Move up to hostapd 2.8

12 files changed, 388 insertions, 427 deletions

diff --git a/recipes-connectivity/hostapd/hostap-daemon-1.0/default b/recipes-connectivity/hostapd/hostap-daemon-1.0/default
deleted file mode 100644
index 0923a8c..0000000
--- a/recipes-connectivity/hostapd/hostap-daemon-1.0/default
+++ /dev/null
@@ -1,2 +0,0 @@
-# set to "yes" to start hostapd on boot
-START_ON_BOOT="no"
diff --git a/recipes-connectivity/hostapd/hostap-daemon-1.0/init b/recipes-connectivity/hostapd/hostap-daemon-1.0/init
deleted file mode 100644
index a8d622f..0000000
--- a/recipes-connectivity/hostapd/hostap-daemon-1.0/init
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/sh
-DAEMON=/usr/sbin/hostapd
-NAME=hostapd
-DESC="HOSTAP Daemon"
-ARGS="/etc/hostapd.conf -B"
-
-test -f $DAEMON || exit 0
-
-[ -f /etc/default/$NAME ] && . /etc/default/$NAME
-
-if [ "$START_ON_BOOT" != "yes" ]; then
-	exit 0
-fi
-
-set -e
-
-case "$1" in
-    start)
-	echo -n "Starting $DESC: "
-	start-stop-daemon -S -x $DAEMON -- $ARGS
-	echo "$NAME."
-	;;
-    stop)
-	echo -n "Stopping $DESC: "
-	start-stop-daemon -K -x $DAEMON
-	echo "$NAME."
-	;;
-    restart)
-	$0 stop
-	$0 start
-	;;
-    reload)
-	echo -n "Reloading $DESC: "
-	killall -HUP $(basename ${DAEMON})
-	echo "$NAME."
-	;;
-    *)
-	echo "Usage: $0 {start|stop|restart|reload}"
-	exit 1
-	;;
-esac
-
-exit 0
diff --git a/recipes-connectivity/hostapd/hostap-daemon-2.7/defconfig b/recipes-connectivity/hostapd/hostap-daemon-2.7/defconfig
deleted file mode 100644
index 321b7c1..0000000
--- a/recipes-connectivity/hostapd/hostap-daemon-2.7/defconfig
+++ /dev/null
@@ -1,319 +0,0 @@
-# Example hostapd build time configuration
-#
-# This file lists the configuration options that are used when building the
-# hostapd binary. All lines starting with # are ignored. Configuration option
-# lines must be commented out complete, if they are not to be included, i.e.,
-# just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cass, these lines should use += in order not
-# to override previous values of the variables.
-
-# Driver interface for Host AP driver
-CONFIG_DRIVER_HOSTAP=y
-
-# Driver interface for wired authenticator
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for madwifi driver
-#CONFIG_DRIVER_MADWIFI=y
-#CFLAGS += -I../../madwifi # change to the madwifi source directory
-
-# Driver interface for drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-CONFIG_LIBNL32=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for no driver (e.g., RADIUS server only)
-CONFIG_DRIVER_NONE=y
-
-# IEEE 802.11F/IAPP
-CONFIG_IAPP=y
-
-# WPA2/IEEE 802.11i RSN pre-authentication
-CONFIG_RSN_PREAUTH=y
-
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
-CONFIG_PEERKEY=y
-
-# IEEE 802.11w (management frame protection)
-CONFIG_IEEE80211W=y
-
-# Integrated EAP server
-CONFIG_EAP=y
-
-# EAP-MD5 for the integrated EAP server
-CONFIG_EAP_MD5=y
-
-# EAP-TLS for the integrated EAP server
-CONFIG_EAP_TLS=y
-
-# EAP-MSCHAPv2 for the integrated EAP server
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-PEAP for the integrated EAP server
-CONFIG_EAP_PEAP=y
-
-# EAP-GTC for the integrated EAP server
-CONFIG_EAP_GTC=y
-
-# EAP-TTLS for the integrated EAP server
-CONFIG_EAP_TTLS=y
-
-# EAP-SIM for the integrated EAP server
-#CONFIG_EAP_SIM=y
-
-# EAP-AKA for the integrated EAP server
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' for the integrated EAP server
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# EAP-PAX for the integrated EAP server
-#CONFIG_EAP_PAX=y
-
-# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd for the integrated EAP server (secure authentication with a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-SAKE for the integrated EAP server
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK for the integrated EAP server
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
-CONFIG_EAP_FAST=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable UPnP support for external WPS Registrars
-CONFIG_WPS_UPNP=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# Trusted Network Connect (EAP-TNC)
-#CONFIG_EAP_TNC=y
-
-# EAP-EKE for the integrated EAP server
-#CONFIG_EAP_EKE=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# RADIUS authentication server. This provides access to the integrated EAP
-# server from external hosts using RADIUS.
