diff --git a/patches/openwrt/0026-Revert-kernel-disable-multicast-to-unicast-translation-for-ipv6-neighbor-solicitation-17625.patch b/patches/openwrt/0026-Revert-kernel-disable-multicast-to-unicast-translation-for-ipv6-neighbor-solicitation-17625.patch
new file mode 100644
index 00000000..58c60a60
--- /dev/null
+++ b/patches/openwrt/0026-Revert-kernel-disable-multicast-to-unicast-translation-for-ipv6-neighbor-solicitation-17625.patch
@@ -0,0 +1,181 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Sat, 5 Sep 2015 02:57:34 +0200
+Subject: Revert "kernel: disable multicast-to-unicast translation for ipv6 neighbor solicitation (#17625)"
+
+This reverts commit a080e8e1943156168913d0353a2e99d1151102aa.
+
+It did not fix the problem but just hid some symptom. The real issue was
+that IGMP/MLD report suppression was not considered for the
+multicast-to-unicast feature. A recent netifd which isolates IGMP/MLD
+reports between STAs by utilizing AP-isolation and bridge-hairpinning
+should have fixed this.
+
+It is perfectly fine to apply multicast-to-unicast to IPv6 Neighbor
+Solicitations, too (once that feature is configured correctly).
+
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
+git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46720 3c298f89-4303-0410-b956-a3cf2f4a3e73
+
+diff --git a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
+index 00ad14f..8c436e0 100644
+--- a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
++++ b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
+@@ -87,19 +87,16 @@
+  {
+  	struct br_ip br_group;
+  
+-@@ -736,7 +758,10 @@ static int br_ip6_multicast_add_group(st
++@@ -736,7 +758,7 @@ static int br_ip6_multicast_add_group(st
+  	br_group.proto = htons(ETH_P_IPV6);
+  	br_group.vid = vid;
+  
+ -	return br_multicast_add_group(br, port, &br_group);
+-+	if (ipv6_addr_is_solict_mult(group))
+-+		src = NULL;
+-+
+ +	return br_multicast_add_group(br, port, &br_group, src);
+  }
+  #endif
+  
+-@@ -965,6 +990,7 @@ static int br_ip4_multicast_igmp3_report
++@@ -965,6 +987,7 @@ static int br_ip4_multicast_igmp3_report
+  					 struct sk_buff *skb,
+  					 u16 vid)
+  {
+@@ -107,7 +104,7 @@
+  	struct igmpv3_report *ih;
+  	struct igmpv3_grec *grec;
+  	int i;
+-@@ -1008,7 +1034,7 @@ static int br_ip4_multicast_igmp3_report
++@@ -1008,7 +1031,7 @@ static int br_ip4_multicast_igmp3_report
+  			continue;
+  		}
+  
+@@ -116,7 +113,7 @@
+  		if (err)
+  			break;
+  	}
+-@@ -1022,6 +1048,7 @@ static int br_ip6_multicast_mld2_report(
++@@ -1022,6 +1045,7 @@ static int br_ip6_multicast_mld2_report(
+  					struct sk_buff *skb,
+  					u16 vid)
+  {
+@@ -124,7 +121,7 @@
+  	struct icmp6hdr *icmp6h;
+  	struct mld2_grec *grec;
+  	int i;
+-@@ -1070,7 +1097,7 @@ static int br_ip6_multicast_mld2_report(
++@@ -1070,7 +1094,7 @@ static int br_ip6_multicast_mld2_report(
+  		}
+  
+  		err = br_ip6_multicast_add_group(br, port, &grec->grec_mca,
+@@ -133,7 +130,7 @@
+  		if (err)
+  			break;
+  	}
+-@@ -1406,7 +1433,8 @@ br_multicast_leave_group(struct net_brid
++@@ -1406,7 +1430,8 @@ br_multicast_leave_group(struct net_brid
+  			 struct net_bridge_port *port,
+  			 struct br_ip *group,
+  			 struct bridge_mcast_other_query *other_query,
+@@ -143,7 +140,7 @@
+  {
+  	struct net_bridge_mdb_htable *mdb;
+  	struct net_bridge_mdb_entry *mp;
+-@@ -1456,7 +1484,7 @@ br_multicast_leave_group(struct net_brid
++@@ -1456,7 +1481,7 @@ br_multicast_leave_group(struct net_brid
+  		for (pp = &mp->ports;
+  		     (p = mlock_dereference(*pp, br)) != NULL;
+  		     pp = &p->next) {
+@@ -152,7 +149,7 @@
+  				continue;
+  
+  			rcu_assign_pointer(*pp, p->next);
+-@@ -1490,7 +1518,7 @@ br_multicast_leave_group(struct net_brid
++@@ -1490,7 +1515,7 @@ br_multicast_leave_group(struct net_brid
+  	for (p = mlock_dereference(mp->ports, br);
+  	     p != NULL;
+  	     p = mlock_dereference(p->next, br)) {
+@@ -161,7 +158,7 @@
+  			continue;
+  
+  		if (!hlist_unhashed(&p->mglist) &&
+-@@ -1508,8 +1536,8 @@ out:
++@@ -1508,8 +1533,8 @@ out:
+  
+  static void br_ip4_multicast_leave_group(struct net_bridge *br,
+  					 struct net_bridge_port *port,
+@@ -172,7 +169,7 @@
+  {
+  	struct br_ip br_group;
+  	struct bridge_mcast_own_query *own_query;
+-@@ -1524,14 +1552,14 @@ static void br_ip4_multicast_leave_group
++@@ -1524,14 +1549,14 @@ static void br_ip4_multicast_leave_group
+  	br_group.vid = vid;
+  
+  	br_multicast_leave_group(br, port, &br_group, &br->ip4_other_query,
+@@ -189,7 +186,7 @@
+  {
+  	struct br_ip br_group;
+  	struct bridge_mcast_own_query *own_query;
+-@@ -1546,7 +1574,7 @@ static void br_ip6_multicast_leave_group
++@@ -1546,7 +1571,7 @@ static void br_ip6_multicast_leave_group
+  	br_group.vid = vid;
+  
+  	br_multicast_leave_group(br, port, &br_group, &br->ip6_other_query,
+@@ -198,7 +195,7 @@
+  }
+  #endif
+  
+-@@ -1555,6 +1583,7 @@ static int br_multicast_ipv4_rcv(struct
++@@ -1555,6 +1580,7 @@ static int br_multicast_ipv4_rcv(struct
+  				 struct sk_buff *skb,
+  				 u16 vid)
+  {
+@@ -206,7 +203,7 @@
+  	struct sk_buff *skb2 = skb;
+  	const struct iphdr *iph;
+  	struct igmphdr *ih;
+-@@ -1628,7 +1657,7 @@ static int br_multicast_ipv4_rcv(struct
++@@ -1628,7 +1654,7 @@ static int br_multicast_ipv4_rcv(struct
+  	case IGMP_HOST_MEMBERSHIP_REPORT:
+  	case IGMPV2_HOST_MEMBERSHIP_REPORT:
+  		BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
+@@ -215,7 +212,7 @@
+  		break;
+  	case IGMPV3_HOST_MEMBERSHIP_REPORT:
+  		err = br_ip4_multicast_igmp3_report(br, port, skb2, vid);
+-@@ -1637,7 +1666,7 @@ static int br_multicast_ipv4_rcv(struct
++@@ -1637,7 +1663,7 @@ static int br_multicast_ipv4_rcv(struct
+  		err = br_ip4_multicast_query(br, port, skb2, vid);
+  		break;
+  	case IGMP_HOST_LEAVE_MESSAGE:
+@@ -224,7 +221,7 @@
+  		break;
+  	}
+  
+-@@ -1655,6 +1684,7 @@ static int br_multicast_ipv6_rcv(struct
++@@ -1655,6 +1681,7 @@ static int br_multicast_ipv6_rcv(struct
+  				 struct sk_buff *skb,
+  				 u16 vid)
+  {
+@@ -232,7 +229,7 @@
+  	struct sk_buff *skb2;
+  	const struct ipv6hdr *ip6h;
+  	u8 icmp6_type;
+-@@ -1764,7 +1794,8 @@ static int br_multicast_ipv6_rcv(struct
++@@ -1764,7 +1791,8 @@ static int br_multicast_ipv6_rcv(struct
+  		}
+  		mld = (struct mld_msg *)skb_transport_header(skb2);
+  		BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
+@@ -242,7 +239,7 @@
+  		break;
+  	    }
+  	case ICMPV6_MLD2_REPORT:
+-@@ -1781,7 +1812,7 @@ static int br_multicast_ipv6_rcv(struct
++@@ -1781,7 +1809,7 @@ static int br_multicast_ipv6_rcv(struct
+  			goto out;
+  		}
+  		mld = (struct mld_msg *)skb_transport_header(skb2);
diff --git a/patches/openwrt/0027-kernel-bridge-multicast-to-unicast-assign-src-after-pskb_may_pull.patch b/patches/openwrt/0027-kernel-bridge-multicast-to-unicast-assign-src-after-pskb_may_pull.patch
new file mode 100644
index 00000000..dfe5e4e6
--- /dev/null
+++ b/patches/openwrt/0027-kernel-bridge-multicast-to-unicast-assign-src-after-pskb_may_pull.patch
@@ -0,0 +1,173 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Sat, 5 Sep 2015 03:11:34 +0200
+Subject: kernel: bridge, multicast-to-unicast: assign src after pskb_may_pull()
+
+A call to pskb_may_pull() might reallocate skb->data. Therefore we
+should only assign the src-pointer after any potential reallocations.
+
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
+git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46721 3c298f89-4303-0410-b956-a3cf2f4a3e73
+
+diff --git a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
+index 8c436e0..6707b03 100644
+--- a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
++++ b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
+@@ -100,37 +100,40 @@
+  					 struct sk_buff *skb,
+  					 u16 vid)
+  {
+-+	const unsigned char *src = eth_hdr(skb)->h_source;
+++	const unsigned char *src;
+  	struct igmpv3_report *ih;
+  	struct igmpv3_grec *grec;
+  	int i;
+-@@ -1008,7 +1031,7 @@ static int br_ip4_multicast_igmp3_report
++@@ -1008,7 +1031,8 @@ static int br_ip4_multicast_igmp3_report
+  			continue;
+  		}
+  
+ -		err = br_ip4_multicast_add_group(br, port, group, vid);
+++		src = eth_hdr(skb)->h_source;
+ +		err = br_ip4_multicast_add_group(br, port, group, vid, src);
+  		if (err)
+  			break;
+  	}
+-@@ -1022,6 +1045,7 @@ static int br_ip6_multicast_mld2_report(
++@@ -1022,6 +1046,7 @@ static int br_ip6_multicast_mld2_report(
+  					struct sk_buff *skb,
+  					u16 vid)
+  {
+-+	const unsigned char *src = eth_hdr(skb)->h_source;
+++	const unsigned char *src;
+  	struct icmp6hdr *icmp6h;
+  	struct mld2_grec *grec;
+  	int i;
+-@@ -1070,7 +1094,7 @@ static int br_ip6_multicast_mld2_report(
++@@ -1069,8 +1094,9 @@ static int br_ip6_multicast_mld2_report(
++ 			continue;
+  		}
+  
+++		src = eth_hdr(skb)->h_source;
+  		err = br_ip6_multicast_add_group(br, port, &grec->grec_mca,
+ -						 vid);
+ +						 vid, src);
+  		if (err)
+  			break;
+  	}
+-@@ -1406,7 +1430,8 @@ br_multicast_leave_group(struct net_brid
++@@ -1406,7 +1432,8 @@ br_multicast_leave_group(struct net_brid
+  			 struct net_bridge_port *port,
+  			 struct br_ip *group,
+  			 struct bridge_mcast_other_query *other_query,
+@@ -140,7 +143,7 @@
+  {
+  	struct net_bridge_mdb_htable *mdb;
+  	struct net_bridge_mdb_entry *mp;
+-@@ -1456,7 +1481,7 @@ br_multicast_leave_group(struct net_brid
++@@ -1456,7 +1483,7 @@ br_multicast_leave_group(struct net_brid
+  		for (pp = &mp->ports;
+  		     (p = mlock_dereference(*pp, br)) != NULL;
+  		     pp = &p->next) {
+@@ -149,7 +152,7 @@
+  				continue;
+  
+  			rcu_assign_pointer(*pp, p->next);
+-@@ -1490,7 +1515,7 @@ br_multicast_leave_group(struct net_brid
++@@ -1490,7 +1517,7 @@ br_multicast_leave_group(struct net_brid
+  	for (p = mlock_dereference(mp->ports, br);
+  	     p != NULL;
+  	     p = mlock_dereference(p->next, br)) {
+@@ -158,7 +161,7 @@
+  			continue;
+  
+  		if (!hlist_unhashed(&p->mglist) &&
+-@@ -1508,8 +1533,8 @@ out:
++@@ -1508,8 +1535,8 @@ out:
+  
+  static void br_ip4_multicast_leave_group(struct net_bridge *br,
+  					 struct net_bridge_port *port,
+@@ -169,7 +172,7 @@
+  {
+  	struct br_ip br_group;
+  	struct bridge_mcast_own_query *own_query;
+-@@ -1524,14 +1549,14 @@ static void br_ip4_multicast_leave_group
++@@ -1524,14 +1551,14 @@ static void br_ip4_multicast_leave_group
+  	br_group.vid = vid;
+  
+  	br_multicast_leave_group(br, port, &br_group, &br->ip4_other_query,
+@@ -186,7 +189,7 @@
+  {
+  	struct br_ip br_group;
+  	struct bridge_mcast_own_query *own_query;
+-@@ -1546,7 +1571,7 @@ static void br_ip6_multicast_leave_group
++@@ -1546,7 +1573,7 @@ static void br_ip6_multicast_leave_group
+  	br_group.vid = vid;
+  
+  	br_multicast_leave_group(br, port, &br_group, &br->ip6_other_query,
+@@ -195,41 +198,43 @@
+  }
+  #endif
+  
+-@@ -1555,6 +1580,7 @@ static int br_multicast_ipv4_rcv(struct
++@@ -1555,6 +1582,7 @@ static int br_multicast_ipv4_rcv(struct
+  				 struct sk_buff *skb,
+  				 u16 vid)
+  {
+-+	const unsigned char *src = eth_hdr(skb)->h_source;
+++	const unsigned char *src;
+  	struct sk_buff *skb2 = skb;
+  	const struct iphdr *iph;
+  	struct igmphdr *ih;
+-@@ -1628,7 +1654,7 @@ static int br_multicast_ipv4_rcv(struct
++@@ -1628,7 +1656,8 @@ static int br_multicast_ipv4_rcv(struct
+  	case IGMP_HOST_MEMBERSHIP_REPORT:
+  	case IGMPV2_HOST_MEMBERSHIP_REPORT:
+  		BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
+ -		err = br_ip4_multicast_add_group(br, port, ih->group, vid);
+++		src = eth_hdr(skb)->h_source;
+ +		err = br_ip4_multicast_add_group(br, port, ih->group, vid, src);
+  		break;
+  	case IGMPV3_HOST_MEMBERSHIP_REPORT:
+  		err = br_ip4_multicast_igmp3_report(br, port, skb2, vid);
+-@@ -1637,7 +1663,7 @@ static int br_multicast_ipv4_rcv(struct
++@@ -1637,7 +1666,8 @@ static int br_multicast_ipv4_rcv(struct
+  		err = br_ip4_multicast_query(br, port, skb2, vid);
+  		break;
+  	case IGMP_HOST_LEAVE_MESSAGE:
+ -		br_ip4_multicast_leave_group(br, port, ih->group, vid);
+++		src = eth_hdr(skb)->h_source;
+ +		br_ip4_multicast_leave_group(br, port, ih->group, vid, src);
+  		break;
+  	}
+  
+-@@ -1655,6 +1681,7 @@ static int br_multicast_ipv6_rcv(struct
++@@ -1655,6 +1685,7 @@ static int br_multicast_ipv6_rcv(struct
+  				 struct sk_buff *skb,
+  				 u16 vid)
+  {
+-+	const unsigned char *src = eth_hdr(skb)->h_source;
+++	const unsigned char *src;
+  	struct sk_buff *skb2;
+  	const struct ipv6hdr *ip6h;
+  	u8 icmp6_type;
+-@@ -1764,7 +1791,8 @@ static int br_multicast_ipv6_rcv(struct
++@@ -1764,7 +1795,8 @@ static int br_multicast_ipv6_rcv(struct
+  		}
+  		mld = (struct mld_msg *)skb_transport_header(skb2);
+  		BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
+@@ -239,11 +244,12 @@
+  		break;
+  	    }
+  	case ICMPV6_MLD2_REPORT:
+-@@ -1781,7 +1809,7 @@ static int br_multicast_ipv6_rcv(struct
++@@ -1781,7 +1813,8 @@ static int br_multicast_ipv6_rcv(struct
+  			goto out;
+  		}
+  		mld = (struct mld_msg *)skb_transport_header(skb2);
+ -		br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid);
+++		src = eth_hdr(skb)->h_source;
+ +		br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid, src);
+  	    }
+  	}
diff --git a/patches/openwrt/0028-kernel-bridge-multicast-to-unicast-fix-echoes-on-STA.patch b/patches/openwrt/0028-kernel-bridge-multicast-to-unicast-fix-echoes-on-STA.patch
new file mode 100644
index 00000000..37edd667
--- /dev/null
+++ b/patches/openwrt/0028-kernel-bridge-multicast-to-unicast-fix-echoes-on-STA.patch
@@ -0,0 +1,70 @@
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+Date: Sat, 5 Sep 2015 03:18:28 +0200
+Subject: kernel: bridge, multicast-to-unicast: fix echoes on STA
+
+Currently, multicast packets from an STA are sent to any according
+multicast listener directly through the bridge multicast-to-unicast
+feature. Unfortunately, so far this includes the originating STA, too,
+resulting in multicast packets being echo'ed back to the originating STA
+if it itself is a multicast listener for that group.
+
+This behaviour breaks IPv6 duplicate address detection: An IPv6 Neighbor
+Solicitation for IPv6 Duplicate Address Detection is being echo'ed back,
+resulting in the host falsely detecting an address collision, which
+makes the node unable to claim an IPv6 address and use IPv6 in general.
+
+Mac80211 unfortunately only prevents the echoes for us for multicast
+frames. For the multicast frames cast to a unicast destination we'll
+need to take care of excluding the originator ourselves.
+
+Signed-off-by: Linus LÃ¼ssing <linus.luessing@c0d3.blue>
+
+git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46765 3c298f89-4303-0410-b956-a3cf2f4a3e73
+
+diff --git a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
+index 6707b03..399f5c6 100644
+--- a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
++++ b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch
+@@ -297,7 +297,7 @@
+  	rcu_assign_pointer(*pp, p);
+ --- a/net/bridge/br_forward.c
+ +++ b/net/bridge/br_forward.c
+-@@ -168,6 +168,29 @@ out:
++@@ -168,6 +168,34 @@ out:
+  	return p;
+  }
+  
+@@ -308,10 +308,15 @@
+ +			      struct sk_buff *skb))
+ +{
+ +	struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev;
+++	const unsigned char *src = eth_hdr(skb)->h_source;
+ +
+ +	if (!should_deliver(p, skb))
+ +		return prev;
+ +
+++	/* Even with hairpin, no soliloquies - prevent breaking IPv6 DAD */
+++	if (skb->dev == p->dev && ether_addr_equal(src, addr))
+++		return prev;
+++
+ +	skb = skb_copy(skb, GFP_ATOMIC);
+ +	if (!skb) {
+ +		dev->stats.tx_dropped++;
+@@ -327,7 +332,7 @@
+  /* called under bridge lock */
+  static void br_flood(struct net_bridge *br, struct sk_buff *skb,
+  		     struct sk_buff *skb0,
+-@@ -232,6 +255,7 @@ static void br_multicast_flood(struct ne
++@@ -232,6 +260,7 @@ static void br_multicast_flood(struct ne
+  	struct net_bridge_port *prev = NULL;
+  	struct net_bridge_port_group *p;
+  	struct hlist_node *rp;
+@@ -335,7 +340,7 @@
+  
+  	rp = rcu_dereference(hlist_first_rcu(&br->router_list));
+  	p = mdst ? rcu_dereference(mdst->ports) : NULL;
+-@@ -242,10 +266,19 @@ static void br_multicast_flood(struct ne
++@@ -242,10 +271,19 @@ static void br_multicast_flood(struct ne
+  		rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) :
+  			     NULL;
+