icwmp: Ensure 'switch_bank' option is set to 1 on firmware upgrade trigger

swmodd: added datamodel dependency on swmod ubus
obuspa: controller provisioning via dhcp
2025-12-29 07:39:25 +08:00 · 2025-03-07 00:38:03 +01:00 · 2025-03-06 19:17:03 +05:30 · 2025-03-06 13:42:18 +00:00 · 2025-03-06 13:38:52 +00:00 · 2025-03-06 11:44:29 +01:00
123 changed files with 2063 additions and 1315 deletions
--- a/bbfdm/Makefile
+++ b/bbfdm/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bbfdm
-PKG_VERSION:=1.14.4
+PKG_VERSION:=1.15.6

 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=c8967d6bf47c8bc96cf8df94236b4edfc95aabea
+PKG_SOURCE_VERSION:=38636715adf891bbf64a45ba54a87582c0c7e134
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -154,6 +154,9 @@ define Package/dm-service/install

 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dm-service/dm-service $(1)/usr/sbin/
+
+	$(BBFDM_REGISTER_SERVICES) -v ${CONFIG_BBF_VENDOR_PREFIX} ./bbfdm_service.json $(1) core
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/libbbfdm/libcore.so $(1) core
 endef

 define Package/bbf_configmngr/install
--- a/bbfdm/bbfdm.mk
+++ b/bbfdm/bbfdm.mk
@@ -89,28 +89,3 @@ BBFDM_INSTALL_SCRIPT:=$(BBFDM_DIR)/tools/bbfdm.sh -s


 BBFDM_REGISTER_SERVICES:=$(BBFDM_DIR)/tools/bbfdm.sh -t
-
-# Deprecated functions errors
-define BbfdmInstallPluginInMicroservice
-	$(warning # BbfdmInstallPluginInMicroservice function is deprecated, use BBFDM_INSTALL_MS_PLUGIN macro #)
-	$(INSTALL_DIR) $(1)
-	$(INSTALL_DATA) $(2) $(1)/
-endef
-
-define BbfdmInstallMicroServiceInputFile
-	$(warning # function BbfdmInstallMicroServiceInputFile deprecated, input file auto generated with BBFDM_INSTALL_MS_DM #)
-	$(INSTALL_DIR) $(1)/etc/bbfdm/micro_services
-	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/micro_services/$(PKG_NAME).json
-endef
-
-define BbfdmInstallPlugin
-	$(warning # function BbfdmInstallPlugin deprecated, use BBFDM_INSTALL_CORE_PLUGIN macro #)
-	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
-	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/plugins/
-endef
-
-define BbfdmInstallPluginWithPriority
-	$(warning # fucntion BbfdmInstallPluginWithPriority deprecated, use BBFDM_INSTALL_CORE_PLUGIN #)
-	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
-	$(INSTALL_DATA) $(3) $(1)/etc/bbfdm/plugins/$(2)_$(shell basename ${3})
-endef
--- a/bbfdm/bbfdm_service.json
+++ b/bbfdm/bbfdm_service.json
@@ -0,0 +1,54 @@
+{
+  "daemon": {
+    "enable": "1",
+    "service_name": "core",
+    "unified_daemon": false,
+    "services": [
+      {
+        "parent_dm": "Device.",
+        "object": "LANConfigSecurity"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "Schedules"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "Security",
+        "proto": "cwmp"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "PacketCaptureDiagnostics"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "SelfTestDiagnostics"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "Syslog"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "{BBF_VENDOR_PREFIX}OpenVPN",
+        "proto": "usp"
+      },	  
+      {
+        "parent_dm": "Device.",
+        "object": "RootDataModelVersion"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "Reboot()"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "FactoryReset()"
+      }
+    ],
+    "config": {
+      "loglevel": "3"
+    }
+  }
+}
--- a/bbfdm/files/etc/bbfdm/critical_services.json
+++ b/bbfdm/files/etc/bbfdm/critical_services.json
@@ -3,8 +3,12 @@
 			"firewall",
 			"network",
 			"dhcp",
+			"time",
 			"wireless",
-			"time"
+			"ieee1905",
+			"mapcontroller",
+			"mosquitto",
+			"nginx"
 	],
 	"cwmp": [
 			"firewall",
--- a/bbfdm/files/etc/uci-defaults/96-sysctl-translation
+++ b/bbfdm/files/etc/uci-defaults/96-sysctl-translation
@@ -51,10 +51,6 @@ parse_bbfdm_sysctl_conf_file() {

 	# Replace the original file with the modified content
 	mv "$tmpfile" "${bbfdm_sysctl_conf}"
-
-	# Apply the changes
-	uci commit network
-	sysctl -e -p "${bbfdm_sysctl_conf}" >&-
 }

 parse_bbfdm_sysctl_conf_file
--- a/bbfdm/tools/bbfdm.sh
+++ b/bbfdm/tools/bbfdm.sh
@@ -180,14 +180,15 @@ if [ "${MICRO_SERVICE}" -eq "1" ]; then
 	fi
 else
 	if [ "${PLUGIN}" -eq "1" ]; then
+		echo "# WARNING: BBFDM_INSTALL_CORE_PLUGIN macro will be deprecated soon. Please use BBFDM_INSTALL_MS_PLUGIN macro instead, specifying 'core' as micro-service name #"
 		priority="${DATA:-0}"
-		install_dir ${DEST}/${BBFDM_BASE_DM_PATH}/plugins
+		install_dir ${DEST}/${BBFDM_BASE_DM_PATH}/micro_services/core

 		if [ "${priority}" -gt "0" ]; then
 			# install with priority if defined
-			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/plugins/${priority}_$(basename ${SRC})
+			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/micro_services/core/${priority}_$(basename ${SRC})
 		elif [ "${priority}" -eq "0" ]; then
-			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/plugins/$(basename ${SRC})
+			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/micro_services/core/$(basename ${SRC})
 		else
 			echo "# Priority should be an unsigned integer"
 			exit 1
--- a/bridgemngr/Makefile
+++ b/bridgemngr/Makefile
@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.11
+PKG_VERSION:=1.0.12

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
-PKG_SOURCE_VERSION:=18c2921a1cf5bfa027c11c5e6ca605ef69fd1168
+PKG_SOURCE_VERSION:=25fd52491a639b32b8eb77ea07a4e470c458d16a
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/decollector/Makefile
+++ b/decollector/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=decollector
-PKG_VERSION:=6.1.0.7
+PKG_VERSION:=6.2.0.1

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=db4eae19a3f716eec5a37aa2786b9bbbe3160b54
+PKG_SOURCE_VERSION:=575ecfff3779aadcea83d890ba975109c0f7d6a3
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
--- a/dhcpmngr/files/etc/uci-defaults/unbound.odhcpd.uci_default
+++ b/dhcpmngr/files/etc/uci-defaults/unbound.odhcpd.uci_default
@@ -10,7 +10,6 @@ uci -q get dhcp.odhcpd >/dev/null 2>&1 && {
 		[ -e /usr/lib/unbound/odhcpd.sh ] && [ -e /usr/sbin/unbound ] && {
 			# then set unbound script as leasetrigger in dhcp UCI
 			uci -q set dhcp.odhcpd.leasetrigger='/usr/lib/unbound/odhcpd.sh'
-			uci commit dhcp
 		}
 	}
 }
--- a/dnsmngr/Makefile
+++ b/dnsmngr/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.14
+PKG_VERSION:=1.0.15

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=e64ec01b57d8b32e5230b34f6a3866250b1a8faf
+PKG_SOURCE_VERSION:=32bd2501fca8a4f45ba13ee0e4762756c60fe721
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -64,6 +64,10 @@ ifeq ($(CONFIG_DNSMNGR_BACKEND_DNSMASQ),y)
 endif

 define Package/dnsmngr/install
+	$(INSTALL_DIR) $(1)/etc/umdns
+	$(INSTALL_DIR) $(1)/etc/umdns/tmp
+	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
+	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/dnsmngr $(1)/lib/upgrade/keep.d/dnsmngr
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libdnsmngr.so $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_SCRIPT) -d $(PKG_BUILD_DIR)/scripts/nslookup $(1)
--- a/dnsmngr/files/lib/upgrade/keep.d/dnsmngr
+++ b/dnsmngr/files/lib/upgrade/keep.d/dnsmngr
@@ -0,0 +1 @@
+/etc/umdns/*
--- a/ebtables-extensions/Makefile
+++ b/ebtables-extensions/Makefile
@@ -6,14 +6,14 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=ebtables-extensions
-PKG_VERSION:=2.0.4
+PKG_VERSION:=2.0.5
 PKG_LICENSE:=GPL-2.0

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ebtables-extensions.git
-PKG_SOURCE_VERSION:=9a2af49b455ee25ca0694274e004ced7c09855a0
+PKG_SOURCE_VERSION:=7357622d806833d93d317164dc6673fbf5fd1629
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -189,9 +189,7 @@ define KernelPackage/ebt-mldsnooping/description
 	Kernel module to enable MLD snooping for ebtables
 endef

-ifeq ($(CONFIG_TARGET_brcmbca),y)
-	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
-endif
+-include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk

 define Build/Prepare

@@ -236,7 +234,6 @@ endif
 	$(CP) $(PKG_BUILD_DIR)/src/ebt_mldsnooping.h $(1)/include/uapi/linux/netfilter_bridge/
 endef

-KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
 ifeq ($(CONFIG_TARGET_airoha),y)
  KERNEL_MAKE_FLAGS += PLATFORM="ECONET"
 endif
--- a/firewallmngr/Makefile
+++ b/firewallmngr/Makefile
@@ -29,7 +29,7 @@ define Package/firewallmngr
  CATEGORY:=Network
  TITLE:=Package to add Device.Firewall and Device.NAT. data model support.
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +firewall
-  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:kmod-ipt-trigger +FIREWALLMNGR_PORT_TRIGGER:kmod-ip6t-trigger
+  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:iptables-mod-trigger
  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:iptables-mod-nfqueue
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
--- a/firewallmngr/files/firewall.portmap
+++ b/firewallmngr/files/firewall.portmap
@@ -2,71 +2,40 @@

 . /lib/functions.sh

-log() {
-	echo "${@}"|logger -t firewall.dnat -p info
-}
-
-exec_cmd() {
-	if ! eval "$*"; then
-		log "Failed to run [$*]"
-	fi
-}
-
 reorder_dnat_rules() {
-	nat_chains=$(iptables -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)
+	nat_chains=$(iptables -w -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)

 	for chain in ${nat_chains}; do
 		# Collect empty remote host & empty dport rules
-		EMPTY_HOST_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")
-		if [ -n "${EMPTY_HOST_PORT}" ]; then
-			echo "${EMPTY_HOST_PORT}" | while read cmd; do
-				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
-				exec_cmd $cmd1
-			done
-		fi
+		EMPTY_HOST_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")

 		# Collect empty remote host but non empty dport rules
-		EMPTY_HOST=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")
-		if [ -n "${EMPTY_HOST}" ]; then
-			echo "${EMPTY_HOST}" | while read cmd; do
-				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
-				exec_cmd $cmd1
-			done
-		fi
+		EMPTY_HOST=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")

 		# Collect non empty remote host but empty dport rules
-		EMPTY_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")
-		if [ -n "${EMPTY_PORT}" ]; then
-			echo "${EMPTY_PORT}" | while read cmd; do
-				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
-				exec_cmd $cmd1
-			done
-		fi
+		EMPTY_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")

-		# Now add rules as per datamodel precedence shown below
-		## Non empty remote host, empty dport
-		## empty remote host, non empty dport
-		## empty remote host, empty dport
-		if [ -n "${EMPTY_PORT}" ]; then
-			echo "${EMPTY_PORT}" | while read cmd; do
-				cmd1="iptables -t nat $(echo $cmd)"
-				exec_cmd $cmd1
-			done
-		fi
+		# Skip this chain if no matching rules were found
+		[ -n "${EMPTY_HOST_PORT}" -o -n "${EMPTY_HOST}" -o -n "${EMPTY_PORT}" ] || continue

-		if [ -n "${EMPTY_HOST}" ]; then
-			echo "${EMPTY_HOST}" | while read cmd; do
-				cmd1="iptables -t nat $(echo $cmd)"
-				exec_cmd $cmd1
-			done
-		fi
+		(
+			echo '*nat'

-		if [ -n "${EMPTY_HOST_PORT}" ]; then
-			echo "${EMPTY_HOST_PORT}" | while read cmd; do
-				cmd1="iptables -t nat $(echo $cmd)"
-				exec_cmd $cmd1
-			done
-		fi
+			# Delete collected rules
+			[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}" | sed 's/^-A /-D /'
+			[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}" | sed 's/^-A /-D /'
+			[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}" | sed 's/^-A /-D /'
+
+			# Now add rules as per datamodel precedence shown below
+			## Non empty remote host, empty dport
+			## empty remote host, non empty dport
+			## empty remote host, empty dport
+			[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}"
+			[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}"
+			[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}"
+
+			echo 'COMMIT'
+		) | iptables-restore -w -n
 	done
 }

--- a/firewallmngr/files/firewall.service
+++ b/firewallmngr/files/firewall.service
@@ -7,7 +7,7 @@ log() {
 }

 exec_cmd() {
-	if ! eval "$*"; then
+	if ! "$@"; then
 		log "Failed to run [$*]"
 		echo "-1"
 		return 0
@@ -73,7 +73,7 @@ add_iptable_rule() {
 		fi

 		if [ -z "${src_prefix}" ]; then
-			res=$(exec_cmd "iptables ${cmd} -m comment --comment IPtables_service_rule -j ${action}")
+			res=$(exec_cmd iptables -w ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
 		else
 			#Add ipv4 sources if any
 			src_list=""
@@ -86,7 +86,7 @@ add_iptable_rule() {

 			if [ -n "$src_list" ]; then
 				src_list=$(echo "${src_list}" | sed "s/,$//")
-				res=$(exec_cmd "iptables -s $src_list ${cmd} -m comment --comment IPtables_service_rule -j ${action}")
+				res=$(exec_cmd iptables -w -s "$src_list" ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
 			fi
 		fi
 	fi
@@ -97,7 +97,7 @@ add_iptable_rule() {
 		fi

 		if [ -z "${src_prefix}" ]; then
-			res=$(exec_cmd "ip6tables ${cmd} -m comment --comment IP6tables_service_rule -j ${action}")
+			res=$(exec_cmd ip6tables -w ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
 		else
 			#Add ipv6 sources if any
 			src_list=""
@@ -110,7 +110,7 @@ add_iptable_rule() {

 			if [ -n "$src_list" ]; then
 				src_list=$(echo "${src_list}" | sed "s/,$//")
-				res=$(exec_cmd "ip6tables -s $src_list ${cmd} -m comment --comment IP6tables_service_rule -j ${action}")
+				res=$(exec_cmd ip6tables -w -s "$src_list" ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
 			fi
 		fi
 	fi
--- a/gateway-info/Makefile
+++ b/gateway-info/Makefile
@@ -0,0 +1,60 @@
+#
+# Copyright (C) 2025 IOPSYS Software Solutions AB
+#
+# This is free software, licensed under the BSD-3-Clause
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gateway-info
+PKG_VERSION:=1.0.0
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/gateway-info.git
+PKG_SOURCE_VERSION:=26e407a25b156da75e3941d54ddd74294cd9eae8
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/gateway-info
+  CATEGORY:=Utilities
+  TITLE:=GatewayInfo Data Model Support
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json
+  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+endef
+
+define Package/gateway-info/description
+	Package to add Device.GatewayInfo. data model support.
+endef
+
+MAKE_PATH:=src
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) ~/git/gateway-info/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/gateway-info/install
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
+	$(INSTALL_DIR) $(1)/etc/bbfdm/services
+	$(INSTALL_DIR) $(1)/usr/share/bbfdm/micro_services
+	$(INSTALL_DATA) ./files/etc/config/gateway $(1)/etc/config/gateway
+	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_gateway_info.user $(1)/etc/udhcpc.user.d/udhcpc_gateway_info.user
+	$(INSTALL_BIN) ./files/etc/uci-defaults/86-set-gateway-device-info $(1)/etc/uci-defaults/
+	$(BBFDM_REGISTER_SERVICES) ./files/bbfdm_service.json $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libgwinfo.so $(1) $(PKG_NAME)
+endef
+
+$(eval $(call BuildPackage,gateway-info))
--- a/wifidmd/files/bbfdm_service_dataelements.json
+++ b/wifidmd/files/bbfdm_service_dataelements.json
@@ -1,12 +1,12 @@
 {
  "daemon": {
    "enable": "1",
-    "service_name": "wifidmd.dataelements",
+    "service_name": "gateway-info",
    "unified_daemon": false,
    "services": [
      {
        "parent_dm": "Device.",
-        "object": "WiFi"
+        "object": "GatewayInfo"
      }
    ],
    "config": {
--- a/gateway-info/files/etc/config/gateway
+++ b/gateway-info/files/etc/config/gateway
@@ -0,0 +1,3 @@
+config global 'global'
+	option wan_interface 'wan'
+	option lan_interface 'lan'
--- a/gateway-info/files/etc/uci-defaults/86-set-gateway-device-info
+++ b/gateway-info/files/etc/uci-defaults/86-set-gateway-device-info
@@ -0,0 +1,283 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+convert_to_hex() {
+	local val=""
+	local optval="${1}"
+	OPTIND=1
+	while getopts ":" opt "-$optval"
+	do
+		temp=$(printf "%02X" "'${OPTARG:-:}")
+		val="${val}:${temp}"
+	done
+
+	echo "${val}"
+}
+
+configure_send_op125() {
+	local sendopt="${1}"
+	local intf="${2}"
+	local uci="${3}"
+	local hex_oui=""
+	local hex_serial=""
+	local hex_class=""
+	local oui_len=0
+	local serial_len=0
+	local class_len=0
+
+	if [ "${uci}" = "network" ]; then
+		local opt125="125:00:00:0D:E9"
+	else
+		if [ -z "${sendopt}" ]; then
+			local opt125="125,00:00:0D:E9"
+		else
+			local opt125=":00:00:0D:E9"
+		fi
+	fi
+
+	config_get oui cpe manufacturer_oui ""
+	if [ -z "${oui}" ]; then
+		oui=$(db -q get device.deviceinfo.ManufacturerOUI)
+	fi
+
+	oui=$(echo "${oui}" | tr 'a-f' 'A-F')
+
+	config_get serial cpe serial_number ""
+	if [ -z "${serial}" ]; then
+		serial=$(db -q get device.deviceinfo.SerialNumber)
+	fi
+
+	config_get class cpe product_class ""
+	if [ -z "${class}" ]; then
+		class=$(db -q get device.deviceinfo.ProductClass)
+	fi
+
+	oui_len=$(echo -n "${oui}" | wc -m)
+	serial_len=$(echo -n "${serial}" | wc -m)
+	class_len=$(echo -n "${class}" | wc -m)
+
+	if [ "${oui_len}" -eq 0 ] || [ "${serial_len}" -eq 0 ]; then
+		return 0
+	fi
+
+	opt125_len=$((oui_len + serial_len + class_len))
+	if [ "${class_len}" -gt 0 ]; then
+		opt125_len=$((opt125_len + 6))
+	else
+		opt125_len=$((opt125_len + 4))
+	fi
+
+	hex_opt125_len=$(printf "%02X" "${opt125_len}")
+	opt125="${opt125}:${hex_opt125_len}"
+	hex_oui=$(convert_to_hex "${oui}")
+	if [ -z "${hex_oui}" ]; then
+		return 0
+	fi
+
+	hex_oui_len=$(printf "%02X" "${oui_len}")
+	if [ "${uci}" = "network" ]; then
+		opt125="${opt125}:01:${hex_oui_len}${hex_oui}"
+	else
+		opt125="${opt125}:04:${hex_oui_len}${hex_oui}"
+	fi
+
+	hex_serial=$(convert_to_hex "${serial}")
+	if [ -z "${hex_serial}" ]; then
+		return 0
+	fi
+
+	hex_serial_len=$(printf "%02X" "${serial_len}")
+	if [ "${uci}" = "network" ]; then
+		opt125="${opt125}:02:${hex_serial_len}${hex_serial}"
+	else
+		opt125="${opt125}:05:${hex_serial_len}${hex_serial}"
+	fi
+
+	if [ "${class_len}" -gt 0 ]; then
+		hex_class=$(convert_to_hex "${class}")
+		if [ -z "${hex_class}" ]; then
+			return 0
+		fi
+
+		hex_class_len=$(printf "%02X" "${class_len}")
+		if [ "${uci}" = "network" ]; then
+			opt125="${opt125}:03:${hex_class_len}${hex_class}"
+		else
+			opt125="${opt125}:06:${hex_class_len}${hex_class}"
+		fi
+	fi
+
+
+	if [ "${uci}" = "network" ]; then
+		new_send_opt="$sendopt $opt125"
+		uci -q set network."${intf}".sendopts="$new_send_opt"
+	else
+		new_send_opt="$sendopt$opt125"
+		uci -q add_list dhcp."${intf}".dhcp_option="$new_send_opt"
+	fi
+}
+
+check_for_suboptions() {
+	# Check if option 4 and 5 present inside enterprise id 3561
+	data=$(echo "${1}" | sed 's/://g')
+	len=$(printf "${data}"|wc -c)
+
+	rem_len="${len}"
+	while [ $rem_len -gt 8 ]; do
+		subopt_present=0
+
+		ent_id="${data:0:8}"
+		ent_id=$(printf "%d\n" "0x$ent_id")
+		if [ $ent_id -ne 3561 ]; then
+			len_val=${data:8:2}
+			data_len=$(printf "%d\n" "0x$len_val")
+			# add 4 byte for ent_id and 1 byte for len
+			data_len=$(( data_len * 2 + 10 ))
+			# move ahead data to next enterprise id
+			data=${data:"${data_len}":"${rem_len}"}
+			rem_len=$(( rem_len - data_len ))
+			continue
+		fi
+
+		# read the length of enterprise data
+		len_val=${data:8:2}
+		data_len=$(printf "%d\n" "0x$len_val")
+		# add 4 byte for ent_id and 1 byte for len
+		data_len=$(( data_len * 2 + 10 ))
+
+		len_val=${data:8:2}
+		opt_len=$(printf "%d\n" "0x$len_val")
+		if [ $opt_len -eq 0 ]; then
+			echo ${subopt_present}
+			return 0
+		fi
+
+		# populate the option data of enterprise id
+		sub_data_len=$(( opt_len * 2))
+		# starting 10 means ahead of length field
+		sub_data=${data:10:"${sub_data_len}"}
+
+		# parsing of suboption of option 125
+		while [ $sub_data_len -gt 0 ]; do
+			# get the suboption id
+			sub_opt_id=${sub_data:0:2}
+			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
+			case "${sub_opt_id}" in
+			"4") subopt_present=1
+			;;
+			"5") subopt_present=1
+			;;
+			esac
+
+			if [ ${subopt_present} -eq 1 ]; then
+				break;
+			fi
+
+			# get the length of suboption
+			sub_opt_len=${sub_data:2:2}
+			sub_opt_len=$(printf "%d\n" "0x$sub_opt_len")
+			sub_opt_len=$(( sub_opt_len * 2 ))
+
+			# add 2 bytes for sub_opt id and sub_opt len field
+			sub_opt_end=$(( sub_opt_len + 4 ))
+
+			# update the remaining sub option hex string length
+			sub_data_len=$((sub_data_len - sub_opt_end))
+
+			# fetch next sub option hex string
+			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
+		done
+
+		if [ ${subopt_present} -eq 1 ]; then
+			break;
+		else
+			# move ahead data to next enterprise id
+			rem_len=$(( rem_len - $data_len ))
+			data=${data:"${data_len}":"${rem_len}"}
+		fi
+	done
+
+	echo ${subopt_present}
+}
+
+enable_dhcp_option125() {
+	local wan="${1}"
+	local reqopts="$(uci -q get network."${wan}".reqopts)"
+	local sendopts="$(uci -q get network."${wan}".sendopts)"
+	local proto="$(uci -q get network."${wan}".proto)"
+	local newreqopts=""
+	local newsendopts=""
+	local req125_present=0
+	local send125_present=0
+	local opt125="125:"
+
+	for ropt in $reqopts; do
+		case $ropt in
+			125) req125_present=1 ;;
+			*) ;;
+		esac
+	done
+
+	for sopt in $sendopts; do
+		if [[ "$sopt" == "$opt125"* ]]; then
+			send125_present=1
+			break
+		fi
+	done
+
+	if [ "${proto}" = "dhcp" ]; then
+		if [ ${req125_present} -eq 0 ]; then
+			newreqopts="$reqopts 125"
+			uci -q set network."${wan}".reqopts="$newreqopts"
+		fi
+
+		if [ ${send125_present} -eq 0 ]; then
+			configure_send_op125 "${sendopts}" "${wan}" "network"
+		fi
+	fi
+}
+
+enable_dnsmasq_option125() {
+	local lan="${1}"
+	local send125_present=0
+	local opt125="125,"
+
+	local proto="$(uci -q get dhcp."${lan}".dhcpv4)"
+	if [ "${proto}" = "server" ]; then
+		opt_list="$(uci -q get dhcp."${lan}".dhcp_option)"
+		base_opt=""
+
+		for sopt in $opt_list; do
+			if [[ "$sopt" == "$opt125"* ]]; then
+				send125_present=$(check_for_suboptions "${sopt:4}")
+				base_opt="${sopt}"
+				break
+			fi
+		done
+
+		if [ ${send125_present} -eq 0 ]; then
+			uci -q del_list dhcp."${lan}".dhcp_option="${base_opt}"
+			configure_send_op125 "${base_opt}" "${lan}" "dhcp"
+		fi
+	fi
+}
+
+configure_gateway_device_info() {
+	wan_intf=""
+	lan_intf=""
+
+	config_load gateway
+	config_get wan_intf global wan_interface "wan"
+	config_get lan_intf global lan_interface "lan"
+
+	# Set dhcp_option 125 for device info if not already configured
+	enable_dhcp_option125 "${wan_intf}"
+
+	if [ "${wan_intf}" != "${lan_intf}" ]; then
+		# This is extender no need to configure gateway info
+		enable_dnsmasq_option125 "${lan_intf}"
+	fi
+}
+
+configure_gateway_device_info
--- a/gateway-info/files/etc/udhcpc.user.d/udhcpc_gateway_info.user
+++ b/gateway-info/files/etc/udhcpc.user.d/udhcpc_gateway_info.user
@@ -110,13 +110,8 @@ get_vivsoi() {
 	done
 }

-config_load cwmp
-config_get_bool enable_cwmp cpe enable 1
-config_get wan_intf cpe default_wan_interface "wan"
-
-if [ "$enable_cwmp" = "0" ]; then
-	return 0
-fi
+config_load gateway
+config_get wan_intf global wan_interface "wan"

 if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	if [ -n "$opt125" ]; then
@@ -125,15 +120,15 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	fi

 	mkdir -p /var/state
-	touch /var/state/icwmp
-	sec=$(uci -q -c /var/state get icwmp.gatewayinfo)
+	touch /var/state/gwinfo
+	sec=$(uci -q -c /var/state get gwinfo.gatewayinfo)
 	if [ -z "${sec}" ]; then
-		sec=$(uci -q -c /var/state add icwmp gatewayinfo)
-		uci -q -c /var/state rename icwmp."${sec}"="gatewayinfo"
+		sec=$(uci -q -c /var/state add gwinfo gatewayinfo)
+		uci -q -c /var/state rename gwinfo."${sec}"="gatewayinfo"
 	fi

-	uci -q -c /var/state set icwmp.gatewayinfo.class="$CLASS"
-	uci -q -c /var/state set icwmp.gatewayinfo.oui="$OUI"
-	uci -q -c /var/state set icwmp.gatewayinfo.serial="$SERIAL"
-	uci -q -c /var/state commit icwmp
+	uci -q -c /var/state set gwinfo.gatewayinfo.class="$CLASS"
+	uci -q -c /var/state set gwinfo.gatewayinfo.oui="$OUI"
+	uci -q -c /var/state set gwinfo.gatewayinfo.serial="$SERIAL"
+	uci -q -c /var/state commit gwinfo
 fi
--- a/gryphon-led-module/Makefile
+++ b/gryphon-led-module/Makefile
@@ -18,7 +18,8 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=gryphon-led-kernel-module
-PKG_RELEASE:=1
+PKG_VERSION:=1.0.0
+PKG_LICENSE:=GPL-2.0

 include $(INCLUDE_DIR)/package.mk

@@ -26,41 +27,18 @@ define KernelPackage/$(PKG_NAME)
  SUBMENU:=LED modules
  TITLE:=LED driver for Gryphon
  FILES:=$(PKG_BUILD_DIR)/$(PKG_NAME).$(LINUX_KMOD_SUFFIX)
-  KCONFIG:=CONFIG_PACKAGE_kmod-gryphon-led-kernel-module=y
  AUTOLOAD:=$(call AutoLoad,60,$(PKG_NAME))
-  DEPENDS:= +(TARGET_brcmbca):bcm963xx-bsp
-  PKG_LICENSE:=GPLv2
-  PKG_LICENSE_URL:=
 endef

 define KernelPackage/$(PKG_NAME)/description
  This package contains the LED driver for Gryphon devices.
 endef

-EXTRA_KCONFIG:= CONFIG_RGB_LED=m
-
-MODULE_INCLUDE=-I$(PKG_BUILD_DIR)
-
 # support compilation against BCM SDK kernel
-include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
-
-define Build/Prepare
-	mkdir -p $(PKG_BUILD_DIR)/kdevlinks/
-	$(CP) -s `pwd`/src/* $(PKG_BUILD_DIR)/kdevlinks/
-	$(CP) src/* $(PKG_BUILD_DIR)
-endef
+-include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk

 define Build/Compile
-	$(MAKE) -C "$(LINUX_DIR)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		ARCH="$(LINUX_KARCH)" \
-		SUBDIRS="$(PKG_BUILD_DIR)" \
-		EXTRA_CFLAGS="-DKERNEL_MODULE $(BUILDFLAGS) -I$(LINUX_DIR)/include -include generated/autoconf.h $(MODULE_INCLUDE)" \
-		modules
-endef
-
-define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/include
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)" modules
 endef

 $(eval $(call KernelPackage,$(PKG_NAME)))
--- a/gryphon-led-module/src/main.c
+++ b/gryphon-led-module/src/main.c
@@ -28,6 +28,7 @@
 #include <linux/gpio/consumer.h>
 #include <linux/of.h>
 #include <linux/version.h>
+#include <linux/string.h>

 #include "sk9822.h"

@@ -46,11 +47,6 @@ static ssize_t get_led_color(struct device *dev,
 	int len;
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);

-	if (IS_ERR(sk9822)) {
-		printk(KERN_ERR "Platform get drvdata returned NULL\n");
-		return -EIO;
-	}
-
 	len = scnprintf(buf, PAGE_SIZE, "%02x%02x%02x\n", sk9822->led_colors[0].r, sk9822->led_colors[0].g, sk9822->led_colors[0].b);
 	if (len <= 0) {
 		dev_err(dev, "sk9822: Invalid sprintf len: %d\n", len);
@@ -73,11 +69,6 @@ static ssize_t set_led_color(struct device *dev,
 	size_t buflen = count;
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);

-	if (IS_ERR(sk9822)) {
-		printk(KERN_ERR "Platform get drvdata returned NULL\n");
-		return -EIO;
-	}
-
 	/* strip newline */
 	if ((count > 0) && (buf[count-1] == '\n')) {
 		buflen--;
@@ -111,11 +102,6 @@ static ssize_t get_led_brightness(struct device *dev,
 	int len;
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);

-	if (IS_ERR(sk9822)) {
-		printk(KERN_ERR "Platform get drvdata returned NULL\n");
-		return -EIO;
-	}
-
 	len = scnprintf(buf, PAGE_SIZE, "%x\n", sk9822->led_brightness);
 	if (len <= 0) {
 		dev_err(dev, "sk9822: Invalid sprintf len: %d\n", len);
@@ -138,11 +124,6 @@ static ssize_t set_led_brightness(struct device *dev,
 	struct sk9822_leds *sk9822 = dev_get_drvdata(dev);
 	unsigned long val = SK9822_DEFAULT_BRIGHTNESS;

-	if (IS_ERR(sk9822)) {
-		printk(KERN_ERR "Platform get drvdata returned NULL\n");
-		return -EIO;
-	}
-
 	if (kstrtoul(buf, 16, &val)) {
 		return -EINVAL;
 	}
@@ -209,49 +190,33 @@ static int canyon_led_probe(struct platform_device *pdev)

 	platform_set_drvdata(pdev, leds);

-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 3, 0)
-	leds->clock_gpio = gpiod_get_index(&pdev->dev, "led", 0);
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
-	leds->clock_gpio = gpiod_get_index(&pdev->dev, "led", 0, GPIOD_OUT_HIGH);
-#else
-	dev_warn(&pdev->dev, "Kernel version Not supported\n");
-	exit(1);
-#endif
+	leds->clock_gpio = devm_gpiod_get_index(&pdev->dev, "led", 0, GPIOD_OUT_HIGH);
 	if (IS_ERR(leds->clock_gpio)) {
 		dev_err(&pdev->dev, "Failed to acquire clock GPIO %ld\n",
 				PTR_ERR(leds->clock_gpio));
 		return PTR_ERR(leds->clock_gpio);
 	}

-	gpiod_direction_output(leds->clock_gpio, 1);
-	if (IS_ERR(leds->clock_gpio)) {
-		dev_err(&pdev->dev, "Failed to acquire clock GPIO %ld\n",
-				PTR_ERR(leds->clock_gpio));
-		return PTR_ERR(leds->clock_gpio);
+	ret = gpiod_direction_output(leds->clock_gpio, 1);
+	if (ret) {
+		dev_err(&pdev->dev, "Failed to set clock GPIO output %d\n", ret);
+		return ret;
 	} else {
 		printk(KERN_INFO "Got clock gpio\n");
 		gpiod_set_value(leds->clock_gpio, 0);
 	}

-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 3, 0)
-	leds->data_gpio = gpiod_get_index(&pdev->dev, "led", 1);
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
-	leds->data_gpio = gpiod_get_index(&pdev->dev, "led", 1, GPIOD_OUT_HIGH);
-#else
-	dev_warn(&pdev->dev, "Kernel version Not supported\n");
-	exit(1);
-#endif
+	leds->data_gpio = devm_gpiod_get_index(&pdev->dev, "led", 1, GPIOD_OUT_HIGH);
 	if (IS_ERR(leds->data_gpio)) {
 		dev_err(&pdev->dev, "Failed to acquire data GPIO %ld\n",
 				PTR_ERR(leds->data_gpio));
 		return PTR_ERR(leds->data_gpio);
 	}

-	gpiod_direction_output(leds->data_gpio, 1);
-	if (IS_ERR(leds->data_gpio)) {
-		dev_err(&pdev->dev, "Failed to acquire data GPIO %ld\n",
-				PTR_ERR(leds->data_gpio));
-		return PTR_ERR(leds->data_gpio);
+	ret = gpiod_direction_output(leds->data_gpio, 1);
+	if (ret) {
+		dev_err(&pdev->dev, "Failed to set data GPIO output %d\n", ret);
+		return ret;
 	} else {
 		printk(KERN_INFO "Got data gpio\n");
 		gpiod_set_value(leds->data_gpio, 0);
@@ -264,45 +229,31 @@ static int canyon_led_probe(struct platform_device *pdev)
 		return ret;
 	}

-#if 0
-	printk(KERN_INFO "Flash LEDs to verify they work\n");
-	sk9822_set_color_str(leds, "00FF00");
-	sk9822_update(leds);
-	msleep(200);
-	sk9822_set_color_str(leds, "000000");
-	sk9822_update(leds);
-#endif
-
 	printk(KERN_INFO "canyon led successfully probed\n");

 	return 0;
 }

+static void canyon_led_off(struct sk9822_leds *leds)
+{
+	leds->led_brightness = 0;
+	memset(leds->led_colors, 0, sizeof(cRGB) * leds->led_count);
+	sk9822_update(leds);
+}
+
 static int canyon_led_remove(struct platform_device *pdev)
 {
-	struct sk9822_leds *leds;
-
 	sysfs_remove_group(&pdev->dev.kobj, &sk9822_dev_attr_group);
-
-	leds = platform_get_drvdata(pdev);
-	if (IS_ERR(leds)) {
-		printk(KERN_ERR "Platform get drvdata returned NULL\n");
-		return -1;
-	}
-
-	if (leds->clock_gpio) {
-		gpiod_put(leds->clock_gpio);
-	}
-
-	if (leds->data_gpio) {
-		gpiod_put(leds->data_gpio);
-	}
-
-	printk(KERN_NOTICE "Bye, bye\n");
+	canyon_led_off(platform_get_drvdata(pdev));

 	return 0;
 }

+static void canyon_led_shutdown(struct platform_device *pdev)
+{
+	canyon_led_off(platform_get_drvdata(pdev));
+}
+
 /**
 * platform driver metadata
 */
@@ -315,6 +266,7 @@ static const struct of_device_id canyon_led_of_ids[] = {
 static struct platform_driver canyon_led = {
 	.probe = &canyon_led_probe,
 	.remove = &canyon_led_remove,
+	.shutdown = &canyon_led_shutdown,
 	.driver = {
 		.name = DRIVER_NAME,
 		.owner = THIS_MODULE,
--- a/hostmngr/Makefile
+++ b/hostmngr/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=hostmngr
-PKG_VERSION:=1.2.14
+PKG_VERSION:=1.2.15

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6ea9fdb38a8e067b850841d6e7f7266bf76c363a
+PKG_SOURCE_VERSION:=3b50823da3f2904191332634c1e45d46090def1d
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
--- a/hostmngr/files/scripts/hosts_acl.sh
+++ b/hostmngr/files/scripts/hosts_acl.sh
@@ -271,14 +271,14 @@ touch $ACL_FILE
 echo "iptables -w -F hosts_forward" >> $ACL_FILE
 echo "ip6tables -w -F hosts_forward" >> $ACL_FILE

-hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward)
+hosts_ipv4_forward=$(iptables -w -t filter --list -n | grep hosts_forward)
 if [ -z "$hosts_ipv4_forward" ]; then
 	echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
 	[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
 fi

-hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward)
+hosts_ipv6_forward=$(ip6tables -w -t filter --list -n | grep hosts_forward)
 if [ -z "$hosts_ipv6_forward" ]; then
 	echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
--- a/icwmp/Makefile
+++ b/icwmp/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
+# Copyright (C) 2020-2025 IOPSYS Software Solutions AB
 #
 # This is free software, licensed under the BSD-3-Clause
 # See /LICENSE for more information.
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=icwmp
-PKG_VERSION:=9.8.29
+PKG_VERSION:=9.8.36

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=4075ec2c530fb1590aa484f98ed37c9dda5216f5
+PKG_SOURCE_VERSION:=7c5e02a81d88b78da1394b0729e93cf3313b293d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -75,7 +75,6 @@ define Package/icwmp/install
 	$(INSTALL_BIN) ./files/etc/icwmpd/vendor_log.sh $(1)/etc/icwmpd/vendor_log.sh
 	$(INSTALL_BIN) ./files/etc/icwmpd/firewall.cwmp $(1)/etc/icwmpd/firewall.cwmp
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
-	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/libcwmpdm.so $(1) $(PKG_NAME)
--- a/icwmp/files/etc/config/cwmp
+++ b/icwmp/files/etc/config/cwmp
@@ -13,6 +13,7 @@ config acs 'acs'
 	# possible configs interval :[1000:65535]
 	option retry_interval_multiplier '2000'
 	option skip_dhcp_boot_options '0'
+	option insecure_enable '0'

 config cpe 'cpe'
 	option enable '1'
@@ -41,6 +42,7 @@ config cpe 'cpe'
 	option disable_gatewayinfo '0'
 	option fw_upgrade_keep_settings '1'
 	option clock_sync_timeout '128'
+	option disable_datatype_check '0'
 	
 config lwn 'lwn'
 	option enable '0'
--- a/icwmp/files/etc/init.d/icwmpd
+++ b/icwmp/files/etc/init.d/icwmpd
@@ -73,231 +73,6 @@ enable_dhcp_option43() {
 	fi
 }

-convert_to_hex() {
-	local val=""
-	local optval="${1}"
-	OPTIND=1
-	while getopts ":" opt "-$optval"
-	do
-		temp=$(printf "%02X" "'${OPTARG:-:}")
-		val="${val}:${temp}"
-	done
-
-	echo "${val}"
-}
-
-configure_send_op125() {
-	local sendopt="${1}"
-	local intf="${2}"
-	local uci="${3}"
-	local hex_oui=""
-	local hex_serial=""
-	local hex_class=""
-	local oui_len=0
-	local serial_len=0
-	local class_len=0
-
-	if [ "${uci}" = "network" ]; then
-		local opt125="125:00:00:0D:E9"
-	else
-		if [ -z "${sendopt}" ]; then
-			local opt125="125,00:00:0D:E9"
-		else
-			local opt125=":00:00:0D:E9"
-		fi
-	fi
-
-	config_get oui cpe manufacturer_oui ""
-	if [ -z "${oui}" ]; then
-		oui=$(db -q get device.deviceinfo.ManufacturerOUI)
-	fi
-
-	oui=$(echo "${oui}" | tr 'a-f' 'A-F')
-
-	config_get serial cpe serial_number ""
-	if [ -z "${serial}" ]; then
-		serial=$(db -q get device.deviceinfo.SerialNumber)
-	fi
-
-	config_get class cpe product_class ""
-	if [ -z "${class}" ]; then
-		class=$(db -q get device.deviceinfo.ProductClass)
-	fi
-
-	oui_len=$(echo -n "${oui}" | wc -m)
-	serial_len=$(echo -n "${serial}" | wc -m)
-	class_len=$(echo -n "${class}" | wc -m)
-
-	if [ "${oui_len}" -eq 0 ] || [ "${serial_len}" -eq 0 ]; then
-		return 0
-	fi
-
-	opt125_len=$((oui_len + serial_len + class_len))
-	if [ "${class_len}" -gt 0 ]; then
-		opt125_len=$((opt125_len + 6))
-	else
-		opt125_len=$((opt125_len + 4))
-	fi
-
-	hex_opt125_len=$(printf "%02X" "${opt125_len}")
-	opt125="${opt125}:${hex_opt125_len}"
-	hex_oui=$(convert_to_hex "${oui}")
-	if [ -z "${hex_oui}" ]; then
-		return 0
-	fi
-
-	hex_oui_len=$(printf "%02X" "${oui_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:01:${hex_oui_len}${hex_oui}"
-	else
-		opt125="${opt125}:04:${hex_oui_len}${hex_oui}"
-	fi
-
-	hex_serial=$(convert_to_hex "${serial}")
-	if [ -z "${hex_serial}" ]; then
-		return 0
-	fi
-
-	hex_serial_len=$(printf "%02X" "${serial_len}")
-	if [ "${uci}" = "network" ]; then
-		opt125="${opt125}:02:${hex_serial_len}${hex_serial}"
-	else
-		opt125="${opt125}:05:${hex_serial_len}${hex_serial}"
-	fi
-
-	if [ "${class_len}" -gt 0 ]; then
-		hex_class=$(convert_to_hex "${class}")
-		if [ -z "${hex_class}" ]; then
-			return 0
-		fi
-
-		hex_class_len=$(printf "%02X" "${class_len}")
-		if [ "${uci}" = "network" ]; then
-			opt125="${opt125}:03:${hex_class_len}${hex_class}"
-		else
-			opt125="${opt125}:06:${hex_class_len}${hex_class}"
-		fi
-	fi
-
-
-	if [ "${uci}" = "network" ]; then
-		new_send_opt="$sendopt $opt125"
-		uci -q set network."${intf}".sendopts="$new_send_opt"
-	else
-		new_send_opt="$sendopt$opt125"
-		uci -q add_list dhcp."${intf}".dhcp_option="$new_send_opt"
-	fi
-}
-
-check_for_suboptions() {
-	# Check if option 4 and 5 present inside enterprise id 3561
-	data=$(echo "${1}" | sed 's/://g')
-	len=$(printf "${data}"|wc -c)
-
-	rem_len="${len}"
-	while [ $rem_len -gt 8 ]; do
-		subopt_present=0
-
-		ent_id="${data:0:8}"
-		ent_id=$(printf "%d\n" "0x$ent_id")
-		if [ $ent_id -ne 3561 ]; then
-			len_val=${data:8:2}
-			data_len=$(printf "%d\n" "0x$len_val")
-			# add 4 byte for ent_id and 1 byte for len
-			data_len=$(( data_len * 2 + 10 ))
-			# move ahead data to next enterprise id
-			data=${data:"${data_len}":"${rem_len}"}
-			rem_len=$(( rem_len - data_len ))
-			continue
-		fi
-
-		# read the length of enterprise data
-		len_val=${data:8:2}
-		data_len=$(printf "%d\n" "0x$len_val")
-		# add 4 byte for ent_id and 1 byte for len
-		data_len=$(( data_len * 2 + 10 ))
-
-		len_val=${data:8:2}
-		opt_len=$(printf "%d\n" "0x$len_val")
-		if [ $opt_len -eq 0 ]; then
-			echo ${subopt_present}
-			return 0
-		fi
-
-		# populate the option data of enterprise id
-		sub_data_len=$(( opt_len * 2))
-		# starting 10 means ahead of length field
-		sub_data=${data:10:"${sub_data_len}"}
-
-		# parsing of suboption of option 125
-		while [ $sub_data_len -gt 0 ]; do
-			# get the suboption id
-			sub_opt_id=${sub_data:0:2}
-			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
-			case "${sub_opt_id}" in
-			"4") subopt_present=1
-			;;
-			"5") subopt_present=1
-			;;
-			esac
-
-			if [ ${subopt_present} -eq 1 ]; then
-				break;
-			fi
-
-			# get the length of suboption
-			sub_opt_len=${sub_data:2:2}
-			sub_opt_len=$(printf "%d\n" "0x$sub_opt_len")
-			sub_opt_len=$(( sub_opt_len * 2 ))
-
-			# add 2 bytes for sub_opt id and sub_opt len field
-			sub_opt_end=$(( sub_opt_len + 4 ))
-
-			# update the remaining sub option hex string length
-			sub_data_len=$((sub_data_len - sub_opt_end))
-
-			# fetch next sub option hex string
-			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
-		done
-
-		if [ ${subopt_present} -eq 1 ]; then
-			break;
-		else
-			# move ahead data to next enterprise id
-			rem_len=$(( rem_len - $data_len ))
-			data=${data:"${data_len}":"${rem_len}"}
-		fi
-	done
-
-	echo ${subopt_present}
-}
-
-enable_dnsmasq_option125() {
-	local lan="${1}"
-	local send125_present=0
-	local opt125="125,"
-
-	local proto="$(uci -q get dhcp."${lan}".dhcpv4)"
-	if [ "${proto}" = "server" ]; then
-		opt_list="$(uci -q get dhcp."${lan}".dhcp_option)"
-		base_opt=""
-
-		for sopt in $opt_list; do
-			if [[ "$sopt" == "$opt125"* ]]; then
-				send125_present=$(check_for_suboptions "${sopt:4}")
-				base_opt="${sopt}"
-				break
-			fi
-		done
-
-		if [ ${send125_present} -eq 0 ]; then
-			uci -q del_list dhcp."${lan}".dhcp_option="${base_opt}"
-			configure_send_op125 "${base_opt}" "${lan}" "dhcp"
-			ubus call uci commit '{"config":"dhcp"}'
-		fi
-	fi
-}
-
 set_vendor_id() {
 	local wan="${1}"
 	local proto="$(uci -q get network."${wan}".proto)"
@@ -314,51 +89,6 @@ set_vendor_id() {
 	fi
 }

-enable_dhcp_option125() {
-	local wan="${1}"
-	local reqopts="$(uci -q get network."${wan}".reqopts)"
-	local sendopts="$(uci -q get network."${wan}".sendopts)"
-	local proto="$(uci -q get network."${wan}".proto)"
-	local newreqopts=""
-	local newsendopts=""
-	local req125_present=0
-	local send125_present=0
-	local network_uci_update=0
-	local opt125="125:"
-
-	for ropt in $reqopts; do
-		case $ropt in
-			125) req125_present=1 ;;
-			*) ;;
-		esac
-	done
-
-	for sopt in $sendopts; do
-		if [[ "$sopt" == "$opt125"* ]]; then
-			send125_present=1
-			break
-		fi
-	done
-
-	if [ "${proto}" = "dhcp" ]; then
-		if [ ${req125_present} -eq 0 ]; then
-			newreqopts="$reqopts 125"
-			uci -q set network."${wan}".reqopts="$newreqopts"
-			network_uci_update=1
-		fi
-
-		if [ ${send125_present} -eq 0 ]; then
-			configure_send_op125 "${sendopts}" "${wan}" "network"
-			network_uci_update=1
-		fi
-	fi
-
-	if [ ${network_uci_update} -eq 1 ]; then
-		uci commit network
-		ubus call network reload
-	fi
-}
-
 wait_for_resolvfile() {
 	local time=$1
 	local tm=1
@@ -481,13 +211,10 @@ validate_defaults() {
 }

 boot() {
-	local dhcp_discovery wan_interface skip_dhcp_boot_options disable_gatewayinfo
+	local dhcp_discovery wan_interface skip_dhcp_boot_options

 	config_load cwmp
 	config_get wan_interface cpe default_wan_interface "wan"
-	config_get disable_gatewayinfo cpe disable_gatewayinfo "0"
-
-	config_get dhcp_discovery acs dhcp_discovery "0"
 	config_get dhcp_discovery acs dhcp_discovery "0"
 	config_get skip_dhcp_boot_options acs skip_dhcp_boot_options "0"

@@ -500,15 +227,6 @@ boot() {
 		fi
 	fi

-	config_get lan_interface cpe default_lan_interface ""
-	if [ -n "${lan_interface}" ]; then
-		if [ "${disable_gatewayinfo}" -ne 1 ]; then
-			# Set dhcp_option 125 if not already configured
-			enable_dhcp_option125 "${wan_interface}"
-			enable_dnsmasq_option125 "${lan_interface}"
-		fi
-	fi
-	
 	config_get ssl_capath acs ssl_capath

 	if [ -n "${ssl_capath}" ]; then
@@ -545,7 +263,14 @@ start_service() {

 stop_service()
 {
+	local switch_bank
+
 	copy_cwmp_varstate_files_to_etc
+	
+	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
+	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
+		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
+	fi
 }

 reload_service() {
--- a/icwmp/files/lib/upgrade/keep.d/icwmp
+++ b/icwmp/files/lib/upgrade/keep.d/icwmp
@@ -1,2 +1,2 @@
-/var/run/icwmpd/icwmpd_backup_session.xml
+/etc/icwmpd/icwmpd_backup_session.xml
 /etc/icwmpd/cwmp
--- a/ieee1905/Makefile
+++ b/ieee1905/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.0
+PKG_VERSION:=8.7.3

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=e65188bb2a05cf83f50ecf2ef8042cf75abe94a0
+PKG_SOURCE_VERSION:=f3f4dbaac6b2ff6cfd38852e8625625d24996a53
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
--- a/ipt-trigger/Makefile
+++ b/ipt-trigger/Makefile
@@ -24,7 +24,7 @@ define KernelPackage/ipt-trigger
  SUBMENU:=Other modules
  TITLE:=Kernel module for iptables port trigger
  FILES:=$(PKG_BUILD_DIR)/src/ipv4/ipt_TRIGGER.ko
-  DEPENDS+=+kmod-nf-nat +xtables-legacy
+  DEPENDS+=+kmod-nf-nat +kmod-ipt-core
  AUTOLOAD:=$(call AutoLoad,30,ipt_TRIGGER,1)
  KCONFIG:=
 endef
@@ -32,7 +32,7 @@ endef
 define KernelPackage/ip6t-trigger
  SUBMENU:=Other modules
  TITLE:=Kernel module for ip6tables port trigger
-  DEPENDS+=+kmod-nf-nat +xtables-legacy
+  DEPENDS+=+kmod-nf-nat +kmod-ipt-core
  FILES:=$(PKG_BUILD_DIR)/src/ipv6/ip6t_TRIGGER.ko
  AUTOLOAD:=$(call AutoLoad,30,ip6t_TRIGGER,1)
  KCONFIG:=
@@ -46,9 +46,7 @@ define KernelPackage/ip6t-trigger/description
 	Kernel module to enable port trigger for ip6tables
 endef

-ifeq ($(CONFIG_TARGET_brcmbca),y)
-	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
-endif
+-include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk

 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -67,8 +65,6 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/include/ipt_TRIGGER.h $(1)/include/linux/netfilter_ipv4/
 endef

-KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
-
 define Build/Compile
 	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src/ipv4/" modules
 	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src/ipv6/" modules
--- a/libvoice-airoha/Makefile
+++ b/libvoice-airoha/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.1.2
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE

@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=68f0b4f3edecea9b8f05e72b6bbf3952d3946b7c
+PKG_SOURCE_VERSION:=1ded9a4bb0f2f8a5f3989799b5500e328e086c99
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha
+++ b/libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+hasVoice=$(db -q get hw.board.hasVoice)
+
+[ "$hasVoice" = "1" ] || exit 0
+
+SLIC=`cat /proc/device-tree/airoha-voice/slic-type`
+[ "${SLIC#pef}" != "${SLIC}" ] || exit 0
+
+echo Configure TxGain and RxGain for MXL SLIC $SLIC
+
+ports=$(db -q get hw.board.VoicePorts)
+for p in $(seq 0 $((ports-1))); do
+    uci set asterisk.extension${p}.txgain='10'
+    uci set asterisk.extension${p}.rxgain='-15'
+done
+uci commit asterisk
--- a/libwifi/Makefile
+++ b/libwifi/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libwifi
-PKG_VERSION:=7.9.0
+PKG_VERSION:=7.10.3

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b4d974c213eb2ad0b98165241b83bbda013ba452
+PKG_SOURCE_VERSION:=c271aaf54feb7491bb7b46631ba014991eea8cb9
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -60,11 +60,11 @@ else
  TARGET_CFLAGS +=-DIOPSYS_MAC80211
 endif

-ifneq ($(CONFIG_PACKAGE_kmod-mt7915e),)
+ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
 endif

-PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e:mt76
+PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523

 ifneq ($(CONFIG_PACKAGE_libwifi),)
 TARGET_CFLAGS +=-DHAS_WIFI
--- a/logmngr/Makefile
+++ b/logmngr/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=logmngr
-PKG_VERSION:=1.0.8
+PKG_VERSION:=1.0.9

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
-PKG_SOURCE_VERSION:=7c2056c9f5dc23fd1260846c72210365ec69c882
+PKG_SOURCE_VERSION:=e2ffe2b9e7722ce19dff7db6e47e62a305dc568b
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -65,7 +65,7 @@ endif
 ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif
-	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1)
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1) core
 ifeq ($(CONFIG_LOGMNGR_LOGROTATE),y)
 	$(INSTALL_BIN) ./files/11-logmngr_logrotate_config_generate $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/lib/logmngr/logrotate.sh $(1)/lib/logmngr/
--- a/logmngr/files/10-logmngr_config_generate
+++ b/logmngr/files/10-logmngr_config_generate
@@ -25,4 +25,3 @@ uci set logmngr.lr1=log_remote
 uci set logmngr.lr1.enable=0
 uci set logmngr.lr1.action="ac1"
 uci set logmngr.lr1.port="514"
-uci commit logmngr
--- a/logmngr/files/11-logmngr_logrotate_config_generate
+++ b/logmngr/files/11-logmngr_logrotate_config_generate
@@ -10,5 +10,4 @@ if [ -s "/etc/config/logmngr" ]; then
 	uci set logmngr.lro1.file_name="/var/log/messages"
 	uci set logmngr.lro1.file_count=1
 	uci set logmngr.lro1.max_file_size=1000000
-	uci commit logmngr
 fi
--- a/map-agent/Makefile
+++ b/map-agent/Makefile
@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.1.2
+PKG_VERSION:=6.3.3.3
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=4547277f0637a4e7f18ff676350400efb4e37138
+PKG_SOURCE_VERSION:=b46d80ce97e5ca28a42605bca44fd00f16f18e06
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>

 PKG_LICENSE:=BSD-3-Clause
--- a/map-agent/files/etc/hotplug.d/ethernet/map-topology-discovery
+++ b/map-agent/files/etc/hotplug.d/ethernet/map-topology-discovery
@@ -15,7 +15,7 @@ rc="$?"
 issue_discovery() {
 	local iface="$1"

-	res=$(ubus -t5 call ieee1905 buildcmdu "{\"type\":0, \"ifname\":\"${iface}\"}" > /dev/null 2>&1)
+	res=$(ubus -t5 call ieee1905 buildcmdu "{\"type\":0, \"ifname\":\"${iface}\"}") > /dev/null 2>&1
 	json_load "$res" > /dev/null 2>&1
 	json_get_var data data

--- a/map-controller/Config.in
+++ b/map-controller/Config.in
@@ -10,6 +10,11 @@ config CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable extra features through Easymesh vendor extension"
 	default y

+config CONTROLLER_PROVISION_DISABLED_AP
+	depends on CONTROLLER_EASYMESH_VENDOR_EXT
+	bool "Enable vendor extension that provisions disabled APs to agents"
+	default n
+
 config CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
 	hex "Vendor OUI default"
 	default 0xB456FA
--- a/map-controller/Makefile
+++ b/map-controller/Makefile
@@ -1,14 +1,15 @@
 #
-# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
+# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
+# Copyright (C) 2025 Genexis AB
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-controller
-PKG_VERSION:=6.2.2.1
+PKG_VERSION:=6.3.0.1
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=f3d3ef332678f6417d78529323119a71ba715337
-PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
+PKG_SOURCE_VERSION:=1f800d31f299a78cf45b3982bf340a078a13effc
+PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
@@ -26,7 +27,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-controller
  SECTION:=utils
  CATEGORY:=Utilities
-  TITLE:=WiFi Multi-AP Controller (EasyMesh R2)
+  TITLE:=WiFi Multi-AP Controller (supporting EasyMesh R6)
  DEPENDS:=+libuci +libubox +ubus +libeasy +libwifiutils +libieee1905 +ieee1905 +ieee1905-map-plugin \
 	   +CONTROLLER_USE_LIBDPP:libdpp
 endef
@@ -61,6 +62,9 @@ endif
 ifeq ($(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT),y)
 TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=$(CONFIG_CONTROLLER_EASYMESH_VENDOR_EXT_OUI)
 TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
+ifeq ($(CONFIG_CONTROLLER_PROVISION_DISABLED_AP),y)
+TARGET_CFLAGS += -DPROVISION_DISABLED_AP
+endif
 endif

 ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)
--- a/map-controller/files/etc/config/mapcontroller
+++ b/map-controller/files/etc/config/mapcontroller
@@ -14,23 +14,17 @@ config controller 'controller'
 	option de_collect_interval '60'

 config sta_steering
-	option steer_module 'rcpi'
-	option enabled '1'
-	option enable_sta_steer '0'
+	option enable_sta_steer '1'
 	option enable_bsta_steer '0'
-	option use_bcn_metrics '0'
-	option use_usta_metrics '0'
-	option bandsteer '0'
-	option diffsnr '8'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'
 	option report_rcpi_threshold_2g '80'
 	option report_rcpi_threshold_5g '96'
 	option report_rcpi_threshold_6g '96'
-	option steer_retry_int '30'
-	option steer_int '180'
-	option steer_disable_int '600'
+	option plugins_enabled '1'
+	option plugins_policy 'any'
+	list plugins 'rcpi'

 ###################
 # Default AP sections credentials will by updated
--- a/map-controller/files/etc/init.d/mapcontroller
+++ b/map-controller/files/etc/init.d/mapcontroller
@@ -172,7 +172,7 @@ start_service() {
 	create_dir

 	procd_open_instance
-	procd_set_param command "/usr/sbin/mapcontroller" "-d"
+	procd_set_param command "/usr/sbin/mapcontroller" "-d" "-o" "/tmp/mapcontroller.log" "-f"

 	if [ -f /etc/config/mapagent ]; then
 	        local local_ctrl=0
--- a/map-topology/Config.in
+++ b/map-topology/Config.in
@@ -1,26 +0,0 @@
-if (PACKAGE_map-topology)
-
-menu "Configurations"
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT
-	bool "Enable extra features through Easymesh vendor extension"
-	default y
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	hex "Vendor OUI default"
-	default 0xB456FA
-
-config TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI
-	hex "Vendor OUI in 0xAABBCC format"
-	default TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI_DEFAULT
-	help
-	Extra features not covered by the base EasyMesh specification can be
-	enabled through TOPOLOGYD_EASYMESH_VENDOR_EXT. Please provide the Vendor's OUI
-	through which such features would be exposed.
-
-config TOPOLOGYD_HOST_WAN_STATS
-	bool "Enable wan statistics collection per hosts"
-	default y
-
-endmenu
-endif
--- a/map-topology/Makefile
+++ b/map-topology/Makefile
@@ -1,71 +0,0 @@
-#
-# Copyright (C) 2020-22 IOPSYS Software Solutions AB
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=map-topology
-PKG_VERSION:=2.5.2.1
-
-LOCAL_DEV:=0
-ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_VERSION:=914f1ead2e65c1e24ed2d8786aa883730db2208f
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-topology.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=skip
-endif
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_BUILD_DEPENDS:=ieee1905
-
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=LICENSE
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/map-topology
-	CATEGORY:=Utilities
-	DEPENDS:=+libubox +ubus +libpthread +libuci +libeasy \
-		 +libavahi-nodbus-support +libnetfilter-conntrack +libnfnetlink +libmnl
-	TITLE:=Utility to build topology of a multi-AP network
-endef
-
-define Package/map-topology/config
-	source "$(SOURCE)/Config.in"
-endef
-
-TARGET_CFLAGS += \
-	-Wno-error=deprecated-declarations \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-I$(STAGING_DIR)/usr/include/libnetfilter_conntrack \
-	-D_GNU_SOURCE
-
-define Package/map-topology/description
-	Constructs network topology and show it as json structure over UBUS
-endef
-
-MAKE_PATH:=src
-
-ifeq ($(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT),y)
-TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=$(CONFIG_TOPOLOGYD_EASYMESH_VENDOR_EXT_OUI)
-endif
-
-ifeq ($(CONFIG_TOPOLOGYD_HOST_WAN_STATS),y)
-TARGET_CFLAGS += -DHOST_WAN_STATS
-endif
-
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        $(CP) -rf ~/git/map-topology/* $(PKG_BUILD_DIR)/
-endef
-endif
-
-define Package/map-topology/install
-	$(CP) ./files/* $(1)/
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/topologyd $(1)/usr/sbin/
-endef
-
-$(eval $(call BuildPackage,map-topology))
--- a/map-topology/files/etc/config/topology
+++ b/map-topology/files/etc/config/topology
@@ -1,7 +0,0 @@
-
-config topology 'topology'
-	option enabled '1'
-	option depth '8'
-	option interval '60'
-	option maxlog '32'
-	option profile '4'
--- a/map-topology/files/etc/init.d/topologyd
+++ b/map-topology/files/etc/init.d/topologyd
@@ -1,93 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=97
-STOP=21
-
-USE_PROCD=1
-
-IS_CFG_VALID=1
-
-validate_topology_config() {
-	uci_validate_section topology topology "topology" \
-			'enabled:bool:true' \
-			'depth:range(0,16)' \
-			'interval:range(0,65535)' \
-			'maxlog:range(0,128)' \
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "topology" "Validation of topology UCI file failed"
-		return 1
-	}
-	return 0
-}
-
-validate_global_section() {
-	uci_validate_section hosts global "global" \
-		'ageing_timer:uinteger' \
-		'reboot_persistent:bool'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "hosts" "Validation of global section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_host_section() {
-	local section="$1"
-
-	uci_validate_section hosts $section "${1}" \
-			'macaddr:macaddr' \
-			'interface_type:or("wifi","eth")' \
-			'active:bool' \
-			'active_last_change:string'
-
-	[ "$?" -ne 0 ] && {
-		logger -s -t "hosts" "Validation of host section $section failed"
-		IS_CFG_VALID=0
-		return 1
-	}
-	return 0
-}
-
-validate_hosts_config() {
-	IS_CFG_VALID=1
-
-	validate_global_section &&
-		config_foreach validate_host_section host
-
-	[ "$IS_CFG_VALID" -ne 1 ] && {
-		logger -s -t "topology" "Validation of hosts UCI file failed"
-		return 1
-	}
-	return 0
-}
-
-start_service() {
-	config_load "topology"
-	validate_topology_config || return 1;
-
-	config_load "hosts"
-	validate_hosts_config || return 1;
-
-	if [ -f "/proc/sys/net/netfilter/nf_conntrack_timestamp" ]; then
-		echo 1 >/proc/sys/net/netfilter/nf_conntrack_timestamp
-	fi
-
-	procd_open_instance
-        procd_set_param command "/usr/sbin/topologyd"
-	procd_set_param respawn
-#	procd_set_param stdout 1
-	procd_set_param stderr 1
-	procd_close_instance
-}
-
-service_triggers()
-{
-	procd_add_reload_trigger "network"
-}
-
-reload_service() {
-	procd_send_signal "topologyd"
-}
--- a/mcastmngr/Makefile
+++ b/mcastmngr/Makefile
@@ -6,14 +6,14 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=mcastmngr
-PKG_VERSION:=1.2.10
+PKG_VERSION:=1.2.11

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/mcastmngr.git
-PKG_SOURCE_VERSION:=275d7e5448333e53f8bc980344b39f7f577d4664
+PKG_SOURCE_VERSION:=17d73b8f1947823a0d32ed589a240a2642904fe1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/mcastmngr/files/common/etc/uci-defaults/61-mcast_config_generate
+++ b/mcastmngr/files/common/etc/uci-defaults/61-mcast_config_generate
@@ -16,8 +16,6 @@ generate_igmp_global_params(){
 	uci set mcast.@mld[-1].mldv2_unsolicited_report_interval="1"
 	uci set mcast.@mld[-1].qrv="2"
 	uci set mcast.@mld[-1].force_version="0"
-
-	uci commit mcast
 }

 generate_mld_proxy_config(){
@@ -73,8 +71,6 @@ generate_mcast_config(){

 	generate_igmp_proxy_config "$up_itf"
 	generate_mld_proxy_config "$up_itf"
-
-	uci commit mcast
 }

 interfaces_ok(){
--- a/mcastmngr/files/linux/etc/firewall.mcast
+++ b/mcastmngr/files/linux/etc/firewall.mcast
@@ -1,2 +1,2 @@
 # Forward multicast packets from wan to lan
-iptables -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT
+iptables -w -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT
--- a/netmngr/Makefile
+++ b/netmngr/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=netmngr
-PKG_VERSION:=1.1.3
+PKG_VERSION:=1.1.5

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=f9a0e9490743c55bf7c6df02495b4dbba8c66aeb
+PKG_SOURCE_VERSION:=77158d2ee3ac2d144681f6352d6d18dde0db4b22
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -74,7 +74,6 @@ endif
 define Package/netmngr/install
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libnetmngr.so $(1) $(PKG_NAME)
-	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/src/libinterface_stack.so $(1)
 endef

 ifeq ($(LOCAL_DEV),1)
--- a/netmngr/bbfdm_service.json
+++ b/netmngr/bbfdm_service.json
@@ -27,6 +27,10 @@
      {
        "parent_dm": "Device.",
        "object": "IPv6rd"
+      },
+      {
+        "parent_dm": "Device.",
+        "object": "InterfaceStack"
      }
    ],
    "config": {
--- a/netmode/files/etc/uci-defaults/62-netmode.l2mode
+++ b/netmode/files/etc/uci-defaults/62-netmode.l2mode
@@ -99,6 +99,10 @@ l2_network_config() {
 	uci -q set cwmp.cpe.default_wan_interface="lan"
 	uci -q commit cwmp

+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="lan"
+	uci -q commit gateway
+
 	# disable firewall
 	uci -q set firewall.globals.enabled="0"
 	uci -q commit firewall
--- a/obuspa/Config.in
+++ b/obuspa/Config.in
@@ -66,4 +66,8 @@ config OBUSPA_CWMP_DATAMODEL_SUPPORT
 config OBUSPA_VENDOR_PREFIX
 	string "Package specific datamodel Vendor Prefix for TR181 extensions"
 	default ""
+
+config OBUSPA_OVERRIDE_CT_ROLE
+	bool "Override ControllerTrust role with factory default roles"
+	default y
 endif
--- a/obuspa/Makefile
+++ b/obuspa/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=obuspa
-PKG_VERSION:=9.0.4.4
+PKG_VERSION:=9.0.4.11

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=1e5638d104075741a62d777ea9a2c508740c3634
+PKG_SOURCE_VERSION:=79e066a3997b46ea3bcc48c4589c5a4c4cb05630
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -145,6 +145,9 @@ ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL),y)
 	$(INSTALL_BIN) ./files/etc/init.d/usptest $(1)/etc/init.d/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/55-test-usp-controller $(1)/etc/uci-defaults/
 endif
+ifeq ($(CONFIG_OBUSPA_OVERRIDE_CT_ROLE),y)
+	$(INSTALL_BIN) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
+endif
 endef

 $(eval $(call BuildPackage,obuspa))
--- a/obuspa/bbfdm_service.json
+++ b/obuspa/bbfdm_service.json
@@ -2,22 +2,20 @@
  "daemon": {
    "enable": "1",
    "service_name": "obuspa",
+    "proto": "cwmp",
    "unified_daemon": false,
    "services": [
      {
        "parent_dm": "Device.",
-        "object": "USPAgent",
-        "proto": "cwmp"
+        "object": "USPAgent"
      },
      {
        "parent_dm": "Device.",
-        "object": "MQTT",
-        "proto": "cwmp"
+        "object": "MQTT"
      },
      {
        "parent_dm": "Device.",
-        "object": "STOMP",
-        "proto": "cwmp"
+        "object": "STOMP"
      }
    ],
    "config": {
--- a/obuspa/files/etc/config/obuspa
+++ b/obuspa/files/etc/config/obuspa
@@ -5,7 +5,6 @@ config obuspa 'global'
 	option log_level '2'
 	option prototrace '0'
 	option db_file '/etc/obuspa/usp.db'
-	#option max_group_sep '2'
 	#option ipc_timeout '30'
 	#option max_cache_time '600'
 	#option trust_cert '/etc/obuspa/ca.pem'
--- a/obuspa/files/etc/init.d/obuspa
+++ b/obuspa/files/etc/init.d/obuspa
@@ -290,6 +290,16 @@ get_role_index()
 		return 0
 	fi

+	if [ "${name}" = "full_access" ] || [ "${name}" = "Full Access" ]; then
+		echo "Device.LocalAgent.ControllerTrust.Role.1"
+		return 0
+	fi
+
+	if [ "${name}" = "Untrusted" ]; then
+		echo "Device.LocalAgent.ControllerTrust.Role.1"
+		return 0
+	fi
+
 	# Get if from CTRUST file first if present, then from dbdump and then use default Untrusted role
 	if [ -f "${CTRUST_RESET_FILE}" ]; then
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
@@ -958,12 +968,6 @@ db_init()
 		mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
 	fi

-	if [ -f "${role_file}" ]; then
-		configure_ctrust_role "${role_file}"
-		uci_set obuspa global role_file ""
-		uci commit ${CONFIGURATION}
-	fi
-
 	# Dump datamodel parameters from DB
 	if [ -f "${SQL_DB_FILE}" ]; then
 		dump_db
--- a/obuspa/files/etc/obuspa/usp_utils.sh
+++ b/obuspa/files/etc/obuspa/usp_utils.sh
@@ -4,6 +4,7 @@ CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
 VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
 FW_DEFAULT_ROLE_DIR="/etc/users/roles"

+mkdir -p /tmp/obuspa/

 # include jshn.sh
 if [ -f "/usr/local/share/libubox/jshn.sh" ]; then
@@ -156,7 +157,6 @@ configure_roles()

 	if [ "${rname}" = "full_access" ]; then
 		rinst=1
-		rname="Full Access"
 	elif [ "${rname}" = "Untrusted" ]; then
 		rinst=2
 	else
@@ -175,19 +175,32 @@ configure_roles_dir()
 {
 	local rinst rname

-	if [ "$#" -ne 2 ]; then
+	if [ "$#" -ne 1 ]; then
 	    echo "Illegal number of parameters"
 	    exit 1
 	fi

-	rname="${1}"
-	rinst="${2}"
+	if [ "${1}" = "full_access" ]; then
+		rinst=1
+		rname="full_access"
+	elif [ "${1}" = "Untrusted" ]; then
+		rinst=2
+		rname="Untrusted"
+	else
+		json_get_var rname name
+		json_get_var rinst instance
+
+		if [ -z "${rname}" ] || [ -z "${rinst}" ]; then
+			echo "Deprecated role format ignoring ${1}.json ..."
+			return 0
+		fi
+	fi

 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Alias cpe-${rinst}
 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Enable 1
 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Name ${rname}

-	json_for_each_item configure_permission permission "${name}" ${rinst}
+	json_for_each_item configure_permission permission "${name}" "$((rinst))"
 	json_select ..
 }

@@ -196,20 +209,22 @@ configure_ctrust_role()
 	local num
 	local roles_obj

+	if [ -f "${CTRUST_RESET_FILE}" ]; then
+		return 0
+	fi
+
 	mkdir -p /tmp/obuspa/
 	if [ -f "${1}" ]; then
 		json_init
 		json_load_file "${1}"
 		json_for_each_item configure_roles roles
 	else
-		num=3
 		for f in $(ls -1 ${FW_DEFAULT_ROLE_DIR}); do
 			echo "Loading $f ....."
 			json_init
 			json_load_file "${FW_DEFAULT_ROLE_DIR}/${f}"
 			json_select tr181
-			configure_roles_dir "${f/.json/}" "${num}"
-			num=$((num + 1))
+			configure_roles_dir "${f/.json/}"
 		done
 	fi
 }
--- a/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults
+++ b/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults
@@ -4,12 +4,14 @@
 . /etc/obuspa/usp_utils.sh

 rfile="$(uci -q get obuspa.global.role_file)"
-
+db_file="$(uci -q get obuspa.global.db_file)"
 # Reset the role_file if present
 if [ -n "${rfile}" ]; then
 	uci -q set obuspa.global.role_file=""
 fi

-configure_ctrust_role "${rfile}"
+if [ ! -f "${db_file}" ]; then
+	configure_ctrust_role
+fi

 exit 0
--- a/obuspa/files/etc/uci-defaults/61-override-ct-roles
+++ b/obuspa/files/etc/uci-defaults/61-override-ct-roles
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /etc/obuspa/usp_utils.sh
+
+configure_ctrust_role
+
+exit 0
--- a/obuspa/files/etc/uci-defaults/obuspa-set-dhcp-option
+++ b/obuspa/files/etc/uci-defaults/obuspa-set-dhcp-option
@@ -38,13 +38,11 @@ configure_dhcp_options() {
 		if [ "${role}" = "extender" ]; then
 			interface="lan"
 			uci -q set obuspa.global.interface="lan"
-			uci commit obuspa
 		else
 			interface="wan"
 		fi
 	fi

-	network_uci_update=0
 	reqopts="$(uci -q get network."${interface}".reqopts)"
 	proto="$(uci -q get network."${interface}".proto)"
 	local req125_present=0
@@ -70,19 +68,13 @@ configure_dhcp_options() {
 		if [ ${req125_present} -eq 0 ]; then
 			newreqopts="$reqopts 125"
 			uci -q set network."${interface}".reqopts="$newreqopts"
-			network_uci_update=1
 		fi

 		if [ ${send124_present} -eq 0 ]; then
 			newsendopts="${sendopts} 124:00:00:0D:E9:04:03:75:73:70"
 			uci -q set network."${interface}".sendopts="$newsendopts"
-			network_uci_update=1
 		fi
 	fi
-
-	if [ ${network_uci_update} -eq 1 ]; then
-		uci commit network
-	fi
 }

 configure_dhcp_options
--- a/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
+++ b/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
@@ -7,6 +7,7 @@ PROV_CODE=""
 RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
+CONTROLLER_DISCOVERED=0

 log()
 {
@@ -101,15 +102,25 @@ get_vivsoi() {

 			# assign the value found in sub option
 			case "${sub_opt_id}" in
-				"25") URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"25")
+					URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					CONTROLLER_DISCOVERED=1
 				;;
-				"26") PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"26")
+					PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					CONTROLLER_DISCOVERED=1
 				;;
-				"27") RETRY_MIN_INTERVAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"27")
+					RETRY_MIN_INTERVAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					CONTROLLER_DISCOVERED=1
 				;;
-				"28") RETRY_INTERVAL_MUL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"28")
+					RETRY_INTERVAL_MUL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					CONTROLLER_DISCOVERED=1
 				;;
-				"29") ENDPOINT_ID=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"29")
+					ENDPOINT_ID=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					CONTROLLER_DISCOVERED=1
 				;;
 			esac

@@ -144,6 +155,20 @@ get_access_role()
 	echo "$mode"
 }

+get_agent_topic()
+{
+	AgentEndpointID="$(uci -q get obuspa.localagent.EndpointID)"
+	if [ -z "${AgentEndpointID}" ]; then
+		serial=$(get_serial_from_db)
+		oui=$(get_oui_from_db)
+		AgentEndpointID=$(echo "${oui}-${serial//+/%2B}")
+	fi
+
+	topic_base=$(echo "${AgentEndpointID}" | sed -E 's/[^[:alnum:]]/_/g')
+	agent_topic="/usp/${topic_base}/endpoint"
+	echo "${agent_topic}"
+}
+
 config_load obuspa
 config_get_bool enable_obuspa global enabled 1
 config_get wan_intf global interface
@@ -171,7 +196,7 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 		get_vivsoi "$opt125" "$len"
 	fi

-	if [ -z "$URL" ] || [ -z "$ENDPOINT_ID" ]; then
+	if [ "${CONTROLLER_DISCOVERED}" -eq 0 ]; then
 		return 0
 	fi

@@ -180,151 +205,319 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	port=""
 	topic=""
 	is_fqdn=1
+	offered_proto=""
+	mtp_encrypt=""
+	dhcp_controller=""
+	dhcp_mtp=""
+	dhcp_mqtt=""

-	case $URL in
-	ws://*) is_fqdn=0;;
-	wss://*) is_fqdn=0;;
-	mqtt://*) is_fqdn=0;;
-	mqtts://*) is_fqdn=0;;
-	*) is_fqdn=1
-	esac;
+	if [ -n "$URL" ]; then
+		case $URL in
+		ws://*) is_fqdn=0;;
+		wss://*) is_fqdn=0;;
+		mqtt://*) is_fqdn=0;;
+		mqtts://*) is_fqdn=0;;
+		*://*) return 0;;
+		*) is_fqdn=1
+		esac;

-	if [ ${is_fqdn} -eq 1 ]; then
-		# This is an FQDN, perform DNS query
-		nslookup -type=a $URL > /tmp/fqdn_ip
-		nslookup -type=ptr $URL > /tmp/fqdn_ptr
-		return 0
-	else
-		proto=$(echo "${URL}" | awk -F: '{print $1}')
-		dest=$(echo "${URL}" | awk -F/ '{print $3}')
-		ip=$(echo "${dest}" | awk -F: '{print $1}')
-		port=$(echo "${dest}" | awk -F: '{print $2}')
-		topic=$(echo "${URL}" | sed  's/^.*:'"${port}"'/\1/g')
+		if [ ${is_fqdn} -eq 1 ]; then
+			case $URL in
+			*.local*)
+				# TODO extend for mdns handling
+				;;
+			*)
+				# This is an FQDN, perform DNS query
+				nslookup $URL > /tmp/fqdn_ip
+				nslookup -type=ptr $URL > /tmp/fqdn_ptr
+				nslookup -type=srv $URL > /tmp/fqdn_srv
+				nslookup -type=txt $URL > /tmp/fqdn_srv
+
+				# TODO extend to collect information from dns-sd records
+				;;
+			esac
+
+			return 0
+		else
+			proto=$(echo "${URL}" | awk -F: '{print $1}')
+			dest=$(echo "${URL}" | awk -F/ '{print $3}')
+			ip=$(echo "${dest}" | awk -F: '{print $1}')
+			port=$(echo "${dest}" | awk -F: '{print $2}')
+			topic=$(echo "${URL}" | sed  's/^.*:'"${port}"'/\1/g')
+		fi
 	fi

-	offered_proto=""
 	if [ "${proto}" == "mqtt" ] || [ "${proto}" == "mqtts" ]; then
 		offered_proto="MQTT"
+		if [ "${proto}" == "mqtt" ]; then
+			mtp_encrypt="TCP/IP"
+		else
+			mtp_encrypt="TLS"
+		fi
 	elif [ "${proto}" == "ws" ] || [ "${proto}" == "wss" ]; then
 		offered_proto="WebSocket"
-	else
-		return 0
+		if [ "${proto}" == "wss" ]; then
+			mtp_encrypt="1"
+		else
+			mtp_encrypt="0"
+		fi
+	fi
+
+	controllers=$(uci -q show obuspa | grep "=controller" | cut -d'=' -f1 | cut -d'.' -f2)
+	for controller in $controllers; do
+		dhcp_disc=$(uci -q get obuspa.$controller.dhcp_discovered)
+		if [ "${dhcp_disc}" -eq 1 ]; then
+			dhcp_controller="${controller}"
+			break
+		fi
+	done
+
+	if [ -n "${dhcp_controller}" ]; then
+		cont_proto="$(uci -q get obuspa.$dhcp_controller.Protocol)"
+		if [ "${cont_proto}" == "MQTT" ]; then
+			dhcp_mqtt="$(uci -q get obuspa.$dhcp_controller.mqtt)"
+
+			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
+			for mtp in $mtps; do
+				mtp_mqtt="$(uci -q get obuspa.$mtp.mqtt)"
+				if [ "${mtp_mqtt}" == "${dhcp_mqtt}" ]; then
+					dhcp_mtp="${mtp}"
+					break
+				fi
+			done
+		elif [ "${cont_proto}" == "WebSocket" ]; then
+			cont_port="$(uci -q get obuspa.$dhcp_controller.Port)"
+			cont_encr="$(uci -q get obuspa.$dhcp_controller.EnableEncryption)"
+
+			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
+			for mtp in $mtps; do
+				mtp_port="$(uci -q get obuspa.$mtp.Port)"
+				mtp_encr="$(uci -q get obuspa.$mtp.EnableEncryption)"
+				if [ "${mtp_port}" == "${cont_port}" ] && [ "${mtp_encr}" == "${cont_encr}" ]; then
+					dhcp_mtp="${mtp}"
+					break
+				fi
+			done
+		fi
 	fi

 	uci_change=0
-	mtp_encrypt="0"
-	## Handling of controller section
-	ct_endpoint=$(uci -q get obuspa.dhcpcontroller.EndpointID)
-	ct_proto=$(uci -q get obuspa.dhcpcontroller.Protocol)
-	ct_topic=$(uci -q get obuspa.dhcpcontroller.Topic)
-	ct_enable=$(uci -q get obuspa.dhcpcontroller.Enable)
-	ct_prov=$(uci -q get obuspa.dhcpcontroller.ProvisioningCode)
+	proto_changed="0"
+
+	if [ -n "${dhcp_controller}" ]; then
+		## Handling of controller section
+		ct_endpoint=$(uci -q get obuspa.$dhcp_controller.EndpointID)
+		ct_proto=$(uci -q get obuspa.$dhcp_controller.Protocol)
+		ct_prov=$(uci -q get obuspa.$dhcp_controller.ProvisioningCode)
+
+		if [ "${ct_proto}" = "MQTT" ]; then
+			ct_topic=$(uci -q get obuspa.$dhcp_controller.Topic)
+		else
+			ct_topic=$(uci -q get obuspa.$dhcp_controller.Path)
+		fi
+
+		if [ -n "${ENDPOINT_ID}" ] && [ "${ct_endpoint}" != "${ENDPOINT_ID}" ]; then
+			uci -q set obuspa.$dhcp_controller.EndpointID="${ENDPOINT_ID}"
+			uci_change=1
+		fi
+
+		if [ -n "${offered_proto}" ] && [ "${ct_proto}" != "${offered_proto}" ]; then
+			uci -q set obuspa.$dhcp_controller.Protocol="${offered_proto}"
+			if [ "${offered_proto}" != "MQTT" ]; then
+				uci -q set obuspa.$dhcp_controller.mqtt=""
+				uci -q set obuspa.$dhcp_controller.Topic=""
+				uci -q set obuspa.$dhcp_controller.Host="${ip}"
+				uci -q set obuspa.$dhcp_controller.Port="${port}"
+				uci -q set obuspa.$dhcp_controller.Path="${ct_topic}"
+				uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
+			else
+				uci -q set obuspa.$dhcp_controller.EnableEncryption=""
+				uci -q set obuspa.$dhcp_controller.Path=""
+				uci -q set obuspa.$dhcp_controller.Host=""
+				uci -q set obuspa.$dhcp_controller.Port=""
+
+				if [ -z "${dhcp_mqtt}" ]; then
+					uci -q set obuspa.$dhcp_controller.mqtt='dhcpmqtt'
+				else
+					uci -q set obuspa.$dhcp_controller.mqtt="${dhcp_mqtt}"
+				fi
+
+				uci -q set obuspa.$dhcp_controller.Topic="${ct_topic}"
+			fi
+
+			proto_changed=1
+			uci_change=1
+		fi
+
+		if [ -n "${topic}" ] && [ "${ct_topic}" != "${topic}" ]; then
+			protocol="${ct_proto}"
+			if [ -n "${offered_proto}" ]; then
+				protocol="${offered_proto}"
+			fi
+
+			if [ "${protocol}" == "MQTT" ]; then
+				uci -q set obuspa.$dhcp_controller.Topic="${topic}"
+			else
+				uci -q set obuspa.$dhcp_controller.Path="${topic}"
+			fi
+
+			uci_change=1
+		fi
+
+		if [ -n "${PROV_CODE}" ] && [ "${ct_prov}" != "${PROV_CODE}" ]; then
+			uci -q set obuspa.$dhcp_controller.ProvisioningCode="${PROV_CODE}"
+			uci_change=1
+		fi
+
+		if [ "${proto_changed}" -eq 1 ]; then
+			if [ "${offered_proto}" == "WebSocket" ]; then
+				if [ -n "${dhcp_mqtt}" ]; then
+					uci -q del obuspa.$dhcp_mqtt
+				fi
+
+				if [ -z "${dhcp_mtp}" ]; then
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
+					dhcp_mtp="dhcpmtp"
+					uci -q set obuspa.$dhcp_mtp.Enable='1'
+				fi
+
+				uci -q set obuspa.$dhcp_mtp.mqtt=''
+				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured=''
+				uci -q set obuspa.$dhcp_mtp.Protocol='WebSocket'
+				uci -q set obuspa.$dhcp_mtp.Port="${port}"
+				uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
+
+				uci_change=1
+			else
+				if [ -z "${dhcp_mqtt}" ]; then
+					sec=$(uci -q add obuspa mqtt)
+					uci -q rename obuspa."${sec}"='dhcpmqtt'
+					dhcp_mqtt="dhcpmqtt"
+					uci -q set obuspa.$dhcp_mqtt.Enable='1'
+				fi
+
+				uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
+				uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
+				uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
+				uci -q set obuspa.$dhcp_mqtt.ProtocolVersion='5.0'
+
+				if [ -z "${dhcp_mtp}" ]; then
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
+					dhcp_mtp="dhcpmtp"
+					uci -q set obuspa.$dhcp_mtp.Enable='1'
+				fi
+
+				agent_topic=$(get_agent_topic)
+				uci -q set obuspa.$dhcp_mtp.Port=""
+				uci -q set obuspa.$dhcp_mtp.EnableEncryption=""
+				uci -q set obuspa.$dhcp_mtp.Protocol='MQTT'
+				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured="${agent_topic}"
+				uci -q set obuspa.$dhcp_mtp.mqtt="${dhcp_mqtt}"
+
+				uci_change=1
+			fi
+		else
+			if [ "${ct_proto}" == "WebSocket" ]; then
+				conf_ip="$(uci -q get obuspa.$dhcp_controller.Host)"
+				conf_port="$(uci -q get obuspa.$dhcp_mtp.Port)"
+				conf_encr="$(uci -q get obuspa.$dhcp_mtp.EnableEncryption)"
+
+				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
+					uci -q set obuspa.$dhcp_controller.Host="${ip}"
+					uci_change=1
+				fi
+
+				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
+					uci -q set obuspa.$dhcp_mtp.Port="${port}"
+					uci -q set obuspa.$dhcp_controller.Port="${port}"
+					uci_change=1
+				fi
+
+				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
+					uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
+					uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
+					uci_change=1
+				fi
+			else
+				conf_ip="$(uci -q get obuspa.$dhcp_mqtt.BrokerAddress)"
+				conf_port="$(uci -q get obuspa.$dhcp_mqtt.BrokerPort)"
+				conf_encr="$(uci -q get obuspa.$dhcp_mqtt.TransportProtocol)"
+
+				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
+					uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
+					uci_change=1
+				fi
+
+				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
+					uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
+					uci_change=1
+				fi
+
+				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
+					uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
+					uci_change=1
+				fi
+			fi
+		fi
+	else
+		if [ -n "${dhcp_mtp}" ]; then
+			uci -q del obuspa.$dhcp_mtp
+		fi
+
+		if [ -n "${dhcp_mqtt}" ]; then
+			uci -q del obuspa.$dhcp_mqtt
+		fi

-	if [ "${ct_endpoint}" != "${ENDPOINT_ID}" ] || [ "${ct_proto}" != "${offered_proto}" ] || [ "${ct_topic}" != "${topic}" ] || [ "${ct_enable}" != "1" ] || [ "${ct_prov}" != "${PROV_CODE}" ]; then
-		uci -q del obuspa.dhcpcontroller
 		sec=$(uci -q add obuspa controller)
 		uci -q rename obuspa."${sec}"='dhcpcontroller'
+		uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
 		uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
 		uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
 		uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
-		if [ "${offered_proto}" == "MQTT" ]; then
-			uci -q set obuspa.dhcpcontroller.Topic="${topic}"
-			uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
-		else
-			uci -q set obuspa.dhcpcontroller.Path="${topic}"
-			uci -q set obuspa.dhcpcontroller.Host="${ip}"
-			uci -q set obuspa.dhcpcontroller.Port="${port}"
-			if [ "${proto}" == "wss" ]; then
-				uci -q set obuspa.dhcpcontroller.EnableEncryption='1'
-				mtp_encrypt="1"
+		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
+		uci -q set obuspa.dhcpcontroller.Enable='1'
+
+		if [ -n "${offered_proto}" ]; then
+			if [ "${offered_proto}" == "MQTT" ]; then
+				uci -q set obuspa.dhcpcontroller.Topic="${topic}"
+				uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
+
+				sec=$(uci -q add obuspa mqtt)
+				uci -q rename obuspa."${sec}"='dhcpmqtt'
+				uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
+				uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
+				uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
+				uci -q set obuspa.dhcpmqtt.Enable='1'
+				uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
+
+				agent_topic=$(get_agent_topic)
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+				uci -q set obuspa.dhcpmtp.Protocol='MQTT'
+				uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
 			else
-				uci -q set obuspa.dhcpcontroller.EnableEncryption='0'
-				mtp_encrypt="0"
+				uci -q set obuspa.dhcpcontroller.Path="${topic}"
+				uci -q set obuspa.dhcpcontroller.Host="${ip}"
+				uci -q set obuspa.dhcpcontroller.Port="${port}"
+				uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
+
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+
+				uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
+				uci -q set obuspa.dhcpmtp.Port="${port}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
 			fi
 		fi

-		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
-		uci -q set obuspa.dhcpcontroller.Enable='1'
 		uci_change=1
 	fi

-	if [ "${offered_proto}" == "WebSocket" ]; then
-		ex_mqtt=$(uci -q get obuspa.dhcpmqtt)
-		if [ -n "${ex_mqtt}" ]; then
-			uci -q del obuspa.dhcpmqtt
-			uci_change=1
-		fi
-
-		## Handling of mtp section
-		ct_proto=$(uci -q get obuspa.dhcpmtp.Protocol)
-		ct_port=$(uci -q get obuspa.dhcpmtp.Port)
-		ct_enable=$(uci -q get obuspa.dhcpmtp.Enable)
-		ct_encrypt=$(uci -q get obuspa.dhcpmtp.EnableEncryption)
-
-		if [ "${ct_proto}" != "WebSocket" ] || [ "${ct_port}" != "${port}" ] || [ "${ct_enable}" != "1" ] || [ "${ct_encrypt}" != "${mtp_encrypt}" ]; then
-			uci -q del obuspa.dhcpmtp
-			sec=$(uci -q add obuspa mtp)
-			uci -q rename obuspa."${sec}"='dhcpmtp'
-			uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
-			uci -q set obuspa.dhcpmtp.Port="${port}"
-			uci -q set obuspa.dhcpmtp.Enable='1'
-			uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
-			uci_change=1
-		fi
-	else
-		if [ "${proto}" == "mqtt" ]; then
-			transport_proto="TCP/IP"
-		else
-			transport_proto="TLS"
-		fi
-
-		## Handling of mqtt section
-		ct_address=$(uci -q get obuspa.dhcpmqtt.BrokerAddress)
-		ct_port=$(uci -q get obuspa.dhcpmqtt.BrokerPort)
-		ct_proto=$(uci -q get obuspa.dhcpmqtt.TransportProtocol)
-		ct_enable=$(uci -q get obuspa.dhcpmqtt.Enable)
-		ct_ver=$(uci -q get obuspa.dhcpmqtt.ProtocolVersion)
-
-		if [ "${ct_address}" != "${ip}" ] || [ "${ct_port}" != "${port}" ] || [ "${ct_proto}" != "${transport_proto}" ] || [ "${ct_enable}" != "1" ] || [ "${ct_ver}" != "5.0" ]; then
-			uci -q del obuspa.dhcpmqtt
-			sec=$(uci -q add obuspa mqtt)
-			uci -q rename obuspa."${sec}"='dhcpmqtt'
-			uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
-			uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
-			uci -q set obuspa.dhcpmqtt.TransportProtocol="${transport_proto}"
-			uci -q set obuspa.dhcpmqtt.Enable='1'
-			uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
-			uci_change=1
-		fi
-
-		## Handling of mtp section
-		ct_proto=$(uci -q get obuspa.dhcpmtp.Protocol)
-		ct_topic=$(uci -q get obuspa.dhcpmtp.ResponseTopicConfigured)
-		ct_enable=$(uci -q get obuspa.dhcpmtp.Enable)
-
-		config_load obuspa
-		config_get AgentEndpointID localagent EndpointID ""
-		if [ -z "${AgentEndpointID}" ]; then
-			serial=$(get_serial_from_db)
-			oui=$(get_oui_from_db)
-			AgentEndpointID=$(echo "${oui}-${serial//+/%2B}")
-		fi
-
-		topic_base=$(echo "${AgentEndpointID}" | sed -E 's/[^[:alnum:]]/_/g')
-		agent_topic="/usp/${topic_base}/endpoint"
-
-		if [ "${ct_proto}" != "MQTT" ] || [ "${ct_topic}" != "${agent_topic}" ] || [ "${ct_enable}" != "1" ]; then
-			uci -q del obuspa.dhcpmtp
-			sec=$(uci -q add obuspa mtp)
-			uci -q rename obuspa."${sec}"='dhcpmtp'
-			uci -q set obuspa.dhcpmtp.Protocol='MQTT'
-			uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
-			uci -q set obuspa.dhcpmtp.Enable='1'
-			uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
-			uci_change=1
-		fi
-	fi
-
 	if [ ${uci_change} -eq 1 ]; then
 		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
--- a/obuspa/files/etc/users/roles/extender.json
+++ b/obuspa/files/etc/users/roles/extender.json
@@ -1,5 +1,7 @@
 {
  "tr181": {
+    "name": "extender",
+    "instance": 3,
    "permission": [
      {
        "object": "Device.",
--- a/obuspa/files/etc/users/roles/full_access.json
+++ b/obuspa/files/etc/users/roles/full_access.json
@@ -1,12 +0,0 @@
-{
-  "tr181": {
-    "permission": [
-      {
-        "object": "Device.",
-        "perm": [
-          "PERMIT_ALL"
-        ]
-      }
-    ]
-  }
-}
--- a/obuspa/patches/0004-bulkdata_extn.patch
+++ b/obuspa/patches/0004-bulkdata_extn.patch
@@ -455,16 +455,37 @@ index 915b282..f799793 100755
 
     // From the point of view of this code, the report(s) have been successfully sent, so don't retain them
     // NOTE: Sending of the reports successfully is delegated to the USP notification retry mechanism
-@@ -2547,7 +2729,7 @@ void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp)
+@@ -2547,11 +2729,24 @@ void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp)
     }
 
     // Exit if unable to generate the report
 -    report = bulkdata_generate_json_report(bp, ctrl.report_timestamp);
-+    report = bulkdata_generate_json_report(bp, ctrl.report_timestamp, ctrl.report_format);
-     if (report == NULL)
-     {
- 	    USP_ERR_SetMessage("%s: bulkdata_generate_json_report failed", __FUNCTION__);
-@@ -2762,7 +2944,7 @@ int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *ou
+-    if (report == NULL)
+-    {
+-	    USP_ERR_SetMessage("%s: bulkdata_generate_json_report failed", __FUNCTION__);
+-	    return;
+    if (strcmp(ctrl.encoding_type, BULKDATA_ENCODING_TYPE_JSON) == 0) {
+        report = bulkdata_generate_json_report(bp, ctrl.report_timestamp, ctrl.report_format);
+        if (report == NULL)
+        {
+            USP_ERR_SetMessage("%s: bulkdata_generate_json_report failed", __FUNCTION__);
+            return;
+        }
+    } else if (strcmp(ctrl.encoding_type, BULKDATA_ENCODING_TYPE_CSV) == 0) {
+        report = bulkdata_generate_csv_report(bp, ctrl.field_separator, ctrl.row_separator, ctrl.escape_char,
+					      ctrl.csv_format, ctrl.row_timestamp);
+        if (report == NULL)
+        {
+            USP_ERR_SetMessage("%s: bulkdata_generate_csv_report failed", __FUNCTION__);
+            return;
+        }
+    } else {
+        USP_ERR_SetMessage("%s: bulkdata invalid report encoding type %s", __FUNCTION__, ctrl.encoding_type);
+        return;
+     }
+
+     // Print out the JSON report, if debugging is enabled
+@@ -2762,7 +2957,7 @@ int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *ou
 ** \return  pointer to NULL terminated dynamically allocated buffer containing the serialized report to send
 **
 **************************************************************************/
@@ -473,7 +494,7 @@ index 915b282..f799793 100755
 {
     JsonNode *top;          // top of report
     JsonNode *array;        // array of reports (retained + current)
-@@ -2867,6 +3049,483 @@ char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timesta
+@@ -2867,6 +3062,483 @@ char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timesta
     return result;
 }
 
@@ -957,7 +978,7 @@ index 915b282..f799793 100755
 /*********************************************************************//**
 **
 **  bulkdata_compress_report
-@@ -3070,6 +3729,20 @@ int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_
+@@ -3070,6 +3742,20 @@ int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_
         flags |= BDC_FLAG_DATE_HEADER;
     }
 
--- a/obuspa/patches/0006-contains-expression.patch
+++ b/obuspa/patches/0006-contains-expression.patch
@@ -0,0 +1,121 @@
+Index: obuspa-9.0.4.11/src/core/expr_vector.c
+===================================================================
+--- obuspa-9.0.4.11.orig/src/core/expr_vector.c
+++ obuspa-9.0.4.11/src/core/expr_vector.c
+@@ -58,6 +58,7 @@ char *expr_op_2_str[kExprOp_Max] =
+     "<",  // kExprOp_LessThan
+     ">",  // kExprOp_GreaterThan
+     "=",  // kExprOp_Equals
+    "~=", // kExprOp_Contains
+ };
+ 
+ 
+@@ -482,6 +483,15 @@ char *SplitOnOperator(char *buf, expr_op
+         *op = '\0';
+         return &op[2];
+     }
+
+    // Exit if found the "~=" operator
+    op = strstr(buf, "~=");
+    if (op != NULL)
+    {
+        *p_op = kExprOp_Contains;
+        *op = '\0';
+        return &op[2];
+    }
+ 
+     // Exit if found the "<" operator
+     op = strchr(buf, '<');
+Index: obuspa-9.0.4.11/src/core/path_resolver.c
+===================================================================
+--- obuspa-9.0.4.11.orig/src/core/path_resolver.c
+++ obuspa-9.0.4.11/src/core/path_resolver.c
+@@ -1481,7 +1481,7 @@ int ResolveUniqueKey(char *resolved, cha
+     char temp[MAX_DM_PATH];
+     bool is_match;
+     bool is_ref_match;
+-    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan};
+    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan, kExprOp_Contains};
+     unsigned short permission_bitmask;
+ 
+     // Exit if unable to find the end of the unique key
+@@ -1815,6 +1815,67 @@ int DoUniqueKeysMatch(int index, search_
+         }
+         USP_ASSERT(gge->value != NULL);     // GROUP_GET_VECTOR_GetValues() should have set an error message if the vendor hook didn't set a value for the parameter
+ 
+        if (ec->op == kExprOp_Contains) {
+            // NOTE: There is no "list" flag defined for the key parameter, which should be a limitation at the moment.
+            // The code below assumes comma-separated values in the key parameter value for the "contains" operator
+            char *list_copy = USP_STRDUP(gge->value);
+            char *saveptr;
+            char *token;
+            bool found = false;
+
+            // Split the list and compare each element
+            token = strtok_r(list_copy, ",", &saveptr);
+            while (token != NULL)
+            {
+                // Trim whitespace from token
+                TEXT_UTILS_TrimBuffer(token);
+
+                // Compare based on type
+                if (type_flags & (DM_INT | DM_UINT | DM_ULONG | DM_LONG | DM_DECIMAL))
+                {
+                    err = DM_ACCESS_CompareNumber(token, kExprOp_Equal, ec->value, &result);
+                }
+                else if (type_flags & DM_BOOL)
+                {
+                    err = DM_ACCESS_CompareBool(token, kExprOp_Equal, ec->value, &result);
+                }
+                else if (type_flags & DM_DATETIME)
+                {
+                    err = DM_ACCESS_CompareDateTime(token, kExprOp_Equal, ec->value, &result);
+                }
+                else
+                {
+                    // Default string comparison
+                    err = DM_ACCESS_CompareString(token, kExprOp_Equal, ec->value, &result);
+                }
+
+                if (err != USP_ERR_OK)
+                {
+                    USP_FREE(list_copy);
+                    return err;
+                }
+
+                if (result)
+                {
+                    found = true;
+                    break;
+                }
+
+                token = strtok_r(NULL, ",", &saveptr);
+            }
+
+            USP_FREE(list_copy);
+
+            // Exit if element not found in list
+            if (!found)
+            {
+                return USP_ERR_OK;
+            }
+
+            // Skip the normal comparison since we already handled it
+            continue;
+        }
+
+         // Determine the function to call to perform the comparison
+         if (type_flags & (DM_INT | DM_UINT | DM_ULONG | DM_LONG | DM_DECIMAL))
+         {
+Index: obuspa-9.0.4.11/src/include/usp_api.h
+===================================================================
+--- obuspa-9.0.4.11.orig/src/include/usp_api.h
+++ obuspa-9.0.4.11/src/include/usp_api.h
+@@ -105,6 +105,7 @@ typedef enum
+     kExprOp_LessThan,               // '<'
+     kExprOp_GreaterThan,            // '>'
+     kExprOp_Equals,                 // '='
+    kExprOp_Contains,               // '~='
+ 
+     kExprOp_Max
+ } expr_op_t;
--- a/obuspa/patches/1002-mqtt-qos.patch
+++ b/obuspa/patches/1002-mqtt-qos.patch
@@ -0,0 +1,11 @@
+--- a/src/core/device_bulkdata.c	2025-02-18 16:49:27.507575767 +0530
+++ b/src/core/device_bulkdata.c	2025-02-18 16:51:45.535693108 +0530
+@@ -374,6 +374,8 @@
+     // Device.BulkData.Profile.{i}.MQTT
+     err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.Reference", "", Validate_BulkDataMqttReference, NULL, DM_STRING);
+     err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishTopic", "", NULL, NULL, DM_STRING);
+    err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishQoS", TO_STR(MQTT_FALLBACK_QOS), NULL, NULL, DM_UINT);
+    err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishRetain", "false", NULL, NULL, DM_BOOL);
+ #endif
+ 
+     // Register Push! Event
--- a/obuspa/patches/1003-ct-full-access-rename.patch
+++ b/obuspa/patches/1003-ct-full-access-rename.patch
@@ -0,0 +1,13 @@
+diff --git a/src/core/data_model.c b/src/core/data_model.c
+index 360c5e2..136de0d 100644
+--- a/src/core/data_model.c
+++ b/src/core/data_model.c
+@@ -5180,7 +5180,7 @@ int RegisterDefaultControllerTrust(void)
+     int err = USP_ERR_OK;
+ 
+     // Register 'Full Access' role
+-    err |= USP_DM_RegisterRoleName(ROLE_FULL_ACCESS, "Full Access");
+    err |= USP_DM_RegisterRoleName(ROLE_FULL_ACCESS, "full_access");
+     err |= USP_DM_AddControllerTrustPermission(ROLE_FULL_ACCESS, dm_root, PERMIT_ALL);
+ 
+     // Register 'Untrusted' role
--- a/obuspc/files/etc/uci-defaults/100-add-mosquitto-listener
+++ b/obuspc/files/etc/uci-defaults/100-add-mosquitto-listener
@@ -15,4 +15,3 @@ port=$(uci -q get uspc.mqtt.BrokerPort)
 uci -q set mosquitto.uspc.enabled="1"
 uci -q set mosquitto.uspc.port=$port
 uci -q set mosquitto.uspc.allow_anonymous="1"
-uci commit mosquitto
--- a/packet-capture-diagnostics/Makefile
+++ b/packet-capture-diagnostics/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=packet-capture-diagnostics
-PKG_VERSION:=1.0.2
+PKG_VERSION:=1.0.3

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
@@ -46,7 +46,7 @@ endif

 define Package/packet-capture-diagnostics/install
 	$(BBFDM_INSTALL_SCRIPT) ./files/scripts/packetcapture $(1)
-	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/src/libpackcapture.so $(1)
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libpackcapture.so $(1) core
 endef

 $(eval $(call BuildPackage,packet-capture-diagnostics))
--- a/parental-control/Makefile
+++ b/parental-control/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=parental-control
-PKG_VERSION:=1.0.4
+PKG_VERSION:=1.1.4

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=eea7793e26b52f45f4e47e849894ac3f8cdc3747
+PKG_SOURCE_VERSION:=a746707e4231bd190000a752785974ccaf9dd6da
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -59,8 +59,10 @@ endef
 endif

 define Package/parental-control/install
+	$(INSTALL_DIR) $(1)/etc/parentalcontrol
 	$(INSTALL_DIR) $(1)/lib/parentalcontrol
 	$(INSTALL_DATA) ./files/lib/parentalcontrol/parentalcontrol.sh $(1)/lib/parentalcontrol/
+	$(INSTALL_BIN) ./files/lib/parentalcontrol/sync_bundles.sh $(1)/lib/parentalcontrol/

 	$(INSTALL_DIR) $(1)/etc
 	$(INSTALL_DATA) ./files/etc/firewall.parentalcontrol $(1)/etc/
@@ -78,11 +80,13 @@ define Package/parental-control/install
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/

+	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
+	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/parentalcontrol $(1)/lib/upgrade/keep.d/parentalcontrol
+
 	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol

 ifeq ($(CONFIG_PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES),y)
-	$(INSTALL_DIR) $(1)/etc/parental-control
-	$(INSTALL_DATA) ./files/etc/parental-control/urlbundles.tar.xz $(1)/etc/parental-control/
+	$(INSTALL_DATA) ./files/etc/parentalcontrol/urlbundles.tar.xz $(1)/etc/parentalcontrol/
 endif
 endef

--- a/parental-control/files/etc/config/parentalcontrol
+++ b/parental-control/files/etc/config/parentalcontrol
@@ -1,3 +1,93 @@
 config globals 'globals'
-	option enable '0'
-	option loglevel '3'
+    option enable '0'
+    option loglevel '3'
+
+config urlbundle 'urlbundle_1'
+    option enable '0'
+    option name 'Abuse'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt'
+
+config urlbundle 'urlbundle_2'
+    option enable '0'
+    option name 'Ads'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt'
+
+config urlbundle 'urlbundle_3'
+    option enable '0'
+    option name 'Crypto'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt'
+
+config urlbundle 'urlbundle_4'
+    option enable '1'
+    option name 'Drugs'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt'
+
+config urlbundle 'urlbundle_5'
+    option enable '0'
+    option name 'Everything else'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt'
+
+config urlbundle 'urlbundle_6'
+    option enable '1'
+    option name 'Facebook/Instagram'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt'
+
+config urlbundle 'urlbundle_7'
+    option enable '1'
+    option name 'Fraud'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt'
+
+config urlbundle 'urlbundle_8'
+    option enable '1'
+    option name 'Gambling'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt'
+
+config urlbundle 'urlbundle_9'
+    option enable '0'
+    option name 'Malware'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt'
+
+config urlbundle 'urlbundle_10'
+    option enable '1'
+    option name 'Phishing'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt'
+
+config urlbundle 'urlbundle_11'
+    option enable '1'
+    option name 'Piracy'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt'
+
+config urlbundle 'urlbundle_12'
+    option enable '0'
+    option name 'Porn'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt'
+
+config urlbundle 'urlbundle_13'
+    option enable '1'
+    option name 'Ransomware'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt'
+
+config urlbundle 'urlbundle_14'
+    option enable '0'
+    option name 'Redirect'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt'
+
+config urlbundle 'urlbundle_15'
+    option enable '1'
+    option name 'Scam'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt'
+
+config urlbundle 'urlbundle_16'
+    option enable '0'
+    option name 'TikTok'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt'
+
+config urlbundle 'urlbundle_17'
+    option enable '0'
+    option name 'Torrent'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt'
+
+config urlbundle 'urlbundle_18'
+    option enable '0'
+    option name 'Tracking'
+    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt'
--- a/parental-control/files/etc/init.d/parentalcontrol
+++ b/parental-control/files/etc/init.d/parentalcontrol
@@ -11,7 +11,8 @@ PROG=/usr/sbin/urlfilter
 validate_global_section() {
 	uci_validate_section parentalcontrol globals globals \
 	    'enable:bool:1' \
-	    'loglevel:uinteger:3'
+	    'loglevel:uinteger:3' \
+	    'bundle_path:string'
 }

 remove_fw_rules() {
@@ -47,19 +48,48 @@ configure_fw_rules() {
 	add_internet_schedule_rules
 }

+copy_dhcp_leases() {
+	src="/tmp/dhcp.leases"
+	dest="/etc/parentalcontrol/dhcp.leases"
+	dest_dir="/etc/parentalcontrol/"
+
+	# Ensure the destination directory exists
+	mkdir -p "$dest_dir" || { logger -p err "Failed to create directory $dest_dir."; return 1; }
+
+	# Check if the source file exists and is not empty
+	if [ -s "$src" ]; then
+		# Compare the content of the source and destination
+		if ! cmp -s "$src" "$dest"; then
+			# Use atomic copy to prevent partial writes
+			tmp_dest="${dest}.tmp"
+			cp "$src" "$tmp_dest" && mv "$tmp_dest" "$dest"
+		fi
+	fi
+}
+
 start_service() {
-	local enable loglevel
+	local enable loglevel bundle_path

 	config_load parentalcontrol
 	validate_global_section

+	[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
+
 	# add default bundles
 	process_default_bundles
 	# add firewall rules
 	configure_fw_rules

-	procd_open_instance parentalcontrol_dm
-	procd_set_param command ${PROG}
+	# if the router is, for example, upgraded and then it boots up
+	# then /tmp/dhcp.leases will be empty until clients try to get a lease,
+	# in that case, hostnames will not be processed by the daemon,
+	# for this we copy /tmp/dhcp.leases to /etc/parentalcontrol/dhcp.leases
+	# which will be persistent acrros reboots and upgrade where settings are kept
+	# and will be used as a backup in case /tmp/dhcp.leases is empty
+	copy_dhcp_leases
+
+	procd_open_instance "parentalcontrol_dm"
+	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
 	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
 	procd_close_instance
@@ -69,6 +99,7 @@ stop_service() {
 	# remove default bundles
 	remove_default_bundles
 	remove_fw_rules
+	copy_dhcp_leases
 }

 reload_service() {
@@ -78,6 +109,7 @@ reload_service() {
 		start
 	else
 		configure_fw_rules
+		copy_dhcp_leases
 		ubus send parentalcontrol.reload
 	fi
 }
--- a/parental-control/files/etc/parental-control/urlbundles.tar.xz
+++ b/parental-control/files/etc/parental-control/urlbundles.tar.xz
--- a/parental-control/files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults
+++ b/parental-control/files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults
@@ -125,8 +125,4 @@ config_load "urlfilter"
 config_foreach handle_profile profile
 config_foreach handle_filter filter

-# Commit changes
-uci commit parentalcontrol
-uci commit schedules
-
 rm -f "$urlfilter_config"
--- a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh
+++ b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh
@@ -13,8 +13,8 @@ IP_RULE=""
 ACL_FILE=""
 parentalcontrol_ipv4_forward=""
 parentalcontrol_ipv6_forward=""
-default_bundle_dir="/tmp/urlfilter/default/"
-bundle_archive="/etc/parental-control/urlbundles.tar.xz"
+default_bundle_dir="/tmp/parentalcontrol/default/"
+bundle_archive="/etc/parentalcontrol/urlbundles.tar.xz"

 log() {
 	echo "$*" |logger -t urlfilter.init -p debug
@@ -412,14 +412,14 @@ add_internet_schedule_rules() {
 	echo "iptables -w -F parentalcontrol_forward" >> $ACL_FILE
 	echo "ip6tables -w -F parentalcontrol_forward" >> $ACL_FILE

-	parentalcontrol_ipv4_forward=$(iptables -t filter --list -n | grep parentalcontrol_forward)
+	parentalcontrol_ipv4_forward=$(iptables -w -t filter --list -n | grep parentalcontrol_forward)
 	if [ -z "$parentalcontrol_ipv4_forward" ]; then
 		echo "iptables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
 		ret=$?
 		[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j parentalcontrol_forward" >> $ACL_FILE
 	fi

-	parentalcontrol_ipv6_forward=$(ip6tables -t filter --list -n | grep parentalcontrol_forward)
+	parentalcontrol_ipv6_forward=$(ip6tables -w -t filter --list -n | grep parentalcontrol_forward)
 	if [ -z "$parentalcontrol_ipv6_forward" ]; then
 		echo "ip6tables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
 		ret=$?
--- a/parental-control/files/lib/parentalcontrol/sync_bundles.sh
+++ b/parental-control/files/lib/parentalcontrol/sync_bundles.sh
@@ -0,0 +1,295 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+LOCKFILE="/tmp/sync_bundles.lock"
+
+# this script handles syncing bundles
+# if its a remote file, then it would be downloaded and placed in bundle_dir
+bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
+if [ -z "${bundle_path}" ]; then
+	bundle_path="/tmp/parentalcontrol"
+fi
+
+stringstore_dir="${bundle_path}/stringstore"
+bundle_dir="${bundle_path}/urlbundles"
+bundle_sizes="${bundle_path}/bundle_sizes"
+
+# Ensure required directories and files exist
+initialize_environment() {
+	mkdir -p "$bundle_dir"
+	mkdir -p "$stringstore_dir"
+	[ ! -f "$bundle_sizes" ] && touch "$bundle_sizes"
+}
+
+# Function to sanitize URLs to avoid code injection and ensure safety
+sanitize_url() {
+	local raw_url="$1"
+	echo "$raw_url" | sed 's/[^a-zA-Z0-9_.:/?-]//g'
+}
+
+update_bundle_file_from_url() {
+	local download_url="$1"
+	local bundle_file_name="$2"
+	local bundle_file_size="$3"
+	local bundle_name="$4"
+	local file_name="$5"
+	local available_memory
+
+	available_memory=$(df "$bundle_dir" | tail -n 1 | awk '{print $(NF-2)}') # Available memory in 1K blocks
+	local needed_blocks=$((bundle_file_size / 1024)) # Convert bundle_file_size to 1K blocks
+	local max_size=$((10 * 1024 * 1024)) # 10MB in bytes
+
+	if [ "$available_memory" -le "$needed_blocks" ]; then
+		logger -p info "Error: Not enough disk space for bundle: ${bundle_name}"
+		return 1
+	fi
+
+	if [ "$bundle_file_size" -gt "$max_size" ]; then
+		logger -p info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
+		return 1
+	fi
+
+	# Determine file path
+	local file_path
+	if echo "$download_url" | grep -q "^file://"; then
+		file_path=${download_url#file://}
+	else
+		# Random delay (0-5s) before starting the download
+		local delay=$((RANDOM % 6))
+		logger -p info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
+		sleep "$delay"
+
+		# Retry logic with exponential backoff
+		local temp_file="${bundle_dir}/tmp_${file_name}"
+		local attempt=1
+		local success=0
+		while [ $attempt -le 3 ]; do
+			curl -s -o "$temp_file" "$download_url"
+			if [ $? -eq 0 ]; then
+				success=1
+				break
+			else
+				logger -p info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
+				local backoff=$(( (2 ** attempt) + (RANDOM % 3) )) # Exponential backoff + 0-2s jitter
+				sleep "$backoff"
+			fi
+			attempt=$(( attempt+1 ))
+		done
+
+		if [ $success -ne 1 ]; then
+			logger -p info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
+			rm -f "$temp_file"
+			return 1
+		fi
+		file_path="$temp_file"
+	fi
+
+	# Handle compressed files
+	local final_path="${bundle_dir}/${bundle_file_name}"
+	if [[ "$file_path" =~ \.xz$ ]]; then
+		if ! xz -dc "$file_path" > "$final_path"; then
+			logger -p info "update_bundle_file_from_url: Decompression failed."
+			rm -f "$final_path"
+			rm -f "$file_path"
+			return 1
+		fi
+
+		rm -f "$file_path"
+	elif [[ "$file_path" =~ \.gz$ ]]; then
+		if ! gzip -dc "$file_path" > "$final_path"; then
+			logger -p info "update_bundle_file_from_url: Decompression failed."
+			rm -f "$final_path"
+			rm -f "$file_path"
+			return 1
+		fi
+
+		rm -f "$file_path"
+	else
+		mv "$file_path" "$final_path"
+	fi
+
+	# file would have lines of the format: 0.0.0.0 www.facebook.com
+	# so we keep only the url part and remove duplicates
+	local processed_final_path="${final_path}_urls"
+	awk '{print $NF}' "$final_path" | sort -u > "$processed_final_path"
+
+	# delete unprocessed file
+	rm -rf "$final_path"
+
+	# Update the bundle size and send ubus event
+	echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
+	ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${processed_final_path}\",\"bundle_name\":\"${bundle_name}\"}"
+
+	return 0
+}
+
+handle_download_url() {
+	local raw_download_url="$1"
+	local bundle_name="$2"
+
+	local sanitized_url
+	sanitized_url=$(sanitize_url "$raw_download_url")
+
+	local file_name="${sanitized_url##*/}" # Get everything after the last '/'
+
+	local bundle_file_name="${file_name}.urlbundle"
+	local unprocessed_file=0
+	local file_path="${sanitized_url#file://}"
+
+	if echo "$sanitized_url" | grep -qE "^https?://|^file://"; then
+		local previous_bundle_size
+		previous_bundle_size=$(grep "^${bundle_file_name} " "$bundle_sizes" | awk '{print $2}')
+
+		# If the URL is HTTP, fetch the file size
+		local bundle_file_size
+		if echo "$sanitized_url" | grep -qE "^https?://"; then
+			bundle_file_size="$(curl -I "$sanitized_url" 2>&1 | grep -i 'content-length' | cut -d: -f2 | xargs)"
+			[ -z "$bundle_file_size" ] && bundle_file_size=0
+		else
+			# If it's a file:// URL, get the file size from the filesystem
+			bundle_file_size=$(ls -l "$file_path" 2>/dev/null | awk '{print $5}')
+			[ -z "$bundle_file_size" ] && bundle_file_size=0
+		fi
+
+		if [ -n "$previous_bundle_size" ] && [ "$bundle_file_size" -eq "$previous_bundle_size" ]; then
+			return
+		fi
+
+		if echo "$sanitized_url" | grep -q "^file://" && ! echo "$sanitized_url" | grep -Eq "\.(xz|gz)$"; then
+			# the file is not processed and hence not moved if it is a local uncompressed file
+			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
+			echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
+			ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${file_path}\",\"bundle_name\":\"${bundle_name}\"}"
+			return
+		fi
+
+		# Remove existing entries
+		if [ -n "$previous_bundle_size" ]; then
+			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
+			rm -f "${bundle_dir}/${bundle_file_name}"
+		fi
+
+		update_bundle_file_from_url "$sanitized_url" "$bundle_file_name" "$bundle_file_size" "$bundle_name" "$file_name"
+		return $?
+	else
+		logger -p info "Error: Unsupported URL format for ${bundle_file_name}"
+		return 1
+	fi
+
+	return 0
+}
+
+cleanup_bundle_files() {
+	local dir="$1"
+	[ -d "$dir" ] || return 1
+
+	# Collect all download_url entries using config_foreach
+	local urls=""
+	get_download_url() {
+		local section="$1"
+		config_get url "$section" download_url
+		config_get_bool enable "$1" enable 0
+
+		if [ "${enable}" -eq 0 ]; then
+			# bundle is disabled
+			return 0
+		fi
+		url="${url#file://}"
+		url="${url#https://}"
+		url="${url#http://}"
+
+		url="${url##*/}" # Get everything after the last '/'
+		urls="$urls $url"
+	}
+
+	config_load parentalcontrol
+	config_foreach get_download_url urlbundle
+
+	# Loop through all files in the directory
+	for file in "$dir"/*; do
+		[ -f "$file" ] || continue  # Skip non-files
+
+		# Remove the suffix after the last dot
+		base_name="$(basename "$file")"
+		name="${base_name%.*}"  # Removes the last dot and suffix
+
+		# Check if the name is present in the collected urls
+		if ! echo "$urls" | grep -q "$name"; then
+			rm -f "$file"
+			sed -i "/^${name} /d" "$bundle_sizes"
+		fi
+	done
+}
+
+# Main handler for all profile URL bundles
+handle_filter_for_bundles() {
+	ubus -t 20 wait_for bbfdm.parentalcontrol
+
+	if [ "$?" -ne 0 ]; then
+		logger -p error "bbfdm.parentalcontrol object not found"
+		return
+	fi
+
+	initialize_environment
+
+	cleanup_bundle_files "$bundle_dir"
+	cleanup_bundle_files "$stringstore_dir"
+
+	config_load parentalcontrol
+
+	config_get_bool enable globals enable 0
+	if [ "${enable}" -eq 0 ]; then
+		# Parental control is disabled
+		return 0
+	fi
+
+	local profile enable bundles bundle_name download_url
+
+	check_bundle_exists() {
+		local cfg="$1"
+		config_get name "$cfg" name
+		config_get_bool enable "$cfg" enable 0
+		config_get download_url "$cfg" download_url
+
+		if [ "${enable}" -eq 0 ]; then
+			# bundle is disabled
+			return 0
+		fi
+
+		if [ "$name" = "$2" ]; then
+			handle_download_url "$download_url" "$name"
+			local exit_status=$?
+			if [ "$exit_status" -eq 1 ]; then
+				uci -q set "parentalcontrol.${cfg}.status"="Error"
+			else
+				uci -q set "parentalcontrol.${cfg}.status"=""
+			fi
+
+			uci commit parentalcontrol
+		fi
+	}
+
+	handle_bundle_from_profile() {
+		local bundle_name="$1"
+
+		config_foreach check_bundle_exists urlbundle "$bundle_name"
+	}
+
+	handle_profile() {
+		config_get_bool enable "$1" enable 0
+		[ "$enable" -ne 1 ] && return
+
+		config_list_foreach "$1" profile_urlbundle handle_bundle_from_profile
+	}
+
+	config_foreach handle_profile profile_urlfilter
+}
+
+
+# Open file descriptor 200 for locking
+exec 200>"$LOCKFILE"
+# Try to acquire an exclusive lock; exit if another instance is running
+flock -n 200 || { logger -p info "sync_bundles.sh is already running, exiting."; exit 1; }
+
+handle_filter_for_bundles
--- a/parental-control/files/lib/upgrade/keep.d/parentalcontrol
+++ b/parental-control/files/lib/upgrade/keep.d/parentalcontrol
@@ -0,0 +1 @@
+/etc/parentalcontrol/dhcp.leases
--- a/passwdqc/Makefile
+++ b/passwdqc/Makefile
@@ -1,41 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=passwdqc
-PKG_VERSION:=2.0.3
-PKG_RELEASE:=1
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/openwall/passwdqc.git
-PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_MIRROR_HASH:=skip
-
-PKG_LICENSE:=BSD-3
-PKG_LICENSE_FILES:=LICENSE
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/$(PKG_NAME)
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=libpam password checking module
-  DEPENDS:=+libpam +@BUSYBOX_CONFIG_PAM
-endef
-
-define Package/$(PKG_NAME)/description
-	pam_passwdqc is a simple password strength checking module for
-	PAM-aware password changing programs
-endef
-
-define Build/Compile
-	$(MAKE) -C $(PKG_BUILD_DIR) \
-		CC="$(TARGET_CC)" \
-		LDFLAGS="$(TARGET_LDFLAGS)" \
-		pam_wrapped
-endef
-
-define Package/$(PKG_NAME)/install
-	$(INSTALL_DIR) $(1)/usr/lib/security/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libpasswdqc.so* $(1)/usr/lib/security/
-endef
-
-$(eval $(call BuildPackage,$(PKG_NAME)))
--- a/ponmngr/files/airoha/lib/xpon/airoha.sh
+++ b/ponmngr/files/airoha/lib/xpon/airoha.sh
@@ -1,6 +1,48 @@
 #!/bin/sh

 . /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+check_ptp_mode() {
+	local wanport enabled updated
+
+	if [ -f /etc/board.json ]; then
+		json_init
+		json_load_file /etc/board.json
+		json_select network
+		json_select wan 2>/dev/null
+		json_get_var wanport device
+		json_select ..
+		json_select ..
+		json_cleanup
+
+		if [ -f /etc/bbfdm/services/ponmngr.json ]; then
+			json_init
+			json_load_file /etc/bbfdm/services/ponmngr.json
+			json_select daemon
+			json_get_var enabled enable
+
+			if [ "$wanport" = "pon" ]; then
+				updated=1
+			else
+				updated=0
+			fi
+
+			# Avoid writing to flash if not necessary, since it might affect wear-leveling
+			if [ "$enabled" != "$updated" ]; then
+				json_add_string enable "$updated"
+				json_select ..
+				json_pretty
+				json_dump > /etc/bbfdm/services/ponmngr.json
+			fi
+			json_cleanup
+		fi
+	fi
+}
+
+apply_extra_xpon_config() {
+	check_ptp_mode
+}

 set_serial_number() {
 	local vendor_id="$1"
@@ -49,6 +91,8 @@ apply_xpon_uci_config() {
 }

 init_xpon() {
+	check_ptp_mode
+
 	# don't start pon daemons if xpon module is not loaded
 	[ -d /sys/module/xpon -o -d /sys/module/xpon_10g ] || return

@@ -65,4 +109,3 @@ init_xpon() {
 deinit_xpon() {
 	return
 }
-
--- a/ponmngr/files/broadcom/lib/xpon/broadcom.sh
+++ b/ponmngr/files/broadcom/lib/xpon/broadcom.sh
@@ -2,6 +2,10 @@

 . /lib/functions.sh

+apply_extra_xpon_config() {
+	return
+}
+
 set_serial_number() {
 	local vendor_id="$1"
 	local vssn="$2"
--- a/ponmngr/files/common/etc/init.d/xpon
+++ b/ponmngr/files/common/etc/init.d/xpon
@@ -29,6 +29,8 @@ start_service() {
 		configure_serial_number
 		apply_xpon_uci_config
 		init_xpon
+	else
+		apply_extra_xpon_config
 	fi
 }

--- a/port-trigger/Makefile
+++ b/port-trigger/Makefile
@@ -26,7 +26,7 @@ define Package/port-trigger
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=Port Trigger Daemon
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +kmod-ipt-trigger +kmod-ip6t-trigger +iptables-mod-nfqueue
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +iptables-mod-trigger +iptables-mod-nfqueue
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef

--- a/qosmngr/Makefile
+++ b/qosmngr/Makefile
@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=qosmngr
-PKG_VERSION:=1.0.20
+PKG_VERSION:=1.0.21

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/qosmngr.git
-PKG_SOURCE_VERSION:=cc1d993b853f360c0aa19f08bfbaf1e05667527a
+PKG_SOURCE_VERSION:=f03c22f4bae8497bc9c88715ab094e7bef46b59e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -29,7 +29,7 @@ define Package/qosmngr
  CATEGORY:=Utilities
  TITLE:=QoS Manager
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos +!(TARGET_brcmbca||TARGET_airoha):tc-full
-  DEPENDS+=+!TARGET_brcmbca:kmod-ebt-vlantranslation +!TARGET_brcmbca:kmod-ebt-dscp2pbit +!TARGET_brcmbca:ebtables-legacy
+  DEPENDS+=+kmod-ebt-vlantranslation +kmod-ebt-dscp2pbit +!(TARGET_brcmbca):ebtables-legacy
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +bridgemngr
 endef

--- a/qosmngr/files/airoha/etc/uci-defaults/99-set-queue-shaper-status
+++ b/qosmngr/files/airoha/etc/uci-defaults/99-set-queue-shaper-status
@@ -0,0 +1,4 @@
+uci -q set qos.globals=globals
+uci -q set qos.globals.per_queue_shaper=0
+
+exit 0
--- a/qosmngr/files/airoha/lib/qos/qos_functions.sh
+++ b/qosmngr/files/airoha/lib/qos/qos_functions.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+get_max_linkspeed() {
+    local ifname="$1"
+    local modes="10000 5000 2500 1000 100 10"
+    local speed=""
+    local phycap="$(ethtool $ifname | sed -ne '/Supported link modes:/,/:/p' | sed -e 's/.*://' -e 's/^[[:space:]]*//' -e '$d')"
+
+    for i in $modes; do
+        if echo "${phycap}" | grep -qe "$i\\D"; then
+            speed=$i
+            break
+        fi
+    done
+
+    echo "$speed"
+}
+
+get_shaper_rate() {
+	rate="$1"
+
+	if [ -z "${rate}" ]; then
+		echo "-1"
+		return
+	fi
+
+	if [ "${rate}" -eq -1 ]; then
+		#No shaping
+		echo "-1"
+		return
+	fi
+
+	# Convert the rate from bps to kbps.
+	if [ "${rate}" -ge 0 -a "${rate}" -le 100 ];then
+		# set as per percentage
+		speed=$(get_max_linkspeed "$ifname")
+		if [ -z "${speed}" ]; then
+			echo "-1"
+			return
+		fi
+
+		rate=$((speed * rate * 1000 / 100))
+	else
+		rate=$(($rate / 1000))
+	fi
+
+	echo "$rate"
+}
--- a/qosmngr/files/airoha/lib/qos/queue.sh
+++ b/qosmngr/files/airoha/lib/qos/queue.sh
@@ -1,6 +1,8 @@
 #!/bin/sh
 # Handle queues and their order

+. /lib/qos/qos_functions.sh
+
 Q_COUNT=0

 # Preliminary configuration of a queue
@@ -21,7 +23,7 @@ handle_queue() {
    config_get is_enable "$qid" "enable" 1

    # no need to configure disabled queues
-    if [ "${is_enable}" == "0" ]; then
+    if [ "${is_enable}" = "0" ]; then
        return
    fi

@@ -38,7 +40,21 @@ handle_queue() {
    config_get qsize "$qid" "queue_size" 1024
    config_get precedence "$qid" "precedence"

-    hw_queue_set "${ifname}" "${Q_COUNT}" "${precedence}" "$qsize" "$wgt" "$sc_alg" "$shapingrate" "$rate" "$bs"
+    rate=$(get_shaper_rate "$rate")
+ 
+    if [ "$rate" -eq -1 ]; then
+       return
+    fi
+
+    config_get bs "$qid" "burst_size"
+
+    if [ "${bs}" -ge 1000 ] ; then
+        bs=$((bs / 1000))
+    else
+        bs=0
+    fi
+
+    hw_queue_set "${ifname}" "${Q_COUNT}" "${precedence}" "$qsize" "$wgt" "$sc_alg" "$rate" "$bs"
    Q_COUNT=$((Q_COUNT + 1))
 }

--- a/qosmngr/files/airoha/lib/qos/shaper.sh
+++ b/qosmngr/files/airoha/lib/qos/shaper.sh
@@ -1,21 +1,7 @@
 #!/bin/sh
 # Common shaper library

-get_max_linkspeed() {
-    local ifname="$1"
-    local modes="10000 5000 2500 1000 100 10"
-    local speed=""
-    local phycap="$(ethtool $ifname | sed -ne '/Supported link modes:/,/:/p' | sed -e 's/.*://' -e 's/^[[:space:]]*//' -e '$d')"
-
-    for i in $modes; do
-        if echo "${phycap}" | grep -qe "$i\\D"; then
-            speed=$i
-            break
-        fi
-    done
-
-    echo "$speed"
-}
+. /lib/qos/qos_functions.sh

 # UCI 'shaper' section handler.
 # It will verify shaper configuration sanity and then invoke
@@ -36,26 +22,10 @@ handle_shaper() {
    fi

    config_get rate "$sid" "rate"
-    if [ -z "${rate}" ]; then
-        return
-    fi
-
-    if [ "${rate}" -eq -1 ]; then
-        # No shaping
-        return
-    fi
-
-    # Convert the rate from bps to kbps.
-    if [ "${rate}" -ge 0 -a "${rate}" -le 100 ] ; then
-        # Set as per percentage
-        speed=$(get_max_linkspeed "$ifname")
-        if [ -z "${speed}" ]; then
-            return
-        fi
-
-        rate=$((speed * rate * 1000 / 100))
-    else
-        rate=$((rate / 1000))
+    rate=$(get_shaper_rate "$rate")
+ 
+    if [ "$rate" -eq -1 ]; then
+       return
    fi

    config_get bs "$sid" "burst_size"
--- a/qosmngr/files/broadcom/lib/qos/qos.sh
+++ b/qosmngr/files/broadcom/lib/qos/qos.sh
@@ -31,6 +31,37 @@ get_max_linkspeed() {
 	echo "$speed"
 }

+get_shaper_rate() {
+	rate="$1"
+
+	if [ -z "${rate}" ]; then
+		echo "-1"
+		return
+	fi
+
+	if [ "${rate}" -eq -1 ]; then
+		#No shaping
+		echo "-1"
+		return
+	fi
+
+	# Convert the rate from bps to kbps.
+	if [ "${rate}" -ge 0 -a "${rate}" -le 100 ];then
+		# set as per percentage
+		speed=$(get_max_linkspeed "$ifname")
+		if [ -z "${speed}" ]; then
+			echo "-1"
+			return
+		fi
+
+		rate=$((speed * rate * 1000 / 100))
+	else
+		rate=$(($rate / 1000))
+	fi
+
+	echo "$rate"
+}
+
 get_port_number() {
 	[ -z "$1" ] && return
 	local ports="0 1 2 3 4 5 6 7 8"
@@ -125,10 +156,17 @@ handle_queue_shapingrate() {
 	fi

 	config_get rate "$qid" "rate"
+
+	rate=$(get_shaper_rate "$rate")
+	if [ "$rate" -eq -1 ]; then
+		return
+	fi
+
 	config_get bs "$qid" "burst_size"

 	# Call tmctl which is a broadcomm command to configure queues shapingrate.
 	tmctl setqcfg --devtype 0 --if $ifname --qid $Q_COUNT --shapingrate $rate --burstsize $bs &>/dev/null
+
 	Q_COUNT=$((Q_COUNT + 1))
 }

@@ -198,6 +236,13 @@ handle_queue() {
 	       order=0
 	fi

+	rate=$(get_shaper_rate "$rate")
+	if [ "$rate" -eq -1 ]; then
+		return
+	fi
+
+	config_get bs "$qid" "burst_size"
+
 	# Call tmctl which is a broadcomm command to configure queues on a port.
 	tmctl setqcfg --devtype 0 --if $ifname --qid $Q_COUNT --priority $order --qsize $qsize --weight $wgt --schedmode $salg --shapingrate $rate --burstsize $bs
 	Q_COUNT=$((Q_COUNT + 1))
@@ -344,28 +389,12 @@ handle_shaper() {
 	fi

 	config_get rate "$sid" "rate"
-	if [ -z "${rate}" ]; then
+
+	rate=$(get_shaper_rate "$rate")
+	if [ "$rate" -eq -1 ]; then
 		return
 	fi

-	if [ "${rate}" -eq -1 ]; then
-		#No shaping
-		return
-	fi
-
-	# Convert the rate from bps to kbps.
-	if [ "${rate}" -ge 0 -a "${rate}" -le 100 ];then
-		# set as per percentage
-		speed=$(get_max_linkspeed "$ifname")
-		if [ -z "${speed}" ]; then
-			return
-		fi
-
-		rate=$((speed * rate * 1000 / 100))
-	else
-		rate=$(($rate / 1000))
-	fi
-
 	config_get bs "$sid" "burst_size"
 	tmctl setportshaper --devtype 0 --if $ifname --shapingrate $rate --burstsize $bs
 }
--- a/qosmngr/files/common/etc/uci-defaults/60-qos_config_generate
+++ b/qosmngr/files/common/etc/uci-defaults/60-qos_config_generate
@@ -4,7 +4,6 @@
 . /usr/share/libubox/jshn.sh


-cpu_model="$(cat /proc/socinfo  | grep 'SoC Name' | cut -d':' -f2)"
 queue_num=8

 populate_no_of_queue(){
@@ -37,8 +36,6 @@ generate_queue(){
 		uci set qos.@queue[-1].burst_size="0"
 		uci set qos.@queue[-1].weight="1"
 	done
-
-	uci commit qos
 }

 generate_wan_queues() {
--- a/qosmngr/files/common/etc/uci-defaults/61-qos_classify_generate
+++ b/qosmngr/files/common/etc/uci-defaults/61-qos_classify_generate
@@ -104,8 +104,6 @@ generate_classify(){
 		uci set qos.@classify[-1].traffic_class="$i"
 		uci set qos.@classify[-1].order="$classify_no"
 	done
-
-	uci commit qos
 }

 if [ -s "/etc/config/qos" ]; then
--- a/qosmngr/files/common/lib/qos/iptables.sh
+++ b/qosmngr/files/common/lib/qos/iptables.sh
@@ -279,17 +279,17 @@ create_iptables_chains() {
    ret=$?
    [ $ret -eq 0 ] && iptables -w -t mangle -I OUTPUT -j qos_output

-    ip6tables -t mangle -N qos_forward 2> /dev/null
+    ip6tables -w -t mangle -N qos_forward 2> /dev/null
    ret=$?
-    [ $ret -eq 0 ] && ip6tables -t mangle -I FORWARD -j qos_forward
+    [ $ret -eq 0 ] && ip6tables -w -t mangle -I FORWARD -j qos_forward

-    ip6tables -t mangle -N qos_prerouting 2> /dev/null
+    ip6tables -w -t mangle -N qos_prerouting 2> /dev/null
    ret=$?
-    [ $ret -eq 0 ] && ip6tables -t mangle -I PREROUTING -j qos_prerouting
+    [ $ret -eq 0 ] && ip6tables -w -t mangle -I PREROUTING -j qos_prerouting

-    ip6tables -t mangle -N qos_output 2> /dev/null
+    ip6tables -w -t mangle -N qos_output 2> /dev/null
    ret=$?
-    [ $ret -eq 0 ] && ip6tables -t mangle -I OUTPUT -j qos_output
+    [ $ret -eq 0 ] && ip6tables -w -t mangle -I OUTPUT -j qos_output
 }

 flush_iptables_chains() {
--- a/self-diagnostics/Makefile
+++ b/self-diagnostics/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=self-diagnostics
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.0.13
 PKG_RELEASE:=1

 PKG_LICENSE:=GPL-2.0-only
@@ -25,7 +25,7 @@ endef
 define Package/self-diagnostics/install
 	$(INSTALL_DIR) $(1)/etc/self-diagnostics/spec/
 	$(CP) ./files/* $(1)/
-	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/libselftest.so $(1)
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/libselftest.so $(1) core
 endef

 $(eval $(call BuildPackage,self-diagnostics))
--- a/sshmngr/Config.in
+++ b/sshmngr/Config.in
@@ -22,4 +22,10 @@ config SSHMNGR_BACKEND_DROPBEAR
 	   Enable this option to use dropbear for ssh.

 endchoice
+
+config SSHMNGR_SFTP
+	bool "SFTP support"
+	default y
+	help
+	   Enable this option to support the SFTP protocol.
 endif
--- a/sshmngr/Makefile
+++ b/sshmngr/Makefile
@@ -33,6 +33,7 @@ define Package/sshmngr
  DEPENDS+=+SSHMNGR_BACKEND_OPENSSH:openssh-server +SSHMNGR_BACKEND_OPENSSH:openssh-client-utils
  DEPENDS+=+SSHMNGR_BACKEND_OPENSSH_PAM:openssh-server-pam +SSHMNGR_BACKEND_OPENSSH_PAM:openssh-client-utils
  DEPENDS+=+SSHMNGR_BACKEND_DROPBEAR:dropbear
+  DEPENDS+=+SSHMNGR_SFTP:openssh-sftp-server
 endef

 define Package/sshmngr/description
--- a/sulu/sulu-base/Makefile
+++ b/sulu/sulu-base/Makefile
@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=sulu-base
-PKG_VERSION:=4.0.4
+PKG_VERSION:=4.0.5

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=adc73a288a518735807c4b4334d55bc362bd31c2
+PKG_SOURCE_VERSION:=2e715b0f9c00105b88d2d5c8e6607081c0cffc3a
 PKG_MIRROR_HASH:=skip

 SULU_MOD:=core
--- a/sulu/sulu-builder/Makefile
+++ b/sulu/sulu-builder/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=sulu-builder
-PKG_VERSION:=4.0.6
+PKG_VERSION:=4.0.10
 PKG_RELEASE:=1

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=71fa109e12e3cd469ea43adc8a39574bc2eb9e81
+PKG_SOURCE_VERSION:=8afd3a3a4623caa7ca99f28310272b4e88a5719d
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
--- a/sulu/sulu-builder/files/etc/sulu/sulu.sh
+++ b/sulu/sulu-builder/files/etc/sulu/sulu.sh
@@ -25,19 +25,7 @@ function _get_agent_id() {
 	else
 		endpointid="$(echo "${endpointid/::/,}" | cut -d "," -f 2)"
 		endpointid="${endpointid//+/%2B}"
-	fi
-}
-
-function _get_endpoint_id() {
-	local oui serial endpointid
-
-	endpointid="$(uci_get obuspa localagent EndpointID)"
-	if [ -z "${endpointid}" ]; then
-		oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
-		serial="$(db -q get device.deviceinfo.SerialNumber)"
-		echo "os::${oui}-${serial//+/%2B}"
-	else
-		echo "${endpointid//+/%2B}"
+		echo "${endpointid}"
 	fi
 }

@@ -93,7 +81,7 @@ function generate_sulu_conn_config() {
 	{
 		json_add_object 'main'
 		{
-			json_add_string 'toId' "$(_get_endpoint_id)"
+			json_add_string 'toId' "os::$(_get_agent_id)"
 			json_add_string 'port' "auto"
 			json_add_string 'path' "/wss"

--- a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config
+++ b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config
@@ -41,7 +41,7 @@ add_sulu_config_to_mosquitto()
 		uci_set mosquitto sulu protocol 'websockets'
 		uci_set mosquitto sulu require_certificates '0'
 		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
+		uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
 	fi
 }

--- a/sulu/sulu-builder/files/etc/users/roles/admin.json
+++ b/sulu/sulu-builder/files/etc/users/roles/admin.json
@@ -1,5 +1,7 @@
 {
  "tr181": {
+    "name": "admin",
+    "instance": 4,
    "permission": [
      {
        "object": "Device.",
@@ -63,7 +65,7 @@
        ]
      },
      {
-        "object":"Device.Time.",
+        "object": "Device.Time.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -78,7 +80,7 @@
        ]
      },
      {
-        "object":"Device.UPnP.",
+        "object": "Device.UPnP.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -93,7 +95,7 @@
        ]
      },
      {
-        "object":"Device.Bridging.",
+        "object": "Device.Bridging.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -108,7 +110,7 @@
        ]
      },
      {
-        "object":"Device.Ethernet.",
+        "object": "Device.Ethernet.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -123,7 +125,7 @@
        ]
      },
      {
-        "object":"Device.DHCPv4.",
+        "object": "Device.DHCPv4.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -138,7 +140,7 @@
        ]
      },
      {
-        "object":"Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -155,7 +157,7 @@
        ]
      },
      {
-        "object":"Device.DHCPv6.",
+        "object": "Device.DHCPv6.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -170,7 +172,7 @@
        ]
      },
      {
-        "object":"Device.Hosts.",
+        "object": "Device.Hosts.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -187,7 +189,7 @@
        ]
      },
      {
-        "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -204,7 +206,7 @@
        ]
      },
      {
-        "object":"Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -221,7 +223,7 @@
        ]
      },
      {
-        "object":"Device.NAT.",
+        "object": "Device.NAT.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -238,67 +240,16 @@
        ]
      },
      {
-        "object":"Device.PPP.",
+        "object": "Device.Firewall.",
        "perm": [
          "PERMIT_GET",
-          "PERMIT_GET_INST",
          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
+          "PERMIT_SUBS_VAL_CHANGE"
        ]
      },
      {
-        "object":"Device.Routing.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object":"Device.IEEE1905.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object":"Device.InterfaceStack.",
-        "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
-        ]
-      },
-      {
-        "object":"Device.DynamicDNS.",
+        "object": "Device.Firewall.DMZ.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -315,7 +266,7 @@
        ]
      },
      {
-        "object":"Device.LANConfigSecurity.",
+        "object": "Device.PPP.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -330,7 +281,7 @@
        ]
      },
      {
-        "object":"Device.Security.",
+        "object": "Device.Routing.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -345,7 +296,7 @@
        ]
      },
      {
-        "object":"Device.RouterAdvertisement.",
+        "object": "Device.IEEE1905.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -360,7 +311,22 @@
        ]
      },
      {
-        "object":"Device.Services.",
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -377,7 +343,7 @@
        ]
      },
      {
-        "object":"Device.UserInterface.",
+        "object": "Device.LANConfigSecurity.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -392,7 +358,37 @@
        ]
      },
      {
-        "object":"Device.PeriodicStatistics.",
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -409,7 +405,22 @@
        ]
      },
      {
-        "object":"Device.SoftwareModules.",
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -426,7 +437,24 @@
        ]
      },
      {
-        "object":"Device.Users.",
+        "object": "Device.SoftwareModules.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Users.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -517,7 +545,7 @@
        ]
      },
      {
-        "object":"Device.SSH.",
+        "object": "Device.SSH.",
        "perm": [
          "PERMIT_GET",
          "PERMIT_GET_INST",
@@ -532,6 +560,10 @@
          "PERMIT_SUBS_OBJ_DEL",
          "PERMIT_SUBS_EVT_OPER_COMP"
        ]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.X_GENEXIS_EU_Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
      }
    ]
  }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Amin Ben Romdhane	616032926c	icwmp: Ensure 'switch_bank' option is set to 1 on firmware upgrade trigger	2025-03-07 00:38:03 +01:00
Vivek Kumar Dutta	2aaf56ac6d	swmodd: added datamodel dependency on swmod ubus	2025-03-06 19:17:03 +05:30
Suvendhu Hansa	426cc077e0	obuspa: controller provisioning via dhcp	2025-03-06 13:42:18 +00:00
Janusz Dziedzic	879e549581	libwifi: 7.10.3	2025-03-06 13:38:52 +00:00
Amin Ben Romdhane	78f6198d0a	sysmngr: reduce log verbosity - Change log level from 4 to 3 to show only error logs	2025-03-06 11:44:29 +01:00
Janusz Dziedzic	6ddaa150b4	wifimngr: 17.5.8	2025-03-06 10:33:22 +00:00
Janusz Dziedzic	9188a99c99	libwifi: 7.10.2	2025-03-06 10:33:22 +00:00
Amin Ben Romdhane	352a56448e	userinterface: Fix misplaced closing quote	2025-03-06 10:15:36 +01:00
Jakob Olsson	5c7fea694f	map-controller: 6.3.0.1	2025-03-05 16:37:16 +01:00
Vivek Kumar Dutta	5474007dcf	swmodd: 2.5.22	2025-03-05 19:23:26 +05:30
Vivek Kumar Dutta	320d155a96	sysmngr: extend keep_config from Download to Activate	2025-03-05 19:13:19 +05:30
Meng	73f91e09db	obuspa: add patches/0006-contains-expression.patch	2025-03-05 13:09:57 +00:00
Amin Ben Romdhane	36d2b24bae	icwmp: Fix 'M Reboot' event is not sent on firmware upgrade	2025-03-05 11:45:57 +00:00
Janusz Dziedzic	f9010d9ef1	libwifi: 7.10.1	2025-03-05 11:08:01 +00:00
Vivek Kumar Dutta	aeda3280b3	bbfdm: avoid uci commit in uci-defaults	2025-03-05 09:10:42 +00:00
Jakob Olsson	5e3b30daa8	map-agent: 6.3.3.3	2025-03-05 10:05:09 +01:00
Mohd Mehdi	ee2165b184	qosmngr: update rate processing for queue	2025-03-05 06:02:13 +00:00
Vivek Kumar Dutta	1b7fa8ba15	qosmngr: updated uci-default scripts	2025-03-05 10:28:33 +05:30
Vivek Kumar Dutta	052dc52801	parental-control: updated uci-default script	2025-03-05 10:25:42 +05:30
Vivek Kumar Dutta	4373ec21aa	obuspc: avoid uci commit in uci-defaults	2025-03-05 10:24:13 +05:30
Vivek Kumar Dutta	892e0f3599	obuspa: avoid uci commit in uci-defaults	2025-03-05 10:22:23 +05:30
Vivek Kumar Dutta	d9a742b734	mcastmngr: avoid uci commit in uci-defaults	2025-03-05 10:20:06 +05:30
Vivek Kumar Dutta	9e1a8de1bd	logmngr: avoid uci commit in uci-defaults	2025-03-05 10:18:22 +05:30
Vivek Kumar Dutta	73c8e7eb75	gateway-info: avoid uci commit in uci-defaults	2025-03-05 10:13:15 +05:30
Vivek Kumar Dutta	41ba4fcedc	dhcpmngr: avoid uci commit in uci-defaults	2025-03-05 10:10:41 +05:30
Erik Karlsson	b673daf265	swmodd: avoid uci-defaults script failure Keep uci-defaults script from failing if there are no containers.	2025-03-04 16:09:40 +01:00
Vivek Kumar Dutta	06b9f7eb00	parental-control: 1.1.4	2025-03-04 19:10:00 +05:30
Vivek Kumar Dutta	092026794e	netmngr: 1.1.5	2025-03-04 19:07:44 +05:30
Vivek Kumar Dutta	0bc9dd365f	bridgemngr: 1.0.12	2025-03-04 19:05:57 +05:30
Vivek Kumar Dutta	f4eb3ec090	icwmp: 9.8.34	2025-03-04 19:04:57 +05:30
Vivek Kumar Dutta	7596b3b4f4	bbfdm: Fix Max instance log and uci list buffer size	2025-03-04 19:01:01 +05:30
Erik Karlsson	d546e1699f	sshmngr: enable SFTP by default Note that the openssh-sftp-server package works together with both OpenSSH and dropbear	2025-03-04 12:39:23 +00:00
Amin Ben Romdhane	fe4a859af6	bbfdm: 1.15.5	2025-03-04 10:36:37 +01:00
Anjan Chanda	7ecce240d0	map-controller: 6.3.0.0	2025-03-03 17:51:48 +01:00
Jakob Olsson	a8dd08cf33	map-agent: 6.3.3.2	2025-03-03 15:01:05 +01:00
George Yang	9a38439d11	libvoice-airoha: 1.1.2	2025-03-03 14:35:27 +01:00
Jakob Olsson	06c977c39d	remove package map-topology	2025-03-03 09:58:29 +01:00
Janusz Dziedzic	1e352925ef	wifimngr: 17.5.7	2025-02-28 15:43:24 +00:00
Janusz Dziedzic	9b6a9158af	Revert "libwifi: 7.10.1" This reverts commit `fd49d9a203`.	2025-02-28 15:41:50 +00:00
Janusz Dziedzic	fd49d9a203	libwifi: 7.10.1	2025-02-28 15:13:01 +00:00
Janusz Dziedzic	093d1b95da	libwifi: 7.10.0	2025-02-28 13:51:56 +00:00
Janusz Dziedzic	52ef85a910	libwifi: 8.0.0	2025-02-28 13:31:46 +00:00
Elena Vengerova	ca8f2f91ab	libwifi: 7.9.9	2025-02-28 15:49:36 +04:00
Janusz Dziedzic	3553cca81c	wifimngr: 17.5.6	2025-02-28 11:44:53 +00:00
Janusz Dziedzic	bdeea206e3	libwifi: 7.9.8	2025-02-28 11:43:21 +00:00
Marina Maslova	34cb916d59	libwifi: 7.9.7	2025-02-28 15:10:37 +04:00
Marina Maslova	5f253a5d5c	libwifi: fix en7523 names updated on migration to 7.4	2025-02-28 10:52:37 +00:00
Balalakshmi Arunachalam Rajendran	948f727a0b	map-agent: map-topology-discovery: fix the redirection of buildcmdu Not redirecting caused stdout issues over the serial console.	2025-02-28 09:52:29 +00:00
Vivek Kumar Dutta	7b4be698fc	obuspa: Fix overriding of permissions on reboot	2025-02-28 15:14:03 +05:30
Vivek Kumar Dutta	3f079d7543	sulu: Added Firewall in admin ACL	2025-02-28 15:13:15 +05:30
Balalakshmi Arunachalam Rajendran	52d5bf6db6	map-agent: map-topology-discovery: remove redirection of buildcmdu result	2025-02-27 12:45:12 +00:00
Suvendhu Hansa	d80d41a6f6	timemngr: use NTP servers from dhcp option 42	2025-02-27 17:03:21 +05:30
George Yang	4b8d721af8	libvoice-airoha: Fix compiling error for airoha32 because of codec difference	2025-02-27 11:22:01 +01:00
Jakob Olsson	a2b051c773	map-controller: 6.2.3.1	2025-02-27 10:46:41 +01:00
Vivek Kumar Dutta	2aa49112f3	obuspa: Fix full_access assignment	2025-02-27 13:59:04 +05:30
Vivek Kumar Dutta	60b21cb3ce	Revert "libvoice-airoha: Update codec list from 2024Q4_Airoha_LTS_SDK" This reverts commit `55e9299da5`.	2025-02-27 12:26:57 +05:30
George Yang	55e9299da5	libvoice-airoha: Update codec list from 2024Q4_Airoha_LTS_SDK	2025-02-26 17:54:36 +01:00
Amin Ben Romdhane	6df78961ab	bbfdm: 1.15.4	2025-02-26 17:00:48 +01:00
Janusz Dziedzic	6a65a15b0d	wifimngr: 17.5.5	2025-02-26 12:24:51 +00:00
Janusz Dziedzic	2a1f9a00d4	libwifi: 7.9.6	2025-02-26 12:24:51 +00:00
Vivek Kumar Dutta	211de47076	sulu: Align role json files	2025-02-26 12:02:07 +00:00
Vivek Kumar Dutta	af3cf465bc	usermngr: Added full_access and Untrusted role	2025-02-26 12:02:07 +00:00
Vivek Kumar Dutta	c1a8c1aa86	obuspa: Updated max CT role - Updated role json to include role name and instance number - Removed full_access.json - Reuse full_access Role from core code	2025-02-26 12:02:07 +00:00
George Yang	08fb82fae4	libvoice-airoha: Fix error caller name in CLIP, REF #16094	2025-02-26 11:11:51 +01:00
Suvendhu Hansa	0c4485ea15	bbfdm: moved GatewayInfo DM to gateway-info	2025-02-26 09:32:03 +05:30
Suvendhu Hansa	064b655fa9	icwmp: move GatewayInfo config to gateway-info package	2025-02-26 09:27:49 +05:30
Suvendhu Hansa	d71d4914d5	gateway-info: 1.0.0 - Updated netmode config to mark wan interface in gwinfo	2025-02-26 09:20:08 +05:30
Jakob Olsson	2a7f21a8f8	map-agent: 6.3.3.1	2025-02-25 17:00:13 +01:00
Erik Karlsson	d720da1852	firewallmngr: add missing "iptables -w"	2025-02-25 14:31:11 +01:00
Erik Karlsson	e9f40eba08	bbfdm: fix shell injection in /etc/firewall.portmap Rework the script to use iptables-restore instead of eval (cherry picked from commit cf8350b6b365429aa68f0f957f79eb31bb43e2db) (cherry picked from commit `df87055d04`)	2025-02-25 14:13:01 +01:00
Erik Karlsson	3d68c3b9f7	bbfdm: fix shell injection in /etc/firewall.service Avoid use of eval (cherry picked from commit 53167364863ef4afc249045fe5dcb510e3ec164d) (cherry picked from commit `32848d7f69`)	2025-02-25 14:12:52 +01:00
Markus Gothe	f5ad0195bc	Update iptables rules to use proper locking.	2025-02-25 13:57:50 +01:00
Jakob Olsson	85818a7778	map-agent: 6.3.3.0	2025-02-25 13:14:56 +01:00
Dariusz Iwanoczko	b6e5749b7f	fwbank: add copy_config method to fwbank API Implemented copy_config handler to create and copy a system upgrade backup	2025-02-25 08:53:03 +00:00
Janusz Dziedzic	2a1323bfd0	libwifi: 7.9.5	2025-02-24 16:10:55 +00:00
Vivek Kumar Dutta	0c56d3ab39	bbfdm: minor output fixes	2025-02-24 19:57:34 +05:30
Vivek Kumar Dutta	c59c53aa47	usp-js: Updated allow_partial default to true	2025-02-24 18:43:34 +05:30
Vivek Kumar Dutta	90c3949696	bbfdm: Add multi-ap services in usp critical list	2025-02-24 12:19:41 +05:30
Markus Gothe	14ca35a64b	Revert "qosmngr: fix ebtables-extensions dependencies" This reverts commit `c55ab35b14`.	2025-02-24 03:18:38 +00:00
Vivek Kumar Dutta	cf148f6c06	ebtables-extensions: 2.0.5	2025-02-24 08:29:28 +05:30
Erik Karlsson	c3e0426c36	gryphon-led-module: remove obsolete commented out test code	2025-02-21 17:04:22 +01:00
Erik Karlsson	c7f3e52f92	gryphon-led-module: clean up package Makefile Use a more modern approach for building kernel modules out-of-tree. Remove a lot of unused stuff.	2025-02-21 17:04:22 +01:00
Erik Karlsson	1605577538	gryphon-led-module: fix error handling The dev_get_drvdata/platform_get_drvdata functions do not return an error pointer. Use devm_gpiod_get_index to manage GPIO resources. Do not support obsolete Linux versions. Check the return value of gpiod_direction_output	2025-02-21 17:04:22 +01:00
Reidar Cederqvist	69ba712cb3	Sulu: update to latest devel	2025-02-21 14:51:31 +00:00
Amin Ben Romdhane	634d40fa01	logmngr: 1.0.9	2025-02-21 15:45:37 +01:00
Amin Ben Romdhane	088ed56c50	icwmp: 9.8.32	2025-02-21 15:44:08 +01:00
Amin Ben Romdhane	d49c758d04	ieee1905: 8.7.3	2025-02-21 15:43:14 +01:00
Amin Ben Romdhane	187492a827	packet-capture-diagnostics: 1.0.3	2025-02-21 15:39:24 +01:00
Amin Ben Romdhane	0a375e6ac4	self-diagnostics: 1.0.13	2025-02-21 15:38:43 +01:00
Amin Ben Romdhane	226c5b4685	obuspa: 9.0.4.8	2025-02-21 15:37:40 +01:00
Amin Ben Romdhane	e72352d7e1	netmngr: 1.1.4	2025-02-21 15:36:08 +01:00
Amin Ben Romdhane	322d80f151	sysmngr: 1.0.17	2025-02-21 15:34:25 +01:00
Amin Ben Romdhane	8e4d3920d9	wifidmd: 1.0.32	2025-02-21 15:32:47 +01:00
Amin Ben Romdhane	241afdc4fd	hostmngr: 1.2.15	2025-02-21 15:31:05 +01:00
Amin Ben Romdhane	4ee68f7a84	bbfdm: introduce data model core micro-service and update bbfdmd to use async call to optimize RPCs handling	2025-02-21 15:29:45 +01:00
Janusz Dziedzic	11b13af489	libwifi: 7.9.4	2025-02-21 10:15:00 +00:00
Vivek Kumar Dutta	5abf23d711	Revert "icwmp: fix gateway info race condition" This reverts commit `c118da628d`.	2025-02-21 15:08:22 +05:30
Mohd Mehdi	38c7075422	qosmngr: remove unused variable and fix error logs in uci-default	2025-02-21 06:28:14 +00:00
Suvendhu Hansa	dead11036c	wifidmd: Remove iwinfo dependency	2025-02-21 10:44:27 +05:30
Markus Gothe	e708d6caec	ipt-trigger: Resolve dependecies for Mediatek platform.	2025-02-20 15:14:32 +01:00
Markus Gothe	3a7c4119ff	ipt-trigger: Clean up dependencies.	2025-02-20 13:59:21 +01:00
Markus Gothe	b1fc7a09be	Update ipt-trigger dependencies.	2025-02-20 11:35:19 +00:00
Janusz Dziedzic	7c0a37c8a8	libwifi: 7.9.3	2025-02-20 09:31:53 +00:00
Mohd Mehdi	bfdd241330	parental-control: add support for Status and Enable	2025-02-20 05:43:09 +00:00
Markus Gothe	cdc8972031	ebtables-extensions: Fix usage of KERNEL_MAKE_FLAGS KERNEL_MAKE_FLAGS passes arguments to 'make' and not to the compiler which is probably what was intended.	2025-02-19 16:25:39 +01:00
Markus Gothe	f668c5cc33	ipt-trigger: Fix usage of KERNEL_MAKE_FLAGS KERNEL_MAKE_FLAGS passes arguments to 'make' and not to the compiler which is probably what was intended. This solves a compilation issue on the Broadcom platform.	2025-02-19 16:07:59 +01:00
Erik Karlsson	ed0373f188	libvoice-airoha: 1.1.1	2025-02-19 15:32:51 +01:00
Janusz Dziedzic	74f37ee761	wifimngr: 17.5.4	2025-02-19 13:52:47 +00:00
Janusz Dziedzic	3970668d0e	libwifi: 7.9.2	2025-02-19 13:51:05 +00:00
Jakob Olsson	fe833164de	map-agent: 6.3.2.4	2025-02-19 13:08:46 +01:00
Erik Karlsson	eca57960a0	libvoice-airoha: set the default transmit and receive gain in the UCI config	2025-02-19 11:01:25 +00:00
Mohd Husaam Mehdi	41c8325aae	parental-control: Support BlockHistory	2025-02-19 08:21:58 +00:00
Suvendhu Hansa	c118da628d	icwmp: fix gateway info race condition	2025-02-19 06:47:15 +00:00
Suvendhu Hansa	0714c79917	obuspa: Add csv report support in Bulkdata mqtt	2025-02-18 14:01:16 +00:00
Vivek Kumar Dutta	d01f484999	swmodd: 2.5.21	2025-02-17 18:52:13 +05:30
Jakob Olsson	d161ccf816	map-controller: 6.2.3.0	2025-02-17 11:01:21 +01:00
Jakob Olsson	e18da4e996	map-controller: add config option to provision disabled APs	2025-02-17 09:59:25 +00:00
Jakob Olsson	4aca931a23	map-agent: 6.3.2.3	2025-02-14 17:29:54 +01:00
Elena Vengerova	81b0f6e7fe	libwifi: 7.9.1	2025-02-14 15:36:50 +04:00
Vivek Kumar Dutta	93873874bb	sulu: Fix mqtt acl generation	2025-02-14 12:44:18 +05:30
Vivek Kumar Dutta	88ca4b3011	icwmp: config options to skip datatype check and insecure connect	2025-02-14 12:39:48 +05:30
Amin Ben Romdhane	a3bd6392a1	bbfdm: 1.14.5	2025-02-13 14:47:43 +01:00
Janusz Dziedzic	ed01591374	map-agent: 6.3.2.2	2025-02-13 13:08:17 +00:00
arbala	c48d4923d6	map-controller: 6.2.2.3	2025-02-12 16:45:58 +01:00
Erik Karlsson	3dbc47b54f	gryphon-led-module: turn LED off on system shutdown and module unload	2025-02-12 13:55:21 +01:00
Anjan Chanda	d6ef40fd0f	decollector: 6.2.0.1	2025-02-12 12:20:24 +01:00
arbala	b94dbcdbdf	map-agent: 6.3.2.1	2025-02-11 17:00:01 +01:00
Vivek Kumar Dutta	d0be4f8056	mcastmngr: Fix instance add/del operations	2025-02-11 19:30:46 +05:30
Suvendhu Hansa	5e392d0832	wifidmd: Fix SSID instance deletion	2025-02-11 13:56:02 +00:00
Vivek Kumar Dutta	acc92dfb1f	obuspa: Config option to override CT roles with fw default roles	2025-02-11 19:24:02 +05:30
Erik Karlsson	5e13161b70	Fix out-of-tree Broadcom kernel module build The inclusion of bcm-kernel-toolchain.mk cannot be conditional since CONFIG_TARGET_brcmbca is not defined when package metadata is being generated. Instead make it optional in case broadcom feed is absent.	2025-02-11 10:26:44 +01:00
Amin Ben Romdhane	20034609e0	wifidmd: 1.0.29	2025-02-10 20:16:33 +01:00
Anjan Chanda	58ddcd7499	decollector: 6.2.0.0	2025-02-10 17:18:13 +01:00
Suvendhu Hansa	81755b83ad	dnsmngr: optimize dns-sd advertise object	2025-02-10 12:24:20 +00:00
Vivek Kumar Dutta	b96e7077fc	icwmp: 9.8.30	2025-02-10 17:33:51 +05:30
Jakob Olsson	1b0a792b56	map-controller: 6.2.2.2	2025-02-10 12:29:58 +01:00
Vivek Kumar Dutta	4e093e59f3	obuspa: Fix random delay in get calls	2025-02-09 11:42:45 +05:30
Vivek Kumar Dutta	9400526e47	wifidmd: Use dump2 output for Network.SSID. table	2025-02-08 16:17:29 +05:30
Mohd Mehdi	a2733b66b7	parental-control: 1.1.0	2025-02-08 06:15:20 +00:00
Markus Gothe	40251b2371	ponmngr: Refactorize PtP-mode detection.	2025-02-07 16:39:00 +01:00
Markus Gothe	980779a583	Don't start ponmngr microservice in PtP-mode.	2025-02-07 15:55:58 +01:00
Jakob Olsson	ad31d21380	map-agent: 6.3.2.0	2025-02-07 12:18:24 +01:00
Anjan Chanda	525b56ebc5	ieee1905: 8.7.2	2025-02-07 09:59:20 +01:00