emctrl2: example easymesh controller dm package

- Optimize CPU usages
- Remove support to delete all instances at once

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.9.6
+PKG_VERSION:=1.10.0
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=6730d2784bbac93d87705db83a5157eaeb436f7d
+PKG_SOURCE_VERSION:=75195a112e3aef2b07e224afbbffcb15368be58f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -100,29 +100,37 @@ endif
 define Package/libbbfdm-api/install
 	$(INSTALL_DIR) $(1)/lib
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm-api/libbbfdm-api.so $(1)/lib/
+
 	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
 	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/libexec/rpcd/bbf.secure $(1)/usr/libexec/rpcd/bbf.secure
 	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/libexec/rpcd/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
-	$(INSTALL_DIR) $(1)/etc/bbfdm
+
+	$(INSTALL_DIR) $(1)/usr/share/bbfdm/scripts/
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_api $(1)/usr/share/bbfdm/scripts/
+
 	$(INSTALL_DIR) $(1)/etc/bbfdm/certificates
 	echo "$(CONFIG_BBF_OBFUSCATION_KEY)" > $(1)/etc/bbfdm/.secure_hash
 endef
 
 define Package/libbbfdm/install
-	$(INSTALL_DIR) $(1)/lib
-	$(INSTALL_DIR) $(1)/etc/bbfdm
 	$(INSTALL_DIR) $(1)/etc/bbfdm/dmmap
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
+
 	$(INSTALL_DIR) $(1)/usr/share/bbfdm/
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm/libbbfdm.so $(1)/usr/share/bbfdm/libbbfdm.so
+
+	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/bbf $(1)/lib/upgrade/keep.d/bbf
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-fix-bbfdmd-enabled-option $(1)/etc/uci-defaults/
+
 ifeq ($(findstring iopsys,$(CONFIG_BBF_VENDOR_LIST)),iopsys)
 	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/libbbfdm/dmtree/vendor/iopsys/libbbfdm_iopsys_ext.so $(1)
 endif
+
 	$(INSTALL_DIR) $(1)/usr/share/bbfdm/scripts/
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm/scripts/* $(1)/usr/share/bbfdm/scripts/
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_activate_handler.sh $(1)/usr/share/bbfdm/scripts/
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_check_idle.sh $(1)/usr/share/bbfdm/scripts/
 endef
 
 define Package/libbbfdm/prerm

bulkdata/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.10
+PKG_VERSION:=2.1.11
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=e472e90feec31d9f318ea8c732ab564002e25db1
+PKG_SOURCE_VERSION:=5dd9cd3cfc95e9dce5f64fe9cadd274bb31b8fa6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

bulkdata/files/etc/init.d/bulkdatad

@@ -12,12 +12,21 @@ start_service() {
 	config_load bulkdata
 	config_get_bool enable bulkdata enable 1
 
-	[ "$enable" -eq "1" ] && {
+	if [ ! -f "/var/state/bulkdatad" ]; then
+		touch /var/state/bulkdatad
+		uci -q -c /var/state set bulkdatad.global='global'
+		uci -q -c /var/state commit bulkdatad
+	fi
+
+	if [ "$enable" -eq "1" ]; then
 		procd_open_instance "bulkdata"
 		procd_set_param command "$PROG"
 		procd_set_param respawn
 		procd_close_instance "bulkdata"
-	}
+	else
+		uci -q -c /var/state set bulkdatad.global.status='Disabled'
+		uci -q -c /var/state commit bulkdatad
+	fi
 }
 
 reload_service() {

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.6.6
+PKG_VERSION:=3.6.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=85c173d1fac535726b2e750be8c282b74fb7dbca
+PKG_SOURCE_VERSION:=98999eb75755f79a3c8a7e802e024b42914d1efc
 PKG_MIRROR_HASH:=skip
 endif
 

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.6
+PKG_VERSION:=1.0.7
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=03d8d79c1221adb92b5789c03e2489d26c6ae184
+PKG_SOURCE_VERSION:=f6223f6034a57753ae9d1552ab1334194b1deaff
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

dslmngr/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dslmngr
-PKG_VERSION:=1.2.5
+PKG_VERSION:=1.2.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
-PKG_SOURCE_VERSION:=4a6f6f829006e481eeb20bcb121f7938d12c60ec
+PKG_SOURCE_VERSION:=2b1ecbd2079dbd88ed6d58b277b91dcf5038d869
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_MIRROR_HASH:=skip

ebtables-extensions/Makefile

@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ebtables-extensions
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.4
 PKG_LICENSE:=GPL-2.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=d3de8b0ac52ce9f96ef5a0a6277a6730879fc793
+PKG_SOURCE_VERSION:=35fb79f95c47d90e3791c7e126048b451f078f24
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ebtables-extensions.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

emctrl2/Makefile

@@ -0,0 +1,29 @@
+#
+# Copyright (C) 2020-2024 iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=emctrl2
+PKG_VERSION:=1.0.0
+
+PKG_LICENSE:=BSD-3-Clause
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/emctrl2
+ CATEGORY:=Utilities
+ TITLE:= EasyMesh Controller V2
+ DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api
+endef
+
+define Package/emctrl2/description
+	Em Controller to provide extended WiFi DataElement features
+endef
+
+define Package/emctrl2/install
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/libemctrl2.so $(1) wifidmd
+endef
+
+$(eval $(call BuildPackage,emctrl2))

emctrl2/src/Makefile

@@ -0,0 +1,21 @@
+LIBOUT := libemctrl2.so
+
+LIBOBJS := datamodel_override.o
+
+PROG_CFLAGS = $(CFLAGS) -Wno-unused-parameter -fstrict-aliasing -g
+LIB_LDFLAGS = $(LDFLAGS)
+
+FPIC := -fPIC
+
+.PHONY: all
+
+%.o: %.c
+	$(CC) $(PROG_CFLAGS) $(FPIC) -c -o $@ $<
+
+all: $(LIBOUT)
+
+$(LIBOUT): $(LIBOBJS)
+	$(CC) $(PROG_CFLAGS) $(LIB_LDFLAGS) -shared -o $@ $^
+
+clean:
+	rm -f *.o $(LIBOUT)

emctrl2/src/datamodel_override.c

@@ -0,0 +1,546 @@
+/*
+ * Copyright (C) 2023 iopsys Software Solutions AB
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ *	Author: <Name> <Surname> <name.surname@iopsys.eu>
+ */
+
+#include <libbbfdm-api/dmcommon.h>
+
+
+/*************************************************************
+* ENTRY METHOD
+**************************************************************/
+static int browseWiFiDataElementsNetworkSSIDInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+{
+	//TODO
+	struct dm_data *curr_data = NULL;
+	char *inst = NULL, *mld_id = NULL;
+
+	// loop to create multiple multi-instance objects
+	for(int i=0; i<=1; i++) {
+		char inst[3] = {0};
+
+		// inst is instance number for the object
+		snprintf(inst, sizeof(inst), "%d", i+1);
+		// This API creates instance, curr_data is to pass some instance specific information to child object, children can access this info from *prev_data
+		if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)curr_data, inst) == DM_STOP)
+			break;
+	}
+	return 0;
+}
+
+static int browseWiFiDataElementsNetworkDeviceDefault8021QInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+{
+	//TODO
+	BBF_ERR("Debug print");
+	// Instances can be created statically as well
+	DM_LINK_INST_OBJ(dmctx, parent_node, prev_data, "1");
+	return 0;
+}
+
+static int browseWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+{
+	//TODO
+	BBF_ERR("Debug print");
+	return 0;
+}
+
+/*************************************************************
+* ADD & DEL OBJ
+**************************************************************/
+static int addObjWiFiDataElementsNetworkDeviceDefault8021Q(char *refparam, struct dmctx *ctx, void *data, char **instance)
+{
+	//TODO
+	return 0;
+}
+
+static int delObjWiFiDataElementsNetworkDeviceDefault8021Q(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action)
+{
+	//TODO
+	return 0;
+}
+
+/*************************************************************
+* GET & SET PARAM
+**************************************************************/
+static int get_WiFiDataElementsNetwork_SSIDNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	int cnt = get_number_of_entries(ctx, data, instance, browseWiFiDataElementsNetworkSSIDInst);
+	dmasprintf(value, "%d", cnt);
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_SSID(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_Band(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_AKMsAllowed(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_SuiteSelector(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_AdvertisementEnabled(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_MFPConfig(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_MobilityDomain(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_HaulType(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDevice_TrafficSeparationAllowed(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDevice_Default8021QNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	int cnt = get_number_of_entries(ctx, data, instance, browseWiFiDataElementsNetworkDeviceDefault8021QInst);
+	dmasprintf(value, "%d", cnt);
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceDefault8021Q_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int set_WiFiDataElementsNetworkDeviceDefault8021Q_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+	switch (action)	{
+		case VALUECHECK:
+			if (bbfdm_validate_boolean(ctx, value))
+				return FAULT_9007;
+			break;
+		case VALUESET:
+			//TODO
+			break;
+	}
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int set_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+	switch (action)	{
+		case VALUECHECK:
+			if (bbfdm_validate_unsignedInt(ctx, value, RANGE_ARGS{{NULL,"4095"}}, 1))
+				return FAULT_9007;
+			break;
+		case VALUESET:
+			//TODO
+			break;
+	}
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int set_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+	switch (action)	{
+		case VALUECHECK:
+			if (bbfdm_validate_unsignedInt(ctx, value, RANGE_ARGS{{NULL,"7"}}, 1))
+				return FAULT_9007;
+			break;
+		case VALUESET:
+			//TODO
+			break;
+	}
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_Time(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APOrigin(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_TriggerEvent(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringApproach(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APDestination(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringDuration(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_SteeringHistoryNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	int cnt = get_number_of_entries(ctx, data, instance, browseWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryInst);
+	dmasprintf(value, "%d", cnt);
+	return 0;
+}
+
+/*************************************************************
+* OPERATE COMMANDS
+**************************************************************/
+static operation_args wifidataelementsnetwork_settrafficseparation_args = {
+    .in = (const char *[]) {
+        "Enable",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetwork_SetTrafficSeparation(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetwork_settrafficseparation_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetwork_SetTrafficSeparation(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetwork_setpreferredbackhauls_args = {
+    .in = (const char *[]) {
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetwork_SetPreferredBackhauls(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetwork_setpreferredbackhauls_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetwork_SetPreferredBackhauls(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetwork_setssid_args = {
+    .in = (const char *[]) {
+        "SSID",
+        "Enable",
+        "AddRemoveChange",
+        "PassPhrase",
+        "Band",
+        "AKMsAllowed",
+        "SuiteSelector",
+        "AdvertisementEnabled",
+        "MFPConfig",
+        "MobilityDomain",
+        "HaulType",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetwork_SetSSID(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetwork_setssid_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetwork_SetSSID(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetwork_setmscsdisallowed_args = {
+    .in = (const char *[]) {
+        "MSCSDisallowedStaList",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static operation_args wifidataelementsnetworkdevice_setstasteeringstate_args = {
+    .in = (const char *[]) {
+        "Disallowed",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDevice_SetSTASteeringState(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdevice_setstasteeringstate_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDevice_SetSTASteeringState(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetworkdevicemultiapdevicebackhaul_steerwifibackhaul_args = {
+    .in = (const char *[]) {
+        "TargetBSS",
+        "Channel",
+        "TimeOut",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdevicemultiapdevicebackhaul_steerwifibackhaul_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetworkdeviceradio_channelscanrequest_args = {
+    .in = (const char *[]) {
+        "OpClass",
+        "ChannelList",
+        "ScanType",
+        "DwellTime",
+        "DFSDwellTime",
+        "HomeTime",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdeviceradio_channelscanrequest_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetworkdeviceradiobssstamultiapsta_btmrequest_args = {
+    .in = (const char *[]) {
+        "DisassociationImminent",
+        "DisassociationTimer",
+        "BSSTerminationDuration",
+        "ValidityInterval",
+        "SteeringTimer",
+        "TargetBSS",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdeviceradiobssstamultiapsta_btmrequest_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+/**********************************************************************************************************************************
+*                                            OBJ & PARAM DEFINITION
+***********************************************************************************************************************************/
+DMLEAF tWiFiDataElementsNetworkParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SSIDNumberOfEntries", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetwork_SSIDNumberOfEntries, NULL, BBFDM_BOTH},
+{"SetTrafficSeparation()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetwork_SetTrafficSeparation, operate_WiFiDataElementsNetwork_SetTrafficSeparation, BBFDM_USP},
+{"SetPreferredBackhauls()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetwork_SetPreferredBackhauls, operate_WiFiDataElementsNetwork_SetPreferredBackhauls, BBFDM_USP},
+{"SetSSID()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetwork_SetSSID, operate_WiFiDataElementsNetwork_SetSSID, BBFDM_USP},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.SSID.{i}. *** */
+DMLEAF tWiFiDataElementsNetworkSSIDParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SSID", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_SSID, NULL, BBFDM_BOTH},
+{"Band", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_Band, NULL, BBFDM_BOTH},
+{"Enable", &DMREAD, DMT_BOOL, get_WiFiDataElementsNetworkSSID_Enable, NULL, BBFDM_BOTH},
+{"AKMsAllowed", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_AKMsAllowed, NULL, BBFDM_BOTH},
+{"SuiteSelector", &DMREAD, DMT_HEXBIN, get_WiFiDataElementsNetworkSSID_SuiteSelector, NULL, BBFDM_BOTH},
+{"AdvertisementEnabled", &DMREAD, DMT_BOOL, get_WiFiDataElementsNetworkSSID_AdvertisementEnabled, NULL, BBFDM_BOTH},
+{"MFPConfig", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_MFPConfig, NULL, BBFDM_BOTH},
+{"MobilityDomain", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_MobilityDomain, NULL, BBFDM_BOTH},
+{"HaulType", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_HaulType, NULL, BBFDM_BOTH},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network. *** */
+DMOBJ tWiFiDataElementsNetworkObj[] = {
+/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys */
+{"SSID", &DMREAD, NULL, NULL, NULL, browseWiFiDataElementsNetworkSSIDInst, NULL, NULL, NULL, tWiFiDataElementsNetworkSSIDParams, NULL, BBFDM_BOTH, NULL},
+{0}
+};
+
+DMLEAF tWiFiDataElementsNetworkDeviceParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"TrafficSeparationAllowed", &DMREAD, DMT_BOOL, get_WiFiDataElementsNetworkDevice_TrafficSeparationAllowed, NULL, BBFDM_BOTH},
+{"SetSTASteeringState()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDevice_SetSTASteeringState, operate_WiFiDataElementsNetworkDevice_SetSTASteeringState, BBFDM_USP},
+{"Default8021QNumberOfEntries", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetworkDevice_Default8021QNumberOfEntries, NULL, BBFDM_BOTH},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.Device.{i}.Default8021Q.{i}. *** */
+DMLEAF tWiFiDataElementsNetworkDeviceDefault8021QParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"Enable", &DMWRITE, DMT_BOOL, get_WiFiDataElementsNetworkDeviceDefault8021Q_Enable, set_WiFiDataElementsNetworkDeviceDefault8021Q_Enable, BBFDM_BOTH},
+{"PrimaryVID", &DMWRITE, DMT_UNINT, get_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID, set_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID, BBFDM_BOTH},
+{"DefaultPCP", &DMWRITE, DMT_UNINT, get_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP, set_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP, BBFDM_BOTH},
+{0}
+};
+
+DMOBJ tWiFiDataElementsNetworkDeviceObj[] = {
+/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys, version*/
+{"Default8021Q", &DMWRITE, addObjWiFiDataElementsNetworkDeviceDefault8021Q, delObjWiFiDataElementsNetworkDeviceDefault8021Q, NULL, browseWiFiDataElementsNetworkDeviceDefault8021QInst, NULL, NULL, NULL, tWiFiDataElementsNetworkDeviceDefault8021QParams, NULL, BBFDM_BOTH, NULL},
+{0}
+};
+
+DMLEAF tWiFiDataElementsNetworkDeviceMultiAPDeviceBackhaulParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SteerWiFiBackhaul()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul, operate_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul, BBFDM_USP},
+{0}
+};
+
+
+DMLEAF tWiFiDataElementsNetworkDeviceRadioParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"ChannelScanRequest()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest, operate_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest, BBFDM_USP},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.BSS.{i}.STA.{i}.MultiAPSTA.SteeringHistory.{i}. *** */
+DMLEAF tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"Time", &DMREAD, DMT_TIME, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_Time, NULL, BBFDM_BOTH},
+{"APOrigin", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APOrigin, NULL, BBFDM_BOTH},
+{"TriggerEvent", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_TriggerEvent, NULL, BBFDM_BOTH},
+{"SteeringApproach", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringApproach, NULL, BBFDM_BOTH},
+{"APDestination", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APDestination, NULL, BBFDM_BOTH},
+{"SteeringDuration", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringDuration, NULL, BBFDM_BOTH},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.BSS.{i}.STA.{i}.MultiAPSTA. *** */
+DMOBJ tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAObj[] = {
+/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys */
+{"SteeringHistory", &DMREAD, NULL, NULL, NULL, browseWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryInst, NULL, NULL, NULL, tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryParams, NULL, BBFDM_BOTH, NULL},
+{0}
+};
+
+DMLEAF tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SteeringHistoryNumberOfEntries", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_SteeringHistoryNumberOfEntries, NULL, BBFDM_BOTH},
+{"BTMRequest()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest, operate_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest, BBFDM_USP},
+{0}
+};
+
+DM_MAP_OBJ tDynamicObj[] = {
+/* parentobj, nextobject, parameter */
+{"Device.WiFi.DataElements.Network.", tWiFiDataElementsNetworkObj, tWiFiDataElementsNetworkParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.", tWiFiDataElementsNetworkDeviceObj, tWiFiDataElementsNetworkDeviceParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.MultiAPDevice.Backhaul.", NULL, tWiFiDataElementsNetworkDeviceMultiAPDeviceBackhaulParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.", NULL, tWiFiDataElementsNetworkDeviceRadioParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.BSS.{i}.STA.{i}.MultiAPSTA.", tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAObj,tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAParams},
+{0}
+};

firewallmngr/Config.in

@@ -8,11 +8,5 @@ config FIREWALLMNGR_PORT_TRIGGER
 	help
 	   Set this option to include support for PortTrigger object.
 
-config FIREWALLMNGR_BACKEND_FIREWALLMNGR
-	bool "Include Firewallmanager uci"
-	default n
-	help
-	   Set this option to include support for firewallmngr uci.
-
 endmenu
 endif

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.4
+PKG_VERSION:=1.0.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=d4bdd162cf37b3373df2448a70dcb4fbc1113535
+PKG_SOURCE_VERSION:=94246676dc2e2db29b94fcffec1be3cee3ec8e9f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -43,17 +43,13 @@ endef
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-	$(CP) -rf ./firewallmngr/* $(PKG_BUILD_DIR)/
+	$(CP) -rf ~/git/firewallmngr/* $(PKG_BUILD_DIR)/
 endef
 endif
 
 ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
 	TARGET_CFLAGS += -DINCLUDE_PORT_TRIGGER
 endif
-ifeq ($(CONFIG_FIREWALLMNGR_BACKEND_FIREWALLMNGR),y)
-	TARGET_CFLAGS += -DINCLUDE_BACKEND_FIREWALLMNGR
-
-endif
 
 define Package/firewallmngr/install
 	$(INSTALL_DIR) $(1)/etc/config
@@ -66,32 +62,13 @@ ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
 	$(INSTALL_DATA) ./files/port-trigger/etc/config/port-trigger $(1)/etc/config/
 	$(INSTALL_DATA) ./files/port-trigger/lib/port-trigger/port_trigger.sh $(1)/lib/port-trigger/
 endif
-ifeq ($(CONFIG_FIREWALLMNGR_BACKEND_FIREWALLMNGR),y)
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/lib/fwmngr
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) ./files/firewallmngr_backend_firewallmngr/etc/uci-defaults/00-firewallmngr $(1)/etc/uci-defaults/00-firewallmngr
-	$(INSTALL_DATA) ./files/firewallmngr_backend_firewallmngr/etc/config/firewallmngr  $(1)/etc/config/
-	$(INSTALL_BIN) ./files/firewallmngr_backend_firewallmngr/etc/init.d/firewallmngr  $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/firewallmngr_backend_firewallmngr/lib/fwmngr/fwmngr.sh  $(1)/lib/fwmngr/
-	$(INSTALL_DATA) ./files/firewallmngr_backend_firewallmngr/lib/fwmngr/fwmngr_functions.sh  $(1)/lib/fwmngr/
-	$(INSTALL_DATA) ./files/firewallmngr_backend_firewallmngr/lib/fwmngr/uci_migration.sh  $(1)/lib/fwmngr/
-	$(INSTALL_BIN) ./files/firewallmngr_backend_firewallmngr/lib/fwmngr/is_intf_bridge  $(1)/lib/fwmngr/
-	$(INSTALL_BIN) ./files/firewallmngr_backend_firewallmngr/lib/fwmngr/firewallmngr_preconfig  $(1)/lib/fwmngr/
-	$(INSTALL_DATA) ./files/firewallmngr_backend_firewallmngr/lib/fwmngr/fwmngr_twamp.sh  $(1)/lib/fwmngr/
-
-	$(BBFDM_INSTALL_MS_DM) ./files/firewallmngr_backend_firewallmngr/etc/firewallmngr/firewallmngr.json $(1) $(PKG_NAME)
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libfirewallmngr.so $(1) $(PKG_NAME)
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/firewallmngr $(1)/usr/sbin
-else
 	$(INSTALL_BIN) ./files/firewall.portmap $(1)/etc/
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-portmap-firewall $(1)/etc/uci-defaults/
 
 	$(INSTALL_BIN) ./files/firewall.service $(1)/etc/
 	$(INSTALL_DATA) ./files/etc/uci-defaults/97-firewall-service $(1)/etc/uci-defaults/
+
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libfirewallmngr.so $(1) $(PKG_NAME)
-endif
 endef
 
 $(eval $(call BuildPackage,firewallmngr))

firewallmngr/files/firewallmngr_backend_firewallmngr/etc/bbfdm/micro_services/firewallmngr.json

@@ -1,18 +0,0 @@
-{
-	"daemon": {
-		"config": {
-			"loglevel": "4"
-		},
-		"input": {
-			"type": "JSON",
-			"name": "/etc/firewallmngr/firewallmngr.json",
-			"plugin_dir": "/etc/firewallmngr/plugins"
-		},
-		"output": {
-			"type": "UBUS",
-			"parent_dm": "Device.",
-			"root_obj": "bbfdm",
-			"multiple_objects": ["Firewall","NAT"]
-		}
-	}
-}

firewallmngr/files/firewallmngr_backend_firewallmngr/etc/config/firewallmngr

@@ -1,160 +0,0 @@
-config firewall 'firewall'
-	option enable '1'
-	option config 'Advanced'
-	option advanced_level 'level1'
-
-config level 'level1'
-	option name 'level1'
-	option chain 'chain1'
-	option port_mapping_enabled '1'
-	option default_policy 'reject'
-	option default_log_policy '0'
-	option enable '1'
-
-config chain 'chain1'
-	option enable '1'
-	option name 'chain1'
-
-config rule 'default_rule_0'
-	option chain 'chain1'
-	option enable '1'
-	option order '1'
-	option name 'Allow-DHCP-Renew'
-	option target 'Accept'
-	option src 'wan'
-	option family '4'
-	option proto '17'
-	option dest_port '68'
-
-config rule 'default_rule_1'
-	option chain 'chain1'
-	option enable '1'
-	option order '2'
-	option name 'Allow-Ping'
-	option target 'Accept'
-	option src 'wan'
-	list icmp_type 'echo-request'
-	option family '4'
-	option proto '1'
-
-config rule 'default_rule_2'
-	option chain 'chain1'
-	option enable '1'
-	option order '3'
-	option name 'Allow-IGMP'
-	option target 'Accept'
-	option src 'wan'
-	option family '4'
-	option proto '2'
-
-config rule 'default_rule_3'
-	option chain 'chain1'
-	option enable '1'
-	option order '4'
-	option name 'Allow-DHCPv6'
-	option target 'Accept'
-	option src 'wan'
-	option family '6'
-	option proto '17'
-	option dest_port '546'
-
-config rule 'default_rule_4'
-	option chain 'chain1'
-	option enable '1'
-	option order '5'
-	option name 'Allow-MLD'
-	option target 'Accept'
-	option src 'wan'
-	option family '6'
-	option src_ip 'fe80::'
-	option source_mask 'fe80::/10'
-	list icmp_type '130/0'
-	list icmp_type '131/0'
-	list icmp_type '132/0'
-	list icmp_type '143/0'
-	option proto '1'
-
-config rule 'default_rule_5'
-	option chain 'chain1'
-	option enable '1'
-	option order '6'
-	option name 'Allow-ICMPv6-Input'
-	option target 'Accept'
-	option src 'wan'
-	option family '6'
-	list icmp_type  'echo-request'
-	list icmp_type  'echo-reply'
-	list icmp_type  'destination-unreachable'
-	list icmp_type  'packet-too-big'
-	list icmp_type  'time-exceeded'
-	list icmp_type  'bad-header'
-	list icmp_type  'unknown-header-type'
-	list icmp_type  'router-solicitation'
-	list icmp_type  'neighbour-solicitation'
-	list icmp_type  'router-advertisement'
-	list icmp_type  'neighbour-advertisement'
-	option limit  '1000/sec'
-	option proto '1'
-
-config rule 'default_rule_6'
-	option chain 'chain1'
-	option enable '1'
-	option order '7'
-	option name 'Allow-ICMPv6-Forward'
-	option target 'Accept'
-	option src 'wan'
-	option dest_all_interfaces '1'
-	option family '6'
-	list icmp_type 'echo-request'
-	list icmp_type 'echo-reply'
-	list icmp_type 'destination-unreachable'
-	list icmp_type 'packet-too-big'
-	list icmp_type 'time-exceeded'
-	list icmp_type 'bad-header'
-	list icmp_type 'unknown-header-type'
-	option limit  '1000/sec'
-	option proto '1'
-
-config rule 'default_rule_7'
-	option chain 'chain1'
-	option enable '1'
-	option order '8'
-	option name 'Allow-IPSec-ESP'
-	option target 'Accept'
-	option src 'wan'
-	option dest 'lan'
-	option proto '50'
-
-config rule 'default_rule_8'
-	option chain 'chain1'
-	option enable '1'
-	option order '9'
-	option name 'Allow-ISAKMP'
-	option target 'Accept'
-	option src 'wan'
-	option dest 'lan'
-	option proto '17'
-	option dest_port '500'
-
-config rule 'default_rule_9'
-	option chain 'chain1'
-	option enable '0'
-	option order '10'
-	option name 'Support-UDP-Traceroute'
-	option target 'Reject'
-	option src 'wan'
-	option family '4'
-	option proto '17'
-	option dest_port '33434'
-	option dest_port_range_max '33689'
-
-config rule 'default_forward_rule'
-	option chain 'chain1'
-	option enable '1'
-	option order '65535'
-	option name 'forward-rule'
-	option src 'lan'
-	option dest 'wan'
-	option proto '-1'
-	option target 'Accept'
-

firewallmngr/files/firewallmngr_backend_firewallmngr/etc/init.d/firewallmngr

@@ -1,27 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=18
-USE_PROCD=1
-
-USE_PROCD=1
-NAME=firewallmngr
-PROG=/usr/sbin/firewallmngr
-
-. /lib/fwmngr/fwmngr.sh
-
-
-start_service() {
-	configure_firewall
-	procd_open_instance firewallmngr
-	procd_set_param command ${PROG}
-	procd_set_param respawn
-	procd_close_instance
-}
-
-boot() {
-	start
-}
-
-service_triggers() {
-	procd_add_reload_trigger firewallmngr
-}

firewallmngr/files/firewallmngr_backend_firewallmngr/etc/uci-defaults/00-firewallmngr

@@ -1,28 +0,0 @@
-#!/bin/sh
-
-. /lib/fwmngr/fwmngr_functions.sh
-. /lib/fwmngr/uci_migration.sh
-
-
-rule_sec=$(uci show firewall | grep "=rule")
-[ -z "$rule_sec" ] && return
-rule_sec=$(echo $rule_sec | grep "fwmngr")
-
-if [ -z "$rule_sec" ]; then
-	generate_firewallmngr_config
-fi
-if [ -f /etc/firewall.ddos ]; then
-        uci -q get firewall.ddos || {
-                uci -q set firewall.ddos=include
-                uci -q set firewall.ddos.path="/etc/firewall.ddos"
-                uci -q set firewall.ddos.reload=1
-fi
-if [ -f /etc/firewall.protect_port ]; then
-        uci -q get firewall.protect_port || {
-                uci -q set firewall.protect_port='include'
-                uci -q set firewall.protect_port.path='/etc/firewall.protect_port'
-                uci -q set firewall.protect_port.reload='1'
-        }
-fi
-
-

firewallmngr/files/firewallmngr_backend_firewallmngr/lib/fwmngr/firewallmngr_preconfig

@@ -1,76 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-rule_max_order_val=0
-config_load firewallmngr
-
-firewallmngr_generate_nat_interface_setting() {
-	local intf="$1"
-	local is_bridge="false"
-	local masq="0"
-	local intf_dev
-	local type=""
-	local nat_intf_setting=""
-
-
-	type=$(uci -q get firewallmngr."$intf")
-	[ "$type" = "natif" ] && return
-
-	nat_intf_setting=$(uci  add "firewallmngr" "natif")
-	uci set firewallmngr."$nat_intf_setting".interface="$intf"
-
-	if [ $(/lib/fwmngr/is_intf_bridge "$intf") -eq 1 ]; then
-		uci set firewallmngr."$nat_intf_setting".enabled="0"
-	else
-		uci set firewallmngr."$nat_intf_setting".enabled="1"
-	fi
-
-	uci rename firewallmngr."$nat_intf_setting"="$intf"
-}
-
-firewallmngr_process_rule_interface() {
-	local rule="$1"
-	local src_intf=""
-	local dest_intf=""
-
-	config_get src_intf "$rule" "src"
-	config_get dest_intf "$rule" "dest"
-
-	[ -z "$src_intf" ] || firewallmngr_generate_nat_interface_setting "$src_intf"
-	[ -z "$dest_intf" ] || firewallmngr_generate_nat_interface_setting "$dest_intf"
-}
-
-firewallmngr_process_rule_param() {
-	local order=""
-	config_get order "$1" order
-
-	if [ -z "$order" ] || [ "$order" = "65535" ]; then
-		return
-	fi
-	rule_max_order_val=$(( rule_max_order_val + 1 ))
-	if [ ${order} -gt ${rule_max_order_val} ]; then
-		uci -q set firewallmngr."$1".order="$rule_max_order_val"
-		uci -q reorder firewallmngr."$1"=${rule_max_order_val}
-	fi
-
-	firewallmngr_process_rule_interface "$1"
-}
-
-firewallmngr_set_rule_order() {
-	local order=""
-	config_get order "$1" order
-
-	if [ -n "$order" ]; then
-		uci -q reorder firewallmngr."$1"=${order}
-		return
-	fi
-	rule_max_order_val=$(( rule_max_order_val + 1 ))
-	uci -q set firewallmngr."$1".order="$rule_max_order_val"
-	uci -q reorder firewallmngr."$1"=${rule_max_order_val}
-}
-
-config_foreach firewallmngr_process_rule_param rule
-config_foreach firewallmngr_set_rule_order rule
-
-uci commit firewallmngr

firewallmngr/files/firewallmngr_backend_firewallmngr/lib/fwmngr/fwmngr.sh

@@ -1,195 +0,0 @@
-#!/bin/sh
-#set -x
-
-. /lib/functions.sh
-. /lib/fwmngr/fwmngr_functions.sh
-
-
-fw_rule_sections=""
-fw_redirect_sections=""
-fw_include_sections=""
-
-clean_expiry() {
-	[ -f "/tmp/fw3.atjobs" ] || return
-	for job in $(cat /tmp/fw3.atjobs); do
-		atrm $job 2>/dev/null
-	done
-	rm -f /tmp/fw3.atjobs
-}
-
-schedule_expiry() {
-
-        [ -f "/usr/bin/at" ] || return
-
-        expire_at() {
-                local cfg=$1
-                local expiry atdate
-
-                config_get expiry $cfg expiry
-
-                [ -n "$expiry" ] || return
-
-                atdate="$(date +'%Y%m%d%H%M.%S' -d @$expiry)"
-
-                [ -n "$atdate" ] || return
-
-                sec=$(echo $atdate | cut -d. -f2)
-                at_date=$(echo $atdate | cut -d. -f1)
-
-                echo "sleep $sec && uci -q delete firewallmngr.$cfg; ubus call uci commit '{\"config\":\"firewallmngr\"}'" | \
-                        at -t $at_date 2>&1 | grep job | awk '{print$2}' >> /tmp/fw3.atjobs
-        }
-
-        config_foreach expire_at rule
-        config_foreach expire_at redirect
-}
-
-firewall_cleanup() {
-	local count=1
-
-	list=$(uci show firewall)
-        section_list=$(echo "$list" | grep "fwmngr")
-
-        section_list=$(echo "$section_list" | awk -F. '{ print $2 }')
-        section_list=$(echo "$section_list" | awk -F= '{ print $1 }')
-
-        fw_rule_sections=$(echo "$list" | grep -v fwmngr | grep "=rule")
-        fw_rule_sections=$(echo "$fw_rule_sections" | awk -F= '{ print $1 }')
-        fw_rule_sections=$(echo "$fw_rule_sections" | awk -F. '{ print $2 }')
-        fw_redirect_sections=$(echo "$list" | grep -v fwmngr | grep "=redirect")
-        fw_redirect_sections=$(echo "$fw_redirect_sections" | awk -F= '{ print $1 }')
-        fw_redirect_sections=$(echo "$fw_redirect_sections" | awk -F. '{ print $2 }')
-        fw_include_sections=$(echo "$list" | grep -v fwmngr | grep "=include")
-        fw_include_sections=$(echo "$fw_include_sections" | awk -F= '{ print $1 }')
-        fw_include_sections=$(echo "$fw_include_sections" | awk -F. '{ print $2 }')
-
-        for sec in $section_list; do
-                uci -q delete firewall."$sec"
-        done
-	uci commit firewall
-}
-
-firewallmngr_preload() {
-	firewall_cleanup
-
-	/lib/fwmngr/firewallmngr_preconfig
-}
-
-firewall_handle_section_dmz() {
-	local dmz_cfg="$1"
-	local dest_uci="$2"
-	local dmz_sec=""
-	local enable=""
-	local origin=""
-	local description=""
-	local interface=""
-	local dest_ip=""
-	local source_prefix=""
-	
-	config_get enable "$dmz_cfg" "enabled" 0
-	[ "$enable" = "1" ] || return
-	config_get dest_ip "$dmz_cfg" "dest_ip"
-	config_get interface "$dmz_cfg" "interface"
-	if [ -z "$dest_ip" ] || [ -z "$interface" ]; then
-		return
-	fi
-	config_get origin "$dmz_cfg" "origin"
-	config_get description "$dmz_cfg" "description"
-	config_get source_prefix "$dmz_cfg" "source_prefix"
-
-	if [ "$dest_uci" = "firewall" ]; then
-		zones=$(uci show firewall | grep "=zone")
-		for zn in zones; do
-			zn_arg=$(echo $zn | awk -F= '{ print $1 }')
-			if [ "$interface" = "$(uci -q get $zn_arg.network)" ]; then
-				zn_name=$(uci -q get "$zn_arg".name)
-			fi
-		done
-	fi
-
-	dmz_sec=$(uci add "$dest_uci" redirect)
-	uci set "$dest_uci"."$dmz_sec".src="$zn_name"
-	uci set "$dest_uci"."$dmz_sec".enabled="1"
-	uci set "$dest_uci"."$dmz_sec".dest_ip="$dest_ip"
-	uci set "$dest_uci"."$dmz_sec".origin="$origin"
-	uci set "$dest_uci"."$dmz_sec".src_ip="$source_prefix"
-	uci set "$dest_uci"."$dmz_sec".target="DNAT"
-
-       	uci rename "$dest_uci"."$dmz_sec"="fwmngr_$dmz_cfg"
-}
-
-handle_section_nat_interface_setting() {
-	local nat_intf_cfg="$1"
-	local interface=""
-	local enable=""
-
-	config_get enable "$nat_intf_cfg" "enabled"
-	[ -z "$enable" ] && return
-	config_get interface "$nat_intf_cfg" "interface"
-	if [ -n "$interface" ]; then
-		create_firewall_zone_config "$interface" "$enable"
-	fi
-}
-
-generate_firewall_config() {
-	local minus_one
-
-
-	firewallmngr_preload
-	uci commit firewallmngr
-	fw_config="$(uci -q get firewallmngr.firewall.config)"
-	[ -z "$fw_config" ] && return
-	[ "$fw_config" = "Advanced" ] || return
-
-#get active chain name
-	chain_name=$(firewallmngr_get_active_chain)
-
-#configure firewall global config
-	global_exist=$(uci -q get firewall.globals)
-	if [ -z "$global_exist" ]; then
-		global_sec=$(uci   add firewall globals)
-		uci   set firewall."$global_sec".enabled="1"
-		uci   rename firewall."$global_sec"="globals"
-	fi
-
-#configure firewall default config
-	default_sec=$(uci  add firewall defaults)
-	uci   set firewall."$default_sec".syn_flood="1"
-	uci   set firewall."$default_sec".input="$INPUT"
-	uci   set firewall."$default_sec".output="$OUTPUT"
-	uci   set firewall."$default_sec".forward="$FORWARD"
-        uci   rename firewall."$default_sec"="fwmngr_default"
-
-	config_load firewallmngr
-	config_foreach handle_section_nat_interface_setting natif
-	uci commit firewall
-#loop through rules in firewallmngr uci and write rule in firewall
-	config_foreach handle_section_firewall_rule rule "$chain_name" "firewall"
-	uci commit firewall
-
-	config_foreach handle_section_nat_port_mapping nat_portmapping "firewall"
-	config_foreach firewall_handle_section_dmz dmz "firewall"
-	config_foreach handle_section_service service "firewall"
-
-#reorder sections to place rule created by user at the end
-	minus_one=$((2**16))
-	for sec in $fw_rule_sections; do
-		uci -q reorder firewall."$sec"=${minus_one}
-	done
-	for sec in $fw_redirect_sections; do
-		uci -q reorder firewall."$sec"=${minus_one}
-	done
-	for sec in $fw_include_sections; do
-		uci -q reorder firewall."$sec"=${minus_one}
-	done
-
-	ubus call uci commit '{"config":"firewall"}'
-	schedule_expiry
-}
-
-configure_firewall () {
-	if ! [ -f "/etc/config/firewall" ]; then
-		touch /etc/config/firewall
-	fi
-	generate_firewall_config
-}

firewallmngr/files/firewallmngr_backend_firewallmngr/lib/fwmngr/fwmngr_functions.sh

@@ -1,627 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-INPUT="REJECT"
-OUTPUT="ACCEPT"
-FORWARD="REJECT"
-
-firewallmngr_get_active_chain() {
-	local fw_level=""
-	local chain_name=""
-	local fw_level=""
-	local chain=""
-
-	fw_level="$(uci -q get firewallmngr.firewall.advanced_level)"
-	[ -z "$fw_level" ] && return
-	enabled="$(uci -q get firewallmngr."${fw_level}".enable)"
-
-	[ "$enabled" = "1" ] || exit
-
-	chain="$(uci -q get firewallmngr."${fw_level}".chain)"
-	[ -z "$chain" ] && exit
-
-	enabled="$(uci -q get firewallmngr."${chain}".enable)"
-	chain_name="$(uci -q get firewallmngr."${chain}".name)"
-	echo "$chain_name"
-}
-
-
-create_firewall_zone_config() {
-	local intf="$1"
-	local masq="$2"
-	local is_bridge="false"
-	local intf_dev=""
-	local ntwrk=""
-	local interface=$(echo "$intf" | awk -F" " '{ print $1 }')
-
-	type=$(uci -q get firewall."$interface")
-	[ "$type" = "zone" ] && return
-
-	zone_sec=$(uci add "firewall" "zone")
-	uci set firewall."$zone_sec".masq="$masq"
-	uci set firewall."$zone_sec".name="$interface"
-	uci set firewall."$zone_sec".output="$OUTPUT"
-
-	if [ $(/lib/fwmngr/is_intf_bridge "$interface") -eq 1 ]; then
-		uci set firewall."$zone_sec".input="ACCEPT"
-		uci set firewall."$zone_sec".forward="ACCEPT"
-	else
-		if [ "$(uci -q get firewallmngr.globals.enabled)" = "0" ]; then
-			uci set firewall."$zone_sec".input="ACCEPT"
-		else
-			uci set firewall."$zone_sec".input="REJECT"
-		fi
-		uci set firewall."$zone_sec".forward="REJECT"
-	fi
-	for ntwrk in $intf; do
-		uci add_list firewall."$zone_sec".network="$ntwrk"
-	done
-	uci rename firewall."$zone_sec"="$interface"
-}
-
-firewallmngr_set_ip() {
-	local rule_sec="$1"
-	local src_ip="$2"
-	local dest_ip="$3"
-
-	mask=$(echo "$src_ip"|grep "/")
-	if [ -z "$src_ip" ]; then
-		uci set firewallmngr."$rule_sec".src_ip="$src_ip"
-	else
-		ip=$(echo "$src_ip" | awk -F"/" '{ print $0 }')
-		mask=$(echo "$src_ip" | awk -F"/" '{ print $2 }')
-		uci set firewallmngr."$rule_sec".src_ip="$ip"
-		uci set firewallmngr."$rule_sec".source_mask="$mask"
-	fi
-
-	mask=$(echo "$src_ip"|grep "/")
-	if [ -z "$dest_ip" ]; then
-		uci set firewallmngr."$rule_sec".dest_ip="$dest_ip"
-	else
-		ip=$(echo "$dest_ip" | awk -F"/" '{ print $0 }')
-		mask=$(echo "$dest_ip" | awk -F"/" '{ print $2 }')
-		uci set firewallmngr."$rule_sec".dest_ip="$ip"
-		uci set firewallmngr."$rule_sec".dest_mask="$mask"
-	fi
-}
-
-firewall_set_ip() {
-	local rule_sec="$1"
-	local src_ip="$2"
-	local dest_ip="$3"
-
-	uci set firewall."$rule_sec".src_ip="$src_ip"
-	uci set firewall."$rule_sec".dest_ip="$dest_ip"
-}
-
-firewallmngr_set_port() {
-	local rule_sec="$1"
-	local src_port="$2"
-	local dest_port="$3"
-	local src_port_range_max="$4"
-	local dest_port_range_max="$5"
-
-	range=$(echo "$src_port" | grep ":")
-	if [ -z "$range" ]; then
-		uci set firewallmngr."$rule_sec".src_port="$src_port"
-	else
-		min_port=$(echo "$src_port" | awk -F":" '{ print $1 }')
-		max_port=$(echo "$src_port" | awk -F":" '{ print $2 }')
-
-		uci set firewallmngr."$rule_sec".src_port="$min_port"
-		uci set firewallmngr."$rule_sec".src_port_range_max="$max_port"
-	fi
-	range=$(echo "$dest_port" | grep ":")
-	if [ -z "$range" ]; then
-		uci set firewallmngr."$rule_sec".dest_port="$dest_port"
-	else
-		min_port=$(echo "$dest_port" | awk -F":" '{ print $1 }')
-		max_port=$(echo "$dest_port" | awk -F":" '{ print $2 }')
-
-		uci set firewallmngr."$rule_sec".dest_port="$min_port"
-		uci set firewallmngr."$rule_sec".dest_port_range_max="$max_port"
-	fi
-
-}
-
-firewall_set_port() {
-	local rule_sec="$1"
-	local src_port="$2"
-	local dest_port="$3"
-	local src_port_range_max="$4"
-	local dest_port_range_max="$5"
-
-	if [ -z "$dest_port_range_max" ] || [ "$dest_port_range_max" = "-1" ]; then
-		[ "$dest_port" == "-1" ] || uci set firewall."$rule_sec".dest_port="$dest_port"
-	else
-		uci set firewall."$rule_sec".dest_port="$dest_port:$dest_port_range_max"
-	fi
-
-	if [ -z "$src_port_range_max" ] || [ "$src_port_range_max" = "-1" ]; then
-		[ "$src_port" == "-1" ] || uci set firewall."$rule_sec".src_port="$src_port"
-	else
-		uci set firewall."$rule_sec".src_port="$src_port:$src_port_range_max"
-	fi
-}
-
-firewallmngr_set_interface() {
-	local rule_sec="$1"
-	local src_intf="$2"
-	local dest_intf="$3"
-
-	if [ "$src_intf" = "*" ]; then
-		uci set firewallmngr."$rule_sec".source_all_interfaces="1"
-	else
-		uci set firewallmngr."$rule_sec".source_all_interfaces="0"
-		uci set firewallmngr."$rule_sec".src="$src_intf"
-	fi
-	if [ "$dest_intf" = "*" ]; then
-		uci set firewallmngr."$rule_sec".dest_all_interfaces="1"
-	else
-		uci set firewallmngr."$rule_sec".dest_all_interfaces="0"
-		uci set firewallmngr."$rule_sec".dest="$dest_intf"
-	fi
-
-}
-
-firewall_set_interface() {
-	local rule_sec="$1"
-	local src_intf="$2"
-	local dest_intf="$3"
-	uci set firewall."$rule_sec".src="$src_intf"
-	uci set firewall."$rule_sec".dest="$dest_intf"
-}
-
-
-firewallmngr_get_rule_ip_family() {
-	local version="$1"
-
-	if [ "$version" == "ipv4" ]; then
-		echo "4"
-	elif [ "$version" == "ipv6" ]; then
-		echo "6"
-	else
-		echo "-1"
-	fi
-}
-
-firewall_get_rule_ip_family() {
-	local version="$1"
-
-	if [ "$version" == "4" ]; then
-		echo "ipv4"
-	elif [ "$version" == "6" ]; then
-		echo "ipv6"
-	else
-		echo "-1"
-	fi
-}
-
-firewallmngr_set_ip_family() {
-	local rule_sec="$1"
-	local ip_family="$2"
-
-	if [ -z "$ip_family" ]; then
-		uci set firewallmngr."$rule_sec".family="-1"
-		return
-	fi
-	uci set firewallmngr."$rule_sec".family="$ip_family"
-}
-
-firewall_set_ip_family() {
-	local rule_sec="$1"
-	local ip_family="$2"
-
-	[ "$ip_family" == "-1" ] ||  uci set firewall."$rule_sec".family="$ip_family"
-}
-
-firewallmngr_set_rule_target() {
-	local rule_sec="$1"
-	local target="$2"
-	local targetchain="$3"
-	local action
-	if [ "$target" = "MARK" ]; then
-		uci set firewallmngr."$rule_sec".target="Return"
-	elif [ "$target" = "TargetChain" ]; then
-		uci set firewallmngr."$rule_sec".target="$targetchain"
-	else
-		action=$(echo "$target" | awk '{for(i=1;i<=NF;i++){$i=toupper(substr($i,1,1)) substr($i,2)}} 1')
-		uci set firewallmngr."$rule_sec".target="$action"
-	fi
-}
-
-firewall_set_rule_target() {
-	local rule_sec="$1"
-	local target="$2"
-	local targetchain="$3"
-
-	target="$(echo $target | awk '{ print toupper($0) }')"
-	if [ "$target" = "ACCEPT" ] || [ "$target" = "REJECT" ] || [ "$target" = "DROP" ]; then
-		uci set firewall."$rule_sec".target="$(echo $target | awk '{ print toupper($0) }')"
-	elif [ "$target" = "Retrun" ]; then
-		uci set firewall."$rule_sec".target="MARK"
-	elif [ "$target" = "TargetChain" ]; then
-		uci set firewall."$rule_sec".target="$targetchain"
-	else
-		uci set firewall."$rule_sec".target="DROP"
-	fi
-}
-
-set_rule_protocol() {
-	local rule_sec="$1"
-	local protocol="$2"
-	local rule_rd="$3"
-	local dest_uci="$4"
-
-	set_icmp_type() {
-		uci add_list "$dest_uci"."$rule_sec".icmp_type="$1"
-	}
-
-	if [ -z "$protocol" ] || [ "$protocol" = "0" ] || [ "$protocol" = "all" ] || [ "$protocol" = "-1" ]; then
-		uci set "$dest_uci"."$rule_sec".proto="all"
-		return
-	fi
-
-	if [ "$dest_uci" = "firewallmngr" ]; then
-		protocol=$(grep -m 1 "$protocol" "/etc/protocols" | awk -F" " '{ print $2 }')
-	fi
-	uci set "$dest_uci"."$rule_sec".proto="$protocol"
-	if [ "$protocol" = "1" ] || [ "$protocol" = "icmp" ]; then
-		config_list_foreach "$rule_rd" "icmp_type" set_icmp_type
-	fi
-}
-
-handle_section_firewall_rule() {
-	local rule="$1"
-	local chain_name="$2"
-	local dest_uci="$3"
-	local chain=""
-	local is_enable=""
-	local src_intf=""
-	local ip_version=""
-	local ip_family=""
-	local protocol=""
-	local dest_intf=""
-	local target=""
-	local targetchain=""
-	local desc=""
-	local dest_port=""
-	local src_port=""
-	local src_port_range_max=""
-	local dest_port_range_max=""
-	local src_ip=""
-	local dest_ip=""
-	local source_mac=""
-	local source_all_interfaces=""
-	local dest_all_interfaces=""
-	local source_mask=""
-	local dest_mask=""
-	local limit=""
-	local expiry=""
-	local order=""
-
-	config_get is_enable "$rule" "enable" 1
-	[ "$is_enable" = "1" ] || return
-
-	if [ "$dest_uci" = "firewall" ]; then
-		config_get chain "$rule" "chain"
-		[ "$chain" = "$chain_name" ] || return
-	fi
-
-	config_get desc "$rule" "name"
-	config_get src_intf "$rule" "src"
-	config_get dest_intf "$rule" "dest"
-	config_get ip_version "$rule" "family"
-	function="$dest_uci"_get_rule_ip_family
-	ip_family="$($function $ip_version)"
-	config_get protocol "$rule" "proto"
-	config_get src_port "$rule" "src_port"
-	config_get dest_port "$rule" "dest_port"
-	config_get src_ip "$rule" "src_ip"
-	config_get source_mask "$rule" "source_mask"
-	[ -n "$source_mask" ] && src_ip="${src_ip}/$(echo $source_mask | awk -F/ '{ print $2 }')"
-	config_get dest_ip "$rule" "dest_ip"
-	config_get dest_mask "$rule" "dest_mask"
-	[ -n "$dest_mask" ] && dest_ip="${dest_ip}/$(echo $dest_mask | awk -F/ '{ print $2 }')"
-	config_get dest_port_range_max "$rule" "dest_port_range_max"
-	config_get src_port_range_max "$rule" "src_port_range_max"
-	config_get target "$rule" "target"
-	config_get targetchain "$rule" "targetchain"
-	config_get source_mac "$rule" "src_mac"
-	config_get order "$rule" "order"
-	config_get limit "$rule" "limit"
-	config_get expiry "$rule" "expiry"
-	config_get source_all_interfaces "$rule" "source_all_interfaces"
-	[ "$source_all_interfaces" = "1" ] && src_intf="*"
-	config_get dest_all_interfaces "$rule" "dest_all_interfaces"
-	[ "$dest_all_interfaces" = "1" ] && dest_intf="*"
-
-	rule_sec=$(uci add "$dest_uci" rule)
-	uci set "$dest_uci"."$rule_sec".chain="$chain_name"
-	uci set "$dest_uci"."$rule_sec".enabled="1"
-	uci set "$dest_uci"."$rule_sec".name="$desc"
-
-	"$dest_uci"_set_interface "$rule_sec" "$src_intf" "$dest_intf"
-	"$dest_uci"_set_ip_family "$rule_sec" "$ip_family"
-	"$dest_uci"_set_rule_target "$rule_sec" "$target" "$targetchain"
-	set_rule_protocol "$rule_sec" "$protocol" "$rule" "$dest_uci"
-
-	"$dest_uci"_set_port "$rule_sec" "$src_port" "$dest_port" "$src_port_range_max" "$dest_port_range_max"
-
-	"$dest_uci"_set_ip "$rule_sec" "$src_ip" "$dest_ip"
-
-	uci set "$dest_uci"."$rule_sec".src_mac="$source_mac"
-	uci set "$dest_uci"."$rule_sec".order="$order"
-	uci set "$dest_uci"."$rule_sec".limit="$limit"
-	uci set "$dest_uci"."$rule_sec".expiry="$expiry"
-
-	if [ "$dest_uci" = "firewall" ]; then
-        	uci rename "$dest_uci"."$rule_sec"="fwmngr_$rule"
-	else
-        	uci rename "$dest_uci"."$rule_sec"="$rule"
-	fi
-}
-
-firewallmngr_configure_service_rule() {
-	local interface="$1"
-	local dest_port="$2"
-	local ip_family="$3"
-	local protocol="$4"
-	local icmp_type="$5"
-	local source_prefix="$6"
-	local action="$7"
-	local service_cfg="$8"
-	local service_sec
-	
-	service_sec_add_list_value() {
-		for value in $1; do
-			uci add_list firewallmngr."$service_sec"."$2"="$value"
-		done
-	}
-
-	service_sec=$(uci add firewall service)
-	uci set firewallmngr."$service_sec".enabled="1"
-	uci set firewallmngr."$service_sec".name="service rule"
-	uci set firewallmngr."$service_sec".src="$interface"
-	uci set firewallmngr."$service_sec".icmp_type="$icmp_type"
-	uci set firewallmngr."$service_sec".family=$(firewallmngr_get_rule_ip_family "$ip_family")
-	firewallmngr_set_rule_target "$service_sec" "$action" ""
-
-	service_sec_add_list_value "$dest_port" "dest_port"
-	service_sec_add_list_value "$protocol" "protocol"
-	service_sec_add_list_value "$source_prefix" "src_prefix"
-
-	uci rename firewallmngr."$service_sec"="${service_cfg}"
-}
-
-firewall_configure_service_rule() {
-	local interface="$1"
-	local dest_port="$2"
-	local ip_family="$3"
-	local protocol="$4"
-	local icmp_type="$5"
-	local source_prefix="$6"
-	local action="$7"
-	local service_cfg="$8"
-	local service_sec
-
-	service_sec=$(uci add firewall rule)
-	uci set firewall."$service_sec".enabled="1"
-	uci set firewall."$service_sec".name="service rule"
-	uci set firewall."$service_sec".src="$interface"
-	[ "$dest_port" == "-1" ] || uci set firewall."$service_sec".dest_port="$dest_port"
-	uci set firewall."$service_sec".family=$(firewall_get_rule_ip_family "$ip_family")
-	[ "$protocol" == "-1" ] || uci set firewall."$service_sec".proto="$protocol"
-	[ "$icmp_type"  == "-1" ] || uci set firewall."$service_sec".icmp_type="$icmp_type"
-	uci set firewall."$service_sec".src_ip="$source_prefix"
-	firewall_set_rule_target "$service_sec" "$action" ""
-
-	[ -z "$service_cfg" ] || uci rename firewall."$service_sec"="fwmngr_${service_cfg}"
-}
-
-handle_section_service() {
-	local service_cfg="$1"
-	local dest_uci="$2"
-	local service_sec=""
-	local enable=""
-	local interface=""
-	local dest_port=""
-	local protocol=""
-	local icmp_type=""
-	local source_prefix=""
-	local action=""
-	local ip_family=""
-
-	get_service_proto_list() {
-		protocol="$protocol $1"
-	}
-	get_service_src_prefix_list() {
-		source_prefix="$source_prefix $1"
-	}
-	get_service_dest_port_list() {
-		dest_port="$dest_port $1"
-	}
-
-	config_get enable "$service_cfg" "enable" 0
-	[ "$enable" == "1" ] || return
-	config_get interface "$service_cfg" "interface"
-	[ -z "$interface" ] && return
-	config_get ip_family "$service_cfg" "family"
-
-	config_list_foreach "$service_cfg" "proto" get_service_proto_list
-	config_list_foreach "$service_cfg" "dest_port" get_service_dest_port_list
-	config_list_foreach "$service_cfg" "src_prefix" get_service_src_prefix_list
-
-	config_get icmp_type "$service_cfg" "icmp_type"
-	config_get action "$service_cfg" "target"
-
-	"$dest_uci"_configure_service_rule "$interface" "$dest_port" "$ip_family" "$protocol" "$icmp_type" "$source_prefix" "$action" "$service_cfg"
-
-}
-
-firewallmngr_set_all_intf_src_dip() {
-	local redirect_section="$1"
-	local zn_name="$2"
-	local all_interface="$3"
-
-	config_get src_dip "$redirect_section" "src_dip"
-
-	if [ "$src_dip" = "*" ]; then
-		uci set firewallmngr."$redirect_sec".all_interface="1"
-	else
-		uci set firewallmngr."$redirect_sec".all_interface="0"
-	fi
-}
-
-firewall_set_all_intf_src_dip() {
-	local redirect_section="$1"
-	local zn_name="$2"
-	local all_interface="$3"
-
-	if [ "$all_interface" = "1" ]; then
-		if [ -z "$zn_name" ]; then
-			uci set firewall."$redirect_sec".src="wan"
-		else
-			uci set firewall."$redirect_sec".src="$zn_name"
-		fi
-		uci set firewall."$redirect_sec".src_dip="*"
-	else
-		uci set firewall."$redirect_sec".src="$zn_name"
-		uci set firewall."$redirect_sec".src_dip=""
-	fi
-}
-
-firewallmngr_set_src_dport() {
-        local redirect_sec="$1"
-        lodcal external_port="$2"
-        local external_port_end="$3"
-
-	range=$(echo "$external_port" | grep "-")
-	if [ -z "$range" ]; then
-		uci set firewallmngr."$redirect_sec".src_dport="$external_port"
-	else
-		min_port=$(echo "$external_port" | awk -F"-" '{ print $1 }')
-		max_port=$(echo "$external_port" | awk -F"-" '{ print $2 }')
-
-		uci set firewallmngr."$redirect_sec".src_dport="$min_port"
-		uci set firewallmngr."$redirect_sec".src_dport_end="$max_port"
-	fi
-} 
-
-firewall_set_src_dport() {
-        local redirect_sec="$1"
-        local external_port="$2"
-        local external_port_end="$3"
-
-	if [ "$external_port_end" = "0" ]; then
-		if ! [ "$external_port" = "0" ]; then
-			uci set firewall."$redirect_sec".src_dport="$external_port"
-		fi
-	else
-		uci set firewall."$redirect_sec".src_dport="$external_port-$external_port_end"
-	fi
-} 
-
-
-# handling for firewallmngr to firewall
-handle_section_nat_port_mapping() {
-	local nat_port_cfg="$1"
-	local dest_uci="$2"
-	local enable=""
-	local interface=""
-	local all_interface=""
-	local lease_duration=""
-	local remote_host=""
-	local external_port=""
-	local external_port_end=""
-	local internal_port=""
-	local protocol=""
-	local internal_client=""
-	local description=""
-	local redirect_sec=""
-	local epoch_sec=""
-	local stop_epoch=""
-	local stop_ymd=""
-	local stop_hms=""
-	local zn_name=""
-
-	config_get enable "$nat_port_cfg" "enabled"
-	config_get interface "$nat_port_cfg" "src"
-
-	if [ "$dest_uci" = "firewall" ]; then
-		zones=$(uci show firewall | grep "=zone")
-		for zn in zones; do
-			zn_arg=$(echo $zn | awk -F= '{ print $1 }')
-			if [ "$interface" = "$(uci -q get $zn_arg.network)" ]; then
-				zn_name=$(uci -q get "$zn_arg".name)
-				masq=$(uci -q get "$zn_arg".masq)
-			fi
-		done
-		if [ -z "$enable" ] && ! [ "$masq" = "1" ]; then
-			return
-		fi
-	fi
-
-	config_get internal_client "$nat_port_cfg" "dest_ip"
-	config_get all_interface "$nat_port_cfg" "all_interface"
-	config_get lease_duration "$nat_port_cfg" "lease_duration"
-	config_get remote_host "$nat_port_cfg" "src_ip"
-	config_get external_port "$nat_port_cfg" "src_dport" "0"
-	config_get external_port_end "$nat_port_cfg" "src_dport_end" "0"
-	config_get internal_port "$nat_port_cfg" "dest_port"
-	config_get protocol "$nat_port_cfg" "proto"
-	protocol=$(echo $protocol | awk '{ print tolower($0) }')
-	config_get description "$nat_port_cfg" "name"
-
-	redirect_sec=$(uci add "$dest_uci" redirect)
-
-	"dest_uci"_set_all_intf_src_dip "$redirect_sec" "$zn_name" "$all_interface"
-
-	if [ "$dest_uci" = "firewall" ]; then
-		if [ -n "$lease_duration" ] && ! [ "$lease_duration" == "0" ]; then
-			epoch_sec=$(date +%s)
-			stop_epoch=$(( epoch_sec + lease_duration ))
-			stop_ymd=$(date -d @${stop_epoh} +%Y-%m-%d)
-			stop_hms=$(date -d @${stop_epoch} +%H:%M:%S)
-			uci set "$dest_uci"."$redirect_sec".stop_date="$stop_ymd"
-			uci set "$dest_uci"."$redirect_sec".stop_time="$stop_hms"
-		fi
-	fi
-
-	"$dest_uci"_set_src_dport "$redirect_section" "$external_port" "$external_port_end"
-
-	uci  set "$dest_uci"."$redirect_sec".enabled="1"
-	uci  set "$dest_uci"."$redirect_sec".target="DNAT"
-	uci  set "$dest_uci"."$redirect_sec".dest_ip="$internal_client"
-	[ -z "$protocol" ] || uci set "$dest_uci"."$redirect_sec".proto="$protocol"
-	[ -z "$remote_host" ] || uci  set "$dest_uci"."$redirect_sec".src_ip="$remote_host"
-	[ -z "$internal_port" ] || uci set "$dest_uci"."$redirect_sec".dest_port="$internal_port"
-	[ -z "$description" ] || uci set "$dest_uci"."$redirect_sec".name="$description"
-
-	if [ "$dest_uci" = "firewall" ]; then
-        	uci rename "$dest_uci"."$redirect_sec"="fwmngr_$nat_port_cfg"
-	else
-        	uci rename "$dest_uci"."$redirect_sec"="$nat_port_cfg"
-	fi
-}
-
-handle_include_section() {
-	local include_sec="$1"
-	local dest_uci="$2"
-
-	config_get path "$include_sec" "path"
-	config_get reload "$include_sec" "reload"
-	config_get include_type "$include_sec" "type"
-
-	sec=$(uci   add "$dest_uci" include)
-	[ -z "$path" ] || uci   set "$dest_uci"."$sec".path="$path"
-	[ -z "$reload" ] || uci   set "$dest_uci"."$sec".reload="$reload"
-	[ -z "$include_type" ] || uci   set "$dest_uci"."$sec".type="$include_type"
-	if [ "$dest_uci" = "firewall" ]; then
-        	uci   rename "$dest_uci"."$sec"="fwmngr_$include_sec"
-	else
-        	uci   rename "$dest_uci"."$sec"="$include_sec"
-	fi
-	
-}

firewallmngr/files/firewallmngr_backend_firewallmngr/lib/fwmngr/fwmngr_twamp.sh

@@ -1,60 +0,0 @@
-#! /bin/sh
-
-active_chain=""
-remove_twamp_reflector_rules() {
-	config_get name "$1" name
-
-	if [ "$name" = "Twamp Reflector Rule" ]; then
-		uci delete firewallmngr."$1"
-	fi
-
-}
-
-handle_twamp_reflector_rules() {
-	local twamp_cfg="$1"
-	local sec_name=""
-	local action="Acept"
-
-	config_get enable "$twamp_cfg" enable "1"
-	config_get port "$twamp_cfg" port
-	config_get interface "$twamp_cfg" interface
-
-	if [ "${enable}" -eq 0 ] || [ -z "$port" ] || [ -z "$interface" ]; then
-		return
-	fi
-	sec_name="twamp_${interface}_${port}"
-	rule_twamp=$(uci add firewallmngr rule)
-	uci set firewallmngr."$rule_twamp".enable="1"
-	uci set firewallmngr."$rule_twamp".chain="$active_chain"
-	uci set firewallmngr."$rule_twamp".dest_port="$port"
-	uci set firewallmngr."$rule_twamp".name="Twamp Reflector Rule"
-	uci set firewallmngr."$rule_twamp".interface="$interface"
-	uci set firewallmngr."$rule_twamp".ip_version="4"
-	uci set firewallmngr."$rule_twamp".protocol="17"
-	uci set firewallmngr."$rule_twamp".target="$action"
-	uci rename firewallmngr."$rule_twamp"="fwmngr_$sec_name"
-}
-
-firewallmngr_get_active_chain() {
-	config_get creator "$1" creator
-	[ "$creator" = "PortMapping" ] && return
-
-	config_get enable "$1" enable
-	if [ -n "$enable" ] && [ "$enable" = "1" ]; then
-		config_get active_chain "$1" name
-	fi
-}
-
-handle_twamp_rules() {
-	twamp_enable=$(uci -q get twamp.twamp.enable)
-
-	config_load firewallmngr
-	config_foreach firewallmngr_get_active_chain chain
-
-	config_foreach remove_twamp_reflector_rules rule
-	config_load twamp
-	if [ -n "$twamp_enable" ] && [ "$twamp_enable" == "1" ]; then
-		config_foreach handle_twamp_reflector_rules twamp_reflector
-	fi
-	uci commit firewallmngr
-}

firewallmngr/files/firewallmngr_backend_firewallmngr/lib/fwmngr/is_intf_bridge

@@ -1,23 +0,0 @@
-#!/bin/sh
-. /lib/functions.sh
-
-interface=$1
-intf_dev=""
-is_bridge=0
-
-is_device_type_bridge() {
-	local dev
-	local dev_type
-
-	config_get dev "$1" "name"
-	config_get dev_type "$1" "type"
-	if [ "$dev" = "$intf_dev" ] && [ "$dev_type" = "bridge" ]; then
-		is_bridge=1
-	fi
-}
-
-intf_dev=$(uci -q get network."$interface".device)
-config_load network
-config_foreach is_device_type_bridge device 
-
-echo $is_bridge

firewallmngr/files/firewallmngr_backend_firewallmngr/lib/fwmngr/uci_migration.sh

@@ -1,158 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /lib/fwmngr/fwmngr_functions.sh
-
-uci_mig_include_sections=""
-include_deprecated_list="hosts cwmp dmz mcast twamp portmap service"
-final_include_cfg=""
-
-
-firewallmngr_zone_to_nat_interface_setting() {
-	zone="$1"
-
-	config_get interface "$zone" "network"
-	[ -n "$interface" ] || return
-	config_get enable "$zone" "masq" "0"
-	nat_intf_setting=$(uci add "firewallmngr" "natif")
-	uci set firewallmngr."$nat_intf_setting".enabled="$enable"
-	uci set firewallmngr."$nat_intf_setting".interface="$interface"
-
-	uci rename firewallmngr."$nat_intf_setting"=$(echo "$interface" | awk -F" " '{ print $1 }')
-}
-
-handle_section_forwarding_rule() {
-	local fwd="$1"
-	local chain="$2"
-
-	config_get src_intf "$fwd" "src" 
-	config_get dest_intf "$fwd" "dest"
-
-	rule_sec=$(uci add "firewallmngr" rule)
-	firewallmngr_set_interface "$rule_sec" "$src_intf" "$dest_intf"
-	uci set firewallmngr."$rule_sec".chain="$chain"
-	uci set firewallmngr."$rule_sec".name="$fwd"
-	uci set firewallmngr."$rule_sec".target="accept"
-       	uci rename firewallmngr."$rule_sec"="fwmngr_$fwd"
-}
-
-firewallmngr_handle_section_dmz() {
-	local dmz_cfg="$1"
-	local dest_uci="$2"
-	local dmz_sec=""
-	local enabled=""
-	local origin=""
-	local description=""
-	local interface=""
-	local dest_ip=""
-	local source_prefix=""
-	
-	config_get dest_ip "$dmz_cfg" "dest_ip"
-	config_get interface "$dmz_cfg" "interface"
-	config_get origin "$dmz_cfg" "origin"
-	config_get source_prefix "$dmz_cfg" "source_prefix"
-	config_get description "$dmz_cfg" "description"
-	config_get enabled "$dmz_cfg" "enabled"
-
-	dmz_sec=$(uci add firewallmngr dmz)
-
-	uci set firewallmngr."$dmz_sec".enabled="$enabled"
-	uci set firewallmngr."$dmz_sec".dest_ip="$dest_ip"
-	uci set firewallmngr."$dmz_sec".interface="$interface"
-	uci set firewallmngr."$dmz_sec".origin="$origin"
-	uci set firewallmngr."$dmz_sec".description="$description"
-	uci set firewallmngr."$dmz_sec".source_prefix="$source_prefix"
-
-       	uci rename firewallmngr."$dmz_sec"="$dmz_cfg"
-}
-
-#This call must be triggered from procd boot function
-cleanup_firewallmngr_rule_section() {
-	rule_sec=$(uci show firewallmngr | grep "=rule")
-	for sec in $rule_sec; do
-		rule=$(echo "$sec" | awk -F= '{ print $1 }')
-		uci delete "$rule"
-	done
-	uci commit firewallmngr
-}
-
-firewallmngr_delete_install_dmz_rule() {
-	local dmz_cfgs
-
-	dmz_cfgs=$(uci show firewall | grep "=dmz")
-	for dmz in $dmz_cfgs; do
-		dmz=$(echo $dmz | awk -F= '{ print $1 }')
-		uci del "$dmz"
-	done
-	uci commit firewall
-}
-
-firewall_delete_deprecated_include_section() {
-	new_inc_list=""
-
-	inc_list=$(uci show firewall | grep "=include")
-	for inc in $inc_list; do
-		inc=$(echo "$inc"| awk -F"=" '{ print $1 }')
-
-		inc_name=$(echo "$inc" | awk -F. '{ print $2 }')
-		inc_path=$(uci -q get "$inc".path | awk -F/ '{ print $NF }')
-		inc_file=$(echo "$inc_path" | awk -F. '{ print $2 }')
-
-		inc_ignore=$(echo "$include_deprecated_list"| grep -w "$inc_name")
-		if [ -z "$inc_ignore" ]; then
-			inc_ignore=$(echo "$include_deprecated_list"| grep -w "$inc_file")
-		fi
-		[ -z "$inc_ignore" ] || uci delete "$inc"
-
-	done
-	uci commit firewall
-
-
-}
-
-firewall_backup_include_section() {
-	list=$(uci show firewall)
-        uci_mig_include_sections=$(echo "$list" | grep "=include")
-        uci_mig_include_sections=$(echo "$fw_include_sections" | awk -F= '{ print $1 }')
-        uci_mig_include_sections=$(echo "$fw_include_sections" | awk -F. '{ print $2 }')
-}
-
-firewall_uci_cleanup() {
-# cleanup all sections of firewall uci, firewall uci will be generated by firewallmngr init
-	section_cleanup () {
-		local sec="$1"
-
-		rule_sec=$(uci show firewall | grep "$sec")
-		for rule in $rule_sec; do
-			rule=$(echo "$rule" | awk -F= '{ print $1 }')
-			uci delete "$rule"
-		done
-	}
-
-	section_cleanup "=rule"
-	section_cleanup "=zone"
-	section_cleanup "=redirect"
-	section_cleanup "=dmz"
-	section_cleanup "=service"
-	section_cleanup "=forwarding"
-	section_cleanup "=defaults"
-	section_cleanup "=globals"
-	uci commit firewall
-}
-
-generate_firewallmngr_config() {
-	chain_name=$(firewallmngr_get_active_chain)
-	cleanup_firewallmngr_rule_section
-	config_load firewall
-	config_foreach handle_section_firewall_rule rule "$chain_name" "firewallmngr"
-	config_foreach firewallmngr_zone_to_nat_interface_setting zone 
-	config_foreach handle_section_nat_port_mapping redirect "firewallmngr"
-	config_foreach firewallmngr_handle_section_dmz dmz "firewallmngr"
-	config_foreach handle_section_service service "firewallmngr"
-	config_foreach handle_section_forwarding_rule forwarding "$chain_name"
-
-	uci commit firewallmngr
-
-	firewall_uci_cleanup
-	firewall_delete_deprecated_include_section
-}

fluent-bit/Makefile

@@ -1,18 +1,20 @@
 #
-# Copright (C) 2018 The Internet Foundation In Sweden
+# Copyright (C) 2024 IOPSYS
 #
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=fluentbit
-PKG_VERSION:=1.0.0
+PKG_NAME:=fluent-bit
+PKG_VERSION:=3.1.0
 PKG_RELEASE:=1
 
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
-PKG_SOURCE_VERSION:=v3.0.5
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
+PKG_SOURCE_VERSION=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=9bedfabf859b88a2cfcf51cc17669b83a170e85427ce562131366cb1542b52ae
+endif
 
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
@@ -20,25 +22,32 @@ PKG_LICENSE_FILES:=LICENSE
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 
-define Package/fluentbit
+define Package/fluent-bit
 	CATEGORY:=Utilities
-	DEPENDS:= +libyaml +libopenssl +libcurl +libatomic +musl-fts
-	TITLE:=FluentBit
+	DEPENDS:= +libyaml +libopenssl +libcurl +libatomic +musl-fts +flex +bison
+	TITLE:=Fluent-Bit
+	URL:=https://fluentbit.io/
 endef
 
-define Package/fluentbit/description
+define Package/fluent-bit/description
 	Fluent Bit is a super fast, lightweight, and highly scalable logging and metrics processor and forwarder.
 endef
 
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+        $(CP) -rf ./fluent-bit/* $(PKG_BUILD_DIR)/
+endef
+endif
+
 # General options
-TARGET_LDFLAGS+=-lfts -latomic
+TARGET_LDFLAGS +=-lfts -latomic
 
 CMAKE_OPTIONS+= \
 	-DFLB_RELEASE=Yes \
-	-DFLB_SMALL=Yes \
+	-DFLB_SMALL=No \
 	-DEXCLUDE_FROM_ALL=true \
-	-DBUILD_SHAREDD_LIBS=Yes \
-	-DFLB_DEBUG=No \
+	-DFLB_SHARED_LIBS=Yes \
+	-DFLB_DEBUG=Yes \
 	-DFLB_ALL=No \
 	-DFLB_JEMALLOC=No \
 	-DFLB_EXAMPLES=No \
@@ -156,10 +165,12 @@ CMAKE_OPTIONS += \
 	-DFLB_OUT_CHRONICLE=No \
 	-DFLB_OUT_PGSQL=No
 
-define Package/fluentbit/install
-	$(INSTALL_DIR) $(1)/etc/init.d
+define Package/fluent-bit/install
 	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/etc/fluent-bit
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/fluent-bit $(1)/usr/sbin/
+	$(INSTALL_DATA) ./files/fluent-bit.conf $(1)/etc/fluent-bit/fluent-bit.conf
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/conf/parsers.conf $(1)/etc/fluent-bit/parsers.conf
 endef
 
-$(eval $(call BuildPackage,fluentbit))
+$(eval $(call BuildPackage,fluent-bit))

fluent-bit/files/fluent-bit.conf

@@ -0,0 +1,15 @@
+[SERVICE]
+    flush           3
+    daemon          Off
+    log_level       info
+    parsers_file    /etc/fluent-bit/parsers.conf
+
+[INPUT]
+    name            syslog
+    tag             syslog
+    path            /dev/log
+
+[OUTPUT]
+    name            null
+    match           *
+

fluent-bit/patches/0001-fix_out_file_plugin.patch

@@ -0,0 +1,14 @@
+diff --git a/plugins/out_file/file.c b/plugins/out_file/file.c
+index 2e47c9666..42ace24c6 100644
+--- a/plugins/out_file/file.c
++++ b/plugins/out_file/file.c
+@@ -45,6 +45,9 @@
+ #define NEWLINE "\n"
+ #endif
+ 
++#undef PATH_MAX
++#define PATH_MAX 256
++
+ struct flb_file_conf {
+     const char *out_path;
+     const char *out_file;

hostmngr/Makefile

@@ -62,11 +62,7 @@ define Package/hostmngr/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/hostmngr $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/usr/share/hostmngr
-ifneq ($(CONFIG_FIREWALLMNGR_BACKEND_FIREWALLMNGR),y)
 	$(INSTALL_DATA) ./files/scripts/hosts_acl.sh $(1)/usr/share/hostmngr/
-else
-	$(INSTALL_DATA) ./files/scripts/hostmngr_backend_firewallmngr/hosts_acl.sh $(1)/usr/share/hostmngr/
-endif
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/bbf_plugin/libhostmngr.so $(1) $(PKG_NAME)
 endef
 

hostmngr/files/scripts/hostmngr_backend_firewallmngr/hosts_acl.sh

@@ -1,299 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-day=""
-next_days=""
-prev_days=""
-schedule_added=""
-
-ACCESS_RULE=""
-IP_RULE=""
-IP_RULE1=""
-
-get_next_day() {
-	local weekday="$1"
-	case "$weekday" in
-		"Mon"|"Monday") echo "Tuesday"
-		;;
-		"Tue"|"Tuesday") echo "Wednesday"
-		;;
-		"Wed"|"Wednesday") echo "Thursday"
-		;;
-		"Thu"|"Thursday") echo "Friday"
-		;;
-		"Fri"|"Friday") echo "Saturday"
-		;;
-		"Sat"|"Saturday") echo "Sunday"
-		;;
-		"Sun"|"Sunday") echo "Monday"
-		;;
-	esac
-}
-
-get_previous_day() {
-	local weekday="$1"
-	case "$weekday" in
-		"Mon"|"Monday") echo "Sunday"
-		;;
-		"Tue"|"Tuesday") echo "Monday"
-		;;
-		"Wed"|"Wednesday") echo "Tuesday"
-		;;
-		"Thu"|"Thursday") echo "Wednesday"
-		;;
-		"Fri"|"Friday") echo "Thursday"
-		;;
-		"Sat"|"Saturday") echo "Friday"
-		;;
-		"Sun"|"Sunday") echo "Saturday"
-		;;
-	esac
-}
-
-ip_rule_west_zone() {
-	local utc_start_t_h="$1"
-	local utc_stop_t_h="$2"
-	local local_start_t_h="$3"
-	local local_stop_t_h="$4"
-	local utc_start_time="$5"
-	local utc_stop_time="$6"
-
-	if [ "$utc_start_t_h" -lt "$local_start_t_h" ]; then
-		IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
-		if [ -n "$next_days" ]; then
-			IP_RULE="$IP_RULE --weekdays $next_days"
-		fi
-	else
-		if [ "$utc_stop_t_h" -lt "$local_stop_t_h" ]; then
-			IP_RULE1="$IP_RULE"
-			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop 23:59"
-			IP_RULE1="$IP_RULE1 -m time --timestart 00:00 --timestop $utc_stop_time"
-			if [ -n "$next_days" ]; then
-				IP_RULE1="$IP_RULE1 --weekdays $next_days"
-			fi
-		else
-			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
-		fi
-		if [ -n "$day" ]; then
-			IP_RULE="$IP_RULE --weekdays $day"
-		fi
-	fi
-}
-
-ip_rule_east_zone() {
-	local utc_start_t_h="$1"
-	local utc_stop_t_h="$2"
-	local local_start_t_h="$3"
-	local local_stop_t_h="$4"
-	local utc_start_time="$5"
-	local utc_stop_time="$6"
-
-	if [ "$utc_start_t_h" -lt "$local_start_t_h" ]; then
-		IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
-		if [ -n "$day" ]; then
-			IP_RULE="$IP_RULE --weekdays $day"
-		fi
-	else
-		if [ "$utc_stop_t_h" -lt "$local_stop_t_h" ]; then
-			IP_RULE1="$IP_RULE"
-			IP_RULE="$IP_RULE -m time --timestart 00:00 --timestop $utc_stop_time"
-			IP_RULE1="$IP_RULE1 -m time --timestart $utc_start_time --timestop 23:59"
-			if [ -n "$prev_days" ]; then
-				IP_RULE1="$IP_RULE1 --weekdays $prev_days"
-			fi
-		else
-			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
-		fi
-		if [ -n "$day" ]; then
-			IP_RULE="$IP_RULE --weekdays $day"
-		fi
-	fi
-}
-
-
-add_access_rule() {
-	local rule="$1"
-	echo "iptables -w -A hosts_forward ${rule}" >> $ACL_FILE
-	echo "ip6tables -w -A hosts_forward ${rule}" >> $ACL_FILE
-}
-
-handle_day_list() {
-	local value=$1
-
-	val=$(echo $value | cut -c 1-3)
-	next_day_val=$(get_next_day $val)
-	prev_day_val=$(get_previous_day $val)
-	if [ -z $day ]; then
-		day="$val"
-		next_days="$next_day_val"
-		prev_days="$prev_day_val"
-	else
-		day="$day,$val"
-		next_days="$next_days,$next_day_val"
-		prev_days="$prev_days,$prev_day_val"
-	fi
-}
-
-handle_schedule() {
-	local schd_section="$1"
-	local ac_section="$2"
-	local acs_id
-	local start_time
-	local duration
-
-	IP_RULE="$ACCESS_RULE"
-	IP_RULE1=""
-	day=""
-	next_days=""
-	prev_days=""
-
-	config_get acs_id "$schd_section" "dm_parent"
-
-	if [ "$acs_id" != "$ac_section" ]; then
-		return # schedule not for this access control section
-	fi
-
-	local is_enabled
-	config_get is_enabled "$schd_section" "enable" 0
-	if [ "$is_enabled" == "0" ]; then
-		return
-	fi
-
-	local all_days="Monday Tuesday Wednesday Thursday Friday Saturday Sunday"
-	local day_config
-	config_get day_config "$schd_section" "day" "$all_days"
-
-	IFS=" "
-	for d in $day_config; do
-		handle_day_list $d
-	done
-
-	config_get start_time "$schd_section" "start_time" "00:00"
-	config_get duration "$schd_section" "duration"
-
-	zone=$(date +%z | cut -c 1)
-	local_start_time=$start_time
-	hh=$(echo $local_start_time | awk -F: '{ print $1 }')
-	mm=$(echo $local_start_time | awk -F: '{ print $2 }')
-	hh_s=`expr $hh \* 3600`
-	mm_s=`expr $mm \* 60`
-	ss=$(( hh_s + mm_s ))
-	local_start_hh=$hh
-
-        if [ -n "$duration" ]; then
-                stop_ss=$(( ss + duration ))
-                hh=$(( stop_ss / 3600 ))
-               	rem_ss=$(( stop_ss % 3600 ))
-               	mm=$(( rem_ss / 60 ))
-               	ss=$(( rem_ss % 60 ))
-		local_stop_time="$hh:$mm:$ss"
-		local_stop_hh=$hh
-	else
-		# if duartion is not specified, then apply rule to end of the day
-		local_stop_time="23:59:59"
-		local_stop_hh="23"
-	fi
-
-	utc_start_time=$(date -u -d @$(date "+%s" -d "$local_start_time") +%H:%M)
-	utc_stop_time=$(date -u -d @$(date "+%s" -d "$local_stop_time") +%H:%M)
-	utc_start_hh=$(echo $utc_start_time | awk -F: '{ print $1 }')
-	utc_stop_hh=$(echo $utc_stop_time | awk -F: '{ print $1 }')
-	if [ "$zone" == "-" ]; then
-		ip_rule_west_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
-	else
-		ip_rule_east_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
-	fi
-
-	IP_RULE="$IP_RULE -j ACCEPT"
-	if [ -n "$IP_RULE1" ]; then
-		IP_RULE1="$IP_RULE1 -j ACCEPT"
-	fi
-
-	add_access_rule "$IP_RULE"
-	if [ -n "$IP_RULE1" ]; then
-		add_access_rule "$IP_RULE1"
-	fi
-
-	# for access rules to be effective for a schedule, need to add DROP rule
-	# to block the access outside the defined schedule
-	if [ "$schedule_added" == "0" ]; then
-		schedule_added="1"
-	fi
-}
-
-handle_access_control() {
-	local ac_section="$1"
-	local is_enabled
-
-	# default value of Hosts.AccessControl.{i}.Enable is false,
-	# so, if not defined in uci as 1, assume 0
-	config_get is_enabled "$ac_section" "enable" 0
-	if [ "$is_enabled" == "0" ]; then
-		return
-	fi
-
-	local mac_addr
-	config_get mac_addr "$ac_section" "macaddr"
-	if [ -z "$mac_addr" ]; then
-		return
-	else
-		ACCESS_RULE="-m mac --mac-source $mac_addr"
-	fi
-
-	local access_policy
-	config_get access_policy "$ac_section" "access_policy"
-	if [ -z "$access_policy" ]; then
-		return # since system default is allow so no need to do anything
-	fi
-
-	# As per Data Model, if access policy is deny, then schedule is to be ignored
-	# and no access is to be provided for the device
-	if [ "$access_policy" == "Deny" ]; then
-		ACCESS_RULE="$ACCESS_RULE -j DROP"
-		add_access_rule "$ACCESS_RULE"
-		return # no need to parse schedule
-	fi
-
-	schedule_added="0"
-	# check if schedule is defined for this access_control instance
-	# and if yes, create rule accordingly
-	config_foreach handle_schedule  ac_schedule "$ac_section"
-
-	# for access rule to work, need to have default drop rule as last rule
-	if [ "$schedule_added" == "1" ]; then
-		IP_RULE="$ACCESS_RULE -j DROP"
-		add_access_rule "$IP_RULE"
-	fi
-}
-
-ACL_FILE="/tmp/hosts_access_control/access_control.rules"
-
-rm -f $ACL_FILE
-
-mkdir -p /tmp/hosts_access_control/
-touch $ACL_FILE
-
-echo "iptables -w -F hosts_forward" >> $ACL_FILE
-echo "ip6tables -w -F hosts_forward" >> $ACL_FILE
-
-hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward)
-if [ -z "$hosts_ipv4_forward" ]; then
-	echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
-	ret=$?
-	[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
-fi
-
-hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward)
-if [ -z "$hosts_ipv6_forward" ]; then
-	echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
-	ret=$?
-	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
-fi
-
-# Load /etc/config/hosts UCI file
-config_load hosts
-config_foreach handle_access_control access_control
-
-# apply the rules
-sh $ACL_FILE

icwmp/Config.in

@@ -0,0 +1,6 @@
+menu "Configuration"
+
+config ICWMP_MGMT_FROM_USP
+	bool "Support configuration of ManagementServer from USP"
+	default y
+endmenu

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.7.19
+PKG_VERSION:=9.8.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=db40cb6311003c9a49e78f0e2f740aae465266a8
+PKG_SOURCE_VERSION:=580f923cfc89aa9f151096d8606dde71e4604d08
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -32,8 +32,21 @@ define Package/icwmp
   SUBMENU:=TRx69
   TITLE:=TR069 CWMP client
   DEPENDS:=+libuci +libubox +libblobmsg-json +libubus +libjson-c +libcurl +mxml +libuuid +libbbfdm-api +libopenssl
+  MENU:=1
 endef
 
+define Package/icwmp/description
+ TR069 client implementation with bbfdm backend for TR181 support
+endef
+
+define Package/icwmp/config
+	source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(CONFIG_ICWMP_MGMT_FROM_USP),y)
+EXTRA_CFLAGS += -DCWMP_DUAL_SUPPORT=BBFDM_BOTH
+endif
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/icwmp/* $(PKG_BUILD_DIR)/
@@ -50,16 +63,11 @@ define Package/icwmp/install
 	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
-ifneq ($(CONFIG_FIREWALLMNGR_BACKEND_FIREWALLMNGR),y)
 	$(INSTALL_BIN) ./files/etc/firewall.cwmp $(1)/etc/firewall.cwmp
+	$(INSTALL_BIN) ./files/etc/critical_services.json $(1)/etc/icwmpd/critical_services.json
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
-	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
-else
-	$(INSTALL_DIR) $(1)/usr/share/icwmp
-	$(INSTALL_BIN) ./files/etc/init.d/icwmp_backend_firewallmngr/icwmpd $(1)/etc/init.d/icwmpd
-	$(INSTALL_BIN) ./files/script/icwmp_backend_firewallmngr/firewall_cwmp.sh $(1)/usr/share/icwmp/
-endif
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user

icwmp/files/etc/config/cwmp

@@ -41,6 +41,7 @@ config cpe 'cpe'
 	option active_notif_throttle '0'
 	option disable_gatewayinfo '0'
 	option fw_upgrade_keep_settings '1'
+	option clock_sync_timeout '128'
 	
 config lwn 'lwn'
 	option enable '0'

icwmp/files/etc/critical_services.json

@@ -0,0 +1,11 @@
+{
+	"services_list": [
+			"firewall",
+			"network",
+			"dhcp",
+			"stunc",
+			"xmpp",
+			"wireless",
+			"time"
+	]
+}

icwmp/files/etc/firewall.cwmp

@@ -6,7 +6,7 @@ log() {
 }
 
 get_firewall_zone() {
-	zone="$(uci show firewall|grep network|grep ${1}|cut -d. -f 2)"
+	zone="$(uci show firewall|grep network|grep -w ${1}|cut -d. -f 2)"
 	zone="${zone:-wan}" # defaults to wan zone
 	echo "$zone"
 }

icwmp/files/etc/init.d/icwmp_backend_firewallmngr/icwmpd

@@ -1,589 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2015-2019 iopsys Software Solutions AB
-
-START=99
-STOP=00
-
-USE_PROCD=1
-PROG="/usr/sbin/icwmpd"
-
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-include /lib/network
-
-log() {
-	echo "${@}"|logger -t cwmp.init -p info
-}
-
-regenerate_ssl_link() {
-	local cert_dir
-
-	cert_dir="${1%/}"
-	if [ -f "${cert_dir}" ]; then
-		return 0
-	fi
-
-	# do not generate the c_rehash if its system default cert path
-	# ca-certificate package already generates c_rehash on compilation
-	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
-
-	generate_links() {
-		local file_type="$1"
-		local files="${cert_dir}"/*."${file_type}"
-		for cfile in ${files}; do
-			if [ -f "${cfile}" ]; then
-				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-				if [ ! -f "${cert_dir}/${rehash}.0" ]; then
-					log "Generating c_rehash for ${cfile}=>${rehash}.0"
-					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
-				fi
-			fi
-		done
-	}
-
-	generate_links "pem"
-}
-
-enable_dhcp_option43() {
-	local wan="${1}"
-
-	### Ask for DHCP Option 43 only if CWMP is enabled ###
-	local reqopts="$(uci -q get network."${wan}".reqopts)"
-	local proto="$(uci -q get network."${wan}".proto)"
-	local newreqopts=""
-	local option43_present=0
-
-	for ropt in $reqopts; do
-		case $ropt in
-			43) option43_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	if [ ${option43_present} -eq 1 ]; then
-		return;
-	fi
-
-	newreqopts="$reqopts 43"
-	if [ "${proto}" = "dhcp" ]; then
-		uci -q set network."${wan}".reqopts="$newreqopts"
-		uci commit network
-		ubus call network reload
-	fi
-}
-
-convert_to_hex() {
-	local val=""
-	local optval="${1}"
-	OPTIND=1
-	while getopts ":" opt "-$optval"
-	do
-		temp=$(printf "%02X" "'${OPTARG:-:}")
-		val="${val}:${temp}"
-	done
-
-	echo "${val}"
-}
-
-configure_send_op125() {
-	local sendopt="${1}"
-	local intf="${2}"
-	local uci="${3}"
-	local hex_oui=""
-	local hex_serial=""
-	local hex_class=""
-	local oui_len=0
-	local serial_len=0
-	local class_len=0
-
-	if [ "${uci}" = "network" ]; then
-		local opt125="125:00:00:0D:E9"
-	else
-		if [ -z "${sendopt}" ]; then
-			local opt125="125,00:00:0D:E9"
-		else
-			local opt125=":00:00:0D:E9"
-		fi
-	fi
-
-	config_get oui cpe manufacturer_oui ""
-	if [ -z "${oui}" ]; then
-		oui=$(db -q get device.deviceinfo.ManufacturerOUI)
-	fi
-
-	oui=$(echo "${oui}" | tr 'a-f' 'A-F')
-
-	config_get serial cpe serial_number ""
-	if [ -z "${serial}" ]; then
-		serial=$(db -q get device.deviceinfo.SerialNumber)
-	fi
-
-	config_get class cpe product_class ""
-	if [ -z "${class}" ]; then
-		class=$(db -q get device.deviceinfo.ProductClass)
-	fi
-
-	oui_len=$(echo -n "${oui}" | wc -m)
-	serial_len=$(echo -n "${serial}" | wc -m)
-	class_len=$(echo -n "${class}" | wc -m)
-
-	if [ "${oui_len}" -eq 0 ] || [ "${serial_len}" -eq 0 ]; then
-		return 0
-	fi
-
-	opt125_len=$((oui_len + serial_len + class_len))
-	if [ "${class_len}" -gt 0 ]; then
-		opt125_len=$((opt125_len + 6))
-	else
-		opt125_len=$((opt125_len + 4))
-	fi
-
-	hex_opt125_len=$(printf "%02X" "${opt125_len}")
-	opt125="${opt125}:${hex_opt125_len}"
-	hex_oui=$(convert_to_hex "${oui}")
-	if [ -z "${hex_oui}" ]; then
-		return 0
-	fi
-
-	hex_oui_len=$(printf "%02X" "${oui_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:01:${hex_oui_len}${hex_oui}"
-	else
-		opt125="${opt125}:04:${hex_oui_len}${hex_oui}"
-	fi
-
-	hex_serial=$(convert_to_hex "${serial}")
-	if [ -z "${hex_serial}" ]; then
-		return 0
-	fi
-
-	hex_serial_len=$(printf "%02X" "${serial_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:02:${hex_serial_len}${hex_serial}"
-	else
-		opt125="${opt125}:05:${hex_serial_len}${hex_serial}"
-	fi
-
-	if [ "${class_len}" -gt 0 ]; then
-		hex_class=$(convert_to_hex "${class}")
-		if [ -z "${hex_class}" ]; then
-			return 0
-		fi
-
-		hex_class_len=$(printf "%02X" "${class_len}")
-		if [ "${uci}" = "network" ]; then
-			opt125="${opt125}:03:${hex_class_len}${hex_class}"
-		else
-			opt125="${opt125}:06:${hex_class_len}${hex_class}"
-		fi
-	fi
-
-
-	if [ "${uci}" = "network" ]; then
-		new_send_opt="$sendopt $opt125"
-		uci -q set network."${intf}".sendopts="$new_send_opt"
-	else
-		new_send_opt="$sendopt$opt125"
-		uci -q add_list dhcp."${intf}".dhcp_option="$new_send_opt"
-	fi
-}
-
-check_for_suboptions() {
-	# Check if option 4 and 5 present inside enterprise id 3561
-	data=$(echo "${1}" | sed 's/://g')
-	len=$(printf "${data}"|wc -c)
-
-	rem_len="${len}"
-	while [ $rem_len -gt 8 ]; do
-		subopt_present=0
-
-		ent_id="${data:0:8}"
-		ent_id=$(printf "%d\n" "0x$ent_id")
-		if [ $ent_id -ne 3561 ]; then
-			len_val=${data:8:2}
-			data_len=$(printf "%d\n" "0x$len_val")
-			# add 4 byte for ent_id and 1 byte for len
-			data_len=$(( data_len * 2 + 10 ))
-			# move ahead data to next enterprise id
-			data=${data:"${data_len}":"${rem_len}"}
-			rem_len=$(( rem_len - data_len ))
-			continue
-		fi
-
-		# read the length of enterprise data
-		len_val=${data:8:2}
-		data_len=$(printf "%d\n" "0x$len_val")
-		# add 4 byte for ent_id and 1 byte for len
-		data_len=$(( data_len * 2 + 10 ))
-
-		len_val=${data:8:2}
-		opt_len=$(printf "%d\n" "0x$len_val")
-		if [ $opt_len -eq 0 ]; then
-			echo ${subopt_present}
-			return 0
-		fi
-
-		# populate the option data of enterprise id
-		sub_data_len=$(( opt_len * 2))
-		# starting 10 means ahead of length field
-		sub_data=${data:10:"${sub_data_len}"}
-
-		# parsing of suboption of option 125
-		while [ $sub_data_len -gt 0 ]; do
-			# get the suboption id
-			sub_opt_id=${sub_data:0:2}
-			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
-			case "${sub_opt_id}" in
-			"4") subopt_present=1
-			;;
-			"5") subopt_present=1
-			;;
-			esac
-
-			if [ ${subopt_present} -eq 1 ]; then
-				break;
-			fi
-
-			# get the length of suboption
-			sub_opt_len=${sub_data:2:2}
-			sub_opt_len=$(printf "%d\n" "0x$sub_opt_len")
-			sub_opt_len=$(( sub_opt_len * 2 ))
-
-			# add 2 bytes for sub_opt id and sub_opt len field
-			sub_opt_end=$(( sub_opt_len + 4 ))
-
-			# update the remaining sub option hex string length
-			sub_data_len=$((sub_data_len - sub_opt_end))
-
-			# fetch next sub option hex string
-			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
-		done
-
-		if [ ${subopt_present} -eq 1 ]; then
-			break;
-		else
-			# move ahead data to next enterprise id
-			rem_len=$(( rem_len - $data_len ))
-			data=${data:"${data_len}":"${rem_len}"}
-		fi
-	done
-
-	echo ${subopt_present}
-}
-
-enable_dnsmasq_option125() {
-	local lan="${1}"
-	local send125_present=0
-	local opt125="125,"
-
-	local proto="$(uci -q get dhcp."${lan}".dhcpv4)"
-	if [ "${proto}" = "server" ]; then
-		opt_list="$(uci -q get dhcp."${lan}".dhcp_option)"
-		base_opt=""
-
-		for sopt in $opt_list; do
-			if [[ "$sopt" == "$opt125"* ]]; then
-				send125_present=$(check_for_suboptions "${sopt:4}")
-				base_opt="${sopt}"
-				break
-			fi
-		done
-
-		if [ ${send125_present} -eq 0 ]; then
-			uci -q del_list dhcp."${lan}".dhcp_option="${base_opt}"
-			configure_send_op125 "${base_opt}" "${lan}" "dhcp"
-			ubus call uci commit '{"config":"dhcp"}'
-		fi
-	fi
-}
-
-set_vendor_id() {
-	local wan="${1}"
-	local proto="$(uci -q get network."${wan}".proto)"
-
-	if [ "${proto}" = "dhcp" ]; then
-		vendorid="$(uci -q get network."${wan}".vendorid)"
-		if [ -z "${vendorid}" ]; then
-			uci -q set network."${wan}".vendorid="dslforum.org"
-			ubus call uci commit '{"config":"network"}'
-		elif [[ $vendorid != *"dslforum.org"* ]]; then
-			uci -q set network."${wan}".vendorid="${vendorid},dslforum.org"
-			ubus call uci commit '{"config":"network"}'
-		fi
-	fi
-}
-
-enable_dhcp_option125() {
-	local wan="${1}"
-	local reqopts="$(uci -q get network."${wan}".reqopts)"
-	local sendopts="$(uci -q get network."${wan}".sendopts)"
-	local proto="$(uci -q get network."${wan}".proto)"
-	local newreqopts=""
-	local newsendopts=""
-	local req125_present=0
-	local send125_present=0
-	local network_uci_update=0
-	local opt125="125:"
-
-	for ropt in $reqopts; do
-		case $ropt in
-			125) req125_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	for sopt in $sendopts; do
-		if [[ "$sopt" == "$opt125"* ]]; then
-			send125_present=1
-			break
-		fi
-	done
-
-	if [ "${proto}" = "dhcp" ]; then
-		if [ ${req125_present} -eq 0 ]; then
-			newreqopts="$reqopts 125"
-			uci -q set network."${wan}".reqopts="$newreqopts"
-			network_uci_update=1
-		fi
-
-		if [ ${send125_present} -eq 0 ]; then
-			configure_send_op125 "${sendopts}" "${wan}" "network"
-			network_uci_update=1
-		fi
-	fi
-
-	if [ ${network_uci_update} -eq 1 ]; then
-		uci commit network
-		ubus call network reload
-	fi
-}
-
-wait_for_resolvfile() {
-	local time=$1
-	local tm=1
-
-	local resolvfile="$(uci -q get dhcp.@dnsmasq[0].resolvfile)"
-	[ -n "$resolvfile" ] || return
-
-	while [ ! -f "$resolvfile" ]; do
-		sleep 1
-		[ "$tm" -ge "$time" ] && break
-		tm=$((tm+1))
-	done
-}
-
-copy_cwmp_etc_files_to_varstate() {
-	mkdir -p /var/run/icwmpd
-
-	if [ -f /etc/icwmpd/icwmpd_backup_session.xml ]; then
-		cp -f /etc/icwmpd/icwmpd_backup_session.xml /var/run/icwmpd/ 2>/dev/null
-	fi
-
-	if [ -f /etc/icwmpd/dm_enabled_notify.xml ]; then
-		cp -f /etc/icwmpd/dm_enabled_notify /var/run/icwmpd/ 2>/dev/null
-	fi
-}
-
-copy_cwmp_varstate_files_to_etc() {
-	if [ -f /var/run/icwmpd/icwmpd_backup_session.xml ]; then
-		cp -f /var/run/icwmpd/icwmpd_backup_session.xml /etc/icwmpd/ 2>/dev/null
-	fi
-
-	if [ -f /var/run/icwmpd/dm_enabled_notify.xml ]; then
-		cp -f /var/run/icwmpd/dm_enabled_notify /etc/icwmpd/ 2>/dev/null
-	fi
-
-	# move the successful custom notify import marker to persistent storage
-	if [ -f /var/run/icwmpd/icwmpd_notify_import_marker ]; then
-		cp -f /var/run/icwmpd/icwmpd_notify_import_marker /etc/icwmpd/
-	fi
-}
-
-validate_acs_section()
-{
-	uci_validate_section cwmp acs "acs" \
-		'passwd:string' \
-		'periodic_inform_enable:bool' \
-		'periodic_inform_interval:uinteger' \
-		'periodic_inform_time:string' \
-		'url:string' \
-		'dhcp_discovery:string' \
-		'skip_dhcp_boot_options:bool:0' \
-		'dhcp_url:string' \
-		'compression:or("GZIP","Deflate","Disabled")' \
-		'retry_min_wait_interval:range(1, 65535)' \
-		'retry_interval_multiplier:range(1000, 65535)' \
-		'ssl_capath:string'
-
-}
-
-validate_cpe_section()
-{
-	uci_validate_section cwmp cpe "cpe" \
-		'interface:string' \
-		'default_wan_interface:string' \
-		'log_to_console:or("enable","disable")' \
-		'log_to_file:or("enable","disable")' \
-		'log_severity:or("EMERG", "ALERT", "CRITIC" ,"ERROR", "WARNING", "NOTICE", "INFO", "DEBUG")' \
-		'log_file_name:string' \
-		'log_max_size:uinteger' \
-		'userid:string' \
-		'passwd:string' \
-		'port:uinteger' \
-		'provisioning_code:string:""' \
-		'amd_version:range(1, 6)' \
-		'instance_mode:or("InstanceNumber","InstanceAlias")' \
-		'session_timeout:uinteger' \
-		'notification:bool' \
-		'exec_download:bool' \
-		'periodic_notify_enable:bool' \
-		'enable:bool:1' \
-		'periodic_notify_interval:uinteger' \
-		'fw_upgrade_keep_settings:bool'
-}
-
-validate_defaults() {
-	local ssl_capath enable url dhcp_url
-
-	config_load cwmp
-
-	validate_acs_section || {
-		log "Validation of acs section failed"
-		return 1;
-	}
-
-	if [ -z "${url}" ] && [ -z "${dhcp_url}" ]; then
-		log "No ACS URL is configured"
-		return 1
-	fi
-
-	ssl_capath="${ssl_capath%/}"
-	# Put the cert pem file in keep list
-	if [ -d "${ssl_capath}" ] && [ "${ssl_capath}" != "/etc/ssl/certs" ]; then
-		if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then
-			echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp
-			echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp
-		fi
-	fi
-
-	validate_cpe_section || {
-		log "Validation of cpe section failed"
-		return 1;
-	}
-
-	if [ "$enable" = "0" ]; then
-		log "CWMP service disabled"
-		return 1
-	fi
-
-	return 0;
-}
-
-boot() {
-	local dhcp_discovery wan_interface skip_dhcp_boot_options disable_gatewayinfo
-
-	config_load cwmp
-	config_get wan_interface cpe default_wan_interface "wan"
-	config_get disable_gatewayinfo cpe disable_gatewayinfo "0"
-
-	config_get dhcp_discovery acs dhcp_discovery "0"
-	config_get dhcp_discovery acs dhcp_discovery "0"
-	config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0"
-
-	if [ "${dhcp_discovery}" = "enable" ] || [ "${dhcp_discovery}" = "1" ]; then
-		if [ "${skip_dhcp_boot_options}" -ne 1 ]; then
-			# Set dhcp option 43 if not already configured
-			enable_dhcp_option43 "${wan_interface}"
-			# Set dhcp option 60
-			set_vendor_id "${wan_interface}"
-		fi
-	fi
-
-	config_get lan_interface cpe default_lan_interface ""
-	if [ -n "${lan_interface}" ]; then
-		if [ "${disable_gatewayinfo}" -ne 1 ]; then
-			# Set dhcp_option 125 if not already configured
-			enable_dhcp_option125 "${wan_interface}"
-			enable_dnsmasq_option125 "${lan_interface}"
-		fi
-	fi
-	
-	config_get ssl_capath acs ssl_capath
-
-	if [ -n "${ssl_capath}" ]; then
-		regenerate_ssl_link "${ssl_capath}"
-	fi
-
-	# Copy backup data so that if it restart latter on, it gets the info
-	copy_cwmp_etc_files_to_varstate
-	mkdir -p /var/run/icwmpd/
-	touch /var/run/icwmpd/cwmp
-
-	start
-}
-
-start_service() {
-
-	sh /usr/share/icwmp/firewall_cwmp.sh
-	procd_open_instance icwmp
-
-	validate_defaults || {
-		log "Validation of defaults failed"
-		procd_close_instance
-		return 1;
-	}
-
-	procd_set_param command "$PROG"
-	procd_append_param command -b
-
-	procd_set_param respawn \
-		"${respawn_threshold:-5}" \
-		"${respawn_timeout:-10}" "${respawn_retry:-3}"
-
-	procd_close_instance
-}
-
-stop_service()
-{
-	copy_cwmp_varstate_files_to_etc
-}
-
-reload_service() {
-	local ret
-
-	log "Reload service $ret"
-	ret="0"
-
-	validate_defaults || {
-		stop
-		start
-		return 0;
-	}
-
-	ret=$(ubus call service list '{"name":"icwmpd"}' | jsonfilter -qe '@.icwmpd.instances.icwmp.running')
-	if [ "$ret" != "true" ]; then
-		log "Reloading cwmp service ..."
-		stop
-		start
-		return 0
-	fi
-
-	tr069_status="$(ubus -t 1 call tr069 status)"
-	ret="$?"
-	if [ "$ret" = "7" ]; then
-		# ubus timed out may be due to uloop is busy in some task so return
-		log "Skipping ubus reload due to ubus timeout"
-		return 0
-	fi
-
-	status="$(echo "${tr069_status}" | jsonfilter -qe '@.cwmp.status')"
-	if [ "$status" = "up" ]; then
-		ubus -t 1 call tr069 command '{"command":"reload"}'
-	fi
-}
-
-service_triggers() {
-       procd_add_reload_trigger "cwmp"
-}
-

icwmp/files/script/icwmp_backend_firewallmngr/firewall_cwmp.sh

@@ -1,107 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-order_offset=2
-
-get_firewall_zone() {
-	zone="$(uci show firewall|grep network|grep ${1}|cut -d. -f 2)"
-	zone="${zone:-wan}" # defaults to wan zone
-	echo "$zone"
-}
-
-cleanup_rule_firewallmngr() {
-	local rule_sec="$1"
-
-	config_get description "$rule_sec" "name"
-	[ "$description" = "Open_ACS_port" ] || return
-	uci -q delete firewallmngr."$rule_sec"
-	order_offset=0
-
-}
-
-reorder_previous_rule() {
-	local rule_sec="$1"
-	local order
-
-	config_get order "$rule_sec" "order"
-	[ -n $order ] || return
-	uci set firewallmngr."$rule_sec".order=$(( order + order_offset ))
-}
-
-enable="$(uci -q get cwmp.cpe.enable)"
-enable="${enable:-1}"
-
-if [ "$enable" -eq 0 ]; then
-	exit 0;
-fi
-
-wan="$(uci -q get cwmp.cpe.default_wan_interface)"
-wan="${wan:-wan}"
-
-zone_name="$(get_firewall_zone $wan)"
-active_level=$(uci -q get firewallmngr.firewall.advanced_level)
-active_chain=$(uci -q get firewallmngr."$active_level".chain)
-
-port=$(uci -q get cwmp.cpe.port)
-port="${port:-7547}"
-
-incoming_rule=$(uci -q get cwmp.cpe.incoming_rule|awk '{print tolower($0)}')
-incoming_rule="${incoming_rule:-port_only}"
-
-ipaddr=$(uci -c /var/state -q get icwmp.acs.ip)
-ip6addr=$(uci -c /var/state -q get icwmp.acs.ip6)
-
-config_load firewallmngr
-config_foreach cleanup_rule_firewallmngr "rule"
-config_foreach reorder_previous_rule "rule"
-rule_sec=$(uci add firewallmngr rule)
-rule1_sec=$(uci add firewallmngr rule)
-uci set firewallmngr."$rule_sec".family="4"
-uci set firewallmngr."$rule1_sec".family="6"
-uci set firewallmngr."$rule_sec".src="$zone_name"
-uci set firewallmngr."$rule1_sec".src="$zone_name"
-uci set firewallmngr."$rule_sec".chain="$active_chain"
-uci set firewallmngr."$rule1_sec".chain="$active_chain"
-uci set firewallmngr."$rule_sec".proto="6"
-uci set firewallmngr."$rule1_sec".proto="6"
-uci set firewallmngr."$rule_sec".order="1"
-uci set firewallmngr."$rule1_sec".order="2"
-uci reorder firewallmngr."$rule_sec"=1
-uci reorder firewallmngr."$rule1_sec"=2
-
-# default incoming rule is Port only
-if [ "${incoming_rule}" = "ip_only" ]; then
-	if [ -n "${ipaddr}" ]; then
-		uci -q set firewallmngr."$rule_sec".source_ip=${ipaddr}
-	fi
-	if [ -n "${ip6addr}" ]; then
-		uci -q set firewallmngr."$rule1_sec".source_ip=${ip6addr}
-	fi
-elif [ "${incoming_rule}" = "port_only" ]; then
-	if [ -n "${port}" ]; then
-		uci -q set firewallmngr."$rule_sec".dest_port=${port}
-		uci -q set firewallmngr."$rule1_sec".dest_port=${port}
-	fi
-else
-	if [ -n "${ipaddr}" ]; then
-		uci -q set firewallmngr."$rule_sec".source_ip=${ipaddr}
-	fi
-
-	if [ -n "${ip6addr}" ]; then
-		uci -q set firewallmngr."$rule1_sec".source_ip=${ip6addr}
-	fi
-
-	if [ -n "${port}" ]; then
-		uci -q set firewallmngr."$rule_sec".dest_port=${port}
-		uci -q set firewallmngr."$rule1_sec".dest_port=${port}
-	fi
-fi
-
-uci set firewallmngr."$rule_sec".name="Open_ACS_port"
-uci set firewallmngr."$rule1_sec".name="Open_ACS_port"
-uci set firewallmngr."$rule_sec".target="Accept"
-uci set firewallmngr."$rule1_sec".target="Accept"
-uci set firewallmngr."$rule_sec".enable="1"
-uci set firewallmngr."$rule1_sec".enable="1"
-ubus call uci commit '{"config":"firewallmngr"}'
-

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.4.6
+PKG_VERSION:=8.5.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=e2f68a0ba54a6abf3481cdbb24d2dcc81e7f199c
+PKG_SOURCE_VERSION:=b0e9ef0934888281ba7db7843738e56e6541665a
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.0
+PKG_VERSION:=2.1.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=1f82436531d4bb094b0b74e99613e0dfc84eada3
+PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libethernet/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libethernet
-PKG_VERSION:=7.2.109
+PKG_VERSION:=7.2.110
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=cc72f5ab0171cd0fc29bb48dafff6751ab2f0d9c
+PKG_SOURCE_VERSION:=d94e3029e4e9d14907fd6b283218defb4d319f5a
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libethernet.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.5.0
+PKG_VERSION:=7.5.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b85c43cca01d001a90604e11c7cf9286a5332c33
+PKG_SOURCE_VERSION:=e93fcd63354489846e5bb2450c7e8059774577d5
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

logmngr/Config.in

@@ -0,0 +1,26 @@
+if PACKAGE_logmngr
+choice
+	prompt "Select backend for syslog management"
+	default LOGMNGR_BACKEND_FLUENTBIT
+	depends on PACKAGE_logmngr
+	help
+		Select which backend daemon to use for syslog management
+
+config LOGMNGR_BACKEND_FLUENTBIT
+	bool "Use fluent-bit for log management"
+	help
+		Enable this option to use fluent-bit for log management.
+
+config LOGMNGR_BACKEND_SYSLOG_NG
+	bool "Use syslog-ng for log management"
+	help
+		Enable this option to use syslog-ng for log management.
+
+endchoice
+config LOGMNGR_LOGROTATE
+	bool "Logrotate support"
+	depends on PACKAGE_logmngr
+	default y
+	help
+		It adds support for logrotate functionality.
+endif

logmngr/Makefile

@@ -0,0 +1,74 @@
+#
+# Copyright (C) 2024 iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=logmngr
+PKG_VERSION:=1.0.1
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
+PKG_SOURCE_VERSION:=ec10abb3cc0f3b96eb806c9c67e18d9d134287e9
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+MAKE_PATH:=bbf_plugin
+
+define Package/logmngr
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Logging Manager
+ DEPENDS:=+libbbfdm-api +LOGMNGR_BACKEND_FLUENTBIT:fluent-bit +LOGMNGR_LOGROTATE:logrotate
+ DEPENDS+=+LOGMNGR_BACKEND_SYSLOG_NG:syslog-ng
+endef
+
+define Package/logmngr/description
+	Configure log management. This package has the datamodel as well as the
+	the backend implementation for handling syslog.
+endef
+
+define Package/$(PKG_NAME)/config
+        source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ./logmngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/logmngr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/logmngr.init $(1)/etc/init.d/logmngr
+
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) ./files/logread $(1)/usr/sbin
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/10-logmngr_config_generate $(1)/etc/uci-defaults/
+
+	$(INSTALL_DIR) $(1)/lib/logmngr
+ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
+	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/.
+endif
+ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
+	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/.
+endif
+	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1)
+ifeq ($(CONFIG_LOGMNGR_LOGROTATE),y)
+	$(INSTALL_BIN) ./files/11-logmngr_logrotate_config_generate $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/lib/logmngr/logrotate.sh $(1)/lib/logmngr/.
+	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbflogrotate.so $(1)
+endif
+endef
+
+$(eval $(call BuildPackage,logmngr))

logmngr/files/10-logmngr_config_generate

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+if [ -s "/etc/config/logmngr" ]; then
+	if uci -q get logmngr.@globals[0] >/dev/null; then
+		# return if there is any valid content
+		exit
+	else
+		rm -f /etc/config/logmngr
+	fi
+fi
+touch /etc/config/logmngr
+
+uci set logmngr.globals=globals
+uci set logmngr.globals.enable=1
+
+uci set logmngr.a1=action
+uci set logmngr.a1.name="ac1"
+
+uci set logmngr.lf1=log_file
+uci set logmngr.lf1.enable=1
+uci set logmngr.lf1.action="ac1"
+uci set logmngr.lf1.file="/var/log/messages"
+uci commit logmngr

logmngr/files/11-logmngr_logrotate_config_generate

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+if [ -s "/etc/config/logmngr" ]; then
+	if uci -q get logmngr.@log_rotate[0] >/dev/null; then
+		# return if there is any valid content
+		exit
+	fi
+	uci set logmngr.lro1=log_rotate
+	uci set logmngr.lro1.enable=1
+	uci set logmngr.lro1.file_name="/var/log/messages"
+	uci set logmngr.lro1.file_count=1
+	uci set logmngr.lro1.max_file_size=1000000
+	uci commit logmngr
+fi

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -0,0 +1,319 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /lib/logmngr/logrotate.sh
+
+CONF_FILE=/etc/fluent-bit/fluent-bit.conf
+TMP_CONF_FILE=/tmp/fluent-bit/fluent-bit.conf
+
+create_config_file() {
+	mkdir -p /tmp/fluent-bit
+	rm -f ${TMP_CONF_FILE}
+	touch ${TMP_CONF_FILE}
+}
+
+create_service_section() {
+	# the service section of the fluent-bit.conf file has hardcoded values,
+	# no need to lookup any uci section to configure this section
+	echo "[SERVICE]" >> ${TMP_CONF_FILE}
+	echo "    flush        3" >> ${TMP_CONF_FILE}
+	echo "    daemon       off" >> ${TMP_CONF_FILE}
+	echo "    log_level    info" >> ${TMP_CONF_FILE}
+	echo "    parsers_file /etc/fluent-bit/parsers.conf" >> ${TMP_CONF_FILE}
+}
+
+create_input_section() {
+	local tag="$1"
+	# the input in our case is always syslog, hence, this section of the
+	# fluent-bit.conf file has hardcoded values as well that do not depend
+	# on any uci value
+	echo "[INPUT]" >> ${TMP_CONF_FILE}
+	echo "    name        syslog" >> ${TMP_CONF_FILE}
+	echo "    tag         $tag" >> ${TMP_CONF_FILE}
+	echo "    path        /dev/log" >> ${TMP_CONF_FILE}
+}
+
+generate_facility_regex() {
+	local facility_level=$1
+	local pri=0
+
+	if [ "$facility_level" == "24" ]; then
+		# value 24 means all facility level, which is as good as not
+		# generating a filter section, so return
+		return
+	fi
+
+	# facility_level is a list value, hence, generate regex for
+	# each value
+	IFS=" "
+	for val in $facility_level; do
+		# as per rfc 5424 and 3164, pri in syslog msg is
+		# facility*8+severity. Severity value can range from 0-7 hence
+		# generate regex for each.
+		for sval in 0 1 2 3 4 5 6 7; do
+			pri=`expr $val \* 8 + $sval`
+			echo "    regex        pri $pri" >> ${TMP_CONF_FILE}
+		done
+	done
+
+}
+
+generate_severity_regex() {
+	local sev_level="$1"
+	local sev_compare="$2"
+	local sev_action="$3"
+
+	local pri=0
+	local param="exclude"
+
+	if [ "$sev_action" == "0" ]; then
+		param="regex"
+	fi
+
+	local fval=0
+	if [ "$sev_compare" == "0" ]; then
+		# generate regex for all facility values, with severity=sev_level
+		while [ $fval -le 23 ] ; do
+			pri=`expr $fval \* 8 + $sev_level`
+			echo "    $param        pri $pri" >> ${TMP_CONF_FILE}
+			fval=$((fval + 1))
+		done
+	elif [ "$sev_compare" == "1" ]; then
+		# generate regex for all severity value greater than or equal to
+		# sev_level. please, lower value have higher precedence, so sev_level
+		# 0 which is emergency has higher precedence than error which is 3
+		while [ $fval -le 23 ] ; do
+			sval=0
+			while [ $sev_level -ge $sval ]; do
+				pri=`expr $fval \* 8 + $sval`
+				echo "    $param        pri $pri" >> ${TMP_CONF_FILE}
+				sval=$((sval + 1))
+			done
+			fval=$((fval + 1))
+		done
+	fi
+}
+
+handle_filter_conf() {
+	local section="$1" # config filter
+	local filter_name="$2"
+	local name
+
+	# no need to proceed if name of filter section is not one of the values
+	# listed in option filter in config action section
+	config_get name $section name
+	if [ "$name" != "$filter_name" ]; then
+		return
+	fi
+
+	# as per data model, at a time either facility_level or severity_level can
+	# be specified along with pattern_match. hence, first process and generate
+	# regex for pattern_match which is common in both condition. Next, we will
+	# process facility_level and return if facility level is defined and not
+	# process severity related params at all.
+
+	local pattern_match
+	config_get pattern_match $section pattern_match
+	if [ -n "$pattern_match" ]; then
+		echo "    regex        $pattern_match" >> ${TMP_CONF_FILE}
+	fi
+
+	local facility_level
+	config_get facility_level $section facility_level
+
+	if [ -n "$facility_level" ]; then
+		generate_facility_regex $facility_level
+		# return from here since if facility_level is defined, then no
+		# need to process severity_level
+		return
+	fi
+
+	local sev_level
+	local sev_compare
+	local sev_action
+	config_get sev_level $section severity_level
+
+	if [ -n "$sev_level" ]; then
+		# value 1 of severity compare corresponds to data model
+		# and system default which is EqualorHigher
+		config_get sev_compare $section severity_compare 1
+		# value 0 of severity action corresponds to data model
+		# and system default that is log
+		config_get sev_action $section severity_action 0
+
+		generate_severity_regex $sev_level $sev_compare $sev_action
+	fi
+}
+
+create_filter_section() {
+	local match="$1"
+
+	echo "[FILTER]" >> ${TMP_CONF_FILE}
+	echo "    name        grep" >> ${TMP_CONF_FILE}
+	echo "    match       $match" >> ${TMP_CONF_FILE}
+	echo "    logical_op  or" >> ${TMP_CONF_FILE} # handle multiple filters
+}
+
+handle_filter_ref() {
+	local filter_name="$1"
+	config_foreach handle_filter_conf filter "$filter_name"
+}
+
+handle_log_file() {
+	local section="$1" # out_file section
+	local match="$2"
+	local action_ref
+
+	config_get action_ref $section action
+	if [ "$action_ref" != "$match" ]; then
+		return
+	fi
+
+	local enabled
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
+		return
+	fi
+
+	local file
+	config_get file $section file
+	if [ -z "$file" ]; then
+		return
+	fi
+
+	echo "[OUTPUT]" >> ${TMP_CONF_FILE}
+	echo "    name         file" >> ${TMP_CONF_FILE}
+	echo "    match        $match" >> ${TMP_CONF_FILE}
+	echo "    file        $file" >> ${TMP_CONF_FILE}
+}
+
+handle_log_remote() {
+	local section="$1"
+	local match="$2"
+	local action_ref
+
+	config_get action_ref $section action
+	if [ "$action_ref" != "$match" ]; then
+		return
+	fi
+
+	local enabled
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
+		return
+	fi
+
+
+	local address
+	config_get address $section log_ip
+	if [ -z "$address" ]; then
+		return
+	fi
+
+	echo "[OUTPUT]" >> ${TMP_CONF_FILE}
+	echo "    name         syslog" >> ${TMP_CONF_FILE}
+	echo "    match        $match" >> ${TMP_CONF_FILE}
+	echo "    host         $address" >> ${TMP_CONF_FILE}
+
+	local proto # holds value tcp or udp
+	config_get proto $section proto
+	if [ -n "$proto" ]; then
+		if [ "$proto" == "tls" ]; then
+			echo "    mode         tcp" >> ${TMP_CONF_FILE}
+			echo "    tls          on" >> ${TMP_CONF_FILE}
+		else
+			echo "    mode         $proto" >> ${TMP_CONF_FILE}
+		fi
+	fi
+
+	local port
+	config_get port $section port
+	if [ -n "$port" ]; then
+		echo "    port         $port" >> ${TMP_CONF_FILE}
+	fi
+
+	local cert
+	local peer_verify
+	config_get cert $section cert
+	if [ -n "$cert" ]; then
+		echo "    tls.crt_file $cert" >> ${TMP_CONF_FILE}
+
+		config_get peer_verify $section peer_verify
+		if [ "$peer_verify" == "1" ]; then
+			echo "    tls.verify     on" >> ${TMP_CONF_FILE}
+		fi
+	fi
+}
+
+handle_action() {
+	local section="$1"
+
+	local filter
+	config_get filter $section filter
+
+	# use config action option name as tag for input
+	local tag
+	config_get tag $section name
+	if [ -z "$tag" ]; then
+		return
+	fi
+
+	create_input_section $tag
+	if [ -n "$filter" ]; then
+		# the only fluentbit filter that is useful for the datamodel is
+		# grep. Also, fluentbit does not seem to handle multiple instances
+		# of FILTER of same kind. Hence, each filter section corresponding
+		# to an action entry in the uci would translate for us into a set of
+		# regex/exclude values instead of individual FILTER section per uci
+		# section filter is a list, treat according
+		create_filter_section $tag
+
+		IFS=" "
+		for finst in $filter; do
+			handle_filter_ref $finst
+		done
+	fi
+
+	# handle output, each action can be associated with a out_log and out_syslog
+	# section so figure out if any out_log or out_syslog section is associated
+	# with this and action and setup output accordingly.
+	config_foreach handle_log_file log_file "$tag"
+	config_foreach handle_log_remote log_remote "$tag"
+
+
+}
+
+handle_action_section() {
+	config_foreach handle_action action
+}
+
+apply_config_file() {
+	cp ${TMP_CONF_FILE} ${CONF_FILE}
+}
+
+PROG=/usr/sbin/fluent-bit
+logmngr_init() {
+	create_config_file
+
+	config_load logmngr
+	local enabled
+	config_get enabled globals enable
+
+	if [ "$enabled" == "0" ]; then
+		return
+	fi
+
+	create_service_section
+	handle_action_section
+	apply_config_file
+
+	if [ -f /lib/logmngr/logrotate.sh ]; then
+		logrotate_init
+	fi
+
+	procd_open_instance logmngr
+	procd_set_param command $PROG -c $CONF_FILE
+	procd_set_param file $CONF_FILE
+	procd_set_param respawn
+	procd_close_instance
+}

logmngr/files/lib/logmngr/logrotate.sh

@@ -0,0 +1,96 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+LOGROTATE_FILE=/etc/logrotate.conf
+LOGROTATE_TMP_FILE=/tmp/logrotate/logrotate.conf
+
+create_logrotate_file() {
+	mkdir -p /tmp/logrotate
+	rm -f ${LOGROTATE_TMP_FILE}
+	touch ${LOGROTATE_FILE}
+}
+
+
+handle_logrotate() {
+	local section="$1"
+
+	local enabled
+	config_get enabled $section enable
+	if [ "$enabled" == "0" ]; then
+		return
+	fi
+
+	local file_name
+	config_get file_name $section file_name
+	if [ -z "$file_name" ]; then
+		# no file to rotate, return
+		return
+	fi
+
+	echo -e "$file_name {" >> ${LOGROTATE_TMP_FILE}
+	echo -e "\tcreate" >> ${LOGROTATE_TMP_FILE}
+	echo -e "\tmissingok" >> ${LOGROTATE_TMP_FILE}
+	echo -e "\tnotifempty" >> ${LOGROTATE_TMP_FILE}
+
+	local file_count
+	config_get file_count $section file_count
+	if [ -n "$file_count" ]; then
+		echo -e "\trotate $file_count" >> ${LOGROTATE_TMP_FILE}
+	fi
+
+	local max_file_size
+	config_get max_file_size $section max_file_size
+	if [ -n "$max_file_size" ]; then
+		echo -e "\tmaxsize $max_file_size" >> ${LOGROTATE_TMP_FILE}
+	fi
+
+	local duration
+	config_get duration $section duration
+	if [ -n "$duration" ]; then
+		echo -e "\tminutes $duration" >> ${LOGROTATE_TMP_FILE}
+	fi
+
+	local retention
+	config_get retention $section retention
+	if [ -n "$retention" ]; then
+		echo -e "\tmaxage $retention" >> ${LOGROTATE_TMP_FILE}
+	fi
+
+	local compression
+	config_get compression $section compression
+	if [ -n "$compression" ]; then
+		echo -e "\tcompress" >> ${LOGROTATE_TMP_FILE}
+		echo -e "\tcompresscmd $compression" >> ${LOGROTATE_TMP_FILE}
+	fi
+
+	echo -e "\tpostrotate" >> ${LOGROTATE_TMP_FILE}
+	echo -e "\t\tservice logmngr restart" >> ${LOGROTATE_TMP_FILE}
+	echo -e "\t\tsleep 1" >> ${LOGROTATE_TMP_FILE}
+	echo -e "\tendscript" >> ${LOGROTATE_TMP_FILE}
+	echo -e "}" >> ${LOGROTATE_TMP_FILE} # close the logfile section
+}
+
+apply_logrotate_file() {
+	cp ${LOGROTATE_TMP_FILE} ${LOGROTATE_FILE}
+}
+
+config_cron_job() {
+	# taking the liberty to configure the cron job hourly, that is, at the end
+	# of each hour, check if logrotation is needed. The logrotate daemon, when
+	# triggered hourly, will still honour the configure log rotation duration,
+	# the only slight different being that if the minutes for log rotation
+	# are configured in such a way that it falls within the hour, then the
+	# log rotation will be done at the completion of hour and not before. I do
+	# not think this is a drawback in the interest of keeping things simple.
+	sed -i '/logrotate/d' /etc/crontabs/root
+	echo "0 * * * * logrotate ${LOGROTATE_FILE}" >> /etc/crontabs/root
+	/etc/init.d/cron restart
+}
+
+logrotate_init() {
+	create_logrotate_file
+	config_foreach handle_logrotate log_rotate
+	apply_logrotate_file
+	config_cron_job
+}

logmngr/files/lib/logmngr/syslog-ng.sh

@@ -0,0 +1,345 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /lib/logmngr/logrotate.sh
+
+CONF_FILE=/etc/syslog-ng.conf
+TMP_CONF_FILE=/tmp/syslog-ng/syslog-ng.conf
+
+create_config_file() {
+	mkdir -p /tmp/syslog-ng
+	rm -f ${TMP_CONF_FILE}
+	touch ${TMP_CONF_FILE}
+}
+
+create_option_section() {
+	# the option section of the syslog-ng.conf file has hardcoded values,
+	# no need to lookup any uci section to configure this section
+	echo -e "@version: 4.4" >> ${TMP_CONF_FILE}
+	echo -e '@include "scl.conf"' >> ${TMP_CONF_FILE}
+	echo -e "options {" >> ${TMP_CONF_FILE}
+	echo -e "\tchain_hostnames(no);" >> ${TMP_CONF_FILE}
+	echo -e "\tcreate_dirs(yes);" >> ${TMP_CONF_FILE}
+	echo -e "\tkeep_hostname(yes);" >> ${TMP_CONF_FILE}
+	echo -e "\tlog_fifo_size(256);" >> ${TMP_CONF_FILE}
+	echo -e "\tlog_msg_size(1024);" >> ${TMP_CONF_FILE}
+	echo -e "\tstats(freq(0));" >> ${TMP_CONF_FILE}
+	echo -e "\tflush_lines(0);" >> ${TMP_CONF_FILE}
+	echo -e "\tuse_fqdn(no);" >> ${TMP_CONF_FILE}
+	echo "};" >> ${TMP_CONF_FILE}
+
+}
+
+create_input_section() {
+	local tag="$1"
+	# the input in our case is always syslog, hence, this section of the
+	# fluent-bit.conf file has hardcoded values as well that do not depend
+	# on any uci value
+	echo -e "source $tag {" >> ${TMP_CONF_FILE}
+	echo -e "\tinternal();" >> ${TMP_CONF_FILE}
+	echo -e "\tunix-dgram("/dev/log");" >> ${TMP_CONF_FILE}
+	echo "};" >> ${TMP_CONF_FILE}
+}
+
+generate_facility_regex() {
+	local facility_level=$1
+
+	if [ "$facility_level" == "24" ]; then
+		# value 24 means all facility level, which is as good as not
+		# generating a filter section, so return
+		return
+	fi
+
+	# facility_level is a list value, hence, generate regex for
+	# each value
+	IFS=" "
+	for val in $facility_level; do
+		echo -e "\tfacility($val);" >> ${TMP_CONF_FILE}
+	done
+
+}
+
+generate_severity_regex() {
+	local sev_level="$1"
+	local sev_compare="$2"
+	local sev_action="$3"
+
+	if [ "$sev_compare" == "0" ]; then
+		case $sev_level in
+		"0") echo -e "\tlevel(emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"1") echo -e "\tlevel(alert)" >> ${TMP_CONF_FILE}
+		;;
+		"2") echo -e "\tlevel(crit)" >> ${TMP_CONF_FILE}
+		;;
+		"3") echo -e "\tlevel(err)" >> ${TMP_CONF_FILE}
+		;;
+		"4") echo -e "\tlevel(warning)" >> ${TMP_CONF_FILE}
+		;;
+		"5") echo -e "\tlevel(notice)" >> ${TMP_CONF_FILE}
+		;;
+		"6") echo -e "\tlevel(info)" >> ${TMP_CONF_FILE}
+		;;
+		"7") echo -e "\tlevel(debug)" >> ${TMP_CONF_FILE}
+		;;
+		esac
+	elif [ "$sev_compare" == "1" ]; then
+		# generate regex for all severity value greater than or equal to
+		# sev_level
+		case $sev_level in
+		"0") echo -e "\tlevel(emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"1") echo -e "\tlevel(alert..emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"2") echo -e "\tlevel(crit..emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"3") echo -e "\tlevel(err..emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"4") echo -e "\tlevel(warning..emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"5") echo -e "\tlevel(notice..emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"6") echo -e "\tlevel(info..emerg)" >> ${TMP_CONF_FILE}
+		;;
+		"7") echo -e "\tlevel(debug..emerg)" >> ${TMP_CONF_FILE}
+		;;
+		esac
+	fi
+}
+
+handle_filter_conf() {
+	local section="$1" # config filter
+	local filter_name="$2"
+	local name
+
+	# no need to proceed if name of filter section is not one of the values
+	# listed in option filter in config action section
+	config_get name $section name
+	if [ "$name" != "$filter_name" ]; then
+		return
+	fi
+	echo -e "filter $name {" >> ${TMP_CONF_FILE}
+
+	# as per data model, at a time either facility_level or severity_level can
+	# be specified along with pattern_match. hence, first process and generate
+	# regex for pattern_match which is common in both condition. Next, we will
+	# process facility_level and return if facility level is defined and not
+	# process severity related params at all.
+
+	local pattern_match
+	config_get pattern_match $section pattern_match
+	if [ -n "$pattern_match" ]; then
+		# the pattern here is in tag=>value pair, hence, break the pattern
+		# and fill this filed
+		local tag=$(echo $pattern_match | awk '{print $1}')
+		local value=$(echo $pattern_match | awk '{print $2}')
+		echo -e "\tmatch("$value" value("$tag"))" >> ${TMP_CONF_FILE}
+	fi
+
+	local facility_level
+	config_get facility_level $section facility_level
+
+	if [ -n "$facility_level" ]; then
+		generate_facility_regex $facility_level
+		# return from here since if facility_level is defined, then no
+		# need to process severity_level
+		echo "};" >> ${TMP_CONF_FILE}
+		return
+	fi
+
+	local sev_level
+	local sev_compare
+	local sev_action
+	config_get sev_level $section severity_level
+
+	if [ -n "$sev_level" ]; then
+		# value 1 of severity compare corresponds to data model
+		# and system default which is EqualorHigher
+		config_get sev_compare $section severity_compare 1
+		# value 0 of severity action corresponds to data model
+		# and system default that is log
+		config_get sev_action $section severity_action 0
+
+		generate_severity_regex $sev_level $sev_compare $sev_action
+	fi
+	echo "};" >> ${TMP_CONF_FILE}
+}
+
+handle_filter_ref() {
+	local filter_name="$1"
+	config_foreach handle_filter_conf filter "$filter_name"
+}
+
+handle_log_file() {
+	local section="$1" # out_file section
+	local match="$2"
+	local filter="$3"
+	local action_ref
+
+	config_get action_ref $section action
+	if [ "$action_ref" != "$match" ]; then
+		return
+	fi
+
+	local enabled
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
+		return
+	fi
+
+	local file
+	config_get file $section file
+	if [ -z "$file" ]; then
+		return
+	fi
+
+
+	echo -e "destination file_$match {" >> ${TMP_CONF_FILE}
+	echo -e "\tfile("$file");" >> ${TMP_CONF_FILE}
+	echo -e "};" >> ${TMP_CONF_FILE}
+
+	# now generate the log section for each action section to bring into effect
+	# the filter, destination, source sections create above
+	echo -e "log {" >> ${TMP_CONF_FILE}
+	echo -e "\tsource($tag);" >> ${TMP_CONF_FILE}
+	if [ -n "$filter" ]; then
+		IFS=" "
+		for finst in $filter; do
+			echo -e "\tfilter($finst);" >> ${TMP_CONF_FILE}
+		done
+	fi
+	echo -e "\tdestination(file_$match);" >> ${TMP_CONF_FILE} # log_file
+	echo -e "};" >> ${TMP_CONF_FILE} # close log section
+}
+
+handle_log_remote() {
+	local section="$1"
+	local match="$2"
+	local filter="$3"
+	local action_ref
+
+	config_get action_ref $section action
+	if [ "$action_ref" != "$match" ]; then
+		return
+	fi
+
+	local enabled
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
+		return
+	fi
+
+
+	local address
+	config_get address $section log_ip
+	if [ -z "$address" ]; then
+		return
+	fi
+
+	echo -e "destination remote_$match {" >> ${TMP_CONF_FILE}
+	echo -e "\tsyslog(" >> ${TMP_CONF_FILE}
+	echo -e "\t\t"$address"" >> ${TMP_CONF_FILE}
+
+	local proto # holds value tcp or udp
+	config_get proto $section proto
+	if [ -n "$proto" ]; then
+		echo -e "\t\ttransport($proto)" >> ${TMP_CONF_FILE}
+	fi
+
+	local port
+	config_get port $section port
+	if [ -n "$port" ]; then
+		echo -e "\t\tport($port)" >> ${TMP_CONF_FILE}
+	fi
+
+	local cert
+	local peer_verify
+	config_get cert $section cert
+	if [ -n "$cert" ]; then
+		echo -e "\t\ttls(" >> ${TMP_CONF_FILE}
+		echo -e "\t\t\tcert-file($cert)" >> ${TMP_CONF_FILE}
+
+		config_get peer_verify $section peer_verify
+		if [ "$peer_verify" == "1" ]; then
+			echo -e "\t\t\tpeer-verify(required-trusted)" >> ${TMP_CONF_FILE}
+		fi
+		echo -e "\t\t)" >> ${TMP_CONF_FILE} # close tls section
+	fi
+	echo -e "\t);" >> ${TMP_CONF_FILE} # close syslog section
+	echo -e "};" >> ${TMP_CONF_FILE} # close destination section
+
+	# now generate the log section for each action section to bring into effect
+	# the filter, destination, source sections create above
+	echo -e "log {" >> ${TMP_CONF_FILE}
+	echo -e "\tsource($tag);" >> ${TMP_CONF_FILE}
+	if [ -n "$filter" ]; then
+		IFS=" "
+		for finst in $filter; do
+			echo -e "\tfilter($finst);" >> ${TMP_CONF_FILE}
+		done
+	fi
+	echo -e "\tdestination(remote_$match);" >> ${TMP_CONF_FILE} # log_file
+	echo -e "};" >> ${TMP_CONF_FILE} # close log section
+}
+
+handle_action() {
+	local section="$1"
+
+	local filter
+	config_get filter $section filter
+
+	# use config action option name as tag for input
+	local tag
+	config_get tag $section name
+	if [ -z "$tag" ]; then
+		return
+	fi
+
+	create_input_section $tag
+	if [ -n "$filter" ]; then
+		IFS=" "
+		for finst in $filter; do
+			handle_filter_ref $finst
+		done
+	fi
+
+	# handle output, each action can be associated with a out_log and out_syslog
+	# section so figure out if any out_log or out_syslog section is associated
+	# with this and action and setup output accordingly.
+	config_foreach handle_log_file log_file "$tag" "$filter"
+	config_foreach handle_log_remote log_remote "$tag" "$filter"
+}
+
+handle_action_section() {
+	config_foreach handle_action action
+}
+
+apply_config_file() {
+	cp ${TMP_CONF_FILE} ${CONF_FILE}
+}
+
+PROG=/usr/sbin/syslog-ng-ctl
+
+logmngr_init() {
+	create_config_file
+
+	config_load logmngr
+	local enabled
+	config_get enabled globals enable
+
+	if [ "$enabled" == "0" ]; then
+		return
+	fi
+
+	create_option_section
+	handle_action_section
+	apply_config_file
+
+	if [ -f /lib/logmngr/logrotate.sh ]; then
+		logrotate_init
+	fi
+
+	procd_open_instance logmngr
+	procd_set_param command $PROG reload
+	procd_close_instance
+}

logmngr/files/logmngr.init

@@ -0,0 +1,16 @@
+#!/bin/sh /etc/rc.common
+
+START=12
+STOP=89
+USE_PROCD=1
+
+. /lib/functions.sh
+include /lib/logmngr
+
+start_service() {
+	logmngr_init
+}
+
+service_triggers() {
+	procd_add_reload_trigger logmngr
+}

logmngr/files/logread

@@ -0,0 +1,108 @@
+#!/bin/sh
+# Shell script compatibility wrapper for /sbin/logread
+#
+# Copyright (C) 2019 Dirk Brenken <dev@brenken.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+. /lib/functions.sh
+
+# use /var/log/messages as default
+logfile="/var/log/messages"
+
+
+handle_log_file() {
+	local section="$1"
+
+	local enabled
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
+		return
+	fi
+
+	local file
+	config_get file $section file
+	if [ -z "$file" ]; then
+		return
+	fi
+
+	logfile="$file"
+}
+
+config_load logmngr
+config_get logmngr_enabled globals enable
+if [ "$logmngr_enabled" == "0" ]; then
+	printf "%s\n" "Error: logmngr is not enabled!"
+	exit 2
+fi
+
+# treat the last enabled log_file as logfile
+config_foreach handle_log_file log_file
+
+if [ ! -f "${logfile}" ]
+then
+	printf "%s\n" "Error: logfile $logfile not found!"
+	exit 2
+fi
+
+usage()
+{
+	printf "%s\n" "Usage: logread [options]"
+	printf "%s\n" "Options:"
+	printf "%5s %-10s%s\n" "-l" "<count>" "Got only the last 'count' messages"
+	printf "%5s %-10s%s\n" "-e" "<pattern>" "Filter messages with a regexp"
+	printf "%5s %-10s%s\n" "-f" "" "Follow log messages"
+	printf "%5s %-10s%s\n" "-h" "" "Print this help message"
+}
+
+if [ -z "${1}" ]
+then
+	cat "${logfile}"
+	exit 0
+else
+	while [ "${1}" ]
+	do
+		case "${1}" in
+			-l)
+				shift
+				count="${1//[^0-9]/}"
+				tail -n "${count:-50}" "${logfile}"
+				exit 0
+				;;
+			-e)
+				shift
+				pattern="${1}"
+				grep -E "${pattern}" "${logfile}"
+				exit 0
+				;;
+			-f)
+				tail -f "${logfile}"
+				exit 0
+				;;
+			-fe)
+				shift
+				pattern="${1}"
+				tail -f "${logfile}" | grep -E "${pattern}"
+				exit 0
+				;;
+			-h|*)
+				usage
+				exit 1
+				;;
+		esac
+		shift
+	done
+fi

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.1.1.6
+PKG_VERSION:=6.1.1.9
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=775f7d6316b980fba90c837ff483af914d546500
+PKG_SOURCE_VERSION:=8779b993dc8075aa48525340b9e86e13fa7ac54b
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/lib/multiap/map_genconfig

@@ -86,6 +86,12 @@ generate_multiap_config() {
 			[ "$disable_mlo" == "1" ] || {
 				uci set wireless.$dev.mlo="1"
 				uci set wireless.$dev.mlo_capable="1"
+
+				# Prevent driver crash for extender - remove it after fix
+				[ "$network_mode" == "extender" -a "$mode_band" == "6" ] && {
+					uci set wireless.$dev.mlo="0"
+					uci set wireless.$dev.mlo_capable="0"
+				}
 				uci commit wireless
 
