netmode: use distinct rule names, for correct datamodel entries

There are differences in tar generation between OpenWrt 23.05 and 25.12.
This hash had been added automatically by the version-bump script
update_git_source_package.sh from maintainer-tools.  This causes the
build to fail on later OpenWrt versions such as 25.12. For now, skip
hash verification. Once we have moved to 25.

For now, we have multiple choices:
* backport changes done to tarball generation to 23.05-based OpenWrt
  branch
* only update hashes using OpenWrt 25.12 based branch (23.05-based
  branch will happily ignore and redownload in such cases, which is not
  an issue as long as we do not upload those tarballs
* use skip for now and do not use bump-script from OpenWrt and only
  adopt using proper hashes when we have moved to OpenWrt 25.12

Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>

bbfdm/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.18.12
+PKG_VERSION:=1.18.18
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=adfdb54d625b952c533670f093dae008782ff56a
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=fbf01a9e30e7ecccc2453af7abfbccf939e27d43
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -107,7 +107,7 @@ endif
 
 CMAKE_OPTIONS += \
 	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
-	-DBBFDMD_MAX_MSG_LEN:Integer=10485760 \
+	-DBBFDMD_MAX_MSG_LEN:Integer=20971520 \
 	-DCMAKE_BUILD_TYPE:String="Debug" \
 
 
@@ -149,10 +149,10 @@ define Package/bbfdmd/install
 
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) ./files/etc/hotplug.d/iface/85-bbfdm-sysctl $(1)/etc/hotplug.d/iface/85-bbfdm-sysctl
-
+	
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/bbf $(1)/lib/upgrade/keep.d/bbf
-
+	
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-fix-bbfdmd-enabled-option $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/ruleng.bbfdm $(1)/etc/uci-defaults

bbfdm/files/etc/bbfdm/critical_services.json

@@ -10,10 +10,8 @@
 			"/etc/bbfdm/dmmap/PPP",
 			"/etc/bbfdm/dmmap/Routing",
 			"/etc/config/dhcp",
-			"/etc/bbfdm/dmmap/dmmap_dhcp",
-			"/etc/bbfdm/dmmap/dmmap_dhcp_client",
-			"/etc/bbfdm/dmmap/dmmap_dhcp_relay",
-			"/etc/bbfdm/dmmap/dmmap_dhcpv6",
+			"/etc/bbfdm/dmmap/DHCPv4",
+			"/etc/bbfdm/dmmap/DHCPv6",
 			"/etc/config/time",
 			"/etc/bbfdm/dmmap/dmmap_time",
 			"/etc/config/mapcontroller",
@@ -36,10 +34,8 @@
 			"/etc/bbfdm/dmmap/PPP",
 			"/etc/bbfdm/dmmap/Routing",
 			"/etc/config/dhcp",
-			"/etc/bbfdm/dmmap/dmmap_dhcp",
-			"/etc/bbfdm/dmmap/dmmap_dhcp_client",
-			"/etc/bbfdm/dmmap/dmmap_dhcp_relay",
-			"/etc/bbfdm/dmmap/dmmap_dhcpv6",
+			"/etc/bbfdm/dmmap/DHCPv4",
+			"/etc/bbfdm/dmmap/DHCPv6",
 			"/etc/config/mapcontroller",
 			"/etc/config/wireless",
 			"/etc/bbfdm/dmmap/WiFi",

bbfdm/files/etc/init.d/bbfdm.services

@@ -5,7 +5,6 @@ STOP=05
 
 USE_PROCD=1
 PROG=/usr/sbin/dm-service
-DM_AGENT_PROG=/usr/sbin/dm-agent
 
 BBFDM_MICROSERVICE_DIR="/etc/bbfdm/services"
 
@@ -25,8 +24,7 @@ validate_bbfdm_micro_service_section()
 _add_microservice()
 {
 	local name path loglevel
-	local enable enable_core unified_daemon dm_framework
-	local daemon_prog
+	local enable enable_core unified_daemon
 
 	# Check enable from micro-service
 	path="${1}"
@@ -49,25 +47,14 @@ _add_microservice()
 		return 0
 	fi
 
-	json_get_var dm_framework dm-framework 0
-	if [ "${dm_framework}" -eq "1" ] || [ "${dm_framework}" = "true" ]; then
-		daemon_prog="${DM_AGENT_PROG}"
-	else
-		daemon_prog="${PROG}"
-	fi
-
 	json_select config
 	json_get_var loglevel loglevel 4
 
 	procd_open_instance "${name}"
 
-	procd_set_param command ${daemon_prog}
-
-	# Only add parameters for dm-service, not for dm-agent
-	if [ "${daemon_prog}" = "${PROG}" ]; then
-		procd_append_param command -m "${name}"
-		procd_append_param command -l "${loglevel}"
-	fi
+	procd_set_param command ${PROG}
+	procd_append_param command -m "${name}"
+	procd_append_param command -l "${loglevel}"
 
 	if [ "${enable_core}" -eq "1" ]; then
 		procd_set_param limits core="unlimited"

bbk_cli/Makefile

@@ -9,7 +9,7 @@ PKG_SOURCE_VERSION:=7b810a696c78b746185c11282bdbe3fb7f8c5d4b
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/dotse/bbk.git
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 

bootchart2/Makefile

@@ -15,7 +15,7 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/mmeeks/bootchart.git
 PKG_SOURCE_VERSION:=3ab81137cafe25c2ca4bc3a5f322a63646f9ce8d
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_LICENSE:=GPLv2

bridgemngr/Config.in

@@ -0,0 +1,23 @@
+if PACKAGE_bridgemngr
+
+config BRIDGEMNGR_BRIDGE_VLAN
+	bool "Use bridge-vlan backend"
+	help
+	   Set this option to use bridge-vlan as backend for VLAN objects.
+
+config BRIDGEMNGR_COPY_PBITS
+	bool "Copy pbits from cvlan to svlan"
+	default y
+	help
+	   Set this option to copy cvlan pbits to svlan pbits by default (driver vlan).
+
+config BRIDGEMNGR_BRIDGE_VENDOR_EXT
+	bool "Use bridge BBF vendor extensions"
+	default y
+	help
+	   Set this option to use bridge BBF vendor extensions.
+
+config BRIDGEMNGR_BRIDGE_VENDOR_PREFIX
+	string "Package specific datamodel Vendor Prefix for TR181 extensions"
+	default ""
+endif

bridgemngr/Makefile

@@ -0,0 +1,79 @@
+#
+# Copyright (C) 2020-2024 iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=bridgemngr
+PKG_VERSION:=1.1.6
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr.git
+PKG_SOURCE_VERSION:=882f8c8cc9a97372297d192cc916c4f8ffe7c25a
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/bridgemngr
+ CATEGORY:=Utilities
+ TITLE:=Bridge Manager
+ DEPENDS:=+libuci +libubox +libubus +libblobmsg-json
+ DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+endef
+
+define Package/bridgemngr/description
+	Package to add Device.Bridging. data model support.
+endef
+
+define Package/$(PKG_NAME)/config
+	source "$(SOURCE)/Config.in"
+endef
+
+MAKE_PATH:=src
+
+ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_PREFIX),"")
+VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
+else
+VENDOR_PREFIX = $(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_PREFIX)
+endif
+
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
+
+ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VLAN),y)
+	TARGET_CFLAGS += -DBRIDGE_VLAN_BACKEND
+endif
+
+ifeq ($(CONFIG_BRIDGEMNGR_COPY_PBITS),y)
+	TARGET_CFLAGS+=-DBRIDGEMNGR_COPY_PBITS
+endif
+
+define Package/bridgemngr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+
+	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libbridgemngr.so $(1) $(PKG_NAME)
+ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_EXT), y)
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libbridgeext.so $(1) $(PKG_NAME) 10
+	$(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/VLAN_Filtering_Extension.json $(1) $(PKG_NAME) 11
+endif
+
+	$(INSTALL_BIN) ./files/etc/init.d/bridging $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/config/bridging $(1)/etc/config/
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) ~/git/bridgemngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+$(eval $(call BuildPackage,bridgemngr))

bridgemngr/bbfdm_service.json

@@ -2,7 +2,6 @@
   "daemon": {
     "enable": "1",
     "service_name": "bridgemngr",
-    "dm-framework": true,
     "unified_daemon": false,
     "services": [
       {

bridgemngr/files/VLAN_Filtering_Extension.json

@@ -0,0 +1,31 @@
+{
+	"json_plugin_version": 2,
+	"Device.Bridging.Bridge.{i}.": {
+		"type": "object",
+		"protocols": [
+			"cwmp",
+			"usp"
+		],
+		"access": true,
+		"array": true,
+		"{BBF_VENDOR_PREFIX}VLANFiltering": {
+			"type": "boolean",
+			"read": true,
+			"write": true,
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"datatype": "boolean",
+			"description": "Enable or disable VLAN Filtering on this bridge.",
+			"mapping": [
+				{
+					"data": "@Parent",
+					"type": "uci_sec",
+					"key": "vlan_filtering"
+				}
+			]
+		}
+	}
+}
+

bridgemngr/files/etc/init.d/bridging

@@ -77,7 +77,6 @@ handle_ebtables_rule() {
 }
 
 start_service() {
-	ubus -t 30 wait_for network.device uci
 	config_load bridging
 	config_foreach handle_ebtables_chain chain
 	config_foreach handle_ebtables_rule rule

bulkdata/Makefile

@@ -14,7 +14,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
 PKG_SOURCE_VERSION:=f54550f2d587a701c0a8d5cac4a0910a99ce92cf
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

bulut/Makefile

@@ -11,7 +11,7 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bulut/bulut-gw-client.git
 PKG_SOURCE_VERSION:=227700c44817afa2c392fa08bf4cf70fa6177f01
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

ddnsmngr/Makefile

@@ -12,7 +12,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ddnsmngr.git
 PKG_SOURCE_VERSION:=44af9a7b3fec3929f8554af9633a5b8068189b48
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

decollector/Makefile

@@ -6,14 +6,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.2.7
+PKG_VERSION:=6.2.3.9
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=9d1399c09f55da14a8de55828ba57c0e296ce62f
+PKG_SOURCE_VERSION:=d1d948a48952fe2091e84af1293a6e77857439cf
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.11
+PKG_VERSION:=3.7.13
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=815ee44808169b8e1efa2cac44bd7d238ad33cdc
+PKG_SOURCE_VERSION:=5c2720563b3ed889e9d4de6fdb9b0f6a9d584094
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -20,7 +20,7 @@ export BUILD_DIR
 
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_BUILD_PARALLEL:=1
 
 include $(INCLUDE_DIR)/package.mk

dhcpmngr/Config.in

@@ -0,0 +1,12 @@
+if PACKAGE_dhcpmngr
+
+config DHCPMNGR_ENABLE_VENDOR_EXT
+	bool "Use datamodel vendor extensions"
+	default y
+	help
+	   Set this option to use bridge BBF vendor extensions.
+
+config DHCPMNGR_VENDOR_PREFIX
+	string "Package specific datamodel Vendor Prefix for TR181 extensions"
+	default ""
+endif

dhcpmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dhcpmngr
-PKG_VERSION:=1.0.6
+PKG_VERSION:=1.1.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
-PKG_SOURCE_VERSION:=986f66608959f4f589009d580b046e250d8c620d
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=74d96cd70119e4ea08767d68b45b4922162d0328
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -39,6 +39,22 @@ define Package/dhcpmngr/description
   Package to add Device.DHCPv4. and Device.DHCPv6. data model support.
 endef
 
+define Package/$(PKG_NAME)/config
+        source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(CONFIG_DHCPMNGR_ENABLE_VENDOR_EXT),y)
+MAKE_FLAGS += DHCPMNGR_ENABLE_VENDOR_EXT=y
+endif
+
+ifeq ($(CONFIG_DHCPMNGR_VENDOR_PREFIX),"")
+VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
+else
+VENDOR_PREFIX = $(CONFIG_DHCPMNGR_VENDOR_PREFIX)
+endif
+
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/dhcpmngr/* $(PKG_BUILD_DIR)/

dm-framework/Makefile

@@ -1,207 +0,0 @@
-#
-# Copyright (c) 2023 Genexis B.V. All rights reserved.
-# This Software and its content are protected by the Dutch Copyright Act
-# ('Auteurswet'). All and any copying and distribution of the software
-# and its content without authorization by Genexis B.V. is
-# prohibited. The prohibition includes every form of reproduction and
-# distribution.
-#
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=dm-framework
-PKG_VERSION:=1.0.0
-PKG_RELEASE:=1
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/lcm/dm-framework.git
-PKG_SOURCE_VERSION:=37dade4a2df6eaf6a4291a06ac776641ed81a79e
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-# Build directories for each component
-DATAMODELS_BUILD_DIR:=$(PKG_BUILD_DIR)/datamodels-build
-DMAPI_BUILD_DIR:=$(PKG_BUILD_DIR)/dm-api-build
-DMAGENT_BUILD_DIR:=$(PKG_BUILD_DIR)/dm-agent-build
-
-include $(INCLUDE_DIR)/package.mk
--include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
-
-#
-# Datamodels Package Definition
-#
-define Package/datamodels
-  SECTION:=utils
-  CATEGORY:=Genexis
-  TITLE:=dm-framework Datamodel
-  URL:=http://www.genexis.eu
-  PKG_LICENSE:=GENEXIS
-  PKG_LICENSE_URL:=
-endef
-
-define Package/datamodels/description
- This package contains dm-framework datamodel.
-endef
-
-#
-# DM-API Package Definition
-#
-define Package/dm-api
-  CATEGORY:=Genexis
-  TITLE:=dm-api
-  PKG_BUILD_DEPENDS:=datamodels
-  DEPENDS:=+libsqlite3 \
-        +libjson-c +libstdcpp +quickjs \
-        +libubus +libubox +libuci
-  URL:=http://www.genexis.eu
-  PKG_LICENSE:=GENEXIS
-  PKG_LICENSE_URL:=
-endef
-
-define Package/dm-api/description
- This package contains api for the dm-framework
-endef
-
-#
-# DM-Agent Package Definition
-#
-define Package/dm-agent
-  DEPENDS:=+dm-api +datamodels +libubox +libubus +ubus
-  CATEGORY:=Genexis
-  TITLE:=dm-framework agent
-  URL:=http://www.genexis.eu
-  PKG_LICENSE:=GENEXIS
-  PKG_LICENSE_URL:=
-endef
-
-define Package/dm-agent/description
- This package contains dm-framework agent.
-endef
-
-#
-# Build Preparation
-#
-define Build/Prepare
-	$(call Build/Prepare/Default)
-	
-	# Prepare datamodels
-	mkdir -p $(DATAMODELS_BUILD_DIR)
-	$(CP) -rf $(PKG_BUILD_DIR)/datamodels/* $(DATAMODELS_BUILD_DIR)/
-	# Copy scripts from top-level scripts directory
-	mkdir -p $(DATAMODELS_BUILD_DIR)/scripts
-	$(CP) -rf $(PKG_BUILD_DIR)/scripts/* $(DATAMODELS_BUILD_DIR)/scripts/
-	cd $(DATAMODELS_BUILD_DIR); \
-	  npm install better-sqlite3 quickjs && \
-	  node ./scripts/json2code.js && \
-	  node ./scripts/qjs-handlers-validate.js
-
-	# Prepare dm-api
-	mkdir -p $(DMAPI_BUILD_DIR)
-	$(CP) -rf $(PKG_BUILD_DIR)/dm-api/* $(DMAPI_BUILD_DIR)/
-
-	# Prepare dm-agent
-	mkdir -p $(DMAGENT_BUILD_DIR)
-	$(CP) -rf $(PKG_BUILD_DIR)/dm-agent/* $(DMAGENT_BUILD_DIR)/
-endef
-
-TARGET_CFLAGS += $(FPIC)
-
-#
-# Build Compilation
-#
-define Build/Compile
-	# Build datamodels first (dependency for others)
-	$(MAKE) -C $(DATAMODELS_BUILD_DIR)\
-		PROJECT_ROOT="$(DATAMODELS_BUILD_DIR)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		ARCH="$(LINUX_KARCH)" \
-		EXTRA_CFLAGS="$(TARGET_CFLAGS) -I$(DATAMODELS_BUILD_DIR)" \
-		all
-
-	# Build dm-api (depends on datamodels)
-	$(MAKE) -C $(DMAPI_BUILD_DIR)\
-		PROJECT_ROOT="$(DMAPI_BUILD_DIR)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		ARCH="$(LINUX_KARCH)" \
-		EXTRA_CFLAGS="$(TARGET_CFLAGS) -I$(DMAPI_BUILD_DIR)" \
-		all
-
-	# Build dm-agent (depends on both)
-	$(MAKE) -C $(DMAGENT_BUILD_DIR)\
-		PROJECT_ROOT="$(DMAGENT_BUILD_DIR)" \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		ARCH="$(LINUX_KARCH)" \
-		EXTRA_CFLAGS="$(TARGET_CFLAGS) -I$(DMAGENT_BUILD_DIR)" \
-		all
-endef
-
-#
-# Development Installation (headers and libraries)
-#
-define Build/InstallDev
-	# Datamodels development files
-	$(INSTALL_DIR) $(1)/usr/include
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(DATAMODELS_BUILD_DIR)/dm.h $(1)/usr/include/
-	$(CP) $(DATAMODELS_BUILD_DIR)/libdm.so $(1)/usr/lib/
-
-	# DM-API development files - headers are now in dm-api/include/
-	$(CP) $(DMAPI_BUILD_DIR)/include/dm_types.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/include/dm_node.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/core/dm_api.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/core/dm_linker.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/core/dbmgr.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/include/dm_log.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/utils/dm_list.h $(1)/usr/include/
-	$(CP) $(DMAPI_BUILD_DIR)/libdmapi.so $(1)/usr/lib/
-endef
-
-#
-# Package Installation - Datamodels
-#
-define Package/datamodels/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/bbfdm
-	$(INSTALL_DIR) $(1)/usr/lib/dmf_handlers
-	$(INSTALL_BIN) $(DATAMODELS_BUILD_DIR)/default.db $(1)/etc/bbfdm/default_dm.db
-	$(INSTALL_BIN) $(DATAMODELS_BUILD_DIR)/libdm.so $(1)/usr/lib/
-	# Copy handler files from datamodels directory (new structure)
-	# Copy .js files from root datamodels directory
-	( cd $(DATAMODELS_BUILD_DIR); \
-	  find . -maxdepth 1 -type f -name '*.js' -not -path './.*' -exec $(INSTALL_BIN) {} $(1)/usr/lib/dmf_handlers/{} \; )
-	# Copy .js files from subdirectories, preserving folder structure (skip hidden files/folders)
-	( cd $(DATAMODELS_BUILD_DIR); \
-	  find . -type d -mindepth 1 -not -path './.*' -not -path './scripts*' -exec $(INSTALL_DIR) $(1)/usr/lib/dmf_handlers/{} \; ; \
-	  find . -type f -name '*.js' -mindepth 2 -not -path './.*' -not -path './scripts*' -exec $(INSTALL_BIN) {} $(1)/usr/lib/dmf_handlers/{} \; )
-endef
-
-#
-# Package Installation - DM-API
-#
-define Package/dm-api/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/sbin/
-	$(INSTALL_BIN) $(DMAPI_BUILD_DIR)/libdmapi.so $(1)/usr/lib/
-endef
-
-#
-# Package Installation - DM-Agent
-#
-define Package/dm-agent/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_BIN) ./files/etc/init.d/bridging $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/etc/config/bridging $(1)/etc/config/
-	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) dm-agent
-	$(INSTALL_BIN) $(DMAGENT_BUILD_DIR)/dm-agent $(1)/usr/sbin
-endef
-
-# Register all three packages
-$(eval $(call BuildPackage,datamodels))
-$(eval $(call BuildPackage,dm-api))
-$(eval $(call BuildPackage,dm-agent))

dmcli-plugins/Makefile

@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2023 Genexis Netherlands B.V. All rights reserved.
+# This Software and its content are protected by the Dutch Copyright Act
+# ('Auteurswet'). All and any copying and distribution of the software
+# and its content without authorization by Genexis Netherlands B.V. is
+# prohibited. The prohibition includes every form of reproduction and
+# distribution.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmcli-plugins
+PKG_LICENSE:=PROPRIETARY GENEXIS
+PKG_VERSION:=2.2.6
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli-plugin-easydm.git
+PKG_SOURCE_VERSION:=bc8b8527e8a41bdba73cb277a3c6c3b42b045153
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dmcli-plugins
+  SECTION:=tools
+  CATEGORY:=Genexis
+  TITLE:=Easy-to-use data model on top of TR181
+  URL:=http://genexis.eu
+  DEPENDS:=+dmcli
+endef
+
+define Package/dmcli-plugins/description
+  EasyDM offers a user-friendly approach to configuring TR-181
+  simplifying the process with its intuitive interface.
+endef
+
+define Build/Compile
+	true
+endef
+
+define Package/dmcli-plugins/install
+	$(INSTALL_DIR) $(1)/usr/lib/dmcli/plugins
+	$(CP) $(PKG_BUILD_DIR)/src/*.js $(1)/usr/lib/dmcli/plugins/
+endef
+
+$(eval $(call BuildPackage,dmcli-plugins))

dmcli/Config.in

@@ -0,0 +1,9 @@
+if PACKAGE_dmcli
+
+config DMCLI_REMOTE_CONNECTION
+        bool "Add dmcli remote controller configuration"
+        default n
+        help
+                This adds a usp controller configuration for dmcli remote connection from different machine/laptop/server.
+
+endif

dmcli/Makefile

@@ -0,0 +1,76 @@
+#
+# Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
+# This Software and its content are protected by the Dutch Copyright Act
+# ('Auteurswet'). All and any copying and distribution of the software
+# and its content without authorization by Genexis Netherlands B.V. is
+# prohibited. The prohibition includes every form of reproduction and
+# distribution.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmcli
+PKG_LICENSE:=PROPRIETARY GENEXIS
+PKG_VERSION:=1.9.6
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli.git
+PKG_SOURCE_VERSION:=f03188eff6c2cab59e4c8f18a435c940ff5043f5
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dmcli
+  SECTION:=tools
+  CATEGORY:=Genexis
+  TITLE:=DMCLI (datamodel-based CLI)
+  URL:=http://genexis.eu
+  DEPENDS:=+usp-js +DMCLI_REMOTE_CONNECTION:mosquitto-auth-plugin +shadow-utils +@BUSYBOX_CONFIG_ADDUSER
+endef
+
+define Package/dmcli/description
+  CLI to view and configure datamodels of CPE
+endef
+
+define Package/dmcli/conffiles
+/etc/dmcli/dmcli.conf
+endef
+
+define Package/dmcli/config
+	source "$(SOURCE)/Config.in"
+endef
+
+define Package/dmcli/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dmcli $(1)/usr/bin/
+
+	$(INSTALL_DIR) $(1)/usr/lib/dmcli
+	$(CP) $(PKG_BUILD_DIR)/common $(1)/usr/lib/dmcli/
+	mv $(1)/usr/lib/dmcli/common/os_qjs.js $(1)/usr/lib/dmcli/common/os.js
+	rm $(1)/usr/lib/dmcli/common/os_node.js
+	$(CP) $(PKG_BUILD_DIR)/core $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/cli $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/data $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/plugins $(1)/usr/lib/dmcli/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli $(1)/etc/uci-defaults/
+ifeq ($(CONFIG_DMCLI_REMOTE_CONNECTION),y)
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote $(1)/etc/uci-defaults/
+else
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote-remove $(1)/etc/uci-defaults/
+endif
+
+	$(INSTALL_DIR) $(1)/etc/dmcli
+	$(CP) ./files/etc/dmcli/dmcli.acl $(1)/etc/dmcli/
+	$(CP) ./files/etc/dmcli/dmcli.conf $(1)/etc/dmcli/
+
+	$(INSTALL_DIR) $(1)/etc/users/roles/
+	$(INSTALL_DATA) ./files/etc/users/roles/operator.json $(1)/etc/users/roles/
+endef
+
+$(eval $(call BuildPackage,dmcli))

dmcli/files/etc/dmcli/dmcli.acl

@@ -0,0 +1,4 @@
+user operator
+topic read /usp/operator/controller/reply-to
+topic read /usp/operator/controller
+topic write /usp/operator/endpoint

dmcli/files/etc/dmcli/dmcli.conf

@@ -0,0 +1,45 @@
+{
+   "Settings": {
+      "USP": {
+         "ActiveConnectionProfile": "local",
+         "ConnectionProfile": [
+            {
+               "Name": "local",
+               "Host": "127.0.0.1",
+               "Port": 9002,
+               "Username": "operator",
+               "Protocol": "ws",
+               "FromId": "oui:000F94:device-controller-operator",
+               "PublishEndpoint": "/usp/operator/endpoint",
+               "SubscribeEndpoint": "/usp/operator/controller"
+            }
+         ],
+         "Session": {
+            "AutoStart": false
+         },
+         "Notification": {
+            "LogTo": "console",
+            "Format": "brief",
+            "LogFile": "usp-notification.log"
+         }
+      },
+      "CLI": {
+         "Home": "/",
+         "Color": "true",
+         "Mode": "Command",
+         "ShowCommandTime": false,
+         "SortDMTree": false
+      },
+      "Prompt": {
+         "Auto": true,
+         "Color": "default",
+         "SelectedBackgroundColor": "yellow",
+         "PageSize": "3",
+         "AutoPromptOnEmptyCommand": false,
+         "AutoPromptInstanceNumbers": false
+      },
+      "Log": {
+         "Level": "Error"
+      }
+   }
+}

dmcli/files/etc/uci-defaults/36-dmcli

@@ -0,0 +1,120 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /lib/functions/iopsys-environment.sh
+. /usr/share/libubox/jshn.sh
+
+DMCLI_CONF="/etc/dmcli/dmcli.conf"
+CONTROLLER_ID='oui:000F94:device-controller-operator'
+DMCLI_RESP_TOPIC="/usp/operator/endpoint"
+DMCLI_CTRL_TOPIC="/usp/operator/controller"
+DMCLI_PORT="9002"
+
+grep -q "^operator:" /etc/passwd || {
+	adduser -g 'Operator' -D -H -s /usr/bin/dmcli --home '/usr/lib/dmcli' 'operator'
+	hash=""
+	if type get_operator_password_hash > /dev/null 2>&1; then
+		hash=$(get_operator_password_hash)
+	fi
+	if [ -z "$hash" ]; then
+		hash='$6$zP4Wk/VQJOLwwofC$teuhnYFQBcA8YUZo/Q0quDMi4SsOHmfBcyvt5VNchPnzgwF1nfNNliC3yBVW22NwmwttPEWeBEBfnMTBB0rYs/'
+	fi
+	echo "operator:${hash}" | chpasswd -e
+}
+
+grep -q "^/usr/bin/dmcli$" /etc/shells || {
+	echo '/usr/bin/dmcli' >> /etc/shells
+}
+
+uci -q del_list sshd.@sshd[0].AllowUsers='operator'
+uci -q add_list sshd.@sshd[0].AllowUsers='operator'
+
+uci -q delete users.operator
+uci -q set users.operator=user
+uci -q set users.operator.enabled=1
+uci -q set users.operator.shell='dmcli'
+uci -q set users.operator.member_roles='operator'
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_add mosquitto listener dmcli_local
+	uci_set mosquitto dmcli_local enabled 1
+	uci_set mosquitto dmcli_local port "${DMCLI_PORT}"
+	uci_set mosquitto dmcli_local protocol 'websockets'
+	uci_set mosquitto dmcli_local acl_file '/etc/dmcli/dmcli.acl'
+	uci_set mosquitto dmcli_local no_remote_access '1'
+	uci_set mosquitto dmcli_local allow_anonymous '1'
+fi
+
+if [ -f "/etc/config/obuspa" ]; then
+	uci_add obuspa mqtt mqtt_operator
+	uci_set obuspa mqtt_operator BrokerAddress '127.0.0.1'
+	uci_set obuspa mqtt_operator BrokerPort '1883'
+	uci_set obuspa mqtt_operator TransportProtocol 'TCP/IP'
+
+	uci_add obuspa mtp mtp_operator
+	uci_set obuspa mtp_operator Protocol 'MQTT'
+	uci_set obuspa mtp_operator ResponseTopicConfigured "${DMCLI_RESP_TOPIC}"
+	uci_set obuspa mtp_operator mqtt 'mqtt_operator'
+
+	uci_add obuspa controller controller_operator
+	uci_set obuspa controller_operator EndpointID "${CONTROLLER_ID}"
+	uci_set obuspa controller_operator Protocol 'MQTT'
+	uci_set obuspa controller_operator Topic "${DMCLI_CTRL_TOPIC}"
+	uci_set obuspa controller_operator mqtt 'mqtt_operator'
+	uci_set obuspa controller_operator assigned_role_name 'operator'
+fi
+
+_get_endpoint_id() {
+	local id serial oui
+
+	id="$(uci -q get obuspa.localagent.EndpointID)"
+	if [ -n "${id}" ]; then
+		echo "${id}"
+		return 0
+	fi
+
+	serial="$(db -q get device.deviceinfo.SerialNumber)"
+	oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+
+	echo "os::${oui}-${serial//+/%2B}"
+}
+
+update_dmcli_conf() {
+	local endpointid confTmpFile
+	local port fromid publish subscribe toid
+
+	if [ -f "${DMCLI_CONF}" ]; then
+		endpointid="$(_get_endpoint_id)"
+		json_load_file "${DMCLI_CONF}" || return
+		json_select "Settings" || return
+			json_select "USP" || return
+				json_select "ConnectionProfile" || return
+					json_select "1" || return
+						json_get_var port "Port"
+						json_get_var fromid "FromId"
+						json_get_var publish "PublishEndpoint"
+						json_get_var subscribe "SubscribeEndpoint"
+						json_get_var toid "ToId"
+
+						json_add_int "Port" "${DMCLI_PORT}"
+						json_add_string "FromId" "${CONTROLLER_ID}"
+						json_add_string "PublishEndpoint" "${DMCLI_RESP_TOPIC}"
+						json_add_string "SubscribeEndpoint" "${DMCLI_CTRL_TOPIC}"
+						json_add_string "ToId" "${endpointid}"
+					json_select ..
+				json_select ..
+			json_select ..
+		json_select ..
+
+		if [ "${port}" != "${DMCLI_PORT}" ] || [ "${fromid}" != "${CONTROLLER_ID}" ] || \
+			[ "${publish}" != "${DMCLI_RESP_TOPIC}" ] || [ "${subscribe}" != "${DMCLI_CTRL_TOPIC}" ] || \
+			[ "${toid}" != "${endpointid}" ]; then
+			confTmpFile="$(mktemp -u -p "$(dirname "$DMCLI_CONF")" "$(basename "$DMCLI_CONF").XXXXXXX")"
+			json_pretty
+			json_dump > "${confTmpFile}" || return
+			mv -f "${confTmpFile}" "${DMCLI_CONF}" || return
+		fi
+	fi
+}
+
+update_dmcli_conf || exit

dmcli/files/etc/uci-defaults/36-dmcli-remote

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_add mosquitto listener dmcli
+	uci_set mosquitto dmcli enabled 1
+	uci_set mosquitto dmcli port '9003'
+	uci_set mosquitto dmcli protocol 'websockets'
+	uci_set mosquitto dmcli auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
+	uci_set mosquitto dmcli acl_file '/etc/dmcli/dmcli.acl'
+fi
+
+exit 0

dmcli/files/etc/uci-defaults/36-dmcli-remote-remove

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_remove mosquitto dmcli
+fi
+
+exit 0

dmcli/files/etc/users/roles/operator.json

@@ -0,0 +1,14 @@
+{
+  "tr181": {
+    "name": "operator",
+    "instance": 6,
+    "permission": [
+      {
+        "object": "Device.",
+        "perm": [
+          "PERMIT_ALL"
+        ]
+      }
+    ]
+  }
+}

dmcli/src/Makefile

@@ -0,0 +1,7 @@
+all: dmcli
+
+dmcli: main.c
+	$(CC) $(CFLAGS) -Wall -Werror -o $@ $^
+
+clean:
+	rm -f dmcli

dmcli/src/main.c

@@ -0,0 +1,32 @@
+/*
+* Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
+* This Software and its content are protected by the Dutch Copyright Act
+* ('Auteurswet'). All and any copying and distribution of the software
+* and its content without authorization by Genexis Netherlands B.V. is
+* prohibited. The prohibition includes every form of reproduction and
+* distribution.
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+/* C Wrapper for operator to login to the CLI via ssh: the shell in
+ * the passwd file cannot be a script that requires an interpreter. */
+int main(int argc, char *argv[])
+{
+	char *cmd[3 + (argc > 1 ? argc - 1 : 0)];
+
+	cmd[0] = "/usr/bin/qjs";
+	cmd[1] = "/usr/lib/dmcli/cli/main.js";
+	cmd[2] = NULL;
+
+	if (argc > 1) {
+		memcpy(&cmd[2], &argv[1], (argc - 1) * sizeof(char *));
+		cmd[2 + argc - 1] = NULL;
+	}
+
+	execv(cmd[0], cmd);
+	fprintf(stderr, "%s: command not found\n", cmd[0]);
+	return 127;
+}

dnsmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.18
+PKG_VERSION:=1.0.21
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=80fa147e6f1f0d9c1a62a62a693ff3adaef45363
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=ef3714cc7555f763dfab626add8f90d7bc0a33b5
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

dslmngr/Makefile

@@ -15,7 +15,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
 PKG_SOURCE_VERSION:=8fb4093b4d26b3cb06603e110d424005e33cf5d6
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_MIRROR_HASH:=skip
 endif

ebtables-extensions/Makefile

@@ -14,7 +14,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ebtables-extensions.git
 PKG_SOURCE_VERSION:=7357622d806833d93d317164dc6673fbf5fd1629
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.1.3
+PKG_VERSION:=3.1.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=7bc8297e1a74adb522f7635bab4f93a1a2620216
+PKG_SOURCE_VERSION:=0283fb5cb74a7baca46c4360da680757c57c86ac
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

fatrace/Makefile

@@ -16,7 +16,7 @@ PKG_SOURCE_VERSION:=98af6019a4a1b478a6fa35f74528cb3cd404ae40
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://git.launchpad.net/fatrace
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 

fdtextract/Makefile

@@ -18,7 +18,7 @@ PKG_MIRROR_HASH:=skip
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=LICENSE
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_BUILD_PARALLEL:=1
 
 include $(INCLUDE_DIR)/package.mk

firewallmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.10
+PKG_VERSION:=1.0.12
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=05ad0d6f7f21520eecd05429c14d1963de2a8463
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=30319c67fb4db285a2bcd272b1c10bc040eecf19
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

fluent-bit/Makefile

@@ -13,7 +13,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
 PKG_SOURCE_VERSION=v$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

gateway-info/Makefile

@@ -15,7 +15,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/gateway-info.git
 PKG_SOURCE_VERSION:=dd15893a8291e556a8c49ff9e143c763db0379b5
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

gateway-info/files/etc/uci-defaults/86-set-gateway-device-info

@@ -110,7 +110,7 @@ configure_send_op125() {
 
 
 	if [ "${uci}" = "network" ]; then
-		new_send_opt="$sendopt $opt125"
+		[ -n "${sendopt}" ] && new_send_opt="$sendopt $opt125" || new_send_opt="$opt125"
 		uci -q set network."${intf}".sendopts="$new_send_opt"
 	else
 		new_send_opt="$sendopt$opt125"
@@ -228,7 +228,7 @@ enable_dhcp_option125() {
 
 	if [ "${proto}" = "dhcp" ]; then
 		if [ ${req125_present} -eq 0 ]; then
-			newreqopts="$reqopts 125"
+			[ -n "${reqopts}" ] && newreqopts="$reqopts 125" || newreqopts="125"
 			uci -q set network."${wan}".reqopts="$newreqopts"
 		fi
 

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.4.0
+PKG_VERSION:=1.4.3
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=230d55ae6769e1ebde02cef3f718e6c4cf1b1962
+PKG_SOURCE_VERSION:=667866b8149d3df83a05536319eac02aee0b6d75
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.10.5
+PKG_VERSION:=9.10.12
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=7f4a159f6ff49584655e57bb801218eb083fba67
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=fc34f19ec5ab691b3d815a0d1d917903d310db75
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -84,6 +84,7 @@ define Package/icwmp/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
+	$(INSTALL_BIN) ./files/etc/uci-defaults/50-cwmp-align-keep-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/

icwmp/files/etc/config/cwmp

@@ -42,7 +42,9 @@ config cpe 'cpe'
 	option periodic_notify_interval '10'
 	option incoming_rule 'Port_Only'
 	option active_notif_throttle '0'
-	option fw_upgrade_keep_settings '1'
+	#option KeepConfig '1'
+	#option KeepOpConf '1'
+	#option ConfigScope 'UserOnly'
 	option clock_sync_timeout '128'
 	option disable_datatype_check '0'
 	#list allowed_cr_ip '10.5.1.0/24'

icwmp/files/etc/init.d/icwmpd

@@ -97,7 +97,9 @@ validate_cpe_section()
 		'periodic_notify_enable:bool' \
 		'enable:bool:1' \
 		'periodic_notify_interval:uinteger' \
-		'fw_upgrade_keep_settings:bool'
+		'KeepConfig:bool' \
+		'KeepOpConf:bool' \
+		'ConfigScope:string'
 }
 
 validate_defaults() {
@@ -168,13 +170,21 @@ start_service() {
 
 stop_service()
 {
-	local switch_bank
+	local switch_bank KeepConfig KeepOpConf ConfigScope
 
 	copy_cwmp_varstate_files_to_etc
-	
 	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
-	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
-		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
+	if [ "$switch_bank" = "1" ] && [ -x /etc/sysmngr/fwbank ]; then
+		KeepConfig="$(uci -q get cwmp.cpe.KeepConfig)"
+		KeepOpConf="$(uci -q get cwmp.cpe.KeepOpConf)"
+		ConfigScope="$(uci -q get cwmp.cpe.ConfigScope)"
+
+		json_init
+		[ -n "${KeepConfig}" ] && json_add_boolean "keep_config" "${KeepConfig}"
+		[ -n "${KeepOpConf}" ] && json_add_boolean "keep_opconf" "${KeepOpConf}"
+		[ -n "${ConfigScope}" ] && json_add_string "config_scope" "${ConfigScope}"
+
+		json_dump| /etc/sysmngr/fwbank call copy_config
 	fi
 }
 

icwmp/files/etc/uci-defaults/50-cwmp-align-keep-config

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+keep_settings="$(uci -q get cwmp.cpe.fw_upgrade_keep_settings)"
+if [ -n "${keep_settings}" ]; then
+	uci -q delete cwmp.cpe.fw_upgrade_keep_settings
+	uci -q set cwmp.cpe.KeepConfig="${keep_settings}"
+fi

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.39
+PKG_VERSION:=8.7.44
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=85fa0fe16d6a5a3452422b72186f6bbb16a13c62
+PKG_SOURCE_VERSION:=29ba8f04dc6bd7e77683352c0c71988f51fbadf8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

imonitor/Makefile

@@ -13,7 +13,7 @@ PKG_INSTALL:=1
 PKG_SOURCE_PROTO=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/imonitor.git
 PKG_SOURCE_VERSION:=4beb1d5d6925507f1850a84c0b83aaf12a082f7f
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 PKG_SOURCE_SUBDIR:=${PKG_NAME}-${PKG_VERSION}
 PKG_INSTALL:=1

iopsys-analytics/Makefile

@@ -4,7 +4,7 @@ PKG_NAME:=iopsys-analytics
 PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=PROPRIETARY
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=25e32ac5a860aec6e53e3449565b71595073e014
+PKG_SOURCE_VERSION:=5ad41ca8eb5de887487feb7148b5dce44943218c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/iopsys-analytics.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ipt-trigger/Makefile

@@ -14,7 +14,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=ac1beae4794f99533b28db7d0e6e80f4c268a3e8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ipt-trigger.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.1
+PKG_VERSION:=2.1.3
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
+PKG_SOURCE_VERSION:=fdfe23e51ff77ca6d2661ad6208d097758524147
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libeasy/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.5.0
+PKG_VERSION:=7.5.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=18f93677bb4d33ebb6249324a5043294f0eae16c
+PKG_SOURCE_VERSION:=b981f7e1bd51f66041cd0c25d15af74ae1e3bc75
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libeasy.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libpicoevent-bcm/Makefile

@@ -17,7 +17,7 @@ PKG_NAME:=libpicoevent-bcm
 PKG_LICENSE:=LGPL-2.1-only
 PKG_LICENSE_FILES:=LICENSE
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 
 include $(INCLUDE_DIR)/package.mk

libpicoevent/Makefile

@@ -17,7 +17,7 @@ PKG_NAME:=libpicoevent
 PKG_LICENSE:=LGPL-2.1-only
 PKG_LICENSE_FILES:=LICENSE
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 
 include $(INCLUDE_DIR)/package.mk

libqos/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libqos
-PKG_VERSION:=7.2.109
+PKG_VERSION:=7.2.111
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libqos.git
-PKG_SOURCE_VERSION:=4948d372c3d7e43a0ba9aee517dbb83b94bba3dc
+PKG_SOURCE_VERSION:=2e4c6a9c27e0f4f68dfe7a5c930afefd8dc7119a
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
@@ -65,7 +65,7 @@ define Package/libqos
   SUBMENU:=IOPSYS HAL libs
   MENU:=1
   TITLE:= QoS library (libqos)
-  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_brcmbca:bcm963xx-bsp
+  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_brcmbca:bcm963xx-bsp +TARGET_airoha:libuci
 endef
 
 define Package/libqos/config

libtrace/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/apietila/libtrace.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.zst
 PKG_SOURCE_VERSION:=e4b4c5cce35a52da152776a00532aa0b80879c5b
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.7
+PKG_VERSION:=1.1.8
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,8 +17,8 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=3a30086a68a3409f0396acb01380f91daabf7a2f
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=9763c574ec69e2aa492db4f1296d4bcd53776fba
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha

@@ -25,6 +25,5 @@ db commit
 # configure the PCM for DECT/DCX81
 [ -f "/proc/device-tree/aliases/dcx81-uart" ] && {
     uci set dect.global.pcm_fsync='SHORT_LF'
-    uci set dect.global.pcm_slot_start='8'
     uci set dect.global.dect_channel_start='3'
 }

libvoice-broadcom/Makefile

@@ -18,7 +18,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
 PKG_SOURCE_VERSION:=baf5ebfb45404714bbfcc3068080f93265934d8a
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

libvoice-d2/Makefile

@@ -18,7 +18,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
 PKG_SOURCE_VERSION:=0b2bef862fb5aea0b285e339459f46779224e2d0
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

libwifi/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.22.6
+PKG_VERSION:=7.22.11
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ddeb681a9f99202b1ded6c965591bb8c1f5cb05d
+PKG_SOURCE_VERSION:=6572047d613d4dc88ed83a80fb4ae0798ab71078
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libwifi.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

logmngr/Makefile

@@ -12,7 +12,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
 PKG_SOURCE_VERSION:=62441fdfe14a39bff8fff7c62307bd7b54d7240f
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -65,8 +65,10 @@ define Package/logmngr/install
 	$(INSTALL_DIR) $(1)/lib/logmngr
 ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
 	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp/
 	$(INSTALL_BIN) ./files/logread $(1)/sbin/
 	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
+	$(INSTALL_BIN) ./files/etc/hotplug.d/ntp/20-reload_fluent_bit $(1)/etc/hotplug.d/ntp/
 else ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif

logmngr/files/etc/hotplug.d/ntp/20-reload_fluent_bit

@@ -0,0 +1,14 @@
+#!/bin/sh
+# This hotplug script reloads fluent-bit, so that kmsg logs' timestamp gets in sync
+
+[ "$ACTION" = stratum ] || exit 0
+
+# only once
+if ! uci -q get time.global.first_use_date > /dev/null 2>&1; then
+	flb_pid="$(pidof fluent-bit)"
+
+	if [ -n "$flb_pid" ]; then
+		logger -t "logmngr.hotplug" -p info "reload fluent-bit due to ntp sync"
+		kill -SIGHUP "$flb_pid"
+	fi
+fi

logmngr/files/etc/init.d/logmngr

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=12
+START=09
 
 USE_PROCD=1
 

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -63,7 +63,7 @@ create_service_section() {
 	append_conf "    flush        1"
 	append_conf "    daemon       off"
 	append_conf "    log_level    info"
-	append_conf "    coro_stack_size    24576"
+	append_conf "    coro_stack_size    1048576"
 	append_conf "    parsers_file /etc/fluent-bit/parsers.conf"
 	append_conf "    hot_reload        on"
 	append_conf ""

loop-detector/Makefile

@@ -13,7 +13,7 @@ PKG_SOURCE_VERSION:=d0fb770eacd6691b98df138b60f5116e02f71a9b
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/loop-detector
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

map-agent/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.4.3.6
+PKG_VERSION:=6.5.0.10
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=e37b8f1a4b988b907416161e3c8fe83cd39597c3
+PKG_SOURCE_VERSION:=1a9763bd4e520975e6951f77e85f369487cf1318
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/etc/init.d/mapagent

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=98
+START=97
 STOP=20
 
 USE_PROCD=1

map-agent/files/lib/multiap/map_genconfig

@@ -70,7 +70,8 @@ generate_multiap_config() {
 
 		ifprefix_radio=""
 		if is_logan; then
-			uci set mapagent.agent.mld_prefix="bss"
+			uci set mapagent.agent.mld_ap_prefix="bss"
+			uci set mapagent.agent.mld_sta_prefix="sta"
 			ifname_sta=""
 			case "$band" in
 				2g)

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.4.8
+PKG_VERSION:=6.4.5.0
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=a863fc3a9d248b0be7385524e0680155ff614467
+PKG_SOURCE_VERSION:=f335cf5bfdf700843173fcdd5d61d1900cc0aa8a
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0

map-controller/files/etc/uci-defaults/99-mapcntlr-add-qos-rule-id

@@ -0,0 +1,66 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+cfg="mapcontroller"
+config_load "$cfg"
+
+used_ids=""
+
+collect_used_ids() {
+	local section="$1"
+	local id
+
+	id=$(uci -q get ${cfg}.${section}.id)
+	if [ -n "$id" ] && printf "%s" "$id" | grep -qE '^[0-9]+$'; then
+		used_ids="$used_ids $id"
+	fi
+}
+
+# Find first available ID from 0 to INT32_MAX
+find_first_available_id() {
+	local max_int=2147483647
+	local expected=0
+	local id
+
+	# Convert list to sorted unique list
+	sorted_ids=$(printf "%s\n" $used_ids | sort -n | uniq)
+
+	for id in $sorted_ids; do
+		if [ "$id" -eq "$expected" ]; then
+			expected=$((expected + 1))
+		elif [ "$id" -gt "$expected" ]; then
+			# Found a gap -> return the gap
+			echo "$expected"
+			return
+		fi
+	done
+
+	# If no gaps, next available is `expected`
+	if [ "$expected" -le "$max_int" ]; then
+		echo "$expected"
+	else
+		echo -1
+	fi
+}
+
+# Assign ID if missing
+add_qos_rule_id() {
+	local section="$1"
+	local id
+
+	id=$(uci -q get ${cfg}.${section}.id)
+	if [ -z "$id" ]; then
+		new_id=$(find_first_available_id)
+		[ "$new_id" -ge 0 ] || return # No available ID
+		uci -q set ${cfg}.${section}.id="$new_id"
+
+		used_ids="$used_ids $new_id"
+	fi
+}
+
+# Step 1: Collect all existing IDs
+config_foreach collect_used_ids qos_rule
+
+# Step 2: Assign IDs to rules missing them
+config_foreach add_qos_rule_id qos_rule

map-controller/files/etc/uci-defaults/99-mapcntlr-uci-rename-singletons

@@ -14,5 +14,3 @@ for sec in $sections; do
 
     uci rename $cfg.$s=$sec
 done
-
-uci commit $cfg

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=1.2.5
+PKG_VERSION:=1.2.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=05c0aa02b60b27aa57bf80b8fb068b1ee8bfc8ac
+PKG_SOURCE_VERSION:=dd873ca4e2cb321302dae1955da24d1be271b2b1
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -71,5 +71,11 @@ define Build/Compile
 	$(foreach p,$(plugins),$(call Build/Compile/map-plugins-$(p), $(1)))
 endef
 
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+        rsync -r --exclude=.* ~/git/map-plugins/ $(PKG_BUILD_DIR)/
+endef
+endif
+
 $(eval $(call BuildPackage,map-plugins))
 $(eval $(foreach p,$(ppkg),$(call BuildPackage,$(p))))

mcastmngr/Makefile

@@ -14,7 +14,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/mcastmngr.git
 PKG_SOURCE_VERSION:=17d73b8f1947823a0d32ed589a240a2642904fe1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -32,7 +32,7 @@ define Package/mcastmngr
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json
  DEPENDS+=+!TARGET_brcmbca:mcproxy +!TARGET_brcmbca:sipcalc
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +!TARGET_brcmbca:kmod-ebt-igmpsnooping +!TARGET_brcmbca:kmod-ebt-mldsnooping
- DEPENDS+=+!TARGET_brcmbca:ebtables-legacy +dm-agent
+ DEPENDS+=+!TARGET_brcmbca:ebtables-legacy +bridgemngr
 endef
 
 define Package/mcastmngr/description

mosquitto-auth-plugin/Makefile

@@ -14,7 +14,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mosquitto-auth-plugin
-PKG_VERSION:=1.2.0
+PKG_VERSION:=1.2.1
 
 PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
 PKG_LICENSE:=EPL-2.0

mosquitto-auth-plugin/src/mosquitto_auth_plugin.c

@@ -53,6 +53,7 @@ typedef struct {
 	user_acl_t users[MAX_USERS];
 	int user_count;
 	mosquitto_plugin_id_t *identifier;
+	char *config_file;
 } plugin_data_t;
 
 /* Parse CIDR notation for IPv4 or IPv6 (e.g., "192.168.1.0/24" or "2001:db8::/32") */
@@ -548,6 +549,30 @@ static int basic_auth_callback(int event, void *event_data, void *userdata)
 	return check_subnet_on_auth(pdata, ed);
 }
 
+static int reload_callback(int event, void *event_data, void *userdata)
+{
+	plugin_data_t *pdata = userdata;
+
+	if (pdata == NULL)
+		return MOSQ_ERR_SUCCESS;
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Reloading subnet ACL configuration from '%s'",
+		pdata->config_file ? pdata->config_file : "(none)");
+
+	/* Reload subnet ACL configuration */
+	if (load_subnet_acl_config(pdata, pdata->config_file) != 0) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to reload subnet ACL configuration, keeping old config");
+		return MOSQ_ERR_UNKNOWN;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Reload complete, now tracking %d user(s)", pdata->user_count);
+
+	return MOSQ_ERR_SUCCESS;
+}
+
 int mosquitto_plugin_version(int supported_version_count,
 			     const int *supported_versions)
 {
@@ -576,8 +601,20 @@ int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
 
 	pdata->identifier = identifier;
 
+	/* Store config file path for reload */
+	if (config_file != NULL) {
+		pdata->config_file = strdup(config_file);
+		if (pdata->config_file == NULL) {
+			free(pdata);
+			return MOSQ_ERR_NOMEM;
+		}
+	} else {
+		pdata->config_file = NULL;
+	}
+
 	/* Load subnet ACL configuration */
 	if (load_subnet_acl_config(pdata, config_file) != 0) {
+		free(pdata->config_file);
 		free(pdata);
 		return MOSQ_ERR_UNKNOWN;
 	}
@@ -588,6 +625,20 @@ int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
 	if (rc != MOSQ_ERR_SUCCESS) {
 		mosquitto_log_printf(MOSQ_LOG_ERR,
 			"subnet_acl: Failed to register authentication callback");
+		free(pdata->config_file);
+		free(pdata);
+		return rc;
+	}
+
+	/* Register reload callback to handle SIGHUP */
+	rc = mosquitto_callback_register(identifier, MOSQ_EVT_RELOAD,
+	                                 reload_callback, NULL, pdata);
+	if (rc != MOSQ_ERR_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to register reload callback");
+		mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
+		                              basic_auth_callback, NULL);
+		free(pdata->config_file);
 		free(pdata);
 		return rc;
 	}
@@ -609,6 +660,9 @@ int mosquitto_plugin_cleanup(void *user_data,
 	if (pdata) {
 		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
 		                              basic_auth_callback, NULL);
+		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_RELOAD,
+		                              reload_callback, NULL);
+		free(pdata->config_file);
 		free(pdata);
 	}
 

netmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmngr
-PKG_VERSION:=1.2.0
+PKG_VERSION:=1.2.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=000da9cbb2cfe965908adf60eda0823682c8bd69
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_VERSION:=8240c6089cdd44f268db135920800b8fc1d65ca9
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
 PKG_MIRROR_HASH:=skip
 endif
 

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.1.11
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only

netmode/README.md

@@ -1,109 +0,0 @@
-# Creating Custom Netmodes in IOWRT
-
-This guide provides developers with detailed instructions on how to create and manage custom network modes (netmodes) in IOWRT. The `netmode` script allows for flexible network configuration, and developers can define their own modes by structuring the necessary files and scripts within the `/etc/netmodes/` directory.
-
-## Table of Contents
-1. [Overview of Netmodes](#overview-of-netmodes)
-2. [Directory Structure](#directory-structure)
-3. [Creating a Custom Netmode](#creating-a-custom-netmode)
-   - [Step 1: Pre-Execution Scripts](#step-1-pre-execution-scripts)
-   - [Step 2: UCI Configuration Files](#step-2-uci-configuration-files)
-   - [Step 3: Custom Execution Scripts](#step-3-custom-execution-scripts)
-   - [Step 4: Post-Execution Scripts](#step-4-post-execution-scripts)
-4. [Enabling and Switching Netmodes](#enabling-and-switching-netmodes)
-
-## Overview of Netmodes
-
-Netmodes in IOWRT provide a way to switch between different network configurations based on the needs of the environment. Developers can create custom netmodes by organizing scripts and configuration files in specific directories under `/etc/netmodes/<NETMODE_NAME>`.
-
-## Directory Structure
-
-A custom netmode is defined within the `/etc/netmodes/<NETMODE_NAME>` directory, which should contain the following subdirectories:
-
-- **/lib/netmode/pre/**: Generic scripts executed before the netmode-specific configurations are applied.
-- **/etc/netmodes/<NETMODE_NAME>/uci/**: Contains UCI configuration files that will be copied to `/etc/config/` during the application of the netmode.
-- **/etc/netmodes/<NETMODE_NAME>/scripts/**: Custom scripts specific to the netmode that are executed after the UCI configurations are applied.
-- **/lib/netmode/post/**: Generic scripts executed after the netmode-specific configurations are completed.
-
-## Creating a Custom Netmode
-
-To create a new netmode, follow these steps:
-
-### Step 1: Pre-Execution Scripts
-
-Scripts located in `/lib/netmode/pre/` are executed before any mode-specific actions. These are typically used for preparing the system or cleaning up configurations from the previous netmode.
-
-- **Create Pre-Execution Scripts**:
-  - Place your generic pre-execution scripts in `/lib/netmode/pre/`.
-  - Example script (`/lib/netmode/pre/cleanup.sh`):
-    ```bash
-    #!/bin/sh
-    echo "Cleaning up old network configurations..."
-    # Add commands here
-    ```
-
-### Step 2: UCI Configuration Files
-
-The UCI configuration files stored in `/etc/netmodes/<NETMODE_NAME>/uci/` will be copied to `/etc/config/`, effectively applying the desired network configuration.
-
-- **Place UCI Config Files**:
-  - Create UCI configuration files under `/etc/netmodes/<NETMODE_NAME>/uci/`.
-  - Example (`/etc/netmodes/bridge/uci/network`):
-````bash
-config device 'br_lan'
-        option name 'br-lan'
-        option type 'bridge'
-        option multicast_to_unicast '0'
-        option bridge_empty '1'
-        list ports 'eth1'
-        list ports 'eth3'
-        list ports 'eth4'
-
-config interface 'lan'
-        option proto 'dhcp'
-        option device 'br-lan'
-        option force_link '1'
-        option reqopts '43 125'
-````
-
-### Step 3: Custom Execution Scripts
-
-After the UCI files are applied, any scripts in `/etc/netmodes/<NETMODE_NAME>/scripts/` are executed. These can be used to perform additional configuration tasks that are specific to the netmode.
-
-- **Create Custom Scripts**:
-  - Add scripts to `/etc/netmodes/<NETMODE_NAME>/scripts/`.
-  - Example (`/etc/netmodes/bridge/scripts/setup_bridge.sh`):
-    ```bash
-    #!/bin/sh
-    echo "Setting up bridge mode..."
-    # Additional configuration commands here
-    ```
-
-### Step 4: Post-Execution Scripts
-
-Finally, the generic scripts in `/lib/netmode/post/` are executed. These scripts typically finalize the setup or perform any necessary cleanups.
-
-- **Create Post-Execution Scripts**:
-  - Place scripts in `/lib/netmode/post/`.
-  - Example script (`/lib/netmode/post/restart_services.sh`):
-    ```bash
-    #!/bin/sh
-    echo "Restarting network services..."
-    # Add commands here
-    ```
-
-## Enabling and Switching Netmodes
-
-The netmode mechanism can be enabled or disabled via the UCI configuration, and you can switch between netmodes using UCI commands.
-
-- **Enable Netmode**:
-  ```bash
-  uci set netmode.global.enabled=1
-  uci commit netmode
-    ```
-    
-- **Switch Netmode**:
-  ```bash
-  uci set netmode.global.mode='<NETMODE_NAME>'
-  uci commit netmode
-    ```

netmode/docs/ADVANCED_MODE_GUIDE.md

@@ -0,0 +1,901 @@
+# Advanced Mode - Complete Configuration Guide
+
+## Table of Contents
+1. [Overview](#overview)
+2. [Interface Types](#interface-types)
+3. [Configuration Examples](#configuration-examples)
+4. [Use Case Scenarios](#use-case-scenarios)
+5. [TR-069/USP Configuration](#tr-069usp-configuration)
+6. [Troubleshooting](#troubleshooting)
+
+---
+
+## Overview
+
+The **advanced** mode is a unified, flexible network configuration mode for OpenWrt/iopsys routers. It provides a single, powerful interface for configuring:
+
+- **Bridge interfaces** with VLAN/QinQ support (traditional VLAN devices)
+- **Bridge VLAN filtering** (modern kernel bridge features - recommended)
+- **Routed interfaces** with VLAN/MACVLAN support
+- **Standalone interfaces** (direct VLAN without bridge)
+- **Mixed scenarios** (combine bridges and routed interfaces)
+
+### Key Features
+
+- ✅ Unified configuration syntax
+- ✅ Multiple interface types in one configuration
+- ✅ VLAN (802.1Q) and QinQ (802.1ad) support
+- ✅ Modern bridge VLAN filtering for better performance
+- ✅ MACVLAN support for multi-service routing
+- ✅ Per-interface port assignment
+- ✅ Flexible protocol configuration (DHCP, none, static)
+- ✅ UCI device name resolution (LAN1 → eth1)
+- ✅ Automatic reconfiguration on parameter changes
+
+### Configuration Parameters
+
+| Parameter | Description | Example |
+|-----------|-------------|---------|
+| `interface_names` | Comma-separated interface names | `wan,iptv,mgmt` |
+| `interface_types` | Comma-separated interface types | `bridge:transparent,brvlan:wan-tagged:1499,route:vlan:100,direct:200` |
+| `ports` | Comma-separated port assignments | `ALL,LAN1-LAN2-WAN,WAN` |
+| `macaddrs` | Comma-separated MAC addresses (optional) | `BaseMACAddress,BaseMACAddressP1,AA:BB:CC:DD:EE:FF` |
+
+### How It Works
+
+When you change any configuration parameter and restart netmode:
+1. The system detects the configuration change automatically
+2. Old network configuration is cleaned up (interfaces, bridges, VLANs)
+3. System configuration is preserved (loopback, physical devices)
+4. New configuration is applied based on your parameters
+5. No manual intervention needed!
+
+---
+
+## Interface Types
+
+### Bridge Types (Traditional VLAN Devices)
+
+Bridge types create L2 bridge interfaces using traditional VLAN devices (eth0.100, etc.).
+
+| Type | Syntax | Description |
+|------|--------|-------------|
+| **Transparent** | `bridge:transparent` | No VLAN tagging on any port |
+| **Tagged** | `bridge:tagged:VID` | All ports tagged with same VLAN ID |
+| **WAN-Tagged** | `bridge:wan-tagged:VID` | Only WAN port tagged, LAN ports untagged |
+| **Transparent QinQ** | `bridge:transparent-qinq:SVID` | LAN untagged, WAN single S-tag (802.1ad) |
+| **Transparent QinQ (Double)** | `bridge:transparent-qinq:CVID:SVID` | LAN untagged, WAN double-tagged (C+S) |
+| **Tagged QinQ** | `bridge:tagged-qinq:CVID:SVID` | LAN C-tagged, WAN double-tagged (C+S) |
+| **QinQ (All ports)** | `bridge:qinq:CVID:SVID` | All ports double-tagged |
+
+### Bridge VLAN Filtering Types (Modern Approach)
+
+Bridge VLAN filtering uses kernel bridge VLAN filtering instead of creating VLAN devices. **Recommended for new deployments.**
+
+| Type | Syntax | Description |
+|------|--------|-------------|
+| **Tagged** | `brvlan:tagged:VID` | All ports tagged with VLAN ID (uses bridge-vlan) |
+| **WAN-Tagged** | `brvlan:wan-tagged:VID` | WAN tagged, LAN untagged (uses bridge-vlan) |
+| **Mixed** | `brvlan:mixed:VID` | Custom tagged/untagged configuration |
+
+**See [BRIDGE_VLAN_FILTERING.md](BRIDGE_VLAN_FILTERING.md) for detailed documentation.**
+
+### Routed Types
+
+Routed types create L3 routed interfaces (with NAT/firewall).
+
+| Type | Syntax | Description |
+|------|--------|-------------|
+| **VLAN Routing** | `route:vlan:VID` | Routed interface on VLAN |
+| **MACVLAN Routing** | `route:macvlan:MAC` | MACVLAN device with custom MAC (supports macros) |
+| **VLAN + MAC Routing** | `route:vlan:VID:MAC` | Routed interface on VLAN with custom MAC |
+| **Transparent Routing** | `route:transparent` | Routed interface on base device (no VLAN) |
+
+### Standalone Types
+
+Standalone types create VLAN interfaces without bridges or routing (proto=none by default).
+
+| Type | Syntax | Description |
+|------|--------|-------------|
+| **Direct VLAN** | `direct:VID` | Standalone VLAN interface, proto=none |
+
+### Device Reference Types
+
+Device reference types allow multiple interfaces to share the same underlying device.
+
+| Type | Syntax | Description |
+|------|--------|-------------|
+| **Device Reference** | `device-ref:INTERFACE` | References the device from another interface |
+
+**Use Case**: Create separate IPv4 and IPv6 interfaces (wan and wan6) that share the same bridge or VLAN device.
+
+**Example**:
+```bash
+# wan creates bridge on VLAN 2501 with DHCP
+# wan6 shares the same br-wan device with DHCPv6
+interface_names='wan,wan6'
+interface_types='bridge:tagged:2501,device-ref:wan-dhcpv6'
+ports='WAN,WAN'
+```
+
+**Result**:
+- `wan`: Creates `br-wan` bridge device on VLAN 2501, proto=dhcp
+- `wan6`: Uses same `br-wan` device, proto=dhcpv6
+
+**Note**: The referenced interface must be defined before the device-ref interface in the interface_names list.
+
+### Modifiers
+
+Modifiers can be appended to any interface type:
+
+| Modifier | Effect | Example |
+|----------|--------|---------|
+| `-pppoe` | Set proto=pppoe (PPPoE authentication) | `route:vlan:101-pppoe` |
+| `-dhcpv6` | Set proto=dhcpv6 (DHCPv6 client) | `bridge:tagged:2501-dhcpv6` |
+| `-dhcp` | Set proto=dhcp (DHCP client - explicit) | `bridge:transparent-dhcp` |
+| `-static` | Set proto=static (static IP) | `bridge:transparent-static` |
+| `-none`, `-n` | Set proto=none (no IP configuration) | `bridge:tagged:100-none` or `bridge:tagged:100-n` |
+| `-iptv` | Signify that this is an iptv interface (affects firewall and mcast) | `route:vlan:200-iptv` |
+| `-inet` | Signify that this is an internet interface (affects firewall) | `route:vlan:200-inet` |
+| `-mgmt` | Signify that this is a management interface (affects firewall) | `route:vlan:200-mgmt` |
+| `-disabled`, `-d` | Create but mark as disabled | `route:vlan:200-disabled` or `route:vlan:200-d` |
+
+
+#### Notes
+
+- The `-none` and `-n` modifiers are equivalent, as are `-disabled` and `-d`.
+- If no protocol modifier is specified, interfaces default to `proto=dhcp`.
+- Protocols and disabled can be clubbed together, and disabled should be in the last, for example: `transparent-qinq:2-n-d` will set proto as none and disable the interface, similarly other protocols can be used.
+- iptv, inet and mgmt modifier can only be used with route interfaces, and they can be clubbed with disabled modifier, but disable should be in the last.
+
+#### Static IP Auto-Configuration
+
+When using the `-static` modifier with an interface named `lan`, the system automatically configures:
+
+**Network Configuration**:
+- IP Address: 192.168.1.1
+- Netmask: 255.255.255.0
+- IPv6 Prefix: /60
+
+**DHCP Server Configuration**:
+- Start: 192.168.1.100
+- Limit: 150 addresses (100-250)
+- Lease time: 1 hour
+- DHCPv4: server
+- DHCPv6: server
+- Router Advertisement: server
+- SLAAC: enabled
+- RA flags: managed-config, other-config
+
+**Example**:
+```bash
+interface_names='lan,wan'
+interface_types='bridge:transparent-static,bridge:tagged:2501'
+ports='ALL_LAN,WAN'
+```
+
+For non-LAN interfaces with `-static`, only `proto=static` is set without additional configuration.
+
+**Note**: Direct interfaces default to `proto=none`, so `-n` is implicit.
+
+### MAC Address Assignment
+
+You can assign custom MAC addresses to interfaces using the `macaddrs` parameter. This is useful when ISPs require specific MAC addresses per service or for multi-service configurations.
+
+**Supported Formats:**
+
+| Format | Description | Example |
+|--------|-------------|---------|
+| **Explicit MAC** | Direct MAC address assignment | `AA:BB:CC:DD:EE:FF` |
+| **BaseMACAddress** | Use base MAC from `fw_printenv -n ethaddr` | `BaseMACAddress` |
+| **BaseMACAddressP1** | Base MAC + 1 | `BaseMACAddressP1` |
+| **BaseMACAddressPN** | Base MAC + N (any number) | `BaseMACAddressP5` |
+
+**Example:**
+```bash
+# If base MAC is 94:3F:0C:D5:76:00
+uci set netmode.@supported_args[3].value='BaseMACAddress,BaseMACAddressP1,AA:BB:CC:DD:EE:FF'
+# Results in:
+# Interface 1: 94:3F:0C:D5:76:00
+# Interface 2: 94:3F:0C:D5:76:01
+# Interface 3: AA:BB:CC:DD:EE:FF
+```
+
+**Note**: MAC addresses are assigned to interfaces in order. If you have 3 interfaces but only specify 2 MAC addresses, the 3rd interface will use the system default.
+
+---
+
+## Configuration Examples
+
+### Example 1: Simple Transparent Bridge
+
+**Scenario**: All ports bridged together, no VLANs
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan'                    # interface_names
+uci set netmode.@supported_args[13].value='bridge:transparent'     # interface_types
+uci set netmode.@supported_args[14].value='ALL'                    # ports
+uci commit netmode
+service netmode restart
+```
+
+**Result**: Creates `br-wan` bridge with all LAN+WAN ports, proto=dhcp
+
+---
+
+### Example 2: LAN-Only Bridge with Routed WAN
+
+**Scenario**: Bridge all LAN ports together, WAN as separate routed interface
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='lan,wan'
+uci set netmode.@supported_args[13].value='bridge:transparent,route:transparent'
+uci set netmode.@supported_args[14].value='ALL_LAN,WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**: Creates `br-lan` bridge with all LAN ports only, WAN routed separately
+
+---
+
+### Example 3: VLAN-Tagged Bridge (Managed Network)
+
+**Scenario**: All ports tagged with VLAN 100
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='mgmt'
+uci set netmode.@supported_args[13].value='bridge:tagged:100'
+uci set netmode.@supported_args[14].value='ALL'
+uci commit netmode
+service netmode restart
+```
+
+**Result**: Creates `br-mgmt` with all ports tagged as `.100`
+
+---
+
+### Example 4: Multiple Service Bridges (VLAN Segregation)
+
+**Scenario**: Separate bridges for Internet (VLAN 100), IPTV (VLAN 200), Management (VLAN 300)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='inet,iptv,mgmt'
+uci set netmode.@supported_args[13].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
+uci set netmode.@supported_args[14].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**:
+- `br-inet`: LAN1.100 + LAN2.100 + WAN.100, proto=none
+- `br-iptv`: LAN3.200 + LAN4.200 + WAN.200, proto=none
+- `br-mgmt`: WAN.300, proto=dhcp
+
+---
+
+### Example 5: QinQ Configuration (Wholesale Provider)
+
+**Scenario**: Customer A on C-tag 10 S-tag 100, Customer B on C-tag 20 S-tag 100
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='customer_a,customer_b'
+uci set netmode.@supported_args[13].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n'
+uci set netmode.@supported_args[14].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**:
+- `br-customer_a`: All ports double-tagged (100.10)
+- `br-customer_b`: All ports double-tagged (100.20)
+
+---
+
+### Example 6: Routed Multi-Service with Custom MAC Addresses
+
+**Scenario**: ISP requires different MAC addresses for Internet and IPTV services
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='mgmt_wan,wan,iptv_wan,lan'
+uci set netmode.@supported_args[13].value='route:macvlan:BaseMACAddressP2-mgmt,route:macvlan:BaseMACAddressP3-inet,route:macvlan:BaseMACAddressP4-iptv,bridge:transparent-static'
+uci set netmode.@supported_args[14].value='WAN,WAN,WAN,ALL_LAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**:
+- `mgmt_wan`: Routed interface on WAN with base MAC + 2(58:00:32:C0:0E:42)
+- `wan`: Routed interface on WAN with base MAC + 3 (58:00:32:C0:0E:43)
+- `iptv_wan`: Routed interface on WAN with base MAC + 4 (58:00:32:C0:0E:44)
+- `lan`: bridged interface on ALL LAN ports with base MAC (58:00:32:C0:0E:40)
+
+---
+
+### Example 7: Routed Multi-Service (VLAN-based)
+
+**Scenario**: Internet on VLAN 100, IPTV on VLAN 200, Management on VLAN 300, all routed
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='mgmt_wan,wan,iptv_wan,lan'
+uci set netmode.@supported_args[13].value='route:vlan:300-mgmt,route:vlan:100-inet,route:vlan:200-iptv,bridge:transparent-static'
+uci set netmode.@supported_args[14].value='WAN,WAN,WAN,ALL_LAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**:
+- `wan`: Routed on WAN.100, proto=dhcp
+- `iptv`: Routed on WAN.200, proto=dhcp
+- `mgmt`: Routed on WAN.300, proto=dhcp
+
+---
+
+### Example 8: Routed Multi-Service (MACVLAN with Macros)
+
+**Scenario**: Internet and IPTV using MACVLAN devices with MAC address macros
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan,iptv'
+uci set netmode.@supported_args[13].value='route:transparent,route:macvlan:BaseMACAddressP1'
+uci set netmode.@supported_args[14].value='WAN,WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**:
+- `wan`: Routed on WAN with default MAC (94:3F:0C:D5:76:00)
+- `iptv`: MACVLAN device on WAN with base MAC + 1 (94:3F:0C:D5:76:01)
+
+**Alternative with explicit MAC:**
+```bash
+uci set netmode.@supported_args[13].value='route:transparent,route:macvlan:AA:BB:CC:DD:EE:FF'
+```
+
+---
+
+### Example 9: Routed Multi-Service (VLAN + MACVLAN)
+
+**Scenario**: Internet on VLAN 100, IPTV on VLAN 200 with custom MAC
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan,iptv'
+uci set netmode.@supported_args[13].value='route:vlan:100,route:vlan:200:AA:BB:CC:DD:EE:FF'
+uci set netmode.@supported_args[14].value='WAN,WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**:
+- `wan`: Routed on WAN.100 (default MAC), proto=dhcp
+- `iptv`: Routed on WAN.200 with custom MAC, proto=dhcp
+
+---
+
+### Example 10: Standalone VLAN Interface (Direct)
+
+**Scenario**: WAN as standalone VLAN 2501 interface (no bridge, no routing)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan'
+uci set netmode.@supported_args[13].value='direct:2501'
+uci set netmode.@supported_args[14].value='WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**: Creates WAN.2501 interface, proto=none (no DHCP)
+
+---
+
+### Example 11: Mixed Bridge and Routed Interfaces
+
+**Scenario**: IPTV bridged on VLAN 200, Internet routed on VLAN 100
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan,iptv'
+uci set netmode.@supported_args[13].value='route:vlan:100,bridge:tagged:200-n'
+uci set netmode.@supported_args[14].value='WAN,LAN1-LAN2-WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Result**:
+- `wan`: Routed on WAN.100, proto=dhcp (firewall enabled)
+- `br-iptv`: Bridge on LAN1.200 + LAN2.200 + WAN.200, proto=none
+
+---
+
+## Use Case Scenarios
+
+### Scenario 1: ISP Triple-Play Service (Routed)
+
+**Requirement**: Internet on VLAN 100, IPTV on VLAN 200, VoIP on VLAN 300, all routed
+
+**Configuration**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan,iptv,voip'
+uci set netmode.@supported_args[13].value='route:vlan:100,route:vlan:200,route:vlan:300'
+uci set netmode.@supported_args[14].value='WAN,WAN,WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Network Topology**:
+```
+WAN (ae_wan)
+  ├── wan (VLAN 100) - Internet - Routed
+  ├── iptv (VLAN 200) - IPTV - Routed
+  └── voip (VLAN 300) - VoIP - Routed
+```
+
+---
+
+### Scenario 2: ISP Triple-Play with MACVLAN
+
+**Requirement**: Internet normal MAC, IPTV with custom MAC, VoIP with custom MAC
+
+**Configuration**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan,iptv,voip'
+uci set netmode.@supported_args[13].value='route:transparent,route:macvlan:AA:BB:CC:DD:EE:01,route:macvlan:AA:BB:CC:DD:EE:02'
+uci set netmode.@supported_args[14].value='WAN,WAN,WAN'
+uci commit netmode
+service netmode restart
+```
+
+---
+
+### Scenario 3: Enterprise VLAN Segregation (Bridged)
+
+**Requirement**: Guest WiFi on VLAN 100, Corporate on VLAN 200, Management on VLAN 300, all bridged
+
+**Configuration**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='guest,corporate,mgmt'
+uci set netmode.@supported_args[13].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
+uci set netmode.@supported_args[14].value='LAN1-WAN,LAN2-LAN3-WAN,WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Network Topology**:
+```
+LAN1.100 ──┬── WAN.100 ──[ br-guest ] (proto=none)
+LAN2.200 ──┬── WAN.200 ──[ br-corporate ] (proto=none)
+LAN3.200 ──┘
+WAN.300 ────[ br-mgmt ] (proto=dhcp)
+```
+
+---
+
+### Scenario 4: Wholesale QinQ Provider
+
+**Requirement**: Multiple customers on single fiber, S-tag 100, different C-tags
+
+**Configuration**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='cust_a,cust_b,cust_c'
+uci set netmode.@supported_args[13].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n,bridge:qinq:30:100-n'
+uci set netmode.@supported_args[14].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,LAN5-LAN6-WAN'
+uci commit netmode
+service netmode restart
+```
+
+---
+
+### Scenario 5: Hybrid Bridge + Routed
+
+**Requirement**: Internet routed, IPTV bridged to STBs
+
+**Configuration**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan,iptv'
+uci set netmode.@supported_args[13].value='route:vlan:100,bridge:tagged:200-n'
+uci set netmode.@supported_args[14].value='WAN,LAN1-LAN2-LAN3-WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Network Topology**:
+```
+WAN.100 ─── [ wan - routed ] (NAT, firewall enabled)
+
+LAN1.200 ──┐
+LAN2.200 ──┼─ WAN.200 ──[ br-iptv ] (transparent bridge, proto=none)
+LAN3.200 ──┘
+```
+
+---
+
+## Port List Specifications
+
+### Port List Syntax
+
+- **`ALL`**: All LAN ports + WAN port + EXT port (resolved from UCI or board.json)
+- **`ALL_LAN`**: All LAN ports only (no WAN, no EXT) - useful for LAN-only bridges
+- **`LAN`**: Single LAN port (for devices with one LAN port)
+- **`WAN`**: Only WAN port
+- **`EXT`**: Only EXT port
+- **`LAN-WAN`**: Single LAN port and WAN
+- **`LAN1-LAN2-WAN`**: LAN1, LAN2, and WAN
+- **`LAN1-LAN3-EXT`**: LAN1, LAN3, and EXT
+- **`WAN-EXT`**: WAN and EXT ports
+
+**Note**: For devices with a single LAN port, use `LAN`. For devices with multiple LAN ports, use `LAN1-8`. The `ALL` and `ALL_LAN` macros automatically detect which configuration is present.
+
+#### Individual untagged port
+
+- Suppose we have a bridge:tagged type interface, so all the ports are going to be tagged in this case. To mark any of the ports untagged individually, ":u" modifier can be used with the port, for example, to make LAN3 untagged (transparent) here: "LAN2-LAN3:u-LAN4-WAN".
+
+### Device Name Resolution
+
+Port macros (LAN, LAN1-LAN8, WAN, EXT) are automatically resolved to actual device names:
+- `LAN` → `uci get network.LAN.name` → e.g., `eth1` (single LAN port devices)
+- `LAN1` → `uci get network.LAN1.name` → e.g., `eth1` (multi-port devices)
+- `WAN` → `uci get network.WAN.name` → e.g., `ae_wan`
+- `EXT` → `uci get network.EXT.name` → e.g., `eth5`
+
+If UCI device section doesn't exist, the system falls back to board.json.
+
+---
+
+## TR-069/USP Configuration
+
+### TR-181 Data Model Mapping
+
+The advanced mode uses three arguments in TR-181:
+
+1. **SupportedArguments.1** = `interface_names`
+2. **SupportedArguments.2** = `interface_types`
+3. **SupportedArguments.3** = `ports`
+
+### Example 1: Transparent Bridge via TR-069
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>wan</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>bridge:transparent</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>ALL</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+### Example 2: Routed Multi-Service via TR-069
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>wan,iptv,mgmt</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>route:vlan:100,route:vlan:200,route:vlan:300</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>WAN,WAN,WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+### Example 3: QinQ Bridge via TR-069
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>customer_a,customer_b</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>bridge:qinq:10:100-n,bridge:qinq:20:100-n</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>LAN1-LAN2-WAN,LAN3-LAN4-WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+---
+
+## Troubleshooting
+
+### Issue: VLANs Not Working
+
+**Diagnosis**:
+```bash
+# Check VLAN devices created
+uci show network | grep 8021q
+
+# Check interface status
+ip link show
+ip addr show
+
+# Verify VLAN traffic
+tcpdump -i eth4 -e -n vlan
+```
+
+**Solution**:
+```bash
+# Ensure kernel module loaded
+modprobe 8021q
+lsmod | grep 8021
+
+# Check switch configuration (if applicable)
+swconfig dev switch0 show
+```
+
+---
+
+### Issue: QinQ Not Working
+
+**Diagnosis**:
+```bash
+# Check for 8021ad devices
+uci show network | grep 8021ad
+
+# Verify kernel support
+modprobe 8021q
+lsmod | grep 8021
+```
+
+**Solution**:
+```bash
+# Install QinQ support
+opkg install kmod-8021q
+
+# Verify S-tag ethertype (0x88a8)
+tcpdump -i eth4 -e -n -xx vlan
+```
+
+---
+
+### Issue: MACVLAN Interface Not Getting IP
+
+**Diagnosis**:
+```bash
+# Check MACVLAN device
+ip link show | grep macvlan
+
+# Check MAC address
+ip link show <interface>_macvlan | grep ether
+
+# Test DHCP
+udhcpc -i <interface>_macvlan -n
+```
+
+**Solution**:
+```bash
+# Verify passthru mode
+uci show network | grep -A5 macvlan
+
+# Ensure MAC is unique
+# Some ISPs require specific MAC format
+```
+
+---
+
+### Issue: Mixed Bridge/Route Not Working
+
+**Diagnosis**:
+```bash
+# Check firewall status
+uci show firewall.globals.enabled
+
+# Verify interfaces
+ip addr show
+
+# Check routing table
+ip route show
+```
+
+**Solution**:
+Firewall is always enabled. For debugging:
+```bash
+# Temporarily disable firewall
+uci set firewall.globals.enabled='0'
+uci commit firewall
+/etc/init.d/firewall restart
+```
+
+---
+
+### Issue: Port Not Added to Bridge
+
+**Diagnosis**:
+```bash
+# Check UCI device resolution
+uci get network.LAN1.name
+
+# Check bridge ports
+brctl show
+
+# Check UCI bridge configuration
+uci show network | grep -A10 "type='bridge'"
+```
+
+**Solution**:
+```bash
+# Verify device sections exist
+uci show network | grep "device="
+
+# Check board.json for defaults
+cat /etc/board.json | grep -A20 network
+```
+
+---
+
+## Verification Commands
+
+### Check Configuration
+
+```bash
+# View current mode
+cat /etc/netmodes/.last_mode
+
+# View netmode configuration
+uci show netmode
+
+# View network configuration
+uci show network
+
+# View environment variables (during mode switch)
+logread | grep "Interface names:"
+```
+
+### Check Interface Status
+
+```bash
+# All interfaces
+ip addr show
+
+# Bridges
+brctl show
+bridge link show
+
+# VLAN devices
+ip -d link show type vlan
+
+# MACVLAN devices
+ip -d link show type macvlan
+```
+
+### Check Connectivity
+
+```bash
+# DHCP on interface
+udhcpc -i wan -n
+
+# Ping gateway
+ping -c 3 $(ip route | grep default | awk '{print $3}')
+
+# DNS resolution
+nslookup google.com
+
+# VLAN traffic capture
+tcpdump -i eth4 -e -n vlan
+```
+
+### Check Logs
+
+```bash
+# Netmode logs
+logread | grep netmode-advanced
+
+# Network logs
+logread | grep network
+
+# Live monitoring
+logread -f | grep -E "(netmode|network)"
+```
+
+---
+
+## Migration from Old Modes
+
+### From `bridged` Mode
+
+**Old Configuration**:
+```bash
+uci set netmode.global.mode='bridged'
+uci set netmode.@supported_args[0].value='wan'
+uci set netmode.@supported_args[1].value='transparent'
+uci set netmode.@supported_args[2].value='ALL'
+```
+
+**New Configuration**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan'
+uci set netmode.@supported_args[13].value='bridge:transparent'
+uci set netmode.@supported_args[14].value='ALL'
+```
+
+**Change**: Add `bridge:` prefix to interface type.
+
+---
+
+### From `routed-multi-service` Mode
+
+**Old Configuration**:
+```bash
+uci set netmode.global.mode='routed-multi-service'
+uci set netmode.@supported_args[0].value='100'  # inet_vlanid
+uci set netmode.@supported_args[2].value='200'  # iptv_vlanid
+uci set netmode.@supported_args[4].value='300'  # mgmt_vlanid
+```
+
+**New Configuration**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[12].value='wan,iptv,mgmt'
+uci set netmode.@supported_args[13].value='route:vlan:100,route:vlan:200,route:vlan:300'
+uci set netmode.@supported_args[14].value='WAN,WAN,WAN'
+```
+
+**Change**: Explicit interface names and unified syntax.
+
+---
+
+## Best Practices
+
+1. **VLAN Planning**: Document all VLAN IDs before deployment
+2. **Port Assignment**: Create clear mapping of ports to services
+3. **Testing**: Test on lab environment before production
+4. **Monitoring**: Use `tcpdump` to verify VLAN tags
+5. **Firewall**: Be aware that routed interfaces enable firewall
+6. **Naming**: Use descriptive interface names (iptv, mgmt, voip)
+7. **Documentation**: Keep ISP-specific requirements documented
+8. **Backup**: Always backup configuration before major changes
+
+---
+
+**Document Version**: 1.0
+**Package Version**: 1.1.11+
+**Last Updated**: 2024-12-12
+**Mode Status**: Production Ready

netmode/docs/ADVANCED_MODE_IMPLEMENTATION.md

@@ -0,0 +1,567 @@
+# Advanced Mode - Implementation Summary
+
+## Overview
+
+The **advanced** mode is a unified network configuration mode that consolidates and extends the functionality of the previous `bridged` and `routed-multi-service` modes into a single, flexible interface.
+
+## Design Rationale
+
+### Problems with Old Approach
+
+1. **Mode Fragmentation**: Separate modes for bridged and routed scenarios
+2. **Limited Flexibility**: Couldn't mix bridges and routed interfaces
+3. **Confusing Naming**: "bridged" mode actually supported standalone interfaces too
+4. **Parameter Proliferation**: routed-multi-service had 6+ parameters for just 3 services
+5. **No Scalability**: Adding new services required new parameters
+
+### New Unified Approach
+
+The advanced mode uses a **declarative, array-based configuration**:
+
+```
+interface_names:  wan,    iptv,           mgmt
+interface_types:  route:vlan:100, bridge:tagged:200, direct:300
+ports:       WAN,    LAN1-LAN2-WAN,  WAN
+```
+
+**Benefits**:
+- ✅ Single mode for all scenarios
+- ✅ Scalable (add N interfaces without new parameters)
+- ✅ Flexible (mix bridge/route/standalone)
+- ✅ Intuitive syntax
+- ✅ Self-documenting configuration
+
+## Architecture
+
+### File Structure
+
+```
+netmode/
+├── files/
+│   ├── etc/netmodes/advanced/
+│   │   └── scripts/
+│   │       └── 10-advanced           # Main mode script
+│   ├── lib/netmode/
+│   │   └── advanced_helper.sh        # Helper library
+│   └── etc/netmodes/supported_modes.json
+└── docs/
+    ├── ADVANCED_MODE_GUIDE.md         # Complete guide
+    └── ADVANCED_MODE_QUICK_REFERENCE.md
+```
+
+### Components
+
+#### 1. advanced_helper.sh
+
+**Purpose**: Core library for interface creation
+
+**Key Functions**:
+- `parse_interface_type()` - Parse interface type specifications
+- `create_bridge()` - Create bridge interfaces with VLAN/QinQ
+- `create_routed_interface()` - Create routed interfaces with VLAN/MACVLAN
+- `create_standalone_interface()` - Create direct VLAN interfaces
+- `parse_port_list()` - Resolve port macros to device names
+- `resolve_device_name()` - Resolve LAN1/WAN to actual device names
+- `cleanup_interfaces()` - Clean up all interfaces before applying new config
+
+#### 2. 10-advanced Script
+
+**Purpose**: Main mode script
+
+**Flow**:
+1. Parse environment variables (NETMODE_*)
+2. Split comma-separated values
+3. Loop through each interface
+4. Parse interface type
+5. Call appropriate creation function (bridge/route/direct)
+6. Configure multicast, DHCP, firewall
+7. Update service dependencies
+
+#### 3. supported_modes.json
+
+**Purpose**: Mode definition for UCI import
+
+**Configuration**:
+```json
+{
+  "name": "advanced",
+  "description": "Advanced Mode - Unified configuration...",
+  "supported_args": [
+    {
+      "name": "interface_names",
+      "description": "Interface names (comma-separated...)",
+      "type": "string"
+    },
+    ...
+  ]
+}
+```
+
+## Interface Type Syntax
+
+### Design Philosophy
+
+**Format**: `MODE:SUBTYPE[:PARAMS][:MODIFIERS]`
+
+Examples:
+- `bridge:transparent` - Mode=bridge, Subtype=transparent
+- `bridge:tagged:100` - Mode=bridge, Subtype=tagged, Param=VID
+- `route:vlan:100:AA:BB:CC:DD:EE:FF` - Mode=route, Subtype=vlan, Params=VID+MAC
+- `direct:2501-n` - Mode=direct, Param=VID, Modifier=proto_none
+
+### Parsing Logic
+
+The `parse_interface_type()` function:
+
+1. **Extract modifiers** (-n, -d)
+2. **Parse mode prefix** (bridge:/route:/direct:)
+3. **Parse subtype** (transparent/tagged/vlan/macvlan)
+4. **Parse parameters** (VID, SVID, MAC address)
+5. **Export to environment variables** for caller
+
+## UCI Device Resolution
+
+### Problem
+
+Port macros (LAN1, LAN2, WAN) are logical names that need to be mapped to actual hardware interfaces.
+
+### Solution
+
+```bash
+resolve_device_name() {
+    local device_id="$1"
+    local resolved_name=""
+
+    # Try UCI device section
+    resolved_name="$(uci -q get network.${device_id}.name)"
+
+    # Fallback to input
+    if [ -z "$resolved_name" ]; then
+        resolved_name="$device_id"
+    fi
+
+    echo "$resolved_name"
+}
+```
+
+**Example**:
+```
+LAN1 → uci get network.LAN1.name → eth1
+WAN  → uci get network.WAN.name  → ae_wan
+```
+
+### Port List Resolution
+
+The `parse_port_list()` function:
+
+1. **Check for "ALL"** → Resolve all LAN1-8 + WAN
+2. **Parse dash-separated** → LAN1-LAN2-WAN → resolve each
+3. **Return space-separated** → "eth1 eth2 ae_wan"
+
+## VLAN Device Creation
+
+### 802.1Q (C-tag)
+
+```bash
+create_vlan_device "eth0" "100" "8021q"
+```
+
+Creates:
+```
+config device 'eth0__100'
+    option type '8021q'
+    option enabled '1'
+    option vid '100'
+    option ifname 'eth0'
+    option name 'eth0.100'
+```
+
+### 802.1ad (S-tag)
+
+```bash
+create_vlan_device "eth0" "300" "8021ad"
+```
+
+Creates:
+```
+config device 'eth0__300'
+    option type '8021ad'
+    option enabled '1'
+    option vid '300'
+    option ifname 'eth0'
+    option name 'eth0.300'
+```
+
+### QinQ (Double Tagging)
+
+For `bridge:qinq:100:300`:
+
+```bash
+# Create S-tag first
+svlan=$(create_vlan_device "eth0" "300" "8021ad")  # eth0.300
+
+# Create C-tag on top of S-tag
+cvlan=$(create_vlan_device "$svlan" "100" "8021q")  # eth0.300.100
+```
+
+Result: `eth0.300.100` (S-tag 300, C-tag 100)
+
+## MACVLAN Device Creation
+
+For `route:macvlan:AA:BB:CC:DD:EE:FF`:
+
+```bash
+create_macvlan_device "ae_wan" "AA:BB:CC:DD:EE:FF" "iptv"
+```
+
+Creates:
+```
+config device 'iptv_macvlan'
+    option type 'macvlan'
+    option enabled '1'
+    option ifname 'ae_wan'
+    option name 'iptv_macvlan'
+    option macaddr 'AA:BB:CC:DD:EE:FF'
+    option mode 'passthru'
+```
+
+## Bridge Creation
+
+### Transparent Bridge
+
+For `bridge:transparent` with `ports='ALL'`:
+
+```bash
+create_bridge "wan" "bridge:transparent" "ALL"
+```
+
+Creates:
+```
+config interface 'wan'
+    option proto 'dhcp'
+    option device 'br-wan'
+
+config device 'br_wan'
+    option name 'br-wan'
+    option type 'bridge'
+    option bridge_empty '1'
+    list ports 'eth1'
+    list ports 'eth2'
+    list ports 'ae_wan'
+```
+
+### VLAN-Tagged Bridge
+
+For `bridge:tagged:100` with `ports='ALL'`:
+
+Creates VLAN devices on all ports first, then adds to bridge:
+```
+config device 'br_mgmt'
+    option name 'br-mgmt'
+    option type 'bridge'
+    list ports 'eth1.100'
+    list ports 'eth2.100'
+    list ports 'ae_wan.100'
+```
+
+## Routed Interface Creation
+
+For `route:vlan:100`:
+
+```bash
+create_routed_interface "wan" "vlan" "100" "" "dhcp" "ae_wan" "0"
+```
+
+Creates:
+```
+config device 'ae_wan__100'
+    option type '8021q'
+    option vid '100'
+    option ifname 'ae_wan'
+    option name 'ae_wan.100'
+
+config interface 'wan'
+    option proto 'dhcp'
+    option device 'ae_wan.100'
+```
+
+## Firewall Logic
+
+The advanced mode has **intelligent firewall handling**:
+
+```bash
+configure_firewall() {
+    local has_routed=0
+
+    # Check if ANY interface is routed
+    for if_type in $interface_types; do
+        if echo "$if_type" | grep -q "^route:"; then
+            has_routed=1
+            break
+        fi
+    done
+
+    if [ "$has_routed" = "1" ]; then
+        uci set firewall.globals.enabled="1"  # Enable for routed
+    else
+        uci set firewall.globals.enabled="0"  # Disable for bridge-only
+    fi
+}
+```
+
+**Logic**:
+- If **any** interface is routed → Enable firewall
+- If **all** interfaces are bridges → Disable firewall
+
+## Environment Variable Flow
+
+### Input (UCI → Environment)
+
+```bash
+# In netmode init script
+export NETMODE_interface_names="wan,iptv,mgmt"
+export NETMODE_interface_types="route:vlan:100,route:vlan:200,route:vlan:300"
+export NETMODE_ports="WAN,WAN,WAN"
+```
+
+### Parsing (Script)
+
+```bash
+# In 10-advanced script
+local interface_names="${NETMODE_interface_names:-wan}"
+local interface_types="${NETMODE_interface_types:-bridge:transparent}"
+local ports="${NETMODE_ports:-ALL}"
+
+# Split by comma
+IFS=','
+for name in $interface_names; do
+    names_arr="$names_arr $name"
+done
+```
+
+### Output (UCI Network Config)
+
+```
+config interface 'wan'
+    option proto 'dhcp'
+    option device 'ae_wan.100'
+
+config interface 'iptv'
+    option proto 'dhcp'
+    option device 'ae_wan.200'
+...
+```
+
+## Cleanup Strategy
+
+Before applying new configuration, all existing interfaces are cleaned up:
+
+```bash
+cleanup_interfaces() {
+    # Delete VLAN devices (8021q and 8021ad)
+    for vlandev_sec in $(uci show network | grep -E "\.type='(8021q|8021ad)'" ...); do
+        uci delete "$vlandev_sec"
+    done
+
+    # Delete MACVLAN devices
+    for macvlandev_sec in $(uci show network | grep "\.type='macvlan'" ...); do
+        uci delete "$macvlandev_sec"
+    done
+
+    # Delete bridge devices
+    for brdev_sec in $(uci show network | grep "\.type='bridge'" ...); do
+        uci delete "$brdev_sec"
+    done
+
+    # Delete standard interfaces
+    uci delete network.lan
+    uci delete network.wan
+    uci delete network.wan6
+}
+```
+
+This ensures a clean slate for the new configuration.
+
+## Migration Path
+
+### From bridged Mode
+
+**Before**:
+```bash
+mode='bridged'
+interface_names='wan,lan100'
+interface_types='transparent,tagged:100'
+ports='ALL,LAN1-LAN2'
+```
+
+**After**:
+```bash
+mode='advanced'
+interface_names='wan,lan100'
+interface_types='bridge:transparent,bridge:tagged:100'
+ports='ALL,LAN1-LAN2'
+```
+
+**Change**: Add `bridge:` prefix to types.
+
+### From routed-multi-service Mode
+
+**Before**:
+```bash
+mode='routed-multi-service'
+inet_vlanid='100'
+iptv_vlanid='200'
+mgmt_vlanid='300'
+```
+
+**After**:
+```bash
+mode='advanced'
+interface_names='wan,iptv,mgmt'
+interface_types='route:vlan:100,route:vlan:200,route:vlan:300'
+ports='WAN,WAN,WAN'
+```
+
+**Change**: Explicit interface names and unified syntax.
+
+## Testing Approach
+
+### Unit Testing
+
+Test individual helper functions:
+
+```bash
+# Test device resolution
+resolve_device_name "LAN1"  # Should return eth1
+
+# Test port parsing
+parse_port_list "LAN1-LAN2-WAN"  # Should return "eth1 eth2 ae_wan"
+
+# Test type parsing
+parse_interface_type "bridge:qinq:100:300-n"
+# Should set: mode=bridge, vlan_type=qinq, cvid=100, svid=300, proto=none
+```
+
+### Integration Testing
+
+Test complete scenarios:
+
+```bash
+# Test transparent bridge
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan'
+uci set netmode.@supported_args[1].value='bridge:transparent'
+uci set netmode.@supported_args[2].value='ALL'
+uci commit netmode
+service netmode restart
+
+# Verify
+brctl show | grep br-wan
+```
+
+### Validation
+
+```bash
+# Check UCI output
+uci show network
+
+# Check actual interfaces
+ip addr show
+brctl show
+ip -d link show type vlan
+
+# Check logs
+logread | grep netmode-advanced
+```
+
+## Performance Considerations
+
+### Comma Splitting Optimization
+
+The script uses efficient IFS-based splitting:
+
+```bash
+local OLD_IFS="$IFS"
+IFS=','
+for name in $interface_names; do
+    names_arr="$names_arr $name"
+done
+IFS="$OLD_IFS"
+```
+
+This is faster than using `cut` or `awk` in loops.
+
+### UCI Batching
+
+All UCI commands are batched, with a single `uci commit` at the end:
+
+```bash
+# Multiple uci set commands
+uci set ...
+uci set ...
+uci set ...
+
+# Single commit
+uci commit network
+```
+
+### Logging
+
+Logging is selective - info level for major steps, debug for details:
+
+```bash
+_log "Creating interface $idx/$total_interfaces"  # Info
+logger -s -p user.debug -t "$_log_prefix" "Adding port: $port"  # Debug
+```
+
+## Security Considerations
+
+### Input Validation
+
+- VLANs IDs: 1-4094
+- MAC addresses: Validated format
+- Port names: Resolved through UCI (trusted source)
+
+### Privilege Separation
+
+- Script runs as root (required for network config)
+- No user input directly executed
+- Environment variables sanitized through UCI
+
+## Future Enhancements
+
+Possible future additions:
+
+1. **Static IP support**: `route:vlan:100:static:192.168.1.1`
+2. **Port roles**: `ports='LAN1(tagged),LAN2(untagged)'`
+3. **Bridge STP**: `bridge:transparent:stp`
+4. **IPv6 specific**: `route:vlan:100:ipv6`
+5. **Validation**: Pre-flight checks for VLAN conflicts
+
+## Backward Compatibility
+
+**Status**: ⚠️ Breaking change by design
+
+The old `bridged` and `routed-multi-service` modes are **replaced** by advanced mode. This is acceptable because:
+
+1. This is the **first deployment** of advanced features
+2. No existing production deployments use old syntax
+3. Cleaner architecture without legacy baggage
+4. Documentation focuses on new syntax only
+
+## Summary
+
+The advanced mode represents a significant architectural improvement:
+
+- ✅ **Unified**: One mode for all scenarios
+- ✅ **Scalable**: Array-based configuration
+- ✅ **Flexible**: Mix bridges, routed, standalone
+- ✅ **Intuitive**: Self-documenting syntax
+- ✅ **Powerful**: VLAN, QinQ, MACVLAN support
+- ✅ **Clean**: No backward compatibility burden
+
+---
+
+**Implementation Version**: 1.0
+**Date**: 2024-12-12
+**Status**: Production Ready

netmode/docs/ADVANCED_MODE_QUICK_REFERENCE.md

@@ -0,0 +1,313 @@
+# Advanced Mode - Quick Reference
+
+## Interface Type Syntax
+
+### Bridge Types (Traditional VLAN Devices)
+```
+bridge:transparent              # No VLANs
+bridge:tagged:VID               # All ports tagged
+bridge:wan-tagged:VID           # Only WAN tagged
+bridge:transparent-qinq:SVID    # LAN untagged, WAN S-tag
+bridge:transparent-qinq:C:S     # LAN untagged, WAN C+S tags
+bridge:tagged-qinq:C:S          # LAN C-tag, WAN C+S tags
+bridge:qinq:C:S                 # All ports C+S tags
+```
+
+### Bridge VLAN Filtering (Modern - Recommended)
+```
+brvlan:tagged:VID               # All ports tagged (bridge-vlan)
+brvlan:wan-tagged:VID           # WAN tagged, LAN untagged (bridge-vlan)
+brvlan:mixed:VID                # Custom tagging (bridge-vlan)
+```
+
+### Routed Types
+```
+route:transparent               # No VLAN, default MAC
+route:vlan:VID                  # VLAN routing
+route:macvlan:MAC               # MACVLAN device (supports BaseMACAddress macros)
+route:vlan:VID:MAC              # VLAN + custom MAC
+```
+
+### Standalone Types
+```
+direct:VID                      # Standalone VLAN (proto=none)
+```
+
+### Device Reference Types
+```
+device-ref:INTERFACE            # Reference device from another interface
+                                # Allows multiple interfaces to share the same device
+                                # Example: wan6 sharing wan's device
+```
+
+### Modifiers
+```
+-pppoe                          # proto=pppoe (PPPoE authentication)
+-dhcpv6                         # proto=dhcpv6 (DHCPv6 client)
+-dhcp                           # proto=dhcp (DHCP client - explicit, default if no suffix)
+-static                         # proto=static (static IP configuration)
+-none, -n                       # proto=none (no IP configuration)
+-disabled, -d                   # disabled=1 (interface disabled)
+```
+
+**Default Protocol**: If no protocol modifier is specified, the interface defaults to `-dhcp`.
+
+**Note**: When using `-static` with interface name `lan`, the system automatically configures:
+- IP: 192.168.1.1/24
+- IPv6 prefix delegation: /60
+- DHCP server: 192.168.1.100-250, 1h lease
+- DHCPv6 and RA server enabled
+
+### MAC Address Macros
+```
+BaseMACAddress                  # Base MAC from fw_printenv -n ethaddr
+BaseMACAddressP1                # Base MAC + 1
+BaseMACAddressP2                # Base MAC + 2
+BaseMACAddressPN                # Base MAC + N
+AA:BB:CC:DD:EE:FF               # Explicit MAC address
+```
+
+---
+
+## Common Configurations
+
+### 1. Transparent Bridge
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan'
+uci set netmode.@supported_args[1].value='bridge:transparent'
+uci set netmode.@supported_args[2].value='ALL'
+uci commit netmode && service netmode restart
+```
+
+### 2. Router Mode (LAN + WAN)
+```bash
+# LAN bridge with static IP + DHCP server, WAN bridge with DHCP client
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='lan,wan'
+uci set netmode.@supported_args[1].value='bridge:transparent-static,bridge:tagged:2501'
+uci set netmode.@supported_args[2].value='ALL_LAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### 3. VLAN-Tagged Bridge
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='mgmt'
+uci set netmode.@supported_args[1].value='bridge:tagged:100'
+uci set netmode.@supported_args[2].value='ALL'
+uci commit netmode && service netmode restart
+```
+
+### 4. Multiple Service Bridges
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='inet,iptv,mgmt'
+uci set netmode.@supported_args[1].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
+uci set netmode.@supported_args[2].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### 5. QinQ Configuration
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='customer_a,customer_b'
+uci set netmode.@supported_args[1].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n'
+uci set netmode.@supported_args[2].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+### 6. Routed Multi-Service (VLAN)
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan,iptv,mgmt'
+uci set netmode.@supported_args[1].value='route:vlan:100,route:vlan:200,route:vlan:300'
+uci set netmode.@supported_args[2].value='WAN,WAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### 7. Routed Multi-Service with Custom MAC Addresses
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan,iptv'
+uci set netmode.@supported_args[1].value='route:transparent,route:transparent'
+uci set netmode.@supported_args[2].value='WAN,WAN'
+uci set netmode.@supported_args[3].value='BaseMACAddress,BaseMACAddressP1'
+uci commit netmode && service netmode restart
+```
+
+### 8. IPv4 + IPv6 on Same Device (Device Reference)
+```bash
+# wan uses DHCP, wan6 uses DHCPv6 on the same bridge device
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan,wan6'
+uci set netmode.@supported_args[1].value='bridge:tagged:2501,device-ref:wan-dhcpv6'
+uci set netmode.@supported_args[2].value='WAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### 9. Direct VLAN Interface
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan'
+uci set netmode.@supported_args[1].value='direct:2501'
+uci set netmode.@supported_args[2].value='WAN'
+uci commit netmode && service netmode restart
+```
+
+### 10. Hybrid (Routed + Bridged)
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='wan,iptv'
+uci set netmode.mode_4_supprted_args_2.value='route:vlan:100,bridge:tagged:200-n'
+uci set netmode.mode_4_supprted_args_3.value='WAN,LAN1-LAN2-LAN3-WAN'
+uci commit netmode && service netmode restart
+```
+
+### 11. Bridge VLAN Filtering (WAN Tagged)
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
+uci commit netmode && service netmode restart
+```
+
+### 12. Multiple Services with Bridge VLAN Filtering
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet,tv'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+---
+
+## Port List Syntax
+
+| Syntax | Description |
+|--------|-------------|
+| `ALL` | All LAN + WAN + EXT ports (from UCI/board.json) |
+| `ALL_LAN` | All LAN ports only (no WAN, no EXT) |
+| `LAN` | Single LAN port (for devices with one LAN port) |
+| `WAN` | WAN port only |
+| `EXT` | EXT port only |
+| `LAN-WAN` | Single LAN port and WAN |
+| `LAN1-LAN2-WAN` | LAN1, LAN2, and WAN |
+| `LAN1-LAN3-EXT` | LAN1, LAN3, and EXT |
+| `WAN-EXT` | WAN and EXT ports |
+
+**Note**: `LAN` is used for devices with a single LAN port, while `LAN1-8` are used for devices with multiple numbered LAN ports. The system automatically detects which is present in UCI.
+
+---
+
+## Verification Commands
+
+```bash
+# Check current mode
+cat /etc/netmodes/.last_mode
+
+# View configuration
+uci show netmode
+
+# View network interfaces
+ip addr show
+
+# View bridges
+brctl show
+
+# View VLAN devices
+ip -d link show type vlan
+
+# View MACVLAN devices
+ip -d link show type macvlan
+
+# View logs
+logread | grep netmode-advanced
+
+# Test DHCP
+udhcpc -i wan -n
+
+# Capture VLAN traffic
+tcpdump -i eth4 -e -n vlan
+```
+
+---
+
+## Troubleshooting
+
+### Force mode reapply
+```bash
+rm /etc/netmodes/.last_mode
+service netmode restart
+```
+
+### Check for errors
+```bash
+logread | grep -E "(error|ERROR|failed|FAILED)"
+```
+
+### Verify UCI syntax
+```bash
+uci show netmode
+uci show network
+```
+
+### Reset to DHCP mode
+```bash
+uci set netmode.global.mode='routed-dhcp'
+uci commit netmode
+service netmode restart
+```
+
+---
+
+## TR-181 Argument Mapping
+
+```
+Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value = interface_names
+Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value = interface_types
+Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value = ports
+Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.4.Value = macaddrs
+```
+
+---
+
+## Examples by Use Case
+
+### ISP Triple-Play (VLAN-based with MAC Addresses)
+```bash
+# Internet VLAN 100, IPTV VLAN 200, VoIP VLAN 300 with different MACs
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan,iptv,voip'
+uci set netmode.@supported_args[1].value='route:vlan:100,route:vlan:200,route:vlan:300'
+uci set netmode.@supported_args[2].value='WAN,WAN,WAN'
+uci set netmode.@supported_args[3].value='BaseMACAddress,BaseMACAddressP1,BaseMACAddressP2'
+uci commit netmode && service netmode restart
+```
+
+### Enterprise Guest + Corporate Networks
+```bash
+# Guest VLAN 100, Corporate VLAN 200, Management VLAN 300
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='guest,corporate,mgmt'
+uci set netmode.@supported_args[1].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
+uci set netmode.@supported_args[2].value='LAN1-WAN,LAN2-LAN3-WAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### Wholesale QinQ Provider
+```bash
+# Multiple customers with different C-tags, same S-tag
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='cust_a,cust_b,cust_c'
+uci set netmode.@supported_args[1].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n,bridge:qinq:30:100-n'
+uci set netmode.@supported_args[2].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,LAN5-LAN6-WAN'
+uci commit netmode && service netmode restart
+```
+
+---
+
+**Version**: 1.0
+**Last Updated**: 2024-12-12

netmode/docs/BRIDGE_VLAN_FILTERING.md

@@ -0,0 +1,333 @@
+# Bridge VLAN Filtering Mode
+
+## Overview
+
+The advanced netmode now supports **bridge VLAN filtering**, a modern approach to VLAN configuration that uses the kernel's bridge VLAN filtering feature instead of creating separate VLAN devices.
+
+### Benefits
+
+- **Better Performance**: No need to create multiple VLAN devices
+- **Cleaner Configuration**: Single bridge with VLAN filtering instead of multiple VLAN interfaces
+- **Hardware Offloading**: Better support for hardware VLAN acceleration
+- **Simplified Management**: All VLANs configured in one place
+
+## Syntax
+
+Use the `brvlan:` prefix instead of `bridge:` to enable bridge VLAN filtering:
+
+| Traditional Mode | Bridge VLAN Filtering Mode |
+|------------------|---------------------------|
+| `bridge:tagged:100` | `brvlan:tagged:100` |
+| `bridge:wan-tagged:100` | `brvlan:wan-tagged:100` |
+| N/A | `brvlan:mixed:100` |
+
+## Interface Types
+
+### `brvlan:tagged:VID`
+
+All ports are tagged with the specified VLAN ID.
+
+**Example**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:tagged:1499'
+uci set netmode.mode_4_supprted_args_3.value='ALL'
+uci commit netmode && service netmode restart
+```
+
+**Resulting Configuration**:
+```
+config interface 'internet'
+    option device 'br-internet.1499'
+    option proto 'dhcp'
+
+config device br_internet
+    option name 'br-internet'
+    option type 'bridge'
+    option vlan_filtering '1'
+    list ports 'ae_wan'
+    list ports 'eth0'
+    list ports 'eth1'
+
+config bridge-vlan brvlan_1499_internet
+    option device 'br-internet'
+    option vlan '1499'
+    list ports 'ae_wan:t'
+    list ports 'eth0:t'
+    list ports 'eth1:t'
+```
+
+---
+
+### `brvlan:wan-tagged:VID`
+
+WAN port is tagged, LAN ports are untagged.
+
+**Example**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='iptv'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1510-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Resulting Configuration**:
+```
+config interface 'iptv'
+    option device 'br-iptv.1510'
+    option proto 'none'
+
+config device br_iptv
+    option name 'br-iptv'
+    option type 'bridge'
+    option vlan_filtering '1'
+    list ports 'ae_wan'
+    list ports 'eth0'
+    list ports 'eth1'
+
+config bridge-vlan brvlan_1510_iptv
+    option device 'br-iptv'
+    option vlan '1510'
+    list ports 'ae_wan:t'
+    list ports 'eth0:u'
+    list ports 'eth1:u'
+```
+
+---
+
+### `brvlan:mixed:VID` or `brvlan:mixed:VID:TAGGED_PORTS`
+
+Custom tagged/untagged configuration with flexible port-specific tagging.
+
+**Syntax**:
+- `brvlan:mixed:VID` - Default behavior: WAN tagged, LAN untagged
+- `brvlan:mixed:VID:TAGGED_PORTS` - Specify which ports are tagged (e.g., `LAN1-WAN`)
+
+**Example 1: Default (WAN Tagged)**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='service'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Result**: WAN tagged, LAN1 and LAN2 untagged
+
+**Example 2: Custom Tagging (LAN1 and WAN Tagged)**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='corporate'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:200:LAN1-WAN'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Resulting Configuration**:
+```
+config bridge-vlan brvlan_200_corporate
+    option device 'br-corporate'
+    option vlan '200'
+    list ports 'eth0:t'      # LAN1 tagged
+    list ports 'eth1:u'      # LAN2 untagged
+    list ports 'eth2:u'      # LAN3 untagged
+    list ports 'ae_wan:t'    # WAN tagged
+```
+
+**See [BRVLAN_MIXED_MODE_EXAMPLES.md](BRVLAN_MIXED_MODE_EXAMPLES.md) for comprehensive examples.**
+
+---
+
+## Comparison: Traditional vs Bridge VLAN Filtering
+
+### Traditional VLAN Device Approach (`bridge:tagged:100`)
+
+Creates separate VLAN devices for each port:
+
+```
+config device eth0_100
+    option type '8021q'
+    option vid '100'
+    option ifname 'eth0'
+    option name 'eth0.100'
+
+config device wan_100
+    option type '8021q'
+    option vid '100'
+    option ifname 'ae_wan'
+    option name 'ae_wan.100'
+
+config device br_internet
+    option type 'bridge'
+    list ports 'eth0.100'
+    list ports 'ae_wan.100'
+```
+
+### Bridge VLAN Filtering Approach (`brvlan:tagged:100`)
+
+Single bridge with VLAN filtering:
+
+```
+config device br_internet
+    option type 'bridge'
+    option vlan_filtering '1'
+    list ports 'eth0'
+    list ports 'ae_wan'
+
+config bridge-vlan brvlan_100_internet
+    option device 'br-internet'
+    option vlan '100'
+    list ports 'eth0:t'
+    list ports 'ae_wan:t'
+```
+
+---
+
+## Use Cases
+
+### ISP Internet Service (VLAN 1499, WAN Tagged)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
+uci commit netmode && service netmode restart
+```
+
+### IPTV Service (VLAN 1510, WAN Tagged, No DHCP)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='tv'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1510-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+### Multiple Services (Internet + IPTV)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet,tv'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+### Corporate Network (All Ports Tagged)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='corporate'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:tagged:100'
+uci set netmode.mode_4_supprted_args_3.value='ALL'
+uci commit netmode && service netmode restart
+```
+
+---
+
+## Modifiers
+
+Bridge VLAN filtering modes support the same modifiers as traditional bridge modes:
+
+| Modifier | Effect | Example |
+|----------|--------|---------|
+| `-n` | Set proto=none (no DHCP client) | `brvlan:tagged:100-n` |
+| `-d` | Create but mark as disabled | `brvlan:wan-tagged:200-d` |
+
+---
+
+## Verification
+
+### Check Bridge VLAN Configuration
+
+```bash
+# View bridge device
+uci show network | grep "vlan_filtering"
+
+# View bridge-vlan sections
+uci show network | grep "bridge-vlan"
+
+# View interface status
+ip addr show
+
+# View bridge VLAN table
+bridge vlan show
+```
+
+### Example Output
+
+```bash
+root@router:~# bridge vlan show
+port              vlan-id
+ae_wan            1499 Tagged
+eth0              1499 Untagged
+eth1              1499 Untagged
+br-internet       1499
+```
+
+---
+
+## Limitations
+
+1. **No QinQ Support**: Bridge VLAN filtering does not currently support 802.1ad (QinQ) double tagging
+2. **Single VLAN per Interface**: Each bridge-vlan section defines one VLAN
+3. **Kernel Support Required**: Requires kernel with bridge VLAN filtering support
+
+---
+
+## Migration from Traditional Bridge
+
+### Before (Traditional VLAN Devices)
+
+```bash
+uci set netmode.mode_4_supprted_args_2.value='bridge:wan-tagged:100'
+```
+
+### After (Bridge VLAN Filtering)
+
+```bash
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100'
+```
+
+Simply change the prefix from `bridge:` to `brvlan:`.
+
+---
+
+## Troubleshooting
+
+### Check if VLAN Filtering is Enabled
+
+```bash
+cat /sys/class/net/br-internet/bridge/vlan_filtering
+# Should output: 1
+```
+
+### View Bridge VLAN Table
+
+```bash
+bridge vlan show dev br-internet
+```
+
+### Check Kernel Support
+
+```bash
+# Check if bridge module supports vlan_filtering
+cat /sys/module/bridge/parameters/vlan_filtering
+```
+
+### Enable Debug Logging
+
+```bash
+# Monitor netmode logs
+logread -f | grep netmode-advanced
+```
+
+---
+
+**Version**: 1.0
+**Last Updated**: 2025-12-12
+**Feature Status**: Production Ready

netmode/docs/BRVLAN_MIXED_MODE_EXAMPLES.md

@@ -0,0 +1,318 @@
+# Bridge VLAN Filtering - Mixed Mode Examples
+
+## Overview
+
+The `brvlan:mixed` mode provides flexible control over which ports are tagged vs untagged in a bridge VLAN configuration. This is useful for complex scenarios where different ports need different VLAN tagging behavior.
+
+## Syntax
+
+### Basic Mixed Mode (Default Behavior)
+```
+brvlan:mixed:VID
+```
+**Behavior**: WAN tagged, LAN ports untagged (same as `brvlan:wan-tagged:VID`)
+
+### Custom Mixed Mode (Specify Tagged Ports)
+```
+brvlan:mixed:VID:TAGGED_PORTS
+```
+**Behavior**: Ports listed in `TAGGED_PORTS` are tagged, all others are untagged
+
+**TAGGED_PORTS Format**: Same as port list specification (`LAN1-LAN2-WAN`, `WAN`, etc.)
+
+---
+
+## Examples
+
+### Example 1: Basic Mixed Mode (WAN Tagged by Default)
+
+**Scenario**: Internet service where WAN needs VLAN 100, LAN ports untagged
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Result**:
+```
+config interface 'internet'
+    option device 'br-internet.100'
+    option proto 'dhcp'
+
+config device br_internet
+    option name 'br-internet'
+    option type 'bridge'
+    option vlan_filtering '1'
+    list ports 'eth0'        # LAN1
+    list ports 'eth1'        # LAN2
+    list ports 'ae_wan'      # WAN
+
+config bridge-vlan brvlan_100_internet
+    option device 'br-internet'
+    option vlan '100'
+    list ports 'eth0:u'      # LAN1 untagged
+    list ports 'eth1:u'      # LAN2 untagged
+    list ports 'ae_wan:t'    # WAN tagged
+```
+
+---
+
+### Example 2: Only Specific LAN Ports Tagged
+
+**Scenario**: Enterprise network where LAN1 and WAN are tagged, LAN2 and LAN3 are untagged
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='corporate'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:200:LAN1-WAN'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Result**:
+```
+config interface 'corporate'
+    option device 'br-corporate.200'
+    option proto 'dhcp'
+
+config device br_corporate
+    option name 'br-corporate'
+    option type 'bridge'
+    option vlan_filtering '1'
+    list ports 'eth0'        # LAN1
+    list ports 'eth1'        # LAN2
+    list ports 'eth2'        # LAN3
+    list ports 'ae_wan'      # WAN
+
+config bridge-vlan brvlan_200_corporate
+    option device 'br-corporate'
+    option vlan '200'
+    list ports 'eth0:t'      # LAN1 tagged (specified)
+    list ports 'eth1:u'      # LAN2 untagged
+    list ports 'eth2:u'      # LAN3 untagged
+    list ports 'ae_wan:t'    # WAN tagged (specified)
+```
+
+---
+
+### Example 3: All LAN Ports Tagged, WAN Untagged
+
+**Scenario**: Reverse scenario where LAN ports carry VLAN tags but WAN doesn't
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='service'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:300:LAN1-LAN2-LAN3'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Result**:
+```
+config bridge-vlan brvlan_300_service
+    option device 'br-service'
+    option vlan '300'
+    list ports 'eth0:t'      # LAN1 tagged
+    list ports 'eth1:t'      # LAN2 tagged
+    list ports 'eth2:t'      # LAN3 tagged
+    list ports 'ae_wan:u'    # WAN untagged
+```
+
+---
+
+### Example 4: Only WAN Tagged (Explicit)
+
+**Scenario**: Same as `wan-tagged` but using mixed mode explicitly
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='iptv'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:1510:WAN-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Result**:
+```
+config interface 'iptv'
+    option device 'br-iptv.1510'
+    option proto 'none'
+
+config bridge-vlan brvlan_1510_iptv
+    option device 'br-iptv'
+    option vlan '1510'
+    list ports 'eth2:u'      # LAN3 untagged
+    list ports 'eth3:u'      # LAN4 untagged
+    list ports 'ae_wan:t'    # WAN tagged
+```
+
+---
+
+### Example 5: Multi-Service with Different Tagging
+
+**Scenario**: Internet with LAN1+WAN tagged, IPTV with only WAN tagged
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet,tv'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:1499:LAN1-WAN,brvlan:mixed:1510:WAN-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+**Result**:
+
+**Internet Service (VLAN 1499)**:
+```
+config bridge-vlan brvlan_1499_internet
+    option device 'br-internet'
+    option vlan '1499'
+    list ports 'eth0:t'      # LAN1 tagged
+    list ports 'eth1:u'      # LAN2 untagged
+    list ports 'ae_wan:t'    # WAN tagged
+```
+
+**TV Service (VLAN 1510)**:
+```
+config bridge-vlan brvlan_1510_tv
+    option device 'br-tv'
+    option vlan '1510'
+    list ports 'eth2:u'      # LAN3 untagged
+    list ports 'eth3:u'      # LAN4 untagged
+    list ports 'ae_wan:t'    # WAN tagged
+```
+
+---
+
+### Example 6: Trunk Port Configuration
+
+**Scenario**: LAN1 as trunk port (tagged), others as access ports (untagged)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='vlan100'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100:LAN1'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-LAN4'
+uci commit netmode && service netmode restart
+```
+
+**Result**:
+```
+config bridge-vlan brvlan_100_vlan100
+    option device 'br-vlan100'
+    option vlan '100'
+    list ports 'eth0:t'      # LAN1 tagged (trunk port)
+    list ports 'eth1:u'      # LAN2 untagged (access port)
+    list ports 'eth2:u'      # LAN3 untagged (access port)
+    list ports 'eth3:u'      # LAN4 untagged (access port)
+```
+
+---
+
+## Comparison: Mixed Mode vs Other Modes
+
+| Mode | Syntax | Tagged Ports | Untagged Ports |
+|------|--------|--------------|----------------|
+| **tagged** | `brvlan:tagged:100` | ALL | None |
+| **wan-tagged** | `brvlan:wan-tagged:100` | WAN only | All LAN |
+| **mixed (default)** | `brvlan:mixed:100` | WAN only | All LAN |
+| **mixed (custom)** | `brvlan:mixed:100:LAN1-WAN` | LAN1, WAN | All others |
+
+---
+
+## Use Cases
+
+### Use Case 1: DMZ Configuration
+- **LAN1**: Tagged (DMZ network with VLAN tag)
+- **LAN2-4**: Untagged (local network)
+- **WAN**: Tagged (ISP requirement)
+
+```bash
+brvlan:mixed:100:LAN1-WAN
+```
+
+### Use Case 2: Guest Network
+- **LAN1-2**: Tagged (guest WiFi APs that handle VLANs)
+- **LAN3-4**: Untagged (local devices)
+- **WAN**: Untagged (local ISP connection)
+
+```bash
+brvlan:mixed:50:LAN1-LAN2
+```
+
+### Use Case 3: Managed Switch Uplink
+- **LAN1**: Tagged (uplink to managed switch)
+- **LAN2-4**: Untagged (end user devices)
+- **WAN**: Tagged (ISP VLAN)
+
+```bash
+brvlan:mixed:200:LAN1-WAN
+```
+
+---
+
+## Port Specification Reference
+
+When specifying tagged ports in mixed mode:
+
+| Specification | Resolves To | Example |
+|---------------|-------------|---------|
+| `WAN` | WAN device | `ae_wan` |
+| `LAN1` | LAN1 device from UCI | `eth0` |
+| `LAN1-LAN2` | LAN1 and LAN2 | `eth0`, `eth1` |
+| `LAN1-WAN` | LAN1 and WAN | `eth0`, `ae_wan` |
+| `ALL` | Not supported in tagged ports spec | Use `brvlan:tagged` instead |
+
+---
+
+## Troubleshooting
+
+### Verify Port Tagging
+
+```bash
+# View bridge VLAN table
+bridge vlan show
+
+# Expected output shows :t (tagged) or :u (untagged)
+port              vlan-id
+eth0              100 Tagged
+eth1              100 Untagged
+ae_wan            100 Tagged
+```
+
+### Check Configuration
+
+```bash
+# View bridge-vlan sections
+uci show network | grep bridge-vlan -A5
+
+# Look for ports list with :t or :u suffixes
+```
+
+### Common Mistakes
+
+1. **Wrong Syntax**: Must use colon between VID and port spec
+   - ❌ `brvlan:mixed:100-LAN1-WAN`
+   - ✅ `brvlan:mixed:100:LAN1-WAN`
+
+2. **Using ALL**: Don't use ALL in tagged ports
+   - ❌ `brvlan:mixed:100:ALL`
+   - ✅ Use `brvlan:tagged:100` instead
+
+3. **Duplicate Ports**: Port appears in both bridge port list and tagged spec
+   - Ensure the port list in arg 3 includes all ports you reference in arg 2
+
+---
+
+## Advanced: Multiple VLANs on Same Bridge
+
+While this guide focuses on single VLAN per bridge, you can create multiple bridge-vlan sections manually after netmode configuration for trunk scenarios. However, this is beyond the scope of netmode automation.
+
+---
+
+**Document Version**: 1.0
+**Last Updated**: 2025-12-12
+**Feature**: Bridge VLAN Filtering Mixed Mode

netmode/docs/CONFIGURATION_SCENARIOS.md

@@ -0,0 +1,739 @@
+# Advanced Mode - Configuration Scenarios
+
+Complete examples for common use cases with both UCI and TR-181 configuration methods.
+
+---
+
+## Scenario 1: Simple Home Router (Transparent Bridge)
+
+**Use Case**: All ports bridged together for simple home network
+
+**Network Topology**:
+```
+All LAN ports + WAN → br-wan (no VLANs)
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='wan'
+uci set netmode.mode_4_supprted_args_2.value='bridge:transparent'
+uci set netmode.mode_4_supprted_args_3.value='ALL'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>wan</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>bridge:transparent</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>ALL</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- Single bridge interface `br-wan`
+- All ports untagged
+- DHCP client enabled
+
+---
+
+## Scenario 2: Traditional LAN Bridge with Routed WAN
+
+**Use Case**: Classic router setup with LAN bridge and separate routed WAN
+
+**Network Topology**:
+```
+All LAN ports → br-lan (bridge)
+WAN port → wan (routed interface)
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='lan,wan'
+uci set netmode.mode_4_supprted_args_2.value='bridge:transparent,route:transparent'
+uci set netmode.mode_4_supprted_args_3.value='ALL_LAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>lan,wan</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>bridge:transparent,route:transparent</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>ALL_LAN,WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- Bridge interface `br-lan` with all LAN ports only
+- Routed interface `wan` on WAN port
+- Traditional router topology
+
+---
+
+## Scenario 3: ISP Internet Service (Single VLAN)
+
+**Use Case**: ISP requires VLAN 100 on WAN port for internet access
+
+**Network Topology**:
+```
+WAN.100 (tagged) + LAN1-4 (untagged) → br-internet.100
+```
+
+### UCI Configuration (Bridge VLAN Filtering - Recommended)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100'
+uci set netmode.mode_4_supprted_args_3.value='ALL'
+uci commit netmode && service netmode restart
+```
+
+### UCI Configuration (Traditional VLAN Devices)
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet'
+uci set netmode.mode_4_supprted_args_2.value='bridge:wan-tagged:100'
+uci set netmode.mode_4_supprted_args_3.value='ALL'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>internet</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>brvlan:wan-tagged:100</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>ALL</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- WAN port tagged with VLAN 100
+- LAN ports untagged
+- DHCP client enabled
+
+---
+
+## Scenario 4: ISP Dual Service (Internet + IPTV)
+
+**Use Case**: ISP provides Internet on VLAN 1499 and IPTV on VLAN 1510
+
+**Network Topology**:
+```
+Internet: WAN.1499 (tagged) + LAN1-2 (untagged) → br-internet.1499
+IPTV: WAN.1510 (tagged) + LAN3-4 (untagged) → br-tv.1510
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet,tv'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>internet,tv</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>LAN1-LAN2-WAN,LAN3-LAN4-WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- Internet bridge on VLAN 1499 with LAN1-2
+- IPTV bridge on VLAN 1510 with LAN3-4 (proto=none, no DHCP)
+- Both services use WAN port with respective VLANs
+
+---
+
+## Scenario 5: ISP Triple-Play (Internet + IPTV + VoIP)
+
+**Use Case**: Full triple-play service with Internet, IPTV, and VoIP
+
+**Network Topology**:
+```
+Internet: WAN.100 (tagged) + LAN1-2 (untagged) → br-internet.100
+IPTV: WAN.200 (tagged) + LAN3 (untagged) → br-tv.200
+VoIP: WAN.300 (tagged) + LAN4 (untagged) → br-voip.300
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='internet,tv,voip'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-WAN,LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>internet,tv,voip</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>brvlan:wan-tagged:100,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300-n</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>LAN1-LAN2-WAN,LAN3-WAN,LAN4-WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- Internet on VLAN 100 with DHCP (LAN1-2)
+- IPTV on VLAN 200 without DHCP (LAN3)
+- VoIP on VLAN 300 without DHCP (LAN4)
+
+---
+
+## Scenario 6: Routed Multi-Service (Internet + IPTV + Management)
+
+**Use Case**: Multiple routed services on different VLANs with NAT/firewall
+
+**Network Topology**:
+```
+WAN.100 → wan (routed, DHCP, firewall)
+WAN.200 → iptv (routed, DHCP, firewall)
+WAN.300 → mgmt (routed, DHCP, firewall)
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='wan,iptv,mgmt'
+uci set netmode.mode_4_supprted_args_2.value='route:vlan:100,route:vlan:200,route:vlan:300'
+uci set netmode.mode_4_supprted_args_3.value='WAN,WAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>wan,iptv,mgmt</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>route:vlan:100,route:vlan:200,route:vlan:300</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>WAN,WAN,WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- Three separate routed interfaces
+- Each with own firewall zone
+- All with DHCP clients enabled
+
+---
+
+## Scenario 7: Hybrid Setup (Routed Internet + Bridged IPTV)
+
+**Use Case**: Internet needs routing/NAT, but IPTV needs transparent bridge to STBs
+
+**Network Topology**:
+```
+WAN.100 → wan (routed, firewall)
+WAN.200 + LAN1-3 → br-iptv.200 (bridged, transparent)
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='wan,iptv'
+uci set netmode.mode_4_supprted_args_2.value='route:vlan:100,brvlan:wan-tagged:200-n'
+uci set netmode.mode_4_supprted_args_3.value='WAN,LAN1-LAN2-LAN3-WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>wan,iptv</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>route:vlan:100,brvlan:wan-tagged:200-n</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>WAN,LAN1-LAN2-LAN3-WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- WAN interface routed with firewall
+- IPTV bridged transparently to LAN ports
+- Firewall enabled (because of routed interface)
+
+---
+
+## Scenario 8: Corporate Network with Trunk Port
+
+**Use Case**: LAN1 is trunk port to managed switch, other ports are access ports
+
+**Network Topology**:
+```
+VLAN 200: LAN1 (tagged) + WAN (tagged) + LAN2-3 (untagged) → br-corporate.200
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='corporate'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:200:LAN1-WAN'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>corporate</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>brvlan:mixed:200:LAN1-WAN</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>LAN1-LAN2-LAN3-WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- LAN1 and WAN tagged (trunk ports)
+- LAN2-3 untagged (access ports)
+- All on VLAN 200
+
+---
+
+## Scenario 9: Enterprise Multi-VLAN (Separate Networks)
+
+**Use Case**: Separate networks for guest, corporate, and management
+
+**Network Topology**:
+```
+Guest: WAN.100 (tagged) + LAN1 (untagged) → br-guest.100
+Corporate: WAN.200 (tagged) + LAN2-3 (untagged) → br-corporate.200
+Management: WAN.300 (tagged) + LAN4 (untagged) → br-mgmt.300
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='guest,corporate,mgmt'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100-n,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-WAN,LAN2-LAN3-WAN,LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>guest,corporate,mgmt</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>brvlan:wan-tagged:100-n,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>LAN1-WAN,LAN2-LAN3-WAN,LAN4-WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- Guest network on VLAN 100 (no DHCP)
+- Corporate network on VLAN 200 (no DHCP)
+- Management network on VLAN 300 (DHCP enabled)
+
+---
+
+## Scenario 10: Wholesale QinQ Provider
+
+**Use Case**: Service provider supporting multiple customers with QinQ (802.1ad)
+
+**Network Topology**:
+```
+Customer A: All ports double-tagged (S-tag 100, C-tag 10)
+Customer B: All ports double-tagged (S-tag 100, C-tag 20)
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='customer_a,customer_b'
+uci set netmode.mode_4_supprted_args_2.value='bridge:qinq:10:100-n,bridge:qinq:20:100-n'
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>customer_a,customer_b</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>bridge:qinq:10:100-n,bridge:qinq:20:100-n</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>LAN1-LAN2-WAN,LAN3-LAN4-WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- Customer A bridge with C-tag 10, S-tag 100
+- Customer B bridge with C-tag 20, S-tag 100
+- Both without DHCP (proto=none)
+
+**Note**: QinQ requires traditional `bridge:` mode, not available with `brvlan:` mode.
+
+---
+
+## Scenario 11: MACVLAN Multi-Service (Different MAC Addresses)
+
+**Use Case**: ISP requires different MAC addresses for Internet and IPTV services
+
+**Network Topology**:
+```
+WAN (default MAC) → wan (routed)
+WAN (custom MAC) → iptv (routed)
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='wan,iptv'
+uci set netmode.mode_4_supprted_args_2.value='route:transparent,route:macvlan:AA:BB:CC:DD:EE:FF'
+uci set netmode.mode_4_supprted_args_3.value='WAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>wan,iptv</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>route:transparent,route:macvlan:AA:BB:CC:DD:EE:FF</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>WAN,WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- WAN interface with default MAC
+- IPTV interface with custom MAC (AA:BB:CC:DD:EE:FF)
+- Both routed with firewall
+
+---
+
+## Scenario 12: Standalone VLAN Interface
+
+**Use Case**: WAN as standalone VLAN interface (no bridge, no routing, for custom protocols)
+
+**Network Topology**:
+```
+WAN.2501 → wan (standalone, proto=none)
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='wan'
+uci set netmode.mode_4_supprted_args_2.value='direct:2501'
+uci set netmode.mode_4_supprted_args_3.value='WAN'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>wan</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>direct:2501</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>WAN</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- WAN.2501 VLAN device created
+- No bridge, no routing layer
+- proto=none (manual configuration needed)
+
+---
+
+## Scenario 13: All Ports Tagged (Managed Network)
+
+**Use Case**: All ports need VLAN tags for managed switch environment
+
+**Network Topology**:
+```
+VLAN 100: All ports tagged → br-mgmt.100
+```
+
+### UCI Configuration
+
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.mode_4_supprted_args_1.value='mgmt'
+uci set netmode.mode_4_supprted_args_2.value='brvlan:tagged:100'
+uci set netmode.mode_4_supprted_args_3.value='ALL'
+uci commit netmode && service netmode restart
+```
+
+### TR-181 Configuration
+
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>advanced</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
+      <Value>mgmt</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
+      <Value>brvlan:tagged:100</Value>
+    </ParameterValueStruct>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
+      <Value>ALL</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+**Result**:
+- All ports (LAN + WAN) tagged with VLAN 100
+- Single bridge with VLAN filtering
+- DHCP client enabled
+
+---
+
+## Quick Reference: Configuration Cheat Sheet
+
+### Interface Types
+
+| Type | Syntax | When to Use |
+|------|--------|-------------|
+| Transparent Bridge | `bridge:transparent` | Simple home network, no VLANs |
+| Bridge VLAN Filtering (Tagged) | `brvlan:tagged:VID` | All ports need VLAN tags, modern approach |
+| Bridge VLAN Filtering (WAN Tagged) | `brvlan:wan-tagged:VID` | ISP VLAN on WAN, LAN untagged (recommended) |
+| Bridge VLAN Filtering (Mixed) | `brvlan:mixed:VID:PORTS` | Custom trunk/access port setup |
+| Traditional Tagged Bridge | `bridge:tagged:VID` | Legacy systems, all ports tagged |
+| Traditional WAN Tagged | `bridge:wan-tagged:VID` | Legacy ISP VLAN setup |
+| QinQ Bridge | `bridge:qinq:CVID:SVID` | Wholesale provider, double tagging |
+| Routed VLAN | `route:vlan:VID` | Need routing/NAT per service |
+| Routed MACVLAN | `route:macvlan:MAC` | Different MAC per service |
+| Direct VLAN | `direct:VID` | Standalone VLAN for custom protocols |
+
+### Modifiers
+
+| Modifier | Effect | Example |
+|----------|--------|---------|
+| `-n` | Disable DHCP client (proto=none) | `brvlan:wan-tagged:100-n` |
+| `-d` | Disable interface | `route:vlan:200-d` |
+
+### Port Specifications
+
+| Syntax | Meaning |
+|--------|---------|
+| `ALL` | All LAN + WAN ports |
+| `WAN` | WAN port only |
+| `LAN1-LAN2-WAN` | LAN1, LAN2, and WAN |
+| `LAN1-LAN3` | LAN1 and LAN3 only |
+
+### MAC Address Macros
+
+| Macro | Description | Example Result |
+|-------|-------------|----------------|
+| `BaseMACAddress` | Base MAC from `fw_printenv -n ethaddr` | `94:3F:0C:D5:76:00` |
+| `BaseMACAddressP1` | Base MAC + 1 | `94:3F:0C:D5:76:01` |
+| `BaseMACAddressP2` | Base MAC + 2 | `94:3F:0C:D5:76:02` |
+| `BaseMACAddressPN` | Base MAC + N | `BaseMACAddressP5` → `94:3F:0C:D5:76:05` |
+| Explicit MAC | Direct assignment | `AA:BB:CC:DD:EE:FF` |
+
+---
+
+**Document Version**: 1.0
+**Last Updated**: 2025-12-12

netmode/docs/README.md

@@ -0,0 +1,422 @@
+# Netmode - Network Mode Switching for OpenWrt/iopsys
+
+**Version**: 1.1.11
+**License**: GPL-2.0-only
+**Maintainer**: iopsys
+
+## Overview
+
+Netmode is a network configuration management package for OpenWrt/iopsys-based routers that enables seamless switching between different WAN connection types. It provides a unified interface for managing network modes including DHCP, PPPoE, Static IP, and Bridge configurations.
+
+### Key Features
+
+- **Simple Mode Switching**: Change WAN connection type with a single command
+- **Multiple Mode Support**: DHCP, PPPoE, Static IP, and Bridged mode
+- **Automatic Configuration**: Handles network, firewall, DHCP, and multicast settings
+- **TR-069/USP Integration**: Remote management via BBF data model
+- **Extensible Architecture**: Easy to add custom network modes
+- **Safe Transitions**: Proper cleanup and validation during mode switches
+
+## Quick Start
+
+### Installation
+
+```bash
+# Install via opkg
+opkg update
+opkg install netmode
+
+# Or build from source
+make package/feeds/iopsys/netmode/compile
+```
+
+### Basic Usage
+
+```bash
+# Check current mode
+cat /etc/netmodes/.last_mode
+
+# Switch to DHCP mode
+uci set netmode.global.mode='routed-dhcp'
+uci commit netmode
+service netmode restart
+
+# Switch to PPPoE mode
+uci set netmode.global.mode='routed-pppoe'
+uci set netmode.@supported_args[2].value='username@isp.com'
+uci set netmode.@supported_args[3].value='password'
+uci commit netmode
+service netmode restart
+```
+
+## Supported Modes
+
+| Mode | Description | Use Case |
+|------|-------------|----------|
+| **routed-dhcp** | Router with DHCP WAN | Cable/Fiber internet with automatic IP |
+| **routed-pppoe** | Router with PPPoE WAN | DSL internet with authentication |
+| **routed-static** | Router with Static IP WAN | Business connections with fixed IP |
+| **advanced** ⭐ | **Unified Advanced Mode** | Bridges, routed interfaces, VLAN, QinQ, MACVLAN - all in one |
+
+### Advanced Mode (v1.1.11+) - Recommended
+
+The **advanced** mode is a unified, powerful configuration mode that replaces both `bridged` and `routed-multi-service` modes. It supports:
+
+✅ **Bridge interfaces** with VLAN/QinQ support (traditional VLAN devices)
+✅ **Bridge VLAN filtering** (modern kernel bridge VLAN filtering - **recommended**)
+✅ **Routed interfaces** with VLAN/MACVLAN support
+✅ **Standalone VLAN interfaces** (direct, no bridge)
+✅ **Mixed scenarios** (combine bridges and routed interfaces)
+✅ **Flexible configuration** with single, intuitive syntax
+✅ **MAC address assignment** with macros (BaseMACAddress, BaseMACAddressPNN)
+✅ **Comprehensive validation** with helpful error messages
+
+**Quick Example - Triple-Play Service**:
+```bash
+uci set netmode.global.mode='advanced'
+uci set netmode.@supported_args[0].value='wan,iptv,mgmt'
+uci set netmode.@supported_args[1].value='route:vlan:100,route:vlan:200,route:vlan:300'
+uci set netmode.@supported_args[2].value='WAN,WAN,WAN'
+uci commit netmode && service netmode restart
+```
+
+See **[ADVANCED_MODE_GUIDE.md](ADVANCED_MODE_GUIDE.md)** for complete documentation.
+
+## Documentation
+
+Comprehensive documentation is available in the following guides:
+
+### For Users
+- **[ADVANCED_MODE_GUIDE.md](ADVANCED_MODE_GUIDE.md)** ⭐ - **Complete advanced mode guide** (RECOMMENDED)
+  - All interface types (bridge, routed, standalone)
+  - VLAN, QinQ, MACVLAN configurations
+  - Bridge VLAN filtering (modern approach)
+  - Real-world use case scenarios
+  - TR-069/USP examples
+  - Troubleshooting
+- **[BRIDGE_VLAN_FILTERING.md](BRIDGE_VLAN_FILTERING.md)** 🆕 - **Bridge VLAN filtering guide**
+  - Modern bridge VLAN filtering feature
+  - Syntax and configuration examples
+  - Performance benefits
+  - Migration from traditional VLAN devices
+- **[ADVANCED_MODE_QUICK_REFERENCE.md](ADVANCED_MODE_QUICK_REFERENCE.md)** - Quick reference for advanced mode
+- **[CONFIGURATION_SCENARIOS.md](CONFIGURATION_SCENARIOS.md)** - Real-world configuration examples with UCI and TR-181
+- **[VALIDATION_AND_ERROR_HANDLING.md](VALIDATION_AND_ERROR_HANDLING.md)** 🆕 - **Validation and error handling guide**
+  - Input validation rules
+  - Error messages and troubleshooting
+  - Common validation errors
+  - Testing validation
+- **[USER_GUIDE.md](USER_GUIDE.md)** - User guide for basic modes (DHCP, PPPoE, Static)
+  - Getting started
+  - Mode descriptions
+  - Common use cases
+  - FAQ
+
+### For Developers
+- **[DEVELOPER_GUIDE.md](DEVELOPER_GUIDE.md)** - Developer documentation
+  - Development environment setup
+  - Code organization
+  - API reference
+  - Testing framework
+  - Contributing guidelines
+
+### For Implementers
+- **[IMPLEMENTATION_GUIDE.md](IMPLEMENTATION_GUIDE.md)** - Implementation details
+  - Architecture overview
+  - Creating custom modes
+  - Environment variables
+  - Hook system
+  - Data model integration
+
+## Architecture
+
+```
+┌─────────────────────────────────────────┐
+│         Netmode System                   │
+├─────────────────────────────────────────┤
+│  UCI Config → Init Service → Mode Scripts│
+│       ↓             ↓              ↓     │
+│  Environment    Pre-hooks      UCI Copy │
+│   Variables       ↓              ↓       │
+│       ↓       Mode Scripts   Post-hooks │
+│       └──────────┴────────────┘         │
+│              Network Reconfiguration     │
+└─────────────────────────────────────────┘
+```
+
+### Components
+
+- **Init Service** (`/etc/init.d/netmode`): Orchestrates mode switching
+- **Mode Scripts** (`/etc/netmodes/<mode>/scripts/`): Mode-specific configuration
+- **UCI Config** (`/etc/config/netmode`): Mode definitions and parameters
+- **Data Model** (`datamodel.json`): BBF TR-181 integration
+- **Hooks** (`/lib/netmode/{pre,post}/`): Pre/post mode switch scripts
+
+## Configuration Examples
+
+### DHCP with VLAN
+
+```bash
+uci set netmode.global.mode='routed-dhcp'
+uci set netmode.@supported_args[0].value='100'  # VLAN ID
+uci commit netmode
+service netmode restart
+```
+
+### PPPoE with Custom DNS
+
+```bash
+uci set netmode.global.mode='routed-pppoe'
+uci set netmode.@supported_args[2].value='user@isp.com'
+uci set netmode.@supported_args[3].value='password123'
+uci set netmode.@supported_args[6].value='8.8.8.8,8.8.4.4'
+uci commit netmode
+service netmode restart
+```
+
+### Static IP Business Connection
+
+```bash
+uci set netmode.global.mode='routed-static'
+uci set netmode.@supported_args[6].value='203.0.113.10'
+uci set netmode.@supported_args[7].value='255.255.255.0'
+uci set netmode.@supported_args[8].value='203.0.113.1'
+uci commit netmode
+service netmode restart
+```
+
+## Creating Custom Modes
+
+Custom network modes can be added by following these steps:
+
+1. **Create mode directory structure**:
+   ```bash
+   mkdir -p /etc/netmodes/my-mode/scripts
+   ```
+
+2. **Define mode in supported_modes.json**:
+   ```json
+   {
+     "name": "my-mode",
+     "description": "My Custom Mode",
+     "supported_args": [...]
+   }
+   ```
+
+3. **Create mode script**:
+   ```bash
+   cat > /etc/netmodes/my-mode/scripts/10-my-mode << 'EOF'
+   #!/bin/sh
+   # Configuration logic here
+   EOF
+   chmod +x /etc/netmodes/my-mode/scripts/10-my-mode
+   ```
+
+4. **Import to UCI and test**:
+   ```bash
+   sh /etc/uci-defaults/40_netmode_populated_supported_modes
+   uci set netmode.global.mode='my-mode'
+   service netmode restart
+   ```
+
+See [IMPLEMENTATION_GUIDE.md](IMPLEMENTATION_GUIDE.md#creating-a-new-network-mode) for detailed instructions.
+
+## TR-069/USP Integration
+
+Netmode exposes a BBF TR-181 data model for remote management:
+
+**Data Model Path**: `Device.X_IOWRT_EU_NetMode.`
+
+```
+Device.X_IOWRT_EU_NetMode.
+├── Enable (boolean, r/w)
+├── Mode (string, r/w)
+├── SupportedModesNumberOfEntries (unsignedInt, r)
+└── SupportedModes.{i}.
+    ├── Name (string, r)
+    ├── Description (string, r)
+    └── SupportedArguments.{i}.
+        ├── Name (string, r)
+        ├── Type (string, r)
+        ├── Required (boolean, r)
+        └── Value (string, r/w)
+```
+
+Example TR-069 operation:
+```xml
+<SetParameterValues>
+  <ParameterList>
+    <ParameterValueStruct>
+      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
+      <Value>routed-dhcp</Value>
+    </ParameterValueStruct>
+  </ParameterList>
+</SetParameterValues>
+```
+
+## System Requirements
+
+- **Platform**: OpenWrt/iopsys
+- **Dependencies**:
+  - `dm-service` (BBF data model service)
+  - `uci`
+  - `procd`
+  - `libubox` (jshn)
+- **Recommended**:
+  - `logread` for monitoring
+  - `firewall`, `odhcpd`, `mcast` for full functionality
+
+## File Structure
+
+```
+netmode/
+├── Makefile                          # Package build definition
+├── README.md                         # This file
+├── IMPLEMENTATION_GUIDE.md           # Implementation guide
+├── DEVELOPER_GUIDE.md                # Developer documentation
+├── USER_GUIDE.md                     # User documentation
+├── bbfdm_service.json                # BBF service registration
+└── files/
+    ├── etc/
+    │   ├── config/netmode            # UCI configuration
+    │   ├── init.d/netmode            # Init script (START=11)
+    │   ├── uci-defaults/             # First-boot scripts
+    │   └── netmodes/
+    │       ├── supported_modes.json  # Mode definitions
+    │       ├── routed-dhcp/scripts/
+    │       ├── routed-pppoe/scripts/
+    │       ├── routed-static/scripts/
+    │       └── bridged/scripts/
+    └── lib/
+        ├── netmode/
+        │   ├── pre/                  # Pre-switch hooks
+        │   └── post/                 # Post-switch hooks
+        └── upgrade/keep.d/netmode    # Sysupgrade preservation
+```
+
+## Troubleshooting
+
+### Mode Not Switching
+
+```bash
+# Check if enabled
+uci get netmode.global.enabled
+
+# Check logs
+logread | grep netmode
+
+# Force mode change
+rm /etc/netmodes/.last_mode
+service netmode restart
+```
+
+### No Internet After Switch
+
+```bash
+# Verify mode applied
+cat /etc/netmodes/.last_mode
+
+# Check WAN status
+ifconfig wan
+ip route
+
+# Restart network
+/etc/init.d/network restart
+```
+
+### PPPoE Authentication Failed
+
+```bash
+# Check credentials
+uci show network.wan | grep -E "username|password"
+
+# Check logs
+logread | grep ppp
+
+# Verify VLAN if required
+uci get network.wan.device
+```
+
+See [USER_GUIDE.md](USER_GUIDE.md#troubleshooting) for comprehensive troubleshooting.
+
+## Development
+
+### Building
+
+```bash
+# Clone repository
+cd feeds/iopsys/netmode
+
+# Build package
+make package/feeds/iopsys/netmode/compile V=s
+
+# Install on device
+scp bin/packages/*/iopsys/netmode_*.ipk root@192.168.1.1:/tmp/
+ssh root@192.168.1.1 "opkg install /tmp/netmode_*.ipk"
+```
+
+### Testing
+
+```bash
+# Run mode switch test
+./test-mode-switch.sh routed-dhcp
+
+# Monitor logs
+logread -f | grep netmode
+
+# Verify configuration
+uci show network
+cat /etc/netmodes/.last_mode
+```
+
+### Contributing
+
+Contributions are welcome! Please follow these steps:
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Test thoroughly on target hardware
+5. Update documentation
+6. Submit a pull request
+
+See [DEVELOPER_GUIDE.md](DEVELOPER_GUIDE.md#contributing-guidelines) for detailed guidelines.
+
+## License
+
+This project is licensed under the GNU General Public License v2.0 only.
+
+See `/LICENSE` for more information.
+
+## Support
+
+- **Documentation**: See guides in this repository
+- **Issues**: Contact iopsys development team
+- **Community**: OpenWrt and iopsys forums
+
+## Changelog
+
+### Version 1.1.11
+- Current stable release
+- Support for DHCP, PPPoE, Static IP, and Bridge modes
+- BBF TR-181 data model integration
+- Comprehensive documentation
+
+## Acknowledgments
+
+- OpenWrt project for the underlying platform
+- iopsys for development and maintenance
+- Contributors and testers
+
+## Related Projects
+
+- [OpenWrt](https://openwrt.org/) - Linux operating system for embedded devices
+- [iopsys](https://www.iopsys.eu/) - Broadband device management
+- [BBF](https://www.broadband-forum.org/) - Broadband Forum standards
+
+---
+
+**For detailed information, please refer to the specific guides:**
+- Users: [USER_GUIDE.md](USER_GUIDE.md)
+- Developers: [DEVELOPER_GUIDE.md](DEVELOPER_GUIDE.md)
+- Implementers: [IMPLEMENTATION_GUIDE.md](IMPLEMENTATION_GUIDE.md)

netmode/docs/USER_GUIDE.md

@@ -0,0 +1,887 @@
+# Netmode User Guide
+
+## Table of Contents
+1. [Introduction](#introduction)
+2. [Getting Started](#getting-started)
+3. [Available Network Modes](#available-network-modes)
+4. [Configuration Methods](#configuration-methods)
+5. [Common Use Cases](#common-use-cases)
+6. [Troubleshooting](#troubleshooting)
+7. [FAQ](#faq)
+8. [Glossary](#glossary)
+
+---
+
+## Introduction
+
+### What is Netmode?
+
+Netmode is a network configuration management system for iopsys-based routers that allows you to easily switch between different WAN (Wide Area Network) connection types without manual configuration.
+
+### Why Use Netmode?
+
+- **Simplicity**: Switch network modes with a single command
+- **Flexibility**: Support for multiple WAN connection types
+- **Consistency**: Ensures proper configuration of all related network services
+- **Remote Management**: Can be controlled via TR-069/USP protocols
+- **Safety**: Automatically handles complex network reconfigurations
+
+### Supported Connection Types
+
+- **DHCP**: Automatic IP configuration (most common for cable/fiber connections)
+- **PPPoE**: Username/password authentication (common for DSL connections)
+- **Static IP**: Manual IP configuration (business connections)
+- **Bridged Mode**: Bridge/modem mode (disable routing)
+
+---
+
+## Getting Started
+
+### Checking if Netmode is Installed
+
+```bash
+# Check if netmode package is installed
+opkg list-installed | grep netmode
+
+# Check netmode service status
+service netmode status
+```
+
+Expected output:
+```
+netmode - 1.1.11-1 - Network Modes and Utils
+```
+
+### Checking Current Mode
+
+```bash
+# View current configuration
+uci show netmode.global
+
+# Check active mode
+cat /etc/netmodes/.last_mode
+```
+
+Example output:
+```
+netmode.global=netmode
+netmode.global.enabled='1'
+netmode.global.mode='routed-dhcp'
+```
+
+### Viewing Available Modes
+
+```bash
+# List all supported modes
+uci show netmode | grep "supported_modes.*name"
+```
+
+Example output:
+```
+netmode.@supported_modes[0].name='routed-dhcp'
+netmode.@supported_modes[1].name='routed-pppoe'
+netmode.@supported_modes[2].name='routed-static'
+netmode.@supported_modes[3].name='bridged'
+```
+
+---
+
+## Available Network Modes
+
+### 1. Routed DHCP Mode
+
+**Mode Name**: `routed-dhcp`
+
+**When to Use**:
+- Cable internet connection
+- Fiber internet connection
+- Any ISP that automatically provides IP configuration
+
+**Features**:
+- Automatic IP address assignment
+- Built-in router (NAT)
+- Firewall enabled
+- DHCP server for local devices
+- IPv4 and IPv6 support
+
+**Configuration Parameters**:
+- `vlanid` (optional): VLAN ID if required by ISP
+- `dns_servers` (optional): Custom DNS servers (comma-separated)
+
+**Example Configuration**:
+```bash
+# Basic DHCP mode
+uci set netmode.global.mode='routed-dhcp'
+uci commit netmode
+service netmode restart
+
+# DHCP with VLAN ID 100
+uci set netmode.global.mode='routed-dhcp'
+# Find VLAN argument and set value
+uci set netmode.@supported_args[0].value='100'
+uci commit netmode
+service netmode restart
+```
+
+---
+
+### 2. Routed PPPoE Mode
+
+**Mode Name**: `routed-pppoe`
+
+**When to Use**:
+- DSL internet connection
+- ISP requires username and password authentication
+- Connection uses PPPoE protocol
+
+**Features**:
+- Username/password authentication
+- Built-in router (NAT)
+- Firewall enabled
+- DHCP server for local devices
+- Automatic MTU optimization
+
+**Required Parameters**:
+- `username`: PPPoE username (provided by ISP)
+- `password`: PPPoE password (provided by ISP)
+
+**Optional Parameters**:
+- `vlanid`: VLAN ID if required by ISP
+- `mtu`: Maximum transmission unit (default: 1492 for PPPoE)
+- `dns_servers`: Custom DNS servers (comma-separated)
+
+**Example Configuration**:
+```bash
+# Set mode
+uci set netmode.global.mode='routed-pppoe'
+
+# Set username (find correct argument index)
+uci set netmode.@supported_args[2].value='myuser@isp.com'
+
+# Set password
+uci set netmode.@supported_args[3].value='mypassword'
+
+# Optional: Set VLAN
+uci set netmode.@supported_args[4].value='100'
+
+# Optional: Set MTU
+uci set netmode.@supported_args[5].value='1492'
+
+# Apply configuration
+uci commit netmode
+service netmode restart
+```
+
+**Important Notes**:
+- Device will reboot after configuration
+- Keep ISP credentials safe
+- Most DSL connections use VLAN ID 7 or 100 (check with ISP)
+- MTU typically 1492 for PPPoE (auto-configured)
+
+---
+
+### 3. Routed Static IP Mode
+
+**Mode Name**: `routed-static`
+
+**When to Use**:
+- Business internet connection with static IP
+- ISP provided specific IP address, subnet mask, and gateway
+- Fixed IP address required for services (web server, VPN, etc.)
+
+**Features**:
+- Manual IP configuration
+- Built-in router (NAT)
+- Firewall enabled
+- DHCP server for local devices
+- Fixed WAN IP address
+
+**Required Parameters**:
+- `ipaddr`: Static IP address (e.g., 93.21.0.104)
+- `netmask`: Subnet mask (e.g., 255.255.255.0)
+- `gateway`: Default gateway IP (e.g., 93.21.0.1)
+
+**Optional Parameters**:
+- `vlanid`: VLAN ID if required
+- `dns_servers`: DNS servers (comma-separated, e.g., 8.8.8.8,8.8.4.4)
+
+**Example Configuration**:
+```bash
+# Set mode
+uci set netmode.global.mode='routed-static'
+
+# Set IP address
+uci set netmode.@supported_args[6].value='93.21.0.104'
+
+# Set subnet mask
+uci set netmode.@supported_args[7].value='255.255.255.0'
+
+# Set gateway
+uci set netmode.@supported_args[8].value='93.21.0.1'
+
+# Optional: Set DNS servers
+uci set netmode.@supported_args[9].value='8.8.8.8,8.8.4.4'
+
+# Apply configuration
+uci commit netmode
+service netmode restart
+```
+
+**Important Notes**:
+- Use exact IP settings provided by ISP
+- Incorrect settings will result in no internet connectivity
+- DNS servers are optional but recommended
+- Device will reboot after configuration
+
+---
+
+### 4. Bridged Mode
+
+**Mode Name**: `bridged`
+
+**When to Use**:
+- Using router as a bridge/modem only
+- Another router handles routing and DHCP
+- ISP requires bridge mode
+- Cascading routers (not recommended, prefer this mode on upstream device)
+- Advanced VLAN configurations (multiple bridges, QinQ)
+
+**Features**:
+- Supports multiple bridge configurations
+- VLAN tagging and QinQ support
+- Can create standalone VLAN interfaces (no bridge)
+- No routing (NAT disabled)
+- Firewall disabled
+- DHCP server disabled
+- Device acts as transparent bridge
+
+**Configuration Parameters**:
+- `interface_names` (optional): Comma-separated interface names (default: wan)
+- `interface_types` (optional): Comma-separated types (transparent, tagged:VID, direct:VID, qinq:C:S, etc.)
+- `ports` (optional): Comma-separated port lists (default: ALL)
+
+**Basic Configuration**:
+```bash
+# Simple transparent bridge
+uci set netmode.global.mode='bridged'
+uci commit netmode
+service netmode restart
+```
+
+**Advanced Configuration Examples**:
+```bash
+# Multiple VLANs as separate bridges
+uci set netmode.global.mode='bridged'
+uci set netmode.@supported_args[0].value='lan100,lan200'      # interface_names
+uci set netmode.@supported_args[1].value='tagged:100,tagged:200'  # interface_types
+uci set netmode.@supported_args[2].value='LAN1-LAN2,LAN3-LAN4'    # ports
+uci commit netmode
+service netmode restart
+
+# Standalone VLAN interface (no bridge)
+uci set netmode.global.mode='bridged'
+uci set netmode.@supported_args[0].value='wan'
+uci set netmode.@supported_args[1].value='direct:2501'  # Direct VLAN interface
+uci set netmode.@supported_args[2].value='WAN'
+uci commit netmode
+service netmode restart
+```
+
+**Important Notes**:
+- Device will obtain IP from upstream router/ISP
+- Web interface may be inaccessible until device gets IP
+- To access device: connect directly and check DHCP leases on upstream router
+- Device will reboot after configuration
+- Use this mode carefully - you may lose access to the device
+- For advanced VLAN scenarios, see ADVANCED_BRIDGE_GUIDE.md
+
+**Parameter Naming Note**:
+As of version 1.1.11, parameters were renamed for clarity:
+- `bridge_names` → `interface_names` (old name still works)
+- `bridge_types` → `interface_types` (old name still works)
+
+**Reverting from Bridge Mode**:
+If you lose access, connect via serial console or perform factory reset.
+
+---
+
+## Configuration Methods
+
+### Method 1: UCI Command Line (SSH/Console)
+
+**Step-by-step procedure**:
+
+```bash
+# 1. Connect to device
+ssh root@192.168.1.1
+
+# 2. View current configuration
+uci show netmode
+
+# 3. Set desired mode
+uci set netmode.global.mode='routed-dhcp'
+
+# 4. Set any required parameters (example for PPPoE)
+uci set netmode.@supported_args[2].value='username@isp.com'
+uci set netmode.@supported_args[3].value='password123'
+
+# 5. Save configuration
+uci commit netmode
+
+# 6. Apply changes
+service netmode restart
+
+# 7. Monitor logs (optional)
+logread -f | grep netmode
+```
+
+### Method 2: TR-069/CWMP (Remote Management)
+
+If your device is managed by an ACS (Auto Configuration Server):
+
+**Get current mode**:
+```xml
+GetParameterValues
+  Device.X_IOWRT_EU_NetMode.Mode
+```
+
+**Set PPPoE mode**:
+```xml
+SetParameterValues
+  Device.X_IOWRT_EU_NetMode.Mode = "routed-pppoe"
+  Device.X_IOWRT_EU_NetMode.SupportedModes.2.SupportedArguments.1.Value = "username@isp.com"
+  Device.X_IOWRT_EU_NetMode.SupportedModes.2.SupportedArguments.2.Value = "password123"
+```
+
+**Trigger mode change**:
+```bash
+# On device (via TR-069 script)
+service netmode restart
+```
+
+### Method 3: Web Interface (if available)
+
+Some firmware may provide a web interface for netmode configuration.
+
+Typical location: **Network → WAN → Connection Type**
+
+---
+
+## Common Use Cases
+
+### Use Case 1: Switching from DHCP to PPPoE
+
+**Scenario**: ISP changed from cable to DSL connection
+
+```bash
+# 1. Connect to router
+ssh root@192.168.1.1
+
+# 2. Find username and password argument indices
+uci show netmode | grep -A3 "name='username'"
+# Note the index numbers
+
+# 3. Set mode and credentials
+uci set netmode.global.mode='routed-pppoe'
+uci set netmode.@supported_args[2].value='newuser@dsl-isp.com'
+uci set netmode.@supported_args[3].value='newpassword'
+
+# 4. If ISP requires VLAN (e.g., VLAN 7)
+uci set netmode.@supported_args[4].value='7'
+
+# 5. Apply
+uci commit netmode
+service netmode restart
+
+# Device will reboot
+```
+
+### Use Case 2: Adding Custom DNS Servers
+
+**Scenario**: Want to use Google DNS or Cloudflare DNS
+
+```bash
+# For DHCP mode
+uci set netmode.global.mode='routed-dhcp'
+
+# Find dns_servers argument index
+uci show netmode | grep -B2 "name='dns_servers'"
+
+# Set custom DNS (Google DNS example)
+uci set netmode.@supported_args[1].value='8.8.8.8,8.8.4.4'
+
+# Or Cloudflare DNS
+uci set netmode.@supported_args[1].value='1.1.1.1,1.0.0.1'
+
+# Apply
+uci commit netmode
+service netmode restart
+```
+
+### Use Case 3: Configuring VLAN for ISP
+
+**Scenario**: ISP requires VLAN tagging (common for fiber)
+
+```bash
+# Identify your mode (example: DHCP)
+uci set netmode.global.mode='routed-dhcp'
+
+# Find VLAN argument
+uci show netmode | grep -B2 "name='vlanid'"
+
+# Set VLAN ID (ISP will provide this, commonly 100, 7, or other)
+uci set netmode.@supported_args[0].value='100'
+
+# Apply
+uci commit netmode
+service netmode restart
+```
+
+### Use Case 4: Setting Up Bridge Mode for Secondary Router
+
+**Scenario**: Using dedicated router behind ISP modem
+
+```bash
+# Configure device as bridge
+uci set netmode.global.mode='bridged'
+uci commit netmode
+service netmode restart
+
+# After reboot, device will be in bridge mode
+# Connect to it via the IP it receives from upstream
+```
+
+### Use Case 5: Business Static IP Setup
+
+**Scenario**: ISP provided static IP configuration
+
+**ISP Information**:
+- IP Address: 203.0.113.10
+- Subnet Mask: 255.255.255.248
+- Gateway: 203.0.113.9
+- DNS: 203.0.113.1, 203.0.113.2
+
+```bash
+# Set mode
+uci set netmode.global.mode='routed-static'
+
+# Configure IP settings (find argument indices first)
+uci show netmode | grep -B2 "name='ipaddr'"
+uci show netmode | grep -B2 "name='netmask'"
+uci show netmode | grep -B2 "name='gateway'"
+
+# Set values
+uci set netmode.@supported_args[6].value='203.0.113.10'
+uci set netmode.@supported_args[7].value='255.255.255.248'
+uci set netmode.@supported_args[8].value='203.0.113.9'
+uci set netmode.@supported_args[9].value='203.0.113.1,203.0.113.2'
+
+# Apply
+uci commit netmode
+service netmode restart
+```
+
+---
+
+## Troubleshooting
+
+### Problem: No Internet After Mode Switch
+
+**Symptoms**:
+- Cannot access websites
+- No WAN IP address
+- Local network works but no internet
+
+**Diagnosis**:
+```bash
+# Check WAN interface status
+ifconfig wan
+
+# Check if WAN has IP
+ip addr show wan
+
+# Check routing table
+ip route
+
+# Check DNS resolution
+nslookup google.com
+
+# Check mode applied correctly
+cat /etc/netmodes/.last_mode
+uci show netmode.global.mode
+```
+
+**Solutions**:
+
+1. **For DHCP mode**:
+   ```bash
+   # Restart network
+   /etc/init.d/network restart
+
+   # Release and renew DHCP
+   udhcpc -i wan -n
+   ```
+
+2. **For PPPoE mode**:
+   ```bash
+   # Check credentials
+   uci show network.wan.username
+   uci show network.wan.password
+
+   # Check PPPoE connection
+   logread | grep pppd
+
+   # Restart PPPoE
+   ifdown wan
+   ifup wan
+   ```
+
+3. **For Static IP mode**:
+   ```bash
+   # Verify settings
+   uci show network.wan
+
+   # Check if gateway is reachable
+   ping -c 3 $(uci get network.wan.gateway)
+   ```
+
+### Problem: Cannot Access Router After Mode Change
+
+**Symptoms**:
+- Cannot reach router web interface
+- Cannot SSH to router
+- Router appears offline
+
+**Solutions**:
+
+1. **Check router IP address**:
+   - Routed modes: Router should be at `192.168.1.1`
+   - Bridged mode: Router gets IP from upstream device
+
+2. **For bridged mode**:
+   ```bash
+   # Connect to upstream router
+   # Check DHCP leases for your device MAC address
+   # Or connect via serial console
+   ```
+
+3. **Factory reset** (last resort):
+   - Hold reset button for 10 seconds
+   - Device will reset to default configuration
+
+### Problem: Mode Not Switching
+
+**Symptoms**:
+- `.last_mode` not updated
+- Old configuration still active
+- No changes after restart
+
+**Diagnosis**:
+```bash
+# Check if netmode is enabled
+uci get netmode.global.enabled
+
+# Check logs
+logread | grep netmode
+
+# Check if mode exists
+ls /etc/netmodes/*/scripts/
+```
+
+**Solutions**:
+```bash
+# Enable netmode if disabled
+uci set netmode.global.enabled='1'
+uci commit netmode
+
+# Force mode change by removing last_mode
+rm /etc/netmodes/.last_mode
+service netmode restart
+```
+
+### Problem: PPPoE Authentication Failure
+
+**Symptoms**:
+- WAN interface shows "connecting" but never connects
+- Logs show authentication errors
+
+**Diagnosis**:
+```bash
+# Check PPPoE logs
+logread | grep ppp
+
+# Common errors:
+# - "authentication failed"
+# - "LCP timeout"
+# - "CHAP authentication failed"
+```
+
+**Solutions**:
+```bash
+# Verify credentials (double-check with ISP)
+uci show network.wan.username
+uci show network.wan.password
+
+# Some ISPs require VLAN tagging
+uci set netmode.@supported_args[4].value='7'  # or ISP-specific VLAN
+uci commit netmode
+service netmode restart
+
+# Check if service name is required (rare)
+uci set network.wan.service='ISP-SERVICE-NAME'
+uci commit network
+```
+
+### Problem: Slow Internet After Mode Switch
+
+**Symptoms**:
+- Internet works but very slow
+- High latency
+
+**Solutions**:
+
+1. **Check MTU settings** (especially for PPPoE):
+   ```bash
+   # Set MTU for PPPoE
+   uci set netmode.@supported_args[5].value='1492'
+   uci commit netmode
+   service netmode restart
+   ```
+
+2. **Check for DNS issues**:
+   ```bash
+   # Test DNS resolution speed
+   time nslookup google.com
+
+   # Use faster DNS
+   uci set netmode.@supported_args[X].value='1.1.1.1,1.0.0.1'
+   uci commit netmode
+   service netmode restart
+   ```
+
+3. **Check WAN speed**:
+   ```bash
+   # Install iperf3 and test
+   opkg update
+   opkg install iperf3
+   ```
+
+---
+
+## FAQ
+
+### General Questions
+
+**Q: Will I lose my configuration when switching modes?**
+
+A: Netmode preserves most router settings (WiFi, firewall rules, etc.), but WAN-specific settings are reconfigured. Local network settings remain unchanged.
+
+**Q: How long does a mode switch take?**
+
+A: The mode switch itself takes a few seconds, but the device will reboot, which takes 1-2 minutes total.
+
+**Q: Can I switch modes remotely?**
+
+A: Yes, via SSH or TR-069/USP if configured. However, be careful with bridge mode as you may lose connectivity.
+
+**Q: Do I need to reboot manually?**
+
+A: No, the system automatically reboots after applying a new mode.
+
+**Q: Can I schedule a mode switch?**
+
+A: Yes, using cron:
+```bash
+# Switch to bridged mode at 2 AM
+echo "0 2 * * * uci set netmode.global.mode='bridged' && uci commit && service netmode restart" | crontab -
+```
+
+### Mode-Specific Questions
+
+**Q: Which mode should I use?**
+
+A: Depends on your ISP:
+- Cable/Fiber without login: **routed-dhcp**
+- DSL with username/password: **routed-pppoe**
+- Static IP business connection: **routed-static**
+- Using as bridge only: **bridged**
+
+**Q: Can I use PPPoE with VLAN?**
+
+A: Yes, set both the mode and VLAN ID:
+```bash
+uci set netmode.global.mode='routed-pppoe'
+uci set netmode.@supported_args[4].value='100'
+```
+
+**Q: What's the difference between routed and bridged mode?**
+
+A:
+- **Routed modes**: Router performs NAT, runs firewall, provides DHCP to local network
+- **Bridged mode**: Router acts as transparent bridge, no NAT, no firewall, no DHCP
+
+**Q: Can I customize the LAN IP in routed modes?**
+
+A: Yes, but not through netmode. After mode switch, manually configure:
+```bash
+uci set network.lan.ipaddr='192.168.2.1'
+uci commit network
+/etc/init.d/network restart
+```
+
+### Technical Questions
+
+**Q: Where are my credentials stored?**
+
+A: In `/etc/config/netmode` (UCI configuration). They are cleared from memory after mode application for security.
+
+**Q: Can I create custom modes?**
+
+A: Yes, advanced users can create custom modes. See the IMPLEMENTATION_GUIDE.md and DEVELOPER_GUIDE.md.
+
+**Q: Does netmode support IPv6?**
+
+A: Yes, routed-dhcp and routed-pppoe modes support IPv6 (DHCPv6).
+
+**Q: What happens to firewall rules?**
+
+A: Firewall is enabled for routed modes and disabled for bridged mode. Custom rules are preserved.
+
+**Q: Can I use multiple WAN connections?**
+
+A: Netmode manages the primary WAN. For multi-WAN setups, configure secondary WANs manually after netmode configuration.
+
+---
+
+## Glossary
+
+**Bridge Mode**: Operating mode where the router acts as a transparent network bridge without routing or NAT.
+
+**DHCP (Dynamic Host Configuration Protocol)**: Automatic IP address assignment protocol.
+
+**DMZ (Demilitarized Zone)**: Network segment that sits between internal network and external network.
+
+**DNS (Domain Name System)**: Service that translates domain names to IP addresses.
+
+**Gateway**: Router IP address that connects local network to the internet.
+
+**ISP (Internet Service Provider)**: Company providing internet access.
+
+**LAN (Local Area Network)**: Internal network (devices in your home/office).
+
+**MTU (Maximum Transmission Unit)**: Largest packet size that can be transmitted. PPPoE typically uses 1492.
+
+**NAT (Network Address Translation)**: Technology allowing multiple devices to share one public IP address.
+
+**PPPoE (Point-to-Point Protocol over Ethernet)**: Authentication protocol commonly used for DSL connections.
+
+**Static IP**: Fixed IP address that doesn't change (opposite of DHCP).
+
+**Subnet Mask**: Defines the network portion of an IP address (e.g., 255.255.255.0).
+
+**TR-069/CWMP**: Remote management protocol for network devices.
+
+**UCI (Unified Configuration Interface)**: OpenWrt configuration system.
+
+**USP (User Services Platform)**: Next-generation device management protocol.
+
+**VLAN (Virtual LAN)**: Network segmentation using VLAN tags (802.1Q).
+
+**WAN (Wide Area Network)**: External network connection (internet).
+
+---
+
+## Getting Help
+
+### Log Collection
+
+When reporting issues, collect these logs:
+
+```bash
+# System logs
+logread > /tmp/system.log
+
+# Network configuration
+uci export network > /tmp/network.conf
+uci export netmode > /tmp/netmode.conf
+
+# Interface status
+ifconfig > /tmp/interfaces.txt
+ip route > /tmp/routes.txt
+
+# Copy to external system
+scp /tmp/*.{log,conf,txt} user@external-host:/path/
+```
+
+### Support Resources
+
+- **Documentation**: Check IMPLEMENTATION_GUIDE.md and DEVELOPER_GUIDE.md
+- **Community Forums**: OpenWrt and iopsys community forums
+- **Issue Tracker**: Report bugs to iopsys development team
+- **ISP Support**: Contact ISP for connection-specific parameters (VLAN, credentials, etc.)
+
+### Before Contacting Support
+
+Please have ready:
+1. Current mode: `cat /etc/netmodes/.last_mode`
+2. Netmode version: `opkg info netmode | grep Version`
+3. Error logs: `logread | grep netmode`
+4. Network configuration: `uci export netmode`
+5. What you're trying to achieve
+6. What you've already tried
+
+---
+
+## Quick Reference Card
+
+### Common Commands
+
+```bash
+# View current mode
+cat /etc/netmodes/.last_mode
+
+# List available modes
+uci show netmode | grep "supported_modes.*name"
+
+# Switch to DHCP
+uci set netmode.global.mode='routed-dhcp'
+uci commit netmode && service netmode restart
+
+# Switch to PPPoE
+uci set netmode.global.mode='routed-pppoe'
+uci set netmode.@supported_args[2].value='username'
+uci set netmode.@supported_args[3].value='password'
+uci commit netmode && service netmode restart
+
+# Switch to Bridge
+uci set netmode.global.mode='bridged'
+uci commit netmode && service netmode restart
+
+# View logs
+logread | grep netmode
+
+# Reset to last mode
+rm /etc/netmodes/.last_mode
+service netmode restart
+```
+
+### Emergency Recovery
+
+```bash
+# If locked out after bridge mode
+# Connect via serial console and run:
+uci set netmode.global.mode='routed-dhcp'
+uci commit netmode
+service netmode restart
+
+# Factory reset (hold reset button 10 seconds)
+# Or via console:
+firstboot -y && reboot
+```
+
+---
+
+**Document Version**: 1.0
+**Package Version**: 1.1.11
+**Last Updated**: 2024
+**License**: GPL-2.0-only

netmode/docs/VALIDATION_AND_ERROR_HANDLING.md

@@ -0,0 +1,294 @@
+# Advanced Mode - Validation and Error Handling
+
+## Overview
+
+The advanced mode includes comprehensive input validation and error handling to ensure configuration correctness and provide helpful error messages when issues occur.
+
+## Validation Functions
+
+### 1. VLAN ID Validation
+
+**Function**: `validate_vlan_id()`
+
+**Validates**:
+- VLAN ID is a number
+- VLAN ID is in valid range (1-4094)
+
+**Example Error**:
+```
+ERROR: VLAN ID in type 'bridge:tagged:5000' out of range (must be 1-4094): 5000
+```
+
+### 2. MAC Address Validation
+
+**Function**: `validate_mac_address()`
+
+**Validates**:
+- MAC address format (XX:XX:XX:XX:XX:XX)
+- MAC address macros (BaseMACAddress, BaseMACAddressPNN)
+- Hexadecimal characters only
+
+**Example Errors**:
+```
+ERROR: Invalid MAC address format: 'ZZ:BB:CC:DD:EE:FF' (expected XX:XX:XX:XX:XX:XX)
+ERROR: Invalid MAC macro format: 'BaseMACAddressP' (expected BaseMACAddressPNN)
+```
+
+### 3. Interface Name Validation
+
+**Function**: `validate_interface_name()`
+
+**Validates**:
+- Interface name is not empty
+- Only alphanumeric characters and underscore allowed
+- Reserved names not used (loopback, lo, globals)
+
+**Example Errors**:
+```
+ERROR: Interface name 'wan-interface' invalid (only alphanumeric and underscore allowed)
+ERROR: Interface name 'loopback' is reserved
+```
+
+### 4. Port Specification Validation
+
+**Function**: `validate_port_spec()`
+
+**Validates**:
+- Port specification is not empty
+- Valid port identifiers (LAN1-8, WAN, or interface names)
+- Format is correct (dash-separated)
+
+**Example Error**:
+```
+ERROR: Invalid port identifier in 'LAN1-LAN9-WAN': 'LAN9'
+```
+
+### 5. Interface Type Validation
+
+**Function**: `validate_interface_type()`
+
+**Validates**:
+- Interface type syntax is correct
+- VLAN IDs in types are valid
+- MAC addresses in types are valid
+- Type is recognized
+
+**Example Errors**:
+```
+ERROR: Unknown interface type: 'bridge:unknown:100'
+Valid types: bridge:transparent, bridge:tagged:VID, brvlan:wan-tagged:VID, route:vlan:VID, route:macvlan:MAC, direct:VID
+
+ERROR: VLAN ID in type 'route:vlan:9999' out of range (must be 1-4094): 9999
+```
+
+## Configuration Validation
+
+### Parameter Count Matching
+
+The system validates that all configuration parameters have matching element counts:
+
+```bash
+# This is VALID (3 interfaces, 3 types, 3 port lists)
+interface_names='wan,iptv,voip'
+interface_types='route:vlan:100,route:vlan:200,route:vlan:300'
+ports='WAN,WAN,WAN'
+
+# This is INVALID (3 interfaces but only 2 types)
+interface_names='wan,iptv,voip'
+interface_types='route:vlan:100,route:vlan:200'  # ERROR!
+ports='WAN,WAN,WAN'
+```
+
+**Error Message**:
+```
+ERROR: Number of interface names (3) does not match number of interface types (2)
+interface_names: wan,iptv,voip
+interface_types: route:vlan:100,route:vlan:200
+```
+
+### MAC Address Count Warning
+
+If MAC addresses are provided but don't match interface count, a warning is issued:
+
+```
+WARNING: Number of MAC addresses (2) does not match number of interfaces (3)
+Some interfaces will use default MAC addresses
+```
+
+## Error Handling
+
+### MAC Address Operations
+
+#### Base MAC Not Found
+```
+WARNING: Base MAC address not found or invalid, using default
+```
+
+#### MAC Increment Overflow
+```
+WARNING: MAC address overflow after increment, wrapping around
+```
+
+#### Invalid Increment Value
+```
+ERROR: MAC increment must be a number: 'ABC'
+```
+
+### Port Resolution
+
+#### WAN Port Not Found
+```
+ERROR: WAN port not found in board.json or UCI
+```
+
+### Validation Failure Behavior
+
+When validation fails:
+1. **Error is logged** to syslog with severity `user.err`
+2. **Configuration is aborted** - no changes are applied
+3. **Exit code 1** is returned
+4. **Helpful error message** indicates what went wrong
+
+## Debugging Validation Issues
+
+### View Validation Logs
+
+```bash
+# Check recent netmode logs
+logread | grep netmode-advanced
+
+# Filter for errors only
+logread | grep -E "netmode-advanced.*ERROR"
+
+# Watch logs in real-time
+logread -f | grep netmode-advanced
+```
+
+### Common Validation Errors
+
+#### 1. Mismatched Parameter Counts
+
+**Problem**:
+```bash
+uci set netmode.mode_4_supprted_args_1.value='wan,iptv'
+uci set netmode.mode_4_supprted_args_2.value='bridge:transparent'  # Only 1!
+uci set netmode.mode_4_supprted_args_3.value='ALL,LAN1-LAN2-WAN'
+```
+
+**Solution**: Ensure all parameters have same number of comma-separated values:
+```bash
+uci set netmode.mode_4_supprted_args_2.value='bridge:transparent,brvlan:wan-tagged:100'
+```
+
+#### 2. Invalid VLAN ID
+
+**Problem**:
+```bash
+uci set netmode.mode_4_supprted_args_2.value='bridge:tagged:5000'  # > 4094
+```
+
+**Solution**: Use valid VLAN ID (1-4094):
+```bash
+uci set netmode.mode_4_supprted_args_2.value='bridge:tagged:100'
+```
+
+#### 3. Invalid MAC Address Format
+
+**Problem**:
+```bash
+uci set netmode.mode_4_supprted_args_4.value='AA-BB-CC-DD-EE-FF'  # Wrong separator
+```
+
+**Solution**: Use colon separator:
+```bash
+uci set netmode.mode_4_supprted_args_4.value='AA:BB:CC:DD:EE:FF'
+```
+
+#### 4. Invalid Interface Name
+
+**Problem**:
+```bash
+uci set netmode.mode_4_supprted_args_1.value='wan-interface'  # Dash not allowed
+```
+
+**Solution**: Use underscore instead:
+```bash
+uci set netmode.mode_4_supprted_args_1.value='wan_interface'
+```
+
+#### 5. Invalid Port Specification
+
+**Problem**:
+```bash
+uci set netmode.mode_4_supprted_args_3.value='LAN1,LAN2'  # Wrong separator
+```
+
+**Solution**: Use dash separator:
+```bash
+uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2'
+```
+
+## Testing Validation
+
+### Test Invalid VLAN ID
+```bash
+uci set netmode.mode_4_supprted_args_1.value='test'
+uci set netmode.mode_4_supprted_args_2.value='bridge:tagged:9999'
+uci set netmode.mode_4_supprted_args_3.value='ALL'
+uci commit netmode && service netmode restart
+
+# Check logs
+logread | tail -20 | grep netmode-advanced
+# Should show: ERROR: VLAN ID in type 'bridge:tagged:9999' out of range (must be 1-4094): 9999
+```
+
+### Test Mismatched Counts
+```bash
+uci set netmode.mode_4_supprted_args_1.value='wan,iptv,voip'
+uci set netmode.mode_4_supprted_args_2.value='route:vlan:100,route:vlan:200'  # Only 2!
+uci set netmode.mode_4_supprted_args_3.value='WAN,WAN,WAN'
+uci commit netmode && service netmode restart
+
+# Check logs
+logread | tail -20 | grep netmode-advanced
+# Should show: ERROR: Number of interface names (3) does not match number of interface types (2)
+```
+
+### Test Invalid MAC Address
+```bash
+uci set netmode.mode_4_supprted_args_4.value='INVALID-MAC'
+uci commit netmode && service netmode restart
+
+# Check logs
+logread | tail -20 | grep netmode-advanced
+# Should show: ERROR: Invalid MAC address format: 'INVALID-MAC' (expected XX:XX:XX:XX:XX:XX)
+```
+
+## Best Practices
+
+1. **Always check logs** after configuration changes
+2. **Test configurations** in a development environment first
+3. **Use validation** to catch errors early
+4. **Read error messages** - they indicate exactly what's wrong
+5. **Keep backup** of working configuration
+
+## Exit Codes
+
+| Exit Code | Meaning |
+|-----------|---------|
+| 0 | Success - configuration applied |
+| 1 | Failure - validation error or configuration error |
+
+## Integration with Management Systems
+
+When using TR-181 or other management systems:
+
+1. **Check exit code** of netmode service
+2. **Parse error logs** to provide user feedback
+3. **Validate before applying** using the same validation rules
+4. **Provide helpful error messages** to end users
+
+---
+
+**Document Version**: 1.0
+**Last Updated**: 2025-12-13

netmode/files/etc/init.d/netmode

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=10
+START=11
 USE_PROCD=1
 
 . /lib/functions.sh
@@ -87,51 +87,84 @@ configure_env_vars() {
 	config_foreach _set_env_args supported_args
 }
 
-cleanup_arg_values() {
-	local dm_parent
-
-	config_get dm_parent ${1} dm_parent ""
-	if [ "${dm_parent}" = "${SUPP_MODES_SEC}" ]; then
-		uci -q set netmode.${1}.value=""
-	fi
-}
-
 cleanup_env_vars() {
 	for e in $(env); do
 		if echo ${e} |grep -q "^NETMODE_"; then
 			unset ${e}
 		fi
 	done
-
-	if [ -n "${SUPP_MODES_SEC}" ]; then
-		config_load "netmode"
-		config_foreach cleanup_arg_values supported_args
-		uci commit netmode
-	fi
 }
 
 start_service() {
-	[ -f /etc/config/netmode ] || return
+	if [ ! -f /etc/config/netmode ]; then
+		_log "/etc/config/netmode not found, returning"
+		return
+	fi
 
 	config_load netmode
 	config_get_bool enabled global enabled '0'
-	[ $enabled -eq 0 ] && return
+
+	if [ "$enabled" -eq 0 ]; then
+		_log "netmode service disabled, returning"
+		return
+	fi
+
+	[ -d $MODEDIR ] || mkdir -p $MODEDIR
 
 	# Get the desired netmode from config
 	config_get mode global mode ""
+
 	# Check if netmode is set as boot environment parameter
-	[ -n "$mode" ] || mode="$(fw_printenv -n netmode 2>/dev/null)"
+	if [ -z "$mode" ]; then
+		_log "mode not set in UCI, checking bootenv"
+		mode="$(fw_printenv -n netmode 2>/dev/null)"
+	fi
+
 	# Return if mode is not set
-	[ -n "$mode" ] || return
+	if [ -z "$mode" ]; then
+		_log "mode still empty, returning"
+		return
+	fi
 
-	# Get the last saved mode
-	lastmode="$(cat $MODEDIR/.last_mode 2>/dev/null)"
-	# Return if desired mode is same as last saved mode
-	[ "$mode" == "$lastmode" ] && return
 
-	_log "Switching to [${mode}] Mode" >/dev/console
+	# Build configuration signature from UCI values directly
+	# This ensures parameter changes trigger reconfiguration
+	SUPP_MODES_SEC=""
+	config_foreach _get_modes_sec_name supported_modes "${mode}"
 
-	# Configure env variables
+	local config_signature="${mode}"
+	if [ -n "${SUPP_MODES_SEC}" ]; then
+		# Get all arguments for this mode, sorted by section name for consistency
+		for arg_sec in $(uci show netmode | grep "=supported_args" | cut -d'.' -f2 | cut -d'=' -f1 | sort); do
+			local dm_parent=$(uci -q get "netmode.${arg_sec}.dm_parent")
+			if [ "${dm_parent}" = "${SUPP_MODES_SEC}" ]; then
+				local arg_name=$(uci -q get "netmode.${arg_sec}.name")
+				local arg_value=$(uci -q get "netmode.${arg_sec}.value")
+				if [ -n "${arg_name}" -a -n "${arg_value}" ]; then
+					config_signature="${config_signature}:${arg_name}=${arg_value}"
+				fi
+			fi
+		done
+	else
+		_log "Could not find supported mode section"
+	fi
+
+	# Get the last saved configuration signature
+	local last_config_signature="$(cat $MODEDIR/.last_mode 2>/dev/null)"
+
+	# Return if configuration hasn't changed
+	if [ "${config_signature}" = "${last_config_signature}" ]; then
+		_log "Not reconfiguring, configuration unchanged"
+		return
+	fi
+
+	_log "Configuration changed, applying [${mode}] mode"
+	if [ -n "${last_config_signature}" ]; then
+		_log "Previous config: ${last_config_signature}"
+	fi
+	_log "Current config: ${config_signature}"
+
+	# Configure env variables (needed by mode scripts)
 	configure_env_vars ${mode}
 	# Execute netmode generic pre-mode-switch scripts
 	libnetmode_exec "pre"
@@ -146,21 +179,33 @@ start_service() {
 	libnetmode_exec
 
 	# Execute mode specific scripts
+	local script_exit_code=0
 	if [ -d $MODEDIR/$mode/scripts ]; then
-		_log "Executing $MODEDIR/$mode/scripts/* scripts"
 		for script in $(ls $MODEDIR/$mode/scripts/); do
+			_log "Executing [${mode}], script [${script}]"
 			sh $MODEDIR/$mode/scripts/$script
+			script_exit_code=$?
+			if [ $script_exit_code -ne 0 ]; then
+				_log "ERROR: Mode script [${script}] failed with exit code ${script_exit_code}"
+				break
+			fi
 		done
 	fi
 
-	# Execute netmode generic post-mode-switch scripts
-	libnetmode_exec "post"
-	cleanup_env_vars "${mode}"
+	# Only save configuration if scripts succeeded
+	if [ $script_exit_code -eq 0 ]; then
+		# Save configuration signature as last mode
+		echo "$config_signature" > $MODEDIR/.last_mode
+		_log "Switching to Mode [${mode}] done, configuration saved"
 
-	# Save mode as last mode
-	[ -d $MODEDIR ] || mkdir -p $MODEDIR
-	echo "$mode" > $MODEDIR/.last_mode
-	_log "Switching to Mode [${mode}] done, last mode updated" >/dev/console
+		# Execute netmode generic post-mode-switch scripts
+		libnetmode_exec "post"
+	else
+		_log "ERROR: Mode switch to [${mode}] FAILED - configuration NOT saved"
+		_log "The system will retry on next netmode restart"
+	fi
+
+	cleanup_env_vars "${mode}"
 }
 
 service_triggers()

netmode/files/etc/netmodes/advanced/scripts/10-advanced

@@ -0,0 +1,577 @@
+#!/bin/sh
+#
+# Advanced Mode Script
+# Unified configuration for bridges, routed interfaces, and standalone interfaces
+# Replaces: bridged mode and routed-multi-service mode
+#
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+. /lib/netmode/advanced_helper.sh
+
+[ -f /etc/device_info ] && source "/etc/device_info"
+
+_log() {
+	logger -s -p user.info -t "netmode-advanced" "$*"
+}
+
+IPTV_IFACES=""
+MGMT_IFACES=""
+INET_IFACES=""
+IPTV_DEVS=""
+WAN_PORT=""
+MACVLAN_PRESENT=0
+BRIDGE_VLAN_PRESENT=0
+
+#
+# Main Interface Configuration
+#
+configure_interfaces() {
+	_log "Starting advanced interface configuration"
+
+	# Get configuration from environment variables
+	local interface_names="${NETMODE_interface_names:-wan}"
+	local interface_types="${NETMODE_interface_types:-bridge:transparent}"
+	local ports="${NETMODE_ports:-ALL}"
+	local mac_addrs="${NETMODE_macaddrs:-}"
+
+	_log "Interface names: $interface_names"
+	_log "Interface types: $interface_types"
+	_log "Ports: $ports"
+	_log "MAC addresses: $mac_addrs"
+
+	# Validate configuration before proceeding
+	_log "Validating configuration..."
+
+	# Count elements in each parameter
+	local name_count=$(echo "$interface_names" | tr ',' '\n' | wc -l)
+	local type_count=$(echo "$interface_types" | tr ',' '\n' | wc -l)
+	local port_count=$(echo "$ports" | tr ',' '\n' | wc -l)
+	local mac_count=0
+	[ -n "$mac_addrs" ] && mac_count=$(echo "$mac_addrs" | tr ',' '\n' | wc -l)
+
+	_log "Element counts: names=$name_count, types=$type_count, ports=$port_count, macs=$mac_count"
+
+	# Validate counts match
+	if [ "$name_count" != "$type_count" ]; then
+		_log "ERROR: Number of interface names ($name_count) does not match number of interface types ($type_count)"
+		_log "interface_names: $interface_names"
+		_log "interface_types: $interface_types"
+		return 1
+	fi
+
+	if [ "$name_count" != "$port_count" ]; then
+		_log "ERROR: Number of interface names ($name_count) does not match number of ports ($port_count)"
+		_log "interface_names: $interface_names"
+		_log "ports: $ports"
+		return 1
+	fi
+
+	if [ "$mac_count" -gt 0 -a "$mac_count" != "$name_count" ]; then
+		_log "WARNING: Number of MAC addresses ($mac_count) does not match number of interfaces ($name_count)"
+		_log "Some interfaces will use default MAC addresses"
+	fi
+
+	# Validate each parameter
+	local idx=1
+	local OLD_IFS="$IFS"
+	IFS=','
+
+	for name in $interface_names; do
+		validate_interface_name "$name" || {
+			IFS="$OLD_IFS"
+			return 1
+		}
+	done
+
+	for type in $interface_types; do
+		validate_interface_type "$type" || {
+			IFS="$OLD_IFS"
+			return 1
+		}
+	done
+
+	for port_spec in $ports; do
+		validate_port_spec "$port_spec" || {
+			IFS="$OLD_IFS"
+			return 1
+		}
+	done
+
+	if [ -n "$mac_addrs" ]; then
+		for mac in $mac_addrs; do
+			validate_mac_address "$mac" "1" || {
+				IFS="$OLD_IFS"
+				return 1
+			}
+		done
+	fi
+
+	IFS="$OLD_IFS"
+
+	_log "Configuration validation passed"
+
+	# Clean up existing configuration
+	cleanup_interfaces
+
+	# Split comma-separated values into arrays
+	local names_arr=""
+	local types_arr=""
+	local ports_arr=""
+	local macs_arr=""
+
+	# Save and set IFS for comma splitting
+	local OLD_IFS="$IFS"
+	IFS=','
+
+	for name in $interface_names; do
+		names_arr="$names_arr $name"
+	done
+
+	for type in $interface_types; do
+		types_arr="$types_arr $type"
+	done
+
+	for port_spec in $ports; do
+		ports_arr="$ports_arr $port_spec"
+	done
+
+	for mac in $mac_addrs; do
+		macs_arr="$macs_arr $mac"
+	done
+
+	# Restore IFS
+	IFS="$OLD_IFS"
+
+	# Convert to arrays for indexing
+	set -- $names_arr
+	local total_interfaces=$#
+
+	_log "Total interfaces to create: $total_interfaces"
+
+	# Get WAN port for routed interfaces
+	local wan_port=$(get_wan_port)
+	WAN_PORT="$wan_port"
+	_log "WAN port: $WAN_PORT"
+
+	# Create each interface
+	local idx=1
+	for if_name in $names_arr; do
+		# Get corresponding type, ports, and MAC address
+		local type_idx=$idx
+		local ports_idx=$idx
+		local mac_idx=$idx
+
+		set -- $types_arr
+		shift $((type_idx - 1))
+		local if_type="${1:-bridge:transparent}"
+
+		set -- $ports_arr
+		shift $((ports_idx - 1))
+		local port_list="${1:-ALL}"
+
+		set -- $macs_arr
+		shift $((mac_idx - 1))
+		local if_mac="${1:-}"
+
+		_log "Creating interface $idx/$total_interfaces: name=$if_name, type=$if_type, ports=$port_list, mac=$if_mac"
+
+		# Parse interface type
+		parse_interface_type "$if_type"
+
+		local mode="$PARSE_MODE"
+		local vlan_type="$PARSE_VLAN_TYPE"
+		local cvid="$PARSE_CVID"
+		local svid="$PARSE_SVID"
+		local mac_addr="$PARSE_MAC_ADDR"
+		local proto="$PARSE_PROTO"
+		local disabled="$PARSE_DISABLED"
+		local purpose="$PARSE_PURPOSE"
+
+		if [ "$purpose" = "iptv" ]; then
+			IPTV_IFACES="$IPTV_IFACES $if_name"
+		elif [ "$purpose" = "inet" ]; then
+			INET_IFACES="$INET_IFACES $if_name"
+		elif [ "$purpose" = "mgmt" ]; then
+			MGMT_IFACES="$MGMT_IFACES $if_name"
+		fi
+
+		if [ "$vlan_type" = "macvlan" ] && [ "$mac_count" -gt 0 ]; then
+			MACVLAN_PRESENT=1
+		fi
+
+		_log "Parsed: mode=$mode, vlan_type=$vlan_type, cvid=$cvid, svid=$svid, mac=$mac_addr, proto=$proto, purpose=$purpose"
+
+		case "$mode" in
+			bridge)
+				# Create bridge using helper function
+				create_bridge "$if_name" "$if_type" "$port_list" "$if_mac"
+				;;
+
+			brvlan)
+				# Create bridge with VLAN filtering
+				BRIDGE_VLAN_PRESENT=1
+				create_bridge_vlan_filtering "$if_name" "$if_type" "$port_list" "$if_mac"
+				;;
+
+			device-ref)
+				# Create interface that references device from another interface
+				# cvid contains the reference interface name
+				local ref_if_name="$cvid"
+				local ref_device=$(uci -q get "network.${ref_if_name}.device")
+
+				if [ -z "$ref_device" ]; then
+					_log "ERROR: Reference interface '$ref_if_name' not found or has no device"
+					exit 1
+				fi
+
+				_log "Creating interface $if_name referencing device $ref_device from interface $ref_if_name"
+
+				# Create interface using the same device as reference interface
+				uci -q delete "network.${if_name}"
+				uci -q set "network.${if_name}=interface"
+				uci -q set "network.${if_name}.proto=${proto}"
+				uci -q set "network.${if_name}.device=${ref_device}"
+
+				# Set MAC address if provided
+				if [ -n "$if_mac" ]; then
+					local resolved_mac=$(resolve_mac_address "$if_mac")
+					uci -q set "network.${if_name}.macaddr=${resolved_mac}"
+					_log "Setting MAC address: $if_mac -> $resolved_mac"
+				fi
+
+				[ "$disabled" = "1" ] && uci -q set "network.${if_name}.disabled=1"
+				;;
+
+			route)
+				# Create routed interface
+				port_list="${port_list//:u/}"
+				local base_device=""
+				if [ "$port_list" = "WAN" -o "$port_list" = "wan" ]; then
+					base_device="$wan_port"
+				else
+					# Use first port from list
+					local actual_ports=$(parse_port_list "$port_list")
+					base_device=$(echo "$actual_ports" | awk '{print $1}')
+				fi
+
+				create_routed_interface "$if_name" "$vlan_type" "$cvid" "$mac_addr" "$proto" "$base_device" "$disabled" "$purpose"
+				;;
+
+			direct)
+				# Create standalone VLAN interface
+				port_list="${port_list//:u/}"
+				local base_device=""
+				if [ "$port_list" = "WAN" -o "$port_list" = "wan" ]; then
+					base_device="$wan_port"
+				else
+					local actual_ports=$(parse_port_list "$port_list")
+					base_device=$(echo "$actual_ports" | awk '{print $1}')
+				fi
+
+				create_standalone_interface "$if_name" "$cvid" "$proto" "$base_device" "$disabled" "$if_mac"
+				;;
+		esac
+
+		idx=$((idx + 1))
+	done
+
+	if [ "$BRIDGE_VLAN_PRESENT" -eq 1 ]; then
+		# create the shared bridge once with all collected ports from bridge-vlan interfaces
+		create_shared_bridge
+	fi
+
+	# Commit network changes
+	uci -q commit network
+
+	IPTV_IFACES="$(echo "$IPTV_IFACES" | xargs)"
+	INET_IFACES="$(echo "$INET_IFACES" | xargs)"
+	MGMT_IFACES="$(echo "$MGMT_IFACES" | xargs)"
+
+	_log "Interface configuration completed"
+}
+
+#
+# Configure L3 Multicast (Proxy)
+#
+configure_l3_mcast() {
+	_log "Configuring L3 multicast (Proxy) for $IPTV_DEVS"
+
+	# Remove proxy sections
+	uci -q delete mcast.igmp_proxy_1
+	uci -q delete mcast.mc_proxy_MLD
+	uci -q delete mcast.igmp_snooping_1
+	uci -q delete mcast.mld_snooping_1
+
+	IPTV_DEVS="$(echo "$IPTV_DEVS" | xargs | tr ' ' '\n' | sort -u)"
+
+	uci add mcast proxy
+	uci rename mcast.@proxy[-1]="mc_proxy_MLD"
+	uci set mcast.@proxy[-1].enable="1"
+	uci set mcast.@proxy[-1].proto="mld"
+	uci set mcast.@proxy[-1].version="2"
+	uci set mcast.@proxy[-1].robustness="2"
+	uci set mcast.@proxy[-1].query_interval="125"
+	uci set mcast.@proxy[-1].query_response_interval="100"
+	uci set mcast.@proxy[-1].last_member_query_interval="10"
+	uci set mcast.@proxy[-1].fast_leave="1"
+	uci set mcast.@proxy[-1].snooping_mode="2"
+	uci add_list mcast.@proxy[-1].downstream_interface="br-lan"
+
+	IFS=" "
+	for itf in $IPTV_DEVS; do
+		uci add_list mcast.@proxy[-1].upstream_interface="$itf"
+	done
+
+
+	uci add mcast proxy
+	uci rename mcast.@proxy[-1]="igmp_proxy_1"
+	uci set mcast.@proxy[-1].enable="1"
+	uci set mcast.@proxy[-1].proto="igmp"
+	uci set mcast.@proxy[-1].version="2"
+	uci set mcast.@proxy[-1].robustness="2"
+	uci set mcast.@proxy[-1].query_interval="125"
+	uci set mcast.@proxy[-1].query_response_interval="100"
+	uci set mcast.@proxy[-1].last_member_query_interval="10"
+	uci set mcast.@proxy[-1].fast_leave="1"
+	uci set mcast.@proxy[-1].snooping_mode="2"
+	uci add_list mcast.@proxy[-1].downstream_interface="br-lan"
+
+	IFS=" "
+	for itf in $IPTV_DEVS; do
+		uci add_list mcast.@proxy[-1].upstream_interface="$itf"
+	done
+
+	uci add_list mcast.@proxy[-1].filter="239.0.0.0/8"
+
+	uci -q commit mcast
+
+	_log "L3 multicast configuration complete"
+}
+
+#
+# Configure L2 Multicast (Snooping)
+#
+configure_l2_mcast() {
+	_log "Configuring L2 multicast (snooping)"
+	# Remove proxy sections
+	uci -q delete mcast.igmp_proxy_1
+	uci -q delete mcast.mc_proxy_MLD
+
+	# Get all bridge names from network UCI
+	local bridge_list=""
+	local bridge_names=""
+	local br_device=""
+
+	# Query all network sections and filter for bridge type
+	bridge_list=$(uci -q show network | grep "\.type='bridge'" | cut -d'.' -f2)
+
+	# Convert to space-separated list
+	for bridge in $bridge_list; do
+		br_device="$(uci -q get network.${bridge}.name)"
+		if [ -z "$bridge_names" ]; then
+			[ -n "$br_device" ] && bridge_names="$br_device"
+		else
+			[ -n "$br_device" ] && bridge_names="$bridge_names $br_device"
+		fi
+	done
+
+	if [ -z "$bridge_names" ]; then
+		_log "No bridges found for multicast configuration"
+		return
+	fi
+
+	_log "Found bridges: $bridge_names"
+
+	# Add IGMP snooping
+	uci -q set mcast.igmp_snooping_1=snooping
+	uci -q set mcast.igmp_snooping_1.enable='1'
+	uci -q set mcast.igmp_snooping_1.proto='igmp'
+	uci -q set mcast.igmp_snooping_1.version='2'
+	uci -q set mcast.igmp_snooping_1.robustness='2'
+	uci -q set mcast.igmp_snooping_1.query_interval='125'
+	uci -q set mcast.igmp_snooping_1.query_response_interval='100'
+	uci -q set mcast.igmp_snooping_1.last_member_query_interval='10'
+	uci -q set mcast.igmp_snooping_1.fast_leave='1'
+	uci -q set mcast.igmp_snooping_1.snooping_mode='2'
+	uci -q set mcast.igmp_snooping_1.interface="$bridge_names"
+	# to avoid multiple additions over the course of netmode reloads
+	uci -q del_list mcast.igmp_snooping_1.filter='239.0.0.0/8'
+	uci -q add_list mcast.igmp_snooping_1.filter='239.0.0.0/8'
+
+	# Add MLD snooping
+	uci -q set mcast.mld_snooping_1=snooping
+	uci -q set mcast.mld_snooping_1.enable='1'
+	uci -q set mcast.mld_snooping_1.proto='mld'
+	uci -q set mcast.mld_snooping_1.version='2'
+	uci -q set mcast.mld_snooping_1.robustness='2'
+	uci -q set mcast.mld_snooping_1.query_interval='125'
+	uci -q set mcast.mld_snooping_1.query_response_interval='100'
+	uci -q set mcast.mld_snooping_1.last_member_query_interval='10'
+	uci -q set mcast.mld_snooping_1.fast_leave='1'
+	uci -q set mcast.mld_snooping_1.snooping_mode='2'
+	uci -q set mcast.mld_snooping_1.interface="$bridge_names"
+
+	uci -q commit mcast
+	_log "L2 multicast configuration complete"
+}
+
+#
+# Configure DHCP
+#
+configure_dhcp() {
+	_log "Configuring DHCP"
+
+	# Check if we have any static interfaces (will be configured by post-hook)
+	local interface_names="${NETMODE_interface_names:-wan}"
+	local interface_types="${NETMODE_interface_types:-bridge:transparent}"
+	local has_static_lan=0
+
+	local OLD_IFS="$IFS"
+	IFS=','
+	local idx=1
+	for if_name in $interface_names; do
+		# Get corresponding type
+		local type_idx=$idx
+		set -- $interface_types
+		shift $((type_idx - 1))
+		local if_type="${1:-bridge:transparent}"
+
+		# Check if this is lan interface with static proto
+		if [ "$if_name" = "lan" ] && echo "$if_type" | grep -q -- '-static$'; then
+			has_static_lan=1
+			break
+		fi
+
+		idx=$((idx + 1))
+	done
+	IFS="$OLD_IFS"
+
+	uci -q get network.lan && has_static_lan="1"
+
+	if [ "$has_static_lan" = "1" ]; then
+		_log "LAN interface with static IP detected - DHCP server will be configured by post-hook"
+		# Don't disable DHCP for LAN, it will be configured by 15-static_lan.sh
+		# Only disable DHCP on WAN
+		uci -q set dhcp.wan.ignore=1 2>/dev/null
+		/etc/init.d/odhcpd enable
+	else
+		# Disable DHCP server on LAN (advanced mode without static LAN)
+		uci -q set dhcp.lan.ignore=1
+		# Disable DHCP on WAN if it exists
+		uci -q set dhcp.wan.ignore=1 2>/dev/null
+		/etc/init.d/odhcpd disable
+		_log "DHCP server disabled"
+	fi
+
+	local dhcp_ifaces="$(collect_interfaces_with_wan_port)"
+
+	_log "Disabling DHCP server on interfaces: $dhcp_ifaces"
+	for iface in $dhcp_ifaces; do
+		uci -q set dhcp.$iface=dhcp
+		uci -q set dhcp.$iface.interface="$iface"
+		uci -q set dhcp.$iface.ignore=1
+	done
+
+	uci -q commit dhcp
+}
+
+#
+# Configure Firewall
+#
+configure_firewall() {
+	_log "Configuring firewall"
+
+	# Check if any interface is routed
+	local interface_types="${NETMODE_interface_types:-bridge:transparent}"
+	local has_routed=0
+
+	local OLD_IFS="$IFS"
+	IFS=','
+	for if_type in $interface_types; do
+		if echo "$if_type" | grep -q "^route:"; then
+			has_routed=1
+			break
+		fi
+	done
+	IFS="$OLD_IFS"
+
+	if [ "$has_routed" = "1" ]; then
+		# Enable firewall for routed interfaces
+		ensure_firewall_layout
+	fi
+
+	uci -q set firewall.globals.enabled="1"
+	uci -q commit firewall
+	_log "Firewall enabled"
+}
+
+#
+# Update Service Dependencies
+#
+configure_services() {
+	_log "Updating service configurations"
+
+	# Get first interface name for services
+	local interface_names="${NETMODE_interface_names:-wan}"
+	local IFS=','
+	local first_interface=""
+
+	for if_name in $interface_names; do
+		first_interface="$if_name"
+		break
+	done
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="$first_interface"
+	uci -q commit cwmp
+
+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="$first_interface"
+	uci -q commit gateway
+
+	# Disable SSDPD
+	uci -q set ssdpd.ssdp.enabled="0"
+	uci -q commit ssdpd
+
+	_log "Service configurations updated"
+}
+
+#
+# Main Execution
+#
+_log "========================================="
+_log "Starting Advanced Mode Configuration"
+_log "========================================="
+
+# Main execution with error handling
+if ! configure_interfaces; then
+	_log "========================================="
+	_log "ERROR: Advanced Mode Configuration Failed"
+	_log "Please check the logs above for details"
+	_log "========================================="
+	exit 1
+fi
+
+if [ "$MACVLAN_PRESENT" -eq 1 ] || echo "$NETMODE_interface_types" | grep -q "BaseMACAddress"; then
+	_log "Macvlan interface with mac addr present, not generating default macoffset file"
+else
+	_log "Macvlan interface with mac addr not present, generating default macoffset file"
+	configure_macoffset
+fi
+
+if [ -n "$IPTV_DEVS" ]; then
+	configure_l3_mcast
+else
+	configure_l2_mcast
+fi
+
+configure_dhcp
+configure_firewall
+configure_services
+
+_log "========================================="
+_log "Advanced Mode Configuration Complete"
+_log "========================================="
+
+exit 0

netmode/files/etc/netmodes/bridged/scripts/10-bridged

@@ -1,127 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-source "/etc/device_info"
-
-l2_mcast_config() {
-	# configure L2 mcast config for snooping
-	logger -s -p user.info -t "netmode" "Generating L2 mcast configuration"
-
-	# remove proxy sections
-	uci -q delete mcast.igmp_proxy_1
-	uci -q delete mcast.mc_proxy_MLD
-
-	# add igmp_snooping section
-	uci -q set mcast.igmp_snooping_1=snooping
-	uci -q set mcast.igmp_snooping_1.enable='1'
-	uci -q set mcast.igmp_snooping_1.proto='igmp'
-	uci -q set mcast.igmp_snooping_1.version='2'
-	uci -q set mcast.igmp_snooping_1.robustness='2'
-	uci -q set mcast.igmp_snooping_1.query_interval='125'
-	uci -q set mcast.igmp_snooping_1.query_response_interval='100'
-	uci -q set mcast.igmp_snooping_1.last_member_query_interval='10'
-	uci -q set mcast.igmp_snooping_1.fast_leave='1'
-	uci -q set mcast.igmp_snooping_1.snooping_mode='2'
-	uci -q set mcast.igmp_snooping_1.interface='br-lan'
-	uci -q add_list mcast.igmp_snooping_1.filter='239.0.0.0/8'
-
-	# add mld_snooping section
-	uci -q set mcast.mld_snooping_1=snooping
-	uci -q set mcast.mld_snooping_1.enable='1'
-	uci -q set mcast.mld_snooping_1.proto='mld'
-	uci -q set mcast.mld_snooping_1.version='2'
-	uci -q set mcast.mld_snooping_1.robustness='2'
-	uci -q set mcast.mld_snooping_1.query_interval='125'
-	uci -q set mcast.mld_snooping_1.query_response_interval='100'
-	uci -q set mcast.mld_snooping_1.last_member_query_interval='10'
-	uci -q set mcast.mld_snooping_1.fast_leave='1'
-	uci -q set mcast.mld_snooping_1.snooping_mode='2'
-	uci -q set mcast.mld_snooping_1.interface='br-lan'
-
-	uci -q commit mcast
-}
-
-l2_network_config() {
-	logger -s -p user.info -t "netmode" "Generating L2 network configuration"
-
-	# Configure L2 Network Mode
-	uci -q set network.lan=interface
-	uci -q set network.lan.proto='dhcp'
-	uci -q set network.lan.vendorid="$(uci -q get network.wan.vendorid)"
-	uci -q set network.lan.clientid="$(uci -q get network.wan.clientid)"
-	uci -q set network.lan.reqopts="$(uci -q get network.wan.reqopts)"
-	uci -q set network.lan.sendopts="$(uci -q get network.wan.sendopts)"
-	uci -q set network.lan.device='br-lan'
-	uci -q set network.lan.force_link='1'
-
-	uci -q set network.lan6=interface
-	uci -q set network.lan6.proto='dhcpv6'
-	uci -q set network.lan6.device='@lan'
-	uci -q set network.lan6.reqprefix='no'
-
-	uci -q set network.wan.disabled='1'
-	uci -q set network.wan6.disabled='1'
-
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_select wan 2>/dev/null
-		json_get_var device device
-		[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		json_cleanup
-	fi
-
-	uci -q commit network
-
-	# Disable DHCP Server
-	uci -q set dhcp.lan.ignore=1
-	uci -q commit dhcp
-	/etc/init.d/odhcpd disable
-
-	# Disable SSDPD
-	uci -q set ssdpd.ssdp.enabled="0"
-	uci -q commit ssdpd
-
-	# Update CWMP Agent WAN Interface
-	uci -q set cwmp.cpe.default_wan_interface="lan"
-	uci -q commit cwmp
-
-	# Update gateway WAN Interface
-	uci -q set gateway.global.wan_interface="lan"
-	uci -q commit gateway
-
-	# disable firewall
-	uci -q set firewall.globals.enabled="0"
-	uci -q commit firewall
-}
-
-l2_network_config
-l2_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd stop 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -2,6 +2,7 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/netmode/advanced_helper.sh
 
 source "/etc/device_info"
 
@@ -15,8 +16,12 @@ l3_mcast_config() {
 }
 
 l3_network_config() {
+	cleanup_interfaces
+
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	configure_macoffset
+
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
@@ -43,22 +48,31 @@ l3_network_config() {
 	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6=interface
-	uci -q set network.wan6.proto='dhcpv6'
+	uci -q set network.wan6.proto="dhcpv6"
 	uci -q delete network.wan6.disabled
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
 
-		wandev="$wandev.$NETMODE_vlanid"
+	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
+
+		wandev="$vlandev"
 	fi
 
 	uci -q set network.wan.device="$wandev"
 	uci -q set network.wan6.device="$wandev"
 
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
+
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
@@ -67,28 +81,7 @@ l3_network_config() {
 		done
 	fi
 
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_cleanup
-	fi
+	create_br_lan_bridge_device
 
 	uci -q commit network
 
@@ -117,12 +110,3 @@ l3_network_config() {
 
 l3_network_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -2,6 +2,7 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/netmode/advanced_helper.sh
 
 source "/etc/device_info"
 
@@ -15,8 +16,12 @@ l3_mcast_config() {
 }
 
 l3_network_pppoe_config() {
+	cleanup_interfaces
+
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	configure_macoffset
+
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
@@ -42,20 +47,28 @@ l3_network_pppoe_config() {
 	uci -q delete network.wan.gateway
 	uci -q delete network.wan.netmask
 
-	uci -q set network.wan6.disabled='1'
+	uci -q delete network.wan6
+
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
 
 	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
 
-		wandev="$wandev.$NETMODE_vlanid"
+		wandev="$vlandev"
 	fi
 
 	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
+
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
 
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
@@ -65,28 +78,7 @@ l3_network_pppoe_config() {
 		done
 	fi
 
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_cleanup
-	fi
+	create_br_lan_bridge_device
 
 	uci -q commit network
 
@@ -115,12 +107,3 @@ l3_network_pppoe_config() {
 
 l3_network_pppoe_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -2,6 +2,7 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/netmode/advanced_helper.sh
 
 source "/etc/device_info"
 
@@ -15,8 +16,12 @@ l3_mcast_config() {
 }
 
 l3_network_config() {
+	cleanup_interfaces
+
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	configure_macoffset
+
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
@@ -43,20 +48,28 @@ l3_network_config() {
 	uci -q delete network.wan.username
 	uci -q delete network.wan.password
 
-	uci -q set network.wan6.disabled='1'
+	uci -q delete network.wan6
+
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
 
 	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
 
-		wandev="$wandev.$NETMODE_vlanid"
+		wandev="$vlandev"
 	fi
 
 	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
+
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
 
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
@@ -66,28 +79,7 @@ l3_network_config() {
 		done
 	fi
 
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_cleanup
-	fi
+	create_br_lan_bridge_device
 
 	uci -q commit network
 
@@ -116,12 +108,3 @@ l3_network_config() {
 
 l3_network_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/supported_modes.json

@@ -43,6 +43,12 @@
           "required": false,
           "type": "integer"
         },
+        {
+          "name": "mtu",
+          "description": "MTU",
+          "required": false,
+          "type": "integer"
+        },
         {
           "name": "dns_servers",
           "description": "DNS Servers",
@@ -89,6 +95,40 @@
           "type": "string"
         }
       ]
+    },
+    {
+      "name": "advanced",
+      "description": "Advanced Mode - Unified configuration for bridges, routed interfaces, and standalone VLANs",
+      "supported_args": [
+        {
+          "name": "interface_names",
+          "description": "Interface names (comma-separated, e.g., wan,iptv,mgmt,lan100)",
+          "required": false,
+          "type": "string",
+          "#value": "wan"
+        },
+        {
+          "name": "interface_types",
+          "description": "Interface types (comma-separated). Bridge: bridge:transparent, bridge:tagged:VID, bridge:wan-tagged:VID, bridge:qinq:C:S. Routed: route:vlan:VID, route:macvlan:MAC, route:vlan:VID:MAC. Standalone: direct:VID. Modifiers: -n (proto none), -d (disabled)",
+          "required": false,
+          "type": "string",
+          "#value": "bridge:transparent"
+        },
+        {
+          "name": "ports",
+          "description": "Port lists for each interface (comma-separated, use '-' to separate ports, e.g., ALL, ALL_LAN, LAN1-LAN2-WAN, WAN)",
+          "required": false,
+          "type": "string",
+          "#value": "ALL"
+        },
+        {
+          "name": "macaddrs",
+          "description": "MAC addresses for each interface (comma-separated). Use explicit MAC (AA:BB:CC:DD:EE:FF) or macros: BaseMACAddress, BaseMACAddressP1, BaseMACAddressP2, etc.",
+          "required": false,
+          "type": "string",
+          "#value": "BaseMACAddress,BaseMACAddressP1,BaseMACAddressP2"
+        }
+      ]
     }
   ]
 }

netmode/files/etc/uci-defaults/40_netmode_set_default_netmode

@@ -1,7 +1,28 @@
 #!/bin/sh
 
 enabled="$(uci -q get netmode.global.enabled)"
-[ "$enabled" == "1" ] || exit 0
+if [ "$enabled" != "1" ]; then
+	exit 0
+fi
+
+opconf_file="/opconf/opconf.json"
+[ -f $opconf_file ] || opconf_file="/usr_data/opconf/opconf.json"
+
+# Check if netmode getting provisioned from opconf, in case of opconf
+# provisioning, mode setting not required
+mode="$(jsonfilter -i $opconf_file -e @.netmode.mode 2>/dev/null)"
+if [ -n "${mode}" ]; then
+	exit 0
+fi
+
+# Check if opconf has wan provisioning enabled, if yes, get the proto/mode from opconf
+proto="$(jsonfilter -i $opconf_file -e '@.network.wan[@.name="wan"].proto' 2>/dev/null)"
+if [ -n "${proto}" ]; then
+	mode="routed-${proto}"
+	uci -q set netmode.global.mode="${mode}"
+	echo "${mode}" > /etc/netmodes/.last_mode
+	exit 0
+fi
 
 mode="$(uci -q get netmode.global.mode)"
 wanproto=$(uci -q get network.wan.proto)
@@ -13,7 +34,9 @@ if [ -n "$mode" ]; then
 	fi
 fi
 
-[ -f /etc/netmodes/supported_modes.json ] || exit 0
+if [ ! -f "/etc/netmodes/supported_modes.json" ]; then
+	exit 0
+fi
 
 # NetMode is enabled without a Mode being set
 # Figure out the current mode from network config
@@ -26,10 +49,12 @@ esac
 
 found=0
 for md in $(jsonfilter -i /etc/netmodes/supported_modes.json -e "@.supported_modes.*.name"); do
-	[ "$md" == "$curmode" ] && found=1
+	[ "$md" = "$curmode" ] && found=1
 done
 
 if [ $found -eq 1 ]; then
 	uci -q set netmode.global.mode="$curmode"
 	echo "$curmode" > /etc/netmodes/.last_mode
+else
+	exit 1
 fi

netmode/files/lib/netmode/post/10-dhcp_options.sh

@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# Auto-configure DHCP options for WAN interfaces
+# This script runs after netmode applies configuration
+#
+
+. /etc/os-release 2>/dev/null
+. /lib/functions/system.sh 2>/dev/null
+
+# Get device information
+model=$(cat /tmp/sysinfo/model 2>/dev/null || echo "OpenWrt")
+basemac=$(get_mac_label 2>/dev/null || echo "000000000000")
+software_ver=${OPENWRT_RELEASE##* }
+software_ver=${software_ver:-unknown}
+
+# DHCP options to request (TR-069/USP standard options)
+reqopts="42 43 100 101 121 125 128 132 224 225 226"
+
+# Helper: Set value if not already set
+set_if_empty() {
+	uci -q get "$1" > /dev/null || uci set "${1}=${2}"
+}
+
+# Helper: Add request options (merge with existing)
+set_reqopts() {
+	local intf="$1"
+	local new_opts="$2"
+	local opts=$(uci -q get "network.${intf}.reqopts")
+	local o
+
+	for o in $new_opts; do
+		echo "$opts" | grep -qwF "$o" || opts="${opts:+$opts }$o"
+	done
+
+	uci set "network.${intf}.reqopts=${opts}"
+}
+
+# Configure DHCP options only for 'wan' interface with proto=dhcp
+for intf in $(uci show network | grep "=interface" | cut -d'.' -f2 | cut -d'=' -f1); do
+	# Only configure interface named 'wan' with proto=dhcp
+	[ "$intf" = "wan" ] || continue
+	[ "$(uci -q get "network.${intf}.proto")" = "dhcp" ] || continue
+
+	logger -s -p user.info -t "netmode-dhcp" "Configuring DHCP options for WAN interface"
+
+	# Set vendorid: model,software_version,dslforum.org
+	uci set "network.${intf}.vendorid=${model},${software_ver},dslforum.org"
+
+	# Set clientid (01 = ARP hardware type Ethernet)
+	set_if_empty "network.${intf}.clientid" "01${basemac//:}"
+
+	# Set DHCP request options
+	set_reqopts "$intf" "$reqopts"
+
+	# Set sendopts for TR-069/USP (option 124: Device.DeviceInfo.VendorClassID)
+	# Format: enterprise number (3561 = Broadband Forum) + data
+	set_if_empty "network.${intf}.sendopts" "124:00:00:0D:E9:04:03:75:73:70"
+done
+
+uci -q commit network
+
+logger -s -p user.info -t "netmode-dhcp" "DHCP options configuration completed"
+
+exit 0

netmode/files/lib/netmode/post/15-static_lan.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# Auto-configure static IP and DHCP server for LAN interfaces
+# This script runs after netmode applies configuration
+#
+
+_log() {
+	logger -s -p user.info -t "netmode-static-lan" "$*"
+}
+
+# Configure static IP and DHCP server for LAN interface
+for intf in $(uci show network | grep "=interface" | cut -d'.' -f2 | cut -d'=' -f1); do
+	# Only configure interfaces with proto=static
+	[ "$(uci -q get "network.${intf}.proto")" = "static" ] || continue
+
+	_log "Configuring static IP for interface: $intf"
+
+	# Special handling for 'lan' interface
+	if [ "$intf" = "lan" ]; then
+		_log "Auto-configuring LAN interface with default static IP settings"
+
+		# Set static IP configuration
+		uci -q set "network.${intf}.ipaddr=192.168.1.1"
+		uci -q set "network.${intf}.netmask=255.255.255.0"
+		uci -q set "network.${intf}.ip6assign=60"
+
+		# Configure DHCP server for LAN
+		uci -q delete "dhcp.${intf}"
+		uci -q set "dhcp.${intf}=dhcp"
+		uci -q set "dhcp.${intf}.interface=${intf}"
+		uci -q set "dhcp.${intf}.start=100"
+		uci -q set "dhcp.${intf}.limit=150"
+		uci -q set "dhcp.${intf}.leasetime=1h"
+		uci -q set "dhcp.${intf}.dhcpv4=server"
+		uci -q set "dhcp.${intf}.dhcpv6=server"
+		uci -q set "dhcp.${intf}.ra=server"
+		uci -q set "dhcp.${intf}.ra_slaac=1"
+		uci -q delete "dhcp.${intf}.ra_flags"
+		uci -q add_list "dhcp.${intf}.ra_flags=managed-config"
+		uci -q add_list "dhcp.${intf}.ra_flags=other-config"
+
+		_log "LAN interface configured with IP 192.168.1.1/24 and DHCP server enabled"
+	else
+		_log "Interface '$intf' has proto=static but is not 'lan' - no auto-configuration applied"
+	fi
+done
+
+uci -q commit network
+uci -q commit dhcp
+
+_log "Static LAN configuration completed"
+
+exit 0