Dectmngr: add a uci option dect.global.log_level for log level configuration

Change the way to configure tx/rx gain

bbf/Config_bbfdm.in

@@ -1,3 +1,7 @@
+if PACKAGE_libbbfdm
+
+menu "Configuration"
+
 config BBF_VENDOR_EXTENSION
 	bool "Enable Vendor Extension"
 	default y
@@ -10,6 +14,10 @@ config BBF_VENDOR_PREFIX
 	string "Vendor Prefix"
 	default "X_IOPSYS_EU_"
 
+config BBF_TR181
+	bool "Enable TR-181 Data Model Support"
+	default y
+
 config BBF_TR104
 	bool "Enable TR-104 Data Model Support"
 	default y
@@ -20,12 +28,10 @@ config BBF_TR143
 
 config BBFDM_ENABLE_JSON_PLUGIN
 	bool "Enable json plugin to extend datamodel"
-	default y
+	default n
 
 config BBFDM_ENABLE_DOTSO_PLUGIN
 	bool "Enable shared library plugin to extend datamodel"
-	default y
-
-config BBF_MAX_OBJECT_INSTANCES
-	int "Maximum number of instances per object"
-	default 255
+	default n
+endmenu
+endif

bbf/Makefile

@@ -1,69 +1,41 @@
 #
-# Copyright (C) 2022 IOPSYS
+# Copyright (C) 2021 IOPSYS
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libbbfdm
-PKG_VERSION:=6.8.9.37
-
+PKG_VERSION:=6.4.27
+PKG_FIXUP:=autoreconf
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bbf.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=925a6ee278d827edf6a57715463263394eddac21
+PKG_SOURCE_VERSION:=710485a57e311a5b4c5434efe3e79fc58cb6c429
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 
-PKG_RELEASE=$(PKG_SOURCE_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_LICENSE:=LGPL-2.1
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
 
 define Package/libbbf_api
   SECTION:=utils
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=Library for libbbfdm API
-endef
-
-define Package/libbbfdm/default
-  SECTION:=utils
-  CATEGORY:=Utilities
-  SUBMENU:=TRx69
-  TITLE:=Library for broadband forum data model support
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libtrace +libcurl
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c
 endef
 
 define Package/libbbfdm
-  $(Package/libbbfdm/default)
-  TITLE += (internal)
-  VARIANT:=internal
-endef
-
-define Package/libbbfdm-mbedtls
-  $(Package/libbbfdm/default)
-  TITLE += (mbedtls)
-  DEPENDS += +PACKAGE_libbbfdm-mbedtls:libmbedtls
-  VARIANT:=mbedtls
-  DEFAULT_VARIANT:=1
-endef
-
-define Package/libbbfdm-openssl
-  $(Package/libbbfdm/default)
-  TITLE += (openssl)
-  DEPENDS += +PACKAGE_libbbfdm-openssl:libopenssl
-  CONFLICTS := libbbfdm-mbedtls
-  VARIANT:=openssl
-endef
-
-define Package/libbbfdm-wolfssl
-  $(Package/libbbfdm/default)
-  TITLE += (wolfssl)
-  DEPENDS += +PACKAGE_libbbfdm-wolfssl:libwolfssl
-  CONFLICTS := libbbfdm-mbedtls libbbfdm-openssl
-  VARIANT:=wolfssl
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=TRx69
+  TITLE:=Library for broadband-forum data model
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libtrace +libbbf_api +libopenssl +libcurl
 endef
 
 define Package/libbbfdm/config
@@ -85,83 +57,72 @@ define Build/Prepare
 endef
 endif
 
-CMAKE_OPTIONS += \
-	-DBBF_TR181=ON
+TARGET_CFLAGS += \
+	-D_GNU_SOURCE \
+	-Wall -Werror \
+
+ifeq ($(CONFIG_BBF_TR181),y)
+CONFIGURE_ARGS += \
+	--enable-tr181
+endif
 
 ifeq ($(CONFIG_BBF_TR104),y)
-CMAKE_OPTIONS += \
-	-DBBF_TR104=ON
+CONFIGURE_ARGS += \
+	--enable-tr104
 endif
 
 ifeq ($(CONFIG_BBF_TR143),y)
-CMAKE_OPTIONS += \
-	-DBBF_TR143=ON
+CONFIGURE_ARGS += \
+	--enable-tr143
+endif
+
+ifeq ($(CONFIG_PACKAGE_libopenssl),y)
+CONFIGURE_ARGS += \
+	--enable-libopenssl
 endif
 
 ifeq ($(CONFIG_BBF_VENDOR_EXTENSION),y)
-CMAKE_OPTIONS += \
-	-DBBF_VENDOR_EXTENSION=ON
+CONFIGURE_ARGS += \
+	--enable-vendor-extension
 
-CMAKE_OPTIONS += \
-	-DBBF_VENDOR_LIST:String="$(CONFIG_BBF_VENDOR_LIST)" \
-	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
-	-DBBF_MAX_OBJECT_INSTANCES:Integer=$(CONFIG_BBF_MAX_OBJECT_INSTANCES)
+CONFIGURE_ARGS += \
+	BBF_VENDOR_LIST="$(CONFIG_BBF_VENDOR_LIST)" \
+	BBF_VENDOR_PREFIX="$(CONFIG_BBF_VENDOR_PREFIX)"
 
 endif ##CONFIG_BBF_VENDOR_EXTENSION
 
 ifeq ($(CONFIG_BBFDM_ENABLE_JSON_PLUGIN),y)
-CMAKE_OPTIONS += \
-	-DBBF_JSON_PLUGIN=ON
+CONFIGURE_ARGS += \
+	--enable-json-plugin
 endif
 
 ifeq ($(CONFIG_BBFDM_ENABLE_DOTSO_PLUGIN),y)
-CMAKE_OPTIONS += \
-	-DBBF_DOTSO_PLUGIN=ON
-endif
-
-ifeq ($(BUILD_VARIANT),openssl)
-CMAKE_OPTIONS += -DWITH_OPENSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),wolfssl)
-CMAKE_OPTIONS += -DWITH_WOLFSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),mbedtls)
-CMAKE_OPTIONS += -DWITH_MBEDTLS=ON
+CONFIGURE_ARGS += \
+	--enable-shared-library
 endif
 
 define Package/libbbf_api/install
 	$(INSTALL_DIR) $(1)/lib
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/.libs/libbbf_api.so* $(1)/lib/
 endef
 
-define Package/libbbfdm/default/install
+define Package/libbbfdm/install
 	$(INSTALL_DIR) $(1)/lib
 	$(INSTALL_DIR) $(1)/usr/share/bbfdm
 	$(INSTALL_DIR) $(1)/etc/bbfdm
 	$(INSTALL_DIR) $(1)/etc/bbfdm/dmmap
 	$(INSTALL_DIR) $(1)/etc/bbfdm/json
 	$(INSTALL_DIR) $(1)/usr/lib/bbfdm
-	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm.so $(1)/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/.libs/libbbfdm.so* $(1)/lib/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/* $(1)/usr/share/bbfdm
-	$(LN) /usr/share/bbfdm/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
 endef
 
-define Package/libbbfdm/default/prerm
+define Package/libbbfdm/prerm
 	#!/bin/sh
 	rm -rf /etc/bbfdm/dmmap/*
 	exit 0
 endef
 
-Package/libbbfdm-openssl/prerm = $(Package/libbbfdm/default/prerm)
-Package/libbbfdm-wolfssl/prerm = $(Package/libbbfdm/default/prerm)
-Package/libbbfdm-mbedtls/prerm = $(Package/libbbfdm/default/prerm)
-
-Package/libbbfdm-openssl/install = $(Package/libbbfdm/default/install)
-Package/libbbfdm-wolfssl/install = $(Package/libbbfdm/default/install)
-Package/libbbfdm-mbedtls/install = $(Package/libbbfdm/default/install)
-
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/include
@@ -170,12 +131,9 @@ define Build/InstallDev
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/include/*.h $(1)/usr/include/
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/*.h $(1)/usr/include/libbbfdm/
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbf_api/*.h $(1)/usr/include/libbbf_api/
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm.so $(1)/usr/lib/
-	touch $(1)/usr/lib/libbbf_api.so
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/.libs/libbbfdm.{a,so*} $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/.libs/libbbf_api.{a,so*} $(1)/usr/lib/
 endef
 
 $(eval $(call BuildPackage,libbbf_api))
 $(eval $(call BuildPackage,libbbfdm))
-$(eval $(call BuildPackage,libbbfdm-openssl))
-$(eval $(call BuildPackage,libbbfdm-wolfssl))
-$(eval $(call BuildPackage,libbbfdm-mbedtls))

bulkdata/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2022 iopsys Software Solutions AB
+# Copyright (C) 2020 iopsys Software Solutions AB
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,25 +8,20 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.0.3.1
+PKG_VERSION:=1.0.3
 
-LOCAL_DEV:=0
-ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_VERSION:=b35e7862bc17fc11dc1f757c7b93900995a28633
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bulkdata.git
-PKG_SOURCE_VERSION:=33a6648de9ee0af33c44518656b56b0a30b6c1ab
+
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
-endif
-
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=LICENSE
 
-PKG_BUILD_DEPENDS:=bbf
-
 include $(INCLUDE_DIR)/package.mk
 
 define Package/$(PKG_NAME)
@@ -34,24 +29,21 @@ define Package/$(PKG_NAME)
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=BBF BulkData Collection
-  DEPENDS:=+libubus +libuci +libubox +libjson-c +libcurl +libblobmsg-json
+  DEPENDS:=+libubus +libuci +libubox +libjson-c +libcurl +curl +libblobmsg-json +libbbfdm +libbbf_api
+endef
+
+define Package/$(PKG_NAME)/description
+	BBF BulkData Collection
 endef
 
 TARGET_CFLAGS += \
-	-D_GNU_SOURCE \
-	-Wall -Werror
-
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-	$(CP) -rf ~/git/bulkdata/* $(PKG_BUILD_DIR)/
-endef
-endif
+	-D_GNU_SOURCE
 
 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bulkdatad $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/usr/lib/bbfdm
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bbf_plugin/*.so $(1)/usr/lib/bbfdm
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/*.so $(1)/usr/lib/bbfdm
 	$(CP) ./files/* $(1)/
 endef
 

bulkdata/files/etc/config/bulkdata

@@ -1,6 +1,43 @@
 
 config bulkdata 'bulkdata'
 	option enable '0'
-	#Log levels: Error=1, Warning=2, Info=3, Debug=4
+	#Log levels: Critical=0, Warning=1, Notice=2, Info=3, Debug=4
 	option log_level '3'
 
+config profile
+	option profile_id '1'
+	option enable '0'
+	option name ''
+	option nbre_of_retained_failed_reports '0'
+	option protocol 'http'
+	option encoding_type ''
+	option reporting_interval '86400'
+	option time_reference '0'
+	option csv_encoding_field_separator ','
+	option csv_encoding_row_separator '
'
+	option csv_encoding_escape_character '"'
+	option csv_encoding_report_format 'column'
+	option csv_encoding_row_time_stamp 'unix'
+	option json_encoding_report_format 'objecthierarchy'
+	option json_encoding_report_time_stamp 'unix'
+	option http_url ''
+	option http_username ''
+	option http_password ''
+	option http_compression 'none'
+	option http_method 'post'
+	option http_use_date_header '1'
+	option http_retry_enable '0'
+	option http_retry_minimum_wait_interval '5'
+	option http_retry_interval_multiplier '2000'
+	option http_persist_across_reboot '0'
+
+config profile_parameter
+	option profile_id '1'
+	option name ''
+	option reference ''
+
+config profile_http_request_uri_parameter
+	option profile_id '1'
+	option name ''
+	option reference ''
+

bulkdata/files/etc/init.d/bulkdatad

@@ -1,4 +1,7 @@
 #!/bin/sh /etc/rc.common
+# Bulkdata Software
+# Copyright (C) 2020 iopsys Software Solutions AB
+# Author: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
 
 START=99
 STOP=10
@@ -7,16 +10,13 @@ USE_PROCD=1
 PROG="/usr/sbin/bulkdatad"
 
 start_service() {
-	local enable=$(uci -q get bulkdata.bulkdata.enable)
-
-	[ "$enable" != "1" ] && {
-		return 0
-	}
-
-	procd_open_instance
-	procd_set_param command "$PROG"
-	procd_set_param respawn "3" "7" "0"
-	procd_close_instance
+	local bulkdata_enable=`uci -q get bulkdata.bulkdata.enable`
+	if [ "$bulkdata_enable" = "1" ]; then
+		procd_open_instance
+		procd_set_param command "$PROG"
+		procd_set_param respawn "3" "7" "0"
+		procd_close_instance
+	fi
 }
 
 boot() {

bulkdata/files/etc/uci-defaults/95-bulkdata-translation-options

@@ -1,75 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-PROFILE_COUNT=1
-
-get_next_count()
-{
-	local config="$1"
-	local default_name="${2}"
-	local count=${3}
-	local found=0
-
-	if [ -z "$count" ]; then
-		count=1
-	fi
-
-	while [ "${found}" -ne 1 ]; do
-		uci -q get ${config}.${default_name}_${count} >/dev/null
-		if [ $? -eq 0 ]; then
-			count=$((count + 1))
-		else
-			found=1;
-		fi
-	done
-
-	echo "${default_name}_${count}"
-}
-
-translate_profile_id_to_profile_name() {
-	local section="${1}"
-	local profile_id="${2}"
-	local profile_name="${3}"
-	local curr_profile_id
-
-	config_get curr_profile_id "${section}" profile_id
-
-	[ -n "${curr_profile_id}" ] || return
-	
-	[ "${curr_profile_id}" != "${profile_id}" ] && return
-
-	uci -q set bulkdata.${section}.profile_name="${profile_name}"
-	uci -q set bulkdata.${section}.profile_id=""	
-}
-
-update_profile_sections() {
-	local section="${1}"
-	local default="${2}"
-	local profile_name
-
-	config_get profile_id "${section}" profile_id
-
-	[ -n "${profile_id}" ] || return
-
-	case "${section}" in
-		"cfg"*)
-			profile_name="$(get_next_count bulkdata ${default} ${PROFILE_COUNT})"
-			uci_rename bulkdata "${section}" "${profile_name}"
-		;;
-	esac
-	PROFILE_COUNT=$((PROFILE_COUNT + 1))
-
-	[ -n "$profile_name" ] && section="${profile_name}"
-
-	uci -q set bulkdata.${section}.profile_id=""
-
-	config_foreach translate_profile_id_to_profile_name profile_parameter "${profile_id}" "${profile_name}"
-	config_foreach translate_profile_id_to_profile_name profile_http_request_uri_parameter "${profile_id}" "${profile_name}"
-}
-
-config_load bulkdata
-config_foreach update_profile_sections profile profile
-uci commit bulkdata
-
-exit 0

crashlog/Makefile

@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2019 iopsys Software Solutions AB
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=crashlog
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=1
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+PKG_LICENSE:=GPLv2
+PKG_LICENSE_FILES:=none
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/crashlog
+  CATEGORY:=Utilities
+  TITLE:=Handling kernel crash logs
+endef
+
+define Package/crashlog/description
+	Handling kernel crash logs.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./files/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+endef
+
+define Package/crashlog/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,crashlog))

crashlog/files/etc/init.d/corelog

@@ -0,0 +1,11 @@
+#!/bin/sh /etc/rc.common
+
+START=01
+
+start()
+{
+    if [ -e /proc/sys/kernel/core_pattern ]
+    then
+	echo "|/sbin/logcore %e %s" > /proc/sys/kernel/core_pattern
+    fi
+}

crashlog/files/etc/init.d/crashlog

@@ -0,0 +1,55 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+send_log()
+{
+	nr=$(db get hw.board.serial_number)
+	hw=$(db get hw.board.model_name)
+	fam=$(db get hw.board.iopVerFam)
+	sw=$(db get hw.board.iopVersion)
+	server=$(/sbin/uci get system.crashlog.server)
+
+	while true
+	do
+	    scp  -S /usr/sbin/logssh /proc/last_kmsg log@${server}:log/${fam}_${hw}_${sw}_${nr}
+	    if [ $? == 0 ]
+	    then
+	       break;
+	    fi
+	    # wait for another minute then try again
+	    sleep 60
+	done
+}
+
+fill_in_default()
+{
+    /sbin/uci add system log
+    /sbin/uci rename system.@log[-1]=crashlog
+    /sbin/uci set system.crashlog.enable=no
+    /sbin/uci set system.crashlog.server="crashlog.iopsys.eu"
+    /sbin/uci commit
+}
+
+boot()
+{
+    # is crashlog enabled ?
+    enable=$(/sbin/uci get system.crashlog.enable)
+    case $enable in
+	0|no|NO|false|FALSE)
+	    exit 0
+	    ;;
+	"")
+	    fill_in_default
+	    exit 0
+	    ;;
+    esac
+
+    # is this boot a result from a crash ?
+    reason=$(cat /etc/boot_reason)
+    case $reason in
+	HW|WD)
+	    send_log&
+	    ;;
+    esac
+}

crashlog/files/sbin/logcore

@@ -0,0 +1,60 @@
+#! /bin/sh
+
+TMP_CORE=/tmp/new_core
+# first test if we can contact the log server.
+# if not abort directly the core file takes up memory
+alive()
+{
+	ping -c1 $server
+
+	if [ $? != 0 ]
+	then
+		# drain core file from kernel
+		cat >/dev/null
+		exit 0
+	fi
+}
+
+fill_in_default()
+{
+    /sbin/uci add system log
+    /sbin/uci rename system.@log[-1]=corelog
+    /sbin/uci set system.corelog.enable=no
+    /sbin/uci set system.corelog.server="corelog.iopsys.eu"
+    /sbin/uci commit
+}
+
+# is corelog enabled ?
+enable=$(/sbin/uci get system.corelog.enable)
+case $enable in
+    0|no|NO|false|FALSE)
+	# drain core file from kernel
+	cat >/dev/null
+	exit 0
+	;;
+    "")
+	fill_in_default
+	exit 0
+	;;
+esac
+
+server=$(/sbin/uci get system.corelog.server)
+
+alive
+
+# dump out the core to disk we need this as scp needs a size before we send data
+# and this is the only way to know how much data there is
+cat >$TMP_CORE
+
+# in case filesystem/memory is full at least kill the core in the kernel memory should give us some
+# more memory to work with. normally this would do nothing.
+cat >/dev/null
+
+nr=$(db get hw.board.serial_number)
+hw=$(db get hw.board.model_name)
+fam=$(hw.board.iopVerFam)
+sw=$(db get hw.board.iopVersion)
+
+scp -S /usr/sbin/logssh $TMP_CORE log@${server}:log/core_${1}_${2}_${fam}_${hw}_${sw}_${nr}
+rm $TMP_CORE
+

crashlog/files/usr/sbin/logssh

@@ -0,0 +1,6 @@
+#!/bin/sh
+# we need to have the -y option to dropbear to not halt the scp when
+# transfering the log file to a new server for the first time.
+# since we already need this also put in the keyfile
+
+ssh -y -i /etc/dropbear/logid $@

crashlog/readme

@@ -0,0 +1,42 @@
+Install scp server.
+
+Create a user account on a server and make sure it's possible to login to it
+using ssh.
+
+For now the user has to be called "log"
+
+USER is the user name of the account
+HOME is the user home directory.
+Both should be changed to the correct value in all following example commands.
+
+create HOME/bin
+Put scp_upload in HOME/bin
+make it executable "chmod a+x HOME/bin/scp_upload" 
+
+create home/.ssh   (observer the dot .shh)
+
+create an empty file HOME/.ssh/authorized_keys
+
+-------------------------------
+Now everyhting is setup for use but we have not added any clients.
+What we need is the public key for the clients.
+
+For dropbear "dropbearkey -y -f files/etc/dropbear/logid" will generate the public key.
+
+----------
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwn9RaDAzxW1dTmIhXgFBnpi1lhj8xhYpCVQiPxxdk9IEmH8zjo4y9j3sPkqKOlRnkwjpZIpLEKBnpQTwVIMCU/AG7nDJX3OH9RfS9mLJQLfFL8HyGCyqDezFWldbyovhJZvdUeK4tAXJWv2W3OVHiz2L8IlncBgP/E9DJElsyhhQHsM96UE6tBkXsvXkoDbMSYXFcLbgiUwBKfmM2BF/aPDL45iznGur7/2j9v95PwJ0gtMu9jjNRq+pXCXhTh3bsnczm0MpZC1aiRc9nJAeGIMmhrf15E4jBKgTnrstzJxGVAdajKeR954KcNsS33cS2Wmui2YjmPbBXjqf1frzJ log@iopsys
+----------
+
+The public key should be just one line. Add that line to the 
+HOME/.ssh/authorized_keys file on the scp server. Then add the follwoing as
+the first text on the same line. that is insert before the key data.
+
+command="HOME/bin/scp_upload",no-port-forwarding,no-agent-forwarding,no-X11-forwarding 
+
+Do not forget to change HOME to the correct value for the server and there 
+should be one space separating the key data and the above text.
+---------------------------------
+Now test to make sure that you can upload new files, not download files
+and not overwrite files from the client.
+
+

crashlog/scp_upload

@@ -0,0 +1,53 @@
+#! /bin/bash
+# authorized_keys command="/home/boxi/my_scp",no-port-forwarding,no-agent-forwarding,no-X11-forwarding
+
+val=`expr match "$SSH_ORIGINAL_COMMAND" "scp"`
+if [ $val != 3 ]
+then
+    echo "only scp is allowed for this rsa key"
+    exit 1
+fi
+
+#strip out "scp" as getopts barf on anything not an option
+
+args=${SSH_ORIGINAL_COMMAND:3}
+
+# we must set args to positional paramters otherwise it's next to impossible
+# to get to the rest of the line that is not arguments.
+
+set -- $args
+while getopts "rftdvpq" Option
+do
+  case $Option in
+    r ) echo "recursive not allowed";exit 1;;
+    f ) echo "reading files not allowed";exit 1;;
+    t ) ;;
+    d ) ;;
+    v ) ;;
+    p ) ;;
+    q ) ;;
+    * ) ;;   # Default.
+  esac
+done
+
+shift $(($OPTIND - 1))
+
+file="$*"
+dir=$(dirname "$file")
+
+if [ "$dir" != "log" ]
+then
+    echo "only allowed to write to log/"
+    exit 1
+fi
+
+# try to create uniq files
+EXTRA=$((0))
+while [ -e "${file}_${EXTRA}" ]
+do
+    EXTRA=$((EXTRA +1))
+done
+
+logger -t scp_upload "${SSH_ORIGINAL_COMMAND}_${EXTRA}"
+
+exec ${SSH_ORIGINAL_COMMAND}_${EXTRA}

dectmngr/Makefile

@@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.5.9
+PKG_VERSION:=3.5.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=eecab9a6d52bba25dd9dfab8616b6d30e0346e18
+PKG_SOURCE_VERSION:=ef9d4c6124d0ca66f048f3d678d9a25f13aa4207
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -34,7 +34,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/$(PKG_NAME)
 	CATEGORY:=Utilities
  	TITLE:=DECT Manager
-	DEPENDS:= +libubox +ubus +uci +libxml2 +libjson-c
+	DEPENDS:= +libubox +ubus +uci +libxml2
 endef
 
 define Package/$(PKG_NAME)/description
@@ -53,7 +53,6 @@ endif
 
 TARGET_CFLAGS += \
 	-Wall \
-        -Werror \
 	-I$(STAGING_DIR)/usr/include/libxml2
 
 ifeq ($(CONFIG_ENABLE_LINE_SETTINGS_EXTENSION),y)

dectmngr/files/etc/init.d/dectmngr

@@ -11,8 +11,6 @@ PROG=/usr/sbin/dectmngr
 LOG_PATH=/var/log/dectmngr
 DB_PATH=/etc/dect
 
-DECT_GPIO=$(db -q get hw.board.dect_gpio)
-
 # Ask dectmngr to exit nicely and wait for it to clean up, which is a slow process.
 stop_and_wait_dectmngr() {
 	pidof $NAME && killall -q $NAME
@@ -32,7 +30,7 @@ start_service() {
 
 	test $(db get hw.board.hasDect) = "0" && return
 
-	[ -n "$DECT_GPIO" ] && echo 1 > /sys/class/gpio/gpio${DECT_GPIO}/value
+	echo 1 > /sys/class/gpio/gpio14/value
 
 	rfpi=$(db -q get hw.board.dect_rfpi)
 	[ -n "$rfpi" -a ${#rfpi} -eq 14 ] && opt_ext="$opt_ext -rfpi $rfpi"
@@ -73,7 +71,7 @@ start_service() {
 stop_service() {
 	test $(db get hw.board.hasDect) = "0" && return
 
-	[ -n "$DECT_GPIO" ] && echo 0 > /sys/class/gpio/gpio${DECT_GPIO}/value
+	echo 0 > /sys/class/gpio/gpio14/value
 	stop_and_wait_dectmngr
 }
 
@@ -88,10 +86,8 @@ service_triggers()
 }
 
 boot() {
-	[ -n "$DECT_GPIO" ] && {
-		echo ${DECT_GPIO} > /sys/class/gpio/export
-		echo out > /sys/class/gpio/gpio${DECT_GPIO}/direction
-	}
+	echo 14 > /sys/class/gpio/export
+	echo out > /sys/class/gpio/gpio14/direction
 
 	[ ! -d $LOG_PATH ] && mkdir -p $LOG_PATH
 	[ ! -d $DB_PATH ] && mkdir -p $DB_PATH

dslmngr/Makefile

@@ -28,6 +28,12 @@ include $(INCLUDE_DIR)/package.mk
 
 ifeq ($(CONFIG_TARGET_iopsys_brcm63xx_arm),y)
   TARGET_PLATFORM=BROADCOM
+else ifeq ($(CONFIG_TARGET_iopsys_ramips),y)
+  TARGET_PLATFORM=MEDIATEK
+else ifeq ($(CONFIG_TARGET_iopsys_linksys),y)
+  TARGET_PLATFORM=MARVELL
+else ifeq ($(CONFIG_TARGET_intel_mips),y)
+  TARGET_PLATFORM=INTEL
 else
   $(info Unexpected CONFIG_TARGET)
 endif

easy-qos/Makefile

@@ -19,7 +19,7 @@ define Package/easy-qos
   SECTION:=net
   CATEGORY:=Network
   TITLE:=Easy QoS
-  DEPENDS:=@TARGET_iopsys_brcm63xx_arm
+  DEPENDS:=@(TARGET_intel_mips||TARGET_iopsys_brcm63xx_arm)
 endef
 
 define Package/easy-qos/description
@@ -39,7 +39,11 @@ define Package/easy-qos/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(CP) ./files/etc/config/easy_qos $(1)/etc/config/
+ifeq ($(CONFIG_TARGET_intel_mips),y)
+	$(CP) ./files/etc/init.d/easy_qos.classcfg $(1)/etc/init.d/easy_qos
+else
 	$(CP) ./files/etc/init.d/easy_qos.iptables $(1)/etc/init.d/easy_qos
+endif
 	$(CP) ./files/etc/uci-defaults/* $(1)/etc/uci-defaults/
 	$(CP) ./files/etc/firewall.easyqos $(1)/etc/firewall.easyqos
 endef

easy-qos/files/etc/init.d/easy_qos.classcfg

@@ -0,0 +1,301 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+
+RULE_LIST="/tmp/easy_qos_rule.list"
+CLIENT_LIST="/tmp/easy_qos_class_client.list"
+BRIDGE_INTF=""
+
+[ -f /etc/profile.d/intel.sh ] && {
+	. /etc/profile.d/intel.sh
+	sh /etc/profile.d/intel.sh
+}
+
+log() {
+	echo "${@}"|logger -t easy_qos_class -p debug
+}
+
+exec_log() {
+	${@}
+	if [ "${?}" -ne 0 ]; then
+		log "Failed to create ${@}";
+	fi
+}
+
+exec_class_log() {
+	${@} |grep -i successful
+	if [ "${?}" -ne 0 ]; then
+		log "Failed to create ${@}";
+		return 1
+	fi
+	return 0
+}
+
+get_priority() {
+	local prio=$(echo $1|tr 'A-Z' 'a-z');
+	case "${prio}" in
+		"lowest")
+			echo 8;;
+		"low")
+			echo 7;;
+		"besteffort")
+			echo 6;;
+		"normal")
+			echo 5;;
+		"video")
+			echo 4;;
+		"medium")
+			echo 3;;
+		"high")
+			echo 2;;
+		"highest")
+			echo 1;;
+	esac
+}
+
+get_mark() {
+	local prio=$(echo $1|tr 'A-Z' 'a-z');
+	case "${prio}" in
+		"lowest")
+			echo "0x41/0x3df";;
+		"low")
+			echo "0x82/0x3df";;
+		"besteffort")
+			echo "0xc3/0x3df";;
+		"normal")
+			echo "0x104/0x3df";;
+		"video")
+			echo "0x145/0x3df";;
+		"medium")
+			echo "0x186/0x3df";;
+		"high")
+			echo "0x1c7/0x3df";;
+		"highest")
+			echo "0x208/0x3df";;
+	esac
+}
+
+clean_client_entries() {
+	[ -f ${CLIENT_LIST} ] && rm ${CLIENT_LIST}
+}
+
+map_client_entries() {
+	local clients ip mac host
+
+	json_load "$(ubus call router.network 'clients')"
+	json_get_keys keys
+
+	for key in ${keys};
+	do
+		json_select ${key}
+		json_get_vars ipaddr macaddr hostname
+		clients="${macaddr} ${ipaddr} ${hostname};${clients}"
+		json_select ..
+	done
+
+	json_init
+
+	IFS=";"
+	for client in ${clients};
+	do
+		macaddr=$(echo ${client} | cut -d" " -f1)
+		json_add_object "${macaddr//:/_}"
+		json_add_string "ip" "$(echo ${client} | cut -d" " -f2)"
+		json_add_string "macaddr" "$(echo ${client} | cut -d" " -f1)"
+		json_add_string "host" "$(echo ${client} | cut -d" " -f3)"
+		json_close_object
+	done
+
+	IFS=' '
+	echo `json_dump` > ${CLIENT_LIST}
+	json_cleanup
+}
+
+# Find the IP of a corresponding mac from arp table
+get_ipaddress() {
+	local clients ip mac host
+
+	json_load "$(cat ${CLIENT_LIST})"
+	json_get_keys keys
+
+	# jshn seems a bit iffy on having : in key, replace by _
+	json_select "${1//:/_}" 2 > /dev/null
+	json_get_var ip ip
+
+	echo "$ip"
+}
+
+check_and_create() {
+	iptables -t mangle -C PREROUTING ${@} 2>/dev/null
+	# Create rule if not exists
+	if [ ${?} -ne 0 ]; then
+		exec_log iptables -t mangle -A PREROUTING ${@}
+	else
+		log "Rule exists for ${@}"
+	fi
+}
+
+create_ip_rule() {
+	local proto=$1; shift
+	local src_ip=$1; shift
+	local mark=$1; shift
+	local ports=$1;
+	local cmd="";
+
+	cmd="-j EXTMARK --set-mark ${mark}";
+	if [ "${proto}" != "icmp" ]; then
+		if [ -n "${ports}" ]; then
+			cmd="--match multiport --dports ${ports} ${cmd}";
+		fi
+	fi
+
+	if [ "${proto}" == "icmp" ]; then
+		cmd="-p icmp -m icmp --icmp-type 8 $cmd"
+	elif [ "${proto}" == "all" ]; then
+		cmd="-p all $cmd"
+	else
+		cmd="-p ${proto} -m ${proto} $cmd"
+	fi
+	cmd="-s ${src_ip} $cmd"
+
+	check_and_create ${cmd}
+}
+
+is_lan_bridge() {
+	local _section=$1
+	local _type
+	local _is_lan
+
+	config_get _type "$section" "type"
+	config_get _is_lan "$section" "is_lan"
+
+	if [ "${_type}" == "bridge" -a "${_is_lan}" == "1" ]; then
+		BRIDGE_INTF="br-${_section}"
+	fi
+}
+
+get_bridge_interface() {
+	config_load network
+	config_foreach is_lan_bridge interface
+}
+
+validate_rule_section()
+{
+	uci_validate_section easy_qos rule "${1}" \
+		'priority:string' \
+		'macaddr:string' \
+		'proto:string:none' \
+		'port:list(uinteger)' \
+		'comment:string:none'
+}
+
+# Clear existing rules before applying new rules
+clear_existing_rules() {
+	# execute the delete rules written onto a file then delete the file
+	[ -f ${RULE_LIST} ] || return 0
+
+	while read line
+	do
+		log "Deleting old classification rules"
+		exec_class_log classcfg -D ${line} -i ${BRIDGE_INTF}
+	done <${RULE_LIST}
+
+	local rule=$(iptables -t mangle -S PREROUTING|grep -m 1 EXTMARK |sed 's/-A/-D/1')
+	while [ -n "${rule}" ]; do
+		exec_log iptables -t mangle ${rule}
+		rule=$(iptables -t mangle -S PREROUTING|grep -m 1 EXTMARK |sed 's/-A/-D/1')
+	done
+	sync
+
+	[ -f ${RULE_LIST} ] && rm ${RULE_LIST}
+}
+
+# classcfg -M local_dhcp -i lo -p udp --dport 67:67 --dport 68:68 -j mark --mark 1
+create_rule() {
+	local proto=$1; shift
+	local mac_addr=$1; shift
+	local mark=$1; shift
+	local ports=$1;
+	local cmd="";
+	# Rule name is uniqe, so we take hash of all the input as rule_name
+	local rule_name="$(echo ${mac_addr}${proto}${mark}${ports} |md5sum |head -c 30)"
+
+	cmd="-j mark --mark ${mark}";
+
+	if [ "${mac_addr}" != "none" ]; then
+		cmd="--smac ${mac_addr} ${cmd}";
+	fi
+
+	if [ "${proto}" != "icmp" ]; then
+		if [ "${ports}" != "none" ]; then
+			IFS=","
+			for port in ${ports};
+			do
+				cmd="--dport ${port}:${port} ${cmd}";
+			done
+			IFS=' '
+		fi
+	fi
+	if [ "${proto}" != "none" ]; then
+		cmd="-p ${proto} $cmd"
+	fi
+	cmd="-i ${BRIDGE_INTF} $cmd"
+	cmd="-A ${rule_name} $cmd"
+
+	# Store the rule_names for cleanup on reload
+	exec_class_log classcfg ${cmd}
+	[ $? -eq 0 ] && \
+		echo ${rule_name}  >> ${RULE_LIST}
+}
+
+manage_rule() {
+	local cfg="$1"
+	local priority macaddr proto port comment prio_num port_list ip ipmark
+
+	validate_rule_section "${1}" || {
+		log "Validation of section failed"
+		return 1;
+	}
+
+	prio_num=$(get_priority ${priority})
+	port_list=$(echo ${port}|sed 's/ /,/g')
+	ipmark=$(get_mark ${priority})
+	ip=$(get_ipaddress ${macaddr})
+
+	if [ -n "${prio_num}" ]; then
+		if [ "${proto}" == "none" -o "${proto}" == "tcpudp" ]; then
+			create_rule tcp ${macaddr} ${prio_num} ${port_list}
+			create_rule udp ${macaddr} ${prio_num} ${port_list}
+			if [ -n "${ip}" ]; then
+				create_ip_rule tcp ${ip} ${ipmark} ${port_list}
+				create_ip_rule udp ${ip} ${ipmark} ${port_list}
+			fi
+		else
+			create_rule ${proto} ${macaddr} ${prio_num} ${port_list}
+			if [ -n "${ip}" ]; then
+				create_ip_rule ${proto} ${ip} ${ipmark} ${port_list}
+			fi
+		fi
+	fi
+}
+
+reload_service() {
+	get_bridge_interface
+	map_client_entries
+	clear_existing_rules
+	config_load easy_qos
+	config_foreach manage_rule rule
+	clean_client_entries
+}
+
+start_service() {
+	[ -x /opt/intel/usr/sbin/classcfg ] || exit 0
+	reload_service
+	log "Easy QoS class installed"
+}
+
+service_triggers() {
+	procd_add_reload_trigger "easy_qos" "network"
+}
+

easy-soc-libs/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=easy-soc-libs
-PKG_VERSION:=6.5.60
+PKG_VERSION:=6.4.40
 PKG_RELEASE:=1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ec2e8d0341e246ff371481ae20418d8301dfcf12
+PKG_SOURCE_VERSION:=699744d5ae9e043715c260f9b58bbc18747895f9
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/easy-soc-libs.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -32,7 +32,6 @@ define Package/easy-soc-libs
   CATEGORY:=Libraries
   TITLE:=IOPSYS Easy SoC libraries
   SUBMENU:=IOPSYS Easy SoC libraries
-  DEPENDS:=+libopenssl
   MENU:=1
 endef
 
