Draft: datamodel for shell exec

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.18.12
+PKG_VERSION:=1.18.2
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=adfdb54d625b952c533670f093dae008782ff56a
+PKG_SOURCE_VERSION:=786863cf0ef48dd70610598cdf8e2bbc0462a504
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -149,10 +149,10 @@ define Package/bbfdmd/install
 
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) ./files/etc/hotplug.d/iface/85-bbfdm-sysctl $(1)/etc/hotplug.d/iface/85-bbfdm-sysctl
-
+	
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/bbf $(1)/lib/upgrade/keep.d/bbf
-
+	
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-fix-bbfdmd-enabled-option $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/ruleng.bbfdm $(1)/etc/uci-defaults

bbfdm/files/etc/init.d/bbfdm.services

@@ -5,7 +5,6 @@ STOP=05
 
 USE_PROCD=1
 PROG=/usr/sbin/dm-service
-DM_AGENT_PROG=/usr/sbin/dm-agent
 
 BBFDM_MICROSERVICE_DIR="/etc/bbfdm/services"
 
@@ -25,8 +24,7 @@ validate_bbfdm_micro_service_section()
 _add_microservice()
 {
 	local name path loglevel
-	local enable enable_core unified_daemon dm_framework
-	local daemon_prog
+	local enable enable_core unified_daemon
 
 	# Check enable from micro-service
 	path="${1}"
@@ -49,25 +47,14 @@ _add_microservice()
 		return 0
 	fi
 
-	json_get_var dm_framework dm-framework 0
-	if [ "${dm_framework}" -eq "1" ] || [ "${dm_framework}" = "true" ]; then
-		daemon_prog="${DM_AGENT_PROG}"
-	else
-		daemon_prog="${PROG}"
-	fi
-
 	json_select config
 	json_get_var loglevel loglevel 4
 
 	procd_open_instance "${name}"
 
-	procd_set_param command ${daemon_prog}
-
-	# Only add parameters for dm-service, not for dm-agent
-	if [ "${daemon_prog}" = "${PROG}" ]; then
-		procd_append_param command -m "${name}"
-		procd_append_param command -l "${loglevel}"
-	fi
+	procd_set_param command ${PROG}
+	procd_append_param command -m "${name}"
+	procd_append_param command -l "${loglevel}"
 
 	if [ "${enable_core}" -eq "1" ]; then
 		procd_set_param limits core="unlimited"

bridgemngr/Config.in

@@ -0,0 +1,17 @@
+if PACKAGE_bridgemngr
+
+config BRIDGEMNGR_BRIDGE_VLAN
+	bool "Use bridge-vlan backend"
+	help
+	   Set this option to use bridge-vlan as backend for VLAN objects.
+
+config BRIDGEMNGR_BRIDGE_VENDOR_EXT
+	bool "Use bridge BBF vendor extensions"
+	default y
+	help
+	   Set this option to use bridge BBF vendor extensions.
+
+config BRIDGEMNGR_BRIDGE_VENDOR_PREFIX
+	string "Package specific datamodel Vendor Prefix for TR181 extensions"
+	default ""
+endif

bridgemngr/Makefile

@@ -0,0 +1,76 @@
+#
+# Copyright (C) 2020-2024 iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=bridgemngr
+PKG_VERSION:=1.1.1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
+PKG_SOURCE_VERSION:=b6a657e1c83b49f09323b4012ef229c604b82854
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/bridgemngr
+ CATEGORY:=Utilities
+ TITLE:=Bridge Manager
+ DEPENDS:=+libuci +libubox +libubus +libblobmsg-json
+ DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+endef
+
+define Package/bridgemngr/description
+	Package to add Device.Bridging. data model support.
+endef
+
+define Package/$(PKG_NAME)/config
+	source "$(SOURCE)/Config.in"
+endef
+
+MAKE_PATH:=src
+
+ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_PREFIX),"")
+VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
+else
+VENDOR_PREFIX = $(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_PREFIX)
+endif
+
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
+
+ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VLAN),y)
+	TARGET_CFLAGS += -DBRIDGE_VLAN_BACKEND
+endif
+
+define Package/bridgemngr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+
+	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libbridgemngr.so $(1) $(PKG_NAME)
+ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_EXT), y)
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libbridgeext.so $(1) $(PKG_NAME) 10
+	$(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/VLAN_Filtering_Extension.json $(1) $(PKG_NAME) 11
+endif
+
+	$(INSTALL_BIN) ./files/etc/init.d/bridging $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/config/bridging $(1)/etc/config/
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) ~/git/bridgemngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+$(eval $(call BuildPackage,bridgemngr))

bridgemngr/bbfdm_service.json

@@ -2,7 +2,6 @@
   "daemon": {
     "enable": "1",
     "service_name": "bridgemngr",
-    "dm-framework": true,
     "unified_daemon": false,
     "services": [
       {

bridgemngr/files/VLAN_Filtering_Extension.json

@@ -0,0 +1,31 @@
+{
+	"json_plugin_version": 2,
+	"Device.Bridging.Bridge.{i}.": {
+		"type": "object",
+		"protocols": [
+			"cwmp",
+			"usp"
+		],
+		"access": true,
+		"array": true,
+		"{BBF_VENDOR_PREFIX}VLANFiltering": {
+			"type": "boolean",
+			"read": true,
+			"write": true,
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"datatype": "boolean",
+			"description": "Enable or disable VLAN Filtering on this bridge.",
+			"mapping": [
+				{
+					"data": "@Parent",
+					"type": "uci_sec",
+					"key": "vlan_filtering"
+				}
+			]
+		}
+	}
+}
+

bridgemngr/files/etc/init.d/bridging

@@ -77,7 +77,6 @@ handle_ebtables_rule() {
 }
 
 start_service() {
-	ubus -t 30 wait_for network.device uci
 	config_load bridging
 	config_foreach handle_ebtables_chain chain
 	config_foreach handle_ebtables_rule rule

bulkdata/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.23
+PKG_VERSION:=2.1.20
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=f54550f2d587a701c0a8d5cac4a0910a99ce92cf
+PKG_SOURCE_VERSION:=a5e57962938ca143ede65d92be90b6e9fce66e15
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Config.in

@@ -4,16 +4,4 @@ config DECOLLECTOR_EASYMESH_VERSION
 	int "Support Easymesh version"
 	default 6
 
-config DECOLLECTOR_BUILD_TR181_PLUGIN
-	bool "Build TR-181 mapping module (responsible for Device.WiFi.DataElements.)"
-	default y
-
-config DECOLLECTOR_VENDOR_EXTENSIONS
-	bool "Iopsys vendor extensions for Device.WiFi.DataElements."
-	default y
-
-config DECOLLECTOR_VENDOR_PREFIX
-	string "Package specific datamodel Vendor Prefix for TR181 extensions"
-	default ""
-
 endmenu

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.2.7
+PKG_VERSION:=6.2.1.12
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=9d1399c09f55da14a8de55828ba57c0e296ce62f
+PKG_SOURCE_VERSION:=ce738316065e4608811312f0a254d1fee22fa343
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -24,7 +24,6 @@ PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
-include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 
 define Package/decollector
   SECTION:=utils
@@ -67,18 +66,6 @@ MAKE_PATH:=src
 
 TARGET_CFLAGS += -DEASYMESH_VERSION=$(CONFIG_DECOLLECTOR_EASYMESH_VERSION)
 
-ifeq ($(CONFIG_DECOLLECTOR_BUILD_TR181_PLUGIN),y)
-MAKE_FLAGS += DECOLLECTOR_BUILD_TR181_PLUGIN=y
-ifeq ($(CONFIG_DECOLLECTOR_VENDOR_EXTENSIONS),y)
-TARGET_CFLAGS += -DDECOLLECTOR_VENDOR_EXTENSIONS
-ifeq ($(CONFIG_DECOLLECTOR_VENDOR_PREFIX),"")
-TARGET_CFLAGS += -DCUSTOM_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
-else
-TARGET_CFLAGS += -DCUSTOM_PREFIX=\\\"$(CONFIG_DECOLLECTOR_VENDOR_PREFIX)\\\"
-endif
-endif
-endif
-
 EXECS := \
 	$(if $(CONFIG_PACKAGE_decollector),decollector)
 
@@ -89,7 +76,6 @@ define Package/decollector/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/decollector.init $(1)/etc/init.d/decollector
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/decollector $(1)/usr/sbin/
-	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 endef
 
 $(eval $(call BuildPackage,decollector))

decollector/bbfdm_service.json

@@ -1,26 +0,0 @@
-{
-  "daemon": {
-    "enable": "1",
-    "service_name": "decollector",
-    "unified_daemon": true,
-    "services": [
-      {
-        "parent_dm": "Device.WiFi.",
-        "object": "DataElements"
-      }
-    ],
-    "config": {
-      "loglevel": "3"
-    },
-    "apply_handler": {
-      "uci": [
-        {
-          "file": [
-            "mapcontroller"
-          ],
-          "external_handler": "/etc/wifidmd/bbf_config_reload.sh"
-        }
-      ]
-    }
-  }
-}

dm-framework/Makefile

@@ -1,207 +0,0 @@
-#
-# Copyright (c) 2023 Genexis B.V. All rights reserved.
-# This Software and its content are protected by the Dutch Copyright Act
-# ('Auteurswet'). All and any copying and distribution of the software
-# and its content without authorization by Genexis B.V. is
-# prohibited. The prohibition includes every form of reproduction and
-# distribution.
-#
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=dm-framework
-PKG_VERSION:=1.0.0
-PKG_RELEASE:=1
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/lcm/dm-framework.git
-PKG_SOURCE_VERSION:=37dade4a2df6eaf6a4291a06ac776641ed81a79e
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-# Build directories for each component
-DATAMODELS_BUILD_DIR:=$(PKG_BUILD_DIR)/datamodels-build
-DMAPI_BUILD_DIR:=$(PKG_BUILD_DIR)/dm-api-build
-DMAGENT_BUILD_DIR:=$(PKG_BUILD_DIR)/dm-agent-build
-
-include $(INCLUDE_DIR)/package.mk
--include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
-
-#
-# Datamodels Package Definition
-#
-define Package/datamodels
-  SECTION:=utils
-  CATEGORY:=Genexis
-  TITLE:=dm-framework Datamodel
-  URL:=http://www.genexis.eu
-  PKG_LICENSE:=GENEXIS
-  PKG_LICENSE_URL:=
-endef
-
-define Package/datamodels/description
- This package contains dm-framework datamodel.
-endef
-
-#
-# DM-API Package Definition
-#
-define Package/dm-api
-  CATEGORY:=Genexis
-  TITLE:=dm-api
-  PKG_BUILD_DEPENDS:=datamodels
-  DEPENDS:=+libsqlite3 \
-        +libjson-c +libstdcpp +quickjs \
-        +libubus +libubox +libuci
-  URL:=http://www.genexis.eu
-  PKG_LICENSE:=GENEXIS
-  PKG_LICENSE_URL:=
-endef
-
-define Package/dm-api/description
- This package contains api for the dm-framework
-endef
-
-#
-# DM-Agent Package Definition
-#
-define Package/dm-agent
-  DEPENDS:=+dm-api +datamodels +libubox +libubus +ubus
-  CATEGORY:=Genexis
-  TITLE:=dm-framework agent
-  URL:=http://www.genexis.eu
-  PKG_LICENSE:=GENEXIS
-  PKG_LICENSE_URL:=
-endef
-
-define Package/dm-agent/description
- This package contains dm-framework agent.
-endef
-
-#
-# Build Preparation
-#
-define Build/Prepare
-	$(call Build/Prepare/Default)
-	
-	# Prepare datamodels
-	mkdir -p $(DATAMODELS_BUILD_DIR)
-	$(CP) -rf $(PKG_BUILD_DIR)/datamodels/* $(DATAMODELS_BUILD_DIR)/
-	# Copy scripts from top-level scripts directory
-	mkdir -p $(DATAMODELS_BUILD_DIR)/scripts
-	$(CP) -rf $(PKG_BUILD_DIR)/scripts/* $(DATAMODELS_BUILD_DIR)/scripts/
-	cd $(DATAMODELS_BUILD_DIR); \
-	  npm install better-sqlite3 quickjs && \
-	  node ./scripts/json2code.js && \
-	  node ./scripts/qjs-handlers-validate.js
-
-	# Prepare dm-api
-	mkdir -p $(DMAPI_BUILD_DIR)
-	$(CP) -rf $(PKG_BUILD_DIR)/dm-api/* $(DMAPI_BUILD_DIR)/
-
-	# Prepare dm-agent
-	mkdir -p $(DMAGENT_BUILD_DIR)
-	$(CP) -rf $(PKG_BUILD_DIR)/dm-agent/* $(DMAGENT_BUILD_DIR)/
-endef
-
-TARGET_CFLAGS += $(FPIC)
-
-#
-# Build Compilation
-#
-define Build/Compile
-	# Build datamodels first (dependency for others)
-	$(MAKE) -C $(DATAMODELS_BUILD_DIR)\
-		PROJECT_ROOT="$(DATAMODELS_BUILD_DIR)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		ARCH="$(LINUX_KARCH)" \
-		EXTRA_CFLAGS="$(TARGET_CFLAGS) -I$(DATAMODELS_BUILD_DIR)" \
-		all
-
-	# Build dm-api (depends on datamodels)
-	$(MAKE) -C $(DMAPI_BUILD_DIR)\
-		PROJECT_ROOT="$(DMAPI_BUILD_DIR)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		ARCH="$(LINUX_KARCH)" \
-		EXTRA_CFLAGS="$(TARGET_CFLAGS) -I$(DMAPI_BUILD_DIR)" \
-		all
-
-	# Build dm-agent (depends on both)
-	$(MAKE) -C $(DMAGENT_BUILD_DIR)\
-		PROJECT_ROOT="$(DMAGENT_BUILD_DIR)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		ARCH="$(LINUX_KARCH)" \
-		EXTRA_CFLAGS="$(TARGET_CFLAGS) -I$(DMAGENT_BUILD_DIR)" \
-		all
-endef
-
-#
-# Development Installation (headers and libraries)
-#
-define Build/InstallDev
-	# Datamodels development files
-	$(INSTALL_DIR) $(1)/usr/include
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(DATAMODELS_BUILD_DIR)/dm.h $(1)/usr/include/
-	$(CP) $(DATAMODELS_BUILD_DIR)/libdm.so $(1)/usr/lib/
-
-	# DM-API development files - headers are now in dm-api/include/
-	$(CP) $(DMAPI_BUILD_DIR)/include/dm_types.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/include/dm_node.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/core/dm_api.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/core/dm_linker.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/core/dbmgr.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/include/dm_log.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/utils/dm_list.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/libdmapi.so $(1)/usr/lib/
-endef
-
-#
-# Package Installation - Datamodels
-#
-define Package/datamodels/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/bbfdm
-	$(INSTALL_DIR) $(1)/usr/lib/dmf_handlers
-	$(INSTALL_BIN) $(DATAMODELS_BUILD_DIR)/default.db $(1)/etc/bbfdm/default_dm.db
-	$(INSTALL_BIN) $(DATAMODELS_BUILD_DIR)/libdm.so $(1)/usr/lib/
-	# Copy handler files from datamodels directory (new structure)
-	# Copy .js files from root datamodels directory
-	( cd $(DATAMODELS_BUILD_DIR); \
-	  find . -maxdepth 1 -type f -name '*.js' -not -path './.*' -exec $(INSTALL_BIN) {} $(1)/usr/lib/dmf_handlers/{} \; )
-	# Copy .js files from subdirectories, preserving folder structure (skip hidden files/folders)
-	( cd $(DATAMODELS_BUILD_DIR); \
-	  find . -type d -mindepth 1 -not -path './.*' -not -path './scripts*' -exec $(INSTALL_DIR) $(1)/usr/lib/dmf_handlers/{} \; ; \
-	  find . -type f -name '*.js' -mindepth 2 -not -path './.*' -not -path './scripts*' -exec $(INSTALL_BIN) {} $(1)/usr/lib/dmf_handlers/{} \; )
-endef
-
-#
-# Package Installation - DM-API
-#
-define Package/dm-api/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/sbin/
-	$(INSTALL_BIN) $(DMAPI_BUILD_DIR)/libdmapi.so $(1)/usr/lib/
-endef
-
-#
-# Package Installation - DM-Agent
-#
-define Package/dm-agent/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_BIN) ./files/etc/init.d/bridging $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/etc/config/bridging $(1)/etc/config/
-	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) dm-agent
-	$(INSTALL_BIN) $(DMAGENT_BUILD_DIR)/dm-agent $(1)/usr/sbin
-endef
-
-# Register all three packages
-$(eval $(call BuildPackage,datamodels))
-$(eval $(call BuildPackage,dm-api))
-$(eval $(call BuildPackage,dm-agent))

dmexec/Makefile

@@ -0,0 +1,44 @@
+#
+# Copyright (C) 2025 iopsys Software Solutions AB
+#
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmexec
+PKG_VERSION:=0.0.1
+PKG_RELEASE:=1
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_LICENSE:=GPL-2.0-only
+
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
+
+define Package/dmexec
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Datamodel for shell exec
+  DEPENDS:=+dm-service
+endef
+
+define Package/dmexec/description
+  datamodel extension for running shell commands.
+endef
+
+define Build/Compile
+	# pass
+endef
+
+define Package/dmexec/install
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+
+	$(INSTALL_DATA) ./files/etc/config/dmexec $(1)/etc/config/
+	$(INSTALL_BIN) ./files/etc/init.d/dmexec $(1)/etc/init.d/
+
+	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_MS_DM) ./files/dm_exec.json $(1) $(PKG_NAME)
+endef
+
+$(eval $(call BuildPackage,dmexec))

dmexec/bbfdm_service.json

@@ -0,0 +1,16 @@
+{
+  "daemon": {
+    "enable": "1",
+    "service_name": "dmexec",
+    "unified_daemon": false,
+    "services": [
+      {
+        "parent_dm": "Device.",
+        "object": "X_GENEXIS_EU_CLI"
+      }
+    ],
+    "config": {
+      "loglevel": "7"
+    }
+  }
+}

dmexec/files/dm_exec.json

@@ -0,0 +1,81 @@
+{
+  "json_plugin_version": 2,
+  "Device.X_GENEXIS_EU_CLI.": {
+    "type": "object",
+    "protocols": [
+      "cwmp",
+      "usp"
+    ],
+    "access": false,
+    "array": false,
+    "Enable": {
+      "type": "boolean",
+      "read": true,
+      "write": true,
+      "protocols": [
+        "cwmp",
+        "usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "enable"
+            }
+          }
+        }
+      ]
+    },
+    "REQUEST": {
+      "type": "string",
+      "read": true,
+      "write": true,
+      "protocols": [
+        "cwmp",
+        "usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "cmd"
+            }
+          }
+        }
+      ]
+    },
+    "RESULT": {
+      "type": "string",
+      "read": true,
+      "write": false,
+      "protocols": [
+        "cwmp",
+	"usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "result"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

dmexec/files/etc/config/dmexec

@@ -0,0 +1,3 @@
+config dmexec 'dmexec'
+	option enable '0'
+

dmexec/files/etc/init.d/dmexec

@@ -0,0 +1,40 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=01
+
+USE_PROCD=1
+
+log() {
+	logger -t dmexec.init "$*"
+}
+
+start_service() {
+	procd_open_instance
+	procd_close_instance
+}
+
+reload_service() {
+	local cmd result enable
+
+	enable="$(uci -q get dmexec.dmexec.enable)"
+	enable="${enable:-0}"
+
+	if [ "${enable}" -eq "0" ]; then
+		log "dmexec is disabled"
+	fi
+
+	uci -q set dmexec.dmexec.result=""
+	cmd="$(uci -q get dmexec.dmexec.cmd)"
+	if [ -n "${cmd}" ]; then
+		log "Executing [${cmd}]"
+		result="$(eval $cmd 2>&1 |head -n 1 |head -c 256)"
+		result="${result//\'/}"
+		uci -q set dmexec.dmexec.result="${result}"
+		uci commit dmexec
+	fi
+}
+
+service_triggers() {
+	procd_add_reload_trigger dmexec
+}

dslmngr/files/airoha/sbin/xdsl_wan

@@ -5,8 +5,6 @@ source "/lib/functions/network.sh"
 source "/lib/functions/system.sh"
 
 PREVLINK=""
-LINK=""
-LINKSPEED=""
 PREVWANMODE=""
 WANMODE=""
 CONFIGURED=0
@@ -152,12 +150,6 @@ while [ true ]; do
 
 	if [ "$LINK" != "$PREVLINK" -a \( "$LINK" = "down" -o "$LINK" = "up" \) ]; then
 		if [ "$LINK" = "down" ]; then
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				rm -rf /tmp/qos/wan_link_shape_rate
-				rm -rf /tmp/qos/wan_link_speed
-				/usr/sbin/qos-uplink-bandwidth
-			fi
-
 			[ "$CONFIGURED" -eq 0 ] && configure_lines # Needs to be done once the slave SoC is in down state and we've not been able to auto-sync.
 			if [ -n "$WANMODE" ]; then
 				if [ "$WANMODE" = "PTM" ]; then
@@ -234,26 +226,6 @@ while [ true ]; do
 
 			call_wan_hotplug "up" "$WANPORT"
 			PREVWANMODE="$WANMODE"
-
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				LINKSPEED="$(awk '/far-end interleaved channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-				LINKSPEED=$((LINKSPEED))
-				if [ "$LINKSPEED" -eq 0 ]; then
-					LINKSPEED="$(awk '/far-end fast channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-					LINKSPEED=$((LINKSPEED))
-				fi
-
-				if [ "$LINKSPEED" -ne 0 ]; then
-					mkdir -p /tmp/qos
-					touch /tmp/qos/wan_link_shape_rate
-
-					/userfs/bin/qosrule discpline Rate uplink-bandwidth ${LINKSPEED}
-					hw_nat -! > /dev/null 2>&1
-				else
-					rm -rf /tmp/qos/wan_link_speed
-					/usr/sbin/qos-uplink-bandwidth
-				fi
-			fi
 		fi
 
 		# Toggle link state

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.1.3
+PKG_VERSION:=3.1.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=7bc8297e1a74adb522f7635bab4f93a1a2620216
+PKG_SOURCE_VERSION:=da6b25430123f03a74b59369b36dc4a777207d3f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

fdtextract/Makefile

@@ -10,14 +10,19 @@ PKG_NAME:=fdtextract
 PKG_RELEASE:=1
 PKG_VERSION:=1.0
 
-PKG_SOURCE_URL:=https://dev.iopsys.eu/system/fdtextract.git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/fdtextract.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=7917dbcb29724476cd46164eec29848df1e5fb67
+PKG_SOURCE_VERSION:=e3cefda3b26c9aea3021b20725ce7b31b33eebc4
 PKG_MIRROR_HASH:=skip
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=LICENSE
 
+RSTRIP:=true
+export BUILD_DIR
+
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_PARALLEL:=1
 
@@ -35,7 +40,9 @@ endef
 
 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
+
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/fdtextract $(1)/usr/sbin/
+	$(STRIP) $(1)/usr/sbin/fdtextract
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.4.0
+PKG_VERSION:=1.3.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=230d55ae6769e1ebde02cef3f718e6c4cf1b1962
+PKG_SOURCE_VERSION:=3663ca4d001508509774115d6797b932f9ed4f69
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.10.5
+PKG_VERSION:=9.10.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=7f4a159f6ff49584655e57bb801218eb083fba67
+PKG_SOURCE_VERSION:=c4b0fa4272ab44a8c78462d5cc8df6501acbeb55
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user

@@ -77,7 +77,6 @@ get_opt43() {
 config_load cwmp
 config_get wan_intf cpe default_wan_interface "wan"
 config_get dhcp_discovery acs dhcp_discovery "0"
-config_get_bool insecure_enable acs insecure_enable "0"
 config_get dhcp_url acs dhcp_url ""
 config_get min_wait_intvl acs dhcp_retry_min_wait_interval "0"
 config_get intvl_multi acs dhcp_retry_interval_multiplier "0"
@@ -103,17 +102,6 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		return 0
 	fi
 
-	if [ "${insecure_enable}" -eq "0" ]; then
-		case $DHCP_ACS_URL in
-		https://*)
-			log "ACS url $DHCP_ACS_URL has https"
-			;;
-		*)
-			return 0
-			;;
-		esac
-	fi
-
 	sec=$(uci -q get cwmp.acs)
 
 	if [ -z "${sec}" ]; then

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.39
+PKG_VERSION:=8.7.37
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=85fa0fe16d6a5a3452422b72186f6bbb16a13c62
+PKG_SOURCE_VERSION:=c711e1e132478d6443ffb5aad15d12b90f0d59b5
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

iopsys-analytics/Makefile

@@ -34,9 +34,6 @@ define Package/$(PKG_NAME)
     +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
     +PACKAGE_fluent-bit:logrotate                       \
     +@DMCLI_REMOTE_CONNECTION
-  # tools used in development/testing
-  DEPENDS+=                                             \
-    +iperf3
 
 endef
 

libwifi/Makefile

@@ -1,32 +1,28 @@
 #
-# Copyright (C) 2019-2024 Iopsys
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 Iopsys
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.22.6
+PKG_VERSION:=7.14.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ddeb681a9f99202b1ded6c965591bb8c1f5cb05d
-PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libwifi.git
+PKG_SOURCE_VERSION:=b4b8f524a93d03fd1f89d4c32b8eaca90d9ccc1a
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
+PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=LGPL-2.1-only
-PKG_LICENSE_FILES:=
-PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
-
-MAKE_VERBOSE := 1
+PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/kernel.mk
-include $(INCLUDE_DIR)/cmake.mk
 
 ifeq ($(CONFIG_TARGET_brcmbca),y)
   TARGET_PLATFORM=BROADCOM
@@ -53,14 +49,8 @@ else ifeq ($(CONFIG_TARGET_airoha),y)
   endif
 else ifeq ($(CONFIG_TARGET_mediatek),y)
   TARGET_PLATFORM=MEDIATEK
-  TARGET_WIFI_TYPE=MAC80211
-  ifeq ($(CONFIG_TARGET_DEVICE_mediatek_filogic_DEVICE_cx750),y)
-    TARGET_WIFI_TYPE=MEDIATEK
-    TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
-  else ifeq ($(CONFIG_TARGET_DEVICE_mediatek_filogic_DEVICE_mediatek_mt7987a-spim-nand-an8801sb),y)
-    TARGET_WIFI_TYPE=MEDIATEK
-    TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
-  endif
+  TARGET_WIFI_TYPE=MEDIATEK
+  TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
 else ifeq ($(CONFIG_TARGET_ipq95xx),y)
   TARGET_PLATFORM=IPQ95XX
   TARGET_WIFI_TYPE=QUALCOMM
@@ -76,13 +66,13 @@ else
 endif
 
 ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
-  TARGET_CFLAGS +=-DMT7915_VENDOR_EXT
+  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
 endif
 
 PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523
 
 ifneq ($(CONFIG_PACKAGE_libwifi),)
-  CMAKE_OPTIONS +=-DHAS_WIFI=ON
+TARGET_CFLAGS +=-DHAS_WIFI
 endif
 
 ifeq ($(CONFIG_LIBWIFI_USE_CTRL_IFACE),y)
@@ -93,8 +83,18 @@ ifeq ($(CONFIG_LIBWIFI_SKIP_PROBES),y)
   TARGET_CFLAGS +=-DLIBWIFI_BRCM_SKIP_PROBES
 endif
 
+TARGET_CFLAGS += \
+	-I$(STAGING_DIR)/usr/include \
+	-I$(STAGING_DIR)/usr/include/openssl \
+	-I$(STAGING_DIR)/usr/include/libnl3
 
-CMAKE_OPTIONS += -DPLATFORM=$(TARGET_PLATFORM) -DWIFI_TYPE=$(TARGET_WIFI_TYPE)
+MAKE_FLAGS += \
+	CFLAGS="$(TARGET_CFLAGS) -Wall -I./" \
+	LDFLAGS="$(TARGET_LDFLAGS)" \
+	FPIC="$(FPIC)" \
+	PLATFORM="$(TARGET_PLATFORM)" \
+	WIFI_TYPE="$(TARGET_WIFI_TYPE)" \
+	subdirs="$(subdirs)"
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -102,39 +102,43 @@ define Build/Prepare
 endef
 endif
 
-define Package/libwifiutils
-	SECTION:=libs
-	CATEGORY:=Libraries
-	TITLE:= WiFi utility library (libwifiutils.so)
-	DEPENDS+=+libnl +libnl-route +libeasy +libopenssl
-endef
-
-define Package/libwifiutils/description
-	Library provides WiFi utility functions
-endef
-
-define Package/libwifi
-	SECTION:=libs
-	CATEGORY:=Libraries
-	TITLE:= WiFi HAL library (libwifi-7.so.m)
-	DEPENDS+=+libnl +libnl-route +libeasy +libwifiutils +TARGET_brcmbca:bcm963xx-bsp
+define Package/libwifi-common
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=libwifi
+  SUBMENU:=IOPSYS HAL libs
+  DEPENDS:=+libopenssl
+  MENU:=1
 endef
 
 define Package/libwifi/description
-	Library provides WiFi HAL APIs
+  Library provides WiFi HAL APIs and WiFi common utility functions
+endef
+
+define Package/libwifiutils
+  $(call Package/libwifi-common)
+  TITLE:= WiFi utility library (libwifiutils.so)
+  DEPENDS+=+libnl +libnl-route +libeasy
 endef
 
 define Build/InstallDev/libwifiutils
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/wifidefs.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/wifiutils.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/libwifiutils*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/wifidefs.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/wifiutils.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libwifiutils*.so* $(1)/usr/lib/
 endef
 
 define Package/libwifiutils/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/libwifiutils*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/libwifiutils*.so* $(1)/usr/lib/
+endef
+
+
+define Package/libwifi
+  $(call Package/libwifi-common)
+  TITLE:= WiFi library (libwifi)
+  DEPENDS+=+libnl +libnl-route +libeasy +libwifiutils +TARGET_brcmbca:bcm963xx-bsp
 endef
 
 define Package/libwifi/config
@@ -155,12 +159,13 @@ define Package/libwifi/config
   endif
 endef
 
+
 define Build/InstallDev/libwifi
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifi/wifiops.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifi/wifi.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifi/libwifi-7*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/wifiops.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/wifi.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libwifi-7*.so* $(1)/usr/lib/
 endef
 
 
@@ -173,7 +178,7 @@ endef
 
 define Package/libwifi/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifi/libwifi-7*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/libwifi-7*.so* $(1)/usr/lib/
 endef
 
 $(eval $(call BuildPackage,libwifiutils))

logmngr/files/etc/config/logmngr

@@ -8,7 +8,7 @@ config source 'default_source'
 
 config template 'default_template'
 	option name 'default_template'
-	option expression '{time} {hostname} {ident}[{pid}]: {message}'
+	option expression '{time} {hostname} {ident}: {message}'
 
 config action 'default_action'
 	option name 'default_action'

logmngr/files/etc/uci-defaults/10-logmngr_config_migrate

@@ -11,7 +11,7 @@ fi
 if ! uci -q get logmngr.default_template > /dev/null; then
 	uci -q set logmngr.default_template=template
 	uci -q set logmngr.default_template.name='default_template'
-	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}[{pid}]: {message}'
+	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}: {message}'
 fi
 
 if uci -q get logmngr.a1 >/dev/null; then

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -77,12 +77,6 @@ create_default_filters() {
 	append_conf "    rename          msg     message"
 	append_conf ""
 
-	append_conf "[FILTER]"
-	append_conf "    name            modify"
-	append_conf "    match           *"
-	append_conf "    add             pid     0"
-	append_conf ""
-
 	append_conf "[FILTER]"
 	append_conf "    name            sysinfo"
 	append_conf "    match           *"
@@ -100,7 +94,6 @@ create_input_section() {
 
 	append_conf "[INPUT]"
 	append_conf "    name        syslog"
-	append_conf "    unix_perm   0666"
 	append_conf "    tag         $tag"
 	append_conf "    path        /dev/log"
 	append_conf ""

map-agent/Config.in

@@ -55,10 +55,6 @@ config AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST
 config AGENT_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config AGENT_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping. Depends on libztdpp.so"
-	default n
-
 config AGENT_CHECK_PARTIAL_WIFI_RELOAD
 	bool "Option that allow SSID/PSK simple reload"
 	default y

map-agent/Makefile

@@ -1,14 +1,13 @@
 #
-# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.4.3.6
+PKG_VERSION:=6.4.1.11
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=e37b8f1a4b988b907416161e3c8fe83cd39597c3
+PKG_SOURCE_VERSION:=671bb0e693adbeb3e06b967350ce7f96ee91321b
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -27,7 +26,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-agent
   SECTION:=utils
   CATEGORY:=Utilities
-  TITLE:=Wi-Fi Multi-AP Agent (EasyMesh R6)
+  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
   DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
 	   +ieee1905-map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp \
 	   +uuidgen +openssl-util +!TARGET_brcmbca:ebtables-legacy \
@@ -38,12 +37,8 @@ ifeq ($(CONFIG_AGENT_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-ifeq ($(CONFIG_AGENT_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
-
 define Package/map-agent/description
-  This package provides EasyMesh R6 compliant Wi-Fi Multi-AP Agent.
+ This package implements EasyMesh R2 compliant WiFi Agent.
 endef
 
 define Package/map-agent/config

map-agent/files/lib/multiap/map_genconfig

@@ -49,16 +49,19 @@ generate_multiap_config() {
 			2g)
 				mode_band=2
 				priority=2
+				dpp_chan="81/1"
 				channels="1 6 11"
 			;;
 			5g)
 				mode_band=5
 				priority=1
+				dpp_chan="128/36"
 				channels="36-64 100-112"
 			;;
 			6g)
 				mode_band=6
 				priority=0
+				dpp_chan="133/49"
 			;;
 		esac
 
@@ -159,17 +162,13 @@ generate_multiap_config() {
 				uci set mapagent.@bsta[-1].band="$mode_band"
 				uci set mapagent.@bsta[-1].priority="$priority"
 
-				# add dpp_chirp section for 2.4GHz bSTA
-				if [ $mode_band -eq 2 ]; then
-					uci add mapagent dpp_chirp
-					uci set mapagent.@dpp_chirp[-1].type="qrcode"
-					uci set mapagent.@dpp_chirp[-1].device="$device"
-					uci set mapagent.@dpp_chirp[-1].ifname="$ifname"
-					uci set mapagent.@dpp_chirp[-1].band="$mode_band"
-					for channel in $channels; do
-						uci add_list mapagent.@dpp_chirp[-1].channel="$channel"
-					done
-				fi
+				#uci add mapagent dpp_uri
+				#uci set mapagent.@dpp_uri[-1].type="qrcode"
+				#uci set mapagent.@dpp_uri[-1].device="$device"
+				#uci set mapagent.@dpp_uri[-1].ifname="$ifname"
+				#uci set mapagent.@dpp_uri[-1].band="$mode_band"
+				#uci set mapagent.@dpp_uri[-1].chirp_interval="10"
+				#uci add_list mapagent.@dpp_uri[-1].dpp_chan="$dpp_chan"
 
 				if [ $generate_wireless_sta_config -eq 1 ]; then
 					secname="default_sta_${device}"

map-controller/Config.in

@@ -39,10 +39,6 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config CONTROLLER_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping via passphrase."
-	default n
-
 config CONTROLLER_PROPAGATE_PROBE_REQ
 	depends on CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable publishing probe requests vendor specific messages as UBUS events"

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.4.8
+PKG_VERSION:=6.4.2.6
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=a863fc3a9d248b0be7385524e0680155ff614467
+PKG_SOURCE_VERSION:=5e93ea36c4fb93dd473b233b098ecacf6395a20c
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -36,9 +36,6 @@ ifeq ($(CONFIG_CONTROLLER_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-ifeq ($(CONFIG_CONTROLLER_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
 
 define Package/map-controller/description
  This package provides WiFi MultiAP Controller as per the EasyMesh-R2 specs.
@@ -84,7 +81,6 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands_impl.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_apis.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_plugin.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/wifi_opclass.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/steer_module.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/timer.h $(1)/usr/include/map-controller

map-controller/files/etc/config/mapcontroller

@@ -4,16 +4,16 @@ config controller 'controller'
 	option registrar '2 5 6'
 	option debug '2'
 	option bcn_metrics_max_num '10'
+	option initial_channel_scan '0'
 	option enable_ts '0'
 	option primary_vid '1'
 	option primary_pcp '0'
 	option stale_sta_timeout '20d'
 	option de_collect_interval '60'
-	list plugin 'zerotouch'
 
-config sta_steering 'sta_steering'
+config sta_steering
 	option enable_sta_steer '1'
-	option enable_bsta_steer '1'
+	option enable_bsta_steer '0'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'
@@ -23,10 +23,8 @@ config sta_steering 'sta_steering'
 	option plugins_enabled '1'
 	option plugins_policy 'any'
 	list plugins 'rcpi'
-	list plugins 'rate'
-	list plugins 'bsteer'
 
-config channel_plan 'channel_plan'
+config channel_plan
 	option preclear_dfs '0'
 	option acs '0'
 

map-controller/files/etc/init.d/mapcontroller

@@ -20,6 +20,7 @@ validate_controller_section() {
 		'registrar:string' \
 		'debug:range(0,16)' \
 		'bcn_metrics_max_num:range(1,256)' \
+		'initial_channel_scan:bool:true' \
 		'resend_num:uinteger:0' \
 		'allow_bgdfs:range(0,2629744)' \
 		'stale_sta_timeout:string' \

map-controller/files/etc/uci-defaults/99-mapcntlr-uci-rename-singletons

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-cfg=mapcontroller
-
-# singleton sections
-sections="channel_plan sta_steering"
-
-for sec in $sections; do
-    # find unnamed section of given type, only index 0
-    s=$(uci show $cfg | grep -oE "@${sec}\[0\]" | sort -u)
-    [ "$s" = "" ] && continue
-
-    uci rename $cfg.$s=$sec
-done
-
-uci commit $cfg

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=1.2.5
+PKG_VERSION:=1.0.31
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=05c0aa02b60b27aa57bf80b8fb068b1ee8bfc8ac
+PKG_SOURCE_VERSION:=565cade8fe08807b345404c567243fbdfdcb96c8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -27,18 +27,12 @@ include $(INCLUDE_DIR)/package.mk
 
 include $(wildcard plugins/*.mk)
 
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
-
 MAKE_FLAGS += \
 	CFLAGS="$(TARGET_CFLAGS) -Wall"
 
 plugins := \
 	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)   \
-	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer) \
-	$(if $(CONFIG_PACKAGE_map-plugins-zero-touch),zero-touch)
+	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer)
 
 ppkg:=$(patsubst plugins/%.mk,map-plugins-%,$(wildcard plugins/*.mk))
 
@@ -59,8 +53,7 @@ define Package/map-plugins
 endef
 
 define Package/map-plugins/description
-	Provides extra Multi-AP services viz. steering, channel-planning,
-	self-organizing network, zero-touch onboarding etc.
+	Provides extra Multi-AP services viz. steering, channel-planning, self-organizing network etc.
 endef
 
 define Package/map-plugins/install

map-plugins/plugins/zero-touch.mk

@@ -1,22 +0,0 @@
-define Package/map-plugins-zero-touch
-	$(call Package/map-plugins/Default)
-	TITLE:=Full Zero-touch bootstrapping of Wi-Fi Repeater device(s)
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-zero-touch/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/zerotouch.so $(1)/usr/lib/mapcontroller/zerotouch.so
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/libztdpp.so $(1)/usr/lib/libztdpp.so
-
-endef
-
-define Build/Compile/map-plugins-zero-touch
-	$(MAKE) -C $(PKG_BUILD_DIR)/zero-touch \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

mcastmngr/Makefile

@@ -32,7 +32,7 @@ define Package/mcastmngr
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json
  DEPENDS+=+!TARGET_brcmbca:mcproxy +!TARGET_brcmbca:sipcalc
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +!TARGET_brcmbca:kmod-ebt-igmpsnooping +!TARGET_brcmbca:kmod-ebt-mldsnooping
- DEPENDS+=+!TARGET_brcmbca:ebtables-legacy +dm-agent
+ DEPENDS+=+!TARGET_brcmbca:ebtables-legacy +bridgemngr
 endef
 
 define Package/mcastmngr/description

mosquitto-auth-plugin/src/mosquitto_auth_plugin.c

@@ -1,616 +0,0 @@
-/*
- * Copyright (c) 2022 Genexis B.V.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- *   Erik Karlsson - initial implementation
- */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <string.h>
-#include <shadow.h>
-#include <crypt.h>
-#include <stdlib.h>
-#include <arpa/inet.h>
-#include <mosquitto.h>
-#include <mosquitto_broker.h>
-#include <mosquitto_plugin.h>
-
-#ifdef ENABLE_PAM_SUPPORT
-#include <security/pam_appl.h>
-#endif
-
-#define MAX_USERS 256
-#define MAX_SUBNETS_PER_USER 32
-
-typedef struct {
-	union {
-		uint32_t ipv4_network;
-		uint8_t ipv6_network[16];
-	};
-	union {
-		uint32_t ipv4_netmask;
-		uint8_t ipv6_netmask[16];
-	};
-	int is_ipv6;
-} subnet_t;
-
-typedef struct {
-	char username[64];
-	subnet_t allow_subnets[MAX_SUBNETS_PER_USER];
-	int allow_count;
-	subnet_t deny_subnets[MAX_SUBNETS_PER_USER];
-	int deny_count;
-} user_acl_t;
-
-typedef struct {
-	user_acl_t users[MAX_USERS];
-	int user_count;
-	mosquitto_plugin_id_t *identifier;
-} plugin_data_t;
-
-/* Parse CIDR notation for IPv4 or IPv6 (e.g., "192.168.1.0/24" or "2001:db8::/32") */
-static int parse_subnet(const char *cidr, subnet_t *subnet)
-{
-	char ip_str[128];
-	char *slash;
-	int prefix_len;
-	struct in_addr addr4;
-	struct in6_addr addr6;
-
-	strncpy(ip_str, cidr, sizeof(ip_str) - 1);
-	ip_str[sizeof(ip_str) - 1] = '\0';
-
-	slash = strchr(ip_str, '/');
-	if (slash != NULL) {
-		*slash = '\0';
-		prefix_len = atoi(slash + 1);
-	}
-
-	/* Try IPv4 first */
-	if (inet_pton(AF_INET, ip_str, &addr4) == 1) {
-		subnet->is_ipv6 = 0;
-		if (slash == NULL)
-			prefix_len = 32;
-		if (prefix_len < 0 || prefix_len > 32)
-			return -1;
-
-		subnet->ipv4_network = ntohl(addr4.s_addr);
-		subnet->ipv4_netmask = prefix_len == 0 ? 0 : (~0U << (32 - prefix_len));
-		subnet->ipv4_network &= subnet->ipv4_netmask;
-		return 0;
-	}
-
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, ip_str, &addr6) == 1) {
-		subnet->is_ipv6 = 1;
-		if (slash == NULL)
-			prefix_len = 128;
-		if (prefix_len < 0 || prefix_len > 128)
-			return -1;
-
-		/* Copy network address */
-		memcpy(subnet->ipv6_network, addr6.s6_addr, 16);
-
-		/* Generate netmask */
-		memset(subnet->ipv6_netmask, 0, 16);
-		for (int i = 0; i < prefix_len / 8; i++)
-			subnet->ipv6_netmask[i] = 0xff;
-		if (prefix_len % 8)
-			subnet->ipv6_netmask[prefix_len / 8] = ~((1 << (8 - (prefix_len % 8))) - 1);
-
-		/* Apply netmask to network address */
-		for (int i = 0; i < 16; i++)
-			subnet->ipv6_network[i] &= subnet->ipv6_netmask[i];
-
-		return 0;
-	}
-
-	return -1;
-}
-
-/* Check if IPv4 address is in subnet */
-static int ipv4_in_subnet(uint32_t ip, const subnet_t *subnet)
-{
-	if (subnet->is_ipv6)
-		return 0;
-	return (ip & subnet->ipv4_netmask) == subnet->ipv4_network;
-}
-
-/* Check if IPv6 address is in subnet */
-static int ipv6_in_subnet(const uint8_t *ip, const subnet_t *subnet)
-{
-	if (!subnet->is_ipv6)
-		return 0;
-	for (int i = 0; i < 16; i++) {
-		if ((ip[i] & subnet->ipv6_netmask[i]) != subnet->ipv6_network[i])
-			return 0;
-	}
-	return 1;
-}
-
-/* Check if IP is in any subnet in the list */
-static int ip_in_subnet_list(const char *client_address, const subnet_t *subnets, int count)
-{
-	struct in_addr addr4;
-	struct in6_addr addr6;
-	uint32_t ipv4;
-
-	/* Try IPv4 */
-	if (inet_pton(AF_INET, client_address, &addr4) == 1) {
-		ipv4 = ntohl(addr4.s_addr);
-		for (int i = 0; i < count; i++) {
-			if (ipv4_in_subnet(ipv4, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, client_address, &addr6) == 1) {
-		for (int i = 0; i < count; i++) {
-			if (ipv6_in_subnet(addr6.s6_addr, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	return 0;
-}
-
-/* Find or create user ACL entry */
-static user_acl_t* find_or_create_user_acl(plugin_data_t *pdata, const char *username)
-{
-	user_acl_t *user;
-
-	/* Find existing user */
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
-
-	/* Create new user if not found */
-	if (pdata->user_count >= MAX_USERS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Max users exceeded");
-		return NULL;
-	}
-
-	user = &pdata->users[pdata->user_count];
-	strncpy(user->username, username, sizeof(user->username) - 1);
-	user->username[sizeof(user->username) - 1] = '\0';
-	user->allow_count = 0;
-	user->deny_count = 0;
-	pdata->user_count++;
-
-	return user;
-}
-
-/* Parse subnet ACL file with simplified format
- * Format:
- * # Comment lines
- * subnet allow <username> <cidr>
- * subnet deny <username> <cidr>
- */
-static int load_subnet_acl_config(plugin_data_t *pdata, const char *config_file)
-{
-	FILE *fp;
-	char line[512];
-	int line_num = 0;
-
-	/* Initialize user count */
-	pdata->user_count = 0;
-
-	/* Config file is optional - if not provided, no subnet filtering */
-	if (config_file == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_INFO,
-			"subnet_acl: No subnet ACL file specified, subnet filtering disabled");
-		return 0;
-	}
-
-	/* If config file is specified but cannot be opened, this is a fatal error */
-	fp = fopen(config_file, "r");
-	if (fp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to open subnet ACL file '%s'", config_file);
-		return -1;
-	}
-
-	while (fgets(line, sizeof(line), fp) != NULL) {
-		char *token, *saveptr;
-		char *action, *username, *cidr;
-		user_acl_t *user;
-		subnet_t subnet;
-
-		line_num++;
-
-		/* Remove newline and comments */
-		line[strcspn(line, "\r\n")] = '\0';
-		char *comment = strchr(line, '#');
-		if (comment)
-			*comment = '\0';
-
-		/* Trim leading whitespace */
-		char *line_start = line;
-		while (*line_start == ' ' || *line_start == '\t')
-			line_start++;
-
-		/* Skip empty lines */
-		if (*line_start == '\0')
-			continue;
-
-		/* Parse: subnet allow|deny <username> <cidr> */
-		token = strtok_r(line_start, " \t", &saveptr);
-		if (token == NULL)
-			continue;
-
-		/* Must start with "subnet" */
-		if (strcmp(token, "subnet") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid directive '%s' at line %d (expected 'subnet')",
-				token, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get allow/deny */
-		action = strtok_r(NULL, " \t", &saveptr);
-		if (action == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing allow/deny at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		if (strcmp(action, "allow") != 0 && strcmp(action, "deny") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid action '%s' at line %d (use 'allow' or 'deny')",
-				action, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get username */
-		username = strtok_r(NULL, " \t", &saveptr);
-		if (username == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing username at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get CIDR */
-		cidr = strtok_r(NULL, " \t", &saveptr);
-		if (cidr == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing CIDR at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Parse subnet */
-		if (parse_subnet(cidr, &subnet) != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid CIDR '%s' at line %d", cidr, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Find or create user */
-		user = find_or_create_user_acl(pdata, username);
-		if (user == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Max users (%d) exceeded at line %d", MAX_USERS, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Add to appropriate list */
-		if (strcmp(action, "allow") == 0) {
-			if (user->allow_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max allow subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->allow_subnets[user->allow_count] = subnet;
-			user->allow_count++;
-
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' allow subnet %s",
-				user->username, cidr);
-
-		} else { /* deny */
-			if (user->deny_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max deny subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->deny_subnets[user->deny_count] = subnet;
-			user->deny_count++;
-
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' deny subnet %s",
-				user->username, cidr);
-		}
-	}
-
-	fclose(fp);
-
-	/* Log summary */
-	for (int i = 0; i < pdata->user_count; i++) {
-		user_acl_t *user = &pdata->users[i];
-		if (user->allow_count > 0 || user->deny_count > 0) {
-			mosquitto_log_printf(MOSQ_LOG_INFO,
-				"subnet_acl: User '%s' has %d allow and %d deny subnet rules",
-				user->username, user->allow_count, user->deny_count);
-		}
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Loaded subnet restrictions for %d user(s)", pdata->user_count);
-
-	return 0;
-}
-
-/* Find user ACL entry */
-static const user_acl_t* find_user_acl(const plugin_data_t *pdata, const char *username)
-{
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
-	return NULL;
-}
-
-/* Check subnet access on authentication (connection time)
- * Returns: MOSQ_ERR_SUCCESS if allowed, MOSQ_ERR_AUTH if denied
- */
-static int check_subnet_on_auth(plugin_data_t *pdata, struct mosquitto_evt_basic_auth *ed)
-{
-	const user_acl_t *user_acl;
-	const char *client_address;
-
-	/* Skip if no subnet config loaded */
-	if (pdata == NULL || pdata->user_count == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	/* Skip anonymous users */
-	if (ed->username == NULL)
-		return MOSQ_ERR_SUCCESS;
-
-	/* Find user's subnet ACL */
-	user_acl = find_user_acl(pdata, ed->username);
-
-	/* If user not in config or has no subnet rules, allow */
-	if (user_acl == NULL || (user_acl->allow_count == 0 && user_acl->deny_count == 0))
-		return MOSQ_ERR_SUCCESS;
-
-	/* Get client IP address */
-	client_address = mosquitto_client_address(ed->client);
-	if (client_address == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_WARNING,
-			"subnet_acl: Could not get client address for user '%s', denying connection",
-			ed->username);
-		return MOSQ_ERR_AUTH;
-	}
-
-	/* Check deny list first - deny takes precedence */
-	if (user_acl->deny_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->deny_subnets, user_acl->deny_count)) {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED by deny rule",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
-
-	/* If there are allow rules, IP must match one of them */
-	if (user_acl->allow_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->allow_subnets, user_acl->allow_count)) {
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' from %s allowed by allow rule",
-				ed->username, client_address);
-			return MOSQ_ERR_SUCCESS;
-		} else {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED (not in allowed subnets)",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
-
-	/* No subnet rules for this user - allow */
-	return MOSQ_ERR_SUCCESS;
-}
-
-#ifdef ENABLE_PAM_SUPPORT
-static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
-{
-	int i;
-	const char *pass = (const char *)appdata_ptr;
-
-	*resp = calloc(num_msg, sizeof(struct pam_response));
-	if (*resp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
-		return PAM_BUF_ERR;
-	}
-
-	if (pass == NULL)
-		return PAM_SUCCESS;
-
-	for (i = 0; i < num_msg; ++i) {
-		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
-			(*resp)[i].resp = strdup(pass);
-			if ((*resp)[i].resp == NULL) {
-				for (int j = 0; j < i ; j++)
-					free((*resp)[j].resp);
-
-				free(*resp);
-				*resp = NULL;
-				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
-				return PAM_BUF_ERR;
-			}
-		}
-	}
-	return PAM_SUCCESS;
-}
-
-static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct pam_conv conv;
-	int retval;
-	pam_handle_t *pamh = NULL;
-
-	conv.conv = pam_conversation;
-	conv.appdata_ptr = (void *)ed->password;
-
-	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
-	if (retval != PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
-		return MOSQ_ERR_AUTH;
-	}
-
-	retval = pam_authenticate(pamh, 0);
-	pam_end(pamh, retval);
-	if (retval == PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
-		return MOSQ_ERR_SUCCESS;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
-	return MOSQ_ERR_AUTH;
-}
-#else
-static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
-}
-#endif
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-	plugin_data_t *pdata = userdata;
-	int auth_result;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-	/* First check username/password authentication */
-#ifdef ENABLE_PAM_SUPPORT
-	auth_result = process_pam_auth_callback(ed);
-#else
-	auth_result = process_shadow_auth_callback(ed);
-#endif
-
-	/* If authentication failed, reject immediately */
-	if (auth_result != MOSQ_ERR_SUCCESS)
-		return auth_result;
-
-	/* Authentication succeeded, now check subnet restrictions */
-	return check_subnet_on_auth(pdata, ed);
-}
-
-int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
-{
-	return 5;
-}
-
-int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
-{
-	plugin_data_t *pdata;
-	const char *config_file = NULL;
-	int rc;
-
-	/* Find subnet config file option */
-	for (int i = 0; i < opt_count; i++) {
-		if (strcmp(opts[i].key, "subnet_acl_file") == 0) {
-			config_file = opts[i].value;
-			break;
-		}
-	}
-
-	pdata = calloc(1, sizeof(plugin_data_t));
-	if (pdata == NULL)
-		return MOSQ_ERR_NOMEM;
-
-	pdata->identifier = identifier;
-
-	/* Load subnet ACL configuration */
-	if (load_subnet_acl_config(pdata, config_file) != 0) {
-		free(pdata);
-		return MOSQ_ERR_UNKNOWN;
-	}
-
-	/* Register authentication callback only - subnet check is done during auth */
-	rc = mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-	                                 basic_auth_callback, NULL, pdata);
-	if (rc != MOSQ_ERR_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to register authentication callback");
-		free(pdata);
-		return rc;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_INFO,
-		"subnet_acl: Plugin initialized with %d user(s)", pdata->user_count);
-
-	/* Only assign user_data after all possible error paths */
-	*user_data = pdata;
-
-	return MOSQ_ERR_SUCCESS;
-}
-
-int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
-{
-	plugin_data_t *pdata = user_data;
-
-	if (pdata) {
-		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
-		                              basic_auth_callback, NULL);
-		free(pdata);
-	}
-
-	return MOSQ_ERR_SUCCESS;
-}

mosquitto-auth-shadow/Config.in

@@ -1,4 +1,4 @@
-if PACKAGE_mosquitto-auth-plugin
+if PACKAGE_mosquitto-auth-shadow
 
 config MOSQUITTO_AUTH_PAM_SUPPORT
 	bool "Enable support of Linux PAM module for Authentication"

mosquitto-auth-shadow/Makefile

@@ -13,8 +13,8 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=mosquitto-auth-plugin
-PKG_VERSION:=1.2.0
+PKG_NAME:=mosquitto-auth-shadow
+PKG_VERSION:=1.1.0
 
 PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
 PKG_LICENSE:=EPL-2.0
@@ -24,7 +24,7 @@ PKG_CONFIG_DEPENDS:=CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/mosquitto-auth-plugin
+define Package/mosquitto-auth-shadow
   SECTION:=net
   CATEGORY:=Network
   TITLE:=mosquitto - /etc/shadow authentication plugin
@@ -32,12 +32,12 @@ define Package/mosquitto-auth-plugin
   USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
 endef
 
-define Package/mosquitto-auth-plugin/description
+define Package/mosquitto-auth-shadow/description
   Plugin for the mosquitto MQTT message broker that authenticates
   users using /etc/shadow
 endef
 
-define Package/mosquitto-auth-plugin/config
+define Package/mosquitto-auth-shadow/config
 	source "$(SOURCE)/Config.in"
 endef
 
@@ -45,10 +45,10 @@ ifeq ($(CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT),y)
 TARGET_CFLAGS+=-DENABLE_PAM_SUPPORT
 endif
 
-define Package/mosquitto-auth-plugin/install
+define Package/mosquitto-auth-shadow/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_plugin.so $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
 	$(CP) ./files/* $(1)/
 endef
 
-$(eval $(call BuildPackage,mosquitto-auth-plugin))
+$(eval $(call BuildPackage,mosquitto-auth-shadow))

mosquitto-auth-shadow/src/Makefile

@@ -11,14 +11,14 @@
 #   Erik Karlsson - initial implementation
 #
 
-TARGETS = mosquitto_auth_plugin.so
+TARGETS = mosquitto_auth_shadow.so
 
 all: $(TARGETS)
 
 %.pic.o: %.c
 	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
 
-mosquitto_auth_plugin.so: mosquitto_auth_plugin.pic.o
+mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
 	$(CC) $(LDFLAGS) -shared -o $@ $^ $(if $(filter -DENABLE_PAM_SUPPORT,$(CFLAGS)),-lpam)
 
 clean:

mosquitto-auth-shadow/src/mosquitto_auth_shadow.c

@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2022 Genexis B.V.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *   Erik Karlsson - initial implementation
+ */
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <shadow.h>
+#include <crypt.h>
+#include <stdlib.h>
+#include <mosquitto.h>
+#include <mosquitto_broker.h>
+#include <mosquitto_plugin.h>
+
+#ifdef ENABLE_PAM_SUPPORT
+#include <security/pam_appl.h>
+
+static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
+{
+	int i;
+	const char *pass = (const char *)appdata_ptr;
+
+	*resp = calloc(num_msg, sizeof(struct pam_response));
+	if (*resp == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
+		return PAM_BUF_ERR;
+	}
+
+	if (pass == NULL)
+		return PAM_SUCCESS;
+
+	for (i = 0; i < num_msg; ++i) {
+		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+			(*resp)[i].resp = strdup(pass);
+			if ((*resp)[i].resp == NULL) {
+				for (int j = 0; j < i ; j++)
+					free((*resp)[j].resp);
+
+				free(*resp);
+				*resp = NULL;
+				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
+				return PAM_BUF_ERR;
+			}
+		}
+	}
+	return PAM_SUCCESS;
+}
+
+static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct pam_conv conv;
+	int retval;
+	pam_handle_t *pamh = NULL;
+
+	conv.conv = pam_conversation;
+	conv.appdata_ptr = (void *)ed->password;
+
+	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
+	if (retval != PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
+		return MOSQ_ERR_AUTH;
+	}
+
+	retval = pam_authenticate(pamh, 0);
+	pam_end(pamh, retval);
+	if (retval == PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
+		return MOSQ_ERR_SUCCESS;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
+	return MOSQ_ERR_AUTH;
+}
+#else
+static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct spwd spbuf, *sp = NULL;
+	char buf[256];
+	struct crypt_data data;
+	char *hash;
+
+	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
+
+	if (sp == NULL || sp->sp_pwdp == NULL)
+		return MOSQ_ERR_AUTH;
+
+	/* Empty string as hash means password is not required */
+	if (sp->sp_pwdp[0] == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	if (ed->password == NULL)
+		return MOSQ_ERR_AUTH;
+
+	memset(&data, 0, sizeof(data));
+	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
+
+	if (hash == NULL)
+		return MOSQ_ERR_AUTH;
+
+	if (strcmp(hash, sp->sp_pwdp) == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	return MOSQ_ERR_AUTH;
+}
+#endif
+
+static int basic_auth_callback(int event, void *event_data, void *userdata)
+{
+	struct mosquitto_evt_basic_auth *ed = event_data;
+
+	/* Let other plugins or broker decide about anonymous login */
+	if (ed->username == NULL)
+		return MOSQ_ERR_PLUGIN_DEFER;
+
+#ifdef ENABLE_PAM_SUPPORT
+	return process_pam_auth_callback(ed);
+#else
+	return process_shadow_auth_callback(ed);
+#endif
+}
+
+int mosquitto_plugin_version(int supported_version_count,
+			     const int *supported_versions)
+{
+	return 5;
+}
+
+int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
+			  void **user_data,
+			  struct mosquitto_opt *opts, int opt_count)
+{
+	*user_data = identifier;
+
+	return mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
+					   basic_auth_callback, NULL, NULL);
+}
+
+int mosquitto_plugin_cleanup(void *user_data,
+			     struct mosquitto_opt *opts, int opt_count)
+{
+	mosquitto_plugin_id_t *identifier = user_data;
+
+	return mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
+					     basic_auth_callback, NULL);
+}

netmngr/Makefile

@@ -11,7 +11,7 @@ LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=000da9cbb2cfe965908adf60eda0823682c8bd69
+PKG_SOURCE_VERSION:=ff08a8cc5c860056a022e5376a973dee5a323595
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.1.7
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only

netmode/files/etc/config/netmode

@@ -1,2 +1,2 @@
 config netmode global
-	option enabled 1
+	option enabled 0

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -17,8 +17,6 @@ l3_mcast_config() {
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
-	wandev="$(uci -q get network.WAN.ifname)"
-
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
 	uci -q set network.lan.device='br-lan'
@@ -38,35 +36,11 @@ l3_network_config() {
 	uci -q delete network.wan.disabled
 	uci -q delete network.wan.username
 	uci -q delete network.wan.password
-	uci -q delete network.wan.ipaddr
-	uci -q delete network.wan.gateway
-	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6=interface
 	uci -q set network.wan6.proto='dhcpv6'
 	uci -q delete network.wan6.disabled
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		wandev="$wandev.$NETMODE_vlanid"
-	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 
@@ -87,6 +61,12 @@ l3_network_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -17,8 +17,6 @@ l3_mcast_config() {
 l3_network_pppoe_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
-	wandev="$(uci -q get network.WAN.ifname)"
-
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
 	uci -q set network.lan.device='br-lan'
@@ -38,33 +36,9 @@ l3_network_pppoe_config() {
 	uci -q set network.wan.username="$NETMODE_username"
 	uci -q set network.wan.password="$NETMODE_password"
 	uci -q delete network.wan.disabled
-	uci -q delete network.wan.ipaddr
-	uci -q delete network.wan.gateway
-	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6.disabled='1'
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		wandev="$wandev.$NETMODE_vlanid"
-	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 
@@ -85,6 +59,12 @@ l3_network_pppoe_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -1,127 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-source "/etc/device_info"
-
-l3_mcast_config() {
-	# configure L3 mcast config
-	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
-
-	rm -f /etc/config/mcast
-	sh /rom/etc/uci-defaults/61-mcast_config_generate
-	uci -q commit mcast
-}
-
-l3_network_config() {
-	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-
-	wandev="$(uci -q get network.WAN.ifname)"
-
-	# Configure L3 Network Mode
-	uci -q set network.lan=interface
-	uci -q set network.lan.device='br-lan'
-	uci -q set network.lan.proto='static'
-	uci -q set network.lan.ipaddr='192.168.1.1'
-	uci -q set network.lan.netmask='255.255.255.0'
-	uci -q set network.lan.ip6assign='60'
-	uci -q delete network.lan.vendorid
-	uci -q delete network.lan.clientid
-	uci -q delete network.lan.reqopts
-	uci -q delete network.lan.sendopts
-
-	uci -q delete network.lan6	
-
-	uci -q set network.wan=interface
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan.proto='static'
-	uci -q set network.wan.ipaddr="$NETMODE_ipaddr"
-	uci -q set network.wan.gateway="$NETMODE_gateway"
-	uci -q set network.wan.netmask="$NETMODE_netmask"
-	uci -q delete network.wan.disabled
-	uci -q delete network.wan.username
-	uci -q delete network.wan.password
-
-	uci -q set network.wan6.disabled='1'
-
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		wandev="$wandev.$NETMODE_vlanid"
-	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_cleanup
-	fi
-
-	uci -q commit network
-
-	# Enable DHCP Server
-	uci -q set dhcp.lan.ignore=0
-	uci -q set dhcp.wan.ignore=1
-	uci -q commit dhcp
-	/etc/init.d/odhcpd enable
-
-	# Enable SSDPD
-	uci -q set ssdpd.ssdp.enabled="1"
-	uci -q commit ssdpd
-
-	# Update CWMP Agent WAN Interface
-	uci -q set cwmp.cpe.default_wan_interface="wan"
-	uci -q commit cwmp
-
-	# Update gateway WAN Interface
-	uci -q set gateway.global.wan_interface="wan"
-	uci -q commit gateway
-
-	# Enable firewall
-	uci -q set firewall.globals.enabled="1"
-	uci -q commit firewall
-}
-
-l3_network_config
-l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/supported_modes.json

@@ -3,90 +3,25 @@
   "supported_modes": [
     {
       "name": "routed-dhcp",
-      "description": "DHCP",
-      "supported_args": [
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers",
-          "required": false,
-          "type": "string"
-        }
-      ]
+      "description": "WAN with DHCP proto (Layer 3)"
     },
     {
       "name": "routed-pppoe",
-      "description": "PPPoE",
+      "description": "WAN with PPPoE (Layer 3)",
       "supported_args": [
         {
           "name": "username",
-          "description": "PPPoE Username",
+          "description": "PPPoE username",
           "required": true,
-          "type": "string",
+	  "type": "string",
           "#value": "TestUser"
         },
         {
           "name": "password",
-          "description": "PPPoE Password",
+          "description": "PPPoE password",
           "required": true,
-          "type": "string",
+	  "type": "string",
           "#value": "TestPassword"
-        },
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers",
-          "required": false,
-          "type": "string"
-        }
-      ]
-    },
-    {
-      "name": "routed-static",
-      "description": "Static",
-      "supported_args": [
-        {
-          "name": "ipaddr",
-          "description": "IP Address",
-          "required": true,
-          "type": "string",
-          "#value": "93.21.0.104"
-        },
-        {
-          "name": "netmask",
-          "description": "Subnet Mask",
-          "required": true,
-          "type": "string",
-          "#value": "255.255.255.0"
-        },
-        {
-          "name": "gateway",
-          "description": "Default Gateway",
-          "required": true,
-          "type": "string",
-          "#value": "93.21.0.1"
-        },
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers",
-          "required": false,
-          "type": "string"
         }
       ]
     }

netmode/files/etc/uci-defaults/40_netmode_set_default_netmode

@@ -1,35 +0,0 @@
-#!/bin/sh
-
-enabled="$(uci -q get netmode.global.enabled)"
-[ "$enabled" == "1" ] || exit 0
-
-mode="$(uci -q get netmode.global.mode)"
-wanproto=$(uci -q get network.wan.proto)
-
-if [ -n "$mode" ]; then
-	# check if wanproto and mode aligned
-	if [ "${mode}" = "routed-${wanproto}" ]; then
-		exit 0
-	fi
-fi
-
-[ -f /etc/netmodes/supported_modes.json ] || exit 0
-
-# NetMode is enabled without a Mode being set
-# Figure out the current mode from network config
-curmode=""
-case "$wanproto" in
-	dhcp) curmode="routed-dhcp" ;;
-	pppoe) curmode="routed-pppoe" ;;
-	static) curmode="routed-static" ;;
-esac
-
-found=0
-for md in $(jsonfilter -i /etc/netmodes/supported_modes.json -e "@.supported_modes.*.name"); do
-	[ "$md" == "$curmode" ] && found=1
-done
-
-if [ $found -eq 1 ]; then
-	uci -q set netmode.global.mode="$curmode"
-	echo "$curmode" > /etc/netmodes/.last_mode
-fi

netmode/files/lib/netmode/post/datamodel_init.sh

@@ -19,3 +19,7 @@ fi
 if [ -x "/etc/init.d/bbfdmd" ]; then
 	/etc/init.d/bbfdmd restart
 fi
+
+if [ -x "/etc/init.d/obuspa" ]; then
+	/etc/init.d/obuspa restart
+fi

netmode/files/lib/upgrade/keep.d/netmode

@@ -1 +0,0 @@
-/etc/netmodes/.last_mode

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.7.5
+PKG_VERSION:=10.0.7.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=f3b5b79476adadc55830de9466361c0eeced473e
+PKG_SOURCE_VERSION:=84d5ae575134d501b8ca171a5a65c6f410f01d08
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,9 +32,8 @@ define Package/obuspa
   SUBMENU:=TRx69
   TITLE:=USP agent
   MENU:=1
-  DEPENDS:=+libopenssl +libcurl +libsqlite3 +libmosquitto-ssl +libwebsockets-openssl
-  DEPENDS+=+libjson-c +libubox +libubus +libuci +libblobmsg-json
-  DEPENDS+=+ca-certificates +OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl
+  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
+		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 

obuspa/files/etc/init.d/obuspa

@@ -6,18 +6,19 @@ USE_PROCD=1
 
 PROG=/usr/sbin/obuspa
 CONFIGURATION=obuspa
+
 ENV_PROFILE="/root/.profile"
 KEEP_FILE="/lib/upgrade/keep.d/obuspa"
 
 RESET_FILE="/tmp/obuspa/fw_defaults"
-
-OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
+SQL_DB_FILE="/tmp/obuspa/usp.db"
+DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)"
 
 BASEPATH=""
 INSTANCE_COUNT=0
-CLIENT_ID_PREFIX=""
 
 . /lib/functions/network.sh
+. /usr/share/libubox/jshn.sh
 . /etc/obuspa/usp_utils.sh
 
 global_init()
@@ -29,7 +30,6 @@ global_init()
 log()
 {
 	echo "$*"|logger -t obuspa.init -p debug
-	echo "$*" >/dev/console
 }
 
 db_set_reset_file()
@@ -47,9 +47,37 @@ db_set_reset_file()
 	fi
 }
 
+db_set_sql()
+{
+	local param value
+
+	param="${1}"
+	shift
+	value="$*"
+
+	if [ -n "${param}" ] && [ -n "${value}" ]; then
+		if grep -q "${param} " ${DB_DUMP}; then
+			value="${value//\//\\/}"
+			sed -i "s/${param} .*/${param} \"${value}\"/g" ${DB_DUMP}
+		else
+			echo "${param} \"${value}\"" >> ${DB_DUMP}
+		fi
+	fi
+}
+
 db_set()
 {
-	db_set_reset_file "$@"
+	# if sql db dump file present, update it
+	if [ -f "${DB_DUMP}" ]; then
+		db_set_sql "$@"
+	else
+		db_set_reset_file "$@"
+	fi
+}
+
+dump_db()
+{
+	${PROG} -v0 -f ${SQL_DB_FILE} -c show database |grep "^Internal.\|^Device."|sed '{s/=> /"/g;s/$/"/g}' | sort  > ${DB_DUMP}
 }
 
 # if db present then check if it matches with existing instances
@@ -64,6 +92,21 @@ get_base_path()
 	path=""
 	count=0
 
+	if [ -f "${DB_DUMP}" ]; then
+		path=$(grep -E "${refpath}\d+.Alias \"${value}\"" ${DB_DUMP})
+		path=${path%.*}
+		if [ -z "${path}" ]; then
+			path=$(grep -oE "${refpath}\d+" ${DB_DUMP} |sort -r|head -n 1)
+			if [ -n "${path}" ]; then
+				count=${path##*.}
+				count=$(( count + 1 ))
+			else
+				count=1
+			fi
+			path="${refpath}${count}"
+		fi
+	fi
+
 	if [ -z "${path}" ]; then
 		INSTANCE_COUNT=$(( INSTANCE_COUNT + 1 ))
 		path="${refpath}${INSTANCE_COUNT}"
@@ -79,7 +122,9 @@ get_refrence_path()
 	value="${2}"
 	path=""
 
-	if [ -f "${RESET_FILE}" ]; then
+	if [ -f "${DB_DUMP}" ]; then
+		path=$(grep -E "${dmref}\d+.Alias " ${DB_DUMP}|grep -w "${value}")
+	elif [ -f "${RESET_FILE}" ]; then
 		path=$(grep -E "${dmref}\d+.Alias " ${RESET_FILE}|grep -w "${value}")
 	fi
 	path=${path%.*}
@@ -91,7 +136,7 @@ update_keep()
 	file=${1}
 
 	if [ -z "${file}" ]; then
-		return 0
+		return;
 	fi
 
 	if [ ! -f "${KEEP_FILE}" ]; then
@@ -218,7 +263,7 @@ configure_localagent()
 
 	validate_localagent_section "${1}" || {
 		log "Validation of localagent section failed"
-		return 0
+		return 0;
 	}
 
 	db_set Device.LocalAgent.EndpointID "${EndpointID}"
@@ -226,7 +271,7 @@ configure_localagent()
 
 update_reset_reason()
 {
-	[ -f "/tmp/reset_reason" ] || return 0
+	[ -f "/tmp/reset_reason" ] || return 0;
 
 	if grep -qwi "defaultreset" /tmp/reset_reason; then
 		db_set Internal.Reboot.Cause "FactoryReset"
@@ -265,6 +310,10 @@ get_role_index()
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
 		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
 		echo "$val"
+	elif [ -f "${DB_DUMP}" ]; then
+		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)"
+		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
+		echo "$val"
 	else
 		log "Not able to get role ${name}, use Untrusted role"
 		echo "${drole}"
@@ -282,19 +331,19 @@ configure_controller()
 	sec="${1}"
 	validate_controller_section "${1}" || {
 		log "Validation of controller section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/controller_/cpe-}"
 	get_base_path "Device.LocalAgent.Controller." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "controller:: Protocol cannot be empty"
-		return 1
+		return 1;
 	fi
 
 	dm_ref=""
@@ -390,14 +439,14 @@ configure_subscription()
 	sec="${1}"
 	validate_subscription_section "${1}" || {
 		log "Validation of subscription section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/sub_/cpe-}"
 	get_base_path "Device.LocalAgent.Subscription." "sub_${1}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -n "${controller}" ]; then
@@ -434,12 +483,12 @@ configure_challenges()
 	get_base_path "Device.LocalAgent.ControllerTrust.Challenge." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${role_name}" ] && [ -z "${Role}" ]; then
-		log "Either role_name or Role must defined for a challenge"
-		return 1
+		log "Either role_name or Role must defined for a challenge";
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -466,18 +515,18 @@ configure_mtp() {
 	sec="${1}"
 	validate_mtp_section "${1}" || {
 		log "Validation of mtp section failed"
-		return 1
+		return 1;
 	}
 	sec="${sec/mtp_/cpe-}"
 	get_base_path "Device.LocalAgent.MTP." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "Protocol not defined for the mtp[${1}] section"
-		return 1
+		return 1;
 	fi
 
 	dm_ref=""
@@ -535,14 +584,14 @@ configure_stomp_connection() {
 	sec="${1}"
 	validate_stomp_connection_section "${1}" || {
 		log "Validation of stomp section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/stomp_/cpe-}"
 	get_base_path "Device.STOMP.Connection." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -565,18 +614,14 @@ configure_mqtt_client() {
 	sec="${1}"
 	validate_mqtt_client_section "${1}" || {
 		log "Validation of mqtt section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/mqtt_/cpe-}"
 	get_base_path "Device.MQTT.Client." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
-	fi
-
-	if [ -z "${ClientID}" ]; then
-		ClientID="${CLIENT_ID_PREFIX}-${sec}"
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -603,9 +648,6 @@ configure_obuspa() {
 	fi
 
 	if [ -n "${log_level}" ]; then
-		if [ "${log_level}" -gt "4" ]; then
-			log_level="4"
-		fi
 		procd_append_param command -v "${log_level}"
 	fi
 
@@ -634,13 +676,13 @@ configure_obuspa() {
 
 	if [ -n "${db_file}" ]; then
 		update_keep "${db_file}"
-		procd_append_param command -f "${db_file}"
-		if [ -f "${db_file}-journal" ]; then
-			log "SQL Journal detected ..."
-		fi
+		procd_append_param command -f "${SQL_DB_FILE}"
 	fi
 
 	if [ -f "${RESET_FILE}" ]; then
+		if [ -f "${SQL_DB_FILE}" ]; then
+			mv ${SQL_DB_FILE} ${SQL_DB_FILE}.old
+		fi
 		procd_append_param command -r ${RESET_FILE}
 	fi
 
@@ -659,34 +701,301 @@ configure_obuspa() {
 	fi
 }
 
-# Create factory reset file
-db_init()
+get_instances_from_db_dump()
 {
-	local reason
+	local obj inst
 
-	reason="${1}"
-	# remove usp.db, in case of reload
-	if [ -f "${OBUSPA_BOOT_MARKER}" ] && [ "${reason}" = "update" ]; then
-		log "Deleting ${OBUSPA_BOOT_MARKER} in order to enforce values from UCI..."
-		rm -f "${OBUSPA_BOOT_MARKER}"
+	obj="${1}\d+"
+	if [ ! -f "${DB_DUMP}" ]; then
+		echo ""
+		return 0;
 	fi
 
-	if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
+	inst="$(grep -oE "${obj}" "${DB_DUMP}"|uniq)"
+	echo "$inst"
+}
+
+get_param_value_from_dump()
+{
+	local param value
+
+	param="${1}"
+
+	if [ -z "${param}" ] || [ ! -f "${DB_DUMP}" ]; then
+		log "error getting param"
+		echo ""
 		return 0
 	fi
 
-	# Remove reset file if present
-	[ -f "${RESET_FILE}" ] && rm ${RESET_FILE}
+	value="$(grep "^${param} " ${DB_DUMP}|awk '{print $2}')"
 
-	CLIENT_ID_PREFIX="$(db -q get device.deviceinfo.ManufacturerOUI)"
-	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX}-$(db -q get device.deviceinfo.SerialNumber)"
-	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX//+/%2b}"
+	echo "${value//\"/}"
+}
+
+update_uci_sec()
+{
+	local sec tmp
+
+	sec="${1}"
+	stype="${2}"
+	if [ -z "$sec" ] || [ -z "$stype" ]; then
+		log "No section name, error"
+		return 0
+	fi
+
+	tmp="$(uci_get obuspa "${sec}")"
+	if [ "$tmp" != "$stype" ]; then
+		uci_add obuspa "${stype}" "${sec}"
+	fi
+}
+
+sync_db_controller()
+{
+	local cntrs copts sec pvalue protocol
+
+	copts="Enable EndpointID PeriodicNotifInterval"
+	popts="Destination Topic Host Port Path EnableEncryption"
+
+	cntrs="$(get_instances_from_db_dump Device.LocalAgent.Controller.)"
+	for cntr in $cntrs; do
+		sec="$(get_param_value_from_dump "${cntr}".Alias)"
+		sec="${sec/cpe-/controller_}"
+		sec="${sec/-/_}"
+
+		update_uci_sec "${sec}" controller
+		for param in ${copts}; do
+			pvalue="$(get_param_value_from_dump "${cntr}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+
+		protocol="$(get_param_value_from_dump "${cntr}".MTP.1.Protocol)"
+		if [ -z "${protocol}" ]; then
+			break;
+		fi
+		uci_set obuspa "${sec}" "Protocol" "${protocol}"
+		for param in ${popts}; do
+			pvalue="$(get_param_value_from_dump "${cntr}".MTP.1."${protocol}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+	done
+}
+
+sync_db_localagent_mtp()
+{
+	local mtps opts popts sec pvalue protocol
+
+	opts="Enable"
+	popts="ResponseTopicConfigured Destination Port Path EnableEncryption PublishQoS"
+
+	mtps="$(get_instances_from_db_dump Device.LocalAgent.MTP.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/mtp_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" mtp
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+
+		protocol="$(get_param_value_from_dump "${inst}".Protocol)"
+		if [ -z "${protocol}" ]; then
+			break;
+		fi
+		uci_set obuspa "${sec}" "Protocol" "${protocol}"
+		for param in ${popts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${protocol}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+	done
+}
+
+
+sync_db_mqtt_client()
+{
+	local mtps copts sec pvalue protocol
+
+	opts="Enable BrokerAddress BrokerPort Username ProtocolVersion TransportProtocol ClientID"
+
+	mtps="$(get_instances_from_db_dump Device.MQTT.Client.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/mqtt_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" mqtt
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+	done
+}
+
+sync_db_stomp_connection()
+{
+	local mtps copts sec pvalue protocol
+
+	opts="Enable Host Port Username EnableEncryption EnableHeartbeats VirtualHost"
+
+	mtps="$(get_instances_from_db_dump Device.STOMP.Connection.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/stomp_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" stomp
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+	done
+}
+
+sync_update_sec()
+{
+	local _sync
+	config_get _sync "${1}" _sync ""
+	if [ -z "${_sync}" ]; then
+		uci_remove obuspa "${1}"
+		log "Deleting obuspa.${1} section ..."
+	else
+		uci_remove obuspa "${1}" _sync
+	fi
+}
+
+sync_uci_with_db()
+{
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	config_load obuspa
+	sync_db_controller
+	sync_db_localagent_mtp
+	sync_db_mqtt_client
+	sync_db_stomp_connection
+	uci_commit obuspa
+
+	config_load obuspa
+	config_foreach sync_update_sec controller
+	config_foreach sync_update_sec mtp
+	config_foreach sync_update_sec mqtt
+	config_foreach sync_update_sec stomp
+	uci_commit obuspa
+}
+
+delete_sql_db_entry_with_pattern()
+{
+	local params pattern
+
+	pattern="${1}"
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	if [ "${#pattern}" -lt 7 ]; then
+		return 0;
+	fi
+
+	#log "Deleting with pattern [${pattern}] from ${DB_DUMP}"
+	sed -i "/${pattern}/d" ${DB_DUMP}
+}
+
+check_n_delete_db()
+{
+	local sec t r path
+
+	sec="${1}"
+	if uci -q get obuspa."${sec}" >/dev/null 2>&1; then
+		return 0
+	fi
+
+	t="${2}"
+	r="${3}"
+	sec="${sec/${t}_/cpe-}"
+
+	path=$(grep -E "${r}\d+.Alias \"${sec}\"" ${DB_DUMP})
+	path=${path%.*}
+
+	delete_sql_db_entry_with_pattern "${path}"
+}
+
+workaround_remove_download_pattern()
+{
+	local inst
+
+	inst="$(cat ${DB_DUMP} |grep -E "Device.DeviceInfo.FirmwareImage.\d.Download()"|grep -oE "Device.LocalAgent.Request.\d.")"
+
+	if [ -n "${inst}" ]; then
+		log "Workaround to remove the old download Request [$inst]"
+		delete_sql_db_entry_with_pattern "${inst}"
+	fi
+}
+
+reverse_update_db_with_uci()
+{
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	export UCI_CONFIG_DIR="/tmp/obuspa"
+	config_load obuspa
+	config_foreach check_n_delete_db controller controller "Device.LocalAgent.Controller."
+	config_foreach check_n_delete_db mtp mtp "Device.LocalAgent.MTP."
+	config_foreach check_n_delete_db mqtt mqtt "Device.MQTT.Client."
+	config_foreach check_n_delete_db stomp stomp "Device.STOMP.Connection."
+	unset UCI_CONFIG_DIR
+}
+
+# Create factory reset file
+db_init()
+{
+	local reason role_file
+
+	reason="${1}"
+	mkdir -p /tmp/obuspa/
+
+	# Load configuration
+	config_load $CONFIGURATION
+	config_get SQL_DB_FILE global db_file "/tmp/obuspa/usp.db"
+	config_get role_file global role_file ""
+
+	if [ -f "${SQL_DB_FILE}.old" ] && [ ! -f "${SQL_DB_FILE}" ]; then
+		log "Copying old db, since new db not present ..."
+		mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
+	fi
+
+	# Dump datamodel parameters from DB
+	if [ -f "${SQL_DB_FILE}" ]; then
+		dump_db
+	fi
+
+	# In case of Reboot or service restart update the uci
+        # from usp.db file
+	if [ -f "${DB_DUMP}" ] && [ "${reason}" != "update" ]; then
+		# Only do this if db have reasonable data
+		val="$(awk 'END{print NR}' ${DB_DUMP})"
+		if [ "$val" -gt 15 ]; then
+			log "Syncing obuspa uci with usp.db ...."
+			sync_uci_with_db
+		fi
+	fi
+
+	# remove entries from db if deleted from uci, only in case of reload
+	if [ -f "${DB_DUMP}" ] && [ "${reason}" = "update" ] && [ -f "/tmp/obuspa/obuspa" ]; then
+		log "Deleting entries from usp.db if uci not present ...."
+		reverse_update_db_with_uci
+	fi
+
+	# Remove reset file if present
+	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old
 
 	#log "Create reset file ...."
 	config_load $CONFIGURATION
 	config_get dualstack_pref global dualstack_pref "IPv6"
 
-	log "Enforcing UCI values, no boot marker found."
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@@ -702,12 +1011,21 @@ db_init()
 	global_init
 	config_foreach configure_challenges challenge
 
-	# enforce ctrust only on upgrades, not on reloads
-	if [ -f "${CTRUST_RESET_FILE}" ] && [ -z "${reason}" ]; then
-		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
-	fi
 	update_reset_reason
 	update_dual_stack_pref "${dualstack_pref}"
+
+	uci_commit ${CONFIGURATION}
+
+	cp /etc/config/obuspa /tmp/obuspa/
+	if [ -f "${DB_DUMP}" ]; then
+		workaround_remove_download_pattern
+		mv ${DB_DUMP} ${RESET_FILE}
+	fi
+
+	if [ -f "${CTRUST_RESET_FILE}" ]; then
+		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
+		rm ${CTRUST_RESET_FILE}
+	fi
 }
 
 start_service() {
@@ -719,18 +1037,21 @@ start_service() {
 
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then
-		procd_set_param command ${PROG}
 		db_init "${1}"
+		procd_set_param command ${PROG}
 		configure_obuspa
 		procd_set_param respawn \
 			"${respawn_threshold:-10}" \
 			"${respawn_timeout:-10}" "${respawn_retry:-5}"
+		#procd_set_param limits core="unlimited"
 	fi
 	procd_close_instance ${CONFIGURATION}
 }
 
 stop_service() {
-	${PROG} -c stop
+	if command -v timeout >/dev/null 2>&1; then
+		timeout 5 ${PROG} -c stop
+	fi
 }
 
 reload_service() {
@@ -739,6 +1060,5 @@ reload_service() {
 }
 
 service_triggers() {
-	export PROCD_RELOAD_DELAY=3000
 	procd_add_reload_trigger "obuspa"
 }

obuspa/files/etc/obuspa/usp_utils.sh

@@ -1,12 +1,10 @@
 #!/bin/sh
 
-CTRUST_RESET_FILE="/etc/obuspa/ctrust_reset"
+CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
 VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
 FW_DEFAULT_ROLE_DIR="/etc/users/roles"
 SECURE_ROLES=""
 
-CTRUST_RESET_FILE_TEMP="/tmp/obuspa/ctrust_reset"
-
 mkdir -p /tmp/obuspa/
 
 # include jshn.sh
@@ -25,9 +23,9 @@ db_add()
 	value="$*"
 
 	if [ -n "${param}" ] && [ -n "${value}" ]; then
-		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE_TEMP}
+		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE}
 	else
-		echo >>${CTRUST_RESET_FILE_TEMP}
+		echo >>${CTRUST_RESET_FILE}
 	fi
 }
 
@@ -254,10 +252,7 @@ configure_ctrust_role()
 	if [ -n "${SECURE_ROLES}" ]; then
 		db_add Device.LocalAgent.ControllerTrust.SecuredRoles "${SECURE_ROLES}"
 	fi
-
-	if [ -f "${CTRUST_RESET_FILE_TEMP}" ]; then
-		mv -f "${CTRUST_RESET_FILE_TEMP}" "${CTRUST_RESET_FILE}"
-	fi
 }
 
 # configure_ctrust_role "${@}"
+

obuspa/files/etc/uci-defaults/61-override-ct-roles

@@ -4,3 +4,5 @@
 . /etc/obuspa/usp_utils.sh
 
 configure_ctrust_role
+
+exit 0

obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user

@@ -8,7 +8,6 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
 CONTROLLER_DISCOVERED=0
-OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
 
 log()
 {
@@ -273,17 +272,6 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		fi
 	done
 
-	# Check if any of the existing controller section matches with the endpointid
-	if [ -z "${dhcp_controller}" ] && [ -n "${ENDPOINT_ID}" ]; then
-		for controller in $controllers; do
-			endpointid=$(uci -q get obuspa."${controller}".EndpointID)
-			if [ "${endpointid}" = "${ENDPOINT_ID}" ]; then
-				dhcp_controller="${controller}"
-				break
-			fi
-		done
-	fi
-
 	if [ -n "${dhcp_controller}" ]; then
 		cont_proto=$(uci -q get obuspa."${dhcp_controller}".Protocol)
 		if [ "${cont_proto}" = "MQTT" ]; then
@@ -388,7 +376,8 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				fi
 
 				if [ -z "${dhcp_mtp}" ]; then
-					uci -q set obuspa.dhcpmtp="mtp"
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
 					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
@@ -405,7 +394,8 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 					user="$(uci -q get obuspa.global.username)"
 					pass="$(uci -q get obuspa.global.password)"
 
-					uci -q set obuspa.dhcpmqtt="mqtt"
+					sec=$(uci -q add obuspa mqtt)
+					uci -q rename obuspa."${sec}"='dhcpmqtt'
 					dhcp_mqtt="dhcpmqtt"
 					uci -q set obuspa."${dhcp_mqtt}".Enable='1'
 					uci -q set obuspa."${dhcp_mqtt}".Username="${user}"
@@ -418,7 +408,8 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				uci -q set obuspa."${dhcp_mqtt}".ProtocolVersion='5.0'
 
 				if [ -z "${dhcp_mtp}" ]; then
-					uci -q set obuspa.dhcpmtp="mtp"
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
 					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
@@ -476,64 +467,64 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 			fi
 		fi
 	else
-		# Only setup a new controller, only if mandatory param present
-		if [ -n "${ENDPOINT_ID}" ] && [ -n "${URL}" ]; then
-			uci -q delete obuspa.dhcpmtp
-			uci -q delete obuspa.dhcpmqtt
+		uci -q delete obuspa.dhcpmtp
+		uci -q delete obuspa.dhcpmqtt
 
-			uci -q set obuspa.dhcpcontroller="controller"
-			uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
-			uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
-			uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
-			uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
-			uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
-			uci -q set obuspa.dhcpcontroller.Enable='1'
+		sec=$(uci -q add obuspa controller)
+		uci -q rename obuspa."${sec}"='dhcpcontroller'
+		uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
+		uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
+		uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
+		uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
+		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
+		uci -q set obuspa.dhcpcontroller.Enable='1'
 
-			if [ -n "${offered_proto}" ]; then
-				if [ "${offered_proto}" = "MQTT" ]; then
-					user="$(uci -q get obuspa.global.username)"
-					pass="$(uci -q get obuspa.global.password)"
+		if [ -n "${offered_proto}" ]; then
+			if [ "${offered_proto}" = "MQTT" ]; then
+				user="$(uci -q get obuspa.global.username)"
+				pass="$(uci -q get obuspa.global.password)"
 
-					uci -q set obuspa.dhcpcontroller.Topic="${topic}"
-					uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
+				uci -q set obuspa.dhcpcontroller.Topic="${topic}"
+				uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
 
-					uci -q set obuspa.dhcpmqtt="mqtt"
-					uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
-					uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
-					uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
-					uci -q set obuspa.dhcpmqtt.Enable='1'
-					uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
-					uci -q set obuspa.dhcpmqtt.Username="${user}"
-					uci -q set obuspa.dhcpmqtt.Password="${pass}"
+				sec=$(uci -q add obuspa mqtt)
+				uci -q rename obuspa."${sec}"='dhcpmqtt'
+				uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
+				uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
+				uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
+				uci -q set obuspa.dhcpmqtt.Enable='1'
+				uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
+				uci -q set obuspa.dhcpmqtt.Username="${user}"
+				uci -q set obuspa.dhcpmqtt.Password="${pass}"
 
 
-					agent_topic=$(get_agent_topic)
-					uci -q set obuspa.dhcpmtp="mtp"
-					uci -q set obuspa.dhcpmtp.Protocol='MQTT'
-					uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
-					uci -q set obuspa.dhcpmtp.Enable='1'
-					uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
-				else
-					uci -q set obuspa.dhcpcontroller.Path="${topic}"
-					uci -q set obuspa.dhcpcontroller.Host="${ip}"
-					uci -q set obuspa.dhcpcontroller.Port="${port}"
-					uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
+				agent_topic=$(get_agent_topic)
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+				uci -q set obuspa.dhcpmtp.Protocol='MQTT'
+				uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
+			else
+				uci -q set obuspa.dhcpcontroller.Path="${topic}"
+				uci -q set obuspa.dhcpcontroller.Host="${ip}"
+				uci -q set obuspa.dhcpcontroller.Port="${port}"
+				uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
 
-					uci -q set obuspa.dhcpmtp="mtp"
-					uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
-					uci -q set obuspa.dhcpmtp.Port="${port}"
-					uci -q set obuspa.dhcpmtp.Enable='1'
-					uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
-				fi
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+
+				uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
+				uci -q set obuspa.dhcpmtp.Port="${port}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
 			fi
-			uci_change=1
 		fi
+
+		uci_change=1
 	fi
 
 	if [ ${uci_change} -eq 1 ]; then
-		if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
-			rm -f "${OBUSPA_BOOT_MARKER}"
-		fi
 		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi

obuspa/patches/2005-set-sql-journal-mode.patch

@@ -1,28 +0,0 @@
-diff --git a/src/core/database.c b/src/core/database.c
-index 7ad9dae..edebd7c 100644
---- a/src/core/database.c
-+++ b/src/core/database.c
-@@ -955,6 +955,7 @@ void DATABASE_Dump(void)
- int OpenUspDatabase(char *db_file)
- {
-     int err;
-+    char *err_msg = 0;
- 
-     // Exit if unable to open the database
-     err = sqlite3_open(db_file, &db_handle);
-@@ -965,6 +966,15 @@ int OpenUspDatabase(char *db_file)
-         return USP_ERR_INTERNAL_ERROR;
-     }
- 
-+    // Execute the PRAGMA statement
-+    const char *sql = "PRAGMA journal_mode = MEMORY;";
-+    err = sqlite3_exec(db_handle, sql, 0, 0, &err_msg);
-+    if (err != SQLITE_OK) {
-+        USP_LOG_Error("%s: Failed to set journal_mode: %s", __func__, err_msg);
-+        sqlite3_free(err_msg);
-+        return USP_ERR_INTERNAL_ERROR;
-+    }
-+
-     // Exit if unable to create the data model parameter table (if it does not already exist)
-     #define CREATE_TABLE_STR "create table if not exists data_model (hash integer, instances text, value text, primary key (hash, instances));"
-     err = sqlite3_exec(db_handle, CREATE_TABLE_STR, NULL, NULL, NULL);

obuspa/patches/2006-force-db-update.patch

@@ -1,23 +0,0 @@
-diff --git a/src/core/database.c b/src/core/database.c
-index 7ad9dae..0bf9c90 100644
---- a/src/core/database.c
-+++ b/src/core/database.c
-@@ -1479,3 +1479,7 @@ int GetAllEntriesForParameter(db_hash_t hash, kv_vector_t *kvv)
-     return result;
- }
- 
-+void DATABASE_force_reset_file()
-+{
-+    schedule_factory_reset_init = true;
-+}
-diff --git a/src/core/database.h b/src/core/database.h
-index c88cf3a..376aa7a 100644
---- a/src/core/database.h
-+++ b/src/core/database.h
-@@ -67,5 +67,6 @@ void DATABASE_Dump(void);
- int DATABASE_ReadDataModelInstanceNumbers(bool remove_unknown_params);
- db_hash_t DATABASE_GetMigratedHash(db_hash_t hash);
- 
-+void DATABASE_force_reset_file();
- #endif
- 

parental-control/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=parental-control
-PKG_VERSION:=1.4.3
+PKG_VERSION:=1.3.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=f7ec652c763bf6ffd550bf7d51b2c125774b79af
+PKG_SOURCE_VERSION:=7ae6eaa6cc946ed05693bc84c61edbb16b1727bd
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

parental-control/files/etc/init.d/parentalcontrol

@@ -12,9 +12,7 @@ validate_global_section() {
 	uci_validate_section parentalcontrol globals globals \
 	    'enable:bool:1' \
 	    'loglevel:uinteger:3' \
-	    'queue_num:uinteger:53' \
 	    'bundle_path:string' \
-	    'default_wan_interface:string:wan' \
 	    'urlfilter:bool'
 }
 
@@ -26,12 +24,11 @@ remove_fw_rules() {
 }
 
 configure_fw_rules() {
-	local enable urlfilter queue_num
+	local enable urlfilter
 
 	config_load parentalcontrol
 	config_get_bool enable globals enable 0
 	config_get_bool urlfilter globals urlfilter 0
-	config_get queue_num globals queue_num 53
 
 	remove_fw_rules
 
@@ -40,11 +37,6 @@ configure_fw_rules() {
 		return 0
 	fi
 
-	if [ "${queue_num}" -lt 0 ] || [ "${queue_num}" -gt 65535 ]; then
-	        log "ERROR: queue_num not in 0-65535"
-		return 1
-	fi
-
 	if [ "${urlfilter}" -eq "1" ]; then
 		if [ ! -f "${OVERRIDE_JSON}" ]; then
 			# throw error
@@ -60,7 +52,7 @@ configure_fw_rules() {
 			fi
 
 			# this is for urlfilter daemon
-			add_iptables_nfqueue_rules "$queue_num"
+			add_iptables_nfqueue_rules
 		fi
 	fi
 
@@ -115,7 +107,7 @@ start_service() {
 
 	procd_open_instance "parentalcontrol"
 	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
-	procd_append_param command -l "${loglevel}"
+	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
 	procd_close_instance
 }
@@ -128,19 +120,11 @@ stop_service() {
 }
 
 reload_service() {
-	local arg="$1"
-
 	ret=$(ubus call service list '{"name":"parentalcontrol"}' | jsonfilter -qe '@.parentalcontrol.instances.parentalcontrol.running')
 	if [ "$ret" != "true" ]; then
 		stop
 		start
 	else
-		if [ "$arg" = "network" ]; then
-			pidof_sync="$(pidof sync_bundles.sh)"
-			[ -n "$pidof_sync" ] && kill "$pidof_sync"
-			sleep 5
-		fi
-
 		configure_fw_rules
 		copy_dhcp_leases
 		ubus send parentalcontrol.reload
@@ -148,19 +132,6 @@ reload_service() {
 }
 
 service_triggers() {
-	local enable urlfilter default_wan_interface 
-
-	validate_global_section || {
-		return 1
-	}
-
-	if [ "${urlfilter}" = "1" ] && [ "$enable" = "1" ] && [ -n "$default_wan_interface" ]; then
-		log "Adding interface trigger for $default_wan_interface"
-		procd_open_trigger
-		procd_add_interface_trigger "interface.*.up" "$default_wan_interface" /etc/init.d/parentalcontrol reload "network"
-		procd_close_trigger
-	fi
-
 	procd_add_reload_trigger "parentalcontrol"
 	procd_add_reload_trigger "schedules"
 }

parental-control/files/lib/parentalcontrol/parentalcontrol.sh

@@ -438,118 +438,102 @@ add_internet_schedule_rules() {
 }
 
 add_iptables_nfqueue_rules() {
-    local queue_num="$1"
+	local filter_used
 
-    # Check if urlfilter used
-    if ! uci show parentalcontrol | grep -q profile_urlfilter; then
-        return
-    fi
+	# Check if urlfilter used
+	if ! uci show parentalcontrol | grep -q profile_urlfilter; then
+		return
+	fi
 
-    # IPv4
-    # FORWARD
-    if ! iptables -w -nL | grep -q "URLFILTER_FORWARD"; then
-        iptables -w -N URLFILTER_FORWARD
-        iptables -w -I FORWARD 1 -j URLFILTER_FORWARD
+	# IPv4 rules
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		iptables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        # capture DNS responses (sport 53)
-        iptables -w -A URLFILTER_FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_FORWARD -p udp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
+		# INPUT: DNS replies to router, skip loopback
+		iptables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-        # HTTP/HTTPS flows
-        iptables -w -A URLFILTER_FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
+		# OUTPUT: DNS replies from router, skip loopback
+		iptables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # INPUT
-    if ! iptables -w -nL | grep -q "URLFILTER_INPUT"; then
-        iptables -w -N URLFILTER_INPUT
-        iptables -w -I INPUT 1 -j URLFILTER_INPUT
+		# HTTP/HTTPS flows for urlfilter
+		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        iptables -w -A URLFILTER_INPUT -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_INPUT -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 
-    # OUTPUT
-    if ! iptables -w -nL | grep -q "URLFILTER_OUTPUT"; then
-        iptables -w -N URLFILTER_OUTPUT
-        iptables -w -I OUTPUT 1 -j URLFILTER_OUTPUT
+	# IPv6 rules
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		ip6tables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        iptables -w -A URLFILTER_OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
+		# INPUT: DNS replies to router, skip loopback
+		ip6tables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # ebtables bypass for IPv4
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 6  --ip-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 6  --ip-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53    -j SKIPLOG 2>/dev/null
+		# OUTPUT: DNS replies from router, skip loopback
+		ip6tables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # IPv6
-    # FORWARD
-    if ! ip6tables -w -nL | grep -q "URLFILTER_FORWARD6"; then
-        ip6tables -w -N URLFILTER_FORWARD6
-        ip6tables -w -I FORWARD 1 -j URLFILTER_FORWARD6
+		# HTTP/HTTPS flows for urlfilter
+		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        ip6tables -w -A URLFILTER_FORWARD6 -p tcp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_FORWARD6 -p udp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-
-        ip6tables -w -A URLFILTER_FORWARD6 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_FORWARD6 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # INPUT
-    if ! ip6tables -w -nL | grep -q "URLFILTER_INPUT6"; then
-        ip6tables -w -N URLFILTER_INPUT6
-        ip6tables -w -I INPUT 1 -j URLFILTER_INPUT6
-
-        ip6tables -w -A URLFILTER_INPUT6 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_INPUT6 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # OUTPUT
-    if ! ip6tables -w -nL | grep -q "URLFILTER_OUTPUT6"; then
-        ip6tables -w -N URLFILTER_OUTPUT6
-        ip6tables -w -I OUTPUT 1 -j URLFILTER_OUTPUT6
-
-        ip6tables -w -A URLFILTER_OUTPUT6 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_OUTPUT6 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # ebtables bypass for IPv6
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6  --ip6-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6  --ip6-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53    -j SKIPLOG 2>/dev/null
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 }
 
 remove_iptables_nfqueue_rules() {
-    # IPv4
-    for chain in URLFILTER_FORWARD URLFILTER_INPUT URLFILTER_OUTPUT; do
-        if iptables -w -nL | grep -q "$chain"; then
-            iptables -w -D FORWARD -j $chain 2>/dev/null
-            iptables -w -D INPUT   -j $chain 2>/dev/null
-            iptables -w -D OUTPUT  -j $chain 2>/dev/null
-            iptables -w -F $chain
-            iptables -w -X $chain
-        fi
-    done
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		# DNS response rules
+		iptables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 6  --ip-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 6  --ip-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53    -j SKIPLOG 2>/dev/null
+		# HTTP/HTTPS
+		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # IPv6
-    for chain in URLFILTER_FORWARD6 URLFILTER_INPUT6 URLFILTER_OUTPUT6; do
-        if ip6tables -w -nL | grep -q "$chain"; then
-            ip6tables -w -D FORWARD -j $chain 2>/dev/null
-            ip6tables -w -D INPUT   -j $chain 2>/dev/null
-            ip6tables -w -D OUTPUT  -j $chain 2>/dev/null
-            ip6tables -w -F $chain
-            ip6tables -w -X $chain
-        fi
-    done
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6  --ip6-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6  --ip6-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53    -j SKIPLOG 2>/dev/null
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		# DNS response rules
+		ip6tables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS
+		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 }
 
 remove_internet_schedule_rules() {

parental-control/files/lib/parentalcontrol/sync_bundles.sh

@@ -161,23 +161,7 @@ handle_download_url() {
 		# If the URL is HTTP, fetch the file size
 		local bundle_file_size
 		if echo "$sanitized_url" | grep -qE "^https?://"; then
-			bundle_file_header="$(curl -Is --max-time 30 "$sanitized_url" 2>/var/log/urlfilter_curl_err.log)"
-			curl_rc=$?
-
-			case $curl_rc in
-				0)
-					# Success
-					;;
-				6|7|28|35|52|55|56)
-					log_info "handle_download_url: URL not reachable (curl rc=$curl_rc): ${sanitized_url}"
-					return 1
-					;;
-				*)
-					log_info "handle_download_url: unexpected curl rc=$curl_rc for ${sanitized_url}"
-					;;
-			esac
-
-			bundle_file_size="$(echo "$bundle_file_header" | grep -i 'content-length' | cut -d: -f2 | xargs)"
+			bundle_file_size="$(curl -I "$sanitized_url" 2>&1 | grep -i 'content-length' | cut -d: -f2 | xargs)"
 			[ -z "$bundle_file_size" ] && bundle_file_size=0
 		else
 			# If it's a file:// URL, get the file size from the filesystem

passwdqc/Makefile

@@ -30,7 +30,7 @@ define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		CC="$(TARGET_CC)" \
 		LDFLAGS="$(TARGET_LDFLAGS)" \
-		all_wrapped
+		pam_wrapped
 endef
 
 define Package/$(PKG_NAME)/install
@@ -39,9 +39,6 @@ define Package/$(PKG_NAME)/install
 
 	$(INSTALL_DIR) $(1)/usr/lib/security
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/pam_passwdqc.so $(1)/usr/lib/security/
-
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/pwqcheck $(1)/usr/sbin/
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

periodicstats/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=periodicstats
-PKG_VERSION:=1.6.3
+PKG_VERSION:=1.6.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/periodicstats.git
-PKG_SOURCE_VERSION:=351db77e982b1f4887e5878345fe98be72d262fb
+PKG_SOURCE_VERSION:=63c65f55d00442f5bc1f5a3100abf94e52cd0075
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ponmngr/files/common/etc/uci-defaults/60-xpon-generate

@@ -1,17 +1,13 @@
 #!/bin/sh
 
-. /lib/functions/system.sh
-. /lib/functions/iopsys-environment.sh
 
 configure_serial_number() {
 	# check if serial number is present in the production data
-	local production_sn="$(get_xpon_serial 2>/dev/null)"
-	[ ${#production_sn} -eq 12 ] || production_sn="$(fw_printenv -n gponsn)"
-
+	local production_sn="$(fw_printenv -n gponsn)"
 	if [ ${#production_sn} -eq 12 ]; then
 		uci set xpon.ani.serial_number="${production_sn}"
 	else
-		local macaddr="$(get_mac_label | tr -d ':' | tr 'a-z' 'A-Z')"
+		local macaddr="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
 		local vendor_id="IOPS"
 		local vssn="${macaddr:4:8}"
 
@@ -24,10 +20,8 @@ configure_ploam_password() {
 	local passwd="$(uci -q get xpon.ani.ploam_password)"
 
 	if [ -z "${passwd}" ]; then
-		local production_passwd="$(get_xpon_password 2>/dev/null)"
-		[ -n "${production_passwd}" ] || production_passwd="$(fw_printenv -n gponpswd)"
-
-		if [ -n "${production_passwd}" ]; then
+		local production_passwd="$(fw_printenv -n gponpswd)"
+		if [ -n ${#production_passwd} ]; then
 			uci set xpon.ani.ploam_password="${production_passwd}"
 			uci set xpon.ani.ploam_hexadecimalpassword=0
 		fi
@@ -42,12 +36,10 @@ configure_loid_authentication() {
 	local loidpwd="$(uci -q get xpon.ani.loid_password)"
 
 	if [ -z "${loid}" ]; then
-		production_loid="$(get_xpon_loid 2>/dev/null)"
-		[ -n "${production_loid}" ] || production_loid="$(fw_printenv -n gponloid)"
+		production_loid="$(fw_printenv -n gponloid)"
 	fi
 	if [ -z "${loidpwd}" ]; then
-		production_loidpwd="$(get_xpon_loid_password 2>/dev/null)"
-		[ -n "${production_loidpwd}" ] || production_loidpwd="$(fw_printenv -n gponloid_password)"
+		production_loidpwd="$(fw_printenv -n gponloid_password)"
 	fi
 
 	if [ -n "${production_loid}" ]; then
@@ -56,6 +48,7 @@ configure_loid_authentication() {
 	if [ -n "${production_loidpwd}" ]; then
 		uci set xpon.ani.loid_password="${production_loidpwd}"
 	fi
+
 }
 
 if [ -s "/etc/config/xpon" ]; then
@@ -79,3 +72,4 @@ uci set xpon.ani.enable="1"
 configure_serial_number
 configure_ploam_password
 configure_loid_authentication
+

qosmngr/Makefile

@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=qosmngr
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.1.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/qosmngr.git
-PKG_SOURCE_VERSION:=ee6692438c5d533758c2ea50624c049cda2d07da
+PKG_SOURCE_VERSION:=1a15f1da7a1474d29aad77b8ad3272fcf4b4f6d1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -32,7 +32,7 @@ define Package/qosmngr
   TITLE:=QoS Manager
   DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos +!(TARGET_brcmbca||TARGET_airoha):tc-full
   DEPENDS+=+kmod-ebt-vlantranslation +kmod-ebt-dscp2pbit +!(TARGET_brcmbca):ebtables-legacy
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +dm-agent
+  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +bridgemngr
 endef
 
 define Package/qosmngr/description

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -134,10 +134,6 @@ hw_init_all() {
     # set_wan_ingress_rate "0" - Not needed, done in policer.sh
     set_wan_egress_rate "0" "0"
 
-    # Don't put TCP ACKs into a high priority queue
-    echo 0 > /proc/qdma_lan/tcp_ack_flag
-    echo 0 > /proc/qdma_wan/tcp_ack_flag
-
     return 0
 }
 
@@ -439,6 +435,4 @@ hw_commit_all() {
             /userfs/bin/ifc add vip pbit $pbit
         done
     fi
-
-    hw_nat -! > /dev/null 2>&1
 }

qosmngr/files/airoha/usr/sbin/qos-uplink-bandwidth

@@ -14,13 +14,11 @@ PREV_LINKSPEED=$(cat ${LINKSPEED_FILE} 2>/dev/null)
 [ -z "${PREV_LINKSPEED}" ] && PREV_LINKSPEED=0
 
 if [ $((LINKSPEED)) -ne $((PREV_LINKSPEED)) -a $((LINKSPEED)) -ne 0 ]; then
-	if [ $((LINKSPEED)) -ge 100 ]; then
+	if [ $((LINKSPEED)) -ge 10000 ]; then
 		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000*999/1000))
 	else
-		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000*990/1000))
+		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000))
 	fi
 	mkdir -p "/tmp/qos"
 	echo ${LINKSPEED} > ${LINKSPEED_FILE}
-
-	hw_nat -! > /dev/null 2>&1
 fi

quickjs/Makefile

@@ -15,8 +15,6 @@ PKG_BUILD_PARALLEL:=1
 
 include $(INCLUDE_DIR)/package.mk
 
-TARGET_CFLAGS += -fPIC
-
 define Package/quickjs
   SECTION:=lang
   CATEGORY:=Languages

self-diagnostics/files/usr/share/self-diagnostics/spec/multiap.json

@@ -51,10 +51,6 @@
 			"description": "MAP Agent Backhaul Info",
 			"cmd": "ubus call map.agent backhaul_info"
 		},
-		{
-			"description": "MAP Agent Backhaul Status",
-			"cmd": "ubus call map.agent backhaul"
-		},
 		{
 			"description": "MAP Controller Status",
 			"cmd": "ubus call map.controller status"

ssdpd/src/datamodel.c

@@ -341,30 +341,6 @@ static int set_UPnPDevice_Enable(char *refparam, struct dmctx *ctx, void *data,
 	return 0;
 }
 
-/*#Device.UPnP.Device.UPnPIGD!UCI:upnpd/upnpd,config/igdv1*/
-static int get_UPnPDevice_UPnPIGD(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = dmuci_get_option_value_fallback_def("upnpd", "config", "igdv1", "1");
-	return 0;
-}
-
-static int set_UPnPDevice_UPnPIGD(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	bool b;
-
-	switch (action) {
-		case VALUECHECK:
-			if (bbfdm_validate_boolean(ctx, value))
-				return FAULT_9007;
-			return 0;
-		case VALUESET:
-			string_to_bool(value, &b);
-			dmuci_set_value("upnpd", "config", "igdv1", b ? "1" : "0");
-			return 0;
-	}
-	return 0;
-}
-
 static int get_UPnPDeviceCapabilities_UPnPArchitecture(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
 {
 	*value = "1";
@@ -833,12 +809,12 @@ DMLEAF tUPnPDeviceCapabilitiesParams[] = {
 DMLEAF tUPnPDeviceParams[] = {
 /* PARAM, permission, type, getvalue, setvalue, bbfdm_type, version*/
 {"Enable", &DMWRITE, DMT_BOOL, get_UPnPDevice_Enable, set_UPnPDevice_Enable, BBFDM_BOTH},
-{"UPnPIGD", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPIGD, set_UPnPDevice_UPnPIGD, BBFDM_BOTH},
 //{"UPnPMediaServer", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPMediaServer, set_UPnPDevice_UPnPMediaServer, BBFDM_BOTH},
 //{"UPnPMediaRenderer", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPMediaRenderer, set_UPnPDevice_UPnPMediaRenderer, BBFDM_BOTH},
 //{"UPnPWLANAccessPoint", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPWLANAccessPoint, set_UPnPDevice_UPnPWLANAccessPoint, BBFDM_BOTH},
 //{"UPnPQoSDevice ", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPQoSDevice , set_UPnPDevice_UPnPQoSDevice , BBFDM_BOTH},
 //{"UPnPQoSPolicyHolder", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPQoSPolicyHolder, set_UPnPDevice_UPnPQoSPolicyHolder, BBFDM_BOTH},
+//{"UPnPIGD", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPIGD, set_UPnPDevice_UPnPIGD, BBFDM_BOTH},
 //{"UPnPDMBasicMgmt", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPDMBasicMgmt, set_UPnPDevice_UPnPDMBasicMgmt, BBFDM_BOTH},
 //{"UPnPDMConfigurationMgmt", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPDMConfigurationMgmt, set_UPnPDevice_UPnPDMConfigurationMgmt, BBFDM_BOTH},
 //{"UPnPDMSoftwareMgmt", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPDMSoftwareMgmt, set_UPnPDevice_UPnPDMSoftwareMgmt, BBFDM_BOTH},

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.2.2
+PKG_VERSION:=5.1.1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=b2bf5c9615e0e81afb2e6bcbf6c75b347e24c705
+PKG_SOURCE_VERSION:=08195779cbc2d1d7410cb324b9e35692b0579a7e
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.2.2
+PKG_VERSION:=5.1.1
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=d270fcaec14aaf53b1a8983e71b2c61dec1ab1ed
+PKG_SOURCE_VERSION:=7f646ecf643967f4b4b2c545a31bbef0514b34bc
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,7 +28,7 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-plugin +usermngr +userinterface +obuspa
+	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa
 	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
 	EXTRA_DEPENDS:=nginx
 endef
@@ -98,12 +98,8 @@ define Package/sulu/install/Default
 	$(INSTALL_DIR) $(1)/sulu/
 	$(INSTALL_DIR) $(1)/etc/sulu
 
-	$(INSTALL_DATA) ./files/maintenance.html $(1)/sulu/
-	$(LN) /tmp/sulu $(1)/sulu/connection
-
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
 	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
-	$(INSTALL_BIN) ./files/etc/sulu/sulu_watcher.sh $(1)/etc/sulu/
 
 	$(INSTALL_DIR) $(1)/etc/users/roles
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
@@ -113,8 +109,6 @@ define Package/sulu/install/Default
 ifneq ($(CONFIG_SULU_DEFAULT_UI)$(CONFIG_SULU_BUILDER_DEFAULT_UI),)
 	$(INSTALL_DATA) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
 endif
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/
 endef
 
 define Package/sulu/install/Post

sulu/sulu-builder/files/etc/init.d/sulu

@@ -1,15 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=9
-STOP=01
-
-USE_PROCD=1
-
-PROG=/etc/sulu/sulu_watcher.sh
-
-start_service()
-{
-	procd_open_instance "sulu"
-	procd_set_param command ${PROG}
-	procd_close_instance "sulu"
-}

sulu/sulu-builder/files/etc/sulu/nginx.locations

@@ -8,10 +8,6 @@ location /sitemap.xml {
 	return 200 "User-agent: *\nDisallow: /\n";
 }
 
-location /maintenance.html {
-	internal;
-}
-
 location /wss {
 	proxy_pass_request_headers      on;
 	proxy_cache        off;
@@ -20,7 +16,7 @@ location /wss {
 	proxy_set_header Connection $connection_upgrade;
 	proxy_set_header    Host               $host;
 	proxy_set_header    X-Real-IP          $remote_addr;
-	proxy_set_header    X-Forwarded-For    $remote_addr;
+	proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
 	proxy_set_header    X-Forwarded-Host   $host;
 	proxy_set_header    X-Forwarded-Server $host;
 	proxy_set_header    X-Forwarded-Port   $server_port;
@@ -52,10 +48,5 @@ location / {
 	}
 	add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
 	add_header Pragma 'no-cache';
-
-	if (!-f $document_root/connection/ready) {
-		return 503;
-	}
-
 	expires 0;
 }

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -4,6 +4,7 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+#. /lib/functions/iopsys-environment.sh
 
 RESTART_REQ=0
 _RESTART_SERVICES="0"
@@ -169,20 +170,18 @@ _create_mosquitto_acl() {
 
 	users="$(_get_sulu_user_roles)"
 	if [ -f "${ACL_FILE}" ]; then
-		acl_users="$(awk '/^user / {print $2}' "${ACL_FILE}")"
-		for user in ${acl_users}; do
-			if ! echo "$users" | grep -qwF "$user"; then
+		acl_users="$(awk '/^user/ {print $2}' "${ACL_FILE}")"
+		for user in ${users}; do
+			if ! grep -q "$user" "${acl_users}"; then
 				rm -f "${ACL_FILE}"
-				RESTART_REQ="1"
-				break
 			fi
 		done
 	fi
-	[ -f "${ACL_FILE}" ] || touch "${ACL_FILE}"
+	touch "${ACL_FILE}"
 
 	agentid="$(_get_agent_id)"
 	for user in ${users}; do
-		if ! grep -qxF "user $user" "${ACL_FILE}"; then
+		if ! grep -q "user $user" "${ACL_FILE}"; then
 			{
 				echo "user ${user}"
 				echo "topic read  /usp/${agentid}/${user}/controller/reply-to"
@@ -201,7 +200,9 @@ _create_mosquitto_acl() {
 }
 
 update_obuspa_config() {
+
 	RESTART_REQ=0
+	uci_load obuspa
 	_update_obuspa_config_rbac
 	uci_commit obuspa
 
@@ -217,7 +218,7 @@ configure_sulu() {
 	generate_sulu_conn_config
 }
 
-while getopts ":r" opt; do
+while getopts ":rq" opt; do
 	case ${opt} in
 	r)
 		_RESTART_SERVICES="1"

sulu/sulu-builder/files/etc/sulu/sulu_watcher.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-if ! command -v obuspa >/dev/null 2>&1; then
-	exit 0
-fi
-
-USP_PATH="/tmp/sulu/"
-
-log() {
-	logger -t sulu_watcher "$*"
-}
-
-wait_for_obuspa() {
-	while true; do
-		ENDPOINTID="$(obuspa -c get Device.LocalAgent.EndpointID |grep Device.|awk '{print $3}')"
-		sleep 2
-		if [ -n "${ENDPOINTID}" ]; then
-			break;
-		fi
-	done
-}
-
-mark_usp_ready() {
-	mkdir -p "${USP_PATH}"
-	touch ${USP_PATH}/ready
-}
-
-wait_for_obuspa
-mark_usp_ready

sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config

@@ -1,16 +1,15 @@
 #!/bin/sh
 
-. /lib/functions.sh
 UCI_TEMPLATE="/etc/nginx/uci.conf.template"
 
 if [ ! -f "/etc/config/mosquitto" ]; then
-	logger -t sulu.ucidefault "Local mosquitto broker not available"
-	return 1
+	echo "Local mosquitto broker not available"
+	return 0
 fi
 
 if [ ! -f "${UCI_TEMPLATE}" ]; then
-	logger -t sulu.ucidefault "nginx utils not installed, sulu can't run"
-	return 1
+	echo "nginx utils not installed, sulu can't run"
+	return 0
 fi
 
 update_nginx_uci_template()
@@ -20,7 +19,7 @@ update_nginx_uci_template()
 	port="$(uci -q get mosquitto.sulu.port)"
 	port="${port:-9009}"
 
-	if ! grep -w "upstream websocket" ${UCI_TEMPLATE} | grep -wq "127.0.0.1:${port}"; then
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
 		sed -i '/#UCI_HTTP_CONFIG$/i\   map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
 		sed -i "/#UCI_HTTP_CONFIG$/i\   upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}
 	fi
@@ -28,30 +27,36 @@ update_nginx_uci_template()
 
 add_sulu_config_to_mosquitto()
 {
-	uci_add mosquitto listener sulu
-	uci_set mosquitto sulu enabled 1
-	uci_set mosquitto sulu port '9009'
-	uci_set mosquitto sulu no_remote_access '1'
-	uci_set mosquitto sulu protocol 'websockets'
-	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
-	uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
+	fi
 }
 
 add_sulu_userinterface_uci()
 {
-	if [ -f "/etc/config/userinterface" ]; then
+	uci_load userinterface
+
+	if ! uci_get userinterface _sulu_s >/dev/null 2>&1; then
 		uci_add userinterface http_access _sulu_s
 		uci_set userinterface _sulu_s path_prefix '/sulu'
 		uci_set userinterface _sulu_s port '8443'
-		uci_set userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations'
+		uci_add_list userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations'
 		uci_set userinterface _sulu_s _nginx_uci_manage_ssl 'self-signed'
 		uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt'
 		uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
 		uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none'
-		uci_set userinterface _sulu_s _nginx_error_page '503 /maintenance.html'
 		uci_set userinterface _sulu_s protocol 'HTTPS'
-		uci_set userinterface _sulu_s role 'admin user'
+		uci_add_list userinterface _sulu_s role 'admin'
+		uci_add_list userinterface _sulu_s role 'user'
+	fi
 
+	if ! uci_get userinterface _suluredirect >/dev/null 2>&1; then
 		uci_add userinterface http_access _suluredirect
 		uci_set userinterface _suluredirect redirect '_sulu_s'
 		uci_set userinterface _suluredirect protocol 'HTTP'

sulu/sulu-builder/files/etc/uci-defaults/41-make-sulu-default-ui

@@ -2,16 +2,23 @@
 
 . /lib/functions.sh
 
+uci_load nginx
+# this is to make sure to not mess up existing config
+if uci_get nginx _sulu_s >/dev/null 2>&1; then
+  exit 0
+fi
+
 update_default_nginx_listner() {
-  if [ ! -f "/etc/config/nginx" ]; then
-    return 0
+
+  if [ ! -f /etc/config/nginx ]; then
+    return
   fi
 
   if ! uci_get nginx _lan >/dev/null 2>&1; then
-    return 0
+    return
   fi
 
-  if ! opkg list-installed | grep -q "^luci "; then
+  if ! opkg list-installed |grep -q "luci "; then
     echo "Luci not installed, removing luci config"
     uci_remove nginx _lan
     uci_remove nginx _redirect2ssl
@@ -21,7 +28,7 @@ update_default_nginx_listner() {
     uci_add_list nginx _lan listen "[::]:8443 ssl default_server"
 
     if ! uci_get nginx _redirect2ssl >/dev/null 2>&1; then
-        return 0
+        return
     fi
 
     uci_remove nginx _redirect2ssl listen
@@ -32,19 +39,17 @@ update_default_nginx_listner() {
 }
 
 move_sulu_to_443_and_80() {
-  if ! config_load userinterface; then
-    return 0
+  uci_load userinterface
+  if [ ! -f /etc/config/userinterface ]; then
+    return
   fi
 
   set_port() {
-    local protocol port
-
+    local protocol
     config_get protocol "$1" protocol
-    config_get port "$1" port
-
-    if [ "$protocol" == "HTTPS" ] && [ "${port}" -eq "8443" ]; then
+    if [ "$protocol" == "HTTPS" ]; then
       uci_set userinterface "$1" port "443"
-    elif [ "$protocol" == "HTTP" ] && [ "${port}" -eq "8080" ]; then
+    elif [ "$protocol" == "HTTP" ]; then
       uci_set userinterface "$1" port "80"
     fi
   }

sulu/sulu-builder/files/etc/users/roles/admin.json

@@ -6,7 +6,554 @@
     "permission": [
       {
         "object": "Device.",
-        "perm": ["PERMIT_ALL"]
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Reboot()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SelfTestDiagnostics()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.FactoryReset()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Time.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UPnP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Bridging.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Ethernet.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv6.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Hosts.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.NAT.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Firewall.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_SET",
+          "PERMIT_SUBS_VAL_CHANGE"
+        ]
+      },
+      {
+        "object": "Device.Firewall.DMZ.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PPP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LANConfigSecurity.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SoftwareModules.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.Users.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.Subscription.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.WiFi.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SSH.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.CycleElement.{i}.Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
       }
     ]
   }

sulu/sulu-builder/files/etc/users/roles/user.json

@@ -2,19 +2,533 @@
   "tr181": {
     "name": "user",
     "instance": 5,
-    "secure_role": true,
     "permission": [
       {
         "object": "Device.",
-        "perm": ["PERMIT_ALL"]
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
       },
       {
-        "object": "Device.Firewall.Enable",
-        "perm": ["PERMIT_GET", "PERMIT_SUBS_VAL_CHANGE", "PERMIT_OBJ_INFO"]
+        "object": "Device.Reboot()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
       },
       {
-        "object": "Device.Firewall.Chain.*.Rule.",
+        "object": "Device.SelfTestDiagnostics()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.FactoryReset()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Time.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UPnP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Bridging.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Ethernet.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv6.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Hosts.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.NAT.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Firewall.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_SET",
+          "PERMIT_SUBS_VAL_CHANGE"
+        ]
+      },
+      {
+        "object": "Device.Firewall.DMZ.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PPP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LANConfigSecurity.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SoftwareModules.",
         "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.Users.User.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.LocalAgent.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.Subscription.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.WiFi.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SSH.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.CycleElement.{i}.Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
       }
     ]
   }

sulu/sulu-builder/files/maintenance.html

@@ -1,248 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Router Interface Loading...</title>
-    <style>
-      * {
-        margin: 0;
-        padding: 0;
-        box-sizing: border-box;
-      }
-
-      body {
-        font-family:
-          -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu,
-          sans-serif;
-        background: linear-gradient(135deg, #3399ff 0%, #012669 100%);
-        height: 100vh;
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        color: #fff;
-      }
-
-      .container {
-        text-align: center;
-        padding: 2rem;
-        background: rgba(255, 255, 255, 0.1);
-        border-radius: 20px;
-        backdrop-filter: blur(10px);
-        box-shadow: 0 20px 40px rgba(0, 0, 0, 0.1);
-        max-width: 400px;
-        width: 90%;
-      }
-
-      .spinner {
-        width: 60px;
-        height: 60px;
-        margin: 0 auto 2rem;
-        position: relative;
-      }
-
-      .spinner::before,
-      .spinner::after {
-        content: "";
-        position: absolute;
-        top: 0;
-        left: 0;
-        width: 100%;
-        height: 100%;
-        border-radius: 50%;
-        border: 3px solid transparent;
-        border-top-color: #fff;
-        animation: spin 1.5s ease-in-out infinite;
-      }
-
-      .spinner::after {
-        animation-delay: 0.15s;
-        border-top-color: rgba(255, 255, 255, 0.5);
-      }
-
-      @keyframes spin {
-        0% {
-          transform: rotate(0deg);
-        }
-        100% {
-          transform: rotate(360deg);
-        }
-      }
-
-      h1 {
-        font-size: 1.8rem;
-        margin-bottom: 1rem;
-        font-weight: 600;
-      }
-
-      p {
-        font-size: 1rem;
-        opacity: 0.9;
-        line-height: 1.5;
-        margin-bottom: 1rem;
-      }
-
-      .status {
-        font-size: 0.9rem;
-        opacity: 0.8;
-        margin-top: 1.5rem;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        gap: 0.5rem;
-      }
-
-      .status-dot {
-        width: 8px;
-        height: 8px;
-        background: #fff;
-        border-radius: 50%;
-        animation: pulse 1.5s ease-in-out infinite;
-      }
-
-      @keyframes pulse {
-        0%,
-        100% {
-          opacity: 0.3;
-        }
-        50% {
-          opacity: 1;
-        }
-      }
-
-      .retry-count {
-        font-size: 0.85rem;
-        opacity: 0.7;
-        margin-top: 0.5rem;
-      }
-
-      .error-message {
-        background: rgba(255, 59, 48, 0.2);
-        border: 1px solid rgba(255, 59, 48, 0.5);
-        padding: 0.75rem;
-        border-radius: 8px;
-        margin-top: 1rem;
-        font-size: 0.9rem;
-        display: none;
-      }
-    </style>
-  </head>
-  <body>
-    <div class="container">
-      <div class="spinner"></div>
-      <h1>Router Starting Up</h1>
-      <p>
-        The web interface is initializing. You'll be redirected automatically
-        once it's ready.
-      </p>
-
-      <div class="status">
-        <span class="status-dot"></span>
-        <span id="statusText">Checking availability...</span>
-      </div>
-
-      <div class="retry-count" id="retryCount"></div>
-      <div class="error-message" id="errorMessage"></div>
-    </div>
-
-    <script>
-      let retryCount = 0;
-      let checkInterval = 2000; // Start with 2 seconds
-      let maxInterval = 10000; // Max 10 seconds between checks
-      let consecutiveFailures = 0;
-      let maxConsecutiveFailures = 100; // Stop after 100 consecutive failures (~8-10 minutes)
-
-      function updateStatus(message) {
-        document.getElementById("statusText").textContent = message;
-      }
-
-      function updateRetryCount() {
-        retryCount++;
-        const retryElement = document.getElementById("retryCount");
-        retryElement.textContent = `Attempt ${retryCount}`;
-      }
-
-      function showError(message) {
-        const errorElement = document.getElementById("errorMessage");
-        errorElement.textContent = message;
-        errorElement.style.display = "block";
-      }
-
-      async function checkAvailability() {
-        updateRetryCount();
-        updateStatus("Connecting to router...");
-
-        try {
-          // Try to fetch the index page
-          const response = await fetch("/index.html", {
-            method: "HEAD", // Use HEAD to minimize bandwidth
-            cache: "no-cache",
-            mode: "no-cors", // Allow checking even with CORS restrictions
-          });
-
-          // If we get any response (even 404), the server is responding
-          // For a router, we typically want to redirect on 200 or 304
-          if (response.ok || response.status === 304) {
-            updateStatus("Router ready! Redirecting...");
-            consecutiveFailures = 0;
-
-            // Small delay for user feedback
-            setTimeout(() => {
-              window.location.reload();
-            }, 500);
-            return true;
-          } else if (response.status !== 503) {
-            // Server is responding but page not ready yet
-            updateStatus(`Server responding (${response.status}), waiting...`);
-            consecutiveFailures = 0;
-          }
-        } catch (error) {
-          // Network error - server not reachable
-          consecutiveFailures++;
-
-          if (consecutiveFailures > maxConsecutiveFailures) {
-            updateStatus("Connection timeout");
-            showError(
-              "Unable to connect to router. Please check your connection and refresh this page.",
-            );
-            return true; // Stop checking
-          }
-
-          updateStatus("Router not ready yet...");
-
-          // Implement exponential backoff
-          if (consecutiveFailures > 5) {
-            checkInterval = Math.min(checkInterval * 1.2, maxInterval);
-          }
-        }
-
-        return false;
-      }
-
-      async function startChecking() {
-        // Initial check
-        const isReady = await checkAvailability();
-        if (isReady) return;
-
-        // Continue checking
-        const intervalId = setInterval(async () => {
-          const isReady = await checkAvailability();
-          if (isReady) {
-            clearInterval(intervalId);
-          }
-        }, checkInterval);
-      }
-
-      // Start checking when page loads
-      window.addEventListener("DOMContentLoaded", () => {
-        // Small initial delay to show the UI
-        setTimeout(startChecking, 500);
-      });
-
-      // Also try to check if user clicks anywhere on the page
-      document.addEventListener("click", () => {
-        checkAvailability();
-      });
-    </script>
-  </body>
-</html>

sulu/sulu-theme-genexis/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-theme-genexis
-PKG_VERSION:=5.2.2
+PKG_VERSION:=5.1.1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/sulu-theme-genexis
-PKG_SOURCE_VERSION:=d329108aa49a0d57325cd8e639c80ba70c126f3f
+PKG_SOURCE_VERSION:=69b72c2e589a3f73db3cb219ee7f59ab40b1bf48
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sysmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sysmngr
-PKG_VERSION:=1.0.31
+PKG_VERSION:=1.0.28
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/sysmngr.git
-PKG_SOURCE_VERSION:=d84dd91e19ec8e2a6baf3efa9ff319bf9d6f746a
+PKG_SOURCE_VERSION:=5a3b6d0cbb023353c1b16069d68f203589b77e27
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

timemngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=timemngr
-PKG_VERSION:=1.1.13
+PKG_VERSION:=1.1.11
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/timemngr.git
-PKG_SOURCE_VERSION:=9817c0ad15dea444258c9e0de6975f43fdc3e99a
+PKG_SOURCE_VERSION:=af7ae9ba1f88321294c35ef7afa5a64fa3b459fa
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

timemngr/files/etc/uci-defaults/96-system-ntp-migrate

@@ -85,7 +85,6 @@ migrate_timemngr_config() {
 	fi
 
 	uci -q delete system.ntp
-	return 0
 }
 
 migrate_timemngr_config

tr104/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr104
-PKG_VERSION:=1.0.40
+PKG_VERSION:=1.0.39
 
 LOCAL_DEV:=0
 ifeq ($(LOCAL_DEV),0)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/voice/tr104.git
-PKG_SOURCE_VERSION:=f1dcd097b2e4531fabb6fa84b21225a91053ae11
+PKG_SOURCE_VERSION:=6ce4823424f856f8225a068e7f61f4f69ba8cb04
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

tr143/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr143
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.1.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/tr143d.git
-PKG_SOURCE_VERSION:=5f8404e01e5e4478de528027fa12717c1a2256f3
+PKG_SOURCE_VERSION:=11b197020693178449beab67a3411648fd924c36
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

userinterface/Config.in

@@ -20,16 +20,4 @@ config USERINTERFACE_HTTPACCESS_MIGRATE_NGINX_CONFIG
 	default n
 	help
 		Migrate nginx to userinterface on firmware upgrade
-
-config USERINTERFACE_VENDOR_EXTENSIONS
-	bool "Include vendor extensions for UserInterface object"
-	default y
-	help
-		Includes datamodel Vendor extensions for UserIntercace object
-
-config USERINTERFACE_VENDOR_PREFIX
-	depends on USERINTERFACE_VENDOR_EXTENSIONS
-	string "Vendor Prefix for userinterface datamodel extensions"
-	default ""
-
 endif

userinterface/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=userinterface
-PKG_VERSION:=1.1.9
+PKG_VERSION:=1.1.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/userinterface.git
-PKG_SOURCE_VERSION:=52f8bff5941c5e91d7ed8eed33cf5adf364960c5
+PKG_SOURCE_VERSION:=a5970a83b8ac79c4577edc6a994b850cdbe1c82f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -42,15 +42,6 @@ define Package/$(PKG_NAME)/config
         source "$(SOURCE)/Config.in"
 endef
 
-ifeq ($(CONFIG_USERINTERFACE_VENDOR_EXTENSIONS),y)
-TARGET_CFLAGS += -DUSERINTERFACE_VENDOR_EXTENSIONS
-ifeq ($(CONFIG_USERINTERFACE_VENDOR_PREFIX),"")
-TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
-else
-TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_USERINTERFACE_VENDOR_PREFIX)\\\"
-endif
-endif
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/userinterface/* $(PKG_BUILD_DIR)/

usermngr/Config.in

@@ -5,17 +5,4 @@ config USERMNGR_SECURITY_HARDENING
 	default y
 	help
 	   Enable this option to use PAM based faillock, passwdqc, faildelay for security hardening.
-
-config USERMNGR_ENABLE_VENDOR_EXT
-	depends on USERMNGR_SECURITY_HARDENING
-	bool "Expose vendor datamodel extensions."
-	default y
-	help
-	   Enable this option to expose TR181 vendor extensions.
-
-config USERMNGR_VENDOR_PREFIX
-	depends on USERMNGR_ENABLE_VENDOR_EXT
-	string "Package specific datamodel Vendor Prefix for TR181 extensions"
-	default ""
-
 endif

usermngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=usermngr
-PKG_VERSION:=1.4.6
+PKG_VERSION:=1.4.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/usermngr.git
-PKG_SOURCE_VERSION:=416c49b53ed2fbbc983f404c65b8a8ce722152bd
+PKG_SOURCE_VERSION:=4023f2045dbf498e332200eb1ee275b4a129483b
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -32,11 +32,10 @@ define Package/usermngr
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +bbfdmd
   DEPENDS+=+@BUSYBOX_CONFIG_ADDUSER +@BUSYBOX_CONFIG_DELUSER +@BUSYBOX_CONFIG_ADDGROUP +@BUSYBOX_CONFIG_DELGROUP +shadow-usermod
   DEPENDS+=+@BUSYBOX_CONFIG_CMP
-  DEPENDS+=+@USERMNGR_SECURITY_HARDENING:SHADOW_UTILS_USE_PAM
+  DEPENDS+=+@SHADOW_UTILS_USE_PAM
   DEPENDS+=+@USERMNGR_SECURITY_HARDENING:BUSYBOX_CONFIG_PAM
   DEPENDS+=+USERMNGR_SECURITY_HARDENING:linux-pam
   DEPENDS+=+USERMNGR_SECURITY_HARDENING:passwdqc
-  DEPENDS+=+USERMNGR_ENABLE_VENDOR_EXT:shadow-chage
   TITLE:=Package to add Device.Users. datamodel support
 endef
 
@@ -54,42 +53,21 @@ define Build/Prepare
 endef
 endif
 
-ifeq ($(CONFIG_USERMNGR_SECURITY_HARDENING),y)
-MAKE_FLAGS += USERMNGR_SECURITY_HARDENING=y
-endif
-
-ifeq ($(CONFIG_USERMNGR_ENABLE_VENDOR_EXT),y)
-MAKE_FLAGS += USERMNGR_ENABLE_VENDOR_EXT=y
-endif
-
-ifeq ($(CONFIG_USERMNGR_VENDOR_PREFIX),"")
-VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
-else
-VENDOR_PREFIX = $(CONFIG_USERMNGR_VENDOR_PREFIX)
-endif
-
-TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
-
 define Package/usermngr/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/etc/users/roles
-	$(INSTALL_DIR) $(1)/etc/users/schema
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-sync-shells $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-sync-roles $(1)/etc/uci-defaults/
 ifeq ($(CONFIG_USERMNGR_SECURITY_HARDENING),y)
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-security-hardening $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-set-ssh-pam $(1)/etc/uci-defaults/
-else
-	$(INSTALL_BIN) ./files/etc/uci-defaults/91-disabled-security $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/uci-defaults/91-unset-ssh-pam $(1)/etc/uci-defaults/
 endif
 	$(INSTALL_BIN) ./files/etc/init.d/users $(1)/etc/init.d/users
 	$(INSTALL_BIN) ./files/etc/config/users $(1)/etc/config/users
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/usermngr $(1)/usr/sbin/usermngr
-	$(CP) ./acl.schema.json $(1)/etc/users/schema/acl.schema.json
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 endef
 

usermngr/acl.schema.json

@@ -1,68 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "title": "TR-181 Permissions Schema",
-  "type": "object",
-  "properties": {
-    "tr181": {
-      "type": "object",
-      "required": ["name", "instance", "secure_role", "permission"],
-      "properties": {
-        "name": {
-          "type": "string",
-          "description": "Name of the TR-181 profile or configuration"
-        },
-        "instance": {
-          "type": "integer",
-          "description": "Instance identifier"
-        },
-        "secure_role": {
-          "type": "boolean",
-          "description": "Whether this role is secure"
-        },
-        "permission": {
-          "type": "array",
-          "description": "List of TR-181 permissions by object path",
-          "items": {
-            "type": "object",
-            "required": ["object", "perm"],
-            "properties": {
-              "object": {
-                "type": "string",
-                "description": "TR-181 object path or parameter name"
-              },
-              "perm": {
-                "type": "array",
-                "description": "List of permissions for the given object",
-                "items": {
-                  "type": "string",
-                  "enum": [
-                    "PERMIT_NONE",
-                    "PERMIT_ALL",
-                    "PERMIT_GET",
-                    "PERMIT_GET_INST",
-                    "PERMIT_OBJ_INFO",
-                    "PERMIT_CMD_INFO",
-                    "PERMIT_SET",
-                    "PERMIT_ADD",
-                    "PERMIT_DEL",
-                    "PERMIT_OPER",
-                    "PERMIT_SUBS_VAL_CHANGE",
-                    "PERMIT_SUBS_OBJ_ADD",
-                    "PERMIT_SUBS_OBJ_DEL",
-                    "PERMIT_SUBS_EVT_OPER_COMP"
-                  ]
-                },
-                "uniqueItems": true
-              }
-            },
-            "additionalProperties": false
-          },
-          "minItems": 1
-        }
-      },
-      "additionalProperties": false
-    }
-  },
-  "required": ["tr181"],
-  "additionalProperties": false
-}