8 files changed, 1069 insertions, 544 deletions
diff --git a/package/base-files/files/sbin/wifi b/package/base-files/files/sbin/wifi
index ef207878be..7663432bd3 100755
--- a/package/base-files/files/sbin/wifi
+++ b/package/base-files/files/sbin/wifi
@@ -2,15 +2,25 @@
 # Copyright (C) 2006 OpenWrt.org
 
 . /lib/functions.sh
+. /usr/share/libubox/jshn.sh
 
 usage() {
 	cat <<EOF
-Usage: $0 [down|detect]
+Usage: $0 [down|detect|reload|status]
 enables (default), disables or detects a wifi configuration.
 EOF
 	exit 1
 }
 
+ubus_wifi_cmd() {
+	local cmd="$1"
+	local dev="$2"
+
+	json_init
+	[ -n "$2" ] && json_add_string device "$2"
+	ubus call network.wireless "$1" "$(json_dump)"
+}
+
 find_net_config() {(
 	local vif="$1"
 	local cfg
@@ -95,11 +105,7 @@ wifi_fixup_hwmode() {
 	config_set "$device" hwmode "$hwmode"
 }
 
-wifi_updown() {
-	[ enable = "$1" ] && {
-		wifi_updown disable "$2"
-		scan_wifi
-	}
+_wifi_updown() {
 	for device in ${2:-$DEVICES}; do (
 		config_get disabled "$device" disabled
 		[ 1 == "$disabled" ] && {
@@ -110,12 +116,29 @@ wifi_updown() {
 		if eval "type ${1}_$iftype" 2>/dev/null >/dev/null; then
 			eval "scan_$iftype '$device'"
 			eval "${1}_$iftype '$device'" || echo "$device($iftype): ${1} failed"
-		else
+		elif [ ! -f /lib/netifd/wireless/$iftype.sh ]; then
 			echo "$device($iftype): Interface type not supported"
 		fi
 	); done
 }
 
+wifi_updown() {
+	cmd=down
+	[ enable = "$1" ] && {
+		_wifi_updown disable "$2"
+		scan_wifi
+		cmd=up
+	}
+	ubus_wifi_cmd "$cmd" "$2"
+	_wifi_updown "$@"
+}
+
+wifi_reload() {
+	_wifi_updown "disable" "$1"
+	scan_wifi
+	_wifi_updown "enable" "$1"
+}
+
 wifi_detect() {
 	for driver in ${2:-$DRIVERS}; do (
 		if eval "type detect_$driver" 2>/dev/null >/dev/null; then
@@ -199,6 +222,8 @@ scan_wifi
 case "$1" in
 	down) wifi_updown "disable" "$2";;
 	detect) wifi_detect "$2";;
+	status) ubus_wifi_cmd "status" "$2";;
+	reload) wifi_reload "$2";;
 	--help|help) usage;;
 	*) wifi_updown "enable" "$2";;
 esac
diff --git a/package/kernel/mac80211/Makefile b/package/kernel/mac80211/Makefile
index aafa28bd1e..21b8bb517c 100644
--- a/package/kernel/mac80211/Makefile
+++ b/package/kernel/mac80211/Makefile
@@ -72,7 +72,7 @@ endef
 define KernelPackage/mac80211
   $(call KernelPackage/mac80211/Default)
   TITLE:=Linux 802.11 Wireless Networking Stack
-  DEPENDS+= +kmod-crypto-core +kmod-crypto-arc4 +kmod-crypto-aes +kmod-cfg80211
+  DEPENDS+= +kmod-crypto-core +kmod-crypto-arc4 +kmod-crypto-aes +kmod-cfg80211 +hostapd-common
   KCONFIG:=\
 	CONFIG_AVERAGE=y
   FILES:= $(PKG_BUILD_DIR)/net/mac80211/mac80211.ko
@@ -1537,8 +1537,9 @@ define KernelPackage/libertas-sd/install
 endef
 
 define KernelPackage/cfg80211/install
-	$(INSTALL_DIR) $(1)/lib/wifi
+	$(INSTALL_DIR) $(1)/lib/wifi $(1)/lib/netifd/wireless
 	$(INSTALL_DATA) ./files/lib/wifi/mac80211.sh $(1)/lib/wifi
+	$(INSTALL_BIN) ./files/lib/netifd/wireless/mac80211.sh $(1)/lib/netifd/wireless
 endef
 
 define KernelPackage/p54-pci/install
diff --git a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh
new file mode 100644
index 0000000000..eefe1fed5d
--- /dev/null
+++ b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh
@@ -0,0 +1,443 @@
+#!/bin/sh
+. /lib/netifd/netifd-wireless.sh
+. /lib/netifd/hostapd.sh
+
+init_wireless_driver "$@"
+
+MP_CONFIG_INT="mesh_retry_timeout mesh_confirm_timeout mesh_holding_timeout mesh_max_peer_links
+	       mesh_max_retries mesh_ttl mesh_element_ttl mesh_hwmp_max_preq_retries
+	       mesh_path_refresh_time mesh_min_discovery_timeout mesh_hwmp_active_path_timeout
+	       mesh_hwmp_preq_min_interval mesh_hwmp_net_diameter_traversal_time mesh_hwmp_rootmode
+	       mesh_hwmp_rann_interval mesh_gate_announcements mesh_sync_offset_max_neighor
+	       mesh_rssi_threshold mesh_hwmp_active_path_to_root_timeout mesh_hwmp_root_interval
+	       mesh_hwmp_confirmation_interval mesh_awake_window mesh_plink_timeout"
+MP_CONFIG_BOOL="mesh_auto_open_plinks mesh_fwding"
+MP_CONFIG_STRING="mesh_power_mode"
+
+drv_mac80211_init_device_config() {
+	hostapd_common_add_device_config
+
+	config_add_string path phy macaddr
+	config_add_string hwmode
+	config_add_int beacon_int chanbw frag rts
+	config_add_int rxantenna txantenna antenna_gain txpower
+	config_add_boolean noscan
+	config_add_array ht_capab
+}
+
+drv_mac80211_init_iface_config() {
+	hostapd_common_add_bss_config
+
+	config_add_string macaddr
+
+	config_add_boolean wds powersave
+	config_add_int maxassoc
+	config_add_int max_listen_int
+	config_add_int dtim_interval
+
+	# mesh
+	config_add_int $MP_CONFIG_INT
+	config_add_boolean $MP_CONFIG_BOOL
+	config_add_string $MP_CONFIG_STRING
+}
+
+mac80211_hostapd_setup_base() {
+	local phy="$1"
+
+	json_select config
+
+	[ "$auto_channel" -gt 0 ] && channel=acs_survey
+
+	[ "$enable_ht" -gt 0 ] && {
+		json_get_vars noscan htmode
+		json_get_values ht_capab_list ht_capab
+
+		append base_cfg "ieee80211n=1" "$N"
+
+		ht_capab=
+		[ -n "$htmode" ] && ht_capab="[$htmode]"
+		for cap in $ht_capab_list; do
+			ht_capab="$ht_capab[$cap]"
+		done
+
+		[ -n "$ht_capab" ] && append base_cfg "ht_capab=$ht_capab" "$N"
+	}
+
+	hostapd_prepare_device_config "$hostapd_conf_file" nl80211
+	cat >> "$hostapd_conf_file" <<EOF
+${channel:+channel=$channel}
+${noscan:+noscan=$noscan}
+$base_cfg
+
+EOF
+	json_select ..
+}
+
+mac80211_hostapd_setup_bss() {
+	local phy="$1"
+	local ifname="$2"
+	local macaddr="$3"
+	local type="$4"
+
+	hostapd_cfg=
+	append hostapd_cfg "$type=$ifname" "$N"
+
+	hostapd_set_bss_options hostapd_cfg "$vif" || return 1
+	json_get_vars wds dtim_period max_listen_int
+
+	[ "$wds" -gt 0 ] && append hostapd_cfg "wds_sta=1" "$N"
+	[ "$staidx" -gt 0 ] && append hostapd_cfg "start_disabled=1" "$N"
+
+	cat >> /var/run/hostapd-$phy.conf <<EOF
+$hostapd_cfg
+bssid=$macaddr
+${dtim_period:+dtim_period=$dtim_period}
+${max_listen_int:+max_listen_interval=$max_listen_int}
+EOF
+}
+
+mac80211_generate_mac() {
+	local phy="$1"
+	local id="${macidx:-0}"
+
+	local ref="$(cat /sys/class/ieee80211/${phy}/macaddress)"
+	local mask="$(cat /sys/class/ieee80211/${phy}/address_mask)"
+
+	[ "$mask" = "00:00:00:00:00:00" ] && mask="ff:ff:ff:ff:ff:ff";
+	local oIFS="$IFS"; IFS=":"; set -- $mask; IFS="$oIFS"
+
+	local mask1=$1
+	local mask6=$6
+
+	local oIFS="$IFS"; IFS=":"; set -- $ref; IFS="$oIFS"
+
+	macidx=$(($id + 1))
+	[ "$((0x$mask1))" -gt 0 ] && {
+		b1="0x$1"
+		[ "$id" -gt 0 ] && \
+			b1=$(($b1 ^ ((($id - 1) << 2) | 0x2)))
+		printf "%02x:%s:%s:%s:%s:%s" $b1 $2 $3 $4 $5 $6
+		return
+	}
+
+	[ "$((0x$mask6))" -lt 255 ] && {
+		printf "%s:%s:%s:%s:%s:%02x" $1 $2 $3 $4 $5 $(( 0x$6 ^ $id ))
+		return
+	}
+
+	off2=$(( (0x$6 + $id) / 0x100 ))
+	printf "%s:%s:%s:%s:%02x:%02x" \
+		$1 $2 $3 $4 \
+		$(( (0x$5 + $off2) % 0x100 )) \
+		$(( (0x$6 + $id) % 0x100 ))
+}
+
+find_phy() {
+	[ -n "$phy" -a -d /sys/class/ieee80211/$phy ] && return 0
+	[ -n "$path" -a -d "/sys/devices/$path/ieee80211" ] && {
+		phy="$(ls /sys/devices/$path/ieee80211 | grep -m 1 phy)"
+		[ -n "$phy" ] && return 0
+	}
+	[ -n "$macaddr" ] && {
+		for phy in $(ls /sys/class/ieee80211 2>/dev/null); do
+			grep -i -q "$macaddr" "/sys/class/ieee80211/${phy}/macaddress" && return 0
+		done
+	}
+	return 1
+}
+
+mac80211_check_ap() {
+	has_ap=1
+}
+
+mac80211_prepare_vif() {
+	json_select config
+
+	json_get_vars ifname mode ssid wds powersave macaddr
+
+	[ -n "$ifname" ] || ifname="wlan${phy#phy}${if_idx:+-$if_idx}"
+	if_idx=$((${if_idx:-0} + 1))
+
+	set_default wds 0
+	set_default powersave 0
+
+	json_select ..
+
+	[ -n "$macaddr" ] || {
+		macaddr="$(mac80211_generate_mac $phy)"
+		macidx="$(($macidx + 1))"
+	}
+
+	json_add_object data
+	json_add_string ifname "$ifname"
+	json_close_object
+	json_select config
+
+	# It is far easier to delete and create the desired interface
+	case "$mode" in
+		adhoc)
+			iw phy "$phy" interface add "$ifname" type adhoc
+		;;
+		ap)
+			# Hostapd will handle recreating the interface and
+			# subsequent virtual APs belonging to the same PHY
+			if [ -n "$hostapd_ctrl" ]; then
+				type=bss
+			else
+				type=interface
+			fi
+
+			mac80211_hostapd_setup_bss "$phy" "$ifname" "$macaddr" "$type" || return
+
+			[ -n "$hostapd_ctrl" ] || {
+				iw phy "$phy" interface add "$ifname" type managed
+				hostapd_ctrl="${hostapd_ctrl:-/var/run/hostapd/$ifname}"
+			}
+		;;
+		mesh)
+			json_get_vars key mesh_id
+			if [ -n "$key" ]; then
+				iw phy "$phy" interface add "$ifname" type mp
+			else
+				iw phy "$phy" interface add "$ifname" type mp mesh_id "$mesh_id"
+			fi
+		;;
+		monitor)
+			iw phy "$phy" interface add "$ifname" type monitor
+		;;
+		sta)
+			local wdsflag=
+			staidx="$(($staidx + 1))"
+			[ "$wds" -gt 0 ] && wdsflag="4addr on"
+			iw phy "$phy" interface add "$ifname" type managed $wdsflag
+			[ "$powersave" -gt 0 ] && powersave="on" || powersave="off"
+			iw "$ifname" set power_save "$powersave"
+		;;
+	esac
+
+	case "$mode" in
+		monitor|mesh)
+			[ "$auto_channel" -gt 0 ] || iw dev "$ifname" set channel "$channel" $htmode
+		;;
+	esac
+
+	if [ "$mode" != "ap" ]; then
+		# ALL ap functionality will be passed to hostapd
+		# All interfaces must have unique mac addresses
+		# which can either be explicitly set in the device
+		# section, or automatically generated
+		ifconfig "$ifname" hw ether "$macaddr"
+	fi
+
+	json_select ..
+}
+
+mac80211_setup_supplicant() {
+	wpa_supplicant_prepare_interface "$ifname" nl80211 || return 1
+	wpa_supplicant_add_network "$ifname"
+	wpa_supplicant_run "$ifname" ${hostapd_ctrl:+-H $hostapd_ctrl}
+}
+
+mac80211_setup_adhoc() {
+	json_get_vars bssid ssid basic_rate key
+
+	keyspec=
+	[ "$auth_type" == "wep" ] && {
+		set_default key 1
+		case "$key" in
+			[1234])
+				local idx
+				for idx in 1 2 3 4; do
+					json_get_var ikey "key$idx"
+
+					[ -n "$ikey" ] && {
+						ikey="$(($idx - 1)):$(prepare_key_wep "$ikey")"
+						[ $idx -eq $key ] && ikey="d:$ikey"
+						append keyspec "$ikey"
+					}
+				done
+			;;
+			*)
+				append keyspec "d:0:$(prepare_key_wep "$key")"
+			;;
+		esac
+	}
+
+	brstr=
+	for br in $basic_rate; do
+		hostapd_add_rate brstr "$br"
+	done
+
+	mcval=
+	[ -n "$mcast_rate" ] && hostapd_add_rate mcval "$mcast_rate"
+
+	iw dev "$ifname" ibss join "$ssid" $freq $htmode \
+		${fixed:+fixed-freq} $bssid \
+		${beacon_int:+beacon-interval $beacon_int} \
+		${brstr:+basic-rates $brstr} \
+		${mcval:+mcast-rate $mcval} \
+		${keyspec:+keys $keyspec}
+}
+
+mac80211_setup_vif() {
+	local name="$1"
+
+	json_select data
+	json_get_vars ifname
+	json_select ..
+
+	json_select config
+	json_get_vars mode
+	json_get_var vif_txpower txpower
+
+	ifconfig "$ifname" up || {
+		wireless_setup_vif_failed IFUP_ERROR
+		json_select ..
+		return
+	}
+
+	set_default vif_txpower "$txpower"
+	[ -z "$vif_txpower" ] || iw dev "$ifname" set txpower fixed "${vif_txpower%%.*}00"
+
+	case "$mode" in
+		mesh)
+			for var in $MP_CONFIG_INT $MP_CONFIG_BOOL $MP_CONFIG_STRING; do
+				json_get_var mp_val "$var"
+				[ -n "$mp_val" ] && iw dev "$ifname" set mesh_param "$var" "$mp_val"
+			done
+			# todo: authsae
+		;;
+		adhoc)
+			wireless_vif_parse_encryption
+			if [ "$wpa" -gt 0 ]; then
+				mac80211_setup_supplicant || failed=1
+			else
+				mac80211_setup_adhoc
+			fi
+		;;
+		sta)
+			mac80211_setup_supplicant || failed=1
+		;;
+	esac
+
+	json_select ..
+	[ -n "$failed" ] || wireless_add_vif "$name" "$ifname"
+}
+
+get_freq() {
+	local phy="$1"
+	local chan="$2"
+	iw "$phy" info | grep -E -m1 "(\* ${chan:-....} MHz${chan:+|\\[$chan\\]})" | grep MHz | awk '{print $2}'
+}
+
+mac80211_interface_cleanup() {
+	local phy="$1"
+
+	for wdev in $(list_phy_interfaces "$phy"); do
+		ifconfig "$wdev" down 2>/dev/null
+		iw dev "$wdev" del
+	done
+}
+
+drv_mac80211_cleanup() {
+	hostapd_common_cleanup
+}
+
+drv_mac80211_setup() {
+	json_select config
+	json_get_vars \
+		phy macaddr path \
+		country chanbw distance \
+		txpower antenna_gain \
+		rxantenna txantenna \
+		frag rts beacon_int
+	json_select ..
+
+	find_phy || {
+		echo "Could not find PHY for device '$1'"
+		wireless_set_retry 0
+		return 1
+	}
+
+	wireless_set_data phy="$phy"
+	mac80211_interface_cleanup "$phy"
+
+	# convert channel to frequency
+	[ "$auto_channel" -gt 0 ] || freq="$(get_freq "$phy" "$channel")"
+
+	[ -n "$country" ] && {
+		iw reg get | grep -q "^country $country:" || {
+			iw reg set "$country"
+			sleep 1
+		}
+	}
+
+	hostapd_conf_file="/var/run/hostapd-$phy.conf"
+
+	no_ap=1
+	macidx=0
+	staidx=0
+
+	[ -n "$chanbw" ] && {
+		for file in /sys/kernel/debug/ieee80211/$phy/ath9k/chanbw /sys/kernel/debug/ieee80211/$phy/ath5k/bwmode; do
+			[ -f "$file" ] && echo "$chanbw" > "$file"
+		done
+	}
+
+	set_default rxantenna all
+	set_default txantenna all
+	set_default distance 0
+	set_default antenna_gain 0
+
+	iw phy "$phy" set antenna $txantenna $rxantenna >/dev/null 2>&1
+	iw phy "$phy" set antenna_gain $antenna_gain
+	iw phy "$phy" set distance "$distance"
+
+	[ -n "$frag" ] && iw phy "$phy" set frag "${frag%%.*}"
+	[ -n "$rts" ] && iw phy "$phy" set rts "${rts%%.*}"
+
+	has_ap=
+	hostapd_ctrl=
+	for_each_interface "ap" mac80211_check_ap
+
+	rm -f "$hostapd_conf_file"
+	[ -n "$has_ap" ] && mac80211_hostapd_setup_base "$phy"
+
+	for_each_interface "sta adhoc mesh monitor" mac80211_prepare_vif
+	for_each_interface "ap" mac80211_prepare_vif
+
+	[ -n "$hostapd_ctrl" ] && {
+		/usr/sbin/hostapd -P /var/run/wifi-$phy.pid -B "$hostapd_conf_file"
+		ret="$?"
+		wireless_add_process "$(cat /var/run/wifi-$phy.pid)" "/usr/sbin/hostapd" 1
+		[ "$ret" != 0 ] && {
+			wireless_setup_failed HOSTAPD_START_FAILED
+			return
+		}
+	}
+
+	for_each_interface "ap sta adhoc mesh monitor" mac80211_setup_vif
+
+	wireless_set_up
+}
+
+list_phy_interfaces() {
+	local phy="$1"
+	if [ -d "/sys/class/ieee80211/${phy}/device/net" ]; then
+		ls "/sys/class/ieee80211/${phy}/device/net" 2>/dev/null;
+	else
+		ls "/sys/class/ieee80211/${phy}/device" 2>/dev/null | grep net: | sed -e 's,net:,,g'
+	fi
+}
+
+drv_mac80211_teardown() {
+	wireless_process_kill_all
+
+	json_select data
+	json_get_vars phy
+	json_select ..
+
+	mac80211_interface_cleanup "$phy"
+}
+
+add_driver mac80211
diff --git a/package/kernel/mac80211/files/lib/wifi/mac80211.sh b/package/kernel/mac80211/files/lib/wifi/mac80211.sh
index 1994ca38d4..e33b09abb2 100644
--- a/package/kernel/mac80211/files/lib/wifi/mac80211.sh
+++ b/package/kernel/mac80211/files/lib/wifi/mac80211.sh
@@ -1,166 +1,6 @@
 #!/bin/sh
 append DRIVERS "mac80211"
 
-mac80211_hostapd_setup_base() {
-	local phy="$1"
-	local ifname="$2"
-
-	cfgfile="/var/run/hostapd-$phy.conf"
-
-	config_get device "$vif" device
-	config_get country "$device" country
-	config_get hwmode "$device" hwmode
-	config_get channel "$device" channel
-	config_get beacon_int "$device" beacon_int
-	config_get basic_rate_list "$device" basic_rate
-	config_get_bool noscan "$device" noscan
-
-	hostapd_set_log_options base_cfg "$device"
-
-	[ -n "$channel" -a -z "$hwmode" ] && wifi_fixup_hwmode "$device"
-
-	hostapd_channel=$channel
-	[ "$channel" = auto -o "$channel" = 0 ] && hostapd_channel=acs_survey
-
-	[ -n "$hwmode" ] && {
-		config_get hwmode_11n "$device" hwmode_11n
-		[ -n "$hwmode_11n" ] && {
-			hwmode="$hwmode_11n"
-			append base_cfg "ieee80211n=1" "$N"
-			config_get htmode "$device" htmode
-			config_get ht_capab_list "$device" ht_capab
-			case "$htmode" in
-				HT20|HT40+|HT40-) ht_capab="[$htmode]";;
-				*)ht_capab=;;
-			esac
-			for cap in $ht_capab_list; do
-				ht_capab="$ht_capab[$cap]"
-			done
-			[ -n "$ht_capab" ] && append base_cfg "ht_capab=$ht_capab" "$N"
-		}
-	}
-
-	local country_ie=0
-	[ -n "$country" ] && country_ie=1
-	config_get_bool country_ie "$device" country_ie "$country_ie"
-	[ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N"
-
-	local br brval brstr
-	[ -n "$basic_rate_list" ] && {
-		for br in $basic_rate_list; do
-			brval="$(($br / 100))"
-			[ -n "$brstr" ] && brstr="$brstr "
-			brstr="$brstr$brval"
-		done
-	}
-
-	cat >> "$cfgfile" <<EOF
-ctrl_interface=/var/run/hostapd-$phy
-driver=nl80211
-wmm_ac_bk_cwmin=4
-wmm_ac_bk_cwmax=10
-wmm_ac_bk_aifs=7
-wmm_ac_bk_txop_limit=0
-wmm_ac_bk_acm=0
-wmm_ac_be_aifs=3
-wmm_ac_be_cwmin=4
-wmm_ac_be_cwmax=10
-wmm_ac_be_txop_limit=0
-wmm_ac_be_acm=0
-wmm_ac_vi_aifs=2
-wmm_ac_vi_cwmin=3
-wmm_ac_vi_cwmax=4
-wmm_ac_vi_txop_limit=94
-wmm_ac_vi_acm=0
-wmm_ac_vo_aifs=2
-wmm_ac_vo_cwmin=2
-wmm_ac_vo_cwmax=3
-wmm_ac_vo_txop_limit=47
-wmm_ac_vo_acm=0
-tx_queue_data3_aifs=7
-tx_queue_data3_cwmin=15
-tx_queue_data3_cwmax=1023
-tx_queue_data3_burst=0
-tx_queue_data2_aifs=3
-tx_queue_data2_cwmin=15
-tx_queue_data2_cwmax=63
-tx_queue_data2_burst=0
-tx_queue_data1_aifs=1
-tx_queue_data1_cwmin=7
-tx_queue_data1_cwmax=15
-tx_queue_data1_burst=3.0
-tx_queue_data0_aifs=1
-tx_queue_data0_cwmin=3
-tx_queue_data0_cwmax=7
-tx_queue_data0_burst=1.5
-${hwmode:+hw_mode=$hwmode}
-${hostapd_channel:+channel=$hostapd_channel}
-${beacon_int:+beacon_int=$beacon_int}
-${country:+country_code=$country}
-${noscan:+noscan=$noscan}
-${brstr:+basic_rates=$brstr}
-$base_cfg
-
-EOF
-}
-
-mac80211_hostapd_setup_bss() {
-	local phy="$1"
-	local vif="$2"
-	local staidx="$3"
-
-	hostapd_cfg=
-	cfgfile="/var/run/hostapd-$phy.conf"
-	config_get ifname "$vif" ifname
-
-	if [ -f "$cfgfile" ]; then
-		append hostapd_cfg "bss=$ifname" "$N"
-	else
-		mac80211_hostapd_setup_base "$phy" "$ifname"
-		append hostapd_cfg "interface=$ifname" "$N"
-	fi
-
-	local net_cfg bridge
-	net_cfg="$(find_net_config "$vif")"
-	[ -z "$net_cfg" ] || bridge="$(bridge_interface "$net_cfg")"
-	config_set "$vif" bridge "$bridge"
-
-	hostapd_set_bss_options hostapd_cfg "$vif"
-
-	config_get_bool wds "$vif" wds 0
-	[ "$wds" -gt 0 ] && append hostapd_cfg "wds_sta=1" "$N"
-
-	[ "$staidx" -gt 0 ] && append hostapd_cfg "start_disabled=1" "$N"
-
-	local macaddr hidden maxassoc wmm
-	config_get macaddr "$vif" macaddr
-	config_get maxassoc "$vif" maxassoc
-	config_get dtim_period "$vif" dtim_period
-	config_get max_listen_int "$vif" max_listen_int
-	config_get_bool hidden "$vif" hidden 0
-	config_get_bool wmm "$vif" wmm 1
-	cat >> /var/run/hostapd-$phy.conf <<EOF
-$hostapd_cfg
-wmm_enabled=$wmm
-bssid=$macaddr
-ignore_broadcast_ssid=$hidden
-${dtim_period:+dtim_period=$dtim_period}
-${max_listen_int:+max_listen_interval=$max_listen_int}
-${maxassoc:+max_num_sta=$maxassoc}
-EOF
-}
-
-mac80211_start_vif() {
-	local vif="$1"
-	local ifname="$2"
-
-	local net_cfg
-	net_cfg="$(find_net_config "$vif")"
-	[ -z "$net_cfg" ] || start_net "$ifname" "$net_cfg"
-
-	set_wifi_up "$vif" "$ifname"
-}
-
 lookup_phy() {
 	[ -n "$phy" ] && {
 		[ -d /sys/class/ieee80211/$phy ] && return
@@ -204,378 +44,6 @@ find_mac80211_phy() {
 	return 0
 }
 
-scan_mac80211() {
-	local device="$1"
-	local adhoc sta ap monitor mesh disabled
-
-	config_get vifs "$device" vifs
-	for vif in $vifs; do
-		config_get_bool disabled "$vif" disabled 0
-		[ $disabled = 0 ] || continue
-
-		config_get mode "$vif" mode
-		case "$mode" in
-			adhoc|sta|ap|monitor|mesh)
-				append $mode "$vif"
-			;;
-			*) echo "$device($vif): Invalid mode, ignored."; continue;;
-		esac
-	done
-
-	config_set "$device" vifs "${ap:+$ap }${adhoc:+$adhoc }${sta:+$sta }${monitor:+$monitor }${mesh:+$mesh}"
-}
-
-list_phy_interfaces() {
-	local phy="$1"
-	if [ -d "/sys/class/ieee80211/${phy}/device/net" ]; then
-		ls "/sys/class/ieee80211/${phy}/device/net" 2>/dev/null;
-	else
-		ls "/sys/class/ieee80211/${phy}/device" 2>/dev/null | grep net: | sed -e 's,net:,,g'
-	fi
-}
-
-disable_mac80211() (
-	local device="$1"
-
-	find_mac80211_phy "$device" || return 0
-	config_get phy "$device" phy
-
-	set_wifi_down "$device"
-	# kill all running hostapd and wpa_supplicant processes that
-	# are running on atheros/mac80211 vifs
-	for pid in `pidof hostapd`; do
-		grep -E "$phy" /proc/$pid/cmdline >/dev/null && \
-			kill $pid
-	done
-
-	include /lib/network
-	for wdev in $(list_phy_interfaces "$phy"); do
-		[ -f "/var/run/$wdev.pid" ] && kill $(cat /var/run/$wdev.pid) >&/dev/null 2>&1
-		for pid in `pidof wpa_supplicant meshd-nl80211`; do
-			grep "$wdev" /proc/$pid/cmdline >/dev/null && \
-				kill $pid
-		done
-		ifconfig "$wdev" down 2>/dev/null
-		unbridge "$dev"
-		iw dev "$wdev" del
-	done
-
-	return 0
-)
-
-get_freq() {
-	local phy="$1"
-	local chan="$2"
-	iw "$phy" info | grep -E -m1 "(\* ${chan:-....} MHz${chan:+|\\[$chan\\]})" | grep MHz | awk '{print $2}'
-}
-
-mac80211_generate_mac() {
-	local id="$1"
-	local ref="$2"
-	local mask="$3"
-
-	[ "$mask" = "00:00:00:00:00:00" ] && mask="ff:ff:ff:ff:ff:ff";
-	local oIFS="$IFS"; IFS=":"; set -- $mask; IFS="$oIFS"
-
-	local mask1=$1
-	local mask6=$6
-
-	local oIFS="$IFS"; IFS=":"; set -- $ref; IFS="$oIFS"
-	[ "$((0x$mask1))" -gt 0 ] && {
-		b1="0x$1"
-		[ "$id" -gt 0 ] && \
-			b1=$(($b1 ^ ((($id - 1) << 2) | 0x2)))
-		printf "%02x:%s:%s:%s:%s:%s" $b1 $2 $3 $4 $5 $6
-		return
-	}
-
-	[ "$((0x$mask6))" -lt 255 ] && {
-		printf "%s:%s:%s:%s:%s:%02x" $1 $2 $3 $4 $5 $(( 0x$6 ^ $id ))
-		return
-	}
-
-	off2=$(( (0x$6 + $id) / 0x100 ))
-	printf "%s:%s:%s:%s:%02x:%02x" \
-		$1 $2 $3 $4 \
-		$(( (0x$5 + $off2) % 0x100 )) \
-		$(( (0x$6 + $id) % 0x100 ))
-}
-
-enable_mac80211() {
-	local device="$1"
-	config_get channel "$device" channel
-	config_get vifs "$device" vifs
-	config_get txpower "$device" txpower
-	config_get country "$device" country
-	config_get distance "$device" distance
-	config_get txantenna "$device" txantenna all
-	config_get rxantenna "$device" rxantenna all
-	config_get antenna_gain "$device" antenna_gain 0
-	config_get frag "$device" frag
-	config_get rts "$device" rts
-	find_mac80211_phy "$device" || return 0
-	config_get phy "$device" phy
-	local i=0
-	local macidx=0
-	local apidx=0
-	local staidx=0
-	fixed=""
-	local hostapd_ctrl=""
-
-	[ -n "$country" ] && {
-		iw reg get | grep -q "^country $country:" || {
-			iw reg set "$country"
-			sleep 1
-		}
-	}
-
-	config_get chanbw "$device" chanbw
-	[ -n "$chanbw" -a -d /sys/kernel/debug/ieee80211/$phy/ath9k ] && echo "$chanbw" > /sys/kernel/debug/ieee80211/$phy/ath9k/chanbw
-	[ -n "$chanbw" -a -d /sys/kernel/debug/ieee80211/$phy/ath5k ] && echo "$chanbw" > /sys/kernel/debug/ieee80211/$phy/ath5k/bwmode
-
-	[ "$channel" = "auto" -o "$channel" = "0" ] || {
-		fixed=1
-	}
-
-	iw phy "$phy" set antenna $txantenna $rxantenna >/dev/null 2>&1
-	iw phy "$phy" set antenna_gain $antenna_gain
-
-	[ -n "$distance" ] && iw phy "$phy" set distance "$distance"
-	[ -n "$frag" ] && iw phy "$phy" set frag "${frag%%.*}"
-	[ -n "$rts" ] && iw phy "$phy" set rts "${rts%%.*}"
-
-	export channel fixed
-	# convert channel to frequency
-	local freq="$(get_freq "$phy" "${fixed:+$channel}")"
-
-	wifi_fixup_hwmode "$device" "g"
-	for vif in $vifs; do
-		config_get ifname "$vif" ifname
-		[ -n "$ifname" ] || {
-			[ $i -gt 0 ] && ifname="wlan${phy#phy}-$i" || ifname="wlan${phy#phy}"
-		}
-		config_set "$vif" ifname "$ifname"
-
-		config_get mode "$vif" mode
-		config_get ssid "$vif" ssid
-
-		# It is far easier to delete and create the desired interface
-		case "$mode" in
-			adhoc)
-				iw phy "$phy" interface add "$ifname" type adhoc
-			;;
-			ap)
-				# Hostapd will handle recreating the interface and
-				# it's accompanying monitor
-				apidx="$(($apidx + 1))"
-				[ "$apidx" -gt 1 ] || iw phy "$phy" interface add "$ifname" type managed
-			;;
-			mesh)
-				config_get key "$vif" key ""
-				if [ -n "$key" ]; then
-					iw phy "$phy" interface add "$ifname" type mp
-				else
-					config_get mesh_id "$vif" mesh_id
-					iw phy "$phy" interface add "$ifname" type mp mesh_id "$mesh_id"
-				fi
-			;;
-			monitor)
-				iw phy "$phy" interface add "$ifname" type monitor
-			;;
-			sta)
-				local wdsflag
-				staidx="$(($staidx + 1))"
-				config_get_bool wds "$vif" wds 0
-				[ "$wds" -gt 0 ] && wdsflag="4addr on"
-				iw phy "$phy" interface add "$ifname" type managed $wdsflag
-				config_get_bool powersave "$vif" powersave 0
-				[ "$powersave" -gt 0 ] && powersave="on" || powersave="off"
-				iw "$ifname" set power_save "$powersave"
-			;;
-		esac
-
-		# All interfaces must have unique mac addresses
-		# which can either be explicitly set in the device
-		# section, or automatically generated
-		config_get macaddr "$device" macaddr
-		config_get vif_mac "$vif" macaddr
-		[ -n "$vif_mac" ] || {
-			vif_mac="$(mac80211_generate_mac $macidx $macaddr $(cat /sys/class/ieee80211/${phy}/address_mask))"
-			macidx="$(($macidx + 1))"
-		}
-		[ "$mode" = "ap" ] || ifconfig "$ifname" hw ether "$vif_mac"
-		config_set "$vif" macaddr "$vif_mac"
-
-		# !! ap !!
-		#
-		# ALL ap functionality will be passed to hostapd
-		#
-		# !! station !!
-		#
-		# ALL station functionality will be passed to wpa_supplicant
-		#
-		if [ ! "$mode" = "ap" ]; then
-			# We attempt to set the channel for all interfaces, although
-			# mac80211 may not support it or the driver might not yet
-			# for ap mode this is handled by hostapd
-			config_get htmode "$device" htmode
-			case "$htmode" in
-				HT20|HT40+|HT40-) ;;
-				*) htmode= ;;
-			esac
-			[ -n "$fixed" -a -n "$channel" ] && iw dev "$ifname" set channel "$channel" $htmode
-		fi
-
-		i=$(($i + 1))
-	done
-
-	local start_hostapd=
-	rm -f /var/run/hostapd-$phy.conf
-	for vif in $vifs; do
-		config_get mode "$vif" mode
-		case "$mode" in
-			ap)
-				mac80211_hostapd_setup_bss "$phy" "$vif" "$staidx"
-				start_hostapd=1
-			;;
-			mesh)
-				config_get key "$vif" key ""
-				[ -n "$key" ] && authsae_start_interface "$device" "$vif"
-			;;
-		esac
-	done
-
-	[ -n "$start_hostapd" ] && {
-		hostapd -P /var/run/wifi-$phy.pid -B /var/run/hostapd-$phy.conf || {
-			echo "Failed to start hostapd for $phy"
-			return
-		}
-		sleep 2
-
-		for vif in $vifs; do
-			config_get mode "$vif" mode
-			config_get ifname "$vif" ifname
-			[ "$mode" = "ap" ] || continue
-			hostapd_ctrl="${hostapd_ctrl:-/var/run/hostapd-$phy/$ifname}"
-			mac80211_start_vif "$vif" "$ifname"
-		done
-	}
-
-	for vif in $vifs; do
-		config_get mode "$vif" mode
-		config_get ifname "$vif" ifname
-		[ "$mode" = "ap" ] || ifconfig "$ifname" up
-
-		config_get vif_txpower "$vif" txpower
-		# use vif_txpower (from wifi-iface) to override txpower (from
-		# wifi-device) if the latter doesn't exist
-		txpower="${txpower:-$vif_txpower}"
-		[ -z "$txpower" ] || iw dev "$ifname" set txpower fixed "${txpower%%.*}00"
-
-		case "$mode" in
-			adhoc)
-				config_get bssid "$vif" bssid
-				config_get ssid "$vif" ssid
-				config_get beacon_int "$device" beacon_int
-				config_get basic_rate_list "$device" basic_rate
-				config_get encryption "$vif" encryption
-				config_get key "$vif" key 1
-				config_get mcast_rate "$vif" mcast_rate
-				config_get htmode "$device" htmode
-				case "$htmode" in
-					HT20|HT40+|HT40-) ;;
-					*) htmode= ;;
-				esac
-
-
-				local keyspec=""
-				[ "$encryption" == "psk" -o "$encryption" == "psk2" ] && {
-					if eval "type wpa_supplicant_setup_vif" 2>/dev/null >/dev/null; then
-						wpa_supplicant_setup_vif "$vif" nl80211 "${hostapd_ctrl:+-H $hostapd_ctrl}" $freq $htmode || {
-							echo "enable_mac80211($device): Failed to set up wpa_supplicant for interface $ifname" >&2
-							# make sure this wifi interface won't accidentally stay open without encryption
-							ifconfig "$ifname" down
-						}
-						mac80211_start_vif "$vif" "$ifname"
-						continue
-					fi
-				}
-
-				[ "$encryption" == "wep" ] && {
-					case "$key" in
-						[1234])
-							local idx
-							for idx in 1 2 3 4; do
-								local ikey
-								config_get ikey "$vif" "key$idx"
-
-								[ -n "$ikey" ] && {
-									ikey="$(($idx - 1)):$(prepare_key_wep "$ikey")"
-									[ $idx -eq $key ] && ikey="d:$ikey"
-									append keyspec "$ikey"
-								}
-							done
-						;;
-						*) append keyspec "d:0:$(prepare_key_wep "$key")" ;;
-					esac
-				}
-
-				local br brval brsub brstr
-				[ -n "$basic_rate_list" ] && {
-					for br in $basic_rate_list; do
-						brval="$(($br / 1000))"
-						brsub="$((($br / 100) % 10))"
-						[ "$brsub" -gt 0 ] && brval="$brval.$brsub"
-						[ -n "$brstr" ] && brstr="$brstr,"
-						brstr="$brstr$brval"
-					done
-				}
-
-				local mcval=""
-				[ -n "$mcast_rate" ] && {
-					mcval="$(($mcast_rate / 1000))"
-					mcsub="$(( ($mcast_rate / 100) % 10 ))"
-					[ "$mcsub" -gt 0 ] && mcval="$mcval.$mcsub"
-				}
-
-				iw dev "$ifname" ibss join "$ssid" $freq $htmode \
-					${fixed:+fixed-freq} $bssid \
-					${beacon_int:+beacon-interval $beacon_int} \
-					${brstr:+basic-rates $brstr} \
-					${mcval:+mcast-rate $mcval} \
-					${keyspec:+keys $keyspec}
-			;;
-			mesh)
-				mp_list="mesh_retry_timeout mesh_confirm_timeout mesh_holding_timeout mesh_max_peer_links
-					mesh_max_retries mesh_ttl mesh_element_ttl mesh_auto_open_plinks mesh_hwmp_max_preq_retries
-					mesh_path_refresh_time mesh_min_discovery_timeout mesh_hwmp_active_path_timeout
-					mesh_hwmp_preq_min_interval mesh_hwmp_net_diameter_traversal_time mesh_hwmp_rootmode
-					mesh_hwmp_rann_interval mesh_gate_announcements mesh_fwding mesh_sync_offset_max_neighor
-					mesh_rssi_threshold mesh_hwmp_active_path_to_root_timeout mesh_hwmp_root_interval
-					mesh_hwmp_confirmation_interval mesh_power_mode mesh_awake_window"
-				for mp in $mp_list
-				do
-					config_get mp_val "$vif" "$mp" ""
-					[ -n "$mp_val" ] && iw dev "$ifname" set mesh_param "$mp" "$mp_val"
-				done
-			;;
-			sta)
-				if eval "type wpa_supplicant_setup_vif" 2>/dev/null >/dev/null; then
-					wpa_supplicant_setup_vif "$vif" nl80211 "${hostapd_ctrl:+-H $hostapd_ctrl}" || {
-						echo "enable_mac80211($device): Failed to set up wpa_supplicant for interface $ifname" >&2
-						# make sure this wifi interface won't accidentally stay open without encryption
-						ifconfig "$ifname" down
-						continue
-					}
-				fi
-			;;
-		esac
-		[ "$mode" = "ap" ] || mac80211_start_vif "$vif" "$ifname"
-	done
-
-}
-
-
 check_mac80211_device() {
 	config_get phy "$1" phy
 	[ -z "$phy" ] && {
diff --git a/package/network/config/netifd/Makefile b/package/network/config/netifd/Makefile
index ee4f381368..1bcd2be3e1 100644
--- a/package/network/config/netifd/Makefile
+++ b/package/network/config/netifd/Makefile
@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netifd
-PKG_VERSION:=2013-10-31
+PKG_VERSION:=2013-12-02
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=git://nbd.name/luci2/netifd.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=199723ed921160c029a0d15fa95914ddfcdc5cb9
+PKG_SOURCE_VERSION:=29db00ed0efb251bd88ecce298356f2702b6cee1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org>
 # PKG_MIRROR_MD5SUM:=
diff --git a/package/network/config/netifd/files/etc/init.d/network b/package/network/config/netifd/files/etc/init.d/network
index f54d69b472..8b2d368d6a 100755
--- a/package/network/config/netifd/files/etc/init.d/network
+++ b/package/network/config/netifd/files/etc/init.d/network
@@ -18,7 +18,7 @@ start_service() {
 
 reload_service() {
 	ubus call network reload
-	/sbin/wifi up
+	/sbin/wifi reload
 }
 
 stop_service() {
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 896a6373bd..05a74bb3b8 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -208,6 +208,11 @@ define Package/wpa-cli/Description
   WPA Supplicant control utility
 endef
 
+define Package/hostapd-common
+  TITLE:=hostapd/wpa_supplicant common support files
+  SECTION:=net
+  CATEGORY:=Network
+endef
 
 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
   define Build/Configure/rebuild
@@ -309,6 +314,11 @@ define Install/supplicant
 	$(INSTALL_DIR) $(1)/usr/sbin
 endef
 
+define Package/hostapd-common/install
+	$(INSTALL_DIR) $(1)/lib/netifd
+	$(INSTALL_DATA) ./files/netifd.sh $(1)/lib/netifd/hostapd.sh
+endef
+
 define Package/hostapd/install
 	$(call Install/hostapd,$(1))
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/
@@ -355,3 +365,4 @@ $(eval $(call BuildPackage,wpa-supplicant-mini))
 $(eval $(call BuildPackage,wpa-supplicant-p2p))
 $(eval $(call BuildPackage,wpa-cli))
 $(eval $(call BuildPackage,hostapd-utils))
+$(eval $(call BuildPackage,hostapd-common))
diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh
new file mode 100644
index 0000000000..020c41fd03
--- /dev/null
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -0,0 +1,577 @@
+hostapd_add_rate() {
+	local var="$1"
+	local val="$(($2 / 1000))"
+	local sub="$((($2 / 100) % 10))"
+	append $var "$val" ","
+	[ $sub -gt 0 ] && append $var "."
+}
+
+hostapd_append_wep_key() {
+	local var="$1"
+
+	wep_keyidx=0
+	set_default key 1
+	case "$key" in
+		[1234])
+			for idx in 1 2 3 4; do
+				local zidx
+				zidx=$(($idx - 1))
+				json_get_var ckey "key${idx}"
+				[ -n "$ckey" ] && \
+					append network_data "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T"
+			done
+			wep_keyidx=$((key - 1))
+		;;
+		*)
+			append network_data "wep_key0=$(prepare_key_wep "$key")" "$N$T"
+		;;
+	esac
+}
+
+hostapd_add_log_config() {
+	config_add_boolean \
+		log_80211 \
+		log_8021x \
+		log_radius \
+		log_wpa \
+		log_driver \
+		log_iapp \
+		log_mlme
+
+	config_add_int log_level
+}
+
+hostapd_common_add_device_config() {
+	config_add_array basic_rate
+
+	config_add_string country
+	config_add_boolean country_ie
+
+	hostapd_add_log_config
+}
+
+hostapd_prepare_device_config() {
+	local config="$1"
+	local driver="$2"
+
+	local base="${config%%.conf}"
+	local base_cfg=
+
+	json_get_vars country country_ie beacon_int basic_rate
+
+	hostapd_set_log_options base_cfg
+
+	set_default country_ie 1
+	[ -n "$country" ] && {
+		append base_cfg "country_code=$country" "$N"
+		[ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N"
+	}
+	[ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N"
+
+	local brlist= br
+	for br in $basic_rate_list; do
+		hostapd_add_rate brlist "$br"
+	done
+	[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
+	[ -n "$beacon_int" ] && append base_cfg "beacon_int=$beacon_int" "$N"
+
+	cat > "$config" <<EOF
+driver=$driver
+$base_cfg
+EOF
+}
+
+hostapd_common_add_bss_config() {
+	config_add_string bssid ssid
+	config_add_boolean wds
+
+	config_add_int maxassoc max_inactivity
+	config_add_boolean disassoc_low_ack ap_isolate short_preamble
+
+	config_add_int \
+		wep_rekey eap_reauth_period \
+		wpa_group_rekey wpa_pair_rekey wpa_master_rekey
+
+	config_add_boolean rsn_preauth auth_cache
+	config_add_int ieee80211w
+
+	config_add_string auth_server server
+	config_add_string auth_secret
+	config_add_int auth_port port
+
+	config_add_string acct_server
+	config_add_string acct_secret
+	config_add_int acct_port
+
+	config_add_string dae_client
+	config_add_string dae_secret
+	config_add_int dae_port
+
+	config_add_string nasid
+	config_add_string iapp_interface
+	config_add_string eap_type ca_cert client_cert identity auth priv_key priv_key_pwd
+
+	config_add_string key1 key2 key3 key4 password
+
+	config_add_boolean wps_pushbutton wps_label ext_registrar
+	config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
+
+	config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
+
+	config_add_string macfilter macfile
+	config_add_array maclist
+
+	config_add_int mcast_rate
+	config_add_array basic_rate
+}
+
+hostapd_set_bss_options() {
+	local var="$1"
+	local phy="$2"
+	local vif="$3"
+
+	wireless_vif_parse_encryption
+
+	local bss_conf
+	local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey
+
+	json_get_vars \
+		wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
+		maxassoc max_inactivity disassoc_low_ack ap_isolate auth_cache \
+		wps_pushbutton wps_label ext_registrar \
+		wps_device_type wps_device_name wps_manufacturer wps_pin \
+		macfilter ssid wmm hidden
+
+	set_default ap_isolate 0
+	set_default maxassoc 0
+	set_default max_inactivity 0
+	set_default short_preamble 1
+	set_default disassoc_low_ack 1
+	set_default hidden 0
+	set_default wmm 1
+
+	append bss_conf "ctrl_interface=/var/run/hostapd"
+	if [ "$ap_isolate" -gt 0 ]; then
+		append bss_conf "ap_isolate=$ap_isolate" "$N"
+	fi
+	if [ "$maxassoc" -gt 0 ]; then
+		append bss_conf "max_num_sta=$maxassoc" "$N"
+	fi
+	if [ "$max_inactivity" -gt 0 ]; then
+		append bss_conf "ap_max_inactivity=$max_inactivity" "$N"
+	fi
+
+	append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N"
+	append bss_conf "preamble=$short_preamble" "$N"
+	append bss_conf "wmm_enabled=$wmm" "$N"
+	append bss_conf "ignore_broadcast_ssid=$hidden" "$N"
+
+	[ "$wpa" -gt 0 ] && {
+		[ -n "$wpa_group_rekey"  ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N"
+		[ -n "$wpa_pair_rekey"   ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey"    "$N"
+		[ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey"  "$N"
+	}
+
+	case "$auth_type" in
+		none)
+			wps_possible=1
+			# Here we make the assumption that if we're in open mode
+			# with WPS enabled, we got to be in unconfigured state.
+			wps_not_configured=1
+		;;
+		psk)
+			json_get_vars key
+			if [ ${#key} -lt 8 ]; then
+				wireless_setup_vif_failed INVALID_WPA_PSK
+				return 1
+			elif [ ${#key} -eq 64 ]; then
+				append bss_conf "wpa_psk=$key" "$N"
+			else
+				append bss_conf "wpa_passphrase=$key" "$N"
+			fi
+			wps_possible=1
+		;;
+		eap)
+			json_get_vars \
+				auth_server auth_secret auth_port \
+				acct_server acct_secret acct_port \
+				dae_client dae_secret dae_port \
+				nasid rsn_preauth iapp_interface \
+				eap_reauth_period
+
+			# legacy compatibility
+			[ -n "$auth_server" ] || json_get_var auth_server server
+			[ -n "$auth_port" ] || json_get_var auth_port port
+			[ -n "$auth_secret" ] || json_get_var auth_secret key
+
+			set_default auth_port 1812
+			set_default acct_port 1813
+			set_default dae_port 3799
+
+			append bss_conf "auth_server_addr=$auth_server" "$N"
+			append bss_conf "auth_server_port=$auth_port" "$N"
+			append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
+
+			[ -n "$acct_server" ] && {
+				append bss_conf "acct_server_addr=$acct_server" "$N"
+				append bss_conf "acct_server_port=$acct_port" "$N"
+				[ -n "$acct_secret" ] && \
+					append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
+			}
+
+			[ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N"
+
+			[ -n "$dae_client" -a -n "$dae_secret" ] && {
+				append bss_conf "radius_das_port=$dae_port" "$N"
+				append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
+			}
+
+			append bss_conf "nas_identifier=$nasid" "$N"
+			append bss_conf "eapol_key_index_workaround=1" "$N"
+			append bss_conf "ieee8021x=1" "$N"
+			append bss_conf "wpa_key_mgmt=WPA-EAP" "$N"
+		;;
+		wep)
+			local wep_keyidx=0
+			hostapd_append_wep_key network_data
+			append bss_conf "wep_default_key=$wep_key" "$N"
+			[ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" "$N"
+		;;
+	esac
+
+	local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open))
+	append bss_conf "auth_algs=${auth_algs:-1}" "$N"
+	append bss_conf "wpa=$wpa" "$N"
+	[ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N"
+
+	set_default wps_pushbutton 0
+	set_default wps_label 0
+
+	config_methods=
+	[ "$wps_pushbutton" -gt 0 ] && append config_methods push_button
+	[ "$wps_label" -gt 0 ] && append config_methods label
+
+	[ -n "$wps_possible" -a -n "$config_methods" ] && {
+		set_default ext_registrar 0
+		set_default wps_device_type "6-0050F204-1"
+		set_default wps_device_name "OpenWrt AP"
+		set_default wps_manufacturer "openwrt.org"
+		set_default wps_pin "12345670"
+
+		wps_state=2
+		[ -n "$wps_configured" ] && wps_state=1
+
+		[ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append bss_conf "upnp_iface=$bridge" "$N"
+
+		append bss_conf "eap_server=1" "$N"
+		append bss_conf "ap_pin=$wps_pin" "$N"
+		append bss_conf "wps_state=$wps_state" "$N"
+		append bss_conf "ap_setup_locked=0" "$N"
+		append bss_conf "device_type=$wps_device_type" "$N"
+		append bss_conf "device_name=$wps_device_name" "$N"
+		append bss_conf "manufacturer=$wps_manufacturer" "$N"
+		append bss_conf "config_methods=$config_methods" "$N"
+	}
+
+	append bss_conf "ssid=$ssid" "$N"
+	[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
+	[ -n "$iapp_interface" ] &&  {
+		iapp_interface="$(uci_get_state network "$iapp_interface" ifname "$iapp_interface")"
+		[ -n "$iapp_interface" ] && append bss_conf "iapp_interface=$iapp_interface" "$N"
+	}
+
+	if [ "$wpa" -ge "2" ]; then
+		if [ -n "$bridge" -a "$rsn_preauth" = 1 ]; then
+			set_default auth_cache 1
+			append bss_conf "rsn_preauth=1" "$N"
+			append bss_conf "rsn_preauth_interfaces=$bridge" "$N"
+		else
+			set_default auth_cache 0
+		fi
+
+		append bss_conf "okc=$auth_cache" "$N"
+		[ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N"
+
+		# RSN -> allow management frame protection
+		json_get_var ieee80211w
+		case "$ieee80211w" in
+			[012])
+				json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout
+				append bss_conf "ieee80211w=$ieee80211w" "$N"
+				[ "$ieee80211w" -gt "0" ] && {
+					[ -n "$ieee80211w_max_timeout" ] && \
+						append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
+					[ -n "$ieee80211w_retry_timeout" ] && \
+						append bss_conf "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
+				}
+			;;
+		esac
+	fi
+
+	_macfile="/var/run/hostapd-$phy-$ifname.maclist"
+	case "$macfilter" in
+		allow)
+			append bss_conf "macaddr_acl=1" "$N"
+			append bss_conf "accept_mac_file=$_macfile" "$N"
+		;;
+		deny)
+			append bss_conf "macaddr_acl=0" "$N"
+			append bss_conf "deny_mac_file=$_macfile" "$N"
+		;;
+		*)
+			_macfile=""
+		;;
+	esac
+
+	[ -n "$_macfile" ] && {
+		json_get_vars macfile maclist
+
+		rm -f "$_macfile"
+		(
+			for mac in $maclist; do
+				echo "$mac"
+			done
+			[ -n "$macfile" -a -f "$macfile" ] && cat "$macfile"
+		) > "$_macfile"
+	}
+
+	append "$var" "$bss_conf" "$N"
+	return 0
+}
+
+hostapd_set_log_options() {
+	local var="$1"
+
+	local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme
+	json_get_vars log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme
+
+	set_default log_level 2
+	set_default log_80211  1
+	set_default log_8021x  1
+	set_default log_radius 1
+	set_default log_wpa    1
+	set_default log_driver 1
+	set_default log_iapp   1
+	set_default log_mlme   1
+
+	local log_mask=$((       \
+		($log_80211  << 0) | \
+		($log_8021x  << 1) | \
+		($log_radius << 2) | \
+		($log_wpa    << 3) | \
+		($log_driver << 4) | \
+		($log_iapp   << 5) | \
+		($log_mlme   << 6)   \
+	))
+
+	append "$var" "logger_syslog=$log_mask" "$N"
+	append "$var" "logger_syslog_level=$log_level" "$N"
+	append "$var" "logger_stdout=$log_mask" "$N"
+	append "$var" "logger_stdout_level=$log_level" "$N"
+
+	return 0
+}
+
+_wpa_supplicant_common() {
+	local ifname="$1"
+
+	_rpath="/var/run/wpa_supplicant"
+	_config="${_rpath}-$ifname.conf"
+}
+
+wpa_supplicant_teardown_interface() {
+	_wpa_supplicant_common "$1"
+	rm -rf "$_rpath" "$_config"
+}
+
+wpa_supplicant_prepare_interface() {
+	local ifname="$1"
+	_w_driver="$2"
+
+	_wpa_supplicant_common "$1"
+
+	json_get_vars mode wds
+
+	[ -n "$network_bridge" ] && {
+		fail=
+		case "$mode" in
+			adhoc)
+				fail=1
+			;;
+			sta)
+				[ "$wds" = 1 ] || fail=1
+			;;
+		esac
+
+		[ -n "$fail" ] && {
+			wireless_setup_vif_failed BRIDGE_NOT_ALLOWED
+			return 1
+		}
+	}
+
+	local ap_scan=
+
+	_w_mode="$mode"
+	_w_modestr=
+
+	[[ "$mode" = adhoc ]] && {
+		ap_scan="ap_scan=2"
+
+		_w_modestr="mode=1"
+	}
+
+	wpa_supplicant_teardown_interface "$ifname"
+	cat > "$_config" <<EOF
+$ap_scan
+EOF
+	return 0
+}
+
+wpa_supplicant_add_network() {
+	local ifname="$1"
+
+	_wpa_supplicant_common "$1"
+	wireless_vif_parse_encryption
+
+	json_get_vars \
+		ssid bssid key \
+		basic_rate mcast_rate \
+		ieee80211w
+
+	local key_mgmt='NONE'
+	local enc_str=
+	local network_data=
+	local T="	"
+
+	local wpa_key_mgmt="WPA-PSK"
+	local scan_ssid="1"
+
+	[[ "$_w_mode" = "adhoc" ]] && {
+		append network_data "mode=1" "$N$T"
+		[ -n "$fixed_frequency" ] || {
+			append network_data "fixed_freq=1" "$N$T"
+			append network_data "frequency=$fixed_frequency" "$N$T"
+		}
+
+		scan_ssid=0
+
+		[ "$_w_driver" = "nl80211" ] ||	wpa_key_mgmt="WPA-NONE"
+	}
+
+	[[ "$_w_mode" = adhoc ]] && append network_data "$_w_modestr" "$N$T"
+
+	case "$auth_type" in
+		none) ;;
+		wep)
+			local wep_keyidx=0
+			hostapd_append_wep_key network_data
+			append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T"
+		;;
+		psk)
+			local passphrase
+
+			key_mgmt="$wpa_key_mgmt"
+			if [ ${#key} -eq 64 ]; then
+				passphrase="psk=${key}"
+			else
+				passphrase="psk=\"${key}\""
+			fi
+			append network_data "$passphrase" "$N$T"
+		;;
+		eap)
+			key_mgmt='WPA-EAP'
+
+			json_get_vars eap_type identity ca_cert
+			[ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+			[ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T"
+			case "$eap_type" in
+				tls)
+					json_get_vars client_cert priv_key priv_key_pwd
+					append network_data "client_cert=\"$client_cert\"" "$N$T"
+					append network_data "private_key=\"$priv_key\"" "$N$T"
+					append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T"
+				;;
+				peap|ttls)
+					json_get_vars auth password
+					set_default auth MSCHAPV2
+					append network_data "phase2=\"$auth\"" "$N$T"
+					append network_data "password=\"$password\"" "$N$T"
+				;;
+			esac
+			append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T"
+		;;
+	esac
+
+	case "$wpa" in
+		1)
+			append network_data "proto=WPA" "$N$T"
+		;;
+		2)
+			append network_data "proto=RSN" "$N$T"
+		;;
+	esac
+
+	case "$ieee80211w" in
+		[012])
+			[ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T"
+		;;
+	esac
+
+	local beacon_int brates mrate
+	[ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T"
+	[ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" "$N$T"
+
+
+	[ -n "$basic_rate" ] && {
+		local br rate_list=
+		for br in $basic_rate; do
+			hostapd_add_rate rate_list "$br"
+		done
+		[ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T"
+	}
+
+	[ -n "$mcast_rate" ] && {
+		local mc_rate=
+		hostapd_add_rate mc_rate "$mcast_rate"
+		[ -n "$mcast_rate" ] && append network_data "mcast_rate=$mcast_rate" "$N$T"
+	}
+
+	local ht_str
+	[ -n "$ht" ] && append network_data "htmode=$ht" "$N$T"
+
+	cat >> "$_config" <<EOF
+network={
+	scan_ssid=$scan_ssid
+	ssid="$ssid"
+	key_mgmt=$key_mgmt
+	$network_data
+}
+EOF
+	return 0
+}
+
+wpa_supplicant_run() {
+	local ifname="$1"; shift
+
+	_wpa_supplicant_common "$ifname"
+
+	/usr/sbin/wpa_supplicant -B \
+		${network_bridge:+-b $network_bridge} \
+		-P "/var/run/wpa_supplicant-${ifname}.pid" \
+		-D ${_w_driver:-wext} \
+		-i "$ifname" \
+		-c "$_config" \
+		-C "$_rpath" \
+		"$@"
+
+	ret="$?"
+	wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" /usr/sbin/wpa_supplicant 1
+
+	[ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED
+
+	return $ret
+}
+
+hostapd_common_cleanup() {
+	killall hostapd wpa_supplicant
+}