ieee1905: 8.7.40

(cherry picked from commit 9101095a0a)

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.17.6
+PKG_VERSION:=1.16.6.6
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=c9af4e50cef5336e7842578d3d10f1f7bce2d8b0
+PKG_SOURCE_VERSION:=6317266bdfb0180d75ed2dd830e108f09fe2526a
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -107,7 +107,7 @@ endif
 
 CMAKE_OPTIONS += \
 	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
-	-DBBFDMD_MAX_MSG_LEN:Integer=10485760 \
+	-DBBFDMD_MAX_MSG_LEN:Integer=20971520 \
 	-DCMAKE_BUILD_TYPE:String="Debug" \
 
 

bbfdm/files/etc/init.d/bbf_configd

@@ -10,10 +10,19 @@ log() {
 	echo "${@}"|logger -t bbf.config -p info
 }
 
+create_needed_directories()
+{
+	mkdir -p /tmp/bbfdm/.cwmp
+	mkdir -p /tmp/bbfdm/.usp
+	mkdir -p /tmp/bbfdm/.bbfdm
+}
+
 start_service()
 {
 	local log_level
 
+	create_needed_directories
+
 	config_load bbfdm
 	config_get log_level "reload_handler" log_level 2
 

bridgemngr/Makefile

@@ -5,14 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.1.1
+PKG_VERSION:=1.0.18.2
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
-PKG_SOURCE_VERSION:=b6a657e1c83b49f09323b4012ef229c604b82854
+PKG_SOURCE_VERSION:=71ed529be038392071b0399bcfe9d46e89d3cb46
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.1.10
+PKG_VERSION:=6.2.1.14
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=c9fad0fafad290bc19b7ad1a8e6c7e2cc4f55ad1
+PKG_SOURCE_VERSION:=d9ff69760bc34dd3928fa784dfb3116bfe3f95af
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.11
+PKG_VERSION:=3.7.10
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=815ee44808169b8e1efa2cac44bd7d238ad33cdc
+PKG_SOURCE_VERSION:=1f851980a6ba616df54f79930225f8bcd563b711
 PKG_MIRROR_HASH:=skip
 endif
 

dhcpmngr/Config.in

@@ -0,0 +1,12 @@
+if PACKAGE_dhcpmngr
+
+config DHCPMNGR_ENABLE_VENDOR_EXT
+	bool "Use datamodel vendor extensions"
+	default y
+	help
+	   Set this option to use bridge BBF vendor extensions.
+
+config DHCPMNGR_VENDOR_PREFIX
+	string "Package specific datamodel Vendor Prefix for TR181 extensions"
+	default ""
+endif

dhcpmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dhcpmngr
-PKG_VERSION:=1.0.6
+PKG_VERSION:=1.0.10
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
-PKG_SOURCE_VERSION:=986f66608959f4f589009d580b046e250d8c620d
+PKG_SOURCE_VERSION:=e238e47fa13153c5b1890056b0d09c65879de8c5
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -39,6 +39,22 @@ define Package/dhcpmngr/description
   Package to add Device.DHCPv4. and Device.DHCPv6. data model support.
 endef
 
+define Package/$(PKG_NAME)/config
+        source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(CONFIG_DHCPMNGR_ENABLE_VENDOR_EXT),y)
+MAKE_FLAGS += DHCPMNGR_ENABLE_VENDOR_EXT=y
+endif
+
+ifeq ($(CONFIG_DHCPMNGR_VENDOR_PREFIX),"")
+VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
+else
+VENDOR_PREFIX = $(CONFIG_DHCPMNGR_VENDOR_PREFIX)
+endif
+
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/dhcpmngr/* $(PKG_BUILD_DIR)/

dmcli-plugins/Makefile

@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2023 Genexis Netherlands B.V. All rights reserved.
+# This Software and its content are protected by the Dutch Copyright Act
+# ('Auteurswet'). All and any copying and distribution of the software
+# and its content without authorization by Genexis Netherlands B.V. is
+# prohibited. The prohibition includes every form of reproduction and
+# distribution.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmcli-plugins
+PKG_LICENSE:=PROPRIETARY GENEXIS
+PKG_VERSION:=2.2.6
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli-plugin-easydm.git
+PKG_SOURCE_VERSION:=bc8b8527e8a41bdba73cb277a3c6c3b42b045153
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dmcli-plugins
+  SECTION:=tools
+  CATEGORY:=Genexis
+  TITLE:=Easy-to-use data model on top of TR181
+  URL:=http://genexis.eu
+  DEPENDS:=+dmcli
+endef
+
+define Package/dmcli-plugins/description
+  EasyDM offers a user-friendly approach to configuring TR-181
+  simplifying the process with its intuitive interface.
+endef
+
+define Build/Compile
+	true
+endef
+
+define Package/dmcli-plugins/install
+	$(INSTALL_DIR) $(1)/usr/lib/dmcli/plugins
+	$(CP) $(PKG_BUILD_DIR)/src/*.js $(1)/usr/lib/dmcli/plugins/
+endef
+
+$(eval $(call BuildPackage,dmcli-plugins))

dmcli/Config.in

@@ -0,0 +1,9 @@
+if PACKAGE_dmcli
+
+config DMCLI_REMOTE_CONNECTION
+        bool "Add dmcli remote controller configuration"
+        default n
+        help
+                This adds a usp controller configuration for dmcli remote connection from different machine/laptop/server.
+
+endif

dmcli/Makefile

@@ -0,0 +1,75 @@
+#
+# Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
+# This Software and its content are protected by the Dutch Copyright Act
+# ('Auteurswet'). All and any copying and distribution of the software
+# and its content without authorization by Genexis Netherlands B.V. is
+# prohibited. The prohibition includes every form of reproduction and
+# distribution.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmcli
+PKG_LICENSE:=PROPRIETARY GENEXIS
+PKG_VERSION:=1.9.4
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli.git
+PKG_SOURCE_VERSION:=2139e81d0faca09fe1832c503297ef75ea76d6eb
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dmcli
+  SECTION:=tools
+  CATEGORY:=Genexis
+  TITLE:=DMCLI (datamodel-based CLI)
+  URL:=http://genexis.eu
+  DEPENDS:=+usp-js +DMCLI_REMOTE_CONNECTION:mosquitto-auth-plugin +shadow-utils +@BUSYBOX_CONFIG_ADDUSER
+endef
+
+define Package/dmcli/description
+  CLI to view and configure datamodels of CPE
+endef
+
+define Package/dmcli/conffiles
+/etc/dmcli/dmcli.conf
+endef
+
+define Package/dmcli/config
+	source "$(SOURCE)/Config.in"
+endef
+
+define Package/dmcli/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dmcli $(1)/usr/bin/
+
+	$(INSTALL_DIR) $(1)/usr/lib/dmcli
+	$(CP) $(PKG_BUILD_DIR)/common $(1)/usr/lib/dmcli/
+	mv $(1)/usr/lib/dmcli/common/os_qjs.js $(1)/usr/lib/dmcli/common/os.js
+	rm $(1)/usr/lib/dmcli/common/os_node.js
+	$(CP) $(PKG_BUILD_DIR)/core $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/cli $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/data $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/plugins $(1)/usr/lib/dmcli/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli $(1)/etc/uci-defaults/
+ifeq ($(CONFIG_DMCLI_REMOTE_CONNECTION),y)
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote $(1)/etc/uci-defaults/
+else
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote-remove $(1)/etc/uci-defaults/
+endif
+
+	$(INSTALL_DIR) $(1)/etc/dmcli
+	$(CP) ./files/etc/dmcli/dmcli.acl $(1)/etc/dmcli/
+	$(CP) ./files/etc/dmcli/dmcli.conf $(1)/etc/dmcli/
+
+	$(INSTALL_DIR) $(1)/etc/users/roles/
+	$(INSTALL_DATA) ./files/etc/users/roles/operator.json $(1)/etc/users/roles/
+endef
+
+$(eval $(call BuildPackage,dmcli))

dmcli/files/etc/dmcli/dmcli.acl

@@ -0,0 +1,4 @@
+user operator
+topic read /usp/operator/controller/reply-to
+topic read /usp/operator/controller
+topic write /usp/operator/endpoint

dmcli/files/etc/dmcli/dmcli.conf

@@ -0,0 +1,45 @@
+{
+   "Settings": {
+      "USP": {
+         "ActiveConnectionProfile": "local",
+         "ConnectionProfile": [
+            {
+               "Name": "local",
+               "Host": "127.0.0.1",
+               "Port": 9002,
+               "Username": "operator",
+               "Protocol": "ws",
+               "FromId": "oui:000F94:device-controller-operator",
+               "PublishEndpoint": "/usp/operator/endpoint",
+               "SubscribeEndpoint": "/usp/operator/controller"
+            }
+         ],
+         "Session": {
+            "AutoStart": false
+         },
+         "Notification": {
+            "LogTo": "console",
+            "Format": "brief",
+            "LogFile": "usp-notification.log"
+         }
+      },
+      "CLI": {
+         "Home": "/",
+         "Color": "true",
+         "Mode": "Command",
+         "ShowCommandTime": false,
+         "SortDMTree": false
+      },
+      "Prompt": {
+         "Auto": true,
+         "Color": "default",
+         "SelectedBackgroundColor": "yellow",
+         "PageSize": "3",
+         "AutoPromptOnEmptyCommand": false,
+         "AutoPromptInstanceNumbers": false
+      },
+      "Log": {
+         "Level": "Error"
+      }
+   }
+}

dmcli/files/etc/uci-defaults/36-dmcli

@@ -0,0 +1,120 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /lib/functions/iopsys-environment.sh
+. /usr/share/libubox/jshn.sh
+
+DMCLI_CONF="/etc/dmcli/dmcli.conf"
+CONTROLLER_ID='oui:000F94:device-controller-operator'
+DMCLI_RESP_TOPIC="/usp/operator/endpoint"
+DMCLI_CTRL_TOPIC="/usp/operator/controller"
+DMCLI_PORT="9002"
+
+grep -q "^operator:" /etc/passwd || {
+	adduser -g 'Operator' -D -H -s /usr/bin/dmcli --home '/usr/lib/dmcli' 'operator'
+	hash=""
+	if type get_operator_password_hash > /dev/null 2>&1; then
+		hash=$(get_operator_password_hash)
+	fi
+	if [ -z "$hash" ]; then
+		hash='$6$zP4Wk/VQJOLwwofC$teuhnYFQBcA8YUZo/Q0quDMi4SsOHmfBcyvt5VNchPnzgwF1nfNNliC3yBVW22NwmwttPEWeBEBfnMTBB0rYs/'
+	fi
+	echo "operator:${hash}" | chpasswd -e
+}
+
+grep -q "^/usr/bin/dmcli$" /etc/shells || {
+	echo '/usr/bin/dmcli' >> /etc/shells
+}
+
+uci -q del_list sshd.@sshd[0].AllowUsers='operator'
+uci -q add_list sshd.@sshd[0].AllowUsers='operator'
+
+uci -q delete users.operator
+uci -q set users.operator=user
+uci -q set users.operator.enabled=1
+uci -q set users.operator.shell='dmcli'
+uci -q set users.operator.member_roles='operator'
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_add mosquitto listener dmcli_local
+	uci_set mosquitto dmcli_local enabled 1
+	uci_set mosquitto dmcli_local port "${DMCLI_PORT}"
+	uci_set mosquitto dmcli_local protocol 'websockets'
+	uci_set mosquitto dmcli_local acl_file '/etc/dmcli/dmcli.acl'
+	uci_set mosquitto dmcli_local no_remote_access '1'
+	uci_set mosquitto dmcli_local allow_anonymous '1'
+fi
+
+if [ -f "/etc/config/obuspa" ]; then
+	uci_add obuspa mqtt mqtt_operator
+	uci_set obuspa mqtt_operator BrokerAddress '127.0.0.1'
+	uci_set obuspa mqtt_operator BrokerPort '1883'
+	uci_set obuspa mqtt_operator TransportProtocol 'TCP/IP'
+
+	uci_add obuspa mtp mtp_operator
+	uci_set obuspa mtp_operator Protocol 'MQTT'
+	uci_set obuspa mtp_operator ResponseTopicConfigured "${DMCLI_RESP_TOPIC}"
+	uci_set obuspa mtp_operator mqtt 'mqtt_operator'
+
+	uci_add obuspa controller controller_operator
+	uci_set obuspa controller_operator EndpointID "${CONTROLLER_ID}"
+	uci_set obuspa controller_operator Protocol 'MQTT'
+	uci_set obuspa controller_operator Topic "${DMCLI_CTRL_TOPIC}"
+	uci_set obuspa controller_operator mqtt 'mqtt_operator'
+	uci_set obuspa controller_operator assigned_role_name 'operator'
+fi
+
+_get_endpoint_id() {
+	local id serial oui
+
+	id="$(uci -q get obuspa.localagent.EndpointID)"
+	if [ -n "${id}" ]; then
+		echo "${id}"
+		return 0
+	fi
+
+	serial="$(db -q get device.deviceinfo.SerialNumber)"
+	oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+
+	echo "os::${oui}-${serial//+/%2B}"
+}
+
+update_dmcli_conf() {
+	local endpointid confTmpFile
+	local port fromid publish subscribe toid
+
+	if [ -f "${DMCLI_CONF}" ]; then
+		endpointid="$(_get_endpoint_id)"
+		json_load_file "${DMCLI_CONF}" || return
+		json_select "Settings" || return
+			json_select "USP" || return
+				json_select "ConnectionProfile" || return
+					json_select "1" || return
+						json_get_var port "Port"
+						json_get_var fromid "FromId"
+						json_get_var publish "PublishEndpoint"
+						json_get_var subscribe "SubscribeEndpoint"
+						json_get_var toid "ToId"
+
+						json_add_int "Port" "${DMCLI_PORT}"
+						json_add_string "FromId" "${CONTROLLER_ID}"
+						json_add_string "PublishEndpoint" "${DMCLI_RESP_TOPIC}"
+						json_add_string "SubscribeEndpoint" "${DMCLI_CTRL_TOPIC}"
+						json_add_string "ToId" "${endpointid}"
+					json_select ..
+				json_select ..
+			json_select ..
+		json_select ..
+
+		if [ "${port}" != "${DMCLI_PORT}" ] || [ "${fromid}" != "${CONTROLLER_ID}" ] || \
+			[ "${publish}" != "${DMCLI_RESP_TOPIC}" ] || [ "${subscribe}" != "${DMCLI_CTRL_TOPIC}" ] || \
+			[ "${toid}" != "${endpointid}" ]; then
+			confTmpFile="$(mktemp -u -p "$(dirname "$DMCLI_CONF")" "$(basename "$DMCLI_CONF").XXXXXXX")"
+			json_pretty
+			json_dump > "${confTmpFile}" || return
+			mv -f "${confTmpFile}" "${DMCLI_CONF}" || return
+		fi
+	fi
+}
+
+update_dmcli_conf || exit

dmcli/files/etc/uci-defaults/36-dmcli-remote

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_add mosquitto listener dmcli
+	uci_set mosquitto dmcli enabled 1
+	uci_set mosquitto dmcli port '9003'
+	uci_set mosquitto dmcli protocol 'websockets'
+	uci_set mosquitto dmcli auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
+	uci_set mosquitto dmcli acl_file '/etc/dmcli/dmcli.acl'
+fi
+
+exit 0

dmcli/files/etc/uci-defaults/36-dmcli-remote-remove

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_remove mosquitto dmcli
+fi
+
+exit 0

dmcli/files/etc/users/roles/operator.json

@@ -0,0 +1,14 @@
+{
+  "tr181": {
+    "name": "operator",
+    "instance": 6,
+    "permission": [
+      {
+        "object": "Device.",
+        "perm": [
+          "PERMIT_ALL"
+        ]
+      }
+    ]
+  }
+}

dmcli/src/Makefile

@@ -0,0 +1,7 @@
+all: dmcli
+
+dmcli: main.c
+	$(CC) $(CFLAGS) -Wall -Werror -o $@ $^
+
+clean:
+	rm -f dmcli

dmcli/src/main.c

@@ -0,0 +1,32 @@
+/*
+* Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
+* This Software and its content are protected by the Dutch Copyright Act
+* ('Auteurswet'). All and any copying and distribution of the software
+* and its content without authorization by Genexis Netherlands B.V. is
+* prohibited. The prohibition includes every form of reproduction and
+* distribution.
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+/* C Wrapper for operator to login to the CLI via ssh: the shell in
+ * the passwd file cannot be a script that requires an interpreter. */
+int main(int argc, char *argv[])
+{
+	char *cmd[3 + (argc > 1 ? argc - 1 : 0)];
+
+	cmd[0] = "/usr/bin/qjs";
+	cmd[1] = "/usr/lib/dmcli/cli/main.js";
+	cmd[2] = NULL;
+
+	if (argc > 1) {
+		memcpy(&cmd[2], &argv[1], (argc - 1) * sizeof(char *));
+		cmd[2 + argc - 1] = NULL;
+	}
+
+	execv(cmd[0], cmd);
+	fprintf(stderr, "%s: command not found\n", cmd[0]);
+	return 127;
+}

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.18
+PKG_VERSION:=1.0.20
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=80fa147e6f1f0d9c1a62a62a693ff3adaef45363
+PKG_SOURCE_VERSION:=448d278734a824f9d4ad1e7a55acd16c222d4c7e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

dslmngr/files/airoha/sbin/xdsl_wan

@@ -5,6 +5,8 @@ source "/lib/functions/network.sh"
 source "/lib/functions/system.sh"
 
 PREVLINK=""
+LINK=""
+LINKSPEED=""
 PREVWANMODE=""
 WANMODE=""
 CONFIGURED=0
@@ -150,6 +152,12 @@ while [ true ]; do
 
 	if [ "$LINK" != "$PREVLINK" -a \( "$LINK" = "down" -o "$LINK" = "up" \) ]; then
 		if [ "$LINK" = "down" ]; then
+			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
+				rm -rf /tmp/qos/wan_link_shape_rate
+				rm -rf /tmp/qos/wan_link_speed
+				/usr/sbin/qos-uplink-bandwidth
+			fi
+
 			[ "$CONFIGURED" -eq 0 ] && configure_lines # Needs to be done once the slave SoC is in down state and we've not been able to auto-sync.
 			if [ -n "$WANMODE" ]; then
 				if [ "$WANMODE" = "PTM" ]; then
@@ -226,6 +234,26 @@ while [ true ]; do
 
 			call_wan_hotplug "up" "$WANPORT"
 			PREVWANMODE="$WANMODE"
+
+			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
+				LINKSPEED="$(awk '/far-end interleaved channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
+				LINKSPEED=$((LINKSPEED))
+				if [ "$LINKSPEED" -eq 0 ]; then
+					LINKSPEED="$(awk '/far-end fast channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
+					LINKSPEED=$((LINKSPEED))
+				fi
+
+				if [ "$LINKSPEED" -ne 0 ]; then
+					mkdir -p /tmp/qos
+					touch /tmp/qos/wan_link_shape_rate
+
+					/userfs/bin/qosrule discpline Rate uplink-bandwidth ${LINKSPEED}
+					hw_nat -! > /dev/null 2>&1
+				else
+					rm -rf /tmp/qos/wan_link_speed
+					/usr/sbin/qos-uplink-bandwidth
+				fi
+			fi
 		fi
 
 		# Toggle link state

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.1.0
+PKG_VERSION:=3.0.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=da6b25430123f03a74b59369b36dc4a777207d3f
+PKG_SOURCE_VERSION:=0bcfd98d64b5bd8d3162944e2abd5740f9bf4b92
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

firewallmngr/Config.in

@@ -8,5 +8,11 @@ config FIREWALLMNGR_PORT_TRIGGER
 	help
 	   Set this option to include support for PortTrigger object.
 
+config FIREWALLMNGR_NAT_INTERFACE_SETTING
+	bool "Include Device.NAT.InterfaceSetting"
+	default y
+	help
+	   Set this option to include support for NAT InterfaceSetting object.
+
 endmenu
 endif

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.10
+PKG_VERSION:=1.0.9.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=05ad0d6f7f21520eecd05429c14d1963de2a8463
+PKG_SOURCE_VERSION:=02dc90c48d996148b68d02632bac13a28d75cf25
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -52,6 +52,10 @@ ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
 	TARGET_CFLAGS += -DINCLUDE_PORT_TRIGGER
 endif
 
+ifeq ($(CONFIG_FIREWALLMNGR_NAT_INTERFACE_SETTING),y)
+	TARGET_CFLAGS += -DINCLUDE_NAT_IF_SETTING
+endif
+
 define Package/firewallmngr/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults

fluent-bit/patches/0030-kmsg_pri_as_string.patch

@@ -1,20 +0,0 @@
-diff --git a/plugins/in_kmsg/in_kmsg.c b/plugins/in_kmsg/in_kmsg.c
-index cd5c4cd17..04bbe2b2e 100644
---- a/plugins/in_kmsg/in_kmsg.c
-+++ b/plugins/in_kmsg/in_kmsg.c
-@@ -182,11 +182,14 @@ static inline int process_line(const char *line,
-                 &ts);
-     }
- 
-+    char priority_str[4] = {0}; /* enough for "255" + NUL */
-+    snprintf(priority_str, sizeof(priority_str), "%u", (unsigned char) priority);
-+
-     if (ret == FLB_EVENT_ENCODER_SUCCESS) {
-         ret = flb_log_event_encoder_append_body_values(
-                 &ctx->log_encoder,
-                 FLB_LOG_EVENT_CSTRING_VALUE("priority"),
--                FLB_LOG_EVENT_CHAR_VALUE(priority),
-+                FLB_LOG_EVENT_STRING_VALUE(priority_str, strlen(priority_str)),
- 
-                 FLB_LOG_EVENT_CSTRING_VALUE("sequence"),
-                 FLB_LOG_EVENT_UINT64_VALUE(sequence),

gateway-info/files/etc/udhcpc.user.d/udhcpc_gateway_info.user

@@ -40,22 +40,22 @@ get_vivsoi() {
 
 	#hex-string 2 character=1 Byte
 	# length in hex string will be twice of actual Byte length
-	[ "${len}" -gt 8 ] || return
+	[ "$len" -gt "8" ] || return
 
 	data="${opt125}"
 	rem_len="${len}"
-	while [ "${rem_len}" -gt 0 ]; do
+	while [ $rem_len -gt 0 ]; do
 		ent_id=${data:0:8}
 		ent_id=$(printf "%d\n" "0x$ent_id")
 
-		if [ "${ent_id}" -ne  3561 ]; then
+		if [ $ent_id -ne  3561 ]; then
 			len_val=${data:8:2}
 			data_len=$(printf "%d\n" "0x$len_val")
 			# add 4 byte for ent_id and 1 byte for len
 			data_len=$(( data_len * 2 + 10 ))
 			# move ahead data to next enterprise id
 			data=${data:"${data_len}":"${rem_len}"}
-			rem_len=$(( rem_len - data_len ))
+			rem_len=$(( rem_len - $data_len ))
 			continue
 		fi
 
@@ -66,7 +66,7 @@ get_vivsoi() {
 		data_len=$(( data_len * 2 + 10 ))
 
 		opt_len=$(printf "%d\n" "0x$len_val")
-		[ "${opt_len}" -eq 0 ] && return
+		[ $opt_len -eq 0 ] && return
 
 		# populate the option data of enterprise id
 		sub_data_len=$(( opt_len * 2))
@@ -74,7 +74,7 @@ get_vivsoi() {
 		sub_data=${data:10:"${sub_data_len}"}
 
 		# parsing of suboption of option 125
-		while [ "${sub_data_len}" -gt 0 ]; do
+		while [ $sub_data_len -gt 0 ]; do
 			# get the suboption id
 			sub_opt_id=${sub_data:0:2}
 			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
@@ -85,20 +85,20 @@ get_vivsoi() {
 			sub_opt_len=$(( sub_opt_len * 2 ))
 
 			# get the value of sub option starting 4 means starting after length
-			sub_opt_val=${sub_data:4:"${sub_opt_len}"}
+			sub_opt_val=${sub_data:4:${sub_opt_len}}
 
 			# assign the value found in sub option
 			case "${sub_opt_id}" in
 				"4")
-				OUI=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				OUI=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				GW_DISCOVERED=1
 				;;
 				"5")
-				SERIAL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				SERIAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				GW_DISCOVERED=1
 				;;
 				"6")
-				CLASS=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				CLASS=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				GW_DISCOVERED=1
 				;;
 			esac
@@ -110,7 +110,7 @@ get_vivsoi() {
 			sub_data_len=$((sub_data_len - sub_opt_end))
 
 			# fetch next sub option hex string
-			sub_data=${sub_data:"${sub_opt_end}":"${sub_data_len}"}
+			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
 		done
 
 		# move ahead data to next enterprise id
@@ -131,13 +131,15 @@ send_host_query() {
 		sleep 5
 
 		json_load "$(ubus call umdns browse)"
-		if ! json_select discovered_services; then
+		json_select discovered_services
+		if [ "${?}" -ne 0 ]; then
 			json_cleanup
 			loop=$(( loop - 1 ))
 			continue
 		fi
 
-		if ! json_select _usp-agt-mqtt._tcp; then
+		json_select _usp-agt-mqtt._tcp
+		if [ "${?}" -ne 0 ]; then
 			json_cleanup
 			loop=$(( loop - 1 ))
 			continue
@@ -154,7 +156,7 @@ send_host_query() {
 
 	json_get_keys keys
 	for key in $keys; do
-		json_select "${key}"
+		json_select $key
 		json_get_var _host host ""
 
 		if [ -z "${_host}" ] || [[ "${sent_host}" =~ " ${_host}" ]]; then
@@ -164,10 +166,9 @@ send_host_query() {
 
 		sent_host="${sent_host} ${_host}"
 		cmd="ubus call umdns query '{\"question\":\"$_host\",\"interface\":\"$intf\"}'"
-		sh -c "${cmd}"
+		eval $cmd
 		resp=0
 		json_select ..
-		sleep 2 # umdns query sometime takes time to resolve so adding some sleep
 	done
 
 	json_cleanup
@@ -184,29 +185,32 @@ get_usp_agent_id() {
 	fi
 
 	json_load "$(ubus call umdns browse)"
-	if ! json_select discovered_services; then
+	json_select discovered_services
+	if [ "${?}" -ne 0 ]; then
 		json_cleanup
-		echo "${ID}"
+		echo ${ID}
 		return 0
 	fi
 
-	if ! json_select _usp-agt-mqtt._tcp; then
+	json_select _usp-agt-mqtt._tcp
+	if [ "${?}" -ne 0 ]; then
 		json_cleanup
-		echo "${ID}"
+		echo ${ID}
 		return 0
 	fi
 
 	json_get_keys keys
 	for key in $keys; do
-		json_select "${key}"
-		if ! json_select "${family}"; then
+		json_select $key
+		json_select $family
+		if [ "${?}" -ne 0 ]; then
 			json_select ..
 			continue
 		fi
 
 		json_get_keys ips
 		for ip in $ips; do
-			json_get_var ip_val "${ip}"
+			json_get_var ip_val $ip
 			if [ "${ip_val}" != "${dhcp_ip}" ]; then
 				continue
 			fi
@@ -215,8 +219,8 @@ get_usp_agent_id() {
 			json_select txt
 			json_get_keys txts
 			for _txt in $txts; do
-				json_get_var text_val "${_txt}"
-				if [[ "${text_val:0:3}" = "ID=" ]]; then
+				json_get_var text_val $_txt
+				if [[ "${text_val:0:3}" == "ID=" ]]; then
 					ID="${text_val:3}"
 					break
 				fi
@@ -234,16 +238,16 @@ get_usp_agent_id() {
 	done
 
 	json_cleanup
-	echo "${ID}"
+	echo ${ID}
 }
 
 get_mac_address() {
 	ip="${1}"
 	device="${2}"
 
-	mac=$(grep "${ip}" /proc/net/arp | awk '{print $4}')
+	mac="$(cat /proc/net/arp | grep $ip | awk '{print $4}')"
 	if [ -z "${mac}" ]; then
-		arp_resp=$(arping -b -f -c 5 -I "${device}" "${ip}" | grep 'Unicast reply from' | awk '{print $5}')
+		arp_resp="$(arping -b -f -c 5 -I $device $ip | grep 'Unicast reply from' | awk '{print $5}')"
 		if [ -n "${arp_resp}" ]; then
 			mac=${arp_resp:1:-1}
 		fi
@@ -256,7 +260,7 @@ send_unknown_gw_event() {
 	mac="${1}"
 
 	cmd="ubus -t 5 send gateway-info.gateway.unknown '{\"hwaddr\":\"$mac\"}'"
-	sh -c "${cmd}"
+	eval $cmd
 }
 
 send_cwmp_gw_event() {
@@ -265,14 +269,14 @@ send_cwmp_gw_event() {
 	serial="${3}"
 
 	cmd="ubus -t 5 send gateway-info.gateway.cwmp '{\"oui\":\"$oui\",\"class\":\"$class\",\"serial\":\"$serial\"}'"
-	sh -c "${cmd}"
+	eval $cmd
 }
 
 send_usp_gw_event() {
 	endpoint="${1}"
 
 	cmd="ubus -t 5 send gateway-info.gateway.usp '{\"endpoint\":\"$endpoint\"}'"
-	sh -c "${cmd}"
+	eval $cmd
 }
 
 config_load gateway
@@ -283,13 +287,13 @@ if [ "${enable}" -eq 0 ]; then
 	return 0
 fi
 
-if [ "${wan_intf}" = "${INTERFACE}" ]; then
-	if [ "${1}" = "deconfig" ]; then
+if [ "${wan_intf}" == "${INTERFACE}" ]; then
+	if [ "${1}" == "deconfig" ]; then
 		rm -rf /var/state/gwinfo
 		return 0
 	fi
 
-	json_load "$(ifstatus "${INTERFACE}")"
+	json_load "$(ifstatus ${INTERFACE})"
 	json_get_var dev_name device ""
 	json_select data
 	json_get_var dhcp_ip dhcpserver ""
@@ -299,7 +303,7 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		return 0
 	fi
 
-	MAC=$(get_mac_address "${dhcp_ip}" "${dev_name}")
+	MAC="$(get_mac_address $dhcp_ip $dev_name)"
 
 	mkdir -p /var/state
 	touch /var/state/gwinfo
@@ -322,8 +326,8 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		return 0
 	fi
 
-	len=$(echo -n "${opt125}" | wc -c)
-	get_vivsoi "${opt125}" "${len}"
+	len=$(printf "$opt125"|wc -c)
+	get_vivsoi "$opt125" "$len"
 
 	if [ "${GW_DISCOVERED}" -eq 0 ]; then
 		send_unknown_gw_event "${MAC}"
@@ -337,18 +341,19 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 	uci -q -c /var/state commit gwinfo
 
 	# Check for USP parameters
-	if ! ubus -t 15 wait_for umdns; then
+	ubus -t 15 wait_for umdns
+	if [ "${?}" -ne 0 ]; then
 		send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
 		return 0
 	fi
 
-	resp=$(send_host_query "${dev_name}")
+	resp=$(send_host_query $dev_name)
 	if [ "${resp}" -ne 0 ]; then
 		send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
 		return 0
 	fi
 
-	ID=$(get_usp_agent_id "${dhcp_ip}")
+	ID="$(get_usp_agent_id $dhcp_ip)"
 	if [ -z "${ID}" ]; then
 		send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
 		return 0

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.3.1
+PKG_VERSION:=1.3.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=3663ca4d001508509774115d6797b932f9ed4f69
+PKG_SOURCE_VERSION:=624fee52af9cce08c6c69a5f7dd2191691d61aa8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.10.0
+PKG_VERSION:=9.9.9.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=b4db243c1d057d0242a4badae53e9c57e442d27a
+PKG_SOURCE_VERSION:=cef78dc528690386caac5a7ff6c1afca6dd3d315
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -84,6 +84,7 @@ define Package/icwmp/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
+	$(INSTALL_BIN) ./files/etc/uci-defaults/50-cwmp-align-keep-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/

icwmp/files/etc/config/cwmp

@@ -31,6 +31,7 @@ config cpe 'cpe'
 	option bind_retries '5'
 	option userid '' #$OUI-$SER
 	option passwd ''
+	option port '7547'
 	option provisioning_code ''
 	option amd_version '5'
 	# compression possible configs: InstanceNumber, InstanceAlias
@@ -42,7 +43,9 @@ config cpe 'cpe'
 	option periodic_notify_interval '10'
 	option incoming_rule 'Port_Only'
 	option active_notif_throttle '0'
-	option fw_upgrade_keep_settings '1'
+	#option KeepConfig '1'
+	#option KeepOpConf '1'
+	#option ConfigScope 'UserOnly'
 	option clock_sync_timeout '128'
 	option disable_datatype_check '0'
 	#list allowed_cr_ip '10.5.1.0/24'

icwmp/files/etc/icwmpd/firewall.cwmp

@@ -133,56 +133,9 @@ add_firewall_rule() {
 	fi
 }
 
-remove_port_protection() {
-	local enabled chain rule rule_num
-
-	config_get enabled "${1}" "${2}"
-
-	if [ "${enabled}" -eq 1 ]; then
-		config_get zonename "$1" name
-		[ -n "$zonename" ] || return 0
-
-		chain='prerouting_'$zonename'_rule'
-
-		while rule=$(iptables -w -t nat -nL "$chain" --line-numbers | grep -m 1 -w CWMP_Port_protection); do
-			rule_num=${rule%%[$' \t']*}
-			iptables -w -t nat -D "$chain" "$rule_num"
-		done
-	fi
-}
-
-cleanup_port_protection() {
-	config_load firewall
-	config_foreach remove_port_protection zone masq
-}
-
-install_port_protection() {
-	local PORT="${3}"
-	local enabled zonename chain
-
-	config_get enabled "${1}" "${2}"
-
-	if [ "${enabled}" -eq 1 ]; then
-		config_get zonename "${1}" name
-		[ -n "$zonename" ] || return 0
-
-		chain='prerouting_'$zonename'_rule'
-
-		iptables -w -t nat -I "$chain" -p tcp --dport "$PORT" -j ACCEPT -m comment --comment=CWMP_Port_protection
-		iptables -w -t nat -I "$chain" -p udp --dport "$PORT" -j ACCEPT -m comment --comment=CWMP_Port_protection
-	fi
-}
-
-add_port_protection() {
-	config_load firewall
-	config_foreach install_port_protection zone masq "${1}"
-}
-
 configure_connection_req_rules() {
 	app="${1}"
 
-	cleanup_port_protection
-
 	wan="$(uci -q get cwmp.cpe.default_wan_interface)"
 	wan="${wan:-wan}"
 
@@ -222,11 +175,8 @@ configure_connection_req_rules() {
 		fi
 	fi
 
-	port=$(uci -q -c /var/state get icwmp.cpe.port)
-	if [ -z "${port}" ]; then
-		log "cwmp cpe port not configured"
-		exit 0
-	fi
+	port=$(uci -q get cwmp.cpe.port)
+	port="${port:-7547}"
 
 	ipaddr=$(uci -q get cwmp.cpe.allowed_cr_ip)
 	if [ -n "${ipaddr}" ]; then
@@ -247,8 +197,6 @@ configure_connection_req_rules() {
 		# Close the ACS port at Lan side
 		close_downstream_acs_port "${lan}" "${port}"
 	fi
-
-	add_port_protection "${port}"
 }
 
 load_zone_names

icwmp/files/etc/init.d/icwmpd

@@ -97,7 +97,9 @@ validate_cpe_section()
 		'periodic_notify_enable:bool' \
 		'enable:bool:1' \
 		'periodic_notify_interval:uinteger' \
-		'fw_upgrade_keep_settings:bool'
+		'KeepConfig:bool' \
+		'KeepOpConf:bool' \
+		'ConfigScope:string'
 }
 
 validate_defaults() {
@@ -168,13 +170,21 @@ start_service() {
 
 stop_service()
 {
-	local switch_bank
+	local switch_bank KeepConfig KeepOpConf ConfigScope
 
 	copy_cwmp_varstate_files_to_etc
-	
 	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
-	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
-		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
+	if [ "$switch_bank" = "1" ] && [ -x /etc/sysmngr/fwbank ]; then
+		KeepConfig="$(uci -q get cwmp.cpe.KeepConfig)"
+		KeepOpConf="$(uci -q get cwmp.cpe.KeepOpConf)"
+		ConfigScope="$(uci -q get cwmp.cpe.ConfigScope)"
+
+		json_init
+		[ -n "${KeepConfig}" ] && json_add_boolean "keep_config" "${KeepConfig}"
+		[ -n "${KeepOpConf}" ] && json_add_boolean "keep_opconf" "${KeepOpConf}"
+		[ -n "${ConfigScope}" ] && json_add_string "config_scope" "${ConfigScope}"
+
+		json_dump| /etc/sysmngr/fwbank call copy_config
 	fi
 }
 

icwmp/files/etc/uci-defaults/50-cwmp-align-keep-config

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+keep_settings="$(uci -q get cwmp.cpe.fw_upgrade_keep_settings)"
+if [ -n "${keep_settings}" ]; then
+	uci -q delete cwmp.cpe.fw_upgrade_keep_settings
+	uci -q set cwmp.cpe.KeepConfig="${keep_settings}"
+fi

icwmp/files/etc/uci-defaults/90-cwmpfirewall

@@ -5,6 +5,7 @@ uci -q batch <<-EOT
         set firewall.cwmp=include
         set firewall.cwmp.path=/etc/icwmpd/firewall.cwmp
         set firewall.cwmp.reload=1
+        commit firewall
 EOT
 
 exit 0

icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user

@@ -16,12 +16,12 @@ get_opt43() {
 	local opt43="$1"
 	local len="$2"
 
-	[ "${len}" -gt 2 ] || return
+	[ "$len" -gt "2" ] || return
 
 	first_byte=${opt43:0:2}
 	first_byte=$(printf "%d\n" "0x$first_byte")
 
-	if [ "${len}" -ge 4 ] && [ "${first_byte}" -ge 1 ] && [ "${first_byte}" -le 4 ]; then
+	if [ $len -ge 4 ] && [ $first_byte -ge 1 ] && [ $first_byte -le 4 ]; then
 		# it is in encapsulated form
 		# opt43 encapsulated vendor-specific option has data in below format
 		#  Code   Len   Data item        Code   Len   Data item        Code
@@ -35,7 +35,7 @@ get_opt43() {
 		data="${opt43}"
 		rem_len="${len}"
 		# parsing of suboption of option 43
-		while [ "${rem_len}" -gt 0 ]; do
+		while [ $rem_len -gt 0 ]; do
 			# get the suboption id
 			sub_opt_id=${data:0:2}
 			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
@@ -50,13 +50,13 @@ get_opt43() {
 
 			# assign the value found in sub option
 			case "${sub_opt_id}" in
-				"1") DHCP_ACS_URL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"1") DHCP_ACS_URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"2") DHCP_PROV_CODE=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"2") DHCP_PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"3") MIN_WAIT_INVL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"3") MIN_WAIT_INVL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"4") INVL_MULTIPLIER=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"4") INVL_MULTIPLIER=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
 			esac
 
@@ -70,7 +70,7 @@ get_opt43() {
 			rem_len=$((rem_len - sub_opt_end))
 		done
 	else
-		DHCP_ACS_URL=$(echo -n "${opt43}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+		DHCP_ACS_URL=$(echo -n $opt43 | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 	fi
 }
 
@@ -92,9 +92,9 @@ if [ "$discovery_enable" = "0" ]; then
 	return 0
 fi
 
-if [ "${wan_intf}" = "${INTERFACE}" ]; then
+if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	if [ -n "$opt43" ]; then
-		len=$(echo -n "$opt43"|wc -c)
+		len=$(printf "$opt43"|wc -c)
 		get_opt43 "$opt43" "$len"
 	fi
 

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.34
+PKG_VERSION:=8.7.40
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=81c99af824bd5bd217213e4e731798a6469157b8
+PKG_SOURCE_VERSION:=06e45ad44433b98b0630dab59d943fade7c24269
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -116,7 +116,7 @@ MAKE_PATH:=src
 
 
 define Package/ieee1905/install
-	$(CP) ./files/etc $(1)/
+	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
 	$(INSTALL_DIR) $(1)/usr/sbin

ieee1905/files/datamodel_description.json

@@ -1,23 +0,0 @@
-{
-	"Device.IEEE1905.AL.": {
-		"type": "object",
-		"protocols": [
-			"cwmp",
-			"usp"
-		],
-		"access": false,
-		"array": false,
-		"{BBF_VENDOR_PREFIX}LocalOnlyMode": {
-			"type": "boolean",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Enable or disable interfaces from ieee1905.",
-			"datatype": "boolean"
-		}
-	}
-}
-

ieee1905/files/etc/init.d/ieee1905

@@ -83,7 +83,7 @@ start_service() {
 	validate_ieee1905_config || return 1;
 
 	procd_open_instance
-        procd_set_param command "/usr/sbin/ieee1905d" "-o"  "/tmp/ieee1905.log" "-f"
+        procd_set_param command "/usr/sbin/ieee1905d" "-ddddd" "-o"  "/tmp/ieee1905.log"
 	procd_set_param respawn
 	procd_set_param limits core="unlimited"
 #	procd_set_param env IEEE1905_LOG_CMDU=1

iopsys-analytics/Makefile

@@ -34,6 +34,9 @@ define Package/$(PKG_NAME)
     +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
     +PACKAGE_fluent-bit:logrotate                       \
     +@DMCLI_REMOTE_CONNECTION
+  # tools used in development/testing
+  DEPENDS+=                                             \
+    +iperf3
 
 endef
 

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.1
+PKG_VERSION:=2.1.3
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
+PKG_SOURCE_VERSION:=fdfe23e51ff77ca6d2661ad6208d097758524147
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libeasy/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.5.0
+PKG_VERSION:=7.5.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=18f93677bb4d33ebb6249324a5043294f0eae16c
+PKG_SOURCE_VERSION:=b981f7e1bd51f66041cd0c25d15af74ae1e3bc75
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libeasy.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.14.0
+PKG_VERSION:=7.13.10
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b4b8f524a93d03fd1f89d4c32b8eaca90d9ccc1a
+PKG_SOURCE_VERSION:=5e8d828c01ed7ab2feba9028b603dde9708cb656
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -22,7 +22,6 @@ PKG_LICENSE:=LGPL-2.1-only
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/kernel.mk
 
 ifeq ($(CONFIG_TARGET_brcmbca),y)
   TARGET_PLATFORM=BROADCOM
@@ -43,14 +42,10 @@ else ifeq ($(CONFIG_TARGET_armvirt),y)
 else ifeq ($(CONFIG_TARGET_airoha),y)
   TARGET_PLATFORM=ECONET
   TARGET_WIFI_TYPE=MEDIATEK
-  TARGET_CFLAGS +=-DIOPSYS_ECONET -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
+  TARGET_CFLAGS +=-DIOPSYS_ECONET
   ifeq ($(CONFIG_TARGET_airoha_an7581),y)
     TARGET_CFLAGS +=-DCONFIG_MTK
   endif
-else ifeq ($(CONFIG_TARGET_mediatek),y)
-  TARGET_PLATFORM=MEDIATEK
-  TARGET_WIFI_TYPE=MEDIATEK
-  TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
 else ifeq ($(CONFIG_TARGET_ipq95xx),y)
   TARGET_PLATFORM=IPQ95XX
   TARGET_WIFI_TYPE=QUALCOMM
@@ -66,7 +61,7 @@ else
 endif
 
 ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
-  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
+  TARGET_CFLAGS +=-DMT7915_VENDOR_EXT
 endif
 
 PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523

logmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=logmngr
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.1.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
-PKG_SOURCE_VERSION:=ad043d5d2e96c1b203a9c5b22ad6e6e1488ad8f2
+PKG_SOURCE_VERSION:=62441fdfe14a39bff8fff7c62307bd7b54d7240f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -65,8 +65,10 @@ define Package/logmngr/install
 	$(INSTALL_DIR) $(1)/lib/logmngr
 ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
 	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp/
 	$(INSTALL_BIN) ./files/logread $(1)/sbin/
 	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
+	$(INSTALL_BIN) ./files/etc/hotplug.d/ntp/20-reload_fluent_bit $(1)/etc/hotplug.d/ntp/
 else ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif

logmngr/files/etc/config/logmngr

@@ -8,7 +8,7 @@ config source 'default_source'
 
 config template 'default_template'
 	option name 'default_template'
-	option expression '{time} {hostname} {ident}: {message}'
+	option expression '{time} {hostname} {ident}[{pid}]: {message}'
 
 config action 'default_action'
 	option name 'default_action'

logmngr/files/etc/hotplug.d/ntp/20-reload_fluent_bit

@@ -0,0 +1,14 @@
+#!/bin/sh
+# This hotplug script reloads fluent-bit, so that kmsg logs' timestamp gets in sync
+
+[ "$ACTION" = stratum ] || exit 0
+
+# only once
+if ! uci -q get time.global.first_use_date > /dev/null 2>&1; then
+	flb_pid="$(pidof fluent-bit)"
+
+	if [ -n "$flb_pid" ]; then
+		logger -t "logmngr.hotplug" -p info "reload fluent-bit due to ntp sync"
+		kill -SIGHUP "$flb_pid"
+	fi
+fi

logmngr/files/etc/uci-defaults/10-logmngr_config_migrate

@@ -11,7 +11,7 @@ fi
 if ! uci -q get logmngr.default_template > /dev/null; then
 	uci -q set logmngr.default_template=template
 	uci -q set logmngr.default_template.name='default_template'
-	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}: {message}'
+	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}[{pid}]: {message}'
 fi
 
 if uci -q get logmngr.a1 >/dev/null; then

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -77,6 +77,12 @@ create_default_filters() {
 	append_conf "    rename          msg     message"
 	append_conf ""
 
+	append_conf "[FILTER]"
+	append_conf "    name            modify"
+	append_conf "    match           *"
+	append_conf "    add             pid     0"
+	append_conf ""
+
 	append_conf "[FILTER]"
 	append_conf "    name            sysinfo"
 	append_conf "    match           *"
@@ -92,157 +98,180 @@ create_input_section() {
 	# check if this source section has already been processed
 	syslog_tag_already_processed "$tag" && return
 
-	# the input in our case is always syslog, hence, this section of the
-	# fluent-bit.conf file has hardcoded values as well that do not depend
-	# on any uci value
 	append_conf "[INPUT]"
 	append_conf "    name        syslog"
+	append_conf "    unix_perm   0666"
 	append_conf "    tag         $tag"
 	append_conf "    path        /dev/log"
 	append_conf ""
 }
 
-create_kmsg_input_section() {
-	local tag="$1"
+populate_allowed_logs() {
+	local facility_level sev_level
+	local section="$1"
 
-	[ -z "$tag" ] && return
+	[ -z "$section" ] && return
 
-	# check if this source section has already been processed
-	kmsg_tag_already_processed "$tag" && return
+	# reset
+	match_pattern=""
+	facilities=""
+	all_facilities=0
+	kern_facility=0
+	severities=""
+	sev_compare=1
+	sev_action=0
 
-	if [ -c "/dev/kmsg" ]; then
-		append_conf "[INPUT]"
-		append_conf "    name       kmsg"
-		append_conf "    tag        $tag"
-		append_conf ""
-	fi
-}
+	# read config
+	config_get match_pattern $section pattern_match
 
-generate_facility_regex() {
-	local facility_level=$1
-	local pri=0
-
-	if [ "$facility_level" == "24" ]; then
-		# value 24 means all facility level, which is as good as not
-		# generating a filter section, so return
-		return
-	fi
-
-	# facility_level is a list value, hence, generate regex for
-	# each value
-	IFS=" "
-	for val in $facility_level; do
-		# as per rfc 5424 and 3164, pri in syslog msg is
-		# facility*8+severity. Severity value can range from 0-7 hence
-		# generate regex for each.
-		for sval in 0 1 2 3 4 5 6 7; do
-			pri=`expr $val \* 8 + $sval`
-			append_conf "    regex        pri $pri"
-		done
-	done
-}
-
-generate_severity_regex() {
-	local sev_level="$1"
-	local sev_compare="$2"
-	local sev_action="$3"
-
-	local pri=0
-	local param="exclude"
-
-	if [ "$sev_action" == "0" ]; then
-		param="regex"
-	fi
-
-	local fval=0
-	if [ "$sev_compare" == "0" ]; then
-		# generate regex for all facility values, with severity=sev_level
-		while [ $fval -le 23 ] ; do
-			pri=`expr $fval \* 8 + $sev_level`
-			append_conf "    $param        pri $pri"
-			fval=$((fval + 1))
-		done
-	elif [ "$sev_compare" == "1" ]; then
-		# generate regex for all severity value greater than or equal to
-		# sev_level. please, lower value have higher precedence, so sev_level
-		# 0 which is emergency has higher precedence than error which is 3
-		while [ $fval -le 23 ] ; do
-			sval=0
-			while [ $sev_level -ge $sval ]; do
-				pri=`expr $fval \* 8 + $sval`
-				append_conf "    $param        pri $pri"
-				sval=$((sval + 1))
-			done
-			fval=$((fval + 1))
-		done
-	fi
-}
-
-handle_filter_conf() {
-	local section="$1" # config filter
-	local filter_name="$2"
-	local name
-
-	# no need to proceed if name of filter section is not one of the values
-	# listed in option filter in config action section
-	config_get name $section name
-	if [ "$name" != "$filter_name" ]; then
-		return
-	fi
-
-	# as per data model, at a time either facility_level or severity_level can
-	# be specified along with pattern_match. hence, first process and generate
-	# regex for pattern_match which is common in both condition. Next, we will
-	# process facility_level and return if facility level is defined and not
-	# process severity related params at all.
-
-	local pattern_match
-	config_get pattern_match $section pattern_match
-	if [ -n "$pattern_match" ]; then
-		append_conf "    regex        $pattern_match"
-	fi
-
-	local facility_level
 	config_get facility_level $section facility_level
-
-	if [ -n "$facility_level" ]; then
-		generate_facility_regex $facility_level
-		# return from here since if facility_level is defined, then no
-		# need to process severity_level
-		return
-	fi
-
-	local sev_level
-	local sev_compare
-	local sev_action
 	config_get sev_level $section severity_level
+	config_get sev_compare $section severity_compare 1
+	config_get sev_action $section severity_action 0
 
-	if [ -n "$sev_level" ]; then
-		# value 1 of severity compare corresponds to data model
-		# and system default which is EqualorHigher
-		config_get sev_compare $section severity_compare 1
-		# value 0 of severity action corresponds to data model
-		# and system default that is log
-		config_get sev_action $section severity_action 0
+	# normalize facilities
+	if [ -n "$facility_level" ]; then
+		for f in $facility_level; do
+			if [ "$f" = "24" ]; then
+				all_facilities=1
+				# xargs is used to convert from new line separated numbers to space separated numbers
+				facilities="$(seq 0 23 | xargs)"
+				break
+			fi
 
-		generate_severity_regex $sev_level $sev_compare $sev_action
+			if [ "$f" = "0" ]; then
+				kern_facility=1
+			fi
+		done
+
+		if [ "$all_facilities" -eq 0 ]; then
+			facilities="$facility_level"
+		fi
+	else
+		# default to "all facilities" when unset
+        	all_facilities=1
+	        facilities="$(seq 0 23 | xargs)"
 	fi
+
+	# normalize severities
+	case "$sev_level" in
+		8)  	# all severities
+			severities="$(seq 0 7 | xargs)"
+			;;
+		9)  	# none
+			severities="none"
+			;;
+		"") 	# unset, treat as "all"
+			severities="$(seq 0 7 | xargs)"
+			;;
+		*)
+			if [ "$sev_compare" = "0" ]; then
+				# equal
+				severities="$sev_level"
+			else
+				# equl or higher
+				severities="$(seq 0 $sev_level | xargs)"
+			fi
+			;;
+	esac
 }
 
 create_filter_section() {
 	local match_regex="$1"
+	local pattern="$2"
 
 	[ -z "$match_regex" ] && return
 
 	append_conf "[FILTER]"
 	append_conf "    name        grep"
 	append_conf "    match_regex       $match_regex"
-	append_conf "    logical_op  or" # handle multiple filters
+
+	# we need "logical_op or" only in non-pattern sections
+	if [ "$pattern" = "0" ]; then
+		append_conf "    logical_op  or" # handle multiple filters
+	fi
 }
 
-handle_filter_ref() {
-	local filter_name="$1"
-	config_foreach handle_filter_conf filter "$filter_name"
+create_kmsg_input_section() {
+	local tag="$1"
+	local max_sev=7
+
+	[ -z "$tag" ] && return
+	kmsg_tag_already_processed "$tag" && return
+
+	if [ -c "/dev/kmsg" ]; then
+		append_conf "[INPUT]"
+		append_conf "    name       kmsg"
+		append_conf "    tag        $tag"
+
+		# check kern facility (0)
+		if [ "$all_facilities" -eq 1 ] || [ "$kern_facility" -eq 1 ]; then
+			if [ "$severities" != "none" ]; then
+				# severity filtering
+				# only EqualOrHigher is supported by Prio_Level
+				# and only Log action is supported
+				# so set Prio_Level = max severity
+				if [ "$sev_action" = "0" ] && [ "$sev_compare" = "1" ]; then
+					if [ -n "$severities" ]; then
+						max_sev=$(echo $severities | tr ' ' '\n' | sort -n | tail -1)
+					fi
+
+					append_conf "    prio_level $max_sev"
+				fi
+			fi
+		fi
+
+		append_conf ""
+
+		# if severities is none, or
+		# if kern facility has been excluded
+		# then we need to stop kernel logs
+		# sev_action and sev_compare is being checked because we don't want to work with rules that exclude logs
+		if [ "$severities" = "none" ] || { [ "$kern_facility" -eq 0 ] && [ "$all_facilities" -eq 0 ] && [ "$sev_action" = "0" ] && [ "$sev_compare" = "1" ]; }; then
+			# block all
+			# create a filter section that matches on KM* tag
+			# and excludes all messages
+			create_filter_section "KM*" "0"
+			append_conf "    exclude    message ^.*$"
+			append_conf ""
+		fi
+	fi
+}
+
+generate_syslog_filter() {
+	local param="regex"
+
+	[ "$sev_action" = "1" ] && param="exclude"
+
+	# start adding the fluent-bit filter section
+	create_filter_section "SL*" "0"
+
+	if [ "$severities" = "none" ]; then
+		append_conf "    exclude    pri ^.*$"
+		return
+	fi
+
+	for fval in $facilities; do
+		for sval in $severities; do
+			local pri=$((fval * 8 + sval))
+			append_conf "    $param        pri ^${pri}$"
+		done
+	done
+
+	append_conf ""
+}
+
+generate_pattern_filter() {
+	local match_regex="$1"
+	local match_pattern="$2"
+
+	[ -z "$match_regex" ] && return
+	[ -z "$match_pattern" ] && return
+
+	# start adding the fluent-bit filter section
+	create_filter_section "$match_regex" "1"
+	append_conf "    regex        message $match_pattern"
+	append_conf ""
 }
 
 handle_log_file() {
@@ -275,6 +304,7 @@ handle_log_file() {
 	append_conf "    match_regex  $match_regex"
 	append_conf "    file         $file"
 
+
 	if [ -n "$template" ]; then
 		append_conf "    format       template"
 		append_conf "    template     ${template}"
@@ -349,7 +379,7 @@ handle_log_remote() {
 resolve_source_section() {
 	local src_section="$1"
 	local linker="$2"
-	local src_name syslog_en kernel_en source_tag_syslog source_tag_kmsg
+	local src_name syslog_en kernel_en
 
 	config_get src_name "$src_section" name
 	[ "$src_name" = "$linker" ] || return
@@ -364,13 +394,11 @@ resolve_source_section() {
 	if [ "$syslog_en" = "1" ]; then
 		source_tag_syslog="SL$src_name"
 		create_input_section "$source_tag_syslog"
-		action_tags="$source_tag_syslog $action_tags"
 	fi
 
 	if [ "$kernel_en" = "1" ]; then
 		source_tag_kmsg="KM$src_name"
 		create_kmsg_input_section "$source_tag_kmsg"
-		action_tags="$source_tag_kmsg $action_tags"
 	fi
 }
 
@@ -406,10 +434,30 @@ build_match_regex() {
 	echo "$regex"
 }
 
+handle_filter_conf() {
+	local section="$1" # config filter
+	local filter_name="$2"
+	local name
+
+	config_get name $section name
+	[ "$name" = "$filter_name" ] || return
+
+	populate_allowed_logs "$filter_name"
+}
+
 handle_action() {
-	local tag_regex filter source_ref template_ref source_sec log_template
+	local tag_regex filter source_ref template_ref source_sec log_template finst
 	local action_section="$1"
-	local action_tags=""
+	local source_tag_syslog source_tag_kmsg
+
+	# shared variables set by populate_allowed_logs
+	match_pattern=""
+	facilities=""
+	all_facilities=0
+	kern_facility=1
+	severities=""
+	sev_compare=1
+	sev_action=0
 
 	config_get action_name "$action_section" name
 	config_get filter "$action_section" filter
@@ -419,27 +467,26 @@ handle_action() {
 	[ -z "$action_name" ] && return
 	[ -z "$source_ref" ] && return
 
+	# read filter section and populate relevant variables
+	# these variables will be used by create_kmsg_input_section
+	# generate_syslog_filter, and generate_pattern_filter functions
+	if [ -n "$filter" ]; then
+		for finst in $filter; do
+			config_foreach handle_filter_conf filter "$finst"
+		done
+	fi
+
 	# Resolve referenced source sections
 	for source_sec in $source_ref; do
 		config_foreach resolve_source_section source "$source_sec"
 	done
 
 	# build a regex that will match all the sources for this action
-	tag_regex=$(build_match_regex "$action_tags")
+	tag_regex=$(build_match_regex "$source_tag_syslog $source_tag_kmsg")
 
 	if [ -n "$filter" ]; then
-		# the only fluentbit filter that is useful for the datamodel is
-		# grep. Also, fluentbit does not seem to handle multiple instances
-		# of FILTER of same kind. Hence, each filter section corresponding
-		# to an action entry in the uci would translate for us into a set of
-		# regex/exclude values instead of individual FILTER section per uci
-		# section filter is a list, treat according
-		create_filter_section "$tag_regex"
-
-		IFS=" "
-		for finst in $filter; do
-			handle_filter_ref $finst
-		done
+		generate_pattern_filter "$tag_regex" "$match_pattern"
+		generate_syslog_filter
 	fi
 
 	# get the template expression if any is present

map-agent/Config.in

@@ -55,16 +55,16 @@ config AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST
 config AGENT_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
+config AGENT_ZEROTOUCH_DPP
+	bool "Enable Zero-touch DPP bootstrapping. Depends on libztdpp.so"
+	default n
+
 config AGENT_CHECK_PARTIAL_WIFI_RELOAD
 	bool "Option that allow SSID/PSK simple reload"
 	default y
 
-config DYNBH
-	bool "Enable map-agent dynamic Ethernet backhaul management"
-	default n
-
-config DYNBH_DYNAMICALLY_PERSIST_CONTROLLER
-	bool "Let map-agent through AP-Autoconfiguration Search and DHCP Discovery determine the controller or agent role"
+config DYNBHD_DYNAMICALLY_PERSIST_CONTROLLER
+	bool "Let dynbhd through AP-Autoconfiguration Search and DHCP Discovery determine the controller or agent role"
 
 config AGENT_UNASSOC_STA_CONT_MONITOR
 	bool "Enable continuos monitoring of unassociated clients"

map-agent/Makefile

@@ -1,13 +1,14 @@
 #
-# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
+# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
+# Copyright (C) 2025 Genexis Sweden AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.4.1.6
+PKG_VERSION:=6.3.7.17
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ed2e65007c2a0bacb642b0e72b803df64ef826ed
+PKG_SOURCE_VERSION:=7f71fafbec49fa4b25d1e8d07cfc1fee5b4bbab0
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -26,7 +27,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-agent
   SECTION:=utils
   CATEGORY:=Utilities
-  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
+  TITLE:=Wi-Fi Multi-AP Agent (EasyMesh R6)
   DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
 	   +ieee1905-map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp \
 	   +uuidgen +openssl-util +!TARGET_brcmbca:ebtables-legacy \
@@ -37,8 +38,24 @@ ifeq ($(CONFIG_AGENT_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
+define Package/dynbhd
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Dynamic Backhaul Daemon
+  DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
+	  +ieee1905-map-plugin +map-agent
+endef
+
+ifeq ($(CONFIG_AGENT_ZEROTOUCH_DPP),y)
+  TARGET_CFLAGS += -DZEROTOUCH_DPP
+endif
+
 define Package/map-agent/description
- This package implements EasyMesh R2 compliant WiFi Agent.
+  This package provides EasyMesh R6 compliant Wi-Fi Multi-AP Agent.
+endef
+
+define Package/dynbhd/description
+ Dyanmic LAN/WAN port detection and loop avoidance.
 endef
 
 define Package/map-agent/config
@@ -98,11 +115,7 @@ ifeq ($(CONFIG_AGENT_CHECK_PARTIAL_WIFI_RELOAD),y)
 TARGET_CFLAGS += -DCHECK_PARTIAL_WIFI_RELOAD
 endif
 
-ifeq ($(CONFIG_DYNBH),y)
-TARGET_CFLAGS += -DDYNBH
-endif
-
-ifeq ($(CONFIG_DYNBH_DYNAMICALLY_PERSIST_CONTROLLER),y)
+ifeq ($(CONFIG_DYNBHD_DYNAMICALLY_PERSIST_CONTROLLER),y)
 TARGET_CFLAGS += -DPERSIST_CONTROLLER
 endif
 
@@ -115,10 +128,6 @@ MAKE_PATH:=src
 define Package/map-agent/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/
-ifeq ($(CONFIG_DYNBH),y)
-	$(RM) $(1)/etc/hotplug.d/ethernet/map-dynamic-backhaul
-	$(RM) $(1)/etc/hotplug.d/ethernet/map-topology-discovery
-endif
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/lib/wifi
@@ -126,6 +135,15 @@ endif
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mapagent $(1)/usr/sbin/
 endef
 
+define Package/dynbhd/install
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/lib/wifi/dynbhd
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/ethernet
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/dynbhd $(1)/usr/sbin/dynbhd
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/api $(1)/lib/wifi/dynbhd/api
+#	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/map-dynamic-backhaul $(1)/etc/hotplug.d/ethernet/map-dynamic-backhaul
+endef
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -134,3 +152,4 @@ endef
 endif
 
 $(eval $(call BuildPackage,map-agent))
+$(eval $(call BuildPackage,dynbhd))

map-agent/files/etc/config/mapagent

@@ -17,7 +17,7 @@ config dynamic_backhaul
 	option missing_bh_reconfig_timer '1800'
 
 config controller_select
-	option mode 'auto'
+	option id 'auto'
 	option probe_int '20'
 	option retry_int '9'
 	option autostart '1'

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -27,6 +27,11 @@ done
 al_brnet="${al_bridge:3}"
 [ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ] || exit 0
 
+############## Dynamic Backhaul Daemon ##############
+if [ -n "$(which dynbhd)" ]; then
+	exit 0
+fi
+########################################################
 
 ################ Dedicated ETH WAN Port ################
 wanport="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
@@ -90,8 +95,7 @@ if [ "$LINK" = "up" ]; then
 	config_foreach remove_from_bridge bsta
 	config_foreach update_bstas bsta down
 
-	hwaddr="$(ifconfig $PORT | grep -i hwaddr | awk '{print $5}' | awk '{print tolower($0)}')"
-	/lib/wifi/multiap set_uplink "eth" "$PORT" "$hwaddr"
+	/lib/wifi/multiap set_uplink "eth" "$PORT"
 else
 	/lib/wifi/multiap unset_uplink "eth"
 	#rm -f "$map_bh_file"

map-agent/files/etc/init.d/mapagent

@@ -1,12 +1,26 @@
 #!/bin/sh /etc/rc.common
 
-START=98
+START=97
 STOP=20
 
 USE_PROCD=1
 
 IS_CFG_VALID=1
 
+MAP_DEV="map_dev"
+MAP_IF="map"
+
+
+start_dynbhd_service() {
+	rm -f /var/run/multiap/multiap.backhaul
+	procd_open_instance
+	procd_set_param command "/usr/sbin/dynbhd"
+	procd_set_param respawn
+#	procd_set_param stdout 1
+#	procd_set_param stderr 1
+	procd_close_instance
+}
+
 validate_agent_section() {
 	uci_validate_section mapagent agent "agent" \
 		'enabled:bool:true' \
@@ -37,7 +51,7 @@ validate_cs_section() {
 
 	uci_validate_section mapagent $section "${section}" \
 		'local:bool:false' \
-		'mode:string' \
+		'id:string' \
 		'probe_int:range(0,1000):20' \
 		'retry_int:range(0,255):3' \
 		'autostart:bool:false'
@@ -165,6 +179,17 @@ create_dir() {
 }
 
 start_service() {
+	if [ -f /usr/sbin/dynbhd ]; then
+		# Start dynbhd only if the device is operating in extender/repeater mode
+		al_bridge="$(uci -q get mapagent.agent.al_bridge)"
+		if [ "${al_bridge:0:3}" = "br-" ]; then
+			al_brnet="${al_bridge:3}"
+			if [ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ]; then
+				start_dynbhd_service
+			fi
+		fi
+	fi
+
 	config_load "mapagent"
 	validate_agent_config || return 1;
 

map-agent/files/etc/uci-defaults/100-mapagent-config-migrate.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+. /lib/functions.sh
+
+cfg=mapagent
+config_load $cfg
+
+if uci -q get $cfg.agent.partial_wifi_reload >/dev/null; then
+	uci -q set $cfg.agent.partial_wifi_reload='0'
+fi
+
+if uci -q get $cfg.agent.chan_ch_relay_mcast >/dev/null; then
+	uci -q set $cfg.agent.chan_ch_relay_mcast='0'
+fi
+
+rename_dpp_uri() {
+	local section="$1"
+	local type device ifname band
+	local ch_list=""
+
+	config_get type "$section" type
+	config_get device "$section" device
+	config_get ifname "$section" ifname
+	config_get band "$section" band
+	config_get chirp_interval "$section" chirp_interval
+
+	append_chan() {
+		local val="$1"
+		local chan_num="${val#*/}"
+		ch_list="$ch_list $chan_num"
+	}
+	config_list_foreach "$section" chan append_chan
+
+	new_section=$(uci add "$cfg" dpp_chirp)
+	[ -n "$type" ] && uci set "$cfg.$new_section.type=$type"
+	[ -n "$device" ] && uci set "$cfg.$new_section.device=$device"
+	[ -n "$ifname" ] && uci set "$cfg.$new_section.ifname=$ifname"
+	[ -n "$band" ] && uci set "$cfg.$new_section.band=$band"
+
+	if [ -n "$chirp_interval" ]; then
+		uci set "${cfg}.${new_section}.chirp_interval=$chirp_interval"
+	fi
+
+	for ch in $ch_list; do
+		uci add_list "$cfg.$new_section.channel=$ch"
+	done
+	uci delete "$cfg.$section"
+}
+
+uci -q delete "$cfg.@dpp_controller[0]"
+
+config_foreach rename_dpp_uri dpp_uri
+
+exit 0

map-agent/files/etc/uci-defaults/994-map-set-cntlr-sel-mode

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-adapt_cntlr_sel() {
-	local section=$1
-        id=$(uci -q get mapagent.@controller_select[0].id)
-
-        uci -q del mapagent.@controller_select[0].id
-
-        # re-apply any custom value
-        [ -z "${id}" ] || uci -q set mapagent.@controller_select[0].mode="${id}"
-}
-
-adapt_cntlr_sel

map-agent/files/lib/multiap/map_genconfig

@@ -10,11 +10,6 @@ network_mode="$(fw_printenv -n netmode)" # default is layer3
 multiap_mode="$(fw_printenv -n multiap_mode)" # default is full
 disable_mlo="$(fw_printenv -n disable_mlo)"
 
-is_logan() {
-	[ -d /sys/module/mt_wifi ] && return 0
-	return 1
-}
-
 is_airoha() {
 	[ -f /proc/device-tree/compatible ] || return
 	strings /proc/device-tree/compatible | grep -qE '^(econet,|airoha,)'; return
@@ -49,19 +44,16 @@ generate_multiap_config() {
 			2g)
 				mode_band=2
 				priority=2
-				dpp_chan="81/1"
 				channels="1 6 11"
 			;;
 			5g)
 				mode_band=5
 				priority=1
-				dpp_chan="128/36"
 				channels="36-64 100-112"
 			;;
 			6g)
 				mode_band=6
 				priority=0
-				dpp_chan="133/49"
 			;;
 		esac
 
@@ -72,44 +64,45 @@ generate_multiap_config() {
 		device="$dev"
 
 		ifprefix_radio=""
-		if is_logan; then
-			uci set mapagent.agent.mld_prefix="bss"
-			ifname_sta=""
-			case "$band" in
-				2g)
-					ifprefix="ra%"
-					ifname="ra0"
-					ifname_bh="ra1"
-					ifname_sta="apcli0"
-				;;
-				5g)
-					ifprefix="rai%"
-					ifname="rai0"
-					ifname_bh="rai1"
-					ifname_sta="apclii0"
-				;;
-				6g)
-					ifprefix="rax%"
-					ifname="rax0"
-					ifname_bh="rax1"
-					ifname_sta="apclix0"
-				;;
-			esac
-			ifprefix_radio="${ifprefix}"
-			if [ "${network_mode}" == "extender" ]; then
-				ifname="${ifname_sta}"
-			fi
-
-			[ "$disable_mlo" == "1" ] || {
-				uci set wireless.$dev.mlo="1"
-				uci set wireless.$dev.mlo_capable="1"
-			}
-		elif is_airoha; then
+		if is_airoha; then
 			if [ -d "/sys/module/mt76" ]; then
 				ifprefix="wlan%_%"
 				ifname="wlan${devidx}_0"
 				ifname_bh="wlan${devidx}_1"
+			else
+				uci set mapagent.agent.mld_prefix="bss"
+				ifname_sta=""
+				case "$band" in
+					2g)
+						ifprefix="ra%"
+						ifname="ra0"
+						ifname_bh="ra1"
+						ifname_sta="apcli0"
+					;;
+					5g)
+						ifprefix="rai%"
+						ifname="rai0"
+						ifname_bh="rai1"
+						ifname_sta="apclii0"
+					;;
+					6g)
+						ifprefix="rax%"
+						ifname="rax0"
+						ifname_bh="rax1"
+						ifname_sta="apclix0"
+					;;
+				esac
+				ifprefix_radio="${ifprefix}"
+				if [ "${network_mode}" == "extender" ]; then
+					ifname="${ifname_sta}"
+				fi
+
+				[ "$disable_mlo" == "1" ] || {
+					uci set wireless.$dev.mlo="1"
+					uci set wireless.$dev.mlo_capable="1"
+				}
 			fi
+
 			uci set wireless.$dev.channels="$channels"
 			uci commit wireless
 		elif is_broadcom; then
@@ -162,13 +155,17 @@ generate_multiap_config() {
 				uci set mapagent.@bsta[-1].band="$mode_band"
 				uci set mapagent.@bsta[-1].priority="$priority"
 
-				#uci add mapagent dpp_uri
-				#uci set mapagent.@dpp_uri[-1].type="qrcode"
-				#uci set mapagent.@dpp_uri[-1].device="$device"
-				#uci set mapagent.@dpp_uri[-1].ifname="$ifname"
-				#uci set mapagent.@dpp_uri[-1].band="$mode_band"
-				#uci set mapagent.@dpp_uri[-1].chirp_interval="10"
-				#uci add_list mapagent.@dpp_uri[-1].dpp_chan="$dpp_chan"
+				# add dpp_chirp section for 2.4GHz bSTA
+				if [ $mode_band -eq 2 ]; then
+					uci add mapagent dpp_chirp
+					uci set mapagent.@dpp_chirp[-1].type="qrcode"
+					uci set mapagent.@dpp_chirp[-1].device="$device"
+					uci set mapagent.@dpp_chirp[-1].ifname="$ifname"
+					uci set mapagent.@dpp_chirp[-1].band="$mode_band"
+					for channel in $channels; do
+						uci add_list mapagent.@dpp_chirp[-1].channel="$channel"
+					done
+				fi
 
 				if [ $generate_wireless_sta_config -eq 1 ]; then
 					secname="default_sta_${device}"

map-controller/Config.in

@@ -39,6 +39,10 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
+config CONTROLLER_ZEROTOUCH_DPP
+	bool "Enable Zero-touch DPP bootstrapping via passphrase."
+	default n
+
 config CONTROLLER_PROPAGATE_PROBE_REQ
 	depends on CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable publishing probe requests vendor specific messages as UBUS events"

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.1.0
+PKG_VERSION:=6.4.4.13
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=45355bd49d9260c666b4d1e629184878cec3f72d
+PKG_SOURCE_VERSION:=bd0fb2b63830e19038d9495517c03fdc3900cdfa
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -36,6 +36,9 @@ ifeq ($(CONFIG_CONTROLLER_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
+ifeq ($(CONFIG_CONTROLLER_ZEROTOUCH_DPP),y)
+  TARGET_CFLAGS += -DZEROTOUCH_DPP
+endif
 
 define Package/map-controller/description
  This package provides WiFi MultiAP Controller as per the EasyMesh-R2 specs.
@@ -81,6 +84,7 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands_impl.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_apis.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/cntlr_plugin.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/wifi_opclass.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/steer_module.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/timer.h $(1)/usr/include/map-controller

map-controller/files/etc/config/mapcontroller

@@ -8,12 +8,13 @@ config controller 'controller'
 	option enable_ts '0'
 	option primary_vid '1'
 	option primary_pcp '0'
-	option stale_sta_timeout '20d'
+	option stale_sta_timeout '30d'
 	option de_collect_interval '60'
+	list plugin 'zerotouch'
 
-config sta_steering
+config sta_steering 'sta_steering'
 	option enable_sta_steer '1'
-	option enable_bsta_steer '0'
+	option enable_bsta_steer '1'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'
@@ -23,8 +24,10 @@ config sta_steering
 	option plugins_enabled '1'
 	option plugins_policy 'any'
 	list plugins 'rcpi'
+	list plugins 'rate'
+	list plugins 'bsteer'
 
-config channel_plan
+config channel_plan 'channel_plan'
 	option preclear_dfs '0'
 	option acs '0'
 

map-controller/files/etc/uci-defaults/100-mapcntlr-config-migrate.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+cfg=mapcontroller
+config_load $cfg
+
+uci -q get $cfg.controller.debug >/dev/null 2>&1 && \
+	uci set $cfg.controller.debug='2'
+
+allow_bgdfs=$(uci -q get $cfg.controller.allow_bgdfs || echo "0")
+channel_plan_val=$(uci -q get $cfg.controller.channel_plan || echo "0")
+
+uci -q delete $cfg.controller.allow_bgdfs
+uci -q delete $cfg.controller.channel_plan
+
+uci -q get $cfg.controller.stale_sta_timeout >/dev/null 2>&1 || \
+	uci set $cfg.controller.stale_sta_timeout='30d'
+
+if [ -f /usr/lib/mapcontroller/zerotouch.so ]; then
+	uci -q del_list $cfg.controller.plugin='zerotouch'
+	uci -q add_list $cfg.controller.plugin='zerotouch'
+fi
+
+if ! uci show $cfg 2>/dev/null | grep -q "=channel_plan"; then
+	section=$(uci add $cfg channel_plan)
+	uci set $cfg.$section.preclear_dfs="$allow_bgdfs"
+	uci set $cfg.$section.acs="$channel_plan_val"
+fi
+
+exit 0

map-controller/files/etc/uci-defaults/99-mapcntlr-uci-rename-singletons

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+cfg=mapcontroller
+
+# singleton sections
+sections="channel_plan sta_steering"
+
+for sec in $sections; do
+    # find unnamed section of given type, only index 0
+    s=$(uci show $cfg | grep -oE "@${sec}\[0\]" | sort -u)
+    [ "$s" = "" ] && continue
+
+    uci rename $cfg.$s=$sec
+done
+
+uci commit $cfg

map-controller/files/etc/uci-defaults/99-mapcontroller-sta-steering

@@ -21,9 +21,21 @@ adapt_sta_steering() {
 	uci -q del $cfg.@sta_steering[0].use_usta_metrics
 	uci -q del $cfg.@sta_steering[0].bandsteer
 	uci -q del $cfg.@sta_steering[0].diffsnr
+	if [ -f /usr/lib/mapcontroller/rcpi.so ]; then
+		uci -q del_list $cfg.@sta_steering[0].plugins="rcpi"
+		uci -q add_list $cfg.@sta_steering[0].plugins="rcpi"
+	fi
+
+	if [ -f /usr/lib/mapcontroller/rate.so ]; then
+		uci -q del_list $cfg.@sta_steering[0].plugins="rate"
+		uci -q add_list $cfg.@sta_steering[0].plugins="rate"
+	fi
+
+	if [ -f /usr/lib/mapcontroller/bsteer.so ]; then
+		uci -q del_list $cfg.@sta_steering[0].plugins="bsteer"
+		uci -q add_list $cfg.@sta_steering[0].plugins="bsteer"
+	fi
 
-	uci del_list $cfg.@sta_steering[0].plugins="rcpi"
-	uci add_list $cfg.@sta_steering[0].plugins="rcpi"
 	uci -q set $cfg.@sta_steering[0].plugins_enabled="1"
 	uci -q set $cfg.@sta_steering[0].plugins_policy="any"
 

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=0.0.4
+PKG_VERSION:=1.2.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=74bf151851112ecee731d447af016c8dc668adcf
+PKG_SOURCE_VERSION:=dd873ca4e2cb321302dae1955da24d1be271b2b1
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -27,11 +27,18 @@ include $(INCLUDE_DIR)/package.mk
 
 include $(wildcard plugins/*.mk)
 
+TARGET_CFLAGS += \
+	-I$(STAGING_DIR)/usr/include \
+	-I$(STAGING_DIR)/usr/include/libnl3 \
+	-D_GNU_SOURCE
+
 MAKE_FLAGS += \
 	CFLAGS="$(TARGET_CFLAGS) -Wall"
 
 plugins := \
-	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)
+	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)   \
+	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer) \
+	$(if $(CONFIG_PACKAGE_map-plugins-zero-touch),zero-touch)
 
 ppkg:=$(patsubst plugins/%.mk,map-plugins-%,$(wildcard plugins/*.mk))
 
@@ -52,7 +59,7 @@ define Package/map-plugins
 endef
 
 define Package/map-plugins/description
-	Provides extra Multi-AP services viz. steering, channel-planning etc.
+	Provides extra Multi-AP services viz. steering, channel-planning, self-organizing network etc.
 endef
 
 define Package/map-plugins/install
@@ -60,9 +67,8 @@ define Package/map-plugins/install
 endef
 
 define Build/Compile
-	$(foreach p,$(ppkg),$(call Build/Compile/$(p),$(1)))
+	$(foreach p,$(plugins),$(call Build/Compile/map-plugins-$(p), $(1)))
 endef
 
-
 $(eval $(call BuildPackage,map-plugins))
 $(eval $(foreach p,$(ppkg),$(call BuildPackage,$(p))))

map-plugins/plugins/bsteer.mk

@@ -0,0 +1,20 @@
+define Package/map-plugins-bsteer
+	$(call Package/map-plugins/Default)
+	TITLE:=Wi-Fi backhaul steering plugin based on maximizing backhaul throughput
+	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
+		 +libjson-c +libblobmsg-json +map-controller \
+		 +map-plugins
+endef
+
+define Package/map-plugins-bsteer/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
+	$(CP) $(PKG_BUILD_DIR)/steer/bsteer/bsteer.so $(1)/usr/lib/mapcontroller/bsteer.so
+endef
+
+define Build/Compile/map-plugins-bsteer
+	$(MAKE) -C $(PKG_BUILD_DIR)/steer/bsteer \
+		CC="$(TARGET_CC)" \
+		CFLAGS="$(TARGET_CFLAGS)" \
+		LDFLAGS="$(TARGET_LDFLAGS)";
+endef

map-plugins/plugins/steer-rate.mk

@@ -16,5 +16,5 @@ define Build/Compile/map-plugins-steer-rate
 	$(MAKE) -C $(PKG_BUILD_DIR)/steer/rate \
 		CC="$(TARGET_CC)" \
 		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)"
+		LDFLAGS="$(TARGET_LDFLAGS)";
 endef

map-plugins/plugins/zero-touch.mk

@@ -0,0 +1,22 @@
+define Package/map-plugins-zero-touch
+	$(call Package/map-plugins/Default)
+	TITLE:=Full Zero-touch bootstrapping of Wi-Fi Repeater device(s)
+	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
+		 +libjson-c +libblobmsg-json +map-controller \
+		 +map-plugins
+endef
+
+define Package/map-plugins-zero-touch/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
+	$(CP) $(PKG_BUILD_DIR)/zero-touch/zerotouch.so $(1)/usr/lib/mapcontroller/zerotouch.so
+	$(CP) $(PKG_BUILD_DIR)/zero-touch/libztdpp.so $(1)/usr/lib/libztdpp.so
+
+endef
+
+define Build/Compile/map-plugins-zero-touch
+	$(MAKE) -C $(PKG_BUILD_DIR)/zero-touch \
+		CC="$(TARGET_CC)" \
+		CFLAGS="$(TARGET_CFLAGS)" \
+		LDFLAGS="$(TARGET_LDFLAGS)";
+endef

mosquitto-auth-plugin/Config.in

@@ -0,0 +1,7 @@
+if PACKAGE_mosquitto-auth-plugin
+
+config MOSQUITTO_AUTH_PAM_SUPPORT
+	bool "Enable support of Linux PAM module for Authentication"
+	default y
+
+endif

mosquitto-auth-plugin/Makefile

@@ -13,33 +13,42 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=mosquitto-auth-shadow
-PKG_VERSION:=1.0.1
+PKG_NAME:=mosquitto-auth-plugin
+PKG_VERSION:=1.2.1
 
 PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
 PKG_LICENSE:=EPL-2.0
 
 PKG_BUILD_PARALLEL:=1
+PKG_CONFIG_DEPENDS:=CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/mosquitto-auth-shadow
+define Package/mosquitto-auth-plugin
   SECTION:=net
   CATEGORY:=Network
   TITLE:=mosquitto - /etc/shadow authentication plugin
-  DEPENDS:=+mosquitto-ssl
+  DEPENDS:=+mosquitto-ssl +MOSQUITTO_AUTH_PAM_SUPPORT:libpam
   USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
 endef
 
-define Package/mosquitto-auth-shadow/description
+define Package/mosquitto-auth-plugin/description
   Plugin for the mosquitto MQTT message broker that authenticates
   users using /etc/shadow
 endef
 
-define Package/mosquitto-auth-shadow/install
+define Package/mosquitto-auth-plugin/config
+	source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT),y)
+TARGET_CFLAGS+=-DENABLE_PAM_SUPPORT
+endif
+
+define Package/mosquitto-auth-plugin/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_plugin.so $(1)/usr/lib/
 	$(CP) ./files/* $(1)/
 endef
 
-$(eval $(call BuildPackage,mosquitto-auth-shadow))
+$(eval $(call BuildPackage,mosquitto-auth-plugin))

mosquitto-auth-plugin/src/Makefile

@@ -11,15 +11,15 @@
 #   Erik Karlsson - initial implementation
 #
 
-TARGETS = mosquitto_auth_shadow.so
+TARGETS = mosquitto_auth_plugin.so
 
 all: $(TARGETS)
 
 %.pic.o: %.c
 	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
 
-mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
-	$(CC) $(LDFLAGS) -shared -o $@ $^
+mosquitto_auth_plugin.so: mosquitto_auth_plugin.pic.o
+	$(CC) $(LDFLAGS) -shared -o $@ $^ $(if $(filter -DENABLE_PAM_SUPPORT,$(CFLAGS)),-lpam)
 
 clean:
 	rm -f *.o $(TARGETS)

mosquitto-auth-plugin/src/mosquitto_auth_plugin.c

@@ -0,0 +1,670 @@
+/*
+ * Copyright (c) 2022 Genexis B.V.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *   Erik Karlsson - initial implementation
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <string.h>
+#include <shadow.h>
+#include <crypt.h>
+#include <stdlib.h>
+#include <arpa/inet.h>
+#include <mosquitto.h>
+#include <mosquitto_broker.h>
+#include <mosquitto_plugin.h>
+
+#ifdef ENABLE_PAM_SUPPORT
+#include <security/pam_appl.h>
+#endif
+
+#define MAX_USERS 256
+#define MAX_SUBNETS_PER_USER 32
+
+typedef struct {
+	union {
+		uint32_t ipv4_network;
+		uint8_t ipv6_network[16];
+	};
+	union {
+		uint32_t ipv4_netmask;
+		uint8_t ipv6_netmask[16];
+	};
+	int is_ipv6;
+} subnet_t;
+
+typedef struct {
+	char username[64];
+	subnet_t allow_subnets[MAX_SUBNETS_PER_USER];
+	int allow_count;
+	subnet_t deny_subnets[MAX_SUBNETS_PER_USER];
+	int deny_count;
+} user_acl_t;
+
+typedef struct {
+	user_acl_t users[MAX_USERS];
+	int user_count;
+	mosquitto_plugin_id_t *identifier;
+	char *config_file;
+} plugin_data_t;
+
+/* Parse CIDR notation for IPv4 or IPv6 (e.g., "192.168.1.0/24" or "2001:db8::/32") */
+static int parse_subnet(const char *cidr, subnet_t *subnet)
+{
+	char ip_str[128];
+	char *slash;
+	int prefix_len;
+	struct in_addr addr4;
+	struct in6_addr addr6;
+
+	strncpy(ip_str, cidr, sizeof(ip_str) - 1);
+	ip_str[sizeof(ip_str) - 1] = '\0';
+
+	slash = strchr(ip_str, '/');
+	if (slash != NULL) {
+		*slash = '\0';
+		prefix_len = atoi(slash + 1);
+	}
+
+	/* Try IPv4 first */
+	if (inet_pton(AF_INET, ip_str, &addr4) == 1) {
+		subnet->is_ipv6 = 0;
+		if (slash == NULL)
+			prefix_len = 32;
+		if (prefix_len < 0 || prefix_len > 32)
+			return -1;
+
+		subnet->ipv4_network = ntohl(addr4.s_addr);
+		subnet->ipv4_netmask = prefix_len == 0 ? 0 : (~0U << (32 - prefix_len));
+		subnet->ipv4_network &= subnet->ipv4_netmask;
+		return 0;
+	}
+
+	/* Try IPv6 */
+	if (inet_pton(AF_INET6, ip_str, &addr6) == 1) {
+		subnet->is_ipv6 = 1;
+		if (slash == NULL)
+			prefix_len = 128;
+		if (prefix_len < 0 || prefix_len > 128)
+			return -1;
+
+		/* Copy network address */
+		memcpy(subnet->ipv6_network, addr6.s6_addr, 16);
+
+		/* Generate netmask */
+		memset(subnet->ipv6_netmask, 0, 16);
+		for (int i = 0; i < prefix_len / 8; i++)
+			subnet->ipv6_netmask[i] = 0xff;
+		if (prefix_len % 8)
+			subnet->ipv6_netmask[prefix_len / 8] = ~((1 << (8 - (prefix_len % 8))) - 1);
+
+		/* Apply netmask to network address */
+		for (int i = 0; i < 16; i++)
+			subnet->ipv6_network[i] &= subnet->ipv6_netmask[i];
+
+		return 0;
+	}
+
+	return -1;
+}
+
+/* Check if IPv4 address is in subnet */
+static int ipv4_in_subnet(uint32_t ip, const subnet_t *subnet)
+{
+	if (subnet->is_ipv6)
+		return 0;
+	return (ip & subnet->ipv4_netmask) == subnet->ipv4_network;
+}
+
+/* Check if IPv6 address is in subnet */
+static int ipv6_in_subnet(const uint8_t *ip, const subnet_t *subnet)
+{
+	if (!subnet->is_ipv6)
+		return 0;
+	for (int i = 0; i < 16; i++) {
+		if ((ip[i] & subnet->ipv6_netmask[i]) != subnet->ipv6_network[i])
+			return 0;
+	}
+	return 1;
+}
+
+/* Check if IP is in any subnet in the list */
+static int ip_in_subnet_list(const char *client_address, const subnet_t *subnets, int count)
+{
+	struct in_addr addr4;
+	struct in6_addr addr6;
+	uint32_t ipv4;
+
+	/* Try IPv4 */
+	if (inet_pton(AF_INET, client_address, &addr4) == 1) {
+		ipv4 = ntohl(addr4.s_addr);
+		for (int i = 0; i < count; i++) {
+			if (ipv4_in_subnet(ipv4, &subnets[i]))
+				return 1;
+		}
+		return 0;
+	}
+
+	/* Try IPv6 */
+	if (inet_pton(AF_INET6, client_address, &addr6) == 1) {
+		for (int i = 0; i < count; i++) {
+			if (ipv6_in_subnet(addr6.s6_addr, &subnets[i]))
+				return 1;
+		}
+		return 0;
+	}
+
+	return 0;
+}
+
+/* Find or create user ACL entry */
+static user_acl_t* find_or_create_user_acl(plugin_data_t *pdata, const char *username)
+{
+	user_acl_t *user;
+
+	/* Find existing user */
+	for (int i = 0; i < pdata->user_count; i++) {
+		if (strcmp(pdata->users[i].username, username) == 0)
+			return &pdata->users[i];
+	}
+
+	/* Create new user if not found */
+	if (pdata->user_count >= MAX_USERS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Max users exceeded");
+		return NULL;
+	}
+
+	user = &pdata->users[pdata->user_count];
+	strncpy(user->username, username, sizeof(user->username) - 1);
+	user->username[sizeof(user->username) - 1] = '\0';
+	user->allow_count = 0;
+	user->deny_count = 0;
+	pdata->user_count++;
+
+	return user;
+}
+
+/* Parse subnet ACL file with simplified format
+ * Format:
+ * # Comment lines
+ * subnet allow <username> <cidr>
+ * subnet deny <username> <cidr>
+ */
+static int load_subnet_acl_config(plugin_data_t *pdata, const char *config_file)
+{
+	FILE *fp;
+	char line[512];
+	int line_num = 0;
+
+	/* Initialize user count */
+	pdata->user_count = 0;
+
+	/* Config file is optional - if not provided, no subnet filtering */
+	if (config_file == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_INFO,
+			"subnet_acl: No subnet ACL file specified, subnet filtering disabled");
+		return 0;
+	}
+
+	/* If config file is specified but cannot be opened, this is a fatal error */
+	fp = fopen(config_file, "r");
+	if (fp == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to open subnet ACL file '%s'", config_file);
+		return -1;
+	}
+
+	while (fgets(line, sizeof(line), fp) != NULL) {
+		char *token, *saveptr;
+		char *action, *username, *cidr;
+		user_acl_t *user;
+		subnet_t subnet;
+
+		line_num++;
+
+		/* Remove newline and comments */
+		line[strcspn(line, "\r\n")] = '\0';
+		char *comment = strchr(line, '#');
+		if (comment)
+			*comment = '\0';
+
+		/* Trim leading whitespace */
+		char *line_start = line;
+		while (*line_start == ' ' || *line_start == '\t')
+			line_start++;
+
+		/* Skip empty lines */
+		if (*line_start == '\0')
+			continue;
+
+		/* Parse: subnet allow|deny <username> <cidr> */
+		token = strtok_r(line_start, " \t", &saveptr);
+		if (token == NULL)
+			continue;
+
+		/* Must start with "subnet" */
+		if (strcmp(token, "subnet") != 0) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Invalid directive '%s' at line %d (expected 'subnet')",
+				token, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Get allow/deny */
+		action = strtok_r(NULL, " \t", &saveptr);
+		if (action == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Missing allow/deny at line %d", line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		if (strcmp(action, "allow") != 0 && strcmp(action, "deny") != 0) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Invalid action '%s' at line %d (use 'allow' or 'deny')",
+				action, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Get username */
+		username = strtok_r(NULL, " \t", &saveptr);
+		if (username == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Missing username at line %d", line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Get CIDR */
+		cidr = strtok_r(NULL, " \t", &saveptr);
+		if (cidr == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Missing CIDR at line %d", line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Parse subnet */
+		if (parse_subnet(cidr, &subnet) != 0) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Invalid CIDR '%s' at line %d", cidr, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Find or create user */
+		user = find_or_create_user_acl(pdata, username);
+		if (user == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Max users (%d) exceeded at line %d", MAX_USERS, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Add to appropriate list */
+		if (strcmp(action, "allow") == 0) {
+			if (user->allow_count >= MAX_SUBNETS_PER_USER) {
+				mosquitto_log_printf(MOSQ_LOG_ERR,
+					"subnet_acl: Max allow subnets (%d) exceeded for user '%s' at line %d",
+					MAX_SUBNETS_PER_USER, user->username, line_num);
+				fclose(fp);
+				return -1;
+			}
+			user->allow_subnets[user->allow_count] = subnet;
+			user->allow_count++;
+
+			mosquitto_log_printf(MOSQ_LOG_DEBUG,
+				"subnet_acl: User '%s' allow subnet %s",
+				user->username, cidr);
+
+		} else { /* deny */
+			if (user->deny_count >= MAX_SUBNETS_PER_USER) {
+				mosquitto_log_printf(MOSQ_LOG_ERR,
+					"subnet_acl: Max deny subnets (%d) exceeded for user '%s' at line %d",
+					MAX_SUBNETS_PER_USER, user->username, line_num);
+				fclose(fp);
+				return -1;
+			}
+			user->deny_subnets[user->deny_count] = subnet;
+			user->deny_count++;
+
+			mosquitto_log_printf(MOSQ_LOG_DEBUG,
+				"subnet_acl: User '%s' deny subnet %s",
+				user->username, cidr);
+		}
+	}
+
+	fclose(fp);
+
+	/* Log summary */
+	for (int i = 0; i < pdata->user_count; i++) {
+		user_acl_t *user = &pdata->users[i];
+		if (user->allow_count > 0 || user->deny_count > 0) {
+			mosquitto_log_printf(MOSQ_LOG_INFO,
+				"subnet_acl: User '%s' has %d allow and %d deny subnet rules",
+				user->username, user->allow_count, user->deny_count);
+		}
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Loaded subnet restrictions for %d user(s)", pdata->user_count);
+
+	return 0;
+}
+
+/* Find user ACL entry */
+static const user_acl_t* find_user_acl(const plugin_data_t *pdata, const char *username)
+{
+	for (int i = 0; i < pdata->user_count; i++) {
+		if (strcmp(pdata->users[i].username, username) == 0)
+			return &pdata->users[i];
+	}
+	return NULL;
+}
+
+/* Check subnet access on authentication (connection time)
+ * Returns: MOSQ_ERR_SUCCESS if allowed, MOSQ_ERR_AUTH if denied
+ */
+static int check_subnet_on_auth(plugin_data_t *pdata, struct mosquitto_evt_basic_auth *ed)
+{
+	const user_acl_t *user_acl;
+	const char *client_address;
+
+	/* Skip if no subnet config loaded */
+	if (pdata == NULL || pdata->user_count == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	/* Skip anonymous users */
+	if (ed->username == NULL)
+		return MOSQ_ERR_SUCCESS;
+
+	/* Find user's subnet ACL */
+	user_acl = find_user_acl(pdata, ed->username);
+
+	/* If user not in config or has no subnet rules, allow */
+	if (user_acl == NULL || (user_acl->allow_count == 0 && user_acl->deny_count == 0))
+		return MOSQ_ERR_SUCCESS;
+
+	/* Get client IP address */
+	client_address = mosquitto_client_address(ed->client);
+	if (client_address == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_WARNING,
+			"subnet_acl: Could not get client address for user '%s', denying connection",
+			ed->username);
+		return MOSQ_ERR_AUTH;
+	}
+
+	/* Check deny list first - deny takes precedence */
+	if (user_acl->deny_count > 0) {
+		if (ip_in_subnet_list(client_address, user_acl->deny_subnets, user_acl->deny_count)) {
+			mosquitto_log_printf(MOSQ_LOG_NOTICE,
+				"subnet_acl: User '%s' from %s DENIED by deny rule",
+				ed->username, client_address);
+			return MOSQ_ERR_AUTH;
+		}
+	}
+
+	/* If there are allow rules, IP must match one of them */
+	if (user_acl->allow_count > 0) {
+		if (ip_in_subnet_list(client_address, user_acl->allow_subnets, user_acl->allow_count)) {
+			mosquitto_log_printf(MOSQ_LOG_DEBUG,
+				"subnet_acl: User '%s' from %s allowed by allow rule",
+				ed->username, client_address);
+			return MOSQ_ERR_SUCCESS;
+		} else {
+			mosquitto_log_printf(MOSQ_LOG_NOTICE,
+				"subnet_acl: User '%s' from %s DENIED (not in allowed subnets)",
+				ed->username, client_address);
+			return MOSQ_ERR_AUTH;
+		}
+	}
+
+	/* No subnet rules for this user - allow */
+	return MOSQ_ERR_SUCCESS;
+}
+
+#ifdef ENABLE_PAM_SUPPORT
+static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
+{
+	int i;
+	const char *pass = (const char *)appdata_ptr;
+
+	*resp = calloc(num_msg, sizeof(struct pam_response));
+	if (*resp == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
+		return PAM_BUF_ERR;
+	}
+
+	if (pass == NULL)
+		return PAM_SUCCESS;
+
+	for (i = 0; i < num_msg; ++i) {
+		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+			(*resp)[i].resp = strdup(pass);
+			if ((*resp)[i].resp == NULL) {
+				for (int j = 0; j < i ; j++)
+					free((*resp)[j].resp);
+
+				free(*resp);
+				*resp = NULL;
+				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
+				return PAM_BUF_ERR;
+			}
+		}
+	}
+	return PAM_SUCCESS;
+}
+
+static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct pam_conv conv;
+	int retval;
+	pam_handle_t *pamh = NULL;
+
+	conv.conv = pam_conversation;
+	conv.appdata_ptr = (void *)ed->password;
+
+	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
+	if (retval != PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
+		return MOSQ_ERR_AUTH;
+	}
+
+	retval = pam_authenticate(pamh, 0);
+	pam_end(pamh, retval);
+	if (retval == PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
+		return MOSQ_ERR_SUCCESS;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
+	return MOSQ_ERR_AUTH;
+}
+#else
+static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct spwd spbuf, *sp = NULL;
+	char buf[256];
+	struct crypt_data data;
+	char *hash;
+
+	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
+
+	if (sp == NULL || sp->sp_pwdp == NULL)
+		return MOSQ_ERR_AUTH;
+
+	/* Empty string as hash means password is not required */
+	if (sp->sp_pwdp[0] == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	if (ed->password == NULL)
+		return MOSQ_ERR_AUTH;
+
+	memset(&data, 0, sizeof(data));
+	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
+
+	if (hash == NULL)
+		return MOSQ_ERR_AUTH;
+
+	if (strcmp(hash, sp->sp_pwdp) == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	return MOSQ_ERR_AUTH;
+}
+#endif
+
+static int basic_auth_callback(int event, void *event_data, void *userdata)
+{
+	struct mosquitto_evt_basic_auth *ed = event_data;
+	plugin_data_t *pdata = userdata;
+	int auth_result;
+
+	/* Let other plugins or broker decide about anonymous login */
+	if (ed->username == NULL)
+		return MOSQ_ERR_PLUGIN_DEFER;
+
+	/* First check username/password authentication */
+#ifdef ENABLE_PAM_SUPPORT
+	auth_result = process_pam_auth_callback(ed);
+#else
+	auth_result = process_shadow_auth_callback(ed);
+#endif
+
+	/* If authentication failed, reject immediately */
+	if (auth_result != MOSQ_ERR_SUCCESS)
+		return auth_result;
+
+	/* Authentication succeeded, now check subnet restrictions */
+	return check_subnet_on_auth(pdata, ed);
+}
+
+static int reload_callback(int event, void *event_data, void *userdata)
+{
+	plugin_data_t *pdata = userdata;
+
+	if (pdata == NULL)
+		return MOSQ_ERR_SUCCESS;
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Reloading subnet ACL configuration from '%s'",
+		pdata->config_file ? pdata->config_file : "(none)");
+
+	/* Reload subnet ACL configuration */
+	if (load_subnet_acl_config(pdata, pdata->config_file) != 0) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to reload subnet ACL configuration, keeping old config");
+		return MOSQ_ERR_UNKNOWN;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Reload complete, now tracking %d user(s)", pdata->user_count);
+
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_plugin_version(int supported_version_count,
+			     const int *supported_versions)
+{
+	return 5;
+}
+
+int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
+			  void **user_data,
+			  struct mosquitto_opt *opts, int opt_count)
+{
+	plugin_data_t *pdata;
+	const char *config_file = NULL;
+	int rc;
+
+	/* Find subnet config file option */
+	for (int i = 0; i < opt_count; i++) {
+		if (strcmp(opts[i].key, "subnet_acl_file") == 0) {
+			config_file = opts[i].value;
+			break;
+		}
+	}
+
+	pdata = calloc(1, sizeof(plugin_data_t));
+	if (pdata == NULL)
+		return MOSQ_ERR_NOMEM;
+
+	pdata->identifier = identifier;
+
+	/* Store config file path for reload */
+	if (config_file != NULL) {
+		pdata->config_file = strdup(config_file);
+		if (pdata->config_file == NULL) {
+			free(pdata);
+			return MOSQ_ERR_NOMEM;
+		}
+	} else {
+		pdata->config_file = NULL;
+	}
+
+	/* Load subnet ACL configuration */
+	if (load_subnet_acl_config(pdata, config_file) != 0) {
+		free(pdata->config_file);
+		free(pdata);
+		return MOSQ_ERR_UNKNOWN;
+	}
+
+	/* Register authentication callback only - subnet check is done during auth */
+	rc = mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
+	                                 basic_auth_callback, NULL, pdata);
+	if (rc != MOSQ_ERR_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to register authentication callback");
+		free(pdata->config_file);
+		free(pdata);
+		return rc;
+	}
+
+	/* Register reload callback to handle SIGHUP */
+	rc = mosquitto_callback_register(identifier, MOSQ_EVT_RELOAD,
+	                                 reload_callback, NULL, pdata);
+	if (rc != MOSQ_ERR_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to register reload callback");
+		mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
+		                              basic_auth_callback, NULL);
+		free(pdata->config_file);
+		free(pdata);
+		return rc;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_INFO,
+		"subnet_acl: Plugin initialized with %d user(s)", pdata->user_count);
+
+	/* Only assign user_data after all possible error paths */
+	*user_data = pdata;
+
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_plugin_cleanup(void *user_data,
+			     struct mosquitto_opt *opts, int opt_count)
+{
+	plugin_data_t *pdata = user_data;
+
+	if (pdata) {
+		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
+		                              basic_auth_callback, NULL);
+		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_RELOAD,
+		                              reload_callback, NULL);
+		free(pdata->config_file);
+		free(pdata);
+	}
+
+	return MOSQ_ERR_SUCCESS;
+}

mosquitto-auth-shadow/src/mosquitto_auth_shadow.c

@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 2022 Genexis B.V.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- *   Erik Karlsson - initial implementation
- */
-
-#define _GNU_SOURCE
-#include <string.h>
-#include <shadow.h>
-#include <crypt.h>
-#include <mosquitto.h>
-#include <mosquitto_broker.h>
-#include <mosquitto_plugin.h>
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
-}
-
-int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
-{
-	return 5;
-}
-
-int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
-{
-	*user_data = identifier;
-
-	return mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-					   basic_auth_callback, NULL, NULL);
-}
-
-int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
-{
-	mosquitto_plugin_id_t *identifier = user_data;
-
-	return mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
-					     basic_auth_callback, NULL);
-}

netmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmngr
-PKG_VERSION:=1.2.0
+PKG_VERSION:=1.1.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=ff08a8cc5c860056a022e5376a973dee5a323595
+PKG_SOURCE_VERSION:=6310f32b80f8abeccbf99ad55ce88792b19342d6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.7
+PKG_VERSION:=1.1.11
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only

netmode/files/datamodel.json

@@ -58,7 +58,7 @@
 							"name": "mode"
 						}
 					},
-					"linker_obj": "Device.{BBF_VENDOR_PREFIX}NetMode.SupportedModes.*.Name"
+					"linker_obj": "Device.{BBF_VENDOR_PREFIX}NetMode.SupportedModes.[Name==@key]."
 				}
 			]
 		},

netmode/files/etc/config/netmode

@@ -1,2 +1,2 @@
 config netmode global
-	option enabled 0
+	option enabled 1

netmode/files/etc/init.d/netmode

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=10
+START=11
 USE_PROCD=1
 
 . /lib/functions.sh
@@ -117,6 +117,7 @@ start_service() {
 	config_get_bool enabled global enabled '0'
 	[ $enabled -eq 0 ] && return
 
+	[ -d $MODEDIR ] || mkdir -p $MODEDIR
 	# Get the desired netmode from config
 	config_get mode global mode ""
 	# Check if netmode is set as boot environment parameter
@@ -127,9 +128,12 @@ start_service() {
 	# Get the last saved mode
 	lastmode="$(cat $MODEDIR/.last_mode 2>/dev/null)"
 	# Return if desired mode is same as last saved mode
-	[ "$mode" == "$lastmode" ] && return
+	if [ "$mode" = "$lastmode" ]; then
+		_log "Not switching mode[${mode}], lastmode[${lastmode}]"
+		return
+	fi
 
-	_log "Switching to [${mode}] Mode" >/dev/console
+	_log "Switching to [${mode}] Mode"
 
 	# Configure env variables
 	configure_env_vars ${mode}
@@ -147,20 +151,19 @@ start_service() {
 
 	# Execute mode specific scripts
 	if [ -d $MODEDIR/$mode/scripts ]; then
-		_log "Executing $MODEDIR/$mode/scripts/* scripts"
 		for script in $(ls $MODEDIR/$mode/scripts/); do
+			_log "Executing [${mode}], script [${script}]"
 			sh $MODEDIR/$mode/scripts/$script
 		done
 	fi
 
+	# Save mode as last mode
+	echo "$mode" > $MODEDIR/.last_mode
+	_log "Switching to Mode [${mode}] done, last mode updated"
+
 	# Execute netmode generic post-mode-switch scripts
 	libnetmode_exec "post"
 	cleanup_env_vars "${mode}"
-
-	# Save mode as last mode
-	[ -d $MODEDIR ] || mkdir -p $MODEDIR
-	echo "$mode" > $MODEDIR/.last_mode
-	_log "Switching to Mode [${mode}] done, last mode updated" >/dev/console
 }
 
 service_triggers()

netmode/files/etc/netmodes/bridged/scripts/10-bridged

@@ -61,8 +61,8 @@ l2_network_config() {
 	uci -q set network.lan6.device='@lan'
 	uci -q set network.lan6.reqprefix='no'
 
-	uci -q set network.wan.disabled='1'
-	uci -q set network.wan6.disabled='1'
+	uci -q delete network.wan
+	uci -q delete network.wan6
 
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
@@ -116,12 +116,3 @@ l2_network_config() {
 
 l2_network_config
 l2_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd stop 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -17,6 +17,8 @@ l3_mcast_config() {
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	wandev="$(uci -q get network.WAN.ifname)"
+
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
 	uci -q set network.lan.device='br-lan'
@@ -36,11 +38,44 @@ l3_network_config() {
 	uci -q delete network.wan.disabled
 	uci -q delete network.wan.username
 	uci -q delete network.wan.password
+	uci -q delete network.wan.ipaddr
+	uci -q delete network.wan.gateway
+	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6=interface
-	uci -q set network.wan6.proto='dhcpv6'
+	uci -q set network.wan6.proto="dhcpv6"
 	uci -q delete network.wan6.disabled
 
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
+
+	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
+
+		wandev="$vlandev"
+	fi
+
+	uci -q set network.wan.device="$wandev"
+	uci -q set network.wan6.device="$wandev"
+
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
+
+	uci -q delete network.wan.dns
+	if [ -n "$NETMODE_dns_servers" ]; then
+		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
+		for server in $dns_servers; do
+		    uci -q add_list network.wan.dns=$server
+		done
+	fi
+
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 
@@ -61,12 +96,6 @@ l3_network_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
-		json_select wan 2>/dev/null
-		json_get_var device device
-		if [ -n "$device" ]; then
-			uci -q set network.wan.device="$device"
-			uci -q set network.wan6.device="$device"
-		fi
 		json_cleanup
 	fi
 
@@ -97,12 +126,3 @@ l3_network_config() {
 
 l3_network_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -17,6 +17,8 @@ l3_mcast_config() {
 l3_network_pppoe_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	wandev="$(uci -q get network.WAN.ifname)"
+
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
 	uci -q set network.lan.device='br-lan'
@@ -36,8 +38,40 @@ l3_network_pppoe_config() {
 	uci -q set network.wan.username="$NETMODE_username"
 	uci -q set network.wan.password="$NETMODE_password"
 	uci -q delete network.wan.disabled
+	uci -q delete network.wan.ipaddr
+	uci -q delete network.wan.gateway
+	uci -q delete network.wan.netmask
 
-	uci -q set network.wan6.disabled='1'
+	uci -q delete network.wan6
+
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
+
+	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
+
+		wandev="$vlandev"
+	fi
+
+	uci -q set network.wan.device="$wandev"
+
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
+
+	uci -q delete network.wan.dns
+	if [ -n "$NETMODE_dns_servers" ]; then
+		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
+		for server in $dns_servers; do
+		    uci -q add_list network.wan.dns=$server
+		done
+	fi
 
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
@@ -59,12 +93,6 @@ l3_network_pppoe_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
-		json_select wan 2>/dev/null
-		json_get_var device device
-		if [ -n "$device" ]; then
-			uci -q set network.wan.device="$device"
-			uci -q set network.wan6.device="$device"
-		fi
 		json_cleanup
 	fi
 
@@ -95,12 +123,3 @@ l3_network_pppoe_config() {
 
 l3_network_pppoe_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -0,0 +1,126 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+source "/etc/device_info"
+
+l3_mcast_config() {
+	# configure L3 mcast config
+	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
+
+	rm -f /etc/config/mcast
+	sh /rom/etc/uci-defaults/61-mcast_config_generate
+	uci -q commit mcast
+}
+
+l3_network_config() {
+	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
+
+	wandev="$(uci -q get network.WAN.ifname)"
+
+	# Configure L3 Network Mode
+	uci -q set network.lan=interface
+	uci -q set network.lan.device='br-lan'
+	uci -q set network.lan.proto='static'
+	uci -q set network.lan.ipaddr='192.168.1.1'
+	uci -q set network.lan.netmask='255.255.255.0'
+	uci -q set network.lan.ip6assign='60'
+	uci -q delete network.lan.vendorid
+	uci -q delete network.lan.clientid
+	uci -q delete network.lan.reqopts
+	uci -q delete network.lan.sendopts
+
+	uci -q delete network.lan6	
+
+	uci -q set network.wan=interface
+	uci -q set network.wan.device="$wandev"
+	uci -q set network.wan.proto='static'
+	uci -q set network.wan.ipaddr="$NETMODE_ipaddr"
+	uci -q set network.wan.gateway="$NETMODE_gateway"
+	uci -q set network.wan.netmask="$NETMODE_netmask"
+	uci -q delete network.wan.disabled
+	uci -q delete network.wan.username
+	uci -q delete network.wan.password
+
+	uci -q delete network.wan6
+
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
+
+	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
+
+		wandev="$vlandev"
+	fi
+
+	uci -q set network.wan.device="$wandev"
+
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
+
+	uci -q delete network.wan.dns
+	if [ -n "$NETMODE_dns_servers" ]; then
+		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
+		for server in $dns_servers; do
+		    uci -q add_list network.wan.dns=$server
+		done
+	fi
+
+	uci -q delete network.br_lan.ports
+	uci -q set network.br_lan.bridge_empty='1'
+
+	add_port_to_br_lan() {
+		port="$1"
+		[ -n "$port" -a -d /sys/class/net/$port ] || continue
+		uci add_list network.br_lan.ports="$port"
+	}
+
+	if [ -f /etc/board.json ]; then
+		json_load_file /etc/board.json
+		json_select network
+		json_select lan
+		if json_is_a ports array; then
+			json_for_each_item add_port_to_br_lan ports
+		else
+			json_get_var device device
+			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		fi
+		json_select ..
+		json_cleanup
+	fi
+
+	uci -q commit network
+
+	# Enable DHCP Server
+	uci -q set dhcp.lan.ignore=0
+	uci -q set dhcp.wan.ignore=1
+	uci -q commit dhcp
+	/etc/init.d/odhcpd enable
+
+	# Enable SSDPD
+	uci -q set ssdpd.ssdp.enabled="1"
+	uci -q commit ssdpd
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="wan"
+	uci -q commit cwmp
+
+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="wan"
+	uci -q commit gateway
+
+	# Enable firewall
+	uci -q set firewall.globals.enabled="1"
+	uci -q commit firewall
+}
+
+l3_network_config
+l3_mcast_config

netmode/files/etc/netmodes/supported_modes.json

@@ -3,25 +3,96 @@
   "supported_modes": [
     {
       "name": "routed-dhcp",
-      "description": "WAN with DHCP proto (Layer 3)"
+      "description": "DHCP",
+      "supported_args": [
+        {
+          "name": "vlanid",
+          "description": "VLAN ID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "dns_servers",
+          "description": "DNS Servers",
+          "required": false,
+          "type": "string"
+        }
+      ]
     },
     {
       "name": "routed-pppoe",
-      "description": "WAN with PPPoE (Layer 3)",
+      "description": "PPPoE",
       "supported_args": [
         {
           "name": "username",
-          "description": "PPPoE username",
+          "description": "PPPoE Username",
           "required": true,
-	  "type": "string",
+          "type": "string",
           "#value": "TestUser"
         },
         {
           "name": "password",
-          "description": "PPPoE password",
+          "description": "PPPoE Password",
           "required": true,
-	  "type": "string",
+          "type": "string",
           "#value": "TestPassword"
+        },
+        {
+          "name": "vlanid",
+          "description": "VLAN ID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "mtu",
+          "description": "MTU",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "dns_servers",
+          "description": "DNS Servers",
+          "required": false,
+          "type": "string"
+        }
+      ]
+    },
+    {
+      "name": "routed-static",
+      "description": "Static",
+      "supported_args": [
+        {
+          "name": "ipaddr",
+          "description": "IP Address",
+          "required": true,
+          "type": "string",
+          "#value": "93.21.0.104"
+        },
+        {
+          "name": "netmask",
+          "description": "Subnet Mask",
+          "required": true,
+          "type": "string",
+          "#value": "255.255.255.0"
+        },
+        {
+          "name": "gateway",
+          "description": "Default Gateway",
+          "required": true,
+          "type": "string",
+          "#value": "93.21.0.1"
+        },
+        {
+          "name": "vlanid",
+          "description": "VLAN ID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "dns_servers",
+          "description": "DNS Servers",
+          "required": false,
+          "type": "string"
         }
       ]
     }

netmode/files/etc/uci-defaults/40_netmode_set_default_netmode

@@ -0,0 +1,60 @@
+#!/bin/sh
+
+enabled="$(uci -q get netmode.global.enabled)"
+if [ "$enabled" != "1" ]; then
+	exit 0
+fi
+
+opconf_file="/opconf/opconf.json"
+[ -f $opconf_file ] || opconf_file="/usr_data/opconf/opconf.json"
+
+# Check if netmode getting provisioned from opconf, in case of opconf
+# provisioning, mode setting not required
+mode="$(jsonfilter -i $opconf_file -e @.netmode.mode 2>/dev/null)"
+if [ -n "${mode}" ]; then
+	exit 0
+fi
+
+# Check if opconf has wan provisioning enabled, if yes, get the proto/mode from opconf
+proto="$(jsonfilter -i $opconf_file -e '@.network.wan[@.name="wan"].proto' 2>/dev/null)"
+if [ -n "${proto}" ]; then
+	mode="routed-${proto}"
+	uci -q set netmode.global.mode="${mode}"
+	echo "${mode}" > /etc/netmodes/.last_mode
+	exit 0
+fi
+
+mode="$(uci -q get netmode.global.mode)"
+wanproto=$(uci -q get network.wan.proto)
+
+if [ -n "$mode" ]; then
+	# check if wanproto and mode aligned
+	if [ "${mode}" = "routed-${wanproto}" ]; then
+		exit 0
+	fi
+fi
+
+if [ ! -f "/etc/netmodes/supported_modes.json" ]; then
+	exit 0
+fi
+
+# NetMode is enabled without a Mode being set
+# Figure out the current mode from network config
+curmode=""
+case "$wanproto" in
+	dhcp) curmode="routed-dhcp" ;;
+	pppoe) curmode="routed-pppoe" ;;
+	static) curmode="routed-static" ;;
+esac
+
+found=0
+for md in $(jsonfilter -i /etc/netmodes/supported_modes.json -e "@.supported_modes.*.name"); do
+	[ "$md" = "$curmode" ] && found=1
+done
+
+if [ $found -eq 1 ]; then
+	uci -q set netmode.global.mode="$curmode"
+	echo "$curmode" > /etc/netmodes/.last_mode
+else
+	exit 1
+fi

netmode/files/lib/netmode/post/datamodel_init.sh

@@ -1,25 +1,17 @@
 #!/bin/sh
 
-# This script is to cleanup dmmap and restart datamodel related services
-# when wan mode changes
-
-if [ -d "/etc/bbfdm/dmmap/" ]; then
-	rm -rf /etc/bbfdm/dmmap/*
-fi
-
-# If device is booting up, no need to restart services
 if [ ! -f /var/run/boot_complete ]; then
-	return 0
+	exit 0
 fi
 
-if [ -x "/etc/init.d/bbfdm.services" ]; then
-	/etc/init.d/bbfdm.services restart
+if [ -f /etc/bbfdm/dmmap/dmmap_ppp ]; then
+	rm -f /etc/bbfdm/dmmap/dmmap_ppp
 fi
 
-if [ -x "/etc/init.d/bbfdmd" ]; then
-	/etc/init.d/bbfdmd restart
+if [ -f /etc/bbfdm/dmmap/dmmap_network ]; then
+	rm -f /etc/bbfdm/dmmap/dmmap_network*
 fi
 
-if [ -x "/etc/init.d/obuspa" ]; then
-	/etc/init.d/obuspa restart
-fi
+sleep 5
+
+reboot -f

netmode/files/lib/upgrade/keep.d/netmode

@@ -0,0 +1 @@
+/etc/netmodes/.last_mode

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.7.0
+PKG_VERSION:=10.0.0.22
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=6584b9f8facf0e688b80ca40d5961bad3f4922f8
+PKG_SOURCE_VERSION:=12991107039ee685fcd1000bb2649dd1c4b344ff
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,8 +32,9 @@ define Package/obuspa
   SUBMENU:=TRx69
   TITLE:=USP agent
   MENU:=1
-  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
-		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
+  DEPENDS:=+libopenssl +libcurl +libsqlite3 +libmosquitto-ssl +libwebsockets-openssl
+  DEPENDS+=+libjson-c +libubox +libubus +libuci +libblobmsg-json
+  DEPENDS+=+ca-certificates +OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 

obuspa/files/etc/init.d/obuspa

@@ -6,19 +6,18 @@ USE_PROCD=1
 
 PROG=/usr/sbin/obuspa
 CONFIGURATION=obuspa
-
 ENV_PROFILE="/root/.profile"
 KEEP_FILE="/lib/upgrade/keep.d/obuspa"
 
 RESET_FILE="/tmp/obuspa/fw_defaults"
-SQL_DB_FILE="/tmp/obuspa/usp.db"
-DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)"
+
+OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
 
 BASEPATH=""
 INSTANCE_COUNT=0
+CLIENT_ID_PREFIX=""
 
 . /lib/functions/network.sh
-. /usr/share/libubox/jshn.sh
 . /etc/obuspa/usp_utils.sh
 
 global_init()
@@ -30,6 +29,7 @@ global_init()
 log()
 {
 	echo "$*"|logger -t obuspa.init -p debug
+	echo "$*" >/dev/console
 }
 
 db_set_reset_file()
@@ -47,37 +47,9 @@ db_set_reset_file()
 	fi
 }
 
-db_set_sql()
-{
-	local param value
-
-	param="${1}"
-	shift
-	value="$*"
-
-	if [ -n "${param}" ] && [ -n "${value}" ]; then
-		if grep -q "${param} " ${DB_DUMP}; then
-			value="${value//\//\\/}"
-			sed -i "s/${param} .*/${param} \"${value}\"/g" ${DB_DUMP}
-		else
-			echo "${param} \"${value}\"" >> ${DB_DUMP}
-		fi
-	fi
-}
-
 db_set()
 {
-	# if sql db dump file present, update it
-	if [ -f "${DB_DUMP}" ]; then
-		db_set_sql "$@"
-	else
-		db_set_reset_file "$@"
-	fi
-}
-
-dump_db()
-{
-	${PROG} -v0 -f ${SQL_DB_FILE} -c show database |grep "^Internal.\|^Device."|sed '{s/=> /"/g;s/$/"/g}' | sort  > ${DB_DUMP}
+	db_set_reset_file "$@"
 }
 
 # if db present then check if it matches with existing instances
@@ -92,21 +64,6 @@ get_base_path()
 	path=""
 	count=0
 
-	if [ -f "${DB_DUMP}" ]; then
-		path=$(grep -E "${refpath}\d+.Alias \"${value}\"" ${DB_DUMP})
-		path=${path%.*}
-		if [ -z "${path}" ]; then
-			path=$(grep -oE "${refpath}\d+" ${DB_DUMP} |sort -r|head -n 1)
-			if [ -n "${path}" ]; then
-				count=${path##*.}
-				count=$(( count + 1 ))
-			else
-				count=1
-			fi
-			path="${refpath}${count}"
-		fi
-	fi
-
 	if [ -z "${path}" ]; then
 		INSTANCE_COUNT=$(( INSTANCE_COUNT + 1 ))
 		path="${refpath}${INSTANCE_COUNT}"
@@ -122,9 +79,7 @@ get_refrence_path()
 	value="${2}"
 	path=""
 
-	if [ -f "${DB_DUMP}" ]; then
-		path=$(grep -E "${dmref}\d+.Alias " ${DB_DUMP}|grep -w "${value}")
-	elif [ -f "${RESET_FILE}" ]; then
+	if [ -f "${RESET_FILE}" ]; then
 		path=$(grep -E "${dmref}\d+.Alias " ${RESET_FILE}|grep -w "${value}")
 	fi
 	path=${path%.*}
@@ -136,7 +91,7 @@ update_keep()
 	file=${1}
 
 	if [ -z "${file}" ]; then
-		return;
+		return 0
 	fi
 
 	if [ ! -f "${KEEP_FILE}" ]; then
@@ -263,7 +218,7 @@ configure_localagent()
 
 	validate_localagent_section "${1}" || {
 		log "Validation of localagent section failed"
-		return 0;
+		return 0
 	}
 
 	db_set Device.LocalAgent.EndpointID "${EndpointID}"
@@ -271,7 +226,7 @@ configure_localagent()
 
 update_reset_reason()
 {
-	[ -f "/tmp/reset_reason" ] || return 0;
+	[ -f "/tmp/reset_reason" ] || return 0
 
 	if grep -qwi "defaultreset" /tmp/reset_reason; then
 		db_set Internal.Reboot.Cause "FactoryReset"
@@ -310,10 +265,6 @@ get_role_index()
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
 		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
 		echo "$val"
-	elif [ -f "${DB_DUMP}" ]; then
-		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)"
-		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
-		echo "$val"
 	else
 		log "Not able to get role ${name}, use Untrusted role"
 		echo "${drole}"
@@ -331,19 +282,19 @@ configure_controller()
 	sec="${1}"
 	validate_controller_section "${1}" || {
 		log "Validation of controller section failed"
-		return 1;
+		return 1
 	}
 
 	sec="${sec/controller_/cpe-}"
 	get_base_path "Device.LocalAgent.Controller." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "controller:: Protocol cannot be empty"
-		return 1;
+		return 1
 	fi
 
 	dm_ref=""
@@ -439,14 +390,14 @@ configure_subscription()
 	sec="${1}"
 	validate_subscription_section "${1}" || {
 		log "Validation of subscription section failed"
-		return 1;
+		return 1
 	}
 
 	sec="${sec/sub_/cpe-}"
 	get_base_path "Device.LocalAgent.Subscription." "sub_${1}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 
 	if [ -n "${controller}" ]; then
@@ -483,12 +434,12 @@ configure_challenges()
 	get_base_path "Device.LocalAgent.ControllerTrust.Challenge." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 
 	if [ -z "${role_name}" ] && [ -z "${Role}" ]; then
-		log "Either role_name or Role must defined for a challenge";
-		return 1;
+		log "Either role_name or Role must defined for a challenge"
+		return 1
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -515,18 +466,18 @@ configure_mtp() {
 	sec="${1}"
 	validate_mtp_section "${1}" || {
 		log "Validation of mtp section failed"
-		return 1;
+		return 1
 	}
 	sec="${sec/mtp_/cpe-}"
 	get_base_path "Device.LocalAgent.MTP." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "Protocol not defined for the mtp[${1}] section"
-		return 1;
+		return 1
 	fi
 
 	dm_ref=""
@@ -584,14 +535,14 @@ configure_stomp_connection() {
 	sec="${1}"
 	validate_stomp_connection_section "${1}" || {
 		log "Validation of stomp section failed"
-		return 1;
+		return 1
 	}
 
 	sec="${sec/stomp_/cpe-}"
 	get_base_path "Device.STOMP.Connection." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -614,14 +565,18 @@ configure_mqtt_client() {
 	sec="${1}"
 	validate_mqtt_client_section "${1}" || {
 		log "Validation of mqtt section failed"
-		return 1;
+		return 1
 	}
 
 	sec="${sec/mqtt_/cpe-}"
 	get_base_path "Device.MQTT.Client." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
+	fi
+
+	if [ -z "${ClientID}" ]; then
+		ClientID="${CLIENT_ID_PREFIX}-${sec}"
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -648,6 +603,9 @@ configure_obuspa() {
 	fi
 
 	if [ -n "${log_level}" ]; then
+		if [ "${log_level}" -gt "4" ]; then
+			log_level="4"
+		fi
 		procd_append_param command -v "${log_level}"
 	fi
 
@@ -676,13 +634,13 @@ configure_obuspa() {
 
 	if [ -n "${db_file}" ]; then
 		update_keep "${db_file}"
-		procd_append_param command -f "${SQL_DB_FILE}"
+		procd_append_param command -f "${db_file}"
+		if [ -f "${db_file}-journal" ]; then
+			log "SQL Journal detected ..."
+		fi
 	fi
 
 	if [ -f "${RESET_FILE}" ]; then
-		if [ -f "${SQL_DB_FILE}" ]; then
-			mv ${SQL_DB_FILE} ${SQL_DB_FILE}.old
-		fi
 		procd_append_param command -r ${RESET_FILE}
 	fi
 
@@ -691,6 +649,11 @@ configure_obuspa() {
 		if [ -f "${trust_cert}" ]; then
 			procd_append_param command -t "${trust_cert}"
 		fi
+	else
+		# Use default CA, if trust store not defined
+		if [ -f "/etc/ssl/cert.pem" ]; then
+			procd_append_param command -t "/etc/ssl/cert.pem"
+		fi
 	fi
 
 	if [ -n "${client_cert}" ]; then
@@ -701,301 +664,34 @@ configure_obuspa() {
 	fi
 }
 
-get_instances_from_db_dump()
-{
-	local obj inst
-
-	obj="${1}\d+"
-	if [ ! -f "${DB_DUMP}" ]; then
-		echo ""
-		return 0;
-	fi
-
-	inst="$(grep -oE "${obj}" "${DB_DUMP}"|uniq)"
-	echo "$inst"
-}
-
-get_param_value_from_dump()
-{
-	local param value
-
-	param="${1}"
-
-	if [ -z "${param}" ] || [ ! -f "${DB_DUMP}" ]; then
-		log "error getting param"
-		echo ""
-		return 0
-	fi
-
-	value="$(grep "^${param} " ${DB_DUMP}|awk '{print $2}')"
-
-	echo "${value//\"/}"
-}
-
-update_uci_sec()
-{
-	local sec tmp
-
-	sec="${1}"
-	stype="${2}"
-	if [ -z "$sec" ] || [ -z "$stype" ]; then
-		log "No section name, error"
-		return 0
-	fi
-
-	tmp="$(uci_get obuspa "${sec}")"
-	if [ "$tmp" != "$stype" ]; then
-		uci_add obuspa "${stype}" "${sec}"
-	fi
-}
-
-sync_db_controller()
-{
-	local cntrs copts sec pvalue protocol
-
-	copts="Enable EndpointID PeriodicNotifInterval"
-	popts="Destination Topic Host Port Path EnableEncryption"
-
-	cntrs="$(get_instances_from_db_dump Device.LocalAgent.Controller.)"
-	for cntr in $cntrs; do
-		sec="$(get_param_value_from_dump "${cntr}".Alias)"
-		sec="${sec/cpe-/controller_}"
-		sec="${sec/-/_}"
-
-		update_uci_sec "${sec}" controller
-		for param in ${copts}; do
-			pvalue="$(get_param_value_from_dump "${cntr}"."${param}")"
-			uci_set obuspa "${sec}" "${param}" "${pvalue}"
-		done
-		uci_set obuspa "${sec}" "_sync" "1"
-
-		protocol="$(get_param_value_from_dump "${cntr}".MTP.1.Protocol)"
-		if [ -z "${protocol}" ]; then
-			break;
-		fi
-		uci_set obuspa "${sec}" "Protocol" "${protocol}"
-		for param in ${popts}; do
-			pvalue="$(get_param_value_from_dump "${cntr}".MTP.1."${protocol}"."${param}")"
-			uci_set obuspa "${sec}" "${param}" "${pvalue}"
-		done
-	done
-}
-
-sync_db_localagent_mtp()
-{
-	local mtps opts popts sec pvalue protocol
-
-	opts="Enable"
-	popts="ResponseTopicConfigured Destination Port Path EnableEncryption PublishQoS"
-
-	mtps="$(get_instances_from_db_dump Device.LocalAgent.MTP.)"
-	for inst in $mtps; do
-		sec="$(get_param_value_from_dump "${inst}".Alias)"
-		sec="${sec/cpe-/mtp_}"
-		sec="${sec/-/_}"
-		update_uci_sec "${sec}" mtp
-		for param in ${opts}; do
-			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
-			uci_set obuspa "${sec}" "${param}" "${pvalue}"
-		done
-		uci_set obuspa "${sec}" "_sync" "1"
-
-		protocol="$(get_param_value_from_dump "${inst}".Protocol)"
-		if [ -z "${protocol}" ]; then
-			break;
-		fi
-		uci_set obuspa "${sec}" "Protocol" "${protocol}"
-		for param in ${popts}; do
-			pvalue="$(get_param_value_from_dump "${inst}"."${protocol}"."${param}")"
-			uci_set obuspa "${sec}" "${param}" "${pvalue}"
-		done
-	done
-}
-
-
-sync_db_mqtt_client()
-{
-	local mtps copts sec pvalue protocol
-
-	opts="Enable BrokerAddress BrokerPort Username ProtocolVersion TransportProtocol ClientID"
-
-	mtps="$(get_instances_from_db_dump Device.MQTT.Client.)"
-	for inst in $mtps; do
-		sec="$(get_param_value_from_dump "${inst}".Alias)"
-		sec="${sec/cpe-/mqtt_}"
-		sec="${sec/-/_}"
-		update_uci_sec "${sec}" mqtt
-		for param in ${opts}; do
-			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
-			uci_set obuspa "${sec}" "${param}" "${pvalue}"
-		done
-		uci_set obuspa "${sec}" "_sync" "1"
-	done
-}
-
-sync_db_stomp_connection()
-{
-	local mtps copts sec pvalue protocol
-
-	opts="Enable Host Port Username EnableEncryption EnableHeartbeats VirtualHost"
-
-	mtps="$(get_instances_from_db_dump Device.STOMP.Connection.)"
-	for inst in $mtps; do
-		sec="$(get_param_value_from_dump "${inst}".Alias)"
-		sec="${sec/cpe-/stomp_}"
-		sec="${sec/-/_}"
-		update_uci_sec "${sec}" stomp
-		for param in ${opts}; do
-			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
-			uci_set obuspa "${sec}" "${param}" "${pvalue}"
-		done
-		uci_set obuspa "${sec}" "_sync" "1"
-	done
-}
-
-sync_update_sec()
-{
-	local _sync
-	config_get _sync "${1}" _sync ""
-	if [ -z "${_sync}" ]; then
-		uci_remove obuspa "${1}"
-		log "Deleting obuspa.${1} section ..."
-	else
-		uci_remove obuspa "${1}" _sync
-	fi
-}
-
-sync_uci_with_db()
-{
-	if [ ! -f "${DB_DUMP}" ]; then
-		return 0;
-	fi
-
-	config_load obuspa
-	sync_db_controller
-	sync_db_localagent_mtp
-	sync_db_mqtt_client
-	sync_db_stomp_connection
-	uci_commit obuspa
-
-	config_load obuspa
-	config_foreach sync_update_sec controller
-	config_foreach sync_update_sec mtp
-	config_foreach sync_update_sec mqtt
-	config_foreach sync_update_sec stomp
-	uci_commit obuspa
-}
-
-delete_sql_db_entry_with_pattern()
-{
-	local params pattern
-
-	pattern="${1}"
-	if [ ! -f "${DB_DUMP}" ]; then
-		return 0;
-	fi
-
-	if [ "${#pattern}" -lt 7 ]; then
-		return 0;
-	fi
-
-	#log "Deleting with pattern [${pattern}] from ${DB_DUMP}"
-	sed -i "/${pattern}/d" ${DB_DUMP}
-}
-
-check_n_delete_db()
-{
-	local sec t r path
-
-	sec="${1}"
-	if uci -q get obuspa."${sec}" >/dev/null 2>&1; then
-		return 0
-	fi
-
-	t="${2}"
-	r="${3}"
-	sec="${sec/${t}_/cpe-}"
-
-	path=$(grep -E "${r}\d+.Alias \"${sec}\"" ${DB_DUMP})
-	path=${path%.*}
-
-	delete_sql_db_entry_with_pattern "${path}"
-}
-
-workaround_remove_download_pattern()
-{
-	local inst
-
-	inst="$(cat ${DB_DUMP} |grep -E "Device.DeviceInfo.FirmwareImage.\d.Download()"|grep -oE "Device.LocalAgent.Request.\d.")"
-
-	if [ -n "${inst}" ]; then
-		log "Workaround to remove the old download Request [$inst]"
-		delete_sql_db_entry_with_pattern "${inst}"
-	fi
-}
-
-reverse_update_db_with_uci()
-{
-	if [ ! -f "${DB_DUMP}" ]; then
-		return 0;
-	fi
-
-	export UCI_CONFIG_DIR="/tmp/obuspa"
-	config_load obuspa
-	config_foreach check_n_delete_db controller controller "Device.LocalAgent.Controller."
-	config_foreach check_n_delete_db mtp mtp "Device.LocalAgent.MTP."
-	config_foreach check_n_delete_db mqtt mqtt "Device.MQTT.Client."
-	config_foreach check_n_delete_db stomp stomp "Device.STOMP.Connection."
-	unset UCI_CONFIG_DIR
-}
-
 # Create factory reset file
 db_init()
 {
-	local reason role_file
+	local reason
 
 	reason="${1}"
-	mkdir -p /tmp/obuspa/
-
-	# Load configuration
-	config_load $CONFIGURATION
-	config_get SQL_DB_FILE global db_file "/tmp/obuspa/usp.db"
-	config_get role_file global role_file ""
-
-	if [ -f "${SQL_DB_FILE}.old" ] && [ ! -f "${SQL_DB_FILE}" ]; then
-		log "Copying old db, since new db not present ..."
-		mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
+	# remove usp.db, in case of reload
+	if [ -f "${OBUSPA_BOOT_MARKER}" ] && [ "${reason}" = "update" ]; then
+		log "Deleting ${OBUSPA_BOOT_MARKER} in order to enforce values from UCI..."
+		rm -f "${OBUSPA_BOOT_MARKER}"
 	fi
 
-	# Dump datamodel parameters from DB
-	if [ -f "${SQL_DB_FILE}" ]; then
-		dump_db
-	fi
-
-	# In case of Reboot or service restart update the uci
-        # from usp.db file
-	if [ -f "${DB_DUMP}" ] && [ "${reason}" != "update" ]; then
-		# Only do this if db have reasonable data
-		val="$(awk 'END{print NR}' ${DB_DUMP})"
-		if [ "$val" -gt 15 ]; then
-			log "Syncing obuspa uci with usp.db ...."
-			sync_uci_with_db
-		fi
-	fi
-
-	# remove entries from db if deleted from uci, only in case of reload
-	if [ -f "${DB_DUMP}" ] && [ "${reason}" = "update" ] && [ -f "/tmp/obuspa/obuspa" ]; then
-		log "Deleting entries from usp.db if uci not present ...."
-		reverse_update_db_with_uci
+	if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
+		return 0
 	fi
 
 	# Remove reset file if present
-	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old
+	[ -f "${RESET_FILE}" ] && rm ${RESET_FILE}
+
+	CLIENT_ID_PREFIX="$(db -q get device.deviceinfo.ManufacturerOUI)"
+	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX}-$(db -q get device.deviceinfo.SerialNumber)"
+	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX//+/%2b}"
 
 	#log "Create reset file ...."
 	config_load $CONFIGURATION
 	config_get dualstack_pref global dualstack_pref "IPv6"
 
+	log "Enforcing UCI values, no boot marker found."
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@@ -1011,21 +707,12 @@ db_init()
 	global_init
 	config_foreach configure_challenges challenge
 
+	# enforce ctrust only on upgrades, not on reloads
+	if [ -f "${CTRUST_RESET_FILE}" ] && [ -z "${reason}" ]; then
+		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
+	fi
 	update_reset_reason
 	update_dual_stack_pref "${dualstack_pref}"
-
-	uci_commit ${CONFIGURATION}
-
-	cp /etc/config/obuspa /tmp/obuspa/
-	if [ -f "${DB_DUMP}" ]; then
-		workaround_remove_download_pattern
-		mv ${DB_DUMP} ${RESET_FILE}
-	fi
-
-	if [ -f "${CTRUST_RESET_FILE}" ]; then
-		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
-		rm ${CTRUST_RESET_FILE}
-	fi
 }
 
 start_service() {
@@ -1033,25 +720,22 @@ start_service() {
 
 	mkdir -p /tmp/obuspa/
 	config_load obuspa
-	config_get_bool enabled global enabled 0
+	config_get_bool enabled global enabled 1
 
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then
-		db_init "${1}"
 		procd_set_param command ${PROG}
+		db_init "${1}"
 		configure_obuspa
 		procd_set_param respawn \
 			"${respawn_threshold:-10}" \
 			"${respawn_timeout:-10}" "${respawn_retry:-5}"
-		#procd_set_param limits core="unlimited"
 	fi
 	procd_close_instance ${CONFIGURATION}
 }
 
 stop_service() {
-	if command -v timeout >/dev/null 2>&1; then
-		timeout 5 ${PROG} -c stop
-	fi
+	${PROG} -c stop
 }
 
 reload_service() {
@@ -1060,5 +744,6 @@ reload_service() {
 }
 
 service_triggers() {
+	export PROCD_RELOAD_DELAY=3000
 	procd_add_reload_trigger "obuspa"
 }

obuspa/files/etc/obuspa/usp_utils.sh

@@ -1,10 +1,12 @@
 #!/bin/sh
 
-CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
+CTRUST_RESET_FILE="/etc/obuspa/ctrust_reset"
 VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
 FW_DEFAULT_ROLE_DIR="/etc/users/roles"
 SECURE_ROLES=""
 
+CTRUST_RESET_FILE_TEMP="/tmp/obuspa/ctrust_reset"
+
 mkdir -p /tmp/obuspa/
 
 # include jshn.sh
@@ -23,9 +25,9 @@ db_add()
 	value="$*"
 
 	if [ -n "${param}" ] && [ -n "${value}" ]; then
-		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE}
+		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE_TEMP}
 	else
-		echo >>${CTRUST_RESET_FILE}
+		echo >>${CTRUST_RESET_FILE_TEMP}
 	fi
 }
 
@@ -252,7 +254,10 @@ configure_ctrust_role()
 	if [ -n "${SECURE_ROLES}" ]; then
 		db_add Device.LocalAgent.ControllerTrust.SecuredRoles "${SECURE_ROLES}"
 	fi
+
+	if [ -f "${CTRUST_RESET_FILE_TEMP}" ]; then
+		mv -f "${CTRUST_RESET_FILE_TEMP}" "${CTRUST_RESET_FILE}"
+	fi
 }
 
 # configure_ctrust_role "${@}"
-

obuspa/files/etc/uci-defaults/61-override-ct-roles

@@ -4,5 +4,3 @@
 . /etc/obuspa/usp_utils.sh
 
 configure_ctrust_role
-
-exit 0

obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user

@@ -8,6 +8,7 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
 CONTROLLER_DISCOVERED=0
+OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
 
 log()
 {
@@ -272,6 +273,17 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		fi
 	done
 
+	# Check if any of the existing controller section matches with the endpointid
+	if [ -z "${dhcp_controller}" ] && [ -n "${ENDPOINT_ID}" ]; then
+		for controller in $controllers; do
+			endpointid=$(uci -q get obuspa."${controller}".EndpointID)
+			if [ "${endpointid}" = "${ENDPOINT_ID}" ]; then
+				dhcp_controller="${controller}"
+				break
+			fi
+		done
+	fi
+
 	if [ -n "${dhcp_controller}" ]; then
 		cont_proto=$(uci -q get obuspa."${dhcp_controller}".Protocol)
 		if [ "${cont_proto}" = "MQTT" ]; then
@@ -376,8 +388,7 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				fi
 
 				if [ -z "${dhcp_mtp}" ]; then
-					sec=$(uci -q add obuspa mtp)
-					uci -q rename obuspa."${sec}"='dhcpmtp'
+					uci -q set obuspa.dhcpmtp="mtp"
 					dhcp_mtp="dhcpmtp"
 					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
@@ -394,8 +405,7 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 					user="$(uci -q get obuspa.global.username)"
 					pass="$(uci -q get obuspa.global.password)"
 
-					sec=$(uci -q add obuspa mqtt)
-					uci -q rename obuspa."${sec}"='dhcpmqtt'
+					uci -q set obuspa.dhcpmqtt="mqtt"
 					dhcp_mqtt="dhcpmqtt"
 					uci -q set obuspa."${dhcp_mqtt}".Enable='1'
 					uci -q set obuspa."${dhcp_mqtt}".Username="${user}"
@@ -408,8 +418,7 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				uci -q set obuspa."${dhcp_mqtt}".ProtocolVersion='5.0'
 
 				if [ -z "${dhcp_mtp}" ]; then
-					sec=$(uci -q add obuspa mtp)
-					uci -q rename obuspa."${sec}"='dhcpmtp'
+					uci -q set obuspa.dhcpmtp="mtp"
 					dhcp_mtp="dhcpmtp"
 					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
@@ -467,64 +476,64 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 			fi
 		fi
 	else
-		uci -q delete obuspa.dhcpmtp
-		uci -q delete obuspa.dhcpmqtt
+		# Only setup a new controller, only if mandatory param present
+		if [ -n "${ENDPOINT_ID}" ] && [ -n "${URL}" ]; then
+			uci -q delete obuspa.dhcpmtp
+			uci -q delete obuspa.dhcpmqtt
 
-		sec=$(uci -q add obuspa controller)
-		uci -q rename obuspa."${sec}"='dhcpcontroller'
-		uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
-		uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
-		uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
-		uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
-		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
-		uci -q set obuspa.dhcpcontroller.Enable='1'
+			uci -q set obuspa.dhcpcontroller="controller"
+			uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
+			uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
+			uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
+			uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
+			uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
+			uci -q set obuspa.dhcpcontroller.Enable='1'
 
-		if [ -n "${offered_proto}" ]; then
-			if [ "${offered_proto}" = "MQTT" ]; then
-				user="$(uci -q get obuspa.global.username)"
-				pass="$(uci -q get obuspa.global.password)"
+			if [ -n "${offered_proto}" ]; then
+				if [ "${offered_proto}" = "MQTT" ]; then
+					user="$(uci -q get obuspa.global.username)"
+					pass="$(uci -q get obuspa.global.password)"
 
-				uci -q set obuspa.dhcpcontroller.Topic="${topic}"
-				uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
+					uci -q set obuspa.dhcpcontroller.Topic="${topic}"
+					uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
 
-				sec=$(uci -q add obuspa mqtt)
-				uci -q rename obuspa."${sec}"='dhcpmqtt'
-				uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
-				uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
-				uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
-				uci -q set obuspa.dhcpmqtt.Enable='1'
-				uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
-				uci -q set obuspa.dhcpmqtt.Username="${user}"
-				uci -q set obuspa.dhcpmqtt.Password="${pass}"
+					uci -q set obuspa.dhcpmqtt="mqtt"
+					uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
+					uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
+					uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
+					uci -q set obuspa.dhcpmqtt.Enable='1'
+					uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
+					uci -q set obuspa.dhcpmqtt.Username="${user}"
+					uci -q set obuspa.dhcpmqtt.Password="${pass}"
 
 
-				agent_topic=$(get_agent_topic)
-				sec=$(uci -q add obuspa mtp)
-				uci -q rename obuspa."${sec}"='dhcpmtp'
-				uci -q set obuspa.dhcpmtp.Protocol='MQTT'
-				uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
-				uci -q set obuspa.dhcpmtp.Enable='1'
-				uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
-			else
-				uci -q set obuspa.dhcpcontroller.Path="${topic}"
-				uci -q set obuspa.dhcpcontroller.Host="${ip}"
-				uci -q set obuspa.dhcpcontroller.Port="${port}"
-				uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
+					agent_topic=$(get_agent_topic)
+					uci -q set obuspa.dhcpmtp="mtp"
+					uci -q set obuspa.dhcpmtp.Protocol='MQTT'
+					uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
+					uci -q set obuspa.dhcpmtp.Enable='1'
+					uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
+				else
+					uci -q set obuspa.dhcpcontroller.Path="${topic}"
+					uci -q set obuspa.dhcpcontroller.Host="${ip}"
+					uci -q set obuspa.dhcpcontroller.Port="${port}"
+					uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
 
-				sec=$(uci -q add obuspa mtp)
-				uci -q rename obuspa."${sec}"='dhcpmtp'
-
-				uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
-				uci -q set obuspa.dhcpmtp.Port="${port}"
-				uci -q set obuspa.dhcpmtp.Enable='1'
-				uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
+					uci -q set obuspa.dhcpmtp="mtp"
+					uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
+					uci -q set obuspa.dhcpmtp.Port="${port}"
+					uci -q set obuspa.dhcpmtp.Enable='1'
+					uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
+				fi
 			fi
+			uci_change=1
 		fi
-
-		uci_change=1
 	fi
 
 	if [ ${uci_change} -eq 1 ]; then
+		if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
+			rm -f "${OBUSPA_BOOT_MARKER}"
+		fi
 		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi

obuspa/patches/0002-fix_e2e_session_init.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.5.0/src/core/device_controller.c
+Index: obuspa-10.0.0.1/src/core/device_controller.c
 ===================================================================
---- obuspa-10.0.5.0.orig/src/core/device_controller.c
-+++ obuspa-10.0.5.0/src/core/device_controller.c
-@@ -4223,6 +4223,14 @@ int ProcessControllerAdded(int cont_inst
+--- obuspa-10.0.0.1.orig/src/core/device_controller.c
++++ obuspa-10.0.0.1/src/core/device_controller.c
+@@ -4211,6 +4211,14 @@ int ProcessControllerAdded(int cont_inst
          goto exit;
      }
  
@@ -17,7 +17,7 @@ Index: obuspa-10.0.5.0/src/core/device_controller.c
      // Exit if unable to get the object instance numbers present in this controller's MTP table
      USP_SNPRINTF(path, sizeof(path), "%s.%d.MTP", device_cont_root, cont_instance);
      err = DATA_MODEL_GetInstances(path, &iv);
-@@ -4264,14 +4272,6 @@ int ProcessControllerAdded(int cont_inst
+@@ -4252,14 +4260,6 @@ int ProcessControllerAdded(int cont_inst
      DEVICE_MQTT_UpdateControllerTopics();
  #endif
  

obuspa/patches/0004-bulkdata_extn.patch

@@ -1,7 +1,7 @@
-Index: obuspa-10.0.4.0/src/core/bdc_exec.c
+Index: obuspa-10.0.0.1/src/core/bdc_exec.c
 ===================================================================
---- obuspa-10.0.4.0.orig/src/core/bdc_exec.c
-+++ obuspa-10.0.4.0/src/core/bdc_exec.c
+--- obuspa-10.0.0.1.orig/src/core/bdc_exec.c
++++ obuspa-10.0.0.1/src/core/bdc_exec.c
 @@ -549,10 +549,25 @@ int StartSendingReport(bdc_connection_t
  
      // Set the list of headers
@@ -30,10 +30,10 @@ Index: obuspa-10.0.4.0/src/core/bdc_exec.c
          bc->headers = curl_slist_append(bc->headers, "Content-Encoding: gzip");
      }
  
-Index: obuspa-10.0.4.0/src/core/bdc_exec.h
+Index: obuspa-10.0.0.1/src/core/bdc_exec.h
 ===================================================================
---- obuspa-10.0.4.0.orig/src/core/bdc_exec.h
-+++ obuspa-10.0.4.0/src/core/bdc_exec.h
+--- obuspa-10.0.0.1.orig/src/core/bdc_exec.h
++++ obuspa-10.0.0.1/src/core/bdc_exec.h
 @@ -54,6 +54,8 @@ void BDC_EXEC_ScheduleExit(void);
  #define BDC_FLAG_PUT            0x00000001  // If set, HTTP PUT should be used instead of HTTP POST when sending the report to the BDC server
  #define BDC_FLAG_GZIP           0x00000002  // If set, the reports contants are Gzipped
@@ -45,10 +45,10 @@ Index: obuspa-10.0.4.0/src/core/bdc_exec.h
 +#define BDC_FLAG_HEADER_PER_ROW  0x00000020 // If set, report format in header would be csv ParameterPerRow
 +#define BDC_FLAG_HEADER_PER_COL  0x00000040 // If set, report format in header would be csv ParameterPerColumn
  #endif
-Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
+Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
 ===================================================================
---- obuspa-10.0.4.0.orig/src/core/device_bulkdata.c
-+++ obuspa-10.0.4.0/src/core/device_bulkdata.c
+--- obuspa-10.0.0.1.orig/src/core/device_bulkdata.c
++++ obuspa-10.0.0.1/src/core/device_bulkdata.c
 @@ -71,8 +71,12 @@
  
  //------------------------------------------------------------------------------
@@ -95,7 +95,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
  int Validate_BulkDataHTTPMethod(dm_req_t *req, char *value);
 @@ -247,7 +259,8 @@ bulkdata_profile_t *bulkdata_find_free_p
  bulkdata_profile_t *bulkdata_find_profile(int profile_id);
- int bulkdata_calc_report_map(bulkdata_profile_t *bp, kv_vector_t *report_map, combined_role_t *combined_role);
+ int bulkdata_calc_report_map(bulkdata_profile_t *bp, kv_vector_t *report_map);
  int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *out_buf, int buf_len);
 -char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timestamp);
 +char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timestamp, char *report_format);
@@ -103,16 +103,16 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
  unsigned char *bulkdata_compress_report(profile_ctrl_params_t *ctrl, char *input_buf, int input_len, int *p_output_len);
  int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_profile_t *bp, unsigned char *json_report, int report_len);
  int bulkdata_start_profile(bulkdata_profile_t *bp);
-@@ -263,6 +276,8 @@ int bulkdata_platform_get_param_refs(int
- int bulkdata_platform_calc_combined_role(int instance, combined_role_t **bulkdata_role, combined_role_t *combined_role, int *cont_instance);
- void bulkdata_expand_param_ref(param_ref_entry_t *pr, group_get_vector_t *ggv, combined_role_t *combined_role);
+@@ -262,6 +275,8 @@ char *bulkdata_platform_calc_uri_query_s
+ int bulkdata_platform_get_param_refs(int profile_id, param_ref_vector_t *param_refs);
+ void bulkdata_expand_param_ref(param_ref_entry_t *pr, group_get_vector_t *ggv);
  void bulkdata_append_to_result_map(param_ref_entry_t *pr, group_get_vector_t *ggv, kv_vector_t *report_map);
 +void append_string_to_target(char *str, char **output);
 +char *csv_encode(const char *str);
- int GetAuto_BulkDataController(dm_req_t *req, char *buf, int len);
  #ifdef ENABLE_MQTT
  int Validate_BulkDataMqttReference(dm_req_t *req, char *value);
-@@ -301,7 +316,7 @@ int DEVICE_BULKDATA_Init(void)
+ void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp);
+@@ -299,7 +314,7 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_VendorParam_ReadOnly("Device.BulkData.Status", Get_BulkDataGlobalStatus, DM_STRING);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MinReportingInterval", BULKDATA_MINIMUM_REPORTING_INTERVAL_STR, DM_UINT);
      err |= USP_REGISTER_Param_SupportedList("Device.BulkData.Protocols", bdc_protocols, NUM_ELEM(bdc_protocols));
@@ -121,7 +121,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
      err |= USP_REGISTER_Param_Constant("Device.BulkData.ParameterWildCardSupported", "true", DM_BOOL);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MaxNumberOfProfiles", BULKDATA_MAX_PROFILES_STR, DM_INT);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MaxNumberOfParameterReferences", "-1", DM_INT);
-@@ -316,7 +331,7 @@ int DEVICE_BULKDATA_Init(void)
+@@ -314,7 +329,7 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Name", "", NULL, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.NumberOfRetainedFailedReports", "0", Validate_NumberOfRetainedFailedReports, NULL, DM_INT);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Protocol", BULKDATA_PROTOCOL_HTTP, Validate_BulkDataProtocol, NULL, DM_STRING);
@@ -129,8 +129,8 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
 +    err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.EncodingType", BULKDATA_ENCODING_TYPE_JSON, Validate_BulkDataEncodingType, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.ReportingInterval", "86400", Validate_BulkDataReportingInterval, NotifyChange_BulkDataReportingInterval, DM_UINT);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.TimeReference", UNKNOWN_TIME_STR, NULL, NotifyChange_BulkDataTimeReference, DM_DATETIME);
-     err |= USP_REGISTER_DBParam_ReadOnlyAuto("Device.BulkData.Profile.{i}.Controller", GetAuto_BulkDataController, DM_STRING);
-@@ -329,9 +344,16 @@ int DEVICE_BULKDATA_Init(void)
+ 
+@@ -326,9 +341,16 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Parameter.{i}.Reference", "", Validate_BulkDataReference, NULL, DM_STRING);
  
      // Device.BulkData.Profile.{i}.JSONEncoding
@@ -148,7 +148,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
      // Device.BulkData.Profile.{i}.HTTP
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.HTTP.URL", "", NULL, NotifyChange_BulkDataURL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.HTTP.Username", "", NULL, NULL, DM_STRING);
-@@ -687,9 +709,10 @@ int Validate_BulkDataProtocol(dm_req_t *
+@@ -614,9 +636,10 @@ int Validate_BulkDataProtocol(dm_req_t *
  int Validate_BulkDataEncodingType(dm_req_t *req, char *value)
  {
      // Exit if trying to set a value outside of the range we accept
@@ -162,7 +162,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
          return USP_ERR_INVALID_VALUE;
      }
  
-@@ -793,9 +816,36 @@ int Validate_BulkDataReference(dm_req_t
+@@ -720,9 +743,36 @@ int Validate_BulkDataReference(dm_req_t
  int Validate_BulkDataReportFormat(dm_req_t *req, char *value)
  {
      // Exit if trying to set a value outside of the range we accept
@@ -201,7 +201,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
          return USP_ERR_INVALID_VALUE;
      }
  
-@@ -2151,6 +2201,14 @@ int bulkdata_platform_get_profile_contro
+@@ -2053,6 +2103,14 @@ int bulkdata_platform_get_profile_contro
          return err;
      }
  
@@ -216,7 +216,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
      // Exit if unable to get ReportTimestamp
      USP_SNPRINTF(path, sizeof(path), "Device.BulkData.Profile.%d.JSONEncoding.ReportTimestamp", bp->profile_id);
      err = DATA_MODEL_GetParameterValue(path, ctrl_params->report_timestamp, sizeof(ctrl_params->report_timestamp), 0);
-@@ -2159,6 +2217,54 @@ int bulkdata_platform_get_profile_contro
+@@ -2061,6 +2119,54 @@ int bulkdata_platform_get_profile_contro
          return err;
      }
  
@@ -271,7 +271,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
  #ifdef ENABLE_MQTT
  {
      char protocol[32];
-@@ -2492,7 +2598,7 @@ void bulkdata_process_profile_http(bulkd
+@@ -2334,7 +2440,7 @@ void bulkdata_process_profile_http(bulkd
  {
      int err;
      report_t *cur_report;
@@ -280,7 +280,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
      profile_ctrl_params_t ctrl;
      unsigned char *compressed_report;
      int compressed_len;
-@@ -2541,26 +2647,39 @@ void bulkdata_process_profile_http(bulkd
+@@ -2373,10 +2479,23 @@ void bulkdata_process_profile_http(bulkd
      }
  
      // Exit if unable to generate the report
@@ -308,9 +308,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
          return;
      }
  
-     // Print out the JSON report, if debugging is enabled
--    USP_LOG_Info("\nBULK DATA: %sing at time %s, to url=%s", ctrl.method, iso8601_cur_time(buf, sizeof(buf)), ctrl.url);
-+    USP_LOG_Info("BULK DATA: %sing at time %s, to url=%s", ctrl.method, iso8601_cur_time(buf, sizeof(buf)), ctrl.url);
+@@ -2385,14 +2504,14 @@ void bulkdata_process_profile_http(bulkd
      USP_LOG_Info("BULK DATA: using compression method=%s", ctrl.compression);
      if (enable_protocol_trace)
      {
@@ -329,7 +327,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
      }
      // NOTE: From this point on, only the compressed_report exists
  
-@@ -2590,8 +2709,15 @@ void bulkdata_process_profile_usp_event(
+@@ -2422,8 +2541,15 @@ void bulkdata_process_profile_usp_event(
      kv_vector_t event_args;
      kv_pair_t kv;
      report_t *cur_report;
@@ -343,11 +341,11 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
 +    char escape_char[10];
 +    char csv_format[20];
 +    char row_timestamp[33];
-     combined_role_t *bulkdata_role;
-     combined_role_t combined_role;
-     int cont_instance;
-@@ -2610,13 +2736,63 @@ void bulkdata_process_profile_usp_event(
-         return;
+ 
+     // Exit if the MTP has not been connected to successfully after bootup
+     // This is to prevent BDC events being enqueued before the Boot! event is sent (the Boot! event is only sent after successfully connecting to the MTP).
+@@ -2432,13 +2558,63 @@ void bulkdata_process_profile_usp_event(
+         goto exit;
      }
  
 -    // Exit if unable to get ReportTimestamp
@@ -417,7 +415,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
  
      // When sending via USP events, only one report is ever sent in each USP event
      // So ensure all retained reports are removed. NOTE: Clearing the reports here is only necessary when switching protocol from HTTP to USP event, and where HTTP had some unsent reports
-@@ -2634,11 +2810,17 @@ void bulkdata_process_profile_usp_event(
+@@ -2456,11 +2632,17 @@ void bulkdata_process_profile_usp_event(
      }
      bp->num_retained_reports = 1;
  
@@ -438,7 +436,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
          return;
      }
  
-@@ -2646,15 +2828,15 @@ void bulkdata_process_profile_usp_event(
+@@ -2468,15 +2650,15 @@ void bulkdata_process_profile_usp_event(
  
      // Construct event_args manually to avoid the overhead of a malloc and copy of the report in KV_VECTOR_Add()
      kv.key = "Data";
@@ -448,7 +446,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
      event_args.num_entries = 1;
  
      USP_SNPRINTF(path, sizeof(path), "Device.BulkData.Profile.%d.Push!", bp->profile_id);
-     DEVICE_SUBSCRIPTION_ProcessAllEventCompleteSubscriptions(path, &event_args, cont_instance);
+     DEVICE_SUBSCRIPTION_ProcessAllEventCompleteSubscriptions(path, &event_args);
  
 -    // Free the report. No need to free the event_args as json_report is the only thing dynamically allocated in it
 -    free(json_report);      // The report is not allocated via USP_MALLOC
@@ -457,7 +455,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
  
      // From the point of view of this code, the report(s) have been successfully sent, so don't retain them
      // NOTE: Sending of the reports successfully is delegated to the USP notification retry mechanism
-@@ -2736,15 +2918,28 @@ void bulkdata_process_profile_mqtt(bulkd
+@@ -2548,11 +2730,24 @@ void bulkdata_process_profile_mqtt(bulkd
      }
  
      // Exit if unable to generate the report
@@ -487,21 +485,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
      }
  
      // Print out the JSON report, if debugging is enabled
--    USP_LOG_Debug("\nBULK DATA: Sending at time %s to MQTT topic %s", iso8601_cur_time(buf, sizeof(buf)), ctrl.mqtt_publish_topic);
-+    USP_LOG_Debug("BULK DATA: Sending at time %s to MQTT topic %s", iso8601_cur_time(buf, sizeof(buf)), ctrl.mqtt_publish_topic);
-     if (enable_protocol_trace)
-     {
-         USP_LOG_String(kLogLevel_Info, kLogType_Protocol, report);
-@@ -2939,7 +3134,7 @@ int bulkdata_reduce_to_alt_name(char *sp
- 
- /*********************************************************************//**
- **
--**  bulkdata_generate_json_report
-+**  bulkdata_generate_json_name_value_pair_report
- **
- **  Generates a JSON name-value pair format report
- **  NOTE: The report contains all retained failed reports, as well as the current report
-@@ -2951,7 +3146,7 @@ int bulkdata_reduce_to_alt_name(char *sp
+@@ -2763,7 +2958,7 @@ int bulkdata_reduce_to_alt_name(char *sp
  ** \return  pointer to NULL terminated dynamically allocated buffer containing the serialized report to send
  **
  **************************************************************************/
@@ -510,7 +494,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
  {
      JsonNode *top;          // top of report
      JsonNode *array;        // array of reports (retained + current)
-@@ -3056,6 +3251,483 @@ char *bulkdata_generate_json_report(bulk
+@@ -2868,6 +3063,483 @@ char *bulkdata_generate_json_report(bulk
      return result;
  }
  
@@ -994,7 +978,7 @@ Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
  /*********************************************************************//**
  **
  **  bulkdata_compress_report
-@@ -3259,6 +3931,20 @@ int bulkdata_schedule_sending_http_repor
+@@ -3071,6 +3743,20 @@ int bulkdata_schedule_sending_http_repor
          flags |= BDC_FLAG_DATE_HEADER;
      }
  

obuspa/patches/0006-contains-expression.patch

@@ -1,7 +1,7 @@
-Index: obuspa-10.0.5.0/src/core/expr_vector.c
+Index: obuspa-10.0.0.1/src/core/expr_vector.c
 ===================================================================
---- obuspa-10.0.5.0.orig/src/core/expr_vector.c
-+++ obuspa-10.0.5.0/src/core/expr_vector.c
+--- obuspa-10.0.0.1.orig/src/core/expr_vector.c
++++ obuspa-10.0.0.1/src/core/expr_vector.c
 @@ -59,6 +59,7 @@ char *expr_op_2_str[kExprOp_Max] =
      "<",  // kExprOp_LessThan
      ">",  // kExprOp_GreaterThan
@@ -10,7 +10,7 @@ Index: obuspa-10.0.5.0/src/core/expr_vector.c
  };
  
  
-@@ -487,6 +488,15 @@ char *SplitOnOperator(char *buf, expr_op
+@@ -483,6 +484,15 @@ char *SplitOnOperator(char *buf, expr_op
          *op = '\0';
          return &op[2];
      }
@@ -26,10 +26,10 @@ Index: obuspa-10.0.5.0/src/core/expr_vector.c
  
      // Exit if found the "<" operator
      op = strchr(buf, '<');
-Index: obuspa-10.0.5.0/src/core/path_resolver.c
+Index: obuspa-10.0.0.1/src/core/path_resolver.c
 ===================================================================
---- obuspa-10.0.5.0.orig/src/core/path_resolver.c
-+++ obuspa-10.0.5.0/src/core/path_resolver.c
+--- obuspa-10.0.0.1.orig/src/core/path_resolver.c
++++ obuspa-10.0.0.1/src/core/path_resolver.c
 @@ -1088,7 +1088,7 @@ int ResolveUniqueKey(char *resolved, cha
      char temp[MAX_DM_PATH];
      bool is_match;
@@ -38,7 +38,7 @@ Index: obuspa-10.0.5.0/src/core/path_resolver.c
 +    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan, kExprOp_Contains};
  
      // Exit if unable to find the end of the unique key
-     p = TEXT_UTILS_StrStr(unresolved, "]");
+     p = strchr(unresolved, ']');
 @@ -1754,6 +1754,67 @@ int DoUniqueKeysMatch(int index, search_
          }
          USP_ASSERT(gge->value != NULL);     // GROUP_GET_VECTOR_GetValues() should have set an error message if the vendor hook didn't set a value for the parameter
@@ -107,10 +107,10 @@ Index: obuspa-10.0.5.0/src/core/path_resolver.c
          // Determine the function to call to perform the comparison
          if (type_flags & (DM_INT | DM_UINT | DM_ULONG | DM_LONG | DM_DECIMAL))
          {
-Index: obuspa-10.0.5.0/src/include/usp_api.h
+Index: obuspa-10.0.0.1/src/include/usp_api.h
 ===================================================================
---- obuspa-10.0.5.0.orig/src/include/usp_api.h
-+++ obuspa-10.0.5.0/src/include/usp_api.h
+--- obuspa-10.0.0.1.orig/src/include/usp_api.h
++++ obuspa-10.0.0.1/src/include/usp_api.h
 @@ -106,6 +106,7 @@ typedef enum
      kExprOp_LessThan,               // '<'
      kExprOp_GreaterThan,            // '>'

obuspa/patches/1000-SecuredRole-bbfdm.patch

@@ -1,176 +0,0 @@
-Index: obuspa-10.0.5.0/src/core/device.h
-===================================================================
---- obuspa-10.0.5.0.orig/src/core/device.h
-+++ obuspa-10.0.5.0/src/core/device.h
-@@ -311,6 +311,9 @@ int DEVICE_CTRUST_InstSelToRoleInstance(
- char *DEVICE_CTRUST_InstSelToPermTarget(int role_index, void *is, int *perm_instance);
- int DEVICE_CTRUST_SetRoleParameter(int instance, char *param_name, char *new_value);
- int DEVICE_CTRUST_SetPermissionParameter(int instance1, int instance2, char *param_name, char *new_value);
-+
-+bool DEVICE_CTRUST_IsControllerSecured(void);
-+
- int DEVICE_CTRUST_DumpPermissionSelectors(int role_instance, char *path);
- int DEVICE_REQUEST_Init(void);
- int DEVICE_REQUEST_Add(char *path, char *command_key, int *instance);
-Index: obuspa-10.0.5.0/src/core/device_ctrust.c
-===================================================================
---- obuspa-10.0.5.0.orig/src/core/device_ctrust.c
-+++ obuspa-10.0.5.0/src/core/device_ctrust.c
-@@ -246,6 +246,7 @@ credential_t *FindCredentialByCertInstan
- int Get_CredentialRole(dm_req_t *req, char *buf, int len);
- int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
- int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
-+int Validate_SecuredRoles(dm_req_t *req, char *value);
- void ApplySearchExpressionPermissions(char *path, inst_sel_t *sel);
- bool ValidateDataModelPathSegment(char *segment, bool is_last, char *path);
- 
-@@ -293,6 +294,9 @@ int DEVICE_CTRUST_Init(void)
-     // Create a timer which will be used to apply all modified permissions to the data model, after processing a USP Message
-     SYNC_TIMER_Add(ApplyModifiedPermissions, 0, END_OF_TIME);
- 
-+    // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
-+    err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
-+
-     // Register parameters implemented by this component
-     // Device.LocalAgent.ControllerTrust.Role.{i}
-     err |= USP_REGISTER_Object(DEVICE_ROLE_ROOT, ValidateAdd_CTrustRole, NULL, Notify_CTrustRoleAdded,
-@@ -3533,3 +3537,139 @@ exit:
-     return err;
- }
- #endif // REMOVE_DEVICE_SECURITY
-+
-+
-+/*********************************************************************//**
-+**
-+** Validate_SecuredRoles
-+**
-+** Validates Device.LocalAgent.ControllerTrust.SecuredRoles
-+** Each list item MUST be the Path Name of a row in the Device.LocalAgent.ControllerTrust.Role table
-+**
-+** \param   req - pointer to structure identifying the parameter
-+** \param   value - value that the controller would like to set the parameter to
-+**
-+** \return  USP_ERR_OK if successful
-+**
-+**************************************************************************/
-+int Validate_SecuredRoles(dm_req_t *req, char *value)
-+{
-+    char *role_path;
-+    char *saveptr;
-+    char *str;
-+    char temp[MAX_DM_PATH];
-+    int role_instance;
-+    int err;
-+
-+    // Empty string is valid
-+    if (*value == '\0')
-+    {
-+        return USP_ERR_OK;
-+    }
-+
-+    // Copy the value as strtok_r modifies the string
-+    USP_STRNCPY(temp, value, sizeof(temp));
-+
-+    // Iterate through comma-separated list
-+    str = temp;
-+    role_path = strtok_r(str, ",", &saveptr);
-+    while (role_path != NULL)
-+    {
-+        // Trim whitespace
-+        role_path = TEXT_UTILS_TrimBuffer(role_path);
-+
-+        // Verify that this path exists in the Role table using DM_ACCESS_ValidateReference
-+        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
-+        if (err != USP_ERR_OK)
-+        {
-+            USP_ERR_SetMessage("%s: Role path '%s' does not exist in Device.LocalAgent.ControllerTrust.Role table", __FUNCTION__, role_path);
-+            return USP_ERR_INVALID_VALUE;
-+        }
-+
-+        role_path = strtok_r(NULL, ",", &saveptr);
-+    }
-+
-+    return USP_ERR_OK;
-+}
-+
-+/*********************************************************************//**
-+**
-+** DEVICE_CTRUST_IsControllerSecured
-+**
-+** Determines whether the specified controller has a secured role
-+**
-+** \param   combined_role - pointer to structure containing the role indexes for this controller
-+**
-+** \return  true if the controller has a secured role, false otherwise
-+**
-+**************************************************************************/
-+bool DEVICE_CTRUST_IsControllerSecured()
-+{
-+    char secured_roles[MAX_DM_PATH];
-+    char *role_path;
-+    char *saveptr;
-+    char *str;
-+    char temp[MAX_DM_PATH];
-+    int err;
-+    role_t *role;
-+    int role_instance;
-+    combined_role_t combined_role;
-+    controller_info_t ci;
-+
-+    // Exit if unable to get the secured roles
-+    err = DATA_MODEL_GetParameterValue("Device.LocalAgent.ControllerTrust.SecuredRoles", secured_roles, sizeof(secured_roles), 0);
-+    if (err != USP_ERR_OK)
-+    {
-+        return false;
-+    }
-+
-+    // Empty string means no secured roles
-+    if (*secured_roles == '\0')
-+    {
-+        return false;
-+    }
-+
-+    MSG_HANDLER_GetControllerInfo(&ci);
-+    if (ci.endpoint_id == NULL)
-+    {
-+        return false;
-+    }
-+    if(strlen(ci.endpoint_id) == 0)
-+    {
-+        return false;
-+    }
-+
-+    MSG_HANDLER_GetMsgRole(&combined_role);
-+    // Copy the value as strtok_r modifies the string
-+    USP_STRNCPY(temp, secured_roles, sizeof(temp));
-+
-+    // Iterate through comma-separated list
-+    str = temp;
-+    role_path = strtok_r(str, ",", &saveptr);
-+    while (role_path != NULL)
-+    {
-+        // Trim whitespace
-+        role_path = TEXT_UTILS_TrimBuffer(role_path);
-+
-+        // Extract the instance number from the role path
-+        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
-+        if (err == USP_ERR_OK)
-+        {
-+            // Find the role in our internal array
-+            role = FindRoleByInstance(role_instance);
-+            if (role != NULL)
-+            {
-+                // Check if this role matches either the inherited or assigned role
-+                if ((role - roles == combined_role.inherited_index) ||
-+                    (role - roles == combined_role.assigned_index))
-+                {
-+                    return true;
-+                }
-+            }
-+        }
-+
-+        role_path = strtok_r(NULL, ",", &saveptr);
-+    }
-+
-+    return false;
-+}

obuspa/patches/1000-suppress-logs.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.7.0/src/core/cli_server.c
+Index: obuspa-10.0.0.2/src/core/cli_server.c
 ===================================================================
---- obuspa-10.0.7.0.orig/src/core/cli_server.c
-+++ obuspa-10.0.7.0/src/core/cli_server.c
-@@ -726,10 +726,6 @@ int ExecuteCli_Get(str_vector_t *args)
+--- obuspa-10.0.0.2.orig/src/core/cli_server.c
++++ obuspa-10.0.0.2/src/core/cli_server.c
+@@ -724,10 +724,6 @@ int ExecuteCli_Get(str_vector_t *args)
              USP_ASSERT(gge->value != NULL);
              SendCliResponse("%s => %s\n", gge->path, gge->value);
          }
@@ -13,11 +13,11 @@ Index: obuspa-10.0.7.0/src/core/cli_server.c
      }
  
      GROUP_GET_VECTOR_Destroy(&ggv);
-Index: obuspa-10.0.7.0/src/core/data_model.c
+Index: obuspa-10.0.0.2/src/core/data_model.c
 ===================================================================
---- obuspa-10.0.7.0.orig/src/core/data_model.c
-+++ obuspa-10.0.7.0/src/core/data_model.c
-@@ -1398,7 +1398,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
+--- obuspa-10.0.0.2.orig/src/core/data_model.c
++++ obuspa-10.0.0.2/src/core/data_model.c
+@@ -1321,7 +1321,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
      // Exit if instance already exists - nothing to do
      if (exists)
      {
@@ -26,7 +26,7 @@ Index: obuspa-10.0.7.0/src/core/data_model.c
          return USP_ERR_CREATION_FAILURE;
      }
  
-@@ -1486,7 +1486,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
+@@ -1409,7 +1409,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
      // Exit if instance does not exist - nothing to do
      if (exists == false)
      {
@@ -35,11 +35,11 @@ Index: obuspa-10.0.7.0/src/core/data_model.c
          return USP_ERR_OBJECT_DOES_NOT_EXIST;
      }
  
-Index: obuspa-10.0.7.0/src/core/mqtt.c
-===================================================================
---- obuspa-10.0.7.0.orig/src/core/mqtt.c
-+++ obuspa-10.0.7.0/src/core/mqtt.c
-@@ -4070,7 +4070,7 @@ void MessageV5Callback(struct mosquitto
+diff --git a/src/core/mqtt.c b/src/core/mqtt.c
+index 388697a..444b4da 100644
+--- a/src/core/mqtt.c
++++ b/src/core/mqtt.c
+@@ -4020,7 +4020,7 @@ void MessageV5Callback(struct mosquitto *mosq, void *userdata, const struct mosq
      if (mosquitto_property_read_string(props, RESPONSE_TOPIC,
              &response_info_ptr, false) == NULL)
      {

obuspa/patches/1001-use-datamodel-caching.patch

@@ -4,11 +4,11 @@ Date:   Wed Apr 30 17:18:27 2025 +0530
 
     1001-use-datamodel-caching.patch
 
-Index: obuspa-10.0.7.0/src/core/cli_server.c
-===================================================================
---- obuspa-10.0.7.0.orig/src/core/cli_server.c
-+++ obuspa-10.0.7.0/src/core/cli_server.c
-@@ -513,6 +513,7 @@ int CLI_SERVER_ExecuteCliCommand(char *c
+diff --git a/src/core/cli_server.c b/src/core/cli_server.c
+index da61c6f..abac7cb 100644
+--- a/src/core/cli_server.c
++++ b/src/core/cli_server.c
+@@ -511,6 +511,7 @@ int CLI_SERVER_ExecuteCliCommand(char *cmd_line)
          SendCliResponse("WARNING: Discarding unused args: %s\n", args.vector[cli_cmd->max_args+1]);
      }
  
@@ -16,7 +16,7 @@ Index: obuspa-10.0.7.0/src/core/cli_server.c
      // Process command
      err = cli_cmd->exec_cmd(&args);
      print_help = false;
-@@ -672,6 +673,11 @@ int ExecuteCli_Version(str_vector_t *arg
+@@ -670,6 +671,11 @@ int ExecuteCli_Version(str_vector_t *args)
  int ExecuteCli_Get(str_vector_t *args)
  {
      combined_role_t *combined_role;
@@ -28,22 +28,22 @@ Index: obuspa-10.0.7.0/src/core/cli_server.c
  #ifndef REMOVE_USP_BROKER
      char *arg1;
  
-Index: obuspa-10.0.7.0/src/core/data_model.h
-===================================================================
---- obuspa-10.0.7.0.orig/src/core/data_model.h
-+++ obuspa-10.0.7.0/src/core/data_model.h
-@@ -417,5 +417,6 @@ int DM_PRIV_ReRegister_DBParam_Default(c
+diff --git a/src/core/data_model.h b/src/core/data_model.h
+index 7564127..2736d7c 100755
+--- a/src/core/data_model.h
++++ b/src/core/data_model.h
+@@ -405,5 +405,6 @@ int DM_PRIV_ReRegister_DBParam_Default(char *path, char *value);
  bool DM_PRIV_IsChildNodeOf(dm_node_t *node, dm_node_t *parent_node);
  void DM_PRIV_GetAllEventsAndCommands(dm_node_t *node, str_vector_t *events, str_vector_t *commands);
  
 +int vendor_create_dm_cache(char *paths[], int num_paths);
  #endif
  
-Index: obuspa-10.0.7.0/src/core/handle_get.c
-===================================================================
---- obuspa-10.0.7.0.orig/src/core/handle_get.c
-+++ obuspa-10.0.7.0/src/core/handle_get.c
-@@ -129,6 +129,7 @@ void MSG_HANDLER_HandleGet(Usp__Msg *usp
+diff --git a/src/core/handle_get.c b/src/core/handle_get.c
+index d9d3e9e..c263978 100644
+--- a/src/core/handle_get.c
++++ b/src/core/handle_get.c
+@@ -129,6 +129,7 @@ void MSG_HANDLER_HandleGet(Usp__Msg *usp, char *controller_endpoint, mtp_conn_t
          goto exit;
      }
  
@@ -51,11 +51,11 @@ Index: obuspa-10.0.7.0/src/core/handle_get.c
      // Calculate the number of hierarchical levels to traverse in the data model when performing partial path resolution
      // NOTE: protocol buffer has depth as an unsigned quantity, but internally we use a signed number, so limit range to that of a signed number
      depth = usp->body->request->get->max_depth;
-Index: obuspa-10.0.7.0/src/core/msg_handler.c
-===================================================================
---- obuspa-10.0.7.0.orig/src/core/msg_handler.c
-+++ obuspa-10.0.7.0/src/core/msg_handler.c
-@@ -987,6 +987,8 @@ int HandleUspMessage(Usp__Msg *usp, char
+diff --git a/src/core/msg_handler.c b/src/core/msg_handler.c
+index 647591d..b7498d8 100755
+--- a/src/core/msg_handler.c
++++ b/src/core/msg_handler.c
+@@ -863,6 +863,8 @@ int HandleUspMessage(Usp__Msg *usp, char *endpoint_id, mtp_conn_t *mtpc)
                  MSG_HANDLER_UspMsgTypeToString(usp->header->msg_type),
                  iso8601_cur_time(buf, sizeof(buf)) );
  

obuspa/patches/1002-mqtt-qos.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
+Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
 ===================================================================
---- obuspa-10.0.4.0.orig/src/core/device_bulkdata.c
-+++ obuspa-10.0.4.0/src/core/device_bulkdata.c
-@@ -378,6 +378,8 @@ int DEVICE_BULKDATA_Init(void)
+--- obuspa-10.0.0.1.orig/src/core/device_bulkdata.c
++++ obuspa-10.0.0.1/src/core/device_bulkdata.c
+@@ -375,6 +375,8 @@ int DEVICE_BULKDATA_Init(void)
      // Device.BulkData.Profile.{i}.MQTT
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.Reference", "", Validate_BulkDataMqttReference, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishTopic", "", NULL, NULL, DM_STRING);

obuspa/patches/1003-ct-full-access-rename.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.7.0/src/core/data_model.c
+Index: obuspa-10.0.0.2/src/core/data_model.c
 ===================================================================
---- obuspa-10.0.7.0.orig/src/core/data_model.c
-+++ obuspa-10.0.7.0/src/core/data_model.c
-@@ -5519,7 +5519,7 @@ int RegisterDefaultControllerTrust(void)
+--- obuspa-10.0.0.2.orig/src/core/data_model.c
++++ obuspa-10.0.0.2/src/core/data_model.c
+@@ -5347,7 +5347,7 @@ int RegisterDefaultControllerTrust(void)
      int err = USP_ERR_OK;
  
      // Register 'Full Access' role

obuspa/patches/2001-validate-controller-mtp.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.6.0/src/core/device.h
+Index: obuspa-10.0.0.2/src/core/device.h
 ===================================================================
---- obuspa-10.0.6.0.orig/src/core/device.h
-+++ obuspa-10.0.6.0/src/core/device.h
-@@ -355,6 +355,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
+--- obuspa-10.0.0.2.orig/src/core/device.h
++++ obuspa-10.0.0.2/src/core/device.h
+@@ -346,6 +346,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
  int DEVICE_CONTROLLER_CountEnabledWebsockClientConnections(void);
  #endif
  
@@ -13,11 +13,11 @@ Index: obuspa-10.0.6.0/src/core/device.h
  #ifndef REMOVE_USP_BROKER
  int DEVICE_SUBSCRIPTION_RouteNotification(Usp__Msg *usp, int instance, char *subscribed_path);
  bool DEVICE_SUBSCRIPTION_MarkVendorLayerSubs(int broker_instance, subs_notify_t notify_type, char *path, int group_id);
-Index: obuspa-10.0.6.0/src/core/device_controller.c
+Index: obuspa-10.0.0.2/src/core/device_controller.c
 ===================================================================
---- obuspa-10.0.6.0.orig/src/core/device_controller.c
-+++ obuspa-10.0.6.0/src/core/device_controller.c
-@@ -969,6 +969,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
+--- obuspa-10.0.0.2.orig/src/core/device_controller.c
++++ obuspa-10.0.0.2/src/core/device_controller.c
+@@ -968,6 +968,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
      return USP_ERR_OK;
  }
  
@@ -96,11 +96,11 @@ Index: obuspa-10.0.6.0/src/core/device_controller.c
  /*********************************************************************//**
  **
  ** DEVICE_CONTROLLER_IsMTPConfigured
-Index: obuspa-10.0.6.0/src/core/msg_handler.c
+Index: obuspa-10.0.0.2/src/core/msg_handler.c
 ===================================================================
---- obuspa-10.0.6.0.orig/src/core/msg_handler.c
-+++ obuspa-10.0.6.0/src/core/msg_handler.c
-@@ -1344,6 +1344,15 @@ int ValidateUspRecord(UspRecord__Record
+--- obuspa-10.0.0.2.orig/src/core/msg_handler.c
++++ obuspa-10.0.0.2/src/core/msg_handler.c
+@@ -1220,6 +1220,15 @@ int ValidateUspRecord(UspRecord__Record
      usp_service_instance = USP_BROKER_GetUspServiceInstance(rec->from_id, 0);
  #endif
  

obuspa/patches/2002-max_controllers.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.6.0/src/core/mqtt.c
+Index: obuspa-10.0.0.1/src/core/mqtt.c
 ===================================================================
---- obuspa-10.0.6.0.orig/src/core/mqtt.c
-+++ obuspa-10.0.6.0/src/core/mqtt.c
-@@ -265,6 +265,8 @@ void SaveMqttPublishErrMsg(const char *f
+--- obuspa-10.0.0.1.orig/src/core/mqtt.c
++++ obuspa-10.0.0.1/src/core/mqtt.c
+@@ -259,6 +259,8 @@ void MqttSubscriptionDestroy(mqtt_subscr
  #define DEFINE_MQTT_TrustCertVerifyCallbackIndex(index) \
  int MQTT_TrustCertVerifyCallback_##index (int preverify_ok, X509_STORE_CTX *x509_ctx) \
  {\
@@ -11,7 +11,7 @@ Index: obuspa-10.0.6.0/src/core/mqtt.c
      return DEVICE_SECURITY_TrustCertVerifyCallbackWithCertChain(preverify_ok, x509_ctx, &mqtt_clients[index].cert_chain);\
  }
  
-@@ -275,6 +277,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
+@@ -269,6 +271,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(2);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(3);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(4);
@@ -23,7 +23,7 @@ Index: obuspa-10.0.6.0/src/core/mqtt.c
  // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
  
  //------------------------------------------------------------------------------------
-@@ -285,10 +292,15 @@ ssl_verify_callback_t* mqtt_verify_callb
+@@ -279,10 +286,15 @@ ssl_verify_callback_t* mqtt_verify_callb
      MQTT_TrustCertVerifyCallbackIndex(2),
      MQTT_TrustCertVerifyCallbackIndex(3),
      MQTT_TrustCertVerifyCallbackIndex(4),

obuspa/patches/2004-mqtt-dualstack-fallback.patch

@@ -1,7 +1,7 @@
-Index: obuspa-10.0.7.0/src/core/mqtt.c
-===================================================================
---- obuspa-10.0.7.0.orig/src/core/mqtt.c
-+++ obuspa-10.0.7.0/src/core/mqtt.c
+diff --git a/src/core/mqtt.c b/src/core/mqtt.c
+index 70978501b1..96119fe080 100644
+--- a/src/core/mqtt.c
++++ b/src/core/mqtt.c
 @@ -53,6 +53,7 @@
  #include <openssl/bio.h>
  #include <openssl/err.h>
@@ -10,7 +10,7 @@ Index: obuspa-10.0.7.0/src/core/mqtt.c
  #include <mosquitto.h>
  
  #include "mqtt.h"
-@@ -206,8 +207,9 @@ int EnableMosquitto(mqtt_client_t *clien
+@@ -201,8 +202,9 @@ int EnableMosquitto(mqtt_client_t *client);
  void SetupCallbacks(mqtt_client_t *client);
  void QueueUspConnectRecord_MQTT(mqtt_client_t *client, mtp_send_item_t *msi, char *controller_topic, time_t expiry_time);
  int SendQueueHead(mqtt_client_t *client);
@@ -21,7 +21,7 @@ Index: obuspa-10.0.7.0/src/core/mqtt.c
  int ConnectSetEncryption(mqtt_client_t *client);
  void ConnectCallback(struct mosquitto *mosq, void *userdata, int result);
  void ConnectV5Callback(struct mosquitto *mosq, void *userdata, int result, int flags, const mosquitto_property *props);
-@@ -250,7 +252,7 @@ void HandleMqttReconnect(mqtt_client_t *
+@@ -245,7 +247,7 @@ void HandleMqttReconnect(mqtt_client_t *client);
  void HandleMqttReconnectAfterDisconnect(mqtt_client_t *client);
  void HandleMqttDisconnect(mqtt_client_t *client);
  void DisconnectIfAllSubscriptionsFailed(mqtt_client_t *client);
@@ -30,7 +30,7 @@ Index: obuspa-10.0.7.0/src/core/mqtt.c
  void RemoveMqttQueueItem(mqtt_client_t *client, mqtt_send_item_t *queued_msg);
  void RemoveExpiredMqttMessages(mqtt_client_t *client);
  void ParseSubscribeTopicsFromConnack(mqtt_client_t *client, mosquitto_property *prop);
-@@ -2380,6 +2382,143 @@ int SendQueueHead(mqtt_client_t *client)
+@@ -2350,6 +2352,143 @@ int SendQueueHead(mqtt_client_t *client)
      return err;
  }
  
@@ -174,7 +174,7 @@ Index: obuspa-10.0.7.0/src/core/mqtt.c
  /*********************************************************************//**
  **
  ** IsMqttBrokerUp
-@@ -2394,109 +2533,92 @@ int SendQueueHead(mqtt_client_t *client)
+@@ -2364,109 +2503,92 @@ int SendQueueHead(mqtt_client_t *client)
  ** \return  true if the MQTT Broker is up, false otherwise
  **
  **************************************************************************/
@@ -343,7 +343,7 @@ Index: obuspa-10.0.7.0/src/core/mqtt.c
      }
  
      return result;
-@@ -2517,18 +2639,20 @@ void Connect(mqtt_client_t *client)
+@@ -2487,18 +2609,20 @@ void Connect(mqtt_client_t *client)
  {
      int err = USP_ERR_OK;
      bool is_up;
@@ -367,7 +367,7 @@ Index: obuspa-10.0.7.0/src/core/mqtt.c
  
      // Exit if failed to connect
      if (err != USP_ERR_OK)
-@@ -2561,7 +2685,7 @@ exit:
+@@ -2531,7 +2655,7 @@ exit:
  ** \return  USP_ERR_INTERNAL_ERROR if failed to connect (and should retry)
  **
  **************************************************************************/
@@ -376,7 +376,7 @@ Index: obuspa-10.0.7.0/src/core/mqtt.c
  {
      int version;
      mosquitto_property *proplist = NULL;
-@@ -2631,19 +2755,19 @@ int PerformMqttClientConnect(mqtt_client
+@@ -2601,19 +2725,19 @@ int PerformMqttClientConnect(mqtt_client_t *client)
      // We do this to prevent the data model thread from potentially being blocked, whilst the connect call is taking place
      OS_UTILS_UnlockMutex(&mqtt_access_mutex);
  

obuspa/patches/2005-set-sql-journal-mode.patch

@@ -0,0 +1,28 @@
+diff --git a/src/core/database.c b/src/core/database.c
+index 7ad9dae..edebd7c 100644
+--- a/src/core/database.c
++++ b/src/core/database.c
+@@ -955,6 +955,7 @@ void DATABASE_Dump(void)
+ int OpenUspDatabase(char *db_file)
+ {
+     int err;
++    char *err_msg = 0;
+ 
+     // Exit if unable to open the database
+     err = sqlite3_open(db_file, &db_handle);
+@@ -965,6 +966,15 @@ int OpenUspDatabase(char *db_file)
+         return USP_ERR_INTERNAL_ERROR;
+     }
+ 
++    // Execute the PRAGMA statement
++    const char *sql = "PRAGMA journal_mode = MEMORY;";
++    err = sqlite3_exec(db_handle, sql, 0, 0, &err_msg);
++    if (err != SQLITE_OK) {
++        USP_LOG_Error("%s: Failed to set journal_mode: %s", __func__, err_msg);
++        sqlite3_free(err_msg);
++        return USP_ERR_INTERNAL_ERROR;
++    }
++
+     // Exit if unable to create the data model parameter table (if it does not already exist)
+     #define CREATE_TABLE_STR "create table if not exists data_model (hash integer, instances text, value text, primary key (hash, instances));"
+     err = sqlite3_exec(db_handle, CREATE_TABLE_STR, NULL, NULL, NULL);