From 7872e94f9e17b314d88efa980d7c86632187633a Mon Sep 17 00:00:00 2001
From: RISCi_ATOM <bob@bobcall.me>
Date: Thu, 23 Mar 2017 13:10:04 -0400
Subject: [PATCH] Second attempt at pull from upstream
 package/{luci,system,utils}

---
 .gitignore                                    |    7 +
 package/luci/.gitignore                       |    8 -
 .../luasrc/model/cbi/adblock.lua              |    6 +-
 .../luci-app-adblock/po/pt-br/adblock.po      |   92 +
 .../luci-app-ahcp/po/pt-br/ahcp.po            |   10 +-
 .../luci-app-aria2/po/pt-br/aria2.po          |  236 ++
 .../luci-app-commands/po/pt-br/commands.po    |   27 +-
 .../luci-app-ddns/po/pt-br/ddns.po            |   20 +-
 .../applications/luci-app-dynapoint/Makefile  |   20 +
 .../luasrc/controller/dynapoint.lua           |    9 +
 .../luasrc/model/cbi/dynapoint.lua            |   99 +
 .../luasrc/view/dynapoint/cbi_checkbox.htm    |    6 +
 .../luasrc/view/dynapoint/cbi_color.htm       |   18 +
 .../luci-app-dynapoint/po/de/dynapoint.po     |  106 +
 .../luci-app-dynapoint/po/ja/dynapoint.po     |  108 +
 .../luci-app-dynapoint/po/pt-br/dynapoint.po  |  107 +
 .../po/templates/dynapoint.pot                |   92 +
 .../root/etc/uci-defaults/40_luci-dynapoint   |   13 +
 .../model/cbi/firewall/forward-details.lua    |    6 +-
 .../model/cbi/firewall/rule-details.lua       |    8 +-
 .../model/cbi/firewall/zone-details.lua       |    4 +-
 .../luasrc/model/cbi/firewall/zones.lua       |    1 -
 .../luci-app-firewall/po/ko/firewall.po       |  505 +++++
 .../luci-app-firewall/po/pt-br/firewall.po    |   41 +-
 .../luci-app-fwknopd/po/pt-br/fwknopd.po      |  116 +
 .../po/pt-br/meshwizard.po                    |   11 +-
 .../po/pt-br/mjpg-streamer.po                 |  172 ++
 .../luci-app-olsr/po/pt-br/olsr.po            |   17 +-
 .../luci-app-openvpn/po/pt-br/openvpn.po      |   18 +-
 .../luci-app-privoxy/po/pt-br/privoxy.po      |  516 +++++
 .../luci-app-radicale/po/pt-br/radicale.po    |  432 ++++
 .../po/pt-br/shadowsocks-libev.po             |   97 +
 .../luci-app-shairplay/po/pt-br/shairplay.po  |   54 +
 .../po/pt-br/statistics.po                    |   93 +-
 .../luasrc/model/cbi/travelmate.lua           |   16 +-
 .../luci-app-travelmate/po/ja/travelmate.po   |   43 +-
 .../po/pt-br/travelmate.po                    |   78 +
 .../po/templates/travelmate.pot               |   22 +-
 .../luci-app-uhttpd/po/pt-br/uhttpd.po        |  208 ++
 .../luasrc/model/cbi/unbound.lua              |  162 +-
 .../root/etc/uci-defaults/60_luci-unbound     |   25 +
 .../luci-app-vpnbypass/po/pt-br/vpnbypass.po  |   55 +
 .../luci-app-watchcat/po/pt-br/watchcat.po    |   13 +-
 .../po/pt-br/wifischedule.po                  |  114 +
 .../applications/luci-app-wol/po/pt-br/wol.po |   16 +-
 .../collections/luci-ssl-openssl/Makefile     |    8 +-
 package/luci/collections/luci-ssl/Makefile    |    2 +-
 .../contrib/package/freifunk-common/Makefile  |    2 +-
 package/luci/luci.mk                          |    3 +-
 .../htdocs/luci-static/resources/cbi.js       |   58 +-
 .../luci-base/luasrc/cbi/datatypes.lua        |  110 +-
 .../luci-base/luasrc/model/network.lua        |    7 +
 .../luci-base/luasrc/view/cbi/mvalue.htm      |    2 +-
 package/luci/modules/luci-base/po/ca/base.po  |  109 +
 package/luci/modules/luci-base/po/cs/base.po  |  109 +
 package/luci/modules/luci-base/po/de/base.po  |  109 +
 package/luci/modules/luci-base/po/el/base.po  |  109 +
 package/luci/modules/luci-base/po/en/base.po  |  109 +
 package/luci/modules/luci-base/po/es/base.po  |  109 +
 package/luci/modules/luci-base/po/fr/base.po  |  109 +
 package/luci/modules/luci-base/po/he/base.po  |  109 +
 package/luci/modules/luci-base/po/hu/base.po  |  109 +
 package/luci/modules/luci-base/po/it/base.po  |  109 +
 package/luci/modules/luci-base/po/ja/base.po  |  109 +
 package/luci/modules/luci-base/po/ko/base.po  |  117 +-
 package/luci/modules/luci-base/po/ms/base.po  |  109 +
 package/luci/modules/luci-base/po/no/base.po  |  109 +
 package/luci/modules/luci-base/po/pl/base.po  |  109 +
 .../luci/modules/luci-base/po/pt-br/base.po   |  793 ++++---
 package/luci/modules/luci-base/po/pt/base.po  |  109 +
 package/luci/modules/luci-base/po/ro/base.po  |  109 +
 package/luci/modules/luci-base/po/ru/base.po  |  109 +
 package/luci/modules/luci-base/po/sk/base.po  |  109 +
 package/luci/modules/luci-base/po/sv/base.po  |  109 +
 .../modules/luci-base/po/templates/base.pot   |  109 +
 package/luci/modules/luci-base/po/tr/base.po  |  109 +
 package/luci/modules/luci-base/po/uk/base.po  |  109 +
 package/luci/modules/luci-base/po/vi/base.po  |  109 +
 .../luci/modules/luci-base/po/zh-cn/base.po   |  109 +
 .../luci/modules/luci-base/po/zh-tw/base.po   |  109 +
 .../luci/modules/luci-base/src/mkversion.sh   |    2 +-
 .../luasrc/controller/admin/network.lua       |    1 +
 .../luasrc/controller/admin/status.lua        |    6 +-
 .../luasrc/controller/admin/system.lua        |    1 +
 .../luasrc/model/cbi/admin_network/wifi.lua   |  138 +-
 .../model/cbi/admin_network/wifi_add.lua      |    2 +-
 .../luasrc/model/cbi/admin_system/admin.lua   |    4 +-
 .../model/cbi/admin_system/fstab/mount.lua    |   10 +-
 .../luasrc/model/cbi/admin_system/leds.lua    |   40 +-
 .../view/admin_network/iface_overview.htm     |    5 +
 .../view/admin_network/iface_status.htm       |    5 +
 .../luasrc/view/admin_status/connections.htm  |    3 +-
 .../luasrc/view/admin_status/index.htm        |   43 +-
 .../luci-mod-admin-full/src/luci-bwc.c        |    4 +-
 .../cbi/admin_network/proto_wireguard.lua     |   12 +-
 package/network/config/firewall/Makefile      |    6 +-
 package/network/config/ltq-vdsl-app/Makefile  |   69 +
 .../config/ltq-vdsl-app/files/dsl_control     |  282 +++
 .../config/ltq-vdsl-app/files/dsl_cpe_pipe.sh |   18 +
 .../files/vdsl_cpe_control_wrapper            |   11 +
 .../ltq-vdsl-app/patches/100-compat.patch     |   22 +
 .../ltq-vdsl-app/patches/101-musl.patch       |   10 +
 .../ltq-vdsl-app/patches/200-autoboot.patch   |   11 +
 package/network/config/netifd/Makefile        |    6 +-
 .../config/netifd/files/etc/init.d/network    |   13 +-
 .../qos-scripts/files/usr/lib/qos/generate.sh |    3 +-
 package/network/config/swconfig/src/uci.c     |    4 +-
 package/network/ipv6/6in4/files/6in4.sh       |    2 +-
 package/network/ipv6/map/Makefile             |    4 +-
 package/network/ipv6/map/files/map.sh         |   12 +-
 package/network/ipv6/odhcp6c/Makefile         |   10 +-
 package/network/services/dnsmasq/Makefile     |    2 +-
 .../services/dnsmasq/files/dnsmasq.init       |   52 +-
 .../services/dnsmasq/files/dnsmasqsec.hotplug |    6 +-
 .../patches/000-fix-servfail-handling.patch   |  130 ++
 package/network/services/dropbear/Makefile    |    2 +-
 .../patches/120-openwrt_options.patch         |    5 +-
 package/network/services/hostapd/Makefile     |   12 +-
 .../hostapd/files/hostapd-full.config         |    3 +
 .../hostapd/files/hostapd-mini.config         |    3 +
 .../hostapd/files/{netifd.sh => hostapd.sh}   |   13 +-
 ...on-between-AssocResp-callback-and-4a.patch |   83 +
 ...Reassociation-Request-frame-dropping.patch |   36 +
 ...-clearing-on-Authentication-frame-RX.patch |   40 +
 ...ibility-to-send-debug-messages-to-sy.patch |  145 ++
 .../hostapd/patches/200-multicall.patch       |   10 +-
 .../patches/410-limit_debug_messages.patch    |   16 +-
 .../patches/420-indicate-features.patch       |    8 +-
 .../hostapd/patches/450-scan_wait.patch       |   10 +-
 .../hostapd/patches/600-ubus_support.patch    |    4 +-
 .../hostapd/src/src/utils/build_features.h    |   16 +-
 package/network/services/odhcpd/Makefile      |   12 +-
 package/network/services/openvpn/Makefile     |    7 +-
 .../services/openvpn/files/openvpn.init       |   43 +-
 package/network/services/ppp/Makefile         |   21 +-
 .../services/ppp/files/lib/netifd/ppp6-up     |    2 +
 package/network/services/ppp/files/ppp.sh     |    4 +-
 package/network/services/relayd/Makefile      |    2 +-
 .../network/services/relayd/files/relay.init  |   34 +-
 package/network/services/samba36/Makefile     |    8 +-
 .../network/services/uhttpd/files/uhttpd.init |    2 +-
 .../network/services/{mdns => umdns}/Makefile |   26 +-
 .../mdns.config => umdns/files/umdns.config}  |    2 +-
 .../mdns.init => umdns/files/umdns.init}      |   20 +-
 .../mdns.json => umdns/files/umdns.json}      |    0
 package/network/utils/comgt/Makefile          |    2 +
 package/network/utils/curl/Makefile           |    2 +-
 .../patches/001-curl-https-openssl-fix.patch  |   34 +
 .../curl/patches/100-CVE-2017-2629.patch      |   33 +
 package/network/utils/ebtables/Makefile       |   12 +-
 .../utils/ebtables/patches/100-musl_fix.patch |  175 +-
 .../patches/200-fix-extension-init.patch      |    8 +-
 package/network/utils/iftop/Makefile          |   14 +-
 .../iftop/patches/110-fix-mac-display.patch   |   67 -
 package/network/utils/iproute2/Makefile       |    2 +-
 .../iproute2/patches/950-add-cake-to-tc.patch |   57 +-
 ...-monitor-can-t-work-when-NET_NS-is-n.patch |   40 +
 .../utils/iw/patches/001-nl80211_h_sync.patch |  294 ++-
 package/network/utils/tcpdump/Makefile        |    4 +-
 .../patches/001-remove_pcap_debug.patch       |    2 +-
 .../002-remove_static_libpcap_check.patch     |    4 +-
 .../tcpdump/patches/100-tcpdump_mini.patch    |  152 +-
 package/network/utils/umbim/Makefile          |    2 +
 package/network/utils/uqmi/Makefile           |    2 +
 package/network/utils/wireless-tools/Makefile |    2 +-
 package/system/lede-keyring/Makefile          |    6 +-
 package/system/mountd/Makefile                |    2 +-
 package/system/opkg/Makefile                  |    3 +-
 .../patches/290-clarify-download-errors.patch |   61 +
 package/system/procd/Makefile                 |    6 +-
 package/system/procd/files/procd.sh           |   12 +-
 package/system/ubox/Makefile                  |   16 +-
 package/system/ubus/Makefile                  |    6 +-
 package/utils/osafeloader/Makefile            |    2 +
 package/utils/px5g-standalone/Makefile        |   37 -
 package/utils/px5g-standalone/src/Makefile    |   14 -
 .../px5g-standalone/src/library/base64.c      |  264 ---
 .../px5g-standalone/src/library/bignum.c      | 2010 -----------------
 .../utils/px5g-standalone/src/library/rsa.c   |  750 ------
 .../utils/px5g-standalone/src/library/sha1.c  |  622 -----
 .../px5g-standalone/src/library/timing.c      |  265 ---
 .../px5g-standalone/src/library/x509write.c   | 1162 ----------
 .../px5g-standalone/src/polarssl/base64.h     |   93 -
 .../px5g-standalone/src/polarssl/bignum.h     |  437 ----
 .../px5g-standalone/src/polarssl/bn_mul.h     |  731 ------
 .../px5g-standalone/src/polarssl/config.h     |  329 ---
 .../utils/px5g-standalone/src/polarssl/rsa.h  |  309 ---
 .../utils/px5g-standalone/src/polarssl/sha1.h |  150 --
 .../px5g-standalone/src/polarssl/timing.h     |   81 -
 .../utils/px5g-standalone/src/polarssl/x509.h |  549 -----
 package/utils/px5g-standalone/src/px5g.c      |  213 --
 package/utils/px5g/Makefile                   |   24 +-
 package/utils/ugps/Makefile                   |    2 +-
 package/utils/ugps/files/gps.config           |    2 +-
 194 files changed, 9111 insertions(+), 9147 deletions(-)
 delete mode 100644 package/luci/.gitignore
 create mode 100644 package/luci/applications/luci-app-adblock/po/pt-br/adblock.po
 create mode 100644 package/luci/applications/luci-app-aria2/po/pt-br/aria2.po
 create mode 100644 package/luci/applications/luci-app-dynapoint/Makefile
 create mode 100644 package/luci/applications/luci-app-dynapoint/luasrc/controller/dynapoint.lua
 create mode 100644 package/luci/applications/luci-app-dynapoint/luasrc/model/cbi/dynapoint.lua
 create mode 100644 package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_checkbox.htm
 create mode 100644 package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_color.htm
 create mode 100644 package/luci/applications/luci-app-dynapoint/po/de/dynapoint.po
 create mode 100644 package/luci/applications/luci-app-dynapoint/po/ja/dynapoint.po
 create mode 100644 package/luci/applications/luci-app-dynapoint/po/pt-br/dynapoint.po
 create mode 100644 package/luci/applications/luci-app-dynapoint/po/templates/dynapoint.pot
 create mode 100644 package/luci/applications/luci-app-dynapoint/root/etc/uci-defaults/40_luci-dynapoint
 create mode 100644 package/luci/applications/luci-app-firewall/po/ko/firewall.po
 create mode 100644 package/luci/applications/luci-app-fwknopd/po/pt-br/fwknopd.po
 create mode 100644 package/luci/applications/luci-app-mjpg-streamer/po/pt-br/mjpg-streamer.po
 create mode 100644 package/luci/applications/luci-app-privoxy/po/pt-br/privoxy.po
 create mode 100644 package/luci/applications/luci-app-radicale/po/pt-br/radicale.po
 create mode 100644 package/luci/applications/luci-app-shadowsocks-libev/po/pt-br/shadowsocks-libev.po
 create mode 100644 package/luci/applications/luci-app-shairplay/po/pt-br/shairplay.po
 create mode 100644 package/luci/applications/luci-app-travelmate/po/pt-br/travelmate.po
 create mode 100644 package/luci/applications/luci-app-uhttpd/po/pt-br/uhttpd.po
 create mode 100644 package/luci/applications/luci-app-unbound/root/etc/uci-defaults/60_luci-unbound
 create mode 100644 package/luci/applications/luci-app-vpnbypass/po/pt-br/vpnbypass.po
 create mode 100644 package/luci/applications/luci-app-wifischedule/po/pt-br/wifischedule.po
 create mode 100644 package/network/config/ltq-vdsl-app/Makefile
 create mode 100644 package/network/config/ltq-vdsl-app/files/dsl_control
 create mode 100755 package/network/config/ltq-vdsl-app/files/dsl_cpe_pipe.sh
 create mode 100644 package/network/config/ltq-vdsl-app/files/vdsl_cpe_control_wrapper
 create mode 100644 package/network/config/ltq-vdsl-app/patches/100-compat.patch
 create mode 100644 package/network/config/ltq-vdsl-app/patches/101-musl.patch
 create mode 100644 package/network/config/ltq-vdsl-app/patches/200-autoboot.patch
 create mode 100644 package/network/services/dnsmasq/patches/000-fix-servfail-handling.patch
 rename package/network/services/hostapd/files/{netifd.sh => hostapd.sh} (97%)
 create mode 100644 package/network/services/hostapd/patches/001-Fix-race-condition-between-AssocResp-callback-and-4a.patch
 create mode 100644 package/network/services/hostapd/patches/002-Fix-duplicate-Reassociation-Request-frame-dropping.patch
 create mode 100644 package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch
 create mode 100644 package/network/services/hostapd/patches/004-hostapd-Add-possibility-to-send-debug-messages-to-sy.patch
 mode change 100644 => 100755 package/network/services/ppp/files/lib/netifd/ppp6-up
 rename package/network/services/{mdns => umdns}/Makefile (56%)
 rename package/network/services/{mdns/files/mdns.config => umdns/files/umdns.config} (71%)
 rename package/network/services/{mdns/files/mdns.init => umdns/files/umdns.init} (59%)
 rename package/network/services/{mdns/files/mdns.json => umdns/files/umdns.json} (100%)
 create mode 100644 package/network/utils/curl/patches/001-curl-https-openssl-fix.patch
 create mode 100644 package/network/utils/curl/patches/100-CVE-2017-2629.patch
 delete mode 100644 package/network/utils/iftop/patches/110-fix-mac-display.patch
 create mode 100644 package/network/utils/iproute2/patches/960-ipmonitor-fix-ip-monitor-can-t-work-when-NET_NS-is-n.patch
 create mode 100644 package/system/opkg/patches/290-clarify-download-errors.patch
 delete mode 100644 package/utils/px5g-standalone/Makefile
 delete mode 100644 package/utils/px5g-standalone/src/Makefile
 delete mode 100644 package/utils/px5g-standalone/src/library/base64.c
 delete mode 100644 package/utils/px5g-standalone/src/library/bignum.c
 delete mode 100644 package/utils/px5g-standalone/src/library/rsa.c
 delete mode 100644 package/utils/px5g-standalone/src/library/sha1.c
 delete mode 100644 package/utils/px5g-standalone/src/library/timing.c
 delete mode 100644 package/utils/px5g-standalone/src/library/x509write.c
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/base64.h
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/bignum.h
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/bn_mul.h
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/config.h
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/rsa.h
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/sha1.h
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/timing.h
 delete mode 100644 package/utils/px5g-standalone/src/polarssl/x509.h
 delete mode 100644 package/utils/px5g-standalone/src/px5g.c

diff --git a/.gitignore b/.gitignore
index cd86e34cda..9455cb5236 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@
 /feeds
 /feeds.conf
 /files
+/overlay
 /package/feeds
 /package/openwrt-packages
 key-build*
@@ -24,3 +25,9 @@ key-build*
 .emacs.desktop*
 TAGS*~
 git-src
+*.o
+*.so
+*.swp
+*.po~
+/docs
+/package/luci/modules/luci-base/src/po2lmo
diff --git a/package/luci/.gitignore b/package/luci/.gitignore
deleted file mode 100644
index 07494e98ef..0000000000
--- a/package/luci/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-dist/
-/host
-*.o
-*.so
-*.swp
-*.po~
-/docs
-modules/luci-base/src/po2lmo
diff --git a/package/luci/applications/luci-app-adblock/luasrc/model/cbi/adblock.lua b/package/luci/applications/luci-app-adblock/luasrc/model/cbi/adblock.lua
index d80cb486e3..0a4a4cdd2f 100644
--- a/package/luci/applications/luci-app-adblock/luasrc/model/cbi/adblock.lua
+++ b/package/luci/applications/luci-app-adblock/luasrc/model/cbi/adblock.lua
@@ -34,13 +34,13 @@ des = bl:option(DummyValue, "adb_src_desc", translate("Description"))
 
 -- Additional options
 
-s2 = m:section(NamedSection, "backup", "service", translate("Backup options"))
+s2 = m:section(NamedSection, "global", "adblock", translate("Backup options"))
 
-o4 = s2:option(Flag, "enabled", translate("Enable blocklist backup"))
+o4 = s2:option(Flag, "adb_backup", translate("Enable blocklist backup"))
 o4.rmempty = false
 o4.default = 0
 
-o5 = s2:option(Value, "adb_dir", translate("Backup directory"))
+o5 = s2:option(Value, "adb_backupdir", translate("Backup directory"))
 o5.rmempty = false
 o5.datatype = "directory"
 
diff --git a/package/luci/applications/luci-app-adblock/po/pt-br/adblock.po b/package/luci/applications/luci-app-adblock/po/pt-br/adblock.po
new file mode 100644
index 0000000000..a238dc7f94
--- /dev/null
+++ b/package/luci/applications/luci-app-adblock/po/pt-br/adblock.po
@@ -0,0 +1,92 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid ""
+"). Note that list URLs and Shallalist category selections are not "
+"configurable via Luci."
+msgstr ""
+"). Note que a lista de URL e as seleções de categoria da Shallalist não são "
+"configuráveis pelo Luci."
+
+msgid "Adblock"
+msgstr "Adblock"
+
+msgid "Available blocklist sources ("
+msgstr "Fontes de listas de bloqueio disponíveis ("
+
+msgid "Backup directory"
+msgstr "Diretório da cópia de segurança"
+
+msgid "Backup options"
+msgstr "Opções da cópia de segurança"
+
+msgid "Blocklist sources"
+msgstr "Fontes de listas de bloqueio"
+
+msgid ""
+"Configuration of the adblock package to block ad/abuse domains by using DNS."
+msgstr ""
+"Configuração do pacote adblock para bloquear, usando o DNS, domínios que "
+"distribuem propagandas abusivas."
+
+msgid "Description"
+msgstr "Descrição"
+
+msgid "Enable adblock"
+msgstr "Habilitar adblock"
+
+msgid "Enable blocklist backup"
+msgstr "Habilitar cópia de segurança da lista de bloqueio"
+
+msgid "Enable verbose debug logging"
+msgstr "Habilite registros detalhados para depuração"
+
+msgid "Enabled"
+msgstr "Habilitado"
+
+msgid "Extra options"
+msgstr "Opções adicionais"
+
+msgid ""
+"File with whitelisted hosts/domains that are allowed despite being on a "
+"blocklist."
+msgstr ""
+"Arquivo com a lista branca dos equipamentos/domínios que serão autorizados "
+"mesmo estando na lista de bloqueio."
+
+msgid "Global options"
+msgstr "Opções Globais"
+
+msgid ""
+"Options for further tweaking in case the defaults are not suitable for you."
+msgstr ""
+"Opções para aprimoramentos adicionais caso as opções padrão não sejam "
+"suficientes para você."
+
+msgid "Restrict reload trigger to certain interface(s)"
+msgstr "Restringir o gatilho de recarga para somente alguma(s) interface(s)"
+
+msgid ""
+"Space separated list of wan interfaces that trigger reload action. To "
+"disable reload trigger set it to 'false'. Default: empty"
+msgstr ""
+"Lista das interfaces WAN, separadas por espaço, que podem disparar uma ação "
+"de recarga. Para desabilitar este gatilho, defina-o como 'false'. Padrão: em "
+"branco"
+
+msgid "Whitelist file"
+msgstr "Arquivo da lista branca"
+
+msgid "see list details"
+msgstr "veja os detalhes da lista"
diff --git a/package/luci/applications/luci-app-ahcp/po/pt-br/ahcp.po b/package/luci/applications/luci-app-ahcp/po/pt-br/ahcp.po
index 55ec29cdc7..741c14572b 100644
--- a/package/luci/applications/luci-app-ahcp/po/pt-br/ahcp.po
+++ b/package/luci/applications/luci-app-ahcp/po/pt-br/ahcp.po
@@ -1,20 +1,20 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"PO-Revision-Date: 2014-03-29 23:07+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
+"Project-Id-Version: \n"
+"PO-Revision-Date: 2017-02-17 17:07-0200\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language-Team: none\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"POT-Creation-Date: \n"
 
 msgid "AHCP Server"
 msgstr "Servidor AHCP"
 
-#, fuzzy
 msgid ""
 "AHCP is an autoconfiguration protocol for IPv6 and dual-stack IPv6/IPv4 "
 "networks designed to be used in place of router discovery or DHCP on "
diff --git a/package/luci/applications/luci-app-aria2/po/pt-br/aria2.po b/package/luci/applications/luci-app-aria2/po/pt-br/aria2.po
new file mode 100644
index 0000000000..1bb4137446
--- /dev/null
+++ b/package/luci/applications/luci-app-aria2/po/pt-br/aria2.po
@@ -0,0 +1,236 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid "\"Falloc\" is not available in all cases."
+msgstr "\"Falloc\" não está disponível em todas as classes."
+
+msgid "<abbr title=\"Distributed Hash Table\">DHT</abbr> enabled"
+msgstr ""
+"<abbr title=\"Distributed Hash Table/Tabla de disperção distribuída\">DHT</"
+"abbr> habilitado"
+
+msgid "<abbr title=\"Local Peer Discovery\">LPD</abbr> enabled"
+msgstr ""
+"<abbr title=\"Local Peer Discovery/Descoberta de Parceiros Locais\">LPD</"
+"abbr> habilitado"
+
+msgid "Additional Bt tracker enabled"
+msgstr "Rastreadores BitTorrent adicionais habilitado"
+
+msgid "Aria2"
+msgstr "Aria2"
+
+msgid "Aria2 Settings"
+msgstr "Configurações do Aria2"
+
+msgid "Aria2 Status"
+msgstr "Estado do Aria2"
+
+msgid ""
+"Aria2 is a multi-protocol &amp; multi-source download utility, here you can "
+"configure the settings."
+msgstr ""
+"Aria2 é um utilitário de transferência multi-protocolo de múltiplas fontes, "
+"aqui você pode configurá-lo."
+
+msgid "Autosave session interval"
+msgstr "Intervalo para autossalvamento da sessão"
+
+msgid "BitTorrent Settings"
+msgstr "Configurações do BitTorrent"
+
+msgid "BitTorrent listen port"
+msgstr "Porta de escuta do BitTorrent"
+
+msgid "Collecting data..."
+msgstr "Coletando dados..."
+
+msgid "Config file directory"
+msgstr "Diretório dos arquivos de configuração"
+
+msgid "Debug"
+msgstr "Depuração"
+
+msgid "Default download directory"
+msgstr "Diretório padrão de arquivos baixados"
+
+msgid "Disk cache"
+msgstr "Cache em Disco"
+
+msgid "Enable log"
+msgstr "Habilitar registros"
+
+msgid "Enabled"
+msgstr "Habilitado"
+
+msgid "Error"
+msgstr "Erro"
+
+msgid "Extra Settings"
+msgstr "Configurações Adicionais"
+
+msgid "Falloc"
+msgstr "Falloc"
+
+msgid "Files and Locations"
+msgstr "Arquivos e Locais"
+
+msgid "Follow torrent"
+msgstr "Seguir torrent"
+
+msgid "General Settings"
+msgstr "Configurações Gerais"
+
+msgid "Generate Randomly"
+msgstr "Gerar aleatoriamente"
+
+msgid "Info"
+msgstr "Informações"
+
+msgid "List of additional Bt tracker"
+msgstr "Lista de rastreadores BitTorrent adicionais"
+
+msgid "List of extra settings"
+msgstr "Lista de configurações adicionais"
+
+msgid "Log file is in the config file dir."
+msgstr ""
+"Arquivo de registro (log) está no diretório do arquivo de configuração."
+
+msgid "Log level"
+msgstr "Nível do registro"
+
+msgid "Max concurrent downloads"
+msgstr "Número máximo de transferencias simultâneas"
+
+msgid "Max connection per server"
+msgstr "Numero máximo de conexões por servidor"
+
+msgid "Max number of peers per torrent"
+msgstr "Numero máximo de parceiros por torrent"
+
+msgid "Max number of split"
+msgstr "Numero máximo de divisões"
+
+msgid "Min split size"
+msgstr "Tamanho mínimo da divisão"
+
+msgid "No Authentication"
+msgstr "Sem Autenticação"
+
+msgid "Notice"
+msgstr "Aviso"
+
+msgid "Off"
+msgstr "Desligado"
+
+msgid "Open WebUI-Aria2"
+msgstr "Abrir WebUI-Aria2"
+
+msgid "Open YAAW"
+msgstr "Abrir YAAW"
+
+msgid "Overall download limit"
+msgstr "Limite global para baixar"
+
+msgid "Overall speed limit enabled"
+msgstr "Limite da taxa de transferência global habilitado"
+
+msgid "Overall upload limit"
+msgstr "Limite global para subir"
+
+msgid "Per task download limit"
+msgstr "Limite por tarefa para baixar"
+
+msgid "Per task speed limit enabled"
+msgstr "Limite da taxa de transferência por tarefa habilitado"
+
+msgid "Per task upload limit"
+msgstr "Limite por tarefa para subir"
+
+msgid "Prealloc"
+msgstr "Pré-alocação"
+
+msgid "Preallocation"
+msgstr "Pré-alocação"
+
+msgid "Prefix of peer ID"
+msgstr "Prefixo da identificação do paceiro"
+
+msgid "RPC Token"
+msgstr ""
+"Chave eletrônica do <abbr title=\"Remote Procedure Call/Chamada de "
+"Procedimento Remoto\">RPC</abbr>"
+
+msgid "RPC authentication method"
+msgstr ""
+"Método de autenticação do <abbr title=\"Remote Procedure Call/Chamada de "
+"Procedimento Remoto\">RPC</abbr>"
+
+msgid "RPC password"
+msgstr ""
+"Senha do <abbr title=\"Remote Procedure Call/Chamada de Procedimento Remoto"
+"\">RPC</abbr>"
+
+msgid "RPC port"
+msgstr ""
+"Porta do <abbr title=\"Remote Procedure Call/Chamada de Procedimento Remoto"
+"\">RPC</abbr>"
+
+msgid "RPC username"
+msgstr ""
+"Nome do usuario do <abbr title=\"Remote Procedure Call/Chamada de "
+"Procedimento Remoto\">RPC</abbr>"
+
+msgid "Run daemon as user"
+msgstr "Executar serviço como usuário"
+
+msgid "Sec"
+msgstr "Segurança"
+
+msgid "Task Settings"
+msgstr "Configurações das tarefas"
+
+msgid "The Aria2 service is not running."
+msgstr "O serviço Aria2 está parado."
+
+msgid "The Aria2 service is running."
+msgstr "O serviço Aria2 está em execução."
+
+msgid "Token"
+msgstr "Chave eletrônica"
+
+msgid "Trunc"
+msgstr "Truncar"
+
+msgid "Use WebSocket"
+msgstr "Use WebSockets"
+
+msgid "User agent value"
+msgstr "Valor da identificação do agente do usuário"
+
+msgid "Username & Password"
+msgstr "Usuário & Senha"
+
+msgid "View Json-RPC URL"
+msgstr "Visualizar URL do JSON-RPC"
+
+msgid "Warn"
+msgstr "Atenção"
+
+msgid "in bytes, You can append K or M."
+msgstr "em bytes. Você pode sufixar com K (quilo) ou M (mega)."
+
+msgid "in bytes/sec, You can append K or M."
+msgstr "em bytes por segundo. Você pode sufixar com K (quilo) ou M (mega)."
diff --git a/package/luci/applications/luci-app-commands/po/pt-br/commands.po b/package/luci/applications/luci-app-commands/po/pt-br/commands.po
index 83c7bd5db5..a0c7724d6e 100644
--- a/package/luci/applications/luci-app-commands/po/pt-br/commands.po
+++ b/package/luci/applications/luci-app-commands/po/pt-br/commands.po
@@ -1,15 +1,16 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"PO-Revision-Date: 2014-03-15 22:02+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
+"Project-Id-Version: \n"
+"PO-Revision-Date: 2017-02-20 17:39-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language-Team: none\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"POT-Creation-Date: \n"
 
 msgid "A short textual description of the configured command"
 msgstr "Uma pequena descrição textual do comando configurado"
@@ -96,3 +97,21 @@ msgstr ""
 
 msgid "Waiting for command to complete..."
 msgstr "Aguardando a conclusão do comando..."
+
+#~ msgid "Command executed successfully."
+#~ msgstr "O comando executou com sucesso."
+
+#~ msgid "Command exited with status code"
+#~ msgstr "O comando encerrou com um estado de erro"
+
+#~ msgid "Download execution result"
+#~ msgstr "Baixar os resultados da execução"
+
+#~ msgid "Or display result"
+#~ msgstr "Ou mostre o resultado"
+
+#~ msgid "Standard Error"
+#~ msgstr "Saída de Erro"
+
+#~ msgid "Standard Output"
+#~ msgstr "Saída Padrão"
diff --git a/package/luci/applications/luci-app-ddns/po/pt-br/ddns.po b/package/luci/applications/luci-app-ddns/po/pt-br/ddns.po
index 4970846516..ab22837b28 100644
--- a/package/luci/applications/luci-app-ddns/po/pt-br/ddns.po
+++ b/package/luci/applications/luci-app-ddns/po/pt-br/ddns.po
@@ -2,15 +2,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: luci-app-ddns 2.4.0-1\n"
 "POT-Creation-Date: 2016-01-30 11:07+0100\n"
-"PO-Revision-Date: 2016-07-01 22:40-0300\n"
-"Last-Translator: Matheus Dal Mago <matheusdalmago10@gmail.com>\n"
+"PO-Revision-Date: 2017-02-20 17:41-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language-Team: \n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Poedit 1.8.8\n"
+"X-Generator: Poedit 1.8.11\n"
 
 msgid "&"
 msgstr "&"
@@ -228,7 +228,7 @@ msgid "Error Retry Interval"
 msgstr "Intervalo de tentativas em Erro"
 
 msgid "Event Network"
-msgstr ""
+msgstr "Rede de Evento"
 
 msgid "File"
 msgstr "Arquivo"
@@ -438,16 +438,16 @@ msgid "No certificates found"
 msgstr "Nenhum certificado encontrado"
 
 msgid "No data"
-msgstr ""
+msgstr "Sem dados"
 
 msgid "No logging"
-msgstr ""
+msgstr "Sem registros"
 
 msgid "Non-public and by default blocked IP's"
 msgstr "IPs não públicos e bloqueados por padrão"
 
 msgid "Notice"
-msgstr ""
+msgstr "Aviso"
 
 msgid "Number of last lines stored in log files"
 msgstr "Número das últimas linhas salvas nos arquivos de log"
@@ -475,7 +475,7 @@ msgstr ""
 "Em Erro, o script irá para a execução após um número definido de tentativas"
 
 msgid "OpenWrt Wiki"
-msgstr ""
+msgstr "Wiki do OpenWRT"
 
 msgid "Optional Encoded Parameter"
 msgstr "Parâmetro Opcionalmente Codificado"
@@ -490,7 +490,7 @@ msgid "Optional: Replaces [PARAMOPT] in Update-URL (NOT URL-encoded)"
 msgstr "Opcional: Substitui [PARAMOPT] na URL de atualização"
 
 msgid "Overview"
-msgstr ""
+msgstr "Visão Geral"
 
 msgid "PROXY-Server"
 msgstr "servidor PROXY"
@@ -575,7 +575,7 @@ msgid "There is no service configured."
 msgstr "Não há serviço configurado"
 
 msgid "Timer Settings"
-msgstr ""
+msgstr "Configurações do Controlador de Tempo"
 
 msgid "To change global settings click here"
 msgstr "Clique aqui para mudar configurações globais"
diff --git a/package/luci/applications/luci-app-dynapoint/Makefile b/package/luci/applications/luci-app-dynapoint/Makefile
new file mode 100644
index 0000000000..d16ef4a8fa
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/Makefile
@@ -0,0 +1,20 @@
+#
+# Copyright (C) 2016 The LuCI Team <luci@lists.subsignal.org>
+#
+# This is free software, licensed under the GNU General Public License v3.
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI Support for DynaPoint
+LUCI_DEPENDS:=+dynapoint
+
+PKG_NAME:=luci-app-dynapoint
+PKG_VERSION:=1.0
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-3.0+
+PKG_MAINTAINER:=Tobias Ilte <tobias.ilte@campus.tu-berlin.de>
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
+
diff --git a/package/luci/applications/luci-app-dynapoint/luasrc/controller/dynapoint.lua b/package/luci/applications/luci-app-dynapoint/luasrc/controller/dynapoint.lua
new file mode 100644
index 0000000000..65348632e9
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/luasrc/controller/dynapoint.lua
@@ -0,0 +1,9 @@
+module("luci.controller.dynapoint", package.seeall)
+
+function index()
+   if not nixio.fs.access("/etc/config/dynapoint") then
+      return
+   end
+   entry({"admin", "services", "dynapoint"}, cbi("dynapoint"), _("DynaPoint"))
+end
+
diff --git a/package/luci/applications/luci-app-dynapoint/luasrc/model/cbi/dynapoint.lua b/package/luci/applications/luci-app-dynapoint/luasrc/model/cbi/dynapoint.lua
new file mode 100644
index 0000000000..e6871a5bc4
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/luasrc/model/cbi/dynapoint.lua
@@ -0,0 +1,99 @@
+local uci = require "luci.model.uci".cursor()
+local a = require "luci.model.ipkg"
+local DISP = require "luci.dispatcher"
+
+local wlcursor = luci.model.uci.cursor_state()
+local wireless = wlcursor:get_all("wireless")
+local ifaces = {}
+
+for k, v in pairs(wireless) do
+  if v[".type"] == "wifi-iface" then
+    table.insert(ifaces, v)
+  end
+end
+
+m = Map("dynapoint")
+m:chain("wireless")
+
+s = m:section(NamedSection, "internet", "rule", translate("Configuration"), translate("Check Internet connectivity via HTTP header download"))
+
+hosts = s:option(DynamicList, "hosts", translate("List of host addresses"), translate("List of host addresses (url or IP) to track and request http headers from"))
+hosts.datatype = "string"
+
+interval = s:option(Value, "interval", translate("Test-run interval"), translate("Time interval in seconds to re-start a new test run"))
+interval.datatype = "uinteger"
+interval.default = "30"
+
+offline_treshold = s:option(Value, "offline_threshold", translate("Switch_to_offline threshold"), translate("Failure counter after how many failed download attempts, the state is considered as offline"))
+offline_treshold.datatype = "uinteger"
+offline_treshold.default = "1"
+
+add_hostname_to_ssid = s:option(Flag, "add_hostname_to_ssid", translate("Append hostname to ssid"), translate("Append the router's hostname to the SSID when connectivity check fails"))
+add_hostname_to_ssid.rmempty = false
+
+
+if (a.installed("curl") == true) then
+  use_curl = s:option(Flag, "use_curl", translate("Use curl"), translate("Use curl instead of wget for testing the connectivity."))
+  use_curl.rmempty = false
+
+  curl_interface = s:option(Value, "curl_interface", translate("Used interface"), translate("Which interface should curl use. (Use ifconfig to find out)"))
+  curl_interface.datatype = "string"
+  curl_interface:depends("use_curl","1")
+  curl_interface.placeholder = "eth0"
+else
+  use_curl = s:option(Flag, "use_curl", translate("Use curl instead of wget"), translate("Curl is currently not installed.")
+  .." Please install the package in the "
+  ..[[<a href="]] .. DISP.build_url("admin", "system", "packages")
+  .. "?display=available&query=curl"..[[">]]
+  .. "Software Section" .. [[</a>]]
+  .. "."
+  )
+  use_curl.rmempty = false
+  use_curl.template = "dynapoint/cbi_checkbox"
+end
+
+m1 = Map("wireless", "DynaPoint", translate("Dynamic Access Point Manager"))
+
+aps = m1:section(TypedSection, "wifi-iface", translate("List of Wireless Virtual Interfaces (wVIF)"))
+aps.addremove = false
+aps.anonymous = true
+aps.template  = "cbi/tblsection"
+
+status = aps:option(DummyValue, "disabled", translate("WiFi Status"))
+status.template = "dynapoint/cbi_color"
+
+function status.cfgvalue(self,section)
+  local val = m1:get(section, "disabled")
+  if val == "1" then return translate("Disabled") end
+  if (val == nil or val == "0") then return translate("Enabled") end
+  return val
+end
+
+device = aps:option(DummyValue, "device", translate("Device"))
+function device.cfgvalue(self,section)
+  local dev = m1:get(section, "device")
+  local val = m1:get(dev, "hwmode")
+  if val == "11a" then return dev .. " (5 GHz)"  else
+  return dev .. " (2,4 GHz)"
+  end
+  return val
+end
+
+
+
+
+
+mode = aps:option(DummyValue, "mode", translate("Mode"))
+
+ssid = aps:option(DummyValue, "ssid", translate("SSID"))
+
+
+action = aps:option(ListValue, "dynapoint_rule", translate("Activate this wVIF if status is:"))
+action.widget="select"
+action:value("internet",translate("Online"))
+action:value("!internet",translate("Offline"))
+action:value("",translate("Not used by DynaPoint"))
+action.default = ""
+
+return m1,m
+
diff --git a/package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_checkbox.htm b/package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_checkbox.htm
new file mode 100644
index 0000000000..5f8bcd5ee0
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_checkbox.htm
@@ -0,0 +1,6 @@
+<%+cbi/valueheader%>
+
+<input class="cbi-input-checkbox" disabled data-update="click change" type="checkbox" id="cbid.dynapoint.internet.use_curl" name="cbid.dynapoint.internet.use_curl" value="1" />
+
+
+<%+cbi/valuefooter%>
diff --git a/package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_color.htm b/package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_color.htm
new file mode 100644
index 0000000000..bfc710e236
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/luasrc/view/dynapoint/cbi_color.htm
@@ -0,0 +1,18 @@
+<%+cbi/valueheader%>
+
+
+<%
+if (self:cfgvalue(section) == translate("Disabled")) then
+%>
+
+<span id="<%=cbid%>.disabled" style="background-color:red;"><%=self:cfgvalue(section)%></span>
+
+<%
+else 
+%>
+<span id="<%=cbid%>.disabled" style="background-color:lime;"><%=self:cfgvalue(section)%></span>
+<%
+end
+%>
+
+<%+cbi/valuefooter%>
diff --git a/package/luci/applications/luci-app-dynapoint/po/de/dynapoint.po b/package/luci/applications/luci-app-dynapoint/po/de/dynapoint.po
new file mode 100644
index 0000000000..e2507e493e
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/po/de/dynapoint.po
@@ -0,0 +1,106 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"PO-Revision-Date: 2016-08-31 15:51+0200\n"
+"Language-Team: German\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+msgid "Activate this wVIF if status is:"
+msgstr "Aktiviere diese drahtlose Schnittstelle wenn:"
+
+msgid "Append hostname to ssid"
+msgstr "Anfügen des hostname zur SSID"
+
+msgid "Append the router's hostname to the SSID when connectivity check fails"
+msgstr ""
+"Fügt den hostname des routers zur SSID an, wenn die Verbindungsüberprüfung "
+"fehl schlägt"
+
+msgid "Check Internet connectivity via HTTP header download"
+msgstr "Testen der Internetverfügbarkeit via HTTP header download"
+
+msgid "Configuration"
+msgstr "Konfiguration"
+
+msgid "Curl is currently not installed."
+msgstr "Curl ist momentan nicht installiert."
+
+msgid "Device"
+msgstr "Gerät"
+
+msgid "Disabled"
+msgstr "Deaktiviert"
+
+msgid "DynaPoint"
+msgstr ""
+
+msgid "Dynamic Access Point Manager"
+msgstr ""
+
+msgid "Enabled"
+msgstr "Aktiviert"
+
+msgid ""
+"Failure counter after how many failed download attempts, the state is "
+"considered as offline"
+msgstr ""
+"Anzahl der fehlgeschlagenen Downloadversuche, nach denen die Verbindung als offline angesehen wird"
+
+msgid "List of Wireless Virtual Interfaces (wVIF)"
+msgstr "Liste der Drahtlosen virtuellen Schnittstellen"
+
+msgid "List of host addresses"
+msgstr "Liste der Zieladressen"
+
+msgid ""
+"List of host addresses (url or IP) to track and request http headers from"
+msgstr "Liste der Zieladressen (URL oder IP) für den HTTP header download"
+
+msgid "Mode"
+msgstr "Modus"
+
+msgid "Not used by DynaPoint"
+msgstr "Nicht von DynaPoint benutzt"
+
+msgid "Offline"
+msgstr "Offline"
+
+msgid "Online"
+msgstr "Online"
+
+msgid "SSID"
+msgstr ""
+
+msgid "Switch_to_offline threshold"
+msgstr "Offline-Schwelle"
+
+msgid "Test-run interval"
+msgstr "Testlaufintervall"
+
+msgid "Time interval in seconds to re-start a new test run"
+msgstr "Zeitintervall in Sekunden für einen Testlauf"
+
+msgid "Use curl"
+msgstr "Curl benutzen"
+
+msgid "Use curl instead of wget"
+msgstr "Curl anstatt wget benutzen"
+
+msgid "Use curl instead of wget for testing the connectivity."
+msgstr "Curl anstatt wget benutzen, um die Internetverbindung zu überprüfen."
+
+msgid "Used interface"
+msgstr "Benutztes interface"
+
+msgid "Which interface should curl use. (Use ifconfig to find out)"
+msgstr ""
+"Welches Interface von curl benutzt werden soll. (ifconfig benutzen, um das "
+"herauszufinden"
+
+msgid "WiFi Status"
+msgstr ""
+
diff --git a/package/luci/applications/luci-app-dynapoint/po/ja/dynapoint.po b/package/luci/applications/luci-app-dynapoint/po/ja/dynapoint.po
new file mode 100644
index 0000000000..75031985f7
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/po/ja/dynapoint.po
@@ -0,0 +1,108 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: INAGAKI Hiroshi <musashino.open@gmail.com>\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"Language: ja\n"
+
+msgid "Activate this wVIF if status is:"
+msgstr "wVIFを有効化する接続ステータス:"
+
+msgid "Append hostname to ssid"
+msgstr "ホスト名をSSIDに追加する"
+
+msgid "Append the router's hostname to the SSID when connectivity check fails"
+msgstr "接続性のチェックが失敗した場合、ルーターのホスト名をSSIDに追加します。"
+
+msgid "Check Internet connectivity via HTTP header download"
+msgstr ""
+"HTTP ヘッダーのダウンロードを通して、インターネットの接続性をチェックします。"
+
+msgid "Configuration"
+msgstr "設定"
+
+msgid "Curl is currently not installed."
+msgstr "curl は現在インストールされていません。"
+
+msgid "Device"
+msgstr "デバイス"
+
+msgid "Disabled"
+msgstr "無効"
+
+msgid "DynaPoint"
+msgstr "DynaPoint"
+
+msgid "Dynamic Access Point Manager"
+msgstr "ダイナミック アクセスポイント マネージャー"
+
+msgid "Enabled"
+msgstr "有効"
+
+msgid ""
+"Failure counter after how many failed download attempts, the state is "
+"considered as offline"
+msgstr "状態をオフラインと見なすまでの、ダウンロード試行の失敗回数です。"
+
+msgid "List of Wireless Virtual Interfaces (wVIF)"
+msgstr "無線仮想インターフェース (wVIF) のリスト"
+
+msgid "List of host addresses"
+msgstr "ホストアドレスのリスト"
+
+msgid ""
+"List of host addresses (url or IP) to track and request http headers from"
+msgstr ""
+"HTTP ヘッダーの追跡およびリクエストを行う、ホスト アドレス（URLまたはIP）のリ"
+"ストです。"
+
+msgid "Mode"
+msgstr "モード"
+
+msgid "Not used by DynaPoint"
+msgstr "DynaPointで使用しない"
+
+msgid "Offline"
+msgstr "オフライン"
+
+msgid "Online"
+msgstr "オンライン"
+
+msgid "SSID"
+msgstr "SSID"
+
+msgid "Switch_to_offline threshold"
+msgstr "オフライン化閾値"
+
+msgid "Test-run interval"
+msgstr "テスト実行間隔"
+
+msgid "Time interval in seconds to re-start a new test run"
+msgstr "接続性テストを再実行するまでの時間間隔（秒）です。"
+
+msgid "Use curl"
+msgstr "curl を使用する"
+
+msgid "Use curl instead of wget"
+msgstr "wget の代わりに curl を使用する"
+
+msgid "Use curl instead of wget for testing the connectivity."
+msgstr "接続性のテストの際、wget の代わりに curl を使用します。"
+
+msgid "Used interface"
+msgstr "使用するインターフェース"
+
+msgid "Which interface should curl use. (Use ifconfig to find out)"
+msgstr ""
+"curl が使用するインターフェースです。ifconfigを使用してインターフェース名を確"
+"認します。"
+
+msgid "WiFi Status"
+msgstr "無線ステータス"
diff --git a/package/luci/applications/luci-app-dynapoint/po/pt-br/dynapoint.po b/package/luci/applications/luci-app-dynapoint/po/pt-br/dynapoint.po
new file mode 100644
index 0000000000..59b02629a9
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/po/pt-br/dynapoint.po
@@ -0,0 +1,107 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid "Activate this wVIF if status is:"
+msgstr "Aivar este wVIF se o estado for:"
+
+msgid "Append hostname to ssid"
+msgstr "Sufixar o nome do equipamento ao SSID"
+
+msgid "Append the router's hostname to the SSID when connectivity check fails"
+msgstr ""
+"Sufixar o nome do roteador ao SSID quando a verificação da conectividade "
+"falhar"
+
+msgid "Check Internet connectivity via HTTP header download"
+msgstr "Cerifique a conectividade com a internet baixando o cabeçalho HTTP "
+
+msgid "Configuration"
+msgstr "Configuração"
+
+msgid "Curl is currently not installed."
+msgstr "O cURL não está instalado."
+
+msgid "Device"
+msgstr "Dispositivo"
+
+msgid "Disabled"
+msgstr "Desabilitado"
+
+msgid "DynaPoint"
+msgstr "DynaPoint"
+
+msgid "Dynamic Access Point Manager"
+msgstr "Gerenciamento do Ponto de Acesso Dinâmico"
+
+msgid "Enabled"
+msgstr "Habilitado"
+
+msgid ""
+"Failure counter after how many failed download attempts, the state is "
+"considered as offline"
+msgstr "Numero de falhar para considerar como inalcançável"
+
+msgid "List of Wireless Virtual Interfaces (wVIF)"
+msgstr "Lista de Interfaces Virtuais Wireless (wVIF)"
+
+msgid "List of host addresses"
+msgstr "Lista de endereços dos equipamentos"
+
+msgid ""
+"List of host addresses (url or IP) to track and request http headers from"
+msgstr ""
+"Lista de endereços dos equipamentos (URL ou endereço IP) para requisitar "
+"cabeçalhos HTTP"
+
+msgid "Mode"
+msgstr "Modo"
+
+msgid "Not used by DynaPoint"
+msgstr "Não usado pelo DynaPoint"
+
+msgid "Offline"
+msgstr "Desconectado"
+
+msgid "Online"
+msgstr "Conectado"
+
+msgid "SSID"
+msgstr "SSID"
+
+msgid "Switch_to_offline threshold"
+msgstr "Limiar para mudar para desconectado"
+
+msgid "Test-run interval"
+msgstr "Intervalo para execução do teste"
+
+msgid "Time interval in seconds to re-start a new test run"
+msgstr "Intervalo, em segundos, para reiniciar um nova execução do teste"
+
+msgid "Use curl"
+msgstr "Usar cURL"
+
+msgid "Use curl instead of wget"
+msgstr "Usar cURL ao invés do wget"
+
+msgid "Use curl instead of wget for testing the connectivity."
+msgstr "Usar cURL ao invés do wget para testar a conectividade."
+
+msgid "Used interface"
+msgstr "Dispositivos usadas"
+
+msgid "Which interface should curl use. (Use ifconfig to find out)"
+msgstr "Qual dispositivo o cURL deve usar. (Use ifconfig para listá-las)"
+
+msgid "WiFi Status"
+msgstr "Estado da WiFi"
diff --git a/package/luci/applications/luci-app-dynapoint/po/templates/dynapoint.pot b/package/luci/applications/luci-app-dynapoint/po/templates/dynapoint.pot
new file mode 100644
index 0000000000..f352425be3
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/po/templates/dynapoint.pot
@@ -0,0 +1,92 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+msgid "Activate this wVIF if status is:"
+msgstr ""
+
+msgid "Append hostname to ssid"
+msgstr ""
+
+msgid "Append the router's hostname to the SSID when connectivity check fails"
+msgstr ""
+
+msgid "Check Internet connectivity via HTTP header download"
+msgstr ""
+
+msgid "Configuration"
+msgstr ""
+
+msgid "Curl is currently not installed."
+msgstr ""
+
+msgid "Device"
+msgstr ""
+
+msgid "Disabled"
+msgstr ""
+
+msgid "DynaPoint"
+msgstr ""
+
+msgid "Dynamic Access Point Manager"
+msgstr ""
+
+msgid "Enabled"
+msgstr ""
+
+msgid ""
+"Failure counter after how many failed download attempts, the state is "
+"considered as offline"
+msgstr ""
+
+msgid "List of Wireless Virtual Interfaces (wVIF)"
+msgstr ""
+
+msgid "List of host addresses"
+msgstr ""
+
+msgid ""
+"List of host addresses (url or IP) to track and request http headers from"
+msgstr ""
+
+msgid "Mode"
+msgstr ""
+
+msgid "Not used by DynaPoint"
+msgstr ""
+
+msgid "Offline"
+msgstr ""
+
+msgid "Online"
+msgstr ""
+
+msgid "SSID"
+msgstr ""
+
+msgid "Switch_to_offline threshold"
+msgstr ""
+
+msgid "Test-run interval"
+msgstr ""
+
+msgid "Time interval in seconds to re-start a new test run"
+msgstr ""
+
+msgid "Use curl"
+msgstr ""
+
+msgid "Use curl instead of wget"
+msgstr ""
+
+msgid "Use curl instead of wget for testing the connectivity."
+msgstr ""
+
+msgid "Used interface"
+msgstr ""
+
+msgid "Which interface should curl use. (Use ifconfig to find out)"
+msgstr ""
+
+msgid "WiFi Status"
+msgstr ""
diff --git a/package/luci/applications/luci-app-dynapoint/root/etc/uci-defaults/40_luci-dynapoint b/package/luci/applications/luci-app-dynapoint/root/etc/uci-defaults/40_luci-dynapoint
new file mode 100644
index 0000000000..7287ccd420
--- /dev/null
+++ b/package/luci/applications/luci-app-dynapoint/root/etc/uci-defaults/40_luci-dynapoint
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# needed for "Save and Apply" to restart dynapoint
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@dynapoint[-1]
+	add ucitrack dynapoint
+	set ucitrack.@dynapoint[-1].init="dynapoint"
+	commit dynapoint
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0
+
diff --git a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
index 22f1c77164..17a49483d7 100644
--- a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
+++ b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
@@ -73,7 +73,7 @@ o = s:option(Value, "src_ip",
 	translate("Source IP address"),
 	translate("Only match incoming traffic from this IP or range."))
 o.rmempty = true
-o.datatype = "neg(ip4addr)"
+o.datatype = "neg(ipmask4)"
 o.placeholder = translate("any")
 
 luci.sys.net.ipv4_hints(function(ip, name)
@@ -99,7 +99,7 @@ end)
 
 
 o.rmempty = true
-o.datatype = "neg(ip4addr)"
+o.datatype = "neg(ipmask4)"
 o.placeholder = translate("any")
 
 
@@ -119,7 +119,7 @@ o.template = "cbi/firewall_zonelist"
 o = s:option(Value, "dest_ip", translate("Internal IP address"),
 	translate("Redirect matched incoming traffic to the specified \
 		internal host"))
-o.datatype = "ip4addr"
+o.datatype = "ipmask4"
 
 luci.sys.net.ipv4_hints(function(ip, name)
 	o:value(ip, "%s (%s)" %{ ip, name })
diff --git a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
index 97e93ae050..1c838888f1 100644
--- a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
+++ b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
@@ -99,7 +99,7 @@ elseif rule_type == "redirect" then
 
 	o = s:option(Value, "src_ip", translate("Source IP address"))
 	o.rmempty = true
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask4)"
 	o.placeholder = translate("any")
 
 	luci.sys.net.ipv4_hints(function(ip, name)
@@ -123,7 +123,7 @@ elseif rule_type == "redirect" then
 
 
 	o = s:option(Value, "dest_ip", translate("Destination IP address"))
-	o.datatype = "neg(ip4addr)"
+	o.datatype = "neg(ipmask4)"
 
 	luci.sys.net.ipv4_hints(function(ip, name)
 		o:value(ip, "%s (%s)" %{ ip, name })
@@ -269,7 +269,7 @@ else
 
 
 	o = s:option(Value, "src_ip", translate("Source address"))
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask)"
 	o.placeholder = translate("any")
 
 	luci.sys.net.ipv4_hints(function(ip, name)
@@ -290,7 +290,7 @@ else
 
 
 	o = s:option(Value, "dest_ip", translate("Destination address"))
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask)"
 	o.placeholder = translate("any")
 
 	luci.sys.net.ipv4_hints(function(ip, name)
diff --git a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
index c8b8f22bda..500d1bf32f 100644
--- a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
+++ b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
@@ -126,7 +126,7 @@ msrc = s:taboption("advanced", DynamicList, "masq_src",
 	translate("Restrict Masquerading to given source subnets"))
 
 msrc.optional = true
-msrc.datatype = "list(neg(or(uciname,hostname,ip4addr)))"
+msrc.datatype = "list(neg(or(uciname,hostname,ipmask4)))"
 msrc.placeholder = "0.0.0.0/0"
 msrc:depends("family", "")
 msrc:depends("family", "ipv4")
@@ -135,7 +135,7 @@ mdest = s:taboption("advanced", DynamicList, "masq_dest",
 	translate("Restrict Masquerading to given destination subnets"))
 
 mdest.optional = true
-mdest.datatype = "list(neg(or(uciname,hostname,ip4addr)))"
+mdest.datatype = "list(neg(or(uciname,hostname,ipmask4)))"
 mdest.placeholder = "0.0.0.0/0"
 mdest:depends("family", "")
 mdest:depends("family", "ipv4")
diff --git a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua
index 694bbd872e..500e5078f4 100644
--- a/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua
+++ b/package/luci/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua
@@ -19,7 +19,6 @@ s.addremove = false
 s:option(Flag, "syn_flood", translate("Enable SYN-flood protection"))
 
 o = s:option(Flag, "drop_invalid", translate("Drop invalid packets"))
-o.default = o.enabled
 
 p = {
 	s:option(ListValue, "input", translate("Input")),
diff --git a/package/luci/applications/luci-app-firewall/po/ko/firewall.po b/package/luci/applications/luci-app-firewall/po/ko/firewall.po
new file mode 100644
index 0000000000..f43fdc8826
--- /dev/null
+++ b/package/luci/applications/luci-app-firewall/po/ko/firewall.po
@@ -0,0 +1,505 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2010-03-30 17:00+0200\n"
+"PO-Revision-Date: 2012-11-14 17:32+0200\n"
+"Last-Translator: Weongyo Jeong <weongyo@gmail.com>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: ko\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Pootle 2.0.6\n"
+
+msgid "%s in %s"
+msgstr ""
+
+msgid "%s%s with %s"
+msgstr "%s%s ,%s"
+
+msgid "%s, %s in %s"
+msgstr ""
+
+msgid "(Unnamed Entry)"
+msgstr ""
+
+msgid "(Unnamed Rule)"
+msgstr ""
+
+msgid "(Unnamed SNAT)"
+msgstr ""
+
+msgid "<var>%d</var> pkts. per <var>%s</var>"
+msgstr ""
+
+msgid "<var>%d</var> pkts. per <var>%s</var>, burst <var>%d</var> pkts."
+msgstr ""
+
+msgid "<var>%s</var> and limit to %s"
+msgstr ""
+
+msgid "Action"
+msgstr ""
+
+msgid "Add"
+msgstr ""
+
+msgid "Add and edit..."
+msgstr "추가 후 수정..."
+
+msgid "Advanced Settings"
+msgstr ""
+
+msgid "Allow forward from <em>source zones</em>:"
+msgstr "<em>Source zone</em> 로부터의 forward 허용:"
+
+msgid "Allow forward to <em>destination zones</em>:"
+msgstr "<em>Destination zone</em> 으로 forward 허용:"
+
+msgid "Any"
+msgstr ""
+
+msgid "Covered networks"
+msgstr ""
+
+msgid "Custom Rules"
+msgstr "Custom Rule"
+
+msgid ""
+"Custom rules allow you to execute arbritary iptables commands which are not "
+"otherwise covered by the firewall framework. The commands are executed after "
+"each firewall restart, right after the default ruleset has been loaded."
+msgstr ""
+"Custom rule 은 방화벽 UI 로 해결이 되지 않는 임의의 iptables 명령을 실행할 "
+"수 있도록 합니다.  입력된 명령어들은 매 방화벽 재시작시 실행되는데 default "
+"ruleset 이 load 된 후 시점입니다."
+
+msgid "Destination IP address"
+msgstr "Destination IP 주소"
+
+msgid "Destination address"
+msgstr "Destination 주소"
+
+msgid "Destination port"
+msgstr ""
+
+msgid "Destination zone"
+msgstr ""
+
+msgid "Do not rewrite"
+msgstr ""
+
+msgid "Drop invalid packets"
+msgstr ""
+
+msgid "Enable"
+msgstr "활성화"
+
+msgid "Enable NAT Loopback"
+msgstr "NAT Loopback 활성화"
+
+msgid "Enable SYN-flood protection"
+msgstr "SYN-flood protection 활성화"
+
+msgid "Enable logging on this zone"
+msgstr "zone 의 logging 활성화"
+
+msgid "External IP address"
+msgstr "외부 IP 주소"
+
+msgid "External port"
+msgstr "외부 port"
+
+msgid "External zone"
+msgstr "외부 zone"
+
+msgid "Extra arguments"
+msgstr "추가 argument"
+
+msgid "Firewall"
+msgstr "방화벽"
+
+msgid "Firewall - Custom Rules"
+msgstr "방화벽 - Custom Rules"
+
+msgid "Firewall - Port Forwards"
+msgstr "방화벽 - Port Forwards"
+
+msgid "Firewall - Traffic Rules"
+msgstr "방화벽 - Traffic Rules"
+
+msgid "Firewall - Zone Settings"
+msgstr "방화벽 - Zone 설정"
+
+msgid "Force connection tracking"
+msgstr ""
+
+msgid "Forward"
+msgstr ""
+
+msgid "Forward to"
+msgstr ""
+
+msgid "Friday"
+msgstr "금요일"
+
+msgid "From %s in %s"
+msgstr ""
+
+msgid "From %s in %s with source %s"
+msgstr ""
+
+msgid "From %s in %s with source %s and %s"
+msgstr ""
+
+msgid "General Settings"
+msgstr ""
+
+msgid "IPv4"
+msgstr ""
+
+msgid "IPv4 and IPv6"
+msgstr ""
+
+msgid "IPv4 only"
+msgstr ""
+
+msgid "IPv6"
+msgstr ""
+
+msgid "IPv6 only"
+msgstr ""
+
+msgid "Input"
+msgstr ""
+
+msgid "Inter-Zone Forwarding"
+msgstr ""
+
+msgid "Internal IP address"
+msgstr "내부 IP 주소"
+
+msgid "Internal port"
+msgstr "내부 port"
+
+msgid "Internal zone"
+msgstr "내부 zone"
+
+msgid "Limit log messages"
+msgstr ""
+
+msgid "MSS clamping"
+msgstr ""
+
+msgid "Masquerading"
+msgstr ""
+
+msgid "Match"
+msgstr ""
+
+msgid "Match ICMP type"
+msgstr ""
+
+msgid "Match forwarded traffic to the given destination port or port range."
+msgstr ""
+
+msgid ""
+"Match incoming traffic directed at the given destination port or port range "
+"on this host"
+msgstr ""
+
+msgid ""
+"Match incoming traffic originating from the given source port or port range "
+"on the client host."
+msgstr ""
+
+msgid "Monday"
+msgstr "월요일"
+
+msgid "Month Days"
+msgstr ""
+
+msgid "Name"
+msgstr "이름"
+
+msgid "New SNAT rule"
+msgstr "새로운 SNAT rule"
+
+msgid "New forward rule"
+msgstr "새로운 forward rule"
+
+msgid "New input rule"
+msgstr "새로운 input rule"
+
+msgid "New port forward"
+msgstr "새로운 port forward"
+
+msgid "New source NAT"
+msgstr "새로운 source NAT"
+
+msgid "Only match incoming traffic directed at the given IP address."
+msgstr ""
+
+msgid "Only match incoming traffic from these MACs."
+msgstr ""
+
+msgid "Only match incoming traffic from this IP or range."
+msgstr ""
+
+msgid ""
+"Only match incoming traffic originating from the given source port or port "
+"range on the client host"
+msgstr ""
+
+msgid "Open ports on router"
+msgstr ""
+
+msgid "Other..."
+msgstr ""
+
+msgid "Output"
+msgstr ""
+
+msgid "Passes additional arguments to iptables. Use with care!"
+msgstr "iptables 명령에 추가 인자들을 더합니다.  조심해 사용하세요!"
+
+msgid "Port Forwards"
+msgstr "Port Forward"
+
+msgid ""
+"Port forwarding allows remote computers on the Internet to connect to a "
+"specific computer or service within the private LAN."
+msgstr ""
+"Port forwarding 기능은 인터넷 상의 원격 컴퓨터가 내부 LAN 에 속한 특정 컴퓨터"
+"나 서비스에 접속할 수 있도록 합니다."
+
+msgid "Protocol"
+msgstr ""
+
+msgid ""
+"Redirect matched incoming traffic to the given port on the internal host"
+msgstr ""
+
+msgid "Redirect matched incoming traffic to the specified internal host"
+msgstr ""
+
+msgid "Restart Firewall"
+msgstr ""
+
+msgid "Restrict Masquerading to given destination subnets"
+msgstr "주어진 destination subnet 으로 Masquerading 제한"
+
+msgid "Restrict Masquerading to given source subnets"
+msgstr "주어진 source subnet 으로 Masquerading 제한"
+
+msgid "Restrict to address family"
+msgstr "Address family 제한"
+
+msgid "Rewrite matched traffic to the given address."
+msgstr ""
+
+msgid ""
+"Rewrite matched traffic to the given source port. May be left empty to only "
+"rewrite the IP address."
+msgstr ""
+
+msgid "Rewrite to source %s"
+msgstr ""
+
+msgid "Rewrite to source %s, %s"
+msgstr ""
+
+msgid "SNAT IP address"
+msgstr ""
+
+msgid "SNAT port"
+msgstr ""
+
+msgid "Saturday"
+msgstr "토요일"
+
+msgid "Source IP address"
+msgstr "Source IP 주소"
+
+msgid "Source MAC address"
+msgstr "Source MAC 주소"
+
+msgid "Source NAT"
+msgstr ""
+
+msgid ""
+"Source NAT is a specific form of masquerading which allows fine grained "
+"control over the source IP used for outgoing traffic, for example to map "
+"multiple WAN addresses to internal subnets."
+msgstr ""
+"Source NAT 기능은 masquerading 의 한 형태로써 outgoing 트래픽이 사용할 "
+"source IP 를 세밀하게 제어할 수 있습니다.  예를 들어 다수의 WAN 주소들을 내"
+"부 subnet 에 매핑(mapping) 할 경우 사용됩니다."
+
+msgid "Source address"
+msgstr "Source 주소"
+
+msgid "Source port"
+msgstr ""
+
+msgid "Source zone"
+msgstr ""
+
+msgid "Start Date (yyyy-mm-dd)"
+msgstr "시작 날짜 (yyyy-mm-dd)"
+
+msgid "Start Time (hh:mm:ss)"
+msgstr "시작 시간 (hh:mm:ss)"
+
+msgid "Stop Date (yyyy-mm-dd)"
+msgstr "종료 날짜 (yyyy-mm-dd)"
+
+msgid "Stop Time (hh:mm:ss)"
+msgstr "종료 시간 (hh:mm:ss)"
+
+msgid "Sunday"
+msgstr "일요일"
+
+msgid ""
+"The firewall creates zones over your network interfaces to control network "
+"traffic flow."
+msgstr ""
+"방화벽 기능을 이용하여 네트워크 인터페이스와 연결된 zone 을 생성할 수 있고 이"
+"를 이용하여 네트워크 traffic flow 를 제어할 수 있습니다."
+
+msgid ""
+"The options below control the forwarding policies between this zone (%s) and "
+"other zones. <em>Destination zones</em> cover forwarded traffic "
+"<strong>originating from %q</strong>. <em>Source zones</em> match forwarded "
+"traffic from other zones <strong>targeted at %q</strong>. The forwarding "
+"rule is <em>unidirectional</em>, e.g. a forward from lan to wan does "
+"<em>not</em> imply a permission to forward from wan to lan as well."
+msgstr ""
+"이 zone (%s) 과 다른 zone 들 사이의 forwarding 정책을 제어하는 옵션들입니다. "
+"<em>Destination zones</em> 은 <strong>%q 에서 출발한 </strong> forward "
+"traffic 을 뜻하고, <em>Source zones</em> 은 다른 zone 들에서 <strong>%q 로 전"
+"달되는</strong> forward traffic 을 뜻합니다. Forwarding rule 은 "
+"<em>unidirectional</em> 인데, 예를 들어 LAN 에서 WAN 으로의 forward 규칙이 "
+"WAN 에서 LAN 으로의 forward 를 허락하는 것이 아닙니다."
+
+msgid ""
+"This page allows you to change advanced properties of the port forwarding "
+"entry. In most cases there is no need to modify those settings."
+msgstr ""
+"이 메뉴에서는 port forwarding 의 고급 설정 정보를 변경할 수 있습니다. 대부분"
+"의 경우 이 설정을 수정할 일이 없습니다."
+
+msgid ""
+"This page allows you to change advanced properties of the traffic rule "
+"entry, such as matched source and destination hosts."
+msgstr ""
+"이 메뉴에서는 traffic rule 항목의 고급 설정, 예를 들어 source host 와 "
+"destination host 매칭, 을 변경할 수 있습니다."
+
+#, fuzzy
+msgid ""
+"This section defines common properties of %q. The <em>input</em> and "
+"<em>output</em> options set the default policies for traffic entering and "
+"leaving this zone while the <em>forward</em> option describes the policy for "
+"forwarded traffic between different networks within the zone. <em>Covered "
+"networks</em> specifies which available networks are members of this zone."
+msgstr ""
+"이 섹션은 %q 의 공통 속성을 설정할 수 있습니다.  <em>input</em> 과 "
+"<em>output</em> 옵션은 이 zone 으로 전달되어 들오거나 나가는 트래픽에 대한 기"
+"본 정책을 뜻합니다. <em>forward</em> 옵션은 zone 내에서 다른 네트워크들 사이"
+"를 오가는 forward traffic 에 대한 정책을 뜻합니다. <em>Covered networks</em> "
+"에서는 zone 의 영향을 받을 네트워크들을 지정할 수 있습니다."
+
+msgid "Thursday"
+msgstr "목요일"
+
+msgid "Time in UTC"
+msgstr "UTC 기준시"
+
+msgid "To %s at %s on <var>this device</var>"
+msgstr ""
+
+msgid "To %s in %s"
+msgstr ""
+
+msgid "To %s on <var>this device</var>"
+msgstr ""
+
+msgid "To %s, %s in %s"
+msgstr ""
+
+msgid "To source IP"
+msgstr ""
+
+msgid "To source port"
+msgstr ""
+
+msgid "Traffic Rules"
+msgstr "Traffic Rule"
+
+msgid ""
+"Traffic rules define policies for packets traveling between different zones, "
+"for example to reject traffic between certain hosts or to open WAN ports on "
+"the router."
+msgstr ""
+"Traffic rule 은 서로 다른 zone 사이를 오가는 패킷들에 대한 정책을 정의합니"
+"다. 예를 들어 특정 host 들 사이의 트래픽을 차단하거나 공유기의 WAN port 를 "
+"open 할때 사용됩니다."
+
+msgid "Tuesday"
+msgstr "화요일"
+
+msgid "Via %s"
+msgstr ""
+
+msgid "Via %s at %s"
+msgstr ""
+
+msgid "Wednesday"
+msgstr "수요일"
+
+msgid "Week Days"
+msgstr "주일"
+
+msgid ""
+"You may specify multiple by selecting \"-- custom --\" and then entering "
+"protocols separated by space."
+msgstr ""
+
+msgid "Zone %q"
+msgstr ""
+
+msgid "Zone ⇒ Forwardings"
+msgstr ""
+
+msgid "Zones"
+msgstr "Zone 내역"
+
+msgid "accept"
+msgstr ""
+
+msgid "any"
+msgstr ""
+
+msgid "any host"
+msgstr ""
+
+msgid "any router IP"
+msgstr ""
+
+msgid "any zone"
+msgstr ""
+
+msgid "don't track"
+msgstr ""
+
+msgid "drop"
+msgstr ""
+
+msgid "reject"
+msgstr ""
+
+msgid "traffic"
+msgstr ""
diff --git a/package/luci/applications/luci-app-firewall/po/pt-br/firewall.po b/package/luci/applications/luci-app-firewall/po/pt-br/firewall.po
index 2d601f8575..ab714b50b9 100644
--- a/package/luci/applications/luci-app-firewall/po/pt-br/firewall.po
+++ b/package/luci/applications/luci-app-firewall/po/pt-br/firewall.po
@@ -1,17 +1,17 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2010-03-30 17:00+0200\n"
-"PO-Revision-Date: 2014-06-21 19:03+0200\n"
-"Last-Translator: Éder <eder.grigorio@openmailbox.org>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
+"PO-Revision-Date: 2017-02-20 17:43-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"Language-Team: \n"
 
 msgid "%s in %s"
 msgstr "%s in %s"
@@ -143,7 +143,7 @@ msgid "Forward to"
 msgstr "Encaminhar para"
 
 msgid "Friday"
-msgstr ""
+msgstr "Sexta-feira"
 
 msgid "From %s in %s"
 msgstr "Vindo de %s em %s"
@@ -222,10 +222,10 @@ msgstr ""
 "equipamento cliente."
 
 msgid "Monday"
-msgstr ""
+msgstr "Segunda-Feira"
 
 msgid "Month Days"
-msgstr ""
+msgstr "Dias do mês"
 
 msgid "Name"
 msgstr "Nome"
@@ -296,7 +296,7 @@ msgid "Redirect matched incoming traffic to the specified internal host"
 msgstr "Redireciona tráfego entrante para o computador interno especificado"
 
 msgid "Restart Firewall"
-msgstr ""
+msgstr "Reiniciar o Firewall"
 
 msgid "Restrict Masquerading to given destination subnets"
 msgstr "Restringe o mascaramento para uma subrede de destino específica"
@@ -330,7 +330,7 @@ msgid "SNAT port"
 msgstr "Porta da SNAT"
 
 msgid "Saturday"
-msgstr ""
+msgstr "Sábado"
 
 msgid "Source IP address"
 msgstr "Endereço IP de origem"
@@ -360,19 +360,19 @@ msgid "Source zone"
 msgstr "Zona de origem"
 
 msgid "Start Date (yyyy-mm-dd)"
-msgstr ""
+msgstr "Dia inicial (aaaa-mm-dd)"
 
 msgid "Start Time (hh:mm:ss)"
-msgstr ""
+msgstr "Hora inicial (hh:mm:ss)"
 
 msgid "Stop Date (yyyy-mm-dd)"
-msgstr ""
+msgstr "Dia final (aaaa-mm-dd)"
 
 msgid "Stop Time (hh:mm:ss)"
-msgstr ""
+msgstr "Hora final (hh:mm:ss)"
 
 msgid "Sunday"
-msgstr ""
+msgstr "Domingo"
 
 msgid ""
 "The firewall creates zones over your network interfaces to control network "
@@ -411,7 +411,6 @@ msgstr ""
 "Esta página permite que você mude propriedades avançadas da entrada da regra "
 "de tráfego, como os equipamentos de origem e destino."
 
-#, fuzzy
 msgid ""
 "This section defines common properties of %q. The <em>input</em> and "
 "<em>output</em> options set the default policies for traffic entering and "
@@ -427,10 +426,10 @@ msgstr ""
 "zona."
 
 msgid "Thursday"
-msgstr ""
+msgstr "Quita-feira"
 
 msgid "Time in UTC"
-msgstr ""
+msgstr "Hora em UTC"
 
 msgid "To %s at %s on <var>this device</var>"
 msgstr "Para %s em %s <var>neste dispositivo</var>"
@@ -463,7 +462,7 @@ msgstr ""
 "ou abrir portas WAN no roteador."
 
 msgid "Tuesday"
-msgstr ""
+msgstr "Terça-feira"
 
 msgid "Via %s"
 msgstr "Via %s"
@@ -472,10 +471,10 @@ msgid "Via %s at %s"
 msgstr "Via %s at %s"
 
 msgid "Wednesday"
-msgstr ""
+msgstr "Quarta-feira"
 
 msgid "Week Days"
-msgstr ""
+msgstr "Dias da semana"
 
 msgid ""
 "You may specify multiple by selecting \"-- custom --\" and then entering "
diff --git a/package/luci/applications/luci-app-fwknopd/po/pt-br/fwknopd.po b/package/luci/applications/luci-app-fwknopd/po/pt-br/fwknopd.po
new file mode 100644
index 0000000000..286b49db31
--- /dev/null
+++ b/package/luci/applications/luci-app-fwknopd/po/pt-br/fwknopd.po
@@ -0,0 +1,116 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid ""
+"Allow SPA clients to request access to services through an iptables firewall "
+"instead of just to it."
+msgstr ""
+"Permitir que clientes SPA requeiram acesso a serviços através de um firewall "
+"iptables ao invés de apenas fazê-lo."
+
+msgid "Allow SPA clients to request forwarding destination by DNS name."
+msgstr ""
+"Permitir que clientes SPA requeiram encaminhamento de destinos por nome DNS."
+
+msgid "Base 64 key"
+msgstr "Chave em formato base64"
+
+msgid ""
+"Define a set of ports and protocols (tcp or udp) that will be opened if a "
+"valid knock sequence is seen. If this entry is not set, fwknopd will attempt "
+"to honor any proto/port request specified in the SPA data (unless of it "
+"matches any “RESTRICT_PORTS” entries). Multiple entries are comma-separated."
+msgstr ""
+"Define um conjunto de porta e protocolos (TCP ou UDP) que serão abertos se "
+"uma sequência de batidas for observada. Se esta entrada não estiver "
+"definida, fwknopd irá tentar honrar qualquer requisição de protocolo/porta "
+"especificada nos dados SPA (a não ser se casar com qualquer entrada de "
+"\"RESTRICT_PORTS\"). Múltiplas entradas serão separadas por vírgula."
+
+msgid ""
+"Define the length of time access will be granted by fwknopd through the "
+"firewall after a valid knock sequence from a source IP address. If "
+"“FW_ACCESS_TIMEOUT” is not set then the default timeout of 30 seconds will "
+"automatically be set."
+msgstr ""
+"Define a duração do tempo de acesso que será concedido pelo fwknopd através "
+"do firewall depois de uma sequência de batidas válida de um endereço IP. Se "
+"“FW_ACCESS_TIMEOUT” não estiver definido, o valor padrão será de 30 "
+"segundos. "
+
+msgid ""
+"Define the symmetric key used for decrypting an incoming SPA packet that is "
+"encrypted by the fwknop client with Rijndael."
+msgstr ""
+"Define a chave simétrica usada para decifrar um pacote SPA entrante que foi "
+"cifrado pelo cliente fwknop com o algoritmo Rijndael."
+
+msgid "Enable Uci/Luci control"
+msgstr "Habilitar o controle UCI/Luci"
+
+msgid "Enable config overwrite"
+msgstr "Habilitar a sobrescrita da configuração"
+
+msgid "Firewall Knock Daemon"
+msgstr "Servidor do Firwall Knock"
+
+msgid "Firewall Knock Operator"
+msgstr "Operador do Firewall Knock"
+
+msgid ""
+"Force all SPA packets to contain a real IP address within the encrypted "
+"data. This makes it impossible to use the -s command line argument on the "
+"fwknop client command line, so either -R has to be used to automatically "
+"resolve the external address (if the client behind a NAT) or the client must "
+"know the external IP and set it via the -a argument."
+msgstr ""
+"Forçar que todos os pacotes SPA contenham um endereço IP real dentro do "
+"pacote cifrado. Isto torna impossível o uso do argumento de linha de comando "
+"'-s' no cliente fwknop. Desta forma, ou o argumento '-R' deve ser usada para "
+"resolver os endereços externos automaticamente (se o cliente estiver atrás "
+"de uma NAT)  ou o ciente deve conhecer o seu endereço IP externo e defini-lo "
+"através do argumento '-a'."
+
+msgid ""
+"Maximum age in seconds that an SPA packet will be accepted. defaults to 120 "
+"seconds"
+msgstr ""
+"Idade máxima, em segundos, que um pacote SPA será aceito. Padrão é 120 "
+"segundos."
+
+msgid "Normal Key"
+msgstr "Chave Normal"
+
+msgid "Specify the ethernet interface on which fwknopd will sniff packets."
+msgstr ""
+"Especifica o dispositivo ethernet no qual o fwknopd irá observar os pacotes."
+
+msgid "The base64 hmac key"
+msgstr "A chave de autenticação HMAC em formato base64"
+
+msgid "Use ANY for any source ip"
+msgstr "Use \"ANY\" para qualquer endereço IP de origem"
+
+msgid ""
+"When unchecked, the config files in /etc/fwknopd will be used as is, "
+"ignoring any settings here."
+msgstr ""
+"Quando desmarcado, os arquivos de configuração em /etc/fwknopd serão usados "
+"como estão, ignorando qualquer ajustes feitos aqui."
+
+msgid "access.conf stanzas"
+msgstr "Estâncias do access.conf"
+
+msgid "fwknopd.conf config options"
+msgstr "Opções do fwknopd.conf"
diff --git a/package/luci/applications/luci-app-meshwizard/po/pt-br/meshwizard.po b/package/luci/applications/luci-app-meshwizard/po/pt-br/meshwizard.po
index a2238e52e8..9421e02531 100644
--- a/package/luci/applications/luci-app-meshwizard/po/pt-br/meshwizard.po
+++ b/package/luci/applications/luci-app-meshwizard/po/pt-br/meshwizard.po
@@ -1,17 +1,17 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2011-10-11 00:23+0200\n"
-"PO-Revision-Date: 2014-03-17 10:01+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
+"PO-Revision-Date: 2017-02-20 18:00-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"Language-Team: \n"
 
 msgid "Activate or deactivate IPv6 config globally."
 msgstr "Habilita e desabilita a configuração IPv6 globalmente."
@@ -70,7 +70,6 @@ msgstr "Endereço IPv6 da rede em malha"
 msgid "Mesh Wizard"
 msgstr "Assistente de Configuração da Rede em Malha"
 
-#, fuzzy
 msgid ""
 "Note: this will set up this interface for mesh operation, i.e. add it to "
 "zone 'freifunk' and enable olsr."
diff --git a/package/luci/applications/luci-app-mjpg-streamer/po/pt-br/mjpg-streamer.po b/package/luci/applications/luci-app-mjpg-streamer/po/pt-br/mjpg-streamer.po
new file mode 100644
index 0000000000..28bfa186b0
--- /dev/null
+++ b/package/luci/applications/luci-app-mjpg-streamer/po/pt-br/mjpg-streamer.po
@@ -0,0 +1,172 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid "Allow ringbuffer to exceed limit by this amount"
+msgstr "Permitir que o buffer em anel exceda o limite por essa quantidade"
+
+msgid "Ask for username and password on connect"
+msgstr "Pergunte por um usuário e senha na conexão"
+
+msgid "Authentication required"
+msgstr "Requer autenticação"
+
+msgid "Auto"
+msgstr "Automático"
+
+msgid "Automatic disabling of MJPEG mode"
+msgstr "Desativação automática do modo MJPEG"
+
+msgid "Blink"
+msgstr "Pisca"
+
+msgid "Check to save the stream to an mjpeg file"
+msgstr "Marque para salvar o fluxo em um arquivo MJPEG"
+
+msgid "Command to run"
+msgstr "Comando para executar:"
+
+msgid "Device"
+msgstr "Dispositivo"
+
+msgid "Do not initalize dynctrls of Linux-UVC driver"
+msgstr "Não inicie o dynctrls do driver do Linux-UVC"
+
+msgid "Don't initalize dynctrls"
+msgstr "Não inicia o dynctrls"
+
+msgid "Drop frames smaller then this limit"
+msgstr "Descarte quadros menores que este limite"
+
+msgid "Enable MJPG-streamer"
+msgstr "Ativa o MJPG-streamer"
+
+msgid "Enable YUYV format"
+msgstr "Ativar Formato YUYV"
+
+msgid "Enabled"
+msgstr "Habilitado"
+
+msgid "Exceed"
+msgstr "Ultrapassado"
+
+msgid ""
+"Execute command after saving picture. Mjpg-streamer parse the filename as "
+"first parameter to your script."
+msgstr ""
+"Execute o comando depois de salvar a imagem. Mjpg-streamer passa o nome do "
+"arquivo como primeiro parâmetro para o comando."
+
+msgid "File input"
+msgstr "Entrada do arquivo"
+
+msgid "File output"
+msgstr "Saída do arquivo"
+
+msgid "Folder"
+msgstr "Pasta"
+
+msgid "Folder that contains webpages"
+msgstr "Pasta que contém páginas web"
+
+msgid "Frames per second"
+msgstr "Quadros por segundos"
+
+msgid "General"
+msgstr "Geral"
+
+msgid "HTTP output"
+msgstr "Saída HTTP"
+
+msgid "Input plugin"
+msgstr "Plugins de entrada"
+
+msgid "Interval between saving pictures"
+msgstr "Intervalo entre o salvamento das imagens"
+
+msgid "JPEG compression quality"
+msgstr "Qualidade da compressão JPEG"
+
+msgid "Led control"
+msgstr "Controle de LED"
+
+msgid "MJPG-streamer"
+msgstr "MJPG-streamer"
+
+msgid "Max. number of pictures to hold"
+msgstr "Número máximo de imagens a serem mantidas"
+
+msgid "Mjpeg output"
+msgstr "Saída Mjpeg"
+
+msgid "Off"
+msgstr "Desligado"
+
+msgid "On"
+msgstr "Ligado"
+
+msgid "Output plugin"
+msgstr "Plugin de saída"
+
+msgid "Password"
+msgstr "Senha"
+
+msgid "Plugin settings"
+msgstr "Configurações do Plugin"
+
+msgid "Port"
+msgstr "Porta"
+
+msgid "Resolution"
+msgstr "Resolução"
+
+msgid "Ring buffer size"
+msgstr "Tamanho do buffer em anel"
+
+msgid "Set folder to save pictures"
+msgstr "Definir pasta para salvas as imagens"
+
+msgid "Set the inteval in millisecond"
+msgstr "Defina o intervalo em milisegundos"
+
+msgid ""
+"Set the minimum size if the webcam produces small-sized garbage frames. May "
+"happen under low light conditions"
+msgstr ""
+"Defina o tamanho mínimo se a webcam produz quadros lixo de tamanho pequeno. "
+"Pode acontecer sob condições de pouca luz"
+
+msgid ""
+"Set the quality in percent. This setting activates YUYV format, disables "
+"MJPEG"
+msgstr ""
+"Defina a qualidade em porcentagem. Esta definição ativa o formato YUYV, "
+"desativa MJPEG"
+
+msgid "TCP port for this HTTP server"
+msgstr "Porta TCP para este servidor HTTP"
+
+msgid "UVC input"
+msgstr "Dispositivo UVC de entrada"
+
+msgid "Username"
+msgstr "Usuário"
+
+msgid "WWW folder"
+msgstr "Pasta WWW"
+
+msgid ""
+"mjpg streamer is a streaming application for Linux-UVC compatible webcams"
+msgstr ""
+"Mjpg streamer é uma aplicação de streaming para webcams compatíveis com o "
+"Linux-UVC"
diff --git a/package/luci/applications/luci-app-olsr/po/pt-br/olsr.po b/package/luci/applications/luci-app-olsr/po/pt-br/olsr.po
index 1461c1dd8b..499176c16b 100644
--- a/package/luci/applications/luci-app-olsr/po/pt-br/olsr.po
+++ b/package/luci/applications/luci-app-olsr/po/pt-br/olsr.po
@@ -1,17 +1,17 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2009-06-10 03:41+0200\n"
-"PO-Revision-Date: 2014-06-21 19:36+0200\n"
-"Last-Translator: Éder <eder.grigorio@openmailbox.org>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
+"PO-Revision-Date: 2017-02-20 18:01-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"Language-Team: \n"
 
 msgid "Active MID announcements"
 msgstr ""
@@ -59,7 +59,6 @@ msgstr ""
 "Somente pode ser um endereço IPv4 ou IPv6 válidos ou um endereço 'padrão'"
 
 # 20140621: edersg: tradução
-#, fuzzy
 msgid "Can only be a valid IPv6 address or 'default'"
 msgstr ""
 "Somente pode ser um endereço IPv4 ou IPv6 válidos ou um endereço 'padrão'"
@@ -173,7 +172,6 @@ msgstr ""
 "Validade do <abbr title=\"Host and network association, Associação de "
 "equipamentos e redes\">HNA</abbr>"
 
-#, fuzzy
 msgid "HNA6 Announcements"
 msgstr ""
 "Anúncios do <abbr title=\"Host and network association, Associação de "
@@ -215,7 +213,6 @@ msgstr ""
 "Equipamentos em uma rede roteada por OLSR podem anunciar conectividade para "
 "redes externas usando mensagens HNA."
 
-#, fuzzy
 msgid ""
 "Hosts in a OLSR routed network can announce connecitivity to external "
 "networks using HNA6 messages."
@@ -496,7 +493,6 @@ msgstr ""
 "> reduzir LQ para todos os nós nesta interface em 20%: padrão 0.8"
 
 # 20140621: edersg: tradução
-#, fuzzy
 msgid ""
 "Multiply routes with the factor given here. Allowed values are between 0.01 "
 "and 1.0. It is only used when LQ-Level is greater than 0. Examples:<br /"
@@ -551,7 +547,6 @@ msgstr ""
 "OLSR - Anúncios <abbr title=\"Host and network association, Associação de "
 "equipamentos e redes\">HNA</abbr>"
 
-#, fuzzy
 msgid "OLSR - HNA6-Announcements"
 msgstr ""
 "OLSR - Anúncios <abbr title=\"Host and network association, Associação de "
@@ -654,7 +649,6 @@ msgstr ""
 "durante o funcionamento do olsrd. O padrão é 0.0.0.0, que faz com que o "
 "endereço da primeira interface seja usado."
 
-#, fuzzy
 msgid ""
 "Sets the main IP (originator ip) of the router. This IP will NEVER change "
 "during the uptime of olsrd. Default is ::, which triggers usage of the IP of "
@@ -857,7 +851,6 @@ msgstr ""
 "and network association, Associação de equipamentos e redes\">HNA</abbr> "
 "local de 0.0.0.0/0, ::ffff:0:0/96 ou 2000::/3. O padrão é \"ambos\"."
 
-#, fuzzy
 msgid ""
 "Which kind of uplink is exported to the other mesh nodes. An uplink is "
 "detected by looking for a local HNA6 ::ffff:0:0/96 or 2000::/3. Default "
diff --git a/package/luci/applications/luci-app-openvpn/po/pt-br/openvpn.po b/package/luci/applications/luci-app-openvpn/po/pt-br/openvpn.po
index 916370e7f9..84b0540581 100644
--- a/package/luci/applications/luci-app-openvpn/po/pt-br/openvpn.po
+++ b/package/luci/applications/luci-app-openvpn/po/pt-br/openvpn.po
@@ -1,17 +1,17 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2009-06-10 03:41+0200\n"
-"PO-Revision-Date: 2014-03-29 23:19+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
+"PO-Revision-Date: 2017-02-20 18:04-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"Language-Team: \n"
 
 msgid "%s"
 msgstr "%s"
@@ -154,7 +154,7 @@ msgid "Don't log timestamps"
 msgstr "Não registar a data/hora"
 
 msgid "Don't pull routes automatically"
-msgstr ""
+msgstr "Não puxe as rotas automaticamente"
 
 msgid "Don't re-read key on restart"
 msgstr "Não reler a chave entre os reinícios"
@@ -505,13 +505,13 @@ msgid "Temporary directory for client-connect return file"
 msgstr "Diretório temporário para arquivo de retorno de conexão-cliente"
 
 msgid "The highest supported TLS version"
-msgstr ""
+msgstr "A mais alta versão suporta do TLS"
 
 msgid "The key direction for 'tls-auth' and 'secret' options"
-msgstr ""
+msgstr "A direção da chave para as opções 'tls-auth' e 'secret'"
 
 msgid "The lowest supported TLS version"
-msgstr ""
+msgstr "A mais baixa versão suporta do TLS"
 
 msgid "Timeframe for key exchange"
 msgstr "Janela temporal para troca de chaves"
diff --git a/package/luci/applications/luci-app-privoxy/po/pt-br/privoxy.po b/package/luci/applications/luci-app-privoxy/po/pt-br/privoxy.po
new file mode 100644
index 0000000000..8d3eee20d5
--- /dev/null
+++ b/package/luci/applications/luci-app-privoxy/po/pt-br/privoxy.po
@@ -0,0 +1,516 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid ""
+"A URL to be displayed in the error page that users will see if access to an "
+"untrusted page is denied."
+msgstr ""
+"A URL a ser exibida na página de erro que os usuários verão se o acesso a "
+"uma página não confiável é negado."
+
+msgid ""
+"A URL to documentation about the local Privoxy setup, configuration or "
+"policies."
+msgstr ""
+"A URL para a documentação sobre o Privoxy local, configuração ou políticas."
+
+msgid "A directory where Privoxy can create temporary files."
+msgstr "Um diretório onde Privoxy pode criar arquivos temporários."
+
+msgid "Access Control"
+msgstr "Controle de Acesso"
+
+msgid "Actions that are applied to all sites and maybe overruled later on."
+msgstr ""
+"Ações que são aplicadas a todos as páginas e talvez descartado mais tarde."
+
+msgid "An alternative directory where the templates are loaded from."
+msgstr "Um diretório alternativo de onde os modelos são carregados."
+
+msgid "An email address to reach the Privoxy administrator."
+msgstr "Um endereço de e-mail para alcançar o administrador do Privoxy."
+
+msgid ""
+"Assumed server-side keep-alive timeout (in seconds) if not specified by the "
+"server."
+msgstr ""
+"Tempo limite, em segundos, da manutenção da conexão (keep-alive) do servidor "
+"se não for especificado."
+
+msgid "Boot delay"
+msgstr "Atraso de iniciação"
+
+msgid "CGI user interface"
+msgstr "Interface de usuário CGI"
+
+msgid "Common Log Format"
+msgstr "Formato de registros (log) comum"
+
+msgid ""
+"Configure here the routing of HTTP requests through a chain of multiple "
+"proxies. Note that parent proxies can severely decrease your privacy level. "
+"Also specified here are SOCKS proxies."
+msgstr ""
+"Configure aqui o encaminhamento de pedidos HTTP através de uma cadeia de "
+"múltiplos proxies. Note-se que proxies pai pode diminuir muito o nível de "
+"privacidade. Também serão aceitos proxies SOCKS."
+
+msgid "Debug GIF de-animation"
+msgstr "Depurar de-animação GIF"
+
+msgid "Debug force feature"
+msgstr "Recurso de depuração forçado"
+
+msgid "Debug redirects"
+msgstr "Redirecionamentos de depuração"
+
+msgid "Debug regular expression filters"
+msgstr "Depuração de filtros de expressão regular"
+
+msgid "Delay (in seconds) during system boot before Privoxy start"
+msgstr ""
+"Atraso (em segundos) durante a inicialização do sistema antes do Privoxy "
+"iniciar"
+
+msgid "Directory does not exist!"
+msgstr "O diretório não existe!"
+
+msgid "Disabled == Transparent Proxy Mode"
+msgstr "Desativado == Modo Proxy Transparente"
+
+msgid "Documentation"
+msgstr "Documentação"
+
+msgid "During delay ifup-events are not monitored !"
+msgstr "Durante a espera, eventos ifup não serão monitorados!"
+
+msgid "Enable proxy authentication forwarding"
+msgstr "Habilitar o encaminhamento de autenticação de proxy"
+
+msgid ""
+"Enable/Disable autostart of Privoxy on system startup and interface events"
+msgstr ""
+"Ativar/Desativar a iniciação automática do Privoxy junto com a iniciação do "
+"sistema ou eventos de interface"
+
+msgid "Enable/Disable filtering when Privoxy starts."
+msgstr "Ativar / Desativar filtragem quando Privoxy iniciar."
+
+msgid "Enabled"
+msgstr "Habilitado"
+
+msgid ""
+"Enabling this option is NOT recommended if there is no parent proxy that "
+"requires authentication!"
+msgstr ""
+"A ativação dessa opção não é recomendado se não houver nenhum proxy pai que "
+"requer autenticação!"
+
+msgid "File '%s' not found inside Configuration Directory"
+msgstr "O arquivo '%s' não foi encontrado dentro do Diretório de Configuração"
+
+msgid "File not found or empty"
+msgstr "Arquivo não encontrado ou vazio"
+
+msgid "Files and Directories"
+msgstr "Arquivos e diretórios"
+
+msgid "For help use link at the relevant option"
+msgstr "Para ajuda, use o link na respectiva opção"
+
+msgid "Forwarding"
+msgstr "Encaminhando"
+
+msgid ""
+"If enabled, Privoxy hides the 'go there anyway' link. The user obviously "
+"should not be able to bypass any blocks."
+msgstr ""
+"Se ativado, Privoxy esconde o link \"ir lá de qualquer maneira\". O usuário, "
+"obviamente, não deve ser capaz de contornar qualquer bloqueio."
+
+msgid ""
+"If you intend to operate Privoxy for more users than just yourself, it might "
+"be a good idea to let them know how to reach you, what you block and why you "
+"do that, your policies, etc."
+msgstr ""
+"Se você pretende operar Privoxy para mais usuários do que apenas a si mesmo, "
+"pode ser uma boa ideia para que eles saibam como falar com você, o que você "
+"bloquear e por que você faz isso, as suas políticas, etc."
+
+msgid "Invalid email address"
+msgstr "Endereço de e-mail inválido"
+
+msgid "It is NOT recommended for the casual user."
+msgstr "Não é recomendado para o usuário casual."
+
+msgid "Location of the Privoxy User Manual."
+msgstr "Localização do Manual do Usuário do Privoxy."
+
+msgid "Log File Viewer"
+msgstr "Visualizador de arquivo de registros (log)"
+
+msgid "Log all data read from the network"
+msgstr "Registrar todos os dados lidos da rede"
+
+msgid "Log all data written to the network"
+msgstr "Registrar todos os dados gravados na rede"
+
+msgid "Log the applying actions"
+msgstr "Registrar as ações aplicadas"
+
+msgid ""
+"Log the destination for each request Privoxy let through. See also 'Debug "
+"1024'."
+msgstr ""
+"Registrar o destino para cada pedido que o Privoxy deixou passar. Consulte "
+"também 'Debug 1024'."
+
+msgid ""
+"Log the destination for requests Privoxy didn't let through, and the reason "
+"why."
+msgstr ""
+"Registrar o destino para os pedidos que o Privoxy não deixou passar, e a "
+"razão pela qual."
+
+msgid "Logging"
+msgstr "Registrando (logging)"
+
+msgid "Main actions file"
+msgstr "Arquivo principal de ações"
+
+msgid "Mandatory Input: No Data given!"
+msgstr "Entrada obrigatória: Dados não foram informados!"
+
+msgid "Mandatory Input: No Directory given!"
+msgstr "Entrada obrigatória: Nenhum Diretório foi informado!"
+
+msgid "Mandatory Input: No File given!"
+msgstr "Entrada obrigatória: Nenhum Arquivo foi informado!"
+
+msgid "Mandatory Input: No Port given!"
+msgstr "Entrada obrigatória: Nenhuma Porta foi informado!"
+
+msgid "Mandatory Input: No files given!"
+msgstr "Entrada obrigatória: Nenhum Arquivo foi informado!"
+
+msgid "Mandatory Input: No valid IPv4 address or host given!"
+msgstr ""
+"Entrada obrigatória: Nenhum endereço IPv4 ou nome de equipamento válido foi "
+"fornecido!"
+
+msgid "Mandatory Input: No valid IPv6 address given!"
+msgstr "Entrada obrigatória: Nenhum endereço IPv6 válido foi informado!"
+
+msgid "Mandatory Input: No valid Port given!"
+msgstr "Entrada obrigatória: Nenhuma porta válida foi informada!"
+
+msgid "Maximum number of client connections that will be served."
+msgstr "O número máximo de conexões de cliente que será aceito."
+
+msgid "Maximum size (in KB) of the buffer for content filtering."
+msgstr "Tamanho máximo (em KB) do buffer para filtragem de conteúdo."
+
+msgid "Miscellaneous"
+msgstr "Diversos"
+
+msgid "NOT installed"
+msgstr "NÃO instalado"
+
+msgid "No trailing '/', please."
+msgstr "Sem '/' final, por favor."
+
+msgid "Non-fatal errors - *we highly recommended enabling this*"
+msgstr "Erros não fatais - *é altamente recomendado ativar isto*"
+
+msgid ""
+"Number of seconds after which a socket times out if no data is received."
+msgstr ""
+"Número de segundos após o qual uma conexão expira se nenhum dado for "
+"recebido."
+
+msgid ""
+"Number of seconds after which an open connection will no longer be reused."
+msgstr ""
+"Número de segundos após o qual uma conexão aberta deixará de ser reutilizada."
+
+msgid ""
+"Only when using 'external filters', Privoxy has to create temporary files."
+msgstr ""
+"Somente quando for usado os \"filtros externos\". O Privoxy tem que criar "
+"arquivos temporários."
+
+msgid "Please install current version !"
+msgstr "Por favor, instale a versão atual!"
+
+msgid "Please press [Read] button"
+msgstr "Por favor, pressione o botão [Ler]"
+
+msgid "Please read Privoxy manual for details!"
+msgstr "Por favor, leia o manual do Privoxy para mais detalhes!"
+
+msgid "Please update to the current version!"
+msgstr "Por favor, atualize para a versão atual!"
+
+msgid "Privoxy WEB proxy"
+msgstr "Privoxy Web Proxy"
+
+msgid ""
+"Privoxy can (and normally does) use a number of other files for additional "
+"configuration, help and logging. This section of the configuration file "
+"tells Privoxy where to find those other files."
+msgstr ""
+"Privoxy pode (e normalmente o faz) utilizar uma série de outros arquivos de "
+"configuração, ajuda e de registros. Esta seção do arquivo de configuração "
+"informa o Privoxy onde encontrar os outros arquivos."
+
+msgid ""
+"Privoxy is a non-caching web proxy with advanced filtering capabilities for "
+"enhancing privacy, modifying web page data and HTTP headers, controlling "
+"access, and removing ads and other obnoxious Internet junk."
+msgstr ""
+"Privoxy é um proxy web sem cache com capacidades avançadas de filtragem para "
+"aumentar a privacidade, modificar dados de páginas web e cabeçalhos HTTP, "
+"controlar o acesso e remover anúncios e outras porcarias detestável da "
+"Internet."
+
+msgid "Read / Reread log file"
+msgstr "Ler / Ler novamente o arquivo de registros (log)"
+
+msgid "Show I/O status"
+msgstr "Mostrar status de Entrada/Saída"
+
+msgid "Show each connection status"
+msgstr "Mostrar cada estado de conexão"
+
+msgid "Show header parsing"
+msgstr "Mostrar análise do cabeçalho"
+
+msgid "Software package '%s' is not installed."
+msgstr "O pacote de software '%s' não está instalado."
+
+msgid "Software package '%s' is outdated."
+msgstr "O pacote '%' está desatualizado."
+
+msgid "Start"
+msgstr "Iniciar"
+
+msgid "Start / Stop"
+msgstr "Iniciar / Parar"
+
+msgid "Start/Stop Privoxy WEB Proxy"
+msgstr "Inicia / Para o Privoxy Web Proxy"
+
+msgid "Startup banner and warnings."
+msgstr "Mensagens e avisos iniciais."
+
+msgid "Syntax:"
+msgstr "Sintaxe:"
+
+msgid "Syntax: Client header names delimited by spaces."
+msgstr "Sintaxe: nomes de cabeçalho do cliente delimitados por espaços."
+
+msgid "Syntax: target_pattern http_parent[:port]"
+msgstr "Sintaxe: padrão_alvo http_superior[:porta]"
+
+msgid "Syntax: target_pattern socks_proxy[:port] http_parent[:port]"
+msgstr "Sintaxe: padrão_alvo proxy_socks[:porta] http_superior[:porta]"
+
+msgid "System"
+msgstr "Sistema"
+
+msgid ""
+"The actions file(s) to use. Multiple actionsfile lines are permitted, and "
+"are in fact recommended!"
+msgstr ""
+"O(s) arquivo(s) ações a ser usado. Várias linhas no arquivo são permitidas, "
+"e são, de fato, recomendadas!"
+
+msgid ""
+"The address and TCP port on which Privoxy will listen for client requests."
+msgstr ""
+"O endereço e porta TCP em que Privoxy vai esperar por pedidos dos clientes."
+
+msgid ""
+"The compression level that is passed to the zlib library when compressing "
+"buffered content."
+msgstr ""
+"O nível de compressão que é passada para a biblioteca zlib ao comprimir o "
+"conteúdo em buffer."
+
+msgid ""
+"The directory where all logging takes place (i.e. where the logfile is "
+"located)."
+msgstr ""
+"O diretório onde todos os registros ocorrem (ex: onde o arquivo de log está "
+"localizado)."
+
+msgid "The directory where the other configuration files are located."
+msgstr "O diretório onde os outros arquivos de configuração estão localizados."
+
+msgid ""
+"The filter files contain content modification rules that use regular "
+"expressions."
+msgstr ""
+"Os arquivos de filtro contêm regras de modificação de conteúdo que usam "
+"expressões regulares."
+
+msgid "The hostname shown on the CGI pages."
+msgstr "O nome da máquina mostrado nas páginas de CGI."
+
+msgid "The log file to use. File name, relative to log directory."
+msgstr ""
+"O arquivo de registros a ser usado. O nome do arquivo, relativo ao diretório "
+"de log."
+
+msgid "The order in which client headers are sorted before forwarding them."
+msgstr ""
+"A ordem em que os cabeçalhos dos clientes são classificados antes de "
+"encaminhá-los."
+
+msgid ""
+"The status code Privoxy returns for pages blocked with +handle-as-empty-"
+"document."
+msgstr ""
+"O código de status Privoxy retorna para páginas bloqueadas com +handle-as-"
+"empty-document."
+
+msgid ""
+"The trust mechanism is an experimental feature for building white-lists and "
+"should be used with care."
+msgstr ""
+"O mecanismo de confiança é um recurso experimental para a construção de "
+"listas de destinos confiáveis e deve ser usado com cuidado."
+
+msgid ""
+"The value of this option only matters if the experimental trust mechanism "
+"has been activated."
+msgstr ""
+"O valor desta opção só importa se o mecanismo de confiança experimental foi "
+"ativado."
+
+msgid ""
+"This option is only there for debugging purposes. It will drastically reduce "
+"performance."
+msgstr ""
+"Esta opção só está lá para fins de depuração. Ele irá reduzir drasticamente "
+"o desempenho."
+
+msgid ""
+"This option will be removed in future releases as it has been obsoleted by "
+"the more general header taggers."
+msgstr ""
+"Esta opção será removida em versões futuras, uma vez que ficou obsoleta "
+"pelos marcadores de cabeçalho mais genéricos."
+
+msgid ""
+"This tab controls the security-relevant aspects of Privoxy's configuration."
+msgstr ""
+"Esta guia controla os aspectos da configuração do Privoxy relevantes para a "
+"segurança."
+
+msgid ""
+"Through which SOCKS proxy (and optionally to which parent HTTP proxy) "
+"specific requests should be routed."
+msgstr ""
+"Através de qual Proxy SOCKS (e, opcionalmente, para o qual proxy HTTP "
+"superior) pedidos específicos devem ser encaminhados."
+
+msgid "To which parent HTTP proxy specific requests should be routed."
+msgstr ""
+"Para qual proxy HTTP superior os pedidos específicos devem ser encaminhados."
+
+msgid "User customizations"
+msgstr "Personalizações do usuário"
+
+msgid "Value is not a number"
+msgstr "O valor não é um número"
+
+msgid "Value not between 0 and 300"
+msgstr "Valor não está entre 0 e 300"
+
+msgid "Value not between 0 and 9"
+msgstr "Valor não está entre 0 e 9"
+
+msgid "Value not between 1 and 4096"
+msgstr "Valor não entre 1 e 4096"
+
+msgid "Value not greater 0 or empty"
+msgstr "Valor não é maior que 0 ou vazio"
+
+msgid "Value range 1 to 4096, no entry defaults to 4096"
+msgstr "Faixa do valor de 1 até 4096. Se vazio, será 4096"
+
+msgid "Version"
+msgstr "Versão"
+
+msgid "Version Information"
+msgstr "Informação da Versão"
+
+msgid "Whether intercepted requests should be treated as valid."
+msgstr "Se as solicitações interceptados deve ser tratadas como válidas."
+
+msgid ""
+"Whether or not Privoxy recognizes special HTTP headers to change toggle "
+"state."
+msgstr ""
+"Se o Privoxy deve reconhecer cabeçalhos HTTP especiais para mudar de "
+"alternância do estado."
+
+msgid "Whether or not buffered content is compressed before delivery."
+msgstr "Se o conteúdo em buffer é comprimido antes da entrega."
+
+msgid ""
+"Whether or not outgoing connections that have been kept alive should be "
+"shared between different incoming connections."
+msgstr ""
+"Se as conexões de saída que foram mantidas vivas devem ser compartilhadas "
+"entre diferentes conexões de entrada."
+
+msgid "Whether or not pipelined requests should be served."
+msgstr "Se os pedidos de pipeline deve ser aceitos."
+
+msgid "Whether or not proxy authentication through Privoxy should work."
+msgstr "Se a autenticação de proxy através do Privoxy deve funcionar."
+
+msgid "Whether or not the web-based actions file editor may be used."
+msgstr "Se o editor de arquivos de ações baseadas na web deve ser utilizado."
+
+msgid "Whether or not the web-based toggle feature may be used."
+msgstr "Se deve ser usado o recurso de alternância baseado na web."
+
+msgid "Whether requests to Privoxy's CGI pages can be blocked or redirected."
+msgstr ""
+"Se as solicitações para páginas CGI do Privoxy podem ser bloqueadas ou "
+"redirecionadas."
+
+msgid ""
+"Whether the CGI interface should stay compatible with broken HTTP clients."
+msgstr ""
+"Se a interface CGI deve se manter compatível com clientes HTTP mal "
+"implementados."
+
+msgid "Whether to run only one server thread."
+msgstr "Se deseja executar o servidor como apenas uma thread."
+
+msgid "Who can access what."
+msgstr "Quem pode acessar o quê."
+
+msgid "installed"
+msgstr "instalado"
+
+msgid "or higher"
+msgstr "ou maior"
+
+msgid "required"
+msgstr "necessário"
diff --git a/package/luci/applications/luci-app-radicale/po/pt-br/radicale.po b/package/luci/applications/luci-app-radicale/po/pt-br/radicale.po
new file mode 100644
index 0000000000..67bf586908
--- /dev/null
+++ b/package/luci/applications/luci-app-radicale/po/pt-br/radicale.po
@@ -0,0 +1,432 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid ""
+"'AUTO' selects the highest protocol version that client and server support."
+msgstr "'AUTO' seleciona a versão mais alto protocolo que o cliente e o servidor suportar."
+
+msgid ""
+"'Hostname:Port' or 'IPv4:Port' or '[IPv6]:Port' Radicale should listen on"
+msgstr "'NomeDoEquipamento:porta' ou 'IPv4:Porta' ou '[IPv6]:Porta' em que o Radicale deve escutar"
+
+msgid "AUTO"
+msgstr "AUTO"
+
+msgid "Access-Control-Allow-Headers"
+msgstr "Access-Control-Allow-Headers"
+
+msgid "Access-Control-Allow-Methods"
+msgstr "Access-Control-Allow-Methods"
+
+msgid "Access-Control-Allow-Origin"
+msgstr "Access-Control-Allow-Origin"
+
+msgid "Access-Control-Expose-Headers"
+msgstr "Access-Control-Expose-Headers"
+
+msgid "Additional HTTP headers"
+msgstr "Additional HTTP headers"
+
+msgid "Address:Port"
+msgstr "Endereço: Porta"
+
+#, fuzzy
+msgid "Authentication"
+msgstr "Autenticação"
+
+msgid ""
+"Authentication login is matched against the 'user' key, and collection's "
+"path is matched against the 'collection' key."
+msgstr "O nome do usuário na autenticação é comparado com a chave do 'user', e o caminho da coleção é comparado com a chave 'coleção'."
+
+msgid "Authentication method"
+msgstr "Método de autenticação"
+
+msgid "Authentication method to allow access to Radicale server."
+msgstr "Método de autenticação para permitir o acesso ao servidor Radicale."
+
+msgid "Auto-start"
+msgstr "Iniciar automaticamente"
+
+msgid "Boot delay"
+msgstr "Atraso na iniciação"
+
+msgid "CalDAV/CardDAV"
+msgstr "CalDAV/CardDAV"
+
+msgid ""
+"Calendars and address books are available for both local and remote access, "
+"possibly limited through authentication policies."
+msgstr "Agendas e contados estão disponíveis tanto para acesso local como remoto, possivelmente limitado através das políticas de autenticação."
+
+msgid "Certificate file"
+msgstr "Arquivo do certificado"
+
+msgid ""
+"Change here the encoding Radicale will use instead of 'UTF-8' for responses "
+"to the client and/or to store data inside collections."
+msgstr "Mude aqui a codificação que o Radicale usará em vez de 'UTF-8' para respostas a clientes ou para armazenar dados dentro das coleções."
+
+msgid "Ciphers"
+msgstr "Cifras"
+
+msgid "Console Log level"
+msgstr "Nível de detalhamento dos registros (log)"
+
+msgid "Control the access to data collections."
+msgstr "Controlar o acesso às coleções de dados."
+
+#, fuzzy
+msgid "Critical"
+msgstr "Crítico"
+
+msgid ""
+"Cross-origin resource sharing (CORS) is a mechanism that allows restricted "
+"resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from "
+"another domain outside the domain from which the resource originated."
+msgstr "O compartilhamento de recursos de origem cruzada (CORS) é um mecanismo que permite que os recursos de acesso restrito (por exemplo, fontes, JavaScript, etc.) em uma página web ser solicitado de outro domínio fora do domínio a partir do qual o recurso foi originado."
+
+msgid "Custom"
+msgstr "Personalizadas"
+
+msgid "Database"
+msgstr "Banco de Dados"
+
+#, fuzzy
+msgid "Debug"
+msgstr "Depuração"
+
+msgid "Delay (in seconds) during system boot before Radicale start"
+msgstr "Atraso (em segundos) durante a inicialização do sistema antes do Radicale iniciar"
+
+#, fuzzy
+msgid "Directory"
+msgstr "Diretório"
+
+msgid "Directory not exists/found !"
+msgstr "O diretório não foi encontrado!"
+
+msgid "Directory required !"
+msgstr "O diretório é necessário!"
+
+msgid "Directory where the rotating log-files are stored"
+msgstr "O diretório onde os registros(log) rotativos são armazenados"
+
+msgid "During delay ifup-events are not monitored !"
+msgstr "Durante a espera, eventos ifup não serão monitorados!"
+
+msgid "Enable HTTPS"
+msgstr "Ativar HTTPS"
+
+msgid ""
+"Enable/Disable auto-start of Radicale on system start-up and interface events"
+msgstr "Ativar/Desativar iniciação automática do Radicale na iniciação do sistema e em eventos de interface"
+
+msgid "Encoding"
+msgstr "Codificação"
+
+msgid "Encoding for responding requests."
+msgstr "Codificação para responder pedidos."
+
+msgid "Encoding for storing local collections."
+msgstr "Codificação para armazenar coleções locais."
+
+msgid "Encryption method"
+msgstr "Método de criptografia"
+
+#, fuzzy
+msgid "Error"
+msgstr "Erro"
+
+msgid "File '%s' not found !"
+msgstr "Arquivo '%s' não encontrado!"
+
+msgid "File Log level"
+msgstr "Nível de detalhamento dos registos(log) em arquivos"
+
+msgid "File not found !"
+msgstr "Arquivo não encontrado!"
+
+msgid "File-system"
+msgstr "Sistema de arquivos"
+
+msgid ""
+"For example, for the 'user' key, '.+' means 'authenticated user' and '.*' "
+"means 'anybody' (including anonymous users)."
+msgstr "Por exemplo, para a chave 'user', '.+' Significa 'usuário autenticado' e '.*' Significa 'qualquer um' (incluindo usuários anônimos)."
+
+msgid "Full access for Owner only"
+msgstr "Acesso completo somente para o proprietário"
+
+msgid "Full access for authenticated Users"
+msgstr "Acesso completo para usuários autenticados"
+
+msgid "Full access for everybody (including anonymous)"
+msgstr "Acesso completo para todos (incluindo anônimo)"
+
+msgid "Full path and file name of certificate"
+msgstr "Caminho completo e nome do arquivo do certificado"
+
+msgid "Full path and file name of private key"
+msgstr "Caminho e arquivo nome completo da chave privada"
+
+#, fuzzy
+msgid "Info"
+msgstr "Informações"
+
+msgid "Keep in mind to use the correct hashing algorithm !"
+msgstr "Fique atento para usar o algoritmo de resumo digital(hash) correto!"
+
+msgid "Leading or ending slashes are trimmed from collection's path."
+msgstr "Barras inicias e finais serão removidas do caminho da coleção."
+
+msgid "Log-backup Count"
+msgstr "Contagem Registro(log) de Backup"
+
+msgid "Log-file Viewer"
+msgstr "Visualizador de Arquivo de Registros(log)"
+
+msgid "Log-file directory"
+msgstr "Diretório do arquivo de registros(log)"
+
+msgid "Log-file size"
+msgstr "Tamanho do arquivo de registros(log)"
+
+#, fuzzy
+msgid "Logging"
+msgstr "Registrando os eventos"
+
+msgid "Logon message"
+msgstr "Mensagem de entrada"
+
+msgid "Maximum size of each rotation log-file."
+msgstr "Tamanho máximo para a rotação do arquivo de registros(log)"
+
+msgid "Message displayed in the client when a password is needed."
+msgstr "Mensagem exibida para o cliente quando uma senha é necessária."
+
+#, fuzzy
+msgid "NOT installed"
+msgstr "NÃO instalado"
+
+#, fuzzy
+msgid "None"
+msgstr "Nada"
+
+msgid "Number of backup files of log to create."
+msgstr "Número de backups dos arquivos de registros(log) a serem criados."
+
+msgid "OPTIONAL: See python's ssl module for available ciphers"
+msgstr "Opcional: veja o módulo SSL do python para conhecer as cifras disponíveis"
+
+msgid "One or more missing/invalid fields on tab"
+msgstr "Um ou campos inválidos/ausentes na aba"
+
+msgid "Owner allow write, authenticated users allow read"
+msgstr "O proprietário pode escrever, os usuários autenticados podem ler"
+
+msgid "Path/File required !"
+msgstr "O caminho/arquivo é necessário!"
+
+msgid ""
+"Place here the 'user:password' pairs for your users which should have access "
+"to Radicale."
+msgstr "Coloque aqui os pares 'usuário:senha' para os seus usuários que devem ter acesso a Radicale."
+
+msgid "Please install current version !"
+msgstr "Por favor, instale a versão atual!"
+
+msgid "Please press [Reload] button below to reread the file."
+msgstr "Por favor, pressione o botão [Recarregar] abaixo para reler o arquivo."
+
+msgid "Please update to current version !"
+msgstr "Por favor, atualize para a versão atual!"
+
+msgid "Port numbers below 1024 (Privileged ports) are not supported"
+msgstr "Os porta abaixo de 1024 (portas privilegiadas) não são suportadas"
+
+msgid "Private key file"
+msgstr "Arquivo da chave privada"
+
+msgid "Radicale CalDAV/CardDAV Server"
+msgstr "Radicale Servidor CalDAV/CardDAV"
+
+msgid "Radicale uses '/etc/radicale/rights' as regexp-based file."
+msgstr "Radicale usa o '/etc/radicale/rights' como arquivo baseado em expressão regular."
+
+msgid "Radicale uses '/etc/radicale/users' as htpasswd file."
+msgstr "Radicale usa o '/etc/radicale/users' como o arquivo htpasswd."
+
+msgid "Read only!"
+msgstr "Somente leitura!"
+
+msgid "RegExp file"
+msgstr "Arquivo de expressões regulares"
+
+msgid "Reload"
+msgstr "Recarregar"
+
+msgid "Response Encoding"
+msgstr "Codificação da Resposta"
+
+msgid "Rights"
+msgstr "Direitos"
+
+msgid "Rights are based on a regexp-based file"
+msgstr "Os direitos são baseados em um arquivo baseado em expressões regulares"
+
+msgid "Rights backend"
+msgstr "Serviço de Direitos"
+
+msgid "SHA-1"
+msgstr "SHA-1"
+
+msgid "SSL Protocol"
+msgstr "Protocolo SSL"
+
+#, fuzzy
+msgid "Save"
+msgstr "Salvar"
+
+msgid "Section names are only used for naming the rule."
+msgstr "Os nomes das seção são usados ​​apenas para nomear a regra."
+
+#, fuzzy
+msgid "Server"
+msgstr "Servidor"
+
+msgid "Setting this parameter to '0' will disable rotation of log-file."
+msgstr "Definindo este parâmetro para '0' irá desativar a rotação dos arquivos de registros(log)."
+
+msgid "Software package '%s' is not installed."
+msgstr "O pacote de software '%s' não está instalado."
+
+msgid "Software package '%s' is outdated."
+msgstr "O pacote '%' está desatualizado."
+
+#, fuzzy
+msgid "Software update required"
+msgstr "A atualização do software é necessária"
+
+#, fuzzy
+msgid "Start"
+msgstr "Iniciar"
+
+#, fuzzy
+msgid "Start / Stop"
+msgstr "Iniciar / Parar"
+
+msgid "Start/Stop Radicale server"
+msgstr "Iniciar/Parar o servidor Radicale"
+
+msgid "Storage"
+msgstr "Armazenamento"
+
+msgid "Storage Encoding"
+msgstr "Codificação do Armazenamento"
+
+msgid "Storage backend"
+msgstr "Serviço de armazenamento"
+
+msgid "Syslog Log level"
+msgstr "Nível de detalhamento do serviço de registro (syslog)"
+
+#, fuzzy
+msgid "System"
+msgstr "Sistema"
+
+msgid ""
+"The Radicale Project is a complete CalDAV (calendar) and CardDAV (contact) "
+"server solution."
+msgstr "O Projeto Radicale é uma solução completa de CalDAV (agenda) e CardDAV (contatos)."
+
+msgid ""
+"They can be viewed and edited by calendar and contact clients on mobile "
+"phones or computers."
+msgstr "Eles podem ser visualizados e editados pelos clientes de agenda e de contatos em telefones celulares ou computadores."
+
+msgid "To edit the file follow this link!"
+msgstr "Para editar o arquivo, siga este link!"
+
+msgid "To view latest log file follow this link!"
+msgstr "Para visualizar mais recente arquivo de registros(log), siga este link!"
+
+msgid "Value is not a number"
+msgstr "O valor não é um número"
+
+msgid "Value is not an Integer >= 0 !"
+msgstr "O valor não é um número natural (>=0)!"
+
+msgid "Value not between 0 and 300"
+msgstr "Valor não está entre 0 e 300"
+
+msgid "Value required ! Integer >= 0 !"
+msgstr "O valor é necessário! Número natural (>=0)!"
+
+#, fuzzy
+msgid "Version"
+msgstr "Versão"
+
+#, fuzzy
+msgid "Version Information"
+msgstr "Informação da Versão"
+
+msgid ""
+"WARNING: Only 'File-system' is documented and tested by Radicale development"
+msgstr "AVISO: Apenas 'Sistema de Arquivos "está documentado e testado pelo desenvolvimento do Radicale"
+
+#, fuzzy
+msgid "Warning"
+msgstr "Alerta"
+
+msgid ""
+"You can also get groups from the user regex in the collection with {0}, {1}, "
+"etc."
+msgstr "Você também pode obter grupos a partir da expressão regular do usuário na coleção com {0}, {1} , etc."
+
+msgid ""
+"You can use Python's ConfigParser interpolation values %(login)s and "
+"%(path)s."
+msgstr "Você pode usar a interpolação de valores %(login)s e %(path)s do ConfigParser do Python."
+
+msgid "crypt"
+msgstr "cifrar"
+
+msgid "custom"
+msgstr "personalizado"
+
+msgid "htpasswd file"
+msgstr "arquivo htpasswd"
+
+#, fuzzy
+msgid "installed"
+msgstr "instalado"
+
+msgid "no valid path given!"
+msgstr "Nenhum caminho válido foi informado!"
+
+#, fuzzy
+msgid "or higher"
+msgstr "ou maior"
+
+msgid "plain"
+msgstr "plano"
+
+#, fuzzy
+msgid "required"
+msgstr "necessário"
+
+msgid "salted SHA-1"
+msgstr "SHA-1 com salto"
+
diff --git a/package/luci/applications/luci-app-shadowsocks-libev/po/pt-br/shadowsocks-libev.po b/package/luci/applications/luci-app-shadowsocks-libev/po/pt-br/shadowsocks-libev.po
new file mode 100644
index 0000000000..f2b18e374c
--- /dev/null
+++ b/package/luci/applications/luci-app-shadowsocks-libev/po/pt-br/shadowsocks-libev.po
@@ -0,0 +1,97 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid "Access Control"
+msgstr "Controle de Acesso"
+
+msgid "Allow all except listed"
+msgstr "Permitir todos, exceto os listados"
+
+msgid "Allow listed only"
+msgstr "Permitir somente os listados"
+
+msgid "Bypassed IP"
+msgstr "Endereços IP Ignorados"
+
+msgid "Connection Timeout"
+msgstr "Tempo limite de conexão"
+
+msgid "Custom"
+msgstr "Personalizado"
+
+msgid "Disabled"
+msgstr "Desabilitado"
+
+msgid "Enable"
+msgstr "Ativar"
+
+msgid "Enabled"
+msgstr "Ativado"
+
+msgid "Encrypt Method"
+msgstr "Método de Cifragem"
+
+msgid "Forwarded IP"
+msgstr "Endereço IP Encaminhado"
+
+msgid "Forwarding Tunnel"
+msgstr "Tunel para Encaminhamento"
+
+msgid "Global Setting"
+msgstr "Opções Globais"
+
+msgid "Ignore List"
+msgstr "Lista de Ignorados"
+
+msgid "LAN"
+msgstr "LAN"
+
+msgid "LAN IP List"
+msgstr "Lista de endereços IP da LAN"
+
+msgid "Local Port"
+msgstr "Porta Local"
+
+msgid "Password"
+msgstr "Senha"
+
+msgid "Relay Mode"
+msgstr "Modo de Retransmissor"
+
+msgid "Server Address"
+msgstr "Endereço do Servidor"
+
+msgid "Server Port"
+msgstr "Porta do servidor"
+
+msgid "ShadowSocks-libev"
+msgstr "ShadowSocks-libev"
+
+msgid "ShadowSocks-libev is not running"
+msgstr "O serviço ShadowSocks-libev está parado"
+
+msgid "ShadowSocks-libev is running"
+msgstr "O serviço ShadowSocks-libev está em execução."
+
+msgid "UDP Forward"
+msgstr "Encaminhamento UDP"
+
+msgid "UDP Local Port"
+msgstr "Porta Local UDP"
+
+msgid "UDP Relay"
+msgstr "Retransmissão UDP"
+
+msgid "WAN"
+msgstr "WAN"
diff --git a/package/luci/applications/luci-app-shairplay/po/pt-br/shairplay.po b/package/luci/applications/luci-app-shairplay/po/pt-br/shairplay.po
new file mode 100644
index 0000000000..c7d0ab18a3
--- /dev/null
+++ b/package/luci/applications/luci-app-shairplay/po/pt-br/shairplay.po
@@ -0,0 +1,54 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+"X-Poedit-Bookmarks: -1,5,-1,-1,-1,-1,-1,-1,-1,-1\n"
+
+msgid "AO Device ID"
+msgstr "Identificador do dispositivo AO"
+
+msgid "AO Device Name"
+msgstr "Nome do dispositivo AO"
+
+msgid "AO Driver"
+msgstr "Driver do AO"
+
+msgid "Airport Name"
+msgstr "Nome do Airport"
+
+msgid "Default"
+msgstr "Padrão"
+
+msgid "Enabled"
+msgstr "Habilitado"
+
+msgid "HW Address"
+msgstr "Endereço de Hardware"
+
+msgid "Password"
+msgstr "Senha"
+
+msgid "Port"
+msgstr "Porta"
+
+msgid "Respawn"
+msgstr "Redisparar"
+
+msgid "Shairplay"
+msgstr "Shairplay"
+
+msgid ""
+"Shairplay is a simple AirPlay server implementation, here you can configure "
+"the settings."
+msgstr ""
+"Shairplay é uma implementação simples de um servidor AirPlay. Aqui você pode "
+"configurá-lo."
diff --git a/package/luci/applications/luci-app-statistics/po/pt-br/statistics.po b/package/luci/applications/luci-app-statistics/po/pt-br/statistics.po
index 3b3590f264..357f54317f 100644
--- a/package/luci/applications/luci-app-statistics/po/pt-br/statistics.po
+++ b/package/luci/applications/luci-app-statistics/po/pt-br/statistics.po
@@ -1,17 +1,17 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2009-06-10 03:41+0200\n"
-"PO-Revision-Date: 2014-03-15 22:12+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
+"PO-Revision-Date: 2017-02-22 18:27-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"Language-Team: \n"
 
 msgid "Action (target)"
 msgstr "Ação (destino)"
@@ -29,7 +29,7 @@ msgid "Add notification command"
 msgstr "Adicionar o comando de notificação"
 
 msgid "Aggregate number of connected users"
-msgstr ""
+msgstr "Numero agregado de usuários conectados"
 
 msgid "Base Directory"
 msgstr "Diretório Base"
@@ -38,10 +38,10 @@ msgid "Basic monitoring"
 msgstr "Monitoramento básico"
 
 msgid "CPU Frequency"
-msgstr ""
+msgstr "Frequência da CPU"
 
 msgid "CPU Frequency Plugin Configuration"
-msgstr ""
+msgstr "Configuração do Plugin da Frequência da CPU"
 
 msgid "CPU Plugin Configuration"
 msgstr "Configuração do plugin CPU"
@@ -134,16 +134,16 @@ msgid "Email"
 msgstr "Email"
 
 msgid "Empty value = monitor all"
-msgstr ""
+msgstr "Valor vazio = monitore todos"
 
 msgid "Enable this plugin"
 msgstr "Habilitar este plugin"
 
 msgid "Entropy"
-msgstr ""
+msgstr "Entropia"
 
 msgid "Entropy Plugin Configuration"
-msgstr ""
+msgstr "Configuração do Plugin de Entropia"
 
 msgid "Exec"
 msgstr "Exec"
@@ -165,13 +165,13 @@ msgstr ""
 "Encaminhamento entre o endereço de escuta e os endereços dos servidores"
 
 msgid "Gather compression statistics"
-msgstr ""
+msgstr "Obter estatísticas sobre a compressão"
 
 msgid "General plugins"
-msgstr ""
+msgstr "Plugins Gerais"
 
 msgid "Generate a separate graph for each logged user"
-msgstr ""
+msgstr "Gerar um gráfico separado para cada usuário conectado"
 
 msgid "Graphs"
 msgstr "Gráficos"
@@ -204,6 +204,7 @@ msgstr ""
 
 msgid "Hold Ctrl to select multiple items or to deselect entries."
 msgstr ""
+"Segure o Ctrl para selecionar múltiplos itens ou para retirar entradas. "
 
 msgid "Host"
 msgstr "Equipamento"
@@ -259,6 +260,8 @@ msgid ""
 "Max values for a period can be used instead of averages when not using 'only "
 "average RRAs'"
 msgstr ""
+"Valores máximos para um período podem ser usados em vez de médias quando não "
+"estiver usando 'somente RRAs de médias'"
 
 msgid "Maximum allowed connections"
 msgstr "Máximo de conexões permitidas"
@@ -276,10 +279,10 @@ msgid "Monitor all local listen ports"
 msgstr "Monitorar todas as portas locais"
 
 msgid "Monitor all sensors"
-msgstr ""
+msgstr "Monitorar todas os sensores"
 
 msgid "Monitor device(s) / thermal zone(s)"
-msgstr ""
+msgstr "Dispositivo(s) de monitoramento / zona(s) térmica(s)"
 
 msgid "Monitor devices"
 msgstr "Monitorar dispositivos"
@@ -345,13 +348,13 @@ msgid "Only create average RRAs"
 msgstr "Somente criar RRAs de média"
 
 msgid "OpenVPN"
-msgstr ""
+msgstr "OpenVPN"
 
 msgid "OpenVPN Plugin Configuration"
-msgstr ""
+msgstr "Configuração do Plugin do OpenVPN"
 
 msgid "OpenVPN status files"
-msgstr ""
+msgstr "Arquivos de estado do OpenVPN"
 
 msgid "Options"
 msgstr "Opções"
@@ -411,13 +414,13 @@ msgid "Seconds"
 msgstr "Segundos"
 
 msgid "Sensor list"
-msgstr ""
+msgstr "Lista de sensores"
 
 msgid "Sensors"
-msgstr ""
+msgstr "Sensores"
 
 msgid "Sensors Plugin Configuration"
-msgstr ""
+msgstr "Configuração do Plugin de Sensores"
 
 msgid "Server host"
 msgstr "Endereço do servidor"
@@ -426,13 +429,13 @@ msgid "Server port"
 msgstr "Porta do servidor"
 
 msgid "Setup"
-msgstr ""
+msgstr "Configuração"
 
 msgid "Shaping class monitoring"
 msgstr "Monitoramento das Classes de Shaping"
 
 msgid "Show max values instead of averages"
-msgstr ""
+msgstr "Mostrar valores máximos em vez de médias"
 
 msgid "Socket file"
 msgstr "Arquivo do socket"
@@ -456,10 +459,10 @@ msgid "Specifies what information to collect about the global topology."
 msgstr "Especifica quais informações serão coletadas sobre a topologia global."
 
 msgid "Splash Leases"
-msgstr ""
+msgstr "Concessões do Splash"
 
 msgid "Splash Leases Plugin Configuration"
-msgstr ""
+msgstr "Configuração do Plugin das Concessões do Splash"
 
 msgid "Statistics"
 msgstr "Estatística"
@@ -508,6 +511,7 @@ msgid ""
 "The OpenVPN plugin gathers information about the current vpn connection "
 "status."
 msgstr ""
+"O plugin OpenVPN reúne informações sobre o status atual da conexão VPN."
 
 msgid ""
 "The conntrack plugin collects statistics about the number of tracked "
@@ -560,7 +564,7 @@ msgstr ""
 "Plugin::Collectd mas pode ser utilizado de outras maneiras também."
 
 msgid "The entropy plugin collects statistics about the available entropy."
-msgstr ""
+msgstr "O plugin de entropia coleta estatísticas sobre a entropia disponível."
 
 msgid ""
 "The exec plugin starts external commands to read values from or to notify "
@@ -651,17 +655,24 @@ msgid ""
 "The sensors plugin uses the Linux Sensors framework to gather environmental "
 "statistics."
 msgstr ""
+"O plugin de sensores usa a estrutura de sensores do Linux para coletar "
+"estatísticas ambientais."
 
 msgid ""
 "The splash leases plugin uses libuci to collect statistics about splash "
 "leases."
 msgstr ""
+"O plug-in de concessões splash usa o libuci para coletar estatísticas sobre "
+"concessões de splash."
 
 msgid ""
 "The statistics package uses <a href=\"https://collectd.org/\">Collectd</a> "
 "to gather data and <a href=\"http://oss.oetiker.ch/rrdtool/\">RRDtool</a> to "
 "render diagram images."
 msgstr ""
+"O pacote de estatísticas usa <a href=\"https://collectd.org/\"> Collectd </"
+"a> para coletar dados e <a href=\"http://oss.oetiker.ch/rrdtool/\">RRDtool</"
+"a>  para desenhar os gráficos."
 
 msgid ""
 "The tcpconns plugin collects informations about open tcp connections on "
@@ -675,6 +686,9 @@ msgid ""
 "read from /sys/class/thermal/*/temp ( '*' denotes the thermal device to be "
 "read, e.g. thermal_zone1 )"
 msgstr ""
+"O plugin térmico monitorará a temperatura do sistema. Os dados são "
+"tipicamente lidos de /sys/class/thermal/*/temp ('*' indica o dispositivo "
+"térmico a ser lido, ex:, thermal_zone1)"
 
 msgid ""
 "The unixsock plugin creates a unix socket which can be used to read "
@@ -685,15 +699,19 @@ msgstr ""
 
 msgid "The uptime plugin collects statistics about the uptime of the system."
 msgstr ""
+"O plugin de tempo de atividade coleta estatísticas sobre o tempo de "
+"atividade do sistema."
 
 msgid "Thermal"
-msgstr ""
+msgstr "Térmico"
 
 msgid "Thermal Plugin Configuration"
-msgstr ""
+msgstr "Configuração do Plugin Térmico"
 
 msgid "This plugin collects statistics about the processor frequency scaling."
 msgstr ""
+"Este plugin coleta as estatísticas sobre o escalonamento da frequência do "
+"processador."
 
 msgid ""
 "This section defines on which interfaces collectd will wait for incoming "
@@ -727,13 +745,13 @@ msgid "Unixsock Plugin Configuration"
 msgstr "Configuração do plugin Unixsock"
 
 msgid "Uptime"
-msgstr ""
+msgstr "Tempo de atividade"
 
 msgid "Uptime Plugin Configuration"
-msgstr ""
+msgstr "Configuração do Plugin de Tempo de Atividade"
 
 msgid "Use improved naming schema"
-msgstr ""
+msgstr "Use um esquema de nomeação melhorado"
 
 msgid "Used PID file"
 msgstr "Arquivo PID usado"
@@ -753,6 +771,8 @@ msgstr "Configuração do Plugin iwinfo da Rede Sem Fio (Wireless)"
 msgid ""
 "You can install additional collectd-mod-* plugins to enable more statistics."
 msgstr ""
+"Você pode instalar plugins adicionais (collectd-mod-*) para habilitar mais "
+"estatísticas."
 
 msgid "e.g. br-ff"
 msgstr "ex: br-ff"
@@ -775,6 +795,15 @@ msgstr "segundos; vários valores, separar com espaço"
 msgid "server interfaces"
 msgstr "interfaces do servidor"
 
+#~ msgid ""
+#~ "Note: as pages are rendered by user 'nobody', the *.rrd files, the "
+#~ "storage directory and all its parent directories need to be world "
+#~ "readable."
+#~ msgstr ""
+#~ "Nota: como as páginas são renderizadas pelo usuário 'nobody', os arquivos "
+#~ "* .rrd, o diretório de armazenamento e todos os seus diretórios "
+#~ "superiores precisam ser legíveis a todos."
+
 #~ msgid "Collectd"
 #~ msgstr "Coletar"
 
diff --git a/package/luci/applications/luci-app-travelmate/luasrc/model/cbi/travelmate.lua b/package/luci/applications/luci-app-travelmate/luasrc/model/cbi/travelmate.lua
index 9050ae9686..fa44d4b523 100644
--- a/package/luci/applications/luci-app-travelmate/luasrc/model/cbi/travelmate.lua
+++ b/package/luci/applications/luci-app-travelmate/luasrc/model/cbi/travelmate.lua
@@ -18,17 +18,17 @@ o = s:option(Flag, "trm_enabled", translate("Enable Travelmate"))
 o.rmempty = false
 o.default = 0
 
-o = s:option(Value, "trm_loop", translate("Loop timeout in seconds for wlan monitoring"),
-	translate("Default 30, range 5-60"))
+o = s:option(Value, "trm_maxwait", translate("Max. timeout in seconds for wlan interface reload"),
+	translate("Default 20, range 10-60"))
 o.rmempty = false
-o.default = 30
-o.datatype = "range(5,60)"
+o.default = 20
+o.datatype = "range(10,60)"
 
 o = s:option(Value, "trm_maxretry", translate("Max. number of connection retries to an uplink"),
-	translate("Default 3, range 0-10. Set to 0 to allow unlimited retries"))
+	translate("Default 3, range 1-10"))
 o.rmempty = false
 o.default = 3
-o.datatype = "range(0,10)"
+o.datatype = "range(1,10)"
 
 -- Extra options
 
@@ -38,8 +38,8 @@ a = e:option(Flag, "trm_debug", translate("Debug logging"))
 a.rmempty = true
 a.default = a.disabled
 
-a = e:option(Value, "trm_device", translate("Use only one radio, e.g. 'radio0'"),
-	translate("Default: empty = use all radios."))
+a = e:option(Value, "trm_iface", translate("Restrict reload trigger to certain interface(s)"),
+	translate("Space separated list of wwan interfaces that trigger reload action. To disable reload trigger set it to 'false'. Default: empty"))
 a.rmempty = true
 a.default = ""
 a.datatype = "uciname"
diff --git a/package/luci/applications/luci-app-travelmate/po/ja/travelmate.po b/package/luci/applications/luci-app-travelmate/po/ja/travelmate.po
index 986d7b32b6..de1aceed95 100644
--- a/package/luci/applications/luci-app-travelmate/po/ja/travelmate.po
+++ b/package/luci/applications/luci-app-travelmate/po/ja/travelmate.po
@@ -32,14 +32,11 @@ msgstr "トラベル ルータ機能を有効にする、Travelmate パッケー
 msgid "Debug logging"
 msgstr "デバッグ ログ"
 
-msgid "Default 3, range 0-10. Set to 0 to allow unlimited retries"
-msgstr "既定値 3、範囲 0 - 10。再試行回数を制限しない場合、0 に設定します。"
+msgid "Default 20, range 10-60"
+msgstr "既定値 20、範囲 10 - 60"
 
-msgid "Default 30, range 5-60"
-msgstr "既定値 30、範囲 5 - 60"
-
-msgid "Default: empty = use all radios."
-msgstr "デフォルト:（空）= 全ての無線を使用"
+msgid "Default 3, range 1-10"
+msgstr "既定値 3、範囲 1 - 10"
 
 msgid "Disable this if you want to use iwinfo instead of iw"
 msgstr "iw の代わりに iwinfo を使用したい場合、この設定を無効にします。"
@@ -56,17 +53,39 @@ msgstr "全般オプション"
 msgid "Link to detailed advice"
 msgstr "詳細な解説へのリンク"
 
-msgid "Loop timeout in seconds for wlan monitoring"
-msgstr "無線LAN モニターのループ タイムアウト（秒）"
-
 msgid "Max. number of connection retries to an uplink"
 msgstr "確立までの接続試行回数"
 
+msgid "Max. timeout in seconds for wlan interface reload"
+msgstr "無線LANインターフェース リロード時の最大待機時間（秒）"
+
+msgid "Restrict reload trigger to certain interface(s)"
+msgstr "リロード トリガを特定のインターフェースに限定する"
+
+msgid ""
+"Space separated list of wwan interfaces that trigger reload action. To "
+"disable reload trigger set it to 'false'. Default: empty"
+msgstr ""
+"リロード動作のトリガとなる、スペースで区切られたWWAN インターフェースのリスト"
+"です。リロードのトリガを無効にするには、'false' を設定します。既定値:（空）"
+
 msgid "Travelmate"
 msgstr "Travelmate"
 
 msgid "Use iw for scanning"
 msgstr "スキャンに iw を使用する"
 
-msgid "Use only one radio, e.g. 'radio0'"
-msgstr "単一の無線のみ使用する　例: 'radio0'"
+#~ msgid "Default 3, range 0-10. Set to 0 to allow unlimited retries"
+#~ msgstr "既定値 3、範囲 0 - 10。再試行回数を制限しない場合、0 に設定します。"
+
+#~ msgid "Default 30, range 5-60"
+#~ msgstr "既定値 30、範囲 5 - 60"
+
+#~ msgid "Default: empty = use all radios."
+#~ msgstr "デフォルト:（空）= 全ての無線を使用"
+
+#~ msgid "Loop timeout in seconds for wlan monitoring"
+#~ msgstr "無線LAN モニターのループ タイムアウト（秒）"
+
+#~ msgid "Use only one radio, e.g. 'radio0'"
+#~ msgstr "単一の無線のみ使用する　例: 'radio0'"
diff --git a/package/luci/applications/luci-app-travelmate/po/pt-br/travelmate.po b/package/luci/applications/luci-app-travelmate/po/pt-br/travelmate.po
new file mode 100644
index 0000000000..bcfc1cfa2f
--- /dev/null
+++ b/package/luci/applications/luci-app-travelmate/po/pt-br/travelmate.po
@@ -0,0 +1,78 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid ""
+"Brief advice: Create a wwan interface, configure it to use dhcp and add it "
+"to the wan zone in firewall. Create the wifi interfaces to be used ('client' "
+"mode, assigned to wwan network, left as disabled). Travelmate will try to "
+"connect to the known wifi client interfaces in the defined order."
+msgstr ""
+"Breve conselho: Crie uma interface wwan, configure-a para usar DHCP e "
+"adicione-a à zona wan no firewall. Crie as interfaces wifi a serem usadas "
+"(modo 'cliente', atribuído à rede wwan, deixado como desativado). O "
+"Travelmate tentará se conectar às interfaces de cliente wifi conhecidas na "
+"ordem definida."
+
+msgid ""
+"Configuration of the Travelmate package to enable travel router "
+"functionality."
+msgstr ""
+"Configuração do pacote Travelmate para permitir a funcionalidade de roteador "
+"de viagem."
+
+msgid "Debug logging"
+msgstr "Registros(log) para depuração"
+
+msgid "Default 20, range 10-60"
+msgstr "Padrão 20, faixa 10-60"
+
+msgid "Default 3, range 1-10"
+msgstr "Padrão 3, faixa 1-10"
+
+msgid "Disable this if you want to use iwinfo instead of iw"
+msgstr "Desabilite isto se você quer usar o iwinfo ao invés do iw"
+
+msgid "Enable Travelmate"
+msgstr "Habilitar o Travelmate"
+
+msgid "Extra options"
+msgstr "Opções adicionais"
+
+msgid "Global options"
+msgstr "Opções Globais"
+
+msgid "Link to detailed advice"
+msgstr "Endereço para conselhos detalhados"
+
+msgid "Max. number of connection retries to an uplink"
+msgstr "Máximo número de tentativas de conexão para um enlace"
+
+msgid "Max. timeout in seconds for wlan interface reload"
+msgstr "Tempo limite máximo em segundos para recarregar a interface wlan"
+
+msgid "Restrict reload trigger to certain interface(s)"
+msgstr "Restringir o gatilho de recarga para somente alguma(s) interface(s)"
+
+msgid ""
+"Space separated list of wwan interfaces that trigger reload action. To "
+"disable reload trigger set it to 'false'. Default: empty"
+msgstr ""
+"Lista separada por espaços de interfaces wwan que acionam a ação de recarga. "
+"Para desabilitar o gatilho de recarga, defina-o como 'false'. Padrão: vazio"
+
+msgid "Travelmate"
+msgstr "Travelmate"
+
+msgid "Use iw for scanning"
+msgstr "Use o iw para escaneamento"
diff --git a/package/luci/applications/luci-app-travelmate/po/templates/travelmate.pot b/package/luci/applications/luci-app-travelmate/po/templates/travelmate.pot
index 533b3e2639..20628196b6 100644
--- a/package/luci/applications/luci-app-travelmate/po/templates/travelmate.pot
+++ b/package/luci/applications/luci-app-travelmate/po/templates/travelmate.pot
@@ -16,13 +16,10 @@ msgstr ""
 msgid "Debug logging"
 msgstr ""
 
-msgid "Default 3, range 0-10. Set to 0 to allow unlimited retries"
+msgid "Default 20, range 10-60"
 msgstr ""
 
-msgid "Default 30, range 5-60"
-msgstr ""
-
-msgid "Default: empty = use all radios."
+msgid "Default 3, range 1-10"
 msgstr ""
 
 msgid "Disable this if you want to use iwinfo instead of iw"
@@ -40,17 +37,22 @@ msgstr ""
 msgid "Link to detailed advice"
 msgstr ""
 
-msgid "Loop timeout in seconds for wlan monitoring"
+msgid "Max. number of connection retries to an uplink"
 msgstr ""
 
-msgid "Max. number of connection retries to an uplink"
+msgid "Max. timeout in seconds for wlan interface reload"
 msgstr ""
 
-msgid "Travelmate"
+msgid "Restrict reload trigger to certain interface(s)"
 msgstr ""
 
-msgid "Use iw for scanning"
+msgid ""
+"Space separated list of wwan interfaces that trigger reload action. To "
+"disable reload trigger set it to 'false'. Default: empty"
 msgstr ""
 
-msgid "Use only one radio, e.g. 'radio0'"
+msgid "Travelmate"
+msgstr ""
+
+msgid "Use iw for scanning"
 msgstr ""
diff --git a/package/luci/applications/luci-app-uhttpd/po/pt-br/uhttpd.po b/package/luci/applications/luci-app-uhttpd/po/pt-br/uhttpd.po
new file mode 100644
index 0000000000..af68b9e140
--- /dev/null
+++ b/package/luci/applications/luci-app-uhttpd/po/pt-br/uhttpd.po
@@ -0,0 +1,208 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid ""
+"(/old/path=/new/path) or (just /old/path which becomes /cgi-prefix/old/path)"
+msgstr ""
+"(/old/path=/new/path) ou (just /old/path que se torna /cgi-prefix/old/path)"
+
+msgid "404 Error"
+msgstr "Erro 404"
+
+msgid "A lightweight single-threaded HTTP(S) server"
+msgstr "Um servidor HTTP(S) leve de únida thread."
+
+msgid "Advanced Settings"
+msgstr "Opções Avançadas"
+
+msgid "Aliases"
+msgstr "Pseudônimos (Aliases)"
+
+msgid "Base directory for files to be served"
+msgstr "Diretório Base para publicar arquivos"
+
+msgid "Bind to specific interface:port (by specifying interface address"
+msgstr ""
+"Escute em uma interface:porta específica (especificando o endereço da "
+"interface"
+
+msgid "CGI filetype handler"
+msgstr "Interpretador de tipo de arquivo CGI"
+
+msgid "CGI is disabled if not present."
+msgstr "O CGI estará desabilitado se não presente."
+
+msgid "Config file (e.g. for credentials for Basic Auth)"
+msgstr "Arquivo de configuração (ex: credenciais para autenticação básica)"
+
+msgid "Connection reuse"
+msgstr "Reutilizar conexão"
+
+msgid "Country"
+msgstr "País"
+
+msgid "Disable JSON-RPC authorization via ubus session API"
+msgstr "Desabilita a autorização JSON-RPC através da API de sessão ubus"
+
+msgid "Do not follow symlinks outside document root"
+msgstr "Não siga ligações simbólicas (symlinks) para fora do documento raiz"
+
+msgid "Do not generate directory listings."
+msgstr "Não gere listagens de diretórios"
+
+msgid "Document root"
+msgstr "Documento Raiz"
+
+msgid "E.g specify with index.html and index.php when using PHP"
+msgstr "Ex: use index.html e index.php quando usar PHP"
+
+msgid "Embedded Lua interpreter is disabled if not present."
+msgstr "O interpretador Lua embutido será desabilitado se não presente."
+
+msgid "Enable JSON-RPC Cross-Origin Resource Support"
+msgstr "Habilite o suporte para recursos JSON-RPC de origem cruzada"
+
+msgid "For settings primarily geared to serving more than the web UI"
+msgstr "Para ajustes envolvidos com mais do que prover a interface web"
+
+msgid "Full Web Server Settings"
+msgstr "Configurações Completas do Servidor Web"
+
+msgid "Full real path to handler for Lua scripts"
+msgstr "Caminho completo para o interpretador de scripts Lua"
+
+msgid "General Settings"
+msgstr "Configurações Gerais"
+
+msgid "HTTP listeners (address:port)"
+msgstr "Escutas do HTTP (endereço:porta)"
+
+msgid "HTTPS Certificate (DER Encoded)"
+msgstr "Certificado do HTTPS (codificado em formato PEM)"
+
+msgid "HTTPS Private Key (DER Encoded)"
+msgstr "Chave Privada do HTTPS (codificado como DER)"
+
+msgid "HTTPS listener (address:port)"
+msgstr "Escuta do HTTPS (endereço:porta)"
+
+msgid "Ignore private IPs on public interface"
+msgstr "Ignore endereços IP privados na interface pública"
+
+msgid "Index page(s)"
+msgstr "Página(s) Índice(s)"
+
+msgid ""
+"Interpreter to associate with file endings ('suffix=handler', e.g. '.php=/"
+"usr/bin/php-cgi')"
+msgstr ""
+"Interpretador para associar com extensões de arquivos "
+"('extensão=interpretador', ex: '.php=/usr/bin/php-cgi')"
+
+msgid "Length of key in bits"
+msgstr "Comprimento da chave em bits"
+
+msgid "Location"
+msgstr "Localização"
+
+msgid "Maximum number of connections"
+msgstr "Número máximo de requisições para script"
+
+msgid "Maximum number of script requests"
+msgstr "Número máximo de requisições para script"
+
+msgid "Maximum wait time for Lua, CGI, or ubus execution"
+msgstr "Tempo máximo de espera para execuções de Lua, CGI ou ubus"
+
+msgid "Maximum wait time for network activity"
+msgstr "Tempo máximo de espera para atividade na rede"
+
+msgid "Override path for ubus socket"
+msgstr "Sobrescrever o caminho do socket ubus"
+
+msgid "Path prefix for CGI scripts"
+msgstr "Prefixo do caminho para scripts CGI"
+
+msgid ""
+"Prevent access from private (RFC1918) IPs on an interface if it has an "
+"public IP address"
+msgstr ""
+"Evite acesso de endereços privados (RFC1918) na interface que tem um "
+"endereço IP público"
+
+msgid "Realm for Basic Auth"
+msgstr "Reino para Autenticação Simples"
+
+msgid "Redirect all HTTP to HTTPS"
+msgstr "Redirecionar todo tráfego HTTP para HTTPS"
+
+msgid "Remove configuration for certificate and key"
+msgstr "Remove a configuração para o certificado e chave"
+
+msgid "Remove old certificate and key"
+msgstr "Remove os certificados e chaves antigas"
+
+msgid "Server Hostname"
+msgstr "Nome do Servidor"
+
+msgid ""
+"Settings which are either rarely needed or which affect serving the WebUI"
+msgstr "Ajustes que são raramente usadas ou que afetam a interface web"
+
+msgid "State"
+msgstr "Estado"
+
+msgid "TCP Keepalive"
+msgstr "Manter conexões TCP abertas (Keepalive)"
+
+msgid "This permanently deletes the cert, key, and configuration to use same."
+msgstr "Isto apaga permanentemente o certificado, a chave e a configuração."
+
+msgid "Valid for # of Days"
+msgstr "Valido por # dias"
+
+msgid ""
+"Virtual URL or CGI script to display on status '404 Not Found'. Must begin "
+"with '/'"
+msgstr ""
+"URL virtual ou script CGI para mostrar quando ocorrer erro '404 Não "
+"Encontrado'. Deve começar com '/'"
+
+msgid "Virtual path prefix for Lua scripts"
+msgstr "Prefixo do caminho virtual para scripts Lua"
+
+msgid "Virtual path prefix for ubus via JSON-RPC integration"
+msgstr "Prefixo do caminho virtual para o ubus através da integração JSON-RPC"
+
+msgid "Will not use HTTP authentication if not present"
+msgstr "Não usar autenticação HTTP se não presente"
+
+msgid "a.k.a CommonName"
+msgstr "também conhecido como Nome Comum"
+
+msgid "uHTTPd"
+msgstr "uHTTPd"
+
+msgid "uHTTPd Self-signed Certificate Parameters"
+msgstr "Parâmetros do Certificado Auto-assinado do uHTTPd"
+
+msgid ""
+"uHTTPd will generate a new self-signed certificate using the configuration "
+"shown below."
+msgstr ""
+"o uHTTPd gerará um certificado auto-assinado usando a configuração mostrada "
+"abaixo."
+
+msgid "ubus integration is disabled if not present"
+msgstr "A integração com o ubus será desativada se não presente"
diff --git a/package/luci/applications/luci-app-unbound/luasrc/model/cbi/unbound.lua b/package/luci/applications/luci-app-unbound/luasrc/model/cbi/unbound.lua
index 6d876c2c83..847c98a3e8 100644
--- a/package/luci/applications/luci-app-unbound/luasrc/model/cbi/unbound.lua
+++ b/package/luci/applications/luci-app-unbound/luasrc/model/cbi/unbound.lua
@@ -5,26 +5,29 @@
 
 m = Map("unbound", translate("Recursive DNS"),
 	translate("Unbound is a validating, recursive, and caching DNS resolver."))
-	
-s = m:section(TypedSection, "unbound", translate("Unbound Settings"))
-s.addremove = false
-s.anonymous = true
 
-s:tab("service", translate("Unbound Service"))
-s:tab("resource", translate("Unbound Resources"))
-s:tab("dnsmasq", translate("Dnsmasq Link"))
+s1 = m:section(TypedSection, "unbound")
+s1.addremove = false
+s1.anonymous = true
+s1:tab("service", translate("Basic Settings"))
+s1:tab("advanced", translate("Advanced Settings"))
+s1:tab("resource", translate("Resource Settings"))
 
---Enable Unbound
+--LuCI or Not
 
-e = s:taboption("service", Flag, "enabled", translate("Enable Unbound:"),
+ena = s1:taboption("service", Flag, "enabled", translate("Enable Unbound:"),
   translate("Enable the initialization scripts for Unbound"))
-e.rmempty = false
+ena.rmempty = false
 
-function e.cfgvalue(self, section)
+mcf = s1:taboption("service", Flag, "manual_conf", translate("Manual Conf:"),
+  translate("Skip UCI and use /etc/unbound/unbound.conf"))
+mcf.rmempty = false
+
+function ena.cfgvalue(self, section)
 	return luci.sys.init.enabled("unbound") and self.enabled or self.disabled
 end
 
-function e.write(self, section, value)
+function ena.write(self, section, value)
 	if value == "1" then
 		luci.sys.init.enable("unbound")
 		luci.sys.call("/etc/init.d/unbound start >/dev/null")
@@ -36,72 +39,136 @@ function e.write(self, section, value)
 	return Flag.write(self, section, value)
 end
 
---Service Tab
-
-mcf = s:taboption("service", Flag, "manual_conf", translate("Manual Conf:"),
-  translate("Skip UCI and use /etc/unbound/unbound.conf"))
-mcf.rmempty = false
+--Basic Tab
 
-lsv = s:taboption("service", Flag, "localservice", translate("Local Service:"),
+lsv = s1:taboption("service", Flag, "localservice", translate("Local Service:"),
   translate("Accept queries only from local subnets"))
 lsv.rmempty = false
 
-qry = s:taboption("service", Flag, "query_minimize", translate("Query Minimize:"),
-  translate("Break down query components for small added privacy"))
-qry.rmempty = false
-
-rlh = s:taboption("service", Flag, "rebind_localhost", translate("Block Localhost Rebind:"),
+rlh = s1:taboption("service", Flag, "rebind_localhost", translate("Block Localhost Rebind:"),
   translate("Prevent upstream response of 127.0.0.0/8"))
 rlh.rmempty = false
 
-rpv = s:taboption("service", Flag, "rebind_protection", translate("Block Private Rebind:"),
+rpv = s1:taboption("service", Flag, "rebind_protection", translate("Block Private Rebind:"),
   translate("Prevent upstream response of RFC1918 ranges"))
 rpv.rmempty = false
 
-vld = s:taboption("service", Flag, "validator", translate("Enable DNSSEC:"),
+vld = s1:taboption("service", Flag, "validator", translate("Enable DNSSEC:"),
   translate("Enable the DNSSEC validator module"))
 vld.rmempty = false
 
-nvd = s:taboption("service", Flag, "validator_ntp", translate("DNSSEC NTP Fix:"),
+nvd = s1:taboption("service", Flag, "validator_ntp", translate("DNSSEC NTP Fix:"),
   translate("Break the loop where DNSSEC needs NTP and NTP needs DNS"))
 nvd.rmempty = false
+nvd:depends({ validator = true })
 
-eds = s:taboption("service", Value, "edns_size", translate("EDNS Size:"),
+eds = s1:taboption("service", Value, "edns_size", translate("EDNS Size:"),
   translate("Limit extended DNS packet size"))
 eds.datatype = "and(uinteger,min(512),max(4096))"
 eds.rmempty = false
 
-prt = s:taboption("service", Value, "listen_port", translate("Listening Port:"),
+prt = s1:taboption("service", Value, "listen_port", translate("Listening Port:"),
   translate("Choose Unbounds listening port"))
 prt.datatype = "port"
 prt.rmempty = false
 
-tlm = s:taboption("service", Value, "ttl_min", translate("TTL Minimum:"),
+tlm = s1:taboption("service", Value, "ttl_min", translate("TTL Minimum:"),
   translate("Prevent excessively short cache periods"))
 tlm.datatype = "and(uinteger,min(0),max(600))"
 tlm.rmempty = false
 
-d64 = s:taboption("service", Flag, "dns64", translate("Enable DNS64:"),
+--Advanced Tab
+
+ctl = s1:taboption("advanced", Flag, "unbound_control", translate("Unbound Control App:"),
+  translate("Enable unecrypted localhost access for unbound-control"))
+ctl.rmempty = false
+
+dlk = s1:taboption("advanced", ListValue, "dhcp_link", translate("DHCP Link:"),
+  translate("Link to supported programs to load DHCP into DNS"))
+dlk:value("none", translate("No Link"))
+dlk:value("dnsmasq", "dnsmasq")
+dlk:value("odhcpd", "odhcpd")
+dlk.rmempty = false
+
+dom = s1:taboption("advanced", Value, "domain", translate("Local Domain:"),
+  translate("Domain suffix for this router and DHCP clients"))
+dom.placeholder = "lan"
+dom:depends({ dhcp_link = "none" })
+dom:depends({ dhcp_link = "odhcpd" })
+
+dty = s1:taboption("advanced", ListValue, "domain_type", translate("Local Domain Type:"),
+  translate("How to treat queries of this local domain"))
+dty:value("deny", translate("Ignored"))
+dty:value("refuse", translate("Refused"))
+dty:value("static", translate("Only Local"))
+dty:value("transparent", translate("Also Forwarded"))
+dty:depends({ dhcp_link = "none" })
+dty:depends({ dhcp_link = "odhcpd" })
+
+lfq = s1:taboption("advanced", ListValue, "add_local_fqdn", translate("LAN DNS:"),
+  translate("How to enter the LAN or local network router in DNS"))
+lfq:value("0", translate("No DNS"))
+lfq:value("1", translate("Hostname, Primary Address"))
+lfq:value("2", translate("Hostname, All Addresses"))
+lfq:value("3", translate("Host FQDN, All Addresses"))
+lfq:value("4", translate("Interface FQDN, All Addresses"))
+lfq:depends({ dhcp_link = "none" })
+lfq:depends({ dhcp_link = "odhcpd" })
+
+wfq = s1:taboption("advanced", ListValue, "add_wan_fqdn", translate("WAN DNS:"),
+  translate("Override the WAN side router entry in DNS"))
+wfq:value("0", translate("Upstream"))
+wfq:value("1", translate("Hostname, Primary Address"))
+wfq:value("2", translate("Hostname, All Addresses"))
+wfq:value("3", translate("Host FQDN, All Addresses"))
+wfq:value("4", translate("Interface FQDN, All Addresses"))
+wfq:depends({ dhcp_link = "none" })
+wfq:depends({ dhcp_link = "odhcpd" })
+
+ctl = s1:taboption("advanced", Flag, "dhcp4_slaac6", translate("DHCPv4 to SLAAC:"),
+  translate("Use DHCPv4 MAC to discover IP6 hosts SLAAC (EUI64)"))
+ctl.rmempty = false
+
+d64 = s1:taboption("advanced", Flag, "dns64", translate("Enable DNS64:"),
   translate("Enable the DNS64 module"))
 d64.rmempty = false
 
-pfx = s:taboption("service", Value, "dns64_prefix", translate("DNS64 Prefix:"),
+pfx = s1:taboption("advanced", Value, "dns64_prefix", translate("DNS64 Prefix:"),
   translate("Prefix for generated DNS64 addresses"))
 pfx.datatype = "ip6addr"
 pfx.placeholder = "64:ff9b::/96"
 pfx.optional = true
-pfx:depends({ dns64 = "1" })
+pfx:depends({ dns64 = true })
+
+qry = s1:taboption("advanced", Flag, "query_minimize", translate("Query Minimize:"),
+  translate("Break down query components for limited added privacy"))
+qry.rmempty = false
+
+qrs = s1:taboption("advanced", Flag, "query_min_strict", translate("Strict Minimize:"),
+  translate("Strict version of 'query minimize' but it can break DNS"))
+qrs.rmempty = false
+qrs:depends({ query_minimize = true })
+
+--TODO: dnsmasq needs to not reference resolve-file and get off port 53.
 
 --Resource Tuning Tab
 
-rsn = s:taboption("resource", ListValue, "recursion", translate("Recursion Strength:"),
+pro = s1:taboption("resource", ListValue, "protocol", translate("Recursion Protocol:"),
+  translate("Chose the protocol recursion queries leave on"))
+pro:value("mixed", translate("IP4 and IP6"))
+pro:value("ip6_prefer", translate("IP6 Preferred"))
+pro:value("ip4_only", translate("IP4 Only"))
+pro:value("ip6_only", translate("IP6 Only"))
+pro.rmempty = false
+
+rsn = s1:taboption("resource", ListValue, "recursion", translate("Recursion Strength:"),
   translate("Recursion activity affects memory growth and CPU load"))
 rsn:value("aggressive", translate("Aggressive"))
 rsn:value("default", translate("Default"))
 rsn:value("passive", translate("Passive"))
 rsn.rmempty = false
 
-rsc = s:taboption("resource", ListValue, "resource", translate("Memory Resource:"),
+rsc = s1:taboption("resource", ListValue, "resource", translate("Memory Resource:"),
   translate("Use menu System/Processes to observe any memory growth"))
 rsc:value("large", translate("Large"))
 rsc:value("medium", translate("Medium"))
@@ -109,27 +176,14 @@ rsc:value("small", translate("Small"))
 rsc:value("tiny", translate("Tiny"))
 rsc.rmempty = false
 
-age = s:taboption("resource", Value, "root_age", translate("Root DSKEY Age:"),
+ag2 = s1:taboption("resource", Value, "root_age", translate("Root DSKEY Age:"),
   translate("Limit days between RFC5011 to reduce flash writes"))
-age.datatype = "and(uinteger,min(1),max(99))"
-age:value("14", "14")
-age:value("28", "28 ("..translate("default")..")")
-age:value("45", "45")
-age:value("90", "90")
-age:value("99", "99 ("..translate("never")..")")
-
---Dnsmasq Link Tab
-
-dld = s:taboption("dnsmasq", Flag, "dnsmasq_link_dns", translate("Link dnsmasq:"),
-  translate("Forward queries to dnsmasq for local clients"))
-dld.rmempty = false
-
-dgn = s:taboption("dnsmasq", Flag, "dnsmsaq_gate_name", translate("Local Gateway Name:"),
-  translate("Also query dnsmasq for this hosts outbound gateway"))
-dgn.rmempty = false
-
---TODO: Read only repective dnsmasq options and inform user of link requirements.
---TODO: dnsmasq needs to not reference resolve-file and get off port 53.
+ag2.datatype = "and(uinteger,min(1),max(99))"
+ag2:value("14", "14")
+ag2:value("28", "28 ("..translate("default")..")")
+ag2:value("45", "45")
+ag2:value("90", "90")
+ag2:value("99", "99 ("..translate("never")..")")
 
 return m
 
diff --git a/package/luci/applications/luci-app-unbound/root/etc/uci-defaults/60_luci-unbound b/package/luci/applications/luci-app-unbound/root/etc/uci-defaults/60_luci-unbound
new file mode 100644
index 0000000000..cc714ac53e
--- /dev/null
+++ b/package/luci/applications/luci-app-unbound/root/etc/uci-defaults/60_luci-unbound
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+  delete ucitrack.@unbound[-1]
+  add ucitrack unbound
+  set ucitrack.@unbound[-1].init=unbound
+  commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+[ ! -x /usr/sbin/unbound-control ] && exit 0
+
+uci -q batch <<-EOF >/dev/null
+  set luci.unboundhosts=command
+  set luci.unboundhosts.name='Unbound Local Hosts'
+  set luci.unboundhosts.command='unbound-control -c /var/lib/unbound/unbound.conf list_local_data'
+  set luci.unboundzones=command
+  set luci.unboundzones.name='Unbound Local Zones'
+  set luci.unboundzones.command='unbound-control -c /var/lib/unbound/unbound.conf list_local_zones'
+  commit luci
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0
+
diff --git a/package/luci/applications/luci-app-vpnbypass/po/pt-br/vpnbypass.po b/package/luci/applications/luci-app-vpnbypass/po/pt-br/vpnbypass.po
new file mode 100644
index 0000000000..6eda027c40
--- /dev/null
+++ b/package/luci/applications/luci-app-vpnbypass/po/pt-br/vpnbypass.po
@@ -0,0 +1,55 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid "Configuration of VPN Bypass Settings"
+msgstr "Configurações do VPN Bypass"
+
+msgid "Domains to Bypass"
+msgstr "Domínios para evitar a VPN"
+
+msgid "Domains which will be accessed directly (outside of the VPN tunnel)"
+msgstr "Domínios que serão acessados diretamente (fora do túnel VPN)"
+
+msgid "Enable VPN Bypass"
+msgstr "Habilitar o VPN Bypass"
+
+msgid "Local IP Subnets to Bypass"
+msgstr "Subredes IP locais para evitar a VPN"
+
+msgid "Local IP ranges with direct internet access (outside of the VPN tunnel)"
+msgstr "Faixa de endereços IP locais que terão acesso internet direto (fora do túnel VPN)"
+
+msgid "Local Ports to Bypass"
+msgstr "Portas locais para evitar a VPN"
+
+msgid "Local ports to trigger VPN Bypass"
+msgstr "Portas locais para disparar o VPN Bypass"
+
+msgid "Remote IP Subnets to Bypass"
+msgstr "Subredes IP remotas para evitar a VPN"
+
+msgid "Remote IP ranges which will be accessed directly (outside of the VPN tunnel)"
+msgstr "Faixa de endereços IP remotos que serão acessados diretamente (fora do túnel VPN)"
+
+msgid "Remote Ports to Bypass"
+msgstr "Portas remotas para evitar a VPN"
+
+msgid "Remote ports to trigger VPN Bypass"
+msgstr "Portas remotas para disparar o VPN Bypass"
+
+msgid "VPN Bypass"
+msgstr "VPN Bypass"
+
+msgid "VPN Bypass Settings"
+msgstr "Configurações do VPN Bypass"
diff --git a/package/luci/applications/luci-app-watchcat/po/pt-br/watchcat.po b/package/luci/applications/luci-app-watchcat/po/pt-br/watchcat.po
index fe97036379..e37066c3d9 100644
--- a/package/luci/applications/luci-app-watchcat/po/pt-br/watchcat.po
+++ b/package/luci/applications/luci-app-watchcat/po/pt-br/watchcat.po
@@ -1,15 +1,16 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"PO-Revision-Date: 2014-03-29 23:20+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
+"Project-Id-Version: \n"
+"PO-Revision-Date: 2017-02-20 18:10-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language-Team: none\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"POT-Creation-Date: \n"
 
 msgid "Forced reboot delay"
 msgstr "Atraso para reinício forçado"
@@ -51,15 +52,13 @@ msgstr "Período de ping"
 msgid "Watchcat"
 msgstr "Watchcat"
 
-#, fuzzy
 msgid ""
 "Watchcat allows configuring a periodic reboot when the Internet connection "
 "has been lost for a certain period of time."
 msgstr ""
-"Watchcat permite que se configure um período para reiniciar e/ou quando a "
+"Watchcat permite a configuração de um período para reiniciar e/ou quando a "
 "conexão com à Internet foi perdida por um ser período de tempo."
 
