map-agent: 5.0.1

2025-12-25 11:33:53 +08:00 · 2021-07-06 13:03:32 +02:00
203 changed files with 4841 additions and 9549 deletions
--- a/bbf/Config_bbfdm.in
+++ b/bbf/Config_bbfdm.in
@@ -1,3 +1,5 @@
+if PACKAGE_libbbfdm
+
 config BBF_VENDOR_EXTENSION
 	bool "Enable Vendor Extension"
 	default y
@@ -10,6 +12,10 @@ config BBF_VENDOR_PREFIX
 	string "Vendor Prefix"
 	default "X_IOPSYS_EU_"

+config BBF_TR181
+	bool "Enable TR-181 Data Model Support"
+	default y
+
 config BBF_TR104
 	bool "Enable TR-104 Data Model Support"
 	default y
@@ -18,14 +24,4 @@ config BBF_TR143
 	bool "Enable TR-143 Data Model Support"
 	default y

-config BBFDM_ENABLE_JSON_PLUGIN
-	bool "Enable json plugin to extend datamodel"
-	default y
-
-config BBFDM_ENABLE_DOTSO_PLUGIN
-	bool "Enable shared library plugin to extend datamodel"
-	default y
-
-config BBF_MAX_OBJECT_INSTANCES
-	int "Maximum number of instances per object"
-	default 255
+endif
--- a/bbf/Makefile
+++ b/bbf/Makefile
@@ -1,69 +1,41 @@
 #
-# Copyright (C) 2022 IOPSYS
+# Copyright (C) 2021 IOPSYS
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=libbbfdm
-PKG_VERSION:=6.8.9.25
-
-PKG_SOURCE_PROTO:=git
+PKG_VERSION:=4.3.6
+PKG_FIXUP:=autoreconf
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bbf.git
-PKG_SOURCE_VERSION:=e87b25b08294c608aef1e73d1268b35073097592
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=ece9282e8f1de4405c5e58a4c6a6263fd0cd7f81
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)

-PKG_RELEASE=$(PKG_SOURCE_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

 PKG_LICENSE:=LGPL-2.1
 PKG_LICENSE_FILES:=LICENSE

 include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk

 define Package/libbbf_api
-  SECTION:=utils
-  CATEGORY:=Utilities
-  SUBMENU:=TRx69
+  SECTION:=libs
+  CATEGORY:=Libraries
+  SUBMENU:=BBF
  TITLE:=Library for libbbfdm API
-endef
-
-define Package/libbbfdm/default
-  SECTION:=utils
-  CATEGORY:=Utilities
-  SUBMENU:=TRx69
-  TITLE:=Library for broadband forum data model support
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libtrace +libcurl
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c
 endef

 define Package/libbbfdm
-  $(Package/libbbfdm/default)
-  TITLE += (internal)
-  VARIANT:=internal
-endef
-
-define Package/libbbfdm-mbedtls
-  $(Package/libbbfdm/default)
-  TITLE += (mbedtls)
-  DEPENDS += +PACKAGE_libbbfdm-mbedtls:libmbedtls
-  VARIANT:=mbedtls
-  DEFAULT_VARIANT:=1
-endef
-
-define Package/libbbfdm-openssl
-  $(Package/libbbfdm/default)
-  TITLE += (openssl)
-  DEPENDS += +PACKAGE_libbbfdm-openssl:libopenssl
-  CONFLICTS := libbbfdm-mbedtls
-  VARIANT:=openssl
-endef
-
-define Package/libbbfdm-wolfssl
-  $(Package/libbbfdm/default)
-  TITLE += (wolfssl)
-  DEPENDS += +PACKAGE_libbbfdm-wolfssl:libwolfssl
-  CONFLICTS := libbbfdm-mbedtls libbbfdm-openssl
-  VARIANT:=wolfssl
+  SECTION:=libs
+  CATEGORY:=Libraries
+  SUBMENU:=BBF
+  TITLE:=Library for broadband-forum data model
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libtrace +libbbf_api +libopenssl +libmbedtls +libcurl
 endef

 define Package/libbbfdm/config
@@ -85,97 +57,77 @@ define Build/Prepare
 endef
 endif

-CMAKE_OPTIONS += \
-	-DBBF_TR181=ON
+TARGET_CFLAGS += -DBBF_VENDOR_LIST=\\\"$(CONFIG_BBF_VENDOR_LIST)\\\"
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
+
+TARGET_CFLAGS += \
+	-D_GNU_SOURCE -D_AADJ
+
+ifeq ($(CONFIG_BBF_TR181),y)
+CONFIGURE_ARGS += \
+	--enable-tr181
+endif

 ifeq ($(CONFIG_BBF_TR104),y)
-CMAKE_OPTIONS += \
-	-DBBF_TR104=ON
+CONFIGURE_ARGS += \
+	--enable-tr104
 endif

 ifeq ($(CONFIG_BBF_TR143),y)
-CMAKE_OPTIONS += \
-	-DBBF_TR143=ON
+CONFIGURE_ARGS += \
+	--enable-tr143
+endif
+
+ifeq ($(CONFIG_PACKAGE_libopenssl),y)
+CONFIGURE_ARGS += \
+	--enable-libopenssl
+endif
+
+ifeq ($(CONFIG_PACKAGE_libmbedtls),y)
+CONFIGURE_ARGS += \
+	--enable-libmbedtls
 endif

 ifeq ($(CONFIG_BBF_VENDOR_EXTENSION),y)
-CMAKE_OPTIONS += \
-	-DBBF_VENDOR_EXTENSION=ON
+CONFIGURE_ARGS += \
+	--enable-vendor-extension

-CMAKE_OPTIONS += \
-	-DBBF_VENDOR_LIST:String="$(CONFIG_BBF_VENDOR_LIST)" \
-	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
-	-DBBF_MAX_OBJECT_INSTANCES:Integer=$(CONFIG_BBF_MAX_OBJECT_INSTANCES)
+CONFIGURE_ARGS += \
+	BBF_VENDOR_LIST="$(CONFIG_BBF_VENDOR_LIST)"

 endif ##CONFIG_BBF_VENDOR_EXTENSION

-ifeq ($(CONFIG_BBFDM_ENABLE_JSON_PLUGIN),y)
-CMAKE_OPTIONS += \
-	-DBBF_JSON_PLUGIN=ON
-endif
-
-ifeq ($(CONFIG_BBFDM_ENABLE_DOTSO_PLUGIN),y)
-CMAKE_OPTIONS += \
-	-DBBF_DOTSO_PLUGIN=ON
-endif
-
-ifeq ($(BUILD_VARIANT),openssl)
-CMAKE_OPTIONS += -DWITH_OPENSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),wolfssl)
-CMAKE_OPTIONS += -DWITH_WOLFSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),mbedtls)
-CMAKE_OPTIONS += -DWITH_MBEDTLS=ON
-endif
-
 define Package/libbbf_api/install
 	$(INSTALL_DIR) $(1)/lib
+	$(CP) $(PKG_BUILD_DIR)/bin/.libs/libbbf_api.so* $(1)/lib/
 endef

-define Package/libbbfdm/default/install
+define Package/libbbfdm/install
 	$(INSTALL_DIR) $(1)/lib
+	$(CP) $(PKG_BUILD_DIR)/bin/.libs/libbbfdm.so* $(1)/lib/
 	$(INSTALL_DIR) $(1)/usr/share/bbfdm
+	$(CP) $(PKG_BUILD_DIR)/scripts/* $(1)/usr/share/bbfdm
 	$(INSTALL_DIR) $(1)/etc/bbfdm
 	$(INSTALL_DIR) $(1)/etc/bbfdm/dmmap
 	$(INSTALL_DIR) $(1)/etc/bbfdm/json
 	$(INSTALL_DIR) $(1)/usr/lib/bbfdm
-	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm.so $(1)/lib/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/* $(1)/usr/share/bbfdm
-	$(LN) /usr/share/bbfdm/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
 endef

-define Package/libbbfdm/default/prerm
+define Package/libbbfdm/prerm
 	#!/bin/sh
-	rm -rf /etc/bbfdm/dmmap/*
+	rm -rf /etc/bbfdm/*
 	exit 0
 endef

-Package/libbbfdm-openssl/prerm = $(Package/libbbfdm/default/prerm)
-Package/libbbfdm-wolfssl/prerm = $(Package/libbbfdm/default/prerm)
-Package/libbbfdm-mbedtls/prerm = $(Package/libbbfdm/default/prerm)
-
-Package/libbbfdm-openssl/install = $(Package/libbbfdm/default/install)
-Package/libbbfdm-wolfssl/install = $(Package/libbbfdm/default/install)
-Package/libbbfdm-mbedtls/install = $(Package/libbbfdm/default/install)
-
 define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/include/libbbfdm
 	$(INSTALL_DIR) $(1)/usr/include/libbbf_api
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/include/*.h $(1)/usr/include/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/*.h $(1)/usr/include/libbbfdm/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbf_api/*.h $(1)/usr/include/libbbf_api/
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm.so $(1)/usr/lib/
-	touch $(1)/usr/lib/libbbf_api.so
+	$(CP) $(PKG_BUILD_DIR)/*.h $(1)/usr/include/libbbfdm/
+	$(CP) $(PKG_BUILD_DIR)/libbbf_api/*.h $(1)/usr/include/libbbf_api/
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/bin/.libs/libbbfdm.{a,so*} $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/bin/.libs/libbbf_api.{a,so*} $(1)/usr/lib/
 endef

 $(eval $(call BuildPackage,libbbf_api))
 $(eval $(call BuildPackage,libbbfdm))
-$(eval $(call BuildPackage,libbbfdm-openssl))
-$(eval $(call BuildPackage,libbbfdm-wolfssl))
-$(eval $(call BuildPackage,libbbfdm-mbedtls))
--- a/bulkdata/Makefile
+++ b/bulkdata/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2022 iopsys Software Solutions AB
+# Copyright (C) 2020 iopsys Software Solutions AB
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,25 +8,20 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bulkdata
-PKG_VERSION:=2.0.3.1
+PKG_VERSION:=1.0.1

-LOCAL_DEV:=0
-ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_VERSION:=e4f39d1bf4678fc05b9d02e81b194c70719909e4
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bulkdata.git
-PKG_SOURCE_VERSION:=33a6648de9ee0af33c44518656b56b0a30b6c1ab
+
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
-endif
-
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

 PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=LICENSE

-PKG_BUILD_DEPENDS:=bbf
-
 include $(INCLUDE_DIR)/package.mk

 define Package/$(PKG_NAME)
@@ -34,24 +29,21 @@ define Package/$(PKG_NAME)
  CATEGORY:=Utilities
  SUBMENU:=TRx69
  TITLE:=BBF BulkData Collection
-  DEPENDS:=+libubus +libuci +libubox +libjson-c +libcurl +libblobmsg-json
+  DEPENDS:=+libubus +libuci +libubox +libjson-c +libcurl +curl +libblobmsg-json +libbbfdm +libbbf_api
+endef
+
+define Package/$(PKG_NAME)/description
+	BBF BulkData Collection
 endef

 TARGET_CFLAGS += \
-	-D_GNU_SOURCE \
-	-Wall -Werror
-
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-	$(CP) -rf ~/git/bulkdata/* $(PKG_BUILD_DIR)/
-endef
-endif
+	-D_GNU_SOURCE

 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bulkdatad $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/usr/lib/bbfdm
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bbf_plugin/*.so $(1)/usr/lib/bbfdm
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/*.so $(1)/usr/lib/bbfdm
 	$(CP) ./files/* $(1)/
 endef

--- a/bulkdata/files/etc/config/bulkdata
+++ b/bulkdata/files/etc/config/bulkdata
@@ -1,6 +1,43 @@

 config bulkdata 'bulkdata'
 	option enable '0'
-	#Log levels: Error=1, Warning=2, Info=3, Debug=4
+	#Log levels: Critical=0, Warning=1, Notice=2, Info=3, Debug=4
 	option log_level '3'

+config profile
+	option profile_id '1'
+	option enable '0'
+	option name ''
+	option nbre_of_retained_failed_reports '0'
+	option protocol 'http'
+	option encoding_type ''
+	option reporting_interval '86400'
+	option time_reference '0'
+	option csv_encoding_field_separator ','
+	option csv_encoding_row_separator '&#10;'
+	option csv_encoding_escape_character '&quot;'
+	option csv_encoding_report_format 'column'
+	option csv_encoding_row_time_stamp 'unix'
+	option json_encoding_report_format 'objecthierarchy'
+	option json_encoding_report_time_stamp 'unix'
+	option http_url ''
+	option http_username ''
+	option http_password ''
+	option http_compression 'none'
+	option http_method 'post'
+	option http_use_date_header '1'
+	option http_retry_enable '0'
+	option http_retry_minimum_wait_interval '5'
+	option http_retry_interval_multiplier '2000'
+	option http_persist_across_reboot '0'
+
+config profile_parameter
+	option profile_id '1'
+	option name ''
+	option reference ''
+
+config profile_http_request_uri_parameter
+	option profile_id '1'
+	option name ''
+	option reference ''
+
--- a/bulkdata/files/etc/init.d/bulkdatad
+++ b/bulkdata/files/etc/init.d/bulkdatad
@@ -1,4 +1,7 @@
 #!/bin/sh /etc/rc.common
+# Bulkdata Software
+# Copyright (C) 2020 iopsys Software Solutions AB
+# Author: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>

 START=99
 STOP=10
@@ -7,16 +10,13 @@ USE_PROCD=1
 PROG="/usr/sbin/bulkdatad"

 start_service() {
-	local enable=$(uci -q get bulkdata.bulkdata.enable)
-
-	[ "$enable" != "1" ] && {
-		return 0
-	}
-
-	procd_open_instance
-	procd_set_param command "$PROG"
-	procd_set_param respawn "3" "7" "0"
-	procd_close_instance
+	local bulkdata_enable=`uci -q get bulkdata.bulkdata.enable`
+	if [ "$bulkdata_enable" = "1" ]; then
+		procd_open_instance
+		procd_set_param command "$PROG"
+		procd_set_param respawn "3" "7" "0"
+		procd_close_instance
+	fi
 }

 boot() {
--- a/bulkdata/files/etc/uci-defaults/95-bulkdata-translation-options
+++ b/bulkdata/files/etc/uci-defaults/95-bulkdata-translation-options
@@ -1,75 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-PROFILE_COUNT=1
-
-get_next_count()
-{
-	local config="$1"
-	local default_name="${2}"
-	local count=${3}
-	local found=0
-
-	if [ -z "$count" ]; then
-		count=1
-	fi
-
-	while [ "${found}" -ne 1 ]; do
-		uci -q get ${config}.${default_name}_${count} >/dev/null
-		if [ $? -eq 0 ]; then
-			count=$((count + 1))
-		else
-			found=1;
-		fi
-	done
-
-	echo "${default_name}_${count}"
-}
-
-translate_profile_id_to_profile_name() {
-	local section="${1}"
-	local profile_id="${2}"
-	local profile_name="${3}"
-	local curr_profile_id
-
-	config_get curr_profile_id "${section}" profile_id
-
-	[ -n "${curr_profile_id}" ] || return
-	
-	[ "${curr_profile_id}" != "${profile_id}" ] && return
-
-	uci -q set bulkdata.${section}.profile_name="${profile_name}"
-	uci -q set bulkdata.${section}.profile_id=""	
-}
-
-update_profile_sections() {
-	local section="${1}"
-	local default="${2}"
-	local profile_name
-
-	config_get profile_id "${section}" profile_id
-
-	[ -n "${profile_id}" ] || return
-
-	case "${section}" in
-		"cfg"*)
-			profile_name="$(get_next_count bulkdata ${default} ${PROFILE_COUNT})"
-			uci_rename bulkdata "${section}" "${profile_name}"
-		;;
-	esac
-	PROFILE_COUNT=$((PROFILE_COUNT + 1))
-
-	[ -n "$profile_name" ] && section="${profile_name}"
-
-	uci -q set bulkdata.${section}.profile_id=""
-
-	config_foreach translate_profile_id_to_profile_name profile_parameter "${profile_id}" "${profile_name}"
-	config_foreach translate_profile_id_to_profile_name profile_http_request_uri_parameter "${profile_id}" "${profile_name}"
-}
-
-config_load bulkdata
-config_foreach update_profile_sections profile profile
-uci commit bulkdata
-
-exit 0
--- a/crashlog/Makefile
+++ b/crashlog/Makefile
@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2019 iopsys Software Solutions AB
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=crashlog
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=1
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+PKG_LICENSE:=GPLv2
+PKG_LICENSE_FILES:=none
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/crashlog
+  CATEGORY:=Utilities
+  TITLE:=Handling kernel crash logs
+endef
+
+define Package/crashlog/description
+	Handling kernel crash logs.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./files/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+endef
+
+define Package/crashlog/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,crashlog))
--- a/crashlog/files/etc/dropbear/logid
+++ b/crashlog/files/etc/dropbear/logid
--- a/crashlog/files/etc/init.d/corelog
+++ b/crashlog/files/etc/init.d/corelog
@@ -0,0 +1,11 @@
+#!/bin/sh /etc/rc.common
+
+START=01
+
+start()
+{
+    if [ -e /proc/sys/kernel/core_pattern ]
+    then
+	echo "|/sbin/logcore %e %s" > /proc/sys/kernel/core_pattern
+    fi
+}
--- a/crashlog/files/etc/init.d/crashlog
+++ b/crashlog/files/etc/init.d/crashlog
@@ -0,0 +1,55 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+send_log()
+{
+	nr=$(db get hw.board.serial_number)
+	hw=$(db get hw.board.model_name)
+	fam=$(db get hw.board.iopVerFam)
+	sw=$(db get hw.board.iopVersion)
+	server=$(/sbin/uci get system.crashlog.server)
+
+	while true
+	do
+	    scp  -S /usr/sbin/logssh /proc/last_kmsg log@${server}:log/${fam}_${hw}_${sw}_${nr}
+	    if [ $? == 0 ]
+	    then
+	       break;
+	    fi
+	    # wait for another minute then try again
+	    sleep 60
+	done
+}
+
+fill_in_default()
+{
+    /sbin/uci add system log
+    /sbin/uci rename system.@log[-1]=crashlog
+    /sbin/uci set system.crashlog.enable=no
+    /sbin/uci set system.crashlog.server="crashlog.iopsys.eu"
+    /sbin/uci commit
+}
+
+boot()
+{
+    # is crashlog enabled ?
+    enable=$(/sbin/uci get system.crashlog.enable)
+    case $enable in
+	0|no|NO|false|FALSE)
+	    exit 0
+	    ;;
+	"")
+	    fill_in_default
+	    exit 0
+	    ;;
+    esac
+
+    # is this boot a result from a crash ?
+    reason=$(cat /etc/boot_reason)
+    case $reason in
+	HW|WD)
+	    send_log&
+	    ;;
+    esac
+}
--- a/crashlog/files/sbin/logcore
+++ b/crashlog/files/sbin/logcore
@@ -0,0 +1,60 @@
+#! /bin/sh
+
+TMP_CORE=/tmp/new_core
+# first test if we can contact the log server.
+# if not abort directly the core file takes up memory
+alive()
+{
+	ping -c1 $server
+
+	if [ $? != 0 ]
+	then
+		# drain core file from kernel
+		cat >/dev/null
+		exit 0
+	fi
+}
+
+fill_in_default()
+{
+    /sbin/uci add system log
+    /sbin/uci rename system.@log[-1]=corelog
+    /sbin/uci set system.corelog.enable=no
+    /sbin/uci set system.corelog.server="corelog.iopsys.eu"
+    /sbin/uci commit
+}
+
+# is corelog enabled ?
+enable=$(/sbin/uci get system.corelog.enable)
+case $enable in
+    0|no|NO|false|FALSE)
+	# drain core file from kernel
+	cat >/dev/null
+	exit 0
+	;;
+    "")
+	fill_in_default
+	exit 0
+	;;
+esac
+
+server=$(/sbin/uci get system.corelog.server)
+
+alive
+
+# dump out the core to disk we need this as scp needs a size before we send data
+# and this is the only way to know how much data there is
+cat >$TMP_CORE
+
+# in case filesystem/memory is full at least kill the core in the kernel memory should give us some
+# more memory to work with. normally this would do nothing.
+cat >/dev/null
+
+nr=$(db get hw.board.serial_number)
+hw=$(db get hw.board.model_name)
+fam=$(hw.board.iopVerFam)
+sw=$(db get hw.board.iopVersion)
+
+scp -S /usr/sbin/logssh $TMP_CORE log@${server}:log/core_${1}_${2}_${fam}_${hw}_${sw}_${nr}
+rm $TMP_CORE
+
--- a/crashlog/files/usr/sbin/logssh
+++ b/crashlog/files/usr/sbin/logssh
@@ -0,0 +1,6 @@
+#!/bin/sh
+# we need to have the -y option to dropbear to not halt the scp when
+# transfering the log file to a new server for the first time.
+# since we already need this also put in the keyfile
+
+ssh -y -i /etc/dropbear/logid $@
--- a/crashlog/readme
+++ b/crashlog/readme
@@ -0,0 +1,42 @@
+Install scp server.
+
+Create a user account on a server and make sure it's possible to login to it
+using ssh.
+
+For now the user has to be called "log"
+
+USER is the user name of the account
+HOME is the user home directory.
+Both should be changed to the correct value in all following example commands.
+
+create HOME/bin
+Put scp_upload in HOME/bin
+make it executable "chmod a+x HOME/bin/scp_upload" 
+
+create home/.ssh   (observer the dot .shh)
+
+create an empty file HOME/.ssh/authorized_keys
+
+-------------------------------
+Now everyhting is setup for use but we have not added any clients.
+What we need is the public key for the clients.
+
+For dropbear "dropbearkey -y -f files/etc/dropbear/logid" will generate the public key.
+
+----------
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwn9RaDAzxW1dTmIhXgFBnpi1lhj8xhYpCVQiPxxdk9IEmH8zjo4y9j3sPkqKOlRnkwjpZIpLEKBnpQTwVIMCU/AG7nDJX3OH9RfS9mLJQLfFL8HyGCyqDezFWldbyovhJZvdUeK4tAXJWv2W3OVHiz2L8IlncBgP/E9DJElsyhhQHsM96UE6tBkXsvXkoDbMSYXFcLbgiUwBKfmM2BF/aPDL45iznGur7/2j9v95PwJ0gtMu9jjNRq+pXCXhTh3bsnczm0MpZC1aiRc9nJAeGIMmhrf15E4jBKgTnrstzJxGVAdajKeR954KcNsS33cS2Wmui2YjmPbBXjqf1frzJ log@iopsys
+----------
+
+The public key should be just one line. Add that line to the 
+HOME/.ssh/authorized_keys file on the scp server. Then add the follwoing as
+the first text on the same line. that is insert before the key data.
+
+command="HOME/bin/scp_upload",no-port-forwarding,no-agent-forwarding,no-X11-forwarding 
+
+Do not forget to change HOME to the correct value for the server and there 
+should be one space separating the key data and the above text.
+---------------------------------
+Now test to make sure that you can upload new files, not download files
+and not overwrite files from the client.
+
+
--- a/crashlog/scp_upload
+++ b/crashlog/scp_upload
@@ -0,0 +1,53 @@
+#! /bin/bash
+# authorized_keys command="/home/boxi/my_scp",no-port-forwarding,no-agent-forwarding,no-X11-forwarding
+
+val=`expr match "$SSH_ORIGINAL_COMMAND" "scp"`
+if [ $val != 3 ]
+then
+    echo "only scp is allowed for this rsa key"
+    exit 1
+fi
+
+#strip out "scp" as getopts barf on anything not an option
+
+args=${SSH_ORIGINAL_COMMAND:3}
+
+# we must set args to positional paramters otherwise it's next to impossible
+# to get to the rest of the line that is not arguments.
+
+set -- $args
+while getopts "rftdvpq" Option
+do
+  case $Option in
+    r ) echo "recursive not allowed";exit 1;;
+    f ) echo "reading files not allowed";exit 1;;
+    t ) ;;
+    d ) ;;
+    v ) ;;
+    p ) ;;
+    q ) ;;
+    * ) ;;   # Default.
+  esac
+done
+
+shift $(($OPTIND - 1))
+
+file="$*"
+dir=$(dirname "$file")
+
+if [ "$dir" != "log" ]
+then
+    echo "only allowed to write to log/"
+    exit 1
+fi
+
+# try to create uniq files
+EXTRA=$((0))
+while [ -e "${file}_${EXTRA}" ]
+do
+    EXTRA=$((EXTRA +1))
+done
+
+logger -t scp_upload "${SSH_ORIGINAL_COMMAND}_${EXTRA}"
+
+exec ${SSH_ORIGINAL_COMMAND}_${EXTRA}
--- a/crun/Makefile
+++ b/crun/Makefile
@@ -0,0 +1,81 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=crun
+PKG_VERSION:=0.20
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/containers/crun.git
+PKG_SOURCE_DATE:=2021-06-07
+PKG_SOURCE_VERSION:=8d6a8b5ab80461cfed19f020a36584af13c32038
+PKG_MIRROR_HASH:=9ca1f0e530b33ce8820bd03329eb6731c5050d6e7f35bd2463d9a81cc00382e0
+
+PKG_BUILD_DEPENDS:=argp-standalone
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/crun
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=crun
+  URL:=https://github.com/containers/crun
+  DEPENDS:=@!arc +libseccomp +libcap
+endef
+
+define Package/crun/description
+  A fast and low-memory footprint OCI Container Runtime fully written in C.
+endef
+
+CONFIGURE_ARGS+= \
+	--disable-systemd \
+	--enable-embedded-yajl \
+	--enable-caps \
+	--enable-dl \
+	--enable-seccomp \
+	--enable-bpf
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	$(SED) '/#include <git-version.h>/d' $(PKG_BUILD_DIR)/src/crun.c
+endef
+
+define Build/Configure
+	$(call Build/Configure/Default)
+
+	$(SED) '/#define PACKAGE \"/d' $(PKG_BUILD_DIR)/config.h
+	$(SED) '/#define VERSION \"/d' $(PKG_BUILD_DIR)/config.h
+	$(SED) '/#define GIT_VERSION \"/d' $(PKG_BUILD_DIR)/config.h
+	$(SED) '/#define PACKAGE_BUGREPORT \"/d' $(PKG_BUILD_DIR)/config.h
+	$(SED) '/#define PACKAGE_NAME \"/d' $(PKG_BUILD_DIR)/config.h
+	$(SED) '/#define PACKAGE_STRING \"/d' $(PKG_BUILD_DIR)/config.h
+	$(SED) '/#define PACKAGE_TARNAME \"/d' $(PKG_BUILD_DIR)/config.h
+	$(SED) '/#define PACKAGE_VERSION \"/d' $(PKG_BUILD_DIR)/config.h
+
+	echo "#define PACKAGE \"$(PKG_NAME)\"" >> $(PKG_BUILD_DIR)/config.h
+	echo "#define VERSION \"$(PKG_VERSION)\"" >> $(PKG_BUILD_DIR)/config.h
+	echo "#define PACKAGE_NAME \"$(PKG_NAME)\"" >> $(PKG_BUILD_DIR)/config.h
+	echo "#define PACKAGE_VERSION \"$(PKG_VERSION)\"" >> $(PKG_BUILD_DIR)/config.h
+	echo "#define PACKAGE_STRING \"$(PKG_NAME) $(PKG_VERSION)\"" >> $(PKG_BUILD_DIR)/config.h
+	echo "#define PACKAGE_TARNAME \"$(PKG_NAME)\"" >> $(PKG_BUILD_DIR)/config.h
+	echo "#define PACKAGE_BUGREPORT \"bugs@openwrt.org\"" >> $(PKG_BUILD_DIR)/config.h
+	echo "#define GIT_VERSION \"$(PKG_SOURCE_VERSION)\"" >> $(PKG_BUILD_DIR)/config.h
+endef
+
+define Package/crun/install
+	$(INSTALL_DIR) $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/crun $(1)/usr/bin/
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcrun.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,crun))
--- a/dectmngr/Config.in
+++ b/dectmngr/Config.in
@@ -1,11 +0,0 @@
-if PACKAGE_dectmngr
-
-menu "Configuration"
-
-config ENABLE_LINE_SETTINGS_EXTENSION
-	bool "Enable Line Settings List extension "
-	default y
-
-endmenu
-
-endif
--- a/dectmngr/Makefile
+++ b/dectmngr/Makefile
@@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.5.5
+PKG_VERSION:=3.1.9

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=cf4e91ffe0a1d83140fef5b41d16e581e5341cec
+PKG_SOURCE_VERSION:=f9095eca8404a8121cb4a1c56a25577f5a58773d
 PKG_MIRROR_HASH:=skip
 endif

@@ -34,41 +34,29 @@ include $(INCLUDE_DIR)/package.mk
 define Package/$(PKG_NAME)
 	CATEGORY:=Utilities
 	TITLE:=DECT Manager
-	DEPENDS:= +libubox +ubus +uci +libxml2 +libjson-c
+ 	DEPENDS:= +libubox +ubus
 endef

 define Package/$(PKG_NAME)/description
 	DECT manager is a daemon that provides UBUS RPC objects and sends UBUS events for communication with the DECT chip.
 endef

-define Package/$(PKG_NAME)/config
-	source "$(SOURCE)/Config.in"
-endef
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	rsync -av --exclude=.* ~/git/voip/dectmngr/* $(PKG_BUILD_DIR)/
 endef
 endif

-TARGET_CFLAGS += \
-	-Wall \
-        -Werror \
-	-I$(STAGING_DIR)/usr/include/libxml2
-
-ifeq ($(CONFIG_ENABLE_LINE_SETTINGS_EXTENSION),y)
-TARGET_CFLAGS += -DENABLE_LINE_SETTINGS_EXTENSION
-endif
+MAKE_FLAGS += \
+	CFLAGS+="-Wall"

 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc
-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d

 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/app/dectmngr $(1)/usr/sbin/
 	$(STRIP) $(1)/usr/sbin/dectmngr
 	$(CP) ./files/etc/* $(1)/etc/
-	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/dect $(1)/lib/upgrade/keep.d/dect
 endef

 $(eval $(call BuildPackage,$(PKG_NAME)))
--- a/dectmngr/files/etc/config/dect
+++ b/dectmngr/files/etc/config/dect
@@ -1,3 +0,0 @@
-config dect 'global'
- 	option log_dect_cmbs 'syslog'
-        option log_level 'realtime,warning,error'
--- a/dectmngr/files/etc/dspg/04130011.bin
+++ b/dectmngr/files/etc/dspg/04130011.bin
--- a/dectmngr/files/etc/init.d/dectmngr
+++ b/dectmngr/files/etc/init.d/dectmngr
@@ -11,8 +11,6 @@ PROG=/usr/sbin/dectmngr
 LOG_PATH=/var/log/dectmngr
 DB_PATH=/etc/dect

-DECT_GPIO=$(db -q get hw.board.dect_gpio)
-
 # Ask dectmngr to exit nicely and wait for it to clean up, which is a slow process.
 stop_and_wait_dectmngr() {
 	pidof $NAME && killall -q $NAME
@@ -28,42 +26,22 @@ start_service() {
 	local opt_ext=
 	local rfpi=
 	local model_id=
-	local rxtun=

 	test $(db get hw.board.hasDect) = "0" && return

-	[ -n "$DECT_GPIO" ] && echo 1 > /sys/class/gpio/gpio${DECT_GPIO}/value
+	echo 1 > /sys/class/gpio/gpio14/value

 	rfpi=$(db -q get hw.board.dect_rfpi)
 	[ -n "$rfpi" -a ${#rfpi} -eq 14 ] && opt_ext="$opt_ext -rfpi $rfpi"

-	model_id=$(db -q get hw.board.dect_model_id)
-	[ -n "$model_id" -a ${#model_id} -eq 8 ] || {
-		echo "Invalid hw.board.dect_model_id:$model_id. Set to 30.3B.06"
-		model_id="30.3B.06"
-	}
-	opt_ext="$opt_ext -model $model_id"
-
-	rxtun=$(db -q get hw.board.dect_rxtun)
-	[ -n "$rxtun" -a ${#rxtun} -eq 2 ] && opt_ext="$opt_ext -rxtun $rxtun"
-
-	config_load dect
-	config_get log_dect_cmbs global log_dect_cmbs syslog
+	# model_id=$(db -q get hw.board.dect_model_id)
+	# Setting model_id to 0x010203 is a workaround to reduce synchronisation time of some handset
+	# TODO: remove below line and uncomment the line above to get value from db when the problem is solved
+	model_id="01.02.03"
+	[ -n "$model_id" -a ${#model_id} -eq 8 ] && opt_ext="$opt_ext -model $model_id"

 	procd_open_instance
-	if [ "$log_dect_cmbs" = "none" ]; then
-		echo "Starting dectmngr with cmbs logging disabled"
-		procd_set_param command $PROG -comname ttyH0 $opt_ext
-		rm -f $LOG_PATH/*
-	elif [ "$log_dect_cmbs" = "file" ]; then
-		echo "Starting dectmngr with cmbs logging enabled to file"
-		procd_set_param command $PROG -comname ttyH0 -log $LOG_PATH/dect-cmbs.log $opt_ext
-	else
-		echo "Starting dectmngr with cmbs logging enabled to syslog"
-		procd_set_param command $PROG -comname ttyH0 -syslog $opt_ext
-		rm -f $LOG_PATH/*
-	fi
-
+	procd_set_param command $PROG -comname ttyH0 -log $LOG_PATH/dect-cmbs.log $opt_ext
 	procd_set_param respawn 6 2 3
 	procd_set_param term_timeout 20
 	procd_set_param triggers asterisk
@@ -73,25 +51,23 @@ start_service() {
 stop_service() {
 	test $(db get hw.board.hasDect) = "0" && return

-	[ -n "$DECT_GPIO" ] && echo 0 > /sys/class/gpio/gpio${DECT_GPIO}/value
+	echo 0 > /sys/class/gpio/gpio14/value
 	stop_and_wait_dectmngr
 }

 reload_service() {
-	ubus call dect reload
+	stop_and_wait_dectmngr
+	start
 }

 service_triggers()
 {
-	procd_add_config_trigger "config.change" "asterisk" /etc/init.d/dectmngr restart
-	procd_add_config_trigger "config.change" "dect" /etc/init.d/dectmngr reload
+	procd_add_reload_trigger asterisk
 }

 boot() {
-	[ -n "$DECT_GPIO" ] && {
-		echo ${DECT_GPIO} > /sys/class/gpio/export
-		echo out > /sys/class/gpio/gpio${DECT_GPIO}/direction
-	}
+	echo 14 > /sys/class/gpio/export
+	echo out > /sys/class/gpio/gpio14/direction

 	[ ! -d $LOG_PATH ] && mkdir -p $LOG_PATH
 	[ ! -d $DB_PATH ] && mkdir -p $DB_PATH
--- a/dectmngr/files/lib/upgrade/keep.d/dect
+++ b/dectmngr/files/lib/upgrade/keep.d/dect
@@ -1 +0,0 @@
-/etc/dect/LA_DB
--- a/dslmngr/Makefile
+++ b/dslmngr/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dslmngr
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.1.1

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=bb754ae620a9fc66fd6fc0745f0fead0708c7a17
+PKG_SOURCE_VERSION:=b7aa02e86a383e2f9eedd1333b2148270daf5242
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dslmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -28,6 +28,12 @@ include $(INCLUDE_DIR)/package.mk

 ifeq ($(CONFIG_TARGET_iopsys_brcm63xx_arm),y)
  TARGET_PLATFORM=BROADCOM
+else ifeq ($(CONFIG_TARGET_iopsys_ramips),y)
+  TARGET_PLATFORM=MEDIATEK
+else ifeq ($(CONFIG_TARGET_iopsys_linksys),y)
+  TARGET_PLATFORM=MARVELL
+else ifeq ($(CONFIG_TARGET_intel_mips),y)
+  TARGET_PLATFORM=INTEL
 else
  $(info Unexpected CONFIG_TARGET)
 endif
--- a/easy-qos/Makefile
+++ b/easy-qos/Makefile
@@ -19,7 +19,7 @@ define Package/easy-qos
  SECTION:=net
  CATEGORY:=Network
  TITLE:=Easy QoS
-  DEPENDS:=@TARGET_iopsys_brcm63xx_arm
+  DEPENDS:=@(TARGET_intel_mips||TARGET_iopsys_brcm63xx_arm)
 endef

 define Package/easy-qos/description
@@ -39,7 +39,11 @@ define Package/easy-qos/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(CP) ./files/etc/config/easy_qos $(1)/etc/config/
+ifeq ($(CONFIG_TARGET_intel_mips),y)
+	$(CP) ./files/etc/init.d/easy_qos.classcfg $(1)/etc/init.d/easy_qos
+else
 	$(CP) ./files/etc/init.d/easy_qos.iptables $(1)/etc/init.d/easy_qos
+endif
 	$(CP) ./files/etc/uci-defaults/* $(1)/etc/uci-defaults/
 	$(CP) ./files/etc/firewall.easyqos $(1)/etc/firewall.easyqos
 endef
--- a/easy-qos/files/etc/init.d/easy_qos.classcfg
+++ b/easy-qos/files/etc/init.d/easy_qos.classcfg
@@ -0,0 +1,301 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+
+RULE_LIST="/tmp/easy_qos_rule.list"
+CLIENT_LIST="/tmp/easy_qos_class_client.list"
+BRIDGE_INTF=""
+
+[ -f /etc/profile.d/intel.sh ] && {
+	. /etc/profile.d/intel.sh
+	sh /etc/profile.d/intel.sh
+}
+
+log() {
+	echo "${@}"|logger -t easy_qos_class -p debug
+}
+
+exec_log() {
+	${@}
+	if [ "${?}" -ne 0 ]; then
+		log "Failed to create ${@}";
+	fi
+}
+
+exec_class_log() {
+	${@} |grep -i successful
+	if [ "${?}" -ne 0 ]; then
+		log "Failed to create ${@}";
+		return 1
+	fi
+	return 0
+}
+
+get_priority() {
+	local prio=$(echo $1|tr [A-Z] [a-z]);
+	case "${prio}" in
+		"lowest")
+			echo 8;;
+		"low")
+			echo 7;;
+		"besteffort")
+			echo 6;;
+		"normal")
+			echo 5;;
+		"video")
+			echo 4;;
+		"medium")
+			echo 3;;
+		"high")
+			echo 2;;
+		"highest")
+			echo 1;;
+	esac
+}
+
+get_mark() {
+	local prio=$(echo $1|tr [A-Z] [a-z]);
+	case "${prio}" in
+		"lowest")
+			echo "0x41/0x3df";;
+		"low")
+			echo "0x82/0x3df";;
+		"besteffort")
+			echo "0xc3/0x3df";;
+		"normal")
+			echo "0x104/0x3df";;
+		"video")
+			echo "0x145/0x3df";;
+		"medium")
+			echo "0x186/0x3df";;
+		"high")
+			echo "0x1c7/0x3df";;
+		"highest")
+			echo "0x208/0x3df";;
+	esac
+}
+
+clean_client_entries() {
+	[ -f ${CLIENT_LIST} ] && rm ${CLIENT_LIST}
+}
+
+map_client_entries() {
+	local clients ip mac host
+
+	json_load "$(ubus call router.network 'clients')"
+	json_get_keys keys
+
+	for key in ${keys};
+	do
+		json_select ${key}
+		json_get_vars ipaddr macaddr hostname
+		clients="${macaddr} ${ipaddr} ${hostname};${clients}"
+		json_select ..
+	done
+
+	json_init
+
+	IFS=";"
+	for client in ${clients};
+	do
+		macaddr=$(echo ${client} | cut -d" " -f1)
+		json_add_object "${macaddr//:/_}"
+		json_add_string "ip" "$(echo ${client} | cut -d" " -f2)"
+		json_add_string "macaddr" "$(echo ${client} | cut -d" " -f1)"
+		json_add_string "host" "$(echo ${client} | cut -d" " -f3)"
+		json_close_object
+	done
+
+	IFS=' '
+	echo `json_dump` > ${CLIENT_LIST}
+	json_cleanup
+}
+
+# Find the IP of a corresponding mac from arp table
+get_ipaddress() {
+	local clients ip mac host
+
+	json_load "$(cat ${CLIENT_LIST})"
+	json_get_keys keys
+
+	# jshn seems a bit iffy on having : in key, replace by _
+	json_select "${1//:/_}" 2 > /dev/null
+	json_get_var ip ip
+
+	echo "$ip"
+}
+
+check_and_create() {
+	iptables -t mangle -C PREROUTING ${@} 2>/dev/null
+	# Create rule if not exists
+	if [ ${?} -ne 0 ]; then
+		exec_log iptables -t mangle -A PREROUTING ${@}
+	else
+		log "Rule exists for ${@}"
+	fi
+}
+
+create_ip_rule() {
+	local proto=$1; shift
+	local src_ip=$1; shift
+	local mark=$1; shift
+	local ports=$1;
+	local cmd="";
+
+	cmd="-j EXTMARK --set-mark ${mark}";
+	if [ "${proto}" != "icmp" ]; then
+		if [ -n "${ports}" ]; then
+			cmd="--match multiport --dports ${ports} ${cmd}";
+		fi
+	fi
+
+	if [ "${proto}" == "icmp" ]; then
+		cmd="-p icmp -m icmp --icmp-type 8 $cmd"
+	elif [ "${proto}" == "all" ]; then
+		cmd="-p all $cmd"
+	else
+		cmd="-p ${proto} -m ${proto} $cmd"
+	fi
+	cmd="-s ${src_ip} $cmd"
+
+	check_and_create ${cmd}
+}
+
+is_lan_bridge() {
+	local _section=$1
+	local _type
+	local _is_lan
+
+	config_get _type "$section" "type"
+	config_get _is_lan "$section" "is_lan"
+
+	if [ "${_type}" == "bridge" -a "${_is_lan}" == "1" ]; then
+		BRIDGE_INTF="br-${_section}"
+	fi
+}
+
+get_bridge_interface() {
+	config_load network
+	config_foreach is_lan_bridge interface
+}
+
+validate_rule_section()
+{
+	uci_validate_section easy_qos rule "${1}" \
+		'priority:string' \
+		'macaddr:string' \
+		'proto:string:none' \
+		'port:list(uinteger)' \
+		'comment:string:none'
+}
+
+# Clear existing rules before applying new rules
+clear_existing_rules() {
+	# execute the delete rules written onto a file then delete the file
+	[ -f ${RULE_LIST} ] || return 0
+
+	while read line
+	do
+		log "Deleting old classification rules"
+		exec_class_log classcfg -D ${line} -i ${BRIDGE_INTF}
+	done <${RULE_LIST}
+
+	local rule=$(iptables -t mangle -S PREROUTING|grep -m 1 EXTMARK |sed 's/-A/-D/1')
+	while [ -n "${rule}" ]; do
+		exec_log iptables -t mangle ${rule}
+		rule=$(iptables -t mangle -S PREROUTING|grep -m 1 EXTMARK |sed 's/-A/-D/1')
+	done
+	sync
+
+	[ -f ${RULE_LIST} ] && rm ${RULE_LIST}
+}
+
+# classcfg -M local_dhcp -i lo -p udp --dport 67:67 --dport 68:68 -j mark --mark 1
+create_rule() {
+	local proto=$1; shift
+	local mac_addr=$1; shift
+	local mark=$1; shift
+	local ports=$1;
+	local cmd="";
+	# Rule name is uniqe, so we take hash of all the input as rule_name
+	local rule_name="$(echo ${mac_addr}${proto}${mark}${ports} |md5sum |head -c 30)"
+
+	cmd="-j mark --mark ${mark}";
+
+	if [ "${mac_addr}" != "none" ]; then
+		cmd="--smac ${mac_addr} ${cmd}";
+	fi
+
+	if [ "${proto}" != "icmp" ]; then
+		if [ "${ports}" != "none" ]; then
+			IFS=","
+			for port in ${ports};
+			do
+				cmd="--dport ${port}:${port} ${cmd}";
+			done
+			IFS=' '
+		fi
+	fi
+	if [ "${proto}" != "none" ]; then
+		cmd="-p ${proto} $cmd"
+	fi
+	cmd="-i ${BRIDGE_INTF} $cmd"
+	cmd="-A ${rule_name} $cmd"
+
+	# Store the rule_names for cleanup on reload
+	exec_class_log classcfg ${cmd}
+	[ $? -eq 0 ] && \
+		echo ${rule_name}  >> ${RULE_LIST}
+}
+
+manage_rule() {
+	local cfg="$1"
+	local priority macaddr proto port comment prio_num port_list ip ipmark
+
+	validate_rule_section "${1}" || {
+		log "Validation of section failed"
+		return 1;
+	}
+
+	prio_num=$(get_priority ${priority})
+	port_list=$(echo ${port}|sed 's/ /,/g')
+	ipmark=$(get_mark ${priority})
+	ip=$(get_ipaddress ${macaddr})
+
+	if [ -n "${prio_num}" ]; then
+		if [ "${proto}" == "none" -o "${proto}" == "tcpudp" ]; then
+			create_rule tcp ${macaddr} ${prio_num} ${port_list}
+			create_rule udp ${macaddr} ${prio_num} ${port_list}
+			if [ -n "${ip}" ]; then
+				create_ip_rule tcp ${ip} ${ipmark} ${port_list}
+				create_ip_rule udp ${ip} ${ipmark} ${port_list}
+			fi
+		else
+			create_rule ${proto} ${macaddr} ${prio_num} ${port_list}
+			if [ -n "${ip}" ]; then
+				create_ip_rule ${proto} ${ip} ${ipmark} ${port_list}
+			fi
+		fi
+	fi
+}
+
+reload_service() {
+	get_bridge_interface
+	map_client_entries
+	clear_existing_rules
+	config_load easy_qos
+	config_foreach manage_rule rule
+	clean_client_entries
+}
+
+start_service() {
+	[ -x /opt/intel/usr/sbin/classcfg ] || exit 0
+	reload_service
+	log "Easy QoS class installed"
+}
+
+service_triggers() {
+	procd_add_reload_trigger "easy_qos" "network"
+}
+
--- a/easy-qos/files/etc/init.d/easy_qos.ebtables
+++ b/easy-qos/files/etc/init.d/easy_qos.ebtables
@@ -15,7 +15,7 @@ exec_log() {
 }

 get_priority() {
-	local prio=$(echo $1|tr 'A-Z' 'a-z');
+	local prio=$(echo $1|tr [A-Z] [a-z]);
 	case "${prio}" in
 		"lowest")
 			echo 0;;
@@ -98,7 +98,7 @@ manage_rule() {
 		return 1;
 	}

-	protocol=$(echo ${proto}|tr 'A-Z' 'a-z')
+	protocol=$(echo ${proto}|tr [A-Z] [a-z])
 	prio_num=$(get_priority ${priority})
 	if [ -n "${macaddr}" -a -n "${prio_num}" ]; then
 		for p in ${port}; do
--- a/easy-qos/files/etc/init.d/easy_qos.iptables
+++ b/easy-qos/files/etc/init.d/easy_qos.iptables
@@ -19,7 +19,7 @@ exec_log() {
 }

 get_priority() {
-	local prio=$(echo $1|tr 'A-Z' 'a-z');
+	local prio=$(echo $1|tr [A-Z] [a-z]);
 	case "${prio}" in
 		"lowest")
 			echo 0;;
--- a/easy-soc-libs/Makefile
+++ b/easy-soc-libs/Makefile
@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=easy-soc-libs
-PKG_VERSION:=6.4.52
+PKG_VERSION:=6.2.33
 PKG_RELEASE:=1

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=822e9a50790970d14db254ffe3d7464709bcd3ca
+PKG_SOURCE_VERSION:=1e681f0a56a9fe8738a9eb19b8afd7961c79f23e
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/easy-soc-libs.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
--- a/easy-soc-libs/easy.mk
+++ b/easy-soc-libs/easy.mk
@@ -18,7 +18,6 @@ define Build/InstallDev/libeasy
 	$(CP) $(PKG_BUILD_DIR)/libeasy/utils.h $(1)/usr/include/easy/
 	$(CP) $(PKG_BUILD_DIR)/libeasy/if_utils.h $(1)/usr/include/easy/
 	$(CP) $(PKG_BUILD_DIR)/libeasy/debug.h $(1)/usr/include/easy/
-	$(CP) $(PKG_BUILD_DIR)/libeasy/hlist.h $(1)/usr/include/easy/
 	$(CP) $(PKG_BUILD_DIR)/libeasy/libeasy*.so* $(1)/usr/lib/
 endef

--- a/easy-soc-libs/qos.mk
+++ b/easy-soc-libs/qos.mk
@@ -16,7 +16,7 @@ endef
 define Build/InstallDev/libqos
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libqos/include/qos.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libqos/qos.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/libqos/libqos.so $(1)/usr/lib/
 endef

--- a/endptmngr/Makefile
+++ b/endptmngr/Makefile
@@ -7,18 +7,15 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=endptmngr
-PKG_VERSION:=0.7
+PKG_VERSION:=0.5

-LOCAL_DEV=0
-ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/endptmngr.git
-PKG_SOURCE_VERSION:=dc12712af8c4088f7873502ca845e51c68a1ada9
+PKG_SOURCE_VERSION:=c9a39d6e565b60e8185d3802ab831e1834543122
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
-endif

-PKG_LICENSE:=PROPRIETARY
+PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE

 export BUILD_DIR
@@ -30,7 +27,7 @@ PKG_BUILD_PARALLEL:=1
 # indirectly. This ensures that the package is rebuilt on config-changes.
 PKG_CONFIG_DEPENDS:=CONFIG_TARGET_BOARD

-export CONFIG_BRCM_SDK_VER_504021
+export CONFIG_BRCM_SDK_VER_504002
 export CONFIG_BCM_CHIP_ID

 include $(INCLUDE_DIR)/package.mk
@@ -50,16 +47,6 @@ define Package/endptmngr/description
 	endptmngr
 endef

-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        rsync -av --exclude=.* ~/git/endptmngr/* $(PKG_BUILD_DIR)/
-endef
-endif
-
-TARGET_CFLAGS += \
-        -Wall \
-        -Werror
-
 define Package/endptmngr/install
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
--- a/endptmngr/files/etc/init.d/endptmngr
+++ b/endptmngr/files/etc/init.d/endptmngr
@@ -7,8 +7,6 @@ USE_PROCD=1
 NAME=endptmngr

 start_service() {
-	[ "$(db -q get hw.board.hasVoice)" = "1" ] || return
-
 	procd_open_instance
 	procd_set_param env hw_board_hasDect=$(db get hw.board.hasDect)
 	procd_set_param command $NAME
--- a/fdtextract/Makefile
+++ b/fdtextract/Makefile
@@ -12,7 +12,7 @@ PKG_VERSION:=1.0

 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/fdtextract.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0ebaf1e7d1f09318ae75d0f475a25280742b790e
+PKG_SOURCE_VERSION:=573bf9543f8dc792b6d5dc8760cb69c64f11e932
 PKG_MIRROR_HASH:=skip

 PKG_LICENSE:=GPLv2
@@ -38,6 +38,9 @@ define Package/$(PKG_NAME)/description
 	Command to extract sub images from FIT images.
 endef

+MAKE_FLAGS += \
+	CFLAGS+="-Wall"
+
 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin

--- a/gryphon-led-module/Makefile
+++ b/gryphon-led-module/Makefile
@@ -28,7 +28,6 @@ define KernelPackage/$(PKG_NAME)
  FILES:=$(PKG_BUILD_DIR)/$(PKG_NAME).$(LINUX_KMOD_SUFFIX)
  KCONFIG:=CONFIG_PACKAGE_kmod-gryphon-led-kernel-module=y
  AUTOLOAD:=$(call AutoLoad,60,$(PKG_NAME))
-  DEPENDS:= +(TARGET_iopsys_brcm63xx_arm):bcmkernel
  PKG_LICENSE:=GPLv2
  PKG_LICENSE_URL:=
 endef
@@ -41,21 +40,6 @@ EXTRA_KCONFIG:= CONFIG_RGB_LED=m

 MODULE_INCLUDE=-I$(PKG_BUILD_DIR)

-
-ifeq ($(CONFIG_TARGET_iopsys_brcm63xx_arm),y)
-	LINUX_DIR:=$(BUILD_DIR)/bcmkernel/bcm963xx/kernel/linux-4.19
-	MODULES_SUBDIR:=lib/modules/4.19.183
-	TARGET_CROSS:=$(CONFIG_BRCM_ALT_TOOLCHAIN_BASE)/$(CONFIG_BRCM_ALT_ARM_TOOLCHAIN_TOPDIR)/bin/$(CONFIG_BRCM_ALT_ARM_TOOLCHAIN_PREFIX)-
-
-	ifeq ($(CONFIG_BCM_CHIP_ID),$(filter $(CONFIG_BCM_CHIP_ID),"63158" "6856" "6858"))
-		# These targets use a 64-bit kernel
-		LINUX_KARCH:=arm64
-		TARGET_CROSS:=$(CONFIG_BRCM_ALT_TOOLCHAIN_BASE)/$(CONFIG_BRCM_ALT_AARCH64_TOOLCHAIN_TOPDIR)/bin/$(CONFIG_BRCM_ALT_AARCH64_TOOLCHAIN_PREFIX)-
-	endif
-	# For some reason, Broadcom's kernel does not set the include paths correctly when compiling out-of-tree modules
-	EXTRA_KCPPFLAGS:="-I $(LINUX_DIR)/../bcmkernel/include -I $(LINUX_DIR)/arch/arm/mach-bcm963xx/include"
-endif
-
 define Build/Prepare
 	mkdir -p $(PKG_BUILD_DIR)/kdevlinks/
 	$(CP) -s `pwd`/src/* $(PKG_BUILD_DIR)/kdevlinks/
--- a/gryphon-led-module/src/main.c
+++ b/gryphon-led-module/src/main.c
@@ -43,15 +43,10 @@
 static ssize_t get_led_color(struct device *dev,
 		struct device_attribute *attr, char *buf)
 {
+	/* [ln] todo: dummy implementation */
 	int len;
-	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);

-	if (IS_ERR(sk9822)) {
-		printk(KERN_ERR "Platform get drvdata returned NULL\n");
-		return -EIO;
-	}
-
-	len = scnprintf(buf, PAGE_SIZE, "%02x%02x%02x\n", sk9822->led_colors[0].r, sk9822->led_colors[0].g, sk9822->led_colors[0].b);
+	len = scnprintf(buf, PAGE_SIZE, "%d\n", 123);
 	if (len <= 0) {
 		dev_err(dev, "sk9822: Invalid sprintf len: %d\n", len);
 		return -EIO;
--- a/icwmp/Config_cwmp.in
+++ b/icwmp/Config_cwmp.in
@@ -1,14 +1,23 @@
+if PACKAGE_icwmp
+
 choice
-       prompt "Select ACS sever"
-       default CWMP_ACS_MULTI
-       depends on PACKAGE_icwmp || \
-		   PACKAGE_icwmp-openssl || \
-		   PACKAGE_icwmp-wolfssl || \
-		   PACKAGE_icwmp-mbedtls
+	prompt "Select ACS sever"
+	default CWMP_ACS_MULTI

 config CWMP_ACS_MULTI
 	bool "No specific ACS, follow standard"

 config CWMP_ACS_HDM
-	bool "Select HDM as ACS server"
+	bool "HDM"
 endchoice
+
+config CWMP_DEBUG
+	bool "Compile with debug options"
+	default y
+
+config CWMP_DEVEL_DEBUG
+	bool "Compile with development debug options"
+	default n
+
+endif
+
--- a/icwmp/Makefile
+++ b/icwmp/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2022 IOPSYS Software Solutions AB
+# Copyright (C) 2020 iopsys Software Solutions AB
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,71 +8,47 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=icwmp
-PKG_VERSION:=8.4.25.10
-
-PKG_SOURCE_PROTO:=git
+PKG_VERSION:=7.4.1-2021-07-05
+PKG_FIXUP:=autoreconf
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/icwmp.git
-PKG_SOURCE_VERSION:=cb601366e6a91db532ba7d577f653a2b86c4a479
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=40b08ae2f1500a3a3c8029486c062738d4f49b67
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
-
-PKG_RELEASE=$(PKG_SOURCE_VERSION)
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)

 PKG_LICENSE:=GPLv2
-PKG_LICENSE_FILES:=LICENSE
+PKG_LICENSE_FILES:=COPYING

-PKG_FIXUP:=autoreconf
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_CWMP_ACS_MULTI \
+	CONFIG_CWMP_ACS_HDM \
+	CONFIG_CWMP_DEBUG \
+	CONFIG_CWMP_DEVEL_DEBUG
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+CWMP_REVISION=$(shell svnversion ./src/ -n|cut -f2 -d:)

 include $(INCLUDE_DIR)/package.mk

-define Package/icwmp/default
+define Package/$(PKG_NAME)
  SECTION:=utils
  CATEGORY:=Utilities
  SUBMENU:=TRx69
-  TITLE:=TR069 CWMP client
-  DEPENDS:=+libuci +libubox +libblobmsg-json +libubus +libjson-c +libcurl +mxml
+  TITLE:=CWMP client
+  DEPENDS:=+libuci +libmicroxml +libubox +jshn +libubus +libblobmsg-json +libpthread +ubusd +shflags +getopt +zlib +libjson-c +libopenssl +curl +libcurl
 endef

-TARGET_CFLAGS += \
-	-D_GNU_SOURCE \
-	"-DCWMP_REVISION=\\\"$(PKG_SOURCE_VERSION)\\\""
-
-define Package/icwmp-openssl
-  $(Package/icwmp/default)
-  TITLE += (openssl)
-  DEPENDS += +PACKAGE_icwmp-openssl:libopenssl
-  VARIANT:=openssl
+define Package/$(PKG_NAME)/description
+ A free client implementation of CWMP (TR-069) protocol
 endef

-define Package/icwmp-wolfssl
-  $(Package/icwmp/default)
-  TITLE += (wolfssl)
-  DEPENDS += +PACKAGE_icwmp-wolfssl:libwolfssl
-  CONFLICTS := icwmp-openssl
-  VARIANT:=wolfssl
+define Package/$(PKG_NAME)/config
+	source "$(SOURCE)/Config_cwmp.in"
 endef

-define Package/icwmp-mbedtls
-  $(Package/icwmp/default)
-  TITLE += (mbedtls)
-  DEPENDS += +PACKAGE_icwmp-mbedtls:libmbedtls
-  CONFLICTS := icwmp-openssl icwmp-wolfssl
-  VARIANT:=mbedtls
-  DEFAULT_VARIANT:=1
-endef
-
-ifeq ($(BUILD_VARIANT),openssl)
-CONFIGURE_ARGS += --enable-libopenssl
-endif
-
-ifeq ($(BUILD_VARIANT),wolfssl)
-CONFIGURE_ARGS += --enable-libwolfssl
-endif
-
-ifeq ($(BUILD_VARIANT),mbedtls)
-CONFIGURE_ARGS += --enable-libmbedtls
-endif
-
 USE_LOCAL=$(shell ls ./src/ 2>/dev/null >/dev/null && echo 1)
 ifneq ($(USE_LOCAL),)
 define Build/Prepare
@@ -80,29 +56,69 @@ define Build/Prepare
 endef
 endif

-define Package/icwmp/default/install
+TARGET_CFLAGS += \
+	-D_GNU_SOURCE -D_AADJ
+
+ifneq ($(CWMP_REVISION)_,_)
+ifneq ($(CWMP_REVISION),exported)
+ifneq ($(CWMP_REVISION),Unversioned directory)
+TARGET_CFLAGS += "-DCWMP_REVISION=\\\"$(CWMP_REVISION)\\\""
+TARGET_LDFLAGS += "-DCWMP_REVISION=\\\"$(CWMP_REVISION)\\\""
+endif
+endif
+endif
+
+TARGET_LDFLAGS += \
+	-Wl,-rpath-link=$(STAGING_DIR)/usr/lib
+
+CONFIGURE_ARGS += \
+	--with-uci-include-path=$(STAGING_DIR)/usr/include \
+	--with-libubox-include-path=$(STAGING_DIR)/usr/include \
+	--with-libubus-include-path=$(STAGING_DIR)/usr/include
+
+ifeq ($(CONFIG_CWMP_ACS_MULTI),y)
+CONFIGURE_ARGS += \
+	--enable-acs=multi
+endif
+
+ifeq ($(CONFIG_CWMP_ACS_HDM),y)
+CONFIGURE_ARGS += \
+	--enable-acs=hdm
+endif
+
+ifeq ($(CONFIG_CWMP_DEBUG),y)
+CONFIGURE_ARGS += \
+	--enable-debug
+endif
+
+ifeq ($(CONFIG_CWMP_DEVEL_DEBUG),y)
+CONFIGURE_ARGS += \
+	--enable-devel
+endif
+
+define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/etc/icwmpd
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
-	$(INSTALL_DIR) $(1)/etc/bbfdm/json/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
-	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
-	$(INSTALL_BIN) ./files/etc/firewall.cwmp $(1)/etc/firewall.cwmp
-	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
-	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
-	$(INSTALL_BIN) ./files/etc/icwmpd/update.sh $(1)/etc/icwmpd/update.sh
-	$(INSTALL_DATA) ./files/etc/bbfdm/json/CWMPManagementServer.json $(1)/etc/bbfdm/json/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/icwmpd $(1)/usr/sbin/
+	$(CP) ./files/* $(1)/
 endef

-Package/icwmp-openssl/install = $(Package/icwmp/default/install)
-Package/icwmp-wolfssl/install = $(Package/icwmp/default/install)
-Package/icwmp-mbedtls/install = $(Package/icwmp/default/install)
+define Package/$(PKG_NAME)/postinst
+	#!/bin/sh
+	if [ -z "$${IPKG_INSTROOT}" ]; then
+		echo "Enabling rc.d symlink for icwmpd"
+		/etc/init.d/icwmpd enable
+	fi
+	exit 0
+endef

-$(eval $(call BuildPackage,icwmp-openssl))
-$(eval $(call BuildPackage,icwmp-wolfssl))
-$(eval $(call BuildPackage,icwmp-mbedtls))
+define Package/$(PKG_NAME)/prerm
+	#!/bin/sh
+	if [ -z "$${IPKG_INSTROOT}" ]; then
+		echo "Disabling rc.d symlink for icwmpd"
+		/etc/init.d/icwmpd disable
+	fi
+	exit 0
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
--- a/icwmp/files/etc/bbfdm/json/CWMPManagementServer.json
+++ b/icwmp/files/etc/bbfdm/json/CWMPManagementServer.json
@@ -1,36 +0,0 @@
-{
-	"json_plugin_version": 1,
-	"Device.CWMPManagementServer.": {
-		"type": "object",
-		"version": "2.15",
-		"protocols": [
-			"usp"
-		],
-		"access": false,
-		"array": false,
-		"dependency": "file:/etc/config/cwmp",
-		"EnableCWMP": {
-			"type": "boolean",
-			"version": "2.15",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"usp"
-			],
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "cwmp",
-						"section": {
-							"name": "cpe"
-						},
-						"option": {
-							"name": "enable"
-						}
-					}
-				}
-			]
-		}
-	}
-}
--- a/icwmp/files/etc/config/cwmp
+++ b/icwmp/files/etc/config/cwmp
@@ -1,9 +1,11 @@
 config acs 'acs'
+	option url ''
 	option userid '' #$OUI-$SER
 	option passwd 'iopsys'
 	option periodic_inform_enable 'true'
 	option periodic_inform_interval '1800'
 	option periodic_inform_time '0001-01-01T00:00:00Z'
+	option ParameterKey ''
 	option dhcp_discovery 'enable'
 	# compression possible configs: GZIP, Deflate, Disabled
 	option compression 'Disabled'
@@ -11,15 +13,15 @@ config acs 'acs'
 	option retry_min_wait_interval '5'
 	# possible configs interval :[1000:65535]
 	option retry_interval_multiplier '2000'
+	option https_ssl_capath ''
 	option ipv6_enable '0'
 	option ip_version '4'

 config cpe 'cpe'
-	option enable '1'
+	option interface 'eth0.1'
 	option default_wan_interface 'wan'
-	option default_lan_interface 'lan'
 	option log_to_console 'disable'
-	option log_to_file 'disable'
+	option log_to_file 'enable'
 	# log_severity: INFO (Default)	
 	# log_severity possible configs: EMERG, ALERT, CRITIC ,ERROR, WARNING, NOTICE, INFO, DEBUG
 	option log_severity 'INFO'
@@ -37,7 +39,6 @@ config cpe 'cpe'
 	option exec_download '0'
 	option periodic_notify_enable '1'
 	option periodic_notify_interval '10'
-	option incoming_rule 'Port_Only'
 	
 config lwn 'lwn'
 	option enable '1'
--- a/icwmp/files/etc/firewall.cwmp
+++ b/icwmp/files/etc/firewall.cwmp
@@ -1,80 +1,21 @@
-#!/bin/sh
-
-#created by the icwmp package
-log() {
-	echo "${@}"|logger -t firewall.cwmp -p info
-}
-
-if [ ! -f "/var/state/cwmp" ]; then
-	exit 0;
-fi
-
-zone_name=$(uci -c /var/state -q get cwmp.acs.zonename)
-port=$(uci -q get cwmp.cpe.port)
-ipaddr=$(uci -c /var/state -q get cwmp.acs.ip)
-ip6addr=$(uci -c /var/state -q get cwmp.acs.ip6)
-incoming_rule=$(uci -q get cwmp.cpe.incoming_rule|tr 'A-Z' 'a-z')
-
-if [ -z "${zone_name}" ]; then
-	log "empty firewall zone name"
+#created by the icwmp package 
+zone_name=""
+port=""
+if [ "$zone_name" = "" ]; then
 	exit 0
 elif [ "$zone_name" = "icwmp" ]; then
 	iptables -nL zone_icwmp_input 2> /dev/null
 	if [ $? != 0 ]; then
-		iptables -w 1 -N zone_icwmp_input
-		iptables -w 1 -t filter -A INPUT -j zone_icwmp_input
-		iptables -w 1 -I zone_icwmp_input -p tcp --dport $port -j REJECT
+		iptables -N zone_icwmp_input
+		iptables -t filter -A INPUT -j zone_icwmp_input
+		iptables -I zone_icwmp_input -p tcp --dport $port -j REJECT
 	else			
-		iptables -w 1 -F zone_icwmp_input
-		iptables -w 1 -I zone_icwmp_input -p tcp --dport $port -j REJECT
+		iptables -F zone_icwmp_input
+		iptables -I zone_icwmp_input -p tcp --dport $port -j REJECT
 	fi			
 else
-	iptables -w 1 -F zone_icwmp_input 2> /dev/null
-	iptables -w 1 -t filter -D INPUT -j zone_icwmp_input 2> /dev/null
-	iptables -w 1 -X zone_icwmp_input 2> /dev/null
+	iptables -F zone_icwmp_input 2> /dev/null
+	iptables -t filter -D INPUT -j zone_icwmp_input 2> /dev/null
+	iptables -X zone_icwmp_input 2> /dev/null
 fi
-
-cmd="iptables -w 1 -I zone_${zone_name}_input -p tcp"
-cmd6="ip6tables -w 1 -I zone_${zone_name}_input -p tcp"
-
-# default incoming rule is Port only
-if [ -z "${incoming_rule}" ]; then
-	incoming_rule="port_only"
-fi
-
-if [ "${incoming_rule}" = "ip_only" ]; then
-	if [ -n "${ipaddr}" ]; then
-		cmd="${cmd} -s ${ipaddr}"
-		cmd6="${cmd6} -s ${ip6addr}"
-	fi
-elif [ "${incoming_rule}" = "port_only" ]; then
-	if [ -n "${port}" ]; then
-		cmd="${cmd} --dport ${port}"
-		cmd6="${cmd6} --dport ${port}"
-	fi
-else
-	if [ -n "${ipaddr}" ]; then
-		cmd="${cmd} -s ${ipaddr}"
-		cmd6="${cmd6} -s ${ip6addr}"
-	fi
-
-	if [ -n "${port}" ]; then
-		cmd="${cmd} --dport ${port}"
-		cmd6="${cmd6} --dport ${port}"
-	fi
-fi
-
-echo ${cmd}|grep -q "\-\-dport \|\-s "
-if [ "$?" -eq 0 ]; then
-	cmd="${cmd} -j ACCEPT -m comment --comment=Open_ACS_port"
-	${cmd}
-fi
-
-echo ${cmd6}|grep -q "\-\-dport \|\-s "
-if [ "$?" -eq 0 ]; then
-	cmd6="${cmd6} -j ACCEPT -m comment --comment=Open_ACS_port"
-	${cmd6}
-fi
-
-uci -c /var/state -q set cwmp.cpe.firewall_restart="init"
-uci -c /var/state -q commit cwmp
+#iptables -I FW_ZONE -p tcp -s ACS_ADDRESS --dport PORT -j ACCEPT --comment "Open ACS port"
--- a/icwmp/files/etc/hotplug.d/iface/90-icwmp
+++ b/icwmp/files/etc/hotplug.d/iface/90-icwmp
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+. /lib/functions/network.sh
+
+[ "$ACTION" == "ifup" ] || exit 0
+
+[ -f /etc/config/cwmp ] || exit 0
+
+handle_icwmp_restart() {
+	[ -f /tmp/switching_mode ] && exit 0
+	[ -f /tmp/wificontrol.txt -a -f /tmp/netmode-conf.pid ] && exit 0
+
+	[ "$INTERFACE" == "loopback" ] && exit 0
+
+	local defwan=$(uci -q get cwmp.cpe.default_wan_interface)
+	[ -n "$defwan" -a "$(uci -q get network.$defwan)" == "interface" -a "$defwan" != "$INTERFACE" ] && exit 0
+
+	local islan="$(uci -q get network.$INTERFACE.is_lan)"
+	[ "$islan" == "1" ] && exit 0
+
+	local proto="$(uci -q get network.$INTERFACE.proto)"
+	[ "$proto" == "none" ] && exit 0
+
+	local ifname="$(uci -q get network.$INTERFACE.ifname)"
+	[ "${ifname:0:1}" == "@" ] && exit 0
+
+	mkdir -p /tmp/ipv4
+
+	network_flush_cache
+
+	local previpaddr=""
+	local curipaddr=""
+	local ipaddrfile=/tmp/ipv4/$INTERFACE-ipaddr
+	previpaddr=$(cat $ipaddrfile 2>/dev/null)
+	network_get_ipaddr curipaddr $INTERFACE
+	[ -n "$curipaddr" ] && echo $curipaddr > $ipaddrfile || rm -f $ipaddrfile
+
+	local prevgateway=""
+	local curgateway=""
+	local gatewayfile=/tmp/ipv4/$INTERFACE-gateway
+	prevgateway=$(cat $gatewayfile 2>/dev/null)
+	network_get_gateway curgateway $INTERFACE
+	[ -n "$curgateway" ] && echo $curgateway > $gatewayfile || rm -f $gatewayfile
+
+	local prevsubnets=""
+	local cursubnets=""
+	local subnetsfile=/tmp/ipv4/$INTERFACE-subnets
+	prevsubnets=$(cat $subnetsfile 2>/dev/null)
+	network_get_subnets cursubnets $INTERFACE
+	[ -n "$cursubnets" ] && echo $cursubnets > $subnetsfile || rm -f $subnetsfile
+
+	local prevdnsservers=""
+	local curdnsservers=""
+	local dnsserverfile=/tmp/ipv4/$INTERFACE-dnsservers
+	prevdnsservers=$(cat $dnsserverfile 2>/dev/null)
+	network_get_dnsserver curdnsservers $INTERFACE
+	[ -n "$curdnsservers" ] && echo $curdnsservers > $dnsserverfile || rm -f $dnsserverfile
+
+	local prevdev=""
+	local curdev=""
+	local devfile=/tmp/ipv4/$INTERFACE-dev
+	prevdev=$(cat $devfile 2>/dev/null)
+	network_get_device curdev $INTERFACE
+	[ -n "$curdev" ] && echo $curdev > $devfile || rm -f $devfile
+
+	local prevopt43url=""
+	local curopt43url=""
+	local opt43urlfile=/tmp/ipv4/$INTERFACE-opt43url
+	prevopt43url=$(cat $opt43urlfile 2>/dev/null)
+	curopt43url="$(uci -P /var/state -q get cwmp.acs.dhcp_url)"
+	[ -n "$curopt43url" ] && echo $curopt43url > $opt43urlfile || rm -f $opt43urlfile
+
+	[ \
+		"$prevdev" == "$curdev" -a \
+		"$previpaddr" = "$curipaddr" -a \
+		"$prevgateway" = "$curgateway" -a \
+		"$prevsubnets" = "$cursubnets" -a \
+		"$prevdnsservers" = "$curdnsservers" \
+	] && {
+		[ "$prevopt43url" = "$curopt43url" ] &&	exit 0
+		[ -z "$prevopt43url" ] && exit 0
+	}
+
+	/etc/init.d/icwmpd reload &
+}
+
+handle_icwmp_restart
--- a/icwmp/files/etc/icwmpd/update.sh
+++ b/icwmp/files/etc/icwmpd/update.sh
@@ -1,29 +0,0 @@
-#!/bin/sh
-. /lib/functions.sh
-
-log() {
-	echo "$@" |logger -t cwmp.update -p info
-}
-
-handle_icwmp_update() {
-	local cwmp_enable
-	config_load cwmp
-
-	config_get_bool cwmp_enable cpe enable 1
-	if [ "$cwmp_enable" = "0" ]; then
-		return 0
-	fi
-
-	status="$(ubus call tr069 status |jsonfilter -qe '@.last_session.status')"
-	if [ "$status" != "running" ]; then
-		log "Trigger out of bound inform, since last inform status was failure"
-		ubus -t 10 call tr069 inform >/dev/null 2>&1
-		# Handle timeout or tr069 object not found
-		if [ "$?" -eq 7 ] || [ "$?" -eq 4 ]; then
-			log "Restarting icwmp tr069 object"
-			/etc/init.d/icwmpd restart
-		fi
-	fi
-}
-
-handle_icwmp_update $@
--- a/icwmp/files/etc/init.d/icwmpd
+++ b/icwmp/files/etc/init.d/icwmpd
@@ -1,273 +1,129 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2015-2019 iopsys Software Solutions AB

+. /lib/functions.sh
+include /lib/network
+. /usr/share/libubox/jshn.sh
+
 START=99
-STOP=00
+STOP=10

 USE_PROCD=1
 PROG="/usr/sbin/icwmpd"

-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-include /lib/network
+EXTRA_HELP="	start	[GetRPCMethods] Start icwmpd service and send GetRPCMethods"

 log() {
 	echo "${@}"|logger -t cwmp.init -p info
 }

-regenerate_ssl_link()
-{
-	local cert_dir all_file rehash
+validate_url() {
+	# SCHEMA_LIST: contain list of possible schemas that could be present in the acs url
+	# Example: SCHEMA_LIST="http https"
+	SCHEMA_LIST="http"

-	cert_dir="${1}"
-	[ ! -d "${cert_dir}" ] && return 0;
+	for schema in $SCHEMA_LIST;	do
+		dest=`echo $1 | sed 's/$schema:\/\///g' | cut -f1 -d \/ | cut -f1 -d:`
+		if [ "_$dest" != "_" ]; then
+			return 0
+		fi
+	done
+	return 1
+}

-	### Generate all ssl link for pem certicates ###
-	all_file=$(ls $cert_dir/*.pem 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in $cfile)"
-			[ -f ${cert_dir}/${rehash}.0 ] || \
-				ln -s $cfile $cert_dir/${rehash}.0
-		done
+get_acs_url() {
+	local default_acs="http://10.10.1.6:8000/openacs/acs"
+	local acs_dhcp_discovery="$(uci -q get cwmp.acs.dhcp_discovery)"
+	local url="$(uci -q get cwmp.acs.url)"
+	local dhcp_url="$(uci -P /var/state -q get cwmp.acs.dhcp_url)"
+
+	if [ "$acs_dhcp_discovery" == "enable" -a -n "$dhcp_url" -o -z "$url" ]; then
+		url="$dhcp_url"
+		log "ACS URL from DHCP server: $url"
+		[ -n "$url" ] && uci -P /var/state -q set cwmp.acs.url="$url" || url="$default_acs"
+	elif [ -n "$url" ];then
+		url="$(uci -q get cwmp.acs.url)"
+		log "ACS URL from configuration: $url"
+	else
+		url="$default_acs"
+		log "Using default ACS URL: $url"
+		[ -n "$url" ] && uci -P /var/state -q set cwmp.acs.url="$url"
 	fi

-	### Generate all ssl link for crt certicates ###
-	all_file=$(ls $cert_dir/*.crt 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in $cfile)"
-			[ -f ${cert_dir}/${rehash}.0 ] || \
-				ln -s $cfile $cert_dir/${rehash}.0
-		done
+	validate_url "$url"
+	if [ "$?" != "0" ];then
+		echo "Invalid ACS URL: $url"
+		exit 1
 	fi
 }

 enable_dhcp_option43() {
-	local wan="${1}"
+	local wan=$1
+	local discovery=0
+	case $2 in
+		enable|1) discovery=1 ;;
+	esac

 	### Ask for DHCP Option 43 only if CWMP is enabled ###
+	local enabled
+	local newreqopts=
+	local baseopts=
 	local reqopts="$(uci -q get network.$wan.reqopts)"
 	local proto="$(uci -q get network.$wan.proto)"
-	local newreqopts=""
-	local option43_present=0
-
+	local tropts="43"
+	local oldreqopts="$reqopts"
+	local ropt iopt
 	for ropt in $reqopts; do
 		case $ropt in
-			43) option43_present=1 ;;
-			*) ;;
+			43) ;;
+			*) baseopts="$baseopts $ropt" ;;
 		esac
 	done
-
-	if [ ${option43_present} -eq 1 ]; then
-		return;
-	fi
-
-	newreqopts="$reqopts 43"
-	if [ "${proto}" == "dhcp" ]; then
+	ropt=""
+	reqopts="$baseopts $tropts"
+	for ropt in $reqopts; do
+		case $ropt in
+			43) [ $discovery -eq 1 ] && newreqopts="$newreqopts $ropt" ;;
+			*) newreqopts="$newreqopts $ropt" ;;
+		esac
+	done
+	if [ $proto == "dhcp" ]; then
+		newreqopts="$(echo $newreqopts | tr ' ' '\n' | sort -n | tr '\n' ' ' | sed 's/^[ \t]*//;s/[ \t]*$//')"
+		oldreqopts="$(echo $oldreqopts | tr ' ' '\n' | sort -n | tr '\n' ' ' | sed 's/^[ \t]*//;s/[ \t]*$//')"
+		[ "$newreqopts" == "$oldreqopts" ] && return
 		uci -q set network.$wan.reqopts="$newreqopts"
 		uci commit network
 		ubus call network reload
 	fi
+	########################################################
 }

-convert_to_hex() {
-	local val=""
-	local optval="${1}"
-	OPTIND=1
-	while getopts ":" opt "-$optval"
-	do
-		temp=$(printf "%02X" "'${OPTARG:-:}")
-		val="${val}:${temp}"
-	done
+wait_for_option43() {
+	local time=$1
+	local default_wan_interface dhcp_discovery url

-	echo "${val}"
-}
+	config_get default_wan_interface cpe default_wan_interface "wan"
+	config_get dhcp_discovery acs dhcp_discovery "0"
+	config_get url acs url

-configure_send_op125() {
-	local sendopt="${1}"
-	local intf="${2}"
-	local uci="${3}"
-	local hex_oui=""
-	local hex_serial=""
-	local hex_class=""
-	local oui_len=0
-	local serial_len=0
-	local class_len=0
+	enable_dhcp_option43 $default_wan_interface $dhcp_discovery

-	if [ "${uci}" = "network" ]; then
-		local opt125="125:00:00:0D:E9"
-	else
-		local opt125="125,00:00:0D:E9"
-	fi
+	local tm=0

-	config_get oui cpe manufacturer_oui ""
-	if [ -z "${oui}" ]; then
-		oui=$(db -q get device.deviceinfo.ManufacturerOUI)
-	fi
-
-	oui=$(echo "${oui}" | tr 'a-f' 'A-F')
-
-	config_get serial cpe serial_number ""
-	if [ -z "${serial}" ]; then
-		serial=$(db -q get device.deviceinfo.SerialNumber)
-	fi
-
-	config_get class cpe product_class ""
-	if [ -z "${class}" ]; then
-		class=$(db -q get device.deviceinfo.ProductClass)
-	fi
-
-	oui_len=$(echo -n "${oui}" | wc -m)
-	serial_len=$(echo -n "${serial}" | wc -m)
-	class_len=$(echo -n "${class}" | wc -m)
-
-	if [ ${oui_len} -eq 0 ] || [ ${serial_len} -eq 0 ]; then
-		return 0
-	fi
-
-	opt125_len=$((oui_len + serial_len + class_len))
-	if [ ${class_len} -gt 0 ]; then
-		opt125_len=$((opt125_len + 6))
-	else
-		opt125_len=$((opt125_len + 4))
-	fi
-
-	hex_opt125_len=$(printf "%02X" "${opt125_len}")
-	opt125="${opt125}:${hex_opt125_len}"
-	hex_oui=$(convert_to_hex "${oui}")
-	if [ -z "${hex_oui}" ]; then
-		return 0
-	fi
-
-	hex_oui_len=$(printf "%02X" "${oui_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:01:${hex_oui_len}${hex_oui}"
-	else
-		opt125="${opt125}:04:${hex_oui_len}${hex_oui}"
-	fi
-
-	hex_serial=$(convert_to_hex "${serial}")
-	if [ -z "${hex_serial}" ]; then
-		return 0
-	fi
-
-	hex_serial_len=$(printf "%02X" "${serial_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:02:${hex_serial_len}${hex_serial}"
-	else
-		opt125="${opt125}:05:${hex_serial_len}${hex_serial}"
-	fi
-
-	if [ ${class_len} -gt 0 ]; then
-		hex_class=$(convert_to_hex "${class}")
-		if [ -z "${hex_class}" ]; then
-			return 0
-		fi
-
-		hex_class_len=$(printf "%02X" "${class_len}")
-		if [ "${uci}" = "network" ]; then
-			opt125="${opt125}:03:${hex_class_len}${hex_class}"
-		else
-			opt125="${opt125}:06:${hex_class_len}${hex_class}"
-		fi
-	fi
-
-
-	if [ "${uci}" = "network" ]; then
-		new_send_opt="$sendopt $opt125"
-		uci -q set network.$intf.sendopts="$new_send_opt"
-	else
-		uci -q add_list dhcp.$intf.dhcp_option="$opt125"
-	fi
-}
-
-enable_dnsmasq_option125() {
-	local lan="${1}"
-	local send125_present=0
-	local opt125="125,"
-
-	local proto="$(uci -q get dhcp.$lan.dhcpv4)"
-	if [ "${proto}" = "server" ]; then
-		opt_list="$(uci -q get dhcp.$lan.dhcp_option)"
-
-		for sopt in $opt_list; do
-			if [[ "$sopt" == "$opt125"* ]]; then
-				send125_present=1
+	if [ "$dhcp_discovery" == "enable" -o "$dhcp_discovery" == "1" ]
+	then
+		log "Waiting for discovery of ACS URL from dhcp server ..."
+		while [ $tm -le $time ]
+		do
+			acs_url=`uci -P /var/state -q get cwmp.acs.dhcp_url`
+			if [ "$acs_url" != "" ]
+			then
 				break
+			else
+				sleep 1
 			fi
+			tm=$((tm+1))
 		done
-
-		if [ ${send125_present} -eq 0 ]; then
-			configure_send_op125 "" "${lan}" "dhcp"
-			ubus call uci commit '{"config":"dhcp"}'
-		fi
-	fi
-}
-
-enable_disable_dhcp_option125() {
-	local wan="${1}"
-	local action="${2}"
-
-	local reqopts="$(uci -q get network.$wan.reqopts)"
-	local sendopts="$(uci -q get network.$wan.sendopts)"
-	local proto="$(uci -q get network.$wan.proto)"
-	local newreqopts=""
-	local newsendopts=""
-	local req125_present=0
-	local send125_present=0
-	local network_uci_update=0
-	local opt125="125:"
-
-	for ropt in $reqopts; do
-		case $ropt in
-			125) req125_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	for sopt in $sendopts; do
-		if [[ "$sopt" == "$opt125"* ]]; then
-			send125_present=1
-			break
-		fi
-	done
-
-	if [ "${proto}" == "dhcp" ]; then
-		if [ "${action}" == "enable" ]; then
-			if [ ${req125_present} -eq 0 ]; then
-				newreqopts="$reqopts 125"
-				uci -q set network.$wan.reqopts="$newreqopts"
-				network_uci_update=1
-			fi
-
-			if [ ${send125_present} -eq 0 ]; then
-				configure_send_op125 "${sendopts}" "${wan}" "network"
-				network_uci_update=1
-			fi
-		else
-			if [ ${req125_present} -eq 1 ]; then
-				newreqopts=$(echo ${reqopts/125/})
-				uci -q set network.$wan.reqopts="$newreqopts"
-				network_uci_update=1
-			fi
-
-			if [ ${send125_present} -eq 1 ]; then
-				for sopt in $sendopts; do
-					if [[ "$sopt" == "$opt125"* ]]; then
-						newsendopts=$(echo ${sendopts/"${sopt}"/})
-						uci -q set network.$wan.sendopts="$newreqopts"
-						network_uci_update=1
-						break
-					fi
-				done
-			fi
-		fi
-	fi
-
-	if [ ${network_uci_update} -eq 1 ]; then
-		uci commit network
-		ubus call network reload
 	fi
 }

@@ -278,236 +134,63 @@ wait_for_resolvfile() {
 	local resolvfile="$(uci -q get dhcp.@dnsmasq[0].resolvfile)"
 	[ -n "$resolvfile" ] || return

-	while [ ! -f "$resolvfile" ]; do
+	while [ ! -f $resolvfile ]; do
 		sleep 1
-		[ "$tm" -ge "$time" ] && break
+		[ $tm -ge $time ] && break
 		tm=$((tm+1))
 	done
 }

-copy_cwmp_etc_files_to_varstate() {
-	mkdir -p /var/run/icwmpd
+set_wan_interface() {
+	local l3_device=""
+	local default_wan_interface=""

-	if [ -f /etc/icwmpd/cwmp ]; then
-		uci -q -c /etc/icwmpd delete cwmp.acs
-		uci -q -c /etc/icwmpd commit cwmp
-		cp -f /etc/icwmpd/cwmp /var/state/cwmp
+	config_get default_wan_interface cpe default_wan_interface "wan"
+	json_load "$(ifstatus $default_wan_interface)"
+	json_get_var l3_device l3_device
+	if [ "$l3_device" != "" ];then
+		uci -q set cwmp.cpe.interface="$l3_device"
+		uci -q commit cwmp
 	fi
-
-	if [ -f /etc/icwmpd/icwmpd_backup_session.xml ]; then
-		cp -f /etc/icwmpd/icwmpd_backup_session.xml /var/run/icwmpd/ 2>/dev/null
-	fi
-
-	if [ -f /etc/icwmpd/dm_enabled_notify.xml ]; then
-		cp -f /etc/icwmpd/dm_enabled_notify /var/run/icwmpd/ 2>/dev/null
-	fi
-}
-
-copy_cwmp_varstate_files_to_etc() {
-	if [ -f /var/run/icwmpd/icwmpd_backup_session.xml ]; then
-		cp -f /var/run/icwmpd/icwmpd_backup_session.xml /etc/icwmpd/ 2>/dev/null
-	fi
-
-	if [ -f /var/run/icwmpd/dm_enabled_notify.xml ]; then
-		cp -f /var/run/icwmpd/dm_enabled_notify /etc/icwmpd/ 2>/dev/null
-	fi
-
-	if [ -f /var/state/cwmp ]; then
-		uci -q -c /var/state delete cwmp.sess_status
-		uci -q -c /var/state commit cwmp
-		cp -f /var/state/cwmp /etc/icwmpd/
-	fi
-
-	# move the successful custom notify import marker to persistent storage
-	if [ -f /var/run/icwmpd/icwmpd_notify_import_marker ]; then
-		cp -f /var/run/icwmpd/icwmpd_notify_import_marker /etc/icwmpd/
-	fi
-}
-
-validate_acs_section()
-{
-	uci_validate_section cwmp acs "acs" \
-		'passwd:string' \
-		'periodic_inform_enable:bool' \
-		'periodic_inform_interval:uinteger' \
-		'periodic_inform_time:string' \
-		'url:string' \
-		'dhcp_discovery:string' \
-		'dhcp_url:string' \
-		'compression:or("GZIP","Deflate","Disabled")' \
-		'retry_min_wait_interval:range(1, 65535)' \
-		'retry_interval_multiplier:range(1000, 65535)' \
-		'ipv6_enable:bool' \
-		'ssl_capath:string'
-
-}
-
-validate_cpe_section()
-{
-	uci_validate_section cwmp cpe "cpe" \
-		'interface:string' \
-		'default_wan_interface:string' \
-		'log_to_console:or("enable","disable")' \
-		'log_to_file:or("enable","disable")' \
-		'log_severity:or("EMERG", "ALERT", "CRITIC" ,"ERROR", "WARNING", "NOTICE", "INFO", "DEBUG")' \
-		'log_file_name:string' \
-		'log_max_size:uinteger' \
-		'userid:string' \
-		'passwd:string' \
-		'port:uinteger' \
-		'provisioning_code:string:""' \
-		'amd_version:range(1, 6)' \
-		'instance_mode:or("InstanceNumber","InstanceAlias")' \
-		'session_timeout:uinteger' \
-		'notification:bool' \
-		'exec_download:bool' \
-		'periodic_notify_enable:bool' \
-		'enable:bool' \
-		'periodic_notify_interval:uinteger'
-}
-
-validate_defaults() {
-	local ssl_capath
-	config_load cwmp
-
-	validate_acs_section || {
-		log "Validation of acs section failed"
-		return 1;
-	}
-
-	ssl_capath="${ssl_capath%/}"
-	# Put the cert pem file in keep list
-	if [ -d "${ssl_capath}" ]; then
-		if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then
-			echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp
-			echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp
-			echo "${ssl_capath}"'/*.0' >> /lib/upgrade/keep.d/icwmp
-		fi
-	fi
-
-	validate_cpe_section || {
-		log "Validation of cpe section failed"
-		return 1;
-	}
-
-	return 0;
-}
-
-boot() {
-	local dhcp_discovery="0"
-
-	config_load cwmp
-	config_get dhcp_discovery acs dhcp_discovery "0"
-
-	config_get wan_interface cpe default_wan_interface "wan"
-	if [ "${dhcp_discovery}" == "enable" ] || [ "${dhcp_discovery}" == "1" ]; then
-		# Set dhcp option 43 if not already configured
-		enable_dhcp_option43 "${wan_interface}"
-	fi
-
-	config_get lan_interface cpe default_lan_interface ""
-	if [ -n "${lan_interface}" ]; then
-		# Set dhcp_option 125 if not already configured
-		enable_disable_dhcp_option125 "${wan_interface}" "enable"
-		enable_dnsmasq_option125 "${lan_interface}"
-	else
-		# Remove dhcp option 125 if exists
-		enable_disable_dhcp_option125 "${wan_interface}" "disable"
-	fi
-	
-	config_get ssl_capath acs ssl_capath
-
-	if [ -n "${ssl_capath}" ]; then
-		regenerate_ssl_link "${ssl_capath}"
-	fi
-
-	start
 }

 start_service() {
-	local enable_cwmp
+	if [ ! -f /tmp/.icwmpd_boot ]; then
+		touch /etc/icwmpd/.icwmpd_boot
+		touch /tmp/.icwmpd_boot
+	else
+		[ -f /sbin/netifd ] && log "Waiting for Network to be started ..." && ubus -t 5 wait_for network.interface
+		[ -f /etc/config/wireless ] && log "Waiting for WiFi to be started ..." && ubus -t 5 wait_for network.wireless
+		[ -f /usr/sbin/dnsmasq ] && log "Waiting for DNS Proxy to be started ..." && ubus -t 5 wait_for dnsmasq
+		[ -f /etc/config/dhcp ] && log "Waiting for DNS Server(s) ..." && wait_for_resolvfile 20
+		[ -f /usr/sbin/asterisk ] && log "Waiting for Voice to be started ..." && ubus -t 5 wait_for asterisk

-	config_load cwmp
-	config_get_bool enable_cwmp cpe enable 1
+		config_load cwmp
+		set_wan_interface
+		wait_for_option43 20
+		get_acs_url

-	if [ "$enable_cwmp" = "0" ]; then
-		return 0
+		procd_open_instance icwmp
+		procd_set_param command "$PROG"
+		if [ "$1" = "GetRPCMethods" ];then
+			procd_append_param command -g
+		elif [ -f /etc/icwmpd/.icwmpd_boot ]; then
+			procd_append_param command -b
+		fi
+		procd_set_param respawn \
+			${respawn_threshold:-5} \
+			${respawn_timeout:-10} ${respawn_retry:-3}
+			
+		procd_close_instance
 	fi
-
-	[ -f /sbin/netifd ] && log "Waiting for Network to be started ..." && ubus -t 5 wait_for network.interface
-	[ -f /usr/sbin/dnsmasq ] && log "Waiting for DNS Proxy to be started ..." && ubus -t 5 wait_for dnsmasq
-	[ -f /etc/config/dhcp ] && log "Waiting for DNS Server(s) ..." && wait_for_resolvfile 20
-
-	validate_defaults || {
-		log "Validation of defaults failed"
-		return 1;
-	}
-
-	# Copy backup data so that if it restart latter on it gets the info
-	copy_cwmp_etc_files_to_varstate
-
-	procd_open_instance icwmp
-	procd_set_param command "$PROG"
-	procd_append_param command -b
-	procd_set_param respawn \
-		"${respawn_threshold:-5}" \
-		"${respawn_timeout:-10}" "${respawn_retry:-3}"
-
-	procd_set_param watch network.interface
-	procd_close_instance
-}
-
-service_stopped()
-{
-	copy_cwmp_varstate_files_to_etc
-}
-
-stop_service()
-{
-	copy_cwmp_varstate_files_to_etc
 }

 reload_service() {
-	local ret
-
-	config_load cwmp
-	config_get_bool enable_cwmp cpe enable 1
-
-	ret="0"
-	if [ "$enable_cwmp" = "0" ]; then
-		stop
-		start
-		return 0
-	fi
-
-	status="$(ubus -t 1 call tr069 status |jsonfilter -qe '@.cwmp.status')"
-	ret="$?"
-	if [ "$status" = "up" ]; then
-		ubus -t 1 call tr069 command '{"command":"reload"}'
-		ret="$?"
-	fi
-
-	if [ "$status" = "init" ] || [ "$ret" -ne "0" ]; then
-		log "Restarting CWMP client"
-		stop
-		start
-	fi
+	stop
+	start
 }

 service_triggers() {
-       procd_add_reload_trigger "cwmp"
-
-       procd_open_trigger
-               json_add_array
-                       json_add_string "" "interface.update"
-                       json_add_array
-                               json_add_array
-                                       json_add_string "" "run_script"
-                                       json_add_string "" "/etc/icwmpd/update.sh"
-                               json_close_array
-                       json_close_array
-                       json_add_int "" "2000"
-               json_close_array
-       procd_close_trigger
+	procd_add_config_trigger "config.change" "cwmp"  /etc/init.d/icwmpd reload
 }

--- a/icwmp/files/etc/uci-defaults/85-cwmp-set-userid
+++ b/icwmp/files/etc/uci-defaults/85-cwmp-set-userid
@@ -1,41 +1,32 @@
-#!/bin/sh
-
-. /lib/functions.sh
 # Copy defaults by the factory to the cwmp UCI user section.
-config_load cwmp

-# Get Manufacturer OUI.
-config_get oui cpe manufacturer_oui ""
-if [ -z "${oui}" ]; then
-	oui=$(db -q get device.deviceinfo.ManufacturerOUI)
-fi

-oui=$(echo "${oui}" | tr 'a-f' 'A-F')
+# Get factory base MAC.
+baseMac=$(db -q get hw.board.basemac)
+
+# Erase colon and space characters.
+baseMac=${baseMac//:/}
+baseMac=${baseMac// /}
+
+# Caseing and fixed length string.
+mac=$(printf "%12.12X" $((0x$baseMac)))

 # Get system serial number.
-config_get serial cpe serial_number ""
-if [ -z "${serial}" ]; then
-	serial=$(db -q get device.deviceinfo.SerialNumber)
-fi
+serial=$(db -q get hw.board.serial_number)

 # Get userid values
-config_get acs_userid acs userid ""
-config_get cpe_userid cpe userid ""
+acs_userid=$(uci -q get cwmp.acs.userid)
+cpe_userid=$(uci -q get cwmp.cpe.userid)

 # Only set if they are empty
-if [ -z "${acs_userid}" ]; then
-    uci -q set cwmp.acs.userid="${oui}-${serial}"
+if [ -z "$acs_userid" ]
+then
+    uci -q set cwmp.acs.userid="${mac:0:6}-${serial}"
 fi

-if [ -z "${cpe_userid}" ]; then
-    uci -q set cwmp.cpe.userid="${oui}-${serial}"
-fi
-
-# Fix the cwmp.cpe.enable parameter
-# set default to 1 if not defined
-config_get enable_cwmp cpe enable ""
-if [ -z "${enable_cwmp}" ]; then
-    uci -q set cwmp.cpe.enable="1"
+if [ -z "$cpe_userid" ]
+then
+    uci -q set cwmp.cpe.userid="${mac:0:6}-${serial}"
 fi

 # No need for commit here, it is done by uci_apply_defaults().
--- a/icwmp/files/etc/uci-defaults/90-icwmp-set-dhcp-reqopts
+++ b/icwmp/files/etc/uci-defaults/90-icwmp-set-dhcp-reqopts
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+set_cwmp_reqopts() {
+	### Ask for DHCP Option 43 only if CWMP is enabled ###
+	local wan=$(uci -q get cwmp.cpe.default_wan_interface)
+	local dhcp_discovery=$(uci -q get cwmp.acs.dhcp_discovery)
+	local discovery=0
+	case $dhcp_discovery in
+		enable|1) discovery=1 ;;
+	esac
+
+	local newreqopts=
+	local baseopts=
+	local reqopts="$(uci -q get network.$wan.reqopts)"
+	local proto="$(uci -q get network.$wan.proto)"
+	local tropts="43"
+	local oldreqopts="$reqopts"
+	local ropt iopt
+	for ropt in $reqopts; do
+		case $ropt in
+			43) ;;
+			*) baseopts="$baseopts $ropt" ;;
+		esac
+	done
+	ropt=""
+	reqopts="$baseopts $tropts"
+	for ropt in $reqopts; do
+		case $ropt in
+			43) [ $discovery -eq 1 ] && newreqopts="$newreqopts $ropt" ;;
+			*) newreqopts="$newreqopts $ropt" ;;
+		esac
+	done
+	if [ "$proto" == "dhcp" ]; then
+		newreqopts="$(echo $newreqopts | tr ' ' '\n' | sort -n | tr '\n' ' ' | sed 's/^[ \t]*//;s/[ \t]*$//')"
+		oldreqopts="$(echo $oldreqopts | tr ' ' '\n' | sort -n | tr '\n' ' ' | sed 's/^[ \t]*//;s/[ \t]*$//')"
+		[ "$newreqopts" == "$oldreqopts" ] && return
+		uci -q set network.$wan.reqopts="$newreqopts"
+		uci commit network
+	fi
+}
+
+regenerate_ssl_link(){
+	local cert_dir="/etc/ssl/certs"
+	local all_file=$(ls $cert_dir/*.pem)
+	for cfile in $all_file
+	do
+		ln -s $cfile $cert_dir/$(openssl x509 -hash -noout -in $cfile).0
+	done
+}
+
+set_cwmp_reqopts
+regenerate_ssl_link
--- a/icwmp/files/lib/upgrade/keep.d/icwmp
+++ b/icwmp/files/lib/upgrade/keep.d/icwmp
@@ -1,2 +1 @@
-/var/run/icwmpd/icwmpd_backup_session.xml
-/etc/icwmpd/cwmp
+/etc/icwmpd/.icwmpd_backup_session.xml
--- a/icwmp/files/lib/upgrade/post-rootfs-fixup.d/215-icwmp
+++ b/icwmp/files/lib/upgrade/post-rootfs-fixup.d/215-icwmp
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# As part of sysupgrade we copy CWMP Backup Session XML file.
+
+
+# Abort on any error.
+set -e
+
+
+# Do nothing if user want to discard old settings.
+if [ -n "$SAVE_CONFIG" ] && [ $SAVE_CONFIG -eq 0 ]; then
+	exit 0
+fi
+
+# Source functions.
+for f in /lib/upgrade/iopsys*.sh; do
+	[ -r "$f" -a -s "$f" ] || continue
+	source $f
+done
+
+
+if [ -s "${2}/etc/icwmpd/.icwmpd_backup_session.xml" ]; then
+	cat "${2}/etc/icwmpd/.icwmpd_backup_session.xml" > "/etc/icwmpd/.icwmpd_backup_session.xml"
+fi
+
+# Report success.
+log "post-hooks" "CWMP Backup Session XML file migrated"
+
+exit 0
--- a/ieee1905/Config.in
+++ b/ieee1905/Config.in
@@ -6,9 +6,5 @@ config IEEE1905_EXTENSION_ALLOWED
 	bool "Allow plugins to extend 1905 CMDUs and/or TLVs"
 	default y

-config IEEE1905_PLATFORM_HAS_WIFI
-	bool "Platform has WiFi"
-	default y if PACKAGE_libwifi
-
 endmenu
 endif
--- a/ieee1905/Config.map-plugin.in
+++ b/ieee1905/Config.map-plugin.in
@@ -1,14 +0,0 @@
-if (PACKAGE_map-plugin)
-
-menu "Configurations"
-
-config MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG
-	bool "Sync configuration between dynamic controllers in the network"
-	default n
-
-config MULTIAP_FUZZ_1905_CMDUS
-	bool "Include support to fuzz 1905 CMDUs for testing purpose"
-	default n
-
-endmenu
-endif
--- a/ieee1905/Makefile
+++ b/ieee1905/Makefile
@@ -1,16 +1,16 @@
 #
-# Copyright (C) 2021-2022 IOPSYS
+# Copyright (C) 2021 IOPSYS
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=ieee1905
-PKG_VERSION:=4.10.28
+PKG_VERSION:=3.3.2

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=e10385f117bc20a8d16f1b57ad4f86d4a98552c0
+PKG_SOURCE_VERSION:=b7c3f2b45ff232415d32eb97badeb43845ae878d
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -37,30 +37,26 @@ endef
 define Package/libieee1905
 $(call Package/ieee1905/Default,$(1))
  TITLE+= (library for CMDU and TLV handling)
-  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
+  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl +libwifi \
 	   +libjson-c +libblobmsg-json
 endef

 define Package/ieee1905
 $(call Package/ieee1905/Default,$(1))
  TITLE+= ieee1905d (daemon implementing 1905.1 and provides cli)
-  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-	   +libjson-c +libblobmsg-json +ubus +libpthread \
-	   +libieee1905 +IEEE1905_PLATFORM_HAS_WIFI:libwifi
+  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl +libwifi \
+	   +libjson-c +libblobmsg-json +libwifi +ubus +libpthread \
+	   +libnl-genl +libieee1905
 endef


 define Package/map-plugin
 $(call Package/ieee1905/Default,$(1))
  TITLE:=Multi-AP (Easymesh) plugin
-  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
+  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl +libwifi \
 	   +libjson-c +libblobmsg-json +ieee1905 +libieee1905
 endef

-define Package/map-plugin/config
-  source "$(SOURCE)/Config.map-plugin.in"
-endef
-
 define Package/ieee1905/description
 This package provides IEEE Std 1905.1 stack.
 endef
@@ -74,15 +70,6 @@ TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include/libnl3 \
 	-D_GNU_SOURCE

-ifeq ($(CONFIG_IEEE1905_PLATFORM_HAS_WIFI),y)
-TARGET_CFLAGS += -DHAS_WIFI
-endif
-
-ifeq ($(CONFIG_MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG),y)
-TARGET_CFLAGS += -DDYNAMIC_CNTLR_SYNC_CONFIG
-endif
-
-
 MAKE_PATH:=src


@@ -111,9 +98,8 @@ define Build/InstallDev/map-plugin
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
-	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/map2.h $(1)/usr/include/map2.h
-	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/map_module.h $(1)/usr/include/map_module.h
-	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/cntlrsync.h $(1)/usr/include/cntlrsync.h
+	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/map2.h $(1)/usr/include/map22.h
+	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/map_module.h $(1)/usr/include/map_module22.h
 	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/map.so $(1)/usr/lib/ieee1905/map.so
 	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/libmaputil.so $(1)/usr/lib/libmaputil.so
 endef
@@ -124,12 +110,10 @@ define Build/InstallDev/libieee1905
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
 	$(CP) $(PKG_BUILD_DIR)/src/cmdu.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/src/cmdu_ackq.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/1905_tlvs.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/i1905_wsc.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/bufutil.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/timer_impl.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/src/i1905_extension.h $(1)/usr/include/
 	$(CP) $(PKG_BUILD_DIR)/src/libmidgen.so $(1)/usr/lib/
 	$(CP) $(PKG_BUILD_DIR)/src/libieee1905.so $(1)/usr/lib/
 endef
@@ -139,11 +123,6 @@ define Build/InstallDev
 	$(call Build/InstallDev/map-plugin,$(1),$(2))
 endef

-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        rsync -r --exclude=.* ~/git/ieee1905/ $(PKG_BUILD_DIR)/
-endef
-endif

 $(eval $(call BuildPackage,ieee1905))
 $(eval $(call BuildPackage,libieee1905))
--- a/ieee1905/files/etc/config/ieee1905
+++ b/ieee1905/files/etc/config/ieee1905
@@ -3,24 +3,20 @@ config ieee1905 'ieee1905'
 	option extension '1'
 	list extmodule 'map'
 	option registrar '2 5'
-#	option macaddress '0a:1b:2c:3d:4e:50'

-config al-iface
-	option enabled '1'
-	option ifname 'br-lan'
-	option type 'bridge'
-
-# ap sections are auto-generated/overwritten during onboarding
-#
 config ap
 	option band '2'
-	option ssid 'IOWRT-2.4GHz'
-	option encryption 'sae-mixed'
-	option key '1234567890'
+	option ssid 'TestSSID.2'
+	option encryption 'psk2'
+	option key '5555500000'

 config ap
 	option band '5'
-	option ssid 'IOWRT-5GHz'
-	option encryption 'sae-mixed'
-	option key '1234567890'
+	option ssid 'TestSSID.5'
+	option encryption 'psk2'
+	option key '2222200000'

+config al-iface
+	option enabled 1
+	option ifname 'br-lan'
+	option type 'bridge'
--- a/ieee1905/files/etc/init.d/ieee1905
+++ b/ieee1905/files/etc/init.d/ieee1905
@@ -5,82 +5,7 @@ STOP=21

 USE_PROCD=1

-IS_CFG_VALID=1
-
-validate_ieee1905_section() {
-	uci_validate_section ieee1905 ieee1905 "ieee1905" \
-			'enabled:bool:true' \
-			'macaddress:or("auto",macaddr)' \
-			'registrar:string' \
-			'extension:bool:false' \
-			'extmodule:list(string)' \
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "ieee1905" "Validation of ieee1905 section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_ali_section() {
-	local section="$1"
-
-	uci_validate_section ieee1905 $section "${1}" \
-			'ifname:string' \
-			'type:or("bridge",string)'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "ieee1905" "Validation of al-iface section $section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_ap_section() {
-	local section="$1"
-
-	uci_validate_section ieee1905 $section "${1}" \
-			'band:or("2", "5", "60")' \
-			'ssid:string' \
-			'encryption:or("psk2", "sae-mixed", "sae", string)' \
-			'key:string' \
-			'uuid:string' \
-			'manufacturer:string' \
-			'model_name:string' \
-			'device_name:string' \
-			'model_number:string' \
-			'serial_number:string' \
-			'device_type:string' \
-			'os_version:uinteger'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "ieee1905" "Validation of ap section $section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_ieee1905_config() {
-	IS_CFG_VALID=1
-
-	validate_ieee1905_section &&
-		config_foreach validate_ali_section "al-iface" &&
-		config_foreach validate_ap_section ap
-
-	[ "$IS_CFG_VALID" -ne 1 ] && {
-		logger -s -t "ieee1905" "Validation of ieee1905 UCI file failed"
-		return 1
-	}
-	return 0
-}
-
 start_service() {
-	config_load "ieee1905"
-	validate_ieee1905_config || return 1;
-
 	procd_open_instance
        procd_set_param command "/usr/sbin/ieee1905d"
 	procd_set_param respawn
--- a/ieee1905/files/etc/uci-defaults/30-set-ieee1905-al-macaddr
+++ b/ieee1905/files/etc/uci-defaults/30-set-ieee1905-al-macaddr
@@ -1,22 +0,0 @@
-#!/bin/sh
-
-
-BMAC=$(db -q get hw.board.basemac)
-BMAC=${BMAC//:/}
-BMAC=${BMAC// /}
-BMAC=$(printf "%12.12X" $((0x$BMAC)))
-
-[ "$BMAC" == "" ] && exit 1
-
-LMAC=$((0x$BMAC & 0xfeffffffffff))
-LMAC=$(($LMAC | 0x020000000000))
-LMAC=$(printf "%12.12X" $LMAC)
-LMAC=$(echo $LMAC | sed -e 's/[0-9A-F]\{2\}/&:/g' -e 's/:$//')
-
-mac=$(uci -q get ieee1905.ieee1905.macaddress)
-
-[ "$mac" != "" ] && exit 0
-
-uci set ieee1905.ieee1905.macaddress="$LMAC"
-uci commit ieee1905
-
--- a/ieee1905/files/etc/uci-defaults/31-ifname-list-to-option
+++ b/ieee1905/files/etc/uci-defaults/31-ifname-list-to-option
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-config_load ieee1905
-
-list_to_ifname() {
-	local section=$1
-
-	config_get ifname $section ifname	# get list as space separated values
-
-	uci del ieee1905.${section}.ifname	# delete entry
-	uci set ieee1905.${section}.ifname="$ifname"	# writeback entry as option
-}
-
-config_foreach list_to_ifname al-iface
-
--- a/inbd/Makefile
+++ b/inbd/Makefile
@@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=inbd
-PKG_VERSION:=1.2.3
+PKG_VERSION:=1.2.2
 PKG_RELEASE:=1

-PKG_SOURCE_VERSION:=d4e910a31039e0c0b7a539311eafcd716c36be77
+PKG_SOURCE_VERSION:=10f765f3d0fcc226b6ecf0c481598c9e7f76315e
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/inbd
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)-$(PKG_SOURCE_VERSION).tar.gz
--- a/iop/Config.in
+++ b/iop/Config.in
@@ -1,7 +0,0 @@
-config TARGET_VERSION
-	string
-	prompt "Software Version"
-
-config TARGET_CUSTOMER
-	string
-	prompt "Customer ID"
--- a/iop/Makefile
+++ b/iop/Makefile
@@ -24,10 +24,6 @@ define Package/iop/description
 	This package contains iopsysWrt SDK utilities
 endef

-define Package/iop/config
-	source "$(SOURCE)/Config.in"
-endef
-
 define Build/Compile
 	true
 endef
--- a/iop/config
+++ b/iop/config
@@ -1,139 +1,33 @@
-############
-# Generic #
-##########
-
-# Build #
-CONFIG_BUILD_LOG=y
+CONFIG_BUILD_NLS=y
+CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_CCACHE=y
 CONFIG_DEBUG=y
 CONFIG_DEVEL=y
-# CONFIG_USE_SSTRIP is not set
-CONFIG_USE_STRIP=y
-# CONFIG_SIGNED_PACKAGES is not set
-
-# Image #
-CONFIG_TARGET_CUSTOMER="IOPSYS"
-CONFIG_TARGET_ROOTFS_TARGZ=y
-
-# /etc/banner and /etc/device_info #
-CONFIG_IMAGEOPT=y
-CONFIG_VERSIONOPT=y
-CONFIG_VERSION_MANUFACTURER="iopsysWrt"
-CONFIG_VERSION_MANUFACTURER_URL="https://iopsys.eu/"
-
-# /lib/preinit #
-CONFIG_PREINITOPT=y
-# CONFIG_TARGET_PREINIT_SUPPRESS_STDERR is not set
-CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y
-CONFIG_TARGET_PREINIT_TIMEOUT=1
-# CONFIG_TARGET_PREINIT_SHOW_NETMSG is not set
-# CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG is not set
-CONFIG_TARGET_PREINIT_IFNAME=""
-CONFIG_TARGET_PREINIT_IP=""
-CONFIG_TARGET_PREINIT_NETMASK=""
-CONFIG_TARGET_PREINIT_BROADCAST=""
-
-# Mirror #
-CONFIG_LOCALMIRROR="https://download.iopsys.eu/iopsys/mirror/"
-
-
-##################
-# IOWRT Add-ons #
-################
-
-# EasySoC HAL #
-CONFIG_PACKAGE_inbd=y
-CONFIG_PACKAGE_libwifi=y
-CONFIG_PACKAGE_peripheral_manager=y
-CONFIG_PACKAGE_port-management=y
-CONFIG_PACKAGE_wifimngr=y
-
-# Multi-AP #
-CONFIG_PACKAGE_ieee1905=y
-CONFIG_PACKAGE_map-topology=y
-CONFIG_PACKAGE_wfadatad-collector=y
-
-# Network #
-CONFIG_PACKAGE_netmode=y
-CONFIG_PACKAGE_owsd=m
-CONFIG_PACKAGE_urlfilter=y
-
-# System #
-CONFIG_PACKAGE_imonitor=m
-CONFIG_PACKAGE_questd=y
-CONFIG_PACKAGE_rulengd=y
-
-# TR-x69 #
-CONFIG_PACKAGE_uspd-mbedtls=y
-CONFIG_PACKAGE_icwmp-mbedtls=y
-CONFIG_PACKAGE_obuspa=y
-CONFIG_PACKAGE_bulkdata=y
-CONFIG_PACKAGE_periodicstats=y
-CONFIG_PACKAGE_stunc-mbedtls=m
-CONFIG_PACKAGE_swmodd=m
-CONFIG_PACKAGE_twamp=m
-CONFIG_PACKAGE_udpecho-client=m
-CONFIG_PACKAGE_udpecho-server=m
-CONFIG_PACKAGE_xmppc=m
-
-# WebGUI #
-CONFIG_PACKAGE_sulu=y
-
-
-############
-# Network #
-##########
-
-# Protocols #
 CONFIG_PACKAGE_6in4=y
 CONFIG_PACKAGE_6rd=y
 CONFIG_PACKAGE_6to4=y
+CONFIG_PACKAGE_at=y
+CONFIG_PACKAGE_atftp=m
+CONFIG_PACKAGE_atftpd=m
+CONFIG_PACKAGE_bulkdata=y
 CONFIG_PACKAGE_chat=y
 CONFIG_PACKAGE_comgt=y
 CONFIG_PACKAGE_comgt-directip=y
 CONFIG_PACKAGE_comgt-ncm=y
-CONFIG_PACKAGE_ds-lite=y
-CONFIG_PACKAGE_gre=y
-CONFIG_PACKAGE_map=y
-CONFIG_PACKAGE_ntfs-3g=y
-CONFIG_PACKAGE_ntpd=y
-CONFIG_PACKAGE_odhcp6c=y
-CONFIG_PACKAGE_odhcpd=y
-CONFIG_PACKAGE_ppp-mod-pppoa=y
-CONFIG_PACKAGE_ppp-mod-pppoe=y
-CONFIG_PACKAGE_ppp-mod-pppol2tp=y
-CONFIG_PACKAGE_ppp-mod-pptp=y
-CONFIG_PACKAGE_ppp-multilink=y
-# CONFIG_PACKAGE_ppp is not set
-CONFIG_PACKAGE_relayd=y
-CONFIG_PACKAGE_umbim=y
-CONFIG_PACKAGE_uqmi=y
-CONFIG_PACKAGE_wwan=y
-CONFIG_PACKAGE_xl2tpd=y
-
-# Services #
-CONFIG_PACKAGE_atftp=m
-CONFIG_PACKAGE_atftpd=m
 CONFIG_PACKAGE_ddns-scripts=y
-CONFIG_PACKAGE_miniupnpd=y
+CONFIG_PACKAGE_ds-lite=y
+CONFIG_PACKAGE_ethtool=y
+CONFIG_PACKAGE_getopt=y
+CONFIG_PACKAGE_glib2=y
+CONFIG_PACKAGE_gre=y
+CONFIG_PACKAGE_icwmp=y
+CONFIG_PACKAGE_ieee1905=y
+CONFIG_PACKAGE_map-topology=y
 CONFIG_PACKAGE_mosquitto-client-ssl=y
 CONFIG_PACKAGE_mosquitto-ssl=y
-CONFIG_PACKAGE_nginx=y
-CONFIG_PACKAGE_openvpn-easy-rsa=y
-CONFIG_PACKAGE_openvpn-openssl=y
-CONFIG_OPENVPN_openssl_ENABLE_IPROUTE2=y
-# CONFIG_PACKAGE_qos-scripts is not set
-CONFIG_PACKAGE_rdnssd=y
-CONFIG_PACKAGE_vsftpd-tls=m
-
-# Tools and Utilities #
-CONFIG_PACKAGE_curl=y
-CONFIG_PACKAGE_libcurl=y
-CONFIG_LIBCURL_CRYPTO_AUTH=y
-# CONFIG_LIBCURL_MBEDTLS is not set
-CONFIG_LIBCURL_OPENSSL=y
-CONFIG_PACKAGE_ethtool=y
-CONFIG_PACKAGE_ip-bridge=y
+CONFIG_PACKAGE_wfadatad=y
+CONFIG_PACKAGE_imonitor=m
+CONFIG_PACKAGE_inbd=y
 CONFIG_PACKAGE_ip-full=y
 CONFIG_PACKAGE_iperf3=y
 CONFIG_PACKAGE_ipset=y
@@ -141,67 +35,73 @@ CONFIG_PACKAGE_iptables=y
 CONFIG_PACKAGE_iptables-mod-conntrack-extra=y
 CONFIG_PACKAGE_iptables-mod-filter=y
 CONFIG_PACKAGE_iptables-mod-ipopt=y
-CONFIG_PACKAGE_ndisc6=y
-CONFIG_PACKAGE_rdisc6=y
-CONFIG_PACKAGE_resolveip=y
-CONFIG_PACKAGE_tcpdump=y
-CONFIG_PACKAGE_traceroute6=y
-
-
-############
-# System  #
-##########
-
-CONFIG_PACKAGE_at=y
-CONFIG_PACKAGE_getopt=y
 # CONFIG_PACKAGE_iwatchdog is not set
 CONFIG_PACKAGE_jq=y
-CONFIG_PACKAGE_libustream-openssl=y
-# CONFIG_PACKAGE_libustream-wolfssl is not set
+CONFIG_PACKAGE_libreswan=m
+CONFIG_PACKAGE_libwifi=y
 CONFIG_PACKAGE_lscpu=y
-CONFIG_PACKAGE_nand-utils=y
-CONFIG_PACKAGE_openssl-util=y
-CONFIG_OPENSSL_WITH_COMPRESSION=y
-CONFIG_PACKAGE_rpcd=y
-CONFIG_PACKAGE_rpcd-mod-rpcsys=y
-CONFIG_PACKAGE_rpcd-mod-rrdns=y
-CONFIG_PACKAGE_strace=y
-CONFIG_PACKAGE_terminfo=y
-CONFIG_PACKAGE_uledd=y
-# The urandom-seed package is very strange. It seeds urandom with urandom...
-# Disable it. Most SoCs nowadays has HW random generators anyway.
-# CONFIG_PACKAGE_urandom-seed is not set
-# CONFIG_PACKAGE_urngd is not set
-CONFIG_PACKAGE_usb-modeswitch=y
-CONFIG_PACKAGE_uuidgen=y
-CONFIG_PACKAGE_zoneinfo-core=y
-CONFIG_PACKAGE_zoneinfo-europe=y
-
-
-################
-# LuCI WebGUI #
-##############
-
-# BEGIN: luci-nginx metapackage with some changes
-# We do not want libiwinfo-lua on non-WiFi targets, but it is already
-# depended on by other luci-packages, so no need to take it in explicitly
-CONFIG_PACKAGE_luci-mod-admin-full=y
-CONFIG_PACKAGE_luci-app-firewall=y
-CONFIG_PACKAGE_luci-app-opkg=y
-CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-proto-ipv6=y
+CONFIG_PACKAGE_luci-nginx=y
 # CONFIG_LUCI_JSMIN is not set
 # CONFIG_LUCI_CSSTIDY is not set
 CONFIG_PACKAGE_luci-mod-dashboard=y
 CONFIG_PACKAGE_luci-theme-openwrt-2020=y
-CONFIG_PACKAGE_nginx-mod-luci=y
-
-
-############
-# BusyBox #
-##########
-
-CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_PACKAGE_map=y
+CONFIG_PACKAGE_miniupnpd=y
+CONFIG_PACKAGE_mwan3=y
+CONFIG_PACKAGE_nand-utils=y
+CONFIG_PACKAGE_ndisc6=y
+CONFIG_PACKAGE_netmode=y
+CONFIG_PACKAGE_ntfs-3g=y
+CONFIG_PACKAGE_ntpd=y
+CONFIG_PACKAGE_obuspa=y
+CONFIG_PACKAGE_odhcp6c=y
+CONFIG_PACKAGE_odhcpd=y
+CONFIG_PACKAGE_openssl-util=y
+CONFIG_OPENSSL_WITH_COMPRESSION=y
+CONFIG_PACKAGE_openvpn-easy-rsa=y
+CONFIG_PACKAGE_openvpn-openssl=y
+CONFIG_PACKAGE_owsd=y
+CONFIG_PACKAGE_periodicstats=y
+CONFIG_PACKAGE_peripheral_manager=y
+CONFIG_PACKAGE_port-management=y
+CONFIG_PACKAGE_ppp-mod-pppoa=y
+CONFIG_PACKAGE_ppp-mod-pppoe=y
+CONFIG_PACKAGE_ppp-mod-pppol2tp=y
+CONFIG_PACKAGE_ppp-mod-pptp=y
+CONFIG_PACKAGE_ppp-multilink=y
+# CONFIG_PACKAGE_ppp is not set
+# CONFIG_PACKAGE_qos-scripts is not set
+CONFIG_PACKAGE_questd=y
+CONFIG_PACKAGE_rdisc6=y
+CONFIG_PACKAGE_rdnssd=y
+CONFIG_PACKAGE_relayd=y
+CONFIG_PACKAGE_resolveip=y
+CONFIG_PACKAGE_rpcd=y
+CONFIG_PACKAGE_rpcd-mod-rpcsys=y
+CONFIG_PACKAGE_rulengd=y
+CONFIG_PACKAGE_strace=y
+CONFIG_PACKAGE_sulu=y
+CONFIG_PACKAGE_swmodd=m
+CONFIG_PACKAGE_tcpdump=y
+CONFIG_PACKAGE_terminfo=y
+CONFIG_PACKAGE_traceroute6=y
+CONFIG_PACKAGE_uledd=y
+CONFIG_PACKAGE_umbim=y
+CONFIG_PACKAGE_uqmi=y
+CONFIG_PACKAGE_urlfilter=y
+CONFIG_PACKAGE_usb-modeswitch=y
+CONFIG_PACKAGE_uspd=y
+CONFIG_PACKAGE_vsftpd-tls=m
+CONFIG_PACKAGE_wwan=y
+CONFIG_PACKAGE_wifimngr=y
+CONFIG_PACKAGE_uuidgen=y
+CONFIG_PACKAGE_xl2tpd=y
+CONFIG_PACKAGE_zoneinfo-core=y
+CONFIG_PACKAGE_zoneinfo-europe=y
+CONFIG_TARGET_CUSTOMER="IOPSYS"
+# CONFIG_USE_SSTRIP is not set
+CONFIG_USE_STRIP=y
+CONFIG_BUILD_LOG=y
 CONFIG_BUSYBOX_CONFIG_ADDUSER=y
 CONFIG_BUSYBOX_CONFIG_ARPING=y
 CONFIG_BUSYBOX_CONFIG_ASH_IDLE_TIMEOUT=y
@@ -221,7 +121,6 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_MODUTILS_ALIAS=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_MODUTILS_SYMBOLS=y
 CONFIG_BUSYBOX_CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
 CONFIG_BUSYBOX_CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
-# CONFIG_BUSYBOX_CONFIG_IP is not set
 CONFIG_BUSYBOX_CONFIG_LAST_SYSTEM_ID=999
 CONFIG_BUSYBOX_CONFIG_LOGIN=y
 # CONFIG_BUSYBOX_CONFIG_LSMOD is not set
@@ -285,3 +184,38 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_SQUASHFS=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_UBIFS=y
 CONFIG_BUSYBOX_CONFIG_TIMEOUT=y
 CONFIG_BUSYBOX_CONFIG_NOHUP=y
+CONFIG_LIBCURL_CRYPTO_AUTH=y
+# CONFIG_LIBCURL_MBEDTLS is not set
+CONFIG_LIBCURL_OPENSSL=y
+CONFIG_OPENVPN_openssl_ENABLE_IPROUTE2=y
+# CONFIG_SIGNED_PACKAGES is not set
+CONFIG_KERNEL_DEVTMPFS=y
+CONFIG_KERNEL_DEVTMPFS_MOUNT=y
+# CONFIG_BUSYBOX_CONFIG_IP is not set
+CONFIG_LOCALMIRROR="https://download.iopsys.eu/iopsys/mirror/"
+
+# Generation of /etc/banner.
+CONFIG_IMAGEOPT=y
+CONFIG_VERSIONOPT=y
+CONFIG_VERSION_MANUFACTURER="iopsysWrt"
+CONFIG_VERSION_MANUFACTURER_URL="https://iopsys.eu/"
+
+# Disable as much as possible of OpenWrt messy "pre-init" stuff.
+CONFIG_PREINITOPT=y
+# CONFIG_TARGET_PREINIT_SUPPRESS_STDERR is not set
+CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y
+CONFIG_TARGET_PREINIT_TIMEOUT=1
+# CONFIG_TARGET_PREINIT_SHOW_NETMSG is not set
+# CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG is not set
+CONFIG_TARGET_PREINIT_IFNAME=""
+CONFIG_TARGET_PREINIT_IP=""
+CONFIG_TARGET_PREINIT_NETMASK=""
+CONFIG_TARGET_PREINIT_BROADCAST=""
+
+# Generate rootfs tar file
+CONFIG_TARGET_ROOTFS_TARGZ=y
+
+# The urandom-seed package is very strange. It seeds urandom with urandom...
+# Disable it. Most SoCs nowadays has HW random generators anyway.
+# CONFIG_PACKAGE_urandom-seed is not set
+# CONFIG_PACKAGE_urngd is not set
--- a/iop/scripts/feeds_update.sh
+++ b/iop/scripts/feeds_update.sh
@@ -14,7 +14,7 @@ function feeds_update {
    done


-    git remote -v | grep -qE '(git@|ssh://)' && developer=1
+    git remote -v | grep -q http || developer=1

    cp .config .genconfig_config_bak

@@ -32,7 +32,8 @@ function feeds_update {
    fi

    # targets need to be installed explicitly
-    for target in $(ls ./feeds/targets)
+    targets="iopsys-brcm63xx-arm iopsys-ramips intel_mips iopsys-x86 iopsys-armvirt iopsys-bcm27xx iopsys-mediatek iopsys-econet"
+    for target in $targets
    do
 	rm -f target/linux/$target
 	./scripts/feeds install -p targets $target
--- a/iop/scripts/genconfig.sh
+++ b/iop/scripts/genconfig.sh
@@ -5,6 +5,7 @@ function genconfig {
 	export IMPORT=1
 	export SRCTREEOVERR=0
 	export FILEDIR="files/"
+	export THEMEDIR="tmp/juci-themes"
 	CURRENT_CONFIG_FILE=".current_config_file"
 	export CONFIGPATH="package/feeds/iopsys/iop"
 	CUSTPATH="customerconfigs"
@@ -13,9 +14,12 @@ function genconfig {
 	export DEVELOPER=0
 	target="bogus"
 	target_config_path=""
+	bcm27xx="target/linux/iopsys-bcm27xx"
 	brcm63xx_arm="target/linux/iopsys-brcm63xx-arm"
 	ramips="target/linux/iopsys-ramips"
+	mediatek="target/linux/iopsys-mediatek"
 	econet="target/linux/iopsys-econet"
+	intel_mips="target/linux/intel_mips"
 	x86="target/linux/iopsys-x86"
 	armvirt="target/linux/iopsys-armvirt"

@@ -111,15 +115,21 @@ function genconfig {
 			iopsys_brcm63xx_arm=$(cd $brcm63xx_arm; ./genconfig)
 		[ -e $ramips/genconfig ] &&
 			iopsys_ramips=$(cd $ramips; ./genconfig)
+		[ -e $mediatek/genconfig ] &&
+			iopsys_mediatek=$(cd $mediatek; ./genconfig)
 		[ -e $econet/genconfig ] &&
 			iopsys_econet=$(cd $econet; ./genconfig)
+		[ -e $intel_mips/genconfig ] &&
+			iopsys_intel_mips=$(cd $intel_mips; ./genconfig)
 		[ -e $x86/genconfig ] &&
 			iopsys_x86=$(cd $x86; ./genconfig)
 		[ -e $armvirt/genconfig ] &&
 			iopsys_armvirt=$(cd $armvirt; ./genconfig)
+		[ -e $bcm27xx/genconfig ] &&
+			iopsys_bcm27xx=$(cd $bcm27xx; ./genconfig)

 	    if [ "$profile" == "LIST" ]; then
-			for list in iopsys_brcm63xx_arm iopsys_ramips iopsys_econet iopsys_x86 iopsys_armvirt; do
+			for list in iopsys_brcm63xx_arm iopsys_ramips iopsys_mediatek iopsys_econet iopsys_intel_mips iopsys_x86 iopsys_armvirt iopsys_bcm27xx; do
 				echo "$list based boards:"
 				for b in ${!list}; do
 					echo -e "\t$b"
@@ -144,6 +154,14 @@ function genconfig {
 		fi
 	    done

+	    for p in $iopsys_mediatek; do
+		if [ $p == $profile ]; then
+		    target="iopsys_mediatek"
+			target_config_path="$mediatek/config"
+		    return
+		fi
+	    done
+
 	    for p in $iopsys_econet; do
 		if [ $p == $profile ]; then
 		    target="iopsys_econet"
@@ -152,6 +170,14 @@ function genconfig {
 		fi
 	    done

+	    for p in $iopsys_intel_mips; do
+		if [ $p == $profile ]; then
+		    target="intel_mips"
+			target_config_path="$intel_mips/config"
+		    return
+		fi
+	    done
+
 	    for p in $iopsys_x86; do
 		if [ $p == $profile ]; then
 		    target="iopsys_x86"
@@ -167,10 +193,25 @@ function genconfig {
 		    return
 		fi
 	    done
+
+	    for p in $iopsys_bcm27xx; do
+		if [ $p == $profile ]; then
+		    target="iopsys_bcm27xx"
+			target_config_path="$bcm27xx/config"
+		    return
+		fi
+	    done
+
 	}

 	git remote -v | grep -qE '(git@|ssh://)' && {
 		DEVELOPER=1
+
+		bcmAllowed=0
+		endptAllowed=0
+
+		git ls-remote git@dev.iopsys.eu:broadcom/bcmcreator.git -q 2>/dev/null && bcmAllowed=1
+		git ls-remote git@dev.iopsys.eu:iopsys/endptmngr.git -q 2>/dev/null && endptAllowed=1
 	}

 	v() {
@@ -203,7 +244,7 @@ function genconfig {
 		local ALL="$1"
 		local CUSTOMER="$2"
 		if [ "$CUSTOMER" -a -d "$CUSTCONF/$CUSTOMER" ]; then
-			local boards="$(ls -1 "$CUSTCONF/$CUSTOMER" | grep -v common)"
+			local boards="$(ls -1 "$CUSTCONF/$CUSTOMER" | grep -v common | grep -v juci-theme)"
 			if [ "$boards" ]; then
 				echo "$CUSTOMER has following boards:"
 				for board in $boards; do
@@ -220,7 +261,7 @@ function genconfig {
 			if [ "$customers" -a "$ALL" == 1 ]; then
 				for customer in $customers; do
 					echo $customer
-					local boards="$(ls -1 $CUSTCONF/$customer | grep -v common)"
+					local boards="$(ls -1 $CUSTCONF/$customer | grep -v common | grep -v juci-theme)"
 					if [ "$boards" ]; then
 						for board in $boards; do
 							echo -e "\t$board"
@@ -274,6 +315,13 @@ function genconfig {
 			v "rm -rf $FILEDIR*"
 			rm -rf $FILEDIR*
 		fi
+
+		if [ ! -d "$THEMEDIR" ]; then
+			mkdir -p $THEMEDIR
+		elif [ -d "$THEMEDIR" -a $CLEAN -eq 1 ]; then
+			v "rm -rf $THEMEDIR/*"
+			rm -rf $THEMEDIR/*
+		fi
 	}

 	create_and_copy_files()
@@ -318,16 +366,37 @@ function genconfig {
 		    echo "" >> .config
 		fi

-		# Special handling for targets which use TARGET_DEVICES 
-		if [ "$target" = "iopsys_ramips" ]; then
+		#special handling for intel_mips/iopsys_ramips which use TARGET_DEVICES
+		if [ "$target" = "intel_mips" ]; then
+			subtarget="xrx500"
+			echo "CONFIG_TARGET_${target}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
+			echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
+			echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
+			device=$(echo $BOARDTYPE | tr a-z A-Z)
+			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${device}=y" >> .config
+		elif [ "$target" = "iopsys_ramips" ]; then
 			subtarget="mt7621"
 			echo "CONFIG_TARGET_${target}=y" >> .config
 			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
-			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
+		elif [ "$target" = "iopsys_mediatek" ]; then
+			subtarget="mt7622"
+			echo "CONFIG_TARGET_${target}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
 		elif [ "$target" = "iopsys_econet" ]; then
 			subtarget="en7562"
 			echo "CONFIG_TARGET_${target}=y" >> .config
 			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
+		elif [ "$target" = "iopsys_bcm27xx" ]; then
+			subtarget="iopsys_bcm2711"
+			echo "CONFIG_TARGET_${target}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
+			echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
+			echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
+			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
 		else
 			echo "CONFIG_TARGET_${target}=y" >> .config
 			echo "CONFIG_TARGET_${target}_${BOARDTYPE}=y" >> .config
@@ -346,6 +415,11 @@ function genconfig {
 					v "cp -ar $CUSTCONF/$CUSTOMER/$BOARDTYPE/fs/* $FILEDIR"
 					cp -ar $CUSTCONF/$CUSTOMER/$BOARDTYPE/fs/* $FILEDIR
 				fi
+				if [ -d "$CUSTCONF/$CUSTOMER/juci-theme" ]; then
+					customer="$(echo $CUSTOMER | tr 'A-Z' 'a-z')"
+					v "cp -ar $CUSTCONF/$CUSTOMER/juci-theme $THEMEDIR/juci-theme-$customer"
+					cp -ar $CUSTCONF/$CUSTOMER/juci-theme $THEMEDIR/juci-theme-$customer
+				fi
 				if [ -e "$CUSTCONF/$CUSTOMER/common/common.diff" ]; then
 					v "Apply $CUSTCONF/$CUSTOMER/common/common.diff"
 					cat $CUSTCONF/$CUSTOMER/common/common.diff >> .config
@@ -361,14 +435,11 @@ function genconfig {

 		# Set target version
 		local GIT_TAG=$(git describe --abbrev=0 --tags)
-		local GIT_REV=$(git rev-parse --short HEAD)
-		local GIT_VER="$GIT_TAG"
-		git describe --contains $GIT_REV >/dev/null 2>&1 || GIT_VER="${GIT_TAG}_${GIT_REV}"
-		echo "CONFIG_TARGET_VERSION=\"${GIT_VER}\"" >> .config
-		echo "CONFIG_VERSION_CODE=\"${GIT_VER}\"" >> .config
+		echo "CONFIG_TARGET_VERSION=\"${GIT_TAG}\"" >> .config
+		echo "CONFIG_VERSION_CODE=\"${GIT_TAG}\"" >> .config
 		echo "CONFIG_VERSION_PRODUCT=\"$BOARDTYPE"\" >> .config

-		# Enable Package source tree override if selected
+		# Enable Pckage source tree override if selected
 		[ $SRCTREEOVERR -eq 1 ] && echo CONFIG_SRC_TREE_OVERRIDE=y >> .config

 		# developer mode selected ?
@@ -376,8 +447,12 @@ function genconfig {
 		if [ $DEVELOPER -eq 1 ]; then
 			# rewrite url to clone with ssh instead of http
 			echo "CONFIG_GITMIRROR_REWRITE=y" >>.config
+			[ $bcmAllowed -eq 0 ] && echo "CONFIG_BCM_OPEN=y" >> .config
+			[ $endptAllowed -eq 0 ] && echo "CONFIG_ENDPT_OPEN=y" >> .config
 		else
 			echo "# CONFIG_GITMIRROR_REWRITE is not set" >>.config
+			echo "CONFIG_BCM_OPEN=y" >> .config
+			echo "CONFIG_ENDPT_OPEN=y" >> .config
 		fi

 		if [ -n "$BRCM_MAX_JOBS" ]
--- a/iop/scripts/genconfig_min.sh
+++ b/iop/scripts/genconfig_min.sh
@@ -9,12 +9,14 @@ function genconfig_min {
 	CUSTPATH="customerconfigs"
 	export CUSTCONF="customerconfigs/customers"
 	export VERBOSE=0
+	#always use the mirror
 	export DEVELOPER=0
 	target="bogus"
-	target_config_path=""
+	config_path=""
+	bcm27xx="target/linux/iopsys-bcm27xx"
 	brcm63xx_arm="target/linux/iopsys-brcm63xx-arm"
 	ramips="target/linux/iopsys-ramips"
-	econet="target/linux/iopsys-econet"
+	intel_mips="target/linux/intel_mips"
 	x86="target/linux/iopsys-x86"
 	armvirt="target/linux/iopsys-armvirt"

@@ -78,7 +80,7 @@ function genconfig_min {

 	# Takes a board name and returns the target name in global var $target
 	set_target() {
-		local profile=$1
+	    local profile=$1

 		[ -n "$profile" ] || return

@@ -100,7 +102,7 @@ function genconfig_min {

 			if [ $pfound -eq 1 ]; then
 				target="$(echo $TARGET | tr '-' '_')"
-				target_config_path="$targetpath/config"
+				config_path="$targetpath/config"
 			fi

 			return
@@ -110,15 +112,17 @@ function genconfig_min {
 			iopsys_brcm63xx_arm=$(cd $brcm63xx_arm; ./genconfig)
 		[ -e $ramips/genconfig ] &&
 			iopsys_ramips=$(cd $ramips; ./genconfig)
-		[ -e $econet/genconfig ] &&
-			iopsys_econet=$(cd $econet; ./genconfig)
+		[ -e $intel_mips/genconfig ] &&
+			iopsys_intel_mips=$(cd $intel_mips; ./genconfig)
 		[ -e $x86/genconfig ] &&
 			iopsys_x86=$(cd $x86; ./genconfig)
 		[ -e $armvirt/genconfig ] &&
 			iopsys_armvirt=$(cd $armvirt; ./genconfig)
+		[ -e $bcm27xx/genconfig ] &&
+			iopsys_bcm27xx=$(cd $bcm27xx; ./genconfig)

 	    if [ "$profile" == "LIST" ]; then
-			for list in iopsys_brcm63xx_arm iopsys_ramips iopsys_econet iopsys_x86 iopsys_armvirt; do
+			for list in iopsys_brcm63xx_arm iopsys_ramips iopsys_intel_mips iopsys_x86 iopsys_armvirt iopsys_bcm27xx; do
 				echo "$list based boards:"
 				for b in ${!list}; do
 					echo -e "\t$b"
@@ -130,7 +134,7 @@ function genconfig_min {
 	    for p in $iopsys_brcm63xx_arm; do
 		if [ $p == $profile ]; then
 		    target="iopsys_brcm63xx_arm"
-			target_config_path="$brcm63xx_arm/config"
+			config_path="$brcm63xx_arm/config"
 		    return
 		fi
 	    done
@@ -138,15 +142,15 @@ function genconfig_min {
 	    for p in $iopsys_ramips; do
 		if [ $p == $profile ]; then
 		    target="iopsys_ramips"
-			target_config_path="$ramips/config"
+			config_path="$ramips/config"
 		    return
 		fi
 	    done

-	    for p in $iopsys_econet; do
+	    for p in $iopsys_intel_mips; do
 		if [ $p == $profile ]; then
-		    target="iopsys_econet"
-			target_config_path="$econet/config"
+		    target="intel_mips"
+			config_path="$intel_mips/config"
 		    return
 		fi
 	    done
@@ -154,7 +158,7 @@ function genconfig_min {
 	    for p in $iopsys_x86; do
 		if [ $p == $profile ]; then
 		    target="iopsys_x86"
-			target_config_path="$x86/config"
+			config_path="$x86/config"
 		    return
 		fi
 	    done
@@ -162,13 +166,22 @@ function genconfig_min {
 	    for p in $iopsys_armvirt; do
 		if [ $p == $profile ]; then
 		    target="iopsys_armvirt"
-			target_config_path="$armvirt/config"
+			config_path="$armvirt/config"
 		    return
 		fi
 	    done
+
+	    for p in $iopsys_bcm27xx; do
+		if [ $p == $profile ]; then
+		    target="iopsys_bcm27xx"
+		        config_path="$bcm27xx/config"
+		    return
+		fi
+	    done
+
 	}

-	git remote -v | grep -qE '(git@|ssh://)' && {
+	git remote -v | grep -q http || {
 		DEVELOPER=1

 		bcmAllowed=0
@@ -197,8 +210,7 @@ function genconfig_min {
 		echo -e "  -a|--list-all\t\tList all Customers and their board types"
 		echo -e "  -b|--boards\t\tList all board types"
 		echo
-		echo "Example ./iop genconfig eg400 OPERATORX"
-		echo "(if no customerconfig is chosen, iopsys config will be used)"
+		echo "Example ./iop genconfig dg400prime IOPSYS"
 		echo
 		exit 0
 	}
@@ -248,12 +260,12 @@ function genconfig_min {

 	generate_config()
 	{
-		DIFFFILE="$1"
-		MASTERFILE="$2"
-		while read p; do
-			v "$p"
-			sed -r -i "$p" $MASTERFILE
-		done < $DIFFFILE
+	DIFFFILE="$1"
+	MASTERFILE="$2"
+	while read p; do
+		v "$p"
+		sed -r -i "$p" $MASTERFILE
+	done < $DIFFFILE
 	}

 	setup_dirs()
@@ -300,25 +312,35 @@ function genconfig_min {
 		v "cp $CONFIGPATH/config .config"
 		cp $CONFIGPATH/config .config

-		if [ -f $target_config_path/config ]; then
-		    cat $target_config_path/config >> .config
-		    echo "" >> .config
+		if [ -f $config_path/config ]; then
+		    cat $config_path/config >> .config
 		fi
-		if [ -f $target_config_path/$BOARDTYPE/config ]; then
-		    cat $target_config_path/$BOARDTYPE/config >> .config
-		    echo "" >> .config
+		if [ -f $config_path/$BOARDTYPE/config ]; then
+		    cat $config_path/$BOARDTYPE/config >> .config
 		fi

-		# Special handling for targets which use TARGET_DEVICES
-		if [ "$target" = "iopsys_ramips" ]; then
+		#special handling for intel_mips/iopsys_ramips which use TARGET_DEVICES
+		if [ "$target" = "intel_mips" ]; then
+			subtarget="xrx500"
+			echo "CONFIG_TARGET_${target}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
+			echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
+			echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
+			device=$(echo $BOARDTYPE | tr a-z A-Z)
+			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${device}=y" >> .config
+		elif [ "$target" = "iopsys_ramips" ]; then
 			subtarget="mt7621"
 			echo "CONFIG_TARGET_${target}=y" >> .config
 			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
-			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
-		elif [ "$target" = "iopsys_econet" ]; then
-			subtarget="en7562"
-			echo "CONFIG_TARGET_${target}=y" >> .config
-			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
+			echo "CONFIG_TARGET_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
+		elif [ "$target" = "iopsys_bcm27xx" ]; then
+			subtarget="iopsys_bcm2711"
+                        echo "CONFIG_TARGET_${target}=y" >> .config
+                        echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
+                        echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
+                        echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
+                        device=$(echo $BOARDTYPE | tr a-z A-Z)
+                        echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
 		else
 			echo "CONFIG_TARGET_${target}=y" >> .config
 			echo "CONFIG_TARGET_${target}_${BOARDTYPE}=y" >> .config
@@ -340,25 +362,21 @@ function genconfig_min {
 				if [ -e "$CUSTCONF/$CUSTOMER/common/common.diff" ]; then
 					v "Apply $CUSTCONF/$CUSTOMER/common/common.diff"
 					cat $CUSTCONF/$CUSTOMER/common/common.diff >> .config
-					echo "" >> .config
 				fi
 				if [ -e "$CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff" ]; then
 					v "Apply $CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff"
 					cat $CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff >> .config
-					echo "" >> .config
 				fi
 			done
 		fi

 		# Set target version
 		local GIT_TAG=$(git describe --abbrev=0 --tags)
-		local GIT_REV=$(git rev-parse --short HEAD)
-		local GIT_VER="$GIT_TAG"
-		git describe --contains $GIT_REV >/dev/null 2>&1 || GIT_VER="${GIT_TAG}_${GIT_REV}"
-		echo "CONFIG_TARGET_VERSION=\"${GIT_VER}\"" >> .config
-		echo "CONFIG_VERSION_CODE=\"${GIT_VER}\"" >> .config
+		echo "CONFIG_TARGET_VERSION=\"${GIT_TAG}\"" >> .config
+		echo "CONFIG_VERSION_CODE=\"${GIT_TAG}\"" >> .config
 		echo "CONFIG_VERSION_PRODUCT=\"$BOARDTYPE"\" >> .config

+
 		# Enable Package source tree override if selected
 		[ $SRCTREEOVERR -eq 1 ] && echo CONFIG_SRC_TREE_OVERRIDE=y >> .config

@@ -431,8 +449,6 @@ function genconfig_min {
 			shift;
 		done

-		CUSTREPO="${CUSTREPO:-git@dev.iopsys.eu:consumer/iopsys.git}"
-
 		setup_dirs
 		create_and_copy_files "$@"
 	fi
--- a/iop/scripts/install_key.sh
+++ b/iop/scripts/install_key.sh
@@ -1,29 +1,12 @@
 # this is a developer helper script to install the public ssh key in the created image

-DROPBEAR_AUTHORIZED_KEYS_FILE=/etc/dropbear/authorized_keys
-
-function get_ssh_public_keys {
-    (
-        shopt -s nullglob
-        # home directory, not all of those are supported by dropbear,
-        # but let's include them now already to decrease future maintenance
-        cat /dev/null ~/.ssh/{id_rsa,id_dsa,id_ecdsa,id_ecdsa_sk,id_ed25519,id_ed25519_sk,id_xmss}.pub 2> /dev/null
-        # keys added manually or automatically to the build dir
-        cat "files${DROPBEAR_AUTHORIZED_KEYS_FILE}" 2>/dev/null
-        # keys in the agent (useful when using SSH agent forwarding)
-        ssh-add -L 2> /dev/null
-    ) | sort | uniq
-}
-
 function install_key {
-    local build_dir_dropbear_authorized_keys_file="files${DROPBEAR_AUTHORIZED_KEYS_FILE}"
-    mkdir -p "$(dirname "$build_dir_dropbear_authorized_keys_file")"
-    get_ssh_public_keys > "$build_dir_dropbear_authorized_keys_file"
-    chmod 0644 "$build_dir_dropbear_authorized_keys_file"
-    echo "Keys in "$build_dir_dropbear_authorized_keys_file" are now:"
-    cat "$build_dir_dropbear_authorized_keys_file"
-    echo
-    echo "Disabling login on serial console..."
+
+    mkdir -p files/etc/dropbear
+    test -e ~/.ssh/id_dsa.pub && cat ~/.ssh/id_dsa.pub >>files/etc/dropbear/authorized_keys
+    test -e ~/.ssh/id_rsa.pub && cat ~/.ssh/id_rsa.pub >>files/etc/dropbear/authorized_keys
+    chmod 0644 files/etc/dropbear/authorized_keys
+
    echo "::sysinit:/etc/init.d/rcS S boot" >files/etc/inittab
    echo "::shutdown:/etc/init.d/rcS K shutdown" >>files/etc/inittab
    echo "console::askconsolelate:/bin/cttyhack /bin/ash --login" >>files/etc/inittab
@@ -31,25 +14,4 @@ function install_key {
    echo Done
 }

-function ssh_install_key_help() {
-    echo Usage: $0 ssh_install_key HOSTNAME
-    echo
-    echo "Installs SSH public keys to a device's authorized_keys file"
-}
-
-
-# this is a developer helper script to install the public ssh key on host running dropbear
-function ssh_install_key {
-    if [ $# -ne 1 ] || [ "$1" == '--help' ]; then
-        ssh_install_key_help
-        [ $# -eq 1 ]; return
-    fi
-    host="$1"
-    local keys="$(get_ssh_public_keys)"
-    echo "Adding the following keys to $DROPBEAR_AUTHORIZED_KEYS_FILE on $host:"
-    echo "$keys"
-    ssh root@$host "echo '$keys' >> '$DROPBEAR_AUTHORIZED_KEYS_FILE'" && echo ok
-}
-
-register_command "ssh_install_key" "Install the users public ssh key on host running dropbear"
 register_command "install_key" "Install the user's public ssh key in the created image"
--- a/iop/scripts/ssh_install_key.sh
+++ b/iop/scripts/ssh_install_key.sh
@@ -0,0 +1,17 @@
+# this is a developer helper script to install the public ssh key on host running dropbear
+
+function ssh_install_key {
+	if [ -e ~/.ssh/id_rsa.pub ]; then
+		echo "Adding public RSA key to $1"
+		KEY=`cat ~/.ssh/id_rsa.pub`
+	elif [ -e ~/.ssh/id_dsa.pub ]; then
+		echo "Adding public DSA key to $1"
+		KEY=`cat ~/.ssh/id_dsa.pub`
+	else
+		echo "No public key found"
+		exit 1
+	fi
+	ssh root@$1 "echo '$KEY' >> /etc/dropbear/authorized_keys" && echo ok
+}
+
+register_command "ssh_install_key" "Install the users public ssh key on host running dropbear"
--- a/juci/Makefile
+++ b/juci/Makefile
@@ -0,0 +1,122 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=juci
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/juci.git
+PKG_SOURCE_VERSION:=70b66bfc7f0e25e77b6920c3d44e5b05f4bfcf95
+PKG_VERSION:=2020-05-27
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
+
+PKG_RELEASE=$(PKG_VERSION)-$(PKG_SOURCE_VERSION)
+
+PKG_LICENSE:=GPLv2
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/juci
+  $(Package/juci/default)
+  SECTION:=juci
+  CATEGORY:=JUCI
+  MENU=1
+  TITLE:=JUCI Core Package (select this to select default plugins)
+  DEPENDS:=+libubox +libubus +owsd +rpcd +rpcd-mod-file +questd
+endef
+
+define Build/InstallDev 
+	$(INSTALL_DIR) $(1)/usr/src/
+	ln -s $(PKG_BUILD_DIR) $(1)/usr/src/juci
+endef 
+
+define Build/Compile
+	$(call Build/Compile/Default,THEME_PATH="$(TOPDIR)/tmp/juci-themes/")
+endef
+
+define Package/juci/description
+ JUCI Javascript UCI Web interface.
+endef
+
+define Package/juci/install
+	$(INSTALL_DIR) $(1)/
+	$(CP) $(PKG_BUILD_DIR)/bin/juci/* $(1)/
+	$(CP) ./files/* $(1)/
+endef
+
+define Package/juci/postinst
+#!/bin/sh
+
+juci-update
+exit 0
+endef
+
+$(eval $(call BuildPackage,juci))
+
+####### Extensions / Themes and Plugins
+
+define RegisterAddonInner
+define Package/$(2)
+	SECTION:=juci
+	CATEGORY:=JUCI
+	TITLE:=default
+	SUBMENU:=$(1)
+	TITLE:=$(if $(3),$(3),JUCI $(2) plugin)
+	DEPENDS:=$(4)
+endef
+
+define Package/$(2)/install
+	$(INSTALL_DIR) $$(1)/
+	$(CP) $(PKG_BUILD_DIR)/bin/$(2)/* $$(1)/
+endef
+endef
+
+define RegisterAddon
+	$(eval $(call RegisterAddonInner,$(1),$(2),$(3),$(4),$(5)))
+	$(eval $(call BuildPackage,$(2)))
+endef
+
+$(eval $(call RegisterAddon,Plugins,juci-catv, CATV Module,@(PACKAGE_catv)))
+$(eval $(call RegisterAddon,Plugins,juci-cgroups, CGroups Module,@(PACKAGE_icgroupd)))
+$(eval $(call RegisterAddon,Plugins,juci-ddns, DDNS Configuration,@(PACKAGE_ddns-scripts)))
+$(eval $(call RegisterAddon,Plugins,juci-diagnostics, Simple Diagnostics,@(PACKAGE_busybox)))
+$(eval $(call RegisterAddon,Plugins,juci-ndt, NDT Speed Test client,@(PACKAGE_ndt)))
+$(eval $(call RegisterAddon,Plugins,juci-dnsmasq-dhcp, DHCP/DNSMasq Configuration,@(PACKAGE_dnsmasq||PACKAGE_dnsmasq-full)))
+$(eval $(call RegisterAddon,Plugins,juci-dropbear, Dropbear Configuration,@(PACKAGE_dropbear)))
+$(eval $(call RegisterAddon,Plugins,juci-easyqos, Easy QoS module,@(PACKAGE_easy-qos)))
+$(eval $(call RegisterAddon,Plugins,juci-event, Event Module,@(PACKAGE_owsd)))
+$(eval $(call RegisterAddon,Plugins,juci-firewall-fw3, Firewall Configuration,@(PACKAGE_firewall)))
+$(eval $(call RegisterAddon,Plugins,juci-icwmp, TR-069 Module,@(PACKAGE_icwmp)))
+$(eval $(call RegisterAddon,Plugins,juci-config-backup, Config Backup Module))
+$(eval $(call RegisterAddon,Plugins,juci-qos, QoS module,@(PACKAGE_qos-scripts)))
+$(eval $(call RegisterAddon,Plugins,juci-voice-client, Asterisk Voice Client Module,@(PACKAGE_asterisk)))
+$(eval $(call RegisterAddon,Plugins,juci-minidlna, MiniDLNA Configuration,@(PACKAGE_minidlna)))
+$(eval $(call RegisterAddon,Plugins,juci-mcproxy, Multicast Proxy Configuration,@(PACKAGE_mcproxy)))
+$(eval $(call RegisterAddon,Plugins,juci-mod-status, Status Reporting Module,@(PACKAGE_questd)))
+$(eval $(call RegisterAddon,Plugins,juci-mod-system, System Administration Module))
+$(eval $(call RegisterAddon,Plugins,juci-mwan3, mwan3 Configuration,@(PACKAGE_mwan3)))
+$(eval $(call RegisterAddon,Plugins,juci-natalie-dect, DECT Module,@(PACKAGE_dectmngr2)))
+$(eval $(call RegisterAddon,Plugins,juci-netmode, Netmode Module,@(PACKAGE_netmode)))
+$(eval $(call RegisterAddon,Plugins,juci-network-device, Network Device Configuration,@(PACKAGE_netifd)))
+$(eval $(call RegisterAddon,Plugins,juci-network-dsl, DSL Module))
+$(eval $(call RegisterAddon,Plugins,juci-network-netifd, Network Module,@(PACKAGE_netifd)))
+$(eval $(call RegisterAddon,Plugins,juci-network-port, Ethernet Port Configuration,@(PACKAGE_port-management)))
+$(eval $(call RegisterAddon,Plugins,juci-openvpn, OpenVPN configuration,@(PACKAGE_openvpn)))
+$(eval $(call RegisterAddon,Plugins,juci-owsd, OWSD configuration,@(PACKAGE_owsd)))
+$(eval $(call RegisterAddon,Plugins,juci-printer, p910nd Printer Server Configuration,@(PACKAGE_p910nd)))
+#$(eval $(call RegisterAddon,Plugins,juci-realtime-graphs, Realtime Graphs))
+$(eval $(call RegisterAddon,Plugins,juci-samba, Samba Configuration,@(PACKAGE_samba3)))
+$(eval $(call RegisterAddon,Plugins,juci-sfp, SFP Configuration,@(PACKAGE_peripheral_manager)))
+$(eval $(call RegisterAddon,Plugins,juci-snmpd, SNMP Module,@(PACKAGE_snmpd)))
+$(eval $(call RegisterAddon,Plugins,juci-sysupgrade, Sysupgrade Firmware Upgrade,@(PACKAGE_rpcd-mod-rpcsys)))
+$(eval $(call RegisterAddon,Plugins,juci-uhttpd, uHTTPD Configuration,@(PACKAGE_uhttpd)))
+$(eval $(call RegisterAddon,Plugins,juci-upnp, UPnP Configuration Module,@(PACKAGE_miniupnpd)))
+#$(eval $(call RegisterAddon,Plugins,juci-usb, USB Module))
+$(eval $(call RegisterAddon,Plugins,juci-wireless, Wireless Management Module))
+$(eval $(call RegisterAddon,Plugins,juci-wifilife, WiFi Life Module,@(PACKAGE_wifilife)))
+$(eval $(call RegisterAddon,Themes,juci-theme-iopsys))
+
+####### dynamically publish themes as packages #######
+$(foreach th,$(wildcard $(TOPDIR)/tmp/juci-themes/*),$(eval $(call RegisterAddon,Themes,$(notdir $(th)))))
--- a/juci/files/etc/config/juci
+++ b/juci/files/etc/config/juci
@@ -0,0 +1,66 @@
+config juci 'juci'
+	option homepage 'overview'
+	option theme 'juci-theme-iopsys'
+	option favicon 'favicon.ico'
+
+config login 'login'
+	option showusername '1'
+	option defaultuser 'user'
+
+config localization 'localization'
+	option default_language 'en'
+	list languages 'en'
+
+config wiki 'wiki'
+	option visible '0'
+	option version 'v4.2.x'
+
+config widget
+	list name 'overviewWidget11WAN'
+	list require 'ubus:network.interface'
+
+config widget
+	list name 'overviewWidget10Network'
+	list require 'ubus:network.interface'
+	list require 'ubus:router.network->hosts'
+
+config widget
+	list name 'overviewWidget00WiFi'
+	list require 'ubus:wifi'
+	list require 'ubus:wifi.wps'
+
+config menu
+	option path 'overview'
+	option page 'overview'
+
+config menu
+	option path 'system'
+	option page 'system'
+	option redirect 'first'
+
+config menu
+	option path 'status'
+	option page 'status'
+	option redirect 'first'
+
+config menu
+	option path 'status/system'
+	option page 'status-system'
+	list require 'ubus:router.system->info'
+
+config menu
+	option path 'status/network'
+	option page 'status-network'
+	list require 'ubus:network.interface'
+
+config menu
+	option path 'status/dsl'
+	option page 'network-dsl-status'
+	list require 'ubus:dsl->stats'
+	list require 'ubus:dsl->status'
+
+config menu
+	option path 'system/upgrade'
+	option page 'settings-upgrade'
+	list expose 'admin'
+
--- a/juci/files/etc/init.d/juci
+++ b/juci/files/etc/init.d/juci
@@ -0,0 +1,41 @@
+#!/bin/sh /etc/rc.common
+. /lib/functions.sh
+
+START=94
+STOP=06
+
+USE_PROCD=1
+NAME=juci
+
+start_service() {
+	mkdir -p /tmp/juci
+	touch /www/index.html.gz
+	chmod 755 /www/cgi-bin/luci
+	# this will simply update index.html to include any files that are for some reason not included
+	# a good way to make sure all plugins are properly included at each boot
+	config_load juci
+	local theme
+	config_get theme juci theme
+	if [ "$theme" ]
+	then
+		if [ -f /www/themes/theme.js.gz ] 
+			then
+			rm -f /www/themes/theme.js.gz
+		fi
+		if [ -f /www/themes/*$theme.js.gz ]
+			then
+			ln -s /www/themes/*$theme.js.gz /www/themes/theme.js.gz
+		fi
+	fi
+	juci-update
+}
+
+stop() {
+	service_stop /sbin/juci
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger juci
+}
+
--- a/juci/files/etc/uci-defaults/00-default-juci-rpcd-acl
+++ b/juci/files/etc/uci-defaults/00-default-juci-rpcd-acl
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+USER_SECTION=""
+USER_EXISTS=0
+
+find_user(){
+	local section="$1"
+	local user="$2"
+	config_get username $section username
+	if [ "$username" == "$user" ]; then
+		USER_SECTION="$section"
+		USER_EXISTS=1
+	fi
+}
+
+config_load rpcd
+
+USER_EXISTS=0
+config_foreach find_user login root
+if [ $USER_EXISTS -eq 1 ]; then
+	uci delete rpcd.$USER_SECTION
+fi
+
+USER_EXISTS=0
+config_foreach find_user login admin
+if [ $USER_EXISTS -eq 0 ]; then
+	uci -q add rpcd login >/dev/null
+	uci -q set rpcd.@login[-1].username="admin"
+	uci -q set rpcd.@login[-1].password="\$p\$admin"
+	uci -q add_list rpcd.@login[-1].read="enduser"
+	uci -q add_list rpcd.@login[-1].read="administrator"
+	uci -q add_list rpcd.@login[-1].write="enduser"
+	uci -q add_list rpcd.@login[-1].write="administrator"
+fi
+
+USER_EXISTS=0
+config_foreach find_user login user
+if [ $USER_EXISTS -eq 0 ]; then
+	uci -q add rpcd login >/dev/null
+	uci -q set rpcd.@login[-1].username="user"
+	uci -q set rpcd.@login[-1].password="\$p\$user"
+	uci -q add_list rpcd.@login[-1].read="enduser"
+	uci -q add_list rpcd.@login[-1].write="enduser"
+fi
+
+uci commit rpcd
+
--- a/juci/files/usr/share/rpcd/acl.d/administrator.json
+++ b/juci/files/usr/share/rpcd/acl.d/administrator.json
@@ -0,0 +1,21 @@
+{
+	"administrator": {
+		"description": "Administrator Access Rights",
+		"read": {
+			"ubus": {
+				"file": [
+					"write"
+				],
+				"rpc-sys": [
+					"upgrade_start",
+					"upgrade_test"
+				]
+			}
+		},
+		"write": {
+			"file": {
+				"/tmp/firmware.bin": ["write"]
+			}
+		}
+	}
+}
--- a/juci/files/usr/share/rpcd/acl.d/enduser.json
+++ b/juci/files/usr/share/rpcd/acl.d/enduser.json
@@ -0,0 +1,217 @@
+{
+	"enduser": {
+		"description": "End User Access Rights",
+		"read": {
+			"ubus": {
+				"dect": [
+					"state",
+					"handset",
+					"status",
+					"call"
+				],
+				"dsl": [
+					"status",
+					"stats"
+				],
+				"network.device": [
+					"status"
+				],
+				"network.interface*": [
+					"status",
+					"dump",
+					"up",
+					"down"
+				],
+				"router.network": [
+					"clients",
+					"hosts",
+					"dump"
+				],
+				"router.system": [
+					"info",
+					"memory",
+					"filesystem",
+					"process",
+					"processes"
+				],
+				"session": [
+					"access",
+					"list",
+					"destroy",
+					"login"
+				],
+				"system": [
+					"info",
+					"board",
+					"reboot"
+				],
+				"testnet": [
+					"status"
+				],
+				"uci": [
+					"*"
+				],
+				"voice.asterisk": [
+					"status",
+					"call_log",
+					"platform",
+					"supported_countries"
+				],
+				"wifi": [
+					"status"
+				],
+				"wifi.ap.*": [
+					"status",
+					"stats",
+					"assoclist",
+					"stations"
+				],
+				"wifi.radio.*": [
+					"status",
+					"stats",
+					"scan",
+					"scanresults",
+					"autochannel"
+				],
+				"wifi.wps": [
+					"start",
+					"stop",
+					"status",
+					"showpin"
+				]
+			},
+			"uci": [
+				"dhcp",
+				"firewall",
+				"juci",
+				"network",
+				"voice_client",
+				"wireless"
+			],
+			"owsd": [
+				"client",
+				"wifi.radio",
+				"wifi.sta",
+				"wifi.wps"
+			]
+		},
+		"write": {
+			"uci": [
+				"dhcp",
+				"firewall",
+				"network",
+				"wireless"
+			],
+			"uci_granular": {
+				"dhcp": [
+					{
+						"match": {
+							".type": "dhcp"
+						},
+						"option": [
+							"*"
+						]
+					},
+					{
+						"match": {
+							".type": "host"
+						},
+						"option": [
+							"*"
+						]
+					}
+				],
+				"firewall": [
+					{
+						"match": {
+							".type": "settings",
+							".name": "settings"
+						},
+						"option": [
+							"disabled"
+						]
+					},
+					{
+						"match": {
+							".type": "zone"
+						},
+						"option": [
+							"masq",
+							"name",
+							"network"
+						]
+					},
+					{
+						"match": {
+							".type": "redirect"
+						},
+						"option": [
+							"*"
+						]
+					},
+					{
+						"match": {
+							".type": "rule"
+						},
+						"option": [
+							"*"
+						]
+					},
+					{
+						"match": {
+							".type": "dmz"
+						},
+						"option": [
+							"enabled",
+							"host",
+							"ip6addr"
+						]
+					}
+				],
+				"network": [
+					{
+						"match": {
+							".type": "interface"
+						},
+						"option": [
+							"*"
+						]
+					}
+				],
+				"wireless": [
+					{
+						"match": {
+							".type": "wifi-status"
+						},
+						"option": [
+							"wps"
+						]
+					},
+					{
+						"match": {
+							".type": "wifi-iface",
+							"mode": "ap"
+						},
+						"option": [
+							"*"
+						]
+					},
+					{
+						"match": {
+							".type": "wifi-device"
+						},
+						"option": [
+							"channel"
+						]
+					}
+				]
+			},
+			"owsd": [
+				"client",
+				"wifi.radio",
+				"wifi.sta",
+				"wifi.wps"
+			]
+		}
+	}
+}
--- a/libjwt/Makefile
+++ b/libjwt/Makefile
@@ -0,0 +1,54 @@
+
+# Copyright (C) 2018 Iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libjwt
+PKG_VERSION:=1.0.0
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=866607c7741421c8ac99876e7201eb32d9af1b92
+PKG_SOURCE_URL:=https://github.com/benmcollins/libjwt.git
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_FIXUP:=autoreconf
+
+PKG_LICENSE:=LGPLv3
+PKG_LICENSE_FILES:=COPYING
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libjwt
+  CATEGORY:=Libraries
+  DEPENDS:=+libopenssl +jansson
+  TITLE:= libjwt
+endef
+
+
+#TARGET_CFLAGS += \
+#	-I$(STAGING_DIR)/usr/include
+#	-I$(STAGING_DIR)/usr/include/libnl3
+
+#MAKE_FLAGS += \
+#	CFLAGS="$(TARGET_CFLAGS)" \
+#	LDFLAGS="$(TARGET_LDFLAGS)" \
+#	FPIC="$(FPIC)" \
+#	PLATFORM="$(TARGET_PLATFORM)" \
+#	subdirs="$(subdirs)"
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/include/jwt.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libjwt/.libs/libjwt.so* $(1)/usr/lib/
+endef
+
+define Package/libjwt/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libjwt/.libs/libjwt.so* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libjwt))
--- a/libmicroxml/Makefile
+++ b/libmicroxml/Makefile
@@ -0,0 +1,57 @@
+#
+# Copyright (C) 2012-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libmicroxml
+PKG_VERSION:=2012-06-11
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/mirror/microxml.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=72965423184f24cc0b963d91c2d1863cdb01b6aa
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+PKG_LICENSE:=LGPL-2.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libmicroxml
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=XML library
+  MAINTAINER:=Luka Perkov <luka@openwrt.org>
+endef
+
+define Package/libmicroxml/description
+ A micro sized XML library
+endef
+
+CONFIGURE_ARGS += \
+	--disable-threads \
+	--enable-static \
+	--enable-shared
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(CP) $(PKG_BUILD_DIR)/microxml.h $(1)/usr/include
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libmicroxml.so* $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+	$(CP) $(PKG_BUILD_DIR)/microxml.pc $(1)/usr/lib/pkgconfig
+endef
+
+define Package/libmicroxml/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libmicroxml.so* $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,libmicroxml))
--- a/libmicroxml/patches/100-fix-memleak.patch
+++ b/libmicroxml/patches/100-fix-memleak.patch
@@ -0,0 +1,130 @@
+diff --git a/mxml-file.c b/mxml-file.c
+index 02eca9d..f10d202 100644
+--- a/mxml-file.c
+++ b/mxml-file.c
+@@ -363,9 +363,12 @@ mxmlSaveFile(mxml_node_t    *node,	/* I - Node to write */
+   * Write the node...
+   */
+ 
+-  if ((col = mxml_write_node(node, fp, cb, 0, mxml_file_putc, global)) < 0)
+  if ((col = mxml_write_node(node, fp, cb, 0, mxml_file_putc, global)) < 0){
+    global_free(global);
+     return (-1);
+-
+  }
+  
+  global_free(global);
+   if (col > 0)
+     if (putc('\n', fp) < 0)
+       return (-1);
+@@ -1448,6 +1451,7 @@ mxml_load_data(
+   if ((buffer = malloc(64)) == NULL)
+   {
+     mxml_error("Unable to allocate string buffer!");
+    global_free(global);
+     return (NULL);
+   }
+ 
+@@ -2083,11 +2087,12 @@ mxml_load_data(
+ 		 node->parent ? node->parent->value.element.name : "(null)");
+ 
+       mxmlDelete(first);
+-
+      global_free(global);
+       return (NULL);
+     }
+   }
+ 
+  global_free(global);
+   if (parent)
+     return (parent);
+   else
+@@ -2102,7 +2107,7 @@ error:
+   mxmlDelete(first);
+ 
+   free(buffer);
+-
+  global_free(global);
+   return (NULL);
+ }
+ 
+diff --git a/mxml-private.c b/mxml-private.c
+index 4378ca3..ea6e452 100644
+--- a/mxml-private.c
+++ b/mxml-private.c
+@@ -41,6 +41,32 @@
+  * This code currently supports AIX, HP-UX, Linux, Mac OS X, Solaris, and
+  * Windows.  It might work on the BSDs and IRIX, but I haven't tested that.
+  */
+void *global_mem[16] = {0};
+
+static void *global_calloc(int x, int size)
+{
+  int i;
+  void *m = calloc(x, size);
+  for (i = ((sizeof(global_mem)/sizeof(global_mem[0])) - 1); i > 0; i--) {
+    global_mem[i] = global_mem[i-1];
+  }
+  global_mem[0] = m;
+  return m;
+}
+
+void global_free(void *m)
+{
+  int i;
+  if (m == NULL)
+    return;
+  for (i = ((sizeof(global_mem)/sizeof(global_mem[0])) - 1); i >= 0; i--) {
+    if (global_mem[i] == m) {
+      global_mem[i] = NULL;
+      free(m);
+      break;
+    }
+  }
+}
+ 
+ #if defined(__sun) || defined(_AIX)
+ #  pragma fini(_mxml_fini)
+@@ -148,7 +174,6 @@ mxml_real_cb(mxml_node_t *node)		/* I - Current node */
+   return (MXML_REAL);
+ }
+ 
+-
+ #ifdef HAVE_PTHREAD_H			/**** POSIX threading ****/
+ #  include <pthread.h>
+ 
+@@ -190,7 +215,6 @@ _MXML_FINI(void)
+   }
+ }
+ 
+-
+ /*
+  * '_mxml_global()' - Get global data.
+  */
+@@ -205,7 +229,7 @@ _mxml_global(void)
+ 
+   if ((global = (_mxml_global_t *)pthread_getspecific(_mxml_key)) == NULL)
+   {
+-    global = (_mxml_global_t *)calloc(1, sizeof(_mxml_global_t));
+    global = (_mxml_global_t *)global_calloc(1, sizeof(_mxml_global_t));
+     pthread_setspecific(_mxml_key, global);
+ 
+     global->num_entity_cbs = 1;
+@@ -288,7 +312,7 @@ _mxml_global(void)
+ 
+   if ((global = (_mxml_global_t *)TlsGetValue(_mxml_tls_index)) == NULL)
+   {
+-    global = (_mxml_global_t *)calloc(1, sizeof(_mxml_global_t));
+    global = (_mxml_global_t *)global_calloc(1, sizeof(_mxml_global_t));
+ 
+     global->num_entity_cbs = 1;
+     global->entity_cbs[0]  = _mxml_entity_cb;
+diff --git a/mxml-private.h b/mxml-private.h
+index c591208..72ed338 100644
+--- a/mxml-private.h
+++ b/mxml-private.h
+@@ -43,3 +43,4 @@ typedef struct _mxml_global_s
+ extern _mxml_global_t	*_mxml_global(void);
+ extern int		_mxml_entity_cb(const char *name);
+ 
+extern void global_free(void *m);
--- a/libtrace/Makefile
+++ b/libtrace/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libtrace
-PKG_VERSION:=3.0.23
+PKG_VERSION:=3.0.22
 PKG_RELEASE:=1

 PKG_SOURCE_PROTO:=git
@@ -72,11 +72,11 @@ endef

 define Package/libtrace/install    
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libtrace.so.* $(1)/usr/lib/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwandio.so.* $(1)/usr/lib/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump.so.* $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libtrace.so.* $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libwandio.so.* $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump.so.* $(1)/usr/lib/
 	$(INSTALL_DIR) $(1)/usr/lib/libpacketdump
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump/*.so* $(1)/usr/lib/libpacketdump/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libpacketdump/*.so* $(1)/usr/lib/libpacketdump/
 endef

 define Package/libtrace-tools/install    
--- a/map-agent/Config.in
+++ b/map-agent/Config.in
@@ -1,34 +0,0 @@
-if (PACKAGE_map-agent)
-
-menu "Configurations"
-
-config AGENT_SYNC_DYNAMIC_CNTLR_CONFIG
-	bool "Support Dynamic Controller configuration sync"
-	default y if MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG
-
-config AGENT_ISLAND_PREVENTION
-	bool "Support Island Prevention"
-	default y if MULTIAP_AGENT_ISLAND_PREVENTION
-
-config AGENT_EASYMESH_R2_CERT
-	bool "Compile for WFA test bed"
-
-
-config AGENT_EASYMESH_VENDOR_EXT
-	bool "Enable extra features through Easymesh vendor extension"
-	default y
-
-config AGENT_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	string
-	default "\\\\x11\\\\x22\\\\x33"
-
-config AGENT_EASYMESH_VENDOR_EXT_OUI
-	string "Vendor OUI in '\\\\xAB\\\\xCD\\\\xEF' format"
-	default AGENT_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	help
-	Extra features not covered by the base Easymesh specification can be
-	enabled through AGENT_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
-	through which such features would be exposed.
-
-endmenu
-endif
--- a/map-agent/Makefile
+++ b/map-agent/Makefile
@@ -1,25 +1,24 @@
 #
-# Copyright (C) 2020-22 IOPSYS Software Solutions AB
+# Copyright (C) 2020-21 IOPSYS Software Solutions AB
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-agent
-PKG_VERSION:=2.10.2.2
+PKG_VERSION:=5.0.1
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=4ed3f9bf0743086a85e1b7cf49c47eb49ab05015
+PKG_SOURCE_VERSION:=9dd2e8f541a48037d3cff10052cccee287b800a8
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>

-PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE:=PROPRIETARY IOPSYS
 PKG_LICENSE_FILES:=LICENSE

-LOCAL_DEV=0
-ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/map-agent
+PKG_SOURCE_URL:=git@dev.iopsys.eu:iopsys/map-agent.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
-endif
+
+PKG_BUILD_DEPENDS:=map-plugin

 include $(INCLUDE_DIR)/package.mk

@@ -28,29 +27,15 @@ define Package/map-agent
  CATEGORY:=Utilities
  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
  DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
-	  +map-plugin +ip-bridge
+	  +map-plugin
 endef

-
-define Package/dynbhd
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=Dynamic Backhaul Daemon
-  DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
-	  +map-plugin +map-agent
-endef
-
-
 define Package/map-agent/description
 This package implements EasyMesh R2 compliant WiFi Agent.
 endef

-define Package/dynbhd/description
- Dyanmic LAN/WAN port detection and loop avoidance.
-endef
-
 define Package/map-agent/config
-	source "$(SOURCE)/Config.in"
+	#source "$(SOURCE)/Config.in"
 endef

 TARGET_CFLAGS += \
@@ -58,24 +43,6 @@ TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include/libnl3 \
 	-D_GNU_SOURCE

-ifeq ($(CONFIG_AGENT_SYNC_DYNAMIC_CNTLR_CONFIG),y)
-TARGET_CFLAGS += -DAGENT_SYNC_DYNAMIC_CNTLR_CONFIG
-endif
-
-ifeq ($(CONFIG_AGENT_ISLAND_PREVENTION),y)
-TARGET_CFLAGS += -DAGENT_ISLAND_PREVENTION
-endif
-
-ifeq ($(CONFIG_AGENT_EASYMESH_R2_CERT),y)
-TARGET_CFLAGS += -DEASYMESH_R2_CERT
-endif
-
-ifeq ($(CONFIG_AGENT_EASYMESH_VENDOR_EXT),y)
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=\\\"$(CONFIG_AGENT_EASYMESH_VENDOR_EXT_OUI)\\\"
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
-endif
-
-
 MAKE_PATH:=src

 define Package/map-agent/install
@@ -86,21 +53,4 @@ define Package/map-agent/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mapagent $(1)/usr/sbin/
 endef

-define Package/dynbhd/install
-	$(INSTALL_DIR) $(1)/etc
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/lib/wifi/dynbhd
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/ethernet
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/dynbhd $(1)/usr/sbin/dynbhd
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/api $(1)/lib/wifi/dynbhd/api
-#	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/map-dynamic-backhaul $(1)/etc/hotplug.d/ethernet/map-dynamic-backhaul
-endef
-
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        rsync -r --exclude=.* ~/git/map-agent/ $(PKG_BUILD_DIR)/
-endef
-endif
-
 $(eval $(call BuildPackage,map-agent))
-$(eval $(call BuildPackage,dynbhd))
--- a/map-agent/files/etc/config/mapagent
+++ b/map-agent/files/etc/config/mapagent
@@ -1,134 +1,32 @@
 config agent 'agent'
 	option enabled '1'
-	option debug '0'
+	option debug '6'
 	option profile '2'
 	option al_bridge 'br-lan'
-	option netdev 'wlan'
-	option island_prevention '0'
-	option eth_onboards_wifi_bhs '0'
-	option ap_follow_sta_dfs '0'
-	option guest_isolation '0'
-#	option controller_macaddr '0a:1b:2c:3d:4e:50'

-config dynamic_backhaul
-	option missing_bh_timer '60'
-	option missing_bh_reconfig_timer '1800'
-
-config controller_select
-	option id 'auto'
-	option probe_int '20'
-	option retry_int '9'
-	option autostart '1'
-	option local '0'
-
-config radio
-	option device 'phy0'
-	option band '2'
-# options below are auto-generated during onboarding
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '70'
-#	option report_rcpi_threshold '80'
-#	option rcpi_hysteresis_margin '0'
-#	option report_util_threshold '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-config radio
-	option device 'phy1'
-	option band '5'
-# options below are auto-generated during onboarding
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '86'
-#	option report_rcpi_threshold '96'
-#	option rcpi_hysteresis_margin '0'
-#	option report_util_threshold '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-config bsta
-	option enabled '1'
-	option ifname 'wlan0'
-	option band '2'
-	option device 'phy0'
-	option priority '2'
-# options below are auto-generated during onboarding
-#	option ssid 'MAP-BH-2.4GHz'
-#	option encryption 'sae-mixed'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option onboarded '1'
-#	option bssid '0a:1b:2c:3d:4e:53'
-#	option vid '1'
-
-config bsta
-	option enabled '1'
-	option ifname 'wlan1'
-	option band '5'
-	option device 'phy1'
-	option priority '0'
-# options below are auto-generated during onboarding
-#	option ssid 'MAP-BH-5GHz'
-#	option encryption 'sae-mixed'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option onboarded '1'
-#	option bssid '0a:1b:2c:3d:4e:54'
-#	option vid '1'
-
-# ap sections and policy section are
-# auto-generated during onboarding
-#
-#config ap
-#	option enabled '1'
-#	option ifname 'wlan0-1'
+#config fh-iface
+#	option ifname 'wl0'
+#	option steer 'rssi bssload'
+#	list exclude '00:11:22:33:44:55'
+#	list exclude_btm '00:aa:bb:cc:dd:ee'
+#	list assoc_ctrl '00:10:20:30:40:50'
+#	option btm_retry '3'
+#	option btm_retry_secs '180'
+#	option fallback_legacy '1'
+#	option steer_legacy_reassoc_secs '30'
+#	option steer_legacy_retry_secs '3600'
+#	option assoc_ctrl_secs '30'
 #	option band '2'
-#	option device 'phy0'
-#	option type 'fronthaul'
-#	option ssid 'IOWRT-2.4GHz'
-#	option encryption 'sae-mixed+aes'
-#	option key '1234567890'
-#	option vid '1'

-#config ap
-#	option enabled '1'
-#	option ifname 'wlan0-2'
-#	option band '2'
-#	option device 'phy0'
-#	option type 'backhaul'
-#	option ssid 'MAP-BH-2.4GHz'
-#	option encryption 'sae+aes'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option disallow_bsta '0'
-#	option vid '1'
-
-#config ap
-#	option enabled '1'
-#	option ifname 'wlan1-1'
+#config fh-iface
+#	option ifname 'wl1'
+#	option steer 'rssi bssload'
+#	list exclude '00:11:22:33:44:55'
+#	list exclude_btm '00:aa:bb:cc:dd:ee'
 #	option band '5'
-#	option device 'phy1'
-#	option type 'fronthaul'
-#	option ssid 'IOWRT-5GHz'
-#	option encryption 'sae-mixed+aes'
-#	option key '1234567890'
-#	option vid '1'

-#config ap
+#config bk-iface
+#	option ifname 'apclii0'
 #	option enabled '1'
-#	option ifname 'wlan1-2'
-#	option band '5'
-#	option device 'phy1'
-#	option type 'backhaul'
-#	option ssid 'MAP-BH-5GHz'
-#	option encryption 'sae+aes'
-#	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
-#	option disallow_bsta '0'
-#	option vid '1'
-
-#config policy
-#	option report_interval '0'
-#	option pvid '1'
-#	option pcp_default '0'
-#	option report_scan '0'
-#	option report_sta_assocfails '0'
-#	option report_sta_assocfails_rate '0'
-
+#	option onboarded '0'
+#	option disallow_bsta '1		# bitmap, 1 for disallow p1, 2 to disallow p2, 3 to disallow both (probably never applicable)
--- a/map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul
+++ b/map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul
@@ -1,105 +0,0 @@
-#!/bin/sh
-
-. /lib/network/utils.sh
-
-conn_ports_file="/tmp/map.connected.ports"
-map_bh_file="/tmp/multiap.backhaul"
-al_bridge="$(uci -q get mapagent.agent.al_bridge)"
-[ "${al_bridge:0:3}" = "br-" ] || exit 0
-al_brnet="${al_bridge:3}"
-
-# Exit if the PORT is not member of the AL Bridge
-[ "$(get_network_of $PORT)" = "$al_brnet" ] || exit 0
-
-############## Dynamic Backhaul Daemon ##############
-if [ -n "$(which dynbhd)" ]; then
-	pidof dynbhd >/dev/null && exit 0 # dynbhd is managing the links
-
-	if [ ! -f $conn_ports_file ]; then
-		touch $conn_ports_file
-		if [ "$LINK" = "up" ]; then
-			touch $conn_ports_file
-			echo "$PORT" > $conn_ports_file
-			brctl delif $al_bridge $PORT
-			#ubus call network.interface.lan remove_device "{\"name\":\"$PORT\"}"
-		fi
-	else
-		if [ "$LINK" = "up" ]; then
-			brctl delif $al_bridge $PORT
-			echo "$PORT" >> $conn_ports_file
-			#ubus call network.interface.lan remove_device "{\"name\":\"$PORT\"}"
-		else
-			sed -i -E "/(^|:)${PORT}(:|$)/d" $conn_ports_file
-			#ubus call network.interface.lan add_device "{\"name\":\"$PORT\"}"
-			brctl addif $al_bridge $PORT
-			[ "$(cat $conn_ports_file | wc -c)" = "0" ] && rm -f $conn_ports_file
-		fi
-	fi
-
-	exit 0
-fi
-########################################################
-
-################ Dedicated ETH WAN Port ################
-wanport="$(db -q get hw.board.ethernetWanPort)"
-if [ -n "$wanport" ]; then
-	[ "$wanport" = "$PORT" ] || exit 0
-########################################################
-else
-#################### DHCP Discovery ####################
-	[ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ] || exit 0
-
-	if [ "$LINK" = "up" ]; then
-		brctl delif $al_bridge $PORT
-
-		udhcpc -qnRoC -i $PORT >/dev/null 2>&1 && dhcp=1
-
-		brctl addif $al_bridge $PORT
-
-		[ $dhcp -eq 1 ] || exit 0
-	else
-		[ -f $map_bh_file ] || exit 0
-		cur_bh="$(cat $map_bh_file  | jsonfilter -e @.ifname)"
-		[ "$cur_bh" = "$PORT" ] || exit 0
-	fi
-########################################################
-fi
-
-remove_from_bridge() {
-	config_get ifname "$section" ifname
-	[ -n "$ifname" ] && ubus call network.interface.${al_brnet} remove_device '{"name":"$ifname"}'
-}
-
-update_bstas() {
-	section="$1"
-	action="$2"
-
-	config_get ifname "$section" ifname
-	config_get_bool enabled "$section" enabled 0
-
-	if [ "$action" = "down" ]; then
-		wpa_cli -i "$ifname" disconnect > /dev/null 2>&1
-		wpa_cli -i "$ifname" disable_network 0  > /dev/null 2>&1
-#		wpa_cli -i "$ifname" save_config  > /dev/null 2>&1
-	elif [ "$action" = "up" ]; then
-		[ "$enabled" -eq 0 ] && return
-		wpa_cli -i "$ifname" reconnect > /dev/null 2>&1
-		wpa_cli -i "$ifname" enable_network 0  > /dev/null 2>&1
-#		wpa_cli -i "$ifname" save_config  > /dev/null 2>&1
-	fi
-}
-
-if [ "$LINK" = "up" ]; then
-	#touch "$map_bh_file"
-	config_load "mapagent"
-	config_foreach remove_from_bridge bsta
-	config_foreach update_bstas bsta down
-
-	/lib/wifi/multiap set_uplink "eth" "$PORT"
-else
-	/lib/wifi/multiap unset_uplink "eth"
-	#rm -f "$map_bh_file"
-	config_load "mapagent"
-	config_foreach update_bstas bsta up
-
-fi
--- a/map-agent/files/etc/hotplug.d/ethernet/map-loop-detection
+++ b/map-agent/files/etc/hotplug.d/ethernet/map-loop-detection
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+wan=$(db -q get hw.board.ethernetWanPort)
+
+[ -z "$wan" ] && exit 1 # no configuration
+[ "$PORT" != "$wan" ] && exit 0
+
+update_bstas() {
+	local section="$1"
+	local action="$2"
+	local ifname onboarded
+
+	config_get ifname "$section" ifname
+	config_get_bool onboarded "$section" onboarded 0
+
+	[ "$onboarded" -eq 0 ] && return
+
+	wpa_cli -i "$ifname" "$action" > /dev/null 2>&1
+}
+
+if [ "$LINK" = "up" ]; then
+	touch /tmp/map.agent.bsta_global_disable
+	config_load "mapagent"
+	config_foreach update_bstas bk-iface disconnect
+else
+	rm -f /tmp/map.agent.bsta_global_disable
+	config_load "mapagent"
+	config_foreach update_bstas bk-iface reconnect
+fi
--- a/map-agent/files/etc/init.d/mapagent
+++ b/map-agent/files/etc/init.d/mapagent
@@ -5,174 +5,8 @@ STOP=20

 USE_PROCD=1

-IS_CFG_VALID=1
-
-MAP_DEV="map_dev"
-MAP_IF="map"
-
-
-start_dynbhd_service() {
-	rm -f /tmp/multiap.backhaul
-	procd_open_instance
-	procd_set_param command "/usr/sbin/dynbhd"
-	procd_set_param respawn
-#	procd_set_param stdout 1
-#	procd_set_param stderr 1
-	procd_close_instance
-}
-
-validate_agent_section() {
-	uci_validate_section mapagent agent "agent" \
-		'enabled:bool:true' \
-		'debug:range(0,16)' \
-		'profile:range(1,2):2' \
-		'brcm_setup:bool:false' \
-		'controller_macaddr:macaddr' \
-		'al_bridge:string' \
-		'netdev:string' \
-		'vlan_segregation:bool:false' \
-		'resend_num:uinteger:0' \
-		'dyn_cntlr_sync:bool:true' \
-		'island_prevention:bool:false' \
-		'eth_onboards_wifi_bhs:bool:false'
-
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapagent" "Validation of agent section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_cs_section() {
-	local section="$1"
-
-	uci_validate_section mapagent $section "${section}" \
-		'local:bool:false' \
-		'id:string' \
-		'probe_int:range(0,1000):20' \
-		'retry_int:range(0,255):3' \
-		'autostart:bool:false'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapagent" "Validation of controller_select section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_ap_section() {
-	local section="$1"
-
-	uci_validate_section mapagent $section "${1}" \
-			'ifname:string' \
-			'device:string' \
-			'band:or("2", "5")' \
-			'enabled:bool:true' \
-			'onboarded:bool:false' \
-			'ssid:string' \
-			'key:string' \
-			'encryption:string' \
-			'disallow_bsta_p1:bool:false' \
-			'disallow_bsta_p2:bool:false'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapagent" "Validation of ap section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_radio_section() {
-	local section="$1"
-
-	uci_validate_section mapagent $section "${1}" \
-			'device:string' \
-			'band:or("2", "5")' \
-			'configured:bool:false' \
-			'onboarded:bool:false' \
-			'dedicated_backhaul:bool:false' \
-			'steer_policy:range(0,255)' \
-			'util_threshold:range(0,255)' \
-			'rcpi_threshold:range(0,255)' \
-			'report_rcpi_threshold:range(0,255)' \
-			'include_sta_stats:bool:false' \
-			'include_sta_metric:bool:false' \
-			'rcpi_hysteresis_margin:range(0,255)' \
-			'report_util_threshold:range(0,255)' \
-			'encryption:or("sae", "psk2", "sae-mixed")'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapagent" "Validation of radio section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_policy_section() {
-	local section="$1"
-
-	uci_validate_section mapagent $section "${1}" \
-			'report_interval:range(0,255)' \
-			'pvid:uinteger' \
-			'report_interval:range(0,255)' \
-			'pcp_default:range(0,255)' \
-			'report_scan:bool' \
-			'report_sta_assocfails:bool' \
-			'report_sta_assocfails_rate:uinteger' \
-			'steer_exclude:list(macaddr)' \
-			'steer_exclude_btm:list(macaddr)' \
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapagent" "Validation of policy section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_dyn_bh_section() {
-	local section="$1"
-
-	uci_validate_section mapagent $section "${1}" \
-			'missing_bh_timer:range(1,255)'
-	uci_validate_section mapagent $section "${1}" \
-			'missing_bh_reconfig_timer:range(0,65535)'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapagent" "Validation of dynamic backhaul section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_agent_config() {
-	IS_CFG_VALID=1
-
-	validate_agent_section &&
-		config_foreach validate_cs_section controller_select &&
-		config_foreach validate_ap_section ap &&
-		config_foreach validate_radio_section radio &&
-		config_foreach validate_policy_section policy &&
-		config_foreach validate_dyn_bh_section dynamic_backhaul
-
-	[ "$IS_CFG_VALID" -ne 1 ] && {
-		logger -s -t "mapagent" "Validation of mapagent UCI file failed"
-		return 1
-	}
-	return 0
-}
-
 start_service() {
-	[ -f /usr/sbin/dynbhd ] && start_dynbhd_service
-
 	config_load "mapagent"
-	validate_agent_config || return 1;

 	ubus -t 5 wait_for wifi

@@ -183,7 +17,7 @@ start_service() {
 	[ "$enabled" -eq 0 ] && return 1

 	procd_open_instance
-	procd_set_param command "/usr/sbin/mapagent" "-d"
+        procd_set_param command "/usr/sbin/mapagent" "-d"
 	procd_set_param respawn
 #	procd_set_param stdout 1
 #	procd_set_param stderr 1
@@ -192,7 +26,7 @@ start_service() {

 service_triggers()
 {
-	procd_add_reload_trigger "mapagent"
+	procd_add_reload_trigger "ieee1905"
 }

 reload_service() {
--- a/map-agent/files/etc/uci-defaults/991-map-agent-unset-pvid
+++ b/map-agent/files/etc/uci-defaults/991-map-agent-unset-pvid
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-unset_pvid() {
-	local section=$1
-
-	uci -q set mapagent.${section}.pvid="0"
-}
-
-config_load mapagent
-
-config_foreach unset_pvid policy
--- a/map-agent/files/lib/wifi/multiap
+++ b/map-agent/files/lib/wifi/multiap
@@ -7,14 +7,8 @@
 # write_credentials - write bBSS credentials to fBSS

 . /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-. /lib/wifi/traffic_separation
-
-MAPFILE="/tmp/multiap.backhaul"

 diff=0
-onbrd_bssid=0
-onbrd_band=0

 usage() {
 	cat <<EOF
@@ -29,42 +23,12 @@ EOF
 	exit 1
 }

-
-type_to_multi_ap () {
-	type="$1"
-
-	if [ "$type" = "backhaul" ]; then
-		echo "1"
-		return
-	elif [ "$type" = "fronthaul" ]; then
-		echo "2"
-		return
-	elif [ "$type" = "combined" ]; then
-		echo "3"
-		return
-	fi
-
-	echo "0"
-}
-
-get_type_by_section() {
-	section="$1"
-
-	config_get type $section type "0"
-
-	echo "$(type_to_multi_ap $type)"
-}
-
-sync_credentials() {
+brcm_sync_credentials() {
 	bands=""
-	json_init
 	mapagent_process_fh() {
 		local section=$1
 		local dev=$2

-		multi_ap=$(get_type_by_section $section)
-		[ "$multi_ap" == "0" ] && return
-
 		config_get device $section device

 		[ "$dev" != "$device" ] && return
@@ -77,21 +41,10 @@ sync_credentials() {
 		section=$(uci add ieee1905 ap)
 		[ "$section" == "" ] && return

-		uci -q set ieee1905.${section}.band=$band
-		uci -q set ieee1905.${section}.ssid="$ssid"
-		uci -q set ieee1905.${section}.encryption=$encryption
-		uci -q set ieee1905.${section}.key="$key"
-		json_select "$band" > /dev/null
-		if [ "$?" = "0" ]; then
-			json_get_keys keys
-
-			for key in ${keys};
-			do
-				json_get_var val "$key"
-				uci -q set ieee1905.${section}.$key="$val"
-			done
-			json_select ..
-		fi
+		uci set ieee1905.${section}.band=$band
+		uci set ieee1905.${section}.ssid=$ssid
+		uci set ieee1905.${section}.encryption=$encryption
+		uci set ieee1905.${section}.key=$key
 	}

 	mapagent_process_radio() {
@@ -109,43 +62,12 @@ sync_credentials() {
 			fi
 		done

-		config_foreach mapagent_process_fh ap $device
+		config_foreach mapagent_process_fh fh-iface $device
 		bands="$bands $band"
 	}

 	ieee1905_del_ap() {
-		append_value() {
-			local section=$1
-			local key=$2
-			shift
-			shift
-
-			while [ "$key" != "" ]; do
-				val=$(uci -q get ieee1905.$section.$key)
-				[ "$val" = "" ] && {
-					key=$1
-					shift
-					continue
-				}
-				json_add_string "$key" ${val}
-				key=$1
-				shift
-			done
-		}
-
 		local section=$1
-		local band
-
-		config_get band $section band
-		json_select "$band" > /dev/null
-		rc=$?
-		[ "$rc" != "0" ] && json_add_object "$band"
-		append_value $section "manufacturer" "model_name" "device_name" "model_number" "serial_number" "device_type" "os_version"
-		if [ "$rc" != "0" ]; then
-			json_close_object
-		else
-			json_select ..
-		fi

 		uci -q delete ieee1905.${section}
 	}
@@ -154,21 +76,21 @@ sync_credentials() {
 	config_foreach ieee1905_del_ap ap

 	config_load mapagent
-	config_foreach mapagent_process_radio radio
+	config_foreach mapagent_process_radio wifi-radio

 	uci commit ieee1905
-	json_cleanup
 }

-write_credentials() {
+
+brcm_write_credentials() {
 	config_load mapagent

 	mapagent_apply_wireless() {
 		write_wireless() {
 			local section=$1
 			local map_ifname=$2
-			local bk_ssid="$3"
-			local bk_key="$4"
+			local bk_ssid=$3
+			local bk_key=$4

 			config_get ifname $section ifname

@@ -176,26 +98,24 @@ write_credentials() {

 			[ "$ifname" != "$map_ifname" ] && return

-			#echo applying bk_ssid = "$bk_ssid" bk_key = "$bk_key"
+			#echo applying bk_ssid = $bk_ssid bk_key = $bk_key

 			uci -q set wireless.${section}.multi_ap_backhaul_ssid="$bk_ssid"
 			uci -q set wireless.${section}.multi_ap_backhaul_key="$bk_key"
 		}
 		config_load wireless

-		config_foreach write_wireless wifi-iface "$1" "$2" "$3"
+		config_foreach write_wireless wifi-iface $1 $2 $3
 	}

 	mapagent_find_fbss() {
 		local section=$1
 		local dev=$2
-		local bk_ssid="$3"
-		local bk_key="$4"
-
-		multi_ap=$(get_type_by_section $section)
-		[ "$multi_ap" == "0" ] && return
+		local bk_ssid=$3
+		local bk_key=$4

 		config_get device $section device
+		config_get multi_ap $section multi_ap "0"

 		#echo found dev=$dev device=$device map=$multi_ap

@@ -204,34 +124,30 @@ write_credentials() {

 		config_get ifname $section ifname

-		#echo applying bk_ssid = "$bk_ssid" bk_key = "$bk_key"
+		#echo applying bk_ssid = $bk_ssid bk_key = $bk_key

 		# subshell in hopes to maintain mapagent config loaded
-		(mapagent_apply_wireless $ifname "$bk_ssid" "$bk_key")
+		$(mapagent_apply_wireless $ifname $bk_ssid $bk_key)
 	}

 	mapagent_find_bbss() {
 		local section=$1
 		local dev=$2

-		multi_ap=$(get_type_by_section $section)
-		[ "$multi_ap" == "0" ] && return
-
 		config_get device $section device
-		config_get enabled $section enabled "1"
+		config_get multi_ap $section multi_ap "0"

 		#echo found dev=$dev device=$device map=$multi_ap

-		[ "$enabled" == "0" ] && return
 		[ "$device" != "$dev" ] && return
 		[ "$multi_ap" != "1" ] && return

 		config_get ssid $1 ssid
 		config_get key $1 key

-		#echo found ssid="$ssid" key="$key"
+		#echo found ssid=$ssid key=$key

-		config_foreach mapagent_find_fbss ap $dev "$ssid" "$key"
+		config_foreach mapagent_find_fbss fh-iface $dev $ssid $key
 	}

 	mapagent_process_radio() {
@@ -241,38 +157,21 @@ write_credentials() {

 		#echo found dev=$dev

-		config_foreach mapagent_find_bbss ap $device
+		config_foreach mapagent_find_bbss fh-iface $device
 	}


-	config_foreach mapagent_process_radio radio
+	config_foreach mapagent_process_radio wifi-radio

 	uci commit wireless
 }

-set_network() {
-	local ifname=$1
-	local num=$2
-	local bssid=$3
-
-	wpa_cli -i $ifname set_n $num bssid $bssid
-}
-
 bsta_steer() {
 	local ifname=$1
 	local bssid=$2

-	rc=$(wpa_cli -i $ifname set_n 0 bssid $bssid)
-	[ "$rc" == "FAIL" ] && {
-		echo "1"
-		return;
-	}
-
-	rc=$(wpa_cli -i $ifname roam $bssid)
-	[ "$rc" == "FAIL" ] && {
-		echo "1"
-		return;
-	}
+	wpa_cli -i $ifname set_n 0 bssid $bssid
+	wpa_cli -i $ifname roam $bssid
 }

 write_bsta_config() {
@@ -280,7 +179,6 @@ write_bsta_config() {

 	#echo diff = $diff > /dev/console

-
 	config_load mapagent

 	mapagent_apply_wl_bsta() {
@@ -293,13 +191,7 @@ write_bsta_config() {

 			[ "$bsta" == "$ifname" ] || return
 			#echo setting diff = $diff > /dev/console
-			old_bssid="$(uci -q get wireless.${section}.bssid)"
-
-			[ "$old_bssid" == "$bssid" ] && break
-
-			uci -q set wireless.${section}.bssid=$bssid
-			wpa_cli -i "$bsta" set_n 0 bssid $bssid
-			wpa_cli -i "$bsta" save_config
+			uci set wireless.${section}.bssid=$bssid
 			echo 1
 		}
 		config_load wireless
@@ -312,7 +204,6 @@ write_bsta_config() {
 		local section=$1
 		local bsta=$2

-
 		config_get ifname $section ifname
 		#echo bsta = $bsta > /dev/console

@@ -320,625 +211,32 @@ write_bsta_config() {
 		#echo found ifname=$ifname > /dev/console

 		config_get bssid $section bssid
-		config_get band $section band
 		ret=$(mapagent_apply_wl_bsta $ifname $bssid)
-		[ "$ret" == "1" ] && {
-			diff=1
-			onbrd_bssid=$bssid
-			onbrd_band=$band
-		}
+		[ "$ret" == "1" ] && diff=1
 	}

-	mapagent_apply_bssid_same_band() {
-		apply_config() {
-			local section=$1
-			local bsta=$2

-			config_get ifname $section ifname
-
-			[ "$bsta" == "$ifname" ] || return
-			uci -q set wireless.${section}.bssid=$bssid
-		}
-
-		config_get band $1 band
-		config_get onboarded $1 onboarded "0"
-
-		[ "$onbrd_band" != "$band" -o "$onboarded" = "1" ] && return
-
-		config_get ifname $1 ifname
-
-		config_load wireless
-		config_foreach apply_config wifi-iface $ifname $onbrd_bssid
-		uci commit wireless
-	}
-
-	config_foreach mapagent_process_bk bsta $ifname
+	config_foreach mapagent_process_bk bk-iface $ifname

 	#echo result diff = $diff > /dev/console
 	[ "$diff" == "1" ] && {
-		(config_foreach mapagent_apply_bssid_same_band bsta)
-		#ubus call uci commit '{"config":"wireless"}'
+		ubus call uci commit '{"config":"wireless"}'
 		#echo reloading wireless > /dev/console
 	}

 }

-teardown_iface() {
-	config_load mapagent
-
-	local iface=$1
-
-	mapagent_teardown_wireless() {
-		write_wireless() {
-			local section=$1
-			local map_ifname=$2
-
-			config_get ifname $section ifname
-
-			[ "$ifname" != "$map_ifname" ] && return
-
-			uci -q set wireless.${section}.disabled="1"
-			uci -q set wireless.${section}.ssid="DISABLED-SSID"
-			uci -q set wireless.${section}.key="DISABLED-KEY"
-			uci -q delete wireless.${section}.multi_ap_backhaul_ssid
-			uci -q delete wireless.${section}.multi_ap_backhaul_key
-		}
-
-		config_load wireless
-
-		config_foreach write_wireless wifi-iface $1
-	}
-
-	mapagent_teardown_bss() {
-		local section=$1
-		local iface=$2
-
-		multi_ap=$(get_type_by_section $section)
-		[ "$multi_ap" == "0" ] && return
-
-		config_get ifname $section ifname
-
-		[ "$iface" != "$ifname" ] && return
-
-		config_get ifname $section ifname
-		uci -q set mapagent.${section}.enabled="0"
-		uci -q set mapagent.${section}.ssid="DISABLED-SSID"
-		uci -q set mapagent.${section}.key="DISABLED-KEY"
-		uci -q del mapagent.${section}.vid
-
-		# subshell in hopes to maintain mapagent config loaded
-		(mapagent_teardown_wireless $ifname)
-	}
-
-
-	config_foreach mapagent_teardown_bss ap $iface
-
-	uci commit wireless
-	uci commit mapagent
-}
-
-bsta_to_wireless() {
-	config_load mapagent
-
-	mapagent_find_lowest_prio_onboarded() {
-		mapagent_process_bk() {
-			config_get priority $1 priority "2"
-			config_get onboarded $1 onboarded "0"
-
-			[ "$onboarded" = "0" ] && return
-
-			if [ -z "$sec" -o "$prio" = "-1" -o "$priority" -lt "$prio" ]; then
-				sec=$1
-				prio=$priority
-			fi
-		}
-
-		local sec=""
-		local prio="-1"
-
-		config_foreach mapagent_process_bk bsta
-		echo $sec
-	}
-
-	mapagent_enable_best() {
-		#echo 1=$1 best=$best > /dev/console
-		if [ "$1" = "$best" ]; then
-			uci -q set mapagent.$1.enabled='1'
-		else
-			uci -q set mapagent.$1.enabled='0'
-		fi
-	}
-
-	mapagent_bsta_to_wireless() {
-		mapagent_apply_wl_bsta() {
-			apply_config() {
-				local section=$1
-				local bsta=$2
-				local ssid="$3"
-				local key="$4"
-				local encryption=$5
-				local enabled=$6
-				local bssid=$7
-				local disabled="0"
-
-				config_get ifname $section ifname
-
-				[ -z "$enabled" -o "$enabled" = "0" ] && disabled="1"
-
-				[ "$bsta" == "$ifname" ] || return
-
-				uci -q set wireless.${section}.ssid="$ssid"
-				uci -q set wireless.${section}.key="$key"
-				uci -q set wireless.${section}.encryption=$encryption
-				uci -q set wireless.${section}.bssid="$bssid"
-				uci -q set wireless.${section}.default_disabled='0'
-
-				[ "$disabled" != "1" ] && return
-				wpa_cli -i "$bsta" disconnect > /dev/null 2>&1
-				wpa_cli -i "$bsta" disable_network 0 > /dev/null 2>&1
-				wpa_cli -i "$bsta" save_config > /dev/null 2>&1
-
-				echo 1
-			}
-
-			config_load wireless
-
-			config_foreach apply_config wifi-iface $@
-			uci commit wireless
-		}
-
-		mapagent_find_other_creds() {
-			#echo "trying to find other creds for $2" > /dev/console
-			local other_section="$2"
-
-			config_get band $1 band
-			config_get onboarded $1 onboarded "0"
-
-			[ "$4" != "$band" -o "$onboarded" = "0" ] && return
-
-			config_get ssid $1 ssid
-			config_get key $1 key
-			config_get encryption $1 encryption
-			config_get enabled $1 enabled "0"
-			config_get bssid $1 bssid
-
-			uci -q set mapagent.${other_section}.ssid="$ssid"
-			uci -q set mapagent.${other_section}.key="$key"
-			uci -q set mapagent.${other_section}.encryption=$encryption
-			uci -q set mapagent.${other_section}.bssid="$bssid"
-			uci commit mapagent
-			(mapagent_apply_wl_bsta "$3" "$ssid" "$key" $encryption "$5" "$bssid")
-		}
-
-		config_get band $1 band
-		config_get ifname $1 ifname
-		config_get onboarded $1 onboarded "0"
-		config_get enabled $1 enabled "0"
-
-		if [ "$onboarded" = "0" ]; then
-			config_foreach mapagent_find_other_creds bsta $1 $ifname $band $enabled
-		else
-			config_get ssid $1 ssid
-			config_get key $1 key
-			config_get encryption $1 encryption
-			config_get bssid $1 bssid
-
-			(mapagent_apply_wl_bsta $ifname "$ssid" "$key" $encryption $enabled "$bssid")
-		fi
-	}
-
-#	best=$(mapagent_find_lowest_prio_onboarded)
-#
-#	[ -z "$best" ] && return
-#
-#	band=$1
-#	sec=""
-#	prio=""
-#
-#	config_foreach mapagent_enable_best bsta $best
-#	uci commit mapagent
-	config_load mapagent
-
-	diff=$(config_foreach mapagent_bsta_to_wireless bsta)
-
-#	[ "$diff" != "" ] && {
-
-		ubus call uci commit '{"config":"wireless"}'
-#	}
-}
-
-
-sync_mapcontroller_from_wireless() {
-	ubus -t 5 wait_for wifi
-	[ "$?" != "0" ] && return
-
-	[ ! -f "/etc/config/wireless" ] && return
-
-	status=$(ubus -S call wifi status)
-
-	device_to_band() {
-		local ifname=$1
-		json_load "$status"
-		json_select "radios"
-		json_get_keys keys
-
-		for key in $keys; do
-			json_select $key
-			json_get_var name name
-
-			if [ "$name" != "$ifname" ]; then
-				json_select ..
-				continue
-			fi
-
-			json_get_var band band
-
-			if [ "$band" == "5GHz" ]; then
-				echo "5"
-			elif [ "$band" == "2.4GHz" ]; then
-				echo "2"
-			fi
-
-			break
-		done
-
-		json_cleanup
-	}
-
-	wireless_process_iface() {
-		local section=$1
-		local type="ap"
-		local enabled="1"
-
-		config_get multi_ap $section multi_ap 0
-		[ "$multi_ap" != "1" ] && [ "$multi_ap" != "2" ] && return
-
-		config_get mode $section mode "ap"
-		[ "$mode" != "ap" ] && return
-
-		config_get device $section device
-		band=$(device_to_band $device)
-		[ "$band" == "" ] && return
-
-		config_get ssid $section ssid
-		config_get key $section key
-		config_get encryption $section encryption
-		config_get start_disabled $section start_disabled "0"
-		config_get network $section network
-
-
-		cntlr_section=$(uci add mapcontroller ${type})
-		uci -q set mapcontroller.${cntlr_section}.ssid="$ssid"
-		uci -q set mapcontroller.${cntlr_section}.key="$key"
-		uci -q set mapcontroller.${cntlr_section}.encryption="$encryption"
-		uci -q set mapcontroller.${cntlr_section}.band="$band"
-		uci -q set mapcontroller.${cntlr_section}.vid="1"
-		uci -q set mapcontroller.${cntlr_section}.network="$network"
-
-		[ "$multi_ap" == "1" ] && map_type="backhaul" || map_type="fronthaul"
-		uci -q set mapcontroller.${cntlr_section}.type="$map_type"
-
-		[ "$start_disabled" == "1" ] && enabled="0"
-		uci -q set mapcontroller.${cntlr_section}.enabled="$enabled"
-	}
-
-	mapcontroller_teardown() {
-		local section=$1
-
-		uci delete mapcontroller.$1
-	}
-
-	config_load mapcontroller
-	config_foreach mapcontroller_teardown ap
-
-	config_load wireless
-	config_foreach wireless_process_iface wifi-iface
-	uci commit mapcontroller
-}
-
-bsta_scan_on_enabled() {
-	local onboarded_bands=""
-
-	mapagent_onboarded_bands() {
-		config_get band $1 band
-		config_get onboarded $1 onboarded "0"
-
-		[ "$onboarded" = "0" ] && return
-
-		onboarded_bands="$onboarded_bands $band"
-	}
-
-	mapagent_enable_bk() {
-		config_get ifname $1 ifname
-		config_get band $1 band
-		config_get enabled $1 enabled
-
-		[ "$enabled" = "0" ] && return
-
-		for onboarded_band in $onboarded_bands
-		do
-			[ "$onboarded_band" != "$band" ] && continue
-
-			logger -t multiap "bsta_scan_on_enabled $ifname $band"
-			wpa_cli -i "$ifname" enable_network 0 > /dev/null 2>&1
-			wpa_cli -i "$ifname" reconnect > /dev/null 2>&1
-			wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-		done
-	}
-
-	config_load mapagent
-	config_foreach mapagent_onboarded_bands bsta
-	config_foreach mapagent_enable_bk bsta
-}
-
-bsta_enable_all() {
-	mapagent_enable_bk() {
-		config_get ifname $1 ifname
-		uci -q set mapagent.$1.enabled="1"
-	}
-
-	config_load mapagent
-
-	config_foreach mapagent_enable_bk bsta
-	uci commit mapagent
-	bsta_scan_on_enabled
-}
-
-# arg = one interface to clear
-# no arg = clear all interfaces
-bsta_clear_bssid() {
-	local iface=$1
-
-	mapagent_remove_bssid() {
-		local iface=$2
-
-		config_get ifname $1 ifname
-
-		[ -n "$iface" -a "$iface" != "$ifname" ] && return
-
-		uci -q set mapagent.$1.enabled="1"
-		uci -q del mapagent.$1.bssid
-	}
-
-	wireless_remove_bssid() {
-		local iface=$2
-
-		config_get mode $1 mode
-		config_get ifname $1 ifname
-
-		[ "$mode" != "sta" ] && return
-
-		[ -n "$iface" -a "$iface" != "$ifname" ] && return
-
-		uci -q del wireless.$1.bssid
-		wpa_cli -i "$ifname" bssid 0 00:00:00:00:00:00 > /dev/null 2>&1
-		wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-	}
-
-	config_load mapagent
-	config_foreach mapagent_remove_bssid bsta $iface
-	uci commit mapagent
-
-	config_load wireless
-	config_foreach wireless_remove_bssid wifi-iface $iface
-	uci commit wireless
-}
-
-# arg1 = ifname arg2 = bssid
-bsta_blacklist_bssid_set() {
-	local ifname="$1"
-	shift
-	local bssid="$@"
-
-	wpa_cli -i "$ifname" set_network 0 bssid_ignore "$bssid" > /dev/null 2>&1
-	wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-}
-
-bsta_blacklist_bssid_clear() {
-	mapagent_blacklist_by_band() {
-		config_get ifname $1 ifname
-
-		wpa_cli -i "$ifname" set_network 0 bssid_ignore "" > /dev/null 2>&1
-		wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-	}
-
-	config_load mapagent
-	config_foreach mapagent_blacklist_by_band bsta
-}
-
-bsta_disable_lower_priority() {
-	config_load mapagent
-
-	mapagent_get_priority() {
-		config_get ifname $1 ifname
-
-		[ "$ifname" != "$2" ] && return
-
-		config_get priority $1 priority "2"
-
-		echo "$priority"
-	}
-
-	mapagent_disable_lower_bk() {
-		mapagent_apply_wl_bsta() {
-			apply_config() {
-				local section="$1"
-				local bsta="$2"
-				local enabled="$3"
-
-				config_get ifname $section ifname
-
-				[ "$bsta" == "$ifname" ] || return
-
-				[ "$enabled" != "0" ] && return
-
-				wpa_cli -i "$ifname" disconnect > /dev/null 2>&1
-				wpa_cli -i "$ifname" disable_network 0 > /dev/null 2>&1
-				wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-			}
-			local ifname="$1"
-			local enabled="$2"
-
-			[ "$enabled" != "0" ] && return
-
-			config_load wireless
-
-			config_foreach apply_config wifi-iface $ifname $enabled
-		}
-
-		local enabled="1"
-
-		config_get ifname $1 ifname
-		config_get priority $1 priority
-
-		[ "$ifname" != "$2" -a "$priority" -gt "$3" ] && enabled="0"
-
-		# enable passed ifname explicitly
-		# don't explicitly enable other higher prio interfaces
-		[ "$ifname" != "$2" -a "$enabled" = "1" ] && return
-
-		uci -q set mapagent.$1.enabled="$enabled"
-
-		(mapagent_apply_wl_bsta $ifname $enabled) > /dev/null
-	}
-
-	local bsta=$1
-
-	prio=$(config_foreach mapagent_get_priority bsta $bsta)
-	#echo bsta $bsta has prio $prio > /dev/console
-
-	config_foreach mapagent_disable_lower_bk bsta $bsta $prio
-	uci commit mapagent
-
-#	ubus call uci commit '{"config":"wireless"}'
-}
-
-
-bsta_use_link() {
-	config_load mapagent
-
-	mapagent_disable_bk() {
-		local bsta="$2"
-
-		config_get ifname $1 ifname
-		config_get enabled $1 enabled
-
-		[ "$bsta" = "$ifname" ] && return
-
-		wpa_cli -i "$ifname" disconnect > /dev/null 2>&1
-		wpa_cli -i "$ifname" disable_network 0 > /dev/null 2>&1
-		wpa_cli -i "$ifname" save_config > /dev/null 2>&1
-	}
-
-	local bsta=$1
-
-	config_foreach mapagent_disable_bk bsta $bsta
-
-	noht=$(iw $bsta info | grep "no HT")
-	[ -n "$noht" ] &&  {
-		logger -t multiap "no HT hit, issue reassoc $bsta"
-		wpa_cli -i $bsta reassoc
-	}
-}
-
-bsta_swap_to_link() {
-	bsta_disable_lower_priority $1
-	bsta_use_link $1
-
-	wpa_cli -i "$1" enable_network 0 > /dev/null
-	wpa_cli -i "$1" reconnect > /dev/null
-	wpa_cli -i "$1" save_config > /dev/null
-}
-
-set_uplink_backhaul_info() {
-	local ul_1905id=$1
-	local ul_mac=$2
-
-	(
-		flock -x 200
-		json_load "$(cat $MAPFILE)"
-		json_add_string "backhaul_device_id" "$ul_1905id"
-		json_add_string "backhaul_macddr" "$ul_mac"
-		json_dump > "$MAPFILE"
-		json_cleanup
-	) 200>/var/lock/map.backhaul.lock
-}
-
-set_uplink() {
-	local type=$1
-	local ifname=$2
-	local hwaddr
-
-	hwaddr="$(ifconfig $ifname | grep -i hwaddr | awk '{print $5}' | awk '{print tolower($0)}')"
-
-	json_init
-	json_add_string "type" "$type"
-	json_add_string "ifname" "$ifname"
-	json_add_string "macaddr" "$hwaddr"
-	(
-		flock -x 200
-		json_dump > "$MAPFILE"
-	) 200>/var/lock/map.backhaul.lock
-	json_cleanup
-
-	config_load mapagent
-
-	island_prevention="$(uci -q get mapagent.agent.island_prevention)"
-
-	if [ "$island_prevention" = "1" -a "$type" = "eth" ]; then
-		ubus call map.agent toggle_fh '{"enable":true, "prevent_island":true, "ifname":"all"}'
-	fi
-
-}
-
-unset_uplink() {
-	local type=${1:-wifi}
-
-	config_load mapagent
-
-	island_prevention="$(uci -q get mapagent.agent.island_prevention)"
-
-	if [ "$island_prevention" = "1" -a "$type" = "eth" ]; then
-		ubus call map.agent toggle_fh '{"enable":false, "prevent_island":true, "ifname":"all"}'
-	fi
-
-	(
-		flock -x 200
-		json_load "$(cat $MAPFILE)"
-		json_get_var bk_type type
-		json_cleanup
-
-		[ "$type" = "$bk_type" ] && rm -f "$MAPFILE" > /dev/null 2>&1
-	) 200>/var/lock/map.backhaul.lock
-}
-
 func=$1
 shift

 case "$func" in
-	wireless_teardown) wireless_teardown;;
-	setup_network) setup_network;;
-	setup_wireless) setup_wireless;;
-	write_credentials) write_credentials;;
-	sync_credentials) sync_credentials;;
+	wireless_teardown) brcm_wireless_teardown;;
+	setup_network) brcm_setup_network;;
+	setup_wireless) brcm_setup_wireless;;
+	write_credentials) brcm_write_credentials;;
+	sync_credentials) brcm_sync_credentials;;
 	bsta_steer) bsta_steer $@;;
-	set_network) set_network $@;;
 	write_bsta_config) write_bsta_config $@;;
-	teardown_iface) teardown_iface $@;;
-	bsta_to_wireless) bsta_to_wireless $@;;
-	sync_mapcontroller_from_wireless) sync_mapcontroller_from_wireless $@;;
-	ts) ts_sub $@;;
-	bsta_enable_all) bsta_enable_all $@;;
-	bsta_clear_bssid) bsta_clear_bssid $@;;
-	bsta_blacklist_bssid_set) bsta_blacklist_bssid_set $@;;
-	bsta_blacklist_bssid_clear) bsta_blacklist_bssid_clear $@;;
-	bsta_disable_lower_priority) bsta_disable_lower_priority $@;;
-	bsta_scan_on_enabled) bsta_scan_on_enabled $@;;
-	bsta_use_link) bsta_use_link $@;;
-	bsta_swap_to_link) bsta_swap_to_link $@;;
-	set_uplink) set_uplink $@;;
-	set_uplink_backhaul_info) set_uplink_backhaul_info $@;;
-	unset_uplink) unset_uplink $@;;
 	--help|help) usage;;
 	*) usage; exit 1;;
 esac
--- a/map-agent/files/lib/wifi/traffic_separation
+++ b/map-agent/files/lib/wifi/traffic_separation
@@ -1,460 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-AL_BRIDGE=${AL_BRIDGE-"br-lan"}
-PRIMARY_VID=${PRIMARY_VID-1}
-
-### Traffic Separation ###
-
-dbg() {
-	logger -t traffic_separation $@
-}
-
-ts_sub() {
-	ts_usage() {
-		cat <<EOF
-Usage: $0 [create|reload]
-Traffic Separation related functions.
-create vid - create vlan configuration with vlan_id
-reload     - reload network with new configuration
-EOF
-	exit 1
-	}
-
-	ts_create() {
-		_dhcp_setup() {
-			local name=$1
-
-			[ -n "$(uci -q get dhcp.${name})" ] && return
-
-			uci -q set dhcp.${name}=dhcp
-			uci -q set dhcp.${name}.interface="${name}"
-			uci -q set dhcp.${name}.start="100"
-			uci -q set dhcp.${name}.limit="150"
-			uci -q set dhcp.${name}.leasetime="1h"
-			uci -q set dhcp.${name}.dhcpv4="server"
-			uci -q set dhcp.${name}.dhcpv6="server"
-			uci -q set dhcp.${name}.ra="server"
-			uci -q set dhcp.${name}.ra_slaac="1"
-			uci -q add_list dhcp.${name}.ra_flags="managed-config"
-			uci -q add_list dhcp.${name}.ra_flags="other-config"
-
-			uci -q commit dhcp
-		}
-
-		_firewall_setup() {
-			local name=$1
-			local network=$1
-			local vid=$2
-			local zone_exist=0
-
-			config_load firewall
-
-			_process_zone() {
-				local section=$1
-				local new_name=$2
-				local name
-
-				config_get name $section name
-
-				[ "$name" == "$new_name" ] && zone_exist=1
-			}
-
-			config_foreach _process_zone zone $name
-
-			[ "$zone_exist" != "0" ] && return
-
-			uci -q add firewall zone
-			uci -q set firewall.@zone[-1].name="$name"
-			uci -q add_list firewall.@zone[-1].network="$network"
-			uci -q set firewall.@zone[-1].input='ACCEPT'
-			uci -q set firewall.@zone[-1].output='ACCEPT'
-			uci -q set firewall.@zone[-1].forward='ACCEPT'
-
-			uci -q add firewall forwarding
-			uci -q set firewall.@forwarding[-1].src="$name"
-			uci -q set firewall.@forwarding[-1].dest="wan"
-
-			uci -q commit firewall
-		}
-
-		_guest_net_setup() {
-			local vid=$1
-			local name="guest${vid}"
-			local dev="guest_dev${vid}"
-			local br_guest="br-guest${vid}"
-			local peer="guest_peer${vid}"
-			local ip_addr="192.168.${vid}.1"
-			local br_dev="${AL_BRIDGE/-/_}"
-
-			[ "${vid}" = "${PRIMARY_VID}" ] && return
-
-			ip link show $dev 2> /dev/null || {
-				ip link add $dev type veth peer name $peer
-			}
-
-			ip link set $dev up
-			ip link set $port_dev up
-
-			[ -z "$(uci -q get network.${name})" ] || return
-
-			uci -q set network.${name}="interface"
-			uci -q set network.${name}.device="${br_guest}"
-			uci -q set network.${name}.is_lan="1"
-			uci -q set network.${name}.proto="static"
-			uci -q set network.${name}.ipaddr="${ip_addr}"
-			uci -q set network.${name}.netmask="255.255.255.0"
-			uci -q set network.${name}.ip6assign '60'
-
-			uci -q set network.br_${name}="device"
-			uci -q set network.br_${name}.name="${br_guest}"
-			uci -q set network.br_${name}.type="bridge"
-
-			if [ -z $(uci -q get network.${br_dev}.ports | grep -w ${dev}) ]; then
-				uci -q add_list network.${br_dev}.ports="${dev}"
-			fi
-
-			if [ -z $(uci -q get network.br_${name}.ports | grep -w ${peer}) ]; then
-				uci -q add_list network.br_${name}.ports="${peer}"
-			fi
-
-			if [ -z $(uci -q get network.vlan${vid}.ports | grep -w ${dev}) ]; then
-				uci -q add_list network.vlan${vid}.ports="${dev}:*"
-			fi
-
-			uci -q commit network
-		}
-
-		_net_setup() {
-			local vid=$1
-			local layer3=$2
-			local name="vlan${vid}"
-			local br_dev="${AL_BRIDGE/-/_}"
-			local tag=":t"
-			local self_flags="untagged"
-			local brvid_local="1"
-
-			[ -z "$(uci -q get network.${name})" ] || return
-
-			uci -q set network.${name}="bridge-vlan"
-			uci -q set network.${name}.name="${name}"
-			uci -q set network.${name}.device="$AL_BRIDGE"
-			uci -q set network.${name}.vlan="$vid"
-
-			if [ "${vid}" = "${PRIMARY_VID}" ]; then
-				self_flags="untagged pvid"
-				tag=":*"
-			elif [ -x "/usr/sbin/mapcontroller" -a "$layer3" = "1" ]; then
-				brvid_local="0"
-			fi
-
-			uci -q set network.${name}.flags="${self_flags}"
-			uci -q set network.${name}.local="${brvid_local}"
-
-			for port in $(uci -q get network.${br_dev}.ports) ; do
-				if [ -x "/usr/sbin/mapcontroller" -a "$layer3" = "1" ]; then
-					echo $port | grep "guest" && continue
-				fi
-				uci -q get network.${name}.ports | grep -q "${port}${tag}" && continue
-				uci -q add_list network.${name}.ports="${port}${tag}"
-			done
-
-			uci -q commit network
-		}
-		local layer3=$(uci -q get mapagent.agent.layer3_ts)
-
-		vid=$1
-
-		[ -n "$vid" ] || {
-			cat <<EOF
-VID required to configure.
-EOF
-			exit 1
-		}
-
-		_net_setup ${vid} ${layer3}
-
-                logger -t vlan "setup ts vid $vid"
-		[ -x "/usr/sbin/mapcontroller" -a "$layer3" = "1" ] && {
-			_dhcp_setup guest${vid}
-			_firewall_setup guest${vid} ${vid}
-			_guest_net_setup ${vid}
-
-		}
-
-                # Disable pktfwd here and flush FlowCache rules
-                echo 0 > /proc/pktfwd_dhd/enable
-                echo 0 > /proc/pktfwd_wl/enable
-                fcctl flush
-	}
-
-	ts_reload() {
-		# TODO check it again
-		local dhcp_reload=$1
-		restart=""
-
-		bridge_verify_vid_mapping() {
-			local section=$1
-
-			check_port_vid() {
-				local port="$1"
-				local vlan="$2"
-
-				added=$(bridge vlan show dev $port | grep -w "$vlan")
-				if [ "$added" = "" ]; then
-					restart="1"
-					break
-				fi
-			}
-
-			config_get vlan "$section" vlan "0"
-
-			[ "$vlan" = "0" ] && continue
-
-			config_list_foreach "$section" "ports" check_port_vid "$vlan"
-			[ "$restart" = "1" ] && break
-		}
-
-
-
-		config_load network
-		config_foreach bridge_verify_vid_mapping bridge-vlan
-
-
-		[ -n "dhcp_reload" ] && /etc/init.d/dnsmasq reload
-		if [ "$restart" = "1" ]; then
-			dbg "trigger network restart"
-			/etc/init.d/network restart
-		else
-			ubus call uci commit '{"config":"network"}'
-		fi
-		/etc/init.d/firewall reload
-
-
-		#for sink in $(ubus list network.interface.sink*) ; do
-		#	local sink_vlan=${sink/network.interface./}_vlan
-		#done
-	}
-
-	# maintain VIDs passed as args in network config, remove rest
-	ts_keep() {
-		local al_bridge=$(uci -q get mapagent.agent.al_bridge)
-		local layer3="$(uci -q get mapagent.agent.layer3_ts)"
-		restart=""
-
-		[ "$al_bridge" = "" ] && al_bridge="br-lan"
-
-
-		guest_teardown() {
-			local section=$1
-			local config=$2
-			local bridge=$3
-			local option=$4
-
-			config_get name "$section" "$option"
-
-			[ "$bridge" != "$name" ] && continue
-
-			uci -q delete ${config}.${section}
-		}
-
-		bridge_vlan_teardown() {
-			local section=$1
-			shift
-			local bridge=$1
-			shift
-			local layer3=$1
-			shift
-			local keep="$@"
-
-			config_get device "$section" device
-
-			[ "$bridge" != "$device" ] && continue
-
-			config_get vlan "$section" vlan
-
-			for i in $@; do
-				if [ "$i" -eq "$vlan" ] ; then
-					return
-				fi
-			done
-
-			#if layer3ts enabled
-			if [ -x "/usr/sbin/mapcontroller" -a "$layer3" = "1" ]; then
-				local br_guest="br-guest${vlan}"
-
-				config_load network
-				config_foreach guest_teardown device "network" $br_guest "name" $@ # could easier be replaced by uci ubus api and using match field
-				config_foreach guest_teardown interface "network" $br_guest "device" $@ # could easier be replaced by uci ubus api and using match field
-
-				config_load dhcp
-				[ -n "$(uci -q get dhcp.guest${vlan})" ] && {
-					uci -q delete dhcp.guest${vlan}
-					restart="1"
-				}
-				config_load firewall
-				config_foreach guest_teardown zone "firewall" guest${vlan} "name" $@ #delete firewall section with name = guest${vlan}
-				config_foreach guest_teardown forwarding "firewall" guest${vlan} "src" $@ #delete firewall section with name = guest${vlan}
-			fi
-
-
-			#endif
-			uci -q delete network.$section
-			restart="1"
-		}
-
-		config_load network
-		(config_foreach bridge_vlan_teardown bridge-vlan $al_bridge $layer3 $@)
-
-		if [ "$restart" = "1" ]; then
-			uci commit network
-			if [ -x "/usr/sbin/mapcontroller" -a "$layer3" = "1" ]; then
-				uci commit firewall
-				uci commit dhcp
-			fi
-			dbg "trigger network restart"
-			/etc/init.d/network restart
-		fi
-	}
-
-	ts_cleanup() {
-		local al_bridge=$(uci -q get mapagent.agent.al_bridge)
-		local layer3="$(uci -q get mapagent.agent.layer3_ts)"
-		restart=""
-
-		[ "$al_bridge" = "" ] && al_bridge="br-lan"
-
-		bridge_device_teardown() {
-			local section=$1
-			local bridge=$2
-			local layer3=$3
-			local br_dev="${AL_BRIDGE/-/_}"
-			local dev
-			local br_guest
-			local peer
-
-			config_get device "$section" device
-			config_get vlan "$section" vlan
-
-			dev="guest_dev${vlan}"
-
-			[ "$bridge" != "$device" ] && continue
-
-			uci -q delete network.$section
-
-			echo "restart"
-
-			[ -x "/usr/sbin/mapcontroller" -a "$layer3" = "1" ] || continue
-
-			####
-			# layer3 specific teardown
-			####
-
-			guest_teardown() {
-				local section=$1
-				local config=$2
-				local bridge=$3
-				local option=$4
-
-				config_get name "$section" "$option"
-
-				[ "$bridge" != "$name" ] && continue
-
-				echo "$bridge=$name" > /dev/console
-
-				uci -q delete ${config}.${section}
-				echo "uci -q delete ${config}.${section}" > /dev/console
-			}
-
-			br_guest="br-guest${vlan}"
-
-			# network config guest teardown
-			config_load network
-			config_foreach guest_teardown device "network" $br_guest "name"
-			config_foreach guest_teardown interface "network" $br_guest "device"
-
-			if [ -n "$(uci -q get network.${br_dev}.ports | grep -w ${dev})" ]; then
-				uci -q del_list network.${br_dev}.ports="${dev}"
-			fi
-
-			peer="guest_peer${vlan}"
-
-			ip link show $dev 2> /dev/null && {
-				ip link del $dev
-			}
-
-			ip link show $peer 2> /dev/null && {
-				ip link del $peer
-			}
-
-			# dhcp config guest teardown
-			[ -n "$(uci -q get dhcp.guest${vlan})" ] && {
-				uci -q delete dhcp.guest${vlan}
-			}
-
-			# firewall config guest teardown
-			config_load firewall
-			config_foreach guest_teardown zone "firewall" guest${vlan} "name"
-			config_foreach guest_teardown forwarding "firewall" guest${vlan} "src"
-		}
-
-		config_load network
-		restart="$(config_foreach bridge_device_teardown bridge-vlan $al_bridge $layer3)"
-
-		if [ -n "$restart" ]; then
-			uci commit network
-			if [ -x "/usr/sbin/mapcontroller" -a "$layer3" = "1" ]; then
-				uci commit firewall
-				uci commit dhcp
-			fi
-			dbg "trigger network restart"
-			/etc/init.d/network restart
-		fi
-
-		# enable pktfwd again and flush FlowCache rules
-		echo 1 > /proc/pktfwd_dhd/enable
-		echo 1 > /proc/pktfwd_wl/enable
-		echo 0 > /proc/pktfwd_dhd/enable
-		echo 0 > /proc/pktfwd_wl/enable
-		echo 1 > /proc/pktfwd_dhd/enable
-		echo 1 > /proc/pktfwd_wl/enable
-		fcctl flush
-	}
-
-	ts_isolate() {
-		local action=$1
-		shift
-		local pvid=$1 # pvid
-		shift
-		local ifname=$1 # guest fbss name
-		shift
-		local ifprefix=$@ # 4addr mode ifname prefix
-
-		[ -z "$pvid" -o -z "$ifprefix" -o -z "$ifname" ] && return
-
-		for prefix in $@; do
-			ebtables -D FORWARD -i $ifname --o ${prefix}+ --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
-			ebtables -D FORWARD -i ${prefix}+ --o ${ifname} --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
-
-			[ "$action" != "add" ] && continue
-			ebtables -A FORWARD -i $ifname --o ${prefix}+ --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
-			ebtables -A FORWARD -i ${prefix}+ --o ${ifname} --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
-		done
-
-
-	}
-
-	local func=$1
-	shift
-
-	case "$func" in
-		create) dbg "create $@"; ts_create $@;;
-		keep) dbg "keep $@"; ts_keep $@;;
-		reload) dbg "reload $@"; ts_reload $@;;
-		cleanup) dbg "cleanup $@"; ts_cleanup $@;;
-		isolate) dbg "isolate $@"; ts_isolate $@;;
-		--help|help) ts_usage;;
-		*) ts_usage; exit 1;;
-	esac
-}
--- a/map-controller/Config.in
+++ b/map-controller/Config.in
@@ -1,26 +0,0 @@
-if (PACKAGE_map-controller)
-
-menu "Configurations"
-
-config CONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG
-	bool "Support Dynamic Controller configuration sync"
-	default y if MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG
-
-config CONTROLLER_EASYMESH_VENDOR_EXT
-	bool "Enable extra features through Easymesh vendor extension"
-	default y
-
-config CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	string
-	default "\\\\x11\\\\x22\\\\x33"
-
-config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
-	string "Vendor OUI in '\\\\xAB\\\\xCD\\\\xEF' format"
-	default CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	help
-	Extra features not covered by the base Easymesh specification can be
-	enabled through CONTROLLER_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
-	through which such features would be exposed.
-
-endmenu
-endif
--- a/map-controller/Makefile
+++ b/map-controller/Makefile
@@ -1,24 +1,24 @@
 #
-# Copyright (C) 2020-22 IOPSYS Software Solutions AB
+# Copyright (C) 2020 IOPSYS Software Solutions AB
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-controller
-PKG_VERSION:=2.8.0.15
+PKG_VERSION:=3.0.11
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=e71a5f4f7f947f4c7819b4caf238fd1bec9b4fe8
+PKG_SOURCE_VERSION:=3545f418887d8ac0404cbe44d192ab20626e5268
+
+PKG_LICENSE:=PROPRIETARY IOPSYS
+PKG_LICENSE_FILES:=LICENSE

-LOCAL_DEV=0
-ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/map-controller
+PKG_SOURCE_URL:=git@dev.iopsys.eu:iopsys/map-controller.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
-endif

-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=map-plugin

 include $(INCLUDE_DIR)/package.mk

@@ -34,7 +34,7 @@ define Package/map-controller/description
 endef

 define Package/map-controller/config
-	source "$(SOURCE)/Config.in"
+	#source "$(SOURCE)/Config.in"
 endef

 TARGET_CFLAGS += \
@@ -44,28 +44,11 @@ TARGET_CFLAGS += \

 MAKE_PATH:=src

-ifeq ($(CONFIG_CONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG),y)
-TARGET_CFLAGS += -DCONTROLLER_SYNC_DYNAMIC_CNTLR_CONFIG
-endif
-
-ifeq ($(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT),y)
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=\\\"$(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT_OUI)\\\"
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
-endif
-
 define Package/map-controller/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mapcontroller $(1)/usr/sbin/
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/src/plugins/steer/rcpi/rcpi.so $(1)/usr/lib/mapcontroller/rcpi.so
 endef

-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        rsync -r --exclude=.* ~/git/map-controller/ $(PKG_BUILD_DIR)/
-endef
-endif
-
 $(eval $(call BuildPackage,map-controller))
--- a/map-controller/files/etc/config/mapcontroller
+++ b/map-controller/files/etc/config/mapcontroller
@@ -1,144 +1,44 @@
 config controller 'controller'
 	option enabled '1'
-	option registrar '2 5'
-	option debug '0'
-	option enable_sta_steer '0'
-	option enable_bsta_steer '0'
-	option use_bcn_metrics '0'
-	option use_usta_metrics '0'
-	option primary_vid '1'
-	option primary_pcp '0'
-	option enable_ts '0'
-	option allow_bgdfs '0'
-	option channel_plan '0'
+	option registrar '5 2'	    #bands on which wps registrar supported
+	option debug '6'
+	option al_bridge 'br-lan'

-config ap
-	option band '2'
-	option encryption 'sae-mixed'
-	option vid '1'
-	option ssid 'IOWRT-2.4GHz'
-	option encryption 'sae-mixed'
-	option key '1234567890'
+config vlan 'lan'
+	option network 'lan'
+	option id '1'

-config ap
+config fh-credentials
 	option band '5'
-	option type 'fronthaul'
-	option vid '1'
-	option ssid 'IOWRT-5GHz'
-	option encryption 'sae-mixed'
+	option encryption 'psk2'
 	option key '1234567890'
+	option ssid 'map-net5'
+	option vlan '1'

-config ap
+config fh-credentials
 	option band '2'
-	option type 'backhaul'
-	option vid '1'
-	list disallow_bsta '0'
-	option ssid 'MAP-BH-2.4GHz'
-	option encryption 'sae'
-	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
+	option encryption 'psk2'
+	option key '1234567890'
+	option ssid 'map-net2'
+#	option bk_ssid 'multiap_ssid123'
+#	option bk_key 'multiap_key123'
+	option vlan '1'

-config ap
+config bk-credentials
 	option band '5'
-	option type 'backhaul'
-	option vid '1'
-	list disallow_bsta '0'
-	option ssid 'MAP-BH-5GHz'
-	option encryption 'sae'
-	option key '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWZYZ0'
+	option encryption 'psk2'
+	option key '5555555555'
+	option ssid 'map-bkhaul-5'
+	option multi_ap '2'
+	option disallow_bsta '1'		# bitmap, 1 for disallow p1, 2 to disallow p2, 3 to disallow both (probably never applicable)
+	option vlan '1'

-# node and radio sections (per node) are auto
-# generated per Multi-AP Agent in the network
-#
-#config node 'node_0a1b2c3d4e50'
-#	option agent_id '0a:1b:2c:3d:4e:50'
-# following values use default values after onboarding if not explicitly set
-#	option backhaul_ul_macaddr '00:00:00:00:00:00'
-#	option backhaul_dl_macaddr '00:00:00:00:00:00'
-#	option backhaul_type 'none'
-#	option primary_vid '1'
-#	option primary_pcp '0'
-#	option report_sta_assocfails '0'
-#	option report_sta_assocfails_rate '0'
-#	option report_metric_periodic '0'
-#	option report_scan '0'
-#	option steer_exclude '0'
-#	option steer_exclude_btm '0'
-#	option steer_disallow '0'
-#	option coordinated_cac '0'
-#	option traffic_separation '0'
-#	option sta_steer '0'

-#config radio 'radio_0a1b2c3d4e53'
-#	option agent_id '0a:1b:2c:3d:4e:50'
-#	option macaddr '0a:1b:2c:3d:4e:53'
-#	option band '2'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '70'
-#	option report_rcpi_threshold '80'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-#config radio 'radio_0a1b2c3d4e54'
-#	option agent_id '0a:1b:2c:3d:4e:50'
-#	option macaddr '0a:1b:2c:3d:4e:54'
-#	option band '5'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '86'
-#	option report_rcpi_threshold '96'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-#config node 'node_3fb1c2d3e460'
-#	option agent_id '3f:b1:c2:d3:e4:60'
-# following values use default values after onboarding if not explicitly set
-#	option backhaul_ul_macaddr '00:00:00:00:00:00'
-#	option backhaul_dl_macaddr '00:00:00:00:00:00'
-#	option backhaul_type 'none'
-#	option primary_vid '1'
-#	option primary_pcp '0'
-#	option report_sta_assocfails '0'
-#	option report_sta_assocfails_rate '0'
-#	option report_metric_periodic '0'
-#	option report_scan '0'
-#	option steer_exclude '0'
-#	option steer_exclude_btm '0'
-#	option steer_disallow '0'
-#	option coordinated_cac '0'
-#	option traffic_separation '0'
-#	option sta_steer '0'
-
-#config radio 'radio_3fb1c2d3e463'
-#	option agent_id '3f:b1:c2:d3:e4:60'
-#	option macaddr '3f:b1:c2:d3:e4:63'
-#	option band '2'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '70'
-#	option report_rcpi_threshold '80'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
-
-#config radio 'radio_3fb1c2d3e464'
-#	option agent_id '3f:b1:c2:d3:e4:60'
-#	option macaddr '3f:b1:c2:d3:e4:64'
-#	option band '5'
-# following values use default values after onboarding if not explicitly set
-#	option steer_policy '0'
-#	option util_threshold '0'
-#	option rcpi_threshold '86'
-#	option report_rcpi_threshold '96'
-#	option report_util_threshold '0'
-#	option report_rcpi_hysteresis_margin '0'
-#	option include_sta_stats '1'
-#	option include_sta_metric '1'
+config bk-credentials
+	option band '2'
+	option encryption 'psk2'
+	option key '2222222222'
+	option ssid 'map-bkhaul-2'
+	option multi_ap '2'
+	option disallow_bsta '0'                # 0 or 1 profile-1 bSTA
+	option vlan '1'
--- a/map-controller/files/etc/init.d/mapcontroller
+++ b/map-controller/files/etc/init.d/mapcontroller
@@ -5,8 +5,6 @@ STOP=20

 USE_PROCD=1

-IS_CFG_VALID=1
-
 handle_controller_select() {
 	local section="$1"

@@ -14,125 +12,10 @@ handle_controller_select() {
 	return 1
 }

-validate_controller_section() {
-	uci_validate_section mapcontroller controller "controller" \
-		'enabled:bool:true' \
-		'registrar:string' \
-		'debug:range(0,16)' \
-		'resend_num:uinteger:0' \
-		'enable_sta_steer:bool:false' \
-		'enable_bsta_steer:bool:false' \
-		'use_bcn_metrics:bool:false' \
-		'use_usta_metrics:bool:false' \
-		'allow_bgdfs:range(0,2629744)' \
-		'channel_plan:range(0,2629744)' \
-		'enable_ts:bool:false'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapcontroller" "Validation of controller section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_ap_section() {
-	local section="$1"
-
-	uci_validate_section mapcontroller $section "${1}" \
-			'band:or("2", "5")' \
-			'ssid:string' \
-			'encryption:or("sae", "sae+aes", "psk2",
-				"psk2+aes", "sae-mixed", "sae-mixed+aes")' \
-			'key:string' \
-			'vid:range(1,65535):1' \
-			'type:or("backhaul", "fronthaul", "combined")' \
-			'disallow_bsta:list(range(0,255)):0' \
-			'enabled:bool:true'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapcontroller" "Validation of ap section $section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_node_section() {
-	local section="$1"
-
-	uci_validate_section mapcontroller $section "${1}" \
-			'agent_id:macaddr' \
-			'backhaul_ul_macaddr:macaddr' \
-			'backhaul_dl_macaddr:macaddr' \
-			'backhaul_type:or("none")' \
-			'primary_vid:range(0,255):1' \
-			'primary_pcp:range(0,255):0' \
-			'report_sta_assocfails:bool:false' \
-			'report_sta_assocfails_rate:uinteger' \
-			'report_metric_periodic:range(0,255)' \
-			'report_scan:bool:false' \
-			'steer_exclude:list(macaddr)' \
-			'steer_exclude_btm:list(macaddr)' \
-			'steer_disallow:bool:false' \
-			'coordinated_cac:bool:false' \
-			'traffic_separation:bool:false' \
-			'sta_steer:bool:false'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapcontroller" "Validation of node section $section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_radio_section() {
-	local section="$1"
-
-	uci_validate_section mapcontroller $section "${1}" \
-			'agent_id:macaddr' \
-			'macaddr:macaddr' \
-			'band:or("2", "5")' \
-			'steer_policy:range(0,2)' \
-			'util_threshold:range(0,255)' \
-			'rcpi_threshold:range(0,255)' \
-			'report_rcpi_threshold:range(0,255)' \
-			'report_util_threshold:range(0,255)' \
-			'report_rcpi_hysteresis_margin:range(0,255)' \
-			'include_sta_stats:bool:false' \
-			'include_sta_metric:bool:false'
-
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "mapcontroller" "Validation of radio section $section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_controller_config() {
-	IS_CFG_VALID=1
-
-	validate_controller_section &&
-		config_foreach validate_ap_section ap &&
-		config_foreach validate_node_section node &&
-		config_foreach validate_radio_section radio
-
-	[ "$IS_CFG_VALID" -ne 1 ] && {
-		logger -s -t "mapcontroller" "Validation of mapcontroller UCI file failed"
-		return 1
-	}
-	return 0
-}
-
 start_service() {
 	local enabled

 	config_load "mapcontroller"
-	validate_controller_config || return 1;
-
 	config_get_bool enabled controller enabled 1
 	[ "$enabled" -eq 0 ] && return

@@ -165,8 +48,6 @@ reload_service() {
 	config_get_bool enabled controller enabled 1
 	if [ "$enabled" -eq 0 ]; then
 		stop
-		# Start but without instance so reload trigger works.
-		start
 		return
 	fi

--- a/map-topology/Config.in
+++ b/map-topology/Config.in
@@ -1,22 +0,0 @@
-if (PACKAGE_map-topology)
-
-menu "Configurations"
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT
-	bool "Enable extra features through Easymesh vendor extension"
-	default y
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	string
-	default "\\\\x11\\\\x22\\\\x33"
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI
-	string "Vendor OUI in '\\\\xAB\\\\xCD\\\\xEF' format"
-	default TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	help
-	Extra features not covered by the base Easymesh specification can be
-	enabled through TOPOLOGYD_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
-	through which such features would be exposed.
-
-endmenu
-endif
--- a/map-topology/Makefile
+++ b/map-topology/Makefile
@@ -1,45 +1,36 @@
 #
-# Copyright (C) 2020-22 IOPSYS Software Solutions AB
+# Copyright (C) 2020 iopsys
 #

 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=map-topology
-PKG_VERSION:=2.5.0.13
+PKG_VERSION:=2.1.1

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_VERSION:=413330b08fc4608ea2f5f740cf829f62d5a8bba0
+PKG_SOURCE_VERSION:=908ab0defe9535144fced2012a819a2e58f3e8c6
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/map-topology.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
+
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_BUILD_DEPENDS:=ieee1905
-
-PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE:=PROPRIETARY IOPSYS
 PKG_LICENSE_FILES:=LICENSE
-
 include $(INCLUDE_DIR)/package.mk

 define Package/map-topology
 	CATEGORY:=Utilities
 	DEPENDS:=+libubox +ubus +libpthread +libuci +libeasy \
-		 +libavahi-nodbus-support +libnetfilter-conntrack +libnfnetlink +libmnl
+		+libieee1905 +map-plugin +libavahi-nodbus-support
 	TITLE:=Utility to build topology of a multi-AP network
 endef

-define Package/map-topology/config
-	source "$(SOURCE)/Config.in"
-endef
-
 TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-I$(STAGING_DIR)/usr/include/libnetfilter_conntrack \
-	-D_GNU_SOURCE
+	-I$(STAGING_DIR)/usr/include

 define Package/map-topology/description
 	Constructs network topology and show it as json structure over UBUS
@@ -47,11 +38,6 @@ endef

 MAKE_PATH:=src

-ifeq ($(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT),y)
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=\\\"$(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI)\\\"
-endif
-
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
        $(CP) -rf ~/git/map-topology/* $(PKG_BUILD_DIR)/
--- a/map-topology/files/etc/config/hosts
+++ b/map-topology/files/etc/config/hosts
@@ -2,4 +2,3 @@
 config global 'global'
 	option ageing_timer '1440'
 	option reboot_persistent '0'
-	option ifname 'br-lan'
--- a/map-topology/files/etc/init.d/topologyd
+++ b/map-topology/files/etc/init.d/topologyd
@@ -5,73 +5,7 @@ STOP=21

 USE_PROCD=1

-IS_CFG_VALID=1
-
-validate_topology_config() {
-	uci_validate_section topology topology "topology" \
-			'enabled:bool:true' \
-			'depth:range(0,16)' \
-			'interval:range(0,65535)' \
-			'maxlog:range(0,128)' \
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "topology" "Validation of topology UCI file failed"
-		return 1
-	}
-	return 0
-}
-
-validate_global_section() {
-	uci_validate_section hosts global "global" \
-		'ageing_timer:uinteger' \
-		'reboot_persistent:bool' \
-		'ifname:string'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "hosts" "Validation of global section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_host_section() {
-	local section="$1"
-
-	uci_validate_section hosts $section "${1}" \
-			'macaddr:macaddr' \
-			'interface_type:or("wifi","eth")' \
-			'active:bool' \
-			'active_last_change:string'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "hosts" "Validation of host section $section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_hosts_config() {
-	IS_CFG_VALID=1
-
-	validate_global_section &&
-		config_foreach validate_host_section host
-
-	[ "$IS_CFG_VALID" -ne 1 ] && {
-		logger -s -t "topology" "Validation of hosts UCI file failed"
-		return 1
-	}
-	return 0
-}
-
 start_service() {
-	config_load "topology"
-	validate_topology_config || return 1;
-
-	config_load "hosts"
-	validate_hosts_config || return 1;
-
 	procd_open_instance
        procd_set_param command "/usr/sbin/topologyd"
 	procd_set_param respawn
--- a/mcastmngr/Makefile
+++ b/mcastmngr/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=mcastmngr
-PKG_VERSION:=1.0.2
+PKG_VERSION:=1.0.0

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

--- a/mcastmngr/files/etc/uci-defaults/61-mcast_config_generate
+++ b/mcastmngr/files/etc/uci-defaults/61-mcast_config_generate
@@ -22,7 +22,7 @@ generate_igmp_global_params(){

 generate_mcast_config(){

-	up_itf="$(uci -q get network.wan.device)"
+	up_itf="$(uci -q get network.wan.ifname)"

 	uci add mcast proxy
 	uci rename mcast.@proxy[-1]="igmp_proxy_1"
@@ -35,6 +35,7 @@ generate_mcast_config(){
 	uci set mcast.@proxy[-1].last_member_query_interval="10"
 	uci set mcast.@proxy[-1].fast_leave="1"
 	uci set mcast.@proxy[-1].snooping_mode="2"
+	uci set mcast.@proxy[-1].lan_to_lan="0"
 	uci add_list mcast.@proxy[-1].downstream_interface="br-lan"

 	IFS=" "
--- a/mcastmngr/files/lib/mcast/broadcom.sh
+++ b/mcastmngr/files/lib/mcast/broadcom.sh
@@ -59,6 +59,10 @@ mld_p_up_interfaces=""
 mld_p_down_interfaces=""
 mld_p_exceptions=""

+# Standard parameters need by BCM's multicast daemon
+l_2_l_mcast=0
+allow_brdevice=0
+
 proxdevs=""
 ethwan="$(db -q get hw.board.ethernetWanPort)"

@@ -85,6 +89,7 @@ read_snooping() {
 		config_get igmp_s_mode "$config" snooping_mode 0
 		config_get igmp_s_iface "$config" interface
 		config_get igmp_s_exceptions "$config" filter
+		config_get l_2_l_mcast "$config" lan_to_lan
 		return
 	fi

@@ -99,6 +104,7 @@ read_snooping() {
 		config_get mld_s_mode "$config" snooping_mode 0
 		config_get mld_s_iface "$config" interface
 		config_get mld_s_exceptions "$config" filter
+		config_get l_2_l_mcast "$config" lan_to_lan
 		return
 	fi
 }
@@ -127,6 +133,7 @@ read_proxy() {
 		config_get igmp_p_up_interfaces "$config" upstream_interface
 		config_get igmp_p_down_interfaces "$config" downstream_interface
 		config_get igmp_p_exceptions "$config" filter
+		config_get l_2_l_mcast "$config" lan_to_lan
 		return
 	fi

@@ -142,6 +149,7 @@ read_proxy() {
 		config_get mld_p_up_interfaces "$config" upstream_interface
 		config_get mld_p_down_interfaces "$config" downstream_interface
 		config_get mld_p_exceptions "$config" filter
+		config_get l_2_l_mcast "$config" lan_to_lan
 		return
 	fi
 }
@@ -167,36 +175,6 @@ config_mcast_querier_params() {
 	echo "${protocol}-last-member-query-interval $last_mem_q_int" >> $CONFFILE
 }

-config_snooping_upstream_interface() {
-	local snooping_upstream_intf=""
-
-	json_load "$(devstatus $1)"
-	logger -t "mcastconf" "$(devstatus $1)"
-	itr=1
-	json_select bridge-members
-
-	# loop over the bridge and find the device on wan port
-	while json_get_var dev $itr; do
-		case "$dev" in
-			*.*)
-				port="$(echo "$dev" | cut -d'.' -f 1)"
-				if [ $port == $ethwan ]; then
-					ifconfig $dev | grep RUNNING >/dev/null && $snooping_upstream_intf="$dev" && break
-				fi
-				;;
-		esac
-		itr=$(($itr + 1))
-	done
-	json_select ..
-
-	# if none of the bridge members are on wan port, set the wan port itself
-	if [ -n "$snooping_upstream_intf" ]; then
-		echo "upstream-interface $snooping_upstream_intf" >>$CONFFILE
-	else
-		echo "upstream-interface $ethwan" >>$CONFFILE
-	fi
-}
-
 config_snooping_on_bridge() {
 	local protocol="$1"
 	local bcm_mcast_p=1
@@ -209,11 +187,46 @@ config_snooping_on_bridge() {
 			br-*)
 				# set snooping mode on the bridge
 				bcmmcastctl mode -i $snpif -p $bcm_mcast_p -m $3
+				# set L2L snooping mode on the bridge
+				bcmmcastctl l2l -i $snpif -p $bcm_mcast_p -e $l_2_l_mcast # set L2L snooping mode on the bridge
 			;;
 		esac
 	done
 }

+handle_bridged_proxy_interface() {
+	local p2="$1"
+	local p_enable=0
+
+	if [ "$p2" == "igmp" ]; then
+		p_enable=$igmp_p_enable
+	else
+		p_enable=$mld_p_enable
+	fi
+
+	if [ $p_enable -eq 1 -a $allow_brdevice -eq 1 ]
+	then
+		proxdevs="$proxdevs $2"
+		echo "upstream-interface $2" >>$CONFFILE
+	else
+		json_load "$(devstatus $2)"
+		itr=1
+		json_select bridge-members
+		while json_get_var dev $itr; do
+			case "$dev" in
+				*.*)
+					port="$(echo "$dev" | cut -d'.' -f 1)"
+					if [ $port == $ethwan ]; then
+						ifconfig $dev | grep RUNNING >/dev/null && proxdevs="$proxdevs $dev" && break
+					fi
+					;;
+			esac
+			itr=$(($itr + 1))
+		done
+		json_select ..
+	fi
+}
+
 config_mcast_proxy_interface() {
 	local itr
 	local p1="$1"
@@ -228,8 +241,7 @@ config_mcast_proxy_interface() {
 	for proxif in $2; do
 		case "$proxif" in
 			br-*)
-				proxdevs="$proxdevs $proxif"
-				echo "upstream-interface $proxif" >>$CONFFILE
+				handle_bridged_proxy_interface $p1 $proxif
 			;;
 			*)
 				ifconfig $proxif | grep RUNNING >/dev/null && proxdevs="$proxdevs $proxif"
@@ -241,12 +253,7 @@ config_mcast_proxy_interface() {
 		echo "${p1}-proxy-interfaces $proxdevs" >> $CONFFILE
 	fi

-	# if proxdevs is empty set the wan port as mcast-interface
-	if [ -n "$proxdevs" ]; then
-		echo "${p1}-mcast-interfaces $proxdevs" >> $CONFFILE
-	else
-		echo "${p1}-mcast-interfaces $ethwan" >> $CONFFILE
-	fi
+	[ -n "$proxdevs" ] && echo "${p1}-mcast-interfaces $proxdevs" >> $CONFFILE
 }

 configure_mcpd_snooping() {
@@ -259,14 +266,14 @@ configure_mcpd_snooping() {
 	if [ "$protocol" == "igmp" ]; then
 		config_snooping_common_params $protocol $igmp_s_version $igmp_s_robustness $igmp_s_mode
 		config_mcast_querier_params $protocol $igmp_s_query_interval $igmp_s_q_resp_interval $igmp_s_last_mem_q_int
-		config_snooping_upstream_interface "$igmp_s_iface"
+		config_mcast_proxy_interface $protocol "$igmp_s_iface"
 		config_snooping_on_bridge $protocol $igmp_s_iface $igmp_s_mode
 		exceptions=$igmp_s_exceptions
 		fast_leave=$igmp_s_fast_leave
 	elif [ "$protocol" == "mld" ]; then
 		config_snooping_common_params $protocol $mld_s_version $mld_s_robustness $mld_s_mode
 		config_mcast_querier_params $protocol $mld_s_query_interval $mld_s_q_resp_interval $mld_s_last_mem_q_int
-		config_snooping_upstream_interface "$mld_s_iface"
+		config_mcast_proxy_interface $protocol "$mld_s_iface"
 		config_snooping_on_bridge $protocol $mld_s_iface $mld_s_mode
 		exceptions=$mld_s_exceptions
 		fast_leave=$mld_s_fast_leave
@@ -343,6 +350,7 @@ disable_snooping() {

 	for br in $(brctl show | grep 'br-' | awk '{print$1}' | tr '\n' ' '); do
 		bcmmcastctl mode -i $br -p $bcm_mcast_p -m 0 # disable snooping on all bridges
+		bcmmcastctl l2l -i $br -p $bcm_mcast_p -e 0 # disable L2L snooping on all bridges
 	done
 }

@@ -458,7 +466,7 @@ read_mcast_stats() {
 		case $line in
 		br-*)
 			found_ip=0
-			grp_ip="$(echo $line | awk -F ' ' '{ print $10 }')"
+			grp_ip="$(echo $line | awk -F ' ' '{ print $9 }')"
 			if [ -z "$mcast_addrs" ]; then
 				mcast_addrs="$grp_ip"
 				continue
@@ -510,7 +518,7 @@ read_mcast_stats() {
 					if [ "$snoop_iface" != "$intf" ]; then
 						continue
 					fi
-					grp_ip="$(echo $line | awk -F ' ' '{ print $10 }')"
+					grp_ip="$(echo $line | awk -F ' ' '{ print $9 }')"
 					if [ "$grp_ip" != "$gip_addr" ]; then
 						continue
 					fi
@@ -523,12 +531,12 @@ read_mcast_stats() {
 					fi

 					json_add_object ""
-					host_ip="$(echo $line | awk -F ' ' '{ print $14 }')"
+					host_ip="$(echo $line | awk -F ' ' '{ print $13 }')"
 					h_ip="$(ipcalc.sh $host_ip | grep IP | awk '{print substr($0,4)}')"
 					json_add_string "ipaddr" "$h_ip"
 					src_port="$(echo $line | awk -F ' ' '{ print $2 }')"
 					json_add_string "device" "$src_port"
-					timeout="$(echo $line | awk -F ' ' '{ print $15 }')"
+					timeout="$(echo $line | awk -F ' ' '{ print $14 }')"
 					json_add_int "timeout" "$timeout"
 					json_close_object #close the associated device object
 					;;
--- a/mosquitto-auth-shadow/Makefile
+++ b/mosquitto-auth-shadow/Makefile
@@ -1,45 +0,0 @@
-#
-# Copyright (c) 2022 Genexis B.V.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Eclipse Public License 2.0 which is available at
-# https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Erik Karlsson - initial implementation
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=mosquitto-auth-shadow
-PKG_VERSION:=1.0.0
-
-PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
-PKG_LICENSE:=EPL-2.0
-
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/mosquitto-auth-shadow
-  SECTION:=net
-  CATEGORY:=Network
-  TITLE:=mosquitto - /etc/shadow authentication plugin
-  DEPENDS:=mosquitto
-  USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
-endef
-
-define Package/mosquitto-auth-shadow/description
-  Plugin for the mosquitto MQTT message broker that authenticates
-  users using /etc/shadow
-endef
-
-define Package/mosquitto-auth-shadow/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,mosquitto-auth-shadow))
--- a/mosquitto-auth-shadow/files/etc/uci-defaults/14_set-shadow-permissions
+++ b/mosquitto-auth-shadow/files/etc/uci-defaults/14_set-shadow-permissions
@@ -1 +0,0 @@
-chown root:shadow /etc/shadow && chmod 0640 /etc/shadow
--- a/mosquitto-auth-shadow/src/Makefile
+++ b/mosquitto-auth-shadow/src/Makefile
@@ -1,25 +0,0 @@
-#
-# Copyright (c) 2022 Genexis B.V.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Eclipse Public License 2.0 which is available at
-# https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Erik Karlsson - initial implementation
-#
-
-TARGETS = mosquitto_auth_shadow.so
-
-all: $(TARGETS)
-
-%.pic.o: %.c
-	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
-
-mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
-	$(CC) $(LDFLAGS) -shared -o $@ $^
-
-clean:
-	rm -f *.o $(TARGETS)
--- a/mosquitto-auth-shadow/src/mosquitto_auth_shadow.c
+++ b/mosquitto-auth-shadow/src/mosquitto_auth_shadow.c
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2022 Genexis B.V.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- *   Erik Karlsson - initial implementation
- */
-
-#include <string.h>
-#include <shadow.h>
-#include <crypt.h>
-#include <mosquitto.h>
-#include <mosquitto_broker.h>
-#include <mosquitto_plugin.h>
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
-}
-
-int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
-{
-	return 5;
-}
-
-int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
-{
-	*user_data = identifier;
-
-	return mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-					   basic_auth_callback, NULL, NULL);
-}
-
-int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
-{
-	mosquitto_plugin_id_t *identifier = user_data;
-
-	return mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
-					     basic_auth_callback, NULL);
-}
--- a/mqtt-ciotc/Makefile
+++ b/mqtt-ciotc/Makefile
@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2020 IOPSYS
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=mqtt-ciotc
+PKG_VERSION:=0.1
+
+PKG_SOURCE_VERSION:=00da3fb1f1691d836037dc4d93e38d0835ba46a4
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/wifilife-testbed.git
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_LICENSE:=Apache-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/mqtt-ciotc
+	CATEGORY:=Utilities
+	DEPENDS:=+libjwt +lib-paho-mqtt +libopenssl +libubox +ubus +libblobmsg-json
+	TITLE:=mqtt google iot clinet
+endef
+
+define Package/mqtt-ciotc/description
+	mqtt google iot client
+endef
+
+define Package/mqtt-ciotc/install
+	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mqtt_ciotc $(1)/sbin/
+endef
+
+$(eval $(call BuildPackage,mqtt-ciotc))
--- a/mqtt-ciotc/files/etc/config/mqtt_ciotc
+++ b/mqtt-ciotc/files/etc/config/mqtt_ciotc
@@ -0,0 +1,3 @@
+config certs 'certs'
+	option private '/etc/mqtt-ciotc/rsa_private.pem'
+	option root '/etc/mqtt-ciotc/roots.pem'
--- a/mqtt-ciotc/files/etc/init.d/mqtt_ciotc
+++ b/mqtt-ciotc/files/etc/init.d/mqtt_ciotc
@@ -0,0 +1,35 @@
+#!/bin/sh /etc/rc.common
+
+START=96
+STOP=10
+PROG=/sbin/mqtt_ciotc
+
+USE_PROCD=1
+
+start_service() {
+	procd_open_instance
+	procd_set_param command ${PROG}
+	config_load mqtt_ciotc
+	config_get private certs private
+	config_get root certs root
+
+	[ -n $private ] && procd_append_param command --private-cert $private
+	[ -n $root ] && procd_append_param command --root-cert $root
+	procd_set_param respawn
+	procd_close_instance
+}
+
+stop_service()
+{
+	service_stop ${PROG}
+}
+
+reload_service() {
+#	procd_send_signal wifilife # use SIGHUP
+	stop
+	start
+}
+
+service_triggers() {
+        procd_add_reload_trigger "mqtt_ciotc"
+}
--- a/netmode/Makefile
+++ b/netmode/Makefile
@@ -8,26 +8,35 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=netmode
-PKG_VERSION:=0.3.0
-PKG_RELEASE:=1
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_LICENSE:=GPL-2.0-only
+PKG_VERSION:=0.2.0
+
+PKG_SOURCE_VERSION:=5c8abbdf86e4651c7c6f14f784cfb52e69979f96
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/netmoded
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_LICENSE:=GPLv2
+PKG_LICENSE_FILES:=LICENSE
+
 include $(INCLUDE_DIR)/package.mk

 define Package/netmode
-  CATEGORY:=Utilities
-  TITLE:=Network Modes and Utils
+	CATEGORY:=Base system
+	DEPENDS:=+fping +ubus +libubox +libuci
+	TITLE:=Predefined Network Modes
 endef

 define Package/netmode/description
-	Network Modes and Utils
-endef
-
-define Build/Compile
+	Predefined Network Modes
 endef

 define Package/netmode/install
 	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/netmoded $(1)/sbin/
 endef

 $(eval $(call BuildPackage,netmode))
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`chown root:shadow /etc/shadow && chmod 0640 /etc/shadow`