-CONFIG_RADIUS_SERVER=y
-
-# Build IPv6 support for RADIUS operations
-CONFIG_IPV6=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition)
-#CONFIG_IEEE80211R=y
-
-# Use the hostapd's IEEE 802.11 authentication (ACL), but without
-# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211)
-#CONFIG_DRIVER_RADIUS_ACL=y
-
-# IEEE 802.11n (High Throughput) support
-CONFIG_IEEE80211N=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-CONFIG_WNM=y
-
-# IEEE 802.11ac (Very High Throughput) support
-CONFIG_IEEE80211AC=y
-
-# Remove debugging code that is printing out debug messages to stdout.
-# This can be used to reduce the size of the hostapd considerably if debugging
-# code is not needed.
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Add support for writing debug log to a file: -f /tmp/hostapd.log
-# Disabled by default.
-#CONFIG_DEBUG_FILE=y
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Remove support for RADIUS accounting
-#CONFIG_NO_ACCOUNTING=y
-
-# Remove support for RADIUS
-#CONFIG_NO_RADIUS=y
-
-# Remove support for VLANs
-#CONFIG_NO_VLAN=y
-
-# Enable support for fully dynamic VLANs. This enables hostapd to
-# automatically create bridge and VLAN interfaces if necessary.
-#CONFIG_FULL_DYNAMIC_VLAN=y
-
-# Use netlink-based kernel API for VLAN operations instead of ioctl()
-# Note: This requires libnl 3.1 or newer.
-#CONFIG_VLAN_NETLINK=y
-
-# Remove support for dumping internal state through control interface commands
-# This can be used to reduce binary size at the cost of disabling a debugging
-# option.
-#CONFIG_NO_DUMP_STATE=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, comment out these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, comment out these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# hostapd depends on strong random number generation being available from the
-# operating system. os_get_random() function is used to fetch random data when
-# needed, e.g., for key generation. On Linux and BSD systems, this works by
-# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
-# properly initialized before hostapd is started. This is important especially
-# on embedded devices that do not have a hardware random number generator and
-# may by default start up with minimal entropy available for random number
-# generation.
-#
-# As a safety net, hostapd is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data
-# fetched from the OS. This by itself is not considered to be very strong, but
-# it may help in cases where the system pool is not initialized properly.
-# However, it is very strongly recommended that the system pool is initialized
-# with enough entropy either by using hardware assisted random number
-# generator or by storing state over device reboots.
-#
-# hostapd can be configured to maintain its own entropy store over restarts to
-# enhance random number generation. This is not perfect, but it is much more
-# secure than using the same sequence of random numbers after every reboot.
-# This can be enabled with -e<entropy file> command line option. The specified
-# file needs to be readable and writable by hostapd.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal hostapd random pool can be disabled.
-# This will save some in binary size and CPU use. However, this should only be
-# considered for builds that are known to be used on devices that meet the
-# requirements described above.
-#CONFIG_NO_RANDOM_POOL=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# none = Empty template
-#CONFIG_TLS=openssl
-CONFIG_TLS=internal
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used.
-CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms.
