sulu: nosub

The actual spelling of this option is require_certificate and it is
anyway not relevant here since it is not a TLS listener.

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.16.6
+PKG_VERSION:=1.16.6.2
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=549a296cbfe0f6f6aaf22c0371651668abd8b10f
+PKG_SOURCE_VERSION:=aa480554461c82e6f6f44ee6c23108d3e44fce21
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.1.7
+PKG_VERSION:=6.2.1.8
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ca92325ece080389ffb405c95048b64071eda653
+PKG_SOURCE_VERSION:=b7e294d7c610adfd80cf40a0628c189695dc5156
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dslmngr/files/airoha/sbin/xdsl_wan

@@ -60,7 +60,7 @@ create_atm_devices() {
 }
 
 configure_line() {
-	local mode profile bitswap sra us0 sesdrop sos ginp mod prof
+	local mode profile bitswap sra us0 sesdrop sos roc ginp gvector mod prof
 	local adsl1_flag=0 issue2_flag=0 Glite_flag=0 adsl2_flag=0 adsl2p_flag=0 vdsl2_flag=0
 	local pro_8a_flag=0 pro_8b_flag=0 pro_8c_flag=0 pro_8d_flag=0 pro_12a_flag=0 pro_12b_flag=0 pro_17a_flag=0 pro_30a_flag=0 pro_35b_flag=0
 
@@ -70,8 +70,9 @@ configure_line() {
 	config_get sra $1 sra "1"
 	config_get us0 $1 us0 "1"
 	config_get sos $1 sos "0"
-	config_get sos $1 roc "0"
-	config_get sos $1 ginp "0"
+	config_get roc $1 roc "0"
+	config_get ginp $1 ginp "1"
+	config_get gvector $1 gvector "1"
 
 	for mod in $mode; do
 		[ "$mod" = "gdmt" ] && adsl1_flag=1
@@ -96,6 +97,7 @@ configure_line() {
 
 	/userfs/bin/blapi_cmd xdsl set_adsl_profile "$pro_8a_flag" "$pro_8b_flag" "$pro_8c_flag" "$pro_8d_flag" "$pro_12a_flag" "$pro_12b_flag" "$pro_17a_flag" "$pro_30a_flag" "$pro_35b_flag"
 	/userfs/bin/blapi_cmd xdsl set_adsl_mode "$adsl1_flag" "$issue2_flag" "$Glite_flag" "$adsl2_flag" "$adsl2p_flag" "$vdsl2_flag"
+	/userfs/bin/blapi_cmd xdsl set_adsl_gvector "$((!gvector))"
 	/userfs/bin/blapi_cmd xdsl set_adsl_ginp "$((!ginp))"
 	/userfs/bin/blapi_cmd xdsl set_adsl_sos_roc "$((!sos))" "$((!roc))"
 	/userfs/bin/blapi_cmd xdsl set_adsl_us0 "$((!us0))"

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.3.1
+PKG_VERSION:=1.3.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=3663ca4d001508509774115d6797b932f9ed4f69
+PKG_SOURCE_VERSION:=775964f1c4a2fa57bfdf56b6bebebad211483234
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.9.9
+PKG_VERSION:=9.9.9.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=070e812e1bfb81a35a95a9c16cc20e8ffa6e30e4
+PKG_SOURCE_VERSION:=10750ecdf2bebaee464417df309445a20f361841
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

icwmp/files/etc/config/cwmp

@@ -28,6 +28,7 @@ config cpe 'cpe'
 	option log_severity 'WARNING'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
+	option bind_retries '5'
 	option userid '' #$OUI-$SER
 	option passwd ''
 	option port '7547'

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.32
+PKG_VERSION:=8.7.33
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f1f653c0b7b53a243af889a4c8594aca42589045
+PKG_SOURCE_VERSION:=f28f1c04cae008d7d6448ba02b992506af28448c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

iopsys-analytics/Makefile

@@ -33,6 +33,7 @@ define Package/$(PKG_NAME)
   DEPENDS+=                                             \
     +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
     +PACKAGE_fluent-bit:logrotate                       \
+    +@DMCLI_REMOTE_CONNECTION
 
 endef
 

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.1
+PKG_VERSION:=2.1.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
+PKG_SOURCE_VERSION:=5f1184c52be19f3bfd3bc7e9bc582ef09b0a2b1c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libdsl/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdsl
-PKG_VERSION:=7.3.0
+PKG_VERSION:=7.3.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libdsl.git
-PKG_SOURCE_VERSION:=2a7a49fac35c3d8078ffe051594c0425d355cacd
+PKG_SOURCE_VERSION:=1aa9c40f9503311652e562617b1e15533257adcc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.13.4
+PKG_VERSION:=7.13.5
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=e5a8bc4985d91b0938bbdf2a46a99081408e5224
+PKG_SOURCE_VERSION:=32bd594f6bb4b46de5d57b4865e16f5fbe8c7b72
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.6.7
+PKG_VERSION:=6.3.6.14
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=f611be0c05e3f4fb3d35a5a1ad51f5a4ad6406ca
+PKG_SOURCE_VERSION:=d5dbeb93a1acb0a61ed2b476510b95abe99cc873
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/lib/multiap/map_genconfig

@@ -258,6 +258,6 @@ map_genconf () {
 				config_foreach mapcontroller_remove_mld_id ap
 			}
 		fi
-		uci -q commit mapcontroller
+		ubus -t 5 call uci commit '{"config":"mapcontroller"}'
 	fi
 }

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.0.11
+PKG_VERSION:=6.4.0.14
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=db314c0fb388a3de47a9e6db5d944d7fabc832c6
+PKG_SOURCE_VERSION:=28981d46cfff30516d478da700ae9d710247cabe
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0

map-controller/files/etc/config/mapcontroller

@@ -2,7 +2,7 @@ config controller 'controller'
 	option enabled '1'	# may be modified by other package start-up scripts (i.e. map-agent)
 	option profile '3'
 	option registrar '2 5 6'
-	option debug '0'
+	option debug '2'
 	option bcn_metrics_max_num '10'
 	option initial_channel_scan '0'
 	option enable_ts '0'

obuspa/Config.in

@@ -19,13 +19,8 @@ config OBUSPA_CONTROLLER_MTP_VERIFY
 	bool "Enable verification of controller MTP before processing the message"
 	default n
 
-config OBUSPA_ENABLE_TEST_CONTROLLER
-	bool "Adds a test controller by default"
-	default n
-	select OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
-
-config OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
-	bool "Adds a test controller by default (local access only)"
+config OBUSPA_LOCAL_MQTT_LISTENER
+	bool "Configures local mqtt broker for local usp connections"
 	default n
 
 config OBUSPA_MAX_CONTROLLERS_NUM

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.0.14
+PKG_VERSION:=10.0.0.16
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=aeda0145e269cad49d326800fbd39d87c0d30087
+PKG_SOURCE_VERSION:=479ffb3582aa245a84829502d9412ca2539eefca
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -33,8 +33,7 @@ define Package/obuspa
   TITLE:=USP agent
   MENU:=1
   DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
-		+OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-ssl +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-client-ssl \
-		+OBUSPA_ENABLE_TEST_CONTROLLER:mosquitto-auth-shadow +libjson-c
+		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 
@@ -132,27 +131,23 @@ define Package/obuspa/install
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
 	$(INSTALL_DATA) ./files/etc/obuspa/usp_utils.sh $(1)/etc/obuspa/
 	echo "$(VENDOR_PREFIX)" > $(1)/etc/obuspa/vendor_prefix
-	$(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/60-generate-ctrust-defaults $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/obuspa-set-dhcp-option $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/92-obuspa_firewall $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/93-obuspa_mdns_adv $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/94-obuspa_set_credential $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/60-generate-ctrust-defaults $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/obuspa-set-dhcp-option $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/92-obuspa_firewall $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/93-obuspa_mdns_adv $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/94-obuspa_set_credential $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/firewall.usp $(1)/etc/
-	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
+	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/
 ifeq ($(CONFIG_OBUSPA_CWMP_DATAMODEL_SUPPORT),y)
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/libuspagentdm.so $(1) $(PKG_NAME)
 endif
-ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER),y)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/54-test-usp-remote $(1)/etc/uci-defaults/
-endif
-ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL),y)
-	$(INSTALL_BIN) ./files/etc/init.d/usptest $(1)/etc/init.d/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/55-test-usp-controller $(1)/etc/uci-defaults/
+ifeq ($(CONFIG_OBUSPA_LOCAL_MQTT_LISTENER),y)
+	$(INSTALL_DATA) ./files/etc/uci-defaults/55-obuspa-local-mqtt-usp-connection $(1)/etc/uci-defaults/
 endif
 ifeq ($(CONFIG_OBUSPA_OVERRIDE_CT_ROLE),y)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
 endif
 endef
 

obuspa/files/etc/init.d/usptest

@@ -1,75 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=99
-STOP=01
-USE_PROCD=1
-
-log()
-{
-	echo "$*"|logger -t usptest -p debug
-}
-
-get_oui_from_db()
-{
-	db -q get device.deviceinfo.ManufacturerOUI
-}
-
-get_serial_from_db()
-{
-	db -q get device.deviceinfo.SerialNumber
-}
-
-publish_endpoint()
-{
-	local AgentEndpointID serial oui user pass
-
-	if ! uci -q get obuspa.testmqtt; then
-		return 0;
-	fi
-
-	# return if mosquitto_pub is not present
-	if [ ! "$(command -v mosquitto_pub)" ]; then
-		log "mosquitto_pub not present can't publish EndpointID"
-		return 0;
-	fi
-
-	sleep 2
-	# Get endpoint id from obuspa config first
-	config_load obuspa
-	config_get AgentEndpointID localagent EndpointID ""
-	if [ -z "${AgentEndpointID}" ]; then
-		serial=$(get_serial_from_db)
-		oui=$(get_oui_from_db)
-		AgentEndpointID="os::${oui}-${serial//+/%2B}"
-	fi
-
-	config_get user testmqtt Username ""
-	config_get pass testmqtt Password ""
-
-	# publish Agent's EndpointID in mosquito broker for discovery by usp-js
-	# This is a work around till obuspa adds supports for mDNS discovery
-	if [ -n "${user}" ] && [ -n "${pass}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username, password"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}" -P "${pass}"
-	elif [ -n "${user}" ]; then
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username only"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}"
-	else
-		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker"
-		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}"
-	fi
-}
-
-start_service() {
-	procd_open_instance usptest
-	publish_endpoint
-	procd_close_instance
-}
-
-reload_service() {
-	publish_endpoint
-}
-
-service_triggers() {
-	procd_add_reload_trigger "mosquitto" "obuspa"
-}

obuspa/files/etc/uci-defaults/54-test-usp-remote

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ ! -f "/etc/config/mosquitto" ]; then
-	echo "Local mosquitto broker not available"
-	return 0
-fi
-
-add_usp_test()
-{
-	uci_add mosquitto listener usptest
-	uci_set mosquitto usptest enabled 1
-	uci_set mosquitto usptest port '9004'
-	uci_set mosquitto usptest protocol 'websockets'
-	uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-}
-
-# Install test MQTT over WS listener
-add_usp_test

obuspa/files/etc/uci-defaults/55-obuspa-local-mqtt-usp-connection

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_mqtt_obuspa_listener()
+{
+	uci_add mosquitto listener obuspa
+	uci_set mosquitto obuspa enabled 1
+	uci_set mosquitto obuspa port '1883'
+	uci_set mosquitto obuspa no_remote_access '1'
+	uci_set mosquitto obuspa allow_anonymous '1'
+}
+
+# Add mosquitto listener for obuspa connection
+# apps/controller should add controller definitions separately
+add_mqtt_obuspa_listener

obuspa/files/etc/uci-defaults/55-test-usp-controller

@@ -1,57 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ ! -f "/etc/config/obuspa" ]; then
-	echo "Local obuspa not available"
-	return 0
-fi
-
-if [ ! -f "/etc/config/mosquitto" ]; then
-	echo "Local mosquitto broker not available"
-	return 0
-fi
-
-add_obuspa_test_mtp()
-{
-	uci_add obuspa mtp test_mtp
-	uci_set obuspa test_mtp Protocol 'MQTT'
-	uci_set obuspa test_mtp ResponseTopicConfigured '/usp/endpoint'
-	uci_set obuspa test_mtp mqtt 'testmqtt'
-}
-
-add_obuspa_test_mqtt()
-{
-	# Adds Device.MQTT.Client.
-	uci_add obuspa mqtt testmqtt
-	uci_set obuspa testmqtt BrokerAddress '127.0.0.1'
-	uci_set obuspa testmqtt BrokerPort '1883'
-	uci_set obuspa testmqtt TransportProtocol 'TCP/IP'
-}
-
-add_obuspa_test_controller()
-{
-	# Adds Device.LocalAgent.Controller.
-	uci_add obuspa controller testcontroller
-	uci_set obuspa testcontroller EndpointID 'proto::interop-usp-controller'
-	uci_set obuspa testcontroller Protocol 'MQTT'
-	uci_set obuspa testcontroller Topic '/usp/controller'
-	uci_set obuspa testcontroller mqtt 'testmqtt'
-	uci_set obuspa testcontroller assigned_role_name 'full_access'
-}
-
-add_obuspa_config()
-{
-	uci_add mosquitto listener obuspa
-	uci_set mosquitto obuspa enabled 1
-	uci_set mosquitto obuspa port '1883'
-	uci_set mosquitto obuspa no_remote_access '1'
-	uci_set mosquitto obuspa allow_anonymous '1'
-}
-
-# Install test usp controller config
-add_obuspa_config
-
-add_obuspa_test_mtp
-add_obuspa_test_mqtt
-add_obuspa_test_controller

parental-control/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=parental-control
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.3.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=120dbcd6508b817d2ce3d579a1bfbd5bfd1a44cb
+PKG_SOURCE_VERSION:=b1e5b3f81f08271bdaf9cb4bda8a7696a27be3c6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -81,19 +81,20 @@ define Package/parental-control/install
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/35-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
 
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/parentalcontrol $(1)/lib/upgrade/keep.d/parentalcontrol
 
 	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol
 
+	$(INSTALL_DATA) ./files/etc/uci-defaults/40-parental_control_update_bundle_path $(1)/etc/uci-defaults/
 ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/55-add-default-bundles $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_add_bundles $(1)/etc/uci-defaults/
 	$(CP) ./files/urlbundle_override.json $(1)/etc/parentalcontrol/
 else
 	$(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/urlbundle_override.json $(1) parentalcontrol
-	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_urlfilter $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_disable_urlfilter $(1)/etc/uci-defaults/
 endif
 endef
 

parental-control/files/etc/config/parentalcontrol

@@ -1,4 +1,3 @@
 config globals 'globals'
-    option enable '0'
+    option enable '1'
     option loglevel '3'
-    option urlfilter '1'

parental-control/files/etc/firewall.parentalcontrol

@@ -5,19 +5,16 @@
 enabled="$(uci -q get parentalcontrol.globals.enable)"
 urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
 
-# if parentalcontrol is  enabled, add the rules, else remove them
+# if parentalcontrol is enabled, add the rules, else remove them
 if [ "${enabled}" -eq "1" ]; then
+	# this is for internet_access and profile_bedtime_schedule sections
+	add_internet_schedule_rules
 	# this is for urlfilter daemon
-	add_iptables_nfqueue_rules
 	if [ "${urlfilter}" -eq "1" ]; then
-		# this for internet_access and profile_bedtime_schedule sections
-		add_internet_schedule_rules
+		add_iptables_nfqueue_rules
 	fi
 else
-	# remove urlfilter daemon rules
+	# remove internet_access and profile_bedtime_schedule rules
+	remove_internet_schedule_rules
 	remove_iptables_nfqueue_rules
-	if [ "${urlfilter}" -eq "1" ]; then
-		# remove internet_access and profile_bedtime_schedule rules
-		remove_internet_schedule_rules
-	fi
 fi

parental-control/files/etc/init.d/parentalcontrol

@@ -44,9 +44,11 @@ configure_fw_rules() {
 		else
 			# Now flush the existing connections, otherwise,
 			# URL filtering cannot be performed on already open sites.
-			if [ -n "$(which conntrack)" ]; then
-				sleep 5
-				conntrack -F
+			if which hw_nat > /dev/null 2>&1; then
+				hw_nat -! > /dev/null 2>&1
+			fi
+			if which conntrack > /dev/null 2>&1; then
+				conntrack -F > /dev/null 2>&1
 			fi
 
 			# this is for urlfilter daemon
@@ -83,14 +85,13 @@ start_service() {
 	config_load parentalcontrol
 	validate_global_section
 
-	[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
-
-	# add default bundles
-	process_default_bundles
 	# add firewall rules
 	configure_fw_rules
 
 	if [ "${urlfilter}" -eq "1" ]; then
+		# add default bundles
+		[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
+		process_default_bundles
 		enable_urlfilter_dm
 	else
 		disable_urlfilter_dm
@@ -100,7 +101,7 @@ start_service() {
 	# then /tmp/dhcp.leases will be empty until clients try to get a lease,
 	# in that case, hostnames will not be processed by the daemon,
 	# for this we copy /tmp/dhcp.leases to /etc/parentalcontrol/dhcp.leases
-	# which will be persistent acrros reboots and upgrade where settings are kept
+	# which will be persistent across reboots and upgrade (with keep settings)
 	# and will be used as a backup in case /tmp/dhcp.leases is empty
 	copy_dhcp_leases
 

parental-control/files/etc/uci-defaults/35-migrate_urlfilter.ucidefaults

@@ -2,6 +2,8 @@
 
 . /lib/functions.sh
 
+[ ! -f "/etc/config/urlfilter" ] && exit 0
+
 # Convert URL filter to parental control format
 urlfilter_config="/etc/config/urlfilter"
 parentalcontrol_config="/etc/config/parentalcontrol"

parental-control/files/etc/uci-defaults/40-parental_control_update_bundle_path

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+APPS_DIR="/apps"
+
+check_mounted_app_partition() {
+	local free
+
+	if [ ! -d "${APPS_DIR}" ]; then
+		return 1
+	fi
+
+	# Check free space in disk
+	free="$(df -P "${APPS_DIR}"|tail -n 1|awk '{print $4}')"
+
+	# disable if free storage is less then 300M
+	if [ "${free}" -lt 307200 ]; then
+		return 1
+	fi
+
+	return 0
+}
+
+
+if check_mounted_app_partition; then
+	uci -q set parentalcontrol.globals.bundle_path="${APPS_DIR}/parentalcontrol"
+
+	# configure the urlfilter if not configured
+	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+	if [ -z "${urlfilter}" ]; then
+		uci -q set parentalcontrol.globals.urlfilter='1'
+	fi
+else
+	uci -q set parentalcontrol.globals.urlfilter='0'
+fi
+
+exit 0

parental-control/files/etc/uci-defaults/50-parental_control_add_bundles

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+COUNT=1
+
+add_urlbundle()
+{
+	local name url
+
+	url="${1}"; shift
+	name="$*"
+
+	uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle
+	uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}"
+	uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}"
+
+	COUNT="$((COUNT+1))"
+}
+
+urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+if [ "${urlfilter}" -eq "1" ]; then
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse"
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads"
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto"
+	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs"
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else"
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent'
+	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking'
+fi
+
+exit 0

parental-control/files/etc/uci-defaults/50-parental_control_disable_urlfilter

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+uci -q set parentalcontrol.globals.urlfilter='0'
+
+_delete_urlbundle() {
+	uci_remove parentalcontrol "${1}"
+}
+
+config_load "parentalcontrol"
+config_foreach _delete_urlbundle urlbundle

parental-control/files/etc/uci-defaults/50-parental_control_urlfilter

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-[ ! -f "/etc/config/parentalcontrol" ] && exit 0
-
-uci -q set parentalcontrol.globals.urlfilter='0'

parental-control/files/etc/uci-defaults/55-add-default-bundles

@@ -1,40 +0,0 @@
-#!/bin/sh
-
-COUNT=1
-
-add_urlbundle()
-{
-	local enabled name url
-
-	enabled="${1}"; shift
-	url="${1}"; shift
-	name="${@}"
-
-	uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle
-	uci -q set parentalcontrol.urlbundle_${COUNT}.enable="${enabled}"
-	uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}"
-	uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}"
-
-	COUNT="$((COUNT+1))"
-}
-
-add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse"
-add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads"
-add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto"
-add_urlbundle "1" "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs"
-add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else"
-add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram'
-add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud'
-add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling'
-add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware'
-add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing'
-add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy'
-add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn'
-add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware'
-add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect'
-add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam'
-add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok'
-add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent'
-add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking'
-
-exit 0

parental-control/files/lib/parentalcontrol/parentalcontrol.sh

@@ -13,7 +13,10 @@ IP_RULE=""
 ACL_FILE=""
 parentalcontrol_ipv4_forward=""
 parentalcontrol_ipv6_forward=""
-default_bundle_dir="/tmp/parentalcontrol/default/"
+
+bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
+
+default_bundle_dir="${bundle_path}/default/"
 bundle_archive="/etc/parentalcontrol/urlbundles.tar.xz"
 
 log() {
@@ -255,7 +258,9 @@ handle_schedule() {
 			schedule_added="1"
 		fi
 
-		target="ACCEPT"
+		# internet_access has been updated to be internet_break
+		# so drop traffic during the schedule, and allow outside the schedule
+		target="DROP"
 
 		config_get local_start_time "$schedule_section" "start_time" "00:00"
 		config_get duration "$schedule_section" "duration"
@@ -362,11 +367,6 @@ handle_internet_break() {
 			config_load "schedules"
 			config_foreach handle_schedule schedule "schedule" "$schedule_ref"
 		fi
-
-		# for access rule to work, need to have default drop rule as last rule
-		if [ "$schedule_added" = "1" ]; then
-			add_access_rule "$ACCESS_RULE" "" "" "" "DROP"
-		fi
 	done
 }
 
@@ -438,15 +438,31 @@ add_internet_schedule_rules() {
 }
 
 add_iptables_nfqueue_rules() {
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -ne 0 ]; then
-		# setup netfilter queue 0, use queue bypass so that if no application is
-		# listening to this queue then traffic is unaffected.
-		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+	local filter_used
 
-		iptables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+	# Check if urlfilter used
+	if ! uci show parentalcontrol | grep -q profile_urlfilter; then
+		return
+	fi
+
+	# IPv4 rules
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		iptables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# INPUT: DNS replies to router, skip loopback
+		iptables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# OUTPUT: DNS replies from router, skip loopback
+		iptables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS flows for urlfilter
+		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		# disable acceleration for https packet so that they can be read by urlfilter
 		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
@@ -454,14 +470,24 @@ add_iptables_nfqueue_rules() {
 		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
 
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	# IPv6 rules
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
 	if [ "$?" -ne 0 ]; then
-		#ip6table rules
-		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		ip6tables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-		ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# INPUT: DNS replies to router, skip loopback
+		ip6tables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# OUTPUT: DNS replies from router, skip loopback
+		ip6tables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS flows for urlfilter
+		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		# disable acceleration for https packet so that they can be read by urlfilter
 		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
@@ -471,26 +497,38 @@ add_iptables_nfqueue_rules() {
 }
 
 remove_iptables_nfqueue_rules() {
-	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
 	if [ "$?" -eq 0 ]; then
-		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# DNS response rules
+		iptables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-		iptables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		iptables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		# HTTP/HTTPS
+		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
 		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
 	fi
-	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
-	if [ "$?" -eq 0 ]; then
-		#ip6table rules
-		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-		ip6tables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ip6tables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		# DNS response rules
+		ip6tables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS
+		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
 		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null

parental-control/files/lib/parentalcontrol/sync_bundles.sh

@@ -3,12 +3,31 @@
 . /lib/functions.sh
 
 LOCKFILE="/tmp/sync_bundles.lock"
+log_level="$(uci -q get parentalcontrol.globals.loglevel)"
+log_level="${log_level:-1}"
+DEBUG=0
+
+log_err() {
+	logger -t urlfilter.sync -p error "$*"
+	if [ "${DEBUG}" -eq "1" ]; then
+		echo "#ERR# $* #" >/dev/console
+	fi
+}
+
+log_info() {
+	if [ "${log_level}" -gt 3 ]; then
+		logger -t urlfilter.sync -p info "$*"
+	fi
+	if [ "${DEBUG}" -eq "1" ]; then
+		echo "#INFO# $* #" >/dev/console
+	fi
+}
 
 # this script handles syncing bundles
 # if its a remote file, then it would be downloaded and placed in bundle_dir
 bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
 if [ -z "${bundle_path}" ]; then
-	bundle_path="/tmp/parentalcontrol"
+	return 0
 fi
 
 stringstore_dir="${bundle_path}/stringstore"
@@ -38,15 +57,15 @@ update_bundle_file_from_url() {
 
 	available_memory=$(df "$bundle_dir" | tail -n 1 | awk '{print $(NF-2)}') # Available memory in 1K blocks
 	local needed_blocks=$((bundle_file_size / 1024)) # Convert bundle_file_size to 1K blocks
-	local max_size=$((10 * 1024 * 1024)) # 10MB in bytes
+	local max_size=$((50 * 1024 * 1024)) # 50MB in bytes
 
 	if [ "$available_memory" -le "$needed_blocks" ]; then
-		logger -p info "Error: Not enough disk space for bundle: ${bundle_name}"
+		log_info "Error: Not enough disk space for bundle: ${bundle_name}"
 		return 1
 	fi
 
 	if [ "$bundle_file_size" -gt "$max_size" ]; then
-		logger -p info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
+		log_info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
 		return 1
 	fi
 
@@ -57,7 +76,7 @@ update_bundle_file_from_url() {
 	else
 		# Random delay (0-5s) before starting the download
 		local delay=$((RANDOM % 6))
-		logger -p info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
+		log_info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
 		sleep "$delay"
 
 		# Retry logic with exponential backoff
@@ -65,12 +84,11 @@ update_bundle_file_from_url() {
 		local attempt=1
 		local success=0
 		while [ $attempt -le 3 ]; do
-			curl -s -o "$temp_file" "$download_url"
-			if [ $? -eq 0 ]; then
+			if curl -s -o "$temp_file" "$download_url"; then
 				success=1
 				break
 			else
-				logger -p info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
+				log_info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
 				local backoff=$(( (2 ** attempt) + (RANDOM % 3) )) # Exponential backoff + 0-2s jitter
 				sleep "$backoff"
 			fi
@@ -78,7 +96,7 @@ update_bundle_file_from_url() {
 		done
 
 		if [ $success -ne 1 ]; then
-			logger -p info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
+			log_info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
 			rm -f "$temp_file"
 			return 1
 		fi
@@ -89,7 +107,7 @@ update_bundle_file_from_url() {
 	local final_path="${bundle_dir}/${bundle_file_name}"
 	if [[ "$file_path" =~ \.xz$ ]]; then
 		if ! xz -dc "$file_path" > "$final_path"; then
-			logger -p info "update_bundle_file_from_url: Decompression failed."
+			log_info "update_bundle_file_from_url: Decompression failed."
 			rm -f "$final_path"
 			rm -f "$file_path"
 			return 1
@@ -98,7 +116,7 @@ update_bundle_file_from_url() {
 		rm -f "$file_path"
 	elif [[ "$file_path" =~ \.gz$ ]]; then
 		if ! gzip -dc "$file_path" > "$final_path"; then
-			logger -p info "update_bundle_file_from_url: Decompression failed."
+			log_info "update_bundle_file_from_url: Decompression failed."
 			rm -f "$final_path"
 			rm -f "$file_path"
 			return 1
@@ -134,7 +152,6 @@ handle_download_url() {
 	local file_name="${sanitized_url##*/}" # Get everything after the last '/'
 
 	local bundle_file_name="${file_name}.urlbundle"
-	local unprocessed_file=0
 	local file_path="${sanitized_url#file://}"
 
 	if echo "$sanitized_url" | grep -qE "^https?://|^file://"; then
@@ -153,7 +170,7 @@ handle_download_url() {
 		fi
 
 		if [ -n "$previous_bundle_size" ] && [ "$bundle_file_size" -eq "$previous_bundle_size" ]; then
-			return
+			return 0
 		fi
 
 		if echo "$sanitized_url" | grep -q "^file://" && ! echo "$sanitized_url" | grep -Eq "\.(xz|gz)$"; then
@@ -161,7 +178,7 @@ handle_download_url() {
 			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
 			echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
 			ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${file_path}\",\"bundle_name\":\"${bundle_name}\"}"
-			return
+			return 0
 		fi
 
 		# Remove existing entries
@@ -173,11 +190,9 @@ handle_download_url() {
 		update_bundle_file_from_url "$sanitized_url" "$bundle_file_name" "$bundle_file_size" "$bundle_name" "$file_name"
 		return $?
 	else
-		logger -p info "Error: Unsupported URL format for ${bundle_file_name}"
+		log_info "Error: Unsupported URL format for ${bundle_file_name}"
 		return 1
 	fi
-
-	return 0
 }
 
 cleanup_bundle_files() {
@@ -189,7 +204,7 @@ cleanup_bundle_files() {
 	get_download_url() {
 		local section="$1"
 		config_get url "$section" download_url
-		config_get_bool enable "$1" enable 0
+		config_get_bool enable "$1" enable 1
 
 		if [ "${enable}" -eq 0 ]; then
 			# bundle is disabled
@@ -222,46 +237,56 @@ cleanup_bundle_files() {
 	done
 }
 
+cleanup_bundle_sizes() {
+	downloaded_bundle_names="$(cat "$bundle_sizes" | cut -d '.' -f 1)"
+
+	for name in $downloaded_bundle_names; do
+		if ls ${stringstore_dir}/${name}* 2>&1 | grep -qF '.store'; then
+			if ls ${stringstore_dir}/${name}* 2>&1 | grep -q cmph; then
+				continue
+			fi
+		fi
+
+		sed -i "/$name/d" "$bundle_sizes"
+	done
+}
+
 # Main handler for all profile URL bundles
 handle_filter_for_bundles() {
 	local urlfilter
 
 	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+	# if urlfilter is not enabled, then return
 	if [ "${urlfilter}" -ne "1" ]; then
-		logger -p info "urlbundle not supported"
-		return
-	fi
-
-	ubus -t 20 wait_for bbfdm.parentalcontrol
-
-	if [ "$?" -ne 0 ]; then
-		logger -p error "bbfdm.parentalcontrol object not found"
-		return
+		log_info "urlfilter feature not enabled"
+		return 0
 	fi
 
 	initialize_environment
 
 	cleanup_bundle_files "$bundle_dir"
 	cleanup_bundle_files "$stringstore_dir"
+	cleanup_bundle_sizes
 
 	config_load parentalcontrol
 
 	config_get_bool enable globals enable 0
 	if [ "${enable}" -eq 0 ]; then
+		log_info "parental-control feature not enabled"
 		# Parental control is disabled
 		return 0
 	fi
 
-	local profile enable bundles bundle_name download_url
-
 	check_bundle_exists() {
-		local cfg="$1"
+		local enable download_url name cfg
+
+		cfg="$1"
 		config_get name "$cfg" name
-		config_get_bool enable "$cfg" enable 0
+		config_get_bool enable "$cfg" enable 1
 		config_get download_url "$cfg" download_url
 
 		if [ "${enable}" -eq 0 ]; then
-			# bundle is disabled
+			log_info "Skipping bundle ${name} not enabled"
 			return 0
 		fi
 
@@ -282,6 +307,6 @@ handle_filter_for_bundles() {
 # Open file descriptor 200 for locking
 exec 200>"$LOCKFILE"
 # Try to acquire an exclusive lock; exit if another instance is running
-flock -n 200 || { logger -p info "sync_bundles.sh is already running, exiting."; exit 1; }
+flock -n 200 || { log_info "sync_bundles.sh is already running, exiting."; exit 1; }
 
 handle_filter_for_bundles

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_assoclist.sh

@@ -1,11 +1,30 @@
-interfaces=$(uci show wireless | grep "ifname=" |  awk -F'[.,=]' '{print$2}')
-for int in $interfaces; do
-	mode=$(uci get "wireless.${int}.mode")
+. /lib/functions.sh
+
+handle_interface() {
+	local config="${1}"
+	local prefix="${2}"
+
+	config_get ifname "${config}" ifname
+	config_get mode ${config} mode
+
 	if [ "$mode" = "ap" ] ; then
-		ap_int=$(uci get "wireless.${int}.ifname")
-		echo "Get assoc list for ${ap_int}"
-		ubus call "wifi.ap.${ap_int}" assoclist
-		echo "Get station info for ${ap_int}"
-		ubus call "wifi.ap.${ap_int}" stations
+		echo "Get assoc list for ${ifname}"
+		ubus call "${prefix}.${ifname}" assoclist
+		echo "Get station info for ${ifname}"
+		ubus call "${prefix}.${ifname}" stations
 	fi
-done
+}
+
+handle_wifi_interface() {
+	handle_interface "$1" "wifi.ap"
+}
+
+handle_mld_interface() {
+	handle_interface "$1" "wifi.apmld"
+}
+
+config_load wireless
+echo "Get associated stations information for non-MLD interfaces"
+config_foreach handle_wifi_interface wifi-iface
+echo "Get associated stations information for MLD interfaces"
+config_foreach handle_mld_interface wifi-mld

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_sta.sh

@@ -22,3 +22,4 @@ handle_interface() {
 
 config_load wireless
 config_foreach handle_interface wifi-iface
+config_foreach handle_interface wifi-mld

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_status.sh

@@ -0,0 +1,36 @@
+. /lib/functions.sh
+
+handle_interface() {
+	local config="${1}"
+	local prefix="${2}"
+
+	config_get ifname "${config}" ifname
+	config_get mode ${config} mode
+
+	if [ "$mode" = "ap" ] ; then
+		echo "Get status for ${ifname}"
+		ubus call "${prefix}.${ifname}" status
+	elif [ "$mode" = "sta" ] ; then
+		echo "Get status for bSTA ${ifname}"
+		ubus call "wifi.bsta.${ifname}" status
+	fi
+}
+
+handle_wifi_interface() {
+	handle_interface "$1" "wifi.ap"
+}
+
+handle_mld_interface() {
+	handle_interface "$1" "wifi.apmld"
+}
+
+config_load wireless
+echo "Get wifi status"
+ubus call wifi status
+
+echo "Get wifi status for ap & bsta interfaces"
+config_foreach handle_wifi_interface wifi-iface
+
+echo "Get wifi status for apmld interfaces"
+config_foreach handle_mld_interface wifi-mld
+

self-diagnostics/files/usr/share/self-diagnostics/spec/wifi.json

@@ -13,7 +13,8 @@
 		},
 		{
 			"description": "WiFi Status",
-			"cmd": "ubus call wifi status"
+			"cmd": "sh /usr/share/self-diagnostics/helper/wifi_status.sh",
+			"timeout": 10
 		},
 		{
 			"description": "WiFi Radio Status",

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.0.4
+PKG_VERSION:=5.1.4
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=47f52fb0fe4a9824590c8be9ee7b8985631c39cf
+PKG_SOURCE_VERSION:=af171808ec22fc14c31b511b85eb431c4090adf1
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.0.4
+PKG_VERSION:=5.1.4
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=ef5345ea0275e632f021dfcf3b62c8d09fbb5800
+PKG_SOURCE_VERSION:=af171808ec22fc14c31b511b85eb431c4090adf1
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,7 +28,8 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-shadow +usermngr +jq +userinterface +obuspa +qrencode
+	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa
+	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
 	EXTRA_DEPENDS:=nginx
 endef
 
@@ -95,13 +96,8 @@ endef
 
 define Package/sulu/install/Default
 	$(INSTALL_DIR) $(1)/sulu/
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_BIN) ./files/etc/config/sulu $(1)/etc/config/sulu
-
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
-
 	$(INSTALL_DIR) $(1)/etc/sulu
+
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
 	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
 
@@ -109,9 +105,9 @@ define Package/sulu/install/Default
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-config $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/40-add-sulu-config $(1)/etc/uci-defaults/
 ifneq ($(CONFIG_SULU_DEFAULT_UI)$(CONFIG_SULU_BUILDER_DEFAULT_UI),)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
 endif
 endef
 
@@ -128,7 +124,6 @@ define Package/sulu/install
 	$(Package/sulu/install/Post)
 endef
 
-
 define Package/sulu-builder/install
 	$(Package/sulu/install/Default)
 	$(INSTALL_DIR) $(1)/sulu/presets

sulu/sulu-builder/files/etc/config/sulu

@@ -1,2 +0,0 @@
-config global 'global'
-	option enabled '1'

sulu/sulu-builder/files/etc/init.d/sulu

@@ -1,48 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-
-START=90
-STOP=01
-
-. /lib/functions.sh
-
-log() {
-	echo "${@}" | logger -t sulu.init -p debug
-}
-
-validate_sulu_global_section() {
-	uci_validate_section sulu global global \
-		'enabled:bool:1'
-}
-
-start_service() {
-	local enabled
-
-	config_load sulu
-	procd_open_instance sulu
-
-	validate_sulu_global_section || return 0
-	# append sulu connection injection
-	if [ "${enabled}" -eq "0" ]; then
-		procd_close_instance
-		return 0
-	fi
-
-	if [ "${1}" = "update" ]; then
-		log "Reloading related services"
-		/etc/sulu/sulu.sh -r
-	fi
-	/etc/sulu/sulu.sh -q
-	procd_close_instance
-}
-
-reload_service() {
-	stop
-	start update
-}
-
-service_triggers() {
-	procd_add_reload_trigger "sulu" "userinterface" "mosquitto"
-	procd_add_reload_trigger "config.change" "mapcontroller" /etc/sulu/sulu.sh -q
-}

sulu/sulu-builder/files/etc/sulu/nginx.locations

@@ -23,7 +23,9 @@ location /wss {
 	proxy_set_header    X-Forwarded-Proto  $scheme;
 	add_header          Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
 	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+	add_header Pragma 'no-cache';
 	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
+	expires 0;
 	proxy_pass http://websocket;
 }
 
@@ -44,6 +46,7 @@ location / {
 		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
 		add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
 	}
-	expires -1;
 	add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+	add_header Pragma 'no-cache';
+	expires 0;
 }

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -4,18 +4,16 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
-. /lib/functions/iopsys-environment.sh
+#. /lib/functions/iopsys-environment.sh
 
 RESTART_REQ=0
 _RESTART_SERVICES="0"
 
-mkdir -p /tmp/sulu/
-
-function slog() {
+slog() {
 	echo "$*" | logger -t sulu.sh -p debug
 }
 
-function _get_agent_id() {
+_get_agent_id() {
 	local oui serial endpointid
 
 	endpointid="$(uci_get obuspa localagent EndpointID)"
@@ -30,7 +28,7 @@ function _get_agent_id() {
 	fi
 }
 
-function _get_sulu_user_roles() {
+_get_sulu_user_roles() {
 	roles=$(uci -q get userinterface._sulu_s.role)
 
 	for role in ${roles}; do
@@ -41,35 +39,32 @@ function _get_sulu_user_roles() {
 		sulu_user_roles=$(echo -e "${sulu_user_roles// /\\n}" | sort | uniq)
 	fi
 
-	echo ${sulu_user_roles}
+	echo "${sulu_user_roles}"
 }
 
-function _get_sulu_root() {
+_get_sulu_root() {
 	local root
 
 	root="$(uci -q get nginx._sulu_s.root)"
 	echo "${root:-/sulu}"
 }
 
-function _get_sulu_connection_config() {
+_get_sulu_connection_config() {
 	local config
 
 	config="$(_get_sulu_root)/presets/connection-config.json"
 	echo "${config}"
 }
 
-function _get_sulu_session_mode() {
-	echo "$(uci -q get sulu.global.SessionMode)"
+_get_sulu_session_mode() {
+	uci -q get sulu.global.SessionMode
 }
 
-function _get_sulu_acl_file() {
-	local file
-
-	file="$(uci -q get mosquitto.sulu.acl_file)"
-	echo "${file}"
+_get_sulu_acl_file() {
+	uci -q get mosquitto.sulu.acl_file
 }
 
-function generate_sulu_conn_config() {
+generate_sulu_conn_config() {
 	local users SCONFIG session
 
 	users="$(_get_sulu_user_roles)"
@@ -109,10 +104,10 @@ function generate_sulu_conn_config() {
 		json_close_object
 	}
 
-	json_dump >${SCONFIG}
+	json_dump >"${SCONFIG}"
 }
 
-function _update_obuspa_config_rbac() {
+_update_obuspa_config_rbac() {
 	local agent users session
 
 	agent="$(_get_agent_id)"
@@ -124,45 +119,45 @@ function _update_obuspa_config_rbac() {
 
 		# Add mqtt
 		section="mqtt_sulu_${user}"
-		if ! uci_get obuspa ${section} >/dev/null 2>&1; then
-			uci_add obuspa mqtt ${section}
-			uci_set obuspa ${section} BrokerAddress "127.0.0.1"
-			uci_set obuspa ${section} BrokerPort "1883"
-			uci_set obuspa ${section} TransportProtocol "TCP/IP"
+		if ! uci_get obuspa "${section}" >/dev/null 2>&1; then
+			uci_add obuspa mqtt "${section}"
+			uci_set obuspa "${section}" BrokerAddress "127.0.0.1"
+			uci_set obuspa "${section}" BrokerPort "1883"
+			uci_set obuspa "${section}" TransportProtocol "TCP/IP"
 			RESTART_REQ=1
 		fi
 
 		# Add mtp
 		section="mtp_sulu_${user}"
-		if ! uci_get obuspa ${section} >/dev/null 2>&1; then
-			uci_add obuspa mtp ${section}
-			uci_set obuspa ${section} Protocol "MQTT"
-			uci_set obuspa ${section} ResponseTopicConfigured "/usp/${agent}/${user}/endpoint"
-			uci_set obuspa ${section} mqtt "mqtt_sulu_$user"
+		if ! uci_get obuspa "${section}" >/dev/null 2>&1; then
+			uci_add obuspa mtp "${section}"
+			uci_set obuspa "${section}" Protocol "MQTT"
+			uci_set obuspa "${section}" ResponseTopicConfigured "/usp/${agent}/${user}/endpoint"
+			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
 			RESTART_REQ=1
 		fi
 
 		# Add controller
 		section="controller_sulu_${user}"
-		if ! uci_get obuspa ${section} >/dev/null 2>&1; then
-			uci_add obuspa controller ${section}
-			uci_set obuspa ${section} EndpointID "self::sulu-${user}"
-			uci_set obuspa ${section} Protocol "MQTT"
-			uci_set obuspa ${section} Topic "/usp/${agent}/${user}/controller"
-			uci_set obuspa ${section} mqtt "mqtt_sulu_$user"
-			uci_set obuspa ${section} assigned_role_name "$user"
+		if ! uci_get obuspa "${section}" >/dev/null 2>&1; then
+			uci_add obuspa controller "${section}"
+			uci_set obuspa "${section}" EndpointID "self::sulu-${user}"
+			uci_set obuspa "${section}" Protocol "MQTT"
+			uci_set obuspa "${section}" Topic "/usp/${agent}/${user}/controller"
+			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
+			uci_set obuspa "${section}" assigned_role_name "$user"
 			RESTART_REQ=1
 		fi
 
-		obMode="$(uci_get obuspa ${section} SessionMode)"
+		obMode="$(uci_get obuspa "${section}" SessionMode)"
 		if [ "${session}" != "${obMode}" ]; then
-			uci_set obuspa ${section} SessionMode "${session}"
+			uci_set obuspa "${section}" SessionMode "${session}"
 			RESTART_REQ=1
 		fi
 	done
 }
 
-function _create_mosquitto_acl() {
+_create_mosquitto_acl() {
 	local agentid users
 	local ACL_FILE acl_users
 
@@ -175,9 +170,9 @@ function _create_mosquitto_acl() {
 
 	users="$(_get_sulu_user_roles)"
 	if [ -f "${ACL_FILE}" ]; then
-		acl_users="$(awk '/^user/ {print $2}' ${ACL_FILE})"
+		acl_users="$(awk '/^user/ {print $2}' "${ACL_FILE}")"
 		for user in ${users}; do
-			if ! grep -q "$user" ${acl_users}; then
+			if ! grep -q "$user" "${acl_users}"; then
 				rm -f "${ACL_FILE}"
 			fi
 		done
@@ -186,84 +181,38 @@ function _create_mosquitto_acl() {
 
 	agentid="$(_get_agent_id)"
 	for user in ${users}; do
-		if ! grep -q "user $user" ${ACL_FILE}; then
-			echo "user ${user}" >>${ACL_FILE}
-			echo "topic read  /usp/${agentid}/${user}/controller/reply-to/#" >>${ACL_FILE}
-			echo "topic write /usp/${agentid}/${user}/endpoint/#" >>${ACL_FILE}
-			echo "topic read  /usp/${agentid}/${user}/controller/#" >>${ACL_FILE}
-			echo "" >>${ACL_FILE}
+		if ! grep -q "user $user" "${ACL_FILE}"; then
+			{
+				echo "user ${user}"
+				echo "topic read  /usp/${agentid}/${user}/controller/reply-to"
+				echo "topic write /usp/${agentid}/${user}/endpoint"
+				echo "topic read  /usp/${agentid}/${user}/controller"
+				echo ""
+			} >> "${ACL_FILE}"
 			RESTART_REQ="1"
 		fi
 	done
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${RESTART_REQ}" -gt "0" ]; then
+	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
 		slog "Restarting mosquitto..."
 		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
-function update_obuspa_config() {
+update_obuspa_config() {
 
 	RESTART_REQ=0
 	uci_load obuspa
 	_update_obuspa_config_rbac
 	uci_commit obuspa
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${RESTART_REQ}" -gt "0" ]; then
+	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
 		slog "Restarting obuspa..."
 		ubus call uci commit '{"config":"obuspa"}'
 	fi
 }
 
-generate_qr_code() {
-	local NA="UNKNOWN"
-	local TMP="/tmp/wifi_qr.svg"
-	local QR="/sulu/assets/QR.svg"
-	local SSID=""
-	local KEY=""
-	which qrencode || return
-	local PASS="$(get_user_password)"
-	if [ -z "$PASS" ]; then
-		PASS="$NA"
-	fi
-	get_ssid_and_key() {
-		local sec="$1"
-		local filter_vid="$2"
-		if [ "$SSID" != "" ]; then
-			return
-		fi
-		config_get type "$sec" type
-		if [ "$type" != "fronthaul" ]; then
-			return
-		fi
-		if [ "$filter_vid" = "1" ]; then
-			config_get vid "$sec" vid
-			if [ "$vid" != "1" ]; then
-				return
-			fi
-		fi
-		config_get ssid "$sec" ssid
-		config_get key "$sec" key
-		SSID="$ssid"
-		KEY="$key"
-	}
-	config_load mapcontroller
-	config_foreach get_ssid_and_key "ap" "0"
-	if [ "$SSID" == "" ]; then
-		config_foreach get_ssid_and_key "ap" "1"
-	fi
-	SSID=${SSID:-$NA}
-	KEY=${KEY:-$NA}
-	PASS=${PASS:-$NA}
-	qrencode -t svg -m 0 -o "$TMP" "WIFI:S:$SSID;T:WPA;P:$KEY;;GNX:U:user;Q:$PASS;;"
-	if [ "$(sha256sum "$TMP" | cut -d ' ' -f1)" != "$(sha256sum "$QR" | cut -d ' ' -f1)" ]; then
-		mv "$TMP" "$QR"
-	else
-		rm "$TMP"
-	fi
-}
-
-function configure_sulu() {
+configure_sulu() {
 	_create_mosquitto_acl
 	update_obuspa_config
 	generate_sulu_conn_config
@@ -274,10 +223,6 @@ while getopts ":rq" opt; do
 	r)
 		_RESTART_SERVICES="1"
 		;;
-	q)
-		generate_qr_code
-		exit 0
-		;;
 	*)
 		slog "Invalid option: ${OPTARG}"
 		exit 1

sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config

@@ -12,23 +12,17 @@ if [ ! -f "${UCI_TEMPLATE}" ]; then
 	return 0
 fi
 
-function _get_usp_upstream_port() {
-	local port
-
-	port="$(uci -q get mosquitto.sulu.port)"
-	echo "${port:-9009}"
-}
-
 update_nginx_uci_template()
 {
 	local port
 
-	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
-	port="$(_get_usp_upstream_port)"
-        if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
+	port="$(uci -q get mosquitto.sulu.port)"
+	port="${port:-9009}"
+
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
 		sed -i '/#UCI_HTTP_CONFIG$/i\   map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
 		sed -i "/#UCI_HTTP_CONFIG$/i\   upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}
-        fi
+	fi
 }
 
 add_sulu_config_to_mosquitto()
@@ -39,24 +33,11 @@ add_sulu_config_to_mosquitto()
 		uci_set mosquitto sulu port '9009'
 		uci_set mosquitto sulu no_remote_access '1'
 		uci_set mosquitto sulu protocol 'websockets'
-		uci_set mosquitto sulu require_certificates '0'
 		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
 		uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
 	fi
 }
 
-add_obuspa_config_to_mosquitto()
-{
-	uci_load mosquitto
-	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
-		uci_add mosquitto listener obuspa
-		uci_set mosquitto obuspa enabled 1
-		uci_set mosquitto obuspa port '1883'
-		uci_set mosquitto obuspa no_remote_access '1'
-		uci_set mosquitto obuspa allow_anonymous '1'
-	fi
-}
-
 add_sulu_userinterface_uci()
 {
 	uci_load userinterface
@@ -67,10 +48,10 @@ add_sulu_userinterface_uci()
 		uci_set userinterface _sulu_s port '8443'
 		uci_add_list userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations'
 		uci_set userinterface _sulu_s _nginx_uci_manage_ssl 'self-signed'
-        	uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt'
-	        uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
-	        uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none'
-	        uci_set userinterface _sulu_s protocol 'HTTPS'
+		uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt'
+		uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
+		uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none'
+		uci_set userinterface _sulu_s protocol 'HTTPS'
 		uci_add_list userinterface _sulu_s role 'admin'
 		uci_add_list userinterface _sulu_s role 'user'
 	fi
@@ -78,14 +59,13 @@ add_sulu_userinterface_uci()
 	if ! uci_get userinterface _suluredirect >/dev/null 2>&1; then
 		uci_add userinterface http_access _suluredirect
 		uci_set userinterface _suluredirect redirect '_sulu_s'
-	        uci_set userinterface _suluredirect protocol 'HTTP'
+		uci_set userinterface _suluredirect protocol 'HTTP'
 		uci_set userinterface _suluredirect port "8080"
 	fi
 }
 
-add_obuspa_config_to_mosquitto
 add_sulu_config_to_mosquitto
-update_nginx_uci_template
 add_sulu_userinterface_uci
+update_nginx_uci_template
 
 /etc/sulu/sulu.sh

tr104/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr104
-PKG_VERSION:=1.0.37
+PKG_VERSION:=1.0.37.1
 
 LOCAL_DEV:=0
 ifeq ($(LOCAL_DEV),0)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/voice/tr104.git
-PKG_SOURCE_VERSION:=2b286b48942f108447923892a7112f3036aea5db
+PKG_SOURCE_VERSION:=bc1595a611540cdce7f0bef098b2fb1152e227ad
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

usp-js/Makefile

@@ -6,14 +6,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usp-js
-PKG_VERSION:=1.2.7
+PKG_VERSION:=1.2.9
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/usp-js.git
-PKG_SOURCE_VERSION:=a4be8f6d8442d56c632514abb16f3de0817fb22f
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=31d652f91e8581d19840a8fdde1f87b0acca44ed
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
+
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
@@ -23,7 +25,7 @@ define Package/usp-js
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=A JS library for USP(TR369) protocol
-  DEPENDS:=+quickjs +quickjs-websocket +@OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
+  DEPENDS:=+quickjs +quickjs-websocket +@OBUSPA_LOCAL_MQTT_LISTENER
   EXTRA_DEPENDS:=obuspa mosquitto-ssl
 endef
 
@@ -32,7 +34,7 @@ define Package/usp-js/description
 endef
 
 define Build/Compile
-	cd $(PKG_BUILD_DIR) && yarn install && yarn qjs
+	cd $(PKG_BUILD_DIR) && [ -d "./qjs" ] || (yarn install && yarn qjs)
 endef
 
 define Package/usp-js/install

wifidmd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifidmd
-PKG_VERSION:=1.1.33
+PKG_VERSION:=1.1.33.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/wifidmd.git
-PKG_SOURCE_VERSION:=dc65d6ec9082f836e499b29e09bacff3c608f3d0
+PKG_SOURCE_VERSION:=900fdca6e18dce382c99fbfcbca81b7e90cc5598
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

wifidmd/files/etc/init.d/wifidmd

@@ -25,13 +25,11 @@ reload_service()
 		stop
 		start
 	else
-		ubus send wifidmd.reload
+		procd_send_signal wifidmd '*' SIGUSR1
 	fi
-
-	return 0
 }
 
 service_triggers()
 {
-	procd_add_reload_trigger wifidmd
+	procd_add_reload_trigger wifidmd mapcontroller
 }

wifimngr/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifimngr
-PKG_VERSION:=17.7.5
+PKG_VERSION:=17.7.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=e9b13032b3574bbd341fa653276a65c9975bb5a5
+PKG_SOURCE_VERSION:=e16058225dc5e9fb819029fff48cb3a5cc658a98
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/wifimngr.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

xmppc/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xmppc
-PKG_VERSION:=2.2.13
+PKG_VERSION:=2.2.13.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/xmppc.git
-PKG_SOURCE_VERSION:=5dc59fec17f9259ce40959b3fc0fc344322d5435
+PKG_SOURCE_VERSION:=5816db95f9b99efa1c0e10e16df35b6bc09cebde
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif