qos : Classification with tc+iptables for QoS on MTK_PANTHER

Description : For the tc classification, qos_postrouting
scheme has been chosen as the target in iptables.
This change set contains code changes for iptables
programming via qos.sh script modification for upstream
traffic classification on WAN port.

airties-edge/Makefile

@@ -1,44 +0,0 @@
-#
-# Copyright (C) 2022 iopsys Software Solutions AB
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=airties-edge
-PKG_VERSION:=1.0.0
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/3rdparty/airties-edge.git
-PKG_SOURCE_VERSION:=2824fbc580f6cfc39b6a5faa4f0e4d168169ed22
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
-
-PKG_LICENSE:=PROPRIETARY
-PKG_LICENSE_FILES:=LICENSE
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/airties-edge
-  SECTION:=libs
-  CATEGORY:=Libraries
-  TITLE:=Airties Edge library
-  DEPENDS:=+libubox +libubus +libblobmsg-json +libjson-c
-endef
-
-TARGET_CFLAGS += -DVENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
-#TARGET_CFLAGS += -DLIB_VERSION=\\\"$(PKG_VERSION)\\\"
-
-define Package/airties-edge/install
-	#$(INSTALL_DIR) $(1)/airties-edge
-	#$(INSTALL_DIR) $(1)/airties-edge/lib
-	#$(CP) $(PKG_BUILD_DIR)/lib_airties_edge/libairtiesedge.so $(1)/airties-edge/lib
-	$(INSTALL_DIR) $(1)/usr
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/bbfdm
-	$(CP) $(PKG_BUILD_DIR)/bbf_plugin/libairtiesedge_dm.so $(1)/usr/lib/bbfdm
-endef
-
-$(eval $(call BuildPackage,airties-edge))

bbf/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libbbfdm
-PKG_VERSION:=6.8.6
+PKG_VERSION:=6.8.16
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bbf.git
-PKG_SOURCE_VERSION:=1db92e1259673e6bf2a92f905aa1b54674dc12c1
+PKG_SOURCE_VERSION:=0ef6169d86333b8727ed34c63f379b08254340e3
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 
@@ -158,6 +158,10 @@ define Package/libbbfdm/default/install
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm.so $(1)/lib/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/* $(1)/usr/share/bbfdm
 	$(LN) /usr/share/bbfdm/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
+ifeq ($(CONFIG_PACKAGE_mosquitto-ssl),y)
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/etc/uci-defaults/01-mosquitto-config $(1)/etc/uci-defaults/
+endif
 endef
 
 define Package/libbbfdm/default/prerm

bbf/files/etc/bbfdm/json/UserInterface.json

@@ -42,7 +42,7 @@
 				]
 			},
 			"Port": {
-				"type": "string",
+				"type": "unsignedInt",
 				"read": true,
 				"write": true,
 				"version": "2.0",
@@ -50,6 +50,11 @@
 					"cwmp",
 					"usp"
 				],
+				"range": [
+					{
+						"max": 65535
+					}
+				],
 				"mapping": [
 					{
 						"type": "uci", 

bbf/files/etc/uci-defaults/01-mosquitto-config

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+config_mosquitto_owrt() {
+	sec=$(uci -q get mosquitto.owrt)
+	if [ -z "${sec}" ]; then
+		sec=$(uci -q add mosquitto owrt)
+		uci -q rename mosquitto."${sec}"="owrt"
+	fi
+
+	uci -q set mosquitto.owrt.use_uci="1"
+	uci -q set mosquitto.owrt.write_pid="1"
+	uci -q commit mosquitto
+}
+
+config_mosquitto_general() {
+	sec=$(uci -q get mosquitto.mosquitto)
+	if [ -z "${sec}" ]; then
+		sec=$(uci -q add mosquitto mosquitto)
+		uci -q rename mosquitto."${sec}"="mosquitto"
+	fi
+
+	uci -q set mosquitto.mosquitto.log_dest="syslog"
+	uci -q set mosquitto.mosquitto.log_facility="5"
+	uci -q set mosquitto.mosquitto.log_timestamp="1"
+	uci -q set mosquitto.mosquitto.log_types="error warning notice"
+	uci -q set mosquitto.mosquitto.per_listener_settings="1"
+	uci -q commit mosquitto
+}
+
+config_mosquitto_persistence() {
+	sec=$(uci -q get mosquitto.persistence)
+	if [ -z "${sec}" ]; then
+		sec=$(uci -q add mosquitto persistence)
+		uci -q rename mosquitto."${sec}"="persistence"
+	fi
+
+	uci -q set mosquitto.persistence.persistence="0"
+	uci -q set mosquitto.persistence.location="/var/run"
+	uci -q commit mosquitto
+}
+
+if [ -f "/etc/config/mosquitto" ]; then 
+	config_mosquitto_owrt
+	config_mosquitto_general
+	config_mosquitto_persistence
+fi

easy-soc-libs/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=easy-soc-libs
-PKG_VERSION:=6.7.7
+PKG_VERSION:=6.8.0
 PKG_RELEASE:=1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=055ffe68d293616f02a430692343b9d051d96f5b
+PKG_SOURCE_VERSION:=ddc7b272bec5e3b5c2a216a1f86cd5589a1a4a19
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/easy-soc-libs.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

icwmp/Makefile

@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.1.2
+PKG_VERSION:=9.1.4
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/icwmp.git
-PKG_SOURCE_VERSION:=b964edb3570797286584793dbadfbef323cddbeb
+PKG_SOURCE_VERSION:=fb8b5b9da6cadd53a3d12e27af0ed800b149a9f2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 
@@ -83,6 +83,7 @@ define Package/icwmp/default/install
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DIR) $(1)/etc/bbfdm/json/
+	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/firewall.cwmp $(1)/etc/firewall.cwmp
@@ -92,6 +93,7 @@ define Package/icwmp/default/install
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
 	$(INSTALL_BIN) ./files/etc/icwmpd/update.sh $(1)/etc/icwmpd/update.sh
 	$(INSTALL_DATA) ./files/etc/bbfdm/json/CWMPManagementServer.json $(1)/etc/bbfdm/json/
+	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp.user
 endef
 
 Package/icwmp-openssl/install = $(Package/icwmp/default/install)

icwmp/files/etc/init.d/icwmpd

@@ -290,8 +290,9 @@ copy_cwmp_etc_files_to_varstate() {
 
 	if [ -f /etc/icwmpd/cwmp ]; then
 		uci -q -c /etc/icwmpd delete cwmp.acs
+		uci -q -c /etc/icwmpd delete cwmp.gatewayinfo
 		uci -q -c /etc/icwmpd commit cwmp
-		cp -f /etc/icwmpd/cwmp /var/state/cwmp
+		cat /etc/icwmpd/cwmp >> /var/state/cwmp
 	fi
 
 	if [ -f /etc/icwmpd/icwmpd_backup_session.xml ]; then
@@ -421,6 +422,9 @@ boot() {
 		regenerate_ssl_link "${ssl_capath}"
 	fi
 
+	# Copy backup data so that if it restart latter on it gets the info
+	copy_cwmp_etc_files_to_varstate
+
 	start
 }
 
@@ -443,9 +447,6 @@ start_service() {
 		return 1;
 	}
 
-	# Copy backup data so that if it restart latter on it gets the info
-	copy_cwmp_etc_files_to_varstate
-
 	procd_open_instance icwmp
 	procd_set_param command "$PROG"
 	procd_append_param command -b

icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp.user

@@ -0,0 +1,133 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+CLASS=""
+OUI=""
+SERIAL=""
+
+get_vivsoi() {
+	# opt125 environment variable has data in below format
+	# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	# |	 enterprise-number1	  |
+	# |				  |
+	# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	# |   data-len1   |		  |
+	# +-+-+-+-+-+-+-+-+ option-data1  |
+	# /				  /
+	# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -----
+	# |	 enterprise-number2	  |   ^
+	# |				  |   |
+	# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |
+	# |   data-len2   |		  | optional
+	# +-+-+-+-+-+-+-+-+ option-data2  |   |
+	# /				  /   |
+	# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |
+	# ~	       ...		  ~   V
+	# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -----
+
+	#  Enterprise Id  Len  Sub Op  SLen  Data Sub Op  SLen Data	  Sub Op  SLen Data
+	# +-------------+-----+------+------+----+------+-----+----+-----+------+-----+----+
+	# |	id    |  n  |	1  |  n1  | D1 |   2  |  n2 | D2 | ... |   6  |  n6 | D6 |
+	# +-------------+-----+------+------+----+------+-----+----+-----+------+-----+----+
+
+	local opt125="$1"
+	local len="$2"
+	local ent_id
+
+	#hex-string 2 character=1 Byte
+	# length in hex string will be twice of actual Byte length
+	[ "$len" -gt "8" ] || return
+
+	data="${opt125}"
+	rem_len="${len}"
+	while [ $rem_len -gt 0 ]; do
+		ent_id=${data:0:8}
+		ent_id=$(printf "%d\n" "0x$ent_id")
+
+		if [ $ent_id -ne  3561 ]; then
+			len_val=${data:8:2}
+			data_len=$(printf "%d\n" "0x$len_val")
+			# add 4 byte for ent_id and 1 byte for len
+			data_len=$(( data_len * 2 + 10 ))
+			# move ahead data to next enterprise id
+			data=${data:"${data_len}":"${rem_len}"}
+			rem_len=$(( rem_len - $data_len ))
+			continue
+		fi
+
+		# read the length of enterprise data
+		len_val=${data:8:2}
+		opt_len=$(printf "%d\n" "0x$len_val")
+		[ $opt_len -eq 0 ] && return
+
+		# populate the option data of enterprise id
+		sub_data_len=$(( opt_len * 2))
+		# starting 10 means ahead of length field
+		sub_data=${data:10:"${sub_data_len}"}
+
+		# parsing of suboption of option 125
+		while [ $sub_data_len -gt 0 ]; do
+			# get the suboption id
+			sub_opt_id=${sub_data:0:2}
+			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
+
+			# get the length of suboption
+			sub_opt_len=${sub_data:2:2}
+			sub_opt_len=$(printf "%d\n" "0x$sub_opt_len")
+			sub_opt_len=$(( sub_opt_len * 2 ))
+
+			# get the value of sub option starting 4 means starting after length
+			sub_opt_val=${sub_data:4:${sub_opt_len}}
+
+			# assign the value found in sub option
+			case "${sub_opt_id}" in
+				"4") OUI=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				;;
+				"5") SERIAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				;;
+				"6") CLASS=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				;;
+			esac
+
+			# add 2 bytes for sub_opt id and sub_opt len field
+			sub_opt_end=$(( sub_opt_len + 4 ))
+
+			# fetch next sub option hex string
+			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
+
+			# update the remaining sub option hex string length
+			sub_data_len=$((sub_data_len - sub_opt_end))
+		done
+
+		break
+	done
+}
+
+config_load cwmp
+config_get_bool enable_cwmp cpe enable 1
+config_get wan_intf cpe default_wan_interface "wan"
+
+if [ "$enable_cwmp" = "0" ]; then
+	return 0
+fi
+
+if [ "${wan_intf}" == "${INTERFACE}" ]; then
+	if [ -n "$opt125" ]; then
+		len=$(printf "$opt125"|wc -c)
+		get_vivsoi "$opt125" "$len"
+	fi
+
+	mkdir -p /var/state
+	touch /var/state/cwmp
+	sec=$(uci -q -c /var/state get cwmp.gatewayinfo)
+	if [ -z "${sec}" ]; then
+		sec=$(uci -q -c /var/state add cwmp gatewayinfo)
+		uci -q -c /var/state rename cwmp."${sec}"="gatewayinfo"
+	fi
+
+	uci -q -c /var/state set cwmp.gatewayinfo.class="$CLASS"
+	uci -q -c /var/state set cwmp.gatewayinfo.oui="$OUI"
+	uci -q -c /var/state set cwmp.gatewayinfo.serial="$SERIAL"
+	uci -q -c /var/state commit cwmp
+fi

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=6.0.1
+PKG_VERSION:=6.0.21
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b466c02716acbc55f552e7d35dcfec95bbd7fa78
+PKG_SOURCE_VERSION:=29f58120eea9bf3c48fae98a74f0f4c9d3d902a8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ieee1905/files/etc/init.d/ieee1905

@@ -44,7 +44,8 @@ validate_ap_section() {
 	uci_validate_section ieee1905 $section "${1}" \
 			'band:or("2", "5", "60", "6")' \
 			'ssid:string' \
-			'encryption:or("psk2", "sae-mixed", "sae", string)' \
+			'encryption:or("psk2", "sae-mixed", "sae",
+				"psk", "psk-mixed", "none", string)' \
 			'key:string' \
 			'uuid:string' \
 			'manufacturer:string' \
@@ -82,8 +83,10 @@ start_service() {
 	validate_ieee1905_config || return 1;
 
 	procd_open_instance
-        procd_set_param command "/usr/sbin/ieee1905d"
+        procd_set_param command "/usr/sbin/ieee1905d" "-o"  "/tmp/ieee1905.log" "-f"
 	procd_set_param respawn
+	procd_set_param limits core="unlimited"
+#	procd_set_param env IEEE1905_LOG_CMDU=1
 #	procd_set_param stdout 1
 #	procd_set_param stderr 1
 	procd_close_instance

ieee1905/files/etc/uci-defaults/31-ifname-option-to-list

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+config_load ieee1905
+
+ifname_to_list() {
+	local section=$1
+
+	config_get ifname $section ifname	# get list or option as space separated values
+	ifname=${ifname//,/\ }			# convert csv with space separation
+	uci del ieee1905.${section}.ifname	# delete entry
+	for i in ${ifname}; do
+		uci add_list ieee1905.${section}.ifname="$i"	# writeback entry as list
+	done
+}
+
+config_foreach ifname_to_list al-iface

iop/config

@@ -76,6 +76,7 @@ CONFIG_PACKAGE_urlfilter=y
 CONFIG_PACKAGE_imonitor=m
 CONFIG_PACKAGE_questd=y
 CONFIG_PACKAGE_rulengd=y
+CONFIG_PACKAGE_usermngr=y
 
 # TR-x69 #
 CONFIG_PACKAGE_uspd-mbedtls=y
@@ -152,6 +153,7 @@ CONFIG_PACKAGE_ip-bridge=y
 CONFIG_PACKAGE_ip-full=y
 CONFIG_PACKAGE_iperf3=y
 CONFIG_PACKAGE_ipset=y
+CONFIG_PACKAGE_ip6tables-zz-legacy=y
 CONFIG_PACKAGE_iptables-zz-legacy=y
 CONFIG_PACKAGE_iptables-mod-conntrack-extra=y
 CONFIG_PACKAGE_iptables-mod-filter=y

iop/scripts/genconfig.sh

@@ -388,12 +388,15 @@ function genconfig {
 		fi
 
 		# Set target version
-		local GIT_TAG=$(git describe --abbrev=0 --tags)
-		local GIT_REV=$(git rev-parse --short HEAD)
-		local GIT_VER="$GIT_TAG"
-		git describe --contains $GIT_REV >/dev/null 2>&1 || GIT_VER="${GIT_TAG}_${GIT_REV}"
-		echo "CONFIG_TARGET_VERSION=\"${GIT_VER}\"" >> .config
-		echo "CONFIG_VERSION_CODE=\"${GIT_VER}\"" >> .config
+		local git_version
+		if ! git_version="$(git describe --always --dirty --tags --match '[0-9].*.*' --match '[0-9][0-9].*.*')"; then
+			echo "ERROR: Failed getting version via git describe, exiting." >&2
+			return 1
+		fi
+		local version="${git_version,,}${CUSTOMERS:+-${CUSTOMERS// /}}"
+		local version_lower="${version,,}"
+		echo "CONFIG_TARGET_VERSION=\"${version_lower}\"" >> .config
+		echo "CONFIG_VERSION_CODE=\"${version_lower}\"" >> .config
 		echo "CONFIG_VERSION_PRODUCT=\"$BOARDTYPE"\" >> .config
 
 		# Enable Package source tree override if selected

iop/scripts/genconfig_min.sh

@@ -379,12 +379,15 @@ function genconfig_min {
 		fi
 
 		# Set target version
-		local GIT_TAG=$(git describe --abbrev=0 --tags)
-		local GIT_REV=$(git rev-parse --short HEAD)
-		local GIT_VER="$GIT_TAG"
-		git describe --contains $GIT_REV >/dev/null 2>&1 || GIT_VER="${GIT_TAG}_${GIT_REV}"
-		echo "CONFIG_TARGET_VERSION=\"${GIT_VER}\"" >> .config
-		echo "CONFIG_VERSION_CODE=\"${GIT_VER}\"" >> .config
+		local git_version
+		if ! git_version="$(git describe --always --dirty --tags --match '[0-9].*.*' --match '[0-9][0-9].*.*')"; then
+			echo "ERROR: Failed getting version via git describe, exiting." >&2
+			return 1
+		fi
+		local version="${git_version,,}${CUSTOMERS:+-${CUSTOMERS// /}}"
+		local version_lower="${version,,}"
+		echo "CONFIG_TARGET_VERSION=\"${version_lower}\"" >> .config
+		echo "CONFIG_VERSION_CODE=\"${version_lower}\"" >> .config
 		echo "CONFIG_VERSION_PRODUCT=\"$BOARDTYPE"\" >> .config
 
 		# Enable Package source tree override if selected

libvoice-broadcom/Makefile

@@ -0,0 +1,61 @@
+#
+# Copyright (C) 2022 IOPSYS Software Solutions AB
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libvoice-broadcom
+PKG_VERSION:=0.1
+PKG_LICENSE:=PROPRIETARY
+PKG_LICENSE_FILES:=LICENSE
+
+LOCAL_SRC_DIR:=~/git/voip/$(PKG_NAME)
+LOCAL_DEV=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
+PKG_SOURCE_VERSION:=d066c9d5c14757ab38e9ecb265ba24f5b33cdbce
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+# All config variable that are passed to the make invocation, directly or
+# indirectly. This ensures that the package is rebuilt on config-changes.
+PKG_CONFIG_DEPENDS:=CONFIG_TARGET_BOARD
+
+LIBVOICE_PKG_BUILD_DIR := $(PKG_BUILD_DIR)
+
+export CONFIG_BRCM_SDK_VER_504040
+export CONFIG_BCM_CHIP_ID
+
+include $(INCLUDE_DIR)/package.mk
+
+TARGET_CFLAGS += -Wall -Werror
+
+define Package/$(PKG_NAME)
+	CATEGORY:=Utilities
+	TITLE:=IOPSYS libvoice for Broadcom
+	URL:=
+	DEPENDS:=
+endef
+
+define Package/$(PKG_NAME)/description
+	Libvoice is a library that provides a uniform set of APIs and data types with hardware abstract layer for DSP/SLIC from different vendors
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	rsync -av --exclude=.* $(LOCAL_SRC_DIR)/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/$(PKG_NAME)/install
+	# Although there is nothing needs to be installed, but the install section must NOT be empty. Otherwise the package will be skipped as below.
+	# WARNING: skipping libvoice-broadcom -- package has no install section
+	$(INSTALL_DIR) $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
+

libvoice-d2/Makefile

@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2022 IOPSYS Software Solutions AB
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libvoice-d2
+PKG_VERSION:=0.1
+PKG_LICENSE:=PROPRIETARY
+PKG_LICENSE_FILES:=LICENSE
+
+LOCAL_SRC_DIR:=~/git/voip/$(PKG_NAME)
+LOCAL_DEV=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
+PKG_SOURCE_VERSION:=45e7d35f97f258f5e13c3afa0542db724bf59828
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+# All config variable that are passed to the make invocation, directly or
+# indirectly. This ensures that the package is rebuilt on config-changes.
+PKG_CONFIG_DEPENDS:=CONFIG_TARGET_BOARD
+
+LIBVOICE_PKG_BUILD_DIR := $(PKG_BUILD_DIR)
+
+include $(INCLUDE_DIR)/package.mk
+
+TARGET_CFLAGS += -Wall -Werror
+
+define Package/$(PKG_NAME)
+	CATEGORY:=Utilities
+	TITLE:=IOPSYS libvoice for D2 which is software DSP
+	URL:=
+	DEPENDS:=
+endef
+
+define Package/$(PKG_NAME)/description
+	Libvoice is a library that provides a uniform set of APIs and data types with hardware abstract layer for DSP/SLIC from different vendors
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	rsync -av --exclude=.* $(LOCAL_SRC_DIR)/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/$(PKG_NAME)/install
+	# Although there is nothing needs to be installed, but the install section must NOT be empty. Otherwise the package will be skipped as below.
+	# WARNING: skipping libvoice-d2 -- package has no install section
+	$(INSTALL_DIR) $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
+

map-agent/Config.in

@@ -13,6 +13,9 @@ config AGENT_ISLAND_PREVENTION
 config AGENT_EASYMESH_R2_CERT
 	bool "Compile for WFA test bed"
 