-#CONFIG_TLSV12=y
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-CONFIG_INTERNAL_LIBTOMMATH=y
-ifndef CONFIG_INTERNAL_LIBTOMMATH
-LTM_PATH=/usr/src/libtommath-0.39
-CFLAGS += -I$(LTM_PATH)
-LIBS += -L$(LTM_PATH)
-LIBS_p += -L$(LTM_PATH)
-endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks.
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
-CONFIG_SQLITE=y
-
-# Testing options
-# This can be used to enable some testing options (see also the example
-# configuration file) that are really useful only for testing clients that
-# connect to this hostapd. These options allow, for example, to drop a
-# certain percentage of probe requests or auth/(re)assoc frames.
-#
-CONFIG_TESTING_OPTIONS=y
-
-# Automatic Channel Selection
-# This will allow hostapd to pick the channel automatically when channel is set
-# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# You can customize the ACS survey algorithm with the hostapd.conf variable
-# acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#
-CONFIG_ACS=y
diff --git a/recipes-connectivity/hostapd/hostap-daemon.inc b/recipes-connectivity/hostapd/hostap-daemon.inc
deleted file mode 100644
index 5525953..0000000
--- a/recipes-connectivity/hostapd/hostap-daemon.inc
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-# -p option is striplevel
-SRC_URI += " file://cfg80211.conf \
-           "
-
-do_install() {
-    install -d ${D}${sbindir} ${D}${sysconfdir}/init.d
-    install -m 0644 ${S}/hostapd.conf ${D}${sysconfdir}
-    install -m 0755 ${S}/hostapd ${D}${sbindir}
-    install -m 0755 ${S}/hostapd_cli ${D}${sbindir}
-    install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/hostapd
-    
-    install -m 644 -D ${WORKDIR}/cfg80211.conf ${D}${sysconfdir}/modprobe.d/cfg80211.conf
-}
diff --git a/recipes-connectivity/hostapd/hostap-daemon_2.7.bb b/recipes-connectivity/hostapd/hostap-daemon_2.7.bb
deleted file mode 100644
index c0809b4..0000000
--- a/recipes-connectivity/hostapd/hostap-daemon_2.7.bb
+++ /dev/null
@@ -1,44 +0,0 @@
-require hostap-daemon.inc
-
-HOMEPAGE = "http://hostap.epitest.fi"
-SECTION = "kernel/userland"
-LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://README;md5=9f542dba9d227d1a51f4405a415cc2b2"
-DEPENDS = "libnl openssl sqlite3"
-SUMMARY = "User space daemon for extended IEEE 802.11 management"
-
-PR = "r1"
-inherit update-rc.d
-INITSCRIPT_NAME = "hostapd"
-
-
-DEFAULT_PREFERENCE = "-1"
-
-SRC_URI += " \
-    http://hostap.epitest.fi/releases/hostapd-${PV}.tar.gz \
-    file://defconfig \
-    file://init \
-	file://default \
-"
-
-S = "${WORKDIR}/hostapd-${PV}/hostapd"
-
-
-do_configure() {
-    install -m 0644 ${WORKDIR}/defconfig ${S}/.config
-}
-
-do_compile() {
-    export CFLAGS="-MMD -O2 -Wall -g -I${STAGING_INCDIR}/libnl3"
-    make
-}
-
-CONFFILES_${PN} += "${sysconfdir}/hostapd.conf ${sysconfdir}/modprobe.d/cfg80211.conf"
-
-SRC_URI[md5sum] = "8d3799f3a3c247cff47d41503698721b"
-SRC_URI[sha256sum] = "21b0dda3cc3abe75849437f6b9746da461f88f0ea49dd621216936f87440a141"
-
-do_install_append() {
-    mkdir -p ${D}${sysconfdir}/default
-	install -m 644 ${WORKDIR}/default ${D}${sysconfdir}/default/hostapd
-}
diff --git a/recipes-connectivity/hostapd/hostap-daemon-2.7/default b/recipes-connectivity/hostapd/hostapd/default
index a274de1..a274de1 100644
--- a/recipes-connectivity/hostapd/hostap-daemon-2.7/default
+++ b/recipes-connectivity/hostapd/hostapd/default
diff --git a/recipes-connectivity/hostapd/hostapd/defconfig b/recipes-connectivity/hostapd/hostapd/defconfig
new file mode 100644
index 0000000..3a447c6
--- /dev/null
+++ b/recipes-connectivity/hostapd/hostapd/defconfig
@@ -0,0 +1,148 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for madwifi driver
+#CONFIG_DRIVER_MADWIFI=y
+#CFLAGS += -I../../madwifi # change to the madwifi source directory
+
+# Driver interface for Prism54 driver
+CONFIG_DRIVER_PRISM54=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+CONFIG_LIBNL32=y
+# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be
+# shipped with your distribution yet. If that is the case, you need to build
+# newer libnl version and point the hostapd build to use it.
+#LIBNL=/usr/src/libnl
+#CFLAGS += -I$(LIBNL)/include
+#LIBS += -L$(LIBNL)/lib
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+# This version is an experimental implementation based on IEEE 802.11w/D1.0
+# draft and is subject to change since the standard has not yet been finalized.
+# Driver support is also needed for IEEE 802.11w.
+CONFIG_IEEE80211W=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: Default OpenSSL package does not include support for all the
+# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
+# to add the needed functions.
+CONFIG_EAP_FAST=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+CONFIG_WPS_UPNP=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211)
+CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
diff --git a/recipes-connectivity/hostapd/hostapd/defconfig.orig b/recipes-connectivity/hostapd/hostapd/defconfig.orig
new file mode 100644
index 0000000..a62bec4
--- /dev/null
+++ b/recipes-connectivity/hostapd/hostapd/defconfig.orig
@@ -0,0 +1,148 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for madwifi driver
+#CONFIG_DRIVER_MADWIFI=y
+#CFLAGS += -I../../madwifi # change to the madwifi source directory
+
+# Driver interface for Prism54 driver
+CONFIG_DRIVER_PRISM54=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+CONFIG_LIBNL32=y
+# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be
+# shipped with your distribution yet. If that is the case, you need to build
+# newer libnl version and point the hostapd build to use it.
+#LIBNL=/usr/src/libnl
+#CFLAGS += -I$(LIBNL)/include
+#LIBS += -L$(LIBNL)/lib
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+# This version is an experimental implementation based on IEEE 802.11w/D1.0
+# draft and is subject to change since the standard has not yet been finalized.
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: Default OpenSSL package does not include support for all the
+# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
+# to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211)
+CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
diff --git a/recipes-connectivity/hostapd/hostapd/hostapd.service b/recipes-connectivity/hostapd/hostapd/hostapd.service
new file mode 100644
index 0000000..151c050
--- /dev/null
+++ b/recipes-connectivity/hostapd/hostapd/hostapd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/run/hostapd.pid
+ExecStart=@SBINDIR@/hostapd @SYSCONFDIR@/hostapd.conf -P /run/hostapd.pid -B
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-connectivity/hostapd/hostap-daemon-2.7/init b/recipes-connectivity/hostapd/hostapd/init
index 5bd7ab6..04fd2d0 100755..100644
--- a/recipes-connectivity/hostapd/hostap-daemon-2.7/init
+++ b/recipes-connectivity/hostapd/hostapd/init
@@ -8,9 +8,25 @@ test -f $DAEMON || exit 0
 
 [ -f /etc/default/$NAME ] && . /etc/default/$NAME
 
-
 set -e
 
+# source function library
+. /etc/init.d/functions
+
+delay_stop() {
+	count=0
+	while [ $count -lt 9 ] ; do
+	        if pidof $DAEMON >/dev/null; then
+	                sleep 1
+	        else
+	                return 0
+	        fi
+		count=`expr $count + 1`
+	done
+	echo "Failed to stop $DESC."
