passwdqc: v2.0.3

2025-12-29 15:49:30 +08:00 · 2025-02-06 12:59:21 +05:30
123 changed files with 1314 additions and 2062 deletions
--- a/bbfdm/Makefile
+++ b/bbfdm/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bbfdm
-PKG_VERSION:=1.15.6
+PKG_VERSION:=1.14.4

 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=38636715adf891bbf64a45ba54a87582c0c7e134
+PKG_SOURCE_VERSION:=c8967d6bf47c8bc96cf8df94236b4edfc95aabea
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -154,9 +154,6 @@ define Package/dm-service/install

 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dm-service/dm-service $(1)/usr/sbin/
-
-	$(BBFDM_REGISTER_SERVICES) -v ${CONFIG_BBF_VENDOR_PREFIX} ./bbfdm_service.json $(1) core
-	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/libbbfdm/libcore.so $(1) core
 endef

 define Package/bbf_configmngr/install
--- a/bbfdm/bbfdm.mk
+++ b/bbfdm/bbfdm.mk
@@ -89,3 +89,28 @@ BBFDM_INSTALL_SCRIPT:=$(BBFDM_DIR)/tools/bbfdm.sh -s


 BBFDM_REGISTER_SERVICES:=$(BBFDM_DIR)/tools/bbfdm.sh -t
+
+# Deprecated functions errors
+define BbfdmInstallPluginInMicroservice
+	$(warning # BbfdmInstallPluginInMicroservice function is deprecated, use BBFDM_INSTALL_MS_PLUGIN macro #)
+	$(INSTALL_DIR) $(1)
+	$(INSTALL_DATA) $(2) $(1)/
+endef
+
+define BbfdmInstallMicroServiceInputFile
+	$(warning # function BbfdmInstallMicroServiceInputFile deprecated, input file auto generated with BBFDM_INSTALL_MS_DM #)
+	$(INSTALL_DIR) $(1)/etc/bbfdm/micro_services
+	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/micro_services/$(PKG_NAME).json
+endef
+
+define BbfdmInstallPlugin
+	$(warning # function BbfdmInstallPlugin deprecated, use BBFDM_INSTALL_CORE_PLUGIN macro #)
+	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
+	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/plugins/
+endef
+
+define BbfdmInstallPluginWithPriority
+	$(warning # fucntion BbfdmInstallPluginWithPriority deprecated, use BBFDM_INSTALL_CORE_PLUGIN #)
+	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
+	$(INSTALL_DATA) $(3) $(1)/etc/bbfdm/plugins/$(2)_$(shell basename ${3})
+endef
--- a/bbfdm/bbfdm_service.json
+++ b/bbfdm/bbfdm_service.json
@@ -1,54 +0,0 @@
-{
-  "daemon": {
-    "enable": "1",
-    "service_name": "core",
-    "unified_daemon": false,
-    "services": [
-      {
-        "parent_dm": "Device.",
-        "object": "LANConfigSecurity"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "Schedules"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "Security",
-        "proto": "cwmp"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "PacketCaptureDiagnostics"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "SelfTestDiagnostics"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "Syslog"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "{BBF_VENDOR_PREFIX}OpenVPN",
-        "proto": "usp"
-      },	  
-      {
-        "parent_dm": "Device.",
-        "object": "RootDataModelVersion"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "Reboot()"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "FactoryReset()"
-      }
-    ],
-    "config": {
-      "loglevel": "3"
-    }
-  }
-}
--- a/bbfdm/files/etc/bbfdm/critical_services.json
+++ b/bbfdm/files/etc/bbfdm/critical_services.json
@@ -3,12 +3,8 @@
 			"firewall",
 			"network",
 			"dhcp",
-			"time",
 			"wireless",
-			"ieee1905",
-			"mapcontroller",
-			"mosquitto",
-			"nginx"
+			"time"
 	],
 	"cwmp": [
 			"firewall",
--- a/bbfdm/files/etc/uci-defaults/96-sysctl-translation
+++ b/bbfdm/files/etc/uci-defaults/96-sysctl-translation
@@ -51,6 +51,10 @@ parse_bbfdm_sysctl_conf_file() {

 	# Replace the original file with the modified content
 	mv "$tmpfile" "${bbfdm_sysctl_conf}"
+
+	# Apply the changes
+	uci commit network
+	sysctl -e -p "${bbfdm_sysctl_conf}" >&-
 }

 parse_bbfdm_sysctl_conf_file
--- a/bbfdm/tools/bbfdm.sh
+++ b/bbfdm/tools/bbfdm.sh
@@ -180,15 +180,14 @@ if [ "${MICRO_SERVICE}" -eq "1" ]; then
 	fi
 else
 	if [ "${PLUGIN}" -eq "1" ]; then
-		echo "# WARNING: BBFDM_INSTALL_CORE_PLUGIN macro will be deprecated soon. Please use BBFDM_INSTALL_MS_PLUGIN macro instead, specifying 'core' as micro-service name #"
 		priority="${DATA:-0}"
-		install_dir ${DEST}/${BBFDM_BASE_DM_PATH}/micro_services/core
+		install_dir ${DEST}/${BBFDM_BASE_DM_PATH}/plugins

 		if [ "${priority}" -gt "0" ]; then
 			# install with priority if defined
-			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/micro_services/core/${priority}_$(basename ${SRC})
+			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/plugins/${priority}_$(basename ${SRC})
 		elif [ "${priority}" -eq "0" ]; then
-			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/micro_services/core/$(basename ${SRC})
+			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/plugins/$(basename ${SRC})
 		else
 			echo "# Priority should be an unsigned integer"
 			exit 1
--- a/bridgemngr/Makefile
+++ b/bridgemngr/Makefile
@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.0.11

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
-PKG_SOURCE_VERSION:=25fd52491a639b32b8eb77ea07a4e470c458d16a
+PKG_SOURCE_VERSION:=18c2921a1cf5bfa027c11c5e6ca605ef69fd1168
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/decollector/Makefile
+++ b/decollector/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=decollector
-PKG_VERSION:=6.2.0.1
+PKG_VERSION:=6.1.0.7

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=575ecfff3779aadcea83d890ba975109c0f7d6a3
+PKG_SOURCE_VERSION:=db4eae19a3f716eec5a37aa2786b9bbbe3160b54
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
--- a/dhcpmngr/files/etc/uci-defaults/unbound.odhcpd.uci_default
+++ b/dhcpmngr/files/etc/uci-defaults/unbound.odhcpd.uci_default
@@ -10,6 +10,7 @@ uci -q get dhcp.odhcpd >/dev/null 2>&1 && {
 		[ -e /usr/lib/unbound/odhcpd.sh ] && [ -e /usr/sbin/unbound ] && {
 			# then set unbound script as leasetrigger in dhcp UCI
 			uci -q set dhcp.odhcpd.leasetrigger='/usr/lib/unbound/odhcpd.sh'
+			uci commit dhcp
 		}
 	}
 }
--- a/dnsmngr/Makefile
+++ b/dnsmngr/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.15
+PKG_VERSION:=1.0.14

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=32bd2501fca8a4f45ba13ee0e4762756c60fe721
+PKG_SOURCE_VERSION:=e64ec01b57d8b32e5230b34f6a3866250b1a8faf
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -64,10 +64,6 @@ ifeq ($(CONFIG_DNSMNGR_BACKEND_DNSMASQ),y)
 endif

 define Package/dnsmngr/install
-	$(INSTALL_DIR) $(1)/etc/umdns
-	$(INSTALL_DIR) $(1)/etc/umdns/tmp
-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
-	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/dnsmngr $(1)/lib/upgrade/keep.d/dnsmngr
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libdnsmngr.so $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_SCRIPT) -d $(PKG_BUILD_DIR)/scripts/nslookup $(1)
--- a/dnsmngr/files/lib/upgrade/keep.d/dnsmngr
+++ b/dnsmngr/files/lib/upgrade/keep.d/dnsmngr
@@ -1 +0,0 @@
-/etc/umdns/*
--- a/ebtables-extensions/Makefile
+++ b/ebtables-extensions/Makefile
@@ -6,14 +6,14 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=ebtables-extensions
-PKG_VERSION:=2.0.5
+PKG_VERSION:=2.0.4
 PKG_LICENSE:=GPL-2.0

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ebtables-extensions.git
-PKG_SOURCE_VERSION:=7357622d806833d93d317164dc6673fbf5fd1629
+PKG_SOURCE_VERSION:=9a2af49b455ee25ca0694274e004ced7c09855a0
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -189,7 +189,9 @@ define KernelPackage/ebt-mldsnooping/description
 	Kernel module to enable MLD snooping for ebtables
 endef

-include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+ifeq ($(CONFIG_TARGET_brcmbca),y)
+	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+endif

 define Build/Prepare

@@ -234,6 +236,7 @@ endif
 	$(CP) $(PKG_BUILD_DIR)/src/ebt_mldsnooping.h $(1)/include/uapi/linux/netfilter_bridge/
 endef

+KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
 ifeq ($(CONFIG_TARGET_airoha),y)
  KERNEL_MAKE_FLAGS += PLATFORM="ECONET"
 endif
--- a/firewallmngr/Makefile
+++ b/firewallmngr/Makefile
@@ -29,7 +29,7 @@ define Package/firewallmngr
  CATEGORY:=Network
  TITLE:=Package to add Device.Firewall and Device.NAT. data model support.
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +firewall
-  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:iptables-mod-trigger
+  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:kmod-ipt-trigger +FIREWALLMNGR_PORT_TRIGGER:kmod-ip6t-trigger
  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:iptables-mod-nfqueue
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
--- a/firewallmngr/files/firewall.portmap
+++ b/firewallmngr/files/firewall.portmap
@@ -2,40 +2,71 @@

 . /lib/functions.sh

+log() {
+	echo "${@}"|logger -t firewall.dnat -p info
+}
+
+exec_cmd() {
+	if ! eval "$*"; then
+		log "Failed to run [$*]"
+	fi
+}
+
 reorder_dnat_rules() {
-	nat_chains=$(iptables -w -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)
+	nat_chains=$(iptables -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)

 	for chain in ${nat_chains}; do
 		# Collect empty remote host & empty dport rules
-		EMPTY_HOST_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")
+		EMPTY_HOST_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")
+		if [ -n "${EMPTY_HOST_PORT}" ]; then
+			echo "${EMPTY_HOST_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
+				exec_cmd $cmd1
+			done
+		fi

 		# Collect empty remote host but non empty dport rules
-		EMPTY_HOST=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")
+		EMPTY_HOST=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")
+		if [ -n "${EMPTY_HOST}" ]; then
+			echo "${EMPTY_HOST}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
+				exec_cmd $cmd1
+			done
+		fi

 		# Collect non empty remote host but empty dport rules
-		EMPTY_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")
+		EMPTY_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")
+		if [ -n "${EMPTY_PORT}" ]; then
+			echo "${EMPTY_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
+				exec_cmd $cmd1
+			done
+		fi

-		# Skip this chain if no matching rules were found
-		[ -n "${EMPTY_HOST_PORT}" -o -n "${EMPTY_HOST}" -o -n "${EMPTY_PORT}" ] || continue
+		# Now add rules as per datamodel precedence shown below
+		## Non empty remote host, empty dport
+		## empty remote host, non empty dport
+		## empty remote host, empty dport
+		if [ -n "${EMPTY_PORT}" ]; then
+			echo "${EMPTY_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd)"
+				exec_cmd $cmd1
+			done
+		fi

-		(
-			echo '*nat'
+		if [ -n "${EMPTY_HOST}" ]; then
+			echo "${EMPTY_HOST}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd)"
+				exec_cmd $cmd1
+			done
+		fi

-			# Delete collected rules
-			[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}" | sed 's/^-A /-D /'
-			[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}" | sed 's/^-A /-D /'
-			[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}" | sed 's/^-A /-D /'
-
-			# Now add rules as per datamodel precedence shown below
-			## Non empty remote host, empty dport
-			## empty remote host, non empty dport
-			## empty remote host, empty dport
-			[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}"
-			[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}"
-			[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}"
-
-			echo 'COMMIT'
-		) | iptables-restore -w -n
+		if [ -n "${EMPTY_HOST_PORT}" ]; then
+			echo "${EMPTY_HOST_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd)"
+				exec_cmd $cmd1
+			done
+		fi
 	done
 }

--- a/firewallmngr/files/firewall.service
+++ b/firewallmngr/files/firewall.service
@@ -7,7 +7,7 @@ log() {
 }

 exec_cmd() {
-	if ! "$@"; then
+	if ! eval "$*"; then
 		log "Failed to run [$*]"
 		echo "-1"
 		return 0
@@ -73,7 +73,7 @@ add_iptable_rule() {
 		fi

 		if [ -z "${src_prefix}" ]; then
-			res=$(exec_cmd iptables -w ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
+			res=$(exec_cmd "iptables ${cmd} -m comment --comment IPtables_service_rule -j ${action}")
 		else
 			#Add ipv4 sources if any
 			src_list=""
@@ -86,7 +86,7 @@ add_iptable_rule() {

 			if [ -n "$src_list" ]; then
 				src_list=$(echo "${src_list}" | sed "s/,$//")
-				res=$(exec_cmd iptables -w -s "$src_list" ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
+				res=$(exec_cmd "iptables -s $src_list ${cmd} -m comment --comment IPtables_service_rule -j ${action}")
 			fi
 		fi
 	fi
@@ -97,7 +97,7 @@ add_iptable_rule() {
 		fi

 		if [ -z "${src_prefix}" ]; then
-			res=$(exec_cmd ip6tables -w ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
+			res=$(exec_cmd "ip6tables ${cmd} -m comment --comment IP6tables_service_rule -j ${action}")
 		else
 			#Add ipv6 sources if any
 			src_list=""
@@ -110,7 +110,7 @@ add_iptable_rule() {

 			if [ -n "$src_list" ]; then
 				src_list=$(echo "${src_list}" | sed "s/,$//")
-				res=$(exec_cmd ip6tables -w -s "$src_list" ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
+				res=$(exec_cmd "ip6tables -s $src_list ${cmd} -m comment --comment IP6tables_service_rule -j ${action}")
 			fi
 		fi
 	fi
--- a/gateway-info/Makefile
+++ b/gateway-info/Makefile
@@ -1,60 +0,0 @@
-#
-# Copyright (C) 2025 IOPSYS Software Solutions AB
-#
-# This is free software, licensed under the BSD-3-Clause
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=gateway-info
-PKG_VERSION:=1.0.0
-
-LOCAL_DEV:=0
-ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/gateway-info.git
-PKG_SOURCE_VERSION:=26e407a25b156da75e3941d54ddd74294cd9eae8
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
-endif
-
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=LICENSE
-
-include $(INCLUDE_DIR)/package.mk
-include ../bbfdm/bbfdm.mk
-
-define Package/gateway-info
-  CATEGORY:=Utilities
-  TITLE:=GatewayInfo Data Model Support
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
-endef
-
-define Package/gateway-info/description
-	Package to add Device.GatewayInfo. data model support.
-endef
-
-MAKE_PATH:=src
-
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-	$(CP) ~/git/gateway-info/* $(PKG_BUILD_DIR)/
-endef
-endif
-
-define Package/gateway-info/install
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
-	$(INSTALL_DIR) $(1)/etc/bbfdm/services
-	$(INSTALL_DIR) $(1)/usr/share/bbfdm/micro_services
-	$(INSTALL_DATA) ./files/etc/config/gateway $(1)/etc/config/gateway
-	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_gateway_info.user $(1)/etc/udhcpc.user.d/udhcpc_gateway_info.user
-	$(INSTALL_BIN) ./files/etc/uci-defaults/86-set-gateway-device-info $(1)/etc/uci-defaults/
-	$(BBFDM_REGISTER_SERVICES) ./files/bbfdm_service.json $(1) $(PKG_NAME)
-	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libgwinfo.so $(1) $(PKG_NAME)
-endef
-
-$(eval $(call BuildPackage,gateway-info))
--- a/gateway-info/files/etc/config/gateway
+++ b/gateway-info/files/etc/config/gateway
@@ -1,3 +0,0 @@
-config global 'global'
-	option wan_interface 'wan'
-	option lan_interface 'lan'
--- a/gateway-info/files/etc/uci-defaults/86-set-gateway-device-info
+++ b/gateway-info/files/etc/uci-defaults/86-set-gateway-device-info
@@ -1,283 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-convert_to_hex() {
-	local val=""
-	local optval="${1}"
-	OPTIND=1
-	while getopts ":" opt "-$optval"
-	do
-		temp=$(printf "%02X" "'${OPTARG:-:}")
-		val="${val}:${temp}"
-	done
-
-	echo "${val}"
-}
-
-configure_send_op125() {
-	local sendopt="${1}"
-	local intf="${2}"
-	local uci="${3}"
-	local hex_oui=""
-	local hex_serial=""
-	local hex_class=""
-	local oui_len=0
-	local serial_len=0
-	local class_len=0
-
-	if [ "${uci}" = "network" ]; then
-		local opt125="125:00:00:0D:E9"
-	else
-		if [ -z "${sendopt}" ]; then
-			local opt125="125,00:00:0D:E9"
-		else
-			local opt125=":00:00:0D:E9"
-		fi
-	fi
-
-	config_get oui cpe manufacturer_oui ""
-	if [ -z "${oui}" ]; then
-		oui=$(db -q get device.deviceinfo.ManufacturerOUI)
-	fi
-
-	oui=$(echo "${oui}" | tr 'a-f' 'A-F')
-
-	config_get serial cpe serial_number ""
-	if [ -z "${serial}" ]; then
-		serial=$(db -q get device.deviceinfo.SerialNumber)
-	fi
-
-	config_get class cpe product_class ""
-	if [ -z "${class}" ]; then
-		class=$(db -q get device.deviceinfo.ProductClass)
-	fi
-
-	oui_len=$(echo -n "${oui}" | wc -m)
-	serial_len=$(echo -n "${serial}" | wc -m)
-	class_len=$(echo -n "${class}" | wc -m)
-
-	if [ "${oui_len}" -eq 0 ] || [ "${serial_len}" -eq 0 ]; then
-		return 0
-	fi
-
-	opt125_len=$((oui_len + serial_len + class_len))
-	if [ "${class_len}" -gt 0 ]; then
-		opt125_len=$((opt125_len + 6))
-	else
-		opt125_len=$((opt125_len + 4))
-	fi
-
-	hex_opt125_len=$(printf "%02X" "${opt125_len}")
-	opt125="${opt125}:${hex_opt125_len}"
-	hex_oui=$(convert_to_hex "${oui}")
-	if [ -z "${hex_oui}" ]; then
-		return 0
-	fi
-
-	hex_oui_len=$(printf "%02X" "${oui_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:01:${hex_oui_len}${hex_oui}"
-	else
-		opt125="${opt125}:04:${hex_oui_len}${hex_oui}"
-	fi
-
-	hex_serial=$(convert_to_hex "${serial}")
-	if [ -z "${hex_serial}" ]; then
-		return 0
-	fi
-
-	hex_serial_len=$(printf "%02X" "${serial_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:02:${hex_serial_len}${hex_serial}"
-	else
-		opt125="${opt125}:05:${hex_serial_len}${hex_serial}"
-	fi
-
-	if [ "${class_len}" -gt 0 ]; then
-		hex_class=$(convert_to_hex "${class}")
-		if [ -z "${hex_class}" ]; then
-			return 0
-		fi
-
-		hex_class_len=$(printf "%02X" "${class_len}")
-		if [ "${uci}" = "network" ]; then
-			opt125="${opt125}:03:${hex_class_len}${hex_class}"
-		else
-			opt125="${opt125}:06:${hex_class_len}${hex_class}"
-		fi
-	fi
-
-
-	if [ "${uci}" = "network" ]; then
-		new_send_opt="$sendopt $opt125"
-		uci -q set network."${intf}".sendopts="$new_send_opt"
-	else
-		new_send_opt="$sendopt$opt125"
-		uci -q add_list dhcp."${intf}".dhcp_option="$new_send_opt"
-	fi
-}
-
-check_for_suboptions() {
-	# Check if option 4 and 5 present inside enterprise id 3561
-	data=$(echo "${1}" | sed 's/://g')
-	len=$(printf "${data}"|wc -c)
-
-	rem_len="${len}"
-	while [ $rem_len -gt 8 ]; do
-		subopt_present=0
-
-		ent_id="${data:0:8}"
-		ent_id=$(printf "%d\n" "0x$ent_id")
-		if [ $ent_id -ne 3561 ]; then
-			len_val=${data:8:2}
-			data_len=$(printf "%d\n" "0x$len_val")
-			# add 4 byte for ent_id and 1 byte for len
-			data_len=$(( data_len * 2 + 10 ))
-			# move ahead data to next enterprise id
-			data=${data:"${data_len}":"${rem_len}"}
-			rem_len=$(( rem_len - data_len ))
-			continue
-		fi
-
-		# read the length of enterprise data
-		len_val=${data:8:2}
-		data_len=$(printf "%d\n" "0x$len_val")
-		# add 4 byte for ent_id and 1 byte for len
-		data_len=$(( data_len * 2 + 10 ))
-
-		len_val=${data:8:2}
-		opt_len=$(printf "%d\n" "0x$len_val")
-		if [ $opt_len -eq 0 ]; then
-			echo ${subopt_present}
-			return 0
-		fi
-
-		# populate the option data of enterprise id
-		sub_data_len=$(( opt_len * 2))
-		# starting 10 means ahead of length field
-		sub_data=${data:10:"${sub_data_len}"}
-
-		# parsing of suboption of option 125
-		while [ $sub_data_len -gt 0 ]; do
-			# get the suboption id
-			sub_opt_id=${sub_data:0:2}
-			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
-			case "${sub_opt_id}" in
-			"4") subopt_present=1
-			;;
-			"5") subopt_present=1
-			;;
-			esac
-
-			if [ ${subopt_present} -eq 1 ]; then
-				break;
-			fi
-
-			# get the length of suboption
-			sub_opt_len=${sub_data:2:2}
-			sub_opt_len=$(printf "%d\n" "0x$sub_opt_len")
-			sub_opt_len=$(( sub_opt_len * 2 ))
-
-			# add 2 bytes for sub_opt id and sub_opt len field
-			sub_opt_end=$(( sub_opt_len + 4 ))
-
-			# update the remaining sub option hex string length
-			sub_data_len=$((sub_data_len - sub_opt_end))
-
-			# fetch next sub option hex string
-			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
-		done
-
-		if [ ${subopt_present} -eq 1 ]; then
-			break;
-		else
-			# move ahead data to next enterprise id
-			rem_len=$(( rem_len - $data_len ))
-			data=${data:"${data_len}":"${rem_len}"}
-		fi
-	done
-
-	echo ${subopt_present}
-}
-
-enable_dhcp_option125() {
-	local wan="${1}"
-	local reqopts="$(uci -q get network."${wan}".reqopts)"
-	local sendopts="$(uci -q get network."${wan}".sendopts)"
-	local proto="$(uci -q get network."${wan}".proto)"
-	local newreqopts=""
-	local newsendopts=""
-	local req125_present=0
-	local send125_present=0
-	local opt125="125:"
-
-	for ropt in $reqopts; do
-		case $ropt in
-			125) req125_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	for sopt in $sendopts; do
-		if [[ "$sopt" == "$opt125"* ]]; then
-			send125_present=1
-			break
-		fi
-	done
-
-	if [ "${proto}" = "dhcp" ]; then
-		if [ ${req125_present} -eq 0 ]; then
-			newreqopts="$reqopts 125"
-			uci -q set network."${wan}".reqopts="$newreqopts"
-		fi
-
-		if [ ${send125_present} -eq 0 ]; then
-			configure_send_op125 "${sendopts}" "${wan}" "network"
-		fi
-	fi
-}
-
-enable_dnsmasq_option125() {
-	local lan="${1}"
-	local send125_present=0
-	local opt125="125,"
-
-	local proto="$(uci -q get dhcp."${lan}".dhcpv4)"
-	if [ "${proto}" = "server" ]; then
-		opt_list="$(uci -q get dhcp."${lan}".dhcp_option)"
-		base_opt=""
-
-		for sopt in $opt_list; do
-			if [[ "$sopt" == "$opt125"* ]]; then
-				send125_present=$(check_for_suboptions "${sopt:4}")
-				base_opt="${sopt}"
-				break
-			fi
-		done
-
-		if [ ${send125_present} -eq 0 ]; then
-			uci -q del_list dhcp."${lan}".dhcp_option="${base_opt}"
-			configure_send_op125 "${base_opt}" "${lan}" "dhcp"
-		fi
-	fi
-}
-
-configure_gateway_device_info() {
-	wan_intf=""
-	lan_intf=""
-
-	config_load gateway
-	config_get wan_intf global wan_interface "wan"
-	config_get lan_intf global lan_interface "lan"
-
-	# Set dhcp_option 125 for device info if not already configured
-	enable_dhcp_option125 "${wan_intf}"
-
-	if [ "${wan_intf}" != "${lan_intf}" ]; then
-		# This is extender no need to configure gateway info
-		enable_dnsmasq_option125 "${lan_intf}"
-	fi
-}
-
-configure_gateway_device_info
--- a/gryphon-led-module/Makefile
+++ b/gryphon-led-module/Makefile
@@ -18,8 +18,7 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=gryphon-led-kernel-module
-PKG_VERSION:=1.0.0
-PKG_LICENSE:=GPL-2.0
+PKG_RELEASE:=1

 include $(INCLUDE_DIR)/package.mk

@@ -27,18 +26,41 @@ define KernelPackage/$(PKG_NAME)
  SUBMENU:=LED modules
  TITLE:=LED driver for Gryphon
  FILES:=$(PKG_BUILD_DIR)/$(PKG_NAME).$(LINUX_KMOD_SUFFIX)
+  KCONFIG:=CONFIG_PACKAGE_kmod-gryphon-led-kernel-module=y
  AUTOLOAD:=$(call AutoLoad,60,$(PKG_NAME))
+  DEPENDS:= +(TARGET_brcmbca):bcm963xx-bsp
+  PKG_LICENSE:=GPLv2
+  PKG_LICENSE_URL:=
 endef

 define KernelPackage/$(PKG_NAME)/description
  This package contains the LED driver for Gryphon devices.
 endef

+EXTRA_KCONFIG:= CONFIG_RGB_LED=m
+
+MODULE_INCLUDE=-I$(PKG_BUILD_DIR)
+
 # support compilation against BCM SDK kernel
-include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)/kdevlinks/
+	$(CP) -s `pwd`/src/* $(PKG_BUILD_DIR)/kdevlinks/
+	$(CP) src/* $(PKG_BUILD_DIR)
+endef

 define Build/Compile
-	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)" modules
+	$(MAKE) -C "$(LINUX_DIR)" \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		ARCH="$(LINUX_KARCH)" \
+		SUBDIRS="$(PKG_BUILD_DIR)" \
+		EXTRA_CFLAGS="-DKERNEL_MODULE $(BUILDFLAGS) -I$(LINUX_DIR)/include -include generated/autoconf.h $(MODULE_INCLUDE)" \
+		modules
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
 endef

 $(eval $(call KernelPackage,$(PKG_NAME)))
--- a/gryphon-led-module/src/main.c
+++ b/gryphon-led-module/src/main.c
@@ -28,7 +28,6 @@
 #include <linux/gpio/consumer.h>
 #include <linux/of.h>
 #include <linux/version.h>
-#include <linux/string.h>

 #include "sk9822.h"

@@ -47,6 +46,11 @@ static ssize_t get_led_color(struct device *dev,
 	int len;
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);

+	if (IS_ERR(sk9822)) {
+		printk(KERN_ERR "Platform get drvdata returned NULL\n");
+		return -EIO;
+	}
+
 	len = scnprintf(buf, PAGE_SIZE, "%02x%02x%02x\n", sk9822->led_colors[0].r, sk9822->led_colors[0].g, sk9822->led_colors[0].b);
 	if (len <= 0) {
 		dev_err(dev, "sk9822: Invalid sprintf len: %d\n", len);
@@ -69,6 +73,11 @@ static ssize_t set_led_color(struct device *dev,
 	size_t buflen = count;
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);

+	if (IS_ERR(sk9822)) {
+		printk(KERN_ERR "Platform get drvdata returned NULL\n");
+		return -EIO;
+	}
+
 	/* strip newline */
 	if ((count > 0) && (buf[count-1] == '\n')) {
 		buflen--;
@@ -102,6 +111,11 @@ static ssize_t get_led_brightness(struct device *dev,
 	int len;
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);

+	if (IS_ERR(sk9822)) {
+		printk(KERN_ERR "Platform get drvdata returned NULL\n");
+		return -EIO;
+	}
+
 	len = scnprintf(buf, PAGE_SIZE, "%x\n", sk9822->led_brightness);
 	if (len <= 0) {
 		dev_err(dev, "sk9822: Invalid sprintf len: %d\n", len);
@@ -124,6 +138,11 @@ static ssize_t set_led_brightness(struct device *dev,
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);
 	unsigned long val = SK9822_DEFAULT_BRIGHTNESS;

+	if (IS_ERR(sk9822)) {
+		printk(KERN_ERR "Platform get drvdata returned NULL\n");
+		return -EIO;
+	}
+
 	if (kstrtoul(buf, 16, &val)) {
 		return -EINVAL;
 	}
@@ -190,33 +209,49 @@ static int canyon_led_probe(struct platform_device *pdev)

 	platform_set_drvdata(pdev, leds);

-	leds->clock_gpio = devm_gpiod_get_index(&pdev->dev, "led", 0, GPIOD_OUT_HIGH);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 3, 0)
+	leds->clock_gpio = gpiod_get_index(&pdev->dev, "led", 0);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
+	leds->clock_gpio = gpiod_get_index(&pdev->dev, "led", 0, GPIOD_OUT_HIGH);
+#else
+	dev_warn(&pdev->dev, "Kernel version Not supported\n");
+	exit(1);
+#endif
 	if (IS_ERR(leds->clock_gpio)) {
 		dev_err(&pdev->dev, "Failed to acquire clock GPIO %ld\n",
 				PTR_ERR(leds->clock_gpio));
 		return PTR_ERR(leds->clock_gpio);
 	}

-	ret = gpiod_direction_output(leds->clock_gpio, 1);
-	if (ret) {
-		dev_err(&pdev->dev, "Failed to set clock GPIO output %d\n", ret);
-		return ret;
+	gpiod_direction_output(leds->clock_gpio, 1);
+	if (IS_ERR(leds->clock_gpio)) {
+		dev_err(&pdev->dev, "Failed to acquire clock GPIO %ld\n",
+				PTR_ERR(leds->clock_gpio));
+		return PTR_ERR(leds->clock_gpio);
 	} else {
 		printk(KERN_INFO "Got clock gpio\n");
 		gpiod_set_value(leds->clock_gpio, 0);
 	}

-	leds->data_gpio = devm_gpiod_get_index(&pdev->dev, "led", 1, GPIOD_OUT_HIGH);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 3, 0)
+	leds->data_gpio = gpiod_get_index(&pdev->dev, "led", 1);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
+	leds->data_gpio = gpiod_get_index(&pdev->dev, "led", 1, GPIOD_OUT_HIGH);
+#else
+	dev_warn(&pdev->dev, "Kernel version Not supported\n");
+	exit(1);
+#endif
 	if (IS_ERR(leds->data_gpio)) {
 		dev_err(&pdev->dev, "Failed to acquire data GPIO %ld\n",
 				PTR_ERR(leds->data_gpio));
 		return PTR_ERR(leds->data_gpio);
 	}

-	ret = gpiod_direction_output(leds->data_gpio, 1);
-	if (ret) {
-		dev_err(&pdev->dev, "Failed to set data GPIO output %d\n", ret);
-		return ret;
+	gpiod_direction_output(leds->data_gpio, 1);
+	if (IS_ERR(leds->data_gpio)) {
+		dev_err(&pdev->dev, "Failed to acquire data GPIO %ld\n",
+				PTR_ERR(leds->data_gpio));
+		return PTR_ERR(leds->data_gpio);
 	} else {
 		printk(KERN_INFO "Got data gpio\n");
 		gpiod_set_value(leds->data_gpio, 0);
@@ -229,31 +264,45 @@ static int canyon_led_probe(struct platform_device *pdev)
 		return ret;
 	}

+#if 0
+	printk(KERN_INFO "Flash LEDs to verify they work\n");
+	sk9822_set_color_str(leds, "00FF00");
+	sk9822_update(leds);
+	msleep(200);
+	sk9822_set_color_str(leds, "000000");
+	sk9822_update(leds);
+#endif
+
 	printk(KERN_INFO "canyon led successfully probed\n");

 	return 0;
 }

-static void canyon_led_off(struct sk9822_leds *leds)
-{
-	leds->led_brightness = 0;
-	memset(leds->led_colors, 0, sizeof(cRGB) * leds->led_count);
-	sk9822_update(leds);
-}
-
 static int canyon_led_remove(struct platform_device *pdev)
 {
+	struct sk9822_leds *leds;
+
 	sysfs_remove_group(&pdev->dev.kobj, &sk9822_dev_attr_group);
-	canyon_led_off(platform_get_drvdata(pdev));
+
+	leds = platform_get_drvdata(pdev);
+	if (IS_ERR(leds)) {
+		printk(KERN_ERR "Platform get drvdata returned NULL\n");
+		return -1;
+	}
+
+	if (leds->clock_gpio) {
+		gpiod_put(leds->clock_gpio);
+	}
+
+	if (leds->data_gpio) {
+		gpiod_put(leds->data_gpio);
+	}
+
+	printk(KERN_NOTICE "Bye, bye\n");

 	return 0;
 }

-static void canyon_led_shutdown(struct platform_device *pdev)
-{
-	canyon_led_off(platform_get_drvdata(pdev));
-}
-
 /**
 * platform driver metadata
 */
@@ -266,7 +315,6 @@ static const struct of_device_id canyon_led_of_ids[] = {
 static struct platform_driver canyon_led = {
 	.probe = &canyon_led_probe,
 	.remove = &canyon_led_remove,
-	.shutdown = &canyon_led_shutdown,
 	.driver = {
 		.name = DRIVER_NAME,
 		.owner = THIS_MODULE,
--- a/hostmngr/Makefile
+++ b/hostmngr/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=hostmngr
-PKG_VERSION:=1.2.15
+PKG_VERSION:=1.2.14

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=3b50823da3f2904191332634c1e45d46090def1d
+PKG_SOURCE_VERSION:=6ea9fdb38a8e067b850841d6e7f7266bf76c363a
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
--- a/hostmngr/files/scripts/hosts_acl.sh
+++ b/hostmngr/files/scripts/hosts_acl.sh
@@ -271,14 +271,14 @@ touch $ACL_FILE
 echo "iptables -w -F hosts_forward" >> $ACL_FILE
 echo "ip6tables -w -F hosts_forward" >> $ACL_FILE

-hosts_ipv4_forward=$(iptables -w -t filter --list -n | grep hosts_forward)
+hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward)
 if [ -z "$hosts_ipv4_forward" ]; then
 	echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
 	[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
 fi

-hosts_ipv6_forward=$(ip6tables -w -t filter --list -n | grep hosts_forward)
+hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward)
 if [ -z "$hosts_ipv6_forward" ]; then
 	echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
--- a/icwmp/Makefile
+++ b/icwmp/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2025 IOPSYS Software Solutions AB
+# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
 #
 # This is free software, licensed under the BSD-3-Clause
 # See /LICENSE for more information.
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=icwmp
-PKG_VERSION:=9.8.36
+PKG_VERSION:=9.8.29

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=7c5e02a81d88b78da1394b0729e93cf3313b293d
+PKG_SOURCE_VERSION:=4075ec2c530fb1590aa484f98ed37c9dda5216f5
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -75,6 +75,7 @@ define Package/icwmp/install
 	$(INSTALL_BIN) ./files/etc/icwmpd/vendor_log.sh $(1)/etc/icwmpd/vendor_log.sh
 	$(INSTALL_BIN) ./files/etc/icwmpd/firewall.cwmp $(1)/etc/icwmpd/firewall.cwmp
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
+	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/libcwmpdm.so $(1) $(PKG_NAME)
--- a/icwmp/files/etc/config/cwmp
+++ b/icwmp/files/etc/config/cwmp
@@ -13,7 +13,6 @@ config acs 'acs'
 	# possible configs interval :[1000:65535]
 	option retry_interval_multiplier '2000'
 	option skip_dhcp_boot_options '0'
-	option insecure_enable '0'

 config cpe 'cpe'
 	option enable '1'
@@ -42,7 +41,6 @@ config cpe 'cpe'
 	option disable_gatewayinfo '0'
 	option fw_upgrade_keep_settings '1'
 	option clock_sync_timeout '128'
-	option disable_datatype_check '0'
 	
 config lwn 'lwn'
 	option enable '0'
--- a/icwmp/files/etc/init.d/icwmpd
+++ b/icwmp/files/etc/init.d/icwmpd
@@ -73,6 +73,231 @@ enable_dhcp_option43() {
 	fi
 }

+convert_to_hex() {
+	local val=""
+	local optval="${1}"
+	OPTIND=1
+	while getopts ":" opt "-$optval"
+	do
+		temp=$(printf "%02X" "'${OPTARG:-:}")
+		val="${val}:${temp}"
+	done
+
+	echo "${val}"
+}
+
+configure_send_op125() {
+	local sendopt="${1}"
+	local intf="${2}"
+	local uci="${3}"
+	local hex_oui=""
+	local hex_serial=""
+	local hex_class=""
+	local oui_len=0
+	local serial_len=0
+	local class_len=0
+
+	if [ "${uci}" = "network" ]; then
+		local opt125="125:00:00:0D:E9"
+	else
+		if [ -z "${sendopt}" ]; then
+			local opt125="125,00:00:0D:E9"
+		else
+			local opt125=":00:00:0D:E9"
+		fi
+	fi
+
+	config_get oui cpe manufacturer_oui ""
+	if [ -z "${oui}" ]; then
+		oui=$(db -q get device.deviceinfo.ManufacturerOUI)
+	fi
+
+	oui=$(echo "${oui}" | tr 'a-f' 'A-F')
+
+	config_get serial cpe serial_number ""
+	if [ -z "${serial}" ]; then
+		serial=$(db -q get device.deviceinfo.SerialNumber)
+	fi
+
+	config_get class cpe product_class ""
+	if [ -z "${class}" ]; then
+		class=$(db -q get device.deviceinfo.ProductClass)
+	fi
+
+	oui_len=$(echo -n "${oui}" | wc -m)
+	serial_len=$(echo -n "${serial}" | wc -m)
+	class_len=$(echo -n "${class}" | wc -m)
+
+	if [ "${oui_len}" -eq 0 ] || [ "${serial_len}" -eq 0 ]; then
+		return 0
+	fi
+
+	opt125_len=$((oui_len + serial_len + class_len))
+	if [ "${class_len}" -gt 0 ]; then
+		opt125_len=$((opt125_len + 6))
+	else
+		opt125_len=$((opt125_len + 4))
+	fi
+
+	hex_opt125_len=$(printf "%02X" "${opt125_len}")
+	opt125="${opt125}:${hex_opt125_len}"
+	hex_oui=$(convert_to_hex "${oui}")
+	if [ -z "${hex_oui}" ]; then
+		return 0
+	fi
+
+	hex_oui_len=$(printf "%02X" "${oui_len}")
+	if [ "${uci}" = "network" ]; then
+		opt125="${opt125}:01:${hex_oui_len}${hex_oui}"
+	else
+		opt125="${opt125}:04:${hex_oui_len}${hex_oui}"
+	fi
+
+	hex_serial=$(convert_to_hex "${serial}")
+	if [ -z "${hex_serial}" ]; then
+		return 0
+	fi
+
+	hex_serial_len=$(printf "%02X" "${serial_len}")
+	if [ "${uci}" = "network" ]; then
+		opt125="${opt125}:02:${hex_serial_len}${hex_serial}"
+	else
+		opt125="${opt125}:05:${hex_serial_len}${hex_serial}"
+	fi
+
+	if [ "${class_len}" -gt 0 ]; then
+		hex_class=$(convert_to_hex "${class}")
+		if [ -z "${hex_class}" ]; then
+			return 0
+		fi
+
+		hex_class_len=$(printf "%02X" "${class_len}")
+		if [ "${uci}" = "network" ]; then
+			opt125="${opt125}:03:${hex_class_len}${hex_class}"
+		else
+			opt125="${opt125}:06:${hex_class_len}${hex_class}"
+		fi
+	fi
+
+
+	if [ "${uci}" = "network" ]; then
+		new_send_opt="$sendopt $opt125"
+		uci -q set network."${intf}".sendopts="$new_send_opt"
+	else
+		new_send_opt="$sendopt$opt125"
+		uci -q add_list dhcp."${intf}".dhcp_option="$new_send_opt"
+	fi
+}
+
+check_for_suboptions() {
+	# Check if option 4 and 5 present inside enterprise id 3561
+	data=$(echo "${1}" | sed 's/://g')
+	len=$(printf "${data}"|wc -c)
+
+	rem_len="${len}"
+	while [ $rem_len -gt 8 ]; do
+		subopt_present=0
+
+		ent_id="${data:0:8}"
+		ent_id=$(printf "%d\n" "0x$ent_id")
+		if [ $ent_id -ne 3561 ]; then
+			len_val=${data:8:2}
+			data_len=$(printf "%d\n" "0x$len_val")
+			# add 4 byte for ent_id and 1 byte for len
+			data_len=$(( data_len * 2 + 10 ))
+			# move ahead data to next enterprise id
+			data=${data:"${data_len}":"${rem_len}"}
+			rem_len=$(( rem_len - data_len ))
+			continue
+		fi
+
+		# read the length of enterprise data
+		len_val=${data:8:2}
+		data_len=$(printf "%d\n" "0x$len_val")
+		# add 4 byte for ent_id and 1 byte for len
+		data_len=$(( data_len * 2 + 10 ))
+
+		len_val=${data:8:2}
+		opt_len=$(printf "%d\n" "0x$len_val")
+		if [ $opt_len -eq 0 ]; then
+			echo ${subopt_present}
+			return 0
+		fi
+
+		# populate the option data of enterprise id
+		sub_data_len=$(( opt_len * 2))
+		# starting 10 means ahead of length field
+		sub_data=${data:10:"${sub_data_len}"}
+
+		# parsing of suboption of option 125
+		while [ $sub_data_len -gt 0 ]; do
+			# get the suboption id
+			sub_opt_id=${sub_data:0:2}
+			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
+			case "${sub_opt_id}" in
+			"4") subopt_present=1
+			;;
+			"5") subopt_present=1
+			;;
+			esac
+
+			if [ ${subopt_present} -eq 1 ]; then
+				break;
+			fi
+
+			# get the length of suboption
+			sub_opt_len=${sub_data:2:2}
+			sub_opt_len=$(printf "%d\n" "0x$sub_opt_len")
+			sub_opt_len=$(( sub_opt_len * 2 ))
+
+			# add 2 bytes for sub_opt id and sub_opt len field
+			sub_opt_end=$(( sub_opt_len + 4 ))
+
+			# update the remaining sub option hex string length
+			sub_data_len=$((sub_data_len - sub_opt_end))
+
+			# fetch next sub option hex string
+			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
+		done
+
+		if [ ${subopt_present} -eq 1 ]; then
+			break;
+		else
+			# move ahead data to next enterprise id
+			rem_len=$(( rem_len - $data_len ))
+			data=${data:"${data_len}":"${rem_len}"}
+		fi
+	done
+
+	echo ${subopt_present}
+}
+
+enable_dnsmasq_option125() {
+	local lan="${1}"
+	local send125_present=0
+	local opt125="125,"
+
+	local proto="$(uci -q get dhcp."${lan}".dhcpv4)"
+	if [ "${proto}" = "server" ]; then
+		opt_list="$(uci -q get dhcp."${lan}".dhcp_option)"
+		base_opt=""
+
+		for sopt in $opt_list; do
+			if [[ "$sopt" == "$opt125"* ]]; then
+				send125_present=$(check_for_suboptions "${sopt:4}")
+				base_opt="${sopt}"
+				break
+			fi
+		done
+
+		if [ ${send125_present} -eq 0 ]; then
+			uci -q del_list dhcp."${lan}".dhcp_option="${base_opt}"
+			configure_send_op125 "${base_opt}" "${lan}" "dhcp"
+			ubus call uci commit '{"config":"dhcp"}'
+		fi
+	fi
+}
+
 set_vendor_id() {
 	local wan="${1}"
 	local proto="$(uci -q get network."${wan}".proto)"
@@ -89,6 +314,51 @@ set_vendor_id() {
 	fi
 }

+enable_dhcp_option125() {
+	local wan="${1}"
+	local reqopts="$(uci -q get network."${wan}".reqopts)"
+	local sendopts="$(uci -q get network."${wan}".sendopts)"
+	local proto="$(uci -q get network."${wan}".proto)"
+	local newreqopts=""
+	local newsendopts=""
+	local req125_present=0
+	local send125_present=0
+	local network_uci_update=0
+	local opt125="125:"
+
+	for ropt in $reqopts; do
+		case $ropt in
+			125) req125_present=1 ;;
+			*) ;;
+		esac
+	done
+
+	for sopt in $sendopts; do
+		if [[ "$sopt" == "$opt125"* ]]; then
+			send125_present=1
+			break
+		fi
+	done
+
+	if [ "${proto}" = "dhcp" ]; then
+		if [ ${req125_present} -eq 0 ]; then
+			newreqopts="$reqopts 125"
+			uci -q set network."${wan}".reqopts="$newreqopts"
+			network_uci_update=1
+		fi
+
+		if [ ${send125_present} -eq 0 ]; then
+			configure_send_op125 "${sendopts}" "${wan}" "network"
+			network_uci_update=1
+		fi
+	fi
+
+	if [ ${network_uci_update} -eq 1 ]; then
+		uci commit network
+		ubus call network reload
+	fi
+}
+
 wait_for_resolvfile() {
 	local time=$1
 	local tm=1
@@ -211,10 +481,13 @@ validate_defaults() {
 }

 boot() {
-	local dhcp_discovery wan_interface skip_dhcp_boot_options
+	local dhcp_discovery wan_interface skip_dhcp_boot_options disable_gatewayinfo

 	config_load cwmp
 	config_get wan_interface cpe default_wan_interface "wan"
+	config_get disable_gatewayinfo cpe disable_gatewayinfo "0"
+
+	config_get dhcp_discovery acs dhcp_discovery "0"
 	config_get dhcp_discovery acs dhcp_discovery "0"
 	config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0"

@@ -227,6 +500,15 @@ boot() {
 		fi
 	fi

+	config_get lan_interface cpe default_lan_interface ""
+	if [ -n "${lan_interface}" ]; then
+		if [ "${disable_gatewayinfo}" -ne 1 ]; then
+			# Set dhcp_option 125 if not already configured
+			enable_dhcp_option125 "${wan_interface}"
+			enable_dnsmasq_option125 "${lan_interface}"
+		fi
+	fi
+	
 	config_get ssl_capath acs ssl_capath

 	if [ -n "${ssl_capath}" ]; then
@@ -263,14 +545,7 @@ start_service() {

 stop_service()
 {
-	local switch_bank
-
 	copy_cwmp_varstate_files_to_etc
-	
-	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
-	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
-		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
-	fi
 }

 reload_service() {
--- a/gateway-info/files/etc/udhcpc.user.d/udhcpc_gateway_info.user
+++ b/gateway-info/files/etc/udhcpc.user.d/udhcpc_gateway_info.user
@@ -110,8 +110,13 @@ get_vivsoi() {
 	done
 }

-config_load gateway
-config_get wan_intf global wan_interface "wan"
+config_load cwmp
+config_get_bool enable_cwmp cpe enable 1
+config_get wan_intf cpe default_wan_interface "wan"
+
+if [ "$enable_cwmp" = "0" ]; then
+	return 0
+fi

 if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	if [ -n "$opt125" ]; then
@@ -120,15 +125,15 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	fi

 	mkdir -p /var/state
-	touch /var/state/gwinfo
-	sec=$(uci -q -c /var/state get gwinfo.gatewayinfo)
+	touch /var/state/icwmp
+	sec=$(uci -q -c /var/state get icwmp.gatewayinfo)
 	if [ -z "${sec}" ]; then
-		sec=$(uci -q -c /var/state add gwinfo gatewayinfo)
-		uci -q -c /var/state rename gwinfo."${sec}"="gatewayinfo"
+		sec=$(uci -q -c /var/state add icwmp gatewayinfo)
+		uci -q -c /var/state rename icwmp."${sec}"="gatewayinfo"
 	fi

-	uci -q -c /var/state set gwinfo.gatewayinfo.class="$CLASS"
-	uci -q -c /var/state set gwinfo.gatewayinfo.oui="$OUI"
-	uci -q -c /var/state set gwinfo.gatewayinfo.serial="$SERIAL"
-	uci -q -c /var/state commit gwinfo
+	uci -q -c /var/state set icwmp.gatewayinfo.class="$CLASS"
+	uci -q -c /var/state set icwmp.gatewayinfo.oui="$OUI"
+	uci -q -c /var/state set icwmp.gatewayinfo.serial="$SERIAL"
+	uci -q -c /var/state commit icwmp
 fi
--- a/icwmp/files/lib/upgrade/keep.d/icwmp
+++ b/icwmp/files/lib/upgrade/keep.d/icwmp
@@ -1,2 +1,2 @@
-/etc/icwmpd/icwmpd_backup_session.xml
+/var/run/icwmpd/icwmpd_backup_session.xml
 /etc/icwmpd/cwmp
--- a/ieee1905/Makefile
+++ b/ieee1905/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.3
+PKG_VERSION:=8.7.0

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f3f4dbaac6b2ff6cfd38852e8625625d24996a53
+PKG_SOURCE_VERSION:=e65188bb2a05cf83f50ecf2ef8042cf75abe94a0
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
--- a/ipt-trigger/Makefile
+++ b/ipt-trigger/Makefile
@@ -24,7 +24,7 @@ define KernelPackage/ipt-trigger
  SUBMENU:=Other modules
  TITLE:=Kernel module for iptables port trigger
  FILES:=$(PKG_BUILD_DIR)/src/ipv4/ipt_TRIGGER.ko
-  DEPENDS+=+kmod-nf-nat +kmod-ipt-core
+  DEPENDS+=+kmod-nf-nat +xtables-legacy
  AUTOLOAD:=$(call AutoLoad,30,ipt_TRIGGER,1)
  KCONFIG:=
 endef
@@ -32,7 +32,7 @@ endef
 define KernelPackage/ip6t-trigger
  SUBMENU:=Other modules
  TITLE:=Kernel module for ip6tables port trigger
-  DEPENDS+=+kmod-nf-nat +kmod-ipt-core
+  DEPENDS+=+kmod-nf-nat +xtables-legacy
  FILES:=$(PKG_BUILD_DIR)/src/ipv6/ip6t_TRIGGER.ko
  AUTOLOAD:=$(call AutoLoad,30,ip6t_TRIGGER,1)
  KCONFIG:=
@@ -46,7 +46,9 @@ define KernelPackage/ip6t-trigger/description
 	Kernel module to enable port trigger for ip6tables
 endef

-include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+ifeq ($(CONFIG_TARGET_brcmbca),y)
+	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+endif

 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -65,6 +67,8 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/include/ipt_TRIGGER.h $(1)/include/linux/netfilter_ipv4/
 endef

+KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
+
 define Build/Compile
 	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src/ipv4/" modules
 	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src/ipv6/" modules
--- a/libvoice-airoha/Makefile
+++ b/libvoice-airoha/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.0.12
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE

@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=1ded9a4bb0f2f8a5f3989799b5500e328e086c99
+PKG_SOURCE_VERSION:=68f0b4f3edecea9b8f05e72b6bbf3952d3946b7c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha
+++ b/libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-hasVoice=$(db -q get hw.board.hasVoice)
-
-[ "$hasVoice" = "1" ] || exit 0
-
-SLIC=`cat /proc/device-tree/airoha-voice/slic-type`
-[ "${SLIC#pef}" != "${SLIC}" ] || exit 0
-
-echo Configure TxGain and RxGain for MXL SLIC $SLIC
-
-ports=$(db -q get hw.board.VoicePorts)
-for p in $(seq 0 $((ports-1))); do
-    uci set asterisk.extension${p}.txgain='10'
-    uci set asterisk.extension${p}.rxgain='-15'
-done
-uci commit asterisk
--- a/libwifi/Makefile
+++ b/libwifi/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libwifi
-PKG_VERSION:=7.10.3
+PKG_VERSION:=7.9.0

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=c271aaf54feb7491bb7b46631ba014991eea8cb9
+PKG_SOURCE_VERSION:=b4d974c213eb2ad0b98165241b83bbda013ba452
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -60,11 +60,11 @@ else
  TARGET_CFLAGS +=-DIOPSYS_MAC80211
 endif

-ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
+ifneq ($(CONFIG_PACKAGE_kmod-mt7915e),)
  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
 endif

-PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523
+PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e:mt76

 ifneq ($(CONFIG_PACKAGE_libwifi),)
 TARGET_CFLAGS +=-DHAS_WIFI
--- a/logmngr/Makefile
+++ b/logmngr/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=logmngr
-PKG_VERSION:=1.0.9
+PKG_VERSION:=1.0.8

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
-PKG_SOURCE_VERSION:=e2ffe2b9e7722ce19dff7db6e47e62a305dc568b
+PKG_SOURCE_VERSION:=7c2056c9f5dc23fd1260846c72210365ec69c882
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -65,7 +65,7 @@ endif
 ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1) core
+	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1)
 ifeq ($(CONFIG_LOGMNGR_LOGROTATE),y)
 	$(INSTALL_BIN) ./files/11-logmngr_logrotate_config_generate $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/lib/logmngr/logrotate.sh $(1)/lib/logmngr/
--- a/logmngr/files/10-logmngr_config_generate
+++ b/logmngr/files/10-logmngr_config_generate
@@ -25,3 +25,4 @@ uci set logmngr.lr1=log_remote
 uci set logmngr.lr1.enable=0
 uci set logmngr.lr1.action="ac1"
 uci set logmngr.lr1.port="514"
+uci commit logmngr
--- a/logmngr/files/11-logmngr_logrotate_config_generate
+++ b/logmngr/files/11-logmngr_logrotate_config_generate
@@ -10,4 +10,5 @@ if [ -s "/etc/config/logmngr" ]; then
 	uci set logmngr.lro1.file_name="/var/log/messages"
 	uci set logmngr.lro1.file_count=1
 	uci set logmngr.lro1.max_file_size=1000000
+	uci commit logmngr
 fi
--- a/map-agent/Makefile
+++ b/map-agent/Makefile
@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.3.3
+PKG_VERSION:=6.3.1.2
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=b46d80ce97e5ca28a42605bca44fd00f16f18e06
+PKG_SOURCE_VERSION:=4547277f0637a4e7f18ff676350400efb4e37138
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>

 PKG_LICENSE:=BSD-3-Clause
--- a/map-agent/files/etc/hotplug.d/ethernet/map-topology-discovery
+++ b/map-agent/files/etc/hotplug.d/ethernet/map-topology-discovery
@@ -15,7 +15,7 @@ rc="$?"
 issue_discovery() {
 	local iface="$1"

-	res=$(ubus -t5 call ieee1905 buildcmdu "{\"type\":0, \"ifname\":\"${iface}\"}") > /dev/null 2>&1
+	res=$(ubus -t5 call ieee1905 buildcmdu "{\"type\":0, \"ifname\":\"${iface}\"}" > /dev/null 2>&1)
 	json_load "$res" > /dev/null 2>&1
 	json_get_var data data

--- a/map-controller/Config.in
+++ b/map-controller/Config.in
@@ -10,11 +10,6 @@ config CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable extra features through Easymesh vendor extension"
 	default y

-config CONTROLLER_PROVISION_DISABLED_AP
-	depends on CONTROLLER_EASYMESH_VENDOR_EXT
-	bool "Enable vendor extension that provisions disabled APs to agents"
-	default n
-
 config CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
 	hex "Vendor OUI default"
 	default 0xB456FA
--- a/map-controller/Makefile
+++ b/map-controller/Makefile
@@ -1,15 +1,14 @@
 #
-# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-# Copyright (C) 2025 Genexis AB
+# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-controller
-PKG_VERSION:=6.3.0.1
+PKG_VERSION:=6.2.2.1
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=1f800d31f299a78cf45b3982bf340a078a13effc
-PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
+PKG_SOURCE_VERSION:=f3d3ef332678f6417d78529323119a71ba715337
+PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
@@ -27,7 +26,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-controller
  SECTION:=utils
  CATEGORY:=Utilities
-  TITLE:=WiFi Multi-AP Controller (supporting EasyMesh R6)
+  TITLE:=WiFi Multi-AP Controller (EasyMesh R2)
  DEPENDS:=+libuci +libubox +ubus +libeasy +libwifiutils +libieee1905 +ieee1905 +ieee1905-map-plugin \
 	   +CONTROLLER_USE_LIBDPP:libdpp
 endef
@@ -62,9 +61,6 @@ endif
 ifeq ($(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT),y)
 TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=$(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT_OUI)
 TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
-ifeq ($(CONFIG_CONTROLLER_PROVISION_DISABLED_AP),y)
-TARGET_CFLAGS += -DPROVISION_DISABLED_AP
-endif
 endif

 ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)
--- a/map-controller/files/etc/config/mapcontroller
+++ b/map-controller/files/etc/config/mapcontroller
@@ -14,17 +14,23 @@ config controller 'controller'
 	option de_collect_interval '60'

 config sta_steering
-	option enable_sta_steer '1'
+	option steer_module 'rcpi'
+	option enabled '1'
+	option enable_sta_steer '0'
 	option enable_bsta_steer '0'
+	option use_bcn_metrics '0'
+	option use_usta_metrics '0'
+	option bandsteer '0'
+	option diffsnr '8'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'
 	option report_rcpi_threshold_2g '80'
 	option report_rcpi_threshold_5g '96'
 	option report_rcpi_threshold_6g '96'
-	option plugins_enabled '1'
-	option plugins_policy 'any'
-	list plugins 'rcpi'
+	option steer_retry_int '30'
+	option steer_int '180'
+	option steer_disable_int '600'

 ###################
 # Default AP sections credentials will by updated
--- a/map-controller/files/etc/init.d/mapcontroller
+++ b/map-controller/files/etc/init.d/mapcontroller
@@ -172,7 +172,7 @@ start_service() {
 	create_dir

 	procd_open_instance
-	procd_set_param command "/usr/sbin/mapcontroller" "-d" "-o" "/tmp/mapcontroller.log" "-f"
+	procd_set_param command "/usr/sbin/mapcontroller" "-d"

 	if [ -f /etc/config/mapagent ]; then
 	        local local_ctrl=0
--- a/map-topology/Config.in
+++ b/map-topology/Config.in
@@ -0,0 +1,26 @@
+if (PACKAGE_map-topology)
+
+menu "Configurations"
+
+config TOPOLOGYD_EASYMESH_VENDOR_EXT
+	bool "Enable extra features through Easymesh vendor extension"
+	default y
+
+config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
+	hex "Vendor OUI default"
+	default 0xB456FA
+
+config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI
+	hex "Vendor OUI in 0xAABBCC format"
+	default TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
+	help
+	Extra features not covered by the base EasyMesh specification can be
+	enabled through TOPOLOGYD_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
+	through which such features would be exposed.
+
+config TOPOLOGYD_HOST_WAN_STATS
+	bool "Enable wan statistics collection per hosts"
+	default y
+
+endmenu
+endif
--- a/map-topology/Makefile
+++ b/map-topology/Makefile
@@ -0,0 +1,71 @@
+#
+# Copyright (C) 2020-22 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=map-topology
+PKG_VERSION:=2.5.2.1
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_VERSION:=914f1ead2e65c1e24ed2d8786aa883730db2208f
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-topology.git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+endif
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DEPENDS:=ieee1905
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/map-topology
+	CATEGORY:=Utilities
+	DEPENDS:=+libubox +ubus +libpthread +libuci +libeasy \
+		 +libavahi-nodbus-support +libnetfilter-conntrack +libnfnetlink +libmnl
+	TITLE:=Utility to build topology of a multi-AP network
+endef
+
+define Package/map-topology/config
+	source "$(SOURCE)/Config.in"
+endef
+
+TARGET_CFLAGS += \
+	-Wno-error=deprecated-declarations \
+	-I$(STAGING_DIR)/usr/include \
+	-I$(STAGING_DIR)/usr/include/libnl3 \
+	-I$(STAGING_DIR)/usr/include/libnetfilter_conntrack \
+	-D_GNU_SOURCE
+
+define Package/map-topology/description
+	Constructs network topology and show it as json structure over UBUS
+endef
+
+MAKE_PATH:=src
+
+ifeq ($(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT),y)
+TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=$(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI)
+endif
+
+ifeq ($(CONFIG_TOPOLOGYD_HOST_WAN_STATS),y)
+TARGET_CFLAGS += -DHOST_WAN_STATS
+endif
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+        $(CP) -rf ~/git/map-topology/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/map-topology/install
+	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/topologyd $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,map-topology))
--- a/map-topology/files/etc/config/topology
+++ b/map-topology/files/etc/config/topology
@@ -0,0 +1,7 @@
+
+config topology 'topology'
+	option enabled '1'
+	option depth '8'
+	option interval '60'
+	option maxlog '32'
+	option profile '4'
--- a/map-topology/files/etc/init.d/topologyd
+++ b/map-topology/files/etc/init.d/topologyd
@@ -0,0 +1,93 @@
+#!/bin/sh /etc/rc.common
+
+START=97
+STOP=21
+
+USE_PROCD=1
+
+IS_CFG_VALID=1
+
+validate_topology_config() {
+	uci_validate_section topology topology "topology" \
+			'enabled:bool:true' \
+			'depth:range(0,16)' \
+			'interval:range(0,65535)' \
+			'maxlog:range(0,128)' \
+
+	[ "$?" -ne 0 ] && {
+		logger -s -t "topology" "Validation of topology UCI file failed"
+		return 1
+	}
+	return 0
+}
+
+validate_global_section() {
+	uci_validate_section hosts global "global" \
+		'ageing_timer:uinteger' \
+		'reboot_persistent:bool'
+
+	[ "$?" -ne 0 ] && {
+		logger -s -t "hosts" "Validation of global section failed"
+		IS_CFG_VALID=0
+		return 1
+	}
+	return 0
+}
+
+validate_host_section() {
+	local section="$1"
+
+	uci_validate_section hosts $section "${1}" \
+			'macaddr:macaddr' \
+			'interface_type:or("wifi","eth")' \
+			'active:bool' \
+			'active_last_change:string'
+
+	[ "$?" -ne 0 ] && {
+		logger -s -t "hosts" "Validation of host section $section failed"
+		IS_CFG_VALID=0
+		return 1
+	}
+	return 0
+}
+
+validate_hosts_config() {
+	IS_CFG_VALID=1
+
+	validate_global_section &&
+		config_foreach validate_host_section host
+
+	[ "$IS_CFG_VALID" -ne 1 ] && {
+		logger -s -t "topology" "Validation of hosts UCI file failed"
+		return 1
+	}
+	return 0
+}
+
+start_service() {
+	config_load "topology"
+	validate_topology_config || return 1;
+
+	config_load "hosts"
+	validate_hosts_config || return 1;
+
+	if [ -f "/proc/sys/net/netfilter/nf_conntrack_timestamp" ]; then
+		echo 1 >/proc/sys/net/netfilter/nf_conntrack_timestamp
+	fi
+
+	procd_open_instance
+        procd_set_param command "/usr/sbin/topologyd"
+	procd_set_param respawn
+#	procd_set_param stdout 1
+	procd_set_param stderr 1
+	procd_close_instance
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "network"
+}
+
+reload_service() {
+	procd_send_signal "topologyd"
+}
--- a/mcastmngr/Makefile
+++ b/mcastmngr/Makefile
@@ -6,14 +6,14 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=mcastmngr
-PKG_VERSION:=1.2.11
+PKG_VERSION:=1.2.10

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/mcastmngr.git
-PKG_SOURCE_VERSION:=17d73b8f1947823a0d32ed589a240a2642904fe1
+PKG_SOURCE_VERSION:=275d7e5448333e53f8bc980344b39f7f577d4664
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/mcastmngr/files/common/etc/uci-defaults/61-mcast_config_generate
+++ b/mcastmngr/files/common/etc/uci-defaults/61-mcast_config_generate
@@ -16,6 +16,8 @@ generate_igmp_global_params(){
 	uci set mcast.@mld[-1].mldv2_unsolicited_report_interval="1"
 	uci set mcast.@mld[-1].qrv="2"
 	uci set mcast.@mld[-1].force_version="0"
+
+	uci commit mcast
 }

 generate_mld_proxy_config(){
@@ -71,6 +73,8 @@ generate_mcast_config(){

 	generate_igmp_proxy_config "$up_itf"
 	generate_mld_proxy_config "$up_itf"
+
+	uci commit mcast
 }

 interfaces_ok(){
--- a/mcastmngr/files/linux/etc/firewall.mcast
+++ b/mcastmngr/files/linux/etc/firewall.mcast
@@ -1,2 +1,2 @@
 # Forward multicast packets from wan to lan
-iptables -w -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT
+iptables -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT
--- a/netmngr/Makefile
+++ b/netmngr/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=netmngr
-PKG_VERSION:=1.1.5
+PKG_VERSION:=1.1.3

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=77158d2ee3ac2d144681f6352d6d18dde0db4b22
+PKG_SOURCE_VERSION:=f9a0e9490743c55bf7c6df02495b4dbba8c66aeb
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -74,6 +74,7 @@ endif
 define Package/netmngr/install
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libnetmngr.so $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/src/libinterface_stack.so $(1)
 endef

 ifeq ($(LOCAL_DEV),1)
--- a/netmngr/bbfdm_service.json
+++ b/netmngr/bbfdm_service.json
@@ -27,10 +27,6 @@
      {
        "parent_dm": "Device.",
        "object": "IPv6rd"
-      },
-      {
-        "parent_dm": "Device.",
-        "object": "InterfaceStack"
      }
    ],
    "config": {
--- a/netmode/files/etc/uci-defaults/62-netmode.l2mode
+++ b/netmode/files/etc/uci-defaults/62-netmode.l2mode
@@ -99,10 +99,6 @@ l2_network_config() {
 	uci -q set cwmp.cpe.default_wan_interface="lan"
 	uci -q commit cwmp

-	# Update gateway WAN Interface
-	uci -q set gateway.global.wan_interface="lan"
-	uci -q commit gateway
-
 	# disable firewall
 	uci -q set firewall.globals.enabled="0"
 	uci -q commit firewall
--- a/obuspa/Config.in
+++ b/obuspa/Config.in
@@ -66,8 +66,4 @@ config OBUSPA_CWMP_DATAMODEL_SUPPORT
 config OBUSPA_VENDOR_PREFIX
 	string "Package specific datamodel Vendor Prefix for TR181 extensions"
 	default ""
-
-config OBUSPA_OVERRIDE_CT_ROLE
-	bool "Override ControllerTrust role with factory default roles"
-	default y
 endif
--- a/obuspa/Makefile
+++ b/obuspa/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=obuspa
-PKG_VERSION:=9.0.4.11
+PKG_VERSION:=9.0.4.4

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=79e066a3997b46ea3bcc48c4589c5a4c4cb05630
+PKG_SOURCE_VERSION:=1e5638d104075741a62d777ea9a2c508740c3634
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -145,9 +145,6 @@ ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL),y)
 	$(INSTALL_BIN) ./files/etc/init.d/usptest $(1)/etc/init.d/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/55-test-usp-controller $(1)/etc/uci-defaults/
 endif
-ifeq ($(CONFIG_OBUSPA_OVERRIDE_CT_ROLE),y)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
-endif
 endef

 $(eval $(call BuildPackage,obuspa))
--- a/obuspa/bbfdm_service.json
+++ b/obuspa/bbfdm_service.json
@@ -2,20 +2,22 @@
  "daemon": {
    "enable": "1",
    "service_name": "obuspa",
-    "proto": "cwmp",
    "unified_daemon": false,
    "services": [
      {
        "parent_dm": "Device.",
-        "object": "USPAgent"
+        "object": "USPAgent",
+        "proto": "cwmp"
      },
      {
        "parent_dm": "Device.",
-        "object": "MQTT"
+        "object": "MQTT",
+        "proto": "cwmp"
      },
      {
        "parent_dm": "Device.",
-        "object": "STOMP"
+        "object": "STOMP",
+        "proto": "cwmp"
      }
    ],
    "config": {
--- a/obuspa/files/etc/config/obuspa
+++ b/obuspa/files/etc/config/obuspa
@@ -5,6 +5,7 @@ config obuspa 'global'
 	option log_level '2'
 	option prototrace '0'
 	option db_file '/etc/obuspa/usp.db'
+	#option max_group_sep '2'
 	#option ipc_timeout '30'
 	#option max_cache_time '600'
 	#option trust_cert '/etc/obuspa/ca.pem'
--- a/obuspa/files/etc/init.d/obuspa
+++ b/obuspa/files/etc/init.d/obuspa
@@ -290,16 +290,6 @@ get_role_index()
 		return 0
 	fi

-	if [ "${name}" = "full_access" ] || [ "${name}" = "Full Access" ]; then
-		echo "Device.LocalAgent.ControllerTrust.Role.1"
-		return 0
-	fi
-
-	if [ "${name}" = "Untrusted" ]; then
-		echo "Device.LocalAgent.ControllerTrust.Role.1"
-		return 0
-	fi
-
 	# Get if from CTRUST file first if present, then from dbdump and then use default Untrusted role
 	if [ -f "${CTRUST_RESET_FILE}" ]; then
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
@@ -968,6 +958,12 @@ db_init()
 		mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
 	fi

+	if [ -f "${role_file}" ]; then
+		configure_ctrust_role "${role_file}"
+		uci_set obuspa global role_file ""
+		uci commit ${CONFIGURATION}
+	fi
+
 	# Dump datamodel parameters from DB
 	if [ -f "${SQL_DB_FILE}" ]; then
 		dump_db
--- a/obuspa/files/etc/obuspa/usp_utils.sh
+++ b/obuspa/files/etc/obuspa/usp_utils.sh
@@ -4,7 +4,6 @@ CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
 VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
 FW_DEFAULT_ROLE_DIR="/etc/users/roles"

-mkdir -p /tmp/obuspa/

 # include jshn.sh
 if [ -f "/usr/local/share/libubox/jshn.sh" ]; then
@@ -157,6 +156,7 @@ configure_roles()

 	if [ "${rname}" = "full_access" ]; then
 		rinst=1
+		rname="Full Access"
 	elif [ "${rname}" = "Untrusted" ]; then
 		rinst=2
 	else
@@ -175,32 +175,19 @@ configure_roles_dir()
 {
 	local rinst rname

-	if [ "$#" -ne 1 ]; then
+	if [ "$#" -ne 2 ]; then
 	    echo "Illegal number of parameters"
 	    exit 1
 	fi

-	if [ "${1}" = "full_access" ]; then
-		rinst=1
-		rname="full_access"
-	elif [ "${1}" = "Untrusted" ]; then
-		rinst=2
-		rname="Untrusted"
-	else
-		json_get_var rname name
-		json_get_var rinst instance
-
-		if [ -z "${rname}" ] || [ -z "${rinst}" ]; then
-			echo "Deprecated role format ignoring ${1}.json ..."
-			return 0
-		fi
-	fi
+	rname="${1}"
+	rinst="${2}"

 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Alias cpe-${rinst}
 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Enable 1
 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Name ${rname}

-	json_for_each_item configure_permission permission "${name}" "$((rinst))"
+	json_for_each_item configure_permission permission "${name}" ${rinst}
 	json_select ..
 }

@@ -209,22 +196,20 @@ configure_ctrust_role()
 	local num
 	local roles_obj

-	if [ -f "${CTRUST_RESET_FILE}" ]; then
-		return 0
-	fi
-
 	mkdir -p /tmp/obuspa/
 	if [ -f "${1}" ]; then
 		json_init
 		json_load_file "${1}"
 		json_for_each_item configure_roles roles
 	else
+		num=3
 		for f in $(ls -1 ${FW_DEFAULT_ROLE_DIR}); do
 			echo "Loading $f ....."
 			json_init
 			json_load_file "${FW_DEFAULT_ROLE_DIR}/${f}"
 			json_select tr181
-			configure_roles_dir "${f/.json/}"
+			configure_roles_dir "${f/.json/}" "${num}"
+			num=$((num + 1))
 		done
 	fi
 }
--- a/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults
+++ b/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults
@@ -4,14 +4,12 @@
 . /etc/obuspa/usp_utils.sh

 rfile="$(uci -q get obuspa.global.role_file)"
-db_file="$(uci -q get obuspa.global.db_file)"
+
 # Reset the role_file if present
 if [ -n "${rfile}" ]; then
 	uci -q set obuspa.global.role_file=""
 fi

-if [ ! -f "${db_file}" ]; then
-	configure_ctrust_role
-fi
+configure_ctrust_role "${rfile}"

 exit 0
--- a/obuspa/files/etc/uci-defaults/61-override-ct-roles
+++ b/obuspa/files/etc/uci-defaults/61-override-ct-roles
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /etc/obuspa/usp_utils.sh
-
-configure_ctrust_role
-
-exit 0
--- a/obuspa/files/etc/uci-defaults/obuspa-set-dhcp-option
+++ b/obuspa/files/etc/uci-defaults/obuspa-set-dhcp-option
@@ -38,11 +38,13 @@ configure_dhcp_options() {
 		if [ "${role}" = "extender" ]; then
 			interface="lan"
 			uci -q set obuspa.global.interface="lan"
+			uci commit obuspa
 		else
 			interface="wan"
 		fi
 	fi

