urlfilter: fix profile deletion

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.4.23.27
+PKG_VERSION:=1.4.23.29
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=1824094049ee371f21a3deaf43f8e052d2474568
+PKG_SOURCE_VERSION:=2f1dac5686f54219fc7706c677905816b650dd1c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

bbfdm/files/etc/init.d/bbfdmd

@@ -40,7 +40,12 @@ configure_bbfdmd()
 	[ "${enabled}" -eq 0 ] && return 0
 
 	if [ -f "${BBFDM_JSON_INPUT}" ]; then
-		echo "$(jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' ${BBFDM_JSON_INPUT})" > ${BBFDM_TEMP_JSON}
+		cat ${BBFDM_JSON_INPUT} |jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' > ${BBFDM_TEMP_JSON}
+		val="$(jq -r '.daemon.input // empty' ${BBFDM_TEMP_JSON})"
+		if [ -z "${val}" ]; then
+			log "Failed to generate temp input json, uci changes not applied"
+			cp ${BBFDM_JSON_INPUT} ${BBFDM_TEMP_JSON}
+		fi
 	fi
 
 	procd_set_param command ${PROG}

decollector/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=4.2.1.1.5
+PKG_VERSION:=4.2.1.1.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b34c94d516ee18e33fc910b8a656649541b7e8e8
+PKG_SOURCE_VERSION:=9fae736fa6c4ee39e7775964c7f84b105196c034
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

ethmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=2.1.3
+PKG_VERSION:=2.1.3.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5b40a8167d3e0e5c8fc9229abccd5c6acecbe814
+PKG_SOURCE_VERSION:=847a94cee530d60bfd10ceaee4185d64fb6397d0
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.5.29.13
+PKG_VERSION:=9.5.29.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=88e7d4e99e78f6b179674fe837cab1961cf11a0a
+PKG_SOURCE_VERSION:=816033a14672e8e9c3566ce06fa19fb422eeb546
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.3.4.11
+PKG_VERSION:=8.3.4.14
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=99093fec4c441bc90179b3fd557882c88007cdac
+PKG_SOURCE_VERSION:=f625abe854742f7f07d4121c9f6302a7db9b48e2
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.0.13
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=a9ea70b6c0adb246685f7632e38853e0d803a7c3
+PKG_SOURCE_VERSION:=529581176d0e82f928230bc047b842326b340365
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.4.16.14
+PKG_VERSION:=7.4.16.17
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a010d77fa8b711df202f6f70d0a9fdf6d59d1487
+PKG_SOURCE_VERSION:=05406d9ece1b3288beabf5986305cb9929a59f75
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -76,6 +76,10 @@ ifeq ($(CONFIG_LIBWIFI_USE_CTRL_IFACE),y)
   TARGET_CFLAGS +=-DLIBWIFI_USE_CTRL_IFACE
 endif
 
+ifeq ($(CONFIG_LIBWIFI_SKIP_PROBES),y)
+  TARGET_CFLAGS +=-DLIBWIFI_BRCM_SKIP_PROBES
+endif
+
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
 	-I$(STAGING_DIR)/usr/include/openssl \
@@ -144,6 +148,11 @@ define Package/libwifi/config
 	config LIBWIFI_USE_CTRL_IFACE
 		bool "Create UNIX sockets to interface with hostapd/wpa_supplicant"
 		default n
+
+	config LIBWIFI_SKIP_PROBES
+		bool "Don't create probe-req events"
+		default y
+
   endif
 endef
 

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=4.5.0.25
+PKG_VERSION:=4.5.0.33
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=265269d3e15787d226ad5db32cbf1f2b09caae12
+PKG_SOURCE_VERSION:=4d18c2b1921e9c239a938f23cba516cf867baba4
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-controller/Config.in

@@ -29,6 +29,10 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
+config CONTROLLER_PROPAGATE_PROBE_REQ
+	depends on CONTROLLER_EASYMESH_VENDOR_EXT
+	bool "Enable publishing probe requests vendor specific messages as UBUS events"
+	default y
 
 endmenu
 endif

map-controller/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=4.5.0.10
+PKG_VERSION:=4.5.0.23
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=b5812a12241b80a555b9f435405f586015195fb4
+PKG_SOURCE_VERSION:=ea159dee9536889171fe6f2463c2259ac48c4a97
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 LOCAL_DEV=0
@@ -63,6 +63,10 @@ TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=$(CONFIG_CONTROLLER_EASYMESH_VENDOR_E
 TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
 endif
 
+ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)
+TARGET_CFLAGS += -DPROPAGATE_PROBE_REQ
+endif
+
 define Package/map-controller/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/

mcastmngr/files/broadcom/lib/mcast/broadcom.sh

@@ -39,7 +39,6 @@ config_snooping_upstream_interface() {
 	local snooping_upstream_intf=""
 
 	json_load "$(devstatus $1)"
-	logger -t "mcastconf" "$(devstatus $1)"
 	itr=1
 	json_select bridge-members
 

obuspa/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=7.0.5.6.11
+PKG_VERSION:=7.0.5.6.12
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)

obuspa/files/etc/config/obuspa

@@ -3,7 +3,7 @@ config obuspa 'global'
 	option debug '1'
 	option dhcp_discovery '1'
 	option log_level '2'
-	option prototrace '0'
+	option prototrace '1'
 	option db_file '/etc/obuspa/usp.db'
 	option role_file '/etc/obuspa/roles.json'
 	option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'

obuspa/files/etc/init.d/obuspa

@@ -987,7 +987,7 @@ db_init()
 	fi
 
 	# Remove ControllerTrust.Role., if present in db for backward compatibility
-	delete_sql_db_entry_with_pattern "Device.LocalAgent.ControllerTrust.Role."
+	delete_sql_db_entry_with_pattern "^Device.LocalAgent.ControllerTrust.Role."
 
 	# Remove reset file if present
 	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old

obuspa/files/etc/obuspa/roles.json

@@ -260,6 +260,40 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
+        {
+          "object":"Device.Schedules.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
         {
           "object":"Device.NAT.",
           "perm": [
@@ -584,6 +618,40 @@
             "PERMIT_NONE"
           ]
         },
+        {
+          "object":"Device.Schedules.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
         {
           "object": "Device.DeviceInfo.",
           "perm": [
@@ -677,24 +745,13 @@
           "object": "Device.WiFi.",
           "perm": [
             "PERMIT_GET",
+            "PERMIT_SET",
             "PERMIT_GET_INST",
             "PERMIT_OBJ_INFO",
             "PERMIT_CMD_INFO",
             "PERMIT_SUBS_VAL_CHANGE",
             "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL"
-          ]
-        },
-        {
-          "object": "Device.WiFi.AccessPoint.{i}.WPS.InitiateWPSPBC()",
-          "perm": [
-            "PERMIT_OPER",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object": "Device.WiFi.DataElements.Network.SetSSID()",
-          "perm": [
+            "PERMIT_SUBS_OBJ_DEL",
             "PERMIT_OPER",
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]

sulu/sulu-builder/files/etc/config/sulu

@@ -1,4 +1,3 @@
 config global 'global'
 	option SessionMode 'Allow'
 	list user 'admin'
-	list user 'user'

swmodd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=swmodd
-PKG_VERSION:=2.5.3.2
+PKG_VERSION:=2.5.3.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/lcm/swmodd.git
-PKG_SOURCE_VERSION:=d8cc9a7a3749975720c9b748adadb2b6c920acdc
+PKG_SOURCE_VERSION:=e5a260a007b1465784334071040113a220bee0c1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

swmodd/files/etc/init.d/crun

@@ -56,7 +56,7 @@ configure_lxc_container() {
 }
 
 configure_crun_container() {
-	local name type autostart du_status requested_state url username password capability
+	local name type autostart du_status requested_state url username password capability envlist
 	local BRIDGE BUNDLE BOOT PERM
 	local RUNNER="/etc/swmodd/run.sh"
 
@@ -74,6 +74,12 @@ configure_crun_container() {
 	config_get username "${1}" username ""
 	config_get password "${1}" password ""
 	config_get capability "${1}" capability ""
+	config_get envlist "${1}" env_var ""
+
+	if [ -n "${envlist}" ]; then
+		envlist="${envlist// /;}"
+	fi
+
 	if [ -n "${capability}" ]; then
 		PERM="-p ${capability// /,}"
 	fi
@@ -152,7 +158,7 @@ configure_crun_container() {
 
 	if [ "${BOOT}" -eq "1" ]; then
 		if [ "${autostart}" -eq 1 ]; then
-			${RUNNER} -U -b "${BUNDLE}" -n "${name}" ${PERM}
+			${RUNNER} -U -b "${BUNDLE}" -n "${name}" -e "${envlist}" ${PERM}
 			result=$(cat ${BUNDLE}/${name}/config.json |jq ".annotations.org_opencontainers_image_description")
 			if [ "${result}" != "null" ]; then
 				uci_set ocicontainer "${1}" description "${result}"
@@ -185,7 +191,7 @@ configure_crun_container() {
 				${RUNNER} -u -n "${name}" -i "${BRIDGE}" ${PERM}
 				crun resume "${name}"
 			else
-				${RUNNER} -U -b "${BUNDLE}" -n "${name}" ${PERM}
+				${RUNNER} -U -b "${BUNDLE}" -n "${name}" -e "${envlist}" ${PERM}
 				result=$(cat ${BUNDLE}/${name}/config.json |jq ".annotations.org_opencontainers_image_description")
 				if [ "${result}" != "null" ]; then
 					uci_set ocicontainer "${1}" description "${result}"

swmodd/files/etc/swmodd/run.sh

@@ -144,6 +144,20 @@ update_config_json() {
 		json_add_string hostname "${NAME}"
 	fi
 
+	if [ -n "${ENVLIST}" ]; then
+		json_select process
+		json_get_values preenv env
+		json_select env
+		for i in ${ENVLIST//;/ }; do
+			key="$(echo $i|cut -d= -f1)"
+			if [[ "${preenv}" != *"${key}="* ]]; then
+				json_add_string "" "${i}"
+			fi
+		done
+		json_select ..
+		json_select ..
+	fi
+
 	# Update cabalities
 	if [ -n "${PERM}" ]; then
 		log "Updating Permission in the json ..."
@@ -264,8 +278,9 @@ clean=0
 net_update=0
 update_json=0
 PERM=""
+ENVLIST=""
 
-while getopts b:n:i:r:l:t:p:cuU options
+while getopts b:n:i:r:l:t:p:e:cuU options
 do
 	case "${options}" in
 		b) BUNDLE=${OPTARG};;
@@ -276,6 +291,7 @@ do
 		r) REGURL=${OPTARG};;
 		l) LOGIN=${OPTARG};;
 		t) TIMEOUT=${OPTARG};;
+		e) ENVLIST=${OPTARG};;
 		u) net_update=1;;
 		U) update_json=1;;
 		*) log "Invalid options";;

urlfilter/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=urlfilter
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.0.4.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/urlfilter.git
-PKG_SOURCE_VERSION:=08044747036259db23d6581fcbaa51750516749e
+PKG_SOURCE_VERSION:=3a639a77184a42ff2892bfcb588f1fc630f3c3f2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -26,7 +26,7 @@ define Package/urlfilter
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=URL filter
-  DEPENDS:=+libuci +libnetfilter-queue +libnfnetlink +iptables-mod-nfqueue +libpthread +libubox +ubus +conntrack
+  DEPENDS:=+libuci +libnetfilter-queue +libnfnetlink +iptables-mod-nfqueue +libpthread +libubox +ubus +conntrack +libbbfdm-api +libcurl
 endef
 
 define Package/urlfilter/description
@@ -34,22 +34,36 @@ define Package/urlfilter/description
 endef
 