+	return 1
+}
+
 case "$1" in
     start)
         if [ "$START_ON_BOOT" != "yes" ]; then
@@ -28,20 +44,24 @@ case "$1" in
 	;;
     stop)
 	echo -n "Stopping $DESC: "
-	start-stop-daemon -K -x $DAEMON
+	start-stop-daemon -K --oknodo -x $DAEMON
 	echo "$NAME."
 	;;
     restart)
 	$0 stop
-	$0 start
+	delay_stop && $0 start
 	;;
     reload)
 	echo -n "Reloading $DESC: "
 	killall -HUP $(basename ${DAEMON})
 	echo "$NAME."
 	;;
+    status)
+	status $DAEMON
+	exit $?
+	;;
     *)
-	echo "Usage: $0 {start|stop|restart|reload}"
+	echo "Usage: $0 {start|stop|restart|reload|status}"
 	exit 1
 	;;
 esac
diff --git a/recipes-connectivity/hostapd/hostapd_%.bbappend b/recipes-connectivity/hostapd/hostapd_%.bbappend
new file mode 100644
index 0000000..d94e2ad
--- /dev/null
+++ b/recipes-connectivity/hostapd/hostapd_%.bbappend
@@ -0,0 +1,6 @@
+SRC_URI += "file://cfg80211.conf"
+
+do_install_append() {
+	install -d ${D}{sysconfdir}/modprobe.d
+	install -m 644 -D ${WORKDIR}/cfg80211.conf ${D}${sysconfdir}/modprobe.d/cfg80211.conf
+}
diff --git a/recipes-connectivity/hostapd/hostapd_2.8.bb b/recipes-connectivity/hostapd/hostapd_2.8.bb
new file mode 100644
index 0000000..15884d0
--- /dev/null
+++ b/recipes-connectivity/hostapd/hostapd_2.8.bb
@@ -0,0 +1,51 @@
+SUMMARY = "User space daemon for extended IEEE 802.11 management"
+HOMEPAGE = "http://w1.fi/hostapd/"
+SECTION = "kernel/userland"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://hostapd/README;md5=1ec986bec88070e2a59c68c95d763f89"
+
+DEPENDS = "libnl openssl"
+
+SRC_URI = " \
+    http://w1.fi/releases/hostapd-${PV}.tar.gz \
+    file://defconfig \
+    file://init \
+    file://hostapd.service \
+"
+
+SRC_URI[md5sum] = "ed2c254e5f400838cb9d8e7b6e43b86c"
+SRC_URI[sha256sum] = "929f522be6eeec38c53147e7bc084df028f65f148a3f7e4fa6c4c3f955cee4b0"
+
+S = "${WORKDIR}/hostapd-${PV}"
+B = "${WORKDIR}/hostapd-${PV}/hostapd"
+
+inherit update-rc.d systemd pkgconfig distro_features_check
+
+CONFLICT_DISTRO_FEATURES = "openssl-no-weak-ciphers"
+
+INITSCRIPT_NAME = "hostapd"
+
+SYSTEMD_SERVICE_${PN} = "hostapd.service"
+SYSTEMD_AUTO_ENABLE_${PN} = "disable"
+
+do_configure_append() {
+    install -m 0644 ${WORKDIR}/defconfig ${B}/.config
+}
+
+do_compile() {
+    export CFLAGS="-MMD -O2 -Wall -g"
+    export EXTRA_CFLAGS="${CFLAGS}"
+    make V=1
+}
+
+do_install() {
+    install -d ${D}${sbindir} ${D}${sysconfdir}/init.d ${D}${systemd_unitdir}/system/
+    install -m 0644 ${B}/hostapd.conf ${D}${sysconfdir}
+    install -m 0755 ${B}/hostapd ${D}${sbindir}
+    install -m 0755 ${B}/hostapd_cli ${D}${sbindir}
+    install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/hostapd
+    install -m 0644 ${WORKDIR}/hostapd.service ${D}${systemd_unitdir}/system/
+    sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/hostapd.service
+}
+
+CONFFILES_${PN} += "${sysconfdir}/hostapd.conf"