sulu: nosub

The actual spelling of this option is require_certificate and it is
anyway not relevant here since it is not a TLS listener.

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.15.28
+PKG_VERSION:=1.16.6.2
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=a20a15888b15864136ec40b15f221db2edbaf574
+PKG_SOURCE_VERSION:=aa480554461c82e6f6f44ee6c23108d3e44fce21
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

bbfdm/files/etc/bbfdm/critical_services.json

@@ -8,13 +8,16 @@
 			"ieee1905",
 			"mapcontroller",
 			"mosquitto",
-			"nginx"
+			"nginx",
+			"netmode"
 	],
 	"cwmp": [
 			"firewall",
 			"network",
 			"dhcp",
+			"mapcontroller",
 			"wireless",
-			"time"
+			"time",
+			"netmode"
 	]
 }

bbfdm/files/etc/ruleng/bbfdm.json

@@ -15,9 +15,13 @@
 		]
 	},
 	"dhcp_refresh": {
+		"if_operator": "OR",
 		"if" : [
 			{
 				"event": "host"
+			},
+			{
+				"event": "wifi.dataelements.Associated"
 			}
 		],
 		"then" : [

bridgemngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.14
+PKG_VERSION:=1.0.17
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
-PKG_SOURCE_VERSION:=99bc3a3a0a2571917eda7085c21952f779fdb471
+PKG_SOURCE_VERSION:=36e6e8319a95dad3bccfe9f2d8a298b39c6ce86b
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ddnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ddnsmngr
-PKG_VERSION:=1.0.11
+PKG_VERSION:=1.0.12
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ddnsmngr.git
-PKG_SOURCE_VERSION:=9f2f4dabc71c4f405b1c5df576d20d793d299e94
+PKG_SOURCE_VERSION:=44af9a7b3fec3929f8554af9633a5b8068189b48
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.1.2
+PKG_VERSION:=6.2.1.8
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a5c381b2855bd88f09dedb00f76040f1a4662079
+PKG_SOURCE_VERSION:=b7e294d7c610adfd80cf40a0628c189695dc5156
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.7
+PKG_VERSION:=3.7.10
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=289a91b3e7f221f16c976efd147bd4b203420b41
+PKG_SOURCE_VERSION:=1f851980a6ba616df54f79930225f8bcd563b711
 PKG_MIRROR_HASH:=skip
 endif
 

dectmngr/files/etc/init.d/dectmngr

@@ -57,13 +57,53 @@ get_dcx81_device() {
 			device_name_line="$(grep '^DEVNAME=' "$uevent_file")" || return 1
 			readonly device="/dev/${device_name_line##DEVNAME=}"
 			[ -c "$device" ] || return 1
-			printf "%s" "$device"
+			printf "%s" "$(basename $device)"
 			return 0
 		fi
 	done
 	return 1
 }
 
+check_dcx81_firmware() {
+	local dcx81_uart=$1
+	local fw_link="/lib/firmware/dcx81_firmware"
+	local fw_file
+
+	[ -L "$fw_link" ] || return
+
+	fw_file=$(readlink -f $fw_link)
+	[ -f "$fw_file" ] || return
+
+	# the symbolic link is not needed
+	rm -f $fw_link
+
+	eval $(/sbin/cmbs_tcx -comname "$dcx81_uart" -fw_version |grep DCX81_FW_Version)
+	[ -n "$DCX81_FW_Version" ] || return
+
+	if echo $(basename $fw_file) | grep -qi "$DCX81_FW_Version" ; then
+		logger -t "$PROG" "DCX81 running expected $DCX81_FW_Version"
+		return;
+	fi
+
+	logger -t "$PROG" "DCX81 firmware upgrading to $fw_file"
+	/sbin/cmbs_tcx -comname "$dcx81_uart" -fwu "$fw_file" 2>&1 >/dev/null &
+
+	echo -n "Updrading DCX81 firmware.." >/dev/console
+	local wait_time=0
+	while pidof cmbs_tcx >/dev/null && [ "$wait_time" -lt "200" ] ; do
+		sleep 5
+		wait_time=$(($wait_time + 5))
+		echo -n "." >/dev/console
+	done
+
+	if pidof cmbs_tcx >/dev/null ; then
+		killall -9 cmbs_tcx
+		logger -t "$PROG" "DCX81 firmware upgrade timeout"
+	else
+		logger -t "$PROG" "DCX81 firmware upgrade done"
+	fi
+}
+
 start_service() {
 	local opt_ext=
 	local rfpi=
@@ -75,14 +115,16 @@ start_service() {
 		return 0
 	fi
 
-	opt_ext="-extensionShift $(get_extension_shift)"
-
 	local dcx81_uart_device
 	if ! dcx81_uart_device="$(get_dcx81_device)"; then
 		logger -t "$PROG" -p daemon.warning "Could not determine DCX81 UART device. Falling back to default ttyH0."
-		dcx81_uart_device=/dev/ttyH0
+		dcx81_uart_device="ttyH0"
 	fi
 
+	check_dcx81_firmware $dcx81_uart_device
+
+	opt_ext="-extensionShift $(get_extension_shift)"
+
 	rfpi=$(db -q get hw.board.dect_rfpi)
 	[ -n "$rfpi" -a ${#rfpi} -eq 14 ] && opt_ext="$opt_ext -rfpi $rfpi"
 
@@ -106,21 +148,19 @@ start_service() {
 
 	procd_open_instance
 
-	# dectmngr takes expects device without /dev
-	readonly dcx81_uart_device_wo_dev="${dcx81_uart_device##/dev/}"
 	case "$log_dect_cmbs" in
 	none)
 		echo "Starting dectmngr with cmbs logging disabled"
-		procd_set_param command "$PROG" -comname "$dcx81_uart_device_wo_dev" $opt_ext
+		procd_set_param command "$PROG" -comname "$dcx81_uart_device" $opt_ext
 		rm -f $LOG_PATH/*
 		;;
 	file)
 		echo "Starting dectmngr with cmbs logging enabled to file"
-		procd_set_param command "$PROG" -comname "$dcx81_uart_device_wo_dev" -log $LOG_PATH/dect-cmbs.log $opt_ext
+		procd_set_param command "$PROG" -comname "$dcx81_uart_device" -log $LOG_PATH/dect-cmbs.log $opt_ext
 		;;
 	*)
 		echo "Starting dectmngr with cmbs logging enabled to syslog"
-		procd_set_param command "$PROG" -comname "$dcx81_uart_device_wo_dev" -syslog $opt_ext
+		procd_set_param command "$PROG" -comname "$dcx81_uart_device" -syslog $opt_ext
 		rm -f $LOG_PATH/*
 		;;
 	esac

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.17
+PKG_VERSION:=1.0.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=2ceb76e98cf23a8d52ab3f464d38d62385311a87
+PKG_SOURCE_VERSION:=80fa147e6f1f0d9c1a62a62a693ff3adaef45363
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

dslmngr/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dslmngr
-PKG_VERSION:=1.2.9
+PKG_VERSION:=1.2.10
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
-PKG_SOURCE_VERSION:=5340cb31f759301f5aca3fd848fc3a63b0b4663f
+PKG_SOURCE_VERSION:=8fb4093b4d26b3cb06603e110d424005e33cf5d6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_MIRROR_HASH:=skip
@@ -30,6 +30,8 @@ include ../bbfdm/bbfdm.mk
 
 ifeq ($(CONFIG_TARGET_brcmbca),y)
   TARGET_PLATFORM=BROADCOM
+else ifneq ($(CONFIG_TARGET_airoha),)
+  TARGET_PLATFORM=AIROHA
 else
   $(info Unexpected CONFIG_TARGET)
 endif
@@ -41,7 +43,7 @@ define Package/dslmngr
   CATEGORY:=Utilities
   TITLE:=XDSL status and configration utility
   DEPENDS:=+libdsl +libuci +libubox +ubus +libpthread +libnl-genl +libeasy
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +TARGET_airoha:br2684ctl
 endef
 
 define Package/dslmngr/description
@@ -75,7 +77,10 @@ define Package/dslmngr/install
 	$(CP) ./files/common/* $(1)/
 ifeq ($(CONFIG_TARGET_brcmbca),y)
 	$(CP) ./files/broadcom/* $(1)/
+else ifneq ($(CONFIG_TARGET_airoha),)
+	$(CP) ./files/airoha/* $(1)/
 endif
+
 	$(INSTALL_DIR) $(1)/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dslmngr $(1)/sbin/
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)

dslmngr/files/airoha/etc/init.d/xdsl_wan

@@ -0,0 +1,26 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=99
+USE_PROCD=1
+
+start_service() {
+	readonly need_xdsl="$(jsonfilter -i /etc/board.json -e @.dsl)"
+	[ -f /etc/board.json ] || return 0
+
+	if [ "$need_xdsl" != "" ]; then
+		procd_open_instance xdsl_wan
+		procd_set_param command /sbin/xdsl_wan
+		procd_set_param respawn
+		procd_close_instance
+	fi
+}
+
+boot() {
+	: # boot-up is handled from 'hsm' application
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "dsl"
+}

dslmngr/files/airoha/lib/dsl/airoha.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+xtm_remove_devices() {
+	:
+}
+
+xtm_create_devices() {
+	:
+}
+
+xdsl_configure() {
+	# Support bridged WAN interface
+	ebtables --concurrent -t broute -D BROUTING -p 0xbeed -j DROP 2> /dev/null
+	ebtables --concurrent -t broute -I BROUTING -p 0xbeed -j DROP
+}
+
+xdsl_stop() {
+	return 0
+}
+
+xdsl_init() {
+	readonly need_xdsl="$(jsonfilter -i /etc/board.json -e @.dsl)"
+	[ "$need_xdsl" = "" ] && exit 0
+
+	echo "Starting DSL"
+}

dslmngr/files/airoha/sbin/xdsl_wan

@@ -0,0 +1,242 @@
+#!/bin/sh
+
+source "/lib/functions.sh"
+source "/lib/functions/network.sh"
+source "/lib/functions/system.sh"
+
+PREVLINK=""
+PREVWANMODE=""
+WANMODE=""
+CONFIGURED=0
+CINDEX=0
+WANPORT="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
+
+delete_atm_device() {
+	/userfs/bin/blapi_cmd xdsl atm_delete_interface $CINDEX
+	CINDEX=$((CINDEX+1))
+}
+
+delete_atm_devices() {
+	CINDEX=0
+	config_load dsl
+	config_foreach delete_atm_device atm-device
+}
+
+configure_atm_device() {
+	local vpi vci encapsulation qos_class pcr mbs scr
+	local encap qos ethmac
+
+	config_get vpi $1 vpi "8"
+	config_get vci $1 vci "35"
+	config_get encapsulation $1 encapsulation "llc"
+	config_get qos_class $1 qos_class "ubr"
+	config_get pcr $1 pcr "0"
+	config_get mbs $1 mbs "0"
+	config_get scr $1 scr "0"
+
+	case $encapsulation in # llc, vcmux
+		vcmux)
+			encap="1483 Bridged IP VC-Mux"
+		;;
+		*)
+			encap="1483 Bridged IP LLC"
+		;;
+
+	esac
+
+	ethmac="$(echo -n "$(macaddr_add 02:AA:BB:01:23:40 $((CINDEX+2)))" | sed 's#:##g')"
+
+	/userfs/bin/blapi_cmd xdsl create_device $CINDEX ATM "" "$ethmac"
+	/userfs/bin/blapi_cmd xdsl atm_create_interface $CINDEX ATM "$qos_class" "$encap" "$vpi" "$vci" "$pcr" "$scr" "$mbs" 0
+
+	CINDEX=$((CINDEX+1))
+}
+
+create_atm_devices() {
+	delete_atm_devices
+
+	CINDEX=0
+	config_foreach configure_atm_device atm-device
+}
+
+configure_line() {
+	local mode profile bitswap sra us0 sesdrop sos roc ginp gvector mod prof
+	local adsl1_flag=0 issue2_flag=0 Glite_flag=0 adsl2_flag=0 adsl2p_flag=0 vdsl2_flag=0
+	local pro_8a_flag=0 pro_8b_flag=0 pro_8c_flag=0 pro_8d_flag=0 pro_12a_flag=0 pro_12b_flag=0 pro_17a_flag=0 pro_30a_flag=0 pro_35b_flag=0
+
+	config_get mode $1 mode "vdsl2"
+	config_get profile $1 profile "35b"
+	config_get bitswap $1 bitswap "1"
+	config_get sra $1 sra "1"
+	config_get us0 $1 us0 "1"
+	config_get sos $1 sos "0"
+	config_get roc $1 roc "0"
+	config_get ginp $1 ginp "1"
+	config_get gvector $1 gvector "1"
+
+	for mod in $mode; do
+		[ "$mod" = "gdmt" ] && adsl1_flag=1
+		[ "$mod" = "glite" ] && Glite_flag=1
+		[ "$mod" = "t1413" ] && issue2_flag=1
+		[ "$mod" = "adsl2" ] && adsl2_flag=1
+		[ "$mod" = "adsl2p" ] && adsl2p_flag=1
+		[ "$mod" = "vdsl2" ] && vdsl2_flag=1
+	done
+
+	for prof in $profile; do
+		[ "$prof" = "8a" ] && pro_8a_flag=1
+		[ "$prof" = "8b" ] && pro_8b_flag=1
+		[ "$prof" = "8c" ] && pro_8c_flag=1
+		[ "$prof" = "8d" ] && pro_8d_flag=1
+		[ "$prof" = "12a" ] && pro_12a_flag=1
+		[ "$prof" = "12b" ] && pro_12b_flag=1
+		[ "$prof" = "17a" ] && pro_17a_flag=1
+		[ "$prof" = "30a" ] && pro_30a_flag=1
+		[ "$prof" = "35b" ] && pro_35b_flag=1
+	done
+
+	/userfs/bin/blapi_cmd xdsl set_adsl_profile "$pro_8a_flag" "$pro_8b_flag" "$pro_8c_flag" "$pro_8d_flag" "$pro_12a_flag" "$pro_12b_flag" "$pro_17a_flag" "$pro_30a_flag" "$pro_35b_flag"
+	/userfs/bin/blapi_cmd xdsl set_adsl_mode "$adsl1_flag" "$issue2_flag" "$Glite_flag" "$adsl2_flag" "$adsl2p_flag" "$vdsl2_flag"
+	/userfs/bin/blapi_cmd xdsl set_adsl_gvector "$((!gvector))"
+	/userfs/bin/blapi_cmd xdsl set_adsl_ginp "$((!ginp))"
+	/userfs/bin/blapi_cmd xdsl set_adsl_sos_roc "$((!sos))" "$((!roc))"
+	/userfs/bin/blapi_cmd xdsl set_adsl_us0 "$((!us0))"
+	/userfs/bin/blapi_cmd xdsl set_adsl_sra "$((!sra))"
+	/userfs/bin/blapi_cmd xdsl set_adsl_bitswap "$((!bitswap))"
+
+	CONFIGURED=1
+}
+
+configure_lines() {
+	config_load dsl
+	config_foreach configure_line dsl-line
+}
+
+call_wan_hotplug() {
+	# initializations
+	local updown="$1"
+	local ethwan="$2"
+
+	# ethernet hotlugs expect LINK and PORT environment variables set
+	env -i LINK="$updown" PORT="$ethwan" /sbin/hotplug-call ethernet
+}
+
+if [ "$WANPORT" = "ae_wan" -a -f /proc/device-tree/ae_wan/wan-dsl ]; then
+	/etc/init.d/br2684ctl stop
+else
+	/etc/init.d/br2684ctl start
+fi
+
+# Wait for nas0 interface to come up.
+while [ "$(devstatus "$WANPORT" | jsonfilter -e @.up)" != "true" ]; do
+	sleep 1
+done
+
+while [ true ]; do
+	LINK="$(awk '/ADSL link status:/{print $4}' /proc/tc3162/adsl_stats)"
+	[ \( "$LINK" = "down" -o "$LINK" = "up" \) ] && break
+	sleep 1
+done
+sleep 2
+
+/userfs/bin/blapi_cmd xdsl set_adsl_sysvid "26 00 47 4E 58 53 00 00" # GNXS vendor id
+/userfs/bin/blapi_cmd xdsl set_adsl_version "$(ubus call fwbank dump | jsonfilter -e "@.bank[@.active=true].swver" | cut -f1 -d'_' | cut -f1 -d'-' | hexdump -e '11/1 "%02x " "\n"' | head -n1)"
+/userfs/bin/blapi_cmd xdsl set_power_up_down 1
+/userfs/bin/blapi_cmd xdsl set_power_up_down 0
+sleep 1
+
+while [ true ]; do
+	LINK="$(awk '/ADSL link status:/{print $4}' /proc/tc3162/adsl_stats)"
+
+	if [ "$LINK" != "$PREVLINK" -a \( "$LINK" = "down" -o "$LINK" = "up" \) ]; then
+		if [ "$LINK" = "down" ]; then
+			[ "$CONFIGURED" -eq 0 ] && configure_lines # Needs to be done once the slave SoC is in down state and we've not been able to auto-sync.
+			if [ -n "$WANMODE" ]; then
+				if [ "$WANMODE" = "PTM" ]; then
+					/userfs/bin/blapi_cmd xdsl ptm_do_reset_sequence 0 1
+				else
+					delete_atm_devices
+				fi
+			fi
+
+			call_wan_hotplug "down" "$WANPORT"
+		else
+			CONFIGURED=1
+			WANMODE="$(awk '/TPSTC type:/{print $4}' /proc/tc3162/adsl_stats)"
+			if [ "$WANMODE" != "$PREVWANMODE" ]; then
+				OLDWANPORT="$WANPORT"
+				network_defer_device "$OLDWANPORT"
+
+				if [ -f /proc/device-tree/ae_wan/wan-dsl ]; then
+					WANPORT="ae_wan"
+				else
+					WANPORT="nas10"
+				fi
+
+				if [ "$WANMODE" = "PTM" ]; then
+					/etc/init.d/br2684ctl stop
+					delete_atm_devices
+					/userfs/bin/blapi_cmd system set_wan_mode 1
+					/userfs/bin/blapi_cmd xdsl reload_ko 2
+					/userfs/bin/blapi_cmd xdsl ptm_do_reset_sequence 1 2
+
+					# Set extended TPID for PTM packet flow
+					sys memwl 1FB50000 81001839
+					# VLAN TPID - VLAN
+					sys memwl 1FB50F18 8100
+
+					ifconfig ${WANPORT} mtu 1500
+				else
+					/userfs/bin/blapi_cmd system set_wan_mode 0
+					/userfs/bin/blapi_cmd xdsl reload_ko 1
+					/etc/init.d/br2684ctl start
+
+					# Set extended TPID for ATM packet flow
+					sys memwl 1FB50000 884C1839
+					# VLAN TPID - MPOA
+					sys memwl 1FB50F18 884C
+
+					ifconfig ${WANPORT} mtu 1982
+					ifconfig ${WANPORT} down up
+
+					OLDWANPORT="$WANPORT"
+					ATMINDEX="$(cat /sys/class/atm/TSARM*/atmindex | tail -n1 2> /dev/null)"
+					WANPORT="nas$((ATMINDEX))"
+				fi
+
+				if [ "$OLDWANPORT" != "$WANPORT" ]; then
+					call_wan_hotplug "down" "$OLDWANPORT"
+
+					FILES="$(grep "$OLDWANPORT" /etc/config/* | cut -f1 -d: | uniq | cut -f4 -d/ | xargs)"
+					for FILE in $FILES; do
+						sed -i -e "s#${OLDWANPORT}#${WANPORT}#g" "/etc/config/${FILE}"
+						"/etc/init.d/${FILE}" restart
+					done
+				else
+					/etc/init.d/network restart
+				fi
+				ifconfig ${OLDWANPORT} down up
+			fi
+
+			if [ "$WANMODE" = "PTM" ]; then
+				: # ToDo
+			else
+				create_atm_devices
+			fi
+
+			call_wan_hotplug "up" "$WANPORT"
+			PREVWANMODE="$WANMODE"
+		fi
+
+		# Toggle link state
+		network_defer_device "$WANPORT"
+		network_ready_device "$WANPORT"
+
+		# We are only interested in the transtion from init -> up/down and up/down -> down/up and vice versa.
+		# Since we poll the status via in-band signaling packets might get lost and the /procfs file is empty.
+		# This state we don't want to handle as it will toggle the link and do a re-setup which is totally unnecessary and unwanted.
+		PREVLINK="$LINK"
+	fi
+
+	sleep 5
+done

dslmngr/files/common/etc/config/dsl

@@ -25,6 +25,7 @@ config dsl-line line
 	list profile 12b
 	list profile 17a
 	list profile 30a
+	list profile 35b
 	option bitswap 1
 	option sra 1
 	option us0 1 # VDSL2 only

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.0.7
+PKG_VERSION:=3.0.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=171cf63d972c6fa81b97281531e457a0967c16c7
+PKG_SOURCE_VERSION:=c73e5b15718ca40b2740bbe6151dfbb2bcca16df
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

firewallmngr/files/firewall.service

@@ -2,6 +2,8 @@
 
 . /lib/functions.sh
 
+ZONE_NAME_FILE="/tmp/service_fw_zone"
+
 log() {
 	echo "${@}"|logger -t firewall.service -p info
 }
@@ -17,6 +19,37 @@ exec_cmd() {
 	return 0
 }
 
+collect_zone_name() {
+	local name network
+
+	config_get name "${1}" name ""
+	if [ -z "${name}" ]; then
+		return
+	fi
+
+	config_get network "${1}" network ""
+	for i in ${network}; do
+		var="${i}_zone"
+		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
+	done
+}
+
+load_zone_names() {
+	rm -f "${ZONE_NAME_FILE}"
+	config_foreach collect_zone_name zone
+}
+
+get_firewall_zone() {
+	if [ ! -f "${ZONE_NAME_FILE}" ]; then
+		echo ""
+		return
+	fi
+
+	var="${1}_zone="
+	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
+	echo "${name}"
+}
+
 add_iptable_rule() {
 	chain_name=$1
 	protocol=$2
@@ -135,9 +168,14 @@ add_service() {
 	fi
 
 	action=$(echo "${target}" | tr a-z A-Z)
-	chain_name="zone_${interface}_input"
-	res=0
+	zone_name="$(get_firewall_zone ${interface})"
+	if [ -z "${zone_name}" ]; then
+		log "Rule can not be added without zone name for interface ${interface}"
+		return
+	fi
 
+	chain_name="zone_${zone_name}_input"
+	res=0
 	count=$(echo "${proto}" | sed -n "/-1/p" | wc -l)
 
 	if [ "${count}" -eq 0 ]; then
@@ -160,4 +198,9 @@ add_service() {
 }
 
 config_load firewall
+
+load_zone_names
+
 config_foreach add_service "service"
+
+rm -f "${ZONE_NAME_FILE}"

fluent-bit/Makefile

@@ -65,6 +65,7 @@ CMAKE_OPTIONS += \
 	-DFLB_IN_DISK=Yes \
 	-DFLB_IN_EXEC=Yes \
 	-DFLB_IN_HEAD=Yes \
+	-DFLB_IN_TAIL=Yes \
 	-DFLB_IN_FORWARD=No \
 	-DFLB_IN_KMSG=No \
 	-DFLB_IN_PROC=No \
@@ -73,7 +74,6 @@ CMAKE_OPTIONS += \
 	-DFLB_IN_MQTT=No \
 	-DFLB_IN_STDIN=No \
 	-DFLB_IN_SYSTEMD=No \
-	-DFLB_IN_TAIL=No \
 	-DFLB_IN_TCP=No \
 	-DFLB_IN_THERMAL=No \
 	-DFLB_IN_UDP=No \
@@ -170,6 +170,7 @@ CMAKE_OPTIONS += \
 define Package/fluent-bit/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/fluent-bit
+	$(INSTALL_DIR) $(1)/etc/fluent-bit/conf.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/fluent-bit $(1)/usr/sbin/
 	$(INSTALL_DATA) ./files/fluent-bit.conf $(1)/etc/fluent-bit/fluent-bit.conf
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/conf/parsers.conf $(1)/etc/fluent-bit/parsers.conf

fluent-bit/patches/0003-prepend_length_in_syslog_output.patch

@@ -0,0 +1,47 @@
+diff --git a/plugins/out_syslog/syslog.c b/plugins/out_syslog/syslog.c
+index 4ecc7c4ac..cfe568245 100644
+--- a/plugins/out_syslog/syslog.c
++++ b/plugins/out_syslog/syslog.c
+@@ -776,12 +776,42 @@ static flb_sds_t syslog_format(struct flb_syslog *ctx, msgpack_object *o,
+         }
+ 
+         if (ctx->parsed_mode != FLB_SYSLOG_UDP) {
++            unsigned int msg_len = 0;
++
++            /* Create new SDS for length prefix */
++            flb_sds_t prefix = flb_sds_create_size(ctx->maxsize + 32);
++            if (!prefix) {
++                ret_sds = NULL;
++                goto clean;
++            }
++
++            /* Add newline also to make behaviour similar to syslog-ng */
+             tmp = flb_sds_cat(*s, "\n", 1);
+             if (!tmp) {
++                flb_sds_destroy(prefix);
+                 ret_sds = NULL;
+                 goto clean;
+             }
+             *s = tmp;
++
++            msg_len = flb_sds_len(*s);
++            tmp = flb_sds_printf(&prefix, "%u ", msg_len);
++            if (!tmp) {
++                flb_sds_destroy(prefix);
++                ret_sds = NULL;
++                goto clean;
++            }
++            prefix = tmp;
++
++            tmp = flb_sds_cat(prefix, *s, msg_len);
++            if (!tmp) {
++                flb_sds_destroy(prefix);
++                ret_sds = NULL;
++                goto clean;
++            }
++
++            flb_sds_destroy(*s);
++            *s = tmp;
+         }
+     }
+     else {

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.2.20
+PKG_VERSION:=1.3.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=3948618fa8fa23a0ddc51632b0036dbd08e27696
+PKG_SOURCE_VERSION:=775964f1c4a2fa57bfdf56b6bebebad211483234
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.9.6
+PKG_VERSION:=9.9.9.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=5dba542b280495730176da468bc45ed5dcc8c94e
+PKG_SOURCE_VERSION:=10750ecdf2bebaee464417df309445a20f361841
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -88,6 +88,7 @@ define Package/icwmp/install
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-migrate-gw-info $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/999-cwmp-conn-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/icwmpd/vendor_log.sh $(1)/etc/icwmpd/vendor_log.sh
 	$(INSTALL_BIN) ./files/etc/icwmpd/firewall.cwmp $(1)/etc/icwmpd/firewall.cwmp
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp

icwmp/files/etc/config/cwmp

@@ -28,6 +28,7 @@ config cpe 'cpe'
 	option log_severity 'WARNING'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
+	option bind_retries '5'
 	option userid '' #$OUI-$SER
 	option passwd ''
 	option port '7547'

icwmp/files/etc/icwmpd/firewall.cwmp

@@ -1,14 +1,44 @@
 #!/bin/sh
 
+. /lib/functions.sh
+
+ZONE_NAME_FILE="/tmp/cwmp_fw_zone"
+
 #created by the icwmp package
 log() {
 	echo "${@}"|logger -t firewall.cwmp -p info
 }
 
+collect_zone_name() {
+	local name network
+
+	config_get name "${1}" name ""
+	if [ -z "${name}" ]; then
+		return
+	fi
+
+	config_get network "${1}" network ""
+	for i in ${network}; do
+		var="${i}_zone"
+		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
+	done
+}
+
+load_zone_names() {
+	rm -f "${ZONE_NAME_FILE}"
+	config_load firewall
+	config_foreach collect_zone_name zone
+}
+
 get_firewall_zone() {
-	zone="$(uci show firewall|grep network|grep -w "${1}"|cut -d. -f 2)"
-	zone="${zone:-wan}" # defaults to wan zone
-	echo "$zone"
+	if [ ! -f "${ZONE_NAME_FILE}" ]; then
+		echo ""
+		return
+	fi
+
+	var="${1}_zone="
+	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
+	echo "${name}"
 }
 
 cleanup_upstream_rules() {
@@ -169,4 +199,6 @@ configure_connection_req_rules() {
 	fi
 }
 
+load_zone_names
 configure_connection_req_rules "$@"
+rm -f "${ZONE_NAME_FILE}"

icwmp/files/etc/init.d/icwmpd

@@ -16,79 +16,6 @@ log() {
 	echo "${@}"|logger -t cwmp.init -p info
 }
 
-regenerate_ssl_link() {
-	local cert_dir
-
-	cert_dir="${1%/}"
-	if [ -f "${cert_dir}" ]; then
-		return 0
-	fi
-
-	# do not generate the c_rehash if its system default cert path
-	# ca-certificate package already generates c_rehash on compilation
-	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
-
-	generate_links() {
-		local file_type="$1"
-		local files="${cert_dir}"/*."${file_type}"
-		for cfile in ${files}; do
-			if [ -f "${cfile}" ]; then
-				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-				if [ ! -f "${cert_dir}/${rehash}.0" ]; then
-					log "Generating c_rehash for ${cfile}=>${rehash}.0"
-					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
-				fi
-			fi
-		done
-	}
-
-	generate_links "pem"
-}
-
-enable_dhcp_option43() {
-	local wan="${1}"
-
-	### Ask for DHCP Option 43 only if CWMP is enabled ###
-	local reqopts="$(uci -q get network."${wan}".reqopts)"
-	local proto="$(uci -q get network."${wan}".proto)"
-	local newreqopts=""
-	local option43_present=0
-
-	for ropt in $reqopts; do
-		case $ropt in
-			43) option43_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	if [ ${option43_present} -eq 1 ]; then
-		return;
-	fi
-
-	newreqopts="$reqopts 43"
-	if [ "${proto}" = "dhcp" ]; then
-		uci -q set network."${wan}".reqopts="$newreqopts"
-		uci commit network
-		ubus call network reload
-	fi
-}
-
-set_vendor_id() {
-	local wan="${1}"
-	local proto="$(uci -q get network."${wan}".proto)"
-
-	if [ "${proto}" = "dhcp" ]; then
-		vendorid="$(uci -q get network."${wan}".vendorid)"
-		if [ -z "${vendorid}" ]; then
-			uci -q set network."${wan}".vendorid="dslforum.org"
-			ubus call uci commit '{"config":"network"}'
-		elif [[ $vendorid != *"dslforum.org"* ]]; then
-			uci -q set network."${wan}".vendorid="${vendorid},dslforum.org"
-			ubus call uci commit '{"config":"network"}'
-		fi
-	fi
-}
-
 wait_for_resolvfile() {
 	local time=$1
 	local tm=1
@@ -211,28 +138,6 @@ validate_defaults() {
 }
 
 boot() {
-	local dhcp_discovery wan_interface skip_dhcp_boot_options
-
-	config_load cwmp
-	config_get wan_interface cpe default_wan_interface "wan"
-	config_get dhcp_discovery acs dhcp_discovery "0"
-	config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0"
-
-	if [ "${dhcp_discovery}" = "enable" ] || [ "${dhcp_discovery}" = "1" ]; then
-		if [ "${skip_dhcp_boot_options}" -ne 1 ]; then
-			# Set dhcp option 43 if not already configured
-			enable_dhcp_option43 "${wan_interface}"
-			# Set dhcp option 60
-			set_vendor_id "${wan_interface}"
-		fi
-	fi
-
-	config_get ssl_capath acs ssl_capath
-
-	if [ -n "${ssl_capath}" ]; then
-		regenerate_ssl_link "${ssl_capath}"
-	fi
-
 	# Copy backup data so that if it restart latter on, it gets the info
 	copy_cwmp_etc_files_to_varstate
 	mkdir -p /var/run/icwmpd/

icwmp/files/etc/uci-defaults/999-cwmp-conn-config

@@ -0,0 +1,107 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+log() {
+	echo "${@}"|logger -t cwmp.defaults -p info
+}
+
+set_vendor_id() {
+	local wan="${1}"
+	local proto="$(uci -q get network."${wan}".proto)"
+
+	if [ "${proto}" = "dhcp" ]; then
+		vendorid="$(uci -q get network."${wan}".vendorid)"
+		if [ -z "${vendorid}" ]; then
+			uci -q set network."${wan}".vendorid="dslforum.org"
+		elif [[ $vendorid != *"dslforum.org"* ]]; then
+			uci -q set network."${wan}".vendorid="${vendorid},dslforum.org"
+		fi
+	fi
+}
+
+enable_dhcp_option43() {
+	local wan="${1}"
+
+	local reqopts="$(uci -q get network."${wan}".reqopts)"
+	local proto="$(uci -q get network."${wan}".proto)"
+	local newreqopts=""
+	local option43_present=0
+
+	for ropt in $reqopts; do
+		case $ropt in
+			43) option43_present=1 ;;
+			*) ;;
+		esac
+	done
+
+	if [ ${option43_present} -eq 1 ]; then
+		return;
+	fi
+
+	newreqopts="$reqopts 43"
+	if [ "${proto}" = "dhcp" ]; then
+		uci -q set network."${wan}".reqopts="$newreqopts"
+	fi
+}
+
+regenerate_ssl_link() {
+	local cert_dir
+
+	cert_dir="${1%/}"
+	if [ -f "${cert_dir}" ]; then
+		return 0
+	fi
+
+	# do not generate the c_rehash if its system default cert path
+	# ca-certificate package already generates c_rehash on compilation
+	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
+
+	generate_links() {
+		local file_type="$1"
+		local files="${cert_dir}"/*."${file_type}"
+		for cfile in ${files}; do
+			if [ -f "${cfile}" ]; then
+				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
+				if [ ! -f "${cert_dir}/${rehash}.0" ]; then
+					log "Generating c_rehash for ${cfile}=>${rehash}.0"
+					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
+				fi
+			fi
+		done
+	}
+
+	generate_links "pem"
+}
+
+configure_dhcp_discovery() {
+	local dhcp_discovery wan_interface skip_dhcp_boot_options
+
+	config_load cwmp
+	config_get wan_interface cpe default_wan_interface "wan"
+	config_get dhcp_discovery acs dhcp_discovery "0"
+	config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0"
+
+	if [ "${dhcp_discovery}" = "enable" ] || [ "${dhcp_discovery}" = "1" ]; then
+		if [ "${skip_dhcp_boot_options}" -ne 1 ]; then
+			# Set dhcp option 43 if not already configured
+			enable_dhcp_option43 "${wan_interface}"
+			# Set dhcp option 60
+			set_vendor_id "${wan_interface}"
+		fi
+	fi
+}
+
+configure_ssl_path() {
+	local ssl_capath
+
+	config_load cwmp
+	config_get ssl_capath acs ssl_capath
+
+	if [ -n "${ssl_capath}" ]; then
+		regenerate_ssl_link "${ssl_capath}"
+	fi
+}
+
+configure_dhcp_discovery
+configure_ssl_path

ieee1905/Makefile

@@ -1,16 +1,17 @@
 #
 # Copyright (C) 2020-2024 IOPSYS Software Solutions AB
+# Copyright (C) 2025 Genexis Sweden AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.8
+PKG_VERSION:=8.7.33
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=9c507bfb7f45fad81097262f05dc7cd11760e6b0
+PKG_SOURCE_VERSION:=f28f1c04cae008d7d6448ba02b992506af28448c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -105,6 +106,7 @@ TARGET_CFLAGS += -DHAS_UBUS
 
 ifeq ($(CONFIG_IEEE1905_BUILD_TR181_PLUGIN),y)
 TARGET_CFLAGS += -DBUILD_TR181_PLUGIN
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
 endif
 
 MAKE_FLAGS += \

ieee1905/files/etc/config/ieee1905

@@ -12,6 +12,7 @@ config al-iface
 	list ifname 'br-lan'
 	list ifname '/eth.*'
 	list ifname '/wl.*'
+	list ifname '/ra.*'
 	list ifname '/wds.*'
 
 # ap sections are auto-generated/overwritten during onboarding

ieee1905/files/etc/uci-defaults/30-set-ieee1905-al-macaddr

@@ -1,10 +1,9 @@
 #!/bin/sh
 
+. /lib/functions/system.sh
 
-BMAC=$(db -q get hw.board.basemac)
+BMAC=$(get_mac_label)
 BMAC=${BMAC//:/}
-BMAC=${BMAC// /}
-BMAC=$(printf "%12.12X" $((0x$BMAC)))
 
 [ "$BMAC" == "" ] && exit 1
 

iopsys-analytics/Makefile

@@ -4,7 +4,7 @@ PKG_NAME:=iopsys-analytics
 PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=PROPRIETARY
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=00189cea0a78b7a30dbfdd363b6d8e836437d1bc
+PKG_SOURCE_VERSION:=25e32ac5a860aec6e53e3449565b71595073e014
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/iopsys-analytics.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -31,8 +31,9 @@ define Package/$(PKG_NAME)
     +@PACKAGE_COLLECTD_ENCRYPTED_NETWORK                \
   # remote syslog
   DEPENDS+=                                             \
-    +syslog-ng                                          \
-    +@SYSLOGNG_LOGROTATE                                \
+    +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
+    +PACKAGE_fluent-bit:logrotate                       \
+    +@DMCLI_REMOTE_CONNECTION
 
 endef
 
@@ -44,7 +45,13 @@ endef
 Build/Compile=
 
 define Package/$(PKG_NAME)/install
-	$(CP) -r $(PKG_BUILD_DIR)/files/*  $(1)/
+	$(CP) -r $(PKG_BUILD_DIR)/files/common/*  $(1)/
+ifneq ($(CONFIG_PACKAGE_fluent-bit),)
+	$(CP) -r $(PKG_BUILD_DIR)/files/fluent-bit/*  $(1)/
+endif
+ifneq ($(CONFIG_PACKAGE_syslog-ng),)
+	$(CP) -r $(PKG_BUILD_DIR)/files/syslog-ng/*  $(1)/
+endif
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

ipt-trigger/Makefile

@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ipt-trigger
-PKG_VERSION:=1.0.2
+PKG_VERSION:=1.0.3
 PKG_LICENSE:=GPL-2.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=4f3d4427403e0a9be7653c1b92907ae8ae5f21ae
+PKG_SOURCE_VERSION:=ac1beae4794f99533b28db7d0e6e80f4c268a3e8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ipt-trigger.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

json-schema-validator/Makefile

@@ -0,0 +1,55 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=json-schema-validator
+PKG_VERSION:=2.3.0
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/pboettch/json-schema-validator.git
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+PKG_MIRROR_HASH:=skip
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_BUILD_DEPENDS:=nlohmann-json
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+CMAKE_OPTIONS += \
+	-DJSON_VALIDATOR_BUILD_TESTS=OFF \
+	-DJSON_VALIDATOR_BUILD_EXAMPLES=OFF \
+	-DJSON_VALIDATOR_INSTALL=ON \
+	-DJSON_VALIDATOR_SHARED_LIBS=OFF
+
+define Package/json-schema-validator
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=JSON Schema Validator for nlohmann::json
+  URL:=https://github.com/pboettch/json-schema-validator
+  DEPENDS:=+libstdcpp +nlohmann-json
+endef
+
+define Package/json-schema-validator/description
+  A JSON Schema Validator for Modern C++ using nlohmann/json.
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/nlohmann
+	$(CP) $(PKG_BUILD_DIR)/src/nlohmann/json-schema.hpp $(1)/usr/include/nlohmann/
+
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libnlohmann_json_schema_validator*.a $(1)/usr/lib/ 2>/dev/null || true
+	$(CP) $(PKG_BUILD_DIR)/libnlohmann_json_schema_validator*.so* $(1)/usr/lib/ 2>/dev/null || true
+endef
+
+define Package/json-schema-validator/install
+	true
+endef
+
+$(eval $(call BuildPackage,json-schema-validator))

jsonval/Makefile

@@ -0,0 +1,44 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=jsonval
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=1
+
+PKG_LICENSE:=MIT
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/jsonval
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Command-line JSON Schema Validator
+  DEPENDS:=+nlohmann-json +json-schema-validator +libstdcpp
+endef
+
+define Package/jsonval/description
+  A small CLI tool to validate JSON files against a schema using json-schema-validator and nlohmann/json.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	cp -r ./src/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+	$(TARGET_CXX) \
+		$(TARGET_CXXFLAGS) -std=c++17 \
+		-I$(STAGING_DIR)/usr/include \
+		-I$(STAGING_DIR)/usr/include/nlohmann \
+		-L$(STAGING_DIR)/usr/lib \
+		$(PKG_BUILD_DIR)/main.cpp \
+		-o $(PKG_BUILD_DIR)/jsonval \
+		-lnlohmann_json_schema_validator
+endef
+
+define Package/jsonval/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/jsonval $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,jsonval))

jsonval/src/main.cpp

@@ -0,0 +1,64 @@
+#include <iostream>
+#include <fstream>
+#include <string>
+#include <nlohmann/json.hpp>
+#include <nlohmann/json-schema.hpp>
+
+using nlohmann::json;
+using nlohmann::json_schema::json_validator;
+using namespace std;
+
+void print_usage(const string& prog_name) {
+	cerr << "Usage: " << prog_name << " -s <schema.json> -j <data.json>" << endl;
+}
+
+int main(int argc, char* argv[]) {
+	string schema_path, data_path;
+
+	// Simple argument parsing
+	for (int i = 1; i < argc; ++i) {
+		string arg = argv[i];
+		if ((arg == "-s" || arg == "--schema") && i + 1 < argc) {
+			schema_path = argv[++i];
+		} else if ((arg == "-j" || arg == "--json") && i + 1 < argc) {
+			data_path = argv[++i];
+		} else {
+			print_usage(argv[0]);
+			return 1;
+		}
+	}
+
+	if (schema_path.empty() || data_path.empty()) {
+		print_usage(argv[0]);
+		return 1;
+	}
+
+	ifstream schema_file(schema_path);
+	ifstream data_file(data_path);
+
+	if (!schema_file.is_open() || !data_file.is_open()) {
+		cerr << "Error: Could not open one or both files." << endl;
+		return 2;
+	}
+
+	json schema, document;
+	try {
+		schema_file >> schema;
+		data_file >> document;
+	} catch (const json::parse_error& e) {
+		cerr << "Parse error: " << e.what() << endl;
+		return 3;
+	}
+
+	try {
+		json_validator validator;
+		validator.set_root_schema(schema);
+		validator.validate(document);
+		cout << "Valid" << endl;
+	} catch (const std::exception& e) {
+		cerr << "Validation failed: " << e.what() << endl;
+		return 4;
+	}
+
+	return 0;
+}

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.1
+PKG_VERSION:=2.1.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
+PKG_SOURCE_VERSION:=5f1184c52be19f3bfd3bc7e9bc582ef09b0a2b1c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libdsl/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdsl
-PKG_VERSION:=7.2.100
+PKG_VERSION:=7.3.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=20875ec79fcc7c546c2f1253c867d6afbc8bff75
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libdsl.git
+PKG_SOURCE_VERSION:=1aa9c40f9503311652e562617b1e15533257adcc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
@@ -37,6 +37,9 @@ else ifeq ($(CONFIG_TARGET_x86),y)
 else ifeq ($(CONFIG_TARGET_armvirt),y)
   TARGET_PLATFORM=TEST
   TARGET_CFLAGS +=-DIOPSYS_TEST
+else ifeq ($(CONFIG_TARGET_airoha),y)
+  TARGET_PLATFORM=AIROHA
+  TARGET_CFLAGS +=-DIOPSYS_AIROHA
 endif
 
 TARGET_CFLAGS += \
@@ -57,7 +60,7 @@ define Package/libdsl
   SUBMENU:=IOPSYS HAL libs
   MENU:=1
   TITLE:= xDSL library (libdsl)
-  DEPENDS+=TARGET_brcmbca:bcm963xx-bsp
+  DEPENDS+=TARGET_brcmbca:bcm963xx-bsp +TARGET_airoha:libeasy
 endef
 
 define Package/libdsl/description

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.3
+PKG_VERSION:=1.1.7
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=f4ffa38b77e20f9e2a6b6ffd5b2bf83cddb6bffc
+PKG_SOURCE_VERSION:=3a30086a68a3409f0396acb01380f91daabf7a2f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha

@@ -17,6 +17,11 @@ SLIC=$(cat /proc/device-tree/airoha-voice/slic-type)
 hasDect=$(db -q get hw.board.hasDect)
 [ "$hasDect" = "1" ] || exit 0
 
+# Set the DECT RFPI
+. /lib/functions/iopsys-environment.sh
+db set hw.board.dect_rfpi=$(get_dect_rfpi)
+db commit
+
 # configure the PCM for DECT/DCX81
 [ -f "/proc/device-tree/aliases/dcx81-uart" ] && {
     uci set dect.global.pcm_fsync='SHORT_LF'

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.12.9
+PKG_VERSION:=7.13.5
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0877163a9653a9f83c8244aa24f762a131ae02a6
+PKG_SOURCE_VERSION:=32bd594f6bb4b46de5d57b4865e16f5fbe8c7b72
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

logmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=logmngr
-PKG_VERSION:=1.0.15
+PKG_VERSION:=1.0.17
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
-PKG_SOURCE_VERSION:=1561b71a2225af737db9f091204247ab4e141abb
+PKG_SOURCE_VERSION:=ad2636c642d56967e78c0c84bf82cb0e2b6311f2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -5,6 +5,7 @@
 
 CONF_FILE=/etc/fluent-bit/fluent-bit.conf
 TMP_CONF_FILE=/tmp/fluent-bit/fluent-bit.conf
+FLUENT_BIT_CONF_DIR=/etc/fluent-bit/conf.d
 
 append_conf() {
 	echo "$*" >> ${TMP_CONF_FILE}
@@ -14,6 +15,14 @@ create_config_file() {
 	mkdir -p /tmp/fluent-bit
 	rm -f ${TMP_CONF_FILE}
 	touch ${TMP_CONF_FILE}
+	# include all files placed in FLUENT_BIT_CONF_DIR directory
+	# fluent-bit does not support using directory in include directive
+	# also, if no file is found then fluent-bit aborts
+	# so only add include if any file is present in the FLUENT_BIT_CONF_DIR
+	if [ -d "$FLUENT_BIT_CONF_DIR" ] && [ "$(ls -A "$FLUENT_BIT_CONF_DIR")" ]; then
+		echo "@INCLUDE ${FLUENT_BIT_CONF_DIR}/*" >> ${TMP_CONF_FILE}
+	fi
+	echo "" >> ${TMP_CONF_FILE}
 }
 
 create_service_section() {
@@ -25,6 +34,7 @@ create_service_section() {
 	echo "    log_level    info" >> ${TMP_CONF_FILE}
 	echo "    coro_stack_size    24576" >> ${TMP_CONF_FILE}
 	echo "    parsers_file /etc/fluent-bit/parsers.conf" >> ${TMP_CONF_FILE}
+	echo "    hot_reload        on" >> ${TMP_CONF_FILE}
 	echo "" >> ${TMP_CONF_FILE}
 }
 

logmngr/files/lib/logmngr/logrotate.sh

@@ -4,11 +4,14 @@
 
 LOGROTATE_FILE=/etc/logrotate.conf
 LOGROTATE_TMP_FILE=/tmp/logrotate/logrotate.conf
+CONF_DIR=/etc/logrotate.d
 
 create_logrotate_file() {
 	mkdir -p /tmp/logrotate
 	rm -f ${LOGROTATE_TMP_FILE}
 	touch ${LOGROTATE_TMP_FILE}
+	echo -e "include ${CONF_DIR}" >> ${LOGROTATE_TMP_FILE}
+	echo -e "" >> ${LOGROTATE_TMP_FILE}
 }
 
 handle_logrotate() {

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.5.3
+PKG_VERSION:=6.3.6.14
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=a2cc8dde8da330c2e78e186174db45ba36681b6a
+PKG_SOURCE_VERSION:=d5dbeb93a1acb0a61ed2b476510b95abe99cc873
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -61,6 +61,14 @@ remove_from_bridge() {
 	[ -n "$ifname" ] && brctl delif ${al_bridge} ${ifname}
 }
 
+get_network_id() {
+	local ifname=$1
+
+	[ -n "$ifname" ] || return
+	network_id=$(wpa_cli -i $ifname list_n|tail -n 1 | awk '{print $1}')
+	echo ${network_id}
+}
+
 update_bstas() {
 	section="$1"
 	action="$2"
@@ -68,14 +76,15 @@ update_bstas() {
 	config_get ifname "$section" ifname
 	config_get_bool enabled "$section" enabled 0
 
+	network_id=$(get_network_id $ifname)
 	if [ "$action" = "down" ]; then
 		wpa_cli -i "$ifname" disconnect > /dev/null 2>&1
-		wpa_cli -i "$ifname" disable_network 0  > /dev/null 2>&1
+		wpa_cli -i "$ifname" disable_network $network_id  > /dev/null 2>&1
 #		wpa_cli -i "$ifname" save_config  > /dev/null 2>&1
 	elif [ "$action" = "up" ]; then
 		[ "$enabled" -eq 0 ] && return
 		wpa_cli -i "$ifname" reconnect > /dev/null 2>&1
-		wpa_cli -i "$ifname" enable_network 0  > /dev/null 2>&1
+		wpa_cli -i "$ifname" enable_network $network_id  > /dev/null 2>&1
 #		wpa_cli -i "$ifname" save_config  > /dev/null 2>&1
 	fi
 }

map-agent/files/etc/init.d/mapagent

@@ -203,7 +203,7 @@ start_service() {
 
 	procd_open_instance
 	create_dir
-	procd_set_param command "/usr/sbin/mapagent" "-d"
+	procd_set_param command "/usr/sbin/mapagent" "-d" "-o" "/tmp/mapagent.log" "-f"
 	procd_set_param respawn
 #	procd_set_param stdout 1
 #	procd_set_param stderr 1

map-agent/files/lib/multiap/map_genconfig

@@ -258,6 +258,6 @@ map_genconf () {
 				config_foreach mapcontroller_remove_mld_id ap
 			}
 		fi
-		uci -q commit mapcontroller
+		ubus -t 5 call uci commit '{"config":"mapcontroller"}'
 	fi
 }

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.3.0.17
+PKG_VERSION:=6.4.0.14
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=7f55e5705fee1b879d651bbba872ec5d7152d5ab
+PKG_SOURCE_VERSION:=28981d46cfff30516d478da700ae9d710247cabe
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -74,12 +74,29 @@ ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)
 TARGET_CFLAGS += -DPROPAGATE_PROBE_REQ
 endif
 
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/map-controller
+	$(INSTALL_DIR) $(1)/usr/include/map-controller/utils
+	$(CP) $(PKG_BUILD_DIR)/src/wifi_dataelements.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands_impl.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/cntlr_apis.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/wifi_opclass.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/steer_module.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/timer.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/timer_impl.h $(1)/usr/include/map-controller
+	$(CP) $(PKG_BUILD_DIR)/src/utils/debug.h $(1)/usr/include/map-controller/utils
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/src/libcntlr-apis.so $(1)/usr/lib
+endef
+
 define Package/map-controller/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mapcontroller $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
+	$(CP) $(PKG_BUILD_DIR)/src/libcntlr-apis.so $(1)/usr/lib
 	$(CP) $(PKG_BUILD_DIR)/src/plugins/steer/rcpi/rcpi.so $(1)/usr/lib/mapcontroller/rcpi.so
 endef
 

map-controller/files/etc/config/mapcontroller

@@ -2,15 +2,13 @@ config controller 'controller'
 	option enabled '1'	# may be modified by other package start-up scripts (i.e. map-agent)
 	option profile '3'
 	option registrar '2 5 6'
-	option debug '0'
+	option debug '2'
 	option bcn_metrics_max_num '10'
 	option initial_channel_scan '0'
 	option enable_ts '0'
 	option primary_vid '1'
 	option primary_pcp '0'
-	option allow_bgdfs '0'
 	option stale_sta_timeout '30d'
-	option channel_plan '0'
 	option de_collect_interval '60'
 
 config sta_steering
@@ -26,6 +24,10 @@ config sta_steering
 	option plugins_policy 'any'
 	list plugins 'rcpi'
 
+config channel_plan
+	option preclear_dfs '0'
+	option acs '0'
+
 ###################
 # Default AP sections credentials will by updated
 # by uci-defaults script 99-mapcntlr

map-controller/files/etc/init.d/mapcontroller

@@ -71,7 +71,7 @@ validate_ap_section() {
 			'encryption:or("sae", "sae+aes", "psk2",
 				"psk2+aes", "sae-mixed", "sae-mixed+aes",
 				"none", "psk-mixed", "psk-mixed+aes",
-				"psk", "psk+aes")' \
+				"psk", "psk+aes", "wpa", "wpa2", "wpa-mixed")' \
 			'key:string' \
 			'vid:range(1,65535):1' \
 			'type:or("backhaul", "fronthaul", "combined")' \

map-plugins/Config.in

@@ -0,0 +1,11 @@
+if (PACKAGE_map-plugins)
+
+menu "Options"
+
+config STEER_RATE_PLUGIN
+	bool "STA steering based on estimated throughput of target-AP"
+	default PACKAGE_map-plugins-steer-rate
+
+endmenu
+
+endif

map-plugins/Makefile

@@ -0,0 +1,68 @@
+#
+# Copyright (C) 2025 Genexis Sweden AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=map-plugins
+PKG_VERSION:=0.0.4
+
+LOCAL_DEV=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=74bf151851112ecee731d447af016c8dc668adcf
+PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_LICENSE:=PROPRIETARY GENEXIS
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_CONFIG_DEPENDS := CONFIG_PACKAGE_mapcontroller
+PKG_BUILD_DEPENDS := map-controller
+
+include $(INCLUDE_DIR)/package.mk
+
+include $(wildcard plugins/*.mk)
+
+MAKE_FLAGS += \
+	CFLAGS="$(TARGET_CFLAGS) -Wall"
+
+plugins := \
+	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)
+
+ppkg:=$(patsubst plugins/%.mk,map-plugins-%,$(wildcard plugins/*.mk))
+
+define Package/map-plugins/Default
+	SECTION:=utils
+	CATEGORY:=Utilities
+	SUBMENU:=Multi-AP value added services
+endef
+
+define Package/map-plugins/config
+  source "$(SOURCE)/Config.in"
+endef
+
+define Package/map-plugins
+	$(call Package/map-plugins/Default)
+	TITLE:=Multi-AP plugins modules
+	DEPENDS+=+libeasy +libwifiutils +map-controller
+endef
+
+define Package/map-plugins/description
+	Provides extra Multi-AP services viz. steering, channel-planning etc.
+endef
+
+define Package/map-plugins/install
+	:
+endef
+
+define Build/Compile
+	$(foreach p,$(ppkg),$(call Build/Compile/$(p),$(1)))
+endef
+
+
+$(eval $(call BuildPackage,map-plugins))
+$(eval $(foreach p,$(ppkg),$(call BuildPackage,$(p))))

map-plugins/plugins/steer-rate.mk

@@ -0,0 +1,20 @@
+define Package/map-plugins-steer-rate
+	$(call Package/map-plugins/Default)
+	TITLE:=STA steering based on estimated throughput of target-AP
+	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
+		 +libjson-c +libblobmsg-json +map-controller \
+		 +map-plugins
+endef
+
+define Package/map-plugins-steer-rate/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
+	$(CP) $(PKG_BUILD_DIR)/steer/rate/rate.so $(1)/usr/lib/mapcontroller/rate.so
+endef
+
+define Build/Compile/map-plugins-steer-rate
+	$(MAKE) -C $(PKG_BUILD_DIR)/steer/rate \
+		CC="$(TARGET_CC)" \
+		CFLAGS="$(TARGET_CFLAGS)" \
+		LDFLAGS="$(TARGET_LDFLAGS)"
+endef

mcastmngr/files/common/etc/uci-defaults/61-mcast_config_generate

@@ -65,12 +65,69 @@ generate_igmp_proxy_config(){
 	uci add_list mcast.@proxy[-1].filter="239.0.0.0/8"
 }
 
+generate_mld_snooping_config(){
+	local u_itf="$1"
+
+	uci add mcast snooping
+	uci rename mcast.@snooping[-1]="mc_snooping_MLD"
+	uci set mcast.@snooping[-1].enable="1"
+	uci set mcast.@snooping[-1].proto="mld"
+	uci set mcast.@snooping[-1].version="2"
+	uci set mcast.@snooping[-1].robustness="2"
+	uci set mcast.@snooping[-1].query_interval="125"
+	uci set mcast.@snooping[-1].query_response_interval="100"
+	uci set mcast.@snooping[-1].last_member_query_interval="10"
+	uci set mcast.@snooping[-1].fast_leave="1"
+	uci set mcast.@snooping[-1].snooping_mode="2"
+	uci set mcast.@snooping[-1].interface="$u_itf"
+}
+
+generate_igmp_snooping_config(){
+	local u_itf="$1"
+
+	uci add mcast snooping
+	uci rename mcast.@snooping[-1]="igmp_snooping_1"
+	uci set mcast.@snooping[-1].enable="1"
+	uci set mcast.@snooping[-1].proto="igmp"
+	uci set mcast.@snooping[-1].version="2"
+	uci set mcast.@snooping[-1].robustness="2"
+	uci set mcast.@snooping[-1].query_interval="125"
+	uci set mcast.@snooping[-1].query_response_interval="100"
+	uci set mcast.@snooping[-1].last_member_query_interval="10"
+	uci set mcast.@snooping[-1].fast_leave="1"
+	uci set mcast.@snooping[-1].snooping_mode="2"
+	uci set mcast.@snooping[-1].interface="$u_itf"
+
+	uci add_list mcast.@snooping[-1].filter="239.0.0.0/8"
+}
+
+check_wan_bridge() {
+	local config="$1"
+	local wan_device="$2"
+	local name type
+
+	[ $((is_wan_bridge)) -ne 0 ] && return
+
+	config_get type "$config" type
+	config_get name "$config" name
+
+	[ "$type" = "bridge" -a "$wan_device" = "$name" ] && is_wan_bridge=1
+}
+
 generate_mcast_config(){
+	local up_itf="$(uci -q get network.wan.device)"
+	local is_wan_bridge=0
 
-	up_itf="$(uci -q get network.wan.device)"
+	config_load network
+	config_foreach check_wan_bridge device "$up_itf"
 
-	generate_igmp_proxy_config "$up_itf"
-	generate_mld_proxy_config "$up_itf"
+	if [ $((is_wan_bridge)) -eq 0 ]; then
+		generate_igmp_proxy_config "$up_itf"
+		generate_mld_proxy_config "$up_itf"
+	else
+		generate_igmp_snooping_config "$up_itf"
+		generate_mld_snooping_config "$up_itf"
+	fi
 }
 
 interfaces_ok(){

mcastmngr/files/linux/etc/firewall.mcast

@@ -1,2 +1,140 @@
-# Forward multicast packets from wan to lan
-iptables -w -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+ZONE_NAME_FILE="/tmp/mcast_fw_zone"
+
+log() {
+	echo "${@}"|logger -t firewall.mcast -p info
+}
+
+collect_zone_name() {
+	local name network
+
+	config_get name "${1}" name ""
+	if [ -z "${name}" ]; then
+		return
+	fi
+
+	config_get network "${1}" network ""
+	for i in ${network}; do
+		var="${i}_zone"
+		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
+	done
+}
+
+load_zone_names() {
+	rm -f "${ZONE_NAME_FILE}"
+	config_load firewall
+	config_foreach collect_zone_name zone
+}
+
+get_firewall_zone() {
+	if [ ! -f "${ZONE_NAME_FILE}" ]; then
+		echo ""
+		return
+	fi
+
+	var="${1}_zone="
+	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
+
+	echo "${name}"
+}
+
+# Get interface name for a device (e.g., br-lan -> lan)
+find_interface_for_device() {
+	local dev="${1}"
+	local intf=""
+	local intf_dump idx
+
+	if [ -z "${dev}" ]; then
+		echo ""
+		return
+	fi
+
+	intf_dump="$(ubus -t 5 call network.interface dump)"
+	if [ -z "${intf_dump}" ]; then
+		echo ""
+		return
+	fi
+
+	json_load "${intf_dump}"
+	json_select interface
+	if [ "$?" -ne 0 ]; then
+		echo ""
+		return
+	fi
+
+	idx=1
+	while json_is_a ${idx} object; do
+		json_select ${idx}
+		if [ "$?" -ne 0 ]; then
+			break
+		fi
+
+		json_get_var device device
+		if [ "${device}" = "${dev}" ]; then
+			json_get_var intf interface
+			break
+		fi
+
+		idx=$(( idx + 1 ))
+		json_select ..
+	done
+
+	echo "${intf}"
+}
+
+# Setup iptables rule to allow multicast from upstream to downstream
+setup_multicast_rule() {
+	local upstream_dev="$1"
+	local downstream_dev="$2"
+	local upstream_zone downstream_zone
+	local upstream_iface downstream_iface
+
+	upstream_iface=$(find_interface_for_device "$upstream_dev")
+	downstream_iface=$(find_interface_for_device "$downstream_dev")
+
+	[ -z "$upstream_iface" ] || [ -z "$downstream_iface" ] && {
+		log "Failed to map devices to interfaces"
+		return
+	}
+
+	upstream_zone=$(get_firewall_zone "$upstream_iface")
+	downstream_zone=$(get_firewall_zone "$downstream_iface")
+
+	[ -z "$upstream_zone" ] || [ -z "$downstream_zone" ] && {
+		log "Failed to map interfaces to zones"
+		return
+	}
+
+	iptables -w -t filter -A zone_${upstream_zone}_forward -p udp \
+	  -d 224.0.0.0/240.0.0.0 \
+	  -m comment --comment "!fw3: Allow-Multicast-UDP" \
+	  -j zone_${downstream_zone}_dest_ACCEPT
+}
+
+apply_mcast_rule() {
+	local cfg="$1"
+	local up down proto
+
+	config_get proto "$cfg" proto
+	[ "$proto" = "igmp" ] || return
+
+	config_get up "$cfg" upstream_interface
+	config_get down "$cfg" downstream_interface
+
+	[ -n "$up" ] && [ -n "$down" ] && setup_multicast_rule "$up" "$down"
+}
+
+add_multicast_rules() {
+	config_load mcast
+	config_foreach apply_mcast_rule proxy
+}
+
+load_zone_names
+
+add_multicast_rules
+
+rm -f "${ZONE_NAME_FILE}"

netmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmngr
-PKG_VERSION:=1.1.6
+PKG_VERSION:=1.1.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=f1422e4de76990f7037ca265431d5f1031621c93
+PKG_SOURCE_VERSION:=6310f32b80f8abeccbf99ad55ce88792b19342d6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.1.5
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only

netmode/files/datamodel.json

@@ -207,6 +207,23 @@
 						}
 					]
 				},
+				"Type": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"description": "Datatype for this argument",
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"mapping": [
+						{
+							"type": "uci_sec",
+							"data": "@Parent",
+							"key": "type"
+						}
+					]
+				},
 				"Description": {
 					"type": "string",
 					"read": true,

netmode/files/etc/netmodes/bridged/scripts/10-bridged

@@ -0,0 +1,127 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+source "/etc/device_info"
+
+l2_mcast_config() {
+	# configure L2 mcast config for snooping
+	logger -s -p user.info -t "netmode" "Generating L2 mcast configuration"
+
+	# remove proxy sections
+	uci -q delete mcast.igmp_proxy_1
+	uci -q delete mcast.mc_proxy_MLD
+
+	# add igmp_snooping section
+	uci -q set mcast.igmp_snooping_1=snooping
+	uci -q set mcast.igmp_snooping_1.enable='1'
+	uci -q set mcast.igmp_snooping_1.proto='igmp'
+	uci -q set mcast.igmp_snooping_1.version='2'
+	uci -q set mcast.igmp_snooping_1.robustness='2'
+	uci -q set mcast.igmp_snooping_1.query_interval='125'
+	uci -q set mcast.igmp_snooping_1.query_response_interval='100'
+	uci -q set mcast.igmp_snooping_1.last_member_query_interval='10'
+	uci -q set mcast.igmp_snooping_1.fast_leave='1'
+	uci -q set mcast.igmp_snooping_1.snooping_mode='2'
+	uci -q set mcast.igmp_snooping_1.interface='br-lan'
+	uci -q add_list mcast.igmp_snooping_1.filter='239.0.0.0/8'
+
+	# add mld_snooping section
+	uci -q set mcast.mld_snooping_1=snooping
+	uci -q set mcast.mld_snooping_1.enable='1'
+	uci -q set mcast.mld_snooping_1.proto='mld'
+	uci -q set mcast.mld_snooping_1.version='2'
+	uci -q set mcast.mld_snooping_1.robustness='2'
+	uci -q set mcast.mld_snooping_1.query_interval='125'
+	uci -q set mcast.mld_snooping_1.query_response_interval='100'
+	uci -q set mcast.mld_snooping_1.last_member_query_interval='10'
+	uci -q set mcast.mld_snooping_1.fast_leave='1'
+	uci -q set mcast.mld_snooping_1.snooping_mode='2'
+	uci -q set mcast.mld_snooping_1.interface='br-lan'
+
+	uci -q commit mcast
+}
+
+l2_network_config() {
+	logger -s -p user.info -t "netmode" "Generating L2 network configuration"
+
+	# Configure L2 Network Mode
+	uci -q set network.lan=interface
+	uci -q set network.lan.proto='dhcp'
+	uci -q set network.lan.vendorid="$(uci -q get network.wan.vendorid)"
+	uci -q set network.lan.clientid="$(uci -q get network.wan.clientid)"
+	uci -q set network.lan.reqopts="$(uci -q get network.wan.reqopts)"
+	uci -q set network.lan.sendopts="$(uci -q get network.wan.sendopts)"
+	uci -q set network.lan.device='br-lan'
+	uci -q set network.lan.force_link='1'
+
+	uci -q set network.lan6=interface
+	uci -q set network.lan6.proto='dhcpv6'
+	uci -q set network.lan6.device='@lan'
+	uci -q set network.lan6.reqprefix='no'
+
+	uci -q set network.wan.disabled='1'
+	uci -q set network.wan6.disabled='1'
+
+	uci -q delete network.br_lan.ports
+	uci -q set network.br_lan.bridge_empty='1'
+
+	add_port_to_br_lan() {
+		port="$1"
+		[ -n "$port" -a -d /sys/class/net/$port ] || continue
+		uci add_list network.br_lan.ports="$port"
+	}
+
+	if [ -f /etc/board.json ]; then
+		json_load_file /etc/board.json
+		json_select network
+		json_select lan
+		if json_is_a ports array; then
+			json_for_each_item add_port_to_br_lan ports
+		else
+			json_get_var device device
+			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		fi
+		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		json_cleanup
+	fi
+
+	uci -q commit network
+
+	# Disable DHCP Server
+	uci -q set dhcp.lan.ignore=1
+	uci -q commit dhcp
+	/etc/init.d/odhcpd disable
+
+	# Disable SSDPD
+	uci -q set ssdpd.ssdp.enabled="0"
+	uci -q commit ssdpd
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="lan"
+	uci -q commit cwmp
+
+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="lan"
+	uci -q commit gateway
+
+	# disable firewall
+	uci -q set firewall.globals.enabled="0"
+	uci -q commit firewall
+}
+
+l2_network_config
+l2_mcast_config
+
+# If device is already boot-up, assume netmode changed during runtime
+if [ -f /var/run/boot_complete ]; then
+	/etc/init.d/odhcpd stop 2>/dev/null
+	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
+		ubus call uci commit "{\"config\":\"$config\"}"
+		sleep 1
+	done
+fi

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -0,0 +1,108 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+source "/etc/device_info"
+
+l3_mcast_config() {
+	# configure L3 mcast config
+	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
+
+	rm -f /etc/config/mcast
+	sh /rom/etc/uci-defaults/61-mcast_config_generate
+	uci -q commit mcast
+}
+
+l3_network_config() {
+	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
+
+	# Configure L3 Network Mode
+	uci -q set network.lan=interface
+	uci -q set network.lan.device='br-lan'
+	uci -q set network.lan.proto='static'
+	uci -q set network.lan.ipaddr='192.168.1.1'
+	uci -q set network.lan.netmask='255.255.255.0'
+	uci -q set network.lan.ip6assign='60'
+	uci -q delete network.lan.vendorid
+	uci -q delete network.lan.clientid
+	uci -q delete network.lan.reqopts
+	uci -q delete network.lan.sendopts
+
+	uci -q delete network.lan6	
+
+	uci -q set network.wan=interface
+	uci -q set network.wan.proto='dhcp'
+	uci -q delete network.wan.disabled
+	uci -q delete network.wan.username
+	uci -q delete network.wan.password
+
+	uci -q set network.wan6=interface
+	uci -q set network.wan6.proto='dhcpv6'
+	uci -q delete network.wan6.disabled
+
+	uci -q delete network.br_lan.ports
+	uci -q set network.br_lan.bridge_empty='1'
+
+	add_port_to_br_lan() {
+		port="$1"
+		[ -n "$port" -a -d /sys/class/net/$port ] || continue
+		uci add_list network.br_lan.ports="$port"
+	}
+
+	if [ -f /etc/board.json ]; then
+		json_load_file /etc/board.json
+		json_select network
+		json_select lan
+		if json_is_a ports array; then
+			json_for_each_item add_port_to_br_lan ports
+		else
+			json_get_var device device
+			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		fi
+		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
+		json_cleanup
+	fi
+
+	uci -q commit network
+
+	# Enable DHCP Server
+	uci -q set dhcp.lan.ignore=0
+	uci -q set dhcp.wan.ignore=1
+	uci -q commit dhcp
+	/etc/init.d/odhcpd enable
+
+	# Enable SSDPD
+	uci -q set ssdpd.ssdp.enabled="1"
+	uci -q commit ssdpd
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="wan"
+	uci -q commit cwmp
+
+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="wan"
+	uci -q commit gateway
+
+	# Enable firewall
+	uci -q set firewall.globals.enabled="1"
+	uci -q commit firewall
+}
+
+l3_network_config
+l3_mcast_config
+
+# If device is already boot-up, assume netmode changed during runtime
+if [ -f /var/run/boot_complete ]; then
+	/etc/init.d/odhcpd restart 2>/dev/null
+	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
+		ubus call uci commit "{\"config\":\"$config\"}"
+		sleep 1
+	done
+fi

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -0,0 +1,106 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+source "/etc/device_info"
+
+l3_mcast_config() {
+	# configure L3 mcast config
+	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
+
+	rm -f /etc/config/mcast
+	sh /rom/etc/uci-defaults/61-mcast_config_generate
+	uci -q commit mcast
+}
+
+l3_network_pppoe_config() {
+	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
+
+	# Configure L3 Network Mode
+	uci -q set network.lan=interface
+	uci -q set network.lan.device='br-lan'
+	uci -q set network.lan.proto='static'
+	uci -q set network.lan.ipaddr='192.168.1.1'
+	uci -q set network.lan.netmask='255.255.255.0'
+	uci -q set network.lan.ip6assign='60'
+	uci -q delete network.lan.vendorid
+	uci -q delete network.lan.clientid
+	uci -q delete network.lan.reqopts
+	uci -q delete network.lan.sendopts
+
+	uci -q delete network.lan6
+
+	uci -q set network.wan=interface
+	uci -q set network.wan.proto='pppoe'
+	uci -q set network.wan.username="$NETMODE_username"
+	uci -q set network.wan.password="$NETMODE_password"
+	uci -q delete network.wan.disabled
+
+	uci -q set network.wan6.disabled='1'
+
+	uci -q delete network.br_lan.ports
+	uci -q set network.br_lan.bridge_empty='1'
+
+	add_port_to_br_lan() {
+		port="$1"
+		[ -n "$port" -a -d /sys/class/net/$port ] || continue
+		uci add_list network.br_lan.ports="$port"
+	}
+
+	if [ -f /etc/board.json ]; then
+		json_load_file /etc/board.json
+		json_select network
+		json_select lan
+		if json_is_a ports array; then
+			json_for_each_item add_port_to_br_lan ports
+		else
+			json_get_var device device
+			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		fi
+		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
+		json_cleanup
+	fi
+
+	uci -q commit network
+
+	# Enable DHCP Server
+	uci -q set dhcp.lan.ignore=0
+	uci -q set dhcp.wan.ignore=1
+	uci -q commit dhcp
+	/etc/init.d/odhcpd enable
+
+	# Enable SSDPD
+	uci -q set ssdpd.ssdp.enabled="1"
+	uci -q commit ssdpd
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="wan"
+	uci -q commit cwmp
+
+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="wan"
+	uci -q commit gateway
+
+	# Enable firewall
+	uci -q set firewall.globals.enabled="1"
+	uci -q commit firewall
+}
+
+l3_network_pppoe_config
+l3_mcast_config
+
+# If device is already boot-up, assume netmode changed during runtime
+if [ -f /var/run/boot_complete ]; then
+	/etc/init.d/odhcpd restart 2>/dev/null
+	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
+		ubus call uci commit "{\"config\":\"$config\"}"
+		sleep 1
+	done
+fi

netmode/files/etc/netmodes/supported_modes.json

@@ -11,21 +11,19 @@
       "supported_args": [
         {
           "name": "username",
-          "description": "PPoE username",
+          "description": "PPPoE username",
           "required": true,
+	  "type": "string",
           "#value": "TestUser"
         },
         {
           "name": "password",
-          "description": "PPoE password",
+          "description": "PPPoE password",
           "required": true,
+	  "type": "string",
           "#value": "TestPassword"
         }
       ]
-    },
-    {
-      "name": "bridged",
-      "description": "Bridged mode (Layer 2)"
     }
   ]
 }

netmode/files/etc/uci-defaults/40_supported_mode

@@ -17,7 +17,7 @@ fi
 
 configure_supp_modes_args()
 {
-	local obj inst name description required value parent
+	local obj inst name description required value parent type
 
 	obj="${1}"
 	inst="${2}"
@@ -32,12 +32,14 @@ configure_supp_modes_args()
 	json_get_var description description
 	json_get_var value value
 	json_get_var required required
+	json_get_var type type
 
 	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}=supported_args
 	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.name="${name}"
 	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.description="${description}"
 	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.required="${required}"
 	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.value="${value}"
+	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.type="${type}"
 	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.dm_parent="${parent}"
 
 	json_select ..

netmode/files/lib/netmode/post/datamodel_init.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# This script is to cleanup dmmap and restart datamodel related services
+# when wan mode changes
+
+if [ -d "/etc/bbfdm/dmmap/" ]; then
+	rm -rf /etc/bbfdm/dmmap/*
+fi
+
+# If device is booting up, no need to restart services
+if [ ! -f /var/run/boot_complete ]; then
+	return 0
+fi
+
+if [ -x "/etc/init.d/bbfdm.services" ]; then
+	/etc/init.d/bbfdm.services restart
+fi
+
+if [ -x "/etc/init.d/bbfdmd" ]; then
+	/etc/init.d/bbfdmd restart
+fi
+
+if [ -x "/etc/init.d/obuspa" ]; then
+	/etc/init.d/obuspa restart
+fi

nlohmann-json/Makefile

@@ -0,0 +1,42 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nlohmann-json
+PKG_VERSION:=3.11.2
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/nlohmann/json.git
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=skip
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE.MIT
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/nlohmann-json
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=JSON for Modern C++ (nlohmann/json)
+endef
+
+define Package/nlohmann-json/description
+  JSON for Modern C++ is a single-header C++ library for working with JSON.
+endef
+
+define Build/Compile
+	# Header-only, nothing to compile
+	true
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/nlohmann
+	$(CP) $(PKG_BUILD_DIR)/single_include/nlohmann/json.hpp $(1)/usr/include/nlohmann/
+endef
+
+define Package/nlohmann-json/install
+	true
+endef
+
+$(eval $(call BuildPackage,nlohmann-json))

nng/Makefile

@@ -0,0 +1,43 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nng
+PKG_VERSION:=1.11
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/nanomsg/nng.git
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=skip
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE.txt
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/nng
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=NNG - nanomsg-next-gen
+  URL:=https://github.com/nanomsg/nng
+  DEPENDS:=+libpthread +libatomic
+endef
+
+define Package/nng/description
+  NNG is a lightweight messaging library, a successor to nanomsg.
+endef
+
+CMAKE_OPTIONS += \
+	-DBUILD_SHARED_LIBS=ON \
+	-DNNG_ENABLE_EXAMPLES=OFF \
+	-DNNG_ENABLE_TESTS=OFF
+
+define Package/nng/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libnng.so* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,nng))

obuspa/Config.in

@@ -19,13 +19,8 @@ config OBUSPA_CONTROLLER_MTP_VERIFY
 	bool "Enable verification of controller MTP before processing the message"
 	default n
 
-config OBUSPA_ENABLE_TEST_CONTROLLER
-	bool "Adds a test controller by default"
-	default n
-	select OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
-
-config OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
-	bool "Adds a test controller by default (local access only)"
+config OBUSPA_LOCAL_MQTT_LISTENER
+	bool "Configures local mqtt broker for local usp connections"
 	default n
 
 config OBUSPA_MAX_CONTROLLERS_NUM
@@ -70,4 +65,13 @@ config OBUSPA_VENDOR_PREFIX
 config OBUSPA_OVERRIDE_CT_ROLE
 	bool "Override ControllerTrust role with factory default roles"
 	default y
+
+config OBUSPA_VC_POLL_PERIOD
+	int "Polling interval in sec for ValueChange Subscriptions"
+	range 15 120
+	default "15"
+	help
+	 Obuspa relies on a polling mechanism to determine the ValueChange, Add, Del Subscriptions.
+	 Short poll period could give more responsive subscription events, but might delay overall experience in slower CPUs with good amount of subscriptions, on the other hand, a bigger value results into less responsive subscription handling. This value must be in range of 15 to 120 secs. (default 15)
+
 endif

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.0.8
+PKG_VERSION:=10.0.0.16
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=3e9299063e3c65565d2c834b5ab654fda830f749
+PKG_SOURCE_VERSION:=479ffb3582aa245a84829502d9412ca2539eefca
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -33,8 +33,7 @@ define Package/obuspa
   TITLE:=USP agent
   MENU:=1
   DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
-		+OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-ssl +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-client-ssl \
-		+OBUSPA_ENABLE_TEST_CONTROLLER:mosquitto-auth-shadow +libjson-c
+		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 
@@ -107,6 +106,10 @@ ifneq ($(CONFIG_OBUSPA_MAX_CONTROLLERS_NUM),)
 TARGET_CFLAGS += -DOBUSPA_MAX_CONTROLLERS_NUM=$(CONFIG_OBUSPA_MAX_CONTROLLERS_NUM)
 endif
 
+ifneq ($(CONFIG_OBUSPA_VC_POLL_PERIOD),)
+TARGET_CFLAGS += -DOBUSPA_VC_POLL_PERIOD=$(CONFIG_OBUSPA_VC_POLL_PERIOD)
+endif
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/obuspa/* $(PKG_BUILD_DIR)/
@@ -128,27 +131,23 @@ define Package/obuspa/install
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
 	$(INSTALL_DATA) ./files/etc/obuspa/usp_utils.sh $(1)/etc/obuspa/
 	echo "$(VENDOR_PREFIX)" > $(1)/etc/obuspa/vendor_prefix
-	$(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/60-generate-ctrust-defaults $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/obuspa-set-dhcp-option $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/92-obuspa_firewall $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/93-obuspa_mdns_adv $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/94-obuspa_set_credential $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/60-generate-ctrust-defaults $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/obuspa-set-dhcp-option $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/92-obuspa_firewall $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/93-obuspa_mdns_adv $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/94-obuspa_set_credential $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/firewall.usp $(1)/etc/
-	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
+	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/
 ifeq ($(CONFIG_OBUSPA_CWMP_DATAMODEL_SUPPORT),y)
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/libuspagentdm.so $(1) $(PKG_NAME)
 endif
-ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER),y)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/54-test-usp-remote $(1)/etc/uci-defaults/
-endif
-ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL),y)
-	$(INSTALL_BIN) ./files/etc/init.d/usptest $(1)/etc/init.d/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/55-test-usp-controller $(1)/etc/uci-defaults/
+ifeq ($(CONFIG_OBUSPA_LOCAL_MQTT_LISTENER),y)
+	$(INSTALL_DATA) ./files/etc/uci-defaults/55-obuspa-local-mqtt-usp-connection $(1)/etc/uci-defaults/
 endif
 ifeq ($(CONFIG_OBUSPA_OVERRIDE_CT_ROLE),y)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
 endif
 endef
 

obuspa/files/etc/config/obuspa

@@ -10,4 +10,4 @@ config obuspa 'global'
 	#option client_cert '/etc/obuspa/client.pem'
 	option log_dest 'syslog'
 	option dm_caching_exclude '/etc/obuspa/transient_dm.json'
-
+	option dualstack_pref 'IPv6'

obuspa/files/etc/init.d/obuspa

@@ -241,7 +241,8 @@ validate_mqtt_client_section()
 		'Password:string' \
 		'ProtocolVersion:or("3.1", "3.1.1","5.0"):5.0' \
 		'TransportProtocol:or("TCP/IP","TLS"):TCP/IP' \
-		'ClientID:string'
+		'ClientID:string' \
+		'RequestResponseInfo:bool:1'
 }
 
 validate_challenge_section()
@@ -277,6 +278,11 @@ update_reset_reason()
 	fi
 }
 
+update_dual_stack_pref()
+{
+	db_set Internal.DualStackPreference "${1}"
+}
+
 get_role_index()
 {
 	local name drole
@@ -602,7 +608,7 @@ configure_stomp_connection() {
 
 configure_mqtt_client() {
 	local BrokerAddress BrokerPort Enable Username Password ProtocolVersion
-	local TransportProtocol ClientID
+	local TransportProtocol ClientID RequestResponseInfo
 	local sec
 
 	sec="${1}"
@@ -627,6 +633,7 @@ configure_mqtt_client() {
 	db_set "${BASEPATH}.ProtocolVersion" "${ProtocolVersion}"
 	db_set "${BASEPATH}.TransportProtocol" "${TransportProtocol}"
 	db_set "${BASEPATH}.ClientID" "${ClientID}"
+	db_set "${BASEPATH}.RequestResponseInfo" "${RequestResponseInfo}"
 }
 
 
@@ -987,6 +994,8 @@ db_init()
 
 	#log "Create reset file ...."
 	config_load $CONFIGURATION
+	config_get dualstack_pref global dualstack_pref "IPv6"
+
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@@ -1001,8 +1010,10 @@ db_init()
 	config_foreach configure_subscription subscription
 	global_init
 	config_foreach configure_challenges challenge
-	global_init
+
 	update_reset_reason
+	update_dual_stack_pref "${dualstack_pref}"
+
 	uci_commit ${CONFIGURATION}
 
 	cp /etc/config/obuspa /tmp/obuspa/

obuspa/files/etc/init.d/usptest

@@ -1,75 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=99
-STOP=01
-USE_PROCD=1
-
-log()
-{
-	echo "$*"|logger -t usptest -p debug
-}
-
-get_oui_from_db()
-{
-	db -q get device.deviceinfo.ManufacturerOUI
-}
-
-get_serial_from_db()
-{
-	db -q get device.deviceinfo.SerialNumber
-}
-
-publish_endpoint()
-{
-	local AgentEndpointID serial oui user pass
-
-	if ! uci -q get obuspa.testmqtt; then
-		return 0;
-	fi
-
-	# return if mosquitto_pub is not present
-	if [ ! "$(command -v mosquitto_pub)" ]; then
-		log "mosquitto_pub not present can't publish EndpointID"
-		return 0;
-	fi
-
-	sleep 2
-	# Get endpoint id from obuspa config first
-	config_load obuspa
-	config_get AgentEndpointID localagent EndpointID ""
-	if [ -z "${AgentEndpointID}" ]; then
-		serial=$(get_serial_from_db)
-		oui=$(get_oui_from_db)
-		AgentEndpointID="os::${oui}-${serial//+/%2B}"
-	fi
-
-	config_get user testmqtt Username ""
-	config_get pass testmqtt Password ""
-
-	# publish Agent's EndpointID in mosquito broker for discovery by usp-js
-	# This is a work around till obuspa adds supports for mDNS discovery
-	if [ -n "${user}" ] && [ -n "${pass}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username, password"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}" -P "${pass}"
-	elif [ -n "${user}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username only"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}"
-	else
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}"
-	fi
-}
-
-start_service() {
-	procd_open_instance usptest
-	publish_endpoint
-	procd_close_instance
-}
-
-reload_service() {
-	publish_endpoint
-}
-
-service_triggers() {
-	procd_add_reload_trigger "mosquitto" "obuspa"
-}

obuspa/files/etc/uci-defaults/54-test-usp-remote

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ ! -f "/etc/config/mosquitto" ]; then
-	echo "Local mosquitto broker not available"
-	return 0
-fi
-
-add_usp_test()
-{
-	uci_add mosquitto listener usptest
-	uci_set mosquitto usptest enabled 1
-	uci_set mosquitto usptest port '9004'
-	uci_set mosquitto usptest protocol 'websockets'
-	uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-}
-
-# Install test MQTT over WS listener
-add_usp_test

obuspa/files/etc/uci-defaults/55-obuspa-local-mqtt-usp-connection

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_mqtt_obuspa_listener()
+{
+	uci_add mosquitto listener obuspa
+	uci_set mosquitto obuspa enabled 1
+	uci_set mosquitto obuspa port '1883'
+	uci_set mosquitto obuspa no_remote_access '1'
+	uci_set mosquitto obuspa allow_anonymous '1'
+}
+
+# Add mosquitto listener for obuspa connection
+# apps/controller should add controller definitions separately
+add_mqtt_obuspa_listener

obuspa/files/etc/uci-defaults/55-test-usp-controller

@@ -1,57 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ ! -f "/etc/config/obuspa" ]; then
-	echo "Local obuspa not available"
-	return 0
-fi
-
-if [ ! -f "/etc/config/mosquitto" ]; then
-	echo "Local mosquitto broker not available"
-	return 0
-fi
-
-add_obuspa_test_mtp()
-{
-	uci_add obuspa mtp test_mtp
-	uci_set obuspa test_mtp Protocol 'MQTT'
-	uci_set obuspa test_mtp ResponseTopicConfigured '/usp/endpoint'
-	uci_set obuspa test_mtp mqtt 'testmqtt'
-}
-
-add_obuspa_test_mqtt()
-{
-	# Adds Device.MQTT.Client.
-	uci_add obuspa mqtt testmqtt
-	uci_set obuspa testmqtt BrokerAddress '127.0.0.1'
-	uci_set obuspa testmqtt BrokerPort '1883'
-	uci_set obuspa testmqtt TransportProtocol 'TCP/IP'
-}
-
-add_obuspa_test_controller()
-{
-	# Adds Device.LocalAgent.Controller.
-	uci_add obuspa controller testcontroller
-	uci_set obuspa testcontroller EndpointID 'proto::interop-usp-controller'
-	uci_set obuspa testcontroller Protocol 'MQTT'
-	uci_set obuspa testcontroller Topic '/usp/controller'
-	uci_set obuspa testcontroller mqtt 'testmqtt'
-	uci_set obuspa testcontroller assigned_role_name 'full_access'
-}
-
-add_obuspa_config()
-{
-	uci_add mosquitto listener obuspa
-	uci_set mosquitto obuspa enabled 1
-	uci_set mosquitto obuspa port '1883'
-	uci_set mosquitto obuspa no_remote_access '1'
-	uci_set mosquitto obuspa allow_anonymous '1'
-}
-
-# Install test usp controller config
-add_obuspa_config
-
-add_obuspa_test_mtp
-add_obuspa_test_mqtt
-add_obuspa_test_controller

obuspa/patches/1000-suppress-logs.patch

@@ -35,3 +35,16 @@ Index: obuspa-10.0.0.2/src/core/data_model.c
          return USP_ERR_OBJECT_DOES_NOT_EXIST;
      }
  
+diff --git a/src/core/mqtt.c b/src/core/mqtt.c
+index 388697a..444b4da 100644
+--- a/src/core/mqtt.c
++++ b/src/core/mqtt.c
+@@ -4020,7 +4020,7 @@ void MessageV5Callback(struct mosquitto *mosq, void *userdata, const struct mosq
+     if (mosquitto_property_read_string(props, RESPONSE_TOPIC,
+             &response_info_ptr, false) == NULL)
+     {
+-        USP_LOG_Warning("%s: No response topic in received MESSAGE frame", __FUNCTION__);
++        USP_LOG_Info("%s: No response topic in received MESSAGE frame", __FUNCTION__);
+     }
+ 
+     // Send the message to the data model thread for further processing

obuspa/patches/2004-mqtt-dualstack-fallback.patch

@@ -0,0 +1,401 @@
+diff --git a/src/core/mqtt.c b/src/core/mqtt.c
+index 70978501b1..96119fe080 100644
+--- a/src/core/mqtt.c
++++ b/src/core/mqtt.c
+@@ -53,6 +53,7 @@
+ #include <openssl/bio.h>
+ #include <openssl/err.h>
+ #include <openssl/x509v3.h>
++#include <netdb.h>
+ #include <mosquitto.h>
+ 
+ #include "mqtt.h"
+@@ -201,8 +202,9 @@ int EnableMosquitto(mqtt_client_t *client);
+ void SetupCallbacks(mqtt_client_t *client);
+ void QueueUspConnectRecord_MQTT(mqtt_client_t *client, mtp_send_item_t *msi, char *controller_topic, time_t expiry_time);
+ int SendQueueHead(mqtt_client_t *client);
++bool check_connectivity(struct addrinfo *list_addr, unsigned int port, sa_family_t family, char *dst_ip, int size);
+ void Connect(mqtt_client_t *client);
+-int PerformMqttClientConnect(mqtt_client_t *client);
++int PerformMqttClientConnect(mqtt_client_t *client, const char *host_ip);
+ int ConnectSetEncryption(mqtt_client_t *client);
+ void ConnectCallback(struct mosquitto *mosq, void *userdata, int result);
+ void ConnectV5Callback(struct mosquitto *mosq, void *userdata, int result, int flags, const mosquitto_property *props);
+@@ -245,7 +247,7 @@ void HandleMqttReconnect(mqtt_client_t *client);
+ void HandleMqttReconnectAfterDisconnect(mqtt_client_t *client);
+ void HandleMqttDisconnect(mqtt_client_t *client);
+ void DisconnectIfAllSubscriptionsFailed(mqtt_client_t *client);
+-bool IsMqttBrokerUp(mqtt_client_t *client);
++bool IsMqttBrokerUp(mqtt_client_t *client, char *dst_ip, int size);
+ void RemoveMqttQueueItem(mqtt_client_t *client, mqtt_send_item_t *queued_msg);
+ void RemoveExpiredMqttMessages(mqtt_client_t *client);
+ void ParseSubscribeTopicsFromConnack(mqtt_client_t *client, mosquitto_property *prop);
+@@ -2350,6 +2352,143 @@ int SendQueueHead(mqtt_client_t *client)
+     return err;
+ }
+ 
++bool check_connectivity(struct addrinfo *list_addr, unsigned int port, sa_family_t family, char *dst_ip, int size)
++{
++    int err;
++    struct sockaddr_storage saddr;
++    socklen_t saddr_len;
++    sa_family_t sock_family;
++    int socket_fd = INVALID;
++    fd_set writefds;
++    struct timeval timeout;
++    int num_sockets;
++    int so_err;
++    socklen_t so_len = sizeof(so_err);
++    struct addrinfo *iterator;
++    struct sockaddr_in *a;
++    struct sockaddr_in6 *a6;
++    nu_ipaddr_t dst;
++
++    if (list_addr == NULL || dst_ip == NULL)
++    {
++        return false;
++    }
++
++    for (iterator=list_addr; iterator!=NULL; iterator=iterator->ai_next)
++    {
++        if (iterator->ai_family != family)
++        {
++            continue;
++        }
++
++        if (family == AF_INET)
++        {
++            a = (struct sockaddr_in *) iterator->ai_addr;
++            err = nu_ipaddr_from_inaddr(&a->sin_addr, &dst);
++
++            if (err != USP_ERR_OK)
++            {
++                USP_LOG_Error("%s: nu_ipaddr_from_inaddr() failed: %s", __FUNCTION__, strerror(err));
++                continue;
++            }
++        }
++        else
++        {
++            a6 = (struct sockaddr_in6 *) iterator->ai_addr;
++            err = nu_ipaddr_from_in6addr(&a6->sin6_addr, &dst);
++
++            if (err != USP_ERR_OK)
++            {
++                USP_LOG_Error("%s: nu_ipaddr_from_in6addr() failed: %s", __FUNCTION__, strerror(err));
++                continue;
++            }
++        }
++
++        // Next IP if unable to make a socket address structure to probe the MQTT server
++        err = nu_ipaddr_to_sockaddr(&dst, port, &saddr, &saddr_len);
++        if (err != USP_ERR_OK)
++        {
++            continue;
++        }
++
++        // Next IP if unable to determine which address family to use to contact the MQTT broker
++        err = nu_ipaddr_get_family(&dst, &sock_family);
++        if (err != USP_ERR_OK)
++        {
++            continue;
++        }
++
++        // Return if unable to create the socket
++        socket_fd = socket(sock_family, SOCK_STREAM, 0);
++        if (socket_fd == -1)
++        {
++            USP_LOG_Error("%s: failed to open socket", __FUNCTION__);
++            return false;
++        }
++
++        // Return if unable to set the socket as non blocking
++        // We do this before connecting so that we can timeout on connect taking too long
++        err = fcntl(socket_fd, F_SETFL, O_NONBLOCK);
++        if (err == -1)
++        {
++            USP_ERR_ERRNO("fcntl", errno);
++            close(socket_fd);
++            return false;
++        }
++
++        // Next IP if unable to connect to the MQTT Broker
++        // NOTE: The connect is performed in non-blocking mode
++        err = connect(socket_fd, (struct sockaddr *) &saddr, saddr_len);
++        if ((err == -1) && (errno != EINPROGRESS))
++        {
++            USP_ERR_ERRNO("connect", errno);
++            close(socket_fd);
++            continue;
++        }
++
++        // Set up arguments for the select() call
++        FD_ZERO(&writefds);
++        FD_SET(socket_fd, &writefds);
++        timeout.tv_sec = MQTT_CONNECT_TIMEOUT;
++        timeout.tv_usec = 0;
++
++        // Next IP if the connect timed out
++        num_sockets = select(socket_fd + 1, NULL, &writefds, NULL, &timeout);
++        if (num_sockets == 0)
++        {
++            USP_LOG_Error("%s: connect timed out", __FUNCTION__);
++            close(socket_fd);
++            continue;
++        }
++
++        // Next IP if unable to determine whether the connect was successful or not
++        err = getsockopt(socket_fd, SOL_SOCKET, SO_ERROR, &so_err, &so_len);
++        if (err == -1)
++        {
++            USP_ERR_ERRNO("getsockopt", errno);
++            close(socket_fd);
++            continue;
++        }
++
++        // Next IP if connect was not successful
++        if (so_err != 0)
++        {
++            USP_LOG_Error("%s: async connect failed", __FUNCTION__);
++            close(socket_fd);
++            continue;
++        }
++
++        close(socket_fd);
++
++        // Connect was successful
++        nu_ipaddr_str(&dst, dst_ip, size);
++
++        return true;
++    }
++
++    return false;
++}
++
+ /*********************************************************************//**
+ **
+ ** IsMqttBrokerUp
+@@ -2364,109 +2503,92 @@ int SendQueueHead(mqtt_client_t *client)
+ ** \return  true if the MQTT Broker is up, false otherwise
+ **
+ **************************************************************************/
+-bool IsMqttBrokerUp(mqtt_client_t *client)
++bool IsMqttBrokerUp(mqtt_client_t *client, char *dst_ip, int size)
+ {
+     int err;
+     bool prefer_ipv6;
+-    nu_ipaddr_t dst;
+-    struct sockaddr_storage saddr;
+-    socklen_t saddr_len;
+-    sa_family_t family;
+-    int socket_fd = INVALID;
+-    fd_set writefds;
+-    struct timeval timeout;
+-    int num_sockets;
+-    int so_err;
+-    socklen_t so_len = sizeof(so_err);
++    bool ipv4_supported = false;
++    bool ipv6_supported = false;
+     bool result = false;
++    struct addrinfo *addr_list = NULL;
++    struct addrinfo hints;
+ 
+     // Get the preference for IPv4 or IPv6, if dual stack
+     prefer_ipv6 = DEVICE_LOCAL_AGENT_GetDualStackPreference();
+ 
+-    // Exit if unable to determine the IP address of the MQTT Broker
+-    err = tw_ulib_diags_lookup_host(client->conn_params.host, AF_UNSPEC, prefer_ipv6, NULL, &dst);
+-    if (err != USP_ERR_OK)
+-    {
+-        goto exit;
+-    }
++    USP_LOG_Debug("%s: dual-stack preference is: %s", __FUNCTION__, prefer_ipv6 ? "IPv6" : "IPv4");
+ 
+-    // Exit if unable to make a socket address structure to probe the MQTT server
+-    err = nu_ipaddr_to_sockaddr(&dst, client->conn_params.port, &saddr, &saddr_len);
+-    if (err != USP_ERR_OK)
+-    {
+-        goto exit;
+-    }
++    // Initialise the hints to use, when obtaining the IP address of the specified host using getaddrinfo()
++    memset(&hints, 0, sizeof(hints));
++    hints.ai_family = AF_UNSPEC;
++    hints.ai_flags |= AI_ADDRCONFIG;
+ 
+-    // Exit if unable to determine which address family to use to contact the MQTT broker
+-    // NOTE: This shouldn't fail if tw_ulib_diags_lookup_host() is correct
+-    err = nu_ipaddr_get_family(&dst, &family);
+-    if (err != USP_ERR_OK)
++    err = getaddrinfo(client->conn_params.host, NULL, &hints, &addr_list);
++    if (err != USP_ERR_OK || addr_list == NULL)
+     {
+-        goto exit;
++        USP_ERR_SetMessage("%s: getaddrinfo() failed to resolve: %s", __FUNCTION__, client->conn_params.host);
++        return result;
+     }
+ 
+-    // Exit if unable to create the socket
+-    socket_fd = socket(family, SOCK_STREAM, 0);
+-    if (socket_fd == -1)
++    // Exit if unable to determine which address families are supported by the device
++    // NOTE: In theory, setting getaddrinfo hints to AI_ADDRCONFIG, should filter by supported address family
++    // However, unfortunately that flag does not take into account whether the address is globally routable (for IPv6) as well
++    err = nu_ipaddr_get_ip_supported_families(&ipv4_supported, &ipv6_supported);
++    if (err != USP_ERR_OK)
+     {
+-        goto exit;
++        USP_LOG_Error("%s: Failed to determine device IP families", __FUNCTION__);
++        return result;
+     }
+ 
+-    // Exit if unable to set the socket as non blocking
+-    // We do this before connecting so that we can timeout on connect taking too long
+-    err = fcntl(socket_fd, F_SETFL, O_NONBLOCK);
+-    if (err == -1)
++    if (ipv4_supported == false && ipv6_supported == false)
+     {
+-        USP_ERR_ERRNO("fcntl", errno);
+-        goto exit;
++        // couldn't determine device ip mode
++        USP_LOG_Error("%s: Could not determine device IP families", __FUNCTION__);
++        return result;
+     }
+ 
+-    // Exit if unable to connect to the MQTT Broker
+-    // NOTE: The connect is performed in non-blocking mode
+-    err = connect(socket_fd, (struct sockaddr *) &saddr, saddr_len);
+-    if ((err == -1) && (errno != EINPROGRESS))
++    if (ipv6_supported == false)
+     {
+-        USP_ERR_ERRNO("connect", errno);
+-        goto exit;
++        // device has only ipv4 address so only try with ipv4 addresses
++        USP_LOG_Debug("%s: Check connectivity with IPv4 only", __FUNCTION__);
++        result = check_connectivity(addr_list, client->conn_params.port, AF_INET, dst_ip, size);
+     }
+-
+-    // Set up arguments for the select() call
+-    FD_ZERO(&writefds);
+-    FD_SET(socket_fd, &writefds);
+-    timeout.tv_sec = MQTT_CONNECT_TIMEOUT;
+-    timeout.tv_usec = 0;
+-
+-    // Exit if the connect timed out
+-    num_sockets = select(socket_fd + 1, NULL, &writefds, NULL, &timeout);
+-    if (num_sockets == 0)
++    else if (ipv4_supported == false)
+     {
+-        USP_LOG_Error("%s: connect timed out", __FUNCTION__);
+-        goto exit;
++        // device has only ipv6 address so only try with ipv6 addresses
++        USP_LOG_Debug("%s: Check connectivity with IPv6 only", __FUNCTION__);
++        result = check_connectivity(addr_list, client->conn_params.port, AF_INET6, dst_ip, size);
+     }
+-
+-    // Exit if unable to determine whether the connect was successful or not
+-    err = getsockopt(socket_fd, SOL_SOCKET, SO_ERROR, &so_err, &so_len);
+-    if (err == -1)
++    else
+     {
+-        USP_ERR_ERRNO("getsockopt", errno);
+-        goto exit;
+-    }
++        // device has both ipv6 and ipv4 address, so we need to search as per preference
++        if (prefer_ipv6 == true)
++        {
+ 
+-    // Exit if connect was not successful
+-    if (so_err != 0)
+-    {
+-        USP_LOG_Error("%s: async connect failed", __FUNCTION__);
+-        goto exit;
++            // First try with v6 then fallback to v4
++            USP_LOG_Debug("%s: Check connectivity with IPv6 first", __FUNCTION__);
++            result = check_connectivity(addr_list, client->conn_params.port, AF_INET6, dst_ip, size);
++            if (result == false)
++            {
++                USP_LOG_Debug("%s: Check connectivity fallback with IPv4", __FUNCTION__);
++                result = check_connectivity(addr_list, client->conn_params.port, AF_INET, dst_ip, size);
++            }
++        }
++        else
++        {
++            // First try with v4 then fallback to v6
++            USP_LOG_Debug("%s: Check connectivity with IPv4 first", __FUNCTION__);
++            result = check_connectivity(addr_list, client->conn_params.port, AF_INET, dst_ip, size);
++            if (result == false)
++            {
++                USP_LOG_Debug("%s: Check connectivity fallback with IPv6", __FUNCTION__);
++                result = check_connectivity(addr_list, client->conn_params.port, AF_INET6, dst_ip, size);
++            }
++        }
+     }
+ 
+-    // Connect was successful
+-    result = true;
+-
+-exit:
+-    // Tidy up
+-    if (socket_fd != INVALID)
+-    {
+-        close(socket_fd);
++    if (addr_list != NULL) {
++        (void) freeaddrinfo(addr_list);
+     }
+ 
+     return result;
+@@ -2487,18 +2609,20 @@ void Connect(mqtt_client_t *client)
+ {
+     int err = USP_ERR_OK;
+     bool is_up;
++    char dst_ip[INET6_ADDRSTRLEN] = {0};
+ 
+     // Exit if after probing the MQTT Broker, it is not up
+     // In this case, we do not attempt to call libmosquitto's connect function, as that function will end up blocking for 2 minutes (since the MQTT broker is down)
+-    is_up = IsMqttBrokerUp(client);
+-    if (is_up == false)
++    is_up = IsMqttBrokerUp(client, dst_ip, sizeof(dst_ip));
++    if (is_up == false || strlen(dst_ip) == 0)
+     {
++        USP_LOG_Debug("%s: MQTT broker(%s) is not UP", __FUNCTION__, client->conn_params.host);
+         err = USP_ERR_INTERNAL_ERROR;
+         goto exit;
+     }
+ 
+     // Start the MQTT Connect
+-    err = PerformMqttClientConnect(client);
++    err = PerformMqttClientConnect(client, dst_ip);
+ 
+     // Exit if failed to connect
+     if (err != USP_ERR_OK)
+@@ -2531,7 +2655,7 @@ exit:
+ ** \return  USP_ERR_INTERNAL_ERROR if failed to connect (and should retry)
+ **
+ **************************************************************************/
+-int PerformMqttClientConnect(mqtt_client_t *client)
++int PerformMqttClientConnect(mqtt_client_t *client, const char *host_ip)
+ {
+     int version;
+     mosquitto_property *proplist = NULL;
+@@ -2601,19 +2725,19 @@ int PerformMqttClientConnect(mqtt_client_t *client)
+     // We do this to prevent the data model thread from potentially being blocked, whilst the connect call is taking place
+     OS_UTILS_UnlockMutex(&mqtt_access_mutex);
+ 
+-    USP_LOG_Info("Sending CONNECT frame to (host=%s, port=%d)", client->conn_params.host, client->conn_params.port);
++    USP_LOG_Info("Sending CONNECT frame to (host=%s, ip=%s, port=%d)", client->conn_params.host, host_ip, client->conn_params.port);
+     FRAME_TRACE_DUMP(client);
+ 
+     // Perform the TCP connect
+     // NOTE: TCP connect can block for around 2 minutes if the broker does not respond to the TCP handshake
+     if (version == kMqttProtocol_5_0)
+     {
+-        mosq_err = mosquitto_connect_bind_v5(client->mosq, client->conn_params.host, client->conn_params.port,
++        mosq_err = mosquitto_connect_bind_v5(client->mosq, host_ip, client->conn_params.port,
+                                              keep_alive, NULL, proplist);
+     }
+     else
+     {
+-        mosq_err = mosquitto_connect(client->mosq, client->conn_params.host, client->conn_params.port,
++        mosq_err = mosquitto_connect(client->mosq, host_ip, client->conn_params.port,
+                                      keep_alive);
+     }
+ 

parental-control/Config.in

@@ -1,12 +1,10 @@
 if PACKAGE_parental-control
 
-config PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES
-	bool "Include default bundle files"
-	default n
+config PARENTAL_CONTROL_URLFILTERING
+	bool "Enables URL Filter functions and datamodel"
+	default y
 	help
-	   Set this option to include bundle files by default,
-	   they are also included in the UCI, urlfilter
-	   still needs to be enabled though.
+	   Set this option to include url filter feature
 
 config PARENTAL_CONTROL_VENDOR_PREFIX
 	string "Package specific datamodel Vendor Prefix for TR181 extensions"

parental-control/Makefile

@@ -1,17 +1,17 @@
 #
-# Copyright (C) 2021-2024 IOPSYS
+# Copyright (C) 2021-2025 IOPSYS
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=parental-control
-PKG_VERSION:=1.1.6
+PKG_VERSION:=1.3.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=5128498a36c8f1ac48d320850c292c7e66256884
+PKG_SOURCE_VERSION:=b1e5b3f81f08271bdaf9cb4bda8a7696a27be3c6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -49,8 +49,11 @@ endif
 
 TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
 
-TARGET_LDFLAGS += \
-	-lcmph
+ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y)
+	TARGET_CFLAGS+=-DPARENTAL_CONTROL_ULRFILTER
+endif
+
+TARGET_LDFLAGS += -lcmph
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -78,15 +81,20 @@ define Package/parental-control/install
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/35-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
 
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/parentalcontrol $(1)/lib/upgrade/keep.d/parentalcontrol
 
 	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol
 
-ifeq ($(CONFIG_PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES),y)
-	$(INSTALL_DATA) ./files/etc/parentalcontrol/urlbundles.tar.xz $(1)/etc/parentalcontrol/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/40-parental_control_update_bundle_path $(1)/etc/uci-defaults/
+ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y)
+	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_add_bundles $(1)/etc/uci-defaults/
+	$(CP) ./files/urlbundle_override.json $(1)/etc/parentalcontrol/
+else
+	$(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/urlbundle_override.json $(1) parentalcontrol
+	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_disable_urlfilter $(1)/etc/uci-defaults/
 endif
 endef
 

parental-control/files/etc/config/parentalcontrol

@@ -1,93 +1,3 @@
 config globals 'globals'
-    option enable '0'
+    option enable '1'
     option loglevel '3'
-
-config urlbundle 'urlbundle_1'
-    option enable '0'
-    option name 'Abuse'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt'
-
-config urlbundle 'urlbundle_2'
-    option enable '0'
-    option name 'Ads'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt'
-
-config urlbundle 'urlbundle_3'
-    option enable '0'
-    option name 'Crypto'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt'
-
-config urlbundle 'urlbundle_4'
-    option enable '1'
-    option name 'Drugs'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt'
-
-config urlbundle 'urlbundle_5'
-    option enable '0'
-    option name 'Everything else'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt'
-
-config urlbundle 'urlbundle_6'
-    option enable '1'
-    option name 'Facebook/Instagram'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt'
-
-config urlbundle 'urlbundle_7'
-    option enable '1'
-    option name 'Fraud'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt'
-
-config urlbundle 'urlbundle_8'
-    option enable '1'
-    option name 'Gambling'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt'
-
-config urlbundle 'urlbundle_9'
-    option enable '0'
-    option name 'Malware'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt'
-
-config urlbundle 'urlbundle_10'
-    option enable '1'
-    option name 'Phishing'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt'
-
-config urlbundle 'urlbundle_11'
-    option enable '1'
-    option name 'Piracy'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt'
-
-config urlbundle 'urlbundle_12'
-    option enable '0'
-    option name 'Porn'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt'
-
-config urlbundle 'urlbundle_13'
-    option enable '1'
-    option name 'Ransomware'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt'
-
-config urlbundle 'urlbundle_14'
-    option enable '0'
-    option name 'Redirect'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt'
-
-config urlbundle 'urlbundle_15'
-    option enable '1'
-    option name 'Scam'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt'
-
-config urlbundle 'urlbundle_16'
-    option enable '0'
-    option name 'TikTok'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt'
-
-config urlbundle 'urlbundle_17'
-    option enable '0'
-    option name 'Torrent'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt'
-
-config urlbundle 'urlbundle_18'
-    option enable '0'
-    option name 'Tracking'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt'

parental-control/files/etc/firewall.parentalcontrol

@@ -2,15 +2,19 @@
 
 . /lib/parentalcontrol/parentalcontrol.sh
 
-# if parentalcontrol is  enabled, add the rules, else remove them
-if [ "$(uci -q get parentalcontrol.globals.enable)" == "1" ]; then
-	# this is for urlfilter daemon
-	add_iptables_nfqueue_rules
-	# this for internet_access and profile_bedtime_schedule sections
+enabled="$(uci -q get parentalcontrol.globals.enable)"
+urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+
+# if parentalcontrol is enabled, add the rules, else remove them
+if [ "${enabled}" -eq "1" ]; then
+	# this is for internet_access and profile_bedtime_schedule sections
 	add_internet_schedule_rules
+	# this is for urlfilter daemon
+	if [ "${urlfilter}" -eq "1" ]; then
+		add_iptables_nfqueue_rules
+	fi
 else
-	# remove urlfilter daemon rules
-	remove_iptables_nfqueue_rules
 	# remove internet_access and profile_bedtime_schedule rules
 	remove_internet_schedule_rules
+	remove_iptables_nfqueue_rules
 fi

parental-control/files/etc/init.d/parentalcontrol

@@ -12,7 +12,8 @@ validate_global_section() {
 	uci_validate_section parentalcontrol globals globals \
 	    'enable:bool:1' \
 	    'loglevel:uinteger:3' \
-	    'bundle_path:string'
+	    'bundle_path:string' \
+	    'urlfilter:bool'
 }
 
 remove_fw_rules() {
@@ -23,27 +24,38 @@ remove_fw_rules() {
 }
 
 configure_fw_rules() {
-	local enable
-
-	remove_fw_rules
+	local enable urlfilter
 
 	config_load parentalcontrol
 	config_get_bool enable globals enable 0
+	config_get_bool urlfilter globals urlfilter 0
+
+	remove_fw_rules
 
 	if [ "${enable}" -eq "0" ]; then
 		# Parental control is disabled
 		return 0
 	fi
 
-	# Now flush the existing connections, otherwise,
-	# URL filtering cannot be performed on already open sites.
-	if [ -n "$(which conntrack)" ]; then
-		sleep 5
-		conntrack -F
+	if [ "${urlfilter}" -eq "1" ]; then
+		if [ ! -f "${OVERRIDE_JSON}" ]; then
+			# throw error
+	                log "ERROR: urlfiltering disabled at compile time but enabled in config"
+		else
+			# Now flush the existing connections, otherwise,
+			# URL filtering cannot be performed on already open sites.
+			if which hw_nat > /dev/null 2>&1; then
+				hw_nat -! > /dev/null 2>&1
+			fi
+			if which conntrack > /dev/null 2>&1; then
+				conntrack -F > /dev/null 2>&1
+			fi
+
+			# this is for urlfilter daemon
+			add_iptables_nfqueue_rules
+		fi
 	fi
 
-	# this is for urlfilter daemon
-	add_iptables_nfqueue_rules
 	# this for internet_access and profile_bedtime_schedule sections
 	add_internet_schedule_rules
 }
@@ -68,27 +80,32 @@ copy_dhcp_leases() {
 }
 
 start_service() {
-	local enable loglevel bundle_path
+	local enable loglevel bundle_path urlfilter
 
 	config_load parentalcontrol
 	validate_global_section
 
-	[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
-
-	# add default bundles
-	process_default_bundles
 	# add firewall rules
 	configure_fw_rules
 
+	if [ "${urlfilter}" -eq "1" ]; then
+		# add default bundles
+		[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
+		process_default_bundles
+		enable_urlfilter_dm
+	else
+		disable_urlfilter_dm
+	fi
+
 	# if the router is, for example, upgraded and then it boots up
 	# then /tmp/dhcp.leases will be empty until clients try to get a lease,
 	# in that case, hostnames will not be processed by the daemon,
 	# for this we copy /tmp/dhcp.leases to /etc/parentalcontrol/dhcp.leases
-	# which will be persistent acrros reboots and upgrade where settings are kept
+	# which will be persistent across reboots and upgrade (with keep settings)
 	# and will be used as a backup in case /tmp/dhcp.leases is empty
 	copy_dhcp_leases
 
-	procd_open_instance "parentalcontrol_dm"
+	procd_open_instance "parentalcontrol"
 	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
 	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
@@ -103,7 +120,7 @@ stop_service() {
 }
 
 reload_service() {
-	ret=$(ubus call service list '{"name":"parentalcontrol"}' | jsonfilter -qe '@.parentalcontrol.instances.parentalcontrol_dm.running')
+	ret=$(ubus call service list '{"name":"parentalcontrol"}' | jsonfilter -qe '@.parentalcontrol.instances.parentalcontrol.running')
 	if [ "$ret" != "true" ]; then
 		stop
 		start

parental-control/files/etc/uci-defaults/35-migrate_urlfilter.ucidefaults

@@ -2,6 +2,8 @@
 
 . /lib/functions.sh
 
+[ ! -f "/etc/config/urlfilter" ] && exit 0
+
 # Convert URL filter to parental control format
 urlfilter_config="/etc/config/urlfilter"
 parentalcontrol_config="/etc/config/parentalcontrol"

parental-control/files/etc/uci-defaults/40-parental_control_update_bundle_path

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+APPS_DIR="/apps"
+
+check_mounted_app_partition() {
+	local free
+
+	if [ ! -d "${APPS_DIR}" ]; then
+		return 1
+	fi
+
+	# Check free space in disk
+	free="$(df -P "${APPS_DIR}"|tail -n 1|awk '{print $4}')"
+
+	# disable if free storage is less then 300M
+	if [ "${free}" -lt 307200 ]; then
+		return 1
+	fi
+
+	return 0
+}
+
+
+if check_mounted_app_partition; then
+	uci -q set parentalcontrol.globals.bundle_path="${APPS_DIR}/parentalcontrol"
+
+	# configure the urlfilter if not configured
+	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+	if [ -z "${urlfilter}" ]; then
+		uci -q set parentalcontrol.globals.urlfilter='1'
+	fi
+else
+	uci -q set parentalcontrol.globals.urlfilter='0'
+fi
+
+exit 0

parental-control/files/etc/uci-defaults/50-parental_control_add_bundles

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+COUNT=1
+
+add_urlbundle()
+{
+	local name url
+
+	url="${1}"; shift
+	name="$*"
+
+	uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle
+	uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}"
+	uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}"
+
+	COUNT="$((COUNT+1))"
+}
+
+urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+if [ "${urlfilter}" -eq "1" ]; then
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse"
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads"
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto"
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs"
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else"
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking'
+fi
+
+exit 0

parental-control/files/etc/uci-defaults/50-parental_control_disable_urlfilter

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+uci -q set parentalcontrol.globals.urlfilter='0'
+
+_delete_urlbundle() {
+	uci_remove parentalcontrol "${1}"
+}
+
+config_load "parentalcontrol"
+config_foreach _delete_urlbundle urlbundle

parental-control/files/lib/parentalcontrol/parentalcontrol.sh

@@ -13,7 +13,10 @@ IP_RULE=""
 ACL_FILE=""
 parentalcontrol_ipv4_forward=""
 parentalcontrol_ipv6_forward=""
-default_bundle_dir="/tmp/parentalcontrol/default/"
+
+bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
+
+default_bundle_dir="${bundle_path}/default/"
 bundle_archive="/etc/parentalcontrol/urlbundles.tar.xz"
 
 log() {
@@ -255,7 +258,9 @@ handle_schedule() {
 			schedule_added="1"
 		fi
 
-		target="ACCEPT"
+		# internet_access has been updated to be internet_break
+		# so drop traffic during the schedule, and allow outside the schedule
+		target="DROP"
 
 		config_get local_start_time "$schedule_section" "start_time" "00:00"
 		config_get duration "$schedule_section" "duration"
@@ -311,6 +316,9 @@ parse_macs_or_hostnames() {
 	local input="$1"
 	local lease_file="/tmp/dhcp.leases"
 
+	[ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases"
+	[ -f "$lease_file" ] || { log "Error: No DHCP lease file found."; return 1; }
+
 	for item in $input; do
 		case "$item" in
 			??:??:??:??:??:??)
@@ -359,11 +367,6 @@ handle_internet_break() {
 			config_load "schedules"
 			config_foreach handle_schedule schedule "schedule" "$schedule_ref"
 		fi
-
-		# for access rule to work, need to have default drop rule as last rule
-		if [ "$schedule_added" = "1" ]; then
-			add_access_rule "$ACCESS_RULE" "" "" "" "DROP"
-		fi
 	done
 }
 
@@ -435,15 +438,31 @@ add_internet_schedule_rules() {
 }
 
 add_iptables_nfqueue_rules() {
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -ne 0 ]; then
-		# setup netfilter queue 0, use queue bypass so that if no application is
-		# listening to this queue then traffic is unaffected.
-		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+	local filter_used
 
-		iptables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+	# Check if urlfilter used
+	if ! uci show parentalcontrol | grep -q profile_urlfilter; then
+		return
+	fi
+
+	# IPv4 rules
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		iptables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# INPUT: DNS replies to router, skip loopback
+		iptables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# OUTPUT: DNS replies from router, skip loopback
+		iptables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS flows for urlfilter
+		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		# disable acceleration for https packet so that they can be read by urlfilter
 		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
@@ -451,14 +470,24 @@ add_iptables_nfqueue_rules() {
 		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
 
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	# IPv6 rules
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
 	if [ "$?" -ne 0 ]; then
-		#ip6table rules
-		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		ip6tables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-		ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# INPUT: DNS replies to router, skip loopback
+		ip6tables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# OUTPUT: DNS replies from router, skip loopback
+		ip6tables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS flows for urlfilter
+		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		# disable acceleration for https packet so that they can be read by urlfilter
 		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
@@ -468,26 +497,38 @@ add_iptables_nfqueue_rules() {
 }
 
 remove_iptables_nfqueue_rules() {
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
 	if [ "$?" -eq 0 ]; then
-		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# DNS response rules
+		iptables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-		iptables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# HTTP/HTTPS
+		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
 		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -eq 0 ]; then
-		#ip6table rules
-		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-		ip6tables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		# DNS response rules
+		ip6tables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS
+		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
 		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
@@ -509,3 +550,25 @@ remove_internet_schedule_rules() {
 		ip6tables -w -X parentalcontrol_forward
 	fi
 }
+
+OVERRIDE_JSON="/etc/parentalcontrol/urlbundle_override.json"
+DM_PLUGIN_PATH="/usr/share/bbfdm/micro_services/parentalcontrol/urlbundle_override.json"
+
+enable_urlfilter_dm() {
+	if [ -f "${DM_PLUGIN_PATH}" ]; then
+		rm ${DM_PLUGIN_PATH}
+		echo "Please restart to apply"
+	fi
+}
+
+disable_urlfilter_dm() {
+	mkdir -p "$(dirname ${DM_PLUGIN_PATH})"
+
+	if [ ! -f "${DM_PLUGIN_PATH}" ]; then
+		if [ -f "${OVERRIDE_JSON}" ]; then
+			cp "${OVERRIDE_JSON}" "${DM_PLUGIN_PATH}"
+			echo "Please restart to apply"
+
+		fi
+	fi
+}

parental-control/files/lib/parentalcontrol/sync_bundles.sh

@@ -3,12 +3,31 @@
 . /lib/functions.sh
 
 LOCKFILE="/tmp/sync_bundles.lock"
+log_level="$(uci -q get parentalcontrol.globals.loglevel)"
+log_level="${log_level:-1}"
+DEBUG=0
+
+log_err() {
+	logger -t urlfilter.sync -p error "$*"
+	if [ "${DEBUG}" -eq "1" ]; then
+		echo "#ERR# $* #" >/dev/console
+	fi
+}
+
+log_info() {
+	if [ "${log_level}" -gt 3 ]; then
+		logger -t urlfilter.sync -p info "$*"
+	fi
+	if [ "${DEBUG}" -eq "1" ]; then
+		echo "#INFO# $* #" >/dev/console
+	fi
+}
 
 # this script handles syncing bundles
 # if its a remote file, then it would be downloaded and placed in bundle_dir
 bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
 if [ -z "${bundle_path}" ]; then
-	bundle_path="/tmp/parentalcontrol"
+	return 0
 fi
 
 stringstore_dir="${bundle_path}/stringstore"
@@ -38,15 +57,15 @@ update_bundle_file_from_url() {
 
 	available_memory=$(df "$bundle_dir" | tail -n 1 | awk '{print $(NF-2)}') # Available memory in 1K blocks
 	local needed_blocks=$((bundle_file_size / 1024)) # Convert bundle_file_size to 1K blocks
-	local max_size=$((10 * 1024 * 1024)) # 10MB in bytes
+	local max_size=$((50 * 1024 * 1024)) # 50MB in bytes
 
 	if [ "$available_memory" -le "$needed_blocks" ]; then
-		logger -p info "Error: Not enough disk space for bundle: ${bundle_name}"
+		log_info "Error: Not enough disk space for bundle: ${bundle_name}"
 		return 1
 	fi
 
 	if [ "$bundle_file_size" -gt "$max_size" ]; then
-		logger -p info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
+		log_info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
 		return 1
 	fi
 
@@ -57,7 +76,7 @@ update_bundle_file_from_url() {
 	else
 		# Random delay (0-5s) before starting the download
 		local delay=$((RANDOM % 6))
-		logger -p info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
+		log_info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
 		sleep "$delay"
 
 		# Retry logic with exponential backoff
@@ -65,12 +84,11 @@ update_bundle_file_from_url() {
 		local attempt=1
 		local success=0
 		while [ $attempt -le 3 ]; do
-			curl -s -o "$temp_file" "$download_url"
-			if [ $? -eq 0 ]; then
+			if curl -s -o "$temp_file" "$download_url"; then
 				success=1
 				break
 			else
-				logger -p info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
+				log_info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
 				local backoff=$(( (2 ** attempt) + (RANDOM % 3) )) # Exponential backoff + 0-2s jitter
 				sleep "$backoff"
 			fi
@@ -78,7 +96,7 @@ update_bundle_file_from_url() {
 		done
 
 		if [ $success -ne 1 ]; then
-			logger -p info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
+			log_info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
 			rm -f "$temp_file"
 			return 1
 		fi
@@ -89,7 +107,7 @@ update_bundle_file_from_url() {
 	local final_path="${bundle_dir}/${bundle_file_name}"
 	if [[ "$file_path" =~ \.xz$ ]]; then
 		if ! xz -dc "$file_path" > "$final_path"; then
-			logger -p info "update_bundle_file_from_url: Decompression failed."
+			log_info "update_bundle_file_from_url: Decompression failed."
 			rm -f "$final_path"
 			rm -f "$file_path"
 			return 1
@@ -98,7 +116,7 @@ update_bundle_file_from_url() {
 		rm -f "$file_path"
 	elif [[ "$file_path" =~ \.gz$ ]]; then
 		if ! gzip -dc "$file_path" > "$final_path"; then
-			logger -p info "update_bundle_file_from_url: Decompression failed."
+			log_info "update_bundle_file_from_url: Decompression failed."
 			rm -f "$final_path"
 			rm -f "$file_path"
 			return 1
@@ -134,7 +152,6 @@ handle_download_url() {
 	local file_name="${sanitized_url##*/}" # Get everything after the last '/'
 
 	local bundle_file_name="${file_name}.urlbundle"
-	local unprocessed_file=0
 	local file_path="${sanitized_url#file://}"
 
 	if echo "$sanitized_url" | grep -qE "^https?://|^file://"; then
@@ -153,7 +170,7 @@ handle_download_url() {
 		fi
 
 		if [ -n "$previous_bundle_size" ] && [ "$bundle_file_size" -eq "$previous_bundle_size" ]; then
-			return
+			return 0
 		fi
 
 		if echo "$sanitized_url" | grep -q "^file://" && ! echo "$sanitized_url" | grep -Eq "\.(xz|gz)$"; then
@@ -161,7 +178,7 @@ handle_download_url() {
 			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
 			echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
 			ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${file_path}\",\"bundle_name\":\"${bundle_name}\"}"
-			return
+			return 0
 		fi
 
 		# Remove existing entries
@@ -173,11 +190,9 @@ handle_download_url() {
 		update_bundle_file_from_url "$sanitized_url" "$bundle_file_name" "$bundle_file_size" "$bundle_name" "$file_name"
 		return $?
 	else
-		logger -p info "Error: Unsupported URL format for ${bundle_file_name}"
+		log_info "Error: Unsupported URL format for ${bundle_file_name}"
 		return 1
 	fi
-
-	return 0
 }
 
 cleanup_bundle_files() {
@@ -189,7 +204,7 @@ cleanup_bundle_files() {
 	get_download_url() {
 		local section="$1"
 		config_get url "$section" download_url
-		config_get_bool enable "$1" enable 0
+		config_get_bool enable "$1" enable 1
 
 		if [ "${enable}" -eq 0 ]; then
 			# bundle is disabled
@@ -222,38 +237,56 @@ cleanup_bundle_files() {
 	done
 }
 
+cleanup_bundle_sizes() {
+	downloaded_bundle_names="$(cat "$bundle_sizes" | cut -d '.' -f 1)"
+
+	for name in $downloaded_bundle_names; do
+		if ls ${stringstore_dir}/${name}* 2>&1 | grep -qF '.store'; then
+			if ls ${stringstore_dir}/${name}* 2>&1 | grep -q cmph; then
+				continue
+			fi
+		fi
+
+		sed -i "/$name/d" "$bundle_sizes"
+	done
+}
+
 # Main handler for all profile URL bundles
 handle_filter_for_bundles() {
-	ubus -t 20 wait_for bbfdm.parentalcontrol
+	local urlfilter
 
-	if [ "$?" -ne 0 ]; then
-		logger -p error "bbfdm.parentalcontrol object not found"
-		return
+	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+	# if urlfilter is not enabled, then return
+	if [ "${urlfilter}" -ne "1" ]; then
+		log_info "urlfilter feature not enabled"
+		return 0
 	fi
 
 	initialize_environment
 
 	cleanup_bundle_files "$bundle_dir"
 	cleanup_bundle_files "$stringstore_dir"
+	cleanup_bundle_sizes
 
 	config_load parentalcontrol
 
 	config_get_bool enable globals enable 0
 	if [ "${enable}" -eq 0 ]; then
+		log_info "parental-control feature not enabled"
 		# Parental control is disabled
 		return 0
 	fi
 
-	local profile enable bundles bundle_name download_url
-
 	check_bundle_exists() {
-		local cfg="$1"
+		local enable download_url name cfg
+
+		cfg="$1"
 		config_get name "$cfg" name
-		config_get_bool enable "$cfg" enable 0
+		config_get_bool enable "$cfg" enable 1
 		config_get download_url "$cfg" download_url
 
 		if [ "${enable}" -eq 0 ]; then
-			# bundle is disabled
+			log_info "Skipping bundle ${name} not enabled"
 			return 0
 		fi
 
@@ -274,6 +307,6 @@ handle_filter_for_bundles() {
 # Open file descriptor 200 for locking
 exec 200>"$LOCKFILE"
 # Try to acquire an exclusive lock; exit if another instance is running
-flock -n 200 || { logger -p info "sync_bundles.sh is already running, exiting."; exit 1; }
+flock -n 200 || { log_info "sync_bundles.sh is already running, exiting."; exit 1; }
 
 handle_filter_for_bundles

parental-control/files/urlbundle_override.json

@@ -0,0 +1,89 @@
+{
+    "json_plugin_version": 2,
+    "Device.X_IOWRT_EU_ParentalControl.": {
+        "type": "object",
+        "protocols": [
+            "cwmp",
+            "usp"
+        ],
+        "access": false,
+        "array": false,
+        "DefaultBundles": {
+            "type": "string",
+            "protocols": [
+                "none"
+            ],
+            "read": true,
+            "write": false
+        },
+        "MaxBlockHistory": {
+            "type": "unsignedInt",
+            "protocols": [
+                "none"
+            ],
+            "read": true,
+            "write": true,
+            "datatype": "unsignedInt"
+        },
+        "BlockHistoryNumberOfEntries": {
+            "type": "unsignedInt",
+            "read": true,
+            "write": false,
+            "protocols": [
+                "none"
+            ],
+            "datatype": "unsignedInt"
+        },
+        "URLBundleNumberOfEntries": {
+            "type": "unsignedInt",
+            "read": true,
+            "write": false,
+            "protocols": [
+                "none"
+            ],
+            "datatype": "unsignedInt"
+        },
+        "Device.X_IOWRT_EU_ParentalControl.BlockHistory.": {
+            "type": "object",
+            "protocols": [
+                "none"
+            ],
+            "access": false,
+            "array": true
+        },
+        "Device.X_IOWRT_EU_ParentalControl.URLBundle.": {
+            "type": "object",
+            "protocols": [
+                "none"
+            ],
+            "access": true,
+            "array": true
+        }
+    },
+    "Device.X_IOWRT_EU_ParentalControl.Profile.{i}.": {
+        "type": "object",
+        "protocols": [
+            "cwmp",
+            "usp"
+        ],
+        "access": true,
+        "array": true,
+        "URLFilterNumberOfEntries": {
+            "type": "unsignedInt",
+            "read": true,
+            "write": false,
+            "protocols": [
+                "none"
+            ],
+            "datatype": "unsignedInt"
+        },	
+	"Device.X_IOWRT_EU_ParentalControl.Profile.{i}.URLFilter.": {
+            "type": "object",
+            "protocols": [
+                "none"
+            ],
+            "access": true,
+            "array": true
+        }
+    }
+}

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_assoclist.sh

@@ -1,11 +1,30 @@
-interfaces=$(uci show wireless | grep "ifname=" |  awk -F'[.,=]' '{print$2}')
-for int in $interfaces; do
-	mode=$(uci get "wireless.${int}.mode")
+. /lib/functions.sh
+
+handle_interface() {
+	local config="${1}"
+	local prefix="${2}"
+
+	config_get ifname "${config}" ifname
+	config_get mode ${config} mode
+
 	if [ "$mode" = "ap" ] ; then
-		ap_int=$(uci get "wireless.${int}.ifname")
-		echo "Get assoc list for ${ap_int}"
-		ubus call "wifi.ap.${ap_int}" assoclist
-		echo "Get station info for ${ap_int}"
-		ubus call "wifi.ap.${ap_int}" stations
+		echo "Get assoc list for ${ifname}"
+		ubus call "${prefix}.${ifname}" assoclist
+		echo "Get station info for ${ifname}"
+		ubus call "${prefix}.${ifname}" stations
 	fi
-done
+}
+
+handle_wifi_interface() {
+	handle_interface "$1" "wifi.ap"
+}
+
+handle_mld_interface() {
+	handle_interface "$1" "wifi.apmld"
+}
+
+config_load wireless
+echo "Get associated stations information for non-MLD interfaces"
+config_foreach handle_wifi_interface wifi-iface
+echo "Get associated stations information for MLD interfaces"
+config_foreach handle_mld_interface wifi-mld

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_sta.sh

@@ -22,3 +22,4 @@ handle_interface() {
 
 config_load wireless
 config_foreach handle_interface wifi-iface
+config_foreach handle_interface wifi-mld

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_status.sh

@@ -0,0 +1,36 @@
+. /lib/functions.sh
+
+handle_interface() {
+	local config="${1}"
+	local prefix="${2}"
+
+	config_get ifname "${config}" ifname
+	config_get mode ${config} mode
+
+	if [ "$mode" = "ap" ] ; then
+		echo "Get status for ${ifname}"
+		ubus call "${prefix}.${ifname}" status
+	elif [ "$mode" = "sta" ] ; then
+		echo "Get status for bSTA ${ifname}"
+		ubus call "wifi.bsta.${ifname}" status
+	fi
+}
+
+handle_wifi_interface() {
+	handle_interface "$1" "wifi.ap"
+}
+
+handle_mld_interface() {
+	handle_interface "$1" "wifi.apmld"
+}
+
+config_load wireless
+echo "Get wifi status"
+ubus call wifi status
+
+echo "Get wifi status for ap & bsta interfaces"
+config_foreach handle_wifi_interface wifi-iface
+
+echo "Get wifi status for apmld interfaces"
+config_foreach handle_mld_interface wifi-mld
+

self-diagnostics/files/usr/share/self-diagnostics/spec/network.json

@@ -94,6 +94,16 @@
 					"file": "/tmp/dhcp.client.options"
 				}
 			]
+		},
+		{
+			"description": "Firewall fw3 reload status",
+			"cmd": "cat /var/log/firewall.log",
+			"dependency" : [
+				{
+					"type": "file",
+					"file": "/var/log/firewall.log"
+				}
+			]
 		}
 	]
 }

self-diagnostics/files/usr/share/self-diagnostics/spec/wifi.json

@@ -13,7 +13,8 @@
 		},
 		{
 			"description": "WiFi Status",
-			"cmd": "ubus call wifi status"
+			"cmd": "sh /usr/share/self-diagnostics/helper/wifi_status.sh",
+			"timeout": 10
 		},
 		{
 			"description": "WiFi Radio Status",

sshmngr/files/common/usr/libexec/rpcd/sshmngr

@@ -82,22 +82,15 @@ case "$1" in
 						# if pid equals server pid then skip
 						[ "$session_pid" -eq "$server_pid" ] && continue
 
-						# get this session's ppid
-						session_ppid="$(grep PPid /proc/$session_pid/status | awk '{print $2}')"
-
-						# if session's parent is this server
-						if [ "$session_ppid" -eq "$server_pid" ]; then
-							session="$(netstat -ntp | grep $session_pid/ | awk '{print $5,$7}' | cut -d'/' -f 1)"
-
-							# return session IP, Port, PID
-							ip=$(echo "$session" | cut -d ':' -f 1)
-							port=$(echo "$session" | cut -d ':' -f 2 | cut -d ' ' -f 1)
-							pid=$(echo "$session" | cut -d ':' -f 2 | cut -d ' ' -f 2)
+						network_info="$(get_network_info "$session_pid" "$server_pid")"
+						if [ $? -eq 0 ]; then
+							ip=$(echo "$network_info" | cut -d' ' -f1)
+							port=$(echo "$network_info" | cut -d' ' -f2)
 
 							json_add_object
 							json_add_string "ip" "$ip"
 							json_add_string "port" "$port"
-							json_add_string "pid" "$pid"
+							json_add_string "pid" "$session_pid"
 							json_close_object
 						fi
 					done
@@ -142,10 +135,14 @@ case "$1" in
 						[ "$session_pid" -eq "$server_pid" ] && continue
 
 						# get this session's ppid
-						session_ppid="$(grep PPid /proc/$session_pid/status | awk '{print $2}')"
+						session_ppid="$(grep PPid /proc/$session_pid/status 2>/dev/null | awk '{print $2}')"
+						[ -z "$session_ppid" ] && continue
 
-						# if session's parent is this server
-						if [ "$session_ppid" -eq "$server_pid" ]; then
+						# get the parent of the parent (the grandparent)
+						grandparent_pid="$(grep PPid /proc/$session_ppid/status 2>/dev/null | awk '{print $2}')"
+
+						# if session's parent or grandparent is this server
+						if [ "$session_ppid" -eq "$server_pid" ] || { [ -n "$grandparent_pid" ] && [ "$grandparent_pid" -eq "$server_pid" ]; }; then
 							kill -15 "$session_pid"
 						fi
 					done

sshmngr/files/dropbear_backend/lib/sshmngr/backend.sh

@@ -17,5 +17,26 @@ get_session_pids()
 {
 	local PidFile="$1"
 
-	echo "$(ps -w | grep $PidFile | grep -v grep | awk '{print $1}')"
+	echo "$(ps -w | grep "$PidFile" | grep -v grep | awk '{print $1}')"
+}
+
+get_network_info()
+{
+	local session_pid="$1"
+	local server_pid="$2"
+
+	# get this session's ppid
+	session_ppid="$(grep PPid /proc/$session_pid/status | awk '{print $2}')"
+
+	# if session's parent is this server
+	if [ "$session_ppid" -eq "$server_pid" ]; then
+		session="$(netstat -ntp | grep "$session_pid/" | awk '{print $5,$7}' | cut -d'/' -f 1)"
+		if [ -n "$session" ]; then
+			ip=$(echo "$session" | cut -d ':' -f 1)
+			port=$(echo "$session" | cut -d ':' -f 2 | cut -d ' ' -f 1)
+			echo "$ip $port"
+			return 0
+		fi
+	fi
+	return 1
 }

sshmngr/files/openssh_backend/lib/sshmngr/backend.sh

@@ -17,3 +17,39 @@ get_session_pids()
 {
 	echo "$(ps -w | grep sshd | grep pts | awk '{print $1}')"
 }
+
+get_network_info()
+{
+	local session_pid="$1"
+	local server_pid="$2"
+	local session_info=""
+	local ip=""
+	local port=""
+
+	# get this session's ppid
+	session_ppid="$(grep PPid /proc/$session_pid/status 2>/dev/null | awk '{print $2}')"
+	[ -z "$session_ppid" ] && return 1
+
+	# get the parent of the parent (the grandparent)
+	grandparent_pid="$(grep PPid /proc/$session_ppid/status 2>/dev/null | awk '{print $2}')"
+
+	# if session's parent, or grandparent, is this server
+	if [ "$session_ppid" -eq "$server_pid" ] || { [ -n "$grandparent_pid" ] && [ "$grandparent_pid" -eq "$server_pid" ]; }; then
+		# The connection is usually handled by the parent process for openssh
+		session_info="$(netstat -ntp 2>/dev/null | awk -v pid="$session_ppid" '$7 ~ "^"pid"/" {print $5}')"
+
+		# If not found on parent, check the child process itself (less common for openssh)
+		if [ -z "$session_info" ]; then
+			session_info="$(netstat -ntp 2>/dev/null | awk -v pid="$session_pid" '$7 ~ "^"pid"/" {print $5}')"
+		fi
+
+		if [ -n "$session_info" ]; then
+			ip=$(echo "$session_info" | cut -d ':' -f 1)
+			port=$(echo "$session_info" | cut -d ':' -f 2)
+			echo "$ip $port"
+			return 0
+		fi
+	fi
+
+	return 1
+}

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=4.1.5
+PKG_VERSION:=5.1.4
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=359894b8bfbdd595c547f01c6a173a89a973ba8e
+PKG_SOURCE_VERSION:=af171808ec22fc14c31b511b85eb431c4090adf1
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=4.1.5
+PKG_VERSION:=5.1.4
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=006e7cc0cb091d5fe9c68019020906946b0ce7f4
+PKG_SOURCE_VERSION:=af171808ec22fc14c31b511b85eb431c4090adf1
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,7 +28,8 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-shadow +usermngr +jq +userinterface +obuspa +qrencode
+	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa
+	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
 	EXTRA_DEPENDS:=nginx
 endef
 
@@ -95,13 +96,8 @@ endef
 
 define Package/sulu/install/Default
 	$(INSTALL_DIR) $(1)/sulu/
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_BIN) ./files/etc/config/sulu $(1)/etc/config/sulu
-
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
-
 	$(INSTALL_DIR) $(1)/etc/sulu
+
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
 	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
 
@@ -109,9 +105,9 @@ define Package/sulu/install/Default
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-config $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/40-add-sulu-config $(1)/etc/uci-defaults/
 ifneq ($(CONFIG_SULU_DEFAULT_UI)$(CONFIG_SULU_BUILDER_DEFAULT_UI),)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
 endif
 endef
 
@@ -128,7 +124,6 @@ define Package/sulu/install
 	$(Package/sulu/install/Post)
 endef
 
-
 define Package/sulu-builder/install
 	$(Package/sulu/install/Default)
 	$(INSTALL_DIR) $(1)/sulu/presets