 TARGET_CFLAGS += \
-        -D_GNU_SOURCE
+        -D_GNU_SOURCE \
+        -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-        $(CP) -rf ./urlfilter/* $(PKG_BUILD_DIR)/
+	$(CP) -rf ~/git/urlfilter/* $(PKG_BUILD_DIR)/
 endef
 endif
 
 define Package/urlfilter/install
+	$(INSTALL_DIR) $(1)/lib/parentalcontrol
+	$(INSTALL_DATA) ./files/lib/parentalcontrol/parentalcontrol.sh $(1)/lib/parentalcontrol/
+
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DATA) ./files/etc/firewall.parentalcontrol $(1)/etc/
+
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/urlfilter $(1)/usr/sbin
+
+	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/urlfilter $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/etc/config/urlfilter $(1)/etc/config/
-	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/plugins/urlfilter.json)
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) ./files/etc/config/parentalcontrol $(1)/etc/config/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
+
+	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/libparentalcontrol.so)
 endef
 
 $(eval $(call BuildPackage,urlfilter))

urlfilter/files/etc/bbfdm/plugins/urlfilter.json

@@ -1,473 +0,0 @@
-{
-	"json_plugin_version": 1,
-	"Device.{BBF_VENDOR_PREFIX}URLFilter.": {
-		"type": "object",
-		"version": "2.14",
-		"protocols": [
-			"cwmp",
-			"usp"
-		],
-		"description": "This object contains the information about URLs to be blocked or allowed to access from specified MAC addresses in given time duration.",
-		"access": false,
-		"array": false,
-		"Enable": {
-			"type": "boolean",
-			"version": "2.14",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Enable or disable URLFiltering on the CPE.",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"name": "globals"
-						},
-						"option": {
-							"name": "enable"
-						}
-					}
-				}
-			]
-		},
-		"GlobalBlacklist": {
-			"type": "boolean",
-			"version": "2.14",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Enable or disable access of the URLs specified in <<param|BlacklistURL>> from all connected devices.",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"name": "globals"
-						},
-						"option": {
-							"name": "global_blacklist"
-						}
-					}
-				}
-			]
-		},
-		"BlacklistURL": {
-			"type": "string",
-			"version": "2.14",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Comma separated list of URLs to be blacklisted from all connected devices.",
-			"list": {
-				"datatype": "string"
-			},
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"name": "globals"
-						},
-						"list": {
-							"name": "blacklist_url"
-						}
-					}
-				}
-			]
-		},
-		"ProfileNumberOfEntries": {
-			"type": "unsignedInt",
-			"read": true,
-			"write": false,
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "<<numentries>>",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "profile"
-						},
-						"option": {
-							"name": "@Count"
-						}
-					}
-				}
-			]	
-		},
-		"Device.{BBF_VENDOR_PREFIX}URLFilter.Profile.{i}.": {
-			"type": "object",
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Table contain details of the blacklist/whitelist profiles.",
-			"uniqueKeys": [
-				"Name"
-			],
-			"access": true,
-			"array": true,
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "profile"
-						},
-						"dmmapfile": "dmmap_urlfilter"
-					}
-				}
-			],
-			"Alias": {
-				"type": "string",
-				"read": true,
-				"write": false,
-				"version": "2.14",
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"range": [
-					{
-						"max": 64
-					}
-				],
-				"flags": [
-					"Unique",
-					"Linker"
-				],
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"option": {
-								"name": "@Name"
-							}
-						}
-					}
-				]
-			},
-			"Name": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"version": "2.14",
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Name of the profile. This should be unique for each entry in the table.",
-				"datatype": "string",
-				"range": [
-					{
-						"max": 64
-					}
-				],
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"option": {
-								"name": "name"
-							}
-						}
-					}
-				]
-			},
-			"WhitelistURL": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of URLs which should be allowed to access.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"list": {
-								"name": "whitelist_url"
-							}
-						}
-					}
-				]
-			},
-			"BlacklistURL": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of URLs which should not be allowed to access.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"list": {
-								"name": "blacklist_url"
-							}
-						}
-					}
-				]
-			}
-		},
-		"FilterNumberOfEntries": {
-			"type": "unsignedInt",
-			"read": true,
-			"write": false,
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "<<numentries>>",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "filter"
-						},
-						"option": {
-							"name": "@Count"
-						}
-					}
-				}
-			]
-		},
-		"Device.{BBF_VENDOR_PREFIX}URLFilter.Filter.{i}.": {
-			"type": "object",
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Table contain MAC addresses on which <<object|Profile>> should be applied along with other information like filtering should be applied on which day, the timing information when the filtering should be done etc.",
-			"access": true,
-			"array": true,
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "filter"
-						},
-						"dmmapfile": "dmmap_urlfilter"
-					}
-				}
-			],
-			"Enable": {
-				"type": "boolean",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Enable or disable this filter instance on the CPE.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "enable"
-							}
-						}
-					}
-				]
-			},
-			"Profile": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-			"flags": [
-					"Reference"
-				],
-				"description": "Path of the <<object|Profile>> that should be applied.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "profile"
-							}
-						},
-						"linker_obj": "Device.{BBF_VENDOR_PREFIX}URLFilter.Profile.*.Alias"
-					}
-				]
-			},
-			"MACAddress": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of MAC addresses for which the filtering should be done.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"list": {
-								"name": "macaddr"
-							}
-						}
-					}
-				]
-			},
-			"Day": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of weekdays. Filtering should be done on the mentioned days only.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"list": {
-								"name": "day"
-							}
-						}
-					}
-				]
-			},
-			"StartTime": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Time when filtering shall start.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "start_time"
-							}
-						}
-					}
-				]
-			},
-			"Duration": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "The duration in seconds to filter the URLs from start time.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "duration"
-							}
-						}
-					}
-				]
-			}
-		}
-	}
-}
-

urlfilter/files/etc/config/parentalcontrol

@@ -0,0 +1,91 @@
+config globals 'globals'
+	option enable '0'
+
+config profile 'profile_1'
+	option name 'Kids'
+
+config profile_bedtime_schedule 'profile_1_profile_bedtime_schedule_1'
+	option enable '0'
+	option dm_parent 'profile_1'
+	option name 'WeekDays'
+	list day 'Monday'
+	list day 'Tuesday'
+	list day 'Wednesday'
+	list day 'Thursday'
+
+config profile_bedtime_schedule 'profile_1_profile_bedtime_schedule_2'
+	option enable '0'
+	option dm_parent 'profile_1'
+	option name 'Weekend'
+	list day 'Friday'
+	list day 'Saturday'
+	list day 'Sunday'
+
+config urlbundle 'urlbundle_1'
+	option name 'Abuse'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt'
+
+config urlbundle 'urlbundle_2'
+	option name 'Ads'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt'
+
+config urlbundle 'urlbundle_3'
+	option name 'Crypto'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt'
+
+config urlbundle 'urlbundle_4'
+	option name 'Drugs'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt'
+
+config urlbundle 'urlbundle_5'
+	option name 'Facebook'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt'
+
+config urlbundle 'urlbundle_6'
+	option name 'Fraud'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt'
+
+config urlbundle 'urlbundle_7'
+	option name 'Gambling'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt'
+
+config urlbundle 'urlbundle_8'
+	option name 'Malware'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt'
+
+config urlbundle 'urlbundle_9'
+	option name 'Phishing'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt'
+
+config urlbundle 'urlbundle_10'
+	option name 'Piracy'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt'
+
+config urlbundle 'urlbundle_11'
+	option name 'Porn'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt'
+
+config urlbundle 'urlbundle_12'
+	option name 'Ransomware'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt'
+
+config urlbundle 'urlbundle_13'
+	option name 'Redirect'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt'
+
+config urlbundle 'urlbundle_14'
+	option name 'Scam'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt'
+
+config urlbundle 'urlbundle_15'
+	option name 'Tiktok'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt'
+
+config urlbundle 'urlbundle_16'
+	option name 'Torrent'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt'
+
+config urlbundle 'urlbundle_17'
+	option name 'Tracking'
+	option download_url 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt'
+

urlfilter/files/etc/config/urlfilter

@@ -1,2 +0,0 @@
-config globals globals
-	option enable 0

urlfilter/files/etc/firewall.parentalcontrol

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+. /lib/parentalcontrol/parentalcontrol.sh
+
+# if parentalcontrol is  enabled, add the rules, else remove them
+if [ "$(uci -q get parentalcontrol.globals.enable)" == "1" ]; then
+	# this is for urlfilter daemon
+	add_iptables_nfqueue_rules
+	# this for internet_access and profile_bedtime_schedule sections
+	add_internet_schedule_rules
+else
+	# remove urlfilter daemon rules
+	remove_iptables_nfqueue_rules
+	# remove internet_access and profile_bedtime_schedule rules
+	remove_internet_schedule_rules
+fi

urlfilter/files/etc/init.d/urlfilter

@@ -4,46 +4,12 @@ START=95
 STOP=10
 
 USE_PROCD=1
-NAME=urlfilter
 PROG=/usr/sbin/urlfilter
 
-configure_firewall()
-{
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -ne 0 ]; then
-		# setup netfilter queue 0, use queue bypass so that if no application is
-		# listening to this queue then traffic is unaffected.
-		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		iptables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		# disable acceleration for https packet so that they can be read by urlfilter
-		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
-	fi
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -ne 0 ]; then
-		#ip6table rules
-		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		# disable acceleration for https packet so that they can be read by urlfilter
-		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
-	fi
-
-}
+. /lib/parentalcontrol/parentalcontrol.sh
 
 start_service() {
-	if [ "$(uci -q get urlfilter.globals.enable)" == "1" ]; then
-		configure_firewall
+	if [ "$(uci -q get parentalcontrol.globals.enable)" == "1" ]; then
 		procd_open_instance urlfilter
 		procd_set_param command ${PROG}
 		procd_set_param respawn
@@ -55,43 +21,27 @@ start_service() {
 			sleep 5
 			conntrack -F
 		fi
+
+		# this is for urlfilter daemon
+		add_iptables_nfqueue_rules
+		# this for internet_access and profile_bedtime_schedule sections
+		add_internet_schedule_rules
 	fi
 }
 
 stop_service() {
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -eq 0 ]; then
-		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		iptables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
-	fi
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -eq 0 ]; then
-		#ip6table rules
-		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		ip6tables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
-		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
-	fi
+	# remove urlfilter daemon rules
+	remove_iptables_nfqueue_rules
+	# remove internet_access and profile_bedtime_schedule rules
+	remove_internet_schedule_rules
 }
+
 reload_service() {
 	stop
 	start
 }
 
-
 service_triggers() {
-	procd_add_reload_trigger "urlfilter"
-	procd_add_reload_trigger "firewall"
+	procd_add_reload_trigger "parentalcontrol"
+	procd_add_reload_trigger "schedules"
 }

urlfilter/files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ -f /etc/firewall.parentalcontrol ]; then
+	uci -q get firewall.parentalcontrol >/dev/null || {
+		uci -q set firewall.parentalcontrol=include
+		uci -q set firewall.parentalcontrol.path="/etc/firewall.parentalcontrol"
+		uci -q set firewall.parentalcontrol.reload=1
+	}
+fi
+
+exit 0

urlfilter/files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults

@@ -0,0 +1,132 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+# Convert URL filter to parental control format
+urlfilter_config="/etc/config/urlfilter"
+parentalcontrol_config="/etc/config/parentalcontrol"
+schedules_config="/etc/config/schedules"
+
+# this script only needs to work if urlfilter_config was found
+if [ ! -s "$urlfilter_config" ]; then
+	exit 0
+fi
+
+# reset parentalcontrol_config
+# but schedules might have data other than schedules
+# so append to it
+rm -f "$parentalcontrol_config"
+touch "$parentalcontrol_config"
+
+schedules_enable="$(uci -q get schedules.global.enable)"
+# if no schedules config, then add it
+if [ ! -s "$schedules_config" ]; then
+	touch "$schedules_config"
+	schedules_enable=1
+fi
+
+# Parse globals
+uci -q batch <<EOF
+set parentalcontrol.globals=globals
+set parentalcontrol.globals.enable="$(uci -q get urlfilter.globals.enable)"
+set schedules.global=global
+set schedules.global.enable="$schedules_enable"
+EOF
+
+# Function to handle filter sections
+handle_filter() {
+	local section="$1"
+	local url_list="$2"
+	local profile_name="$3"
+	local access="$4"
+	local profile_name enable start_time duration days filter_profile macaddr_list
+
+	config_get filter_profile "$section" profile
+
+	# if option profile value and profile name match, then
+	if [ "$filter_profile" = "$profile_name" ]; then
+		config_get enable "$section" enable
+		config_get start_time "$section" start_time
+		config_get duration "$section" duration
+		config_get macaddr_list "$section" macaddr
+		config_get days "$section" day
+
+		# Add hosts based on MAC addresses in the filter
+		if [ -n "$macaddr_list" ]; then
+			for macaddr in $macaddr_list; do
+				uci -q add_list parentalcontrol.${profile_name}.host="$macaddr"
+			done
+		fi
+
+		uci -q set parentalcontrol.f_$filter_profile=profile_urlfilter
+		uci -q set parentalcontrol.f_$filter_profile.enable="$enable"
+		uci -q set parentalcontrol.f_$filter_profile.access="$access"
+		uci -q set parentalcontrol.f_$filter_profile.dm_parent="$profile_name"
+
+		# Add URLs one by one as filter_text
+		for url in $url_list; do
+			uci -q add_list parentalcontrol.f_$filter_profile.filter_text="$url"
+		done
+
+		# Add schedule if time restrictions exist
+		if [ -n "$start_time" ] && [ -n "$duration" ] && [ -n "$days" ]; then
+			local schedule_name
+			# declare and assign separately to avoid masking return value
+			schedule_name="$(uci -q add schedules schedule)"
+
+			# if adding schedule was successful, then populate it
+			if [ "$?" -eq 0 ] && [ -n "$schedule_name" ]; then
+				uci -q set schedules.${schedule_name}=schedule
+				uci -q set schedules.${schedule_name}.enable="$enable"
+				uci -q set schedules.${schedule_name}.start="$start_time"
+				uci -q set schedules.${schedule_name}.duration="$duration"
+
+				for day in $days; do
+					uci -q add_list schedules.${schedule_name}.day="$day"
+				done
+
+				# Link schedule to profile_urlfilter
+				uci -q set parentalcontrol.f_$filter_profile.profile_urlfilter_schedule="$schedule_name"
+			fi
+		fi
+	fi
+}
+
+# Function to handle profile sections
+handle_profile() {
+	local section="$1"
+	local profile_name whitelist_urls blacklist_urls
+
+	config_get profile_name "$section" name
+
+	# if name was not set then continue
+	if [ -z "$profile_name" ]; then
+		return
+	fi
+
+	config_get whitelist_urls "$section" whitelist_url
+	config_get blacklist_urls "$section" blacklist_url
+
+	# Create the new profile in parentalcontrol
+	uci -q set parentalcontrol.${profile_name}=profile
+	uci -q set parentalcontrol.${profile_name}.name="$profile_name"
+
+	# Add whitelist/blacklist URLs as filter_text
+	if [ -n "$whitelist_urls" ]; then
+		config_foreach handle_filter filter "$whitelist_urls" "$profile_name" 1  # Whitelist access
+	fi
+	if [ -n "$blacklist_urls" ]; then
+		config_foreach handle_filter filter "$blacklist_urls" "$profile_name" 0  # Blacklist access
+	fi
+}
+
+# Load urlfilter UCI config and iterate through profiles and filters
+config_load "urlfilter"
+config_foreach handle_profile profile
+config_foreach handle_filter filter
+
+# Commit changes
+uci commit parentalcontrol
+uci commit schedules
+
+rm -f "$urlfilter_config"

urlfilter/files/lib/parentalcontrol/parentalcontrol.sh

@@ -0,0 +1,495 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+day=""
+next_days=""
+prev_days=""
+schedule_added=""
+
+ACCESS_RULE=""
+IP_RULE=""
+
+ACL_FILE=""
+parentalcontrol_ipv4_forward=""
+parentalcontrol_ipv6_forward=""
+
+# Function to calculate UTC time and relative day
+get_relative_day() {
+	local hour="$1"
+	local offset="$2"
+	local relative_day="$3"
+	local utc_hour
+
+	# we need to force hours and minutes to be treated as base 10 (decimal)
+	# otherwise shell will treat, for example, 09 as octal
+	# hour=$((10#$hour)) does not work on busybox
+	# so we use another trick
+	hour=$(expr $hour + 0)
+
+	# Extract the sign and the hour part of the offset
+	local sign=${offset:0:1}
+	local offset_hour=${offset:1:2}
+
+	# Adjust hour based on the offset
+	if [ "$sign" = "-" ]; then
+		utc_hour=$((hour + offset_hour))
+	else
+		utc_hour=$((hour - offset_hour))
+	fi
+
+	# Handle overflow/underflow of UTC hours to keep within 0-23 range
+	if [ $utc_hour -lt 0 ]; then
+		if [ "$relative_day" = "today" ]; then
+			relative_day="yesterday"
+		else
+			relative_day="today"
+		fi
+	elif [ $utc_hour -ge 24 ]; then
+		if [ "$relative_day" = "today" ]; then
+			relative_day="tomorrow"
+		else
+			relative_day="tomorrow"
+		fi
+	else
+		if [ "$relative_day" = "tomorrow" ]; then
+			relative_day="tomorrow"
+		else
+			relative_day="today"
+		fi
+	fi
+
+	echo "$relative_day"
+}
+
+get_next_day() {
+	local weekday="$1"
+	case "$weekday" in
+		"Mon"|"Monday") echo "Tuesday"
+		;;
+		"Tue"|"Tuesday") echo "Wednesday"
+		;;
+		"Wed"|"Wednesday") echo "Thursday"
+		;;
+		"Thu"|"Thursday") echo "Friday"
+		;;
+		"Fri"|"Friday") echo "Saturday"
+		;;
+		"Sat"|"Saturday") echo "Sunday"
+		;;
+		"Sun"|"Sunday") echo "Monday"
+		;;
+	esac
+}
+
+get_previous_day() {
+	local weekday="$1"
+	case "$weekday" in
+		"Mon"|"Monday") echo "Sunday"
+		;;
+		"Tue"|"Tuesday") echo "Monday"
+		;;
+		"Wed"|"Wednesday") echo "Tuesday"
+		;;
+		"Thu"|"Thursday") echo "Wednesday"
+		;;
+		"Fri"|"Friday") echo "Thursday"
+		;;
+		"Sat"|"Saturday") echo "Friday"
+		;;
+		"Sun"|"Sunday") echo "Saturday"
+		;;
+	esac
+}
+
+add_access_rule() {
+	local rule_prefix="$1"
+	local start_time="$2"
+	local stop_time="$3"
+	local weekdays="$4"
+	local target="$5"
+	local rule
+	local start_hm stop_hm
+
+	if [ -z "$target" ]; then
+		return
+	fi
+
+	if [ -n "$weekdays" ]; then
+
+		start_hm=$(echo "$start_time" | awk -F: '{ print $1,$2 }' | sed 's/ //')
+		stop_hm=$(echo "$stop_time" | awk -F: '{ print $1,$2 }' | sed 's/ //')
+
+		if [ "$start_hm" = "$stop_hm" ]; then
+			return
+		fi
+
+		rule_prefix="$rule_prefix -m time --timestart $start_time --timestop $stop_time --weekdays $weekdays"
+	fi
+
+	rule="$rule_prefix -j $target"
+
+	echo "iptables -w -A parentalcontrol_forward ${rule}" >> "$ACL_FILE"
+        echo "ip6tables -w -A parentalcontrol_forward ${rule}" >> "$ACL_FILE"
+}
+
+generate_ip_rule() {
+	local utc_start_relative_day="$1"
+	local utc_end_relative_day="$2"
+	local utc_start_time="$3"
+	local utc_stop_time="$4"
+	local target="$5"
+
+	# Handle the cases based on the relation between utc_start_relative_day and utc_end_relative_day
+	if [ "$utc_start_relative_day" = "yesterday" ] && [ "$utc_end_relative_day" = "yesterday" ]; then
+		# Rule for yesterday only
+		add_access_rule "$IP_RULE" "$utc_start_time" "$utc_stop_time" "$prev_days" "$target"
+
+	elif [ "$utc_start_relative_day" = "yesterday" ] && [ "$utc_end_relative_day" = "today" ]; then
+		# Rule for yesterday to today
+		add_access_rule "$IP_RULE" "$utc_start_time" "23:59:59" "$prev_days" "$target"
+		add_access_rule "$IP_RULE" "00:00" "$utc_stop_time" "$day" "$target"
+
+	elif [ "$utc_start_relative_day" = "today" ] && [ "$utc_end_relative_day" = "today" ]; then
+		# Rule for today only
+		add_access_rule "$IP_RULE" "$utc_start_time" "$utc_stop_time" "$day" "$target"
+
+	elif [ "$utc_start_relative_day" = "today" ] && [ "$utc_end_relative_day" = "tomorrow" ]; then
+		# Rule for today to tomorrow
+		add_access_rule "$IP_RULE" "$utc_start_time" "23:59:59" "$day" "$target"
+		add_access_rule "$IP_RULE" "00:00" "$utc_stop_time" "$next_days" "$target"
+
+	elif [ "$utc_start_relative_day" = "tomorrow" ] && [ "$utc_end_relative_day" = "tomorrow" ]; then
+		# Rule for tomorrow only
+		add_access_rule "$IP_RULE" "$utc_start_time" "$utc_stop_time" "$next_days" "$target"
+	else
+		logger -t parental_control "Error: Unhandled case"
+	fi
+}
+
+handle_day_list() {
+	local value=$1
+
+	val=$(echo $value | cut -c 1-3)
+	next_day_val=$(get_next_day $val)
+	prev_day_val=$(get_previous_day $val)
+	if [ -z $day ]; then
+		day="$val"
+		next_days="$next_day_val"
+		prev_days="$prev_day_val"
+	else
+		day="$day,$val"
+		next_days="$next_days,$next_day_val"
+		prev_days="$prev_days,$prev_day_val"
+	fi
+}
+
+handle_schedule() {
+	local schedule_section="$1"
+	local type="$2"
+	local schedule_ref="$3"
+	local local_start_time local_stop_time duration zone_offset local_start_hh local_stop_hh
+	local is_enabled
+	local target
+	local day_config
+	local relative_day_end="today"
+
+	IP_RULE="$ACCESS_RULE"
+	day=""
+	next_days=""
+	prev_days=""
+	local all_days="Monday Tuesday Wednesday Thursday Friday Saturday Sunday"
+
+	zone_offset=$(date +%z)
+
+	if [ "$type" = "profile_bedtime_schedule" ]; then
+		target="DROP"
+
+		config_get local_start_time "$schedule_section" "start_time" "00:00:00"
+		config_get local_stop_time "$schedule_section" "end_time" "23:59:59"
+
+		local_start_hh=$(echo $local_start_time | awk -F: '{ print $1 }')
+		local_stop_hh=$(echo $local_stop_time | awk -F: '{ print $1 }')
+
+		config_get day_config "$schedule_section" "day" "$all_days"
+	else
+		if [ "$schedule_ref" != "$schedule_section" ]; then
+			return
+		fi
+
+		config_get_bool is_enabled "$schedule_section" "enable" 0
+		if [ $is_enabled -eq 0 ]; then
+			return
+		fi
+
+		# for access rules to be effective for a schedule, need to add DROP rule
+		# to block the access outside the defined schedule
+		# therefore, set flag
+		if [ "$schedule_added" = "0" ]; then
+			schedule_added="1"
+		fi
+
+		target="ACCEPT"
+
+		config_get local_start_time "$schedule_section" "start_time" "00:00"
+		config_get duration "$schedule_section" "duration"
+
+		local hh=$(echo $local_start_time | awk -F: '{ print $1 }')
+		local mm=$(echo $local_start_time | awk -F: '{ print $2 }')
+		local hh_s=`expr $hh \* 3600`
+		local mm_s=`expr $mm \* 60`
+		local ss=$(( hh_s + mm_s ))
+		local_start_hh=$hh
+
+		if [ -n "$duration" ]; then
+			local stop_ss rem_ss mm
+			stop_ss=$(( ss + duration ))
+			hh=$(( stop_ss / 3600 ))
+			rem_ss=$(( stop_ss % 3600 ))
+			mm=$(( rem_ss / 60 ))
+			ss=$(( rem_ss % 60 ))
+			local_stop_time="$hh:$mm:$ss"
+			local_stop_hh="$hh"
+		else
+			# if duration is not specified, then apply rule to end of the day
+			local_stop_time="23:59:59"
+			local_stop_hh="23"
+		fi
+
+		config_get day_config "$schedule_section" "day" "$all_days"
+	fi
+
+	IFS=" "
+	for d in $day_config; do
+		handle_day_list $d
+	done
+
+	utc_start_time=$(date -u -d @$(date "+%s" -d "$local_start_time") +%H:%M)
+	utc_start_time="$utc_start_time"
+	utc_stop_time=$(date -u -d @$(date "+%s" -d "$local_stop_time") +%H:%M)
+	utc_stop_time="$utc_stop_time"
+
+	# Determine whether the local end hour crosses midnight
+	if [ "$local_start_hh" -gt "$local_stop_hh" ]; then
+		relative_day_end="tomorrow"
+	fi
+
+	local utc_start_relative_day=$(get_relative_day "$local_start_hh" "$zone_offset" "today")
+	local utc_end_relative_day=$(get_relative_day "$local_stop_hh" "$zone_offset" "$relative_day_end")
+
+	generate_ip_rule "$utc_start_relative_day" "$utc_end_relative_day" "$utc_start_time" "$utc_stop_time" "$target"
+}
+
+# Function that parses input for MAC addresses or hostnames
+parse_macs_or_hostnames() {
+	local input="$1"
+	local lease_file="/tmp/dhcp.leases"
+
+	for item in $input; do
+		case "$item" in
+			??:??:??:??:??:??)
+				# It's a MAC address, print it as is
+				echo "$item"
+				;;
+			*)
+				# Assume it's a hostname and search for its MAC address in the leases file
+				mac=$(awk -v hostname="$item" '$4 == hostname {print $2}' "$lease_file")
+				if [ -n "$mac" ]; then
+					echo "$mac"
+				fi
+				;;
+		esac
+	done
+}
+
+handle_bedtime() {
+	local mac_addresses="$1"
+	local mac
+
+	# if mac addresses are present, then we apply the rule for each mac address
+	# otherwise apply the rule to everybody
+	for mac in $mac_addresses; do
+		ACCESS_RULE="-m mac --mac-source $mac"
+
+		config_foreach handle_schedule profile_bedtime_schedule "profile_bedtime_schedule" ""
+	done
+}
+
+handle_internet_access() {
+	local mac_addresses="$1"
+	local mac
+
+	local access_policy
+	config_get access_policy "$profile_section" "internet_access_policy"
+
+	local schedule_ref
+	config_get schedule_ref "$profile_section" "internet_access_schedule"
+
+	for mac in $mac_addresses; do
+		ACCESS_RULE="-m mac --mac-source $mac"
+
+		# As per Data Model, if access policy is deny, then schedule is to be ignored
+		# and no access is to be provided for the device
+		if [ "$access_policy" = "Deny" ]; then
+			add_access_rule "$ACCESS_RULE" "" "" "" "DROP"
+			continue # no need to parse schedule
+		fi
+
+		schedule_added="0"
+
+		# check if schedule is defined for this profile/internet_access instance
