ieee1905: 8.3.4.15

the library script that converts uci to mcproxy config is generating
incorrect config for filtering ip addresses which leads to mcproxy
not even starting when multiple filters are defined.

this commit fixes the above described issue.

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.4.23.22
+PKG_VERSION:=1.4.23.29
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=73d49e600e2cdf2aadcc23133b922916c6cd8c69
+PKG_SOURCE_VERSION:=2f1dac5686f54219fc7706c677905816b650dd1c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -348,6 +348,7 @@ define Package/bbfdmd/install
 	$(INSTALL_DATA) ./files/etc/bbfdm/input.json $(1)/etc/bbfdm/
 	$(INSTALL_BIN) ./files/etc/init.d/bbfdmd $(1)/etc/init.d/bbfdmd
 	$(INSTALL_CONF) ./files/etc/config/bbfdm $(1)/etc/config/bbfdm
+	$(INSTALL_CONF) ./files/etc/config/schedules $(1)/etc/config/schedules
 	$(INSTALL_BIN) ./files/etc/bbfdm/bbfdm_services.sh $(1)/etc/bbfdm/
 	$(INSTALL_BIN) ./files/etc/hotplug.d/iface/85-bbfdm-sysctl $(1)/etc/hotplug.d/iface/85-bbfdm-sysctl
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_lease_start_time.user $(1)/etc/udhcpc.user.d/udhcpc_lease_start_time.user

bbfdm/files/etc/config/schedules

@@ -0,0 +1,2 @@
+config global 'global'
+	option enable '1'

bbfdm/files/etc/init.d/bbfdmd

@@ -40,7 +40,12 @@ configure_bbfdmd()
 	[ "${enabled}" -eq 0 ] && return 0
 
 	if [ -f "${BBFDM_JSON_INPUT}" ]; then
-		echo "$(jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' ${BBFDM_JSON_INPUT})" > ${BBFDM_TEMP_JSON}
+		cat ${BBFDM_JSON_INPUT} |jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' > ${BBFDM_TEMP_JSON}
+		val="$(jq -r '.daemon.input // empty' ${BBFDM_TEMP_JSON})"
+		if [ -z "${val}" ]; then
+			log "Failed to generate temp input json, uci changes not applied"
+			cp ${BBFDM_JSON_INPUT} ${BBFDM_TEMP_JSON}
+		fi
 	fi
 
 	procd_set_param command ${PROG}

decollector/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=4.2.1.1.5
+PKG_VERSION:=4.2.1.1.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b34c94d516ee18e33fc910b8a656649541b7e8e8
+PKG_SOURCE_VERSION:=9fae736fa6c4ee39e7775964c7f84b105196c034
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

ethmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=2.1.3
+PKG_VERSION:=2.1.3.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5b40a8167d3e0e5c8fc9229abccd5c6acecbe814
+PKG_SOURCE_VERSION:=847a94cee530d60bfd10ceaee4185d64fb6397d0
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.1.7
+PKG_VERSION:=1.1.9
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=79a6649995752da3501808debeed9e3ddfdf4d59
+PKG_SOURCE_VERSION:=3aabf79273537b146e063e32cd0443d8a156daa2
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.5.29.12
+PKG_VERSION:=9.5.29.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=9c85416648a1da63c1085a5c2dc635ed13776ef2
+PKG_SOURCE_VERSION:=816033a14672e8e9c3566ce06fa19fb422eeb546
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.3.4.10
+PKG_VERSION:=8.3.4.15
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=4231e9496e63fb6d0ab74870c06f9345b001c5bf
+PKG_SOURCE_VERSION:=bdf808d9b2c74e2613f1e2842cb01e62e2d1a3e1
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

iop/config

@@ -150,6 +150,7 @@ CONFIG_PACKAGE_ssdpd=y
 CONFIG_PACKAGE_miniupnpd-iptables=y
 CONFIG_PACKAGE_mosquitto-client-ssl=y
 CONFIG_PACKAGE_mosquitto-ssl=y
+# CONFIG_MOSQUITTO_BRIDGE_SUPPORT is not set
 CONFIG_PACKAGE_nginx=y
 CONFIG_PACKAGE_openvpn-easy-rsa=y
 CONFIG_PACKAGE_openvpn-openssl=y

libethernet/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libethernet
-PKG_VERSION:=7.2.109
+PKG_VERSION:=7.2.112.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=cc72f5ab0171cd0fc29bb48dafff6751ab2f0d9c
+PKG_SOURCE_VERSION:=938752e3bd4c524aa518fc247d186ebdf282e1c0
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libethernet.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.0.13
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=a9ea70b6c0adb246685f7632e38853e0d803a7c3
+PKG_SOURCE_VERSION:=c22f9b2e5348c3e4c99840314f68f35b379a3549
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.4.16.13
+PKG_VERSION:=7.4.16.18
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=38b946b847a6d8e12dbc12a2b1a8f16b9c59ae33
+PKG_SOURCE_VERSION:=b8adef24b294279bf07c0f9d00813b51fae7107f
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -76,6 +76,10 @@ ifeq ($(CONFIG_LIBWIFI_USE_CTRL_IFACE),y)
   TARGET_CFLAGS +=-DLIBWIFI_USE_CTRL_IFACE
 endif
 
+ifeq ($(CONFIG_LIBWIFI_SKIP_PROBES),y)
+  TARGET_CFLAGS +=-DLIBWIFI_BRCM_SKIP_PROBES
+endif
+
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
 	-I$(STAGING_DIR)/usr/include/openssl \
@@ -144,6 +148,11 @@ define Package/libwifi/config
 	config LIBWIFI_USE_CTRL_IFACE
 		bool "Create UNIX sockets to interface with hostapd/wpa_supplicant"
 		default n
+
+	config LIBWIFI_SKIP_PROBES
+		bool "Don't create probe-req events"
+		default y
+
   endif
 endef
 

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=4.5.0.23
+PKG_VERSION:=4.5.0.34
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=eb1138dfc1a87193a03c8e71590e4be0a466dfad
+PKG_SOURCE_VERSION:=8a73986f67c717961dc62cf11c8b0458ab04cc05
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-controller/Config.in

@@ -29,6 +29,10 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
+config CONTROLLER_PROPAGATE_PROBE_REQ
+	depends on CONTROLLER_EASYMESH_VENDOR_EXT
+	bool "Enable publishing probe requests vendor specific messages as UBUS events"
+	default y
 
 endmenu
 endif

map-controller/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=4.5.0.8
+PKG_VERSION:=4.5.0.23
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=c719a86bb2485b8de79a639cc42a8f1d6303253c
+PKG_SOURCE_VERSION:=ea159dee9536889171fe6f2463c2259ac48c4a97
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 LOCAL_DEV=0
@@ -63,6 +63,10 @@ TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=$(CONFIG_CONTROLLER_EASYMESH_VENDOR_E
 TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
 endif
 
+ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)
+TARGET_CFLAGS += -DPROPAGATE_PROBE_REQ
+endif
+
 define Package/map-controller/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/

map-controller/files/etc/config/mapcontroller

@@ -59,7 +59,7 @@ config ap
 
 config ap
 	option band '2'
-	option ssid 'MAP-$BASEMAC_ADDR-BH-2.4GHz'
+	option ssid 'MAP-$BASEMAC_ADDR-BH'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'
@@ -67,7 +67,7 @@ config ap
 
 config ap
 	option band '5'
-	option ssid 'MAP-$BASEMAC_ADDR-BH-5GHz'
+	option ssid 'MAP-$BASEMAC_ADDR-BH'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'
@@ -75,7 +75,7 @@ config ap
 
 config ap
 	option band '6'
-	option ssid 'MAP-$BASEMAC_ADDR-BH-6GHz'
+	option ssid 'MAP-$BASEMAC_ADDR-BH'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'

mcastmngr/files/broadcom/lib/mcast/broadcom.sh

@@ -39,7 +39,6 @@ config_snooping_upstream_interface() {
 	local snooping_upstream_intf=""
 
 	json_load "$(devstatus $1)"
-	logger -t "mcastconf" "$(devstatus $1)"
 	itr=1
 	json_select bridge-members
 

mcastmngr/files/linux/lib/mcast/linux.sh

@@ -85,9 +85,8 @@ config_mcproxy_interfaces() {
 
 	echo -e "pinstance main:$str_up ==>$str_down;\n" >> $CONFFILE
 
+	local filter=""
 	for excp in $exceptions; do
-		local filter=""
-
 		case $excp in
 		*/*)
 			ip_start="$(ipcalc.sh $excp | grep IP | awk '{print substr($0,4)}')"
@@ -98,16 +97,16 @@ config_mcproxy_interfaces() {
 			filter="$filter ($excp | *)"
 			;;
 		esac
+	done
 