+	network_uci_update=0
 	reqopts="$(uci -q get network."${interface}".reqopts)"
 	proto="$(uci -q get network."${interface}".proto)"
 	local req125_present=0
@@ -68,13 +70,19 @@ configure_dhcp_options() {
 		if [ ${req125_present} -eq 0 ]; then
 			newreqopts="$reqopts 125"
 			uci -q set network."${interface}".reqopts="$newreqopts"
+			network_uci_update=1
 		fi

 		if [ ${send124_present} -eq 0 ]; then
 			newsendopts="${sendopts} 124:00:00:0D:E9:04:03:75:73:70"
 			uci -q set network."${interface}".sendopts="$newsendopts"
+			network_uci_update=1
 		fi
 	fi
+
+	if [ ${network_uci_update} -eq 1 ]; then
+		uci commit network
+	fi
 }

 configure_dhcp_options
--- a/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
+++ b/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
@@ -7,7 +7,6 @@ PROV_CODE=""
 RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
-CONTROLLER_DISCOVERED=0

 log()
 {
@@ -102,25 +101,15 @@ get_vivsoi() {

 			# assign the value found in sub option
 			case "${sub_opt_id}" in
-				"25")
-					URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
-					CONTROLLER_DISCOVERED=1
+				"25") URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"26")
-					PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
-					CONTROLLER_DISCOVERED=1
+				"26") PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"27")
-					RETRY_MIN_INTERVAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
-					CONTROLLER_DISCOVERED=1
+				"27") RETRY_MIN_INTERVAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"28")
-					RETRY_INTERVAL_MUL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
-					CONTROLLER_DISCOVERED=1
+				"28") RETRY_INTERVAL_MUL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"29")
-					ENDPOINT_ID=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
-					CONTROLLER_DISCOVERED=1
+				"29") ENDPOINT_ID=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
 			esac

@@ -155,20 +144,6 @@ get_access_role()
 	echo "$mode"
 }

-get_agent_topic()
-{
-	AgentEndpointID="$(uci -q get obuspa.localagent.EndpointID)"
-	if [ -z "${AgentEndpointID}" ]; then
-		serial=$(get_serial_from_db)
-		oui=$(get_oui_from_db)
-		AgentEndpointID=$(echo "${oui}-${serial//+/%2B}")
-	fi
-
-	topic_base=$(echo "${AgentEndpointID}" | sed -E 's/[^[:alnum:]]/_/g')
-	agent_topic="/usp/${topic_base}/endpoint"
-	echo "${agent_topic}"
-}
-
 config_load obuspa
 config_get_bool enable_obuspa global enabled 1
 config_get wan_intf global interface
@@ -196,7 +171,7 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 		get_vivsoi "$opt125" "$len"
 	fi

-	if [ "${CONTROLLER_DISCOVERED}" -eq 0 ]; then
+	if [ -z "$URL" ] || [ -z "$ENDPOINT_ID" ]; then
 		return 0
 	fi

@@ -205,319 +180,151 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	port=""
 	topic=""
 	is_fqdn=1
-	offered_proto=""
-	mtp_encrypt=""
-	dhcp_controller=""
-	dhcp_mtp=""
-	dhcp_mqtt=""

-	if [ -n "$URL" ]; then
-		case $URL in
-		ws://*) is_fqdn=0;;
-		wss://*) is_fqdn=0;;
-		mqtt://*) is_fqdn=0;;
-		mqtts://*) is_fqdn=0;;
-		*://*) return 0;;
-		*) is_fqdn=1
-		esac;
+	case $URL in
+	ws://*) is_fqdn=0;;
+	wss://*) is_fqdn=0;;
+	mqtt://*) is_fqdn=0;;
+	mqtts://*) is_fqdn=0;;
+	*) is_fqdn=1
+	esac;

-		if [ ${is_fqdn} -eq 1 ]; then
-			case $URL in
-			*.local*)
-				# TODO extend for mdns handling
-				;;
-			*)
-				# This is an FQDN, perform DNS query
-				nslookup $URL > /tmp/fqdn_ip
-				nslookup -type=ptr $URL > /tmp/fqdn_ptr
-				nslookup -type=srv $URL > /tmp/fqdn_srv
-				nslookup -type=txt $URL > /tmp/fqdn_srv
-
-				# TODO extend to collect information from dns-sd records
-				;;
-			esac
-
-			return 0
-		else
-			proto=$(echo "${URL}" | awk -F: '{print $1}')
-			dest=$(echo "${URL}" | awk -F/ '{print $3}')
-			ip=$(echo "${dest}" | awk -F: '{print $1}')
-			port=$(echo "${dest}" | awk -F: '{print $2}')
-			topic=$(echo "${URL}" | sed  's/^.*:'"${port}"'/\1/g')
-		fi
+	if [ ${is_fqdn} -eq 1 ]; then
+		# This is an FQDN, perform DNS query
+		nslookup -type=a $URL > /tmp/fqdn_ip
+		nslookup -type=ptr $URL > /tmp/fqdn_ptr
+		return 0
+	else
+		proto=$(echo "${URL}" | awk -F: '{print $1}')
+		dest=$(echo "${URL}" | awk -F/ '{print $3}')
+		ip=$(echo "${dest}" | awk -F: '{print $1}')
+		port=$(echo "${dest}" | awk -F: '{print $2}')
+		topic=$(echo "${URL}" | sed  's/^.*:'"${port}"'/\1/g')
 	fi

+	offered_proto=""
 	if [ "${proto}" == "mqtt" ] || [ "${proto}" == "mqtts" ]; then
 		offered_proto="MQTT"
-		if [ "${proto}" == "mqtt" ]; then
-			mtp_encrypt="TCP/IP"
-		else
-			mtp_encrypt="TLS"
-		fi
 	elif [ "${proto}" == "ws" ] || [ "${proto}" == "wss" ]; then
 		offered_proto="WebSocket"
-		if [ "${proto}" == "wss" ]; then
-			mtp_encrypt="1"
-		else
-			mtp_encrypt="0"
-		fi
-	fi
-
-	controllers=$(uci -q show obuspa | grep "=controller" | cut -d'=' -f1 | cut -d'.' -f2)
-	for controller in $controllers; do
-		dhcp_disc=$(uci -q get obuspa.$controller.dhcp_discovered)
-		if [ "${dhcp_disc}" -eq 1 ]; then
-			dhcp_controller="${controller}"
-			break
-		fi
-	done
-
-	if [ -n "${dhcp_controller}" ]; then
-		cont_proto="$(uci -q get obuspa.$dhcp_controller.Protocol)"
-		if [ "${cont_proto}" == "MQTT" ]; then
-			dhcp_mqtt="$(uci -q get obuspa.$dhcp_controller.mqtt)"
-
-			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
-			for mtp in $mtps; do
-				mtp_mqtt="$(uci -q get obuspa.$mtp.mqtt)"
-				if [ "${mtp_mqtt}" == "${dhcp_mqtt}" ]; then
-					dhcp_mtp="${mtp}"
-					break
-				fi
-			done
-		elif [ "${cont_proto}" == "WebSocket" ]; then
-			cont_port="$(uci -q get obuspa.$dhcp_controller.Port)"
-			cont_encr="$(uci -q get obuspa.$dhcp_controller.EnableEncryption)"
-
-			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
-			for mtp in $mtps; do
-				mtp_port="$(uci -q get obuspa.$mtp.Port)"
-				mtp_encr="$(uci -q get obuspa.$mtp.EnableEncryption)"
-				if [ "${mtp_port}" == "${cont_port}" ] && [ "${mtp_encr}" == "${cont_encr}" ]; then
-					dhcp_mtp="${mtp}"
-					break
-				fi
-			done
-		fi
+	else
+		return 0
 	fi

 	uci_change=0
-	proto_changed="0"
-
-	if [ -n "${dhcp_controller}" ]; then
-		## Handling of controller section
-		ct_endpoint=$(uci -q get obuspa.$dhcp_controller.EndpointID)
-		ct_proto=$(uci -q get obuspa.$dhcp_controller.Protocol)
-		ct_prov=$(uci -q get obuspa.$dhcp_controller.ProvisioningCode)
-
-		if [ "${ct_proto}" = "MQTT" ]; then
-			ct_topic=$(uci -q get obuspa.$dhcp_controller.Topic)
-		else
-			ct_topic=$(uci -q get obuspa.$dhcp_controller.Path)
-		fi
-
-		if [ -n "${ENDPOINT_ID}" ] && [ "${ct_endpoint}" != "${ENDPOINT_ID}" ]; then
-			uci -q set obuspa.$dhcp_controller.EndpointID="${ENDPOINT_ID}"
-			uci_change=1
-		fi
-
-		if [ -n "${offered_proto}" ] && [ "${ct_proto}" != "${offered_proto}" ]; then
-			uci -q set obuspa.$dhcp_controller.Protocol="${offered_proto}"
-			if [ "${offered_proto}" != "MQTT" ]; then
-				uci -q set obuspa.$dhcp_controller.mqtt=""
-				uci -q set obuspa.$dhcp_controller.Topic=""
-				uci -q set obuspa.$dhcp_controller.Host="${ip}"
-				uci -q set obuspa.$dhcp_controller.Port="${port}"
-				uci -q set obuspa.$dhcp_controller.Path="${ct_topic}"
-				uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
-			else
-				uci -q set obuspa.$dhcp_controller.EnableEncryption=""
-				uci -q set obuspa.$dhcp_controller.Path=""
-				uci -q set obuspa.$dhcp_controller.Host=""
-				uci -q set obuspa.$dhcp_controller.Port=""
-
-				if [ -z "${dhcp_mqtt}" ]; then
-					uci -q set obuspa.$dhcp_controller.mqtt='dhcpmqtt'
-				else
-					uci -q set obuspa.$dhcp_controller.mqtt="${dhcp_mqtt}"
-				fi
-
-				uci -q set obuspa.$dhcp_controller.Topic="${ct_topic}"
-			fi
-
-			proto_changed=1
-			uci_change=1
-		fi
-
-		if [ -n "${topic}" ] && [ "${ct_topic}" != "${topic}" ]; then
-			protocol="${ct_proto}"
-			if [ -n "${offered_proto}" ]; then
-				protocol="${offered_proto}"
-			fi
-
-			if [ "${protocol}" == "MQTT" ]; then
-				uci -q set obuspa.$dhcp_controller.Topic="${topic}"
-			else
-				uci -q set obuspa.$dhcp_controller.Path="${topic}"
-			fi
-
-			uci_change=1
-		fi
-
-		if [ -n "${PROV_CODE}" ] && [ "${ct_prov}" != "${PROV_CODE}" ]; then
-			uci -q set obuspa.$dhcp_controller.ProvisioningCode="${PROV_CODE}"
-			uci_change=1
-		fi
-
-		if [ "${proto_changed}" -eq 1 ]; then
-			if [ "${offered_proto}" == "WebSocket" ]; then
-				if [ -n "${dhcp_mqtt}" ]; then
-					uci -q del obuspa.$dhcp_mqtt
-				fi
-
-				if [ -z "${dhcp_mtp}" ]; then
-					sec=$(uci -q add obuspa mtp)
-					uci -q rename obuspa."${sec}"='dhcpmtp'
-					dhcp_mtp="dhcpmtp"
-					uci -q set obuspa.$dhcp_mtp.Enable='1'
-				fi
-
-				uci -q set obuspa.$dhcp_mtp.mqtt=''
-				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured=''
-				uci -q set obuspa.$dhcp_mtp.Protocol='WebSocket'
-				uci -q set obuspa.$dhcp_mtp.Port="${port}"
-				uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
-
-				uci_change=1
-			else
-				if [ -z "${dhcp_mqtt}" ]; then
-					sec=$(uci -q add obuspa mqtt)
-					uci -q rename obuspa."${sec}"='dhcpmqtt'
-					dhcp_mqtt="dhcpmqtt"
-					uci -q set obuspa.$dhcp_mqtt.Enable='1'
-				fi
-
-				uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
-				uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
-				uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
-				uci -q set obuspa.$dhcp_mqtt.ProtocolVersion='5.0'
-
-				if [ -z "${dhcp_mtp}" ]; then
-					sec=$(uci -q add obuspa mtp)
-					uci -q rename obuspa."${sec}"='dhcpmtp'
-					dhcp_mtp="dhcpmtp"
-					uci -q set obuspa.$dhcp_mtp.Enable='1'
-				fi
-
-				agent_topic=$(get_agent_topic)
-				uci -q set obuspa.$dhcp_mtp.Port=""
-				uci -q set obuspa.$dhcp_mtp.EnableEncryption=""
-				uci -q set obuspa.$dhcp_mtp.Protocol='MQTT'
-				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured="${agent_topic}"
-				uci -q set obuspa.$dhcp_mtp.mqtt="${dhcp_mqtt}"
-
-				uci_change=1
-			fi
-		else
-			if [ "${ct_proto}" == "WebSocket" ]; then
-				conf_ip="$(uci -q get obuspa.$dhcp_controller.Host)"
-				conf_port="$(uci -q get obuspa.$dhcp_mtp.Port)"
-				conf_encr="$(uci -q get obuspa.$dhcp_mtp.EnableEncryption)"
-
-				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
-					uci -q set obuspa.$dhcp_controller.Host="${ip}"
-					uci_change=1
-				fi
-
-				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
-					uci -q set obuspa.$dhcp_mtp.Port="${port}"
-					uci -q set obuspa.$dhcp_controller.Port="${port}"
-					uci_change=1
-				fi
-
-				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
-					uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
-					uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
-					uci_change=1
-				fi
-			else
-				conf_ip="$(uci -q get obuspa.$dhcp_mqtt.BrokerAddress)"
-				conf_port="$(uci -q get obuspa.$dhcp_mqtt.BrokerPort)"
-				conf_encr="$(uci -q get obuspa.$dhcp_mqtt.TransportProtocol)"
-
-				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
-					uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
-					uci_change=1
-				fi
-
-				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
-					uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
-					uci_change=1
-				fi
-
-				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
-					uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
-					uci_change=1
-				fi
-			fi
-		fi
-	else
-		if [ -n "${dhcp_mtp}" ]; then
-			uci -q del obuspa.$dhcp_mtp
-		fi
-
-		if [ -n "${dhcp_mqtt}" ]; then
-			uci -q del obuspa.$dhcp_mqtt
-		fi
+	mtp_encrypt="0"
+	## Handling of controller section
+	ct_endpoint=$(uci -q get obuspa.dhcpcontroller.EndpointID)
+	ct_proto=$(uci -q get obuspa.dhcpcontroller.Protocol)
+	ct_topic=$(uci -q get obuspa.dhcpcontroller.Topic)
+	ct_enable=$(uci -q get obuspa.dhcpcontroller.Enable)
+	ct_prov=$(uci -q get obuspa.dhcpcontroller.ProvisioningCode)

+	if [ "${ct_endpoint}" != "${ENDPOINT_ID}" ] || [ "${ct_proto}" != "${offered_proto}" ] || [ "${ct_topic}" != "${topic}" ] || [ "${ct_enable}" != "1" ] || [ "${ct_prov}" != "${PROV_CODE}" ]; then
+		uci -q del obuspa.dhcpcontroller
 		sec=$(uci -q add obuspa controller)
 		uci -q rename obuspa."${sec}"='dhcpcontroller'
-		uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
 		uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
 		uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
 		uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
-		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
-		uci -q set obuspa.dhcpcontroller.Enable='1'
-
-		if [ -n "${offered_proto}" ]; then
-			if [ "${offered_proto}" == "MQTT" ]; then
-				uci -q set obuspa.dhcpcontroller.Topic="${topic}"
-				uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
-
-				sec=$(uci -q add obuspa mqtt)
-				uci -q rename obuspa."${sec}"='dhcpmqtt'
-				uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
-				uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
-				uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
-				uci -q set obuspa.dhcpmqtt.Enable='1'
-				uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
-
-				agent_topic=$(get_agent_topic)
-				sec=$(uci -q add obuspa mtp)
-				uci -q rename obuspa."${sec}"='dhcpmtp'
-				uci -q set obuspa.dhcpmtp.Protocol='MQTT'
-				uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
-				uci -q set obuspa.dhcpmtp.Enable='1'
-				uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
+		if [ "${offered_proto}" == "MQTT" ]; then
+			uci -q set obuspa.dhcpcontroller.Topic="${topic}"
+			uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
+		else
+			uci -q set obuspa.dhcpcontroller.Path="${topic}"
+			uci -q set obuspa.dhcpcontroller.Host="${ip}"
+			uci -q set obuspa.dhcpcontroller.Port="${port}"
+			if [ "${proto}" == "wss" ]; then
+				uci -q set obuspa.dhcpcontroller.EnableEncryption='1'
+				mtp_encrypt="1"
 			else
-				uci -q set obuspa.dhcpcontroller.Path="${topic}"
-				uci -q set obuspa.dhcpcontroller.Host="${ip}"
-				uci -q set obuspa.dhcpcontroller.Port="${port}"
-				uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
-
-				sec=$(uci -q add obuspa mtp)
-				uci -q rename obuspa."${sec}"='dhcpmtp'
-
-				uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
-				uci -q set obuspa.dhcpmtp.Port="${port}"
-				uci -q set obuspa.dhcpmtp.Enable='1'
-				uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
+				uci -q set obuspa.dhcpcontroller.EnableEncryption='0'
+				mtp_encrypt="0"
 			fi
 		fi

+		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
+		uci -q set obuspa.dhcpcontroller.Enable='1'
 		uci_change=1
 	fi

+	if [ "${offered_proto}" == "WebSocket" ]; then
+		ex_mqtt=$(uci -q get obuspa.dhcpmqtt)
+		if [ -n "${ex_mqtt}" ]; then
+			uci -q del obuspa.dhcpmqtt
+			uci_change=1
+		fi
+
+		## Handling of mtp section
+		ct_proto=$(uci -q get obuspa.dhcpmtp.Protocol)
+		ct_port=$(uci -q get obuspa.dhcpmtp.Port)
+		ct_enable=$(uci -q get obuspa.dhcpmtp.Enable)
+		ct_encrypt=$(uci -q get obuspa.dhcpmtp.EnableEncryption)
+
+		if [ "${ct_proto}" != "WebSocket" ] || [ "${ct_port}" != "${port}" ] || [ "${ct_enable}" != "1" ] || [ "${ct_encrypt}" != "${mtp_encrypt}" ]; then
+			uci -q del obuspa.dhcpmtp
+			sec=$(uci -q add obuspa mtp)
+			uci -q rename obuspa."${sec}"='dhcpmtp'
+			uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
+			uci -q set obuspa.dhcpmtp.Port="${port}"
+			uci -q set obuspa.dhcpmtp.Enable='1'
+			uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
+			uci_change=1
+		fi
+	else
+		if [ "${proto}" == "mqtt" ]; then
+			transport_proto="TCP/IP"
+		else
+			transport_proto="TLS"
+		fi
+
+		## Handling of mqtt section
+		ct_address=$(uci -q get obuspa.dhcpmqtt.BrokerAddress)
+		ct_port=$(uci -q get obuspa.dhcpmqtt.BrokerPort)
+		ct_proto=$(uci -q get obuspa.dhcpmqtt.TransportProtocol)
+		ct_enable=$(uci -q get obuspa.dhcpmqtt.Enable)
+		ct_ver=$(uci -q get obuspa.dhcpmqtt.ProtocolVersion)
+
+		if [ "${ct_address}" != "${ip}" ] || [ "${ct_port}" != "${port}" ] || [ "${ct_proto}" != "${transport_proto}" ] || [ "${ct_enable}" != "1" ] || [ "${ct_ver}" != "5.0" ]; then
+			uci -q del obuspa.dhcpmqtt
+			sec=$(uci -q add obuspa mqtt)
+			uci -q rename obuspa."${sec}"='dhcpmqtt'
+			uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
+			uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
+			uci -q set obuspa.dhcpmqtt.TransportProtocol="${transport_proto}"
+			uci -q set obuspa.dhcpmqtt.Enable='1'
+			uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
+			uci_change=1
+		fi
+
+		## Handling of mtp section
+		ct_proto=$(uci -q get obuspa.dhcpmtp.Protocol)
+		ct_topic=$(uci -q get obuspa.dhcpmtp.ResponseTopicConfigured)
+		ct_enable=$(uci -q get obuspa.dhcpmtp.Enable)
+
+		config_load obuspa
+		config_get AgentEndpointID localagent EndpointID ""
+		if [ -z "${AgentEndpointID}" ]; then
+			serial=$(get_serial_from_db)
+			oui=$(get_oui_from_db)
+			AgentEndpointID=$(echo "${oui}-${serial//+/%2B}")
+		fi
+
+		topic_base=$(echo "${AgentEndpointID}" | sed -E 's/[^[:alnum:]]/_/g')
+		agent_topic="/usp/${topic_base}/endpoint"
+
+		if [ "${ct_proto}" != "MQTT" ] || [ "${ct_topic}" != "${agent_topic}" ] || [ "${ct_enable}" != "1" ]; then
+			uci -q del obuspa.dhcpmtp
+			sec=$(uci -q add obuspa mtp)
+			uci -q rename obuspa."${sec}"='dhcpmtp'
+			uci -q set obuspa.dhcpmtp.Protocol='MQTT'
+			uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
+			uci -q set obuspa.dhcpmtp.Enable='1'
+			uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
+			uci_change=1
+		fi
+	fi
+
 	if [ ${uci_change} -eq 1 ]; then
 		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
--- a/obuspa/files/etc/users/roles/extender.json
+++ b/obuspa/files/etc/users/roles/extender.json
@@ -1,7 +1,5 @@
 {
  "tr181": {
-    "name": "extender",
-    "instance": 3,
    "permission": [
      {
        "object": "Device.",
--- a/obuspa/files/etc/users/roles/full_access.json
+++ b/obuspa/files/etc/users/roles/full_access.json
@@ -0,0 +1,12 @@
+{
+  "tr181": {
+    "permission": [
+      {
+        "object": "Device.",
+        "perm": [
+          "PERMIT_ALL"
+        ]
+      }
+    ]
+  }
+}
--- a/obuspa/patches/0004-bulkdata_extn.patch
+++ b/obuspa/patches/0004-bulkdata_extn.patch
@@ -455,37 +455,16 @@ index 915b282..f799793 100755
 
     // From the point of view of this code, the report(s) have been successfully sent, so don't retain them
     // NOTE: Sending of the reports successfully is delegated to the USP notification retry mechanism
-@@ -2547,11 +2729,24 @@ void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp)
+@@ -2547,7 +2729,7 @@ void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp)
     }
 
     // Exit if unable to generate the report
 -    report = bulkdata_generate_json_report(bp, ctrl.report_timestamp);
-    if (report == NULL)
-    {
-	    USP_ERR_SetMessage("%s: bulkdata_generate_json_report failed", __FUNCTION__);
-	    return;
-+    if (strcmp(ctrl.encoding_type, BULKDATA_ENCODING_TYPE_JSON) == 0) {
-+        report = bulkdata_generate_json_report(bp, ctrl.report_timestamp, ctrl.report_format);
-+        if (report == NULL)
-+        {
-+            USP_ERR_SetMessage("%s: bulkdata_generate_json_report failed", __FUNCTION__);
-+            return;
-+        }
-+    } else if (strcmp(ctrl.encoding_type, BULKDATA_ENCODING_TYPE_CSV) == 0) {
-+        report = bulkdata_generate_csv_report(bp, ctrl.field_separator, ctrl.row_separator, ctrl.escape_char,
-+					      ctrl.csv_format, ctrl.row_timestamp);
-+        if (report == NULL)
-+        {
-+            USP_ERR_SetMessage("%s: bulkdata_generate_csv_report failed", __FUNCTION__);
-+            return;
-+        }
-+    } else {
-+        USP_ERR_SetMessage("%s: bulkdata invalid report encoding type %s", __FUNCTION__, ctrl.encoding_type);
-+        return;
-     }
-
-     // Print out the JSON report, if debugging is enabled
-@@ -2762,7 +2957,7 @@ int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *ou
+    report = bulkdata_generate_json_report(bp, ctrl.report_timestamp, ctrl.report_format);
+     if (report == NULL)
+     {
+ 	    USP_ERR_SetMessage("%s: bulkdata_generate_json_report failed", __FUNCTION__);
+@@ -2762,7 +2944,7 @@ int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *ou
 ** \return  pointer to NULL terminated dynamically allocated buffer containing the serialized report to send
 **
 **************************************************************************/
@@ -494,7 +473,7 @@ index 915b282..f799793 100755
 {
     JsonNode *top;          // top of report
     JsonNode *array;        // array of reports (retained + current)
-@@ -2867,6 +3062,483 @@ char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timesta
+@@ -2867,6 +3049,483 @@ char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timesta
     return result;
 }
 
@@ -978,7 +957,7 @@ index 915b282..f799793 100755
 /*********************************************************************//**
 **
 **  bulkdata_compress_report
-@@ -3070,6 +3742,20 @@ int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_
+@@ -3070,6 +3729,20 @@ int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_
         flags |= BDC_FLAG_DATE_HEADER;
     }
 
--- a/obuspa/patches/0006-contains-expression.patch
+++ b/obuspa/patches/0006-contains-expression.patch
@@ -1,121 +0,0 @@
-Index: obuspa-9.0.4.11/src/core/expr_vector.c
-===================================================================
--- obuspa-9.0.4.11.orig/src/core/expr_vector.c
-+++ obuspa-9.0.4.11/src/core/expr_vector.c
-@@ -58,6 +58,7 @@ char *expr_op_2_str[kExprOp_Max] =
-     "<",  // kExprOp_LessThan
-     ">",  // kExprOp_GreaterThan
-     "=",  // kExprOp_Equals
-+    "~=", // kExprOp_Contains
- };
- 
- 
-@@ -482,6 +483,15 @@ char *SplitOnOperator(char *buf, expr_op
-         *op = '\0';
-         return &op[2];
-     }
-+
-+    // Exit if found the "~=" operator
-+    op = strstr(buf, "~=");
-+    if (op != NULL)
-+    {
-+        *p_op = kExprOp_Contains;
-+        *op = '\0';
-+        return &op[2];
-+    }
- 
-     // Exit if found the "<" operator
-     op = strchr(buf, '<');
-Index: obuspa-9.0.4.11/src/core/path_resolver.c
-===================================================================
--- obuspa-9.0.4.11.orig/src/core/path_resolver.c
-+++ obuspa-9.0.4.11/src/core/path_resolver.c
-@@ -1481,7 +1481,7 @@ int ResolveUniqueKey(char *resolved, cha
-     char temp[MAX_DM_PATH];
-     bool is_match;
-     bool is_ref_match;
-    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan};
-+    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan, kExprOp_Contains};
-     unsigned short permission_bitmask;
- 
-     // Exit if unable to find the end of the unique key
-@@ -1815,6 +1815,67 @@ int DoUniqueKeysMatch(int index, search_
-         }
-         USP_ASSERT(gge->value != NULL);     // GROUP_GET_VECTOR_GetValues() should have set an error message if the vendor hook didn't set a value for the parameter
- 
-+        if (ec->op == kExprOp_Contains) {
-+            // NOTE: There is no "list" flag defined for the key parameter, which should be a limitation at the moment.
-+            // The code below assumes comma-separated values in the key parameter value for the "contains" operator
-+            char *list_copy = USP_STRDUP(gge->value);
-+            char *saveptr;
-+            char *token;
-+            bool found = false;
-+
-+            // Split the list and compare each element
-+            token = strtok_r(list_copy, ",", &saveptr);
-+            while (token != NULL)
-+            {
-+                // Trim whitespace from token
-+                TEXT_UTILS_TrimBuffer(token);
-+
-+                // Compare based on type
-+                if (type_flags & (DM_INT | DM_UINT | DM_ULONG | DM_LONG | DM_DECIMAL))
-+                {
-+                    err = DM_ACCESS_CompareNumber(token, kExprOp_Equal, ec->value, &result);
-+                }
-+                else if (type_flags & DM_BOOL)
-+                {
-+                    err = DM_ACCESS_CompareBool(token, kExprOp_Equal, ec->value, &result);
-+                }
-+                else if (type_flags & DM_DATETIME)
-+                {
-+                    err = DM_ACCESS_CompareDateTime(token, kExprOp_Equal, ec->value, &result);
-+                }
-+                else
-+                {
-+                    // Default string comparison
-+                    err = DM_ACCESS_CompareString(token, kExprOp_Equal, ec->value, &result);
-+                }
-+
-+                if (err != USP_ERR_OK)
-+                {
-+                    USP_FREE(list_copy);
-+                    return err;
-+                }
-+
-+                if (result)
-+                {
-+                    found = true;
-+                    break;
-+                }
-+
-+                token = strtok_r(NULL, ",", &saveptr);
-+            }
-+
-+            USP_FREE(list_copy);
-+
-+            // Exit if element not found in list
-+            if (!found)
-+            {
-+                return USP_ERR_OK;
-+            }
-+
-+            // Skip the normal comparison since we already handled it
-+            continue;
-+        }
-+
-         // Determine the function to call to perform the comparison
-         if (type_flags & (DM_INT | DM_UINT | DM_ULONG | DM_LONG | DM_DECIMAL))
-         {
-Index: obuspa-9.0.4.11/src/include/usp_api.h
-===================================================================
--- obuspa-9.0.4.11.orig/src/include/usp_api.h
-+++ obuspa-9.0.4.11/src/include/usp_api.h
-@@ -105,6 +105,7 @@ typedef enum
-     kExprOp_LessThan,               // '<'
-     kExprOp_GreaterThan,            // '>'
-     kExprOp_Equals,                 // '='
-+    kExprOp_Contains,               // '~='
- 
-     kExprOp_Max
- } expr_op_t;
--- a/obuspa/patches/1002-mqtt-qos.patch
+++ b/obuspa/patches/1002-mqtt-qos.patch
@@ -1,11 +0,0 @@
--- a/src/core/device_bulkdata.c	2025-02-18 16:49:27.507575767 +0530
-+++ b/src/core/device_bulkdata.c	2025-02-18 16:51:45.535693108 +0530
-@@ -374,6 +374,8 @@
-     // Device.BulkData.Profile.{i}.MQTT
-     err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.Reference", "", Validate_BulkDataMqttReference, NULL, DM_STRING);
-     err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishTopic", "", NULL, NULL, DM_STRING);
-+    err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishQoS", TO_STR(MQTT_FALLBACK_QOS), NULL, NULL, DM_UINT);
-+    err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishRetain", "false", NULL, NULL, DM_BOOL);
- #endif
- 
-     // Register Push! Event
--- a/obuspa/patches/1003-ct-full-access-rename.patch
+++ b/obuspa/patches/1003-ct-full-access-rename.patch
@@ -1,13 +0,0 @@
-diff --git a/src/core/data_model.c b/src/core/data_model.c
-index 360c5e2..136de0d 100644
--- a/src/core/data_model.c
-+++ b/src/core/data_model.c
-@@ -5180,7 +5180,7 @@ int RegisterDefaultControllerTrust(void)
-     int err = USP_ERR_OK;
- 
-     // Register 'Full Access' role
-    err |= USP_DM_RegisterRoleName(ROLE_FULL_ACCESS, "Full Access");
-+    err |= USP_DM_RegisterRoleName(ROLE_FULL_ACCESS, "full_access");
-     err |= USP_DM_AddControllerTrustPermission(ROLE_FULL_ACCESS, dm_root, PERMIT_ALL);
- 
-     // Register 'Untrusted' role
--- a/obuspc/files/etc/uci-defaults/100-add-mosquitto-listener
+++ b/obuspc/files/etc/uci-defaults/100-add-mosquitto-listener
@@ -15,3 +15,4 @@ port=$(uci -q get uspc.mqtt.BrokerPort)
 uci -q set mosquitto.uspc.enabled="1"
 uci -q set mosquitto.uspc.port=$port
 uci -q set mosquitto.uspc.allow_anonymous="1"
+uci commit mosquitto
--- a/packet-capture-diagnostics/Makefile
+++ b/packet-capture-diagnostics/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=packet-capture-diagnostics
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.2

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
@@ -46,7 +46,7 @@ endif

 define Package/packet-capture-diagnostics/install
 	$(BBFDM_INSTALL_SCRIPT) ./files/scripts/packetcapture $(1)
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libpackcapture.so $(1) core
+	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/src/libpackcapture.so $(1)
 endef

 $(eval $(call BuildPackage,packet-capture-diagnostics))
--- a/parental-control/Makefile
+++ b/parental-control/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=parental-control
-PKG_VERSION:=1.1.4
+PKG_VERSION:=1.0.4

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=a746707e4231bd190000a752785974ccaf9dd6da
+PKG_SOURCE_VERSION:=eea7793e26b52f45f4e47e849894ac3f8cdc3747
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -59,10 +59,8 @@ endef
 endif

 define Package/parental-control/install
-	$(INSTALL_DIR) $(1)/etc/parentalcontrol
 	$(INSTALL_DIR) $(1)/lib/parentalcontrol
 	$(INSTALL_DATA) ./files/lib/parentalcontrol/parentalcontrol.sh $(1)/lib/parentalcontrol/
-	$(INSTALL_BIN) ./files/lib/parentalcontrol/sync_bundles.sh $(1)/lib/parentalcontrol/

 	$(INSTALL_DIR) $(1)/etc
 	$(INSTALL_DATA) ./files/etc/firewall.parentalcontrol $(1)/etc/
@@ -80,13 +78,11 @@ define Package/parental-control/install
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/

-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
-	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/parentalcontrol $(1)/lib/upgrade/keep.d/parentalcontrol
-
 	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol

 ifeq ($(CONFIG_PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES),y)
-	$(INSTALL_DATA) ./files/etc/parentalcontrol/urlbundles.tar.xz $(1)/etc/parentalcontrol/
+	$(INSTALL_DIR) $(1)/etc/parental-control
+	$(INSTALL_DATA) ./files/etc/parental-control/urlbundles.tar.xz $(1)/etc/parental-control/
 endif
 endef

--- a/parental-control/files/etc/config/parentalcontrol
+++ b/parental-control/files/etc/config/parentalcontrol
@@ -1,93 +1,3 @@
 config globals 'globals'
-    option enable '0'
-    option loglevel '3'
-
-config urlbundle 'urlbundle_1'
-    option enable '0'
-    option name 'Abuse'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt'
-
-config urlbundle 'urlbundle_2'
-    option enable '0'
-    option name 'Ads'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt'
-
-config urlbundle 'urlbundle_3'
-    option enable '0'
-    option name 'Crypto'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt'
-
-config urlbundle 'urlbundle_4'
-    option enable '1'
-    option name 'Drugs'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt'
-
-config urlbundle 'urlbundle_5'
-    option enable '0'
-    option name 'Everything else'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt'
-
-config urlbundle 'urlbundle_6'
-    option enable '1'
-    option name 'Facebook/Instagram'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt'
-
-config urlbundle 'urlbundle_7'
-    option enable '1'
-    option name 'Fraud'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt'
-
-config urlbundle 'urlbundle_8'
-    option enable '1'
-    option name 'Gambling'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt'
-
-config urlbundle 'urlbundle_9'
-    option enable '0'
-    option name 'Malware'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt'
-
-config urlbundle 'urlbundle_10'
-    option enable '1'
-    option name 'Phishing'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt'
-
-config urlbundle 'urlbundle_11'
-    option enable '1'
-    option name 'Piracy'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt'
-
-config urlbundle 'urlbundle_12'
-    option enable '0'
-    option name 'Porn'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt'
-
-config urlbundle 'urlbundle_13'
-    option enable '1'
-    option name 'Ransomware'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt'
-
-config urlbundle 'urlbundle_14'
-    option enable '0'
-    option name 'Redirect'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt'
-
-config urlbundle 'urlbundle_15'
-    option enable '1'
-    option name 'Scam'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt'
-
-config urlbundle 'urlbundle_16'
-    option enable '0'
-    option name 'TikTok'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt'
-
-config urlbundle 'urlbundle_17'
-    option enable '0'
-    option name 'Torrent'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt'
-
-config urlbundle 'urlbundle_18'
-    option enable '0'
-    option name 'Tracking'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt'
+	option enable '0'
+	option loglevel '3'
--- a/parental-control/files/etc/init.d/parentalcontrol
+++ b/parental-control/files/etc/init.d/parentalcontrol
@@ -11,8 +11,7 @@ PROG=/usr/sbin/urlfilter
 validate_global_section() {
 	uci_validate_section parentalcontrol globals globals \
 	    'enable:bool:1' \
-	    'loglevel:uinteger:3' \
-	    'bundle_path:string'
+	    'loglevel:uinteger:3'
 }

 remove_fw_rules() {
@@ -48,48 +47,19 @@ configure_fw_rules() {
 	add_internet_schedule_rules
 }

-copy_dhcp_leases() {
-	src="/tmp/dhcp.leases"
-	dest="/etc/parentalcontrol/dhcp.leases"
-	dest_dir="/etc/parentalcontrol/"
-
-	# Ensure the destination directory exists
-	mkdir -p "$dest_dir" || { logger -p err "Failed to create directory $dest_dir."; return 1; }
-
-	# Check if the source file exists and is not empty
-	if [ -s "$src" ]; then
-		# Compare the content of the source and destination
-		if ! cmp -s "$src" "$dest"; then
-			# Use atomic copy to prevent partial writes
-			tmp_dest="${dest}.tmp"
-			cp "$src" "$tmp_dest" && mv "$tmp_dest" "$dest"
-		fi
-	fi
-}
-
 start_service() {
-	local enable loglevel bundle_path
+	local enable loglevel

 	config_load parentalcontrol
 	validate_global_section

-	[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
-
 	# add default bundles
 	process_default_bundles
 	# add firewall rules
 	configure_fw_rules

-	# if the router is, for example, upgraded and then it boots up
-	# then /tmp/dhcp.leases will be empty until clients try to get a lease,
-	# in that case, hostnames will not be processed by the daemon,
-	# for this we copy /tmp/dhcp.leases to /etc/parentalcontrol/dhcp.leases
-	# which will be persistent acrros reboots and upgrade where settings are kept
-	# and will be used as a backup in case /tmp/dhcp.leases is empty
-	copy_dhcp_leases
-
-	procd_open_instance "parentalcontrol_dm"
-	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
+	procd_open_instance parentalcontrol_dm
+	procd_set_param command ${PROG}
 	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
 	procd_close_instance
@@ -99,7 +69,6 @@ stop_service() {
 	# remove default bundles
 	remove_default_bundles
 	remove_fw_rules
-	copy_dhcp_leases
 }

 reload_service() {
@@ -109,7 +78,6 @@ reload_service() {
 		start
 	else
 		configure_fw_rules
-		copy_dhcp_leases
 		ubus send parentalcontrol.reload
 	fi
 }
--- a/parental-control/files/etc/parental-control/urlbundles.tar.xz
+++ b/parental-control/files/etc/parental-control/urlbundles.tar.xz
--- a/parental-control/files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults
+++ b/parental-control/files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults
@@ -125,4 +125,8 @@ config_load "urlfilter"
 config_foreach handle_profile profile
 config_foreach handle_filter filter

+# Commit changes
+uci commit parentalcontrol
+uci commit schedules
+
 rm -f "$urlfilter_config"
--- a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh
+++ b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh
@@ -13,8 +13,8 @@ IP_RULE=""
 ACL_FILE=""
 parentalcontrol_ipv4_forward=""
 parentalcontrol_ipv6_forward=""
-default_bundle_dir="/tmp/parentalcontrol/default/"
-bundle_archive="/etc/parentalcontrol/urlbundles.tar.xz"
+default_bundle_dir="/tmp/urlfilter/default/"
+bundle_archive="/etc/parental-control/urlbundles.tar.xz"

 log() {
 	echo "$*" |logger -t urlfilter.init -p debug
@@ -412,14 +412,14 @@ add_internet_schedule_rules() {
 	echo "iptables -w -F parentalcontrol_forward" >> $ACL_FILE
 	echo "ip6tables -w -F parentalcontrol_forward" >> $ACL_FILE

-	parentalcontrol_ipv4_forward=$(iptables -w -t filter --list -n | grep parentalcontrol_forward)
+	parentalcontrol_ipv4_forward=$(iptables -t filter --list -n | grep parentalcontrol_forward)
 	if [ -z "$parentalcontrol_ipv4_forward" ]; then
 		echo "iptables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
 		ret=$?
 		[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j parentalcontrol_forward" >> $ACL_FILE
 	fi

-	parentalcontrol_ipv6_forward=$(ip6tables -w -t filter --list -n | grep parentalcontrol_forward)
+	parentalcontrol_ipv6_forward=$(ip6tables -t filter --list -n | grep parentalcontrol_forward)
 	if [ -z "$parentalcontrol_ipv6_forward" ]; then
 		echo "ip6tables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
 		ret=$?
--- a/parental-control/files/lib/parentalcontrol/sync_bundles.sh
+++ b/parental-control/files/lib/parentalcontrol/sync_bundles.sh
@@ -1,295 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-LOCKFILE="/tmp/sync_bundles.lock"
-
-# this script handles syncing bundles
-# if its a remote file, then it would be downloaded and placed in bundle_dir
-bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
-if [ -z "${bundle_path}" ]; then
-	bundle_path="/tmp/parentalcontrol"
-fi
-
-stringstore_dir="${bundle_path}/stringstore"
-bundle_dir="${bundle_path}/urlbundles"
-bundle_sizes="${bundle_path}/bundle_sizes"
-
-# Ensure required directories and files exist
-initialize_environment() {
-	mkdir -p "$bundle_dir"
-	mkdir -p "$stringstore_dir"
-	[ ! -f "$bundle_sizes" ] && touch "$bundle_sizes"
-}
-
-# Function to sanitize URLs to avoid code injection and ensure safety
-sanitize_url() {
-	local raw_url="$1"
-	echo "$raw_url" | sed 's/[^a-zA-Z0-9_.:/?-]//g'
-}
-
-update_bundle_file_from_url() {
-	local download_url="$1"
-	local bundle_file_name="$2"
-	local bundle_file_size="$3"
-	local bundle_name="$4"
-	local file_name="$5"
-	local available_memory
-
-	available_memory=$(df "$bundle_dir" | tail -n 1 | awk '{print $(NF-2)}') # Available memory in 1K blocks
-	local needed_blocks=$((bundle_file_size / 1024)) # Convert bundle_file_size to 1K blocks
-	local max_size=$((10 * 1024 * 1024)) # 10MB in bytes
-
-	if [ "$available_memory" -le "$needed_blocks" ]; then
-		logger -p info "Error: Not enough disk space for bundle: ${bundle_name}"
-		return 1
-	fi
-
-	if [ "$bundle_file_size" -gt "$max_size" ]; then
-		logger -p info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
-		return 1
-	fi
-
-	# Determine file path
-	local file_path
-	if echo "$download_url" | grep -q "^file://"; then
-		file_path=${download_url#file://}
-	else
-		# Random delay (0-5s) before starting the download
-		local delay=$((RANDOM % 6))
-		logger -p info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
-		sleep "$delay"
-
-		# Retry logic with exponential backoff
-		local temp_file="${bundle_dir}/tmp_${file_name}"
-		local attempt=1
-		local success=0
-		while [ $attempt -le 3 ]; do
-			curl -s -o "$temp_file" "$download_url"
-			if [ $? -eq 0 ]; then
-				success=1
-				break
-			else
-				logger -p info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
-				local backoff=$(( (2 ** attempt) + (RANDOM % 3) )) # Exponential backoff + 0-2s jitter
-				sleep "$backoff"
-			fi
-			attempt=$(( attempt+1 ))
-		done
-
-		if [ $success -ne 1 ]; then
-			logger -p info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
-			rm -f "$temp_file"
-			return 1
-		fi
-		file_path="$temp_file"
-	fi
-
-	# Handle compressed files
-	local final_path="${bundle_dir}/${bundle_file_name}"
-	if [[ "$file_path" =~ \.xz$ ]]; then
-		if ! xz -dc "$file_path" > "$final_path"; then
-			logger -p info "update_bundle_file_from_url: Decompression failed."
-			rm -f "$final_path"
-			rm -f "$file_path"
-			return 1
-		fi
-
-		rm -f "$file_path"
-	elif [[ "$file_path" =~ \.gz$ ]]; then
-		if ! gzip -dc "$file_path" > "$final_path"; then
-			logger -p info "update_bundle_file_from_url: Decompression failed."
-			rm -f "$final_path"
-			rm -f "$file_path"
-			return 1
-		fi
-
-		rm -f "$file_path"
-	else
-		mv "$file_path" "$final_path"
-	fi
-
-	# file would have lines of the format: 0.0.0.0 www.facebook.com
-	# so we keep only the url part and remove duplicates
-	local processed_final_path="${final_path}_urls"
-	awk '{print $NF}' "$final_path" | sort -u > "$processed_final_path"
-
-	# delete unprocessed file
-	rm -rf "$final_path"
-
-	# Update the bundle size and send ubus event
-	echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
-	ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${processed_final_path}\",\"bundle_name\":\"${bundle_name}\"}"
-
-	return 0
-}
-
-handle_download_url() {
-	local raw_download_url="$1"
-	local bundle_name="$2"
-
-	local sanitized_url
-	sanitized_url=$(sanitize_url "$raw_download_url")
-
-	local file_name="${sanitized_url##*/}" # Get everything after the last '/'
-
-	local bundle_file_name="${file_name}.urlbundle"
-	local unprocessed_file=0
-	local file_path="${sanitized_url#file://}"
-
-	if echo "$sanitized_url" | grep -qE "^https?://|^file://"; then
-		local previous_bundle_size
-		previous_bundle_size=$(grep "^${bundle_file_name} " "$bundle_sizes" | awk '{print $2}')
-
-		# If the URL is HTTP, fetch the file size
-		local bundle_file_size
-		if echo "$sanitized_url" | grep -qE "^https?://"; then
-			bundle_file_size="$(curl -I "$sanitized_url" 2>&1 | grep -i 'content-length' | cut -d: -f2 | xargs)"
-			[ -z "$bundle_file_size" ] && bundle_file_size=0
-		else
-			# If it's a file:// URL, get the file size from the filesystem
-			bundle_file_size=$(ls -l "$file_path" 2>/dev/null | awk '{print $5}')
-			[ -z "$bundle_file_size" ] && bundle_file_size=0
-		fi
-
-		if [ -n "$previous_bundle_size" ] && [ "$bundle_file_size" -eq "$previous_bundle_size" ]; then
-			return
-		fi
-
-		if echo "$sanitized_url" | grep -q "^file://" && ! echo "$sanitized_url" | grep -Eq "\.(xz|gz)$"; then
-			# the file is not processed and hence not moved if it is a local uncompressed file
-			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
-			echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
-			ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${file_path}\",\"bundle_name\":\"${bundle_name}\"}"
-			return
-		fi
-
-		# Remove existing entries
-		if [ -n "$previous_bundle_size" ]; then
-			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
-			rm -f "${bundle_dir}/${bundle_file_name}"
-		fi
-
-		update_bundle_file_from_url "$sanitized_url" "$bundle_file_name" "$bundle_file_size" "$bundle_name" "$file_name"
-		return $?
-	else
-		logger -p info "Error: Unsupported URL format for ${bundle_file_name}"
-		return 1
-	fi
-
-	return 0
-}
-
-cleanup_bundle_files() {
-	local dir="$1"
-	[ -d "$dir" ] || return 1
-
-	# Collect all download_url entries using config_foreach
-	local urls=""
-	get_download_url() {
-		local section="$1"
-		config_get url "$section" download_url
-		config_get_bool enable "$1" enable 0
-
-		if [ "${enable}" -eq 0 ]; then
-			# bundle is disabled
-			return 0
-		fi
-		url="${url#file://}"
-		url="${url#https://}"
-		url="${url#http://}"
-
-		url="${url##*/}" # Get everything after the last '/'
-		urls="$urls $url"
-	}
-
-	config_load parentalcontrol
-	config_foreach get_download_url urlbundle
-
-	# Loop through all files in the directory
-	for file in "$dir"/*; do
-		[ -f "$file" ] || continue  # Skip non-files
-
-		# Remove the suffix after the last dot
-		base_name="$(basename "$file")"
-		name="${base_name%.*}"  # Removes the last dot and suffix
-
-		# Check if the name is present in the collected urls
-		if ! echo "$urls" | grep -q "$name"; then
-			rm -f "$file"
-			sed -i "/^${name} /d" "$bundle_sizes"
-		fi
-	done
-}
-
-# Main handler for all profile URL bundles
-handle_filter_for_bundles() {
-	ubus -t 20 wait_for bbfdm.parentalcontrol
-
-	if [ "$?" -ne 0 ]; then
-		logger -p error "bbfdm.parentalcontrol object not found"
-		return
-	fi
-
-	initialize_environment
-
-	cleanup_bundle_files "$bundle_dir"
-	cleanup_bundle_files "$stringstore_dir"
-
-	config_load parentalcontrol
-
-	config_get_bool enable globals enable 0
-	if [ "${enable}" -eq 0 ]; then
-		# Parental control is disabled
-		return 0
-	fi
-
-	local profile enable bundles bundle_name download_url
-
-	check_bundle_exists() {
-		local cfg="$1"
-		config_get name "$cfg" name
-		config_get_bool enable "$cfg" enable 0
-		config_get download_url "$cfg" download_url
-
-		if [ "${enable}" -eq 0 ]; then
-			# bundle is disabled
-			return 0
-		fi
-
-		if [ "$name" = "$2" ]; then
-			handle_download_url "$download_url" "$name"
-			local exit_status=$?
-			if [ "$exit_status" -eq 1 ]; then
-				uci -q set "parentalcontrol.${cfg}.status"="Error"
-			else
-				uci -q set "parentalcontrol.${cfg}.status"=""
-			fi
-
-			uci commit parentalcontrol
-		fi
-	}
-
-	handle_bundle_from_profile() {
-		local bundle_name="$1"
-
-		config_foreach check_bundle_exists urlbundle "$bundle_name"
-	}
-
-	handle_profile() {
-		config_get_bool enable "$1" enable 0
-		[ "$enable" -ne 1 ] && return
-
-		config_list_foreach "$1" profile_urlbundle handle_bundle_from_profile
-	}
-
-	config_foreach handle_profile profile_urlfilter
-}
-
-
-# Open file descriptor 200 for locking
-exec 200>"$LOCKFILE"
-# Try to acquire an exclusive lock; exit if another instance is running
-flock -n 200 || { logger -p info "sync_bundles.sh is already running, exiting."; exit 1; }
-
-handle_filter_for_bundles
--- a/parental-control/files/lib/upgrade/keep.d/parentalcontrol
+++ b/parental-control/files/lib/upgrade/keep.d/parentalcontrol
@@ -1 +0,0 @@
-/etc/parentalcontrol/dhcp.leases
--- a/passwdqc/Makefile
+++ b/passwdqc/Makefile
@@ -0,0 +1,41 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=passwdqc
+PKG_VERSION:=2.0.3
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/openwall/passwdqc.git
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=skip
+
+PKG_LICENSE:=BSD-3
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/$(PKG_NAME)
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=libpam password checking module
+  DEPENDS:=+libpam +@BUSYBOX_CONFIG_PAM
+endef
+
+define Package/$(PKG_NAME)/description
+	pam_passwdqc is a simple password strength checking module for
+	PAM-aware password changing programs
+endef
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		CC="$(TARGET_CC)" \
+		LDFLAGS="$(TARGET_LDFLAGS)" \
+		pam_wrapped
+endef
+
+define Package/$(PKG_NAME)/install
+	$(INSTALL_DIR) $(1)/usr/lib/security/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libpasswdqc.so* $(1)/usr/lib/security/
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
--- a/ponmngr/files/airoha/lib/xpon/airoha.sh
+++ b/ponmngr/files/airoha/lib/xpon/airoha.sh
@@ -1,48 +1,6 @@
 #!/bin/sh

 . /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-check_ptp_mode() {
-	local wanport enabled updated
-
-	if [ -f /etc/board.json ]; then
-		json_init
-		json_load_file /etc/board.json
-		json_select network
-		json_select wan 2>/dev/null
-		json_get_var wanport device
-		json_select ..
-		json_select ..
-		json_cleanup
-
-		if [ -f /etc/bbfdm/services/ponmngr.json ]; then
-			json_init
-			json_load_file /etc/bbfdm/services/ponmngr.json
-			json_select daemon
-			json_get_var enabled enable
-
-			if [ "$wanport" = "pon" ]; then
-				updated=1
-			else
-				updated=0
-			fi
-
-			# Avoid writing to flash if not necessary, since it might affect wear-leveling
-			if [ "$enabled" != "$updated" ]; then
-				json_add_string enable "$updated"
-				json_select ..
-				json_pretty
-				json_dump > /etc/bbfdm/services/ponmngr.json
-			fi
-			json_cleanup
-		fi
-	fi
-}
-
-apply_extra_xpon_config() {
-	check_ptp_mode
-}

 set_serial_number() {
 	local vendor_id="$1"
@@ -91,8 +49,6 @@ apply_xpon_uci_config() {
 }

 init_xpon() {
-	check_ptp_mode
-
 	# don't start pon daemons if xpon module is not loaded
 	[ -d /sys/module/xpon -o -d /sys/module/xpon_10g ] || return

@@ -109,3 +65,4 @@ init_xpon() {
 deinit_xpon() {
 	return
 }
+
--- a/ponmngr/files/broadcom/lib/xpon/broadcom.sh
+++ b/ponmngr/files/broadcom/lib/xpon/broadcom.sh
@@ -2,10 +2,6 @@

 . /lib/functions.sh

-apply_extra_xpon_config() {
-	return
-}
-
 set_serial_number() {
 	local vendor_id="$1"
 	local vssn="$2"
--- a/ponmngr/files/common/etc/init.d/xpon
+++ b/ponmngr/files/common/etc/init.d/xpon
@@ -29,8 +29,6 @@ start_service() {
 		configure_serial_number
 		apply_xpon_uci_config
 		init_xpon
-	else
-		apply_extra_xpon_config
 	fi
 }

--- a/port-trigger/Makefile
+++ b/port-trigger/Makefile
@@ -26,7 +26,7 @@ define Package/port-trigger
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=Port Trigger Daemon
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +iptables-mod-trigger +iptables-mod-nfqueue
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +kmod-ipt-trigger +kmod-ip6t-trigger +iptables-mod-nfqueue
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef

--- a/qosmngr/Makefile
+++ b/qosmngr/Makefile
@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=qosmngr
-PKG_VERSION:=1.0.21
+PKG_VERSION:=1.0.20

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/qosmngr.git
-PKG_SOURCE_VERSION:=f03c22f4bae8497bc9c88715ab094e7bef46b59e
+PKG_SOURCE_VERSION:=cc1d993b853f360c0aa19f08bfbaf1e05667527a
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -29,7 +29,7 @@ define Package/qosmngr
  CATEGORY:=Utilities
  TITLE:=QoS Manager
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos +!(TARGET_brcmbca||TARGET_airoha):tc-full
-  DEPENDS+=+kmod-ebt-vlantranslation +kmod-ebt-dscp2pbit +!(TARGET_brcmbca):ebtables-legacy
+  DEPENDS+=+!TARGET_brcmbca:kmod-ebt-vlantranslation +!TARGET_brcmbca:kmod-ebt-dscp2pbit +!TARGET_brcmbca:ebtables-legacy
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +bridgemngr
 endef

--- a/qosmngr/files/airoha/etc/uci-defaults/99-set-queue-shaper-status
+++ b/qosmngr/files/airoha/etc/uci-defaults/99-set-queue-shaper-status
@@ -1,4 +0,0 @@
-uci -q set qos.globals=globals
-uci -q set qos.globals.per_queue_shaper=0
-
-exit 0
--- a/qosmngr/files/airoha/lib/qos/qos_functions.sh
+++ b/qosmngr/files/airoha/lib/qos/qos_functions.sh
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-get_max_linkspeed() {
-    local ifname="$1"
-    local modes="10000 5000 2500 1000 100 10"
-    local speed=""
-    local phycap="$(ethtool $ifname | sed -ne '/Supported link modes:/,/:/p' | sed -e 's/.*://' -e 's/^[[:space:]]*//' -e '$d')"
-
-    for i in $modes; do
-        if echo "${phycap}" | grep -qe "$i\\D"; then
-            speed=$i
-            break
-        fi
-    done
-
-    echo "$speed"
-}
-
-get_shaper_rate() {
-	rate="$1"
-
-	if [ -z "${rate}" ]; then
-		echo "-1"
-		return
-	fi
-
-	if [ "${rate}" -eq -1 ]; then
-		#No shaping
-		echo "-1"
-		return
-	fi
-
-	# Convert the rate from bps to kbps.
-	if [ "${rate}" -ge 0 -a "${rate}" -le 100 ];then
-		# set as per percentage
-		speed=$(get_max_linkspeed "$ifname")
-		if [ -z "${speed}" ]; then
-			echo "-1"
-			return
-		fi
-
-		rate=$((speed * rate * 1000 / 100))
-	else
-		rate=$(($rate / 1000))
-	fi
-
-	echo "$rate"
-}
--- a/qosmngr/files/airoha/lib/qos/queue.sh
+++ b/qosmngr/files/airoha/lib/qos/queue.sh
@@ -1,8 +1,6 @@
 #!/bin/sh
 # Handle queues and their order

-. /lib/qos/qos_functions.sh
-
 Q_COUNT=0

 # Preliminary configuration of a queue
@@ -23,7 +21,7 @@ handle_queue() {
    config_get is_enable "$qid" "enable" 1

    # no need to configure disabled queues
-    if [ "${is_enable}" = "0" ]; then
+    if [ "${is_enable}" == "0" ]; then
        return
    fi

@@ -40,21 +38,7 @@ handle_queue() {
    config_get qsize "$qid" "queue_size" 1024
    config_get precedence "$qid" "precedence"

-    rate=$(get_shaper_rate "$rate")
- 
-    if [ "$rate" -eq -1 ]; then
-       return
-    fi
-
-    config_get bs "$qid" "burst_size"
-
-    if [ "${bs}" -ge 1000 ] ; then
-        bs=$((bs / 1000))
-    else
-        bs=0
-    fi
-
-    hw_queue_set "${ifname}" "${Q_COUNT}" "${precedence}" "$qsize" "$wgt" "$sc_alg" "$rate" "$bs"
+    hw_queue_set "${ifname}" "${Q_COUNT}" "${precedence}" "$qsize" "$wgt" "$sc_alg" "$shapingrate" "$rate" "$bs"
    Q_COUNT=$((Q_COUNT + 1))
 }

--- a/qosmngr/files/airoha/lib/qos/shaper.sh
+++ b/qosmngr/files/airoha/lib/qos/shaper.sh
@@ -1,7 +1,21 @@
 #!/bin/sh
 # Common shaper library

-. /lib/qos/qos_functions.sh
+get_max_linkspeed() {
+    local ifname="$1"
+    local modes="10000 5000 2500 1000 100 10"
+    local speed=""
+    local phycap="$(ethtool $ifname | sed -ne '/Supported link modes:/,/:/p' | sed -e 's/.*://' -e 's/^[[:space:]]*//' -e '$d')"
+
+    for i in $modes; do
+        if echo "${phycap}" | grep -qe "$i\\D"; then
+            speed=$i
+            break
+        fi
+    done
+
+    echo "$speed"
+}

 # UCI 'shaper' section handler.
 # It will verify shaper configuration sanity and then invoke
@@ -22,10 +36,26 @@ handle_shaper() {
    fi

    config_get rate "$sid" "rate"
-    rate=$(get_shaper_rate "$rate")
- 
-    if [ "$rate" -eq -1 ]; then
-       return
+    if [ -z "${rate}" ]; then
+        return
+    fi
+
+    if [ "${rate}" -eq -1 ]; then
+        # No shaping
+        return
+    fi
+
+    # Convert the rate from bps to kbps.
+    if [ "${rate}" -ge 0 -a "${rate}" -le 100 ] ; then
+        # Set as per percentage
+        speed=$(get_max_linkspeed "$ifname")
+        if [ -z "${speed}" ]; then
+            return
+        fi
+
+        rate=$((speed * rate * 1000 / 100))
+    else
+        rate=$((rate / 1000))
    fi

    config_get bs "$sid" "burst_size"
--- a/qosmngr/files/broadcom/lib/qos/qos.sh
+++ b/qosmngr/files/broadcom/lib/qos/qos.sh
@@ -31,37 +31,6 @@ get_max_linkspeed() {
 	echo "$speed"
 }

-get_shaper_rate() {
-	rate="$1"
-
-	if [ -z "${rate}" ]; then
-		echo "-1"
-		return
-	fi
-
-	if [ "${rate}" -eq -1 ]; then
-		#No shaping
-		echo "-1"
-		return
-	fi
-
-	# Convert the rate from bps to kbps.
-	if [ "${rate}" -ge 0 -a "${rate}" -le 100 ];then
-		# set as per percentage
-		speed=$(get_max_linkspeed "$ifname")
-		if [ -z "${speed}" ]; then
-			echo "-1"
-			return
-		fi
-
-		rate=$((speed * rate * 1000 / 100))
-	else
-		rate=$(($rate / 1000))
-	fi
-
-	echo "$rate"
-}
-
 get_port_number() {
 	[ -z "$1" ] && return
 	local ports="0 1 2 3 4 5 6 7 8"
@@ -156,17 +125,10 @@ handle_queue_shapingrate() {
 	fi

 	config_get rate "$qid" "rate"
-
-	rate=$(get_shaper_rate "$rate")
-	if [ "$rate" -eq -1 ]; then
-		return
-	fi
-
 	config_get bs "$qid" "burst_size"

 	# Call tmctl which is a broadcomm command to configure queues shapingrate.
 	tmctl setqcfg --devtype 0 --if $ifname --qid $Q_COUNT --shapingrate $rate --burstsize $bs &>/dev/null
-
 	Q_COUNT=$((Q_COUNT + 1))
 }

@@ -236,13 +198,6 @@ handle_queue() {
 	       order=0
 	fi

-	rate=$(get_shaper_rate "$rate")
-	if [ "$rate" -eq -1 ]; then
-		return
-	fi
-
-	config_get bs "$qid" "burst_size"
-
 	# Call tmctl which is a broadcomm command to configure queues on a port.
 	tmctl setqcfg --devtype 0 --if $ifname --qid $Q_COUNT --priority $order --qsize $qsize --weight $wgt --schedmode $salg --shapingrate $rate --burstsize $bs
 	Q_COUNT=$((Q_COUNT + 1))
@@ -389,12 +344,28 @@ handle_shaper() {
 	fi

 	config_get rate "$sid" "rate"
-
-	rate=$(get_shaper_rate "$rate")
-	if [ "$rate" -eq -1 ]; then
+	if [ -z "${rate}" ]; then
 		return
 	fi

+	if [ "${rate}" -eq -1 ]; then
+		#No shaping
+		return
+	fi
+
+	# Convert the rate from bps to kbps.
+	if [ "${rate}" -ge 0 -a "${rate}" -le 100 ];then
+		# set as per percentage
+		speed=$(get_max_linkspeed "$ifname")
+		if [ -z "${speed}" ]; then
+			return
+		fi
+
+		rate=$((speed * rate * 1000 / 100))
+	else
+		rate=$(($rate / 1000))
+	fi
+
 	config_get bs "$sid" "burst_size"
 	tmctl setportshaper --devtype 0 --if $ifname --shapingrate $rate --burstsize $bs
 }
--- a/qosmngr/files/common/etc/uci-defaults/60-qos_config_generate
+++ b/qosmngr/files/common/etc/uci-defaults/60-qos_config_generate
@@ -4,6 +4,7 @@
 . /usr/share/libubox/jshn.sh


+cpu_model="$(cat /proc/socinfo  | grep 'SoC Name' | cut -d':' -f2)"
 queue_num=8

 populate_no_of_queue(){
@@ -36,6 +37,8 @@ generate_queue(){
 		uci set qos.@queue[-1].burst_size="0"
 		uci set qos.@queue[-1].weight="1"
 	done
+
+	uci commit qos
 }

 generate_wan_queues() {
--- a/qosmngr/files/common/etc/uci-defaults/61-qos_classify_generate
+++ b/qosmngr/files/common/etc/uci-defaults/61-qos_classify_generate
@@ -104,6 +104,8 @@ generate_classify(){
 		uci set qos.@classify[-1].traffic_class="$i"
 		uci set qos.@classify[-1].order="$classify_no"
 	done
+
+	uci commit qos
 }

 if [ -s "/etc/config/qos" ]; then
--- a/qosmngr/files/common/lib/qos/iptables.sh
+++ b/qosmngr/files/common/lib/qos/iptables.sh
@@ -279,17 +279,17 @@ create_iptables_chains() {
    ret=$?
    [ $ret -eq 0 ] && iptables -w -t mangle -I OUTPUT -j qos_output

-    ip6tables -w -t mangle -N qos_forward 2> /dev/null
+    ip6tables -t mangle -N qos_forward 2> /dev/null
    ret=$?
-    [ $ret -eq 0 ] && ip6tables -w -t mangle -I FORWARD -j qos_forward
+    [ $ret -eq 0 ] && ip6tables -t mangle -I FORWARD -j qos_forward

-    ip6tables -w -t mangle -N qos_prerouting 2> /dev/null
+    ip6tables -t mangle -N qos_prerouting 2> /dev/null
    ret=$?
-    [ $ret -eq 0 ] && ip6tables -w -t mangle -I PREROUTING -j qos_prerouting
+    [ $ret -eq 0 ] && ip6tables -t mangle -I PREROUTING -j qos_prerouting

-    ip6tables -w -t mangle -N qos_output 2> /dev/null
+    ip6tables -t mangle -N qos_output 2> /dev/null
    ret=$?
-    [ $ret -eq 0 ] && ip6tables -w -t mangle -I OUTPUT -j qos_output
+    [ $ret -eq 0 ] && ip6tables -t mangle -I OUTPUT -j qos_output
 }

 flush_iptables_chains() {
--- a/self-diagnostics/Makefile
+++ b/self-diagnostics/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=self-diagnostics
-PKG_VERSION:=1.0.13
+PKG_VERSION:=1.0.12
 PKG_RELEASE:=1

 PKG_LICENSE:=GPL-2.0-only
@@ -25,7 +25,7 @@ endef
 define Package/self-diagnostics/install
 	$(INSTALL_DIR) $(1)/etc/self-diagnostics/spec/
 	$(CP) ./files/* $(1)/
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/libselftest.so $(1) core
+	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/libselftest.so $(1)
 endef

 $(eval $(call BuildPackage,self-diagnostics))
--- a/sshmngr/Config.in
+++ b/sshmngr/Config.in
@@ -22,10 +22,4 @@ config SSHMNGR_BACKEND_DROPBEAR
 	   Enable this option to use dropbear for ssh.

 endchoice
-
-config SSHMNGR_SFTP
-	bool "SFTP support"
-	default y
-	help
-	   Enable this option to support the SFTP protocol.
 endif
--- a/sshmngr/Makefile
+++ b/sshmngr/Makefile
@@ -33,7 +33,6 @@ define Package/sshmngr
  DEPENDS+=+SSHMNGR_BACKEND_OPENSSH:openssh-server +SSHMNGR_BACKEND_OPENSSH:openssh-client-utils
  DEPENDS+=+SSHMNGR_BACKEND_OPENSSH_PAM:openssh-server-pam +SSHMNGR_BACKEND_OPENSSH_PAM:openssh-client-utils
  DEPENDS+=+SSHMNGR_BACKEND_DROPBEAR:dropbear
-  DEPENDS+=+SSHMNGR_SFTP:openssh-sftp-server
 endef

 define Package/sshmngr/description
--- a/sulu/sulu-base/Makefile
+++ b/sulu/sulu-base/Makefile
@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=sulu-base
-PKG_VERSION:=4.0.5
+PKG_VERSION:=4.0.4

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=2e715b0f9c00105b88d2d5c8e6607081c0cffc3a
+PKG_SOURCE_VERSION:=adc73a288a518735807c4b4334d55bc362bd31c2
 PKG_MIRROR_HASH:=skip

 SULU_MOD:=core
--- a/sulu/sulu-builder/Makefile
+++ b/sulu/sulu-builder/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=sulu-builder
-PKG_VERSION:=4.0.10
+PKG_VERSION:=4.0.6
 PKG_RELEASE:=1

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=8afd3a3a4623caa7ca99f28310272b4e88a5719d
+PKG_SOURCE_VERSION:=71fa109e12e3cd469ea43adc8a39574bc2eb9e81
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
--- a/sulu/sulu-builder/files/etc/sulu/sulu.sh
+++ b/sulu/sulu-builder/files/etc/sulu/sulu.sh
@@ -25,7 +25,19 @@ function _get_agent_id() {
 	else
 		endpointid="$(echo "${endpointid/::/,}" | cut -d "," -f 2)"
 		endpointid="${endpointid//+/%2B}"
-		echo "${endpointid}"
+	fi
+}
+
+function _get_endpoint_id() {
+	local oui serial endpointid
+
+	endpointid="$(uci_get obuspa localagent EndpointID)"
+	if [ -z "${endpointid}" ]; then
+		oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+		serial="$(db -q get device.deviceinfo.SerialNumber)"
+		echo "os::${oui}-${serial//+/%2B}"
+	else
+		echo "${endpointid//+/%2B}"
 	fi
 }

@@ -81,7 +93,7 @@ function generate_sulu_conn_config() {
 	{
 		json_add_object 'main'
 		{
-			json_add_string 'toId' "os::$(_get_agent_id)"
+			json_add_string 'toId' "$(_get_endpoint_id)"
 			json_add_string 'port' "auto"
 			json_add_string 'path' "/wss"

--- a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config
+++ b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config
@@ -41,7 +41,7 @@ add_sulu_config_to_mosquitto()
 		uci_set mosquitto sulu protocol 'websockets'
 		uci_set mosquitto sulu require_certificates '0'
 		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-		uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
+		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
 	fi
 }

--- a/sulu/sulu-builder/files/etc/users/roles/admin.json
+++ b/sulu/sulu-builder/files/etc/users/roles/admin.json
@@ -1,7 +1,5 @@
 {
  "tr181": {
-    "name": "admin",
-    "instance": 4,
    "permission": [
      {
        "object": "Device.",
@@ -65,7 +63,7 @@
        ]
      },
      {
-        "object": "Device.Time.",
+        "object":"Device.Time.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -80,7 +78,7 @@
        ]
      },
      {
-        "object": "Device.UPnP.",
+        "object":"Device.UPnP.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -95,7 +93,7 @@
        ]
      },
      {
-        "object": "Device.Bridging.",
+        "object":"Device.Bridging.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -110,7 +108,7 @@
        ]
      },
      {
-        "object": "Device.Ethernet.",
+        "object":"Device.Ethernet.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -125,7 +123,7 @@
        ]
      },
      {
-        "object": "Device.DHCPv4.",
+        "object":"Device.DHCPv4.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -140,7 +138,7 @@
        ]
      },
      {
-        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "object":"Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -157,7 +155,7 @@
        ]
      },
      {
-        "object": "Device.DHCPv6.",
+        "object":"Device.DHCPv6.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -172,7 +170,7 @@
        ]
      },
      {
-        "object": "Device.Hosts.",
+        "object":"Device.Hosts.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -189,7 +187,7 @@
        ]
      },
      {
-        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -206,7 +204,7 @@
        ]
      },
      {
-        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "object":"Device.{BBF_VENDOR_PREFIX}OpenVPN.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -223,7 +221,7 @@
        ]
      },
      {
-        "object": "Device.NAT.",
+        "object":"Device.NAT.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -240,16 +238,67 @@
        ]
      },
      {
-        "object": "Device.Firewall.",
+        "object":"Device.PPP.",
        "perm": [
          "PERMIT_GET",
+          "PERMIT_GET_INST",
          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
          "PERMIT_SET",
-          "PERMIT_SUBS_VAL_CHANGE"
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
        ]
      },
      {
-        "object": "Device.Firewall.DMZ.",
+        "object":"Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object":"Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object":"Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object":"Device.DynamicDNS.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -266,7 +315,7 @@
        ]
      },
      {
-        "object": "Device.PPP.",
+        "object":"Device.LANConfigSecurity.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -281,7 +330,7 @@
        ]
      },
      {
-        "object": "Device.Routing.",
+        "object":"Device.Security.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -296,7 +345,7 @@
        ]
      },
      {
-        "object": "Device.IEEE1905.",
+        "object":"Device.RouterAdvertisement.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -311,22 +360,7 @@
        ]
      },
      {
-        "object": "Device.InterfaceStack.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object": "Device.DynamicDNS.",
+        "object":"Device.Services.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -343,7 +377,7 @@
        ]
      },
      {
-        "object": "Device.LANConfigSecurity.",
+        "object":"Device.UserInterface.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -358,37 +392,7 @@
        ]
      },
      {
-        "object": "Device.Security.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object": "Device.RouterAdvertisement.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object": "Device.Services.",
+        "object":"Device.PeriodicStatistics.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -405,22 +409,7 @@
        ]
      },
      {
-        "object": "Device.UserInterface.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object": "Device.PeriodicStatistics.",
+        "object":"Device.SoftwareModules.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -437,24 +426,7 @@
        ]
      },
      {
-        "object": "Device.SoftwareModules.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_ADD",
-          "PERMIT_DEL",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object": "Device.Users.",
+        "object":"Device.Users.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -545,7 +517,7 @@
        ]
      },
      {
-        "object": "Device.SSH.",
+        "object":"Device.SSH.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -560,10 +532,6 @@
          "PERMIT_SUBS_OBJ_DEL",
          "PERMIT_SUBS_EVT_OPER_COMP"
        ]
-      },
-      {
-        "object": "Device.LEDs.LED.{i}.X_GENEXIS_EU_Brightness",
-        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
      }
    ]
  }
--- a/sulu/sulu-builder/files/etc/users/roles/user.json
+++ b/sulu/sulu-builder/files/etc/users/roles/user.json
@@ -1,7 +1,5 @@
 {
  "tr181": {
-    "name": "user",
-    "instance": 5,
    "permission": [
      {
        "object": "Device.",
--- a/Show More
+++ b/Show More