-#, fuzzy
 msgid ""
 "When rebooting the system, the watchcat will trigger a soft reboot. Entering "
 "a non zero value here will trigger a delayed hard reboot if the soft reboot "
diff --git a/package/luci/applications/luci-app-wifischedule/po/pt-br/wifischedule.po b/package/luci/applications/luci-app-wifischedule/po/pt-br/wifischedule.po
new file mode 100644
index 0000000000..19e31b54ca
--- /dev/null
+++ b/package/luci/applications/luci-app-wifischedule/po/pt-br/wifischedule.po
@@ -0,0 +1,114 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Language: pt_BR\n"
+
+msgid "Activate wifi"
+msgstr "Ativar a WiFi"
+
+msgid "Could not find required /usr/bin/wifi_schedule.sh or /sbin/wifi"
+msgstr ""
+"Não foi possível localizar os programas necessários '/usr/bin/wifi_schedule."
+"sh' ou '/sbin/wifi'."
+
+msgid "Could not find required programm /usr/bin/iwinfo"
+msgstr "Não foi possível localizar o programa necessário '/usr/bin/iwinfo'"
+
+msgid "Cron Jobs"
+msgstr "Tarefas da Cron"
+
+msgid "Day(s) of Week"
+msgstr "Dia(s) da semana"
+
+msgid "Defines a schedule when to turn on and off wifi."
+msgstr "Define um agendamento para quando ligar ou desligar a WiFi."
+
+msgid "Determine Modules Automatically"
+msgstr "Determinar os Módulos Automaticamente"
+
+msgid "Disable wifi gracefully"
+msgstr "Desabilitar a WiFi amistosamente"
+
+msgid "Disabled wifi forced"
+msgstr "WiFi foi desabilitada de forma forçada."
+
+msgid "Enable"
+msgstr "Habilitar"
+
+msgid "Enable Wifi Schedule"
+msgstr "Habilitar o agendamento da WiFi"
+
+msgid "Enable logging"
+msgstr "Habilite os registros (log)"
+
+msgid "Force disabling wifi even if stations associated"
+msgstr "Force a desativação da WiFi mesmo se existirem estações associadas "
+
+msgid "Friday"
+msgstr "Sexta-feira"
+
+msgid "Global Settings"
+msgstr "Configurações Globais"
+
+msgid "Monday"
+msgstr "Segunda-Feira"
+
+msgid "Saturday"
+msgstr "Sábado"
+
+msgid "Schedule"
+msgstr "Agendamento"
+
+msgid "Schedule events"
+msgstr "Eventos do agendamento"
+
+msgid "Start Time"
+msgstr "Hora Inicial"
+
+msgid "Start WiFi"
+msgstr "Iniciar WiFi"
+
+msgid "Stop Time"
+msgstr "Hora Final"
+
+msgid "Stop WiFi"
+msgstr "Parar WiFi"
+
+msgid "Sunday"
+msgstr "Domingo"
+
+msgid "The value %s is invalid"
+msgstr "O valor %s é inválido"
+
+msgid "Thursday"
+msgstr "Quita-feira"
+
+msgid "Tuesday"
+msgstr "Terça-feira"
+
+msgid "Unload Modules (experimental; saves more power)"
+msgstr "Descarregar Módulos (experimental, poupa mais energia)"
+
+msgid "View Cron Jobs"
+msgstr "Visualizar Tarefas da Cron"
+
+msgid "View Logfile"
+msgstr "Visualizar o Arquivo de Registros (log)"
+
+msgid "Wednesday"
+msgstr "Quarta-feira"
+
+msgid "Wifi Schedule"
+msgstr "Agendamento da Wifi"
+
+msgid "Wifi Schedule Logfile"
+msgstr "Arquivo de Registros (log) do Agendamento da Wifi"
diff --git a/package/luci/applications/luci-app-wol/po/pt-br/wol.po b/package/luci/applications/luci-app-wol/po/pt-br/wol.po
index 6a21a855b6..df66ad24b9 100644
--- a/package/luci/applications/luci-app-wol/po/pt-br/wol.po
+++ b/package/luci/applications/luci-app-wol/po/pt-br/wol.po
@@ -2,18 +2,18 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2010-04-19 00:29+0200\n"
-"PO-Revision-Date: 2011-10-11 20:31+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
+"PO-Revision-Date: 2017-02-20 18:13-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language-Team: none\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.4\n"
+"X-Generator: Poedit 1.8.11\n"
 
 msgid "Broadcast on all interfaces"
 msgstr "Broadcast em todas as interfaces"
@@ -27,12 +27,11 @@ msgstr "Computador para acordar"
 msgid "Network interface to use"
 msgstr "Interfaces de rede para usar"
 
-#, fuzzy
 msgid ""
 "Sometimes only one of the two tools works. If one fails, try the other one"
 msgstr ""
-"Algumas vezes, somente uma das ferramentas funciona. Se uma delas falhar, "
-"tente a outra"
+"Algumas vezes, somente uma das duas ferramentas funciona. Se uma delas "
+"falhar, tente a outra"
 
 msgid "Specifies the interface the WoL packet is sent on"
 msgstr "Especifica a interface para onde os pacotes de WoL serão enviados"
@@ -54,3 +53,6 @@ msgstr "Acorda um computador"
 
 msgid "WoL program"
 msgstr "Programa WoL"
+
+#~ msgid "Send to broadcast address"
+#~ msgstr "Enviar para o endereço de broadcast"
diff --git a/package/luci/collections/luci-ssl-openssl/Makefile b/package/luci/collections/luci-ssl-openssl/Makefile
index b5f4b091b1..d1e752e8b8 100644
--- a/package/luci/collections/luci-ssl-openssl/Makefile
+++ b/package/luci/collections/luci-ssl-openssl/Makefile
@@ -11,10 +11,10 @@ LUCI_BASENAME:=ssl-openssl
 
 LUCI_TITLE:=LuCI with HTTPS support (OpenSSL as SSL backend)
 LUCI_DESCRIPTION:=LuCI with OpenSSL as the SSL backend (libustream-openssl). \
- Note: px5g still requires libmbedtls (in LEDE) or libpolarssl (in Openwrt). \
- In LEDE it is also possible to replace px5g with openssl-util as uhttpd can \
- also generate keys with openssl commandline tools if px5g is not installed.
-LUCI_DEPENDS:=+luci +libustream-openssl +px5g
+ OpenSSL cmd tools (openssl-util) are used by uhttpd for SSL key generation \
+ instead of the default px5g. (If px5g is installed, uhttpd will prefer that.)
+
+LUCI_DEPENDS:=+luci +libustream-openssl +openssl-util
 
 include ../../luci.mk
 
diff --git a/package/luci/collections/luci-ssl/Makefile b/package/luci/collections/luci-ssl/Makefile
index ad2acf7874..8fb8ff4627 100644
--- a/package/luci/collections/luci-ssl/Makefile
+++ b/package/luci/collections/luci-ssl/Makefile
@@ -10,7 +10,7 @@ LUCI_TYPE:=col
 LUCI_BASENAME:=ssl
 
 LUCI_TITLE:=LuCI with HTTPS support (mbedTLS as SSL backend)
-LUCI_DEPENDS:=+luci +libustream-mbedtls +px5g-mbedtls
+LUCI_DEPENDS:=+luci +libustream-mbedtls +px5g
 
 include ../../luci.mk
 
diff --git a/package/luci/contrib/package/freifunk-common/Makefile b/package/luci/contrib/package/freifunk-common/Makefile
index c15f02dcf6..d9bbd994a1 100644
--- a/package/luci/contrib/package/freifunk-common/Makefile
+++ b/package/luci/contrib/package/freifunk-common/Makefile
@@ -4,7 +4,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freifunk-common
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 
diff --git a/package/luci/luci.mk b/package/luci/luci.mk
index 69aecaa250..137886f1b3 100644
--- a/package/luci/luci.mk
+++ b/package/luci/luci.mk
@@ -70,7 +70,8 @@ PKG_VERSION?=$(if $(DUMP),x,$(strip $(shell \
 PKG_GITBRANCH?=$(if $(DUMP),x,$(strip $(shell \
 	variant="LuCI"; \
 	if git log -1 >/dev/null 2>/dev/null; then \
-		branch="$$(git symbolic-ref --short -q HEAD 2>/dev/null)"; \
+		branch="$$(git branch --remote --verbose --no-abbrev --contains 2>/dev/null | \
+			sed -rne 's|^[^/]+/([^ ]+) [a-f0-9]{40} .+$$|\1|p' | head -n1)"; \
 		if [ "$$branch" != "master" ]; then \
 			variant="LuCI $$branch branch"; \
 		else \
diff --git a/package/luci/modules/luci-base/htdocs/luci-static/resources/cbi.js b/package/luci/modules/luci-base/htdocs/luci-static/resources/cbi.js
index 5790e303dd..8e66cbc380 100644
--- a/package/luci/modules/luci-base/htdocs/luci-static/resources/cbi.js
+++ b/package/luci/modules/luci-base/htdocs/luci-static/resources/cbi.js
@@ -118,6 +118,50 @@ var cbi_validators = {
 		return false;
 	},
 
+	'ipmask': function()
+	{
+		return cbi_validators.ipmask4.apply(this) ||
+			cbi_validators.ipmask6.apply(this);
+	},
+
+	'ipmask4': function()
+	{
+		var ip = this, mask = 32;
+
+		if (ip.match(/^(\S+)\/(\S+)$/))
+		{
+			ip = RegExp.$1;
+			mask = RegExp.$2;
+		}
+
+		if (!isNaN(mask) && (mask < 0 || mask > 32))
+			return false;
+
+		if (isNaN(mask) && !cbi_validators.ip4addr.apply(mask))
+			return false;
+
+		return cbi_validators.ip4addr.apply(ip);
+	},
+
+	'ipmask6': function()
+	{
+		var ip = this, mask = 128;
+
+		if (ip.match(/^(\S+)\/(\S+)$/))
+		{
+			ip = RegExp.$1;
+			mask = RegExp.$2;
+		}
+
+		if (!isNaN(mask) && (mask < 0 || mask > 128))
+			return false;
+
+		if (isNaN(mask) && !cbi_validators.ip6addr.apply(mask))
+			return false;
+
+		return cbi_validators.ip6addr.apply(ip);
+	},
+
 	'port': function()
 	{
 		var p = Int(this);
@@ -523,13 +567,6 @@ function cbi_init() {
 		}
 	}
 
-	nodes = document.querySelectorAll('[data-type]');
-
-	for (var i = 0, node; (node = nodes[i]) !== undefined; i++) {
-		cbi_validate_field(node, node.getAttribute('data-optional') === 'true',
-		                   node.getAttribute('data-type'));
-	}
-
 	nodes = document.querySelectorAll('[data-choices]');
 
 	for (var i = 0, node; (node = nodes[i]) !== undefined; i++) {
@@ -562,6 +599,13 @@ function cbi_init() {
 		cbi_dynlist_init(node, choices[2], choices[3], options);
 	}
 
+	nodes = document.querySelectorAll('[data-type]');
+
+	for (var i = 0, node; (node = nodes[i]) !== undefined; i++) {
+		cbi_validate_field(node, node.getAttribute('data-optional') === 'true',
+		                   node.getAttribute('data-type'));
+	}
+
 	cbi_d_update();
 }
 
diff --git a/package/luci/modules/luci-base/luasrc/cbi/datatypes.lua b/package/luci/modules/luci-base/luasrc/cbi/datatypes.lua
index 626ad91c75..036d6ff5e3 100644
--- a/package/luci/modules/luci-base/luasrc/cbi/datatypes.lua
+++ b/package/luci/modules/luci-base/luasrc/cbi/datatypes.lua
@@ -131,6 +131,48 @@ function ip6prefix(val)
 	return ( val and val >= 0 and val <= 128 )
 end
 
+function ipmask(val)
+	return ipmask4(val) or ipmask6(val)
+end
+
+function ipmask4(val)
+	local ip, mask = val:match("^([^/]+)/([^/]+)$")
+	local bits = tonumber(mask)
+
+	if bits and (bits < 0 or bits > 32) then
+		return false
+	end
+
+	if not bits and mask and not ip4addr(mask) then
+		return false
+	end
+
+	return ip4addr(ip or val)
+end
+
+function ipmask6(val)
+	local ip, mask = val:match("^([^/]+)/([^/]+)$")
+	local bits = tonumber(mask)
+
+	if bits and (bits < 0 or bits > 128) then
+		return false
+	end
+
+	if not bits and mask and not ip6addr(mask) then
+		return false
+	end
+
+	return ip6addr(ip or val)
+end
+
+function ip6hostid(val)
+	if val and val:match("^[a-fA-F0-9:]+$") and (#val > 2) then
+		return (ip6addr("2001:db8:0:0" .. val) or ip6addr("2001:db8:0:0:" .. val))
+	end
+
+	return false
+end
+
 function port(val)
 	val = tonumber(val)
 	return ( val and val >= 0 and val <= 65535 )
@@ -233,6 +275,28 @@ function wepkey(val)
 	end
 end
 
+function hexstring(val)
+	if val then
+		return (val:match("^[a-fA-F0-9]+$") ~= nil)
+	end
+	return false
+end
+
+function hex(val, maxbytes)
+	maxbytes = tonumber(maxbytes)
+	if val and maxbytes ~= nil then
+		return ((val:match("^0x[a-fA-F0-9]+$") ~= nil) and (#val <= 2 + maxbytes * 2))
+	end
+	return false
+end
+
+function base64(val)
+	if val then
+		return (val:match("^[a-zA-Z0-9/+]+=?=?$") ~= nil) and (math.fmod(#val, 4) == 0)
+	end
+	return false
+end
+
 function string(val)
 	return true		-- Everything qualifies as valid string
 end
@@ -378,29 +442,29 @@ function dateyyyymmdd(val)
 			return false;
 		end
 
-        	local days_in_month = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }
-
-        	local function is_leap_year(year)
-            		return (year % 4 == 0) and ((year % 100 ~= 0) or (year % 400 == 0))
-        	end
-
-        	function get_days_in_month(month, year)
-            		if (month == 2) and is_leap_year(year) then
-               			return 29
-            		else
-                		return days_in_month[month]
-            		end
-        	end
-        	if (year < 2015) then
-	    		return false
-        	end 
-        	if ((month == 0) or (month > 12)) then
-            		return false
-        	end 
-        	if ((day == 0) or (day > get_days_in_month(month, year))) then
-            		return false
-        	end
-        	return true
+		local days_in_month = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }
+
+		local function is_leap_year(year)
+			return (year % 4 == 0) and ((year % 100 ~= 0) or (year % 400 == 0))
+		end
+
+		function get_days_in_month(month, year)
+			if (month == 2) and is_leap_year(year) then
+				return 29
+			else
+				return days_in_month[month]
+			end
+		end
+		if (year < 2015) then
+			return false
+		end
+		if ((month == 0) or (month > 12)) then
+			return false
+		end
+		if ((day == 0) or (day > get_days_in_month(month, year))) then
+			return false
+		end
+		return true
 	end
 	return false
 end
diff --git a/package/luci/modules/luci-base/luasrc/model/network.lua b/package/luci/modules/luci-base/luasrc/model/network.lua
index 2d8336bf33..49d91b875a 100644
--- a/package/luci/modules/luci-base/luasrc/model/network.lua
+++ b/package/luci/modules/luci-base/luasrc/model/network.lua
@@ -950,6 +950,13 @@ function protocol.dns6addrs(self)
 	return dns
 end
 
+function protocol.ip6prefix(self)
+	local prefix = self:_ubus("ipv6-prefix")
+	if prefix and #prefix > 0 then
+		return "%s/%d" %{ prefix[1].address, prefix[1].mask }
+	end
+end
+
 function protocol.is_bridge(self)
 	return (not self:is_virtual() and self:type() == "bridge")
 end
diff --git a/package/luci/modules/luci-base/luasrc/view/cbi/mvalue.htm b/package/luci/modules/luci-base/luasrc/view/cbi/mvalue.htm
index 246ef43aad..db17450d27 100644
--- a/package/luci/modules/luci-base/luasrc/view/cbi/mvalue.htm
+++ b/package/luci/modules/luci-base/luasrc/view/cbi/mvalue.htm
@@ -36,7 +36,7 @@
 				<label<%= attr("for", cbid.."-"..key)%>></label>
 				<%=pcdata(self.vallist[i])%>
 			</label>
-			<% if i == self.size then write('<br />') end %>
+			<% if self.size and (i % self.size) == 0 then write('<br />') end %>
 		<% end %>
 	</div>
 <% end %>
diff --git a/package/luci/modules/luci-base/po/ca/base.po b/package/luci/modules/luci-base/po/ca/base.po
index 044339bc0f..f72c2a634b 100644
--- a/package/luci/modules/luci-base/po/ca/base.po
+++ b/package/luci/modules/luci-base/po/ca/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Càrrega d'1 minut:"
 
 msgid "15 Minute Load:"
 msgstr "Càrrega de 15 minuts:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Càrrega de 5 minuts:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -861,6 +888,9 @@ msgstr "Inhabilita el temporitzador HW-Beacon"
 msgid "Disabled"
 msgstr "Inhabilitat"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Descarta les respostes RFC1918 des de dalt"
 
@@ -1029,6 +1059,11 @@ msgstr "Activa/Desactiva"
 msgid "Enabled"
 msgstr "Habilitat"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Habilita l'Spanning Tree Protocol a aquest pont"
 
@@ -1075,6 +1110,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1325,6 +1366,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Adreça IP"
 
@@ -1418,6 +1462,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "Adreça IPv6"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-en-IPv4 (RFC4213)"
 
@@ -1684,6 +1731,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1869,6 +1932,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Manca l'extensió de protocol del protocol %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Mode"
 
@@ -2122,6 +2188,9 @@ msgstr "Opció canviada"
 msgid "Option removed"
 msgstr "Opció treta"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2220,6 +2289,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2349,6 +2421,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2414,6 +2489,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Calidad"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2495,6 +2576,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2513,6 +2597,9 @@ msgstr "Rep"
 msgid "Receiver Antenna"
 msgstr "Antena receptora"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Reconnex aquesta interfície"
 
@@ -2564,6 +2651,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Alguns ISP ho requereixen, per exemple el Charter amb DOCSIS 3"
 
@@ -2579,6 +2669,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3296,6 +3391,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "Dispositiu USB"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3397,6 +3495,11 @@ msgstr "Usat"
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3657,6 +3760,9 @@ msgstr "fitxer <abbr title=\"Domain Name System\">DNS</abbr> local"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3711,6 +3817,9 @@ msgstr ""
 msgid "tagged"
 msgstr "etiquetat"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "desconegut"
 
diff --git a/package/luci/modules/luci-base/po/cs/base.po b/package/luci/modules/luci-base/po/cs/base.po
index 8c850a26e8..3f6a4e10b9 100644
--- a/package/luci/modules/luci-base/po/cs/base.po
+++ b/package/luci/modules/luci-base/po/cs/base.po
@@ -41,18 +41,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Zatížení za 1 minutu:"
 
 msgid "15 Minute Load:"
 msgstr "Zatížení za 15 minut:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Zatížení za 5 minut:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -867,6 +894,9 @@ msgstr "Zakázat HW-Beacon časovač"
 msgid "Disabled"
 msgstr "Zakázáno"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Vyřadit upstream RFC1918 odpovědi"
 
@@ -1039,6 +1069,11 @@ msgstr "Povolit/Zakázat"
 msgid "Enabled"
 msgstr "Povoleno"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Na tomto síťovém mostě povolit Spanning Tree Protocol"
 
@@ -1087,6 +1122,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Externí protokolovací server"
 
@@ -1336,6 +1377,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP adresy"
 
@@ -1429,6 +1473,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6 adresa"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-in-IPv4 (RFC4213)"
 
@@ -1699,6 +1746,22 @@ msgstr ""
 "Seznam <abbr title=\"Domain Name System\">DNS</abbr> serverů, na které "
 "přeposílat požadavky"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1891,6 +1954,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Chybějící rozšíření protokolu %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Mód"
 
@@ -2143,6 +2209,9 @@ msgstr "Volba změněna"
 msgid "Option removed"
 msgstr "Volba odstraněna"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2243,6 +2312,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2372,6 +2444,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2439,6 +2514,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Kvalita"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2533,6 +2614,9 @@ msgstr "Provoz v reálném čase"
 msgid "Realtime Wireless"
 msgstr "Wireless v reálném čase"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Opětovné nastavení ochrany"
 
@@ -2551,6 +2635,9 @@ msgstr "Přijmout"
 msgid "Receiver Antenna"
 msgstr "Přijímací anténa"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Přepojit toto rozhraní"
 
@@ -2602,6 +2689,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 # Charter je poskytovate
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Vyžadováno u některých ISP, např. Charter s DocSIS 3"
@@ -2618,6 +2708,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3362,6 +3457,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB zařízení"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3469,6 +3567,11 @@ msgstr "Použit"
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3726,6 +3829,9 @@ msgstr "místní <abbr title=\"Domain Name System\">DNS</abbr> soubor"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3780,6 +3886,9 @@ msgstr ""
 msgid "tagged"
 msgstr "označený"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "neznámý"
 
diff --git a/package/luci/modules/luci-base/po/de/base.po b/package/luci/modules/luci-base/po/de/base.po
index e44d8bb234..ea2d7c917e 100644
--- a/package/luci/modules/luci-base/po/de/base.po
+++ b/package/luci/modules/luci-base/po/de/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Systemlast (1 Minute):"
 
 msgid "15 Minute Load:"
 msgstr "Systemlast (15 Minuten):"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Systemlast (5 Minuten):"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -862,6 +889,9 @@ msgstr "Deaktiviere Hardware-Beacon Zeitgeber"
 msgid "Disabled"
 msgstr "Deaktiviert"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Eingehende RFC1918-Antworten verwerfen"
 
@@ -1034,6 +1064,11 @@ msgstr "Aktivieren/Deaktivieren"
 msgid "Enabled"
 msgstr "Aktiviert"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Aktiviert das Spanning Tree Protokoll auf dieser Netzwerkbrücke"
 
@@ -1083,6 +1118,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Externer Protokollserver IP"
 
@@ -1335,6 +1376,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP-Adresse"
 
@@ -1428,6 +1472,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-Adresse"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-in-IPv4 (RFC4213)"
 
@@ -1699,6 +1746,22 @@ msgstr ""
 "Liste von <abbr title=\"Domain Name System\">DNS</abbr>-Servern an welche "
 "Requests weitergeleitet werden"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1894,6 +1957,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Erweiterung für Protokoll %q fehlt"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Modus"
 
@@ -2148,6 +2214,9 @@ msgstr "Option geändert"
 msgid "Option removed"
 msgstr "Option entfernt"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2248,6 +2317,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2377,6 +2449,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2444,6 +2519,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Qualität"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2539,6 +2620,9 @@ msgstr "Echtzeitverkehr"
 msgid "Realtime Wireless"
 msgstr "Echtzeit-WLAN-Signal"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "DNS-Rebind-Schutz"
 
@@ -2557,6 +2641,9 @@ msgstr "Empfangen"
 msgid "Receiver Antenna"
 msgstr "Empfangsantenne"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Diese Schnittstelle neu verbinden"
 
@@ -2608,6 +2695,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 "Wird von bestimmten Internet-Providern benötigt, z.B. Charter mit DOCSIS 3"
@@ -2624,6 +2714,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3385,6 +3480,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB-Gerät"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3493,6 +3591,11 @@ msgstr "Belegt"
 msgid "Used Key Slot"
 msgstr "Benutzer Schlüsselindex"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3750,6 +3853,9 @@ msgstr "Lokale DNS-Datei"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3804,6 +3910,9 @@ msgstr ""
 msgid "tagged"
 msgstr "tagged"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "unbekannt"
 
diff --git a/package/luci/modules/luci-base/po/el/base.po b/package/luci/modules/luci-base/po/el/base.po
index a196f5b08e..8b11a99f08 100644
--- a/package/luci/modules/luci-base/po/el/base.po
+++ b/package/luci/modules/luci-base/po/el/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Φορτίο 1 λεπτού:"
 
 msgid "15 Minute Load:"
 msgstr "Φορτίο 15 λεπτών:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Φορτίο 5 λεπτών:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -876,6 +903,9 @@ msgstr "Απενεργοποίηση χρονιστή HW-Beacon"
 msgid "Disabled"
 msgstr "Απενεργοποιημένο"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Αγνόησε τις απαντήσεις ανοδικής ροής RFC1918"
 
@@ -1051,6 +1081,11 @@ msgstr "Ενεργοποίηση/Απενεργοποίηση"
 msgid "Enabled"
 msgstr "Ενεργοποιημένο"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 
@@ -1100,6 +1135,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Εξωτερικός εξυπηρετητής καταγραφής συστήματος"
 
@@ -1349,6 +1390,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Διεύθυνση IP"
 
@@ -1442,6 +1486,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-in-IPv4 (RFC4213)"
 
@@ -1712,6 +1759,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1898,6 +1961,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Λειτουργία"
 
@@ -2152,6 +2218,9 @@ msgstr "Η επιλογή άλλαξε"
 msgid "Option removed"
 msgstr "Η επιλογή αφαιρέθηκε"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2250,6 +2319,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2379,6 +2451,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2445,6 +2520,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2526,6 +2607,9 @@ msgstr "Κίνηση πραγματικού χρόνου"
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2544,6 +2628,9 @@ msgstr "Λήψη"
 msgid "Receiver Antenna"
 msgstr "Κεραία Λήψης"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Επανασύνδεση της διεπαφής"
 
@@ -2595,6 +2682,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2610,6 +2700,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3321,6 +3416,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "Συσκευή USB"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3422,6 +3520,11 @@ msgstr "Σε χρήση"
 msgid "Used Key Slot"
 msgstr "Χρησιμοποιούμενη Υποδοχή Κλειδιού"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3679,6 +3782,9 @@ msgstr "τοπικό αρχείο <abbr title=\"Domain Name System\">DNS</abbr>"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3733,6 +3839,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/en/base.po b/package/luci/modules/luci-base/po/en/base.po
index 125314d83b..e11c0faac9 100644
--- a/package/luci/modules/luci-base/po/en/base.po
+++ b/package/luci/modules/luci-base/po/en/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "1 Minute Load:"
 
 msgid "15 Minute Load:"
 msgstr "15 Minute Load:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "5 Minute Load:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -862,6 +889,9 @@ msgstr "Disable HW-Beacon timer"
 msgid "Disabled"
 msgstr "Disabled"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -1030,6 +1060,11 @@ msgstr "Enable/Disable"
 msgid "Enabled"
 msgstr "Enabled"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Enables the Spanning Tree Protocol on this bridge"
 
@@ -1076,6 +1111,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1323,6 +1364,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP address"
 
@@ -1416,6 +1460,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1681,6 +1728,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1866,6 +1929,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Mode"
 
@@ -2119,6 +2185,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2217,6 +2286,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2346,6 +2418,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2411,6 +2486,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2492,6 +2573,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2510,6 +2594,9 @@ msgstr "Receive"
 msgid "Receiver Antenna"
 msgstr "Receiver Antenna"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2561,6 +2648,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2576,6 +2666,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3278,6 +3373,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3379,6 +3477,11 @@ msgstr "Used"
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3635,6 +3738,9 @@ msgstr "local <abbr title=\"Domain Name System\">DNS</abbr> file"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3689,6 +3795,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/es/base.po b/package/luci/modules/luci-base/po/es/base.po
index da786b69d6..bfc0305a2e 100644
--- a/package/luci/modules/luci-base/po/es/base.po
+++ b/package/luci/modules/luci-base/po/es/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Carga a 1 minuto:"
 
 msgid "15 Minute Load:"
 msgstr "Carga a 15 minutos:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Carga a 5 minutos:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 "<abbr title=\"Identificador de conjunto de servicios básicos\">BSSID</abbr>"
@@ -873,6 +900,9 @@ msgstr "Desactivar el temporizador de baliza hardware"
 msgid "Disabled"
 msgstr "Desactivar"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Descartar respuestas RFC1918 salientes"
 
@@ -1045,6 +1075,11 @@ msgstr "Activar/Desactivar"
 msgid "Enabled"
 msgstr "Activado"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Activa el protocol STP en este puente"
 
@@ -1094,6 +1129,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Servidor externo de registro del sistema"
 
@@ -1345,6 +1386,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Dirección IP"
 
@@ -1438,6 +1482,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "Dirección IPv6"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-en-IPv4 (RFC4213)"
 
@@ -1713,6 +1760,22 @@ msgstr ""
 "Lista de servidores <abbr title=\"Domain Name System\">DNS</abbr> a los que "
 "enviar solicitudes"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1905,6 +1968,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Extensión de protocolo faltante para %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Modo"
 
@@ -2157,6 +2223,9 @@ msgstr "Opción cambiada"
 msgid "Option removed"
 msgstr "Opción eliminada"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2257,6 +2326,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2386,6 +2458,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2453,6 +2528,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Calidad"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2546,6 +2627,9 @@ msgstr "Tráfico en tiempo real"
 msgid "Realtime Wireless"
 msgstr "Red inalámbrica en tiempo real"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Protección contra reasociación"
 
@@ -2564,6 +2648,9 @@ msgstr "Recibir"
 msgid "Receiver Antenna"
 msgstr "Antena Receptora"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Reconectar esta interfaz"
 
@@ -2615,6 +2702,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Necesario para ciertos ISPs, por ejemplo Charter con DOCSIS 3"
 
@@ -2630,6 +2720,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3387,6 +3482,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "Dispositivo USB"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3495,6 +3593,11 @@ msgstr "Usado"
 msgid "Used Key Slot"
 msgstr "Espacio de clave usado"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3754,6 +3857,9 @@ msgstr "Archvo <abbr title=\"Domain Name System\">DNS</abbr> local"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3808,6 +3914,9 @@ msgstr ""
 msgid "tagged"
 msgstr "marcado"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "desconocido"
 
diff --git a/package/luci/modules/luci-base/po/fr/base.po b/package/luci/modules/luci-base/po/fr/base.po
index cce8ee20ad..8e610fb864 100644
--- a/package/luci/modules/luci-base/po/fr/base.po
+++ b/package/luci/modules/luci-base/po/fr/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Charge sur 1 minute :"
 
 msgid "15 Minute Load:"
 msgstr "Charge sur 15 minutes :"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Charge sur 5 minutes :"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -880,6 +907,9 @@ msgstr "Désactiver l'émission périodique de balises wifi (« HW-Beacon »)"
 msgid "Disabled"
 msgstr "Désactivé"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Jeter les réponses en RFC1918 amont"
 
@@ -1055,6 +1085,11 @@ msgstr "Activer/Désactiver"
 msgid "Enabled"
 msgstr "Activé"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 "Activer le protocole <abbr title=\"Spanning Tree Protocol\">STP</abbr> sur "
@@ -1106,6 +1141,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Serveur distant de journaux système"
 
@@ -1357,6 +1398,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Adresse IP"
 
@@ -1450,6 +1494,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "Adresse IPv6"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6 dans IPv4 (RFC 4213)"
 
@@ -1724,6 +1771,22 @@ msgstr ""
 "Liste des serveurs auquels sont transmis les requêtes <abbr title=\"Domain "
 "Name System\">DNS</abbr>"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1919,6 +1982,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Extention de protocole manquante pour le proto %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Mode"
 
@@ -2170,6 +2236,9 @@ msgstr "Option modifiée"
 msgid "Option removed"
 msgstr "Option retirée"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2270,6 +2339,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "code PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2399,6 +2471,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2466,6 +2541,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Qualitée"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2559,6 +2640,9 @@ msgstr "Trafic temps-réel"
 msgid "Realtime Wireless"
 msgstr "Qualité de réception actuelle"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Protection contre l'attaque « rebind »"
 
@@ -2577,6 +2661,9 @@ msgstr "Reçoit"
 msgid "Receiver Antenna"
 msgstr "Antenne émettrice"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Reconnecter cet interface"
 
@@ -2628,6 +2715,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Nécessaire avec certains FAIs, par ex. : Charter avec DOCSIS 3"
 
@@ -2643,6 +2733,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3405,6 +3500,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "Périphérique USB"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3514,6 +3612,11 @@ msgstr "Utilisé"
 msgid "Used Key Slot"
 msgstr "Clé utilisée"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3772,6 +3875,9 @@ msgstr "fichier de résolution local"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3826,6 +3932,9 @@ msgstr ""
 msgid "tagged"
 msgstr "marqué"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "inconnu"
 
diff --git a/package/luci/modules/luci-base/po/he/base.po b/package/luci/modules/luci-base/po/he/base.po
index 0b11005ca0..70a1238e53 100644
--- a/package/luci/modules/luci-base/po/he/base.po
+++ b/package/luci/modules/luci-base/po/he/base.po
@@ -41,18 +41,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "עומס במשך דקה:"
 
 msgid "15 Minute Load:"
 msgstr "עומס במשך רבע שעה:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "עומס במשך 5 דקות:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 
@@ -854,6 +881,9 @@ msgstr ""
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -1015,6 +1045,11 @@ msgstr ""
 msgid "Enabled"
 msgstr "אפשר"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 
@@ -1061,6 +1096,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1306,6 +1347,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr ""
 
@@ -1399,6 +1443,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1656,6 +1703,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1841,6 +1904,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr ""
 
@@ -2086,6 +2152,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2184,6 +2253,9 @@ msgstr ""
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2313,6 +2385,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2378,6 +2453,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2460,6 +2541,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2478,6 +2562,9 @@ msgstr ""
 msgid "Receiver Antenna"
 msgstr ""
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2529,6 +2616,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2544,6 +2634,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3236,6 +3331,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3337,6 +3435,11 @@ msgstr ""
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3586,6 +3689,9 @@ msgstr ""
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3640,6 +3746,9 @@ msgstr ""
 msgid "tagged"
 msgstr "מתויג"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/hu/base.po b/package/luci/modules/luci-base/po/hu/base.po
index 2b85df15aa..700efd964d 100644
--- a/package/luci/modules/luci-base/po/hu/base.po
+++ b/package/luci/modules/luci-base/po/hu/base.po
@@ -41,18 +41,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Terhelés (utolsó 1 perc):"
 
 msgid "15 Minute Load:"
 msgstr "Terhelés (utolsó 15 perc):"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Terhelés (utolsó 5 perc):"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -874,6 +901,9 @@ msgstr "Hardveres beacon időzítő letiltása"
 msgid "Disabled"
 msgstr "Letiltva"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Beérkező RFC1918 DHCP válaszok elvetése. "
 
@@ -1048,6 +1078,11 @@ msgstr "Engedélyezés/Letiltás"
 msgid "Enabled"
 msgstr "Engedélyezve"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "A Spanning Tree prokoll engedélyezése erre a hídra"
 
@@ -1095,6 +1130,12 @@ msgstr "A bérelt címek lejárati ideje, a minimális érték 2 perc."
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Külső rendszernapló kiszolgáló"
 
@@ -1346,6 +1387,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP cím"
 
@@ -1439,6 +1483,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-cím"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6 IPv4-ben (RFC4213)"
 
@@ -1713,6 +1760,22 @@ msgstr ""
 "<abbr title=\"Domain Name System\">DNS</abbr> szerverek listája, ahová a "
 "kérések továbbításra kerülnek"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1908,6 +1971,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Hiányzó protokoll kiterjesztés a %q progokoll számára"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Mód"
 
@@ -2160,6 +2226,9 @@ msgstr "Beállítás módosítva"
 msgid "Option removed"
 msgstr "Beállítás eltávolítva"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2260,6 +2329,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2389,6 +2461,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2456,6 +2531,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Minőség"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2550,6 +2631,9 @@ msgstr "Valósidejű forgalom"
 msgid "Realtime Wireless"
 msgstr "Valósidejű vezetéknélküli adatok"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Rebind elleni védelem"
 
@@ -2568,6 +2652,9 @@ msgstr "Fogadás"
 msgid "Receiver Antenna"
 msgstr "Vevő antenna"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Csatlakoztassa újra az interfészt"
 
@@ -2619,6 +2706,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 "Szükséges bizonyos internetszolgáltatók esetén, pl. Charter 'DOCSIS 3'-al"
@@ -2635,6 +2725,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3393,6 +3488,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB eszköz"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3501,6 +3599,11 @@ msgstr "Használt"
 msgid "Used Key Slot"
 msgstr "Használt kulcsindex"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3760,6 +3863,9 @@ msgstr "helyi <abbr title=\"Domain Name System\">DNS</abbr> fájl"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3814,6 +3920,9 @@ msgstr ""
 msgid "tagged"
 msgstr "cimkézett"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "ismeretlen"
 
diff --git a/package/luci/modules/luci-base/po/it/base.po b/package/luci/modules/luci-base/po/it/base.po
index 2f5350dd78..06ae794f85 100644
--- a/package/luci/modules/luci-base/po/it/base.po
+++ b/package/luci/modules/luci-base/po/it/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Carico in 1 minuto:"
 
 msgid "15 Minute Load:"
 msgstr "Carico in 15 minut:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Carico in 5 minuti:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 "<abbr title=\"Servizio basilare di impostazione Identificatore\">BSSID</abbr>"
@@ -878,6 +905,9 @@ msgstr "Disabilita Timer Beacon HW"
 msgid "Disabled"
 msgstr "Disabilitato"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Ignora risposte RFC1918 upstream"
 
@@ -1049,6 +1079,11 @@ msgstr "Abilita/Disabilita"
 msgid "Enabled"
 msgstr "Abilitato"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Abilita il protocollo di Spanning Tree su questo bridge"
 
@@ -1097,6 +1132,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Server Log di Sistema esterno"
 
@@ -1349,6 +1390,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Indirizzo IP"
 
@@ -1442,6 +1486,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "Indirizzo-IPv6"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-in-IPv4 (RFC4213)"
 
@@ -1715,6 +1762,22 @@ msgstr ""
 "Elenco di Server <abbr title=\"Sistema Nome Dimio\">DNS</abbr>a cui "
 "inoltrare le richieste in"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1906,6 +1969,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Modalità"
 
@@ -2158,6 +2224,9 @@ msgstr "Opzione cambiata"
 msgid "Option removed"
 msgstr "Opzione cancellata"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2256,6 +2325,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2385,6 +2457,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2450,6 +2525,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2534,6 +2615,9 @@ msgstr "Traffico in tempo reale"
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2552,6 +2636,9 @@ msgstr "Ricezione"
 msgid "Receiver Antenna"
 msgstr "Antenna ricevente"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Ricollega questa interfaccia"
 
@@ -2603,6 +2690,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2618,6 +2708,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3344,6 +3439,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3452,6 +3550,11 @@ msgstr "Usato"
 msgid "Used Key Slot"
 msgstr "Slot Chiave Usata"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3713,6 +3816,9 @@ msgstr "File <abbr title=\"Sistema Nome Dominio\">DNS</abbr> locale"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3767,6 +3873,9 @@ msgstr ""
 msgid "tagged"
 msgstr "etichettato"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "sconosciuto"
 
diff --git a/package/luci/modules/luci-base/po/ja/base.po b/package/luci/modules/luci-base/po/ja/base.po
index ed72412540..96e52b013f 100644
--- a/package/luci/modules/luci-base/po/ja/base.po
+++ b/package/luci/modules/luci-base/po/ja/base.po
@@ -43,18 +43,45 @@ msgstr "-- デバイスで設定 --"
 msgid "-- match by label --"
 msgstr "-- ラベルで設定 --"
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "過去1分の負荷:"
 
 msgid "15 Minute Load:"
 msgstr "過去15分の負荷:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "過去5分の負荷:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -873,6 +900,9 @@ msgstr "HWビーコンタイマーを無効にする"
 msgid "Disabled"
 msgstr "無効"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "RFC1918の応答を破棄します"
 
@@ -1045,6 +1075,11 @@ msgstr "有効/無効"
 msgid "Enabled"
 msgstr "有効"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "スパニングツリー・プロトコルを有効にする"
 
@@ -1094,6 +1129,12 @@ msgstr ""
 msgid "External"
 msgstr "外部"
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "外部システムログ・サーバー"
 
@@ -1344,6 +1385,9 @@ msgstr "ハイブリッド"
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IPアドレス"
 
@@ -1437,6 +1481,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-アドレス"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-in-IPv4 (RFC4213)"
 
@@ -1705,6 +1752,22 @@ msgstr ""
 "問い合わせを転送する<abbr title=\"Domain Name System\">DNS</abbr> サーバーの"
 "リストを設定します"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr "認証用 SSH暗号キー ファイルのリスト"
 
@@ -1898,6 +1961,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "プロトコル %qのプロトコル拡張が見つかりません"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "モード"
 
@@ -2151,6 +2217,9 @@ msgstr "変更されるオプション"
 msgid "Option removed"
 msgstr "削除されるオプション"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2251,6 +2320,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2380,6 +2452,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr "事前共有鍵"
 
@@ -2447,6 +2522,12 @@ msgstr ""
 msgid "Quality"
 msgstr "クオリティ"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2542,6 +2623,9 @@ msgstr "リアルタイム・トラフィック"
 msgid "Realtime Wireless"
 msgstr "リアルタイム・無線LAN"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "DNSリバインディング・プロテクション"
 
@@ -2560,6 +2644,9 @@ msgstr "受信"
 msgid "Receiver Antenna"
 msgstr "受信アンテナ"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "インターフェースの再接続"
 
@@ -2611,6 +2698,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr "TLSが必要"
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "DOCSIS 3.0を使用するいくつかのISPでは必要になります"
 
@@ -2626,6 +2716,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3368,6 +3463,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USBデバイス"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3477,6 +3575,11 @@ msgstr "使用"
 msgid "Used Key Slot"
 msgstr "使用するキースロット"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3735,6 +3838,9 @@ msgstr "ローカル <abbr title=\"Domain Name System\">DNS</abbr>ファイル"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3789,6 +3895,9 @@ msgstr "ステートレス + ステートフル"
 msgid "tagged"
 msgstr "tagged"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "不明"
 
diff --git a/package/luci/modules/luci-base/po/ko/base.po b/package/luci/modules/luci-base/po/ko/base.po
index 9a1a815785..59372bd976 100644
--- a/package/luci/modules/luci-base/po/ko/base.po
+++ b/package/luci/modules/luci-base/po/ko/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "1 분 부하:"
 
 msgid "15 Minute Load:"
 msgstr "15 분 부하:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "5 분 부하:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 
@@ -862,6 +889,9 @@ msgstr ""
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -1028,6 +1058,11 @@ msgstr "활성/비활성"
 msgid "Enabled"
 msgstr "활성화됨"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "이 bridge 에 Spanning Tree Protocol 활성화합니다"
 
@@ -1074,6 +1109,12 @@ msgstr "임대한 주소의 유효 시간.  최소값은  2 분 (<code>2m</code>
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "외부 system log 서버"
 
@@ -1244,7 +1285,7 @@ msgid "Global network options"
 msgstr ""
 
 msgid "Go to password configuration..."
-msgstr ""
+msgstr "암호 설정 하기"
 
 msgid "Go to relevant configuration page"
 msgstr ""
@@ -1322,6 +1363,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP 주소"
 
@@ -1415,6 +1459,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-주소"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1673,6 +1720,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1859,6 +1922,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr ""
 
@@ -2000,7 +2066,7 @@ msgid "No package lists available"
 msgstr ""
 
 msgid "No password set!"
-msgstr ""
+msgstr "암호 설정을 해주세요!"
 
 msgid "No rules in this chain"
 msgstr ""
@@ -2110,6 +2176,9 @@ msgstr "변경된 option"
 msgid "Option removed"
 msgstr "삭제된 option"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2210,6 +2279,9 @@ msgstr ""
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2339,6 +2411,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2404,6 +2479,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2487,6 +2568,9 @@ msgstr "실시간 트래픽"
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2505,6 +2589,9 @@ msgstr ""
 msgid "Receiver Antenna"
 msgstr ""
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "이 인터페이스를 재연결합니다"
 
@@ -2556,6 +2643,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "특정 ISP 들에 요구됨.  예: Charter (DOCSIS 3 기반)"
 
@@ -2571,6 +2661,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -2734,7 +2829,7 @@ msgid "Service Type"
 msgstr ""
 
 msgid "Services"
-msgstr "Services"
+msgstr "서비스"
 
 msgid "Set up Time Synchronization"
 msgstr ""
@@ -3120,6 +3215,8 @@ msgid ""
 "There is no password set on this router. Please configure a root password to "
 "protect the web interface and enable SSH."
 msgstr ""
+"이 공유기에 암호 설정이 되지 않았습니다. 웹 UI 와 SSH 부분을 보호하기 위해서 "
+"꼭 root 암호를 설정해 주세요."
 
 msgid "This IPv4 address of the relay"
 msgstr ""
@@ -3278,6 +3375,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3387,6 +3487,11 @@ msgstr ""
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3642,6 +3747,9 @@ msgstr "local <abbr title=\"Domain Name System\">DNS</abbr> 파일"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3696,6 +3804,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/ms/base.po b/package/luci/modules/luci-base/po/ms/base.po
index 8ba922f87f..517d237d91 100644
--- a/package/luci/modules/luci-base/po/ms/base.po
+++ b/package/luci/modules/luci-base/po/ms/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr ""
 
 msgid "15 Minute Load:"
 msgstr ""
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr ""
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -835,6 +862,9 @@ msgstr "Mematikan pemasa HW-Beacon"
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -1000,6 +1030,11 @@ msgstr ""
 msgid "Enabled"
 msgstr ""
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Aktifkan spanning Tree Protokol di jambatan ini"
 
@@ -1046,6 +1081,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1293,6 +1334,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Alamat IP"
 
@@ -1386,6 +1430,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1652,6 +1699,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1839,6 +1902,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Mode"
 
@@ -2091,6 +2157,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2189,6 +2258,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2318,6 +2390,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2383,6 +2458,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2463,6 +2544,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2481,6 +2565,9 @@ msgstr "Menerima"
 msgid "Receiver Antenna"
 msgstr "Antena Penerima"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2532,6 +2619,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2547,6 +2637,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3254,6 +3349,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3355,6 +3453,11 @@ msgstr "Diguna"
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3606,6 +3709,9 @@ msgstr "Fail DNS tempatan"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3660,6 +3766,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/no/base.po b/package/luci/modules/luci-base/po/no/base.po
index f9dad0a4e6..d17e4aadd9 100644
--- a/package/luci/modules/luci-base/po/no/base.po
+++ b/package/luci/modules/luci-base/po/no/base.po
@@ -38,18 +38,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "1 minutts belastning:"
 
 msgid "15 Minute Load:"
 msgstr "15 minutters belastning:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "5 minutters belastning:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -863,6 +890,9 @@ msgstr "Deaktiver HW-Beacon timer"
 msgid "Disabled"
 msgstr "Deaktivert"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Forkast oppstrøms RFC1918 svar"
 
@@ -1035,6 +1065,11 @@ msgstr "Aktiver/Deaktiver"
 msgid "Enabled"
 msgstr "Aktivert"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Aktiverer Spanning Tree Protocol på denne broen"
 
@@ -1082,6 +1117,12 @@ msgstr "Utløpstid på leide adresser, minimum er 2 minutter (<code>2m</code>)."
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Ekstern systemlogg server"
 
@@ -1332,6 +1373,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP adresse"
 
@@ -1425,6 +1469,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-Adresse"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-i-IPv4 (RFC4213)"
 
@@ -1691,6 +1738,22 @@ msgstr ""
 "Liste med <abbr title=\"Domain Name System\">DNS</abbr> servere som "
 "forespørsler blir videresendt til"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1882,6 +1945,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Mangler protokoll utvidelse for proto %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Modus"
 
@@ -2135,6 +2201,9 @@ msgstr "Innstilling endret"
 msgid "Option removed"
 msgstr "Innstilling fjernet"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2235,6 +2304,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2364,6 +2436,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2431,6 +2506,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Kvalitet"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2524,6 +2605,9 @@ msgstr "Trafikk Sanntid"
 msgid "Realtime Wireless"
 msgstr "Trådløst i sanntid"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Binde beskyttelse"
 
@@ -2542,6 +2626,9 @@ msgstr "Motta"
 msgid "Receiver Antenna"
 msgstr "Mottak antenne"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Koble til igjen"
 
@@ -2593,6 +2680,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Er nødvendig for noen nettleverandører, f.eks Charter med DOCSIS 3"
 
@@ -2608,6 +2698,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3359,6 +3454,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB Enhet"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3467,6 +3565,11 @@ msgstr "Brukt"
 msgid "Used Key Slot"
 msgstr "Brukte Nøkler"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3726,6 +3829,9 @@ msgstr "lokal <abbr title=\"Domain Navn System\">DNS</abbr>-fil"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3780,6 +3886,9 @@ msgstr ""
 msgid "tagged"
 msgstr "tagget"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "ukjent"
 
diff --git a/package/luci/modules/luci-base/po/pl/base.po b/package/luci/modules/luci-base/po/pl/base.po
index a78584cbbc..8b0368bdeb 100644
--- a/package/luci/modules/luci-base/po/pl/base.po
+++ b/package/luci/modules/luci-base/po/pl/base.po
@@ -44,18 +44,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Obciążenie 1 min.:"
 
 msgid "15 Minute Load:"
 msgstr "Obciążenie 15 min.:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Obciążenie 5 min.:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -885,6 +912,9 @@ msgstr "Wyłącz zegar HW-Beacon"
 msgid "Disabled"
 msgstr "Wyłączony"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Odrzuć wychodzące odpowiedzi RFC1918"
 
@@ -1062,6 +1092,11 @@ msgstr "Wlącz/Wyłącz"
 msgid "Enabled"
 msgstr "Włączony"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 "Włącz protokół <abbr title=\"Spanning Tree Protocol\">STP</abbr> na tym "
@@ -1113,6 +1148,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Zewnętrzny serwer dla loga systemowego"
 
@@ -1369,6 +1410,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Adres IP"
 
@@ -1462,6 +1506,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "Adres IPv6"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-w-IPv4 (RFC4213)"
 
@@ -1736,6 +1783,22 @@ msgstr ""
 "Lista serwerów <abbr title=\"Domain Name System\">DNS</abbr> do których będą "
 "przekazywane zapytania"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1928,6 +1991,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Brakujące rozszerzenie protokołu dla protokołu %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Tryb"
 
@@ -2180,6 +2246,9 @@ msgstr "Wartość zmieniona"
 msgid "Option removed"
 msgstr "Usunięto wartość"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2280,6 +2349,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2411,6 +2483,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2479,6 +2554,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Jakość"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2573,6 +2654,9 @@ msgstr "Ruch w czasie rzeczywistym"
 msgid "Realtime Wireless"
 msgstr "WiFi w czasie rzeczywistym"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Przypisz ochronę"
 
@@ -2591,6 +2675,9 @@ msgstr "Odebrane"
 msgid "Receiver Antenna"
 msgstr "Antena odbiorcza"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Połącz ponownie ten interfejs"
 
@@ -2642,6 +2729,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Wymagany dla niektórych dostawców internetu, np. Charter z DOCSIS 3"
 
@@ -2657,6 +2747,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3422,6 +3517,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "Urządzenie USB"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3531,6 +3629,11 @@ msgstr "Użyte"
 msgid "Used Key Slot"
 msgstr "Użyte gniazdo klucza"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3791,6 +3894,9 @@ msgstr "lokalny plik <abbr title=\"Domain Name System\">DNS</abbr>"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3846,6 +3952,9 @@ msgstr ""
 msgid "tagged"
 msgstr "tagowane"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "nieznane"
 
diff --git a/package/luci/modules/luci-base/po/pt-br/base.po b/package/luci/modules/luci-base/po/pt-br/base.po
index 0bcd6398d5..6315f7727d 100644
--- a/package/luci/modules/luci-base/po/pt-br/base.po
+++ b/package/luci/modules/luci-base/po/pt-br/base.po
@@ -1,20 +1,20 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2009-06-10 03:41+0200\n"
-"PO-Revision-Date: 2014-03-29 23:31+0200\n"
-"Last-Translator: Luiz Angelo <luizluca@gmail.com>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
+"PO-Revision-Date: 2017-02-22 20:30-0300\n"
+"Last-Translator: Luiz Angelo Daros de Luca <luizluca@gmail.com>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Pootle 2.0.6\n"
+"X-Generator: Poedit 1.8.11\n"
+"Language-Team: \n"
 
 msgid "%s is untagged in multiple VLANs!"
-msgstr ""
+msgstr "%s está sem etiqueta em múltiplas VLANs!"
 
 msgid "(%d minute window, %d second interval)"
 msgstr "(janela de %d minutos, intervalo de %d segundos)"
@@ -38,10 +38,15 @@ msgid "-- custom --"
 msgstr "-- personalizado --"
 
 msgid "-- match by device --"
-msgstr ""
+msgstr "-- casar por dispositivo --"
 
 msgid "-- match by label --"
+msgstr "-- casar por rótulo --"
+
+msgid "-- match by uuid --"
 msgstr ""
+"-- casar por <abbr title=\"Universal Unique IDentifier/Identificador Único "
+"Universal\">UUID</abbr> --"
 
 msgid "1 Minute Load:"
 msgstr "Carga 1 Minuto:"
@@ -49,12 +54,38 @@ msgstr "Carga 1 Minuto:"
 msgid "15 Minute Load:"
 msgstr "Carga 15 Minutos:"
 
+msgid "4-character hexadecimal ID"
+msgstr "Identificador hexadecimal de 4 caracteres"
+
 msgid "464XLAT (CLAT)"
-msgstr ""
+msgstr "464XLAT (CLAT)"
 
 msgid "5 Minute Load:"
 msgstr "Carga 5 Minutos:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+"Identificador de 6 octetos como uma cadeia hexadecimal - sem dois pontos"
+
+msgid "802.11r Fast Transition"
+msgstr "802.11r Fast Transition"
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr "Tempo de expiração máximo da consulta da Associação SA do 802.11w"
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+"Tempo de expiração de tentativa de consulta da Associação SA do 802.11w"
+
+msgid "802.11w Management Frame Protection"
+msgstr "Proteção do Quadro de Gerenciamento do 802.11w"
+
+msgid "802.11w maximum timeout"
+msgstr "Estouro de tempo máximo do 802.11w"
+
+msgid "802.11w retry timeout"
+msgstr "Estouro de tempo da nova tentativa do 802.11w"
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 "<abbr title=\"Identificador de Conjunto Básico de Serviços\">BSSID</abbr>"
@@ -100,6 +131,8 @@ msgstr "Roteador <abbr title=\"Protocolo de Internet Versão 6\">IPv6</abbr>"
 
 msgid "<abbr title=\"Internet Protocol Version 6\">IPv6</abbr>-Suffix (hex)"
 msgstr ""
+"<abbr title=\"Internet Protocol Version 6/Protocolo Internet Versão "
+"6\">IPv6</abbr>-Suffix (hex)"
 
 msgid "<abbr title=\"Light Emitting Diode\">LED</abbr> Configuration"
 msgstr "Configuração do <abbr title=\"Diodo Emissor de Luz\">LED</abbr>"
@@ -131,19 +164,23 @@ msgid "<abbr title='Pairwise: %s / Group: %s'>%s - %s</abbr>"
 msgstr "<abbr title='Par: %s / Grupo: %s'>%s - %s</abbr>"
 
 msgid "A43C + J43 + A43"
-msgstr ""
+msgstr "A43C + J43 + A43"
 
 msgid "A43C + J43 + A43 + V43"
-msgstr ""
+msgstr "A43C + J43 + A43 + V43"
 
 msgid "ADSL"
 msgstr ""
+"<abbr title=\"Assymetrical Digital Subscriber Line/Linha Digital Assimétrica "
+"para Assinante\">ADSL</abbr>"
 
 msgid "AICCU (SIXXS)"
 msgstr ""
+"<abbr title=\"Automatic IPv6 Connectivity Client Utility/Utilitário Cliente "
+"de Conectividade IPv6 Automática\">AICCU (SIXXS)</abbr>"
 
 msgid "ANSI T1.413"
-msgstr ""
+msgstr "ANSI T1.413"
 
 msgid "APN"
 msgstr "<abbr title=\"Access Point Name\">APN</abbr>"
@@ -157,16 +194,20 @@ msgstr ""
 "abbr>"
 
 msgid "ATM (Asynchronous Transfer Mode)"
-msgstr ""
+msgstr "ATM (Asynchronous Transfer Mode)"
 
 msgid "ATM Bridges"
 msgstr "Ponte ATM"
 
 msgid "ATM Virtual Channel Identifier (VCI)"
-msgstr "Identificador de Canal Virtual ATM (VCI)"
+msgstr ""
+"Identificador de Canal Virtual ATM (<abbr title=\"Virtual Channel Identifier"
+"\">VCI</abbr>)"
 
 msgid "ATM Virtual Path Identifier (VPI)"
-msgstr "Identificador de Caminho Virtual ATM (VPI)"
+msgstr ""
+"Identificador de Caminho Virtual ATM (<abbr title=\"Virtual Path Identifier"
+"\">VPI</abbr>)"
 
 msgid ""
 "ATM bridges expose encapsulated ethernet in AAL5 connections as virtual "
@@ -181,10 +222,10 @@ msgid "ATM device number"
 msgstr "Número do dispositivo ATM"
 
 msgid "ATU-C System Vendor ID"
-msgstr ""
+msgstr "Identificador de"
 
 msgid "AYIYA"
-msgstr ""
+msgstr "AYIYA"
 
 msgid "Access Concentrator"
 msgstr "Concentrador de Acesso"
@@ -234,7 +275,7 @@ msgid "Additional Hosts files"
 msgstr "Arquivos adicionais de equipamentos conhecidos (hosts)"
 
 msgid "Additional servers file"
-msgstr ""
+msgstr "Arquivo de servidores adicionais"
 
 msgid "Address"
 msgstr "Endereço"
@@ -250,6 +291,8 @@ msgstr "Opções Avançadas"
 
 msgid "Aggregate Transmit Power(ACTATP)"
 msgstr ""
+"Potência de Transmissão Agregada (<abbr title=\"Aggregate Transmit Power"
+"\">ACTATP</abbr>)"
 
 msgid "Alert"
 msgstr "Alerta"
@@ -258,9 +301,11 @@ msgid ""
 "Allocate IP addresses sequentially, starting from the lowest available "
 "address"
 msgstr ""
+"Alocar endereços IP sequencialmente, iniciando a partir do endereço mais "
+"baixo disponível"
 
 msgid "Allocate IP sequentially"
-msgstr ""
+msgstr "Alocar endereços IP sequencialmente"
 
 msgid "Allow <abbr title=\"Secure Shell\">SSH</abbr> password authentication"
 msgstr ""
@@ -293,78 +338,81 @@ msgstr ""
 "exemplo, para os serviços RBL"
 
 msgid "Allowed IPs"
-msgstr ""
+msgstr "Endereços IP autorizados"
 
 msgid ""
 "Also see <a href=\"https://www.sixxs.net/faq/connectivity/?faq=comparison"
 "\">Tunneling Comparison</a> on SIXXS"
 msgstr ""
+"Veja também a <a href=\"https://www.sixxs.net/faq/connectivity/?"
+"faq=comparison\">Comparação de Tunelamentos</a> em SIXXS"
 
 msgid "Always announce default router"
-msgstr ""
+msgstr "Sempre anuncie o roteador padrão"
 
 msgid "Annex"
-msgstr ""
+msgstr "Anexo"
 
 msgid "Annex A + L + M (all)"
-msgstr ""
+msgstr "Anexos A + L + M (todo)"
 
 msgid "Annex A G.992.1"
-msgstr ""
+msgstr "Anexo A G.992.1"
 
 msgid "Annex A G.992.2"
-msgstr ""
+msgstr "Anexo A G.992.2"
 
 msgid "Annex A G.992.3"
-msgstr ""
+msgstr "Anexo A G.992.3"
 
 msgid "Annex A G.992.5"
-msgstr ""
+msgstr "Anexo A G.992.5"
 
 msgid "Annex B (all)"
-msgstr ""
+msgstr "Anexo B (todo)"
 
 msgid "Annex B G.992.1"
-msgstr ""
+msgstr "Anexo B G.992.1"
 
 msgid "Annex B G.992.3"
-msgstr ""
+msgstr "Anexo B G.992.3"
 
 msgid "Annex B G.992.5"
-msgstr ""
+msgstr "Anexo B G.992.5"
 
 msgid "Annex J (all)"
-msgstr ""
+msgstr "Anexo J (todo)"
 
 msgid "Annex L G.992.3 POTS 1"
-msgstr ""
+msgstr "Anexo L G.992.3 POTS 1"
 
 msgid "Annex M (all)"
-msgstr ""
+msgstr "Anexo M (todo)"
 
 msgid "Annex M G.992.3"
-msgstr ""
+msgstr "Anexo M G.992.3"
 
 msgid "Annex M G.992.5"
-msgstr ""
+msgstr "Anexo M G.992.5"
 
 msgid "Announce as default router even if no public prefix is available."
 msgstr ""
+"Anuncie-se como rotador padrão mesmo se não existir um prefixo público."
 
 msgid "Announced DNS domains"
-msgstr ""
+msgstr "Domínios DNS anunciados"
 
 msgid "Announced DNS servers"
-msgstr ""
+msgstr "Servidores DNS anunciados"
 
 msgid "Anonymous Identity"
-msgstr ""
+msgstr "Identidade Anônima"
 
 msgid "Anonymous Mount"
-msgstr ""
+msgstr "Montagem Anônima"
 
 msgid "Anonymous Swap"
-msgstr ""
+msgstr "Espaço de Troca (swap) Anônimo"
 
 msgid "Antenna 1"
 msgstr "Antena 1"
@@ -387,6 +435,8 @@ msgstr "Aplicar as alterações"
 msgid ""
 "Assign a part of given length of every public IPv6-prefix to this interface"
 msgstr ""
+"Atribua uma parte do comprimento de cada prefixo IPv6 público para esta "
+"interface"
 
 msgid "Assign interfaces..."
 msgstr "atribuir as interfaces"
@@ -394,6 +444,8 @@ msgstr "atribuir as interfaces"
 msgid ""
 "Assign prefix parts using this hexadecimal subprefix ID for this interface."
 msgstr ""
+"Atribua partes do prefixo usando este identificador hexadecimal do "
+"subprefixo para esta interface"
 
 msgid "Associated Stations"
 msgstr "Estações associadas"
@@ -402,16 +454,16 @@ msgid "Atheros 802.11%s Wireless Controller"
 msgstr "Controlador Wireless Atheros 802.11%s"
 
 msgid "Auth Group"
-msgstr ""
+msgstr "Grupo de Autenticação"
 
 msgid "AuthGroup"
-msgstr ""
+msgstr "Grupo de Autenticação"
 
 msgid "Authentication"
 msgstr "Autenticação"
 
 msgid "Authentication Type"
-msgstr ""
+msgstr "Tipo de Autenticação"
 
 msgid "Authoritative"
 msgstr "Autoritário"
@@ -423,25 +475,29 @@ msgid "Auto Refresh"
 msgstr "Atualização Automática"
 
 msgid "Automatic"
-msgstr ""
+msgstr "Automático"
 
 msgid "Automatic Homenet (HNCP)"
 msgstr ""
+"Rede Doméstica Automática (<abbr title=\"Homenet Control Protocol\">HNCP</"
+"abbr>)"
 
 msgid "Automatically check filesystem for errors before mounting"
 msgstr ""
+"Execute automaticamente a verificação do sistema de arquivos antes da "
+"montagem do dispositivo"
 
 msgid "Automatically mount filesystems on hotplug"
-msgstr ""
+msgstr "Monte automaticamente o espaço de troca (swap) ao conectar"
 
 msgid "Automatically mount swap on hotplug"
-msgstr ""
+msgstr "Monte automaticamente o espaço de troca (swap) ao conectar"
 
 msgid "Automount Filesystem"
-msgstr ""
+msgstr "Montagem Automática de Sistema de Arquivo"
 
 msgid "Automount Swap"
-msgstr ""
+msgstr "Montagem Automática do Espaço de Troca (swap) "
 
 msgid "Available"
 msgstr "Disponível"
@@ -453,13 +509,13 @@ msgid "Average:"
 msgstr "Média:"
 
 msgid "B43 + B43C"
-msgstr ""
+msgstr "B43 + B43C"
 
 msgid "B43 + B43C + V43"
-msgstr ""
+msgstr "B43 + B43C + V43"
 
 msgid "BR / DMR / AFTR"
-msgstr ""
+msgstr "BR / DMR / AFTR"
 
 msgid "BSSID"
 msgstr "BSSID"
@@ -495,10 +551,10 @@ msgid "Bad address specified!"
 msgstr "Endereço especificado está incorreto!"
 
 msgid "Band"
-msgstr ""
+msgstr "Banda"
 
 msgid "Behind NAT"
-msgstr ""
+msgstr "Atrás da NAT"
 
 msgid ""
 "Below is the determined list of files to backup. It consists of changed "
@@ -510,13 +566,15 @@ msgstr ""
 "padrões para a cópia de segurança definidos pelo usuário."
 
 msgid "Bind interface"
-msgstr ""
+msgstr "Interface Vinculada"
 
 msgid "Bind only to specific interfaces rather than wildcard address."
 msgstr ""
+"Vincule somente para as explicitamenteinterfaces ao invés do endereço "
+"coringa."
 
 msgid "Bind the tunnel to this interface (optional)."
-msgstr ""
+msgstr "Vincule o túnel a esta interface (opcional)"
 
 msgid "Bitrate"
 msgstr "Taxa de bits"
@@ -549,12 +607,15 @@ msgid ""
 "Build/distribution specific feed definitions. This file will NOT be "
 "preserved in any sysupgrade."
 msgstr ""
+"Fonte de pacotes específico da compilação/distribuição. Esta NÃO será "
+"preservada em qualquer atualização do sistema."
 
 msgid "Buttons"
 msgstr "Botões"
 
 msgid "CA certificate; if empty it will be saved after the first connection."
 msgstr ""
+"Certificado da CA; se em branco, será salvo depois da primeira conexão."
 
 msgid "CPU usage (%)"
 msgstr "Uso da CPU (%)"
@@ -563,7 +624,7 @@ msgid "Cancel"
 msgstr "Cancelar"
 
 msgid "Category"
-msgstr ""
+msgstr "Categoria"
 
 msgid "Chain"
 msgstr "Cadeia"
@@ -585,9 +646,10 @@ msgstr "Verificar"
 
 msgid "Check fileystems before mount"
 msgstr ""
+"Execute a verificação do sistema de arquivos antes da montagem do dispositivo"
 
 msgid "Check this option to delete the existing networks from this radio."
-msgstr ""
+msgstr "Marque esta opção para remover as redes existentes neste rádio."
 
 msgid "Checksum"
 msgstr "Soma de verificação"
@@ -614,7 +676,7 @@ msgid "Cipher"
 msgstr "Cifra"
 
 msgid "Cisco UDP encapsulation"
-msgstr ""
+msgstr "Encapsulamento UDP da Cisco"
 
 msgid ""
 "Click \"Generate archive\" to download a tar archive of the current "
@@ -676,7 +738,7 @@ msgid "Connection Limit"
 msgstr "Limite de conexão"
 
 msgid "Connection to server fails when TLS cannot be used"
-msgstr ""
+msgstr "A conexão para este servidor falhará quando o TLS não puder ser usado"
 
 msgid "Connections"
 msgstr "Conexões"
@@ -712,15 +774,17 @@ msgid "Custom Interface"
 msgstr "Interface Personalizada"
 
 msgid "Custom delegated IPv6-prefix"
-msgstr ""
+msgstr "Prefixo IPv6 delegado personalizado"
 
 msgid ""
 "Custom feed definitions, e.g. private feeds. This file can be preserved in a "
 "sysupgrade."
 msgstr ""
+"Definições de fonte de pacotes personalizadas, ex: fontes privadas. Este "
+"arquivo será preservado em uma atualização do sistema."
 
 msgid "Custom feeds"
-msgstr ""
+msgstr "Fontes de pacotes customizadas"
 
 msgid ""
 "Customizes the behaviour of the device <abbr title=\"Light Emitting Diode"
@@ -748,13 +812,13 @@ msgid "DHCPv6 Leases"
 msgstr "Alocações DHCPv6"
 
 msgid "DHCPv6 client"
-msgstr ""
+msgstr "Cliente DHCPv6"
 
 msgid "DHCPv6-Mode"
-msgstr ""
+msgstr "Modo DHCPv6"
 
 msgid "DHCPv6-Service"
-msgstr ""
+msgstr "Serviço DHCPv6"
 
 msgid "DNS"
 msgstr "DNS"
@@ -763,34 +827,34 @@ msgid "DNS forwardings"
 msgstr "Encaminhamentos DNS"
 
 msgid "DNS-Label / FQDN"
-msgstr ""
+msgstr "Rótulo DNS / FQDN"
 
 msgid "DNSSEC"
-msgstr ""
+msgstr "DNSSEC"
 
 msgid "DNSSEC check unsigned"
-msgstr ""
+msgstr "Verificar DNSSEC sem assinatura"
 
 msgid "DPD Idle Timeout"
-msgstr ""
+msgstr "Tempo de expiração para ociosidade do DPD"
 
 msgid "DS-Lite AFTR address"
-msgstr ""
+msgstr "Endereço DS-Lite AFTR"
 
 msgid "DSL"
-msgstr ""
+msgstr "DSL"
 
 msgid "DSL Status"
-msgstr ""
+msgstr "Estado da DSL"
 
 msgid "DSL line mode"
-msgstr ""
+msgstr "Modo de linha DSL"
 
 msgid "DUID"
 msgstr "DUID"
 
 msgid "Data Rate"
-msgstr ""
+msgstr "Taxa de Dados"
 
 msgid "Debug"
 msgstr "Depurar"
@@ -802,10 +866,10 @@ msgid "Default gateway"
 msgstr "Roteador Padrão"
 
 msgid "Default is stateless + stateful"
-msgstr ""
+msgstr "O padrão é sem estado + com estado"
 
 msgid "Default route"
-msgstr ""
+msgstr "Rota padrão"
 
 msgid "Default state"
 msgstr "Estado padrão"
@@ -844,10 +908,10 @@ msgid "Device Configuration"
 msgstr "Configuração do Dispositivo"
 
 msgid "Device is rebooting..."
-msgstr ""
+msgstr "O dispositivo está reiniciando..."
 
 msgid "Device unreachable"
-msgstr ""
+msgstr "Dispositivo não alcançável"
 
 msgid "Diagnostics"
 msgstr "Diagnóstico"
@@ -872,7 +936,7 @@ msgid "Disable DNS setup"
 msgstr "Desabilita a configuração do DNS"
 
 msgid "Disable Encryption"
-msgstr ""
+msgstr "Desabilitar Cifragem"
 
 msgid "Disable HW-Beacon timer"
 msgstr "Desativar temporizador de Beacon de Hardware"
@@ -880,6 +944,9 @@ msgstr "Desativar temporizador de Beacon de Hardware"
 msgid "Disabled"
 msgstr "Desabilitado"
 
+msgid "Disabled (default)"
+msgstr "Desabilitado (padrão)"
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 "Descartar respostas de servidores externos para redes privadas (RFC1918)"
@@ -894,7 +961,7 @@ msgid "Distance to farthest network member in meters."
 msgstr "Distância para o computador mais distante da rede (em metros)."
 
 msgid "Distribution feeds"
-msgstr ""
+msgstr "Fontes de pacotes da distribuição"
 
 msgid "Diversity"
 msgstr "Diversidade"
@@ -933,7 +1000,7 @@ msgid "Domain whitelist"
 msgstr "Lista branca de domínios"
 
 msgid "Don't Fragment"
-msgstr ""
+msgstr "Não Fragmentar"
 
 msgid ""
 "Don't forward <abbr title=\"Domain Name System\">DNS</abbr>-Requests without "
@@ -961,7 +1028,7 @@ msgstr ""
 "integrado"
 
 msgid "Dual-Stack Lite (RFC6333)"
-msgstr ""
+msgstr "Duas Pilhas Leve (RFC6333)"
 
 msgid "Dynamic <abbr title=\"Dynamic Host Configuration Protocol\">DHCP</abbr>"
 msgstr ""
@@ -979,7 +1046,7 @@ msgstr ""
 "somente os clientes com atribuições estáticas serão servidos. "
 
 msgid "EA-bits length"
-msgstr ""
+msgstr "Comprimento dos bits EA"
 
 msgid "EAP-Method"
 msgstr "Método EAP"
@@ -991,6 +1058,8 @@ msgid ""
 "Edit the raw configuration data above to fix any error and hit \"Save\" to "
 "reload the page."
 msgstr ""
+"Edite os dados de configuração brutos abaixo para arrumar qualquer erro e "
+"clique em \"Salvar\" para recarregar a página."
 
 msgid "Edit this interface"
 msgstr "Editar esta interface"
@@ -1011,7 +1080,7 @@ msgid "Enable HE.net dynamic endpoint update"
 msgstr "Ativar a atualização de ponto final dinâmico HE.net"
 
 msgid "Enable IPv6 negotiation"
-msgstr ""
+msgstr "Ativar a negociação de IPv6"
 
 msgid "Enable IPv6 negotiation on the PPP link"
 msgstr "Ativar a negociação de IPv6 no enlace PPP"
@@ -1023,7 +1092,7 @@ msgid "Enable NTP client"
 msgstr "Ativar o cliente <abbr title=\"Network Time Protocol\">NTP</abbr>"
 
 msgid "Enable Single DES"
-msgstr ""
+msgstr "Habilitar DES Simples"
 
 msgid "Enable TFTP server"
 msgstr "Ativar servidor TFTP"
@@ -1032,19 +1101,19 @@ msgid "Enable VLAN functionality"
 msgstr "Ativar funcionalidade de VLAN"
 
 msgid "Enable WPS pushbutton, requires WPA(2)-PSK"
-msgstr ""
+msgstr "Habilite o botão WPS. requer WPA(2)-PSK"
 
 msgid "Enable learning and aging"
 msgstr "Ativar o aprendizado e obsolescência"
 
 msgid "Enable mirroring of incoming packets"
-msgstr ""
+msgstr "Habilitar espelhamento dos pacotes entrantes"
 
 msgid "Enable mirroring of outgoing packets"
-msgstr ""
+msgstr "Habilitar espelhamento dos pacotes saintes"
 
 msgid "Enable the DF (Don't Fragment) flag of the encapsulating packets."
-msgstr ""
+msgstr "Habilita o campo DF (Não Fragmentar) dos pacotes encapsulados."
 
 msgid "Enable this mount"
 msgstr "Ativar esta montagem"
@@ -1058,6 +1127,13 @@ msgstr "Ativar/Desativar"
 msgid "Enabled"
 msgstr "Ativado"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+"Ativa a troca rápida entre pontos de acesso que pertencem ao mesmo Domínio "
+"de Mobilidade"
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Ativa o protocolo STP nesta ponte"
 
@@ -1068,10 +1144,10 @@ msgid "Encryption"
 msgstr "Cifragem"
 
 msgid "Endpoint Host"
-msgstr ""
+msgstr "Equipamento do ponto final"
 
 msgid "Endpoint Port"
-msgstr ""
+msgstr "Porta do ponto final"
 
 msgid "Erasing..."
 msgstr "Apagando..."
@@ -1080,7 +1156,7 @@ msgid "Error"
 msgstr "Erro"
 
 msgid "Errored seconds (ES)"
-msgstr ""
+msgstr "Segundos com erro (ES)"
 
 msgid "Ethernet Adapter"
 msgstr "Adaptador Ethernet"
@@ -1089,7 +1165,7 @@ msgid "Ethernet Switch"
 msgstr "Switch Ethernet"
 
 msgid "Exclude interfaces"
-msgstr ""
+msgstr "Excluir interfaces"
 
 msgid "Expand hosts"
 msgstr "Expandir arquivos de equipamentos conhecidos (hosts)"
@@ -1097,7 +1173,6 @@ msgstr "Expandir arquivos de equipamentos conhecidos (hosts)"
 msgid "Expires"
 msgstr "Expira"
 
-#, fuzzy
 msgid ""
 "Expiry time of leased addresses, minimum is 2 minutes (<code>2m</code>)."
 msgstr ""
@@ -1105,7 +1180,13 @@ msgstr ""
 "code>)."
 
 msgid "External"
-msgstr ""
+msgstr "Externo"
+
+msgid "External R0 Key Holder List"
+msgstr "Lista dos Detentor de Chave R0 Externa"
+
+msgid "External R1 Key Holder List"
+msgstr "Lista dos Detentor de Chave R1 Externa"
 
 msgid "External system log server"
 msgstr "Servidor externo de registros do sistema (syslog)"
@@ -1114,10 +1195,10 @@ msgid "External system log server port"
 msgstr "Porta do servidor externo de registro do sistema (syslog)"
 
 msgid "External system log server protocol"
-msgstr ""
+msgstr "Protocolo do servidor externo de registro do sistema (syslog)"
 
 msgid "Extra SSH command options"
-msgstr ""
+msgstr "Opções adicionais do comando SSH"
 
 msgid "Fast Frames"
 msgstr "Quadros Rápidos"
@@ -1144,6 +1225,9 @@ msgid ""
 "Find all currently attached filesystems and swap and replace configuration "
 "with defaults based on what was detected"
 msgstr ""
+"Encontre todos os sistemas de arquivos e espaços de troca (swap) atualmente "
+"conectados e substitua a configuração com valores padrão baseados no que foi "
+"detectado"
 
 msgid "Find and join network"
 msgstr "Procurar e conectar à rede"
@@ -1164,7 +1248,7 @@ msgid "Firewall Status"
 msgstr "Estado do Firewall"
 
 msgid "Firmware File"
-msgstr ""
+msgstr "Arquivo da Firmware"
 
 msgid "Firmware Version"
 msgstr "Versão do Firmware"
@@ -1203,16 +1287,18 @@ msgid "Force TKIP and CCMP (AES)"
 msgstr "Forçar TKIP e CCMP (AES)"
 
 msgid "Force use of NAT-T"
-msgstr ""
+msgstr "Force o uso do NAT-T"
 
 msgid "Form token mismatch"
-msgstr ""
+msgstr "Chave eletrônica do formulário não casa"
 
 msgid "Forward DHCP traffic"
 msgstr "Encaminhar tráfego DHCP"
 
 msgid "Forward Error Correction Seconds (FECS)"
 msgstr ""
+"Segundos a frente de correção de erros ( <abbr title=\"Forward Error "
+"Correction Seconds\">FECS</abbr>)"
 
 msgid "Forward broadcast traffic"
 msgstr "Encaminhar tráfego broadcast"
@@ -1236,6 +1322,8 @@ msgid ""
 "Further information about WireGuard interfaces and peers at <a href=\"http://"
 "wireguard.io\">wireguard.io</a>."
 msgstr ""
+"Mais informações sobre interfaces e parceiros WireGuard em <a href=\"http://"
+"wireguard.io\">wireguard.io</a>."
 
 msgid "GHz"
 msgstr "GHz"
@@ -1256,10 +1344,10 @@ msgid "General Setup"
 msgstr "Configurações Gerais"
 
 msgid "General options for opkg"
-msgstr ""
+msgstr "Opções gerais para o opkg"
 
 msgid "Generate Config"
-msgstr ""
+msgstr "Gerar Configuração"
 
 msgid "Generate archive"
 msgstr "Gerar arquivo"
@@ -1271,10 +1359,10 @@ msgid "Given password confirmation did not match, password not changed!"
 msgstr "A senha de confirmação informada não casa. Senha não alterada!"
 
 msgid "Global Settings"
-msgstr ""
+msgstr "Configurações Globais"
 
 msgid "Global network options"
-msgstr ""
+msgstr "Opções de rede globais"
 
 msgid "Go to password configuration..."
 msgstr "Ir para a configuração de senha..."
@@ -1283,19 +1371,21 @@ msgid "Go to relevant configuration page"
 msgstr "Ir para a página de configuração pertinente"
 
 msgid "Group Password"
-msgstr ""
+msgstr "Senha do Grupo"
 
 msgid "Guest"
-msgstr ""
+msgstr "Convidado\t"
 
 msgid "HE.net password"
 msgstr "Senha HE.net"
 
 msgid "HE.net username"
-msgstr ""
+msgstr "Usuário do HE.net"
 
 msgid "HT mode (802.11n)"
 msgstr ""
+"Modo <abbr title=\"High Throughput/Alta Taxa de Transferência\">HT</abbr>  "
+"(802.11n)"
 
 # Não sei que contexto isto está sendo usado
 msgid "Handler"
@@ -1306,9 +1396,11 @@ msgstr "Suspender"
 
 msgid "Header Error Code Errors (HEC)"
 msgstr ""
+"Erros de Código de Erro de Cabeçalho (<abbr title=\"Header Error Code\">HEC</"
+"abbr>)"
 
 msgid "Heartbeat"
-msgstr ""
+msgstr "Pulso de vida"
 
 msgid ""
 "Here you can configure the basic aspects of your device like its hostname or "
@@ -1333,7 +1425,7 @@ msgstr ""
 "\">ESSID</abbr>"
 
 msgid "Host"
-msgstr ""
+msgstr "Equipamento"
 
 msgid "Host entries"
 msgstr "Entradas de Equipamentos"
@@ -1356,10 +1448,15 @@ msgid "Hostnames"
 msgstr "Nome dos equipamentos"
 
 msgid "Hybrid"
-msgstr ""
+msgstr "Híbrido"
 
 msgid "IKE DH Group"
 msgstr ""
+"Grupo <abbr title=\"Diffie-Hellman\">DH</abbr>  do <abbr title=\"Internet "
+"Key Exchange/Troca de Chaves na Internet\">IKE</abbr>"
+
+msgid "IP Addresses"
+msgstr "Endereços IP"
 
 msgid "IP address"
 msgstr "Endereço IP"
@@ -1380,7 +1477,7 @@ msgid "IPv4 and IPv6"
 msgstr "IPv4 e IPv6"
 
 msgid "IPv4 assignment length"
-msgstr ""
+msgstr "Tamanho da atribuição IPv4"
 
 msgid "IPv4 broadcast"
 msgstr "Broadcast IPv4"
@@ -1395,7 +1492,7 @@ msgid "IPv4 only"
 msgstr "Somente IPv4"
 
 msgid "IPv4 prefix"
-msgstr ""
+msgstr "Prefixo IPv4"
 
 msgid "IPv4 prefix length"
 msgstr "Tamanho do prefixo IPv4"
@@ -1404,7 +1501,7 @@ msgid "IPv4-Address"
 msgstr "Endereço IPv4"
 
 msgid "IPv4-in-IPv4 (RFC2003)"
-msgstr ""
+msgstr "IPv4-in-IPv4 (RFC2003)"
 
 msgid "IPv6"
 msgstr "IPv6"
@@ -1413,13 +1510,15 @@ msgid "IPv6 Firewall"
 msgstr "Firewall para IPv6"
 
 msgid "IPv6 Neighbours"
-msgstr ""
+msgstr "Vizinhos IPv6"
 
 msgid "IPv6 Settings"
-msgstr ""
+msgstr "Configurações IPv6"
 
 msgid "IPv6 ULA-Prefix"
 msgstr ""
+"Prefixo <abbr title=\"Unique Local Address/Endereço Local Único\">ULA</abbr> "
+"IPv6"
 
 msgid "IPv6 WAN Status"
 msgstr "Estado IPv6 da WAN"
@@ -1428,13 +1527,13 @@ msgid "IPv6 address"
 msgstr "Endereço IPv6"
 
 msgid "IPv6 address delegated to the local tunnel endpoint (optional)"
-msgstr ""
+msgstr "Endereços IPv6 delegados para o ponta local do túnel (opcional)"
 
 msgid "IPv6 assignment hint"
-msgstr ""
+msgstr "Sugestão de atribuição IPv6"
 
 msgid "IPv6 assignment length"
-msgstr ""
+msgstr "Tamanho da atribuição IPv6"
 
 msgid "IPv6 gateway"
 msgstr "Roteador padrão do IPv6"
@@ -1449,11 +1548,14 @@ msgid "IPv6 prefix length"
 msgstr "Tamanho Prefixo IPv6"
 
 msgid "IPv6 routed prefix"
-msgstr ""
+msgstr "Prefixo roteável IPv6"
 
 msgid "IPv6-Address"
 msgstr "Endereço IPv6"
 
+msgid "IPv6-PD"
+msgstr "IPv6-PD"
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-in-IPv4 (RFC4213)"
 
@@ -1467,10 +1569,10 @@ msgid "Identity"
 msgstr "Identidade PEAP"
 
 msgid "If checked, 1DES is enaled"
-msgstr ""
+msgstr "Se marcado, a cifragem 1DES será habilitada"
 
 msgid "If checked, encryption is disabled"
-msgstr ""
+msgstr "Se marcado, a cifragem estará desabilitada"
 
 msgid ""
 "If specified, mount the device by its UUID instead of a fixed device node"
@@ -1526,6 +1628,8 @@ msgid ""
 "In order to prevent unauthorized access to the system, your request has been "
 "blocked. Click \"Continue »\" below to return to the previous page."
 msgstr ""
+"Para prevenir acesso não autorizado neste sistema, sua requisição foi "
+"bloqueada. Clique abaixo em \"Continuar »\" para retornar à página anterior."
 
 msgid "Inactivity timeout"
 msgstr "Tempo limite de inatividade"
@@ -1546,7 +1650,7 @@ msgid "Install"
 msgstr "Instalar"
 
 msgid "Install iputils-traceroute6 for IPv6 traceroute"
-msgstr ""
+msgstr "Instale iputils-traceroute6 para rastrear rotas IPv6"
 
 msgid "Install package %q"
 msgstr "Instalar pacote %q"
@@ -1573,7 +1677,7 @@ msgid "Interface is shutting down..."
 msgstr "A interface está desligando..."
 
 msgid "Interface name"
-msgstr ""
+msgstr "Nome da Interface"
 
 msgid "Interface not present or not connected yet."
 msgstr "A interface não está presente ou não está conectada ainda."
@@ -1588,7 +1692,7 @@ msgid "Interfaces"
 msgstr "Interfaces"
 
 msgid "Internal"
-msgstr ""
+msgstr "Interno"
 
 msgid "Internal Server Error"
 msgstr "erro no servidor interno"
@@ -1609,7 +1713,6 @@ msgstr ""
 msgid "Invalid username and/or password! Please try again."
 msgstr "Usuário e/ou senha inválida! Por favor, tente novamente."
 
-#, fuzzy
 msgid ""
 "It appears that you are trying to flash an image that does not fit into the "
 "flash memory, please verify the image file!"
@@ -1627,7 +1730,7 @@ msgid "Join Network: Wireless Scan"
 msgstr "Conectar à Rede: Busca por Rede Sem Fio"
 
 msgid "Joining Network: %q"
-msgstr ""
+msgstr "Juntando-se à rede %q"
 
 msgid "Keep settings"
 msgstr "Manter configurações"
@@ -1672,13 +1775,13 @@ msgid "Language and Style"
 msgstr "Idioma e Estilo"
 
 msgid "Latency"
-msgstr ""
+msgstr "Latência"
 
 msgid "Leaf"
-msgstr ""
+msgstr "Folha"
 
 msgid "Lease time"
-msgstr ""
+msgstr "Tempo de concessão"
 
 msgid "Lease validity time"
 msgstr "Tempo de validade da atribuição"
@@ -1706,21 +1809,23 @@ msgstr "Limite"
 
 msgid "Limit DNS service to subnets interfaces on which we are serving DNS."
 msgstr ""
+"Limite o serviço DNS para subredes das interfaces nas quais estamos servindo "
+"DNS."
 
 msgid "Limit listening to these interfaces, and loopback."
-msgstr ""
+msgstr "Escute somente nestas interfaces e na interface local (loopback) "
 
 msgid "Line Attenuation (LATN)"
-msgstr ""
+msgstr "Atenuação de Linha (<abbr title=\"Line Attenuation\">LATN</abbr>)"
 
 msgid "Line Mode"
-msgstr ""
+msgstr "Modo da Linha"
 
 msgid "Line State"
-msgstr ""
+msgstr "Estado da Linha"
 
 msgid "Line Uptime"
-msgstr ""
+msgstr "Tempo de Atividade da Linha"
 
 msgid "Link On"
 msgstr "Enlace Ativo"
@@ -1732,8 +1837,34 @@ msgstr ""
 "Lista dos servidores <abbr title=\"Domain Name System\">DNS</abbr> para "
 "encaminhar as requisições"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+"Lista dos R0KHs no mesmo Domínio de Mobilidade. <br /> Formato: Endereço "
+"MAC, Identificador NAS, chave de 128 bits como cadeia hexadecimal. <br /> "
+"Esta lista é usada para mapear o Identificador R0KH (Identificador NAS) para "
+"um endereço MAC de destino ao solicitar a chave PMK-R1 a partir do R0KH que "
+"o STA usado durante a Associação de Domínio de Mobilidade Inicial."
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+"Lista dos R1KHs no mesmo Domínio de Mobilidade. <br /> Formato: Endereço "
+"MAC, R1KH-ID como 6 octetos com dois pontos, chave de 128 bits como cadeia "
+"hexadecimal. <br /> Esta lista é usada para mapear o identificador R1KH para "
+"um endereço MAC de destino ao enviar a chave PMK-R1 a partir do R0KH. Esta é "
+"também a lista de R1KHs autorizados no MD que podem solicitar chaves PMK-R1."
+
 msgid "List of SSH key files for auth"
-msgstr ""
+msgstr "Lista de arquivos de chaves SSH para autenticação"
 
 msgid "List of domains to allow RFC1918 responses for"
 msgstr ""
@@ -1746,10 +1877,10 @@ msgstr ""
 "fornecem resultados errados para consultas a domínios inexistentes (NX)"
 
 msgid "Listen Interfaces"
-msgstr ""
+msgstr "Interfaces de Escuta"
 
 msgid "Listen Port"
-msgstr ""
+msgstr "Porta de Escuta"
 
 msgid "Listen only on the given interface or, if unspecified, on all"
 msgstr ""
@@ -1768,7 +1899,7 @@ msgid "Loading"
 msgstr "Carregando"
 
 msgid "Local IP address to assign"
-msgstr ""
+msgstr "Endereço IP local para atribuir"
 
 msgid "Local IPv4 address"
 msgstr "Endereço IPv4 local"
@@ -1777,7 +1908,7 @@ msgid "Local IPv6 address"
 msgstr "Endereço IPv6 local"
 
 msgid "Local Service Only"
-msgstr ""
+msgstr "Somente Serviço Local"
 
 msgid "Local Startup"
 msgstr "Iniciação Local"
@@ -1788,7 +1919,6 @@ msgstr "Hora Local"
 msgid "Local domain"
 msgstr "Domínio Local"
 
-#, fuzzy
 msgid ""
 "Local domain specification. Names matching this domain are never forwarded "
 "and are resolved from DHCP or hosts files only"
@@ -1816,7 +1946,7 @@ msgid "Localise queries"
 msgstr "Localizar consultas"
 
 msgid "Locked to channel %s used by: %s"
-msgstr ""
+msgstr "Travado no canal %s usado por: %s"
 
 msgid "Log output level"
 msgstr "Nível de detalhamento de saída dos registros"
@@ -1835,6 +1965,8 @@ msgstr "Sair"
 
 msgid "Loss of Signal Seconds (LOSS)"
 msgstr ""
+"Segundos de Perda de Sinal (<abbr title=\"Loss of Signal Seconds\">LOSS</"
+"abbr>)"
 
 msgid "Lowest leased address as offset from the network address."
 msgstr "O endereço mais baixo concedido como deslocamento do endereço da rede."
@@ -1852,13 +1984,13 @@ msgid "MAC-List"
 msgstr "Lista de MAC"
 
 msgid "MAP / LW4over6"
-msgstr ""
+msgstr "MAP / LW4over6"
 
 msgid "MB/s"
 msgstr "MB/s"
 
 msgid "MD5"
-msgstr ""
+msgstr "MD5"
 
 msgid "MHz"
 msgstr "MHz"
@@ -1872,12 +2004,16 @@ msgid ""
 "Make sure to clone the root filesystem using something like the commands "
 "below:"
 msgstr ""
+"Certifique-se que clonou o sistema de arquivos raiz com algo como o comando "
+"abaixo:"
 
 msgid "Manual"
-msgstr ""
+msgstr "Manual"
 
 msgid "Max. Attainable Data Rate (ATTNDR)"
 msgstr ""
+"Taxa de Dados Atingível Máxima (<abbr title=\"Maximum Attainable Data Rate"
+"\">ATTNDR</abbr>)"
 
 msgid "Maximum Rate"
 msgstr "Taxa Máxima"
@@ -1902,6 +2038,8 @@ msgid ""
 "Maximum length of the name is 15 characters including the automatic protocol/"
 "bridge prefix (br-, 6in4-, pppoe- etc.)"
 msgstr ""
+"Comprimento máximo do nome é de 15 caracteres, incluindo o prefixo "
+"automático do protocolo/ponte (br-, 6in4- pppoe-, etc.)"
 
 msgid "Maximum number of leased addresses."
 msgstr "Número máximo de endereços atribuídos."
@@ -1925,19 +2063,22 @@ msgid "Minimum hold time"
 msgstr "Tempo mínimo de espera"
 
 msgid "Mirror monitor port"
-msgstr ""
+msgstr "Porta de monitoramento do espelho"
 
 msgid "Mirror source port"
-msgstr ""
+msgstr "Porta de origem do espelho"
 
 msgid "Missing protocol extension for proto %q"
 msgstr "Extensão para o protocolo %q está ausente"
 
+msgid "Mobility Domain"
+msgstr "Domínio da Mobilidade"
+
 msgid "Mode"
 msgstr "Modo"
 
 msgid "Model"
-msgstr ""
+msgstr "Modelo"
 
 msgid "Modem device"
 msgstr "Dispositivo do Modem"
@@ -1971,7 +2112,7 @@ msgstr ""
 "anexado ao sistema de arquivos"
 
 msgid "Mount filesystems not specifically configured"
-msgstr ""
+msgstr "Monte sistemas de arquivos não especificamente configurados"
 
 msgid "Mount options"
 msgstr "Opções de montagem"
@@ -1980,7 +2121,7 @@ msgid "Mount point"
 msgstr "Ponto de montagem"
 
 msgid "Mount swap not specifically configured"
-msgstr ""
+msgstr "Montar espalho de troca (swap) não especificamente configurado"
 
 msgid "Mounted file systems"
 msgstr "Sistemas de arquivos montados"
@@ -2001,22 +2142,22 @@ msgid "NAS ID"
 msgstr "NAS ID"
 
 msgid "NAT-T Mode"
-msgstr ""
+msgstr "Modo NAT-T"
 
 msgid "NAT64 Prefix"
-msgstr ""
+msgstr "Prefixo NAT64"
 
 msgid "NDP-Proxy"
-msgstr ""
+msgstr "Proxy NDP"
 
 msgid "NT Domain"
-msgstr ""
+msgstr "Domínio NT"
 
 msgid "NTP server candidates"
 msgstr "Candidatos a servidor NTP"
 
 msgid "NTP sync time-out"
-msgstr ""
+msgstr "Tempo limite da sincronia do NTP"
 
 msgid "Name"
 msgstr "Nome"
@@ -2052,7 +2193,7 @@ msgid "No DHCP Server configured for this interface"
 msgstr "Nenhum Servidor DHCP configurado para esta interface"
 
 msgid "No NAT-T"
-msgstr ""
+msgstr "Sem NAT-T"
 
 msgid "No chains in this table"
 msgstr "Nenhuma cadeira nesta tabela"
@@ -2088,16 +2229,18 @@ msgid "Noise"
 msgstr "Ruído"
 
 msgid "Noise Margin (SNR)"
-msgstr ""
+msgstr "Margem de Ruído (<abbr title=\"Noise Margin\">SNR</abbr>)"
 
 msgid "Noise:"
 msgstr "Ruído:"
 
 msgid "Non Pre-emtive CRC errors (CRC_P)"
 msgstr ""
+"Erros CRC Não Preemptivos<abbr title=\"Non Pre-emptive CRC errors\">CRC_P</"
+"abbr>"
 
 msgid "Non-wildcard"
-msgstr ""
+msgstr "Sem caracter curinga"
 
 msgid "None"
 msgstr "Nenhum"
@@ -2118,7 +2261,7 @@ msgid "Note: Configuration files will be erased."
 msgstr "Nota: Os arquivos de configuração serão apagados."
 
 msgid "Note: interface name length"
-msgstr ""
+msgstr "Aviso: tamanho do nome da interface"
 
 msgid "Notice"
 msgstr "Aviso"
@@ -2133,10 +2276,10 @@ msgid "OPKG-Configuration"
 msgstr "Configuração-OPKG"
 
 msgid "Obfuscated Group Password"
-msgstr ""
+msgstr "Senha Ofuscada do Grupo"
 
 msgid "Obfuscated Password"
-msgstr ""
+msgstr "Senha Ofuscada"
 
 msgid "Off-State Delay"
 msgstr "Atraso no estado de desligado"
@@ -2167,7 +2310,7 @@ msgid "One or more fields contain invalid values!"
 msgstr "Um ou mais campos contém valores inválidos!"
 
 msgid "One or more invalid/required values on tab"
-msgstr ""
+msgstr "Um ou mais valores inválidos/obrigatórios na aba"
 
 msgid "One or more required fields have no value!"
 msgstr "Um ou mais campos obrigatórios não tem valor!"
@@ -2176,10 +2319,10 @@ msgid "Open list..."
 msgstr "Abrir lista..."
 
 msgid "OpenConnect (CISCO AnyConnect)"
-msgstr ""
+msgstr "OpenConnect (CISCO AnyConnect)"
 
 msgid "Operating frequency"
-msgstr ""
+msgstr "Frequência de Operação"
 
 msgid "Option changed"
 msgstr "Opção alterada"
@@ -2187,41 +2330,52 @@ msgstr "Opção alterada"
 msgid "Option removed"
 msgstr "Opção removida"
 
+msgid "Optional"
+msgstr "Opcional"
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
+"Opcional, especifique para sobrescrever o servidor padrão (tic.sixxs.net)"
 
 msgid "Optional, use when the SIXXS account has more than one tunnel"
-msgstr ""
+msgstr "Opcional, para usar quando a conta SIXXS tem mais de um túnel"
 
 msgid "Optional."
-msgstr ""
+msgstr "Opcional."
 
 msgid ""
 "Optional. Adds in an additional layer of symmetric-key cryptography for post-"
 "quantum resistance."
 msgstr ""
+"Opcional. Adiciona uma camada extra de cifragem simétrica para resistência "
+"pós quântica."
 
 msgid "Optional. Create routes for Allowed IPs for this peer."
-msgstr ""
+msgstr "Opcional. Cria rotas para endereços IP Autorizados para este parceiro."
 
 msgid ""
 "Optional. Host of peer. Names are resolved prior to bringing up the "
 "interface."
 msgstr ""
+"Opcional. Equipamento do parceiro. Nomes serão resolvido antes de levantar a "
+"interface."
 
 msgid "Optional. Maximum Transmission Unit of tunnel interface."
-msgstr ""
+msgstr "Opcional. Unidade Máxima de Transmissão da interface do túnel."
 
 msgid "Optional. Port of peer."
-msgstr ""
+msgstr "Opcional. Porta do parceiro."
 
 msgid ""
 "Optional. Seconds between keep alive messages. Default is 0 (disabled). "
 "Recommended value if this device is behind a NAT is 25."
 msgstr ""
+"Opcional. Segundos entre mensagens para manutenção da conexão. O padrão é 0 "
+"(desabilitado). O valor recomendado caso este dispositivo esteja atrás de "
+"uma NAT é 25."
 
 msgid "Optional. UDP port used for outgoing and incoming packets."
-msgstr ""
+msgstr "opcional. Porta UDP usada para pacotes saintes ou entrantes."
 
 msgid "Options"
 msgstr "Opções"
@@ -2239,22 +2393,24 @@ msgid "Outdoor Channels"
 msgstr "Canais para externo"
 
 msgid "Output Interface"
-msgstr ""
+msgstr "Interface de Saída"
 
 msgid "Override MAC address"
 msgstr "Sobrescrever o endereço MAC"
 
 msgid "Override MTU"
-msgstr "Sobrescrever o MTU"
+msgstr ""
+"Sobrescrever o <abbr title=\"Maximum Transmission Unit/Unidade Máxima de "
+"Transmissão\">MTU</abbr>"
 
 msgid "Override TOS"
-msgstr ""
+msgstr "Sobrescrever o TOS"
 
 msgid "Override TTL"
-msgstr ""
+msgstr "Sobrescrever o TTL"
 
 msgid "Override default interface name"
-msgstr ""
+msgstr "Sobrescrever o nome da nova interface"
 
 msgid "Override the gateway in DHCP responses"
 msgstr "Sobrescrever o roteador padrão nas respostas do DHCP"
@@ -2288,6 +2444,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr "PMK R1 Push"
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2301,19 +2460,19 @@ msgid "PPPoE"
 msgstr "PPPoE"
 
 msgid "PPPoSSH"
-msgstr ""
+msgstr "PPPoSSH"
 
 msgid "PPtP"
 msgstr "PPtP"
 
 msgid "PSID offset"
-msgstr ""
+msgstr "Deslocamento PSID"
 
 msgid "PSID-bits length"
-msgstr ""
+msgstr "Comprimento dos bits PSID"
 
 msgid "PTM/EFM (Packet Transfer Mode)"
-msgstr ""
+msgstr "PTM/EFM (Modo de Transferência de Pacotes)"
 
 msgid "Package libiwinfo required!"
 msgstr "O pacote libiwinfo é necessário!"
@@ -2340,7 +2499,7 @@ msgid "Password of Private Key"
 msgstr "Senha da Chave Privada"
 
 msgid "Password of inner Private Key"
-msgstr ""
+msgstr "Senha da Chave Privada interna"
 
 msgid "Password successfully changed!"
 msgstr "A senha foi alterada com sucesso!"
@@ -2358,25 +2517,25 @@ msgid "Path to executable which handles the button event"
 msgstr "Caminho para o executável que trata o evento do botão"
 
 msgid "Path to inner CA-Certificate"
-msgstr ""
+msgstr "Caminho para os certificados CA interno"
 
 msgid "Path to inner Client-Certificate"
-msgstr ""
+msgstr "Caminho para o Certificado do Cliente interno"
 
 msgid "Path to inner Private Key"
-msgstr ""
+msgstr "Caminho para a Chave Privada interna"
 
 msgid "Peak:"
 msgstr "Pico:"
 
 msgid "Peer IP address to assign"
-msgstr ""
+msgstr "Endereço IP do parceiro para atribuir"
 
 msgid "Peers"
-msgstr ""
+msgstr "Parceiros"
 
 msgid "Perfect Forward Secrecy"
-msgstr ""
+msgstr "Sigilo Encaminhado Perfeito"
 
 msgid "Perform reboot"
 msgstr "Reiniciar o sistema"
@@ -2385,7 +2544,7 @@ msgid "Perform reset"
 msgstr "Zerar configuração"
 
 msgid "Persistent Keep Alive"
-msgstr ""
+msgstr "Manutenção da Conexão Persistente"
 
 msgid "Phy Rate:"
 msgstr "Taxa física:"
@@ -2412,13 +2571,17 @@ msgid "Port status:"
 msgstr "Status da porta"
 
 msgid "Power Management Mode"
-msgstr ""
+msgstr "Modo de Gerenciamento de Energia"
 
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
+"Erros CRC Preemptivos<abbr title=\"Pre-emptive CRC errors\">CRCP_P</abbr>"
+
+msgid "Prefix Delegated"
+msgstr "Prefixo Delegado"
 
 msgid "Preshared Key"
-msgstr ""
+msgstr "Chave Compartilhada"
 
 msgid ""
 "Presume peer to be dead after given amount of LCP echo failures, use 0 to "
@@ -2428,7 +2591,7 @@ msgstr ""
 "echo do LCP. Use 0 para ignorar as falhas"
 
 msgid "Prevent listening on these interfaces."
-msgstr ""
+msgstr "Evite escutar nestas Interfaces."
 
 msgid "Prevents client-to-client communication"
 msgstr "Impede a comunicação de cliente para cliente"
@@ -2437,7 +2600,7 @@ msgid "Prism2/2.5/3 802.11b Wireless Controller"
 msgstr "Prism2/2.5/3 802.11b Wireless Controlador"
 
 msgid "Private Key"
-msgstr ""
+msgstr "Chave Privada"
 
 msgid "Proceed"
 msgstr "Proceder"
@@ -2446,7 +2609,7 @@ msgid "Processes"
 msgstr "Processos"
 
 msgid "Profile"
-msgstr ""
+msgstr "Perfil"
 
 msgid "Prot."
 msgstr "Protocolo"
@@ -2473,19 +2636,27 @@ msgid "Pseudo Ad-Hoc (ahdemo)"
 msgstr "Ad-Hoc falso (ahdemo)"
 
 msgid "Public Key"
-msgstr ""
+msgstr "Chave Pública"
 
 msgid "Public prefix routed to this device for distribution to clients."
 msgstr ""
+"Prefixo público roteado para este dispositivo para distribuição a seus "
+"clientes."
 
 msgid "QMI Cellular"
-msgstr ""
+msgstr "Celular QMI"
 
 msgid "Quality"
 msgstr "Qualidade"
 
+msgid "R0 Key Lifetime"
+msgstr "Validade da Chave R0"
+
+msgid "R1 Key Holder"
+msgstr "Detentor da Chave R1"
+
 msgid "RFC3947 NAT-T mode"
-msgstr ""
+msgstr "Modo NAT-T (RFC3947)"
 
 msgid "RTS/CTS Threshold"
 msgstr "Limiar RTS/CTS"
@@ -2544,7 +2715,6 @@ msgstr ""
 msgid "Really reset all changes?"
 msgstr "Realmente limpar todas as mudanças?"
 
