fluent-bit: make syslog output message format more acceptable

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.16.6.6
+PKG_VERSION:=1.15.28
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=6317266bdfb0180d75ed2dd830e108f09fe2526a
+PKG_SOURCE_VERSION:=a20a15888b15864136ec40b15f221db2edbaf574
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -107,7 +107,7 @@ endif
 
 CMAKE_OPTIONS += \
 	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
-	-DBBFDMD_MAX_MSG_LEN:Integer=20971520 \
+	-DBBFDMD_MAX_MSG_LEN:Integer=10485760 \
 	-DCMAKE_BUILD_TYPE:String="Debug" \
 
 

bbfdm/files/etc/bbfdm/critical_services.json

@@ -8,16 +8,13 @@
 			"ieee1905",
 			"mapcontroller",
 			"mosquitto",
-			"nginx",
-			"netmode"
+			"nginx"
 	],
 	"cwmp": [
 			"firewall",
 			"network",
 			"dhcp",
-			"mapcontroller",
 			"wireless",
-			"time",
-			"netmode"
+			"time"
 	]
 }

bbfdm/files/etc/ruleng/bbfdm.json

@@ -15,13 +15,9 @@
 		]
 	},
 	"dhcp_refresh": {
-		"if_operator": "OR",
 		"if" : [
 			{
 				"event": "host"
-			},
-			{
-				"event": "wifi.dataelements.Associated"
 			}
 		],
 		"then" : [

bridgemngr/Makefile

@@ -5,13 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.18.2
+PKG_VERSION:=1.0.14
 
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
-PKG_SOURCE_VERSION:=71ed529be038392071b0399bcfe9d46e89d3cb46
+PKG_SOURCE_VERSION:=99bc3a3a0a2571917eda7085c21952f779fdb471
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ddnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ddnsmngr
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.0.11
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ddnsmngr.git
-PKG_SOURCE_VERSION:=44af9a7b3fec3929f8554af9633a5b8068189b48
+PKG_SOURCE_VERSION:=9f2f4dabc71c4f405b1c5df576d20d793d299e94
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.1.14
+PKG_VERSION:=6.2.1.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=d9ff69760bc34dd3928fa784dfb3116bfe3f95af
+PKG_SOURCE_VERSION:=a5c381b2855bd88f09dedb00f76040f1a4662079
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.10
+PKG_VERSION:=3.7.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=1f851980a6ba616df54f79930225f8bcd563b711
+PKG_SOURCE_VERSION:=289a91b3e7f221f16c976efd147bd4b203420b41
 PKG_MIRROR_HASH:=skip
 endif
 

dectmngr/files/etc/init.d/dectmngr

@@ -57,53 +57,13 @@ get_dcx81_device() {
 			device_name_line="$(grep '^DEVNAME=' "$uevent_file")" || return 1
 			readonly device="/dev/${device_name_line##DEVNAME=}"
 			[ -c "$device" ] || return 1
-			printf "%s" "$(basename $device)"
+			printf "%s" "$device"
 			return 0
 		fi
 	done
 	return 1
 }
 
-check_dcx81_firmware() {
-	local dcx81_uart=$1
-	local fw_link="/lib/firmware/dcx81_firmware"
-	local fw_file
-
-	[ -L "$fw_link" ] || return
-
-	fw_file=$(readlink -f $fw_link)
-	[ -f "$fw_file" ] || return
-
-	# the symbolic link is not needed
-	rm -f $fw_link
-
-	eval $(/sbin/cmbs_tcx -comname "$dcx81_uart" -fw_version |grep DCX81_FW_Version)
-	[ -n "$DCX81_FW_Version" ] || return
-
-	if echo $(basename $fw_file) | grep -qi "$DCX81_FW_Version" ; then
-		logger -t "$PROG" "DCX81 running expected $DCX81_FW_Version"
-		return;
-	fi
-
-	logger -t "$PROG" "DCX81 firmware upgrading to $fw_file"
-	/sbin/cmbs_tcx -comname "$dcx81_uart" -fwu "$fw_file" 2>&1 >/dev/null &
-
-	echo -n "Updrading DCX81 firmware.." >/dev/console
-	local wait_time=0
-	while pidof cmbs_tcx >/dev/null && [ "$wait_time" -lt "200" ] ; do
-		sleep 5
-		wait_time=$(($wait_time + 5))
-		echo -n "." >/dev/console
-	done
-
-	if pidof cmbs_tcx >/dev/null ; then
-		killall -9 cmbs_tcx
-		logger -t "$PROG" "DCX81 firmware upgrade timeout"
-	else
-		logger -t "$PROG" "DCX81 firmware upgrade done"
-	fi
-}
-
 start_service() {
 	local opt_ext=
 	local rfpi=
@@ -115,16 +75,14 @@ start_service() {
 		return 0
 	fi
 
+	opt_ext="-extensionShift $(get_extension_shift)"
+
 	local dcx81_uart_device
 	if ! dcx81_uart_device="$(get_dcx81_device)"; then
 		logger -t "$PROG" -p daemon.warning "Could not determine DCX81 UART device. Falling back to default ttyH0."
-		dcx81_uart_device="ttyH0"
+		dcx81_uart_device=/dev/ttyH0
 	fi
 
-	check_dcx81_firmware $dcx81_uart_device
-
-	opt_ext="-extensionShift $(get_extension_shift)"
-
 	rfpi=$(db -q get hw.board.dect_rfpi)
 	[ -n "$rfpi" -a ${#rfpi} -eq 14 ] && opt_ext="$opt_ext -rfpi $rfpi"
 
@@ -148,19 +106,21 @@ start_service() {
 
 	procd_open_instance
 
+	# dectmngr takes expects device without /dev
+	readonly dcx81_uart_device_wo_dev="${dcx81_uart_device##/dev/}"
 	case "$log_dect_cmbs" in
 	none)
 		echo "Starting dectmngr with cmbs logging disabled"
-		procd_set_param command "$PROG" -comname "$dcx81_uart_device" $opt_ext
+		procd_set_param command "$PROG" -comname "$dcx81_uart_device_wo_dev" $opt_ext
 		rm -f $LOG_PATH/*
 		;;
 	file)
 		echo "Starting dectmngr with cmbs logging enabled to file"
-		procd_set_param command "$PROG" -comname "$dcx81_uart_device" -log $LOG_PATH/dect-cmbs.log $opt_ext
+		procd_set_param command "$PROG" -comname "$dcx81_uart_device_wo_dev" -log $LOG_PATH/dect-cmbs.log $opt_ext
 		;;
 	*)
 		echo "Starting dectmngr with cmbs logging enabled to syslog"
-		procd_set_param command "$PROG" -comname "$dcx81_uart_device" -syslog $opt_ext
+		procd_set_param command "$PROG" -comname "$dcx81_uart_device_wo_dev" -syslog $opt_ext
 		rm -f $LOG_PATH/*
 		;;
 	esac

dhcpmngr/Config.in

@@ -1,12 +0,0 @@
-if PACKAGE_dhcpmngr
-
-config DHCPMNGR_ENABLE_VENDOR_EXT
-	bool "Use datamodel vendor extensions"
-	default y
-	help
-	   Set this option to use bridge BBF vendor extensions.
-
-config DHCPMNGR_VENDOR_PREFIX
-	string "Package specific datamodel Vendor Prefix for TR181 extensions"
-	default ""
-endif

dhcpmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dhcpmngr
-PKG_VERSION:=1.0.10
+PKG_VERSION:=1.0.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
-PKG_SOURCE_VERSION:=e238e47fa13153c5b1890056b0d09c65879de8c5
+PKG_SOURCE_VERSION:=986f66608959f4f589009d580b046e250d8c620d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -39,22 +39,6 @@ define Package/dhcpmngr/description
   Package to add Device.DHCPv4. and Device.DHCPv6. data model support.
 endef
 
-define Package/$(PKG_NAME)/config
-        source "$(SOURCE)/Config.in"
-endef
-
-ifeq ($(CONFIG_DHCPMNGR_ENABLE_VENDOR_EXT),y)
-MAKE_FLAGS += DHCPMNGR_ENABLE_VENDOR_EXT=y
-endif
-
-ifeq ($(CONFIG_DHCPMNGR_VENDOR_PREFIX),"")
-VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
-else
-VENDOR_PREFIX = $(CONFIG_DHCPMNGR_VENDOR_PREFIX)
-endif
-
-TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/dhcpmngr/* $(PKG_BUILD_DIR)/

dmcli-plugins/Makefile

@@ -1,48 +0,0 @@
-#
-# Copyright (c) 2023 Genexis Netherlands B.V. All rights reserved.
-# This Software and its content are protected by the Dutch Copyright Act
-# ('Auteurswet'). All and any copying and distribution of the software
-# and its content without authorization by Genexis Netherlands B.V. is
-# prohibited. The prohibition includes every form of reproduction and
-# distribution.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=dmcli-plugins
-PKG_LICENSE:=PROPRIETARY GENEXIS
-PKG_VERSION:=2.2.6
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli-plugin-easydm.git
-PKG_SOURCE_VERSION:=bc8b8527e8a41bdba73cb277a3c6c3b42b045153
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=skip
-
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/dmcli-plugins
-  SECTION:=tools
-  CATEGORY:=Genexis
-  TITLE:=Easy-to-use data model on top of TR181
-  URL:=http://genexis.eu
-  DEPENDS:=+dmcli
-endef
-
-define Package/dmcli-plugins/description
-  EasyDM offers a user-friendly approach to configuring TR-181
-  simplifying the process with its intuitive interface.
-endef
-
-define Build/Compile
-	true
-endef
-
-define Package/dmcli-plugins/install
-	$(INSTALL_DIR) $(1)/usr/lib/dmcli/plugins
-	$(CP) $(PKG_BUILD_DIR)/src/*.js $(1)/usr/lib/dmcli/plugins/
-endef
-
-$(eval $(call BuildPackage,dmcli-plugins))

dmcli/Config.in

@@ -1,9 +0,0 @@
-if PACKAGE_dmcli
-
-config DMCLI_REMOTE_CONNECTION
-        bool "Add dmcli remote controller configuration"
-        default n
-        help
-                This adds a usp controller configuration for dmcli remote connection from different machine/laptop/server.
-
-endif

dmcli/Makefile

@@ -1,75 +0,0 @@
-#
-# Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
-# This Software and its content are protected by the Dutch Copyright Act
-# ('Auteurswet'). All and any copying and distribution of the software
-# and its content without authorization by Genexis Netherlands B.V. is
-# prohibited. The prohibition includes every form of reproduction and
-# distribution.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=dmcli
-PKG_LICENSE:=PROPRIETARY GENEXIS
-PKG_VERSION:=1.9.4
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli.git
-PKG_SOURCE_VERSION:=2139e81d0faca09fe1832c503297ef75ea76d6eb
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=skip
-
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/dmcli
-  SECTION:=tools
-  CATEGORY:=Genexis
-  TITLE:=DMCLI (datamodel-based CLI)
-  URL:=http://genexis.eu
-  DEPENDS:=+usp-js +DMCLI_REMOTE_CONNECTION:mosquitto-auth-plugin +shadow-utils +@BUSYBOX_CONFIG_ADDUSER
-endef
-
-define Package/dmcli/description
-  CLI to view and configure datamodels of CPE
-endef
-
-define Package/dmcli/conffiles
-/etc/dmcli/dmcli.conf
-endef
-
-define Package/dmcli/config
-	source "$(SOURCE)/Config.in"
-endef
-
-define Package/dmcli/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dmcli $(1)/usr/bin/
-
-	$(INSTALL_DIR) $(1)/usr/lib/dmcli
-	$(CP) $(PKG_BUILD_DIR)/common $(1)/usr/lib/dmcli/
-	mv $(1)/usr/lib/dmcli/common/os_qjs.js $(1)/usr/lib/dmcli/common/os.js
-	rm $(1)/usr/lib/dmcli/common/os_node.js
-	$(CP) $(PKG_BUILD_DIR)/core $(1)/usr/lib/dmcli/
-	$(CP) $(PKG_BUILD_DIR)/cli $(1)/usr/lib/dmcli/
-	$(CP) $(PKG_BUILD_DIR)/data $(1)/usr/lib/dmcli/
-	$(CP) $(PKG_BUILD_DIR)/plugins $(1)/usr/lib/dmcli/
-
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli $(1)/etc/uci-defaults/
-ifeq ($(CONFIG_DMCLI_REMOTE_CONNECTION),y)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote $(1)/etc/uci-defaults/
-else
-	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote-remove $(1)/etc/uci-defaults/
-endif
-
-	$(INSTALL_DIR) $(1)/etc/dmcli
-	$(CP) ./files/etc/dmcli/dmcli.acl $(1)/etc/dmcli/
-	$(CP) ./files/etc/dmcli/dmcli.conf $(1)/etc/dmcli/
-
-	$(INSTALL_DIR) $(1)/etc/users/roles/
-	$(INSTALL_DATA) ./files/etc/users/roles/operator.json $(1)/etc/users/roles/
-endef
-
-$(eval $(call BuildPackage,dmcli))

dmcli/files/etc/dmcli/dmcli.acl

@@ -1,4 +0,0 @@
-user operator
-topic read /usp/operator/controller/reply-to
-topic read /usp/operator/controller
-topic write /usp/operator/endpoint

dmcli/files/etc/dmcli/dmcli.conf

@@ -1,45 +0,0 @@
-{
-   "Settings": {
-      "USP": {
-         "ActiveConnectionProfile": "local",
-         "ConnectionProfile": [
-            {
-               "Name": "local",
-               "Host": "127.0.0.1",
-               "Port": 9002,
-               "Username": "operator",
-               "Protocol": "ws",
-               "FromId": "oui:000F94:device-controller-operator",
-               "PublishEndpoint": "/usp/operator/endpoint",
-               "SubscribeEndpoint": "/usp/operator/controller"
-            }
-         ],
-         "Session": {
-            "AutoStart": false
-         },
-         "Notification": {
-            "LogTo": "console",
-            "Format": "brief",
-            "LogFile": "usp-notification.log"
-         }
-      },
-      "CLI": {
-         "Home": "/",
-         "Color": "true",
-         "Mode": "Command",
-         "ShowCommandTime": false,
-         "SortDMTree": false
-      },
-      "Prompt": {
-         "Auto": true,
-         "Color": "default",
-         "SelectedBackgroundColor": "yellow",
-         "PageSize": "3",
-         "AutoPromptOnEmptyCommand": false,
-         "AutoPromptInstanceNumbers": false
-      },
-      "Log": {
-         "Level": "Error"
-      }
-   }
-}

dmcli/files/etc/uci-defaults/36-dmcli

@@ -1,120 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /lib/functions/iopsys-environment.sh
-. /usr/share/libubox/jshn.sh
-
-DMCLI_CONF="/etc/dmcli/dmcli.conf"
-CONTROLLER_ID='oui:000F94:device-controller-operator'
-DMCLI_RESP_TOPIC="/usp/operator/endpoint"
-DMCLI_CTRL_TOPIC="/usp/operator/controller"
-DMCLI_PORT="9002"
-
-grep -q "^operator:" /etc/passwd || {
-	adduser -g 'Operator' -D -H -s /usr/bin/dmcli --home '/usr/lib/dmcli' 'operator'
-	hash=""
-	if type get_operator_password_hash > /dev/null 2>&1; then
-		hash=$(get_operator_password_hash)
-	fi
-	if [ -z "$hash" ]; then
-		hash='$6$zP4Wk/VQJOLwwofC$teuhnYFQBcA8YUZo/Q0quDMi4SsOHmfBcyvt5VNchPnzgwF1nfNNliC3yBVW22NwmwttPEWeBEBfnMTBB0rYs/'
-	fi
-	echo "operator:${hash}" | chpasswd -e
-}
-
-grep -q "^/usr/bin/dmcli$" /etc/shells || {
-	echo '/usr/bin/dmcli' >> /etc/shells
-}
-
-uci -q del_list sshd.@sshd[0].AllowUsers='operator'
-uci -q add_list sshd.@sshd[0].AllowUsers='operator'
-
-uci -q delete users.operator
-uci -q set users.operator=user
-uci -q set users.operator.enabled=1
-uci -q set users.operator.shell='dmcli'
-uci -q set users.operator.member_roles='operator'
-
-if [ -f "/etc/config/mosquitto" ]; then
-	uci_add mosquitto listener dmcli_local
-	uci_set mosquitto dmcli_local enabled 1
-	uci_set mosquitto dmcli_local port "${DMCLI_PORT}"
-	uci_set mosquitto dmcli_local protocol 'websockets'
-	uci_set mosquitto dmcli_local acl_file '/etc/dmcli/dmcli.acl'
-	uci_set mosquitto dmcli_local no_remote_access '1'
-	uci_set mosquitto dmcli_local allow_anonymous '1'
-fi
-
-if [ -f "/etc/config/obuspa" ]; then
-	uci_add obuspa mqtt mqtt_operator
-	uci_set obuspa mqtt_operator BrokerAddress '127.0.0.1'
-	uci_set obuspa mqtt_operator BrokerPort '1883'
-	uci_set obuspa mqtt_operator TransportProtocol 'TCP/IP'
-
-	uci_add obuspa mtp mtp_operator
-	uci_set obuspa mtp_operator Protocol 'MQTT'
-	uci_set obuspa mtp_operator ResponseTopicConfigured "${DMCLI_RESP_TOPIC}"
-	uci_set obuspa mtp_operator mqtt 'mqtt_operator'
-
-	uci_add obuspa controller controller_operator
-	uci_set obuspa controller_operator EndpointID "${CONTROLLER_ID}"
-	uci_set obuspa controller_operator Protocol 'MQTT'
-	uci_set obuspa controller_operator Topic "${DMCLI_CTRL_TOPIC}"
-	uci_set obuspa controller_operator mqtt 'mqtt_operator'
-	uci_set obuspa controller_operator assigned_role_name 'operator'
-fi
-
-_get_endpoint_id() {
-	local id serial oui
-
-	id="$(uci -q get obuspa.localagent.EndpointID)"
-	if [ -n "${id}" ]; then
-		echo "${id}"
-		return 0
-	fi
-
-	serial="$(db -q get device.deviceinfo.SerialNumber)"
-	oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
-
-	echo "os::${oui}-${serial//+/%2B}"
-}
-
-update_dmcli_conf() {
-	local endpointid confTmpFile
-	local port fromid publish subscribe toid
-
-	if [ -f "${DMCLI_CONF}" ]; then
-		endpointid="$(_get_endpoint_id)"
-		json_load_file "${DMCLI_CONF}" || return
-		json_select "Settings" || return
-			json_select "USP" || return
-				json_select "ConnectionProfile" || return
-					json_select "1" || return
-						json_get_var port "Port"
-						json_get_var fromid "FromId"
-						json_get_var publish "PublishEndpoint"
-						json_get_var subscribe "SubscribeEndpoint"
-						json_get_var toid "ToId"
-
-						json_add_int "Port" "${DMCLI_PORT}"
-						json_add_string "FromId" "${CONTROLLER_ID}"
-						json_add_string "PublishEndpoint" "${DMCLI_RESP_TOPIC}"
-						json_add_string "SubscribeEndpoint" "${DMCLI_CTRL_TOPIC}"
-						json_add_string "ToId" "${endpointid}"
-					json_select ..
-				json_select ..
-			json_select ..
-		json_select ..
-
-		if [ "${port}" != "${DMCLI_PORT}" ] || [ "${fromid}" != "${CONTROLLER_ID}" ] || \
-			[ "${publish}" != "${DMCLI_RESP_TOPIC}" ] || [ "${subscribe}" != "${DMCLI_CTRL_TOPIC}" ] || \
-			[ "${toid}" != "${endpointid}" ]; then
-			confTmpFile="$(mktemp -u -p "$(dirname "$DMCLI_CONF")" "$(basename "$DMCLI_CONF").XXXXXXX")"
-			json_pretty
-			json_dump > "${confTmpFile}" || return
-			mv -f "${confTmpFile}" "${DMCLI_CONF}" || return
-		fi
-	fi
-}
-
-update_dmcli_conf || exit