@@ -79,7 +78,6 @@ endif
 
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/openssl \
 	-I$(STAGING_DIR)/usr/include/libnl3
 
 MAKE_FLAGS += \

endptmngr/Makefile

@@ -7,18 +7,18 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=endptmngr
-PKG_VERSION:=0.7
+PKG_VERSION:=0.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/endptmngr.git
-PKG_SOURCE_VERSION:=e5fb705f3a1b6065606e0cba82a54fb6eee10ae9
+PKG_SOURCE_VERSION:=3a71d4124061287783e0d4c763b1b20e925d2133
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 
-PKG_LICENSE:=PROPRIETARY
+PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE
 
 export BUILD_DIR
@@ -56,10 +56,6 @@ define Build/Prepare
 endef
 endif
 
-TARGET_CFLAGS += \
-        -Wall \
-        -Werror
-
 define Package/endptmngr/install
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin

fdtextract/Makefile

@@ -12,7 +12,7 @@ PKG_VERSION:=1.0
 
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/fdtextract.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0ebaf1e7d1f09318ae75d0f475a25280742b790e
+PKG_SOURCE_VERSION:=7e013f0afa68378d38a6bdc9b0c5a342bd3dd0a5
 PKG_MIRROR_HASH:=skip
 
 PKG_LICENSE:=GPLv2
@@ -38,6 +38,9 @@ define Package/$(PKG_NAME)/description
 	Command to extract sub images from FIT images.
 endef
 
+MAKE_FLAGS += \
+	CFLAGS+="-Wall"
+
 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 

gryphon-led-module/Makefile

@@ -45,12 +45,12 @@ MODULE_INCLUDE=-I$(PKG_BUILD_DIR)
 ifeq ($(CONFIG_TARGET_iopsys_brcm63xx_arm),y)
 	LINUX_DIR:=$(BUILD_DIR)/bcmkernel/bcm963xx/kernel/linux-4.19
 	MODULES_SUBDIR:=lib/modules/4.19.183
-	TARGET_CROSS:=$(CONFIG_BRCM_ALT_TOOLCHAIN_BASE)/$(CONFIG_BRCM_ALT_ARM_TOOLCHAIN_TOPDIR)/bin/$(CONFIG_BRCM_ALT_ARM_TOOLCHAIN_PREFIX)-
+	TARGET_CROSS:=$(CONFIG_BCM_TOOLCHAIN)/bin/$(CONFIG_BCM_TOOLTUPLE)
 
 	ifeq ($(CONFIG_BCM_CHIP_ID),$(filter $(CONFIG_BCM_CHIP_ID),"63158" "6856" "6858"))
 		# These targets use a 64-bit kernel
 		LINUX_KARCH:=arm64
-		TARGET_CROSS:=$(CONFIG_BRCM_ALT_TOOLCHAIN_BASE)/$(CONFIG_BRCM_ALT_AARCH64_TOOLCHAIN_TOPDIR)/bin/$(CONFIG_BRCM_ALT_AARCH64_TOOLCHAIN_PREFIX)-
+		TARGET_CROSS:=/opt/toolchains/crosstools-aarch64-gcc-9.2-linux-4.19-glibc-2.30-binutils-2.32/bin/aarch64-buildroot-linux-gnu-
 	endif
 	# For some reason, Broadcom's kernel does not set the include paths correctly when compiling out-of-tree modules
 	EXTRA_KCPPFLAGS:="-I $(LINUX_DIR)/../bcmkernel/include -I $(LINUX_DIR)/arch/arm/mach-bcm963xx/include"

icwmp/Config_cwmp.in

@@ -1,14 +1,24 @@
+if PACKAGE_icwmp
+
+menu "Configuration"
 choice
-       prompt "Select ACS sever"
-       default CWMP_ACS_MULTI
-       depends on PACKAGE_icwmp || \
-		   PACKAGE_icwmp-openssl || \
-		   PACKAGE_icwmp-wolfssl || \
-		   PACKAGE_icwmp-mbedtls
+	prompt "Select ACS sever"
+	default CWMP_ACS_MULTI
 
 config CWMP_ACS_MULTI
 	bool "No specific ACS, follow standard"
 
 config CWMP_ACS_HDM
-	bool "Select HDM as ACS server"
+	bool "HDM"
 endchoice
+
+config CWMP_DEBUG
+	bool "Compile with debug options"
+	default y
+
+config CWMP_DEVEL_DEBUG
+	bool "Compile with development debug options"
+	default n
+endmenu
+endif
+

icwmp/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2022 IOPSYS Software Solutions AB
+# Copyright (C) 2020 iopsys Software Solutions AB
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,71 +8,45 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=8.4.26.10
-
-PKG_SOURCE_PROTO:=git
+PKG_VERSION:=8.2.27
+PKG_FIXUP:=autoreconf
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/icwmp.git
-PKG_SOURCE_VERSION:=ac7410a726a7269dcaef4c80061cab7a4447f6d1
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=da88c8c28656b2db54ab205d26faccda68546c05
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
-
-PKG_RELEASE=$(PKG_SOURCE_VERSION)
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_LICENSE:=GPLv2
-PKG_LICENSE_FILES:=LICENSE
+PKG_LICENSE_FILES:=COPYING
 
-PKG_FIXUP:=autoreconf
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_CWMP_ACS_MULTI \
+	CONFIG_CWMP_ACS_HDM \
+	CONFIG_CWMP_DEBUG \
+	CONFIG_CWMP_DEVEL_DEBUG
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/icwmp/default
+define Package/$(PKG_NAME)
   SECTION:=utils
   CATEGORY:=Utilities
   SUBMENU:=TRx69
-  TITLE:=TR069 CWMP client
-  DEPENDS:=+libuci +libubox +libblobmsg-json +libubus +libjson-c +libcurl +mxml
+  TITLE:=CWMP client
+  DEPENDS:=+libuci +libmicroxml +libubox +jshn +libubus +libblobmsg-json +libpthread +ubusd +shflags +getopt +zlib +libjson-c +libopenssl +curl +libcurl
 endef
 
-TARGET_CFLAGS += \
-	-D_GNU_SOURCE -g \
-	"-DCWMP_REVISION=\\\"$(PKG_SOURCE_VERSION)\\\""
-
-define Package/icwmp-openssl
-  $(Package/icwmp/default)
-  TITLE += (openssl)
-  DEPENDS += +PACKAGE_icwmp-openssl:libopenssl
-  VARIANT:=openssl
+define Package/$(PKG_NAME)/description
+ A free client implementation of CWMP (TR-069) protocol
 endef
 
-define Package/icwmp-wolfssl
-  $(Package/icwmp/default)
-  TITLE += (wolfssl)
-  DEPENDS += +PACKAGE_icwmp-wolfssl:libwolfssl
-  CONFLICTS := icwmp-openssl
-  VARIANT:=wolfssl
+define Package/$(PKG_NAME)/config
+	source "$(SOURCE)/Config_cwmp.in"
 endef
 
-define Package/icwmp-mbedtls
-  $(Package/icwmp/default)
-  TITLE += (mbedtls)
-  DEPENDS += +PACKAGE_icwmp-mbedtls:libmbedtls
-  CONFLICTS := icwmp-openssl icwmp-wolfssl
-  VARIANT:=mbedtls
-  DEFAULT_VARIANT:=1
-endef
-
-ifeq ($(BUILD_VARIANT),openssl)
-CONFIGURE_ARGS += --enable-libopenssl
-endif
-
-ifeq ($(BUILD_VARIANT),wolfssl)
-CONFIGURE_ARGS += --enable-libwolfssl
-endif
-
-ifeq ($(BUILD_VARIANT),mbedtls)
-CONFIGURE_ARGS += --enable-libmbedtls
-endif
-
 USE_LOCAL=$(shell ls ./src/ 2>/dev/null >/dev/null && echo 1)
 ifneq ($(USE_LOCAL),)
 define Build/Prepare
@@ -80,32 +54,46 @@ define Build/Prepare
 endef
 endif
 
-define Package/icwmp/default/install
+TARGET_CFLAGS += \
+	-D_GNU_SOURCE \
+	"-DCWMP_REVISION=\\\"$(PKG_SOURCE_VERSION)\\\""
+
+ifeq ($(CONFIG_CWMP_ACS_MULTI),y)
+CONFIGURE_ARGS += \
+	--enable-acs=multi
+endif
+
+ifeq ($(CONFIG_CWMP_ACS_HDM),y)
+CONFIGURE_ARGS += \
+	--enable-acs=hdm
+endif
+
+ifeq ($(CONFIG_CWMP_DEBUG),y)
+CONFIGURE_ARGS += \
+	--enable-debug
+endif
+
+ifeq ($(CONFIG_CWMP_DEVEL_DEBUG),y)
+CONFIGURE_ARGS += \
+	--enable-devel
+endif
+
+define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/etc/icwmpd
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
-	$(INSTALL_DIR) $(1)/etc/bbfdm/json/
-	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/firewall.cwmp $(1)/etc/firewall.cwmp
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/95-icwmp-generate-ssl $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
 	$(INSTALL_BIN) ./files/etc/icwmpd/update.sh $(1)/etc/icwmpd/update.sh
-	$(INSTALL_DATA) ./files/etc/bbfdm/json/CWMPManagementServer.json $(1)/etc/bbfdm/json/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user
 endef
 
-Package/icwmp-openssl/install = $(Package/icwmp/default/install)
-Package/icwmp-wolfssl/install = $(Package/icwmp/default/install)
-Package/icwmp-mbedtls/install = $(Package/icwmp/default/install)
-
-$(eval $(call BuildPackage,icwmp-openssl))
-$(eval $(call BuildPackage,icwmp-wolfssl))
-$(eval $(call BuildPackage,icwmp-mbedtls))
+$(eval $(call BuildPackage,$(PKG_NAME)))

icwmp/files/etc/bbfdm/json/CWMPManagementServer.json

@@ -1,36 +0,0 @@
-{
-	"json_plugin_version": 1,
-	"Device.CWMPManagementServer.": {
-		"type": "object",
-		"version": "2.15",
-		"protocols": [
-			"usp"
-		],
-		"access": false,
-		"array": false,
-		"dependency": "file:/etc/config/cwmp",
-		"EnableCWMP": {
-			"type": "boolean",
-			"version": "2.15",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"usp"
-			],
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "cwmp",
-						"section": {
-							"name": "cpe"
-						},
-						"option": {
-							"name": "enable"
-						}
-					}
-				}
-			]
-		}
-	}
-}

icwmp/files/etc/config/cwmp

@@ -11,15 +11,15 @@ config acs 'acs'
 	option retry_min_wait_interval '5'
 	#­ possible configs interval :[1000:65535]
 	option retry_interval_multiplier '2000'
+	option https_ssl_capath ''
 	option ipv6_enable '0'
 	option ip_version '4'
 
 config cpe 'cpe'
-	option enable '1'
+	option interface 'eth0.1'
 	option default_wan_interface 'wan'
-	option default_lan_interface 'lan'
 	option log_to_console 'disable'
-	option log_to_file 'disable'
+	option log_to_file 'enable'
 	# log_severity: INFO (Default)	
 	# log_severity possible configs: EMERG, ALERT, CRITIC ,ERROR, WARNING, NOTICE, INFO, DEBUG
 	option log_severity 'INFO'

icwmp/files/etc/firewall.cwmp

@@ -6,6 +6,7 @@ log() {
 }
 
 if [ ! -f "/var/state/cwmp" ]; then
+	touch "/var/state/cwmp"
 	exit 0;
 fi
 

icwmp/files/etc/icwmpd/update.sh

@@ -1,29 +1,43 @@
 #!/bin/sh
-. /lib/functions.sh
 
 log() {
-	echo "$@" |logger -t cwmp.update -p info
+	echo $@ |logger -t cwmp.update -p info
 }
 
 handle_icwmp_update() {
-	local cwmp_enable
-	config_load cwmp
+	local defwan=$(uci -q get cwmp.cpe.default_wan_interface)
+	local vendorspecinf=`ifstatus ${defwan} | jsonfilter -e "@.data.vendorspecinf"`
 
-	config_get_bool cwmp_enable cpe enable 1
-	if [ "$cwmp_enable" = "0" ]; then
-		return 0
-	fi
+	log "Handling dhcp option value ${vendorspecinf}"
+	[ -n "$vendorspecinf" ] && {
+		local url=""
+		local old_url="$(uci -q get cwmp.acs.dhcp_url)"
 
-	status="$(ubus call tr069 status |jsonfilter -qe '@.last_session.status')"
-	if [ "$status" != "running" ]; then
-		log "Trigger out of bound inform, since last inform status was failure"
-		ubus -t 10 call tr069 inform >/dev/null 2>&1
-		# Handle timeout or tr069 object not found
-		if [ "$?" -eq 7 ] || [ "$?" -eq 4 ]; then
-			log "Restarting icwmp tr069 object"
-			/etc/init.d/icwmpd restart
+		case $vendorspecinf in
+			http://*|https://*)
+					url="${vendorspecinf}"
+				;;
+			*)
+				for optval in $vendorspecinf; do
+				        case $optval in
+				                1=*)
+				                        url="$(echo $optval | cut -d"=" -f2-)"
+				                ;;
+				        esac
+				done
+			;;
+		esac
+
+		if [ -n "$url" ]; then
+			log "## icwmp url[${old_url}] changed to [${url}]"
+			if [ "${url}" != "${old_url}" ]; then
+				log "Restarting icwmp url[${old_url}] changed to [${url}]"
+				uci -q set cwmp.acs.dhcp_url="$url"
+				uci commit cwmp
+				ubus call uci commit '{"config":"cwmp"}'
+			fi
 		fi
-	fi
+	}
 }
 
-handle_icwmp_update $@
+handle_icwmp_update

icwmp/files/etc/init.d/icwmpd

@@ -1,48 +1,20 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2015-2019 iopsys Software Solutions AB
 
+. /lib/functions.sh
+include /lib/network
+. /usr/share/libubox/jshn.sh
+
 START=99
-STOP=00
+STOP=2
 
 USE_PROCD=1
 PROG="/usr/sbin/icwmpd"
 
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-include /lib/network
-
 log() {
 	echo "${@}"|logger -t cwmp.init -p info
 }
 
-regenerate_ssl_link()
-{
-	local cert_dir all_file rehash
-
-	cert_dir="${1}"
-	[ ! -d "${cert_dir}" ] && return 0;
-
-	### Generate all ssl link for pem certicates ###
-	all_file=$(ls $cert_dir/*.pem 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in $cfile)"
-			[ -f ${cert_dir}/${rehash}.0 ] || \
-				ln -s $cfile $cert_dir/${rehash}.0
-		done
-	fi
-
-	### Generate all ssl link for crt certicates ###
-	all_file=$(ls $cert_dir/*.crt 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in $cfile)"
-			[ -f ${cert_dir}/${rehash}.0 ] || \
-				ln -s $cfile $cert_dir/${rehash}.0
-		done
-	fi
-}
-
 enable_dhcp_option43() {
 	local wan="${1}"
 
@@ -64,192 +36,13 @@ enable_dhcp_option43() {
 	fi
 
 	newreqopts="$reqopts 43"
-	if [ "${proto}" = "dhcp" ]; then
+	if [ $proto == "dhcp" ]; then
 		uci -q set network.$wan.reqopts="$newreqopts"
 		uci commit network
 		ubus call network reload
 	fi
 }
 
-convert_to_hex() {
-	local val=""
-	local optval="${1}"
-	OPTIND=1
-	while getopts ":" opt "-$optval"
-	do
-		temp=$(printf "%02X" "'${OPTARG:-:}")
-		val="${val}:${temp}"
-	done
-
-	echo "${val}"
-}
-
-configure_send_op125() {
-	local sendopt="${1}"
-	local intf="${2}"
-	local uci="${3}"
-	local hex_oui=""
-	local hex_serial=""
-	local hex_class=""
-	local oui_len=0
-	local serial_len=0
-	local class_len=0
-
-	if [ "${uci}" = "network" ]; then
-		local opt125="125:00:00:0D:E9"
-	else
-		local opt125="125,00:00:0D:E9"
-	fi
-
-	config_get oui cpe manufacturer_oui ""
-	if [ -z "${oui}" ]; then
-		oui=$(db -q get device.deviceinfo.ManufacturerOUI)
-	fi
-
-	oui=$(echo "${oui}" | tr 'a-f' 'A-F')
-
-	config_get serial cpe serial_number ""
-	if [ -z "${serial}" ]; then
-		serial=$(db -q get device.deviceinfo.SerialNumber)
-	fi
-
-	config_get class cpe product_class ""
-	if [ -z "${class}" ]; then
-		class=$(db -q get device.deviceinfo.ProductClass)
-	fi
-
-	oui_len=$(echo -n "${oui}" | wc -m)
-	serial_len=$(echo -n "${serial}" | wc -m)
-	class_len=$(echo -n "${class}" | wc -m)
-
-	if [ ${oui_len} -eq 0 ] || [ ${serial_len} -eq 0 ]; then
-		return 0
-	fi
-
-	opt125_len=$((oui_len + serial_len + class_len))
-	if [ ${class_len} -gt 0 ]; then
-		opt125_len=$((opt125_len + 6))
-	else
-		opt125_len=$((opt125_len + 4))
-	fi
-
-	hex_opt125_len=$(printf "%02X" "${opt125_len}")
-	opt125="${opt125}:${hex_opt125_len}"
-	hex_oui=$(convert_to_hex "${oui}")
-	if [ -z "${hex_oui}" ]; then
-		return 0
-	fi
-
-	hex_oui_len=$(printf "%02X" "${oui_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:01:${hex_oui_len}${hex_oui}"
-	else
-		opt125="${opt125}:04:${hex_oui_len}${hex_oui}"
-	fi
-
-	hex_serial=$(convert_to_hex "${serial}")
-	if [ -z "${hex_serial}" ]; then
-		return 0
-	fi
-
-	hex_serial_len=$(printf "%02X" "${serial_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:02:${hex_serial_len}${hex_serial}"
-	else
-		opt125="${opt125}:05:${hex_serial_len}${hex_serial}"
-	fi
-
-	if [ ${class_len} -gt 0 ]; then
-		hex_class=$(convert_to_hex "${class}")
-		if [ -z "${hex_class}" ]; then
-			return 0
-		fi
-
-		hex_class_len=$(printf "%02X" "${class_len}")
-		if [ "${uci}" = "network" ]; then
-			opt125="${opt125}:03:${hex_class_len}${hex_class}"
-		else
-			opt125="${opt125}:06:${hex_class_len}${hex_class}"
-		fi
-	fi
-
-
-	if [ "${uci}" = "network" ]; then
-		new_send_opt="$sendopt $opt125"
-		uci -q set network.$intf.sendopts="$new_send_opt"
-	else
-		uci -q add_list dhcp.$intf.dhcp_option="$opt125"
-	fi
-}
-
-enable_dnsmasq_option125() {
-	local lan="${1}"
-	local send125_present=0
-	local opt125="125,"
-
-	local proto="$(uci -q get dhcp.$lan.dhcpv4)"
-	if [ "${proto}" = "server" ]; then
-		opt_list="$(uci -q get dhcp.$lan.dhcp_option)"
-
-		for sopt in $opt_list; do
-			if [[ "$sopt" == "$opt125"* ]]; then
-				send125_present=1
-				break
-			fi
-		done
-
-		if [ ${send125_present} -eq 0 ]; then
-			configure_send_op125 "" "${lan}" "dhcp"
-			ubus call uci commit '{"config":"dhcp"}'
-		fi
-	fi
-}
-
-enable_dhcp_option125() {
-	local wan="${1}"
-	local reqopts="$(uci -q get network.$wan.reqopts)"
-	local sendopts="$(uci -q get network.$wan.sendopts)"
-	local proto="$(uci -q get network.$wan.proto)"
-	local newreqopts=""
-	local newsendopts=""
-	local req125_present=0
-	local send125_present=0
-	local network_uci_update=0
-	local opt125="125:"
-
-	for ropt in $reqopts; do
-		case $ropt in
-			125) req125_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	for sopt in $sendopts; do
-		if [[ "$sopt" == "$opt125"* ]]; then
-			send125_present=1
-			break
-		fi
-	done
-
-	if [ "${proto}" = "dhcp" ]; then
-		if [ ${req125_present} -eq 0 ]; then
-			newreqopts="$reqopts 125"
-			uci -q set network."${wan}".reqopts="$newreqopts"
-			network_uci_update=1
-		fi
-
-		if [ ${send125_present} -eq 0 ]; then
-			configure_send_op125 "${sendopts}" "${wan}" "network"
-			network_uci_update=1
-		fi
-	fi
-
-	if [ ${network_uci_update} -eq 1 ]; then
-		uci commit network
-		ubus call network reload
-	fi
-}
-
 wait_for_resolvfile() {
 	local time=$1
 	local tm=1
@@ -257,38 +50,65 @@ wait_for_resolvfile() {
 	local resolvfile="$(uci -q get dhcp.@dnsmasq[0].resolvfile)"
 	[ -n "$resolvfile" ] || return
 
-	while [ ! -f "$resolvfile" ]; do
+	while [ ! -f $resolvfile ]; do
 		sleep 1
-		[ "$tm" -ge "$time" ] && break
+		[ $tm -ge $time ] && break
 		tm=$((tm+1))
 	done
 }
 
+set_wan_interface() {
+	local wan_interface="${1}"
+	local l3_device=""
+
+	if [ -z "${wan_interface}" ]; then
+		return 0;
+	fi
+
+	json_load "$(ifstatus ${wan_interface})"
+	json_get_var l3_device l3_device
+	if [ -n "$l3_device" ]; then
+		uci -q set cwmp.cpe.interface="${l3_device}"
+		uci -q commit cwmp
+	fi
+}
+
 copy_cwmp_etc_files_to_varstate() {
+	if [ ! -f /var/state/cwmp ]
+	then
+		if [ -f /etc/icwmpd/cwmp ]
+		then
+			uci -q -c /etc/icwmpd delete cwmp.acs
+			uci -q -c /etc/icwmpd commit cwmp
+			cp /etc/icwmpd/cwmp /var/state/cwmp
+		else
+			touch /var/state/cwmp
+		fi
+	fi
+
 	mkdir -p /var/run/icwmpd
-
-	if [ -f /etc/icwmpd/icwmpd_backup_session.xml ]; then
-		cp -f /etc/icwmpd/icwmpd_backup_session.xml /var/run/icwmpd/ 2>/dev/null
+	if [ -f /etc/icwmpd/icwmpd_backup_session.xml ]
+	then
+		mv /etc/icwmpd/icwmpd_backup_session.xml /var/run/icwmpd 2>/dev/null
 	fi
-
-	if [ -f /etc/icwmpd/dm_enabled_notify.xml ]; then
-		cp -f /etc/icwmpd/dm_enabled_notify /var/run/icwmpd/ 2>/dev/null
+	if [ -f /etc/icwmpd/dm_enabled_notify.xml ]
+	then
+		mv /etc/icwmpd/dm_enabled_notify /var/run/icwmpd 2>/dev/null
 	fi
-	touch /var/run/icwmpd/cwmp
 }
 
 copy_cwmp_varstate_files_to_etc() {
-	if [ -f /var/run/icwmpd/icwmpd_backup_session.xml ]; then
-		cp -f /var/run/icwmpd/icwmpd_backup_session.xml /etc/icwmpd/ 2>/dev/null
+	if [ -f /var/state/cwmp ]
+	then
+		cp /var/state/cwmp /etc/icwmpd 2>/dev/null
 	fi
-
-	if [ -f /var/run/icwmpd/dm_enabled_notify.xml ]; then
-		cp -f /var/run/icwmpd/dm_enabled_notify /etc/icwmpd/ 2>/dev/null
+	if [ -f /var/run/icwmpd/icwmpd_backup_session.xml ]
+	then
+		cp /var/run/icwmpd/icwmpd_backup_session.xml /etc/icwmpd 2>/dev/null
 	fi
-
-	# move the successful custom notify import marker to persistent storage
-	if [ -f /var/run/icwmpd/icwmpd_notify_import_marker ]; then
-		cp -f /var/run/icwmpd/icwmpd_notify_import_marker /etc/icwmpd/
+	if [ -f /var/run/icwmpd/dm_enabled_notify.xml ]
+	then
+		cp /var/run/icwmpd/dm_enabled_notify /etc/icwmpd 2>/dev/null
 	fi
 }
 
@@ -300,13 +120,12 @@ validate_acs_section()
 		'periodic_inform_interval:uinteger' \
 		'periodic_inform_time:string' \
 		'url:string' \
-		'dhcp_discovery:string' \
 		'dhcp_url:string' \
 		'compression:or("GZIP","Deflate","Disabled")' \
 		'retry_min_wait_interval:range(1, 65535)' \
 		'retry_interval_multiplier:range(1000, 65535)' \
-		'ipv6_enable:bool' \
-		'ssl_capath:string'
+		'https_ssl_capath:file' \
+		'ipv6_enable:bool'
 
 }
 
@@ -335,7 +154,6 @@ validate_cpe_section()
 }
 
 validate_defaults() {
-	local ssl_capath
 	config_load cwmp
 
 	validate_acs_section || {
@@ -343,98 +161,71 @@ validate_defaults() {
 		return 1;
 	}
 
-	ssl_capath="${ssl_capath%/}"
-	# Put the cert pem file in keep list
-	if [ -d "${ssl_capath}" ]; then
-		if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then
-			echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp
-			echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp
-			echo "${ssl_capath}"'/*.0' >> /lib/upgrade/keep.d/icwmp
-		fi
-	fi
+	[ -z "${url}" -a -z "${dhcp_url}" ] && {
+		log "ACS url is empty can't start"
+		return 1;
+	}
 
 	validate_cpe_section || {
 		log "Validation of cpe section failed"
 		return 1;
 	}
 
+	[ -z "${default_wan_interface}" ] && {
+		log "Wan interface is empty"
+		return 1;
+	}
+
 	return 0;
 }
 
-set_vendor_id() {
-	local wan="${1}"
-	local proto="$(uci -q get network.$wan.proto)"
-
-	if [ "${proto}" == "dhcp" ]; then
-		vendorid="$(uci -q get network.$wan.vendorid)"
-		if [ -z "${vendorid}" ]; then
-			uci -q set network.$wan.vendorid="dslforum.org"
-			ubus call uci commit '{"config":"network"}'
-		elif [[ $vendorid != *"dslforum.org"* ]]; then
-			uci -q set network.$wan.vendorid="${vendorid},dslforum.org"
-			ubus call uci commit '{"config":"network"}'
-		fi
-
-	fi
-}
-
 boot() {
-	local enable_cwmp="0"
-	
-	local dhcp_discovery="0"
+	local dhcp_url=""
+	local discovery="1"
 
 	config_load cwmp
-	
-	config_get_bool enable_cwmp cpe enable 1
-	if [ "$enable_cwmp" = "0" ]; then
-		return 0
-	fi
-	
-	config_get dhcp_discovery acs dhcp_discovery "0"
-	
-	config_get wan_interface cpe default_wan_interface "wan"
-	
-	if [ "${dhcp_discovery}" == "enable" ] || [ "${dhcp_discovery}" == "1" ]; then
-		# Set dhcp option 43 if not already configured
-		enable_dhcp_option43 "${wan_interface}"
-		# Set dhcp option 60
-		set_vendor_id "${wan_interface}"
-	fi
+	config_get_bool dhcp_discovery acs dhcp_discovery 1
+	config_get dhcp_url acs dhcp_url ""
 
-	config_get lan_interface cpe default_lan_interface ""
-	if [ -n "${lan_interface}" ]; then
-		# Set dhcp_option 125 if not already configured
-		enable_dhcp_option125 "${wan_interface}"
-		enable_dnsmasq_option125 "${lan_interface}"
+	if [ "${dhcp_discovery}" == "enable" -o "${dhcp_discovery}" == "1" ]; then
+		if [ -z "${dhcp_url}" ]; then
+			log "dhcp discovery enabled but no dhcp url, trigger update"
+			/etc/icwmpd/update.sh
+		fi
 	fi
-	
-	config_get ssl_capath acs ssl_capath
-
-	if [ -n "${ssl_capath}" ]; then
-		regenerate_ssl_link "${ssl_capath}"
-	fi
-
-	# Copy backup data so that if it restart latter on it gets the info
-	copy_cwmp_etc_files_to_varstate
-	touch /etc/icwmpd/cwmp_notifications
-
 	start
 }
 
 start_service() {
 	local enable_cwmp
+	local wan_interface
+	local dhcp_discovery
 
 	config_load cwmp
 	config_get_bool enable_cwmp cpe enable 1
+	config_get dhcp_discovery acs dhcp_discovery
+	config_get wan_interface cpe default_wan_interface "wan"
 
-	if [ "$enable_cwmp" = "0" ]; then
+	if [ "$enable_cwmp" = "0" -o "$enable_cwmp" = "false" ]; then
+		log "CWMP is not enabled"
 		return 0
 	fi
 
+	# Set wan interface if not configured
+	set_wan_interface "${wan_interface}"
+
+	# Set dhcp option 43 if dhcp discovery enabled
+	if [ "${dhcp_discovery}" == "enable" -o "${dhcp_discovery}" == "1" ]; then
+		enable_dhcp_option43 "${wan_interface}"
+	fi
+
 	[ -f /sbin/netifd ] && log "Waiting for Network to be started ..." && ubus -t 5 wait_for network.interface
 	[ -f /usr/sbin/dnsmasq ] && log "Waiting for DNS Proxy to be started ..." && ubus -t 5 wait_for dnsmasq
 	[ -f /etc/config/dhcp ] && log "Waiting for DNS Server(s) ..." && wait_for_resolvfile 20
 
+	# Copy backup data so that if it restart latter on it gets the info
+	copy_cwmp_etc_files_to_varstate
+
 	validate_defaults || {
 		log "Validation of defaults failed"
 		return 1;
@@ -444,8 +235,8 @@ start_service() {
 	procd_set_param command "$PROG"
 	procd_append_param command -b
 	procd_set_param respawn \
-		"${respawn_threshold:-5}" \
-		"${respawn_timeout:-10}" "${respawn_retry:-3}"
+		${respawn_threshold:-5} \
+		${respawn_timeout:-10} ${respawn_retry:-3}
 
 	procd_set_param watch network.interface
 	procd_close_instance
@@ -457,30 +248,9 @@ stop_service()
 }
 
 reload_service() {
-	local ret
-
-	config_load cwmp
-	config_get_bool enable_cwmp cpe enable 1
-
-	ret="0"
-	if [ "$enable_cwmp" = "0" ]; then
-		stop
-		start
-		return 0
-	fi
-
-	status="$(ubus -t 1 call tr069 status |jsonfilter -qe '@.cwmp.status')"
-	ret="$?"
-	if [ "$status" = "up" ]; then
-		ubus -t 1 call tr069 command '{"command":"reload"}'
-		ret="$?"
-	fi
-
-	if [ "$status" = "init" ] || [ "$ret" -ne "0" ]; then
-		log "Restarting CWMP client"
-		stop
-		start
-	fi
+	log "Restarting CWMP client"
+	stop
+	start
 }
 
 service_triggers() {

icwmp/files/etc/uci-defaults/85-cwmp-set-userid

@@ -1,11 +1,7 @@
-#!/bin/sh
-
-. /lib/functions.sh
 # Copy defaults by the factory to the cwmp UCI user section.
-config_load cwmp
 
 # Get Manufacturer OUI.
-config_get oui cpe manufacturer_oui ""
+oui=$(uci -q get cwmp.cpe.manufacturer_oui)
 if [ -z "${oui}" ]; then
 	oui=$(db -q get device.deviceinfo.ManufacturerOUI)
 fi
@@ -13,29 +9,24 @@ fi
 oui=$(echo "${oui}" | tr 'a-f' 'A-F')
 
 # Get system serial number.
-config_get serial cpe serial_number ""
+serial=$(uci -q get cwmp.cpe.serial_number)
 if [ -z "${serial}" ]; then
 	serial=$(db -q get device.deviceinfo.SerialNumber)
 fi
 
 # Get userid values
-config_get acs_userid acs userid ""
-config_get cpe_userid cpe userid ""
+acs_userid=$(uci -q get cwmp.acs.userid)
+cpe_userid=$(uci -q get cwmp.cpe.userid)
 
 # Only set if they are empty
-if [ -z "${acs_userid}" ]; then
+if [ -z "$acs_userid" ]
+then
     uci -q set cwmp.acs.userid="${oui}-${serial}"
 fi
 
-if [ -z "${cpe_userid}" ]; then
+if [ -z "$cpe_userid" ]
+then
     uci -q set cwmp.cpe.userid="${oui}-${serial}"
 fi
 
-# Fix the cwmp.cpe.enable parameter
-# set default to 1 if not defined
-config_get enable_cwmp cpe enable ""
-if [ -z "${enable_cwmp}" ]; then
-    uci -q set cwmp.cpe.enable="1"
-fi
-
 # No need for commit here, it is done by uci_apply_defaults().

icwmp/files/etc/uci-defaults/95-icwmp-generate-ssl

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+regenerate_ssl_link(){
+	[ ! -d "/etc/ssl/certs" ] && return 0;
+	[ ! -f "/etc/ssl/certs/*.pem" ] && return 0;
+
+	local cert_dir="/etc/ssl/certs"
+	local all_file=$(ls $cert_dir/*.pem)
+
+	for cfile in $all_file
+	do
+		ln -s $cfile $cert_dir/$(openssl x509 -hash -noout -in $cfile).0
+	done
+}
+
+regenerate_ssl_link

icwmp/files/lib/upgrade/keep.d/icwmp

@@ -1,2 +1 @@
 /var/run/icwmpd/icwmpd_backup_session.xml
-/etc/icwmpd/cwmp_notifications

ieee1905/Makefile

@@ -1,16 +1,16 @@
 #
-# Copyright (C) 2021-2022 IOPSYS
+# Copyright (C) 2021 IOPSYS
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=4.10.40
+PKG_VERSION:=4.6.19
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=4533751a58cfb0fcf4ee878785f6c0872949c68d
+PKG_SOURCE_VERSION:=7267a76fafa264792415a1cdc697a9e47934a1e6
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -38,7 +38,7 @@ define Package/libieee1905
 $(call Package/ieee1905/Default,$(1))
   TITLE+= (library for CMDU and TLV handling)
   DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-	   +libjson-c +libblobmsg-json
+	   +libjson-c +libblobmsg-json +libopenssl
 endef
 
 define Package/ieee1905
@@ -72,6 +72,7 @@ endef
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
 	-I$(STAGING_DIR)/usr/include/libnl3 \
+	-I$(STAGING_DIR)/usr/include/openssl \
 	-D_GNU_SOURCE
 
 ifeq ($(CONFIG_IEEE1905_PLATFORM_HAS_WIFI),y)
@@ -129,7 +130,6 @@ define Build/InstallDev/libieee1905
 	$(CP) $(PKG_BUILD_DIR)/src/i1905_wsc.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/bufutil.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/timer_impl.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/src/i1905_extension.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/libmidgen.so $(1)/usr/lib/
 	$(CP) $(PKG_BUILD_DIR)/src/libieee1905.so $(1)/usr/lib/
 endef

ieee1905/files/etc/config/ieee1905

@@ -3,24 +3,20 @@ config ieee1905 'ieee1905'
 	option extension '1'
 	list extmodule 'map'
 	option registrar '2 5'
-#	option macaddress '0a:1b:2c:3d:4e:50'
 
-config al-iface
-	option enabled '1'
-	option ifname 'br-lan'
-	option type 'bridge'
-
-# ap sections are auto-generated/overwritten during onboarding
-#
 config ap
 	option band '2'
-	option ssid 'IOWRT-2.4GHz'
-	option encryption 'sae-mixed'
-	option key '1234567890'
+	option ssid 'TestSSID.2'
+	option encryption 'psk2'
+	option key '5555500000'
 
 config ap
 	option band '5'
-	option ssid 'IOWRT-5GHz'
-	option encryption 'sae-mixed'
-	option key '1234567890'
+	option ssid 'TestSSID.5'
+	option encryption 'psk2'
+	option key '2222200000'
 
+config al-iface
+	option enabled 1
+	option ifname 'br-lan'
+	option type 'bridge'

ieee1905/files/etc/init.d/ieee1905

@@ -44,8 +44,7 @@ validate_ap_section() {
 	uci_validate_section ieee1905 $section "${1}" \
 			'band:or("2", "5", "60")' \
 			'ssid:string' \
-			'encryption:or("psk2", "sae-mixed", "sae",
-				"psk", "psk-mixed", "none", string)' \
+			'encryption:or("psk2", "sae-mixed", "sae", string)' \
 			'key:string' \
 			'uuid:string' \
 			'manufacturer:string' \

ieee1905/files/etc/uci-defaults/30-set-ieee1905-al-macaddr

@@ -1,22 +0,0 @@
-#!/bin/sh
-
-
-BMAC=$(db -q get hw.board.basemac)
-BMAC=${BMAC//:/}
-BMAC=${BMAC// /}
-BMAC=$(printf "%12.12X" $((0x$BMAC)))
-
-[ "$BMAC" == "" ] && exit 1
-
-LMAC=$((0x$BMAC & 0xfeffffffffff))
-LMAC=$(($LMAC | 0x020000000000))
-LMAC=$(printf "%12.12X" $LMAC)
-LMAC=$(echo $LMAC | sed -e 's/[0-9A-F]\{2\}/&:/g' -e 's/:$//')
-
-mac=$(uci -q get ieee1905.ieee1905.macaddress)
-
-[ "$mac" != "" ] && exit 0
-
-uci set ieee1905.ieee1905.macaddress="$LMAC"
-uci commit ieee1905
-

ieee1905/files/etc/uci-defaults/31-ifname-list-to-option

@@ -1,17 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-config_load ieee1905
-
-list_to_ifname() {
-	local section=$1
-
-	config_get ifname $section ifname	# get list as space separated values
-
-	uci del ieee1905.${section}.ifname	# delete entry
-	uci set ieee1905.${section}.ifname="$ifname"	# writeback entry as option
-}
-
-config_foreach list_to_ifname al-iface
-

inbd/Makefile

@@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=inbd
-PKG_VERSION:=1.2.3
+PKG_VERSION:=1.2.2
 PKG_RELEASE:=1
 
-PKG_SOURCE_VERSION:=d4e910a31039e0c0b7a539311eafcd716c36be77
+PKG_SOURCE_VERSION:=10f765f3d0fcc226b6ecf0c481598c9e7f76315e
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/inbd
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)-$(PKG_SOURCE_VERSION).tar.gz

iop/Config.in

@@ -1,7 +0,0 @@
-config TARGET_VERSION
-	string
-	prompt "Software Version"
-
-config TARGET_CUSTOMER
-	string
-	prompt "Customer ID"

iop/Makefile

@@ -24,10 +24,6 @@ define Package/iop/description
 	This package contains iopsysWrt SDK utilities
 endef
 
-define Package/iop/config
-	source "$(SOURCE)/Config.in"
-endef
-
 define Build/Compile
 	true
 endef

iop/config

@@ -1,139 +1,32 @@
-############
-# Generic #
-##########
-
-# Build #
-CONFIG_BUILD_LOG=y
+CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_CCACHE=y
 CONFIG_DEBUG=y
 CONFIG_DEVEL=y
-# CONFIG_USE_SSTRIP is not set
-CONFIG_USE_STRIP=y
-# CONFIG_SIGNED_PACKAGES is not set
-
-# Image #
-CONFIG_TARGET_CUSTOMER="IOPSYS"
-CONFIG_TARGET_ROOTFS_TARGZ=y
-
-# /etc/banner and /etc/device_info #
-CONFIG_IMAGEOPT=y
-CONFIG_VERSIONOPT=y
-CONFIG_VERSION_MANUFACTURER="iopsysWrt"
-CONFIG_VERSION_MANUFACTURER_URL="https://iopsys.eu/"
-
-# /lib/preinit #
-CONFIG_PREINITOPT=y
-# CONFIG_TARGET_PREINIT_SUPPRESS_STDERR is not set
-CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y
-CONFIG_TARGET_PREINIT_TIMEOUT=1
-# CONFIG_TARGET_PREINIT_SHOW_NETMSG is not set
-# CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG is not set
-CONFIG_TARGET_PREINIT_IFNAME=""
-CONFIG_TARGET_PREINIT_IP=""
-CONFIG_TARGET_PREINIT_NETMASK=""
-CONFIG_TARGET_PREINIT_BROADCAST=""
-
-# Mirror #
-CONFIG_LOCALMIRROR="https://download.iopsys.eu/iopsys/mirror/"
-
-
-##################
-# IOWRT Add-ons #
-################
-
-# EasySoC HAL #
-CONFIG_PACKAGE_inbd=y
-CONFIG_PACKAGE_libwifi=y
-CONFIG_PACKAGE_peripheral_manager=y
-CONFIG_PACKAGE_port-management=y
-CONFIG_PACKAGE_wifimngr=y
-
-# Multi-AP #
-CONFIG_PACKAGE_ieee1905=y
-CONFIG_PACKAGE_map-topology=y
-CONFIG_PACKAGE_wfadatad-collector=y
-
-# Network #
-CONFIG_PACKAGE_netmode=y
-CONFIG_PACKAGE_owsd=m
-CONFIG_PACKAGE_urlfilter=y
-
-# System #
-CONFIG_PACKAGE_imonitor=m
-CONFIG_PACKAGE_questd=y
-CONFIG_PACKAGE_rulengd=y
-
-# TR-x69 #
-CONFIG_PACKAGE_uspd-mbedtls=y
-CONFIG_PACKAGE_icwmp-mbedtls=y
-CONFIG_PACKAGE_obuspa=y
-CONFIG_PACKAGE_bulkdata=y
-CONFIG_PACKAGE_periodicstats=y
-CONFIG_PACKAGE_stunc-mbedtls=m
-CONFIG_PACKAGE_swmodd=m
-CONFIG_PACKAGE_twamp=m
-CONFIG_PACKAGE_udpecho-client=m
-CONFIG_PACKAGE_udpecho-server=m
-CONFIG_PACKAGE_xmppc=m
-
-# WebGUI #
-CONFIG_PACKAGE_sulu=y
-
-
-############
-# Network #
-##########
-
-# Protocols #
 CONFIG_PACKAGE_6in4=y
 CONFIG_PACKAGE_6rd=y
 CONFIG_PACKAGE_6to4=y
+CONFIG_PACKAGE_at=y
+CONFIG_PACKAGE_atftp=m
+CONFIG_PACKAGE_atftpd=m
+CONFIG_PACKAGE_bulkdata=y
 CONFIG_PACKAGE_chat=y
 CONFIG_PACKAGE_comgt=y
 CONFIG_PACKAGE_comgt-directip=y
 CONFIG_PACKAGE_comgt-ncm=y
-CONFIG_PACKAGE_ds-lite=y
-CONFIG_PACKAGE_gre=y
-CONFIG_PACKAGE_map=y
-CONFIG_PACKAGE_ntfs-3g=y
-CONFIG_PACKAGE_ntpd=y
-CONFIG_PACKAGE_odhcp6c=y
-CONFIG_PACKAGE_odhcpd=y
-CONFIG_PACKAGE_ppp-mod-pppoa=y
-CONFIG_PACKAGE_ppp-mod-pppoe=y
-CONFIG_PACKAGE_ppp-mod-pppol2tp=y
-CONFIG_PACKAGE_ppp-mod-pptp=y
-CONFIG_PACKAGE_ppp-multilink=y
-# CONFIG_PACKAGE_ppp is not set
-CONFIG_PACKAGE_relayd=y
-CONFIG_PACKAGE_umbim=y
-CONFIG_PACKAGE_uqmi=y
-CONFIG_PACKAGE_wwan=y
-CONFIG_PACKAGE_xl2tpd=y
-
-# Services #
-CONFIG_PACKAGE_atftp=m
-CONFIG_PACKAGE_atftpd=m
 CONFIG_PACKAGE_ddns-scripts=y
-CONFIG_PACKAGE_miniupnpd=y
+CONFIG_PACKAGE_ds-lite=y
+CONFIG_PACKAGE_ethtool=y
+CONFIG_PACKAGE_getopt=y
+CONFIG_PACKAGE_gre=y
+CONFIG_PACKAGE_icwmp=y
+CONFIG_PACKAGE_ieee1905=y
+CONFIG_PACKAGE_map-topology=y
 CONFIG_PACKAGE_mosquitto-client-ssl=y
 CONFIG_PACKAGE_mosquitto-ssl=y
-CONFIG_PACKAGE_nginx=y
-CONFIG_PACKAGE_openvpn-easy-rsa=y
-CONFIG_PACKAGE_openvpn-openssl=y
-CONFIG_OPENVPN_openssl_ENABLE_IPROUTE2=y
-# CONFIG_PACKAGE_qos-scripts is not set
-CONFIG_PACKAGE_rdnssd=y
-CONFIG_PACKAGE_vsftpd-tls=m
-
-# Tools and Utilities #
-CONFIG_PACKAGE_curl=y
-CONFIG_PACKAGE_libcurl=y
-CONFIG_LIBCURL_CRYPTO_AUTH=y
-# CONFIG_LIBCURL_MBEDTLS is not set
-CONFIG_LIBCURL_OPENSSL=y
-CONFIG_PACKAGE_ethtool=y
-CONFIG_PACKAGE_ip-bridge=y
+CONFIG_PACKAGE_wfadatad=y
+CONFIG_PACKAGE_wfadatad-collector=y
+CONFIG_PACKAGE_imonitor=m
+CONFIG_PACKAGE_inbd=y
 CONFIG_PACKAGE_ip-full=y
 CONFIG_PACKAGE_iperf3=y
 CONFIG_PACKAGE_ipset=y
@@ -141,67 +34,73 @@ CONFIG_PACKAGE_iptables=y
 CONFIG_PACKAGE_iptables-mod-conntrack-extra=y
 CONFIG_PACKAGE_iptables-mod-filter=y
 CONFIG_PACKAGE_iptables-mod-ipopt=y
-CONFIG_PACKAGE_ndisc6=y
-CONFIG_PACKAGE_rdisc6=y
-CONFIG_PACKAGE_resolveip=y
-CONFIG_PACKAGE_tcpdump=y
-CONFIG_PACKAGE_traceroute6=y
-
-
-############
-# System  #
-##########
-
-CONFIG_PACKAGE_at=y
-CONFIG_PACKAGE_getopt=y
 # CONFIG_PACKAGE_iwatchdog is not set
 CONFIG_PACKAGE_jq=y
-CONFIG_PACKAGE_libustream-openssl=y
-# CONFIG_PACKAGE_libustream-wolfssl is not set
+CONFIG_PACKAGE_libreswan=m
+CONFIG_PACKAGE_libwifi=y
 CONFIG_PACKAGE_lscpu=y
-CONFIG_PACKAGE_nand-utils=y
-CONFIG_PACKAGE_openssl-util=y
-CONFIG_OPENSSL_WITH_COMPRESSION=y
-CONFIG_PACKAGE_rpcd=y
-CONFIG_PACKAGE_rpcd-mod-rpcsys=y
-CONFIG_PACKAGE_rpcd-mod-rrdns=y
-CONFIG_PACKAGE_strace=y
-CONFIG_PACKAGE_terminfo=y
-CONFIG_PACKAGE_uledd=y
-# The urandom-seed package is very strange. It seeds urandom with urandom...
-# Disable it. Most SoCs nowadays has HW random generators anyway.
-# CONFIG_PACKAGE_urandom-seed is not set
-# CONFIG_PACKAGE_urngd is not set
-CONFIG_PACKAGE_usb-modeswitch=y
-CONFIG_PACKAGE_uuidgen=y
-CONFIG_PACKAGE_zoneinfo-core=y
-CONFIG_PACKAGE_zoneinfo-europe=y
-
-
-################
-# LuCI WebGUI #
-##############
-
-# BEGIN: luci-nginx metapackage with some changes
-# We do not want libiwinfo-lua on non-WiFi targets, but it is already
-# depended on by other luci-packages, so no need to take it in explicitly
-CONFIG_PACKAGE_luci-mod-admin-full=y
-CONFIG_PACKAGE_luci-app-firewall=y
-CONFIG_PACKAGE_luci-app-opkg=y
-CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-proto-ipv6=y
+CONFIG_PACKAGE_luci-nginx=y
 # CONFIG_LUCI_JSMIN is not set
 # CONFIG_LUCI_CSSTIDY is not set
 CONFIG_PACKAGE_luci-mod-dashboard=y
 CONFIG_PACKAGE_luci-theme-openwrt-2020=y
-CONFIG_PACKAGE_nginx-mod-luci=y
-
-
-############
-# BusyBox #
-##########
-
-CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_PACKAGE_map=y
+CONFIG_PACKAGE_miniupnpd=y
+CONFIG_PACKAGE_mwan3=y
+CONFIG_PACKAGE_nand-utils=y
+CONFIG_PACKAGE_ndisc6=y
+CONFIG_PACKAGE_netmode=y
+CONFIG_PACKAGE_ntfs-3g=y
+CONFIG_PACKAGE_ntpd=y
+CONFIG_PACKAGE_obuspa=y
+CONFIG_PACKAGE_odhcp6c=y
+CONFIG_PACKAGE_odhcpd=y
+CONFIG_PACKAGE_openssl-util=y
+CONFIG_OPENSSL_WITH_COMPRESSION=y
+CONFIG_PACKAGE_openvpn-easy-rsa=y
+CONFIG_PACKAGE_openvpn-openssl=y
+CONFIG_PACKAGE_owsd=y
+CONFIG_PACKAGE_periodicstats=y
+CONFIG_PACKAGE_peripheral_manager=y
+CONFIG_PACKAGE_port-management=y
+CONFIG_PACKAGE_ppp-mod-pppoa=y
+CONFIG_PACKAGE_ppp-mod-pppoe=y
+CONFIG_PACKAGE_ppp-mod-pppol2tp=y
+CONFIG_PACKAGE_ppp-mod-pptp=y
+CONFIG_PACKAGE_ppp-multilink=y
+# CONFIG_PACKAGE_ppp is not set
+# CONFIG_PACKAGE_qos-scripts is not set
+CONFIG_PACKAGE_questd=y
+CONFIG_PACKAGE_rdisc6=y
+CONFIG_PACKAGE_rdnssd=y
+CONFIG_PACKAGE_relayd=y
+CONFIG_PACKAGE_resolveip=y
+CONFIG_PACKAGE_rpcd=y
+CONFIG_PACKAGE_rpcd-mod-rpcsys=y
+CONFIG_PACKAGE_rulengd=y
+CONFIG_PACKAGE_strace=y
+CONFIG_PACKAGE_sulu=y
+CONFIG_PACKAGE_swmodd=m
+CONFIG_PACKAGE_tcpdump=y
+CONFIG_PACKAGE_terminfo=y
+CONFIG_PACKAGE_traceroute6=y
+CONFIG_PACKAGE_uledd=y
+CONFIG_PACKAGE_umbim=y
+CONFIG_PACKAGE_uqmi=y
+CONFIG_PACKAGE_urlfilter=y
+CONFIG_PACKAGE_usb-modeswitch=y
+CONFIG_PACKAGE_uspd=y
+CONFIG_PACKAGE_vsftpd-tls=m
+CONFIG_PACKAGE_wwan=y
+CONFIG_PACKAGE_wifimngr=y
+CONFIG_PACKAGE_uuidgen=y
+CONFIG_PACKAGE_xl2tpd=y
+CONFIG_PACKAGE_zoneinfo-core=y
+CONFIG_PACKAGE_zoneinfo-europe=y
+CONFIG_TARGET_CUSTOMER="IOPSYS"
+# CONFIG_USE_SSTRIP is not set
+CONFIG_USE_STRIP=y
+CONFIG_BUILD_LOG=y
 CONFIG_BUSYBOX_CONFIG_ADDUSER=y
 CONFIG_BUSYBOX_CONFIG_ARPING=y
 CONFIG_BUSYBOX_CONFIG_ASH_IDLE_TIMEOUT=y
@@ -221,7 +120,6 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_MODUTILS_ALIAS=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_MODUTILS_SYMBOLS=y
 CONFIG_BUSYBOX_CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
 CONFIG_BUSYBOX_CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
-# CONFIG_BUSYBOX_CONFIG_IP is not set
 CONFIG_BUSYBOX_CONFIG_LAST_SYSTEM_ID=999
 CONFIG_BUSYBOX_CONFIG_LOGIN=y
 # CONFIG_BUSYBOX_CONFIG_LSMOD is not set
@@ -285,3 +183,40 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_SQUASHFS=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_UBIFS=y
 CONFIG_BUSYBOX_CONFIG_TIMEOUT=y
 CONFIG_BUSYBOX_CONFIG_NOHUP=y
+CONFIG_LIBCURL_CRYPTO_AUTH=y
+# CONFIG_LIBCURL_MBEDTLS is not set
+CONFIG_LIBCURL_OPENSSL=y
+CONFIG_OPENVPN_openssl_ENABLE_IPROUTE2=y
+# CONFIG_SIGNED_PACKAGES is not set
+# CONFIG_BUSYBOX_CONFIG_IP is not set
+CONFIG_LOCALMIRROR="https://download.iopsys.eu/iopsys/mirror/"
+
+# Generation of /etc/banner.
+CONFIG_IMAGEOPT=y
+CONFIG_VERSIONOPT=y
+CONFIG_VERSION_MANUFACTURER="iopsysWrt"
+CONFIG_VERSION_MANUFACTURER_URL="https://iopsys.eu/"
+
+# Disable as much as possible of OpenWrt messy "pre-init" stuff.
+CONFIG_PREINITOPT=y
+# CONFIG_TARGET_PREINIT_SUPPRESS_STDERR is not set
+CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y
+CONFIG_TARGET_PREINIT_TIMEOUT=1
+# CONFIG_TARGET_PREINIT_SHOW_NETMSG is not set
+# CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG is not set
+CONFIG_TARGET_PREINIT_IFNAME=""
+CONFIG_TARGET_PREINIT_IP=""
+CONFIG_TARGET_PREINIT_NETMASK=""
+CONFIG_TARGET_PREINIT_BROADCAST=""
+
+# Generate rootfs tar file
+CONFIG_TARGET_ROOTFS_TARGZ=y
+
+# The urandom-seed package is very strange. It seeds urandom with urandom...
+# Disable it. Most SoCs nowadays has HW random generators anyway.
+# CONFIG_PACKAGE_urandom-seed is not set
+# CONFIG_PACKAGE_urngd is not set
+
+# We use OpenSSL, no need to ship multiple TLS libraries
+CONFIG_PACKAGE_libustream-openssl=y
+# CONFIG_PACKAGE_libustream-wolfssl is not set

iop/scripts/feeds_update.sh

@@ -32,7 +32,8 @@ function feeds_update {
     fi
 
     # targets need to be installed explicitly
-    for target in $(ls ./feeds/targets)
+    targets="iopsys-brcm63xx-arm iopsys-ramips intel_mips iopsys-x86 iopsys-armvirt iopsys-bcm27xx iopsys-mediatek iopsys-econet"
+    for target in $targets
     do
 	rm -f target/linux/$target
 	./scripts/feeds install -p targets $target

iop/scripts/genconfig.sh

@@ -254,22 +254,11 @@ function genconfig {
 	setup_dirs()
 	{
 		git remote -v | grep -q http || {
-			CUSTBRANCH="$(git rev-parse --abbrev-ref HEAD)"
 			if git ls-remote $CUSTREPO -q 2>/dev/null; then
 				if [ ! -d "$CUSTPATH" ]; then
-					echo "Cloning $CUSTBRANCH branch of $CUSTREPO"
-					git clone -b "$CUSTBRANCH" "$CUSTREPO" "$CUSTPATH" 2>/dev/null || {
-						DEFBRANCH="$(git remote show $CUSTREPO | grep 'HEAD branch' | cut -d' ' -f5)"
-						echo "$CUSTBRANCH branch is not found, cloning $DEFBRANCH branch of $CUSTREPO"
-						git clone "$CUSTREPO" "$CUSTPATH"
-					}
+					git clone "$CUSTREPO" "$CUSTPATH"
 				elif [ $IMPORT -eq 1 ]; then
 					cd $CUSTPATH
-					echo "Checking out $CUSTBRANCH branch in $CUSTPATH"
-					git checkout "$CUSTBRANCH" 2>/dev/null || {
-						DEFBRANCH="$(git symbolic-ref refs/remotes/origin/HEAD | cut -d '/' -f4)"
-						echo "Checking out $CUSTBRANCH branch has failed, using $DEFBRANCH branch in $CUSTPATH"
-					}
 					v "git pull"
 					git pull
 					cd - >/dev/null #go back

iop/scripts/genconfig_min.sh

@@ -170,6 +170,12 @@ function genconfig_min {
 
 	git remote -v | grep -qE '(git@|ssh://)' && {
 		DEVELOPER=1
+
+		bcmAllowed=0
+		endptAllowed=0
+
+		git ls-remote git@dev.iopsys.eu:broadcom/bcmcreator.git -q 2>/dev/null && bcmAllowed=1
+		git ls-remote git@dev.iopsys.eu:iopsys/endptmngr.git -q 2>/dev/null && endptAllowed=1
 	}
 
 	v() {

libjwt/Makefile

@@ -0,0 +1,54 @@
+
+# Copyright (C) 2018 Iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libjwt
+PKG_VERSION:=1.0.0
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=866607c7741421c8ac99876e7201eb32d9af1b92
+PKG_SOURCE_URL:=https://github.com/benmcollins/libjwt.git
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_FIXUP:=autoreconf
+
+PKG_LICENSE:=LGPLv3
+PKG_LICENSE_FILES:=COPYING
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libjwt
+  CATEGORY:=Libraries
+  DEPENDS:=+libopenssl +jansson
+  TITLE:= libjwt
+endef
+
+
+#TARGET_CFLAGS += \
+#	-I$(STAGING_DIR)/usr/include
+#	-I$(STAGING_DIR)/usr/include/libnl3
+
+#MAKE_FLAGS += \
+#	CFLAGS="$(TARGET_CFLAGS)" \
+#	LDFLAGS="$(TARGET_LDFLAGS)" \
+#	FPIC="$(FPIC)" \
+#	PLATFORM="$(TARGET_PLATFORM)" \
+#	subdirs="$(subdirs)"
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/include/jwt.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libjwt/.libs/libjwt.so* $(1)/usr/lib/
+endef
+
+define Package/libjwt/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libjwt/.libs/libjwt.so* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libjwt))

libmicroxml/Makefile

@@ -0,0 +1,57 @@
+#
+# Copyright (C) 2012-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libmicroxml
+PKG_VERSION:=2012-06-11
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/mirror/microxml.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=72965423184f24cc0b963d91c2d1863cdb01b6aa
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+PKG_LICENSE:=LGPL-2.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libmicroxml
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=XML library
+  MAINTAINER:=Luka Perkov <luka@openwrt.org>
+endef
+
+define Package/libmicroxml/description
+ A micro sized XML library
+endef
+
+CONFIGURE_ARGS += \
+	--disable-threads \
+	--enable-static \
+	--enable-shared
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(CP) $(PKG_BUILD_DIR)/microxml.h $(1)/usr/include
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libmicroxml.so* $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+	$(CP) $(PKG_BUILD_DIR)/microxml.pc $(1)/usr/lib/pkgconfig
+endef
+
+define Package/libmicroxml/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libmicroxml.so* $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,libmicroxml))

libmicroxml/patches/100-fix-memleak.patch

@@ -0,0 +1,130 @@
+diff --git a/mxml-file.c b/mxml-file.c
+index 02eca9d..f10d202 100644
+--- a/mxml-file.c
++++ b/mxml-file.c
+@@ -363,9 +363,12 @@ mxmlSaveFile(mxml_node_t    *node,	/* I - Node to write */
+   * Write the node...
+   */
+ 
+-  if ((col = mxml_write_node(node, fp, cb, 0, mxml_file_putc, global)) < 0)
++  if ((col = mxml_write_node(node, fp, cb, 0, mxml_file_putc, global)) < 0){
++    global_free(global);
+     return (-1);
+-
++  }
++  
++  global_free(global);
+   if (col > 0)
+     if (putc('\n', fp) < 0)
+       return (-1);
+@@ -1448,6 +1451,7 @@ mxml_load_data(
+   if ((buffer = malloc(64)) == NULL)
+   {
+     mxml_error("Unable to allocate string buffer!");
++    global_free(global);
+     return (NULL);
+   }
+ 
+@@ -2083,11 +2087,12 @@ mxml_load_data(
+ 		 node->parent ? node->parent->value.element.name : "(null)");
+ 
+       mxmlDelete(first);
+-
++      global_free(global);
+       return (NULL);
+     }
+   }
+ 
++  global_free(global);
+   if (parent)
+     return (parent);
+   else
+@@ -2102,7 +2107,7 @@ error:
+   mxmlDelete(first);
+ 
+   free(buffer);
+-
++  global_free(global);
+   return (NULL);
+ }
+ 
+diff --git a/mxml-private.c b/mxml-private.c
+index 4378ca3..ea6e452 100644
+--- a/mxml-private.c
++++ b/mxml-private.c
+@@ -41,6 +41,32 @@
+  * This code currently supports AIX, HP-UX, Linux, Mac OS X, Solaris, and
+  * Windows.  It might work on the BSDs and IRIX, but I haven't tested that.
+  */
++void *global_mem[16] = {0};
++
++static void *global_calloc(int x, int size)
++{
++  int i;
++  void *m = calloc(x, size);
++  for (i = ((sizeof(global_mem)/sizeof(global_mem[0])) - 1); i > 0; i--) {
++    global_mem[i] = global_mem[i-1];
++  }
++  global_mem[0] = m;
++  return m;
++}
++
++void global_free(void *m)
++{
++  int i;
++  if (m == NULL)
++    return;
++  for (i = ((sizeof(global_mem)/sizeof(global_mem[0])) - 1); i >= 0; i--) {
++    if (global_mem[i] == m) {
++      global_mem[i] = NULL;
++      free(m);
++      break;
++    }
++  }
++}
+ 
+ #if defined(__sun) || defined(_AIX)
+ #  pragma fini(_mxml_fini)
+@@ -148,7 +174,6 @@ mxml_real_cb(mxml_node_t *node)		/* I - Current node */
+   return (MXML_REAL);
+ }
+ 
+-
+ #ifdef HAVE_PTHREAD_H			/**** POSIX threading ****/
+ #  include <pthread.h>
+ 
+@@ -190,7 +215,6 @@ _MXML_FINI(void)
+   }
+ }
+ 
+-
+ /*
+  * '_mxml_global()' - Get global data.
+  */
+@@ -205,7 +229,7 @@ _mxml_global(void)
+ 
+   if ((global = (_mxml_global_t *)pthread_getspecific(_mxml_key)) == NULL)
+   {
+-    global = (_mxml_global_t *)calloc(1, sizeof(_mxml_global_t));
++    global = (_mxml_global_t *)global_calloc(1, sizeof(_mxml_global_t));
+     pthread_setspecific(_mxml_key, global);
+ 
+     global->num_entity_cbs = 1;
+@@ -288,7 +312,7 @@ _mxml_global(void)
+ 
+   if ((global = (_mxml_global_t *)TlsGetValue(_mxml_tls_index)) == NULL)
+   {
+-    global = (_mxml_global_t *)calloc(1, sizeof(_mxml_global_t));
++    global = (_mxml_global_t *)global_calloc(1, sizeof(_mxml_global_t));
+ 
+     global->num_entity_cbs = 1;
+     global->entity_cbs[0]  = _mxml_entity_cb;
+diff --git a/mxml-private.h b/mxml-private.h
+index c591208..72ed338 100644
+--- a/mxml-private.h
++++ b/mxml-private.h
+@@ -43,3 +43,4 @@ typedef struct _mxml_global_s
+ extern _mxml_global_t	*_mxml_global(void);
+ extern int		_mxml_entity_cb(const char *name);
+ 
++extern void global_free(void *m);

libtrace/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libtrace
-PKG_VERSION:=3.0.23
+PKG_VERSION:=3.0.22
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
@@ -72,11 +72,11 @@ endef
 
 define Package/libtrace/install    
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libtrace.so.* $(1)/usr/lib/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwandio.so.* $(1)/usr/lib/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump.so.* $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libtrace.so.* $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libwandio.so.* $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump.so.* $(1)/usr/lib/
 	$(INSTALL_DIR) $(1)/usr/lib/libpacketdump
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump/*.so* $(1)/usr/lib/libpacketdump/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump/*.so* $(1)/usr/lib/libpacketdump/
 endef
 
 define Package/libtrace-tools/install    

map-agent/Config.in

@@ -6,29 +6,5 @@ config AGENT_SYNC_DYNAMIC_CNTLR_CONFIG
 	bool "Support Dynamic Controller configuration sync"
 	default y if MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG
 
-config AGENT_ISLAND_PREVENTION
-	bool "Support Island Prevention"
-	default y if MULTIAP_AGENT_ISLAND_PREVENTION
-
-config AGENT_EASYMESH_R2_CERT
-	bool "Compile for WFA test bed"
-
-
-config AGENT_EASYMESH_VENDOR_EXT
-	bool "Enable extra features through Easymesh vendor extension"
-	default y
-
-config AGENT_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	string
-	default "\\\\x11\\\\x22\\\\x33"
-
-config AGENT_EASYMESH_VENDOR_EXT_OUI
-	string "Vendor OUI in '\\\\xAB\\\\xCD\\\\xEF' format"
-	default AGENT_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	help
-	Extra features not covered by the base Easymesh specification can be
-	enabled through AGENT_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
-	through which such features would be exposed.
-
 endmenu
 endif

map-agent/Makefile

@@ -1,16 +1,16 @@
 #
-# Copyright (C) 2020-22 IOPSYS Software Solutions AB
+# Copyright (C) 2020-21 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=2.10.4.2
+PKG_VERSION:=7.1.10
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=6ee9d2d711241d59f77b1e254343903cc92108d1
+PKG_SOURCE_VERSION:=8d2fa1af3b0cbdb65f791b490e72c5925cccaa05
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 
-PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE:=PROPRIETARY IOPSYS
 PKG_LICENSE_FILES:=LICENSE
 
 LOCAL_DEV=0
@@ -28,7 +28,7 @@ define Package/map-agent
   CATEGORY:=Utilities
   TITLE:=WiFi multi-AP Agent (EasyMesh R2)
   DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
-	  +map-plugin +ip-bridge
+	  +map-plugin
 endef
 
 
@@ -62,20 +62,6 @@ ifeq ($(CONFIG_AGENT_SYNC_DYNAMIC_CNTLR_CONFIG),y)
 TARGET_CFLAGS += -DAGENT_SYNC_DYNAMIC_CNTLR_CONFIG
 endif
 
-ifeq ($(CONFIG_AGENT_ISLAND_PREVENTION),y)
-TARGET_CFLAGS += -DAGENT_ISLAND_PREVENTION
-endif
-
-ifeq ($(CONFIG_AGENT_EASYMESH_R2_CERT),y)
-TARGET_CFLAGS += -DEASYMESH_R2_CERT
-endif
-
-ifeq ($(CONFIG_AGENT_EASYMESH_VENDOR_EXT),y)
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=\\\"$(CONFIG_AGENT_EASYMESH_VENDOR_EXT_OUI)\\\"
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
-endif
-
-
 MAKE_PATH:=src
 
 define Package/map-agent/install

map-agent/files/etc/config/mapagent

@@ -1,134 +1,34 @@
 config agent 'agent'
 	option enabled '1'
-	option debug '0'
+	option debug '6'
 	option profile '2'
 	option al_bridge 'br-lan'
-	option netdev 'wlan'
-	option island_prevention '0'
-	option eth_onboards_wifi_bhs '0'
-	option ap_follow_sta_dfs '0'
-	option guest_isolation '0'
-#	option controller_macaddr '0a:1b:2c:3d:4e:50'
 
-config dynamic_backhaul
-	option missing_bh_timer '60'
-	option missing_bh_reconfig_timer '1800'
-
-config controller_select
-	option id 'auto'
-	option probe_int '20'
-	option retry_int '9'
-	option autostart '1'
-	option local '0'
-
-config radio
-	option device 'phy0'
-	option band '2'
-# options below are auto-generated during onboarding
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '70'
-#	option report_rcpi_threshold '80'
-#	option rcpi_hysteresis_margin '0'
-#	option report_util_threshold '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-config radio
-	option device 'phy1'
-	option band '5'
-# options below are auto-generated during onboarding
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '86'
-#	option report_rcpi_threshold '96'
-#	option rcpi_hysteresis_margin '0'
-#	option report_util_threshold '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-config bsta
-	option enabled '1'
-	option ifname 'wlan0'
-	option band '2'
-	option device 'phy0'
-	option priority '2'
-# options below are auto-generated during onboarding
-#	option ssid 'MAP-BH-2.4GHz'
-#	option encryption 'sae-mixed'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option onboarded '1'
-#	option bssid '0a:1b:2c:3d:4e:53'
-#	option vid '1'
-
-config bsta
-	option enabled '1'
-	option ifname 'wlan1'
-	option band '5'
-	option device 'phy1'
-	option priority '0'
-# options below are auto-generated during onboarding
-#	option ssid 'MAP-BH-5GHz'
-#	option encryption 'sae-mixed'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option onboarded '1'
-#	option bssid '0a:1b:2c:3d:4e:54'
-#	option vid '1'
-
-# ap sections and policy section are
-# auto-generated during onboarding
-#
 #config ap
-#	option enabled '1'
-#	option ifname 'wlan0-1'
+#	option ifname 'wl0'
+#	option steer 'rssi bssload'
+#	list exclude '00:11:22:33:44:55'
+#	list exclude_btm '00:aa:bb:cc:dd:ee'
+#	list assoc_ctrl '00:10:20:30:40:50'
+#	option btm_retry '3'
+#	option btm_retry_secs '180'
+#	option fallback_legacy '1'
+#	option steer_legacy_reassoc_secs '30'
+#	option steer_legacy_retry_secs '3600'
+#	option assoc_ctrl_secs '30'
 #	option band '2'
-#	option device 'phy0'
 #	option type 'fronthaul'
-#	option ssid 'IOWRT-2.4GHz'
-#	option encryption 'sae-mixed+aes'
-#	option key '1234567890'
-#	option vid '1'
 
 #config ap
-#	option enabled '1'
-#	option ifname 'wlan0-2'
-#	option band '2'
-#	option device 'phy0'
-#	option type 'backhaul'
-#	option ssid 'MAP-BH-2.4GHz'
-#	option encryption 'sae+aes'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option disallow_bsta '0'
-#	option vid '1'
-
-#config ap
-#	option enabled '1'
-#	option ifname 'wlan1-1'
+#	option ifname 'wl1'
+#	option steer 'rssi bssload'
+#	list exclude '00:11:22:33:44:55'
+#	list exclude_btm '00:aa:bb:cc:dd:ee'
 #	option band '5'
-#	option device 'phy1'
 #	option type 'fronthaul'
-#	option ssid 'IOWRT-5GHz'
-#	option encryption 'sae-mixed+aes'
-#	option key '1234567890'
-#	option vid '1'
 
-#config ap
+#config bsta
+#	option ifname 'apclii0'
 #	option enabled '1'
-#	option ifname 'wlan1-2'
-#	option band '5'
-#	option device 'phy1'
-#	option type 'backhaul'
-#	option ssid 'MAP-BH-5GHz'
-#	option encryption 'sae+aes'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option disallow_bsta '0'
-#	option vid '1'
-
-#config policy
-#	option report_interval '0'
-#	option pvid '1'
-#	option pcp_default '0'
-#	option report_scan '0'
-#	option report_sta_assocfails '0'
-#	option report_sta_assocfails_rate '0'
-
+#	option onboarded '0'
+#	option disallow_bsta '1		# bitmap, 1 for disallow p1, 2 to disallow p2, 3 to disallow both (probably never applicable)

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -1,78 +1,22 @@
 #!/bin/sh
 
-. /lib/network/utils.sh
+wan=$(db -q get hw.board.ethernetWanPort)
+MAPFILE="/tmp/multiap.backhaul"
 
-conn_ports_file="/tmp/map.connected.ports"
-map_bh_file="/tmp/multiap.backhaul"
-al_bridge="$(uci -q get mapagent.agent.al_bridge)"
-[ "${al_bridge:0:3}" = "br-" ] || exit 0
-al_brnet="${al_bridge:3}"
 
-# Exit if the PORT is not member of the AL Bridge
-[ "$(get_network_of $PORT)" = "$al_brnet" ] || exit 0
-
-############## Dynamic Backhaul Daemon ##############
-if [ -n "$(which dynbhd)" ]; then
-	pidof dynbhd >/dev/null && exit 0 # dynbhd is managing the links
-
-	if [ ! -f $conn_ports_file ]; then
-		touch $conn_ports_file
-		if [ "$LINK" = "up" ]; then
-			touch $conn_ports_file
-			echo "$PORT" > $conn_ports_file
-			brctl delif $al_bridge $PORT
-			#ubus call network.interface.lan remove_device "{\"name\":\"$PORT\"}"
-		fi
-	else
-		if [ "$LINK" = "up" ]; then
-			brctl delif $al_bridge $PORT
-			echo "$PORT" >> $conn_ports_file
-			#ubus call network.interface.lan remove_device "{\"name\":\"$PORT\"}"
-		else
-			sed -i -E "/(^|:)${PORT}(:|$)/d" $conn_ports_file
-			#ubus call network.interface.lan add_device "{\"name\":\"$PORT\"}"
-			brctl addif $al_bridge $PORT
-			[ "$(cat $conn_ports_file | wc -c)" = "0" ] && rm -f $conn_ports_file
-		fi
-	fi
-
-	exit 0
-fi
-########################################################
-
-################ Dedicated ETH WAN Port ################
-wanport="$(db -q get hw.board.ethernetWanPort)"
-if [ -n "$wanport" ]; then
-	[ "$wanport" = "$PORT" ] || exit 0
-########################################################
-else
-#################### DHCP Discovery ####################
-	[ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ] || exit 0
-
-	if [ "$LINK" = "up" ]; then
-		brctl delif $al_bridge $PORT
-
-		udhcpc -qnRoC -i $PORT >/dev/null 2>&1 && dhcp=1
-
-		brctl addif $al_bridge $PORT
-
-		[ $dhcp -eq 1 ] || exit 0
-	else
-		[ -f $map_bh_file ] || exit 0
-		cur_bh="$(cat $map_bh_file  | jsonfilter -e @.ifname)"
-		[ "$cur_bh" = "$PORT" ] || exit 0
-	fi
-########################################################
-fi
+[ -z "$wan" ] && exit 1 # no configuration
+[ "$PORT" != "$wan" ] && exit 0
 
 remove_from_bridge() {
 	config_get ifname "$section" ifname
-	[ -n "$ifname" ] && ubus call network.interface.${al_brnet} remove_device '{"name":"$ifname"}'
+
+	ubus call network.interface.$bridge remove_device '{"name":"$ifname"}'
 }
 
 update_bstas() {
-	section="$1"
-	action="$2"
+	local section="$1"
+	local action="$2"
+	local ifname onboarded
 
 	config_get ifname "$section" ifname
 	config_get_bool enabled "$section" enabled 0
@@ -90,16 +34,16 @@ update_bstas() {
 }
 
 if [ "$LINK" = "up" ]; then
-	#touch "$map_bh_file"
+	#touch "$MAPFILE"
+
 	config_load "mapagent"
-	config_foreach remove_from_bridge bsta
+	bridge=$(uci get mapagent.agent.al_bridge | cut -d '-' -f2)
+	config_foreach remove_from_bridge bsta $bridge
 	config_foreach update_bstas bsta down
 
 	/lib/wifi/multiap set_uplink "eth" "$PORT"
 else
-	/lib/wifi/multiap unset_uplink "eth"
-	#rm -f "$map_bh_file"
+	rm -f "$MAPFILE"
 	config_load "mapagent"
 	config_foreach update_bstas bsta up
-
 fi

map-agent/files/etc/init.d/mapagent

@@ -10,8 +10,56 @@ IS_CFG_VALID=1
 MAP_DEV="map_dev"
 MAP_IF="map"
 
+create_map() {
+	ip link add lei type veth peer name lei_map 2>/dev/null
+	ip link add link lei name lei_lan type vlan id 1 2>/dev/null
+
+	uci -q set network.${MAP_DEV}=device
+	uci -q set network.${MAP_DEV}.name=br-map
+	uci -q set network.${MAP_DEV}.type=bridge
+
+	uci -q show network.${MAP_DEV}.ports | grep -q lei_map || {
+		uci -q add_list network.${MAP_DEV}.ports='lei_map'
+	}
+
+	uci -q set network.${MAP_IF}=interface
+	uci -q set network.${MAP_IF}.device=br-map
+	uci -q set network.${MAP_IF}.is_lan=1
+
+	uci -q show network.br_lan.ports | grep -q lei_lan || {
+		uci -q add_list network.br_lan.ports="lei_lan"
+	}
+
+	uci -q set mapagent.agent.al_bridge=br-map
+
+	uci -q commit
+
+	ubus call network reload
+	ubus -t 5 wait_for network.interface.map
+
+	brctl addif br-map lei_map 2>/dev/null
+	brctl addif br-lan lei_lan 2>/dev/null
+
+	ip link set lei up 2>/dev/null
+	ip link set lei_map up 2>/dev/null
+	ip link set lei_lan up 2>/dev/null
+}
+
+remove_map() {
+	ip link delete ${MAP_VETH} &>/dev/null
+
+	uci -q delete network.${MAP_DEV}
+	uci -q delete network.${MAP_IF}
+
+	uci -q set mapagent.agent.al_bridge=br-lan
+
+	uci -q commit
+
+	ubus call network reload
+}
+
 start_dynbhd_service() {
-	rm -f /tmp/multiap.backhaul
+	rm -f /tmp/map.agent.bsta_global_disable
 	procd_open_instance
 	procd_set_param command "/usr/sbin/dynbhd"
 	procd_set_param respawn
@@ -31,10 +79,7 @@ validate_agent_section() {
 		'netdev:string' \
 		'vlan_segregation:bool:false' \
 		'resend_num:uinteger:0' \
-		'dyn_cntlr_sync:bool:true' \
-		'island_prevention:bool:false' \
-		'eth_onboards_wifi_bhs:bool:false'
-
+		'dyn_cntlr_sync:bool:true'
 
 	[ "$?" -ne 0 ] && {
 		logger -s -t "mapagent" "Validation of agent section failed"
@@ -94,19 +139,14 @@ validate_radio_section() {
 			'configured:bool:false' \
 			'onboarded:bool:false' \
 			'dedicated_backhaul:bool:false' \
-			'steer_policy:range(0,255)' \
+            'steer_policy:range(0,255)' \
 			'util_threshold:range(0,255)' \
 			'rcpi_threshold:range(0,255)' \
 			'report_rcpi_threshold:range(0,255)' \
 			'include_sta_stats:bool:false' \
 			'include_sta_metric:bool:false' \
 			'rcpi_hysteresis_margin:range(0,255)' \
-			'report_util_threshold:range(0,255)' \
-			'encryption:or("sae", "sae+aes", "psk2",
-				"psk2+aes", "sae-mixed", "sae-mixed+aes",
-				"none", "psk-mixed", "psk-mixed+aes",
-				"wpa", "wpa+aes", "wpa2", "wpa2+aes",
-				"psk", "psk+aes")' \
+			'report_util_threshold:range(0,255)'
 
 	[ "$?" -ne 0 ] && {
 		logger -s -t "mapagent" "Validation of radio section failed"
@@ -138,31 +178,14 @@ validate_policy_section() {
 	return 0
 }
 
-validate_dyn_bh_section() {
-	local section="$1"
-
-	uci_validate_section mapagent $section "${1}" \
-			'missing_bh_timer:range(1,255)'
-	uci_validate_section mapagent $section "${1}" \
-			'missing_bh_reconfig_timer:range(0,65535)'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapagent" "Validation of dynamic backhaul section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
 validate_agent_config() {
 	IS_CFG_VALID=1
 
 	validate_agent_section &&
 		config_foreach validate_cs_section controller_select &&
 		config_foreach validate_ap_section ap &&
-		config_foreach validate_radio_section radio &&
-		config_foreach validate_policy_section policy &&
-		config_foreach validate_dyn_bh_section dynamic_backhaul
+        config_foreach validate_radio_section radio &&
+        config_foreach validate_policy_section policy
 
 	[ "$IS_CFG_VALID" -ne 1 ] && {
 		logger -s -t "mapagent" "Validation of mapagent UCI file failed"
@@ -185,14 +208,22 @@ start_service() {
 	config_get_bool enabled agent enabled 1
 	[ "$enabled" -eq 0 ] && return 1
 
+	local ts
+	config_get_bool ts agent vlan_segregation 0
+	[ "$ts" -eq 1 ] && create_map #|| remove_map
+
 	procd_open_instance
-	procd_set_param command "/usr/sbin/mapagent" "-d"
+        procd_set_param command "/usr/sbin/mapagent" "-d"
 	procd_set_param respawn
 #	procd_set_param stdout 1
 #	procd_set_param stderr 1
 	procd_close_instance
 }
 
+#stop_service() {
+#	remove_map
+#}
+
 service_triggers()
 {
 	procd_add_reload_trigger "mapagent"

map-agent/files/etc/uci-defaults/991-map-agent-unset-pvid

@@ -1,13 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-unset_pvid() {
-	local section=$1
-
-	uci -q set mapagent.${section}.pvid="0"
-}
-
-config_load mapagent
-
-config_foreach unset_pvid policy

map-agent/files/lib/wifi/multiap

@@ -55,7 +55,7 @@ get_type_by_section() {
 	echo "$(type_to_multi_ap $type)"
 }
 
-sync_credentials() {
+brcm_sync_credentials() {
 	bands=""
 	json_init
 	mapagent_process_fh() {
@@ -160,7 +160,7 @@ sync_credentials() {
 	json_cleanup
 }
 
-write_credentials() {
+brcm_write_credentials() {
 	config_load mapagent
 
 	mapagent_apply_wireless() {
@@ -207,7 +207,7 @@ write_credentials() {
 		#echo applying bk_ssid = "$bk_ssid" bk_key = "$bk_key"
 
 		# subshell in hopes to maintain mapagent config loaded
-		(mapagent_apply_wireless $ifname "$bk_ssid" "$bk_key")
+		echo $(mapagent_apply_wireless $ifname "$bk_ssid" "$bk_key") 2> /dev/null
 	}
 
 	mapagent_find_bbss() {
@@ -250,7 +250,7 @@ write_credentials() {
 	uci commit wireless
 }
 
-set_network() {
+brcm_set_network() {
 	local ifname=$1
 	local num=$2
 	local bssid=$3
@@ -293,13 +293,7 @@ write_bsta_config() {
 
 			[ "$bsta" == "$ifname" ] || return
 			#echo setting diff = $diff > /dev/console
-			old_bssid="$(uci -q get wireless.${section}.bssid)"
-
-			[ "$old_bssid" == "$bssid" ] && break
-
 			uci -q set wireless.${section}.bssid=$bssid
-			wpa_cli -i "$bsta" set_n 0 bssid $bssid
-			wpa_cli -i "$bsta" save_config
 			echo 1
 		}
 		config_load wireless
@@ -356,14 +350,14 @@ write_bsta_config() {
 
 	#echo result diff = $diff > /dev/console
 	[ "$diff" == "1" ] && {
-		(config_foreach mapagent_apply_bssid_same_band bsta)
-		#ubus call uci commit '{"config":"wireless"}'
+		config_foreach mapagent_apply_bssid_same_band bsta
+		ubus call uci commit '{"config":"wireless"}'
 		#echo reloading wireless > /dev/console
 	}
 
 }
 
-teardown_iface() {
+brcm_teardown_iface() {
 	config_load mapagent
 
 	local iface=$1
@@ -377,7 +371,7 @@ teardown_iface() {
 
 			[ "$ifname" != "$map_ifname" ] && return
 
-			uci -q set wireless.${section}.disabled="1"
+			uci -q set wireless.${section}.start_disabled="1"
 			uci -q set wireless.${section}.ssid="DISABLED-SSID"
 			uci -q set wireless.${section}.key="DISABLED-KEY"
 			uci -q delete wireless.${section}.multi_ap_backhaul_ssid
@@ -404,10 +398,9 @@ teardown_iface() {
 		uci -q set mapagent.${section}.enabled="0"
 		uci -q set mapagent.${section}.ssid="DISABLED-SSID"
 		uci -q set mapagent.${section}.key="DISABLED-KEY"
-		#uci -q del mapagent.${section}.vid
 
 		# subshell in hopes to maintain mapagent config loaded
-		(mapagent_teardown_wireless $ifname)
+		$(mapagent_teardown_wireless $ifname)
 	}
 
 
@@ -417,7 +410,7 @@ teardown_iface() {
 	uci commit mapagent
 }
 
-bsta_to_wireless() {
+brcm_bsta_to_wireless() {
 	config_load mapagent
 
 	mapagent_find_lowest_prio_onboarded() {
@@ -471,7 +464,7 @@ bsta_to_wireless() {
 				uci -q set wireless.${section}.key="$key"
 				uci -q set wireless.${section}.encryption=$encryption
 				uci -q set wireless.${section}.bssid="$bssid"
-				uci -q set wireless.${section}.default_disabled='0'
+				#uci -q set wireless.${section}.disabled=$disabled
 
 				[ "$disabled" != "1" ] && return
 				wpa_cli -i "$bsta" disconnect > /dev/null 2>&1
@@ -489,12 +482,10 @@ bsta_to_wireless() {
 
 		mapagent_find_other_creds() {
 			#echo "trying to find other creds for $2" > /dev/console
-			local other_section="$2"
-
 			config_get band $1 band
 			config_get onboarded $1 onboarded "0"
 
-			[ "$4" != "$band" -o "$onboarded" = "0" ] && return
+			[ "$3" != "$band" -o "$onboarded" = "0" ] && return
 
 			config_get ssid $1 ssid
 			config_get key $1 key
@@ -502,12 +493,7 @@ bsta_to_wireless() {
 			config_get enabled $1 enabled "0"
 			config_get bssid $1 bssid
 
-			uci -q set mapagent.${other_section}.ssid="$ssid"
-			uci -q set mapagent.${other_section}.key="$key"
-			uci -q set mapagent.${other_section}.encryption=$encryption
-			uci -q set mapagent.${other_section}.bssid="$bssid"
-			uci commit mapagent
-			(mapagent_apply_wl_bsta "$3" "$ssid" "$key" $encryption "$5" "$bssid")
+			echo $(mapagent_apply_wl_bsta $2 "$ssid" "$key" $encryption $4 "$bssid")
 		}
 
 		config_get band $1 band
@@ -516,14 +502,14 @@ bsta_to_wireless() {
 		config_get enabled $1 enabled "0"
 
 		if [ "$onboarded" = "0" ]; then
-			config_foreach mapagent_find_other_creds bsta $1 $ifname $band $enabled
+			config_foreach mapagent_find_other_creds bsta $ifname $band $enabled
 		else
 			config_get ssid $1 ssid
 			config_get key $1 key
 			config_get encryption $1 encryption
 			config_get bssid $1 bssid
 
-			(mapagent_apply_wl_bsta $ifname "$ssid" "$key" $encryption $enabled "$bssid")
+			echo $(mapagent_apply_wl_bsta $ifname "$ssid" "$key" $encryption $enabled "$bssid")
 		fi
 	}
 
@@ -542,7 +528,6 @@ bsta_to_wireless() {
 	diff=$(config_foreach mapagent_bsta_to_wireless bsta)
 
 #	[ "$diff" != "" ] && {
-
 		ubus call uci commit '{"config":"wireless"}'
 #	}
 }
@@ -637,43 +622,27 @@ sync_mapcontroller_from_wireless() {
 }
 
 bsta_scan_on_enabled() {
-	local onboarded_bands=""
-
-	mapagent_onboarded_bands() {
-		config_get band $1 band
-		config_get onboarded $1 onboarded "0"
-
-		[ "$onboarded" = "0" ] && return
-
-		onboarded_bands="$onboarded_bands $band"
-	}
+	config_load mapagent
 
 	mapagent_enable_bk() {
 		config_get ifname $1 ifname
-		config_get band $1 band
 		config_get enabled $1 enabled
 
+		echo ifname $ifname enabled $enabled
+
 		[ "$enabled" = "0" ] && return
 
-		for onboarded_band in $onboarded_bands
-		do
-			[ "$onboarded_band" != "$band" ] && continue
-
-			logger -t multiap "bsta_scan_on_enabled $ifname $band"
-			wpa_cli -i "$ifname" enable_network 0 > /dev/null 2>&1
-			wpa_cli -i "$ifname" reconnect > /dev/null 2>&1
-			wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-		done
+		wpa_cli -i "$ifname" enable_network 0 > /dev/null 2>&1
+		wpa_cli -i "$ifname" reconnect > /dev/null 2>&1
+		wpa_cli -i "$ifname" save_config > /dev/null 2>&1
 	}
 
-	config_load mapagent
-	config_foreach mapagent_onboarded_bands bsta
 	config_foreach mapagent_enable_bk bsta
 }
 
 bsta_enable_all() {
 	mapagent_enable_bk() {
-		config_get ifname $1 ifname
+		config_get ifname $1 ifname "2"
 		uci -q set mapagent.$1.enabled="1"
 	}
 
@@ -684,68 +653,6 @@ bsta_enable_all() {
 	bsta_scan_on_enabled
 }
 
-# arg = one interface to clear
-# no arg = clear all interfaces
-bsta_clear_bssid() {
-	local iface=$1
-
-	mapagent_remove_bssid() {
-		local iface=$2
-
-		config_get ifname $1 ifname
-
-		[ -n "$iface" -a "$iface" != "$ifname" ] && return
-
-		uci -q set mapagent.$1.enabled="1"
-		uci -q del mapagent.$1.bssid
-	}
-
-	wireless_remove_bssid() {
-		local iface=$2
-
-		config_get mode $1 mode
-		config_get ifname $1 ifname
-
-		[ "$mode" != "sta" ] && return
-
-		[ -n "$iface" -a "$iface" != "$ifname" ] && return
-
-		uci -q del wireless.$1.bssid
-		wpa_cli -i "$ifname" bssid 0 00:00:00:00:00:00 > /dev/null 2>&1
-		wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-	}
-
-	config_load mapagent
-	config_foreach mapagent_remove_bssid bsta $iface
-	uci commit mapagent
-
-	config_load wireless
-	config_foreach wireless_remove_bssid wifi-iface $iface
-	uci commit wireless
-}
-
-# arg1 = ifname arg2 = bssid
-bsta_blacklist_bssid_set() {
-	local ifname="$1"
-	shift
-	local bssid="$@"
-
-	wpa_cli -i "$ifname" set_network 0 bssid_ignore "$bssid" > /dev/null 2>&1
-	wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-}
-
-bsta_blacklist_bssid_clear() {
-	mapagent_blacklist_by_band() {
-		config_get ifname $1 ifname
-
-		wpa_cli -i "$ifname" set_network 0 bssid_ignore "" > /dev/null 2>&1
-		wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-	}
-
-	config_load mapagent
-	config_foreach mapagent_blacklist_by_band bsta
-}
-
 bsta_disable_lower_priority() {
 	config_load mapagent
 
@@ -793,13 +700,9 @@ bsta_disable_lower_priority() {
 
 		[ "$ifname" != "$2" -a "$priority" -gt "$3" ] && enabled="0"
 
-		# enable passed ifname explicitly
-		# don't explicitly enable other higher prio interfaces
-		[ "$ifname" != "$2" -a "$enabled" = "1" ] && return
-
 		uci -q set mapagent.$1.enabled="$enabled"
 