-#, fuzzy
 msgid ""
 "Really shut down network?\\nYou might lose access to this device if you are "
 "connected via this interface."
@@ -2579,6 +2749,9 @@ msgstr "Tráfego em Tempo Real"
 msgid "Realtime Wireless"
 msgstr "Rede sem fio em Tempo Real"
 
+msgid "Reassociation Deadline"
+msgstr "Limite para Reassociação"
+
 msgid "Rebind protection"
 msgstr "Proteção contra \"Rebind\""
 
@@ -2597,6 +2770,9 @@ msgstr "Receber"
 msgid "Receiver Antenna"
 msgstr "Antena de Recepção"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr "Recomendado. Endereços IP da interface do WireGuard."
+
 msgid "Reconnect this interface"
 msgstr "Reconectar esta interface"
 
@@ -2625,7 +2801,7 @@ msgid "Remote IPv4 address"
 msgstr "Endereço IPv4 remoto"
 
 msgid "Remote IPv4 address or FQDN"
-msgstr ""
+msgstr "Endereço IPv4 remoto ou FQDN"
 
 msgid "Remove"
 msgstr "Remover"
@@ -2640,33 +2816,47 @@ msgid "Replace wireless configuration"
 msgstr "Substituir a configuração da rede sem fio"
 
 msgid "Request IPv6-address"
-msgstr ""
+msgstr "Solicita endereço IPv6"
 
 msgid "Request IPv6-prefix of length"
-msgstr ""
+msgstr "Solicita prefixo IPv6 de tamanho"
 
 msgid "Require TLS"
-msgstr ""
+msgstr "Requer TLS"
+
+msgid "Required"
+msgstr "Necessário"
 
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
-msgstr "Requerido para alguns provedores de internet, ex. Charter com DOCSIS 3"
+msgstr ""
+"Obrigatório para alguns provedores de internet, ex. Charter com DOCSIS 3"
 
 msgid "Required. Base64-encoded private key for this interface."
-msgstr ""
+msgstr "Obrigatório. Chave privada codificada em Base64 para esta interface."
 
 msgid ""
 "Required. IP addresses and prefixes that this peer is allowed to use inside "
 "the tunnel. Usually the peer's tunnel IP addresses and the networks the peer "
 "routes through the tunnel."
 msgstr ""
+"Obrigatório. Endereços IP e prefixos que este parceiro está autorizado a "
+"usar dentro do túnel. Normalmente é o endereço IP do parceiro no túnel e as "
+"redes que o parceiro roteia através do túnel."
 
 msgid "Required. Public key of peer."
-msgstr ""
+msgstr "Obrigatório. Chave pública do parceiro."
+
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr "Obrigatório. Chave Pública do parceiro."
 
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
 msgstr ""
+"Exige o suporte DNSSEC do servidor superior; verifica se resposta não "
+"assinadas realmente vẽm de domínios não assinados."
 
 msgid "Reset"
 msgstr "Limpar"
@@ -2705,19 +2895,19 @@ msgid "Root directory for files served via TFTP"
 msgstr "Diretório raiz para arquivos disponibilizados pelo TFTP"
 
 msgid "Root preparation"
-msgstr ""
+msgstr "Prepação da raiz (/)"
 
 msgid "Route Allowed IPs"
-msgstr ""
+msgstr "Roteie Andereços IP Autorizados"
 
 msgid "Route type"
-msgstr ""
+msgstr "Tipo de rota"
 
 msgid "Routed IPv6 prefix for downstream interfaces"
-msgstr ""
+msgstr "Prefixo roteável IPv6 para interfaces internas"
 
 msgid "Router Advertisement-Service"
-msgstr ""
+msgstr "Serviço de Anúncio de Roteador"
 
 msgid "Router Password"
 msgstr "Senha do Roteador"
@@ -2740,30 +2930,32 @@ msgid "Run filesystem check"
 msgstr "Execute a verificação do sistema de arquivos "
 
 msgid "SHA256"
-msgstr ""
+msgstr "SHA256"
 
 msgid ""
 "SIXXS supports TIC only, for static tunnels using IP protocol 41 (RFC4213) "
 "use 6in4 instead"
 msgstr ""
+"O SIXXS suporta somente TIC. Use o 6in4 para túneis estáticos usando o "
+"protocolo IP 41 (RFC4213)"
 
 msgid "SIXXS-handle[/Tunnel-ID]"
-msgstr ""
+msgstr "Identificador do SIXXS[/Identificador do Túnel]"
 
 msgid "SNR"
-msgstr ""
+msgstr "SNR"
 
 msgid "SSH Access"
 msgstr "Acesso SSH"
 
 msgid "SSH server address"
-msgstr ""
+msgstr "Endereço do servidor SSH"
 
 msgid "SSH server port"
-msgstr ""
+msgstr "Porta do servidor SSH"
 
 msgid "SSH username"
-msgstr ""
+msgstr "Usuário do SSH"
 
 msgid "SSH-Keys"
 msgstr "Chaves SSH"
@@ -2812,15 +3004,17 @@ msgid "Server Settings"
 msgstr "Configurações do Servidor"
 
 msgid "Server password"
-msgstr ""
+msgstr "Senha do servidor"
 
 msgid ""
 "Server password, enter the specific password of the tunnel when the username "
 "contains the tunnel ID"
 msgstr ""
+"Senha do servidor. Informe a senha para este túnel quando o nome do usuário "
+"contiver o identificador do túnel"
 
 msgid "Server username"
-msgstr ""
+msgstr "Usuário do servidor"
 
 msgid "Service Name"
 msgstr "Nome do Serviço"
@@ -2831,7 +3025,6 @@ msgstr "Tipo do Serviço"
 msgid "Services"
 msgstr "Serviços"
 
-#, fuzzy
 msgid "Set up Time Synchronization"
 msgstr "Configurar a Sincronização do Horário"
 
@@ -2840,9 +3033,11 @@ msgstr "Configurar Servidor DHCP"
 
 msgid "Severely Errored Seconds (SES)"
 msgstr ""
+"Segundos com erro severos (<abbr title=\"Severely Errored Seconds\">SES</"
+"abbr>)"
 
 msgid "Short GI"
-msgstr ""
+msgstr "Intervalo de guarda curto"
 
 msgid "Show current backup file list"
 msgstr "Mostra a lista atual de arquivos para a cópia de segurança"
@@ -2857,7 +3052,7 @@ msgid "Signal"
 msgstr "Sinal"
 
 msgid "Signal Attenuation (SATN)"
-msgstr ""
+msgstr "Atenuação do Sinal (<abbr title=\"Signal Attenuation\">SATN</abbr>)"
 
 msgid "Signal:"
 msgstr "Sinal:"
@@ -2866,7 +3061,7 @@ msgid "Size"
 msgstr "Tamanho"
 
 msgid "Size (.ipk)"
-msgstr ""
+msgstr "Tamanho (.ipk)"
 
 msgid "Skip"
 msgstr "Pular"
@@ -2884,7 +3079,7 @@ msgid "Software"
 msgstr "Software"
 
 msgid "Software VLAN"
-msgstr ""
+msgstr "VLAN em Software"
 
 msgid "Some fields are invalid, cannot save values!"
 msgstr "Alguns campos estão inválidos e os valores não podem ser salvos!"
@@ -2911,7 +3106,7 @@ msgid "Source"
 msgstr "Origem"
 
 msgid "Source routing"
-msgstr ""
+msgstr "Roteamento pela origem"
 
 msgid "Specifies the button state to handle"
 msgstr "Especifica o estado do botão para ser tratado"
@@ -2937,17 +3132,21 @@ msgstr ""
 "equipamento está morto"
 
 msgid "Specify a TOS (Type of Service)."
-msgstr ""
+msgstr "Especifique um Tipo de Serviço (TOS)"
 
 msgid ""
 "Specify a TTL (Time to Live) for the encapsulating packet other than the "
 "default (64)."
 msgstr ""
+"Especifica o tempo de vida (<abbr title=\"Time to Live\">TTL</abbr>) para os "
+"pacotes encapsulados ao invés do padrão (64)."
 
 msgid ""
 "Specify an MTU (Maximum Transmission Unit) other than the default (1280 "
 "bytes)."
 msgstr ""
+"Especifica a unidade máxima de transmissão (<abbr title=\"Maximum "
+"Transmission Unit\">MTU</abbr>) ao invés do valor padrão (1280 bytes)"
 
 msgid "Specify the secret encryption key here."
 msgstr "Especifique a chave de cifragem secreta aqui."
@@ -3002,13 +3201,13 @@ msgid "Submit"
 msgstr "Enviar"
 
 msgid "Suppress logging"
-msgstr ""
+msgstr "Suprimir registros (log)"
 
 msgid "Suppress logging of the routine operation of these protocols"
-msgstr ""
+msgstr "Suprimir registros (log) de operações rotineiras destes protocolos"
 
 msgid "Swap"
-msgstr ""
+msgstr "Espaço de Troca (swap)"
 
 msgid "Swap Entry"
 msgstr "Entrada do espaço de troca (Swap)"
@@ -3025,9 +3224,11 @@ msgstr "Switch %q (%s)"
 msgid ""
 "Switch %q has an unknown topology - the VLAN settings might not be accurate."
 msgstr ""
+"O Switch %q tem uma topologia desconhecida - as configurações de VLAN podem "
+"não ser precisas."
 
 msgid "Switch VLAN"
-msgstr ""
+msgstr "Switch VLAN"
 
 msgid "Switch protocol"
 msgstr "Trocar o protocolo"
@@ -3072,12 +3273,11 @@ msgid "Target"
 msgstr "Destino"
 
 msgid "Target network"
-msgstr ""
+msgstr "Rede de destino"
 
 msgid "Terminate"
 msgstr "Terminar"
 
-#, fuzzy
 msgid ""
 "The <em>Device Configuration</em> section covers physical settings of the "
 "radio hardware such as channel, transmit power or antenna selection which "
@@ -3103,10 +3303,12 @@ msgid ""
 "The HE.net endpoint update configuration changed, you must now use the plain "
 "username instead of the user ID!"
 msgstr ""
+"A configuração da atualização de pontas HE.net mudou. Você deve agora usar o "
+"nome do usuário ao invés do identificador do usuário!"
 
 msgid ""
 "The IPv4 address or the fully-qualified domain name of the remote tunnel end."
-msgstr ""
+msgstr "O endereço IPv4 ou o nome completo (FQDN) da ponta remota do túnel."
 
 msgid ""
 "The IPv6 prefix assigned to the provider, usually ends with <code>::</code>"
@@ -3122,13 +3324,14 @@ msgstr ""
 
 msgid "The configuration file could not be loaded due to the following error:"
 msgstr ""
+"O arquivo de configuração não pode ser carregado devido ao seguinte erro:"
 
 msgid ""
 "The device file of the memory or partition (<abbr title=\"for example\">e.g."
 "</abbr> <code>/dev/sda1</code>)"
 msgstr ""
-"O arquivo do dispositivo de armazenamento ou da partição (<abbr title=\"por "
-"exemplo\">ex.</abbr> <code>/dev/sda1</code>)"
+"O arquivo do dispositivo de armazenamento ou da partição (ex: <code>/dev/"
+"sda1</code>)"
 
 msgid ""
 "The filesystem that was used to format the memory (<abbr title=\"for example"
@@ -3161,7 +3364,6 @@ msgstr "As seguintes regras estão atualmente ativas neste sistema."
 msgid "The given network name is not unique"
 msgstr "O nome de rede informado não é único"
 
-#, fuzzy
 msgid ""
 "The hardware is not multi-SSID capable and the existing configuration will "
 "be replaced if you proceed."
@@ -3179,7 +3381,7 @@ msgid "The length of the IPv6 prefix in bits"
 msgstr "O comprimento do prefixo IPv6 em bits"
 
 msgid "The local IPv4 address over which the tunnel is created (optional)."
-msgstr ""
+msgstr "O endereço IPv4 local sobre o qual o túnel será criado (opcional)."
 
 msgid ""
 "The network ports on this device can be combined to several <abbr title="
@@ -3201,7 +3403,7 @@ msgid "The selected protocol needs a device assigned"
 msgstr "O protocolo selecionado necessita estar associado a um dispositivo"
 
 msgid "The submitted security token is invalid or already expired!"
-msgstr ""
+msgstr "A chave eletrônica enviada é inválida ou já expirou!"
 
 msgid ""
 "The system is erasing the configuration partition now and will reboot itself "
@@ -3210,7 +3412,6 @@ msgstr ""
 "O sistema está apagando agora a partição da configuração e irá reiniciar "
 "quando terminado."
 
-#, fuzzy
 msgid ""
 "The system is flashing now.<br /> DO NOT POWER OFF THE DEVICE!<br /> Wait a "
 "few minutes before you try to reconnect. It might be necessary to renew the "
@@ -3226,6 +3427,8 @@ msgid ""
 "The tunnel end-point is behind NAT, defaults to disabled and only applies to "
 "AYIYA"
 msgstr ""
+"O final do túnel está atrás de um NAT. Por padrão será desabilitado e "
+"somente se aplica a AYIYA"
 
 msgid ""
 "The uploaded image file does not contain a supported format. Make sure that "
@@ -3268,6 +3471,9 @@ msgid ""
 "'server=1.2.3.4' fordomain-specific or full upstream <abbr title=\"Domain "
 "Name System\">DNS</abbr> servers."
 msgstr ""
+"Este arquivo deve conter linhas como 'server=/domain/1.2.3.4' ou "
+"'server=1.2.3.4' para servidores <abbr title=\"Domain Name System/Sistema de "
+"Nomes de Domínios\">DNS</abbr> por domínio ou completos."
 
 msgid ""
 "This is a list of shell glob patterns for matching files and directories to "
@@ -3283,6 +3489,8 @@ msgid ""
 "This is either the \"Update Key\" configured for the tunnel or the account "
 "password if no update key has been configured"
 msgstr ""
+"Isto é a \"Update Key\" configurada para o túnel ou a senha da cpnta se não "
+"tem uma \"Update Keu\" configurada"
 
 msgid ""
 "This is the content of /etc/rc.local. Insert your own commands here (in "
@@ -3306,11 +3514,13 @@ msgstr ""
 "\">DHCP</abbr> na rede local"
 
 msgid "This is the plain username for logging into the account"
-msgstr ""
+msgstr "Este é o nome do usuário em para se autenticar na sua conta"
 
 msgid ""
 "This is the prefix routed to you by the tunnel broker for use by clients"
 msgstr ""
+"Este é o prefixo roteado pelo agente do tunel para você usar com seus "
+"clientes"
 
 msgid "This is the system crontab in which scheduled tasks can be defined."
 msgstr "Este é o sistema de agendamento de tarefas."
@@ -3354,7 +3564,7 @@ msgstr ""
 "de segurança anterior."
 
 msgid "Tone"
-msgstr ""
+msgstr "Tom"
 
 msgid "Total Available"
 msgstr "Total Disponível"
@@ -3393,16 +3603,16 @@ msgid "Tunnel Interface"
 msgstr "Interface de Tunelamento"
 
 msgid "Tunnel Link"
-msgstr ""
+msgstr "Enlace do túnel"
 
 msgid "Tunnel broker protocol"
-msgstr ""
+msgstr "Protocolo do agente do túnel"
 
 msgid "Tunnel setup server"
-msgstr ""
+msgstr "Servidor de configuração do túnel"
 
 msgid "Tunnel type"
-msgstr ""
+msgstr "Tipo de túnel"
 
 msgid "Turbo Mode"
 msgstr "Modo Turbo"
@@ -3425,6 +3635,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "Dispositivo USB"
 
+msgid "USB Ports"
+msgstr "Portas USB"
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3433,6 +3646,8 @@ msgstr "Não é possível a expedição"
 
 msgid "Unavailable Seconds (UAS)"
 msgstr ""
+"Segundos de indisponibilidade (<abbr title=\"Unavailable Seconds\">UAS</"
+"abbr>)"
 
 msgid "Unknown"
 msgstr "Desconhecido"
@@ -3444,7 +3659,7 @@ msgid "Unmanaged"
 msgstr "Não gerenciado"
 
 msgid "Unmount"
-msgstr ""
+msgstr "Desmontar"
 
 msgid "Unsaved Changes"
 msgstr "Alterações Não Salvas"
@@ -3486,22 +3701,24 @@ msgid "Use ISO/IEC 3166 alpha2 country codes."
 msgstr "Usar códigos de países ISO/IEC 3166 alpha2."
 
 msgid "Use MTU on tunnel interface"
-msgstr "Use MTU na interface do túnel"
+msgstr ""
+"Use o <abbr title=\"Maximum Transmission Unit/Unidade Máxima de Transmissão"
+"\">MTU</abbr> na interface do túnel"
 
 msgid "Use TTL on tunnel interface"
 msgstr "Use TTL na interface do túnel"
 
 msgid "Use as external overlay (/overlay)"
-msgstr ""
+msgstr "Use como uma sobreposição externa (/overlay)"
 
 msgid "Use as root filesystem (/)"
-msgstr ""
+msgstr "Usar como o sistema de arquivos raiz (/)"
 
 msgid "Use broadcast flag"
 msgstr "Use a marcação de broadcast"
 
 msgid "Use builtin IPv6-management"
-msgstr ""
+msgstr "Use o gerenciamento do IPv6 embarcado"
 
 msgid "Use custom DNS servers"
 msgstr "Use servidores DNS personalizados"
@@ -3534,11 +3751,18 @@ msgstr "Usado"
 msgid "Used Key Slot"
 msgstr "Posição da Chave Usada"
 
-msgid "User certificate (PEM encoded)"
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
 msgstr ""
+"Usado para dois diferentes propósitos: identificador do RADIUS NAS e do "
+"802.11r R0KH. Não necessário com o WPA(2)-PSK normal."
+
+msgid "User certificate (PEM encoded)"
+msgstr "Certificado do usuário (codificado em formato PEM)"
 
 msgid "User key (PEM encoded)"
-msgstr ""
+msgstr "Chave do usuário (codificada em formato PEM)"
 
 msgid "Username"
 msgstr "Usuário"
@@ -3547,7 +3771,7 @@ msgid "VC-Mux"
 msgstr "VC-Mux"
 
 msgid "VDSL"
-msgstr ""
+msgstr "VDSL"
 
 msgid "VLANs on %q"
 msgstr "VLANs em %q"
@@ -3556,34 +3780,34 @@ msgid "VLANs on %q (%s)"
 msgstr "VLANs em %q (%s)"
 
 msgid "VPN Local address"
-msgstr ""
+msgstr "Endereço Local da VPN"
 
 msgid "VPN Local port"
-msgstr ""
+msgstr "Porta Local da VPN"
 
 msgid "VPN Server"
 msgstr "Servidor VPN"
 
 msgid "VPN Server port"
-msgstr ""
+msgstr "Porta do Servidor VPN"
 
 msgid "VPN Server's certificate SHA1 hash"
-msgstr ""
+msgstr "Resumo digital SHA1 do certificado do servidor VPN"
 
 msgid "VPNC (CISCO 3000 (and others) VPN)"
-msgstr ""
+msgstr "VPNC (VPN do CISCO 3000 (e outros))"
 
 msgid "Vendor"
-msgstr ""
+msgstr "Fabricante"
 
 msgid "Vendor Class to send when requesting DHCP"
 msgstr "Classe do fabricante para enviar quando requisitar o DHCP"
 
 msgid "Verbose"
-msgstr ""
+msgstr "Detalhado"
 
 msgid "Verbose logging by aiccu daemon"
-msgstr ""
+msgstr "Habilite registros detalhados do serviço AICCU"
 
 msgid "Verify"
 msgstr "Verificar"
@@ -3619,6 +3843,8 @@ msgstr ""
 msgid ""
 "Wait for NTP sync that many seconds, seting to 0 disables waiting (optional)"
 msgstr ""
+"Espere esta quantidade de segundos pela sincronia do NTP. Definindo como 0 "
+"desabilita a espera (opcional)"
 
 msgid "Waiting for changes to be applied..."
 msgstr "Esperando a aplicação das mudanças..."
@@ -3627,25 +3853,25 @@ msgid "Waiting for command to complete..."
 msgstr "Esperando o término do comando..."
 
 msgid "Waiting for device..."
-msgstr ""
+msgstr "Esperando pelo dispositivo..."
 
 msgid "Warning"
 msgstr "Atenção"
 
 msgid "Warning: There are unsaved changes that will get lost on reboot!"
-msgstr ""
+msgstr "Atenção: Existem mudanças não salvas que serão perdidas ao reiniciar!"
 
 msgid "Whether to create an IPv6 default route over the tunnel"
-msgstr ""
+msgstr "Se deve criar uma rota padrão IPv6 sobre o túnel"
 
 msgid "Whether to route only packets from delegated prefixes"
-msgstr ""
+msgstr "Se deve rotear somente pacotes de prefixos delegados"
 
 msgid "Width"
-msgstr ""
+msgstr "Largura"
 
 msgid "WireGuard VPN"
-msgstr ""
+msgstr "VPN WireGuard"
 
 msgid "Wireless"
 msgstr "Rede sem fio"
@@ -3684,7 +3910,7 @@ msgid "Write received DNS requests to syslog"
 msgstr "Escreva as requisições DNS para o servidor de registro (syslog)"
 
 msgid "Write system log to file"
-msgstr ""
+msgstr "Escrever registo do sistema (log) no arquivo"
 
 msgid "XR Support"
 msgstr "Suporte a XR"
@@ -3711,6 +3937,9 @@ msgid ""
 "upgrade it to at least version 7 or use another browser like Firefox, Opera "
 "or Safari."
 msgstr ""
+"Seu Internet Explorer é muito velho para mostrar esta página corretamente. "
+"Por favor, atualiza para, ao menos, a versão 7 ou use outro navegador como o "
+"Firefox, Opera ou Safari."
 
 msgid "any"
 msgstr "qualquer"
@@ -3718,9 +3947,8 @@ msgstr "qualquer"
 msgid "auto"
 msgstr "automático"
 
-#, fuzzy
 msgid "automatic"
-msgstr "estático"
+msgstr "automático"
 
 msgid "baseT"
 msgstr "baseT"
@@ -3744,7 +3972,7 @@ msgid "disable"
 msgstr "desativar"
 
 msgid "disabled"
-msgstr ""
+msgstr "desabilitado"
 
 msgid "expired"
 msgstr "expirado"
@@ -3772,7 +4000,7 @@ msgid "hidden"
 msgstr "ocultar"
 
 msgid "hybrid mode"
-msgstr ""
+msgstr "Modo Híbrido"
 
 msgid "if target is a network"
 msgstr "se o destino for uma rede"
@@ -3794,10 +4022,13 @@ msgstr ""
 "Arquivo local de <abbr title=\"Sistema de Nomes de Domínios\">DNS</abbr>"
 
 msgid "minimum 1280, maximum 1480"
-msgstr ""
+msgstr "mínimo 1280, máximo 1480"
+
+msgid "minutes"
+msgstr "minutos"
 
 msgid "navigation Navigation"
-msgstr ""
+msgstr "navegação Navegação"
 
 # Is this yes/no or no like in no one?
 msgid "no"
@@ -3810,7 +4041,7 @@ msgid "none"
 msgstr "nenhum"
 
 msgid "not present"
-msgstr ""
+msgstr "não presente "
 
 msgid "off"
 msgstr "desligado"
@@ -3822,35 +4053,38 @@ msgid "open"
 msgstr "aberto"
 
 msgid "overlay"
-msgstr ""
+msgstr "sobreposição"
 
 msgid "relay mode"
-msgstr ""
+msgstr "modo retransmissor"
 
 msgid "routed"
 msgstr "roteado"
 
 msgid "server mode"
-msgstr ""
+msgstr "modo servidor"
 
 msgid "skiplink1 Skip to navigation"
-msgstr ""
+msgstr "skiplink1 Pular para a navegação"
 
 msgid "skiplink2 Skip to content"
-msgstr ""
+msgstr "skiplink2 Pular para o conteúdo"
 
 msgid "stateful-only"
-msgstr ""
+msgstr "somente com estado"
 
 msgid "stateless"
-msgstr ""
+msgstr "sem estado"
 
 msgid "stateless + stateful"
-msgstr ""
+msgstr "sem estado + com estado"
 
 msgid "tagged"
 msgstr "etiquetado"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr "unidades de tempo (TUs / 1.024 ms) [1000-65535]"
+
 msgid "unknown"
 msgstr "desconhecido"
 
@@ -3872,6 +4106,9 @@ msgstr "sim"
 msgid "« Back"
 msgstr "« Voltar"
 
+#~ msgid "Required. Base64-encoded public key of peer."
+#~ msgstr "Necessário. Chave Pública do parceiro codificada como Base64."
+
 #~ msgid "An additional network will be created if you leave this unchecked."
 #~ msgstr "Uma rede adicional será criada se você deixar isto desmarcado."
 
diff --git a/package/luci/modules/luci-base/po/pt/base.po b/package/luci/modules/luci-base/po/pt/base.po
index d8790dc1ff..389b077a32 100644
--- a/package/luci/modules/luci-base/po/pt/base.po
+++ b/package/luci/modules/luci-base/po/pt/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Carga de 1 Minuto:"
 
 msgid "15 Minute Load:"
 msgstr "Carga de 15 minutos:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Carga 5 Minutos:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 "<abbr title=\"Identificador de Conjunto Básico de Serviços\">BSSID</abbr>"
@@ -877,6 +904,9 @@ msgstr "Desativar temporizador de HW-Beacon"
 msgid "Disabled"
 msgstr "Desativado"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Descartar respostas RFC1918 a montante"
 
@@ -1051,6 +1081,11 @@ msgstr "Ativar/Desativar"
 msgid "Enabled"
 msgstr "Ativado"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Ativa o Spanning Tree nesta bridge"
 
@@ -1100,6 +1135,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Servidor externo de logs de sistema"
 
@@ -1353,6 +1394,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Endereço IP"
 
@@ -1446,6 +1490,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "Endereço-IPv6"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-em-IPv4 (RFC4213)"
 
@@ -1715,6 +1762,22 @@ msgstr ""
 "Lista de servidores <abbr title=\"Sistema Nomes de Domínio\">DNS</abbr> para "
 "onde encaminhar os pedidos"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1906,6 +1969,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Falta a extensão de protocolo para o protocolo %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Modo"
 
@@ -2159,6 +2225,9 @@ msgstr "Opção alterada"
 msgid "Option removed"
 msgstr "Opção removida"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2257,6 +2326,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2386,6 +2458,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2451,6 +2526,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Qualidade"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2543,6 +2624,9 @@ msgstr "Tráfego em Tempo Real"
 msgid "Realtime Wireless"
 msgstr "Wireless em Tempo Real"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Religar protecção"
 
@@ -2561,6 +2645,9 @@ msgstr "Receber"
 msgid "Receiver Antenna"
 msgstr "Antena de Recepção"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Reconetar esta interface"
 
@@ -2612,6 +2699,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Necessário para certos ISPs, p.ex. Charter with DOCSIS 3"
 
@@ -2627,6 +2717,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3360,6 +3455,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "Dispositivo USB"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3461,6 +3559,11 @@ msgstr "Usado"
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3723,6 +3826,9 @@ msgstr ""
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3777,6 +3883,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "desconhecido"
 
diff --git a/package/luci/modules/luci-base/po/ro/base.po b/package/luci/modules/luci-base/po/ro/base.po
index 4135c796a8..365574b174 100644
--- a/package/luci/modules/luci-base/po/ro/base.po
+++ b/package/luci/modules/luci-base/po/ro/base.po
@@ -42,18 +42,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Incarcarea in ultimul minut"
 
 msgid "15 Minute Load:"
 msgstr "Incarcarea in ultimele 15 minute"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Incarcarea in ultimele 5 minute"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -847,6 +874,9 @@ msgstr ""
 msgid "Disabled"
 msgstr "Dezactivat"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -1006,6 +1036,11 @@ msgstr "Activeaza/Dezactiveaza"
 msgid "Enabled"
 msgstr "Activat"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 
@@ -1052,6 +1087,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Server de log-uri extern"
 
@@ -1300,6 +1341,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Adresa IP"
 
@@ -1393,6 +1437,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1653,6 +1700,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1838,6 +1901,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Mod"
 
@@ -2083,6 +2149,9 @@ msgstr "Optiunea schimbata"
 msgid "Option removed"
 msgstr "Optiunea eliminata"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2181,6 +2250,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2310,6 +2382,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2375,6 +2450,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Calitate"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2456,6 +2537,9 @@ msgstr "Traficul in timp real"
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2474,6 +2558,9 @@ msgstr ""
 msgid "Receiver Antenna"
 msgstr "Antena receptorului"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Reconecteaza aceasta interfata"
 
@@ -2525,6 +2612,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2540,6 +2630,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3227,6 +3322,9 @@ msgstr ""
 msgid "USB Device"
 msgstr "Dispozitiv USB"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3328,6 +3426,11 @@ msgstr "Folosit"
 msgid "Used Key Slot"
 msgstr "Slot de cheie folosit"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3579,6 +3682,9 @@ msgstr ""
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3633,6 +3739,9 @@ msgstr ""
 msgid "tagged"
 msgstr "etichetat"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "necunoscut"
 
diff --git a/package/luci/modules/luci-base/po/ru/base.po b/package/luci/modules/luci-base/po/ru/base.po
index e7045884be..d11fbc2cde 100644
--- a/package/luci/modules/luci-base/po/ru/base.po
+++ b/package/luci/modules/luci-base/po/ru/base.po
@@ -45,18 +45,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Загрузка за 1 минуту:"
 
 msgid "15 Minute Load:"
 msgstr "Загрузка за 15 минут:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Загрузка за 5 минут:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Базовый идентификатор обслуживания\">BSSID</abbr>"
 
@@ -876,6 +903,9 @@ msgstr "Отключить таймер HW-Beacon"
 msgid "Disabled"
 msgstr "Отключено"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Отбрасывать ответы RFC1918"
 
@@ -1052,6 +1082,11 @@ msgstr "Включить/выключить"
 msgid "Enabled"
 msgstr "Включено"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Включает Spanning Tree Protocol на этом мосту"
 
@@ -1101,6 +1136,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Сервер системного журнала"
 
@@ -1352,6 +1393,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP-адрес"
 
@@ -1445,6 +1489,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-адрес"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6 в IPv4 (RFC4213)"
 
@@ -1719,6 +1766,22 @@ msgstr ""
 "Список <abbr title=\"Domain Name System\">DNS</abbr>-серверов для "
 "перенаправления запросов"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1911,6 +1974,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Отсутствует расширение протокола %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Режим"
 
@@ -2165,6 +2231,9 @@ msgstr "Опция изменена"
 msgid "Option removed"
 msgstr "Опция удалена"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2265,6 +2334,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2394,6 +2466,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2461,6 +2536,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Качество"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2553,6 +2634,9 @@ msgstr "Трафик в реальном времени"
 msgid "Realtime Wireless"
 msgstr "Беспроводная сеть в реальном времени"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Защита от DNS Rebinding"
 
@@ -2571,6 +2655,9 @@ msgstr "Приём"
 msgid "Receiver Antenna"
 msgstr "Приёмная антенна"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Переподключить этот интерфейс"
 
@@ -2623,6 +2710,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Требуется для некоторых интернет-провайдеров"
 
@@ -2638,6 +2728,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3394,6 +3489,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB-устройство"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3502,6 +3600,11 @@ msgstr "Использовано"
 msgid "Used Key Slot"
 msgstr "Используемый слот ключа"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3764,6 +3867,9 @@ msgstr "локальный <abbr title=\"Служба доменных имён\
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3818,6 +3924,9 @@ msgstr ""
 msgid "tagged"
 msgstr "с тегом"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "неизвестный"
 
diff --git a/package/luci/modules/luci-base/po/sk/base.po b/package/luci/modules/luci-base/po/sk/base.po
index f824029498..017865d138 100644
--- a/package/luci/modules/luci-base/po/sk/base.po
+++ b/package/luci/modules/luci-base/po/sk/base.po
@@ -38,18 +38,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr ""
 
 msgid "15 Minute Load:"
 msgstr ""
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr ""
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 
@@ -828,6 +855,9 @@ msgstr ""
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -987,6 +1017,11 @@ msgstr ""
 msgid "Enabled"
 msgstr ""
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 
@@ -1033,6 +1068,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1278,6 +1319,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr ""
 
@@ -1371,6 +1415,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1628,6 +1675,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1813,6 +1876,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr ""
 
@@ -2058,6 +2124,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2156,6 +2225,9 @@ msgstr ""
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2285,6 +2357,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2350,6 +2425,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2429,6 +2510,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2447,6 +2531,9 @@ msgstr ""
 msgid "Receiver Antenna"
 msgstr ""
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2498,6 +2585,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2513,6 +2603,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3197,6 +3292,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3298,6 +3396,11 @@ msgstr ""
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3547,6 +3650,9 @@ msgstr ""
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3601,6 +3707,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/sv/base.po b/package/luci/modules/luci-base/po/sv/base.po
index 4e228082e2..e7e437fe5c 100644
--- a/package/luci/modules/luci-base/po/sv/base.po
+++ b/package/luci/modules/luci-base/po/sv/base.po
@@ -41,18 +41,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Belastning senaste minuten:"
 
 msgid "15 Minute Load:"
 msgstr "Belastning senaste 15 minutrarna:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Belastning senaste 5 minutrarna:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -834,6 +861,9 @@ msgstr ""
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -993,6 +1023,11 @@ msgstr ""
 msgid "Enabled"
 msgstr ""
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 
@@ -1039,6 +1074,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1284,6 +1325,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr ""
 
@@ -1377,6 +1421,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1634,6 +1681,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1819,6 +1882,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr ""
 
@@ -2064,6 +2130,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2162,6 +2231,9 @@ msgstr ""
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2291,6 +2363,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2356,6 +2431,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2435,6 +2516,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2453,6 +2537,9 @@ msgstr ""
 msgid "Receiver Antenna"
 msgstr ""
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2504,6 +2591,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2519,6 +2609,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3203,6 +3298,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3304,6 +3402,11 @@ msgstr ""
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3553,6 +3656,9 @@ msgstr ""
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3607,6 +3713,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/templates/base.pot b/package/luci/modules/luci-base/po/templates/base.pot
index 5a77cd2938..cc47c2c6f2 100644
--- a/package/luci/modules/luci-base/po/templates/base.pot
+++ b/package/luci/modules/luci-base/po/templates/base.pot
@@ -31,18 +31,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr ""
 
 msgid "15 Minute Load:"
 msgstr ""
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr ""
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 
@@ -821,6 +848,9 @@ msgstr ""
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -980,6 +1010,11 @@ msgstr ""
 msgid "Enabled"
 msgstr ""
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 
@@ -1026,6 +1061,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1271,6 +1312,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr ""
 
@@ -1364,6 +1408,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1621,6 +1668,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1806,6 +1869,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr ""
 
@@ -2051,6 +2117,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2149,6 +2218,9 @@ msgstr ""
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2278,6 +2350,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2343,6 +2418,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2422,6 +2503,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2440,6 +2524,9 @@ msgstr ""
 msgid "Receiver Antenna"
 msgstr ""
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2491,6 +2578,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2506,6 +2596,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3190,6 +3285,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3291,6 +3389,11 @@ msgstr ""
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3540,6 +3643,9 @@ msgstr ""
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3594,6 +3700,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/tr/base.po b/package/luci/modules/luci-base/po/tr/base.po
index 7f0ea7e166..09312734a2 100644
--- a/package/luci/modules/luci-base/po/tr/base.po
+++ b/package/luci/modules/luci-base/po/tr/base.po
@@ -41,18 +41,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "1 Dakikalık Yük:"
 
 msgid "15 Minute Load:"
 msgstr "15 Dakikalık Yük:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "5 Dakikalık Yük:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\\\"Temel Servis Ayar Tanımlayıcısı\\\"> BSSID </abbr>"
 
@@ -841,6 +868,9 @@ msgstr ""
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -1000,6 +1030,11 @@ msgstr ""
 msgid "Enabled"
 msgstr ""
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 
@@ -1046,6 +1081,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1291,6 +1332,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr ""
 
@@ -1384,6 +1428,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1641,6 +1688,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1826,6 +1889,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr ""
 
@@ -2071,6 +2137,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2169,6 +2238,9 @@ msgstr ""
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2298,6 +2370,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2363,6 +2438,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2442,6 +2523,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2460,6 +2544,9 @@ msgstr ""
 msgid "Receiver Antenna"
 msgstr ""
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2511,6 +2598,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2526,6 +2616,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3210,6 +3305,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3311,6 +3409,11 @@ msgstr ""
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3562,6 +3665,9 @@ msgstr "yerel <abbr title=\"Domain Name System\">DNS</abbr> dosyası"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3616,6 +3722,9 @@ msgstr ""
 msgid "tagged"
 msgstr "etiketlendi"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/uk/base.po b/package/luci/modules/luci-base/po/uk/base.po
index 29b1514e27..5abf039e85 100644
--- a/package/luci/modules/luci-base/po/uk/base.po
+++ b/package/luci/modules/luci-base/po/uk/base.po
@@ -42,18 +42,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "Навантаження за 1 хвилину:"
 
 msgid "15 Minute Load:"
 msgstr "Навантаження за 15 хвилин:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "Навантаження за 5 хвилин:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr ""
 "<abbr title=\"Basic Service Set Identifier — ідентифікатор основної служби "
@@ -886,6 +913,9 @@ msgstr "Вимкнути таймер HW-Beacon"
 msgid "Disabled"
 msgstr "Вимкнено"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "Відкидати RFC1918-відповіді від клієнта на сервер"
 
@@ -1061,6 +1091,11 @@ msgstr "Увімкнено/Вимкнено"
 msgid "Enabled"
 msgstr "Увімкнено"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr ""
 "Увімкнути <abbr title=\"Spanning Tree Protocol\">STP</abbr> на цьому мосту"
@@ -1109,6 +1144,12 @@ msgstr "Термін оренди адрес, мінімум 2 хвилини (<
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "Зовнішній сервер системного журналу"
 
@@ -1360,6 +1401,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP-адреса"
 
@@ -1453,6 +1497,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-адреса"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6 у IPv4 (RFC4213)"
 
@@ -1726,6 +1773,22 @@ msgstr ""
 "Список <abbr title=\"Domain Name System\">DNS</abbr>-серверів, до яких "
 "пересилати запити"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1920,6 +1983,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "Відсутні розширення для протоколу %q"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Режим"
 
@@ -2173,6 +2239,9 @@ msgstr "Опція змінена"
 msgid "Option removed"
 msgstr "Опція видалена"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2276,6 +2345,9 @@ msgstr ""
 "<abbr title=\"Personal Identification Number — Персональний ідентифікаційний "
 "номер\">>PIN</abbr>"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2405,6 +2477,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2472,6 +2547,12 @@ msgstr ""
 msgid "Quality"
 msgstr "Якість"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2567,6 +2648,9 @@ msgstr "Трафік у реальному часі"
 msgid "Realtime Wireless"
 msgstr "Бездротові мережі у реальному часі"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "Захист від переприв'язки"
 
@@ -2585,6 +2669,9 @@ msgstr "Прийом"
 msgid "Receiver Antenna"
 msgstr "Антена приймача"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "Перепідключити цей інтерфейс"
 
@@ -2636,6 +2723,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "Потрібно для деяких провайдерів, наприклад, Charter із DOCSIS 3"
 
@@ -2651,6 +2741,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3410,6 +3505,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB-пристрій"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3518,6 +3616,11 @@ msgstr "Використано"
 msgid "Used Key Slot"
 msgstr "Використовується слот ключа"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3779,6 +3882,9 @@ msgstr ""
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3833,6 +3939,9 @@ msgstr ""
 msgid "tagged"
 msgstr "з позначкою"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "невідомий"
 
diff --git a/package/luci/modules/luci-base/po/vi/base.po b/package/luci/modules/luci-base/po/vi/base.po
index 0cc83bf5a1..162bd30664 100644
--- a/package/luci/modules/luci-base/po/vi/base.po
+++ b/package/luci/modules/luci-base/po/vi/base.po
@@ -43,18 +43,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr ""
 
 msgid "15 Minute Load:"
 msgstr ""
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr ""
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Dịch vụ căn bản đặt Identifier\">BSSID</abbr>"
 
@@ -837,6 +864,9 @@ msgstr "Vô hiệu hóa bộ chỉnh giờ HW-Beacon"
 msgid "Disabled"
 msgstr ""
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr ""
 
@@ -1005,6 +1035,11 @@ msgstr "Cho kích hoạt/ Vô hiệu hóa"
 msgid "Enabled"
 msgstr ""
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "Kích hoạt Spanning Tree Protocol trên cầu nối này"
 
@@ -1051,6 +1086,12 @@ msgstr ""
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr ""
 
@@ -1298,6 +1339,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "Địa chỉ IP"
 
@@ -1391,6 +1435,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr ""
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr ""
 
@@ -1656,6 +1703,22 @@ msgid ""
 "requests to"
 msgstr ""
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1841,6 +1904,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr ""
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "Chế độ"
 
@@ -2094,6 +2160,9 @@ msgstr ""
 msgid "Option removed"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2192,6 +2261,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr ""
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr ""
 
@@ -2321,6 +2393,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2386,6 +2461,12 @@ msgstr ""
 msgid "Quality"
 msgstr ""
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2467,6 +2548,9 @@ msgstr ""
 msgid "Realtime Wireless"
 msgstr ""
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr ""
 
@@ -2485,6 +2569,9 @@ msgstr "Receive"
 msgid "Receiver Antenna"
 msgstr "Máy thu Antenna"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr ""
 
@@ -2536,6 +2623,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr ""
 
@@ -2551,6 +2641,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3252,6 +3347,9 @@ msgstr ""
 msgid "USB Device"
 msgstr ""
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr ""
 
@@ -3353,6 +3451,11 @@ msgstr "Đã sử dụng"
 msgid "Used Key Slot"
 msgstr ""
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3609,6 +3712,9 @@ msgstr "Tập tin <abbr title=\"Domain Name System\">DNS</abbr> địa phương"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3663,6 +3769,9 @@ msgstr ""
 msgid "tagged"
 msgstr ""
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr ""
 
diff --git a/package/luci/modules/luci-base/po/zh-cn/base.po b/package/luci/modules/luci-base/po/zh-cn/base.po
index 7c00f8ff88..dca93f0a19 100644
--- a/package/luci/modules/luci-base/po/zh-cn/base.po
+++ b/package/luci/modules/luci-base/po/zh-cn/base.po
@@ -43,18 +43,45 @@ msgstr "-- 根据设备匹配 --"
 msgid "-- match by label --"
 msgstr "-- 根据标签匹配 --"
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "1分钟负载:"
 
 msgid "15 Minute Load:"
 msgstr "15分钟负载:"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr "464XLAT (CLAT)"
 
 msgid "5 Minute Load:"
 msgstr "5分钟负载:"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"基本服务集标识符\">BSSID</abbr>"
 
@@ -844,6 +871,9 @@ msgstr "停用HW-Beacon计时器"
 msgid "Disabled"
 msgstr "禁用"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "丢弃RFC1918上行响应数据"
 
@@ -1005,6 +1035,11 @@ msgstr "启用/禁用"
 msgid "Enabled"
 msgstr "启用"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "在此桥接上启用生成协议树"
 
@@ -1051,6 +1086,12 @@ msgstr "租用地址的到期时间，最短2分钟(<code>2m</code>)。"
 msgid "External"
 msgstr "远程"
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "远程日志服务器"
 
@@ -1300,6 +1341,9 @@ msgstr "混合"
 msgid "IKE DH Group"
 msgstr "IKE DH组"
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP地址"
 
@@ -1393,6 +1437,9 @@ msgstr "IPv6路由前缀"
 msgid "IPv6-Address"
 msgstr "IPv6-地址"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6-in-IPv4 (RFC4213)"
 
@@ -1652,6 +1699,22 @@ msgid ""
 "requests to"
 msgstr "将指定的域名DNS解析转发到指定的DNS服务器（按照示例填写）"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr "用于认证的SSH密钥文件列表"
 
@@ -1838,6 +1901,9 @@ msgstr "数据包镜像源端口"
 msgid "Missing protocol extension for proto %q"
 msgstr "缺少协议 %q 的协议扩展"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "模式"
 
@@ -2083,6 +2149,9 @@ msgstr "修改的选项"
 msgid "Option removed"
 msgstr "移除的选项"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr "可选，设置这个选项会覆盖默认设定的服务器(tic.sixxs.net)"
 
@@ -2183,6 +2252,9 @@ msgstr "PID"
 msgid "PIN"
 msgstr "PIN"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP"
 
@@ -2312,6 +2384,9 @@ msgstr "电源管理模式"
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr "抢占式CRC错误(CRCP_P)"
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr "预共享密钥"
 
@@ -2377,6 +2452,12 @@ msgstr "QMI蜂窝"
 msgid "Quality"
 msgstr "质量"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr "RFC3947 NAT-T模式"
 
@@ -2465,6 +2546,9 @@ msgstr "实时流量"
 msgid "Realtime Wireless"
 msgstr "实时无线"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "重绑定保护"
 
@@ -2483,6 +2567,9 @@ msgstr "接收"
 msgid "Receiver Antenna"
 msgstr "接收天线"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "重连此接口"
 
@@ -2534,6 +2621,9 @@ msgstr "请求指定长度的IPv6前缀"
 msgid "Require TLS"
 msgstr "必须使用TLS"
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "某些ISP需要，例如：同轴线网络DOCSIS 3"
 
@@ -2551,6 +2641,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr "必须，Peer的公钥。"
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3257,6 +3352,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB设备"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "UUID"
 
@@ -3360,6 +3458,11 @@ msgstr "已用"
 msgid "Used Key Slot"
 msgstr "启用密码组"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr "客户证书(PEM加密的)"
 
@@ -3615,6 +3718,9 @@ msgstr "本地<abbr title=\"域名服务系统\">DNS</abbr>解析文件"
 msgid "minimum 1280, maximum 1480"
 msgstr "最小值1280，最大值1480"
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr "导航"
 
@@ -3669,6 +3775,9 @@ msgstr "有状态和无状态的"
 msgid "tagged"
 msgstr "关联"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "未知"
 
diff --git a/package/luci/modules/luci-base/po/zh-tw/base.po b/package/luci/modules/luci-base/po/zh-tw/base.po
index 15ffafc2b4..8f759b8d5f 100644
--- a/package/luci/modules/luci-base/po/zh-tw/base.po
+++ b/package/luci/modules/luci-base/po/zh-tw/base.po
@@ -41,18 +41,45 @@ msgstr ""
 msgid "-- match by label --"
 msgstr ""
 
+msgid "-- match by uuid --"
+msgstr ""
+
 msgid "1 Minute Load:"
 msgstr "1分鐘負載"
 
 msgid "15 Minute Load:"
 msgstr "15分鐘負載"
 
+msgid "4-character hexadecimal ID"
+msgstr ""
+
 msgid "464XLAT (CLAT)"
 msgstr ""
 
 msgid "5 Minute Load:"
 msgstr "5分鐘負載"
 
+msgid "6-octet identifier as a hex string - no colons"
+msgstr ""
+
+msgid "802.11r Fast Transition"
+msgstr ""
+
+msgid "802.11w Association SA Query maximum timeout"
+msgstr ""
+
+msgid "802.11w Association SA Query retry timeout"
+msgstr ""
+
+msgid "802.11w Management Frame Protection"
+msgstr ""
+
+msgid "802.11w maximum timeout"
+msgstr ""
+
+msgid "802.11w retry timeout"
+msgstr ""
+
 msgid "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 msgstr "<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"
 
@@ -851,6 +878,9 @@ msgstr "關閉硬體燈號計時器"
 msgid "Disabled"
 msgstr "關閉"
 
+msgid "Disabled (default)"
+msgstr ""
+
 msgid "Discard upstream RFC1918 responses"
 msgstr "丟棄上游RFC1918 虛擬IP網路的回應"
 
@@ -1017,6 +1047,11 @@ msgstr "啟用/關閉"
 msgid "Enabled"
 msgstr "啟用"
 
+msgid ""
+"Enables fast roaming among access points that belong to the same Mobility "
+"Domain"
+msgstr ""
+
 msgid "Enables the Spanning Tree Protocol on this bridge"
 msgstr "在橋接器上啟用802.1d Spanning Tree協定"
 
@@ -1064,6 +1099,12 @@ msgstr "釋放位址的過期週期,最少兩分鐘 (<code>2m</code>)."
 msgid "External"
 msgstr ""
 
+msgid "External R0 Key Holder List"
+msgstr ""
+
+msgid "External R1 Key Holder List"
+msgstr ""
+
 msgid "External system log server"
 msgstr "外部系統日誌伺服器"
 
@@ -1309,6 +1350,9 @@ msgstr ""
 msgid "IKE DH Group"
 msgstr ""
 
+msgid "IP Addresses"
+msgstr ""
+
 msgid "IP address"
 msgstr "IP位址"
 
@@ -1402,6 +1446,9 @@ msgstr ""
 msgid "IPv6-Address"
 msgstr "IPv6-位址"
 
+msgid "IPv6-PD"
+msgstr ""
+
 msgid "IPv6-in-IPv4 (RFC4213)"
 msgstr "IPv6包覆在IPv4內(RFC4213)"
 
@@ -1664,6 +1711,22 @@ msgid ""
 "requests to"
 msgstr "列出 <abbr title=\"Domain Name System\">DNS</abbr> 伺服器以便轉發請求"
 
+msgid ""
+"List of R0KHs in the same Mobility Domain. <br />Format: MAC-address,NAS-"
+"Identifier,128-bit key as hex string. <br />This list is used to map R0KH-ID "
+"(NAS Identifier) to a destination MAC address when requesting PMK-R1 key "
+"from the R0KH that the STA used during the Initial Mobility Domain "
+"Association."
+msgstr ""
+
+msgid ""
+"List of R1KHs in the same Mobility Domain. <br />Format: MAC-address,R1KH-ID "
+"as 6 octets with colons,128-bit key as hex string. <br />This list is used "
+"to map R1KH-ID to a destination MAC address when sending PMK-R1 key from the "
+"R0KH. This is also the list of authorized R1KHs in the MD that can request "
+"PMK-R1 keys."
+msgstr ""
+
 msgid "List of SSH key files for auth"
 msgstr ""
 
@@ -1850,6 +1913,9 @@ msgstr ""
 msgid "Missing protocol extension for proto %q"
 msgstr "協定  %q 漏失的延伸協定"
 
+msgid "Mobility Domain"
+msgstr ""
+
 msgid "Mode"
 msgstr "模式"
 
@@ -2099,6 +2165,9 @@ msgstr "選項已變更"
 msgid "Option removed"
 msgstr "選項已移除"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Optional, specify to override default server (tic.sixxs.net)"
 msgstr ""
 
@@ -2197,6 +2266,9 @@ msgstr "PID碼"
 msgid "PIN"
 msgstr "PIN碼"
 
+msgid "PMK R1 Push"
+msgstr ""
+
 msgid "PPP"
 msgstr "PPP協定"
 
@@ -2326,6 +2398,9 @@ msgstr ""
 msgid "Pre-emtive CRC errors (CRCP_P)"
 msgstr ""
 
+msgid "Prefix Delegated"
+msgstr ""
+
 msgid "Preshared Key"
 msgstr ""
 
@@ -2391,6 +2466,12 @@ msgstr ""
 msgid "Quality"
 msgstr "品質"
 
+msgid "R0 Key Lifetime"
+msgstr ""
+
+msgid "R1 Key Holder"
+msgstr ""
+
 msgid "RFC3947 NAT-T mode"
 msgstr ""
 
@@ -2481,6 +2562,9 @@ msgstr "即時流量"
 msgid "Realtime Wireless"
 msgstr "即時無線網路"
 
+msgid "Reassociation Deadline"
+msgstr ""
+
 msgid "Rebind protection"
 msgstr "重新綁護"
 
@@ -2499,6 +2583,9 @@ msgstr "接收"
 msgid "Receiver Antenna"
 msgstr "接收天線"
 
+msgid "Recommended. IP addresses of the WireGuard interface."
+msgstr ""
+
 msgid "Reconnect this interface"
 msgstr "重新連接這個介面"
 
@@ -2550,6 +2637,9 @@ msgstr ""
 msgid "Require TLS"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
 msgid "Required for certain ISPs, e.g. Charter with DOCSIS 3"
 msgstr "對特定的ISP需要,例如.DOCSIS 3 加速有線電視寬頻網路"
 
@@ -2565,6 +2655,11 @@ msgstr ""
 msgid "Required. Public key of peer."
 msgstr ""
 
+msgid ""
+"Requires the 'full' version of wpad/hostapd and support from the wifi driver "
+"<br />(as of Feb 2017: ath9k and ath10k, in LEDE also mwlwifi and mt76)"
+msgstr ""
+
 msgid ""
 "Requires upstream supports DNSSEC; verify unsigned domain responses really "
 "come from unsigned domains"
@@ -3284,6 +3379,9 @@ msgstr "UMTS/GPRS/EV-DO"
 msgid "USB Device"
 msgstr "USB設備"
 
+msgid "USB Ports"
+msgstr ""
+
 msgid "UUID"
 msgstr "設備通用唯一識別碼UUID"
 
@@ -3390,6 +3488,11 @@ msgstr "已使用"
 msgid "Used Key Slot"
 msgstr "已使用的關鍵插槽"
 
+msgid ""
+"Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not "
+"needed with normal WPA(2)-PSK."
+msgstr ""
+
 msgid "User certificate (PEM encoded)"
 msgstr ""
 
@@ -3645,6 +3748,9 @@ msgstr "本地<abbr title=\"Domain Name System\">DNS</abbr> 檔案"
 msgid "minimum 1280, maximum 1480"
 msgstr ""
 
+msgid "minutes"
+msgstr ""
+
 msgid "navigation Navigation"
 msgstr ""
 
@@ -3699,6 +3805,9 @@ msgstr ""
 msgid "tagged"
 msgstr "標籤"
 
+msgid "time units (TUs / 1.024 ms) [1000-65535]"
+msgstr ""
+
 msgid "unknown"
 msgstr "未知"
 
diff --git a/package/luci/modules/luci-base/src/mkversion.sh b/package/luci/modules/luci-base/src/mkversion.sh
index 229bee4952..e2d02c1c74 100755
--- a/package/luci/modules/luci-base/src/mkversion.sh
+++ b/package/luci/modules/luci-base/src/mkversion.sh
@@ -15,7 +15,7 @@ if pcall(dofile, "/etc/openwrt_release") and _G.DISTRIB_DESCRIPTION then
 		end
 	end
 else
-	distname    = "libreCMC"
+	distname    = "OpenWrt"
 	distversion = "Development Snapshot"
 end
 
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua b/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
index 3b5f3eb8de..2cb2108b9f 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
@@ -238,6 +238,7 @@ function iface_status(ifaces)
 				ipaddrs    = net:ipaddrs(),
 				ip6addrs   = net:ip6addrs(),
 				dnsaddrs   = net:dnsaddrs(),
+				ip6prefix  = net:ip6prefix(),
 				name       = device:shortname(),
 				type       = device:type(),
 				ifname     = device:name(),
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua b/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
index 24db1e4ff5..ad575e0d26 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
@@ -24,8 +24,10 @@ function index()
 	entry({"admin", "status", "realtime", "bandwidth"}, template("admin_status/bandwidth"), _("Traffic"), 2).leaf = true
 	entry({"admin", "status", "realtime", "bandwidth_status"}, call("action_bandwidth")).leaf = true
 
-	entry({"admin", "status", "realtime", "wireless"}, template("admin_status/wireless"), _("Wireless"), 3).leaf = true
-	entry({"admin", "status", "realtime", "wireless_status"}, call("action_wireless")).leaf = true
+	if nixio.fs.access("/etc/config/wireless") then
+		entry({"admin", "status", "realtime", "wireless"}, template("admin_status/wireless"), _("Wireless"), 3).leaf = true
+		entry({"admin", "status", "realtime", "wireless_status"}, call("action_wireless")).leaf = true
+	end
 
 	entry({"admin", "status", "realtime", "connections"}, template("admin_status/connections"), _("Connections"), 4).leaf = true
 	entry({"admin", "status", "realtime", "connections_status"}, call("action_connections")).leaf = true
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua b/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua
index cf8cfb5d2d..5478afa3e6 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua
@@ -52,6 +52,7 @@ function action_clock_status()
 			luci.sys.call("date -s '%04d-%02d-%02d %02d:%02d:%02d'" %{
 				date.year, date.month, date.day, date.hour, date.min, date.sec
 			})
+			luci.sys.call("/etc/init.d/sysfixtime restart")
 		end
 	end
 
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
index 2dff4ddc81..222b362731 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -42,6 +42,9 @@ end
 
 -- wireless toggle was requested, commit and reload page
 function m.parse(map)
+	local new_cc = m:formvalue("cbid.wireless.%s.country" % wdev:name())
+	local old_cc = m:get(wdev:name(), "country")
+
 	if m:formvalue("cbid.wireless.%s.__toggle" % wdev:name()) then
 		if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
 			wnet:set("disabled", nil)
@@ -56,7 +59,14 @@ function m.parse(map)
 		luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
 		return
 	end
+
 	Map.parse(map)
+
+	if m:get(wdev:name(), "type") == "mac80211" and new_cc and new_cc ~= old_cc then
+		luci.sys.call("iw reg set %q" % new_cc)
+		luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
+		return
+	end
 end
 
 m.title = luci.util.pcdata(wnet:get_i18n())
@@ -94,7 +104,7 @@ local function txpower_current(pwr, list)
 			end
 		end
 	end
-	return (list[#list] and list[#list].driver_dbm) or pwr or 0
+	return pwr or ""
 end
 
 local iw = luci.sys.wifi.getiwinfo(arg[1])
@@ -191,7 +201,7 @@ end
 ------------------- MAC80211 Device ------------------
 
 if hwtype == "mac80211" then
-	if #tx_power_list > 1 then
+	if #tx_power_list > 0 then
 		tp = s:taboption("general", ListValue,
 			"txpower", translate("Transmit Power"), "dBm")
 		tp.rmempty = true
@@ -200,6 +210,7 @@ if hwtype == "mac80211" then
 			return txpower_current(Value.cfgvalue(...), tx_power_list)
 		end
 
+		tp:value("", translate("auto"))
 		for _, p in ipairs(tx_power_list) do
 			tp:value(p.driver_dbm, "%i dBm (%i mW)"
 				%{ p.display_dbm, p.display_mw })
@@ -251,6 +262,7 @@ if hwtype == "atheros" then
 		return txpower_current(Value.cfgvalue(...), tx_power_list)
 	end
 
+	tp:value("", translate("auto"))
 	for _, p in ipairs(tx_power_list) do
 		tp:value(p.driver_dbm, "%i dBm (%i mW)"
 			%{ p.display_dbm, p.display_mw })
@@ -308,6 +320,7 @@ if hwtype == "broadcom" then
 		return txpower_current(Value.cfgvalue(...), tx_power_list)
 	end
 
+	tp:value("", translate("auto"))
 	for _, p in ipairs(tx_power_list) do
 		tp:value(p.driver_dbm, "%i dBm (%i mW)"
 			%{ p.display_dbm, p.display_mw })
@@ -887,13 +900,91 @@ end
 
 
 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
-	nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"))
+
+	-- Probe 802.11r support (and EAP support as a proxy for Openwrt)
+	local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
+
+	ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
+		translate("802.11r Fast Transition"),
+		translate("Enables fast roaming among access points that belong " ..
+			"to the same Mobility Domain"))
+	ieee80211r:depends({mode="ap", encryption="wpa"})
+	ieee80211r:depends({mode="ap", encryption="wpa2"})
+	ieee80211r:depends({mode="ap-wds", encryption="wpa"})
+	ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
+	if has_80211r then
+		ieee80211r:depends({mode="ap", encryption="psk"})
+		ieee80211r:depends({mode="ap", encryption="psk2"})
+		ieee80211r:depends({mode="ap", encryption="psk-mixed"})
+	end
+	ieee80211r.rmempty = true
+
+	nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
+		translate("Used for two different purposes: RADIUS NAS ID and " ..
+			"802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
 	nasid:depends({mode="ap", encryption="wpa"})
 	nasid:depends({mode="ap", encryption="wpa2"})
 	nasid:depends({mode="ap-wds", encryption="wpa"})
 	nasid:depends({mode="ap-wds", encryption="wpa2"})
+	nasid:depends({ieee80211r="1"})
 	nasid.rmempty = true
 
+	mobility_domain = s:taboption("encryption", Value, "mobility_domain",
+			translate("Mobility Domain"),
+			translate("4-character hexadecimal ID"))
+	mobility_domain:depends({ieee80211r="1"})
+	mobility_domain.placeholder = "4f57"
+	mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
+	mobility_domain.rmempty = true
+
+	r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
+			translate("R0 Key Lifetime"), translate("minutes"))
+	r0_key_lifetime:depends({ieee80211r="1"})
+	r0_key_lifetime.placeholder = "10000"
+	r0_key_lifetime.datatype = "uinteger"
+	r0_key_lifetime.rmempty = true
+
+	r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
+			translate("R1 Key Holder"),
+			translate("6-octet identifier as a hex string - no colons"))
+	r1_key_holder:depends({ieee80211r="1"})
+	r1_key_holder.placeholder = "00004f577274"
+	r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
+	r1_key_holder.rmempty = true
+
+	reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
+		translate("Reassociation Deadline"),
+		translate("time units (TUs / 1.024 ms) [1000-65535]"))
+	reassociation_deadline:depends({ieee80211r="1"})
+	reassociation_deadline.placeholder = "1000"
+	reassociation_deadline.datatype = "range(1000,65535)"
+	reassociation_deadline.rmempty = true
+
+	pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
+	pmk_r1_push:depends({ieee80211r="1"})
+	pmk_r1_push.placeholder = "0"
+	pmk_r1_push.rmempty = true
+
+	r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
+		translate("List of R0KHs in the same Mobility Domain. " ..
+			"<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
+			"<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
+			"MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
+			"used during the Initial Mobility Domain Association."))
+
+	r0kh:depends({ieee80211r="1"})
+	r0kh.rmempty = true
+
+	r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
+		translate ("List of R1KHs in the same Mobility Domain. "..
+			"<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
+			"<br />This list is used to map R1KH-ID to a destination MAC address " ..
+			"when sending PMK-R1 key from the R0KH. This is also the " ..
+			"list of authorized R1KHs in the MD that can request PMK-R1 keys."))
+	r1kh:depends({ieee80211r="1"})
+	r1kh.rmempty = true
+	-- End of 802.11r options
+
 	eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
 	eaptype:value("tls",  "TLS")
 	eaptype:value("ttls", "TTLS")
@@ -1032,6 +1123,47 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
 	password.password = true
 end
 
+-- ieee802.11w options
+if hwtype == "mac80211" then
+   local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
+   if has_80211w then
+	ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
+		translate("802.11w Management Frame Protection"),
+		translate("Requires the 'full' version of wpad/hostapd " ..
+			"and support from the wifi driver <br />(as of Feb 2017: " ..
+			"ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
+	ieee80211w.default = ""
+	ieee80211w.rmempty = true
+	ieee80211w:value("", translate("Disabled (default)"))
+	ieee80211w:value("1", translate("Optional"))
+	ieee80211w:value("2", translate("Required"))
+	ieee80211w:depends({mode="ap", encryption="wpa2"})
+	ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
+	ieee80211w:depends({mode="ap", encryption="psk2"})
+	ieee80211w:depends({mode="ap", encryption="psk-mixed"})
+	ieee80211w:depends({mode="ap-wds", encryption="psk2"})
+	ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
+
+	max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
+			translate("802.11w maximum timeout"),
+			translate("802.11w Association SA Query maximum timeout"))
+	max_timeout:depends({ieee80211w="1"})
+	max_timeout:depends({ieee80211w="2"})
+	max_timeout.datatype = "uinteger"
+	max_timeout.placeholder = "1000"
+	max_timeout.rmempty = true
+
+	retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
+			translate("802.11w retry timeout"),
+			translate("802.11w Association SA Query retry timeout"))
+	retry_timeout:depends({ieee80211w="1"})
+	retry_timeout:depends({ieee80211w="2"})
+	retry_timeout.datatype = "uinteger"
+	retry_timeout.placeholder = "201"
+	retry_timeout.rmempty = true
+   end
+end
+
 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
 	local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
 	local hostcli = fs.access("/usr/sbin/hostapd_cli")
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi_add.lua b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi_add.lua
index 7dd094d7ec..8277deb2f6 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi_add.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi_add.lua
@@ -16,7 +16,7 @@ if not iw then
 	return
 end
 
-m = SimpleForm("network", translate("Joining Network: %q", http.formvalue("join")))
+m = SimpleForm("network", translatef("Joining Network: %q", http.formvalue("join")))
 m.cancel = translate("Back to scan results")
 m.reset = false
 
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/admin.lua b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/admin.lua
index 1e475640be..493a735bde 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/admin.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/admin.lua
@@ -21,7 +21,7 @@ function s.cfgsections()
 	return { "_pass" }
 end
 
-function m.on_commit(map)
+function m.parse(map)
 	local v1 = pw1:formvalue("_pass")
 	local v2 = pw2:formvalue("_pass")
 
@@ -36,6 +36,8 @@ function m.on_commit(map)
 			m.message = translate("Given password confirmation did not match, password not changed!")
 		end
 	end
+
+	Map.parse(map)
 end
 
 
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/fstab/mount.lua b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/fstab/mount.lua
index f5751673fd..a85872afad 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/fstab/mount.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/fstab/mount.lua
@@ -56,6 +56,8 @@ mount:taboption("general", Flag, "enabled", translate("Enable this mount")).rmem
 o = mount:taboption("general", Value, "uuid", translate("UUID"),
 	translate("If specified, mount the device by its UUID instead of a fixed device node"))
 
+o:value("", translate("-- match by uuid --"))
+
 for i, d in ipairs(devices) do
 	if d.uuid and d.size then
 		o:value(d.uuid, "%s (%s, %d MB)" %{ d.uuid, d.dev, d.size })
@@ -64,12 +66,12 @@ for i, d in ipairs(devices) do
 	end
 end
 
-o:value("", translate("-- match by label --"))
-
 
 o = mount:taboption("general", Value, "label", translate("Label"),
 	translate("If specified, mount the device by the partition label instead of a fixed device node"))
 
+o:value("", translate("-- match by label --"))
+
 o:depends("uuid", "")
 
 for i, d in ipairs(devices) do
@@ -80,12 +82,12 @@ for i, d in ipairs(devices) do
 	end
 end
 
-o:value("", translate("-- match by device --"))
-
 
 o = mount:taboption("general", Value, "device", translate("Device"),
 	translate("The device file of the memory or partition (<abbr title=\"for example\">e.g.</abbr> <code>/dev/sda1</code>)"))
 
+o:value("", translate("-- match by device --"))
+
 o:depends({ uuid = "", label = "" })
 
 for i, d in ipairs(devices) do
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/leds.lua b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/leds.lua
index 8d9bcb1371..74e2f1a19d 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/leds.lua
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/model/cbi/admin_system/leds.lua
@@ -7,10 +7,11 @@ local sysfs_path = "/sys/class/leds/"
 local leds = {}
 
 local fs   = require "nixio.fs"
-local util = require "nixio.util"
+local nu   = require "nixio.util"
+local util = require "luci.util"
 
 if fs.access(sysfs_path) then
-	leds = util.consume((fs.dir(sysfs_path)))
+	leds = nu.consume((fs.dir(sysfs_path)))
 end
 
 if #leds == 0 then
@@ -109,6 +110,33 @@ function usbdev.remove(self, section)
 	end
 end
 
+
+usbport = s:option(MultiValue, "port", translate("USB Ports"))
+usbport:depends("trigger", "usbport")
+usbport.rmempty = true
+usbport.widget = "checkbox"
+usbport.cast = "table"
+usbport.size = 1
+
+function usbport.valuelist(self, section)
+	local port, ports = nil, {}
+	for port in util.imatch(m.uci:get("system", section, "port")) do
+		local b, n = port:match("^usb(%d+)-port(%d+)$")
+		if not (b and n) then
+			b, n = port:match("^(%d+)-(%d+)$")
+		end
+		if b and n then
+			ports[#ports+1] = "usb%u-port%u" %{ tonumber(b), tonumber(n) }
+		end
+	end
+	return ports
+end
+
+function usbport.validate(self, value)
+	return type(value) == "string" and { value } or value
+end
+
+
 for p in nixio.fs.glob("/sys/bus/usb/devices/[0-9]*/manufacturer") do
 	local id = p:match("%d+-%d+")
 	local mf = nixio.fs.readfile("/sys/bus/usb/devices/" .. id .. "/manufacturer") or "?"
@@ -116,4 +144,12 @@ for p in nixio.fs.glob("/sys/bus/usb/devices/[0-9]*/manufacturer") do
 	usbdev:value(id, "%s (%s - %s)" %{ id, mf, pr })
 end
 
+for p in nixio.fs.glob("/sys/bus/usb/devices/*/usb[0-9]*-port[0-9]*") do
+	local bus, port = p:match("usb(%d+)-port(%d+)")
+	if bus and port then
+		usbport:value("usb%u-port%u" %{ tonumber(bus), tonumber(port) },
+		              "Hub %u, Port %u" %{ tonumber(bus), tonumber(port) })
+	end
+end
+
 return m
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_overview.htm b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_overview.htm
index 646d931f37..2512a35b3c 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_overview.htm
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_overview.htm
@@ -164,6 +164,11 @@
 									ifc.ip6addrs[i]
 								);
 						}
+						
+						if (ifc.ip6prefix)
+						{
+							html += String.format('<strong><%:IPv6-PD%>:</strong> %s<br />', ifc.ip6prefix);
+						}
 
 						d.innerHTML = html;
 					}
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_status.htm b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_status.htm
index 8c3b1abcc7..b15dd13f39 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_status.htm
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_network/iface_status.htm
@@ -54,6 +54,11 @@
 								ifc.ip6addrs[i]
 							);
 					}
+					
+					if (ifc.ip6prefix)
+					{
+						html += String.format('<strong><%:IPv6-PD%>:</strong> %s<br />', ifc.ip6prefix);
+					}
 
 					d.innerHTML = html;
 				}
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/connections.htm b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/connections.htm
index 0b2e52e059..b7ebc41451 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/connections.htm
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/connections.htm
@@ -153,7 +153,8 @@
 						{
 							var c  = conn[i];
 
-							if (c.src == '127.0.0.1' && c.dst == '127.0.0.1')
+							if ((c.src == '127.0.0.1' && c.dst == '127.0.0.1')
+							|| (c.src == '::1' && c.dst == '::1'))
 								continue;
 
 							var tr = conn_table.rows[0].parentNode.insertRow(-1);
diff --git a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/index.htm b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/index.htm
index 8976e30cba..206f9ef82a 100644
--- a/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/index.htm
+++ b/package/luci/modules/luci-mod-admin-full/luasrc/view/admin_status/index.htm
@@ -76,12 +76,14 @@
 
 		if wan6 then
 			rv.wan6 = {
-				ip6addr = wan6:ip6addr(),
-				gw6addr = wan6:gw6addr(),
-				dns     = wan6:dns6addrs(),
-				uptime  = wan6:uptime(),
-				ifname  = wan6:ifname(),
-				link    = wan6:adminlink()
+				ip6addr   = wan6:ip6addr(),
+				gw6addr   = wan6:gw6addr(),
+				dns       = wan6:dns6addrs(),
+				ip6prefix = wan6:ip6prefix(),
+				uptime    = wan6:uptime(),
+				proto     = wan6:proto(),
+				ifname    = wan6:ifname(),
+				link      = wan6:adminlink()
 			}
 		end
 
@@ -233,9 +235,34 @@
 			if (ifc6 && ifc6.ifname && ifc6.proto != 'none')
 			{
 				var s = String.format(
-					'<strong><%:Address%>: </strong>%s<br />' +
+					'<strong><%:Type%>: </strong>%s%s<br />',
+						ifc6.proto, (ifc6.ip6prefix) ? '-pd' : ''
+				);
+				
+				if (!ifc6.ip6prefix)
+				{
+					s += String.format(
+						'<strong><%:Address%>: </strong>%s<br />',
+						(ifc6.ip6addr) ? ifc6.ip6addr : '::'
+					);
+				}
+				else
+				{
+					s += String.format(
+						'<strong><%:Prefix Delegated%>: </strong>%s<br />',
+						ifc6.ip6prefix
+					);
+					if (ifc6.ip6addr)
+					{
+						s += String.format(
+							'<strong><%:Address%>: </strong>%s<br />',
+							ifc6.ip6addr
+						);
+					}
+				}
+
+				s += String.format(
 					'<strong><%:Gateway%>: </strong>%s<br />',
-						(ifc6.ip6addr) ? ifc6.ip6addr : '::',
 						(ifc6.gw6addr) ? ifc6.gw6addr : '::'
 				);
 
diff --git a/package/luci/modules/luci-mod-admin-full/src/luci-bwc.c b/package/luci/modules/luci-mod-admin-full/src/luci-bwc.c
index 63668d42b3..8ddd91727a 100644
--- a/package/luci/modules/luci-mod-admin-full/src/luci-bwc.c
+++ b/package/luci/modules/luci-mod-admin-full/src/luci-bwc.c
@@ -521,8 +521,8 @@ static int run_daemon(void)
 				if (strstr(line, "TIME_WAIT"))
 					continue;
 
-				if (strstr(line, "src=127.0.0.1 ") &&
-				    strstr(line, "dst=127.0.0.1 "))
+				if ((strstr(line, "src=127.0.0.1 ") && strstr(line, "dst=127.0.0.1 ")) 
+				|| (strstr(line, "src=::1 ") && strstr(line, "dst=::1 ")))
 					continue;
 
 				if (sscanf(line, "%*s %*d %s", ifname) || sscanf(line, "%s %*d", ifname))
diff --git a/package/luci/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua b/package/luci/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
index 774c6db22b..e585324106 100644
--- a/package/luci/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
+++ b/package/luci/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
@@ -1,4 +1,4 @@
--- Copyright 2016 Dan Luedtke <mail@danrl.com>
+-- Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
 -- Licensed to the public under the Apache License 2.0.
 
 
@@ -34,6 +34,16 @@ listen_port.datatype = "port"
 listen_port.placeholder = "51820"
 listen_port.optional = true
 
+addresses = section:taboption(
+  "general",
+  DynamicList,
+  "addresses",
+  translate("IP Addresses"),
+  translate("Recommended. IP addresses of the WireGuard interface.")
+)
+addresses.datatype = "ipaddr"
+addresses.optional = true
+
 
 -- advanced --------------------------------------------------------------------
 
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index ee31d17b25..0d57340ab9 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2016-11-29
-PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
-PKG_MIRROR_HASH:=6ba6e96a588dd3afd7e9db7e9246c5cc6c560aa95385592960c6b71b5a9c6395
+PKG_SOURCE_DATE:=2017-01-13
+PKG_SOURCE_VERSION:=37cb4cb437fd685f31926a4c326ba8afe329e4a6
+PKG_MIRROR_HASH:=7ee075f05977e5d9a78e661b537e6eb077c8f328ff2e71d1e2fbef44cca97355
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 
diff --git a/package/network/config/ltq-vdsl-app/Makefile b/package/network/config/ltq-vdsl-app/Makefile
new file mode 100644
index 0000000000..1ddb83a0af
--- /dev/null
+++ b/package/network/config/ltq-vdsl-app/Makefile
@@ -0,0 +1,69 @@
+# Copyright (C) 2010 OpenWrt.org
+# Copyright (C) 2015-2016 Lantiq Beteiligungs GmbH & Co KG.
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ltq-vdsl-app
+PKG_VERSION:=4.17.18.6
+PKG_RELEASE:=1
+PKG_BASE_NAME:=dsl_cpe_control
+PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources
+PKG_HASH:=da8bb929526a61aea0e153ef524331fcd472a1ebbc6d88ca017735a4f82ece02
+PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BASE_NAME)-$(PKG_VERSION)
+PKG_LICENSE:=BSD-2-Clause
+
+PKG_BUILD_DEPENDS:=kmod-ltq-vdsl-vr9
+
+PKG_FLAGS:=nonshared
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ltq-vdsl-app
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Lantiq VDSL userland tool
+  URL:=http://www.lantiq.com/
+  DEPENDS:=@TARGET_lantiq_xrx200 +libpthread +librt +atm-esi
+endef
+
+define Package/ltq-vdsl-app/description
+  Userland tool needed to control Lantiq VDSL CPE
+endef
+
+CONFIGURE_ARGS += \
+	--enable-vrx \
+	--enable-vrx-device=vr9 \
+	--enable-driver-include="-I$(STAGING_DIR)/usr/include/drv_vdsl_cpe_api" \
+	--enable-device-driver-include="-I$(STAGING_DIR)/usr/include/vdsl/" \
+	--enable-ifxos \
+	--enable-ifxos-include="-I$(STAGING_DIR)/usr/include/ifxos" \
+	--enable-ifxos-library="-I$(STAGING_DIR)/usr/lib" \
+	--enable-add-appl-cflags="-DMAX_CLI_PIPES=1"  \
+	--enable-debug \
+	--disable-dti \
+	--with-channels-per-line="1" \
+
+#CONFIGURE_ARGS += --enable-model=full
+#CONFIGURE_ARGS += --enable-model=lite
+#CONFIGURE_ARGS += --enable-model=footprint
+CONFIGURE_ARGS += \
+	--enable-model=typical \
+	--enable-dsl-pm-showtime \
+	--disable-dsl-ceoc
+#CONFIGURE_ARGS += --enable-model=debug
+
+define Package/ltq-vdsl-app/install
+	$(INSTALL_DIR) $(1)/etc/init.d $(1)/sbin
+	$(INSTALL_BIN) ./files/dsl_control $(1)/etc/init.d/
+	$(INSTALL_BIN) ./files/vdsl_cpe_control_wrapper $(1)/sbin/
+
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dsl_cpe_control $(1)/sbin/vdsl_cpe_control
+	$(INSTALL_BIN) ./files/dsl_cpe_pipe.sh $(1)/sbin/
+endef
+
+$(eval $(call BuildPackage,ltq-vdsl-app))
diff --git a/package/network/config/ltq-vdsl-app/files/dsl_control b/package/network/config/ltq-vdsl-app/files/dsl_control
new file mode 100644
index 0000000000..5ca1b12eea
--- /dev/null
+++ b/package/network/config/ltq-vdsl-app/files/dsl_control
@@ -0,0 +1,282 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2012 OpenWrt.org
+
+# needs to start before the atm layer which starts at 50
+START=48
+USE_PROCD=1
+
+EXTRA_COMMANDS="status lucistat"
+EXTRA_HELP="	status  Get DSL status information
+	lucistat  Get status information if lua friendly format"
+
+[ -f /lib/functions/lantiq_dsl.sh ] && . /lib/functions/lantiq_dsl.sh
+
+#
+# ITU-T G.997.1 (06/2012) - Section 7.3.1.1.1 (xTU transmission system enabling (XTSE))
+# ITU-T G.997.1 Amendment 2 (04/2013) - Section 2.1 - (Vectoring mode enable (VECTORMODE_ENABLE))
+#
+# G.992.1 Annex A
+# G.992.2 Annex A
+# G.992.3 Annex A / L-US1 / L_US-2 / M
+# G.992.5 Annex A / M
+# G.993.2 Annex A/B/C
+# G.993.5 Annex A/B/C
+xtse_xdsl_a="05_01_04_00_4C_01_04_07"
+
+# G.992.1 Annex B
+# G.992.3 Annex B
+# G.992.5 Annex B
+# G.993.2 Annex A/B/C
+# G.993.5 Annex A/B/C
+xtse_xdsl_b="10_00_10_00_00_04_00_07"
+
+# G.992.1 Annex B
+# G.992.3 Annex B
+# G.992.3 Annex J
+# G.992.5 Annex B
+# G.992.5 Annex J
+# G.993.2 Annex A/B/C
+# G.993.5 Annex A/B/C
+xtse_xdsl_j="10_00_10_40_00_04_01_07"
+
+# G.992.1 Annex B
+xtse_xdsl_bdmt="10_00_00_00_00_00_00_00"
+
+# G.992.3 Annex B
+xtse_xdsl_b2="00_00_10_00_00_00_00_00"
+
+# G.992.5 Annex B
+xtse_xdsl_b2p="00_00_00_00_00_04_00_00"
+
+# ANSI T1.413
+xtse_xdsl_at1="01_00_00_00_00_00_00_00"
+
+# G.992.2 Annex A
+xtse_xdsl_alite="00_01_00_00_00_00_00_00"
+
+# G.992.1 Annex A
+xtse_xdsl_admt="04_00_00_00_00_00_00_00"
+
+# G.992.3 Annex A
+xtse_xdsl_a2="00_00_04_00_00_00_00_00"
+
+# G.992.5 Annex A
+xtse_xdsl_a2p="00_00_00_00_00_01_00_00"
+
+# G.992.3 Annex L
+xtse_xdsl_l="00_00_00_00_0C_00_00_00"
+
+# G.992.3 Annex M
+# G.992.5 Annex M
+xtse_xdsl_m="00_00_00_00_40_00_04_00"
+
+# G.992.3 Annex M
+xtse_xdsl_m2="00_00_00_00_40_00_00_00"
+
+# G.992.5 Annex M
+xtse_xdsl_m2p="00_00_00_00_00_00_04_00"
+
+#
+# ITU-T G.994.1 (06/2012) - Table 2 (Mandatory carrier sets)
+#
+
+# A43
+tone_adsl_a="0x142" # A43C + J43 + A43
+tone_vdsl_a="0x142" # A43C + J43 + A43
+
+# A43 + V43
+tone_adsl_av="0x142" # A43C + J43 + A43
+tone_vdsl_av="0x146" # A43C + J43 + A43 + V43
+
+# B43
+tone_adsl_b="0x81" # B43 + B43c
+tone_vdsl_b="0x1" # B43
+
+# B43 + V43
+tone_adsl_bv="0x81" # B43 + B43c
+tone_vdsl_bv="0x5" # B43 + V43
+
+lowlevel_cfg() {
+	echo "# VRX Low Level Configuration File
+#
+# Parameters must be separated by tabs or spaces.
+# Empty lines and comments will be ignored.
+#
+
+# nFilter
+#
+# NA     = -1
+# OFF    = 0
+# ISDN   = 1
+# POTS   = 2
+# POTS_2 = 3
+# POTS_3 = 4
+#
+#  (dec)
+    -1
+
+# nHsToneGroupMode nHsToneGroup_A       nHsToneGroup_V    nHsToneGroup_AV
+#
+# NA     = -1      NA         = -1      see               see
+# AUTO   = 0       VDSL2_B43  = 0x0001  nHsToneGroup_A    nHsToneGroup_A
+# MANUAL = 1       VDSL2_A43  = 0x0002
+#                  VDSL2_V43  = 0x0004
+#                  VDSL1_V43P = 0x0008
+#                  VDSL1_V43I = 0x0010
+#                  ADSL1_C43  = 0x0020
+#                  ADSL2_J43  = 0x0040
+#                  ADSL2_B43C = 0x0080
+#                  ADSL2_A43C = 0x0100
+#
+#  (dec)           (hex)                (hex)             (hex)
+     1             $1			$2		 0x0
+
+#   nBaseAddr     nIrqNum
+#
+#     (hex)        (dec)
+    0x1e116000      63
+
+# nUtopiaPhyAdr   nUtopiaBusWidth      nPosPhyParity
+#                 default(16b) = 0     NA   = -1
+#                 8-bit        = 1     ODD  = 0
+#                 16-bit       = 2
+#
+#
+#    (hex)            (dec)                (dec)
+      0xFF              0                    0
+
+# bNtrEnable
+#
+#  (dec)
+    0" > /tmp/lowlevel.cfg
+}
+
+service_triggers() {
+	procd_add_reload_trigger network
+}
+
+start_service() {
+	local annex
+	local firmware
+	local tone
+	local tone_adsl
+	local tone_vdsl
+	local xtse
+	local xfer_mode
+	local line_mode
+	local mode
+	local lowlevel
+
+	config_load network
+	config_get tone dsl tone
+	config_get annex dsl annex
+	config_get firmware dsl firmware
+	config_get xfer_mode dsl xfer_mode
+	config_get line_mode dsl line_mode
+
+	eval "xtse=\"\${xtse_xdsl_$annex}\""
+
+	[ -z "${xfer_mode}" ] && xfer_mode=ptm
+
+	case "${xfer_mode}" in
+	atm)
+		LOAD=ltq_atm_vr9
+		UNLOAD=ltq_ptm_vr9
+
+		# in most cases atm is used on top of adsl
+		[ -z "${line_mode}" ] && line_mode=adsl
+		;;
+	*)
+		LOAD=ltq_ptm_vr9
+		UNLOAD=ltq_atm_vr9
+
+		# in most cases ptm is used on top of vdsl
+		[ -z "${line_mode}" ] && line_mode=vdsl
+		;;
+	esac
+
+	case "${line_mode}" in
+	adsl)
+		mode=1
+
+		# mask out VDSL bits when ATM is requested
+		xtse="${xtse%_*}_00"
+		;;
+	*)
+		mode=2
+		;;
+	esac
+
+	if [ -z "${firmware}" ]; then
+		# search for the firmware provided by dsl-vrx200-firmware-xdsl-*
+		if grep -qE "system type.*: (VR9|xRX200)" /proc/cpuinfo; then
+			case "${annex}" in
+			a*|l*|m*)
+				if [ -f "/lib/firmware/lantiq-vrx200-a.bin" ]; then
+					firmware="/lib/firmware/lantiq-vrx200-a.bin"
+				elif [ -f "/tmp/lantiq-vrx200-a.bin" ]; then
+					firmware="/tmp/lantiq-vrx200-a.bin"
+				elif [ -f "/lib/firmware/lantiq-vrx200-b.bin" ] && [ -f "/lib/firmware/lantiq-vrx200-b-to-a.bspatch" ]; then
+					bspatch /lib/firmware/lantiq-vrx200-b.bin \
+						/tmp/lantiq-vrx200-a.bin \
+						/lib/firmware/lantiq-vrx200-b-to-a.bspatch
+					firmware="/tmp/lantiq-vrx200-a.bin"
+				else
+					echo "firmware for annex a not found"
+					return 1
+				fi
+				;;
+			b*|j*)
+				if [ -f "/lib/firmware/lantiq-vrx200-b.bin" ]; then
+					firmware="/lib/firmware/lantiq-vrx200-b.bin"
+				elif [ -f "/tmp/lantiq-vrx200-b.bin" ]; then
+					firmware="/tmp/lantiq-vrx200-b.bin"
+				elif [ -f "/lib/firmware/lantiq-vrx200-a.bin" ] && [ -f "/lib/firmware/lantiq-vrx200-a-to-b.bspatch" ]; then
+					bspatch /lib/firmware/lantiq-vrx200-a.bin \
+						/tmp/lantiq-vrx200-b.bin \
+						/lib/firmware/lantiq-vrx200-a-to-b.bspatch
+					firmware="/tmp/lantiq-vrx200-b.bin"
+				else
+					echo "firmware for annex b not found"
+					return 1
+				fi
+				;;
+			*)
+				echo "annex type not supported use a or b"
+				return 1
+				;;
+			esac
+		fi
+	fi
+
+	[ -z "${firmware}" ] && firmware=/lib/firmware/vdsl.bin
+	[ -f "${firmware}" ] || {
+		echo failed to find $firmware
+		return 1
+	}
+
+	eval "tone_adsl=\"\${tone_adsl_$tone}\""
+	eval "tone_vdsl=\"\${tone_vdsl_$tone}\""
+	[ -n "${tone_adsl}" ] && [ -n "${tone_vdsl}" ] && {
+		lowlevel_cfg "${tone_adsl}" "${tone_vdsl}"
+		lowlevel="-l /tmp/lowlevel.cfg"
+	}
+
+	procd_open_instance
+	procd_set_param command /sbin/vdsl_cpe_control_wrapper \
+			-i$xtse \
+			-n /sbin/dsl_notify.sh \
+			-f ${firmware} \
+			$lowlevel \
+			-M ${mode}
+	procd_append_param env "LOAD=$LOAD" "UNLOAD=$UNLOAD"
+	procd_close_instance
+}
+
+stop_service() {
+	# do not use dsl_cmd to not block when this is locked up by some other proess
+	echo quit > /tmp/pipe/dsl_cpe0_cmd
+	DSL_NOTIFICATION_TYPE="DSL_INTERFACE_STATUS" \
+	DSL_INTERFACE_STATUS="DOWN" \
+		/sbin/dsl_notify.sh
+}
diff --git a/package/network/config/ltq-vdsl-app/files/dsl_cpe_pipe.sh b/package/network/config/ltq-vdsl-app/files/dsl_cpe_pipe.sh
new file mode 100755
index 0000000000..30393b281e
--- /dev/null
+++ b/package/network/config/ltq-vdsl-app/files/dsl_cpe_pipe.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+pipe_no=0
+
+# use specified pipe no
+case "$1" in
+0|1|2)
+pipe_no=$1; shift; ;;
+esac
+
+
+#echo "Call dsl_pipe with $*"
+lock /var/lock/dsl_pipe
+echo $* > /tmp/pipe/dsl_cpe${pipe_no}_cmd
+result=`cat /tmp/pipe/dsl_cpe${pipe_no}_ack`
+lock -u /var/lock/dsl_pipe
+
+echo "$result"
diff --git a/package/network/config/ltq-vdsl-app/files/vdsl_cpe_control_wrapper b/package/network/config/ltq-vdsl-app/files/vdsl_cpe_control_wrapper
new file mode 100644
index 0000000000..cc127f7779
--- /dev/null
+++ b/package/network/config/ltq-vdsl-app/files/vdsl_cpe_control_wrapper
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+for mod in $UNLOAD; do
+	grep -q "$mod " /proc/modules && rmmod "$mod"
+done
+for mod in $LOAD; do
+	grep -q "$mod " /proc/modules || insmod "$mod"
+done
+
+esi $(printf '%012X' $((1+0x$(tr -d : </sys/class/net/eth0/address))))
+exec /sbin/vdsl_cpe_control "$@"
diff --git a/package/network/config/ltq-vdsl-app/patches/100-compat.patch b/package/network/config/ltq-vdsl-app/patches/100-compat.patch
new file mode 100644
index 0000000000..6b738cfe66
--- /dev/null
+++ b/package/network/config/ltq-vdsl-app/patches/100-compat.patch
@@ -0,0 +1,22 @@
+--- a/src/dsl_cpe_init_cfg.c
++++ b/src/dsl_cpe_init_cfg.c
+@@ -38,7 +38,7 @@ DSL_InitData_t gInitCfgData =
+       DSL_DEV_HS_TONE_GROUP_CLEANED, \
+       DSL_DEV_HS_TONE_GROUP_CLEANED, \
+       DSL_DEV_HS_TONE_GROUP_CLEANED, \
+-      0x1E116000, 0x37, -1),
++      0x1E116000, 0x3f, -1),
+    DSL_CPE_SIC_SET(DSL_TC_ATM, DSL_EMF_TC_CLEANED, DSL_EMF_TC_CLEANED, DSL_SYSTEMIF_MII, \
+                    DSL_TC_EFM, DSL_EMF_TC_CLEANED, DSL_EMF_TC_CLEANED, DSL_SYSTEMIF_MII),
+    DSL_CPE_MAC_CFG_SET(DSL_EFM_SPEED_100, DSL_EFM_DUPLEX_FULL, DSL_EFM_FLOWCTRL_ON, DSL_EFM_AUTONEG_OFF, \
+--- a/src/dsl_cpe_control.c
++++ b/src/dsl_cpe_control.c
+@@ -6761,7 +6761,7 @@ DSL_int_t dsl_cpe_daemon (
+    for (nDevice = 0; nDevice < DSL_CPE_MAX_DSL_ENTITIES; nDevice++)
+    {
+ #if defined(INCLUDE_DSL_CPE_API_VRX)
+-      sprintf (device, "%s/%d", DSL_CPE_DEVICE_NAME, nDevice);
++      sprintf (device, "%s%d", DSL_CPE_DEVICE_NAME, nDevice);
+ #else
+       sprintf (device, "%s", DSL_CPE_DEVICE_NAME);
+ #endif /* defined(INCLUDE_DSL_CPE_API_VRX)*/
diff --git a/package/network/config/ltq-vdsl-app/patches/101-musl.patch b/package/network/config/ltq-vdsl-app/patches/101-musl.patch
new file mode 100644
index 0000000000..d66045db61
--- /dev/null
+++ b/package/network/config/ltq-vdsl-app/patches/101-musl.patch
@@ -0,0 +1,10 @@
+--- a/src/dsl_cpe_control.c
++++ b/src/dsl_cpe_control.c
+@@ -11,6 +11,7 @@
+ /*
+ Includes
+ */
++#include <limits.h>
+ #include "dsl_cpe_control.h"
+ #include "dsl_cpe_cli.h"
+ #include "dsl_cpe_cli_console.h"
diff --git a/package/network/config/ltq-vdsl-app/patches/200-autoboot.patch b/package/network/config/ltq-vdsl-app/patches/200-autoboot.patch
new file mode 100644
index 0000000000..5b882bf30f
--- /dev/null
+++ b/package/network/config/ltq-vdsl-app/patches/200-autoboot.patch
@@ -0,0 +1,11 @@
+--- a/src/dsl_cpe_init_cfg.c
++++ b/src/dsl_cpe_init_cfg.c
+@@ -27,7 +27,7 @@ DSL_InitData_t gInitCfgData =
+    DSL_CPE_FW2_SET(DSL_NULL, 0x0),
+    DSL_CPE_XTU_SET(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7),
+    DSL_CPE_LINE_INV_NE_SET(DSL_NULL),
+-   DSL_CPE_AUTOBOOT_CTRL_SET(DSL_AUTOBOOT_CTRL_STOP),
++   DSL_CPE_AUTOBOOT_CTRL_SET(DSL_AUTOBOOT_CTRL_START),
+    DSL_CPE_AUTOBOOT_CFG_SET(DSL_FALSE, DSL_FALSE, DSL_FALSE),
+    DSL_CPE_TEST_MODE_CTRL_SET(DSL_TESTMODE_DISABLE),
+    DSL_CPE_LINE_ACTIVATE_CTRL_SET(DSL_G997_INHIBIT_LDSF, DSL_G997_INHIBIT_ACSF, DSL_G997_NORMAL_STARTUP),
diff --git a/package/network/config/netifd/Makefile b/package/network/config/netifd/Makefile
index c0a354b881..fb03586401 100644
--- a/package/network/config/netifd/Makefile
+++ b/package/network/config/netifd/Makefile
@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/netifd.git
-PKG_SOURCE_DATE:=2016-12-23
-PKG_SOURCE_VERSION:=64a655d8ffa9f0cea1bbdd35cac6b3b99b865270
-PKG_MIRROR_HASH:=1fa244a10f6d12d8bad2e60c054c0542d6f9ebe1cde319085f02289e8676612a
+PKG_SOURCE_DATE:=2017-01-25
+PKG_SOURCE_VERSION:=650758b16e5185505a3fbc1307949340af70b611
+PKG_MIRROR_HASH:=d09c740bc1bf6269678bd75c9af52ecd4be3d1d59402a543ceb9d4459cecfa2b
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 PKG_LICENSE:=GPL-2.0
diff --git a/package/network/config/netifd/files/etc/init.d/network b/package/network/config/netifd/files/etc/init.d/network
index bdadbbce6d..a825dfd31f 100755
--- a/package/network/config/netifd/files/etc/init.d/network
+++ b/package/network/config/netifd/files/etc/init.d/network
@@ -31,9 +31,10 @@ reload_service() {
 	/sbin/wifi reload_legacy
 }
 
