Draft: datamodel for shell exec

bbfdm/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.18.18
+PKG_VERSION:=1.18.2
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=fbf01a9e30e7ecccc2453af7abfbccf939e27d43
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=786863cf0ef48dd70610598cdf8e2bbc0462a504
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -107,7 +107,7 @@ endif
 
 CMAKE_OPTIONS += \
 	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
-	-DBBFDMD_MAX_MSG_LEN:Integer=20971520 \
+	-DBBFDMD_MAX_MSG_LEN:Integer=10485760 \
 	-DCMAKE_BUILD_TYPE:String="Debug" \
 
 

bbfdm/files/etc/bbfdm/critical_services.json

@@ -10,8 +10,10 @@
 			"/etc/bbfdm/dmmap/PPP",
 			"/etc/bbfdm/dmmap/Routing",
 			"/etc/config/dhcp",
-			"/etc/bbfdm/dmmap/DHCPv4",
-			"/etc/bbfdm/dmmap/DHCPv6",
+			"/etc/bbfdm/dmmap/dmmap_dhcp",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_client",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_relay",
+			"/etc/bbfdm/dmmap/dmmap_dhcpv6",
 			"/etc/config/time",
 			"/etc/bbfdm/dmmap/dmmap_time",
 			"/etc/config/mapcontroller",
@@ -34,8 +36,10 @@
 			"/etc/bbfdm/dmmap/PPP",
 			"/etc/bbfdm/dmmap/Routing",
 			"/etc/config/dhcp",
-			"/etc/bbfdm/dmmap/DHCPv4",
-			"/etc/bbfdm/dmmap/DHCPv6",
+			"/etc/bbfdm/dmmap/dmmap_dhcp",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_client",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_relay",
+			"/etc/bbfdm/dmmap/dmmap_dhcpv6",
 			"/etc/config/mapcontroller",
 			"/etc/config/wireless",
 			"/etc/bbfdm/dmmap/WiFi",

bbk_cli/Makefile

@@ -9,7 +9,7 @@ PKG_SOURCE_VERSION:=7b810a696c78b746185c11282bdbe3fb7f8c5d4b
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/dotse/bbk.git
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 

bootchart2/Makefile

@@ -15,7 +15,7 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/mmeeks/bootchart.git
 PKG_SOURCE_VERSION:=3ab81137cafe25c2ca4bc3a5f322a63646f9ce8d
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_LICENSE:=GPLv2

bridgemngr/Config.in

@@ -5,12 +5,6 @@ config BRIDGEMNGR_BRIDGE_VLAN
 	help
 	   Set this option to use bridge-vlan as backend for VLAN objects.
 
-config BRIDGEMNGR_COPY_PBITS
-	bool "Copy pbits from cvlan to svlan"
-	default y
-	help
-	   Set this option to copy cvlan pbits to svlan pbits by default (driver vlan).
-
 config BRIDGEMNGR_BRIDGE_VENDOR_EXT
 	bool "Use bridge BBF vendor extensions"
 	default y

bridgemngr/Makefile

@@ -5,14 +5,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.1.6
+PKG_VERSION:=1.1.1
 
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr.git
-PKG_SOURCE_VERSION:=882f8c8cc9a97372297d192cc916c4f8ffe7c25a
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
+PKG_SOURCE_VERSION:=b6a657e1c83b49f09323b4012ef229c604b82854
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -51,10 +52,6 @@ ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VLAN),y)
 	TARGET_CFLAGS += -DBRIDGE_VLAN_BACKEND
 endif
 
-ifeq ($(CONFIG_BRIDGEMNGR_COPY_PBITS),y)
-	TARGET_CFLAGS+=-DBRIDGEMNGR_COPY_PBITS
-endif
-
 define Package/bridgemngr/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config

bulkdata/Makefile

@@ -7,14 +7,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.23
+PKG_VERSION:=2.1.20
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=f54550f2d587a701c0a8d5cac4a0910a99ce92cf
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=a5e57962938ca143ede65d92be90b6e9fce66e15
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

bulut/Makefile

@@ -11,7 +11,7 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bulut/bulut-gw-client.git
 PKG_SOURCE_VERSION:=227700c44817afa2c392fa08bf4cf70fa6177f01
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

ddnsmngr/Makefile

@@ -12,7 +12,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ddnsmngr.git
 PKG_SOURCE_VERSION:=44af9a7b3fec3929f8554af9633a5b8068189b48
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

decollector/Config.in

@@ -4,16 +4,4 @@ config DECOLLECTOR_EASYMESH_VERSION
 	int "Support Easymesh version"
 	default 6
 
-config DECOLLECTOR_BUILD_TR181_PLUGIN
-	bool "Build TR-181 mapping module (responsible for Device.WiFi.DataElements.)"
-	default y
-
-config DECOLLECTOR_VENDOR_EXTENSIONS
-	bool "Iopsys vendor extensions for Device.WiFi.DataElements."
-	default y
-
-config DECOLLECTOR_VENDOR_PREFIX
-	string "Package specific datamodel Vendor Prefix for TR181 extensions"
-	default ""
-
 endmenu

decollector/Makefile

@@ -6,14 +6,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.3.9
+PKG_VERSION:=6.2.1.12
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=d1d948a48952fe2091e84af1293a6e77857439cf
+PKG_SOURCE_VERSION:=ce738316065e4608811312f0a254d1fee22fa343
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
@@ -24,7 +24,6 @@ PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
-include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 
 define Package/decollector
   SECTION:=utils
@@ -67,18 +66,6 @@ MAKE_PATH:=src
 
 TARGET_CFLAGS += -DEASYMESH_VERSION=$(CONFIG_DECOLLECTOR_EASYMESH_VERSION)
 
-ifeq ($(CONFIG_DECOLLECTOR_BUILD_TR181_PLUGIN),y)
-MAKE_FLAGS += DECOLLECTOR_BUILD_TR181_PLUGIN=y
-ifeq ($(CONFIG_DECOLLECTOR_VENDOR_EXTENSIONS),y)
-TARGET_CFLAGS += -DDECOLLECTOR_VENDOR_EXTENSIONS
-ifeq ($(CONFIG_DECOLLECTOR_VENDOR_PREFIX),"")
-TARGET_CFLAGS += -DCUSTOM_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
-else
-TARGET_CFLAGS += -DCUSTOM_PREFIX=\\\"$(CONFIG_DECOLLECTOR_VENDOR_PREFIX)\\\"
-endif
-endif
-endif
-
 EXECS := \
 	$(if $(CONFIG_PACKAGE_decollector),decollector)
 
@@ -89,7 +76,6 @@ define Package/decollector/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/decollector.init $(1)/etc/init.d/decollector
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/decollector $(1)/usr/sbin/
-	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 endef
 
 $(eval $(call BuildPackage,decollector))

decollector/bbfdm_service.json

@@ -1,26 +0,0 @@
-{
-  "daemon": {
-    "enable": "1",
-    "service_name": "decollector",
-    "unified_daemon": true,
-    "services": [
-      {
-        "parent_dm": "Device.WiFi.",
-        "object": "DataElements"
-      }
-    ],
-    "config": {
-      "loglevel": "3"
-    },
-    "apply_handler": {
-      "uci": [
-        {
-          "file": [
-            "mapcontroller"
-          ],
-          "external_handler": "/etc/wifidmd/bbf_config_reload.sh"
-        }
-      ]
-    }
-  }
-}

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.13
+PKG_VERSION:=3.7.11
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5c2720563b3ed889e9d4de6fdb9b0f6a9d584094
+PKG_SOURCE_VERSION:=815ee44808169b8e1efa2cac44bd7d238ad33cdc
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -20,7 +20,7 @@ export BUILD_DIR
 
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_PARALLEL:=1
 
 include $(INCLUDE_DIR)/package.mk

dhcpmngr/Config.in

@@ -1,12 +0,0 @@
-if PACKAGE_dhcpmngr
-
-config DHCPMNGR_ENABLE_VENDOR_EXT
-	bool "Use datamodel vendor extensions"
-	default y
-	help
-	   Set this option to use bridge BBF vendor extensions.
-
-config DHCPMNGR_VENDOR_PREFIX
-	string "Package specific datamodel Vendor Prefix for TR181 extensions"
-	default ""
-endif

dhcpmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dhcpmngr
-PKG_VERSION:=1.1.6
+PKG_VERSION:=1.0.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
-PKG_SOURCE_VERSION:=74d96cd70119e4ea08767d68b45b4922162d0328
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=986f66608959f4f589009d580b046e250d8c620d
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -39,22 +39,6 @@ define Package/dhcpmngr/description
   Package to add Device.DHCPv4. and Device.DHCPv6. data model support.
 endef
 
-define Package/$(PKG_NAME)/config
-        source "$(SOURCE)/Config.in"
-endef
-
-ifeq ($(CONFIG_DHCPMNGR_ENABLE_VENDOR_EXT),y)
-MAKE_FLAGS += DHCPMNGR_ENABLE_VENDOR_EXT=y
-endif
-
-ifeq ($(CONFIG_DHCPMNGR_VENDOR_PREFIX),"")
-VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
-else
-VENDOR_PREFIX = $(CONFIG_DHCPMNGR_VENDOR_PREFIX)
-endif
-
-TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/dhcpmngr/* $(PKG_BUILD_DIR)/

dmcli-plugins/Makefile

@@ -1,48 +0,0 @@
-#
-# Copyright (c) 2023 Genexis Netherlands B.V. All rights reserved.
-# This Software and its content are protected by the Dutch Copyright Act
-# ('Auteurswet'). All and any copying and distribution of the software
-# and its content without authorization by Genexis Netherlands B.V. is
-# prohibited. The prohibition includes every form of reproduction and
-# distribution.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=dmcli-plugins
-PKG_LICENSE:=PROPRIETARY GENEXIS
-PKG_VERSION:=2.2.6
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli-plugin-easydm.git
-PKG_SOURCE_VERSION:=bc8b8527e8a41bdba73cb277a3c6c3b42b045153
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=skip
-
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/dmcli-plugins
-  SECTION:=tools
-  CATEGORY:=Genexis
-  TITLE:=Easy-to-use data model on top of TR181
-  URL:=http://genexis.eu
-  DEPENDS:=+dmcli
-endef
-
-define Package/dmcli-plugins/description
-  EasyDM offers a user-friendly approach to configuring TR-181
-  simplifying the process with its intuitive interface.
-endef
-
-define Build/Compile
-	true
-endef
-
-define Package/dmcli-plugins/install
-	$(INSTALL_DIR) $(1)/usr/lib/dmcli/plugins
-	$(CP) $(PKG_BUILD_DIR)/src/*.js $(1)/usr/lib/dmcli/plugins/
-endef
-
-$(eval $(call BuildPackage,dmcli-plugins))

dmcli/Config.in

@@ -1,9 +0,0 @@
-if PACKAGE_dmcli
-
-config DMCLI_REMOTE_CONNECTION
-        bool "Add dmcli remote controller configuration"
-        default n
-        help
-                This adds a usp controller configuration for dmcli remote connection from different machine/laptop/server.
-
-endif

dmcli/Makefile

@@ -1,76 +0,0 @@
-#
-# Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
-# This Software and its content are protected by the Dutch Copyright Act
-# ('Auteurswet'). All and any copying and distribution of the software
-# and its content without authorization by Genexis Netherlands B.V. is
-# prohibited. The prohibition includes every form of reproduction and
-# distribution.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=dmcli
-PKG_LICENSE:=PROPRIETARY GENEXIS
-PKG_VERSION:=1.9.6
-PKG_RELEASE:=1
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli.git
-PKG_SOURCE_VERSION:=f03188eff6c2cab59e4c8f18a435c940ff5043f5
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=skip
-
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/dmcli
-  SECTION:=tools
-  CATEGORY:=Genexis
-  TITLE:=DMCLI (datamodel-based CLI)
-  URL:=http://genexis.eu
-  DEPENDS:=+usp-js +DMCLI_REMOTE_CONNECTION:mosquitto-auth-plugin +shadow-utils +@BUSYBOX_CONFIG_ADDUSER
-endef
-
-define Package/dmcli/description
-  CLI to view and configure datamodels of CPE
-endef
-
-define Package/dmcli/conffiles
-/etc/dmcli/dmcli.conf
-endef
-
-define Package/dmcli/config
-	source "$(SOURCE)/Config.in"
-endef
-
-define Package/dmcli/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dmcli $(1)/usr/bin/
-
-	$(INSTALL_DIR) $(1)/usr/lib/dmcli
-	$(CP) $(PKG_BUILD_DIR)/common $(1)/usr/lib/dmcli/
-	mv $(1)/usr/lib/dmcli/common/os_qjs.js $(1)/usr/lib/dmcli/common/os.js
-	rm $(1)/usr/lib/dmcli/common/os_node.js
-	$(CP) $(PKG_BUILD_DIR)/core $(1)/usr/lib/dmcli/
-	$(CP) $(PKG_BUILD_DIR)/cli $(1)/usr/lib/dmcli/
-	$(CP) $(PKG_BUILD_DIR)/data $(1)/usr/lib/dmcli/
-	$(CP) $(PKG_BUILD_DIR)/plugins $(1)/usr/lib/dmcli/
-
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli $(1)/etc/uci-defaults/
-ifeq ($(CONFIG_DMCLI_REMOTE_CONNECTION),y)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote $(1)/etc/uci-defaults/
-else
-	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote-remove $(1)/etc/uci-defaults/
-endif
-
-	$(INSTALL_DIR) $(1)/etc/dmcli
-	$(CP) ./files/etc/dmcli/dmcli.acl $(1)/etc/dmcli/
-	$(CP) ./files/etc/dmcli/dmcli.conf $(1)/etc/dmcli/
-
-	$(INSTALL_DIR) $(1)/etc/users/roles/
-	$(INSTALL_DATA) ./files/etc/users/roles/operator.json $(1)/etc/users/roles/
-endef
-
-$(eval $(call BuildPackage,dmcli))

dmcli/files/etc/dmcli/dmcli.acl

@@ -1,4 +0,0 @@
-user operator
-topic read /usp/operator/controller/reply-to
-topic read /usp/operator/controller
-topic write /usp/operator/endpoint

dmcli/files/etc/dmcli/dmcli.conf

@@ -1,45 +0,0 @@
-{
-   "Settings": {
-      "USP": {
-         "ActiveConnectionProfile": "local",
-         "ConnectionProfile": [
-            {
-               "Name": "local",
-               "Host": "127.0.0.1",
-               "Port": 9002,
-               "Username": "operator",
-               "Protocol": "ws",
-               "FromId": "oui:000F94:device-controller-operator",
-               "PublishEndpoint": "/usp/operator/endpoint",
-               "SubscribeEndpoint": "/usp/operator/controller"
-            }
-         ],
-         "Session": {
-            "AutoStart": false
-         },
-         "Notification": {
-            "LogTo": "console",
-            "Format": "brief",
-            "LogFile": "usp-notification.log"
-         }
-      },
-      "CLI": {
-         "Home": "/",
-         "Color": "true",
-         "Mode": "Command",
-         "ShowCommandTime": false,
-         "SortDMTree": false
-      },
-      "Prompt": {
-         "Auto": true,
-         "Color": "default",
-         "SelectedBackgroundColor": "yellow",
-         "PageSize": "3",
-         "AutoPromptOnEmptyCommand": false,
-         "AutoPromptInstanceNumbers": false
-      },
-      "Log": {
-         "Level": "Error"
-      }
-   }
-}

dmcli/files/etc/uci-defaults/36-dmcli

@@ -1,120 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /lib/functions/iopsys-environment.sh
-. /usr/share/libubox/jshn.sh
-
-DMCLI_CONF="/etc/dmcli/dmcli.conf"
-CONTROLLER_ID='oui:000F94:device-controller-operator'
-DMCLI_RESP_TOPIC="/usp/operator/endpoint"
-DMCLI_CTRL_TOPIC="/usp/operator/controller"
-DMCLI_PORT="9002"
-
-grep -q "^operator:" /etc/passwd || {
-	adduser -g 'Operator' -D -H -s /usr/bin/dmcli --home '/usr/lib/dmcli' 'operator'
-	hash=""
-	if type get_operator_password_hash > /dev/null 2>&1; then
-		hash=$(get_operator_password_hash)
-	fi
-	if [ -z "$hash" ]; then
-		hash='$6$zP4Wk/VQJOLwwofC$teuhnYFQBcA8YUZo/Q0quDMi4SsOHmfBcyvt5VNchPnzgwF1nfNNliC3yBVW22NwmwttPEWeBEBfnMTBB0rYs/'
-	fi
-	echo "operator:${hash}" | chpasswd -e
-}
-
-grep -q "^/usr/bin/dmcli$" /etc/shells || {
-	echo '/usr/bin/dmcli' >> /etc/shells
-}
-
-uci -q del_list sshd.@sshd[0].AllowUsers='operator'
-uci -q add_list sshd.@sshd[0].AllowUsers='operator'
-
-uci -q delete users.operator
-uci -q set users.operator=user
-uci -q set users.operator.enabled=1
-uci -q set users.operator.shell='dmcli'
-uci -q set users.operator.member_roles='operator'
-
-if [ -f "/etc/config/mosquitto" ]; then
-	uci_add mosquitto listener dmcli_local
-	uci_set mosquitto dmcli_local enabled 1
-	uci_set mosquitto dmcli_local port "${DMCLI_PORT}"
-	uci_set mosquitto dmcli_local protocol 'websockets'
-	uci_set mosquitto dmcli_local acl_file '/etc/dmcli/dmcli.acl'
-	uci_set mosquitto dmcli_local no_remote_access '1'
-	uci_set mosquitto dmcli_local allow_anonymous '1'
-fi
-
-if [ -f "/etc/config/obuspa" ]; then
-	uci_add obuspa mqtt mqtt_operator
-	uci_set obuspa mqtt_operator BrokerAddress '127.0.0.1'
-	uci_set obuspa mqtt_operator BrokerPort '1883'
-	uci_set obuspa mqtt_operator TransportProtocol 'TCP/IP'
-
-	uci_add obuspa mtp mtp_operator
-	uci_set obuspa mtp_operator Protocol 'MQTT'
-	uci_set obuspa mtp_operator ResponseTopicConfigured "${DMCLI_RESP_TOPIC}"
-	uci_set obuspa mtp_operator mqtt 'mqtt_operator'
-
-	uci_add obuspa controller controller_operator
-	uci_set obuspa controller_operator EndpointID "${CONTROLLER_ID}"
-	uci_set obuspa controller_operator Protocol 'MQTT'
-	uci_set obuspa controller_operator Topic "${DMCLI_CTRL_TOPIC}"
-	uci_set obuspa controller_operator mqtt 'mqtt_operator'
-	uci_set obuspa controller_operator assigned_role_name 'operator'
-fi
-
-_get_endpoint_id() {
-	local id serial oui
-
-	id="$(uci -q get obuspa.localagent.EndpointID)"
-	if [ -n "${id}" ]; then
-		echo "${id}"
-		return 0
-	fi
-
-	serial="$(db -q get device.deviceinfo.SerialNumber)"
-	oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
-
-	echo "os::${oui}-${serial//+/%2B}"
-}
-
-update_dmcli_conf() {
-	local endpointid confTmpFile
-	local port fromid publish subscribe toid
-
-	if [ -f "${DMCLI_CONF}" ]; then
-		endpointid="$(_get_endpoint_id)"
-		json_load_file "${DMCLI_CONF}" || return
-		json_select "Settings" || return
-			json_select "USP" || return
-				json_select "ConnectionProfile" || return
-					json_select "1" || return
-						json_get_var port "Port"
-						json_get_var fromid "FromId"
-						json_get_var publish "PublishEndpoint"
-						json_get_var subscribe "SubscribeEndpoint"
-						json_get_var toid "ToId"
-
-						json_add_int "Port" "${DMCLI_PORT}"
-						json_add_string "FromId" "${CONTROLLER_ID}"
-						json_add_string "PublishEndpoint" "${DMCLI_RESP_TOPIC}"
-						json_add_string "SubscribeEndpoint" "${DMCLI_CTRL_TOPIC}"
-						json_add_string "ToId" "${endpointid}"
-					json_select ..
-				json_select ..
-			json_select ..
-		json_select ..
-
-		if [ "${port}" != "${DMCLI_PORT}" ] || [ "${fromid}" != "${CONTROLLER_ID}" ] || \
-			[ "${publish}" != "${DMCLI_RESP_TOPIC}" ] || [ "${subscribe}" != "${DMCLI_CTRL_TOPIC}" ] || \
-			[ "${toid}" != "${endpointid}" ]; then
-			confTmpFile="$(mktemp -u -p "$(dirname "$DMCLI_CONF")" "$(basename "$DMCLI_CONF").XXXXXXX")"
-			json_pretty
-			json_dump > "${confTmpFile}" || return
-			mv -f "${confTmpFile}" "${DMCLI_CONF}" || return
-		fi
-	fi
-}
-
-update_dmcli_conf || exit

dmcli/files/etc/uci-defaults/36-dmcli-remote

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ -f "/etc/config/mosquitto" ]; then
-	uci_add mosquitto listener dmcli
-	uci_set mosquitto dmcli enabled 1
-	uci_set mosquitto dmcli port '9003'
-	uci_set mosquitto dmcli protocol 'websockets'
-	uci_set mosquitto dmcli auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
-	uci_set mosquitto dmcli acl_file '/etc/dmcli/dmcli.acl'
-fi
-
-exit 0

dmcli/files/etc/uci-defaults/36-dmcli-remote-remove

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ -f "/etc/config/mosquitto" ]; then
-	uci_remove mosquitto dmcli
-fi
-
-exit 0

dmcli/files/etc/users/roles/operator.json

@@ -1,14 +0,0 @@
-{
-  "tr181": {
-    "name": "operator",
-    "instance": 6,
-    "permission": [
-      {
-        "object": "Device.",
-        "perm": [
-          "PERMIT_ALL"
-        ]
-      }
-    ]
-  }
-}

dmcli/src/Makefile

@@ -1,7 +0,0 @@
-all: dmcli
-
-dmcli: main.c
-	$(CC) $(CFLAGS) -Wall -Werror -o $@ $^
-
-clean:
-	rm -f dmcli

dmcli/src/main.c

@@ -1,32 +0,0 @@
-/*
-* Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
-* This Software and its content are protected by the Dutch Copyright Act
-* ('Auteurswet'). All and any copying and distribution of the software
-* and its content without authorization by Genexis Netherlands B.V. is
-* prohibited. The prohibition includes every form of reproduction and
-* distribution.
-*/
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-/* C Wrapper for operator to login to the CLI via ssh: the shell in
- * the passwd file cannot be a script that requires an interpreter. */
-int main(int argc, char *argv[])
-{
-	char *cmd[3 + (argc > 1 ? argc - 1 : 0)];
-
-	cmd[0] = "/usr/bin/qjs";
-	cmd[1] = "/usr/lib/dmcli/cli/main.js";
-	cmd[2] = NULL;
-
-	if (argc > 1) {
-		memcpy(&cmd[2], &argv[1], (argc - 1) * sizeof(char *));
-		cmd[2 + argc - 1] = NULL;
-	}
-
-	execv(cmd[0], cmd);
-	fprintf(stderr, "%s: command not found\n", cmd[0]);
-	return 127;
-}

dmexec/Makefile

@@ -0,0 +1,44 @@
+#
+# Copyright (C) 2025 iopsys Software Solutions AB
+#
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmexec
+PKG_VERSION:=0.0.1
+PKG_RELEASE:=1
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_LICENSE:=GPL-2.0-only
+
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
+
+define Package/dmexec
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Datamodel for shell exec
+  DEPENDS:=+dm-service
+endef
+
+define Package/dmexec/description
+  datamodel extension for running shell commands.
+endef
+
+define Build/Compile
+	# pass
+endef
+
+define Package/dmexec/install
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+
+	$(INSTALL_DATA) ./files/etc/config/dmexec $(1)/etc/config/
+	$(INSTALL_BIN) ./files/etc/init.d/dmexec $(1)/etc/init.d/
+
+	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_MS_DM) ./files/dm_exec.json $(1) $(PKG_NAME)
+endef
+
+$(eval $(call BuildPackage,dmexec))

dmexec/bbfdm_service.json

@@ -0,0 +1,16 @@
+{
+  "daemon": {
+    "enable": "1",
+    "service_name": "dmexec",
+    "unified_daemon": false,
+    "services": [
+      {
+        "parent_dm": "Device.",
+        "object": "X_GENEXIS_EU_CLI"
+      }
+    ],
+    "config": {
+      "loglevel": "7"
+    }
+  }
+}

dmexec/files/dm_exec.json

@@ -0,0 +1,81 @@
+{
+  "json_plugin_version": 2,
+  "Device.X_GENEXIS_EU_CLI.": {
+    "type": "object",
+    "protocols": [
+      "cwmp",
+      "usp"
+    ],
+    "access": false,
+    "array": false,
+    "Enable": {
+      "type": "boolean",
+      "read": true,
+      "write": true,
+      "protocols": [
+        "cwmp",
+        "usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "enable"
+            }
+          }
+        }
+      ]
+    },
+    "REQUEST": {
+      "type": "string",
+      "read": true,
+      "write": true,
+      "protocols": [
+        "cwmp",
+        "usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "cmd"
+            }
+          }
+        }
+      ]
+    },
+    "RESULT": {
+      "type": "string",
+      "read": true,
+      "write": false,
+      "protocols": [
+        "cwmp",
+	"usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "result"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

dmexec/files/etc/config/dmexec

@@ -0,0 +1,3 @@
+config dmexec 'dmexec'
+	option enable '0'
+

dmexec/files/etc/init.d/dmexec

@@ -0,0 +1,40 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=01
+
+USE_PROCD=1
+
+log() {
+	logger -t dmexec.init "$*"
+}
+
+start_service() {
+	procd_open_instance
+	procd_close_instance
+}
+
+reload_service() {
+	local cmd result enable
+
+	enable="$(uci -q get dmexec.dmexec.enable)"
+	enable="${enable:-0}"
+
+	if [ "${enable}" -eq "0" ]; then
+		log "dmexec is disabled"
+	fi
+
+	uci -q set dmexec.dmexec.result=""
+	cmd="$(uci -q get dmexec.dmexec.cmd)"
+	if [ -n "${cmd}" ]; then
+		log "Executing [${cmd}]"
+		result="$(eval $cmd 2>&1 |head -n 1 |head -c 256)"
+		result="${result//\'/}"
+		uci -q set dmexec.dmexec.result="${result}"
+		uci commit dmexec
+	fi
+}
+
+service_triggers() {
+	procd_add_reload_trigger dmexec
+}

dnsmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.21
+PKG_VERSION:=1.0.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=ef3714cc7555f763dfab626add8f90d7bc0a33b5
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=80fa147e6f1f0d9c1a62a62a693ff3adaef45363
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

dslmngr/Makefile

@@ -15,7 +15,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
 PKG_SOURCE_VERSION:=8fb4093b4d26b3cb06603e110d424005e33cf5d6
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_MIRROR_HASH:=skip
 endif

dslmngr/files/airoha/sbin/xdsl_wan

@@ -5,8 +5,6 @@ source "/lib/functions/network.sh"
 source "/lib/functions/system.sh"
 
 PREVLINK=""
-LINK=""
-LINKSPEED=""
 PREVWANMODE=""
 WANMODE=""
 CONFIGURED=0
@@ -152,12 +150,6 @@ while [ true ]; do
 
 	if [ "$LINK" != "$PREVLINK" -a \( "$LINK" = "down" -o "$LINK" = "up" \) ]; then
 		if [ "$LINK" = "down" ]; then
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				rm -rf /tmp/qos/wan_link_shape_rate
-				rm -rf /tmp/qos/wan_link_speed
-				/usr/sbin/qos-uplink-bandwidth
-			fi
-
 			[ "$CONFIGURED" -eq 0 ] && configure_lines # Needs to be done once the slave SoC is in down state and we've not been able to auto-sync.
 			if [ -n "$WANMODE" ]; then
 				if [ "$WANMODE" = "PTM" ]; then
@@ -234,26 +226,6 @@ while [ true ]; do
 
 			call_wan_hotplug "up" "$WANPORT"
 			PREVWANMODE="$WANMODE"
-
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				LINKSPEED="$(awk '/far-end interleaved channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-				LINKSPEED=$((LINKSPEED))
-				if [ "$LINKSPEED" -eq 0 ]; then
-					LINKSPEED="$(awk '/far-end fast channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-					LINKSPEED=$((LINKSPEED))
-				fi
-
-				if [ "$LINKSPEED" -ne 0 ]; then
-					mkdir -p /tmp/qos
-					touch /tmp/qos/wan_link_shape_rate
-
-					/userfs/bin/qosrule discpline Rate uplink-bandwidth ${LINKSPEED}
-					hw_nat -! > /dev/null 2>&1
-				else
-					rm -rf /tmp/qos/wan_link_speed
-					/usr/sbin/qos-uplink-bandwidth
-				fi
-			fi
 		fi
 
 		# Toggle link state

ebtables-extensions/Makefile

@@ -14,7 +14,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ebtables-extensions.git
 PKG_SOURCE_VERSION:=7357622d806833d93d317164dc6673fbf5fd1629
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.1.4
+PKG_VERSION:=3.1.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=0283fb5cb74a7baca46c4360da680757c57c86ac
+PKG_SOURCE_VERSION:=da6b25430123f03a74b59369b36dc4a777207d3f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

fatrace/Makefile

@@ -16,7 +16,7 @@ PKG_SOURCE_VERSION:=98af6019a4a1b478a6fa35f74528cb3cd404ae40
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://git.launchpad.net/fatrace
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 

fdtextract/Makefile

@@ -10,15 +10,20 @@ PKG_NAME:=fdtextract
 PKG_RELEASE:=1
 PKG_VERSION:=1.0
 
-PKG_SOURCE_URL:=https://dev.iopsys.eu/system/fdtextract.git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/fdtextract.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=7917dbcb29724476cd46164eec29848df1e5fb67
+PKG_SOURCE_VERSION:=e3cefda3b26c9aea3021b20725ce7b31b33eebc4
 PKG_MIRROR_HASH:=skip
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=LICENSE
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+RSTRIP:=true
+export BUILD_DIR
+
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_PARALLEL:=1
 
 include $(INCLUDE_DIR)/package.mk
@@ -35,7 +40,9 @@ endef
 
 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
+
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/fdtextract $(1)/usr/sbin/
+	$(STRIP) $(1)/usr/sbin/fdtextract
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

firewallmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.12
+PKG_VERSION:=1.0.10
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=30319c67fb4db285a2bcd272b1c10bc040eecf19
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=05ad0d6f7f21520eecd05429c14d1963de2a8463
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

fluent-bit/Makefile

@@ -13,7 +13,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
 PKG_SOURCE_VERSION=v$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

gateway-info/Makefile

@@ -15,7 +15,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/gateway-info.git
 PKG_SOURCE_VERSION:=dd15893a8291e556a8c49ff9e143c763db0379b5
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

gateway-info/files/etc/uci-defaults/86-set-gateway-device-info

@@ -110,7 +110,7 @@ configure_send_op125() {
 
 
 	if [ "${uci}" = "network" ]; then
-		[ -n "${sendopt}" ] && new_send_opt="$sendopt $opt125" || new_send_opt="$opt125"
+		new_send_opt="$sendopt $opt125"
 		uci -q set network."${intf}".sendopts="$new_send_opt"
 	else
 		new_send_opt="$sendopt$opt125"
@@ -228,7 +228,7 @@ enable_dhcp_option125() {
 
 	if [ "${proto}" = "dhcp" ]; then
 		if [ ${req125_present} -eq 0 ]; then
-			[ -n "${reqopts}" ] && newreqopts="$reqopts 125" || newreqopts="125"
+			newreqopts="$reqopts 125"
 			uci -q set network."${wan}".reqopts="$newreqopts"
 		fi
 

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.4.3
+PKG_VERSION:=1.3.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=667866b8149d3df83a05536319eac02aee0b6d75
+PKG_SOURCE_VERSION:=3663ca4d001508509774115d6797b932f9ed4f69
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.10.12
+PKG_VERSION:=9.10.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=fc34f19ec5ab691b3d815a0d1d917903d310db75
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=c4b0fa4272ab44a8c78462d5cc8df6501acbeb55
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -84,7 +84,6 @@ define Package/icwmp/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
-	$(INSTALL_BIN) ./files/etc/uci-defaults/50-cwmp-align-keep-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/

icwmp/files/etc/config/cwmp

@@ -42,9 +42,7 @@ config cpe 'cpe'
 	option periodic_notify_interval '10'
 	option incoming_rule 'Port_Only'
 	option active_notif_throttle '0'
-	#option KeepConfig '1'
-	#option KeepOpConf '1'
-	#option ConfigScope 'UserOnly'
+	option fw_upgrade_keep_settings '1'
 	option clock_sync_timeout '128'
 	option disable_datatype_check '0'
 	#list allowed_cr_ip '10.5.1.0/24'

icwmp/files/etc/init.d/icwmpd

@@ -97,9 +97,7 @@ validate_cpe_section()
 		'periodic_notify_enable:bool' \
 		'enable:bool:1' \
 		'periodic_notify_interval:uinteger' \
-		'KeepConfig:bool' \
-		'KeepOpConf:bool' \
-		'ConfigScope:string'
+		'fw_upgrade_keep_settings:bool'
 }
 
 validate_defaults() {
@@ -170,21 +168,13 @@ start_service() {
 
 stop_service()
 {
-	local switch_bank KeepConfig KeepOpConf ConfigScope
+	local switch_bank
 
 	copy_cwmp_varstate_files_to_etc
+	
 	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
-	if [ "$switch_bank" = "1" ] && [ -x /etc/sysmngr/fwbank ]; then
-		KeepConfig="$(uci -q get cwmp.cpe.KeepConfig)"
-		KeepOpConf="$(uci -q get cwmp.cpe.KeepOpConf)"
-		ConfigScope="$(uci -q get cwmp.cpe.ConfigScope)"
-
-		json_init
-		[ -n "${KeepConfig}" ] && json_add_boolean "keep_config" "${KeepConfig}"
-		[ -n "${KeepOpConf}" ] && json_add_boolean "keep_opconf" "${KeepOpConf}"
-		[ -n "${ConfigScope}" ] && json_add_string "config_scope" "${ConfigScope}"
-
-		json_dump| /etc/sysmngr/fwbank call copy_config
+	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
+		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
 	fi
 }
 

icwmp/files/etc/uci-defaults/50-cwmp-align-keep-config

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-keep_settings="$(uci -q get cwmp.cpe.fw_upgrade_keep_settings)"
-if [ -n "${keep_settings}" ]; then
-	uci -q delete cwmp.cpe.fw_upgrade_keep_settings
-	uci -q set cwmp.cpe.KeepConfig="${keep_settings}"
-fi

icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user

@@ -77,7 +77,6 @@ get_opt43() {
 config_load cwmp
 config_get wan_intf cpe default_wan_interface "wan"
 config_get dhcp_discovery acs dhcp_discovery "0"
-config_get_bool insecure_enable acs insecure_enable "0"
 config_get dhcp_url acs dhcp_url ""
 config_get min_wait_intvl acs dhcp_retry_min_wait_interval "0"
 config_get intvl_multi acs dhcp_retry_interval_multiplier "0"
@@ -103,17 +102,6 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		return 0
 	fi
 
-	if [ "${insecure_enable}" -eq "0" ]; then
-		case $DHCP_ACS_URL in
-		https://*)
-			log "ACS url $DHCP_ACS_URL has https"
-			;;
-		*)
-			return 0
-			;;
-		esac
-	fi
-
 	sec=$(uci -q get cwmp.acs)
 
 	if [ -z "${sec}" ]; then

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.44
+PKG_VERSION:=8.7.37
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=29ba8f04dc6bd7e77683352c0c71988f51fbadf8
+PKG_SOURCE_VERSION:=c711e1e132478d6443ffb5aad15d12b90f0d59b5
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

imonitor/Makefile

@@ -13,7 +13,7 @@ PKG_INSTALL:=1
 PKG_SOURCE_PROTO=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/imonitor.git
 PKG_SOURCE_VERSION:=4beb1d5d6925507f1850a84c0b83aaf12a082f7f
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 PKG_SOURCE_SUBDIR:=${PKG_NAME}-${PKG_VERSION}
 PKG_INSTALL:=1

iopsys-analytics/Makefile

@@ -4,7 +4,7 @@ PKG_NAME:=iopsys-analytics
 PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=PROPRIETARY
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5ad41ca8eb5de887487feb7148b5dce44943218c
+PKG_SOURCE_VERSION:=25e32ac5a860aec6e53e3449565b71595073e014
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/iopsys-analytics.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -34,9 +34,6 @@ define Package/$(PKG_NAME)
     +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
     +PACKAGE_fluent-bit:logrotate                       \
     +@DMCLI_REMOTE_CONNECTION
-  # tools used in development/testing
-  DEPENDS+=                                             \
-    +iperf3
 
 endef
 

ipt-trigger/Makefile

@@ -14,7 +14,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=ac1beae4794f99533b28db7d0e6e80f4c268a3e8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ipt-trigger.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.3
+PKG_VERSION:=2.1.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=fdfe23e51ff77ca6d2661ad6208d097758524147
+PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libeasy/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.5.1
+PKG_VERSION:=7.5.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b981f7e1bd51f66041cd0c25d15af74ae1e3bc75
+PKG_SOURCE_VERSION:=18f93677bb4d33ebb6249324a5043294f0eae16c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libeasy.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libpicoevent-bcm/Makefile

@@ -17,7 +17,7 @@ PKG_NAME:=libpicoevent-bcm
 PKG_LICENSE:=LGPL-2.1-only
 PKG_LICENSE_FILES:=LICENSE
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 
 include $(INCLUDE_DIR)/package.mk

libpicoevent/Makefile

@@ -17,7 +17,7 @@ PKG_NAME:=libpicoevent
 PKG_LICENSE:=LGPL-2.1-only
 PKG_LICENSE_FILES:=LICENSE
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 
 include $(INCLUDE_DIR)/package.mk

libqos/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libqos
-PKG_VERSION:=7.2.111
+PKG_VERSION:=7.2.109
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libqos.git
-PKG_SOURCE_VERSION:=2e4c6a9c27e0f4f68dfe7a5c930afefd8dc7119a
+PKG_SOURCE_VERSION:=4948d372c3d7e43a0ba9aee517dbb83b94bba3dc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
@@ -65,7 +65,7 @@ define Package/libqos
   SUBMENU:=IOPSYS HAL libs
   MENU:=1
   TITLE:= QoS library (libqos)
-  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_brcmbca:bcm963xx-bsp +TARGET_airoha:libuci
+  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_brcmbca:bcm963xx-bsp
 endef
 
 define Package/libqos/config

libtrace/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/apietila/libtrace.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_VERSION:=e4b4c5cce35a52da152776a00532aa0b80879c5b
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.1.7
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,8 +17,8 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=9763c574ec69e2aa492db4f1296d4bcd53776fba
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=3a30086a68a3409f0396acb01380f91daabf7a2f
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha

@@ -25,5 +25,6 @@ db commit
 # configure the PCM for DECT/DCX81
 [ -f "/proc/device-tree/aliases/dcx81-uart" ] && {
     uci set dect.global.pcm_fsync='SHORT_LF'
+    uci set dect.global.pcm_slot_start='8'
     uci set dect.global.dect_channel_start='3'
 }

libvoice-broadcom/Makefile

@@ -18,7 +18,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
 PKG_SOURCE_VERSION:=baf5ebfb45404714bbfcc3068080f93265934d8a
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

libvoice-d2/Makefile

@@ -18,7 +18,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
 PKG_SOURCE_VERSION:=0b2bef862fb5aea0b285e339459f46779224e2d0
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

libwifi/Makefile

@@ -1,32 +1,28 @@
 #
-# Copyright (C) 2019-2024 Iopsys
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 Iopsys
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.22.11
+PKG_VERSION:=7.14.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=6572047d613d4dc88ed83a80fb4ae0798ab71078
-PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libwifi.git
+PKG_SOURCE_VERSION:=b4b8f524a93d03fd1f89d4c32b8eaca90d9ccc1a
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
+PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=LGPL-2.1-only
-PKG_LICENSE_FILES:=
-PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
-
-MAKE_VERBOSE := 1
+PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/kernel.mk
-include $(INCLUDE_DIR)/cmake.mk
 
 ifeq ($(CONFIG_TARGET_brcmbca),y)
   TARGET_PLATFORM=BROADCOM
@@ -53,14 +49,8 @@ else ifeq ($(CONFIG_TARGET_airoha),y)
   endif
 else ifeq ($(CONFIG_TARGET_mediatek),y)
   TARGET_PLATFORM=MEDIATEK
-  TARGET_WIFI_TYPE=MAC80211
-  ifeq ($(CONFIG_TARGET_DEVICE_mediatek_filogic_DEVICE_cx750),y)
-    TARGET_WIFI_TYPE=MEDIATEK
-    TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
-  else ifeq ($(CONFIG_TARGET_DEVICE_mediatek_filogic_DEVICE_mediatek_mt7987a-spim-nand-an8801sb),y)
-    TARGET_WIFI_TYPE=MEDIATEK
-    TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
-  endif
+  TARGET_WIFI_TYPE=MEDIATEK
+  TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
 else ifeq ($(CONFIG_TARGET_ipq95xx),y)
   TARGET_PLATFORM=IPQ95XX
   TARGET_WIFI_TYPE=QUALCOMM
@@ -76,13 +66,13 @@ else
 endif
 
 ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
-  TARGET_CFLAGS +=-DMT7915_VENDOR_EXT
+  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
 endif
 
 PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523
 
 ifneq ($(CONFIG_PACKAGE_libwifi),)
-  CMAKE_OPTIONS +=-DHAS_WIFI=ON
+TARGET_CFLAGS +=-DHAS_WIFI
 endif
 
 ifeq ($(CONFIG_LIBWIFI_USE_CTRL_IFACE),y)
@@ -93,8 +83,18 @@ ifeq ($(CONFIG_LIBWIFI_SKIP_PROBES),y)
   TARGET_CFLAGS +=-DLIBWIFI_BRCM_SKIP_PROBES
 endif
 
+TARGET_CFLAGS += \
+	-I$(STAGING_DIR)/usr/include \
+	-I$(STAGING_DIR)/usr/include/openssl \
+	-I$(STAGING_DIR)/usr/include/libnl3
 
-CMAKE_OPTIONS += -DPLATFORM=$(TARGET_PLATFORM) -DWIFI_TYPE=$(TARGET_WIFI_TYPE)
+MAKE_FLAGS += \
+	CFLAGS="$(TARGET_CFLAGS) -Wall -I./" \
+	LDFLAGS="$(TARGET_LDFLAGS)" \
+	FPIC="$(FPIC)" \
+	PLATFORM="$(TARGET_PLATFORM)" \
+	WIFI_TYPE="$(TARGET_WIFI_TYPE)" \
+	subdirs="$(subdirs)"
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -102,39 +102,43 @@ define Build/Prepare
 endef
 endif
 
-define Package/libwifiutils
-	SECTION:=libs
-	CATEGORY:=Libraries
-	TITLE:= WiFi utility library (libwifiutils.so)
-	DEPENDS+=+libnl +libnl-route +libeasy +libopenssl
-endef
-
-define Package/libwifiutils/description
-	Library provides WiFi utility functions
-endef
-
-define Package/libwifi
-	SECTION:=libs
-	CATEGORY:=Libraries
-	TITLE:= WiFi HAL library (libwifi-7.so.m)
-	DEPENDS+=+libnl +libnl-route +libeasy +libwifiutils +TARGET_brcmbca:bcm963xx-bsp
+define Package/libwifi-common
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=libwifi
+  SUBMENU:=IOPSYS HAL libs
+  DEPENDS:=+libopenssl
+  MENU:=1
 endef
 
 define Package/libwifi/description
-	Library provides WiFi HAL APIs
+  Library provides WiFi HAL APIs and WiFi common utility functions
+endef
+
+define Package/libwifiutils
+  $(call Package/libwifi-common)
+  TITLE:= WiFi utility library (libwifiutils.so)
+  DEPENDS+=+libnl +libnl-route +libeasy
 endef
 
 define Build/InstallDev/libwifiutils
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/wifidefs.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/wifiutils.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/libwifiutils*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/wifidefs.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/wifiutils.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libwifiutils*.so* $(1)/usr/lib/
 endef
 
 define Package/libwifiutils/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifiutils/libwifiutils*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/libwifiutils*.so* $(1)/usr/lib/
+endef
+
+
+define Package/libwifi
+  $(call Package/libwifi-common)
+  TITLE:= WiFi library (libwifi)
+  DEPENDS+=+libnl +libnl-route +libeasy +libwifiutils +TARGET_brcmbca:bcm963xx-bsp
 endef
 
 define Package/libwifi/config
@@ -155,12 +159,13 @@ define Package/libwifi/config
   endif
 endef
 
+
 define Build/InstallDev/libwifi
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifi/wifiops.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifi/wifi.h $(1)/usr/include/
-	$(CP) $(PKG_BUILD_DIR)/libwifi/libwifi-7*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/wifiops.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/wifi.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libwifi-7*.so* $(1)/usr/lib/
 endef
 
 
@@ -173,7 +178,7 @@ endef
 
 define Package/libwifi/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/libwifi/libwifi-7*.so* $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/libwifi-7*.so* $(1)/usr/lib/
 endef
 
 $(eval $(call BuildPackage,libwifiutils))

logmngr/Makefile

@@ -12,7 +12,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
 PKG_SOURCE_VERSION:=62441fdfe14a39bff8fff7c62307bd7b54d7240f
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 
@@ -65,10 +65,8 @@ define Package/logmngr/install
 	$(INSTALL_DIR) $(1)/lib/logmngr
 ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
 	$(INSTALL_DIR) $(1)/sbin
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp/
 	$(INSTALL_BIN) ./files/logread $(1)/sbin/
 	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
-	$(INSTALL_BIN) ./files/etc/hotplug.d/ntp/20-reload_fluent_bit $(1)/etc/hotplug.d/ntp/
 else ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif

logmngr/files/etc/config/logmngr

@@ -8,7 +8,7 @@ config source 'default_source'
 
 config template 'default_template'
 	option name 'default_template'
-	option expression '{time} {hostname} {ident}[{pid}]: {message}'
+	option expression '{time} {hostname} {ident}: {message}'
 
 config action 'default_action'
 	option name 'default_action'

logmngr/files/etc/hotplug.d/ntp/20-reload_fluent_bit

@@ -1,14 +0,0 @@
-#!/bin/sh
-# This hotplug script reloads fluent-bit, so that kmsg logs' timestamp gets in sync
-
-[ "$ACTION" = stratum ] || exit 0
-
-# only once
-if ! uci -q get time.global.first_use_date > /dev/null 2>&1; then
-	flb_pid="$(pidof fluent-bit)"
-
-	if [ -n "$flb_pid" ]; then
-		logger -t "logmngr.hotplug" -p info "reload fluent-bit due to ntp sync"
-		kill -SIGHUP "$flb_pid"
-	fi
-fi

logmngr/files/etc/init.d/logmngr

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=09
+START=12
 
 USE_PROCD=1
 

logmngr/files/etc/uci-defaults/10-logmngr_config_migrate

@@ -11,7 +11,7 @@ fi
 if ! uci -q get logmngr.default_template > /dev/null; then
 	uci -q set logmngr.default_template=template
 	uci -q set logmngr.default_template.name='default_template'
-	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}[{pid}]: {message}'
+	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}: {message}'
 fi
 
 if uci -q get logmngr.a1 >/dev/null; then

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -63,7 +63,7 @@ create_service_section() {
 	append_conf "    flush        1"
 	append_conf "    daemon       off"
 	append_conf "    log_level    info"
-	append_conf "    coro_stack_size    1048576"
+	append_conf "    coro_stack_size    24576"
 	append_conf "    parsers_file /etc/fluent-bit/parsers.conf"
 	append_conf "    hot_reload        on"
 	append_conf ""
@@ -77,12 +77,6 @@ create_default_filters() {
 	append_conf "    rename          msg     message"
 	append_conf ""
 
-	append_conf "[FILTER]"
-	append_conf "    name            modify"
-	append_conf "    match           *"
-	append_conf "    add             pid     0"
-	append_conf ""
-
 	append_conf "[FILTER]"
 	append_conf "    name            sysinfo"
 	append_conf "    match           *"
@@ -100,7 +94,6 @@ create_input_section() {
 
 	append_conf "[INPUT]"
 	append_conf "    name        syslog"
-	append_conf "    unix_perm   0666"
 	append_conf "    tag         $tag"
 	append_conf "    path        /dev/log"
 	append_conf ""

loop-detector/Makefile

@@ -13,7 +13,7 @@ PKG_SOURCE_VERSION:=d0fb770eacd6691b98df138b60f5116e02f71a9b
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/loop-detector
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

map-agent/Config.in

@@ -55,10 +55,6 @@ config AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST
 config AGENT_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config AGENT_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping. Depends on libztdpp.so"
-	default n
-
 config AGENT_CHECK_PARTIAL_WIFI_RELOAD
 	bool "Option that allow SSID/PSK simple reload"
 	default y

map-agent/Makefile

@@ -1,14 +1,13 @@
 #
-# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.5.0.10
+PKG_VERSION:=6.4.1.11
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=1a9763bd4e520975e6951f77e85f369487cf1318
+PKG_SOURCE_VERSION:=671bb0e693adbeb3e06b967350ce7f96ee91321b
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -27,7 +26,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-agent
   SECTION:=utils
   CATEGORY:=Utilities
-  TITLE:=Wi-Fi Multi-AP Agent (EasyMesh R6)
+  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
   DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
 	   +ieee1905-map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp \
 	   +uuidgen +openssl-util +!TARGET_brcmbca:ebtables-legacy \
@@ -38,12 +37,8 @@ ifeq ($(CONFIG_AGENT_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-ifeq ($(CONFIG_AGENT_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
-
 define Package/map-agent/description
-  This package provides EasyMesh R6 compliant Wi-Fi Multi-AP Agent.
+ This package implements EasyMesh R2 compliant WiFi Agent.
 endef
 
 define Package/map-agent/config

map-agent/files/etc/init.d/mapagent

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=97
+START=98
 STOP=20
 
 USE_PROCD=1

map-agent/files/lib/multiap/map_genconfig

@@ -49,16 +49,19 @@ generate_multiap_config() {
 			2g)
 				mode_band=2
 				priority=2
+				dpp_chan="81/1"
 				channels="1 6 11"
 			;;
 			5g)
 				mode_band=5
 				priority=1
+				dpp_chan="128/36"
 				channels="36-64 100-112"
 			;;
 			6g)
 				mode_band=6
 				priority=0
+				dpp_chan="133/49"
 			;;
 		esac
 
@@ -70,8 +73,7 @@ generate_multiap_config() {
 
 		ifprefix_radio=""
 		if is_logan; then
-			uci set mapagent.agent.mld_ap_prefix="bss"
-			uci set mapagent.agent.mld_sta_prefix="sta"
+			uci set mapagent.agent.mld_prefix="bss"
 			ifname_sta=""
 			case "$band" in
 				2g)
@@ -160,17 +162,13 @@ generate_multiap_config() {
 				uci set mapagent.@bsta[-1].band="$mode_band"
 				uci set mapagent.@bsta[-1].priority="$priority"
 
-				# add dpp_chirp section for 2.4GHz bSTA
-				if [ $mode_band -eq 2 ]; then
-					uci add mapagent dpp_chirp
-					uci set mapagent.@dpp_chirp[-1].type="qrcode"
-					uci set mapagent.@dpp_chirp[-1].device="$device"
-					uci set mapagent.@dpp_chirp[-1].ifname="$ifname"
-					uci set mapagent.@dpp_chirp[-1].band="$mode_band"
-					for channel in $channels; do
-						uci add_list mapagent.@dpp_chirp[-1].channel="$channel"
-					done
-				fi
+				#uci add mapagent dpp_uri
+				#uci set mapagent.@dpp_uri[-1].type="qrcode"
+				#uci set mapagent.@dpp_uri[-1].device="$device"
+				#uci set mapagent.@dpp_uri[-1].ifname="$ifname"
+				#uci set mapagent.@dpp_uri[-1].band="$mode_band"
+				#uci set mapagent.@dpp_uri[-1].chirp_interval="10"
+				#uci add_list mapagent.@dpp_uri[-1].dpp_chan="$dpp_chan"
 
 				if [ $generate_wireless_sta_config -eq 1 ]; then
 					secname="default_sta_${device}"

map-controller/Config.in

@@ -39,10 +39,6 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config CONTROLLER_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping via passphrase."
-	default n
-
 config CONTROLLER_PROPAGATE_PROBE_REQ
 	depends on CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable publishing probe requests vendor specific messages as UBUS events"

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.5.0
+PKG_VERSION:=6.4.2.6
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=f335cf5bfdf700843173fcdd5d61d1900cc0aa8a
+PKG_SOURCE_VERSION:=5e93ea36c4fb93dd473b233b098ecacf6395a20c
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -36,9 +36,6 @@ ifeq ($(CONFIG_CONTROLLER_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-ifeq ($(CONFIG_CONTROLLER_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
 
 define Package/map-controller/description
  This package provides WiFi MultiAP Controller as per the EasyMesh-R2 specs.
@@ -84,7 +81,6 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands_impl.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_apis.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_plugin.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/wifi_opclass.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/steer_module.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/timer.h $(1)/usr/include/map-controller

map-controller/files/etc/config/mapcontroller

@@ -4,16 +4,16 @@ config controller 'controller'
 	option registrar '2 5 6'
 	option debug '2'
 	option bcn_metrics_max_num '10'
+	option initial_channel_scan '0'
 	option enable_ts '0'
 	option primary_vid '1'
 	option primary_pcp '0'
 	option stale_sta_timeout '20d'
 	option de_collect_interval '60'
-	list plugin 'zerotouch'
 
-config sta_steering 'sta_steering'
+config sta_steering
 	option enable_sta_steer '1'
-	option enable_bsta_steer '1'
+	option enable_bsta_steer '0'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'
@@ -23,10 +23,8 @@ config sta_steering 'sta_steering'
 	option plugins_enabled '1'
 	option plugins_policy 'any'
 	list plugins 'rcpi'
-	list plugins 'rate'
-	list plugins 'bsteer'
 
-config channel_plan 'channel_plan'
+config channel_plan
 	option preclear_dfs '0'
 	option acs '0'
 

map-controller/files/etc/init.d/mapcontroller

@@ -20,6 +20,7 @@ validate_controller_section() {
 		'registrar:string' \
 		'debug:range(0,16)' \
 		'bcn_metrics_max_num:range(1,256)' \
+		'initial_channel_scan:bool:true' \
 		'resend_num:uinteger:0' \
 		'allow_bgdfs:range(0,2629744)' \
 		'stale_sta_timeout:string' \

map-controller/files/etc/uci-defaults/99-mapcntlr-add-qos-rule-id

@@ -1,66 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-cfg="mapcontroller"
-config_load "$cfg"
-
-used_ids=""
-
-collect_used_ids() {
-	local section="$1"
-	local id
-
-	id=$(uci -q get ${cfg}.${section}.id)
-	if [ -n "$id" ] && printf "%s" "$id" | grep -qE '^[0-9]+$'; then
-		used_ids="$used_ids $id"
-	fi
-}
-
-# Find first available ID from 0 to INT32_MAX
-find_first_available_id() {
-	local max_int=2147483647
-	local expected=0
-	local id
-
-	# Convert list to sorted unique list
-	sorted_ids=$(printf "%s\n" $used_ids | sort -n | uniq)
-
-	for id in $sorted_ids; do
-		if [ "$id" -eq "$expected" ]; then
-			expected=$((expected + 1))
-		elif [ "$id" -gt "$expected" ]; then
-			# Found a gap -> return the gap
-			echo "$expected"
-			return
-		fi
-	done
-
-	# If no gaps, next available is `expected`
-	if [ "$expected" -le "$max_int" ]; then
-		echo "$expected"
-	else
-		echo -1
-	fi
-}
-
-# Assign ID if missing
-add_qos_rule_id() {
-	local section="$1"
-	local id
-
-	id=$(uci -q get ${cfg}.${section}.id)
-	if [ -z "$id" ]; then
-		new_id=$(find_first_available_id)
-		[ "$new_id" -ge 0 ] || return # No available ID
-		uci -q set ${cfg}.${section}.id="$new_id"
-
-		used_ids="$used_ids $new_id"
-	fi
-}
-
-# Step 1: Collect all existing IDs
-config_foreach collect_used_ids qos_rule
-
-# Step 2: Assign IDs to rules missing them
-config_foreach add_qos_rule_id qos_rule

map-controller/files/etc/uci-defaults/99-mapcntlr-uci-rename-singletons

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-cfg=mapcontroller
-
-# singleton sections
-sections="channel_plan sta_steering"
-
-for sec in $sections; do
-    # find unnamed section of given type, only index 0
-    s=$(uci show $cfg | grep -oE "@${sec}\[0\]" | sort -u)
-    [ "$s" = "" ] && continue
-
-    uci rename $cfg.$s=$sec
-done

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=1.2.7
+PKG_VERSION:=1.0.31
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=dd873ca4e2cb321302dae1955da24d1be271b2b1
+PKG_SOURCE_VERSION:=565cade8fe08807b345404c567243fbdfdcb96c8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -27,18 +27,12 @@ include $(INCLUDE_DIR)/package.mk
 
 include $(wildcard plugins/*.mk)
 
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
-
 MAKE_FLAGS += \
 	CFLAGS="$(TARGET_CFLAGS) -Wall"
 
 plugins := \
 	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)   \
-	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer) \
-	$(if $(CONFIG_PACKAGE_map-plugins-zero-touch),zero-touch)
+	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer)
 
 ppkg:=$(patsubst plugins/%.mk,map-plugins-%,$(wildcard plugins/*.mk))
 
@@ -59,8 +53,7 @@ define Package/map-plugins
 endef
 
 define Package/map-plugins/description
-	Provides extra Multi-AP services viz. steering, channel-planning,
-	self-organizing network, zero-touch onboarding etc.
+	Provides extra Multi-AP services viz. steering, channel-planning, self-organizing network etc.
 endef
 
 define Package/map-plugins/install
@@ -71,11 +64,5 @@ define Build/Compile
 	$(foreach p,$(plugins),$(call Build/Compile/map-plugins-$(p), $(1)))
 endef
 
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        rsync -r --exclude=.* ~/git/map-plugins/ $(PKG_BUILD_DIR)/
-endef
-endif
-
 $(eval $(call BuildPackage,map-plugins))
 $(eval $(foreach p,$(ppkg),$(call BuildPackage,$(p))))

map-plugins/plugins/zero-touch.mk

@@ -1,22 +0,0 @@
-define Package/map-plugins-zero-touch
-	$(call Package/map-plugins/Default)
-	TITLE:=Full Zero-touch bootstrapping of Wi-Fi Repeater device(s)
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-zero-touch/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/zerotouch.so $(1)/usr/lib/mapcontroller/zerotouch.so
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/libztdpp.so $(1)/usr/lib/libztdpp.so
-
-endef
-
-define Build/Compile/map-plugins-zero-touch
-	$(MAKE) -C $(PKG_BUILD_DIR)/zero-touch \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

mcastmngr/Makefile

@@ -14,7 +14,7 @@ ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/mcastmngr.git
 PKG_SOURCE_VERSION:=17d73b8f1947823a0d32ed589a240a2642904fe1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

mosquitto-auth-plugin/src/mosquitto_auth_plugin.c

@@ -1,670 +0,0 @@
-/*
- * Copyright (c) 2022 Genexis B.V.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- *   Erik Karlsson - initial implementation
- */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <string.h>
-#include <shadow.h>
-#include <crypt.h>
-#include <stdlib.h>
-#include <arpa/inet.h>
-#include <mosquitto.h>
-#include <mosquitto_broker.h>
-#include <mosquitto_plugin.h>
-
-#ifdef ENABLE_PAM_SUPPORT
-#include <security/pam_appl.h>
-#endif
-
-#define MAX_USERS 256
-#define MAX_SUBNETS_PER_USER 32
-
-typedef struct {
-	union {
-		uint32_t ipv4_network;
-		uint8_t ipv6_network[16];
-	};
-	union {
-		uint32_t ipv4_netmask;
-		uint8_t ipv6_netmask[16];
-	};
-	int is_ipv6;
-} subnet_t;
-
-typedef struct {
-	char username[64];
-	subnet_t allow_subnets[MAX_SUBNETS_PER_USER];
-	int allow_count;
-	subnet_t deny_subnets[MAX_SUBNETS_PER_USER];
-	int deny_count;
-} user_acl_t;
-
-typedef struct {
-	user_acl_t users[MAX_USERS];
-	int user_count;
-	mosquitto_plugin_id_t *identifier;
-	char *config_file;
-} plugin_data_t;
-
-/* Parse CIDR notation for IPv4 or IPv6 (e.g., "192.168.1.0/24" or "2001:db8::/32") */
-static int parse_subnet(const char *cidr, subnet_t *subnet)
-{
-	char ip_str[128];
-	char *slash;
-	int prefix_len;
-	struct in_addr addr4;
-	struct in6_addr addr6;
-
-	strncpy(ip_str, cidr, sizeof(ip_str) - 1);
-	ip_str[sizeof(ip_str) - 1] = '\0';
-
-	slash = strchr(ip_str, '/');
-	if (slash != NULL) {
-		*slash = '\0';
-		prefix_len = atoi(slash + 1);
-	}
-
-	/* Try IPv4 first */
-	if (inet_pton(AF_INET, ip_str, &addr4) == 1) {
-		subnet->is_ipv6 = 0;
-		if (slash == NULL)
-			prefix_len = 32;
-		if (prefix_len < 0 || prefix_len > 32)
-			return -1;
-
-		subnet->ipv4_network = ntohl(addr4.s_addr);
-		subnet->ipv4_netmask = prefix_len == 0 ? 0 : (~0U << (32 - prefix_len));
-		subnet->ipv4_network &= subnet->ipv4_netmask;
-		return 0;
-	}
-
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, ip_str, &addr6) == 1) {
-		subnet->is_ipv6 = 1;
-		if (slash == NULL)
-			prefix_len = 128;
-		if (prefix_len < 0 || prefix_len > 128)
-			return -1;
-
-		/* Copy network address */
-		memcpy(subnet->ipv6_network, addr6.s6_addr, 16);
-
-		/* Generate netmask */
-		memset(subnet->ipv6_netmask, 0, 16);
-		for (int i = 0; i < prefix_len / 8; i++)
-			subnet->ipv6_netmask[i] = 0xff;
-		if (prefix_len % 8)
-			subnet->ipv6_netmask[prefix_len / 8] = ~((1 << (8 - (prefix_len % 8))) - 1);
-
-		/* Apply netmask to network address */
-		for (int i = 0; i < 16; i++)
-			subnet->ipv6_network[i] &= subnet->ipv6_netmask[i];
-
-		return 0;
-	}
-
-	return -1;
-}
-
-/* Check if IPv4 address is in subnet */
-static int ipv4_in_subnet(uint32_t ip, const subnet_t *subnet)
-{
-	if (subnet->is_ipv6)
-		return 0;
-	return (ip & subnet->ipv4_netmask) == subnet->ipv4_network;
-}
-
-/* Check if IPv6 address is in subnet */
-static int ipv6_in_subnet(const uint8_t *ip, const subnet_t *subnet)
-{
-	if (!subnet->is_ipv6)
-		return 0;
-	for (int i = 0; i < 16; i++) {
-		if ((ip[i] & subnet->ipv6_netmask[i]) != subnet->ipv6_network[i])
-			return 0;
-	}
-	return 1;
-}
-
-/* Check if IP is in any subnet in the list */
-static int ip_in_subnet_list(const char *client_address, const subnet_t *subnets, int count)
-{
-	struct in_addr addr4;
-	struct in6_addr addr6;
-	uint32_t ipv4;
-
-	/* Try IPv4 */
-	if (inet_pton(AF_INET, client_address, &addr4) == 1) {
-		ipv4 = ntohl(addr4.s_addr);
-		for (int i = 0; i < count; i++) {
-			if (ipv4_in_subnet(ipv4, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	/* Try IPv6 */
-	if (inet_pton(AF_INET6, client_address, &addr6) == 1) {
-		for (int i = 0; i < count; i++) {
-			if (ipv6_in_subnet(addr6.s6_addr, &subnets[i]))
-				return 1;
-		}
-		return 0;
-	}
-
-	return 0;
-}
-
-/* Find or create user ACL entry */
-static user_acl_t* find_or_create_user_acl(plugin_data_t *pdata, const char *username)
-{
-	user_acl_t *user;
-
-	/* Find existing user */
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
-
-	/* Create new user if not found */
-	if (pdata->user_count >= MAX_USERS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Max users exceeded");
-		return NULL;
-	}
-
-	user = &pdata->users[pdata->user_count];
-	strncpy(user->username, username, sizeof(user->username) - 1);
-	user->username[sizeof(user->username) - 1] = '\0';
-	user->allow_count = 0;
-	user->deny_count = 0;
-	pdata->user_count++;
-
-	return user;
-}
-
-/* Parse subnet ACL file with simplified format
- * Format:
- * # Comment lines
- * subnet allow <username> <cidr>
- * subnet deny <username> <cidr>
- */
-static int load_subnet_acl_config(plugin_data_t *pdata, const char *config_file)
-{
-	FILE *fp;
-	char line[512];
-	int line_num = 0;
-
-	/* Initialize user count */
-	pdata->user_count = 0;
-
-	/* Config file is optional - if not provided, no subnet filtering */
-	if (config_file == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_INFO,
-			"subnet_acl: No subnet ACL file specified, subnet filtering disabled");
-		return 0;
-	}
-
-	/* If config file is specified but cannot be opened, this is a fatal error */
-	fp = fopen(config_file, "r");
-	if (fp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to open subnet ACL file '%s'", config_file);
-		return -1;
-	}
-
-	while (fgets(line, sizeof(line), fp) != NULL) {
-		char *token, *saveptr;
-		char *action, *username, *cidr;
-		user_acl_t *user;
-		subnet_t subnet;
-
-		line_num++;
-
-		/* Remove newline and comments */
-		line[strcspn(line, "\r\n")] = '\0';
-		char *comment = strchr(line, '#');
-		if (comment)
-			*comment = '\0';
-
-		/* Trim leading whitespace */
-		char *line_start = line;
-		while (*line_start == ' ' || *line_start == '\t')
-			line_start++;
-
-		/* Skip empty lines */
-		if (*line_start == '\0')
-			continue;
-
-		/* Parse: subnet allow|deny <username> <cidr> */
-		token = strtok_r(line_start, " \t", &saveptr);
-		if (token == NULL)
-			continue;
-
-		/* Must start with "subnet" */
-		if (strcmp(token, "subnet") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid directive '%s' at line %d (expected 'subnet')",
-				token, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get allow/deny */
-		action = strtok_r(NULL, " \t", &saveptr);
-		if (action == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing allow/deny at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		if (strcmp(action, "allow") != 0 && strcmp(action, "deny") != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid action '%s' at line %d (use 'allow' or 'deny')",
-				action, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get username */
-		username = strtok_r(NULL, " \t", &saveptr);
-		if (username == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing username at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Get CIDR */
-		cidr = strtok_r(NULL, " \t", &saveptr);
-		if (cidr == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Missing CIDR at line %d", line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Parse subnet */
-		if (parse_subnet(cidr, &subnet) != 0) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Invalid CIDR '%s' at line %d", cidr, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Find or create user */
-		user = find_or_create_user_acl(pdata, username);
-		if (user == NULL) {
-			mosquitto_log_printf(MOSQ_LOG_ERR,
-				"subnet_acl: Max users (%d) exceeded at line %d", MAX_USERS, line_num);
-			fclose(fp);
-			return -1;
-		}
-
-		/* Add to appropriate list */
-		if (strcmp(action, "allow") == 0) {
-			if (user->allow_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max allow subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->allow_subnets[user->allow_count] = subnet;
-			user->allow_count++;
-
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' allow subnet %s",
-				user->username, cidr);
-
-		} else { /* deny */
-			if (user->deny_count >= MAX_SUBNETS_PER_USER) {
-				mosquitto_log_printf(MOSQ_LOG_ERR,
-					"subnet_acl: Max deny subnets (%d) exceeded for user '%s' at line %d",
-					MAX_SUBNETS_PER_USER, user->username, line_num);
-				fclose(fp);
-				return -1;
-			}
-			user->deny_subnets[user->deny_count] = subnet;
-			user->deny_count++;
-
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' deny subnet %s",
-				user->username, cidr);
-		}
-	}
-
-	fclose(fp);
-
-	/* Log summary */
-	for (int i = 0; i < pdata->user_count; i++) {
-		user_acl_t *user = &pdata->users[i];
-		if (user->allow_count > 0 || user->deny_count > 0) {
-			mosquitto_log_printf(MOSQ_LOG_INFO,
-				"subnet_acl: User '%s' has %d allow and %d deny subnet rules",
-				user->username, user->allow_count, user->deny_count);
-		}
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Loaded subnet restrictions for %d user(s)", pdata->user_count);
-
-	return 0;
-}
-
-/* Find user ACL entry */
-static const user_acl_t* find_user_acl(const plugin_data_t *pdata, const char *username)
-{
-	for (int i = 0; i < pdata->user_count; i++) {
-		if (strcmp(pdata->users[i].username, username) == 0)
-			return &pdata->users[i];
-	}
-	return NULL;
-}
-
-/* Check subnet access on authentication (connection time)
- * Returns: MOSQ_ERR_SUCCESS if allowed, MOSQ_ERR_AUTH if denied
- */
-static int check_subnet_on_auth(plugin_data_t *pdata, struct mosquitto_evt_basic_auth *ed)
-{
-	const user_acl_t *user_acl;
-	const char *client_address;
-
-	/* Skip if no subnet config loaded */
-	if (pdata == NULL || pdata->user_count == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	/* Skip anonymous users */
-	if (ed->username == NULL)
-		return MOSQ_ERR_SUCCESS;
-
-	/* Find user's subnet ACL */
-	user_acl = find_user_acl(pdata, ed->username);
-
-	/* If user not in config or has no subnet rules, allow */
-	if (user_acl == NULL || (user_acl->allow_count == 0 && user_acl->deny_count == 0))
-		return MOSQ_ERR_SUCCESS;
-
-	/* Get client IP address */
-	client_address = mosquitto_client_address(ed->client);
-	if (client_address == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_WARNING,
-			"subnet_acl: Could not get client address for user '%s', denying connection",
-			ed->username);
-		return MOSQ_ERR_AUTH;
-	}
-
-	/* Check deny list first - deny takes precedence */
-	if (user_acl->deny_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->deny_subnets, user_acl->deny_count)) {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED by deny rule",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
-
-	/* If there are allow rules, IP must match one of them */
-	if (user_acl->allow_count > 0) {
-		if (ip_in_subnet_list(client_address, user_acl->allow_subnets, user_acl->allow_count)) {
-			mosquitto_log_printf(MOSQ_LOG_DEBUG,
-				"subnet_acl: User '%s' from %s allowed by allow rule",
-				ed->username, client_address);
-			return MOSQ_ERR_SUCCESS;
-		} else {
-			mosquitto_log_printf(MOSQ_LOG_NOTICE,
-				"subnet_acl: User '%s' from %s DENIED (not in allowed subnets)",
-				ed->username, client_address);
-			return MOSQ_ERR_AUTH;
-		}
-	}
-
-	/* No subnet rules for this user - allow */
-	return MOSQ_ERR_SUCCESS;
-}
-
-#ifdef ENABLE_PAM_SUPPORT
-static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
-{
-	int i;
-	const char *pass = (const char *)appdata_ptr;
-
-	*resp = calloc(num_msg, sizeof(struct pam_response));
-	if (*resp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
-		return PAM_BUF_ERR;
-	}
-
-	if (pass == NULL)
-		return PAM_SUCCESS;
-
-	for (i = 0; i < num_msg; ++i) {
-		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
-			(*resp)[i].resp = strdup(pass);
-			if ((*resp)[i].resp == NULL) {
-				for (int j = 0; j < i ; j++)
-					free((*resp)[j].resp);
-
-				free(*resp);
-				*resp = NULL;
-				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
-				return PAM_BUF_ERR;
-			}
-		}
-	}
-	return PAM_SUCCESS;
-}
-
-static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct pam_conv conv;
-	int retval;
-	pam_handle_t *pamh = NULL;
-
-	conv.conv = pam_conversation;
-	conv.appdata_ptr = (void *)ed->password;
-
-	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
-	if (retval != PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
-		return MOSQ_ERR_AUTH;
-	}
-
-	retval = pam_authenticate(pamh, 0);
-	pam_end(pamh, retval);
-	if (retval == PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
-		return MOSQ_ERR_SUCCESS;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
-	return MOSQ_ERR_AUTH;
-}
-#else
-static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
-}
-#endif
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-	plugin_data_t *pdata = userdata;
-	int auth_result;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-	/* First check username/password authentication */
-#ifdef ENABLE_PAM_SUPPORT
-	auth_result = process_pam_auth_callback(ed);
-#else
-	auth_result = process_shadow_auth_callback(ed);
-#endif
-
-	/* If authentication failed, reject immediately */
-	if (auth_result != MOSQ_ERR_SUCCESS)
-		return auth_result;
-
-	/* Authentication succeeded, now check subnet restrictions */
-	return check_subnet_on_auth(pdata, ed);
-}
-
-static int reload_callback(int event, void *event_data, void *userdata)
-{
-	plugin_data_t *pdata = userdata;
-
-	if (pdata == NULL)
-		return MOSQ_ERR_SUCCESS;
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Reloading subnet ACL configuration from '%s'",
-		pdata->config_file ? pdata->config_file : "(none)");
-
-	/* Reload subnet ACL configuration */
-	if (load_subnet_acl_config(pdata, pdata->config_file) != 0) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to reload subnet ACL configuration, keeping old config");
-		return MOSQ_ERR_UNKNOWN;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE,
-		"subnet_acl: Reload complete, now tracking %d user(s)", pdata->user_count);
-
-	return MOSQ_ERR_SUCCESS;
-}
-
-int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
-{
-	return 5;
-}
-
-int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
-{
-	plugin_data_t *pdata;
-	const char *config_file = NULL;
-	int rc;
-
-	/* Find subnet config file option */
-	for (int i = 0; i < opt_count; i++) {
-		if (strcmp(opts[i].key, "subnet_acl_file") == 0) {
-			config_file = opts[i].value;
-			break;
-		}
-	}
-
-	pdata = calloc(1, sizeof(plugin_data_t));
-	if (pdata == NULL)
-		return MOSQ_ERR_NOMEM;
-
-	pdata->identifier = identifier;
-
-	/* Store config file path for reload */
-	if (config_file != NULL) {
-		pdata->config_file = strdup(config_file);
-		if (pdata->config_file == NULL) {
-			free(pdata);
-			return MOSQ_ERR_NOMEM;
-		}
-	} else {
-		pdata->config_file = NULL;
-	}
-
-	/* Load subnet ACL configuration */
-	if (load_subnet_acl_config(pdata, config_file) != 0) {
-		free(pdata->config_file);
-		free(pdata);
-		return MOSQ_ERR_UNKNOWN;
-	}
-
-	/* Register authentication callback only - subnet check is done during auth */
-	rc = mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-	                                 basic_auth_callback, NULL, pdata);
-	if (rc != MOSQ_ERR_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to register authentication callback");
-		free(pdata->config_file);
-		free(pdata);
-		return rc;
-	}
-
-	/* Register reload callback to handle SIGHUP */
-	rc = mosquitto_callback_register(identifier, MOSQ_EVT_RELOAD,
-	                                 reload_callback, NULL, pdata);
-	if (rc != MOSQ_ERR_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR,
-			"subnet_acl: Failed to register reload callback");
-		mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
-		                              basic_auth_callback, NULL);
-		free(pdata->config_file);
-		free(pdata);
-		return rc;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_INFO,
-		"subnet_acl: Plugin initialized with %d user(s)", pdata->user_count);
-
-	/* Only assign user_data after all possible error paths */
-	*user_data = pdata;
-
-	return MOSQ_ERR_SUCCESS;
-}
-
-int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
-{
-	plugin_data_t *pdata = user_data;
-
-	if (pdata) {
-		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
-		                              basic_auth_callback, NULL);
-		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_RELOAD,
-		                              reload_callback, NULL);
-		free(pdata->config_file);
-		free(pdata);
-	}
-
-	return MOSQ_ERR_SUCCESS;
-}

mosquitto-auth-shadow/Config.in

@@ -1,4 +1,4 @@
-if PACKAGE_mosquitto-auth-plugin
+if PACKAGE_mosquitto-auth-shadow
 
 config MOSQUITTO_AUTH_PAM_SUPPORT
 	bool "Enable support of Linux PAM module for Authentication"

mosquitto-auth-shadow/Makefile

@@ -13,8 +13,8 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=mosquitto-auth-plugin
-PKG_VERSION:=1.2.1
+PKG_NAME:=mosquitto-auth-shadow
+PKG_VERSION:=1.1.0
 
 PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
 PKG_LICENSE:=EPL-2.0
@@ -24,7 +24,7 @@ PKG_CONFIG_DEPENDS:=CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/mosquitto-auth-plugin
+define Package/mosquitto-auth-shadow
   SECTION:=net
   CATEGORY:=Network
   TITLE:=mosquitto - /etc/shadow authentication plugin
@@ -32,12 +32,12 @@ define Package/mosquitto-auth-plugin
   USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
 endef
 
-define Package/mosquitto-auth-plugin/description
+define Package/mosquitto-auth-shadow/description
   Plugin for the mosquitto MQTT message broker that authenticates
   users using /etc/shadow
 endef
 
-define Package/mosquitto-auth-plugin/config
+define Package/mosquitto-auth-shadow/config
 	source "$(SOURCE)/Config.in"
 endef
 
@@ -45,10 +45,10 @@ ifeq ($(CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT),y)
 TARGET_CFLAGS+=-DENABLE_PAM_SUPPORT
 endif
 
-define Package/mosquitto-auth-plugin/install
+define Package/mosquitto-auth-shadow/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_plugin.so $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
 	$(CP) ./files/* $(1)/
 endef
 
-$(eval $(call BuildPackage,mosquitto-auth-plugin))
+$(eval $(call BuildPackage,mosquitto-auth-shadow))

mosquitto-auth-shadow/src/Makefile

@@ -11,14 +11,14 @@
 #   Erik Karlsson - initial implementation
 #
 
-TARGETS = mosquitto_auth_plugin.so
+TARGETS = mosquitto_auth_shadow.so
 
 all: $(TARGETS)
 
 %.pic.o: %.c
 	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
 
-mosquitto_auth_plugin.so: mosquitto_auth_plugin.pic.o
+mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
 	$(CC) $(LDFLAGS) -shared -o $@ $^ $(if $(filter -DENABLE_PAM_SUPPORT,$(CFLAGS)),-lpam)
 
 clean:

mosquitto-auth-shadow/src/mosquitto_auth_shadow.c

@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2022 Genexis B.V.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *   Erik Karlsson - initial implementation
+ */
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <shadow.h>
+#include <crypt.h>
+#include <stdlib.h>
+#include <mosquitto.h>
+#include <mosquitto_broker.h>
+#include <mosquitto_plugin.h>
+
+#ifdef ENABLE_PAM_SUPPORT
+#include <security/pam_appl.h>
+
+static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
+{
+	int i;
+	const char *pass = (const char *)appdata_ptr;
+
+	*resp = calloc(num_msg, sizeof(struct pam_response));
+	if (*resp == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
+		return PAM_BUF_ERR;
+	}
+
+	if (pass == NULL)
+		return PAM_SUCCESS;
+
+	for (i = 0; i < num_msg; ++i) {
+		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+			(*resp)[i].resp = strdup(pass);
+			if ((*resp)[i].resp == NULL) {
+				for (int j = 0; j < i ; j++)
+					free((*resp)[j].resp);
+
+				free(*resp);
+				*resp = NULL;
+				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
+				return PAM_BUF_ERR;
+			}
+		}
+	}
+	return PAM_SUCCESS;
+}
+
+static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct pam_conv conv;
+	int retval;
+	pam_handle_t *pamh = NULL;
+
+	conv.conv = pam_conversation;
+	conv.appdata_ptr = (void *)ed->password;
+
+	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
+	if (retval != PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
+		return MOSQ_ERR_AUTH;
+	}
+
+	retval = pam_authenticate(pamh, 0);
+	pam_end(pamh, retval);
+	if (retval == PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
+		return MOSQ_ERR_SUCCESS;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
+	return MOSQ_ERR_AUTH;
+}
+#else
+static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct spwd spbuf, *sp = NULL;
+	char buf[256];
+	struct crypt_data data;
+	char *hash;
+
+	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
+
+	if (sp == NULL || sp->sp_pwdp == NULL)
+		return MOSQ_ERR_AUTH;
+
+	/* Empty string as hash means password is not required */
+	if (sp->sp_pwdp[0] == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	if (ed->password == NULL)
+		return MOSQ_ERR_AUTH;
+
+	memset(&data, 0, sizeof(data));
+	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
+
+	if (hash == NULL)
+		return MOSQ_ERR_AUTH;
+
+	if (strcmp(hash, sp->sp_pwdp) == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	return MOSQ_ERR_AUTH;
+}
+#endif
+
+static int basic_auth_callback(int event, void *event_data, void *userdata)
+{
+	struct mosquitto_evt_basic_auth *ed = event_data;
+
+	/* Let other plugins or broker decide about anonymous login */
+	if (ed->username == NULL)
+		return MOSQ_ERR_PLUGIN_DEFER;
+
+#ifdef ENABLE_PAM_SUPPORT
+	return process_pam_auth_callback(ed);
+#else
+	return process_shadow_auth_callback(ed);
+#endif
+}
+
+int mosquitto_plugin_version(int supported_version_count,
+			     const int *supported_versions)
+{
+	return 5;
+}
+
+int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
+			  void **user_data,
+			  struct mosquitto_opt *opts, int opt_count)
+{
+	*user_data = identifier;
+
+	return mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
+					   basic_auth_callback, NULL, NULL);
+}
+
+int mosquitto_plugin_cleanup(void *user_data,
+			     struct mosquitto_opt *opts, int opt_count)
+{
+	mosquitto_plugin_id_t *identifier = user_data;
+
+	return mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
+					     basic_auth_callback, NULL);
+}

netmngr/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmngr
-PKG_VERSION:=1.2.4
+PKG_VERSION:=1.2.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=8240c6089cdd44f268db135920800b8fc1d65ca9
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
+PKG_SOURCE_VERSION:=ff08a8cc5c860056a022e5376a973dee5a323595
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.11
+PKG_VERSION:=1.1.7
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only

netmode/README.md

@@ -0,0 +1,109 @@
+# Creating Custom Netmodes in IOWRT
+
+This guide provides developers with detailed instructions on how to create and manage custom network modes (netmodes) in IOWRT. The `netmode` script allows for flexible network configuration, and developers can define their own modes by structuring the necessary files and scripts within the `/etc/netmodes/` directory.
+
+## Table of Contents
+1. [Overview of Netmodes](#overview-of-netmodes)
+2. [Directory Structure](#directory-structure)
+3. [Creating a Custom Netmode](#creating-a-custom-netmode)
+   - [Step 1: Pre-Execution Scripts](#step-1-pre-execution-scripts)
+   - [Step 2: UCI Configuration Files](#step-2-uci-configuration-files)
+   - [Step 3: Custom Execution Scripts](#step-3-custom-execution-scripts)
+   - [Step 4: Post-Execution Scripts](#step-4-post-execution-scripts)
+4. [Enabling and Switching Netmodes](#enabling-and-switching-netmodes)
+
+## Overview of Netmodes
+
+Netmodes in IOWRT provide a way to switch between different network configurations based on the needs of the environment. Developers can create custom netmodes by organizing scripts and configuration files in specific directories under `/etc/netmodes/<NETMODE_NAME>`.
+
+## Directory Structure
+
+A custom netmode is defined within the `/etc/netmodes/<NETMODE_NAME>` directory, which should contain the following subdirectories:
+
+- **/lib/netmode/pre/**: Generic scripts executed before the netmode-specific configurations are applied.
+- **/etc/netmodes/<NETMODE_NAME>/uci/**: Contains UCI configuration files that will be copied to `/etc/config/` during the application of the netmode.
+- **/etc/netmodes/<NETMODE_NAME>/scripts/**: Custom scripts specific to the netmode that are executed after the UCI configurations are applied.
+- **/lib/netmode/post/**: Generic scripts executed after the netmode-specific configurations are completed.
+
+## Creating a Custom Netmode
+
+To create a new netmode, follow these steps:
+
+### Step 1: Pre-Execution Scripts
+
+Scripts located in `/lib/netmode/pre/` are executed before any mode-specific actions. These are typically used for preparing the system or cleaning up configurations from the previous netmode.
+
+- **Create Pre-Execution Scripts**:
+  - Place your generic pre-execution scripts in `/lib/netmode/pre/`.
+  - Example script (`/lib/netmode/pre/cleanup.sh`):
+    ```bash
+    #!/bin/sh
+    echo "Cleaning up old network configurations..."
+    # Add commands here
+    ```
+
+### Step 2: UCI Configuration Files
+
+The UCI configuration files stored in `/etc/netmodes/<NETMODE_NAME>/uci/` will be copied to `/etc/config/`, effectively applying the desired network configuration.
+
+- **Place UCI Config Files**:
+  - Create UCI configuration files under `/etc/netmodes/<NETMODE_NAME>/uci/`.
+  - Example (`/etc/netmodes/bridge/uci/network`):
+````bash
+config device 'br_lan'
+        option name 'br-lan'
+        option type 'bridge'
+        option multicast_to_unicast '0'
+        option bridge_empty '1'
+        list ports 'eth1'
+        list ports 'eth3'
+        list ports 'eth4'
+
+config interface 'lan'
+        option proto 'dhcp'
+        option device 'br-lan'
+        option force_link '1'
+        option reqopts '43 125'
+````
+
+### Step 3: Custom Execution Scripts
+
+After the UCI files are applied, any scripts in `/etc/netmodes/<NETMODE_NAME>/scripts/` are executed. These can be used to perform additional configuration tasks that are specific to the netmode.
+
+- **Create Custom Scripts**:
+  - Add scripts to `/etc/netmodes/<NETMODE_NAME>/scripts/`.
+  - Example (`/etc/netmodes/bridge/scripts/setup_bridge.sh`):
+    ```bash
+    #!/bin/sh
+    echo "Setting up bridge mode..."
+    # Additional configuration commands here
+    ```
+
+### Step 4: Post-Execution Scripts
+
+Finally, the generic scripts in `/lib/netmode/post/` are executed. These scripts typically finalize the setup or perform any necessary cleanups.
+
+- **Create Post-Execution Scripts**:
+  - Place scripts in `/lib/netmode/post/`.
+  - Example script (`/lib/netmode/post/restart_services.sh`):
+    ```bash
+    #!/bin/sh
+    echo "Restarting network services..."
+    # Add commands here
+    ```
+
+## Enabling and Switching Netmodes
+
+The netmode mechanism can be enabled or disabled via the UCI configuration, and you can switch between netmodes using UCI commands.
+
+- **Enable Netmode**:
+  ```bash
+  uci set netmode.global.enabled=1
+  uci commit netmode
+    ```
+    
+- **Switch Netmode**:
+  ```bash
+  uci set netmode.global.mode='<NETMODE_NAME>'
+  uci commit netmode
+    ```

netmode/docs/ADVANCED_MODE_GUIDE.md

@@ -1,901 +0,0 @@
-# Advanced Mode - Complete Configuration Guide
-
-## Table of Contents
-1. [Overview](#overview)
-2. [Interface Types](#interface-types)
-3. [Configuration Examples](#configuration-examples)
-4. [Use Case Scenarios](#use-case-scenarios)
-5. [TR-069/USP Configuration](#tr-069usp-configuration)
-6. [Troubleshooting](#troubleshooting)
-
----
-
-## Overview
-
-The **advanced** mode is a unified, flexible network configuration mode for OpenWrt/iopsys routers. It provides a single, powerful interface for configuring:
-
-- **Bridge interfaces** with VLAN/QinQ support (traditional VLAN devices)
-- **Bridge VLAN filtering** (modern kernel bridge features - recommended)
-- **Routed interfaces** with VLAN/MACVLAN support
-- **Standalone interfaces** (direct VLAN without bridge)
-- **Mixed scenarios** (combine bridges and routed interfaces)
-
-### Key Features
-
-- ✅ Unified configuration syntax
-- ✅ Multiple interface types in one configuration
-- ✅ VLAN (802.1Q) and QinQ (802.1ad) support
-- ✅ Modern bridge VLAN filtering for better performance
-- ✅ MACVLAN support for multi-service routing
-- ✅ Per-interface port assignment
-- ✅ Flexible protocol configuration (DHCP, none, static)
-- ✅ UCI device name resolution (LAN1 → eth1)
-- ✅ Automatic reconfiguration on parameter changes
-
-### Configuration Parameters
-
-| Parameter | Description | Example |
-|-----------|-------------|---------|
-| `interface_names` | Comma-separated interface names | `wan,iptv,mgmt` |
-| `interface_types` | Comma-separated interface types | `bridge:transparent,brvlan:wan-tagged:1499,route:vlan:100,direct:200` |
-| `ports` | Comma-separated port assignments | `ALL,LAN1-LAN2-WAN,WAN` |
-| `macaddrs` | Comma-separated MAC addresses (optional) | `BaseMACAddress,BaseMACAddressP1,AA:BB:CC:DD:EE:FF` |
-
-### How It Works
-
-When you change any configuration parameter and restart netmode:
-1. The system detects the configuration change automatically
-2. Old network configuration is cleaned up (interfaces, bridges, VLANs)
-3. System configuration is preserved (loopback, physical devices)
-4. New configuration is applied based on your parameters
-5. No manual intervention needed!
-
----
-
-## Interface Types
-
-### Bridge Types (Traditional VLAN Devices)
-
-Bridge types create L2 bridge interfaces using traditional VLAN devices (eth0.100, etc.).
-
-| Type | Syntax | Description |
-|------|--------|-------------|
-| **Transparent** | `bridge:transparent` | No VLAN tagging on any port |
-| **Tagged** | `bridge:tagged:VID` | All ports tagged with same VLAN ID |
-| **WAN-Tagged** | `bridge:wan-tagged:VID` | Only WAN port tagged, LAN ports untagged |
-| **Transparent QinQ** | `bridge:transparent-qinq:SVID` | LAN untagged, WAN single S-tag (802.1ad) |
-| **Transparent QinQ (Double)** | `bridge:transparent-qinq:CVID:SVID` | LAN untagged, WAN double-tagged (C+S) |
-| **Tagged QinQ** | `bridge:tagged-qinq:CVID:SVID` | LAN C-tagged, WAN double-tagged (C+S) |
-| **QinQ (All ports)** | `bridge:qinq:CVID:SVID` | All ports double-tagged |
-
-### Bridge VLAN Filtering Types (Modern Approach)
-
-Bridge VLAN filtering uses kernel bridge VLAN filtering instead of creating VLAN devices. **Recommended for new deployments.**
-
-| Type | Syntax | Description |
-|------|--------|-------------|
-| **Tagged** | `brvlan:tagged:VID` | All ports tagged with VLAN ID (uses bridge-vlan) |
-| **WAN-Tagged** | `brvlan:wan-tagged:VID` | WAN tagged, LAN untagged (uses bridge-vlan) |
-| **Mixed** | `brvlan:mixed:VID` | Custom tagged/untagged configuration |
-
-**See [BRIDGE_VLAN_FILTERING.md](BRIDGE_VLAN_FILTERING.md) for detailed documentation.**
-
-### Routed Types
-
-Routed types create L3 routed interfaces (with NAT/firewall).
-
-| Type | Syntax | Description |
-|------|--------|-------------|
-| **VLAN Routing** | `route:vlan:VID` | Routed interface on VLAN |
-| **MACVLAN Routing** | `route:macvlan:MAC` | MACVLAN device with custom MAC (supports macros) |
-| **VLAN + MAC Routing** | `route:vlan:VID:MAC` | Routed interface on VLAN with custom MAC |
-| **Transparent Routing** | `route:transparent` | Routed interface on base device (no VLAN) |
-
-### Standalone Types
-
-Standalone types create VLAN interfaces without bridges or routing (proto=none by default).
-
-| Type | Syntax | Description |
-|------|--------|-------------|
-| **Direct VLAN** | `direct:VID` | Standalone VLAN interface, proto=none |
-
-### Device Reference Types
-
-Device reference types allow multiple interfaces to share the same underlying device.
-
-| Type | Syntax | Description |
-|------|--------|-------------|
-| **Device Reference** | `device-ref:INTERFACE` | References the device from another interface |
-
-**Use Case**: Create separate IPv4 and IPv6 interfaces (wan and wan6) that share the same bridge or VLAN device.
-
-**Example**:
-```bash
-# wan creates bridge on VLAN 2501 with DHCP
-# wan6 shares the same br-wan device with DHCPv6
-interface_names='wan,wan6'
-interface_types='bridge:tagged:2501,device-ref:wan-dhcpv6'
-ports='WAN,WAN'
-```
-
-**Result**:
-- `wan`: Creates `br-wan` bridge device on VLAN 2501, proto=dhcp
-- `wan6`: Uses same `br-wan` device, proto=dhcpv6
-
-**Note**: The referenced interface must be defined before the device-ref interface in the interface_names list.
-
-### Modifiers
-
-Modifiers can be appended to any interface type:
-
-| Modifier | Effect | Example |
-|----------|--------|---------|
-| `-pppoe` | Set proto=pppoe (PPPoE authentication) | `route:vlan:101-pppoe` |
-| `-dhcpv6` | Set proto=dhcpv6 (DHCPv6 client) | `bridge:tagged:2501-dhcpv6` |
-| `-dhcp` | Set proto=dhcp (DHCP client - explicit) | `bridge:transparent-dhcp` |
-| `-static` | Set proto=static (static IP) | `bridge:transparent-static` |
-| `-none`, `-n` | Set proto=none (no IP configuration) | `bridge:tagged:100-none` or `bridge:tagged:100-n` |
-| `-iptv` | Signify that this is an iptv interface (affects firewall and mcast) | `route:vlan:200-iptv` |
-| `-inet` | Signify that this is an internet interface (affects firewall) | `route:vlan:200-inet` |
-| `-mgmt` | Signify that this is a management interface (affects firewall) | `route:vlan:200-mgmt` |
-| `-disabled`, `-d` | Create but mark as disabled | `route:vlan:200-disabled` or `route:vlan:200-d` |
-
-
-#### Notes
-
-- The `-none` and `-n` modifiers are equivalent, as are `-disabled` and `-d`.
-- If no protocol modifier is specified, interfaces default to `proto=dhcp`.
-- Protocols and disabled can be clubbed together, and disabled should be in the last, for example: `transparent-qinq:2-n-d` will set proto as none and disable the interface, similarly other protocols can be used.
-- iptv, inet and mgmt modifier can only be used with route interfaces, and they can be clubbed with disabled modifier, but disable should be in the last.
-
-#### Static IP Auto-Configuration
-
-When using the `-static` modifier with an interface named `lan`, the system automatically configures:
-
-**Network Configuration**:
-- IP Address: 192.168.1.1
-- Netmask: 255.255.255.0
-- IPv6 Prefix: /60
-
-**DHCP Server Configuration**:
-- Start: 192.168.1.100
-- Limit: 150 addresses (100-250)
-- Lease time: 1 hour
-- DHCPv4: server
-- DHCPv6: server
-- Router Advertisement: server
-- SLAAC: enabled
-- RA flags: managed-config, other-config
-
-**Example**:
-```bash
-interface_names='lan,wan'
-interface_types='bridge:transparent-static,bridge:tagged:2501'
-ports='ALL_LAN,WAN'
-```
-
-For non-LAN interfaces with `-static`, only `proto=static` is set without additional configuration.
-
-**Note**: Direct interfaces default to `proto=none`, so `-n` is implicit.
-
-### MAC Address Assignment
-
-You can assign custom MAC addresses to interfaces using the `macaddrs` parameter. This is useful when ISPs require specific MAC addresses per service or for multi-service configurations.
-
-**Supported Formats:**
-
-| Format | Description | Example |
-|--------|-------------|---------|
-| **Explicit MAC** | Direct MAC address assignment | `AA:BB:CC:DD:EE:FF` |
-| **BaseMACAddress** | Use base MAC from `fw_printenv -n ethaddr` | `BaseMACAddress` |
-| **BaseMACAddressP1** | Base MAC + 1 | `BaseMACAddressP1` |
-| **BaseMACAddressPN** | Base MAC + N (any number) | `BaseMACAddressP5` |
-
-**Example:**
-```bash
-# If base MAC is 94:3F:0C:D5:76:00
-uci set netmode.@supported_args[3].value='BaseMACAddress,BaseMACAddressP1,AA:BB:CC:DD:EE:FF'
-# Results in:
-# Interface 1: 94:3F:0C:D5:76:00
-# Interface 2: 94:3F:0C:D5:76:01
-# Interface 3: AA:BB:CC:DD:EE:FF
-```
-
-**Note**: MAC addresses are assigned to interfaces in order. If you have 3 interfaces but only specify 2 MAC addresses, the 3rd interface will use the system default.
-
----
-
-## Configuration Examples
-
-### Example 1: Simple Transparent Bridge
-
-**Scenario**: All ports bridged together, no VLANs
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan'                    # interface_names
-uci set netmode.@supported_args[13].value='bridge:transparent'     # interface_types
-uci set netmode.@supported_args[14].value='ALL'                    # ports
-uci commit netmode
-service netmode restart
-```
-
-**Result**: Creates `br-wan` bridge with all LAN+WAN ports, proto=dhcp
-
----
-
-### Example 2: LAN-Only Bridge with Routed WAN
-
-**Scenario**: Bridge all LAN ports together, WAN as separate routed interface
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='lan,wan'
-uci set netmode.@supported_args[13].value='bridge:transparent,route:transparent'
-uci set netmode.@supported_args[14].value='ALL_LAN,WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**: Creates `br-lan` bridge with all LAN ports only, WAN routed separately
-
----
-
-### Example 3: VLAN-Tagged Bridge (Managed Network)
-
-**Scenario**: All ports tagged with VLAN 100
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='mgmt'
-uci set netmode.@supported_args[13].value='bridge:tagged:100'
-uci set netmode.@supported_args[14].value='ALL'
-uci commit netmode
-service netmode restart
-```
-
-**Result**: Creates `br-mgmt` with all ports tagged as `.100`
-
----
-
-### Example 4: Multiple Service Bridges (VLAN Segregation)
-
-**Scenario**: Separate bridges for Internet (VLAN 100), IPTV (VLAN 200), Management (VLAN 300)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='inet,iptv,mgmt'
-uci set netmode.@supported_args[13].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
-uci set netmode.@supported_args[14].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**:
-- `br-inet`: LAN1.100 + LAN2.100 + WAN.100, proto=none
-- `br-iptv`: LAN3.200 + LAN4.200 + WAN.200, proto=none
-- `br-mgmt`: WAN.300, proto=dhcp
-
----
-
-### Example 5: QinQ Configuration (Wholesale Provider)
-
-**Scenario**: Customer A on C-tag 10 S-tag 100, Customer B on C-tag 20 S-tag 100
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='customer_a,customer_b'
-uci set netmode.@supported_args[13].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n'
-uci set netmode.@supported_args[14].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**:
-- `br-customer_a`: All ports double-tagged (100.10)
-- `br-customer_b`: All ports double-tagged (100.20)
-
----
-
-### Example 6: Routed Multi-Service with Custom MAC Addresses
-
-**Scenario**: ISP requires different MAC addresses for Internet and IPTV services
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='mgmt_wan,wan,iptv_wan,lan'
-uci set netmode.@supported_args[13].value='route:macvlan:BaseMACAddressP2-mgmt,route:macvlan:BaseMACAddressP3-inet,route:macvlan:BaseMACAddressP4-iptv,bridge:transparent-static'
-uci set netmode.@supported_args[14].value='WAN,WAN,WAN,ALL_LAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**:
-- `mgmt_wan`: Routed interface on WAN with base MAC + 2(58:00:32:C0:0E:42)
-- `wan`: Routed interface on WAN with base MAC + 3 (58:00:32:C0:0E:43)
-- `iptv_wan`: Routed interface on WAN with base MAC + 4 (58:00:32:C0:0E:44)
-- `lan`: bridged interface on ALL LAN ports with base MAC (58:00:32:C0:0E:40)
-
----
-
-### Example 7: Routed Multi-Service (VLAN-based)
-
-**Scenario**: Internet on VLAN 100, IPTV on VLAN 200, Management on VLAN 300, all routed
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='mgmt_wan,wan,iptv_wan,lan'
-uci set netmode.@supported_args[13].value='route:vlan:300-mgmt,route:vlan:100-inet,route:vlan:200-iptv,bridge:transparent-static'
-uci set netmode.@supported_args[14].value='WAN,WAN,WAN,ALL_LAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**:
-- `wan`: Routed on WAN.100, proto=dhcp
-- `iptv`: Routed on WAN.200, proto=dhcp
-- `mgmt`: Routed on WAN.300, proto=dhcp
-
----
-
-### Example 8: Routed Multi-Service (MACVLAN with Macros)
-
-**Scenario**: Internet and IPTV using MACVLAN devices with MAC address macros
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan,iptv'
-uci set netmode.@supported_args[13].value='route:transparent,route:macvlan:BaseMACAddressP1'
-uci set netmode.@supported_args[14].value='WAN,WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**:
-- `wan`: Routed on WAN with default MAC (94:3F:0C:D5:76:00)
-- `iptv`: MACVLAN device on WAN with base MAC + 1 (94:3F:0C:D5:76:01)
-
-**Alternative with explicit MAC:**
-```bash
-uci set netmode.@supported_args[13].value='route:transparent,route:macvlan:AA:BB:CC:DD:EE:FF'
-```
-
----
-
-### Example 9: Routed Multi-Service (VLAN + MACVLAN)
-
-**Scenario**: Internet on VLAN 100, IPTV on VLAN 200 with custom MAC
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan,iptv'
-uci set netmode.@supported_args[13].value='route:vlan:100,route:vlan:200:AA:BB:CC:DD:EE:FF'
-uci set netmode.@supported_args[14].value='WAN,WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**:
-- `wan`: Routed on WAN.100 (default MAC), proto=dhcp
-- `iptv`: Routed on WAN.200 with custom MAC, proto=dhcp
-
----
-
-### Example 10: Standalone VLAN Interface (Direct)
-
-**Scenario**: WAN as standalone VLAN 2501 interface (no bridge, no routing)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan'
-uci set netmode.@supported_args[13].value='direct:2501'
-uci set netmode.@supported_args[14].value='WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**: Creates WAN.2501 interface, proto=none (no DHCP)
-
----
-
-### Example 11: Mixed Bridge and Routed Interfaces
-
-**Scenario**: IPTV bridged on VLAN 200, Internet routed on VLAN 100
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan,iptv'
-uci set netmode.@supported_args[13].value='route:vlan:100,bridge:tagged:200-n'
-uci set netmode.@supported_args[14].value='WAN,LAN1-LAN2-WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Result**:
-- `wan`: Routed on WAN.100, proto=dhcp (firewall enabled)
-- `br-iptv`: Bridge on LAN1.200 + LAN2.200 + WAN.200, proto=none
-
----
-
-## Use Case Scenarios
-
-### Scenario 1: ISP Triple-Play Service (Routed)
-
-**Requirement**: Internet on VLAN 100, IPTV on VLAN 200, VoIP on VLAN 300, all routed
-
-**Configuration**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan,iptv,voip'
-uci set netmode.@supported_args[13].value='route:vlan:100,route:vlan:200,route:vlan:300'
-uci set netmode.@supported_args[14].value='WAN,WAN,WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Network Topology**:
-```
-WAN (ae_wan)
-  ├── wan (VLAN 100) - Internet - Routed
-  ├── iptv (VLAN 200) - IPTV - Routed
-  └── voip (VLAN 300) - VoIP - Routed
-```
-
----
-
-### Scenario 2: ISP Triple-Play with MACVLAN
-
-**Requirement**: Internet normal MAC, IPTV with custom MAC, VoIP with custom MAC
-
-**Configuration**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan,iptv,voip'
-uci set netmode.@supported_args[13].value='route:transparent,route:macvlan:AA:BB:CC:DD:EE:01,route:macvlan:AA:BB:CC:DD:EE:02'
-uci set netmode.@supported_args[14].value='WAN,WAN,WAN'
-uci commit netmode
-service netmode restart
-```
-
----
-
-### Scenario 3: Enterprise VLAN Segregation (Bridged)
-
-**Requirement**: Guest WiFi on VLAN 100, Corporate on VLAN 200, Management on VLAN 300, all bridged
-
-**Configuration**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='guest,corporate,mgmt'
-uci set netmode.@supported_args[13].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
-uci set netmode.@supported_args[14].value='LAN1-WAN,LAN2-LAN3-WAN,WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Network Topology**:
-```
-LAN1.100 ──┬── WAN.100 ──[ br-guest ] (proto=none)
-LAN2.200 ──┬── WAN.200 ──[ br-corporate ] (proto=none)
-LAN3.200 ──┘
-WAN.300 ────[ br-mgmt ] (proto=dhcp)
-```
-
----
-
-### Scenario 4: Wholesale QinQ Provider
-
-**Requirement**: Multiple customers on single fiber, S-tag 100, different C-tags
-
-**Configuration**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='cust_a,cust_b,cust_c'
-uci set netmode.@supported_args[13].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n,bridge:qinq:30:100-n'
-uci set netmode.@supported_args[14].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,LAN5-LAN6-WAN'
-uci commit netmode
-service netmode restart
-```
-
----
-
-### Scenario 5: Hybrid Bridge + Routed
-
-**Requirement**: Internet routed, IPTV bridged to STBs
-
-**Configuration**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan,iptv'
-uci set netmode.@supported_args[13].value='route:vlan:100,bridge:tagged:200-n'
-uci set netmode.@supported_args[14].value='WAN,LAN1-LAN2-LAN3-WAN'
-uci commit netmode
-service netmode restart
-```
-
-**Network Topology**:
-```
-WAN.100 ─── [ wan - routed ] (NAT, firewall enabled)
-
-LAN1.200 ──┐
-LAN2.200 ──┼─ WAN.200 ──[ br-iptv ] (transparent bridge, proto=none)
-LAN3.200 ──┘
-```
-
----
-
-## Port List Specifications
-
-### Port List Syntax
-
-- **`ALL`**: All LAN ports + WAN port + EXT port (resolved from UCI or board.json)
-- **`ALL_LAN`**: All LAN ports only (no WAN, no EXT) - useful for LAN-only bridges
-- **`LAN`**: Single LAN port (for devices with one LAN port)
-- **`WAN`**: Only WAN port
-- **`EXT`**: Only EXT port
-- **`LAN-WAN`**: Single LAN port and WAN
-- **`LAN1-LAN2-WAN`**: LAN1, LAN2, and WAN
-- **`LAN1-LAN3-EXT`**: LAN1, LAN3, and EXT
-- **`WAN-EXT`**: WAN and EXT ports
-
-**Note**: For devices with a single LAN port, use `LAN`. For devices with multiple LAN ports, use `LAN1-8`. The `ALL` and `ALL_LAN` macros automatically detect which configuration is present.
-
-#### Individual untagged port
-
-- Suppose we have a bridge:tagged type interface, so all the ports are going to be tagged in this case. To mark any of the ports untagged individually, ":u" modifier can be used with the port, for example, to make LAN3 untagged (transparent) here: "LAN2-LAN3:u-LAN4-WAN".
-
-### Device Name Resolution
-
-Port macros (LAN, LAN1-LAN8, WAN, EXT) are automatically resolved to actual device names:
-- `LAN` → `uci get network.LAN.name` → e.g., `eth1` (single LAN port devices)
-- `LAN1` → `uci get network.LAN1.name` → e.g., `eth1` (multi-port devices)
-- `WAN` → `uci get network.WAN.name` → e.g., `ae_wan`
-- `EXT` → `uci get network.EXT.name` → e.g., `eth5`
-
-If UCI device section doesn't exist, the system falls back to board.json.
-
----
-
-## TR-069/USP Configuration
-
-### TR-181 Data Model Mapping
-
-The advanced mode uses three arguments in TR-181:
-
-1. **SupportedArguments.1** = `interface_names`
-2. **SupportedArguments.2** = `interface_types`
-3. **SupportedArguments.3** = `ports`
-
-### Example 1: Transparent Bridge via TR-069
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>wan</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>bridge:transparent</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>ALL</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-### Example 2: Routed Multi-Service via TR-069
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>wan,iptv,mgmt</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>route:vlan:100,route:vlan:200,route:vlan:300</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>WAN,WAN,WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-### Example 3: QinQ Bridge via TR-069
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>customer_a,customer_b</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>bridge:qinq:10:100-n,bridge:qinq:20:100-n</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>LAN1-LAN2-WAN,LAN3-LAN4-WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
----
-
-## Troubleshooting
-
-### Issue: VLANs Not Working
-
-**Diagnosis**:
-```bash
-# Check VLAN devices created
-uci show network | grep 8021q
-
-# Check interface status
-ip link show
-ip addr show
-
-# Verify VLAN traffic
-tcpdump -i eth4 -e -n vlan
-```
-
-**Solution**:
-```bash
-# Ensure kernel module loaded
-modprobe 8021q
-lsmod | grep 8021
-
-# Check switch configuration (if applicable)
-swconfig dev switch0 show
-```
-
----
-
-### Issue: QinQ Not Working
-
-**Diagnosis**:
-```bash
-# Check for 8021ad devices
-uci show network | grep 8021ad
-
-# Verify kernel support
-modprobe 8021q
-lsmod | grep 8021
-```
-
-**Solution**:
-```bash
-# Install QinQ support
-opkg install kmod-8021q
-
-# Verify S-tag ethertype (0x88a8)
-tcpdump -i eth4 -e -n -xx vlan
-```
-
----
-
-### Issue: MACVLAN Interface Not Getting IP
-
-**Diagnosis**:
-```bash
-# Check MACVLAN device
-ip link show | grep macvlan
-
-# Check MAC address
-ip link show <interface>_macvlan | grep ether
-
-# Test DHCP
-udhcpc -i <interface>_macvlan -n
-```
-
-**Solution**:
-```bash
-# Verify passthru mode
-uci show network | grep -A5 macvlan
-
-# Ensure MAC is unique
-# Some ISPs require specific MAC format
-```
-
----
-
-### Issue: Mixed Bridge/Route Not Working
-
-**Diagnosis**:
-```bash
-# Check firewall status
-uci show firewall.globals.enabled
-
-# Verify interfaces
-ip addr show
-
-# Check routing table
-ip route show
-```
-
-**Solution**:
-Firewall is always enabled. For debugging:
-```bash
-# Temporarily disable firewall
-uci set firewall.globals.enabled='0'
-uci commit firewall
-/etc/init.d/firewall restart
-```
-
----
-
-### Issue: Port Not Added to Bridge
-
-**Diagnosis**:
-```bash
-# Check UCI device resolution
-uci get network.LAN1.name
-
-# Check bridge ports
-brctl show
-
-# Check UCI bridge configuration
-uci show network | grep -A10 "type='bridge'"
-```
-
-**Solution**:
-```bash
-# Verify device sections exist
-uci show network | grep "device="
-
-# Check board.json for defaults
-cat /etc/board.json | grep -A20 network
-```
-
----
-
-## Verification Commands
-
-### Check Configuration
-
-```bash
-# View current mode
-cat /etc/netmodes/.last_mode
-
-# View netmode configuration
-uci show netmode
-
-# View network configuration
-uci show network
-
-# View environment variables (during mode switch)
-logread | grep "Interface names:"
-```
-
-### Check Interface Status
-
-```bash
-# All interfaces
-ip addr show
-
-# Bridges
-brctl show
-bridge link show
-
-# VLAN devices
-ip -d link show type vlan
-
-# MACVLAN devices
-ip -d link show type macvlan
-```
-
-### Check Connectivity
-
-```bash
-# DHCP on interface
-udhcpc -i wan -n
-
-# Ping gateway
-ping -c 3 $(ip route | grep default | awk '{print $3}')
-
-# DNS resolution
-nslookup google.com
-
-# VLAN traffic capture
-tcpdump -i eth4 -e -n vlan
-```
-
-### Check Logs
-
-```bash
-# Netmode logs
-logread | grep netmode-advanced
-
-# Network logs
-logread | grep network
-
-# Live monitoring
-logread -f | grep -E "(netmode|network)"
-```
-
----
-
-## Migration from Old Modes
-
-### From `bridged` Mode
-
-**Old Configuration**:
-```bash
-uci set netmode.global.mode='bridged'
-uci set netmode.@supported_args[0].value='wan'
-uci set netmode.@supported_args[1].value='transparent'
-uci set netmode.@supported_args[2].value='ALL'
-```
-
-**New Configuration**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan'
-uci set netmode.@supported_args[13].value='bridge:transparent'
-uci set netmode.@supported_args[14].value='ALL'
-```
-
-**Change**: Add `bridge:` prefix to interface type.
-
----
-
-### From `routed-multi-service` Mode
-
-**Old Configuration**:
-```bash
-uci set netmode.global.mode='routed-multi-service'
-uci set netmode.@supported_args[0].value='100'  # inet_vlanid
-uci set netmode.@supported_args[2].value='200'  # iptv_vlanid
-uci set netmode.@supported_args[4].value='300'  # mgmt_vlanid
-```
-
-**New Configuration**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[12].value='wan,iptv,mgmt'
-uci set netmode.@supported_args[13].value='route:vlan:100,route:vlan:200,route:vlan:300'
-uci set netmode.@supported_args[14].value='WAN,WAN,WAN'
-```
-
-**Change**: Explicit interface names and unified syntax.
-
----
-
-## Best Practices
-
-1. **VLAN Planning**: Document all VLAN IDs before deployment
-2. **Port Assignment**: Create clear mapping of ports to services
-3. **Testing**: Test on lab environment before production
-4. **Monitoring**: Use `tcpdump` to verify VLAN tags
-5. **Firewall**: Be aware that routed interfaces enable firewall
-6. **Naming**: Use descriptive interface names (iptv, mgmt, voip)
-7. **Documentation**: Keep ISP-specific requirements documented
-8. **Backup**: Always backup configuration before major changes
-
----
-
-**Document Version**: 1.0
-**Package Version**: 1.1.11+
-**Last Updated**: 2024-12-12
-**Mode Status**: Production Ready

netmode/docs/ADVANCED_MODE_IMPLEMENTATION.md

@@ -1,567 +0,0 @@
-# Advanced Mode - Implementation Summary
-
-## Overview
-
-The **advanced** mode is a unified network configuration mode that consolidates and extends the functionality of the previous `bridged` and `routed-multi-service` modes into a single, flexible interface.
-
-## Design Rationale
-
-### Problems with Old Approach
-
-1. **Mode Fragmentation**: Separate modes for bridged and routed scenarios
-2. **Limited Flexibility**: Couldn't mix bridges and routed interfaces
-3. **Confusing Naming**: "bridged" mode actually supported standalone interfaces too
-4. **Parameter Proliferation**: routed-multi-service had 6+ parameters for just 3 services
-5. **No Scalability**: Adding new services required new parameters
-
-### New Unified Approach
-
-The advanced mode uses a **declarative, array-based configuration**:
-
-```
-interface_names:  wan,    iptv,           mgmt
-interface_types:  route:vlan:100, bridge:tagged:200, direct:300
-ports:       WAN,    LAN1-LAN2-WAN,  WAN
-```
-
-**Benefits**:
-- ✅ Single mode for all scenarios
-- ✅ Scalable (add N interfaces without new parameters)
-- ✅ Flexible (mix bridge/route/standalone)
-- ✅ Intuitive syntax
-- ✅ Self-documenting configuration
-
-## Architecture
-
-### File Structure
-
-```
-netmode/
-├── files/
-│   ├── etc/netmodes/advanced/
-│   │   └── scripts/
-│   │       └── 10-advanced           # Main mode script
-│   ├── lib/netmode/
-│   │   └── advanced_helper.sh        # Helper library
-│   └── etc/netmodes/supported_modes.json
-└── docs/
-    ├── ADVANCED_MODE_GUIDE.md         # Complete guide
-    └── ADVANCED_MODE_QUICK_REFERENCE.md
-```
-
-### Components
-
-#### 1. advanced_helper.sh
-
-**Purpose**: Core library for interface creation
-
-**Key Functions**:
-- `parse_interface_type()` - Parse interface type specifications
-- `create_bridge()` - Create bridge interfaces with VLAN/QinQ
-- `create_routed_interface()` - Create routed interfaces with VLAN/MACVLAN
-- `create_standalone_interface()` - Create direct VLAN interfaces
-- `parse_port_list()` - Resolve port macros to device names
-- `resolve_device_name()` - Resolve LAN1/WAN to actual device names
-- `cleanup_interfaces()` - Clean up all interfaces before applying new config
-
-#### 2. 10-advanced Script
-
-**Purpose**: Main mode script
-
-**Flow**:
-1. Parse environment variables (NETMODE_*)
-2. Split comma-separated values
-3. Loop through each interface
-4. Parse interface type
-5. Call appropriate creation function (bridge/route/direct)
-6. Configure multicast, DHCP, firewall
-7. Update service dependencies
-
-#### 3. supported_modes.json
-
-**Purpose**: Mode definition for UCI import
-
-**Configuration**:
-```json
-{
-  "name": "advanced",
-  "description": "Advanced Mode - Unified configuration...",
-  "supported_args": [
-    {
-      "name": "interface_names",
-      "description": "Interface names (comma-separated...)",
-      "type": "string"
-    },
-    ...
-  ]
-}
-```
-
-## Interface Type Syntax
-
-### Design Philosophy
-
-**Format**: `MODE:SUBTYPE[:PARAMS][:MODIFIERS]`
-
-Examples:
-- `bridge:transparent` - Mode=bridge, Subtype=transparent
-- `bridge:tagged:100` - Mode=bridge, Subtype=tagged, Param=VID
-- `route:vlan:100:AA:BB:CC:DD:EE:FF` - Mode=route, Subtype=vlan, Params=VID+MAC
-- `direct:2501-n` - Mode=direct, Param=VID, Modifier=proto_none
-
-### Parsing Logic
-
-The `parse_interface_type()` function:
-
-1. **Extract modifiers** (-n, -d)
-2. **Parse mode prefix** (bridge:/route:/direct:)
-3. **Parse subtype** (transparent/tagged/vlan/macvlan)
-4. **Parse parameters** (VID, SVID, MAC address)
-5. **Export to environment variables** for caller
-
-## UCI Device Resolution
-
-### Problem
-
-Port macros (LAN1, LAN2, WAN) are logical names that need to be mapped to actual hardware interfaces.
-
-### Solution
-
-```bash
-resolve_device_name() {
-    local device_id="$1"
-    local resolved_name=""
-
-    # Try UCI device section
-    resolved_name="$(uci -q get network.${device_id}.name)"
-
-    # Fallback to input
-    if [ -z "$resolved_name" ]; then
-        resolved_name="$device_id"
-    fi
-
-    echo "$resolved_name"
-}
-```
-
-**Example**:
-```
-LAN1 → uci get network.LAN1.name → eth1
-WAN  → uci get network.WAN.name  → ae_wan
-```
-
-### Port List Resolution
-
-The `parse_port_list()` function:
-
-1. **Check for "ALL"** → Resolve all LAN1-8 + WAN
-2. **Parse dash-separated** → LAN1-LAN2-WAN → resolve each
-3. **Return space-separated** → "eth1 eth2 ae_wan"
-
-## VLAN Device Creation
-
-### 802.1Q (C-tag)
-
-```bash
-create_vlan_device "eth0" "100" "8021q"
-```
-
-Creates:
-```
-config device 'eth0__100'
-    option type '8021q'
-    option enabled '1'
-    option vid '100'
-    option ifname 'eth0'
-    option name 'eth0.100'
-```
-
-### 802.1ad (S-tag)
-
-```bash
-create_vlan_device "eth0" "300" "8021ad"
-```
-
-Creates:
-```
-config device 'eth0__300'
-    option type '8021ad'
-    option enabled '1'
-    option vid '300'
-    option ifname 'eth0'
-    option name 'eth0.300'
-```
-
-### QinQ (Double Tagging)
-
-For `bridge:qinq:100:300`:
-
-```bash
-# Create S-tag first
-svlan=$(create_vlan_device "eth0" "300" "8021ad")  # eth0.300
-
-# Create C-tag on top of S-tag
-cvlan=$(create_vlan_device "$svlan" "100" "8021q")  # eth0.300.100
-```
-
-Result: `eth0.300.100` (S-tag 300, C-tag 100)
-
-## MACVLAN Device Creation
-
-For `route:macvlan:AA:BB:CC:DD:EE:FF`:
-
-```bash
-create_macvlan_device "ae_wan" "AA:BB:CC:DD:EE:FF" "iptv"
-```
-
-Creates:
-```
-config device 'iptv_macvlan'
-    option type 'macvlan'
-    option enabled '1'
-    option ifname 'ae_wan'
-    option name 'iptv_macvlan'
-    option macaddr 'AA:BB:CC:DD:EE:FF'
-    option mode 'passthru'
-```
-
-## Bridge Creation
-
-### Transparent Bridge
-
-For `bridge:transparent` with `ports='ALL'`:
-
-```bash
-create_bridge "wan" "bridge:transparent" "ALL"
-```
-
-Creates:
-```
-config interface 'wan'
-    option proto 'dhcp'
-    option device 'br-wan'
-
-config device 'br_wan'
-    option name 'br-wan'
-    option type 'bridge'
-    option bridge_empty '1'
-    list ports 'eth1'
-    list ports 'eth2'
-    list ports 'ae_wan'
-```
-
-### VLAN-Tagged Bridge
-
-For `bridge:tagged:100` with `ports='ALL'`:
-
-Creates VLAN devices on all ports first, then adds to bridge:
-```
-config device 'br_mgmt'
-    option name 'br-mgmt'
-    option type 'bridge'
-    list ports 'eth1.100'
-    list ports 'eth2.100'
-    list ports 'ae_wan.100'
-```
-
-## Routed Interface Creation
-
-For `route:vlan:100`:
-
-```bash
-create_routed_interface "wan" "vlan" "100" "" "dhcp" "ae_wan" "0"
-```
-
-Creates:
-```
-config device 'ae_wan__100'
-    option type '8021q'
-    option vid '100'
-    option ifname 'ae_wan'
-    option name 'ae_wan.100'
-
-config interface 'wan'
-    option proto 'dhcp'
-    option device 'ae_wan.100'
-```
-
-## Firewall Logic
-
-The advanced mode has **intelligent firewall handling**:
-
-```bash
-configure_firewall() {
-    local has_routed=0
-
-    # Check if ANY interface is routed
-    for if_type in $interface_types; do
-        if echo "$if_type" | grep -q "^route:"; then
-            has_routed=1
-            break
-        fi
-    done
-
-    if [ "$has_routed" = "1" ]; then
-        uci set firewall.globals.enabled="1"  # Enable for routed
-    else
-        uci set firewall.globals.enabled="0"  # Disable for bridge-only
-    fi
-}
-```
-
-**Logic**:
-- If **any** interface is routed → Enable firewall
-- If **all** interfaces are bridges → Disable firewall
-
-## Environment Variable Flow
-
-### Input (UCI → Environment)
-
-```bash
-# In netmode init script
-export NETMODE_interface_names="wan,iptv,mgmt"
-export NETMODE_interface_types="route:vlan:100,route:vlan:200,route:vlan:300"
-export NETMODE_ports="WAN,WAN,WAN"
-```
-
-### Parsing (Script)
-
-```bash
-# In 10-advanced script
-local interface_names="${NETMODE_interface_names:-wan}"
-local interface_types="${NETMODE_interface_types:-bridge:transparent}"
-local ports="${NETMODE_ports:-ALL}"
-
-# Split by comma
-IFS=','
-for name in $interface_names; do
-    names_arr="$names_arr $name"
-done
-```
-
-### Output (UCI Network Config)
-
-```
-config interface 'wan'
-    option proto 'dhcp'
-    option device 'ae_wan.100'
-
-config interface 'iptv'
-    option proto 'dhcp'
-    option device 'ae_wan.200'
-...
-```
-
-## Cleanup Strategy
-
-Before applying new configuration, all existing interfaces are cleaned up:
-
-```bash
-cleanup_interfaces() {
-    # Delete VLAN devices (8021q and 8021ad)
-    for vlandev_sec in $(uci show network | grep -E "\.type='(8021q|8021ad)'" ...); do
-        uci delete "$vlandev_sec"
-    done
-
-    # Delete MACVLAN devices
-    for macvlandev_sec in $(uci show network | grep "\.type='macvlan'" ...); do
-        uci delete "$macvlandev_sec"
-    done
-
-    # Delete bridge devices
-    for brdev_sec in $(uci show network | grep "\.type='bridge'" ...); do
-        uci delete "$brdev_sec"
-    done
-
-    # Delete standard interfaces
-    uci delete network.lan
-    uci delete network.wan
-    uci delete network.wan6
-}
-```
-
-This ensures a clean slate for the new configuration.
-
-## Migration Path
-
-### From bridged Mode
-
-**Before**:
-```bash
-mode='bridged'
-interface_names='wan,lan100'
-interface_types='transparent,tagged:100'
-ports='ALL,LAN1-LAN2'
-```
-
-**After**:
-```bash
-mode='advanced'
-interface_names='wan,lan100'
-interface_types='bridge:transparent,bridge:tagged:100'
-ports='ALL,LAN1-LAN2'
-```
-
-**Change**: Add `bridge:` prefix to types.
-
-### From routed-multi-service Mode
-
-**Before**:
-```bash
-mode='routed-multi-service'
-inet_vlanid='100'
-iptv_vlanid='200'
-mgmt_vlanid='300'
-```
-
-**After**:
-```bash
-mode='advanced'
-interface_names='wan,iptv,mgmt'
-interface_types='route:vlan:100,route:vlan:200,route:vlan:300'
-ports='WAN,WAN,WAN'
-```
-
-**Change**: Explicit interface names and unified syntax.
-
-## Testing Approach
-
-### Unit Testing
-
-Test individual helper functions:
-
-```bash
-# Test device resolution
-resolve_device_name "LAN1"  # Should return eth1
-
-# Test port parsing
-parse_port_list "LAN1-LAN2-WAN"  # Should return "eth1 eth2 ae_wan"
-
-# Test type parsing
-parse_interface_type "bridge:qinq:100:300-n"
-# Should set: mode=bridge, vlan_type=qinq, cvid=100, svid=300, proto=none
-```
-
-### Integration Testing
-
-Test complete scenarios:
-
-```bash
-# Test transparent bridge
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='wan'
-uci set netmode.@supported_args[1].value='bridge:transparent'
-uci set netmode.@supported_args[2].value='ALL'
-uci commit netmode
-service netmode restart
-
-# Verify
-brctl show | grep br-wan
-```
-
-### Validation
-
-```bash
-# Check UCI output
-uci show network
-
-# Check actual interfaces
-ip addr show
-brctl show
-ip -d link show type vlan
-
-# Check logs
-logread | grep netmode-advanced
-```
-
-## Performance Considerations
-
-### Comma Splitting Optimization
-
-The script uses efficient IFS-based splitting:
-
-```bash
-local OLD_IFS="$IFS"
-IFS=','
-for name in $interface_names; do
-    names_arr="$names_arr $name"
-done
-IFS="$OLD_IFS"
-```
-
-This is faster than using `cut` or `awk` in loops.
-
-### UCI Batching
-
-All UCI commands are batched, with a single `uci commit` at the end:
-
-```bash
-# Multiple uci set commands
-uci set ...
-uci set ...
-uci set ...
-
-# Single commit
-uci commit network
-```
-
-### Logging
-
-Logging is selective - info level for major steps, debug for details:
-
-```bash
-_log "Creating interface $idx/$total_interfaces"  # Info
-logger -s -p user.debug -t "$_log_prefix" "Adding port: $port"  # Debug
-```
-
-## Security Considerations
-
-### Input Validation
-
-- VLANs IDs: 1-4094
-- MAC addresses: Validated format
-- Port names: Resolved through UCI (trusted source)
-
-### Privilege Separation
-
-- Script runs as root (required for network config)
-- No user input directly executed
-- Environment variables sanitized through UCI
-
-## Future Enhancements
-
-Possible future additions:
-
-1. **Static IP support**: `route:vlan:100:static:192.168.1.1`
-2. **Port roles**: `ports='LAN1(tagged),LAN2(untagged)'`
-3. **Bridge STP**: `bridge:transparent:stp`
-4. **IPv6 specific**: `route:vlan:100:ipv6`
-5. **Validation**: Pre-flight checks for VLAN conflicts
-
-## Backward Compatibility
-
-**Status**: ⚠️ Breaking change by design
-
-The old `bridged` and `routed-multi-service` modes are **replaced** by advanced mode. This is acceptable because:
-
-1. This is the **first deployment** of advanced features
-2. No existing production deployments use old syntax
-3. Cleaner architecture without legacy baggage
-4. Documentation focuses on new syntax only
-
-## Summary
-
-The advanced mode represents a significant architectural improvement:
-
-- ✅ **Unified**: One mode for all scenarios
-- ✅ **Scalable**: Array-based configuration
-- ✅ **Flexible**: Mix bridges, routed, standalone
-- ✅ **Intuitive**: Self-documenting syntax
-- ✅ **Powerful**: VLAN, QinQ, MACVLAN support
-- ✅ **Clean**: No backward compatibility burden
-
----
-
-**Implementation Version**: 1.0
-**Date**: 2024-12-12
-**Status**: Production Ready

netmode/docs/ADVANCED_MODE_QUICK_REFERENCE.md

@@ -1,313 +0,0 @@
-# Advanced Mode - Quick Reference
-
-## Interface Type Syntax
-
-### Bridge Types (Traditional VLAN Devices)
-```
-bridge:transparent              # No VLANs
-bridge:tagged:VID               # All ports tagged
-bridge:wan-tagged:VID           # Only WAN tagged
-bridge:transparent-qinq:SVID    # LAN untagged, WAN S-tag
-bridge:transparent-qinq:C:S     # LAN untagged, WAN C+S tags
-bridge:tagged-qinq:C:S          # LAN C-tag, WAN C+S tags
-bridge:qinq:C:S                 # All ports C+S tags
-```
-
-### Bridge VLAN Filtering (Modern - Recommended)
-```
-brvlan:tagged:VID               # All ports tagged (bridge-vlan)
-brvlan:wan-tagged:VID           # WAN tagged, LAN untagged (bridge-vlan)
-brvlan:mixed:VID                # Custom tagging (bridge-vlan)
-```
-
-### Routed Types
-```
-route:transparent               # No VLAN, default MAC
-route:vlan:VID                  # VLAN routing
-route:macvlan:MAC               # MACVLAN device (supports BaseMACAddress macros)
-route:vlan:VID:MAC              # VLAN + custom MAC
-```
-
-### Standalone Types
-```
-direct:VID                      # Standalone VLAN (proto=none)
-```
-
-### Device Reference Types
-```
-device-ref:INTERFACE            # Reference device from another interface
-                                # Allows multiple interfaces to share the same device
-                                # Example: wan6 sharing wan's device
-```
-
-### Modifiers
-```
--pppoe                          # proto=pppoe (PPPoE authentication)
--dhcpv6                         # proto=dhcpv6 (DHCPv6 client)
--dhcp                           # proto=dhcp (DHCP client - explicit, default if no suffix)
--static                         # proto=static (static IP configuration)
--none, -n                       # proto=none (no IP configuration)
--disabled, -d                   # disabled=1 (interface disabled)
-```
-
-**Default Protocol**: If no protocol modifier is specified, the interface defaults to `-dhcp`.
-
-**Note**: When using `-static` with interface name `lan`, the system automatically configures:
-- IP: 192.168.1.1/24
-- IPv6 prefix delegation: /60
-- DHCP server: 192.168.1.100-250, 1h lease
-- DHCPv6 and RA server enabled
-
-### MAC Address Macros
-```
-BaseMACAddress                  # Base MAC from fw_printenv -n ethaddr
-BaseMACAddressP1                # Base MAC + 1
-BaseMACAddressP2                # Base MAC + 2
-BaseMACAddressPN                # Base MAC + N
-AA:BB:CC:DD:EE:FF               # Explicit MAC address
-```
-
----
-
-## Common Configurations
-
-### 1. Transparent Bridge
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='wan'
-uci set netmode.@supported_args[1].value='bridge:transparent'
-uci set netmode.@supported_args[2].value='ALL'
-uci commit netmode && service netmode restart
-```
-
-### 2. Router Mode (LAN + WAN)
-```bash
-# LAN bridge with static IP + DHCP server, WAN bridge with DHCP client
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='lan,wan'
-uci set netmode.@supported_args[1].value='bridge:transparent-static,bridge:tagged:2501'
-uci set netmode.@supported_args[2].value='ALL_LAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### 3. VLAN-Tagged Bridge
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='mgmt'
-uci set netmode.@supported_args[1].value='bridge:tagged:100'
-uci set netmode.@supported_args[2].value='ALL'
-uci commit netmode && service netmode restart
-```
-
-### 4. Multiple Service Bridges
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='inet,iptv,mgmt'
-uci set netmode.@supported_args[1].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
-uci set netmode.@supported_args[2].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### 5. QinQ Configuration
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='customer_a,customer_b'
-uci set netmode.@supported_args[1].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n'
-uci set netmode.@supported_args[2].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-### 6. Routed Multi-Service (VLAN)
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='wan,iptv,mgmt'
-uci set netmode.@supported_args[1].value='route:vlan:100,route:vlan:200,route:vlan:300'
-uci set netmode.@supported_args[2].value='WAN,WAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### 7. Routed Multi-Service with Custom MAC Addresses
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='wan,iptv'
-uci set netmode.@supported_args[1].value='route:transparent,route:transparent'
-uci set netmode.@supported_args[2].value='WAN,WAN'
-uci set netmode.@supported_args[3].value='BaseMACAddress,BaseMACAddressP1'
-uci commit netmode && service netmode restart
-```
-
-### 8. IPv4 + IPv6 on Same Device (Device Reference)
-```bash
-# wan uses DHCP, wan6 uses DHCPv6 on the same bridge device
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='wan,wan6'
-uci set netmode.@supported_args[1].value='bridge:tagged:2501,device-ref:wan-dhcpv6'
-uci set netmode.@supported_args[2].value='WAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### 9. Direct VLAN Interface
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='wan'
-uci set netmode.@supported_args[1].value='direct:2501'
-uci set netmode.@supported_args[2].value='WAN'
-uci commit netmode && service netmode restart
-```
-
-### 10. Hybrid (Routed + Bridged)
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='wan,iptv'
-uci set netmode.mode_4_supprted_args_2.value='route:vlan:100,bridge:tagged:200-n'
-uci set netmode.mode_4_supprted_args_3.value='WAN,LAN1-LAN2-LAN3-WAN'
-uci commit netmode && service netmode restart
-```
-
-### 11. Bridge VLAN Filtering (WAN Tagged)
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
-uci commit netmode && service netmode restart
-```
-
-### 12. Multiple Services with Bridge VLAN Filtering
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet,tv'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
----
-
-## Port List Syntax
-
-| Syntax | Description |
-|--------|-------------|
-| `ALL` | All LAN + WAN + EXT ports (from UCI/board.json) |
-| `ALL_LAN` | All LAN ports only (no WAN, no EXT) |
-| `LAN` | Single LAN port (for devices with one LAN port) |
-| `WAN` | WAN port only |
-| `EXT` | EXT port only |
-| `LAN-WAN` | Single LAN port and WAN |
-| `LAN1-LAN2-WAN` | LAN1, LAN2, and WAN |
-| `LAN1-LAN3-EXT` | LAN1, LAN3, and EXT |
-| `WAN-EXT` | WAN and EXT ports |
-
-**Note**: `LAN` is used for devices with a single LAN port, while `LAN1-8` are used for devices with multiple numbered LAN ports. The system automatically detects which is present in UCI.
-
----
-
-## Verification Commands
-
-```bash
-# Check current mode
-cat /etc/netmodes/.last_mode
-
-# View configuration
-uci show netmode
-
-# View network interfaces
-ip addr show
-
-# View bridges
-brctl show
-
-# View VLAN devices
-ip -d link show type vlan
-
-# View MACVLAN devices
-ip -d link show type macvlan
-
-# View logs
-logread | grep netmode-advanced
-
-# Test DHCP
-udhcpc -i wan -n
-
-# Capture VLAN traffic
-tcpdump -i eth4 -e -n vlan
-```
-
----
-
-## Troubleshooting
-
-### Force mode reapply
-```bash
-rm /etc/netmodes/.last_mode
-service netmode restart
-```
-
-### Check for errors
-```bash
-logread | grep -E "(error|ERROR|failed|FAILED)"
-```
-
-### Verify UCI syntax
-```bash
-uci show netmode
-uci show network
-```
-
-### Reset to DHCP mode
-```bash
-uci set netmode.global.mode='routed-dhcp'
-uci commit netmode
-service netmode restart
-```
-
----
-
-## TR-181 Argument Mapping
-
-```
-Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value = interface_names
-Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value = interface_types
-Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value = ports
-Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.4.Value = macaddrs
-```
-
----
-
-## Examples by Use Case
-
-### ISP Triple-Play (VLAN-based with MAC Addresses)
-```bash
-# Internet VLAN 100, IPTV VLAN 200, VoIP VLAN 300 with different MACs
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='wan,iptv,voip'
-uci set netmode.@supported_args[1].value='route:vlan:100,route:vlan:200,route:vlan:300'
-uci set netmode.@supported_args[2].value='WAN,WAN,WAN'
-uci set netmode.@supported_args[3].value='BaseMACAddress,BaseMACAddressP1,BaseMACAddressP2'
-uci commit netmode && service netmode restart
-```
-
-### Enterprise Guest + Corporate Networks
-```bash
-# Guest VLAN 100, Corporate VLAN 200, Management VLAN 300
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='guest,corporate,mgmt'
-uci set netmode.@supported_args[1].value='bridge:tagged:100-n,bridge:tagged:200-n,bridge:tagged:300'
-uci set netmode.@supported_args[2].value='LAN1-WAN,LAN2-LAN3-WAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### Wholesale QinQ Provider
-```bash
-# Multiple customers with different C-tags, same S-tag
-uci set netmode.global.mode='advanced'
-uci set netmode.@supported_args[0].value='cust_a,cust_b,cust_c'
-uci set netmode.@supported_args[1].value='bridge:qinq:10:100-n,bridge:qinq:20:100-n,bridge:qinq:30:100-n'
-uci set netmode.@supported_args[2].value='LAN1-LAN2-WAN,LAN3-LAN4-WAN,LAN5-LAN6-WAN'
-uci commit netmode && service netmode restart
-```
-
----
-
-**Version**: 1.0
-**Last Updated**: 2024-12-12

netmode/docs/BRIDGE_VLAN_FILTERING.md

@@ -1,333 +0,0 @@
-# Bridge VLAN Filtering Mode
-
-## Overview
-
-The advanced netmode now supports **bridge VLAN filtering**, a modern approach to VLAN configuration that uses the kernel's bridge VLAN filtering feature instead of creating separate VLAN devices.
-
-### Benefits
-
-- **Better Performance**: No need to create multiple VLAN devices
-- **Cleaner Configuration**: Single bridge with VLAN filtering instead of multiple VLAN interfaces
-- **Hardware Offloading**: Better support for hardware VLAN acceleration
-- **Simplified Management**: All VLANs configured in one place
-
-## Syntax
-
-Use the `brvlan:` prefix instead of `bridge:` to enable bridge VLAN filtering:
-
-| Traditional Mode | Bridge VLAN Filtering Mode |
-|------------------|---------------------------|
-| `bridge:tagged:100` | `brvlan:tagged:100` |
-| `bridge:wan-tagged:100` | `brvlan:wan-tagged:100` |
-| N/A | `brvlan:mixed:100` |
-
-## Interface Types
-
-### `brvlan:tagged:VID`
-
-All ports are tagged with the specified VLAN ID.
-
-**Example**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:tagged:1499'
-uci set netmode.mode_4_supprted_args_3.value='ALL'
-uci commit netmode && service netmode restart
-```
-
-**Resulting Configuration**:
-```
-config interface 'internet'
-    option device 'br-internet.1499'
-    option proto 'dhcp'
-
-config device br_internet
-    option name 'br-internet'
-    option type 'bridge'
-    option vlan_filtering '1'
-    list ports 'ae_wan'
-    list ports 'eth0'
-    list ports 'eth1'
-
-config bridge-vlan brvlan_1499_internet
-    option device 'br-internet'
-    option vlan '1499'
-    list ports 'ae_wan:t'
-    list ports 'eth0:t'
-    list ports 'eth1:t'
-```
-
----
-
-### `brvlan:wan-tagged:VID`
-
-WAN port is tagged, LAN ports are untagged.
-
-**Example**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='iptv'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1510-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Resulting Configuration**:
-```
-config interface 'iptv'
-    option device 'br-iptv.1510'
-    option proto 'none'
-
-config device br_iptv
-    option name 'br-iptv'
-    option type 'bridge'
-    option vlan_filtering '1'
-    list ports 'ae_wan'
-    list ports 'eth0'
-    list ports 'eth1'
-
-config bridge-vlan brvlan_1510_iptv
-    option device 'br-iptv'
-    option vlan '1510'
-    list ports 'ae_wan:t'
-    list ports 'eth0:u'
-    list ports 'eth1:u'
-```
-
----
-
-### `brvlan:mixed:VID` or `brvlan:mixed:VID:TAGGED_PORTS`
-
-Custom tagged/untagged configuration with flexible port-specific tagging.
-
-**Syntax**:
-- `brvlan:mixed:VID` - Default behavior: WAN tagged, LAN untagged
-- `brvlan:mixed:VID:TAGGED_PORTS` - Specify which ports are tagged (e.g., `LAN1-WAN`)
-
-**Example 1: Default (WAN Tagged)**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='service'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Result**: WAN tagged, LAN1 and LAN2 untagged
-
-**Example 2: Custom Tagging (LAN1 and WAN Tagged)**:
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='corporate'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:200:LAN1-WAN'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Resulting Configuration**:
-```
-config bridge-vlan brvlan_200_corporate
-    option device 'br-corporate'
-    option vlan '200'
-    list ports 'eth0:t'      # LAN1 tagged
-    list ports 'eth1:u'      # LAN2 untagged
-    list ports 'eth2:u'      # LAN3 untagged
-    list ports 'ae_wan:t'    # WAN tagged
-```
-
-**See [BRVLAN_MIXED_MODE_EXAMPLES.md](BRVLAN_MIXED_MODE_EXAMPLES.md) for comprehensive examples.**
-
----
-
-## Comparison: Traditional vs Bridge VLAN Filtering
-
-### Traditional VLAN Device Approach (`bridge:tagged:100`)
-
-Creates separate VLAN devices for each port:
-
-```
-config device eth0_100
-    option type '8021q'
-    option vid '100'
-    option ifname 'eth0'
-    option name 'eth0.100'
-
-config device wan_100
-    option type '8021q'
-    option vid '100'
-    option ifname 'ae_wan'
-    option name 'ae_wan.100'
-
-config device br_internet
-    option type 'bridge'
-    list ports 'eth0.100'
-    list ports 'ae_wan.100'
-```
-
-### Bridge VLAN Filtering Approach (`brvlan:tagged:100`)
-
-Single bridge with VLAN filtering:
-
-```
-config device br_internet
-    option type 'bridge'
-    option vlan_filtering '1'
-    list ports 'eth0'
-    list ports 'ae_wan'
-
-config bridge-vlan brvlan_100_internet
-    option device 'br-internet'
-    option vlan '100'
-    list ports 'eth0:t'
-    list ports 'ae_wan:t'
-```
-
----
-
-## Use Cases
-
-### ISP Internet Service (VLAN 1499, WAN Tagged)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
-uci commit netmode && service netmode restart
-```
-
-### IPTV Service (VLAN 1510, WAN Tagged, No DHCP)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='tv'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1510-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-### Multiple Services (Internet + IPTV)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet,tv'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-### Corporate Network (All Ports Tagged)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='corporate'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:tagged:100'
-uci set netmode.mode_4_supprted_args_3.value='ALL'
-uci commit netmode && service netmode restart
-```
-
----
-
-## Modifiers
-
-Bridge VLAN filtering modes support the same modifiers as traditional bridge modes:
-
-| Modifier | Effect | Example |
-|----------|--------|---------|
-| `-n` | Set proto=none (no DHCP client) | `brvlan:tagged:100-n` |
-| `-d` | Create but mark as disabled | `brvlan:wan-tagged:200-d` |
-
----
-
-## Verification
-
-### Check Bridge VLAN Configuration
-
-```bash
-# View bridge device
-uci show network | grep "vlan_filtering"
-
-# View bridge-vlan sections
-uci show network | grep "bridge-vlan"
-
-# View interface status
-ip addr show
-
-# View bridge VLAN table
-bridge vlan show
-```
-
-### Example Output
-
-```bash
-root@router:~# bridge vlan show
-port              vlan-id
-ae_wan            1499 Tagged
-eth0              1499 Untagged
-eth1              1499 Untagged
-br-internet       1499
-```
-
----
-
-## Limitations
-
-1. **No QinQ Support**: Bridge VLAN filtering does not currently support 802.1ad (QinQ) double tagging
-2. **Single VLAN per Interface**: Each bridge-vlan section defines one VLAN
-3. **Kernel Support Required**: Requires kernel with bridge VLAN filtering support
-
----
-
-## Migration from Traditional Bridge
-
-### Before (Traditional VLAN Devices)
-
-```bash
-uci set netmode.mode_4_supprted_args_2.value='bridge:wan-tagged:100'
-```
-
-### After (Bridge VLAN Filtering)
-
-```bash
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100'
-```
-
-Simply change the prefix from `bridge:` to `brvlan:`.
-
----
-
-## Troubleshooting
-
-### Check if VLAN Filtering is Enabled
-
-```bash
-cat /sys/class/net/br-internet/bridge/vlan_filtering
-# Should output: 1
-```
-
-### View Bridge VLAN Table
-
-```bash
-bridge vlan show dev br-internet
-```
-
-### Check Kernel Support
-
-```bash
-# Check if bridge module supports vlan_filtering
-cat /sys/module/bridge/parameters/vlan_filtering
-```
-
-### Enable Debug Logging
-
-```bash
-# Monitor netmode logs
-logread -f | grep netmode-advanced
-```
-
----
-
-**Version**: 1.0
-**Last Updated**: 2025-12-12
-**Feature Status**: Production Ready

netmode/docs/BRVLAN_MIXED_MODE_EXAMPLES.md

@@ -1,318 +0,0 @@
-# Bridge VLAN Filtering - Mixed Mode Examples
-
-## Overview
-
-The `brvlan:mixed` mode provides flexible control over which ports are tagged vs untagged in a bridge VLAN configuration. This is useful for complex scenarios where different ports need different VLAN tagging behavior.
-
-## Syntax
-
-### Basic Mixed Mode (Default Behavior)
-```
-brvlan:mixed:VID
-```
-**Behavior**: WAN tagged, LAN ports untagged (same as `brvlan:wan-tagged:VID`)
-
-### Custom Mixed Mode (Specify Tagged Ports)
-```
-brvlan:mixed:VID:TAGGED_PORTS
-```
-**Behavior**: Ports listed in `TAGGED_PORTS` are tagged, all others are untagged
-
-**TAGGED_PORTS Format**: Same as port list specification (`LAN1-LAN2-WAN`, `WAN`, etc.)
-
----
-
-## Examples
-
-### Example 1: Basic Mixed Mode (WAN Tagged by Default)
-
-**Scenario**: Internet service where WAN needs VLAN 100, LAN ports untagged
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Result**:
-```
-config interface 'internet'
-    option device 'br-internet.100'
-    option proto 'dhcp'
-
-config device br_internet
-    option name 'br-internet'
-    option type 'bridge'
-    option vlan_filtering '1'
-    list ports 'eth0'        # LAN1
-    list ports 'eth1'        # LAN2
-    list ports 'ae_wan'      # WAN
-
-config bridge-vlan brvlan_100_internet
-    option device 'br-internet'
-    option vlan '100'
-    list ports 'eth0:u'      # LAN1 untagged
-    list ports 'eth1:u'      # LAN2 untagged
-    list ports 'ae_wan:t'    # WAN tagged
-```
-
----
-
-### Example 2: Only Specific LAN Ports Tagged
-
-**Scenario**: Enterprise network where LAN1 and WAN are tagged, LAN2 and LAN3 are untagged
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='corporate'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:200:LAN1-WAN'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Result**:
-```
-config interface 'corporate'
-    option device 'br-corporate.200'
-    option proto 'dhcp'
-
-config device br_corporate
-    option name 'br-corporate'
-    option type 'bridge'
-    option vlan_filtering '1'
-    list ports 'eth0'        # LAN1
-    list ports 'eth1'        # LAN2
-    list ports 'eth2'        # LAN3
-    list ports 'ae_wan'      # WAN
-
-config bridge-vlan brvlan_200_corporate
-    option device 'br-corporate'
-    option vlan '200'
-    list ports 'eth0:t'      # LAN1 tagged (specified)
-    list ports 'eth1:u'      # LAN2 untagged
-    list ports 'eth2:u'      # LAN3 untagged
-    list ports 'ae_wan:t'    # WAN tagged (specified)
-```
-
----
-
-### Example 3: All LAN Ports Tagged, WAN Untagged
-
-**Scenario**: Reverse scenario where LAN ports carry VLAN tags but WAN doesn't
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='service'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:300:LAN1-LAN2-LAN3'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Result**:
-```
-config bridge-vlan brvlan_300_service
-    option device 'br-service'
-    option vlan '300'
-    list ports 'eth0:t'      # LAN1 tagged
-    list ports 'eth1:t'      # LAN2 tagged
-    list ports 'eth2:t'      # LAN3 tagged
-    list ports 'ae_wan:u'    # WAN untagged
-```
-
----
-
-### Example 4: Only WAN Tagged (Explicit)
-
-**Scenario**: Same as `wan-tagged` but using mixed mode explicitly
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='iptv'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:1510:WAN-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Result**:
-```
-config interface 'iptv'
-    option device 'br-iptv.1510'
-    option proto 'none'
-
-config bridge-vlan brvlan_1510_iptv
-    option device 'br-iptv'
-    option vlan '1510'
-    list ports 'eth2:u'      # LAN3 untagged
-    list ports 'eth3:u'      # LAN4 untagged
-    list ports 'ae_wan:t'    # WAN tagged
-```
-
----
-
-### Example 5: Multi-Service with Different Tagging
-
-**Scenario**: Internet with LAN1+WAN tagged, IPTV with only WAN tagged
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet,tv'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:1499:LAN1-WAN,brvlan:mixed:1510:WAN-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-**Result**:
-
-**Internet Service (VLAN 1499)**:
-```
-config bridge-vlan brvlan_1499_internet
-    option device 'br-internet'
-    option vlan '1499'
-    list ports 'eth0:t'      # LAN1 tagged
-    list ports 'eth1:u'      # LAN2 untagged
-    list ports 'ae_wan:t'    # WAN tagged
-```
-
-**TV Service (VLAN 1510)**:
-```
-config bridge-vlan brvlan_1510_tv
-    option device 'br-tv'
-    option vlan '1510'
-    list ports 'eth2:u'      # LAN3 untagged
-    list ports 'eth3:u'      # LAN4 untagged
-    list ports 'ae_wan:t'    # WAN tagged
-```
-
----
-
-### Example 6: Trunk Port Configuration
-
-**Scenario**: LAN1 as trunk port (tagged), others as access ports (untagged)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='vlan100'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100:LAN1'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-LAN4'
-uci commit netmode && service netmode restart
-```
-
-**Result**:
-```
-config bridge-vlan brvlan_100_vlan100
-    option device 'br-vlan100'
-    option vlan '100'
-    list ports 'eth0:t'      # LAN1 tagged (trunk port)
-    list ports 'eth1:u'      # LAN2 untagged (access port)
-    list ports 'eth2:u'      # LAN3 untagged (access port)
-    list ports 'eth3:u'      # LAN4 untagged (access port)
-```
-
----
-
-## Comparison: Mixed Mode vs Other Modes
-
-| Mode | Syntax | Tagged Ports | Untagged Ports |
-|------|--------|--------------|----------------|
-| **tagged** | `brvlan:tagged:100` | ALL | None |
-| **wan-tagged** | `brvlan:wan-tagged:100` | WAN only | All LAN |
-| **mixed (default)** | `brvlan:mixed:100` | WAN only | All LAN |
-| **mixed (custom)** | `brvlan:mixed:100:LAN1-WAN` | LAN1, WAN | All others |
-
----
-
-## Use Cases
-
-### Use Case 1: DMZ Configuration
-- **LAN1**: Tagged (DMZ network with VLAN tag)
-- **LAN2-4**: Untagged (local network)
-- **WAN**: Tagged (ISP requirement)
-
-```bash
-brvlan:mixed:100:LAN1-WAN
-```
-
-### Use Case 2: Guest Network
-- **LAN1-2**: Tagged (guest WiFi APs that handle VLANs)
-- **LAN3-4**: Untagged (local devices)
-- **WAN**: Untagged (local ISP connection)
-
-```bash
-brvlan:mixed:50:LAN1-LAN2
-```
-
-### Use Case 3: Managed Switch Uplink
-- **LAN1**: Tagged (uplink to managed switch)
-- **LAN2-4**: Untagged (end user devices)
-- **WAN**: Tagged (ISP VLAN)
-
-```bash
-brvlan:mixed:200:LAN1-WAN
-```
-
----
-
-## Port Specification Reference
-
-When specifying tagged ports in mixed mode:
-
-| Specification | Resolves To | Example |
-|---------------|-------------|---------|
-| `WAN` | WAN device | `ae_wan` |
-| `LAN1` | LAN1 device from UCI | `eth0` |
-| `LAN1-LAN2` | LAN1 and LAN2 | `eth0`, `eth1` |
-| `LAN1-WAN` | LAN1 and WAN | `eth0`, `ae_wan` |
-| `ALL` | Not supported in tagged ports spec | Use `brvlan:tagged` instead |
-
----
-
-## Troubleshooting
-
-### Verify Port Tagging
-
-```bash
-# View bridge VLAN table
-bridge vlan show
-
-# Expected output shows :t (tagged) or :u (untagged)
-port              vlan-id
-eth0              100 Tagged
-eth1              100 Untagged
-ae_wan            100 Tagged
-```
-
-### Check Configuration
-
-```bash
-# View bridge-vlan sections
-uci show network | grep bridge-vlan -A5
-
-# Look for ports list with :t or :u suffixes
-```
-
-### Common Mistakes
-
-1. **Wrong Syntax**: Must use colon between VID and port spec
-   - ❌ `brvlan:mixed:100-LAN1-WAN`
-   - ✅ `brvlan:mixed:100:LAN1-WAN`
-
-2. **Using ALL**: Don't use ALL in tagged ports
-   - ❌ `brvlan:mixed:100:ALL`
-   - ✅ Use `brvlan:tagged:100` instead
-
-3. **Duplicate Ports**: Port appears in both bridge port list and tagged spec
-   - Ensure the port list in arg 3 includes all ports you reference in arg 2
-
----
-
-## Advanced: Multiple VLANs on Same Bridge
-
-While this guide focuses on single VLAN per bridge, you can create multiple bridge-vlan sections manually after netmode configuration for trunk scenarios. However, this is beyond the scope of netmode automation.
-
----
-
-**Document Version**: 1.0
-**Last Updated**: 2025-12-12
-**Feature**: Bridge VLAN Filtering Mixed Mode

netmode/docs/CONFIGURATION_SCENARIOS.md

@@ -1,739 +0,0 @@
-# Advanced Mode - Configuration Scenarios
-
-Complete examples for common use cases with both UCI and TR-181 configuration methods.
-
----
-
-## Scenario 1: Simple Home Router (Transparent Bridge)
-
-**Use Case**: All ports bridged together for simple home network
-
-**Network Topology**:
-```
-All LAN ports + WAN → br-wan (no VLANs)
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='wan'
-uci set netmode.mode_4_supprted_args_2.value='bridge:transparent'
-uci set netmode.mode_4_supprted_args_3.value='ALL'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>wan</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>bridge:transparent</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>ALL</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- Single bridge interface `br-wan`
-- All ports untagged
-- DHCP client enabled
-
----
-
-## Scenario 2: Traditional LAN Bridge with Routed WAN
-
-**Use Case**: Classic router setup with LAN bridge and separate routed WAN
-
-**Network Topology**:
-```
-All LAN ports → br-lan (bridge)
-WAN port → wan (routed interface)
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='lan,wan'
-uci set netmode.mode_4_supprted_args_2.value='bridge:transparent,route:transparent'
-uci set netmode.mode_4_supprted_args_3.value='ALL_LAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>lan,wan</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>bridge:transparent,route:transparent</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>ALL_LAN,WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- Bridge interface `br-lan` with all LAN ports only
-- Routed interface `wan` on WAN port
-- Traditional router topology
-
----
-
-## Scenario 3: ISP Internet Service (Single VLAN)
-
-**Use Case**: ISP requires VLAN 100 on WAN port for internet access
-
-**Network Topology**:
-```
-WAN.100 (tagged) + LAN1-4 (untagged) → br-internet.100
-```
-
-### UCI Configuration (Bridge VLAN Filtering - Recommended)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100'
-uci set netmode.mode_4_supprted_args_3.value='ALL'
-uci commit netmode && service netmode restart
-```
-
-### UCI Configuration (Traditional VLAN Devices)
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet'
-uci set netmode.mode_4_supprted_args_2.value='bridge:wan-tagged:100'
-uci set netmode.mode_4_supprted_args_3.value='ALL'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>internet</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>brvlan:wan-tagged:100</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>ALL</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- WAN port tagged with VLAN 100
-- LAN ports untagged
-- DHCP client enabled
-
----
-
-## Scenario 4: ISP Dual Service (Internet + IPTV)
-
-**Use Case**: ISP provides Internet on VLAN 1499 and IPTV on VLAN 1510
-
-**Network Topology**:
-```
-Internet: WAN.1499 (tagged) + LAN1-2 (untagged) → br-internet.1499
-IPTV: WAN.1510 (tagged) + LAN3-4 (untagged) → br-tv.1510
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet,tv'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>internet,tv</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>brvlan:wan-tagged:1499,brvlan:wan-tagged:1510-n</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>LAN1-LAN2-WAN,LAN3-LAN4-WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- Internet bridge on VLAN 1499 with LAN1-2
-- IPTV bridge on VLAN 1510 with LAN3-4 (proto=none, no DHCP)
-- Both services use WAN port with respective VLANs
-
----
-
-## Scenario 5: ISP Triple-Play (Internet + IPTV + VoIP)
-
-**Use Case**: Full triple-play service with Internet, IPTV, and VoIP
-
-**Network Topology**:
-```
-Internet: WAN.100 (tagged) + LAN1-2 (untagged) → br-internet.100
-IPTV: WAN.200 (tagged) + LAN3 (untagged) → br-tv.200
-VoIP: WAN.300 (tagged) + LAN4 (untagged) → br-voip.300
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='internet,tv,voip'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-WAN,LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>internet,tv,voip</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>brvlan:wan-tagged:100,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300-n</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>LAN1-LAN2-WAN,LAN3-WAN,LAN4-WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- Internet on VLAN 100 with DHCP (LAN1-2)
-- IPTV on VLAN 200 without DHCP (LAN3)
-- VoIP on VLAN 300 without DHCP (LAN4)
-
----
-
-## Scenario 6: Routed Multi-Service (Internet + IPTV + Management)
-
-**Use Case**: Multiple routed services on different VLANs with NAT/firewall
-
-**Network Topology**:
-```
-WAN.100 → wan (routed, DHCP, firewall)
-WAN.200 → iptv (routed, DHCP, firewall)
-WAN.300 → mgmt (routed, DHCP, firewall)
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='wan,iptv,mgmt'
-uci set netmode.mode_4_supprted_args_2.value='route:vlan:100,route:vlan:200,route:vlan:300'
-uci set netmode.mode_4_supprted_args_3.value='WAN,WAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>wan,iptv,mgmt</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>route:vlan:100,route:vlan:200,route:vlan:300</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>WAN,WAN,WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- Three separate routed interfaces
-- Each with own firewall zone
-- All with DHCP clients enabled
-
----
-
-## Scenario 7: Hybrid Setup (Routed Internet + Bridged IPTV)
-
-**Use Case**: Internet needs routing/NAT, but IPTV needs transparent bridge to STBs
-
-**Network Topology**:
-```
-WAN.100 → wan (routed, firewall)
-WAN.200 + LAN1-3 → br-iptv.200 (bridged, transparent)
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='wan,iptv'
-uci set netmode.mode_4_supprted_args_2.value='route:vlan:100,brvlan:wan-tagged:200-n'
-uci set netmode.mode_4_supprted_args_3.value='WAN,LAN1-LAN2-LAN3-WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>wan,iptv</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>route:vlan:100,brvlan:wan-tagged:200-n</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>WAN,LAN1-LAN2-LAN3-WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- WAN interface routed with firewall
-- IPTV bridged transparently to LAN ports
-- Firewall enabled (because of routed interface)
-
----
-
-## Scenario 8: Corporate Network with Trunk Port
-
-**Use Case**: LAN1 is trunk port to managed switch, other ports are access ports
-
-**Network Topology**:
-```
-VLAN 200: LAN1 (tagged) + WAN (tagged) + LAN2-3 (untagged) → br-corporate.200
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='corporate'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:200:LAN1-WAN'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>corporate</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>brvlan:mixed:200:LAN1-WAN</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>LAN1-LAN2-LAN3-WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- LAN1 and WAN tagged (trunk ports)
-- LAN2-3 untagged (access ports)
-- All on VLAN 200
-
----
-
-## Scenario 9: Enterprise Multi-VLAN (Separate Networks)
-
-**Use Case**: Separate networks for guest, corporate, and management
-
-**Network Topology**:
-```
-Guest: WAN.100 (tagged) + LAN1 (untagged) → br-guest.100
-Corporate: WAN.200 (tagged) + LAN2-3 (untagged) → br-corporate.200
-Management: WAN.300 (tagged) + LAN4 (untagged) → br-mgmt.300
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='guest,corporate,mgmt'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:wan-tagged:100-n,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-WAN,LAN2-LAN3-WAN,LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>guest,corporate,mgmt</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>brvlan:wan-tagged:100-n,brvlan:wan-tagged:200-n,brvlan:wan-tagged:300</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>LAN1-WAN,LAN2-LAN3-WAN,LAN4-WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- Guest network on VLAN 100 (no DHCP)
-- Corporate network on VLAN 200 (no DHCP)
-- Management network on VLAN 300 (DHCP enabled)
-
----
-
-## Scenario 10: Wholesale QinQ Provider
-
-**Use Case**: Service provider supporting multiple customers with QinQ (802.1ad)
-
-**Network Topology**:
-```
-Customer A: All ports double-tagged (S-tag 100, C-tag 10)
-Customer B: All ports double-tagged (S-tag 100, C-tag 20)
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='customer_a,customer_b'
-uci set netmode.mode_4_supprted_args_2.value='bridge:qinq:10:100-n,bridge:qinq:20:100-n'
-uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>customer_a,customer_b</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>bridge:qinq:10:100-n,bridge:qinq:20:100-n</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>LAN1-LAN2-WAN,LAN3-LAN4-WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- Customer A bridge with C-tag 10, S-tag 100
-- Customer B bridge with C-tag 20, S-tag 100
-- Both without DHCP (proto=none)
-
-**Note**: QinQ requires traditional `bridge:` mode, not available with `brvlan:` mode.
-
----
-
-## Scenario 11: MACVLAN Multi-Service (Different MAC Addresses)
-
-**Use Case**: ISP requires different MAC addresses for Internet and IPTV services
-
-**Network Topology**:
-```
-WAN (default MAC) → wan (routed)
-WAN (custom MAC) → iptv (routed)
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='wan,iptv'
-uci set netmode.mode_4_supprted_args_2.value='route:transparent,route:macvlan:AA:BB:CC:DD:EE:FF'
-uci set netmode.mode_4_supprted_args_3.value='WAN,WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>wan,iptv</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>route:transparent,route:macvlan:AA:BB:CC:DD:EE:FF</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>WAN,WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- WAN interface with default MAC
-- IPTV interface with custom MAC (AA:BB:CC:DD:EE:FF)
-- Both routed with firewall
-
----
-
-## Scenario 12: Standalone VLAN Interface
-
-**Use Case**: WAN as standalone VLAN interface (no bridge, no routing, for custom protocols)
-
-**Network Topology**:
-```
-WAN.2501 → wan (standalone, proto=none)
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='wan'
-uci set netmode.mode_4_supprted_args_2.value='direct:2501'
-uci set netmode.mode_4_supprted_args_3.value='WAN'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>wan</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>direct:2501</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>WAN</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- WAN.2501 VLAN device created
-- No bridge, no routing layer
-- proto=none (manual configuration needed)
-
----
-
-## Scenario 13: All Ports Tagged (Managed Network)
-
-**Use Case**: All ports need VLAN tags for managed switch environment
-
-**Network Topology**:
-```
-VLAN 100: All ports tagged → br-mgmt.100
-```
-
-### UCI Configuration
-
-```bash
-uci set netmode.global.mode='advanced'
-uci set netmode.mode_4_supprted_args_1.value='mgmt'
-uci set netmode.mode_4_supprted_args_2.value='brvlan:tagged:100'
-uci set netmode.mode_4_supprted_args_3.value='ALL'
-uci commit netmode && service netmode restart
-```
-
-### TR-181 Configuration
-
-```xml
-<SetParameterValues>
-  <ParameterList>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.Mode</Name>
-      <Value>advanced</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.1.Value</Name>
-      <Value>mgmt</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.2.Value</Name>
-      <Value>brvlan:tagged:100</Value>
-    </ParameterValueStruct>
-    <ParameterValueStruct>
-      <Name>Device.X_IOWRT_EU_NetMode.SupportedModes.4.SupportedArguments.3.Value</Name>
-      <Value>ALL</Value>
-    </ParameterValueStruct>
-  </ParameterList>
-</SetParameterValues>
-```
-
-**Result**:
-- All ports (LAN + WAN) tagged with VLAN 100
-- Single bridge with VLAN filtering
-- DHCP client enabled
-
----
-
-## Quick Reference: Configuration Cheat Sheet
-
-### Interface Types
-
-| Type | Syntax | When to Use |
-|------|--------|-------------|
-| Transparent Bridge | `bridge:transparent` | Simple home network, no VLANs |
-| Bridge VLAN Filtering (Tagged) | `brvlan:tagged:VID` | All ports need VLAN tags, modern approach |
-| Bridge VLAN Filtering (WAN Tagged) | `brvlan:wan-tagged:VID` | ISP VLAN on WAN, LAN untagged (recommended) |
-| Bridge VLAN Filtering (Mixed) | `brvlan:mixed:VID:PORTS` | Custom trunk/access port setup |
-| Traditional Tagged Bridge | `bridge:tagged:VID` | Legacy systems, all ports tagged |
-| Traditional WAN Tagged | `bridge:wan-tagged:VID` | Legacy ISP VLAN setup |
-| QinQ Bridge | `bridge:qinq:CVID:SVID` | Wholesale provider, double tagging |
-| Routed VLAN | `route:vlan:VID` | Need routing/NAT per service |
-| Routed MACVLAN | `route:macvlan:MAC` | Different MAC per service |
-| Direct VLAN | `direct:VID` | Standalone VLAN for custom protocols |
-
-### Modifiers
-
-| Modifier | Effect | Example |
-|----------|--------|---------|
-| `-n` | Disable DHCP client (proto=none) | `brvlan:wan-tagged:100-n` |
-| `-d` | Disable interface | `route:vlan:200-d` |
-
-### Port Specifications
-
-| Syntax | Meaning |
-|--------|---------|
-| `ALL` | All LAN + WAN ports |
-| `WAN` | WAN port only |
-| `LAN1-LAN2-WAN` | LAN1, LAN2, and WAN |
-| `LAN1-LAN3` | LAN1 and LAN3 only |
-
-### MAC Address Macros
-
-| Macro | Description | Example Result |
-|-------|-------------|----------------|
-| `BaseMACAddress` | Base MAC from `fw_printenv -n ethaddr` | `94:3F:0C:D5:76:00` |
-| `BaseMACAddressP1` | Base MAC + 1 | `94:3F:0C:D5:76:01` |
-| `BaseMACAddressP2` | Base MAC + 2 | `94:3F:0C:D5:76:02` |
-| `BaseMACAddressPN` | Base MAC + N | `BaseMACAddressP5` → `94:3F:0C:D5:76:05` |
-| Explicit MAC | Direct assignment | `AA:BB:CC:DD:EE:FF` |
-
----
-
-**Document Version**: 1.0
-**Last Updated**: 2025-12-12