 				# Disable for MLD/MLO

mcastmngr/Makefile

@@ -49,21 +49,7 @@ define Package/mcastmngr/install
 ifneq ($(CONFIG_TARGET_brcmbca),)
 	$(CP) ./files/broadcom/* $(1)/
 else
-	$(INSTALL_DIR) $(1)/lib
-	$(INSTALL_DIR) $(1)/lib/mcast
-	$(INSTALL_DIR) $(1)/usr
-	$(INSTALL_DIR) $(1)/usr/libexec
-	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
-	$(INSTALL_DIR) $(1)/etc
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./files/linux/usr/libexec/rpcd/mcast $(1)/usr/libexec/rpcd/
-	$(INSTALL_BIN) ./files/linux/etc/uci-defaults/60-mcast_config_generate $(1)/etc/uci-defaults/
-ifneq ($(CONFIG_FIREWALLMNGR_BACKEND_FIREWALLMNGR),y)
-	$(INSTALL_BIN) ./files/linux/etc/firewall.mcast $(1)/etc/
-	$(INSTALL_BIN) ./files/linux/lib/mcast/linux.sh $(1)/lib/mcast/
-else
-	$(INSTALL_BIN) ./files/linux/lib/mcast/mcast_backend_firewallmngr/linux.sh $(1)/lib/mcast/
-endif
+	$(CP) ./files/linux/* $(1)/
 endif
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/bbf_plugin/libmcast_bbf.so $(1) $(PKG_NAME)
 endef

mcastmngr/files/linux/lib/mcast/mcast_backend_firewallmngr/linux.sh

@@ -1,468 +0,0 @@
-#!/bin/sh
-
-. /lib/mcast/common.sh
-. /lib/functions/network.sh
-
-include /lib/network
-
-CONFFILE=
-PROG_EXE=/usr/sbin/mcproxy
-PROG_PARAMS=
-PROG_PARAMS_SEPARATOR=:
-
-snooping_bridges=
-
-
-__device_is_bridge() {
-	local device="$2"
-	local devsec__="$(uci show network | grep -F ".name='$device'" | cut -d'.' -f2)"
-	local sectype="$(uci -q get network.$devsec__)"
-	local devtype="$(uci -q get network.$devsec__.type)"
-	[ "$sectype" != "device" -o "$devtype" != "bridge" ] && return 1
-	eval "$1=$devsec__"
-}
-
-device_is_bridge() {
-	local device="$1"
-	local devsec=
-	__device_is_bridge devsec "$device" || return 1
-}
-
-device_ports() {
-	local device="$1"
-	local devsec=
-
-	if __device_is_bridge devsec "$device"; then
-		echo "$(uci get network.$devsec.ports)"
-	else
-		echo "$device"
-	fi
-}
-
-device_has_ip() {
-	local protocol="$1"
-	local device="$2"
-
-	# Read the openwrt interface for the device.
-	# Device can have multiple logical interfaces like wan and wan6
-	# but same l3 device
-	local ifaces=$(ubus call network.interface dump | jsonfilter -e "@.interface[@.device='$device'].interface")
-	for iface in $ifaces; do
-		local ip=
-		case "$protocol" in
-			"igmp") network_get_ipaddr ip "$iface" ;;
-			"mld") network_get_ipaddr6 ip "$iface" ;;
-		esac
-		[ -n "$ip" ] && return
-	done
-
-	return 1
-}
-
-config_mcproxy_interfaces() {
-	local protocol="$1"
-	local upstreams="$2"
-	local downstreams="$3"
-	local exceptions="$4"
-
-	if [ -z "$upstreams" ] || [ -z "$downstreams" ]; then
-		return 1
-	fi
-
-	local str_up=""
-	for upstream in $upstreams; do
-		device_has_ip "$protocol" "$upstream" || continue
-		str_up="$str_up \"$upstream\""
-	done
-	[ -z "$str_up" ] && return 1
-
-	local str_down=""
-	for downstream in $downstreams; do
-		device_has_ip "$protocol" "$downstream" || continue
-		str_down="$str_down \"$downstream\""
-	done
-	[ -z "$str_down" ] && return 1
-
-	echo -e "pinstance main:$str_up ==>$str_down;\n" >> $CONFFILE
-
-	for excp in $exceptions; do
-		local filter=""
-
-		case $excp in
-		*/*)
-			ip_start="$(ipcalc.sh $excp | grep IP | awk '{print substr($0,4)}')"
-			ip_end="$(ipcalc.sh $excp | grep BROADCAST | awk '{print substr($0,11)}')"
-			filter="$filter ($ip_start - $ip_end | *)"
-			;;
-		*)
-			filter="$filter ($excp | *)"
-			;;
-		esac
-
-		for upstream in $str_up; do
-			echo "pinstance main upstream $upstream in blacklist table{$filter };" >> $CONFFILE
-			echo "pinstance main upstream $upstream out blacklist table{$filter };" >> $CONFFILE
-		done
-
-		for downstream in $str_down; do
-			echo "pinstance main downstream $downstream in blacklist table{$filter };" >> $CONFFILE
-			echo "pinstance main downstream $downstream out blacklist table{$filter };" >> $CONFFILE
-		done
-	done
-}
-
-config_sysfs_mcast_snooping() {
-	local downstreams="$1"
-	local snooping="$2"
-
-	for downstream in $downstreams; do
-		if device_is_bridge "$downstream"; then
-			echo 0 > /sys/class/net/$downstream/bridge/multicast_snooping
-			echo $snooping > /sys/class/net/$downstream/bridge/multicast_snooping
-		fi
-	done
-}
-
-config_sysfs_mcast_fastleave() {
-	local downstreams="$1"
-	local fastleave="$2"
-	local prt
-
-	for downstream in $downstreams; do
-		for prt in $(device_ports $downstream); do
-			if [ -f  /sys/class/net/$prt/brport/multicast_fast_leave ]; then
-				echo $fastleave > /sys/class/net/$prt/brport/multicast_fast_leave
-			fi
-		done
-	done
-}
-
-config_sysfs_mcast_version() {
-	local protocol="$1"
-	local interfaces="$2"
-	local version="$3"
-
-	for iface in $interfaces; do
-		echo $version > /sys/class/net/$iface/bridge/multicast_"$protocol"_version
-	done
-}
-
-config_sysfs_mcast_robustness() {
-	local interfaces="$1"
-	local robustness="$2"
-
-	for iface in $interfaces; do
-		echo $robustness > /sys/class/net/$iface/bridge/multicast_last_member_count
-	done
-}
-
-config_sysfs_mcast_query_interval() {
-	local interfaces="$1"
-	local query_interval="$2"
-
-	for iface in $interfaces; do
-		echo $query_interval > /sys/class/net/$iface/bridge/multicast_query_interval
-	done
-}
-
-config_sysfs_mcast_q_resp_interval() {
-	local interfaces="$1"
-	local q_resp_interval="$2"
-
-	for iface in $interfaces; do
-		echo $q_resp_interval > /sys/class/net/$iface/bridge/multicast_query_response_interval
-	done
-}
-
-config_sysfs_mcast_last_mem_q_int() {
-	local interfaces="$1"
-	local last_mem_q_int="$2"
-
-	for iface in $interfaces; do
-		echo $last_mem_q_int > /sys/class/net/$iface/bridge/multicast_last_member_interval
-	done
-}
-
-config_sysfs_mcast_flood() {
-	local downstreams=$1
-	local mcast_mode=$2
-	local prt
-
-	local mcast_flood=
-	if [ $mcast_mode == "2" ]; then # disable mcast flood
-		mcast_flood=0
-	else
-		mcast_flood=1
-	fi
-
-	for downstream in $downstreams; do
-		for prt in $(device_ports $downstream); do
-			if [ -f  /sys/class/net/$prt/brport/multicast_flood ]; then
-				echo $mcast_flood > /sys/class/net/$prt/brport/multicast_flood
-			fi
-		done
-	done
-}
-
-config_snooping_mode() {
-	local interfaces="$1"
-	local snooping="$2"
-
-	# snooping_mode:
-	#  0 - snooping is disabled
-	#  1 - multicast flood is enabled
-	#  2 - multicast flood is disabled
-	[ -z "$snooping_mode" ] && snooping_mode=2
-
-	if [ "$snooping_mode" == 0 ]; then
-		config_sysfs_mcast_snooping "$interfaces" 0
-	else
-		config_sysfs_mcast_snooping "$interfaces" 1
-	fi
-
-	config_sysfs_mcast_flood "$interfaces" "$snooping_mode"
-}
-
-config_mcproxy_instance() {
-	local protocol="$1"
-	local version="$2"
-
-	local robustness=
-	local query_interval=
-	local q_resp_interval=
-	local last_mem_q_int=
-	local fast_leave=0
-	local exceptions=
-	local upstreams=
-	local downstreams=
-	local mcast_mode=2 # default value 2 is for blocking mode
-
-	CONFFILE=/var/etc/mcproxy_"$protocol".conf
-	rm -f $CONFFILE
-	touch $CONFFILE
-
-	if [ "$protocol" == "igmp" ]; then
-		case "$version" in
-			[1-3])
-				echo -e "protocol IGMPv${version};\n" >> $CONFFILE
-				;;
-			*)
-				echo -e "protocol IGMPv2;\n" >> $CONFFILE
-				;;
-		esac
-
-		robustness=$igmp_p_robustness
-		query_interval=$igmp_query_interval
-		q_resp_interval=$igmp_q_resp_interval
-		last_mem_q_int=$igmp_last_mem_q_int
-		fast_leave=$igmp_fast_leave
-		exceptions=$igmp_p_exceptions
-
-		upstreams=$igmp_p_up_interfaces
-		downstreams=$igmp_p_down_interfaces
-		mcast_mode=$igmp_p_mode
-
-	elif [ "$protocol" == "mld" ]; then
-		case "$version" in
-			[1-2])
-				echo -e "protocol MLDv${version};\n" >> $CONFFILE
-				;;
-			*)
-				echo -e "protocol MLDv2;\n" >> $CONFFILE
-				;;
-		esac
-
-		robustness=$mld_p_robustness
-		query_interval=$mld_query_interval
-		q_resp_interval=$mld_q_resp_interval
-		last_mem_q_int=$mld_last_mem_q_int
-		fast_leave=$mld_fast_leave
-		exceptions=$mld_p_exceptions
-
-		upstreams=$mld_p_up_interfaces
-		downstreams=$mld_p_down_interfaces
-		mcast_mode=$mld_p_mode
-	fi
-
-	[ -n "$max_groups" ] && echo -e "max_groups $max_groups;" >> $CONFFILE
-	[ -n "$robustness" ] && echo -e "rv $robustness;" >> $CONFFILE
-	[ -n "$query_interval" ] && echo -e "qi $query_interval;" >> $CONFFILE
-	[ -n "$q_resp_interval" ] && echo -e "qri $q_resp_interval;" >> $CONFFILE
-	[ -n "$last_mem_q_int" ] && echo -e "lmqi $last_mem_q_int;" >> $CONFFILE
-	[ -n "$fast_leave" ] && echo -e "fastleave $fast_leave;\n" >> $CONFFILE
-
-	config_mcproxy_interfaces "$protocol" "$upstreams" "$downstreams" "$exceptions" || return
-
-	# for snooping to work we should enable it on the bridge, doing it from
-	# here instead of from inside network config
-	if [ "$downstreams" != "$snooping_bridges" ]; then
-		if [ "$mcast_mode" == "0" ]; then
-			config_sysfs_mcast_snooping "$downstreams" 0
-		else
-			config_sysfs_mcast_snooping "$downstreams" 1
-		fi
-
-		[ -n $fast_leave ] &&
-			config_sysfs_mcast_fastleave "$downstreams" "$fast_leave"
-		config_sysfs_mcast_flood "$downstreams" "$mcast_mode"
-	fi
-
-	PROG_PARAMS="${PROG_PARAMS} -f ${CONFFILE}${PROG_PARAMS_SEPARATOR}"
-}
-
-disable_snooping_iface() {
-	local iface="$(uci -q get network.$1.name)"
-	config_sysfs_mcast_snooping "$iface" 0
-}
-
-disable_snooping() {
-	config_load network
-	config_foreach disable_snooping_iface device
-}
-
-config_snooping() {
-	local protocol="$1"
-
-	local version=
-	local robustness=
-	local query_interval=
-	local q_resp_interval=
-	local last_mem_q_int=
-	local fast_leave=0
-	local snooping_mode=
-	local interfaces=
-
-	local HZ=100
-
-	local all_interfaces=
-	if [ "$protocol" == "igmp" ]; then
-		all_interfaces=$igmp_s_iface
-	elif [ "$protocol" == "mld" ]; then
-		all_interfaces=$mld_s_iface
-	fi
-	for iface in $all_interfaces; do
-		device_is_bridge "$iface" || continue
-		interfaces="$interfaces $iface"
-	done
-	[ -z "$interfaces" ] && return
-	snooping_bridges="$interfaces"
-
-	if [ "$protocol" == "igmp" ]; then
-		case "$igmp_s_version" in
-			[1-3])
-				version="$igmp_s_version"
-				;;
-			*)
-				version="2"
-				;;
-		esac
-
-		robustness=$igmp_s_robustness
-		query_interval=$(( igmp_s_query_interval * HZ ))
-		q_resp_interval=$(( igmp_s_q_resp_interval * HZ / 10 ))
-		last_mem_q_int=$(( igmp_s_last_mem_q_int * HZ / 10 ))
-		fast_leave=$igmp_s_fast_leave
-		snooping_mode=$igmp_s_mode
-	elif [ "$protocol" == "mld" ]; then
-		case "$mld_s_version" in
-			[1-2])
-				version="$mld_s_version"
-				;;
-			*)
-				version="2"
-				;;
-		esac
-
-		robustness=$mld_s_robustness
-		query_interval=$(( mld_s_query_interval * HZ ))
-		q_resp_interval=$(( mld_s_q_resp_interval * HZ / 10 ))
-		last_mem_q_int=$(( mld_s_last_mem_q_int * HZ / 10 ))
-		fast_leave=$mld_s_fast_leave
-		snooping_mode=$mld_s_mode
-	fi
-
-	config_snooping_mode "$interfaces" "$snooping_mode"
-
-	[ -n "$version" ] && config_sysfs_mcast_version "$protocol" "$interfaces" "$version"
-	[ -n "$robustness" ] && config_sysfs_mcast_robustness "$interfaces" "$robustness"
-	[ -n "$query_interval" ] && config_sysfs_mcast_query_interval "$interfaces" "$query_interval"
-	[ -n "$q_resp_interval" ] && config_sysfs_mcast_q_resp_interval "$interfaces" "$q_resp_interval"
-	[ -n "$last_mem_q_int" ] && config_sysfs_mcast_last_mem_q_int "$interfaces" "$last_mem_q_int"
-	[ -n "$fast_leave" ] && config_sysfs_mcast_fastleave "$interfaces" "$fast_leave"
-}
-
-config_mcproxy() {
-	disable_snooping
-	if [ "$igmp_p_enable" == "1" ]; then
-		config_mcproxy_instance igmp "$igmp_p_version"
-	elif [ "$igmp_s_enable" == "1" ]; then
-		config_snooping igmp "$igmp_s_version"
-	fi
-
-	if [ "$mld_p_enable" == "1" ]; then
-		config_mcproxy_instance mld "$mld_p_version"
-	elif [ "$mld_s_enable" == "1" ]; then
-		config_snooping mld "$mld_s_version"
-	fi
-}
-
-setup_mcast_mode() {
-	:
-}
-
-remove_mcast_rules() {
-	config_get name "$1" name
-
-	if [ "$name" = "Allow-Multicast-UDP" ]; then
-		uci delete firewallmngr."$1"
-	fi
-}
-
-create_mcast_firewallngr_rules() {
-        local src="wan"
-        local dst="lan"
-        local dest_ip="224.0.0.0/240.0.0.0"
-        local name="Allow-Multicast-UDP"
-        local target="accept"
-	local active_chain=""
-
-	firewallmngr_get_active_chain() {
-		config_get creator "$1" creator
-		[ "$creator" = "PortMapping" ] && return
-
-		config_get enable "$1" enable
-		if [ -n "$enable" ] && [ "$enable" = "1" ]; then
-			config_get active_chain "$1" name
-		fi
-	}
-	config_load firewallmngr
-	config_foreach remove_mcast_rules rule
-
-        sec=$(uci add firewallmngr rule)
-	uci set firewallmngr."$sec".enable="1"
-	uci set firewallmngr."$sec".chain="$active_chain"
-	uci set firewallmngr."$sec".name="$name"
-	uci set firewallmngr."$sec".src="$src"
-	uci set firewallmngr."$sec".dest="$dst"
-	uci set firewallmngr."$sec".dest_ip="$dest_ip"
-	uci set firewallmngr."$sec".family="4"
-	uci set firewallmngr."$sec".proto="17"
-	uci set firewallmngr."$sec".target="$target"
-        uci rename firewallmngr."$sec"="fwmngr_rule_mcast"
-
-	uci commit firewallmngr
-}
-
-configure_mcast() {
-	create_mcast_firewallngr_rules
-	config_global_params "set_max_groups_and_sources"
-
-	read_mcast_snooping_params
-	read_mcast_proxy_params
-	config_mcproxy
-
-	if [ -z "${PROG_PARAMS}" ]; then
-		exit 0
-	fi
-}
-

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=8.0.1.11
+PKG_VERSION:=8.0.5.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=cfa6c48dea74707e098b09745b2c9f989accd714
+PKG_SOURCE_VERSION:=eb7bddb8c0bd00b7e5d33daa9d51725309ac50b9
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

obuspa/patches/0001-validate-controller-mtp.patch

@@ -1,23 +1,19 @@
-diff --git a/src/core/device.h b/src/core/device.h
-index 5e367b7..db154a5 100644
 --- a/src/core/device.h
 +++ b/src/core/device.h
-@@ -330,6 +330,10 @@ int DEVICE_MTP_ValidateMqttReference(dm_req_t *req, char *value);
- void DEVICE_CONTROLLER_SetRolesFromMqtt(int mqtt_instance, int role_instance);
- char *DEVICE_CONTROLLER_GetControllerTopic(int mqtt_instance);
+@@ -336,6 +336,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
+ int DEVICE_CONTROLLER_CountEnabledWebsockClientConnections(void);
+ #endif
  
 +#ifdef OBUSPA_CONTROLLER_MTP_VERIFY
-+bool DEVICE_CONTROLLER_IsMTPAllowed(char *endpoint_id, mtp_reply_to_t *mrt);
++bool DEVICE_CONTROLLER_IsMTPAllowed(char *endpoint_id, mtp_conn_t *mpc);
 +#endif
 +
  #ifndef REMOVE_USP_BROKER
  int DEVICE_SUBSCRIPTION_RouteNotification(Usp__Msg *usp, int instance);
  bool DEVICE_SUBSCRIPTION_MarkVendorLayerSubs(int broker_instance, subs_notify_t notify_type, char *path, int group_id);
-diff --git a/src/core/device_controller.c b/src/core/device_controller.c
-index 97ca11d..19c91f1 100644
 --- a/src/core/device_controller.c
 +++ b/src/core/device_controller.c
-@@ -952,6 +952,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage(mtp_send_item_t *msi, char *endpoint_id
+@@ -967,6 +967,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
      return USP_ERR_OK;
  }
  
@@ -30,12 +26,12 @@ index 97ca11d..19c91f1 100644
 +** This function is used by ValidateUspRecord() to determine whether to process a received USP message
 +**
 +** \param   endpoint_id - Endpoint ID of controller that sent a USP message
-+** \param   mrt - pointer to structure specifying on which MTP the message was received
++** \param   mpc - pointer to structure specifying on which MTP the message was received
 +**
 +** \return  true if the MTP is allowed, false otherwise
 +**
 +**************************************************************************/
-+bool DEVICE_CONTROLLER_IsMTPAllowed(char *endpoint_id, mtp_reply_to_t *mrt)
++bool DEVICE_CONTROLLER_IsMTPAllowed(char *endpoint_id, mtp_conn_t *mpc)
 +{
 +    controller_t *cont = FindEnabledControllerByEndpointId(endpoint_id);
 +    controller_mtp_t *mtp;
@@ -46,18 +42,18 @@ index 97ca11d..19c91f1 100644
 +        return false;
 +    }
 +
-+    mtp = FindFirstEnabledMtp(cont, mrt->protocol);
++    mtp = FindFirstEnabledMtp(cont, mpc->protocol);
 +
 +#ifdef ENABLE_WEBSOCKETS
 +    // Allow websocket server if no other MTP is configured
-+    if ((mrt->protocol == kMtpProtocol_WebSockets) && (mrt->wsserv_conn_id != INVALID))
++    if ((mpc->protocol == kMtpProtocol_WebSockets) && (mpc->ws.serv_conn_id != INVALID))
 +    {
 +        return mtp == NULL;
 +    }
 +#endif
 +
 +    // Disallow if there is no MTP configured with matching protocol
-+    if ((mtp == NULL) || (mtp->protocol != mrt->protocol))
++    if ((mtp == NULL) || (mtp->protocol != mpc->protocol))
 +    {
 +        return false;
 +    }
@@ -67,7 +63,7 @@ index 97ca11d..19c91f1 100644
 +    {
 +#ifndef DISABLE_STOMP
 +        case kMtpProtocol_STOMP:
-+            return mtp->stomp_connection_instance == mrt->stomp_instance;
++            return mtp->stomp_connection_instance == mpc->stomp.instance;
 +#endif
 +
 +#ifdef ENABLE_COAP
@@ -77,12 +73,12 @@ index 97ca11d..19c91f1 100644
 +
 +#ifdef ENABLE_MQTT
 +        case kMtpProtocol_MQTT:
-+            return mtp->mqtt_connection_instance == mrt->mqtt_instance;
++            return mtp->mqtt_connection_instance == mpc->mqtt.instance;
 +#endif
 +
 +#ifdef ENABLE_WEBSOCKETS
 +        case kMtpProtocol_WebSockets:
-+            return (mrt->wsclient_cont_instance == cont->instance) && (mrt->wsclient_mtp_instance == mtp->instance);
++            return (mpc->ws.client_cont_instance == cont->instance) && (mpc->ws.client_mtp_instance == mtp->instance);
 +#endif
 +        default:
 +            TERMINATE_BAD_CASE(mtp->protocol);
@@ -96,17 +92,15 @@ index 97ca11d..19c91f1 100644
  /*********************************************************************//**
  **
  ** DEVICE_CONTROLLER_IsMTPConfigured
-diff --git a/src/core/msg_handler.c b/src/core/msg_handler.c
-index 2a04d39..0b3074b 100644
 --- a/src/core/msg_handler.c
 +++ b/src/core/msg_handler.c
-@@ -1206,6 +1206,15 @@ int ValidateUspRecord(UspRecord__Record *rec, mtp_conn_t *mtpc)
+@@ -1210,6 +1210,15 @@ int ValidateUspRecord(UspRecord__Record
      usp_service_instance = USP_BROKER_GetUspServiceInstance(rec->from_id, 0);
  #endif
  
 +#ifdef OBUSPA_CONTROLLER_MTP_VERIFY
 +    // Exit if the controller is not allowed to use the MTP on which the message was received
-+    if (DEVICE_CONTROLLER_IsMTPAllowed(rec->from_id, mrt) == false)
++    if (DEVICE_CONTROLLER_IsMTPAllowed(rec->from_id, mtpc) == false)
 +    {
 +        USP_ERR_SetMessage("%s: Ignoring message from endpoint_id=%s (unauthorized MTP)", __FUNCTION__, rec->from_id);
 +        return USP_ERR_PERMISSION_DENIED;

obuspa/patches/0002-supress-group-get-error.patch

@@ -1,6 +1,6 @@
 --- a/src/core/cli_server.c
 +++ b/src/core/cli_server.c
-@@ -758,10 +758,6 @@ int ExecuteCli_Get(char *arg1, char *arg
+@@ -785,10 +785,6 @@ int ExecuteCli_Get(char *arg1, char *arg
              USP_ASSERT(gge->value != NULL);
              SendCliResponse("%s => %s\n", gge->path, gge->value);
          }
@@ -11,36 +11,3 @@
      }
  
      GROUP_GET_VECTOR_Destroy(&ggv);
---- a/src/core/handle_get.c
-+++ b/src/core/handle_get.c
-@@ -260,26 +260,16 @@ void FormPathExprResponse(int get_expr_i
-         return;
-     }
- 
--    // If there was an error in getting any of the parameters associated with the path expression,
--    // then just add the first error, without any of the parameter values, for this path expression result
--    for (i=0; i < gi->num_entries; i++)
--    {
--        gge = &ggv->vector[gi->index + i];
--        if (gge->err_code != USP_ERR_OK)
--        {
--            (void)AddGetResp_ReqPathRes(resp, path_expr, gge->err_code, gge->err_msg);
--            return;
--        }
--    }
--
-     // If the code gets here, then the value of all parameters were retrieved successfully, so add their values to the result_params
-     req_path_result = AddGetResp_ReqPathRes(resp, path_expr, USP_ERR_OK, "");
-     for (i=0; i < gi->num_entries; i++)
-     {
-         gge = &ggv->vector[gi->index + i];
- 
--        // Simple format contains a resolved_path_result for every object (and sub object)
--        AddResolvedPathResult(req_path_result, gge->path, gge->value);
-+        if (gge->err_code == USP_ERR_OK) {
-+            // Simple format contains a resolved_path_result for every object (and sub object)
-+            AddResolvedPathResult(req_path_result, gge->path, gge->value);
-+	}
-     }
- }
- 

obuspa/patches/0008-fix_cmake_warning.patch

@@ -1,10 +0,0 @@
---- a/src/protobuf-c/protobuf-c.c
-+++ b/src/protobuf-c/protobuf-c.c
-@@ -1926,6 +1926,7 @@ repeated_field_pack_to_buffer(const Prot
- 		buffer->append(buffer, rv, scratch);
- 		tmp = pack_buffer_packed_payload(field, count, array, buffer);
- 		assert(tmp == payload_len);
-+		(void)tmp; // Keep cmake production build happy
- 		return rv + payload_len;
- 	} else {
- 		size_t siz;

obuspa/patches/0011-max_controllers.patch

@@ -1,6 +1,6 @@
 --- a/src/core/mqtt.c
 +++ b/src/core/mqtt.c
-@@ -233,6 +233,8 @@ void HandleMqttDisconnect(mqtt_client_t
+@@ -241,6 +241,8 @@ void AddConnackSubscription(mqtt_client_
  #define DEFINE_MQTT_TrustCertVerifyCallbackIndex(index) \
  int MQTT_TrustCertVerifyCallback_##index (int preverify_ok, X509_STORE_CTX *x509_ctx) \
  {\
@@ -9,7 +9,7 @@
      return DEVICE_SECURITY_TrustCertVerifyCallbackWithCertChain(preverify_ok, x509_ctx, &mqtt_clients[index].cert_chain);\
  }
  
-@@ -243,6 +245,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
+@@ -251,6 +253,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(2);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(3);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(4);
@@ -21,7 +21,7 @@
  // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
  
  //------------------------------------------------------------------------------------
-@@ -253,10 +260,15 @@ ssl_verify_callback_t* mqtt_verify_callb
+@@ -261,10 +268,15 @@ ssl_verify_callback_t* mqtt_verify_callb
      MQTT_TrustCertVerifyCallbackIndex(2),
      MQTT_TrustCertVerifyCallbackIndex(3),
      MQTT_TrustCertVerifyCallbackIndex(4),

obuspa/patches/0012-check_mqtt_host_alive.patch

@@ -1,102 +0,0 @@
---- a/src/core/mqtt.c
-+++ b/src/core/mqtt.c
-@@ -63,6 +63,8 @@
- 
- #include <mosquitto.h>
- 
-+#include <curl/curl.h>
-+
- // Defines for MQTT Property Values
- #define PUBLISH 0x30
- #define CONTENT_TYPE 3
-@@ -2192,6 +2194,75 @@ exit:
-     }
- }
- 
-+static int _check_host_rechability(CURL *handle, curl_infotype type, char *data, size_t size, void *userp)
-+{
-+    bool *palive = (bool *)userp;
-+
-+    USP_ASSERT(palive != NULL);
-+    switch(type) {
-+        case CURLINFO_HEADER_OUT:
-+        case CURLINFO_HEADER_IN:
-+            *palive = true;
-+            break;
-+        case CURLINFO_TEXT:
-+        {
-+            USP_LOG_Debug("CURL DATA:: [%s]", data);
-+            if (strstr(data, "Connected to ") != NULL) {
-+                *palive = true;
-+            }
-+            break;
-+        }
-+        default:
-+            break;
-+    }
-+
-+    return 0;
-+}
-+
-+int check_mqtt_host_reachability(mqtt_client_t *client)
-+{
-+    CURL *curl;
-+    mqtt_conn_params_t *cparam = &client->conn_params;
-+    char buffer[128] = {0};
-+    int ret = USP_ERR_INTERNAL_ERROR;
-+    bool is_alive = false;
-+
-+    curl = curl_easy_init();
-+    if(curl) {
-+        USP_SNPRINTF(buffer, 128, "mqtt://%s:%d", cparam->host, cparam->port);
-+        curl_easy_setopt(curl, CURLOPT_URL, buffer);
-+
-+        if (strlen(cparam->username) > 0) {
-+            curl_easy_setopt(curl, CURLOPT_USERNAME, cparam->username);
-+        }
-+
-+        if (strlen(cparam->password) > 0) {
-+            curl_easy_setopt(curl, CURLOPT_PASSWORD, cparam->password);
-+        }
-+
-+        curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-+        curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &is_alive);
-+        curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, _check_host_rechability);
-+
-+        /* complete within 2 seconds */
-+        curl_easy_setopt(curl, CURLOPT_TIMEOUT, 2L);
-+
-+        ret = curl_easy_perform(curl);
-+        /* Check for errors */
-+        if(ret == CURLE_OK || ret == CURLE_URL_MALFORMAT || is_alive == true) {
-+            USP_LOG_Debug("CURL MQTT host %s, ret %d, alive %d ...", buffer, ret, is_alive);
-+            ret = USP_ERR_OK;
-+        } else {
-+            USP_LOG_Info("# CURL MQTT host %s unreachable: %d=>%s ...", buffer, ret, curl_easy_strerror(ret));
-+        }
-+
-+        /* always cleanup */
-+        curl_easy_cleanup(curl);
-+    }
-+
-+    return ret;
-+}
-+
- /*********************************************************************//**
- **
- ** PerformMqttClientConnect
-@@ -2261,6 +2332,14 @@ int PerformMqttClientConnect(mqtt_client
-         keep_alive = 5;
-     }
- 
-+    // Below function is a workaround to check the host reachability with a timeout
-+    // mosquitto_connect_* API block the thread for 2 mins if host is not reachable,
-+    // which halts other clients connectivity
-+    err = check_mqtt_host_reachability(client);
-+    if (err != USP_ERR_OK) {
-+        err = USP_ERR_INTERNAL_ERROR;
-+        goto exit;
-+    }
-     // Release the access mutex temporarily whilst performing the connect call
-     // We do this to prevent the data model thread from potentially being blocked, whilst the connect call is taking place
-     OS_UTILS_UnlockMutex(&mqtt_access_mutex);

obuspa/patches/0013-mqtt-retry-param-change.patch

@@ -1,76 +0,0 @@
-diff --git a/src/core/device_mqtt.c b/src/core/device_mqtt.c
-index 7438e59..231d941 100755
---- a/src/core/device_mqtt.c
-+++ b/src/core/device_mqtt.c
-@@ -1612,14 +1612,23 @@ int NotifyChange_MQTTRequestProblemInfo(dm_req_t *req, char *value)
- int NotifyChange_MQTTConnectRetryTime(dm_req_t *req, char *value)
- {
-     mqtt_conn_params_t *mp;
-+    bool schedule_reconnect = false;
- 
-     // Determine mqtt client to be updated
-     mp = FindMqttParamsByInstance(inst1);
-     USP_ASSERT(mp != NULL);
- 
-     // Set the new value.
-+    if ((mp->retry.connect_retrytime != val_uint) && (mp->enable)) {
-+        schedule_reconnect = true;
-+    }
-+
-     mp->retry.connect_retrytime = val_uint;
- 
-+    if (schedule_reconnect) {
-+        ScheduleMqttReconnect(mp);
-+    }
-+
-     return USP_ERR_OK;
- }
- 
-@@ -1638,14 +1647,23 @@ int NotifyChange_MQTTConnectRetryTime(dm_req_t *req, char *value)
- int NotifyChange_MQTTConnectRetryIntervalMultiplier(dm_req_t *req, char *value)
- {
-     mqtt_conn_params_t *mp;
-+    bool schedule_reconnect = false;
- 
-     // Determine mqtt client to be updated
-     mp = FindMqttParamsByInstance(inst1);
-     USP_ASSERT(mp != NULL);
- 
-+    if ((mp->retry.interval_multiplier != val_int) && (mp->enable)) {
-+        schedule_reconnect = true;
-+    }
-+
-     // Set the new value.
-     mp->retry.interval_multiplier = val_int;
- 
-+    if (schedule_reconnect) {
-+        ScheduleMqttReconnect(mp);
-+    }
-+
-     return USP_ERR_OK;
- }
- 
-@@ -1664,14 +1682,23 @@ int NotifyChange_MQTTConnectRetryIntervalMultiplier(dm_req_t *req, char *value)
- int NotifyChange_MQTTConnectRetryMaxInterval(dm_req_t *req, char *value)
- {
-     mqtt_conn_params_t *mp;
-+    bool schedule_reconnect = false;
- 
-     // Determine mqtt client to be updated
-     mp = FindMqttParamsByInstance(inst1);
-     USP_ASSERT(mp != NULL);
- 
-+    if ((mp->retry.max_interval != val_uint) && (mp->enable)) {
-+        schedule_reconnect = true;
-+    }
-+
-     // Set the new value.
-     mp->retry.max_interval = val_uint;
- 
-+    if (schedule_reconnect) {
-+        ScheduleMqttReconnect(mp);
-+    }
-+
-     return USP_ERR_OK;
- }
- 

obuspa/patches/0014-persist-connack-clientid.patch

@@ -1,15 +1,15 @@
 --- a/src/core/mqtt.c
 +++ b/src/core/mqtt.c
-@@ -55,6 +55,8 @@
+@@ -63,6 +63,8 @@
  #include "retry_wait.h"
  #include "text_utils.h"
  #include "msg_handler.h"
 +#include "data_model.h"
 +#include "usp_api.h"
  
- #include <openssl/ssl.h>
- #include <openssl/bio.h>
-@@ -2517,6 +2519,37 @@ exit:
+ // Defines for MQTT Property Values
+ #define PUBLISH 0x30
+@@ -2613,6 +2615,37 @@ exit:
  
  /*********************************************************************//**
  **
@@ -47,16 +47,20 @@
  ** ConnectV5Callback
  **
  ** Called by Libmosquitto when the CONNACK packet is received on an MQTTv5 connection
-@@ -2590,8 +2623,26 @@ void ConnectV5Callback(struct mosquitto
+@@ -2685,10 +2718,28 @@ void ConnectV5Callback(struct mosquitto
                &client_id_ptr, false /* skip first */) != NULL)
          {
              USP_LOG_Debug("%s: Received client_id: \"%s\"", __FUNCTION__, client_id_ptr);
 -            USP_SAFE_FREE(client->conn_params.client_id);
 -            client->conn_params.client_id = USP_STRDUP(client_id_ptr);
+-            USP_SAFE_FREE(client->next_params.client_id);
+-            client->next_params.client_id = USP_STRDUP(client_id_ptr);
 +
 +            if (client->conn_params.client_id == NULL || strcmp(client->conn_params.client_id, client_id_ptr) != 0) {
 +                USP_SAFE_FREE(client->conn_params.client_id);
 +                client->conn_params.client_id = USP_STRDUP(client_id_ptr);
++                USP_SAFE_FREE(client->next_params.client_id);
++                client->next_params.client_id = USP_STRDUP(client_id_ptr);
 +
 +                // Persist client id from CONNACK in DB
 +                char buf[128] = {0}, *param_path = NULL, *param_val = NULL;

packet-capture-diagnostics/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=packet-capture-diagnostics
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.0.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/packet-capture-diagnostics.git
-PKG_SOURCE_VERSION:=a47189b5faa9f678f1a27475c474cc1524d777f4
+PKG_SOURCE_VERSION:=6c64e11d78b3be9990714bf5fcd97752cc15c4a8
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

periodicstats/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=periodicstats
-PKG_VERSION:=1.5.11
+PKG_VERSION:=1.5.12
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/periodicstats.git
-PKG_SOURCE_VERSION:=0bfe78ce9daf1cfbe9453e2cb08327dc7885cea2
+PKG_SOURCE_VERSION:=e59f980306e9ef4c1e3e56839906b8c5cba18338
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

qosmngr/Makefile

@@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=qosmngr
-PKG_VERSION:=1.0.14
+PKG_VERSION:=1.0.15
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=c4db530aae2392f94494814eefc977118519089b
+PKG_SOURCE_VERSION:=f6b77d16d2103b7336a476e710a10f1dd28274f6
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/qosmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

qosmngr/files/common/lib/qos/ebtables.sh

@@ -549,9 +549,9 @@ create_ebtables_chains() {
 }
 
 flush_ebtables_chains() {
-    echo "ebtables -t nat -F qos_output" > /tmp/qos/classify.ebtables
-    echo "ebtables -t broute -F qos" > /tmp/qos/classify.ebtables
-    echo "ebtables -t broute -F dscp2pbits" >> /tmp/qos/classify.ebtables
-    echo "ebtables -t broute -F prevlanxlate" >> /tmp/qos/classify.ebtables
+    echo "ebtables --concurrent -t nat -F qos_output" > /tmp/qos/classify.ebtables
+    echo "ebtables --concurrent -t broute -F qos" > /tmp/qos/classify.ebtables
+    echo "ebtables --concurrent -t broute -F dscp2pbits" >> /tmp/qos/classify.ebtables
+    echo "ebtables --concurrent -t broute -F prevlanxlate" >> /tmp/qos/classify.ebtables
 }
 

self-diagnostics/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=self-diagnostics
-PKG_VERSION:=1.0.6
+PKG_VERSION:=1.0.8
 PKG_RELEASE:=1
 
 PKG_LICENSE:=GPL-2.0-only

self-diagnostics/files/usr/share/self-diagnostics/spec/network.json

@@ -62,12 +62,8 @@
 			"cmd": "bridge fdb"
 		},
 		{
-			"description": "TCP listened ports",
-			"cmd": "netstat -tlnp"
-		},
-		{
-			"description": "UDP listened ports",
-			"cmd": "netstat -ulnp"
+			"description": "TCP/UDP/Raw ports/Sockets",
+			"cmd": "netstat -anp"
 		},
 		{
 			"description": "MAC layer firewall status list",

self-diagnostics/src/selftest.c

@@ -78,8 +78,8 @@ int operate_Device_SelfTest(char *refparam, struct dmctx *ctx, void *data, char
 	/* Get self test log instance */
 	char *result = get_selftest_log_instance(ctx);
 
-	add_list_parameter(ctx, dmstrdup("Status"), dmstrdup("Complete"), DMT_TYPE[DMT_STRING], NULL);
-	add_list_parameter(ctx, dmstrdup("Results"), result, DMT_TYPE[DMT_STRING], NULL);
+	fill_blob_param(&ctx->bb, "Status", "Complete", DMT_TYPE[DMT_STRING], 0);
+	fill_blob_param(&ctx->bb, "Results", result, DMT_TYPE[DMT_STRING], 0);
 
 	if (ctx->dm_type != BBFDM_USP) {
 		diagnostics_set_option("selftest", "DiagnosticState", "Complete");
@@ -89,7 +89,7 @@ int operate_Device_SelfTest(char *refparam, struct dmctx *ctx, void *data, char
 	return 0;
 
 err:
-	add_list_parameter(ctx, dmstrdup("Status"), dmstrdup("Error_Internal"), DMT_TYPE[DMT_STRING], NULL);
+	fill_blob_param(&ctx->bb, "Status", "Error_Internal", DMT_TYPE[DMT_STRING], 0);
 	if (ctx->dm_type != BBFDM_USP) {
 		diagnostics_set_option("selftest", "DiagnosticState", "Error");
 		dmuci_commit_package_bbfdm(DMMAP_DIAGNOSTIGS);

sulu/Readme.md

@@ -101,3 +101,81 @@ CONFIG_SULU_PWA_KEYS_PATH="/somepath_with_pwa.{crt,key}"
 ```
 
 >Note: Replacing/changing the keys might requires uninstall/install of PWA App and CTRL+Shift+R in browser to drop the cached site and load the new site with new keys.
+
+# How to create a new Sulu user with Role Based Access Controller
+Sulu has a predefined set of users, but if it is required to add user with more/less datamodel access rights, that can be done from a USP Controller(sulu etc) or by using the command line tool.
+
+In the below example, I use command line tool, but same operations can be done from controller as well to configure it, so we need
+- New user
+- New user role
+- Changes in UserInterface Instance to use the new user role
+- A ControllerTrust role to define datamodel access aligned with user role
+- Update the sulu controller to use the above role
+
+Some global variables before proceeding further
+
+```bash
+export UNAME=testuser
+export UPASS=testuser123
+```
+## Create an User Role
+
+```bash
+ROLE="$(obuspa -c add Device.Users.Role. |cut -d " " -f 2)"
+
+obuspa -c set ${ROLE}.RoleName ${UNAME}
+obuspa -c set ${ROLE}.Enable 1
+```
+
+## Create an User
+
+```bash
+USER="$(obuspa -c add Device.Users.User. |cut -d " " -f 2)"
+
+obuspa -c set ${USER}.Username ${UNAME}
+obuspa -c set ${USER}.Password ${UPASS}
+obuspa -c set ${USER}.RoleParticipation ${ROLE}
+obuspa -c set ${USER}.Enable 1
+```
+
+## Update UserInterface to use the new UserRole
+
+Sulu has a reload hook to setup the necessary obuspa/mosquitto configuration, so no need to do LocalAgent Controller/MTP setup, this will reload obuspa service after uci update, so we have to wait for service to come up.
+
+```bash
+bbfdmd -c set Device.UserInterface.HTTPAccess.1.AllowedRoles "Device.Users.Role.1,${ROLE}"
+
+sleep 30
+```
+
+## Create a ControllerTrust role aligned with user role
+
+In this example, full access of 'Device.' added for the new user
+
+```bash
+CTROLE="$(obuspa -c add Device.LocalAgent.ControllerTrust.Role. | cut -d " " -f 2)"
+
+PERM="$(obuspa -c add ${CTROLE}.Permission. |cut -d " " -f 2)"
+
+obuspa -c set ${PERM}.Targets Device.
+obuspa -c set ${PERM}.Param rw-n
+obuspa -c set ${PERM}.Obj rw-n
+obuspa -c set ${PERM}.InstantiatedObj rw-n
+obuspa -c set ${PERM}.CommandEvent r-xn
+obuspa -c set ${PERM}.Enable 1
+obuspa -c set ${CTROLE}.Enable 1
+```
+
+## Set new role to Controller
+
+```bash
+obuspa -c set Device.LocalAgent.Controller.[EndpointID==self::sulu-${UNAME}].AssignedRole "${CTROLE}"
+```
+
+After these configuration reboot the device
+
+```bash
+reboot
+```
+
+After device boots sulu should be able to login with newly added user.

sulu/sulu-builder/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=3.1.61
+PKG_VERSION:=3.1.62
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -45,9 +45,7 @@ function _get_sulu_user_roles() {
 	roles=$(uci -q get userinterface._sulu_s.role)
 
 	for role in ${roles}; do
-		if [ -f "/etc/users/roles/$role.json" ]; then
-			sulu_user_roles="${sulu_user_roles} ${role}"
-		fi
+		sulu_user_roles="${sulu_user_roles} ${role}"
 	done
 
 	if [ -n "${sulu_user_roles}" ]; then
@@ -284,9 +282,9 @@ function update_obuspa_config() {
 }
 
 function configure_sulu() {
-	update_obuspa_config
-	_create_acl
 	generate_sulu_conn_config
+	_create_acl
+	update_obuspa_config
 }
 
 while getopts ":r" opt; do

swmodd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=swmodd
-PKG_VERSION:=2.5.12
+PKG_VERSION:=2.5.16
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/lcm/swmodd.git
-PKG_SOURCE_VERSION:=088ac916a87b4faf1aaafadc6ee77ae56674fd1c
+PKG_SOURCE_VERSION:=c36ff3594ed20d9bbc90d52adbdf7d6c186c4ce1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

timemngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=timemngr
-PKG_VERSION:=1.0.20
+PKG_VERSION:=1.0.22
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/timemngr.git
-PKG_SOURCE_VERSION:=f0b026bb5fffbd1c9a18b6814251b4c724aabad6
+PKG_SOURCE_VERSION:=d0dedf229e24535b5b6a284662f1560868fdcd7c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

tr104/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr104
-PKG_VERSION:=1.0.31
+PKG_VERSION:=1.0.32
 
 LOCAL_DEV:=0
 ifeq ($(LOCAL_DEV),0)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/voice/tr104.git
-PKG_SOURCE_VERSION:=57a713d6dbb4a39b41f0f0fd4674e7bcd3562852
+PKG_SOURCE_VERSION:=5632a71e0da8d498c214469dec76d2774f3a8a15
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

tr143/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr143
-PKG_VERSION:=1.0.2
+PKG_VERSION:=1.0.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/tr143d.git
-PKG_SOURCE_VERSION:=6762d1efbb995be685af32af5f4b67cc4d737bcd
+PKG_SOURCE_VERSION:=54302dec291726b0e765e56b4d72ac53655e0f29
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

tr471/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr471
-PKG_VERSION:=1.0.1
+PKG_VERSION:=1.0.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/tr471d.git
-PKG_SOURCE_VERSION:=036c87b237f266cf7f9fae170c37c863a5f4af2e
+PKG_SOURCE_VERSION:=69b4d324f2b2c78d858b0446dcb90dba9d5f60c3
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

twamp/Makefile

@@ -52,13 +52,9 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/twampd $(1)/usr/sbin/
 	$(INSTALL_DATA) ./files/etc/config/twamp $(1)/etc/config/twamp
-ifneq ($(CONFIG_FIREWALLMNGR_BACKEND_FIREWALLMNGR),y)
 	$(INSTALL_BIN) ./files/etc/init.d/twampd $(1)/etc/init.d/twampd
 	$(INSTALL_BIN) ./files/etc/firewall.twamp $(1)/etc/firewall.twamp
 	$(INSTALL_BIN) ./files/etc/uci-defaults/92-twampfirewall $(1)/etc/uci-defaults/92-twampfirewall
-else
-	$(INSTALL_BIN) ./files/etc/twamp_backend_firewallmngr/init.d/twampd $(1)/etc/init.d/twampd
-endif
 	$(INSTALL_BIN) ./files/etc/uci-defaults/93-twamp_fix_reflector $(1)/etc/uci-defaults/93-twamp_fix_reflector
 	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/libtwamp.so $(1)
 endef

twamp/files/etc/twamp_backend_firewallmngr/init.d/twampd

@@ -1,31 +0,0 @@
-#!/bin/sh /etc/rc.common
-# TWAMP Reflector software
-# Copyright (C) 2020-2022 IOPSYS Software Solutions AB
-# Author: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
-
-START=99
-STOP=10
-
-. /lib/fwmngr/fwmngr_twamp.sh
-USE_PROCD=1
-PROG="/usr/sbin/twampd"
-
-start_service() {
-	local enable=$(uci -q get twamp.twamp.enable)
-	if [ "$enable" = "1" ]; then
-		procd_open_instance
-		procd_set_param command "$PROG"
-		procd_set_param respawn "3" "7" "0"
-		procd_close_instance
-	fi
-	handle_twamp_rules
-}
-
-reload_service() {
-        stop
-        start
-}
-
-service_triggers() {
-	procd_add_reload_trigger twamp
-}

urlfilter/Makefile

@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=urlfilter
-PKG_VERSION:=1.1.14
+PKG_VERSION:=1.1.15
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/urlfilter.git
-PKG_SOURCE_VERSION:=ebf8afb44ff808d3b99c45a7c636fb12a774f357
+PKG_SOURCE_VERSION:=b68c9bb94c24a7394997522e982e37d85e172e0c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

urlfilter/files/etc/init.d/urlfilter

@@ -17,11 +17,17 @@ configure_firewall()
 		iptables -w -I FORWARD 2 -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -I FORWARD 3 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -I FORWARD 4 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 5 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 6 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -I INPUT 1 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -I INPUT 2 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 3 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 4 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		# disable acceleration for https packet so that they can be read by urlfilter
 		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
 	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
 	if [ "$?" -ne 0 ]; then
@@ -30,11 +36,17 @@ configure_firewall()
 		ip6tables -w -I FORWARD 2 -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -I FORWARD 3 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -I FORWARD 4 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 5 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 6 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -I INPUT 1 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -I INPUT 2 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 3 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 4 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		# disable acceleration for https packet so that they can be read by urlfilter
 		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
 
 }
@@ -64,9 +76,15 @@ stop_service() {
 		iptables -w -D FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -D FORWARD -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -D INPUT -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -D INPUT -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
 	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
 	if [ "$?" -eq 0 ]; then
@@ -75,9 +93,15 @@ stop_service() {
 		ip6tables -w -D FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -D FORWARD -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -D INPUT -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ip6tables -w -D INPUT -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
 }
 reload_service() {

usbmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usbmngr
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/usbmngr.git
-PKG_SOURCE_VERSION:=4f5f5dd701d40cdb134b98734db75446e5736a2e
+PKG_SOURCE_VERSION:=8854939163cc60154a52834fa70677b3d1a53d46
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

usermngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usermngr
-PKG_VERSION:=1.2.17
+PKG_VERSION:=1.2.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/usermngr.git
-PKG_SOURCE_VERSION:=4ea2dfc2843b4cdf87e48deff512ee358c93298f
+PKG_SOURCE_VERSION:=3756e698d6debe4b5038a942e7332dc733f6f816
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

wifidmd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifidmd
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/wifidmd.git
-PKG_SOURCE_VERSION:=eb3a21f1baec749cfd2d53fd3e38fdab3a6d7a4c
+PKG_SOURCE_VERSION:=6523c92cc2880ec5eebfc60d09bb5084ec504b6e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

wifimngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifimngr
-PKG_VERSION:=17.3.0
+PKG_VERSION:=17.3.3
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a659db98e58003115bd58d614db70331e84c4ec6
+PKG_SOURCE_VERSION:=fe089207eb9050dbee7dd1e214e4ce1eeeb97851
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/wifimngr.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

xmppc/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xmppc
-PKG_VERSION:=2.2.9
+PKG_VERSION:=2.2.10
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/xmppc.git
-PKG_SOURCE_VERSION:=ff76b296e767a5732d7b07ad94c141a4a6e50ed5
+PKG_SOURCE_VERSION:=a2945d99b916ddbe3b5270446e9b8d310a104052
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

xmppc/files/etc/init.d/xmppc

@@ -11,12 +11,25 @@ stop_service() {
 	if [ "${xmpp_running}" = "true" ]; then
 		procd_send_signal xmppc '*' SIGKILL
 	fi
+
+	if [ -f "/var/state/xmppc" ]; then
+		uci -q -c /var/state delete xmppc.conn_status
+		uci -q -c /var/state commit xmppc
+	fi
 }
 
 start_service() {
 	local con_name=$(uci -q get xmpp.xmpp.conn_req_connection)
 	local con_enable=$(uci -q get xmpp."${con_name}".enable)
 
+	if [ ! -f "/var/state/xmppc" ]; then
+		touch "/var/state/xmppc"
+	fi
+
+	uci -q -c /var/state set xmppc.global='global'
+	uci -q -c /var/state set xmppc.global.last_change="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+	uci -q -c /var/state commit xmppc
+
 	procd_open_instance
 	if [ "$con_enable" = "1" ]; then
 		procd_set_param command "$PROG"