-stop() {
+stop_service() {
 	/sbin/wifi down
-	procd_kill network ''
+	ifdown -a
+	sleep 1
 }
 
 service_running() {
@@ -137,14 +138,6 @@ service_triggers()
 	procd_close_validate
 }
 
-restart() {
-	ifdown -a
-	sleep 1
-	trap '' TERM
-	stop "$@"
-	start "$@"
-}
-
 shutdown() {
 	ifdown -a
 	sleep 1
diff --git a/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh b/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh
index 285617c0d7..9ce4eb41ef 100755
--- a/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh
+++ b/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh
@@ -347,7 +347,6 @@ tc filter add dev $device parent ffff: prio 1 u32 match u32 0 0 flowid 1:1 actio
 	fi
 	add_insmod cls_fw
 	add_insmod sch_hfsc
-	add_insmod sch_fq_codel
 
 	cat <<EOF
 ${INSMOD:+$INSMOD$N}${dev_up:+$dev_up
@@ -466,7 +465,7 @@ EOF
 
 start_firewall() {
 	add_insmod xt_multiport
-	add_insmod xt_CONNMARK
+	add_insmod xt_connmark
 	stop_firewall
 	for group in $CG; do
 		start_cg $group
diff --git a/package/network/config/swconfig/src/uci.c b/package/network/config/swconfig/src/uci.c
index b541b71646..bf76bd3de1 100644
--- a/package/network/config/swconfig/src/uci.c
+++ b/package/network/config/swconfig/src/uci.c
@@ -165,7 +165,7 @@ found:
 		s = uci_to_section(e);
 
 		if (!strcmp(s->type, "switch_port")) {
-			char *devn, *port, *port_err = NULL;
+			char *devn = NULL, *port = NULL, *port_err = NULL;
 			int port_n;
 
 			uci_foreach_element(&s->options, os) {
@@ -190,7 +190,7 @@ found:
 
 			swlib_map_settings(dev, SWLIB_ATTR_GROUP_PORT, port_n, s);
 		} else if (!strcmp(s->type, "switch_vlan")) {
-			char *devn, *vlan, *vlan_err = NULL;
+			char *devn = NULL, *vlan = NULL, *vlan_err = NULL;
 			int vlan_n;
 
 			uci_foreach_element(&s->options, os) {
diff --git a/package/network/ipv6/6in4/files/6in4.sh b/package/network/ipv6/6in4/files/6in4.sh
index 45d8ab75ad..786f37fc14 100755
--- a/package/network/ipv6/6in4/files/6in4.sh
+++ b/package/network/ipv6/6in4/files/6in4.sh
@@ -84,7 +84,7 @@ proto_6in4_setup() {
 		local http="http"
 		local urlget="uclient-fetch"
 		local urlget_opts="-qO-"
-		local ca_path="${SSL_CERT_DIR-/etc/ssl/certs}"
+		local ca_path="${SSL_CERT_DIR:-/etc/ssl/certs}"
 
 		[ -f /lib/libustream-ssl.so ] && http=https
 		[ "$http" = "https" -a -z "$(find $ca_path -name "*.0" 2>/dev/null)" ] && {
diff --git a/package/network/ipv6/map/Makefile b/package/network/ipv6/map/Makefile
index 8cc1afeda1..fd8291d683 100644
--- a/package/network/ipv6/map/Makefile
+++ b/package/network/ipv6/map/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map
 PKG_VERSION:=4
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
@@ -20,7 +20,7 @@ define Package/map
   CATEGORY:=Network
   DEPENDS:=@IPV6 +kmod-ip6-tunnel +libubox +libubus +iptables-mod-conntrack-extra
   TITLE:=MAP-E and Lightweight 4over6 configuration support
-  MAINTAINER:=Steven Barth <steven@midlink.org>
+  MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 endef
 
 define Package/map/description
diff --git a/package/network/ipv6/map/files/map.sh b/package/network/ipv6/map/files/map.sh
index 98a493dd57..fe872828c3 100755
--- a/package/network/ipv6/map/files/map.sh
+++ b/package/network/ipv6/map/files/map.sh
@@ -192,7 +192,17 @@ proto_map_setup() {
 
 proto_map_teardown() {
 	local cfg="$1"
-	ifdown "${cfg}_"
+	local link="map-$cfg"
+
+	json_get_var type type
+
+	[ -z "$type" ] && type="map-e"
+
+	case "$type" in
+		"map-e"|"lw4o6") ifdown "${cfg}_" ;;
+		"map-t") [ -f "/proc/net/nat46/control" ] && echo del $link > /proc/net/nat46/control ;;
+	esac
+
 	rm -f /tmp/map-$cfg.rules
 }
 
diff --git a/package/network/ipv6/odhcp6c/Makefile b/package/network/ipv6/odhcp6c/Makefile
index 60602f5554..0ed9b581f5 100644
--- a/package/network/ipv6/odhcp6c/Makefile
+++ b/package/network/ipv6/odhcp6c/Makefile
@@ -10,12 +10,12 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=odhcp6c
 PKG_RELEASE:=1
 
-PKG_SOURCE_URL:=git://git.lede-project.org/project/odhcp6c.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2017-01-07
-PKG_SOURCE_VERSION:=d420f49396c627ce1072b83170889baf0720bc8b
-PKG_MIRROR_HASH:=a7c599b5600b6cca9aec221dd32fc7754e0e942b0192bd902f1e789f53345127
-PKG_MAINTAINER:=Steven Barth <steven@midlink.org>
+PKG_SOURCE_URL:=$(LEDE_GIT)/project/odhcp6c.git
+PKG_SOURCE_DATE:=2017-01-30
+PKG_SOURCE_VERSION:=c13b6a05dbd9174356cc4b7fd1edf39445efd982
+PKG_MIRROR_HASH:=001e58f1ab6eb8903d9e47060ae037a2e4f021f1fef5032347b767f56f4664f6
+PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 98333850af..bbcda9afb7 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.76
-PKG_RELEASE:=7
+PKG_RELEASE:=6
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 87332a9081..46607dfe25 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -8,7 +8,6 @@ PROG=/usr/sbin/dnsmasq
 
 ADD_LOCAL_DOMAIN=1
 ADD_LOCAL_HOSTNAME=1
-ADD_WAN_HOSTNAME=0
 
 BASECONFIGFILE="/var/etc/dnsmasq.conf"
 BASEHOSTFILE="/tmp/hosts/dhcp"
@@ -294,26 +293,6 @@ dhcp_host_add() {
 	xappend "--dhcp-host=$macs${duid:+,id:$duid}${networkid:+,net:$networkid}${broadcast:+,set:needs-broadcast}${tag:+,set:$tag}${ip:+,$ip${hostid:+,[::$hostid]}}${name:+,$name}${leasetime:+,$leasetime}"
 }
 
-dhcp_this_host_add() {
-	# TODO: case-in do/not short-host or FQDN; UCI already intended ...
-	local ifname="$1"
-	local do_enable="$2"
-	local routerstub routername ifdashname
-
-
-	if [ "$do_enable" -gt 0 ] ; then
-		# All IP addresses discovered by dnsmasq will be labeled robustly (except fe80::)
-		ifdashname="${ifname//./-}"
-		routerstub="$( md5sum /etc/os-release )"
-		routerstub="router-${routerstub// */}"
-		routername="$( uci_get system @system[0] hostname $routerstub )"
-
-		xappend "--interface-name=$ifdashname.$routername.$DOMAIN,$ifname"
-		xappend "--interface-name=$routername.$DOMAIN,$ifname"
-		xappend "--interface-name=$routername,$ifname"
-	fi
-}
-
 dhcp_tag_add() {
 	local cfg="$1"
 
@@ -384,11 +363,7 @@ dhcp_add() {
 		DNS_SERVERS="$DNS_SERVERS $dnsserver"
 	}
 
-	append_bool "$cfg" ignore "--no-dhcp-interface=$ifname" && {
-		# Many ISP do not have useful names for DHCP customers (your WAN).
-		dhcp_this_host_add $ifname $ADD_WAN_HOSTNAME
-		return 0
-	}
+	append_bool "$cfg" ignore "--no-dhcp-interface=$ifname" && return 0
 
 	# Do not support non-static interfaces for now
 	[ static = "$proto" ] || return 0
@@ -406,9 +381,6 @@ dhcp_add() {
 	config_get options "$cfg" options
 	config_get_bool dynamicdhcp "$cfg" dynamicdhcp 1
 
-	# Put the router host name on this DHCP served interface address(es)
-	dhcp_this_host_add $ifname $ADD_LOCAL_HOSTNAME
-
 	leasetime="${leasetime:-12h}"
 	start="$(dhcp_calc "${start:-100}")"
 	limit="${limit:-150}"
@@ -633,7 +605,6 @@ dnsmasq_start()
 
 	config_get_bool ADD_LOCAL_DOMAIN "$cfg" add_local_domain 1
 	config_get_bool ADD_LOCAL_HOSTNAME "$cfg" add_local_hostname 1
-	config_get_bool ADD_WAN_HOSTNAME "$cfg" add_wan_hostname 0
 
 	config_get_bool readethers "$cfg" readethers
 	[ "$readethers" = "1" -a \! -e "/etc/ethers" ] && touch /etc/ethers
@@ -731,6 +702,27 @@ dnsmasq_start()
 	config_foreach filter_dnsmasq hostrecord dhcp_hostrecord_add "$cfg"
 	config_foreach filter_dnsmasq relay dhcp_relay_add "$cfg"
 
+	# add own hostname
+	[ $ADD_LOCAL_HOSTNAME -eq 1 ] && {
+		local lanaddr lanaddr6
+		local ulaprefix="$(uci_get network @globals[0] ula_prefix)"
+		local hostname="$(uci_get system @system[0] hostname Lede)"
+
+		network_get_ipaddr lanaddr "lan" && {
+			dhcp_domain_add "" "$hostname" "$lanaddr"
+		}
+
+		[ -n "$ulaprefix" ] && network_get_ipaddrs6 lanaddr6 "lan" && {
+			for lanaddr6 in $lanaddr6; do
+				case "$lanaddr6" in
+					"${ulaprefix%%:/*}"*)
+						dhcp_domain_add "" "$hostname" "$lanaddr6"
+					;;
+				esac
+			done
+		}
+	}
+
 	echo >> $CONFIGFILE_TMP
 	config_foreach filter_dnsmasq srvhost dhcp_srv_add "$cfg"
 	config_foreach filter_dnsmasq mxhost dhcp_mx_add "$cfg"
diff --git a/package/network/services/dnsmasq/files/dnsmasqsec.hotplug b/package/network/services/dnsmasq/files/dnsmasqsec.hotplug
index 5c69314bd9..a155eb0f6e 100644
--- a/package/network/services/dnsmasq/files/dnsmasqsec.hotplug
+++ b/package/network/services/dnsmasq/files/dnsmasqsec.hotplug
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /lib/functions/procd.sh
+
 TIMEVALIDFILE="/var/state/dnsmasqsec"
 
 [ "$ACTION" = stratum ] || exit 0
@@ -7,8 +9,6 @@ TIMEVALIDFILE="/var/state/dnsmasqsec"
 [ -f "$TIMEVALIDFILE" ] || {
 	echo "ntpd says time is valid" >$TIMEVALIDFILE
 	/etc/init.d/dnsmasq enabled && {
-		pid=$(pidof dnsmasq)
-		[ "$(readlink /proc/$pid/exe)" = "/usr/sbin/dnsmasq" ] && kill -SIGHUP $pid \
-		|| /etc/init.d/dnsmasq restart
+		procd_send_signal dnsmasq
 	}
 }
diff --git a/package/network/services/dnsmasq/patches/000-fix-servfail-handling.patch b/package/network/services/dnsmasq/patches/000-fix-servfail-handling.patch
new file mode 100644
index 0000000000..e311c34729
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/000-fix-servfail-handling.patch
@@ -0,0 +1,130 @@
+From 68f6312d4bae30b78daafcd6f51dc441b8685b1e Mon Sep 17 00:00:00 2001
+From: Baptiste Jonglez <git@bitsofnetworks.org>
+Date: Mon, 6 Feb 2017 21:09:11 +0000
+Subject: [PATCH] Stop treating SERVFAIL as a successful response from upstream
+ servers.
+
+This effectively reverts most of 51967f9807 ("SERVFAIL is an expected
+error return, don't try all servers.") and 4ace25c5d6 ("Treat REFUSED (not
+SERVFAIL) as an unsuccessful upstream response").
+
+With the current behaviour, as soon as dnsmasq receives a SERVFAIL from an
+upstream server, it stops trying to resolve the query and simply returns
+SERVFAIL to the client.  With this commit, dnsmasq will instead try to
+query other upstream servers upon receiving a SERVFAIL response.
+
+According to RFC 1034 and 1035, the semantic of SERVFAIL is that of a
+temporary error condition.  Recursive resolvers are expected to encounter
+network or resources issues from time to time, and will respond with
+SERVFAIL in this case.  Similarly, if a validating DNSSEC resolver [RFC
+4033] encounters issues when checking signatures (unknown signing
+algorithm, missing signatures, expired signatures because of a wrong
+system clock, etc), it will respond with SERVFAIL.
+
+Note that all those behaviours are entirely different from a negative
+response, which would provide a definite indication that the requested
+name does not exist.  In our case, if an upstream server responds with
+SERVFAIL, another upstream server may well provide a positive answer for
+the same query.
+
+Thus, this commit will increase robustness whenever some upstream servers
+encounter temporary issues or are misconfigured.
+
+Quoting RFC 1034, Section 4.3.1. "Queries and responses":
+
+    If recursive service is requested and available, the recursive response
+    to a query will be one of the following:
+
+       - The answer to the query, possibly preface by one or more CNAME
+         RRs that specify aliases encountered on the way to an answer.
+
+       - A name error indicating that the name does not exist.  This
+         may include CNAME RRs that indicate that the original query
+	  name was an alias for a name which does not exist.
+
+       - A temporary error indication.
+
+Here is Section 5.2.3. of RFC 1034, "Temporary failures":
+
+    In a less than perfect world, all resolvers will occasionally be unable
+    to resolve a particular request.  This condition can be caused by a
+    resolver which becomes separated from the rest of the network due to a
+    link failure or gateway problem, or less often by coincident failure or
+    unavailability of all servers for a particular domain.
+
+And finally, RFC 1035 specifies RRCODE 2 for this usage, which is now more
+widely known as SERVFAIL (RFC 1035, Section 4.1.1. "Header section format"):
+
+    RCODE           Response code - this 4 bit field is set as part of
+                    responses.  The values have the following
+                    interpretation:
+                    (...)
+
+                    2               Server failure - The name server was
+                                    unable to process this query due to a
+                                    problem with the name server.
+
+For the DNSSEC-related usage of SERVFAIL, here is RFC 4033
+Section 5. "Scope of the DNSSEC Document Set and Last Hop Issues":
+
+    A validating resolver can determine the following 4 states:
+    (...)
+
+    Insecure: The validating resolver has a trust anchor, a chain of
+       trust, and, at some delegation point, signed proof of the
+       non-existence of a DS record.  This indicates that subsequent
+       branches in the tree are provably insecure.  A validating resolver
+       may have a local policy to mark parts of the domain space as
+       insecure.
+
+    Bogus: The validating resolver has a trust anchor and a secure
+       delegation indicating that subsidiary data is signed, but the
+       response fails to validate for some reason: missing signatures,
+       expired signatures, signatures with unsupported algorithms, data
+       missing that the relevant NSEC RR says should be present, and so
+       forth.
+    (...)
+
+    This specification only defines how security-aware name servers can
+    signal non-validating stub resolvers that data was found to be bogus
+    (using RCODE=2, "Server Failure"; see [RFC4035]).
+
+Notice the difference between a definite negative answer ("Insecure"
+state), and an indefinite error condition ("Bogus" state).  The second
+type of error may be specific to a recursive resolver, for instance
+because its system clock has been incorrectly set, or because it does not
+implement newer cryptographic primitives.  Another recursive resolver may
+succeed for the same query.
+
+There are other similar situations in which the specified behaviour is
+similar to the one implemented by this commit.
+
+For instance, RFC 2136 specifies the behaviour of a "requestor" that wants
+to update a zone using the DNS UPDATE mechanism.  The requestor tries to
+contact all authoritative name servers for the zone, with the following
+behaviour specified in RFC 2136, Section 4:
+
+    4.6. If a response is received whose RCODE is SERVFAIL or NOTIMP, or
+    if no response is received within an implementation dependent timeout
+    period, or if an ICMP error is received indicating that the server's
+    port is unreachable, then the requestor will delete the unusable
+    server from its internal name server list and try the next one,
+    repeating until the name server list is empty.  If the requestor runs
+    out of servers to try, an appropriate error will be returned to the
+    requestor's caller.
+---
+ src/forward.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -853,7 +853,8 @@ void reply_query(int fd, int family, tim
+      we get a good reply from another server. Kill it when we've
+      had replies from all to avoid filling the forwarding table when
+      everything is broken */
+-  if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED)
++  if (forward->forwardall == 0 || --forward->forwardall == 1 ||
++      (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
+     {
+       int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
+ 
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index e6bae9f21f..5e518dabd4 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dropbear
 PKG_VERSION:=2016.74
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch
index f16aaf001e..b49a95ce93 100644
--- a/package/network/services/dropbear/patches/120-openwrt_options.patch
+++ b/package/network/services/dropbear/patches/120-openwrt_options.patch
@@ -44,10 +44,9 @@
   * which are not the standard form. */
  #define DROPBEAR_SHA1_HMAC
 -#define DROPBEAR_SHA1_96_HMAC
--#define DROPBEAR_SHA2_256_HMAC
--#define DROPBEAR_SHA2_512_HMAC
 +/*#define DROPBEAR_SHA1_96_HMAC*/
-+/*#define DROPBEAR_SHA2_256_HMAC*/
+ #define DROPBEAR_SHA2_256_HMAC
+-#define DROPBEAR_SHA2_512_HMAC
 +/*#define DROPBEAR_SHA2_512_HMAC*/
  #define DROPBEAR_MD5_HMAC
  
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 207dfecebe..f3aa94b6ea 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
@@ -242,7 +242,7 @@ define Package/eapol-test
   SECTION:=net
   CATEGORY:=Network
   VARIANT:=supplicant-full
-  DEPENDS:=$(DRV_DEPENDS)
+  DEPENDS:=$(DRV_DEPENDS) +WPA_SUPPLICANT_OPENSSL:libopenssl
 endef
 
 
@@ -318,19 +318,19 @@ define Build/Compile/wpad
 endef
 
 define Build/Compile/hostapd
-	$(call Build/RunMake,hostapd, \
+	+$(call Build/RunMake,hostapd, \
 		hostapd hostapd_cli \
 	)
 endef
 
 define Build/Compile/supplicant
-	$(call Build/RunMake,wpa_supplicant, \
+	+$(call Build/RunMake,wpa_supplicant, \
 		wpa_cli wpa_supplicant \
 	)
 endef
 
 define Build/Compile/supplicant-full
-	$(call Build/RunMake,wpa_supplicant, \
+	+$(call Build/RunMake,wpa_supplicant, \
 		eapol_test \
 	)
 endef
@@ -350,7 +350,7 @@ endef
 
 define Package/hostapd-common/install
 	$(INSTALL_DIR) $(1)/lib/netifd
-	$(INSTALL_DATA) ./files/netifd.sh $(1)/lib/netifd/hostapd.sh
+	$(INSTALL_DATA) ./files/hostapd.sh $(1)/lib/netifd/hostapd.sh
 endef
 
 define Package/hostapd/install
diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
index e388109fbb..4a2e87c2eb 100644
--- a/package/network/services/hostapd/files/hostapd-full.config
+++ b/package/network/services/hostapd/files/hostapd-full.config
@@ -146,6 +146,9 @@ CONFIG_IEEE80211AC=y
 # code is not needed.
 #CONFIG_NO_STDOUT_DEBUG=y
 
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+
 # Remove support for RADIUS accounting
 #CONFIG_NO_ACCOUNTING=y
 
diff --git a/package/network/services/hostapd/files/hostapd-mini.config b/package/network/services/hostapd/files/hostapd-mini.config
index 8baff18fe4..2bd7d239c5 100644
--- a/package/network/services/hostapd/files/hostapd-mini.config
+++ b/package/network/services/hostapd/files/hostapd-mini.config
@@ -142,6 +142,9 @@ CONFIG_IEEE80211AC=y
 # code is not needed.
 #CONFIG_NO_STDOUT_DEBUG=y
 
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+
 # Remove support for RADIUS accounting
 CONFIG_NO_ACCOUNTING=y
 
diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/hostapd.sh
similarity index 97%
rename from package/network/services/hostapd/files/netifd.sh
rename to package/network/services/hostapd/files/hostapd.sh
index fb23e52e67..988ebc7757 100644
--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -40,8 +40,8 @@ hostapd_append_wpa_key_mgmt() {
 	local auth_type="$(echo $auth_type | tr 'a-z' 'A-Z')"
 
 	append wpa_key_mgmt "WPA-$auth_type"
-	[ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type}"
-	[ "$ieee80211w" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type}-SHA256"
+	[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type}"
+	[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type}-SHA256"
 }
 
 hostapd_add_log_config() {
@@ -158,6 +158,7 @@ hostapd_common_add_bss_config() {
 	config_add_string wpa_psk_file
 
 	config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1
+	config_add_int wps_ap_setup_locked wps_independent
 	config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
 
 	config_add_boolean ieee80211r pmk_r1_push
@@ -191,8 +192,8 @@ hostapd_set_bss_options() {
 	json_get_vars \
 		wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
 		maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
-		wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \
-		wps_device_type wps_device_name wps_manufacturer wps_pin \
+		wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \
+		wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \
 		macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
 		iapp_interface eapol_version acct_server acct_secret acct_port \
 		dynamic_vlan ieee80211w
@@ -328,6 +329,7 @@ hostapd_set_bss_options() {
 		set_default wps_device_type "6-0050F204-1"
 		set_default wps_device_name "Lede AP"
 		set_default wps_manufacturer "www.lede-project.org"
+		set_default wps_independent 1
 
 		wps_state=2
 		[ -n "$wps_configured" ] && wps_state=1
@@ -337,11 +339,12 @@ hostapd_set_bss_options() {
 		append bss_conf "eap_server=1" "$N"
 		[ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N"
 		append bss_conf "wps_state=$wps_state" "$N"
-		append bss_conf "ap_setup_locked=0" "$N"
 		append bss_conf "device_type=$wps_device_type" "$N"
 		append bss_conf "device_name=$wps_device_name" "$N"
 		append bss_conf "manufacturer=$wps_manufacturer" "$N"
 		append bss_conf "config_methods=$config_methods" "$N"
+		append bss_conf "wps_independent=$wps_independent" "$N"
+		[ -n "$wps_ap_setup_locked" ] && append bss_conf "ap_setup_locked=$wps_ap_setup_locked" "$N"
 		[ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1" "$N"
 	}
 
diff --git a/package/network/services/hostapd/patches/001-Fix-race-condition-between-AssocResp-callback-and-4a.patch b/package/network/services/hostapd/patches/001-Fix-race-condition-between-AssocResp-callback-and-4a.patch
new file mode 100644
index 0000000000..bf54e9df32
--- /dev/null
+++ b/package/network/services/hostapd/patches/001-Fix-race-condition-between-AssocResp-callback-and-4a.patch
@@ -0,0 +1,83 @@
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 20 Dec 2016 01:30:09 +0200
+Subject: [PATCH] Fix race condition between AssocResp callback and 4addr event
+
+It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME
+event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS
+event for (Re)Association Response frame. This resulted in the 4-address
+WDS mode not getting enabled for a STA. This could occur in particular
+when operating under heavy load and the STA is reconnecting to the same
+AP in a sequence where Deauthentication frame is followed immediately by
+Authentication frame and the driver event processing gets delayed due to
+removal of the previous netdev taking time in the middle of this
+sequence.
+
+Fix this by recording a pending item for 4-address WDS enabling if the
+NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to
+incompleted association and then process this pending item if the TX
+status for the (Re)Association Response frame is received and it shows
+that the frame was acknowledged.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -2634,6 +2634,8 @@ static void handle_assoc(struct hostapd_
+ 	taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
+ #endif /* CONFIG_TAXONOMY */
+ 
++	sta->pending_wds_enable = 0;
++
+  fail:
+ 	/*
+ 	 * In case of a successful response, add the station to the driver.
+@@ -3248,6 +3250,14 @@ static void handle_assoc_cb(struct hosta
+ 
+ 	hostapd_set_sta_flags(hapd, sta);
+ 
++	if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
++		wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
++			   MACSTR " based on pending request",
++			   MAC2STR(sta->addr));
++		sta->pending_wds_enable = 0;
++		sta->flags |= WLAN_STA_WDS;
++	}
++
+ 	if (sta->flags & WLAN_STA_WDS) {
+ 		int ret;
+ 		char ifname_wds[IFNAMSIZ + 1];
+@@ -3512,10 +3522,22 @@ void ieee802_11_rx_from_unknown(struct h
+ 	struct sta_info *sta;
+ 
+ 	sta = ap_get_sta(hapd, src);
+-	if (sta && (sta->flags & WLAN_STA_ASSOC)) {
++	if (sta &&
++	    ((sta->flags & WLAN_STA_ASSOC) ||
++	     ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
+ 		if (!hapd->conf->wds_sta)
+ 			return;
+ 
++		if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
++		    WLAN_STA_ASSOC_REQ_OK) {
++			wpa_printf(MSG_DEBUG,
++				   "Postpone 4-address WDS mode enabling for STA "
++				   MACSTR " since TX status for AssocResp is not yet known",
++				   MAC2STR(sta->addr));
++			sta->pending_wds_enable = 1;
++			return;
++		}
++
+ 		if (wds && !(sta->flags & WLAN_STA_WDS)) {
+ 			int ret;
+ 			char ifname_wds[IFNAMSIZ + 1];
+--- a/src/ap/sta_info.h
++++ b/src/ap/sta_info.h
+@@ -115,6 +115,7 @@ struct sta_info {
+ 	unsigned int radius_das_match:1;
+ 	unsigned int ecsa_supported:1;
+ 	unsigned int added_unassoc:1;
++	unsigned int pending_wds_enable:1;
+ 
+ 	u16 auth_alg;
+ 
diff --git a/package/network/services/hostapd/patches/002-Fix-duplicate-Reassociation-Request-frame-dropping.patch b/package/network/services/hostapd/patches/002-Fix-duplicate-Reassociation-Request-frame-dropping.patch
new file mode 100644
index 0000000000..6db1e9b34b
--- /dev/null
+++ b/package/network/services/hostapd/patches/002-Fix-duplicate-Reassociation-Request-frame-dropping.patch
@@ -0,0 +1,36 @@
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Sat, 14 Jan 2017 01:04:31 +0200
+Subject: [PATCH] Fix duplicate Reassociation Request frame dropping
+
+Relational operators (==) have higher precedence than the ternary
+conditional in C. The last_subtype check for association/reassociation
+was broken due to incorrect assumption about the precedence. Fix this by
+adding parenthesis around the ternary conditional.
+
+The previous implementation worked for Association Request frames by
+accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when
+the last receive frame was an Association Request frame, the
+sta->last_subtype == reassoc check was true and non-zero
+WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was
+broken for Reassociation Request frame. reassoc == 1 in that case could
+have matched received Association Response frame (subtype == 1), but
+those are not received in AP mode and as such, this did not break other
+behavior apart from not being able to drop duplicated Reassociation
+Request frames.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -2485,8 +2485,8 @@ static void handle_assoc(struct hostapd_
+ 	if ((fc & WLAN_FC_RETRY) &&
+ 	    sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
+ 	    sta->last_seq_ctrl == seq_ctrl &&
+-	    sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
+-	    WLAN_FC_STYPE_ASSOC_REQ) {
++	    sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
++				  WLAN_FC_STYPE_ASSOC_REQ)) {
+ 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+ 			       HOSTAPD_LEVEL_DEBUG,
+ 			       "Drop repeated association frame seq_ctrl=0x%x",
diff --git a/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch b/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch
new file mode 100644
index 0000000000..0a3c27f89e
--- /dev/null
+++ b/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch
@@ -0,0 +1,40 @@
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 14 Jan 2017 13:56:18 +0200
+Subject: [PATCH] RSN IBSS: Fix TK clearing on Authentication frame RX
+
+When wpa_supplicant was processing a received Authentication frame (seq
+1) from a peer STA for which there was already a TK configured to the
+driver, debug log claimed that the PTK gets cleared, but the actual
+call to clear the key was actually dropped due to AUTH vs. SUPP set_key
+selection. Fix this by explicitly clearing the TK in case it was set
+and an Authentication frame (seq 1) is received.
+
+This fixes some cases where EAPOL-Key frames were sent encrypted using
+the old key when a peer STA restarted itself and lost the key and had to
+re-join the IBSS. Previously, that state required timing out the 4-way
+handshake and Deauthentication frame exchange to recover.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+
+--- a/wpa_supplicant/ibss_rsn.c
++++ b/wpa_supplicant/ibss_rsn.c
+@@ -838,6 +838,18 @@ static void ibss_rsn_handle_auth_1_of_2(
+ 		   MAC2STR(addr));
+ 
+ 	if (peer &&
++	    peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP |
++					   IBSS_RSN_SET_PTK_AUTH)) {
++		/* Clear the TK for this pair to allow recovery from the case
++		 * where the peer STA has restarted and lost its key while we
++		 * still have a pairwise key configured. */
++		wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer "
++			   MACSTR, MAC2STR(addr));
++		wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0,
++				NULL, 0, NULL, 0);
++	}
++
++	if (peer &&
+ 	    peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
+ 		if (peer->own_auth_tx.sec) {
+ 			struct os_reltime now, diff;
diff --git a/package/network/services/hostapd/patches/004-hostapd-Add-possibility-to-send-debug-messages-to-sy.patch b/package/network/services/hostapd/patches/004-hostapd-Add-possibility-to-send-debug-messages-to-sy.patch
new file mode 100644
index 0000000000..3417b5ac3c
--- /dev/null
+++ b/package/network/services/hostapd/patches/004-hostapd-Add-possibility-to-send-debug-messages-to-sy.patch
@@ -0,0 +1,145 @@
+From cc3dae85bd694506cdea66ae532d452fb8716297 Mon Sep 17 00:00:00 2001
+From: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
+Date: Mon, 23 Jan 2017 13:55:04 +0100
+Subject: [PATCH] hostapd: Add possibility to send debug messages to syslog
+
+We can only send module specific messages to syslog and not debug
+messages printed with wpa_printf. Add an extra command line parameter
+'-s' to allow it. The feature is enabled with compile flag
+CONFIG_DEBUG_SYSLOG as for wpa_supplicant and behaves in the same manner
+as the wpa_supplicant -s command line argument.
+
+Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
+---
+ hostapd/Android.mk    |  4 ++++
+ hostapd/Makefile      |  4 ++++
+ hostapd/defconfig     |  3 +++
+ hostapd/main.c        | 19 ++++++++++++++++++-
+ src/utils/wpa_debug.c |  2 +-
+ src/utils/wpa_debug.h |  3 +++
+ 6 files changed, 33 insertions(+), 2 deletions(-)
+
+--- a/hostapd/Android.mk
++++ b/hostapd/Android.mk
+@@ -952,6 +952,10 @@ ifdef CONFIG_NO_STDOUT_DEBUG
+ L_CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
+ endif
+ 
++ifdef CONFIG_DEBUG_SYSLOG
++L_CFLAGS += -DCONFIG_DEBUG_SYSLOG
++endif
++
+ ifdef CONFIG_DEBUG_LINUX_TRACING
+ L_CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING
+ endif
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -997,6 +997,10 @@ ifdef CONFIG_NO_STDOUT_DEBUG
+ CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
+ endif
+ 
++ifdef CONFIG_DEBUG_SYSLOG
++CFLAGS += -DCONFIG_DEBUG_SYSLOG
++endif
++
+ ifdef CONFIG_DEBUG_LINUX_TRACING
+ CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING
+ endif
+--- a/hostapd/defconfig
++++ b/hostapd/defconfig
+@@ -166,6 +166,9 @@ CONFIG_IPV6=y
+ # Disabled by default.
+ #CONFIG_DEBUG_FILE=y
+ 
++# Send debug messages to syslog instead of stdout
++#CONFIG_DEBUG_SYSLOG=y
++
+ # Add support for sending all debug messages (regardless of debug verbosity)
+ # to the Linux kernel tracing facility. This helps debug the entire stack by
+ # making it easy to record everything happening from the driver up into the
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -108,6 +108,10 @@ static void hostapd_logger_cb(void *ctx,
+ 			    module_str ? module_str : "",
+ 			    module_str ? ": " : "", txt);
+ 
++#ifdef CONFIG_DEBUG_SYSLOG
++	if (wpa_debug_syslog)
++		conf_stdout = 0;
++#endif /* CONFIG_DEBUG_SYSLOG */
+ 	if ((conf_stdout & module) && level >= conf_stdout_level) {
+ 		wpa_debug_print_timestamp();
+ 		wpa_printf(MSG_INFO, "%s", format);
+@@ -484,6 +488,9 @@ static void usage(void)
+ 		"        (records all messages regardless of debug verbosity)\n"
+ #endif /* CONFIG_DEBUG_LINUX_TRACING */
+ 		"   -i   list of interface names to use\n"
++#ifdef CONFIG_DEBUG_SYSLOG
++		"   -s   log output to syslog instead of stdout\n"
++#endif /* CONFIG_DEBUG_SYSLOG */
+ 		"   -S   start all the interfaces synchronously\n"
+ 		"   -t   include timestamps in some debug messages\n"
+ 		"   -v   show hostapd version\n");
+@@ -661,7 +668,7 @@ int main(int argc, char *argv[])
+ 	dl_list_init(&interfaces.global_ctrl_dst);
+ 
+ 	for (;;) {
+-		c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
++		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
+ 		if (c < 0)
+ 			break;
+ 		switch (c) {
+@@ -718,6 +725,11 @@ int main(int argc, char *argv[])
+ 			bss_config = tmp_bss;
+ 			bss_config[num_bss_configs++] = optarg;
+ 			break;
++#ifdef CONFIG_DEBUG_SYSLOG
++		case 's':
++			wpa_debug_syslog = 1;
++			break;
++#endif /* CONFIG_DEBUG_SYSLOG */
+ 		case 'S':
+ 			start_ifaces_in_sync = 1;
+ 			break;
+@@ -746,6 +758,10 @@ int main(int argc, char *argv[])
+ 		wpa_debug_open_file(log_file);
+ 	else
+ 		wpa_debug_setup_stdout();
++#ifdef CONFIG_DEBUG_SYSLOG
++	if (wpa_debug_syslog)
++		wpa_debug_open_syslog();
++#endif /* CONFIG_DEBUG_SYSLOG */
+ #ifdef CONFIG_DEBUG_LINUX_TRACING
+ 	if (enable_trace_dbg) {
+ 		int tret = wpa_debug_open_linux_tracing();
+@@ -882,6 +898,7 @@ int main(int argc, char *argv[])
+ 	hostapd_global_deinit(pid_file, interfaces.eloop_initialized);
+ 	os_free(pid_file);
+ 
++	wpa_debug_close_syslog();
+ 	if (log_file)
+ 		wpa_debug_close_file();
+ 	wpa_debug_close_linux_tracing();
+--- a/src/utils/wpa_debug.c
++++ b/src/utils/wpa_debug.c
+@@ -13,7 +13,7 @@
+ #ifdef CONFIG_DEBUG_SYSLOG
+ #include <syslog.h>
+ 
+-static int wpa_debug_syslog = 0;
++int wpa_debug_syslog = 0;
+ #endif /* CONFIG_DEBUG_SYSLOG */
+ 
+ #ifdef CONFIG_DEBUG_LINUX_TRACING
+--- a/src/utils/wpa_debug.h
++++ b/src/utils/wpa_debug.h
+@@ -14,6 +14,9 @@
+ extern int wpa_debug_level;
+ extern int wpa_debug_show_keys;
+ extern int wpa_debug_timestamp;
++#ifdef CONFIG_DEBUG_SYSLOG
++extern int wpa_debug_syslog;
++#endif /* CONFIG_DEBUG_SYSLOG */
+ 
+ /* Debugging function - conditional printf and hex dump. Driver wrappers can
+  * use these for debugging purposes. */
diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch
index 9ea3ef9c2d..f0348201ff 100644
--- a/package/network/services/hostapd/patches/200-multicall.patch
+++ b/package/network/services/hostapd/patches/200-multicall.patch
@@ -36,7 +36,7 @@
  LIBS += $(DRV_AP_LIBS)
  
  ifdef CONFIG_L2_PACKET
-@@ -1073,6 +1079,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1077,6 +1083,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
  
  BCHECK=../src/drivers/build.hostapd
  
@@ -49,7 +49,7 @@
  hostapd: $(BCHECK) $(OBJS)
  	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
  	@$(E) "  LD " $@
-@@ -1114,6 +1126,12 @@ HOBJS += ../src/crypto/aes-internal.o
+@@ -1118,6 +1130,12 @@ HOBJS += ../src/crypto/aes-internal.o
  HOBJS += ../src/crypto/aes-internal-enc.o
  endif
  
@@ -293,7 +293,7 @@
  		wpa_debug_open_file(params->wpa_debug_file_path);
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -583,6 +583,11 @@ fail:
+@@ -590,6 +590,11 @@ fail:
  	return -1;
  }
  
@@ -305,14 +305,14 @@
  
  #ifdef CONFIG_WPS
  static int gen_uuid(const char *txt_addr)
-@@ -660,6 +665,8 @@ int main(int argc, char *argv[])
+@@ -667,6 +672,8 @@ int main(int argc, char *argv[])
  	interfaces.global_ctrl_sock = -1;
  	dl_list_init(&interfaces.global_ctrl_dst);
  
 +	wpa_supplicant_event = hostapd_wpa_event;
 +	wpa_supplicant_event_global = hostapd_wpa_event_global;
  	for (;;) {
- 		c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
+ 		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
  		if (c < 0)
 --- a/src/drivers/drivers.c
 +++ b/src/drivers/drivers.c
diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch
index a48b6962ee..b7dbbd0dc7 100644
--- a/package/network/services/hostapd/patches/410-limit_debug_messages.patch
+++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch
@@ -84,7 +84,7 @@
  	char *buf;
 --- a/src/utils/wpa_debug.h
 +++ b/src/utils/wpa_debug.h
-@@ -49,6 +49,17 @@ int wpa_debug_reopen_file(void);
+@@ -52,6 +52,17 @@ int wpa_debug_reopen_file(void);
  void wpa_debug_close_file(void);
  void wpa_debug_setup_stdout(void);
  
@@ -102,7 +102,7 @@
  /**
   * wpa_debug_printf_timestamp - Print timestamp for debug output
   *
-@@ -69,9 +80,15 @@ void wpa_debug_print_timestamp(void);
+@@ -72,9 +83,15 @@ void wpa_debug_print_timestamp(void);
   *
   * Note: New line '\n' is added to the end of the text when printing to stdout.
   */
@@ -119,7 +119,7 @@
  /**
   * wpa_hexdump - conditional hex dump
   * @level: priority level (MSG_*) of the message
-@@ -83,7 +100,13 @@ PRINTF_FORMAT(2, 3);
+@@ -86,7 +103,13 @@ PRINTF_FORMAT(2, 3);
   * output may be directed to stdout, stderr, and/or syslog based on
   * configuration. The contents of buf is printed out has hex dump.
   */
@@ -134,7 +134,7 @@
  
  static inline void wpa_hexdump_buf(int level, const char *title,
  				   const struct wpabuf *buf)
-@@ -105,7 +128,13 @@ static inline void wpa_hexdump_buf(int l
+@@ -108,7 +131,13 @@ static inline void wpa_hexdump_buf(int l
   * like wpa_hexdump(), but by default, does not include secret keys (passwords,
   * etc.) in debug output.
   */
@@ -149,7 +149,7 @@
  
  static inline void wpa_hexdump_buf_key(int level, const char *title,
  				       const struct wpabuf *buf)
-@@ -127,8 +156,14 @@ static inline void wpa_hexdump_buf_key(i
+@@ -130,8 +159,14 @@ static inline void wpa_hexdump_buf_key(i
   * the hex numbers and ASCII characters (for printable range) are shown. 16
   * bytes per line will be shown.
   */
@@ -166,7 +166,7 @@
  
  /**
   * wpa_hexdump_ascii_key - conditional hex dump, hide keys
-@@ -144,8 +179,14 @@ void wpa_hexdump_ascii(int level, const
+@@ -147,8 +182,14 @@ void wpa_hexdump_ascii(int level, const
   * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
   * default, does not include secret keys (passwords, etc.) in debug output.
   */
@@ -183,7 +183,7 @@
  
  /*
   * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
-@@ -182,7 +223,12 @@ void wpa_hexdump_ascii_key(int level, co
+@@ -185,7 +226,12 @@ void wpa_hexdump_ascii_key(int level, co
   *
   * Note: New line '\n' is added to the end of the text when printing to stdout.
   */
@@ -197,7 +197,7 @@
  
  /**
   * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
-@@ -196,8 +242,13 @@ void wpa_msg(void *ctx, int level, const
+@@ -199,8 +245,13 @@ void wpa_msg(void *ctx, int level, const
   * attached ctrl_iface monitors. In other words, it can be used for frequent
   * events that do not need to be sent to syslog.
   */
diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch
index 8abeafcace..ac699f4e49 100644
--- a/package/network/services/hostapd/patches/420-indicate-features.patch
+++ b/package/network/services/hostapd/patches/420-indicate-features.patch
@@ -8,16 +8,16 @@
  #include "crypto/random.h"
  #include "crypto/tls.h"
  #include "common/version.h"
-@@ -668,7 +669,7 @@ int main(int argc, char *argv[])
+@@ -675,7 +676,7 @@ int main(int argc, char *argv[])
  	wpa_supplicant_event = hostapd_wpa_event;
  	wpa_supplicant_event_global = hostapd_wpa_event_global;
  	for (;;) {
--		c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
-+		c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:g:G:v::");
+-		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
++		c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:v::");
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -705,6 +706,8 @@ int main(int argc, char *argv[])
+@@ -712,6 +713,8 @@ int main(int argc, char *argv[])
  			break;
  #endif /* CONFIG_DEBUG_LINUX_TRACING */
  		case 'v':
diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch
index 78cf3064fa..463a362911 100644
--- a/package/network/services/hostapd/patches/450-scan_wait.patch
+++ b/package/network/services/hostapd/patches/450-scan_wait.patch
@@ -9,7 +9,7 @@
  
  
  #ifndef CONFIG_NO_HOSTAPD_LOGGER
-@@ -143,6 +145,14 @@ static void hostapd_logger_cb(void *ctx,
+@@ -147,6 +149,14 @@ static void hostapd_logger_cb(void *ctx,
  }
  #endif /* CONFIG_NO_HOSTAPD_LOGGER */
  
@@ -24,7 +24,7 @@
  
  /**
   * hostapd_driver_init - Preparate driver interface
-@@ -161,6 +171,8 @@ static int hostapd_driver_init(struct ho
+@@ -165,6 +175,8 @@ static int hostapd_driver_init(struct ho
  		return -1;
  	}
  
@@ -33,7 +33,7 @@
  	/* Initialize the driver interface */
  	if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
  		b = NULL;
-@@ -401,8 +413,6 @@ static void hostapd_global_deinit(const
+@@ -405,8 +417,6 @@ static void hostapd_global_deinit(const
  #endif /* CONFIG_NATIVE_WINDOWS */
  
  	eap_server_unregister_methods();
@@ -42,7 +42,7 @@
  }
  
  
-@@ -428,18 +438,6 @@ static int hostapd_global_run(struct hap
+@@ -432,18 +442,6 @@ static int hostapd_global_run(struct hap
  	}
  #endif /* EAP_SERVER_TNC */
  
@@ -61,7 +61,7 @@
  	eloop_run();
  
  	return 0;
-@@ -638,8 +636,7 @@ int main(int argc, char *argv[])
+@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
  	struct hapd_interfaces interfaces;
  	int ret = 1;
  	size_t i, j;
diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index e758afb17d..ee892e2bae 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -156,7 +156,7 @@
  	/*
  	 * sta->capability is used in check_assoc_ies() for RRM enabled
  	 * capability element.
-@@ -3023,7 +3049,7 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3025,7 +3051,7 @@ int ieee802_11_mgmt(struct hostapd_data
  
  
  	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
@@ -165,7 +165,7 @@
  		return 1;
  	}
  
-@@ -3041,17 +3067,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3043,17 +3069,17 @@ int ieee802_11_mgmt(struct hostapd_data
  	switch (stype) {
  	case WLAN_FC_STYPE_AUTH:
  		wpa_printf(MSG_DEBUG, "mgmt::auth");
diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h
index ffbb7978d9..315804361c 100644
--- a/package/network/services/hostapd/src/src/utils/build_features.h
+++ b/package/network/services/hostapd/src/src/utils/build_features.h
@@ -3,13 +3,25 @@
 
 static inline int has_feature(const char *feat)
 {
-#ifdef IEEE8021X_EAPOL
+#if defined(IEEE8021X_EAPOL) || (defined(HOSTAPD) && !defined(CONFIG_NO_RADIUS))
 	if (!strcmp(feat, "eap"))
 		return 1;
 #endif
-#ifdef IEEE80211N
+#ifdef CONFIG_IEEE80211N
 	if (!strcmp(feat, "11n"))
 		return 1;
+#endif
+#ifdef CONFIG_IEEE80211AC
+	if (!strcmp(feat, "11ac"))
+		return 1;
+#endif
+#ifdef CONFIG_IEEE80211R
+	if (!strcmp(feat, "11r"))
+		return 1;
+#endif
+#ifdef CONFIG_IEEE80211W
+	if (!strcmp(feat, "11w"))
+		return 1;
 #endif
 	return 0;
 }
diff --git a/package/network/services/odhcpd/Makefile b/package/network/services/odhcpd/Makefile
index 6813a0fdef..c0a7ceff2c 100644
--- a/package/network/services/odhcpd/Makefile
+++ b/package/network/services/odhcpd/Makefile
@@ -10,13 +10,13 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=odhcpd
 PKG_RELEASE:=1
 
-PKG_SOURCE_URL:=git://git.lede-project.org/project/odhcpd.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2017-01-06
-PKG_SOURCE_VERSION:=ef3c5632c100fda0fa463a3ed56ff926f3f86b20
-PKG_MIRROR_HASH:=a870ae200dd4b0776f18f19051f75a6654108e8f25044d37c6d0856193c3ccf0
+PKG_SOURCE_URL=$(LEDE_GIT)/project/odhcpd.git
+PKG_SOURCE_DATE:=2017-02-09
+PKG_SOURCE_VERSION:=8df4253ba73246d31f2e65f2004da3f9890c22c5
+PKG_MIRROR_HASH:=0040f94d11d0039505328a90b2ff48968db873e9e7967307631bf40ef5679275
 
-PKG_MAINTAINER:=Steven Barth <steven@midlink.org>
+PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
@@ -33,7 +33,7 @@ define Package/odhcpd
   SECTION:=net
   CATEGORY:=Network
   TITLE:=OpenWrt DHCP/DHCPv6(-PD)/RA Server & Relay
-  DEPENDS:=+libubox +libuci +libubus
+  DEPENDS:=+libubox +libuci +libubus +libnl-tiny
 endef
 
 define Package/odhcpd/config
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index ab506d427c..7507e2029b 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=openvpn
 
 PKG_VERSION:=2.4.0
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 
 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
@@ -34,6 +34,11 @@ define Package/openvpn/Default
   MENU:=1
   DEPENDS:=+kmod-tun +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_IPROUTE2:ip $(3)
   VARIANT:=$(1)
+ifeq ($(1),nossl)
+  PROVIDES:=openvpn
+else
+  PROVIDES:=openvpn openvpn-crypto
+endif
   MAINTAINER:=Mirko Vogt <mirko@openwrt.org>
 endef
 
diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init
index 0fcdc7eea0..d1f37d5c0f 100644
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -95,38 +95,33 @@ start_instance() {
 
 	# append flags
 	append_bools "$s" \
-		auth_nocache auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \
-		client_to_client comp_noadapt disable \
-		disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \
+		allow_recursive_routing auth_nocache auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \
+		client_to_client comp_noadapt disable disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \
 		ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \
 		management_query_passwords management_signal mktun mlock mtu_test multihome mute_replay_warnings \
-		nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \
-		persist_remote_ip persist_tun ping_timer_rem pull push_reset \
-		remote_random rmtun route_noexec route_nopull single_session socks_proxy_retry \
-		suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \
+		ncp_disable nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \
+		persist_remote_ip persist_tun ping_timer_rem pull push_reset remote_random rmtun route_noexec route_nopull \
+		single_session socks_proxy_retry suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \
 		tun_ipv6 up_delay up_restart username_as_common_name
 
 	# append params
 	append_params "$s" \
 		cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert capath \
-		chroot cipher client_config_dir client_connect client_disconnect comp_lzo connect_freq \
+		chroot cipher client_config_dir client_connect client_disconnect comp_lzo compress connect_freq \
 		connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \
-		echo engine explicit_exit_notify fragment group hand_window hash_size \
-		http_proxy http_proxy_option http_proxy_timeout ifconfig ifconfig_pool \
-		ifconfig_pool_persist ifconfig_push inactive ipchange iroute keepalive \
-		key key_method keysize learn_address link_mtu lladdr local log log_append \
-		lport management management_log_cache max_clients \
-		max_routes_per_client mode mssfix mtu_disc mute nice ns_cert_type ping \
-		ping_exit ping_restart pkcs12 plugin port port_share prng proto rcvbuf \
-		redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \
-		reneg_bytes reneg_pkts reneg_sec \
-		replay_persist replay_window resolv_retry route route_delay route_gateway \
-		route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \
-		socks_proxy status status_version syslog tcp_queue_limit tls_auth tls_version_min \
-		tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \
-		tun_mtu tun_mtu_extra txqueuelen user verb down push up \
-		verify_x509_name x509_username_field \
-		ifconfig_ipv6 route_ipv6 server_ipv6 ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6
+		ecdh_curve echo engine explicit_exit_notify fragment group hand_window hash_size http_proxy \
+		http_proxy_option http_proxy_timeout ifconfig ifconfig_pool ifconfig_pool_persist ifconfig_push \
+		inactive ipchange iroute keepalive key key_direction key_method keysize learn_address link_mtu lladdr \
+		local log log_append lport management management_log_cache max_clients max_routes_per_client mode \
+		mssfix mtu_disc mute ncp_ciphers nice ns_cert_type ping ping_exit ping_restart pkcs12 plugin \
+		port port_share prng proto pull_filter rcvbuf redirect_gateway remap_usr1 remote remote_cert_eku \
+		remote_cert_ku remote_cert_tls reneg_bytes reneg_pkts reneg_sec replay_persist replay_window \
+		resolv_retry route route_delay route_gateway route_metric route_pre_down route_up rport \
+		script_security secret server server_bridge setenv shaper sndbuf socks_proxy status status_version \
+		syslog tcp_queue_limit tls_auth tls_crypt tls_version_min tls_cipher tls_timeout \
+		tls_verify tmp_dir topology tran_window tun_mtu tun_mtu_extra txqueuelen user verb \
+		down push up verify_x509_name x509_username_field ifconfig_ipv6 route_ipv6 server_ipv6 \
+		ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6
 
 	openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf"
 }
diff --git a/package/network/services/ppp/Makefile b/package/network/services/ppp/Makefile
index 8b58c1c06f..8b0daf2295 100644
--- a/package/network/services/ppp/Makefile
+++ b/package/network/services/ppp/Makefile
@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ppp
 PKG_VERSION:=2.4.7
-PKG_RELEASE:=10
+PKG_RELEASE:=11
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://download.samba.org/pub/ppp/
@@ -30,7 +30,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/ppp/Default
   SECTION:=net
   CATEGORY:=Network
-  URL:=http://ppp.samba.org/
+  URL:=https://ppp.samba.org/
 endef
 
 define Package/ppp
@@ -158,6 +158,17 @@ define Package/pppstats/description
 This package contains an utility to report PPP statistics.
 endef
 
+define Package/pppoe-discovery
+$(call Package/ppp/Default)
+  DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) +ppp-mod-pppoe
+  TITLE:=Perform a PPPoE-discovery process
+endef
+
+define Package/pppoe-discovery/description
+This tool performs the same discovery process as pppoe, but does
+not initiate a session. Can be useful to debug pppoe.
+endef
+
 
 define Build/Configure
 $(call Build/Configure/Default,, \
@@ -274,6 +285,11 @@ define Package/pppstats/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppstats $(1)/usr/sbin/
 endef
 
+define Package/pppoe-discovery/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppoe-discovery $(1)/usr/sbin/
+endef
+
 $(eval $(call BuildPackage,ppp))
 $(eval $(call BuildPackage,ppp-multilink))
 $(eval $(call BuildPackage,ppp-mod-pppoa))
@@ -285,3 +301,4 @@ $(eval $(call BuildPackage,ppp-mod-passwordfd))
 $(eval $(call BuildPackage,chat))
 $(eval $(call BuildPackage,pppdump))
 $(eval $(call BuildPackage,pppstats))
+$(eval $(call BuildPackage,pppoe-discovery))
diff --git a/package/network/services/ppp/files/lib/netifd/ppp6-up b/package/network/services/ppp/files/lib/netifd/ppp6-up
old mode 100644
new mode 100755
index 87ca63c751..8ad03223e5
--- a/package/network/services/ppp/files/lib/netifd/ppp6-up
+++ b/package/network/services/ppp/files/lib/netifd/ppp6-up
@@ -22,6 +22,8 @@ if [ -n "$AUTOIPV6" ]; then
 	json_add_string ifname "@$PPP_IPPARAM"
 	json_add_string proto "dhcpv6"
 	[ -n "$EXTENDPREFIX" ] && json_add_string extendprefix 1
+	[ -n "$IP6TABLE" ] && json_add_string ip6table $IP6TABLE
+	[ -n "$PEERDNS" ] && json_add_boolean peerdns $PEERDNS
 	json_close_object
 	ubus call network add_dynamic "$(json_dump)"
 fi
diff --git a/package/network/services/ppp/files/ppp.sh b/package/network/services/ppp/files/ppp.sh
index 91452b4288..73bc3161cd 100755
--- a/package/network/services/ppp/files/ppp.sh
+++ b/package/network/services/ppp/files/ppp.sh
@@ -88,7 +88,7 @@ ppp_generic_setup() {
 	local config="$1"; shift
 	local localip
 
-	json_get_vars ipv6 demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered persist maxfail holdoff
+	json_get_vars ipv6 ip6table demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered persist maxfail holdoff peerdns
 	if [ "$ipv6" = 0 ]; then
 		ipv6=""
 	elif [ -z "$ipv6" -o "$ipv6" = auto ]; then
@@ -136,6 +136,8 @@ ppp_generic_setup() {
 		${lcp_failure:+lcp-echo-interval $lcp_interval lcp-echo-failure $lcp_failure $lcp_adaptive} \
 		${ipv6:++ipv6} \
 		${autoipv6:+set AUTOIPV6=1} \
+		${ip6table:+set IP6TABLE=$ip6table} \
+		${peerdns:+set PEERDNS=$peerdns} \
 		nodefaultroute \
 		usepeerdns \
 		$demand $persist maxfail $maxfail \
diff --git a/package/network/services/relayd/Makefile b/package/network/services/relayd/Makefile
index 25c56d49c6..dcb69a11b5 100644
--- a/package/network/services/relayd/Makefile
+++ b/package/network/services/relayd/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=relayd
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL=$(LEDE_GIT)/project/relayd.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/relayd/files/relay.init b/package/network/services/relayd/files/relay.init
index 028b61ea36..5c7a0f9efe 100644
--- a/package/network/services/relayd/files/relay.init
+++ b/package/network/services/relayd/files/relay.init
@@ -19,9 +19,7 @@ validate_proto_relayd()
 
 resolve_ifname() {
 	grep -qs "^ *$1:" /proc/net/dev && {
-		procd_append_param command -I "$1"
-		procd_append_param netdev "$1"
-		append ifaces "$1"
+		append resolved_ifnames "$1"
 	}
 }
 
@@ -35,9 +33,7 @@ resolve_network() {
 
 start_relay() {
 	local cfg="$1"
-
-	local args=""
-	local ifaces=""
+	local proto disabled
 
 	config_get proto "$cfg" proto
 	[ "$proto" = "relay" ] || return 0
@@ -45,20 +41,7 @@ start_relay() {
 	config_get_bool disabled "$cfg" disabled 0
 	[ "$disabled" -gt 0 ] && return 0
 
-	SERVICE_DAEMONIZE=1
-	SERVICE_WRITE_PID=1
-	SERVICE_PID_FILE="/var/run/relay-$cfg.pid"
-	[ -f "$SERVICE_PID_FILE" ] && {
-		if grep -q relayd "/proc/$(cat $SERVICE_PID_FILE)/cmdline"; then
-			return 0
-		else
-			rm -f "$SERVICE_PID_FILE"
-		fi
-	}
-
-	procd_open_instance
-	procd_set_param command "$PROG"
-
+	local resolved_ifnames
 	local net networks
 	config_get networks "$cfg" network
 	for net in $networks; do
@@ -70,9 +53,18 @@ start_relay() {
 	local ifn ifnames
 	config_get ifnames "$cfg" ifname
 	for ifn in $ifnames; do
-		resolve_ifname "$ifn"
+		resolve_ifname "$ifn" || {
+			return 1
+		}
 	done
 
+	procd_open_instance
+	procd_set_param command "$PROG"
+
+	for ifn in $resolved_ifnames; do
+		procd_append_param command -I "$ifn"
+		procd_append_param netdev "$ifn"
+	done
 	local ipaddr
 	config_get ipaddr "$cfg" ipaddr
 	[ -n "$ipaddr" ] && procd_append_param command -L "$ipaddr"
diff --git a/package/network/services/samba36/Makefile b/package/network/services/samba36/Makefile
index 1311e09001..fcf772195a 100644
--- a/package/network/services/samba36/Makefile
+++ b/package/network/services/samba36/Makefile
@@ -11,8 +11,8 @@ PKG_NAME:=samba
 PKG_VERSION:=3.6.25
 PKG_RELEASE:=5
 
-PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \
-	http://ftp.samba.org/pub/samba/stable
+PKG_SOURCE_URL:=https://download.samba.org/pub/samba \
+		https://download.samba.org/pub/samba/stable
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_HASH:=8f2c8a7f2bd89b0dfd228ed917815852f7c625b2bc0936304ac3ed63aaf83751
 
@@ -34,7 +34,7 @@ define Package/samba36-server
   SECTION:=net
   CATEGORY:=Network
   TITLE:=Samba 3.6 SMB/CIFS server
-  URL:=http://www.samba.org/
+  URL:=https://www.samba.org/
   DEPENDS:=+USE_GLIBC:librt $(ICONV_DEPENDS)
 endef
 
@@ -42,7 +42,7 @@ define Package/samba36-client
   SECTION:=net
   CATEGORY:=Network
   TITLE:=Samba 3.6 SMB/CIFS client
-  URL:=http://www.samba.org/
+  URL:=https://www.samba.org/
   DEPENDS:=+libreadline +libncurses
 endef
 
diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index 53bf04c921..6b8be1c7e4 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -47,7 +47,7 @@ generate_keys() {
 	# Prefer px5g for certificate generation (existence evaluated last)
 	local GENKEY_CMD=""
 	local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
-	[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
+	[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
 	[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
 	[ -n "$GENKEY_CMD" ] && {
 		$GENKEY_CMD \
diff --git a/package/network/services/mdns/Makefile b/package/network/services/umdns/Makefile
similarity index 56%
rename from package/network/services/mdns/Makefile
rename to package/network/services/umdns/Makefile
index b36176e1ae..2323cf4b36 100644
--- a/package/network/services/mdns/Makefile
+++ b/package/network/services/umdns/Makefile
@@ -7,14 +7,14 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=mdns
+PKG_NAME:=umdns
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=$(LEDE_GIT)/project/mdnsd.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2016-12-19
-PKG_SOURCE_VERSION:=be8ae8d0b5f2e8651edf0cc8f35916fc4b71d1ac
-PKG_MIRROR_HASH:=fd6e8b17407b9e6dc96f485c62f54e02a0ab27b5878c271f95749495970dacc2
+PKG_SOURCE_DATE:=2017-03-10
+PKG_SOURCE_VERSION:=d4376788601c38963c4c836d325e3a66498079ea
+PKG_MIRROR_HASH:=be60c437e13cf712b967af08c7cf8bda8dc3ad6d169965e3108fe3107c59009b
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=LGPL-2.1
@@ -23,7 +23,7 @@ include $(INCLUDE_DIR)/package-seccomp.mk
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 
-define Package/mdns
+define Package/umdns
   SECTION:=net
   CATEGORY:=Network
   TITLE:=OpenWrt Multicast DNS Daemon
@@ -32,16 +32,16 @@ endef
 
 TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
 
-define Package/mdns/conffiles
-/etc/config/mdns
+define Package/umdns/conffiles
+/etc/config/umdns
 endef
 
-define Package/mdns/install
+define Package/umdns/install
 	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mdns $(1)/usr/sbin/
-	$(INSTALL_BIN) ./files/mdns.init $(1)/etc/init.d/mdns
-	$(INSTALL_CONF) ./files/mdns.config $(1)/etc/config/mdns
-	$(call InstallSeccomp,$(1),./files/mdns.json)
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/umdns $(1)/usr/sbin/
+	$(INSTALL_BIN) ./files/umdns.init $(1)/etc/init.d/umdns
+	$(INSTALL_CONF) ./files/umdns.config $(1)/etc/config/umdns
+	$(call InstallSeccomp,$(1),./files/umdns.json)
 endef
 
-$(eval $(call BuildPackage,mdns))
+$(eval $(call BuildPackage,umdns))
diff --git a/package/network/services/mdns/files/mdns.config b/package/network/services/umdns/files/umdns.config
similarity index 71%
rename from package/network/services/mdns/files/mdns.config
rename to package/network/services/umdns/files/umdns.config
index b09eaf5c89..d4936bb092 100644
--- a/package/network/services/mdns/files/mdns.config
+++ b/package/network/services/umdns/files/umdns.config
@@ -1,3 +1,3 @@
-config mdns
+config umdns
 	option jail 1
 	list network lan
diff --git a/package/network/services/mdns/files/mdns.init b/package/network/services/umdns/files/umdns.init
similarity index 59%
rename from package/network/services/mdns/files/mdns.init
rename to package/network/services/umdns/files/umdns.init
index c0f9155c06..627930b88d 100644
--- a/package/network/services/mdns/files/mdns.init
+++ b/package/network/services/umdns/files/umdns.init
@@ -6,11 +6,11 @@
 START=80
 
 USE_PROCD=1
-PROG=/usr/sbin/mdns
+PROG=/usr/sbin/umdns
 IFACES=""
 
 load_ifaces() {
-	local network="$(uci get mdns.@mdns[-1].network)"
+	local network="$(uci get umdns.@umdns[-1].network)"
 	for n in $network; do
 		local device
 		json_load "$(ifstatus $n)"
@@ -27,28 +27,28 @@ reload_service() {
 	done
 	json_close_array
 
-	ubus call mdns set_config "$(json_dump)"
+	ubus call umdns set_config "$(json_dump)"
 }
 
 start_service() {
-	local network="$(uci get mdns.@mdns[-1].network)"
+	local network="$(uci get umdns.@umdns[-1].network)"
 
 	procd_open_instance
 	procd_set_param command "$PROG"
-	procd_set_param seccomp /etc/seccomp/mdns.json
+	procd_set_param seccomp /etc/seccomp/umdns.json
 	procd_set_param respawn
 	procd_open_trigger
-	procd_add_config_trigger "config.change" "mdns" /etc/init.d/mdns reload
+	procd_add_config_trigger "config.change" "umdns" /etc/init.d/umdns reload
 	for n in $network; do
-		procd_add_interface_trigger "interface.*" $n /etc/init.d/mdns reload	
+		procd_add_interface_trigger "interface.*" $n /etc/init.d/umdns reload
 	done
-	procd_add_raw_trigger "instance.update" 5000 "/bin/ubus" "call" "mdns" "reload"
+	procd_add_raw_trigger "instance.update" 5000 "/bin/ubus" "call" "umdns" "reload"
 	procd_close_trigger
-	[ "$(uci get mdns.@mdns[-1].jail)" = 1 ] && procd_add_jail mdns ubus log
+	[ "$(uci get umdns.@umdns[-1].jail)" = 1 ] && procd_add_jail umdns ubus log
 	procd_close_instance
 }
 
 service_started() {
-	ubus -t 10 wait_for mdns
+	ubus -t 10 wait_for umdns
 	[ $? = 0 ] && reload_service
 }
diff --git a/package/network/services/mdns/files/mdns.json b/package/network/services/umdns/files/umdns.json
similarity index 100%
rename from package/network/services/mdns/files/mdns.json
rename to package/network/services/umdns/files/umdns.json
diff --git a/package/network/utils/comgt/Makefile b/package/network/utils/comgt/Makefile
index 9ddc61758f..3926016581 100644
--- a/package/network/utils/comgt/Makefile
+++ b/package/network/utils/comgt/Makefile
@@ -21,6 +21,8 @@ PKG_LICENSE:=GPL-2.0+
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME).$(PKG_VERSION)
 PKG_CHECK_FORMAT_SECURITY:=0
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/comgt/Default
diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile
index 950044a226..68558a9eda 100644
--- a/package/network/utils/curl/Makefile
+++ b/package/network/utils/curl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=curl
 PKG_VERSION:=7.52.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
diff --git a/package/network/utils/curl/patches/001-curl-https-openssl-fix.patch b/package/network/utils/curl/patches/001-curl-https-openssl-fix.patch
new file mode 100644
index 0000000000..9658ef554b
--- /dev/null
+++ b/package/network/utils/curl/patches/001-curl-https-openssl-fix.patch
@@ -0,0 +1,34 @@
+From a7b38c9dc98481e4a5fc37e51a8690337c674dfb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 26 Dec 2016 00:06:33 +0100
+Subject: [PATCH] vtls: s/SSLEAY/OPENSSL
+
+Fixed an old leftover use of the USE_SSLEAY define which would make a
+socket get removed from the applications sockets to monitor when the
+multi_socket API was used, leading to timeouts.
+
+Bug: #1174
+---
+ lib/vtls/vtls.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -484,7 +484,7 @@ void Curl_ssl_close_all(struct Curl_easy
+   curlssl_close_all(data);
+ }
+ 
+-#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
++#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
+     defined(USE_DARWINSSL) || defined(USE_NSS)
+ /* This function is for OpenSSL, GnuTLS, darwinssl, and schannel only. */
+ int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks,
+@@ -518,7 +518,7 @@ int Curl_ssl_getsock(struct connectdata
+   (void)numsocks;
+   return GETSOCK_BLANK;
+ }
+-/* USE_SSLEAY || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */
++/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */
+ #endif
+ 
+ void Curl_ssl_close(struct connectdata *conn, int sockindex)
diff --git a/package/network/utils/curl/patches/100-CVE-2017-2629.patch b/package/network/utils/curl/patches/100-CVE-2017-2629.patch
new file mode 100644
index 0000000000..f2cd869c5b
--- /dev/null
+++ b/package/network/utils/curl/patches/100-CVE-2017-2629.patch
@@ -0,0 +1,33 @@
+From a00a42b4abe8363a46071bb3b43b1b7138f5259b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 22 Jan 2017 18:11:55 +0100
+Subject: [PATCH] TLS: make SSL_VERIFYSTATUS work again
+
+The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl
+and thus even if the status couldn't be verified, the connection would
+be allowed and the user would not be told about the failed verification.
+
+Regression since cb4e2be7c6d42ca
+
+CVE-2017-2629
+Bug: https://curl.haxx.se/docs/adv_20170222.html
+
+Reported-by: Marcus Hoffmann
+---
+ lib/url.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4141,8 +4141,11 @@ static struct connectdata *allocate_conn
+   conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
+   conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
+ 
++  conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
+   conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
+   conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
++  conn->proxy_ssl_config.verifystatus =
++    data->set.proxy_ssl.primary.verifystatus;
+   conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
+   conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
+ 
diff --git a/package/network/utils/ebtables/Makefile b/package/network/utils/ebtables/Makefile
index 93bb23e5ab..da7b7416af 100644
--- a/package/network/utils/ebtables/Makefile
+++ b/package/network/utils/ebtables/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ebtables
-PKG_VERSION:=2.0.10-4
-PKG_RELEASE:=5
+PKG_SOURCE_DATE:=2015-10-28
+PKG_RELEASE:=1
 
-PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=@SF/ebtables
-PKG_HASH:=dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d
+PKG_SOURCE_URL:=git://git.netfilter.org/ebtables
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=4c3e5cd3dbae3ea773e9dcca7cf019b2713af70d
+PKG_MIRROR_HASH:=997a877da02d6e2141e6d31c5d4dd005737facecfdbea07308c0e1286db8591c
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/ebtables-v$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/package/network/utils/ebtables/patches/100-musl_fix.patch b/package/network/utils/ebtables/patches/100-musl_fix.patch
index 0ac1fbfecf..3fe5845897 100644
--- a/package/network/utils/ebtables/patches/100-musl_fix.patch
+++ b/package/network/utils/ebtables/patches/100-musl_fix.patch
@@ -1,181 +1,10 @@
---- a/extensions/ebt_among.c
-+++ b/extensions/ebt_among.c
-@@ -13,7 +13,6 @@
- #include <ctype.h>
- #include <unistd.h>
- #include "../include/ebtables_u.h"
--#include <netinet/ether.h>
- #include "../include/ethernetdb.h"
- #include <linux/if_ether.h>
- #include <linux/netfilter_bridge/ebt_among.h>
---- a/extensions/ebt_arpreply.c
-+++ b/extensions/ebt_arpreply.c
-@@ -12,7 +12,6 @@
- #include <string.h>
- #include <getopt.h>
- #include "../include/ebtables_u.h"
--#include <netinet/ether.h>
- #include <linux/netfilter_bridge/ebt_arpreply.h>
- 
- static int mac_supplied;
---- a/extensions/ebt_nat.c
-+++ b/extensions/ebt_nat.c
-@@ -11,7 +11,6 @@
- #include <string.h>
- #include <getopt.h>
- #include "../include/ebtables_u.h"
--#include <netinet/ether.h>
- #include <linux/netfilter_bridge/ebt_nat.h>
- 
- static int to_source_supplied, to_dest_supplied;
---- a/useful_functions.c
-+++ b/useful_functions.c
-@@ -25,7 +25,6 @@
- #include "include/ebtables_u.h"
- #include "include/ethernetdb.h"
- #include <stdio.h>
--#include <netinet/ether.h>
- #include <string.h>
- #include <stdlib.h>
- #include <getopt.h>
 --- a/include/ebtables_u.h
 +++ b/include/ebtables_u.h
-@@ -23,7 +23,9 @@
+@@ -23,6 +23,7 @@
  
  #ifndef EBTABLES_U_H
  #define EBTABLES_U_H
-+#include <sys/types.h>
++#define _NETINET_IF_ETHER_H
  #include <netinet/in.h>
-+#include <netinet/ether.h>
  #include <linux/netfilter_bridge/ebtables.h>
  #include <linux/netfilter/x_tables.h>
- 
---- a/include/linux/if_ether.h
-+++ /dev/null
-@@ -1,126 +0,0 @@
--/*
-- * INET		An implementation of the TCP/IP protocol suite for the LINUX
-- *		operating system.  INET is implemented using the  BSD Socket
-- *		interface as the means of communication with the user level.
-- *
-- *		Global definitions for the Ethernet IEEE 802.3 interface.
-- *
-- * Version:	@(#)if_ether.h	1.0.1a	02/08/94
-- *
-- * Author:	Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
-- *		Donald Becker, <becker@super.org>
-- *		Alan Cox, <alan@lxorguk.ukuu.org.uk>
-- *		Steve Whitehouse, <gw7rrm@eeshack3.swan.ac.uk>
-- *
-- *		This program is free software; you can redistribute it and/or
-- *		modify it under the terms of the GNU General Public License
-- *		as published by the Free Software Foundation; either version
-- *		2 of the License, or (at your option) any later version.
-- */
--
--#ifndef _LINUX_IF_ETHER_H
--#define _LINUX_IF_ETHER_H
--
--#include <linux/types.h>
--
--/*
-- *	IEEE 802.3 Ethernet magic constants.  The frame sizes omit the preamble
-- *	and FCS/CRC (frame check sequence).
-- */
--
--#define ETH_ALEN	6		/* Octets in one ethernet addr	 */
--#define ETH_HLEN	14		/* Total octets in header.	 */
--#define ETH_ZLEN	60		/* Min. octets in frame sans FCS */
--#define ETH_DATA_LEN	1500		/* Max. octets in payload	 */
--#define ETH_FRAME_LEN	1514		/* Max. octets in frame sans FCS */
--#define ETH_FCS_LEN	4		/* Octets in the FCS		 */
--
--/*
-- *	These are the defined Ethernet Protocol ID's.
-- */
--
--#define ETH_P_LOOP	0x0060		/* Ethernet Loopback packet	*/
--#define ETH_P_PUP	0x0200		/* Xerox PUP packet		*/
--#define ETH_P_PUPAT	0x0201		/* Xerox PUP Addr Trans packet	*/
--#define ETH_P_IP	0x0800		/* Internet Protocol packet	*/
--#define ETH_P_X25	0x0805		/* CCITT X.25			*/
--#define ETH_P_ARP	0x0806		/* Address Resolution packet	*/
--#define	ETH_P_BPQ	0x08FF		/* G8BPQ AX.25 Ethernet Packet	[ NOT AN OFFICIALLY REGISTERED ID ] */
--#define ETH_P_IEEEPUP	0x0a00		/* Xerox IEEE802.3 PUP packet */
--#define ETH_P_IEEEPUPAT	0x0a01		/* Xerox IEEE802.3 PUP Addr Trans packet */
--#define ETH_P_DEC       0x6000          /* DEC Assigned proto           */
--#define ETH_P_DNA_DL    0x6001          /* DEC DNA Dump/Load            */
--#define ETH_P_DNA_RC    0x6002          /* DEC DNA Remote Console       */
--#define ETH_P_DNA_RT    0x6003          /* DEC DNA Routing              */
--#define ETH_P_LAT       0x6004          /* DEC LAT                      */
--#define ETH_P_DIAG      0x6005          /* DEC Diagnostics              */
--#define ETH_P_CUST      0x6006          /* DEC Customer use             */
--#define ETH_P_SCA       0x6007          /* DEC Systems Comms Arch       */
--#define ETH_P_TEB	0x6558		/* Trans Ether Bridging		*/
--#define ETH_P_RARP      0x8035		/* Reverse Addr Res packet	*/
--#define ETH_P_ATALK	0x809B		/* Appletalk DDP		*/
--#define ETH_P_AARP	0x80F3		/* Appletalk AARP		*/
--#define ETH_P_8021Q	0x8100          /* 802.1Q VLAN Extended Header  */
--#define ETH_P_IPX	0x8137		/* IPX over DIX			*/
--#define ETH_P_IPV6	0x86DD		/* IPv6 over bluebook		*/
--#define ETH_P_PAUSE	0x8808		/* IEEE Pause frames. See 802.3 31B */
--#define ETH_P_SLOW	0x8809		/* Slow Protocol. See 802.3ad 43B */
--#define ETH_P_WCCP	0x883E		/* Web-cache coordination protocol
--					 * defined in draft-wilson-wrec-wccp-v2-00.txt */
--#define ETH_P_PPP_DISC	0x8863		/* PPPoE discovery messages     */
--#define ETH_P_PPP_SES	0x8864		/* PPPoE session messages	*/
--#define ETH_P_MPLS_UC	0x8847		/* MPLS Unicast traffic		*/
--#define ETH_P_MPLS_MC	0x8848		/* MPLS Multicast traffic	*/
--#define ETH_P_ATMMPOA	0x884c		/* MultiProtocol Over ATM	*/
--#define ETH_P_LINK_CTL	0x886c		/* HPNA, wlan link local tunnel */
--#define ETH_P_ATMFATE	0x8884		/* Frame-based ATM Transport
--					 * over Ethernet
--					 */
--#define ETH_P_PAE	0x888E		/* Port Access Entity (IEEE 802.1X) */
--#define ETH_P_AOE	0x88A2		/* ATA over Ethernet		*/
--#define ETH_P_TIPC	0x88CA		/* TIPC 			*/
--#define ETH_P_1588	0x88F7		/* IEEE 1588 Timesync */
--#define ETH_P_FCOE	0x8906		/* Fibre Channel over Ethernet  */
--#define ETH_P_FIP	0x8914		/* FCoE Initialization Protocol */
--#define ETH_P_EDSA	0xDADA		/* Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] */
--
--/*
-- *	Non DIX types. Won't clash for 1500 types.
-- */
--
--#define ETH_P_802_3	0x0001		/* Dummy type for 802.3 frames  */
--#define ETH_P_AX25	0x0002		/* Dummy protocol id for AX.25  */
--#define ETH_P_ALL	0x0003		/* Every packet (be careful!!!) */
--#define ETH_P_802_2	0x0004		/* 802.2 frames 		*/
--#define ETH_P_SNAP	0x0005		/* Internal only		*/
--#define ETH_P_DDCMP     0x0006          /* DEC DDCMP: Internal only     */
--#define ETH_P_WAN_PPP   0x0007          /* Dummy type for WAN PPP frames*/
--#define ETH_P_PPP_MP    0x0008          /* Dummy type for PPP MP frames */
--#define ETH_P_LOCALTALK 0x0009		/* Localtalk pseudo type 	*/
--#define ETH_P_CAN	0x000C		/* Controller Area Network      */
--#define ETH_P_PPPTALK	0x0010		/* Dummy type for Atalk over PPP*/
--#define ETH_P_TR_802_2	0x0011		/* 802.2 frames 		*/
--#define ETH_P_MOBITEX	0x0015		/* Mobitex (kaz@cafe.net)	*/
--#define ETH_P_CONTROL	0x0016		/* Card specific control frames */
--#define ETH_P_IRDA	0x0017		/* Linux-IrDA			*/
--#define ETH_P_ECONET	0x0018		/* Acorn Econet			*/
--#define ETH_P_HDLC	0x0019		/* HDLC frames			*/
--#define ETH_P_ARCNET	0x001A		/* 1A for ArcNet :-)            */
--#define ETH_P_DSA	0x001B		/* Distributed Switch Arch.	*/
--#define ETH_P_TRAILER	0x001C		/* Trailer switch tagging	*/
--#define ETH_P_PHONET	0x00F5		/* Nokia Phonet frames          */
--#define ETH_P_IEEE802154 0x00F6		/* IEEE802.15.4 frame		*/
--#define ETH_P_CAIF	0x00F7		/* ST-Ericsson CAIF protocol	*/
--
--/*
-- *	This is an Ethernet frame header.
-- */
--
--struct ethhdr {
--	unsigned char	h_dest[ETH_ALEN];	/* destination eth addr	*/
--	unsigned char	h_source[ETH_ALEN];	/* source ether addr	*/
--	__be16		h_proto;		/* packet type ID field	*/
--} __attribute__((packed));
--
--
--#endif	/* _LINUX_IF_ETHER_H */
diff --git a/package/network/utils/ebtables/patches/200-fix-extension-init.patch b/package/network/utils/ebtables/patches/200-fix-extension-init.patch
index 63d237708f..b77df159aa 100644
--- a/package/network/utils/ebtables/patches/200-fix-extension-init.patch
+++ b/package/network/utils/ebtables/patches/200-fix-extension-init.patch
@@ -29,7 +29,7 @@
  }
 --- a/extensions/ebt_among.c
 +++ b/extensions/ebt_among.c
-@@ -490,7 +490,7 @@ static struct ebt_u_match among_match =
+@@ -491,7 +491,7 @@ static struct ebt_u_match among_match =
  	.extra_ops 	= opts,
  };
  
@@ -51,7 +51,7 @@
  }
 --- a/extensions/ebt_arpreply.c
 +++ b/extensions/ebt_arpreply.c
-@@ -132,7 +132,7 @@ static struct ebt_u_target arpreply_targ
+@@ -133,7 +133,7 @@ static struct ebt_u_target arpreply_targ
  	.extra_ops	= opts,
  };
  
@@ -73,7 +73,7 @@
  }
 --- a/extensions/ebt_ip6.c
 +++ b/extensions/ebt_ip6.c
-@@ -556,7 +556,7 @@ static struct ebt_u_match ip6_match =
+@@ -560,7 +560,7 @@ static struct ebt_u_match ip6_match =
  	.extra_ops	= opts,
  };
  
@@ -128,7 +128,7 @@
  }
 --- a/extensions/ebt_nat.c
 +++ b/extensions/ebt_nat.c
-@@ -230,7 +230,7 @@ static struct ebt_u_target dnat_target =
+@@ -231,7 +231,7 @@ static struct ebt_u_target dnat_target =
  	.extra_ops	= opts_d,
  };
  
diff --git a/package/network/utils/iftop/Makefile b/package/network/utils/iftop/Makefile
index 5bbee31fd7..8c5b47444f 100644
--- a/package/network/utils/iftop/Makefile
+++ b/package/network/utils/iftop/Makefile
@@ -8,16 +8,18 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iftop
-PKG_VERSION:=1.0pre4
-PKG_RELEASE:=2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.ex-parrot.com/~pdw/iftop/download
-PKG_HASH:=f733eeea371a7577f8fe353d86dd88d16f5b2a2e702bd96f5ffb2c197d9b4f97
+PKG_RELEASE:=1
 
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://code.blinkace.com/pdw/iftop.git
+PKG_SOURCE_DATE:=2017-02-06
+PKG_SOURCE_VERSION:=35af3cf65f17961d173b31fd3b00166ec095c226
+PKG_MIRROR_HASH:=84131e2448ea5aa884d2bd7d58dc81741b5c476b4664a8c2c1eb34f62985804a
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0
 
+PKG_FIXUP:=autoreconf
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/iftop
diff --git a/package/network/utils/iftop/patches/110-fix-mac-display.patch b/package/network/utils/iftop/patches/110-fix-mac-display.patch
deleted file mode 100644
index 5db53aaa52..0000000000
--- a/package/network/utils/iftop/patches/110-fix-mac-display.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-iftop: fix mac address display
-
-iftop would display portions of mac address with large ffffff prefixes.
-Make if_hw_addr type consistent.
-
-Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
----
- addrs_dlpi.c  | 2 +-
- addrs_ioctl.c | 2 +-
- addrs_ioctl.h | 2 +-
- iftop.c       | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/addrs_dlpi.c b/addrs_dlpi.c
-index 188fef8..6c04ea1 100644
---- a/addrs_dlpi.c
-+++ b/addrs_dlpi.c
-@@ -50,7 +50,7 @@ extern char *strncat2(char *dest, char *src, int n);
-  */
- 
- int
--get_addrs_dlpi(char *interface, char if_hw_addr[], struct in_addr *if_ip_addr)
-+get_addrs_dlpi(char *interface, u_int8_t if_hw_addr[], struct in_addr *if_ip_addr)
- {
-   int got_hw_addr = 0;
-   int got_ip_addr = 0;
-diff --git a/addrs_ioctl.c b/addrs_ioctl.c
-index 870c83b..7d01fb2 100644
---- a/addrs_ioctl.c
-+++ b/addrs_ioctl.c
-@@ -45,7 +45,7 @@
-  */
- 
- int
--get_addrs_ioctl(char *interface, char if_hw_addr[], struct in_addr *if_ip_addr, struct in6_addr *if_ip6_addr)
-+get_addrs_ioctl(char *interface, u_int8_t if_hw_addr[], struct in_addr *if_ip_addr, struct in6_addr *if_ip6_addr)
- {
-   int s;
-   struct ifreq ifr = {};
-diff --git a/addrs_ioctl.h b/addrs_ioctl.h
-index f93a0b4..739de61 100644
---- a/addrs_ioctl.h
-+++ b/addrs_ioctl.h
-@@ -7,6 +7,6 @@
- #define __ADDRS_IOCTL_H_
- 
- int
--get_addrs_ioctl(char *interface, char if_hw_addr[], struct in_addr *if_ip_addr, struct in6_addr *if_ip6_addr);
-+get_addrs_ioctl(char *interface, u_int8_t if_hw_addr[], struct in_addr *if_ip_addr, struct in6_addr *if_ip6_addr);
- 
- #endif /* __ADDRS_IOCTL_H_ */
-diff --git a/iftop.c b/iftop.c
-index a090dcf..f1b371a 100644
---- a/iftop.c
-+++ b/iftop.c
-@@ -55,7 +55,7 @@
- 
- /* ethernet address of interface. */
- int have_hw_addr = 0;
--char if_hw_addr[6];    
-+u_int8_t if_hw_addr[6];    
- 
- /* IP address of interface */
- int have_ip_addr = 0;
--- 
-1.9.1
-
diff --git a/package/network/utils/iproute2/Makefile b/package/network/utils/iproute2/Makefile
index 620cce22a0..1c1ee3f24e 100644
--- a/package/network/utils/iproute2/Makefile
+++ b/package/network/utils/iproute2/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iproute2
 PKG_VERSION:=4.4.0
-PKG_RELEASE:=6
+PKG_RELEASE:=9
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2
diff --git a/package/network/utils/iproute2/patches/950-add-cake-to-tc.patch b/package/network/utils/iproute2/patches/950-add-cake-to-tc.patch
index 6c73fbaf25..8da17112be 100644
--- a/package/network/utils/iproute2/patches/950-add-cake-to-tc.patch
+++ b/package/network/utils/iproute2/patches/950-add-cake-to-tc.patch
@@ -1,6 +1,8 @@
+diff --git a/include/linux/pkt_sched.h b/include/linux/pkt_sched.h
+index 8d2530d..c55a9a8 100644
 --- a/include/linux/pkt_sched.h
 +++ b/include/linux/pkt_sched.h
-@@ -850,4 +850,59 @@ struct tc_pie_xstats {
+@@ -850,4 +850,60 @@ struct tc_pie_xstats {
  	__u32 maxq;             /* maximum queue size */
  	__u32 ecn_mark;         /* packets marked with ecn*/
  };
@@ -20,6 +22,7 @@
 +	TCA_CAKE_NAT,
 +	TCA_CAKE_ETHERNET,
 +	TCA_CAKE_WASH,
++	TCA_CAKE_MPU,
 +	__TCA_CAKE_MAX
 +};
 +#define TCA_CAKE_MAX	(__TCA_CAKE_MAX - 1)
@@ -60,6 +63,8 @@
 +};
 +
  #endif
+diff --git a/tc/Makefile b/tc/Makefile
+index 56acbaa..d421b8e 100644
 --- a/tc/Makefile
 +++ b/tc/Makefile
 @@ -63,6 +63,7 @@ TCMODULES += q_codel.o
@@ -70,9 +75,12 @@
  TCMODULES += q_hhf.o
  TCMODULES += e_bpf.o
  
+diff --git a/tc/q_cake.c b/tc/q_cake.c
+new file mode 100644
+index 0000000..acbe56c
 --- /dev/null
 +++ b/tc/q_cake.c
-@@ -0,0 +1,663 @@
+@@ -0,0 +1,692 @@
 +/*
 + * Common Applications Kept Enhanced  --  CAKE
 + *
@@ -126,14 +134,20 @@
 +
 +static void explain(void)
 +{
-+	fprintf(stderr, "Usage: ... cake [ bandwidth RATE | unlimited* | autorate_ingress ]\n"
-+	                "                [ rtt TIME | datacentre | lan | metro | regional | internet* | oceanic | satellite | interplanetary ]\n"
-+	                "                [ besteffort | precedence | diffserv8 | diffserv4 | diffserv-llt | diffserv3* ]\n"
-+	                "                [ flowblind | srchost | dsthost | hosts | flows | dual-srchost | dual-dsthost | triple-isolate* ] [ nat | nonat* ]\n"
-+	                "                [ ptm | atm | noatm* ] [ overhead N | conservative | raw* ]\n"
-+	                "                [ wash | nowash* ]\n"
-+	                "                [ memlimit LIMIT ]\n"
-+	                "    (* marks defaults)\n");
++	fprintf(stderr,
++"Usage: ... cake [ bandwidth RATE | unlimited* | autorate_ingress ]\n"
++"                [ rtt TIME | datacentre | lan | metro | regional |\n"
++"                  internet* | oceanic | satellite | interplanetary ]\n"
++"                [ besteffort | diffserv8 | diffserv4 | diffserv-llt |\n"
++"                  diffserv3* ]\n"
++"                [ flowblind | srchost | dsthost | hosts | flows |\n"
++"                  dual-srchost | dual-dsthost | triple-isolate* ]\n"
++"                [ nat | nonat* ]\n"
++"                [ wash | nowash * ]\n"
++"                [ memlimit LIMIT ]\n"
++"                [ ptm | atm | noatm* ] [ overhead N | conservative | raw* ]\n"
++"                [ mpu N ]\n"
++"                (* marks defaults)\n");
 +}
 +
 +static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv,
@@ -149,6 +163,7 @@
 +	bool overhead_set = false;
 +	bool overhead_override = false;
 +	int wash = -1;
++	int mpu = 0;
 +	int flowmode = -1;
 +	int nat = -1;
 +	int atm = -1;
@@ -332,6 +347,7 @@
 +			 * you may need to add vlan tag */
 +			overhead += 38;
 +			overhead_set = true;
++			mpu = 84;
 +
 +		/* Additional Ethernet-related overhead used by some ISPs */
 +		} else if (strcmp(*argv, "ether-vlan") == 0) {
@@ -347,6 +363,7 @@
 +			atm = 0;
 +			overhead += 18;
 +			overhead_set = true;
++			mpu = 64;
 +
 +		} else if (strcmp(*argv, "overhead") == 0) {
 +			char* p = NULL;
@@ -358,6 +375,15 @@
 +			}
 +			overhead_set = true;
 +
++		} else if (strcmp(*argv, "mpu") == 0) {
++			char* p = NULL;
++			NEXT_ARG();
++			mpu = strtol(*argv, &p, 10);
++			if(!p || *p || !*argv || mpu < 0 || mpu > 256) {
++				fprintf(stderr, "Illegal \"mpu\", valid range is 0 to 256\\n");
++				return -1;
++			}
++
 +		} else if (strcmp(*argv, "memlimit") == 0) {
 +			NEXT_ARG();
 +			if(get_size(&memlimit, *argv)) {
@@ -392,6 +418,8 @@
 +		unsigned zero = 0;
 +		addattr_l(n, 1024, TCA_CAKE_ETHERNET, &zero, sizeof(zero));
 +	}
++	if (mpu > 0)
++		addattr_l(n, 1024, TCA_CAKE_MPU, &mpu, sizeof(mpu));
 +	if (interval)
 +		addattr_l(n, 1024, TCA_CAKE_RTT, &interval, sizeof(interval));
 +	if (target)
@@ -420,6 +448,7 @@
 +	unsigned memlimit = 0;
 +	int overhead = 0;
 +	int ethernet = 0;
++	int mpu = 0;
 +	int atm = 0;
 +	int nat = 0;
 +	int autorate = 0;
@@ -525,6 +554,10 @@
 +	    RTA_PAYLOAD(tb[TCA_CAKE_OVERHEAD]) >= sizeof(__u32)) {
 +		overhead = rta_getattr_u32(tb[TCA_CAKE_OVERHEAD]);
 +	}
++	if (tb[TCA_CAKE_MPU] &&
++	    RTA_PAYLOAD(tb[TCA_CAKE_MPU]) >= sizeof(__u32)) {
++		mpu = rta_getattr_u32(tb[TCA_CAKE_MPU]);
++	}
 +	if (tb[TCA_CAKE_ETHERNET] &&
 +	    RTA_PAYLOAD(tb[TCA_CAKE_ETHERNET]) >= sizeof(__u32)) {
 +		ethernet = rta_getattr_u32(tb[TCA_CAKE_ETHERNET]);
@@ -558,6 +591,10 @@
 +			fprintf(f, "via-ethernet ");
 +	}
 +
++	if (mpu) {
++		fprintf(f, "mpu %d ", mpu);
++	}
++
 +	if (memlimit)
 +		fprintf(f, "memlimit %s", sprint_size(memlimit, b1));
 +
diff --git a/package/network/utils/iproute2/patches/960-ipmonitor-fix-ip-monitor-can-t-work-when-NET_NS-is-n.patch b/package/network/utils/iproute2/patches/960-ipmonitor-fix-ip-monitor-can-t-work-when-NET_NS-is-n.patch
new file mode 100644
index 0000000000..52be021e72
--- /dev/null
+++ b/package/network/utils/iproute2/patches/960-ipmonitor-fix-ip-monitor-can-t-work-when-NET_NS-is-n.patch
@@ -0,0 +1,40 @@
+From c44003f7e7254ac972eaa1b22a686471ea4ce2d7 Mon Sep 17 00:00:00 2001
+From: Liping Zhang <liping.zhang@spreadtrum.com>
+Date: Tue, 20 Sep 2016 02:09:02 -0700
+Subject: [PATCH] ipmonitor: fix ip monitor can't work when NET_NS is not
+ enabled
+
+In ip monitor, netns_map_init will check getnsid is supported or not.
+But when /proc/self/ns/net does not exist, we just print out error
+messages and exit. So user cannot use ip monitor anymore when
+CONFIG_NET_NS is disabled:
+  # ip monitor
+  open("/proc/self/ns/net"): No such file or directory
+
+If open "/proc/self/ns/net" failed, set have_rtnl_getnsid to false.
+
+Fixes: d652ccbf8195 ("netns: allow to dump and monitor nsid")
+Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
+Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+---
+ ip/ipnetns.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ip/ipnetns.c b/ip/ipnetns.c
+index af87065..ccc652c 100644
+--- a/ip/ipnetns.c
++++ b/ip/ipnetns.c
+@@ -72,8 +72,8 @@ static int ipnetns_have_nsid(void)
+ 	if (have_rtnl_getnsid < 0) {
+ 		fd = open("/proc/self/ns/net", O_RDONLY);
+ 		if (fd < 0) {
+-			perror("open(\"/proc/self/ns/net\")");
+-			exit(1);
++			have_rtnl_getnsid = 0;
++			return 0;
+ 		}
+ 
+ 		addattr32(&req.n, 1024, NETNSA_FD, fd);
+-- 
+2.6.4
+
diff --git a/package/network/utils/iw/patches/001-nl80211_h_sync.patch b/package/network/utils/iw/patches/001-nl80211_h_sync.patch
index 5d98281eae..88e47cce82 100644
--- a/package/network/utils/iw/patches/001-nl80211_h_sync.patch
+++ b/package/network/utils/iw/patches/001-nl80211_h_sync.patch
@@ -1,21 +1,305 @@
 --- a/nl80211.h
 +++ b/nl80211.h
-@@ -1937,6 +1937,9 @@ enum nl80211_commands {
+@@ -323,7 +323,7 @@
+  * @NL80211_CMD_GET_SCAN: get scan results
+  * @NL80211_CMD_TRIGGER_SCAN: trigger a new scan with the given parameters
+  *	%NL80211_ATTR_TX_NO_CCK_RATE is used to decide whether to send the
+- *	probe requests at CCK rate or not. %NL80211_ATTR_MAC can be used to
++ *	probe requests at CCK rate or not. %NL80211_ATTR_BSSID can be used to
+  *	specify a BSSID to scan for; if not included, the wildcard BSSID will
+  *	be used.
+  * @NL80211_CMD_NEW_SCAN_RESULTS: scan notification (as a reply to
+@@ -600,6 +600,20 @@
+  *
+  * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface.
+  *
++ * @NL80211_CMD_SET_MULTICAST_TO_UNICAST: Configure if this AP should perform
++ *	multicast to unicast conversion. When enabled, all multicast packets
++ *	with ethertype ARP, IPv4 or IPv6 (possibly within an 802.1Q header)
++ *	will be sent out to each station once with the destination (multicast)
++ *	MAC address replaced by the station's MAC address. Note that this may
++ *	break certain expectations of the receiver, e.g. the ability to drop
++ *	unicast IP packets encapsulated in multicast L2 frames, or the ability
++ *	to not send destination unreachable messages in such cases.
++ *	This can only be toggled per BSS. Configure this on an interface of
++ *	type %NL80211_IFTYPE_AP. It applies to all its VLAN interfaces
++ *	(%NL80211_IFTYPE_AP_VLAN), except for those in 4addr (WDS) mode.
++ *	If %NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED is not present with this
++ *	command, the feature is disabled.
++ *
+  * @NL80211_CMD_JOIN_MESH: Join a mesh. The mesh ID must be given, and initial
+  *	mesh config parameters may be given.
+  * @NL80211_CMD_LEAVE_MESH: Leave the mesh network -- no special arguments, the
+@@ -874,6 +888,12 @@
+  *	This will contain a %NL80211_ATTR_NAN_MATCH nested attribute and
+  *	%NL80211_ATTR_COOKIE.
+  *
++ * @NL80211_CMD_UPDATE_CONNECT_PARAMS: Update one or more connect parameters
++ *	for subsequent roaming cases if the driver or firmware uses internal
++ *	BSS selection. This command can be issued only while connected and it
++ *	does not result in a change for the current association. Currently,
++ *	only the %NL80211_ATTR_IE data is used and updated with this command.
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -1069,6 +1089,10 @@ enum nl80211_commands {
+ 	NL80211_CMD_CHANGE_NAN_CONFIG,
+ 	NL80211_CMD_NAN_MATCH,
+ 
++	NL80211_CMD_SET_MULTICAST_TO_UNICAST,
++
++	NL80211_CMD_UPDATE_CONNECT_PARAMS,
++
+ 	/* add new commands above here */
+ 
+ 	/* used to define NL80211_CMD_MAX below */
+@@ -1638,8 +1662,16 @@ enum nl80211_commands {
+  *	the connection request from a station. nl80211_connect_failed_reason
+  *	enum has different reasons of connection failure.
+  *
+- * @NL80211_ATTR_SAE_DATA: SAE elements in Authentication frames. This starts
+- *	with the Authentication transaction sequence number field.
++ * @NL80211_ATTR_AUTH_DATA: Fields and elements in Authentication frames.
++ *	This contains the authentication frame body (non-IE and IE data),
++ *	excluding the Authentication algorithm number, i.e., starting at the
++ *	Authentication transaction sequence number field. It is used with
++ *	authentication algorithms that need special fields to be added into
++ *	the frames (SAE and FILS). Currently, only the SAE cases use the
++ *	initial two fields (Authentication transaction sequence number and
++ *	Status code). However, those fields are included in the attribute data
++ *	for all authentication algorithms to keep the attribute definition
++ *	consistent.
+  *
+  * @NL80211_ATTR_VHT_CAPABILITY: VHT Capability information element (from
+  *	association request when used with NL80211_CMD_NEW_STATION)
+@@ -1740,7 +1772,9 @@ enum nl80211_commands {
+  *
+  * @NL80211_ATTR_OPMODE_NOTIF: Operating mode field from Operating Mode
+  *	Notification Element based on association request when used with
+- *	%NL80211_CMD_NEW_STATION; u8 attribute.
++ *	%NL80211_CMD_NEW_STATION or %NL80211_CMD_SET_STATION (only when
++ *	%NL80211_FEATURE_FULL_AP_CLIENT_STATE is supported, or with TDLS);
++ *	u8 attribute.
+  *
+  * @NL80211_ATTR_VENDOR_ID: The vendor ID, either a 24-bit OUI or, if
+  *	%NL80211_VENDOR_ID_IS_LINUX is set, a special Linux ID (not used yet)
+@@ -1788,6 +1822,8 @@ enum nl80211_commands {
+  *	and remove functions. NAN notifications will be sent in unicast to that
+  *	socket. Without this attribute, any socket can add functions and the
+  *	notifications will be sent to the %NL80211_MCGRP_NAN multicast group.
++ *	If set during %NL80211_CMD_ASSOCIATE or %NL80211_CMD_CONNECT the
++ *	station will deauthenticate when the socket is closed.
+  *
+  * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is
+  *	the TDLS link initiator.
+@@ -1936,6 +1972,38 @@ enum nl80211_commands {
+  *	attribute.
   * @NL80211_ATTR_NAN_MATCH: used to report a match. This is a nested attribute.
   *	See &enum nl80211_nan_match_attributes.
-  *
++ * @NL80211_ATTR_FILS_KEK: KEK for FILS (Re)Association Request/Response frame
++ *	protection.
++ * @NL80211_ATTR_FILS_NONCES: Nonces (part of AAD) for FILS (Re)Association
++ *	Request/Response frame protection. This attribute contains the 16 octet
++ *	STA Nonce followed by 16 octets of AP Nonce.
++ *
++ * @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED: Indicates whether or not multicast
++ *	packets should be send out as unicast to all stations (flag attribute).
++ *
++ * @NL80211_ATTR_BSSID: The BSSID of the AP. Note that %NL80211_ATTR_MAC is also
++ *	used in various commands/events for specifying the BSSID.
++ *
++ * @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI: Relative RSSI threshold by which
++ *	other BSSs has to be better or slightly worse than the current
++ *	connected BSS so that they get reported to user space.
++ *	This will give an opportunity to userspace to consider connecting to
++ *	other matching BSSs which have better or slightly worse RSSI than
++ *	the current connected BSS by using an offloaded operation to avoid
++ *	unnecessary wakeups.
++ *
++ * @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST: When present the RSSI level for BSSs in
++ *	the specified band is to be adjusted before doing
++ *	%NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI based comparision to figure out
++ *	better BSSs. The attribute value is a packed structure
++ *	value as specified by &struct nl80211_bss_select_rssi_adjust.
++ *
++ * @NL80211_ATTR_TIMEOUT_REASON: The reason for which an operation timed out.
++ *	u32 attribute with an &enum nl80211_timeout_reason value. This is used,
++ *	e.g., with %NL80211_CMD_CONNECT event.
++ *
 + * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce
 + *	transmit power to stay within regulatory limits. u32, dBi.
-+ *
+  *
   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
   * @NL80211_ATTR_MAX: highest attribute number currently defined
-  * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -2336,6 +2339,8 @@ enum nl80211_attrs {
+@@ -2195,7 +2263,7 @@ enum nl80211_attrs {
+ 
+ 	NL80211_ATTR_CONN_FAILED_REASON,
+ 
+-	NL80211_ATTR_SAE_DATA,
++	NL80211_ATTR_AUTH_DATA,
+ 
+ 	NL80211_ATTR_VHT_CAPABILITY,
+ 
+@@ -2336,6 +2404,20 @@ enum nl80211_attrs {
  	NL80211_ATTR_NAN_FUNC,
  	NL80211_ATTR_NAN_MATCH,
  
++	NL80211_ATTR_FILS_KEK,
++	NL80211_ATTR_FILS_NONCES,
++
++	NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED,
++
++	NL80211_ATTR_BSSID,
++
++	NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
++	NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
++
++	NL80211_ATTR_TIMEOUT_REASON,
++
 +	NL80211_ATTR_WIPHY_ANTENNA_GAIN,
 +
  	/* add attributes here, update the policy in nl80211.c */
  
  	__NL80211_ATTR_AFTER_LAST,
+@@ -2347,6 +2429,7 @@ enum nl80211_attrs {
+ #define NL80211_ATTR_SCAN_GENERATION NL80211_ATTR_GENERATION
+ #define	NL80211_ATTR_MESH_PARAMS NL80211_ATTR_MESH_CONFIG
+ #define NL80211_ATTR_IFACE_SOCKET_OWNER NL80211_ATTR_SOCKET_OWNER
++#define NL80211_ATTR_SAE_DATA NL80211_ATTR_AUTH_DATA
+ 
+ /*
+  * Allow user space programs to use #ifdef on new attributes by defining them
+@@ -3027,6 +3110,13 @@ enum nl80211_reg_rule_attr {
+  *	how this API was implemented in the past. Also, due to the same problem,
+  *	the only way to create a matchset with only an RSSI filter (with this
+  *	attribute) is if there's only a single matchset with the RSSI attribute.
++ * @NL80211_SCHED_SCAN_MATCH_ATTR_RELATIVE_RSSI: Flag indicating whether
++ *	%NL80211_SCHED_SCAN_MATCH_ATTR_RSSI to be used as absolute RSSI or
++ *	relative to current bss's RSSI.
++ * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI_ADJUST: When present the RSSI level for
++ *	BSS-es in the specified band is to be adjusted before doing
++ *	RSSI-based BSS selection. The attribute value is a packed structure
++ *	value as specified by &struct nl80211_bss_select_rssi_adjust.
+  * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter
+  *	attribute number currently defined
+  * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use
+@@ -3036,6 +3126,8 @@ enum nl80211_sched_scan_match_attr {
+ 
+ 	NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
+ 	NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
++	NL80211_SCHED_SCAN_MATCH_ATTR_RELATIVE_RSSI,
++	NL80211_SCHED_SCAN_MATCH_ATTR_RSSI_ADJUST,
+ 
+ 	/* keep last */
+ 	__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST,
+@@ -3660,6 +3752,9 @@ enum nl80211_bss_status {
+  * @NL80211_AUTHTYPE_FT: Fast BSS Transition (IEEE 802.11r)
+  * @NL80211_AUTHTYPE_NETWORK_EAP: Network EAP (some Cisco APs and mainly LEAP)
+  * @NL80211_AUTHTYPE_SAE: Simultaneous authentication of equals
++ * @NL80211_AUTHTYPE_FILS_SK: Fast Initial Link Setup shared key
++ * @NL80211_AUTHTYPE_FILS_SK_PFS: Fast Initial Link Setup shared key with PFS
++ * @NL80211_AUTHTYPE_FILS_PK: Fast Initial Link Setup public key
+  * @__NL80211_AUTHTYPE_NUM: internal
+  * @NL80211_AUTHTYPE_MAX: maximum valid auth algorithm
+  * @NL80211_AUTHTYPE_AUTOMATIC: determine automatically (if necessary by
+@@ -3672,6 +3767,9 @@ enum nl80211_auth_type {
+ 	NL80211_AUTHTYPE_FT,
+ 	NL80211_AUTHTYPE_NETWORK_EAP,
+ 	NL80211_AUTHTYPE_SAE,
++	NL80211_AUTHTYPE_FILS_SK,
++	NL80211_AUTHTYPE_FILS_SK_PFS,
++	NL80211_AUTHTYPE_FILS_PK,
+ 
+ 	/* keep last */
+ 	__NL80211_AUTHTYPE_NUM,
+@@ -4280,6 +4378,9 @@ enum nl80211_iface_limit_attrs {
+  *	of supported channel widths for radar detection.
+  * @NL80211_IFACE_COMB_RADAR_DETECT_REGIONS: u32 attribute containing the bitmap
+  *	of supported regulatory regions for radar detection.
++ * @NL80211_IFACE_COMB_BI_MIN_GCD: u32 attribute specifying the minimum GCD of
++ *	different beacon intervals supported by all the interface combinations
++ *	in this group (if not present, all beacon intervals be identical).
+  * @NUM_NL80211_IFACE_COMB: number of attributes
+  * @MAX_NL80211_IFACE_COMB: highest attribute number
+  *
+@@ -4287,8 +4388,8 @@ enum nl80211_iface_limit_attrs {
+  *	limits = [ #{STA} <= 1, #{AP} <= 1 ], matching BI, channels = 1, max = 2
+  *	=> allows an AP and a STA that must match BIs
+  *
+- *	numbers = [ #{AP, P2P-GO} <= 8 ], channels = 1, max = 8
+- *	=> allows 8 of AP/GO
++ *	numbers = [ #{AP, P2P-GO} <= 8 ], BI min gcd, channels = 1, max = 8,
++ *	=> allows 8 of AP/GO that can have BI gcd >= min gcd
+  *
+  *	numbers = [ #{STA} <= 2 ], channels = 2, max = 2
+  *	=> allows two STAs on different channels
+@@ -4314,6 +4415,7 @@ enum nl80211_if_combination_attrs {
+ 	NL80211_IFACE_COMB_NUM_CHANNELS,
+ 	NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
+ 	NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
++	NL80211_IFACE_COMB_BI_MIN_GCD,
+ 
+ 	/* keep last */
+ 	NUM_NL80211_IFACE_COMB,
+@@ -4634,6 +4736,15 @@ enum nl80211_feature_flags {
+  *	configuration (AP/mesh) with HT rates.
+  * @NL80211_EXT_FEATURE_BEACON_RATE_VHT: Driver supports beacon rate
+  *	configuration (AP/mesh) with VHT rates.
++ * @NL80211_EXT_FEATURE_FILS_STA: This driver supports Fast Initial Link Setup
++ *	with user space SME (NL80211_CMD_AUTHENTICATE) in station mode.
++ * @NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA: This driver supports randomized TA
++ *	in @NL80211_CMD_FRAME while not associated.
++ * @NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED: This driver supports
++ *	randomized TA in @NL80211_CMD_FRAME while associated.
++ * @NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI: The driver supports sched_scan
++ *	for reporting BSSs with better RSSI than the current connected BSS
++ *	(%NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI).
+  *
+  * @NUM_NL80211_EXT_FEATURES: number of extended features.
+  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+@@ -4648,6 +4759,10 @@ enum nl80211_ext_feature_index {
+ 	NL80211_EXT_FEATURE_BEACON_RATE_LEGACY,
+ 	NL80211_EXT_FEATURE_BEACON_RATE_HT,
+ 	NL80211_EXT_FEATURE_BEACON_RATE_VHT,
++	NL80211_EXT_FEATURE_FILS_STA,
++	NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA,
++	NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED,
++	NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI,
+ 
+ 	/* add new features before the definition below */
+ 	NUM_NL80211_EXT_FEATURES,
+@@ -4687,6 +4802,21 @@ enum nl80211_connect_failed_reason {
+ };
+ 
+ /**
++ * enum nl80211_timeout_reason - timeout reasons
++ *
++ * @NL80211_TIMEOUT_UNSPECIFIED: Timeout reason unspecified.
++ * @NL80211_TIMEOUT_SCAN: Scan (AP discovery) timed out.
++ * @NL80211_TIMEOUT_AUTH: Authentication timed out.
++ * @NL80211_TIMEOUT_ASSOC: Association timed out.
++ */
++enum nl80211_timeout_reason {
++	NL80211_TIMEOUT_UNSPECIFIED,
++	NL80211_TIMEOUT_SCAN,
++	NL80211_TIMEOUT_AUTH,
++	NL80211_TIMEOUT_ASSOC,
++};
++
++/**
+  * enum nl80211_scan_flags -  scan request control flags
+  *
+  * Scan request control flags are used to control the handling
+@@ -4900,8 +5030,9 @@ enum nl80211_sched_scan_plan {
+ /**
+  * struct nl80211_bss_select_rssi_adjust - RSSI adjustment parameters.
+  *
+- * @band: band of BSS that must match for RSSI value adjustment.
+- * @delta: value used to adjust the RSSI value of matching BSS.
++ * @band: band of BSS that must match for RSSI value adjustment. The value
++ *	of this field is according to &enum nl80211_band.
++ * @delta: value used to adjust the RSSI value of matching BSS in dB.
+  */
+ struct nl80211_bss_select_rssi_adjust {
+ 	__u8 band;
diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile
index ddc858defb..c026e636b0 100644
--- a/package/network/utils/tcpdump/Makefile
+++ b/package/network/utils/tcpdump/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tcpdump
-PKG_VERSION:=4.8.1
+PKG_VERSION:=4.9.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.tcpdump.org/release/ \
 	http://www.at.tcpdump.org/
-PKG_HASH:=20e4341ec48fcf72abcae312ea913e6ba6b958617b2f3fb496d51f0ae88d831c
+PKG_HASH:=eae98121cbb1c9adbedd9a777bf2eae9fa1c1c676424a54740311c8abcee5a5e
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_PARALLEL:=1
diff --git a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch
index 310d50f3be..0588f39cca 100644
--- a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch
+++ b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch
@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -6260,97 +6260,6 @@ $as_echo "no" >&6; }
+@@ -6259,97 +6259,6 @@ $as_echo "no" >&6; }
      fi
  fi
  
diff --git a/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch b/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch
index 4855ec3872..6d96c2eacd 100644
--- a/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch
+++ b/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch
@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -5472,37 +5472,6 @@ $as_echo "Using $pfopen" >&6; }
+@@ -5471,37 +5471,6 @@ $as_echo "Using $pfopen" >&6; }
  		    LIBS="$LIBS $pfopen"
  	    fi
      fi
@@ -38,7 +38,7 @@
  
  	    #
  	    # Look for pcap-config.
-@@ -5658,51 +5627,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes;
+@@ -5657,51 +5626,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes;
    libpcap="-lpcap"
  fi
  
diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
index a39916e143..26dbe13e3a 100644
--- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
+++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
@@ -8,7 +8,7 @@
 +
 +CSRC=\
 +	tcpdump.c \
-+	util.c \
++	netdissect.c \
 +	setsignal.c \
 +	addrtoname.c \
 +	addrtostr.c \
@@ -80,10 +80,10 @@
 +
 +else
 +
- CSRC =	setsignal.c tcpdump.c util.c
+ CSRC =	setsignal.c tcpdump.c
  
  LIBNETDISSECT_SRC=\
-@@ -236,12 +312,16 @@ LIBNETDISSECT_SRC=\
+@@ -237,12 +313,16 @@ LIBNETDISSECT_SRC=\
  	strtoaddr.c \
  	util-print.c
  
@@ -100,7 +100,7 @@
  
  
  SRC =	$(CSRC) $(GENSRC) $(LOCALSRC) $(LIBNETDISSECT_SRC)
-@@ -367,10 +447,12 @@ $(PROG): $(OBJ) @V_PCAPDEP@
+@@ -373,10 +453,12 @@ $(PROG): $(OBJ) @V_PCAPDEP@
  	@rm -f $@
  	$(CC) $(FULL_CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
  
@@ -115,7 +115,7 @@
  	$(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/datalinks.c
 --- a/addrtoname.c
 +++ b/addrtoname.c
-@@ -564,8 +564,10 @@ linkaddr_string(netdissect_options *ndo,
+@@ -566,8 +566,10 @@ linkaddr_string(netdissect_options *ndo,
  	if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN)
  		return (etheraddr_string(ndo, ep));
  
@@ -126,7 +126,7 @@
  
  	tp = lookup_bytestring(ndo, ep, len);
  	if (tp->e_name)
-@@ -1200,6 +1202,7 @@ init_addrtoname(netdissect_options *ndo,
+@@ -1202,6 +1204,7 @@ init_addrtoname(netdissect_options *ndo,
  	init_ipxsaparray(ndo);
  }
  
@@ -134,7 +134,7 @@
  const char *
  dnaddr_string(netdissect_options *ndo, u_short dnaddr)
  {
-@@ -1219,6 +1222,7 @@ dnaddr_string(netdissect_options *ndo, u
+@@ -1221,6 +1224,7 @@ dnaddr_string(netdissect_options *ndo, u
  
  	return(tp->name);
  }
@@ -237,7 +237,7 @@
  
 --- a/print-ether.c
 +++ b/print-ether.c
-@@ -332,6 +332,7 @@ ethertype_print(netdissect_options *ndo,
+@@ -342,6 +342,7 @@ ethertype_print(netdissect_options *ndo,
  	        arp_print(ndo, p, length, caplen);
  		return (1);
  
@@ -245,27 +245,27 @@
  	case ETHERTYPE_DN:
  		decnet_print(ndo, p, length, caplen);
  		return (1);
-@@ -354,6 +355,7 @@ ethertype_print(netdissect_options *ndo,
- 	case ETHERTYPE_ISO:
- 		isoclns_print(ndo, p + 1, length - 1, length - 1);
+@@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo,
+ 		}
+ 		isoclns_print(ndo, p + 1, length - 1, caplen - 1);
  		return(1);
 +#endif
  
  	case ETHERTYPE_PPPOED:
  	case ETHERTYPE_PPPOES:
-@@ -366,9 +368,11 @@ ethertype_print(netdissect_options *ndo,
+@@ -380,9 +382,11 @@ ethertype_print(netdissect_options *ndo,
  	        eap_print(ndo, p, length);
  		return (1);
  
 +#ifndef TCPDUMP_MINI
  	case ETHERTYPE_RRCP:
- 	        rrcp_print(ndo, p - 14 , length + 14);
+ 	        rrcp_print(ndo, p, length, src, dst);
  		return (1);
 +#endif
  
  	case ETHERTYPE_PPP:
  		if (length) {
-@@ -377,6 +381,7 @@ ethertype_print(netdissect_options *ndo,
+@@ -391,6 +395,7 @@ ethertype_print(netdissect_options *ndo,
  		}
  		return (1);
  
@@ -273,7 +273,7 @@
  	case ETHERTYPE_MPCP:
  	        mpcp_print(ndo, p, length);
  		return (1);
-@@ -389,6 +394,7 @@ ethertype_print(netdissect_options *ndo,
+@@ -403,6 +408,7 @@ ethertype_print(netdissect_options *ndo,
  	case ETHERTYPE_CFM_OLD:
  		cfm_print(ndo, p, length);
  		return (1);
@@ -281,7 +281,7 @@
  
  	case ETHERTYPE_LLDP:
  		lldp_print(ndo, p, length);
-@@ -398,6 +404,7 @@ ethertype_print(netdissect_options *ndo,
+@@ -412,6 +418,7 @@ ethertype_print(netdissect_options *ndo,
  		loopback_print(ndo, p, length);
                  return (1);
  
@@ -289,9 +289,9 @@
  	case ETHERTYPE_MPLS:
  	case ETHERTYPE_MPLS_MULTI:
  		mpls_print(ndo, p, length);
-@@ -427,6 +434,7 @@ ethertype_print(netdissect_options *ndo,
+@@ -441,6 +448,7 @@ ethertype_print(netdissect_options *ndo,
  	case ETHERTYPE_MEDSA:
- 		medsa_print(ndo, p, length, caplen);
+ 		medsa_print(ndo, p, length, caplen, src, dst);
  		return (1);
 +#endif
  
@@ -299,7 +299,7 @@
  	case ETHERTYPE_SCA:
 --- a/print-gre.c
 +++ b/print-gre.c
-@@ -203,6 +203,7 @@ gre_print_0(netdissect_options *ndo, con
+@@ -216,6 +216,7 @@ gre_print_0(netdissect_options *ndo, con
  	case ETHERTYPE_IPV6:
  		ip6_print(ndo, bp, len);
  		break;
@@ -307,9 +307,9 @@
  	case ETHERTYPE_MPLS:
  		mpls_print(ndo, bp, len);
  		break;
-@@ -218,6 +219,7 @@ gre_print_0(netdissect_options *ndo, con
+@@ -231,6 +232,7 @@ gre_print_0(netdissect_options *ndo, con
  	case ETHERTYPE_TEB:
- 		ether_print(ndo, bp, len, len, NULL, NULL);
+ 		ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL);
  		break;
 +#endif
  	default:
@@ -317,7 +317,7 @@
  	}
 --- a/print-igmp.c
 +++ b/print-igmp.c
-@@ -304,6 +304,7 @@ igmp_print(netdissect_options *ndo,
+@@ -306,6 +306,7 @@ igmp_print(netdissect_options *ndo,
          ND_TCHECK2(bp[4], 4);
          ND_PRINT((ndo, "igmp leave %s", ipaddr_string(ndo, &bp[4])));
          break;
@@ -325,7 +325,7 @@
      case 0x13:
          ND_PRINT((ndo, "igmp dvmrp"));
          if (len < 8)
-@@ -315,6 +316,7 @@ igmp_print(netdissect_options *ndo,
+@@ -317,6 +318,7 @@ igmp_print(netdissect_options *ndo,
          ND_PRINT((ndo, "igmp pimv1"));
          pimv1_print(ndo, bp, len);
          break;
@@ -335,15 +335,15 @@
          break;
 --- a/print-ip6.c
 +++ b/print-ip6.c
-@@ -297,6 +297,7 @@ ip6_print(netdissect_options *ndo, const
- 			advance = dstopt_print(ndo, cp);
+@@ -303,6 +303,7 @@ ip6_print(netdissect_options *ndo, const
+ 				return;
  			nh = *cp;
  			break;
 +#ifndef TCPDUMP_MINI
  		case IPPROTO_FRAGMENT:
  			advance = frag6_print(ndo, cp, (const u_char *)ip6);
- 			if (ndo->ndo_snapend <= cp + advance)
-@@ -318,16 +319,19 @@ ip6_print(netdissect_options *ndo, const
+ 			if (advance < 0 || ndo->ndo_snapend <= cp + advance)
+@@ -324,16 +325,19 @@ ip6_print(netdissect_options *ndo, const
  			advance = mobility_print(ndo, cp, (const u_char *)ip6);
  			nh = *cp;
  			return;
@@ -363,7 +363,7 @@
  		case IPPROTO_TCP:
  			tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented);
  			return;
-@@ -337,6 +341,7 @@ ip6_print(netdissect_options *ndo, const
+@@ -343,6 +347,7 @@ ip6_print(netdissect_options *ndo, const
  		case IPPROTO_ICMPV6:
  			icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented);
  			return;
@@ -371,7 +371,7 @@
  		case IPPROTO_AH:
  			advance = ah_print(ndo, cp);
  			nh = *cp;
-@@ -360,6 +365,7 @@ ip6_print(netdissect_options *ndo, const
+@@ -371,6 +376,7 @@ ip6_print(netdissect_options *ndo, const
  		case IPPROTO_PIM:
  			pim_print(ndo, cp, len, (const u_char *)ip6);
  			return;
@@ -379,7 +379,7 @@
  
  		case IPPROTO_OSPF:
  			ospf6_print(ndo, cp, len);
-@@ -373,9 +379,11 @@ ip6_print(netdissect_options *ndo, const
+@@ -384,9 +390,11 @@ ip6_print(netdissect_options *ndo, const
  		        ip_print(ndo, cp, len);
  			return;
  
@@ -393,17 +393,17 @@
  			gre_print(ndo, cp, len);
 --- a/print-ip.c
 +++ b/print-ip.c
-@@ -327,6 +327,7 @@ ip_print_demux(netdissect_options *ndo,
+@@ -329,6 +329,7 @@ ip_print_demux(netdissect_options *ndo,
  again:
  	switch (ipds->nh) {
  
 +#ifndef TCPDUMP_MINI
  	case IPPROTO_AH:
- 		ipds->nh = *ipds->cp;
- 		ipds->advance = ah_print(ndo, ipds->cp);
-@@ -361,7 +362,9 @@ again:
- 		ipds->nh = enh & 0xff;
- 		goto again;
+ 		if (!ND_TTEST(*ipds->cp)) {
+ 			ND_PRINT((ndo, "[|AH]"));
+@@ -367,7 +368,9 @@ again:
+ 		 */
+ 		break;
  	}
 +#endif
  
@@ -411,7 +411,7 @@
  	case IPPROTO_SCTP:
  		sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
  		break;
-@@ -369,6 +372,7 @@ again:
+@@ -375,6 +378,7 @@ again:
  	case IPPROTO_DCCP:
  		dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
  		break;
@@ -419,7 +419,7 @@
  
  	case IPPROTO_TCP:
  		/* pass on the MF bit plus the offset to detect fragments */
-@@ -388,6 +392,7 @@ again:
+@@ -394,6 +398,7 @@ again:
  			   ipds->off & (IP_MF|IP_OFFMASK));
  		break;
  
@@ -427,7 +427,7 @@
  	case IPPROTO_PIGP:
  		/*
  		 * XXX - the current IANA protocol number assignments
-@@ -408,14 +413,17 @@ again:
+@@ -414,14 +419,17 @@ again:
  	case IPPROTO_EIGRP:
  		eigrp_print(ndo, ipds->cp, ipds->len);
  		break;
@@ -445,7 +445,7 @@
  
  	case IPPROTO_OSPF:
  		ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
-@@ -448,6 +456,7 @@ again:
+@@ -454,6 +462,7 @@ again:
  		gre_print(ndo, ipds->cp, ipds->len);
  		break;
  
@@ -453,7 +453,7 @@
  	case IPPROTO_MOBILE:
  		mobile_print(ndo, ipds->cp, ipds->len);
  		break;
-@@ -476,6 +485,7 @@ again:
+@@ -482,6 +491,7 @@ again:
  	case IPPROTO_PGM:
  		pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
  		break;
@@ -463,7 +463,7 @@
  		if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL)
 --- a/print-llc.c
 +++ b/print-llc.c
-@@ -204,6 +204,7 @@ llc_print(netdissect_options *ndo, const
+@@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const
  		hdrlen = 4;	/* DSAP, SSAP, 2-byte control field */
  	}
  
@@ -471,7 +471,7 @@
  	if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) {
  		/*
  		 * This is an Ethernet_802.3 IPX frame; it has an
-@@ -226,6 +227,7 @@ llc_print(netdissect_options *ndo, const
+@@ -228,6 +229,7 @@ llc_print(netdissect_options *ndo, const
              ipx_print(ndo, p, length);
              return (0);		/* no LLC header */
  	}
@@ -479,7 +479,7 @@
  
  	dsap = dsap_field & ~LLC_IG;
  	ssap = ssap_field & ~LLC_GSAP;
-@@ -289,6 +291,7 @@ llc_print(netdissect_options *ndo, const
+@@ -291,6 +293,7 @@ llc_print(netdissect_options *ndo, const
  		return (hdrlen);
  	}
  
@@ -487,7 +487,7 @@
  	if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX &&
  	    control == LLC_UI) {
  		/*
-@@ -302,6 +305,7 @@ llc_print(netdissect_options *ndo, const
+@@ -304,6 +307,7 @@ llc_print(netdissect_options *ndo, const
  		ipx_print(ndo, p, length);
  		return (hdrlen);
  	}
@@ -495,7 +495,7 @@
  
  #ifdef ENABLE_SMB
  	if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI
-@@ -320,11 +324,13 @@ llc_print(netdissect_options *ndo, const
+@@ -322,11 +326,13 @@ llc_print(netdissect_options *ndo, const
  		return (hdrlen);
  	}
  #endif
@@ -509,7 +509,7 @@
  
  	if (!ndo->ndo_eflag) {
  		if (ssap == dsap) {
-@@ -458,6 +464,7 @@ snap_print(netdissect_options *ndo, cons
+@@ -480,6 +486,7 @@ snap_print(netdissect_options *ndo, cons
  
  	case OUI_CISCO:
                  switch (et) {
@@ -517,7 +517,7 @@
                  case PID_CISCO_CDP:
                          cdp_print(ndo, p, length, caplen);
                          return (1);
-@@ -470,6 +477,7 @@ snap_print(netdissect_options *ndo, cons
+@@ -492,6 +499,7 @@ snap_print(netdissect_options *ndo, cons
                  case PID_CISCO_VTP:
                          vtp_print(ndo, p, length);
                          return (1);
@@ -525,7 +525,7 @@
                  case PID_CISCO_PVST:
                  case PID_CISCO_VLANBRIDGE:
                          stp_print(ndo, p, length);
-@@ -482,6 +490,7 @@ snap_print(netdissect_options *ndo, cons
+@@ -504,6 +512,7 @@ snap_print(netdissect_options *ndo, cons
  	case OUI_RFC2684:
  		switch (et) {
  
@@ -533,7 +533,7 @@
  		case PID_RFC2684_ETH_FCS:
  		case PID_RFC2684_ETH_NOFCS:
  			/*
-@@ -543,6 +552,7 @@ snap_print(netdissect_options *ndo, cons
+@@ -565,6 +574,7 @@ snap_print(netdissect_options *ndo, cons
  			 */
  			fddi_print(ndo, p, length, caplen);
  			return (1);
@@ -543,7 +543,7 @@
  			stp_print(ndo, p, length);
 --- a/print-null.c
 +++ b/print-null.c
-@@ -114,6 +114,7 @@ null_if_print(netdissect_options *ndo, c
+@@ -116,6 +116,7 @@ null_if_print(netdissect_options *ndo, c
  		ip6_print(ndo, p, length);
  		break;
  
@@ -551,7 +551,7 @@
  	case BSD_AFNUM_ISO:
  		isoclns_print(ndo, p, length, caplen);
  		break;
-@@ -125,6 +126,7 @@ null_if_print(netdissect_options *ndo, c
+@@ -127,6 +128,7 @@ null_if_print(netdissect_options *ndo, c
  	case BSD_AFNUM_IPX:
  		ipx_print(ndo, p, length);
  		break;
@@ -561,7 +561,7 @@
  		/* unknown AF_ value */
 --- a/print-ppp.c
 +++ b/print-ppp.c
-@@ -1346,6 +1346,7 @@ trunc:
+@@ -1358,6 +1358,7 @@ trunc:
  	return 0;
  }
  
@@ -569,7 +569,7 @@
  static void
  ppp_hdlc(netdissect_options *ndo,
           const u_char *p, int length)
-@@ -1424,6 +1425,7 @@ trunc:
+@@ -1436,6 +1437,7 @@ trunc:
  	free(b);
  	ND_PRINT((ndo, "[|ppp]"));
  }
@@ -577,7 +577,7 @@
  
  
  /* PPP */
-@@ -1431,10 +1433,12 @@ static void
+@@ -1443,10 +1445,12 @@ static void
  handle_ppp(netdissect_options *ndo,
             u_int proto, const u_char *p, int length)
  {
@@ -590,7 +590,7 @@
  
  	switch (proto) {
  	case PPP_LCP: /* fall through */
-@@ -1467,6 +1471,7 @@ handle_ppp(netdissect_options *ndo,
+@@ -1479,6 +1483,7 @@ handle_ppp(netdissect_options *ndo,
  	case PPP_IPV6:
  		ip6_print(ndo, p, length);
  		break;
@@ -598,7 +598,7 @@
  	case ETHERTYPE_IPX:	/*XXX*/
  	case PPP_IPX:
  		ipx_print(ndo, p, length);
-@@ -1478,6 +1483,7 @@ handle_ppp(netdissect_options *ndo,
+@@ -1490,6 +1495,7 @@ handle_ppp(netdissect_options *ndo,
  	case PPP_MPLS_MCAST:
  		mpls_print(ndo, p, length);
  		break;
@@ -606,7 +606,7 @@
  	case PPP_COMP:
  		ND_PRINT((ndo, "compressed PPP data"));
  		break;
-@@ -1618,6 +1624,7 @@ ppp_if_print(netdissect_options *ndo,
+@@ -1630,6 +1636,7 @@ ppp_if_print(netdissect_options *ndo,
  	return (0);
  }
  
@@ -614,7 +614,7 @@
  /*
   * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like
   * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547,
-@@ -1840,6 +1847,7 @@ printx:
+@@ -1857,6 +1864,7 @@ printx:
  #endif /* __bsdi__ */
  	return (hdrlength);
  }
@@ -624,7 +624,7 @@
  /*
 --- a/print-sll.c
 +++ b/print-sll.c
-@@ -236,12 +236,14 @@ recurse:
+@@ -238,12 +238,14 @@ recurse:
  		 */
  		switch (ether_type) {
  
@@ -641,7 +641,7 @@
  			/*
 --- a/print-tcp.c
 +++ b/print-tcp.c
-@@ -565,12 +565,14 @@ tcp_print(netdissect_options *ndo,
+@@ -589,12 +589,14 @@ tcp_print(netdissect_options *ndo,
                                  ND_PRINT((ndo, " %u", utoval));
                                  break;
  
@@ -656,7 +656,7 @@
  
                          case TCPOPT_FASTOPEN:
                                  datalen = len - 2;
-@@ -645,6 +647,7 @@ tcp_print(netdissect_options *ndo,
+@@ -670,6 +672,7 @@ tcp_print(netdissect_options *ndo,
                  return;
          }
  
@@ -664,7 +664,7 @@
          if (ndo->ndo_packettype) {
                  switch (ndo->ndo_packettype) {
                  case PT_ZMTP1:
-@@ -656,28 +659,36 @@ tcp_print(netdissect_options *ndo,
+@@ -681,28 +684,36 @@ tcp_print(netdissect_options *ndo,
                  }
                  return;
          }
@@ -702,7 +702,7 @@
          else if (IS_SRC_OR_DST_PORT(FTP_PORT)) {
                  ND_PRINT((ndo, ": "));
                  ftp_print(ndo, bp, length);
-@@ -694,6 +705,7 @@ tcp_print(netdissect_options *ndo,
+@@ -719,6 +730,7 @@ tcp_print(netdissect_options *ndo,
                   * XXX packet could be unaligned, it can go strange
                   */
                  ns_print(ndo, bp + 2, length - 2, 0);
@@ -710,7 +710,7 @@
          } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) {
                  msdp_print(ndo, bp, length);
          } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) {
-@@ -701,6 +713,7 @@ tcp_print(netdissect_options *ndo,
+@@ -726,6 +738,7 @@ tcp_print(netdissect_options *ndo,
          }
          else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) {
                  ldp_print(ndo, bp, length);
@@ -720,7 +720,7 @@
                   length >= 4 && ND_TTEST2(*bp, 4)) {
 --- a/print-udp.c
 +++ b/print-udp.c
-@@ -397,10 +397,12 @@ udp_print(netdissect_options *ndo, regis
+@@ -430,10 +430,12 @@ udp_print(netdissect_options *ndo, regis
  			vat_print(ndo, (const void *)(up + 1), up);
  			break;
  
@@ -733,7 +733,7 @@
  
  		case PT_RPC:
  			rp = (const struct sunrpc_msg *)(up + 1);
-@@ -429,10 +431,12 @@ udp_print(netdissect_options *ndo, regis
+@@ -462,10 +464,12 @@ udp_print(netdissect_options *ndo, regis
  			snmp_print(ndo, (const u_char *)(up + 1), length);
  			break;
  
@@ -746,7 +746,7 @@
  
  		case PT_TFTP:
  			udpipaddr_print(ndo, ip, sport, dport);
-@@ -450,6 +454,7 @@ udp_print(netdissect_options *ndo, regis
+@@ -483,6 +487,7 @@ udp_print(netdissect_options *ndo, regis
  			radius_print(ndo, cp, length);
  			break;
  
@@ -754,7 +754,7 @@
  		case PT_VXLAN:
  			udpipaddr_print(ndo, ip, sport, dport);
  			vxlan_print(ndo, (const u_char *)(up + 1), length);
-@@ -464,6 +469,7 @@ udp_print(netdissect_options *ndo, regis
+@@ -497,6 +502,7 @@ udp_print(netdissect_options *ndo, regis
  			udpipaddr_print(ndo, ip, sport, dport);
  			lmp_print(ndo, cp, length);
  			break;
@@ -762,7 +762,7 @@
  		}
  		return;
  	}
-@@ -541,31 +547,40 @@ udp_print(netdissect_options *ndo, regis
+@@ -574,31 +580,40 @@ udp_print(netdissect_options *ndo, regis
  			ns_print(ndo, (const u_char *)(up + 1), length, 0);
  		else if (IS_SRC_OR_DST_PORT(MULTICASTDNS_PORT))
  			ns_print(ndo, (const u_char *)(up + 1), length, 1);
@@ -803,7 +803,7 @@
  		else if (IS_SRC_OR_DST_PORT(L2TP_PORT))
  			l2tp_print(ndo, (const u_char *)(up + 1), length);
  #ifdef ENABLE_SMB
-@@ -576,6 +591,7 @@ udp_print(netdissect_options *ndo, regis
+@@ -609,6 +624,7 @@ udp_print(netdissect_options *ndo, regis
  #endif
  		else if (dport == VAT_PORT)
  			vat_print(ndo, (const void *)(up + 1), up);
@@ -811,7 +811,7 @@
  		else if (IS_SRC_OR_DST_PORT(ZEPHYR_SRV_PORT) || IS_SRC_OR_DST_PORT(ZEPHYR_CLT_PORT))
  			zephyr_print(ndo, (const void *)(up + 1), length);
  		/*
-@@ -588,8 +604,11 @@ udp_print(netdissect_options *ndo, regis
+@@ -621,8 +637,11 @@ udp_print(netdissect_options *ndo, regis
  				 (const u_char *) ip);
  		else if (IS_SRC_OR_DST_PORT(RIPNG_PORT))
  			ripng_print(ndo, (const u_char *)(up + 1), length);
@@ -823,7 +823,7 @@
  		else if (IS_SRC_OR_DST_PORT(AHCP_PORT))
  			ahcp_print(ndo, (const u_char *)(up + 1), length);
  		else if (IS_SRC_OR_DST_PORT(BABEL_PORT) || IS_SRC_OR_DST_PORT(BABEL_PORT_OLD))
-@@ -603,6 +622,7 @@ udp_print(netdissect_options *ndo, regis
+@@ -636,6 +655,7 @@ udp_print(netdissect_options *ndo, regis
  			wb_print(ndo, (const void *)(up + 1), length);
  		else if (IS_SRC_OR_DST_PORT(CISCO_AUTORP_PORT))
  			cisco_autorp_print(ndo, (const void *)(up + 1), length);
@@ -831,7 +831,7 @@
  		else if (IS_SRC_OR_DST_PORT(RADIUS_PORT) ||
  			 IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) ||
  			 IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) ||
-@@ -610,15 +630,18 @@ udp_print(netdissect_options *ndo, regis
+@@ -643,15 +663,18 @@ udp_print(netdissect_options *ndo, regis
  			 IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) ||
  			 IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) )
  			radius_print(ndo, (const u_char *)(up+1), length);
@@ -850,7 +850,7 @@
  		else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT))
  			lspping_print(ndo, (const u_char *)(up + 1), length);
  		else if (dport == BFD_CONTROL_PORT ||
-@@ -636,10 +659,12 @@ udp_print(netdissect_options *ndo, regis
+@@ -669,10 +692,12 @@ udp_print(netdissect_options *ndo, regis
                          lwapp_control_print(ndo, (const u_char *)(up + 1), length, 0);
                  else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT))
                          lwapp_data_print(ndo, (const u_char *)(up + 1), length);
@@ -863,7 +863,7 @@
                  else if (IS_SRC_OR_DST_PORT(OTV_PORT))
  			otv_print(ndo, (const u_char *)(up + 1), length);
                  else if (IS_SRC_OR_DST_PORT(VXLAN_PORT))
-@@ -656,7 +681,9 @@ udp_print(netdissect_options *ndo, regis
+@@ -689,7 +714,9 @@ udp_print(netdissect_options *ndo, regis
  			if (ndo->ndo_vflag)
  				ND_PRINT((ndo, "kip "));
  			llap_print(ndo, cp, length);
diff --git a/package/network/utils/umbim/Makefile b/package/network/utils/umbim/Makefile
index 42d4b85eaa..616a02367c 100644
--- a/package/network/utils/umbim/Makefile
+++ b/package/network/utils/umbim/Makefile
@@ -15,6 +15,8 @@ PKG_LICENSE_FILES:=
 
 PKG_BUILD_PARALLEL:=1
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 
diff --git a/package/network/utils/uqmi/Makefile b/package/network/utils/uqmi/Makefile
index 41db1e7671..2102490f68 100644
--- a/package/network/utils/uqmi/Makefile
+++ b/package/network/utils/uqmi/Makefile
@@ -15,6 +15,8 @@ PKG_LICENSE_FILES:=
 
 PKG_BUILD_PARALLEL:=1
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 
diff --git a/package/network/utils/wireless-tools/Makefile b/package/network/utils/wireless-tools/Makefile
index eac0573b43..dd3430a426 100644
--- a/package/network/utils/wireless-tools/Makefile
+++ b/package/network/utils/wireless-tools/Makefile
@@ -13,7 +13,7 @@ PKG_MINOR:=
 PKG_RELEASE:=5
 
 PKG_SOURCE:=wireless_tools.$(PKG_VERSION)$(PKG_MINOR).tar.gz
-PKG_SOURCE_URL:=http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux
+PKG_SOURCE_URL:=https://hewlettpackard.github.io/wireless-tools
 PKG_HASH:=6fb80935fe208538131ce2c4178221bab1078a1656306bce8909c19887e2e5a1
 TAR_OPTIONS += || true
 
diff --git a/package/system/lede-keyring/Makefile b/package/system/lede-keyring/Makefile
index a84f84722f..fb5752a54e 100644
--- a/package/system/lede-keyring/Makefile
+++ b/package/system/lede-keyring/Makefile
@@ -7,9 +7,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/keyring.git
-PKG_SOURCE_DATE:=2016-04-30
-PKG_SOURCE_VERSION:=5c7857eed3fa06a9005f96b9b029388c7f316e83
-PKG_MIRROR_HASH:=6119196dad6c92df22617c5f4a923728a657b591c6a6901dda21acadc63da51d
+PKG_SOURCE_DATE:=2017-01-20
+PKG_SOURCE_VERSION:=a50b7529880988ca96e72dede0279ff139a8ab1a
+PKG_MIRROR_HASH:=811ba79ba71925e949d2c690db7d7b031ac1dd965aa831ca9b6d9d70f5657254
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=GPL-2.0
diff --git a/package/system/mountd/Makefile b/package/system/mountd/Makefile
index 6922f2f5a0..70275617fa 100644
--- a/package/system/mountd/Makefile
+++ b/package/system/mountd/Makefile
@@ -23,7 +23,7 @@ define Package/mountd
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=OpenWrt automount daemon
-  DEPENDS:=@USB_SUPPORT +uci +kmod-usb-storage +kmod-fs-autofs4
+  DEPENDS:=+uci +kmod-fs-autofs4
   URL:=http://www.openwrt.org
 endef
 
diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index 898d769b2e..39e6b4d058 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -11,14 +11,13 @@ include $(INCLUDE_DIR)/version.mk
 include $(INCLUDE_DIR)/feeds.mk
 
 PKG_NAME:=opkg
-PKG_RELEASE:=16
+PKG_RELEASE:=17
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=http://git.yoctoproject.org/git/opkg
 PKG_SOURCE_DATE:=2011-04-08
 PKG_SOURCE_VERSION:=9c97d5ecd795709c8584e972bfdf3aee3a5b846d
 PKG_MIRROR_HASH:=55e05270f3eb2f3aff5d3791463ce3d13b8197ca7b301cd58e731a249552c48f
-PKG_BUILD_DIR=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES = autogen.sh aclocal.m4
 
diff --git a/package/system/opkg/patches/290-clarify-download-errors.patch b/package/system/opkg/patches/290-clarify-download-errors.patch
new file mode 100644
index 0000000000..5512f675d8
--- /dev/null
+++ b/package/system/opkg/patches/290-clarify-download-errors.patch
@@ -0,0 +1,61 @@
+--- a/libopkg/opkg_cmd.c
++++ b/libopkg/opkg_cmd.c
+@@ -85,6 +85,7 @@ opkg_update_cmd(int argc, char **argv)
+      char *tmp;
+      int err;
+      int failures;
++     int pkglist_dl_error;
+      char *lists_dir;
+      pkg_src_list_elt_t *iter;
+      pkg_src_t *src;
+@@ -130,15 +131,19 @@ opkg_update_cmd(int argc, char **argv)
+ 	      sprintf_alloc(&url, "%s/%s", src->value, src->gzip ? "Packages.gz" : "Packages");
+ 
+ 	  sprintf_alloc(&list_file_name, "%s/%s", lists_dir, src->name);
++	  pkglist_dl_error = 0;
+ 	  if (opkg_download(url, list_file_name, NULL, NULL, 0)) {
+ 	       failures++;
++	       pkglist_dl_error = 1;
++	       opkg_msg(NOTICE, "*** Failed to download the package list from %s\n\n",
++			    url);
+ 	  } else {
+-	       opkg_msg(NOTICE, "Updated list of available packages in %s.\n",
++	       opkg_msg(NOTICE, "Updated list of available packages in %s\n",
+ 			    list_file_name);
+ 	  }
+ 	  free(url);
+ #if defined(HAVE_GPGME) || defined(HAVE_OPENSSL) || defined(HAVE_USIGN)
+-          if (conf->check_signature) {
++          if (pkglist_dl_error == 0 && conf->check_signature) {
+               /* download detached signitures to verify the package lists */
+               /* get the url for the sig file */
+               if (src->extra_data)	/* debian style? */
+@@ -156,7 +161,7 @@ opkg_update_cmd(int argc, char **argv)
+               err = opkg_download(url, tmp_file_name, NULL, NULL, 0);
+               if (err) {
+                   failures++;
+-                  opkg_msg(NOTICE, "Signature check failed.\n");
++                  opkg_msg(NOTICE, "Signature file download failed.\n");
+               } else {
+                   err = opkg_verify_file (list_file_name, tmp_file_name);
+                   if (err == 0)
+--- a/libopkg/opkg_download.c
++++ b/libopkg/opkg_download.c
+@@ -91,7 +91,7 @@ opkg_download(const char *src, const cha
+     char *src_base = basename(src_basec);
+     char *tmp_file_location;
+ 
+-    opkg_msg(NOTICE,"Downloading %s.\n", src);
++    opkg_msg(NOTICE,"Downloading %s\n", src);
+ 
+     if (str_starts_with(src, "file:")) {
+ 	const char *file_src = src + 5;
+@@ -175,6 +175,8 @@ opkg_download(const char *src, const cha
+ 
+       if (res) {
+ 	opkg_msg(ERROR, "Failed to download %s, wget returned %d.\n", src, res);
++	if (res == 4)
++	    opkg_msg(ERROR, "Check your network settings and connectivity.\n\n");
+ 	free(tmp_file_location);
+ 	return -1;
+       }
diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
index b0e555e421..fd1bca3f4b 100644
--- a/package/system/procd/Makefile
+++ b/package/system/procd/Makefile
@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/procd.git
-PKG_SOURCE_DATE:=2017-01-10
-PKG_SOURCE_VERSION:=f7069032290a9720142b2ee2c6315d7e1f1a1bd3
-PKG_MIRROR_HASH:=3917269c1ed1f9b6d4a8f5559b2cdec6f91da3ad00ffe5375b5680f9e230b21d
+PKG_SOURCE_DATE:=2017-02-15
+PKG_SOURCE_VERSION:=5f9124103410c178d816bb5229fba7dd2286a49b
+PKG_MIRROR_HASH:=ec887b349fc60ad3882fc9eaefb5cd299d64e7d43c062df9f7b7500591ba3e85
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=GPL-2.0
diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh
index 8f18cda70e..6347de57ab 100644
--- a/package/system/procd/files/procd.sh
+++ b/package/system/procd/files/procd.sh
@@ -213,9 +213,12 @@ _procd_set_param() {
 			json_add_string "" "$@"
 			json_close_array
 		;;
-		nice|reload_signal)
+		nice)
 			json_add_int "$type" "$1"
 		;;
+		reload_signal)
+			json_add_int "$type" $(kill -l "$1")
+		;;
 		pidfile|user|seccomp|capabilities)
 			json_add_string "$type" "$1"
 		;;
@@ -248,9 +251,8 @@ _procd_add_interface_trigger() {
 	json_close_array
 
 	json_close_array
-	json_close_array
-
 	_procd_add_timeout
+	json_close_array
 }
 
 _procd_add_reload_interface_trigger() {
@@ -280,10 +282,8 @@ _procd_add_config_trigger() {
 	json_close_array
 
 	json_close_array
-
-	json_close_array
-
 	_procd_add_timeout
+	json_close_array
 }
 
 _procd_add_raw_trigger() {
diff --git a/package/system/ubox/Makefile b/package/system/ubox/Makefile
index 8900c67803..e833cac487 100644
--- a/package/system/ubox/Makefile
+++ b/package/system/ubox/Makefile
@@ -5,7 +5,7 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/ubox.git
-PKG_SOURCE_DATE:=2016-09-26
+PKG_SOURCE_DATE:=2017-01-15
 PKG_SOURCE_VERSION:=5649c028c426060616e2bd4e7ea83271cd333d21
 PKG_MIRROR_HASH:=ae77504a4397f92173a7646fa3555e5b51abd7ff1dd1c419770223359e41937a
 CMAKE_INSTALL:=1
@@ -27,8 +27,15 @@ define Package/ubox
   TITLE:=OpenWrt system helper toolbox
 endef
 
+define Package/logd
+SECTION:=base
+  CATEGORY:=Base system
+  DEPENDS:=+libubox +libubus +libblobmsg-json +USE_GLIBC:librt
+  TITLE:=OpenWrt system log implementation
+endef
+
 define Package/ubox/install
-	$(INSTALL_DIR) $(1)/sbin $(1)/usr/sbin $(1)/lib $(1)/usr/bin $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/sbin $(1)/usr/sbin $(1)/lib $(1)/usr/bin
 
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{kmodloader,validate_data} $(1)/sbin/
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/getrandom $(1)/usr/bin/
@@ -39,9 +46,14 @@ define Package/ubox/install
 	$(LN) ../../sbin/kmodloader $(1)/usr/sbin/lsmod
 	$(LN) ../../sbin/kmodloader $(1)/usr/sbin/modinfo
 	$(LN) ../../sbin/kmodloader $(1)/usr/sbin/modprobe
+endef
+
+define Package/logd/install
+	$(INSTALL_DIR) $(1)/sbin $(1)/etc/init.d/
 
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{logd,logread} $(1)/sbin/
 	$(INSTALL_BIN) ./files/log.init $(1)/etc/init.d/log
 endef
 
