidate_list_len);
+
+#else
+
+struct hostapd_ubus_bss {};
+
+static inline void hostapd_ubus_add_iface(struct hostapd_iface *iface)
+{
+}
+
+static inline void hostapd_ubus_free_iface(struct hostapd_iface *iface)
+{
+}
+
+static inline void hostapd_ubus_add_bss(struct hostapd_data *hapd)
+{
+}
+
+static inline void hostapd_ubus_free_bss(struct hostapd_data *hapd)
+{
+}
+
+static inline void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
+{
+}
+
+static inline void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
+{
+}
+
+static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req)
+{
+ return 0;
+}
+
+static inline void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len)
+{
+}
+
+static inline void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac)
+{
+}
+
+static inline void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
+ const u8 *addr, u8 token,
+ u8 rep_mode,
+ struct rrm_measurement_beacon_report *rep,
+ size_t len)
+{
+}
+static inline void hostapd_ubus_notify_radar_detected(struct hostapd_iface *iface, int frequency,
+ int chan_width, int cf1, int cf2)
+{
+}
+
+static inline void hostapd_ubus_notify_bss_transition_response(
+ struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 status_code,
+ u8 bss_termination_delay, const u8 *target_bssid,
+ const u8 *candidate_list, u16 candidate_list_len)
+{
+}
+
+static inline void hostapd_ubus_add(struct hapd_interfaces *interfaces)
+{
+}
+
+static inline void hostapd_ubus_free(struct hapd_interfaces *interfaces)
+{
+}
+
+static inline int hostapd_ubus_notify_bss_transition_query(
+ struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
+ const u8 *candidate_list, u16 candidate_list_len)
+{
+ return 0;
+}
+#endif
+
+#endif
diff --git a/recipes-connectivity/wpa-supplicant/files/src/src/utils/build_features.h b/recipes-connectivity/wpa-supplicant/files/src/src/utils/build_features.h
new file mode 100644
index 0000000..cb7cb72
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/src/src/utils/build_features.h
@@ -0,0 +1,61 @@
+#ifndef BUILD_FEATURES_H
+#define BUILD_FEATURES_H
+
+static inline int has_feature(const char *feat)
+{
+#if defined(IEEE8021X_EAPOL) || (defined(HOSTAPD) && !defined(CONFIG_NO_RADIUS))
+ if (!strcmp(feat, "eap"))
+ return 1;
+#endif
+#ifdef CONFIG_IEEE80211N
+ if (!strcmp(feat, "11n"))
+ return 1;
+#endif
+#ifdef CONFIG_IEEE80211AC
+ if (!strcmp(feat, "11ac"))
+ return 1;
+#endif
+#ifdef CONFIG_IEEE80211AX
+ if (!strcmp(feat, "11ax"))
+ return 1;
+#endif
+#ifdef CONFIG_IEEE80211R
+ if (!strcmp(feat, "11r"))
+ return 1;
+#endif
+#ifdef CONFIG_ACS
+ if (!strcmp(feat, "acs"))
+ return 1;
+#endif
+#ifdef CONFIG_SAE
+ if (!strcmp(feat, "sae"))
+ return 1;
+#endif
+#ifdef CONFIG_OWE
+ if (!strcmp(feat, "owe"))
+ return 1;
+#endif
+#ifdef CONFIG_SUITEB192
+ if (!strcmp(feat, "suiteb192"))
+ return 1;
+#endif
+#ifdef CONFIG_WEP
+ if (!strcmp(feat, "wep"))
+ return 1;
+#endif
+#ifdef CONFIG_HS20
+ if (!strcmp(feat, "hs20"))
+ return 1;
+#endif
+#ifdef CONFIG_WPS
+ if (!strcmp(feat, "wps"))
+ return 1;
+#endif
+#ifdef CONFIG_FILS
+ if (!strcmp(feat, "fils"))
+ return 1;
+#endif
+ return 0;
+}
+
+#endif /* BUILD_FEATURES_H */
diff --git a/recipes-connectivity/wpa-supplicant/files/src/wpa_supplicant/ubus.c b/recipes-connectivity/wpa-supplicant/files/src/wpa_supplicant/ubus.c
new file mode 100644
index 0000000..16a68c5
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/src/wpa_supplicant/ubus.c
@@ -0,0 +1,430 @@
+/*
+ * wpa_supplicant / ubus support
+ * Copyright (c) 2018, Daniel Golle <daniel@makrotopia.org>
+ * Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "utils/wpabuf.h"
+#include "common/ieee802_11_defs.h"
+#include "wpa_supplicant_i.h"
+#include "wps_supplicant.h"
+#include "ubus.h"
+
+static struct ubus_context *ctx;
+static struct blob_buf b;
+static int ctx_ref;
+
+static inline struct wpa_global *get_wpa_global_from_object(struct ubus_object *obj)
+{
+ return container_of(obj, struct wpa_global, ubus_global);
+}
+
+static inline struct wpa_supplicant *get_wpas_from_object(struct ubus_object *obj)
+{
+ return container_of(obj, struct wpa_supplicant, ubus.obj);
+}
+
+static void ubus_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct ubus_context *ctx = eloop_ctx;
+ ubus_handle_event(ctx);
+}
+
+static void ubus_reconnect_timeout(void *eloop_data, void *user_ctx)
+{
+ if (ubus_reconnect(ctx, NULL)) {
+ eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL);
+ return;
+ }
+
+ eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL);
+}
+
+static void wpas_ubus_connection_lost(struct ubus_context *ctx)
+{
+ eloop_unregister_read_sock(ctx->sock.fd);
+ eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL);
+}
+
+static bool wpas_ubus_init(void)
+{
+ if (ctx)
+ return true;
+
+ ctx = ubus_connect(NULL);
+ if (!ctx)
+ return false;
+
+ ctx->connection_lost = wpas_ubus_connection_lost;
+ eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL);
+ return true;
+}
+
+static void wpas_ubus_ref_inc(void)
+{
+ ctx_ref++;
+}
+
+static void wpas_ubus_ref_dec(void)
+{
+ ctx_ref--;
+ if (!ctx)
+ return;
+
+ if (ctx_ref)
+ return;
+
+ eloop_unregister_read_sock(ctx->sock.fd);
+ ubus_free(ctx);
+ ctx = NULL;
+}
+
+static int
+wpas_bss_get_features(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_u8(&b, "ht_supported", ht_supported(wpa_s->hw.modes));
+ blobmsg_add_u8(&b, "vht_supported", vht_supported(wpa_s->hw.modes));
+ ubus_send_reply(ctx, req, b.head);
+
+ return 0;
+}
+
+static int
+wpas_bss_reload(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
+
+ if (wpa_supplicant_reload_configuration(wpa_s))
+ return UBUS_STATUS_UNKNOWN_ERROR;
+ else
+ return 0;
+}
+
+#ifdef CONFIG_WPS
+enum {
+ WPS_START_MULTI_AP,
+ __WPS_START_MAX
+};
+
+static const struct blobmsg_policy wps_start_policy[] = {
+ [WPS_START_MULTI_AP] = { "multi_ap", BLOBMSG_TYPE_BOOL },
+};
+
+static int
+wpas_bss_wps_start(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ int rc;
+ struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
+ struct blob_attr *tb[__WPS_START_MAX], *cur;
+ int multi_ap = 0;
+
+ blobmsg_parse(wps_start_policy, __WPS_START_MAX, tb, blobmsg_data(msg), blobmsg_data_len(msg));
+
+ if (tb[WPS_START_MULTI_AP])
+ multi_ap = blobmsg_get_bool(tb[WPS_START_MULTI_AP]);
+
+ rc = wpas_wps_start_pbc(wpa_s, NULL, 0, multi_ap);
+
+ if (rc != 0)
+ return UBUS_STATUS_NOT_SUPPORTED;
+
+ return 0;
+}
+
+static int
+wpas_bss_wps_cancel(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ int rc;
+ struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
+
+ rc = wpas_wps_cancel(wpa_s);
+
+ if (rc != 0)
+ return UBUS_STATUS_NOT_SUPPORTED;
+
+ return 0;
+}
+#endif
+
+static const struct ubus_method bss_methods[] = {
+ UBUS_METHOD_NOARG("reload", wpas_bss_reload),
+ UBUS_METHOD_NOARG("get_features", wpas_bss_get_features),
+#ifdef CONFIG_WPS
+ UBUS_METHOD_NOARG("wps_start", wpas_bss_wps_start),
+ UBUS_METHOD_NOARG("wps_cancel", wpas_bss_wps_cancel),
+#endif
+};
+
+static struct ubus_object_type bss_object_type =
+ UBUS_OBJECT_TYPE("wpas_bss", bss_methods);
+
+void wpas_ubus_add_bss(struct wpa_supplicant *wpa_s)
+{
+ struct ubus_object *obj = &wpa_s->ubus.obj;
+ char *name;
+ int ret;
+
+ if (!wpas_ubus_init())
+ return;
+
+ if (asprintf(&name, "wpa_supplicant.%s", wpa_s->ifname) < 0)
+ return;
+
+ obj->name = name;
+ obj->type = &bss_object_type;
+ obj->methods = bss_object_type.methods;
+ obj->n_methods = bss_object_type.n_methods;
+ ret = ubus_add_object(ctx, obj);
+ wpas_ubus_ref_inc();
+}
+
+void wpas_ubus_free_bss(struct wpa_supplicant *wpa_s)
+{
+ struct ubus_object *obj = &wpa_s->ubus.obj;
+ char *name = (char *) obj->name;
+
+ if (!ctx)
+ return;
+
+ if (obj->id) {
+ ubus_remove_object(ctx, obj);
+ wpas_ubus_ref_dec();
+ }
+
+ free(name);
+}
+
+enum {
+ WPAS_CONFIG_DRIVER,
+ WPAS_CONFIG_IFACE,
+ WPAS_CONFIG_BRIDGE,
+ WPAS_CONFIG_HOSTAPD_CTRL,
+ WPAS_CONFIG_CTRL,
+ WPAS_CONFIG_FILE,
+ __WPAS_CONFIG_MAX
+};
+
+static const struct blobmsg_policy wpas_config_add_policy[__WPAS_CONFIG_MAX] = {
+ [WPAS_CONFIG_DRIVER] = { "driver", BLOBMSG_TYPE_STRING },
+ [WPAS_CONFIG_IFACE] = { "iface", BLOBMSG_TYPE_STRING },
+ [WPAS_CONFIG_BRIDGE] = { "bridge", BLOBMSG_TYPE_STRING },
+ [WPAS_CONFIG_HOSTAPD_CTRL] = { "hostapd_ctrl", BLOBMSG_TYPE_STRING },
+ [WPAS_CONFIG_CTRL] = { "ctrl", BLOBMSG_TYPE_STRING },
+ [WPAS_CONFIG_FILE] = { "config", BLOBMSG_TYPE_STRING },
+};
+
+static int
+wpas_config_add(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__WPAS_CONFIG_MAX];
+ struct wpa_global *global = get_wpa_global_from_object(obj);
+ struct wpa_interface *iface;
+
+ blobmsg_parse(wpas_config_add_policy, __WPAS_CONFIG_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[WPAS_CONFIG_FILE] || !tb[WPAS_CONFIG_IFACE] || !tb[WPAS_CONFIG_DRIVER])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ iface = os_zalloc(sizeof(struct wpa_interface));
+ if (iface == NULL)
+ return UBUS_STATUS_UNKNOWN_ERROR;
+
+ iface->driver = blobmsg_get_string(tb[WPAS_CONFIG_DRIVER]);
+ iface->ifname = blobmsg_get_string(tb[WPAS_CONFIG_IFACE]);
+ iface->confname = blobmsg_get_string(tb[WPAS_CONFIG_FILE]);
+
+ if (tb[WPAS_CONFIG_BRIDGE])
+ iface->bridge_ifname = blobmsg_get_string(tb[WPAS_CONFIG_BRIDGE]);
+
+ if (tb[WPAS_CONFIG_CTRL])
+ iface->ctrl_interface = blobmsg_get_string(tb[WPAS_CONFIG_CTRL]);
+
+ if (tb[WPAS_CONFIG_HOSTAPD_CTRL])
+ iface->hostapd_ctrl = blobmsg_get_string(tb[WPAS_CONFIG_HOSTAPD_CTRL]);
+
+ if (!wpa_supplicant_add_iface(global, iface, NULL))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_u32(&b, "pid", getpid());
+ ubus_send_reply(ctx, req, b.head);
+
+ return UBUS_STATUS_OK;
+}
+
+enum {
+ WPAS_CONFIG_REM_IFACE,
+ __WPAS_CONFIG_REM_MAX
+};
+
+static const struct blobmsg_policy wpas_config_remove_policy[__WPAS_CONFIG_REM_MAX] = {
+ [WPAS_CONFIG_REM_IFACE] = { "iface", BLOBMSG_TYPE_STRING },
+};
+
+static int
+wpas_config_remove(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ struct blob_attr *tb[__WPAS_CONFIG_REM_MAX];
+ struct wpa_global *global = get_wpa_global_from_object(obj);
+ struct wpa_supplicant *wpa_s = NULL;
+ unsigned int found = 0;
+
+ blobmsg_parse(wpas_config_remove_policy, __WPAS_CONFIG_REM_MAX, tb, blob_data(msg), blob_len(msg));
+
+ if (!tb[WPAS_CONFIG_REM_IFACE])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ /* find wpa_s object for to-be-removed interface */
+ for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
+ if (!strncmp(wpa_s->ifname,
+ blobmsg_get_string(tb[WPAS_CONFIG_REM_IFACE]),
+ sizeof(wpa_s->ifname)))
+ {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found)
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (wpa_supplicant_remove_iface(global, wpa_s, 0))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ return UBUS_STATUS_OK;
+}
+
+static const struct ubus_method wpas_daemon_methods[] = {
+ UBUS_METHOD("config_add", wpas_config_add, wpas_config_add_policy),
+ UBUS_METHOD("config_remove", wpas_config_remove, wpas_config_remove_policy),
+};
+
+static struct ubus_object_type wpas_daemon_object_type =
+ UBUS_OBJECT_TYPE("wpa_supplicant", wpas_daemon_methods);
+
+void wpas_ubus_add(struct wpa_global *global)
+{
+ struct ubus_object *obj = &global->ubus_global;
+ int ret;
+
+ if (!wpas_ubus_init())
+ return;
+
+ obj->name = strdup("wpa_supplicant");
+
+ obj->type = &wpas_daemon_object_type;
+ obj->methods = wpas_daemon_object_type.methods;
+ obj->n_methods = wpas_daemon_object_type.n_methods;
+ ret = ubus_add_object(ctx, obj);
+ wpas_ubus_ref_inc();
+}
+
+void wpas_ubus_free(struct wpa_global *global)
+{
+ struct ubus_object *obj = &global->ubus_global;
+ char *name = (char *) obj->name;
+
+ if (!ctx)
+ return;
+
+ if (obj->id) {
+ ubus_remove_object(ctx, obj);
+ wpas_ubus_ref_dec();
+ }
+
+ free(name);
+}
+
+
+#ifdef CONFIG_WPS
+void wpas_ubus_notify(struct wpa_supplicant *wpa_s, const struct wps_credential *cred)
+{
+ u16 auth_type;
+ char *ifname, *encryption, *ssid, *key;
+ size_t ifname_len;
+
+ if (!cred)
+ return;
+
+ auth_type = cred->auth_type;
+
+ if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK))
+ auth_type = WPS_AUTH_WPA2PSK;
+
+ if (auth_type != WPS_AUTH_OPEN &&
+ auth_type != WPS_AUTH_WPAPSK &&
+ auth_type != WPS_AUTH_WPA2PSK) {
+ wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
+ "unsupported authentication type 0x%x",
+ auth_type);
+ return;
+ }
+
+ if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) {
+ if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) {
+ wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with "
+ "invalid Network Key length %lu",
+ (unsigned long) cred->key_len);
+ return;
+ }
+ }
+
+ blob_buf_init(&b, 0);
+
+ ifname_len = strlen(wpa_s->ifname);
+ ifname = blobmsg_alloc_string_buffer(&b, "ifname", ifname_len + 1);
+ memcpy(ifname, wpa_s->ifname, ifname_len + 1);
+ ifname[ifname_len] = '\0';
+ blobmsg_add_string_buffer(&b);
+
+ switch (auth_type) {
+ case WPS_AUTH_WPA2PSK:
+ encryption = "psk2";
+ break;
+ case WPS_AUTH_WPAPSK:
+ encryption = "psk";
+ break;
+ default:
+ encryption = "none";
+ break;
+ }
+
+ blobmsg_add_string(&b, "encryption", encryption);
+
+ ssid = blobmsg_alloc_string_buffer(&b, "ssid", cred->ssid_len + 1);
+ memcpy(ssid, cred->ssid, cred->ssid_len);
+ ssid[cred->ssid_len] = '\0';
+ blobmsg_add_string_buffer(&b);
+
+ if (cred->key_len > 0) {
+ key = blobmsg_alloc_string_buffer(&b, "key", cred->key_len + 1);
+ memcpy(key, cred->key, cred->key_len);
+ key[cred->key_len] = '\0';
+ blobmsg_add_string_buffer(&b);
+ }
+
+// ubus_notify(ctx, &wpa_s->ubus.obj, "wps_credentials", b.head, -1);
+ ubus_send_event(ctx, "wps_credentials", b.head);
+}
+#endif /* CONFIG_WPS */
diff --git a/recipes-connectivity/wpa-supplicant/files/src/wpa_supplicant/ubus.h b/recipes-connectivity/wpa-supplicant/files/src/wpa_supplicant/ubus.h
new file mode 100644
index 0000000..bf92b98
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/src/wpa_supplicant/ubus.h
@@ -0,0 +1,66 @@
+/*
+ * wpa_supplicant / ubus support
+ * Copyright (c) 2018, Daniel Golle <daniel@makrotopia.org>
+ * Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+#ifndef __WPAS_UBUS_H
+#define __WPAS_UBUS_H
+
+struct wpa_supplicant;
+struct wpa_global;
+
+#include "wps_supplicant.h"
+
+#ifdef UBUS_SUPPORT
+#include <libubus.h>
+
+struct wpas_ubus_bss {
+ struct ubus_object obj;
+};
+
+void wpas_ubus_add_bss(struct wpa_supplicant *wpa_s);
+void wpas_ubus_free_bss(struct wpa_supplicant *wpa_s);
+
+void wpas_ubus_add(struct wpa_global *global);
+void wpas_ubus_free(struct wpa_global *global);
+
+#ifdef CONFIG_WPS
+void wpas_ubus_notify(struct wpa_supplicant *wpa_s, const struct wps_credential *cred);
+#endif
+
+#else
+struct wpas_ubus_bss {};
+
+static inline void wpas_ubus_add_iface(struct wpa_supplicant *wpa_s)
+{
+}
+
+static inline void wpas_ubus_free_iface(struct wpa_supplicant *wpa_s)
+{
+}
+
+static inline void wpas_ubus_add_bss(struct wpa_supplicant *wpa_s)
+{
+}
+
+static inline void wpas_ubus_free_bss(struct wpa_supplicant *wpa_s)
+{
+}
+
+static inline void wpas_ubus_notify(struct wpa_supplicant *wpa_s, struct wps_credential *cred)
+{
+}
+
+static inline void wpas_ubus_add(struct wpa_global *global)
+{
+}
+
+static inline void wpas_ubus_free(struct wpa_global *global)
+{
+}
+#endif
+
+#endif
diff --git a/recipes-connectivity/wpa-supplicant/files/wpa-supplicant.sh b/recipes-connectivity/wpa-supplicant/files/wpa-supplicant.sh
new file mode 100644
index 0000000..35a1aa6
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/wpa-supplicant.sh
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+
+WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
+WPA_SUP_PNAME="wpa_supplicant"
+WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
+WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant"
+WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
+
+VERBOSITY=0
+
+
+if [ -s "$IF_WPA_CONF" ]; then
+ WPA_SUP_CONF="-c $IF_WPA_CONF"
+else
+ exit 0
+fi
+
+if [ ! -x "$WPA_SUP_BIN" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN"
+ fi
+
+ exit 1
+fi
+
+if [ "$MODE" = "start" ] ; then
+ # driver type of interface, defaults to wext when undefined
+ if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then
+ IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE")
+ elif [ -z "$IF_WPA_DRIVER" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\""
+ fi
+
+ IF_WPA_DRIVER="wext"
+ fi
+
+ # if we have passed the criteria, start wpa_supplicant
+ if [ -n "$WPA_SUP_CONF" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER"
+ fi
+
+ start-stop-daemon --start --quiet \
+ --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
+ -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER
+ fi
+
+ # if the interface socket exists, then wpa_supplicant was invoked successfully
+ if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE"
+ fi
+
+ exit 0
+
+ fi
+
+elif [ "$MODE" = "stop" ]; then
+
+ if [ -f "$WPA_SUP_PIDFILE" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon"
+ fi
+
+ start-stop-daemon --stop --quiet \
+ --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE
+
+ if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
+ rm -f $WPA_COMMON_CTRL_IFACE/$IFACE
+ fi
+
+ if [ -f "$WPA_SUP_PIDFILE" ]; then
+ rm -f $WPA_SUP_PIDFILE
+ fi
+ fi
+
+fi
+
+exit 0
diff --git a/recipes-connectivity/wpa-supplicant/files/wpa_supplicant-full.config b/recipes-connectivity/wpa-supplicant/files/wpa_supplicant-full.config
new file mode 100644
index 0000000..800c18c
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/wpa_supplicant-full.config
@@ -0,0 +1,624 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# wpa_supplicant binary. All lines starting with # are ignored. Configuration
+# option lines must be commented out complete, if they are not to be included,
+# i.e., just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+CONFIG_EAP_FAST=y
+
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# MACsec
+#CONFIG_MACSEC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+# path is given on command line, not here; this option is just used to
+# select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+#CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+#CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+#CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+
+# OpenWrt patch 380-disable-ctrl-iface-mib.patch
+# leads to the MIB only being compiled in if
+# CONFIG_CTRL_IFACE_MIB is enabled.
+CONFIG_CTRL_IFACE_MIB=y
diff --git a/recipes-connectivity/wpa-supplicant/files/wpa_supplicant.conf b/recipes-connectivity/wpa-supplicant/files/wpa_supplicant.conf
new file mode 100644
index 0000000..68258f5
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/wpa_supplicant.conf
@@ -0,0 +1,690 @@
+##### Example wpa_supplicant configuration file ###############################
+#
+# This file describes configuration file format and lists all available option.
+# Please also take a look at simpler configuration examples in 'examples'
+# subdirectory.
+#
+# Empty lines and lines starting with # are ignored
+
+# NOTE! This file may contain password information and should probably be made
+# readable only by root user on multiuser systems.
+
+# Note: All file paths in this configuration file should use full (absolute,
+# not relative to working directory) path in order to allow working directory
+# to be changed. This can happen if wpa_supplicant is run in the background.
+
+# Whether to allow wpa_supplicant to update (overwrite) configuration
+#
+# This option can be used to allow wpa_supplicant to overwrite configuration
+# file whenever configuration is changed (e.g., new network block is added with
+# wpa_cli or wpa_gui, or a password is changed). This is required for
+# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
+# Please note that overwriting configuration file will remove the comments from
+# it.
+#update_config=1
+
+# global configuration (shared by all network blocks)
+#
+# Parameters for the control interface. If this is specified, wpa_supplicant
+# will open a control interface that is available for external programs to
+# manage wpa_supplicant. The meaning of this string depends on which control
+# interface mechanism is used. For all cases, the existence of this parameter
+# in configuration is used to determine whether the control interface is
+# enabled.
+#
+# For UNIX domain sockets (default on Linux and BSD): This is a directory that
+# will be created for UNIX domain sockets for listening to requests from
+# external programs (CLI/GUI, etc.) for status information and configuration.
+# The socket file will be named based on the interface name, so multiple
+# wpa_supplicant processes can be run at the same time if more than one
+# interface is used.
+# /var/run/wpa_supplicant is the recommended directory for sockets and by
+# default, wpa_cli will use it when trying to connect with wpa_supplicant.
+#
+# Access control for the control interface can be configured by setting the
+# directory to allow only members of a group to use sockets. This way, it is
+# possible to run wpa_supplicant as root (since it needs to change network
+# configuration and open raw sockets) and still allow GUI/CLI components to be
+# run as non-root users. However, since the control interface can be used to
+# change the network configuration, this access needs to be protected in many
+# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
+# want to allow non-root users to use the control interface, add a new group
+# and change this value to match with that group. Add users that should have
+# control interface access to this group. If this variable is commented out or
+# not included in the configuration file, group will not be changed from the
+# value it got by default when the directory or socket was created.
+#
+# When configuring both the directory and group, use following format:
+# DIR=/var/run/wpa_supplicant GROUP=wheel
+# DIR=/var/run/wpa_supplicant GROUP=0
+# (group can be either group name or gid)
+#
+# For UDP connections (default on Windows): The value will be ignored. This
+# variable is just used to select that the control interface is to be created.
+# The value can be set to, e.g., udp (ctrl_interface=udp)
+#
+# For Windows Named Pipe: This value can be used to set the security descriptor
+# for controlling access to the control interface. Security descriptor can be
+# set using Security Descriptor String Format (see http://msdn.microsoft.com/
+# library/default.asp?url=/library/en-us/secauthz/security/
+# security_descriptor_string_format.asp). The descriptor string needs to be
+# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
+# DACL (which will reject all connections). See README-Windows.txt for more
+# information about SDDL string format.
+#
+ctrl_interface=/var/run/wpa_supplicant
+
+# IEEE 802.1X/EAPOL version
+# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
+# EAPOL version 2. However, there are many APs that do not handle the new
+# version number correctly (they seem to drop the frames completely). In order
+# to make wpa_supplicant interoperate with these APs, the version number is set
+# to 1 by default. This configuration value can be used to set it to the new
+# version (2).
+eapol_version=1
+
+# AP scanning/selection
+# By default, wpa_supplicant requests driver to perform AP scanning and then
+# uses the scan results to select a suitable AP. Another alternative is to
+# allow the driver to take care of AP scanning and selection and use
+# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
+# information from the driver.
+# 1: wpa_supplicant initiates scanning and AP selection
+# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
+# parameters (e.g., WPA IE generation); this mode can also be used with
+# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
+# APs (i.e., external program needs to control association). This mode must
+# also be used when using wired Ethernet drivers.
+# 2: like 0, but associate with APs using security policy and SSID (but not
+# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
+# enable operation with hidden SSIDs and optimized roaming; in this mode,
+# the network blocks in the configuration file are tried one by one until
+# the driver reports successful association; each network block should have
+# explicit security policy (i.e., only one option in the lists) for
+# key_mgmt, pairwise, group, proto variables
+ap_scan=1
+
+# EAP fast re-authentication
+# By default, fast re-authentication is enabled for all EAP methods that
+# support it. This variable can be used to disable fast re-authentication.
+# Normally, there is no need to disable this.
+fast_reauth=1
+
+# OpenSSL Engine support
+# These options can be used to load OpenSSL engines.
+# The two engines that are supported currently are shown below:
+# They are both from the opensc project (http://www.opensc.org/)
+# By default no engines are loaded.
+# make the opensc engine available
+#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
+# make the pkcs11 engine available
+#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
+# configure the path to the pkcs11 module required by the pkcs11 engine
+#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
+
+# Dynamic EAP methods
+# If EAP methods were built dynamically as shared object files, they need to be
+# loaded here before being used in the network blocks. By default, EAP methods
+# are included statically in the build, so these lines are not needed
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
+
+# Driver interface parameters
+# This field can be used to configure arbitrary driver interace parameters. The
+# format is specific to the selected driver interface. This field is not used
+# in most cases.
+#driver_param="field=value"
+
+# Maximum lifetime for PMKSA in seconds; default 43200
+#dot11RSNAConfigPMKLifetime=43200
+# Threshold for reauthentication (percentage of PMK lifetime); default 70
+#dot11RSNAConfigPMKReauthThreshold=70
+# Timeout for security association negotiation in seconds; default 60
+#dot11RSNAConfigSATimeout=60
+
+# network block
+#
+# Each network (usually AP's sharing the same SSID) is configured as a separate
+# block in this configuration file. The network blocks are in preference order
+# (the first match is used).
+#
+# network block fields:
+#
+# disabled:
+# 0 = this network can be used (default)
+# 1 = this network block is disabled (can be enabled through ctrl_iface,
+# e.g., with wpa_cli or wpa_gui)
+#
+# id_str: Network identifier string for external scripts. This value is passed
+# to external action script through wpa_cli as WPA_ID_STR environment
+# variable to make it easier to do network specific configuration.
+#
+# ssid: SSID (mandatory); either as an ASCII string with double quotation or
+# as hex string; network name
+#
+# scan_ssid:
+# 0 = do not scan this SSID with specific Probe Request frames (default)
+# 1 = scan with SSID-specific Probe Request frames (this can be used to
+# find APs that do not accept broadcast SSID or use multiple SSIDs;
+# this will add latency to scanning, so enable this only when needed)
+#
+# bssid: BSSID (optional); if set, this network block is used only when
+# associating with the AP using the configured BSSID
+#
+# priority: priority group (integer)
+# By default, all networks will get same priority group (0). If some of the
+# networks are more desirable, this field can be used to change the order in
+# which wpa_supplicant goes through the networks when selecting a BSS. The
+# priority groups will be iterated in decreasing priority (i.e., the larger the
+# priority value, the sooner the network is matched against the scan results).
+# Within each priority group, networks will be selected based on security
+# policy, signal strength, etc.
+# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
+# using this priority to select the order for scanning. Instead, they try the
+# networks in the order that used in the configuration file.
+#
+# mode: IEEE 802.11 operation mode
+# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
+# 1 = IBSS (ad-hoc, peer-to-peer)
+# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
+# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
+# to be set to 2 for IBSS. WPA-None requires following network block options:
+# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
+# both), and psk must also be set.
+#
+# proto: list of accepted protocols
+# WPA = WPA/IEEE 802.11i/D3.0
+# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
+# If not set, this defaults to: WPA RSN
+#
+# key_mgmt: list of accepted authenticated key management protocols
+# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
+# WPA-EAP = WPA using EAP authentication (this can use an external
+# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
+# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
+# generated WEP keys
+# NONE = WPA is not used; plaintext or static WEP could be used
+# If not set, this defaults to: WPA-PSK WPA-EAP
+#
+# auth_alg: list of allowed IEEE 802.11 authentication algorithms
+# OPEN = Open System authentication (required for WPA/WPA2)
+# SHARED = Shared Key authentication (requires static WEP keys)
+# LEAP = LEAP/Network EAP (only used with LEAP)
+# If not set, automatic selection is used (Open System with LEAP enabled if
+# LEAP is allowed as one of the EAP methods).
+#
+# pairwise: list of accepted pairwise (unicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# NONE = Use only Group Keys (deprecated, should not be included if APs support
+# pairwise keys)
+# If not set, this defaults to: CCMP TKIP
+#
+# group: list of accepted group (broadcast/multicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
+# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
+# If not set, this defaults to: CCMP TKIP WEP104 WEP40
+#
+# psk: WPA preshared key; 256-bit pre-shared key
+# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
+# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
+# generated using the passphrase and SSID). ASCII passphrase must be between
+# 8 and 63 characters (inclusive).
+# This field is not needed, if WPA-EAP is used.
+# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
+# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
+# startup and reconfiguration time can be optimized by generating the PSK only
+# only when the passphrase or SSID has actually changed.
+#
+# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
+# Dynamic WEP key required for non-WPA mode
+# bit0 (1): require dynamically generated unicast WEP key
+# bit1 (2): require dynamically generated broadcast WEP key
+# (3 = require both keys; default)
+# Note: When using wired authentication, eapol_flags must be set to 0 for the
+# authentication to be completed successfully.
+#
+# proactive_key_caching:
+# Enable/disable opportunistic PMKSA caching for WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#
+# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
+# hex without quotation, e.g., 0102030405)
+# wep_tx_keyidx: Default WEP key index (TX) (0..3)
+#
+# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is
+# allowed. This is only used with RSN/WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#peerkey=1
+#
+# Following fields are only used with internal EAP implementation.
+# eap: space-separated list of accepted EAP methods
+# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
+# cannot be used with WPA; to be used as a Phase 2 method
+# with EAP-PEAP or EAP-TTLS)
+# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# OTP = EAP-OTP (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# GTC = EAP-GTC (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# TLS = EAP-TLS (client and server certificate)
+# PEAP = EAP-PEAP (with tunnelled EAP authentication)
+# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
+# authentication)
+# If not set, all compiled in methods are allowed.
+#
+# identity: Identity string for EAP
+# anonymous_identity: Anonymous identity string for EAP (to be used as the
+# unencrypted identity with EAP types that support different tunnelled
+# identity, e.g., EAP-TTLS)
+# password: Password string for EAP
+# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
+# or more trusted CA certificates. If ca_cert and ca_path are not
+# included, server certificate will not be verified. This is insecure and
+# a trusted CA certificate should always be configured when using
+# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
+# change when wpa_supplicant is run in the background.
+# On Windows, trusted CA certificates can be loaded from the system
+# certificate store by setting this to cert_store://<name>, e.g.,
+# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
+# Note that when running wpa_supplicant as an application, the user
+# certificate store (My user account) is used, whereas computer store
+# (Computer account) is used when running wpasvc as a service.
+# ca_path: Directory path for CA certificate files (PEM). This path may
+# contain multiple CA certificates in OpenSSL format. Common use for this
+# is to point to system trusted CA list which is often installed into
+# directory like /etc/ssl/certs. If configured, these certificates are
+# added to the list of trusted CAs. ca_cert may also be included in that
+# case, but it is not required.
+# client_cert: File path to client certificate file (PEM/DER)
+# Full path should be used since working directory may change when
+# wpa_supplicant is run in the background.
+# Alternatively, a named configuration blob can be used by setting this
+# to blob://<blob name>.
+# private_key: File path to client private key file (PEM/DER/PFX)
+# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
+# commented out. Both the private key and certificate will be read from
+# the PKCS#12 file in this case. Full path should be used since working
+# directory may change when wpa_supplicant is run in the background.
+# Windows certificate store can be used by leaving client_cert out and
+# configuring private_key in one of the following formats:
+# cert://substring_to_match
+# hash://certificate_thumbprint_in_hex
+# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
+# Note that when running wpa_supplicant as an application, the user
+# certificate store (My user account) is used, whereas computer store
+# (Computer account) is used when running wpasvc as a service.
+# Alternatively, a named configuration blob can be used by setting this
+# to blob://<blob name>.
+# private_key_passwd: Password for private key file (if left out, this will be
+# asked through control interface)
+# dh_file: File path to DH/DSA parameters file (in PEM format)
+# This is an optional configuration file for setting parameters for an
+# ephemeral DH key exchange. In most cases, the default RSA
+# authentication does not use this configuration. However, it is possible
+# setup RSA to use ephemeral DH key exchange. In addition, ciphers with
+# DSA keys always use ephemeral DH keys. This can be used to achieve
+# forward secrecy. If the file is in DSA parameters format, it will be
+# automatically converted into DH params.
+# subject_match: Substring to be matched against the subject of the
+# authentication server certificate. If this string is set, the server
+# sertificate is only accepted if it contains this string in the subject.
+# The subject string is in following format:
+# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
+# altsubject_match: Semicolon separated string of entries to be matched against
+# the alternative subject name of the authentication server certificate.
+# If this string is set, the server sertificate is only accepted if it
+# contains one of the entries in an alternative subject name extension.
+# altSubjectName string is in following format: TYPE:VALUE
+# Example: EMAIL:server@example.com
+# Example: DNS:server.example.com;DNS:server2.example.com
+# Following types are supported: EMAIL, DNS, URI
+# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
+# (string with field-value pairs, e.g., "peapver=0" or
+# "peapver=1 peaplabel=1")
+# 'peapver' can be used to force which PEAP version (0 or 1) is used.
+# 'peaplabel=1' can be used to force new label, "client PEAP encryption",
+# to be used during key derivation when PEAPv1 or newer. Most existing
+# PEAPv1 implementation seem to be using the old label, "client EAP
+# encryption", and wpa_supplicant is now using that as the default value.
+# Some servers, e.g., Radiator, may require peaplabel=1 configuration to
+# interoperate with PEAPv1; see eap_testing.txt for more details.
+# 'peap_outer_success=0' can be used to terminate PEAP authentication on
+# tunneled EAP-Success. This is required with some RADIUS servers that
+# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
+# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
+# include_tls_length=1 can be used to force wpa_supplicant to include
+# TLS Message Length field in all TLS messages even if they are not
+# fragmented.
+# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
+# challenges (by default, it accepts 2 or 3)
+# phase2: Phase2 (inner authentication with TLS tunnel) parameters
+# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
+# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
+# Following certificate/private key fields are used in inner Phase2
+# authentication when using EAP-TTLS or EAP-PEAP.
+# ca_cert2: File path to CA certificate file. This file can have one or more
+# trusted CA certificates. If ca_cert2 and ca_path2 are not included,
+# server certificate will not be verified. This is insecure and a trusted
+# CA certificate should always be configured.
+# ca_path2: Directory path for CA certificate files (PEM)
+# client_cert2: File path to client certificate file
+# private_key2: File path to client private key file
+# private_key2_passwd: Password for private key file
+# dh_file2: File path to DH/DSA parameters file (in PEM format)
+# subject_match2: Substring to be matched against the subject of the
+# authentication server certificate.
+# altsubject_match2: Substring to be matched against the alternative subject
+# name of the authentication server certificate.
+#
+# fragment_size: Maximum EAP fragment size in bytes (default 1398).
+# This value limits the fragment size for EAP methods that support
+# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
+# small enough to make the EAP messages fit in MTU of the network
+# interface used for EAPOL. The default value is suitable for most
+# cases.
+#
+# EAP-PSK variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+# nai: user NAI
+#
+# EAP-PAX variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+#
+# EAP-SAKE variables:
+# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
+# (this is concatenation of Root-Secret-A and Root-Secret-B)
+# nai: user NAI (PEERID)
+#
+# EAP-GPSK variables:
+# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
+# nai: user NAI (ID_Client)
+#
+# EAP-FAST variables:
+# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
+# to create this file and write updates to it when PAC is being
+# provisioned or refreshed. Full path to the file should be used since
+# working directory may change when wpa_supplicant is run in the
+# background. Alternatively, a named configuration blob can be used by
+# setting this to blob://<blob name>
+# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
+# credentials (PAC)
+#
+# wpa_supplicant supports number of "EAP workarounds" to work around
+# interoperability issues with incorrectly behaving authentication servers.
+# These are enabled by default because some of the issues are present in large
+# number of authentication servers. Strict EAP conformance mode can be
+# configured by disabling workarounds with eap_workaround=0.
+
+# Example blocks:
+
+# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
+network={
+ ssid="simple"
+ psk="very secret passphrase"
+ priority=5
+}
+
+# Same as previous, but request SSID-specific scanning (for APs that reject
+# broadcast SSID)
+network={
+ ssid="second ssid"
+ scan_ssid=1
+ psk="very secret passphrase"
+ priority=2
+}
+
+# Only WPA-PSK is used. Any valid cipher combination is accepted.
+network={
+ ssid="example"
+ proto=WPA
+ key_mgmt=WPA-PSK
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+ priority=2
+}
+
+# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
+# or WEP40 as the group cipher will not be accepted.
+network={
+ ssid="example"
+ proto=RSN
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ priority=1
+}
+
+# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
+# (e.g., Radiator)
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=1"
+ phase2="auth=MSCHAPV2"
+ priority=10
+}
+
+# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
+# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ priority=2
+}
+
+# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
+# use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MSCHAPV2"
+}
+
+# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
+# authentication.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ # Phase1 / outer authentication
+ anonymous_identity="anonymous@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ # Phase 2 / inner authentication
+ phase2="autheap=TLS"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+ priority=2
+}
+
+# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
+# group cipher.
+network={
+ ssid="example"
+ bssid=00:11:22:33:44:55
+ proto=WPA RSN
+ key_mgmt=WPA-PSK WPA-EAP
+ pairwise=CCMP
+ group=CCMP
+ psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+}
+
+# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
+# and all valid ciphers.
+network={
+ ssid=00010203
+ psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+}
+
+
+# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
+# EAP-TLS for authentication and key generation; require both unicast and
+# broadcast WEP keys.
+network={
+ ssid="1x-test"
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+
+
+# LEAP with dynamic WEP keys
+network={
+ ssid="leap-example"
+ key_mgmt=IEEE8021X
+ eap=LEAP
+ identity="user"
+ password="foobar"
+}
+
+# Plaintext connection (no WPA, no IEEE 802.1X)
+network={
+ ssid="plaintext-test"
+ key_mgmt=NONE
+}
+
+
+# Shared WEP key connection (no WPA, no IEEE 802.1X)
+network={
+ ssid="static-wep-test"
+ key_mgmt=NONE
+ wep_key0="abcde"
+ wep_key1=0102030405
+ wep_key2="1234567890123"
+ wep_tx_keyidx=0
+ priority=5
+}
+
+
+# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
+# IEEE 802.11 authentication
+network={
+ ssid="static-wep-test2"
+ key_mgmt=NONE
+ wep_key0="abcde"
+ wep_key1=0102030405
+ wep_key2="1234567890123"
+ wep_tx_keyidx=0
+ priority=5
+ auth_alg=SHARED
+}
+
+
+# IBSS/ad-hoc network with WPA-None/TKIP.
+network={
+ ssid="test adhoc"
+ mode=1
+ proto=WPA
+ key_mgmt=WPA-NONE
+ pairwise=NONE
+ group=TKIP
+ psk="secret passphrase"
+}
+
+
+# Catch all example that allows more or less all configuration modes
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+}
+
+# Example of EAP-TLS with smartcard (openssl engine)
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TLS
+ proto=RSN
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+
+ engine=1
+
+ # The engine configured here must be available. Look at
+ # OpenSSL engine support in the global section.
+ # The key available through the engine must be the private key
+ # matching the client certificate configured above.
+
+ # use the opensc engine
+ #engine_id="opensc"
+ #key_id="45"
+
+ # use the pkcs11 engine
+ engine_id="pkcs11"
+ key_id="id_45"
+
+ # Optional PIN configuration; this can be left out and PIN will be
+ # asked through the control interface
+ pin="1234"
+}
+
+# Example configuration showing how to use an inlined blob as a CA certificate
+# data instead of using external file
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="blob://exampleblob"
+ priority=20
+}
+
+blob-base64-exampleblob={
+SGVsbG8gV29ybGQhCg==
+}
+
+
+# Wildcard match for SSID (plaintext APs only). This example select any
+# open AP regardless of its SSID.
+network={
+ key_mgmt=NONE
+}
diff --git a/recipes-connectivity/wpa-supplicant/files/wpa_supplicant.conf-sane b/recipes-connectivity/wpa-supplicant/files/wpa_supplicant.conf-sane
new file mode 100644
index 0000000..c91ffe0
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/files/wpa_supplicant.conf-sane
@@ -0,0 +1,7 @@
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=0
+update_config=1
+
+network={
+ key_mgmt=NONE
+}
diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
new file mode 100644
index 0000000..7ac1b89
--- /dev/null
+++ b/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -0,0 +1,157 @@
+SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
+DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver."
+HOMEPAGE = "http://w1.fi/wpa_supplicant/"
+BUGTRACKER = "http://w1.fi/security/"
+SECTION = "network"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://hostapd/README;md5=c905478466c90f1cefc0df987c40e172"
+
+DEPENDS = "dbus libnl"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files/patches:"
+
+SRCREV ?= "cff80b4f7d3c0a47c052e8187d671710f48939e4"
+SRC_URI = "git://w1.fi/hostap.git;protocol=https;branch=main \
+ file://wpa-supplicant.sh \
+ file://wpa_supplicant.conf \
+ file://wpa_supplicant.conf-sane \
+ file://99_wpa_supplicant \
+ file://0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch \
+ file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \
+ file://0001-Install-wpa_passphrase-when-not-disabled.patch \
+ file://wpa_supplicant-full.config \
+ file://src \
+ file://001-rdkb-remove-ubus-support.patch;apply=no \
+ "
+require files/patches/patches.inc
+
+S = "${WORKDIR}/git"
+
+inherit pkgconfig systemd
+
+PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG[openssl] = ",,openssl"
+
+CVE_PRODUCT = "wpa_supplicant"
+
+EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'"
+
+do_unpack_append() {
+ bb.build.exec_func('do_copy_openwrt_src', d)
+}
+
+do_copy_openwrt_src() {
+ cp -Rfp ${WORKDIR}/src/* ${S}/
+}
+
+do_filogic_patches() {
+ cd ${S}
+ if [ ! -e patch_applied ]; then
+ patch -p1 < ${WORKDIR}/001-rdkb-remove-ubus-support.patch
+ touch patch_applied
+ fi
+}
+
+addtask filogic_patches after do_patch before do_compile
+
+do_configure () {
+ ${MAKE} -C wpa_supplicant clean
+
+ # For rebuild
+ rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d
+}
+
+do_configure_append () {
+ # from Openwrt defconfig
+ install -m 0644 ${WORKDIR}/wpa_supplicant-full.config wpa_supplicant/.config
+
+ # RDKB
+ echo "CONFIG_BUILD_WPA_CLIENT_SO=y" >> wpa_supplicant/.config
+
+ # mtk add
+ echo "CONFIG_MBO=y" >> wpa_supplicant/.config
+ echo "CONFIG_WPS_UPNP=y" >> wpa_supplicant/.config
+
+ # OpenWRT hostapd Makefile add
+ echo "CONFIG_ACS=y" >> wpa_supplicant/.config
+ echo "CONFIG_IEEE80211AX=y" >> wpa_supplicant/.config
+ echo "CONFIG_TLS=openssl" >> wpa_supplicant/.config
+ echo "CONFIG_SAE=y" >> wpa_supplicant/.config
+ echo "CONFIG_OWE=y" >> wpa_supplicant/.config
+ echo "CONFIG_SUITEB192=y" >> wpa_supplicant/.config
+ echo "CONFIG_WEP=y" >> wpa_supplicant/.config
+ echo "CONFIG_AP=y" >> wpa_supplicant/.config
+ echo "CONFIG_MESH=y" >> wpa_supplicant/.config
+}
+
+do_compile () {
+ oe_runmake -C wpa_supplicant
+ oe_runmake -C wpa_supplicant libwpa_client.a
+}
+
+do_install () {
+ oe_runmake -C wpa_supplicant DESTDIR="${D}" install
+
+ install -d ${D}${docdir}/wpa_supplicant
+ install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant
+
+ install -d ${D}${sysconfdir}
+ install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
+
+ install -d ${D}${sysconfdir}/network/if-pre-up.d/
+ install -d ${D}${sysconfdir}/network/if-post-down.d/
+ install -d ${D}${sysconfdir}/network/if-down.d/
+ install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant
+ ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant
+
+ install -d ${D}/${sysconfdir}/dbus-1/system.d
+ install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d
+ install -d ${D}/${datadir}/dbus-1/system-services
+ install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -d ${D}/${systemd_system_unitdir}
+ install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir}
+ fi
+
+ install -d ${D}/etc/default/volatiles
+ install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
+
+ install -d ${D}${includedir}
+ install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir}
+
+ install -d ${D}${libdir}
+ install -m 0644 ${S}/wpa_supplicant/libwpa_client.so ${D}${libdir}
+}
+
+pkg_postinst:${PN} () {
+ # If we're offline, we don't need to do this.
+ if [ "x$D" = "x" ]; then
+ killall -q -HUP dbus-daemon || true
+ fi
+}
+
+PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli"
+PACKAGES =+ "${PN}-lib"
+PACKAGES += "${PN}-plugins"
+ALLOW_EMPTY:${PN}-plugins = "1"
+
+PACKAGES_DYNAMIC += "^${PN}-plugin-.*$"
+NOAUTOPACKAGEDEBUG = "1"
+
+FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase"
+FILES:${PN}-cli = "${sbindir}/wpa_cli"
+FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
+FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug"
+
+CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf"
+
+RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins"
+
+SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+# move from cmf
+FILES_SOLIBSDEV = ""
+FILES_${PN} += "${libdir}/libwpa_client.so"
+