-		for upstream in $str_up; do
-			echo "pinstance main upstream $upstream in blacklist table{$filter };" >> $CONFFILE
-			echo "pinstance main upstream $upstream out blacklist table{$filter };" >> $CONFFILE
-		done
+	for upstream in $str_up; do
+		echo "pinstance main upstream $upstream in blacklist table{$filter };" >> $CONFFILE
+		echo "pinstance main upstream $upstream out blacklist table{$filter };" >> $CONFFILE
+	done
 
-		for downstream in $str_down; do
-			echo "pinstance main downstream $downstream in blacklist table{$filter };" >> $CONFFILE
-			echo "pinstance main downstream $downstream out blacklist table{$filter };" >> $CONFFILE
-		done
+	for downstream in $str_down; do
+		echo "pinstance main downstream $downstream in blacklist table{$filter };" >> $CONFFILE
+		echo "pinstance main downstream $downstream out blacklist table{$filter };" >> $CONFFILE
 	done
 }
 

obuspa/Config.in

@@ -22,6 +22,11 @@ config OBUSPA_CONTROLLER_MTP_VERIFY
 config OBUSPA_ENABLE_TEST_CONTROLLER
 	bool "Adds a test controller by default"
 	default n
+	select OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
+
+config OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
+	bool "Adds a test controller by default (local access only)"
+	default n
 
 config OBUSPA_MAX_CONTROLLERS_NUM
 	int "The maximum number of controllers to be supported"

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=7.0.5.6.6
+PKG_VERSION:=7.0.5.6.12
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=0bb1ddd46e4a2abf93dadfc34e6bc44bf6a3f063
+PKG_SOURCE_VERSION:=131e04ec5c6ddd8c2fb47f95fe7da2b9836ed925
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,7 +32,9 @@ define Package/obuspa
   SUBMENU:=TRx69
   TITLE:=USP agent
   MENU:=1
-  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates
+  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
+		+OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-ssl +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-client-ssl \
+		+OBUSPA_ENABLE_TEST_CONTROLLER:mosquitto-auth-shadow
 endef
 
 define Package/obuspa/description
@@ -109,6 +111,9 @@ define Package/obuspa/install
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
 	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/USPAgent.json)
 ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER),y)
+	$(INSTALL_BIN) ./files/etc/uci-defaults/54-test-usp-remote $(1)/etc/uci-defaults/
+endif
+ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL),y)
 	$(INSTALL_BIN) ./files/etc/init.d/usptest $(1)/etc/init.d/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/55-test-usp-controller $(1)/etc/uci-defaults/
 endif

obuspa/files/etc/config/obuspa

@@ -6,7 +6,7 @@ config obuspa 'global'
 	option prototrace '0'
 	option db_file '/etc/obuspa/usp.db'
 	option role_file '/etc/obuspa/roles.json'
-	#option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'
+	option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'
 	#option trust_cert '/etc/ssl/cert.pem'
 	#option client_cert '/etc/obuspa/client.pem'
 	#option log_dest '/tmp/obuspa.log'

obuspa/files/etc/init.d/obuspa

@@ -987,7 +987,7 @@ db_init()
 	fi
 
 	# Remove ControllerTrust.Role., if present in db for backward compatibility
-	delete_sql_db_entry_with_pattern "Device.LocalAgent.ControllerTrust.Role."
+	delete_sql_db_entry_with_pattern "^Device.LocalAgent.ControllerTrust.Role."
 
 	# Remove reset file if present
 	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old

obuspa/files/etc/obuspa/dmcaching_exclude.json

@@ -1,7 +1,6 @@
 {
   "dmcaching_exclude": [
     "Device.Hosts.Host.",
-    "Device.IEEE1905.",
-    "Device.WiFi.DataElements."
+    "Device.Services.VoiceService."
   ]
 }

obuspa/files/etc/obuspa/roles.json

@@ -260,6 +260,40 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
+        {
+          "object":"Device.Schedules.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
         {
           "object":"Device.NAT.",
           "perm": [
@@ -584,6 +618,40 @@
             "PERMIT_NONE"
           ]
         },
+        {
+          "object":"Device.Schedules.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
         {
           "object": "Device.DeviceInfo.",
           "perm": [
@@ -598,9 +666,11 @@
           "object":"Device.Hosts.",
           "perm": [
             "PERMIT_GET",
+            "PERMIT_SET",
             "PERMIT_GET_INST",
             "PERMIT_OBJ_INFO",
             "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_VAL_CHANGE",
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },

obuspa/files/etc/uci-defaults/54-test-usp-remote

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_usp_test()
+{
+	uci_add mosquitto listener usptest
+	uci_set mosquitto usptest enabled 1
+	uci_set mosquitto usptest port '9001'
+	uci_set mosquitto usptest protocol 'websockets'
+	uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+}
+
+# Install test MQTT over WS listener
+add_usp_test

obuspa/files/etc/uci-defaults/55-test-usp-controller

@@ -40,16 +40,6 @@ add_obuspa_test_controller()
 	uci_set obuspa testcontroller assigned_role_name 'full_access'
 }
 
-add_usp_test()
-{
-	uci_add mosquitto listener usptest
-	uci_set mosquitto usptest enabled 1
-	uci_set mosquitto usptest port '9001'
-	uci_set mosquitto usptest protocol 'websockets'
-	uci_set mosquitto usptest require_certificates '0'
-	uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-}
-
 add_obuspa_config()
 {
 	uci_add mosquitto listener obuspa
@@ -60,11 +50,8 @@ add_obuspa_config()
 }
 
 # Install test usp controller config
-uci_load mosquitto
-add_usp_test
 add_obuspa_config
 
-uci_load obuspa
 add_obuspa_test_mtp
 add_obuspa_test_mqtt
 add_obuspa_test_controller