 $(eval $(call BuildPackage,ubox))
+$(eval $(call BuildPackage,logd))
diff --git a/package/system/ubus/Makefile b/package/system/ubus/Makefile
index fadb436863..4f3d4e8309 100644
--- a/package/system/ubus/Makefile
+++ b/package/system/ubus/Makefile
@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/ubus.git
-PKG_SOURCE_DATE:=2016-10-12
-PKG_SOURCE_VERSION:=312448a5b147c221836827a7a641e76a4514db44
-PKG_MIRROR_HASH:=adeeae238deaac2b6af77c2e4473febdcbc0f1c256734b2ff019c76b2f3f2aa6
+PKG_SOURCE_DATE:=2017-02-18
+PKG_SOURCE_VERSION:=34c6e818e431cc53478a0f7c7c1eca07d194d692
+PKG_MIRROR_HASH:=fc4f1121faa4f5b8fa52ee25460b98b2e60e7d245aefa70e7f76c56ce5628fd5
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=LGPL-2.1
diff --git a/package/utils/osafeloader/Makefile b/package/utils/osafeloader/Makefile
index 883d7ae603..d0a590e13b 100644
--- a/package/utils/osafeloader/Makefile
+++ b/package/utils/osafeloader/Makefile
@@ -10,6 +10,8 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=osafeloader
 PKG_RELEASE:=1
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/osafeloader
diff --git a/package/utils/px5g-standalone/Makefile b/package/utils/px5g-standalone/Makefile
deleted file mode 100644
index b8f68d7bf3..0000000000
--- a/package/utils/px5g-standalone/Makefile
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=px5g-standalone
-PKG_RELEASE:=2
-
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/px5g-standalone
-  SECTION:=utils
-  CATEGORY:=Utilities
-  SUBMENU:=Encryption
-  TITLE:=X.509 certificate generator (standalone version)
-  MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org>
-  PROVIDES:=px5g
-endef
-
-define Package/px5g-standalone/description
- Px5g is a tiny standalone X.509 certificate generator.
- It suitable to create key files and certificates in DER
- and PEM format for use with stunnel, uhttpd and others.
-endef
-
-define Package/px5g-standalone/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g
-endef
-
-$(eval $(call BuildPackage,px5g-standalone))
diff --git a/package/utils/px5g-standalone/src/Makefile b/package/utils/px5g-standalone/src/Makefile
deleted file mode 100644
index 2bd95739cb..0000000000
--- a/package/utils/px5g-standalone/src/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-CFLAGS?=-O2
-CFLAGS+=
-SFLAGS:=--std=gnu99
-WFLAGS:=-Wall -Werror -pedantic
-LDFLAGS?=
-BINARY:=px5g
-
-all: $(BINARY)
-
-$(BINARY): *.c library/*.c
-	$(CC) -I. $(CFLAGS) $(SFLAGS) $(WFLAGS) $(LDFLAGS) -o $@ $+
-
-clean:
-	rm -f $(BINARY)
diff --git a/package/utils/px5g-standalone/src/library/base64.c b/package/utils/px5g-standalone/src/library/base64.c
deleted file mode 100644
index b7cc5b84ea..0000000000
--- a/package/utils/px5g-standalone/src/library/base64.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- *  RFC 1521 base64 encoding/decoding
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_BASE64_C)
-
-#include "polarssl/base64.h"
-
-static const unsigned char base64_enc_map[64] =
-{
-    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
-    'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
-    'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
-    'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
-    'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
-    'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
-    '8', '9', '+', '/'
-};
-
-static const unsigned char base64_dec_map[128] =
-{
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127,  62, 127, 127, 127,  63,  52,  53,
-     54,  55,  56,  57,  58,  59,  60,  61, 127, 127,
-    127,  64, 127, 127, 127,   0,   1,   2,   3,   4,
-      5,   6,   7,   8,   9,  10,  11,  12,  13,  14,
-     15,  16,  17,  18,  19,  20,  21,  22,  23,  24,
-     25, 127, 127, 127, 127, 127, 127,  26,  27,  28,
-     29,  30,  31,  32,  33,  34,  35,  36,  37,  38,
-     39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
-     49,  50,  51, 127, 127, 127, 127, 127
-};
-
-/*
- * Encode a buffer into base64 format
- */
-int base64_encode( unsigned char *dst, int *dlen,
-                   unsigned char *src, int  slen )
-{
-    int i, n;
-    int C1, C2, C3;
-    unsigned char *p;
-
-    if( slen == 0 )
-        return( 0 );
-
-    n = (slen << 3) / 6;
-
-    switch( (slen << 3) - (n * 6) )
-    {
-        case  2: n += 3; break;
-        case  4: n += 2; break;
-        default: break;
-    }
-
-    if( *dlen < n + 1 )
-    {
-        *dlen = n + 1;
-        return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    n = (slen / 3) * 3;
-
-    for( i = 0, p = dst; i < n; i += 3 )
-    {
-        C1 = *src++;
-        C2 = *src++;
-        C3 = *src++;
-
-        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-        *p++ = base64_enc_map[(((C1 &  3) << 4) + (C2 >> 4)) & 0x3F];
-        *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
-        *p++ = base64_enc_map[C3 & 0x3F];
-    }
-
-    if( i < slen )
-    {
-        C1 = *src++;
-        C2 = ((i + 1) < slen) ? *src++ : 0;
-
-        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-        *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
-
-        if( (i + 1) < slen )
-             *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
-        else *p++ = '=';
-
-        *p++ = '=';
-    }
-
-    *dlen = p - dst;
-    *p = 0;
-
-    return( 0 );
-}
-
-/*
- * Decode a base64-formatted buffer
- */
-int base64_decode( unsigned char *dst, int *dlen,
-                   unsigned char *src, int  slen )
-{
-    int i, j, n;
-    unsigned long x;
-    unsigned char *p;
-
-    for( i = j = n = 0; i < slen; i++ )
-    {
-        if( ( slen - i ) >= 2 &&
-            src[i] == '\r' && src[i + 1] == '\n' )
-            continue;
-
-        if( src[i] == '\n' )
-            continue;
-
-        if( src[i] == '=' && ++j > 2 )
-            return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
-
-        if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
-            return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
-
-        if( base64_dec_map[src[i]] < 64 && j != 0 )
-            return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
-
-        n++;
-    }
-
-    if( n == 0 )
-        return( 0 );
-
-    n = ((n * 6) + 7) >> 3;
-
-    if( *dlen < n )
-    {
-        *dlen = n;
-        return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-   for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
-   {
-        if( *src == '\r' || *src == '\n' )
-            continue;
-
-        j -= ( base64_dec_map[*src] == 64 );
-        x  = (x << 6) | ( base64_dec_map[*src] & 0x3F );
-
-        if( ++n == 4 )
-        {
-            n = 0;
-            if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
-            if( j > 1 ) *p++ = (unsigned char)( x >>  8 );
-            if( j > 2 ) *p++ = (unsigned char)( x       );
-        }
-    }
-
-    *dlen = p - dst;
-
-    return( 0 );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-
-#include <string.h>
-#include <stdio.h>
-
-static const unsigned char base64_test_dec[64] =
-{
-    0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
-    0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01,
-    0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09,
-    0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13,
-    0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31,
-    0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38,
-    0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B,
-    0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97
-};
-
-static const unsigned char base64_test_enc[] =
-    "JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK"
-    "swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw==";
-
-/*
- * Checkup routine
- */
-int base64_self_test( int verbose )
-{
-    int len;
-    unsigned char *src, buffer[128];
-
-    if( verbose != 0 )
-        printf( "  Base64 encoding test: " );
-
-    len = sizeof( buffer );
-    src = (unsigned char *) base64_test_dec;
-
-    if( base64_encode( buffer, &len, src, 64 ) != 0 ||
-         memcmp( base64_test_enc, buffer, 88 ) != 0 ) 
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n  Base64 decoding test: " );
-
-    len = sizeof( buffer );
-    src = (unsigned char *) base64_test_enc;
-
-    if( base64_decode( buffer, &len, src, 88 ) != 0 ||
-         memcmp( base64_test_dec, buffer, 64 ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n\n" );
-
-    return( 0 );
-}
-
-#endif
-
-#endif
diff --git a/package/utils/px5g-standalone/src/library/bignum.c b/package/utils/px5g-standalone/src/library/bignum.c
deleted file mode 100644
index 8b7c12ff00..0000000000
--- a/package/utils/px5g-standalone/src/library/bignum.c
+++ /dev/null
@@ -1,2010 +0,0 @@
-/*
- *  Multi-precision integer library
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*
- *  This MPI implementation is based on:
- *
- *  http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf
- *  http://www.stillhq.com/extracted/gnupg-api/mpi/
- *  http://math.libtomcrypt.com/files/tommath.pdf
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_BIGNUM_C)
-
-#include "polarssl/bignum.h"
-#include "polarssl/bn_mul.h"
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-
-#define ciL    ((int) sizeof(t_int))    /* chars in limb  */
-#define biL    (ciL << 3)               /* bits  in limb  */
-#define biH    (ciL << 2)               /* half limb size */
-
-/*
- * Convert between bits/chars and number of limbs
- */
-#define BITS_TO_LIMBS(i)  (((i) + biL - 1) / biL)
-#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL)
-
-/*
- * Initialize one or more mpi
- */
-void mpi_init( mpi *X, ... )
-{
-    va_list args;
-
-    va_start( args, X );
-
-    while( X != NULL )
-    {
-        X->s = 1;
-        X->n = 0;
-        X->p = NULL;
-
-        X = va_arg( args, mpi* );
-    }
-
-    va_end( args );
-}
-
-/*
- * Unallocate one or more mpi
- */
-void mpi_free( mpi *X, ... )
-{
-    va_list args;
-
-    va_start( args, X );
-
-    while( X != NULL )
-    {
-        if( X->p != NULL )
-        {
-            memset( X->p, 0, X->n * ciL );
-            free( X->p );
-        }
-
-        X->s = 1;
-        X->n = 0;
-        X->p = NULL;
-
-        X = va_arg( args, mpi* );
-    }
-
-    va_end( args );
-}
-
-/*
- * Enlarge to the specified number of limbs
- */
-int mpi_grow( mpi *X, int nblimbs )
-{
-    t_int *p;
-
-    if( X->n < nblimbs )
-    {
-        if( ( p = (t_int *) malloc( nblimbs * ciL ) ) == NULL )
-            return( 1 );
-
-        memset( p, 0, nblimbs * ciL );
-
-        if( X->p != NULL )
-        {
-            memcpy( p, X->p, X->n * ciL );
-            memset( X->p, 0, X->n * ciL );
-            free( X->p );
-        }
-
-        X->n = nblimbs;
-        X->p = p;
-    }
-
-    return( 0 );
-}
-
-/*
- * Copy the contents of Y into X
- */
-int mpi_copy( mpi *X, mpi *Y )
-{
-    int ret, i;
-
-    if( X == Y )
-        return( 0 );
-
-    for( i = Y->n - 1; i > 0; i-- )
-        if( Y->p[i] != 0 )
-            break;
-    i++;
-
-    X->s = Y->s;
-
-    MPI_CHK( mpi_grow( X, i ) );
-
-    memset( X->p, 0, X->n * ciL );
-    memcpy( X->p, Y->p, i * ciL );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Swap the contents of X and Y
- */
-void mpi_swap( mpi *X, mpi *Y )
-{
-    mpi T;
-
-    memcpy( &T,  X, sizeof( mpi ) );
-    memcpy(  X,  Y, sizeof( mpi ) );
-    memcpy(  Y, &T, sizeof( mpi ) );
-}
-
-/*
- * Set value from integer
- */
-int mpi_lset( mpi *X, int z )
-{
-    int ret;
-
-    MPI_CHK( mpi_grow( X, 1 ) );
-    memset( X->p, 0, X->n * ciL );
-
-    X->p[0] = ( z < 0 ) ? -z : z;
-    X->s    = ( z < 0 ) ? -1 : 1;
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Return the number of least significant bits
- */
-int mpi_lsb( mpi *X )
-{
-    int i, j, count = 0;
-
-    for( i = 0; i < X->n; i++ )
-        for( j = 0; j < (int) biL; j++, count++ )
-            if( ( ( X->p[i] >> j ) & 1 ) != 0 )
-                return( count );
-
-    return( 0 );
-}
-
-/*
- * Return the number of most significant bits
- */
-int mpi_msb( mpi *X )
-{
-    int i, j;
-
-    for( i = X->n - 1; i > 0; i-- )
-        if( X->p[i] != 0 )
-            break;
-
-    for( j = biL - 1; j >= 0; j-- )
-        if( ( ( X->p[i] >> j ) & 1 ) != 0 )
-            break;
-
-    return( ( i * biL ) + j + 1 );
-}
-
-/*
- * Return the total size in bytes
- */
-int mpi_size( mpi *X )
-{
-    return( ( mpi_msb( X ) + 7 ) >> 3 );
-}
-
-/*
- * Convert an ASCII character to digit value
- */
-static int mpi_get_digit( t_int *d, int radix, char c )
-{
-    *d = 255;
-
-    if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
-    if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
-    if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
-
-    if( *d >= (t_int) radix )
-        return( POLARSSL_ERR_MPI_INVALID_CHARACTER );
-
-    return( 0 );
-}
-
-/*
- * Import from an ASCII string
- */
-int mpi_read_string( mpi *X, int radix, char *s )
-{
-    int ret, i, j, n;
-    t_int d;
-    mpi T;
-
-    if( radix < 2 || radix > 16 )
-        return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
-
-    mpi_init( &T, NULL );
-
-    if( radix == 16 )
-    {
-        n = BITS_TO_LIMBS( strlen( s ) << 2 );
-
-        MPI_CHK( mpi_grow( X, n ) );
-        MPI_CHK( mpi_lset( X, 0 ) );
-
-        for( i = strlen( s ) - 1, j = 0; i >= 0; i--, j++ )
-        {
-            if( i == 0 && s[i] == '-' )
-            {
-                X->s = -1;
-                break;
-            }
-
-            MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
-            X->p[j / (2 * ciL)] |= d << ( (j % (2 * ciL)) << 2 );
-        }
-    }
-    else
-    {
-        MPI_CHK( mpi_lset( X, 0 ) );
-
-        for( i = 0; i < (int) strlen( s ); i++ )
-        {
-            if( i == 0 && s[i] == '-' )
-            {
-                X->s = -1;
-                continue;
-            }
-
-            MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
-            MPI_CHK( mpi_mul_int( &T, X, radix ) );
-            MPI_CHK( mpi_add_int( X, &T, d ) );
-        }
-    }
-
-cleanup:
-
-    mpi_free( &T, NULL );
-
-    return( ret );
-}
-
-/*
- * Helper to write the digits high-order first
- */
-static int mpi_write_hlp( mpi *X, int radix, char **p )
-{
-    int ret;
-    t_int r;
-
-    if( radix < 2 || radix > 16 )
-        return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
-
-    MPI_CHK( mpi_mod_int( &r, X, radix ) );
-    MPI_CHK( mpi_div_int( X, NULL, X, radix ) );
-
-    if( mpi_cmp_int( X, 0 ) != 0 )
-        MPI_CHK( mpi_write_hlp( X, radix, p ) );
-
-    if( r < 10 )
-        *(*p)++ = (char)( r + 0x30 );
-    else
-        *(*p)++ = (char)( r + 0x37 );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Export into an ASCII string
- */
-int mpi_write_string( mpi *X, int radix, char *s, int *slen )
-{
-    int ret = 0, n;
-    char *p;
-    mpi T;
-
-    if( radix < 2 || radix > 16 )
-        return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
-
-    n = mpi_msb( X );
-    if( radix >=  4 ) n >>= 1;
-    if( radix >= 16 ) n >>= 1;
-    n += 3;
-
-    if( *slen < n )
-    {
-        *slen = n;
-        return( POLARSSL_ERR_MPI_BUFFER_TOO_SMALL );
-    }
-
-    p = s;
-    mpi_init( &T, NULL );
-
-    if( X->s == -1 )
-        *p++ = '-';
-
-    if( radix == 16 )
-    {
-        int c, i, j, k;
-
-        for( i = X->n - 1, k = 0; i >= 0; i-- )
-        {
-            for( j = ciL - 1; j >= 0; j-- )
-            {
-                c = ( X->p[i] >> (j << 3) ) & 0xFF;
-
-                if( c == 0 && k == 0 && (i + j) != 0 )
-                    continue;
-
-                p += sprintf( p, "%02X", c );
-                k = 1;
-            }
-        }
-    }
-    else
-    {
-        MPI_CHK( mpi_copy( &T, X ) );
-        MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
-    }
-
-    *p++ = '\0';
-    *slen = p - s;
-
-cleanup:
-
-    mpi_free( &T, NULL );
-
-    return( ret );
-}
-
-/*
- * Read X from an opened file
- */
-int mpi_read_file( mpi *X, int radix, FILE *fin )
-{
-    t_int d;
-    int slen;
-    char *p;
-    char s[1024];
-
-    memset( s, 0, sizeof( s ) );
-    if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
-        return( POLARSSL_ERR_MPI_FILE_IO_ERROR );
-
-    slen = strlen( s );
-    if( s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
-    if( s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
-
-    p = s + slen;
-    while( --p >= s )
-        if( mpi_get_digit( &d, radix, *p ) != 0 )
-            break;
-
-    return( mpi_read_string( X, radix, p + 1 ) );
-}
-
-/*
- * Write X into an opened file (or stdout if fout == NULL)
- */
-int mpi_write_file( char *p, mpi *X, int radix, FILE *fout )
-{
-    int n, ret;
-    size_t slen;
-    size_t plen;
-    char s[1024];
-
-    n = sizeof( s );
-    memset( s, 0, n );
-    n -= 2;
-
-    MPI_CHK( mpi_write_string( X, radix, s, (int *) &n ) );
-
-    if( p == NULL ) p = "";
-
-    plen = strlen( p );
-    slen = strlen( s );
-    s[slen++] = '\r';
-    s[slen++] = '\n';
-
-    if( fout != NULL )
-    {
-        if( fwrite( p, 1, plen, fout ) != plen ||
-            fwrite( s, 1, slen, fout ) != slen )
-            return( POLARSSL_ERR_MPI_FILE_IO_ERROR );
-    }
-    else
-        printf( "%s%s", p, s );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Import X from unsigned binary data, big endian
- */
-int mpi_read_binary( mpi *X, unsigned char *buf, int buflen )
-{
-    int ret, i, j, n;
-
-    for( n = 0; n < buflen; n++ )
-        if( buf[n] != 0 )
-            break;
-
-    MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) );
-    MPI_CHK( mpi_lset( X, 0 ) );
-
-    for( i = buflen - 1, j = 0; i >= n; i--, j++ )
-        X->p[j / ciL] |= ((t_int) buf[i]) << ((j % ciL) << 3);
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Export X into unsigned binary data, big endian
- */
-int mpi_write_binary( mpi *X, unsigned char *buf, int buflen )
-{
-    int i, j, n;
-
-    n = mpi_size( X );
-
-    if( buflen < n )
-        return( POLARSSL_ERR_MPI_BUFFER_TOO_SMALL );
-
-    memset( buf, 0, buflen );
-
-    for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
-        buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
-
-    return( 0 );
-}
-
-/*
- * Left-shift: X <<= count
- */
-int mpi_shift_l( mpi *X, int count )
-{
-    int ret, i, v0, t1;
-    t_int r0 = 0, r1;
-
-    v0 = count / (biL    );
-    t1 = count & (biL - 1);
-
-    i = mpi_msb( X ) + count;
-
-    if( X->n * (int) biL < i )
-        MPI_CHK( mpi_grow( X, BITS_TO_LIMBS( i ) ) );
-
-    ret = 0;
-
-    /*
-     * shift by count / limb_size
-     */
-    if( v0 > 0 )
-    {
-        for( i = X->n - 1; i >= v0; i-- )
-            X->p[i] = X->p[i - v0];
-
-        for( ; i >= 0; i-- )
-            X->p[i] = 0;
-    }
-
-    /*
-     * shift by count % limb_size
-     */
-    if( t1 > 0 )
-    {
-        for( i = v0; i < X->n; i++ )
-        {
-            r1 = X->p[i] >> (biL - t1);
-            X->p[i] <<= t1;
-            X->p[i] |= r0;
-            r0 = r1;
-        }
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Right-shift: X >>= count
- */
-int mpi_shift_r( mpi *X, int count )
-{
-    int i, v0, v1;
-    t_int r0 = 0, r1;
-
-    v0 = count /  biL;
-    v1 = count & (biL - 1);
-
-    /*
-     * shift by count / limb_size
-     */
-    if( v0 > 0 )
-    {
-        for( i = 0; i < X->n - v0; i++ )
-            X->p[i] = X->p[i + v0];
-
-        for( ; i < X->n; i++ )
-            X->p[i] = 0;
-    }
-
-    /*
-     * shift by count % limb_size
-     */
-    if( v1 > 0 )
-    {
-        for( i = X->n - 1; i >= 0; i-- )
-        {
-            r1 = X->p[i] << (biL - v1);
-            X->p[i] >>= v1;
-            X->p[i] |= r0;
-            r0 = r1;
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare unsigned values
- */
-int mpi_cmp_abs( mpi *X, mpi *Y )
-{
-    int i, j;
-
-    for( i = X->n - 1; i >= 0; i-- )
-        if( X->p[i] != 0 )
-            break;
-
-    for( j = Y->n - 1; j >= 0; j-- )
-        if( Y->p[j] != 0 )
-            break;
-
-    if( i < 0 && j < 0 )
-        return( 0 );
-
-    if( i > j ) return(  1 );
-    if( j > i ) return( -1 );
-
-    for( ; i >= 0; i-- )
-    {
-        if( X->p[i] > Y->p[i] ) return(  1 );
-        if( X->p[i] < Y->p[i] ) return( -1 );
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mpi_cmp_mpi( mpi *X, mpi *Y )
-{
-    int i, j;
-
-    for( i = X->n - 1; i >= 0; i-- )
-        if( X->p[i] != 0 )
-            break;
-
-    for( j = Y->n - 1; j >= 0; j-- )
-        if( Y->p[j] != 0 )
-            break;
-
-    if( i < 0 && j < 0 )
-        return( 0 );
-
-    if( i > j ) return(  X->s );
-    if( j > i ) return( -X->s );
-
-    if( X->s > 0 && Y->s < 0 ) return(  1 );
-    if( Y->s > 0 && X->s < 0 ) return( -1 );
-
-    for( ; i >= 0; i-- )
-    {
-        if( X->p[i] > Y->p[i] ) return(  X->s );
-        if( X->p[i] < Y->p[i] ) return( -X->s );
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mpi_cmp_int( mpi *X, int z )
-{
-    mpi Y;
-    t_int p[1];
-
-    *p  = ( z < 0 ) ? -z : z;
-    Y.s = ( z < 0 ) ? -1 : 1;
-    Y.n = 1;
-    Y.p = p;
-
-    return( mpi_cmp_mpi( X, &Y ) );
-}
-
-/*
- * Unsigned addition: X = |A| + |B|  (HAC 14.7)
- */
-int mpi_add_abs( mpi *X, mpi *A, mpi *B )
-{
-    int ret, i, j;
-    t_int *o, *p, c;
-
-    if( X == B )
-    {
-        mpi *T = A; A = X; B = T;
-    }
-
-    if( X != A )
-        MPI_CHK( mpi_copy( X, A ) );
-
-    for( j = B->n - 1; j >= 0; j-- )
-        if( B->p[j] != 0 )
-            break;
-
-    MPI_CHK( mpi_grow( X, j + 1 ) );
-
-    o = B->p; p = X->p; c = 0;
-
-    for( i = 0; i <= j; i++, o++, p++ )
-    {
-        *p +=  c; c  = ( *p <  c );
-        *p += *o; c += ( *p < *o );
-    }
-
-    while( c != 0 )
-    {
-        if( i >= X->n )
-        {
-            MPI_CHK( mpi_grow( X, i + 1 ) );
-            p = X->p + i;
-        }
-
-        *p += c; c = ( *p < c ); i++;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Helper for mpi substraction
- */
-static void mpi_sub_hlp( int n, t_int *s, t_int *d )
-{
-    int i;
-    t_int c, z;
-
-    for( i = c = 0; i < n; i++, s++, d++ )
-    {
-        z = ( *d <  c );     *d -=  c;
-        c = ( *d < *s ) + z; *d -= *s;
-    }
-
-    while( c != 0 )
-    {
-        z = ( *d < c ); *d -= c;
-        c = z; i++; d++;
-    }
-}
-
-/*
- * Unsigned substraction: X = |A| - |B|  (HAC 14.9)
- */
-int mpi_sub_abs( mpi *X, mpi *A, mpi *B )
-{
-    mpi TB;
-    int ret, n;
-
-    if( mpi_cmp_abs( A, B ) < 0 )
-        return( POLARSSL_ERR_MPI_NEGATIVE_VALUE );
-
-    mpi_init( &TB, NULL );
-
-    if( X == B )
-    {
-        MPI_CHK( mpi_copy( &TB, B ) );
-        B = &TB;
-    }
-
-    if( X != A )
-        MPI_CHK( mpi_copy( X, A ) );
-
-    ret = 0;
-
-    for( n = B->n - 1; n >= 0; n-- )
-        if( B->p[n] != 0 )
-            break;
-
-    mpi_sub_hlp( n + 1, B->p, X->p );
-
-cleanup:
-
-    mpi_free( &TB, NULL );
-
-    return( ret );
-}
-
-/*
- * Signed addition: X = A + B
- */
-int mpi_add_mpi( mpi *X, mpi *A, mpi *B )
-{
-    int ret, s = A->s;
-
-    if( A->s * B->s < 0 )
-    {
-        if( mpi_cmp_abs( A, B ) >= 0 )
-        {
-            MPI_CHK( mpi_sub_abs( X, A, B ) );
-            X->s =  s;
-        }
-        else
-        {
-            MPI_CHK( mpi_sub_abs( X, B, A ) );
-            X->s = -s;
-        }
-    }
-    else
-    {
-        MPI_CHK( mpi_add_abs( X, A, B ) );
-        X->s = s;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Signed substraction: X = A - B
- */
-int mpi_sub_mpi( mpi *X, mpi *A, mpi *B )
-{
-    int ret, s = A->s;
-
-    if( A->s * B->s > 0 )
-    {
-        if( mpi_cmp_abs( A, B ) >= 0 )
-        {
-            MPI_CHK( mpi_sub_abs( X, A, B ) );
-            X->s =  s;
-        }
-        else
-        {
-            MPI_CHK( mpi_sub_abs( X, B, A ) );
-            X->s = -s;
-        }
-    }
-    else
-    {
-        MPI_CHK( mpi_add_abs( X, A, B ) );
-        X->s = s;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Signed addition: X = A + b
- */
-int mpi_add_int( mpi *X, mpi *A, int b )
-{
-    mpi _B;
-    t_int p[1];
-
-    p[0] = ( b < 0 ) ? -b : b;
-    _B.s = ( b < 0 ) ? -1 : 1;
-    _B.n = 1;
-    _B.p = p;
-
-    return( mpi_add_mpi( X, A, &_B ) );
-}
-
-/*
- * Signed substraction: X = A - b
- */
-int mpi_sub_int( mpi *X, mpi *A, int b )
-{
-    mpi _B;
-    t_int p[1];
-
-    p[0] = ( b < 0 ) ? -b : b;
-    _B.s = ( b < 0 ) ? -1 : 1;
-    _B.n = 1;
-    _B.p = p;
-
-    return( mpi_sub_mpi( X, A, &_B ) );
-}
-
-/*
- * Helper for mpi multiplication
- */ 
-static void mpi_mul_hlp( int i, t_int *s, t_int *d, t_int b )
-{
-    t_int c = 0, t = 0;
-
-#if defined(MULADDC_HUIT)
-    for( ; i >= 8; i -= 8 )
-    {
-        MULADDC_INIT
-        MULADDC_HUIT
-        MULADDC_STOP
-    }
-
-    for( ; i > 0; i-- )
-    {
-        MULADDC_INIT
-        MULADDC_CORE
-        MULADDC_STOP
-    }
-#else
-    for( ; i >= 16; i -= 16 )
-    {
-        MULADDC_INIT
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_STOP
-    }
-
-    for( ; i >= 8; i -= 8 )
-    {
-        MULADDC_INIT
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_STOP
-    }
-
-    for( ; i > 0; i-- )
-    {
-        MULADDC_INIT
-        MULADDC_CORE
-        MULADDC_STOP
-    }
-#endif
-
-    t++;
-
-    do {
-        *d += c; c = ( *d < c ); d++;
-    }
-    while( c != 0 );
-}
-
-/*
- * Baseline multiplication: X = A * B  (HAC 14.12)
- */
-int mpi_mul_mpi( mpi *X, mpi *A, mpi *B )
-{
-    int ret, i, j;
-    mpi TA, TB;
-
-    mpi_init( &TA, &TB, NULL );
-
-    if( X == A ) { MPI_CHK( mpi_copy( &TA, A ) ); A = &TA; }
-    if( X == B ) { MPI_CHK( mpi_copy( &TB, B ) ); B = &TB; }
-
-    for( i = A->n - 1; i >= 0; i-- )
-        if( A->p[i] != 0 )
-            break;
-
-    for( j = B->n - 1; j >= 0; j-- )
-        if( B->p[j] != 0 )
-            break;
-
-    MPI_CHK( mpi_grow( X, i + j + 2 ) );
-    MPI_CHK( mpi_lset( X, 0 ) );
-
-    for( i++; j >= 0; j-- )
-        mpi_mul_hlp( i, A->p, X->p + j, B->p[j] );
-
-    X->s = A->s * B->s;
-
-cleanup:
-
-    mpi_free( &TB, &TA, NULL );
-
-    return( ret );
-}
-
-/*
- * Baseline multiplication: X = A * b
- */
-int mpi_mul_int( mpi *X, mpi *A, t_int b )
-{
-    mpi _B;
-    t_int p[1];
-
-    _B.s = 1;
-    _B.n = 1;
-    _B.p = p;
-    p[0] = b;
-
-    return( mpi_mul_mpi( X, A, &_B ) );
-}
-
-/*
- * Division by mpi: A = Q * B + R  (HAC 14.20)
- */
-int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B )
-{
-    int ret, i, n, t, k;
-    mpi X, Y, Z, T1, T2;
-
-    if( mpi_cmp_int( B, 0 ) == 0 )
-        return( POLARSSL_ERR_MPI_DIVISION_BY_ZERO );
-
-    mpi_init( &X, &Y, &Z, &T1, &T2, NULL );
-
-    if( mpi_cmp_abs( A, B ) < 0 )
-    {
-        if( Q != NULL ) MPI_CHK( mpi_lset( Q, 0 ) );
-        if( R != NULL ) MPI_CHK( mpi_copy( R, A ) );
-        return( 0 );
-    }
-
-    MPI_CHK( mpi_copy( &X, A ) );
-    MPI_CHK( mpi_copy( &Y, B ) );
-    X.s = Y.s = 1;
-
-    MPI_CHK( mpi_grow( &Z, A->n + 2 ) );
-    MPI_CHK( mpi_lset( &Z,  0 ) );
-    MPI_CHK( mpi_grow( &T1, 2 ) );
-    MPI_CHK( mpi_grow( &T2, 3 ) );
-
-    k = mpi_msb( &Y ) % biL;
-    if( k < (int) biL - 1 )
-    {
-        k = biL - 1 - k;
-        MPI_CHK( mpi_shift_l( &X, k ) );
-        MPI_CHK( mpi_shift_l( &Y, k ) );
-    }
-    else k = 0;
-
-    n = X.n - 1;
-    t = Y.n - 1;
-    mpi_shift_l( &Y, biL * (n - t) );
-
-    while( mpi_cmp_mpi( &X, &Y ) >= 0 )
-    {
-        Z.p[n - t]++;
-        mpi_sub_mpi( &X, &X, &Y );
-    }
-    mpi_shift_r( &Y, biL * (n - t) );
-
-    for( i = n; i > t ; i-- )
-    {
-        if( X.p[i] >= Y.p[t] )
-            Z.p[i - t - 1] = ~0;
-        else
-        {
-#if defined(POLARSSL_HAVE_LONGLONG)
-            t_dbl r;
-
-            r  = (t_dbl) X.p[i] << biL;
-            r |= (t_dbl) X.p[i - 1];
-            r /= Y.p[t];
-            if( r > ((t_dbl) 1 << biL) - 1)
-                r = ((t_dbl) 1 << biL) - 1;
-
-            Z.p[i - t - 1] = (t_int) r;
-#else
-            /*
-             * __udiv_qrnnd_c, from gmp/longlong.h
-             */
-            t_int q0, q1, r0, r1;
-            t_int d0, d1, d, m;
-
-            d  = Y.p[t];
-            d0 = ( d << biH ) >> biH;
-            d1 = ( d >> biH );
-
-            q1 = X.p[i] / d1;
-            r1 = X.p[i] - d1 * q1;
-            r1 <<= biH;
-            r1 |= ( X.p[i - 1] >> biH );
-
-            m = q1 * d0;
-            if( r1 < m )
-            {
-                q1--, r1 += d;
-                while( r1 >= d && r1 < m )
-                    q1--, r1 += d;
-            }
-            r1 -= m;
-
-            q0 = r1 / d1;
-            r0 = r1 - d1 * q0;
-            r0 <<= biH;
-            r0 |= ( X.p[i - 1] << biH ) >> biH;
-
-            m = q0 * d0;
-            if( r0 < m )
-            {
-                q0--, r0 += d;
-                while( r0 >= d && r0 < m )
-                    q0--, r0 += d;
-            }
-            r0 -= m;
-
-            Z.p[i - t - 1] = ( q1 << biH ) | q0;
-#endif
-        }
-
-        Z.p[i - t - 1]++;
-        do
-        {
-            Z.p[i - t - 1]--;
-
-            MPI_CHK( mpi_lset( &T1, 0 ) );
-            T1.p[0] = (t < 1) ? 0 : Y.p[t - 1];
-            T1.p[1] = Y.p[t];
-            MPI_CHK( mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
-
-            MPI_CHK( mpi_lset( &T2, 0 ) );
-            T2.p[0] = (i < 2) ? 0 : X.p[i - 2];
-            T2.p[1] = (i < 1) ? 0 : X.p[i - 1];
-            T2.p[2] = X.p[i];
-        }
-        while( mpi_cmp_mpi( &T1, &T2 ) > 0 );
-
-        MPI_CHK( mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
-        MPI_CHK( mpi_shift_l( &T1,  biL * (i - t - 1) ) );
-        MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) );
-
-        if( mpi_cmp_int( &X, 0 ) < 0 )
-        {
-            MPI_CHK( mpi_copy( &T1, &Y ) );
-            MPI_CHK( mpi_shift_l( &T1, biL * (i - t - 1) ) );
-            MPI_CHK( mpi_add_mpi( &X, &X, &T1 ) );
-            Z.p[i - t - 1]--;
-        }
-    }
-
-    if( Q != NULL )
-    {
-        mpi_copy( Q, &Z );
-        Q->s = A->s * B->s;
-    }
-
-    if( R != NULL )
-    {
-        mpi_shift_r( &X, k );
-        mpi_copy( R, &X );
-
-        R->s = A->s;
-        if( mpi_cmp_int( R, 0 ) == 0 )
-            R->s = 1;
-    }
-
-cleanup:
-
-    mpi_free( &X, &Y, &Z, &T1, &T2, NULL );
-
-    return( ret );
-}
-
-/*
- * Division by int: A = Q * b + R
- *
- * Returns 0 if successful
- *         1 if memory allocation failed
- *         POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
- */
-int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b )
-{
-    mpi _B;
-    t_int p[1];
-
-    p[0] = ( b < 0 ) ? -b : b;
-    _B.s = ( b < 0 ) ? -1 : 1;
-    _B.n = 1;
-    _B.p = p;
-
-    return( mpi_div_mpi( Q, R, A, &_B ) );
-}
-
-/*
- * Modulo: R = A mod B
- */
-int mpi_mod_mpi( mpi *R, mpi *A, mpi *B )
-{
-    int ret;
-
-    MPI_CHK( mpi_div_mpi( NULL, R, A, B ) );
-
-    while( mpi_cmp_int( R, 0 ) < 0 )
-      MPI_CHK( mpi_add_mpi( R, R, B ) );
-
-    while( mpi_cmp_mpi( R, B ) >= 0 )
-      MPI_CHK( mpi_sub_mpi( R, R, B ) );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Modulo: r = A mod b
- */
-int mpi_mod_int( t_int *r, mpi *A, int b )
-{
-    int i;
-    t_int x, y, z;
-
-    if( b == 0 )
-        return( POLARSSL_ERR_MPI_DIVISION_BY_ZERO );
-
-    if( b < 0 )
-        b = -b;
-
-    /*
-     * handle trivial cases
-     */
-    if( b == 1 )
-    {
-        *r = 0;
-        return( 0 );
-    }
-
-    if( b == 2 )
-    {
-        *r = A->p[0] & 1;
-        return( 0 );
-    }
-
-    /*
-     * general case
-     */
-    for( i = A->n - 1, y = 0; i >= 0; i-- )
-    {
-        x  = A->p[i];
-        y  = ( y << biH ) | ( x >> biH );
-        z  = y / b;
-        y -= z * b;
-
-        x <<= biH;
-        y  = ( y << biH ) | ( x >> biH );
-        z  = y / b;
-        y -= z * b;
-    }
-
-    *r = y;
-
-    return( 0 );
-}
-
-/*
- * Fast Montgomery initialization (thanks to Tom St Denis)
- */
-static void mpi_montg_init( t_int *mm, mpi *N )
-{
-    t_int x, m0 = N->p[0];
-
-    x  = m0;
-    x += ( ( m0 + 2 ) & 4 ) << 1;
-    x *= ( 2 - ( m0 * x ) );
-
-    if( biL >= 16 ) x *= ( 2 - ( m0 * x ) );
-    if( biL >= 32 ) x *= ( 2 - ( m0 * x ) );
-    if( biL >= 64 ) x *= ( 2 - ( m0 * x ) );
-
-    *mm = ~x + 1;
-}
-
-/*
- * Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)
- */
-static void mpi_montmul( mpi *A, mpi *B, mpi *N, t_int mm, mpi *T )
-{
-    int i, n, m;
-    t_int u0, u1, *d;
-
-    memset( T->p, 0, T->n * ciL );
-
-    d = T->p;
-    n = N->n;
-    m = ( B->n < n ) ? B->n : n;
-
-    for( i = 0; i < n; i++ )
-    {
-        /*
-         * T = (T + u0*B + u1*N) / 2^biL
-         */
-        u0 = A->p[i];
-        u1 = ( d[0] + u0 * B->p[0] ) * mm;
-
-        mpi_mul_hlp( m, B->p, d, u0 );
-        mpi_mul_hlp( n, N->p, d, u1 );
-
-        *d++ = u0; d[n + 1] = 0;
-    }
-
-    memcpy( A->p, d, (n + 1) * ciL );
-
-    if( mpi_cmp_abs( A, N ) >= 0 )
-        mpi_sub_hlp( n, N->p, A->p );
-    else
-        /* prevent timing attacks */
-        mpi_sub_hlp( n, A->p, T->p );
-}
-
-/*
- * Montgomery reduction: A = A * R^-1 mod N
- */
-static void mpi_montred( mpi *A, mpi *N, t_int mm, mpi *T )
-{
-    t_int z = 1;
-    mpi U;
-
-    U.n = U.s = z;
-    U.p = &z;
-
-    mpi_montmul( A, &U, N, mm, T );
-}
-
-/*
- * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
- */
-int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR )
-{
-    int ret, i, j, wsize, wbits;
-    int bufsize, nblimbs, nbits;
-    t_int ei, mm, state;
-    mpi RR, T, W[64];
-
-    if( mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
-        return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
-
-    /*
-     * Init temps and window size
-     */
-    mpi_montg_init( &mm, N );
-    mpi_init( &RR, &T, NULL );
-    memset( W, 0, sizeof( W ) );
-
-    i = mpi_msb( E );
-
-    wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
-            ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
-
-    j = N->n + 1;
-    MPI_CHK( mpi_grow( X, j ) );
-    MPI_CHK( mpi_grow( &W[1],  j ) );
-    MPI_CHK( mpi_grow( &T, j * 2 ) );
-
-    /*
-     * If 1st call, pre-compute R^2 mod N
-     */
-    if( _RR == NULL || _RR->p == NULL )
-    {
-        MPI_CHK( mpi_lset( &RR, 1 ) );
-        MPI_CHK( mpi_shift_l( &RR, N->n * 2 * biL ) );
-        MPI_CHK( mpi_mod_mpi( &RR, &RR, N ) );
-
-        if( _RR != NULL )
-            memcpy( _RR, &RR, sizeof( mpi ) );
-    }
-    else
-        memcpy( &RR, _RR, sizeof( mpi ) );
-
-    /*
-     * W[1] = A * R^2 * R^-1 mod N = A * R mod N
-     */
-    if( mpi_cmp_mpi( A, N ) >= 0 )
-        mpi_mod_mpi( &W[1], A, N );
-    else   mpi_copy( &W[1], A );
-
-    mpi_montmul( &W[1], &RR, N, mm, &T );
-
-    /*
-     * X = R^2 * R^-1 mod N = R mod N
-     */
-    MPI_CHK( mpi_copy( X, &RR ) );
-    mpi_montred( X, N, mm, &T );
-
-    if( wsize > 1 )
-    {
-        /*
-         * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
-         */
-        j =  1 << (wsize - 1);
-
-        MPI_CHK( mpi_grow( &W[j], N->n + 1 ) );
-        MPI_CHK( mpi_copy( &W[j], &W[1]    ) );
-
-        for( i = 0; i < wsize - 1; i++ )
-            mpi_montmul( &W[j], &W[j], N, mm, &T );
-    
-        /*
-         * W[i] = W[i - 1] * W[1]
-         */
-        for( i = j + 1; i < (1 << wsize); i++ )
-        {
-            MPI_CHK( mpi_grow( &W[i], N->n + 1 ) );
-            MPI_CHK( mpi_copy( &W[i], &W[i - 1] ) );
-
-            mpi_montmul( &W[i], &W[1], N, mm, &T );
-        }
-    }
-
-    nblimbs = E->n;
-    bufsize = 0;
-    nbits   = 0;
-    wbits   = 0;
-    state   = 0;
-
-    while( 1 )
-    {
-        if( bufsize == 0 )
-        {
-            if( nblimbs-- == 0 )
-                break;
-
-            bufsize = sizeof( t_int ) << 3;
-        }
-
-        bufsize--;
-
-        ei = (E->p[nblimbs] >> bufsize) & 1;
-
-        /*
-         * skip leading 0s
-         */
-        if( ei == 0 && state == 0 )
-            continue;
-
-        if( ei == 0 && state == 1 )
-        {
-            /*
-             * out of window, square X
-             */
-            mpi_montmul( X, X, N, mm, &T );
-            continue;
-        }
-
-        /*
-         * add ei to current window
-         */
-        state = 2;
-
-        nbits++;
-        wbits |= (ei << (wsize - nbits));
-
-        if( nbits == wsize )
-        {
-            /*
-             * X = X^wsize R^-1 mod N
-             */
-            for( i = 0; i < wsize; i++ )
-                mpi_montmul( X, X, N, mm, &T );
-
-            /*
-             * X = X * W[wbits] R^-1 mod N
-             */
-            mpi_montmul( X, &W[wbits], N, mm, &T );
-
-            state--;
-            nbits = 0;
-            wbits = 0;
-        }
-    }
-
-    /*
-     * process the remaining bits
-     */
-    for( i = 0; i < nbits; i++ )
-    {
-        mpi_montmul( X, X, N, mm, &T );
-
-        wbits <<= 1;
-
-        if( (wbits & (1 << wsize)) != 0 )
-            mpi_montmul( X, &W[1], N, mm, &T );
-    }
-
-    /*
-     * X = A^E * R * R^-1 mod N = A^E mod N
-     */
-    mpi_montred( X, N, mm, &T );
-
-cleanup:
-
-    for( i = (1 << (wsize - 1)); i < (1 << wsize); i++ )
-        mpi_free( &W[i], NULL );
-
-    if( _RR != NULL )
-         mpi_free( &W[1], &T, NULL );
-    else mpi_free( &W[1], &T, &RR, NULL );
-
-    return( ret );
-}
-
-/*
- * Greatest common divisor: G = gcd(A, B)  (HAC 14.54)
- */
-int mpi_gcd( mpi *G, mpi *A, mpi *B )
-{
-    int ret, lz, lzt;
-    mpi TG, TA, TB;
-
-    mpi_init( &TG, &TA, &TB, NULL );
-
-    MPI_CHK( mpi_copy( &TA, A ) );
-    MPI_CHK( mpi_copy( &TB, B ) );
-
-    lz = mpi_lsb( &TA );
-    lzt = mpi_lsb( &TB );
-
-    if ( lzt < lz )
-        lz = lzt;
-
-    MPI_CHK( mpi_shift_r( &TA, lz ) );
-    MPI_CHK( mpi_shift_r( &TB, lz ) );
-
-    TA.s = TB.s = 1;
-
-    while( mpi_cmp_int( &TA, 0 ) != 0 )
-    {
-        MPI_CHK( mpi_shift_r( &TA, mpi_lsb( &TA ) ) );
-        MPI_CHK( mpi_shift_r( &TB, mpi_lsb( &TB ) ) );
-
-        if( mpi_cmp_mpi( &TA, &TB ) >= 0 )
-        {
-            MPI_CHK( mpi_sub_abs( &TA, &TA, &TB ) );
-            MPI_CHK( mpi_shift_r( &TA, 1 ) );
-        }
-        else
-        {
-            MPI_CHK( mpi_sub_abs( &TB, &TB, &TA ) );
-            MPI_CHK( mpi_shift_r( &TB, 1 ) );
-        }
-    }
-
-    MPI_CHK( mpi_shift_l( &TB, lz ) );
-    MPI_CHK( mpi_copy( G, &TB ) );
-
-cleanup:
-
-    mpi_free( &TB, &TA, &TG, NULL );
-
-    return( ret );
-}
-
-#if defined(POLARSSL_GENPRIME)
-
-/*
- * Modular inverse: X = A^-1 mod N  (HAC 14.61 / 14.64)
- */
-int mpi_inv_mod( mpi *X, mpi *A, mpi *N )
-{
-    int ret;
-    mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
-
-    if( mpi_cmp_int( N, 0 ) <= 0 )
-        return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
-
-    mpi_init( &TA, &TU, &U1, &U2, &G,
-              &TB, &TV, &V1, &V2, NULL );
-
-    MPI_CHK( mpi_gcd( &G, A, N ) );
-
-    if( mpi_cmp_int( &G, 1 ) != 0 )
-    {
-        ret = POLARSSL_ERR_MPI_NOT_ACCEPTABLE;
-        goto cleanup;
-    }
-
-    MPI_CHK( mpi_mod_mpi( &TA, A, N ) );
-    MPI_CHK( mpi_copy( &TU, &TA ) );
-    MPI_CHK( mpi_copy( &TB, N ) );
-    MPI_CHK( mpi_copy( &TV, N ) );
-
-    MPI_CHK( mpi_lset( &U1, 1 ) );
-    MPI_CHK( mpi_lset( &U2, 0 ) );
-    MPI_CHK( mpi_lset( &V1, 0 ) );
-    MPI_CHK( mpi_lset( &V2, 1 ) );
-
-    do
-    {
-        while( ( TU.p[0] & 1 ) == 0 )
-        {
-            MPI_CHK( mpi_shift_r( &TU, 1 ) );
-
-            if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
-            {
-                MPI_CHK( mpi_add_mpi( &U1, &U1, &TB ) );
-                MPI_CHK( mpi_sub_mpi( &U2, &U2, &TA ) );
-            }
-
-            MPI_CHK( mpi_shift_r( &U1, 1 ) );
-            MPI_CHK( mpi_shift_r( &U2, 1 ) );
-        }
-
-        while( ( TV.p[0] & 1 ) == 0 )
-        {
-            MPI_CHK( mpi_shift_r( &TV, 1 ) );
-
-            if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
-            {
-                MPI_CHK( mpi_add_mpi( &V1, &V1, &TB ) );
-                MPI_CHK( mpi_sub_mpi( &V2, &V2, &TA ) );
-            }
-
-            MPI_CHK( mpi_shift_r( &V1, 1 ) );
-            MPI_CHK( mpi_shift_r( &V2, 1 ) );
-        }
-
-        if( mpi_cmp_mpi( &TU, &TV ) >= 0 )
-        {
-            MPI_CHK( mpi_sub_mpi( &TU, &TU, &TV ) );
-            MPI_CHK( mpi_sub_mpi( &U1, &U1, &V1 ) );
-            MPI_CHK( mpi_sub_mpi( &U2, &U2, &V2 ) );
-        }
-        else
-        {
-            MPI_CHK( mpi_sub_mpi( &TV, &TV, &TU ) );
-            MPI_CHK( mpi_sub_mpi( &V1, &V1, &U1 ) );
-            MPI_CHK( mpi_sub_mpi( &V2, &V2, &U2 ) );
-        }
-    }
-    while( mpi_cmp_int( &TU, 0 ) != 0 );
-
-    while( mpi_cmp_int( &V1, 0 ) < 0 )
-        MPI_CHK( mpi_add_mpi( &V1, &V1, N ) );
-
-    while( mpi_cmp_mpi( &V1, N ) >= 0 )
-        MPI_CHK( mpi_sub_mpi( &V1, &V1, N ) );
-
-    MPI_CHK( mpi_copy( X, &V1 ) );
-
-cleanup:
-
-    mpi_free( &V2, &V1, &TV, &TB, &G,
-              &U2, &U1, &TU, &TA, NULL );
-
-    return( ret );
-}
-
-static const int small_prime[] =
-{
-        3,    5,    7,   11,   13,   17,   19,   23,
-       29,   31,   37,   41,   43,   47,   53,   59,
-       61,   67,   71,   73,   79,   83,   89,   97,
-      101,  103,  107,  109,  113,  127,  131,  137,
-      139,  149,  151,  157,  163,  167,  173,  179,
-      181,  191,  193,  197,  199,  211,  223,  227,
-      229,  233,  239,  241,  251,  257,  263,  269,
-      271,  277,  281,  283,  293,  307,  311,  313,
-      317,  331,  337,  347,  349,  353,  359,  367,
-      373,  379,  383,  389,  397,  401,  409,  419,
-      421,  431,  433,  439,  443,  449,  457,  461,
-      463,  467,  479,  487,  491,  499,  503,  509,
-      521,  523,  541,  547,  557,  563,  569,  571,
-      577,  587,  593,  599,  601,  607,  613,  617,
-      619,  631,  641,  643,  647,  653,  659,  661,
-      673,  677,  683,  691,  701,  709,  719,  727,
-      733,  739,  743,  751,  757,  761,  769,  773,
-      787,  797,  809,  811,  821,  823,  827,  829,
-      839,  853,  857,  859,  863,  877,  881,  883,
-      887,  907,  911,  919,  929,  937,  941,  947,
-      953,  967,  971,  977,  983,  991,  997, -103
-};
-
-/*
- * Miller-Rabin primality test  (HAC 4.24)
- */
-int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng )
-{
-    int ret, i, j, n, s, xs;
-    mpi W, R, T, A, RR;
-    unsigned char *p;
-
-    if( mpi_cmp_int( X, 0 ) == 0 )
-        return( 0 );
-
-    mpi_init( &W, &R, &T, &A, &RR, NULL );
-
-    xs = X->s; X->s = 1;
-
-    /*
-     * test trivial factors first
-     */
-    if( ( X->p[0] & 1 ) == 0 )
-        return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
-
-    for( i = 0; small_prime[i] > 0; i++ )
-    {
-        t_int r;
-
-        if( mpi_cmp_int( X, small_prime[i] ) <= 0 )
-            return( 0 );
-
-        MPI_CHK( mpi_mod_int( &r, X, small_prime[i] ) );
-
-        if( r == 0 )
-            return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
-    }
-
-    /*
-     * W = |X| - 1
-     * R = W >> lsb( W )
-     */
-    s = mpi_lsb( &W );
-    MPI_CHK( mpi_sub_int( &W, X, 1 ) );
-    MPI_CHK( mpi_copy( &R, &W ) );
-    MPI_CHK( mpi_shift_r( &R, s ) );
-
-    i = mpi_msb( X );
-    /*
-     * HAC, table 4.4
-     */
-    n = ( ( i >= 1300 ) ?  2 : ( i >=  850 ) ?  3 :
-          ( i >=  650 ) ?  4 : ( i >=  350 ) ?  8 :
-          ( i >=  250 ) ? 12 : ( i >=  150 ) ? 18 : 27 );
-
-    for( i = 0; i < n; i++ )
-    {
-        /*
-         * pick a random A, 1 < A < |X| - 1
-         */
-        MPI_CHK( mpi_grow( &A, X->n ) );
-
-        p = (unsigned char *) A.p;
-        for( j = 0; j < A.n * ciL; j++ )
-            *p++ = (unsigned char) f_rng( p_rng );
-
-        j = mpi_msb( &A ) - mpi_msb( &W );
-        MPI_CHK( mpi_shift_r( &A, j + 1 ) );
-        A.p[0] |= 3;
-
-        /*
-         * A = A^R mod |X|
-         */
-        MPI_CHK( mpi_exp_mod( &A, &A, &R, X, &RR ) );
-
-        if( mpi_cmp_mpi( &A, &W ) == 0 ||
-            mpi_cmp_int( &A,  1 ) == 0 )
-            continue;
-
-        j = 1;
-        while( j < s && mpi_cmp_mpi( &A, &W ) != 0 )
-        {
-            /*
-             * A = A * A mod |X|
-             */
-            MPI_CHK( mpi_mul_mpi( &T, &A, &A ) );
-            MPI_CHK( mpi_mod_mpi( &A, &T, X  ) );
-
-            if( mpi_cmp_int( &A, 1 ) == 0 )
-                break;
-
-            j++;
-        }
-
-        /*
-         * not prime if A != |X| - 1 or A == 1
-         */
-        if( mpi_cmp_mpi( &A, &W ) != 0 ||
-            mpi_cmp_int( &A,  1 ) == 0 )
-        {
-            ret = POLARSSL_ERR_MPI_NOT_ACCEPTABLE;
-            break;
-        }
-    }
-
-cleanup:
-
-    X->s = xs;
-
-    mpi_free( &RR, &A, &T, &R, &W, NULL );
-
-    return( ret );
-}
-
-/*
- * Prime number generation
- */
-int mpi_gen_prime( mpi *X, int nbits, int dh_flag,
-                   int (*f_rng)(void *), void *p_rng )
-{
-    int ret, k, n;
-    unsigned char *p;
-    mpi Y;
-
-    if( nbits < 3 )
-        return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
-
-    mpi_init( &Y, NULL );
-
-    n = BITS_TO_LIMBS( nbits );
-
-    MPI_CHK( mpi_grow( X, n ) );
-    MPI_CHK( mpi_lset( X, 0 ) );
-
-    p = (unsigned char *) X->p;
-    for( k = 0; k < X->n * ciL; k++ )
-        *p++ = (unsigned char) f_rng( p_rng );
-
-    k = mpi_msb( X );
-    if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) );
-    if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits ) );
-
-    X->p[0] |= 3;
-
-    if( dh_flag == 0 )
-    {
-        while( ( ret = mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
-        {
-            if( ret != POLARSSL_ERR_MPI_NOT_ACCEPTABLE )
-                goto cleanup;
-
-            MPI_CHK( mpi_add_int( X, X, 2 ) );
-        }
-    }
-    else
-    {
-        MPI_CHK( mpi_sub_int( &Y, X, 1 ) );
-        MPI_CHK( mpi_shift_r( &Y, 1 ) );
-
-        while( 1 )
-        {
-            if( ( ret = mpi_is_prime( X, f_rng, p_rng ) ) == 0 )
-            {
-                if( ( ret = mpi_is_prime( &Y, f_rng, p_rng ) ) == 0 )
-                    break;
-
-                if( ret != POLARSSL_ERR_MPI_NOT_ACCEPTABLE )
-                    goto cleanup;
-            }
-
-            if( ret != POLARSSL_ERR_MPI_NOT_ACCEPTABLE )
-                goto cleanup;
-
-            MPI_CHK( mpi_add_int( &Y, X, 1 ) );
-            MPI_CHK( mpi_add_int(  X, X, 2 ) );
-            MPI_CHK( mpi_shift_r( &Y, 1 ) );
-        }
-    }
-
-cleanup:
-
-    mpi_free( &Y, NULL );
-
-    return( ret );
-}
-
-#endif
-
-#if defined(POLARSSL_SELF_TEST)
-
-#define GCD_PAIR_COUNT	3
-
-static const int gcd_pairs[GCD_PAIR_COUNT][3] =
-{
-    { 693, 609, 21 },
-    { 1764, 868, 28 },
-    { 768454923, 542167814, 1 }
-};
-
-/*
- * Checkup routine
- */
-int mpi_self_test( int verbose )
-{
-    int ret, i;
-    mpi A, E, N, X, Y, U, V;
-
-    mpi_init( &A, &E, &N, &X, &Y, &U, &V, NULL );
-
-    MPI_CHK( mpi_read_string( &A, 16,
-        "EFE021C2645FD1DC586E69184AF4A31E" \
-        "D5F53E93B5F123FA41680867BA110131" \
-        "944FE7952E2517337780CB0DB80E61AA" \
-        "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
-
-    MPI_CHK( mpi_read_string( &E, 16,
-        "B2E7EFD37075B9F03FF989C7C5051C20" \
-        "34D2A323810251127E7BF8625A4F49A5" \
-        "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
-        "5B5C25763222FEFCCFC38B832366C29E" ) );
-
-    MPI_CHK( mpi_read_string( &N, 16,
-        "0066A198186C18C10B2F5ED9B522752A" \
-        "9830B69916E535C8F047518A889A43A5" \
-        "94B6BED27A168D31D4A52F88925AA8F5" ) );
-
-    MPI_CHK( mpi_mul_mpi( &X, &A, &N ) );
-
-    MPI_CHK( mpi_read_string( &U, 16,
-        "602AB7ECA597A3D6B56FF9829A5E8B85" \
-        "9E857EA95A03512E2BAE7391688D264A" \
-        "A5663B0341DB9CCFD2C4C5F421FEC814" \
-        "8001B72E848A38CAE1C65F78E56ABDEF" \
-        "E12D3C039B8A02D6BE593F0BBBDA56F1" \
-        "ECF677152EF804370C1A305CAF3B5BF1" \
-        "30879B56C61DE584A0F53A2447A51E" ) );
-
-    if( verbose != 0 )
-        printf( "  MPI test #1 (mul_mpi): " );
-
-    if( mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n" );
-
-    MPI_CHK( mpi_div_mpi( &X, &Y, &A, &N ) );
-
-    MPI_CHK( mpi_read_string( &U, 16,
-        "256567336059E52CAE22925474705F39A94" ) );
-
-    MPI_CHK( mpi_read_string( &V, 16,
-        "6613F26162223DF488E9CD48CC132C7A" \
-        "0AC93C701B001B092E4E5B9F73BCD27B" \
-        "9EE50D0657C77F374E903CDFA4C642" ) );
-
-    if( verbose != 0 )
-        printf( "  MPI test #2 (div_mpi): " );
-
-    if( mpi_cmp_mpi( &X, &U ) != 0 ||
-        mpi_cmp_mpi( &Y, &V ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n" );
-
-    MPI_CHK( mpi_exp_mod( &X, &A, &E, &N, NULL ) );
-
-    MPI_CHK( mpi_read_string( &U, 16,
-        "36E139AEA55215609D2816998ED020BB" \
-        "BD96C37890F65171D948E9BC7CBAA4D9" \
-        "325D24D6A3C12710F10A09FA08AB87" ) );
-
-    if( verbose != 0 )
-        printf( "  MPI test #3 (exp_mod): " );
-
-    if( mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n" );
-
-    MPI_CHK( mpi_inv_mod( &X, &A, &N ) );
-
-    MPI_CHK( mpi_read_string( &U, 16,
-        "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
-        "C3DBA76456363A10869622EAC2DD84EC" \
-        "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
-
-    if( verbose != 0 )
-        printf( "  MPI test #4 (inv_mod): " );
-
-    if( mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n" );
-
-    if( verbose != 0 )
-        printf( "  MPI test #5 (simple gcd): " );
-
-    for ( i = 0; i < GCD_PAIR_COUNT; i++)
-    {
-        MPI_CHK( mpi_lset( &X, gcd_pairs[i][0] ) );
-	MPI_CHK( mpi_lset( &Y, gcd_pairs[i][1] ) );
-
-	MPI_CHK( mpi_gcd( &A, &X, &Y ) );
-
-	if( mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
-	{
-		if( verbose != 0 )
-			printf( "failed at %d\n", i );
-
-		return( 1 );
-	}
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n" );
-
-cleanup:
-
-    if( ret != 0 && verbose != 0 )
-        printf( "Unexpected error, return code = %08X\n", ret );
-
-    mpi_free( &V, &U, &Y, &X, &N, &E, &A, NULL );
-
-    if( verbose != 0 )
-        printf( "\n" );
-
-    return( ret );
-}
-
-#endif
-
-#endif
diff --git a/package/utils/px5g-standalone/src/library/rsa.c b/package/utils/px5g-standalone/src/library/rsa.c
deleted file mode 100644
index 131b6c6c9c..0000000000
--- a/package/utils/px5g-standalone/src/library/rsa.c
+++ /dev/null
@@ -1,750 +0,0 @@
-/*
- *  The RSA public-key cryptosystem
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*
- *  RSA was designed by Ron Rivest, Adi Shamir and Len Adleman.
- *
- *  http://theory.lcs.mit.edu/~rivest/rsapaper.pdf
- *  http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_RSA_C)
-
-#include "polarssl/rsa.h"
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-/*
- * Initialize an RSA context
- */
-void rsa_init( rsa_context *ctx,
-               int padding,
-               int hash_id,
-               int (*f_rng)(void *),
-               void *p_rng )
-{
-    memset( ctx, 0, sizeof( rsa_context ) );
-
-    ctx->padding = padding;
-    ctx->hash_id = hash_id;
-
-    ctx->f_rng = f_rng;
-    ctx->p_rng = p_rng;
-}
-
-#if defined(POLARSSL_GENPRIME)
-
-/*
- * Generate an RSA keypair
- */
-int rsa_gen_key( rsa_context *ctx, int nbits, int exponent )
-{
-    int ret;
-    mpi P1, Q1, H, G;
-
-    if( ctx->f_rng == NULL || nbits < 128 || exponent < 3 )
-        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
-    mpi_init( &P1, &Q1, &H, &G, NULL );
-
-    /*
-     * find primes P and Q with Q < P so that:
-     * GCD( E, (P-1)*(Q-1) ) == 1
-     */
-    MPI_CHK( mpi_lset( &ctx->E, exponent ) );
-
-    do
-    {
-        MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0, 
-                                ctx->f_rng, ctx->p_rng ) );
-
-        MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
-                                ctx->f_rng, ctx->p_rng ) );
-
-        if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
-            mpi_swap( &ctx->P, &ctx->Q );
-
-        if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
-            continue;
-
-        MPI_CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
-        if( mpi_msb( &ctx->N ) != nbits )
-            continue;
-
-        MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
-        MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
-        MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
-        MPI_CHK( mpi_gcd( &G, &ctx->E, &H  ) );
-    }
-    while( mpi_cmp_int( &G, 1 ) != 0 );
-
-    /*
-     * D  = E^-1 mod ((P-1)*(Q-1))
-     * DP = D mod (P - 1)
-     * DQ = D mod (Q - 1)
-     * QP = Q^-1 mod P
-     */
-    MPI_CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H  ) );
-    MPI_CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
-    MPI_CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
-    MPI_CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
-
-    ctx->len = ( mpi_msb( &ctx->N ) + 7 ) >> 3;
-
-cleanup:
-
-    mpi_free( &G, &H, &Q1, &P1, NULL );
-
-    if( ret != 0 )
-    {
-        rsa_free( ctx );
-        return( POLARSSL_ERR_RSA_KEY_GEN_FAILED | ret );
-    }
-
-    return( 0 );   
-}
-
-#endif
-
-/*
- * Check a public RSA key
- */
-int rsa_check_pubkey( rsa_context *ctx )
-{
-    if( ( ctx->N.p[0] & 1 ) == 0 || 
-        ( ctx->E.p[0] & 1 ) == 0 )
-        return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
-    if( mpi_msb( &ctx->N ) < 128 ||
-        mpi_msb( &ctx->N ) > 4096 )
-        return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
-    if( mpi_msb( &ctx->E ) < 2 ||
-        mpi_msb( &ctx->E ) > 64 )
-        return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
-
-    return( 0 );
-}
-
-/*
- * Check a private RSA key
- */
-int rsa_check_privkey( rsa_context *ctx )
-{
-    int ret;
-    mpi PQ, DE, P1, Q1, H, I, G;
-
-    if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
-        return( ret );
-
-    mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL );
-
-    MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
-    MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
-    MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
-    MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
-    MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
-    MPI_CHK( mpi_mod_mpi( &I, &DE, &H  ) );
-    MPI_CHK( mpi_gcd( &G, &ctx->E, &H  ) );
-
-    if( mpi_cmp_mpi( &PQ, &ctx->N ) == 0 &&
-        mpi_cmp_int( &I, 1 ) == 0 &&
-        mpi_cmp_int( &G, 1 ) == 0 )
-    {
-        mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
-        return( 0 );
-    }
-
-cleanup:
-
-    mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
-    return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED | ret );
-}
-
-/*
- * Do an RSA public key operation
- */
-int rsa_public( rsa_context *ctx,
-                unsigned char *input,
-                unsigned char *output )
-{
-    int ret, olen;
-    mpi T;
-
-    mpi_init( &T, NULL );
-
-    MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
-
-    if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
-        mpi_free( &T, NULL );
-        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    olen = ctx->len;
-    MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
-    MPI_CHK( mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-
-    mpi_free( &T, NULL );
-
-    if( ret != 0 )
-        return( POLARSSL_ERR_RSA_PUBLIC_FAILED | ret );
-
-    return( 0 );
-}
-
-/*
- * Do an RSA private key operation
- */
-int rsa_private( rsa_context *ctx,
-                 unsigned char *input,
-                 unsigned char *output )
-{
-    int ret, olen;
-    mpi T, T1, T2;
-
-    mpi_init( &T, &T1, &T2, NULL );
-
-    MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
-
-    if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
-        mpi_free( &T, NULL );
-        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-#if 0
-    MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
-#else
-    /*
-     * faster decryption using the CRT
-     *
-     * T1 = input ^ dP mod P
-     * T2 = input ^ dQ mod Q
-     */
-    MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
-    MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
-
-    /*
-     * T = (T1 - T2) * (Q^-1 mod P) mod P
-     */
-    MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
-    MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
-    MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
-
-    /*
-     * output = T2 + T * Q
-     */
-    MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
-    MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
-#endif
-
-    olen = ctx->len;
-    MPI_CHK( mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-
-    mpi_free( &T, &T1, &T2, NULL );
-
-    if( ret != 0 )
-        return( POLARSSL_ERR_RSA_PRIVATE_FAILED | ret );
-
-    return( 0 );
-}
-
-/*
- * Add the message padding, then do an RSA operation
- */
-int rsa_pkcs1_encrypt( rsa_context *ctx,
-                       int mode, int  ilen,
-                       unsigned char *input,
-                       unsigned char *output )
-{
-    int nb_pad, olen;
-    unsigned char *p = output;
-
-    olen = ctx->len;
-
-    switch( ctx->padding )
-    {
-        case RSA_PKCS_V15:
-
-            if( ilen < 0 || olen < ilen + 11 )
-                return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
-            nb_pad = olen - 3 - ilen;
-
-            *p++ = 0;
-            *p++ = RSA_CRYPT;
-
-            while( nb_pad-- > 0 )
-            {
-                do {
-                    *p = (unsigned char) rand();
-                } while( *p == 0 );
-                p++;
-            }
-            *p++ = 0;
-            memcpy( p, input, ilen );
-            break;
-
-        default:
-
-            return( POLARSSL_ERR_RSA_INVALID_PADDING );
-    }
-
-    return( ( mode == RSA_PUBLIC )
-            ? rsa_public(  ctx, output, output )
-            : rsa_private( ctx, output, output ) );
-}
-
-/*
- * Do an RSA operation, then remove the message padding
- */
-int rsa_pkcs1_decrypt( rsa_context *ctx,
-                       int mode, int *olen,
-                       unsigned char *input,
-                       unsigned char *output,
-		       int output_max_len)
-{
-    int ret, ilen;
-    unsigned char *p;
-    unsigned char buf[512];
-
-    ilen = ctx->len;
-
-    if( ilen < 16 || ilen > (int) sizeof( buf ) )
-        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
-    ret = ( mode == RSA_PUBLIC )
-          ? rsa_public(  ctx, input, buf )
-          : rsa_private( ctx, input, buf );
-
-    if( ret != 0 )
-        return( ret );
-
-    p = buf;
-
-    switch( ctx->padding )
-    {
-        case RSA_PKCS_V15:
-
-            if( *p++ != 0 || *p++ != RSA_CRYPT )
-                return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
-            while( *p != 0 )
-            {
-                if( p >= buf + ilen - 1 )
-                    return( POLARSSL_ERR_RSA_INVALID_PADDING );
-                p++;
-            }
-            p++;
-            break;
-
-        default:
-
-            return( POLARSSL_ERR_RSA_INVALID_PADDING );
-    }
-
-    if (ilen - (int)(p - buf) > output_max_len)
-    	return( POLARSSL_ERR_RSA_OUTPUT_TO_LARGE );
-
-    *olen = ilen - (int)(p - buf);
-    memcpy( output, p, *olen );
-
-    return( 0 );
-}
-
-/*
- * Do an RSA operation to sign the message digest
- */
-int rsa_pkcs1_sign( rsa_context *ctx,
-                    int mode,
-                    int hash_id,
-                    int hashlen,
-                    unsigned char *hash,
-                    unsigned char *sig )
-{
-    int nb_pad, olen;
-    unsigned char *p = sig;
-
-    olen = ctx->len;
-
-    switch( ctx->padding )
-    {
-        case RSA_PKCS_V15:
-
-            switch( hash_id )
-            {
-                case RSA_RAW:
-                    nb_pad = olen - 3 - hashlen;
-                    break;
-
-                case RSA_MD2:
-                case RSA_MD4:
-                case RSA_MD5:
-                    nb_pad = olen - 3 - 34;
-                    break;
-
-                case RSA_SHA1:
-                    nb_pad = olen - 3 - 35;
-                    break;
-
-                default:
-                    return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-            }
-
-            if( nb_pad < 8 )
-                return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
-            *p++ = 0;
-            *p++ = RSA_SIGN;
-            memset( p, 0xFF, nb_pad );
-            p += nb_pad;
-            *p++ = 0;
-            break;
-
-        default:
-
-            return( POLARSSL_ERR_RSA_INVALID_PADDING );
-    }
-
-    switch( hash_id )
-    {
-        case RSA_RAW:
-            memcpy( p, hash, hashlen );
-            break;
-
-        case RSA_MD2:
-            memcpy( p, ASN1_HASH_MDX, 18 );
-            memcpy( p + 18, hash, 16 );
-            p[13] = 2; break;
-
-        case RSA_MD4:
-            memcpy( p, ASN1_HASH_MDX, 18 );
-            memcpy( p + 18, hash, 16 );
-            p[13] = 4; break;
-
-        case RSA_MD5:
-            memcpy( p, ASN1_HASH_MDX, 18 );
-            memcpy( p + 18, hash, 16 );
-            p[13] = 5; break;
-
-        case RSA_SHA1:
-            memcpy( p, ASN1_HASH_SHA1, 15 );
-            memcpy( p + 15, hash, 20 );
-            break;
-
-        default:
-            return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    return( ( mode == RSA_PUBLIC )
-            ? rsa_public(  ctx, sig, sig )
-            : rsa_private( ctx, sig, sig ) );
-}
-
-/*
- * Do an RSA operation and check the message digest
- */
-int rsa_pkcs1_verify( rsa_context *ctx,
-                      int mode,
-                      int hash_id,
-                      int hashlen,
-                      unsigned char *hash,
-                      unsigned char *sig )
-{
-    int ret, len, siglen;
-    unsigned char *p, c;
-    unsigned char buf[512];
-
-    siglen = ctx->len;
-
-    if( siglen < 16 || siglen > (int) sizeof( buf ) )
-        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
-    ret = ( mode == RSA_PUBLIC )
-          ? rsa_public(  ctx, sig, buf )
-          : rsa_private( ctx, sig, buf );
-
-    if( ret != 0 )
-        return( ret );
-
-    p = buf;
-
-    switch( ctx->padding )
-    {
-        case RSA_PKCS_V15:
-
-            if( *p++ != 0 || *p++ != RSA_SIGN )
-                return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
-            while( *p != 0 )
-            {
-                if( p >= buf + siglen - 1 || *p != 0xFF )
-                    return( POLARSSL_ERR_RSA_INVALID_PADDING );
-                p++;
-            }
-            p++;
-            break;
-
-        default:
-
-            return( POLARSSL_ERR_RSA_INVALID_PADDING );
-    }
-
-    len = siglen - (int)( p - buf );
-
-    if( len == 34 )
-    {
-        c = p[13];
-        p[13] = 0;
-
-        if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 )
-            return( POLARSSL_ERR_RSA_VERIFY_FAILED );
-
-        if( ( c == 2 && hash_id == RSA_MD2 ) ||
-            ( c == 4 && hash_id == RSA_MD4 ) ||
-            ( c == 5 && hash_id == RSA_MD5 ) )
-        {
-            if( memcmp( p + 18, hash, 16 ) == 0 ) 
-                return( 0 );
-            else
-                return( POLARSSL_ERR_RSA_VERIFY_FAILED );
-        }
-    }
-
-    if( len == 35 && hash_id == RSA_SHA1 )
-    {
-        if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 &&
-            memcmp( p + 15, hash, 20 ) == 0 )
-            return( 0 );
-        else
-            return( POLARSSL_ERR_RSA_VERIFY_FAILED );
-    }
-
-    if( len == hashlen && hash_id == RSA_RAW )
-    {
-        if( memcmp( p, hash, hashlen ) == 0 )
-            return( 0 );
-        else
-            return( POLARSSL_ERR_RSA_VERIFY_FAILED );
-    }
-
-    return( POLARSSL_ERR_RSA_INVALID_PADDING );
-}
-
-/*
- * Free the components of an RSA key
- */
-void rsa_free( rsa_context *ctx )
-{
-    mpi_free( &ctx->RQ, &ctx->RP, &ctx->RN,
-              &ctx->QP, &ctx->DQ, &ctx->DP,
-              &ctx->Q,  &ctx->P,  &ctx->D,
-              &ctx->E,  &ctx->N,  NULL );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-
-#include "polarssl/sha1.h"
-
-/*
- * Example RSA-1024 keypair, for test purposes
- */
-#define KEY_LEN 128
-
-#define RSA_N   "9292758453063D803DD603D5E777D788" \
-                "8ED1D5BF35786190FA2F23EBC0848AEA" \
-                "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
-                "7130B9CED7ACDF54CFC7555AC14EEBAB" \
-                "93A89813FBF3C4F8066D2D800F7C38A8" \
-                "1AE31942917403FF4946B0A83D3D3E05" \
-                "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
-                "5E94BB77B07507233A0BC7BAC8F90F79"
-
-#define RSA_E   "10001"
-
-#define RSA_D   "24BF6185468786FDD303083D25E64EFC" \
-                "66CA472BC44D253102F8B4A9D3BFA750" \
-                "91386C0077937FE33FA3252D28855837" \
-                "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
-                "DF79C5CE07EE72C7F123142198164234" \
-                "CABB724CF78B8173B9F880FC86322407" \
-                "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
-                "071513A1E85B5DFA031F21ECAE91A34D"
-
-#define RSA_P   "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
-                "2C01CAD19EA484A87EA4377637E75500" \
-                "FCB2005C5C7DD6EC4AC023CDA285D796" \
-                "C3D9E75E1EFC42488BB4F1D13AC30A57"
-
-#define RSA_Q   "C000DF51A7C77AE8D7C7370C1FF55B69" \
-                "E211C2B9E5DB1ED0BF61D0D9899620F4" \
-                "910E4168387E3C30AA1E00C339A79508" \
-                "8452DD96A9A5EA5D9DCA68DA636032AF"
-
-#define RSA_DP  "C1ACF567564274FB07A0BBAD5D26E298" \
-                "3C94D22288ACD763FD8E5600ED4A702D" \
-                "F84198A5F06C2E72236AE490C93F07F8" \
-                "3CC559CD27BC2D1CA488811730BB5725"
-
-#define RSA_DQ  "4959CBF6F8FEF750AEE6977C155579C7" \
-                "D8AAEA56749EA28623272E4F7D0592AF" \
-                "7C1F1313CAC9471B5C523BFE592F517B" \
-                "407A1BD76C164B93DA2D32A383E58357"
-
-#define RSA_QP  "9AE7FBC99546432DF71896FC239EADAE" \
-                "F38D18D2B2F0E2DD275AA977E2BF4411" \
-                "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
-                "A74206CEC169D74BF5A8C50D6F48EA08"
-
-#define PT_LEN  24
-#define RSA_PT  "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
-                "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
-
-/*
- * Checkup routine
- */
-int rsa_self_test( int verbose )
-{
-    int len;
-    rsa_context rsa;
-    unsigned char sha1sum[20];
-    unsigned char rsa_plaintext[PT_LEN];
-    unsigned char rsa_decrypted[PT_LEN];
-    unsigned char rsa_ciphertext[KEY_LEN];
-
-    memset( &rsa, 0, sizeof( rsa_context ) );
-
-    rsa.len = KEY_LEN;
-    mpi_read_string( &rsa.N , 16, RSA_N  );
-    mpi_read_string( &rsa.E , 16, RSA_E  );
-    mpi_read_string( &rsa.D , 16, RSA_D  );
-    mpi_read_string( &rsa.P , 16, RSA_P  );
-    mpi_read_string( &rsa.Q , 16, RSA_Q  );
-    mpi_read_string( &rsa.DP, 16, RSA_DP );
-    mpi_read_string( &rsa.DQ, 16, RSA_DQ );
-    mpi_read_string( &rsa.QP, 16, RSA_QP );
-
-    if( verbose != 0 )
-        printf( "  RSA key validation: " );
-
-    if( rsa_check_pubkey(  &rsa ) != 0 ||
-        rsa_check_privkey( &rsa ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n  PKCS#1 encryption : " );
-
-    memcpy( rsa_plaintext, RSA_PT, PT_LEN );
-
-    if( rsa_pkcs1_encrypt( &rsa, RSA_PUBLIC, PT_LEN,
-                           rsa_plaintext, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n  PKCS#1 decryption : " );
-
-    if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
-                           rsa_ciphertext, rsa_decrypted,
-			   sizeof(rsa_decrypted) ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n  PKCS#1 data sign  : " );
-
-    sha1( rsa_plaintext, PT_LEN, sha1sum );
-
-    if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, RSA_SHA1, 20,
-                        sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n  PKCS#1 sig. verify: " );
-
-    if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1, 20,
-                          sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        printf( "passed\n\n" );
-
-    rsa_free( &rsa );
-
-    return( 0 );
-}
-
-#endif
-
-#endif
diff --git a/package/utils/px5g-standalone/src/library/sha1.c b/package/utils/px5g-standalone/src/library/sha1.c
deleted file mode 100644
index 54a4416f31..0000000000
--- a/package/utils/px5g-standalone/src/library/sha1.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/*
- *  FIPS-180-1 compliant SHA-1 implementation
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*
- *  The SHA-1 standard was published by NIST in 1993.
- *
- *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_SHA1_C)
-
-#include "polarssl/sha1.h"
-
-#include <string.h>
-#include <stdio.h>
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_ULONG_BE
-#define GET_ULONG_BE(n,b,i)                             \
-{                                                       \
-    (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
-        | ( (unsigned long) (b)[(i) + 1] << 16 )        \
-        | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
-        | ( (unsigned long) (b)[(i) + 3]       );       \
-}
-#endif
-
-#ifndef PUT_ULONG_BE
-#define PUT_ULONG_BE(n,b,i)                             \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-/*
- * SHA-1 context setup
- */
-void sha1_starts( sha1_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-    ctx->state[4] = 0xC3D2E1F0;
-}
-
-static void sha1_process( sha1_context *ctx, unsigned char data[64] )
-{
-    unsigned long temp, W[16], A, B, C, D, E;
-
-    GET_ULONG_BE( W[ 0], data,  0 );
-    GET_ULONG_BE( W[ 1], data,  4 );
-    GET_ULONG_BE( W[ 2], data,  8 );
-    GET_ULONG_BE( W[ 3], data, 12 );
-    GET_ULONG_BE( W[ 4], data, 16 );
-    GET_ULONG_BE( W[ 5], data, 20 );
-    GET_ULONG_BE( W[ 6], data, 24 );
-    GET_ULONG_BE( W[ 7], data, 28 );
-    GET_ULONG_BE( W[ 8], data, 32 );
-    GET_ULONG_BE( W[ 9], data, 36 );
-    GET_ULONG_BE( W[10], data, 40 );
-    GET_ULONG_BE( W[11], data, 44 );
-    GET_ULONG_BE( W[12], data, 48 );
-    GET_ULONG_BE( W[13], data, 52 );
-    GET_ULONG_BE( W[14], data, 56 );
-    GET_ULONG_BE( W[15], data, 60 );
-
-#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
-
-#define R(t)                                            \
-(                                                       \
-    temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^     \
-           W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],      \
-    ( W[t & 0x0F] = S(temp,1) )                         \
-)
-
-#define P(a,b,c,d,e,x)                                  \
-{                                                       \
-    e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
-}
-
-    A = ctx->state[0];
-    B = ctx->state[1];
-    C = ctx->state[2];
-    D = ctx->state[3];
-    E = ctx->state[4];
-
-#define F(x,y,z) (z ^ (x & (y ^ z)))
-#define K 0x5A827999
-
-    P( A, B, C, D, E, W[0]  );
-    P( E, A, B, C, D, W[1]  );
-    P( D, E, A, B, C, W[2]  );
-    P( C, D, E, A, B, W[3]  );
-    P( B, C, D, E, A, W[4]  );
-    P( A, B, C, D, E, W[5]  );
-    P( E, A, B, C, D, W[6]  );
-    P( D, E, A, B, C, W[7]  );
-    P( C, D, E, A, B, W[8]  );
-    P( B, C, D, E, A, W[9]  );
-    P( A, B, C, D, E, W[10] );
-    P( E, A, B, C, D, W[11] );
-    P( D, E, A, B, C, W[12] );
-    P( C, D, E, A, B, W[13] );
-    P( B, C, D, E, A, W[14] );
-    P( A, B, C, D, E, W[15] );
-    P( E, A, B, C, D, R(16) );
-    P( D, E, A, B, C, R(17) );
-    P( C, D, E, A, B, R(18) );
-    P( B, C, D, E, A, R(19) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) (x ^ y ^ z)
-#define K 0x6ED9EBA1
-
-    P( A, B, C, D, E, R(20) );
-    P( E, A, B, C, D, R(21) );
-    P( D, E, A, B, C, R(22) );
-    P( C, D, E, A, B, R(23) );
-    P( B, C, D, E, A, R(24) );
-    P( A, B, C, D, E, R(25) );
-    P( E, A, B, C, D, R(26) );
-    P( D, E, A, B, C, R(27) );
-    P( C, D, E, A, B, R(28) );
-    P( B, C, D, E, A, R(29) );
-    P( A, B, C, D, E, R(30) );
-    P( E, A, B, C, D, R(31) );
-    P( D, E, A, B, C, R(32) );
-    P( C, D, E, A, B, R(33) );
-    P( B, C, D, E, A, R(34) );
-    P( A, B, C, D, E, R(35) );
-    P( E, A, B, C, D, R(36) );
-    P( D, E, A, B, C, R(37) );
-    P( C, D, E, A, B, R(38) );
-    P( B, C, D, E, A, R(39) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) ((x & y) | (z & (x | y)))
-#define K 0x8F1BBCDC
-
-    P( A, B, C, D, E, R(40) );
-    P( E, A, B, C, D, R(41) );
-    P( D, E, A, B, C, R(42) );
-    P( C, D, E, A, B, R(43) );
-    P( B, C, D, E, A, R(44) );
-    P( A, B, C, D, E, R(45) );
-    P( E, A, B, C, D, R(46) );
-    P( D, E, A, B, C, R(47) );
-    P( C, D, E, A, B, R(48) );
-    P( B, C, D, E, A, R(49) );
-    P( A, B, C, D, E, R(50) );
-    P( E, A, B, C, D, R(51) );
-    P( D, E, A, B, C, R(52) );
-    P( C, D, E, A, B, R(53) );
-    P( B, C, D, E, A, R(54) );
-    P( A, B, C, D, E, R(55) );
-    P( E, A, B, C, D, R(56) );
-    P( D, E, A, B, C, R(57) );
-    P( C, D, E, A, B, R(58) );
-    P( B, C, D, E, A, R(59) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) (x ^ y ^ z)
-#define K 0xCA62C1D6
-
-    P( A, B, C, D, E, R(60) );
-    P( E, A, B, C, D, R(61) );
-    P( D, E, A, B, C, R(62) );
-    P( C, D, E, A, B, R(63) );
-    P( B, C, D, E, A, R(64) );
-    P( A, B, C, D, E, R(65) );
-    P( E, A, B, C, D, R(66) );
-    P( D, E, A, B, C, R(67) );
-    P( C, D, E, A, B, R(68) );
-    P( B, C, D, E, A, R(69) );
-    P( A, B, C, D, E, R(70) );
-    P( E, A, B, C, D, R(71) );
-    P( D, E, A, B, C, R(72) );
-    P( C, D, E, A, B, R(73) );
-    P( B, C, D, E, A, R(74) );
-    P( A, B, C, D, E, R(75) );
-    P( E, A, B, C, D, R(76) );
-    P( D, E, A, B, C, R(77) );
-    P( C, D, E, A, B, R(78) );
-    P( B, C, D, E, A, R(79) );
-
-#undef K
-#undef F
-
-    ctx->state[0] += A;
-    ctx->state[1] += B;
-    ctx->state[2] += C;
-    ctx->state[3] += D;
-    ctx->state[4] += E;
-}
-
-/*
- * SHA-1 process buffer
- */
-void sha1_update( sha1_context *ctx, unsigned char *input, int ilen )
-{
-    int fill;
-    unsigned long left;
-
-    if( ilen <= 0 )
-        return;
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (unsigned long) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left),
-                (void *) input, fill );
-        sha1_process( ctx, ctx->buffer );
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        sha1_process( ctx, input );
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left),
-                (void *) input, ilen );
-    }
-}
-
-static const unsigned char sha1_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * SHA-1 final digest
- */
-void sha1_finish( sha1_context *ctx, unsigned char output[20] )
-{
-    unsigned long last, padn;
-    unsigned long high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    PUT_ULONG_BE( high, msglen, 0 );
-    PUT_ULONG_BE( low,  msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    sha1_update( ctx, (unsigned char *) sha1_padding, padn );
-    sha1_update( ctx, msglen, 8 );
-
-    PUT_ULONG_BE( ctx->state[0], output,  0 );
-    PUT_ULONG_BE( ctx->state[1], output,  4 );
-    PUT_ULONG_BE( ctx->state[2], output,  8 );
-    PUT_ULONG_BE( ctx->state[3], output, 12 );
-    PUT_ULONG_BE( ctx->state[4], output, 16 );
-}
-
-/*
- * output = SHA-1( input buffer )
- */
-void sha1( unsigned char *input, int ilen, unsigned char output[20] )
-{
-    sha1_context ctx;
-
-    sha1_starts( &ctx );
-    sha1_update( &ctx, input, ilen );
-    sha1_finish( &ctx, output );
-
-    memset( &ctx, 0, sizeof( sha1_context ) );
-}
-
-/*
- * output = SHA-1( file contents )
- */
-int sha1_file( char *path, unsigned char output[20] )
-{
-    FILE *f;
-    size_t n;
-    sha1_context ctx;
-    unsigned char buf[1024];
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
-
-    sha1_starts( &ctx );
-
-    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
-        sha1_update( &ctx, buf, (int) n );
-
-    sha1_finish( &ctx, output );
-
-    memset( &ctx, 0, sizeof( sha1_context ) );
-
-    if( ferror( f ) != 0 )
-    {
-        fclose( f );
-        return( 2 );
-    }
-
-    fclose( f );
-    return( 0 );
-}
-
-/*
- * SHA-1 HMAC context setup
- */
-void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen )
-{
-    int i;
-    unsigned char sum[20];
-
-    if( keylen > 64 )
-    {
-        sha1( key, keylen, sum );
-        keylen = 20;
-        key = sum;
-    }
-
-    memset( ctx->ipad, 0x36, 64 );
-    memset( ctx->opad, 0x5C, 64 );
-
-    for( i = 0; i < keylen; i++ )
-    {
-        ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
-        ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
-    }
-
-    sha1_starts( ctx );
-    sha1_update( ctx, ctx->ipad, 64 );
-
-    memset( sum, 0, sizeof( sum ) );
-}
-
-/*
- * SHA-1 HMAC process buffer
- */
-void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen )
-{
-    sha1_update( ctx, input, ilen );
-}
-
-/*
- * SHA-1 HMAC final digest
- */
-void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
-{
-    unsigned char tmpbuf[20];
-
-    sha1_finish( ctx, tmpbuf );
-    sha1_starts( ctx );
-    sha1_update( ctx, ctx->opad, 64 );
-    sha1_update( ctx, tmpbuf, 20 );
-    sha1_finish( ctx, output );
-
-    memset( tmpbuf, 0, sizeof( tmpbuf ) );
-}
-
-/*
- * output = HMAC-SHA-1( hmac key, input buffer )
- */
-void sha1_hmac( unsigned char *key, int keylen,
-                unsigned char *input, int ilen,
-                unsigned char output[20] )
-{
-    sha1_context ctx;
-
-    sha1_hmac_starts( &ctx, key, keylen );
-    sha1_hmac_update( &ctx, input, ilen );
-    sha1_hmac_finish( &ctx, output );
-
-    memset( &ctx, 0, sizeof( sha1_context ) );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-/*
- * FIPS-180-1 test vectors
- */
-static unsigned char sha1_test_buf[3][57] = 
-{
-    { "abc" },
-    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-    { "" }
-};
-
-static const int sha1_test_buflen[3] =
-{
-    3, 56, 1000
-};
-
-static const unsigned char sha1_test_sum[3][20] =
-{
-    { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
-      0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
-    { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
-      0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
-    { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
-      0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
-};
-
-/*
- * RFC 2202 test vectors
- */
-static unsigned char sha1_hmac_test_key[7][26] =
-{
-    { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
-      "\x0B\x0B\x0B\x0B" },
-    { "Jefe" },
-    { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-      "\xAA\xAA\xAA\xAA" },
-    { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
-      "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
-    { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
-      "\x0C\x0C\x0C\x0C" },
-    { "" }, /* 0xAA 80 times */
-    { "" }
-};
-
-static const int sha1_hmac_test_keylen[7] =
-{
-    20, 4, 20, 25, 20, 80, 80
-};
-
-static unsigned char sha1_hmac_test_buf[7][74] =
-{
-    { "Hi There" },
-    { "what do ya want for nothing?" },
-    { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
-    { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
-      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
-      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
-      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
-      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
-    { "Test With Truncation" },
-    { "Test Using Larger Than Block-Size Key - Hash Key First" },
-    { "Test Using Larger Than Block-Size Key and Larger"
-      " Than One Block-Size Data" }
-};
-
-static const int sha1_hmac_test_buflen[7] =
-{
-    8, 28, 50, 50, 20, 54, 73
-};
-
-static const unsigned char sha1_hmac_test_sum[7][20] =
-{
-    { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
-      0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
-    { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
-      0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
-    { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
-      0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
-    { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
-      0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
-    { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
-      0x7B, 0xE1 },
-    { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
-      0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
-    { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
-      0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
-};
-
-/*
- * Checkup routine
- */
-int sha1_self_test( int verbose )
-{
-    int i, j, buflen;
-    unsigned char buf[1024];
-    unsigned char sha1sum[20];
-    sha1_context ctx;
-
-    /*
-     * SHA-1
-     */
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            printf( "  SHA-1 test #%d: ", i + 1 );
-
-        sha1_starts( &ctx );
-
-        if( i == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
-
-            for( j = 0; j < 1000; j++ )
-                sha1_update( &ctx, buf, buflen );
-        }
-        else
-            sha1_update( &ctx, sha1_test_buf[i],
-                               sha1_test_buflen[i] );
-
-        sha1_finish( &ctx, sha1sum );
-
-        if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
-        {
-            if( verbose != 0 )
-                printf( "failed\n" );
-
-            return( 1 );
-        }
-
-        if( verbose != 0 )
-            printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        printf( "\n" );
-
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            printf( "  HMAC-SHA-1 test #%d: ", i + 1 );
-
-        if( i == 5 || i == 6 )
-        {
-            memset( buf, '\xAA', buflen = 80 );
-            sha1_hmac_starts( &ctx, buf, buflen );
-        }
-        else
-            sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
-                                    sha1_hmac_test_keylen[i] );
-
-        sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
-                                sha1_hmac_test_buflen[i] );
-
-        sha1_hmac_finish( &ctx, sha1sum );
-
-        buflen = ( i == 4 ) ? 12 : 20;
-
-        if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
-        {
-            if( verbose != 0 )
-                printf( "failed\n" );
-
-            return( 1 );
-        }
-
-        if( verbose != 0 )
-            printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        printf( "\n" );
-
-    return( 0 );
-}
-
-#endif
-
-#endif
diff --git a/package/utils/px5g-standalone/src/library/timing.c b/package/utils/px5g-standalone/src/library/timing.c
deleted file mode 100644
index 6b7ab740e1..0000000000
--- a/package/utils/px5g-standalone/src/library/timing.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- *  Portable interface to the CPU cycle counter
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_TIMING_C)
-
-#include "polarssl/timing.h"
-
-#if defined(WIN32)
-
-#include <windows.h>
-#include <winbase.h>
-
-struct _hr_time
-{
-    LARGE_INTEGER start;
-};
-
-#else
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <signal.h>
-#include <time.h>
-
-struct _hr_time
-{
-    struct timeval start;
-};
-
-#endif
-
-#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-
-unsigned long hardclock( void )
-{
-    unsigned long tsc;
-    __asm   rdtsc
-    __asm   mov  [tsc], eax
-    return( tsc );
-}
-
-#else
-#if defined(__GNUC__) && defined(__i386__)
-
-unsigned long hardclock( void )
-{
-    unsigned long tsc;
-    asm( "rdtsc" : "=a" (tsc) );
-    return( tsc );
-}
-
-#else
-#if defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__))
-
-unsigned long hardclock( void )
-{
-    unsigned long lo, hi;
-    asm( "rdtsc" : "=a" (lo), "=d" (hi) );
-    return( lo | (hi << 32) );
-}
-
-#else
-#if defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__))
-
-unsigned long hardclock( void )
-{
-    unsigned long tbl, tbu0, tbu1;
-
-    do
-    {
-        asm( "mftbu %0" : "=r" (tbu0) );
-        asm( "mftb  %0" : "=r" (tbl ) );
-        asm( "mftbu %0" : "=r" (tbu1) );
-    }
-    while( tbu0 != tbu1 );
-
-    return( tbl );
-}
-
-#else
-#if defined(__GNUC__) && defined(__sparc__)
-
-unsigned long hardclock( void )
-{
-    unsigned long tick;
-    asm( ".byte 0x83, 0x41, 0x00, 0x00" );
-    asm( "mov   %%g1, %0" : "=r" (tick) );
-    return( tick );
-}
-
-#else
-#if defined(__GNUC__) && defined(__alpha__)
-
-unsigned long hardclock( void )
-{
-    unsigned long cc;
-    asm( "rpcc %0" : "=r" (cc) );
-    return( cc & 0xFFFFFFFF );
-}
-
-#else
-#if defined(__GNUC__) && defined(__ia64__)
-
-unsigned long hardclock( void )
-{
-    unsigned long itc;
-    asm( "mov %0 = ar.itc" : "=r" (itc) );
-    return( itc );
-}
-
-#else
-
-static int hardclock_init = 0;
-static struct timeval tv_init;
-
-unsigned long hardclock( void )
-{
-    struct timeval tv_cur;
-
-    if( hardclock_init == 0 )
-    {
-        gettimeofday( &tv_init, NULL );
-        hardclock_init = 1;
-    }
-
-    gettimeofday( &tv_cur, NULL );
-    return( ( tv_cur.tv_sec  - tv_init.tv_sec  ) * 1000000
-          + ( tv_cur.tv_usec - tv_init.tv_usec ) );
-}
-
-#endif /* generic */
-#endif /* IA-64   */
-#endif /* Alpha   */
-#endif /* SPARC8  */
-#endif /* PowerPC */
-#endif /* AMD64   */
-#endif /* i586+   */
-
-int alarmed = 0;
-
-#if defined(WIN32)
-
-unsigned long get_timer( struct hr_time *val, int reset )
-{
-    unsigned long delta;
-    LARGE_INTEGER offset, hfreq;
-    struct _hr_time *t = (struct _hr_time *) val;
-
-    QueryPerformanceCounter(  &offset );
-    QueryPerformanceFrequency( &hfreq );
-
-    delta = (unsigned long)( ( 1000 *
-        ( offset.QuadPart - t->start.QuadPart ) ) /
-           hfreq.QuadPart );
-
-    if( reset )
-        QueryPerformanceCounter( &t->start );
-
-    return( delta );
-}
-
-DWORD WINAPI TimerProc( LPVOID uElapse )
-{
-    Sleep( (DWORD) uElapse );
-    alarmed = 1;
-    return( TRUE );
-}
-
-void set_alarm( int seconds )
-{
-    DWORD ThreadId;
-
-    alarmed = 0;
-    CloseHandle( CreateThread( NULL, 0, TimerProc,
-        (LPVOID) ( seconds * 1000 ), 0, &ThreadId ) );
-}
-
-void m_sleep( int milliseconds )
-{
-    Sleep( milliseconds );
-}
-
-#else
-
-unsigned long get_timer( struct hr_time *val, int reset )
-{
-    unsigned long delta;
-    struct timeval offset;
-    struct _hr_time *t = (struct _hr_time *) val;
-
-    gettimeofday( &offset, NULL );
-
-    delta = ( offset.tv_sec  - t->start.tv_sec  ) * 1000
-          + ( offset.tv_usec - t->start.tv_usec ) / 1000;
-
-    if( reset )
-    {
-        t->start.tv_sec  = offset.tv_sec;
-        t->start.tv_usec = offset.tv_usec;
-    }
-
-    return( delta );
-}
-
-static void sighandler( int signum )
-{
-    alarmed = 1;
-    signal( signum, sighandler );
-}
-
-void set_alarm( int seconds )
-{
-    alarmed = 0;
-    signal( SIGALRM, sighandler );
-    alarm( seconds );
-}
-
-void m_sleep( int milliseconds )
-{
-    struct timeval tv;
-
-    tv.tv_sec  = milliseconds / 1000;
-    tv.tv_usec = milliseconds * 1000;
-
-    select( 0, NULL, NULL, NULL, &tv );
-}
-
-#endif
-
-#endif
diff --git a/package/utils/px5g-standalone/src/library/x509write.c b/package/utils/px5g-standalone/src/library/x509write.c
deleted file mode 100644
index 2b0eb71563..0000000000
--- a/package/utils/px5g-standalone/src/library/x509write.c
+++ /dev/null
@@ -1,1162 +0,0 @@
-/*
- *  X.509 certificate and private key writing
- *
- *  Copyright (C) 2006-2007  Pascal Vizeli <pvizeli@yahoo.de>
- *  Modifications (C) 2009 Steven Barth <steven@midlink.org>
- *
- *  This library is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU Lesser General Public
- *  License, version 2.1 as published by the Free Software Foundation.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- *  Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public
- *  License along with this library; if not, write to the Free Software
- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- *  MA  02110-1301  USA
- */
-/*
- *  The ITU-T X.509 standard defines a certificat format for PKI.
- *
- *  http://www.ietf.org/rfc/rfc2459.txt
- *  http://www.ietf.org/rfc/rfc3279.txt
- *
- *  ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
- *
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
- *
- *  For CRS:
- *  http://www.faqs.org/rfcs/rfc2314.html
- */
-#include "polarssl/config.h"
-#include "polarssl/x509.h"
-#include "polarssl/base64.h"
-#include "polarssl/sha1.h"
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <time.h>
-
-#define and &&
-#define or ||
-
-#if defined _MSC_VER && !defined snprintf
-#define snprintf _snprintf
-#endif
-
-static int x509write_realloc_node(x509_node *node, size_t larger);
-static int x509write_file(x509_node *node, char *path, int format, const char* pem_prolog, const char* pem_epilog);
-
-/*
- * evaluate how mani octet have this integer
- */
-static int asn1_eval_octet(unsigned int digit)
-{
-    int i, byte;
-
-    for (byte = 4, i = 24; i >= 0; i -= 8, --byte)
-        if (((digit >> i) & 0xFF) != 0)
-            return byte;
-
-    return 0;
-}
-
-/*
- * write the asn.1 lenght form into p
- */
-static int asn1_add_len(unsigned int size, x509_node *node)
-{
-    if (size > 127) {
-
-        /* long size */
-        int byte = asn1_eval_octet(size);
-        int i = 0;
-
-        *(node->p) = (0x80 | byte) & 0xFF;
-        ++node->p;
-
-        for (i = byte; i > 0; --i) {
-
-            *(node->p) = (size >> ((i - 1) * 8)) & 0xFF;
-            ++node->p;
-        }
-
-    } else {
-
-        /* short size */
-        *(node->p) = size & 0xFF;
-        if (size != 0)
-            ++node->p;
-    }
-
-    return 0;
-}
-
-/*
- * write a ans.1 object into p
- */
-static int asn1_add_obj(unsigned char *value, unsigned int size, int tag,
-        x509_node *node)
-{
-    int tl = 2;
-
-    if (tag == ASN1_BIT_STRING)
-        ++tl;
-
-    if (size > 127)
-        x509write_realloc_node(node, (size_t) size + tl +
-                asn1_eval_octet(size));
-    else
-        x509write_realloc_node(node, (size_t) size + tl);
-
-    if (node->data == NULL)
-        return 1;
-
-    /* tag */
-    *(node->p) = tag & 0xFF;
-    ++node->p;
-
-    /* len */
-    if (tag == ASN1_BIT_STRING) {
-        asn1_add_len((unsigned int) size + 1, node);
-        *(node->p) = 0x00;
-        ++node->p;
-    } else {
-        asn1_add_len((unsigned int) size, node);
-    }
-
-    /* value */
-    if (size > 0) {
-
-        memcpy(node->p, value, (size_t) size);
-        if ((node->p += size -1) != node->end)
-            return POLARSSL_ERR_X509_POINT_ERROR;
-    } else {
-        /* make nothing -> NULL */
-    }
-
-    return 0;
-}
-
-/*
- * write a asn.1 conform integer object
- */
-static int asn1_add_int(signed int value, x509_node *node)
-{
-    signed int i = 0, neg = 1;
-    unsigned int byte, u_val = 0, tmp_val = 0;
-
-    /* if negate? */
-    if (value < 0) {
-        neg = -1;
-        u_val = ~value;
-    } else {
-        u_val = value;
-    }
-
-    byte = asn1_eval_octet(u_val);
-    /* 0 isn't NULL */
-    if (byte == 0)
-        byte = 1;
-
-    /* ASN.1 integer is signed! */
-    if (byte < 4 and ((u_val >> ((byte -1) * 8)) & 0xFF) == 0x80)
-        byte += 1;
-
-    if (x509write_realloc_node(node, (size_t) byte + 2) != 0)
-        return 1;
-
-    /* tag */
-    *(node->p) = ASN1_INTEGER;
-    ++node->p;
-
-    /* len */
-    asn1_add_len(byte, node);
-
-    /* value */
-    for (i = byte; i > 0; --i) {
-
-        tmp_val = (u_val >> ((i - 1) * 8)) & 0xFF;
-        if (neg == 1)
-            *(node->p) = tmp_val;
-        else
-            *(node->p) = ~tmp_val;
-
-        if (i > 1)
-          ++node->p;
-    }
-
-    if (node->p != node->end)
-        return POLARSSL_ERR_X509_POINT_ERROR;
-
-    return 0;
-}
-
-/*
- * write a asn.1 conform mpi object
- */
-static int asn1_add_mpi(mpi *value, int tag, x509_node *node)
-{
-    size_t size = (mpi_msb(value) / 8) + 1;
-    unsigned char *buf;
-    int buf_len = (int) size, tl = 2;
-
-    if (tag == ASN1_BIT_STRING)
-        ++tl;
-
-    if (size > 127)
-        x509write_realloc_node(node, size + (size_t) tl +
-            asn1_eval_octet((unsigned int)size));
-    else
-        x509write_realloc_node(node, size + (size_t) tl);
-
-    if (node->data == NULL)
-        return 1;
-
-    buf = (unsigned char*) malloc(size);
-    if (mpi_write_binary(value, buf, buf_len) != 0)
-        return POLARSSL_ERR_MPI_BUFFER_TOO_SMALL;
-
-    /* tag */
-    *(node->p) = tag & 0xFF;
-    ++node->p;
-
-    /* len */
-    if (tag == ASN1_BIT_STRING) {
-        asn1_add_len((unsigned int) size + 1, node);
-        *(node->p) = 0x00;
-        ++node->p;
-    } else {
-        asn1_add_len((unsigned int) size, node);
-    }
-
-    /* value */
-    memcpy(node->p, buf, size);
-    free(buf);
-
-    if ((node->p += (int) size -1) != node->end)
-        return POLARSSL_ERR_X509_POINT_ERROR;
-
-    return 0;
-}
-
-/*
- * write a node into asn.1 conform object
- */
-static int asn1_append_tag(x509_node *node, int tag)
-{
-    int tl = 2;
-
-    x509_node tmp;
-    x509write_init_node(&tmp);
-
-    if (tag == ASN1_BIT_STRING)
-        ++tl;
-
-    if (node->len > 127)
-        x509write_realloc_node(&tmp, node->len + (size_t) tl +
-            asn1_eval_octet((unsigned int)node->len));
-    else
-        x509write_realloc_node(&tmp, node->len + (size_t) tl);
-
-    if (tmp.data == NULL) {
-        x509write_free_node(&tmp);
-        return 1;
-    }
-
-    /* tag */
-    *(tmp.p) = tag & 0xFF;
-    ++tmp.p;
-
-    /* len */
-    if (tag == ASN1_BIT_STRING) {
-        asn1_add_len((unsigned int) node->len + 1, &tmp);
-        *(tmp.p) = 0x00;
-        ++tmp.p;
-    } else {
-        asn1_add_len((unsigned int) node->len, &tmp);
-    }
-
-    /* value */
-    memcpy(tmp.p, node->data, node->len);
-
-    /* good? */
-    if ((tmp.p += (int) node->len -1) != tmp.end) {
-        x509write_free_node(&tmp);
-        return POLARSSL_ERR_X509_POINT_ERROR;
-    }
-
-    free(node->data);
-    node->data = tmp.data;
-    node->p = tmp.p;
-    node->end = tmp.end;
-    node->len = tmp.len;
-
-    return 0;
-}
-
-/*
- * write nodes into a asn.1 object
- */
-static int asn1_append_nodes(x509_node *node, int tag, int anz, ...)
-{
-    va_list ap;
-    size_t size = 0;
-    x509_node *tmp;
-    int count;
-
-    va_start(ap, anz);
-    count = anz;
-
-    while (count--) {
-
-        tmp = va_arg(ap, x509_node*);
-        if (tmp->data != NULL)
-            size += tmp->len;
-    }
-
-    if ( size > 127) {
-        if (x509write_realloc_node(node, size + (size_t) 2 +
-                    asn1_eval_octet(size)) != 0)
-            return 1;
-    } else {
-        if (x509write_realloc_node(node, size + (size_t) 2) != 0)
-            return 1;
-    }
-
-    /* tag */
-    *(node->p) = tag & 0xFF;
-    ++node->p;
-
-    /* len */
-    asn1_add_len(size, node);
-
-    /* value */
-    va_start(ap, anz);
-    count = anz;
-
-    while (count--) {
-
-        tmp = va_arg(ap, x509_node*);
-        if (tmp->data != NULL) {
-
-            memcpy(node->p, tmp->data, tmp->len);
-            if ((node->p += (int) tmp->len -1) != node->end)
-                ++node->p;
-        }
-    }
-
-    va_end(ap);
-    return 0;
-}
-
-/*
- * write a ASN.1 conform object identifiere include a "tag"
- */
-static int asn1_add_oid(x509_node *node, unsigned char *oid, size_t len,
-        int tag, int tag_val, unsigned char *value, size_t val_len)
-{
-    int ret;
-    x509_node tmp;
-
-    x509write_init_node(&tmp);
-
-    /* OBJECT IDENTIFIER */
-    if ((ret = asn1_add_obj(oid, len, ASN1_OID, &tmp)) != 0) {
-        x509write_free_node(&tmp);
-        return ret;
-    }
-
-    /* value */
-    if ((ret = asn1_add_obj(value, val_len, tag_val, &tmp)) != 0) {
-        x509write_free_node(&tmp);
-        return ret;
-    }
-
-    /* SET/SEQUENCE */
-    if ((ret = asn1_append_nodes(node, tag, 1, &tmp)) != 0) {
-        x509write_free_node(&tmp);
-        return ret;
-    }
-
-    x509write_free_node(&tmp);
-    return 0;
-}
-
-/*
- *  utcTime        UTCTime
- */
-static int asn1_add_date_utc(unsigned char *time, x509_node *node)
-{
-    unsigned char date[13], *sp;
-    x509_time xtime;
-    int ret;
-
-    sscanf((char*)time, "%d-%d-%d %d:%d:%d", &xtime.year, &xtime.mon,
-    	&xtime.day, &xtime.hour, &xtime.min, &xtime.sec);
-
-    /* convert to YY */
-    if (xtime.year > 2000)
-        xtime.year -= 2000;
-    else
-        xtime.year -= 1900;
-
-    snprintf((char*)date, 13, "%2d%2d%2d%2d%2d%2d", xtime.year, xtime.mon, xtime.day,
-        xtime.hour, xtime.min, xtime.sec);
-
-    /* replace ' ' to '0' */
-    for (sp = date; *sp != '\0'; ++sp)
-        if (*sp == '\x20')
-            *sp = '\x30';
-
-    date[12] = 'Z';
-
-    if ((ret = asn1_add_obj(date, 13, ASN1_UTC_TIME, node)) != 0)
-        return ret;
-
-    return 0;
-}
-
-/*
- * serialize an rsa key into DER
- */
-
-int x509write_serialize_key(rsa_context *rsa, x509_node *node)
-{
-    int ret = 0;
-    x509write_init_node(node);
-
-    /* vers, n, e, d, p, q, dp, dq, pq */
-    if ((ret = asn1_add_int(rsa->ver, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->N, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->E, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->D, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->P, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->Q, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->DP, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->DQ, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_add_mpi(&rsa->QP, ASN1_INTEGER, node)) != 0)
-        return ret;
-    if ((ret = asn1_append_tag(node, ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
-        return ret;
-
-    return 0;
-}
-
-/*
- * write a der/pem encoded rsa private key into a file
- */
-int x509write_keyfile(rsa_context *rsa, char *path, int out_flag)
-{
-    int ret = 0;
-    const char	key_beg[] = "-----BEGIN RSA PRIVATE KEY-----\n",
-                key_end[] = "-----END RSA PRIVATE KEY-----\n";
-    x509_node node;
-
-    x509write_init_node(&node);
-    if ((ret = x509write_serialize_key(rsa,&node)) != 0) {
-        x509write_free_node(&node);
-	      return ret;
-    }
-
-    ret = x509write_file(&node,path,out_flag,key_beg,key_end);
-    x509write_free_node(&node);
-
-    return ret;
-}
-
-
-/*
- * reasize the memory for node
- */
-static int x509write_realloc_node(x509_node *node, size_t larger)
-{
-    /* init len */
-    if (node->data == NULL) {
-        node->len = 0;
-        node->data = malloc(larger);
-        if(node->data == NULL)
-            return 1;
-    } else {
-        /* realloc memory */
-        if ((node->data = realloc(node->data, node->len + larger)) == NULL)
-            return 1;
-    }
-
-    /* init pointer */
-    node->p = &node->data[node->len];
-    node->len += larger;
-    node->end = &node->data[node->len -1];
-
-    return 0;
-}
-
-/*
- * init node
- */
-void x509write_init_node(x509_node *node)
-{
-    memset(node, 0, sizeof(x509_node));
-}
-
-/*
- * clean memory
- */
-void x509write_free_node(x509_node *node)
-{
-    if (node->data != NULL)
-        free(node->data);
-    node->p = NULL;
-    node->end = NULL;
-    node->len = 0;
-}
-
-/*
- * write a x509 certificate into file
- */
-int x509write_crtfile(x509_raw *chain, unsigned char *path, int out_flag)
-{
-    const char	cer_beg[] = "-----BEGIN CERTIFICATE-----\n",
-		cer_end[] = "-----END CERTIFICATE-----\n";
-
-    return x509write_file(&chain->raw, (char*)path, out_flag, cer_beg, cer_end);
-}
-
-/*
- * write a x509 certificate into file
- */
-int x509write_csrfile(x509_raw *chain, unsigned char *path, int out_flag)
-{
-    const char	cer_beg[] = "-----BEGIN CERTIFICATE REQUEST-----\n",
-		cer_end[] = "-----END CERTIFICATE REQUEST-----\n";
-
-    return x509write_file(&chain->raw, (char*)path, out_flag, cer_beg, cer_end);
-}
-
-/*
- * write an x509 file
- */
-static int x509write_file(x509_node *node, char *path, int format,
-        const char* pem_prolog, const char* pem_epilog)
-{
-    FILE *ofstream = stdout;
-    int is_err = 1, buf_len, i, n;
-    unsigned char* base_buf;
-
-    if (path) {
-    	if ((ofstream = fopen(path, "wb")) == NULL)
-    		return 1;
-    }
-
-    switch (format) {
-        case X509_OUTPUT_DER:
-            if (fwrite(node->data, 1, node->len, ofstream)
-                != node->len)
-                is_err = -1;
-            break;
-
-        case X509_OUTPUT_PEM:
-            if (fprintf(ofstream, "%s", pem_prolog)<0) {
-                is_err = -1;
-                break;
-            }
-
-            buf_len = node->len << 1;
-            base_buf = (unsigned char*) malloc((size_t)buf_len);
-            memset(base_buf,0,buf_len);
-            if (base64_encode(base_buf, &buf_len, node->data,
-                        (int) node->len) != 0) {
-                is_err = -1;
-                break;
-            }
-
-            n=strlen((char*)base_buf);
-            for(i=0;i<n;i+=64) {
-                fprintf(ofstream,"%.64s\n",&base_buf[i]);
-            }
-
-            if (fprintf(ofstream, "%s", pem_epilog)<0) {
-                is_err = -1;
-                break;
-            }
-
-            free(base_buf);
-    }
-
-    fclose(ofstream);
-
-    if (is_err == -1)
-        return 1;
-
-    return 0;
-}
-
-
-/*
- * add the owner public key to x509 certificate
- */
-int x509write_add_pubkey(x509_raw *chain, rsa_context *pubkey)
-{
-    x509_node n_tmp, n_tmp2, *node;
-    int ret;
-
-    node = &chain->subpubkey;
-
-    x509write_init_node(&n_tmp);
-    x509write_init_node(&n_tmp2);
-
-    /*
-    *  RSAPublicKey ::= SEQUENCE {
-    *      modulus           INTEGER,  -- n
-    *      publicExponent    INTEGER   -- e
-    *  }
-    */
-    if ((ret = asn1_add_mpi(&pubkey->N, ASN1_INTEGER, &n_tmp)) != 0) {
-        x509write_free_node(&n_tmp);
-        x509write_free_node(&n_tmp2);
-        return ret;
-    }
-    if ((ret = asn1_add_mpi(&pubkey->E, ASN1_INTEGER, &n_tmp)) != 0) {
-        x509write_free_node(&n_tmp);
-        x509write_free_node(&n_tmp2);
-        return ret;
-    }
-    if ((ret = asn1_append_tag(&n_tmp, ASN1_CONSTRUCTED | ASN1_SEQUENCE))
-            != 0) {
-        x509write_free_node(&n_tmp);
-        x509write_free_node(&n_tmp2);
-        return ret;
-    }
-
-    /*
-     *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
-     *       algorithm            AlgorithmIdentifier,
-     *       subjectPublicKey     BIT STRING }
-     */
-    if ((ret = asn1_append_tag(&n_tmp, ASN1_BIT_STRING)) != 0) {
-        x509write_free_node(&n_tmp);
-        x509write_free_node(&n_tmp2);
-       return ret;
-    }
-    if ((ret = asn1_add_oid(&n_tmp2, (unsigned char*)OID_PKCS1_RSA, 9,
-                  ASN1_CONSTRUCTED | ASN1_SEQUENCE, ASN1_NULL,
-                  (unsigned char *)"", 0)) != 0) {
-        x509write_free_node(&n_tmp);
-        x509write_free_node(&n_tmp2);
-        return ret;
-    }
-
-    if ((ret = asn1_append_nodes(node, ASN1_CONSTRUCTED | ASN1_SEQUENCE, 2,
-                   &n_tmp2, &n_tmp))) {
-        x509write_free_node(&n_tmp);
-        x509write_free_node(&n_tmp2);
-        return ret;
-    }
-
-    x509write_free_node(&n_tmp);
-    x509write_free_node(&n_tmp2);
-    return 0;
-}
-
-/*
- *  RelativeDistinguishedName ::=
- *    SET OF AttributeTypeAndValue
- *
- *  AttributeTypeAndValue ::= SEQUENCE {
- *    type     AttributeType,
- *    value    AttributeValue }
- */
-static int x509write_add_name(x509_node *node, unsigned char *oid,
-        unsigned int oid_len, unsigned char *value, int len, int value_tag)
-{
-    int ret;
-    x509_node n_tmp;
-
-    x509write_init_node(&n_tmp);
-
-    if ((ret = asn1_add_oid(&n_tmp, oid, oid_len,
-                ASN1_CONSTRUCTED | ASN1_SEQUENCE, value_tag,
-                value, len))) {
-        x509write_free_node(&n_tmp);
-        return ret;
-    }
-
-    if ((asn1_append_nodes(node, ASN1_CONSTRUCTED | ASN1_SET, 1, &n_tmp))
-            != 0) {
-        x509write_free_node(&n_tmp);
-        return ret;
-    }
-
-    x509write_free_node(&n_tmp);
-    return 0;
-}
-
-/*
- * Parse the name string and add to node
- */
-static int x509write_parse_names(x509_node *node, unsigned char *names)
-{
-    unsigned char *sp, *begin = NULL;
-    unsigned char oid[3] = OID_X520, tag[4], *tag_sp = tag;
-    unsigned char *C = NULL, *CN = NULL, *O = NULL, *OU = NULL,
-                  *ST = NULL, *L = NULL, *R = NULL;
-    int C_len = 0, CN_len = 0, O_len = 0, OU_len = 0, ST_len = 0,
-		L_len = 0, R_len = 0;
-    int ret = 0, is_tag = 1, is_begin = -1, len = 0;
-
-
-    for (sp = names; ; ++sp) {
-
-        /* filter tag */
-        if (is_tag == 1) {
-
-            if (tag_sp == &tag[3])
-                return POLARSSL_ERR_X509_VALUE_TO_LENGTH;
-
-            /* is tag end? */
-            if (*sp == '=') {
-                is_tag = -1;
-                *tag_sp = '\0';
-                is_begin = 1;
-                /* set len 0 (reset) */
-                len = 0;
-            } else {
-                /* tag hasn't ' '! */
-                if (*sp != ' ') {
-                    *tag_sp = *sp;
-                    ++tag_sp;
-                }
-            }
-        /* filter value */
-        } else {
-
-            /* set pointer of value begin */
-            if (is_begin == 1) {
-                begin = sp;
-                is_begin = -1;
-            }
-
-            /* is value at end? */
-            if (*sp == ';' or *sp == '\0') {
-                is_tag = 1;
-
-                /* common name */
-                if (tag[0] == 'C' and tag[1] == 'N') {
-                    CN = begin;
-                    CN_len = len;
-
-                /* organization */
-                } else if (tag[0] == 'O' and tag[1] == '\0') {
-                    O = begin;
-                    O_len = len;
-
-                /* country */
-                } else if (tag[0] == 'C' and tag[1] == '\0') {
-                    C = begin;
-                    C_len = len;
-
-                /* organisation unit */
-                } else if (tag[0] == 'O' and tag[1] == 'U') {
-                    OU = begin;
-                    OU_len = len;
-
-                /* state */
-                } else if (tag[0] == 'S' and tag[1] == 'T') {
-                    ST = begin;
-                    ST_len = len;
-
-                /* locality */
-                } else if (tag[0] == 'L' and tag[1] == '\0') {
-                    L = begin;
-                    L_len = len;
-
-                /* email */
-                } else if (tag[0] == 'R' and tag[1] == '\0') {
-                    R = begin;
-                    R_len = len;
-                }
-
-                /* set tag poiner to begin */
-                tag_sp = tag;
-
-                /* is at end? */
-                if (*sp == '\0' or *(sp +1) == '\0')
-                    break;
-            } else {
-                ++len;
-            }
-        }
-
-        /* make saver */
-        if (*sp == '\0')
-          break;
-    } /* end for */
-
-    /* country */
-    if (C != NULL) {
-        oid[2] = X520_COUNTRY;
-        if ((ret = x509write_add_name(node, oid, 3, C, C_len,
-                        ASN1_PRINTABLE_STRING)) != 0)
-            return ret;
-    }
-
-    /* state */
-    if (ST != NULL) {
-        oid[2] = X520_STATE;
-        if ((ret = x509write_add_name(node, oid, 3, ST, ST_len,
-                        ASN1_PRINTABLE_STRING)) != 0)
-            return ret;
-    }
-
-    /* locality */
-    if (L != NULL) {
-        oid[2] = X520_LOCALITY;
-        if ((ret = x509write_add_name(node, oid, 3, L, L_len,
-                        ASN1_PRINTABLE_STRING)) != 0)
-            return ret;
-    }
-
-    /* organization */
-    if (O != NULL) {
-        oid[2] = X520_ORGANIZATION;
-        if ((ret = x509write_add_name(node, oid, 3, O, O_len,
-                        ASN1_PRINTABLE_STRING)) != 0)
-            return ret;
-    }
-
-    /* organisation unit */
-    if (OU != NULL) {
-        oid[2] = X520_ORG_UNIT;
-        if ((ret = x509write_add_name(node, oid, 3, OU, OU_len,
-                        ASN1_PRINTABLE_STRING)) != 0)
-            return ret;
-    }
-
-    /* common name */
-    if (CN != NULL) {
-        oid[2] = X520_COMMON_NAME;
-        if ((ret = x509write_add_name(node, oid, 3, CN, CN_len,
-                        ASN1_PRINTABLE_STRING)) != 0)
-            return ret;
-    }
-
-    /* email */
-    if (R != NULL) {
-        if ((ret = x509write_add_name(node, (unsigned char*)OID_PKCS9_EMAIL,
-        		9, R, R_len, ASN1_IA5_STRING)) != 0)
-            return ret;
-    }
-
-    if ((asn1_append_tag(node, ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
-        return ret;
-
-    return 0;
-}
-
-/*
- * Copy raw data from orginal ca to node
- */
-static int x509write_copy_from_raw(x509_node *node, x509_buf *raw)
-{
-    if (x509write_realloc_node(node, raw->len) != 0)
-        return 1;
-
-    memcpy(node->p, raw->p, (size_t)raw->len);
-    if ((node->p += raw->len -1) != node->end)
-        return POLARSSL_ERR_X509_POINT_ERROR;
-
-    return 0;
-}
-
-/*
- * Add the issuer
- */
-
-int x509write_add_issuer(x509_raw *crt, unsigned char *issuer)
-{
-    return x509write_parse_names(&crt->issuer, issuer);
-}
-
-/*
- * Add the subject
- */
-int x509write_add_subject(x509_raw *crt, unsigned char *subject)
-{
-    return x509write_parse_names(&crt->subject, subject);
-}
-
-/*
- * Copy issuer line from another cert to issuer
- */
-int x509write_copy_issuer(x509_raw *crt, x509_cert *from_crt)
-{
-    return x509write_copy_from_raw(&crt->issuer, &from_crt->issuer_raw);
-}
-
-/*
- * Copy subject line from another cert
- */
-int x509write_copy_subject(x509_raw *crt, x509_cert *from_crt)
-{
-    return x509write_copy_from_raw(&crt->subject, &from_crt->subject_raw);
-}
-
-/*
- * Copy subject line form antoher cert into issuer
- */
-int x509write_copy_issuer_form_subject(x509_raw *crt,
-        x509_cert *from_crt)
-{
-    return x509write_copy_from_raw(&crt->issuer, &from_crt->subject_raw);
-}
-
-/*
- * Copy issuer line from another cert into subject
- */
-int x509write_copy_subject_from_issuer(x509_raw *crt,
-        x509_cert * from_crt)
-{
-    return x509write_copy_from_raw(&crt->subject, &from_crt->issuer_raw);
-}
-
-/*
- *  Validity ::= SEQUENCE {
- *       notBefore      Time,
- *       notAfter       Time }
- *
- *  Time ::= CHOICE {
- *       utcTime        UTCTime,
- *       generalTime    GeneralizedTime }
- */
-/* TODO: No handle GeneralizedTime! */
-int x509write_add_validity(x509_raw *chain, unsigned char *befor,
-        unsigned char *after)
-{
-    int ret;
-
-    x509_node *node = &chain->validity;
-
-    /* notBefore */
-    if ((ret = asn1_add_date_utc(befor, node)) != 0)
-        return ret;
-
-    /* notAfter */
-    if ((ret = asn1_add_date_utc(after, node)) != 0)
-        return ret;
-
-    if ((ret = asn1_append_tag(node, ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
-        return ret;
-
-    return 0;
-}
-
-/*
- * make hash from tbs and sign that with private key
- */
-static int x509write_make_sign(x509_raw *chain, rsa_context *privkey)
-{
-    int ret;
-    unsigned char hash[20], *sign;
-    size_t sign_len = (size_t) mpi_size(&privkey->N);
-
-    /* make hash */
-    sha1(chain->tbs.data, chain->tbs.len, hash);
-
-    /* create sign */
-    sign = (unsigned char *) malloc(sign_len);
-    if (sign == NULL)
-        return 1;
-
-    if ((ret = rsa_pkcs1_sign(privkey, RSA_PRIVATE, RSA_SHA1, 20, hash,
-                    sign)) != 0)
-        return ret;
-
-    if ((ret = asn1_add_obj(sign, sign_len, ASN1_BIT_STRING,
-                    &chain->sign)) != 0)
-        return ret;
-
-    /*
-     *  AlgorithmIdentifier  ::=  SEQUENCE  {
-     *       algorithm               OBJECT IDENTIFIER,
-     *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
-     */
-    return asn1_add_oid(&chain->signalg, (unsigned char*)OID_PKCS1_RSA_SHA, 9,
-                  ASN1_CONSTRUCTED | ASN1_SEQUENCE, ASN1_NULL,
-                  (unsigned char*)"", 0);
-}
-
-/*
- * Create a random serial
- */
-static int get_random_serial(void)
-{
-    int random = 0;
-    FILE *fd;
-
-    fd = fopen("/dev/urandom", "r");
-
-    if (fd) {
-	if (fread(&random, 1, sizeof(random), fd) != sizeof(random))
-            random = 0;
-
-        fclose(fd);
-    }
-
-    return random;
-}
-
-/*
- * Create a self signed certificate
- */
-int x509write_create_sign(x509_raw *chain, rsa_context *privkey)
-{
-    int ret, serial;
-
-    /*
-     *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
-     */
-    if ((ret = asn1_add_int(2, &chain->version)) != 0)
-        return ret;
-
-    if ((ret = asn1_append_tag(&chain->version, ASN1_CONTEXT_SPECIFIC |
-                    ASN1_CONSTRUCTED)) != 0)
-        return ret;
-
-
-    /*
-     *  CertificateSerialNumber  ::=  INTEGER
-     */
-    serial = get_random_serial();
-
-    if (serial == 0)
-        return 1;
-
-    if ((ret = asn1_add_int(serial, &chain->serial)) != 0)
-        return ret;
-
-    /*
-     *  AlgorithmIdentifier  ::=  SEQUENCE  {
-     *       algorithm               OBJECT IDENTIFIER,
-     *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
-     */
-    if ((ret = asn1_add_oid(&chain->tbs_signalg,
-				(unsigned char*)OID_PKCS1_RSA_SHA, 9, ASN1_CONSTRUCTED |
-				ASN1_SEQUENCE, ASN1_NULL, (unsigned char*)"", 0)) != 0)
-        return ret;
-
-   /*
-    *  Create the tbs
-    */
-    if ((ret = asn1_append_nodes(&chain->tbs, ASN1_CONSTRUCTED |
-                    ASN1_SEQUENCE, 7, &chain->version, &chain->serial,
-                    &chain->tbs_signalg, &chain->issuer, &chain->validity,
-                    &chain->subject, &chain->subpubkey)) != 0)
-        return ret;
-
-    /* make signing */
-    if ((ret = x509write_make_sign(chain, privkey)) != 0)
-        return ret;
-
-    /* finishing */
-    if ((ret = asn1_append_nodes(&chain->raw, ASN1_CONSTRUCTED |
-                    ASN1_SEQUENCE, 3, &chain->tbs, &chain->signalg,
-                    &chain->sign)) != 0)
-        return ret;
-
-    return 0;
-}
-
-int x509write_create_selfsign(x509_raw *chain, rsa_context *privkey)
-{
-    /*
-     * On self signed certificate are subject and issuer the same
-     */
-    x509write_free_node(&chain->issuer);
-    chain->issuer = chain->subject;
-    return x509write_create_sign(chain, privkey);
-}
-
-/*
- * CertificationRequestInfo ::= SEQUENCE                    {
- *    version                       Version,
- *    subject                       Name,
- *    subjectPublicKeyInfo          SubjectPublicKeyInfo,
- *    attributes                    [0] IMPLICIT Attributes }
- *
- * CertificationRequest ::=   SEQUENCE                      {
- *    certificationRequestInfo  CertificationRequestInfo,
- *    signatureAlgorithm        SignatureAlgorithmIdentifier,
- *    signature                 Signature                   }
- *
- * It use chain.serail for attributes!
- *
- */
-int x509write_create_csr(x509_raw *chain, rsa_context *privkey)
-{
-    int ret;
-
-    /* version ::= INTEGER */
-    if ((ret = asn1_add_int(0, &chain->version)) != 0)
-        return ret;
-
-    /* write attributes */
-    if ((ret = asn1_add_obj((unsigned char*)"", 0, ASN1_CONTEXT_SPECIFIC |
-                    ASN1_CONSTRUCTED, &chain->serial)) != 0)
-        return ret;
-
-    /* create CertificationRequestInfo */
-    if ((ret = asn1_append_nodes(&chain->tbs, ASN1_CONSTRUCTED |
-                    ASN1_SEQUENCE, 4, &chain->version, &chain->subject,
-                    &chain->subpubkey, &chain->serial)) != 0)
-        return ret;
-
-    /* make signing */
-    if ((ret = x509write_make_sign(chain, privkey)) != 0)
-        return ret;
-
-    /* finish */
-    if ((ret = asn1_append_nodes(&chain->raw, ASN1_CONSTRUCTED | ASN1_SEQUENCE,
-                    3, &chain->tbs, &chain->signalg, &chain->sign)) != 0)
-        return ret;
-
-    return ret;
-}
-
-/*
- * Free memory
- */
-void x509write_free_raw(x509_raw *chain)
-{
-    x509write_free_node(&chain->raw);
-    x509write_free_node(&chain->tbs);
-    x509write_free_node(&chain->version);
-    x509write_free_node(&chain->serial);
-    x509write_free_node(&chain->tbs_signalg);
-    x509write_free_node(&chain->issuer);
-    x509write_free_node(&chain->validity);
-    if (chain->subject.data != chain->issuer.data)
-        x509write_free_node(&chain->subject);
-    x509write_free_node(&chain->subpubkey);
-    x509write_free_node(&chain->signalg);
-    x509write_free_node(&chain->sign);
-}
-
-void x509write_init_raw(x509_raw *chain)
-{
-    memset((void *) chain, 0, sizeof(x509_raw));
-}
-
diff --git a/package/utils/px5g-standalone/src/polarssl/base64.h b/package/utils/px5g-standalone/src/polarssl/base64.h
deleted file mode 100644
index c48267b1b5..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/base64.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/**
- * \file base64.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef POLARSSL_BASE64_H
-#define POLARSSL_BASE64_H
-
-#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL               -0x0010
-#define POLARSSL_ERR_BASE64_INVALID_CHARACTER              -0x0012
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Encode a buffer into base64 format
- *
- * \param dst      destination buffer
- * \param dlen     size of the buffer
- * \param src      source buffer
- * \param slen     amount of data to be encoded
- *
- * \return         0 if successful, or POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL.
- *                 *dlen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *
- * \note           Call this function with *dlen = 0 to obtain the
- *                 required buffer size in *dlen
- */
-int base64_encode( unsigned char *dst, int *dlen,
-                   unsigned char *src, int  slen );
-
-/**
- * \brief          Decode a base64-formatted buffer
- *
- * \param dst      destination buffer
- * \param dlen     size of the buffer
- * \param src      source buffer
- * \param slen     amount of data to be decoded
- *
- * \return         0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, or
- *                 POLARSSL_ERR_BASE64_INVALID_DATA if the input data is not
- *                 correct. *dlen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *
- * \note           Call this function with *dlen = 0 to obtain the
- *                 required buffer size in *dlen
- */
-int base64_decode( unsigned char *dst, int *dlen,
-                   unsigned char *src, int  slen );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int base64_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* base64.h */
diff --git a/package/utils/px5g-standalone/src/polarssl/bignum.h b/package/utils/px5g-standalone/src/polarssl/bignum.h
deleted file mode 100644
index c667303329..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/bignum.h
+++ /dev/null
@@ -1,437 +0,0 @@
-/**
- * \file bignum.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef POLARSSL_BIGNUM_H
-#define POLARSSL_BIGNUM_H
-
-#include <stdio.h>
-
-#define POLARSSL_ERR_MPI_FILE_IO_ERROR                     -0x0002
-#define POLARSSL_ERR_MPI_BAD_INPUT_DATA                    -0x0004
-#define POLARSSL_ERR_MPI_INVALID_CHARACTER                 -0x0006
-#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008
-#define POLARSSL_ERR_MPI_NEGATIVE_VALUE                    -0x000A
-#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO                  -0x000C
-#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE                    -0x000E
-
-#define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup
-
-/*
- * Define the base integer type, architecture-wise
- */
-#if defined(POLARSSL_HAVE_INT8)
-typedef unsigned char  t_int;
-typedef unsigned short t_dbl;
-#else
-#if defined(POLARSSL_HAVE_INT16)
-typedef unsigned short t_int;
-typedef unsigned long  t_dbl;
-#else
-  typedef unsigned long t_int;
-  #if defined(_MSC_VER) && defined(_M_IX86)
-  typedef unsigned __int64 t_dbl;
-  #else
-    #if defined(__amd64__) || defined(__x86_64__)    || \
-        defined(__ppc64__) || defined(__powerpc64__) || \
-        defined(__ia64__)  || defined(__alpha__)
-    typedef unsigned int t_dbl __attribute__((mode(TI)));
-    #else
-    typedef unsigned long long t_dbl;
-    #endif
-  #endif
-#endif
-#endif
-
-/**
- * \brief          MPI structure
- */
-typedef struct
-{
-    int s;              /*!<  integer sign      */
-    int n;              /*!<  total # of limbs  */
-    t_int *p;           /*!<  pointer to limbs  */
-}
-mpi;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Initialize one or more mpi
- */
-void mpi_init( mpi *X, ... );
-
-/**
- * \brief          Unallocate one or more mpi
- */
-void mpi_free( mpi *X, ... );
-
-/**
- * \brief          Enlarge to the specified number of limbs
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_grow( mpi *X, int nblimbs );
-
-/**
- * \brief          Copy the contents of Y into X
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_copy( mpi *X, mpi *Y );
-
-/**
- * \brief          Swap the contents of X and Y
- */
-void mpi_swap( mpi *X, mpi *Y );
-
-/**
- * \brief          Set value from integer
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_lset( mpi *X, int z );
-
-/**
- * \brief          Return the number of least significant bits
- */
-int mpi_lsb( mpi *X );
-
-/**
- * \brief          Return the number of most significant bits
- */
-int mpi_msb( mpi *X );
-
-/**
- * \brief          Return the total size in bytes
- */
-int mpi_size( mpi *X );
-
-/**
- * \brief          Import from an ASCII string
- *
- * \param X        destination mpi
- * \param radix    input numeric base
- * \param s        null-terminated string buffer
- *
- * \return         0 if successful, or an POLARSSL_ERR_MPI_XXX error code
- */
-int mpi_read_string( mpi *X, int radix, char *s );
-
-/**
- * \brief          Export into an ASCII string
- *
- * \param X        source mpi
- * \param radix    output numeric base
- * \param s        string buffer
- * \param slen     string buffer size
- *
- * \return         0 if successful, or an POLARSSL_ERR_MPI_XXX error code
- *
- * \note           Call this function with *slen = 0 to obtain the
- *                 minimum required buffer size in *slen.
- */
-int mpi_write_string( mpi *X, int radix, char *s, int *slen );
-
-/**
- * \brief          Read X from an opened file
- *
- * \param X        destination mpi
- * \param radix    input numeric base
- * \param fin      input file handle
- *
- * \return         0 if successful, or an POLARSSL_ERR_MPI_XXX error code
- */
-int mpi_read_file( mpi *X, int radix, FILE *fin );
-
-/**
- * \brief          Write X into an opened file, or stdout
- *
- * \param p        prefix, can be NULL
- * \param X        source mpi
- * \param radix    output numeric base
- * \param fout     output file handle
- *
- * \return         0 if successful, or an POLARSSL_ERR_MPI_XXX error code
- *
- * \note           Set fout == NULL to print X on the console.
- */
-int mpi_write_file( char *p, mpi *X, int radix, FILE *fout );
-
-/**
- * \brief          Import X from unsigned binary data, big endian
- *
- * \param X        destination mpi
- * \param buf      input buffer
- * \param buflen   input buffer size
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_read_binary( mpi *X, unsigned char *buf, int buflen );
-
-/**
- * \brief          Export X into unsigned binary data, big endian
- *
- * \param X        source mpi
- * \param buf      output buffer
- * \param buflen   output buffer size
- *
- * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
- *
- * \note           Call this function with *buflen = 0 to obtain the
- *                 minimum required buffer size in *buflen.
- */
-int mpi_write_binary( mpi *X, unsigned char *buf, int buflen );
-
-/**
- * \brief          Left-shift: X <<= count
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_shift_l( mpi *X, int count );
-
-/**
- * \brief          Right-shift: X >>= count
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_shift_r( mpi *X, int count );
-
-/**
- * \brief          Compare unsigned values
- *
- * \return         1 if |X| is greater than |Y|,
- *                -1 if |X| is lesser  than |Y| or
- *                 0 if |X| is equal to |Y|
- */
-int mpi_cmp_abs( mpi *X, mpi *Y );
-
-/**
- * \brief          Compare signed values
- *
- * \return         1 if X is greater than Y,
- *                -1 if X is lesser  than Y or
- *                 0 if X is equal to Y
- */
-int mpi_cmp_mpi( mpi *X, mpi *Y );
-
-/**
- * \brief          Compare signed values
- *
- * \return         1 if X is greater than z,
- *                -1 if X is lesser  than z or
- *                 0 if X is equal to z
- */
-int mpi_cmp_int( mpi *X, int z );
-
-/**
- * \brief          Unsigned addition: X = |A| + |B|
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_add_abs( mpi *X, mpi *A, mpi *B );
-
-/**
- * \brief          Unsigned substraction: X = |A| - |B|
- *
- * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A
- */
-int mpi_sub_abs( mpi *X, mpi *A, mpi *B );
-
-/**
- * \brief          Signed addition: X = A + B
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_add_mpi( mpi *X, mpi *A, mpi *B );
-
-/**
- * \brief          Signed substraction: X = A - B
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_sub_mpi( mpi *X, mpi *A, mpi *B );
-
-/**
- * \brief          Signed addition: X = A + b
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_add_int( mpi *X, mpi *A, int b );
-
-/**
- * \brief          Signed substraction: X = A - b
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_sub_int( mpi *X, mpi *A, int b );
-
-/**
- * \brief          Baseline multiplication: X = A * B
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_mul_mpi( mpi *X, mpi *A, mpi *B );
-
-/**
- * \brief          Baseline multiplication: X = A * b
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_mul_int( mpi *X, mpi *A, t_int b );
-
-/**
- * \brief          Division by mpi: A = Q * B + R
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
- *
- * \note           Either Q or R can be NULL.
- */
-int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B );
-
-/**
- * \brief          Division by int: A = Q * b + R
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
- *
- * \note           Either Q or R can be NULL.
- */
-int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b );
-
-/**
- * \brief          Modulo: R = A mod B
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
- */
-int mpi_mod_mpi( mpi *R, mpi *A, mpi *B );
-
-/**
- * \brief          Modulo: r = A mod b
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
- */
-int mpi_mod_int( t_int *r, mpi *A, int b );
-
-/**
- * \brief          Sliding-window exponentiation: X = A^E mod N
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
- *
- * \note           _RR is used to avoid re-computing R*R mod N across
- *                 multiple calls, which speeds up things a bit. It can
- *                 be set to NULL if the extra performance is unneeded.
- */
-int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR );
-
-/**
- * \brief          Greatest common divisor: G = gcd(A, B)
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed
- */
-int mpi_gcd( mpi *G, mpi *A, mpi *B );
-
-/**
- * \brief          Modular inverse: X = A^-1 mod N
- *
- * \return         0 if successful,
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
- *                 POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
- */
-int mpi_inv_mod( mpi *X, mpi *A, mpi *N );
-
-/**
- * \brief          Miller-Rabin primality test
- *
- * \return         0 if successful (probably prime),
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
- */
-int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng );
-
-/**
- * \brief          Prime number generation
- *
- * \param X        destination mpi
- * \param nbits    required size of X in bits
- * \param dh_flag  if 1, then (X-1)/2 will be prime too
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
- *
- * \return         0 if successful (probably prime),
- *                 1 if memory allocation failed,
- *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
- */
-int mpi_gen_prime( mpi *X, int nbits, int dh_flag,
-                   int (*f_rng)(void *), void *p_rng );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mpi_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* bignum.h */
diff --git a/package/utils/px5g-standalone/src/polarssl/bn_mul.h b/package/utils/px5g-standalone/src/polarssl/bn_mul.h
deleted file mode 100644
index f6d34da58a..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/bn_mul.h
+++ /dev/null
@@ -1,731 +0,0 @@
-/**
- * \file bn_mul.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*
- *      Multiply source vector [s] with b, add result
- *       to destination vector [d] and set carry c.
- *
- *      Currently supports:
- *
- *         . IA-32 (386+)         . AMD64 / EM64T
- *         . IA-32 (SSE2)         . Motorola 68000
- *         . PowerPC, 32-bit      . MicroBlaze
- *         . PowerPC, 64-bit      . TriCore
- *         . SPARC v8             . ARM v3+
- *         . Alpha                . MIPS32
- *         . C, longlong          . C, generic
- */
-#ifndef POLARSSL_BN_MUL_H
-#define POLARSSL_BN_MUL_H
-
-#include "polarssl/config.h"
-
-#if defined(POLARSSL_HAVE_ASM)
-
-#if defined(__GNUC__)
-#if defined(__i386__)
-
-#define MULADDC_INIT                            \
-    asm( "movl   %%ebx, %0      " : "=m" (t));  \
-    asm( "movl   %0, %%esi      " :: "m" (s));  \
-    asm( "movl   %0, %%edi      " :: "m" (d));  \
-    asm( "movl   %0, %%ecx      " :: "m" (c));  \
-    asm( "movl   %0, %%ebx      " :: "m" (b));
-
-#define MULADDC_CORE                            \
-    asm( "lodsl                 " );            \
-    asm( "mull   %ebx           " );            \
-    asm( "addl   %ecx,   %eax   " );            \
-    asm( "adcl   $0,     %edx   " );            \
-    asm( "addl   (%edi), %eax   " );            \
-    asm( "adcl   $0,     %edx   " );            \
-    asm( "movl   %edx,   %ecx   " );            \
-    asm( "stosl                 " );
-
-#if defined(POLARSSL_HAVE_SSE2)
-
-#define MULADDC_HUIT                            \
-    asm( "movd     %ecx,     %mm1     " );      \
-    asm( "movd     %ebx,     %mm0     " );      \
-    asm( "movd     (%edi),   %mm3     " );      \
-    asm( "paddq    %mm3,     %mm1     " );      \
-    asm( "movd     (%esi),   %mm2     " );      \
-    asm( "pmuludq  %mm0,     %mm2     " );      \
-    asm( "movd     4(%esi),  %mm4     " );      \
-    asm( "pmuludq  %mm0,     %mm4     " );      \
-    asm( "movd     8(%esi),  %mm6     " );      \
-    asm( "pmuludq  %mm0,     %mm6     " );      \
-    asm( "movd     12(%esi), %mm7     " );      \
-    asm( "pmuludq  %mm0,     %mm7     " );      \
-    asm( "paddq    %mm2,     %mm1     " );      \
-    asm( "movd     4(%edi),  %mm3     " );      \
-    asm( "paddq    %mm4,     %mm3     " );      \
-    asm( "movd     8(%edi),  %mm5     " );      \
-    asm( "paddq    %mm6,     %mm5     " );      \
-    asm( "movd     12(%edi), %mm4     " );      \
-    asm( "paddq    %mm4,     %mm7     " );      \
-    asm( "movd     %mm1,     (%edi)   " );      \
-    asm( "movd     16(%esi), %mm2     " );      \
-    asm( "pmuludq  %mm0,     %mm2     " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "movd     20(%esi), %mm4     " );      \
-    asm( "pmuludq  %mm0,     %mm4     " );      \
-    asm( "paddq    %mm3,     %mm1     " );      \
-    asm( "movd     24(%esi), %mm6     " );      \
-    asm( "pmuludq  %mm0,     %mm6     " );      \
-    asm( "movd     %mm1,     4(%edi)  " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "movd     28(%esi), %mm3     " );      \
-    asm( "pmuludq  %mm0,     %mm3     " );      \
-    asm( "paddq    %mm5,     %mm1     " );      \
-    asm( "movd     16(%edi), %mm5     " );      \
-    asm( "paddq    %mm5,     %mm2     " );      \
-    asm( "movd     %mm1,     8(%edi)  " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "paddq    %mm7,     %mm1     " );      \
-    asm( "movd     20(%edi), %mm5     " );      \
-    asm( "paddq    %mm5,     %mm4     " );      \
-    asm( "movd     %mm1,     12(%edi) " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "paddq    %mm2,     %mm1     " );      \
-    asm( "movd     24(%edi), %mm5     " );      \
-    asm( "paddq    %mm5,     %mm6     " );      \
-    asm( "movd     %mm1,     16(%edi) " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "paddq    %mm4,     %mm1     " );      \
-    asm( "movd     28(%edi), %mm5     " );      \
-    asm( "paddq    %mm5,     %mm3     " );      \
-    asm( "movd     %mm1,     20(%edi) " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "paddq    %mm6,     %mm1     " );      \
-    asm( "movd     %mm1,     24(%edi) " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "paddq    %mm3,     %mm1     " );      \
-    asm( "movd     %mm1,     28(%edi) " );      \
-    asm( "addl     $32,      %edi     " );      \
-    asm( "addl     $32,      %esi     " );      \
-    asm( "psrlq    $32,      %mm1     " );      \
-    asm( "movd     %mm1,     %ecx     " );
-
-#define MULADDC_STOP                            \
-    asm( "emms                        " );      \
-    asm( "movl   %0, %%ebx      " :: "m" (t));  \
-    asm( "movl   %%ecx, %0      " : "=m" (c));  \
-    asm( "movl   %%edi, %0      " : "=m" (d));  \
-    asm( "movl   %%esi, %0      " : "=m" (s) :: \
-    "eax", "ecx", "edx", "esi", "edi" );
-
-#else
-
-#define MULADDC_STOP                            \
-    asm( "movl   %0, %%ebx      " :: "m" (t));  \
-    asm( "movl   %%ecx, %0      " : "=m" (c));  \
-    asm( "movl   %%edi, %0      " : "=m" (d));  \
-    asm( "movl   %%esi, %0      " : "=m" (s) :: \
-    "eax", "ecx", "edx", "esi", "edi" );
-
-#endif /* SSE2 */
-#endif /* i386 */
-
-#if defined(__amd64__) || defined (__x86_64__)
-
-#define MULADDC_INIT                            \
-    asm( "movq   %0, %%rsi      " :: "m" (s));  \
-    asm( "movq   %0, %%rdi      " :: "m" (d));  \
-    asm( "movq   %0, %%rcx      " :: "m" (c));  \
-    asm( "movq   %0, %%rbx      " :: "m" (b));  \
-    asm( "xorq   %r8, %r8       " );
-
-#define MULADDC_CORE                            \
-    asm( "movq  (%rsi),%rax     " );            \
-    asm( "mulq   %rbx           " );            \
-    asm( "addq   $8,   %rsi     " );            \
-    asm( "addq   %rcx, %rax     " );            \
-    asm( "movq   %r8,  %rcx     " );            \
-    asm( "adcq   $0,   %rdx     " );            \
-    asm( "nop                   " );            \
-    asm( "addq   %rax, (%rdi)   " );            \
-    asm( "adcq   %rdx, %rcx     " );            \
-    asm( "addq   $8,   %rdi     " );
-
-#define MULADDC_STOP                            \
-    asm( "movq   %%rcx, %0      " : "=m" (c));  \
-    asm( "movq   %%rdi, %0      " : "=m" (d));  \
-    asm( "movq   %%rsi, %0      " : "=m" (s) :: \
-    "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" );
-
-#endif /* AMD64 */
-
-#if defined(__mc68020__) || defined(__mcpu32__)
-
-#define MULADDC_INIT                            \
-    asm( "movl   %0, %%a2       " :: "m" (s));  \
-    asm( "movl   %0, %%a3       " :: "m" (d));  \
-    asm( "movl   %0, %%d3       " :: "m" (c));  \
-    asm( "movl   %0, %%d2       " :: "m" (b));  \
-    asm( "moveq  #0, %d0        " );
-
-#define MULADDC_CORE                            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d4:%d1   " );            \
-    asm( "addl   %d3, %d1       " );            \
-    asm( "addxl  %d0, %d4       " );            \
-    asm( "moveq  #0,  %d3       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "addxl  %d4, %d3       " );
-
-#define MULADDC_STOP                            \
-    asm( "movl   %%d3, %0       " : "=m" (c));  \
-    asm( "movl   %%a3, %0       " : "=m" (d));  \
-    asm( "movl   %%a2, %0       " : "=m" (s) :: \
-    "d0", "d1", "d2", "d3", "d4", "a2", "a3" );
-
-#define MULADDC_HUIT                            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d4:%d1   " );            \
-    asm( "addxl  %d3, %d1       " );            \
-    asm( "addxl  %d0, %d4       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d3:%d1   " );            \
-    asm( "addxl  %d4, %d1       " );            \
-    asm( "addxl  %d0, %d3       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d4:%d1   " );            \
-    asm( "addxl  %d3, %d1       " );            \
-    asm( "addxl  %d0, %d4       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d3:%d1   " );            \
-    asm( "addxl  %d4, %d1       " );            \
-    asm( "addxl  %d0, %d3       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d4:%d1   " );            \
-    asm( "addxl  %d3, %d1       " );            \
-    asm( "addxl  %d0, %d4       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d3:%d1   " );            \
-    asm( "addxl  %d4, %d1       " );            \
-    asm( "addxl  %d0, %d3       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d4:%d1   " );            \
-    asm( "addxl  %d3, %d1       " );            \
-    asm( "addxl  %d0, %d4       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "movel  %a2@+, %d1     " );            \
-    asm( "mulul  %d2, %d3:%d1   " );            \
-    asm( "addxl  %d4, %d1       " );            \
-    asm( "addxl  %d0, %d3       " );            \
-    asm( "addl   %d1, %a3@+     " );            \
-    asm( "addxl  %d0, %d3       " );
-
-#endif /* MC68000 */
-
-#if defined(__powerpc__)   || defined(__ppc__)
-#if defined(__powerpc64__) || defined(__ppc64__)
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                            \
-    asm( "ld     r3, %0         " :: "m" (s));  \
-    asm( "ld     r4, %0         " :: "m" (d));  \
-    asm( "ld     r5, %0         " :: "m" (c));  \
-    asm( "ld     r6, %0         " :: "m" (b));  \
-    asm( "addi   r3, r3, -8     " );            \
-    asm( "addi   r4, r4, -8     " );            \
-    asm( "addic  r5, r5,  0     " );
-
-#define MULADDC_CORE                            \
-    asm( "ldu    r7, 8(r3)      " );            \
-    asm( "mulld  r8, r7, r6     " );            \
-    asm( "mulhdu r9, r7, r6     " );            \
-    asm( "adde   r8, r8, r5     " );            \
-    asm( "ld     r7, 8(r4)      " );            \
-    asm( "addze  r5, r9         " );            \
-    asm( "addc   r8, r8, r7     " );            \
-    asm( "stdu   r8, 8(r4)      " );
-
-#define MULADDC_STOP                            \
-    asm( "addze  r5, r5         " );            \
-    asm( "addi   r4, r4, 8      " );            \
-    asm( "addi   r3, r3, 8      " );            \
-    asm( "std    r5, %0         " : "=m" (c));  \
-    asm( "std    r4, %0         " : "=m" (d));  \
-    asm( "std    r3, %0         " : "=m" (s) :: \
-    "r3", "r4", "r5", "r6", "r7", "r8", "r9" );
-
-#else
-
-#define MULADDC_INIT                            \
-    asm( "ld     %%r3, %0       " :: "m" (s));  \
-    asm( "ld     %%r4, %0       " :: "m" (d));  \
-    asm( "ld     %%r5, %0       " :: "m" (c));  \
-    asm( "ld     %%r6, %0       " :: "m" (b));  \
-    asm( "addi   %r3, %r3, -8   " );            \
-    asm( "addi   %r4, %r4, -8   " );            \
-    asm( "addic  %r5, %r5,  0   " );
-
-#define MULADDC_CORE                            \
-    asm( "ldu    %r7, 8(%r3)    " );            \
-    asm( "mulld  %r8, %r7, %r6  " );            \
-    asm( "mulhdu %r9, %r7, %r6  " );            \
-    asm( "adde   %r8, %r8, %r5  " );            \
-    asm( "ld     %r7, 8(%r4)    " );            \
-    asm( "addze  %r5, %r9       " );            \
-    asm( "addc   %r8, %r8, %r7  " );            \
-    asm( "stdu   %r8, 8(%r4)    " );
-
-#define MULADDC_STOP                            \
-    asm( "addze  %r5, %r5       " );            \
-    asm( "addi   %r4, %r4, 8    " );            \
-    asm( "addi   %r3, %r3, 8    " );            \
-    asm( "std    %%r5, %0       " : "=m" (c));  \
-    asm( "std    %%r4, %0       " : "=m" (d));  \
-    asm( "std    %%r3, %0       " : "=m" (s) :: \
-    "r3", "r4", "r5", "r6", "r7", "r8", "r9" );
-
-#endif
-
-#else /* PPC32 */
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                            \
-    asm( "lwz    r3, %0         " :: "m" (s));  \
-    asm( "lwz    r4, %0         " :: "m" (d));  \
-    asm( "lwz    r5, %0         " :: "m" (c));  \
-    asm( "lwz    r6, %0         " :: "m" (b));  \
-    asm( "addi   r3, r3, -4     " );            \
-    asm( "addi   r4, r4, -4     " );            \
-    asm( "addic  r5, r5,  0     " );
-
-#define MULADDC_CORE                            \
-    asm( "lwzu   r7, 4(r3)      " );            \
-    asm( "mullw  r8, r7, r6     " );            \
-    asm( "mulhwu r9, r7, r6     " );            \
-    asm( "adde   r8, r8, r5     " );            \
-    asm( "lwz    r7, 4(r4)      " );            \
-    asm( "addze  r5, r9         " );            \
-    asm( "addc   r8, r8, r7     " );            \
-    asm( "stwu   r8, 4(r4)      " );
-
-#define MULADDC_STOP                            \
-    asm( "addze  r5, r5         " );            \
-    asm( "addi   r4, r4, 4      " );            \
-    asm( "addi   r3, r3, 4      " );            \
-    asm( "stw    r5, %0         " : "=m" (c));  \
-    asm( "stw    r4, %0         " : "=m" (d));  \
-    asm( "stw    r3, %0         " : "=m" (s) :: \
-    "r3", "r4", "r5", "r6", "r7", "r8", "r9" );
-
-#else
-
-#define MULADDC_INIT                            \
-    asm( "lwz    %%r3, %0       " :: "m" (s));  \
-    asm( "lwz    %%r4, %0       " :: "m" (d));  \
-    asm( "lwz    %%r5, %0       " :: "m" (c));  \
-    asm( "lwz    %%r6, %0       " :: "m" (b));  \
-    asm( "addi   %r3, %r3, -4   " );            \
-    asm( "addi   %r4, %r4, -4   " );            \
-    asm( "addic  %r5, %r5,  0   " );
-
-#define MULADDC_CORE                            \
-    asm( "lwzu   %r7, 4(%r3)    " );            \
-    asm( "mullw  %r8, %r7, %r6  " );            \
-    asm( "mulhwu %r9, %r7, %r6  " );            \
-    asm( "adde   %r8, %r8, %r5  " );            \
-    asm( "lwz    %r7, 4(%r4)    " );            \
-    asm( "addze  %r5, %r9       " );            \
-    asm( "addc   %r8, %r8, %r7  " );            \
-    asm( "stwu   %r8, 4(%r4)    " );
-
-#define MULADDC_STOP                            \
-    asm( "addze  %r5, %r5       " );            \
-    asm( "addi   %r4, %r4, 4    " );            \
-    asm( "addi   %r3, %r3, 4    " );            \
-    asm( "stw    %%r5, %0       " : "=m" (c));  \
-    asm( "stw    %%r4, %0       " : "=m" (d));  \
-    asm( "stw    %%r3, %0       " : "=m" (s) :: \
-    "r3", "r4", "r5", "r6", "r7", "r8", "r9" );
-
-#endif
-
-#endif /* PPC32 */
-#endif /* PPC64 */
-
-#if defined(__sparc__)
-
-#define MULADDC_INIT                            \
-    asm( "ld     %0, %%o0       " :: "m" (s));  \
-    asm( "ld     %0, %%o1       " :: "m" (d));  \
-    asm( "ld     %0, %%o2       " :: "m" (c));  \
-    asm( "ld     %0, %%o3       " :: "m" (b));
-
-#define MULADDC_CORE                            \
-    asm( "ld    [%o0], %o4      " );            \
-    asm( "inc      4,  %o0      " );            \
-    asm( "ld    [%o1], %o5      " );            \
-    asm( "umul   %o3,  %o4, %o4 " );            \
-    asm( "addcc  %o4,  %o2, %o4 " );            \
-    asm( "rd      %y,  %g1      " );            \
-    asm( "addx   %g1,    0, %g1 " );            \
-    asm( "addcc  %o4,  %o5, %o4 " );            \
-    asm( "st     %o4, [%o1]     " );            \
-    asm( "addx   %g1,    0, %o2 " );            \
-    asm( "inc      4,  %o1      " );
-
-#define MULADDC_STOP                            \
-    asm( "st     %%o2, %0       " : "=m" (c));  \
-    asm( "st     %%o1, %0       " : "=m" (d));  \
-    asm( "st     %%o0, %0       " : "=m" (s) :: \
-    "g1", "o0", "o1", "o2", "o3", "o4", "o5" );
-
-#endif /* SPARCv8 */
-
-#if defined(__microblaze__) || defined(microblaze)
-
-#define MULADDC_INIT                            \
-    asm( "lwi   r3,   %0        " :: "m" (s));  \
-    asm( "lwi   r4,   %0        " :: "m" (d));  \
-    asm( "lwi   r5,   %0        " :: "m" (c));  \
-    asm( "lwi   r6,   %0        " :: "m" (b));  \
-    asm( "andi  r7,   r6, 0xffff" );            \
-    asm( "bsrli r6,   r6, 16    " );
-
-#define MULADDC_CORE                            \
-    asm( "lhui  r8,   r3,   0   " );            \
-    asm( "addi  r3,   r3,   2   " );            \
-    asm( "lhui  r9,   r3,   0   " );            \
-    asm( "addi  r3,   r3,   2   " );            \
-    asm( "mul   r10,  r9,  r6   " );            \
-    asm( "mul   r11,  r8,  r7   " );            \
-    asm( "mul   r12,  r9,  r7   " );            \
-    asm( "mul   r13,  r8,  r6   " );            \
-    asm( "bsrli  r8, r10,  16   " );            \
-    asm( "bsrli  r9, r11,  16   " );            \
-    asm( "add   r13, r13,  r8   " );            \
-    asm( "add   r13, r13,  r9   " );            \
-    asm( "bslli r10, r10,  16   " );            \
-    asm( "bslli r11, r11,  16   " );            \
-    asm( "add   r12, r12, r10   " );            \
-    asm( "addc  r13, r13,  r0   " );            \
-    asm( "add   r12, r12, r11   " );            \
-    asm( "addc  r13, r13,  r0   " );            \
-    asm( "lwi   r10,  r4,   0   " );            \
-    asm( "add   r12, r12, r10   " );            \
-    asm( "addc  r13, r13,  r0   " );            \
-    asm( "add   r12, r12,  r5   " );            \
-    asm( "addc   r5, r13,  r0   " );            \
-    asm( "swi   r12,  r4,   0   " );            \
-    asm( "addi   r4,  r4,   4   " );
-
-#define MULADDC_STOP                            \
-    asm( "swi   r5,   %0        " : "=m" (c));  \
-    asm( "swi   r4,   %0        " : "=m" (d));  \
-    asm( "swi   r3,   %0        " : "=m" (s) :: \
-     "r3", "r4" , "r5" , "r6" , "r7" , "r8" ,   \
-     "r9", "r10", "r11", "r12", "r13" );
-
-#endif /* MicroBlaze */
-
-#if defined(__tricore__)
-
-#define MULADDC_INIT                            \
-    asm( "ld.a   %%a2, %0       " :: "m" (s));  \
-    asm( "ld.a   %%a3, %0       " :: "m" (d));  \
-    asm( "ld.w   %%d4, %0       " :: "m" (c));  \
-    asm( "ld.w   %%d1, %0       " :: "m" (b));  \
-    asm( "xor    %d5, %d5       " );
-
-#define MULADDC_CORE                            \
-    asm( "ld.w   %d0,   [%a2+]      " );        \
-    asm( "madd.u %e2, %e4, %d0, %d1 " );        \
-    asm( "ld.w   %d0,   [%a3]       " );        \
-    asm( "addx   %d2,    %d2,  %d0  " );        \
-    asm( "addc   %d3,    %d3,    0  " );        \
-    asm( "mov    %d4,    %d3        " );        \
-    asm( "st.w  [%a3+],  %d2        " );
-
-#define MULADDC_STOP                            \
-    asm( "st.w   %0, %%d4       " : "=m" (c));  \
-    asm( "st.a   %0, %%a3       " : "=m" (d));  \
-    asm( "st.a   %0, %%a2       " : "=m" (s) :: \
-    "d0", "d1", "e2", "d4", "a2", "a3" );
-
-#endif /* TriCore */
-
-#if defined(__arm__)
-
-#define MULADDC_INIT                            \
-    asm( "ldr    r0, %0         " :: "m" (s));  \
-    asm( "ldr    r1, %0         " :: "m" (d));  \
-    asm( "ldr    r2, %0         " :: "m" (c));  \
-    asm( "ldr    r3, %0         " :: "m" (b));
-
-#define MULADDC_CORE                            \
-    asm( "ldr    r4, [r0], #4   " );            \
-    asm( "mov    r5, #0         " );            \
-    asm( "ldr    r6, [r1]       " );            \
-    asm( "umlal  r2, r5, r3, r4 " );            \
-    asm( "adds   r7, r6, r2     " );            \
-    asm( "adc    r2, r5, #0     " );            \
-    asm( "str    r7, [r1], #4   " );
-
-#define MULADDC_STOP                            \
-    asm( "str    r2, %0         " : "=m" (c));  \
-    asm( "str    r1, %0         " : "=m" (d));  \
-    asm( "str    r0, %0         " : "=m" (s) :: \
-    "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7" );
-
-#endif /* ARMv3 */
-
-#if defined(__alpha__)
-
-#define MULADDC_INIT                            \
-    asm( "ldq    $1, %0         " :: "m" (s));  \
-    asm( "ldq    $2, %0         " :: "m" (d));  \
-    asm( "ldq    $3, %0         " :: "m" (c));  \
-    asm( "ldq    $4, %0         " :: "m" (b));
-
-#define MULADDC_CORE                            \
-    asm( "ldq    $6,  0($1)     " );            \
-    asm( "addq   $1,  8, $1     " );            \
-    asm( "mulq   $6, $4, $7     " );            \
-    asm( "umulh  $6, $4, $6     " );            \
-    asm( "addq   $7, $3, $7     " );            \
-    asm( "cmpult $7, $3, $3     " );            \
-    asm( "ldq    $5,  0($2)     " );            \
-    asm( "addq   $7, $5, $7     " );            \
-    asm( "cmpult $7, $5, $5     " );            \
-    asm( "stq    $7,  0($2)     " );            \
-    asm( "addq   $2,  8, $2     " );            \
-    asm( "addq   $6, $3, $3     " );            \
-    asm( "addq   $5, $3, $3     " );
-
-#define MULADDC_STOP                            \
-    asm( "stq    $3, %0         " : "=m" (c));  \
-    asm( "stq    $2, %0         " : "=m" (d));  \
-    asm( "stq    $1, %0         " : "=m" (s) :: \
-    "$1", "$2", "$3", "$4", "$5", "$6", "$7" );
-
-#endif /* Alpha */
-
-#if defined(__mips__)
-
-#define MULADDC_INIT                            \
-    asm( "lw     $10, %0        " :: "m" (s));  \
-    asm( "lw     $11, %0        " :: "m" (d));  \
-    asm( "lw     $12, %0        " :: "m" (c));  \
-    asm( "lw     $13, %0        " :: "m" (b));
-
-#define MULADDC_CORE                            \
-    asm( "lw     $14, 0($10)    " );            \
-    asm( "multu  $13, $14       " );            \
-    asm( "addi   $10, $10, 4    " );            \
-    asm( "mflo   $14            " );            \
-    asm( "mfhi   $9             " );            \
-    asm( "addu   $14, $12, $14  " );            \
-    asm( "lw     $15, 0($11)    " );            \
-    asm( "sltu   $12, $14, $12  " );            \
-    asm( "addu   $15, $14, $15  " );            \
-    asm( "sltu   $14, $15, $14  " );            \
-    asm( "addu   $12, $12, $9   " );            \
-    asm( "sw     $15, 0($11)    " );            \
-    asm( "addu   $12, $12, $14  " );            \
-    asm( "addi   $11, $11, 4    " );
-
-#define MULADDC_STOP                            \
-    asm( "sw     $12, %0        " : "=m" (c));  \
-    asm( "sw     $11, %0        " : "=m" (d));  \
-    asm( "sw     $10, %0        " : "=m" (s) :: \
-    "$9", "$10", "$11", "$12", "$13", "$14", "$15" );
-
-#endif /* MIPS */
-#endif /* GNUC */
-
-#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-
-#define MULADDC_INIT                            \
-    __asm   mov     esi, s                      \
-    __asm   mov     edi, d                      \
-    __asm   mov     ecx, c                      \
-    __asm   mov     ebx, b
-
-#define MULADDC_CORE                            \
-    __asm   lodsd                               \
-    __asm   mul     ebx                         \
-    __asm   add     eax, ecx                    \
-    __asm   adc     edx, 0                      \
-    __asm   add     eax, [edi]                  \
-    __asm   adc     edx, 0                      \
-    __asm   mov     ecx, edx                    \
-    __asm   stosd
-
-#if defined(POLARSSL_HAVE_SSE2)
-
-#define EMIT __asm _emit
-
-#define MULADDC_HUIT                            \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
-    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
-    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
-
-#define MULADDC_STOP                            \
-    EMIT 0x0F  EMIT 0x77                        \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#else
-
-#define MULADDC_STOP                            \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#endif /* SSE2 */
-#endif /* MSVC */
-
-#endif /* POLARSSL_HAVE_ASM */
-
-#if !defined(MULADDC_CORE)
-#if defined(POLARSSL_HAVE_LONGLONG)
-
-#define MULADDC_INIT                    \
-{                                       \
-    t_dbl r;                            \
-    t_int r0, r1;
-
-#define MULADDC_CORE                    \
-    r   = *(s++) * (t_dbl) b;           \
-    r0  = r;                            \
-    r1  = r >> biL;                     \
-    r0 += c;  r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#else
-#define MULADDC_INIT                    \
-{                                       \
-    t_int s0, s1, b0, b1;               \
-    t_int r0, r1, rx, ry;               \
-    b0 = ( b << biH ) >> biH;           \
-    b1 = ( b >> biH );
-
-#define MULADDC_CORE                    \
-    s0 = ( *s << biH ) >> biH;          \
-    s1 = ( *s >> biH ); s++;            \
-    rx = s0 * b1; r0 = s0 * b0;         \
-    ry = s1 * b0; r1 = s1 * b1;         \
-    r1 += ( rx >> biH );                \
-    r1 += ( ry >> biH );                \
-    rx <<= biH; ry <<= biH;             \
-    r0 += rx; r1 += (r0 < rx);          \
-    r0 += ry; r1 += (r0 < ry);          \
-    r0 +=  c; r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#endif /* C (generic)  */
-#endif /* C (longlong) */
-
-#endif /* bn_mul.h */
diff --git a/package/utils/px5g-standalone/src/polarssl/config.h b/package/utils/px5g-standalone/src/polarssl/config.h
deleted file mode 100644
index 79cd3dba9d..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/config.h
+++ /dev/null
@@ -1,329 +0,0 @@
-/**
- * \file config.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
-
-#ifndef _CRT_SECURE_NO_DEPRECATE
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/*
- * Uncomment if native integers are 8-bit wide.
- *
-#define POLARSSL_HAVE_INT8
- */
-
-/*
- * Uncomment if native integers are 16-bit wide.
- *
-#define POLARSSL_HAVE_INT16
- */
-
-/*
- * Uncomment if the compiler supports long long.
-#define POLARSSL_HAVE_LONGLONG
- */
-
-
-/*
- * Uncomment to enable the use of assembly code.
- */
-/* #define POLARSSL_HAVE_ASM */
-
-/*
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- *
-#define POLARSSL_HAVE_SSE2
- */
-
-/*
- * Enable all SSL/TLS debugging messages.
- */
-#define POLARSSL_DEBUG_MSG
-
-/*
- * Enable the checkup functions (*_self_test).
- */
-#define POLARSSL_SELF_TEST
-
-/*
- * Enable the prime-number generation code.
- */
-#define POLARSSL_GENPRIME
-
-/*
- * Uncomment this macro to store the AES tables in ROM.
- *
-#define POLARSSL_AES_ROM_TABLES
- */
-
-/*
- * Module:  library/aes.c
- * Caller:  library/ssl_tls.c
- *
- * This module enables the following ciphersuites:
- *      SSL_RSA_AES_128_SHA
- *      SSL_RSA_AES_256_SHA
- *      SSL_EDH_RSA_AES_256_SHA
- */
-#define POLARSSL_AES_C
-
-/*
- * Module:  library/arc4.c
- * Caller:  library/ssl_tls.c
- *
- * This module enables the following ciphersuites:
- *      SSL_RSA_RC4_128_MD5
- *      SSL_RSA_RC4_128_SHA
- */
-#define POLARSSL_ARC4_C
-
-/*
- * Module:  library/base64.c
- * Caller:  library/x509parse.c
- *
- * This module is required for X.509 support.
- */
-#define POLARSSL_BASE64_C
-
-/*
- * Module:  library/bignum.c
- * Caller:  library/dhm.c
- *          library/rsa.c
- *          library/ssl_tls.c
- *          library/x509parse.c
- *
- * This module is required for RSA and DHM support.
- */
-#define POLARSSL_BIGNUM_C
-
-/*
- * Module:  library/camellia.c
- * Caller:
- *
- * This module enabled the following cipher suites:
- */
-#define POLARSSL_CAMELLIA_C
-
-/*
- * Module:  library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-#define POLARSSL_CERTS_C
-
-/*
- * Module:  library/debug.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * This module provides debugging functions.
- */
-#define POLARSSL_DEBUG_C
-
-/*
- * Module:  library/des.c
- * Caller:  library/ssl_tls.c
- *
- * This module enables the following ciphersuites:
- *      SSL_RSA_DES_168_SHA
- *      SSL_EDH_RSA_DES_168_SHA
- */
-#define POLARSSL_DES_C
-
-/*
- * Module:  library/dhm.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module enables the following ciphersuites:
- *      SSL_EDH_RSA_DES_168_SHA
- *      SSL_EDH_RSA_AES_256_SHA
- */
-#define POLARSSL_DHM_C
-
-/*
- * Module:  library/havege.c
- * Caller:
- *
- * This module enables the HAVEGE random number generator.
- */
-#define POLARSSL_HAVEGE_C
-
-/*
- * Module:  library/md2.c
- * Caller:  library/x509parse.c
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
-#define POLARSSL_MD2_C
- */
-
-/*
- * Module:  library/md4.c
- * Caller:  library/x509parse.c
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
-#define POLARSSL_MD4_C
- */
-
-/*
- * Module:  library/md5.c
- * Caller:  library/ssl_tls.c
- *          library/x509parse.c
- *
- * This module is required for SSL/TLS and X.509.
- */
-#define POLARSSL_MD5_C
-
-/*
- * Module:  library/net.c
- * Caller:
- *
- * This module provides TCP/IP networking routines.
- */
-#define POLARSSL_NET_C
-
-/*
- * Module:  library/padlock.c
- * Caller:  library/aes.c
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-#define POLARSSL_PADLOCK_C
-
-/*
- * Module:  library/rsa.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *          library/x509.c
- *
- * This module is required for SSL/TLS and MD5-signed certificates.
- */
-#define POLARSSL_RSA_C
-
-/*
- * Module:  library/sha1.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *          library/x509parse.c
- *
- * This module is required for SSL/TLS and SHA1-signed certificates.
- */
-#define POLARSSL_SHA1_C
-
-/*
- * Module:  library/sha2.c
- * Caller:
- *
- * This module adds support for SHA-224 and SHA-256.
- */
-#define POLARSSL_SHA2_C
-
-/*
- * Module:  library/sha4.c
- * Caller:
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define POLARSSL_SHA4_C
-
-/*
- * Module:  library/ssl_cli.c
- * Caller:
- *
- * This module is required for SSL/TLS client support.
- */
-#define POLARSSL_SSL_CLI_C
-
-/*
- * Module:  library/ssl_srv.c
- * Caller:
- *
- * This module is required for SSL/TLS server support.
- */
-#define POLARSSL_SSL_SRV_C
-
-/*
- * Module:  library/ssl_tls.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module is required for SSL/TLS.
- */
-#define POLARSSL_SSL_TLS_C
-
-/*
- * Module:  library/timing.c
- * Caller:  library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-#define POLARSSL_TIMING_C
-
-/*
- * Module:  library/x509parse.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * This module is required for X.509 certificate parsing.
- */
-#define POLARSSL_X509_PARSE_C
-
-/*
- * Module:  library/x509_write.c
- * Caller:
- *
- * This module is required for X.509 certificate writing.
- */
-#define POLARSSL_X509_WRITE_C
-
-/*
- * Module:  library/xtea.c
- * Caller:
- */
-#define POLARSSL_XTEA_C
-
-#endif /* config.h */
diff --git a/package/utils/px5g-standalone/src/polarssl/rsa.h b/package/utils/px5g-standalone/src/polarssl/rsa.h
deleted file mode 100644
index b31dc2f144..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/rsa.h
+++ /dev/null
@@ -1,309 +0,0 @@
-/**
- * \file rsa.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef POLARSSL_RSA_H
-#define POLARSSL_RSA_H
-
-#include "polarssl/bignum.h"
-
-#define POLARSSL_ERR_RSA_BAD_INPUT_DATA                    -0x0400
-#define POLARSSL_ERR_RSA_INVALID_PADDING                   -0x0410
-#define POLARSSL_ERR_RSA_KEY_GEN_FAILED                    -0x0420
-#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED                  -0x0430
-#define POLARSSL_ERR_RSA_PUBLIC_FAILED                     -0x0440
-#define POLARSSL_ERR_RSA_PRIVATE_FAILED                    -0x0450
-#define POLARSSL_ERR_RSA_VERIFY_FAILED                     -0x0460
-#define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE                   -0x0470
-
-/*
- * PKCS#1 constants
- */
-#define RSA_RAW         0
-#define RSA_MD2         2
-#define RSA_MD4         3
-#define RSA_MD5         4
-#define RSA_SHA1        5
-#define RSA_SHA256      6
-
-#define RSA_PUBLIC      0
-#define RSA_PRIVATE     1
-
-#define RSA_PKCS_V15    0
-#define RSA_PKCS_V21    1
-
-#define RSA_SIGN        1
-#define RSA_CRYPT       2
-
-/*
- * DigestInfo ::= SEQUENCE {
- *   digestAlgorithm DigestAlgorithmIdentifier,
- *   digest Digest }
- *
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
- *
- * Digest ::= OCTET STRING
- */
-#define ASN1_HASH_MDX                       \
-    "\x30\x20\x30\x0C\x06\x08\x2A\x86\x48"  \
-    "\x86\xF7\x0D\x02\x00\x05\x00\x04\x10"
-
-#define ASN1_HASH_SHA1                      \
-    "\x30\x21\x30\x09\x06\x05\x2B\x0E\x03"  \
-    "\x02\x1A\x05\x00\x04\x14"
-
-/**
- * \brief          RSA context structure
- */
-typedef struct
-{
-    int ver;                    /*!<  always 0          */
-    int len;                    /*!<  size(N) in chars  */
-
-    mpi N;                      /*!<  public modulus    */
-    mpi E;                      /*!<  public exponent   */
-
-    mpi D;                      /*!<  private exponent  */
-    mpi P;                      /*!<  1st prime factor  */
-    mpi Q;                      /*!<  2nd prime factor  */
-    mpi DP;                     /*!<  D % (P - 1)       */
-    mpi DQ;                     /*!<  D % (Q - 1)       */
-    mpi QP;                     /*!<  1 / (Q % P)       */
-
-    mpi RN;                     /*!<  cached R^2 mod N  */
-    mpi RP;                     /*!<  cached R^2 mod P  */
-    mpi RQ;                     /*!<  cached R^2 mod Q  */
-
-    int padding;                /*!<  1.5 or OAEP/PSS   */
-    int hash_id;                /*!<  hash identifier   */
-    int (*f_rng)(void *);       /*!<  RNG function      */
-    void *p_rng;                /*!<  RNG parameter     */
-}
-rsa_context;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Initialize an RSA context
- *
- * \param ctx      RSA context to be initialized
- * \param padding  RSA_PKCS_V15 or RSA_PKCS_V21
- * \param hash_id  RSA_PKCS_V21 hash identifier
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
- *
- * \note           The hash_id parameter is actually ignored
- *                 when using RSA_PKCS_V15 padding.
- *
- * \note           Currently (xyssl-0.8), RSA_PKCS_V21 padding
- *                 is not supported.
- */
-void rsa_init( rsa_context *ctx,
-               int padding,
-               int hash_id,
-               int (*f_rng)(void *),
-               void *p_rng );
-
-/**
- * \brief          Generate an RSA keypair
- *
- * \param ctx      RSA context that will hold the key
- * \param nbits    size of the public key in bits
- * \param exponent public exponent (e.g., 65537)
- *
- * \note           rsa_init() must be called beforehand to setup
- *                 the RSA context (especially f_rng and p_rng).
- *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- */
-int rsa_gen_key( rsa_context *ctx, int nbits, int exponent );
-
-/**
- * \brief          Check a public RSA key
- *
- * \param ctx      RSA context to be checked
- *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- */
-int rsa_check_pubkey( rsa_context *ctx );
-
-/**
- * \brief          Check a private RSA key
- *
- * \param ctx      RSA context to be checked
- *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- */
-int rsa_check_privkey( rsa_context *ctx );
-
-/**
- * \brief          Do an RSA public key operation
- *
- * \param ctx      RSA context
- * \param input    input buffer
- * \param output   output buffer
- *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note           This function does NOT take care of message
- *                 padding. Also, be sure to set input[0] = 0.
- *
- * \note           The input and output buffers must be large
- *                 enough (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_public( rsa_context *ctx,
-                unsigned char *input,
-                unsigned char *output );
-
-/**
- * \brief          Do an RSA private key operation
- *
- * \param ctx      RSA context
- * \param input    input buffer
- * \param output   output buffer
- *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note           The input and output buffers must be large
- *                 enough (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_private( rsa_context *ctx,
-                 unsigned char *input,
-                 unsigned char *output );
-
-/**
- * \brief          Add the message padding, then do an RSA operation
- *
- * \param ctx      RSA context
- * \param mode     RSA_PUBLIC or RSA_PRIVATE
- * \param ilen     contains the the plaintext length
- * \param input    buffer holding the data to be encrypted
- * \param output   buffer that will hold the ciphertext
- *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note           The output buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_pkcs1_encrypt( rsa_context *ctx,
-                       int mode, int  ilen,
-                       unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief          Do an RSA operation, then remove the message padding
- *
- * \param ctx      RSA context
- * \param mode     RSA_PUBLIC or RSA_PRIVATE
- * \param input    buffer holding the encrypted data
- * \param output   buffer that will hold the plaintext
- * \param olen     will contain the plaintext length
- * \param output_max_len	maximum length of the output buffer
- *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note           The output buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
- *                 an error is thrown.
- */
-int rsa_pkcs1_decrypt( rsa_context *ctx,
-                       int mode, int *olen,
-                       unsigned char *input,
-                       unsigned char *output,
-		       int output_max_len);
-
-/**
- * \brief          Do a private RSA to sign a message digest
- *
- * \param ctx      RSA context
- * \param mode     RSA_PUBLIC or RSA_PRIVATE
- * \param hash_id  RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
- * \param hashlen  message digest length (for RSA_RAW only)
- * \param hash     buffer holding the message digest
- * \param sig      buffer that will hold the ciphertext
- *
- * \return         0 if the signing operation was successful,
- *                 or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note           The "sig" buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_pkcs1_sign( rsa_context *ctx,
-                    int mode,
-                    int hash_id,
-                    int hashlen,
-                    unsigned char *hash,
-                    unsigned char *sig );
-
-/**
- * \brief          Do a public RSA and check the message digest
- *
- * \param ctx      points to an RSA public key
- * \param mode     RSA_PUBLIC or RSA_PRIVATE
- * \param hash_id  RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
- * \param hashlen  message digest length (for RSA_RAW only)
- * \param hash     buffer holding the message digest
- * \param sig      buffer holding the ciphertext
- *
- * \return         0 if the verify operation was successful,
- *                 or an POLARSSL_ERR_RSA_XXX error code
- *
- * \note           The "sig" buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int rsa_pkcs1_verify( rsa_context *ctx,
-                      int mode,
-                      int hash_id,
-                      int hashlen,
-                      unsigned char *hash,
-                      unsigned char *sig );
-
-/**
- * \brief          Free the components of an RSA key
- */
-void rsa_free( rsa_context *ctx );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int rsa_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa.h */
diff --git a/package/utils/px5g-standalone/src/polarssl/sha1.h b/package/utils/px5g-standalone/src/polarssl/sha1.h
deleted file mode 100644
index 3ca7dc3195..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/sha1.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/**
- * \file sha1.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef POLARSSL_SHA1_H
-#define POLARSSL_SHA1_H
-
-/**
- * \brief          SHA-1 context structure
- */
-typedef struct
-{
-    unsigned long total[2];     /*!< number of bytes processed  */
-    unsigned long state[5];     /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-
-    unsigned char ipad[64];     /*!< HMAC: inner padding        */
-    unsigned char opad[64];     /*!< HMAC: outer padding        */
-}
-sha1_context;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          SHA-1 context setup
- *
- * \param ctx      context to be initialized
- */
-void sha1_starts( sha1_context *ctx );
-
-/**
- * \brief          SHA-1 process buffer
- *
- * \param ctx      SHA-1 context
- * \param input    buffer holding the  data
- * \param ilen     length of the input data
- */
-void sha1_update( sha1_context *ctx, unsigned char *input, int ilen );
-
-/**
- * \brief          SHA-1 final digest
- *
- * \param ctx      SHA-1 context
- * \param output   SHA-1 checksum result
- */
-void sha1_finish( sha1_context *ctx, unsigned char output[20] );
-
-/**
- * \brief          Output = SHA-1( input buffer )
- *
- * \param input    buffer holding the  data
- * \param ilen     length of the input data
- * \param output   SHA-1 checksum result
- */
-void sha1( unsigned char *input, int ilen, unsigned char output[20] );
-
-/**
- * \brief          Output = SHA-1( file contents )
- *
- * \param path     input file name
- * \param output   SHA-1 checksum result
- *
- * \return         0 if successful, 1 if fopen failed,
- *                 or 2 if fread failed
- */
-int sha1_file( char *path, unsigned char output[20] );
-
-/**
- * \brief          SHA-1 HMAC context setup
- *
- * \param ctx      HMAC context to be initialized
- * \param key      HMAC secret key
- * \param keylen   length of the HMAC key
- */
-void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen );
-
-/**
- * \brief          SHA-1 HMAC process buffer
- *
- * \param ctx      HMAC context
- * \param input    buffer holding the  data
- * \param ilen     length of the input data
- */
-void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen );
-
-/**
- * \brief          SHA-1 HMAC final digest
- *
- * \param ctx      HMAC context
- * \param output   SHA-1 HMAC checksum result
- */
-void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] );
-
-/**
- * \brief          Output = HMAC-SHA-1( hmac key, input buffer )
- *
- * \param key      HMAC secret key
- * \param keylen   length of the HMAC key
- * \param input    buffer holding the  data
- * \param ilen     length of the input data
- * \param output   HMAC-SHA-1 result
- */
-void sha1_hmac( unsigned char *key, int keylen,
-                unsigned char *input, int ilen,
-                unsigned char output[20] );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int sha1_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* sha1.h */
diff --git a/package/utils/px5g-standalone/src/polarssl/timing.h b/package/utils/px5g-standalone/src/polarssl/timing.h
deleted file mode 100644
index 62d627f61b..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/timing.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/**
- * \file timing.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef POLARSSL_TIMING_H
-#define POLARSSL_TIMING_H
-
-/**
- * \brief          timer structure
- */
-struct hr_time
-{
-    unsigned char opaque[32];
-};
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern int alarmed;
-
-/**
- * \brief          Return the CPU cycle counter value
- */
-unsigned long hardclock( void );
-
-/**
- * \brief          Return the elapsed time in milliseconds
- *
- * \param val      points to a timer structure
- * \param reset    if set to 1, the timer is restarted
- */
-unsigned long get_timer( struct hr_time *val, int reset );
-
-/**
- * \brief          Setup an alarm clock
- *
- * \param seconds  delay before the "alarmed" flag is set
- */
-void set_alarm( int seconds );
-
-/**
- * \brief          Sleep for a certain amount of time
- */
-void m_sleep( int milliseconds );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* timing.h */
diff --git a/package/utils/px5g-standalone/src/polarssl/x509.h b/package/utils/px5g-standalone/src/polarssl/x509.h
deleted file mode 100644
index 908a1dbf51..0000000000
--- a/package/utils/px5g-standalone/src/polarssl/x509.h
+++ /dev/null
@@ -1,549 +0,0 @@
-/**
- * \file x509.h
- *
- *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
- *
- *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
- *
- *  All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions
- *  are met:
- *  
- *    * Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    * Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
- *      may be used to endorse or promote products derived from this software
- *      without specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef POLARSSL_X509_H
-#define POLARSSL_X509_H
-
-#include "polarssl/rsa.h"
-
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA                      -0x0014
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG                   -0x0016
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH                   -0x0018
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH                  -0x001A
-#define POLARSSL_ERR_ASN1_INVALID_DATA                     -0x001C
-
-#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE              -0x0020
-#define POLARSSL_ERR_X509_CERT_INVALID_PEM                 -0x0040
-#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT              -0x0060
-#define POLARSSL_ERR_X509_CERT_INVALID_VERSION             -0x0080
-#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL              -0x00A0
-#define POLARSSL_ERR_X509_CERT_INVALID_ALG                 -0x00C0
-#define POLARSSL_ERR_X509_CERT_INVALID_NAME                -0x00E0
-#define POLARSSL_ERR_X509_CERT_INVALID_DATE                -0x0100
-#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY              -0x0120
-#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE           -0x0140
-#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS          -0x0160
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION             -0x0180
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG             -0x01A0
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG              -0x01C0
-#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH                -0x01E0
-#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED               -0x0200
-#define POLARSSL_ERR_X509_KEY_INVALID_PEM                  -0x0220
-#define POLARSSL_ERR_X509_KEY_INVALID_VERSION              -0x0240
-#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT               -0x0260
-#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV               -0x0280
-#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG              -0x02A0
-#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED            -0x02C0
-#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH            -0x02E0
-#define POLARSSL_ERR_X509_POINT_ERROR                      -0x0300
-#define POLARSSL_ERR_X509_VALUE_TO_LENGTH                  -0x0320
-
-#define BADCERT_EXPIRED                 1
-#define BADCERT_REVOKED                 2
-#define BADCERT_CN_MISMATCH             4
-#define BADCERT_NOT_TRUSTED             8
-
-/*
- * DER constants
- */
-#define ASN1_BOOLEAN                 0x01
-#define ASN1_INTEGER                 0x02
-#define ASN1_BIT_STRING              0x03
-#define ASN1_OCTET_STRING            0x04
-#define ASN1_NULL                    0x05
-#define ASN1_OID                     0x06
-#define ASN1_UTF8_STRING             0x0C
-#define ASN1_SEQUENCE                0x10
-#define ASN1_SET                     0x11
-#define ASN1_PRINTABLE_STRING        0x13
-#define ASN1_T61_STRING              0x14
-#define ASN1_IA5_STRING              0x16
-#define ASN1_UTC_TIME                0x17
-#define ASN1_UNIVERSAL_STRING        0x1C
-#define ASN1_BMP_STRING              0x1E
-#define ASN1_PRIMITIVE               0x00
-#define ASN1_CONSTRUCTED             0x20
-#define ASN1_CONTEXT_SPECIFIC        0x80
-
-/*
- * various object identifiers
- */
-#define X520_COMMON_NAME                3
-#define X520_COUNTRY                    6
-#define X520_LOCALITY                   7
-#define X520_STATE                      8
-#define X520_ORGANIZATION              10
-#define X520_ORG_UNIT                  11
-#define PKCS9_EMAIL                     1
-
-#define X509_OUTPUT_DER              0x01
-#define X509_OUTPUT_PEM              0x02
-#define PEM_LINE_LENGTH                72
-#define X509_ISSUER                  0x01
-#define X509_SUBJECT                 0x02
-
-#define OID_X520                "\x55\x04"
-#define OID_CN                  "\x55\x04\x03"
-#define OID_PKCS1               "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
-#define OID_PKCS1_RSA           "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
-#define OID_PKCS1_RSA_SHA       "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05"
-#define OID_PKCS9               "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
-#define OID_PKCS9_EMAIL         "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
-
-/*
- * Structures for parsing X.509 certificates
- */
-typedef struct _x509_buf
-{
-    int tag;
-    int len;
-    unsigned char *p;
-}
-x509_buf;
-
-typedef struct _x509_name
-{
-    x509_buf oid;
-    x509_buf val;
-    struct _x509_name *next;
-}
-x509_name;
-
-typedef struct _x509_time
-{
-    int year, mon, day;
-    int hour, min, sec;
-}
-x509_time;
-
-typedef struct _x509_cert
-{
-    x509_buf raw;
-    x509_buf tbs;
-
-    int version;
-    x509_buf serial;
-    x509_buf sig_oid1;
-
-    x509_buf issuer_raw;
-    x509_buf subject_raw;
-
-    x509_name issuer;
-    x509_name subject;
-
-    x509_time valid_from;
-    x509_time valid_to;
-
-    x509_buf pk_oid;
-    rsa_context rsa;
-
-    x509_buf issuer_id;
-    x509_buf subject_id;
-    x509_buf v3_ext;
-
-    int ca_istrue;
-    int max_pathlen;
-
-    x509_buf sig_oid2;
-    x509_buf sig;
-
-    struct _x509_cert *next; 
-}
-x509_cert;
-
-/*
- * Structures for writing X.509 certificates
- */
-typedef struct _x509_node
-{
-    unsigned char *data;
-    unsigned char *p;
-    unsigned char *end;
-
-    size_t len;
-}
-x509_node;
-
-typedef struct _x509_raw
-{
-    x509_node raw;
-    x509_node tbs;
-
-    x509_node version;
-    x509_node serial;
-    x509_node tbs_signalg;
-    x509_node issuer;
-    x509_node validity;
-    x509_node subject;
-    x509_node subpubkey;
-
-    x509_node signalg;
-    x509_node sign;
-}
-x509_raw;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Parse one or more certificates and add them
- *                 to the chained list
- *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the certificate data
- * \param buflen   size of the buffer
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509parse_crt( x509_cert *crt, unsigned char *buf, int buflen );
-
-/**
- * \brief          Load one or more certificates and add them
- *                 to the chained list
- *
- * \param chain    points to the start of the chain
- * \param path     filename to read the certificates from
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509parse_crtfile( x509_cert *crt, char *path );
-
-/**
- * \brief          Parse a private RSA key
- *
- * \param rsa      RSA context to be initialized
- * \param buf      input buffer
- * \param buflen   size of the buffer
- * \param pwd      password for decryption (optional)
- * \param pwdlen   size of the password
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509parse_key( rsa_context *rsa,
-                   unsigned char *buf, int buflen,
-                   unsigned char *pwd, int pwdlen );
-
-/**
- * \brief          Load and parse a private RSA key
- *
- * \param rsa      RSA context to be initialized
- * \param path     filename to read the private key from
- * \param pwd      password to decrypt the file (can be NULL)
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509parse_keyfile( rsa_context *rsa, char *path, char *password );
-
-/**
- * \brief          Store the certificate DN in printable form into buf;
- *                 no more than (end - buf) characters will be written.
- */
-int x509parse_dn_gets( char *buf, char *end, x509_name *dn );
-
-/**
- * \brief          Returns an informational string about the
- *                 certificate.
- */
-char *x509parse_cert_info( char *prefix, x509_cert *crt );
-
-/**
- * \brief          Return 0 if the certificate is still valid,
- *                 or BADCERT_EXPIRED
- */
-int x509parse_expired( x509_cert *crt );
-
-/**
- * \brief          Verify the certificate signature
- *
- * \param crt      a certificate to be verified
- * \param trust_ca the trusted CA chain
- * \param cn       expected Common Name (can be set to
- *                 NULL if the CN must not be verified)
- * \param flags    result of the verification
- *
- * \return         0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
- *                 in which case *flags will have one or more of
- *                 the following values set:
- *                      BADCERT_EXPIRED --
- *                      BADCERT_REVOKED --
- *                      BADCERT_CN_MISMATCH --
- *                      BADCERT_NOT_TRUSTED
- *
- * \note           TODO: add two arguments, depth and crl
- */
-int x509parse_verify( x509_cert *crt,
-                      x509_cert *trust_ca,
-                      char *cn, int *flags );
-
-/**
- * \brief          Unallocate all certificate data
- */
-void x509_free( x509_cert *crt );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int x509_self_test( int verbose );
-
-/**
- * \brief          Write a certificate info file
- *
- * \param chain    points to the raw certificate data
- * \param path     filename to write the certificate to
- * \param format   X509_OUTPUT_DER or X509_OUTPUT_PEM
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_crtfile( x509_raw *chain,
-                       unsigned char *path,
-                       int format );
-
-/**
- * \brief          Write a certificate signing request message format file
- *
- * \param chain    points to the raw certificate (with x509write_create_csr) data
- * \param path     filename to write the certificate to
- * \param format   X509_OUTPUT_DER or X509_OUTPUT_PEM
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_csrfile( x509_raw *chain,
-                       unsigned char *path,
-                       int format );
-
-/*
- * \brief          Write a private RSA key into a file
- *
- * \param rsa      points to an RSA key
- * \param path     filename to write the key to
- * \param format   X509_OUTPUT_DER or X509_OUTPUT_PEM
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_keyfile( rsa_context *rsa,
-                       char *path,
-                       int format );
-
-/**
- * \brief          Add a public key to certificate
- *
- * \param chain    points to the raw certificate data
- * \param pubkey   points to an RSA key
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_add_pubkey( x509_raw *chain, rsa_context *pubkey );
-
-/**
- * \brief          Create x509 subject/issuer field to raw certificate
- *                 from string or CA cert. Make string NULL if you will
- *                 use the CA copy function or make CA NULL then used
- *                 the string parse.
- *
- * \param chain    points to the raw certificate data
- * \param names    a string that can hold (separete with ";"):
- *                     CN=CommonName
- *                 --   O=Organization
- *                 --  OU=OrgUnit
- *                 --  ST=State
- *                 --   L=Locality
- *                 --   R=Email
- *                 --   C=Country
- *                 . Make that NULL if you didn't need that.
- * \param flag     flag is X509_ISSUER or X509_SUBJECT that defined
- *                 where change
- * \param ca       the certificate for copy data. Make that NULL if you
- *                 didn't need that.
- * \param ca_flag  set the ca field from copy to crt
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_add_customize ( x509_raw *crt, 
-                          unsigned char *names, 
-                          int flag, 
-                          x509_cert *ca, 
-                          int ca_flag );
-
-/**
-* \brief          Add x509 issuer field
-*
-* \param chain    points to the raw certificate data
-* \param issuer   a string holding (separete with ";"):
-*                     CN=CommonName
-*                 --   O=Organization
-*                 --  OU=OrgUnit
-*                 --  ST=State
-*                 --   L=Locality
-*                 --   R=Email
-*                 --   C=Country
-*                 . Set this to NULL if not needed.
-* \return         0 if successful, or a specific X509 error code
-*/
-int x509write_add_issuer( x509_raw *crt, unsigned char *issuer);
-
-/**
- * \brief          Add x509 subject field
- *
- * \param chain    points to the raw certificate data
- * \param subject  a string holding (separete with ";"):
- *                     CN=CommonName
- *                 --   O=Organization
- *                 --  OU=OrgUnit
- *                 --  ST=State
- *                 --   L=Locality
- *                 --   R=Email
- *                 --   C=Country
- *                 . Set this to NULL if not needed.
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_add_subject( x509_raw *crt, unsigned char *subject);
-
-/**
-* \brief          Copy x509 issuer field from another certificate
-*
-* \param chain    points to the raw certificate data
-* \param from_crt the certificate whose issuer is to be copied.
-* \return         0 if successful, or a specific X509 error code
-*/
-int x509write_copy_issuer(x509_raw *crt, x509_cert *from_crt);
-
-/**
-* \brief          Copy x509 subject field from another certificate
-*
-* \param chain    points to the raw certificate data
-* \param from_crt the certificate whose subject is to be copied.
-* \return         0 if successful, or a specific X509 error code
-*/
-int x509write_copy_subject(x509_raw *crt, x509_cert *from_crt);
-
-/**
-* \brief          Copy x509 issuer field from the subject of another certificate
-*
-* \param chain    points to the raw certificate data
-* \param from_crt the certificate whose subject is to be copied.
-* \return         0 if successful, or a specific X509 error code
-*/
-int x509write_copy_issuer_from_subject(x509_raw *crt, x509_cert *from_crt);
-
-/**
-* \brief          Copy x509 subject field from the issuer of another certificate
-*
-* \param chain    points to the raw certificate data
-* \param from_crt the certificate whose issuer is to be copied.
-* \return         0 if successful, or a specific X509 error code
-*/
-int x509write_copy_subject_from_issuer(x509_raw *crt, x509_cert *from_crt);
-
-/**
- * \brief          Create x509 validity time in UTC
- *
- * \param chain    points to the raw certificate data
- * \param before   valid not before in format YYYY-MM-DD hh:mm:ss
- * \param after    valid not after  in format YYYY-MM-DD hh:mm:ss
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_add_validity( x509_raw *crt,
-                               unsigned char *before,
-                               unsigned char *after );
-
-/**
- * \brief          Create a self-signed certificate
- *
- * \param chain    points to the raw certificate data
- * \param rsa      a private key to sign the certificate
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_create_selfsign( x509_raw *crt, rsa_context *raw );
-
-/**
- * \brief          Create a certificate
- *
- * \param chain    points to the raw certificate data
- * \param rsa      a private key to sign the certificate
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_create_sign( x509_raw *crt, rsa_context *raw );
-
-/**
- * \brief          Create a certificate signing request
- *
- * \param chain    points to the raw certificate data. Didn't use the
- *                 same chain that u have use for certificate.
- * \param privkey  a rsa private key
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int x509write_create_csr( x509_raw *chain, rsa_context *privkey );
-
-/**
- * \brief           Serialize an rsa key into DER
- *
- * \param rsa       a rsa key for output
- * \param node      a x509 node for write into
- *
- * \return          0 if successful, or a specific X509 error code
- */
-int x509write_serialize_key( rsa_context *rsa, x509_node *node );
-
-/**
- * \brief          Unallocate all raw certificate data
- */
-void x509write_free_raw( x509_raw *crt );
-
-/**
- * \brief          Allocate all raw certificate data
- */
-void x509write_init_raw( x509_raw *crt );
-
-/**
- * \brief          Unallocate all node certificate data
- */
-void x509write_free_node( x509_node *crt_node );
-
-/**
- * \brief          Allocate all node certificate data
- */
-void x509write_init_node( x509_node *crt_node );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* x509.h */
diff --git a/package/utils/px5g-standalone/src/px5g.c b/package/utils/px5g-standalone/src/px5g.c
deleted file mode 100644
index 34ab34f32d..0000000000
--- a/package/utils/px5g-standalone/src/px5g.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * px5g - Embedded x509 key and certificate generator based on PolarSSL
- *
- *   Copyright (C) 2009 Steven Barth <steven@midlink.org>
- *
- *  This library is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU Lesser General Public
- *  License, version 2.1 as published by the Free Software Foundation.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- *  Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public
- *  License along with this library; if not, write to the Free Software
- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- *  MA  02110-1301  USA
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <limits.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include "polarssl/bignum.h"
-#include "polarssl/x509.h"
-#include "polarssl/rsa.h"
-
-#define PX5G_VERSION "0.1"
-#define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>"
-#define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1"
-
-static int urandom_fd;
-
-static int _urandom(void *ctx)
-{
-	int ret;
-	read(urandom_fd, &ret, sizeof(ret));
-	return ret;
-}
-
-
-int rsakey(char **arg) {
-	rsa_context rsa;
-
-	unsigned int ksize = 512;
-	int exp = 65537;
-	char *path = NULL;
-	int flag = X509_OUTPUT_PEM;
-
-	while (*arg && **arg == '-') {
-		if (!strcmp(*arg, "-out") && arg[1]) {
-			path = arg[1];
-			arg++;
-		} else if (!strcmp(*arg, "-3")) {
-			exp = 3;
-		} else if (!strcmp(*arg, "-der")) {
-			flag = X509_OUTPUT_DER;
-		}
-		arg++;
-	}
-
-	if (*arg) {
-		ksize = (unsigned int)atoi(*arg);
-	}
-
-	rsa_init(&rsa, RSA_PKCS_V15, 0, _urandom, NULL);
-
-	fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
-	if (rsa_gen_key(&rsa, ksize, exp)) {
-		fprintf(stderr, "error: key generation failed\n");
-		return 1;
-	}
-
-	if (x509write_keyfile(&rsa, path, flag)) {
-		fprintf(stderr, "error: I/O error\n");
-		return 1;
-	}
-
-	rsa_free(&rsa);
-	return 0;
-}
-
-int selfsigned(char **arg) {
-	rsa_context rsa;
-	x509_node node;
-
-	char *subject = "";
-	unsigned int ksize = 512;
-	int exp = 65537;
-	unsigned int days = 30;
-	char *keypath = NULL, *certpath = NULL;
-	int flag = X509_OUTPUT_PEM;
-	time_t from = time(NULL), to;
-	char fstr[20], tstr[20];
-
-	while (*arg && **arg == '-') {
-		if (!strcmp(*arg, "-der")) {
-			flag = X509_OUTPUT_DER;
-		} else if (!strcmp(*arg, "-newkey") && arg[1]) {
-			if (strncmp(arg[1], "rsa:", 4)) {
-				fprintf(stderr, "error: invalid algorithm");
-				return 1;
-			}
-			ksize = (unsigned int)atoi(arg[1] + 4);
-			arg++;
-		} else if (!strcmp(*arg, "-days") && arg[1]) {
-			days = (unsigned int)atoi(arg[1]);
-			arg++;
-		} else if (!strcmp(*arg, "-keyout") && arg[1]) {
-			keypath = arg[1];
-			arg++;
-		} else if (!strcmp(*arg, "-out") && arg[1]) {
-			certpath = arg[1];
-			arg++;
-		} else if (!strcmp(*arg, "-subj") && arg[1]) {
-			if (arg[1][0] != '/' || strchr(arg[1], ';')) {
-				fprintf(stderr, "error: invalid subject");
-				return 1;
-			}
-			subject = calloc(strlen(arg[1]) + 1, 1);
-			char *oldc = arg[1] + 1, *newc = subject, *delim;
-			do {
-				delim = strchr(oldc, '=');
-				if (!delim) {
-					fprintf(stderr, "error: invalid subject");
-					return 1;
-				}
-				memcpy(newc, oldc, delim - oldc + 1);
-				newc += delim - oldc + 1;
-				oldc = delim + 1;
-
-				delim = strchr(oldc, '/');
-				if (!delim) {
-					delim = arg[1] + strlen(arg[1]);
-				}
-				memcpy(newc, oldc, delim - oldc);
-				newc += delim - oldc;
-				*newc++ = ';';
-				oldc = delim + 1;
-			} while(*delim);
-			arg++;
-		}
-		arg++;
-	}
-
-	rsa_init(&rsa, RSA_PKCS_V15, 0, _urandom, NULL);
-	x509write_init_node(&node);
-	fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
-	if (rsa_gen_key(&rsa, ksize, exp)) {
-		fprintf(stderr, "error: key generation failed\n");
-		return 1;
-	}
-
-	if (keypath) {
-		if (x509write_keyfile(&rsa, keypath, flag)) {
-			fprintf(stderr, "error: I/O error\n");
-			return 1;
-		}
-	}
-
-	from = (from < 1000000000) ? 1000000000 : from;
-	strftime(fstr, sizeof(fstr), "%F %H:%M:%S", gmtime(&from));
-	to = from + 60 * 60 * 24 * days;
-	if (to < from)
-		to = INT_MAX;
-	strftime(tstr, sizeof(tstr), "%F %H:%M:%S", gmtime(&to));
-
-	x509_raw cert;
-	x509write_init_raw(&cert);
-	x509write_add_pubkey(&cert, &rsa);
-	x509write_add_subject(&cert, (unsigned char*)subject);
-	x509write_add_validity(&cert, (unsigned char*)fstr, (unsigned char*)tstr);
-	fprintf(stderr, "Generating selfsigned certificate with subject '%s'"
-			" and validity %s-%s\n", subject, fstr, tstr);
-	if (x509write_create_selfsign(&cert, &rsa)) {
-		fprintf(stderr, "error: certificate generation failed\n");
-	}
-
-	if (x509write_crtfile(&cert, (unsigned char*)certpath, flag)) {
-		fprintf(stderr, "error: I/O error\n");
-		return 1;
-	}
-
-	x509write_free_raw(&cert);
-	rsa_free(&rsa);
-	return 0;
-}
-
-int main(int argc, char *argv[]) {
-	urandom_fd = open("/dev/urandom", O_RDONLY);
-	if (urandom_fd < 0) {
-		perror("open(/dev/urandom)");
-		return 1;
-	}
-
-	if (!argv[1]) {
-		//Usage
-	} else if (!strcmp(argv[1], "rsakey")) {
-		return rsakey(argv+2);
-	} else if (!strcmp(argv[1], "selfsigned")) {
-		return selfsigned(argv+2);
-	}
-
-	fprintf(stderr,
-		"PX5G X.509 Certificate Generator Utility v" PX5G_VERSION "\n" PX5G_COPY
-		"\nbased on PolarSSL by Christophe Devine and Paul Bakker\n\n");
-	fprintf(stderr, "Usage: %s [rsakey|selfsigned]\n", *argv);
-	return 1;
-}
diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile
index d33938173c..6fd73e3a48 100644
--- a/package/utils/px5g/Makefile
+++ b/package/utils/px5g/Makefile
@@ -10,10 +10,12 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=px5g
 PKG_RELEASE:=4
 PKG_LICENSE:=LGPL-2.1
-PKG_BUILD_DIR:=$(BUILD_DIR)/px5g
+PKG_BUILD_DIR:=$(BUILD_DIR)/px5g-$(BUILD_VARIANT)
 
 PKG_USE_MIPS16:=0
 
+PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/px5g-mbedtls
@@ -21,9 +23,9 @@ define Package/px5g-mbedtls
   CATEGORY:=Utilities
   SUBMENU:=Encryption
   TITLE:=X.509 certificate generator (using mbedtls)
-  MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
   DEPENDS:=+libmbedtls
   PROVIDES:=px5g
+  VARIANT:=mbedtls
 endef
 
 define Package/px5g-mbedtls/description
@@ -32,12 +34,27 @@ define Package/px5g-mbedtls/description
  and PEM format for use with stunnel, uhttpd and others.
 endef
 
+define Package/px5g-standalone
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=Encryption
+  TITLE:=X.509 certificate generator (standalone)
+  VARIANT:=standalone
+endef
+Package/px5g-standalone/description = $(Package/px5g-mbedtls/description)
+
 define Build/Prepare
 	mkdir -p $(PKG_BUILD_DIR)
 endef
 
 TARGET_LDFLAGS := -lmbedtls -lmbedx509 -lmbedcrypto
 
+ifeq ($(BUILD_VARIANT),standalone)
+  TARGET_LDFLAGS := -Wl,-Bstatic $(TARGET_LDFLAGS) -Wl,-Bdynamic
+endif
+
+TARGET_CFLAGS += -Wl,--gc-sections
+
 define Build/Compile
 	$(TARGET_CC) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c $(TARGET_LDFLAGS)
 endef
@@ -47,4 +64,7 @@ define Package/px5g-mbedtls/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g
 endef
 
+Package/px5g-standalone/install = $(Package/px5g-mbedtls/install)
+
 $(eval $(call BuildPackage,px5g-mbedtls))
+$(eval $(call BuildPackage,px5g-standalone))
diff --git a/package/utils/ugps/Makefile b/package/utils/ugps/Makefile
index 07769e1516..9dc33ca9eb 100644
--- a/package/utils/ugps/Makefile
+++ b/package/utils/ugps/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ugps
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL=$(LEDE_GIT)/project/ugps.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/utils/ugps/files/gps.config b/package/utils/ugps/files/gps.config
index eb00d79c60..d4bd69afff 100644
--- a/package/utils/ugps/files/gps.config
+++ b/package/utils/ugps/files/gps.config
@@ -1,3 +1,3 @@
 config gps
 	option	'tty'	'ttyACM0'
-	option	'adjust_time '	'1'
+	option	'adjust_time'	'1'
-- 
2.25.1