dmcli/files/etc/uci-defaults/36-dmcli-remote

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ -f "/etc/config/mosquitto" ]; then
-	uci_add mosquitto listener dmcli
-	uci_set mosquitto dmcli enabled 1
-	uci_set mosquitto dmcli port '9003'
-	uci_set mosquitto dmcli protocol 'websockets'
-	uci_set mosquitto dmcli auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
-	uci_set mosquitto dmcli acl_file '/etc/dmcli/dmcli.acl'
-fi
-
-exit 0

dmcli/files/etc/uci-defaults/36-dmcli-remote-remove

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ -f "/etc/config/mosquitto" ]; then
-	uci_remove mosquitto dmcli
-fi
-
-exit 0

dmcli/files/etc/users/roles/operator.json

@@ -1,14 +0,0 @@
-{
-  "tr181": {
-    "name": "operator",
-    "instance": 6,
-    "permission": [
-      {
-        "object": "Device.",
-        "perm": [
-          "PERMIT_ALL"
-        ]
-      }
-    ]
-  }
-}

dmcli/src/Makefile

@@ -1,7 +0,0 @@
-all: dmcli
-
-dmcli: main.c
-	$(CC) $(CFLAGS) -Wall -Werror -o $@ $^
-
-clean:
-	rm -f dmcli

dmcli/src/main.c

@@ -1,32 +0,0 @@
-/*
-* Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
-* This Software and its content are protected by the Dutch Copyright Act
-* ('Auteurswet'). All and any copying and distribution of the software
-* and its content without authorization by Genexis Netherlands B.V. is
-* prohibited. The prohibition includes every form of reproduction and
-* distribution.
-*/
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-/* C Wrapper for operator to login to the CLI via ssh: the shell in
- * the passwd file cannot be a script that requires an interpreter. */
-int main(int argc, char *argv[])
-{
-	char *cmd[3 + (argc > 1 ? argc - 1 : 0)];
-
-	cmd[0] = "/usr/bin/qjs";
-	cmd[1] = "/usr/lib/dmcli/cli/main.js";
-	cmd[2] = NULL;
-
-	if (argc > 1) {
-		memcpy(&cmd[2], &argv[1], (argc - 1) * sizeof(char *));
-		cmd[2 + argc - 1] = NULL;
-	}
-
-	execv(cmd[0], cmd);
-	fprintf(stderr, "%s: command not found\n", cmd[0]);
-	return 127;
-}

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.20
+PKG_VERSION:=1.0.17
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=448d278734a824f9d4ad1e7a55acd16c222d4c7e
+PKG_SOURCE_VERSION:=2ceb76e98cf23a8d52ab3f464d38d62385311a87
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

dslmngr/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dslmngr
-PKG_VERSION:=1.2.10
+PKG_VERSION:=1.2.9
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
-PKG_SOURCE_VERSION:=8fb4093b4d26b3cb06603e110d424005e33cf5d6
+PKG_SOURCE_VERSION:=5340cb31f759301f5aca3fd848fc3a63b0b4663f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_MIRROR_HASH:=skip
@@ -30,8 +30,6 @@ include ../bbfdm/bbfdm.mk
 
 ifeq ($(CONFIG_TARGET_brcmbca),y)
   TARGET_PLATFORM=BROADCOM
-else ifneq ($(CONFIG_TARGET_airoha),)
-  TARGET_PLATFORM=AIROHA
 else
   $(info Unexpected CONFIG_TARGET)
 endif
@@ -43,7 +41,7 @@ define Package/dslmngr
   CATEGORY:=Utilities
   TITLE:=XDSL status and configration utility
   DEPENDS:=+libdsl +libuci +libubox +ubus +libpthread +libnl-genl +libeasy
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +TARGET_airoha:br2684ctl
+  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 
 define Package/dslmngr/description
@@ -77,10 +75,7 @@ define Package/dslmngr/install
 	$(CP) ./files/common/* $(1)/
 ifeq ($(CONFIG_TARGET_brcmbca),y)
 	$(CP) ./files/broadcom/* $(1)/
-else ifneq ($(CONFIG_TARGET_airoha),)
-	$(CP) ./files/airoha/* $(1)/
 endif
-
 	$(INSTALL_DIR) $(1)/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dslmngr $(1)/sbin/
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)

dslmngr/files/airoha/etc/init.d/xdsl_wan

@@ -1,26 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=99
-STOP=99
-USE_PROCD=1
-
-start_service() {
-	readonly need_xdsl="$(jsonfilter -i /etc/board.json -e @.dsl)"
-	[ -f /etc/board.json ] || return 0
-
-	if [ "$need_xdsl" != "" ]; then
-		procd_open_instance xdsl_wan
-		procd_set_param command /sbin/xdsl_wan
-		procd_set_param respawn
-		procd_close_instance
-	fi
-}
-
-boot() {
-	: # boot-up is handled from 'hsm' application
-}
-
-service_triggers()
-{
-	procd_add_reload_trigger "dsl"
-}

dslmngr/files/airoha/lib/dsl/airoha.sh

@@ -1,28 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-xtm_remove_devices() {
-	:
-}
-
-xtm_create_devices() {
-	:
-}
-
-xdsl_configure() {
-	# Support bridged WAN interface
-	ebtables --concurrent -t broute -D BROUTING -p 0xbeed -j DROP 2> /dev/null
-	ebtables --concurrent -t broute -I BROUTING -p 0xbeed -j DROP
-}
-
-xdsl_stop() {
-	return 0
-}
-
-xdsl_init() {
-	readonly need_xdsl="$(jsonfilter -i /etc/board.json -e @.dsl)"
-	[ "$need_xdsl" = "" ] && exit 0
-
-	echo "Starting DSL"
-}

dslmngr/files/airoha/sbin/xdsl_wan

@@ -1,270 +0,0 @@
-#!/bin/sh
-
-source "/lib/functions.sh"
-source "/lib/functions/network.sh"
-source "/lib/functions/system.sh"
-
-PREVLINK=""
-LINK=""
-LINKSPEED=""
-PREVWANMODE=""
-WANMODE=""
-CONFIGURED=0
-CINDEX=0
-WANPORT="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
-
-delete_atm_device() {
-	/userfs/bin/blapi_cmd xdsl atm_delete_interface $CINDEX
-	CINDEX=$((CINDEX+1))
-}
-
-delete_atm_devices() {
-	CINDEX=0
-	config_load dsl
-	config_foreach delete_atm_device atm-device
-}
-
-configure_atm_device() {
-	local vpi vci encapsulation qos_class pcr mbs scr
-	local encap qos ethmac
-
-	config_get vpi $1 vpi "8"
-	config_get vci $1 vci "35"
-	config_get encapsulation $1 encapsulation "llc"
-	config_get qos_class $1 qos_class "ubr"
-	config_get pcr $1 pcr "0"
-	config_get mbs $1 mbs "0"
-	config_get scr $1 scr "0"
-
-	case $encapsulation in # llc, vcmux
-		vcmux)
-			encap="1483 Bridged IP VC-Mux"
-		;;
-		*)
-			encap="1483 Bridged IP LLC"
-		;;
-
-	esac
-
-	ethmac="$(echo -n "$(macaddr_add 02:AA:BB:01:23:40 $((CINDEX+2)))" | sed 's#:##g')"
-
-	/userfs/bin/blapi_cmd xdsl create_device $CINDEX ATM "" "$ethmac"
-	/userfs/bin/blapi_cmd xdsl atm_create_interface $CINDEX ATM "$qos_class" "$encap" "$vpi" "$vci" "$pcr" "$scr" "$mbs" 0
-
-	CINDEX=$((CINDEX+1))
-}
-
-create_atm_devices() {
-	delete_atm_devices
-
-	CINDEX=0
-	config_foreach configure_atm_device atm-device
-}
-
-configure_line() {
-	local mode profile bitswap sra us0 sesdrop sos roc ginp gvector mod prof
-	local adsl1_flag=0 issue2_flag=0 Glite_flag=0 adsl2_flag=0 adsl2p_flag=0 vdsl2_flag=0
-	local pro_8a_flag=0 pro_8b_flag=0 pro_8c_flag=0 pro_8d_flag=0 pro_12a_flag=0 pro_12b_flag=0 pro_17a_flag=0 pro_30a_flag=0 pro_35b_flag=0
-
-	config_get mode $1 mode "vdsl2"
-	config_get profile $1 profile "35b"
-	config_get bitswap $1 bitswap "1"
-	config_get sra $1 sra "1"
-	config_get us0 $1 us0 "1"
-	config_get sos $1 sos "0"
-	config_get roc $1 roc "0"
-	config_get ginp $1 ginp "1"
-	config_get gvector $1 gvector "1"
-
-	for mod in $mode; do
-		[ "$mod" = "gdmt" ] && adsl1_flag=1
-		[ "$mod" = "glite" ] && Glite_flag=1
-		[ "$mod" = "t1413" ] && issue2_flag=1
-		[ "$mod" = "adsl2" ] && adsl2_flag=1
-		[ "$mod" = "adsl2p" ] && adsl2p_flag=1
-		[ "$mod" = "vdsl2" ] && vdsl2_flag=1
-	done
-
-	for prof in $profile; do
-		[ "$prof" = "8a" ] && pro_8a_flag=1
-		[ "$prof" = "8b" ] && pro_8b_flag=1
-		[ "$prof" = "8c" ] && pro_8c_flag=1
-		[ "$prof" = "8d" ] && pro_8d_flag=1
-		[ "$prof" = "12a" ] && pro_12a_flag=1
-		[ "$prof" = "12b" ] && pro_12b_flag=1
-		[ "$prof" = "17a" ] && pro_17a_flag=1
-		[ "$prof" = "30a" ] && pro_30a_flag=1
-		[ "$prof" = "35b" ] && pro_35b_flag=1
-	done
-
-	/userfs/bin/blapi_cmd xdsl set_adsl_profile "$pro_8a_flag" "$pro_8b_flag" "$pro_8c_flag" "$pro_8d_flag" "$pro_12a_flag" "$pro_12b_flag" "$pro_17a_flag" "$pro_30a_flag" "$pro_35b_flag"
-	/userfs/bin/blapi_cmd xdsl set_adsl_mode "$adsl1_flag" "$issue2_flag" "$Glite_flag" "$adsl2_flag" "$adsl2p_flag" "$vdsl2_flag"
-	/userfs/bin/blapi_cmd xdsl set_adsl_gvector "$((!gvector))"
-	/userfs/bin/blapi_cmd xdsl set_adsl_ginp "$((!ginp))"
-	/userfs/bin/blapi_cmd xdsl set_adsl_sos_roc "$((!sos))" "$((!roc))"
-	/userfs/bin/blapi_cmd xdsl set_adsl_us0 "$((!us0))"
-	/userfs/bin/blapi_cmd xdsl set_adsl_sra "$((!sra))"
-	/userfs/bin/blapi_cmd xdsl set_adsl_bitswap "$((!bitswap))"
-
-	CONFIGURED=1
-}
-
-configure_lines() {
-	config_load dsl
-	config_foreach configure_line dsl-line
-}
-
-call_wan_hotplug() {
-	# initializations
-	local updown="$1"
-	local ethwan="$2"
-
-	# ethernet hotlugs expect LINK and PORT environment variables set
-	env -i LINK="$updown" PORT="$ethwan" /sbin/hotplug-call ethernet
-}
-
-if [ "$WANPORT" = "ae_wan" -a -f /proc/device-tree/ae_wan/wan-dsl ]; then
-	/etc/init.d/br2684ctl stop
-else
-	/etc/init.d/br2684ctl start
-fi
-
-# Wait for nas0 interface to come up.
-while [ "$(devstatus "$WANPORT" | jsonfilter -e @.up)" != "true" ]; do
-	sleep 1
-done
-
-while [ true ]; do
-	LINK="$(awk '/ADSL link status:/{print $4}' /proc/tc3162/adsl_stats)"
-	[ \( "$LINK" = "down" -o "$LINK" = "up" \) ] && break
-	sleep 1
-done
-sleep 2
-
-/userfs/bin/blapi_cmd xdsl set_adsl_sysvid "26 00 47 4E 58 53 00 00" # GNXS vendor id
-/userfs/bin/blapi_cmd xdsl set_adsl_version "$(ubus call fwbank dump | jsonfilter -e "@.bank[@.active=true].swver" | cut -f1 -d'_' | cut -f1 -d'-' | hexdump -e '11/1 "%02x " "\n"' | head -n1)"
-/userfs/bin/blapi_cmd xdsl set_power_up_down 1
-/userfs/bin/blapi_cmd xdsl set_power_up_down 0
-sleep 1
-
-while [ true ]; do
-	LINK="$(awk '/ADSL link status:/{print $4}' /proc/tc3162/adsl_stats)"
-
-	if [ "$LINK" != "$PREVLINK" -a \( "$LINK" = "down" -o "$LINK" = "up" \) ]; then
-		if [ "$LINK" = "down" ]; then
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				rm -rf /tmp/qos/wan_link_shape_rate
-				rm -rf /tmp/qos/wan_link_speed
-				/usr/sbin/qos-uplink-bandwidth
-			fi
-
-			[ "$CONFIGURED" -eq 0 ] && configure_lines # Needs to be done once the slave SoC is in down state and we've not been able to auto-sync.
-			if [ -n "$WANMODE" ]; then
-				if [ "$WANMODE" = "PTM" ]; then
-					/userfs/bin/blapi_cmd xdsl ptm_do_reset_sequence 0 1
-				else
-					delete_atm_devices
-				fi
-			fi
-
-			call_wan_hotplug "down" "$WANPORT"
-		else
-			CONFIGURED=1
-			WANMODE="$(awk '/TPSTC type:/{print $4}' /proc/tc3162/adsl_stats)"
-			if [ "$WANMODE" != "$PREVWANMODE" ]; then
-				OLDWANPORT="$WANPORT"
-				network_defer_device "$OLDWANPORT"
-
-				if [ -f /proc/device-tree/ae_wan/wan-dsl ]; then
-					WANPORT="ae_wan"
-				else
-					WANPORT="nas10"
-				fi
-
-				if [ "$WANMODE" = "PTM" ]; then
-					/etc/init.d/br2684ctl stop
-					delete_atm_devices
-					/userfs/bin/blapi_cmd system set_wan_mode 1
-					/userfs/bin/blapi_cmd xdsl reload_ko 2
-					/userfs/bin/blapi_cmd xdsl ptm_do_reset_sequence 1 2
-
-					# Set extended TPID for PTM packet flow
-					sys memwl 1FB50000 81001839
-					# VLAN TPID - VLAN
-					sys memwl 1FB50F18 8100
-
-					ifconfig ${WANPORT} mtu 1500
-				else
-					/userfs/bin/blapi_cmd system set_wan_mode 0
-					/userfs/bin/blapi_cmd xdsl reload_ko 1
-					/etc/init.d/br2684ctl start
-
-					# Set extended TPID for ATM packet flow
-					sys memwl 1FB50000 884C1839
-					# VLAN TPID - MPOA
-					sys memwl 1FB50F18 884C
-
-					ifconfig ${WANPORT} mtu 1982
-					ifconfig ${WANPORT} down up
-
-					OLDWANPORT="$WANPORT"
-					ATMINDEX="$(cat /sys/class/atm/TSARM*/atmindex | tail -n1 2> /dev/null)"
-					WANPORT="nas$((ATMINDEX))"
-				fi
-
-				if [ "$OLDWANPORT" != "$WANPORT" ]; then
-					call_wan_hotplug "down" "$OLDWANPORT"
-
-					FILES="$(grep "$OLDWANPORT" /etc/config/* | cut -f1 -d: | uniq | cut -f4 -d/ | xargs)"
-					for FILE in $FILES; do
-						sed -i -e "s#${OLDWANPORT}#${WANPORT}#g" "/etc/config/${FILE}"
-						"/etc/init.d/${FILE}" restart
-					done
-				else
-					/etc/init.d/network restart
-				fi
-				ifconfig ${OLDWANPORT} down up
-			fi
-
-			if [ "$WANMODE" = "PTM" ]; then
-				: # ToDo
-			else
-				create_atm_devices
-			fi
-
-			call_wan_hotplug "up" "$WANPORT"
-			PREVWANMODE="$WANMODE"
-
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				LINKSPEED="$(awk '/far-end interleaved channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-				LINKSPEED=$((LINKSPEED))
-				if [ "$LINKSPEED" -eq 0 ]; then
-					LINKSPEED="$(awk '/far-end fast channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-					LINKSPEED=$((LINKSPEED))
-				fi
-
-				if [ "$LINKSPEED" -ne 0 ]; then
-					mkdir -p /tmp/qos
-					touch /tmp/qos/wan_link_shape_rate
-
-					/userfs/bin/qosrule discpline Rate uplink-bandwidth ${LINKSPEED}
-					hw_nat -! > /dev/null 2>&1
-				else
-					rm -rf /tmp/qos/wan_link_speed
-					/usr/sbin/qos-uplink-bandwidth
-				fi
-			fi
-		fi
-
-		# Toggle link state
-		network_defer_device "$WANPORT"
-		network_ready_device "$WANPORT"
-
-		# We are only interested in the transtion from init -> up/down and up/down -> down/up and vice versa.
-		# Since we poll the status via in-band signaling packets might get lost and the /procfs file is empty.
-		# This state we don't want to handle as it will toggle the link and do a re-setup which is totally unnecessary and unwanted.
-		PREVLINK="$LINK"
-	fi
-
-	sleep 5
-done

dslmngr/files/common/etc/config/dsl

@@ -25,7 +25,6 @@ config dsl-line line
 	list profile 12b
 	list profile 17a
 	list profile 30a
-	list profile 35b
 	option bitswap 1
 	option sra 1
 	option us0 1 # VDSL2 only

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.0.9
+PKG_VERSION:=3.0.7
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=0bcfd98d64b5bd8d3162944e2abd5740f9bf4b92
+PKG_SOURCE_VERSION:=171cf63d972c6fa81b97281531e457a0967c16c7
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

firewallmngr/Config.in

@@ -8,11 +8,5 @@ config FIREWALLMNGR_PORT_TRIGGER
 	help
 	   Set this option to include support for PortTrigger object.
 
-config FIREWALLMNGR_NAT_INTERFACE_SETTING
-	bool "Include Device.NAT.InterfaceSetting"
-	default y
-	help
-	   Set this option to include support for NAT InterfaceSetting object.
-
 endmenu
 endif

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.9.5
+PKG_VERSION:=1.0.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=02dc90c48d996148b68d02632bac13a28d75cf25
+PKG_SOURCE_VERSION:=77ad8425b73a3ac63f6160dc217635394ac87907
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -52,10 +52,6 @@ ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
 	TARGET_CFLAGS += -DINCLUDE_PORT_TRIGGER
 endif
 
-ifeq ($(CONFIG_FIREWALLMNGR_NAT_INTERFACE_SETTING),y)
-	TARGET_CFLAGS += -DINCLUDE_NAT_IF_SETTING
-endif
-
 define Package/firewallmngr/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults

firewallmngr/files/firewall.service

@@ -2,8 +2,6 @@
 
 . /lib/functions.sh
 
-ZONE_NAME_FILE="/tmp/service_fw_zone"
-
 log() {
 	echo "${@}"|logger -t firewall.service -p info
 }
@@ -19,37 +17,6 @@ exec_cmd() {
 	return 0
 }
 
-collect_zone_name() {
-	local name network
-
-	config_get name "${1}" name ""
-	if [ -z "${name}" ]; then
-		return
-	fi
-
-	config_get network "${1}" network ""
-	for i in ${network}; do
-		var="${i}_zone"
-		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
-	done
-}
-
-load_zone_names() {
-	rm -f "${ZONE_NAME_FILE}"
-	config_foreach collect_zone_name zone
-}
-
-get_firewall_zone() {
-	if [ ! -f "${ZONE_NAME_FILE}" ]; then
-		echo ""
-		return
-	fi
-
-	var="${1}_zone="
-	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
-	echo "${name}"
-}
-
 add_iptable_rule() {
 	chain_name=$1
 	protocol=$2
@@ -168,14 +135,9 @@ add_service() {
 	fi
 
 	action=$(echo "${target}" | tr a-z A-Z)
-	zone_name="$(get_firewall_zone ${interface})"
-	if [ -z "${zone_name}" ]; then
-		log "Rule can not be added without zone name for interface ${interface}"
-		return
-	fi
-
-	chain_name="zone_${zone_name}_input"
+	chain_name="zone_${interface}_input"
 	res=0
+
 	count=$(echo "${proto}" | sed -n "/-1/p" | wc -l)
 
 	if [ "${count}" -eq 0 ]; then
@@ -198,9 +160,4 @@ add_service() {
 }
 
 config_load firewall
-
-load_zone_names
-
 config_foreach add_service "service"
-
-rm -f "${ZONE_NAME_FILE}"

fluent-bit/Makefile

@@ -5,16 +5,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fluent-bit
-PKG_VERSION:=4.0.4
+PKG_VERSION:=4.0.2
 PKG_RELEASE:=$(AUTORELEASE)
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
-PKG_SOURCE_VERSION=v$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
+PKG_SOURCE_URL_FILE:=v$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit/archive/refs/tags/
+PKG_HASH:=aa0577ba7251081c8d5398b2a905b5b0585bb657ca13b39a5e12931437516f08
 endif
 
 PKG_LICENSE:=Apache-2.0
@@ -66,15 +65,15 @@ CMAKE_OPTIONS += \
 	-DFLB_IN_DISK=Yes \
 	-DFLB_IN_EXEC=Yes \
 	-DFLB_IN_HEAD=Yes \
-	-DFLB_IN_KMSG=Yes \
-	-DFLB_IN_TAIL=Yes \
 	-DFLB_IN_FORWARD=No \
+	-DFLB_IN_KMSG=No \
 	-DFLB_IN_PROC=No \
 	-DFLB_IN_RANDOM=No \
 	-DFLB_IN_SERIAL=No \
 	-DFLB_IN_MQTT=No \
 	-DFLB_IN_STDIN=No \
 	-DFLB_IN_SYSTEMD=No \
+	-DFLB_IN_TAIL=No \
 	-DFLB_IN_TCP=No \
 	-DFLB_IN_THERMAL=No \
 	-DFLB_IN_UDP=No \
@@ -171,7 +170,6 @@ CMAKE_OPTIONS += \
 define Package/fluent-bit/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/fluent-bit
-	$(INSTALL_DIR) $(1)/etc/fluent-bit/conf.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/fluent-bit $(1)/usr/sbin/
 	$(INSTALL_DATA) ./files/fluent-bit.conf $(1)/etc/fluent-bit/fluent-bit.conf
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/conf/parsers.conf $(1)/etc/fluent-bit/parsers.conf

fluent-bit/files/fluent-bit.conf

@@ -9,10 +9,6 @@
     tag             syslog
     path            /dev/log
 
-[INPUT]
-    name            kmsg
-    tag             kernel
-
 [OUTPUT]
     name            null
     match           *

fluent-bit/patches/0002-add_hostname_to_log_dump.patch

@@ -0,0 +1,45 @@
+diff --git a/plugins/out_file/file.c b/plugins/out_file/file.c
+index 2e47c9666..95d28e438 100644
+--- a/plugins/out_file/file.c
++++ b/plugins/out_file/file.c
+@@ -27,6 +27,7 @@
+ #include <msgpack.h>
+ 
+ #include <stdio.h>
++#include <unistd.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+@@ -55,6 +56,7 @@ struct flb_file_conf {
+     int csv_column_names;
+     int mkdir;
+     struct flb_output_instance *ins;
++    char hostname[256];
+ };
+ 
+ static char *check_delimiter(const char *str)
+@@ -141,6 +143,9 @@ static int cb_file_init(struct flb_output_instance *ins,
+         }
+     }
+ 
++    if (gethostname(ctx->hostname, sizeof(ctx->hostname)) != 0)
++	    snprintf(ctx->hostname, sizeof(ctx->hostname), "%s", "localhost");
++
+     tmp = flb_output_get_property("delimiter", ins);
+     ret_str = check_delimiter(tmp);
+     if (ret_str != NULL) {
+@@ -233,12 +238,8 @@ static int template_output_write(struct flb_file_conf *ctx,
+     int i;
+     msgpack_object_kv *kv;
+ 
+-    /*
+-     * Right now we treat "{time}" specially and fill the placeholder
+-     * with the metadata timestamp (formatted as float).
+-     */
+-    if (!strncmp(key, "time", size)) {
+-        fprintf(fp, "%f", flb_time_to_double(tm));
++    if (!strncmp(key, "hostname", size)) {
++        fprintf(fp, "%s", ctx->hostname);
+         return 0;
+     }
+ 

fluent-bit/patches/0002-file_out_time.patch

@@ -1,27 +0,0 @@
-diff --git a/plugins/out_file/file.c b/plugins/out_file/file.c
-index 77baf6be8..04c519d5a 100644
---- a/plugins/out_file/file.c
-+++ b/plugins/out_file/file.c
-@@ -238,10 +238,20 @@ static int template_output_write(struct flb_file_conf *ctx,
- 
-     /*
-      * Right now we treat "{time}" specially and fill the placeholder
--     * with the metadata timestamp (formatted as float).
-+     * with the metadata timestamp.
-      */
-     if (!strncmp(key, "time", size)) {
--        fprintf(fp, "%f", flb_time_to_double(tm));
-+        struct tm tm_local;
-+        char buf[32];
-+        if (localtime_r(&tm->tm.tv_sec, &tm_local) == NULL) {
-+            flb_plg_error(ctx->ins, "localtime_r failed");
-+            return -1;
-+        }
-+        if (strftime(buf, sizeof(buf), "%b %d %H:%M:%S", &tm_local) == 0) {
-+            flb_plg_error(ctx->ins, "strftime failed");
-+            return -1;
-+        }
-+        fputs(buf, fp);
-         return 0;
-     }
- 

fluent-bit/patches/0003-prepend_length_in_syslog_output.patch

@@ -1,47 +0,0 @@
-diff --git a/plugins/out_syslog/syslog.c b/plugins/out_syslog/syslog.c
-index 4ecc7c4ac..cfe568245 100644
---- a/plugins/out_syslog/syslog.c
-+++ b/plugins/out_syslog/syslog.c
-@@ -776,12 +776,42 @@ static flb_sds_t syslog_format(struct flb_syslog *ctx, msgpack_object *o,
-         }
- 
-         if (ctx->parsed_mode != FLB_SYSLOG_UDP) {
-+            unsigned int msg_len = 0;
-+
-+            /* Create new SDS for length prefix */
-+            flb_sds_t prefix = flb_sds_create_size(ctx->maxsize + 32);
-+            if (!prefix) {
-+                ret_sds = NULL;
-+                goto clean;
-+            }
-+
-+            /* Add newline also to make behaviour similar to syslog-ng */
-             tmp = flb_sds_cat(*s, "\n", 1);
-             if (!tmp) {
-+                flb_sds_destroy(prefix);
-                 ret_sds = NULL;
-                 goto clean;
-             }
-             *s = tmp;
-+
-+            msg_len = flb_sds_len(*s);
-+            tmp = flb_sds_printf(&prefix, "%u ", msg_len);
-+            if (!tmp) {
-+                flb_sds_destroy(prefix);
-+                ret_sds = NULL;
-+                goto clean;
-+            }
-+            prefix = tmp;
-+
-+            tmp = flb_sds_cat(prefix, *s, msg_len);
-+            if (!tmp) {
-+                flb_sds_destroy(prefix);
-+                ret_sds = NULL;
-+                goto clean;
-+            }
-+
-+            flb_sds_destroy(*s);
-+            *s = tmp;
-         }
-     }
-     else {

fluent-bit/patches/0003-prepend_number_in_syslog_output.patch

@@ -0,0 +1,14 @@
+diff --git a/plugins/out_syslog/syslog.c b/plugins/out_syslog/syslog.c
+index 4ecc7c4ac..03ed0d359 100644
+--- a/plugins/out_syslog/syslog.c
++++ b/plugins/out_syslog/syslog.c
+@@ -318,7 +318,8 @@ static flb_sds_t syslog_rfc3164 (flb_sds_t *s, struct flb_time *tms,
+         return NULL;
+     }
+ 
+-    tmp = flb_sds_printf(s, "<%i>%s %2d %02d:%02d:%02d ", prival,
++    // just add 99 to satisfy parsers that expect a number at the start
++    tmp = flb_sds_printf(s, "99 <%i>%s %2d %02d:%02d:%02d ", prival,
+                             rfc3164_mon[tm.tm_mon], tm.tm_mday,
+                             tm.tm_hour, tm.tm_min, tm.tm_sec);
+     if (!tmp) {

fluent-bit/patches/0020-fix_kmsg.patch

@@ -1,73 +0,0 @@
-diff --git a/plugins/in_kmsg/in_kmsg.c b/plugins/in_kmsg/in_kmsg.c
-index cd5c4cd17..15f105451 100644
---- a/plugins/in_kmsg/in_kmsg.c
-+++ b/plugins/in_kmsg/in_kmsg.c
-@@ -36,7 +36,6 @@
- #include <sys/stat.h>
- #include <sys/time.h>
- #include <inttypes.h>
--#include <time.h>
- 
- #include "in_kmsg.h"
- 
-@@ -123,12 +122,17 @@ static inline int process_line(const char *line,
-     ctx->buffer_id++;
- 
-     errno = 0;
--    val = strtol(p, &end, 10);
--    if ((errno == ERANGE && (val == INT_MAX || val == INT_MIN))
-+    val = strtoul(p, &end, 10);
-+    if ((errno == ERANGE && val == ULONG_MAX)
-         || (errno != 0 && val == 0)) {
-         goto fail;
-     }
- 
-+    /* ensure something was consumed */
-+    if (end == p) {
-+        goto fail;
-+    }
-+
-     /* Priority */
-     priority = FLB_KLOG_PRI(val);
- 
-@@ -144,24 +148,35 @@ static inline int process_line(const char *line,
-     }
-     p++;
- 
--    val = strtoul(p, &end, 10);
--    if ((errno == ERANGE && (val == INT_MAX || val == INT_MIN))
-+    val = strtoull(p, &end, 10);
-+    if ((errno == ERANGE && val == ULLONG_MAX)
-         || (errno != 0 && val == 0)) {
-         goto fail;
-     }
- 
-+    /* make sure strtoull consumed something */
-+    /* after the sequence number, the next char must be ',' */
-+    if (end == p || *end != ',') {
-+        goto fail;
-+    }
-+
-     sequence = val;
-     p = ++end;
- 
-     /* Timestamp */
--    val = strtoul(p, &end, 10);
--    if ((errno == ERANGE && (val == INT_MAX || val == INT_MIN))
-+    val = strtoull(p, &end, 10);
-+    if ((errno == ERANGE && val == ULLONG_MAX)
-         || (errno != 0 && val == 0)) {
-         goto fail;
-     }
- 
-+    /* ensure something was consumed */
-+    if (end == p) {
-+        goto fail;
-+    }
-+
-     tv.tv_sec  = val/1000000;
--    tv.tv_usec = val - (tv.tv_sec * 1000000);
-+    tv.tv_usec = val - ((uint64_t)tv.tv_sec * 1000000);
- 
-     flb_time_set(&ts, ctx->boot_time.tv_sec + tv.tv_sec, tv.tv_usec * 1000);
- 

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.3.6
+PKG_VERSION:=1.2.20
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=624fee52af9cce08c6c69a5f7dd2191691d61aa8
+PKG_SOURCE_VERSION:=3948618fa8fa23a0ddc51632b0036dbd08e27696
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.9.9.8
+PKG_VERSION:=9.9.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=cef78dc528690386caac5a7ff6c1afca6dd3d315
+PKG_SOURCE_VERSION:=5dba542b280495730176da468bc45ed5dcc8c94e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -84,12 +84,10 @@ define Package/icwmp/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
-	$(INSTALL_BIN) ./files/etc/uci-defaults/50-cwmp-align-keep-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-migrate-gw-info $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/999-cwmp-conn-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/icwmpd/vendor_log.sh $(1)/etc/icwmpd/vendor_log.sh
 	$(INSTALL_BIN) ./files/etc/icwmpd/firewall.cwmp $(1)/etc/icwmpd/firewall.cwmp
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp

icwmp/files/etc/config/cwmp

@@ -28,7 +28,6 @@ config cpe 'cpe'
 	option log_severity 'WARNING'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
-	option bind_retries '5'
 	option userid '' #$OUI-$SER
 	option passwd ''
 	option port '7547'
@@ -43,9 +42,7 @@ config cpe 'cpe'
 	option periodic_notify_interval '10'
 	option incoming_rule 'Port_Only'
 	option active_notif_throttle '0'
-	#option KeepConfig '1'
-	#option KeepOpConf '1'
-	#option ConfigScope 'UserOnly'
+	option fw_upgrade_keep_settings '1'
 	option clock_sync_timeout '128'
 	option disable_datatype_check '0'
 	#list allowed_cr_ip '10.5.1.0/24'

icwmp/files/etc/icwmpd/firewall.cwmp

@@ -1,44 +1,14 @@
 #!/bin/sh
 
-. /lib/functions.sh
-
-ZONE_NAME_FILE="/tmp/cwmp_fw_zone"
-
 #created by the icwmp package
 log() {
 	echo "${@}"|logger -t firewall.cwmp -p info
 }
 
-collect_zone_name() {
-	local name network
-
-	config_get name "${1}" name ""
-	if [ -z "${name}" ]; then
-		return
-	fi
-
-	config_get network "${1}" network ""
-	for i in ${network}; do
-		var="${i}_zone"
-		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
-	done
-}
-
-load_zone_names() {
-	rm -f "${ZONE_NAME_FILE}"
-	config_load firewall
-	config_foreach collect_zone_name zone
-}
-
 get_firewall_zone() {
-	if [ ! -f "${ZONE_NAME_FILE}" ]; then
-		echo ""
-		return
-	fi
-
-	var="${1}_zone="
-	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
-	echo "${name}"
+	zone="$(uci show firewall|grep network|grep -w "${1}"|cut -d. -f 2)"
+	zone="${zone:-wan}" # defaults to wan zone
+	echo "$zone"
 }
 
 cleanup_upstream_rules() {
@@ -199,6 +169,4 @@ configure_connection_req_rules() {
 	fi
 }
 
-load_zone_names
 configure_connection_req_rules "$@"
-rm -f "${ZONE_NAME_FILE}"

icwmp/files/etc/init.d/icwmpd

@@ -16,6 +16,79 @@ log() {
 	echo "${@}"|logger -t cwmp.init -p info
 }
 
+regenerate_ssl_link() {
+	local cert_dir
+
+	cert_dir="${1%/}"
+	if [ -f "${cert_dir}" ]; then
+		return 0
+	fi
+
+	# do not generate the c_rehash if its system default cert path
+	# ca-certificate package already generates c_rehash on compilation
+	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
+
+	generate_links() {
+		local file_type="$1"
+		local files="${cert_dir}"/*."${file_type}"
+		for cfile in ${files}; do
+			if [ -f "${cfile}" ]; then
+				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
+				if [ ! -f "${cert_dir}/${rehash}.0" ]; then
+					log "Generating c_rehash for ${cfile}=>${rehash}.0"
+					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
+				fi
+			fi
+		done
+	}
+
+	generate_links "pem"
+}
+
+enable_dhcp_option43() {
+	local wan="${1}"
+
+	### Ask for DHCP Option 43 only if CWMP is enabled ###
+	local reqopts="$(uci -q get network."${wan}".reqopts)"
+	local proto="$(uci -q get network."${wan}".proto)"
+	local newreqopts=""
+	local option43_present=0
+
+	for ropt in $reqopts; do
+		case $ropt in
+			43) option43_present=1 ;;
+			*) ;;
+		esac
+	done
+
+	if [ ${option43_present} -eq 1 ]; then
+		return;
+	fi
+
+	newreqopts="$reqopts 43"
+	if [ "${proto}" = "dhcp" ]; then
+		uci -q set network."${wan}".reqopts="$newreqopts"
+		uci commit network
+		ubus call network reload
+	fi
+}
+
+set_vendor_id() {
+	local wan="${1}"
+	local proto="$(uci -q get network."${wan}".proto)"
+
+	if [ "${proto}" = "dhcp" ]; then
+		vendorid="$(uci -q get network."${wan}".vendorid)"
+		if [ -z "${vendorid}" ]; then
+			uci -q set network."${wan}".vendorid="dslforum.org"
+			ubus call uci commit '{"config":"network"}'
+		elif [[ $vendorid != *"dslforum.org"* ]]; then
+			uci -q set network."${wan}".vendorid="${vendorid},dslforum.org"
+			ubus call uci commit '{"config":"network"}'
+		fi
+	fi
+}
+
 wait_for_resolvfile() {
 	local time=$1
 	local tm=1
@@ -97,9 +170,7 @@ validate_cpe_section()
 		'periodic_notify_enable:bool' \
 		'enable:bool:1' \
 		'periodic_notify_interval:uinteger' \
-		'KeepConfig:bool' \
-		'KeepOpConf:bool' \
-		'ConfigScope:string'
+		'fw_upgrade_keep_settings:bool'
 }
 
 validate_defaults() {
@@ -140,6 +211,28 @@ validate_defaults() {
 }
 
 boot() {
+	local dhcp_discovery wan_interface skip_dhcp_boot_options
+
+	config_load cwmp
+	config_get wan_interface cpe default_wan_interface "wan"
+	config_get dhcp_discovery acs dhcp_discovery "0"
+	config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0"
+
+	if [ "${dhcp_discovery}" = "enable" ] || [ "${dhcp_discovery}" = "1" ]; then
+		if [ "${skip_dhcp_boot_options}" -ne 1 ]; then
+			# Set dhcp option 43 if not already configured
+			enable_dhcp_option43 "${wan_interface}"
+			# Set dhcp option 60
+			set_vendor_id "${wan_interface}"
+		fi
+	fi
+
+	config_get ssl_capath acs ssl_capath
+
+	if [ -n "${ssl_capath}" ]; then
+		regenerate_ssl_link "${ssl_capath}"
+	fi
+
 	# Copy backup data so that if it restart latter on, it gets the info
 	copy_cwmp_etc_files_to_varstate
 	mkdir -p /var/run/icwmpd/
@@ -170,21 +263,13 @@ start_service() {
 
 stop_service()
 {
-	local switch_bank KeepConfig KeepOpConf ConfigScope
+	local switch_bank
 
 	copy_cwmp_varstate_files_to_etc
+	
 	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
-	if [ "$switch_bank" = "1" ] && [ -x /etc/sysmngr/fwbank ]; then
-		KeepConfig="$(uci -q get cwmp.cpe.KeepConfig)"
-		KeepOpConf="$(uci -q get cwmp.cpe.KeepOpConf)"
-		ConfigScope="$(uci -q get cwmp.cpe.ConfigScope)"
-
-		json_init
-		[ -n "${KeepConfig}" ] && json_add_boolean "keep_config" "${KeepConfig}"
-		[ -n "${KeepOpConf}" ] && json_add_boolean "keep_opconf" "${KeepOpConf}"
-		[ -n "${ConfigScope}" ] && json_add_string "config_scope" "${ConfigScope}"
-
-		json_dump| /etc/sysmngr/fwbank call copy_config
+	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
+		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
 	fi
 }
 

icwmp/files/etc/uci-defaults/50-cwmp-align-keep-config

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-keep_settings="$(uci -q get cwmp.cpe.fw_upgrade_keep_settings)"
-if [ -n "${keep_settings}" ]; then
-	uci -q delete cwmp.cpe.fw_upgrade_keep_settings
-	uci -q set cwmp.cpe.KeepConfig="${keep_settings}"
-fi

icwmp/files/etc/uci-defaults/999-cwmp-conn-config

@@ -1,107 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-log() {
-	echo "${@}"|logger -t cwmp.defaults -p info
-}
-
-set_vendor_id() {
-	local wan="${1}"
-	local proto="$(uci -q get network."${wan}".proto)"
-
-	if [ "${proto}" = "dhcp" ]; then
-		vendorid="$(uci -q get network."${wan}".vendorid)"
-		if [ -z "${vendorid}" ]; then
-			uci -q set network."${wan}".vendorid="dslforum.org"
-		elif [[ $vendorid != *"dslforum.org"* ]]; then
-			uci -q set network."${wan}".vendorid="${vendorid},dslforum.org"
-		fi
-	fi
-}
-
-enable_dhcp_option43() {
-	local wan="${1}"
-
-	local reqopts="$(uci -q get network."${wan}".reqopts)"
-	local proto="$(uci -q get network."${wan}".proto)"
-	local newreqopts=""
-	local option43_present=0
-
-	for ropt in $reqopts; do
-		case $ropt in
-			43) option43_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	if [ ${option43_present} -eq 1 ]; then
-		return;
-	fi
-
-	newreqopts="$reqopts 43"
-	if [ "${proto}" = "dhcp" ]; then
-		uci -q set network."${wan}".reqopts="$newreqopts"
-	fi
-}
-
-regenerate_ssl_link() {
-	local cert_dir
-
-	cert_dir="${1%/}"
-	if [ -f "${cert_dir}" ]; then
-		return 0
-	fi
-
-	# do not generate the c_rehash if its system default cert path
-	# ca-certificate package already generates c_rehash on compilation
-	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
-
-	generate_links() {
-		local file_type="$1"
-		local files="${cert_dir}"/*."${file_type}"
-		for cfile in ${files}; do
-			if [ -f "${cfile}" ]; then
-				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-				if [ ! -f "${cert_dir}/${rehash}.0" ]; then
-					log "Generating c_rehash for ${cfile}=>${rehash}.0"
-					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
-				fi
-			fi
-		done
-	}
-
-	generate_links "pem"
-}
-
-configure_dhcp_discovery() {
-	local dhcp_discovery wan_interface skip_dhcp_boot_options
-
-	config_load cwmp
-	config_get wan_interface cpe default_wan_interface "wan"
-	config_get dhcp_discovery acs dhcp_discovery "0"
-	config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0"
-
-	if [ "${dhcp_discovery}" = "enable" ] || [ "${dhcp_discovery}" = "1" ]; then
-		if [ "${skip_dhcp_boot_options}" -ne 1 ]; then
-			# Set dhcp option 43 if not already configured
-			enable_dhcp_option43 "${wan_interface}"
-			# Set dhcp option 60
-			set_vendor_id "${wan_interface}"
-		fi
-	fi
-}
-
-configure_ssl_path() {
-	local ssl_capath
-
-	config_load cwmp
-	config_get ssl_capath acs ssl_capath
-
-	if [ -n "${ssl_capath}" ]; then
-		regenerate_ssl_link "${ssl_capath}"
-	fi
-}
-
-configure_dhcp_discovery
-configure_ssl_path

ieee1905/Makefile

@@ -1,17 +1,16 @@
 #
 # Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-# Copyright (C) 2025 Genexis Sweden AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.40
+PKG_VERSION:=8.7.8
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=06e45ad44433b98b0630dab59d943fade7c24269
+PKG_SOURCE_VERSION:=9c507bfb7f45fad81097262f05dc7cd11760e6b0
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -106,7 +105,6 @@ TARGET_CFLAGS += -DHAS_UBUS
 
 ifeq ($(CONFIG_IEEE1905_BUILD_TR181_PLUGIN),y)
 TARGET_CFLAGS += -DBUILD_TR181_PLUGIN
-TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
 endif
 
 MAKE_FLAGS += \

ieee1905/files/etc/config/ieee1905

@@ -12,7 +12,6 @@ config al-iface
 	list ifname 'br-lan'
 	list ifname '/eth.*'
 	list ifname '/wl.*'
-	list ifname '/ra.*'
 	list ifname '/wds.*'
 
 # ap sections are auto-generated/overwritten during onboarding

ieee1905/files/etc/init.d/ieee1905

@@ -83,7 +83,7 @@ start_service() {
 	validate_ieee1905_config || return 1;
 
 	procd_open_instance
-        procd_set_param command "/usr/sbin/ieee1905d" "-ddddd" "-o"  "/tmp/ieee1905.log"
+        procd_set_param command "/usr/sbin/ieee1905d" "-o"  "/tmp/ieee1905.log" "-f"
 	procd_set_param respawn
 	procd_set_param limits core="unlimited"
 #	procd_set_param env IEEE1905_LOG_CMDU=1

ieee1905/files/etc/uci-defaults/30-set-ieee1905-al-macaddr

@@ -1,9 +1,10 @@
 #!/bin/sh
 
-. /lib/functions/system.sh
 
-BMAC=$(get_mac_label)
+BMAC=$(db -q get hw.board.basemac)
 BMAC=${BMAC//:/}
+BMAC=${BMAC// /}
+BMAC=$(printf "%12.12X" $((0x$BMAC)))
 
 [ "$BMAC" == "" ] && exit 1
 

iopsys-analytics/Makefile

@@ -4,7 +4,7 @@ PKG_NAME:=iopsys-analytics
 PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=PROPRIETARY
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=25e32ac5a860aec6e53e3449565b71595073e014
+PKG_SOURCE_VERSION:=00189cea0a78b7a30dbfdd363b6d8e836437d1bc
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/iopsys-analytics.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -31,12 +31,8 @@ define Package/$(PKG_NAME)
     +@PACKAGE_COLLECTD_ENCRYPTED_NETWORK                \
   # remote syslog
   DEPENDS+=                                             \
-    +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
-    +PACKAGE_fluent-bit:logrotate                       \
-    +@DMCLI_REMOTE_CONNECTION
-  # tools used in development/testing
-  DEPENDS+=                                             \
-    +iperf3
+    +syslog-ng                                          \
+    +@SYSLOGNG_LOGROTATE                                \
 
 endef
 
@@ -48,13 +44,7 @@ endef
 Build/Compile=
 
 define Package/$(PKG_NAME)/install
-	$(CP) -r $(PKG_BUILD_DIR)/files/common/*  $(1)/
-ifneq ($(CONFIG_PACKAGE_fluent-bit),)
-	$(CP) -r $(PKG_BUILD_DIR)/files/fluent-bit/*  $(1)/
-endif
-ifneq ($(CONFIG_PACKAGE_syslog-ng),)
-	$(CP) -r $(PKG_BUILD_DIR)/files/syslog-ng/*  $(1)/
-endif
+	$(CP) -r $(PKG_BUILD_DIR)/files/*  $(1)/
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

ipt-trigger/Makefile

@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ipt-trigger
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.2
 PKG_LICENSE:=GPL-2.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ac1beae4794f99533b28db7d0e6e80f4c268a3e8
+PKG_SOURCE_VERSION:=4f3d4427403e0a9be7653c1b92907ae8ae5f21ae
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ipt-trigger.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

json-schema-validator/Makefile

@@ -1,55 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=json-schema-validator
-PKG_VERSION:=2.3.0
-PKG_RELEASE:=1
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/pboettch/json-schema-validator.git
-PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=skip
-
-PKG_LICENSE:=MIT
-PKG_LICENSE_FILES:=LICENSE
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_BUILD_PARALLEL:=1
-PKG_INSTALL:=1
-
-PKG_BUILD_DEPENDS:=nlohmann-json
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-CMAKE_OPTIONS += \
-	-DJSON_VALIDATOR_BUILD_TESTS=OFF \
-	-DJSON_VALIDATOR_BUILD_EXAMPLES=OFF \
-	-DJSON_VALIDATOR_INSTALL=ON \
-	-DJSON_VALIDATOR_SHARED_LIBS=OFF
-
-define Package/json-schema-validator
-  SECTION:=libs
-  CATEGORY:=Libraries
-  TITLE:=JSON Schema Validator for nlohmann::json
-  URL:=https://github.com/pboettch/json-schema-validator
-  DEPENDS:=+libstdcpp +nlohmann-json
-endef
-
-define Package/json-schema-validator/description
-  A JSON Schema Validator for Modern C++ using nlohmann/json.
-endef
-
-define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/include/nlohmann
-	$(CP) $(PKG_BUILD_DIR)/src/nlohmann/json-schema.hpp $(1)/usr/include/nlohmann/
-
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libnlohmann_json_schema_validator*.a $(1)/usr/lib/ 2>/dev/null || true
-	$(CP) $(PKG_BUILD_DIR)/libnlohmann_json_schema_validator*.so* $(1)/usr/lib/ 2>/dev/null || true
-endef
-
-define Package/json-schema-validator/install
-	true
-endef
-
-$(eval $(call BuildPackage,json-schema-validator))

jsonval/Makefile

@@ -1,44 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=jsonval
-PKG_VERSION:=1.0.0
-PKG_RELEASE:=1
-
-PKG_LICENSE:=MIT
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/jsonval
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=Command-line JSON Schema Validator
-  DEPENDS:=+nlohmann-json +json-schema-validator +libstdcpp
-endef
-
-define Package/jsonval/description
-  A small CLI tool to validate JSON files against a schema using json-schema-validator and nlohmann/json.
-endef
-
-define Build/Prepare
-	mkdir -p $(PKG_BUILD_DIR)
-	cp -r ./src/* $(PKG_BUILD_DIR)/
-endef
-
-define Build/Compile
-	$(TARGET_CXX) \
-		$(TARGET_CXXFLAGS) -std=c++17 \
-		-I$(STAGING_DIR)/usr/include \
-		-I$(STAGING_DIR)/usr/include/nlohmann \
-		-L$(STAGING_DIR)/usr/lib \
-		$(PKG_BUILD_DIR)/main.cpp \
-		-o $(PKG_BUILD_DIR)/jsonval \
-		-lnlohmann_json_schema_validator
-endef
-
-define Package/jsonval/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/jsonval $(1)/usr/bin/
-endef
-
-$(eval $(call BuildPackage,jsonval))

jsonval/src/main.cpp

@@ -1,64 +0,0 @@
-#include <iostream>
-#include <fstream>
-#include <string>
-#include <nlohmann/json.hpp>
-#include <nlohmann/json-schema.hpp>
-
-using nlohmann::json;
-using nlohmann::json_schema::json_validator;
-using namespace std;
-
-void print_usage(const string& prog_name) {
-	cerr << "Usage: " << prog_name << " -s <schema.json> -j <data.json>" << endl;
-}
-
-int main(int argc, char* argv[]) {
-	string schema_path, data_path;
-
-	// Simple argument parsing
-	for (int i = 1; i < argc; ++i) {
-		string arg = argv[i];
-		if ((arg == "-s" || arg == "--schema") && i + 1 < argc) {
-			schema_path = argv[++i];
-		} else if ((arg == "-j" || arg == "--json") && i + 1 < argc) {
-			data_path = argv[++i];
-		} else {
-			print_usage(argv[0]);
-			return 1;
-		}
-	}
-
-	if (schema_path.empty() || data_path.empty()) {
-		print_usage(argv[0]);
-		return 1;
-	}
-
-	ifstream schema_file(schema_path);
-	ifstream data_file(data_path);
-
-	if (!schema_file.is_open() || !data_file.is_open()) {
-		cerr << "Error: Could not open one or both files." << endl;
-		return 2;
-	}
-
-	json schema, document;
-	try {
-		schema_file >> schema;
-		data_file >> document;
-	} catch (const json::parse_error& e) {
-		cerr << "Parse error: " << e.what() << endl;
-		return 3;
-	}
-
-	try {
-		json_validator validator;
-		validator.set_root_schema(schema);
-		validator.validate(document);
-		cout << "Valid" << endl;
-	} catch (const std::exception& e) {
-		cerr << "Validation failed: " << e.what() << endl;
-		return 4;
-	}
-
-	return 0;
-}

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.3
+PKG_VERSION:=2.1.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=fdfe23e51ff77ca6d2661ad6208d097758524147
+PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libdsl/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdsl
-PKG_VERSION:=7.3.2
+PKG_VERSION:=7.2.100
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=20875ec79fcc7c546c2f1253c867d6afbc8bff75
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libdsl.git
-PKG_SOURCE_VERSION:=1aa9c40f9503311652e562617b1e15533257adcc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
@@ -37,9 +37,6 @@ else ifeq ($(CONFIG_TARGET_x86),y)
 else ifeq ($(CONFIG_TARGET_armvirt),y)
   TARGET_PLATFORM=TEST
   TARGET_CFLAGS +=-DIOPSYS_TEST
-else ifeq ($(CONFIG_TARGET_airoha),y)
-  TARGET_PLATFORM=AIROHA
-  TARGET_CFLAGS +=-DIOPSYS_AIROHA
 endif
 
 TARGET_CFLAGS += \
@@ -60,7 +57,7 @@ define Package/libdsl
   SUBMENU:=IOPSYS HAL libs
   MENU:=1
   TITLE:= xDSL library (libdsl)
-  DEPENDS+=TARGET_brcmbca:bcm963xx-bsp +TARGET_airoha:libeasy
+  DEPENDS+=TARGET_brcmbca:bcm963xx-bsp
 endef
 
 define Package/libdsl/description

libeasy/Makefile

@@ -1,28 +1,32 @@
 #
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 Iopsys
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.5.1
+PKG_VERSION:=7.4.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b981f7e1bd51f66041cd0c25d15af74ae1e3bc75
-PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libeasy.git
+PKG_SOURCE_VERSION:=ca7b20068c9d373e41045a2e899a9c697576262c
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libeasy.git
+PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=LGPL-2.1-only
-PKG_LICENSE_FILES:=
-PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
+PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
+
+TARGET_CFLAGS += \
+	-I$(STAGING_DIR)/usr/include \
+	-I$(STAGING_DIR)/usr/include/openssl \
+	-I$(STAGING_DIR)/usr/include/libnl3
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -30,6 +34,9 @@ define Build/Prepare
 endef
 endif
 
+MAKE_FLAGS += \
+	CFLAGS="$(TARGET_CFLAGS) -Wall"
+
 define Package/libeasy
   SECTION:=libs
   CATEGORY:=Libraries
@@ -40,7 +47,7 @@ define Package/libeasy
 endef
 
 define Package/libeasy/description
-  This package provides libeasy.so for common utility functions.
+  Library provides common utility functions
 endef
 
 define Build/InstallDev/libeasy
@@ -60,7 +67,6 @@ define Build/InstallDev/libeasy
 endef
 
 define Build/InstallDev
-	$(call Build/InstallDev/cmake,$(1))
 	$(call Build/InstallDev/libeasy,$(1),$(2))
 endef
 

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.7
+PKG_VERSION:=1.1.3
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=3a30086a68a3409f0396acb01380f91daabf7a2f
+PKG_SOURCE_VERSION:=f4ffa38b77e20f9e2a6b6ffd5b2bf83cddb6bffc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha

@@ -17,11 +17,6 @@ SLIC=$(cat /proc/device-tree/airoha-voice/slic-type)
 hasDect=$(db -q get hw.board.hasDect)
 [ "$hasDect" = "1" ] || exit 0
 
-# Set the DECT RFPI
-. /lib/functions/iopsys-environment.sh
-db set hw.board.dect_rfpi=$(get_dect_rfpi)
-db commit
-
 # configure the PCM for DECT/DCX81
 [ -f "/proc/device-tree/aliases/dcx81-uart" ] && {
     uci set dect.global.pcm_fsync='SHORT_LF'

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.13.10
+PKG_VERSION:=7.12.9
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5e8d828c01ed7ab2feba9028b603dde9708cb656
+PKG_SOURCE_VERSION:=0877163a9653a9f83c8244aa24f762a131ae02a6
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -61,7 +61,7 @@ else
 endif
 
 ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
-  TARGET_CFLAGS +=-DMT7915_VENDOR_EXT
+  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
 endif
 
 PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523

linux-pam/Makefile

@@ -31,8 +31,8 @@ MESON_ARGS += \
 
 define Package/linux-pam/install
 	$(INSTALL_DIR) $(1)/usr/lib/security
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./linux_pam.init $(1)/etc/init.d/linux_pam
+	$(INSTALL_DIR) $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/pam_faillock.uci_default $(1)/etc/uci-defaults/99-add_pam_faillock
 endef
 
 $(eval $(call BuildPackage,linux-pam))

linux-pam/files/pam_faillock.uci_default

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+create_faillock_files()
+{
+	# also create files needed by pam_faillock
+	touch /var/log/faillock
+	chmod 700 /var/log/faillock
+	touch /var/log/btmp
+	chmod 700 /var/log/btmp
+}
+
+update_pam_common_auth()
+{
+	local file="/etc/pam.d/common-auth"
+	local deny=6
+	local unlock_time=300
+
+	# update pam_unix.so line
+	sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
+
+	# Insert pam_faillock lines before and after pam_unix.so
+	sed -i -E "/pam_unix.so nullok_secure/i auth     required       pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
+	sed -i -E "/pam_unix.so nullok_secure/a auth     [default=die]  pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
+}
+
+update_pam_common_account()
+{
+	# update account file
+	sed -i "/pam_unix.so/ i account  required       pam_faillock.so" /etc/pam.d/common-account
+}
+
+if [ -f "/usr/lib/security/pam_faillock.so" ]; then
+	update_pam_common_auth
+	update_pam_common_account
+	create_faillock_files
+fi
+
+if [ -f /etc/config/sshd ]; then
+	uci -q set sshd.@sshd[0].UsePAM=1
+	uci commit sshd
+fi
+
+exit 0

linux-pam/linux_pam.init

@@ -1,18 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=11
-STOP=90
-USE_PROCD=1
-
-create_faillock_files()
-{
-	# also create files needed by pam_faillock
-	touch /var/log/faillock
-	chmod 700 /var/log/faillock
-	touch /var/log/btmp
-	chmod 700 /var/log/btmp
-}
-
-boot() {
-	create_faillock_files
-}

logmngr/Config.in

@@ -1,5 +1,4 @@
 if PACKAGE_logmngr
-
 choice
 	prompt "Select backend for syslog management"
 	default LOGMNGR_BACKEND_FLUENTBIT
@@ -32,5 +31,4 @@ config LOGMNGR_VENDOR_LOG_FILE
 	default y
 	help
 		It adds support for Device.DeviceInfo.VendorLogFile. Object.
-
 endif

logmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=logmngr
-PKG_VERSION:=1.1.4
+PKG_VERSION:=1.0.15
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
-PKG_SOURCE_VERSION:=62441fdfe14a39bff8fff7c62307bd7b54d7240f
+PKG_SOURCE_VERSION:=1561b71a2225af737db9f091204247ab4e141abb
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -29,6 +29,7 @@ define Package/logmngr
  CATEGORY:=Utilities
  TITLE:=Logging Manager
  DEPENDS:=+LOGMNGR_BACKEND_FLUENTBIT:fluent-bit
+ DEPENDS+=+@LOGMNGR_BACKEND_FLUENTBIT:BUSYBOX_CONFIG_KLOGD
  DEPENDS+=+LOGMNGR_BACKEND_SYSLOG_NG:syslog-ng
  DEPENDS+=+LOGMNGR_LOGROTATE:logrotate
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
@@ -52,37 +53,31 @@ endif
 
 define Package/logmngr/install
 	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_BIN) ./files/logmngr.init $(1)/etc/init.d/logmngr
+
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/10-logmngr_config_generate $(1)/etc/uci-defaults/
 
-	$(INSTALL_BIN) ./files/etc/init.d/logmngr $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/etc/config/logmngr $(1)/etc/config/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/10-logmngr_config_migrate $(1)/etc/uci-defaults/
-
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1) core 10
-
-	# Install logmngr service backend
 	$(INSTALL_DIR) $(1)/lib/logmngr
 ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
-	$(INSTALL_DIR) $(1)/sbin
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp/
-	$(INSTALL_BIN) ./files/logread $(1)/sbin/
 	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
-	$(INSTALL_BIN) ./files/etc/hotplug.d/ntp/20-reload_fluent_bit $(1)/etc/hotplug.d/ntp/
-else ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
+	$(INSTALL_DIR) $(1)/usr/libexec
+	$(INSTALL_BIN) ./files/logmngr-klogd $(1)/usr/libexec/
+	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_BIN) ./files/logread $(1)/sbin/
+endif
+ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif
-
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1) core 10
 ifeq ($(CONFIG_LOGMNGR_LOGROTATE),y)
+	$(INSTALL_BIN) ./files/11-logmngr_logrotate_config_generate $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/lib/logmngr/logrotate.sh $(1)/lib/logmngr/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/11-logmngr_logrotate_syslog $(1)/etc/uci-defaults/
 	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbflogrotate.so $(1) sysmngr 11
 endif
-
 ifeq ($(CONFIG_LOGMNGR_VENDOR_LOG_FILE),y)
 	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfvendorlog.so $(1) sysmngr 12
 endif
-
 endef
 
 $(eval $(call BuildPackage,logmngr))

logmngr/files/10-logmngr_config_generate

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+if uci -q get logmngr.@globals[0] >/dev/null; then
+	# return if there is any valid content
+	exit 0
+else
+	rm -f /etc/config/logmngr
+fi
+
+touch /etc/config/logmngr
+
+uci set logmngr.globals=globals
+uci set logmngr.globals.enable=1
+
+uci set logmngr.a1=action
+uci set logmngr.a1.name="ac1"
+
+uci set logmngr.lf1=log_file
+uci set logmngr.lf1.enable=1
+uci set logmngr.lf1.action="ac1"
+uci set logmngr.lf1.file="/var/log/messages"
+
+uci set logmngr.lr1=log_remote
+uci set logmngr.lr1.enable=0
+uci set logmngr.lr1.action="ac1"
+uci set logmngr.lr1.port="514"

logmngr/files/11-logmngr_logrotate_config_generate

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Adds a default log rotate policy if none exists
-if uci -q get logmngr.lro1 >/dev/null; then
+if uci -q get logmngr.@log_rotate[0] >/dev/null; then
 	# return if there is any valid content
 	exit 0
 fi

logmngr/files/etc/config/logmngr

@@ -1,26 +0,0 @@
-config globals 'globals'
-	option enable '1'
-
-config source 'default_source'
-	option name 'default_source'
-	option system_messages '1'
-	option kernel_messages '1'
-
-config template 'default_template'
-	option name 'default_template'
-	option expression '{time} {hostname} {ident}[{pid}]: {message}'
-
-config action 'default_action'
-	option name 'default_action'
-	list source 'default_source'
-	option template 'default_template'
-
-config log_file 'lf1'
-	option enable '1'
-	option action 'default_action'
-	option file '/var/log/messages'
-
-config log_remote 'lr1'
-	option enable '0'
-	option action 'default_action'
-	option port '514'

logmngr/files/etc/hotplug.d/ntp/20-reload_fluent_bit

@@ -1,14 +0,0 @@
-#!/bin/sh
-# This hotplug script reloads fluent-bit, so that kmsg logs' timestamp gets in sync
-
-[ "$ACTION" = stratum ] || exit 0
-
-# only once
-if ! uci -q get time.global.first_use_date > /dev/null 2>&1; then
-	flb_pid="$(pidof fluent-bit)"
-
-	if [ -n "$flb_pid" ]; then
-		logger -t "logmngr.hotplug" -p info "reload fluent-bit due to ntp sync"
-		kill -SIGHUP "$flb_pid"
-	fi
-fi

logmngr/files/etc/uci-defaults/10-logmngr_config_migrate

@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# check if this is a new type UCI or old type UCI
-if ! uci -q get logmngr.default_source > /dev/null; then
-	uci -q set logmngr.default_source=source
-	uci -q set logmngr.default_source.name='default_source'
-	uci -q set logmngr.default_source.system_messages='1'
-	uci -q set logmngr.default_source.kernel_messages='1'
-fi
-
-if ! uci -q get logmngr.default_template > /dev/null; then
-	uci -q set logmngr.default_template=template
-	uci -q set logmngr.default_template.name='default_template'
-	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}[{pid}]: {message}'
-fi
-
-if uci -q get logmngr.a1 >/dev/null; then
-	uci -q rename logmngr.a1='default_action'
-	uci -q set logmngr.default_action.name='default_action'
-	uci -q set logmngr.default_action.template='default_template'
-
-	uci -q delete logmngr.default_action.source
-	uci -q add_list logmngr.default_action.source='default_source'
-fi
-
-if uci -q get logmngr.lf1 >/dev/null; then
-	uci -q rename logmngr.lf1='default_logfile'
-	uci -q set logmngr.default_logfile.action='default_action'
-fi
-
-if uci -q get logmngr.lr1 >/dev/null; then
-	uci -q rename logmngr.lr1='default_logremote'
-	uci -q set logmngr.default_logremote.action='default_action'
-fi
-
-exit 0

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -5,38 +5,6 @@
 
 CONF_FILE=/etc/fluent-bit/fluent-bit.conf
 TMP_CONF_FILE=/tmp/fluent-bit/fluent-bit.conf
-FLUENT_BIT_CONF_DIR=/etc/fluent-bit/conf.d
-PROCESSED_SYSLOG_TAGS=""
-PROCESSED_KMSG_TAGS=""
-
-# check if syslog source section is already processed
-# and add it to the list of processed source sections
-syslog_tag_already_processed() {
-	local tag="$1"
-
-	for t in $PROCESSED_SYSLOG_TAGS; do
-		[ "$t" = "$tag" ] && return 0
-	done
-
-	PROCESSED_SYSLOG_TAGS="$tag $PROCESSED_SYSLOG_TAGS"
-
-	return 1
-}
-
-# check if kmsg source section is already processed
-# and add it to the list of processed source sections
-# two separate functions used because we want to populate
-# appropriate PROCESSED variable
-kmsg_tag_already_processed() {
-	local tag="$1"
-	for t in $PROCESSED_KMSG_TAGS; do
-		[ "$t" = "$tag" ] && return 0
-	done
-
-	PROCESSED_KMSG_TAGS="$tag $PROCESSED_KMSG_TAGS"
-
-	return 1
-}
 
 append_conf() {
 	echo "$*" >> ${TMP_CONF_FILE}
@@ -46,287 +14,201 @@ create_config_file() {
 	mkdir -p /tmp/fluent-bit
 	rm -f ${TMP_CONF_FILE}
 	touch ${TMP_CONF_FILE}
-	# include all files placed in FLUENT_BIT_CONF_DIR directory
-	# fluent-bit does not support using directory in include directive
-	# also, if no file is found then fluent-bit aborts
-	# so only add include if any file is present in the FLUENT_BIT_CONF_DIR
-	if [ -d "$FLUENT_BIT_CONF_DIR" ] && [ "$(ls -A "$FLUENT_BIT_CONF_DIR")" ]; then
-		append_conf "@INCLUDE ${FLUENT_BIT_CONF_DIR}/*"
-	fi
-	append_conf ""
 }
 
 create_service_section() {
 	# the service section of the fluent-bit.conf file has hardcoded values,
 	# no need to lookup any uci section to configure this section
-	append_conf "[SERVICE]"
-	append_conf "    flush        1"
-	append_conf "    daemon       off"
-	append_conf "    log_level    info"
-	append_conf "    coro_stack_size    24576"
-	append_conf "    parsers_file /etc/fluent-bit/parsers.conf"
-	append_conf "    hot_reload        on"
-	append_conf ""
-}
-
-create_default_filters() {
-	append_conf "[FILTER]"
-	append_conf "    name            modify"
-	append_conf "    match           KM*"
-	append_conf "    add             ident   kernel"
-	append_conf "    rename          msg     message"
-	append_conf ""
-
-	append_conf "[FILTER]"
-	append_conf "    name            modify"
-	append_conf "    match           *"
-	append_conf "    add             pid     0"
-	append_conf ""
-
-	append_conf "[FILTER]"
-	append_conf "    name            sysinfo"
-	append_conf "    match           *"
-	append_conf "    hostname_key    hostname"
-	append_conf ""
+	echo "[SERVICE]" >> ${TMP_CONF_FILE}
+	echo "    flush        1" >> ${TMP_CONF_FILE}
+	echo "    daemon       off" >> ${TMP_CONF_FILE}
+	echo "    log_level    info" >> ${TMP_CONF_FILE}
+	echo "    coro_stack_size    24576" >> ${TMP_CONF_FILE}
+	echo "    parsers_file /etc/fluent-bit/parsers.conf" >> ${TMP_CONF_FILE}
+	echo "" >> ${TMP_CONF_FILE}
 }
 
 create_input_section() {
 	local tag="$1"
 
-	[ -z "$tag" ] && return
-
-	# check if this source section has already been processed
-	syslog_tag_already_processed "$tag" && return
-
-	append_conf "[INPUT]"
-	append_conf "    name        syslog"
-	append_conf "    unix_perm   0666"
-	append_conf "    tag         $tag"
-	append_conf "    path        /dev/log"
-	append_conf ""
+	# the input in our case is always syslog, hence, this section of the
+	# fluent-bit.conf file has hardcoded values as well that do not depend
+	# on any uci value
+	echo "[INPUT]" >> ${TMP_CONF_FILE}
+	echo "    name        syslog" >> ${TMP_CONF_FILE}
+	echo "    tag         $tag" >> ${TMP_CONF_FILE}
+	echo "    path        /dev/log" >> ${TMP_CONF_FILE}
+	echo "" >> ${TMP_CONF_FILE}
 }
 
-populate_allowed_logs() {
-	local facility_level sev_level
-	local section="$1"
+generate_facility_regex() {
+	local facility_level=$1
+	local pri=0
 
-	[ -z "$section" ] && return
-
-	# reset
-	match_pattern=""
-	facilities=""
-	all_facilities=0
-	kern_facility=0
-	severities=""
-	sev_compare=1
-	sev_action=0
-
-	# read config
-	config_get match_pattern $section pattern_match
-
-	config_get facility_level $section facility_level
-	config_get sev_level $section severity_level
-	config_get sev_compare $section severity_compare 1
-	config_get sev_action $section severity_action 0
-
-	# normalize facilities
-	if [ -n "$facility_level" ]; then
-		for f in $facility_level; do
-			if [ "$f" = "24" ]; then
-				all_facilities=1
-				# xargs is used to convert from new line separated numbers to space separated numbers
-				facilities="$(seq 0 23 | xargs)"
-				break
-			fi
-
-			if [ "$f" = "0" ]; then
-				kern_facility=1
-			fi
-		done
-
-		if [ "$all_facilities" -eq 0 ]; then
-			facilities="$facility_level"
-		fi
-	else
-		# default to "all facilities" when unset
-        	all_facilities=1
-	        facilities="$(seq 0 23 | xargs)"
-	fi
-
-	# normalize severities
-	case "$sev_level" in
-		8)  	# all severities
-			severities="$(seq 0 7 | xargs)"
-			;;
-		9)  	# none
-			severities="none"
-			;;
-		"") 	# unset, treat as "all"
-			severities="$(seq 0 7 | xargs)"
-			;;
-		*)
-			if [ "$sev_compare" = "0" ]; then
-				# equal
-				severities="$sev_level"
-			else
-				# equl or higher
-				severities="$(seq 0 $sev_level | xargs)"
-			fi
-			;;
-	esac
-}
-
-create_filter_section() {
-	local match_regex="$1"
-	local pattern="$2"
-
-	[ -z "$match_regex" ] && return
-
-	append_conf "[FILTER]"
-	append_conf "    name        grep"
-	append_conf "    match_regex       $match_regex"
-
-	# we need "logical_op or" only in non-pattern sections
-	if [ "$pattern" = "0" ]; then
-		append_conf "    logical_op  or" # handle multiple filters
-	fi
-}
-
-create_kmsg_input_section() {
-	local tag="$1"
-	local max_sev=7
-
-	[ -z "$tag" ] && return
-	kmsg_tag_already_processed "$tag" && return
-
-	if [ -c "/dev/kmsg" ]; then
-		append_conf "[INPUT]"
-		append_conf "    name       kmsg"
-		append_conf "    tag        $tag"
-
-		# check kern facility (0)
-		if [ "$all_facilities" -eq 1 ] || [ "$kern_facility" -eq 1 ]; then
-			if [ "$severities" != "none" ]; then
-				# severity filtering
-				# only EqualOrHigher is supported by Prio_Level
-				# and only Log action is supported
-				# so set Prio_Level = max severity
-				if [ "$sev_action" = "0" ] && [ "$sev_compare" = "1" ]; then
-					if [ -n "$severities" ]; then
-						max_sev=$(echo $severities | tr ' ' '\n' | sort -n | tail -1)
-					fi
-
-					append_conf "    prio_level $max_sev"
-				fi
-			fi
-		fi
-
-		append_conf ""
-
-		# if severities is none, or
-		# if kern facility has been excluded
-		# then we need to stop kernel logs
-		# sev_action and sev_compare is being checked because we don't want to work with rules that exclude logs
-		if [ "$severities" = "none" ] || { [ "$kern_facility" -eq 0 ] && [ "$all_facilities" -eq 0 ] && [ "$sev_action" = "0" ] && [ "$sev_compare" = "1" ]; }; then
-			# block all
-			# create a filter section that matches on KM* tag
-			# and excludes all messages
-			create_filter_section "KM*" "0"
-			append_conf "    exclude    message ^.*$"
-			append_conf ""
-		fi
-	fi
-}
-
-generate_syslog_filter() {
-	local param="regex"
-
-	[ "$sev_action" = "1" ] && param="exclude"
-
-	# start adding the fluent-bit filter section
-	create_filter_section "SL*" "0"
-
-	if [ "$severities" = "none" ]; then
-		append_conf "    exclude    pri ^.*$"
+	if [ "$facility_level" == "24" ]; then
+		# value 24 means all facility level, which is as good as not
+		# generating a filter section, so return
 		return
 	fi
 
-	for fval in $facilities; do
-		for sval in $severities; do
-			local pri=$((fval * 8 + sval))
-			append_conf "    $param        pri ^${pri}$"
+	# facility_level is a list value, hence, generate regex for
+	# each value
+	IFS=" "
+	for val in $facility_level; do
+		# as per rfc 5424 and 3164, pri in syslog msg is
+		# facility*8+severity. Severity value can range from 0-7 hence
+		# generate regex for each.
+		for sval in 0 1 2 3 4 5 6 7; do
+			pri=`expr $val \* 8 + $sval`
+			echo "    regex        pri $pri" >> ${TMP_CONF_FILE}
 		done
 	done
-
-	append_conf ""
 }
 
-generate_pattern_filter() {
-	local match_regex="$1"
-	local match_pattern="$2"
+generate_severity_regex() {
+	local sev_level="$1"
+	local sev_compare="$2"
+	local sev_action="$3"
 
-	[ -z "$match_regex" ] && return
-	[ -z "$match_pattern" ] && return
+	local pri=0
+	local param="exclude"
 
-	# start adding the fluent-bit filter section
-	create_filter_section "$match_regex" "1"
-	append_conf "    regex        message $match_pattern"
-	append_conf ""
+	if [ "$sev_action" == "0" ]; then
+		param="regex"
+	fi
+
+	local fval=0
+	if [ "$sev_compare" == "0" ]; then
+		# generate regex for all facility values, with severity=sev_level
+		while [ $fval -le 23 ] ; do
+			pri=`expr $fval \* 8 + $sev_level`
+			echo "    $param        pri $pri" >> ${TMP_CONF_FILE}
+			fval=$((fval + 1))
+		done
+	elif [ "$sev_compare" == "1" ]; then
+		# generate regex for all severity value greater than or equal to
+		# sev_level. please, lower value have higher precedence, so sev_level
+		# 0 which is emergency has higher precedence than error which is 3
+		while [ $fval -le 23 ] ; do
+			sval=0
+			while [ $sev_level -ge $sval ]; do
+				pri=`expr $fval \* 8 + $sval`
+				echo "    $param        pri $pri" >> ${TMP_CONF_FILE}
+				sval=$((sval + 1))
+			done
+			fval=$((fval + 1))
+		done
+	fi
+}
+
+handle_filter_conf() {
+	local section="$1" # config filter
+	local filter_name="$2"
+	local name
+
+	# no need to proceed if name of filter section is not one of the values
+	# listed in option filter in config action section
+	config_get name $section name
+	if [ "$name" != "$filter_name" ]; then
+		return
+	fi
+
+	# as per data model, at a time either facility_level or severity_level can
+	# be specified along with pattern_match. hence, first process and generate
+	# regex for pattern_match which is common in both condition. Next, we will
+	# process facility_level and return if facility level is defined and not
+	# process severity related params at all.
+
+	local pattern_match
+	config_get pattern_match $section pattern_match
+	if [ -n "$pattern_match" ]; then
+		echo "    regex        $pattern_match" >> ${TMP_CONF_FILE}
+	fi
+
+	local facility_level
+	config_get facility_level $section facility_level
+
+	if [ -n "$facility_level" ]; then
+		generate_facility_regex $facility_level
+		# return from here since if facility_level is defined, then no
+		# need to process severity_level
+		return
+	fi
+
+	local sev_level
+	local sev_compare
+	local sev_action
+	config_get sev_level $section severity_level
+
+	if [ -n "$sev_level" ]; then
+		# value 1 of severity compare corresponds to data model
+		# and system default which is EqualorHigher
+		config_get sev_compare $section severity_compare 1
+		# value 0 of severity action corresponds to data model
+		# and system default that is log
+		config_get sev_action $section severity_action 0
+
+		generate_severity_regex $sev_level $sev_compare $sev_action
+	fi
+}
+
+create_filter_section() {
+	local match="$1"
+
+	echo "[FILTER]" >> ${TMP_CONF_FILE}
+	echo "    name        grep" >> ${TMP_CONF_FILE}
+	echo "    match       $match" >> ${TMP_CONF_FILE}
+	echo "    logical_op  or" >> ${TMP_CONF_FILE} # handle multiple filters
+}
+
+handle_filter_ref() {
+	local filter_name="$1"
+	config_foreach handle_filter_conf filter "$filter_name"
 }
 
 handle_log_file() {
 	local section="$1" # out_file section
-	local linker="$2"
-	local match_regex="$3"
-	local template="$4"
+	local match="$2"
 	local action_ref
 
 	config_get action_ref $section action
-	if [ "$action_ref" != "$linker" ]; then
+	if [ "$action_ref" != "$match" ]; then
 		return
 	fi
 
 	local enabled
-	config_get_bool enabled $section enable
-	if [ "$enabled" = "0" ]; then
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
 		return
 	fi
 
 	local file
 	config_get file $section file
-	if [ -z "$file" ] || [ -z "$match_regex" ]; then
+	if [ -z "$file" ]; then
 		return
 	fi
 
-	append_conf "[OUTPUT]"
-	append_conf "    name         file"
-	append_conf "    workers      2"
-	append_conf "    match_regex  $match_regex"
-	append_conf "    file         $file"
-
-
-	if [ -n "$template" ]; then
-		append_conf "    format       template"
-		append_conf "    template     ${template}"
-	fi
-
-	append_conf ""
+	echo "[OUTPUT]" >> ${TMP_CONF_FILE}
+	echo "    name         file" >> ${TMP_CONF_FILE}
+	echo "    match        $match" >> ${TMP_CONF_FILE}
+	echo "    file         $file" >> ${TMP_CONF_FILE}
+	echo "    format       template" >> ${TMP_CONF_FILE}
+	echo "    template     {time} {hostname} {ident}: {message}" >> ${TMP_CONF_FILE}
 }
 
 handle_log_remote() {
 	local section="$1"
-	local linker="$2"
-	local match_regex="$3"
+	local match="$2"
 	local action_ref
 
 	config_get action_ref $section action
-	if [ "$action_ref" != "$linker" ]; then
+	if [ "$action_ref" != "$match" ]; then
 		return
 	fi
 
 	local enabled
-	config_get_bool enabled $section enable
-	if [ "$enabled" = "0" ]; then
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
 		return
 	fi
 
@@ -336,167 +218,83 @@ handle_log_remote() {
 		return
 	fi
 
-	append_conf "[OUTPUT]"
-	append_conf "    name         syslog"
-	append_conf "    match_regex  $match_regex"
-	append_conf "    host         $address"
+	echo "[OUTPUT]" >> ${TMP_CONF_FILE}
+	echo "    name         syslog" >> ${TMP_CONF_FILE}
+	echo "    match        $match" >> ${TMP_CONF_FILE}
+	echo "    host         $address" >> ${TMP_CONF_FILE}
 	append_conf "    syslog_appname_key   ident"
 	append_conf "    syslog_procid_key    pid"
 	append_conf "    syslog_message_key   message"
-	append_conf "    syslog_hostname_key  hostname"
+
+	local hostname="$(uci -q get 'system.@system[0].hostname')"
+	if [ -n "${hostname}" ]; then
+		append_conf "    syslog_hostname_preset    ${hostname}"
+	fi
 
 	local proto # holds value tcp or udp
 	config_get proto ${section} proto
 	if [ -n "$proto" ]; then
 		if [ "$proto" == "tls" ]; then
-			append_conf "    mode         tcp"
-			append_conf "    tls          on"
+			echo "    mode         tcp" >> ${TMP_CONF_FILE}
+			echo "    tls          on" >> ${TMP_CONF_FILE}
 		else
-			append_conf "    mode         $proto"
+			echo "    mode         $proto" >> ${TMP_CONF_FILE}
 		fi
 	fi
 
 	local port
 	config_get port $section port
 	if [ -n "$port" ]; then
-		append_conf "    port         $port"
+		echo "    port         $port" >> ${TMP_CONF_FILE}
 	fi
 
 	local cert
 	local peer_verify
 	config_get cert $section cert
 	if [ -n "$cert" ]; then
-		append_conf "    tls.crt_file $cert"
+		echo "    tls.crt_file $cert" >> ${TMP_CONF_FILE}
 
-		config_get_bool peer_verify $section peer_verify
-		if [ "$peer_verify" = "1" ]; then
-			append_conf "    tls.verify     on"
+		config_get peer_verify $section peer_verify
+		if [ "$peer_verify" == "1" ]; then
+			echo "    tls.verify     on" >> ${TMP_CONF_FILE}
 		fi
 	fi
-	append_conf ""
-}
-
-resolve_source_section() {
-	local src_section="$1"
-	local linker="$2"
-	local src_name syslog_en kernel_en
-
-	config_get src_name "$src_section" name
-	[ "$src_name" = "$linker" ] || return
-
-	config_get_bool syslog_en "$src_section" system_messages 1
-	config_get_bool kernel_en "$src_section" kernel_messages 1
-
-	# create an input section using /dev/log or kmsg
-	# and store the tag in a variable
-	# so that later a regex can be made to match this tag
-	# which will be used in output section
-	if [ "$syslog_en" = "1" ]; then
-		source_tag_syslog="SL$src_name"
-		create_input_section "$source_tag_syslog"
-	fi
-
-	if [ "$kernel_en" = "1" ]; then
-		source_tag_kmsg="KM$src_name"
-		create_kmsg_input_section "$source_tag_kmsg"
-	fi
-}
-
-# get the value of option expression from the relevant section
-resolve_template_section() {
-	local tmpl_section="$1"
-	local tmpl_name
-
-	config_get tmpl_name "$tmpl_section" name
-	[ "$tmpl_name" = "$template_ref" ] || return
-
-	config_get template_expr "$tmpl_section" expression
-
-	[ -n "$template_expr" ] && echo "$template_expr"
-}
-
-# loop over template sections and get the value of option expression from the relevant section
-get_template_expression() {
-	local template_ref="$1"
-	[ -n "$template_ref" ] && config_foreach resolve_template_section template
-}
-
-# build a regex that will match all the tags supplied to this function
-build_match_regex() {
-	local tags="$1"
-	local first=1
-	local regex="^("
-	for tag in $tags; do
-		[ "$first" -eq 1 ] && first=0 || regex="$regex|"
-		regex="$regex$tag"
-	done
-	regex="$regex)\$"
-	echo "$regex"
-}
-
-handle_filter_conf() {
-	local section="$1" # config filter
-	local filter_name="$2"
-	local name
-
-	config_get name $section name
-	[ "$name" = "$filter_name" ] || return
-
-	populate_allowed_logs "$filter_name"
 }
 
 handle_action() {
-	local tag_regex filter source_ref template_ref source_sec log_template finst
-	local action_section="$1"
-	local source_tag_syslog source_tag_kmsg
+	local section="$1"
 
-	# shared variables set by populate_allowed_logs
-	match_pattern=""
-	facilities=""
-	all_facilities=0
-	kern_facility=1
-	severities=""
-	sev_compare=1
-	sev_action=0
+	local filter
+	config_get filter $section filter
 
-	config_get action_name "$action_section" name
-	config_get filter "$action_section" filter
-	config_get source_ref "$action_section" source
-	config_get template_ref "$action_section" template
+	# use config action option name as tag for input
+	local tag
+	config_get tag $section name
+	if [ -z "$tag" ]; then
+		return
+	fi
 
-	[ -z "$action_name" ] && return
-	[ -z "$source_ref" ] && return
-
-	# read filter section and populate relevant variables
-	# these variables will be used by create_kmsg_input_section
-	# generate_syslog_filter, and generate_pattern_filter functions
+	create_input_section $tag
 	if [ -n "$filter" ]; then
+		# the only fluentbit filter that is useful for the datamodel is
+		# grep. Also, fluentbit does not seem to handle multiple instances
+		# of FILTER of same kind. Hence, each filter section corresponding
+		# to an action entry in the uci would translate for us into a set of
+		# regex/exclude values instead of individual FILTER section per uci
+		# section filter is a list, treat according
+		create_filter_section $tag
+
+		IFS=" "
 		for finst in $filter; do
-			config_foreach handle_filter_conf filter "$finst"
+			handle_filter_ref $finst
 		done
 	fi
 
-	# Resolve referenced source sections
-	for source_sec in $source_ref; do
-		config_foreach resolve_source_section source "$source_sec"
-	done
-
-	# build a regex that will match all the sources for this action
-	tag_regex=$(build_match_regex "$source_tag_syslog $source_tag_kmsg")
-
-	if [ -n "$filter" ]; then
-		generate_pattern_filter "$tag_regex" "$match_pattern"
-		generate_syslog_filter
-	fi
-
-	# get the template expression if any is present
-	log_template="$(get_template_expression "$template_ref")"
-
-	# handle output, each action can be associated with an out_log and out_syslog
+	# handle output, each action can be associated with a out_log and out_syslog
 	# section so figure out if any out_log or out_syslog section is associated
 	# with this and action and setup output accordingly.
-	config_foreach handle_log_file log_file "$action_name" "$tag_regex" "$log_template"
-	config_foreach handle_log_remote log_remote "$action_name" "$tag_regex"
+	config_foreach handle_log_file log_file "$tag"
+	config_foreach handle_log_remote log_remote "$tag"
 }
 
 handle_action_section() {
@@ -509,22 +307,25 @@ logmngr_init() {
 
 	config_load logmngr
 	config_get_bool enabled globals enable "1"
+	config_get conf_path globals conf_path
 
 	create_config_file
 	create_service_section
-	create_default_filters
 	handle_action_section
 
 	if [ -f /lib/logmngr/logrotate.sh ]; then
 		logrotate_init
 	fi
 
-	if [ "$enabled" = "0" ]; then
+	if [ "$enabled" == "0" ]; then
 		return
 	fi
 
 	procd_open_instance logmngr
-	if [ -s "${TMP_CONF_FILE}" ]; then
+	if [ -n "${conf_path}" ]; then
+		procd_set_param command $PROG -c ${conf_path}
+		procd_set_param file ${conf_path}
+	elif [ -s "${TMP_CONF_FILE}" ]; then
 		procd_set_param command $PROG -c ${TMP_CONF_FILE}
 		procd_set_param file ${TMP_CONF_FILE}
 	elif [ -s "${CONF_FILE}" ]; then
@@ -533,4 +334,9 @@ logmngr_init() {
 	fi
 	procd_set_param respawn
 	procd_close_instance
+
+	procd_open_instance klogd
+	procd_set_param command /usr/libexec/logmngr-klogd
+	procd_set_param respawn
+	procd_close_instance
 }

logmngr/files/lib/logmngr/logrotate.sh

@@ -4,14 +4,11 @@
 
 LOGROTATE_FILE=/etc/logrotate.conf
 LOGROTATE_TMP_FILE=/tmp/logrotate/logrotate.conf
-CONF_DIR=/etc/logrotate.d
 
 create_logrotate_file() {
 	mkdir -p /tmp/logrotate
 	rm -f ${LOGROTATE_TMP_FILE}
 	touch ${LOGROTATE_TMP_FILE}
-	echo -e "include ${CONF_DIR}" >> ${LOGROTATE_TMP_FILE}
-	echo -e "" >> ${LOGROTATE_TMP_FILE}
 }
 
 handle_logrotate() {

logmngr/files/logmngr-klogd

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+until [ -S /dev/log ]; do
+	sleep 1
+done
+
+exec /sbin/klogd -n

map-agent/Config.in

@@ -55,10 +55,6 @@ config AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST
 config AGENT_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config AGENT_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping. Depends on libztdpp.so"
-	default n
-
 config AGENT_CHECK_PARTIAL_WIFI_RELOAD
 	bool "Option that allow SSID/PSK simple reload"
 	default y

map-agent/Makefile

@@ -1,14 +1,13 @@
 #
-# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.7.17
+PKG_VERSION:=6.3.5.3
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=7f71fafbec49fa4b25d1e8d07cfc1fee5b4bbab0
+PKG_SOURCE_VERSION:=a2cc8dde8da330c2e78e186174db45ba36681b6a
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -27,7 +26,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-agent
   SECTION:=utils
   CATEGORY:=Utilities
-  TITLE:=Wi-Fi Multi-AP Agent (EasyMesh R6)
+  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
   DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
 	   +ieee1905-map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp \
 	   +uuidgen +openssl-util +!TARGET_brcmbca:ebtables-legacy \
@@ -46,12 +45,9 @@ define Package/dynbhd
 	  +ieee1905-map-plugin +map-agent
 endef
 
-ifeq ($(CONFIG_AGENT_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
 
 define Package/map-agent/description
-  This package provides EasyMesh R6 compliant Wi-Fi Multi-AP Agent.
+ This package implements EasyMesh R2 compliant WiFi Agent.
 endef
 
 define Package/dynbhd/description

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -61,14 +61,6 @@ remove_from_bridge() {
 	[ -n "$ifname" ] && brctl delif ${al_bridge} ${ifname}
 }
 
-get_network_id() {
-	local ifname=$1
-
-	[ -n "$ifname" ] || return
-	network_id=$(wpa_cli -i $ifname list_n|tail -n 1 | awk '{print $1}')
-	echo ${network_id}
-}
-
 update_bstas() {
 	section="$1"
 	action="$2"
@@ -76,15 +68,14 @@ update_bstas() {
 	config_get ifname "$section" ifname
 	config_get_bool enabled "$section" enabled 0
 
-	network_id=$(get_network_id $ifname)
 	if [ "$action" = "down" ]; then
 		wpa_cli -i "$ifname" disconnect > /dev/null 2>&1
-		wpa_cli -i "$ifname" disable_network $network_id  > /dev/null 2>&1
+		wpa_cli -i "$ifname" disable_network 0  > /dev/null 2>&1
 #		wpa_cli -i "$ifname" save_config  > /dev/null 2>&1
 	elif [ "$action" = "up" ]; then
 		[ "$enabled" -eq 0 ] && return
 		wpa_cli -i "$ifname" reconnect > /dev/null 2>&1
-		wpa_cli -i "$ifname" enable_network $network_id  > /dev/null 2>&1
+		wpa_cli -i "$ifname" enable_network 0  > /dev/null 2>&1
 #		wpa_cli -i "$ifname" save_config  > /dev/null 2>&1
 	fi
 }

map-agent/files/etc/init.d/mapagent

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=97
+START=98
 STOP=20
 
 USE_PROCD=1
@@ -203,7 +203,7 @@ start_service() {
 
 	procd_open_instance
 	create_dir
-	procd_set_param command "/usr/sbin/mapagent" "-d" "-o" "/tmp/mapagent.log" "-f"
+	procd_set_param command "/usr/sbin/mapagent" "-d"
 	procd_set_param respawn
 #	procd_set_param stdout 1
 #	procd_set_param stderr 1

map-agent/files/etc/uci-defaults/100-mapagent-config-migrate.sh

@@ -1,53 +0,0 @@
-#!/bin/sh
-. /lib/functions.sh
-
-cfg=mapagent
-config_load $cfg
-
-if uci -q get $cfg.agent.partial_wifi_reload >/dev/null; then
-	uci -q set $cfg.agent.partial_wifi_reload='0'
-fi
-
-if uci -q get $cfg.agent.chan_ch_relay_mcast >/dev/null; then
-	uci -q set $cfg.agent.chan_ch_relay_mcast='0'
-fi
-
-rename_dpp_uri() {
-	local section="$1"
-	local type device ifname band
-	local ch_list=""
-
-	config_get type "$section" type
-	config_get device "$section" device
-	config_get ifname "$section" ifname
-	config_get band "$section" band
-	config_get chirp_interval "$section" chirp_interval
-
-	append_chan() {
-		local val="$1"
-		local chan_num="${val#*/}"
-		ch_list="$ch_list $chan_num"
-	}
-	config_list_foreach "$section" chan append_chan
-
-	new_section=$(uci add "$cfg" dpp_chirp)
-	[ -n "$type" ] && uci set "$cfg.$new_section.type=$type"
-	[ -n "$device" ] && uci set "$cfg.$new_section.device=$device"
-	[ -n "$ifname" ] && uci set "$cfg.$new_section.ifname=$ifname"
-	[ -n "$band" ] && uci set "$cfg.$new_section.band=$band"
-
-	if [ -n "$chirp_interval" ]; then
-		uci set "${cfg}.${new_section}.chirp_interval=$chirp_interval"
-	fi
-
-	for ch in $ch_list; do
-		uci add_list "$cfg.$new_section.channel=$ch"
-	done
-	uci delete "$cfg.$section"
-}
-
-uci -q delete "$cfg.@dpp_controller[0]"
-
-config_foreach rename_dpp_uri dpp_uri
-
-exit 0

map-agent/files/lib/multiap/map_genconfig

@@ -44,16 +44,19 @@ generate_multiap_config() {
 			2g)
 				mode_band=2
 				priority=2
+				dpp_chan="81/1"
 				channels="1 6 11"
 			;;
 			5g)
 				mode_band=5
 				priority=1
+				dpp_chan="128/36"
 				channels="36-64 100-112"
 			;;
 			6g)
 				mode_band=6
 				priority=0
+				dpp_chan="133/49"
 			;;
 		esac
 
@@ -155,17 +158,13 @@ generate_multiap_config() {
 				uci set mapagent.@bsta[-1].band="$mode_band"
 				uci set mapagent.@bsta[-1].priority="$priority"
 
-				# add dpp_chirp section for 2.4GHz bSTA
-				if [ $mode_band -eq 2 ]; then
-					uci add mapagent dpp_chirp
-					uci set mapagent.@dpp_chirp[-1].type="qrcode"
-					uci set mapagent.@dpp_chirp[-1].device="$device"
-					uci set mapagent.@dpp_chirp[-1].ifname="$ifname"
-					uci set mapagent.@dpp_chirp[-1].band="$mode_band"
-					for channel in $channels; do
-						uci add_list mapagent.@dpp_chirp[-1].channel="$channel"
-					done
-				fi
+				#uci add mapagent dpp_uri
+				#uci set mapagent.@dpp_uri[-1].type="qrcode"
+				#uci set mapagent.@dpp_uri[-1].device="$device"
+				#uci set mapagent.@dpp_uri[-1].ifname="$ifname"
+				#uci set mapagent.@dpp_uri[-1].band="$mode_band"
+				#uci set mapagent.@dpp_uri[-1].chirp_interval="10"
+				#uci add_list mapagent.@dpp_uri[-1].dpp_chan="$dpp_chan"
 
 				if [ $generate_wireless_sta_config -eq 1 ]; then
 					secname="default_sta_${device}"
@@ -259,6 +258,6 @@ map_genconf () {
 				config_foreach mapcontroller_remove_mld_id ap
 			}
 		fi
-		ubus -t 5 call uci commit '{"config":"mapcontroller"}'
+		uci -q commit mapcontroller
 	fi
 }

map-controller/Config.in

@@ -39,10 +39,6 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config CONTROLLER_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping via passphrase."
-	default n
-
 config CONTROLLER_PROPAGATE_PROBE_REQ
 	depends on CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable publishing probe requests vendor specific messages as UBUS events"

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.4.13
+PKG_VERSION:=6.3.0.17
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=bd0fb2b63830e19038d9495517c03fdc3900cdfa
+PKG_SOURCE_VERSION:=7f55e5705fee1b879d651bbba872ec5d7152d5ab
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -36,9 +36,6 @@ ifeq ($(CONFIG_CONTROLLER_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-ifeq ($(CONFIG_CONTROLLER_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
 
 define Package/map-controller/description
  This package provides WiFi MultiAP Controller as per the EasyMesh-R2 specs.
@@ -77,30 +74,12 @@ ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)
 TARGET_CFLAGS += -DPROPAGATE_PROBE_REQ
 endif
 
-define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/include/map-controller
-	$(INSTALL_DIR) $(1)/usr/include/map-controller/utils
-	$(CP) $(PKG_BUILD_DIR)/src/wifi_dataelements.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands_impl.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_apis.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_plugin.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/wifi_opclass.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/steer_module.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/timer.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/timer_impl.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/utils/debug.h $(1)/usr/include/map-controller/utils
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/src/libcntlr-apis.so $(1)/usr/lib
-endef
-
 define Package/map-controller/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mapcontroller $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/src/libcntlr-apis.so $(1)/usr/lib
 	$(CP) $(PKG_BUILD_DIR)/src/plugins/steer/rcpi/rcpi.so $(1)/usr/lib/mapcontroller/rcpi.so
 endef
 

map-controller/files/etc/config/mapcontroller

@@ -2,19 +2,20 @@ config controller 'controller'
 	option enabled '1'	# may be modified by other package start-up scripts (i.e. map-agent)
 	option profile '3'
 	option registrar '2 5 6'
-	option debug '2'
+	option debug '0'
 	option bcn_metrics_max_num '10'
 	option initial_channel_scan '0'
 	option enable_ts '0'
 	option primary_vid '1'
 	option primary_pcp '0'
+	option allow_bgdfs '0'
 	option stale_sta_timeout '30d'
+	option channel_plan '0'
 	option de_collect_interval '60'
-	list plugin 'zerotouch'
 
-config sta_steering 'sta_steering'
+config sta_steering
 	option enable_sta_steer '1'
-	option enable_bsta_steer '1'
+	option enable_bsta_steer '0'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'
@@ -24,12 +25,6 @@ config sta_steering 'sta_steering'
 	option plugins_enabled '1'
 	option plugins_policy 'any'
 	list plugins 'rcpi'
-	list plugins 'rate'
-	list plugins 'bsteer'
-
-config channel_plan 'channel_plan'
-	option preclear_dfs '0'
-	option acs '0'
 
 ###################
 # Default AP sections credentials will by updated

map-controller/files/etc/init.d/mapcontroller

@@ -71,7 +71,7 @@ validate_ap_section() {
 			'encryption:or("sae", "sae+aes", "psk2",
 				"psk2+aes", "sae-mixed", "sae-mixed+aes",
 				"none", "psk-mixed", "psk-mixed+aes",
-				"psk", "psk+aes", "wpa", "wpa2", "wpa-mixed")' \
+				"psk", "psk+aes")' \
 			'key:string' \
 			'vid:range(1,65535):1' \
 			'type:or("backhaul", "fronthaul", "combined")' \

map-controller/files/etc/uci-defaults/100-mapcntlr-config-migrate.sh

@@ -1,31 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-cfg=mapcontroller
-config_load $cfg
-
-uci -q get $cfg.controller.debug >/dev/null 2>&1 && \
-	uci set $cfg.controller.debug='2'
-
-allow_bgdfs=$(uci -q get $cfg.controller.allow_bgdfs || echo "0")
-channel_plan_val=$(uci -q get $cfg.controller.channel_plan || echo "0")
-
-uci -q delete $cfg.controller.allow_bgdfs
-uci -q delete $cfg.controller.channel_plan
-
-uci -q get $cfg.controller.stale_sta_timeout >/dev/null 2>&1 || \
-	uci set $cfg.controller.stale_sta_timeout='30d'
-
-if [ -f /usr/lib/mapcontroller/zerotouch.so ]; then
-	uci -q del_list $cfg.controller.plugin='zerotouch'
-	uci -q add_list $cfg.controller.plugin='zerotouch'
-fi
-
-if ! uci show $cfg 2>/dev/null | grep -q "=channel_plan"; then
-	section=$(uci add $cfg channel_plan)
-	uci set $cfg.$section.preclear_dfs="$allow_bgdfs"
-	uci set $cfg.$section.acs="$channel_plan_val"
-fi
-
-exit 0

map-controller/files/etc/uci-defaults/99-mapcntlr-uci-rename-singletons

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-cfg=mapcontroller
-
-# singleton sections
-sections="channel_plan sta_steering"
-
-for sec in $sections; do
-    # find unnamed section of given type, only index 0
-    s=$(uci show $cfg | grep -oE "@${sec}\[0\]" | sort -u)
-    [ "$s" = "" ] && continue
-
-    uci rename $cfg.$s=$sec
-done
-
-uci commit $cfg

map-controller/files/etc/uci-defaults/99-mapcontroller-sta-steering

@@ -21,21 +21,9 @@ adapt_sta_steering() {
 	uci -q del $cfg.@sta_steering[0].use_usta_metrics
 	uci -q del $cfg.@sta_steering[0].bandsteer
 	uci -q del $cfg.@sta_steering[0].diffsnr
-	if [ -f /usr/lib/mapcontroller/rcpi.so ]; then
-		uci -q del_list $cfg.@sta_steering[0].plugins="rcpi"
-		uci -q add_list $cfg.@sta_steering[0].plugins="rcpi"
-	fi
-
-	if [ -f /usr/lib/mapcontroller/rate.so ]; then
-		uci -q del_list $cfg.@sta_steering[0].plugins="rate"
-		uci -q add_list $cfg.@sta_steering[0].plugins="rate"
-	fi
-
-	if [ -f /usr/lib/mapcontroller/bsteer.so ]; then
-		uci -q del_list $cfg.@sta_steering[0].plugins="bsteer"
-		uci -q add_list $cfg.@sta_steering[0].plugins="bsteer"
-	fi
 
+	uci del_list $cfg.@sta_steering[0].plugins="rcpi"
+	uci add_list $cfg.@sta_steering[0].plugins="rcpi"
 	uci -q set $cfg.@sta_steering[0].plugins_enabled="1"
 	uci -q set $cfg.@sta_steering[0].plugins_policy="any"
 

map-plugins/Config.in

@@ -1,11 +0,0 @@
-if (PACKAGE_map-plugins)
-
-menu "Options"
-
-config STEER_RATE_PLUGIN
-	bool "STA steering based on estimated throughput of target-AP"
-	default PACKAGE_map-plugins-steer-rate
-
-endmenu
-
-endif

map-plugins/Makefile

@@ -1,74 +0,0 @@
-#
-# Copyright (C) 2025 Genexis Sweden AB
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=map-plugins
-PKG_VERSION:=1.2.6
-
-LOCAL_DEV=0
-ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=dd873ca4e2cb321302dae1955da24d1be271b2b1
-PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=skip
-endif
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_LICENSE:=PROPRIETARY GENEXIS
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_CONFIG_DEPENDS := CONFIG_PACKAGE_mapcontroller
-PKG_BUILD_DEPENDS := map-controller
-
-include $(INCLUDE_DIR)/package.mk
-
-include $(wildcard plugins/*.mk)
-
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
-
-MAKE_FLAGS += \
-	CFLAGS="$(TARGET_CFLAGS) -Wall"
-
-plugins := \
-	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)   \
-	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer) \
-	$(if $(CONFIG_PACKAGE_map-plugins-zero-touch),zero-touch)
-
-ppkg:=$(patsubst plugins/%.mk,map-plugins-%,$(wildcard plugins/*.mk))
-
-define Package/map-plugins/Default
-	SECTION:=utils
-	CATEGORY:=Utilities
-	SUBMENU:=Multi-AP value added services
-endef
-
-define Package/map-plugins/config
-  source "$(SOURCE)/Config.in"
-endef
-
-define Package/map-plugins
-	$(call Package/map-plugins/Default)
-	TITLE:=Multi-AP plugins modules
-	DEPENDS+=+libeasy +libwifiutils +map-controller
-endef
-
-define Package/map-plugins/description
-	Provides extra Multi-AP services viz. steering, channel-planning, self-organizing network etc.
-endef
-
-define Package/map-plugins/install
-	:
-endef
-
-define Build/Compile
-	$(foreach p,$(plugins),$(call Build/Compile/map-plugins-$(p), $(1)))
-endef
-
-$(eval $(call BuildPackage,map-plugins))
-$(eval $(foreach p,$(ppkg),$(call BuildPackage,$(p))))

map-plugins/plugins/bsteer.mk

@@ -1,20 +0,0 @@
-define Package/map-plugins-bsteer
-	$(call Package/map-plugins/Default)
-	TITLE:=Wi-Fi backhaul steering plugin based on maximizing backhaul throughput
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-bsteer/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/steer/bsteer/bsteer.so $(1)/usr/lib/mapcontroller/bsteer.so
-endef
-
-define Build/Compile/map-plugins-bsteer
-	$(MAKE) -C $(PKG_BUILD_DIR)/steer/bsteer \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

map-plugins/plugins/steer-rate.mk

@@ -1,20 +0,0 @@
-define Package/map-plugins-steer-rate
-	$(call Package/map-plugins/Default)
-	TITLE:=STA steering based on estimated throughput of target-AP
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-steer-rate/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/steer/rate/rate.so $(1)/usr/lib/mapcontroller/rate.so
-endef
-
-define Build/Compile/map-plugins-steer-rate
-	$(MAKE) -C $(PKG_BUILD_DIR)/steer/rate \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

map-plugins/plugins/zero-touch.mk

@@ -1,22 +0,0 @@
-define Package/map-plugins-zero-touch
-	$(call Package/map-plugins/Default)
-	TITLE:=Full Zero-touch bootstrapping of Wi-Fi Repeater device(s)
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-zero-touch/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/zerotouch.so $(1)/usr/lib/mapcontroller/zerotouch.so
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/libztdpp.so $(1)/usr/lib/libztdpp.so
-
-endef
-
-define Build/Compile/map-plugins-zero-touch
-	$(MAKE) -C $(PKG_BUILD_DIR)/zero-touch \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

mcastmngr/files/common/etc/uci-defaults/61-mcast_config_generate

@@ -65,69 +65,12 @@ generate_igmp_proxy_config(){
 	uci add_list mcast.@proxy[-1].filter="239.0.0.0/8"
 }
 
-generate_mld_snooping_config(){
-	local u_itf="$1"
-
-	uci add mcast snooping
-	uci rename mcast.@snooping[-1]="mc_snooping_MLD"
-	uci set mcast.@snooping[-1].enable="1"
-	uci set mcast.@snooping[-1].proto="mld"
-	uci set mcast.@snooping[-1].version="2"
-	uci set mcast.@snooping[-1].robustness="2"
-	uci set mcast.@snooping[-1].query_interval="125"
-	uci set mcast.@snooping[-1].query_response_interval="100"
-	uci set mcast.@snooping[-1].last_member_query_interval="10"
-	uci set mcast.@snooping[-1].fast_leave="1"
-	uci set mcast.@snooping[-1].snooping_mode="2"
-	uci set mcast.@snooping[-1].interface="$u_itf"
-}
-
-generate_igmp_snooping_config(){
-	local u_itf="$1"
-
-	uci add mcast snooping
-	uci rename mcast.@snooping[-1]="igmp_snooping_1"
-	uci set mcast.@snooping[-1].enable="1"
-	uci set mcast.@snooping[-1].proto="igmp"
-	uci set mcast.@snooping[-1].version="2"
-	uci set mcast.@snooping[-1].robustness="2"
-	uci set mcast.@snooping[-1].query_interval="125"
-	uci set mcast.@snooping[-1].query_response_interval="100"
-	uci set mcast.@snooping[-1].last_member_query_interval="10"
-	uci set mcast.@snooping[-1].fast_leave="1"
-	uci set mcast.@snooping[-1].snooping_mode="2"
-	uci set mcast.@snooping[-1].interface="$u_itf"
-
-	uci add_list mcast.@snooping[-1].filter="239.0.0.0/8"
-}
-
-check_wan_bridge() {
-	local config="$1"
-	local wan_device="$2"
-	local name type
-
-	[ $((is_wan_bridge)) -ne 0 ] && return
-
-	config_get type "$config" type
-	config_get name "$config" name
-
-	[ "$type" = "bridge" -a "$wan_device" = "$name" ] && is_wan_bridge=1
-}
-
 generate_mcast_config(){
-	local up_itf="$(uci -q get network.wan.device)"
-	local is_wan_bridge=0
 
-	config_load network
-	config_foreach check_wan_bridge device "$up_itf"
+	up_itf="$(uci -q get network.wan.device)"
 
-	if [ $((is_wan_bridge)) -eq 0 ]; then
-		generate_igmp_proxy_config "$up_itf"
-		generate_mld_proxy_config "$up_itf"
-	else
-		generate_igmp_snooping_config "$up_itf"
-		generate_mld_snooping_config "$up_itf"
-	fi
+	generate_igmp_proxy_config "$up_itf"
+	generate_mld_proxy_config "$up_itf"
 }
 
 interfaces_ok(){

mcastmngr/files/linux/etc/firewall.mcast

@@ -1,140 +1,2 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-ZONE_NAME_FILE="/tmp/mcast_fw_zone"
-
-log() {
-	echo "${@}"|logger -t firewall.mcast -p info
-}
-
-collect_zone_name() {
-	local name network
-
-	config_get name "${1}" name ""
-	if [ -z "${name}" ]; then
-		return
-	fi
-
-	config_get network "${1}" network ""
-	for i in ${network}; do
-		var="${i}_zone"
-		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
-	done
-}
-
-load_zone_names() {
-	rm -f "${ZONE_NAME_FILE}"
-	config_load firewall
-	config_foreach collect_zone_name zone
-}
-
-get_firewall_zone() {
-	if [ ! -f "${ZONE_NAME_FILE}" ]; then
-		echo ""
-		return
-	fi
-
-	var="${1}_zone="
-	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
-
-	echo "${name}"
-}
-
-# Get interface name for a device (e.g., br-lan -> lan)
-find_interface_for_device() {
-	local dev="${1}"
-	local intf=""
-	local intf_dump idx
-
-	if [ -z "${dev}" ]; then
-		echo ""
-		return
-	fi
-
-	intf_dump="$(ubus -t 5 call network.interface dump)"
-	if [ -z "${intf_dump}" ]; then
-		echo ""
-		return
-	fi
-
-	json_load "${intf_dump}"
-	json_select interface
-	if [ "$?" -ne 0 ]; then
-		echo ""
-		return
-	fi
-
-	idx=1
-	while json_is_a ${idx} object; do
-		json_select ${idx}
-		if [ "$?" -ne 0 ]; then
-			break
-		fi
-
-		json_get_var device device
-		if [ "${device}" = "${dev}" ]; then
-			json_get_var intf interface
-			break
-		fi
-
-		idx=$(( idx + 1 ))
-		json_select ..
-	done
-
-	echo "${intf}"
-}
-
-# Setup iptables rule to allow multicast from upstream to downstream
-setup_multicast_rule() {
-	local upstream_dev="$1"
-	local downstream_dev="$2"
-	local upstream_zone downstream_zone
-	local upstream_iface downstream_iface
-
-	upstream_iface=$(find_interface_for_device "$upstream_dev")
-	downstream_iface=$(find_interface_for_device "$downstream_dev")
-
-	[ -z "$upstream_iface" ] || [ -z "$downstream_iface" ] && {
-		log "Failed to map devices to interfaces"
-		return
-	}
-
-	upstream_zone=$(get_firewall_zone "$upstream_iface")
-	downstream_zone=$(get_firewall_zone "$downstream_iface")
-
-	[ -z "$upstream_zone" ] || [ -z "$downstream_zone" ] && {
-		log "Failed to map interfaces to zones"
-		return
-	}
-
-	iptables -w -t filter -A zone_${upstream_zone}_forward -p udp \
-	  -d 224.0.0.0/240.0.0.0 \
-	  -m comment --comment "!fw3: Allow-Multicast-UDP" \
-	  -j zone_${downstream_zone}_dest_ACCEPT
-}
-
-apply_mcast_rule() {
-	local cfg="$1"
-	local up down proto
-
-	config_get proto "$cfg" proto
-	[ "$proto" = "igmp" ] || return
-
-	config_get up "$cfg" upstream_interface
-	config_get down "$cfg" downstream_interface
-
-	[ -n "$up" ] && [ -n "$down" ] && setup_multicast_rule "$up" "$down"
-}
-
-add_multicast_rules() {
-	config_load mcast
-	config_foreach apply_mcast_rule proxy
-}
-
-load_zone_names
-
-add_multicast_rules
-
-rm -f "${ZONE_NAME_FILE}"
+# Forward multicast packets from wan to lan
+iptables -w -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT

mosquitto-auth-plugin/Config.in

@@ -1,7 +0,0 @@
-if PACKAGE_mosquitto-auth-plugin
-
-config MOSQUITTO_AUTH_PAM_SUPPORT
-	bool "Enable support of Linux PAM module for Authentication"
-	default y
-
-endif

mosquitto-auth-plugin/src/mosquitto_auth_plugin.c

@@ -1,670 +0,0 @@
-/*
- * Copyright (c) 2022 Genexis B.V.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- *   Erik Karlsson - initial implementation
- */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <string.h>
-#include <shadow.h>
-#include <crypt.h>
-#include <stdlib.h>
-#include <arpa/inet.h>
-#include <mosquitto.h>
-#include <mosquitto_broker.h>
-#include <mosquitto_plugin.h>
-
-#ifdef ENABLE_PAM_SUPPORT
-#include <security/pam_appl.h>
-#endif
-
-#define MAX_USERS 256
-#define MAX_SUBNETS_PER_USER 32
-
-typedef struct {
-	union {
-		uint32_t ipv4_network;
-		uint8_t ipv6_network[16];
-	};
-	union {
-		uint32_t ipv4_netmask;
-		uint8_t ipv6_netmask[16];
-	};
-	int is_ipv6;
-} subnet_t;
-
-typedef struct {
-	char username[64];
-	subnet_t allow_subnets[MAX_SUBNETS_PER_USER];
-	int allow_count;
-	subnet_t deny_subnets[MAX_SUBNETS_PER_USER];
-	int deny_count;
-} user_acl_t;
-
-typedef struct {
-	user_acl_t users[MAX_USERS];
-	int user_count;
-	mosquitto_plugin_id_t *identifier;
-	char *config_file;
-} plugin_data_t;
-
-/* Parse CIDR notation for IPv4 or IPv6 (e.g., "192.168.1.0/24" or "2001:db8::/32") */
-static int parse_subnet(const char *cidr, subnet_t *subnet)
-{
-	char ip_str[128];
-	char *slash;
-	int prefix_len;
-	struct in_addr addr4;
-	struct in6_addr addr6;
-
-	strncpy(ip_str, cidr, sizeof(ip_str) - 1);
-	ip_str[sizeof(ip_str) - 1] = '\0';
-
-	slash = strchr(ip_str, '/');
-	if (slash != NULL) {
-		*slash = '\0';
-		prefix_len = atoi(slash + 1);
-	}
-
-	/* Try IPv4 first */
-	if (inet_pton(AF_INET, ip_str, &addr4) == 1) {
-		subnet->is_ipv6 = 0;
-		if (slash == NULL)
-			prefix_len = 32;
-		if (prefix_len < 0 || prefix_len > 32)
-			return -1;
-
-		subnet->ipv4_network = ntohl(addr4.s_addr);
-		subnet->ipv4_netmask = prefix_len == 0 ? 0 : (~0U << (32 - prefix_len));
-		subnet->ipv4_network &= subnet->ipv4_netmask;
-		return 0;
-	}
-
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, ip_str, &addr6) == 1) {
-		subnet->is_ipv6 = 1;
-		if (slash == NULL)
-			prefix_len = 128;
-		if (prefix_len < 0 || prefix_len > 128)
-			return -1;
-
-		/* Copy network address */
-		memcpy(subnet->ipv6_network, addr6.s6_addr, 16);
-
-		/* Generate netmask */
-		memset(subnet->ipv6_netmask, 0, 16);
-		for (int i = 0; i < prefix_len / 8; i++)
-			subnet->ipv6_netmask[i] = 0xff;
-		if (prefix_len % 8)
-			subnet->ipv6_netmask[prefix_len / 8] = ~((1 << (8 - (prefix_len % 8))) - 1);
-
-		/* Apply netmask to network address */
-		for (int i = 0; i < 16; i++)
-			subnet->ipv6_network[i] &= subnet->ipv6_netmask[i];
-
-		return 0;
-	}
-
-	return -1;
-}
-
-/* Check if IPv4 address is in subnet */
-static int ipv4_in_subnet(uint32_t ip, const subnet_t *subnet)
-{
-	if (subnet->is_ipv6)
-		return 0;
-	return (ip & subnet->ipv4_netmask) == subnet->ipv4_network;
-}
-
-/* Check if IPv6 address is in subnet */
-static int ipv6_in_subnet(const uint8_t *ip, const subnet_t *subnet)
-{
-	if (!subnet->is_ipv6)
-		return 0;
-	for (int i = 0; i < 16; i++) {
-		if ((ip[i] & subnet->ipv6_netmask[i]) != subnet->ipv6_network[i])
-			return 0;
-	}
-	return 1;
-}
-
-/* Check if IP is in any subnet in the list */
-static int ip_in_subnet_list(const char *client_address, const subnet_t *subnets, int count)
-{
-	struct in_addr addr4;
-	struct in6_addr addr6;
-	uint32_t ipv4;
-
-	/* Try IPv4 */
-	if (inet_pton(AF_INET, client_address, &addr4) == 1) {
-		ipv4 = ntohl(addr4.s_addr);
-		for (int i = 0; i < count; i++) {
-			if (ipv4_in_subnet(ipv4, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, client_address, &addr6) == 1) {
-		for (int i = 0; i < count; i++) {
-			if (ipv6_in_subnet(addr6.s6_addr, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	return 0;
-}
-
-/* Find or create user ACL entry */
-static user_acl_t* find_or_create_user_acl(plugin_data_t *pdata, const char *username)
-{
-	user_acl_t *user;
-
-	/* Find existing user */
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
-
-	/* Create new user if not found */
-	if (pdata->user_count >= MAX_USERS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Max users exceeded");
-		return NULL;
-	}
-
-	user = &pdata->users[pdata->user_count];
-	strncpy(user->username, username, sizeof(user->username) - 1);
-	user->username[sizeof(user->username) - 1] = '\0';
-	user->allow_count = 0;
-	user->deny_count = 0;
-	pdata->user_count++;
-
-	return user;
-}
-
-/* Parse subnet ACL file with simplified format
- * Format:
- * # Comment lines
- * subnet allow <username> <cidr>
- * subnet deny <username> <cidr>
- */
-static int load_subnet_acl_config(plugin_data_t *pdata, const char *config_file)
-{
-	FILE *fp;
-	char line[512];
-	int line_num = 0;
-
-	/* Initialize user count */
-	pdata->user_count = 0;
-
-	/* Config file is optional - if not provided, no subnet filtering */
-	if (config_file == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_INFO,
-			"subnet_acl: No subnet ACL file specified, subnet filtering disabled");
-		return 0;
-	}
-
-	/* If config file is specified but cannot be opened, this is a fatal error */
-	fp = fopen(config_file, "r");
-	if (fp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to open subnet ACL file '%s'", config_file);
-		return -1;
-	}
-
-	while (fgets(line, sizeof(line), fp) != NULL) {
-		char *token, *saveptr;
-		char *action, *username, *cidr;
-		user_acl_t *user;
-		subnet_t subnet;
-
-		line_num++;
-
-		/* Remove newline and comments */
-		line[strcspn(line, "\r\n")] = '\0';
-		char *comment = strchr(line, '#');
-		if (comment)
-			*comment = '\0';
-
-		/* Trim leading whitespace */
-		char *line_start = line;
-		while (*line_start == ' ' || *line_start == '\t')
-			line_start++;
-
-		/* Skip empty lines */
-		if (*line_start == '\0')
-			continue;
-
-		/* Parse: subnet allow|deny <username> <cidr> */
-		token = strtok_r(line_start, " \t", &saveptr);
-		if (token == NULL)
-			continue;
-
-		/* Must start with "subnet" */
-		if (strcmp(token, "subnet") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid directive '%s' at line %d (expected 'subnet')",
-				token, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get allow/deny */
-		action = strtok_r(NULL, " \t", &saveptr);
-		if (action == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing allow/deny at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		if (strcmp(action, "allow") != 0 && strcmp(action, "deny") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid action '%s' at line %d (use 'allow' or 'deny')",
-				action, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get username */
-		username = strtok_r(NULL, " \t", &saveptr);
-		if (username == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing username at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get CIDR */
-		cidr = strtok_r(NULL, " \t", &saveptr);
-		if (cidr == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing CIDR at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Parse subnet */
-		if (parse_subnet(cidr, &subnet) != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid CIDR '%s' at line %d", cidr, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Find or create user */
-		user = find_or_create_user_acl(pdata, username);
-		if (user == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Max users (%d) exceeded at line %d", MAX_USERS, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Add to appropriate list */
-		if (strcmp(action, "allow") == 0) {
-			if (user->allow_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max allow subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->allow_subnets[user->allow_count] = subnet;
-			user->allow_count++;
-
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' allow subnet %s",
-				user->username, cidr);
-
-		} else { /* deny */
-			if (user->deny_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max deny subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->deny_subnets[user->deny_count] = subnet;
-			user->deny_count++;
-
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' deny subnet %s",
-				user->username, cidr);
-		}
-	}
-
-	fclose(fp);
-
-	/* Log summary */
-	for (int i = 0; i < pdata->user_count; i++) {
-		user_acl_t *user = &pdata->users[i];
-		if (user->allow_count > 0 || user->deny_count > 0) {
-			mosquitto_log_printf(MOSQ_LOG_INFO,
-				"subnet_acl: User '%s' has %d allow and %d deny subnet rules",
-				user->username, user->allow_count, user->deny_count);
-		}
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Loaded subnet restrictions for %d user(s)", pdata->user_count);
-
-	return 0;
-}
-
-/* Find user ACL entry */
-static const user_acl_t* find_user_acl(const plugin_data_t *pdata, const char *username)
-{
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
-	return NULL;
-}
-
-/* Check subnet access on authentication (connection time)
- * Returns: MOSQ_ERR_SUCCESS if allowed, MOSQ_ERR_AUTH if denied
- */
-static int check_subnet_on_auth(plugin_data_t *pdata, struct mosquitto_evt_basic_auth *ed)
-{
-	const user_acl_t *user_acl;
-	const char *client_address;
-
-	/* Skip if no subnet config loaded */
-	if (pdata == NULL || pdata->user_count == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	/* Skip anonymous users */
-	if (ed->username == NULL)
-		return MOSQ_ERR_SUCCESS;
-
-	/* Find user's subnet ACL */
-	user_acl = find_user_acl(pdata, ed->username);
-
-	/* If user not in config or has no subnet rules, allow */
-	if (user_acl == NULL || (user_acl->allow_count == 0 && user_acl->deny_count == 0))
-		return MOSQ_ERR_SUCCESS;
-
-	/* Get client IP address */
-	client_address = mosquitto_client_address(ed->client);
-	if (client_address == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_WARNING,
-			"subnet_acl: Could not get client address for user '%s', denying connection",
-			ed->username);
-		return MOSQ_ERR_AUTH;
-	}
-
-	/* Check deny list first - deny takes precedence */
-	if (user_acl->deny_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->deny_subnets, user_acl->deny_count)) {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED by deny rule",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
-
-	/* If there are allow rules, IP must match one of them */
-	if (user_acl->allow_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->allow_subnets, user_acl->allow_count)) {
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' from %s allowed by allow rule",
-				ed->username, client_address);
-			return MOSQ_ERR_SUCCESS;
-		} else {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED (not in allowed subnets)",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
-
-	/* No subnet rules for this user - allow */
-	return MOSQ_ERR_SUCCESS;
-}
-
-#ifdef ENABLE_PAM_SUPPORT
-static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
-{
-	int i;
-	const char *pass = (const char *)appdata_ptr;
-
-	*resp = calloc(num_msg, sizeof(struct pam_response));
-	if (*resp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
-		return PAM_BUF_ERR;
-	}
-
-	if (pass == NULL)
-		return PAM_SUCCESS;
-
-	for (i = 0; i < num_msg; ++i) {
-		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
-			(*resp)[i].resp = strdup(pass);
-			if ((*resp)[i].resp == NULL) {
-				for (int j = 0; j < i ; j++)
-					free((*resp)[j].resp);
-
-				free(*resp);
-				*resp = NULL;
-				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
-				return PAM_BUF_ERR;
-			}
-		}
-	}
-	return PAM_SUCCESS;
-}
-
-static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct pam_conv conv;
-	int retval;
-	pam_handle_t *pamh = NULL;
-
-	conv.conv = pam_conversation;
-	conv.appdata_ptr = (void *)ed->password;
-
-	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
-	if (retval != PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
-		return MOSQ_ERR_AUTH;
-	}
-
-	retval = pam_authenticate(pamh, 0);
-	pam_end(pamh, retval);
-	if (retval == PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
-		return MOSQ_ERR_SUCCESS;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
-	return MOSQ_ERR_AUTH;
-}
-#else
-static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
-}
-#endif
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-	plugin_data_t *pdata = userdata;
-	int auth_result;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-	/* First check username/password authentication */
-#ifdef ENABLE_PAM_SUPPORT
-	auth_result = process_pam_auth_callback(ed);
-#else
-	auth_result = process_shadow_auth_callback(ed);
-#endif
-
-	/* If authentication failed, reject immediately */
-	if (auth_result != MOSQ_ERR_SUCCESS)
-		return auth_result;
-
-	/* Authentication succeeded, now check subnet restrictions */
-	return check_subnet_on_auth(pdata, ed);
-}
-
-static int reload_callback(int event, void *event_data, void *userdata)
-{
-	plugin_data_t *pdata = userdata;
-
-	if (pdata == NULL)
-		return MOSQ_ERR_SUCCESS;
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Reloading subnet ACL configuration from '%s'",
-		pdata->config_file ? pdata->config_file : "(none)");
-
-	/* Reload subnet ACL configuration */
-	if (load_subnet_acl_config(pdata, pdata->config_file) != 0) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to reload subnet ACL configuration, keeping old config");
-		return MOSQ_ERR_UNKNOWN;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Reload complete, now tracking %d user(s)", pdata->user_count);
-
-	return MOSQ_ERR_SUCCESS;
-}
-
-int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
-{
-	return 5;
-}
-
-int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
-{
-	plugin_data_t *pdata;
-	const char *config_file = NULL;
-	int rc;
-
-	/* Find subnet config file option */
-	for (int i = 0; i < opt_count; i++) {
-		if (strcmp(opts[i].key, "subnet_acl_file") == 0) {
-			config_file = opts[i].value;
-			break;
-		}
-	}
-
-	pdata = calloc(1, sizeof(plugin_data_t));
-	if (pdata == NULL)
-		return MOSQ_ERR_NOMEM;
-
-	pdata->identifier = identifier;
-
-	/* Store config file path for reload */
-	if (config_file != NULL) {
-		pdata->config_file = strdup(config_file);
-		if (pdata->config_file == NULL) {
-			free(pdata);
-			return MOSQ_ERR_NOMEM;
-		}
-	} else {
-		pdata->config_file = NULL;
-	}
-
-	/* Load subnet ACL configuration */
-	if (load_subnet_acl_config(pdata, config_file) != 0) {
-		free(pdata->config_file);
-		free(pdata);
-		return MOSQ_ERR_UNKNOWN;
-	}
-
-	/* Register authentication callback only - subnet check is done during auth */
-	rc = mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-	                                 basic_auth_callback, NULL, pdata);
-	if (rc != MOSQ_ERR_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to register authentication callback");
-		free(pdata->config_file);
-		free(pdata);
-		return rc;
-	}
-
-	/* Register reload callback to handle SIGHUP */
-	rc = mosquitto_callback_register(identifier, MOSQ_EVT_RELOAD,
-	                                 reload_callback, NULL, pdata);
-	if (rc != MOSQ_ERR_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to register reload callback");
-		mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
-		                              basic_auth_callback, NULL);
-		free(pdata->config_file);
-		free(pdata);
-		return rc;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_INFO,
-		"subnet_acl: Plugin initialized with %d user(s)", pdata->user_count);
-
-	/* Only assign user_data after all possible error paths */
-	*user_data = pdata;
-
-	return MOSQ_ERR_SUCCESS;
-}
-
-int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
-{
-	plugin_data_t *pdata = user_data;
-
-	if (pdata) {
-		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
-		                              basic_auth_callback, NULL);
-		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_RELOAD,
-		                              reload_callback, NULL);
-		free(pdata->config_file);
-		free(pdata);
-	}
-
-	return MOSQ_ERR_SUCCESS;
-}

mosquitto-auth-shadow/Makefile

@@ -13,42 +13,33 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=mosquitto-auth-plugin
-PKG_VERSION:=1.2.1
+PKG_NAME:=mosquitto-auth-shadow
+PKG_VERSION:=1.0.1
 
 PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
 PKG_LICENSE:=EPL-2.0
 
 PKG_BUILD_PARALLEL:=1
-PKG_CONFIG_DEPENDS:=CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/mosquitto-auth-plugin
+define Package/mosquitto-auth-shadow
   SECTION:=net
   CATEGORY:=Network
   TITLE:=mosquitto - /etc/shadow authentication plugin
-  DEPENDS:=+mosquitto-ssl +MOSQUITTO_AUTH_PAM_SUPPORT:libpam
+  DEPENDS:=+mosquitto-ssl
   USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
 endef
 
-define Package/mosquitto-auth-plugin/description
+define Package/mosquitto-auth-shadow/description
   Plugin for the mosquitto MQTT message broker that authenticates
   users using /etc/shadow
 endef
 
-define Package/mosquitto-auth-plugin/config
-	source "$(SOURCE)/Config.in"
-endef
-
-ifeq ($(CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT),y)
-TARGET_CFLAGS+=-DENABLE_PAM_SUPPORT
-endif
-
-define Package/mosquitto-auth-plugin/install
+define Package/mosquitto-auth-shadow/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_plugin.so $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
 	$(CP) ./files/* $(1)/
 endef
 
-$(eval $(call BuildPackage,mosquitto-auth-plugin))
+$(eval $(call BuildPackage,mosquitto-auth-shadow))

mosquitto-auth-shadow/src/Makefile

@@ -11,15 +11,15 @@
 #   Erik Karlsson - initial implementation
 #
 
-TARGETS = mosquitto_auth_plugin.so
+TARGETS = mosquitto_auth_shadow.so
 
 all: $(TARGETS)
 
 %.pic.o: %.c
 	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
 
-mosquitto_auth_plugin.so: mosquitto_auth_plugin.pic.o
-	$(CC) $(LDFLAGS) -shared -o $@ $^ $(if $(filter -DENABLE_PAM_SUPPORT,$(CFLAGS)),-lpam)
+mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
+	$(CC) $(LDFLAGS) -shared -o $@ $^
 
 clean:
 	rm -f *.o $(TARGETS)

mosquitto-auth-shadow/src/mosquitto_auth_shadow.c

@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2022 Genexis B.V.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *   Erik Karlsson - initial implementation
+ */
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <shadow.h>
+#include <crypt.h>
+#include <mosquitto.h>
+#include <mosquitto_broker.h>
+#include <mosquitto_plugin.h>
+
+static int basic_auth_callback(int event, void *event_data, void *userdata)
+{
+	struct mosquitto_evt_basic_auth *ed = event_data;
+	struct spwd spbuf, *sp = NULL;
+	char buf[256];
+	struct crypt_data data;
+	char *hash;
+
+	/* Let other plugins or broker decide about anonymous login */
+	if (ed->username == NULL)
+		return MOSQ_ERR_PLUGIN_DEFER;
+
+	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
+
+	if (sp == NULL || sp->sp_pwdp == NULL)
+		return MOSQ_ERR_AUTH;
+
+	/* Empty string as hash means password is not required */
+	if (sp->sp_pwdp[0] == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	if (ed->password == NULL)
+		return MOSQ_ERR_AUTH;
+
+	memset(&data, 0, sizeof(data));
+	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
+
+	if (hash == NULL)
+		return MOSQ_ERR_AUTH;
+
+	if (strcmp(hash, sp->sp_pwdp) == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	return MOSQ_ERR_AUTH;
+}
+
+int mosquitto_plugin_version(int supported_version_count,
+			     const int *supported_versions)
+{
+	return 5;
+}
+
+int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
+			  void **user_data,
+			  struct mosquitto_opt *opts, int opt_count)
+{
+	*user_data = identifier;
+
+	return mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
+					   basic_auth_callback, NULL, NULL);
+}
+
+int mosquitto_plugin_cleanup(void *user_data,
+			     struct mosquitto_opt *opts, int opt_count)
+{
+	mosquitto_plugin_id_t *identifier = user_data;
+
+	return mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
+					     basic_auth_callback, NULL);
+}