-		(mapagent_apply_wl_bsta $ifname $enabled) > /dev/null
+		echo $(mapagent_apply_wl_bsta $ifname $enabled) > /dev/null
 	}
 
 	local bsta=$1
@@ -833,12 +736,6 @@ bsta_use_link() {
 	local bsta=$1
 
 	config_foreach mapagent_disable_bk bsta $bsta
-
-	noht=$(iw $bsta info | grep "no HT")
-	[ -n "$noht" ] &&  {
-		logger -t multiap "no HT hit, issue reassoc $bsta"
-		wpa_cli -i $bsta reassoc
-	}
 }
 
 bsta_swap_to_link() {
@@ -854,48 +751,11 @@ set_uplink_backhaul_info() {
 	local ul_1905id=$1
 	local ul_mac=$2
 
-	(
-		flock -x 200
-		json_load "$(cat $MAPFILE)"
-		json_add_string "backhaul_device_id" "$ul_1905id"
-		json_add_string "backhaul_macddr" "$ul_mac"
-		json_dump > "$MAPFILE"
-		json_cleanup
-	) 200>/var/lock/map.backhaul.lock
-}
-
-
-
-update_isolate_ebtables() {
-	parse_fh() {
-		local brcm_setup="$(uci -q get mapagent.agent.brcm_setup)"
-		local guest_isolate="$(uci -q get mapagent.agent.guest_isolation)"
-		local pvid="$(uci -q get mapagent.@policy[0].pvid)"
-		local section=$1
-		local prefix="TODO"
-		local action="del"
-
-		config_get vid $section vid
-		config_get band $section band
-		config_get ifname $section ifname
-
-		[ $vid -gt 4094 -o $vid -lt 1 ] && vid=$pvid
-		[ "$guest_isolate" = "1" -a "$vid" != "$pvid" ] && action="add"
-		if [ "$brcm_setup" = "1" ]; then
-			prefix="wds"
-		else
-			#todo
-			break;
-		fi
-
-		ts_sub "isolate" "$action" "$pvid" "$vid" "$band" "$ifname" "$prefix"
-
-	}
-	config_load mapagent
-
-
-	config_foreach parse_fh ap
-
+	json_load "$(cat $MAPFILE)"
+	json_add_string "backhaul_device_id" "$ul_1905id"
+	json_add_string "backhaul_macddr" "$ul_mac"
+	json_dump > "$MAPFILE"
+	json_cleanup
 }
 
 set_uplink() {
@@ -909,60 +769,31 @@ set_uplink() {
 	json_add_string "type" "$type"
 	json_add_string "ifname" "$ifname"
 	json_add_string "macaddr" "$hwaddr"
-	(
-		flock -x 200
-		json_dump > "$MAPFILE"
-	) 200>/var/lock/map.backhaul.lock
+	json_dump > "$MAPFILE"
 	json_cleanup
-
-	update_isolate_ebtables
-	island_prevention="$(uci -q get mapagent.agent.island_prevention)"
-
-	if [ "$island_prevention" = "1" -a "$type" = "eth" ]; then
-		ubus call map.agent toggle_fh '{"enable":true, "prevent_island":true, "ifname":"all"}'
-	fi
-
 }
 
 unset_uplink() {
-	local type=${1:-wifi}
-
-	island_prevention="$(uci -q get mapagent.agent.island_prevention)"
-
-	if [ "$island_prevention" = "1" -a "$type" = "eth" ]; then
-		ubus call map.agent toggle_fh '{"enable":false, "prevent_island":true, "ifname":"all"}'
-	fi
-
-	(
-		flock -x 200
-		json_load "$(cat $MAPFILE)"
-		json_get_var bk_type type
-		json_cleanup
-
-		[ "$type" = "$bk_type" ] && rm -f "$MAPFILE" > /dev/null 2>&1
-	) 200>/var/lock/map.backhaul.lock
+	rm "$MAPFILE" > /dev/null 2>&1
 }
 
 func=$1
 shift
 
 case "$func" in
-	wireless_teardown) wireless_teardown;;
-	setup_network) setup_network;;
-	setup_wireless) setup_wireless;;
-	write_credentials) write_credentials;;
-	sync_credentials) sync_credentials;;
+	wireless_teardown) brcm_wireless_teardown;;
+	setup_network) brcm_setup_network;;
+	setup_wireless) brcm_setup_wireless;;
+	write_credentials) brcm_write_credentials;;
+	sync_credentials) brcm_sync_credentials;;
 	bsta_steer) bsta_steer $@;;
-	set_network) set_network $@;;
+	set_network) brcm_set_network $@;;
 	write_bsta_config) write_bsta_config $@;;
-	teardown_iface) teardown_iface $@;;
-	bsta_to_wireless) bsta_to_wireless $@;;
+	teardown_iface) brcm_teardown_iface $@;;
+	bsta_to_wireless) brcm_bsta_to_wireless $@;;
 	sync_mapcontroller_from_wireless) sync_mapcontroller_from_wireless $@;;
 	ts) ts_sub $@;;
 	bsta_enable_all) bsta_enable_all $@;;
-	bsta_clear_bssid) bsta_clear_bssid $@;;
-	bsta_blacklist_bssid_set) bsta_blacklist_bssid_set $@;;
-	bsta_blacklist_bssid_clear) bsta_blacklist_bssid_clear $@;;
 	bsta_disable_lower_priority) bsta_disable_lower_priority $@;;
 	bsta_scan_on_enabled) bsta_scan_on_enabled $@;;
 	bsta_use_link) bsta_use_link $@;;

map-agent/files/lib/wifi/traffic_separation

@@ -2,528 +2,495 @@
 
 . /lib/functions.sh
 
-AL_BRIDGE=${AL_BRIDGE-"br-lan"}
-PRIMARY_VID=${PRIMARY_VID-1}
-MAP_BH_FILE="/tmp/multiap.backhaul"
-
 ### Traffic Separation ###
 
-ts_dbg() {
+dbg() {
 	logger -t traffic_separation $@
 }
 
 ts_sub() {
+
 	ts_usage() {
 		cat <<EOF
-Usage: $0 [create|reload]
+Usage: $0 [create|delete|populate|primary|reload]
 Traffic Separation related functions.
-create vid - create vlan configuration with vlan_id
-reload     - reload network with new configuration
+create fh <iface> <vid>			- create vlan device and rules for wifi fronthaul
+create bh <iface> <vid> <profile>	- create vlan device and rules for wifi backhaul
+create eth <iface> <vid> <pbits>	- create vlan device and rules for logical ethernet interface
+delete <iface>				- delete vlan device
+populate eth <iface> <vid>		- add secondary network rules for logical ethernet interface
+primary get <iface>			- read primary VID for interface from driver (from Association Response frame IE)
+reload     				- reload network with new configuration
 EOF
 	exit 1
 	}
 
-	_dhcp_cleanup() {
-		vid=$1
-
-		[ -n "$(uci -q get dhcp.guest${vid})" ] && {
-			uci -q delete dhcp.guest${vid}
-			uci commit dhcp
-			/etc/init.d/dnsmasq reload
-		}
+	_get_bridge() {
+		local bridge=$(ip link show $1 | grep -o "master [^\s]*" | cut -d ' ' -f 2)
+		echo $bridge
 	}
 
-	_firewall_cleanup() {
-		vid=$1
+	set_wireless_bridge() {
+		config_load wireless
 
-		guest_teardown() {
-				local section=$1
-				local config=$2
-				local val=$3
-				local option=$4
+		_set_network() {
+			local sec=$1
+			local iface=$2
+			local bridge=$3
 
-				config_get name "$section" "$option"
+			config_get ifname $sec ifname
+			[ "$iface" != "$ifname" ] && continue
 
-				[ "$val" != "$name" ] && continue
+			config_get mode $sec mode
+			config_get multi_ap $sec multi_ap "0"
+			[ "$mode" = "sta" -a "$multi_ap" = "1" ] && continue
 
-				uci delete ${config}.${section}
-				uci commit ${config}
-			}
+			config_get network $sec network
+			local new_network=${bridge##br-}
+			if [ "$new_network" != "$network" ] ; then
+				uci -q set wireless.${sec}.network=${new_network}
+				uci commit wireless
+			fi
 
-			[ -n "$(uci -q get firewall.guest${vid}_dns)" ] && {
-				uci -q delete firewall.guest${vid}_dns
-				uci commit firewall
-			}
-
-			[ -n "$(uci -q get firewall.guest${vid}_dhcp)" ] && {
-				uci -q delete firewall.guest${vid}_dhcp
-				uci commit firewall
-			}
-
-			[ -n "$(uci -q get firewall.guest${vid}_ping)" ] && {
-				uci -q delete firewall.guest${vid}_ping
-				uci commit firewall
-			}
-
-			config_load firewall
-			config_foreach guest_teardown forwarding "firewall" guest${vid} "src" #delete firewall section with name = guest${vid}
-			config_load firewall
-			config_foreach guest_teardown zone "firewall" guest${vid} "name" #delete firewall section with name = guest${vid}
-	}
-
-	_network_cleanup() {
-		vid=$1
-
-		[ -n "$(uci -q get network.vlan${vid})" ] && {
-			uci -q delete network.vlan${vid}
-			uci commit network
+			brctl addif $bridge $iface &> /dev/null
 		}
 
-		[ -n "$(uci -q get network.guest${vid})" ] && {
-			uci -q delete network.guest${vid}
-			uci commit network
-		}
-
-		[ -n "$(uci -q get network.guest${vid}_8021q)" ] && {
-			uci -q delete network.guest${vid}_8021q
-			uci commit network
-		}
-	}
-
-	_guest_cleanup() {
-		vid=$1
-		_dhcp_cleanup $vid
-		_firewall_cleanup $vid
-		_network_cleanup $vid
+		config_foreach _set_network wifi-iface ${1} ${2}
 	}
 
 	ts_create() {
-		_dhcp_setup() {
-			local name=$1
 
-			[ -n "$(uci -q get dhcp.${name})" ] && return
+		_create_vlan_dev() {
+			iface=$1				# real iface
+			vid=$2					# Vlan ID
+			bridge=$3				# bridge iface should be connected
+			vlan_dev=$4
 
-			uci -q set dhcp.${name}=dhcp
-			uci -q set dhcp.${name}.interface="${name}"
-			uci -q set dhcp.${name}.start="100"
-			uci -q set dhcp.${name}.limit="150"
-			uci -q set dhcp.${name}.leasetime="1h"
-			uci -q set dhcp.${name}.dhcpv4="server"
-			uci -q set dhcp.${name}.dhcpv6="server"
-			uci -q set dhcp.${name}.ra="server"
-			uci -q set dhcp.${name}.ra_slaac="1"
-			uci -q add_list dhcp.${name}.ra_flags="managed-config"
-			uci -q add_list dhcp.${name}.ra_flags="other-config"
+			old_bridge="$(_get_bridge $iface)"	# bridge iface is connected to
 
-			uci -q commit dhcp
+			# remove interface from bridge if it is in one
+			[ -n "$old_bridge" ] && brctl delif $old_bridge $iface &> /dev/null
+
+			# (re)create vlan device
+			ip link show $vlan_dev && vlanctl --if-delete $vlan_dev
+			vlanctl --mcast --if-create-name $iface $vlan_dev --if $iface --set-if-mode-rg
+
+			vlanctl --if $iface --tx --tags 0 --default-miss-drop
+			vlanctl --if $iface --tx --tags 1 --default-miss-drop
+			vlanctl --if $iface --tx --tags 2 --default-miss-drop
+			vlanctl --if $iface --rx --tags 0 --default-miss-drop
+			vlanctl --if $iface --rx --tags 1 --default-miss-drop
+			vlanctl --if $iface --rx --tags 2 --default-miss-drop
+
+			# bring the vlan device up and add back to bridge if it was in one
+			brctl addif $bridge $vlan_dev &> /dev/null
 		}
 
+		ts_create_fh() {
+			iface=$1				# fh iface
+			vid=$2					# SSID specific (secondary) or primary vid
+			bridge=$3
 
-		_firewall_setup() {
-			local name=$1
-			local network=$1
-			local vid=$2
-			local exists=0
-			local diff=0
-			local subnet=$(($vid % 256))
-			local ipaddr="192.168.${subnet}.1"
-
-			config_load firewall
-
-			_process_zone() {
-				local section=$1
-				local new_name=$2
-				local val=$3
-				local name
-
-				config_get name $section $val
-
-				[ "$name" == "$new_name" ] && exists=1
+			[ -n "$iface" ] && [ -n "$vid" ] && [ -n "$bridge" ]  || {
+				cat <<EOF
+Adding FH device requires IFACE, VID and bridge
+EOF
+				exit 1
 			}
 
-			config_foreach _process_zone zone $name "name"
-			[ "$exists" == "0" ] && {
+			# create vlan device
+			#set_wireless_bridge $iface $bridge
+
+			vlan_dev=${iface}_vlan${vid}
+			ip link set $vlan_dev down
+			_create_vlan_dev $iface $vid $bridge $vlan_dev
+
+			# add rules
+#			vlanctl --if $iface --rx --tags 0 --filter-ethertype 0x886c --set-rxif $vlan_dev --rule-append		# incoming brcm
+
+			# EAPOL frames
+			vlanctl --if $iface --rx --tags 0 --filter-ethertype 34958 --set-rxif $vlan_dev --rule-append
+			vlanctl --if $iface --rx --tags 1 --filter-ethertype 34958 --pop-tag --set-rxif $vlan_dev --rule-append
+			vlanctl --if $iface --tx --tags 0 --filter-txif $vlan_dev --filter-ethertype 34958 --rule-append
+
+			# 8021q vlan id TAG/UNTAG
+			vlanctl --if $iface --rx --tags 0 --set-rxif $vlan_dev --push-tag --set-vid $vid 0 --rule-append
+			vlanctl --if $iface --tx --tags 1 --filter-txif $vlan_dev --filter-vid $vid 0 --pop-tag --dscp2pbits 0 --rule-append
+
+			ip link set $iface up
+			ip link set $vlan_dev up
+		}
+
+		ts_create_bh() {
+			iface=$1				# bh iface
+			vid=$2					# primary vid
+			profile=$3				# agent profile (1 or 2)
+			bridge=$4				# bridge interface should be connected to
+
+			[ -n "$iface" ] && [ -n "$vid" ] && [ -n "$profile" ] || {
+				cat <<EOF
+Adding BH device requires IFACE, VID and PROFILE (1 or 2).
+EOF
+				exit 1
+			}
+
+			#[ -n "$bridge" ] && set_wireless_bridge $iface $bridge
+
+			old_vid=$(wl -i $1 map_8021q_settings)
+			old_vid=${old_vid##* }
+			old_profile=$(wl -i $1 map_profile | cut -d ' ' -f 3)
+
+			[ "$old_vid" = "$vid" -a "$old_profile" = "$profile" ] && return
+
+			wl vlan_mode 0 &> /dev/null				# make sure this is OFF, else driver won't handle vlan
+			wl -i $iface down &> /dev/null
+			wl -i $iface map_profile $profile &> /dev/null		# only has effect on profile 2
+			wl -i $iface map_8021q_settings $vid &> /dev/null	# can only be set on bBSS (read-only on bSTA)
+			wl -i $iface up &> /dev/null
+		}
+
+		ts_create_lei() {
+			vid=$1					# primary vid
+			pbits=$2				# default pbits to apply
+			vlan_bridge=$3				# name of ts subsystem bridge
+			lan_bridge=$4				# name of node local bridge
+
+			[ -n "$vid" ] && [ -n "$pbits" ] && [ -n "$vlan_bridge" ] && [ -n "$lan_bridge" ] || {
+				cat <<EOF
+Adding ETH device requires IFACE, VID, PBITS and name of vlan and lan bridges.
+EOF
+				exit 1
+			}
+
+			ip link show lei &> /dev/null || {
+				ip link add link lei name lei_lan type vlan id 1 2>/dev/null
+			}
+
+			old_vid=$(ip -d link show lei_lan | sed -n 's/vlan.*id \([0-9][0-9]*\) .*/\1/p')
+
+			[ "$old_vid" != "$vid" ] && {
+				ip link del lei_lan
+				ip link add link lei name lei_lan type vlan id ${vid}
+			}
+
+			brctl addif ${lan_bridge} lei_lan &>/dev/null
+			brctl addif ${vlan_bridge} lei_map &>/dev/null
+
+			ip link set lei up
+			ip link set lei_map up
+			ip link set lei_lan up
+		}
+
+		_create_eth() {
+			iface=$1				# Multi-AP Logical Ethernet Interface
+			vid=$2					# primary vid
+			bridge=$3				# name of ts subsystem bridge
+			pbits=0
+
+			[ -n "$iface" ] && [ -n "$vid" ] && [ -n "$bridge" ] || {
+				cat <<EOF
+Adding ETH device requires IFACE, VID, PBITS and name of vlan and lan bridges.
+EOF
+				exit 1
+			}
+
+			dbg create $@
+
+			ip link set $iface down
+
+			vlan_dev=${iface}_vlan${vid}
+			ip link set $vlan_dev down
+			_create_vlan_dev $iface $vid $bridge $vlan_dev
+
+			vlanctl --if $iface --rx --tags 0 --set-rxif $vlan_dev --push-tag --set-vid $vid 0 --set-pbits $pbits 0 --rule-append
+			vlanctl --if $iface --tx --tags 1 --filter-vid $vid 0 --filter-txif $vlan_dev --pop-tag --rule-append
+
+			[ $# -le 3 ] && exit 0
+			shift 3
+
+			while [ -n "$1" ] ; do
+				vid=$1
+				vlanctl --if $iface --rx --tags 1 --filter-vid $vid 0 --set-rxif $vlan_dev --rule-append
+				vlanctl --if $iface --tx --tags 1 --filter-vid $vid 0 --filter-txif $vlan_dev --rule-append
+				shift
+			done
+
+			ip link set $iface up
+			ip link set $vlan_dev up
+		}
+
+		ts_create_eths() {
+			pvid=$1					# primary vid
+			bridge=$2				# name of ts subsystem bridge
+
+			shift 2
+			# TODO use ieee1905 bridge
+			for iface in $(uci get network.br_lan.ports) ; do
+				[ "$iface" = "lei_lan" ] && continue
+				_create_eth $iface $pvid $bridge $@
+				ubus call ieee1905 del_interface "{\"ifname\":\"$iface\"}"
+			done
+		}
+
+		ts_create_dhcp() {
+			local diff=""
+
+                        _net_setup() {
+				local name=$1
+				local devname=$2
+				local vid=$3
+
+				[ -z "$(uci -q get network.${name})" ] && {
+					uci -q set network.${name}="interface"
+					uci -q set network.${name}.device="$devname"
+					uci -q set network.${name}.is_lan="1"
+					uci -q set network.${name}.proto="static"
+					# TODO vid > 255
+					local ip_addr="192.168.${vid}.1"
+					[ "${vid}" = "1" ] && ip_addr="192.168.${vid}.2"
+					uci -q set network.${name}.ipaddr="${ip_addr}"
+					uci -q set network.${name}.netmask="255.255.255.0"
+
+					diff="1"
+				}
+
+				[ "$diff" = "1" ] && uci -q commit network
+			}
+
+			_br_setup() {
+				local name=$1
+				local sinkname=$2
+				local vid=$3
+
+				[ -z "$(uci -q get network.${name}_dev)" ] && {
+					uci -q set network.${name}_dev="device"
+					uci -q set network.${name}_dev.name="br-${name}"
+					uci -q set network.${name}_dev.type="bridge"
+					uci -q set network.${name}_dev.bridge_empty="1"
+					uci -q add_list network.${name}_dev.ports="${sinkname}"
+
+					diff="1"
+				}
+
+				[ -z "$(uci -q get network.${name})" ] && {
+					uci -q set network.${name}="interface"
+					uci -q set network.${name}.device="br-${name}"
+					uci -q set network.${name}.is_lan="1"
+					uci -q set network.${name}.proto="static"
+					uci -q set network.${name}.ipaddr="192.168.${vid}.1"
+					uci -q set network.${name}.netmask="255.255.255.0"
+
+					diff="1"
+				}
+
+				[ "$diff" = "1" ] && uci -q commit network
+			}
+
+			_dhcp_setup() {
+				local name=$1
+
+				[ -n "$(uci -q get dhcp.${name})" ] && return
+
+				uci -q set dhcp.${name}=dhcp
+				uci -q set dhcp.${name}.interface="${name}"
+				uci -q set dhcp.${name}.start="100"
+				uci -q set dhcp.${name}.limit="150"
+				uci -q set dhcp.${name}.leasetime="1h"
+				uci -q set dhcp.${name}.dhcpv4="server"
+				uci -q set dhcp.${name}.dhcpv6="server"
+				uci -q set dhcp.${name}.ra="server"
+				uci -q set dhcp.${name}.ra_slaac="1"
+				uci -q add_list dhcp.${name}.ra_flags="managed-config"
+				uci -q add_list dhcp.${name}.ra_flags="other-config"
+
+				diff="1"
+				uci -q commit dhcp
+			}
+
+			_firewall_setup() {
+				local name=$1
+				local network=$2
+				local zone_exist=0
+
+				config_load firewall
+
+				_process_zone() {
+					local section=$1
+					local new_name=$2
+					local name
+
+					config_get name $section name
+
+					[ "$name" == "$new_name" ] && zone_exist=1
+				}
+
+				config_foreach _process_zone zone $name
+
+				[ "$zone_exist" != "0" ] && return
+
 				uci -q add firewall zone
 				uci -q set firewall.@zone[-1].name="$name"
 				uci -q add_list firewall.@zone[-1].network="$network"
-				uci -q set firewall.@zone[-1].input='DROP'
+				uci -q set firewall.@zone[-1].input='ACCEPT'
 				uci -q set firewall.@zone[-1].output='ACCEPT'
-				uci -q set firewall.@zone[-1].forward='DROP'
-				diff=1
-			}
+				uci -q set firewall.@zone[-1].forward='ACCEPT'
 
-			exists=0
-			config_foreach _process_zone forwarding $name "src"
-			[ "$exists" == "0" ] && {
 				uci -q add firewall forwarding
 				uci -q set firewall.@forwarding[-1].src="$name"
 				uci -q set firewall.@forwarding[-1].dest="wan"
-				diff=1
+
+				diff="1"
+				uci -q commit firewall
 			}
 
-			[ -z "$(uci -q get firewall.${name}_dns)" ] && {
-				uci set firewall.${name}_dns=rule
-				uci set firewall.${name}_dns.name="Allow-DNS-${name}"
-				uci set firewall.${name}_dns.src="${name}"
-				uci set firewall.${name}_dns.dest_port="53"
-				uci set firewall.${name}_dns.proto="tcp udp"
-				uci set firewall.${name}_dns.target="ACCEPT"
-				diff=1
+			vid=$1					# primary vid
+
+			[ -n "$vid" ] || {
+				cat <<EOF
+VID required to configure DHCP.
+EOF
+				exit 1
 			}
 
-			[ -z "$(uci -q get firewall.${name}_dhcp)" ] && {
-				uci set firewall.${name}_dhcp=rule
-				uci set firewall.${name}_dhcp.name="Allow-DHCP-${name}"
-				uci set firewall.${name}_dhcp.src="${name}"
-				uci set firewall.${name}_dhcp.src_port="68"
-				uci set firewall.${name}_dhcp.dest_port="67"
-				uci set firewall.${name}_dhcp.proto="udp"
-				uci set firewall.${name}_dhcp.family="ipv4"
-				uci set firewall.${name}_dhcp.target="ACCEPT"
-				diff=1
+			ip link show sink${vid} || {
+				ip link add sink${vid} type veth peer name sink${vid}_vlan
+				ip link add link sink${vid} name sink${vid}_peer type vlan id ${vid}
 			}
 
-			[ -z "$(uci -q get firewall.${name}_ping)" ] && {
-				uci set firewall.${name}_ping=rule
-				uci set firewall.${name}_ping.name="Allow-Ping-${name}"
-				uci set firewall.${name}_ping.src="${name}"
-				uci set firewall.${name}_ping.dest_ip="${ipaddr}"
-				uci set firewall.${name}_ping.proto="icmp"
-				uci set firewall.${name}_ping.icmp_type="echo-request"
-				uci set firewall.${name}_ping.family="ipv4"
-				uci set firewall.${name}_ping.target="ACCEPT"
-				diff=1
-			}
+			ip link set sink${vid} up
+			ip link set sink${vid}_peer up
+			ip link set sink${vid}_vlan up
 
-			[ $diff -eq 1 ] && uci -q commit firewall
-		}
-
-		_net_setup() {
-			net_check_for_vlan() {
-				local section=$1
-				local vid=$2
-
-				config_get vlan "$section" vlan
-
-				[ "$vid" = "$vlan" ] && {
-					echo "1"
-					break
-				}
-			}
-
-			net_check_for_network() {
-				local section=$1
-				local vid=$2
-
-				config_get device "$section" device
-
-				[ "${AL_BRIDGE}.$vid" = "$device" ] && {
-					echo "1"
-					break
-				}
-			}
-
-			net_set_primary() {
-				local section=$1
-				local pvid=$2
-
-				config_get device "$section" device
-
-				[ "${AL_BRIDGE}" = "$device" ] && {
-					uci -q set network.${section}.device="${AL_BRIDGE}.${pvid}"
-					uci -q commit network
-					diff="1"
-					break;
-				}
-			}
-			local vid=$1
 			diff=""
+			_net_setup sink${vid} sink${vid}_peer ${vid}
+			_dhcp_setup sink${vid}
+			_firewall_setup lan${vid} sink${vid}
 
-			config_load network
-
-			#[ -x "/usr/sbin/mapcontroller" ] && config_foreach net_set_primary interface $PRIMARY_VID
-
-			exists=$(config_foreach net_check_for_vlan bridge-vlan $vid)
-			[ -z "$exists" ] && {
-				local name="vlan${vid}"
-				local br_dev="${AL_BRIDGE/-/_}"
-				local tag=":t"
-				local self_flags="untagged"
-
-				uci -q set network.${name}="bridge-vlan"
-				uci -q set network.${name}.name="${name}"
-				uci -q set network.${name}.device="$AL_BRIDGE"
-				uci -q set network.${name}.vlan="$vid"
-
-				[ "${vid}" = "${PRIMARY_VID}" ] && {
-#					self_flags="untagged pvid"
-					uci -q set network.${name}.flags="untagged pvid"
-					tag=":*"
-				}
-
-#				uci -q set network.${name}.flags="${self_flags}"
-				uci -q set network.${name}.local='1'
-
-				for port in $(uci -q get network.${br_dev}.ports) ; do
-					uci -q get network.${name}.ports | grep -q "${port}${tag}" && continue
-					uci -q add_list network.${name}.ports="${port}${tag}"
-				done
-
-				uci -q commit network
-				diff="1"
+			[ "$diff" = "1" ] && {
+				ubus call network reload
+				ubus -t 5 wait_for network.interface.sink${vid}
 			}
 
-			exists=$(config_foreach net_check_for_network interface $vid)
-			[ -z "$exists" -a "$PRIMARY_VID" != "$vid" -a -x "/usr/sbin/mapcontroller" ] && {
-				net_get_albridge_ip() {
-					local section=$1
-
-					config_get device "$section" device
-
-					[ "${AL_BRIDGE}" = "$device" -o "${AL_BRIDGE}.${PRIMARY_VID}" = "$device" ] && {
-						ipaddr="$(uci -q get network.${section}.ipaddr)"
-						netmask="$(uci -q get network.${section}.netmask)"
-						break;
-					}
-				}
-				local name="guest${vid}"
-				local br_dev="${AL_BRIDGE/-/_}"
-				local tag=":t"
-				local self_flags="untagged"
-				local subnet=$(($vid % 256))
-				netmask="255.255.255.0"
-				ipaddr="192.168.1.1"
-
-				config_load network
-
-				config_foreach net_get_albridge_ip interface $PRIMARY_VID
-
-				# replace third octet of the ip with $subnet
-				ipaddr=$(echo $ipaddr | sed "s/\(\([0-9]\{1,3\}\.\)\{2\}\)[0-9]\{1,3\}/\1${subnet}/")
-
-				uci -q set network.${name}="interface"
-				uci -q set network.${name}.device="${AL_BRIDGE}.$vid"
-				uci -q set network.${name}.ipaddr="$ipaddr"
-				uci -q set network.${name}.netmask="$netmask"
-				uci -q set network.${name}.proto="static"
-
-				uci -q commit network
-				diff="1"
-			}
-
-			[ -z "$(uci -q get network.guest${vid}_8021q)" -a $PRIMARY_VID != $vid ] && {
-				uci -q set network.guest${vid}_8021q="device"
-				uci -q set network.guest${vid}_8021q.ifname="${AL_BRIDGE}"
-				uci -q set network.guest${vid}_8021q.name="${AL_BRIDGE}.$vid"
-				uci -q set network.guest${vid}_8021q.type="8021q"
-				uci -q set network.guest${vid}_8021q.vid="$vid"
-				uci -q set network.guest${vid}_8021q.native="1"
-			}
+			brctl addif br-map sink${vid}_vlan &> /dev/null
 		}
 
-		vid=$1
+	local type=$1
+	shift
 
-		[ -n "$vid" ] || {
+	case "$type" in
+		fh) ts_create_fh $@;;
+		bh) ts_create_bh $@;;
+		lei) ts_create_lei $@;;
+		eths) ts_create_eths $@;;
+		dhcp) ts_create_dhcp $@;;
+		--help|help) ts_usage;;
+		*) ts_usage; exit 1;;
+	esac
+	}
+
+	ts_delete() {
+		iface=$1
+
+		path=$(ls -d /sys/class/net/${iface}/upper_*)
+		[ -z "$path" ] && exit 0
+
+		vlan_dev=${path##*upper_}
+		bridge="$(_get_bridge $vlan_dev)"
+
+		[ -n "$bridge" ] && {
+			vlanctl --if-delete $vlan_dev		# note: also removes rules and removes from bridge
+			brctl addif $bridge $iface &> /dev/null # needed to add again
+                }
+
+	}
+
+	ts_populate() {
+		local type=$1
+		shift
+
+		[ "$type" == "eth" ] || {
 			cat <<EOF
-VID required to configure.
+Populating ETH rules requires IFACE and VID.
 EOF
 			exit 1
 		}
 
-                logger -t vlan "setup ts vid $vid"
-                _net_setup ${vid}
+		iface=$1				# Multi-AP Logical Ethernet Interface
+		vid=$2					# secondary vid
 
-		[ -x "/usr/sbin/mapcontroller" -a "$PRIMARY_VID" != "$vid" ] && {
-			_dhcp_setup guest${vid}
-			_firewall_setup guest${vid} $vid
-		}
+		path=$(ls -d /sys/class/net/${iface}/upper_*)
+		[ -z "$path" ] && exit 1
+		vlan_dev=${path##*upper_}
 
-                # Disable pktfwd here and flush FlowCache rules
-                echo 0 > /proc/pktfwd_dhd/enable
-                echo 0 > /proc/pktfwd_wl/enable
-                fcctl flush
+		# add rules
+		#vlanctl --if $iface --rx --tags 1 --filter-vid $vid 0 --set-rxif $vlan_dev --rule-append		# note: retain secondary vids
+		#vlanctl --if $iface --tx --tags 1 --filter-vid $vid 0 --filter-txif $vlan_dev --rule-append		# note: already default
+	}
+
+	ts_primary() {
+		local func=$1
+		shift
+
+		case "$func" in
+			get) vid=$(wl -i $1 map_8021q_settings); echo ${vid##* };;
+			*) ts_usage; exit 1;;
+		esac
+	}
+
+	ts_unicast() {
+		local mac=$1
+		local iface=$2
+
+		# TODO: improve?
+		res=$(ebtables -t broute -L | grep -i "$mac" | grep "$iface")
+		[ -n "$res" ] && return
+
+		ebtables -t broute -D BROUTING -d "$mac" -p 0x893a -j DROP
+		ebtables -t broute -I BROUTING -i "$iface" -d "$mac" -p 0x893a -j DROP
+	}
+
+	ts_multicast() {
+		local iface=$1
+
+		# TODO: improve?
+		res=$(ebtables -t broute -L | grep -i "1:80:C2:00:00:13" | grep "$iface")
+		[ -n "$res" ] && return
+
+		ebtables -t broute -D BROUTING -d 01:80:C2:00:00:13 -p 0x893a -j DROP
+		ebtables -t broute -D BROUTING -i "$iface" -d 01:80:C2:00:00:13 -p 0x893a -j DROP
+		ebtables -t broute -I BROUTING -i "$iface" -d 01:80:C2:00:00:13 -p 0x893a -j DROP
 	}
 
 	ts_reload() {
-		# TODO check it again
 		local dhcp_reload=$1
-		restart=""
 
-		bridge_verify_vid_mapping() {
-			local section=$1
+		# workaround for missing backhaul wifi.ap.* ubus obj's:
+		# iterate in config and setup bh
+		config_load wireless
 
-			check_port_vid() {
-				local port="$1"
-				local vlan="$2"
+		_setup_bh_iface() {
+			local sec=$1
+			local iface=$2
+			local bridge=$3
 
-				added=$(bridge vlan show dev $port | grep -w "$vlan")
-				if [ "$added" = "" ]; then
-					restart="1"
-					break
-				fi
+			config_get ifname $sec ifname
+
+			config_get mode $sec mode
+			config_get multi_ap $sec multi_ap "0"
+			[ "$mode" = "ap" -a "$multi_ap" = "1" ] && {
+				ts_create bh $ifname 1 2 br-map
 			}
-
-			config_get vlan "$section" vlan "0"
-
-			[ "$vlan" = "0" ] && continue
-
-			config_list_foreach "$section" "ports" check_port_vid "$vlan"
-			[ "$restart" = "1" ] && break
 		}
 
-
-
-		config_load network
-		config_foreach bridge_verify_vid_mapping bridge-vlan
-
+		config_foreach _setup_bh_iface wifi-iface
 
 		[ -n "dhcp_reload" ] && /etc/init.d/dnsmasq reload
-		if [ "$restart" = "1" ]; then
-			ts_dbg "trigger network restart"
-			/etc/init.d/network restart
-		else
-			ubus call uci commit '{"config":"network"}'
-		fi
-		/etc/init.d/firewall reload
 
-		#for sink in $(ubus list network.interface.sink*) ; do
-		#	local sink_vlan=${sink/network.interface./}_vlan
-		#done
-	}
-
-	# maintain VIDs passed as args in network config, remove rest
-	ts_keep() {
-		local al_bridge=$(uci -q get mapagent.agent.al_bridge)
-		restart=""
-
-		[ "$al_bridge" = "" ] && al_bridge="br-lan"
-
-		bridge_vlan_teardown() {
-			local section=$1
-			shift
-			local bridge=$1
-			shift
-			local keep="$@"
-
-			config_get device "$section" device
-
-			[ "$bridge" != "$device" ] && continue
-
-			config_get vlan "$section" vlan
-
-			for i in $@; do
-				if [ "$i" -eq "$vlan" ] ; then
-					return
-				fi
-			done
-
-			restart="1"
-			_guest_cleanup $vlan
-		}
-
-		config_load network
-		config_foreach bridge_vlan_teardown bridge-vlan $al_bridge $@
-
-		if [ "$restart" = "1" ]; then
-			uci commit network
-			ts_dbg "trigger network restart"
-			/etc/init.d/network restart
-		fi
-	}
-
-	ts_cleanup() {
-		guest_teardown() {
-			local section=$1
-			local config=$2
-			local val=$3
-			local option=$4
-
-			config_get name "$section" "$option"
-
-			[ "$val" != "$name" ] && continue
-
-			uci delete ${config}.${section}
-			uci commit ${config}
-			restart="1"
-		}
-		local vid=$1
-		restart=""
-
-		_guest_cleanup $vid
-
-		# enable pktfwd again and flush FlowCache rules
-		echo 1 > /proc/pktfwd_dhd/enable
-		echo 1 > /proc/pktfwd_wl/enable
-		echo 0 > /proc/pktfwd_dhd/enable
-		echo 0 > /proc/pktfwd_wl/enable
-		echo 1 > /proc/pktfwd_dhd/enable
-		echo 1 > /proc/pktfwd_wl/enable
-		fcctl flush
-	}
-
-	ts_isolate() {
-		ts_isolate_radio() {
-			local section=$1
-			local action=$2
-			local band=$3
-			local vid=$4
-			local ifname=$5
-
-			config_get apband "$section" band
-			[ "$band" = "$apband" ] && continue
-
-			config_get apvid "$section" vid
-			[ "$vid" != "$apvid" ] && continue
-
-			config_get apifname "$section" ifname
-			[ "$ifname" = "$apifname" ] && continue # this should never happen
-
-			ebtables -D FORWARD -i $ifname --o $apifname -j DROP > /dev/null 2>&1
-
-			[ "$action" != "add" ] && continue
-
-			ebtables -A FORWARD -i $ifname --o $apifname -j DROP > /dev/null 2>&1
-		}
-		local action=$1
-		shift
-		local pvid=$1 # pvid
-		shift
-		local vid=$1 # vid
-		shift
-		local band=$1 # band
-		shift
-		local ifname=$1 # guest fbss name
-		shift
-		local ifprefix=$1 # 4addr mode ifname prefix
-		local br_dev="${AL_BRIDGE/-/_}"
-
-		[ -z "$pvid" -o -z "$ifprefix" -o -z "$ifname" ] && return
-
-		config_load mapagent
-		config_foreach ts_isolate_radio ap $action $band $vid $ifname
-
-		# must not drop traffic to upstream
-		json_load "$(cat $MAP_BH_FILE)"
-		json_get_var bk_ifname ifname
-		json_cleanup
-
-		for prefix in $@; do
-			ebtables -D FORWARD -i $ifname --o ${prefix}+ -j DROP > /dev/null 2>&1
-			ebtables -D FORWARD -i ${prefix}+ --o $ifname -j DROP > /dev/null 2>&1
-
-			# isolate eth interfaces
-			for port in $(uci -q get network.${br_dev}.ports) ; do
-					ebtables -D FORWARD -i $ifname --o $port -j DROP > /dev/null 2>&1
-					ebtables -D FORWARD -i $port --o $ifname -j DROP  > /dev/null 2>&1
-
-					[ "$action" != "add" -o "$port" = "$bk_ifname" ] && continue
-					ebtables -A FORWARD -i $ifname --o $port -j DROP > /dev/null 2>&1
-					ebtables -A FORWARD -i $port --o $ifname -j DROP > /dev/null 2>&1
-			done
-
-			[ "$action" != "add" ] && continue
-			ebtables -A FORWARD -i $ifname --o ${prefix}+ -j DROP > /dev/null 2>&1
-			ebtables -A FORWARD -i ${prefix}+ --o $ifname -j DROP > /dev/null 2>&1
+		# another workaround for netif? removed
+		# sink devices for br-map bridge
+		for sink in $(ubus list network.interface.sink*) ; do
+			local sink_vlan=${sink/network.interface./}_vlan
+			brctl addif br-map $sink_vlan &> /dev/null
 		done
 	}
 
@@ -531,11 +498,13 @@ EOF
 	shift
 
 	case "$func" in
-		create) ts_dbg "create $@"; ts_create $@;;
-		keep) ts_dbg "keep $@"; ts_keep $@;;
-		reload) ts_dbg "reload $@"; ts_reload $@;;
-		cleanup) ts_dbg "cleanup $@"; ts_cleanup $@;;
-		isolate) ts_dbg "isolate $@"; ts_isolate $@;;
+		create) dbg "create $@"; ts_create $@;;
+		delete) dbg "delete $@"; ts_delete $@;;
+		populate) dbg "populate $@"; ts_populate $@;;
+		primary) dbg "primary $@"; ts_primary $@;;
+		unicast) dbg "unicast $@"; ts_unicast $@;;
+		multicast) dbg "multicast $@"; ts_multicast $@;;
+		reload) dbg "reload $@"; ts_reload $@;;
 		--help|help) ts_usage;;
 		*) ts_usage; exit 1;;
 	esac

map-controller/Config.in

@@ -6,21 +6,5 @@ config CONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG
 	bool "Support Dynamic Controller configuration sync"
 	default y if MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG
 
-config CONTROLLER_EASYMESH_VENDOR_EXT
-	bool "Enable extra features through Easymesh vendor extension"
-	default y
-
-config CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	string
-	default "\\\\x11\\\\x22\\\\x33"
-
-config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
-	string "Vendor OUI in '\\\\xAB\\\\xCD\\\\xEF' format"
-	default CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	help
-	Extra features not covered by the base Easymesh specification can be
-	enabled through CONTROLLER_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
-	through which such features would be exposed.
-
 endmenu
 endif

map-controller/Makefile

@@ -1,13 +1,16 @@
 #
-# Copyright (C) 2020-22 IOPSYS Software Solutions AB
+# Copyright (C) 2020 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=2.8.0.25
+PKG_VERSION:=6.0.5
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=209ffb0bb4932e29e3d4d05f515b71985491abce
+PKG_SOURCE_VERSION:=3562b7f774e6dffda2e58ad2acb382fc439273fb
+
+PKG_LICENSE:=PROPRIETARY IOPSYS
+PKG_LICENSE_FILES:=LICENSE
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
@@ -17,9 +20,6 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
 
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=LICENSE
-
 include $(INCLUDE_DIR)/package.mk
 
 define Package/map-controller
@@ -48,18 +48,11 @@ ifeq ($(CONFIG_CONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG),y)
 TARGET_CFLAGS += -DCONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG
 endif
 
-ifeq ($(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT),y)
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=\\\"$(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT_OUI)\\\"
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
-endif
-
 define Package/map-controller/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mapcontroller $(1)/usr/sbin/
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/src/plugins/steer/rcpi/rcpi.so $(1)/usr/lib/mapcontroller/rcpi.so
 endef
 
 ifeq ($(LOCAL_DEV),1)

map-controller/files/etc/config/mapcontroller

@@ -1,144 +1,67 @@
 config controller 'controller'
 	option enabled '1'
-	option registrar '2 5'
-	option debug '0'
+	option registrar '5 2'	    #bands on which wps registrar supported
+	option debug '6'
 	option enable_sta_steer '0'
 	option enable_bsta_steer '0'
-	option use_bcn_metrics '0'
-	option use_usta_metrics '0'
 	option primary_vid '1'
 	option primary_pcp '0'
-	option enable_ts '0'
-	option allow_bgdfs '0'
-	option channel_plan '0'
 
-config ap
-	option band '2'
-	option encryption 'sae-mixed'
-	option vid '1'
-	option ssid 'IOWRT-2.4GHz'
-	option encryption 'sae-mixed'
-	option key '1234567890'
+config interface 'lan'
+	option 'dhcp'
 
 config ap
 	option band '5'
+	option encryption 'sae-mixed'
+	option key '1234567890'
+	option ssid 'map-net5'
+	option vid '1'
 	option type 'fronthaul'
-	option vid '1'
-	option ssid 'IOWRT-5GHz'
-	option encryption 'sae-mixed'
-	option key '1234567890'
+	option network 'lan'
 
 config ap
 	option band '2'
-	option type 'backhaul'
+	option encryption 'sae-mixed'
+	option key '1234567890'
+	option ssid 'map-net2'
 	option vid '1'
-	list disallow_bsta '0'
-	option ssid 'MAP-BH-2.4GHz'
-	option encryption 'sae'
-	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
+	option type 'fronthaul'
+	option network 'lan'
 
 config ap
 	option band '5'
-	option type 'backhaul'
-	option vid '1'
-	list disallow_bsta '0'
-	option ssid 'MAP-BH-5GHz'
 	option encryption 'sae'
-	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
+	option key '5555555555'
+	option ssid 'map-bkhaul-5'
+	option type 'backhaul'
+	option disallow_bsta '1'		# bitmap, 1 for disallow p1, 2 to disallow p2, 3 to disallow both (probably never applicable)
+	option vid '1'
+	option network 'lan'
 
-# node and radio sections (per node) are auto
-# generated per Multi-AP Agent in the network
-#
-#config node 'node_0a1b2c3d4e50'
-#	option agent_id '0a:1b:2c:3d:4e:50'
-# following values use default values after onboarding if not explicitly set
-#	option backhaul_ul_macaddr '00:00:00:00:00:00'
-#	option backhaul_dl_macaddr '00:00:00:00:00:00'
-#	option backhaul_type 'none'
-#	option primary_vid '1'
-#	option primary_pcp '0'
-#	option report_sta_assocfails '0'
-#	option report_sta_assocfails_rate '0'
-#	option report_metric_periodic '0'
-#	option report_scan '0'
-#	option steer_exclude '0'
-#	option steer_exclude_btm '0'
-#	option steer_disallow '0'
-#	option coordinated_cac '0'
-#	option traffic_separation '0'
-#	option sta_steer '0'
+config ap
+	option band '2'
+	option encryption 'sae'
+	option key '2222222222'
+	option ssid 'map-bkhaul-2'
+	list disallow_bsta '0'                # 0 or 1 profile-1 bSTA
+	option vid '1'
+	option type 'backhaul'
+	option network 'lan'
 
-#config radio 'radio_0a1b2c3d4e53'
-#	option agent_id '0a:1b:2c:3d:4e:50'
-#	option macaddr '0a:1b:2c:3d:4e:53'
-#	option band '2'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '70'
-#	option report_rcpi_threshold '80'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-#config radio 'radio_0a1b2c3d4e54'
-#	option agent_id '0a:1b:2c:3d:4e:50'
-#	option macaddr '0a:1b:2c:3d:4e:54'
-#	option band '5'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '86'
-#	option report_rcpi_threshold '96'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-#config node 'node_3fb1c2d3e460'
-#	option agent_id '3f:b1:c2:d3:e4:60'
-# following values use default values after onboarding if not explicitly set
-#	option backhaul_ul_macaddr '00:00:00:00:00:00'
-#	option backhaul_dl_macaddr '00:00:00:00:00:00'
-#	option backhaul_type 'none'
-#	option primary_vid '1'
-#	option primary_pcp '0'
-#	option report_sta_assocfails '0'
-#	option report_sta_assocfails_rate '0'
-#	option report_metric_periodic '0'
-#	option report_scan '0'
-#	option steer_exclude '0'
-#	option steer_exclude_btm '0'
-#	option steer_disallow '0'
-#	option coordinated_cac '0'
-#	option traffic_separation '0'
-#	option sta_steer '0'
-
-#config radio 'radio_3fb1c2d3e463'
-#	option agent_id '3f:b1:c2:d3:e4:60'
-#	option macaddr '3f:b1:c2:d3:e4:63'
-#	option band '2'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '70'
-#	option report_rcpi_threshold '80'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-#config radio 'radio_3fb1c2d3e464'
-#	option agent_id '3f:b1:c2:d3:e4:60'
-#	option macaddr '3f:b1:c2:d3:e4:64'
-#	option band '5'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '86'
-#	option report_rcpi_threshold '96'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
+config policy 'policy'
+	list steer_exclude '00:11:22:33:44:55'
+	list steer_exclude_btm '00:aa:bb:cc:dd:ee'
+	option steer_policy '2'                    # 0, 1, 2 - see MultiAP spec
+	option util_threshold '200'                # channel-util as in BSS load
+	option rcpi_threshold '30'                 # 0 - 220 valid range
+	option report_scan '0'                     # 0 or 1 for independent scans
+	option report_sta_assocfails '1'           # 0 or 1 - stas assoc failure
+	option report_sta_assocfails_rate '2'      # reporting rate for STA assoc fails (attempts per minute)
+	option report_metric_periodic '0'          # 0, or 1 - 255 in secs
+	option report_rcpi_threshold '0'           # 0, or 1 - 220
+	option report_util_threshold '0'           # 0, or  channel-util value
+	option rcpi_hysteresis_margin '0'          # 0, or > 0 - hysteresis margin
+	option include_sta_stats '0'               # sta stats in AP metric resp
+	option include_sta_metric '0'              # sta metric in AP metric resp
+	option disallow_bsta_p1 '0'                # 0 or 1 profile-1 bSTA
+	option disallow_bsta_p2 '0'                # 0 or 1 profile-2 bSTA

map-controller/files/etc/init.d/mapcontroller

@@ -23,14 +23,7 @@ validate_controller_section() {
 		'enable_sta_steer:bool:false' \
 		'enable_bsta_steer:bool:false' \
 		'use_bcn_metrics:bool:false' \
-		'use_usta_metrics:bool:false' \
-		'allow_bgdfs:range(0,2629744)' \
-		'channel_plan:range(0,2629744)' \
-		'enable_ts:bool:false' \
-		'rcpi_threshold_2g:range(0,220)' \
-		'rcpi_threshold_5g:range(0,220)' \
-		'report_rcpi_threshold_2g:range(0,220)' \
-		'report_rcpi_threshold_5g:range(0,220)'
+		'use_usta_metrics:bool:false'
 
 	[ "$?" -ne 0 ] && {
 		logger -s -t "mapcontroller" "Validation of controller section failed"
@@ -47,10 +40,7 @@ validate_ap_section() {
 			'band:or("2", "5")' \
 			'ssid:string' \
 			'encryption:or("sae", "sae+aes", "psk2",
-				"psk2+aes", "sae-mixed", "sae-mixed+aes",
-				"none", "psk-mixed", "psk-mixed+aes",
-				"wpa", "wpa+aes", "wpa2", "wpa2+aes",
-				"psk", "psk+aes")' \
+				"psk2+aes", "sae-mixed", "sae-mixed+aes")' \
 			'key:string' \
 			'vid:range(1,65535):1' \
 			'type:or("backhaul", "fronthaul", "combined")' \

map-topology/Config.in

@@ -1,26 +0,0 @@
-if (PACKAGE_map-topology)
-
-menu "Configurations"
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT
-	bool "Enable extra features through Easymesh vendor extension"
-	default y
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	string
-	default "\\\\x11\\\\x22\\\\x33"
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI
-	string "Vendor OUI in '\\\\xAB\\\\xCD\\\\xEF' format"
-	default TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	help
-	Extra features not covered by the base Easymesh specification can be
-	enabled through TOPOLOGYD_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
-	through which such features would be exposed.
-
-config TOPOLOGYD_ACTIVE_CONN_LIBCONNTRACK
-	bool "Support active connection fetch using netlink"
-	default n
-
-endmenu
-endif

map-topology/Makefile

@@ -1,44 +1,37 @@
 #
-# Copyright (C) 2020-22 IOPSYS Software Solutions AB
+# Copyright (C) 2020 iopsys
 #
 
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=map-topology
-PKG_VERSION:=2.5.0.18
+PKG_VERSION:=3.2.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_VERSION:=be7e37f2c85f3142af827a0279d2eec7088d796a
+PKG_SOURCE_VERSION:=ddf78cca217ebfa83733a532bdd2d17b6c3af54e
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/map-topology.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
+
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_BUILD_DEPENDS:=ieee1905
-
-PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE:=PROPRIETARY IOPSYS
 PKG_LICENSE_FILES:=LICENSE
-
 include $(INCLUDE_DIR)/package.mk
 
 define Package/map-topology
 	CATEGORY:=Utilities
 	DEPENDS:=+libubox +ubus +libpthread +libuci +libeasy \
-		 +libavahi-nodbus-support +libnetfilter-conntrack +libnfnetlink +libmnl
+		+libieee1905 +map-plugin +libavahi-nodbus-support
 	TITLE:=Utility to build topology of a multi-AP network
 endef
 
-define Package/map-topology/config
-	source "$(SOURCE)/Config.in"
-endef
-
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
 	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-I$(STAGING_DIR)/usr/include/libnetfilter_conntrack \
 	-D_GNU_SOURCE
 
 define Package/map-topology/description
@@ -47,15 +40,6 @@ endef
 
 MAKE_PATH:=src
 
-ifeq ($(CONFIG_TOPOLOGYD_ACTIVE_CONN_LIBCONNTRACK),y)
-TARGET_CFLAGS += -DACTIVE_CONN_LIBCONNTRACK
-endif
-
-ifeq ($(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT),y)
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=\\\"$(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI)\\\"
-endif
-
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
         $(CP) -rf ~/git/map-topology/* $(PKG_BUILD_DIR)/

map-topology/files/etc/config/hosts

@@ -2,4 +2,3 @@
 config global 'global'
 	option ageing_timer '1440'
 	option reboot_persistent '0'
-	option ifname 'br-lan'

map-topology/files/etc/init.d/topologyd

@@ -24,8 +24,7 @@ validate_topology_config() {
 validate_global_section() {
 	uci_validate_section hosts global "global" \
 		'ageing_timer:uinteger' \
-		'reboot_persistent:bool' \
-		'ifname:string'
+		'reboot_persistent:bool'
 
 	[ "$?" -ne 0 ] && {
 		logger -s -t "hosts" "Validation of global section failed"
@@ -72,9 +71,6 @@ start_service() {
 	config_load "hosts"
 	validate_hosts_config || return 1;
 
-	if [ -f "/proc/sys/net/netfilter/nf_conntrack_timestamp" ]; then
-		echo 1 >/proc/sys/net/netfilter/nf_conntrack_timestamp
-	fi
 	procd_open_instance
         procd_set_param command "/usr/sbin/topologyd"
 	procd_set_param respawn

mosquitto-auth-shadow/Makefile

@@ -1,45 +0,0 @@
-#
-# Copyright (c) 2022 Genexis B.V.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Eclipse Public License 2.0 which is available at
-# https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Erik Karlsson - initial implementation
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=mosquitto-auth-shadow
-PKG_VERSION:=1.0.0
-
-PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
-PKG_LICENSE:=EPL-2.0
-
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/mosquitto-auth-shadow
-  SECTION:=net
-  CATEGORY:=Network
-  TITLE:=mosquitto - /etc/shadow authentication plugin
-  DEPENDS:=mosquitto
-  USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
-endef
-
-define Package/mosquitto-auth-shadow/description
-  Plugin for the mosquitto MQTT message broker that authenticates
-  users using /etc/shadow
-endef
-
-define Package/mosquitto-auth-shadow/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,mosquitto-auth-shadow))

mosquitto-auth-shadow/files/etc/uci-defaults/14_set-shadow-permissions

@@ -1 +0,0 @@
-chown root:shadow /etc/shadow && chmod 0640 /etc/shadow

mosquitto-auth-shadow/src/Makefile

@@ -1,25 +0,0 @@
-#
-# Copyright (c) 2022 Genexis B.V.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Eclipse Public License 2.0 which is available at
-# https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Erik Karlsson - initial implementation
-#
-
-TARGETS = mosquitto_auth_shadow.so
-
-all: $(TARGETS)
-
-%.pic.o: %.c
-	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
-
-mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
-	$(CC) $(LDFLAGS) -shared -o $@ $^
-
-clean:
-	rm -f *.o $(TARGETS)

mosquitto-auth-shadow/src/mosquitto_auth_shadow.c

@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2022 Genexis B.V.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- *   Erik Karlsson - initial implementation
- */
-
-#include <string.h>
-#include <shadow.h>
-#include <crypt.h>
-#include <mosquitto.h>
-#include <mosquitto_broker.h>
-#include <mosquitto_plugin.h>
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
-}
-
-int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
-{
-	return 5;
-}
-
-int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
-{
-	*user_data = identifier;
-
-	return mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-					   basic_auth_callback, NULL, NULL);
-}
-
-int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
-{
-	mosquitto_plugin_id_t *identifier = user_data;
-
-	return mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
-					     basic_auth_callback, NULL);
-}

mqtt-ciotc/Makefile

@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2020 IOPSYS
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=mqtt-ciotc
+PKG_VERSION:=0.1
+
+PKG_SOURCE_VERSION:=00da3fb1f1691d836037dc4d93e38d0835ba46a4
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/wifilife-testbed.git
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_LICENSE:=Apache-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/mqtt-ciotc
+	CATEGORY:=Utilities
+	DEPENDS:=+libjwt +lib-paho-mqtt +libopenssl +libubox +ubus +libblobmsg-json
+	TITLE:=mqtt google iot clinet
+endef
+
+define Package/mqtt-ciotc/description
+	mqtt google iot client
+endef
+
+define Package/mqtt-ciotc/install
+	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mqtt_ciotc $(1)/sbin/
+endef
+
+$(eval $(call BuildPackage,mqtt-ciotc))

mqtt-ciotc/files/etc/config/mqtt_ciotc

@@ -0,0 +1,3 @@
+config certs 'certs'
+	option private '/etc/mqtt-ciotc/rsa_private.pem'
+	option root '/etc/mqtt-ciotc/roots.pem'

mqtt-ciotc/files/etc/init.d/mqtt_ciotc

@@ -0,0 +1,35 @@
+#!/bin/sh /etc/rc.common
+
+START=96
+STOP=10
+PROG=/sbin/mqtt_ciotc
+
+USE_PROCD=1
+
+start_service() {
+	procd_open_instance
+	procd_set_param command ${PROG}
+	config_load mqtt_ciotc
+	config_get private certs private
+	config_get root certs root
+
+	[ -n $private ] && procd_append_param command --private-cert $private
+	[ -n $root ] && procd_append_param command --root-cert $root
+	procd_set_param respawn
+	procd_close_instance
+}
+
+stop_service()
+{
+	service_stop ${PROG}
+}
+
+reload_service() {
+#	procd_send_signal wifilife # use SIGHUP
+	stop
+	start
+}
+
+service_triggers() {
+        procd_add_reload_trigger "mqtt_ciotc"
+}

netmode/files/etc/init.d/netmode

@@ -34,13 +34,12 @@ start_service() {
 	[ -n "$mode" ] || return
 
 	# Get the last saved mode
-	lastmode="$(cat $MODEDIR/.last_mode 2>/dev/null)"
+	lastmode="$(cat /etc/netmodes/.last_mode 2>/dev/null)"
 	# Return if desired mode is same as last saved mode
 	[ "$mode" == "$lastmode" ] && return
 
 	# Save mode as last mode
-	[ -d $MODEDIR ] || mkdir -p $MODEDIR
-	echo "$mode" > $MODEDIR/.last_mode
+	echo "$mode" > /etc/netmodes/.last_mode
 
 	logger -s -p user.info -t "netmode" "Switching to $mode Mode" >/dev/console
 

obuspa/Config.in

@@ -2,28 +2,16 @@ if PACKAGE_obuspa
 
 menu "Configuration"
 
-config OBUSPA_DB_PATH
-	string "Configure path for usp.db file"
-	default "/tmp/"
-
-config OBUSPA_MTP_ENABLE_MQTT
-	bool "Enable MQTT as mtp protocol"
-	default y
-
-config OBUSPA_MTP_ENABLE_WEBSOCKETS
-	bool "Enable WebSockets as mtp protocol"
-	default y
-
 config OBUSPA_MTP_ENABLE_STOMP
 	bool "Enable STOMP as mtp protocol"
 	default y
 
+config OBUSPA_MTP_ENABLE_MQTT
+	bool "Enable MQTT as mtp protocol"
+	default y
+
 config OBUSPA_MTP_ENABLE_COAP
 	bool "Enable CoAP as mtp protocol"
-	default n
-
-config OBUSPA_CONTROLLER_MTP_VERIFY
-	bool "Enable verification of MQTT response topic before processing the message"
-	default n
+	default y
 endmenu
 endif

obuspa/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=5.0.0.16.7
+PKG_VERSION:=4.1.0.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6477337ec0d5dd6fa5586b42ba6423a892643106
+PKG_SOURCE_VERSION:=af3d4663d66942e3b0e3253375c5620629769aa5
 PKG_SOURCE_URL:=https://dev.iopsys.eu/fork/obuspa.git
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
@@ -31,7 +31,7 @@ define Package/obuspa
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=USP agent
-  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl
+  DEPENDS:=+libopenssl +libcurl +libsqlite3 +libubox +libubus +uspd +libmosquitto
 endef
 
 define Package/obuspa/description
@@ -43,18 +43,8 @@ define Package/obuspa/config
 endef
 
 TARGET_CFLAGS += \
-	-D_GNU_SOURCE \
-	-Wall \
-	-Werror
-
-ifneq ($(CONFIG_OBUSPA_CONTROLLER_MTP_VERIFY),)
-  TARGET_CFLAGS += -DOBUSPA_CONTROLLER_MTP_VERIFY
-endif
-
-ifneq ($(CONFIG_OBUSPA_DB_PATH),)
-  CONFIGURE_ARGS += \
-	--localstatedir="$(CONFIG_OBUSPA_DB_PATH)"
-endif
+	-I$(STAGING_DIR)/usr/include \
+	-D_GNU_SOURCE
 
 ifeq ($(CONFIG_OBUSPA_MTP_ENABLE_STOMP),y)
   CONFIGURE_ARGS += \
@@ -80,18 +70,9 @@ else
 	--disable-coap
 endif
 
-ifeq ($(CONFIG_OBUSPA_MTP_ENABLE_WEBSOCKETS),y)
-  CONFIGURE_ARGS += \
-	--enable-websockets
-else
-  CONFIGURE_ARGS += \
-	--disable-websockets
-endif
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
         $(CP) -rf ~/git/obuspa/* $(PKG_BUILD_DIR)/
-        $(Build/Patch)
 endef
 endif
 
@@ -100,14 +81,11 @@ define Package/obuspa/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/obuspa
-	$(INSTALL_DIR) $(1)/etc/bbfdm/json
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/obuspa $(1)/usr/sbin/
 	$(INSTALL_BIN) ./files/etc/init.d/obuspa $(1)/etc/init.d/
 	$(INSTALL_DATA) ./files/etc/config/obuspa $(1)/etc/config/
 	$(INSTALL_DATA) ./files/etc/obuspa/roles.json $(1)/etc/obuspa/roles.json
 	$(INSTALL_DATA) ./files/etc/obuspa/dmcaching_exclude.json $(1)/etc/obuspa/dmcaching_exclude.json
-	$(INSTALL_DATA) ./files/etc/bbfdm/json/USPAgent.json $(1)/etc/bbfdm/json/USPAgent.json
-	$(INSTALL_DATA) ./files/etc/bbfdm/json/TransferComplete.json $(1)/etc/bbfdm/json/TransferComplete.json
 endef
 
 $(eval $(call BuildPackage,obuspa))

obuspa/files/etc/config/obuspa

@@ -2,7 +2,7 @@ config obuspa 'global'
 	option enabled '1'
 	option interface 'loopback'
 	#option ifname 'lo'
-	option debug '0'
+	option debug '1'
 	option log_level '1'
 	option prototrace '0'
 	#option db_file '/etc/obuspa/usp.db'

obuspa/files/etc/init.d/obuspa

@@ -1,7 +1,7 @@
 #!/bin/sh /etc/rc.common
 
 START=99
-STOP=02
+STOP=2
 USE_PROCD=1
 PROG=/usr/sbin/obuspa
 
@@ -16,6 +16,7 @@ mqtt_num=0
 subs_num=0
 challenge_num=0
 index=0
+role_def_file=""
 PROFILE="/root/.profile"
 
 . /lib/functions/network.sh
@@ -30,11 +31,11 @@ cleanup() {
 trap cleanup EXIT
 
 log() {
-	echo "$*"|logger -t obuspa.init -p debug
+	echo "${@}"|logger -t obuspa.init -p debug
 }
 
 db_set() {
-	if [ -n "${1}" ] && [ -n "${2}" ]; then
+	if [ -n "${1}" ]; then
 		echo "${1} \"${2}\"">>${PARAM_FILE}
 	else
 		echo >>${PARAM_FILE}
@@ -48,8 +49,9 @@ update_keep() {
 		return;
 	fi
 
-	if grep -q "${keep_file}" ${KEEP_FILES}; then
-		echo "${keep_file}" >> ${KEEP_FILES}
+	grep -q "${keep_file}" ${KEEP_FILES}
+	if [ "$?" -ne 0 ]; then
+		echo ${keep_file} >> ${KEEP_FILES}
 	fi
 }
 
@@ -61,15 +63,12 @@ get_index() {
 }
 
 get_role_index_from_json() {
-	local role="$1"
-	local role_def_file="$2"
+	local role="${@}"
 	local num=0
-	local roles_obj
 
 	# In case of role is empty or file not present
-	if [ -z "${role}" ] || [ ! -f "${role_def_file}" ]; then
-		echo "${num}"
-		return ${num}
+	if [ -z "${role}" -o ! -f "${role_def_file}" ]; then
+		return 0
 	fi
 
 	json_init
@@ -80,21 +79,20 @@ get_role_index_from_json() {
 
 	for k in ${roles_obj}; do
 		local rname
-		json_select "$k"
+		json_select $k
 		json_get_var rname name
 		json_select ..
 
-		if [ "${rname}" != "Untrusted" ] && [ "${rname}" != "full_access" ]; then
+		if [ "${rname}" != "Untrusted" -a "${rname}" != "full_access" ]; then
 			num=$(( num + 1 ))
 		fi
 
 		if [ "${role}" = "${rname}" ]; then
-			echo "${num}"
 			return ${num}
 		fi
 	done
 
-	return ${num}
+	return 0
 }
 
 get_uci_ref_index() {
@@ -104,10 +102,10 @@ get_uci_ref_index() {
 
 	index=0
 	config_load $CONFIGURATION
-	config_foreach get_index "$1" "$2"
+	config_foreach get_index $1 $2
 	val=$(cat ${USP_TEMP_FILE})
 
-	if [ -z "${val}" ]; then
+	if [ -z $val ]; then
 		val=0
 	fi
 
@@ -123,7 +121,7 @@ validate_obuspa_section()
 		'trust_cert:file' \
 		'client_cert:file' \
 		'interface:string' \
-		'ifname:string' \
+		'ifname:string:br-lan' \
 		'debug:bool:false' \
 		'prototrace:bool:false' \
 		'log_level:uinteger' \
@@ -151,7 +149,7 @@ validate_controller_section()
 		'USPNotifRetryMinimumWaitInterval:uinteger:5' \
 		'USPNotifRetryIntervalMultiplier:uinteger:2000' \
 		'ControllerCode:string' \
-		'Protocol:or("STOMP","CoAP","MQTT", "WebSocket")' \
+		'Protocol:or("STOMP","CoAP","MQTT")' \
 		'Reference:string' \
 		'Destination:string:controller-notify-dest' \
 		'Topic:string' \
@@ -160,14 +158,7 @@ validate_controller_section()
 		'coap_path:string' \
 		'coap_port:port' \
 		'mqtt:string' \
-		'stomp:string' \
-		'Host:host' \
-		'Port:port' \
-		'Path:string' \
-		'EnableEncryption:bool' \
-		'KeepAliveInterval:uinteger' \
-		'SessionRetryIntervalMultiplier:uinteger' \
-		'SessionRetryMinimumWaitInterval:uinteger'
+		'stomp:string'
 }
 
 validate_subscription_section()
@@ -186,7 +177,7 @@ validate_mtp_section()
 {
 	uci_validate_section ${CONFIGURATION} mtp "${1}" \
 		'Enable:bool:true' \
-		'Protocol:or("STOMP","CoAP","MQTT", "WebSocket")' \
+		'Protocol:or("STOMP","CoAP","MQTT")' \
 		'Reference:string' \
 		'ResponseTopicConfigured:string' \
 		'PublishQoS:uinteger' \
@@ -194,12 +185,7 @@ validate_mtp_section()
 		'coap_path:string' \
 		'coap_port:port' \
 		'mqtt:string' \
-		'stomp:string' \
-		'Path:string' \
-		'Port:port' \
-		'EnableEncryption:bool' \
-		'KeepAliveInterval:uinteger'
-
+		'stomp:string'
 }
 
 validate_stomp_connection_section()
@@ -237,37 +223,25 @@ validate_mqtt_client_section()
 		'ConnectRetryMaxInterval:uinteger:60'
 }
 
-validate_challenge_section()
-{
-	uci_validate_section ${CONFIGURATION} challenge "${1}" \
-		'Enable:bool:true' \
-		'Alias:string' \
-		'Description:string' \
-		'role_name:string' \
-		'Role:string' \
-		'Value:string' \
-		'Retries:uinteger:3' \
-		'LockoutPeriod:uinteger:0'
-}
-
 get_oui_from_db() {
-	db -q get device.deviceinfo.ManufacturerOUI
+	local oui="$(db get device.deviceinfo.ManufacturerOUI)"
+
+	echo "${oui}"
 }
 
 get_serial_from_db() {
-	db -q get device.deviceinfo.SerialNumber
+	local serial="$(db get device.deviceinfo.SerialNumber)"
+
+	# this can encoded further
+	echo "${serial}"
 }
 
 publish_endpoint() {
 	local AgentEndpointID serial oui user pass
-
-	if ! uci -q get obuspa.localmqtt; then
-		log "Remote mqtt broker configured, skip publishing endpoint"
-		return 0;
-	fi
+	local opt=""
 
 	# return if mosquitto_pub is not present
-	if [ ! "$(command -v mosquitto_pub)" ]; then
+	if [ ! "$(which mosquitto_pub)" ]; then
 		log "mosquitto_pub not present can't publish EndpointID"
 		return 0;
 	fi
@@ -282,24 +256,22 @@ publish_endpoint() {
 	fi
 
 	config_get user localmqtt Username
+	if [ -n "${user}" ]; then
+		opt="-u ${user}"
+	fi
 	config_get pass localmqtt Password
+	if [ -n "${pass}" ]; then
+		opt="${opt} -P ${pass}"
+	fi
 
 	# publish Agent's EndpointID in mosquito broker for discovery by usp-js
 	# This is a work around till obuspa adds supports for mDNS discovery
-	if [ -n "${user}" ] && [ -n "${pass}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username, password"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}" -P "${pass}"
-	elif [ -n "${user}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username only"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}"
-	else
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}"
-	fi
+	log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker"
+	mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" ${opt}
 }
 
 configure_localagent() {
-	local Enable EndpointID
+	local Enable ParameterName EndpointID
 
 	validate_localagent_section 'localagent' || {
 		log "Validation of localagent section failed"
@@ -316,48 +288,33 @@ configure_localagent() {
 configure_controller() {
 	local EndpointID Enable AssignedRole PeriodicNotifInterval PeriodicNotifTime USPNotifRetryMinimumWaitInterval
 	local USPNotifRetryIntervalMultiplier ControllerCode Protocol Destination coap_host coap_path coap_port
-	local Reference Topic mqtt stomp assigned_role_name ParameterName
-	local Host Port Path EnableEncryption KeepAliveInterval
-	local SessionRetryIntervalMultiplier SessionRetryMinimumWaitInterval
+	local Reference Topic mqtt stomp assigned_role_name
 
 	validate_controller_section "${1}" || {
 		log "Validation of controller section failed"
 		return 1;
 	}
 
-	if [ -z "${EndpointID}" ] || [ -z "${Protocol}" ]; then
+	if [ -z "${EndpointID}" -o -z "${Protocol}" ]; then
 		log "controller:: EndpointID id and Protocol cannot be empty"
 		return 1;
 	fi
 
-	# Support for backward compatibility for coap uci parameters
-	if [ -n "${coap_host}" ] && [ -z "${Host}" ]; then
-		Host="${coap_host}"
-	fi
-
-	if [ -n "${coap_path}" ] && [ -z "${Path}" ]; then
-		Path="${coap_path}"
-	fi
-
-	if [ -n "${coap_port}" ] && [ -z "${Port}" ]; then
-		Port="${coap_port}"
-	fi
-
-	if [ -z "${stomp}" ] && [ -z "${Reference}" ] && [ -z "${mqtt}" ] && [ -z "${Host}" ]; then
+	if [ -z "${stomp}" -a -z "${Reference}"  -a -z "${mqtt}" -a -z "${coap_path}" ]; then
 		log "controller:: Invalid configuration"
 		return 1;
 	fi
 
 	if [ -z "${Reference}" ]; then
 		if [ "${Protocol}" = "STOMP" ]; then
-			val=$(get_uci_ref_index stomp "${stomp}")
+			val=$(get_uci_ref_index stomp ${stomp})
 			if [ "${val}" -eq 0 ]; then
 				log "Not able to find the referred stomp section"
 				return 1;
 			fi
 			Reference="Device.STOMP.Connection.${val}"
 		elif [ "${Protocol}" = "MQTT" ]; then
-			val=$(get_uci_ref_index mqtt "${mqtt}")
+			val=$(get_uci_ref_index mqtt ${mqtt})
 			if [ "${val}" -eq 0 ]; then
 				log "Not able to find the referred mqtt section"
 				return 1;
@@ -375,7 +332,7 @@ configure_controller() {
 		db_set Device.LocalAgent.Controller.${controller_num}.AssignedRole "${AssignedRole}"
 	else
 		if [ -n "${assigned_role_name}" ]; then
-			AssignedRole=$(get_role_index "${assigned_role_name}")
+			AssignedRole=$(get_role_index ${assigned_role_name})
 			db_set Device.LocalAgent.Controller.${controller_num}.AssignedRole "${AssignedRole}"
 		fi
 	fi
@@ -401,18 +358,9 @@ configure_controller() {
 		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.STOMP.Reference "${Reference}"
 		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.STOMP.Destination "${Destination}"
 	elif [ "${Protocol}" = "CoAP" ]; then
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.CoAP.Host "${Host}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.CoAP.Path "${Path}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.CoAP.Port "${Port}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.CoAP.EnableEncryption "${EnableEncryption}"
-	elif [ "${Protocol}" = "WebSocket" ]; then
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.WebSocket.Host "${Host}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.WebSocket.Port "${Port}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.WebSocket.Path "${Path}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.WebSocket.EnableEncryption "${EnableEncryption}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.WebSocket.KeepAliveInterval "${KeepAliveInterval}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.WebSocket.SessionRetryIntervalMultiplier "${SessionRetryIntervalMultiplier}"
-		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.WebSocket.SessionRetryMinimumWaitInterval "${SessionRetryMinimumWaitInterval}"
+		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.CoAP.Host "${coap_host}"
+		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.CoAP.Path "${coap_path}"
+		db_set Device.LocalAgent.Controller.${controller_num}.MTP.1.CoAP.Port "${coap_port}"
 	else
 		log "Unsupported Protocol ${Protocol}"
 	fi
@@ -425,7 +373,7 @@ configure_controller() {
 		db_set Device.LocalAgent.Controller.${controller_num}.BootParameter.${_pnum}.Alias "cpe-${_pnum}"
 		db_set Device.LocalAgent.Controller.${controller_num}.BootParameter.${_pnum}.Enable "${Enable}"
 		db_set Device.LocalAgent.Controller.${controller_num}.BootParameter.${_pnum}.ParameterName "${param}"
-		_pnum=$(( _pnum + 1 ))
+		_pnum=$(( ${_pnum} + 1 ))
 	done
 
 	db_set
@@ -440,13 +388,12 @@ configure_subscription(){
 		return 1;
 	}
 
-	if [ -z "${Recipient}" ] && [ -z "${controller}" ]; then
+	if [ -z "${Recipient}" -a -z "${controller}" ]; then
 		log "No recipient for subscription"
-		return 1;
 	fi
 
 	if [ -z "${Recipient}" ]; then
-		val=$(get_uci_ref_index controller "${controller}")
+		val=$(get_uci_ref_index controller ${controller})
 		if [ "${val}" -eq 0 ]; then
 			log "Not able to find the referred controller section"
 				return 1;
@@ -463,17 +410,28 @@ configure_subscription(){
 	db_set Device.LocalAgent.Subscription.${subs_num}.ReferenceList "${ReferenceList}"
 	db_set Device.LocalAgent.Subscription.${subs_num}.Persistent "${Persistent}"
 	db_set Device.LocalAgent.Subscription.${subs_num}.Recipient "${Recipient}"
-	db_set Device.LocalAgent.Subscription.${subs_num}.CreationDate "$(date -I'seconds')"
+}
+
+validate_challenge_section()
+{
+	uci_validate_section ${CONFIGURATION} challenge "${1}" \
+		'Enable:bool:true' \
+		'Alias:string' \
+		'Description:string' \
+		'role_name:string' \
+		'Role:string' \
+		'Value:string' \
+		'Retries:uinteger:3' \
+		'LockoutPeriod:uinteger:0'
 }
 
 check_json_load()
 {
-	local ret
-
-	ret=0
+	local ret=0
 	if [ -f "${role_def_file}" ]; then
 		json_init
-		if json_load_file "${role_def_file}" 2>&1 |grep -q Failed; then
+		json_load_file "${role_def_file}" 2>&1 |grep -q Failed
+		if [ $? -eq 0 ]; then # In case of invalid json file
 			log "failed to load [${role_def_file}]"
 			ret=1
 		fi
@@ -485,10 +443,8 @@ check_json_load()
 get_role_index() {
 	local role="Device.LocalAgent.ControllerTrust.Role"
 	local idx=0
-	local role_name="$1"
-	local role_def_file
+	local role_name="${@}"
 
-	role_def_file=$(uci -q get obuspa.global.role_file 2>/dev/null)
 	case "${role_name}" in
 	'full_access')
 		idx=1;
@@ -500,8 +456,9 @@ get_role_index() {
 		local ji=0
 
 		check_json_load
-		if [ "$?" -eq "0" ]; then
-			ji=$(get_role_index_from_json "${role_name}" "${role_def_file}")
+		if [ $? -eq 0 ]; then
+			get_role_index_from_json ${role_name}
+			ji=$?
 		fi
 		idx=$(( ji + 2 )) # Add predefined roles
 	 esac
@@ -517,7 +474,7 @@ configure_challenges() {
 		exit 1;
 	}
 
-	if [ -z "${role_name}" ] && [ -z "${Role}" ]; then
+	if [ -z "${role_name}" -a -z "${Role}" ]; then
 		log "Either role_name or Role must defined for a challenge";
 		return 1;
 	fi
@@ -530,10 +487,10 @@ configure_challenges() {
 	fi
 
 	if [ -z "${Role}" ]; then
-		Role=$(get_role_index "${role_name}")
+		Role=$(get_role_index ${role_name})
 	fi
 
-	if [ -z "${Alias}" ] && [ -n "${role_name}" ]; then
+	if [ -z "${Alias}" -a -n "${role_name}" ]; then
 		Alias=${role_name}
 	fi
 
@@ -547,31 +504,22 @@ configure_challenges() {
 configure_mtp() {
 	local Enable Protocol Reference ResponseTopicConfigured PublishQoS
 	local stomp mqtt
-	local Path Port EnableEncryption KeepAliveInterval
 
 	validate_mtp_section "${1}" || {
 		log "Validation of mtp section failed"
 		return 1;
 	}
 
-	if [ -n "${coap_path}" ] && [ -z "${Path}" ]; then
-		Path="${coap_path}"
-	fi
-
-	if [ -n "${coap_port}" ] && [ -z "${Port}" ]; then
-		Port="${coap_port}"
-	fi
-
 	if [ -z "${Reference}" ]; then
 		if [ "${Protocol}" = "STOMP" ]; then
-			val=$(get_uci_ref_index stomp "${stomp}")
+			val=$(get_uci_ref_index stomp ${stomp})
 			if [ "${val}" -eq 0 ]; then
 				log "Referred stomp section not found"
 				return 1;
 			fi
 			Reference="Device.STOMP.Connection.${val}"
 		elif [ "${Protocol}" = "MQTT" ]; then
-			val=$(get_uci_ref_index mqtt "${mqtt}")
+			val=$(get_uci_ref_index mqtt ${mqtt})
 			if [ "${val}" -eq 0 ]; then
 				log "Referred mqtt section not found"
 				return 1;
@@ -594,13 +542,8 @@ configure_mtp() {
 		db_set Device.LocalAgent.MTP.${mtp_num}.STOMP.Reference "${Reference}"
 		db_set Device.LocalAgent.MTP.${mtp_num}.STOMP.Destination "${Destination}"
 	elif [ "${Protocol}" = "CoAP" ]; then
-		db_set Device.LocalAgent.MTP.${mtp_num}.CoAP.Path "${Path}"
-		db_set Device.LocalAgent.MTP.${mtp_num}.CoAP.Port "${Port}"
-	elif [ "${Protocol}" = "WebSocket" ]; then
-		db_set Device.LocalAgent.MTP.${mtp_num}.WebSocket.Path "${Path}"
-		db_set Device.LocalAgent.MTP.${mtp_num}.WebSocket.Port "${Port}"
-		db_set Device.LocalAgent.MTP.${mtp_num}.WebSocket.EnableEncryption "${EnableEncryption}"
-		db_set Device.LocalAgent.MTP.${mtp_num}.WebSocket.KeepAliveInterval "${KeepAliveInterval}"
+		db_set Device.LocalAgent.MTP.${mtp_num}.CoAP.Path "${coap_path}"
+		db_set Device.LocalAgent.MTP.${mtp_num}.CoAP.Port "${coap_port}"
 	else
 		log "Unsupported Protocol ${Protocol} in mtp"
 	fi
@@ -640,7 +583,7 @@ configure_stomp_connection() {
 
 configure_mqtt_client(){
 	local BrokerAddress BrokerPort Enable Username Password ProtocolVersion KeepAliveTime
-	local TransportProtocol ConnectRetryTime ConnectRetryMaxInterval ConnectRetryIntervalMultiplier ClientID
+	local TransportProtocol ConnectRetryTime ConnectRetryMaxInterval ConnectRetryIntervalMultiplier
 
 	validate_mqtt_client_section "${1}" || {
 		log "Validation of mqtt section failed"
@@ -674,9 +617,13 @@ configure_mqtt_client(){
 
 configure_obuspa() {
 	local enabled trust_cert ifname interface debug prototrace log_level db_file log_dest role_file
-	local client_cert
 
-	validate_obuspa_section "global"
+	validate_obuspa_section "global" || {
+		log "Validation of global section failed"
+		return 1;
+	}
+
+	role_def_file="${role_file}"
 
 	if [ "${debug}" -eq 1 ]; then
 		# Forward stdout of the command to logd
@@ -685,94 +632,72 @@ configure_obuspa() {
 		procd_set_param stderr 1
 	fi
 
-	if [ "${debug}" -eq 1 ] && [ "${prototrace}" -eq 1 ]; then
+	if [ "${debug}" -eq 1 -a "${prototrace}" -eq 1 ]; then
 		procd_append_param command -p
 	fi
 
-	if [ "${debug}" -eq 1 ] && [ -n "${log_level}" ]; then
-		procd_append_param command -v "${log_level}"
+	if [ "${debug}" -eq 1 -a -n "${log_level}" ]; then
+		procd_append_param command -v ${log_level}
 	fi
 
 	if [ -n "${log_dest}" ]; then
-		procd_append_param command -l "${log_dest}"
+		procd_append_param command -l ${log_dest}
 	fi
 
 	if [ -n "${interface}" ]; then
-		network_get_physdev ifname "${interface}"
+		network_get_physdev ifname ${interface}
 	fi
 
-	if [ -n "${ifname}" ]; then
-		procd_set_param env USP_BOARD_IFNAME="${ifname}"
-	fi
-
-	if [ -z "${ifname}" ] || ! grep -F -q "export USP_BOARD_IFNAME=${ifname}" "${PROFILE}"; then
-		if [ -f "${PROFILE}" ]; then
-			sed -i "/export USP_BOARD_IFNAME/d" "${PROFILE}"
-		fi
-
-		if [ -n "${ifname}" ]; then
-			# Set this variable for root user and obuspa -c tool
-			echo "export USP_BOARD_IFNAME=${ifname}" >> "${PROFILE}"
+	# Set this variable for root user and obuspa -c tool
+	if [ -f "${PROFILE}" ]; then
+		grep -q "export USP_BOARD_IFNAME=${ifname}" ${PROFILE}
+		if [ "$?" -ne 0 ]; then
+			grep -q "export USP_BOARD_IFNAME" ${PROFILE}
+			if [ "$?" -eq 0 ]; then
+				sed -i "g/export USP_BOARD_IFNAME/d" ${PROFILE}
+			fi
+			echo "export USP_BOARD_IFNAME=${ifname}" >> ${PROFILE}
 		fi
+	else
+		echo "export USP_BOARD_IFNAME=${ifname}" > ${PROFILE}
 	fi
 
 	if [ -n "${db_file}" ]; then
 		update_keep "${db_file}"
-		procd_append_param command -f "${db_file}"
+		procd_append_param command -f ${db_file}
 	fi
 
 	if [ -n "${trust_cert}" ]; then
 		update_keep "${trust_cert}"
 		if [ -f "${trust_cert}" ]; then
-			procd_append_param command -t "${trust_cert}"
+			procd_append_param command -t ${trust_cert}
 		fi
 	fi
 
 	if [ -n "${client_cert}" ]; then
 		update_keep "${client_cert}"
 		if [ -f "${client_cert}" ]; then
-			procd_append_param command -a "${client_cert}"
+			procd_append_param command -a ${client_cert}
 		fi
 	fi
+
+	procd_set_param env USP_BOARD_IFNAME=${ifname}
 }
 
 # Create factory reset file
 db_init() {
 	# Load configuration
 	config_load $CONFIGURATION
-
+	config_foreach configure_obuspa obuspa
 	config_foreach configure_controller controller
-	[ "$?" -ne 0 ] && return 1;
 	config_foreach configure_localagent localagent
-	[ "$?" -ne 0 ] && return 1;
 	config_foreach configure_mtp mtp
-	[ "$?" -ne 0 ] && return 1;
 	config_foreach configure_stomp_connection stomp
-	[ "$?" -ne 0 ] && return 1;
 	config_foreach configure_mqtt_client mqtt
-	[ "$?" -ne 0 ] && return 1;
 	config_foreach configure_subscription subscription
-	[ "$?" -ne 0 ] && return 1;
 	config_foreach configure_challenges challenge
-	[ "$?" -ne 0 ] && return 1;
 
 	db_set Internal.Reboot.Cause "LocalFactoryReset"
-	return 0;
-}
-
-register_service()
-{
-	procd_open_instance ${CONFIGURATION}
-	procd_set_param command ${PROG}
-	procd_append_param command -r ${PARAM_FILE}
-
-	configure_obuspa
-	procd_set_param respawn \
-			"${respawn_threshold:-5}" \
-			"${respawn_timeout:-10}" "${respawn_retry:-3}"
-
-	procd_set_param watch usp.raw
-	procd_close_instance
 }
 
 service_running() {
@@ -782,19 +707,24 @@ service_running() {
 start_service() {
 	local enabled
 
-	mkdir -p /tmp/obuspa/
 	config_load obuspa
-	config_get_bool enabled global enabled 0
+	config_get enabled global enabled
 
 	if [ "${enabled}" -eq 0 ]; then
 		log "OBUSPA not enabled"
 		return 0;
 	fi
 
+	procd_open_instance ${CONFIGURATION}
+	procd_set_param command ${PROG}
 	db_init
-	[ "$?" -ne 0 ] && return 1;
+	procd_append_param command -r ${PARAM_FILE}
+	procd_set_param respawn \
+			${respawn_threshold:-5} \
+			${respawn_timeout:-10} ${respawn_retry:-3}
 
-	register_service
+	procd_set_param watch usp.raw
+	procd_close_instance
 }
 
 stop_service() {
@@ -803,10 +733,10 @@ stop_service() {
 	config_load obuspa
 	config_get db_file global db_file
 
-	${PROG} -c stop >/dev/null 2>&1
+	${PROG} -c stop 2>&1 >/dev/null
 
 	if [ -z "${db_file}" ]; then
-		db_file="/tmp/obuspa/usp.db"
+		db_file="/tmp/usp.db"
 	fi
 
 	[ -f "${db_file}" ] && rm -f ${db_file}
@@ -841,14 +771,4 @@ service_triggers() {
 			json_add_int "" "2000"
 		json_close_array
 	procd_close_trigger
-
-	procd_open_validate
-	validate_obuspa_section
-	validate_localagent_section
-	validate_controller_section
-	validate_subscription_section
-	validate_mtp_section
-	validate_stomp_connection_section
-	validate_mqtt_client_section
-	procd_close_validate
 }

obuspa/files/etc/obuspa/dmcaching_exclude.json

@@ -1,8 +1,6 @@
 {
   "dmcaching_exclude": [
-    "Device.InterfaceStack.",
-    "Device.Hosts.Host.",
-    "Device.IEEE1905.",
-    "Device.WiFi.DataElements."
+    "Device.DeviceInfo.ProcessStatus.Process.",
+    "Device.Hosts.Host."
   ]
 }

obuspa/patches/0002-supress-group-get-error.patch

@@ -1,42 +0,0 @@
---- a/src/core/cli_server.c
-+++ b/src/core/cli_server.c
-@@ -733,10 +733,6 @@ int ExecuteCli_Get(char *arg1, char *arg
-             USP_ASSERT(gge->value != NULL);
-             SendCliResponse("%s => %s\n", gge->path, gge->value);
-         }
--        else
--        {
--            SendCliResponse("ERROR: %d retrieving %s (%s)\n", gge->err_code, gge->path, gge->err_msg);
--        }
-     }
- 
-     GROUP_GET_VECTOR_Destroy(&ggv);
---- a/src/core/handle_get.c
-+++ b/src/core/handle_get.c
-@@ -252,24 +252,14 @@ void FormPathExprResponse(int get_expr_i
-         return;
-     }
- 
--    // If there was an error in getting any of the parameters associated with the path expression,
--    // then just add the first error, without any of the parameter values, for this path expression result
--    for (i=0; i < gi->num_entries; i++)
--    {
--        gge = &ggv->vector[gi->index + i];
--        if (gge->err_code != USP_ERR_OK)
--        {
--            (void)AddGetResp_ReqPathRes(resp, path_expr, gge->err_code, gge->err_msg);
--            return;
--        }
--    }
--
-     // If the code gets here, then the value of all parameters were retrieved successfully, so add their values to the result_params
-     req_path_result = AddGetResp_ReqPathRes(resp, path_expr, USP_ERR_OK, "");
-     for (i=0; i < gi->num_entries; i++)
-     {
-         gge = &ggv->vector[gi->index + i];
- 
-+        if (gge->err_code != USP_ERR_OK)
-+		continue;
- #ifdef GET_RESPONSE_SIMPLE_FORMAT
-         // Simple format contains a resolved_path_result for every object (and sub object)
-         AddResolvedPathResult(req_path_result, gge->path, gge->value, 0);

obuspa/patches/0004-suppress-notification-logs.patch

@@ -1,20 +0,0 @@
---- a/src/core/data_model.c
-+++ b/src/core/data_model.c
-@@ -1239,7 +1239,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
-     // Exit if instance already exists - nothing to do
-     if (exists)
-     {
--        USP_ERR_SetMessage("%s: Object (%s) already exists in the data model", __FUNCTION__, path);
-+        // USP_ERR_SetMessage("%s: Object (%s) already exists in the data model", __FUNCTION__, path);
-         return USP_ERR_CREATION_FAILURE;
-     }
- 
-@@ -1324,7 +1324,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
-     // Exit if instance does not exist - nothing to do
-     if (exists == false)
-     {
--        USP_ERR_SetMessage("%s: Object (%s) does not exist in the data model", __FUNCTION__, path);
-+        // USP_ERR_SetMessage("%s: Object (%s) does not exist in the data model", __FUNCTION__, path);
-         return USP_ERR_OBJECT_DOES_NOT_EXIST;
-     }
- 

owsd/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=owsd
-PKG_VERSION:=1.1.4
+PKG_VERSION:=1.1.3
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/owsd.git
-PKG_SOURCE_VERSION:=e37c6f9d708c454c802eede814cc51fb89c919e9
+PKG_SOURCE_VERSION:=f78f7198944758cd2140887ecd8970432f678fc1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 PKG_SOURCE_SUBDIR:=${PKG_NAME}-${PKG_VERSION}

paho-mqtt-c/Makefile

@@ -0,0 +1,47 @@
+#
+# Copyright (C) 2020 IOPSYS
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=lib-paho-mqtt
+PKG_VERSION:=0.1
+
+PKG_SOURCE_VERSION:=9f715d0862a8e16099b5837c4e53a1bf6a6a0675
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/eclipse/paho.mqtt.c.git
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_LICENSE:=edl-v10
+PKG_LICENSE_FILES:=LICENSE
+
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/lib-paho-mqtt
+	CATEGORY:=Libraries
+	DEPENDS:=+libopenssl
+	TITLE:=package for mqtt stuff
+endef
+
+
+define Package/lib-paho-mqtt/description
+	a library
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/ $(1)/usr/lib
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/*.h $(1)/usr/include/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/output/*.so* $(1)/usr/lib/
+endef
+
+define	Package/lib-paho-mqtt/install
+	$(INSTALL_DIR) $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/build/output/*.so* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,lib-paho-mqtt))

periodicstats/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=periodicstats
-PKG_VERSION:=1.2.0
+PKG_VERSION:=1.1.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6c68428405bc88a9990e855f911aecc86f07f4a8
+PKG_SOURCE_VERSION:=7426c7458f792cc66920c206d62869c5620f1400
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/periodicstats.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -20,15 +20,13 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=LICENSE
 
-PKG_BUILD_DEPENDS:=bbf
-
 include $(INCLUDE_DIR)/package.mk
 
 define Package/periodicstats
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=Periodic Statistics Daemon
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbf_api
 endef
 
 define Package/periodicstats/description
@@ -37,7 +35,7 @@ endef
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-        $(CP) -rf ~/git/periodicstats/* $(PKG_BUILD_DIR)/
+        $(CP) -rf ./periodicstats/* $(PKG_BUILD_DIR)/
 endef
 endif
 

periodicstats/files/etc/init.d/periodicstats

@@ -11,12 +11,9 @@ service_running() {
 }
 
 start_service() {
-	local enable
+	enable=$(uci -q get periodicstats.globals.enable)
 
-	config_load periodicstats
-	config_get_bool enable globals enable 1
-
-	if [ "${enable}" -ne "1" ]; then
+	if [ "$(enable)" != "1" ]; then
 		return 0;
 	fi
 
@@ -27,7 +24,7 @@ start_service() {
 }
 
 service_triggers() {
-	procd_add_reload_trigger periodicstats
+	procd_add_reload_trigger periodicstats uspd
 }
 
 reload_service() {

peripheral_manager/Makefile

@@ -12,7 +12,7 @@ PKG_NAME:=peripheral_manager
 PKG_VERSION:=1.0.6
 PKG_RELEASE:=1
 
-PKG_SOURCE_VERSION:=21522c2003b8c61904acc61ff97e54fc9b0c3c92
+PKG_SOURCE_VERSION:=15ba90f01914113e7c5e8f8a6df6279c882e8265
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/peripheral-manager
 

peripheral_manager/files/etc/init.d/ledmngr

@@ -1,62 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=20
-USE_PROCD=1
-
-setled() {
-	local enable
-	local brightness
-
-	config_get_bool enable $1 enable 1
-	config_get brightness $1 brightness 100
-	ubus call led.$1 set "{\"enable\":$enable,\"brightness\":$brightness}"
-}
-
-start_service() {
-	local enable
-
-	config_load leds
-	config_foreach setled led
-	config_get_bool enable leds enable 1
-
-	if [ "$enable" == "0" ]; then
-		ubus call leds set  '{"state" : "alloff"}'
-	else
-		ubus call leds set  '{"state" : "normal"}'
-	fi
-}
-
-boot() {
-	local led ledname
-
-	ubus list led* >/dev/null || sleep 1
-	ubus list led* >/dev/null || sleep 1
-
-	[ -f /etc/config/leds ] || touch /etc/config/leds
-
-	if ! uci -q get leds.leds >/dev/null; then
-		uci set leds.leds=leds
-		uci set leds.leds.enable=1
-	fi
-
-	for led in $(ubus list led.*); do
-		ledname=${led:4}
-		case $ledname in
-			*phy*) continue ;;
-		esac
-		if ! uci -q  get leds.$ledname >/dev/null; then
-			uci set leds.$ledname=led
-			uci set leds.$ledname.enable=1
-		fi
-	done
-
-	uci commit leds
-
-	start
-}
-
-service_triggers()
-{
-	procd_add_reload_trigger "leds"
-}
-

ponmngr/files/etc/init.d/pon

@@ -0,0 +1,36 @@
+#!/bin/sh /etc/rc.common
+
+START=98
+STOP=10
+
+USE_PROCD=1
+NAME=ponmngr
+PROG="/usr/sbin/omcid start"
+
+include /lib/pon
+
+
+start_service() {
+       if [ -f "/etc/config/pon" ]; then
+		procd_open_instance $NAME
+		procd_set_param command ${PROG}
+		procd_set_param respawn
+		procd_close_instance
+                start_gpon
+       fi
+}
+
+boot() {
+        start
+}
+
+stop_service() {
+	service_stop ${PROG}
+        stop_gpon
+}
+
+reload_service() {
+        stop
+        start
+}
+

ponmngr/files/etc/init.d/xpon

@@ -1,40 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=19
-STOP=91
-
-USE_PROCD=1
-
-. /lib/functions.sh
-include /lib/xpon
-
-configure_serial_number() {
-	# serial number generation is taken care in the uci defaults, so if
-	# serial number is not found here its a misconfig
-	serial_number="$(uci -q get xpon.ani.serial_number)"
-	if [ ${#serial_number} -eq 12 ]; then
-		vendor_id="${serial_number:0:4}"
-		vssn="${serial_number:4:8}"
-	else
-		logger -s -t "xpon" "Serial number not found in uci, ont will probably not be registered at the olt"
-		logger -s -t "xpon" "Please configure a valid serial number"
-		return
-	fi
-
-	set_serial_number $vendor_id $vssn
-}
-
-start_service() {
-	if [ "$(uci -q get xpon.ani.enable)" == "1" ]; then
-		configure_serial_number
-		init_xpon
-	fi
-}
-
-stop_service() {
-	deinit_xpon
-}
-
-service_triggers() {
-	procd_add_reload_trigger "xpon"
-}

ponmngr/files/etc/uci-defaults/60-pon-generate

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+basemac="$(db -q get hw.board.basemac | tr -d ':')"
+             
+if [ -s "/etc/config/pon" ]; then
+        if uci -q get pon.globals >/dev/null; then
+                # return if there is any valid content
+                exit                                  
+        else                                          
+                rm -f /etc/config/pon
+        fi                           
+fi                                   
+touch /etc/config/pon
+                     
+mac=''               
+if [ -z "$basemac" ]; then
+        mac="12345678"    
+else                      
+        # read last 8 characters of basemac without :
+        mac=${basemac: -8}                           
+fi                                                   
+                          
+uci set pon.globals=globals
+uci set pon.globals.enabled="1"
+uci set pon.globals.serial_number="BRCM$mac"
+                                           
+uci commit pon  

ponmngr/files/etc/uci-defaults/60-xpon-generate

@@ -1,34 +0,0 @@
-#!/bin/sh
-
-
-configure_serial_number() {
-	# check if serial number is present in the production data
-	production_sn="$(fw_printenv -n gponsn)"
-	if [ ${#production_sn} -eq 12 ]; then
-		uci set xpon.ani.serial_number=$production_sn
-	else
-		macaddr="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
-		vendor_id="IOPS"
-		vssn="${macaddr:4:8}"
-		uci set xpon.ani.serial_number=$vendor_id$vssn
-	fi
-}
-
-if [ -s "/etc/config/xpon" ]; then
-        if uci -q get xpon.ani >/dev/null; then
-                # generate serial number in case its not present and return
-		serial_number="$(uci -q get xpon.ani.serial_number)"
-		if [ ${#serial_number} -ne 12 ]; then
-			configure_serial_number
-		fi
-                exit                                  
-        else                                          
-                rm -f /etc/config/xpon
-        fi                           
-fi                                   
-touch /etc/config/xpon
-
-uci set xpon.ani=ani
-uci set xpon.ani.enable="1"
-configure_serial_number
-

ponmngr/files/lib/pon/broadcom.sh

@@ -0,0 +1,70 @@
+#!/bin/sh
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+configure_snpwd() {
+        local serial_no password
+        serial_no="$1"
+        password="$2"
+
+        # serial number comprises of 2 parts, vendor id and vendor specific, the vendor id is
+        # a string while the vendor specific is a hex, so split the 2 and set accordingly
+        local vendor_id vendor_specific
+        vendor_id=${serial_no:0:4}
+        vendor_specific=${serial_no: -8}
+
+        # attempt to conver vendor_id from string to hex
+	vendor_id=$(echo $vendor_id | hexdump -e '4/1 "%02X" "\n"')
+	vendor_id=${vendor_id:0:8}
+
+        bdmf_shell -c `cat /var/bdmf_sh_id` -cmd /b/configure gpon onu_sn={vendor_id=$vendor_id,vendor_specific=$vendor_specific}
+        if [ -n "$password" ]; then
+		password=$(echo $password | hexdump -n ${#password} -e '16/1 "%02X""\n"')
+                bdmf_shell -c `cat /var/bdmf_sh_id` -cmd /b/configure gpon password=$password
+        fi
+}
+
+configure_gpon() {
+        local enabled serial_no password
+        config_load pon
+        config_get enabled globals "enabled"
+
+	if [ "$enabled" == "0" ]; then
+		exit
+        fi
+
+        config_get serial_no globals "serial_number"
+        config_get password globals "password"
+
+        configure_snpwd $serial_no $password
+}
+
+start_gpon() {
+        if [ -n "$(which gponctl)" ]; then
+                configure_gpon
+                gponctl start
+        fi
+}
+
+stop_gpon() {
+        if [ -n "$(which gponctl)" ]; then
+                gponctl stop
+        fi
+}
+
+get_gpon_status() {
+        json_init
+        status="$(gponctl getstate)"
+        admin_status="$(echo $status | head -n1 | awk '{print $8;}')"
+        json_add_string "admin_status" "$admin_status"
+        op_status="$(echo $status | head -n1 | awk '{print $12;}')"
+        case $op_status in
+        NUMBER)
+                op_status="$(echo $status | head -n1 | awk '{print $13;}')"
+                ;;
+        esac
+
+        op_status=${op_status:1:2}
+        json_add_string "operational_status" "$op_status"
+        json_dump
+}

ponmngr/files/lib/xpon/broadcom.sh

@@ -1,30 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-set_serial_number() {
-	vendor_id=$1
-	vssn=$2
-
-	vendor_id="$(echo $vendor_id | hexdump -e '4/1 "%02X" "\n"')"
-	vendor_id=${vendor_id:0:8}
-
-	bs /b/c gpon onu_sn={vendor_id=$vendor_id,vendor_specific=$vssn}
-}
-
-init_xpon() {
-	procd_open_instance pon_msgd
-	procd_set_param command bcm_msgd -c gpon
-	procd_close_instance
-
-	procd_open_instance pon_daemon
-	procd_set_param command omcid start -n
-	procd_set_param respawn
-	procd_close_instance
-}
-
-deinit_xpon() {
-	# stopping omcid does not bring down the pon link, which should happen
-	# if ANI is disabled or stopped (go to O1)
-	gponctl stop
-}

ponmngr/files/usr/libexec/rpcd/pon

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+. /lib/functions.sh
+include /lib/pon
+
+case "$1" in
+	list)
+		echo '{ "status": {} }'
+		;;
+	call)
+		case "$2" in
+			status)
+				get_gpon_status
+				;;
+		esac
+		;;
+esac
+

port-management/files/etc/uci-defaults/15-ports-config-generate

@@ -1,20 +1,16 @@
 #!/bin/sh
 
 populate_config_from_db() {
-	. /lib/functions.sh
-	include /lib/network
+	. /lib/network/utils.sh
 
 	portorder="$(db -q get hw.board.ethernetPortOrder)"
 	for port in $portorder; do
-		speed="$(get_max_port_speed $port 2>/dev/null)"
-		speed="${speed:-1000}"
-
 		uci add ports ethport
 		uci rename ports.@ethport[-1]="$(get_port_name $port)"
 		uci set ports.@ethport[-1].enabled=1
 		uci set ports.@ethport[-1].name="$(get_port_name $port)"
 		uci set ports.@ethport[-1].ifname="$port"
-		uci set ports.@ethport[-1].speed="$speed"
+		uci set ports.@ethport[-1].speed=1000
 		uci set ports.@ethport[-1].duplex="full"
 		uci set ports.@ethport[-1].autoneg=1
 		uci set ports.@ethport[-1].eee=0

qosmngr/files/etc/uci-defaults/60-qos_queue_generate

@@ -3,7 +3,7 @@
 . /lib/functions.sh
 
 ethwan="$(db -q get hw.board.ethernetWanPort)"
-cpu_model="$(cat /proc/socinfo  | grep 'SoC Name' | cut -d':' -f2)"
+cpu_model="$(brcm_fw_tool -k info)"
 
 generate_queue(){
 	section="$1"
@@ -19,7 +19,7 @@ generate_queue(){
 
         if [ $is_lan -eq 1 ]; then
 		case $cpu_model in
-			BCM68*) no_of_q="0 1 2 3" ;;
+			68*) no_of_q="0 1 2 3" ;;
 		esac
 
                 if grep -qE '[0-9]+ archer$' /proc/devices; then 

qosmngr/files/lib/qos/broadcom.sh

@@ -4,18 +4,23 @@
 
 IP_RULE=""
 BR_RULE=""
-BR6_RULE=""
 
+POLICER_SKIP=0
 POLICER_COUNT=0
+INTF_NAME=""
 Q_COUNT=0
-SP_Q_PRIO=7
+ITER=0
+PREV_ORDER=""
+CURR_ORDER=""
+MAX_ORDER=""
+
 
 # Function to handle a queue order and
 # update total number of queues
 handle_q_order() {
-	local qid="$1" #queue section ID
+	qid="$1" #queue section ID
 
-	config_get is_enable "$qid" "enable" 1
+	config_get is_enable "$qid" "enable"
 
 	# No need to configure disabled queues
 	if [ $is_enable == '0' ]; then
@@ -31,7 +36,7 @@ handle_q_order() {
 	# Create precedence file containing queue order per
 	# interface.
 	local precedence_file="/tmp/qos/$ifname/q_order"
-	local q_no=$(cat /tmp/qos/$ifname/q_idx)
+	local q_no=$(cat /tmp/qos/queue_stats/$ifname/q_idx)
 
 	config_get precedence "$qid" "precedence"
 	value=${precedence}_q${q_no}
@@ -39,32 +44,71 @@ handle_q_order() {
 
 	# Update the number of queues per interface.
 	q_no=$((q_no + 1))
-	echo $q_no > /tmp/qos/$ifname/q_idx
+	echo $q_no > /tmp/qos/queue_stats/$ifname/q_idx
 }
 
-# Sort queue, lower value in uci means higher precedence, so this
-# function sorts the precedence in decending order
-sort_q_by_precedence() {
+# Function to check if values are greater than (total number
+# of queue -1) and map them to corresponding value.
+configure_precedence_to_file() {
+	order="$1"
+	line="$2"
+	order_file="$3"
+
+	if [ $order == "$PREV_ORDER" ]; then
+		queue_id=${line#*_}
+		val=${CURR_ORDER}_${queue_id}
+		echo $val >> $order_file
+	else
+		PREV_ORDER=$order
+		queue_id=${line#*_}
+		val=${MAX_ORDER}_${queue_id}
+		echo $val >> $order_file
+		CURR_ORDER=$MAX_ORDER
+		MAX_ORDER=$((MAX_ORDER - 1))
+	fi
+}
+
+# Fucntion to map queue precedence per interface
+# ranging from 1-X to 0-(no of queues -1)
+map_queue_precedence() {
 	ifname="$1"
+	total_q=$(cat /tmp/qos/queue_stats/$ifname/q_idx)
+	q_no=`expr $total_q - 1`
 
+	MAX_ORDER=$q_no
+
+	local precedence_file="/tmp/qos/$ifname/q_precedence"
 	local order_file="/tmp/qos/$ifname/q_order"
-	local tmp_order_file="/tmp/qos/$ifname/q_order.tmp"
 
-	sort -n -k1 $order_file > $tmp_order_file
-	cp $tmp_order_file $order_file
-	rm -f $tmp_order_file
+	sort -n -r -k1 $order_file >> $precedence_file
+	rm $order_file
+
+	while read line
+	do
+		order=${line%_*}
+		if [ $order  -gt $q_no ]; then
+			ITER=$((ITER + 1))
+			configure_precedence_to_file $order $line $order_file
+		else
+			if [ $ITER == '0' ]; then
+				echo $line >> $order_file
+			else
+				configure_precedence_to_file $order $line $order_file
+			fi
+		fi
+
+	done < $precedence_file
 }
 
-sort_by_precedence() {
+map_precedence() {
 	for interf in $(db -q get hw.board.ethernetPortOrder); do
-		sort_q_by_precedence $interf
+		map_queue_precedence $interf
 	done
 }
 
 # function to handle a queue section
 handle_queue() {
-	local qid="$1" #queue section ID
-	local intf_name="$2"
+	qid="$1" #queue section ID
 
 	config_get is_enable "$qid" "enable"
 
@@ -80,35 +124,33 @@ handle_queue() {
 	fi
 
 	# This is to get the qid per interface.
-	if [ "$intf_name" != "$ifname" ]; then
-		return
+	if [ "$INTF_NAME" == $ifname ]; then
+		Q_COUNT=$((Q_COUNT + 1))
+	else
+		Q_COUNT='0'
 	fi
 
-	local precedence_file="/tmp/qos/$ifname/q_order"
+	INTF_NAME=$ifname
 
-	local temp_order=0
-	while read -r line; do
-		line_qid=${line: -1}
-		if [ "$line_qid" == "$Q_COUNT" ]; then
-			break
-		fi
-		temp_order=$((temp_order + 1))
-	done < "$precedence_file"
+	local total_q=$(cat /tmp/qos/queue_stats/$ifname/q_idx)
+	q_no=`expr $total_q - 1` local
+	precedence_file="/tmp/qos/$ifname/q_order"
 
-	# for sp queue, no matter what the precedence value is configured in the uci file
-	# broadcom recommends that the highest precedence queue should have priority value
-	#7, the next priority q 6 and so on.
-	# Here, we have the index of the queue when sorted by precedence value in the file
-	# precedence_file so the order is calculated accordingly.
-	local order=`expr $SP_Q_PRIO - $temp_order`
+	# TR181 suggests lower the precedence value higher the priority
+	# but in the chip its the opposite ie lower the value, lower
+	# the priority of queue on this chip. So we need to reverse the
+	# precedence value.
+	precedence="$(grep -i q${Q_COUNT} $precedence_file)"
+	precedence=${precedence%_*}
+	order=`expr $q_no - $precedence`
 
 	config_get sc_alg "$qid" "scheduling"
-	config_get wgt "$qid" "weight" 1
+	config_get wgt "$qid" "weight"
 	config_get rate "$qid" "rate"
 	config_get bs "$qid" "burst_size"
 	config_get qsize "$qid" "queue_size" 1024
 
-	local salg=1
+	salg=1
 
 	case "$sc_alg" in
 		"SP") salg=1
@@ -121,15 +163,31 @@ handle_queue() {
 		;;
 	esac
 
-	# ignore precedence value in case of WRR, broadcom recommends that WRR queue should
-	# always have precedence value set to 0
+	# ignore precedence value in case of WRR
 	if [ $salg -eq 2 ]; then
 	       order=0
 	fi
 
 	# Call tmctl which is a broadcomm command to configure queues on a port.
 	tmctl setqcfg --devtype 0 --if $ifname --qid $Q_COUNT --priority $order --qsize $qsize --weight $wgt --schedmode $salg --shapingrate $rate --burstsize $bs
-	Q_COUNT=$((Q_COUNT + 1))
+
+	# In BCM968 chips, the counters for queues are read, on other model, its read and reset. So, to maintain counter
+	# value and uniform behaviour, we are storing counter value for each queue in files
+	local d_name="/tmp/qos/queue_stats/${ifname}/q_${Q_COUNT}"
+	mkdir $d_name
+	local f_name="$d_name/txPackets"
+	touch $f_name
+	echo 0 > $f_name
+	f_name="$d_name/txBytes"
+	touch $f_name
+	echo 0 > $f_name
+	f_name="$d_name/droppedPackets"
+	touch $f_name
+	echo 0 > $f_name
+	f_name="$d_name/droppedBytes"
+	touch $f_name
+	echo 0 > $f_name
+
 }
 
 #function to handle a policer section
@@ -234,7 +292,6 @@ flush_chains() {
 
 init_broute_rule() {
 	BR_RULE=""
-	BR6_RULE=""
 }
 
 broute_filter_on_src_if() {
@@ -270,82 +327,6 @@ broute_filter_on_ether_type() {
 	BR_RULE="$BR_RULE --proto $1"
 }
 
-broute_filter_on_ether_type6() {
-	BR6_RULE="$BR6_RULE --proto IPv6"
-}
-
-ebt_match_src_ip() {
-        BR_RULE="$BR_RULE --ip-src $1"
-}
-
-ebt_match_dst_ip() {
-        BR_RULE="$BR_RULE --ip-dst $1"
-}
-
-ebt_match_ipv6_src_ip() {
-        BR_RULE="$BR_RULE --ip6-src $1"
-}
-
-ebt_match_ipv6_dst_ip() {
-        BR_RULE="$BR_RULE --ip6-dst $1"
-}
-
-ebt_match_ip_src_port() {
-        BR_RULE="$BR_RULE --ip-source-port $1"
-}
-
-ebt_match_ip_dst_port() {
-        BR_RULE="$BR_RULE --ip-destination-port $1"
-}
-
-ebt_match_ipv6_src_port() {
-	#when ethertype is not configured by user then both proto rules of ipv4
-	#and ipv6 to be installed so update BR6_RULE string as well otherwise
-	#update BR_RULE only for installation of ipv6 proto rule only.
-	if [ ! -z "$BR6_RULE" ]; then
-		BR6_RULE="$BR6_RULE --ip6-source-port $1"
-	else
-		BR_RULE="$BR_RULE --ip6-source-port $1"
-	fi
-}
-
-ebt_match_ipv6_dst_port() {
-	#when ethertype is not configured by user then both proto rules of ipv4
-	#and ipv6 to be installed so update BR6_RULE string as well otherwise
-	#update BR_RULE only for installation of ipv6 proto rule only.
-	if [ ! -z "$BR6_RULE" ]; then
-		BR6_RULE="$BR6_RULE --ip6-destination-port $1"
-	else
-		BR_RULE="$BR_RULE --ip6-destination-port $1"
-	fi
-}
-
-ebt_match_ip_protocol() {
-        BR_RULE="$BR_RULE --ip-proto $1"
-}
-
-ebt_match_ipv6_protocol() {
-	#when ethertype is not configured by user then both proto rules of ipv4
-	#and ipv6 to be installed so update BR6_RULE string as well otherwise
-	#update BR_RULE only for installation of ipv6 proto rule only.
-	if [ ! -z "$BR6_RULE" ]; then
-		BR6_RULE="$BR6_RULE --ip6-proto $1"
-	else
-		BR_RULE="$BR_RULE --ip6-proto $1"
-	fi
-}
-
-ebt_match_ipv6_dscp() {
-	#when ethertype is not configured by user then both proto rules of ipv4
-	#and ipv6 to be installed so update BR6_RULE string as well otherwise
-	#update BR_RULE only for installation of ipv6 proto rule only.
-	if [ ! -z "$BR6_RULE" ]; then
-		BR6_RULE="$BR6_RULE --ip6-tclass $1"
-	else
-		BR_RULE="$BR_RULE --ip6-tclass $1"
-	fi
-}
-
 broute_filter_on_dscp() {
 	# The broadcom option --ip-dscp-extend actually accepts tos
 	# and not dscp and that too in hex, hence, perform the conversion
@@ -356,11 +337,6 @@ broute_filter_on_dscp() {
 }
 
 broute_filter_on_vid() {
-
-	if [ $1 -lt 0 ]; then
-		return
-	fi
-
 	case "$BR_RULE" in
 	*proto*)
 		BR_RULE="$BR_RULE --vlan-id $1"
@@ -372,145 +348,11 @@ broute_filter_on_vid() {
 }
 
 broute_rule_set_traffic_class() {
-	#when ethertype is not configured by user then both proto rules of ipv4
-	#and ipv6 to be installed so update BR6_RULE string as well otherwise
-	#update BR_RULE only for installation of ipv6 proto rule only.
 	BR_RULE="$BR_RULE -j mark --mark-or 0x$1 --mark-target ACCEPT"
-	if [ ! -z "$BR6_RULE" ]; then
-		BR6_RULE="$BR6_RULE -j mark --mark-or 0x$1 --mark-target ACCEPT"
-	fi
 }
 
 broute_append_rule() {
-	#when ethertype is not configured by user then both proto rules of ipv4
-	#and ipv6 to be installed otherwise install ipv6 proto rule only.
 	echo "ebtables -t broute -A qos $BR_RULE" >> /tmp/qos/classify.ebtables
-	if [ -n "$BR6_RULE" ]; then
-		echo "ebtables -t broute -A qos $BR6_RULE" >> /tmp/qos/classify.ebtables
-	fi
-}
-
-set_ip_addr()
-{
-        local cid=$1
-        local match_src_ip_func=$2
-        local match_dst_ip_func=$3
-
-        config_get src_ip "$cid" "src_ip"
-        config_get dst_ip "$cid" "dest_ip"
-
-        if [ ! -z "$src_ip" ]; then
-                $match_src_ip_func "$src_ip"
-        fi
-
-        if [ ! -z "$dst_ip" ]; then
-                $match_dst_ip_func "$dst_ip"
-        fi
-}
-
-set_ports()
-{
-        local cid=$1
-        local match_src_port_func=$2
-        local match_dst_port_func=$3
-	local src_port=""
-	local dst_port=""
-	local src_port_range=""
-	local dst_port_range=""
-
-        config_get src_port "$cid" "src_port"
-        config_get dst_port "$cid" "dest_port"
-        config_get src_port_range "$cid" "src_port_range"
-        config_get dst_port_range "$cid" "dest_port_range"
-
-        if ! [ -z $src_port ] && ! [ -z $src_port_range ]; then
-                $match_src_port_func "$src_port:$src_port_range"
-        elif [ ! -z $src_port ]; then
-                $match_src_port_func $src_port
-        fi
-
-        if ! [ -z $dst_port ] && ! [ -z $dst_port_range ]; then
-                $match_dst_port_func "$dst_port:$dst_port_range"
-        elif [ ! -z $dst_port ]; then
-                $match_dst_port_func $dst_port
-	fi
-}
-
-protocol_string_to_num()
-{
-        local value=-1
-
-        case "$1" in
-		*[0-9]*)	value="$1"
-                ;;
-                TCP|tcp)        value=6
-                ;;
-                UDP|udp)        value=17
-                ;;
-                ICMP|icmp)      value=1
-                ;;
-                ICMPv6|icmpv6)  value=58
-                ;;
-                IGMP|igmp)      value=2
-                ;;
-                SCTP|sctp)      value=132
-                ;;
-                *) value=-1
-                ;;
-        esac
-        echo $value
-}
-
-broute_ipv4_rule_options()
-{
-	local cid=$1
-	config_get protocol "$cid" "proto"
-	config_get dscp_filter "$cid" "dscp_filter"
-
-	set_ip_addr $cid ebt_match_src_ip ebt_match_dst_ip
-
-	if [ ! -z $dscp_filter ]; then
-		broute_filter_on_dscp "$dscp_filter"
-	fi
-
-	if [ ! -z $protocol ]; then
-		local proto_num=$(protocol_string_to_num "$protocol")
-		ebt_match_ip_protocol "$proto_num"
-
-		#port installation for protol tcp/udp/sctp
-		if [ $proto_num = "6" ] || [ $proto_num = "17" ] || [ $proto_num = "132" ] ; then
-			set_ports "$cid" ebt_match_ip_src_port ebt_match_ip_dst_port
-		fi
-	fi
-}
-
-broute_ipv6_rule_options()
-{
-	local cid=$1
-
-	config_get protocol "$cid" "proto"
-	config_get dscp_filter "$cid" "dscp_filter"
-
-	set_ip_addr $cid ebt_match_ipv6_src_ip ebt_match_ipv6_dst_ip
-
-	if [ ! -z $dscp_filter ]; then
-		local tos_val
-		local tos_hex
-
-		tos_val=$(($dscp_filter<<2))
-		tos_hex=$(printf "%x" $tos_val)
-		ebt_match_ipv6_dscp "$tos_hex"
-	fi
-
-	if [ ! -z $protocol ]; then
-		local proto_num=$(protocol_string_to_num "$protocol")
-		ebt_match_ipv6_protocol "$proto_num"
-
-		#port installation for protol tcp/udp/sctp
-		if [ $proto_num = "6" ] || [ $proto_num = "17" ] || [ $proto_num = "132" ]; then
-			set_ports "$cid" ebt_match_ipv6_src_port ebt_match_ipv6_dst_port
-		fi
-	fi
 }
 
 handle_ebtables_rules() {
@@ -518,8 +360,6 @@ handle_ebtables_rules() {
 	local is_l2_rule=0
 	local src_dhcp_options=""
 	local dst_dhcp_options=""
-	local protocol=""
-	local ip_version=""
 
 	init_broute_rule
 
@@ -537,9 +377,8 @@ handle_ebtables_rules() {
 	config_get dst_clid "$sid" "dst_client_id" # dhcp option 61
 	config_get src_ucid "$sid" "src_user_class_id" # dhcp option 77
 	config_get dst_ucid "$sid" "dst_user_class_id" # dhcp option 77
-	config_get traffic_class "$sid" "traffic_class"
-	config_get protocol "$sid" "proto"
 
+	config_get traffic_class "$sid" "traffic_class"
 
 	if [ -n "$src_if" ]; then
 		for interf in $(db -q get hw.board.ethernetPortOrder); do
@@ -566,6 +405,13 @@ handle_ebtables_rules() {
 		is_l2_rule=1
 	fi
 
+	if [ -n "$dscp_filter" ]; then
+		# filter on ethertype and proto is same thing
+		broute_filter_on_ether_type IPv4
+		broute_filter_on_dscp $dscp_filter
+		is_l2_rule=1
+	fi
+
 	if [ -n "$eth_type" ]; then
 		broute_filter_on_ether_type $eth_type
 		is_l2_rule=1
@@ -576,47 +422,6 @@ handle_ebtables_rules() {
 		is_l2_rule=1
 	fi
 
-	case $eth_type in
-	IPv4|IPV4|0800)
-			ip_version=4
-		;;
-	IPv6|IPV6|86DD)
-			ip_version=6
-		;;
-	*)
-		if [ -z "$eth_type" ]; then
-			case $src_ip$dest_ip in
-			*.*)
-				ip_version=4
-				broute_filter_on_ether_type "IPv4"
-				;;
-			*:*)
-				ip_version=6
-				broute_filter_on_ether_type "IPv6"
-				;;
-			*)
-				if [ -n "$protocol" ] || [ -n "$dscp_filter" ]; then
-					ip_version=1 #neither ether_type nor ip address used
-					#ethertype is not configured by user so install 
-					#both proto ipv4 and ipv6 rule
-					BR6_RULE="$BR_RULE"
-					broute_filter_on_ether_type "IPv4"
-					broute_filter_on_ether_type6 "IPv6"
-				fi
-			esac
-		fi
-	esac
-
-	if [ $ip_version = "4" ] || [ $ip_version = "1" ]; then
-		broute_ipv4_rule_options "$sid"
-		is_l2_rule=1
-	fi
-
-	if [ $ip_version = "6" ] || [ $ip_version = "1" ]; then
-		broute_ipv6_rule_options "$sid"
-		is_l2_rule=1
-	fi
-
 	# first process options that will help figure our source mac address
 	# dhcp option for "vendor class id"
 	if [ -n "$src_vcid" ]; then
@@ -947,7 +752,12 @@ handle_policer_rules() {
 		return
 	fi
 
-	config_ingress_rate_limit $ifname $ingress_rate $in_burst_size
+	# The policer object is not available on non BCM968* chips
+	if [ $POLICER_SKIP -eq 1 ]; then
+		assign_policer_to_port $ifname $pindex
+	else
+		config_ingress_rate_limit $ifname $ingress_rate $in_burst_size
+	fi
 
 }
 
@@ -1034,20 +844,23 @@ configure_classify() {
 
 pre_configure_queue() {
 	# Delete queues
+	rm -rf /tmp/qos/queue_stats
+
 	for intf in $(db get hw.board.ethernetPortOrder); do
 		rm -rf /tmp/qos/$intf
 
-		mkdir -p /tmp/qos/$intf
-		touch /tmp/qos/$intf/q_order
-		touch /tmp/qos/$intf/q_idx
-		echo 0 > /tmp/qos/$intf/q_idx
-
-		tmctl porttminit --devtype 0 --if $intf --numqueues 8
-
+		mkdir -p /tmp/qos/queue_stats/$intf
+		touch /tmp/qos/queue_stats/$intf/q_idx
+		echo 0 > /tmp/qos/queue_stats/$intf/q_idx
 		i=0
 		for i in 0 1 2 3 4 5 6 7; do
 			tmctl delqcfg --devtype 0 --if $intf --qid $i &>/dev/null
 		done
+		tmctl porttminit --devtype 0 --if $intf --flag 0 --numqueues 8
+
+		mkdir -p /tmp/qos/$intf
+		touch /tmp/qos/$intf/q_order
+		touch /tmp/qos/$intf/q_precedence
 	done
 }
 
@@ -1055,29 +868,24 @@ configure_queue() {
 	# Load UCI file
 	config_load qos
 	config_foreach handle_q_order queue
-	sort_by_precedence
-	for interf in $(db -q get hw.board.ethernetPortOrder); do
-		Q_COUNT=0
-		# sp queue have max priority value = no. of queue configured on the port
-		# hence read and update SP_Q_PRIO here
-		local q_no=$(cat /tmp/qos/$interf/q_idx)
-		SP_Q_PRIO=`expr $q_no - 1`
-		config_foreach handle_queue queue $interf
-	done
+	map_precedence
+	config_foreach handle_queue queue
 }
 
 configure_policer() {
 	# The policer object is not available on non BCM968* chips, just clean up
 	# the old config if any and return
-	for intf in $(db get hw.board.ethernetPortOrder); do
-		local unitport="$(get_port_number $intf)"
-		local unit=$(echo $unitport | cut -d ' ' -f 1)
-		local port=$(echo $unitport | cut -d ' ' -f 2)
-		# setting rate and burst size to 0 disables rate limiting
-		if [ $port != "" -a $unit != "" ]; then
-			ethswctl -c rxratectrl -n $unit -p $port -x 0 -y 0
-		fi
-	done
+	if [ $POLICER_SKIP -eq 0 ]; then
+		for intf in $(db get hw.board.ethernetPortOrder); do
+			local unitport="$(get_port_number $intf)"
+			local unit=$(echo $unitport | cut -d ' ' -f 1)
+			local port=$(echo $unitport | cut -d ' ' -f 2)
+			# setting rate and burst size to 0 disables rate limiting
+			if [ $port != "" -a $unit != "" ]; then
+				ethswctl -c rxratectrl -n $unit -p $port -x 0 -y 0
+			fi
+		done
+	fi
 
 	# Delete policer
 	local i=0
@@ -1116,7 +924,11 @@ configure_qos() {
 
 reload_qos() {
 	local service_name="$1"
-	local cpu_model="$(cat /proc/socinfo  | grep 'SoC Name' | cut -d':' -f2)"
+	local cpu_model="$(brcm_fw_tool -k info)"
+
+	case $cpu_model in
+		68*|6755) POLICER_SKIP=1 ;;
+	esac
 
 	if [ -z "$service_name" ]; then
 		configure_qos

questd/Makefile

@@ -1,20 +1,21 @@
 #
-# Copyright (C) 2013-2022 iopsys
+# Copyright (C) 2013-2020 iopsys
 #
 
 include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=questd
-PKG_VERSION:=5.2.4
+PKG_VERSION:=5.2.3
 
-LOCAL_DEV:=0
-ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_VERSION:=cf54bd65ec821ac67f3aa1caeebcd3ea9aae07ad
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/questd
-PKG_SOURCE_VERSION:=2ca3ae0c29dcbbf01282f6118eb8d5e5bc9a1c45
+
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
-endif
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=LICENSE
@@ -22,6 +23,8 @@ PKG_LICENSE_FILES:=LICENSE
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 
+PKG_INSTALL:=
+
 define Package/questd
 	CATEGORY:=Utilities
 	DEPENDS:=+libuci +libubox +ubus +libpthread
@@ -33,13 +36,6 @@ define Package/questd/description
 	this information via ubus
 endef
 
-ifeq ($(LOCAL_DEV),1)
-CMAKE_OPTIONS:=-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON
-define Build/Prepare
-	$(CP) -rf ~/git/code/questd/* $(PKG_BUILD_DIR)/
-endef
-endif
-
 define Package/questd/install
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/sbin