obuspa/patches/0013-mqtt-retry-param-change.patch

@@ -0,0 +1,76 @@
+diff --git a/src/core/device_mqtt.c b/src/core/device_mqtt.c
+index 7b3c3df7eb..7beb78ef86 100755
+--- a/src/core/device_mqtt.c
++++ b/src/core/device_mqtt.c
+@@ -1602,14 +1602,23 @@ int Validate_MQTTConnectRetryTime(dm_req_t *req, char *value)
+ int NotifyChange_MQTTConnectRetryTime(dm_req_t *req, char *value)
+ {
+     mqtt_conn_params_t *mp;
++    bool schedule_reconnect = false;
+ 
+     // Determine mqtt client to be updated
+     mp = FindMqttParamsByInstance(inst1);
+     USP_ASSERT(mp != NULL);
+ 
+     // Set the new value.
++    if ((mp->retry.connect_retrytime != val_uint) && (mp->enable)) {
++        schedule_reconnect = true;
++    }
++
+     mp->retry.connect_retrytime = val_uint;
+ 
++    if (schedule_reconnect) {
++        ScheduleMqttReconnect(mp);
++    }
++
+     return USP_ERR_OK;
+ }
+ 
+@@ -1645,14 +1654,23 @@ int Validate_MQTTConnectRetryIntervalMultiplier(dm_req_t *req, char *value)
+ int NotifyChange_MQTTConnectRetryIntervalMultiplier(dm_req_t *req, char *value)
+ {
+     mqtt_conn_params_t *mp;
++    bool schedule_reconnect = false;
+ 
+     // Determine mqtt client to be updated
+     mp = FindMqttParamsByInstance(inst1);
+     USP_ASSERT(mp != NULL);
+ 
++    if ((mp->retry.interval_multiplier != val_int) && (mp->enable)) {
++        schedule_reconnect = true;
++    }
++
+     // Set the new value.
+     mp->retry.interval_multiplier = val_int;
+ 
++    if (schedule_reconnect) {
++        ScheduleMqttReconnect(mp);
++    }
++
+     return USP_ERR_OK;
+ }
+ 
+@@ -1688,14 +1706,23 @@ int Validate_MQTTConnectRetryMaxInterval(dm_req_t *req, char *value)
+ int NotifyChange_MQTTConnectRetryMaxInterval(dm_req_t *req, char *value)
+ {
+     mqtt_conn_params_t *mp;
++    bool schedule_reconnect = false;
+ 
+     // Determine mqtt client to be updated
+     mp = FindMqttParamsByInstance(inst1);
+     USP_ASSERT(mp != NULL);
+ 
++    if ((mp->retry.max_interval != val_uint) && (mp->enable)) {
++        schedule_reconnect = true;
++    }
++
+     // Set the new value.
+     mp->retry.max_interval = val_uint;
+ 
++    if (schedule_reconnect) {
++        ScheduleMqttReconnect(mp);
++    }
++
+     return USP_ERR_OK;
+ }
+ 

obuspa/patches/0014-mqtt-reconnect.patch

@@ -0,0 +1,90 @@
+diff --git a/src/core/device_controller.c b/src/core/device_controller.c
+index a6335f5..57b8486 100644
+--- a/src/core/device_controller.c
++++ b/src/core/device_controller.c
+@@ -2340,6 +2340,26 @@ int Notify_ControllerEnable(dm_req_t *req, char *value)
+         }
+     }
+ }
++#endif
++
++#ifdef ENABLE_MQTT
++{
++    // Reconnect MQTT client since it may need to update MQTT reference and Topic
++    if (cont->enable)
++    {
++        int i;
++        for (i=0; i<MAX_CONTROLLER_MTPS; i++)
++        {
++            controller_mtp_t *mtp;
++
++            mtp = &cont->mtps[i];
++            if ((mtp->protocol == kMtpProtocol_MQTT) && (mtp->mqtt_connection_instance != INVALID) && (mtp->enable))
++            {
++                DEVICE_MQTT_ScheduleReconnect(mtp->mqtt_connection_instance);
++            }
++        }
++    }
++}
+ #endif
+ 
+     return USP_ERR_OK;
+@@ -2468,6 +2488,17 @@ int Notify_ControllerMtpEnable(dm_req_t *req, char *value)
+         }
+     }
+ }
++#endif
++
++#ifdef ENABLE_MQTT
++{
++    // Reconnect MQTT client since it may need to update MQTT reference and Topic
++    if ((mtp->protocol == kMtpProtocol_MQTT) && (mtp->enable) && (cont->enable) &&
++        (mtp->mqtt_connection_instance != INVALID))
++    {
++        DEVICE_MQTT_ScheduleReconnect(mtp->mqtt_connection_instance);
++    }
++}
+ #endif
+ 
+     // NOTE: We do not have to do anything for STOMP, as these parameters are only searched when we send
+@@ -2559,6 +2590,16 @@ int Notify_ControllerMtpProtocol(dm_req_t *req, char *value)
+         WSCLIENT_StartClient(cont->instance, mtp->instance, cont->endpoint_id, &mtp->websock);
+     }
+ }
++#endif
++
++#ifdef ENABLE_MQTT
++{
++    // Reconnect MQTT client since it may need to update MQTT reference and Topic
++    if ((mtp->protocol == kMtpProtocol_MQTT) && (mtp->mqtt_connection_instance != INVALID))
++    {
++        DEVICE_MQTT_ScheduleReconnect(mtp->mqtt_connection_instance);
++    }
++}
+ #endif
+ 
+     // NOTE: We don't need to do anything explicitly for STOMP
+diff --git a/src/core/device_mtp.c b/src/core/device_mtp.c
+index e78a305..d690978 100644
+--- a/src/core/device_mtp.c
++++ b/src/core/device_mtp.c
+@@ -964,6 +964,9 @@ int NotifyChange_AgentMtpProtocol(dm_req_t *req, char *value)
+     }
+ #endif
+ 
++    // Cache the changed value
++    mtp->protocol = new_protocol;
++
+ #ifdef ENABLE_MQTT
+     // Schedule the affected MQTT connection to reconnect (because it might have lost or gained a agent queue to subscribe to)
+     if ((mtp->enable) && (mtp->mqtt_connection_instance != INVALID))
+@@ -972,9 +975,6 @@ int NotifyChange_AgentMtpProtocol(dm_req_t *req, char *value)
+     }
+ #endif
+ 
+-    // Cache the changed value
+-    mtp->protocol = new_protocol;
+-
+ #ifndef DISABLE_STOMP
+     // Schedule the affected STOMP connection to reconnect (because it might have lost or gained a agent queue to subscribe to)
+     if ((mtp->enable) && (mtp->stomp_connection_instance != INVALID))

swmodd/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=swmodd
-PKG_VERSION:=2.5.3.1
+PKG_VERSION:=2.5.3.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)

swmodd/files/etc/config/swmodd

@@ -3,3 +3,7 @@ config globals 'globals'
         option debug '1'
         option log_level '3'
         option lan_bridge 'br-lan'
+        option root '/container'
+
+config execenv 'execenv_1'
+        option name 'oci'

swmodd/files/etc/init.d/crun

@@ -241,7 +241,7 @@ start_service() {
 
 	env=$(uci -q get swmodd.@execenv[0].name)
 	if [ -z "${root}" ] || [ -z "${bridge}" ]; then
-		log "Base bundle root[$root] or bridge[$bridge] not defined"
+		log "# Base bundle root[$root] or bridge[$bridge] not defined"
 		return 0;
 	fi
 

swmodd/files/etc/init.d/swmodd

@@ -91,13 +91,8 @@ start_service() {
 	[ ! -d "/run" ] && ln -fs /var/run /run
 
 	if [ ! -d "${root}" ]; then
-		log "# root [${root}] not present, creating ..."
-		if [ -n "${root}" ]; then
-			mkdir -p "${root}"
-		else
-			log "# Not starting, root [${root}] not defined"
-			return 1
-		fi
+		log "# Not starting, Base root [${root}] not accessible/defined"
+		return 1
 	fi
 
 	# Currently only one execenv supported

swmodd/files/etc/swmodd/run.sh

@@ -74,7 +74,7 @@ setup_container_network() {
 }
 
 run_container() {
-	local bundle name bridge
+	local bundle name bridge network
 
 	bundle="${1}"
 	name="${2}"
@@ -85,7 +85,13 @@ run_container() {
 		return 1
 	fi
 
-	setup_container_network "${name}" "${bridge}"
+	# Only do the network setup if defined in config
+	network="$(cat ${BUNDLE}/${NAME}/config.json |jq '.linux.namespaces[] |select (.type == "network")')"
+	if [ -n "${network}" ] ; then
+		setup_container_network "${name}" "${bridge}"
+	else
+		log "Network not defined in config, using host network..."
+	fi
 	
         script -q -c "crun run -b ${bundle}/${name} ${name}" /dev/null
 }

swmodd/files/etc/uci-defaults/01-fix-bundle-path

@@ -10,32 +10,31 @@ configure_ee_path() {
 	config_get oci_bundle globals oci_bundle_root ""
 
 	mkdir -p /etc/lxc
+	if [ -n "${lxc_bundle}" ]; then
+		# if lxc_bundle_root define in swmodd, then remove it
+		name=$(echo ${lxc_bundle##/*/})
+		root=$(echo ${lxc_bundle%/$name})
+		echo "lxc.lxcpath = ${lxc_bundle}" > /etc/lxc/lxc.conf
+		uci_set swmodd globals lxc_bundle_root ""
+	fi
+
 	if [ -n "${oci_bundle}" ]; then
 		# if oci_bundle_root define in swmodd, then remove it
 		name=$(echo ${oci_bundle##/*/})
 		root=$(echo ${oci_bundle%/$name})
 		echo "lxc.lxcpath = ${oci_bundle}" > /etc/lxc/lxc.conf
-	elif [ -n "${lxc_bundle}" ]; then
-		# if lxc_bundle_root define in swmodd, then remove it
-		name=$(echo ${lxc_bundle##/*/})
-		root=$(echo ${lxc_bundle%/$name})
-		echo "lxc.lxcpath = ${lxc_bundle}" > /etc/lxc/lxc.conf
-	elif [ -f /etc/lxc/lxc.conf ]; then
-		bundle_path=$(cat /etc/lxc/lxc.conf | grep "lxc.lxcpath" | cut -d "=" -f 2 | sed 's/[[:blank:]]//g')
-		name=$(echo ${bundle_path##/*/})
-		root=$(echo ${bundle_path%/$name})
-	else
-		name="lxc"
-		root="/srv"
-		echo "lxc.lxcpath = /srv/lxc" > /etc/lxc/lxc.conf
+		uci_set swmodd globals oci_bundle_root ""
 	fi
 
-	uci_set swmodd globals oci_bundle_root ""
-	uci_set swmodd globals lxc_bundle_root ""
-
 	# configure root in globals section
-	if ! uci_get swmodd globals root >/dev/null; then
-		uci_set swmodd globals root ${root}
+	if [ -n "${root}" ]; then
+		if ! uci_get swmodd globals root >/dev/null; then
+			uci_set swmodd globals root ${root}
+		fi
+	fi
+
+	if [ -z "${name}" ]; then
+		name="oci"
 	fi
 
 	# configure execenv in swmodd

urlfilter/Makefile

@@ -3,16 +3,15 @@
 #
 
 include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=urlfilter
-PKG_VERSION:=1.1.14
+PKG_VERSION:=2.0.3
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/urlfilter.git
-PKG_SOURCE_VERSION:=ebf8afb44ff808d3b99c45a7c636fb12a774f357
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/urlfilter.git
+PKG_SOURCE_VERSION:=ab62788ff1419928e90173f6963b1834d06f8500
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -27,7 +26,7 @@ define Package/urlfilter
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=URL filter
-  DEPENDS:=+libuci +libnetfilter-queue +libnfnetlink +iptables-mod-nfqueue +libpthread +libubox +ubus +conntrack
+  DEPENDS:=+libuci +libnetfilter-queue +libnfnetlink +iptables-mod-nfqueue +libpthread +libubox +ubus +conntrack +libbbfdm-api +libcurl
 endef
 
 define Package/urlfilter/description
@@ -35,22 +34,36 @@ define Package/urlfilter/description
 endef
 
 TARGET_CFLAGS += \
-        -D_GNU_SOURCE
+        -D_GNU_SOURCE \
+        -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-        $(CP) -rf ./urlfilter/* $(PKG_BUILD_DIR)/
+	$(CP) -rf ./urlfilter/* $(PKG_BUILD_DIR)/
 endef
 endif
 
 define Package/urlfilter/install
+	$(INSTALL_DIR) $(1)/lib/parentalcontrol
+	$(INSTALL_DATA) ./files/lib/parentalcontrol/parentalcontrol.sh $(1)/lib/parentalcontrol/
+
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DATA) ./files/etc/firewall.parentalcontrol $(1)/etc/
+
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/urlfilter $(1)/usr/sbin
+
+	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/urlfilter $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/etc/config/urlfilter $(1)/etc/config/
-	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/plugins/urlfilter.json)
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) ./files/etc/config/parentalcontrol $(1)/etc/config/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
+
+	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/libparentalcontrol.so)
 endef
 
 $(eval $(call BuildPackage,urlfilter))

urlfilter/files/etc/bbfdm/plugins/urlfilter.json

@@ -1,473 +0,0 @@
-{
-	"json_plugin_version": 1,
-	"Device.{BBF_VENDOR_PREFIX}URLFilter.": {
-		"type": "object",
-		"version": "2.14",
-		"protocols": [
-			"cwmp",
-			"usp"
-		],
-		"description": "This object contains the information about URLs to be blocked or allowed to access from specified MAC addresses in given time duration.",
-		"access": false,
-		"array": false,
-		"Enable": {
-			"type": "boolean",
-			"version": "2.14",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Enable or disable URLFiltering on the CPE.",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"name": "globals"
-						},
-						"option": {
-							"name": "enable"
-						}
-					}
-				}
-			]
-		},
-		"GlobalBlacklist": {
-			"type": "boolean",
-			"version": "2.14",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Enable or disable access of the URLs specified in <<param|BlacklistURL>> from all connected devices.",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"name": "globals"
-						},
-						"option": {
-							"name": "global_blacklist"
-						}
-					}
-				}
-			]
-		},
-		"BlacklistURL": {
-			"type": "string",
-			"version": "2.14",
-			"read": true,
-			"write": true,
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Comma separated list of URLs to be blacklisted from all connected devices.",
-			"list": {
-				"datatype": "string"
-			},
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"name": "globals"
-						},
-						"list": {
-							"name": "blacklist_url"
-						}
-					}
-				}
-			]
-		},
-		"ProfileNumberOfEntries": {
-			"type": "unsignedInt",
-			"read": true,
-			"write": false,
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "<<numentries>>",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "profile"
-						},
-						"option": {
-							"name": "@Count"
-						}
-					}
-				}
-			]	
-		},
-		"Device.{BBF_VENDOR_PREFIX}URLFilter.Profile.{i}.": {
-			"type": "object",
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Table contain details of the blacklist/whitelist profiles.",
-			"uniqueKeys": [
-				"Name"
-			],
-			"access": true,
-			"array": true,
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "profile"
-						},
-						"dmmapfile": "dmmap_urlfilter"
-					}
-				}
-			],
-			"Alias": {
-				"type": "string",
-				"read": true,
-				"write": false,
-				"version": "2.14",
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"range": [
-					{
-						"max": 64
-					}
-				],
-				"flags": [
-					"Unique",
-					"Linker"
-				],
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"option": {
-								"name": "@Name"
-							}
-						}
-					}
-				]
-			},
-			"Name": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"version": "2.14",
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Name of the profile. This should be unique for each entry in the table.",
-				"datatype": "string",
-				"range": [
-					{
-						"max": 64
-					}
-				],
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"option": {
-								"name": "name"
-							}
-						}
-					}
-				]
-			},
-			"WhitelistURL": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of URLs which should be allowed to access.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"list": {
-								"name": "whitelist_url"
-							}
-						}
-					}
-				]
-			},
-			"BlacklistURL": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of URLs which should not be allowed to access.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "profile"
-							},
-							"list": {
-								"name": "blacklist_url"
-							}
-						}
-					}
-				]
-			}
-		},
-		"FilterNumberOfEntries": {
-			"type": "unsignedInt",
-			"read": true,
-			"write": false,
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "<<numentries>>",
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "filter"
-						},
-						"option": {
-							"name": "@Count"
-						}
-					}
-				}
-			]
-		},
-		"Device.{BBF_VENDOR_PREFIX}URLFilter.Filter.{i}.": {
-			"type": "object",
-			"version": "2.14",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"description": "Table contain MAC addresses on which <<object|Profile>> should be applied along with other information like filtering should be applied on which day, the timing information when the filtering should be done etc.",
-			"access": true,
-			"array": true,
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "urlfilter",
-						"section": {
-							"type": "filter"
-						},
-						"dmmapfile": "dmmap_urlfilter"
-					}
-				}
-			],
-			"Enable": {
-				"type": "boolean",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Enable or disable this filter instance on the CPE.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "enable"
-							}
-						}
-					}
-				]
-			},
-			"Profile": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-			"flags": [
-					"Reference"
-				],
-				"description": "Path of the <<object|Profile>> that should be applied.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "profile"
-							}
-						},
-						"linker_obj": "Device.{BBF_VENDOR_PREFIX}URLFilter.Profile.*.Alias"
-					}
-				]
-			},
-			"MACAddress": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of MAC addresses for which the filtering should be done.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"list": {
-								"name": "macaddr"
-							}
-						}
-					}
-				]
-			},
-			"Day": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Comma separated list of weekdays. Filtering should be done on the mentioned days only.",
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"list": {
-								"name": "day"
-							}
-						}
-					}
-				]
-			},
-			"StartTime": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "Time when filtering shall start.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "start_time"
-							}
-						}
-					}
-				]
-			},
-			"Duration": {
-				"type": "string",
-				"version": "2.14",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "The duration in seconds to filter the URLs from start time.",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "urlfilter",
-							"section": {
-								"type": "filter"
-							},
-							"option": {
-								"name": "duration"
-							}
-						}
-					}
-				]
-			}
-		}
-	}
-}
-

urlfilter/files/etc/firewall.parentalcontrol

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+. /lib/parentalcontrol/parentalcontrol.sh
+
+# if parentalcontrol is  enabled, add the rules, else remove them
+if [ "$(uci -q get parentalcontrol.globals.enable)" == "1" ]; then
+	# this is for urlfilter daemon
+	add_iptables_nfqueue_rules
+	# this for internet_access and profile_bedtime_schedule sections
+	add_internet_schedule_rules
+else
+	# remove urlfilter daemon rules
+	remove_iptables_nfqueue_rules
+	# remove internet_access and profile_bedtime_schedule rules
+	remove_internet_schedule_rules
+fi

urlfilter/files/etc/init.d/urlfilter

@@ -1,46 +1,17 @@
 #!/bin/sh /etc/rc.common
 
-START=21
+START=95
 STOP=10
 
 USE_PROCD=1
-NAME=urlfilter
 PROG=/usr/sbin/urlfilter
 
-configure_firewall()
-{
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -ne 0 ]; then
-		# setup netfilter queue 0, use queue bypass so that if no application is
-		# listening to this queue then traffic is unaffected.
-		iptables -w -I FORWARD 1 -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I FORWARD 2 -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I FORWARD 3 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I FORWARD 4 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I INPUT 1 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I INPUT 2 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-
-		# disable acceleration for https packet so that they can be read by urlfilter
-		ebtables -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
-	fi
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -ne 0 ]; then
-		#ip6table rules
-		ip6tables -w -I FORWARD 1 -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I FORWARD 2 -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I FORWARD 3 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I FORWARD 4 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I INPUT 1 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I INPUT 2 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-	fi
-
-}
+. /lib/parentalcontrol/parentalcontrol.sh
 
 start_service() {
-	if [ "$(uci -q get urlfilter.globals.enable)" == "1" ]; then
+	if [ "$(uci -q get parentalcontrol.globals.enable)" == "1" ]; then
 		procd_open_instance urlfilter
 		procd_set_param command ${PROG}
-		configure_firewall
 		procd_set_param respawn
 		procd_close_instance
 
@@ -50,38 +21,27 @@ start_service() {
 			sleep 5
 			conntrack -F
 		fi
+
+		# this is for urlfilter daemon
+		add_iptables_nfqueue_rules
+		# this for internet_access and profile_bedtime_schedule sections
+		add_internet_schedule_rules
 	fi
 }
 
 stop_service() {
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -eq 0 ]; then
-		iptables -w -D FORWARD -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D FORWARD -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D INPUT -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D INPUT -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ebtables -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
-	fi
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -eq 0 ]; then
-		#ip6table rules
-		ip6tables -w -D FORWARD -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D FORWARD -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D INPUT -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D INPUT -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-	fi
+	# remove urlfilter daemon rules
+	remove_iptables_nfqueue_rules
+	# remove internet_access and profile_bedtime_schedule rules
+	remove_internet_schedule_rules
 }
+
 reload_service() {
 	stop
 	start
 }
 
-
 service_triggers() {
-	procd_add_reload_trigger "urlfilter"
-	procd_add_reload_trigger "firewall"
+	procd_add_reload_trigger "parentalcontrol"
+	procd_add_reload_trigger "schedules"
 }

urlfilter/files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ -f /etc/firewall.parentalcontrol ]; then
+	uci -q get firewall.parentalcontrol >/dev/null || {
+		uci -q set firewall.parentalcontrol=include
+		uci -q set firewall.parentalcontrol.path="/etc/firewall.parentalcontrol"
+		uci -q set firewall.parentalcontrol.reload=1
+	}
+fi
+
+exit 0

urlfilter/files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults

@@ -0,0 +1,132 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+# Convert URL filter to parental control format
+urlfilter_config="/etc/config/urlfilter"
+parentalcontrol_config="/etc/config/parentalcontrol"
+schedules_config="/etc/config/schedules"
+
+# this script only needs to work if urlfilter_config was found
+if [ ! -s "$urlfilter_config" ]; then
+	exit 0
+fi
+
+# reset parentalcontrol_config
+# but schedules might have data other than schedules
+# so append to it
+rm -f "$parentalcontrol_config"
+touch "$parentalcontrol_config"
+
+schedules_enable="$(uci -q get schedules.global.enable)"
+# if no schedules config, then add it
+if [ ! -s "$schedules_config" ]; then
+	touch "$schedules_config"
+	schedules_enable=1
+fi
+
+# Parse globals
+uci -q batch <<EOF
+set parentalcontrol.globals=globals
+set parentalcontrol.globals.enable="$(uci -q get urlfilter.globals.enable)"
+set schedules.global=global
+set schedules.global.enable="$schedules_enable"
+EOF
+
+# Function to handle filter sections
+handle_filter() {
+	local section="$1"
+	local url_list="$2"
+	local profile_name="$3"
+	local access="$4"
+	local profile_name enable start_time duration days filter_profile macaddr_list
+
+	config_get filter_profile "$section" profile
+
+	# if option profile value and profile name match, then
+	if [ "$filter_profile" = "$profile_name" ]; then
+		config_get enable "$section" enable
+		config_get start_time "$section" start_time
+		config_get duration "$section" duration
+		config_get macaddr_list "$section" macaddr
+		config_get days "$section" day
+
+		# Add hosts based on MAC addresses in the filter
+		if [ -n "$macaddr_list" ]; then
+			for macaddr in $macaddr_list; do
+				uci -q add_list parentalcontrol.${profile_name}.host="$macaddr"
+			done
+		fi
+
+		uci -q set parentalcontrol.f_$filter_profile=profile_urlfilter
+		uci -q set parentalcontrol.f_$filter_profile.enable="$enable"
+		uci -q set parentalcontrol.f_$filter_profile.access="$access"
+		uci -q set parentalcontrol.f_$filter_profile.dm_parent="$profile_name"
+
+		# Add URLs one by one as filter_text
+		for url in $url_list; do
+			uci -q add_list parentalcontrol.f_$filter_profile.filter_text="$url"
+		done
+
+		# Add schedule if time restrictions exist
+		if [ -n "$start_time" ] && [ -n "$duration" ] && [ -n "$days" ]; then
+			local schedule_name
+			# declare and assign separately to avoid masking return value
+			schedule_name="$(uci -q add schedules schedule)"
+
+			# if adding schedule was successful, then populate it
+			if [ "$?" -eq 0 ] && [ -n "$schedule_name" ]; then
+				uci -q set schedules.${schedule_name}=schedule
+				uci -q set schedules.${schedule_name}.enable="$enable"
+				uci -q set schedules.${schedule_name}.start="$start_time"
+				uci -q set schedules.${schedule_name}.duration="$duration"
+
+				for day in $days; do
+					uci -q add_list schedules.${schedule_name}.day="$day"
+				done
+
+				# Link schedule to profile_urlfilter
+				uci -q set parentalcontrol.f_$filter_profile.profile_urlfilter_schedule="$schedule_name"
+			fi
+		fi
+	fi
+}
+
+# Function to handle profile sections
+handle_profile() {
+	local section="$1"
+	local profile_name whitelist_urls blacklist_urls
+
+	config_get profile_name "$section" name
+
+	# if name was not set then continue
+	if [ -z "$profile_name" ]; then
+		return
+	fi
+
+	config_get whitelist_urls "$section" whitelist_url
+	config_get blacklist_urls "$section" blacklist_url
+
+	# Create the new profile in parentalcontrol
+	uci -q set parentalcontrol.${profile_name}=profile
+	uci -q set parentalcontrol.${profile_name}.name="$profile_name"
+
+	# Add whitelist/blacklist URLs as filter_text
+	if [ -n "$whitelist_urls" ]; then
+		config_foreach handle_filter filter "$whitelist_urls" "$profile_name" 1  # Whitelist access
+	fi
+	if [ -n "$blacklist_urls" ]; then
+		config_foreach handle_filter filter "$blacklist_urls" "$profile_name" 0  # Blacklist access
+	fi
+}
+
+# Load urlfilter UCI config and iterate through profiles and filters
+config_load "urlfilter"
+config_foreach handle_profile profile
+config_foreach handle_filter filter
+
+# Commit changes
+uci commit parentalcontrol
+uci commit schedules
+
+rm -f "$urlfilter_config"

urlfilter/files/lib/parentalcontrol/parentalcontrol.sh

@@ -0,0 +1,495 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+day=""
+next_days=""
+prev_days=""
+schedule_added=""
+
+ACCESS_RULE=""
+IP_RULE=""
+
+ACL_FILE=""
+parentalcontrol_ipv4_forward=""
+parentalcontrol_ipv6_forward=""
+
+# Function to calculate UTC time and relative day
+get_relative_day() {
+	local hour="$1"
+	local offset="$2"
+	local relative_day="$3"
+	local utc_hour
+
+	# we need to force hours and minutes to be treated as base 10 (decimal)
+	# otherwise shell will treat, for example, 09 as octal
+	# hour=$((10#$hour)) does not work on busybox
+	# so we use another trick
+	hour=$(expr $hour + 0)
+
+	# Extract the sign and the hour part of the offset
+	local sign=${offset:0:1}
+	local offset_hour=${offset:1:2}
+
+	# Adjust hour based on the offset
+	if [ "$sign" = "-" ]; then
+		utc_hour=$((hour + offset_hour))
+	else
+		utc_hour=$((hour - offset_hour))
+	fi
+
+	# Handle overflow/underflow of UTC hours to keep within 0-23 range
+	if [ $utc_hour -lt 0 ]; then
+		if [ "$relative_day" = "today" ]; then
+			relative_day="yesterday"
+		else
+			relative_day="today"
+		fi
+	elif [ $utc_hour -ge 24 ]; then
+		if [ "$relative_day" = "today" ]; then
+			relative_day="tomorrow"
+		else
+			relative_day="tomorrow"
+		fi
+	else
+		if [ "$relative_day" = "tomorrow" ]; then
+			relative_day="tomorrow"
+		else
+			relative_day="today"
+		fi
+	fi
+
+	echo "$relative_day"
+}
+
+get_next_day() {
+	local weekday="$1"
+	case "$weekday" in
+		"Mon"|"Monday") echo "Tuesday"
+		;;
+		"Tue"|"Tuesday") echo "Wednesday"
+		;;
+		"Wed"|"Wednesday") echo "Thursday"
+		;;
+		"Thu"|"Thursday") echo "Friday"
+		;;
+		"Fri"|"Friday") echo "Saturday"
+		;;
+		"Sat"|"Saturday") echo "Sunday"
+		;;
+		"Sun"|"Sunday") echo "Monday"
+		;;
+	esac
+}
+
+get_previous_day() {
+	local weekday="$1"
+	case "$weekday" in
+		"Mon"|"Monday") echo "Sunday"
+		;;
+		"Tue"|"Tuesday") echo "Monday"
+		;;
+		"Wed"|"Wednesday") echo "Tuesday"
+		;;
+		"Thu"|"Thursday") echo "Wednesday"
+		;;
+		"Fri"|"Friday") echo "Thursday"
+		;;
+		"Sat"|"Saturday") echo "Friday"
+		;;
+		"Sun"|"Sunday") echo "Saturday"
+		;;
+	esac
+}
+
+add_access_rule() {
+	local rule_prefix="$1"
+	local start_time="$2"
+	local stop_time="$3"
+	local weekdays="$4"
+	local target="$5"
+	local rule
+	local start_hm stop_hm
+
+	if [ -z "$target" ]; then
+		return
+	fi
+
+	if [ -n "$weekdays" ]; then
+
+		start_hm=$(echo "$start_time" | awk -F: '{ print $1,$2 }' | sed 's/ //')
+		stop_hm=$(echo "$stop_time" | awk -F: '{ print $1,$2 }' | sed 's/ //')
+
+		if [ "$start_hm" = "$stop_hm" ]; then
+			return
+		fi
+
+		rule_prefix="$rule_prefix -m time --timestart $start_time --timestop $stop_time --weekdays $weekdays"
+	fi
+
+	rule="$rule_prefix -j $target"
+
+	echo "iptables -w -A parentalcontrol_forward ${rule}" >> "$ACL_FILE"
+        echo "ip6tables -w -A parentalcontrol_forward ${rule}" >> "$ACL_FILE"
+}
+
+generate_ip_rule() {
+	local utc_start_relative_day="$1"
+	local utc_end_relative_day="$2"
+	local utc_start_time="$3"
+	local utc_stop_time="$4"
+	local target="$5"
+
+	# Handle the cases based on the relation between utc_start_relative_day and utc_end_relative_day
+	if [ "$utc_start_relative_day" = "yesterday" ] && [ "$utc_end_relative_day" = "yesterday" ]; then
+		# Rule for yesterday only
+		add_access_rule "$IP_RULE" "$utc_start_time" "$utc_stop_time" "$prev_days" "$target"
+
+	elif [ "$utc_start_relative_day" = "yesterday" ] && [ "$utc_end_relative_day" = "today" ]; then
+		# Rule for yesterday to today
+		add_access_rule "$IP_RULE" "$utc_start_time" "23:59:59" "$prev_days" "$target"
+		add_access_rule "$IP_RULE" "00:00" "$utc_stop_time" "$day" "$target"
+
+	elif [ "$utc_start_relative_day" = "today" ] && [ "$utc_end_relative_day" = "today" ]; then
+		# Rule for today only
+		add_access_rule "$IP_RULE" "$utc_start_time" "$utc_stop_time" "$day" "$target"
+
+	elif [ "$utc_start_relative_day" = "today" ] && [ "$utc_end_relative_day" = "tomorrow" ]; then
+		# Rule for today to tomorrow
+		add_access_rule "$IP_RULE" "$utc_start_time" "23:59:59" "$day" "$target"
+		add_access_rule "$IP_RULE" "00:00" "$utc_stop_time" "$next_days" "$target"
+
+	elif [ "$utc_start_relative_day" = "tomorrow" ] && [ "$utc_end_relative_day" = "tomorrow" ]; then
+		# Rule for tomorrow only
+		add_access_rule "$IP_RULE" "$utc_start_time" "$utc_stop_time" "$next_days" "$target"
+	else
+		logger -t parental_control "Error: Unhandled case"
+	fi
+}
+
+handle_day_list() {
+	local value=$1
+
+	val=$(echo $value | cut -c 1-3)
+	next_day_val=$(get_next_day $val)
+	prev_day_val=$(get_previous_day $val)
+	if [ -z $day ]; then
+		day="$val"
+		next_days="$next_day_val"
+		prev_days="$prev_day_val"
+	else
+		day="$day,$val"
+		next_days="$next_days,$next_day_val"
+		prev_days="$prev_days,$prev_day_val"
+	fi
+}
+
+handle_schedule() {
+	local schedule_section="$1"
+	local type="$2"
+	local schedule_ref="$3"
+	local local_start_time local_stop_time duration zone_offset local_start_hh local_stop_hh
+	local is_enabled
+	local target
+	local day_config
+	local relative_day_end="today"
+
+	IP_RULE="$ACCESS_RULE"
+	day=""
+	next_days=""
+	prev_days=""
+	local all_days="Monday Tuesday Wednesday Thursday Friday Saturday Sunday"
+
+	zone_offset=$(date +%z)
+
+	if [ "$type" = "profile_bedtime_schedule" ]; then
+		target="DROP"
+
+		config_get local_start_time "$schedule_section" "start_time" "00:00:00"
+		config_get local_stop_time "$schedule_section" "end_time" "23:59:59"
+
+		local_start_hh=$(echo $local_start_time | awk -F: '{ print $1 }')
+		local_stop_hh=$(echo $local_stop_time | awk -F: '{ print $1 }')
+
+		config_get day_config "$schedule_section" "day" "$all_days"
+	else
+		if [ "$schedule_ref" != "$schedule_section" ]; then
+			return
+		fi
+
+		config_get_bool is_enabled "$schedule_section" "enable" 0
+		if [ $is_enabled -eq 0 ]; then
+			return
+		fi
+
+		# for access rules to be effective for a schedule, need to add DROP rule
+		# to block the access outside the defined schedule
+		# therefore, set flag
+		if [ "$schedule_added" = "0" ]; then
+			schedule_added="1"
+		fi
+
+		target="ACCEPT"
+
+		config_get local_start_time "$schedule_section" "start_time" "00:00"
+		config_get duration "$schedule_section" "duration"
+
+		local hh=$(echo $local_start_time | awk -F: '{ print $1 }')
+		local mm=$(echo $local_start_time | awk -F: '{ print $2 }')
+		local hh_s=`expr $hh \* 3600`
+		local mm_s=`expr $mm \* 60`
+		local ss=$(( hh_s + mm_s ))
+		local_start_hh=$hh
+
+		if [ -n "$duration" ]; then
+			local stop_ss rem_ss mm
+			stop_ss=$(( ss + duration ))
+			hh=$(( stop_ss / 3600 ))
+			rem_ss=$(( stop_ss % 3600 ))
+			mm=$(( rem_ss / 60 ))
+			ss=$(( rem_ss % 60 ))
+			local_stop_time="$hh:$mm:$ss"
+			local_stop_hh="$hh"
+		else
+			# if duration is not specified, then apply rule to end of the day
+			local_stop_time="23:59:59"
+			local_stop_hh="23"
+		fi
+
+		config_get day_config "$schedule_section" "day" "$all_days"
+	fi
+
+	IFS=" "
+	for d in $day_config; do
+		handle_day_list $d
+	done
+
+	utc_start_time=$(date -u -d @$(date "+%s" -d "$local_start_time") +%H:%M)
+	utc_start_time="$utc_start_time"
+	utc_stop_time=$(date -u -d @$(date "+%s" -d "$local_stop_time") +%H:%M)
+	utc_stop_time="$utc_stop_time"
+
+	# Determine whether the local end hour crosses midnight
+	if [ "$local_start_hh" -gt "$local_stop_hh" ]; then
+		relative_day_end="tomorrow"
+	fi
+
+	local utc_start_relative_day=$(get_relative_day "$local_start_hh" "$zone_offset" "today")
+	local utc_end_relative_day=$(get_relative_day "$local_stop_hh" "$zone_offset" "$relative_day_end")
+
+	generate_ip_rule "$utc_start_relative_day" "$utc_end_relative_day" "$utc_start_time" "$utc_stop_time" "$target"
+}
+
+# Function that parses input for MAC addresses or hostnames
+parse_macs_or_hostnames() {
+	local input="$1"
+	local lease_file="/tmp/dhcp.leases"
+
+	for item in $input; do
+		case "$item" in
+			??:??:??:??:??:??)
+				# It's a MAC address, print it as is
+				echo "$item"
+				;;
+			*)
+				# Assume it's a hostname and search for its MAC address in the leases file
+				mac=$(awk -v hostname="$item" '$4 == hostname {print $2}' "$lease_file")
+				if [ -n "$mac" ]; then
+					echo "$mac"
+				fi
+				;;
+		esac
+	done
+}
+
+handle_bedtime() {
+	local mac_addresses="$1"
+	local mac
+
+	# if mac addresses are present, then we apply the rule for each mac address
+	# otherwise apply the rule to everybody
+	for mac in $mac_addresses; do
+		ACCESS_RULE="-m mac --mac-source $mac"
+
+		config_foreach handle_schedule profile_bedtime_schedule "profile_bedtime_schedule" ""
+	done
+}
+
+handle_internet_access() {
+	local mac_addresses="$1"
+	local mac
+
+	local access_policy
+	config_get access_policy "$profile_section" "internet_access_policy"
+
+	local schedule_ref
+	config_get schedule_ref "$profile_section" "internet_access_schedule"
+
+	for mac in $mac_addresses; do
+		ACCESS_RULE="-m mac --mac-source $mac"
+
+		# As per Data Model, if access policy is deny, then schedule is to be ignored
+		# and no access is to be provided for the device
+		if [ "$access_policy" = "Deny" ]; then
+			add_access_rule "$ACCESS_RULE" "" "" "" "DROP"
+			continue # no need to parse schedule
+		fi
+
+		schedule_added="0"
+
+		# check if schedule is defined for this profile/internet_access instance
+		# and if yes, create rule accordingly
+		if [ -n "$schedule_ref" ]; then
+			config_load "schedules"
+			config_foreach handle_schedule schedule "schedule" "$schedule_ref"
+		fi
+
+		# for access rule to work, need to have default drop rule as last rule
+		if [ "$schedule_added" = "1" ]; then
+			add_access_rule "$ACCESS_RULE" "" "" "" "DROP"
+		fi
+	done
+}
+
+handle_profile() {
+	local profile_section="$1"
+	local internet_access_enable bedtime_enable hostlist
+
+	config_get hostlist "$profile_section" "host"
+
+	if [ -z "$hostlist" ]; then
+		return
+	fi
+
+	ACCESS_RULE=""
+
+	# convert hostnames to mac addresses if needed
+	# and replace newlines with space because it messes up the for loops in
+	# handle_internet_access and handle_bedtime functions
+	local mac_addresses="$(parse_macs_or_hostnames "${hostlist}" | tr '\n' ' ')"
+
+	# default value of Hosts.AccessControl.{i}.Enable is false,
+	# so, if not defined in uci as 1, assume 0
+	config_get_bool internet_access_enable "$profile_section" "internet_access_enable" 0
+	if [ $internet_access_enable -gt 0 ]; then
+		handle_internet_access "${mac_addresses}"
+		# handle_internet_access may have loaded schedules uci
+		# so, reload parentalcontrol
+		config_load "parentalcontrol"
+	fi
+
+	config_get_bool bedtime_enable "$profile_section" "bedtime_enable" 0
+	if [ $bedtime_enable -gt 0 ]; then
+		handle_bedtime "${mac_addresses}"
+	fi
+
+}
+
+add_internet_schedule_rules() {
+	ACL_FILE="/tmp/parentalcontrol_access_control/access_control.rules"
+
+	rm -f $ACL_FILE
+
+	mkdir -p /tmp/parentalcontrol_access_control/
+	touch $ACL_FILE
+
+	echo "iptables -w -F parentalcontrol_forward" >> $ACL_FILE
+	echo "ip6tables -w -F parentalcontrol_forward" >> $ACL_FILE
+
+	parentalcontrol_ipv4_forward=$(iptables -t filter --list -n | grep parentalcontrol_forward)
+	if [ -z "$parentalcontrol_ipv4_forward" ]; then
+		echo "iptables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
+		ret=$?
+		[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j parentalcontrol_forward" >> $ACL_FILE
+	fi
+
+	parentalcontrol_ipv6_forward=$(ip6tables -t filter --list -n | grep parentalcontrol_forward)
+	if [ -z "$parentalcontrol_ipv6_forward" ]; then
+		echo "ip6tables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE
+		ret=$?
+		[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j parentalcontrol_forward" >> $ACL_FILE
+	fi
+
+	# Load /etc/config/parentalcontrol UCI file
+	config_load "parentalcontrol"
+	config_foreach handle_profile "profile"
+
+	# apply the rules
+	sh $ACL_FILE
+}
+
+add_iptables_nfqueue_rules() {
+	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# setup netfilter queue 0, use queue bypass so that if no application is
+		# listening to this queue then traffic is unaffected.
+		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		iptables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+
+	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		#ip6table rules
+		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+}
+
+remove_iptables_nfqueue_rules() {
+	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		iptables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		#ip6table rules
+		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ip6tables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+}
+
+remove_internet_schedule_rules() {
+	# remove from iptables, if chain exists
+	if iptables -w -nL FORWARD|grep -iqE "parentalcontrol_forward"; then
+		iptables -w -t filter -D FORWARD -j parentalcontrol_forward
+		iptables -w -F parentalcontrol_forward
+		iptables -w -X parentalcontrol_forward
+	fi
+	# remove from ip6tables, if chain exists
+	if ip6tables -w -nL FORWARD|grep -iqE "parentalcontrol_forward"; then
+		ip6tables -w -t filter -D FORWARD -j parentalcontrol_forward
+		ip6tables -w -F parentalcontrol_forward
+		ip6tables -w -X parentalcontrol_forward
+	fi
+}

usp-js/Makefile

@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usp-js
-PKG_VERSION:=1.2.4
+PKG_VERSION:=1.2.6
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/usp-js.git
@@ -23,7 +23,7 @@ define Package/usp-js
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=A JS library for USP(TR369) protocol
-  DEPENDS:=+quickjs +quickjs-websocket
+  DEPENDS:=+quickjs +quickjs-websocket +@OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
   EXTRA_DEPENDS:=obuspa mosquitto-ssl
 endef
 
@@ -37,9 +37,7 @@ endef
 
 define Package/usp-js/install
 	$(INSTALL_DIR) $(1)/usr/lib/usp-js
-	$(INSTALL_DIR) $(1)/etc
 	$(CP) $(PKG_BUILD_DIR)/qjs/* $(1)/usr/lib/usp-js/
-	$(CP) ./files/etc/* $(1)/etc/
 endef
 
 $(eval $(call BuildPackage,usp-js))

usp-js/files/etc/init.d/uspjs

@@ -1,68 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=99
-STOP=01
-USE_PROCD=1
-
-log()
-{
-	echo "$*"|logger -t usp-js -p debug
-}
-
-get_oui_from_db()
-{
-	db -q get device.deviceinfo.ManufacturerOUI
-}
-
-get_serial_from_db()
-{
-	db -q get device.deviceinfo.SerialNumber
-}
-
-publish_endpoint()
-{
-	local AgentEndpointID serial oui user pass
-
-	if ! uci -q get obuspa.testmqtt; then
-		return 0;
-	fi
-
-	# return if mosquitto_pub is not present
-	if [ ! "$(command -v mosquitto_pub)" ]; then
-		log "mosquitto_pub not present can't publish EndpointID"
-		return 0;
-	fi
-
-	# Get endpoint id from obuspa config first
-	config_load obuspa
-	config_get AgentEndpointID localagent EndpointID ""
-	if [ -z "${AgentEndpointID}" ]; then
-		serial=$(get_serial_from_db)
-		oui=$(get_oui_from_db)
-		AgentEndpointID="os::${oui}-${serial//+/%2B}"
-	fi
-
-	config_get user testmqtt Username ""
-	config_get pass testmqtt Password ""
-
-	# publish Agent's EndpointID in mosquito broker for discovery by usp-js
-	# This is a work around till obuspa adds supports for mDNS discovery
-	if [ -n "${user}" ] && [ -n "${pass}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username, password"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}" -P "${pass}"
-	elif [ -n "${user}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username only"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}"
-	else
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}"
-	fi
-}
-
-start_service() {
-	publish_endpoint
-}
-
-service_triggers() {
-	procd_add_reload_trigger "obuspa"
-}

usp-js/files/etc/uci-defaults/10-add-obuspa-test-config

@@ -1,59 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ ! -f "/etc/config/obuspa" ]; then
-	echo "Local obuspa not available"
-	return 0
-fi
-
-if [ ! -f "/etc/config/mosquitto" ]; then
-	echo "Local mosquitto broker not available"
-	return 0
-fi
-
-add_obuspa_test_mtp()
-{
-	uci_add obuspa mtp test_mtp
-	uci_set obuspa test_mtp Protocol 'MQTT'
-	uci_set obuspa test_mtp ResponseTopicConfigured '/usp/endpoint'
-	uci_set obuspa test_mtp mqtt 'testmqtt'
-}
-
-add_obuspa_test_mqtt()
-{
-	# Adds Device.MQTT.Client.
-	uci_add obuspa mqtt testmqtt
-	uci_set obuspa testmqtt BrokerAddress '127.0.0.1'
-	uci_set obuspa testmqtt BrokerPort '1883'
-	uci_set obuspa testmqtt TransportProtocol 'TCP/IP'
-}
-
-add_obuspa_test_controller()
-{
-	# Adds Device.LocalAgent.Controller.
-	uci_add obuspa controller testcontroller
-	uci_set obuspa testcontroller EndpointID 'proto::interop-usp-controller'
-	uci_set obuspa testcontroller Protocol 'MQTT'
-	uci_set obuspa testcontroller Topic '/usp/controller'
-	uci_set obuspa testcontroller mqtt 'testmqtt'
-	uci_set obuspa testcontroller assigned_role_name 'full_access'
-}
-
-add_obuspa_config()
-{
-	uci_add mosquitto listener obuspa
-	uci_set mosquitto obuspa enabled 1
-	uci_set mosquitto obuspa port '1883'
-	uci_set mosquitto obuspa no_remote_access '1'
-	uci_set mosquitto obuspa allow_anonymous '1'
-}
-
-# Add local controller for usp-js
-uci_load mosquitto
-add_obuspa_config
-
-uci_load obuspa
-add_obuspa_test_mtp
-add_obuspa_test_mqtt
-add_obuspa_test_controller

wifimngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifimngr
-PKG_VERSION:=16.2.1.5
+PKG_VERSION:=16.2.1.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5696f739e765e221e2f882a659cf509296572250
+PKG_SOURCE_VERSION:=5cf099ca4d34a5ba1b516bc8f8735706025e7e49
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/wifimngr.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

xmppc/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xmppc
-PKG_VERSION:=2.2.3
+PKG_VERSION:=2.2.3.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/xmppc.git
-PKG_SOURCE_VERSION:=23a7f6005b84fc4d4a1432057ecd2b5a74f9ea3e
+PKG_SOURCE_VERSION:=9f100e3334c1cb62dbffa779a1a5aef9c186355d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif