Draft: datamodel for shell exec

Remove peripheral_manager, it is no longer used or maintainted.

Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.16.6.2
+PKG_VERSION:=1.18.2
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=aa480554461c82e6f6f44ee6c23108d3e44fce21
+PKG_SOURCE_VERSION:=786863cf0ef48dd70610598cdf8e2bbc0462a504
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -55,7 +55,7 @@ define Package/dm-service
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=Datamodel ubus backend to expose micro-service tree
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +libbbfdm-ubus +bbf_configmngr
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +libbbfdm-ubus +bbf_configmngr +libeasy
 endef
 
 define Package/bbf_configmngr
@@ -183,6 +183,7 @@ define Package/bbf_configmngr/install
 
 	$(INSTALL_BIN) ./files/etc/init.d/bbf_configd $(1)/etc/init.d/bbf_configd
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_config_notify.sh $(1)/usr/share/bbfdm/scripts/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_default_reload.sh $(1)/etc/bbfdm/
 	$(INSTALL_DATA) ./files/etc/bbfdm/critical_services.json $(1)/etc/bbfdm/
 endef
 

bbfdm/files/etc/bbfdm/critical_services.json

@@ -1,23 +1,51 @@
 {
 	"usp": [
-			"firewall",
-			"network",
-			"dhcp",
-			"time",
-			"wireless",
-			"ieee1905",
-			"mapcontroller",
-			"mosquitto",
-			"nginx",
-			"netmode"
+			"/etc/config/firewall",
+			"/etc/bbfdm/dmmap/dmmap_firewall",
+			"/etc/config/network",
+			"/etc/bbfdm/dmmap/IP",
+			"/etc/bbfdm/dmmap/Ethernet",
+			"/etc/bbfdm/dmmap/GRE",
+			"/etc/bbfdm/dmmap/IPv6rd",
+			"/etc/bbfdm/dmmap/PPP",
+			"/etc/bbfdm/dmmap/Routing",
+			"/etc/config/dhcp",
+			"/etc/bbfdm/dmmap/dmmap_dhcp",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_client",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_relay",
+			"/etc/bbfdm/dmmap/dmmap_dhcpv6",
+			"/etc/config/time",
+			"/etc/bbfdm/dmmap/dmmap_time",
+			"/etc/config/mapcontroller",
+			"/etc/config/wireless",
+			"/etc/bbfdm/dmmap/WiFi",
+			"/etc/config/ieee1905",
+			"/etc/config/mosquitto",
+			"/etc/config/nginx",
+			"/etc/config/netmode",
+			"/etc/bbfdm/dmmap/dmmap_netmode"
 	],
 	"cwmp": [
-			"firewall",
-			"network",
-			"dhcp",
-			"mapcontroller",
-			"wireless",
-			"time",
-			"netmode"
+			"/etc/config/firewall",
+			"/etc/bbfdm/dmmap/dmmap_firewall",
+			"/etc/config/network",
+			"/etc/bbfdm/dmmap/IP",
+			"/etc/bbfdm/dmmap/Ethernet",
+			"/etc/bbfdm/dmmap/GRE",
+			"/etc/bbfdm/dmmap/IPv6rd",
+			"/etc/bbfdm/dmmap/PPP",
+			"/etc/bbfdm/dmmap/Routing",
+			"/etc/config/dhcp",
+			"/etc/bbfdm/dmmap/dmmap_dhcp",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_client",
+			"/etc/bbfdm/dmmap/dmmap_dhcp_relay",
+			"/etc/bbfdm/dmmap/dmmap_dhcpv6",
+			"/etc/config/mapcontroller",
+			"/etc/config/wireless",
+			"/etc/bbfdm/dmmap/WiFi",
+			"/etc/config/time",
+			"/etc/bbfdm/dmmap/dmmap_time",
+			"/etc/config/netmode",
+			"/etc/bbfdm/dmmap/dmmap_netmode"
 	]
 }

bbfdm/files/etc/init.d/bbf_configd

@@ -10,19 +10,10 @@ log() {
 	echo "${@}"|logger -t bbf.config -p info
 }
 
-create_needed_directories()
-{
-	mkdir -p /tmp/bbfdm/.cwmp
-	mkdir -p /tmp/bbfdm/.usp
-	mkdir -p /tmp/bbfdm/.bbfdm
-}
-
 start_service()
 {
 	local log_level
 
-	create_needed_directories
-
 	config_load bbfdm
 	config_get log_level "reload_handler" log_level 2
 
@@ -36,6 +27,6 @@ start_service()
 service_triggers() {
 	for config_file in /etc/config/*; do
 		config_name=$(basename "$config_file")
-		procd_add_config_trigger "config.change" "$config_name" /usr/share/bbfdm/scripts/bbf_config_notify.sh
+		procd_add_config_trigger "config.change" "$config_name" /usr/share/bbfdm/scripts/bbf_config_notify.sh "$config_name"
 	done
 }

bridgemngr/Makefile

@@ -5,13 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.18.2
+PKG_VERSION:=1.1.1
 
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
-PKG_SOURCE_VERSION:=71ed529be038392071b0399bcfe9d46e89d3cb46
+PKG_SOURCE_VERSION:=b6a657e1c83b49f09323b4012ef229c604b82854
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.1.8
+PKG_VERSION:=6.2.1.12
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b7e294d7c610adfd80cf40a0628c189695dc5156
+PKG_SOURCE_VERSION:=ce738316065e4608811312f0a254d1fee22fa343
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.10
+PKG_VERSION:=3.7.11
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=1f851980a6ba616df54f79930225f8bcd563b711
+PKG_SOURCE_VERSION:=815ee44808169b8e1efa2cac44bd7d238ad33cdc
 PKG_MIRROR_HASH:=skip
 endif
 

dmexec/Makefile

@@ -0,0 +1,44 @@
+#
+# Copyright (C) 2025 iopsys Software Solutions AB
+#
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dmexec
+PKG_VERSION:=0.0.1
+PKG_RELEASE:=1
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_LICENSE:=GPL-2.0-only
+
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
+
+define Package/dmexec
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Datamodel for shell exec
+  DEPENDS:=+dm-service
+endef
+
+define Package/dmexec/description
+  datamodel extension for running shell commands.
+endef
+
+define Build/Compile
+	# pass
+endef
+
+define Package/dmexec/install
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+
+	$(INSTALL_DATA) ./files/etc/config/dmexec $(1)/etc/config/
+	$(INSTALL_BIN) ./files/etc/init.d/dmexec $(1)/etc/init.d/
+
+	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_MS_DM) ./files/dm_exec.json $(1) $(PKG_NAME)
+endef
+
+$(eval $(call BuildPackage,dmexec))

dmexec/bbfdm_service.json

@@ -1,16 +1,16 @@
 {
   "daemon": {
     "enable": "1",
-    "service_name": "suluvendorext",
+    "service_name": "dmexec",
     "unified_daemon": false,
     "services": [
       {
         "parent_dm": "Device.",
-        "object": "X_IOWRT_EU_MAPController"
+        "object": "X_GENEXIS_EU_CLI"
       }
     ],
     "config": {
-      "loglevel": "3"
+      "loglevel": "7"
     }
   }
 }

dmexec/files/dm_exec.json

@@ -0,0 +1,81 @@
+{
+  "json_plugin_version": 2,
+  "Device.X_GENEXIS_EU_CLI.": {
+    "type": "object",
+    "protocols": [
+      "cwmp",
+      "usp"
+    ],
+    "access": false,
+    "array": false,
+    "Enable": {
+      "type": "boolean",
+      "read": true,
+      "write": true,
+      "protocols": [
+        "cwmp",
+        "usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "enable"
+            }
+          }
+        }
+      ]
+    },
+    "REQUEST": {
+      "type": "string",
+      "read": true,
+      "write": true,
+      "protocols": [
+        "cwmp",
+        "usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "cmd"
+            }
+          }
+        }
+      ]
+    },
+    "RESULT": {
+      "type": "string",
+      "read": true,
+      "write": false,
+      "protocols": [
+        "cwmp",
+	"usp"
+      ],
+      "mapping": [
+        {
+          "type": "uci",
+          "uci": {
+            "file": "dmexec",
+            "section": {
+              "name": "dmexec"
+            },
+            "option": {
+              "name": "result"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

dmexec/files/etc/config/dmexec

@@ -0,0 +1,3 @@
+config dmexec 'dmexec'
+	option enable '0'
+

dmexec/files/etc/init.d/dmexec

@@ -0,0 +1,40 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=01
+
+USE_PROCD=1
+
+log() {
+	logger -t dmexec.init "$*"
+}
+
+start_service() {
+	procd_open_instance
+	procd_close_instance
+}
+
+reload_service() {
+	local cmd result enable
+
+	enable="$(uci -q get dmexec.dmexec.enable)"
+	enable="${enable:-0}"
+
+	if [ "${enable}" -eq "0" ]; then
+		log "dmexec is disabled"
+	fi
+
+	uci -q set dmexec.dmexec.result=""
+	cmd="$(uci -q get dmexec.dmexec.cmd)"
+	if [ -n "${cmd}" ]; then
+		log "Executing [${cmd}]"
+		result="$(eval $cmd 2>&1 |head -n 1 |head -c 256)"
+		result="${result//\'/}"
+		uci -q set dmexec.dmexec.result="${result}"
+		uci commit dmexec
+	fi
+}
+
+service_triggers() {
+	procd_add_reload_trigger dmexec
+}

dslmngr/files/airoha/sbin/xdsl_wan

@@ -5,8 +5,6 @@ source "/lib/functions/network.sh"
 source "/lib/functions/system.sh"
 
 PREVLINK=""
-LINK=""
-LINKSPEED=""
 PREVWANMODE=""
 WANMODE=""
 CONFIGURED=0
@@ -152,12 +150,6 @@ while [ true ]; do
 
 	if [ "$LINK" != "$PREVLINK" -a \( "$LINK" = "down" -o "$LINK" = "up" \) ]; then
 		if [ "$LINK" = "down" ]; then
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				rm -rf /tmp/qos/wan_link_shape_rate
-				rm -rf /tmp/qos/wan_link_speed
-				/usr/sbin/qos-uplink-bandwidth
-			fi
-
 			[ "$CONFIGURED" -eq 0 ] && configure_lines # Needs to be done once the slave SoC is in down state and we've not been able to auto-sync.
 			if [ -n "$WANMODE" ]; then
 				if [ "$WANMODE" = "PTM" ]; then
@@ -234,26 +226,6 @@ while [ true ]; do
 
 			call_wan_hotplug "up" "$WANPORT"
 			PREVWANMODE="$WANMODE"
-
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				LINKSPEED="$(awk '/far-end interleaved channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-				LINKSPEED=$((LINKSPEED))
-				if [ "$LINKSPEED" -eq 0 ]; then
-					LINKSPEED="$(awk '/far-end fast channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-					LINKSPEED=$((LINKSPEED))
-				fi
-
-				if [ "$LINKSPEED" -ne 0 ]; then
-					mkdir -p /tmp/qos
-					touch /tmp/qos/wan_link_shape_rate
-
-					/userfs/bin/qosrule discpline Rate uplink-bandwidth ${LINKSPEED}
-					hw_nat -! > /dev/null 2>&1
-				else
-					rm -rf /tmp/qos/wan_link_speed
-					/usr/sbin/qos-uplink-bandwidth
-				fi
-			fi
 		fi
 
 		# Toggle link state

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.0.8
+PKG_VERSION:=3.1.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=c73e5b15718ca40b2740bbe6151dfbb2bcca16df
+PKG_SOURCE_VERSION:=da6b25430123f03a74b59369b36dc4a777207d3f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

firewallmngr/Config.in

@@ -8,11 +8,5 @@ config FIREWALLMNGR_PORT_TRIGGER
 	help
 	   Set this option to include support for PortTrigger object.
 
-config FIREWALLMNGR_NAT_INTERFACE_SETTING
-	bool "Include Device.NAT.InterfaceSetting"
-	default y
-	help
-	   Set this option to include support for NAT InterfaceSetting object.
-
 endmenu
 endif

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.9.2
+PKG_VERSION:=1.0.10
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=fdabd33cf42ac02adadbdf43bd8bf86a62d7d1e3
+PKG_SOURCE_VERSION:=05ad0d6f7f21520eecd05429c14d1963de2a8463
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -52,10 +52,6 @@ ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
 	TARGET_CFLAGS += -DINCLUDE_PORT_TRIGGER
 endif
 
-ifeq ($(CONFIG_FIREWALLMNGR_NAT_INTERFACE_SETTING),y)
-	TARGET_CFLAGS += -DINCLUDE_NAT_IF_SETTING
-endif
-
 define Package/firewallmngr/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults

gateway-info/files/etc/udhcpc.user.d/udhcpc_gateway_info.user

@@ -40,22 +40,22 @@ get_vivsoi() {
 
 	#hex-string 2 character=1 Byte
 	# length in hex string will be twice of actual Byte length
-	[ "$len" -gt "8" ] || return
+	[ "${len}" -gt 8 ] || return
 
 	data="${opt125}"
 	rem_len="${len}"
-	while [ $rem_len -gt 0 ]; do
+	while [ "${rem_len}" -gt 0 ]; do
 		ent_id=${data:0:8}
 		ent_id=$(printf "%d\n" "0x$ent_id")
 
-		if [ $ent_id -ne  3561 ]; then
+		if [ "${ent_id}" -ne  3561 ]; then
 			len_val=${data:8:2}
 			data_len=$(printf "%d\n" "0x$len_val")
 			# add 4 byte for ent_id and 1 byte for len
 			data_len=$(( data_len * 2 + 10 ))
 			# move ahead data to next enterprise id
 			data=${data:"${data_len}":"${rem_len}"}
-			rem_len=$(( rem_len - $data_len ))
+			rem_len=$(( rem_len - data_len ))
 			continue
 		fi
 
@@ -66,7 +66,7 @@ get_vivsoi() {
 		data_len=$(( data_len * 2 + 10 ))
 
 		opt_len=$(printf "%d\n" "0x$len_val")
-		[ $opt_len -eq 0 ] && return
+		[ "${opt_len}" -eq 0 ] && return
 
 		# populate the option data of enterprise id
 		sub_data_len=$(( opt_len * 2))
@@ -74,7 +74,7 @@ get_vivsoi() {
 		sub_data=${data:10:"${sub_data_len}"}
 
 		# parsing of suboption of option 125
-		while [ $sub_data_len -gt 0 ]; do
+		while [ "${sub_data_len}" -gt 0 ]; do
 			# get the suboption id
 			sub_opt_id=${sub_data:0:2}
 			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
@@ -85,20 +85,20 @@ get_vivsoi() {
 			sub_opt_len=$(( sub_opt_len * 2 ))
 
 			# get the value of sub option starting 4 means starting after length
-			sub_opt_val=${sub_data:4:${sub_opt_len}}
+			sub_opt_val=${sub_data:4:"${sub_opt_len}"}
 
 			# assign the value found in sub option
 			case "${sub_opt_id}" in
 				"4")
-				OUI=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				OUI=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				GW_DISCOVERED=1
 				;;
 				"5")
-				SERIAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				SERIAL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				GW_DISCOVERED=1
 				;;
 				"6")
-				CLASS=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				CLASS=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				GW_DISCOVERED=1
 				;;
 			esac
@@ -110,7 +110,7 @@ get_vivsoi() {
 			sub_data_len=$((sub_data_len - sub_opt_end))
 
 			# fetch next sub option hex string
-			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
+			sub_data=${sub_data:"${sub_opt_end}":"${sub_data_len}"}
 		done
 
 		# move ahead data to next enterprise id
@@ -131,15 +131,13 @@ send_host_query() {
 		sleep 5
 
 		json_load "$(ubus call umdns browse)"
-		json_select discovered_services
-		if [ "${?}" -ne 0 ]; then
+		if ! json_select discovered_services; then
 			json_cleanup
 			loop=$(( loop - 1 ))
 			continue
 		fi
 
-		json_select _usp-agt-mqtt._tcp
-		if [ "${?}" -ne 0 ]; then
+		if ! json_select _usp-agt-mqtt._tcp; then
 			json_cleanup
 			loop=$(( loop - 1 ))
 			continue
@@ -156,7 +154,7 @@ send_host_query() {
 
 	json_get_keys keys
 	for key in $keys; do
-		json_select $key
+		json_select "${key}"
 		json_get_var _host host ""
 
 		if [ -z "${_host}" ] || [[ "${sent_host}" =~ " ${_host}" ]]; then
@@ -166,9 +164,10 @@ send_host_query() {
 
 		sent_host="${sent_host} ${_host}"
 		cmd="ubus call umdns query '{\"question\":\"$_host\",\"interface\":\"$intf\"}'"
-		eval $cmd
+		sh -c "${cmd}"
 		resp=0
 		json_select ..
+		sleep 2 # umdns query sometime takes time to resolve so adding some sleep
 	done
 
 	json_cleanup
@@ -185,32 +184,29 @@ get_usp_agent_id() {
 	fi
 
 	json_load "$(ubus call umdns browse)"
-	json_select discovered_services
-	if [ "${?}" -ne 0 ]; then
+	if ! json_select discovered_services; then
 		json_cleanup
-		echo ${ID}
+		echo "${ID}"
 		return 0
 	fi
 
-	json_select _usp-agt-mqtt._tcp
-	if [ "${?}" -ne 0 ]; then
+	if ! json_select _usp-agt-mqtt._tcp; then
 		json_cleanup
-		echo ${ID}
+		echo "${ID}"
 		return 0
 	fi
 
 	json_get_keys keys
 	for key in $keys; do
-		json_select $key
-		json_select $family
-		if [ "${?}" -ne 0 ]; then
+		json_select "${key}"
+		if ! json_select "${family}"; then
 			json_select ..
 			continue
 		fi
 
 		json_get_keys ips
 		for ip in $ips; do
-			json_get_var ip_val $ip
+			json_get_var ip_val "${ip}"
 			if [ "${ip_val}" != "${dhcp_ip}" ]; then
 				continue
 			fi
@@ -219,8 +215,8 @@ get_usp_agent_id() {
 			json_select txt
 			json_get_keys txts
 			for _txt in $txts; do
-				json_get_var text_val $_txt
-				if [[ "${text_val:0:3}" == "ID=" ]]; then
+				json_get_var text_val "${_txt}"
+				if [[ "${text_val:0:3}" = "ID=" ]]; then
 					ID="${text_val:3}"
 					break
 				fi
@@ -238,16 +234,16 @@ get_usp_agent_id() {
 	done
 
 	json_cleanup
-	echo ${ID}
+	echo "${ID}"
 }
 
 get_mac_address() {
 	ip="${1}"
 	device="${2}"
 
-	mac="$(cat /proc/net/arp | grep $ip | awk '{print $4}')"
+	mac=$(grep "${ip}" /proc/net/arp | awk '{print $4}')
 	if [ -z "${mac}" ]; then
-		arp_resp="$(arping -b -f -c 5 -I $device $ip | grep 'Unicast reply from' | awk '{print $5}')"
+		arp_resp=$(arping -b -f -c 5 -I "${device}" "${ip}" | grep 'Unicast reply from' | awk '{print $5}')
 		if [ -n "${arp_resp}" ]; then
 			mac=${arp_resp:1:-1}
 		fi
@@ -260,7 +256,7 @@ send_unknown_gw_event() {
 	mac="${1}"
 
 	cmd="ubus -t 5 send gateway-info.gateway.unknown '{\"hwaddr\":\"$mac\"}'"
-	eval $cmd
+	sh -c "${cmd}"
 }
 
 send_cwmp_gw_event() {
@@ -269,14 +265,14 @@ send_cwmp_gw_event() {
 	serial="${3}"
 
 	cmd="ubus -t 5 send gateway-info.gateway.cwmp '{\"oui\":\"$oui\",\"class\":\"$class\",\"serial\":\"$serial\"}'"
-	eval $cmd
+	sh -c "${cmd}"
 }
 
 send_usp_gw_event() {
 	endpoint="${1}"
 
 	cmd="ubus -t 5 send gateway-info.gateway.usp '{\"endpoint\":\"$endpoint\"}'"
-	eval $cmd
+	sh -c "${cmd}"
 }
 
 config_load gateway
@@ -287,13 +283,13 @@ if [ "${enable}" -eq 0 ]; then
 	return 0
 fi
 
-if [ "${wan_intf}" == "${INTERFACE}" ]; then
-	if [ "${1}" == "deconfig" ]; then
+if [ "${wan_intf}" = "${INTERFACE}" ]; then
+	if [ "${1}" = "deconfig" ]; then
 		rm -rf /var/state/gwinfo
 		return 0
 	fi
 
-	json_load "$(ifstatus ${INTERFACE})"
+	json_load "$(ifstatus "${INTERFACE}")"
 	json_get_var dev_name device ""
 	json_select data
 	json_get_var dhcp_ip dhcpserver ""
@@ -303,7 +299,7 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 		return 0
 	fi
 
-	MAC="$(get_mac_address $dhcp_ip $dev_name)"
+	MAC=$(get_mac_address "${dhcp_ip}" "${dev_name}")
 
 	mkdir -p /var/state
 	touch /var/state/gwinfo
@@ -326,8 +322,8 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 		return 0
 	fi
 
-	len=$(printf "$opt125"|wc -c)
-	get_vivsoi "$opt125" "$len"
+	len=$(echo -n "${opt125}" | wc -c)
+	get_vivsoi "${opt125}" "${len}"
 
 	if [ "${GW_DISCOVERED}" -eq 0 ]; then
 		send_unknown_gw_event "${MAC}"
@@ -341,19 +337,18 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	uci -q -c /var/state commit gwinfo
 
 	# Check for USP parameters
-	ubus -t 15 wait_for umdns
-	if [ "${?}" -ne 0 ]; then
+	if ! ubus -t 15 wait_for umdns; then
 		send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
 		return 0
 	fi
 
-	resp=$(send_host_query $dev_name)
+	resp=$(send_host_query "${dev_name}")
 	if [ "${resp}" -ne 0 ]; then
 		send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
 		return 0
 	fi
 
-	ID="$(get_usp_agent_id $dhcp_ip)"
+	ID=$(get_usp_agent_id "${dhcp_ip}")
 	if [ -z "${ID}" ]; then
 		send_cwmp_gw_event "${OUI}" "${CLASS}" "${SERIAL}"
 		return 0

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.3.3
+PKG_VERSION:=1.3.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=fee5bd0067fc1f30498bc2b81e893d170796b459
+PKG_SOURCE_VERSION:=3663ca4d001508509774115d6797b932f9ed4f69
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.9.9.5
+PKG_VERSION:=9.10.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=f3d5843c54a4c1c3e74629f0953a3bf144c2fa8e
+PKG_SOURCE_VERSION:=c4b0fa4272ab44a8c78462d5cc8df6501acbeb55
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

icwmp/files/etc/config/cwmp

@@ -31,7 +31,6 @@ config cpe 'cpe'
 	option bind_retries '5'
 	option userid '' #$OUI-$SER
 	option passwd ''
-	option port '7547'
 	option provisioning_code ''
 	option amd_version '5'
 	# compression possible configs: InstanceNumber, InstanceAlias

icwmp/files/etc/icwmpd/firewall.cwmp

@@ -133,9 +133,56 @@ add_firewall_rule() {
 	fi
 }
 
+remove_port_protection() {
+	local enabled chain rule rule_num
+
+	config_get enabled "${1}" "${2}"
+
+	if [ "${enabled}" -eq 1 ]; then
+		config_get zonename "$1" name
+		[ -n "$zonename" ] || return 0
+
+		chain='prerouting_'$zonename'_rule'
+
+		while rule=$(iptables -w -t nat -nL "$chain" --line-numbers | grep -m 1 -w CWMP_Port_protection); do
+			rule_num=${rule%%[$' \t']*}
+			iptables -w -t nat -D "$chain" "$rule_num"
+		done
+	fi
+}
+
+cleanup_port_protection() {
+	config_load firewall
+	config_foreach remove_port_protection zone masq
+}
+
+install_port_protection() {
+	local PORT="${3}"
+	local enabled zonename chain
+
+	config_get enabled "${1}" "${2}"
+
+	if [ "${enabled}" -eq 1 ]; then
+		config_get zonename "${1}" name
+		[ -n "$zonename" ] || return 0
+
+		chain='prerouting_'$zonename'_rule'
+
+		iptables -w -t nat -I "$chain" -p tcp --dport "$PORT" -j ACCEPT -m comment --comment=CWMP_Port_protection
+		iptables -w -t nat -I "$chain" -p udp --dport "$PORT" -j ACCEPT -m comment --comment=CWMP_Port_protection
+	fi
+}
+
+add_port_protection() {
+	config_load firewall
+	config_foreach install_port_protection zone masq "${1}"
+}
+
 configure_connection_req_rules() {
 	app="${1}"
 
+	cleanup_port_protection
+
 	wan="$(uci -q get cwmp.cpe.default_wan_interface)"
 	wan="${wan:-wan}"
 
@@ -175,8 +222,11 @@ configure_connection_req_rules() {
 		fi
 	fi
 
-	port=$(uci -q get cwmp.cpe.port)
-	port="${port:-7547}"
+	port=$(uci -q -c /var/state get icwmp.cpe.port)
+	if [ -z "${port}" ]; then
+		log "cwmp cpe port not configured"
+		exit 0
+	fi
 
 	ipaddr=$(uci -q get cwmp.cpe.allowed_cr_ip)
 	if [ -n "${ipaddr}" ]; then
@@ -197,6 +247,8 @@ configure_connection_req_rules() {
 		# Close the ACS port at Lan side
 		close_downstream_acs_port "${lan}" "${port}"
 	fi
+
+	add_port_protection "${port}"
 }
 
 load_zone_names

icwmp/files/etc/uci-defaults/90-cwmpfirewall

@@ -5,7 +5,6 @@ uci -q batch <<-EOT
         set firewall.cwmp=include
         set firewall.cwmp.path=/etc/icwmpd/firewall.cwmp
         set firewall.cwmp.reload=1
-        commit firewall
 EOT
 
 exit 0

icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user

@@ -16,12 +16,12 @@ get_opt43() {
 	local opt43="$1"
 	local len="$2"
 
-	[ "$len" -gt "2" ] || return
+	[ "${len}" -gt 2 ] || return
 
 	first_byte=${opt43:0:2}
 	first_byte=$(printf "%d\n" "0x$first_byte")
 
-	if [ $len -ge 4 ] && [ $first_byte -ge 1 ] && [ $first_byte -le 4 ]; then
+	if [ "${len}" -ge 4 ] && [ "${first_byte}" -ge 1 ] && [ "${first_byte}" -le 4 ]; then
 		# it is in encapsulated form
 		# opt43 encapsulated vendor-specific option has data in below format
 		#  Code   Len   Data item        Code   Len   Data item        Code
@@ -35,7 +35,7 @@ get_opt43() {
 		data="${opt43}"
 		rem_len="${len}"
 		# parsing of suboption of option 43
-		while [ $rem_len -gt 0 ]; do
+		while [ "${rem_len}" -gt 0 ]; do
 			# get the suboption id
 			sub_opt_id=${data:0:2}
 			sub_opt_id=$(printf "%d\n" "0x$sub_opt_id")
@@ -50,13 +50,13 @@ get_opt43() {
 
 			# assign the value found in sub option
 			case "${sub_opt_id}" in
-				"1") DHCP_ACS_URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"1") DHCP_ACS_URL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"2") DHCP_PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"2") DHCP_PROV_CODE=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"3") MIN_WAIT_INVL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"3") MIN_WAIT_INVL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
-				"4") INVL_MULTIPLIER=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+				"4") INVL_MULTIPLIER=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 				;;
 			esac
 
@@ -70,7 +70,7 @@ get_opt43() {
 			rem_len=$((rem_len - sub_opt_end))
 		done
 	else
-		DHCP_ACS_URL=$(echo -n $opt43 | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+		DHCP_ACS_URL=$(echo -n "${opt43}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 	fi
 }
 
@@ -92,9 +92,9 @@ if [ "$discovery_enable" = "0" ]; then
 	return 0
 fi
 
-if [ "${wan_intf}" == "${INTERFACE}" ]; then
+if [ "${wan_intf}" = "${INTERFACE}" ]; then
 	if [ -n "$opt43" ]; then
-		len=$(printf "$opt43"|wc -c)
+		len=$(echo -n "$opt43"|wc -c)
 		get_opt43 "$opt43" "$len"
 	fi
 

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.33
+PKG_VERSION:=8.7.37
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f28f1c04cae008d7d6448ba02b992506af28448c
+PKG_SOURCE_VERSION:=c711e1e132478d6443ffb5aad15d12b90f0d59b5
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -116,7 +116,7 @@ MAKE_PATH:=src
 
 
 define Package/ieee1905/install
-	$(CP) ./files/* $(1)/
+	$(CP) ./files/etc $(1)/
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
 	$(INSTALL_DIR) $(1)/usr/sbin

ieee1905/files/datamodel_description.json

@@ -0,0 +1,23 @@
+{
+	"Device.IEEE1905.AL.": {
+		"type": "object",
+		"protocols": [
+			"cwmp",
+			"usp"
+		],
+		"access": false,
+		"array": false,
+		"{BBF_VENDOR_PREFIX}LocalOnlyMode": {
+			"type": "boolean",
+			"read": true,
+			"write": true,
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"description": "Enable or disable interfaces from ieee1905.",
+			"datatype": "boolean"
+		}
+	}
+}
+

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.2
+PKG_VERSION:=2.1.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5f1184c52be19f3bfd3bc7e9bc582ef09b0a2b1c
+PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libeasy/Makefile

@@ -1,32 +1,28 @@
 #
-# Copyright (C) 2020-2023 Iopsys
+# Copyright (C) 2025 Genexis Sweden AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.4.6
+PKG_VERSION:=7.5.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ca7b20068c9d373e41045a2e899a9c697576262c
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libeasy.git
-PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
+PKG_SOURCE_VERSION:=18f93677bb4d33ebb6249324a5043294f0eae16c
+PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libeasy.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=LGPL-2.1-only
-PKG_LICENSE_FILES:=LICENSE
+PKG_LICENSE_FILES:=
+PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
 
 include $(INCLUDE_DIR)/package.mk
-
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/openssl \
-	-I$(STAGING_DIR)/usr/include/libnl3
+include $(INCLUDE_DIR)/cmake.mk
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -34,9 +30,6 @@ define Build/Prepare
 endef
 endif
 
-MAKE_FLAGS += \
-	CFLAGS="$(TARGET_CFLAGS) -Wall"
-
 define Package/libeasy
   SECTION:=libs
   CATEGORY:=Libraries
@@ -47,7 +40,7 @@ define Package/libeasy
 endef
 
 define Package/libeasy/description
-  Library provides common utility functions
+  This package provides libeasy.so for common utility functions.
 endef
 
 define Build/InstallDev/libeasy
@@ -67,6 +60,7 @@ define Build/InstallDev/libeasy
 endef
 
 define Build/InstallDev
+	$(call Build/InstallDev/cmake,$(1))
 	$(call Build/InstallDev/libeasy,$(1),$(2))
 endef
 

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.13.7
+PKG_VERSION:=7.14.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0b3cc45334c167d164c2c79e82522f13698abf92
+PKG_SOURCE_VERSION:=b4b8f524a93d03fd1f89d4c32b8eaca90d9ccc1a
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -22,6 +22,7 @@ PKG_LICENSE:=LGPL-2.1-only
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/kernel.mk
 
 ifeq ($(CONFIG_TARGET_brcmbca),y)
   TARGET_PLATFORM=BROADCOM
@@ -42,10 +43,14 @@ else ifeq ($(CONFIG_TARGET_armvirt),y)
 else ifeq ($(CONFIG_TARGET_airoha),y)
   TARGET_PLATFORM=ECONET
   TARGET_WIFI_TYPE=MEDIATEK
-  TARGET_CFLAGS +=-DIOPSYS_ECONET
+  TARGET_CFLAGS +=-DIOPSYS_ECONET -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
   ifeq ($(CONFIG_TARGET_airoha_an7581),y)
     TARGET_CFLAGS +=-DCONFIG_MTK
   endif
+else ifeq ($(CONFIG_TARGET_mediatek),y)
+  TARGET_PLATFORM=MEDIATEK
+  TARGET_WIFI_TYPE=MEDIATEK
+  TARGET_CFLAGS +=-DCONFIG_MTK -I$(LINUX_DIR)/include/uapi/linux/mtk_nl80211_inc
 else ifeq ($(CONFIG_TARGET_ipq95xx),y)
   TARGET_PLATFORM=IPQ95XX
   TARGET_WIFI_TYPE=QUALCOMM
@@ -61,7 +66,7 @@ else
 endif
 
 ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
-  TARGET_CFLAGS +=-DMT7915_VENDOR_EXT
+  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
 endif
 
 PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523

logmngr/files/etc/config/logmngr

@@ -8,7 +8,7 @@ config source 'default_source'
 
 config template 'default_template'
 	option name 'default_template'
-	option expression '{time} {hostname} {ident}[{pid}]: {message}'
+	option expression '{time} {hostname} {ident}: {message}'
 
 config action 'default_action'
 	option name 'default_action'

logmngr/files/etc/uci-defaults/10-logmngr_config_migrate

@@ -11,7 +11,7 @@ fi
 if ! uci -q get logmngr.default_template > /dev/null; then
 	uci -q set logmngr.default_template=template
 	uci -q set logmngr.default_template.name='default_template'
-	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}[{pid}]: {message}'
+	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}: {message}'
 fi
 
 if uci -q get logmngr.a1 >/dev/null; then

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -94,7 +94,6 @@ create_input_section() {
 
 	append_conf "[INPUT]"
 	append_conf "    name        syslog"
-	append_conf "    unix_perm   0666"
 	append_conf "    tag         $tag"
 	append_conf "    path        /dev/log"
 	append_conf ""

map-agent/Config.in

@@ -55,16 +55,16 @@ config AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST
 config AGENT_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config AGENT_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping. Depends on libztdpp.so"
-	default n
-
 config AGENT_CHECK_PARTIAL_WIFI_RELOAD
 	bool "Option that allow SSID/PSK simple reload"
 	default y
 
-config DYNBHD_DYNAMICALLY_PERSIST_CONTROLLER
-	bool "Let dynbhd through AP-Autoconfiguration Search and DHCP Discovery determine the controller or agent role"
+config DYNBH
+	bool "Enable map-agent dynamic Ethernet backhaul management"
+	default n
+
+config DYNBH_DYNAMICALLY_PERSIST_CONTROLLER
+	bool "Let map-agent through AP-Autoconfiguration Search and DHCP Discovery determine the controller or agent role"
 
 config AGENT_UNASSOC_STA_CONT_MONITOR
 	bool "Enable continuos monitoring of unassociated clients"

map-agent/Makefile

@@ -1,14 +1,13 @@
 #
-# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.7.0
+PKG_VERSION:=6.4.1.11
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ab9fa6ffc6978c84ab9a3b410d31c71c3b185430
+PKG_SOURCE_VERSION:=671bb0e693adbeb3e06b967350ce7f96ee91321b
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -27,7 +26,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-agent
   SECTION:=utils
   CATEGORY:=Utilities
-  TITLE:=Wi-Fi Multi-AP Agent (EasyMesh R6)
+  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
   DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
 	   +ieee1905-map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp \
 	   +uuidgen +openssl-util +!TARGET_brcmbca:ebtables-legacy \
@@ -38,24 +37,8 @@ ifeq ($(CONFIG_AGENT_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-define Package/dynbhd
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=Dynamic Backhaul Daemon
-  DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
-	  +ieee1905-map-plugin +map-agent
-endef
-
-ifeq ($(CONFIG_AGENT_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
-
 define Package/map-agent/description
-  This package provides EasyMesh R6 compliant Wi-Fi Multi-AP Agent.
-endef
-
-define Package/dynbhd/description
- Dyanmic LAN/WAN port detection and loop avoidance.
+ This package implements EasyMesh R2 compliant WiFi Agent.
 endef
 
 define Package/map-agent/config
@@ -115,7 +98,11 @@ ifeq ($(CONFIG_AGENT_CHECK_PARTIAL_WIFI_RELOAD),y)
 TARGET_CFLAGS += -DCHECK_PARTIAL_WIFI_RELOAD
 endif
 
-ifeq ($(CONFIG_DYNBHD_DYNAMICALLY_PERSIST_CONTROLLER),y)
+ifeq ($(CONFIG_DYNBH),y)
+TARGET_CFLAGS += -DDYNBH
+endif
+
+ifeq ($(CONFIG_DYNBH_DYNAMICALLY_PERSIST_CONTROLLER),y)
 TARGET_CFLAGS += -DPERSIST_CONTROLLER
 endif
 
@@ -128,6 +115,10 @@ MAKE_PATH:=src
 define Package/map-agent/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/
+ifeq ($(CONFIG_DYNBH),y)
+	$(RM) $(1)/etc/hotplug.d/ethernet/map-dynamic-backhaul
+	$(RM) $(1)/etc/hotplug.d/ethernet/map-topology-discovery
+endif
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/lib/wifi
@@ -135,15 +126,6 @@ define Package/map-agent/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mapagent $(1)/usr/sbin/
 endef
 
-define Package/dynbhd/install
-	$(INSTALL_DIR) $(1)/etc
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/lib/wifi/dynbhd
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/ethernet
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/dynbhd $(1)/usr/sbin/dynbhd
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/api $(1)/lib/wifi/dynbhd/api
-#	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/dynbh/map-dynamic-backhaul $(1)/etc/hotplug.d/ethernet/map-dynamic-backhaul
-endef
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@@ -152,4 +134,3 @@ endef
 endif
 
 $(eval $(call BuildPackage,map-agent))
-$(eval $(call BuildPackage,dynbhd))

map-agent/files/etc/config/mapagent

@@ -17,7 +17,7 @@ config dynamic_backhaul
 	option missing_bh_reconfig_timer '1800'
 
 config controller_select
-	option id 'auto'
+	option mode 'auto'
 	option probe_int '20'
 	option retry_int '9'
 	option autostart '1'

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -27,11 +27,6 @@ done
 al_brnet="${al_bridge:3}"
 [ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ] || exit 0
 
-############## Dynamic Backhaul Daemon ##############
-if [ -n "$(which dynbhd)" ]; then
-	exit 0
-fi
-########################################################
 
 ################ Dedicated ETH WAN Port ################
 wanport="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
@@ -95,7 +90,8 @@ if [ "$LINK" = "up" ]; then
 	config_foreach remove_from_bridge bsta
 	config_foreach update_bstas bsta down
 
-	/lib/wifi/multiap set_uplink "eth" "$PORT"
+	hwaddr="$(ifconfig $PORT | grep -i hwaddr | awk '{print $5}' | awk '{print tolower($0)}')"
+	/lib/wifi/multiap set_uplink "eth" "$PORT" "$hwaddr"
 else
 	/lib/wifi/multiap unset_uplink "eth"
 	#rm -f "$map_bh_file"

map-agent/files/etc/init.d/mapagent

@@ -7,20 +7,6 @@ USE_PROCD=1
 
 IS_CFG_VALID=1
 
-MAP_DEV="map_dev"
-MAP_IF="map"
-
-
-start_dynbhd_service() {
-	rm -f /var/run/multiap/multiap.backhaul
-	procd_open_instance
-	procd_set_param command "/usr/sbin/dynbhd"
-	procd_set_param respawn
-#	procd_set_param stdout 1
-#	procd_set_param stderr 1
-	procd_close_instance
-}
-
 validate_agent_section() {
 	uci_validate_section mapagent agent "agent" \
 		'enabled:bool:true' \
@@ -51,7 +37,7 @@ validate_cs_section() {
 
 	uci_validate_section mapagent $section "${section}" \
 		'local:bool:false' \
-		'id:string' \
+		'mode:string' \
 		'probe_int:range(0,1000):20' \
 		'retry_int:range(0,255):3' \
 		'autostart:bool:false'
@@ -179,17 +165,6 @@ create_dir() {
 }
 
 start_service() {
-	if [ -f /usr/sbin/dynbhd ]; then
-		# Start dynbhd only if the device is operating in extender/repeater mode
-		al_bridge="$(uci -q get mapagent.agent.al_bridge)"
-		if [ "${al_bridge:0:3}" = "br-" ]; then
-			al_brnet="${al_bridge:3}"
-			if [ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ]; then
-				start_dynbhd_service
-			fi
-		fi
-	fi
-
 	config_load "mapagent"
 	validate_agent_config || return 1;
 

map-agent/files/etc/uci-defaults/994-map-set-cntlr-sel-mode

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+adapt_cntlr_sel() {
+	local section=$1
+        id=$(uci -q get mapagent.@controller_select[0].id)
+
+        uci -q del mapagent.@controller_select[0].id
+
+        # re-apply any custom value
+        [ -z "${id}" ] || uci -q set mapagent.@controller_select[0].mode="${id}"
+}
+
+adapt_cntlr_sel

map-agent/files/lib/multiap/map_genconfig

@@ -10,6 +10,11 @@ network_mode="$(fw_printenv -n netmode)" # default is layer3
 multiap_mode="$(fw_printenv -n multiap_mode)" # default is full
 disable_mlo="$(fw_printenv -n disable_mlo)"
 
+is_logan() {
+	[ -d /sys/module/mt_wifi ] && return 0
+	return 1
+}
+
 is_airoha() {
 	[ -f /proc/device-tree/compatible ] || return
 	strings /proc/device-tree/compatible | grep -qE '^(econet,|airoha,)'; return
@@ -44,16 +49,19 @@ generate_multiap_config() {
 			2g)
 				mode_band=2
 				priority=2
+				dpp_chan="81/1"
 				channels="1 6 11"
 			;;
 			5g)
 				mode_band=5
 				priority=1
+				dpp_chan="128/36"
 				channels="36-64 100-112"
 			;;
 			6g)
 				mode_band=6
 				priority=0
+				dpp_chan="133/49"
 			;;
 		esac
 
@@ -64,45 +72,44 @@ generate_multiap_config() {
 		device="$dev"
 
 		ifprefix_radio=""
-		if is_airoha; then
+		if is_logan; then
+			uci set mapagent.agent.mld_prefix="bss"
+			ifname_sta=""
+			case "$band" in
+				2g)
+					ifprefix="ra%"
+					ifname="ra0"
+					ifname_bh="ra1"
+					ifname_sta="apcli0"
+				;;
+				5g)
+					ifprefix="rai%"
+					ifname="rai0"
+					ifname_bh="rai1"
+					ifname_sta="apclii0"
+				;;
+				6g)
+					ifprefix="rax%"
+					ifname="rax0"
+					ifname_bh="rax1"
+					ifname_sta="apclix0"
+				;;
+			esac
+			ifprefix_radio="${ifprefix}"
+			if [ "${network_mode}" == "extender" ]; then
+				ifname="${ifname_sta}"
+			fi
+
+			[ "$disable_mlo" == "1" ] || {
+				uci set wireless.$dev.mlo="1"
+				uci set wireless.$dev.mlo_capable="1"
+			}
+		elif is_airoha; then
 			if [ -d "/sys/module/mt76" ]; then
 				ifprefix="wlan%_%"
 				ifname="wlan${devidx}_0"
 				ifname_bh="wlan${devidx}_1"
-			else
-				uci set mapagent.agent.mld_prefix="bss"
-				ifname_sta=""
-				case "$band" in
-					2g)
-						ifprefix="ra%"
-						ifname="ra0"
-						ifname_bh="ra1"
-						ifname_sta="apcli0"
-					;;
-					5g)
-						ifprefix="rai%"
-						ifname="rai0"
-						ifname_bh="rai1"
-						ifname_sta="apclii0"
-					;;
-					6g)
-						ifprefix="rax%"
-						ifname="rax0"
-						ifname_bh="rax1"
-						ifname_sta="apclix0"
-					;;
-				esac
-				ifprefix_radio="${ifprefix}"
-				if [ "${network_mode}" == "extender" ]; then
-					ifname="${ifname_sta}"
-				fi
-
-				[ "$disable_mlo" == "1" ] || {
-					uci set wireless.$dev.mlo="1"
-					uci set wireless.$dev.mlo_capable="1"
-				}
 			fi
-
 			uci set wireless.$dev.channels="$channels"
 			uci commit wireless
 		elif is_broadcom; then
@@ -155,17 +162,13 @@ generate_multiap_config() {
 				uci set mapagent.@bsta[-1].band="$mode_band"
 				uci set mapagent.@bsta[-1].priority="$priority"
 
-				# add dpp_chirp section for 2.4GHz bSTA
-				if [ $mode_band -eq 2 ]; then
-					uci add mapagent dpp_chirp
-					uci set mapagent.@dpp_chirp[-1].type="qrcode"
-					uci set mapagent.@dpp_chirp[-1].device="$device"
-					uci set mapagent.@dpp_chirp[-1].ifname="$ifname"
-					uci set mapagent.@dpp_chirp[-1].band="$mode_band"
-					for channel in $channels; do
-						uci add_list mapagent.@dpp_chirp[-1].channel="$channel"
-					done
-				fi
+				#uci add mapagent dpp_uri
+				#uci set mapagent.@dpp_uri[-1].type="qrcode"
+				#uci set mapagent.@dpp_uri[-1].device="$device"
+				#uci set mapagent.@dpp_uri[-1].ifname="$ifname"
+				#uci set mapagent.@dpp_uri[-1].band="$mode_band"
+				#uci set mapagent.@dpp_uri[-1].chirp_interval="10"
+				#uci add_list mapagent.@dpp_uri[-1].dpp_chan="$dpp_chan"
 
 				if [ $generate_wireless_sta_config -eq 1 ]; then
 					secname="default_sta_${device}"

map-controller/Config.in

@@ -39,10 +39,6 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config CONTROLLER_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping via passphrase."
-	default n
-
 config CONTROLLER_PROPAGATE_PROBE_REQ
 	depends on CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable publishing probe requests vendor specific messages as UBUS events"

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.4.0
+PKG_VERSION:=6.4.2.6
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=d2e91ca156dbe0b44f0fc551b0a353137343fdf1
+PKG_SOURCE_VERSION:=5e93ea36c4fb93dd473b233b098ecacf6395a20c
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -36,9 +36,6 @@ ifeq ($(CONFIG_CONTROLLER_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-ifeq ($(CONFIG_CONTROLLER_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
 
 define Package/map-controller/description
  This package provides WiFi MultiAP Controller as per the EasyMesh-R2 specs.
@@ -84,7 +81,6 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands_impl.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_apis.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_plugin.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/wifi_opclass.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/steer_module.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/timer.h $(1)/usr/include/map-controller

map-controller/files/etc/config/mapcontroller

@@ -8,11 +8,10 @@ config controller 'controller'
 	option enable_ts '0'
 	option primary_vid '1'
 	option primary_pcp '0'
-	option stale_sta_timeout '30d'
+	option stale_sta_timeout '20d'
 	option de_collect_interval '60'
-	list plugin 'zerotouch'
 
-config sta_steering 'sta_steering'
+config sta_steering
 	option enable_sta_steer '1'
 	option enable_bsta_steer '0'
 	option rcpi_threshold_2g '70'
@@ -24,10 +23,8 @@ config sta_steering 'sta_steering'
 	option plugins_enabled '1'
 	option plugins_policy 'any'
 	list plugins 'rcpi'
-	list plugins 'rate'
-	list plugins 'bsteer'
 
-config channel_plan 'channel_plan'
+config channel_plan
 	option preclear_dfs '0'
 	option acs '0'
 

map-controller/files/etc/uci-defaults/99-mapcntlr-uci-rename-singletons

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-cfg=mapcontroller
-
-# singleton sections
-sections="channel_plan sta_steering"
-
-for sec in $sections; do
-    # find unnamed section of given type, only index 0
-    s=$(uci show $cfg | grep -oE "@${sec}\[0\]" | sort -u)
-    [ "$s" = "" ] && continue
-
-    uci rename $cfg.$s=$sec
-done
-
-uci commit $cfg

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.0.31
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a76610182366cf05ed7e8f5fbac26890b709eeb4
+PKG_SOURCE_VERSION:=565cade8fe08807b345404c567243fbdfdcb96c8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -27,18 +27,12 @@ include $(INCLUDE_DIR)/package.mk
 
 include $(wildcard plugins/*.mk)
 
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
-
 MAKE_FLAGS += \
 	CFLAGS="$(TARGET_CFLAGS) -Wall"
 
 plugins := \
 	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)   \
-	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer) \
-	$(if $(CONFIG_PACKAGE_map-plugins-zero-touch),zero-touch)
+	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer)
 
 ppkg:=$(patsubst plugins/%.mk,map-plugins-%,$(wildcard plugins/*.mk))
 

map-plugins/plugins/zero-touch.mk

@@ -1,22 +0,0 @@
-define Package/map-plugins-zero-touch
-	$(call Package/map-plugins/Default)
-	TITLE:=Full Zero-touch bootstrapping of Wi-Fi Repeater device(s)
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-zero-touch/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/zerotouch.so $(1)/usr/lib/mapcontroller/zerotouch.so
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/libztdpp.so $(1)/usr/lib/libztdpp.so
-
-endef
-
-define Build/Compile/map-plugins-zero-touch
-	$(MAKE) -C $(PKG_BUILD_DIR)/zero-touch \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

netmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmngr
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.2.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=6310f32b80f8abeccbf99ad55ce88792b19342d6
+PKG_SOURCE_VERSION:=ff08a8cc5c860056a022e5376a973dee5a323595
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.1.5
+PKG_VERSION:=1.1.7
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only
@@ -18,6 +18,7 @@ include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 define Package/netmode
   CATEGORY:=Utilities
   TITLE:=Network Modes and Utils
+  DEPENDS:=+dm-service
 endef
 
 define Package/netmode/description

netmode/files/datamodel.json

@@ -58,7 +58,7 @@
 							"name": "mode"
 						}
 					},
-					"linker_obj": "Device.{BBF_VENDOR_PREFIX}NetMode.SupportedModes.[Name==@key]."
+					"linker_obj": "Device.{BBF_VENDOR_PREFIX}NetMode.SupportedModes.*.Name"
 				}
 			]
 		},

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -17,8 +17,6 @@ l3_mcast_config() {
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
-	wandev="$(uci -q get network.WAN.ifname)"
-
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
 	uci -q set network.lan.device='br-lan'
@@ -38,35 +36,11 @@ l3_network_config() {
 	uci -q delete network.wan.disabled
 	uci -q delete network.wan.username
 	uci -q delete network.wan.password
-	uci -q delete network.wan.ipaddr
-	uci -q delete network.wan.gateway
-	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6=interface
 	uci -q set network.wan6.proto='dhcpv6'
 	uci -q delete network.wan6.disabled
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		wandev="$wandev.$NETMODE_vlanid"
-	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 
@@ -87,6 +61,12 @@ l3_network_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -17,8 +17,6 @@ l3_mcast_config() {
 l3_network_pppoe_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
-	wandev="$(uci -q get network.WAN.ifname)"
-
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
 	uci -q set network.lan.device='br-lan'
@@ -38,33 +36,9 @@ l3_network_pppoe_config() {
 	uci -q set network.wan.username="$NETMODE_username"
 	uci -q set network.wan.password="$NETMODE_password"
 	uci -q delete network.wan.disabled
-	uci -q delete network.wan.ipaddr
-	uci -q delete network.wan.gateway
-	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6.disabled='1'
 
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		wandev="$wandev.$NETMODE_vlanid"
-	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 
@@ -85,6 +59,12 @@ l3_network_pppoe_config() {
 			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
 		fi
 		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		if [ -n "$device" ]; then
+			uci -q set network.wan.device="$device"
+			uci -q set network.wan6.device="$device"
+		fi
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -1,127 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-source "/etc/device_info"
-
-l3_mcast_config() {
-	# configure L3 mcast config
-	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
-
-	rm -f /etc/config/mcast
-	sh /rom/etc/uci-defaults/61-mcast_config_generate
-	uci -q commit mcast
-}
-
-l3_network_config() {
-	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-
-	wandev="$(uci -q get network.WAN.ifname)"
-
-	# Configure L3 Network Mode
-	uci -q set network.lan=interface
-	uci -q set network.lan.device='br-lan'
-	uci -q set network.lan.proto='static'
-	uci -q set network.lan.ipaddr='192.168.1.1'
-	uci -q set network.lan.netmask='255.255.255.0'
-	uci -q set network.lan.ip6assign='60'
-	uci -q delete network.lan.vendorid
-	uci -q delete network.lan.clientid
-	uci -q delete network.lan.reqopts
-	uci -q delete network.lan.sendopts
-
-	uci -q delete network.lan6	
-
-	uci -q set network.wan=interface
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan.proto='static'
-	uci -q set network.wan.ipaddr="$NETMODE_ipaddr"
-	uci -q set network.wan.gateway="$NETMODE_gateway"
-	uci -q set network.wan.netmask="$NETMODE_netmask"
-	uci -q delete network.wan.disabled
-	uci -q delete network.wan.username
-	uci -q delete network.wan.password
-
-	uci -q set network.wan6.disabled='1'
-
-	if [ -n "$wandev" ] && echo "$NETMODE_vlanid" | grep -Eq '^[0-9]+$' && [ "$NETMODE_vlanid" -ge 1 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		wandev="$wandev.$NETMODE_vlanid"
-	fi
-
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan6.device="$wandev"
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_cleanup
-	fi
-
-	uci -q commit network
-
-	# Enable DHCP Server
-	uci -q set dhcp.lan.ignore=0
-	uci -q set dhcp.wan.ignore=1
-	uci -q commit dhcp
-	/etc/init.d/odhcpd enable
-
-	# Enable SSDPD
-	uci -q set ssdpd.ssdp.enabled="1"
-	uci -q commit ssdpd
-
-	# Update CWMP Agent WAN Interface
-	uci -q set cwmp.cpe.default_wan_interface="wan"
-	uci -q commit cwmp
-
-	# Update gateway WAN Interface
-	uci -q set gateway.global.wan_interface="wan"
-	uci -q commit gateway
-
-	# Enable firewall
-	uci -q set firewall.globals.enabled="1"
-	uci -q commit firewall
-}
-
-l3_network_config
-l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/supported_modes.json

@@ -3,90 +3,25 @@
   "supported_modes": [
     {
       "name": "routed-dhcp",
-      "description": "DHCP",
-      "supported_args": [
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers",
-          "required": false,
-          "type": "string"
-        }
-      ]
+      "description": "WAN with DHCP proto (Layer 3)"
     },
     {
       "name": "routed-pppoe",
-      "description": "PPPoE",
+      "description": "WAN with PPPoE (Layer 3)",
       "supported_args": [
         {
           "name": "username",
-          "description": "PPPoE Username",
+          "description": "PPPoE username",
           "required": true,
-          "type": "string",
+	  "type": "string",
           "#value": "TestUser"
         },
         {
           "name": "password",
-          "description": "PPPoE Password",
+          "description": "PPPoE password",
           "required": true,
-          "type": "string",
+	  "type": "string",
           "#value": "TestPassword"
-        },
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers",
-          "required": false,
-          "type": "string"
-        }
-      ]
-    },
-    {
-      "name": "routed-static",
-      "description": "Static",
-      "supported_args": [
-        {
-          "name": "ipaddr",
-          "description": "IP Address",
-          "required": true,
-          "type": "string",
-          "#value": "93.21.0.104"
-        },
-        {
-          "name": "netmask",
-          "description": "Subnet Mask",
-          "required": true,
-          "type": "string",
-          "#value": "255.255.255.0"
-        },
-        {
-          "name": "gateway",
-          "description": "Default Gateway",
-          "required": true,
-          "type": "string",
-          "#value": "93.21.0.1"
-        },
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers",
-          "required": false,
-          "type": "string"
         }
       ]
     }

netmode/files/etc/uci-defaults/40_netmode_set_default_netmode

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-enabled="$(uci -q get netmode.global.enabled)"
-[ "$enabled" == "1" ] || exit 0
-
-mode="$(uci -q get netmode.global.mode)"
-[ -n "$mode" ] && exit 0
-
-[ -f /etc/netmodes/supported_modes.json ] || exit 0
-
-# NetMode is enabled without a Mode being set
-# Figure out the current mode from network config
-wanproto=$(uci -q get network.wan.proto)
-curmode=""
-case "$wanproto" in
-	dhcp) curmode="routed-dhcp" ;;
-	pppoe) curmode="routed-pppoe" ;;
-	static) curmode="routed-static" ;;
-esac
-
-found=0
-for md in $(jsonfilter -i /etc/netmodes/supported_modes.json -e "@.supported_modes.*.name"); do
-	[ "$md" == "$curmode" ] && found=1
-done
-
-if [ $found -eq 1 ]; then
-	uci -q set netmode.global.mode="$curmode"
-	echo "$curmode" > /etc/netmodes/.last_mode
-fi

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.0.17
+PKG_VERSION:=10.0.7.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=8f0f8cfc2c4048bfed674163030d0b06f96f2da1
+PKG_SOURCE_VERSION:=84d5ae575134d501b8ca171a5a65c6f410f01d08
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,9 +32,8 @@ define Package/obuspa
   SUBMENU:=TRx69
   TITLE:=USP agent
   MENU:=1
-  DEPENDS:=+libopenssl +libcurl +libsqlite3 +libmosquitto-ssl +libwebsockets-openssl
-  DEPENDS+=+libjson-c +libubox +libubus +libuci +libblobmsg-json
-  DEPENDS+=+ca-certificates +OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl
+  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
+		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 

obuspa/files/etc/init.d/obuspa

@@ -6,18 +6,19 @@ USE_PROCD=1
 
 PROG=/usr/sbin/obuspa
 CONFIGURATION=obuspa
+
 ENV_PROFILE="/root/.profile"
 KEEP_FILE="/lib/upgrade/keep.d/obuspa"
 
 RESET_FILE="/tmp/obuspa/fw_defaults"
-
-OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
+SQL_DB_FILE="/tmp/obuspa/usp.db"
+DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)"
 
 BASEPATH=""
 INSTANCE_COUNT=0
-CLIENT_ID_PREFIX=""
 
 . /lib/functions/network.sh
+. /usr/share/libubox/jshn.sh
 . /etc/obuspa/usp_utils.sh
 
 global_init()
@@ -29,7 +30,6 @@ global_init()
 log()
 {
 	echo "$*"|logger -t obuspa.init -p debug
-	echo "$*" >/dev/console
 }
 
 db_set_reset_file()
@@ -47,9 +47,37 @@ db_set_reset_file()
 	fi
 }
 
+db_set_sql()
+{
+	local param value
+
+	param="${1}"
+	shift
+	value="$*"
+
+	if [ -n "${param}" ] && [ -n "${value}" ]; then
+		if grep -q "${param} " ${DB_DUMP}; then
+			value="${value//\//\\/}"
+			sed -i "s/${param} .*/${param} \"${value}\"/g" ${DB_DUMP}
+		else
+			echo "${param} \"${value}\"" >> ${DB_DUMP}
+		fi
+	fi
+}
+
 db_set()
 {
-	db_set_reset_file "$@"
+	# if sql db dump file present, update it
+	if [ -f "${DB_DUMP}" ]; then
+		db_set_sql "$@"
+	else
+		db_set_reset_file "$@"
+	fi
+}
+
+dump_db()
+{
+	${PROG} -v0 -f ${SQL_DB_FILE} -c show database |grep "^Internal.\|^Device."|sed '{s/=> /"/g;s/$/"/g}' | sort  > ${DB_DUMP}
 }
 
 # if db present then check if it matches with existing instances
@@ -64,6 +92,21 @@ get_base_path()
 	path=""
 	count=0
 
+	if [ -f "${DB_DUMP}" ]; then
+		path=$(grep -E "${refpath}\d+.Alias \"${value}\"" ${DB_DUMP})
+		path=${path%.*}
+		if [ -z "${path}" ]; then
+			path=$(grep -oE "${refpath}\d+" ${DB_DUMP} |sort -r|head -n 1)
+			if [ -n "${path}" ]; then
+				count=${path##*.}
+				count=$(( count + 1 ))
+			else
+				count=1
+			fi
+			path="${refpath}${count}"
+		fi
+	fi
+
 	if [ -z "${path}" ]; then
 		INSTANCE_COUNT=$(( INSTANCE_COUNT + 1 ))
 		path="${refpath}${INSTANCE_COUNT}"
@@ -79,7 +122,9 @@ get_refrence_path()
 	value="${2}"
 	path=""
 
-	if [ -f "${RESET_FILE}" ]; then
+	if [ -f "${DB_DUMP}" ]; then
+		path=$(grep -E "${dmref}\d+.Alias " ${DB_DUMP}|grep -w "${value}")
+	elif [ -f "${RESET_FILE}" ]; then
 		path=$(grep -E "${dmref}\d+.Alias " ${RESET_FILE}|grep -w "${value}")
 	fi
 	path=${path%.*}
@@ -91,7 +136,7 @@ update_keep()
 	file=${1}
 
 	if [ -z "${file}" ]; then
-		return 0
+		return;
 	fi
 
 	if [ ! -f "${KEEP_FILE}" ]; then
@@ -218,7 +263,7 @@ configure_localagent()
 
 	validate_localagent_section "${1}" || {
 		log "Validation of localagent section failed"
-		return 0
+		return 0;
 	}
 
 	db_set Device.LocalAgent.EndpointID "${EndpointID}"
@@ -226,7 +271,7 @@ configure_localagent()
 
 update_reset_reason()
 {
-	[ -f "/tmp/reset_reason" ] || return 0
+	[ -f "/tmp/reset_reason" ] || return 0;
 
 	if grep -qwi "defaultreset" /tmp/reset_reason; then
 		db_set Internal.Reboot.Cause "FactoryReset"
@@ -265,6 +310,10 @@ get_role_index()
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
 		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
 		echo "$val"
+	elif [ -f "${DB_DUMP}" ]; then
+		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)"
+		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
+		echo "$val"
 	else
 		log "Not able to get role ${name}, use Untrusted role"
 		echo "${drole}"
@@ -282,19 +331,19 @@ configure_controller()
 	sec="${1}"
 	validate_controller_section "${1}" || {
 		log "Validation of controller section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/controller_/cpe-}"
 	get_base_path "Device.LocalAgent.Controller." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "controller:: Protocol cannot be empty"
-		return 1
+		return 1;
 	fi
 
 	dm_ref=""
@@ -390,14 +439,14 @@ configure_subscription()
 	sec="${1}"
 	validate_subscription_section "${1}" || {
 		log "Validation of subscription section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/sub_/cpe-}"
 	get_base_path "Device.LocalAgent.Subscription." "sub_${1}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -n "${controller}" ]; then
@@ -434,12 +483,12 @@ configure_challenges()
 	get_base_path "Device.LocalAgent.ControllerTrust.Challenge." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${role_name}" ] && [ -z "${Role}" ]; then
-		log "Either role_name or Role must defined for a challenge"
-		return 1
+		log "Either role_name or Role must defined for a challenge";
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -466,18 +515,18 @@ configure_mtp() {
 	sec="${1}"
 	validate_mtp_section "${1}" || {
 		log "Validation of mtp section failed"
-		return 1
+		return 1;
 	}
 	sec="${sec/mtp_/cpe-}"
 	get_base_path "Device.LocalAgent.MTP." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	if [ -z "${Protocol}" ]; then
 		log "Protocol not defined for the mtp[${1}] section"
-		return 1
+		return 1;
 	fi
 
 	dm_ref=""
@@ -535,14 +584,14 @@ configure_stomp_connection() {
 	sec="${1}"
 	validate_stomp_connection_section "${1}" || {
 		log "Validation of stomp section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/stomp_/cpe-}"
 	get_base_path "Device.STOMP.Connection." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -565,18 +614,14 @@ configure_mqtt_client() {
 	sec="${1}"
 	validate_mqtt_client_section "${1}" || {
 		log "Validation of mqtt section failed"
-		return 1
+		return 1;
 	}
 
 	sec="${sec/mqtt_/cpe-}"
 	get_base_path "Device.MQTT.Client." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1
-	fi
-
-	if [ -z "${ClientID}" ]; then
-		ClientID="${CLIENT_ID_PREFIX}-${sec}"
+		return 1;
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -603,9 +648,6 @@ configure_obuspa() {
 	fi
 
 	if [ -n "${log_level}" ]; then
-		if [ "${log_level}" -gt "4" ]; then
-			log_level="4"
-		fi
 		procd_append_param command -v "${log_level}"
 	fi
 
@@ -634,13 +676,13 @@ configure_obuspa() {
 
 	if [ -n "${db_file}" ]; then
 		update_keep "${db_file}"
-		procd_append_param command -f "${db_file}"
-		if [ -f "${db_file}-journal" ]; then
-			log "SQL Journal detected ..."
-		fi
+		procd_append_param command -f "${SQL_DB_FILE}"
 	fi
 
 	if [ -f "${RESET_FILE}" ]; then
+		if [ -f "${SQL_DB_FILE}" ]; then
+			mv ${SQL_DB_FILE} ${SQL_DB_FILE}.old
+		fi
 		procd_append_param command -r ${RESET_FILE}
 	fi
 
@@ -659,34 +701,301 @@ configure_obuspa() {
 	fi
 }
 
-# Create factory reset file
-db_init()
+get_instances_from_db_dump()
 {
-	local reason
+	local obj inst
 
-	reason="${1}"
-	# remove usp.db, in case of reload
-	if [ -f "${OBUSPA_BOOT_MARKER}" ] && [ "${reason}" = "update" ]; then
-		log "Deleting ${OBUSPA_BOOT_MARKER} to enforce values from uci ...."
-		rm -f "${OBUSPA_BOOT_MARKER}"
+	obj="${1}\d+"
+	if [ ! -f "${DB_DUMP}" ]; then
+		echo ""
+		return 0;
 	fi
 
-	if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
+	inst="$(grep -oE "${obj}" "${DB_DUMP}"|uniq)"
+	echo "$inst"
+}
+
+get_param_value_from_dump()
+{
+	local param value
+
+	param="${1}"
+
+	if [ -z "${param}" ] || [ ! -f "${DB_DUMP}" ]; then
+		log "error getting param"
+		echo ""
 		return 0
 	fi
 
-	# Remove reset file if present
-	[ -f "${RESET_FILE}" ] && rm ${RESET_FILE}
+	value="$(grep "^${param} " ${DB_DUMP}|awk '{print $2}')"
 
-	CLIENT_ID_PREFIX="$(db -q get device.deviceinfo.ManufacturerOUI)"
-	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX}-$(db -q get device.deviceinfo.SerialNumber)"
-	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX//+/%2b}"
+	echo "${value//\"/}"
+}
+
+update_uci_sec()
+{
+	local sec tmp
+
+	sec="${1}"
+	stype="${2}"
+	if [ -z "$sec" ] || [ -z "$stype" ]; then
+		log "No section name, error"
+		return 0
+	fi
+
+	tmp="$(uci_get obuspa "${sec}")"
+	if [ "$tmp" != "$stype" ]; then
+		uci_add obuspa "${stype}" "${sec}"
+	fi
+}
+
+sync_db_controller()
+{
+	local cntrs copts sec pvalue protocol
+
+	copts="Enable EndpointID PeriodicNotifInterval"
+	popts="Destination Topic Host Port Path EnableEncryption"
+
+	cntrs="$(get_instances_from_db_dump Device.LocalAgent.Controller.)"
+	for cntr in $cntrs; do
+		sec="$(get_param_value_from_dump "${cntr}".Alias)"
+		sec="${sec/cpe-/controller_}"
+		sec="${sec/-/_}"
+
+		update_uci_sec "${sec}" controller
+		for param in ${copts}; do
+			pvalue="$(get_param_value_from_dump "${cntr}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+
+		protocol="$(get_param_value_from_dump "${cntr}".MTP.1.Protocol)"
+		if [ -z "${protocol}" ]; then
+			break;
+		fi
+		uci_set obuspa "${sec}" "Protocol" "${protocol}"
+		for param in ${popts}; do
+			pvalue="$(get_param_value_from_dump "${cntr}".MTP.1."${protocol}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+	done
+}
+
+sync_db_localagent_mtp()
+{
+	local mtps opts popts sec pvalue protocol
+
+	opts="Enable"
+	popts="ResponseTopicConfigured Destination Port Path EnableEncryption PublishQoS"
+
+	mtps="$(get_instances_from_db_dump Device.LocalAgent.MTP.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/mtp_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" mtp
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+
+		protocol="$(get_param_value_from_dump "${inst}".Protocol)"
+		if [ -z "${protocol}" ]; then
+			break;
+		fi
+		uci_set obuspa "${sec}" "Protocol" "${protocol}"
+		for param in ${popts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${protocol}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+	done
+}
+
+
+sync_db_mqtt_client()
+{
+	local mtps copts sec pvalue protocol
+
+	opts="Enable BrokerAddress BrokerPort Username ProtocolVersion TransportProtocol ClientID"
+
+	mtps="$(get_instances_from_db_dump Device.MQTT.Client.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/mqtt_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" mqtt
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+	done
+}
+
+sync_db_stomp_connection()
+{
+	local mtps copts sec pvalue protocol
+
+	opts="Enable Host Port Username EnableEncryption EnableHeartbeats VirtualHost"
+
+	mtps="$(get_instances_from_db_dump Device.STOMP.Connection.)"
+	for inst in $mtps; do
+		sec="$(get_param_value_from_dump "${inst}".Alias)"
+		sec="${sec/cpe-/stomp_}"
+		sec="${sec/-/_}"
+		update_uci_sec "${sec}" stomp
+		for param in ${opts}; do
+			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
+			uci_set obuspa "${sec}" "${param}" "${pvalue}"
+		done
+		uci_set obuspa "${sec}" "_sync" "1"
+	done
+}
+
+sync_update_sec()
+{
+	local _sync
+	config_get _sync "${1}" _sync ""
+	if [ -z "${_sync}" ]; then
+		uci_remove obuspa "${1}"
+		log "Deleting obuspa.${1} section ..."
+	else
+		uci_remove obuspa "${1}" _sync
+	fi
+}
+
+sync_uci_with_db()
+{
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	config_load obuspa
+	sync_db_controller
+	sync_db_localagent_mtp
+	sync_db_mqtt_client
+	sync_db_stomp_connection
+	uci_commit obuspa
+
+	config_load obuspa
+	config_foreach sync_update_sec controller
+	config_foreach sync_update_sec mtp
+	config_foreach sync_update_sec mqtt
+	config_foreach sync_update_sec stomp
+	uci_commit obuspa
+}
+
+delete_sql_db_entry_with_pattern()
+{
+	local params pattern
+
+	pattern="${1}"
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	if [ "${#pattern}" -lt 7 ]; then
+		return 0;
+	fi
+
+	#log "Deleting with pattern [${pattern}] from ${DB_DUMP}"
+	sed -i "/${pattern}/d" ${DB_DUMP}
+}
+
+check_n_delete_db()
+{
+	local sec t r path
+
+	sec="${1}"
+	if uci -q get obuspa."${sec}" >/dev/null 2>&1; then
+		return 0
+	fi
+
+	t="${2}"
+	r="${3}"
+	sec="${sec/${t}_/cpe-}"
+
+	path=$(grep -E "${r}\d+.Alias \"${sec}\"" ${DB_DUMP})
+	path=${path%.*}
+
+	delete_sql_db_entry_with_pattern "${path}"
+}
+
+workaround_remove_download_pattern()
+{
+	local inst
+
+	inst="$(cat ${DB_DUMP} |grep -E "Device.DeviceInfo.FirmwareImage.\d.Download()"|grep -oE "Device.LocalAgent.Request.\d.")"
+
+	if [ -n "${inst}" ]; then
+		log "Workaround to remove the old download Request [$inst]"
+		delete_sql_db_entry_with_pattern "${inst}"
+	fi
+}
+
+reverse_update_db_with_uci()
+{
+	if [ ! -f "${DB_DUMP}" ]; then
+		return 0;
+	fi
+
+	export UCI_CONFIG_DIR="/tmp/obuspa"
+	config_load obuspa
+	config_foreach check_n_delete_db controller controller "Device.LocalAgent.Controller."
+	config_foreach check_n_delete_db mtp mtp "Device.LocalAgent.MTP."
+	config_foreach check_n_delete_db mqtt mqtt "Device.MQTT.Client."
+	config_foreach check_n_delete_db stomp stomp "Device.STOMP.Connection."
+	unset UCI_CONFIG_DIR
+}
+
+# Create factory reset file
+db_init()
+{
+	local reason role_file
+
+	reason="${1}"
+	mkdir -p /tmp/obuspa/
+
+	# Load configuration
+	config_load $CONFIGURATION
+	config_get SQL_DB_FILE global db_file "/tmp/obuspa/usp.db"
+	config_get role_file global role_file ""
+
+	if [ -f "${SQL_DB_FILE}.old" ] && [ ! -f "${SQL_DB_FILE}" ]; then
+		log "Copying old db, since new db not present ..."
+		mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
+	fi
+
+	# Dump datamodel parameters from DB
+	if [ -f "${SQL_DB_FILE}" ]; then
+		dump_db
+	fi
+
+	# In case of Reboot or service restart update the uci
+        # from usp.db file
+	if [ -f "${DB_DUMP}" ] && [ "${reason}" != "update" ]; then
+		# Only do this if db have reasonable data
+		val="$(awk 'END{print NR}' ${DB_DUMP})"
+		if [ "$val" -gt 15 ]; then
+			log "Syncing obuspa uci with usp.db ...."
+			sync_uci_with_db
+		fi
+	fi
+
+	# remove entries from db if deleted from uci, only in case of reload
+	if [ -f "${DB_DUMP}" ] && [ "${reason}" = "update" ] && [ -f "/tmp/obuspa/obuspa" ]; then
+		log "Deleting entries from usp.db if uci not present ...."
+		reverse_update_db_with_uci
+	fi
+
+	# Remove reset file if present
+	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old
 
 	#log "Create reset file ...."
 	config_load $CONFIGURATION
 	config_get dualstack_pref global dualstack_pref "IPv6"
 
-	log "Enforce uci values, no boot marker"
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@@ -702,12 +1011,21 @@ db_init()
 	global_init
 	config_foreach configure_challenges challenge
 
-	# enforce ctrust only on upgrades, not on reloads
-	if [ -f "${CTRUST_RESET_FILE}" ] && [ -z "${reason}" ]; then
-		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
-	fi
 	update_reset_reason
 	update_dual_stack_pref "${dualstack_pref}"
+
+	uci_commit ${CONFIGURATION}
+
+	cp /etc/config/obuspa /tmp/obuspa/
+	if [ -f "${DB_DUMP}" ]; then
+		workaround_remove_download_pattern
+		mv ${DB_DUMP} ${RESET_FILE}
+	fi
+
+	if [ -f "${CTRUST_RESET_FILE}" ]; then
+		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
+		rm ${CTRUST_RESET_FILE}
+	fi
 }
 
 start_service() {
@@ -719,18 +1037,21 @@ start_service() {
 
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then
-		procd_set_param command ${PROG}
 		db_init "${1}"
+		procd_set_param command ${PROG}
 		configure_obuspa
 		procd_set_param respawn \
 			"${respawn_threshold:-10}" \
 			"${respawn_timeout:-10}" "${respawn_retry:-5}"
+		#procd_set_param limits core="unlimited"
 	fi
 	procd_close_instance ${CONFIGURATION}
 }
 
 stop_service() {
-	${PROG} -c stop
+	if command -v timeout >/dev/null 2>&1; then
+		timeout 5 ${PROG} -c stop
+	fi
 }
 
 reload_service() {
@@ -739,6 +1060,5 @@ reload_service() {
 }
 
 service_triggers() {
-	export PROCD_RELOAD_DELAY=3000
 	procd_add_reload_trigger "obuspa"
 }

obuspa/files/etc/obuspa/usp_utils.sh

@@ -1,12 +1,10 @@
 #!/bin/sh
 
-CTRUST_RESET_FILE="/etc/obuspa/ctrust_reset"
+CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
 VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
 FW_DEFAULT_ROLE_DIR="/etc/users/roles"
 SECURE_ROLES=""
 
-CTRUST_RESET_FILE_TEMP="/tmp/obuspa/ctrust_reset"
-
 mkdir -p /tmp/obuspa/
 
 # include jshn.sh
@@ -25,9 +23,9 @@ db_add()
 	value="$*"
 
 	if [ -n "${param}" ] && [ -n "${value}" ]; then
-		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE_TEMP}
+		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE}
 	else
-		echo >>${CTRUST_RESET_FILE_TEMP}
+		echo >>${CTRUST_RESET_FILE}
 	fi
 }
 
@@ -254,10 +252,7 @@ configure_ctrust_role()
 	if [ -n "${SECURE_ROLES}" ]; then
 		db_add Device.LocalAgent.ControllerTrust.SecuredRoles "${SECURE_ROLES}"
 	fi
-
-	if [ -f "${CTRUST_RESET_FILE_TEMP}" ]; then
-		mv -f "${CTRUST_RESET_FILE_TEMP}" "${CTRUST_RESET_FILE}"
-	fi
 }
 
 # configure_ctrust_role "${@}"
+

obuspa/files/etc/uci-defaults/61-override-ct-roles

@@ -4,3 +4,5 @@
 . /etc/obuspa/usp_utils.sh
 
 configure_ctrust_role
+
+exit 0

obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user

@@ -8,7 +8,6 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
 CONTROLLER_DISCOVERED=0
-OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
 
 log()
 {
@@ -273,17 +272,6 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 		fi
 	done
 
-	# Check if any of the existing controller section matches with the endpointid
-	if [ -z "${dhcp_controller}" ] && [ -n "${ENDPOINT_ID}" ]; then
-		for controller in $controllers; do
-			endpointid=$(uci -q get obuspa."${controller}".EndpointID)
-			if [ "${endpointid}" = "${ENDPOINT_ID}" ]; then
-				dhcp_controller="${controller}"
-				break
-			fi
-		done
-	fi
-
 	if [ -n "${dhcp_controller}" ]; then
 		cont_proto=$(uci -q get obuspa."${dhcp_controller}".Protocol)
 		if [ "${cont_proto}" = "MQTT" ]; then
@@ -388,7 +376,8 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				fi
 
 				if [ -z "${dhcp_mtp}" ]; then
-					uci -q set obuspa.dhcpmtp="mtp"
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
 					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
@@ -405,7 +394,8 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 					user="$(uci -q get obuspa.global.username)"
 					pass="$(uci -q get obuspa.global.password)"
 
-					uci -q set obuspa.dhcpmqtt="mqtt"
+					sec=$(uci -q add obuspa mqtt)
+					uci -q rename obuspa."${sec}"='dhcpmqtt'
 					dhcp_mqtt="dhcpmqtt"
 					uci -q set obuspa."${dhcp_mqtt}".Enable='1'
 					uci -q set obuspa."${dhcp_mqtt}".Username="${user}"
@@ -418,7 +408,8 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 				uci -q set obuspa."${dhcp_mqtt}".ProtocolVersion='5.0'
 
 				if [ -z "${dhcp_mtp}" ]; then
-					uci -q set obuspa.dhcpmtp="mtp"
+					sec=$(uci -q add obuspa mtp)
+					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
 					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
@@ -476,64 +467,64 @@ if [ "${wan_intf}" = "${INTERFACE}" ]; then
 			fi
 		fi
 	else
-		# Only setup a new controller, only if mandatory param present
-		if [ -n "${ENDPOINT_ID}" ] && [ -n "${URL}" ]; then
-			uci -q delete obuspa.dhcpmtp
-			uci -q delete obuspa.dhcpmqtt
+		uci -q delete obuspa.dhcpmtp
+		uci -q delete obuspa.dhcpmqtt
 
-			uci -q set obuspa.dhcpcontroller="controller"
-			uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
-			uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
-			uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
-			uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
-			uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
-			uci -q set obuspa.dhcpcontroller.Enable='1'
+		sec=$(uci -q add obuspa controller)
+		uci -q rename obuspa."${sec}"='dhcpcontroller'
+		uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
+		uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
+		uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
+		uci -q set obuspa.dhcpcontroller.Protocol="${offered_proto}"
+		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
+		uci -q set obuspa.dhcpcontroller.Enable='1'
 
-			if [ -n "${offered_proto}" ]; then
-				if [ "${offered_proto}" = "MQTT" ]; then
-					user="$(uci -q get obuspa.global.username)"
-					pass="$(uci -q get obuspa.global.password)"
+		if [ -n "${offered_proto}" ]; then
+			if [ "${offered_proto}" = "MQTT" ]; then
+				user="$(uci -q get obuspa.global.username)"
+				pass="$(uci -q get obuspa.global.password)"
 
-					uci -q set obuspa.dhcpcontroller.Topic="${topic}"
-					uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
+				uci -q set obuspa.dhcpcontroller.Topic="${topic}"
+				uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
 
-					uci -q set obuspa.dhcpmqtt="mqtt"
-					uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
-					uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
-					uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
-					uci -q set obuspa.dhcpmqtt.Enable='1'
-					uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
-					uci -q set obuspa.dhcpmqtt.Username="${user}"
-					uci -q set obuspa.dhcpmqtt.Password="${pass}"
+				sec=$(uci -q add obuspa mqtt)
+				uci -q rename obuspa."${sec}"='dhcpmqtt'
+				uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
+				uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
+				uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
+				uci -q set obuspa.dhcpmqtt.Enable='1'
+				uci -q set obuspa.dhcpmqtt.ProtocolVersion='5.0'
+				uci -q set obuspa.dhcpmqtt.Username="${user}"
+				uci -q set obuspa.dhcpmqtt.Password="${pass}"
 
 
-					agent_topic=$(get_agent_topic)
-					uci -q set obuspa.dhcpmtp="mtp"
-					uci -q set obuspa.dhcpmtp.Protocol='MQTT'
-					uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
-					uci -q set obuspa.dhcpmtp.Enable='1'
-					uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
-				else
-					uci -q set obuspa.dhcpcontroller.Path="${topic}"
-					uci -q set obuspa.dhcpcontroller.Host="${ip}"
-					uci -q set obuspa.dhcpcontroller.Port="${port}"
-					uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
+				agent_topic=$(get_agent_topic)
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+				uci -q set obuspa.dhcpmtp.Protocol='MQTT'
+				uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.mqtt='dhcpmqtt'
+			else
+				uci -q set obuspa.dhcpcontroller.Path="${topic}"
+				uci -q set obuspa.dhcpcontroller.Host="${ip}"
+				uci -q set obuspa.dhcpcontroller.Port="${port}"
+				uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
 
-					uci -q set obuspa.dhcpmtp="mtp"
-					uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
-					uci -q set obuspa.dhcpmtp.Port="${port}"
-					uci -q set obuspa.dhcpmtp.Enable='1'
-					uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
-				fi
+				sec=$(uci -q add obuspa mtp)
+				uci -q rename obuspa."${sec}"='dhcpmtp'
+
+				uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
+				uci -q set obuspa.dhcpmtp.Port="${port}"
+				uci -q set obuspa.dhcpmtp.Enable='1'
+				uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
 			fi
-			uci_change=1
 		fi
+
+		uci_change=1
 	fi
 
 	if [ ${uci_change} -eq 1 ]; then
-		if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
-			rm -f "${OBUSPA_BOOT_MARKER}"
-		fi
 		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi

obuspa/patches/0002-fix_e2e_session_init.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.0.1/src/core/device_controller.c
+Index: obuspa-10.0.5.0/src/core/device_controller.c
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/device_controller.c
-+++ obuspa-10.0.0.1/src/core/device_controller.c
-@@ -4211,6 +4211,14 @@ int ProcessControllerAdded(int cont_inst
+--- obuspa-10.0.5.0.orig/src/core/device_controller.c
++++ obuspa-10.0.5.0/src/core/device_controller.c
+@@ -4223,6 +4223,14 @@ int ProcessControllerAdded(int cont_inst
          goto exit;
      }
  
@@ -17,7 +17,7 @@ Index: obuspa-10.0.0.1/src/core/device_controller.c
      // Exit if unable to get the object instance numbers present in this controller's MTP table
      USP_SNPRINTF(path, sizeof(path), "%s.%d.MTP", device_cont_root, cont_instance);
      err = DATA_MODEL_GetInstances(path, &iv);
-@@ -4252,14 +4260,6 @@ int ProcessControllerAdded(int cont_inst
+@@ -4264,14 +4272,6 @@ int ProcessControllerAdded(int cont_inst
      DEVICE_MQTT_UpdateControllerTopics();
  #endif
  

obuspa/patches/0004-bulkdata_extn.patch

@@ -1,7 +1,7 @@
-Index: obuspa-10.0.0.1/src/core/bdc_exec.c
+Index: obuspa-10.0.4.0/src/core/bdc_exec.c
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/bdc_exec.c
-+++ obuspa-10.0.0.1/src/core/bdc_exec.c
+--- obuspa-10.0.4.0.orig/src/core/bdc_exec.c
++++ obuspa-10.0.4.0/src/core/bdc_exec.c
 @@ -549,10 +549,25 @@ int StartSendingReport(bdc_connection_t
  
      // Set the list of headers
@@ -30,10 +30,10 @@ Index: obuspa-10.0.0.1/src/core/bdc_exec.c
          bc->headers = curl_slist_append(bc->headers, "Content-Encoding: gzip");
      }
  
-Index: obuspa-10.0.0.1/src/core/bdc_exec.h
+Index: obuspa-10.0.4.0/src/core/bdc_exec.h
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/bdc_exec.h
-+++ obuspa-10.0.0.1/src/core/bdc_exec.h
+--- obuspa-10.0.4.0.orig/src/core/bdc_exec.h
++++ obuspa-10.0.4.0/src/core/bdc_exec.h
 @@ -54,6 +54,8 @@ void BDC_EXEC_ScheduleExit(void);
  #define BDC_FLAG_PUT            0x00000001  // If set, HTTP PUT should be used instead of HTTP POST when sending the report to the BDC server
  #define BDC_FLAG_GZIP           0x00000002  // If set, the reports contants are Gzipped
@@ -45,10 +45,10 @@ Index: obuspa-10.0.0.1/src/core/bdc_exec.h
 +#define BDC_FLAG_HEADER_PER_ROW  0x00000020 // If set, report format in header would be csv ParameterPerRow
 +#define BDC_FLAG_HEADER_PER_COL  0x00000040 // If set, report format in header would be csv ParameterPerColumn
  #endif
-Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
+Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/device_bulkdata.c
-+++ obuspa-10.0.0.1/src/core/device_bulkdata.c
+--- obuspa-10.0.4.0.orig/src/core/device_bulkdata.c
++++ obuspa-10.0.4.0/src/core/device_bulkdata.c
 @@ -71,8 +71,12 @@
  
  //------------------------------------------------------------------------------
@@ -95,7 +95,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
  int Validate_BulkDataHTTPMethod(dm_req_t *req, char *value);
 @@ -247,7 +259,8 @@ bulkdata_profile_t *bulkdata_find_free_p
  bulkdata_profile_t *bulkdata_find_profile(int profile_id);
- int bulkdata_calc_report_map(bulkdata_profile_t *bp, kv_vector_t *report_map);
+ int bulkdata_calc_report_map(bulkdata_profile_t *bp, kv_vector_t *report_map, combined_role_t *combined_role);
  int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *out_buf, int buf_len);
 -char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timestamp);
 +char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timestamp, char *report_format);
@@ -103,16 +103,16 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
  unsigned char *bulkdata_compress_report(profile_ctrl_params_t *ctrl, char *input_buf, int input_len, int *p_output_len);
  int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_profile_t *bp, unsigned char *json_report, int report_len);
  int bulkdata_start_profile(bulkdata_profile_t *bp);
-@@ -262,6 +275,8 @@ char *bulkdata_platform_calc_uri_query_s
- int bulkdata_platform_get_param_refs(int profile_id, param_ref_vector_t *param_refs);
- void bulkdata_expand_param_ref(param_ref_entry_t *pr, group_get_vector_t *ggv);
+@@ -263,6 +276,8 @@ int bulkdata_platform_get_param_refs(int
+ int bulkdata_platform_calc_combined_role(int instance, combined_role_t **bulkdata_role, combined_role_t *combined_role, int *cont_instance);
+ void bulkdata_expand_param_ref(param_ref_entry_t *pr, group_get_vector_t *ggv, combined_role_t *combined_role);
  void bulkdata_append_to_result_map(param_ref_entry_t *pr, group_get_vector_t *ggv, kv_vector_t *report_map);
 +void append_string_to_target(char *str, char **output);
 +char *csv_encode(const char *str);
+ int GetAuto_BulkDataController(dm_req_t *req, char *buf, int len);
  #ifdef ENABLE_MQTT
  int Validate_BulkDataMqttReference(dm_req_t *req, char *value);
- void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp);
-@@ -299,7 +314,7 @@ int DEVICE_BULKDATA_Init(void)
+@@ -301,7 +316,7 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_VendorParam_ReadOnly("Device.BulkData.Status", Get_BulkDataGlobalStatus, DM_STRING);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MinReportingInterval", BULKDATA_MINIMUM_REPORTING_INTERVAL_STR, DM_UINT);
      err |= USP_REGISTER_Param_SupportedList("Device.BulkData.Protocols", bdc_protocols, NUM_ELEM(bdc_protocols));
@@ -121,7 +121,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
      err |= USP_REGISTER_Param_Constant("Device.BulkData.ParameterWildCardSupported", "true", DM_BOOL);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MaxNumberOfProfiles", BULKDATA_MAX_PROFILES_STR, DM_INT);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MaxNumberOfParameterReferences", "-1", DM_INT);
-@@ -314,7 +329,7 @@ int DEVICE_BULKDATA_Init(void)
+@@ -316,7 +331,7 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Name", "", NULL, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.NumberOfRetainedFailedReports", "0", Validate_NumberOfRetainedFailedReports, NULL, DM_INT);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Protocol", BULKDATA_PROTOCOL_HTTP, Validate_BulkDataProtocol, NULL, DM_STRING);
@@ -129,8 +129,8 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
 +    err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.EncodingType", BULKDATA_ENCODING_TYPE_JSON, Validate_BulkDataEncodingType, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.ReportingInterval", "86400", Validate_BulkDataReportingInterval, NotifyChange_BulkDataReportingInterval, DM_UINT);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.TimeReference", UNKNOWN_TIME_STR, NULL, NotifyChange_BulkDataTimeReference, DM_DATETIME);
- 
-@@ -326,9 +341,16 @@ int DEVICE_BULKDATA_Init(void)
+     err |= USP_REGISTER_DBParam_ReadOnlyAuto("Device.BulkData.Profile.{i}.Controller", GetAuto_BulkDataController, DM_STRING);
+@@ -329,9 +344,16 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Parameter.{i}.Reference", "", Validate_BulkDataReference, NULL, DM_STRING);
  
      // Device.BulkData.Profile.{i}.JSONEncoding
@@ -148,7 +148,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
      // Device.BulkData.Profile.{i}.HTTP
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.HTTP.URL", "", NULL, NotifyChange_BulkDataURL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.HTTP.Username", "", NULL, NULL, DM_STRING);
-@@ -614,9 +636,10 @@ int Validate_BulkDataProtocol(dm_req_t *
+@@ -687,9 +709,10 @@ int Validate_BulkDataProtocol(dm_req_t *
  int Validate_BulkDataEncodingType(dm_req_t *req, char *value)
  {
      // Exit if trying to set a value outside of the range we accept
@@ -162,7 +162,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
          return USP_ERR_INVALID_VALUE;
      }
  
-@@ -720,9 +743,36 @@ int Validate_BulkDataReference(dm_req_t
+@@ -793,9 +816,36 @@ int Validate_BulkDataReference(dm_req_t
  int Validate_BulkDataReportFormat(dm_req_t *req, char *value)
  {
      // Exit if trying to set a value outside of the range we accept
@@ -201,7 +201,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
          return USP_ERR_INVALID_VALUE;
      }
  
-@@ -2053,6 +2103,14 @@ int bulkdata_platform_get_profile_contro
+@@ -2151,6 +2201,14 @@ int bulkdata_platform_get_profile_contro
          return err;
      }
  
@@ -216,7 +216,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
      // Exit if unable to get ReportTimestamp
      USP_SNPRINTF(path, sizeof(path), "Device.BulkData.Profile.%d.JSONEncoding.ReportTimestamp", bp->profile_id);
      err = DATA_MODEL_GetParameterValue(path, ctrl_params->report_timestamp, sizeof(ctrl_params->report_timestamp), 0);
-@@ -2061,6 +2119,54 @@ int bulkdata_platform_get_profile_contro
+@@ -2159,6 +2217,54 @@ int bulkdata_platform_get_profile_contro
          return err;
      }
  
@@ -271,7 +271,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
  #ifdef ENABLE_MQTT
  {
      char protocol[32];
-@@ -2334,7 +2440,7 @@ void bulkdata_process_profile_http(bulkd
+@@ -2492,7 +2598,7 @@ void bulkdata_process_profile_http(bulkd
  {
      int err;
      report_t *cur_report;
@@ -280,7 +280,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
      profile_ctrl_params_t ctrl;
      unsigned char *compressed_report;
      int compressed_len;
-@@ -2373,10 +2479,23 @@ void bulkdata_process_profile_http(bulkd
+@@ -2541,26 +2647,39 @@ void bulkdata_process_profile_http(bulkd
      }
  
      // Exit if unable to generate the report
@@ -308,7 +308,9 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
          return;
      }
  
-@@ -2385,14 +2504,14 @@ void bulkdata_process_profile_http(bulkd
+     // Print out the JSON report, if debugging is enabled
+-    USP_LOG_Info("\nBULK DATA: %sing at time %s, to url=%s", ctrl.method, iso8601_cur_time(buf, sizeof(buf)), ctrl.url);
++    USP_LOG_Info("BULK DATA: %sing at time %s, to url=%s", ctrl.method, iso8601_cur_time(buf, sizeof(buf)), ctrl.url);
      USP_LOG_Info("BULK DATA: using compression method=%s", ctrl.compression);
      if (enable_protocol_trace)
      {
@@ -327,7 +329,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
      }
      // NOTE: From this point on, only the compressed_report exists
  
-@@ -2422,8 +2541,15 @@ void bulkdata_process_profile_usp_event(
+@@ -2590,8 +2709,15 @@ void bulkdata_process_profile_usp_event(
      kv_vector_t event_args;
      kv_pair_t kv;
      report_t *cur_report;
@@ -341,11 +343,11 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
 +    char escape_char[10];
 +    char csv_format[20];
 +    char row_timestamp[33];
- 
-     // Exit if the MTP has not been connected to successfully after bootup
-     // This is to prevent BDC events being enqueued before the Boot! event is sent (the Boot! event is only sent after successfully connecting to the MTP).
-@@ -2432,13 +2558,63 @@ void bulkdata_process_profile_usp_event(
-         goto exit;
+     combined_role_t *bulkdata_role;
+     combined_role_t combined_role;
+     int cont_instance;
+@@ -2610,13 +2736,63 @@ void bulkdata_process_profile_usp_event(
+         return;
      }
  
 -    // Exit if unable to get ReportTimestamp
@@ -415,7 +417,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
  
      // When sending via USP events, only one report is ever sent in each USP event
      // So ensure all retained reports are removed. NOTE: Clearing the reports here is only necessary when switching protocol from HTTP to USP event, and where HTTP had some unsent reports
-@@ -2456,11 +2632,17 @@ void bulkdata_process_profile_usp_event(
+@@ -2634,11 +2810,17 @@ void bulkdata_process_profile_usp_event(
      }
      bp->num_retained_reports = 1;
  
@@ -436,7 +438,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
          return;
      }
  
-@@ -2468,15 +2650,15 @@ void bulkdata_process_profile_usp_event(
+@@ -2646,15 +2828,15 @@ void bulkdata_process_profile_usp_event(
  
      // Construct event_args manually to avoid the overhead of a malloc and copy of the report in KV_VECTOR_Add()
      kv.key = "Data";
@@ -446,7 +448,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
      event_args.num_entries = 1;
  
      USP_SNPRINTF(path, sizeof(path), "Device.BulkData.Profile.%d.Push!", bp->profile_id);
-     DEVICE_SUBSCRIPTION_ProcessAllEventCompleteSubscriptions(path, &event_args);
+     DEVICE_SUBSCRIPTION_ProcessAllEventCompleteSubscriptions(path, &event_args, cont_instance);
  
 -    // Free the report. No need to free the event_args as json_report is the only thing dynamically allocated in it
 -    free(json_report);      // The report is not allocated via USP_MALLOC
@@ -455,7 +457,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
  
      // From the point of view of this code, the report(s) have been successfully sent, so don't retain them
      // NOTE: Sending of the reports successfully is delegated to the USP notification retry mechanism
-@@ -2548,11 +2730,24 @@ void bulkdata_process_profile_mqtt(bulkd
+@@ -2736,15 +2918,28 @@ void bulkdata_process_profile_mqtt(bulkd
      }
  
      // Exit if unable to generate the report
@@ -485,7 +487,21 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
      }
  
      // Print out the JSON report, if debugging is enabled
-@@ -2763,7 +2958,7 @@ int bulkdata_reduce_to_alt_name(char *sp
+-    USP_LOG_Debug("\nBULK DATA: Sending at time %s to MQTT topic %s", iso8601_cur_time(buf, sizeof(buf)), ctrl.mqtt_publish_topic);
++    USP_LOG_Debug("BULK DATA: Sending at time %s to MQTT topic %s", iso8601_cur_time(buf, sizeof(buf)), ctrl.mqtt_publish_topic);
+     if (enable_protocol_trace)
+     {
+         USP_LOG_String(kLogLevel_Info, kLogType_Protocol, report);
+@@ -2939,7 +3134,7 @@ int bulkdata_reduce_to_alt_name(char *sp
+ 
+ /*********************************************************************//**
+ **
+-**  bulkdata_generate_json_report
++**  bulkdata_generate_json_name_value_pair_report
+ **
+ **  Generates a JSON name-value pair format report
+ **  NOTE: The report contains all retained failed reports, as well as the current report
+@@ -2951,7 +3146,7 @@ int bulkdata_reduce_to_alt_name(char *sp
  ** \return  pointer to NULL terminated dynamically allocated buffer containing the serialized report to send
  **
  **************************************************************************/
@@ -494,7 +510,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
  {
      JsonNode *top;          // top of report
      JsonNode *array;        // array of reports (retained + current)
-@@ -2868,6 +3063,483 @@ char *bulkdata_generate_json_report(bulk
+@@ -3056,6 +3251,483 @@ char *bulkdata_generate_json_report(bulk
      return result;
  }
  
@@ -978,7 +994,7 @@ Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
  /*********************************************************************//**
  **
  **  bulkdata_compress_report
-@@ -3071,6 +3743,20 @@ int bulkdata_schedule_sending_http_repor
+@@ -3259,6 +3931,20 @@ int bulkdata_schedule_sending_http_repor
          flags |= BDC_FLAG_DATE_HEADER;
      }
  

obuspa/patches/0006-contains-expression.patch

@@ -1,7 +1,7 @@
-Index: obuspa-10.0.0.1/src/core/expr_vector.c
+Index: obuspa-10.0.5.0/src/core/expr_vector.c
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/expr_vector.c
-+++ obuspa-10.0.0.1/src/core/expr_vector.c
+--- obuspa-10.0.5.0.orig/src/core/expr_vector.c
++++ obuspa-10.0.5.0/src/core/expr_vector.c
 @@ -59,6 +59,7 @@ char *expr_op_2_str[kExprOp_Max] =
      "<",  // kExprOp_LessThan
      ">",  // kExprOp_GreaterThan
@@ -10,7 +10,7 @@ Index: obuspa-10.0.0.1/src/core/expr_vector.c
  };
  
  
-@@ -483,6 +484,15 @@ char *SplitOnOperator(char *buf, expr_op
+@@ -487,6 +488,15 @@ char *SplitOnOperator(char *buf, expr_op
          *op = '\0';
          return &op[2];
      }
@@ -26,10 +26,10 @@ Index: obuspa-10.0.0.1/src/core/expr_vector.c
  
      // Exit if found the "<" operator
      op = strchr(buf, '<');
-Index: obuspa-10.0.0.1/src/core/path_resolver.c
+Index: obuspa-10.0.5.0/src/core/path_resolver.c
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/path_resolver.c
-+++ obuspa-10.0.0.1/src/core/path_resolver.c
+--- obuspa-10.0.5.0.orig/src/core/path_resolver.c
++++ obuspa-10.0.5.0/src/core/path_resolver.c
 @@ -1088,7 +1088,7 @@ int ResolveUniqueKey(char *resolved, cha
      char temp[MAX_DM_PATH];
      bool is_match;
@@ -38,7 +38,7 @@ Index: obuspa-10.0.0.1/src/core/path_resolver.c
 +    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan, kExprOp_Contains};
  
      // Exit if unable to find the end of the unique key
-     p = strchr(unresolved, ']');
+     p = TEXT_UTILS_StrStr(unresolved, "]");
 @@ -1754,6 +1754,67 @@ int DoUniqueKeysMatch(int index, search_
          }
          USP_ASSERT(gge->value != NULL);     // GROUP_GET_VECTOR_GetValues() should have set an error message if the vendor hook didn't set a value for the parameter
@@ -107,10 +107,10 @@ Index: obuspa-10.0.0.1/src/core/path_resolver.c
          // Determine the function to call to perform the comparison
          if (type_flags & (DM_INT | DM_UINT | DM_ULONG | DM_LONG | DM_DECIMAL))
          {
-Index: obuspa-10.0.0.1/src/include/usp_api.h
+Index: obuspa-10.0.5.0/src/include/usp_api.h
 ===================================================================
---- obuspa-10.0.0.1.orig/src/include/usp_api.h
-+++ obuspa-10.0.0.1/src/include/usp_api.h
+--- obuspa-10.0.5.0.orig/src/include/usp_api.h
++++ obuspa-10.0.5.0/src/include/usp_api.h
 @@ -106,6 +106,7 @@ typedef enum
      kExprOp_LessThan,               // '<'
      kExprOp_GreaterThan,            // '>'

obuspa/patches/1000-SecuredRole-bbfdm.patch

@@ -1,40 +1,40 @@
-Index: obuspa-10.0.0.2/src/core/device.h
+Index: obuspa-10.0.5.0/src/core/device.h
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/device.h
-+++ obuspa-10.0.0.2/src/core/device.h
-@@ -305,6 +305,8 @@ void DEVICE_CTRUST_ApplyPermissionsToSub
+--- obuspa-10.0.5.0.orig/src/core/device.h
++++ obuspa-10.0.5.0/src/core/device.h
+@@ -311,6 +311,9 @@ int DEVICE_CTRUST_InstSelToRoleInstance(
  char *DEVICE_CTRUST_InstSelToPermTarget(int role_index, void *is, int *perm_instance);
  int DEVICE_CTRUST_SetRoleParameter(int instance, char *param_name, char *new_value);
  int DEVICE_CTRUST_SetPermissionParameter(int instance1, int instance2, char *param_name, char *new_value);
++
 +bool DEVICE_CTRUST_IsControllerSecured(void);
 +
+ int DEVICE_CTRUST_DumpPermissionSelectors(int role_instance, char *path);
  int DEVICE_REQUEST_Init(void);
  int DEVICE_REQUEST_Add(char *path, char *command_key, int *instance);
- void DEVICE_REQUEST_OperationComplete(int instance, int err_code, char *err_msg, kv_vector_t *output_args);
-Index: obuspa-10.0.0.2/src/core/device_ctrust.c
+Index: obuspa-10.0.5.0/src/core/device_ctrust.c
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/device_ctrust.c
-+++ obuspa-10.0.0.2/src/core/device_ctrust.c
-@@ -235,6 +235,7 @@ credential_t *FindCredentialByCertInstan
+--- obuspa-10.0.5.0.orig/src/core/device_ctrust.c
++++ obuspa-10.0.5.0/src/core/device_ctrust.c
+@@ -246,6 +246,7 @@ credential_t *FindCredentialByCertInstan
  int Get_CredentialRole(dm_req_t *req, char *buf, int len);
  int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
  int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
 +int Validate_SecuredRoles(dm_req_t *req, char *value);
+ void ApplySearchExpressionPermissions(char *path, inst_sel_t *sel);
+ bool ValidateDataModelPathSegment(char *segment, bool is_last, char *path);
+ 
+@@ -293,6 +294,9 @@ int DEVICE_CTRUST_Init(void)
+     // Create a timer which will be used to apply all modified permissions to the data model, after processing a USP Message
+     SYNC_TIMER_Add(ApplyModifiedPermissions, 0, END_OF_TIME);
  
- #ifndef REMOVE_DEVICE_SECURITY
- int InitChallengeTable();
-@@ -354,6 +355,10 @@ int DEVICE_CTRUST_Init(void)
-                         challenge_response_input_args, NUM_ELEM(challenge_response_input_args),
-                         NULL, 0);
- #endif
-+
 +    // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
 +    err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
 +
-     // Exit if any errors occurred
-     if (err != USP_ERR_OK)
-     {
-@@ -2908,3 +2913,139 @@ exit:
+     // Register parameters implemented by this component
+     // Device.LocalAgent.ControllerTrust.Role.{i}
+     err |= USP_REGISTER_Object(DEVICE_ROLE_ROOT, ValidateAdd_CTrustRole, NULL, Notify_CTrustRoleAdded,
+@@ -3533,3 +3537,139 @@ exit:
      return err;
  }
  #endif // REMOVE_DEVICE_SECURITY

obuspa/patches/1000-suppress-logs.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.0.2/src/core/cli_server.c
+Index: obuspa-10.0.7.0/src/core/cli_server.c
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/cli_server.c
-+++ obuspa-10.0.0.2/src/core/cli_server.c
-@@ -724,10 +724,6 @@ int ExecuteCli_Get(str_vector_t *args)
+--- obuspa-10.0.7.0.orig/src/core/cli_server.c
++++ obuspa-10.0.7.0/src/core/cli_server.c
+@@ -726,10 +726,6 @@ int ExecuteCli_Get(str_vector_t *args)
              USP_ASSERT(gge->value != NULL);
              SendCliResponse("%s => %s\n", gge->path, gge->value);
          }
@@ -13,11 +13,11 @@ Index: obuspa-10.0.0.2/src/core/cli_server.c
      }
  
      GROUP_GET_VECTOR_Destroy(&ggv);
-Index: obuspa-10.0.0.2/src/core/data_model.c
+Index: obuspa-10.0.7.0/src/core/data_model.c
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/data_model.c
-+++ obuspa-10.0.0.2/src/core/data_model.c
-@@ -1321,7 +1321,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
+--- obuspa-10.0.7.0.orig/src/core/data_model.c
++++ obuspa-10.0.7.0/src/core/data_model.c
+@@ -1398,7 +1398,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
      // Exit if instance already exists - nothing to do
      if (exists)
      {
@@ -26,7 +26,7 @@ Index: obuspa-10.0.0.2/src/core/data_model.c
          return USP_ERR_CREATION_FAILURE;
      }
  
-@@ -1409,7 +1409,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
+@@ -1486,7 +1486,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
      // Exit if instance does not exist - nothing to do
      if (exists == false)
      {
@@ -35,11 +35,11 @@ Index: obuspa-10.0.0.2/src/core/data_model.c
          return USP_ERR_OBJECT_DOES_NOT_EXIST;
      }
  
-diff --git a/src/core/mqtt.c b/src/core/mqtt.c
-index 388697a..444b4da 100644
---- a/src/core/mqtt.c
-+++ b/src/core/mqtt.c
-@@ -4020,7 +4020,7 @@ void MessageV5Callback(struct mosquitto *mosq, void *userdata, const struct mosq
+Index: obuspa-10.0.7.0/src/core/mqtt.c
+===================================================================
+--- obuspa-10.0.7.0.orig/src/core/mqtt.c
++++ obuspa-10.0.7.0/src/core/mqtt.c
+@@ -4070,7 +4070,7 @@ void MessageV5Callback(struct mosquitto
      if (mosquitto_property_read_string(props, RESPONSE_TOPIC,
              &response_info_ptr, false) == NULL)
      {

obuspa/patches/1001-use-datamodel-caching.patch

@@ -4,11 +4,11 @@ Date:   Wed Apr 30 17:18:27 2025 +0530
 
     1001-use-datamodel-caching.patch
 
-diff --git a/src/core/cli_server.c b/src/core/cli_server.c
-index da61c6f..abac7cb 100644
---- a/src/core/cli_server.c
-+++ b/src/core/cli_server.c
-@@ -511,6 +511,7 @@ int CLI_SERVER_ExecuteCliCommand(char *cmd_line)
+Index: obuspa-10.0.7.0/src/core/cli_server.c
+===================================================================
+--- obuspa-10.0.7.0.orig/src/core/cli_server.c
++++ obuspa-10.0.7.0/src/core/cli_server.c
+@@ -513,6 +513,7 @@ int CLI_SERVER_ExecuteCliCommand(char *c
          SendCliResponse("WARNING: Discarding unused args: %s\n", args.vector[cli_cmd->max_args+1]);
      }
  
@@ -16,7 +16,7 @@ index da61c6f..abac7cb 100644
      // Process command
      err = cli_cmd->exec_cmd(&args);
      print_help = false;
-@@ -670,6 +671,11 @@ int ExecuteCli_Version(str_vector_t *args)
+@@ -672,6 +673,11 @@ int ExecuteCli_Version(str_vector_t *arg
  int ExecuteCli_Get(str_vector_t *args)
  {
      combined_role_t *combined_role;
@@ -28,22 +28,22 @@ index da61c6f..abac7cb 100644
  #ifndef REMOVE_USP_BROKER
      char *arg1;
  
-diff --git a/src/core/data_model.h b/src/core/data_model.h
-index 7564127..2736d7c 100755
---- a/src/core/data_model.h
-+++ b/src/core/data_model.h
-@@ -405,5 +405,6 @@ int DM_PRIV_ReRegister_DBParam_Default(char *path, char *value);
+Index: obuspa-10.0.7.0/src/core/data_model.h
+===================================================================
+--- obuspa-10.0.7.0.orig/src/core/data_model.h
++++ obuspa-10.0.7.0/src/core/data_model.h
+@@ -417,5 +417,6 @@ int DM_PRIV_ReRegister_DBParam_Default(c
  bool DM_PRIV_IsChildNodeOf(dm_node_t *node, dm_node_t *parent_node);
  void DM_PRIV_GetAllEventsAndCommands(dm_node_t *node, str_vector_t *events, str_vector_t *commands);
  
 +int vendor_create_dm_cache(char *paths[], int num_paths);
  #endif
  
-diff --git a/src/core/handle_get.c b/src/core/handle_get.c
-index d9d3e9e..c263978 100644
---- a/src/core/handle_get.c
-+++ b/src/core/handle_get.c
-@@ -129,6 +129,7 @@ void MSG_HANDLER_HandleGet(Usp__Msg *usp, char *controller_endpoint, mtp_conn_t
+Index: obuspa-10.0.7.0/src/core/handle_get.c
+===================================================================
+--- obuspa-10.0.7.0.orig/src/core/handle_get.c
++++ obuspa-10.0.7.0/src/core/handle_get.c
+@@ -129,6 +129,7 @@ void MSG_HANDLER_HandleGet(Usp__Msg *usp
          goto exit;
      }
  
@@ -51,11 +51,11 @@ index d9d3e9e..c263978 100644
      // Calculate the number of hierarchical levels to traverse in the data model when performing partial path resolution
      // NOTE: protocol buffer has depth as an unsigned quantity, but internally we use a signed number, so limit range to that of a signed number
      depth = usp->body->request->get->max_depth;
-diff --git a/src/core/msg_handler.c b/src/core/msg_handler.c
-index 647591d..b7498d8 100755
---- a/src/core/msg_handler.c
-+++ b/src/core/msg_handler.c
-@@ -863,6 +863,8 @@ int HandleUspMessage(Usp__Msg *usp, char *endpoint_id, mtp_conn_t *mtpc)
+Index: obuspa-10.0.7.0/src/core/msg_handler.c
+===================================================================
+--- obuspa-10.0.7.0.orig/src/core/msg_handler.c
++++ obuspa-10.0.7.0/src/core/msg_handler.c
+@@ -987,6 +987,8 @@ int HandleUspMessage(Usp__Msg *usp, char
                  MSG_HANDLER_UspMsgTypeToString(usp->header->msg_type),
                  iso8601_cur_time(buf, sizeof(buf)) );
  

obuspa/patches/1002-mqtt-qos.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
+Index: obuspa-10.0.4.0/src/core/device_bulkdata.c
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/device_bulkdata.c
-+++ obuspa-10.0.0.1/src/core/device_bulkdata.c
-@@ -375,6 +375,8 @@ int DEVICE_BULKDATA_Init(void)
+--- obuspa-10.0.4.0.orig/src/core/device_bulkdata.c
++++ obuspa-10.0.4.0/src/core/device_bulkdata.c
+@@ -378,6 +378,8 @@ int DEVICE_BULKDATA_Init(void)
      // Device.BulkData.Profile.{i}.MQTT
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.Reference", "", Validate_BulkDataMqttReference, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishTopic", "", NULL, NULL, DM_STRING);

obuspa/patches/1003-ct-full-access-rename.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.0.2/src/core/data_model.c
+Index: obuspa-10.0.7.0/src/core/data_model.c
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/data_model.c
-+++ obuspa-10.0.0.2/src/core/data_model.c
-@@ -5347,7 +5347,7 @@ int RegisterDefaultControllerTrust(void)
+--- obuspa-10.0.7.0.orig/src/core/data_model.c
++++ obuspa-10.0.7.0/src/core/data_model.c
+@@ -5519,7 +5519,7 @@ int RegisterDefaultControllerTrust(void)
      int err = USP_ERR_OK;
  
      // Register 'Full Access' role

obuspa/patches/2001-validate-controller-mtp.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.0.2/src/core/device.h
+Index: obuspa-10.0.6.0/src/core/device.h
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/device.h
-+++ obuspa-10.0.0.2/src/core/device.h
-@@ -346,6 +346,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
+--- obuspa-10.0.6.0.orig/src/core/device.h
++++ obuspa-10.0.6.0/src/core/device.h
+@@ -355,6 +355,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
  int DEVICE_CONTROLLER_CountEnabledWebsockClientConnections(void);
  #endif
  
@@ -13,11 +13,11 @@ Index: obuspa-10.0.0.2/src/core/device.h
  #ifndef REMOVE_USP_BROKER
  int DEVICE_SUBSCRIPTION_RouteNotification(Usp__Msg *usp, int instance, char *subscribed_path);
  bool DEVICE_SUBSCRIPTION_MarkVendorLayerSubs(int broker_instance, subs_notify_t notify_type, char *path, int group_id);
-Index: obuspa-10.0.0.2/src/core/device_controller.c
+Index: obuspa-10.0.6.0/src/core/device_controller.c
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/device_controller.c
-+++ obuspa-10.0.0.2/src/core/device_controller.c
-@@ -968,6 +968,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
+--- obuspa-10.0.6.0.orig/src/core/device_controller.c
++++ obuspa-10.0.6.0/src/core/device_controller.c
+@@ -969,6 +969,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
      return USP_ERR_OK;
  }
  
@@ -96,11 +96,11 @@ Index: obuspa-10.0.0.2/src/core/device_controller.c
  /*********************************************************************//**
  **
  ** DEVICE_CONTROLLER_IsMTPConfigured
-Index: obuspa-10.0.0.2/src/core/msg_handler.c
+Index: obuspa-10.0.6.0/src/core/msg_handler.c
 ===================================================================
---- obuspa-10.0.0.2.orig/src/core/msg_handler.c
-+++ obuspa-10.0.0.2/src/core/msg_handler.c
-@@ -1220,6 +1220,15 @@ int ValidateUspRecord(UspRecord__Record
+--- obuspa-10.0.6.0.orig/src/core/msg_handler.c
++++ obuspa-10.0.6.0/src/core/msg_handler.c
+@@ -1344,6 +1344,15 @@ int ValidateUspRecord(UspRecord__Record
      usp_service_instance = USP_BROKER_GetUspServiceInstance(rec->from_id, 0);
  #endif
  

obuspa/patches/2002-max_controllers.patch

@@ -1,8 +1,8 @@
-Index: obuspa-10.0.0.1/src/core/mqtt.c
+Index: obuspa-10.0.6.0/src/core/mqtt.c
 ===================================================================
---- obuspa-10.0.0.1.orig/src/core/mqtt.c
-+++ obuspa-10.0.0.1/src/core/mqtt.c
-@@ -259,6 +259,8 @@ void MqttSubscriptionDestroy(mqtt_subscr
+--- obuspa-10.0.6.0.orig/src/core/mqtt.c
++++ obuspa-10.0.6.0/src/core/mqtt.c
+@@ -265,6 +265,8 @@ void SaveMqttPublishErrMsg(const char *f
  #define DEFINE_MQTT_TrustCertVerifyCallbackIndex(index) \
  int MQTT_TrustCertVerifyCallback_##index (int preverify_ok, X509_STORE_CTX *x509_ctx) \
  {\
@@ -11,7 +11,7 @@ Index: obuspa-10.0.0.1/src/core/mqtt.c
      return DEVICE_SECURITY_TrustCertVerifyCallbackWithCertChain(preverify_ok, x509_ctx, &mqtt_clients[index].cert_chain);\
  }
  
-@@ -269,6 +271,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
+@@ -275,6 +277,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(2);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(3);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(4);
@@ -23,7 +23,7 @@ Index: obuspa-10.0.0.1/src/core/mqtt.c
  // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
  
  //------------------------------------------------------------------------------------
-@@ -279,10 +286,15 @@ ssl_verify_callback_t* mqtt_verify_callb
+@@ -285,10 +292,15 @@ ssl_verify_callback_t* mqtt_verify_callb
      MQTT_TrustCertVerifyCallbackIndex(2),
      MQTT_TrustCertVerifyCallbackIndex(3),
      MQTT_TrustCertVerifyCallbackIndex(4),

obuspa/patches/2004-mqtt-dualstack-fallback.patch

@@ -1,7 +1,7 @@
-diff --git a/src/core/mqtt.c b/src/core/mqtt.c
-index 70978501b1..96119fe080 100644
---- a/src/core/mqtt.c
-+++ b/src/core/mqtt.c
+Index: obuspa-10.0.7.0/src/core/mqtt.c
+===================================================================
+--- obuspa-10.0.7.0.orig/src/core/mqtt.c
++++ obuspa-10.0.7.0/src/core/mqtt.c
 @@ -53,6 +53,7 @@
  #include <openssl/bio.h>
  #include <openssl/err.h>
@@ -10,7 +10,7 @@ index 70978501b1..96119fe080 100644
  #include <mosquitto.h>
  
  #include "mqtt.h"
-@@ -201,8 +202,9 @@ int EnableMosquitto(mqtt_client_t *client);
+@@ -206,8 +207,9 @@ int EnableMosquitto(mqtt_client_t *clien
  void SetupCallbacks(mqtt_client_t *client);
  void QueueUspConnectRecord_MQTT(mqtt_client_t *client, mtp_send_item_t *msi, char *controller_topic, time_t expiry_time);
  int SendQueueHead(mqtt_client_t *client);
@@ -21,7 +21,7 @@ index 70978501b1..96119fe080 100644
  int ConnectSetEncryption(mqtt_client_t *client);
  void ConnectCallback(struct mosquitto *mosq, void *userdata, int result);
  void ConnectV5Callback(struct mosquitto *mosq, void *userdata, int result, int flags, const mosquitto_property *props);
-@@ -245,7 +247,7 @@ void HandleMqttReconnect(mqtt_client_t *client);
+@@ -250,7 +252,7 @@ void HandleMqttReconnect(mqtt_client_t *
  void HandleMqttReconnectAfterDisconnect(mqtt_client_t *client);
  void HandleMqttDisconnect(mqtt_client_t *client);
  void DisconnectIfAllSubscriptionsFailed(mqtt_client_t *client);
@@ -30,7 +30,7 @@ index 70978501b1..96119fe080 100644
  void RemoveMqttQueueItem(mqtt_client_t *client, mqtt_send_item_t *queued_msg);
  void RemoveExpiredMqttMessages(mqtt_client_t *client);
  void ParseSubscribeTopicsFromConnack(mqtt_client_t *client, mosquitto_property *prop);
-@@ -2350,6 +2352,143 @@ int SendQueueHead(mqtt_client_t *client)
+@@ -2380,6 +2382,143 @@ int SendQueueHead(mqtt_client_t *client)
      return err;
  }
  
@@ -174,7 +174,7 @@ index 70978501b1..96119fe080 100644
  /*********************************************************************//**
  **
  ** IsMqttBrokerUp
-@@ -2364,109 +2503,92 @@ int SendQueueHead(mqtt_client_t *client)
+@@ -2394,109 +2533,92 @@ int SendQueueHead(mqtt_client_t *client)
  ** \return  true if the MQTT Broker is up, false otherwise
  **
  **************************************************************************/
@@ -343,7 +343,7 @@ index 70978501b1..96119fe080 100644
      }
  
      return result;
-@@ -2487,18 +2609,20 @@ void Connect(mqtt_client_t *client)
+@@ -2517,18 +2639,20 @@ void Connect(mqtt_client_t *client)
  {
      int err = USP_ERR_OK;
      bool is_up;
@@ -367,7 +367,7 @@ index 70978501b1..96119fe080 100644
  
      // Exit if failed to connect
      if (err != USP_ERR_OK)
-@@ -2531,7 +2655,7 @@ exit:
+@@ -2561,7 +2685,7 @@ exit:
  ** \return  USP_ERR_INTERNAL_ERROR if failed to connect (and should retry)
  **
  **************************************************************************/
@@ -376,7 +376,7 @@ index 70978501b1..96119fe080 100644
  {
      int version;
      mosquitto_property *proplist = NULL;
-@@ -2601,19 +2725,19 @@ int PerformMqttClientConnect(mqtt_client_t *client)
+@@ -2631,19 +2755,19 @@ int PerformMqttClientConnect(mqtt_client
      // We do this to prevent the data model thread from potentially being blocked, whilst the connect call is taking place
      OS_UTILS_UnlockMutex(&mqtt_access_mutex);
  

obuspa/patches/2005-set-sql-journal-mode.patch

@@ -1,28 +0,0 @@
-diff --git a/src/core/database.c b/src/core/database.c
-index 7ad9dae..edebd7c 100644
---- a/src/core/database.c
-+++ b/src/core/database.c
-@@ -955,6 +955,7 @@ void DATABASE_Dump(void)
- int OpenUspDatabase(char *db_file)
- {
-     int err;
-+    char *err_msg = 0;
- 
-     // Exit if unable to open the database
-     err = sqlite3_open(db_file, &db_handle);
-@@ -965,6 +966,15 @@ int OpenUspDatabase(char *db_file)
-         return USP_ERR_INTERNAL_ERROR;
-     }
- 
-+    // Execute the PRAGMA statement
-+    const char *sql = "PRAGMA journal_mode = MEMORY;";
-+    err = sqlite3_exec(db_handle, sql, 0, 0, &err_msg);
-+    if (err != SQLITE_OK) {
-+        USP_LOG_Error("%s: Failed to set journal_mode: %s", __func__, err_msg);
-+        sqlite3_free(err_msg);
-+        return USP_ERR_INTERNAL_ERROR;
-+    }
-+
-     // Exit if unable to create the data model parameter table (if it does not already exist)
-     #define CREATE_TABLE_STR "create table if not exists data_model (hash integer, instances text, value text, primary key (hash, instances));"
-     err = sqlite3_exec(db_handle, CREATE_TABLE_STR, NULL, NULL, NULL);

obuspa/patches/2006-force-db-update.patch

@@ -1,23 +0,0 @@
-diff --git a/src/core/database.c b/src/core/database.c
-index 7ad9dae..0bf9c90 100644
---- a/src/core/database.c
-+++ b/src/core/database.c
-@@ -1479,3 +1479,7 @@ int GetAllEntriesForParameter(db_hash_t hash, kv_vector_t *kvv)
-     return result;
- }
- 
-+void DATABASE_force_reset_file()
-+{
-+    schedule_factory_reset_init = true;
-+}
-diff --git a/src/core/database.h b/src/core/database.h
-index c88cf3a..376aa7a 100644
---- a/src/core/database.h
-+++ b/src/core/database.h
-@@ -67,5 +67,6 @@ void DATABASE_Dump(void);
- int DATABASE_ReadDataModelInstanceNumbers(bool remove_unknown_params);
- db_hash_t DATABASE_GetMigratedHash(db_hash_t hash);
- 
-+void DATABASE_force_reset_file();
- #endif
- 

packet-capture-diagnostics/files/scripts/packetcapture

@@ -97,15 +97,13 @@ packet_capture_launch() {
 	fi
 
 	if [ -n "${interface}" ]; then
-		intf=$(ifstatus "${interface}" | jq ".l3_device")
+		intf=$(ifstatus "${interface}" | jsonfilter -e '$.l3_device')
 
 		if [ -z "${intf}" ]; then
 			# Error
 			packet_capture_error "Error_Internal" "${proto}"
 			return
 		fi
-
-		intf=$(eval echo "${intf}")
 	fi
 
 	cmd="timeout ${duration} tcpdump -w ${filename}"

parental-control/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=parental-control
-PKG_VERSION:=1.4.1
+PKG_VERSION:=1.3.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=bd852e8b0a6528893917fb89e2ea27a8920f6280
+PKG_SOURCE_VERSION:=7ae6eaa6cc946ed05693bc84c61edbb16b1727bd
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

parental-control/files/etc/init.d/parentalcontrol

@@ -12,9 +12,7 @@ validate_global_section() {
 	uci_validate_section parentalcontrol globals globals \
 	    'enable:bool:1' \
 	    'loglevel:uinteger:3' \
-	    'queue_num:uinteger:53' \
 	    'bundle_path:string' \
-	    'default_wan_interface:string:wan' \
 	    'urlfilter:bool'
 }
 
@@ -26,12 +24,11 @@ remove_fw_rules() {
 }
 
 configure_fw_rules() {
-	local enable urlfilter queue_num
+	local enable urlfilter
 
 	config_load parentalcontrol
 	config_get_bool enable globals enable 0
 	config_get_bool urlfilter globals urlfilter 0
-	config_get queue_num globals queue_num 53
 
 	remove_fw_rules
 
@@ -40,11 +37,6 @@ configure_fw_rules() {
 		return 0
 	fi
 
-	if [ "${queue_num}" -lt 0 ] || [ "${queue_num}" -gt 65535 ]; then
-	        log "ERROR: queue_num not in 0-65535"
-		return 1
-	fi
-
 	if [ "${urlfilter}" -eq "1" ]; then
 		if [ ! -f "${OVERRIDE_JSON}" ]; then
 			# throw error
@@ -60,7 +52,7 @@ configure_fw_rules() {
 			fi
 
 			# this is for urlfilter daemon
-			add_iptables_nfqueue_rules "$queue_num"
+			add_iptables_nfqueue_rules
 		fi
 	fi
 
@@ -115,7 +107,7 @@ start_service() {
 
 	procd_open_instance "parentalcontrol"
 	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
-	procd_append_param command -l "${loglevel}"
+	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
 	procd_close_instance
 }
@@ -128,19 +120,11 @@ stop_service() {
 }
 
 reload_service() {
-	local arg="$1"
-
 	ret=$(ubus call service list '{"name":"parentalcontrol"}' | jsonfilter -qe '@.parentalcontrol.instances.parentalcontrol.running')
 	if [ "$ret" != "true" ]; then
 		stop
 		start
 	else
-		if [ "$arg" = "network" ]; then
-			pidof_sync="$(pidof sync_bundles.sh)"
-			[ -n "$pidof_sync" ] && kill "$pidof_sync"
-			sleep 5
-		fi
-
 		configure_fw_rules
 		copy_dhcp_leases
 		ubus send parentalcontrol.reload
@@ -148,19 +132,6 @@ reload_service() {
 }
 
 service_triggers() {
-	local enable urlfilter default_wan_interface
-
-	validate_global_section || {
-		return 1
-	}
-
-	if [ "${urlfilter}" = "1" ] && [ "$enable" = "1" ] && [ -n "$default_wan_interface" ]; then
-		log "Adding interface trigger for $default_wan_interface"
-		procd_open_trigger
-		procd_add_interface_trigger "interface.*.up" "$default_wan_interface" /etc/init.d/parentalcontrol reload "network"
-		procd_close_trigger
-	fi
-
 	procd_add_reload_trigger "parentalcontrol"
 	procd_add_reload_trigger "schedules"
 }

parental-control/files/lib/parentalcontrol/parentalcontrol.sh

@@ -438,118 +438,102 @@ add_internet_schedule_rules() {
 }
 
 add_iptables_nfqueue_rules() {
-    local queue_num="$1"
+	local filter_used
 
-    # Check if urlfilter used
-    if ! uci show parentalcontrol | grep -q profile_urlfilter; then
-        return
-    fi
+	# Check if urlfilter used
+	if ! uci show parentalcontrol | grep -q profile_urlfilter; then
+		return
+	fi
 
-    # IPv4
-    # FORWARD
-    if ! iptables -w -nL | grep -q "URLFILTER_FORWARD"; then
-        iptables -w -N URLFILTER_FORWARD
-        iptables -w -I FORWARD 1 -j URLFILTER_FORWARD
+	# IPv4 rules
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		iptables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        # capture DNS responses (sport 53)
-        iptables -w -A URLFILTER_FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_FORWARD -p udp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
+		# INPUT: DNS replies to router, skip loopback
+		iptables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-        # HTTP/HTTPS flows
-        iptables -w -A URLFILTER_FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
+		# OUTPUT: DNS replies from router, skip loopback
+		iptables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # INPUT
-    if ! iptables -w -nL | grep -q "URLFILTER_INPUT"; then
-        iptables -w -N URLFILTER_INPUT
-        iptables -w -I INPUT 1 -j URLFILTER_INPUT
+		# HTTP/HTTPS flows for urlfilter
+		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        iptables -w -A URLFILTER_INPUT -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_INPUT -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 
-    # OUTPUT
-    if ! iptables -w -nL | grep -q "URLFILTER_OUTPUT"; then
-        iptables -w -N URLFILTER_OUTPUT
-        iptables -w -I OUTPUT 1 -j URLFILTER_OUTPUT
+	# IPv6 rules
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# capture DNS responses (UDP/TCP sport 53) in FORWARD
+		ip6tables -w -I FORWARD 1 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        iptables -w -A URLFILTER_OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
+		# INPUT: DNS replies to router, skip loopback
+		ip6tables -w -I INPUT 1 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 1 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # ebtables bypass for IPv4
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 6  --ip-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 6  --ip-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53    -j SKIPLOG 2>/dev/null
+		# OUTPUT: DNS replies from router, skip loopback
+		ip6tables -w -I OUTPUT 1 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I OUTPUT 1 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # IPv6
-    # FORWARD
-    if ! ip6tables -w -nL | grep -q "URLFILTER_FORWARD6"; then
-        ip6tables -w -N URLFILTER_FORWARD6
-        ip6tables -w -I FORWARD 1 -j URLFILTER_FORWARD6
+		# HTTP/HTTPS flows for urlfilter
+		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        ip6tables -w -A URLFILTER_FORWARD6 -p tcp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_FORWARD6 -p udp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-
-        ip6tables -w -A URLFILTER_FORWARD6 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_FORWARD6 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # INPUT
-    if ! ip6tables -w -nL | grep -q "URLFILTER_INPUT6"; then
-        ip6tables -w -N URLFILTER_INPUT6
-        ip6tables -w -I INPUT 1 -j URLFILTER_INPUT6
-
-        ip6tables -w -A URLFILTER_INPUT6 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_INPUT6 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # OUTPUT
-    if ! ip6tables -w -nL | grep -q "URLFILTER_OUTPUT6"; then
-        ip6tables -w -N URLFILTER_OUTPUT6
-        ip6tables -w -I OUTPUT 1 -j URLFILTER_OUTPUT6
-
-        ip6tables -w -A URLFILTER_OUTPUT6 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_OUTPUT6 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # ebtables bypass for IPv6
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6  --ip6-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6  --ip6-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53    -j SKIPLOG 2>/dev/null
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 }
 
 remove_iptables_nfqueue_rules() {
-    # IPv4
-    for chain in URLFILTER_FORWARD URLFILTER_INPUT URLFILTER_OUTPUT; do
-        if iptables -w -nL | grep -q "$chain"; then
-            iptables -w -D FORWARD -j $chain 2>/dev/null
-            iptables -w -D INPUT   -j $chain 2>/dev/null
-            iptables -w -D OUTPUT  -j $chain 2>/dev/null
-            iptables -w -F $chain
-            iptables -w -X $chain
-        fi
-    done
+	iptables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		# DNS response rules
+		iptables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
 
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 6  --ip-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 6  --ip-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53    -j SKIPLOG 2>/dev/null
+		# HTTP/HTTPS
+		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # IPv6
-    for chain in URLFILTER_FORWARD6 URLFILTER_INPUT6 URLFILTER_OUTPUT6; do
-        if ip6tables -w -nL | grep -q "$chain"; then
-            ip6tables -w -D FORWARD -j $chain 2>/dev/null
-            ip6tables -w -D INPUT   -j $chain 2>/dev/null
-            ip6tables -w -D OUTPUT  -j $chain 2>/dev/null
-            ip6tables -w -F $chain
-            ip6tables -w -X $chain
-        fi
-    done
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6  --ip6-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6  --ip6-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53    -j SKIPLOG 2>/dev/null
+	ip6tables -w -nL FORWARD | grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		# DNS response rules
+		ip6tables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT  -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num 0 --queue-bypass
+
+		# HTTP/HTTPS
+		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 }
 
 remove_internet_schedule_rules() {

parental-control/files/lib/parentalcontrol/sync_bundles.sh

@@ -161,23 +161,7 @@ handle_download_url() {
 		# If the URL is HTTP, fetch the file size
 		local bundle_file_size
 		if echo "$sanitized_url" | grep -qE "^https?://"; then
-			bundle_file_header="$(curl -Is --max-time 30 "$sanitized_url" 2>/var/log/urlfilter_curl_err.log)"
-			curl_rc=$?
-
-			case $curl_rc in
-				0)
-					# Success
-					;;
-				6|7|28|35|52|55|56)
-					log_info "handle_download_url: URL not reachable (curl rc=$curl_rc): ${sanitized_url}"
-					return 1
-					;;
-				*)
-					log_info "handle_download_url: unexpected curl rc=$curl_rc for ${sanitized_url}"
-					;;
-			esac
-
-			bundle_file_size="$(echo "$bundle_file_header" | grep -i 'content-length' | cut -d: -f2 | xargs)"
+			bundle_file_size="$(curl -I "$sanitized_url" 2>&1 | grep -i 'content-length' | cut -d: -f2 | xargs)"
 			[ -z "$bundle_file_size" ] && bundle_file_size=0
 		else
 			# If it's a file:// URL, get the file size from the filesystem

passwdqc/Makefile

@@ -30,7 +30,7 @@ define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		CC="$(TARGET_CC)" \
 		LDFLAGS="$(TARGET_LDFLAGS)" \
-		all_wrapped
+		pam_wrapped
 endef
 
 define Package/$(PKG_NAME)/install
@@ -39,9 +39,6 @@ define Package/$(PKG_NAME)/install
 
 	$(INSTALL_DIR) $(1)/usr/lib/security
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/pam_passwdqc.so $(1)/usr/lib/security/
-
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/pwqcheck $(1)/usr/sbin/
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

periodicstats/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=periodicstats
-PKG_VERSION:=1.5.18
+PKG_VERSION:=1.6.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/periodicstats.git
-PKG_SOURCE_VERSION:=2772d77bd477adfdf513499fda11397107996d21
+PKG_SOURCE_VERSION:=63c65f55d00442f5bc1f5a3100abf94e52cd0075
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

peripheral_manager/Makefile

@@ -1,60 +0,0 @@
-#
-# Copyright (C) 2019 iopsys
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=peripheral_manager
-PKG_VERSION:=1.0.6
-PKG_RELEASE:=1
-
-PKG_SOURCE_VERSION:=21522c2003b8c61904acc61ff97e54fc9b0c3c92
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/peripheral-manager
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_LICENSE:=GPLv2
-PKG_LICENSE_FILES:=LICENSE
-
-# support parallel build
-PKG_BUILD_PARALLEL:=1
-
-# run install target when cross compiling. basically, make install DESTDIR=$(PKG_INSTALL_DIR)
-# this way we don't need to pick out the resulting files from the build dir.
-PKG_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-define Package/peripheral_manager
-	CATEGORY:=Utilities
-	TITLE:=Application deamon for handling of peripheral
-	URL:=
-	DEPENDS:=+libuci +libubus +libblobmsg-json
-endef
-
-define Package/peripheral_manager/description
-	Application handling peripheral
-endef
-
-CMAKE_OPTIONS +=  \
-		-DCMAKE_BUILD_TYPE:String="Release" \
-
-define Package/peripheral_manager/install
-	$(CP) ./files/* $(1)/
-	$(INSTALL_DIR) $(1)/etc/
-	$(INSTALL_DIR) $(1)/etc/init.d/
-	$(INSTALL_DIR) $(1)/sbin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/peripheral_manager $(1)/sbin/
-#	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gpio_test $(1)/sbin/
-endef
-
-$(eval $(call BuildPackage,peripheral_manager))

peripheral_manager/files/etc/init.d/ledmngr

@@ -1,62 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=20
-USE_PROCD=1
-
-setled() {
-	local enable
-	local brightness
-
-	config_get_bool enable $1 enable 1
-	config_get brightness $1 brightness 100
-	ubus call led.$1 set "{\"enable\":$enable,\"brightness\":$brightness}"
-}
-
-start_service() {
-	local enable
-
-	config_load leds
-	config_foreach setled led
-	config_get_bool enable leds enable 1
-
-	if [ "$enable" == "0" ]; then
-		ubus call leds set  '{"state" : "alloff"}'
-	else
-		ubus call leds set  '{"state" : "normal"}'
-	fi
-}
-
-boot() {
-	local led ledname
-
-	ubus list led* >/dev/null || sleep 1
-	ubus list led* >/dev/null || sleep 1
-
-	[ -f /etc/config/leds ] || touch /etc/config/leds
-
-	if ! uci -q get leds.leds >/dev/null; then
-		uci set leds.leds=leds
-		uci set leds.leds.enable=1
-	fi
-
-	for led in $(ubus list led.*); do
-		ledname=${led:4}
-		case $ledname in
-			*phy*) continue ;;
-		esac
-		if ! uci -q  get leds.$ledname >/dev/null; then
-			uci set leds.$ledname=led
-			uci set leds.$ledname.enable=1
-		fi
-	done
-
-	uci commit leds
-
-	start
-}
-
-service_triggers()
-{
-	procd_add_reload_trigger "leds"
-}
-

peripheral_manager/files/etc/init.d/peripheral_manager

@@ -1,25 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=12
-STOP=89
-
-USE_PROCD=1
-NAME=peripheral_manager
-PROG=/sbin/peripheral_manager
-
-start_service() {
-	procd_open_instance
-	procd_set_param command "$PROG" -f
-	procd_set_param respawn
-	procd_close_instance
-}
-
-service_running() {
-	ubus -t 2 wait_for led.status
-	ubus call led.status set '{"state":"notice"}'
-	ubus -t 2 wait_for buttons
-}
-
-stop_service() {
-    ubus call leds set '{"state":"alloff"}'
-}

peripheral_manager/files/sbin/ledctl

@@ -1,19 +0,0 @@
-#!/bin/sh
-
-usage () {
-	echo "Usage: ledctl [normal|test|allon|alloff|production]"
-	exit 1
-}
-
-[ $# -ne 1 ] && usage
-ledstate=$(echo $1 | tr 'A-Z' 'a-z')
-
-case $ledstate in
-	normal|test|allon|alloff|production)
-		ubus call leds set "{\"state\" : \"$ledstate\"}"
-	;;
-	*)
-		usage
-	;;
-esac
-

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -114,6 +114,7 @@ hw_init_all() {
     export TMP_HW_QUEUE_LIST=""
     echo clear > /proc/ifc_debug
     echo reinit > /proc/ifc_debug
+    echo 'set mode 0 2' 2> /dev/null > /proc/tc3162/fe_acnt_mapping # Accounter #2 is used for meter #0, so we need re-assign IP flow accounting mode (mode 0) to #2.
 
     for tc in $(seq 0 7); do
         rm -rf "/tmp/qos/dscp_values_${tc}_4"
@@ -434,6 +435,4 @@ hw_commit_all() {
             /userfs/bin/ifc add vip pbit $pbit
         done
     fi
-
-    hw_nat -! > /dev/null 2>&1
 }

qosmngr/files/airoha/lib/qos/policer.sh

@@ -98,7 +98,7 @@ handle_policer() {
 # Configure policer based on UCI subtree 'qos.policer'
 configure_policer() {
     # initialize ratelimit params
-    /userfs/bin/femgr ratelimit set rx_mode 1 2
+    /userfs/bin/femgr ratelimit set rx_mode 1 2 0
     /userfs/bin/qdmamgr_wan set general_rx_init enable trtcm 8 125
 
     for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do

qosmngr/files/airoha/lib/qos/qos.sh

@@ -22,10 +22,6 @@ ip_rule_get_converted_tos() {
 	echo $con_tos
 }
 
-flush_hw_nat() {
-	hw_nat -! > /dev/null 2>&1
-}
-
 configure_qos() {
     # queue configuration is being done after shaper configuration,
     # If port shapingrate configuration on DISC device is called after queue configuration then
@@ -37,9 +33,8 @@ configure_qos() {
     configure_policer
     configure_classify
     if [ -f "/tmp/qos/classify.ebtables" ]; then
-        sh /tmp/qos/classify.ebtables
+	    sh /tmp/qos/classify.ebtables
     fi
-    flush_hw_nat
 }
 
 reload_qos() {
@@ -70,7 +65,6 @@ reload_qos() {
             ;;
     esac
     hw_commit_all
-    flush_hw_nat
 }
 
 reload_qos_service() {

qosmngr/files/airoha/lib/qos/shaper.sh

@@ -42,7 +42,7 @@ handle_shaper() {
 # Configure shaper based on options saved to UCI tree 'qos.shaper'
 configure_shaper() {
     # initialize ratelimit params
-    /userfs/bin/femgr ratelimit set rx_mode 0 2
+    /userfs/bin/femgr ratelimit set rx_mode 0 2 0
     /userfs/bin/qdmamgr_lan set general_rx_init enable trtcm 8 125
 
     # Delete existing shaper

qosmngr/files/airoha/usr/sbin/qos-uplink-bandwidth

@@ -14,13 +14,11 @@ PREV_LINKSPEED=$(cat ${LINKSPEED_FILE} 2>/dev/null)
 [ -z "${PREV_LINKSPEED}" ] && PREV_LINKSPEED=0
 
 if [ $((LINKSPEED)) -ne $((PREV_LINKSPEED)) -a $((LINKSPEED)) -ne 0 ]; then
-	if [ $((LINKSPEED)) -ge 100 ]; then
+	if [ $((LINKSPEED)) -ge 10000 ]; then
 		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000*999/1000))
 	else
-		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000*990/1000))
+		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000))
 	fi
 	mkdir -p "/tmp/qos"
 	echo ${LINKSPEED} > ${LINKSPEED_FILE}
-
-	hw_nat -! > /dev/null 2>&1
 fi

quickjs/Makefile

@@ -5,8 +5,8 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/bellard/quickjs.git
-PKG_SOURCE_DATE:=2022-03-06
-PKG_SOURCE_VERSION:=2788d71e823b522b178db3b3660ce93689534e6d
+PKG_SOURCE_DATE:=2025-07-09
+PKG_SOURCE_VERSION:=1fdc768fdc8571300755cdd3e4654ce99c0255ce
 PKG_MIRROR_HASH:=skip
 PKG_LICENSE:=MIT
 
@@ -31,15 +31,30 @@ define Package/quickjs/description
 endef
 
 MAKE_FLAGS = \
-	prefix=/usr \
-	CONFIG_SMALL=y \
+	PREFIX=/usr \
 	EXTRA_LIBS="-latomic" \
 	CROSS_PREFIX="$(TARGET_CROSS)"
 
+define Build/Compile
+	# The upstream Makefile uses the same CFLAGS for host and target builds,
+	# which breaks cross-compilation. We work around this by first building
+	# the host tools ('host-qjsc', 'unicode_gen') with the host compiler
+	# and flags.
+	# We still pass MAKE_FLAGS so the upstream Makefile knows we're cross-compiling.
+	CFLAGS="$(HOST_CFLAGS)" \
+	LDFLAGS="$(HOST_LDFLAGS)" \
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		$(MAKE_FLAGS) \
+		host-qjsc unicode_gen
+
+	# Then we proceed with the default build process for the target binaries.
+	# Make should not rebuild the host tools as they are already up-to-date.
+	$(call Build/Compile/Default)
+endef
+
 define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/lib/quickjs
+	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/quickjs/libquickjs.a $(1)/usr/lib/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/quickjs/libquickjs.lto.a $(1)/usr/lib/
 	$(INSTALL_DIR) $(1)/usr/include/quickjs
 	$(CP) $(PKG_INSTALL_DIR)/usr/include/quickjs/quickjs.h $(1)/usr/include/quickjs/
 	$(CP) $(PKG_INSTALL_DIR)/usr/include/quickjs/quickjs-libc.h $(1)/usr/include/quickjs/

quickjs/patches/000-build-options.patch

@@ -1,87 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 49b1f6f..2c96eae 100644
---- a/Makefile
-+++ b/Makefile
-@@ -33,6 +33,8 @@ CONFIG_LTO=y
- #CONFIG_WERROR=y
- # force 32 bit build for some utilities
- #CONFIG_M32=y
-+# build with -Os instead of -O2
-+#CONFIG_SMALL=y
- 
- ifdef CONFIG_DARWIN
- # use clang instead of gcc
-@@ -52,6 +54,13 @@ CONFIG_BIGNUM=y
- 
- OBJDIR=.obj
- 
-+CFLAGS_ENV:=$(CFLAGS)
-+LDFLAGS_ENV:=$(LDFLAGS)
-+
-+HOST_BUILD=
-+CFLAGS=$(if $(HOST_BUILD),,$(CFLAGS_ENV))
-+LDFLAGS=$(if $(HOST_BUILD),,$(LDFLAGS_ENV))
-+
- ifdef CONFIG_WIN32
-   ifdef CONFIG_M32
-     CROSS_PREFIX=i686-w64-mingw32-
-@@ -66,7 +75,7 @@ endif
- ifdef CONFIG_CLANG
-   HOST_CC=clang
-   CC=$(CROSS_PREFIX)clang
--  CFLAGS=-g -Wall -MMD -MF $(OBJDIR)/$(@F).d
-+  CFLAGS += -g -Wall -MMD -MF $(OBJDIR)/$(@F).d
-   CFLAGS += -Wextra
-   CFLAGS += -Wno-sign-compare
-   CFLAGS += -Wno-missing-field-initializers
-@@ -87,7 +96,7 @@ ifdef CONFIG_CLANG
- else
-   HOST_CC=gcc
-   CC=$(CROSS_PREFIX)gcc
--  CFLAGS=-g -Wall -MMD -MF $(OBJDIR)/$(@F).d
-+  CFLAGS += -g -Wall -MMD -MF $(OBJDIR)/$(@F).d
-   CFLAGS += -Wno-array-bounds -Wno-format-truncation
-   ifdef CONFIG_LTO
-     AR=$(CROSS_PREFIX)gcc-ar
-@@ -110,9 +119,13 @@ endif
- CFLAGS+=$(DEFINES)
- CFLAGS_DEBUG=$(CFLAGS) -O0
- CFLAGS_SMALL=$(CFLAGS) -Os
-+ifdef CONFIG_SMALL
-+CFLAGS_OPT=$(CFLAGS) -Os
-+else
- CFLAGS_OPT=$(CFLAGS) -O2
-+endif
- CFLAGS_NOLTO:=$(CFLAGS_OPT)
--LDFLAGS=-g
-+LDFLAGS+=-g
- ifdef CONFIG_LTO
- CFLAGS_SMALL+=-flto
- CFLAGS_OPT+=-flto
-@@ -195,6 +208,8 @@ qjsc$(EXE): $(OBJDIR)/qjsc.o $(QJS_LIB_OBJS)
- 
- ifneq ($(CROSS_PREFIX),)
- 
-+$(QJSC): HOST_BUILD=1
-+
- $(QJSC): $(OBJDIR)/qjsc.host.o \
-     $(patsubst %.o, %.host.o, $(QJS_LIB_OBJS))
- 	$(HOST_CC) $(LDFLAGS) -o $@ $^ $(HOST_LIBS)
-@@ -262,6 +277,8 @@ run-test262-32: $(patsubst %.o, %.m32.o, $(OBJDIR)/run-test262.o $(QJS_LIB_OBJS)
- $(OBJDIR)/%.o: %.c | $(OBJDIR)
- 	$(CC) $(CFLAGS_OPT) -c -o $@ $<
- 
-+$(OBJDIR)/%.host.o: HOST_BUILD=1
-+
- $(OBJDIR)/%.host.o: %.c | $(OBJDIR)
- 	$(HOST_CC) $(CFLAGS_OPT) -c -o $@ $<
- 
-@@ -286,6 +303,8 @@ $(OBJDIR)/%.check.o: %.c | $(OBJDIR)
- regexp_test: libregexp.c libunicode.c cutils.c
- 	$(CC) $(LDFLAGS) $(CFLAGS) -DTEST -o $@ libregexp.c libunicode.c cutils.c $(LIBS)
- 
-+unicode_gen: HOST_BUILD=1
-+
- unicode_gen: $(OBJDIR)/unicode_gen.host.o $(OBJDIR)/cutils.host.o libunicode.c unicode_gen_def.h
- 	$(HOST_CC) $(LDFLAGS) $(CFLAGS) -o $@ $(OBJDIR)/unicode_gen.host.o $(OBJDIR)/cutils.host.o
- 

quickjs/patches/000-fix_std_loadFile.patch

@@ -1,15 +1,12 @@
 diff --git a/quickjs-libc.c b/quickjs-libc.c
-index e180dd0..76182d2 100644
+index 54a7a15..a64c4d6 100644
 --- a/quickjs-libc.c
 +++ b/quickjs-libc.c
-@@ -358,12 +358,89 @@ fail:
+@@ -385,12 +385,86 @@ fail:
      return JS_EXCEPTION;
  }
  
-+// For reading files that are not seekable, per second answer from stackoverflow:
-+// https://stackoverflow.com/questions/14002954/c-programming-how-to-read-the-whole-file-contents-into-a-buffer
-+
-+#define  READALL_CHUNK  10*1024
++#define READALL_CHUNK (10*1024)
 +
 +static int readall(FILE *f, JSContext *ctx, uint8_t **dataptr, size_t *sizeptr)
 +{
@@ -90,10 +87,10 @@ index e180dd0..76182d2 100644
      size_t buf_len;
 -    long lret;
 +    long lret = 0;
-     
+ 
      f = fopen(filename, "rb");
      if (!f)
-@@ -371,7 +448,7 @@ uint8_t *js_load_file(JSContext *ctx, size_t *pbuf_len, const char *filename)
+@@ -398,7 +472,7 @@ uint8_t *js_load_file(JSContext *ctx, size_t *pbuf_len, const char *filename)
      if (fseek(f, 0, SEEK_END) < 0)
          goto fail;
      lret = ftell(f);
@@ -102,7 +99,7 @@ index e180dd0..76182d2 100644
          goto fail;
      /* XXX: on Linux, ftell() return LONG_MAX for directories */
      if (lret == LONG_MAX) {
-@@ -387,13 +464,19 @@ uint8_t *js_load_file(JSContext *ctx, size_t *pbuf_len, const char *filename)
+@@ -414,13 +488,19 @@ uint8_t *js_load_file(JSContext *ctx, size_t *pbuf_len, const char *filename)
          buf = malloc(buf_len + 1);
      if (!buf)
          goto fail;

quickjs/patches/001-no-fenv-dtoa-libbf.patch

@@ -1,106 +0,0 @@
-diff --git a/quickjs.c b/quickjs.c
-index 7916013..3936eec 100644
---- a/quickjs.c
-+++ b/quickjs.c
-@@ -67,6 +67,16 @@
- #define CONFIG_PRINTF_RNDN
- #endif
- 
-+#ifdef CONFIG_PRINTF_RNDN
-+#if !defined(FE_DOWNWARD) || !defined(FE_UPWARD)
-+#ifdef CONFIG_BIGNUM
-+#define CONFIG_DTOA_LIBBF
-+#else
-+#error "CONFIG_BIGNUM required if printf is RNDN and there is no fenv support"
-+#endif
-+#endif
-+#endif
-+
- /* define to include Atomics.* operations which depend on the OS
-    threads */
- #if !defined(EMSCRIPTEN)
-@@ -11299,6 +11309,11 @@ static char *i64toa(char *buf_end, int64_t n, unsigned int base)
-     return q;
- }
- 
-+/* maximum buffer size for js_dtoa */
-+#define JS_DTOA_BUF_SIZE 128
-+
-+#ifndef CONFIG_DTOA_LIBBF
-+
- /* buf1 contains the printf result */
- static void js_ecvt1(double d, int n_digits, int *decpt, int *sign, char *buf,
-                      int rounding_mode, char *buf1, int buf1_size)
-@@ -11318,9 +11333,6 @@ static void js_ecvt1(double d, int n_digits, int *decpt, int *sign, char *buf,
-     *decpt = atoi(buf1 + n_digits + 2 + (n_digits > 1)) + 1;
- }
- 
--/* maximum buffer size for js_dtoa */
--#define JS_DTOA_BUF_SIZE 128
--
- /* needed because ecvt usually limits the number of digits to
-    17. Return the number of digits. */
- static int js_ecvt(double d, int n_digits, int *decpt, int *sign, char *buf,
-@@ -11429,6 +11441,8 @@ static void js_fcvt(char *buf, int buf_size, double d, int n_digits)
-     js_fcvt1(buf, buf_size, d, n_digits, rounding_mode);
- }
- 
-+#endif /* CONFIG_DTOA_LIBBF */
-+
- /* radix != 10 is only supported with flags = JS_DTOA_VAR_FORMAT */
- /* use as many digits as necessary */
- #define JS_DTOA_VAR_FORMAT   (0 << 0)
-@@ -11442,8 +11456,10 @@ static void js_fcvt(char *buf, int buf_size, double d, int n_digits)
- /* XXX: slow and maybe not fully correct. Use libbf when it is fast enough.
-    XXX: radix != 10 is only supported for small integers
- */
--static void js_dtoa1(char *buf, double d, int radix, int n_digits, int flags)
-+static JSValue js_dtoa(JSContext *ctx,
-+                       double d, int radix, int n_digits, int flags)
- {
-+    char buf[JS_DTOA_BUF_SIZE];
-     char *q;
- 
-     if (!isfinite(d)) {
-@@ -11465,6 +11481,25 @@ static void js_dtoa1(char *buf, double d, int radix, int n_digits, int flags)
-         ptr = i64toa(buf1 + sizeof(buf1), i64, radix);
-         strcpy(buf, ptr);
-     } else {
-+#ifdef CONFIG_DTOA_LIBBF
-+        bf_flags_t bf_flags;
-+    generic_conv:
-+        bf_flags = BF_RNDNA;
-+        switch (flags & 3) {
-+        case JS_DTOA_VAR_FORMAT:
-+            bf_flags |= BF_FTOA_FORMAT_FREE_MIN;
-+            break;
-+        case JS_DTOA_FIXED_FORMAT:
-+            bf_flags |= BF_FTOA_FORMAT_FIXED;
-+            break;
-+        case JS_DTOA_FRAC_FORMAT:
-+            bf_flags |= BF_FTOA_FORMAT_FRAC;
-+            break;
-+        }
-+        if (flags & JS_DTOA_FORCE_EXP)
-+            bf_flags |= BF_FTOA_FORCE_EXP;
-+        return js_ftoa(ctx, JS_NewFloat64(ctx, d), radix, n_digits, bf_flags);
-+#else /* CONFIG_DTOA_LIBBF */
-         if (d == 0.0)
-             d = 0.0; /* convert -0 to 0 */
-         if (flags == JS_DTOA_FRAC_FORMAT) {
-@@ -11528,14 +11563,8 @@ static void js_dtoa1(char *buf, double d, int radix, int n_digits, int flags)
-                 sprintf(q, "%d", p);
-             }
-         }
-+#endif /* CONFIG_DTOA_LIBBF */
-     }
--}
--
--static JSValue js_dtoa(JSContext *ctx,
--                       double d, int radix, int n_digits, int flags)
--{
--    char buf[JS_DTOA_BUF_SIZE];
--    js_dtoa1(buf, d, radix, n_digits, flags);
-     return JS_NewString(ctx, buf);
- }
- 

sshmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sshmngr
-PKG_VERSION:=1.0.6
+PKG_VERSION:=1.1.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/sshmngr.git
-PKG_SOURCE_VERSION:=0c7d58a51d6f5eb4ad33e03630206bbb4e559779
+PKG_SOURCE_VERSION:=dc0e3933231680aec844d587d49fefbc0cc7f8d7
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.1.1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=24cb862a27b4282668b434044a20fdc2c437316b
+PKG_SOURCE_VERSION:=08195779cbc2d1d7410cb324b9e35692b0579a7e
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.1.8
+PKG_VERSION:=5.1.1
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=89f778534565e4ee9cea80fe881e9739c83d4c57
+PKG_SOURCE_VERSION:=7f646ecf643967f4b4b2c545a31bbef0514b34bc
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,7 +28,7 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa +sulu-vendorext
+	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa
 	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
 	EXTRA_DEPENDS:=nginx
 endef
@@ -98,12 +98,8 @@ define Package/sulu/install/Default
 	$(INSTALL_DIR) $(1)/sulu/
 	$(INSTALL_DIR) $(1)/etc/sulu
 
-	$(INSTALL_DATA) ./files/maintenance.html $(1)/sulu/
-	$(LN) /tmp/sulu $(1)/sulu/connection
-
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
 	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
-	$(INSTALL_BIN) ./files/etc/sulu/sulu_watcher.sh $(1)/etc/sulu/
 
 	$(INSTALL_DIR) $(1)/etc/users/roles
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
@@ -113,8 +109,6 @@ define Package/sulu/install/Default
 ifneq ($(CONFIG_SULU_DEFAULT_UI)$(CONFIG_SULU_BUILDER_DEFAULT_UI),)
 	$(INSTALL_DATA) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
 endif
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/
 endef
 
 define Package/sulu/install/Post

sulu/sulu-builder/files/etc/init.d/sulu

@@ -1,15 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=9
-STOP=01
-
-USE_PROCD=1
-
-PROG=/etc/sulu/sulu_watcher.sh
-
-start_service()
-{
-	procd_open_instance "sulu"
-	procd_set_param command ${PROG}
-	procd_close_instance "sulu"
-}

sulu/sulu-builder/files/etc/sulu/nginx.locations

@@ -8,10 +8,6 @@ location /sitemap.xml {
 	return 200 "User-agent: *\nDisallow: /\n";
 }
 
-location /maintenance.html {
-	internal;
-}
-
 location /wss {
 	proxy_pass_request_headers      on;
 	proxy_cache        off;
@@ -50,10 +46,7 @@ location / {
 		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
 		add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
 	}
-
-	if (!-f $document_root/connection/ready) {
-		return 503;
-	}
-
+	add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+	add_header Pragma 'no-cache';
 	expires 0;
 }

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -4,6 +4,7 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+#. /lib/functions/iopsys-environment.sh
 
 RESTART_REQ=0
 _RESTART_SERVICES="0"
@@ -169,20 +170,18 @@ _create_mosquitto_acl() {
 
 	users="$(_get_sulu_user_roles)"
 	if [ -f "${ACL_FILE}" ]; then
-		acl_users="$(awk '/^user / {print $2}' "${ACL_FILE}")"
-		for user in ${acl_users}; do
-			if ! echo "$users" | grep -qwF "$user"; then
+		acl_users="$(awk '/^user/ {print $2}' "${ACL_FILE}")"
+		for user in ${users}; do
+			if ! grep -q "$user" "${acl_users}"; then
 				rm -f "${ACL_FILE}"
-				RESTART_REQ="1"
-				break
 			fi
 		done
 	fi
-	[ -f "${ACL_FILE}" ] || touch "${ACL_FILE}"
+	touch "${ACL_FILE}"
 
 	agentid="$(_get_agent_id)"
 	for user in ${users}; do
-		if ! grep -qxF "user $user" "${ACL_FILE}"; then
+		if ! grep -q "user $user" "${ACL_FILE}"; then
 			{
 				echo "user ${user}"
 				echo "topic read  /usp/${agentid}/${user}/controller/reply-to"
@@ -201,7 +200,9 @@ _create_mosquitto_acl() {
 }
 
 update_obuspa_config() {
+
 	RESTART_REQ=0
+	uci_load obuspa
 	_update_obuspa_config_rbac
 	uci_commit obuspa
 
@@ -217,7 +218,7 @@ configure_sulu() {
 	generate_sulu_conn_config
 }
 
-while getopts ":r" opt; do
+while getopts ":rq" opt; do
 	case ${opt} in
 	r)
 		_RESTART_SERVICES="1"

sulu/sulu-builder/files/etc/sulu/sulu_watcher.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-if ! command -v obuspa >/dev/null 2>&1; then
-	exit 0
-fi
-
-USP_PATH="/tmp/sulu/"
-
-log() {
-	logger -t sulu_watcher "$*"
-}
-
-wait_for_obuspa() {
-	while true; do
-		ENDPOINTID="$(obuspa -c get Device.LocalAgent.EndpointID |grep Device.|awk '{print $3}')"
-		sleep 2
-		if [ -n "${ENDPOINTID}" ]; then
-			break;
-		fi
-	done
-}
-
-mark_usp_ready() {
-	mkdir -p "${USP_PATH}"
-	touch ${USP_PATH}/ready
-}
-
-wait_for_obuspa
-mark_usp_ready

sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config

@@ -1,16 +1,15 @@
 #!/bin/sh
 
-. /lib/functions.sh
 UCI_TEMPLATE="/etc/nginx/uci.conf.template"
 
 if [ ! -f "/etc/config/mosquitto" ]; then
-	logger -t sulu.ucidefault "Local mosquitto broker not available"
-	return 1
+	echo "Local mosquitto broker not available"
+	return 0
 fi
 
 if [ ! -f "${UCI_TEMPLATE}" ]; then
-	logger -t sulu.ucidefault "nginx utils not installed, sulu can't run"
-	return 1
+	echo "nginx utils not installed, sulu can't run"
+	return 0
 fi
 
 update_nginx_uci_template()
@@ -20,7 +19,7 @@ update_nginx_uci_template()
 	port="$(uci -q get mosquitto.sulu.port)"
 	port="${port:-9009}"
 
-	if ! grep -w "upstream websocket" ${UCI_TEMPLATE} | grep -wq "127.0.0.1:${port}"; then
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
 		sed -i '/#UCI_HTTP_CONFIG$/i\   map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
 		sed -i "/#UCI_HTTP_CONFIG$/i\   upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}
 	fi
@@ -28,30 +27,36 @@ update_nginx_uci_template()
 
 add_sulu_config_to_mosquitto()
 {
-	uci_add mosquitto listener sulu
-	uci_set mosquitto sulu enabled 1
-	uci_set mosquitto sulu port '9009'
-	uci_set mosquitto sulu no_remote_access '1'
-	uci_set mosquitto sulu protocol 'websockets'
-	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-	uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
+	fi
 }
 
 add_sulu_userinterface_uci()
 {
-	if [ -f "/etc/config/userinterface" ]; then
+	uci_load userinterface
+
+	if ! uci_get userinterface _sulu_s >/dev/null 2>&1; then
 		uci_add userinterface http_access _sulu_s
 		uci_set userinterface _sulu_s path_prefix '/sulu'
 		uci_set userinterface _sulu_s port '8443'
-		uci_set userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations'
+		uci_add_list userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations'
 		uci_set userinterface _sulu_s _nginx_uci_manage_ssl 'self-signed'
 		uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt'
 		uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
 		uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none'
-		uci_set userinterface _sulu_s _nginx_error_page '503 /maintenance.html'
 		uci_set userinterface _sulu_s protocol 'HTTPS'
-		uci_set userinterface _sulu_s role 'admin user'
+		uci_add_list userinterface _sulu_s role 'admin'
+		uci_add_list userinterface _sulu_s role 'user'
+	fi
 
+	if ! uci_get userinterface _suluredirect >/dev/null 2>&1; then
 		uci_add userinterface http_access _suluredirect
 		uci_set userinterface _suluredirect redirect '_sulu_s'
 		uci_set userinterface _suluredirect protocol 'HTTP'

sulu/sulu-builder/files/etc/uci-defaults/41-make-sulu-default-ui

@@ -2,16 +2,23 @@
 
 . /lib/functions.sh
 
+uci_load nginx
+# this is to make sure to not mess up existing config
+if uci_get nginx _sulu_s >/dev/null 2>&1; then
+  exit 0
+fi
+
 update_default_nginx_listner() {
-  if [ ! -f "/etc/config/nginx" ]; then
-    return 0
+
+  if [ ! -f /etc/config/nginx ]; then
+    return
   fi
 
   if ! uci_get nginx _lan >/dev/null 2>&1; then
-    return 0
+    return
   fi
 
-  if ! opkg list-installed | grep -q "^luci "; then
+  if ! opkg list-installed |grep -q "luci "; then
     echo "Luci not installed, removing luci config"
     uci_remove nginx _lan
     uci_remove nginx _redirect2ssl
@@ -21,7 +28,7 @@ update_default_nginx_listner() {
     uci_add_list nginx _lan listen "[::]:8443 ssl default_server"
 
     if ! uci_get nginx _redirect2ssl >/dev/null 2>&1; then
-        return 0
+        return
     fi
 
     uci_remove nginx _redirect2ssl listen
@@ -32,19 +39,17 @@ update_default_nginx_listner() {
 }
 
 move_sulu_to_443_and_80() {
-  if ! config_load userinterface; then
-    return 0
+  uci_load userinterface
+  if [ ! -f /etc/config/userinterface ]; then
+    return
   fi
 
   set_port() {
-    local protocol port
-
+    local protocol
     config_get protocol "$1" protocol
-    config_get port "$1" port
-
-    if [ "$protocol" == "HTTPS" ] && [ "${port}" -eq "8443" ]; then
+    if [ "$protocol" == "HTTPS" ]; then
       uci_set userinterface "$1" port "443"
-    elif [ "$protocol" == "HTTP" ] && [ "${port}" -eq "8080" ]; then
+    elif [ "$protocol" == "HTTP" ]; then
       uci_set userinterface "$1" port "80"
     fi
   }

sulu/sulu-builder/files/etc/users/roles/admin.json

@@ -6,7 +6,554 @@
     "permission": [
       {
         "object": "Device.",
-        "perm": ["PERMIT_ALL"]
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Reboot()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SelfTestDiagnostics()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.FactoryReset()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Time.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UPnP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Bridging.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Ethernet.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv6.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Hosts.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.NAT.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Firewall.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_SET",
+          "PERMIT_SUBS_VAL_CHANGE"
+        ]
+      },
+      {
+        "object": "Device.Firewall.DMZ.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PPP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LANConfigSecurity.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SoftwareModules.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.Users.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.Subscription.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.WiFi.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SSH.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.CycleElement.{i}.Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
       }
     ]
   }