+config AGENT_EASYMESH_VERSION
+	int "Support Easymesh version"
+	default 2
 
 config AGENT_EASYMESH_VENDOR_EXT
 	bool "Enable extra features through Easymesh vendor extension"

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=2.10.3.28
+PKG_VERSION:=2.10.4.17
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=5deb9717bdf4832734bc710bf51cf27a69a9d7eb
+PKG_SOURCE_VERSION:=098fef903c1e746776f88df3706337b8fc3899ac
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -59,6 +59,8 @@ TARGET_CFLAGS += \
 	-Wno-error=deprecated-declarations \
 	-D_GNU_SOURCE
 
+TARGET_CFLAGS += -DEASYMESH_VERSION=$(CONFIG_AGENT_EASYMESH_VERSION)
+
 ifeq ($(CONFIG_AGENT_SYNC_DYNAMIC_CNTLR_CONFIG),y)
 TARGET_CFLAGS += -DAGENT_SYNC_DYNAMIC_CNTLR_CONFIG
 endif

map-agent/files/etc/config/mapagent

@@ -7,6 +7,7 @@ config agent 'agent'
 	option island_prevention '0'
 	option eth_onboards_wifi_bhs '0'
 #	option controller_macaddr '0a:1b:2c:3d:4e:50'
+	option scan_on_boot_only '0'
 
 config dynamic_backhaul
 	option missing_bh_timer '60'

map-agent/files/etc/init.d/mapagent

@@ -34,7 +34,8 @@ validate_agent_section() {
 		'resend_num:uinteger:0' \
 		'dyn_cntlr_sync:bool:true' \
 		'island_prevention:bool:false' \
-		'eth_onboards_wifi_bhs:bool:false'
+		'eth_onboards_wifi_bhs:bool:false' \
+		'scan_on_boot_only:bool:false'
 
 
 	[ "$?" -ne 0 ] && {
@@ -103,7 +104,11 @@ validate_radio_section() {
 			'include_sta_metric:bool:false' \
 			'rcpi_hysteresis_margin:range(0,255)' \
 			'report_util_threshold:range(0,255)' \
-			'encryption:or("sae", "psk2", "sae-mixed")'
+			'encryption:or("sae", "sae+aes", "psk2",
+				"psk2+aes", "sae-mixed", "sae-mixed+aes",
+				"none", "psk-mixed", "psk-mixed+aes",
+				"wpa", "wpa+aes", "wpa2", "wpa2+aes",
+				"psk", "psk+aes")' \
 
 	[ "$?" -ne 0 ] && {
 		logger -s -t "mapagent" "Validation of radio section failed"

map-controller/Config.in

@@ -14,6 +14,10 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
 	string
 	default "\\\\x11\\\\x22\\\\x33"
 
+config CONTROLLER_EASYMESH_VERSION
+	int "Support Easymesh version"
+	default 2
+
 config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 	string "Vendor OUI in '\\\\xAB\\\\xCD\\\\xEF' format"
 	default CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT

map-controller/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=2.11.0.14
+PKG_VERSION:=2.11.0.24
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=8a71dffdd66b2dcacf67353efcb09cb9127c1ea9
+PKG_SOURCE_VERSION:=8944352f648643fa5c72cd216a76695a021b7851
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
@@ -45,6 +45,8 @@ TARGET_CFLAGS += \
 
 MAKE_PATH:=src
 
+TARGET_CFLAGS += -DEASYMESH_VERSION=$(CONFIG_CONTROLLER_EASYMESH_VERSION)
+
 ifeq ($(CONFIG_CONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG),y)
 TARGET_CFLAGS += -DCONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG
 endif

map-controller/files/etc/init.d/mapcontroller

@@ -62,7 +62,10 @@ validate_ap_section() {
 			'band:or("2", "5", "6")' \
 			'ssid:string' \
 			'encryption:or("sae", "sae+aes", "psk2",
-				"psk2+aes", "sae-mixed", "sae-mixed+aes")' \
+				"psk2+aes", "sae-mixed", "sae-mixed+aes",
+				"none", "psk-mixed", "psk-mixed+aes",
+				"wpa", "wpa+aes", "wpa2", "wpa2+aes",
+				"psk", "psk+aes")' \
 			'key:string' \
 			'vid:range(1,65535):1' \
 			'type:or("backhaul", "fronthaul", "combined")' \

map-topology/Makefile

@@ -6,11 +6,11 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=map-topology
-PKG_VERSION:=2.5.1.8
+PKG_VERSION:=2.5.1.14
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_VERSION:=ee72703a5c89983c881d8faedcdc749b54278790
+PKG_SOURCE_VERSION:=bacbffccabdc1a388a135daad58db4ca60676b05
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/map-topology.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz

map-topology/files/etc/firewall.hosts

@@ -0,0 +1,126 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+day=""
+IP_RULE=""
+
+process_ac_schedule() {
+	local acs_id="$1"
+	local is_enabled
+	local access_control
+	local start_time=""
+	local stop_time=""
+	local mac=""
+
+	handle_day_list() {
+		local value=$1
+
+		val=$(echo $value | cut -c 1-3)
+		if [ -z $day ]; then
+			day="$val"
+		else
+			day="$day,$val"
+		fi
+	}
+
+	config_list_foreach "$acs_id" "day" handle_day_list
+	config_get is_enabled "$acs_id" "enable" 1
+	config_get access_control "$acs_id" "dm_parent"
+
+	if [ "$is_enabled" == "0" ] || [ -z "$access_control" ]; then
+		return
+	fi
+
+	IP_RULE=""
+
+	mac=$(uci -q get hosts.$access_control.macaddr)
+	access_policy=$(uci -q get hosts.$access_control.access_policy)
+
+	config_get start_time "$acs_id" "start_time"
+	config_get duration "$acs_id" "duration"
+
+	if [ -z "$mac" ] && [ -z "$start_time" ] && [ -z "$duration" ] && [ -z "$day" ] && [ -z "$access_policy" ]; then
+		return
+	fi
+	if [ -n "$mac" ]; then
+		IP_RULE="$IP_RULE -m mac --mac-source $mac"
+	fi
+
+	# as per iptables manual default starttime is 00:00
+	# default stoptime is 23:59
+	if [ -z "$start_time" ]; then
+		start_time="0:0"
+	fi
+
+        if [ -n "$duration" ]; then
+		hh=$(echo $start_time | awk -F: '{ print $1 }')
+                mm=$(echo $start_time | awk -F: '{ print $2 }')
+                hh_s=`expr $hh \* 3600`
+                mm_s=`expr $mm \* 60`
+                ss=$(( hh_s + mm_s ))
+
+                stop_ss=$(( ss + duration ))
+                hh=$(( stop_ss / 3600 ))
+                if [ $hh -lt 24 ]; then
+                	rem_ss=$(( stop_ss % 3600 ))
+                	mm=$(( rem_ss / 60 ))
+                	ss=$(( rem_ss % 60 ))
+                	stop_time="$hh:$mm:$ss"
+                else
+                	stop_time="23:59"
+                fi
+        else
+        	stop_time="23:59"
+        fi
+
+	# conversion to utc
+	zone=$(date +%z | cut -c 1)
+	utc_h=$(date -u -d @$(date "+%s" -d "$start_time") +%H)
+	local_h=$(echo $start_time | awk -F: '{ print $1 }')
+	if [ "$zone" == "+" ] && [ $utc_h -gt $local_h ]; then
+		start_utc="0:0"
+	else
+		start_utc=$(date -u -d @$(date "+%s" -d "$start_time") +%H:%M)
+	fi
+
+	utc_h=$(date -u -d @$(date "+%s" -d "$stop_time") +%H)
+	local_h=$(echo $stop_time | awk -F: '{ print $1 }')
+	if [ "$zone" == "-" ] && [ $utc_h -lt $local_h ]; then
+		stop_utc="23:59"
+	else
+		stop_utc=$(date -u -d @$(date "+%s" -d "$stop_time") +%H:%M)
+	fi
+
+
+	IP_RULE="$IP_RULE -m time --timestart $start_utc --timestop $stop_utc"
+	if [ -n "$day" ]; then
+		IP_RULE="$IP_RULE --weekdays $day"
+	fi
+
+	if [ "$access_policy" == "Deny" ]; then
+		IP_RULE="$IP_RULE -j DROP"
+	else
+		IP_RULE="$IP_RULE -j ACCEPT"
+	fi
+
+	iptables -w -A hosts_forward ${IP_RULE}
+	ip6tables -w -A hosts_forward ${IP_RULE}
+
+	day=""
+}
+
+iptables -w -F hosts_forward
+ip6tables -w -F hosts_forward
+
+iptables -w -t filter -N hosts_forward
+ret=$?                        
+[ $ret -eq 0 ] && iptables -w -t filter -I FORWARD -j hosts_forward
+ip6tables -w -t filter -N hosts_forward
+ret=$?                        
+[ $ret -eq 0 ] && ip6tables -w -t filter -I FORWARD -j hosts_forward
+
+# Load /etc/config/hosts UCI file
+config_load hosts
+config_foreach process_ac_schedule ac_schedule
+

map-topology/files/etc/uci-defaults/992-firewall_host.ucidefaults

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ -f /etc/firewall.hosts ]; then
+	uci -q get firewall.hosts || {
+		uci -q set firewall.hosts=include
+		uci -q set firewall.hosts.path="/etc/firewall.hosts"
+		uci -q set firewall.hosts.reload=1
+	}
+fi
+
+
+exit 0

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=6.0.0.10
+PKG_VERSION:=6.0.0.14
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/fork/obuspa.git
-PKG_SOURCE_VERSION:=668748cd4801aa5af12d61d9b0837064b9f933cc
+PKG_SOURCE_VERSION:=3df3346238a9eef2168fddadcef01ebe311053e4
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -110,6 +110,7 @@ define Package/obuspa/install
 	$(INSTALL_DATA) ./files/etc/bbfdm/json/USPAgent.json $(1)/etc/bbfdm/json/USPAgent.json
 	$(INSTALL_DATA) ./files/etc/bbfdm/json/TransferComplete.json $(1)/etc/bbfdm/json/TransferComplete.json
 	$(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/50-add-mqtt-usp-test $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,obuspa))

obuspa/files/etc/config/obuspa

@@ -2,7 +2,7 @@ config obuspa 'global'
 	option enabled '1'
 	option debug '1'
 	option log_level '1'
-	option prototrace '1'
+	option prototrace '0'
 	option db_file '/etc/obuspa/usp.db'
 	#option role_file '/etc/obuspa/roles.json'
 	option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'
@@ -11,54 +11,22 @@ config obuspa 'global'
 	#option log_dest '/var/log/obuspa'
 
 # Adds Device.LocalAgent.MTP.
-config mtp 'agent_mtp'
+config mtp 'test_mtp'
 	option Protocol 'MQTT'
 	option ResponseTopicConfigured '/usp/endpoint'
-	option mqtt 'localmqtt'
+	option mqtt 'testmqtt'
 
 # Adds Device.MQTT.Client.
-config mqtt 'localmqtt'
+config mqtt 'testmqtt'
 	option BrokerAddress '127.0.0.1'
 	option BrokerPort '1883'
 	option TransportProtocol 'TCP/IP'
 
 # Adds Device.LocalAgent.Controller.
-config controller 'localcontroller'
+config controller 'testcontroller'
 	option EndpointID 'proto::interop-usp-controller'
 	option Protocol 'MQTT'
 	option Topic '/usp/controller'
-	option mqtt 'localmqtt'
+	option mqtt 'testmqtt'
 	option assigned_role_name 'full_access'
 
-# Add Device.LocalAgent.Subscription.
-#config subscription 'sub_event'
-#    option ID 'uci-sub-events'
-#    option NotifType 'Event'
-#    list ReferenceList 'Device.Boot!'
-#    list ReferenceList 'Device.LocalAgent.TransferComplete!'
-#    option Persistent 'true'
-#    option controller 'localcontroller'
-
-#config subscription 'sub_op_comp'
-#   option ID 'uci-sub-op_complete'
-#   option NotifType 'OperationComplete'
-#   list ReferenceList 'Device.DeviceInfo.FirmwareImage.*.Download()'
-#   list ReferenceList 'Device.DeviceInfo.FirmwareImage.*.Activate()'
-#   option Persistent 'true'
-#   option controller 'localcontroller'
-
-#config challenge 'admin'
-#	option Description 'Request to get Administrative access'
-#	option role_name 'full_access'
-#	option Enable '1'
-#	option Value 'YWRtaW4='
-#	option Retries 2
-#	option LockoutPeriod 60
-
-#config challenge 'user'
-#	option Description 'Request to get User access'
-#	option role_name 'user'
-#	option Enable '1'
-#	option Value 'dXNlcg=='
-#	option Retries 3
-#	option LockoutPeriod 30

obuspa/files/etc/init.d/obuspa

@@ -314,7 +314,7 @@ publish_endpoint()
 {
 	local AgentEndpointID serial oui user pass
 
-	if ! uci -q get obuspa.localmqtt; then
+	if ! uci -q get obuspa.testmqtt; then
 		return 0;
 	fi
 
@@ -330,11 +330,11 @@ publish_endpoint()
 	if [ -z "${AgentEndpointID}" ]; then
 		serial=$(get_serial_from_db)
 		oui=$(get_oui_from_db)
-		AgentEndpointID="os::${oui}-${serial}"
+		AgentEndpointID="os::${oui}-${serial//+/%2B}"
 	fi
 
-	config_get user localmqtt Username
-	config_get pass localmqtt Password
+	config_get user testmqtt Username
+	config_get pass testmqtt Password
 
 	# publish Agent's EndpointID in mosquito broker for discovery by usp-js
 	# This is a work around till obuspa adds supports for mDNS discovery

obuspa/files/etc/uci-defaults/50-add-mqtt-usp-test

@@ -0,0 +1,14 @@
+add_usp_test()
+{
+        if ! uci_get mosquitto usptest >/dev/null 2>&1; then
+                uci_add mosquitto listener usptest
+                uci_set mosquitto usptest enabled 1
+                uci_set mosquitto usptest port '9001'
+                uci_set mosquitto usptest protocol 'websockets'
+                uci_set mosquitto usptest require_certificates '0'
+                uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+        fi
+}
+
+uci_load mosquitto
+add_usp_test

ponmngr/Makefile

@@ -39,6 +39,8 @@ ifneq ($(CONFIG_TARGET_brcmbca),)
 else ifneq ($(CONFIG_TARGET_airoha),)
 	$(CP) ./files/airoha/* $(1)/
 endif
+	$(INSTALL_DIR) $(1)/etc/bbfdm/json
+	$(CP) ./files/etc/bbfdm/json/* $(1)/etc/bbfdm/json/
 endef
 
 $(eval $(call BuildPackage,ponmngr))

ponmngr/files/etc/bbfdm/json/xpon.json

@@ -0,0 +1,656 @@
+{
+	"json_plugin_version": 1,
+	"Device.XPON.": {
+		"type": "object",
+		"protocols": [
+			"usp"
+		],
+		"access": false,
+		"array": false,
+		"dependency": "file:/etc/config/xpon",
+		"ONUNumberOfEntries": {
+			"type": "unsignedInt",
+			"read": true,
+			"write": false,
+			"protocols": [
+				"usp"
+			],
+			"datatype": "unsignedInt",
+			"mapping": [
+				{
+					"type": "ubus",
+					"ubus": {
+						"object": "xpon",
+						"method": "status",
+						"args": {},
+						"key": "ONU.@Count"
+					}
+				}
+			]
+		},
+		"Device.XPON.ONU.{i}.": {
+			"type": "object",
+			"protocols": [
+				"usp"
+			],
+			"access": false,
+			"array": true,
+			"mapping": [
+				{
+					"type": "ubus",
+					"ubus": {
+						"object": "xpon",
+						"method": "status",
+						"args": {},
+						"key": "ONU"
+					}
+				}
+			],
+			"Enable": {
+				"type": "boolean",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"usp"
+				],
+				"datatype": "boolean",
+				"mapping": [
+					{
+						"data": "@Parent",
+						"type": "json",
+						"key": "Enable"
+					}
+				]
+			},
+			"Version": {
+				"type": "string",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"usp"
+				],
+				"datatype": "string",
+				"range": [
+					{
+						"max": 14
+					}
+				],
+				"mapping": [
+					{
+						"data": "@Parent",
+						"type": "json",
+						"key": "Version"
+					}
+				]
+			},
+			"EquipmentID": {
+				"type": "string",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"usp"
+				],
+				"datatype": "string",
+				"range": [
+					{
+						"max": 20
+					}
+				],
+				"mapping": [
+					{
+						"data": "@Parent",
+						"type": "json",
+						"key": "EquipmentID"
+					}
+				]
+			},
+			"SoftwareImageNumberOfEntries": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"usp"
+				],
+				"datatype": "unsignedInt",
+				"mapping": [
+					{
+						"type": "ubus",
+						"ubus": {
+							"object": "xpon",
+							"method": "status",
+							"args": {},
+							"key": "ONU[@index].softwareImage.@Count"
+						}
+					}
+				]
+			},
+			"EthernetUNINumberOfEntries": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"usp"
+				],
+				"datatype": "unsignedInt",
+				"mapping": [
+					{
+						"type": "ubus",
+						"ubus": {
+							"object": "xpon",
+							"method": "status",
+							"args": {},
+							"key": "ONU[@index].EthernetUNI.@Count"
+						}
+					}
+				]
+			},
+			"ANINumberOfEntries": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"usp"
+				],
+				"datatype": "unsignedInt",
+				"mapping": [
+					{
+						"type": "ubus",
+						"ubus": {
+							"object": "xpon",
+							"method": "status",
+							"args": {},
+							"key": "ONU[@index].ANI.@Count"
+						}
+					}
+				]
+			},
+			"Device.XPON.ONU.{i}.SoftwareImage.{i}.": {
+				"type": "object",
+				"protocols": [
+					"usp"
+				],
+				"access": false,
+				"array": true,
+				"mapping": [
+					{
+						"type": "ubus",
+						"ubus": {
+							"object": "xpon",
+							"method": "status",
+							"args": {},
+							"key": "ONU[@index].softwareImage"
+						}
+					}
+				],
+				"ID": {
+					"type": "unsignedInt",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "unsignedInt",
+					"range": [
+						{
+							"min": 0,
+							"max": 1
+						}
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "ID"
+						}
+					]
+				},
+				"Version": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 14
+						}
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "Version"
+						}
+					]
+				},
+				"IsCommitted": {
+					"type": "boolean",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "boolean",
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "IsCommitted"
+						}
+					]
+				},
+				"IsActive": {
+					"type": "boolean",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "boolean",
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "IsActive"
+						}
+					]
+				},
+				"IsValid": {
+					"type": "boolean",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "boolean",
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "IsValid"
+						}
+					]
+				}
+			},
+			"Device.XPON.ONU.{i}.EthernetUNI.{i}.": {
+				"type": "object",
+				"protocols": [
+					"usp"
+				],
+				"access": false,
+				"array": true,
+				"mapping": [
+					{
+						"type": "ubus",
+						"ubus": {
+							"object": "xpon",
+							"method": "status",
+							"args": {},
+							"key": "ONU[@index].EthernetUNI"
+						}
+					}
+				],
+				"Enable": {
+					"type": "boolean",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "boolean",
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "Enable"
+						}
+					]
+				},
+				"Status": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "string",
+					"enumerations": [
+						"Up",
+						"Down",
+						"unknown",
+						"Dormant",
+						"NotPresent",
+						"LowerLayerDown",
+						"Error"
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "Status"
+						}
+					]
+				},
+				"ANIs": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 1024
+						}
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "ANIs"
+						}
+					]
+				},
+				"InterdomainID": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 256
+						}
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "InterDomainID"
+						}
+					]
+				},
+				"InterdomainName": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 25
+						}
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "InterDomainName"
+						}
+					]
+				},
+				"Device.XPON.ONU.{i}.EthernetUNI.{i}.Stats.": {
+					"type": "object",
+					"protocols": [
+						"usp"
+					],
+					"access": false,
+					"array": false,
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "Stats"
+						}
+					],
+					"BytesSent": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.BytesSent"
+							}
+						]
+					},
+					"BytesReceived": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.BytesReceived"
+							}
+						]
+					},
+					"PacketsSent": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.PacketsSent"
+							}
+						]
+					},
+					"PacketsReceived": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.PacketsReceived"
+							}
+						]
+					}
+				}
+			},
+			"Device.XPON.ONU.{i}.ANI.{i}.": {
+				"type": "object",
+				"protocols": [
+					"usp"
+				],
+				"access": false,
+				"array": true,
+				"mapping": [
+					{
+						"type": "ubus",
+						"ubus": {
+							"object": "xpon",
+							"method": "status",
+							"args": {},
+							"key": "ONU[@index].ANI"
+						}
+					}
+				],
+				"Enable": {
+					"type": "boolean",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "boolean",
+					"mapping": [
+						{
+							"rpc": "get",
+							"data": "@Parent",
+							"type": "json",
+							"key": "Enable"
+						},
+						{
+							"rpc": "set",
+							"type": "uci",
+							"uci": {
+								"file": "xpon",
+								"section": {
+									"name": "ani"
+								},
+								"option": {
+									"name": "enable"
+								}
+							}
+						}
+					]
+				},
+				"Status": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "string",
+					"enumerations": [
+						"Up",
+						"Down",
+						"Dormant",
+						"Unknown",
+						"NotPresent",
+						"Error"
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "Status"
+						}
+					]
+				},
+				"PONMode": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"usp"
+					],
+					"datatype": "string",
+					"enumerations": [
+						"GPON",
+						"XG-PON",
+						"NG-PON2",
+						"XGS-PON"
+					],
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "PONMode"
+						}
+					]
+				},
+				"Device.XPON.ONU.{i}.ANI.{i}.Stats.": {
+					"type": "object",
+					"protocols": [
+						"usp"
+					],
+					"access": false,
+					"array": false,
+					"mapping": [
+						{
+							"data": "@Parent",
+							"type": "json",
+							"key": "Stats"
+						}
+					],
+					"BytesSent": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.BytesSent"
+							}
+						]
+					},
+					"BytesReceived": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.BytesReceived"
+							}
+						]
+					},
+					"PacketsSent": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.PacketsSent"
+							}
+						]
+					},
+					"PacketsReceived": {
+						"type": "unsignedLong",
+						"read": true,
+						"write": false,
+						"protocols": [
+							"usp"
+						],
+						"datatype": "unsignedLong",
+						"mapping": [
+							{
+								"data": "@Parent",
+								"type": "json",
+								"key": "Stats.PacketsReceived"
+							}
+						]
+					}
+				}
+			}
+		}
+	}
+}
+

qosmngr/Makefile

@@ -27,7 +27,7 @@ define Package/qosmngr
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=QoS Manager
-  DEPENDS:=@(TARGET_brcmbca||TARGET_airoha) +libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos
+  DEPENDS:=@(TARGET_brcmbca||TARGET_airoha||TARGET_iopsys_mediatek) +libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos
 endef
 
 define Package/qosmngr/description
@@ -60,4 +60,12 @@ define Package/qosmngr/install
 	$(call Package/qosmngr/install/common,$(1))
 endef
 endif
+
+ifeq ($(CONFIG_TARGET_iopsys_mediatek),y)
+define Package/qosmngr/install
+	$(CP) ./files/linux/* $(1)/
+	echo "Honoring the flag mediatek"
+	$(call Package/qosmngr/install/common,$(1))
+endef
+endif
 $(eval $(call BuildPackage,qosmngr))

qosmngr/files/airoha/etc/uci-defaults/60-qos_config_generate

@@ -4,6 +4,18 @@
 
 ethwan="$(db -q get hw.board.ethernetWanPort)"
 
+populate_no_of_queue(){
+    queue_num=4
+
+    # writing no. of queue per port into file and read on classify generate
+    if [ ! -d "/tmp/qos" ]; then
+	    mkdir -p "/tmp/qos"
+    fi
+    no_queue_file="/tmp/qos/no_queue_per_port"
+    touch "$no_queue_file"
+    echo $queue_num >"$no_queue_file"
+}
+
 generate_queue(){
     section="$1"
 
@@ -34,15 +46,19 @@ generate_queue(){
     uci commit qos
 }
 
+populate_no_of_queue
+
 if [ -s "/etc/config/qos" ]; then
     if uci -q get qos.@queue[0] >/dev/null; then
-        # return if there is any valid content
-        exit
+	# return if there is any valid content
+	exit
     else
-        rm -f /etc/config/qos
+	rm -f /etc/config/qos
     fi
 fi
 touch /etc/config/qos
 
+# generate qos queue config
 config_load ports
 config_foreach generate_queue ethport
+

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -182,9 +182,9 @@ hw_commit_all() {
 
     if [ "${glob_alg}" != "" ] ; then
         /userfs/bin/qosrule discpline $(hw_sc_alg2str ${glob_alg}) ${weight_list} \
-                            ${shape_rate:+uplink-bandwidth} $shape_rate \
+                            uplink-bandwidth ${shape_rate:-0} \
                             queuemask $queue_mask
     else
-        /userfs/bin/qosrule discpline off
+        /userfs/bin/qosrule discpline Enable 0
     fi
 }

qosmngr/files/airoha/lib/qos/common/classify.sh

@@ -5,9 +5,9 @@
 handle_classify() {
     cid="$1" #classify section ID
 
-    config_get is_enable "$cid" "enable"
+    config_get is_enable "$cid" "enable" 1
     # no need to configure disabled classify rules
-    if [ -z "$is_enable" ] || [ "$is_enable" == "0" ]; then
+    if [ "$is_enable" == "0" ]; then
         return
     fi
 

qosmngr/files/airoha/lib/qos/common/policer.sh

@@ -80,10 +80,10 @@ handle_policer() {
     local p_sec="$1" # policer section ID
     local dir=1 # default direction, upstream
 
-    config_get is_enable "$p_sec" "enable"
+    config_get is_enable "$p_sec" "enable" 1
 
     # No need to configure disabled policer
-    if [ -z "$is_enable" ] || [ "$is_enable" == "0" ] ; then
+    if [ "$is_enable" == "0" ] ; then
         return
     fi
 

qosmngr/files/airoha/lib/qos/common/queue.sh

@@ -18,10 +18,10 @@ handle_queue() {
     local qid="$1" #queue section ID
     local intf_name="$2"
 
-    config_get is_enable "$qid" "enable"
+    config_get is_enable "$qid" "enable" 1
 
     # no need to configure disabled queues
-    if [ -z "${is_enable}" ] || [ "${is_enable}" == "0" ]; then
+    if [ "${is_enable}" == "0" ]; then
         return
     fi
 

qosmngr/files/airoha/lib/qos/common/shaper.sh

@@ -7,9 +7,9 @@
 handle_shaper() {
     sid="$1" #queue section ID
 
-    config_get is_enable "$sid" "enable"
+    config_get is_enable "$sid" "enable" 1
     # no need to configure disabled queues
-    if [ -z "${is_enable}" ] || [ "${is_enable}" == "0" ] ; then
+    if [ "${is_enable}" == "0" ] ; then
         return
     fi
 

qosmngr/files/broadcom/etc/uci-defaults/60-qos_config_generate

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+ethwan="$(db -q get hw.board.ethernetWanPort)"
+cpu_model="$(cat /proc/socinfo  | grep 'SoC Name' | cut -d':' -f2)"
+
+queue_num=8
+
+populate_no_of_queue(){
+	case $cpu_model in
+		BCM68*) queue_num=4;;
+	esac
+        if grep -qE '[0-9]+ archer$' /proc/devices; then
+                queue_num=4
+        fi
+
+	# writing no. of queue per port into file and read on classify generate
+	if [ ! -d "/tmp/qos" ]; then
+		mkdir -p "/tmp/qos"
+	fi
+	no_queue_file="/tmp/qos/no_queue_per_port"
+	touch "$no_queue_file"
+	echo $queue_num >"$no_queue_file"
+}
+
+generate_queue(){
+	section="$1"
+
+	config_get ifname "$section" "ifname"
+
+	local is_lan=0
+	if [ "$ifname" != "$ethwan" ]; then
+		is_lan=1
+	fi
+
+	local no_of_q="0 1 2 3 4 5 6 7"
+
+	if [ $is_lan -eq 1 ] -a [ $queue_num -eq 4 ]; then
+		no_of_q="0 1 2 3"
+	fi
+
+	i=0
+	local total_q=$((${no_of_q##* } + 1))
+        for i in $no_of_q; do
+		order=$((total_q - i))
+		uci add qos queue
+		uci rename qos.@queue[-1]="q_${i}_${ifname}"
+		uci set qos.@queue[-1].enable="1"
+		uci set qos.@queue[-1].ifname="$ifname"
+		uci set qos.@queue[-1].precedence="$order"
+		uci set qos.@queue[-1].scheduling="SP"
+		uci set qos.@queue[-1].rate="0"
+		uci set qos.@queue[-1].burst_size="0"
+		uci set qos.@queue[-1].weight="1"
+	done
+
+	uci commit qos
+}
+
+populate_no_of_queue
+
+if [ -s "/etc/config/qos" ]; then
+	if uci -q get qos.@queue[0] >/dev/null; then
+		exit
+	else
+		rm -f /etc/config/qos
+	fi
+fi
+touch /etc/config/qos
+
+# generate qos queue config
+config_load ports
+config_foreach generate_queue ethport
+

qosmngr/files/broadcom/lib/qos/qos.sh

@@ -1070,7 +1070,7 @@ handle_classify() {
 	local corder_file="/tmp/qos/classify.order"
 
 	while read -r line; do
-		line_cid=${line: 2}
+		line_cid=$(echo $line | cut -d '_' -f 2)
 
 	        handle_ebtables_rules $line_cid
 	        handle_iptables_rules $line_cid

qosmngr/files/common/etc/uci-defaults/61-qos_classify_generate

@@ -0,0 +1,114 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+classify_no=0
+generate_dns_rule(){
+	classify_no=$((classify_no + 1))
+	uci add qos classify
+	uci rename qos.@classify[-1]="c${classify_no}"
+	uci set qos.@classify[-1].ifname="lo"
+	uci set qos.@classify[-1].proto="udp"
+	uci set qos.@classify[-1].ethertype="IPv4"
+	uci set qos.@classify[-1].dest_port="53"
+	uci set qos.@classify[-1].traffic_class="$1"
+}
+
+generate_dhcp_rule(){
+	classify_no=$((classify_no + 1))
+	uci add qos classify
+	uci rename qos.@classify[-1]="c${classify_no}"
+	uci set qos.@classify[-1].ifname="lo"
+	uci set qos.@classify[-1].proto="udp"
+	uci set qos.@classify[-1].ethertype="IPv4"
+	uci set qos.@classify[-1].dest_port="67"
+	uci set qos.@classify[-1].dest_port_range="68"
+	uci set qos.@classify[-1].traffic_class="$1"
+}
+
+generate_igmp_rule(){
+	classify_no=$((classify_no + 1))
+	uci add qos classify
+	uci rename qos.@classify[-1]="c${classify_no}"
+	uci set qos.@classify[-1].ifname="lo"
+	uci set qos.@classify[-1].proto="IGMP"
+	uci set qos.@classify[-1].ethertype="IPv4"
+	uci set qos.@classify[-1].traffic_class="$1"
+}
+
+generate_icmp_rule(){
+	classify_no=$((classify_no + 1))
+	uci add qos classify
+	uci rename qos.@classify[-1]="c${classify_no}"
+	uci set qos.@classify[-1].ifname="lo"
+	uci set qos.@classify[-1].proto="icmp"
+	uci set qos.@classify[-1].ethertype="IPv4"
+	uci set qos.@classify[-1].traffic_class="$1"
+
+	classify_no=$((classify_no + 1))
+	uci add qos classify
+	uci rename qos.@classify[-1]="c${classify_no}"
+	uci set qos.@classify[-1].proto="icmp"
+	uci set qos.@classify[-1].ethertype="IPv4"
+	uci set qos.@classify[-1].traffic_class="$2"
+}
+
+generate_classify(){
+
+
+	no_queue_file="/tmp/qos/no_queue_per_port"
+	queue_num=$(cat "$no_queue_file")
+	rm -f "$no_queue_file"
+
+	# assign queue type
+	if [ $queue_num -eq 8 ]; then
+		q_def_queue="0"
+		q_low="1"
+		q_besteffort="2"
+		q_normal="3"
+		q_video="4"
+		q_medium="5"
+		q_high="6"
+		q_highest="7"
+	elif [ $queue_num -eq 4 ]; then
+		q_def_queue="0"
+		q_normal="1"
+		q_medium="2"
+		q_highest="3"
+	fi
+
+	# Local generated DNS traffic goes to q_highest
+	generate_dns_rule $q_highest
+	# Local generated IGMP traffic goes to q_highest
+	generate_igmp_rule $q_highest
+	# Local generated DHCP traffic goes to q_highest
+	generate_dhcp_rule $q_highest
+	# Local generated ICMP traffic goes to q_highest rotue as q_normal
+	generate_icmp_rule $q_highest $q_normal
+
+	# VLAN priority tag -> Queue priority
+	for i in `seq 1 7`; do
+		classify_no=$((classify_no + 1))
+		uci add qos classify
+		uci rename qos.@classify[-1]="c${classify_no}"
+		uci set qos.@classify[-1].pcp_check="$i"
+		uci set qos.@classify[-1].traffic_class="$i"
+	done
+
+	uci commit qos
+}
+
+if [ -s "/etc/config/qos" ]; then
+	# cleaning up for upgrade same version that contain firewall.qos
+	if [ -s "/etc/firewall.qos" ]; then
+		rm -f "/etc/firewall.qos"
+		if [ -s "/etc/config/firewall" ]; then
+			uci delete firewall.qos
+		fi
+                generate_classify
+	elif uci -q get qos.@classify[0] >/dev/null; then
+		exit
+	else
+                generate_classify
+	fi
+fi

qosmngr/files/linux/etc/uci-defaults/60-qos_config_generate

@@ -3,30 +3,14 @@
 . /lib/functions.sh
 
 ethwan="$(db -q get hw.board.ethernetWanPort)"
-cpu_model="$(cat /proc/socinfo  | grep 'SoC Name' | cut -d':' -f2)"
 
 generate_queue(){
 	section="$1"
 
 	config_get ifname "$section" "ifname"
 
-	local is_lan=0
-	if [ "$ifname" != "$ethwan" ]; then
-		is_lan=1
-	fi
-
 	local no_of_q="0 1 2 3 4 5 6 7"
 
-        if [ $is_lan -eq 1 ]; then
-		case $cpu_model in
-			BCM68*) no_of_q="0 1 2 3" ;;
-		esac
-
-                if grep -qE '[0-9]+ archer$' /proc/devices; then 
-                        no_of_q="0 1 2 3" 
-                fi 
-	fi
-
 	i=0
 	local total_q=$((${no_of_q##* } + 1))
         for i in $no_of_q; do
@@ -37,8 +21,8 @@ generate_queue(){
 		uci set qos.@queue[-1].ifname="$ifname"
 		uci set qos.@queue[-1].precedence="$order"
 		uci set qos.@queue[-1].scheduling="SP"
-		uci set qos.@queue[-1].rate="0"
-		uci set qos.@queue[-1].burst_size="0"
+		uci set qos.@queue[-1].rate="1000000"
+		uci set qos.@queue[-1].burst_size="1500"
 		uci set qos.@queue[-1].weight="1"
 	done
 

qosmngr/files/linux/lib/qos/qos.sh

@@ -0,0 +1,696 @@
+#!/bin/sh
+. /lib/functions.sh
+#set -x
+
+IP_RULE=""
+MAJOR=""
+
+POLICER_COUNT=0
+Q_COUNT=0
+SP_Q_PRIO=7
+
+#counter variable to assign classify order value if not added in config
+temp_order=1
+
+# Function to handle a queue order and
+# update total number of queues
+handle_q_order() {
+	local qid="$1" #queue section ID
+
+	config_get is_enable "$qid" "enable" 1
+
+	# No need to configure disabled queues
+	if [ $is_enable == '0' ]; then
+		return
+	fi
+
+	config_get ifname "$qid" "ifname"
+	# If ifname is empty that is good enough to break
+	if [ -z "$ifname" ];then
+		return
+	fi
+
+	# Create precedence file containing queue order per
+	# interface.
+	local precedence_file="/tmp/qos/$ifname/q_order"
+	local q_no=$(cat /tmp/qos/$ifname/q_idx)
+
+	config_get precedence "$qid" "precedence"
+	value=${precedence}_q${q_no}
+	echo $value >> $precedence_file
+
+	# Update the number of queues per interface.
+	q_no=$((q_no + 1))
+	echo $q_no > /tmp/qos/$ifname/q_idx
+}
+
+# Sort queue, lower value in uci means higher precedence, so this
+# function sorts the precedence in decending order
+sort_q_by_precedence() {
+	ifname="$1"
+
+	local order_file="/tmp/qos/$ifname/q_order"
+	local tmp_order_file="/tmp/qos/$ifname/q_order.tmp"
+
+	sort -n -k1 $order_file > $tmp_order_file
+	cp $tmp_order_file $order_file
+	rm -f $tmp_order_file
+}
+
+sort_by_precedence() {
+	for interf in $(db -q get hw.board.ethernetPortOrder); do
+		sort_q_by_precedence $interf
+	done
+}
+
+# function to handle a queue section
+handle_queue() {
+	local qid="$1" #queue section ID
+	local port="$2"
+	local port_bw="$3"
+	local root="$4"
+	local port_bs="$5"
+
+	config_get is_enable "$qid" "enable"
+
+	# no need to configure disabled queues
+	if [ "$is_enable" == "0" ]; then
+		return
+	fi
+
+	config_get ifname "$qid" "ifname"
+	# if ifname is empty that is good enough to break
+	if [ -z "$ifname" ];then
+		return
+	fi
+
+	# This is to get the qid per interface.
+	if [ "$port" != "$ifname" ]; then
+		return
+	fi
+
+	local precedence_file="/tmp/qos/$ifname/q_order"
+
+	local temp_order=0
+	while read -r line; do
+		line_qid=${line: -1}
+		if [ "$line_qid" == "$Q_COUNT" ]; then
+			break
+		fi
+		temp_order=$((temp_order + 1))
+	done < "$precedence_file"
+
+	# precedence_file so the order is calculated accordingly.
+	local order=`expr $SP_Q_PRIO - $temp_order`
+
+	config_get sc_alg "$qid" "scheduling"
+	config_get wgt "$qid" "weight" 1
+	config_get rate "$qid" "rate"
+	config_get bs "$qid" "burst_size"
+	config_get qsize "$qid" "queue_size" 1024
+
+	[ "$rate" == "0" ] && rate="$port_bw"
+	[ "$bs" == "0" ] && bs="$port_bs"
+
+	local salg=1
+
+	case "$sc_alg" in
+		"SP") salg=1
+		;;
+		"WRR") salg=2
+		;;
+		"WDRR") salg=3
+		;;
+		"WFQ") salg=4
+		;;
+	esac
+
+	# ignore precedence value in case of WRR, broadcom recommends that WRR queue should
+	# always have precedence value set to 0
+	if [ $salg -eq 2 ]; then
+	       order=0
+	fi
+
+	if [ $salg -eq 2 ]; then
+		tc class add dev $port parent ${root}: classid ${root}:$((order + 1)) cbq allot $bs bandwidth ${port_bw}kbit rate ${rate}kbit prio $order weight $wgt  avpkt 1500 bounded isolated
+	else
+		tc class add dev $port parent ${root}: classid ${root}:$((order + 1)) cbq allot $bs bandwidth ${port_bw}kbit rate ${rate}kbit prio $order  avpkt 1500 bounded isolated
+	fi
+	
+	if [ $order -eq 0 ]; then
+		# By default flowid is targeted to queue 1.
+		tc filter add dev $port parent ${root}:0 protocol ip prio 1 u32 match u32 0 0  flowid ${root}:0
+	fi
+
+	Q_COUNT=$((Q_COUNT + 1))
+}
+
+#function to handle a policer section
+handle_policer() {
+	local p_sec="$1" # policer section ID
+	local dir=1 # default direction, upstream
+
+	config_get is_enable "$p_sec" "enable"
+
+	#no need to configure disabled policer
+	if [ $is_enable == '0' ]; then
+		return
+	fi
+
+	POLICER_COUNT=$((POLICER_COUNT + 1))
+}
+
+setup_qos() {
+	if [ ! -d "/tmp/qos" ]; then
+		mkdir -p /tmp/qos
+	fi
+
+	ebtables -t broute -N qos
+	ret=$?
+	if [ $ret -eq 0 ]; then
+		ebtables -t broute -I BROUTING -j qos
+	else
+		ebtables -t broute -D BROUTING -j qos
+		ebtables -t broute -I BROUTING -j qos
+	fi
+
+	iptables -w -t mangle -N qos_forward
+	ret=$?
+	[ $ret -eq 0 ] && iptables -w -t mangle -I FORWARD -j qos_forward
+
+	iptables -w -t mangle -N qos_output
+	ret=$?
+	[ $ret -eq 0 ] && iptables -w -t mangle -I OUTPUT -j qos_output
+
+	iptables -w -t mangle -N qos_postrouting
+	ret=$?
+	[ $ret -eq 0 ] && iptables -w -t mangle -I POSTROUTING -j qos_postrouting
+
+	ip6tables -t mangle -N qos_forward
+	ret=$?
+	[ $ret -eq 0 ] && ip6tables -t mangle -I FORWARD -j qos_forward
+
+	ip6tables -t mangle -N qos_output
+	ret=$?
+	[ $ret -eq 0 ] && ip6tables -t mangle -I OUTPUT -j qos_output
+
+	ip6tables -w -t mangle -N qos_postrouting
+	ret=$?
+	[ $ret -eq 0 ] && ip6tables -w -t mangle -I POSTROUTING -j qos_postrouting
+}
+
+flush_chains() {
+        echo "iptables -w -t mangle -F qos_forward" > /tmp/qos/classify.iptables
+        echo "iptables -w -t mangle -F qos_output" >> /tmp/qos/classify.iptables
+        echo "iptables -w -t mangle -F qos_postrouting" >> /tmp/qos/classify.iptables
+
+        echo "ip6tables -w -t mangle -F qos_forward" > /tmp/qos/classify.ip6tables
+        echo "ip6tables -w -t mangle -F qos_output" >> /tmp/qos/classify.ip6tables
+        echo "ip6tables -w -t mangle -F qos_postrouting" >> /tmp/qos/classify.ip6tables
+}
+
+init_iptables_rule() {
+        IP_RULE=""
+}
+
+iptables_filter_intf() {
+        IP_RULE="$IP_RULE -o $1"
+}
+
+iptables_filter_proto() {
+        IP_RULE="$IP_RULE -p $1"
+}
+
+iptables_filter_ip_src() {
+        IP_RULE="$IP_RULE -s $1"
+}
+
+iptables_filter_ip_dest() {
+        IP_RULE="$IP_RULE -d $1"
+}
+
+iptables_filter_port_dest() {
+        IP_RULE="$IP_RULE --dport $1"
+}
+
+iptables_filter_port_src() {
+        IP_RULE="$IP_RULE --sport $1"
+}
+
+iptables_filter_port_dest_range() {
+        IP_RULE="$IP_RULE --dport $1:$2"
+}
+
+iptables_filter_port_src_range() {
+        IP_RULE="$IP_RULE --sport $1:$2"
+}
+
+iptables_filter_dscp_filter() {
+        IP_RULE="$IP_RULE -m dscp --dscp $1"
+}
+
+iptables_filter_ip_len_min() {
+        IP_RULE="$IP_RULE -m length --length $1"
+}
+
+iptables_filter_ip_len_max() {
+        IP_RULE="$IP_RULE:$1"
+}
+
+iptables_set_dscp_mark() {
+        IP_RULE="$IP_RULE -j DSCP --set-dscp $1"
+}
+
+iptables_set_traffic_class() {
+        IP_RULE="$IP_RULE  -j CLASSIFY --set-class ${MAJOR}:$1"
+}
+
+append_rule_to_mangle_table() {
+        if [ $2 == 4 ]; then
+                echo "iptables -w -t mangle -A $1 $IP_RULE"  >> /tmp/qos/classify.iptables
+        elif [ $2 == 6 ]; then
+                echo "ip6tables -w -t mangle -A $1 $IP_RULE" >> /tmp/qos/classify.ip6tables
+        elif [ $2 == 1 ]; then
+                echo "iptables -w -t mangle -A $1 $IP_RULE"  >> /tmp/qos/classify.iptables
+                echo "ip6tables -w -t mangle -A $1 $IP_RULE" >> /tmp/qos/classify.ip6tables
+        fi
+}
+
+handle_iptables_rules() {
+        cid=$1
+        local ip_version=0
+        local is_l3_rule=0
+
+        init_iptables_rule
+        config_get proto "$cid" "proto"
+        config_get traffic_class "$cid" "traffic_class"
+        config_get dscp_mark "$cid" "dscp_mark"
+        config_get dscp_filter "$cid" "dscp_filter"
+        config_get dest_port "$cid" "dest_port"
+        config_get dest_port_range "$cid" "dest_port_range"
+        config_get src_port "$cid" "src_port"
+        config_get src_port_range "$cid" "src_port_range"
+        config_get dest_ip "$cid" "dest_ip"
+        config_get src_ip "$cid" "src_ip"
+        config_get ip_len_min "$cid" "ip_len_min"
+        config_get ip_len_max "$cid" "ip_len_max"
+        config_get ifname "$cid" "ifname"
+
+        #check version of ip
+        case $src_ip$dest_ip in
+                *.*)
+                        ip_version=4
+                        ;;
+                *:*)
+                        ip_version=6
+                        ;;
+                *)
+                        ip_version=1 #ip address not used
+        esac
+
+        #filter interface
+        if [ -n "$ifname" ]; then
+                if [ "$ifname" != "lo" ]; then
+                        iptables_filter_intf $ifname
+                fi
+        fi
+
+        # filter proto
+        if [ -n "$proto" ]; then
+                iptables_filter_proto $proto
+                is_l3_rule=1
+        fi
+
+        #filter src. ip
+        if [ -n "$src_ip" ]; then
+                iptables_filter_ip_src $src_ip
+                is_l3_rule=1
+        fi
+
+        #filter dest. ip
+        if [ -n "$dest_ip" ]; then
+                iptables_filter_ip_dest $dest_ip
+                is_l3_rule=1
+        fi
+
+        #filter dest. port
+        if [ -n "$dest_port" -a -z "$dest_port_range" ]; then
+                iptables_filter_port_dest $dest_port
+                is_l3_rule=1
+        fi
+        #filter src. port
+        if [ -n "$src_port" -a -z "$src_port_range" ]; then
+                iptables_filter_port_src $src_port
+                is_l3_rule=1
+        fi
+
+        #filter dest. port range
+        if [ -n "$dest_port" -a -n "$dest_port_range" ]; then
+                iptables_filter_port_dest_range $dest_port $dest_port_range
+                is_l3_rule=1
+        fi
+
+        #filter src. port range
+        if [ -n "$src_port" -a -n "$src_port_range" ]; then
+                iptables_filter_port_src_range $src_port $src_port_range
+                is_l3_rule=1
+        fi
+
+        #filter dscp
+        if [ -n "$dscp_filter" ]; then
+                iptables_filter_dscp_filter $dscp_filter
+                is_l3_rule=1
+        fi
+
+        #filter min. IP packet len.
+        if [ -n "$ip_len_min" ]; then
+                iptables_filter_ip_len_min $ip_len_min
+                is_l3_rule=1
+        fi
+        #filter max. IP packet len.
+        if [ -n "$ip_len_max" ]; then
+                iptables_filter_ip_len_max $ip_len_max
+                is_l3_rule=1
+        fi
+
+        if [ $is_l3_rule -eq 0 ]; then
+                return
+        fi
+
+        #set dscp mark
+        [ -n "$dscp_mark" ] && iptables_set_dscp_mark $dscp_mark
+
+        #set packet queue mark
+        [ -n "$traffic_class" ] && iptables_set_traffic_class  $traffic_class
+
+        #write iptables rule for dscp marking
+        [ -n "$IP_RULE" -a -n "$dscp_mark" ] && append_rule_to_mangle_table "qos_forward" $ip_version
+
+        if [ -n "$IP_RULE" -a -n "$traffic_class" ]; then
+                if [ "$ifname" == "lo" ]; then
+                        #write iptables rule for putting WAN directed internal packets in different queue
+                        append_rule_to_mangle_table "qos_output" $ip_version
+                else
+                        #write iptables rule for putting WAN directed LAN packets in different queue
+                        append_rule_to_mangle_table "qos_postrouting" $ip_version
+                fi
+        fi
+}
+
+handle_policer_rules() {
+	local c_sec=$1
+	local policer_name
+	local ifname
+	local pname
+	local pindex=-1
+	local ingress_rate=0
+	local in_burst_size=0
+
+	config_get policer_name "$c_sec" "policer"
+	if [ -z "$policer_name" ];then
+		# no need to apply policer if policer not present in this
+		# classification rule
+		return
+	fi
+
+	config_get ifname "$c_sec" "ifname"
+	if [ -z "$ifname" ]; then
+		# cannot associate policer as interface is not mentioned
+		return
+	fi
+
+	local i=0
+	local max_policer_inst=$(cat /tmp/qos/max_policer_inst)
+	while :
+	do
+		if [ $i -eq $max_policer_inst ]; then
+			break
+		fi
+
+		pname="$(uci -q get qos.@policer[$i].name)"
+		if [ "$policer_name" == "$pname" ]; then
+			pindex=$i
+			ingress_rate=$(uci -q get qos.@policer[$i].committed_rate)
+			in_burst_rate=$(uci -q get qos.@policer[$i].committed_burst_size)
+			break
+		fi
+		i=$((i + 1))
+	done
+
+	if [ $pindex -lt 0 ]; then
+		# policer not found, no need to proceed further
+		return
+	fi
+
+	config_ingress_rate_limit $ifname $ingress_rate $in_burst_size $pindex
+
+}
+
+config_ingress_rate_limit() {
+	local ifname="$1"
+	local ingress_rate=$2
+	local in_burst_size=$3
+	local pindex="$4"
+	local wanport="$(db -q get hw.board.ethernetWanPort)"
+
+	# Unit in uci file is in bps while that accepted by ethswctl is kbits
+	if [ $ingress_rate -lt 1000 ]; then
+		return
+	fi
+
+	ingress_rate=$((ingress_rate / 1000))
+
+	if [ $in_burst_size -eq 0 ]; then
+		in_burst_size=$ingress_rate
+	else
+		in_burst_size=$((in_burst_size / 1000))
+	fi
+
+	tc qdisc add dev $ifname ingress
+
+	tc filter add dev $ifname parent ffff: protocol ip prio $pindex u32 match ip src 0.0.0.0/0 police rate ${ingress_rate}kbit burst $in_burst_size drop flowid :$pindex
+
+}
+
+# Function to handle a classify order
+handle_classify_order() {
+        local cid="$1" #classify section ID
+
+        config_get is_enable "$cid" "enable" 1
+
+        # No need to configure disabled classify
+        if [ $is_enable == '0' ]; then
+                return
+        fi
+
+        # Create classify file containing classify order
+        local corder_file="/tmp/qos/classify.order"
+
+        config_get c_order "$cid" "order"
+
+        if [ -z "$c_order" ]; then
+           c_order=$temp_order;
+           temp_order=$((temp_order + 1))
+        fi
+
+        value=${c_order}_${cid}
+        echo $value >> $corder_file
+
+}
+
+# Sort classify, lower value in uci means higher precedence, so this
+# function sorts the classify order in assending order
+sort_classify_by_order() {
+        local corder_file="/tmp/qos/classify.order"
+        local tmp_corder_file="/tmp/qos/tmp_classify.order"
+
+        sort -n -k1 $corder_file > $tmp_corder_file
+        cp $tmp_corder_file $corder_file
+        rm -f $tmp_corder_file
+}
+
+#function to handle a classify section
+handle_classify() {
+	local corder_file="/tmp/qos/classify.order"
+	while read -r line; do
+		line_cid=$(echo $line | cut -d '_' -f 2)
+		config_get is_enable "$line_cid" "enable"
+		# no need to configure disabled classify rules
+		if [ "$is_enable" == '0' ]; then
+			continue
+		fi
+                handle_iptables_rules $line_cid
+                handle_policer_rules $line_cid
+        done < "$corder_file"
+}
+
+configure_classify() {
+        #processing classify section
+	rm -f /tmp/qos/classify.order
+	rm -f /tmp/qos/tmp_classify.order
+	rm -f /tmp/qos/classify.iptables
+	rm -f /tmp/qos/classify.ip6tables
+
+        # create files that will contain the rules if not present already
+        mkdir -p /tmp/qos/
+        touch /tmp/qos/classify.iptables
+        touch /tmp/qos/classify.ip6tables
+        touch /tmp/qos/classify.order
+        touch /tmp/qos/tmp_classify.order
+	flush_chains
+
+        # Load UCI file
+        config_load qos
+	config_foreach handle_classify_order classify
+	sort_classify_by_order
+        handle_classify
+
+        sh /tmp/qos/classify.iptables
+        sh /tmp/qos/classify.ip6tables
+
+}
+
+pre_configure_queue() {
+	# Delete queues
+	for intf in $(db get hw.board.ethernetPortOrder); do
+		rm -rf /tmp/qos/$intf
+
+		mkdir -p /tmp/qos/$intf
+		touch /tmp/qos/$intf/q_order
+		touch /tmp/qos/$intf/q_idx
+		echo 0 > /tmp/qos/$intf/q_idx
+
+		tc qdisc del dev $intf root
+		tc qdisc del dev $intf ingress
+	done
+}
+
+get_link_rate() {                     
+        intf="$1"              
+        speed=0   
+        config_load ports               
+        get_speed() {
+                psid="$1"                     
+                iname="$2"
+                config_load ports             
+                config_get ifname "$psid" "ifname"
+                if [ "$ifname" == "$iname" ]; then
+                        config_get speed "$psid" "speed"
+                fi
+        }                                
+        config_foreach get_speed ethport $intf           
+        echo "$speed"           
+}                   
+
+configure_queue() {
+	qdisc_idx=0
+	local bs=1500
+	local rate=0
+	# Load UCI file
+	config_load qos
+	config_foreach handle_q_order queue
+	sort_by_precedence
+
+	get_intf_shaper_config() {
+		local b_size
+		sid="$1" #shaper section ID
+
+		config_get is_enable "$sid" "enable"
+		# no need to configure disabled queues
+		if [ "$is_enable" == "0" ]; then
+			return
+		fi
+
+
+		config_get ifname "$sid" "ifname"
+		# if ifname is empty that is good enough to break
+		if [ -z "$ifname" ] || ! [ "$ifname" == "$2" ];then
+			return
+		fi
+
+		config_get rate "$sid" "rate"
+		# Convert the rate from bps to kbps.
+		if [ $rate -lt 1000 ];then
+			return
+		fi
+
+		rate=$(( rate / 1000 ))
+		config_get b_size "$sid" "burst_size"
+		if [ "$b_size" == "0" ]; then
+			bs="$b_size"
+		fi
+	}
+	local wanport="$(db -q get hw.board.ethernetWanPort)"
+	for interf in $(db -q get hw.board.ethernetPortOrder); do
+		Q_COUNT=0
+		rate=0
+		# sp queue have max priority value = no. of queue configured on the port
+		# hence read and update SP_Q_PRIO here
+		local q_no=$(cat /tmp/qos/$interf/q_idx)
+		SP_Q_PRIO=`expr $q_no - 1`
+		qdisc_idx=`expr $qdisc_idx + 1`
+		# link_rate is in mbps and rate is in kbp
+		link_rate=$(get_link_rate "$interf")
+		# Read the shaper configuration for interface
+		config_foreach get_intf_shaper_config shaper $interf
+		if [ "$rate" == "0" ]; then
+			rate=$(( link_rate * 1000 ))
+		fi
+
+		# TODO using 1500 as allot and avpkt, if shaper config exist for interf get burst_size of shaper for actual value
+		tc qdisc add dev $interf root handle ${qdisc_idx}: cbq allot $bs  avpkt 1500 bandwidth ${rate}kbit
+		# if qdisc_idx is the index corresponds to WAN port, then
+		# it would be the MAJOR portion of the destination class ID.
+		# under the same qdisc. We are programming for WAN port only.
+		if [ "$interf" == "$wanport" ]; then
+			MAJOR="$qdisc_idx"
+		fi
+
+		config_foreach handle_queue queue $interf $rate $qdisc_idx $bs
+	done
+}
+
+configure_policer() {
+
+        # Delete policer
+        local i=0
+        local max_p_inst=0
+        if [ -f "/tmp/qos/max_policer_inst" ]; then
+                max_p_inst=$(cat /tmp/qos/max_policer_inst)
+        fi
+
+        # reset the policer counter
+        echo 0 > /tmp/qos/max_policer_inst
+        # Load UCI file
+        config_load qos
+        config_foreach handle_policer policer
+        echo $POLICER_COUNT > /tmp/qos/max_policer_inst
+}
+
+
+configure_qos() {
+	pre_configure_queue
+	configure_queue
+	configure_classify
+	configure_policer
+}
+
+reload_qos() {
+	local service_name="$1"
+
+	if [ -z "$service_name" ]; then
+		configure_qos
+	elif [ "$service_name" == "queue" ]; then
+		pre_configure_queue
+		configure_queue
+        elif [ "$service_name" == "classify" ]; then
+                configure_classify
+	elif [ "$service_name" == "policer" ]; then
+		configure_policer
+	fi
+}
+
+reload_qos_service() {
+	reload_qos
+}
+

questd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=questd
-PKG_VERSION:=5.2.4
+PKG_VERSION:=5.2.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/questd
-PKG_SOURCE_VERSION:=2ca3ae0c29dcbbf01282f6118eb8d5e5bc9a1c45
+PKG_SOURCE_VERSION:=38af3655416c80933f89f5a03638403a7c051a42
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ssdpd/Makefile

@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2022 OpenWrt.org
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ssdpd
+PKG_VERSION:=1.0.3
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp.git
+PKG_SOURCE_VERSION:=207cf440a22c075cb55fb067a850be4f9c204e6e
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ssdpd
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libnfnetlink +libpthread +libubox +libubus +libblobmsg-json +libcurl +mxml
+  TITLE:=MiniSSDPd - SSDP daemon
+  URL:=https://miniupnp.tuxfamily.org/minissdpd.html
+endef
+
+MAKE_PATH:=minissdpd
+
+TARGET_CFLAGS += \
+	-D_GNU_SOURCE \
+	-Wall -Wextra -Werror
+
+TARGET_LDFLAGS += \
+	-lpthread -lubox -lubus -lblobmsg_json -lcurl -lmxml
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/sspd/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/ssdpd/install
+	$(INSTALL_DIR) $(1)/etc/upnp
+	$(INSTALL_DIR) $(1)/etc/upnp/description
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_CONF) ./files/etc/config/ssdpd $(1)/etc/config/ssdpd
+	$(INSTALL_BIN) ./files/etc/init.d/ssdpd $(1)/etc/init.d/ssdpd
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/minissdpd/minissdpd $(1)/usr/sbin/ssdpd
+endef
+
+$(eval $(call BuildPackage,ssdpd))

ssdpd/files/etc/config/ssdpd

@@ -0,0 +1,9 @@
+
+config ssdpd 'ssdp'
+	option enabled '1'
+	option ipv6_enabled '0'
+	option socket_path '/var/run/minissdpd.sock'
+	option ttl '2'
+	option interface 'br-lan'
+	option debug '0'
+

ssdpd/files/etc/init.d/ssdpd

@@ -0,0 +1,74 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=02
+
+USE_PROCD=1
+PROG=/usr/sbin/ssdpd
+
+log() {
+	echo "${@}"|logger -t ssdpd.init -p info
+}
+
+validate_ssdpd_ssdp_section()
+{
+	uci_validate_section ssdpd ssdpd "ssdp" \
+		'enabled:bool:true' \
+		'debug:bool:false' \
+		'ipv6_enabled:bool:false' \
+		'socket_path:string' \
+		'ttl:uinteger' \
+		'interface:string'
+}
+
+configure_ssdp()
+{
+	local enabled ipv6_enabled socket_path ttl interface
+
+	config_load ssdpd
+
+	validate_ssdpd_ssdp_section || {
+		log "Validation of ssdp section failed"
+		return 1;
+	}
+
+	[ ${enabled} -eq 0 ] && return 0
+
+	procd_set_param command ${PROG}
+
+	if [ ${ipv6_enabled} -eq 1 ]; then
+		procd_append_param command -6
+	fi
+
+	if [ ${debug} -eq 1 ]; then
+		procd_append_param command -d
+	fi
+
+	if [ -n "${socket_path}" ]; then
+		procd_append_param command -s ${socket_path}
+	fi
+
+	if [ -n "${ttl}" ]; then
+		procd_append_param command -t ${ttl}
+	fi
+
+	# If no interface is given defaults for br-lan
+	procd_append_param command -i ${interface:-br-lan}
+}
+
+start_service() {
+	procd_open_instance ssdp
+	configure_ssdp
+	procd_set_param respawn
+	procd_close_instance
+}
+
+reload_service() {
+	stop
+	start
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "ssdpd"
+}

ssdpd/patches/001-fix-gcc-warnings

@@ -0,0 +1,20 @@
+--- a/minissdpd/openssdpsocket.c
++++ b/minissdpd/openssdpsocket.c
+@@ -11,6 +11,7 @@
+ #include <unistd.h>
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
++#include <sys/time.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+ #include <net/if.h>
+--- a/minissdpd/ifacewatch.c
++++ b/minissdpd/ifacewatch.c
+@@ -130,6 +130,7 @@ ProcessInterfaceWatch(int s, int s_ssdp,
+ 		/* case RTM_DELLINK: */
+ 		case RTM_DELADDR:
+ 			is_del = 1;
++			// fall through
+ 		case RTM_NEWADDR:
+ 			/* http://linux-hacks.blogspot.fr/2009/01/sample-code-to-learn-netlink.html */
+ 			ifa = (struct ifaddrmsg *)NLMSG_DATA(nlhdr);

ssdpd/patches/010-add-test-object

@@ -0,0 +1,11 @@
+--- a/minissdpd/Makefile
++++ b/minissdpd/Makefile
+@@ -41,7 +41,7 @@ endif
+ EXECUTABLES = minissdpd testminissdpd testcodelength \
+               showminissdpdnotif
+ MINISSDPDOBJS = minissdpd.o openssdpsocket.o daemonize.o upnputils.o \
+-                ifacewatch.o getroute.o getifaddr.o asyncsendto.o
++                ifacewatch.o getroute.o getifaddr.o asyncsendto.o ssdpd.o
+ TESTMINISSDPDOBJS = testminissdpd.o printresponse.o
+ SHOWMINISSDPDNOTIFOBJS = showminissdpdnotif.o printresponse.o
+ 

ssdpd/patches/011-add-ubus-object

@@ -0,0 +1,629 @@
+--- /dev/null
++++ b/minissdpd/ssdpd.c
+@@ -0,0 +1,626 @@
++/*
++ * Copyright (C) 2022 iopsys Software Solutions AB
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU Lesser General Public License version 2.1
++ * as published by the Free Software Foundation
++ *
++ *	Author: Amin Ben Romdhane <amin.benromdhane@iopsys.eu>
++ */
++
++#include <unistd.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <net/if.h>
++#include <syslog.h>
++
++#include <curl/curl.h>
++#include <libubox/uloop.h>
++#include <libubox/blobmsg_json.h>
++#include <libubox/list.h>
++#include <libubus.h>
++#include <mxml.h>
++
++#include "codelength.h"
++
++struct UPNPDev {
++	struct list_head list;
++	char *descURL;
++	char *st;
++	char *usn;
++};
++
++struct desc_list_elt {
++	struct list_head list;
++	char *url;
++	char *desc_path;
++	bool is_device_desc;
++};
++
++#define UPNP_DESC_PATH "/etc/upnp/description"
++#define UPNP_DISCOVER_TIMEOUT (30 * 1000)
++
++#ifndef MIN
++#define MIN(a, b) (((a) < (b)) ? (a) : (b))
++#endif /* MIN */
++
++/* macros used to read from unix socket */
++#define READ_BYTE_BUFFER(c) \
++	if ((int)bufferindex >= n) { \
++		n = read(s, buffer, sizeof(buffer)); \
++		if (n <= 0) break; \
++		bufferindex = 0; \
++	} \
++	c = buffer[bufferindex++];
++
++#define READ_COPY_BUFFER(dst, len) \
++	for (l = len, p = (unsigned char *)dst; l > 0; ) { \
++		unsigned int lcopy; \
++		if ((int)bufferindex >= n) { \
++			n = read(s, buffer, sizeof(buffer)); \
++			if ( n<= 0) break; \
++			bufferindex = 0; \
++		} \
++		lcopy = MIN(l, (n - bufferindex)); \
++		memcpy(p, buffer + bufferindex, lcopy); \
++		l -= lcopy; \
++		p += lcopy; \
++		bufferindex += lcopy; \
++	}
++
++LIST_HEAD(dev_list);
++LIST_HEAD(desc_list);
++
++char *ssdp_sockpath = NULL;
++
++static void upnp_discover_devices(struct uloop_timeout *timeout);
++static struct uloop_timeout upnpdiscover_timer = { .cb = upnp_discover_devices };
++
++static void add_dev_to_dev_list(char *descURL, char *st, char *usn)
++{
++	struct UPNPDev *dev = NULL;
++
++	dev = calloc(1, sizeof(struct UPNPDev));
++	list_add_tail(&dev->list, &dev_list);
++
++	dev->descURL = descURL;
++	dev->st = st;
++	dev->usn = usn;
++}
++
++void free_all_dev_list(void)
++{
++	struct UPNPDev *dev = NULL;
++
++	while (dev_list.next != &dev_list) {
++		dev = list_entry(dev_list.next, struct UPNPDev, list);
++		free(dev->descURL);
++		free(dev->st);
++		free(dev->usn);
++		free(dev);
++		list_del(&dev->list);
++	}
++}
++
++static int connectToMiniSSDPD(void)
++{
++	int s = 0;
++	struct sockaddr_un addr;
++
++	s = socket(AF_UNIX, SOCK_STREAM, 0);
++	if(s < 0)
++		return -1;
++
++	char *ssdp_s = ssdp_sockpath ? ssdp_sockpath : "/var/run/minissdpd.sock";
++
++	memset(&addr, 0, sizeof(addr));
++	addr.sun_family = AF_UNIX;
++
++	strncpy(addr.sun_path, ssdp_s, sizeof(addr.sun_path));
++
++	if(connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0) {
++		close(s);
++		return -1;
++	}
++
++	return s;
++}
++
++static int disconnectFromMiniSSDPD(int s)
++{
++	if (close(s) < 0)
++		return -1;
++	return 0;
++}
++
++static int requestDevicesFromMiniSSDPD(int s)
++{
++	unsigned char buffer[256];
++	unsigned char *p = NULL;
++	unsigned int stsize = 0, l = 0;
++	char *devtype = "ssdp:all";
++
++	buffer[0] = 3;	/* request type 3 : everything */
++	stsize = strlen(devtype);
++
++	p = buffer + 1;
++	l = stsize;	CODELENGTH(l, p);
++	if (p + stsize > buffer + sizeof(buffer))
++		return -1;
++
++	memcpy(p, devtype, stsize);
++	p += stsize;
++	if (write(s, buffer, p - buffer) < 0)
++		return -1;
++
++	return 0;
++}
++
++static int receiveDevicesFromMiniSSDPD(int s)
++{
++	unsigned char buffer[256];
++	ssize_t n;
++	unsigned char *p;
++	unsigned int bufferindex;
++	unsigned int i, ndev;
++	unsigned int urlsize, stsize, usnsize, l;
++	char *url, *st, *usn;
++
++	n = read(s, buffer, sizeof(buffer));
++	if (n <= 0)
++		return -1;
++
++	ndev = buffer[0];
++	bufferindex = 1;
++	for (i = 0; i < ndev; i++) {
++		DECODELENGTH_READ(urlsize, READ_BYTE_BUFFER);
++		if (n <= 0)
++			return -1;
++
++		url = (char *)malloc(urlsize);
++		if (url == NULL)
++			return -1;
++
++		READ_COPY_BUFFER(url, urlsize);
++		if (n <= 0)
++			return -1;
++
++		DECODELENGTH_READ(stsize, READ_BYTE_BUFFER);
++		if (n <= 0)
++			goto free_url_and_return;
++
++		st = (char *)malloc(stsize);
++		if (st == NULL)
++			goto free_url_and_return;
++
++		READ_COPY_BUFFER(st, stsize);
++		if (n <= 0)
++			goto free_url_and_st_and_return;
++
++		DECODELENGTH_READ(usnsize, READ_BYTE_BUFFER);
++		if (n <= 0)
++			goto free_url_and_st_and_return;
++
++		usn = (char *)malloc(usnsize);
++		if (usn == NULL)
++			goto free_url_and_st_and_return;
++
++		READ_COPY_BUFFER(usn, usnsize);
++		if (n <= 0)
++			goto free_url_and_st_and_usn_and_return;
++
++		add_dev_to_dev_list(url, st, usn);
++	}
++
++	return 0;
++
++free_url_and_st_and_usn_and_return:
++	free(usn);
++free_url_and_st_and_return:
++	free(st);
++free_url_and_return:
++	free(url);
++	return -1;
++}
++
++static int getDevicesFromMiniSSDPD(void)
++{
++	int s = 0;
++	int res = 0;
++
++	s = connectToMiniSSDPD();
++	if (s < 0)
++		return -1;
++
++	res = requestDevicesFromMiniSSDPD(s);
++	if (res < 0)
++		goto close_socket_and_return;
++
++	res = receiveDevicesFromMiniSSDPD(s);
++
++close_socket_and_return:
++	disconnectFromMiniSSDPD(s);
++
++	return res;
++}
++
++static void download_file(char *file_path, const char *url)
++{
++	CURL *curl = curl_easy_init();
++	if (curl) {
++		curl_easy_setopt(curl, CURLOPT_URL, url);
++		curl_easy_setopt(curl, CURLOPT_TIMEOUT, 500);
++
++		FILE *fp = fopen(file_path, "wb");
++		if (fp) {
++			curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);
++			curl_easy_perform(curl);
++			fclose(fp);
++		}
++
++		curl_easy_cleanup(curl);
++	}
++}
++
++static bool is_desc_exist(const char *desc_url)
++{
++	struct desc_list_elt *desc_elt = NULL;
++
++	if (!desc_url)
++		return false;
++
++	list_for_each_entry(desc_elt, &desc_list, list) {
++		if (strcmp(desc_elt->url, desc_url) == 0)
++			return true;
++	}
++
++	return false;
++}
++
++static void get_desc_name(const char *desc_url, char *str, size_t len)
++{
++	if (!desc_url || !str || len == 0)
++		return;
++
++	char *p = strstr(desc_url, "://");
++
++	snprintf(str, len, "%s", p ? p + 3 : desc_url);
++
++	for (int i = 0; str[i]; i++) {
++		if (str[i] == '/')
++			str[i] = '_';
++	}
++}
++
++static void add_desc_to_desc_list(const char *desc_path, const char *url, int is_device_desc)
++{
++	struct desc_list_elt *desc_elt;
++
++	desc_elt = calloc(1, sizeof(struct desc_list_elt));
++	list_add_tail(&desc_elt->list, &desc_list);
++
++	desc_elt->desc_path = strdup(desc_path);
++	desc_elt->url = strdup(url);
++	desc_elt->is_device_desc = is_device_desc;
++}
++
++static void free_all_desc_list(void)
++{
++	struct desc_list_elt *desc_elt = NULL;
++
++	while (desc_list.next != &desc_list) {
++		desc_elt = list_entry(desc_list.next, struct desc_list_elt, list);
++		free(desc_elt->desc_path);
++		free(desc_elt->url);
++		free(desc_elt);
++		list_del(&desc_elt->list);
++	}
++}
++
++static void __upnp_discover_devices(void)
++{
++	struct UPNPDev *dev = NULL;
++	char desc_name[128] = {0};
++	char file_path[256] = {0};
++	int res = 0, is_device_desc = 0;
++
++	/*
++	 * Discover devices
++	 */
++	if (!list_empty(&dev_list))
++		free_all_dev_list();
++
++	res = getDevicesFromMiniSSDPD();
++	if (res)
++		goto end;
++
++	/*
++	 * Download description files
++	 */
++	list_for_each_entry_reverse(dev, &dev_list, list) {
++
++		if (is_desc_exist(dev->descURL))
++			continue;
++
++		get_desc_name(dev->descURL, desc_name, sizeof(desc_name));
++		snprintf(file_path, sizeof(file_path), "%s/%s", UPNP_DESC_PATH, desc_name);
++		is_device_desc = (dev->usn && strstr(dev->usn, ":service:")) ? 0 : 1;
++
++		// Download Description
++		download_file(file_path, dev->descURL);
++
++		// Add description to descriptions list
++		add_desc_to_desc_list(file_path, dev->descURL, is_device_desc);
++	}
++
++end:
++	uloop_timeout_set(&upnpdiscover_timer, UPNP_DISCOVER_TIMEOUT);
++}
++
++static int upnp_discovery_res(struct ubus_context *ctx, struct ubus_object *obj __attribute__((unused)),
++		struct ubus_request_data *req, const char *method __attribute__((unused)), struct blob_attr *msg __attribute__((unused)))
++{
++	struct blob_buf bb = {0};
++	struct UPNPDev *dev = NULL;
++
++	memset(&bb,0,sizeof(struct blob_buf));
++	blob_buf_init(&bb, 0);
++
++	void *devices_array = blobmsg_open_array(&bb, "devices");
++	list_for_each_entry_reverse(dev, &dev_list, list) {
++		// Parse Root device and devices
++		if ((dev->st && strstr(dev->st, ":rootdevice") != NULL) || (dev->usn && strstr(dev->usn, ":device:") != NULL)) {
++			void *device_obj = blobmsg_open_table(&bb, NULL);
++			blobmsg_add_string(&bb, "descurl", dev->descURL);
++			blobmsg_add_string(&bb, "st", dev->st);
++			blobmsg_add_string(&bb, "usn", dev->usn);
++			blobmsg_add_string(&bb, "is_root_device", dev->st && strstr(dev->st, ":rootdevice") ? "1" : "0");
++			blobmsg_close_table(&bb, device_obj);
++		}
++	}
++	blobmsg_close_array(&bb, devices_array);
++
++	void *services_array = blobmsg_open_array(&bb, "services");
++	list_for_each_entry_reverse(dev, &dev_list, list) {
++		// Parse Services
++		if (dev->usn && strstr(dev->usn, ":service:") != NULL) {
++			void *service_obj = blobmsg_open_table(&bb, NULL);
++			blobmsg_add_string(&bb, "descurl", dev->descURL);
++			blobmsg_add_string(&bb, "st", dev->st);
++			blobmsg_add_string(&bb, "usn", dev->usn);
++			blobmsg_close_table(&bb, service_obj);
++		}
++	}
++	blobmsg_close_array(&bb, services_array);
++
++	ubus_send_reply(ctx, req, bb.head);
++	blob_buf_free(&bb);
++	return 0;
++}
++
++static void fill_device_instances(struct blob_buf *bb, mxml_node_t *device)
++{
++	void *device_obj = NULL;
++	mxml_node_t *b = device;
++	char buf[64] = {0};
++	bool new_device_discovery = false;
++
++	while (b) {
++
++		if (mxmlGetType(b) != MXML_ELEMENT) {
++			b = mxmlWalkNext(b, device, MXML_DESCEND);
++			continue;
++		}
++
++		const char *elm_name = mxmlGetElement(b);
++		const char *elm_val = mxmlGetOpaque(b);
++
++		if (elm_name && strcmp(elm_name, "device") == 0) {
++
++			if (new_device_discovery && device_obj)
++				blobmsg_close_table(bb, device_obj);
++
++			device_obj = blobmsg_open_table(bb, NULL);
++			blobmsg_add_string(bb, "parent_dev", buf);
++			new_device_discovery = true;
++		}
++
++		if (elm_name && strcmp(elm_name, "deviceType") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "deviceType", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "friendlyName") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "friendlyName", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "manufacturer") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "manufacturer", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "manufacturerURL") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "manufacturerURL", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "modelDescription") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "modelDescription", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "modelName") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "modelName", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "modelNumber") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "modelNumber", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "modelURL") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "modelURL", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "serialNumber") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "serialNumber", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "UDN") == 0 && new_device_discovery) {
++			snprintf(buf, sizeof(buf), "%s", elm_val ? elm_val : "");
++			blobmsg_add_string(bb, "UDN", buf);
++		}
++
++		if (elm_name && strcmp(elm_name, "UPC") == 0 && new_device_discovery)
++			blobmsg_add_string(bb, "UPC", elm_val ? elm_val : "");
++
++		b = mxmlWalkNext(b, device, MXML_DESCEND);
++	}
++
++	if (new_device_discovery && device_obj)
++		blobmsg_close_table(bb, device_obj);
++}
++
++static void fill_service_element(struct blob_buf *bb, mxml_node_t *service)
++{
++	mxml_node_t *b = service;
++	void *service_obj = NULL;
++	char buf[64] = {0};
++	bool new_srv_discovery = false;
++
++	while (b) {
++
++		if (mxmlGetType(b) != MXML_ELEMENT) {
++			b = mxmlWalkNext(b, service, MXML_DESCEND);
++			continue;
++		}
++
++		const char *elm_name = mxmlGetElement(b);
++		const char *elm_val = mxmlGetOpaque(b);
++
++		if (elm_name && strcmp(elm_name, "UDN") == 0)
++			snprintf(buf, sizeof(buf), "%s", elm_val ? elm_val : "");
++
++
++		if (elm_name && strcmp(elm_name, "service") == 0) {
++
++			if (new_srv_discovery && service_obj)
++				blobmsg_close_table(bb, service_obj);
++
++			service_obj = blobmsg_open_table(bb, NULL);
++			blobmsg_add_string(bb, "parent_dev", buf);
++			new_srv_discovery = true;
++		}
++
++		if (elm_name && strcmp(elm_name, "serviceType") == 0 && new_srv_discovery)
++			blobmsg_add_string(bb, "serviceType", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "serviceId") == 0 && new_srv_discovery)
++			blobmsg_add_string(bb, "serviceId", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "SCPDURL") == 0 && new_srv_discovery)
++			blobmsg_add_string(bb, "SCPDURL", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "controlURL") == 0 && new_srv_discovery)
++			blobmsg_add_string(bb, "controlURL", elm_val ? elm_val : "");
++
++		if (elm_name && strcmp(elm_name, "eventSubURL") == 0 && new_srv_discovery)
++			blobmsg_add_string(bb, "eventSubURL", elm_val ? elm_val : "");
++
++		b = mxmlWalkNext(b, service, MXML_DESCEND);
++	}
++
++	if (new_srv_discovery && service_obj)
++		blobmsg_close_table(bb, service_obj);
++}
++
++static int upnp_description_res(struct ubus_context *ctx, struct ubus_object *obj __attribute__((unused)),
++		struct ubus_request_data *req, const char *method __attribute__((unused)), struct blob_attr *msg __attribute__((unused)))
++{
++	struct desc_list_elt *desc_elt = NULL;
++	struct blob_buf bb = {0};
++
++	memset(&bb,0,sizeof(struct blob_buf));
++	blob_buf_init(&bb, 0);
++
++	void *desc_array = blobmsg_open_array(&bb, "descriptions");
++	list_for_each_entry(desc_elt, &desc_list, list) {
++		void *device_obj = blobmsg_open_table(&bb, NULL);
++		blobmsg_add_string(&bb, "desc_url", desc_elt->url);
++		blobmsg_add_u32(&bb, "is_device_desc", desc_elt->is_device_desc);
++		blobmsg_close_table(&bb, device_obj);
++
++	}
++	blobmsg_close_array(&bb, desc_array);
++
++	list_for_each_entry(desc_elt, &desc_list, list) {
++
++		FILE *fp = fopen(desc_elt->desc_path, "r");
++		if (!fp)
++			continue;
++
++		mxml_node_t *tree = mxmlLoadFile(NULL, fp, MXML_OPAQUE_CALLBACK);
++		fclose(fp);
++
++		if (tree) {
++			void *devices_array = blobmsg_open_array(&bb, "devices");
++	 		mxml_node_t *device = mxmlFindElement(tree, tree, "device", NULL, NULL, MXML_DESCEND);
++			fill_device_instances(&bb, device);
++			blobmsg_close_array(&bb, devices_array);
++
++			void *services_array = blobmsg_open_array(&bb, "services");
++	 		mxml_node_t *service = mxmlFindElement(tree, tree, "device", NULL, NULL, MXML_DESCEND);
++			fill_service_element(&bb, service);
++			blobmsg_close_array(&bb, services_array);
++
++			mxmlDelete(tree);
++		}
++	}
++
++	ubus_send_reply(ctx, req, bb.head);
++	blob_buf_free(&bb);
++	return 0;
++}
++
++static struct ubus_method upnp_methods[] = {
++	UBUS_METHOD_NOARG("discovery", upnp_discovery_res),
++	UBUS_METHOD_NOARG("description", upnp_description_res),
++};
++
++static struct ubus_object_type upnp_type = UBUS_OBJECT_TYPE("upnp", upnp_methods);
++
++static void upnp_discover_devices(struct uloop_timeout *timeout __attribute__((unused)))
++{
++	__upnp_discover_devices();
++}
++
++static struct ubus_object upnp_object = {
++	.name = "upnp",
++	.type = &upnp_type,
++	.methods = upnp_methods,
++	.n_methods = ARRAY_SIZE(upnp_methods),
++};
++
++void upnp_thread_discover_devices(void)
++{
++	struct ubus_context *ctx = NULL;
++	const char *ubus_socket = NULL;
++	int ret = 0;
++
++	uloop_init();
++
++	ctx = ubus_connect(ubus_socket);
++	if (!ctx) {
++		syslog(LOG_ERR, "Failed to connect to ubus\n");
++		return;
++	}
++
++	ubus_add_uloop(ctx);
++
++	__upnp_discover_devices();
++
++	ret = ubus_add_object(ctx, &upnp_object);
++	if (ret) {
++		syslog(LOG_ERR, "Failed to add 'upnp' ubus object: %s\n", ubus_strerror(ret));
++		goto end;
++	}
++
++	uloop_run();
++
++end:
++	free_all_desc_list();
++	free_all_dev_list();
++	uloop_done();
++	ubus_free(ctx);
++}

ssdpd/patches/012-ubus-runner-thread-hook

@@ -0,0 +1,95 @@
+--- a/minissdpd/minissdpd.c
++++ b/minissdpd/minissdpd.c
+@@ -32,6 +32,8 @@
+ #include <pwd.h>
+ #include <grp.h>
+ #endif
++/* for uloop thread */
++#include <pthread.h>
+ 
+ /* LOG_PERROR does not exist on Solaris */
+ #ifndef LOG_PERROR
+@@ -52,6 +54,10 @@
+ #define MIN(x,y) (((x)<(y))?(x):(y))
+ #endif
+ 
++extern char *ssdp_sockpath;
++void upnp_thread_discover_devices(void);
++void ssdpd_ubus_stop(void);
++
+ /* current request management structure */
+ struct reqelem {
+ 	int socket;
+@@ -1220,6 +1226,12 @@ static void ssdpDiscover(int s, int ipv6
+ 	}
+ }
+ 
++static void *thread_discover_devices(void *args __attribute__((unused)))
++{
++	upnp_thread_discover_devices();
++	return NULL;
++}
++
+ /* main(): program entry point */
+ int main(int argc, char * * argv)
+ {
+@@ -1264,6 +1276,7 @@ int main(int argc, char * * argv)
+ 	unsigned char ttl = 2;	/* UDA says it should default to 2 */
+ 	const char * searched_device = NULL;	/* if not NULL, search/filter a specific device type */
+ 	int opt;
++	pthread_t upnp_thread;
+ 
+ 	LIST_INIT(&reqlisthead);
+ 	LIST_INIT(&servicelisthead);
+@@ -1309,6 +1322,7 @@ int main(int argc, char * * argv)
+ 			break;
+ 		case 's':
+ 			sockpath = optarg;
++			ssdp_sockpath = optarg;
+ 			break;
+ #ifndef NO_BACKGROUND_NO_PIDFILE
+ 		case 'p':
+@@ -1496,6 +1510,11 @@ int main(int argc, char * * argv)
+ 	if(s_ssdp6 >= 0)
+ 		ssdpDiscover(s_ssdp6, 1, searched_device);
+ 
++	int err = pthread_create(&upnp_thread, NULL, &thread_discover_devices, NULL);
++	if (err < 0) {
++		syslog(LOG_ERR, "Error when creating upnp thread");
++	}
++
+ 	/* Main loop */
+ 	while(!quitting) {
+ 		/* fill readfds fd_set */
+@@ -1704,6 +1723,8 @@ quit:
+ 	if(unlink(pidfilename) < 0)
+ 		syslog(LOG_ERR, "unlink(%s): %m", pidfilename);
+ #endif
++	ssdpd_ubus_stop();
++	pthread_join(upnp_thread, NULL);
+ 	closelog();
+ 	return ret;
+ }
+--- a/minissdpd/ssdpd.c
++++ b/minissdpd/ssdpd.c
+@@ -624,3 +624,8 @@ end:
+ 	uloop_done();
+ 	ubus_free(ctx);
+ }
++
++void ssdpd_ubus_stop(void)
++{
++	uloop_end();
++}
++
+--- a/minissdpd/config.h
++++ b/minissdpd/config.h
+@@ -32,7 +32,7 @@
+ 
+ /* When NO_BACKGROUND_NO_PIDFILE is defined, minissdpd does not go to
+  * background and does not create any pidfile */
+-/*#define NO_BACKGROUND_NO_PIDFILE*/
++#define NO_BACKGROUND_NO_PIDFILE
+ 
+ /* define HAVE_IP_MREQN to use struct ip_mreqn instead of struct ip_mreq
+  * for setsockopt(IP_MULTICAST_IF). Available with Linux 2.4+,

sulu-builder/Config.in

@@ -13,7 +13,7 @@ menu "SULU_CORE"
 
 	config SULU_CORE_VERSION
 		string "SULU repo version"
-		default "472c41d1fe969f4d3b6cf74d27c220a6e2f5a5e0"
+		default "80815db11f7b0c1913ae551ff50ed2c89676f489"
 endmenu
 
 menu "SULU_PLUGIN_LCM"
@@ -35,7 +35,7 @@ menu "SULU_PLUGIN_LCM"
 	config SULU_PLUGIN_LCM_VERSION
 		depends on SULU_PLUGIN_LCM_ENABLE
 		string "Version"
-		default "6258dc0bca7a4bb648a77175ab85913d73851ced"
+		default "ccd70b399b31530dc1af6a871eee94fbb179d794"
 endmenu
 
 menu "SULU_PLUGIN_MULTIAP"
@@ -57,7 +57,7 @@ menu "SULU_PLUGIN_MULTIAP"
 	config SULU_PLUGIN_MULTIAP_VERSION
 		depends on SULU_PLUGIN_MULTIAP_ENABLE
 		string "Version"
-		default "53eef156a02b9e93bd566997b5ff6f47fba29e46"
+		default "3e662d50c5a14225354f6287d1c6a47414b694a6"
 endmenu
 
 menu "SULU_THEME_IOPSYS"

sulu-builder/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=1.3.11
+PKG_VERSION:=1.3.25
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=aeb6db93a584cbdc7b5435a4503242833d90ad33
+PKG_SOURCE_VERSION:=696ef814e0b16345f2e8ee0104f3ee1eeaeea5dc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 
@@ -22,7 +22,7 @@ define Package/${PKG_NAME}
 	SECTION:=utils
 	CATEGORY:=Utilities
 	TITLE:=Build sulu from source
-	DEPENDS:=+nginx +mosquitto-auth-shadow
+	DEPENDS:=+nginx +mosquitto-auth-shadow +usermngr +jq
 	CONFLICTS:=sulu
 endef
 
@@ -40,7 +40,7 @@ define Download/sulu_core
   FILE:=$(SULU_DL_FILE)
   URL:=$(CONFIG_SULU_CORE_URL)
   PROTO:=git
-  SUBDIR:=core
+  SUBDIR:=sulu
   VERSION:=${CONFIG_SULU_CORE_VERSION}
   HASH:=skip
 endef
@@ -139,6 +139,10 @@ ifeq ($(CONFIG_SULU_THEME_CUSTOM_ENABLE),y)
 endif
 endef
 
+define Build/Compile
+	VERSION="v${PKG_VERSION}" $(MAKE) -C $(PKG_BUILD_DIR)/
+endef
+
 define Package/${PKG_NAME}/install
 	$(INSTALL_DIR) $(1)/sulu
 	$(INSTALL_DIR) $(1)/sulu/config
@@ -158,20 +162,16 @@ endif
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
 
-	$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
-
-	$(INSTALL_DIR) $(1)/etc/nginx/conf.d
-	$(INSTALL_DATA) ./files/etc/nginx/conf.d/sulu.conf $(1)/etc/nginx/conf.d/
-
 	$(INSTALL_DIR) $(1)/etc/sulu
 	$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
+	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-nginx-config $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/01-update-nginx-uci-template $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/10-add-mqtt-config $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,${PKG_NAME}))

sulu-builder/files/etc/config/sulu

@@ -1,6 +1,4 @@
 config global 'global'
-	option enabled '1'
-	option enable_system_credentials '1'
 	option role_based_access '1'
 	list user 'admin'
 	list user 'user'

sulu-builder/files/etc/init.d/sulu

@@ -33,8 +33,9 @@ start_service() {
 		return 0
 	fi
 
+	update_nginx_template
 	configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
-	update_nginx_config "${enabled}"
+	generate_sulu_conn_config "${role_based_access}"
 	procd_close_instance
 }
 
@@ -45,5 +46,5 @@ reload_service() {
 
 service_triggers()
 {
-	procd_add_reload_trigger "sulu"
+	procd_add_reload_trigger "sulu" "nginx"
 }

sulu-builder/files/etc/mosquitto/conf.d/obuspa.conf

@@ -1,3 +0,0 @@
-listener 1883 127.0.0.1
-allow_anonymous true
-

sulu-builder/files/etc/mosquitto/conf.d/sulu.conf

@@ -1,4 +0,0 @@
-listener 9001
-protocol websockets
-require_certificate false
-allow_anonymous false

sulu-builder/files/etc/mosquitto/sulu.password

@@ -1 +0,0 @@
-admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==

sulu-builder/files/etc/nginx/conf.d/sulu.conf

@@ -1,27 +0,0 @@
-server {
-        listen 8080;
-        listen [::]:8080;
-        server_name _sulu;
-        root /sulu;
-        location /config/ {
-                autoindex on;
-                expires -1;
-
-                if ($request_method = 'OPTIONS') {
-                        add_header 'Access-Control-Allow-Origin' '*';
-                        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-                        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range';
-                        add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-                        add_header 'Content-Type' 'text/plain; charset=utf-8';
-                        add_header 'Content-Length' 0;
-                        return 204;
-                }
-                if ($request_method = 'GET') {
-                        add_header 'Access-Control-Allow-Origin' '*' always;
-                        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-                        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
-                        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-                        add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-                }
-        }
-}

sulu-builder/files/etc/sulu/nginx.locations

@@ -0,0 +1,50 @@
+error_page 497 301 =307 https://$host:$server_port$request_uri;
+
+location /robots.txt {
+	return 200 "User-agent: *\nDisallow: /\n";
+}
+
+location /sitemap.xml {
+	return 200 "User-agent: *\nDisallow: /\n";
+}
+
+location /ws {
+	proxy_pass_request_headers      on;
+	proxy_cache        off;
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection $connection_upgrade;
+	proxy_set_header    Host               $host;
+	proxy_set_header    X-Real-IP          $remote_addr;
+	proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+	proxy_set_header    X-Forwarded-Host   $host;
+	proxy_set_header    X-Forwarded-Server $host;
+	proxy_set_header    X-Forwarded-Port   $server_port;
+	proxy_set_header    X-Forwarded-Proto  $scheme;
+	add_header          Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
+	proxy_pass http://websocket;
+}
+
+location / {
+	autoindex on;
+	expires -1;
+
+	if ($request_method = 'OPTIONS') {
+		add_header 'Access-Control-Allow-Origin' '*';
+		add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range';
+		add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+		add_header 'Content-Type' 'text/plain; charset=utf-8';
+		add_header 'Content-Length' 0;
+		return 204;
+	}
+	if ($request_method = 'GET') {
+		add_header 'Access-Control-Allow-Origin' '*' always;
+		add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
+		add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+		add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+	}
+}

sulu-builder/files/etc/sulu/sulu.sh

@@ -2,9 +2,6 @@
 
 . /lib/functions.sh
 
-SULU_CONFIG="/sulu/config/connectionConfig.json"
-ACL_FILE="/tmp/sulu/mqtt.acl"
-MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
 _RESTART_SERVICES="0"
 
 mkdir -p /tmp/sulu/
@@ -22,9 +19,10 @@ function _get_agent_id()
 	if [ -z "${endpointid}" ]; then
 		oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
 		serial="$(db -q get device.deviceinfo.SerialNumber)"
-		echo "${oui}-${serial}"
+		echo "${oui}-${serial//+/%2B}"
 	else
-		echo "$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
+		endpointid="$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
+		endpointid="${endpointid//+/%2B}"
 	fi
 }
 
@@ -36,9 +34,9 @@ function _get_endpoint_id()
 	if [ -z "${endpointid}" ]; then
 		oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
 		serial="$(db -q get device.deviceinfo.SerialNumber)"
-		echo "os::${oui}-${serial}"
+		echo "os::${oui}-${serial//+/%2B}"
 	else
-		echo "${endpointid}"
+		echo "${endpointid//+/%2B}"
 	fi
 }
 
@@ -47,12 +45,60 @@ function _get_sulu_users()
 	echo "$(uci -q get sulu.global.user)"
 }
 
+function _get_sulu_root()
+{
+	local root
+
+	root="$(uci -q get nginx._sulu_s.root)"
+	echo "${root:-/sulu}"
+}
+
+function _get_usp_upstream_port()
+{
+	local port
+
+	port="$(uci -q get mosquitto.sulu.port)"
+	echo "${port:-9009}"
+}
+
+function _get_sulu_acl_file()
+{
+	local file
+
+	file="$(uci -q get mosquitto.sulu.acl_file)"
+	echo "${file}"
+}
+
+function _get_sulu_tls_port()
+{
+	local port listen
+
+	listen="$(uci -q get nginx._sulu_s.listen)"
+	port="$(echo $listen|grep -Eo '[0-9]+'|head -n 1)"
+
+	echo "${port:-8443}"
+}
+
+function update_nginx_template()
+{
+	local port
+
+	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+	port="$(_get_usp_upstream_port)"
+        if ! grep -q "upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}; then
+		sed -i "s/upstream websocket { server 127.0.0.1:[0-9]\+; }/upstream websocket { server 127.0.0.1:${var}; }/" ${UCI_TEMPLATE}
+		log "Restarting nginx"
+		ubus call uci commit '{"config":"nginx"}'
+	fi
+}
+
 function generate_sulu_conn_config()
 {
-	local rbac users
+	local rbac users SCONFIG
 
 	rbac="${1}"
 	users="$(_get_sulu_users)"
+	SCONFIG="$(_get_sulu_root)/config/connectionConfig.json"
 
 	json_init;
 	if [ "${rbac}" -eq "1" ]; then
@@ -63,8 +109,9 @@ function generate_sulu_conn_config()
 	json_add_object 'connections';
 		json_add_object 'rbac';
 		json_add_string 'toId' "$(_get_endpoint_id)";
-		json_add_int 'port' 9001;
-		json_add_string 'protocol' 'ws';
+		json_add_int 'port' "$(_get_sulu_tls_port)";
+		json_add_string 'path' "/ws";
+		json_add_string 'protocol' 'wss';
 			json_add_array 'auth';
 			json_close_array;
 
@@ -83,8 +130,9 @@ function generate_sulu_conn_config()
 		json_add_object 'main';
 		json_add_string 'fromId' 'proto::interop-usp-controller';
 		json_add_string 'toId' "$(_get_endpoint_id)";
-		json_add_int 'port' 9001;
-		json_add_string 'protocol' 'ws';
+		json_add_int 'port' "$(_get_sulu_tls_port)";
+		json_add_string 'path' "/ws";
+		json_add_string 'protocol' 'wss';
 		json_add_string 'publishEndpoint' "/usp/endpoint";
 		json_add_string 'subscribeEndpoint' "/usp/controller";
 			json_add_array 'auth';
@@ -92,24 +140,40 @@ function generate_sulu_conn_config()
 		json_close_object;
 	json_close_object;
 
-	json_dump > ${SULU_CONFIG}
+	json_dump > ${SCONFIG}
 }
 
 function set_sulu_connection_mode()
 {
-	local rbac profile config
+	local rbac profile config SCONFIG
 
+	SCONFIG="$(_get_sulu_root)/config/connectionConfig.json"
 	rbac="${1}"
 
-	profile="$(jq '.currentConnection' ${SULU_CONFIG})"
+	profile="$(jq '.currentConnection' ${SCONFIG})"
 	if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then
-		config="$(jq '.currentConnection = "rbac"' ${SULU_CONFIG})"
-		echo "${config}" > ${SULU_CONFIG}
+		config="$(jq '.currentConnection = "rbac"' ${SCONFIG})"
+		echo "${config}" > ${SCONFIG}
 	elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then
-		config="$(jq '.currentConnection = "main"' ${SULU_CONFIG})"
-		echo "${config}" > ${SULU_CONFIG}
+		config="$(jq '.currentConnection = "main"' ${SCONFIG})"
+		echo "${config}" > ${SCONFIG}
 	fi
 }
+
+function update_sulu_connection_port()
+{
+	local port ws_port SCONF
+
+	SCONF="$(_get_sulu_root)/config/connectionConfig.json"
+	ws_port="$(_get_sulu_tls_port)"
+
+	port="$(jq '.connections.rbac.port' ${SCONF})"
+	if [ "${port}" -ne "${ws_port}" ]; then
+		jq ".connections.main.port = ${ws_port} | .connections.rbac.port = ${ws_port}" ${SCONF} > /tmp/sulu/ss_port.json
+		mv /tmp/sulu/ss_port.json ${SCONF}
+	fi
+}
+
 function _update_obuspa_config()
 {
 	local restart
@@ -175,7 +239,7 @@ function _update_obuspa_config_rbac() {
 
 		# Add mqtt
 		sec="mqtt_sulu_${f}"
-		if ! uci_get obuspa mqtt ${sec} >/dev/null 2>&1; then
+		if ! uci_get obuspa ${sec} >/dev/null 2>&1; then
 			uci_add obuspa mqtt ${sec}
 			uci_set obuspa ${sec} BrokerAddress "127.0.0.1"
 			uci_set obuspa ${sec} BrokerPort "1883"
@@ -185,7 +249,7 @@ function _update_obuspa_config_rbac() {
 
 		# Add mtp
 		sec="mtp_sulu_${f}"
-		if ! uci_get obuspa mtp ${sec} >/dev/null 2>&1; then
+		if ! uci_get obuspa ${sec} >/dev/null 2>&1; then
 			uci_add obuspa mtp ${sec}
 			uci_set obuspa ${sec} Protocol "MQTT"
 			uci_set obuspa ${sec} ResponseTopicConfigured "/usp/${agent}/${f}/endpoint"
@@ -195,7 +259,7 @@ function _update_obuspa_config_rbac() {
 
 		# Add controller
 		sec="controller_sulu_${f}"
-		if ! uci_get obuspa controller ${sec} >/dev/null 2>&1; then
+		if ! uci_get obuspa ${sec} >/dev/null 2>&1; then
 			uci_add obuspa controller ${sec}
 			uci_set obuspa ${sec} EndpointID "self::sulu-${f}"
 			uci_set obuspa ${sec} Protocol "MQTT"
@@ -239,71 +303,40 @@ function _remove_obuspa_config_rbac()
 }
 
 function _create_acl() {
-        local agentid rbac users
+        local agentid rbac users restart
+	local ACL_FILE
 
 	rbac="${1:-0}"
+	restart="0"
 
-        [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
-
-	if [ "${rbac}" -eq "0" ]; then
-		return 0;
+	ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then
+		return 0
 	fi
 
-        agentid="$(_get_agent_id)"
-	users="$(_get_sulu_users)"
-        for f in ${users}; do
-                echo "user ${f}" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
-                echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
-                echo "" >> ${ACL_FILE}
-        done
-}
-
-function update_mosquitto_broker_config()
-{
-	local system_cred rbac restart
-
-	system_cred="${1}"
-	rbac="${2}"
-	restart=0
-
-	if [ "${system_cred}" -eq "1" ]; then
-		if grep -q "password_file " ${MB_SULU_CONF}; then
-			sed -i '/password_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
-			echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
-			sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
-			echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
-			restart=1
-		fi
+	if [ -f "${ACL_FILE}" ]; then
+		rm -f "${ACL_FILE}"
 	fi
+	touch "${ACL_FILE}"
 
 	if [ "${rbac}" -eq "1" ]; then
-		_create_acl "${rbac}"
-		if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			sed -i '/acl_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
+		users="$(_get_sulu_users)"
+		agentid="$(_get_agent_id)"
+		for f in ${users}; do
+			if ! grep -q "user $f" ${ACL_FILE}; then
+				echo "user ${f}" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+				echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+				echo "" >> ${ACL_FILE}
+				restart="1"
+			fi
+		done
 	fi
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting mqtt broker..."
-		/etc/init.d/mosquitto restart &
+	if [ "${restart}" -gt "0" ]; then
+		slog "Restarting mosquitto..."
+		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
@@ -334,29 +367,6 @@ function update_obuspa_config()
 	fi
 }
 
-function update_nginx_config()
-{
-	local enabled restart
-
-	restart=0
-	enabled="${1:-0}"
-	if [ "${enabled}" -eq "1" ]; then
-		if [ ! -f "/etc/nginx/conf.d/sulu.conf" ]; then
-			cp  /etc/sulu/nginx.conf /etc/nginx/conf.d/sulu.conf
-			restart=1
-		fi
-	else
-		if [ -f "/etc/nginx/conf.d/sulu.conf" ]; then
-			rm -f /etc/nginx/conf.d/sulu.conf
-			restart=1
-		fi
-	fi
-	if [  "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting nginx..."
-		ubus call uci commit '{"config":"nginx"}'
-	fi
-}
-
 function configure_sulu()
 {
 	local sys_cred rbac restart
@@ -372,7 +382,7 @@ function configure_sulu()
 
 	_RESTART_SERVICES="${restart}"
 
-	update_mosquitto_broker_config "${sys_cred}" "${rbac}"
 	set_sulu_connection_mode "${rbac}"
 	update_obuspa_config "${rbac}"
+	_create_acl "${rbac}"
 }

sulu-builder/files/etc/uci-defaults/01-update-nginx-uci-template

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+update_nginx_uci_template()
+{
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
+		sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
+		sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9009; }' ${UCI_TEMPLATE}
+	fi
+}
+
+update_nginx_uci_template

sulu-builder/files/etc/uci-defaults/10-add-mqtt-config

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_obuspa_config()
+{
+	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
+		uci_add mosquitto listener obuspa
+		uci_set mosquitto obuspa enabled 1
+		uci_set mosquitto obuspa port '1883'
+		uci_set mosquitto obuspa no_remote_access '1'
+		uci_set mosquitto obuspa allow_anonymous '1'
+	fi
+}
+
+add_sulu_config()
+{
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu require_certificates '0'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
+	fi
+}
+
+uci_load mosquitto
+add_obuspa_config
+add_sulu_config

sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+add_sulu_nginx_uci()
+{
+	uci_load nginx
+
+	if ! uci_get nginx _sulu_s >/dev/null 2>&1; then
+		uci_add nginx server _sulu_s
+		uci_set nginx _sulu_s root '/sulu'
+		uci_add_list nginx _sulu_s listen "8443 http2 ssl"
+		uci_add_list nginx _sulu_s listen "[::]:8443 http2 ssl"
+		uci_set nginx _sulu_s server_name '_sulu_s'
+		uci_add_list nginx _sulu_s include 'restrict_locally'
+		uci_add_list nginx _sulu_s include '/etc/sulu/nginx.locations'
+		uci_set nginx _sulu_s uci_manage_ssl 'self-signed'
+        	uci_set nginx _sulu_s ssl_certificate '/etc/nginx/conf.d/_lan.crt'
+	        uci_set nginx _sulu_s ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
+	        uci_set nginx _sulu_s ssl_session_cache 'shared:SSL:32k'
+        	uci_set nginx _sulu_s ssl_session_timeout '64m'
+		uci_set nginx _sulu_s access_log 'off; # logd openwrt'
+	fi
+
+	if ! uci_get nginx _suluredirect >/dev/null 2>&1; then
+		uci_add nginx server _suluredirect
+		uci_add_list nginx _suluredirect listen "8080"
+		uci_add_list nginx _suluredirect listen "[::]:8080"
+		uci_set nginx _suluredirect server_name '_suluredirect'
+		uci_set nginx _suluredirect return 'https://$host:8443$request_uri'
+	fi
+}
+
+
+add_sulu_nginx_uci

sulu-builder/files/etc/uci-defaults/99-fix-sulu-config

@@ -5,8 +5,6 @@
 config_load sulu
 config_get enable_system_credentials global enable_system_credentials 1
 config_get role_based_access global role_based_access 0
-config_get enabled global enabled 0
 
 configure_sulu "${enable_system_credentials}" "${role_based_access}" 0
-update_nginx_config "${enabled}"
 generate_sulu_conn_config "${role_based_access}"

sulu/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu
-PKG_VERSION:=1.3.11
+PKG_VERSION:=1.3.25
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=aeb6db93a584cbdc7b5435a4503242833d90ad33
+PKG_SOURCE_VERSION:=696ef814e0b16345f2e8ee0104f3ee1eeaeea5dc
 
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
@@ -27,7 +27,7 @@ define Package/sulu
 	SECTION:=sulu
 	CATEGORY:=Utilities
 	TITLE:=SULU-CE ReactJS based Web UI Package
-	DEPENDS:=+nginx +mosquitto-auth-shadow
+	DEPENDS:=+nginx +mosquitto-auth-shadow +usermngr +jq
 endef
 
 define Package/sulu/description
@@ -49,20 +49,16 @@ endif
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
 
-	$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
-
-	$(INSTALL_DIR) $(1)/etc/nginx/conf.d
-	$(INSTALL_DATA) ./files/etc/nginx/conf.d/sulu.conf $(1)/etc/nginx/conf.d/
-
 	$(INSTALL_DIR) $(1)/etc/sulu
 	$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
+	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-nginx-config $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/01-update-nginx-uci-template $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/10-add-mqtt-config $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,sulu))

sulu/files/etc/config/sulu

@@ -1,6 +1,4 @@
 config global 'global'
-	option enabled '1'
-	option enable_system_credentials '1'
 	option role_based_access '1'
 	list user 'admin'
 	list user 'user'

sulu/files/etc/init.d/sulu

@@ -33,8 +33,9 @@ start_service() {
 		return 0
 	fi
 
+	update_nginx_template
 	configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
-	update_nginx_config "${enabled}"
+	generate_sulu_conn_config "${role_based_access}"
 	procd_close_instance
 }
 
@@ -45,5 +46,5 @@ reload_service() {
 
 service_triggers()
 {
-	procd_add_reload_trigger "sulu"
+	procd_add_reload_trigger "sulu" "nginx"
 }

sulu/files/etc/mosquitto/conf.d/obuspa.conf

@@ -1,3 +0,0 @@
-listener 1883 127.0.0.1
-allow_anonymous true
-

sulu/files/etc/mosquitto/conf.d/sulu.conf

@@ -1,4 +0,0 @@
-listener 9001
-protocol websockets
-require_certificate false
-allow_anonymous false

sulu/files/etc/mosquitto/sulu.password

@@ -1 +0,0 @@
-admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==

sulu/files/etc/nginx/conf.d/sulu.conf

@@ -1,27 +0,0 @@
-server {
-        listen 8080;
-        listen [::]:8080;
-        server_name _sulu;
-        root /sulu;
-        location /config/ {
-                autoindex on;
-                expires -1;
-
-                if ($request_method = 'OPTIONS') {
-                        add_header 'Access-Control-Allow-Origin' '*';
-                        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-                        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range';
-                        add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-                        add_header 'Content-Type' 'text/plain; charset=utf-8';
-                        add_header 'Content-Length' 0;
-                        return 204;
-                }
-                if ($request_method = 'GET') {
-                        add_header 'Access-Control-Allow-Origin' '*' always;
-                        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-                        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
-                        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-                        add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-                }
-        }
-}

sulu/files/etc/sulu/nginx.locations

@@ -0,0 +1,50 @@
+error_page 497 301 =307 https://$host:$server_port$request_uri;
+
+location /robots.txt {
+	return 200 "User-agent: *\nDisallow: /\n";
+}
+
+location /sitemap.xml {
+	return 200 "User-agent: *\nDisallow: /\n";
+}
+
+location /ws {
+	proxy_pass_request_headers      on;
+	proxy_cache        off;
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection $connection_upgrade;
+	proxy_set_header    Host               $host;
+	proxy_set_header    X-Real-IP          $remote_addr;
+	proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+	proxy_set_header    X-Forwarded-Host   $host;
+	proxy_set_header    X-Forwarded-Server $host;
+	proxy_set_header    X-Forwarded-Port   $server_port;
+	proxy_set_header    X-Forwarded-Proto  $scheme;
+	add_header          Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
+	proxy_pass http://websocket;
+}
+
+location / {
+	autoindex on;
+	expires -1;
+
+	if ($request_method = 'OPTIONS') {
+		add_header 'Access-Control-Allow-Origin' '*';
+		add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range';
+		add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+		add_header 'Content-Type' 'text/plain; charset=utf-8';
+		add_header 'Content-Length' 0;
+		return 204;
+	}
+	if ($request_method = 'GET') {
+		add_header 'Access-Control-Allow-Origin' '*' always;
+		add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
+		add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+		add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+	}
+}

sulu/files/etc/sulu/sulu.sh

@@ -2,9 +2,6 @@
 
 . /lib/functions.sh
 
-SULU_CONFIG="/sulu/config/connectionConfig.json"
-ACL_FILE="/tmp/sulu/mqtt.acl"
-MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
 _RESTART_SERVICES="0"
 
 mkdir -p /tmp/sulu/
@@ -22,9 +19,10 @@ function _get_agent_id()
 	if [ -z "${endpointid}" ]; then
 		oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
 		serial="$(db -q get device.deviceinfo.SerialNumber)"
-		echo "${oui}-${serial}"
+		echo "${oui}-${serial//+/%2B}"
 	else
-		echo "$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
+		endpointid="$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
+		endpointid="${endpointid//+/%2B}"
 	fi
 }
 
@@ -36,9 +34,9 @@ function _get_endpoint_id()
 	if [ -z "${endpointid}" ]; then
 		oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
 		serial="$(db -q get device.deviceinfo.SerialNumber)"
-		echo "os::${oui}-${serial}"
+		echo "os::${oui}-${serial//+/%2B}"
 	else
-		echo "${endpointid}"
+		echo "${endpointid//+/%2B}"
 	fi
 }
 
@@ -47,12 +45,60 @@ function _get_sulu_users()
 	echo "$(uci -q get sulu.global.user)"
 }
 
+function _get_sulu_root()
+{
+	local root
+
+	root="$(uci -q get nginx._sulu_s.root)"
+	echo "${root:-/sulu}"
+}
+
+function _get_usp_upstream_port()
+{
+	local port
+
+	port="$(uci -q get mosquitto.sulu.port)"
+	echo "${port:-9009}"
+}
+
+function _get_sulu_acl_file()
+{
+	local file
+
+	file="$(uci -q get mosquitto.sulu.acl_file)"
+	echo "${file}"
+}
+
+function _get_sulu_tls_port()
+{
+	local port listen
+
+	listen="$(uci -q get nginx._sulu_s.listen)"
+	port="$(echo $listen|grep -Eo '[0-9]+'|head -n 1)"
+
+	echo "${port:-8443}"
+}
+
+function update_nginx_template()
+{
+	local port
+
+	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+	port="$(_get_usp_upstream_port)"
+        if ! grep -q "upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}; then
+		sed -i "s/upstream websocket { server 127.0.0.1:[0-9]\+; }/upstream websocket { server 127.0.0.1:${var}; }/" ${UCI_TEMPLATE}
+		log "Restarting nginx"
+		ubus call uci commit '{"config":"nginx"}'
+	fi
+}
+
 function generate_sulu_conn_config()
 {
-	local rbac users
+	local rbac users SCONFIG
 
 	rbac="${1}"
 	users="$(_get_sulu_users)"
+	SCONFIG="$(_get_sulu_root)/config/connectionConfig.json"
 
 	json_init;
 	if [ "${rbac}" -eq "1" ]; then
@@ -63,8 +109,9 @@ function generate_sulu_conn_config()
 	json_add_object 'connections';
 		json_add_object 'rbac';
 		json_add_string 'toId' "$(_get_endpoint_id)";
-		json_add_int 'port' 9001;
-		json_add_string 'protocol' 'ws';
+		json_add_int 'port' "$(_get_sulu_tls_port)";
+		json_add_string 'path' "/ws";
+		json_add_string 'protocol' 'wss';
 			json_add_array 'auth';
 			json_close_array;
 
@@ -83,8 +130,9 @@ function generate_sulu_conn_config()
 		json_add_object 'main';
 		json_add_string 'fromId' 'proto::interop-usp-controller';
 		json_add_string 'toId' "$(_get_endpoint_id)";
-		json_add_int 'port' 9001;
-		json_add_string 'protocol' 'ws';
+		json_add_int 'port' "$(_get_sulu_tls_port)";
+		json_add_string 'path' "/ws";
+		json_add_string 'protocol' 'wss';
 		json_add_string 'publishEndpoint' "/usp/endpoint";
 		json_add_string 'subscribeEndpoint' "/usp/controller";
 			json_add_array 'auth';
@@ -92,24 +140,40 @@ function generate_sulu_conn_config()
 		json_close_object;
 	json_close_object;
 
-	json_dump > ${SULU_CONFIG}
+	json_dump > ${SCONFIG}
 }
 
 function set_sulu_connection_mode()
 {
-	local rbac profile config
+	local rbac profile config SCONFIG
 
+	SCONFIG="$(_get_sulu_root)/config/connectionConfig.json"
 	rbac="${1}"
 
-	profile="$(jq '.currentConnection' ${SULU_CONFIG})"
+	profile="$(jq '.currentConnection' ${SCONFIG})"
 	if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then
-		config="$(jq '.currentConnection = "rbac"' ${SULU_CONFIG})"
-		echo "${config}" > ${SULU_CONFIG}
+		config="$(jq '.currentConnection = "rbac"' ${SCONFIG})"
+		echo "${config}" > ${SCONFIG}
 	elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then
-		config="$(jq '.currentConnection = "main"' ${SULU_CONFIG})"
-		echo "${config}" > ${SULU_CONFIG}
+		config="$(jq '.currentConnection = "main"' ${SCONFIG})"
+		echo "${config}" > ${SCONFIG}
 	fi
 }
+
+function update_sulu_connection_port()
+{
+	local port ws_port SCONF
+
+	SCONF="$(_get_sulu_root)/config/connectionConfig.json"
+	ws_port="$(_get_sulu_tls_port)"
+
+	port="$(jq '.connections.rbac.port' ${SCONF})"
+	if [ "${port}" -ne "${ws_port}" ]; then
+		jq ".connections.main.port = ${ws_port} | .connections.rbac.port = ${ws_port}" ${SCONF} > /tmp/sulu/ss_port.json
+		mv /tmp/sulu/ss_port.json ${SCONF}
+	fi
+}
+
 function _update_obuspa_config()
 {
 	local restart
@@ -175,7 +239,7 @@ function _update_obuspa_config_rbac() {
 
 		# Add mqtt
 		sec="mqtt_sulu_${f}"
-		if ! uci_get obuspa mqtt ${sec} >/dev/null 2>&1; then
+		if ! uci_get obuspa ${sec} >/dev/null 2>&1; then
 			uci_add obuspa mqtt ${sec}
 			uci_set obuspa ${sec} BrokerAddress "127.0.0.1"
 			uci_set obuspa ${sec} BrokerPort "1883"
@@ -185,7 +249,7 @@ function _update_obuspa_config_rbac() {
 
 		# Add mtp
 		sec="mtp_sulu_${f}"
-		if ! uci_get obuspa mtp ${sec} >/dev/null 2>&1; then
+		if ! uci_get obuspa ${sec} >/dev/null 2>&1; then
 			uci_add obuspa mtp ${sec}
 			uci_set obuspa ${sec} Protocol "MQTT"
 			uci_set obuspa ${sec} ResponseTopicConfigured "/usp/${agent}/${f}/endpoint"
@@ -195,7 +259,7 @@ function _update_obuspa_config_rbac() {
 
 		# Add controller
 		sec="controller_sulu_${f}"
-		if ! uci_get obuspa controller ${sec} >/dev/null 2>&1; then
+		if ! uci_get obuspa ${sec} >/dev/null 2>&1; then
 			uci_add obuspa controller ${sec}
 			uci_set obuspa ${sec} EndpointID "self::sulu-${f}"
 			uci_set obuspa ${sec} Protocol "MQTT"
@@ -239,71 +303,40 @@ function _remove_obuspa_config_rbac()
 }
 
 function _create_acl() {
-        local agentid rbac users
+        local agentid rbac users restart
+	local ACL_FILE
 
 	rbac="${1:-0}"
+	restart="0"
 
-        [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
-
-	if [ "${rbac}" -eq "0" ]; then
-		return 0;
+	ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then
+		return 0
 	fi
 
-        agentid="$(_get_agent_id)"
-	users="$(_get_sulu_users)"
-        for f in ${users}; do
-                echo "user ${f}" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
-                echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
-                echo "" >> ${ACL_FILE}
-        done
-}
-
-function update_mosquitto_broker_config()
-{
-	local system_cred rbac restart
-
-	system_cred="${1}"
-	rbac="${2}"
-	restart=0
-
-	if [ "${system_cred}" -eq "1" ]; then
-		if grep -q "password_file " ${MB_SULU_CONF}; then
-			sed -i '/password_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
-			echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
-			sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
-			echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
-			restart=1
-		fi
+	if [ -f "${ACL_FILE}" ]; then
+		rm -f "${ACL_FILE}"
 	fi
+	touch "${ACL_FILE}"
 
 	if [ "${rbac}" -eq "1" ]; then
-		_create_acl "${rbac}"
-		if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			sed -i '/acl_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
+		users="$(_get_sulu_users)"
+		agentid="$(_get_agent_id)"
+		for f in ${users}; do
+			if ! grep -q "user $f" ${ACL_FILE}; then
+				echo "user ${f}" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+				echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+				echo "" >> ${ACL_FILE}
+				restart="1"
+			fi
+		done
 	fi
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting mqtt broker..."
-		/etc/init.d/mosquitto restart &
+	if [ "${restart}" -gt "0" ]; then
+		slog "Restarting mosquitto..."
+		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
@@ -334,29 +367,6 @@ function update_obuspa_config()
 	fi
 }
 
-function update_nginx_config()
-{
-	local enabled restart
-
-	restart=0
-	enabled="${1:-0}"
-	if [ "${enabled}" -eq "1" ]; then
-		if [ ! -f "/etc/nginx/conf.d/sulu.conf" ]; then
-			cp  /etc/sulu/nginx.conf /etc/nginx/conf.d/sulu.conf
-			restart=1
-		fi
-	else
-		if [ -f "/etc/nginx/conf.d/sulu.conf" ]; then
-			rm -f /etc/nginx/conf.d/sulu.conf
-			restart=1
-		fi
-	fi
-	if [  "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting nginx..."
-		ubus call uci commit '{"config":"nginx"}'
-	fi
-}
-
 function configure_sulu()
 {
 	local sys_cred rbac restart
@@ -372,7 +382,7 @@ function configure_sulu()
 
 	_RESTART_SERVICES="${restart}"
 
-	update_mosquitto_broker_config "${sys_cred}" "${rbac}"
 	set_sulu_connection_mode "${rbac}"
 	update_obuspa_config "${rbac}"
+	_create_acl "${rbac}"
 }

sulu/files/etc/uci-defaults/01-update-nginx-uci-template

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+update_nginx_uci_template()
+{
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
+		sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
+		sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9009; }' ${UCI_TEMPLATE}
+	fi
+}
+
+update_nginx_uci_template

sulu/files/etc/uci-defaults/10-add-mqtt-config

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_obuspa_config()
+{
+	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
+		uci_add mosquitto listener obuspa
+		uci_set mosquitto obuspa enabled 1
+		uci_set mosquitto obuspa port '1883'
+		uci_set mosquitto obuspa no_remote_access '1'
+		uci_set mosquitto obuspa allow_anonymous '1'
+	fi
+}
+
+add_sulu_config()
+{
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu require_certificates '0'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
+	fi
+}
+
+uci_load mosquitto
+add_obuspa_config
+add_sulu_config

sulu/files/etc/uci-defaults/40-add-sulu-nginx-config

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+add_sulu_nginx_uci()
+{
+	uci_load nginx
+
+	if ! uci_get nginx _sulu_s >/dev/null 2>&1; then
+		uci_add nginx server _sulu_s
+		uci_set nginx _sulu_s root '/sulu'
+		uci_add_list nginx _sulu_s listen "8443 http2 ssl"
+		uci_add_list nginx _sulu_s listen "[::]:8443 http2 ssl"
+		uci_set nginx _sulu_s server_name '_sulu_s'
+		uci_add_list nginx _sulu_s include 'restrict_locally'
+		uci_add_list nginx _sulu_s include '/etc/sulu/nginx.locations'
+		uci_set nginx _sulu_s uci_manage_ssl 'self-signed'
+        	uci_set nginx _sulu_s ssl_certificate '/etc/nginx/conf.d/_lan.crt'
+	        uci_set nginx _sulu_s ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
+	        uci_set nginx _sulu_s ssl_session_cache 'shared:SSL:32k'
+        	uci_set nginx _sulu_s ssl_session_timeout '64m'
+		uci_set nginx _sulu_s access_log 'off; # logd openwrt'
+	fi
+
+	if ! uci_get nginx _suluredirect >/dev/null 2>&1; then
+		uci_add nginx server _suluredirect
+		uci_add_list nginx _suluredirect listen "8080"
+		uci_add_list nginx _suluredirect listen "[::]:8080"
+		uci_set nginx _suluredirect server_name '_suluredirect'
+		uci_set nginx _suluredirect return 'https://$host:8443$request_uri'
+	fi
+}
+
+
+add_sulu_nginx_uci

sulu/files/etc/uci-defaults/99-fix-sulu-config

@@ -5,8 +5,6 @@
 config_load sulu
 config_get enable_system_credentials global enable_system_credentials 1
 config_get role_based_access global role_based_access 0
-config_get enabled global enabled 0
 
 configure_sulu "${enable_system_credentials}" "${role_based_access}" 0
-update_nginx_config "${enabled}"
 generate_sulu_conn_config "${role_based_access}"

swmodd/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=swmodd
-PKG_VERSION:=2.1.18
+PKG_VERSION:=2.1.19
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0617f1017511854b0e3d384799f2bf63800a27c0
+PKG_SOURCE_VERSION:=d7a069beab09ee1134ba1bc784c3bc9269df2e23
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/swmodd.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

usermngr/Makefile

@@ -0,0 +1,56 @@
+#
+# Copyright (C) 2022 IOPSYS
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=usermngr
+PKG_VERSION:=1.0.4
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/usermngr.git
+PKG_SOURCE_VERSION:=9d5f529e236e03c91e41c421de7702923a24664e
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+MAKE_PATH:=src
+
+define Package/usermngr
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=TRx69
+  DEPENDS:= +shadow-utils +libbbf_api
+  TITLE:=Package to add Device.Users. datamodel support
+endef
+
+define Package/usermngr/description
+  Package to add Device.Users. datamodel support
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/usermngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/usermngr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DIR) $(1)/usr/lib/bbfdm
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/init.d/users $(1)/etc/init.d/users
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/uci-defaults/90-indicate-bootstrap $(1)/etc/uci-defaults/90-indicate-bootstrap
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/uci-defaults/91-sync-shells $(1)/etc/uci-defaults/91-sync-shells
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/libusermngr.so $(1)/usr/lib/bbfdm/libusermngr.so
+	$(INSTALL_BIN) ./files/etc/config/users $(1)/etc/config/users
+endef
+
+$(eval $(call BuildPackage,usermngr))

usermngr/files/etc/config/users

@@ -0,0 +1,7 @@
+config user 'admin'
+        option enabled '1'
+        option remote_access '1'
+
+config user 'user'
+        option enabled '1'
+        option remote_access '1'

uspd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uspd
-PKG_VERSION:=2.2.19
+PKG_VERSION:=2.2.23
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/uspd.git
-PKG_SOURCE_VERSION:=6d970e79ecffaee9a67908442080add3565e17ca
+PKG_SOURCE_VERSION:=828abe8f0234eb7cd36115bb2e4a5b4113c0510f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

uspd/files/etc/config/uspd

@@ -3,3 +3,4 @@ config uspd 'usp'
 	option debug '0'
 	option loglevel  '1'
 	option refresh_time '5'
+	option transaction_timeout '10'

uspd/files/etc/init.d/uspd

@@ -30,6 +30,7 @@ configure_uspd()
 
 	[ ${enabled} -eq 0 ] && return 0
 
+	procd_set_param command ${PROG}
 	if [ ${debug} -eq 1 ]; then
 		procd_set_param stdout 1
 		procd_set_param stderr 1
@@ -46,7 +47,6 @@ configure_uspd()
 
 start_service() {
 	procd_open_instance usp
-	procd_set_param command ${PROG}
 	configure_uspd
 	procd_set_param respawn
 	procd_close_instance

voicemngr/Makefile

@@ -4,19 +4,21 @@
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
+export LIBVOICE_MAKE_OPTS:=$(TOPDIR)/tmp/.libvoice-opts.mk
 include $(TOPDIR)/rules.mk
+-include $(LIBVOICE_MAKE_OPTS)
 
 PKG_NAME:=voicemngr
 PKG_VERSION:=0.1
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
-LOCAL_SRC_DIR:=~/git/voip/voicemngr
+LOCAL_SRC_DIR:=~/git/voip/$(PKG_NAME)
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/voicemngr.git
-PKG_SOURCE_VERSION:=13a14593daa610a87c363a1a0acd19f31f405a71
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
+PKG_SOURCE_VERSION:=d4e71d2afae6567e48f4b57b5cf026307e5cac57
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -25,29 +27,22 @@ endif
 # indirectly. This ensures that the package is rebuilt on config-changes.
 PKG_CONFIG_DEPENDS:=CONFIG_TARGET_BOARD
 
-TARGET_PLATFORM:=
-ifeq ($(CONFIG_TARGET_brcmbca),y)
-	TARGET_PLATFORM:=BROADCOM
-else ifeq ($(CONFIG_TARGET_iopsys_qualcomm),y)
-	TARGET_PLATFORM:=QUALCOMM
-endif
-
-export TARGET_PLATFORM
-export CONFIG_BRCM_SDK_VER_504040
-export CONFIG_BCM_CHIP_ID
-
 include $(INCLUDE_DIR)/package.mk
 
 TARGET_CFLAGS += -Wall -Werror
 
-define Package/voicemngr
+export LIBVOICE_CFLAGS
+export LIBVOICE_LIBS
+
+define Package/$(PKG_NAME)
 	CATEGORY:=Utilities
 	TITLE:=IOPSYS Voice Manager
 	URL:=
-	DEPENDS:= +libubox +ubus +libpicoevent +uci +TARGET_brcmbca:bcmkernel +TARGET_iopsys_qualcomm:vtsp
+	DEPENDS:= +libubox +ubus +libpicoevent +uci +TARGET_brcmbca:bcmkernel +TARGET_brcmbca:libvoice-broadcom \
+		+TARGET_ipq95xx:libvoice-d2
 endef
 
-define Package/voicemngr/description
+define Package/$(PKG_NAME)/description
 	Voice manager is a daemon that bridges Asterisk and platform specific DSP/SLIC APIs
 endef
 
@@ -55,16 +50,22 @@ ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	@echo "Building from the local source. TARGET_PLATFORM=$(TARGET_PLATFORM)"
 	rsync -av --exclude=.* $(LOCAL_SRC_DIR)/* $(PKG_BUILD_DIR)/
+	$(LN) $(LIBVOICE_PKG_BUILD_DIR)/*.[ch] $(PKG_BUILD_DIR)/libvoice/
+endef
+else
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	$(LN) $(LIBVOICE_PKG_BUILD_DIR)/*.[ch] $(PKG_BUILD_DIR)/libvoice/
 endef
 endif
 
-define Package/voicemngr/install
+define Package/$(PKG_NAME)/install
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/voicemngr $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_NAME) $(1)/usr/sbin/
 	$(CP) $(PKG_BUILD_DIR)/libvoice/libvoice.so* $(1)/usr/lib/
 endef
 
-$(eval $(call BuildPackage,voicemngr))
+$(eval $(call BuildPackage,$(PKG_NAME)))
 

voicemngr/files/etc/init.d/voicemngr

@@ -10,7 +10,8 @@ start_service() {
 	[ "$(db -q get hw.board.hasVoice)" = "1" ] || return
 
 	procd_open_instance
-	procd_set_param env hw_board_hasDect=$(db get hw.board.hasDect)
+	procd_set_param env hw_board_hasDect="$(db get hw.board.hasDect)"
+	procd_set_param env hw_board_VoicePortNames="$(db get hw.board.VoicePortNames)"
 	procd_set_param command $NAME
 	procd_set_param respawn "5" "0" "3"
 	procd_set_param nice -12

wfadatad/Config.in

@@ -1,10 +1,7 @@
 menu "Configuration"
 
-config WFA_DELM_MULTIAP_MODE
-	bool "Enable Multi-AP mode"
-	default y
+config DECOLLECTOR_EASYMESH_VERSION
+	int "Support Easymesh version"
+	default 2
 
-config WIFI_DELM_DEBUG
-	bool "Enable debug logs"
-	default n
 endmenu

wfadatad/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wfadatad
-PKG_VERSION:=2.10.0.4
+PKG_VERSION:=2.11.0.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b5b6e881b110d86c6ea725c30c1be4de77e9ecfb
+PKG_SOURCE_VERSION:=24dcb18f3e60082c70ab17b0707073fd2981f0a9
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/wfadatad.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -73,6 +73,7 @@ endif
 
 MAKE_PATH:=src
 
+TARGET_CFLAGS += -DEASYMESH_VERSION=$(CONFIG_DECOLLECTOR_EASYMESH_VERSION)
 
 EXECS := \
 	$(if $(CONFIG_PACKAGE_wfadatad),agent/deagent) \