+		# and if yes, create rule accordingly
+		if [ -n "$schedule_ref" ]; then
+			config_load "schedules"
+			config_foreach handle_schedule schedule "schedule" "$schedule_ref"
+		fi
+
+		# for access rule to work, need to have default drop rule as last rule
+		if [ "$schedule_added" = "1" ]; then
+			add_access_rule "$ACCESS_RULE" "" "" "" "DROP"
+		fi
+	done
+}
+
+handle_profile() {
+	local profile_section="$1"
+	local internet_access_enable bedtime_enable hostlist
+
+	config_get hostlist "$profile_section" "host"
+
+	if [ -z "$hostlist" ]; then
+		return
+	fi
+
+	ACCESS_RULE=""
+
+	# convert hostnames to mac addresses if needed
+	# and replace newlines with space because it messes up the for loops in
+	# handle_internet_access and handle_bedtime functions
+	local mac_addresses="$(parse_macs_or_hostnames "${hostlist}" | tr '\n' ' ')"
+
+	# default value of Hosts.AccessControl.{i}.Enable is false,
+	# so, if not defined in uci as 1, assume 0
+	config_get_bool internet_access_enable "$profile_section" "internet_access_enable" 0
+	if [ $internet_access_enable -gt 0 ]; then
+		handle_internet_access "${mac_addresses}"
+		# handle_internet_access may have loaded schedules uci
+		# so, reload parentalcontrol
+		config_load "parentalcontrol"
+	fi
+
+	config_get_bool bedtime_enable "$profile_section" "bedtime_enable" 0
+	if [ $bedtime_enable -gt 0 ]; then
+		handle_bedtime "${mac_addresses}"
+	fi
+
+}
+
+add_internet_schedule_rules() {
+	ACL_FILE="/tmp/parentalcontrol_access_control/access_control.rules"
+
+	rm -f $ACL_FILE
+
+	mkdir -p /tmp/parentalcontrol_access_control/
+	touch $ACL_FILE
+
+	echo "iptables -w -F parentalcontrol_forward" >> $ACL_FILE
+	echo "ip6tables -w -F parentalcontrol_forward" >> $ACL_FILE
+
+	parentalcontrol_ipv4_forward=$(iptables -t filter --list -n | grep parentalcontrol_forward)
+	if [ -z "$parentalcontrol_ipv4_forward" ]; then
+		echo "iptables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
+		ret=$?
+		[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j parentalcontrol_forward" >> $ACL_FILE
+	fi
+
+	parentalcontrol_ipv6_forward=$(ip6tables -t filter --list -n | grep parentalcontrol_forward)
+	if [ -z "$parentalcontrol_ipv6_forward" ]; then
+		echo "ip6tables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
+		ret=$?
+		[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j parentalcontrol_forward" >> $ACL_FILE
+	fi
+
+	# Load /etc/config/parentalcontrol UCI file
+	config_load "parentalcontrol"
+	config_foreach handle_profile "profile"
+
+	# apply the rules
+	sh $ACL_FILE
+}
+
+add_iptables_nfqueue_rules() {
+	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# setup netfilter queue 0, use queue bypass so that if no application is
+		# listening to this queue then traffic is unaffected.
+		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		iptables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+
+	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		#ip6table rules
+		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+}
+
+remove_iptables_nfqueue_rules() {
+	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		iptables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		#ip6table rules
+		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ip6tables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+}
+
+remove_internet_schedule_rules() {
+	# remove from iptables, if chain exists
+	if iptables -w -nL FORWARD|grep -iqE "parentalcontrol_forward"; then
+		iptables -w -t filter -D FORWARD -j parentalcontrol_forward
+		iptables -w -F parentalcontrol_forward
+		iptables -w -X parentalcontrol_forward
+	fi
+	# remove from ip6tables, if chain exists
+	if ip6tables -w -nL FORWARD|grep -iqE "parentalcontrol_forward"; then
+		ip6tables -w -t filter -D FORWARD -j parentalcontrol_forward
+		ip6tables -w -F parentalcontrol_forward
+		ip6tables -w -X parentalcontrol_forward
+	fi
+}

wifimngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifimngr
-PKG_VERSION:=16.2.1.6
+PKG_VERSION:=16.2.1.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=fd400a6e8e7f8401772b22e994fd8fb936dd093f
+PKG_SOURCE_VERSION:=5cf099ca4d34a5ba1b516bc8f8735706025e7e49
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/wifimngr.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

xmppc/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xmppc
-PKG_VERSION:=2.2.3.1
+PKG_VERSION:=2.2.3.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/xmppc.git
-PKG_SOURCE_VERSION:=79e597c2b444d4eced1e68f6c6a6c176aa4c2efa
+PKG_SOURCE_VERSION:=9f100e3334c1cb62dbffa779a1a5aef9c186355d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif