hostapd: backport package from trunk r39765

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@39927 3c298f89-4303-0410-b956-a3cf2f4a3e73

8 files changed, 502 insertions, 22 deletions

diff --git a/package/hostapd/files/hostapd-full.config b/package/hostapd/files/hostapd-full.config
index d558736db7..bc999c04a1 100644
--- a/package/hostapd/files/hostapd-full.config
+++ b/package/hostapd/files/hostapd-full.config
@@ -107,7 +107,8 @@ CONFIG_EAP_TTLS=y
 #CONFIG_EAP_FAST=y
 
 # Wi-Fi Protected Setup (WPS)
-#CONFIG_WPS=y
+CONFIG_WPS=y
+CONFIG_WPS2=y
 # Enable UPnP support for external WPS Registrars
 #CONFIG_WPS_UPNP=y
 
@@ -157,8 +158,12 @@ CONFIG_INTERNAL_LIBTOMMATH=y
 CONFIG_INTERNAL_AES=y
 NEED_AES_DEC=y
 
+CONFIG_NO_RANDOM_POOL=y
 CONFIG_NO_DUMP_STATE=y
 
 CONFIG_WPS=y
 CONFIG_FULL_DYNAMIC_VLAN=y
 
+CONFIG_ACS=y
+
+CONFIG_UBUS=y
diff --git a/package/hostapd/files/hostapd-mini.config b/package/hostapd/files/hostapd-mini.config
index 3e94a645b5..01a04cb237 100644
--- a/package/hostapd/files/hostapd-mini.config
+++ b/package/hostapd/files/hostapd-mini.config
@@ -154,4 +154,9 @@ CONFIG_NO_RADIUS=y
 
 CONFIG_TLS=internal
 
+CONFIG_NO_RANDOM_POOL=y
 CONFIG_NO_DUMP_STATE=y
+
+CONFIG_ACS=y
+
+CONFIG_UBUS=y
diff --git a/package/hostapd/files/hostapd.sh b/package/hostapd/files/hostapd.sh
index 00c6a094cf..b55b63db7c 100644
--- a/package/hostapd/files/hostapd.sh
+++ b/package/hostapd/files/hostapd.sh
@@ -3,7 +3,7 @@ hostapd_set_bss_options() {
 	local vif="$2"
 	local enc wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wps_possible
 
-	config_get enc "$vif" encryption
+	config_get enc "$vif" encryption "none"
 	config_get wep_rekey        "$vif" wep_rekey        # 300
 	config_get wpa_group_rekey  "$vif" wpa_group_rekey  # 300
 	config_get wpa_pair_rekey   "$vif" wpa_pair_rekey   # 300
@@ -73,6 +73,14 @@ hostapd_set_bss_options() {
 
 	# use crypto/auth settings for building the hostapd config
 	case "$enc" in
+		none)
+			wps_possible=1
+			wpa=0
+			crypto=
+			# Here we make the assumption that if we're in open mode
+			# with WPS enabled, we got to be in unconfigured state.
+			wps_not_configured=1
+		;;
 		*psk*)
 			config_get psk "$vif" key
 			if [ ${#psk} -eq 64 ]; then
@@ -85,7 +93,7 @@ hostapd_set_bss_options() {
 			[ -n "$wpa_pair_rekey"   ] && append "$var" "wpa_ptk_rekey=$wpa_pair_rekey"    "$N"
 			[ -n "$wpa_master_rekey" ] && append "$var" "wpa_gmk_rekey=$wpa_master_rekey"  "$N"
 		;;
-		*wpa*)
+		*wpa*|*8021x*)
 			# required fields? formats?
 			# hostapd is particular, maybe a default configuration for failures
 			config_get auth_server "$vif" auth_server
@@ -98,9 +106,13 @@ hostapd_set_bss_options() {
 			config_get auth_secret "$vif" auth_secret
 			[ -z "$auth_secret" ] && config_get auth_secret "$vif" key
 			append "$var" "auth_server_shared_secret=$auth_secret" "$N"
+			# You don't really want to enable this unless you are doing
+			# some corner case testing or are using OpenWrt as a work around
+			# for some systematic issues.
 			config_get_bool auth_cache "$vif" auth_cache 0
-			[ "$auth_cache" -gt 0 ] || append "$var" "disable_pmksa_caching=1" "$N"
-			[ "$auth_cache" -gt 0 ] || append "$var" "okc=0" "$N"
+			config_get rsn_preauth "$vif" rsn_preauth
+			[ "$auth_cache" -gt 0 ] || [[ "$rsn_preauth" = 1 ]] || append "$var" "disable_pmksa_caching=1" "$N"
+			[ "$auth_cache" -gt 0 ] || [[ "$rsn_preauth" = 1 ]] || append "$var" "okc=0" "$N"
 			config_get acct_server "$vif" acct_server
 			[ -n "$acct_server" ] && append "$var" "acct_server_addr=$acct_server" "$N"
 			config_get acct_port "$vif" acct_port
@@ -108,6 +120,15 @@ hostapd_set_bss_options() {
 			[ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N"
 			config_get acct_secret "$vif" acct_secret
 			[ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N"
+			config_get eap_reauth_period "$vif" eap_reauth_period
+			[ -n "$eap_reauth_period" ] && append "$var" "eap_reauth_period=$eap_reauth_period" "$N"
+			config_get dae_client "$vif" dae_client
+			config_get dae_secret "$vif" dae_secret
+			[ -n "$dae_client" -a -n "$dae_secret" ] && {
+				config_get dae_port  "$vif" dae_port
+				append "$var" "radius_das_port=${dae_port:-3799}" "$N"
+				append "$var" "radius_das_client=$dae_client $dae_secret" "$N"
+			}
 			config_get nasid "$vif" nasid
 			append "$var" "nas_identifier=$nasid" "$N"
 			append "$var" "eapol_key_index_workaround=1" "$N"
@@ -173,10 +194,15 @@ hostapd_set_bss_options() {
 		config_get device_type "$vif" wps_device_type "6-0050F204-1"
 		config_get device_name "$vif" wps_device_name "OpenWrt AP"
 		config_get manufacturer "$vif" wps_manufacturer "openwrt.org"
+		config_get wps_pin "$vif" wps_pin "12345670"
+
+		config_get_bool ext_registrar "$vif" ext_registrar 0
+		[ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append "$var" "upnp_iface=$bridge" "$N"
 
 		append "$var" "eap_server=1" "$N"
-		append "$var" "wps_state=2" "$N"
-		append "$var" "ap_setup_locked=1" "$N"
+		append "$var" "ap_pin=$wps_pin" "$N"
+		append "$var" "wps_state=${wps_not_configured:-2}" "$N"
+		append "$var" "ap_setup_locked=0" "$N"
 		append "$var" "device_type=$device_type" "$N"
 		append "$var" "device_name=$device_name" "$N"
 		append "$var" "manufacturer=$manufacturer" "$N"
@@ -190,12 +216,25 @@ hostapd_set_bss_options() {
 
 	if [ "$wpa" -ge "2" ]
 	then
-		# RSN -> allow preauthentication
-		config_get_bool rsn_preauth "$vif" rsn_preauth "$auth_cache"
+		# RSN -> allow preauthentication. You have two
+		# options, rsn_preauth for production or rsn_preauth_testing
+		# for validation / testing.
 		if [ -n "$bridge" -a "$rsn_preauth" = 1 ]
 		then
 			append "$var" "rsn_preauth=1" "$N"
 			append "$var" "rsn_preauth_interfaces=$bridge" "$N"
+			append "$var" "okc=1" "$N"
+		else
+			# RSN preauthentication testings hould disable
+			# Opportunistic Key Caching (okc) as otherwise the PMKSA
+			# entry for a test could come from the Opportunistic Key Caching
+			config_get rsn_preauth_testing "$vif" rsn_preauth_testing
+			if [ -n "$bridge" -a "$rsn_preauth_testing" = 1 ]
+			then
+				append "$var" "rsn_preauth=1" "$N"
+				append "$var" "rsn_preauth_interfaces=$bridge" "$N"
+				append "$var" "okc=0" "$N"
+			fi
 		fi
 
 		# RSN -> allow management frame protection
@@ -215,10 +254,33 @@ hostapd_set_bss_options() {
 		esac
 	fi
 
-	config_get macfilter "$vif" macfilter
-	macfile="/var/run/hostapd-$ifname.maclist"
-	[ -e "$macfile" ] && rm -f "$macfile"
+	config_get macfile "$vif" macfile
+	config_get maclist "$vif" maclist
+	if [ -z "$macfile" ]
+	then
+		# if no macfile has been specified, fallback to the default name
+		# and truncate file to avoid aggregating entries over time
+		macfile="/var/run/hostapd-$ifname.maclist"
+		echo "" > "$macfile"
+	else
+		if [ -n "$maclist" ]
+		then
+			# to avoid to overwrite the original file, make a copy
+			# before appending the entries specified by the maclist
+			# option
+			cp $macfile $macfile.maclist
+			macfile=$macfile.maclist
+		fi
+	fi
 
+	if [ -n "$maclist" ]
+	then
+		for mac in $maclist; do
+			echo "$mac" >> $macfile
+		done
+	fi
+
+	config_get macfilter "$vif" macfilter
 	case "$macfilter" in
 		allow)
 			append "$var" "macaddr_acl=1" "$N"
@@ -229,12 +291,6 @@ hostapd_set_bss_options() {
 			append "$var" "deny_mac_file=$macfile" "$N"
 			;;
 	esac
-	config_get maclist "$vif" maclist
-	[ -n "$maclist" ] && {
-		for mac in $maclist; do
-			echo "$mac" >> $macfile
-		done
-	}
 }
 
 hostapd_set_log_options() {
diff --git a/package/hostapd/files/wpa_supplicant-full.config b/package/hostapd/files/wpa_supplicant-full.config
index f5abbad94f..bbfaa73c1b 100644
--- a/package/hostapd/files/wpa_supplicant-full.config
+++ b/package/hostapd/files/wpa_supplicant-full.config
@@ -403,6 +403,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
 #LIBS_p += -lbfd -liberty -lz
 #LIBS_c += -lbfd -liberty -lz
 
+CONFIG_NO_RANDOM_POOL=y
 NEED_80211_COMMON=y
 
 CONFIG_IBSS_RSN=y
diff --git a/package/hostapd/files/wpa_supplicant-mini.config b/package/hostapd/files/wpa_supplicant-mini.config
index 772e1d9809..a33e6f0a6f 100644
--- a/package/hostapd/files/wpa_supplicant-mini.config
+++ b/package/hostapd/files/wpa_supplicant-mini.config
@@ -403,4 +403,5 @@ CONFIG_TLS=internal
 #LIBS_p += -lbfd -liberty -lz
 #LIBS_c += -lbfd -liberty -lz
 
+CONFIG_NO_RANDOM_POOL=y
 NEED_80211_COMMON=y
diff --git a/package/hostapd/files/wpa_supplicant-p2p.config b/package/hostapd/files/wpa_supplicant-p2p.config
new file mode 100644
index 0000000000..82e0bf0c2a
--- /dev/null
+++ b/package/hostapd/files/wpa_supplicant-p2p.config
@@ -0,0 +1,412 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Example configuration for various cross-compilation platforms
+
+#### sveasoft (e.g., for Linksys WRT54G) ######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
+#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
+###############################################################################
+
+#### openwrt (e.g., for Linksys WRT54G) #######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
+#	-I../WRT54GS/release/src/include
+#LIBS = -lssl
+###############################################################################
+
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for Agere driver
+#CONFIG_DRIVER_HERMES=y
+# Change include directories to match with the local setup
+#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
+#CFLAGS += -I../../include/wireless
+
+# Driver interface for madwifi driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_MADWIFI=y
+# Set include directory to the madwifi source tree
+#CFLAGS += -I../../madwifi
+
+# Driver interface for ndiswrapper
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_NDISWRAPPER=y
+
+# Driver interface for Atmel driver
+# CONFIG_DRIVER_ATMEL=y
+
+# Driver interface for old Broadcom driver
+# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
+# Linux wireless extensions and does not need (or even work) with the old
+# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
+#CONFIG_DRIVER_BROADCOM=y
+# Example path for wlioctl.h; change to match your configuration
+#CFLAGS += -I/opt/WRT54GS/release/src/include
+
+# Driver interface for Intel ipw2100/2200 driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_IPW=y
+
+# Driver interface for Ralink driver
+#CONFIG_DRIVER_RALINK=y
+
+# Driver interface for generic Linux wireless extensions
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for development testing
+#CONFIG_DRIVER_TEST=y
+
+# Include client MLME (management frame processing) for test driver
+# This can be used to test MLME operations in hostapd with the test interface.
+# space.
+#CONFIG_CLIENT_MLME=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
+# included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+# Note: Default OpenSSL package does not include support for all the
+# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
+# to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
+# save about 1 kB in code size when building only WPA-Personal (no EAP support)
+# or 6 kB if building for WPA-Enterprise.
+#CONFIG_NO_WPA2=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+#	path is given on command line, not here; this option is just used to
+#	select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operatins system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+# eloop_none = Empty template
+#CONFIG_ELOOP=eloop
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+# This version is an experimental implementation based on IEEE 802.11w/D1.0
+# draft and is subject to change since the standard has not yet been finalized.
+# Driver support is also needed for IEEE 802.11w.
+CONFIG_IEEE80211W=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=internal
+
+# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
+# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
+# even though the core GnuTLS library is released under LGPL, this extra
+# library uses GPL and as such, the terms of GPL apply to the combination
+# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
+# apply for distribution of the resulting binary.
+#CONFIG_GNUTLS_EXTRA=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for old DBus control interface
+# (fi.epitest.hostap.WPASupplicant)
+#CONFIG_CTRL_IFACE_DBUS=y
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+CONFIG_NO_RANDOM_POOL=y
+NEED_80211_COMMON=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_P2P=y
+CONFIG_AP=y
diff --git a/package/hostapd/files/wpa_supplicant.sh b/package/hostapd/files/wpa_supplicant.sh
index 0b5e1d391f..bd8680157a 100644
--- a/package/hostapd/files/wpa_supplicant.sh
+++ b/package/hostapd/files/wpa_supplicant.sh
@@ -119,13 +119,13 @@ wpa_supplicant_setup_vif() {
 		;;
 	esac
 
-	local fixed_freq bssid1 beacon_interval brates mrate
+	local fixed_freq bssid1 beacon_int brates mrate
 	config_get ifname "$vif" ifname
 	config_get bridge "$vif" bridge
 	config_get ssid "$vif" ssid
 	config_get bssid "$vif" bssid
 	bssid1=${bssid:+"bssid=$bssid"}
-	beacon_interval=${beacon_int:+"beacon_interval=$beacon_int"}
+	beacon_int=${beacon_int:+"beacon_int=$beacon_int"}
 
 	local br brval brsub brstr
 	[ -n "$basic_rate_list" ] && {
@@ -163,7 +163,7 @@ network={
 	$proto
 	$freq
 	${fixed:+"fixed_freq=1"}
-	$beacon_interval
+	$beacon_int
 	$brates
 	$mrate
 	$ht_str
diff --git a/package/hostapd/files/wps-hotplug.sh b/package/hostapd/files/wps-hotplug.sh
index ffd3cf929b..058264a8db 100644
--- a/package/hostapd/files/wps-hotplug.sh
+++ b/package/hostapd/files/wps-hotplug.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
-	for dir in /var/run/hostapd-*; do
+	for dir in /var/run/hostapd*; do
 		[ -d "$dir" ] || continue
 		hostapd_cli -p "$dir" wps_pbc
 	done