ieee1905: 8.7.40

(cherry picked from commit 9101095a0a)

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.16.6.2
+PKG_VERSION:=1.16.6.6
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=aa480554461c82e6f6f44ee6c23108d3e44fce21
+PKG_SOURCE_VERSION:=6317266bdfb0180d75ed2dd830e108f09fe2526a
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -107,7 +107,7 @@ endif
 
 CMAKE_OPTIONS += \
 	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
-	-DBBFDMD_MAX_MSG_LEN:Integer=10485760 \
+	-DBBFDMD_MAX_MSG_LEN:Integer=20971520 \
 	-DCMAKE_BUILD_TYPE:String="Debug" \
 
 

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.1.8
+PKG_VERSION:=6.2.1.14
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b7e294d7c610adfd80cf40a0628c189695dc5156
+PKG_SOURCE_VERSION:=d9ff69760bc34dd3928fa784dfb3116bfe3f95af
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dhcpmngr/Config.in

@@ -0,0 +1,12 @@
+if PACKAGE_dhcpmngr
+
+config DHCPMNGR_ENABLE_VENDOR_EXT
+	bool "Use datamodel vendor extensions"
+	default y
+	help
+	   Set this option to use bridge BBF vendor extensions.
+
+config DHCPMNGR_VENDOR_PREFIX
+	string "Package specific datamodel Vendor Prefix for TR181 extensions"
+	default ""
+endif

dhcpmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dhcpmngr
-PKG_VERSION:=1.0.6
+PKG_VERSION:=1.0.10
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
-PKG_SOURCE_VERSION:=986f66608959f4f589009d580b046e250d8c620d
+PKG_SOURCE_VERSION:=e238e47fa13153c5b1890056b0d09c65879de8c5
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -39,6 +39,22 @@ define Package/dhcpmngr/description
   Package to add Device.DHCPv4. and Device.DHCPv6. data model support.
 endef
 
+define Package/$(PKG_NAME)/config
+        source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(CONFIG_DHCPMNGR_ENABLE_VENDOR_EXT),y)
+MAKE_FLAGS += DHCPMNGR_ENABLE_VENDOR_EXT=y
+endif
+
+ifeq ($(CONFIG_DHCPMNGR_VENDOR_PREFIX),"")
+VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
+else
+VENDOR_PREFIX = $(CONFIG_DHCPMNGR_VENDOR_PREFIX)
+endif
+
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/dhcpmngr/* $(PKG_BUILD_DIR)/

dmcli-plugins/Makefile

@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2023 Genexis Netherlands B.V. All rights reserved.
+# This Software and its content are protected by the Dutch Copyright Act
+# ('Auteurswet'). All and any copying and distribution of the software
+# and its content without authorization by Genexis Netherlands B.V. is
+# prohibited. The prohibition includes every form of reproduction and
+# distribution.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmcli-plugins
+PKG_LICENSE:=PROPRIETARY GENEXIS
+PKG_VERSION:=2.2.6
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli-plugin-easydm.git
+PKG_SOURCE_VERSION:=bc8b8527e8a41bdba73cb277a3c6c3b42b045153
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dmcli-plugins
+  SECTION:=tools
+  CATEGORY:=Genexis
+  TITLE:=Easy-to-use data model on top of TR181
+  URL:=http://genexis.eu
+  DEPENDS:=+dmcli
+endef
+
+define Package/dmcli-plugins/description
+  EasyDM offers a user-friendly approach to configuring TR-181
+  simplifying the process with its intuitive interface.
+endef
+
+define Build/Compile
+	true
+endef
+
+define Package/dmcli-plugins/install
+	$(INSTALL_DIR) $(1)/usr/lib/dmcli/plugins
+	$(CP) $(PKG_BUILD_DIR)/src/*.js $(1)/usr/lib/dmcli/plugins/
+endef
+
+$(eval $(call BuildPackage,dmcli-plugins))

dmcli/Config.in

@@ -0,0 +1,9 @@
+if PACKAGE_dmcli
+
+config DMCLI_REMOTE_CONNECTION
+        bool "Add dmcli remote controller configuration"
+        default n
+        help
+                This adds a usp controller configuration for dmcli remote connection from different machine/laptop/server.
+
+endif

dmcli/Makefile

@@ -0,0 +1,75 @@
+#
+# Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
+# This Software and its content are protected by the Dutch Copyright Act
+# ('Auteurswet'). All and any copying and distribution of the software
+# and its content without authorization by Genexis Netherlands B.V. is
+# prohibited. The prohibition includes every form of reproduction and
+# distribution.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmcli
+PKG_LICENSE:=PROPRIETARY GENEXIS
+PKG_VERSION:=1.9.4
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/dmcli.git
+PKG_SOURCE_VERSION:=2139e81d0faca09fe1832c503297ef75ea76d6eb
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dmcli
+  SECTION:=tools
+  CATEGORY:=Genexis
+  TITLE:=DMCLI (datamodel-based CLI)
+  URL:=http://genexis.eu
+  DEPENDS:=+usp-js +DMCLI_REMOTE_CONNECTION:mosquitto-auth-plugin +shadow-utils +@BUSYBOX_CONFIG_ADDUSER
+endef
+
+define Package/dmcli/description
+  CLI to view and configure datamodels of CPE
+endef
+
+define Package/dmcli/conffiles
+/etc/dmcli/dmcli.conf
+endef
+
+define Package/dmcli/config
+	source "$(SOURCE)/Config.in"
+endef
+
+define Package/dmcli/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dmcli $(1)/usr/bin/
+
+	$(INSTALL_DIR) $(1)/usr/lib/dmcli
+	$(CP) $(PKG_BUILD_DIR)/common $(1)/usr/lib/dmcli/
+	mv $(1)/usr/lib/dmcli/common/os_qjs.js $(1)/usr/lib/dmcli/common/os.js
+	rm $(1)/usr/lib/dmcli/common/os_node.js
+	$(CP) $(PKG_BUILD_DIR)/core $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/cli $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/data $(1)/usr/lib/dmcli/
+	$(CP) $(PKG_BUILD_DIR)/plugins $(1)/usr/lib/dmcli/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli $(1)/etc/uci-defaults/
+ifeq ($(CONFIG_DMCLI_REMOTE_CONNECTION),y)
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote $(1)/etc/uci-defaults/
+else
+	$(INSTALL_DATA) ./files/etc/uci-defaults/36-dmcli-remote-remove $(1)/etc/uci-defaults/
+endif
+
+	$(INSTALL_DIR) $(1)/etc/dmcli
+	$(CP) ./files/etc/dmcli/dmcli.acl $(1)/etc/dmcli/
+	$(CP) ./files/etc/dmcli/dmcli.conf $(1)/etc/dmcli/
+
+	$(INSTALL_DIR) $(1)/etc/users/roles/
+	$(INSTALL_DATA) ./files/etc/users/roles/operator.json $(1)/etc/users/roles/
+endef
+
+$(eval $(call BuildPackage,dmcli))

dmcli/files/etc/dmcli/dmcli.acl

@@ -0,0 +1,4 @@
+user operator
+topic read /usp/operator/controller/reply-to
+topic read /usp/operator/controller
+topic write /usp/operator/endpoint

dmcli/files/etc/dmcli/dmcli.conf

@@ -0,0 +1,45 @@
+{
+   "Settings": {
+      "USP": {
+         "ActiveConnectionProfile": "local",
+         "ConnectionProfile": [
+            {
+               "Name": "local",
+               "Host": "127.0.0.1",
+               "Port": 9002,
+               "Username": "operator",
+               "Protocol": "ws",
+               "FromId": "oui:000F94:device-controller-operator",
+               "PublishEndpoint": "/usp/operator/endpoint",
+               "SubscribeEndpoint": "/usp/operator/controller"
+            }
+         ],
+         "Session": {
+            "AutoStart": false
+         },
+         "Notification": {
+            "LogTo": "console",
+            "Format": "brief",
+            "LogFile": "usp-notification.log"
+         }
+      },
+      "CLI": {
+         "Home": "/",
+         "Color": "true",
+         "Mode": "Command",
+         "ShowCommandTime": false,
+         "SortDMTree": false
+      },
+      "Prompt": {
+         "Auto": true,
+         "Color": "default",
+         "SelectedBackgroundColor": "yellow",
+         "PageSize": "3",
+         "AutoPromptOnEmptyCommand": false,
+         "AutoPromptInstanceNumbers": false
+      },
+      "Log": {
+         "Level": "Error"
+      }
+   }
+}

dmcli/files/etc/uci-defaults/36-dmcli

@@ -0,0 +1,120 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /lib/functions/iopsys-environment.sh
+. /usr/share/libubox/jshn.sh
+
+DMCLI_CONF="/etc/dmcli/dmcli.conf"
+CONTROLLER_ID='oui:000F94:device-controller-operator'
+DMCLI_RESP_TOPIC="/usp/operator/endpoint"
+DMCLI_CTRL_TOPIC="/usp/operator/controller"
+DMCLI_PORT="9002"
+
+grep -q "^operator:" /etc/passwd || {
+	adduser -g 'Operator' -D -H -s /usr/bin/dmcli --home '/usr/lib/dmcli' 'operator'
+	hash=""
+	if type get_operator_password_hash > /dev/null 2>&1; then
+		hash=$(get_operator_password_hash)
+	fi
+	if [ -z "$hash" ]; then
+		hash='$6$zP4Wk/VQJOLwwofC$teuhnYFQBcA8YUZo/Q0quDMi4SsOHmfBcyvt5VNchPnzgwF1nfNNliC3yBVW22NwmwttPEWeBEBfnMTBB0rYs/'
+	fi
+	echo "operator:${hash}" | chpasswd -e
+}
+
+grep -q "^/usr/bin/dmcli$" /etc/shells || {
+	echo '/usr/bin/dmcli' >> /etc/shells
+}
+
+uci -q del_list sshd.@sshd[0].AllowUsers='operator'
+uci -q add_list sshd.@sshd[0].AllowUsers='operator'
+
+uci -q delete users.operator
+uci -q set users.operator=user
+uci -q set users.operator.enabled=1
+uci -q set users.operator.shell='dmcli'
+uci -q set users.operator.member_roles='operator'
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_add mosquitto listener dmcli_local
+	uci_set mosquitto dmcli_local enabled 1
+	uci_set mosquitto dmcli_local port "${DMCLI_PORT}"
+	uci_set mosquitto dmcli_local protocol 'websockets'
+	uci_set mosquitto dmcli_local acl_file '/etc/dmcli/dmcli.acl'
+	uci_set mosquitto dmcli_local no_remote_access '1'
+	uci_set mosquitto dmcli_local allow_anonymous '1'
+fi
+
+if [ -f "/etc/config/obuspa" ]; then
+	uci_add obuspa mqtt mqtt_operator
+	uci_set obuspa mqtt_operator BrokerAddress '127.0.0.1'
+	uci_set obuspa mqtt_operator BrokerPort '1883'
+	uci_set obuspa mqtt_operator TransportProtocol 'TCP/IP'
+
+	uci_add obuspa mtp mtp_operator
+	uci_set obuspa mtp_operator Protocol 'MQTT'
+	uci_set obuspa mtp_operator ResponseTopicConfigured "${DMCLI_RESP_TOPIC}"
+	uci_set obuspa mtp_operator mqtt 'mqtt_operator'
+
+	uci_add obuspa controller controller_operator
+	uci_set obuspa controller_operator EndpointID "${CONTROLLER_ID}"
+	uci_set obuspa controller_operator Protocol 'MQTT'
+	uci_set obuspa controller_operator Topic "${DMCLI_CTRL_TOPIC}"
+	uci_set obuspa controller_operator mqtt 'mqtt_operator'
+	uci_set obuspa controller_operator assigned_role_name 'operator'
+fi
+
+_get_endpoint_id() {
+	local id serial oui
+
+	id="$(uci -q get obuspa.localagent.EndpointID)"
+	if [ -n "${id}" ]; then
+		echo "${id}"
+		return 0
+	fi
+
+	serial="$(db -q get device.deviceinfo.SerialNumber)"
+	oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+
+	echo "os::${oui}-${serial//+/%2B}"
+}
+
+update_dmcli_conf() {
+	local endpointid confTmpFile
+	local port fromid publish subscribe toid
+
+	if [ -f "${DMCLI_CONF}" ]; then
+		endpointid="$(_get_endpoint_id)"
+		json_load_file "${DMCLI_CONF}" || return
+		json_select "Settings" || return
+			json_select "USP" || return
+				json_select "ConnectionProfile" || return
+					json_select "1" || return
+						json_get_var port "Port"
+						json_get_var fromid "FromId"
+						json_get_var publish "PublishEndpoint"
+						json_get_var subscribe "SubscribeEndpoint"
+						json_get_var toid "ToId"
+
+						json_add_int "Port" "${DMCLI_PORT}"
+						json_add_string "FromId" "${CONTROLLER_ID}"
+						json_add_string "PublishEndpoint" "${DMCLI_RESP_TOPIC}"
+						json_add_string "SubscribeEndpoint" "${DMCLI_CTRL_TOPIC}"
+						json_add_string "ToId" "${endpointid}"
+					json_select ..
+				json_select ..
+			json_select ..
+		json_select ..
+
+		if [ "${port}" != "${DMCLI_PORT}" ] || [ "${fromid}" != "${CONTROLLER_ID}" ] || \
+			[ "${publish}" != "${DMCLI_RESP_TOPIC}" ] || [ "${subscribe}" != "${DMCLI_CTRL_TOPIC}" ] || \
+			[ "${toid}" != "${endpointid}" ]; then
+			confTmpFile="$(mktemp -u -p "$(dirname "$DMCLI_CONF")" "$(basename "$DMCLI_CONF").XXXXXXX")"
+			json_pretty
+			json_dump > "${confTmpFile}" || return
+			mv -f "${confTmpFile}" "${DMCLI_CONF}" || return
+		fi
+	fi
+}
+
+update_dmcli_conf || exit

dmcli/files/etc/uci-defaults/36-dmcli-remote

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_add mosquitto listener dmcli
+	uci_set mosquitto dmcli enabled 1
+	uci_set mosquitto dmcli port '9003'
+	uci_set mosquitto dmcli protocol 'websockets'
+	uci_set mosquitto dmcli auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
+	uci_set mosquitto dmcli acl_file '/etc/dmcli/dmcli.acl'
+fi
+
+exit 0

dmcli/files/etc/uci-defaults/36-dmcli-remote-remove

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ -f "/etc/config/mosquitto" ]; then
+	uci_remove mosquitto dmcli
+fi
+
+exit 0

dmcli/files/etc/users/roles/operator.json

@@ -0,0 +1,14 @@
+{
+  "tr181": {
+    "name": "operator",
+    "instance": 6,
+    "permission": [
+      {
+        "object": "Device.",
+        "perm": [
+          "PERMIT_ALL"
+        ]
+      }
+    ]
+  }
+}

dmcli/src/Makefile

@@ -0,0 +1,7 @@
+all: dmcli
+
+dmcli: main.c
+	$(CC) $(CFLAGS) -Wall -Werror -o $@ $^
+
+clean:
+	rm -f dmcli

dmcli/src/main.c

@@ -0,0 +1,32 @@
+/*
+* Copyright (c) 2021 Genexis Netherlands B.V. All rights reserved.
+* This Software and its content are protected by the Dutch Copyright Act
+* ('Auteurswet'). All and any copying and distribution of the software
+* and its content without authorization by Genexis Netherlands B.V. is
+* prohibited. The prohibition includes every form of reproduction and
+* distribution.
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+/* C Wrapper for operator to login to the CLI via ssh: the shell in
+ * the passwd file cannot be a script that requires an interpreter. */
+int main(int argc, char *argv[])
+{
+	char *cmd[3 + (argc > 1 ? argc - 1 : 0)];
+
+	cmd[0] = "/usr/bin/qjs";
+	cmd[1] = "/usr/lib/dmcli/cli/main.js";
+	cmd[2] = NULL;
+
+	if (argc > 1) {
+		memcpy(&cmd[2], &argv[1], (argc - 1) * sizeof(char *));
+		cmd[2 + argc - 1] = NULL;
+	}
+
+	execv(cmd[0], cmd);
+	fprintf(stderr, "%s: command not found\n", cmd[0]);
+	return 127;
+}

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.18
+PKG_VERSION:=1.0.20
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=80fa147e6f1f0d9c1a62a62a693ff3adaef45363
+PKG_SOURCE_VERSION:=448d278734a824f9d4ad1e7a55acd16c222d4c7e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.0.8
+PKG_VERSION:=3.0.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=c73e5b15718ca40b2740bbe6151dfbb2bcca16df
+PKG_SOURCE_VERSION:=0bcfd98d64b5bd8d3162944e2abd5740f9bf4b92
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.9.2
+PKG_VERSION:=1.0.9.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=fdabd33cf42ac02adadbdf43bd8bf86a62d7d1e3
+PKG_SOURCE_VERSION:=02dc90c48d996148b68d02632bac13a28d75cf25
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.3.3
+PKG_VERSION:=1.3.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=fee5bd0067fc1f30498bc2b81e893d170796b459
+PKG_SOURCE_VERSION:=624fee52af9cce08c6c69a5f7dd2191691d61aa8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.9.9.5
+PKG_VERSION:=9.9.9.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=f3d5843c54a4c1c3e74629f0953a3bf144c2fa8e
+PKG_SOURCE_VERSION:=cef78dc528690386caac5a7ff6c1afca6dd3d315
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -84,6 +84,7 @@ define Package/icwmp/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
+	$(INSTALL_BIN) ./files/etc/uci-defaults/50-cwmp-align-keep-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/

icwmp/files/etc/config/cwmp

@@ -43,7 +43,9 @@ config cpe 'cpe'
 	option periodic_notify_interval '10'
 	option incoming_rule 'Port_Only'
 	option active_notif_throttle '0'
-	option fw_upgrade_keep_settings '1'
+	#option KeepConfig '1'
+	#option KeepOpConf '1'
+	#option ConfigScope 'UserOnly'
 	option clock_sync_timeout '128'
 	option disable_datatype_check '0'
 	#list allowed_cr_ip '10.5.1.0/24'

icwmp/files/etc/init.d/icwmpd

@@ -97,7 +97,9 @@ validate_cpe_section()
 		'periodic_notify_enable:bool' \
 		'enable:bool:1' \
 		'periodic_notify_interval:uinteger' \
-		'fw_upgrade_keep_settings:bool'
+		'KeepConfig:bool' \
+		'KeepOpConf:bool' \
+		'ConfigScope:string'
 }
 
 validate_defaults() {
@@ -168,13 +170,21 @@ start_service() {
 
 stop_service()
 {
-	local switch_bank
+	local switch_bank KeepConfig KeepOpConf ConfigScope
 
 	copy_cwmp_varstate_files_to_etc
-	
 	switch_bank=$(uci -q -c /var/state/ get icwmp.cpe.switch_bank)
-	if [ -n "$switch_bank" ] && [ "$switch_bank" = "1" ]; then
-		[ -x /etc/sysmngr/fwbank ] && /etc/sysmngr/fwbank call copy_config
+	if [ "$switch_bank" = "1" ] && [ -x /etc/sysmngr/fwbank ]; then
+		KeepConfig="$(uci -q get cwmp.cpe.KeepConfig)"
+		KeepOpConf="$(uci -q get cwmp.cpe.KeepOpConf)"
+		ConfigScope="$(uci -q get cwmp.cpe.ConfigScope)"
+
+		json_init
+		[ -n "${KeepConfig}" ] && json_add_boolean "keep_config" "${KeepConfig}"
+		[ -n "${KeepOpConf}" ] && json_add_boolean "keep_opconf" "${KeepOpConf}"
+		[ -n "${ConfigScope}" ] && json_add_string "config_scope" "${ConfigScope}"
+
+		json_dump| /etc/sysmngr/fwbank call copy_config
 	fi
 }
 

icwmp/files/etc/uci-defaults/50-cwmp-align-keep-config

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+keep_settings="$(uci -q get cwmp.cpe.fw_upgrade_keep_settings)"
+if [ -n "${keep_settings}" ]; then
+	uci -q delete cwmp.cpe.fw_upgrade_keep_settings
+	uci -q set cwmp.cpe.KeepConfig="${keep_settings}"
+fi

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.33
+PKG_VERSION:=8.7.40
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f28f1c04cae008d7d6448ba02b992506af28448c
+PKG_SOURCE_VERSION:=06e45ad44433b98b0630dab59d943fade7c24269
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ieee1905/files/etc/init.d/ieee1905

@@ -83,7 +83,7 @@ start_service() {
 	validate_ieee1905_config || return 1;
 
 	procd_open_instance
-        procd_set_param command "/usr/sbin/ieee1905d" "-o"  "/tmp/ieee1905.log" "-f"
+        procd_set_param command "/usr/sbin/ieee1905d" "-ddddd" "-o"  "/tmp/ieee1905.log"
 	procd_set_param respawn
 	procd_set_param limits core="unlimited"
 #	procd_set_param env IEEE1905_LOG_CMDU=1

iopsys-analytics/Makefile

@@ -34,6 +34,9 @@ define Package/$(PKG_NAME)
     +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
     +PACKAGE_fluent-bit:logrotate                       \
     +@DMCLI_REMOTE_CONNECTION
+  # tools used in development/testing
+  DEPENDS+=                                             \
+    +iperf3
 
 endef
 

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.2
+PKG_VERSION:=2.1.3
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5f1184c52be19f3bfd3bc7e9bc582ef09b0a2b1c
+PKG_SOURCE_VERSION:=fdfe23e51ff77ca6d2661ad6208d097758524147
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libeasy/Makefile

@@ -1,32 +1,28 @@
 #
-# Copyright (C) 2020-2023 Iopsys
+# Copyright (C) 2025 Genexis Sweden AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.4.6
+PKG_VERSION:=7.5.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ca7b20068c9d373e41045a2e899a9c697576262c
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libeasy.git
-PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
+PKG_SOURCE_VERSION:=b981f7e1bd51f66041cd0c25d15af74ae1e3bc75
+PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libeasy.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=LGPL-2.1-only
-PKG_LICENSE_FILES:=LICENSE
+PKG_LICENSE_FILES:=
+PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
 
 include $(INCLUDE_DIR)/package.mk
-
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/openssl \
-	-I$(STAGING_DIR)/usr/include/libnl3
+include $(INCLUDE_DIR)/cmake.mk
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -34,9 +30,6 @@ define Build/Prepare
 endef
 endif
 
-MAKE_FLAGS += \
-	CFLAGS="$(TARGET_CFLAGS) -Wall"
-
 define Package/libeasy
   SECTION:=libs
   CATEGORY:=Libraries
@@ -47,7 +40,7 @@ define Package/libeasy
 endef
 
 define Package/libeasy/description
-  Library provides common utility functions
+  This package provides libeasy.so for common utility functions.
 endef
 
 define Build/InstallDev/libeasy
@@ -67,6 +60,7 @@ define Build/InstallDev/libeasy
 endef
 
 define Build/InstallDev
+	$(call Build/InstallDev/cmake,$(1))
 	$(call Build/InstallDev/libeasy,$(1),$(2))
 endef
 

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.13.7
+PKG_VERSION:=7.13.10
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0b3cc45334c167d164c2c79e82522f13698abf92
+PKG_SOURCE_VERSION:=5e8d828c01ed7ab2feba9028b603dde9708cb656
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

logmngr/Makefile

@@ -65,8 +65,10 @@ define Package/logmngr/install
 	$(INSTALL_DIR) $(1)/lib/logmngr
 ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
 	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp/
 	$(INSTALL_BIN) ./files/logread $(1)/sbin/
 	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
+	$(INSTALL_BIN) ./files/etc/hotplug.d/ntp/20-reload_fluent_bit $(1)/etc/hotplug.d/ntp/
 else ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif

logmngr/files/etc/hotplug.d/ntp/20-reload_fluent_bit

@@ -0,0 +1,14 @@
+#!/bin/sh
+# This hotplug script reloads fluent-bit, so that kmsg logs' timestamp gets in sync
+
+[ "$ACTION" = stratum ] || exit 0
+
+# only once
+if ! uci -q get time.global.first_use_date > /dev/null 2>&1; then
+	flb_pid="$(pidof fluent-bit)"
+
+	if [ -n "$flb_pid" ]; then
+		logger -t "logmngr.hotplug" -p info "reload fluent-bit due to ntp sync"
+		kill -SIGHUP "$flb_pid"
+	fi
+fi

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -77,6 +77,12 @@ create_default_filters() {
 	append_conf "    rename          msg     message"
 	append_conf ""
 
+	append_conf "[FILTER]"
+	append_conf "    name            modify"
+	append_conf "    match           *"
+	append_conf "    add             pid     0"
+	append_conf ""
+
 	append_conf "[FILTER]"
 	append_conf "    name            sysinfo"
 	append_conf "    match           *"

map-agent/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.7.0
+PKG_VERSION:=6.3.7.17
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ab9fa6ffc6978c84ab9a3b410d31c71c3b185430
+PKG_SOURCE_VERSION:=7f71fafbec49fa4b25d1e8d07cfc1fee5b4bbab0
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/etc/init.d/mapagent

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=98
+START=97
 STOP=20
 
 USE_PROCD=1

map-agent/files/etc/uci-defaults/100-mapagent-config-migrate.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+. /lib/functions.sh
+
+cfg=mapagent
+config_load $cfg
+
+if uci -q get $cfg.agent.partial_wifi_reload >/dev/null; then
+	uci -q set $cfg.agent.partial_wifi_reload='0'
+fi
+
+if uci -q get $cfg.agent.chan_ch_relay_mcast >/dev/null; then
+	uci -q set $cfg.agent.chan_ch_relay_mcast='0'
+fi
+
+rename_dpp_uri() {
+	local section="$1"
+	local type device ifname band
+	local ch_list=""
+
+	config_get type "$section" type
+	config_get device "$section" device
+	config_get ifname "$section" ifname
+	config_get band "$section" band
+	config_get chirp_interval "$section" chirp_interval
+
+	append_chan() {
+		local val="$1"
+		local chan_num="${val#*/}"
+		ch_list="$ch_list $chan_num"
+	}
+	config_list_foreach "$section" chan append_chan
+
+	new_section=$(uci add "$cfg" dpp_chirp)
+	[ -n "$type" ] && uci set "$cfg.$new_section.type=$type"
+	[ -n "$device" ] && uci set "$cfg.$new_section.device=$device"
+	[ -n "$ifname" ] && uci set "$cfg.$new_section.ifname=$ifname"
+	[ -n "$band" ] && uci set "$cfg.$new_section.band=$band"
+
+	if [ -n "$chirp_interval" ]; then
+		uci set "${cfg}.${new_section}.chirp_interval=$chirp_interval"
+	fi
+
+	for ch in $ch_list; do
+		uci add_list "$cfg.$new_section.channel=$ch"
+	done
+	uci delete "$cfg.$section"
+}
+
+uci -q delete "$cfg.@dpp_controller[0]"
+
+config_foreach rename_dpp_uri dpp_uri
+
+exit 0

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.4.0
+PKG_VERSION:=6.4.4.13
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=d2e91ca156dbe0b44f0fc551b0a353137343fdf1
+PKG_SOURCE_VERSION:=bd0fb2b63830e19038d9495517c03fdc3900cdfa
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0

map-controller/files/etc/config/mapcontroller

@@ -14,7 +14,7 @@ config controller 'controller'
 
 config sta_steering 'sta_steering'
 	option enable_sta_steer '1'
-	option enable_bsta_steer '0'
+	option enable_bsta_steer '1'
 	option rcpi_threshold_2g '70'
 	option rcpi_threshold_5g '86'
 	option rcpi_threshold_6g '86'

map-controller/files/etc/uci-defaults/100-mapcntlr-config-migrate.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+cfg=mapcontroller
+config_load $cfg
+
+uci -q get $cfg.controller.debug >/dev/null 2>&1 && \
+	uci set $cfg.controller.debug='2'
+
+allow_bgdfs=$(uci -q get $cfg.controller.allow_bgdfs || echo "0")
+channel_plan_val=$(uci -q get $cfg.controller.channel_plan || echo "0")
+
+uci -q delete $cfg.controller.allow_bgdfs
+uci -q delete $cfg.controller.channel_plan
+
+uci -q get $cfg.controller.stale_sta_timeout >/dev/null 2>&1 || \
+	uci set $cfg.controller.stale_sta_timeout='30d'
+
+if [ -f /usr/lib/mapcontroller/zerotouch.so ]; then
+	uci -q del_list $cfg.controller.plugin='zerotouch'
+	uci -q add_list $cfg.controller.plugin='zerotouch'
+fi
+
+if ! uci show $cfg 2>/dev/null | grep -q "=channel_plan"; then
+	section=$(uci add $cfg channel_plan)
+	uci set $cfg.$section.preclear_dfs="$allow_bgdfs"
+	uci set $cfg.$section.acs="$channel_plan_val"
+fi
+
+exit 0

map-controller/files/etc/uci-defaults/99-mapcontroller-sta-steering

@@ -21,9 +21,21 @@ adapt_sta_steering() {
 	uci -q del $cfg.@sta_steering[0].use_usta_metrics
 	uci -q del $cfg.@sta_steering[0].bandsteer
 	uci -q del $cfg.@sta_steering[0].diffsnr
+	if [ -f /usr/lib/mapcontroller/rcpi.so ]; then
+		uci -q del_list $cfg.@sta_steering[0].plugins="rcpi"
+		uci -q add_list $cfg.@sta_steering[0].plugins="rcpi"
+	fi
+
+	if [ -f /usr/lib/mapcontroller/rate.so ]; then
+		uci -q del_list $cfg.@sta_steering[0].plugins="rate"
+		uci -q add_list $cfg.@sta_steering[0].plugins="rate"
+	fi
+
+	if [ -f /usr/lib/mapcontroller/bsteer.so ]; then
+		uci -q del_list $cfg.@sta_steering[0].plugins="bsteer"
+		uci -q add_list $cfg.@sta_steering[0].plugins="bsteer"
+	fi
 
-	uci del_list $cfg.@sta_steering[0].plugins="rcpi"
-	uci add_list $cfg.@sta_steering[0].plugins="rcpi"
 	uci -q set $cfg.@sta_steering[0].plugins_enabled="1"
 	uci -q set $cfg.@sta_steering[0].plugins_policy="any"
 

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.2.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a76610182366cf05ed7e8f5fbac26890b709eeb4
+PKG_SOURCE_VERSION:=dd873ca4e2cb321302dae1955da24d1be271b2b1
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

mosquitto-auth-plugin/Config.in

@@ -1,4 +1,4 @@
-if PACKAGE_mosquitto-auth-shadow
+if PACKAGE_mosquitto-auth-plugin
 
 config MOSQUITTO_AUTH_PAM_SUPPORT
 	bool "Enable support of Linux PAM module for Authentication"

mosquitto-auth-plugin/Makefile

@@ -13,8 +13,8 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=mosquitto-auth-shadow
-PKG_VERSION:=1.1.0
+PKG_NAME:=mosquitto-auth-plugin
+PKG_VERSION:=1.2.1
 
 PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
 PKG_LICENSE:=EPL-2.0
@@ -24,7 +24,7 @@ PKG_CONFIG_DEPENDS:=CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/mosquitto-auth-shadow
+define Package/mosquitto-auth-plugin
   SECTION:=net
   CATEGORY:=Network
   TITLE:=mosquitto - /etc/shadow authentication plugin
@@ -32,12 +32,12 @@ define Package/mosquitto-auth-shadow
   USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
 endef
 
-define Package/mosquitto-auth-shadow/description
+define Package/mosquitto-auth-plugin/description
   Plugin for the mosquitto MQTT message broker that authenticates
   users using /etc/shadow
 endef
 
-define Package/mosquitto-auth-shadow/config
+define Package/mosquitto-auth-plugin/config
 	source "$(SOURCE)/Config.in"
 endef
 
@@ -45,10 +45,10 @@ ifeq ($(CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT),y)
 TARGET_CFLAGS+=-DENABLE_PAM_SUPPORT
 endif
 
-define Package/mosquitto-auth-shadow/install
+define Package/mosquitto-auth-plugin/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_shadow.so $(1)/usr/lib/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_plugin.so $(1)/usr/lib/
 	$(CP) ./files/* $(1)/
 endef
 
-$(eval $(call BuildPackage,mosquitto-auth-shadow))
+$(eval $(call BuildPackage,mosquitto-auth-plugin))

mosquitto-auth-plugin/src/Makefile

@@ -11,14 +11,14 @@
 #   Erik Karlsson - initial implementation
 #
 
-TARGETS = mosquitto_auth_shadow.so
+TARGETS = mosquitto_auth_plugin.so
 
 all: $(TARGETS)
 
 %.pic.o: %.c
 	$(CC) $(CFLAGS) -Wall -Werror -fPIC -c -o $@ $<
 
-mosquitto_auth_shadow.so: mosquitto_auth_shadow.pic.o
+mosquitto_auth_plugin.so: mosquitto_auth_plugin.pic.o
 	$(CC) $(LDFLAGS) -shared -o $@ $^ $(if $(filter -DENABLE_PAM_SUPPORT,$(CFLAGS)),-lpam)
 
 clean:

mosquitto-auth-plugin/src/mosquitto_auth_plugin.c

@@ -0,0 +1,670 @@
+/*
+ * Copyright (c) 2022 Genexis B.V.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *   Erik Karlsson - initial implementation
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <string.h>
+#include <shadow.h>
+#include <crypt.h>
+#include <stdlib.h>
+#include <arpa/inet.h>
+#include <mosquitto.h>
+#include <mosquitto_broker.h>
+#include <mosquitto_plugin.h>
+
+#ifdef ENABLE_PAM_SUPPORT
+#include <security/pam_appl.h>
+#endif
+
+#define MAX_USERS 256
+#define MAX_SUBNETS_PER_USER 32
+
+typedef struct {
+	union {
+		uint32_t ipv4_network;
+		uint8_t ipv6_network[16];
+	};
+	union {
+		uint32_t ipv4_netmask;
+		uint8_t ipv6_netmask[16];
+	};
+	int is_ipv6;
+} subnet_t;
+
+typedef struct {
+	char username[64];
+	subnet_t allow_subnets[MAX_SUBNETS_PER_USER];
+	int allow_count;
+	subnet_t deny_subnets[MAX_SUBNETS_PER_USER];
+	int deny_count;
+} user_acl_t;
+
+typedef struct {
+	user_acl_t users[MAX_USERS];
+	int user_count;
+	mosquitto_plugin_id_t *identifier;
+	char *config_file;
+} plugin_data_t;
+
+/* Parse CIDR notation for IPv4 or IPv6 (e.g., "192.168.1.0/24" or "2001:db8::/32") */
+static int parse_subnet(const char *cidr, subnet_t *subnet)
+{
+	char ip_str[128];
+	char *slash;
+	int prefix_len;
+	struct in_addr addr4;
+	struct in6_addr addr6;
+
+	strncpy(ip_str, cidr, sizeof(ip_str) - 1);
+	ip_str[sizeof(ip_str) - 1] = '\0';
+
+	slash = strchr(ip_str, '/');
+	if (slash != NULL) {
+		*slash = '\0';
+		prefix_len = atoi(slash + 1);
+	}
+
+	/* Try IPv4 first */
+	if (inet_pton(AF_INET, ip_str, &addr4) == 1) {
+		subnet->is_ipv6 = 0;
+		if (slash == NULL)
+			prefix_len = 32;
+		if (prefix_len < 0 || prefix_len > 32)
+			return -1;
+
+		subnet->ipv4_network = ntohl(addr4.s_addr);
+		subnet->ipv4_netmask = prefix_len == 0 ? 0 : (~0U << (32 - prefix_len));
+		subnet->ipv4_network &= subnet->ipv4_netmask;
+		return 0;
+	}
+
+	/* Try IPv6 */
+	if (inet_pton(AF_INET6, ip_str, &addr6) == 1) {
+		subnet->is_ipv6 = 1;
+		if (slash == NULL)
+			prefix_len = 128;
+		if (prefix_len < 0 || prefix_len > 128)
+			return -1;
+
+		/* Copy network address */
+		memcpy(subnet->ipv6_network, addr6.s6_addr, 16);
+
+		/* Generate netmask */
+		memset(subnet->ipv6_netmask, 0, 16);
+		for (int i = 0; i < prefix_len / 8; i++)
+			subnet->ipv6_netmask[i] = 0xff;
+		if (prefix_len % 8)
+			subnet->ipv6_netmask[prefix_len / 8] = ~((1 << (8 - (prefix_len % 8))) - 1);
+
+		/* Apply netmask to network address */
+		for (int i = 0; i < 16; i++)
+			subnet->ipv6_network[i] &= subnet->ipv6_netmask[i];
+
+		return 0;
+	}
+
+	return -1;
+}
+
+/* Check if IPv4 address is in subnet */
+static int ipv4_in_subnet(uint32_t ip, const subnet_t *subnet)
+{
+	if (subnet->is_ipv6)
+		return 0;
+	return (ip & subnet->ipv4_netmask) == subnet->ipv4_network;
+}
+
+/* Check if IPv6 address is in subnet */
+static int ipv6_in_subnet(const uint8_t *ip, const subnet_t *subnet)
+{
+	if (!subnet->is_ipv6)
+		return 0;
+	for (int i = 0; i < 16; i++) {
+		if ((ip[i] & subnet->ipv6_netmask[i]) != subnet->ipv6_network[i])
+			return 0;
+	}
+	return 1;
+}
+
+/* Check if IP is in any subnet in the list */
+static int ip_in_subnet_list(const char *client_address, const subnet_t *subnets, int count)
+{
+	struct in_addr addr4;
+	struct in6_addr addr6;
+	uint32_t ipv4;
+
+	/* Try IPv4 */
+	if (inet_pton(AF_INET, client_address, &addr4) == 1) {
+		ipv4 = ntohl(addr4.s_addr);
+		for (int i = 0; i < count; i++) {
+			if (ipv4_in_subnet(ipv4, &subnets[i]))
+				return 1;
+		}
+		return 0;
+	}
+
+	/* Try IPv6 */
+	if (inet_pton(AF_INET6, client_address, &addr6) == 1) {
+		for (int i = 0; i < count; i++) {
+			if (ipv6_in_subnet(addr6.s6_addr, &subnets[i]))
+				return 1;
+		}
+		return 0;
+	}
+
+	return 0;
+}
+
+/* Find or create user ACL entry */
+static user_acl_t* find_or_create_user_acl(plugin_data_t *pdata, const char *username)
+{
+	user_acl_t *user;
+
+	/* Find existing user */
+	for (int i = 0; i < pdata->user_count; i++) {
+		if (strcmp(pdata->users[i].username, username) == 0)
+			return &pdata->users[i];
+	}
+
+	/* Create new user if not found */
+	if (pdata->user_count >= MAX_USERS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Max users exceeded");
+		return NULL;
+	}
+
+	user = &pdata->users[pdata->user_count];
+	strncpy(user->username, username, sizeof(user->username) - 1);
+	user->username[sizeof(user->username) - 1] = '\0';
+	user->allow_count = 0;
+	user->deny_count = 0;
+	pdata->user_count++;
+
+	return user;
+}
+
+/* Parse subnet ACL file with simplified format
+ * Format:
+ * # Comment lines
+ * subnet allow <username> <cidr>
+ * subnet deny <username> <cidr>
+ */
+static int load_subnet_acl_config(plugin_data_t *pdata, const char *config_file)
+{
+	FILE *fp;
+	char line[512];
+	int line_num = 0;
+
+	/* Initialize user count */
+	pdata->user_count = 0;
+
+	/* Config file is optional - if not provided, no subnet filtering */
+	if (config_file == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_INFO,
+			"subnet_acl: No subnet ACL file specified, subnet filtering disabled");
+		return 0;
+	}
+
+	/* If config file is specified but cannot be opened, this is a fatal error */
+	fp = fopen(config_file, "r");
+	if (fp == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to open subnet ACL file '%s'", config_file);
+		return -1;
+	}
+
+	while (fgets(line, sizeof(line), fp) != NULL) {
+		char *token, *saveptr;
+		char *action, *username, *cidr;
+		user_acl_t *user;
+		subnet_t subnet;
+
+		line_num++;
+
+		/* Remove newline and comments */
+		line[strcspn(line, "\r\n")] = '\0';
+		char *comment = strchr(line, '#');
+		if (comment)
+			*comment = '\0';
+
+		/* Trim leading whitespace */
+		char *line_start = line;
+		while (*line_start == ' ' || *line_start == '\t')
+			line_start++;
+
+		/* Skip empty lines */
+		if (*line_start == '\0')
+			continue;
+
+		/* Parse: subnet allow|deny <username> <cidr> */
+		token = strtok_r(line_start, " \t", &saveptr);
+		if (token == NULL)
+			continue;
+
+		/* Must start with "subnet" */
+		if (strcmp(token, "subnet") != 0) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Invalid directive '%s' at line %d (expected 'subnet')",
+				token, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Get allow/deny */
+		action = strtok_r(NULL, " \t", &saveptr);
+		if (action == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Missing allow/deny at line %d", line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		if (strcmp(action, "allow") != 0 && strcmp(action, "deny") != 0) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Invalid action '%s' at line %d (use 'allow' or 'deny')",
+				action, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Get username */
+		username = strtok_r(NULL, " \t", &saveptr);
+		if (username == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Missing username at line %d", line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Get CIDR */
+		cidr = strtok_r(NULL, " \t", &saveptr);
+		if (cidr == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Missing CIDR at line %d", line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Parse subnet */
+		if (parse_subnet(cidr, &subnet) != 0) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Invalid CIDR '%s' at line %d", cidr, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Find or create user */
+		user = find_or_create_user_acl(pdata, username);
+		if (user == NULL) {
+			mosquitto_log_printf(MOSQ_LOG_ERR,
+				"subnet_acl: Max users (%d) exceeded at line %d", MAX_USERS, line_num);
+			fclose(fp);
+			return -1;
+		}
+
+		/* Add to appropriate list */
+		if (strcmp(action, "allow") == 0) {
+			if (user->allow_count >= MAX_SUBNETS_PER_USER) {
+				mosquitto_log_printf(MOSQ_LOG_ERR,
+					"subnet_acl: Max allow subnets (%d) exceeded for user '%s' at line %d",
+					MAX_SUBNETS_PER_USER, user->username, line_num);
+				fclose(fp);
+				return -1;
+			}
+			user->allow_subnets[user->allow_count] = subnet;
+			user->allow_count++;
+
+			mosquitto_log_printf(MOSQ_LOG_DEBUG,
+				"subnet_acl: User '%s' allow subnet %s",
+				user->username, cidr);
+
+		} else { /* deny */
+			if (user->deny_count >= MAX_SUBNETS_PER_USER) {
+				mosquitto_log_printf(MOSQ_LOG_ERR,
+					"subnet_acl: Max deny subnets (%d) exceeded for user '%s' at line %d",
+					MAX_SUBNETS_PER_USER, user->username, line_num);
+				fclose(fp);
+				return -1;
+			}
+			user->deny_subnets[user->deny_count] = subnet;
+			user->deny_count++;
+
+			mosquitto_log_printf(MOSQ_LOG_DEBUG,
+				"subnet_acl: User '%s' deny subnet %s",
+				user->username, cidr);
+		}
+	}
+
+	fclose(fp);
+
+	/* Log summary */
+	for (int i = 0; i < pdata->user_count; i++) {
+		user_acl_t *user = &pdata->users[i];
+		if (user->allow_count > 0 || user->deny_count > 0) {
+			mosquitto_log_printf(MOSQ_LOG_INFO,
+				"subnet_acl: User '%s' has %d allow and %d deny subnet rules",
+				user->username, user->allow_count, user->deny_count);
+		}
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Loaded subnet restrictions for %d user(s)", pdata->user_count);
+
+	return 0;
+}
+
+/* Find user ACL entry */
+static const user_acl_t* find_user_acl(const plugin_data_t *pdata, const char *username)
+{
+	for (int i = 0; i < pdata->user_count; i++) {
+		if (strcmp(pdata->users[i].username, username) == 0)
+			return &pdata->users[i];
+	}
+	return NULL;
+}
+
+/* Check subnet access on authentication (connection time)
+ * Returns: MOSQ_ERR_SUCCESS if allowed, MOSQ_ERR_AUTH if denied
+ */
+static int check_subnet_on_auth(plugin_data_t *pdata, struct mosquitto_evt_basic_auth *ed)
+{
+	const user_acl_t *user_acl;
+	const char *client_address;
+
+	/* Skip if no subnet config loaded */
+	if (pdata == NULL || pdata->user_count == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	/* Skip anonymous users */
+	if (ed->username == NULL)
+		return MOSQ_ERR_SUCCESS;
+
+	/* Find user's subnet ACL */
+	user_acl = find_user_acl(pdata, ed->username);
+
+	/* If user not in config or has no subnet rules, allow */
+	if (user_acl == NULL || (user_acl->allow_count == 0 && user_acl->deny_count == 0))
+		return MOSQ_ERR_SUCCESS;
+
+	/* Get client IP address */
+	client_address = mosquitto_client_address(ed->client);
+	if (client_address == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_WARNING,
+			"subnet_acl: Could not get client address for user '%s', denying connection",
+			ed->username);
+		return MOSQ_ERR_AUTH;
+	}
+
+	/* Check deny list first - deny takes precedence */
+	if (user_acl->deny_count > 0) {
+		if (ip_in_subnet_list(client_address, user_acl->deny_subnets, user_acl->deny_count)) {
+			mosquitto_log_printf(MOSQ_LOG_NOTICE,
+				"subnet_acl: User '%s' from %s DENIED by deny rule",
+				ed->username, client_address);
+			return MOSQ_ERR_AUTH;
+		}
+	}
+
+	/* If there are allow rules, IP must match one of them */
+	if (user_acl->allow_count > 0) {
+		if (ip_in_subnet_list(client_address, user_acl->allow_subnets, user_acl->allow_count)) {
+			mosquitto_log_printf(MOSQ_LOG_DEBUG,
+				"subnet_acl: User '%s' from %s allowed by allow rule",
+				ed->username, client_address);
+			return MOSQ_ERR_SUCCESS;
+		} else {
+			mosquitto_log_printf(MOSQ_LOG_NOTICE,
+				"subnet_acl: User '%s' from %s DENIED (not in allowed subnets)",
+				ed->username, client_address);
+			return MOSQ_ERR_AUTH;
+		}
+	}
+
+	/* No subnet rules for this user - allow */
+	return MOSQ_ERR_SUCCESS;
+}
+
+#ifdef ENABLE_PAM_SUPPORT
+static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
+{
+	int i;
+	const char *pass = (const char *)appdata_ptr;
+
+	*resp = calloc(num_msg, sizeof(struct pam_response));
+	if (*resp == NULL) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
+		return PAM_BUF_ERR;
+	}
+
+	if (pass == NULL)
+		return PAM_SUCCESS;
+
+	for (i = 0; i < num_msg; ++i) {
+		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+			(*resp)[i].resp = strdup(pass);
+			if ((*resp)[i].resp == NULL) {
+				for (int j = 0; j < i ; j++)
+					free((*resp)[j].resp);
+
+				free(*resp);
+				*resp = NULL;
+				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
+				return PAM_BUF_ERR;
+			}
+		}
+	}
+	return PAM_SUCCESS;
+}
+
+static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct pam_conv conv;
+	int retval;
+	pam_handle_t *pamh = NULL;
+
+	conv.conv = pam_conversation;
+	conv.appdata_ptr = (void *)ed->password;
+
+	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
+	if (retval != PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
+		return MOSQ_ERR_AUTH;
+	}
+
+	retval = pam_authenticate(pamh, 0);
+	pam_end(pamh, retval);
+	if (retval == PAM_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
+		return MOSQ_ERR_SUCCESS;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
+	return MOSQ_ERR_AUTH;
+}
+#else
+static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
+{
+	struct spwd spbuf, *sp = NULL;
+	char buf[256];
+	struct crypt_data data;
+	char *hash;
+
+	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
+
+	if (sp == NULL || sp->sp_pwdp == NULL)
+		return MOSQ_ERR_AUTH;
+
+	/* Empty string as hash means password is not required */
+	if (sp->sp_pwdp[0] == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	if (ed->password == NULL)
+		return MOSQ_ERR_AUTH;
+
+	memset(&data, 0, sizeof(data));
+	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
+
+	if (hash == NULL)
+		return MOSQ_ERR_AUTH;
+
+	if (strcmp(hash, sp->sp_pwdp) == 0)
+		return MOSQ_ERR_SUCCESS;
+
+	return MOSQ_ERR_AUTH;
+}
+#endif
+
+static int basic_auth_callback(int event, void *event_data, void *userdata)
+{
+	struct mosquitto_evt_basic_auth *ed = event_data;
+	plugin_data_t *pdata = userdata;
+	int auth_result;
+
+	/* Let other plugins or broker decide about anonymous login */
+	if (ed->username == NULL)
+		return MOSQ_ERR_PLUGIN_DEFER;
+
+	/* First check username/password authentication */
+#ifdef ENABLE_PAM_SUPPORT
+	auth_result = process_pam_auth_callback(ed);
+#else
+	auth_result = process_shadow_auth_callback(ed);
+#endif
+
+	/* If authentication failed, reject immediately */
+	if (auth_result != MOSQ_ERR_SUCCESS)
+		return auth_result;
+
+	/* Authentication succeeded, now check subnet restrictions */
+	return check_subnet_on_auth(pdata, ed);
+}
+
+static int reload_callback(int event, void *event_data, void *userdata)
+{
+	plugin_data_t *pdata = userdata;
+
+	if (pdata == NULL)
+		return MOSQ_ERR_SUCCESS;
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Reloading subnet ACL configuration from '%s'",
+		pdata->config_file ? pdata->config_file : "(none)");
+
+	/* Reload subnet ACL configuration */
+	if (load_subnet_acl_config(pdata, pdata->config_file) != 0) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to reload subnet ACL configuration, keeping old config");
+		return MOSQ_ERR_UNKNOWN;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_NOTICE,
+		"subnet_acl: Reload complete, now tracking %d user(s)", pdata->user_count);
+
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_plugin_version(int supported_version_count,
+			     const int *supported_versions)
+{
+	return 5;
+}
+
+int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
+			  void **user_data,
+			  struct mosquitto_opt *opts, int opt_count)
+{
+	plugin_data_t *pdata;
+	const char *config_file = NULL;
+	int rc;
+
+	/* Find subnet config file option */
+	for (int i = 0; i < opt_count; i++) {
+		if (strcmp(opts[i].key, "subnet_acl_file") == 0) {
+			config_file = opts[i].value;
+			break;
+		}
+	}
+
+	pdata = calloc(1, sizeof(plugin_data_t));
+	if (pdata == NULL)
+		return MOSQ_ERR_NOMEM;
+
+	pdata->identifier = identifier;
+
+	/* Store config file path for reload */
+	if (config_file != NULL) {
+		pdata->config_file = strdup(config_file);
+		if (pdata->config_file == NULL) {
+			free(pdata);
+			return MOSQ_ERR_NOMEM;
+		}
+	} else {
+		pdata->config_file = NULL;
+	}
+
+	/* Load subnet ACL configuration */
+	if (load_subnet_acl_config(pdata, config_file) != 0) {
+		free(pdata->config_file);
+		free(pdata);
+		return MOSQ_ERR_UNKNOWN;
+	}
+
+	/* Register authentication callback only - subnet check is done during auth */
+	rc = mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
+	                                 basic_auth_callback, NULL, pdata);
+	if (rc != MOSQ_ERR_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to register authentication callback");
+		free(pdata->config_file);
+		free(pdata);
+		return rc;
+	}
+
+	/* Register reload callback to handle SIGHUP */
+	rc = mosquitto_callback_register(identifier, MOSQ_EVT_RELOAD,
+	                                 reload_callback, NULL, pdata);
+	if (rc != MOSQ_ERR_SUCCESS) {
+		mosquitto_log_printf(MOSQ_LOG_ERR,
+			"subnet_acl: Failed to register reload callback");
+		mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
+		                              basic_auth_callback, NULL);
+		free(pdata->config_file);
+		free(pdata);
+		return rc;
+	}
+
+	mosquitto_log_printf(MOSQ_LOG_INFO,
+		"subnet_acl: Plugin initialized with %d user(s)", pdata->user_count);
+
+	/* Only assign user_data after all possible error paths */
+	*user_data = pdata;
+
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_plugin_cleanup(void *user_data,
+			     struct mosquitto_opt *opts, int opt_count)
+{
+	plugin_data_t *pdata = user_data;
+
+	if (pdata) {
+		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_BASIC_AUTH,
+		                              basic_auth_callback, NULL);
+		mosquitto_callback_unregister(pdata->identifier, MOSQ_EVT_RELOAD,
+		                              reload_callback, NULL);
+		free(pdata->config_file);
+		free(pdata);
+	}
+
+	return MOSQ_ERR_SUCCESS;
+}

mosquitto-auth-shadow/src/mosquitto_auth_shadow.c

@@ -1,153 +0,0 @@
-/*
- * Copyright (c) 2022 Genexis B.V.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- *   Erik Karlsson - initial implementation
- */
-
-#define _GNU_SOURCE
-#include <string.h>
-#include <shadow.h>
-#include <crypt.h>
-#include <stdlib.h>
-#include <mosquitto.h>
-#include <mosquitto_broker.h>
-#include <mosquitto_plugin.h>
-
-#ifdef ENABLE_PAM_SUPPORT
-#include <security/pam_appl.h>
-
-static int pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
-{
-	int i;
-	const char *pass = (const char *)appdata_ptr;
-
-	*resp = calloc(num_msg, sizeof(struct pam_response));
-	if (*resp == NULL) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed to allocate buffer for validation");
-		return PAM_BUF_ERR;
-	}
-
-	if (pass == NULL)
-		return PAM_SUCCESS;
-
-	for (i = 0; i < num_msg; ++i) {
-		if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
-			(*resp)[i].resp = strdup(pass);
-			if ((*resp)[i].resp == NULL) {
-				for (int j = 0; j < i ; j++)
-					free((*resp)[j].resp);
-
-				free(*resp);
-				*resp = NULL;
-				mosquitto_log_printf(MOSQ_LOG_ERR, "pam failed in strdup");
-				return PAM_BUF_ERR;
-			}
-		}
-	}
-	return PAM_SUCCESS;
-}
-
-static int process_pam_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct pam_conv conv;
-	int retval;
-	pam_handle_t *pamh = NULL;
-
-	conv.conv = pam_conversation;
-	conv.appdata_ptr = (void *)ed->password;
-
-	retval = pam_start("mosquitto", ed->username, &conv, &pamh);
-	if (retval != PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_ERR, "pam start failed: %s", pam_strerror(pamh, retval));
-		return MOSQ_ERR_AUTH;
-	}
-
-	retval = pam_authenticate(pamh, 0);
-	pam_end(pamh, retval);
-	if (retval == PAM_SUCCESS) {
-		mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] logged in", ed->username);
-		return MOSQ_ERR_SUCCESS;
-	}
-
-	mosquitto_log_printf(MOSQ_LOG_NOTICE, "pam user [%s] failed authentication, err [%s]", ed->username, pam_strerror(pamh, retval));
-	return MOSQ_ERR_AUTH;
-}
-#else
-static int process_shadow_auth_callback(struct mosquitto_evt_basic_auth *ed)
-{
-	struct spwd spbuf, *sp = NULL;
-	char buf[256];
-	struct crypt_data data;
-	char *hash;
-
-	getspnam_r(ed->username, &spbuf, buf, sizeof(buf), &sp);
-
-	if (sp == NULL || sp->sp_pwdp == NULL)
-		return MOSQ_ERR_AUTH;
-
-	/* Empty string as hash means password is not required */
-	if (sp->sp_pwdp[0] == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	if (ed->password == NULL)
-		return MOSQ_ERR_AUTH;
-
-	memset(&data, 0, sizeof(data));
-	hash = crypt_r(ed->password, sp->sp_pwdp, &data);
-
-	if (hash == NULL)
-		return MOSQ_ERR_AUTH;
-
-	if (strcmp(hash, sp->sp_pwdp) == 0)
-		return MOSQ_ERR_SUCCESS;
-
-	return MOSQ_ERR_AUTH;
-}
-#endif
-
-static int basic_auth_callback(int event, void *event_data, void *userdata)
-{
-	struct mosquitto_evt_basic_auth *ed = event_data;
-
-	/* Let other plugins or broker decide about anonymous login */
-	if (ed->username == NULL)
-		return MOSQ_ERR_PLUGIN_DEFER;
-
-#ifdef ENABLE_PAM_SUPPORT
-	return process_pam_auth_callback(ed);
-#else
-	return process_shadow_auth_callback(ed);
-#endif
-}
-
-int mosquitto_plugin_version(int supported_version_count,
-			     const int *supported_versions)
-{
-	return 5;
-}
-
-int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier,
-			  void **user_data,
-			  struct mosquitto_opt *opts, int opt_count)
-{
-	*user_data = identifier;
-
-	return mosquitto_callback_register(identifier, MOSQ_EVT_BASIC_AUTH,
-					   basic_auth_callback, NULL, NULL);
-}
-
-int mosquitto_plugin_cleanup(void *user_data,
-			     struct mosquitto_opt *opts, int opt_count)
-{
-	mosquitto_plugin_id_t *identifier = user_data;
-
-	return mosquitto_callback_unregister(identifier, MOSQ_EVT_BASIC_AUTH,
-					     basic_auth_callback, NULL);
-}

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.5
+PKG_VERSION:=1.1.11
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only
@@ -18,6 +18,7 @@ include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 define Package/netmode
   CATEGORY:=Utilities
   TITLE:=Network Modes and Utils
+  DEPENDS:=+dm-service
 endef
 
 define Package/netmode/description

netmode/files/etc/config/netmode

@@ -1,2 +1,2 @@
 config netmode global
-	option enabled 0
+	option enabled 1

netmode/files/etc/init.d/netmode

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=10
+START=11
 USE_PROCD=1
 
 . /lib/functions.sh
@@ -117,6 +117,7 @@ start_service() {
 	config_get_bool enabled global enabled '0'
 	[ $enabled -eq 0 ] && return
 
+	[ -d $MODEDIR ] || mkdir -p $MODEDIR
 	# Get the desired netmode from config
 	config_get mode global mode ""
 	# Check if netmode is set as boot environment parameter
@@ -127,9 +128,12 @@ start_service() {
 	# Get the last saved mode
 	lastmode="$(cat $MODEDIR/.last_mode 2>/dev/null)"
 	# Return if desired mode is same as last saved mode
-	[ "$mode" == "$lastmode" ] && return
+	if [ "$mode" = "$lastmode" ]; then
+		_log "Not switching mode[${mode}], lastmode[${lastmode}]"
+		return
+	fi
 
-	_log "Switching to [${mode}] Mode" >/dev/console
+	_log "Switching to [${mode}] Mode"
 
 	# Configure env variables
 	configure_env_vars ${mode}
@@ -147,20 +151,19 @@ start_service() {
 
 	# Execute mode specific scripts
 	if [ -d $MODEDIR/$mode/scripts ]; then
-		_log "Executing $MODEDIR/$mode/scripts/* scripts"
 		for script in $(ls $MODEDIR/$mode/scripts/); do
+			_log "Executing [${mode}], script [${script}]"
 			sh $MODEDIR/$mode/scripts/$script
 		done
 	fi
 
+	# Save mode as last mode
+	echo "$mode" > $MODEDIR/.last_mode
+	_log "Switching to Mode [${mode}] done, last mode updated"
+
 	# Execute netmode generic post-mode-switch scripts
 	libnetmode_exec "post"
 	cleanup_env_vars "${mode}"
-
-	# Save mode as last mode
-	[ -d $MODEDIR ] || mkdir -p $MODEDIR
-	echo "$mode" > $MODEDIR/.last_mode
-	_log "Switching to Mode [${mode}] done, last mode updated" >/dev/console
 }
 
 service_triggers()

netmode/files/etc/netmodes/bridged/scripts/10-bridged

@@ -61,8 +61,8 @@ l2_network_config() {
 	uci -q set network.lan6.device='@lan'
 	uci -q set network.lan6.reqprefix='no'
 
-	uci -q set network.wan.disabled='1'
-	uci -q set network.wan6.disabled='1'
+	uci -q delete network.wan
+	uci -q delete network.wan6
 
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
@@ -116,12 +116,3 @@ l2_network_config() {
 
 l2_network_config
 l2_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd stop 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -43,22 +43,31 @@ l3_network_config() {
 	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6=interface
-	uci -q set network.wan6.proto='dhcpv6'
+	uci -q set network.wan6.proto="dhcpv6"
 	uci -q delete network.wan6.disabled
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
 
-		wandev="$wandev.$NETMODE_vlanid"
+	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
+
+		wandev="$vlandev"
 	fi
 
 	uci -q set network.wan.device="$wandev"
 	uci -q set network.wan6.device="$wandev"
 
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
+
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
 		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
@@ -117,12 +126,3 @@ l3_network_config() {
 
 l3_network_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -42,20 +42,28 @@ l3_network_pppoe_config() {
 	uci -q delete network.wan.gateway
 	uci -q delete network.wan.netmask
 
-	uci -q set network.wan6.disabled='1'
+	uci -q delete network.wan6
+
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
 
 	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
 
-		wandev="$wandev.$NETMODE_vlanid"
+		wandev="$vlandev"
 	fi
 
 	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
+
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
 
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
@@ -115,12 +123,3 @@ l3_network_pppoe_config() {
 
 l3_network_pppoe_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -43,20 +43,28 @@ l3_network_config() {
 	uci -q delete network.wan.username
 	uci -q delete network.wan.password
 
-	uci -q set network.wan6.disabled='1'
+	uci -q delete network.wan6
+
+	# Delete all VLAN sections; new ones will be created in next function if required
+	for vlandev_sec in $(uci show network | grep "type=.*8021q" | cut -d'.' -f1,2); do
+		uci -q delete $vlandev_sec
+	done
 
 	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
+		vlandev="$wandev.$NETMODE_vlanid"
+		vlandev_sec=$(echo $vlandev | tr '.' '_')
+		uci -q set network.${vlandev_sec}=device
+		uci -q set network.${vlandev_sec}.type="8021q"
+		uci -q set network.${vlandev_sec}.name="$vlandev"
+		uci -q set network.${vlandev_sec}.ifname="$wandev"
+		uci -q set network.${vlandev_sec}.vid=$NETMODE_vlanid
 
-		wandev="$wandev.$NETMODE_vlanid"
+		wandev="$vlandev"
 	fi
 
 	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
+
+	uci -q set network.WAN.mtu="$NETMODE_mtu"
 
 	uci -q delete network.wan.dns
 	if [ -n "$NETMODE_dns_servers" ]; then
@@ -116,12 +124,3 @@ l3_network_config() {
 
 l3_network_config
 l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/supported_modes.json

@@ -43,6 +43,12 @@
           "required": false,
           "type": "integer"
         },
+        {
+          "name": "mtu",
+          "description": "MTU",
+          "required": false,
+          "type": "integer"
+        },
         {
           "name": "dns_servers",
           "description": "DNS Servers",

netmode/files/etc/uci-defaults/40_netmode_set_default_netmode

@@ -1,16 +1,45 @@
 #!/bin/sh
 
 enabled="$(uci -q get netmode.global.enabled)"
-[ "$enabled" == "1" ] || exit 0
+if [ "$enabled" != "1" ]; then
+	exit 0
+fi
+
+opconf_file="/opconf/opconf.json"
+[ -f $opconf_file ] || opconf_file="/usr_data/opconf/opconf.json"
+
+# Check if netmode getting provisioned from opconf, in case of opconf
+# provisioning, mode setting not required
+mode="$(jsonfilter -i $opconf_file -e @.netmode.mode 2>/dev/null)"
+if [ -n "${mode}" ]; then
+	exit 0
+fi
+
+# Check if opconf has wan provisioning enabled, if yes, get the proto/mode from opconf
+proto="$(jsonfilter -i $opconf_file -e '@.network.wan[@.name="wan"].proto' 2>/dev/null)"
+if [ -n "${proto}" ]; then
+	mode="routed-${proto}"
+	uci -q set netmode.global.mode="${mode}"
+	echo "${mode}" > /etc/netmodes/.last_mode
+	exit 0
+fi
 
 mode="$(uci -q get netmode.global.mode)"
-[ -n "$mode" ] && exit 0
+wanproto=$(uci -q get network.wan.proto)
 
-[ -f /etc/netmodes/supported_modes.json ] || exit 0
+if [ -n "$mode" ]; then
+	# check if wanproto and mode aligned
+	if [ "${mode}" = "routed-${wanproto}" ]; then
+		exit 0
+	fi
+fi
+
+if [ ! -f "/etc/netmodes/supported_modes.json" ]; then
+	exit 0
+fi
 
 # NetMode is enabled without a Mode being set
 # Figure out the current mode from network config
-wanproto=$(uci -q get network.wan.proto)
 curmode=""
 case "$wanproto" in
 	dhcp) curmode="routed-dhcp" ;;
@@ -20,10 +49,12 @@ esac
 
 found=0
 for md in $(jsonfilter -i /etc/netmodes/supported_modes.json -e "@.supported_modes.*.name"); do
-	[ "$md" == "$curmode" ] && found=1
+	[ "$md" = "$curmode" ] && found=1
 done
 
 if [ $found -eq 1 ]; then
 	uci -q set netmode.global.mode="$curmode"
 	echo "$curmode" > /etc/netmodes/.last_mode
+else
+	exit 1
 fi

netmode/files/lib/netmode/post/datamodel_init.sh

@@ -1,25 +1,17 @@
 #!/bin/sh
 
-# This script is to cleanup dmmap and restart datamodel related services
-# when wan mode changes
-
-if [ -d "/etc/bbfdm/dmmap/" ]; then
-	rm -rf /etc/bbfdm/dmmap/*
-fi
-
-# If device is booting up, no need to restart services
 if [ ! -f /var/run/boot_complete ]; then
-	return 0
+	exit 0
 fi
 
-if [ -x "/etc/init.d/bbfdm.services" ]; then
-	/etc/init.d/bbfdm.services restart
+if [ -f /etc/bbfdm/dmmap/dmmap_ppp ]; then
+	rm -f /etc/bbfdm/dmmap/dmmap_ppp
 fi
 
-if [ -x "/etc/init.d/bbfdmd" ]; then
-	/etc/init.d/bbfdmd restart
+if [ -f /etc/bbfdm/dmmap/dmmap_network ]; then
+	rm -f /etc/bbfdm/dmmap/dmmap_network*
 fi
 
-if [ -x "/etc/init.d/obuspa" ]; then
-	/etc/init.d/obuspa restart
-fi
+sleep 5
+
+reboot -f

netmode/files/lib/upgrade/keep.d/netmode

@@ -0,0 +1 @@
+/etc/netmodes/.last_mode

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.0.17
+PKG_VERSION:=10.0.0.22
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=8f0f8cfc2c4048bfed674163030d0b06f96f2da1
+PKG_SOURCE_VERSION:=12991107039ee685fcd1000bb2649dd1c4b344ff
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

obuspa/files/etc/init.d/obuspa

@@ -649,6 +649,11 @@ configure_obuspa() {
 		if [ -f "${trust_cert}" ]; then
 			procd_append_param command -t "${trust_cert}"
 		fi
+	else
+		# Use default CA, if trust store not defined
+		if [ -f "/etc/ssl/cert.pem" ]; then
+			procd_append_param command -t "/etc/ssl/cert.pem"
+		fi
 	fi
 
 	if [ -n "${client_cert}" ]; then
@@ -667,7 +672,7 @@ db_init()
 	reason="${1}"
 	# remove usp.db, in case of reload
 	if [ -f "${OBUSPA_BOOT_MARKER}" ] && [ "${reason}" = "update" ]; then
-		log "Deleting ${OBUSPA_BOOT_MARKER} to enforce values from uci ...."
+		log "Deleting ${OBUSPA_BOOT_MARKER} in order to enforce values from UCI..."
 		rm -f "${OBUSPA_BOOT_MARKER}"
 	fi
 
@@ -686,7 +691,7 @@ db_init()
 	config_load $CONFIGURATION
 	config_get dualstack_pref global dualstack_pref "IPv6"
 
-	log "Enforce uci values, no boot marker"
+	log "Enforcing UCI values, no boot marker found."
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@@ -715,7 +720,7 @@ start_service() {
 
 	mkdir -p /tmp/obuspa/
 	config_load obuspa
-	config_get_bool enabled global enabled 0
+	config_get_bool enabled global enabled 1
 
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then

obuspa/patches/1000-SecuredRole-bbfdm.patch

@@ -1,176 +0,0 @@
-Index: obuspa-10.0.0.2/src/core/device.h
-===================================================================
---- obuspa-10.0.0.2.orig/src/core/device.h
-+++ obuspa-10.0.0.2/src/core/device.h
-@@ -305,6 +305,8 @@ void DEVICE_CTRUST_ApplyPermissionsToSub
- char *DEVICE_CTRUST_InstSelToPermTarget(int role_index, void *is, int *perm_instance);
- int DEVICE_CTRUST_SetRoleParameter(int instance, char *param_name, char *new_value);
- int DEVICE_CTRUST_SetPermissionParameter(int instance1, int instance2, char *param_name, char *new_value);
-+bool DEVICE_CTRUST_IsControllerSecured(void);
-+
- int DEVICE_REQUEST_Init(void);
- int DEVICE_REQUEST_Add(char *path, char *command_key, int *instance);
- void DEVICE_REQUEST_OperationComplete(int instance, int err_code, char *err_msg, kv_vector_t *output_args);
-Index: obuspa-10.0.0.2/src/core/device_ctrust.c
-===================================================================
---- obuspa-10.0.0.2.orig/src/core/device_ctrust.c
-+++ obuspa-10.0.0.2/src/core/device_ctrust.c
-@@ -235,6 +235,7 @@ credential_t *FindCredentialByCertInstan
- int Get_CredentialRole(dm_req_t *req, char *buf, int len);
- int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
- int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
-+int Validate_SecuredRoles(dm_req_t *req, char *value);
- 
- #ifndef REMOVE_DEVICE_SECURITY
- int InitChallengeTable();
-@@ -354,6 +355,10 @@ int DEVICE_CTRUST_Init(void)
-                         challenge_response_input_args, NUM_ELEM(challenge_response_input_args),
-                         NULL, 0);
- #endif
-+
-+    // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
-+    err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
-+
-     // Exit if any errors occurred
-     if (err != USP_ERR_OK)
-     {
-@@ -2908,3 +2913,139 @@ exit:
-     return err;
- }
- #endif // REMOVE_DEVICE_SECURITY
-+
-+
-+/*********************************************************************//**
-+**
-+** Validate_SecuredRoles
-+**
-+** Validates Device.LocalAgent.ControllerTrust.SecuredRoles
-+** Each list item MUST be the Path Name of a row in the Device.LocalAgent.ControllerTrust.Role table
-+**
-+** \param   req - pointer to structure identifying the parameter
-+** \param   value - value that the controller would like to set the parameter to
-+**
-+** \return  USP_ERR_OK if successful
-+**
-+**************************************************************************/
-+int Validate_SecuredRoles(dm_req_t *req, char *value)
-+{
-+    char *role_path;
-+    char *saveptr;
-+    char *str;
-+    char temp[MAX_DM_PATH];
-+    int role_instance;
-+    int err;
-+
-+    // Empty string is valid
-+    if (*value == '\0')
-+    {
-+        return USP_ERR_OK;
-+    }
-+
-+    // Copy the value as strtok_r modifies the string
-+    USP_STRNCPY(temp, value, sizeof(temp));
-+
-+    // Iterate through comma-separated list
-+    str = temp;
-+    role_path = strtok_r(str, ",", &saveptr);
-+    while (role_path != NULL)
-+    {
-+        // Trim whitespace
-+        role_path = TEXT_UTILS_TrimBuffer(role_path);
-+
-+        // Verify that this path exists in the Role table using DM_ACCESS_ValidateReference
-+        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
-+        if (err != USP_ERR_OK)
-+        {
-+            USP_ERR_SetMessage("%s: Role path '%s' does not exist in Device.LocalAgent.ControllerTrust.Role table", __FUNCTION__, role_path);
-+            return USP_ERR_INVALID_VALUE;
-+        }
-+
-+        role_path = strtok_r(NULL, ",", &saveptr);
-+    }
-+
-+    return USP_ERR_OK;
-+}
-+
-+/*********************************************************************//**
-+**
-+** DEVICE_CTRUST_IsControllerSecured
-+**
-+** Determines whether the specified controller has a secured role
-+**
-+** \param   combined_role - pointer to structure containing the role indexes for this controller
-+**
-+** \return  true if the controller has a secured role, false otherwise
-+**
-+**************************************************************************/
-+bool DEVICE_CTRUST_IsControllerSecured()
-+{
-+    char secured_roles[MAX_DM_PATH];
-+    char *role_path;
-+    char *saveptr;
-+    char *str;
-+    char temp[MAX_DM_PATH];
-+    int err;
-+    role_t *role;
-+    int role_instance;
-+    combined_role_t combined_role;
-+    controller_info_t ci;
-+
-+    // Exit if unable to get the secured roles
-+    err = DATA_MODEL_GetParameterValue("Device.LocalAgent.ControllerTrust.SecuredRoles", secured_roles, sizeof(secured_roles), 0);
-+    if (err != USP_ERR_OK)
-+    {
-+        return false;
-+    }
-+
-+    // Empty string means no secured roles
-+    if (*secured_roles == '\0')
-+    {
-+        return false;
-+    }
-+
-+    MSG_HANDLER_GetControllerInfo(&ci);
-+    if (ci.endpoint_id == NULL)
-+    {
-+        return false;
-+    }
-+    if(strlen(ci.endpoint_id) == 0)
-+    {
-+        return false;
-+    }
-+
-+    MSG_HANDLER_GetMsgRole(&combined_role);
-+    // Copy the value as strtok_r modifies the string
-+    USP_STRNCPY(temp, secured_roles, sizeof(temp));
-+
-+    // Iterate through comma-separated list
-+    str = temp;
-+    role_path = strtok_r(str, ",", &saveptr);
-+    while (role_path != NULL)
-+    {
-+        // Trim whitespace
-+        role_path = TEXT_UTILS_TrimBuffer(role_path);
-+
-+        // Extract the instance number from the role path
-+        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
-+        if (err == USP_ERR_OK)
-+        {
-+            // Find the role in our internal array
-+            role = FindRoleByInstance(role_instance);
-+            if (role != NULL)
-+            {
-+                // Check if this role matches either the inherited or assigned role
-+                if ((role - roles == combined_role.inherited_index) ||
-+                    (role - roles == combined_role.assigned_index))
-+                {
-+                    return true;
-+                }
-+            }
-+        }
-+
-+        role_path = strtok_r(NULL, ",", &saveptr);
-+    }
-+
-+    return false;
-+}

parental-control/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=parental-control
-PKG_VERSION:=1.4.1
+PKG_VERSION:=1.4.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=bd852e8b0a6528893917fb89e2ea27a8920f6280
+PKG_SOURCE_VERSION:=2cada36853091856e3efc2fc630f7cf06aa9c352
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -27,7 +27,7 @@ define Package/parental-control
   CATEGORY:=Utilities
   TITLE:=URL filter
   DEPENDS:=+libuci +libnetfilter-queue +libnfnetlink +iptables-mod-nfqueue +libpthread
-  DEPENDS+=+libubox +ubus +conntrack +libcurl +cmph
+  DEPENDS+=+libubox +ubus +conntrack +libcurl +cmph +libjson-c
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 
@@ -83,18 +83,14 @@ define Package/parental-control/install
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/etc/uci-defaults/35-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
 
-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
-	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/parentalcontrol $(1)/lib/upgrade/keep.d/parentalcontrol
-
 	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol
 
 	$(INSTALL_DATA) ./files/etc/uci-defaults/40-parental_control_update_bundle_path $(1)/etc/uci-defaults/
 ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_add_bundles $(1)/etc/uci-defaults/
-	$(CP) ./files/urlbundle_override.json $(1)/etc/parentalcontrol/
+	$(INSTALL_DATA) ./files/etc/parentalcontrol/url_bundles.json $(1)/etc/parentalcontrol/
+	$(INSTALL_DATA) ./files/etc/parentalcontrol/urlbundle_override.json $(1)/etc/parentalcontrol/
 else
 	$(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/urlbundle_override.json $(1) parentalcontrol
-	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_disable_urlfilter $(1)/etc/uci-defaults/
 endif
 endef
 

parental-control/files/etc/config/parentalcontrol

@@ -1,3 +1,4 @@
 config globals 'globals'
     option enable '1'
     option loglevel '3'
+    option urlfilter '0'

parental-control/files/etc/parentalcontrol/url_bundles.json

@@ -0,0 +1,76 @@
+{
+    "urlBundles": [
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt",
+            "name": "Abuse"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt",
+            "name": "Ads"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt",
+            "name": "Crypto"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt",
+            "name": "Drugs"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt",
+            "name": "Everything else"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt",
+            "name": "Facebook/Instagram"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt",
+            "name": "Fraud"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt",
+            "name": "Gambling"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt",
+            "name": "Malware"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt",
+            "name": "Phishing"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt",
+            "name": "Piracy"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt",
+            "name": "Porn"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt",
+            "name": "Ransomware"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt",
+            "name": "Redirect"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt",
+            "name": "Scam"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt",
+            "name": "TikTok"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt",
+            "name": "Torrent"
+        },
+        {
+            "url": "https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt",
+            "name": "Tracking"
+        }
+    ]
+}

parental-control/files/etc/uci-defaults/40-parental_control_update_bundle_path

@@ -25,14 +25,6 @@ check_mounted_app_partition() {
 
 if check_mounted_app_partition; then
 	uci -q set parentalcontrol.globals.bundle_path="${APPS_DIR}/parentalcontrol"
-
-	# configure the urlfilter if not configured
-	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
-	if [ -z "${urlfilter}" ]; then
-		uci -q set parentalcontrol.globals.urlfilter='1'
-	fi
-else
-	uci -q set parentalcontrol.globals.urlfilter='0'
 fi
 
 exit 0

parental-control/files/etc/uci-defaults/50-parental_control_add_bundles

@@ -1,43 +0,0 @@
-#!/bin/sh
-
-[ ! -f "/etc/config/parentalcontrol" ] && exit 0
-
-COUNT=1
-
-add_urlbundle()
-{
-	local name url
-
-	url="${1}"; shift
-	name="$*"
-
-	uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle
-	uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}"
-	uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}"
-
-	COUNT="$((COUNT+1))"
-}
-
-urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
-if [ "${urlfilter}" -eq "1" ]; then
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse"
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads"
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto"
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs"
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else"
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking'
-fi
-
-exit 0

parental-control/files/etc/uci-defaults/50-parental_control_disable_urlfilter

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-[ ! -f "/etc/config/parentalcontrol" ] && exit 0
-
-uci -q set parentalcontrol.globals.urlfilter='0'
-
-_delete_urlbundle() {
-	uci_remove parentalcontrol "${1}"
-}
-
-config_load "parentalcontrol"
-config_foreach _delete_urlbundle urlbundle

parental-control/files/lib/parentalcontrol/parentalcontrol.sh

@@ -311,31 +311,6 @@ handle_schedule() {
 	generate_ip_rule "$utc_start_relative_day" "$utc_end_relative_day" "$utc_start_time" "$utc_stop_time" "$target"
 }
 
-# Function that parses input for MAC addresses or hostnames
-parse_macs_or_hostnames() {
-	local input="$1"
-	local lease_file="/tmp/dhcp.leases"
-
-	[ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases"
-	[ -f "$lease_file" ] || { log "Error: No DHCP lease file found."; return 1; }
-
-	for item in $input; do
-		case "$item" in
-			??:??:??:??:??:??)
-				# It's a MAC address, print it as is
-				echo "$item"
-				;;
-			*)
-				# Assume it's a hostname and search for its MAC address in the leases file
-				mac=$(awk -v hostname="$item" '$4 == hostname {print $2}' "$lease_file")
-				if [ -n "$mac" ]; then
-					echo "$mac"
-				fi
-				;;
-		esac
-	done
-}
-
 handle_bedtime() {
 	local mac_addresses="$1"
 	local mac
@@ -370,38 +345,61 @@ handle_internet_break() {
 	done
 }
 
+parse_macs() {
+	local maclist="$1"
+	local m mac
+
+	for m in $maclist; do
+		# trim whitespace
+		mac="$(echo "$m" | tr -d ' \t\r\n')"
+
+		# validate format
+		if echo "$mac" | grep -qE '^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$'; then
+			echo "$mac"
+		else
+			log "parse_macs(): Invalid MAC in mac list: '$mac'"
+		fi
+	done
+}
+
 handle_profile() {
 	local profile_section="$1"
-	local internet_break_enable bedtime_enable hostlist
+	local internet_break_enable bedtime_enable hostlist maclist
 
-	config_get hostlist "$profile_section" "host"
+        config_get_bool internet_break_enable "$profile_section" "internet_break_enable" 0
+        config_get_bool bedtime_enable "$profile_section" "bedtime_enable" 0
 
-	if [ -z "$hostlist" ]; then
+        if [ $internet_break_enable -eq 0 ] && [ $bedtime_enable -eq 0 ]; then
 		return
 	fi
 
-	ACCESS_RULE=""
+        config_get hostlist "$profile_section" "host"
+        config_get maclist  "$profile_section" "mac"
 
-	# convert hostnames to mac addresses if needed
-	# and replace newlines with space because it messes up the for loops in
-	# handle_internet_break and handle_bedtime functions
-	local mac_addresses="$(parse_macs_or_hostnames "${hostlist}" | tr '\n' ' ')"
+        # If both lists are empty, nothing to do
+        if [ -z "$hostlist" ] && [ -z "$maclist" ]; then
+                return
+        fi
 
-	# default value of Hosts.AccessControl.{i}.Enable is false,
-	# so, if not defined in uci as 1, assume 0
-	config_get_bool internet_break_enable "$profile_section" "internet_break_enable" 0
-	if [ $internet_break_enable -gt 0 ]; then
-		handle_internet_break "${mac_addresses}"
-		# handle_internet_break may have loaded schedules uci
-		# so, reload parentalcontrol
-		config_load "parentalcontrol"
-	fi
+        ACCESS_RULE=""
 
-	config_get_bool bedtime_enable "$profile_section" "bedtime_enable" 0
-	if [ $bedtime_enable -gt 0 ]; then
-		handle_bedtime "${mac_addresses}"
-	fi
+	# both uci options contain mac addresses
+	# one is given directly by the user
+	# other is resolved by the data model from Hosts.Host object
+        local mac_addresses="$(parse_macs "${hostlist} ${maclist}" | awk '{ if (NF && !seen[$0]++) { print $0 } }' | tr '\n' ' ')"
 
+        # default value of Hosts.AccessControl.{i}.Enable is false,
+        # so, if not defined in uci as 1, assume 0
+        if [ $internet_break_enable -gt 0 ]; then
+                handle_internet_break "${mac_addresses}"
+                # handle_internet_break may have loaded schedules uci
+                # so, reload parentalcontrol
+                config_load "parentalcontrol"
+        fi
+
+        if [ $bedtime_enable -gt 0 ]; then
+                handle_bedtime "${mac_addresses}"
+        fi
 }
 
 add_internet_schedule_rules() {
@@ -567,38 +565,44 @@ remove_internet_schedule_rules() {
 	fi
 }
 
+get_host_ip_from_mac() {
+	local mac="$1"
+	local ip=""
+
+	# Validate MAC format
+	if ! echo "$mac" | grep -qE '^([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}$'; then
+		log "get_host_ip_from_mac(): Invalid MAC address format '$mac'"
+		return 1
+	fi
+
+	# Try to find IP from ARP table
+	ip="$(cat /proc/net/arp | awk -v mac="$mac" 'tolower($4) == tolower(mac) {print $1; exit}')"
+
+	if [ -n "$ip" ]; then
+		URLFILTER_IPS="${URLFILTER_IPS} ${ip}"
+		return 0
+	else
+		log "get_host_ip_from_mac(): No IP found for MAC $mac in ARP table"
+		return 1
+	fi
+}
+
 # Global array for resolved IPs
 URLFILTER_IPS=""
 
-# Resolve hostname or MAC to IP from lease_file
-get_host_ip() {
-	local host="$1"
-	local ip
-	local lease_file="/tmp/dhcp.leases"
-
-	[ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases"
-	[ -f "$lease_file" ] || { log "Error: get_host_ip(): No DHCP lease file found."; return 1; }
-
-	# try DHCP lease lookup
-	ip="$(awk -v h="$host" '
-	{
-		mac=$2; ipaddr=$3; name=$4
-		if (h == name || h == mac) { print ipaddr; exit }
-	}' "$lease_file")"
-
-	[ -n "$ip" ] && URLFILTER_IPS="$URLFILTER_IPS $ip"
-}
-
-# Process each profile section
 resolve_profile_hosts() {
 	local section="$1"
-	local hostlist
+	local hostlist maclist h m
 
 	config_get hostlist "$section" host
-	[ -z "$hostlist" ] && return
+	config_get maclist  "$section" mac
 
 	for h in $hostlist; do
-		get_host_ip "$h"
+		get_host_ip_from_mac "$h"
+	done
+
+	for m in $maclist; do
+		get_host_ip_from_mac "$m"
 	done
 }
 

parental-control/files/lib/parentalcontrol/sync_bundles.sh

@@ -1,10 +1,12 @@
 #!/bin/sh
 
 . /lib/functions.sh
+. /usr/share/libubox/jshn.sh
 
 LOCKFILE="/tmp/sync_bundles.lock"
 log_level="$(uci -q get parentalcontrol.globals.loglevel)"
 log_level="${log_level:-1}"
+URLBUNDLE_JSON="/etc/parentalcontrol/url_bundles.json"
 DEBUG=0
 
 log_err() {
@@ -85,6 +87,7 @@ update_bundle_file_from_url() {
 		local success=0
 		while [ $attempt -le 3 ]; do
 			if curl -s -o "$temp_file" "$download_url"; then
+				log_info "Download successful for $download_url"
 				success=1
 				break
 			else
@@ -218,24 +221,33 @@ cleanup_bundle_files() {
 	# Collect all download_url entries using config_foreach
 	local urls=""
 	get_download_url() {
-		local section="$1"
-		config_get url "$section" download_url
-		config_get_bool enable "$1" enable 1
+		local enable url
+
+		json_select "${2}"
+
+		json_get_var url url
+		json_get_var enable enable
+		enable="${enable:-1}"
 
 		if [ "${enable}" -eq 0 ]; then
-			# bundle is disabled
+			log_info "get_download_url: Skipping bundle ${name} not enabled"
+			json_select ..
 			return 0
 		fi
+
 		url="${url#file://}"
 		url="${url#https://}"
 		url="${url#http://}"
 
 		url="${url##*/}" # Get everything after the last '/'
 		urls="$urls $url"
+		json_select ..
 	}
 
-	config_load parentalcontrol
-	config_foreach get_download_url urlbundle
+	json_init
+	json_load_file "${URLBUNDLE_JSON}"
+
+	json_for_each_item get_download_url "urlBundles"
 
 	# Loop through all files in the directory
 	for file in "$dir"/*; do
@@ -294,30 +306,29 @@ handle_filter_for_bundles() {
 	fi
 
 	check_bundle_exists() {
-		local enable download_url name cfg
+		local enable url name
 
-		cfg="$1"
-		config_get name "$cfg" name
-		config_get_bool enable "$cfg" enable 1
-		config_get download_url "$cfg" download_url
+		json_select "${2}"
+
+		json_get_var name name
+		json_get_var url url
+		json_get_var enable enable
+		enable="${enable:-1}"
 
 		if [ "${enable}" -eq 0 ]; then
-			log_info "Skipping bundle ${name} not enabled"
+			log_info "check_bundle_exists: Skipping bundle ${name} not enabled"
+			json_select ..
 			return 0
 		fi
 
-		handle_download_url "$download_url" "$name"
-		local exit_status=$?
-		if [ "$exit_status" -eq 1 ]; then
-			uci -q set "parentalcontrol.${cfg}.status"="Error"
-		else
-			uci -q set "parentalcontrol.${cfg}.status"=""
-		fi
-
-		uci commit parentalcontrol
+		handle_download_url "${url}" "${name}"
+		json_select ..
 	}
 
-	config_foreach check_bundle_exists urlbundle
+	json_init
+	json_load_file "${URLBUNDLE_JSON}"
+
+	json_for_each_item check_bundle_exists "urlBundles"
 }
 
 # Open file descriptor 200 for locking

parental-control/files/lib/upgrade/keep.d/parentalcontrol

@@ -1 +0,0 @@
-/etc/parentalcontrol/dhcp.leases

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -406,33 +406,35 @@ hw_commit_all() {
         /userfs/bin/qosrule discpline Enable 0
     fi
 
-    if [ -x /userfs/bin/blapi_cmd ]; then
-        echo 1 > /proc/ifc_send_to_ppe
-        for tc in $(seq 0 7); do
-            if [ -s "/tmp/qos/dscp_values_${tc}_4" ]; then
-                sort -un "/tmp/qos/dscp_values_${tc}_4" | awk 'NR==1{first=$1;last=$1;next}
-                                                               $1 == last+1 {last=$1;next}
-                                                               {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
-                                                               END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
-            fi
-            if [ -s "/tmp/qos/dscp_values_${tc}_6" ]; then
-                [ -s "/tmp/qos/dscp_values_${tc}_4" ] && sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
-                                                                                                        $1 == last+1 {last=$1;next}
-                                                                                                        {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0");first=$1;last=first}
-                                                                                                        END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0")}'
-                sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
-                                                               $1 == last+1 {last=$1;next}
-                                                               {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
-                                                               END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
-            fi
-        done
-    fi
+    if ! strings /proc/device-tree/compatible | grep -qFx econet,en7523; then
+        if [ -x /userfs/bin/blapi_cmd ]; then
+            echo 1 > /proc/ifc_send_to_ppe
+            for tc in $(seq 0 7); do
+                if [ -s "/tmp/qos/dscp_values_${tc}_4" ]; then
+                    sort -un "/tmp/qos/dscp_values_${tc}_4" | awk 'NR==1{first=$1;last=$1;next}
+                                                                   $1 == last+1 {last=$1;next}
+                                                                   {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
+                                                                   END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
+                fi
+                if [ -s "/tmp/qos/dscp_values_${tc}_6" ]; then
+                    [ -s "/tmp/qos/dscp_values_${tc}_4" ] && sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
+                                                                                                            $1 == last+1 {last=$1;next}
+                                                                                                            {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0");first=$1;last=first}
+                                                                                                            END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 0")}'
+                    sort -un "/tmp/qos/dscp_values_${tc}_6" | awk 'NR==1{first=$1;last=$1;next}
+                                                                   $1 == last+1 {last=$1;next}
+                                                                   {system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1");first=$1;last=first}
+                                                                   END{system("/userfs/bin/blapi_cmd traffic set_traffic_class DSCP " first*4 " " or(last*4, 0x3) " 1")}'
+                fi
+            done
+        fi
 
-    if [ -x /userfs/bin/ifc ]; then
-        echo 1 > /proc/ifc_send_to_ppe
-        for pbit in $(seq 0 7); do
-            /userfs/bin/ifc add vip pbit $pbit
-        done
+        if [ -x /userfs/bin/ifc ]; then
+            echo 1 > /proc/ifc_send_to_ppe
+            for pbit in $(seq 0 7); do
+                /userfs/bin/ifc add vip pbit $pbit
+            done
+        fi
     fi
 
     hw_nat -! > /dev/null 2>&1

self-diagnostics/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=self-diagnostics
-PKG_VERSION:=1.0.16
+PKG_VERSION:=1.0.17
 PKG_RELEASE:=1
 
 PKG_LICENSE:=GPL-2.0-only

self-diagnostics/files/usr/libexec/rpcd/self-diagnostics

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-BIN="/usr/sbin/self-diagnostics"
-. /usr/share/libubox/jshn.sh
-
-case "$1" in
-	list)
-		echo '{"list": {}, "generate" : {"modules":"String"}}'
-	;;
-	call)
-		case "$2" in
-			generate)
-				read -t 1 -r input
-				local out
-
-				json_load "${input}"
-				json_get_var modules modules
-				if [ -z "${modules}" ]; then
-					out="$(${BIN} -j)"
-				else
-					out="$(${BIN} -j -m "${modules}")"
-				fi
-				if [ -z "${out}" ]; then
-					echo '{}'
-				else
-					echo "${out}"
-				fi
-			;;
-			list)
-				out="$(${BIN} -j -l)"
-				if [ -z "${out}" ]; then
-					echo '{}'
-				else
-					echo "${out}"
-				fi
-			;;
-		esac
-	;;
-esac

self-diagnostics/files/usr/sbin/self-diagnostics

@@ -1,11 +1,12 @@
 #!/bin/sh
 
+# shellcheck disable=SC1091
 . /usr/share/libubox/jshn.sh
 
 JSON_OUT=0
 SPEC_DIR="/usr/share/self-diagnostics/spec"
 SPEC_EXT_DIR="/etc/self-diagnostics/spec"
-REPORT_PATH="/var/log/"
+REPORT_PATH="/var/log"
 REPORT_TEMP_DIR="$(mktemp -p ${REPORT_PATH} -d)"
 REPORT_NAME="self-test-diagnostics"
 VERBOSE=0
@@ -17,18 +18,19 @@ log()
 {
 	log_file="${REPORT_TEMP_DIR}/execution.log"
 	if [ "$VERBOSE" -eq 1 ]; then
-		logger -p debug -t $0 "$*"
+		logger -p debug -t "$0" "$*"
 	fi
-	echo "[$(date +%Y:%m:%d-%H:%M:%S)] $*" >> ${log_file}
+	echo "[$(date +%Y:%m:%d-%H:%M:%S)] $*" >> "${log_file}"
 }
 
 err_log()
 {
 	log_file="${REPORT_TEMP_DIR}/execution.log"
-	logger -p err -t $0 "$*"
-	echo "[$(date +%Y:%m:%d-%H:%M:%S) ERR] $*" >> ${log_file}
+	logger -p err -t "$0" "$*"
+	echo "[$(date +%Y:%m:%d-%H:%M:%S) ERR] $*" >> "${log_file}"
 }
 
+# shellcheck disable=SC3043
 generate_report()
 {
 	local filename
@@ -39,19 +41,19 @@ generate_report()
 	[ -f "${filename}.tar.gz" ] && rm "${filename}.tar.gz"
 
 	log "# Report generation completed #"
-	cd ${REPORT_TEMP_DIR} && {
+	cd "${REPORT_TEMP_DIR}" && {
 		filename="${filename}.tar"
-		tar -cf "${filename}" *
+		tar -cf "${filename}" ./*.log
 	}
 
 	if [ -n "$COMPOPTS" ]; then
-		gzip -${COMPOPTS} -f "${filename}"
+		gzip -"${COMPOPTS}" -f "${filename}"
 		filename="${filename}.gz"
 	fi
 
 	# Move logs if failed to generate tar
 	if [ ! -f "${filename}" ]; then
-		mv ${REPORT_TEMP_DIR}/*.log ${REPORT_PATH}/
+		mv "${REPORT_TEMP_DIR}"/*.log "${REPORT_PATH}"/
 	fi
 
 	if [ "${JSON_OUT}" -eq 1 ]; then
@@ -78,7 +80,7 @@ cleanup()
 {
 	if [ -d "${REPORT_TEMP_DIR}" ]; then
 		generate_report
-		rm -rf ${REPORT_TEMP_DIR}
+		rm -rf "${REPORT_TEMP_DIR}"
 	fi
 }
 
@@ -87,7 +89,7 @@ term_cleanup()
 	if [ -d "${REPORT_TEMP_DIR}" ]; then
 		err_log "Exiting due to TERM/INT signal"
 		generate_report
-		rm -rf ${REPORT_TEMP_DIR}
+		rm -rf "${REPORT_TEMP_DIR}"
 	fi
 }
 
@@ -111,8 +113,8 @@ help()
 # Alias ubus to have a smaller 5-second timeout on all subsequent calls
 ubus()
 {
-	if [ "${1}" == "call" ]; then
-		if command ubus list $2 >/dev/null 2>&1; then
+	if [ "${1}" = "call" ]; then
+		if command ubus list >/dev/null 2>&1; then
 			command ubus "$@";
 		fi
 	else
@@ -121,6 +123,7 @@ ubus()
 
 }
 
+# shellcheck disable=SC3043,SC3060,SC2034
 config_load()
 {
 	local temp
@@ -157,7 +160,7 @@ config_load()
 
 	temp="$(uci -q get self-diagnostics.globals.report_name)"
 	[ -n "${temp}" ] && \
-		REPORT_NAME="$(eval echo ${temp})"
+		REPORT_NAME="$(eval echo "${temp}")"
 
 	REPORT_NAME="${REPORT_NAME//[ \/]/_}"
 
@@ -170,9 +173,42 @@ config_load()
 		VERBOSE="${temp}"
 }
 
+# shellcheck disable=SC2129,SC3043
+run_cmd()
+{
+	local exec_timeout name cmd description
+	local export_path rc start_time end_time
+
+	exec_timeout="${1}"; shift
+	name="${1}"; shift
+	cmd="${1}"; shift
+	description="${*}"
+
+	start_time="$(date +%s)"
+	export_path="${REPORT_TEMP_DIR}/${name}.log"
+	log "Executing $cmd with timeout $exec_timeout"
+	echo "##########################################" >> "$export_path"
+	echo "# $description #">> "$export_path"
+	echo "# Exec [$cmd], timeout [$exec_timeout], start_time [$(date +%Y:%m:%d-%H:%M:%S)] #" >> "$export_path"
+	echo "##########################################" >> "$export_path"
+	eval timeout "${exec_timeout}" "$cmd" >> "$export_path" 2>&1
+	rc=$?
+	end_time="$(date +%s)"
+	echo "######## Execution done in [$((end_time - start_time)) ], return code $rc ######" >> "$export_path"
+
+	if [ "$rc" -eq 0 ]; then
+		log "Execution [$cmd] completed"
+	else
+		err_log "Execution [$cmd] Failed/Timeout with $rc exit code"
+	fi
+
+	echo >> "$export_path"
+}
+
+# shellcheck disable=SC2154,SC3060,SC3043
 exec_spec()
 {
-	local json_file exec_skip name timeout exec_timeout rc start_time end_time
+	local json_file exec_skip name timeout exec_timeout start_time end_time
 
 	start_time="$(date +%s)"
 	json_file="$1"
@@ -189,20 +225,18 @@ exec_spec()
 		return 1
 	}
 
-	name="$(basename ${json_file})"
-	export_path="${REPORT_TEMP_DIR}/${name//.json/.log}"
-
+	name="$(basename "${json_file}")"
 	exec_skip=0
 	if json_is_a dependency array; then
 		json_select "dependency"
 		json_get_keys ekeys
 
 		for key in $ekeys; do
-			if json_is_a $key object; then
-				json_select $key
+			if json_is_a "$key" object; then
+				json_select "$key"
 				json_get_var type type
 
-				if [ "$type" == "file" ]; then
+				if [ "$type" = "file" ]; then
 					json_get_var file file
 					if [ ! -e "$file" ]; then
 						err_log "${json_file} has unmet file dependency $file"
@@ -230,8 +264,8 @@ exec_spec()
 		json_get_keys keys
 
 		for key in $keys; do
-			if json_is_a $key object; then
-				json_select $key
+			if json_is_a "$key" object; then
+				json_select "${key}"
 				local cmd_skip file
 
 				cmd_skip=0
@@ -240,13 +274,13 @@ exec_spec()
 					json_select "dependency"
 					json_get_keys d_keys
 
-					for d_key in $d_keys; do
-						if json_is_a $d_key object; then
-							json_select $d_key
+					for d_key in ${d_keys}; do
+						if json_is_a "${d_key}" object; then
+							json_select "${d_key}"
 							json_get_var type type
-							if [ "$type" == "file" ]; then
+							if [ "$type" = "file" ]; then
 								json_get_var file file
-								if [ ! -e $file ]; then
+								if [ ! -e "${file}" ]; then
 									json_select ..
 									cmd_skip=1
 									continue
@@ -273,22 +307,7 @@ exec_spec()
 				else
 					exec_timeout=$TIMEOUT
 				fi
-				log "Executing $cmd with timeout $exec_timeout"
-				echo "##########################################" >> $export_path
-				echo "# $description #">> $export_path
-				echo "# Exec [$cmd], timeout [$exec_timeout] #" >> $export_path
-				echo "##########################################" >> $export_path
-				eval timeout ${exec_timeout} $cmd >> $export_path 2>&1
-				rc=$?
-				echo "######## Execution done return code $rc ######" >> $export_path
-
-				if [ "$rc" -eq 0 ]; then
-					log "Execution [$cmd] completed"
-				else
-					err_log "Execution [$cmd] Failed/Timeout with $rc exit code"
-				fi
-
-				echo >> $export_path
+				run_cmd "${exec_timeout}" "${name//.json/}" "${cmd}" "${description}"
 				json_select ..
 			fi
 		done
@@ -300,20 +319,21 @@ exec_spec()
 	log ""
 }
 
+# shellcheck disable=SC3043,SC3060
 generate_module()
 {
-	local modules="${@}"
+	local modules="${*}"
 	local file module
 
 	config_load
 
-	log "Modules [$@]"
+	log "Modules [$*]"
 	for module in $modules; do
 		module="${module/.json/}"
-		file="$(find $SPEC_DIR -type f -name ${module}.json)"
+		file="$(find "${SPEC_DIR}" -type f -name "${module}.json")"
 		[ -z "$file" ] && {
 			[ -d "${SPEC_EXT_DIR}" ] && \
-				file="$(find $SPEC_EXT_DIR -type f -name ${module}.json)"
+				file="$(find "${SPEC_EXT_DIR}" -type f -name "${module}.json")"
 		}
 
 		[ -f "$file" ] && \
@@ -321,15 +341,16 @@ generate_module()
 	done
 }
 
+# shellcheck disable=SC3043
 generate_all()
 {
 	local files
 
 	config_load
 
-	files="$(find ${SPEC_DIR} -type f -name *.json)"
+	files="$(find "${SPEC_DIR}" -type f -name "*.json")"
 	[ -d "${SPEC_EXT_DIR}" ] && \
-		files="${files} $(find $SPEC_EXT_DIR -type f -name *.json)"
+		files="${files} $(find "${SPEC_EXT_DIR}" -type f -name "*.json")"
 
 	[ -z "$files" ] && {
 		return 0
@@ -341,6 +362,7 @@ generate_all()
 
 }
 
+# shellcheck disable=SC3060,SC3043
 list_modules()
 {
 	local files
@@ -354,7 +376,7 @@ list_modules()
 	fi
 
 	cd ${SPEC_DIR} && {
-		for file in $(ls); do
+		for file in *.json; do
 			if [ "${JSON_OUT}" -eq 1 ]; then
 				json_add_string "" "${file/.json/}"
 			else
@@ -372,7 +394,7 @@ list_modules()
 	fi
 
 	cd ${SPEC_EXT_DIR} && {
-		for file in $(ls); do
+		for file in *.json; do
 			if [ "${JSON_OUT}" -eq 1 ]; then
 				json_add_string "" "${file/.json/}"
 			else
@@ -411,6 +433,10 @@ while getopts "m:hlj" opts; do
 		m)
 			modules="$modules ${OPTARG}"
 			;;
+		*)
+			help
+			exit
+			;;
 	esac
 done
 
@@ -422,5 +448,5 @@ fi
 if [ -z "${modules}" ]; then
 	generate_all
 else
-	generate_module ${modules}
+	generate_module "${modules}"
 fi

self-diagnostics/src/selftest.c

@@ -54,18 +54,35 @@ int get_operate_args_SelfTest(char *refparam, struct dmctx *ctx, void *data, cha
 int operate_Device_SelfTest(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
 {
 	char cmd[512] = {0};
-	char output[512] = {0};
+	char buffer[512] = {0};
+	json_object *jobj = NULL;
+	const char *filename;
 
-	snprintf(cmd, sizeof(cmd), "sh %s", DIAG_BIN);
+	snprintf(cmd, sizeof(cmd), "sh %s -j 2>/dev/null", DIAG_BIN);
 
-	if (run_cmd(cmd, output, sizeof(output)) != 0)
+	if (run_cmd(cmd, buffer, sizeof(buffer)) != 0) {
+		BBFDM_ERR("Failed to run cmd[%s]", cmd);
 		goto err;
+	}
 
-	// truncate the new line char from end
-	remove_new_line(output);
-
-	if (!file_exists(output))
+	if (DM_STRLEN(buffer) == 0) {
+		BBFDM_ERR("No output from cmd[%s]", cmd);
 		goto err;
+	}
+
+	jobj = json_tokener_parse(buffer);
+	if (jobj == NULL) {
+		BBFDM_ERR("Fail to parse output[%s] in json", buffer);
+		goto err;
+	}
+
+	filename = dmjson_get_value(jobj, 1, "result");
+	snprintf(buffer, sizeof(buffer), "%s", filename);
+	json_object_put(jobj);
+	if (!file_exists(filename)) {
+		BBFDM_ERR("File [%s] does not exists or not accessible", filename);
+		goto err;
+	}
 
 	/* Add in dmmap_logmngr */
 	struct uci_section *s = get_origin_section_from_dmmap("dmmap_logmngr", "self_test", "self_test_log");
@@ -74,7 +91,7 @@ int operate_Device_SelfTest(char *refparam, struct dmctx *ctx, void *data, char
 		dmuci_rename_section_by_section(s, "self_test_log");
 	}
 
-	dmuci_set_value_by_section(s, "log_file", output);
+	dmuci_set_value_by_section(s, "log_file", filename);
 	dmuci_commit_package_bbfdm("dmmap_logmngr");
 
 	/* Get self test log instance */

ssdpd/src/datamodel.c

@@ -341,6 +341,30 @@ static int set_UPnPDevice_Enable(char *refparam, struct dmctx *ctx, void *data,
 	return 0;
 }
 
+/*#Device.UPnP.Device.UPnPIGD!UCI:upnpd/upnpd,config/igdv1*/
+static int get_UPnPDevice_UPnPIGD(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	*value = dmuci_get_option_value_fallback_def("upnpd", "config", "igdv1", "1");
+	return 0;
+}
+
+static int set_UPnPDevice_UPnPIGD(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+	bool b;
+
+	switch (action) {
+		case VALUECHECK:
+			if (bbfdm_validate_boolean(ctx, value))
+				return FAULT_9007;
+			return 0;
+		case VALUESET:
+			string_to_bool(value, &b);
+			dmuci_set_value("upnpd", "config", "igdv1", b ? "1" : "0");
+			return 0;
+	}
+	return 0;
+}
+
 static int get_UPnPDeviceCapabilities_UPnPArchitecture(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
 {
 	*value = "1";
@@ -809,12 +833,12 @@ DMLEAF tUPnPDeviceCapabilitiesParams[] = {
 DMLEAF tUPnPDeviceParams[] = {
 /* PARAM, permission, type, getvalue, setvalue, bbfdm_type, version*/
 {"Enable", &DMWRITE, DMT_BOOL, get_UPnPDevice_Enable, set_UPnPDevice_Enable, BBFDM_BOTH},
+{"UPnPIGD", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPIGD, set_UPnPDevice_UPnPIGD, BBFDM_BOTH},
 //{"UPnPMediaServer", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPMediaServer, set_UPnPDevice_UPnPMediaServer, BBFDM_BOTH},
 //{"UPnPMediaRenderer", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPMediaRenderer, set_UPnPDevice_UPnPMediaRenderer, BBFDM_BOTH},
 //{"UPnPWLANAccessPoint", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPWLANAccessPoint, set_UPnPDevice_UPnPWLANAccessPoint, BBFDM_BOTH},
 //{"UPnPQoSDevice ", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPQoSDevice , set_UPnPDevice_UPnPQoSDevice , BBFDM_BOTH},
 //{"UPnPQoSPolicyHolder", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPQoSPolicyHolder, set_UPnPDevice_UPnPQoSPolicyHolder, BBFDM_BOTH},
-//{"UPnPIGD", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPIGD, set_UPnPDevice_UPnPIGD, BBFDM_BOTH},
 //{"UPnPDMBasicMgmt", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPDMBasicMgmt, set_UPnPDevice_UPnPDMBasicMgmt, BBFDM_BOTH},
 //{"UPnPDMConfigurationMgmt", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPDMConfigurationMgmt, set_UPnPDevice_UPnPDMConfigurationMgmt, BBFDM_BOTH},
 //{"UPnPDMSoftwareMgmt", &DMWRITE, DMT_BOOL, get_UPnPDevice_UPnPDMSoftwareMgmt, set_UPnPDevice_UPnPDMSoftwareMgmt, BBFDM_BOTH},

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.3.10
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=24cb862a27b4282668b434044a20fdc2c437316b
+PKG_SOURCE_VERSION:=15f36f48dee8a675d7829181bf508a75c0a66a8a
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.3.10
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=89f778534565e4ee9cea80fe881e9739c83d4c57
+PKG_SOURCE_VERSION:=6a82c845c5203a7e33737d668659e60203f9f68f
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,7 +28,7 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa +sulu-vendorext
+	DEPENDS:=+mosquitto-auth-plugin +usermngr +userinterface +obuspa
 	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
 	EXTRA_DEPENDS:=nginx
 endef

sulu/sulu-builder/files/etc/sulu/nginx.locations

@@ -20,7 +20,7 @@ location /wss {
 	proxy_set_header Connection $connection_upgrade;
 	proxy_set_header    Host               $host;
 	proxy_set_header    X-Real-IP          $remote_addr;
-	proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+	proxy_set_header    X-Forwarded-For    $remote_addr;
 	proxy_set_header    X-Forwarded-Host   $host;
 	proxy_set_header    X-Forwarded-Server $host;
 	proxy_set_header    X-Forwarded-Port   $server_port;

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -5,8 +5,9 @@
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
 
-RESTART_REQ=0
-_RESTART_SERVICES="0"
+SULU_CON_CONFIG="/sulu/presets/connection-config.json"
+SULU_ACL_FILE=""
+SULU_CON_ROLES=""
 
 slog() {
 	echo "$*" | logger -t sulu.sh -p debug
@@ -27,49 +28,21 @@ _get_agent_id() {
 	fi
 }
 
-_get_sulu_user_roles() {
-	roles=$(uci -q get userinterface._sulu_s.role)
-
-	for role in ${roles}; do
-		sulu_user_roles="${sulu_user_roles} ${role}"
-	done
-
-	if [ -n "${sulu_user_roles}" ]; then
-		sulu_user_roles=$(echo -e "${sulu_user_roles// /\\n}" | sort | uniq)
-	fi
-
-	echo "${sulu_user_roles}"
-}
-
-_get_sulu_root() {
-	local root
-
-	root="$(uci -q get nginx._sulu_s.root)"
-	echo "${root:-/sulu}"
-}
-
-_get_sulu_connection_config() {
-	local config
-
-	config="$(_get_sulu_root)/presets/connection-config.json"
-	echo "${config}"
-}
-
-_get_sulu_session_mode() {
-	uci -q get sulu.global.SessionMode
-}
-
 _get_sulu_acl_file() {
 	uci -q get mosquitto.sulu.acl_file
 }
 
+_sulu_conn_config_users() {
+	for user in ${SULU_CON_ROLES}; do
+		json_add_object "${user}"
+		json_add_string 'fromId' "self::sulu-${user}"
+		json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${user}/endpoint"
+		json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${user}/controller"
+		json_close_object
+	done
+}
+
 generate_sulu_conn_config() {
-	local users SCONFIG session
-
-	users="$(_get_sulu_user_roles)"
-	session="$(_get_sulu_session_mode)"
-	SCONFIG="$(_get_sulu_connection_config)"
-
 	json_init
 	json_add_string 'Current-connection' 'main'
 	json_add_object 'Connections'
@@ -79,41 +52,25 @@ generate_sulu_conn_config() {
 			json_add_string 'toId' "os::$(_get_agent_id)"
 			json_add_string 'port' "auto"
 			json_add_string 'path' "/wss"
-
-			if [ "${session}" = "Require" ]; then
-				json_add_boolean 'useSession' 1
-			fi
-
 			json_add_string 'protocol' 'autoWs'
+
 			json_add_object 'overrides'
 			{
-				for user in ${users}; do
-					json_add_object "${user}"
-					{
-						json_add_string 'fromId' "self::sulu-${user}"
-						json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${user}/endpoint"
-						json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${user}/controller"
-						json_close_object
-					}
-				done
+				_sulu_conn_config_users
 				json_close_object
 			}
 			json_close_object
 		}
 		json_close_object
 	}
-
-	json_dump >"${SCONFIG}"
+	json_dump >"${SULU_CON_CONFIG}"
 }
 
-_update_obuspa_config_rbac() {
-	local agent users session
+update_obuspa_config() {
+	local agent
 
 	agent="$(_get_agent_id)"
-	users="$(_get_sulu_user_roles)"
-	session="$(_get_sulu_session_mode)"
-
-	for user in ${users}; do
+	for user in ${SULU_CON_ROLES}; do
 		local section
 
 		# Add mqtt
@@ -123,7 +80,6 @@ _update_obuspa_config_rbac() {
 			uci_set obuspa "${section}" BrokerAddress "127.0.0.1"
 			uci_set obuspa "${section}" BrokerPort "1883"
 			uci_set obuspa "${section}" TransportProtocol "TCP/IP"
-			RESTART_REQ=1
 		fi
 
 		# Add mtp
@@ -133,7 +89,6 @@ _update_obuspa_config_rbac() {
 			uci_set obuspa "${section}" Protocol "MQTT"
 			uci_set obuspa "${section}" ResponseTopicConfigured "/usp/${agent}/${user}/endpoint"
 			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
-			RESTART_REQ=1
 		fi
 
 		# Add controller
@@ -145,88 +100,61 @@ _update_obuspa_config_rbac() {
 			uci_set obuspa "${section}" Topic "/usp/${agent}/${user}/controller"
 			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
 			uci_set obuspa "${section}" assigned_role_name "$user"
-			RESTART_REQ=1
-		fi
-
-		obMode="$(uci_get obuspa "${section}" SessionMode)"
-		if [ "${session}" != "${obMode}" ]; then
-			uci_set obuspa "${section}" SessionMode "${session}"
-			RESTART_REQ=1
 		fi
 	done
 }
 
-_create_mosquitto_acl() {
-	local agentid users
-	local ACL_FILE acl_users
+create_mosquitto_acl() {
+	local agentid
+	local acl_users
 
-	RESTART_REQ="0"
-
-	ACL_FILE="$(_get_sulu_acl_file)"
-	if [ -z "${ACL_FILE}" ]; then
+	SULU_ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${SULU_ACL_FILE}" ]; then
 		return 0
 	fi
 
-	users="$(_get_sulu_user_roles)"
-	if [ -f "${ACL_FILE}" ]; then
-		acl_users="$(awk '/^user / {print $2}' "${ACL_FILE}")"
-		for user in ${acl_users}; do
-			if ! echo "$users" | grep -qwF "$user"; then
-				rm -f "${ACL_FILE}"
-				RESTART_REQ="1"
-				break
-			fi
-		done
-	fi
-	[ -f "${ACL_FILE}" ] || touch "${ACL_FILE}"
-
+	echo > "${SULU_ACL_FILE}"
 	agentid="$(_get_agent_id)"
-	for user in ${users}; do
-		if ! grep -qxF "user $user" "${ACL_FILE}"; then
+	for user in ${SULU_CON_ROLES}; do
+		if ! grep -qxF "user $user" "${SULU_ACL_FILE}"; then
 			{
 				echo "user ${user}"
 				echo "topic read  /usp/${agentid}/${user}/controller/reply-to"
 				echo "topic write /usp/${agentid}/${user}/endpoint"
 				echo "topic read  /usp/${agentid}/${user}/controller"
 				echo ""
-			} >> "${ACL_FILE}"
-			RESTART_REQ="1"
+			} >> "${SULU_ACL_FILE}"
 		fi
 	done
+	chown mosquitto:mosquitto "${SULU_ACL_FILE}"
+	chmod 640 "${SULU_ACL_FILE}"
+}
 
-	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
-		slog "Restarting mosquitto..."
-		ubus call uci commit '{"config":"mosquitto"}'
+get_sulu_roles() {
+	local sec path_prefix redirect role
+
+	sec="${1}"
+
+	config_get path_prefix "${sec}" path_prefix ""
+	config_get redirect "${sec}" redirect ""
+	config_get role "${sec}" role ""
+
+	if [ -n "${redirect}" ]; then
+		return 0
+	fi
+
+	if [ "${path_prefix}" != "/sulu" ]; then
+		return 0
+	fi
+
+	if [ -n "${role}" ]; then
+		SULU_CON_ROLES="${SULU_CON_ROLES} ${role}"
 	fi
 }
 
-update_obuspa_config() {
-	RESTART_REQ=0
-	_update_obuspa_config_rbac
-	uci_commit obuspa
+config_load userinterface
+config_foreach get_sulu_roles http_access
 
-	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
-		slog "Restarting obuspa..."
-		ubus call uci commit '{"config":"obuspa"}'
-	fi
-}
-
-configure_sulu() {
-	_create_mosquitto_acl
-	update_obuspa_config
-	generate_sulu_conn_config
-}
-
-while getopts ":r" opt; do
-	case ${opt} in
-	r)
-		_RESTART_SERVICES="1"
-		;;
-	*)
-		slog "Invalid option: ${OPTARG}"
-		exit 1
-		;;
-	esac
-done
-
-configure_sulu
+generate_sulu_conn_config
+create_mosquitto_acl
+update_obuspa_config

sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config

@@ -33,13 +33,14 @@ add_sulu_config_to_mosquitto()
 	uci_set mosquitto sulu port '9009'
 	uci_set mosquitto sulu no_remote_access '1'
 	uci_set mosquitto sulu protocol 'websockets'
-	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
 	uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
 }
 
 add_sulu_userinterface_uci()
 {
-	if [ -f "/etc/config/userinterface" ]; then
+	# check if sulu already configured
+	if ! uci show userinterface| grep -q "path_prefix='/sulu'"; then
 		uci_add userinterface http_access _sulu_s
 		uci_set userinterface _sulu_s path_prefix '/sulu'
 		uci_set userinterface _sulu_s port '8443'

sulu/sulu-builder/files/etc/users/roles/user.json

@@ -7,6 +7,14 @@
       {
         "object": "Device.",
         "perm": ["PERMIT_ALL"]
+      },
+      {
+        "object": "Device.Firewall.Enable",
+        "perm": ["PERMIT_GET", "PERMIT_SUBS_VAL_CHANGE", "PERMIT_OBJ_INFO"]
+      },
+      {
+        "object": "Device.Firewall.Chain.*.Rule.",
+        "perm": ["PERMIT_NONE"]
       }
     ]
   }

sulu/sulu-theme-genexis/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-theme-genexis
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.3.10
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/sulu-theme-genexis

sulu/sulu-vendorext/Makefile

@@ -1,34 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=sulu-vendorext
-PKG_VERSION:=0.0.4
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=none
-
-include $(INCLUDE_DIR)/package.mk
-include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
-
-
-define Package/sulu-vendorext
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=Adds sulu-vendorext extensions
-endef
-
-define Build/Compile
-endef
-
-define Package/sulu-vendorext/install
-	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU.json $(1) sysmngr
-	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU_wan.json $(1) sysmngr
-
-	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) suluvendorext
-	$(BBFDM_INSTALL_MS_DM) ./extn/X_IOWRT_EU_MAPController.json $(1) suluvendorext
-
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,sulu-vendorext))

sulu/sulu-vendorext/bbfdm_service.json

@@ -1,16 +0,0 @@
-{
-  "daemon": {
-    "enable": "1",
-    "service_name": "suluvendorext",
-    "unified_daemon": false,
-    "services": [
-      {
-        "parent_dm": "Device.",
-        "object": "X_IOWRT_EU_MAPController"
-      }
-    ],
-    "config": {
-      "loglevel": "3"
-    }
-  }
-}

sulu/sulu-vendorext/extn/X_GENEXIS_EU.json

@@ -1,140 +0,0 @@
-{
-        "Device.DeviceInfo.X_GENEXIS_EU.": {
-                "type": "object",
-                "version": "1.00",
-                "protocols": [
-                        "cwmp",
-                        "usp"
-                ],
-                "access": false,
-                "array": false,
-                "is_primary_node": {
-                        "type": "boolean",
-                        "version": "1.00",
-                        "read": true,
-                        "write": false,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "heimgard",
-                                                "section": {
-                                                        "name": "routeragent"
-                                                },
-                                                "option": {
-                                                        "name": "is_master"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "meshmode": {
-                        "type": "string",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "rpc": "get",
-                                        "type": "ubus",
-                                        "ubus": {
-                                                "object": "meshmode",
-                                                "method": "status",
-                                                "key": "mode"
-                                        }
-                                },
-                                {
-                                        "rpc": "set",
-                                        "type": "ubus",
-                                        "ubus": {
-                                                "object": "meshmode",
-                                                "method": "change_meshmode",
-                                                "args": {
-                                                        "mode": "@Value"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "wizardHasBeenUsed": {
-                        "type": "boolean",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "heimgard",
-                                                "section": {
-                                                        "name": "settings"
-                                                },
-                                                "option": {
-                                                        "name": "wizard_executed"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "LocalTimeZone": {
-                        "type": "string",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "system",
-                                                "section": {
-                                                        "name": "@system[0]"
-                                                },
-                                                "option": {
-                                                        "name": "timezone"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "LocalTimeZoneName": {
-                        "type": "string",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "system",
-                                                "section": {
-                                                        "name": "@system[0]"
-                                                },
-                                                "option": {
-                                                        "name": "zonename"
-                                                }
-                                        }
-                                }
-                        ]
-                }
-        }
-}

sulu/sulu-vendorext/extn/X_GENEXIS_EU_wan.json

@@ -1,487 +0,0 @@
-{
-    "Device.DeviceInfo.X_GENEXIS_EU.Wan.": {
-        "type": "object",
-        "version": "1.00",
-        "protocols": [
-            "cwmp",
-            "usp"
-        ],
-        "access": false,
-        "array": false,
-        "proto": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "proto"
-                        },
-                        "key": "proto"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "proto",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "ipaddr": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "status",
-                        "args": {},
-                        "key": "ipaddr"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "ipaddr"
-                        }
-                    }
-                }
-            ]
-        },
-        "netmask": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "status",
-                        "args": {},
-                        "key": "netmask"
-                    }
-                },
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "netmask"
-                        }
-                    }
-                }
-            ]
-        },
-        "gateway": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "status",
-                        "args": {},
-                        "key": "gateway"
-                    }
-                },
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "gateway"
-                        }
-                    }
-                }
-            ]
-        },
-        "peerdns": {
-            "type": "boolean",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "peerdns"
-                        }
-                    }
-                }
-            ]
-        },
-        "dns": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "dns"
-                        }
-                    }
-                }
-            ]
-        },
-        "hostname": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "hostname"
-                        }
-                    }
-                }
-            ]
-        },
-        "NAT": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "firewall",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "masq"
-                        }
-                    }
-                }
-            ]
-        },
-        "mtu": {
-            "type": "unsignedInt",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "mtu"
-                        }
-                    }
-                }
-            ]
-        },
-        "vid": {
-            "type": "unsignedInt",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "vid"
-                        },
-                        "key": "vid"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "vid",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "username": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "username"
-                        },
-                        "key": "username"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "username",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "password": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "password"
-                        },
-                        "key": "password"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "password",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "service": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "service"
-                        },
-                        "key": "service"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "service",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "ac": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "ac"
-                        }
-                    },
-                    "key": "ac"
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "ac",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "keepalive": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "keepalive"
-                        },
-                        "key": "keepalive"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "keepalive",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        }
-    }
-}

sulu/sulu-vendorext/extn/X_IOWRT_EU_MAPController.json

@@ -1,206 +0,0 @@
-{
-  "json_plugin_version": 2,
-  "Device.X_IOWRT_EU_MAPController.": {
-    "type": "object",
-    "protocols": [
-      "usp"
-    ],
-    "access": false,
-    "array": false,
-    "Device.X_IOWRT_EU_MAPController.Controller.": {
-      "type": "object",
-      "protocols": [
-        "usp"
-      ],
-      "access": false,
-      "array": false,
-      "dependency": "file:/etc/config/mapcontroller",
-      "Enable": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "default": true,
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "enabled"
-              }
-            }
-          }
-        ]
-      },
-      "ChannelPlan": {
-        "type": "unsignedInt",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "channel_plan_interval"
-              }
-            }
-          }
-        ]
-      },
-      "AllowBackgroundDFS": {
-        "type": "unsignedInt",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "bgdfs_interval"
-              }
-            }
-          }
-        ]
-      },
-      "TrafficSeparation": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "traffic_separation"
-              }
-            }
-          }
-        ]
-      },
-      "InitialChannelScan": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "initial_scan"
-              }
-            }
-          }
-        ]
-      }
-    },
-    "Device.X_IOWRT_EU_MAPController.STASteering.": {
-      "type": "object",
-      "protocols": [
-        "usp"
-      ],
-      "access": false,
-      "array": false,
-      "dependency": "file:/etc/config/mapcontroller",
-      "STASteering": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "sta_steering"
-              },
-              "option": {
-                "name": "enable_sta_steer"
-              }
-            }
-          }
-        ]
-      },
-      "BackhaulSTASteering": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "sta_steering"
-              },
-              "option": {
-                "name": "enable_bsta_steer"
-              }
-            }
-          }
-        ]
-      },
-      "BandSteering": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "sta_steering"
-              },
-              "option": {
-                "name": "bandsteer"
-              }
-            }
-          }
-        ]
-      }
-    }
-  }
-}

sulu/sulu-vendorext/files/etc/config/heimgard

@@ -1,36 +0,0 @@
-config ota 'ota'
-  # Allow firmware upgrades, defaults true
-  option firmware 'true'
-  # Allow download of arbituary files
-  option file_download 'true'
-  # Allow to download software packages
-  option software 'false'
-  # Allow to download personalization files (isp/customer settings)
-  option customer_settings 'false'
-  option mirror_url '$fwenv$upgrade_ota_url|https://upgradeserver$'
-  option crontab_entry "$(date +%M) * * * *"
-  list softwarelist 'ping_container'
-  list softwarelist 'pingcom_ota'
-  option interval 'nightly'
-  option registry_service_enabled '$fwenv$registry_service_enabled|1$'
-  option registry_service_url '$fwenv$registry_service_url|https://registry.hc-apis.com$'
-  option verbose_level '6'
-
-config routeragent 'routeragent'
-  option is_master 'false'
-  option onboarded 'false'
-
-config containers 'containers'
-  list 'cnt_list' 'f-secure'
-  list 'cnt_list' 'lxc_hello_world'
-
-config services 'state'
-  option mwan3 'disable'
- 
-config links 'help_support'
-	option support_link 'https://genexis.eu/solutions/support-services/'
-	option faq_link ''
-	option contact_link 'https://genexis.eu/contact'
-	option contact_phone ''
-	option livechat_link ''
-	option contact_times 'Monday – Friday from 09:00 – 17:00'

sulu/sulu-vendorext/files/etc/init.d/sulu_widgets

@@ -1,63 +0,0 @@
-#!/bin/sh /etc/rc.common
-#
-# This script will hide sulu widgets depending on router mode.
-# This is achieved by creating a widget-presets.json file
-# overriding the visibilityControl for each hidden widget.
-#
-# Note: widget names must be unique!
-#
-
-START=61
-
-HIDDEN_WIDGETS_PPPOE=""
-HIDDEN_WIDGETS_BRIDGE="wan-dash wan heimgard-dhcp heimgard-static-lease heimgard-firewall heimgard-internet-access heimgard-upnp"
-HIDDEN_WIDGETS_ROUTER=""
-
-output_file="/sulu/widget-presets/widget-presets.json"
-
-start() {
-	local mode hidden_widgets
-
-	mode=$(ubus call meshmode status | jsonfilter -e '@.mode')
-
-	case "$mode" in
-		pppoe)
-			hidden_widgets=$HIDDEN_WIDGETS_PPPOE
-		;;
-		bridge)
-			hidden_widgets=$HIDDEN_WIDGETS_BRIDGE
-		;;
-		router)
-			hidden_widgets=$HIDDEN_WIDGETS_ROUTER
-		;;
-		default)
-			logger -t "Sulu widgets" "Unable to determine device mode"
-			return 1
-		;;
-	esac
-
-	output_dir=$(dirname "$output_file")
-	if [ ! -d "$output_dir" ]; then
-		mkdir -p "$output_dir"
-	fi
-
-	echo "{" > "$output_file"
-
-	first=1
-	for widget in $hidden_widgets; do
-		if [ $first -eq 0 ]; then
-			echo "  ," >> "$output_file"
-		fi
-		first=0
-
-		echo '  "'$widget'": {' >> "$output_file"
-		echo '    "visibilityControl": "hide"' >> "$output_file"
-		echo '  }' >> "$output_file"
-	done
-
-	echo "}" >> "$output_file"
-}
-
-reload() {
-        start
-}

sulu/sulu-vendorext/files/lib/sulu_functions.sh

@@ -1,198 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC1091,SC3043,SC3043
-
-. /usr/share/libubox/jshn.sh
-. /lib/functions/network.sh
-
-persistent_file="/tmp/sulu.json"
-
-init_json() {
-	json_init
-	[ -f "${persistent_file}" ] && json_load_file "${persistent_file}"
-	json_add_int "schema_version" "1"
-	if ! json_select "network" >/dev/null; then
-		json_add_object "network"
-	fi
-
-	if ! json_select "wan" >/dev/null; then
-		local current_dev=""
-		local current_proto=""
-		local current_vid=""
-		local current_mtu=""
-		local current_username=""
-		local current_password=""
-		local default_gw_interface=""
-		# Load current settings
-		network_find_wan default_gw_interface
-		[ -z "${default_gw_interface}" ] && default_gw_interface="wan"
-		current_dev="$(uci -q get network."${default_gw_interface}".device)"
-		current_proto="$(uci -q get network."${default_gw_interface}".proto || echo "dhcp")"
-		current_vid="$(uci -q get network."${current_dev}".vid)"
-		current_mtu="$(uci -q get network."${default_gw_interface}".mtu)"
-		if [ "pppoe" = "${current_proto}" ]; then
-			current_username="$(uci -q get network."${default_gw_interface}".username)"
-			current_password="$(uci -q get network."${default_gw_interface}".password)"
-		fi
-		json_add_array "wan"
-		json_add_object
-		json_add_string "name" "wan"
-		json_add_string "proto" "${current_proto}"
-		[ -n "${current_vid}" ] && json_add_int "vlan_id" "${current_vid}"
-		[ -n "${current_mtu}" ] && json_add_int "mtu" "${current_mtu}"
-		[ -n "${current_username}" ] && json_add_string "username" "${current_username}"
-		[ -n "${current_password}" ] && json_add_string "password" "${current_password}"
-		json_close_object
-	fi
-	json_close_object
-	json_close_object
-	if ! json_select "netmode" >/dev/null; then
-		json_add_object "netmode"
-	fi
-	json_close_object
-}
-
-save_and_exit() {
-	json_dump >"${persistent_file}"
-	exit 0
-}
-
-save_userconf() {
-	json_dump >"${persistent_file}"
-	# reload opconf to apply changes from persistent file, discarding output
-	opconf "${persistent_file}" > /dev/null 2>&1
-	# Commit network changes
-	ubus call uci commit '{"config": "network"}'
-}
-
-# Create skeleton file if it doesn't exists after that load in $persistent_file
-init_json
-
-go_L2() {
-	logger -s -p user.info -t "netmode" "User has manually chosen L2; switching to Layer2 mode"
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	json_select "netmode"
-	json_add_string "current" "layer2"
-	json_select ..
-	save_userconf
-	json_set_namespace old_cb
-}
-
-# Set netmode in uboot to correct mode, remove marker so network config is regenerated and reboot
-go_L3() {
-	logger -p user.info -t "netmode" "User has manually chosen L3; switching to Layer3/Full mode"
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	json_select "network"
-	json_select "wan"
-	if ! json_is_a 1 object; then
-		json_add_object
-	else
-		json_select 1
-	fi
-	json_add_string "name" "wan"
-	json_add_string "proto" "dhcp"
-	json_add_int "vlan_id" 0
-	json_close_object
-	json_select ..
-	json_select ..
-	json_select "netmode"
-	json_add_string "current" "layer3"
-	json_select ..
-	save_userconf
-	json_set_namespace old_cb
-}
-
-go_pppoe() {
-	local username="${1}"
-	local password="${2}"
-	local enable_vid="${3:-1}"
-	local vid="${4:-0}"
-	local mtu="${5:-1500}"
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	logger -p user.info -t "netmode" "User has manually chosen pppoe; switching to pppoe mode"
-	logger -p user.info -t "netmode" "params - username:${username} password:${password} enable:${enable_vid} vid:${vid} mtu:${mtu}"
-	json_select "network"
-	json_select "wan"
-	if ! json_is_a 1 object; then
-		json_add_object
-	else
-		json_select 1
-	fi
-	json_add_string "name" "wan"
-	json_add_string "proto" "pppoe"
-	json_add_int "vlan_id" "${vid}"
-	json_add_string "username" "${username}"
-	json_add_string "password" "${password}"
-	json_add_int "mtu" "${mtu}"
-	json_close_object
-	json_select ..
-	json_select ..
-	json_select "netmode"
-	json_add_string "current" "pppoe"
-	save_userconf
-	json_set_namespace old_cb
-}
-
-# shellcheck disable=SC3043
-set_wan_param() {
-	local name="${1:?}"
-	local value="${2:?}"
-	# shellcheck disable=SC2034
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	json_select "network"
-	json_select "wan"
-	if ! json_is_a 1 object; then
-		json_add_object
-	else
-		json_select 1
-	fi
-	json_add_string "name" "wan"
-	case "${name}" in
-	proto | username | password)
-		json_add_string "${name}" "${value}"
-		;;
-	vid | vland_id)
-		json_add_int "vlan_id" "${value}"
-		;;
-	mtu)
-		json_add_int "mtu" "${value}"
-		;;
-	*)
-		logger "sulu_functions: Unkown name '${name}' in set_wan_param"
-		;;
-	esac
-	json_close_object
-	json_select ..
-	json_select ..
-	logger -s "sulu_functions Name: '${name}'='${value}'"
-	save_userconf
-	json_set_namespace old_cb
-}
-# shellcheck disable=SC3043
-# Parses all jsons in /opconf, returns active variable_name
-get_wan_value() {
-	local variable_name="${1:?}"
-	local value_from_opconf=""
-	local final_config=""
-	local json_file=""
-
-	case "${variable_name}" in
-	"vid")
-		variable_name="vlan_id"
-		;;
-	*) ;;
-	esac
-
-	for json_file in /opconf/*.json ${persistent_file}; do
-		value_from_opconf="$(jsonfilter -e "@.network.wan[@.name='wan'].${variable_name}" <"${json_file}")"
-		[ -n "${value_from_opconf}" ] && final_config="${value_from_opconf}"
-	done
-	echo "${final_config}"
-}

sulu/sulu-vendorext/files/usr/libexec/rpcd/genexis.wan

@@ -1,110 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC3043,SC1091,SC2140
-. /usr/share/libubox/jshn.sh
-. /lib/functions/network.sh
-. /lib/sulu_functions.sh
-
-cidr_to_netmask() {
-    value=$((0xffffffff ^ ((1 << (32 - $1)) - 1)))
-    echo "$(((value >> 24) & 0xff)).$(((value >> 16) & 0xff)).$(((value >> 8) & 0xff)).$((value & 0xff))"
-}
-
-# setValue() - Set the value of the given WAN parameter.
-#
-# Args:
-#  $1 - The parameter name.
-#  $2 - The new value of the parameter.
-#
-# Notes:
-#  If the parameter name is "vid", the value of the "vid" option is read from
-#  the appropriate section (based on the value of the "device" option in the
-#  "network.wan" section). Otherwise, the value of the parameter is read from
-#  the "network.wan" section.
-#
-#  If the parameter name is "vid", it is checked if the value is 0, 1 or empty.
-#  If so, it does not create a new vlan interface. Otherwise, it creates a new
-#  vlan interface with the given vid.
-setValue() {
-    local paramName="${1}"
-    local paramValue="${2}"
-    local default_gw_interface=""
-    network_find_wan default_gw_interface
-    if [ -z "${default_gw_interface}" ]; then
-        default_gw_interface=wan
-    fi
-    case "$paramName" in
-    "vid")
-        set_wan_param "vid" "$paramValue"
-        ;;
-    "username")
-        set_wan_param "username" "$paramValue"
-        ;;
-    "password")
-		set_wan_param "password" "$paramValue"
-        ;;
-    "mtu")
-		set_wan_param "mtu" "$paramValue"
-        ;;
-     "proto")
-		set_wan_param "proto" "${paramValue}"
-        touch /tmp/netmode_changed
-        ;;
-    *)
-        ;;
-    esac
-}
-
-case "$1" in
-list)
-    json_init
-    json_add_object "status"
-    json_close_object
-    json_add_object "get"
-    json_add_string "param" ""
-    json_close_object
-    json_add_object "set"
-    json_add_string "param" ""
-    json_close_object
-    json_dump
-
-    ;;
-call)
-    case "$2" in
-    status)
-        network_find_wan default_gw_interface
-        wan_json="$(ubus call network.interface."${default_gw_interface}" status)"
-        ipaddr="$(echo "$wan_json" | jsonfilter -e '@["ipv4-address"][0].address')"
-        netmask="$(echo "$wan_json" | jsonfilter -e '@["ipv4-address"][0].mask')"
-        gateway="$(echo "$wan_json" | jsonfilter -e '@["route"][0].nexthop')"
-        if [ -n "$netmask" ]; then
-            netmask=$(cidr_to_netmask "$netmask")
-        fi
-        json_init
-        json_add_string ipaddr "$ipaddr"
-        json_add_string netmask "$netmask"
-        json_add_string gateway "$gateway"
-        json_dump
-        ;;
-    get)
-        read -r input
-        _param=$(echo "$input" | jsonfilter -e '@.param')
-        value="$(get_wan_value "$_param")"
-
-        json_init
-        json_add_string "$_param" "${value}"
-        json_dump
-        ;;
-
-    set)
-        read -r input
-        _param="$(echo "$input" | jsonfilter -e '@.param')"
-        value="$(echo "$input" | jsonfilter -e '@.value')"
-        logger -t "genexis.wan" "_param: ${_param} value: ${value}"
-        json_init
-        reply="$(set_wan_param "$_param" "$value")"
-        json_add_string "status" "${reply}"
-        json_dump
-        ;;
-    esac
-    ;;
-esac

sulu/sulu-vendorext/files/usr/libexec/rpcd/meshmode

@@ -1,93 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC3043,SC1091
-. /usr/share/libubox/jshn.sh
-. /lib/sulu_functions.sh
-
-init_json
-
-get_netmode() {
-	local _netmode
-	if [ -f "${persistent_file}" ]; then
-		json_init
-		json_load_file "${persistent_file}"
-		if json_select netmode; then
-			json_get_var _netmode current "unknown"
-			json_select ..
-		fi
-	else
-		_netmode="unknown"
-	fi
-
-	case "${_netmode}" in
-	extender | layer2)
-		echo "bridge"
-		;;
-	layer3)
-		echo "router"
-		;;
-	pppoe)
-		echo "pppoe"
-		;;
-	*)
-		ifstatus wan >/dev/null 2>&1 && echo "router" || echo "unknown"
-		;;
-	esac
-}
-
-netmode="$(get_netmode)"
-
-case "$1" in
-list)
-	echo '{ "status" : {}, "change_meshmode" : {"mode":"String"}}'
-	;;
-call)
-	mode=""
-	case "$2" in
-	status)
-		if [ -z "${netmode}" ]; then
-			echo "{\"status\":\"Mode unknown\"}"
-		else
-			echo "{\"mode\":\"${netmode}\"}"
-		fi
-		;;
-	change_meshmode)
-		# Read the JSON object provided for the arguments
-		read -r input
-
-		json_load "${input}"
-
-		json_get_var mode mode
-
-		if [ "${mode}" = "${netmode}" ] && [ "${mode}" != "pppoe" ] && [ ! -f /tmp/netmode_changed ]; then
-			echo '{"status":"no_change"}' && return
-		fi
-
-		if [ "${mode}" = "bridge" ]; then
-			echo '{"status": "ok"}'
-			go_L2
-		elif [ "${mode}" = "router" ]; then
-			echo '{"status": "ok"}'
-			go_L3
-		elif [ "${mode}" = "pppoe" ]; then
-			username="$(get_wan_value "username")"
-			password="$(get_wan_value "password")"
-			vid="$(get_wan_value "vlan_id")"
-			mtu="$(get_wan_value "mtu")"
-
-			enable=0
-			if [ "${vid}" -gt 0 ]; then
-				enable=1
-			fi
-
-			echo '{"status": "ok"}'
-			logger "'${username}' '${password}' '${enable}' '${vid}' '${mtu}'"
-			go_pppoe "${username}" "${password}" "${enable}" "${vid}" "${mtu}"
-		else
-			echo '{"status":"Wrong value"}'
-		fi
-		;;
-	*) ;;
-	esac
-	;;
-*) ;;
-esac

sysmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sysmngr
-PKG_VERSION:=1.0.28
+PKG_VERSION:=1.0.28.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/sysmngr.git
-PKG_SOURCE_VERSION:=5a3b6d0cbb023353c1b16069d68f203589b77e27
+PKG_SOURCE_VERSION:=9fc03d557e56d4e3bc46252b2b89e03f583fe2c8
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

sysmngr/files/etc/sysmngr/fwbank

@@ -22,7 +22,30 @@ fwbank_get_bootbank() {
 
 case "$1" in
 	list)
-		echo '{ "dump" : {}, "set_bootbank" : {"bank":32}, "copy_config" : {}, "upgrade": {"path":"String","auto_activate":true,"bank":32,"keep_settings":true}}'
+		json_init
+		json_add_object "dump"
+		json_close_object
+
+		json_add_object "set_bootbank"
+		json_add_int "bank" 32
+		json_close_object
+
+		json_add_object "copy_config"
+		json_add_boolean "keep_settings" 1
+		json_add_boolean "keep_opconf" 1
+		json_add_string "config_scope" "String"
+		json_close_object
+
+		json_add_object "upgrade"
+		json_add_string "path" "String"
+		json_add_boolean "auto_activate" 1
+		json_add_int "bank" 32
+		json_add_boolean "keep_settings" 1
+		json_add_boolean "keep_opconf" 1
+		json_add_string "config_scope" "String"
+		json_add_boolean "reboot" 1
+		json_close_object
+		json_dump
 	;;
 	call)
 		case "$2" in
@@ -125,19 +148,44 @@ case "$1" in
 				fi
 			;;
 			copy_config)
-				if [ -z "$UPGRADE_BACKUP" ]; then
-					UPGRADE_BACKUP=/tmp/sysupgrade.tgz
+				read -r input
+				json_load "${input}"
+				json_get_var keep_settings keep_settings
+				json_get_var keep_opconf keep_opconf
+				json_get_var config_scope config_scope
+
+				# Set the default value for keep_settings
+				keep_settings=${keep_settings:-1}
+
+				if command -v "opconf_conf_handler" >/dev/null 2>&1; then
+					if ! mountpoint -q /usr_data; then
+						logger -t sysmngr.fwbank "copy_config: usr_data partition not present"
+						config_scope="All"
+					fi
+
+					arg="-k ${keep_settings}"
+					[ -n  "${keep_opconf}" ] && arg="${arg} -o ${keep_opconf}"
+					[ -n  "${config_scope}" ] && arg="${arg} -s ${config_scope}"
+
+					opconf_conf_handler ${arg}
+				else
+					# Fallback to default old behaviour in case opconf not present
+					config_scope="All"
 				fi
 
 				ret=0
+				if [ "${keep_settings}" -eq "1" ] && [ "${config_scope}" = "All" ]; then
+					if [ -z "$UPGRADE_BACKUP" ]; then
+						UPGRADE_BACKUP=/tmp/sysupgrade.tgz
+					fi
 
-				sysupgrade -b "$UPGRADE_BACKUP" || ret=1
-
-				if [ "$ret" -eq 0 ]; then
-					if command -v platform_copy_config >/dev/null 2>&1; then
-						platform_copy_config 1>&2 || ret=1
-					else
-						ret=1
+					sysupgrade -b "$UPGRADE_BACKUP" || ret=1
+					if [ "$ret" -eq 0 ]; then
+						if command -v platform_copy_config >/dev/null 2>&1; then
+							platform_copy_config 1>&2 || ret=1
+						else
+							ret=1
+						fi
 					fi
 				fi
 
@@ -157,6 +205,9 @@ case "$1" in
 				json_get_var auto_activate auto_activate
 				json_get_var bank bank
 				json_get_var keep_settings keep_settings
+				json_get_var keep_opconf keep_opconf
+				json_get_var config_scope config_scope
+				json_get_var reboot reboot
 
 				ret=0
 
@@ -180,6 +231,7 @@ case "$1" in
 
 				# Set the default value for keep_settings
 				keep_settings=${keep_settings:-1}
+				reboot=${reboot:-0}
 
 				# This ubus call does not reboot the system at any one time.
 				# Although, the newly upgraded bank is activated by default.
@@ -187,14 +239,36 @@ case "$1" in
 				# "--no-activate" otherwise.
 				sysupgrade_flag=""
 				if [ "${auto_activate}" -eq 1 ]; then
-					sysupgrade_flag="--no-reboot"
+					if [ "${reboot}" -eq 0 ]; then
+						sysupgrade_flag="--no-reboot"
+					fi
 				else
 					sysupgrade_flag="--no-activate"
 				fi
 
+				if command -v "opconf_conf_handler" >/dev/null 2>&1; then
+					if ! mountpoint -q /usr_data; then
+						logger -t sysmngr.fwbank "upgrade: usr_data partition not present"
+						config_scope="All"
+					fi
+
+					arg="-k ${keep_settings}"
+					[ -n  "${keep_opconf}" ] && arg="${arg} -o ${keep_opconf}"
+					[ -n  "${config_scope}" ] && arg="${arg} -s ${config_scope}"
+
+					opconf_conf_handler ${arg}
+				else
+					# Fallback to default old behaviour in case opconf not present
+					config_scope="All"
+				fi
+
 				# Set the flag to do not save configuration over reflash
 				if [ "${keep_settings}" -eq 0 ]; then
 					sysupgrade_flag="${sysupgrade_flag} -n"
+				elif [ "${keep_settings}" -eq 1 ]; then
+					if [ "${config_scope}" != "All" ]; then
+						sysupgrade_flag="${sysupgrade_flag} -n"
+					fi
 				fi
 
 				# Call sysupgrade synchonously. It should not time out the ubus call,

timemngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=timemngr
-PKG_VERSION:=1.1.9
+PKG_VERSION:=1.1.11
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/timemngr.git
-PKG_SOURCE_VERSION:=c0c15beee2b60925f51b8ba78be516d2f5536c65
+PKG_SOURCE_VERSION:=93f4afe661f56e35f089d0aac96d7eab902bf494
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -81,6 +81,7 @@ endif
 	$(INSTALL_DATA) ./files/etc/config/time $(1)/etc/config/
 ifeq ($(CONFIG_TIMEMNGR_NTPD),y)
 	$(CP) ./files/etc/timemngr/ntpd_config.sh $(1)/etc/timemngr/time.sh
+	$(CP) ./files/etc/timemngr/generate_supported_zones.sh $(1)/etc/timemngr/generate_supported_zones.sh
 endif
 endif
 

timemngr/files/etc/config/time

@@ -2,3 +2,4 @@ config global 'global'
         option enable '1'
         option dst '1'
         option loglevel '2'
+        option supported_zones_file '/etc/timemngr/supported_zones.json'

timemngr/files/etc/init.d/timemngr

@@ -4,10 +4,13 @@ START=20
 STOP=01
 
 . /etc/timemngr/time.sh
+. /etc/timemngr/generate_supported_zones.sh
 
 USE_PROCD=1
 PROG_UBUS=/usr/sbin/timemngr
 
+DEFAULT_SUPPORTED_ZONES_PATH="/etc/timemngr/supported_zones.json"
+
 log() {
 	echo "${@}"|logger -t timemngr.init -p info
 }
@@ -30,6 +33,20 @@ boot() {
 	else
 		sed -i '/#timemngr-dst/d' /etc/crontabs/root
 	fi
+	
+	config_get file_path global supported_zones_file
+	
+	# If option is not configured, use the default path
+	if [ -z "${file_path}" ]; then
+		file_path="${DEFAULT_SUPPORTED_ZONES_PATH}"
+		uci -q set time.global.supported_time_zone_file="${DEFAULT_SUPPORTED_ZONES_PATH}"
+		uci -q commit time
+	fi
+
+	# If the JSON file doesn't exist, generate it
+	if [ ! -f "${file_path}" ]; then
+		generate_supported_zones > "${file_path}"
+	fi
 
 	start
 }

timemngr/files/etc/timemngr/generate_supported_zones.sh

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+
+# Default temporary file for timezone mapping
+TMP_MAP="/tmp/timezone_map.txt"
+
+# -----------------------------------------------------------------------------
+# Function: generate_supported_zones
+# Description: Generates a JSON array of supported zones in the format:
+# [
+#   { "time_zone": "TZ_STRING", "zone_name": "Region/City,Region/City" },
+#   ...
+# ]
+# Output: Prints the JSON to stdout (caller can redirect to a file)
+# -----------------------------------------------------------------------------
+generate_supported_zones() {
+    : > "$TMP_MAP"
+
+    # Step 1: Collect zonename -> timezone mappings into TMP_MAP
+    for entry in /usr/share/zoneinfo/*; do
+        [ -d "$entry" ] || continue
+        region=$(basename "$entry")
+
+        for zonefile in "$entry"/*; do
+            [ -f "$zonefile" ] || continue
+            city=$(basename "$zonefile")
+            zonename="${region}/${city}"
+
+            tz_string=$(tail -n 1 "$zonefile" 2>/dev/null)
+            [ -n "$tz_string" ] && echo "$tz_string|$zonename" >> "$TMP_MAP"
+        done
+    done
+
+    # Step 2: Group zone names by tz_string and format to intermediate file
+    TMP_LINES="/tmp/timezone_lines.txt"
+    awk -F'|' '
+    {
+        tz = $1
+        zn = $2
+        if (tz in tzmap) {
+            tzmap[tz] = tzmap[tz] "," zn
+        } else {
+            tzmap[tz] = zn
+        }
+    }
+    END {
+        for (tz in tzmap) {
+            printf("TZSEP%sSEPZN%s\n", tz, tzmap[tz])
+        }
+    }
+    ' "$TMP_MAP" > "$TMP_LINES"
+
+    # Step 3: Convert the grouped result to JSON output
+    json_init
+    json_add_array "supported_zones"
+
+    while IFS= read -r line; do
+        timezone=$(echo "$line" | sed -n 's/^TZSEP\(.*\)SEPZN.*/\1/p')
+        zonenames=$(echo "$line" | sed -n 's/^TZSEP.*SEPZN\(.*\)/\1/p')
+        [ -n "$timezone" ] || continue
+
+        json_add_object ""
+        json_add_string "time_zone" "$timezone"
+        json_add_string "zone_name" "$zonenames"
+        json_close_object
+    done < "$TMP_LINES"
+
+    json_close_array
+    json_dump
+
+    # Cleanup
+    rm -f "$TMP_MAP" "$TMP_LINES"
+}
+

tr104/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr104
-PKG_VERSION:=1.0.37.2
+PKG_VERSION:=1.0.37.3
 
 LOCAL_DEV:=0
 ifeq ($(LOCAL_DEV),0)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/voice/tr104.git
-PKG_SOURCE_VERSION:=eb8f4878451318bcfcba5716282e72d5a84adae6
+PKG_SOURCE_VERSION:=797dd525a11c867d306ad97413b7c24307745e6d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif