map-agent: 6.3.6.8

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.16.6.2
+PKG_VERSION:=1.16.6.1
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=aa480554461c82e6f6f44ee6c23108d3e44fce21
+PKG_SOURCE_VERSION:=fd9b465de588f05d5449d0ce66ef1bb1da9c74b9
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

bridgemngr/Makefile

@@ -5,13 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.18.2
+PKG_VERSION:=1.0.17
 
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
-PKG_SOURCE_VERSION:=71ed529be038392071b0399bcfe9d46e89d3cb46
+PKG_SOURCE_VERSION:=36e6e8319a95dad3bccfe9f2d8a298b39c6ce86b
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.1.8
+PKG_VERSION:=6.2.1.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b7e294d7c610adfd80cf40a0628c189695dc5156
+PKG_SOURCE_VERSION:=ca92325ece080389ffb405c95048b64071eda653
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dslmngr/files/airoha/sbin/xdsl_wan

@@ -5,8 +5,6 @@ source "/lib/functions/network.sh"
 source "/lib/functions/system.sh"
 
 PREVLINK=""
-LINK=""
-LINKSPEED=""
 PREVWANMODE=""
 WANMODE=""
 CONFIGURED=0
@@ -62,7 +60,7 @@ create_atm_devices() {
 }
 
 configure_line() {
-	local mode profile bitswap sra us0 sesdrop sos roc ginp gvector mod prof
+	local mode profile bitswap sra us0 sesdrop sos ginp mod prof
 	local adsl1_flag=0 issue2_flag=0 Glite_flag=0 adsl2_flag=0 adsl2p_flag=0 vdsl2_flag=0
 	local pro_8a_flag=0 pro_8b_flag=0 pro_8c_flag=0 pro_8d_flag=0 pro_12a_flag=0 pro_12b_flag=0 pro_17a_flag=0 pro_30a_flag=0 pro_35b_flag=0
 
@@ -72,9 +70,8 @@ configure_line() {
 	config_get sra $1 sra "1"
 	config_get us0 $1 us0 "1"
 	config_get sos $1 sos "0"
-	config_get roc $1 roc "0"
-	config_get ginp $1 ginp "1"
-	config_get gvector $1 gvector "1"
+	config_get sos $1 roc "0"
+	config_get sos $1 ginp "0"
 
 	for mod in $mode; do
 		[ "$mod" = "gdmt" ] && adsl1_flag=1
@@ -99,7 +96,6 @@ configure_line() {
 
 	/userfs/bin/blapi_cmd xdsl set_adsl_profile "$pro_8a_flag" "$pro_8b_flag" "$pro_8c_flag" "$pro_8d_flag" "$pro_12a_flag" "$pro_12b_flag" "$pro_17a_flag" "$pro_30a_flag" "$pro_35b_flag"
 	/userfs/bin/blapi_cmd xdsl set_adsl_mode "$adsl1_flag" "$issue2_flag" "$Glite_flag" "$adsl2_flag" "$adsl2p_flag" "$vdsl2_flag"
-	/userfs/bin/blapi_cmd xdsl set_adsl_gvector "$((!gvector))"
 	/userfs/bin/blapi_cmd xdsl set_adsl_ginp "$((!ginp))"
 	/userfs/bin/blapi_cmd xdsl set_adsl_sos_roc "$((!sos))" "$((!roc))"
 	/userfs/bin/blapi_cmd xdsl set_adsl_us0 "$((!us0))"
@@ -152,12 +148,6 @@ while [ true ]; do
 
 	if [ "$LINK" != "$PREVLINK" -a \( "$LINK" = "down" -o "$LINK" = "up" \) ]; then
 		if [ "$LINK" = "down" ]; then
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				rm -rf /tmp/qos/wan_link_shape_rate
-				rm -rf /tmp/qos/wan_link_speed
-				/usr/sbin/qos-uplink-bandwidth
-			fi
-
 			[ "$CONFIGURED" -eq 0 ] && configure_lines # Needs to be done once the slave SoC is in down state and we've not been able to auto-sync.
 			if [ -n "$WANMODE" ]; then
 				if [ "$WANMODE" = "PTM" ]; then
@@ -234,26 +224,6 @@ while [ true ]; do
 
 			call_wan_hotplug "up" "$WANPORT"
 			PREVWANMODE="$WANMODE"
-
-			if [ ! -s /tmp/qos/wan_link_shape_rate ]; then
-				LINKSPEED="$(awk '/far-end interleaved channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-				LINKSPEED=$((LINKSPEED))
-				if [ "$LINKSPEED" -eq 0 ]; then
-					LINKSPEED="$(awk '/far-end fast channel bit rate/{print $6}' /proc/tc3162/adsl_stats)"
-					LINKSPEED=$((LINKSPEED))
-				fi
-
-				if [ "$LINKSPEED" -ne 0 ]; then
-					mkdir -p /tmp/qos
-					touch /tmp/qos/wan_link_shape_rate
-
-					/userfs/bin/qosrule discpline Rate uplink-bandwidth ${LINKSPEED}
-					hw_nat -! > /dev/null 2>&1
-				else
-					rm -rf /tmp/qos/wan_link_speed
-					/usr/sbin/qos-uplink-bandwidth
-				fi
-			fi
 		fi
 
 		# Toggle link state

firewallmngr/Config.in

@@ -8,11 +8,5 @@ config FIREWALLMNGR_PORT_TRIGGER
 	help
 	   Set this option to include support for PortTrigger object.
 
-config FIREWALLMNGR_NAT_INTERFACE_SETTING
-	bool "Include Device.NAT.InterfaceSetting"
-	default n
-	help
-	   Set this option to include support for NAT InterfaceSetting object.
-
 endmenu
 endif

firewallmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.9.1
+PKG_VERSION:=1.0.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
-PKG_SOURCE_VERSION:=3ce0550dbbc49617c36202fc8d63e453467a246e
+PKG_SOURCE_VERSION:=77ad8425b73a3ac63f6160dc217635394ac87907
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -52,10 +52,6 @@ ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
 	TARGET_CFLAGS += -DINCLUDE_PORT_TRIGGER
 endif
 
-ifeq ($(CONFIG_FIREWALLMNGR_NAT_INTERFACE_SETTING),y)
-	TARGET_CFLAGS += -DINCLUDE_NAT_IF_SETTING
-endif
-
 define Package/firewallmngr/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/uci-defaults

fluent-bit/Makefile

@@ -5,16 +5,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fluent-bit
-PKG_VERSION:=4.0.4
+PKG_VERSION:=4.0.2
 PKG_RELEASE:=$(AUTORELEASE)
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
-PKG_SOURCE_VERSION=v$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
+PKG_SOURCE_URL_FILE:=v$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit/archive/refs/tags/
+PKG_HASH:=aa0577ba7251081c8d5398b2a905b5b0585bb657ca13b39a5e12931437516f08
 endif
 
 PKG_LICENSE:=Apache-2.0
@@ -66,9 +65,9 @@ CMAKE_OPTIONS += \
 	-DFLB_IN_DISK=Yes \
 	-DFLB_IN_EXEC=Yes \
 	-DFLB_IN_HEAD=Yes \
-	-DFLB_IN_KMSG=Yes \
 	-DFLB_IN_TAIL=Yes \
 	-DFLB_IN_FORWARD=No \
+	-DFLB_IN_KMSG=No \
 	-DFLB_IN_PROC=No \
 	-DFLB_IN_RANDOM=No \
 	-DFLB_IN_SERIAL=No \

fluent-bit/files/fluent-bit.conf

@@ -9,10 +9,6 @@
     tag             syslog
     path            /dev/log
 
-[INPUT]
-    name            kmsg
-    tag             kernel
-
 [OUTPUT]
     name            null
     match           *

fluent-bit/patches/0002-add_hostname_to_log_dump.patch

@@ -0,0 +1,45 @@
+diff --git a/plugins/out_file/file.c b/plugins/out_file/file.c
+index 2e47c9666..95d28e438 100644
+--- a/plugins/out_file/file.c
++++ b/plugins/out_file/file.c
+@@ -27,6 +27,7 @@
+ #include <msgpack.h>
+ 
+ #include <stdio.h>
++#include <unistd.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+@@ -55,6 +56,7 @@ struct flb_file_conf {
+     int csv_column_names;
+     int mkdir;
+     struct flb_output_instance *ins;
++    char hostname[256];
+ };
+ 
+ static char *check_delimiter(const char *str)
+@@ -141,6 +143,9 @@ static int cb_file_init(struct flb_output_instance *ins,
+         }
+     }
+ 
++    if (gethostname(ctx->hostname, sizeof(ctx->hostname)) != 0)
++	    snprintf(ctx->hostname, sizeof(ctx->hostname), "%s", "localhost");
++
+     tmp = flb_output_get_property("delimiter", ins);
+     ret_str = check_delimiter(tmp);
+     if (ret_str != NULL) {
+@@ -233,12 +238,8 @@ static int template_output_write(struct flb_file_conf *ctx,
+     int i;
+     msgpack_object_kv *kv;
+ 
+-    /*
+-     * Right now we treat "{time}" specially and fill the placeholder
+-     * with the metadata timestamp (formatted as float).
+-     */
+-    if (!strncmp(key, "time", size)) {
+-        fprintf(fp, "%f", flb_time_to_double(tm));
++    if (!strncmp(key, "hostname", size)) {
++        fprintf(fp, "%s", ctx->hostname);
+         return 0;
+     }
+ 

fluent-bit/patches/0002-file_out_time.patch

@@ -1,27 +0,0 @@
-diff --git a/plugins/out_file/file.c b/plugins/out_file/file.c
-index 77baf6be8..04c519d5a 100644
---- a/plugins/out_file/file.c
-+++ b/plugins/out_file/file.c
-@@ -238,10 +238,20 @@ static int template_output_write(struct flb_file_conf *ctx,
- 
-     /*
-      * Right now we treat "{time}" specially and fill the placeholder
--     * with the metadata timestamp (formatted as float).
-+     * with the metadata timestamp.
-      */
-     if (!strncmp(key, "time", size)) {
--        fprintf(fp, "%f", flb_time_to_double(tm));
-+        struct tm tm_local;
-+        char buf[32];
-+        if (localtime_r(&tm->tm.tv_sec, &tm_local) == NULL) {
-+            flb_plg_error(ctx->ins, "localtime_r failed");
-+            return -1;
-+        }
-+        if (strftime(buf, sizeof(buf), "%b %d %H:%M:%S", &tm_local) == 0) {
-+            flb_plg_error(ctx->ins, "strftime failed");
-+            return -1;
-+        }
-+        fputs(buf, fp);
-         return 0;
-     }
- 

fluent-bit/patches/0020-fix_kmsg.patch

@@ -1,73 +0,0 @@
-diff --git a/plugins/in_kmsg/in_kmsg.c b/plugins/in_kmsg/in_kmsg.c
-index cd5c4cd17..15f105451 100644
---- a/plugins/in_kmsg/in_kmsg.c
-+++ b/plugins/in_kmsg/in_kmsg.c
-@@ -36,7 +36,6 @@
- #include <sys/stat.h>
- #include <sys/time.h>
- #include <inttypes.h>
--#include <time.h>
- 
- #include "in_kmsg.h"
- 
-@@ -123,12 +122,17 @@ static inline int process_line(const char *line,
-     ctx->buffer_id++;
- 
-     errno = 0;
--    val = strtol(p, &end, 10);
--    if ((errno == ERANGE && (val == INT_MAX || val == INT_MIN))
-+    val = strtoul(p, &end, 10);
-+    if ((errno == ERANGE && val == ULONG_MAX)
-         || (errno != 0 && val == 0)) {
-         goto fail;
-     }
- 
-+    /* ensure something was consumed */
-+    if (end == p) {
-+        goto fail;
-+    }
-+
-     /* Priority */
-     priority = FLB_KLOG_PRI(val);
- 
-@@ -144,24 +148,35 @@ static inline int process_line(const char *line,
-     }
-     p++;
- 
--    val = strtoul(p, &end, 10);
--    if ((errno == ERANGE && (val == INT_MAX || val == INT_MIN))
-+    val = strtoull(p, &end, 10);
-+    if ((errno == ERANGE && val == ULLONG_MAX)
-         || (errno != 0 && val == 0)) {
-         goto fail;
-     }
- 
-+    /* make sure strtoull consumed something */
-+    /* after the sequence number, the next char must be ',' */
-+    if (end == p || *end != ',') {
-+        goto fail;
-+    }
-+
-     sequence = val;
-     p = ++end;
- 
-     /* Timestamp */
--    val = strtoul(p, &end, 10);
--    if ((errno == ERANGE && (val == INT_MAX || val == INT_MIN))
-+    val = strtoull(p, &end, 10);
-+    if ((errno == ERANGE && val == ULLONG_MAX)
-         || (errno != 0 && val == 0)) {
-         goto fail;
-     }
- 
-+    /* ensure something was consumed */
-+    if (end == p) {
-+        goto fail;
-+    }
-+
-     tv.tv_sec  = val/1000000;
--    tv.tv_usec = val - (tv.tv_sec * 1000000);
-+    tv.tv_usec = val - ((uint64_t)tv.tv_sec * 1000000);
- 
-     flb_time_set(&ts, ctx->boot_time.tv_sec + tv.tv_sec, tv.tv_usec * 1000);
- 

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.3.3
+PKG_VERSION:=1.3.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=fee5bd0067fc1f30498bc2b81e893d170796b459
+PKG_SOURCE_VERSION:=3663ca4d001508509774115d6797b932f9ed4f69
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.9.9.4
+PKG_VERSION:=9.9.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=868f749f3fd61a094cc4792ea842a261443a99ad
+PKG_SOURCE_VERSION:=070e812e1bfb81a35a95a9c16cc20e8ffa6e30e4
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

icwmp/files/etc/config/cwmp

@@ -28,7 +28,6 @@ config cpe 'cpe'
 	option log_severity 'WARNING'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
-	option bind_retries '5'
 	option userid '' #$OUI-$SER
 	option passwd ''
 	option port '7547'

ieee1905/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.33
+PKG_VERSION:=8.7.32
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f28f1c04cae008d7d6448ba02b992506af28448c
+PKG_SOURCE_VERSION:=f1f653c0b7b53a243af889a4c8594aca42589045
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

iopsys-analytics/Makefile

@@ -33,7 +33,6 @@ define Package/$(PKG_NAME)
   DEPENDS+=                                             \
     +@PACKAGE_syslog-ng:SYSLOGNG_LOGROTATE              \
     +PACKAGE_fluent-bit:logrotate                       \
-    +@DMCLI_REMOTE_CONNECTION
 
 endef
 

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.2
+PKG_VERSION:=2.1.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=5f1184c52be19f3bfd3bc7e9bc582ef09b0a2b1c
+PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libdsl/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdsl
-PKG_VERSION:=7.3.2
+PKG_VERSION:=7.3.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/libdsl.git
-PKG_SOURCE_VERSION:=1aa9c40f9503311652e562617b1e15533257adcc
+PKG_SOURCE_VERSION:=2a7a49fac35c3d8078ffe051594c0425d355cacd
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.13.7
+PKG_VERSION:=7.13.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0b3cc45334c167d164c2c79e82522f13698abf92
+PKG_SOURCE_VERSION:=e5a8bc4985d91b0938bbdf2a46a99081408e5224
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -61,7 +61,7 @@ else
 endif
 
 ifneq ($(CONFIG_PACKAGE_kmod-mt7915e_en7523),)
-  TARGET_CFLAGS +=-DMT7915_VENDOR_EXT
+  TARGET_CFLAGS=-DMT7915_VENDOR_EXT
 endif
 
 PKG_BUILD_DEPENDS:=PACKAGE_kmod-mt7915e_en7523:mt76_en7523

linux-pam/Makefile

@@ -31,8 +31,8 @@ MESON_ARGS += \
 
 define Package/linux-pam/install
 	$(INSTALL_DIR) $(1)/usr/lib/security
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./linux_pam.init $(1)/etc/init.d/linux_pam
+	$(INSTALL_DIR) $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/pam_faillock.uci_default $(1)/etc/uci-defaults/99-add_pam_faillock
 endef
 
 $(eval $(call BuildPackage,linux-pam))

linux-pam/files/pam_faillock.uci_default

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+create_faillock_files()
+{
+	# also create files needed by pam_faillock
+	touch /var/log/faillock
+	chmod 700 /var/log/faillock
+	touch /var/log/btmp
+	chmod 700 /var/log/btmp
+}
+
+update_pam_common_auth()
+{
+	local file="/etc/pam.d/common-auth"
+	local deny=6
+	local unlock_time=300
+
+	# update pam_unix.so line
+	sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
+
+	# Insert pam_faillock lines before and after pam_unix.so
+	sed -i -E "/pam_unix.so nullok_secure/i auth     required       pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
+	sed -i -E "/pam_unix.so nullok_secure/a auth     [default=die]  pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
+}
+
+update_pam_common_account()
+{
+	# update account file
+	sed -i "/pam_unix.so/ i account  required       pam_faillock.so" /etc/pam.d/common-account
+}
+
+if [ -f "/usr/lib/security/pam_faillock.so" ]; then
+	update_pam_common_auth
+	update_pam_common_account
+	create_faillock_files
+fi
+
+if [ -f /etc/config/sshd ]; then
+	uci -q set sshd.@sshd[0].UsePAM=1
+	uci commit sshd
+fi
+
+exit 0

linux-pam/linux_pam.init

@@ -1,18 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=11
-STOP=90
-USE_PROCD=1
-
-create_faillock_files()
-{
-	# also create files needed by pam_faillock
-	touch /var/log/faillock
-	chmod 700 /var/log/faillock
-	touch /var/log/btmp
-	chmod 700 /var/log/btmp
-}
-
-boot() {
-	create_faillock_files
-}

logmngr/Config.in

@@ -1,5 +1,4 @@
 if PACKAGE_logmngr
-
 choice
 	prompt "Select backend for syslog management"
 	default LOGMNGR_BACKEND_FLUENTBIT
@@ -32,5 +31,4 @@ config LOGMNGR_VENDOR_LOG_FILE
 	default y
 	help
 		It adds support for Device.DeviceInfo.VendorLogFile. Object.
-
 endif

logmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=logmngr
-PKG_VERSION:=1.1.4
+PKG_VERSION:=1.0.17
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/logmngr.git
-PKG_SOURCE_VERSION:=62441fdfe14a39bff8fff7c62307bd7b54d7240f
+PKG_SOURCE_VERSION:=ad2636c642d56967e78c0c84bf82cb0e2b6311f2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -29,6 +29,7 @@ define Package/logmngr
  CATEGORY:=Utilities
  TITLE:=Logging Manager
  DEPENDS:=+LOGMNGR_BACKEND_FLUENTBIT:fluent-bit
+ DEPENDS+=+@LOGMNGR_BACKEND_FLUENTBIT:BUSYBOX_CONFIG_KLOGD
  DEPENDS+=+LOGMNGR_BACKEND_SYSLOG_NG:syslog-ng
  DEPENDS+=+LOGMNGR_LOGROTATE:logrotate
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
@@ -52,35 +53,31 @@ endif
 
 define Package/logmngr/install
 	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_BIN) ./files/logmngr.init $(1)/etc/init.d/logmngr
+
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/10-logmngr_config_generate $(1)/etc/uci-defaults/
 
-	$(INSTALL_BIN) ./files/etc/init.d/logmngr $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/etc/config/logmngr $(1)/etc/config/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/10-logmngr_config_migrate $(1)/etc/uci-defaults/
-
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1) core 10
-
-	# Install logmngr service backend
 	$(INSTALL_DIR) $(1)/lib/logmngr
 ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
+	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
+	$(INSTALL_DIR) $(1)/usr/libexec
+	$(INSTALL_BIN) ./files/logmngr-klogd $(1)/usr/libexec/
 	$(INSTALL_DIR) $(1)/sbin
 	$(INSTALL_BIN) ./files/logread $(1)/sbin/
-	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
-else ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
+endif
+ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/
 endif
-
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfsyslog.so $(1) core 10
 ifeq ($(CONFIG_LOGMNGR_LOGROTATE),y)
+	$(INSTALL_BIN) ./files/11-logmngr_logrotate_config_generate $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/lib/logmngr/logrotate.sh $(1)/lib/logmngr/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/11-logmngr_logrotate_syslog $(1)/etc/uci-defaults/
 	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbflogrotate.so $(1) sysmngr 11
 endif
-
 ifeq ($(CONFIG_LOGMNGR_VENDOR_LOG_FILE),y)
 	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libbbfvendorlog.so $(1) sysmngr 12
 endif
-
 endef
 
 $(eval $(call BuildPackage,logmngr))

logmngr/files/10-logmngr_config_generate

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+if uci -q get logmngr.@globals[0] >/dev/null; then
+	# return if there is any valid content
+	exit 0
+else
+	rm -f /etc/config/logmngr
+fi
+
+touch /etc/config/logmngr
+
+uci set logmngr.globals=globals
+uci set logmngr.globals.enable=1
+
+uci set logmngr.a1=action
+uci set logmngr.a1.name="ac1"
+
+uci set logmngr.lf1=log_file
+uci set logmngr.lf1.enable=1
+uci set logmngr.lf1.action="ac1"
+uci set logmngr.lf1.file="/var/log/messages"
+
+uci set logmngr.lr1=log_remote
+uci set logmngr.lr1.enable=0
+uci set logmngr.lr1.action="ac1"
+uci set logmngr.lr1.port="514"

logmngr/files/11-logmngr_logrotate_config_generate

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Adds a default log rotate policy if none exists
-if uci -q get logmngr.lro1 >/dev/null; then
+if uci -q get logmngr.@log_rotate[0] >/dev/null; then
 	# return if there is any valid content
 	exit 0
 fi

logmngr/files/etc/config/logmngr

@@ -1,26 +0,0 @@
-config globals 'globals'
-	option enable '1'
-
-config source 'default_source'
-	option name 'default_source'
-	option system_messages '1'
-	option kernel_messages '1'
-
-config template 'default_template'
-	option name 'default_template'
-	option expression '{time} {hostname} {ident}: {message}'
-
-config action 'default_action'
-	option name 'default_action'
-	list source 'default_source'
-	option template 'default_template'
-
-config log_file 'lf1'
-	option enable '1'
-	option action 'default_action'
-	option file '/var/log/messages'
-
-config log_remote 'lr1'
-	option enable '0'
-	option action 'default_action'
-	option port '514'

logmngr/files/etc/uci-defaults/10-logmngr_config_migrate

@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# check if this is a new type UCI or old type UCI
-if ! uci -q get logmngr.default_source > /dev/null; then
-	uci -q set logmngr.default_source=source
-	uci -q set logmngr.default_source.name='default_source'
-	uci -q set logmngr.default_source.system_messages='1'
-	uci -q set logmngr.default_source.kernel_messages='1'
-fi
-
-if ! uci -q get logmngr.default_template > /dev/null; then
-	uci -q set logmngr.default_template=template
-	uci -q set logmngr.default_template.name='default_template'
-	uci -q set logmngr.default_template.expression='{time} {hostname} {ident}: {message}'
-fi
-
-if uci -q get logmngr.a1 >/dev/null; then
-	uci -q rename logmngr.a1='default_action'
-	uci -q set logmngr.default_action.name='default_action'
-	uci -q set logmngr.default_action.template='default_template'
-
-	uci -q delete logmngr.default_action.source
-	uci -q add_list logmngr.default_action.source='default_source'
-fi
-
-if uci -q get logmngr.lf1 >/dev/null; then
-	uci -q rename logmngr.lf1='default_logfile'
-	uci -q set logmngr.default_logfile.action='default_action'
-fi
-
-if uci -q get logmngr.lr1 >/dev/null; then
-	uci -q rename logmngr.lr1='default_logremote'
-	uci -q set logmngr.default_logremote.action='default_action'
-fi
-
-exit 0

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -6,37 +6,6 @@
 CONF_FILE=/etc/fluent-bit/fluent-bit.conf
 TMP_CONF_FILE=/tmp/fluent-bit/fluent-bit.conf
 FLUENT_BIT_CONF_DIR=/etc/fluent-bit/conf.d
-PROCESSED_SYSLOG_TAGS=""
-PROCESSED_KMSG_TAGS=""
-
-# check if syslog source section is already processed
-# and add it to the list of processed source sections
-syslog_tag_already_processed() {
-	local tag="$1"
-
-	for t in $PROCESSED_SYSLOG_TAGS; do
-		[ "$t" = "$tag" ] && return 0
-	done
-
-	PROCESSED_SYSLOG_TAGS="$tag $PROCESSED_SYSLOG_TAGS"
-
-	return 1
-}
-
-# check if kmsg source section is already processed
-# and add it to the list of processed source sections
-# two separate functions used because we want to populate
-# appropriate PROCESSED variable
-kmsg_tag_already_processed() {
-	local tag="$1"
-	for t in $PROCESSED_KMSG_TAGS; do
-		[ "$t" = "$tag" ] && return 0
-	done
-
-	PROCESSED_KMSG_TAGS="$tag $PROCESSED_KMSG_TAGS"
-
-	return 1
-}
 
 append_conf() {
 	echo "$*" >> ${TMP_CONF_FILE}
@@ -51,276 +20,205 @@ create_config_file() {
 	# also, if no file is found then fluent-bit aborts
 	# so only add include if any file is present in the FLUENT_BIT_CONF_DIR
 	if [ -d "$FLUENT_BIT_CONF_DIR" ] && [ "$(ls -A "$FLUENT_BIT_CONF_DIR")" ]; then
-		append_conf "@INCLUDE ${FLUENT_BIT_CONF_DIR}/*"
+		echo "@INCLUDE ${FLUENT_BIT_CONF_DIR}/*" >> ${TMP_CONF_FILE}
 	fi
-	append_conf ""
+	echo "" >> ${TMP_CONF_FILE}
 }
 
 create_service_section() {
 	# the service section of the fluent-bit.conf file has hardcoded values,
 	# no need to lookup any uci section to configure this section
-	append_conf "[SERVICE]"
-	append_conf "    flush        1"
-	append_conf "    daemon       off"
-	append_conf "    log_level    info"
-	append_conf "    coro_stack_size    24576"
-	append_conf "    parsers_file /etc/fluent-bit/parsers.conf"
-	append_conf "    hot_reload        on"
-	append_conf ""
-}
-
-create_default_filters() {
-	append_conf "[FILTER]"
-	append_conf "    name            modify"
-	append_conf "    match           KM*"
-	append_conf "    add             ident   kernel"
-	append_conf "    rename          msg     message"
-	append_conf ""
-
-	append_conf "[FILTER]"
-	append_conf "    name            sysinfo"
-	append_conf "    match           *"
-	append_conf "    hostname_key    hostname"
-	append_conf ""
+	echo "[SERVICE]" >> ${TMP_CONF_FILE}
+	echo "    flush        1" >> ${TMP_CONF_FILE}
+	echo "    daemon       off" >> ${TMP_CONF_FILE}
+	echo "    log_level    info" >> ${TMP_CONF_FILE}
+	echo "    coro_stack_size    24576" >> ${TMP_CONF_FILE}
+	echo "    parsers_file /etc/fluent-bit/parsers.conf" >> ${TMP_CONF_FILE}
+	echo "    hot_reload        on" >> ${TMP_CONF_FILE}
+	echo "" >> ${TMP_CONF_FILE}
 }
 
 create_input_section() {
 	local tag="$1"
 
-	[ -z "$tag" ] && return
-
-	# check if this source section has already been processed
-	syslog_tag_already_processed "$tag" && return
-
-	append_conf "[INPUT]"
-	append_conf "    name        syslog"
-	append_conf "    unix_perm   0666"
-	append_conf "    tag         $tag"
-	append_conf "    path        /dev/log"
-	append_conf ""
+	# the input in our case is always syslog, hence, this section of the
+	# fluent-bit.conf file has hardcoded values as well that do not depend
+	# on any uci value
+	echo "[INPUT]" >> ${TMP_CONF_FILE}
+	echo "    name        syslog" >> ${TMP_CONF_FILE}
+	echo "    tag         $tag" >> ${TMP_CONF_FILE}
+	echo "    path        /dev/log" >> ${TMP_CONF_FILE}
+	echo "" >> ${TMP_CONF_FILE}
 }
 
-populate_allowed_logs() {
-	local facility_level sev_level
-	local section="$1"
+generate_facility_regex() {
+	local facility_level=$1
+	local pri=0
 
-	[ -z "$section" ] && return
-
-	# reset
-	match_pattern=""
-	facilities=""
-	all_facilities=0
-	kern_facility=0
-	severities=""
-	sev_compare=1
-	sev_action=0
-
-	# read config
-	config_get match_pattern $section pattern_match
-
-	config_get facility_level $section facility_level
-	config_get sev_level $section severity_level
-	config_get sev_compare $section severity_compare 1
-	config_get sev_action $section severity_action 0
-
-	# normalize facilities
-	if [ -n "$facility_level" ]; then
-		for f in $facility_level; do
-			if [ "$f" = "24" ]; then
-				all_facilities=1
-				# xargs is used to convert from new line separated numbers to space separated numbers
-				facilities="$(seq 0 23 | xargs)"
-				break
-			fi
-
-			if [ "$f" = "0" ]; then
-				kern_facility=1
-			fi
-		done
-
-		if [ "$all_facilities" -eq 0 ]; then
-			facilities="$facility_level"
-		fi
-	else
-		# default to "all facilities" when unset
-        	all_facilities=1
-	        facilities="$(seq 0 23 | xargs)"
-	fi
-
-	# normalize severities
-	case "$sev_level" in
-		8)  	# all severities
-			severities="$(seq 0 7 | xargs)"
-			;;
-		9)  	# none
-			severities="none"
-			;;
-		"") 	# unset, treat as "all"
-			severities="$(seq 0 7 | xargs)"
-			;;
-		*)
-			if [ "$sev_compare" = "0" ]; then
-				# equal
-				severities="$sev_level"
-			else
-				# equl or higher
-				severities="$(seq 0 $sev_level | xargs)"
-			fi
-			;;
-	esac
-}
-
-create_filter_section() {
-	local match_regex="$1"
-	local pattern="$2"
-
-	[ -z "$match_regex" ] && return
-
-	append_conf "[FILTER]"
-	append_conf "    name        grep"
-	append_conf "    match_regex       $match_regex"
-
-	# we need "logical_op or" only in non-pattern sections
-	if [ "$pattern" = "0" ]; then
-		append_conf "    logical_op  or" # handle multiple filters
-	fi
-}
-
-create_kmsg_input_section() {
-	local tag="$1"
-	local max_sev=7
-
-	[ -z "$tag" ] && return
-	kmsg_tag_already_processed "$tag" && return
-
-	if [ -c "/dev/kmsg" ]; then
-		append_conf "[INPUT]"
-		append_conf "    name       kmsg"
-		append_conf "    tag        $tag"
-
-		# check kern facility (0)
-		if [ "$all_facilities" -eq 1 ] || [ "$kern_facility" -eq 1 ]; then
-			if [ "$severities" != "none" ]; then
-				# severity filtering
-				# only EqualOrHigher is supported by Prio_Level
-				# and only Log action is supported
-				# so set Prio_Level = max severity
-				if [ "$sev_action" = "0" ] && [ "$sev_compare" = "1" ]; then
-					if [ -n "$severities" ]; then
-						max_sev=$(echo $severities | tr ' ' '\n' | sort -n | tail -1)
-					fi
-
-					append_conf "    prio_level $max_sev"
-				fi
-			fi
-		fi
-
-		append_conf ""
-
-		# if severities is none, or
-		# if kern facility has been excluded
-		# then we need to stop kernel logs
-		# sev_action and sev_compare is being checked because we don't want to work with rules that exclude logs
-		if [ "$severities" = "none" ] || { [ "$kern_facility" -eq 0 ] && [ "$all_facilities" -eq 0 ] && [ "$sev_action" = "0" ] && [ "$sev_compare" = "1" ]; }; then
-			# block all
-			# create a filter section that matches on KM* tag
-			# and excludes all messages
-			create_filter_section "KM*" "0"
-			append_conf "    exclude    message ^.*$"
-			append_conf ""
-		fi
-	fi
-}
-
-generate_syslog_filter() {
-	local param="regex"
-
-	[ "$sev_action" = "1" ] && param="exclude"
-
-	# start adding the fluent-bit filter section
-	create_filter_section "SL*" "0"
-
-	if [ "$severities" = "none" ]; then
-		append_conf "    exclude    pri ^.*$"
+	if [ "$facility_level" == "24" ]; then
+		# value 24 means all facility level, which is as good as not
+		# generating a filter section, so return
 		return
 	fi
 
-	for fval in $facilities; do
-		for sval in $severities; do
-			local pri=$((fval * 8 + sval))
-			append_conf "    $param        pri ^${pri}$"
+	# facility_level is a list value, hence, generate regex for
+	# each value
+	IFS=" "
+	for val in $facility_level; do
+		# as per rfc 5424 and 3164, pri in syslog msg is
+		# facility*8+severity. Severity value can range from 0-7 hence
+		# generate regex for each.
+		for sval in 0 1 2 3 4 5 6 7; do
+			pri=`expr $val \* 8 + $sval`
+			echo "    regex        pri $pri" >> ${TMP_CONF_FILE}
 		done
 	done
-
-	append_conf ""
 }
 
-generate_pattern_filter() {
-	local match_regex="$1"
-	local match_pattern="$2"
+generate_severity_regex() {
+	local sev_level="$1"
+	local sev_compare="$2"
+	local sev_action="$3"
 
-	[ -z "$match_regex" ] && return
-	[ -z "$match_pattern" ] && return
+	local pri=0
+	local param="exclude"
 
-	# start adding the fluent-bit filter section
-	create_filter_section "$match_regex" "1"
-	append_conf "    regex        message $match_pattern"
-	append_conf ""
+	if [ "$sev_action" == "0" ]; then
+		param="regex"
+	fi
+
+	local fval=0
+	if [ "$sev_compare" == "0" ]; then
+		# generate regex for all facility values, with severity=sev_level
+		while [ $fval -le 23 ] ; do
+			pri=`expr $fval \* 8 + $sev_level`
+			echo "    $param        pri $pri" >> ${TMP_CONF_FILE}
+			fval=$((fval + 1))
+		done
+	elif [ "$sev_compare" == "1" ]; then
+		# generate regex for all severity value greater than or equal to
+		# sev_level. please, lower value have higher precedence, so sev_level
+		# 0 which is emergency has higher precedence than error which is 3
+		while [ $fval -le 23 ] ; do
+			sval=0
+			while [ $sev_level -ge $sval ]; do
+				pri=`expr $fval \* 8 + $sval`
+				echo "    $param        pri $pri" >> ${TMP_CONF_FILE}
+				sval=$((sval + 1))
+			done
+			fval=$((fval + 1))
+		done
+	fi
+}
+
+handle_filter_conf() {
+	local section="$1" # config filter
+	local filter_name="$2"
+	local name
+
+	# no need to proceed if name of filter section is not one of the values
+	# listed in option filter in config action section
+	config_get name $section name
+	if [ "$name" != "$filter_name" ]; then
+		return
+	fi
+
+	# as per data model, at a time either facility_level or severity_level can
+	# be specified along with pattern_match. hence, first process and generate
+	# regex for pattern_match which is common in both condition. Next, we will
+	# process facility_level and return if facility level is defined and not
+	# process severity related params at all.
+
+	local pattern_match
+	config_get pattern_match $section pattern_match
+	if [ -n "$pattern_match" ]; then
+		echo "    regex        $pattern_match" >> ${TMP_CONF_FILE}
+	fi
+
+	local facility_level
+	config_get facility_level $section facility_level
+
+	if [ -n "$facility_level" ]; then
+		generate_facility_regex $facility_level
+		# return from here since if facility_level is defined, then no
+		# need to process severity_level
+		return
+	fi
+
+	local sev_level
+	local sev_compare
+	local sev_action
+	config_get sev_level $section severity_level
+
+	if [ -n "$sev_level" ]; then
+		# value 1 of severity compare corresponds to data model
+		# and system default which is EqualorHigher
+		config_get sev_compare $section severity_compare 1
+		# value 0 of severity action corresponds to data model
+		# and system default that is log
+		config_get sev_action $section severity_action 0
+
+		generate_severity_regex $sev_level $sev_compare $sev_action
+	fi
+}
+
+create_filter_section() {
+	local match="$1"
+
+	echo "[FILTER]" >> ${TMP_CONF_FILE}
+	echo "    name        grep" >> ${TMP_CONF_FILE}
+	echo "    match       $match" >> ${TMP_CONF_FILE}
+	echo "    logical_op  or" >> ${TMP_CONF_FILE} # handle multiple filters
+}
+
+handle_filter_ref() {
+	local filter_name="$1"
+	config_foreach handle_filter_conf filter "$filter_name"
 }
 
 handle_log_file() {
 	local section="$1" # out_file section
-	local linker="$2"
-	local match_regex="$3"
-	local template="$4"
+	local match="$2"
 	local action_ref
 
 	config_get action_ref $section action
-	if [ "$action_ref" != "$linker" ]; then
+	if [ "$action_ref" != "$match" ]; then
 		return
 	fi
 
 	local enabled
-	config_get_bool enabled $section enable
-	if [ "$enabled" = "0" ]; then
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
 		return
 	fi
 
 	local file
 	config_get file $section file
-	if [ -z "$file" ] || [ -z "$match_regex" ]; then
+	if [ -z "$file" ]; then
 		return
 	fi
 
-	append_conf "[OUTPUT]"
-	append_conf "    name         file"
-	append_conf "    workers      2"
-	append_conf "    match_regex  $match_regex"
-	append_conf "    file         $file"
-
-
-	if [ -n "$template" ]; then
-		append_conf "    format       template"
-		append_conf "    template     ${template}"
-	fi
-
-	append_conf ""
+	echo "[OUTPUT]" >> ${TMP_CONF_FILE}
+	echo "    name         file" >> ${TMP_CONF_FILE}
+	echo "    match        $match" >> ${TMP_CONF_FILE}
+	echo "    file         $file" >> ${TMP_CONF_FILE}
+	echo "    format       template" >> ${TMP_CONF_FILE}
+	echo "    template     {time} {hostname} {ident}: {message}" >> ${TMP_CONF_FILE}
 }
 
 handle_log_remote() {
 	local section="$1"
-	local linker="$2"
-	local match_regex="$3"
+	local match="$2"
 	local action_ref
 
 	config_get action_ref $section action
-	if [ "$action_ref" != "$linker" ]; then
+	if [ "$action_ref" != "$match" ]; then
 		return
 	fi
 
 	local enabled
-	config_get_bool enabled $section enable
-	if [ "$enabled" = "0" ]; then
+	config_get enabled $section enable
+	if [ "$enabled" == 0 ]; then
 		return
 	fi
 
@@ -330,167 +228,83 @@ handle_log_remote() {
 		return
 	fi
 
-	append_conf "[OUTPUT]"
-	append_conf "    name         syslog"
-	append_conf "    match_regex  $match_regex"
-	append_conf "    host         $address"
+	echo "[OUTPUT]" >> ${TMP_CONF_FILE}
+	echo "    name         syslog" >> ${TMP_CONF_FILE}
+	echo "    match        $match" >> ${TMP_CONF_FILE}
+	echo "    host         $address" >> ${TMP_CONF_FILE}
 	append_conf "    syslog_appname_key   ident"
 	append_conf "    syslog_procid_key    pid"
 	append_conf "    syslog_message_key   message"
-	append_conf "    syslog_hostname_key  hostname"
+
+	local hostname="$(uci -q get 'system.@system[0].hostname')"
+	if [ -n "${hostname}" ]; then
+		append_conf "    syslog_hostname_preset    ${hostname}"
+	fi
 
 	local proto # holds value tcp or udp
 	config_get proto ${section} proto
 	if [ -n "$proto" ]; then
 		if [ "$proto" == "tls" ]; then
-			append_conf "    mode         tcp"
-			append_conf "    tls          on"
+			echo "    mode         tcp" >> ${TMP_CONF_FILE}
+			echo "    tls          on" >> ${TMP_CONF_FILE}
 		else
-			append_conf "    mode         $proto"
+			echo "    mode         $proto" >> ${TMP_CONF_FILE}
 		fi
 	fi
 
 	local port
 	config_get port $section port
 	if [ -n "$port" ]; then
-		append_conf "    port         $port"
+		echo "    port         $port" >> ${TMP_CONF_FILE}
 	fi
 
 	local cert
 	local peer_verify
 	config_get cert $section cert
 	if [ -n "$cert" ]; then
-		append_conf "    tls.crt_file $cert"
+		echo "    tls.crt_file $cert" >> ${TMP_CONF_FILE}
 
-		config_get_bool peer_verify $section peer_verify
-		if [ "$peer_verify" = "1" ]; then
-			append_conf "    tls.verify     on"
+		config_get peer_verify $section peer_verify
+		if [ "$peer_verify" == "1" ]; then
+			echo "    tls.verify     on" >> ${TMP_CONF_FILE}
 		fi
 	fi
-	append_conf ""
-}
-
-resolve_source_section() {
-	local src_section="$1"
-	local linker="$2"
-	local src_name syslog_en kernel_en
-
-	config_get src_name "$src_section" name
-	[ "$src_name" = "$linker" ] || return
-
-	config_get_bool syslog_en "$src_section" system_messages 1
-	config_get_bool kernel_en "$src_section" kernel_messages 1
-
-	# create an input section using /dev/log or kmsg
-	# and store the tag in a variable
-	# so that later a regex can be made to match this tag
-	# which will be used in output section
-	if [ "$syslog_en" = "1" ]; then
-		source_tag_syslog="SL$src_name"
-		create_input_section "$source_tag_syslog"
-	fi
-
-	if [ "$kernel_en" = "1" ]; then
-		source_tag_kmsg="KM$src_name"
-		create_kmsg_input_section "$source_tag_kmsg"
-	fi
-}
-
-# get the value of option expression from the relevant section
-resolve_template_section() {
-	local tmpl_section="$1"
-	local tmpl_name
-
-	config_get tmpl_name "$tmpl_section" name
-	[ "$tmpl_name" = "$template_ref" ] || return
-
-	config_get template_expr "$tmpl_section" expression
-
-	[ -n "$template_expr" ] && echo "$template_expr"
-}
-
-# loop over template sections and get the value of option expression from the relevant section
-get_template_expression() {
-	local template_ref="$1"
-	[ -n "$template_ref" ] && config_foreach resolve_template_section template
-}
-
-# build a regex that will match all the tags supplied to this function
-build_match_regex() {
-	local tags="$1"
-	local first=1
-	local regex="^("
-	for tag in $tags; do
-		[ "$first" -eq 1 ] && first=0 || regex="$regex|"
-		regex="$regex$tag"
-	done
-	regex="$regex)\$"
-	echo "$regex"
-}
-
-handle_filter_conf() {
-	local section="$1" # config filter
-	local filter_name="$2"
-	local name
-
-	config_get name $section name
-	[ "$name" = "$filter_name" ] || return
-
-	populate_allowed_logs "$filter_name"
 }
 
 handle_action() {
-	local tag_regex filter source_ref template_ref source_sec log_template finst
-	local action_section="$1"
-	local source_tag_syslog source_tag_kmsg
+	local section="$1"
 
-	# shared variables set by populate_allowed_logs
-	match_pattern=""
-	facilities=""
-	all_facilities=0
-	kern_facility=1
-	severities=""
-	sev_compare=1
-	sev_action=0
+	local filter
+	config_get filter $section filter
 
-	config_get action_name "$action_section" name
-	config_get filter "$action_section" filter
-	config_get source_ref "$action_section" source
-	config_get template_ref "$action_section" template
+	# use config action option name as tag for input
+	local tag
+	config_get tag $section name
+	if [ -z "$tag" ]; then
+		return
+	fi
 
-	[ -z "$action_name" ] && return
-	[ -z "$source_ref" ] && return
-
-	# read filter section and populate relevant variables
-	# these variables will be used by create_kmsg_input_section
-	# generate_syslog_filter, and generate_pattern_filter functions
+	create_input_section $tag
 	if [ -n "$filter" ]; then
+		# the only fluentbit filter that is useful for the datamodel is
+		# grep. Also, fluentbit does not seem to handle multiple instances
+		# of FILTER of same kind. Hence, each filter section corresponding
+		# to an action entry in the uci would translate for us into a set of
+		# regex/exclude values instead of individual FILTER section per uci
+		# section filter is a list, treat according
+		create_filter_section $tag
+
+		IFS=" "
 		for finst in $filter; do
-			config_foreach handle_filter_conf filter "$finst"
+			handle_filter_ref $finst
 		done
 	fi
 
-	# Resolve referenced source sections
-	for source_sec in $source_ref; do
-		config_foreach resolve_source_section source "$source_sec"
-	done
-
-	# build a regex that will match all the sources for this action
-	tag_regex=$(build_match_regex "$source_tag_syslog $source_tag_kmsg")
-
-	if [ -n "$filter" ]; then
-		generate_pattern_filter "$tag_regex" "$match_pattern"
-		generate_syslog_filter
-	fi
-
-	# get the template expression if any is present
-	log_template="$(get_template_expression "$template_ref")"
-
-	# handle output, each action can be associated with an out_log and out_syslog
+	# handle output, each action can be associated with a out_log and out_syslog
 	# section so figure out if any out_log or out_syslog section is associated
 	# with this and action and setup output accordingly.
-	config_foreach handle_log_file log_file "$action_name" "$tag_regex" "$log_template"
-	config_foreach handle_log_remote log_remote "$action_name" "$tag_regex"
+	config_foreach handle_log_file log_file "$tag"
+	config_foreach handle_log_remote log_remote "$tag"
 }
 
 handle_action_section() {
@@ -506,14 +320,13 @@ logmngr_init() {
 
 	create_config_file
 	create_service_section
-	create_default_filters
 	handle_action_section
 
 	if [ -f /lib/logmngr/logrotate.sh ]; then
 		logrotate_init
 	fi
 
-	if [ "$enabled" = "0" ]; then
+	if [ "$enabled" == "0" ]; then
 		return
 	fi
 
@@ -527,4 +340,9 @@ logmngr_init() {
 	fi
 	procd_set_param respawn
 	procd_close_instance
+
+	procd_open_instance klogd
+	procd_set_param command /usr/libexec/logmngr-klogd
+	procd_set_param respawn
+	procd_close_instance
 }

logmngr/files/logmngr-klogd

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+until [ -S /dev/log ]; do
+	sleep 1
+done
+
+exec /sbin/klogd -n

map-agent/Config.in

@@ -55,10 +55,6 @@ config AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST
 config AGENT_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config AGENT_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping. Depends on libztdpp.so"
-	default n
-
 config AGENT_CHECK_PARTIAL_WIFI_RELOAD
 	bool "Option that allow SSID/PSK simple reload"
 	default y

map-agent/Makefile

@@ -1,14 +1,13 @@
 #
-# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-# Copyright (C) 2025 Genexis Sweden AB
+# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.7.0
+PKG_VERSION:=6.3.6.8
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ab9fa6ffc6978c84ab9a3b410d31c71c3b185430
+PKG_SOURCE_VERSION:=5790b643f8df05a8409527958b6927b5a3485f25
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -27,7 +26,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/map-agent
   SECTION:=utils
   CATEGORY:=Utilities
-  TITLE:=Wi-Fi Multi-AP Agent (EasyMesh R6)
+  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
   DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
 	   +ieee1905-map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp \
 	   +uuidgen +openssl-util +!TARGET_brcmbca:ebtables-legacy \
@@ -46,12 +45,9 @@ define Package/dynbhd
 	  +ieee1905-map-plugin +map-agent
 endef
 
-ifeq ($(CONFIG_AGENT_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
 
 define Package/map-agent/description
-  This package provides EasyMesh R6 compliant Wi-Fi Multi-AP Agent.
+ This package implements EasyMesh R2 compliant WiFi Agent.
 endef
 
 define Package/dynbhd/description

map-agent/files/lib/multiap/map_genconfig

@@ -44,16 +44,19 @@ generate_multiap_config() {
 			2g)
 				mode_band=2
 				priority=2
+				dpp_chan="81/1"
 				channels="1 6 11"
 			;;
 			5g)
 				mode_band=5
 				priority=1
+				dpp_chan="128/36"
 				channels="36-64 100-112"
 			;;
 			6g)
 				mode_band=6
 				priority=0
+				dpp_chan="133/49"
 			;;
 		esac
 
@@ -155,17 +158,13 @@ generate_multiap_config() {
 				uci set mapagent.@bsta[-1].band="$mode_band"
 				uci set mapagent.@bsta[-1].priority="$priority"
 
-				# add dpp_chirp section for 2.4GHz bSTA
-				if [ $mode_band -eq 2 ]; then
-					uci add mapagent dpp_chirp
-					uci set mapagent.@dpp_chirp[-1].type="qrcode"
-					uci set mapagent.@dpp_chirp[-1].device="$device"
-					uci set mapagent.@dpp_chirp[-1].ifname="$ifname"
-					uci set mapagent.@dpp_chirp[-1].band="$mode_band"
-					for channel in $channels; do
-						uci add_list mapagent.@dpp_chirp[-1].channel="$channel"
-					done
-				fi
+				#uci add mapagent dpp_uri
+				#uci set mapagent.@dpp_uri[-1].type="qrcode"
+				#uci set mapagent.@dpp_uri[-1].device="$device"
+				#uci set mapagent.@dpp_uri[-1].ifname="$ifname"
+				#uci set mapagent.@dpp_uri[-1].band="$mode_band"
+				#uci set mapagent.@dpp_uri[-1].chirp_interval="10"
+				#uci add_list mapagent.@dpp_uri[-1].dpp_chan="$dpp_chan"
 
 				if [ $generate_wireless_sta_config -eq 1 ]; then
 					secname="default_sta_${device}"
@@ -259,6 +258,6 @@ map_genconf () {
 				config_foreach mapcontroller_remove_mld_id ap
 			}
 		fi
-		ubus -t 5 call uci commit '{"config":"mapcontroller"}'
+		uci -q commit mapcontroller
 	fi
 }

map-controller/Config.in

@@ -39,10 +39,6 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config CONTROLLER_ZEROTOUCH_DPP
-	bool "Enable Zero-touch DPP bootstrapping via passphrase."
-	default n
-
 config CONTROLLER_PROPAGATE_PROBE_REQ
 	depends on CONTROLLER_EASYMESH_VENDOR_EXT
 	bool "Enable publishing probe requests vendor specific messages as UBUS events"

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.4.4.0
+PKG_VERSION:=6.4.0.11
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=d2e91ca156dbe0b44f0fc551b0a353137343fdf1
+PKG_SOURCE_VERSION:=db314c0fb388a3de47a9e6db5d944d7fabc832c6
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -36,9 +36,6 @@ ifeq ($(CONFIG_CONTROLLER_USE_LIBDPP),y)
   TARGET_CFLAGS += -DUSE_LIBDPP
 endif
 
-ifeq ($(CONFIG_CONTROLLER_ZEROTOUCH_DPP),y)
-  TARGET_CFLAGS += -DZEROTOUCH_DPP
-endif
 
 define Package/map-controller/description
  This package provides WiFi MultiAP Controller as per the EasyMesh-R2 specs.
@@ -84,7 +81,6 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands_impl.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_commands.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/cntlr_apis.h $(1)/usr/include/map-controller
-	$(CP) $(PKG_BUILD_DIR)/src/cntlr_plugin.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/wifi_opclass.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/steer_module.h $(1)/usr/include/map-controller
 	$(CP) $(PKG_BUILD_DIR)/src/timer.h $(1)/usr/include/map-controller

map-controller/files/etc/config/mapcontroller

@@ -2,7 +2,7 @@ config controller 'controller'
 	option enabled '1'	# may be modified by other package start-up scripts (i.e. map-agent)
 	option profile '3'
 	option registrar '2 5 6'
-	option debug '2'
+	option debug '0'
 	option bcn_metrics_max_num '10'
 	option initial_channel_scan '0'
 	option enable_ts '0'
@@ -10,9 +10,8 @@ config controller 'controller'
 	option primary_pcp '0'
 	option stale_sta_timeout '30d'
 	option de_collect_interval '60'
-	list plugin 'zerotouch'
 
-config sta_steering 'sta_steering'
+config sta_steering
 	option enable_sta_steer '1'
 	option enable_bsta_steer '0'
 	option rcpi_threshold_2g '70'
@@ -24,10 +23,8 @@ config sta_steering 'sta_steering'
 	option plugins_enabled '1'
 	option plugins_policy 'any'
 	list plugins 'rcpi'
-	list plugins 'rate'
-	list plugins 'bsteer'
 
-config channel_plan 'channel_plan'
+config channel_plan
 	option preclear_dfs '0'
 	option acs '0'
 

map-controller/files/etc/uci-defaults/99-mapcntlr-uci-rename-singletons

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-cfg=mapcontroller
-
-# singleton sections
-sections="channel_plan sta_steering"
-
-for sec in $sections; do
-    # find unnamed section of given type, only index 0
-    s=$(uci show $cfg | grep -oE "@${sec}\[0\]" | sort -u)
-    [ "$s" = "" ] && continue
-
-    uci rename $cfg.$s=$sec
-done
-
-uci commit $cfg

map-plugins/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-plugins
-PKG_VERSION:=1.1.2
+PKG_VERSION:=0.0.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a76610182366cf05ed7e8f5fbac26890b709eeb4
+PKG_SOURCE_VERSION:=74bf151851112ecee731d447af016c8dc668adcf
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/map-plugins.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -27,18 +27,11 @@ include $(INCLUDE_DIR)/package.mk
 
 include $(wildcard plugins/*.mk)
 
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
-
 MAKE_FLAGS += \
 	CFLAGS="$(TARGET_CFLAGS) -Wall"
 
 plugins := \
-	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)   \
-	$(if $(CONFIG_PACKAGE_map-plugins-bsteer),bsteer) \
-	$(if $(CONFIG_PACKAGE_map-plugins-zero-touch),zero-touch)
+	$(if $(CONFIG_PACKAGE_map-plugins-steer-rate),steer-rate)
 
 ppkg:=$(patsubst plugins/%.mk,map-plugins-%,$(wildcard plugins/*.mk))
 
@@ -59,7 +52,7 @@ define Package/map-plugins
 endef
 
 define Package/map-plugins/description
-	Provides extra Multi-AP services viz. steering, channel-planning, self-organizing network etc.
+	Provides extra Multi-AP services viz. steering, channel-planning etc.
 endef
 
 define Package/map-plugins/install
@@ -67,8 +60,9 @@ define Package/map-plugins/install
 endef
 
 define Build/Compile
-	$(foreach p,$(plugins),$(call Build/Compile/map-plugins-$(p), $(1)))
+	$(foreach p,$(ppkg),$(call Build/Compile/$(p),$(1)))
 endef
 
+
 $(eval $(call BuildPackage,map-plugins))
 $(eval $(foreach p,$(ppkg),$(call BuildPackage,$(p))))

map-plugins/plugins/bsteer.mk

@@ -1,20 +0,0 @@
-define Package/map-plugins-bsteer
-	$(call Package/map-plugins/Default)
-	TITLE:=Wi-Fi backhaul steering plugin based on maximizing backhaul throughput
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-bsteer/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/steer/bsteer/bsteer.so $(1)/usr/lib/mapcontroller/bsteer.so
-endef
-
-define Build/Compile/map-plugins-bsteer
-	$(MAKE) -C $(PKG_BUILD_DIR)/steer/bsteer \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

map-plugins/plugins/steer-rate.mk

@@ -16,5 +16,5 @@ define Build/Compile/map-plugins-steer-rate
 	$(MAKE) -C $(PKG_BUILD_DIR)/steer/rate \
 		CC="$(TARGET_CC)" \
 		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
+		LDFLAGS="$(TARGET_LDFLAGS)"
 endef

map-plugins/plugins/zero-touch.mk

@@ -1,22 +0,0 @@
-define Package/map-plugins-zero-touch
-	$(call Package/map-plugins/Default)
-	TITLE:=Full Zero-touch bootstrapping of Wi-Fi Repeater device(s)
-	DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-		 +libjson-c +libblobmsg-json +map-controller \
-		 +map-plugins
-endef
-
-define Package/map-plugins-zero-touch/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_DIR) $(1)/usr/lib/mapcontroller
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/zerotouch.so $(1)/usr/lib/mapcontroller/zerotouch.so
-	$(CP) $(PKG_BUILD_DIR)/zero-touch/libztdpp.so $(1)/usr/lib/libztdpp.so
-
-endef
-
-define Build/Compile/map-plugins-zero-touch
-	$(MAKE) -C $(PKG_BUILD_DIR)/zero-touch \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS)" \
-		LDFLAGS="$(TARGET_LDFLAGS)";
-endef

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -16,8 +16,6 @@ l3_mcast_config() {
 
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-	
-	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
@@ -38,32 +36,11 @@ l3_network_config() {
 	uci -q delete network.wan.disabled
 	uci -q delete network.wan.username
 	uci -q delete network.wan.password
-	uci -q delete network.wan.ipaddr
-	uci -q delete network.wan.gateway
-	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6=interface
 	uci -q set network.wan6.proto='dhcpv6'
 	uci -q delete network.wan6.disabled
 
-	if [ -n "$wandev" -a -n "$NETMODE_vlanid" -a $NETMODE_vlanid -gt 0 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		uci -q set network.wan.device="$wandev.$NETMODE_vlanid"
-	fi
-	
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi	
-
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -16,8 +16,6 @@ l3_mcast_config() {
 
 l3_network_pppoe_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-	
-	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode
 	uci -q set network.lan=interface
@@ -38,30 +36,9 @@ l3_network_pppoe_config() {
 	uci -q set network.wan.username="$NETMODE_username"
 	uci -q set network.wan.password="$NETMODE_password"
 	uci -q delete network.wan.disabled
-	uci -q delete network.wan.ipaddr
-	uci -q delete network.wan.gateway
-	uci -q delete network.wan.netmask
 
 	uci -q set network.wan6.disabled='1'
 
-	if [ -n "$wandev" -a -n "$NETMODE_vlanid" -a $NETMODE_vlanid -gt 0 ]; then
-		uci -q set network.vlan_${NETMODE_vlanid}=device
-		uci -q set network.vlan_${NETMODE_vlanid}.type="8021q"
-		uci -q set network.vlan_${NETMODE_vlanid}.name="$wandev.$NETMODE_vlanid"
-		uci -q set network.vlan_${NETMODE_vlanid}.ifname="$wandev"
-		uci -q set network.vlan_${NETMODE_vlanid}.vid=$NETMODE_vlanid
-
-		uci -q set network.wan.device="$wandev.$NETMODE_vlanid"
-	fi
-	
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -1,128 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-source "/etc/device_info"
-
-l3_mcast_config() {
-	# configure L3 mcast config
-	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
-
-	rm -f /etc/config/mcast
-	sh /rom/etc/uci-defaults/61-mcast_config_generate
-	uci -q commit mcast
-}
-
-l3_network_config() {
-	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
-	
-	wandev="$(uci -q get network.WAN.ifname)"
-
-	# Configure L3 Network Mode
-	uci -q set network.lan=interface
-	uci -q set network.lan.device='br-lan'
-	uci -q set network.lan.proto='static'
-	uci -q set network.lan.ipaddr='192.168.1.1'
-	uci -q set network.lan.netmask='255.255.255.0'
-	uci -q set network.lan.ip6assign='60'
-	uci -q delete network.lan.vendorid
-	uci -q delete network.lan.clientid
-	uci -q delete network.lan.reqopts
-	uci -q delete network.lan.sendopts
-
-	uci -q delete network.lan6	
-
-	uci -q set network.wan=interface
-	uci -q set network.wan.device="$wandev"
-	uci -q set network.wan.proto='static'
-	uci -q set network.wan.ipaddr="$NETMODE_ipaddr"
-	uci -q set network.wan.gateway="$NETMODE_gateway"
-	uci -q set network.wan.netmask="$NETMODE_netmask"
-	uci -q delete network.wan.disabled
-	uci -q delete network.wan.username
-	uci -q delete network.wan.password
-
-	uci -q set network.wan6.disabled='1'
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
-		for server in $dns_servers; do
-		    uci -q add_list network.wan.dns=$server
-		done
-	fi
-
-	uci -q delete network.wan.dns
-	if [ -n "$NETMODE_dns_servers" ]; then
-		IFS=',' read -ra ADDRS <<< "$NETMODE_dns_servers"
-		for ip in "${ADDRS[@]}"; do
-			uci -q add_list network.wan.dns=$ip
-		done
-	fi
-
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_select wan 2>/dev/null
-		json_get_var device device
-		if [ -n "$device" ]; then
-			uci -q set network.wan.device="$device"
-			uci -q set network.wan6.device="$device"
-		fi
-		json_cleanup
-	fi
-
-	uci -q commit network
-
-	# Enable DHCP Server
-	uci -q set dhcp.lan.ignore=0
-	uci -q set dhcp.wan.ignore=1
-	uci -q commit dhcp
-	/etc/init.d/odhcpd enable
-
-	# Enable SSDPD
-	uci -q set ssdpd.ssdp.enabled="1"
-	uci -q commit ssdpd
-
-	# Update CWMP Agent WAN Interface
-	uci -q set cwmp.cpe.default_wan_interface="wan"
-	uci -q commit cwmp
-
-	# Update gateway WAN Interface
-	uci -q set gateway.global.wan_interface="wan"
-	uci -q commit gateway
-
-	# Enable firewall
-	uci -q set firewall.globals.enabled="1"
-	uci -q commit firewall
-}
-
-l3_network_config
-l3_mcast_config
-
-# If device is already boot-up, assume netmode changed during runtime
-if [ -f /var/run/boot_complete ]; then
-	/etc/init.d/odhcpd restart 2>/dev/null
-	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
-		ubus call uci commit "{\"config\":\"$config\"}"
-		sleep 1
-	done
-fi

netmode/files/etc/netmodes/supported_modes.json

@@ -3,90 +3,25 @@
   "supported_modes": [
     {
       "name": "routed-dhcp",
-      "description": "DHCP",
-      "supported_args": [
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers, comma separated",
-          "required": false,
-          "type": "string"
-        }
-      ]
+      "description": "WAN with DHCP proto (Layer 3)"
     },
     {
       "name": "routed-pppoe",
-      "description": "PPPoE",
+      "description": "WAN with PPPoE (Layer 3)",
       "supported_args": [
         {
           "name": "username",
-          "description": "PPPoE Username",
+          "description": "PPPoE username",
           "required": true,
-          "type": "string",
+	  "type": "string",
           "#value": "TestUser"
         },
         {
           "name": "password",
-          "description": "PPPoE Password",
+          "description": "PPPoE password",
           "required": true,
-          "type": "string",
+	  "type": "string",
           "#value": "TestPassword"
-        },
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS Servers, comma separated",
-          "required": false,
-          "type": "string"
-        }
-      ]
-    },
-    {
-      "name": "routed-static",
-      "description": "Static",
-      "supported_args": [
-        {
-          "name": "ipaddr",
-          "description": "IP Address",
-          "required": true,
-          "type": "string",
-          "#value": "93.21.0.104"
-        },
-        {
-          "name": "netmask",
-          "description": "Subnet Mask",
-          "required": true,
-          "type": "string",
-          "#value": "255.255.255.0"
-        },
-        {
-          "name": "gateway",
-          "description": "Default Gateway",
-          "required": true,
-          "type": "string",
-          "#value": "93.21.0.1"
-        },
-        {
-          "name": "vlanid",
-          "description": "VLAN ID",
-          "required": false,
-          "type": "integer"
-        },
-        {
-          "name": "dns_servers",
-          "description": "DNS servers, comma separated",
-          "required": false,
-          "type": "string"
         }
       ]
     }

obuspa/Config.in

@@ -19,8 +19,13 @@ config OBUSPA_CONTROLLER_MTP_VERIFY
 	bool "Enable verification of controller MTP before processing the message"
 	default n
 
-config OBUSPA_LOCAL_MQTT_LISTENER
-	bool "Configures local mqtt broker for local usp connections"
+config OBUSPA_ENABLE_TEST_CONTROLLER
+	bool "Adds a test controller by default"
+	default n
+	select OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
+
+config OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
+	bool "Adds a test controller by default (local access only)"
 	default n
 
 config OBUSPA_MAX_CONTROLLERS_NUM

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.0.16
+PKG_VERSION:=10.0.0.14
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=479ffb3582aa245a84829502d9412ca2539eefca
+PKG_SOURCE_VERSION:=aeda0145e269cad49d326800fbd39d87c0d30087
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -33,7 +33,8 @@ define Package/obuspa
   TITLE:=USP agent
   MENU:=1
   DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
-		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
+		+OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-ssl +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-client-ssl \
+		+OBUSPA_ENABLE_TEST_CONTROLLER:mosquitto-auth-shadow +libjson-c
   DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
 
@@ -131,23 +132,27 @@ define Package/obuspa/install
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
 	$(INSTALL_DATA) ./files/etc/obuspa/usp_utils.sh $(1)/etc/obuspa/
 	echo "$(VENDOR_PREFIX)" > $(1)/etc/obuspa/vendor_prefix
-	$(INSTALL_DATA) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/60-generate-ctrust-defaults $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/obuspa-set-dhcp-option $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/92-obuspa_firewall $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/93-obuspa_mdns_adv $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/94-obuspa_set_credential $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/60-generate-ctrust-defaults $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/obuspa-set-dhcp-option $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/92-obuspa_firewall $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/93-obuspa_mdns_adv $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/94-obuspa_set_credential $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/firewall.usp $(1)/etc/
-	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/
+	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
 ifeq ($(CONFIG_OBUSPA_CWMP_DATAMODEL_SUPPORT),y)
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/libuspagentdm.so $(1) $(PKG_NAME)
 endif
-ifeq ($(CONFIG_OBUSPA_LOCAL_MQTT_LISTENER),y)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/55-obuspa-local-mqtt-usp-connection $(1)/etc/uci-defaults/
+ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER),y)
+	$(INSTALL_BIN) ./files/etc/uci-defaults/54-test-usp-remote $(1)/etc/uci-defaults/
+endif
+ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL),y)
+	$(INSTALL_BIN) ./files/etc/init.d/usptest $(1)/etc/init.d/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/55-test-usp-controller $(1)/etc/uci-defaults/
 endif
 ifeq ($(CONFIG_OBUSPA_OVERRIDE_CT_ROLE),y)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/61-override-ct-roles $(1)/etc/uci-defaults/
 endif
 endef
 

obuspa/files/etc/init.d/obuspa

@@ -6,7 +6,7 @@ USE_PROCD=1
 
 PROG=/usr/sbin/obuspa
 CONFIGURATION=obuspa
-FIRST_BOOT="/etc/obuspa/boot_marker"
+
 ENV_PROFILE="/root/.profile"
 KEEP_FILE="/lib/upgrade/keep.d/obuspa"
 
@@ -871,12 +871,6 @@ sync_uci_with_db()
 		return 0;
 	fi
 
-	# Skip overriding uci in case of Firstboot
-	if [ ! -f "${FIRST_BOOT}" ]; then
-		return 0
-	fi
-
-	log "Syncing obuspa uci with usp.db ...."
 	config_load obuspa
 	sync_db_controller
 	sync_db_localagent_mtp
@@ -984,6 +978,7 @@ db_init()
 		# Only do this if db have reasonable data
 		val="$(awk 'END{print NR}' ${DB_DUMP})"
 		if [ "$val" -gt 15 ]; then
+			log "Syncing obuspa uci with usp.db ...."
 			sync_uci_with_db
 		fi
 	fi
@@ -1031,7 +1026,6 @@ db_init()
 		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
 		rm ${CTRUST_RESET_FILE}
 	fi
-	[ -f "${FIRST_BOOT}" ] || touch "${FIRST_BOOT}"
 }
 
 start_service() {
@@ -1049,6 +1043,7 @@ start_service() {
 		procd_set_param respawn \
 			"${respawn_threshold:-10}" \
 			"${respawn_timeout:-10}" "${respawn_retry:-5}"
+		#procd_set_param limits core="unlimited"
 	fi
 	procd_close_instance ${CONFIGURATION}
 }

obuspa/files/etc/init.d/usptest

@@ -0,0 +1,75 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=01
+USE_PROCD=1
+
+log()
+{
+	echo "$*"|logger -t usptest -p debug
+}
+
+get_oui_from_db()
+{
+	db -q get device.deviceinfo.ManufacturerOUI
+}
+
+get_serial_from_db()
+{
+	db -q get device.deviceinfo.SerialNumber
+}
+
+publish_endpoint()
+{
+	local AgentEndpointID serial oui user pass
+
+	if ! uci -q get obuspa.testmqtt; then
+		return 0;
+	fi
+
+	# return if mosquitto_pub is not present
+	if [ ! "$(command -v mosquitto_pub)" ]; then
+		log "mosquitto_pub not present can't publish EndpointID"
+		return 0;
+	fi
+
+	sleep 2
+	# Get endpoint id from obuspa config first
+	config_load obuspa
+	config_get AgentEndpointID localagent EndpointID ""
+	if [ -z "${AgentEndpointID}" ]; then
+		serial=$(get_serial_from_db)
+		oui=$(get_oui_from_db)
+		AgentEndpointID="os::${oui}-${serial//+/%2B}"
+	fi
+
+	config_get user testmqtt Username ""
+	config_get pass testmqtt Password ""
+
+	# publish Agent's EndpointID in mosquito broker for discovery by usp-js
+	# This is a work around till obuspa adds supports for mDNS discovery
+	if [ -n "${user}" ] && [ -n "${pass}" ]; then
+		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username, password"
+		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}" -P "${pass}"
+	elif [ -n "${user}" ]; then
+		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker with username only"
+		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}" -u "${user}"
+	else
+		log "Publishing EndpointID ${AgentEndpointID} to local mqtt broker"
+		mosquitto_pub -r -t "obuspa/EndpointID" -m "${AgentEndpointID}"
+	fi
+}
+
+start_service() {
+	procd_open_instance usptest
+	publish_endpoint
+	procd_close_instance
+}
+
+reload_service() {
+	publish_endpoint
+}
+
+service_triggers() {
+	procd_add_reload_trigger "mosquitto" "obuspa"
+}

obuspa/files/etc/uci-defaults/54-test-usp-remote

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_usp_test()
+{
+	uci_add mosquitto listener usptest
+	uci_set mosquitto usptest enabled 1
+	uci_set mosquitto usptest port '9004'
+	uci_set mosquitto usptest protocol 'websockets'
+	uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+}
+
+# Install test MQTT over WS listener
+add_usp_test

obuspa/files/etc/uci-defaults/55-obuspa-local-mqtt-usp-connection

@@ -1,21 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ ! -f "/etc/config/mosquitto" ]; then
-	echo "Local mosquitto broker not available"
-	return 0
-fi
-
-add_mqtt_obuspa_listener()
-{
-	uci_add mosquitto listener obuspa
-	uci_set mosquitto obuspa enabled 1
-	uci_set mosquitto obuspa port '1883'
-	uci_set mosquitto obuspa no_remote_access '1'
-	uci_set mosquitto obuspa allow_anonymous '1'
-}
-
-# Add mosquitto listener for obuspa connection
-# apps/controller should add controller definitions separately
-add_mqtt_obuspa_listener

obuspa/files/etc/uci-defaults/55-test-usp-controller

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/obuspa" ]; then
+	echo "Local obuspa not available"
+	return 0
+fi
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_obuspa_test_mtp()
+{
+	uci_add obuspa mtp test_mtp
+	uci_set obuspa test_mtp Protocol 'MQTT'
+	uci_set obuspa test_mtp ResponseTopicConfigured '/usp/endpoint'
+	uci_set obuspa test_mtp mqtt 'testmqtt'
+}
+
+add_obuspa_test_mqtt()
+{
+	# Adds Device.MQTT.Client.
+	uci_add obuspa mqtt testmqtt
+	uci_set obuspa testmqtt BrokerAddress '127.0.0.1'
+	uci_set obuspa testmqtt BrokerPort '1883'
+	uci_set obuspa testmqtt TransportProtocol 'TCP/IP'
+}
+
+add_obuspa_test_controller()
+{
+	# Adds Device.LocalAgent.Controller.
+	uci_add obuspa controller testcontroller
+	uci_set obuspa testcontroller EndpointID 'proto::interop-usp-controller'
+	uci_set obuspa testcontroller Protocol 'MQTT'
+	uci_set obuspa testcontroller Topic '/usp/controller'
+	uci_set obuspa testcontroller mqtt 'testmqtt'
+	uci_set obuspa testcontroller assigned_role_name 'full_access'
+}
+
+add_obuspa_config()
+{
+	uci_add mosquitto listener obuspa
+	uci_set mosquitto obuspa enabled 1
+	uci_set mosquitto obuspa port '1883'
+	uci_set mosquitto obuspa no_remote_access '1'
+	uci_set mosquitto obuspa allow_anonymous '1'
+}
+
+# Install test usp controller config
+add_obuspa_config
+
+add_obuspa_test_mtp
+add_obuspa_test_mqtt
+add_obuspa_test_controller

parental-control/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=parental-control
-PKG_VERSION:=1.4.1
+PKG_VERSION:=1.2.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=bd852e8b0a6528893917fb89e2ea27a8920f6280
+PKG_SOURCE_VERSION:=120dbcd6508b817d2ce3d579a1bfbd5bfd1a44cb
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -81,20 +81,19 @@ define Package/parental-control/install
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DATA) ./files/etc/uci-defaults/95-firewall_parentalcontrol.ucidefaults $(1)/etc/uci-defaults/
-	$(INSTALL_DATA) ./files/etc/uci-defaults/35-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults $(1)/etc/uci-defaults/
 
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/parentalcontrol $(1)/lib/upgrade/keep.d/parentalcontrol
 
 	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol
 
-	$(INSTALL_DATA) ./files/etc/uci-defaults/40-parental_control_update_bundle_path $(1)/etc/uci-defaults/
 ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_add_bundles $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/55-add-default-bundles $(1)/etc/uci-defaults/
 	$(CP) ./files/urlbundle_override.json $(1)/etc/parentalcontrol/
 else
 	$(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/urlbundle_override.json $(1) parentalcontrol
-	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_disable_urlfilter $(1)/etc/uci-defaults/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_urlfilter $(1)/etc/uci-defaults/
 endif
 endef
 

parental-control/files/etc/config/parentalcontrol

@@ -1,3 +1,4 @@
 config globals 'globals'
-    option enable '1'
+    option enable '0'
     option loglevel '3'
+    option urlfilter '1'

parental-control/files/etc/firewall.parentalcontrol

@@ -5,16 +5,19 @@
 enabled="$(uci -q get parentalcontrol.globals.enable)"
 urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
 
-# if parentalcontrol is enabled, add the rules, else remove them
+# if parentalcontrol is  enabled, add the rules, else remove them
 if [ "${enabled}" -eq "1" ]; then
-	# this is for internet_access and profile_bedtime_schedule sections
-	add_internet_schedule_rules
 	# this is for urlfilter daemon
+	add_iptables_nfqueue_rules
 	if [ "${urlfilter}" -eq "1" ]; then
-		add_iptables_nfqueue_rules
+		# this for internet_access and profile_bedtime_schedule sections
+		add_internet_schedule_rules
 	fi
 else
-	# remove internet_access and profile_bedtime_schedule rules
-	remove_internet_schedule_rules
+	# remove urlfilter daemon rules
 	remove_iptables_nfqueue_rules
+	if [ "${urlfilter}" -eq "1" ]; then
+		# remove internet_access and profile_bedtime_schedule rules
+		remove_internet_schedule_rules
+	fi
 fi

parental-control/files/etc/init.d/parentalcontrol

@@ -12,9 +12,7 @@ validate_global_section() {
 	uci_validate_section parentalcontrol globals globals \
 	    'enable:bool:1' \
 	    'loglevel:uinteger:3' \
-	    'queue_num:uinteger:53' \
 	    'bundle_path:string' \
-	    'default_wan_interface:string:wan' \
 	    'urlfilter:bool'
 }
 
@@ -26,12 +24,11 @@ remove_fw_rules() {
 }
 
 configure_fw_rules() {
-	local enable urlfilter queue_num
+	local enable urlfilter
 
 	config_load parentalcontrol
 	config_get_bool enable globals enable 0
 	config_get_bool urlfilter globals urlfilter 0
-	config_get queue_num globals queue_num 53
 
 	remove_fw_rules
 
@@ -40,11 +37,6 @@ configure_fw_rules() {
 		return 0
 	fi
 
-	if [ "${queue_num}" -lt 0 ] || [ "${queue_num}" -gt 65535 ]; then
-	        log "ERROR: queue_num not in 0-65535"
-		return 1
-	fi
-
 	if [ "${urlfilter}" -eq "1" ]; then
 		if [ ! -f "${OVERRIDE_JSON}" ]; then
 			# throw error
@@ -52,15 +44,13 @@ configure_fw_rules() {
 		else
 			# Now flush the existing connections, otherwise,
 			# URL filtering cannot be performed on already open sites.
-			if which hw_nat > /dev/null 2>&1; then
-				hw_nat -! > /dev/null 2>&1
-			fi
-			if which conntrack > /dev/null 2>&1; then
-				flush_conntrack_for_hosts
+			if [ -n "$(which conntrack)" ]; then
+				sleep 5
+				conntrack -F
 			fi
 
 			# this is for urlfilter daemon
-			add_iptables_nfqueue_rules "$queue_num"
+			add_iptables_nfqueue_rules
 		fi
 	fi
 
@@ -93,13 +83,14 @@ start_service() {
 	config_load parentalcontrol
 	validate_global_section
 
+	[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
+
+	# add default bundles
+	process_default_bundles
 	# add firewall rules
 	configure_fw_rules
 
 	if [ "${urlfilter}" -eq "1" ]; then
-		# add default bundles
-		[ -n "${bundle_path}" ] && mkdir -p ${bundle_path}
-		process_default_bundles
 		enable_urlfilter_dm
 	else
 		disable_urlfilter_dm
@@ -109,13 +100,13 @@ start_service() {
 	# then /tmp/dhcp.leases will be empty until clients try to get a lease,
 	# in that case, hostnames will not be processed by the daemon,
 	# for this we copy /tmp/dhcp.leases to /etc/parentalcontrol/dhcp.leases
-	# which will be persistent across reboots and upgrade (with keep settings)
+	# which will be persistent acrros reboots and upgrade where settings are kept
 	# and will be used as a backup in case /tmp/dhcp.leases is empty
 	copy_dhcp_leases
 
 	procd_open_instance "parentalcontrol"
 	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
-	procd_append_param command -l "${loglevel}"
+	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
 	procd_close_instance
 }
@@ -128,19 +119,11 @@ stop_service() {
 }
 
 reload_service() {
-	local arg="$1"
-
 	ret=$(ubus call service list '{"name":"parentalcontrol"}' | jsonfilter -qe '@.parentalcontrol.instances.parentalcontrol.running')
 	if [ "$ret" != "true" ]; then
 		stop
 		start
 	else
-		if [ "$arg" = "network" ]; then
-			pidof_sync="$(pidof sync_bundles.sh)"
-			[ -n "$pidof_sync" ] && kill "$pidof_sync"
-			sleep 5
-		fi
-
 		configure_fw_rules
 		copy_dhcp_leases
 		ubus send parentalcontrol.reload
@@ -148,19 +131,6 @@ reload_service() {
 }
 
 service_triggers() {
-	local enable urlfilter default_wan_interface
-
-	validate_global_section || {
-		return 1
-	}
-
-	if [ "${urlfilter}" = "1" ] && [ "$enable" = "1" ] && [ -n "$default_wan_interface" ]; then
-		log "Adding interface trigger for $default_wan_interface"
-		procd_open_trigger
-		procd_add_interface_trigger "interface.*.up" "$default_wan_interface" /etc/init.d/parentalcontrol reload "network"
-		procd_close_trigger
-	fi
-
 	procd_add_reload_trigger "parentalcontrol"
 	procd_add_reload_trigger "schedules"
 }

parental-control/files/etc/uci-defaults/40-parental_control_update_bundle_path

@@ -1,38 +0,0 @@
-#!/bin/sh
-
-[ ! -f "/etc/config/parentalcontrol" ] && exit 0
-
-APPS_DIR="/apps"
-
-check_mounted_app_partition() {
-	local free
-
-	if [ ! -d "${APPS_DIR}" ]; then
-		return 1
-	fi
-
-	# Check free space in disk
-	free="$(df -P "${APPS_DIR}"|tail -n 1|awk '{print $4}')"
-
-	# disable if free storage is less then 300M
-	if [ "${free}" -lt 307200 ]; then
-		return 1
-	fi
-
-	return 0
-}
-
-
-if check_mounted_app_partition; then
-	uci -q set parentalcontrol.globals.bundle_path="${APPS_DIR}/parentalcontrol"
-
-	# configure the urlfilter if not configured
-	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
-	if [ -z "${urlfilter}" ]; then
-		uci -q set parentalcontrol.globals.urlfilter='1'
-	fi
-else
-	uci -q set parentalcontrol.globals.urlfilter='0'
-fi
-
-exit 0

parental-control/files/etc/uci-defaults/50-parental_control_add_bundles

@@ -1,43 +0,0 @@
-#!/bin/sh
-
-[ ! -f "/etc/config/parentalcontrol" ] && exit 0
-
-COUNT=1
-
-add_urlbundle()
-{
-	local name url
-
-	url="${1}"; shift
-	name="$*"
-
-	uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle
-	uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}"
-	uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}"
-
-	COUNT="$((COUNT+1))"
-}
-
-urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
-if [ "${urlfilter}" -eq "1" ]; then
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse"
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads"
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto"
-	add_urlbundle "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs"
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else"
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent'
-	add_urlbundle 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking'
-fi
-
-exit 0

parental-control/files/etc/uci-defaults/50-parental_control_disable_urlfilter

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-[ ! -f "/etc/config/parentalcontrol" ] && exit 0
-
-uci -q set parentalcontrol.globals.urlfilter='0'
-
-_delete_urlbundle() {
-	uci_remove parentalcontrol "${1}"
-}
-
-config_load "parentalcontrol"
-config_foreach _delete_urlbundle urlbundle

parental-control/files/etc/uci-defaults/50-parental_control_urlfilter

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+uci -q set parentalcontrol.globals.urlfilter='0'

parental-control/files/etc/uci-defaults/55-add-default-bundles

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+COUNT=1
+
+add_urlbundle()
+{
+	local enabled name url
+
+	enabled="${1}"; shift
+	url="${1}"; shift
+	name="${@}"
+
+	uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle
+	uci -q set parentalcontrol.urlbundle_${COUNT}.enable="${enabled}"
+	uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}"
+	uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}"
+
+	COUNT="$((COUNT+1))"
+}
+
+add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse"
+add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads"
+add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto"
+add_urlbundle "1" "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs"
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else"
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking'
+
+exit 0

parental-control/files/etc/uci-defaults/95-migrate_urlfilter.ucidefaults

@@ -2,8 +2,6 @@
 
 . /lib/functions.sh
 
-[ ! -f "/etc/config/urlfilter" ] && exit 0
-
 # Convert URL filter to parental control format
 urlfilter_config="/etc/config/urlfilter"
 parentalcontrol_config="/etc/config/parentalcontrol"

parental-control/files/lib/parentalcontrol/parentalcontrol.sh

@@ -13,10 +13,7 @@ IP_RULE=""
 ACL_FILE=""
 parentalcontrol_ipv4_forward=""
 parentalcontrol_ipv6_forward=""
-
-bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
-
-default_bundle_dir="${bundle_path}/default/"
+default_bundle_dir="/tmp/parentalcontrol/default/"
 bundle_archive="/etc/parentalcontrol/urlbundles.tar.xz"
 
 log() {
@@ -258,9 +255,7 @@ handle_schedule() {
 			schedule_added="1"
 		fi
 
-		# internet_access has been updated to be internet_break
-		# so drop traffic during the schedule, and allow outside the schedule
-		target="DROP"
+		target="ACCEPT"
 
 		config_get local_start_time "$schedule_section" "start_time" "00:00"
 		config_get duration "$schedule_section" "duration"
@@ -367,6 +362,11 @@ handle_internet_break() {
 			config_load "schedules"
 			config_foreach handle_schedule schedule "schedule" "$schedule_ref"
 		fi
+
+		# for access rule to work, need to have default drop rule as last rule
+		if [ "$schedule_added" = "1" ]; then
+			add_access_rule "$ACCESS_RULE" "" "" "" "DROP"
+		fi
 	done
 }
 
@@ -438,118 +438,64 @@ add_internet_schedule_rules() {
 }
 
 add_iptables_nfqueue_rules() {
-    local queue_num="$1"
+	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		# setup netfilter queue 0, use queue bypass so that if no application is
+		# listening to this queue then traffic is unaffected.
+		iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # Check if urlfilter used
-    if ! uci show parentalcontrol | grep -q profile_urlfilter; then
-        return
-    fi
+		iptables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # IPv4
-    # FORWARD
-    if ! iptables -w -nL | grep -q "URLFILTER_FORWARD"; then
-        iptables -w -N URLFILTER_FORWARD
-        iptables -w -I FORWARD 1 -j URLFILTER_FORWARD
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 
-        # capture DNS responses (sport 53)
-        iptables -w -A URLFILTER_FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_FORWARD -p udp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
+	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -ne 0 ]; then
+		#ip6table rules
+		ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-        # HTTP/HTTPS flows
-        iptables -w -A URLFILTER_FORWARD -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_FORWARD -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
+		ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # INPUT
-    if ! iptables -w -nL | grep -q "URLFILTER_INPUT"; then
-        iptables -w -N URLFILTER_INPUT
-        iptables -w -I INPUT 1 -j URLFILTER_INPUT
-
-        iptables -w -A URLFILTER_INPUT -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_INPUT -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # OUTPUT
-    if ! iptables -w -nL | grep -q "URLFILTER_OUTPUT"; then
-        iptables -w -N URLFILTER_OUTPUT
-        iptables -w -I OUTPUT 1 -j URLFILTER_OUTPUT
-
-        iptables -w -A URLFILTER_OUTPUT -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        iptables -w -A URLFILTER_OUTPUT -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # ebtables bypass for IPv4
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 6  --ip-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 6  --ip-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip --ip-protocol 17 --ip-source-port 53    -j SKIPLOG 2>/dev/null
-
-    # IPv6
-    # FORWARD
-    if ! ip6tables -w -nL | grep -q "URLFILTER_FORWARD6"; then
-        ip6tables -w -N URLFILTER_FORWARD6
-        ip6tables -w -I FORWARD 1 -j URLFILTER_FORWARD6
-
-        ip6tables -w -A URLFILTER_FORWARD6 -p tcp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_FORWARD6 -p udp --sport 53 -j NFQUEUE --queue-num $queue_num --queue-bypass
-
-        ip6tables -w -A URLFILTER_FORWARD6 -p tcp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_FORWARD6 -p udp --match multiport --ports 80,443 -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # INPUT
-    if ! ip6tables -w -nL | grep -q "URLFILTER_INPUT6"; then
-        ip6tables -w -N URLFILTER_INPUT6
-        ip6tables -w -I INPUT 1 -j URLFILTER_INPUT6
-
-        ip6tables -w -A URLFILTER_INPUT6 -p tcp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_INPUT6 -p udp --sport 53 ! -i lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # OUTPUT
-    if ! ip6tables -w -nL | grep -q "URLFILTER_OUTPUT6"; then
-        ip6tables -w -N URLFILTER_OUTPUT6
-        ip6tables -w -I OUTPUT 1 -j URLFILTER_OUTPUT6
-
-        ip6tables -w -A URLFILTER_OUTPUT6 -p tcp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-        ip6tables -w -A URLFILTER_OUTPUT6 -p udp --sport 53 ! -o lo -j NFQUEUE --queue-num $queue_num --queue-bypass
-    fi
-
-    # ebtables bypass for IPv6
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6  --ip6-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6  --ip6-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53    -j SKIPLOG 2>/dev/null
+		# disable acceleration for https packet so that they can be read by urlfilter
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 }
 
 remove_iptables_nfqueue_rules() {
-    # IPv4
-    for chain in URLFILTER_FORWARD URLFILTER_INPUT URLFILTER_OUTPUT; do
-        if iptables -w -nL | grep -q "$chain"; then
-            iptables -w -D FORWARD -j $chain 2>/dev/null
-            iptables -w -D INPUT   -j $chain 2>/dev/null
-            iptables -w -D OUTPUT  -j $chain 2>/dev/null
-            iptables -w -F $chain
-            iptables -w -X $chain
-        fi
-    done
+	iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 6  --ip-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 6  --ip-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53    -j SKIPLOG 2>/dev/null
+		iptables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		iptables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    # IPv6
-    for chain in URLFILTER_FORWARD6 URLFILTER_INPUT6 URLFILTER_OUTPUT6; do
-        if ip6tables -w -nL | grep -q "$chain"; then
-            ip6tables -w -D FORWARD -j $chain 2>/dev/null
-            ip6tables -w -D INPUT   -j $chain 2>/dev/null
-            ip6tables -w -D OUTPUT  -j $chain 2>/dev/null
-            ip6tables -w -F $chain
-            ip6tables -w -X $chain
-        fi
-    done
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
+	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
+	if [ "$?" -eq 0 ]; then
+		#ip6table rules
+		ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
 
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6  --ip6-destination-port 443 -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6  --ip6-source-port 53    -j SKIPLOG 2>/dev/null
-    ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53    -j SKIPLOG 2>/dev/null
+		ip6tables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+		ip6tables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
+
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
+	fi
 }
 
 remove_internet_schedule_rules() {
@@ -567,62 +513,6 @@ remove_internet_schedule_rules() {
 	fi
 }
 
-# Global array for resolved IPs
-URLFILTER_IPS=""
-
-# Resolve hostname or MAC to IP from lease_file
-get_host_ip() {
-	local host="$1"
-	local ip
-	local lease_file="/tmp/dhcp.leases"
-
-	[ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases"
-	[ -f "$lease_file" ] || { log "Error: get_host_ip(): No DHCP lease file found."; return 1; }
-
-	# try DHCP lease lookup
-	ip="$(awk -v h="$host" '
-	{
-		mac=$2; ipaddr=$3; name=$4
-		if (h == name || h == mac) { print ipaddr; exit }
-	}' "$lease_file")"
-
-	[ -n "$ip" ] && URLFILTER_IPS="$URLFILTER_IPS $ip"
-}
-
-# Process each profile section
-resolve_profile_hosts() {
-	local section="$1"
-	local hostlist
-
-	config_get hostlist "$section" host
-	[ -z "$hostlist" ] && return
-
-	for h in $hostlist; do
-		get_host_ip "$h"
-	done
-}
-
-# Main function to collect IPs and delete conntrack entries
-flush_conntrack_for_hosts() {
-	URLFILTER_IPS=""
-	local count max
-
-	config_foreach resolve_profile_hosts profile
-
-	URLFILTER_IPS="$(echo "$URLFILTER_IPS" | tr ' ' '\n' | sort -u | xargs)"
-	for ip in $URLFILTER_IPS; do
-		count=0
-		max=1000
-		while conntrack -D -s "$ip" >/dev/null 2>&1; do
-			count=$((count+1))
-			if [ $count -ge $max ]; then
-				log "Warning: Forced to stop conntrack delete after $max deletions for $ip (possible loop)"
-				break
-			fi
-		done
-	done
-}
-
 OVERRIDE_JSON="/etc/parentalcontrol/urlbundle_override.json"
 DM_PLUGIN_PATH="/usr/share/bbfdm/micro_services/parentalcontrol/urlbundle_override.json"
 

parental-control/files/lib/parentalcontrol/sync_bundles.sh

@@ -3,31 +3,12 @@
 . /lib/functions.sh
 
 LOCKFILE="/tmp/sync_bundles.lock"
-log_level="$(uci -q get parentalcontrol.globals.loglevel)"
-log_level="${log_level:-1}"
-DEBUG=0
-
-log_err() {
-	logger -t urlfilter.sync -p error "$*"
-	if [ "${DEBUG}" -eq "1" ]; then
-		echo "#ERR# $* #" >/dev/console
-	fi
-}
-
-log_info() {
-	if [ "${log_level}" -gt 3 ]; then
-		logger -t urlfilter.sync -p info "$*"
-	fi
-	if [ "${DEBUG}" -eq "1" ]; then
-		echo "#INFO# $* #" >/dev/console
-	fi
-}
 
 # this script handles syncing bundles
 # if its a remote file, then it would be downloaded and placed in bundle_dir
 bundle_path="$(uci -q get parentalcontrol.globals.bundle_path)"
 if [ -z "${bundle_path}" ]; then
-	return 0
+	bundle_path="/tmp/parentalcontrol"
 fi
 
 stringstore_dir="${bundle_path}/stringstore"
@@ -57,15 +38,15 @@ update_bundle_file_from_url() {
 
 	available_memory=$(df "$bundle_dir" | tail -n 1 | awk '{print $(NF-2)}') # Available memory in 1K blocks
 	local needed_blocks=$((bundle_file_size / 1024)) # Convert bundle_file_size to 1K blocks
-	local max_size=$((50 * 1024 * 1024)) # 50MB in bytes
+	local max_size=$((10 * 1024 * 1024)) # 10MB in bytes
 
 	if [ "$available_memory" -le "$needed_blocks" ]; then
-		log_info "Error: Not enough disk space for bundle: ${bundle_name}"
+		logger -p info "Error: Not enough disk space for bundle: ${bundle_name}"
 		return 1
 	fi
 
 	if [ "$bundle_file_size" -gt "$max_size" ]; then
-		log_info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
+		logger -p info "update_bundle_file_from_url: Error: File size for ${bundle_name} exceeds 10MB"
 		return 1
 	fi
 
@@ -76,7 +57,7 @@ update_bundle_file_from_url() {
 	else
 		# Random delay (0-5s) before starting the download
 		local delay=$((RANDOM % 6))
-		log_info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
+		logger -p info "update_bundle_file_from_url: Waiting ${delay}s before downloading..."
 		sleep "$delay"
 
 		# Retry logic with exponential backoff
@@ -84,11 +65,12 @@ update_bundle_file_from_url() {
 		local attempt=1
 		local success=0
 		while [ $attempt -le 3 ]; do
-			if curl -s -o "$temp_file" "$download_url"; then
+			curl -s -o "$temp_file" "$download_url"
+			if [ $? -eq 0 ]; then
 				success=1
 				break
 			else
-				log_info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
+				logger -p info "update_bundle_file_from_url: Download failed. Retrying $attempt ..."
 				local backoff=$(( (2 ** attempt) + (RANDOM % 3) )) # Exponential backoff + 0-2s jitter
 				sleep "$backoff"
 			fi
@@ -96,7 +78,7 @@ update_bundle_file_from_url() {
 		done
 
 		if [ $success -ne 1 ]; then
-			log_info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
+			logger -p info "update_bundle_file_from_url: Failed to download bundle: ${bundle_name}"
 			rm -f "$temp_file"
 			return 1
 		fi
@@ -107,7 +89,7 @@ update_bundle_file_from_url() {
 	local final_path="${bundle_dir}/${bundle_file_name}"
 	if [[ "$file_path" =~ \.xz$ ]]; then
 		if ! xz -dc "$file_path" > "$final_path"; then
-			log_info "update_bundle_file_from_url: Decompression failed."
+			logger -p info "update_bundle_file_from_url: Decompression failed."
 			rm -f "$final_path"
 			rm -f "$file_path"
 			return 1
@@ -116,7 +98,7 @@ update_bundle_file_from_url() {
 		rm -f "$file_path"
 	elif [[ "$file_path" =~ \.gz$ ]]; then
 		if ! gzip -dc "$file_path" > "$final_path"; then
-			log_info "update_bundle_file_from_url: Decompression failed."
+			logger -p info "update_bundle_file_from_url: Decompression failed."
 			rm -f "$final_path"
 			rm -f "$file_path"
 			return 1
@@ -152,6 +134,7 @@ handle_download_url() {
 	local file_name="${sanitized_url##*/}" # Get everything after the last '/'
 
 	local bundle_file_name="${file_name}.urlbundle"
+	local unprocessed_file=0
 	local file_path="${sanitized_url#file://}"
 
 	if echo "$sanitized_url" | grep -qE "^https?://|^file://"; then
@@ -161,23 +144,7 @@ handle_download_url() {
 		# If the URL is HTTP, fetch the file size
 		local bundle_file_size
 		if echo "$sanitized_url" | grep -qE "^https?://"; then
-			bundle_file_header="$(curl -Is --max-time 30 "$sanitized_url" 2>/var/log/urlfilter_curl_err.log)"
-			curl_rc=$?
-
-			case $curl_rc in
-				0)
-					# Success
-					;;
-				6|7|28|35|52|55|56)
-					log_info "handle_download_url: URL not reachable (curl rc=$curl_rc): ${sanitized_url}"
-					return 1
-					;;
-				*)
-					log_info "handle_download_url: unexpected curl rc=$curl_rc for ${sanitized_url}"
-					;;
-			esac
-
-			bundle_file_size="$(echo "$bundle_file_header" | grep -i 'content-length' | cut -d: -f2 | xargs)"
+			bundle_file_size="$(curl -I "$sanitized_url" 2>&1 | grep -i 'content-length' | cut -d: -f2 | xargs)"
 			[ -z "$bundle_file_size" ] && bundle_file_size=0
 		else
 			# If it's a file:// URL, get the file size from the filesystem
@@ -186,7 +153,7 @@ handle_download_url() {
 		fi
 
 		if [ -n "$previous_bundle_size" ] && [ "$bundle_file_size" -eq "$previous_bundle_size" ]; then
-			return 0
+			return
 		fi
 
 		if echo "$sanitized_url" | grep -q "^file://" && ! echo "$sanitized_url" | grep -Eq "\.(xz|gz)$"; then
@@ -194,7 +161,7 @@ handle_download_url() {
 			sed -i "/^${bundle_file_name} /d" "$bundle_sizes"
 			echo "$bundle_file_name $bundle_file_size" >> "$bundle_sizes"
 			ubus send "parentalcontrol.bundle.update" "{\"bundle_file_path\":\"${file_path}\",\"bundle_name\":\"${bundle_name}\"}"
-			return 0
+			return
 		fi
 
 		# Remove existing entries
@@ -206,9 +173,11 @@ handle_download_url() {
 		update_bundle_file_from_url "$sanitized_url" "$bundle_file_name" "$bundle_file_size" "$bundle_name" "$file_name"
 		return $?
 	else
-		log_info "Error: Unsupported URL format for ${bundle_file_name}"
+		logger -p info "Error: Unsupported URL format for ${bundle_file_name}"
 		return 1
 	fi
+
+	return 0
 }
 
 cleanup_bundle_files() {
@@ -220,7 +189,7 @@ cleanup_bundle_files() {
 	get_download_url() {
 		local section="$1"
 		config_get url "$section" download_url
-		config_get_bool enable "$1" enable 1
+		config_get_bool enable "$1" enable 0
 
 		if [ "${enable}" -eq 0 ]; then
 			# bundle is disabled
@@ -253,56 +222,46 @@ cleanup_bundle_files() {
 	done
 }
 
-cleanup_bundle_sizes() {
-	downloaded_bundle_names="$(cat "$bundle_sizes" | cut -d '.' -f 1)"
-
-	for name in $downloaded_bundle_names; do
-		if ls ${stringstore_dir}/${name}* 2>&1 | grep -qF '.store'; then
-			if ls ${stringstore_dir}/${name}* 2>&1 | grep -q cmph; then
-				continue
-			fi
-		fi
-
-		sed -i "/$name/d" "$bundle_sizes"
-	done
-}
-
 # Main handler for all profile URL bundles
 handle_filter_for_bundles() {
 	local urlfilter
 
 	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
-	# if urlfilter is not enabled, then return
 	if [ "${urlfilter}" -ne "1" ]; then
-		log_info "urlfilter feature not enabled"
-		return 0
+		logger -p info "urlbundle not supported"
+		return
+	fi
+
+	ubus -t 20 wait_for bbfdm.parentalcontrol
+
+	if [ "$?" -ne 0 ]; then
+		logger -p error "bbfdm.parentalcontrol object not found"
+		return
 	fi
 
 	initialize_environment
 
 	cleanup_bundle_files "$bundle_dir"
 	cleanup_bundle_files "$stringstore_dir"
-	cleanup_bundle_sizes
 
 	config_load parentalcontrol
 
 	config_get_bool enable globals enable 0
 	if [ "${enable}" -eq 0 ]; then
-		log_info "parental-control feature not enabled"
 		# Parental control is disabled
 		return 0
 	fi
 
-	check_bundle_exists() {
-		local enable download_url name cfg
+	local profile enable bundles bundle_name download_url
 
-		cfg="$1"
+	check_bundle_exists() {
+		local cfg="$1"
 		config_get name "$cfg" name
-		config_get_bool enable "$cfg" enable 1
+		config_get_bool enable "$cfg" enable 0
 		config_get download_url "$cfg" download_url
 
 		if [ "${enable}" -eq 0 ]; then
-			log_info "Skipping bundle ${name} not enabled"
+			# bundle is disabled
 			return 0
 		fi
 
@@ -323,6 +282,6 @@ handle_filter_for_bundles() {
 # Open file descriptor 200 for locking
 exec 200>"$LOCKFILE"
 # Try to acquire an exclusive lock; exit if another instance is running
-flock -n 200 || { log_info "sync_bundles.sh is already running, exiting."; exit 1; }
+flock -n 200 || { logger -p info "sync_bundles.sh is already running, exiting."; exit 1; }
 
 handle_filter_for_bundles

passwdqc/Makefile

@@ -39,6 +39,9 @@ define Package/$(PKG_NAME)/install
 
 	$(INSTALL_DIR) $(1)/usr/lib/security
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/pam_passwdqc.so $(1)/usr/lib/security/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/passwdqc.uci_default $(1)/etc/uci-defaults/99-add_passwdqc_pam
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

passwdqc/files/passwdqc.uci_default

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+CONFIG_FILE="/etc/pam.d/common-password"
+# for some reason setting to 8 makes passwdqc accept minimum 12 letter password with this configuration
+# if we set it to 12 then we need atleast 16 characters and so on
+# passphrase = 0 means no space separated words
+# rest can be figured out from passwdqc man page
+MODULE_LINE="password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,8 max=20 passphrase=0 retry=3 enforce=everyone"
+
+# Ensure the file exists before modifying
+[ -f "$CONFIG_FILE" ] || exit 0
+
+# Check if pam_passwdqc is already in the file
+if ! grep -q "pam_passwdqc.so" "$CONFIG_FILE"; then
+    # Insert before pam_unix.so
+    sed -i "/pam_unix.so/ i\\$MODULE_LINE" "$CONFIG_FILE"
+fi
+
+exit 0

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -434,6 +434,4 @@ hw_commit_all() {
             /userfs/bin/ifc add vip pbit $pbit
         done
     fi
-
-    hw_nat -! > /dev/null 2>&1
 }

qosmngr/files/airoha/lib/qos/qos.sh

@@ -22,10 +22,6 @@ ip_rule_get_converted_tos() {
 	echo $con_tos
 }
 
-flush_hw_nat() {
-	hw_nat -! > /dev/null 2>&1
-}
-
 configure_qos() {
     # queue configuration is being done after shaper configuration,
     # If port shapingrate configuration on DISC device is called after queue configuration then
@@ -37,9 +33,8 @@ configure_qos() {
     configure_policer
     configure_classify
     if [ -f "/tmp/qos/classify.ebtables" ]; then
-        sh /tmp/qos/classify.ebtables
+	    sh /tmp/qos/classify.ebtables
     fi
-    flush_hw_nat
 }
 
 reload_qos() {
@@ -70,7 +65,6 @@ reload_qos() {
             ;;
     esac
     hw_commit_all
-    flush_hw_nat
 }
 
 reload_qos_service() {

qosmngr/files/airoha/usr/sbin/qos-uplink-bandwidth

@@ -14,13 +14,11 @@ PREV_LINKSPEED=$(cat ${LINKSPEED_FILE} 2>/dev/null)
 [ -z "${PREV_LINKSPEED}" ] && PREV_LINKSPEED=0
 
 if [ $((LINKSPEED)) -ne $((PREV_LINKSPEED)) -a $((LINKSPEED)) -ne 0 ]; then
-	if [ $((LINKSPEED)) -ge 100 ]; then
+	if [ $((LINKSPEED)) -ge 10000 ]; then
 		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000*999/1000))
 	else
-		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000*990/1000))
+		/userfs/bin/qosrule discpline Rate uplink-bandwidth $((LINKSPEED*1000))
 	fi
 	mkdir -p "/tmp/qos"
 	echo ${LINKSPEED} > ${LINKSPEED_FILE}
-
-	hw_nat -! > /dev/null 2>&1
 fi

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_assoclist.sh

@@ -1,30 +1,11 @@
-. /lib/functions.sh
-
-handle_interface() {
-	local config="${1}"
-	local prefix="${2}"
-
-	config_get ifname "${config}" ifname
-	config_get mode ${config} mode
-
+interfaces=$(uci show wireless | grep "ifname=" |  awk -F'[.,=]' '{print$2}')
+for int in $interfaces; do
+	mode=$(uci get "wireless.${int}.mode")
 	if [ "$mode" = "ap" ] ; then
-		echo "Get assoc list for ${ifname}"
-		ubus call "${prefix}.${ifname}" assoclist
-		echo "Get station info for ${ifname}"
-		ubus call "${prefix}.${ifname}" stations
+		ap_int=$(uci get "wireless.${int}.ifname")
+		echo "Get assoc list for ${ap_int}"
+		ubus call "wifi.ap.${ap_int}" assoclist
+		echo "Get station info for ${ap_int}"
+		ubus call "wifi.ap.${ap_int}" stations
 	fi
-}
-
-handle_wifi_interface() {
-	handle_interface "$1" "wifi.ap"
-}
-
-handle_mld_interface() {
-	handle_interface "$1" "wifi.apmld"
-}
-
-config_load wireless
-echo "Get associated stations information for non-MLD interfaces"
-config_foreach handle_wifi_interface wifi-iface
-echo "Get associated stations information for MLD interfaces"
-config_foreach handle_mld_interface wifi-mld
+done

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_sta.sh

@@ -22,4 +22,3 @@ handle_interface() {
 
 config_load wireless
 config_foreach handle_interface wifi-iface
-config_foreach handle_interface wifi-mld

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_status.sh

@@ -1,36 +0,0 @@
-. /lib/functions.sh
-
-handle_interface() {
-	local config="${1}"
-	local prefix="${2}"
-
-	config_get ifname "${config}" ifname
-	config_get mode ${config} mode
-
-	if [ "$mode" = "ap" ] ; then
-		echo "Get status for ${ifname}"
-		ubus call "${prefix}.${ifname}" status
-	elif [ "$mode" = "sta" ] ; then
-		echo "Get status for bSTA ${ifname}"
-		ubus call "wifi.bsta.${ifname}" status
-	fi
-}
-
-handle_wifi_interface() {
-	handle_interface "$1" "wifi.ap"
-}
-
-handle_mld_interface() {
-	handle_interface "$1" "wifi.apmld"
-}
-
-config_load wireless
-echo "Get wifi status"
-ubus call wifi status
-
-echo "Get wifi status for ap & bsta interfaces"
-config_foreach handle_wifi_interface wifi-iface
-
-echo "Get wifi status for apmld interfaces"
-config_foreach handle_mld_interface wifi-mld
-

self-diagnostics/files/usr/share/self-diagnostics/spec/wifi.json

@@ -13,8 +13,7 @@
 		},
 		{
 			"description": "WiFi Status",
-			"cmd": "sh /usr/share/self-diagnostics/helper/wifi_status.sh",
-			"timeout": 10
+			"cmd": "ubus call wifi status"
 		},
 		{
 			"description": "WiFi Radio Status",

sshmngr/Config.in

@@ -1,7 +1,7 @@
 if PACKAGE_sshmngr
 choice
 	prompt "Select backend for SSH management"
-	default SSHMNGR_BACKEND_OPENSSH_PAM
+	default SSHMNGR_BACKEND_OPENSSH
 	depends on PACKAGE_sshmngr
 	help
 		Select which backend daemon to use for SSH

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.1.7
+PKG_VERSION:=5.0.4
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=c87ba4d9648280dde6987493fc423cdd64128b09
+PKG_SOURCE_VERSION:=47f52fb0fe4a9824590c8be9ee7b8985631c39cf
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.1.7
+PKG_VERSION:=5.0.4
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=ff551283f7b05674f3215a0ece2de777223347ee
+PKG_SOURCE_VERSION:=ef5345ea0275e632f021dfcf3b62c8d09fbb5800
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,8 +28,7 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-shadow +usermngr +userinterface +obuspa +sulu-vendorext
-	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
+	DEPENDS:=+mosquitto-auth-shadow +usermngr +jq +userinterface +obuspa +qrencode
 	EXTRA_DEPENDS:=nginx
 endef
 
@@ -96,25 +95,24 @@ endef
 
 define Package/sulu/install/Default
 	$(INSTALL_DIR) $(1)/sulu/
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_BIN) ./files/etc/config/sulu $(1)/etc/config/sulu
+
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
+
 	$(INSTALL_DIR) $(1)/etc/sulu
-
-	$(INSTALL_DATA) ./files/maintenance.html $(1)/sulu/
-	$(LN) /tmp/sulu $(1)/sulu/connection
-
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
 	$(INSTALL_DATA) ./files/etc/sulu/nginx.locations $(1)/etc/sulu/
-	$(INSTALL_BIN) ./files/etc/sulu/sulu_watcher.sh $(1)/etc/sulu/
 
 	$(INSTALL_DIR) $(1)/etc/users/roles
 	$(INSTALL_DATA) ./files/etc/users/roles/*.json $(1)/etc/users/roles/
 
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DATA) ./files/etc/uci-defaults/40-add-sulu-config $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-config $(1)/etc/uci-defaults/
 ifneq ($(CONFIG_SULU_DEFAULT_UI)$(CONFIG_SULU_BUILDER_DEFAULT_UI),)
-	$(INSTALL_DATA) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/41-make-sulu-default-ui $(1)/etc/uci-defaults/
 endif
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/
 endef
 
 define Package/sulu/install/Post
@@ -130,6 +128,7 @@ define Package/sulu/install
 	$(Package/sulu/install/Post)
 endef
 
+
 define Package/sulu-builder/install
 	$(Package/sulu/install/Default)
 	$(INSTALL_DIR) $(1)/sulu/presets

sulu/sulu-builder/files/etc/config/sulu

@@ -0,0 +1,2 @@
+config global 'global'
+	option enabled '1'

sulu/sulu-builder/files/etc/init.d/sulu

@@ -1,15 +1,48 @@
 #!/bin/sh /etc/rc.common
 
-START=9
-STOP=01
-
 USE_PROCD=1
 
-PROG=/etc/sulu/sulu_watcher.sh
+START=90
+STOP=01
 
-start_service()
-{
-	procd_open_instance "sulu"
-	procd_set_param command ${PROG}
-	procd_close_instance "sulu"
+. /lib/functions.sh
+
+log() {
+	echo "${@}" | logger -t sulu.init -p debug
+}
+
+validate_sulu_global_section() {
+	uci_validate_section sulu global global \
+		'enabled:bool:1'
+}
+
+start_service() {
+	local enabled
+
+	config_load sulu
+	procd_open_instance sulu
+
+	validate_sulu_global_section || return 0
+	# append sulu connection injection
+	if [ "${enabled}" -eq "0" ]; then
+		procd_close_instance
+		return 0
+	fi
+
+	if [ "${1}" = "update" ]; then
+		log "Reloading related services"
+		/etc/sulu/sulu.sh -r
+	fi
+	/etc/sulu/sulu.sh -q
+	procd_close_instance
+}
+
+reload_service() {
+	stop
+	start update
+}
+
+service_triggers() {
+	procd_add_reload_trigger "sulu" "userinterface" "mosquitto"
+	procd_add_reload_trigger "config.change" "mapcontroller" /etc/sulu/sulu.sh -q
 }

sulu/sulu-builder/files/etc/sulu/nginx.locations

@@ -8,10 +8,6 @@ location /sitemap.xml {
 	return 200 "User-agent: *\nDisallow: /\n";
 }
 
-location /maintenance.html {
-	internal;
-}
-
 location /wss {
 	proxy_pass_request_headers      on;
 	proxy_cache        off;
@@ -27,9 +23,7 @@ location /wss {
 	proxy_set_header    X-Forwarded-Proto  $scheme;
 	add_header          Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
 	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-	add_header Pragma 'no-cache';
 	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
-	expires 0;
 	proxy_pass http://websocket;
 }
 
@@ -50,10 +44,6 @@ location / {
 		add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
 		add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
 	}
-
-	if (!-f $document_root/connection/ready) {
-		return 503;
-	}
-
-	expires 0;
+	expires -1;
+	add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
 }

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -4,15 +4,18 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/functions/iopsys-environment.sh
 
 RESTART_REQ=0
 _RESTART_SERVICES="0"
 
-slog() {
+mkdir -p /tmp/sulu/
+
+function slog() {
 	echo "$*" | logger -t sulu.sh -p debug
 }
 
-_get_agent_id() {
+function _get_agent_id() {
 	local oui serial endpointid
 
 	endpointid="$(uci_get obuspa localagent EndpointID)"
@@ -27,7 +30,7 @@ _get_agent_id() {
 	fi
 }
 
-_get_sulu_user_roles() {
+function _get_sulu_user_roles() {
 	roles=$(uci -q get userinterface._sulu_s.role)
 
 	for role in ${roles}; do
@@ -38,32 +41,35 @@ _get_sulu_user_roles() {
 		sulu_user_roles=$(echo -e "${sulu_user_roles// /\\n}" | sort | uniq)
 	fi
 
-	echo "${sulu_user_roles}"
+	echo ${sulu_user_roles}
 }
 
-_get_sulu_root() {
+function _get_sulu_root() {
 	local root
 
 	root="$(uci -q get nginx._sulu_s.root)"
 	echo "${root:-/sulu}"
 }
 
-_get_sulu_connection_config() {
+function _get_sulu_connection_config() {
 	local config
 
 	config="$(_get_sulu_root)/presets/connection-config.json"
 	echo "${config}"
 }
 
-_get_sulu_session_mode() {
-	uci -q get sulu.global.SessionMode
+function _get_sulu_session_mode() {
+	echo "$(uci -q get sulu.global.SessionMode)"
 }
 
-_get_sulu_acl_file() {
-	uci -q get mosquitto.sulu.acl_file
+function _get_sulu_acl_file() {
+	local file
+
+	file="$(uci -q get mosquitto.sulu.acl_file)"
+	echo "${file}"
 }
 
-generate_sulu_conn_config() {
+function generate_sulu_conn_config() {
 	local users SCONFIG session
 
 	users="$(_get_sulu_user_roles)"
@@ -103,10 +109,10 @@ generate_sulu_conn_config() {
 		json_close_object
 	}
 
-	json_dump >"${SCONFIG}"
+	json_dump >${SCONFIG}
 }
 
-_update_obuspa_config_rbac() {
+function _update_obuspa_config_rbac() {
 	local agent users session
 
 	agent="$(_get_agent_id)"
@@ -118,45 +124,45 @@ _update_obuspa_config_rbac() {
 
 		# Add mqtt
 		section="mqtt_sulu_${user}"
-		if ! uci_get obuspa "${section}" >/dev/null 2>&1; then
-			uci_add obuspa mqtt "${section}"
-			uci_set obuspa "${section}" BrokerAddress "127.0.0.1"
-			uci_set obuspa "${section}" BrokerPort "1883"
-			uci_set obuspa "${section}" TransportProtocol "TCP/IP"
+		if ! uci_get obuspa ${section} >/dev/null 2>&1; then
+			uci_add obuspa mqtt ${section}
+			uci_set obuspa ${section} BrokerAddress "127.0.0.1"
+			uci_set obuspa ${section} BrokerPort "1883"
+			uci_set obuspa ${section} TransportProtocol "TCP/IP"
 			RESTART_REQ=1
 		fi
 
 		# Add mtp
 		section="mtp_sulu_${user}"
-		if ! uci_get obuspa "${section}" >/dev/null 2>&1; then
-			uci_add obuspa mtp "${section}"
-			uci_set obuspa "${section}" Protocol "MQTT"
-			uci_set obuspa "${section}" ResponseTopicConfigured "/usp/${agent}/${user}/endpoint"
-			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
+		if ! uci_get obuspa ${section} >/dev/null 2>&1; then
+			uci_add obuspa mtp ${section}
+			uci_set obuspa ${section} Protocol "MQTT"
+			uci_set obuspa ${section} ResponseTopicConfigured "/usp/${agent}/${user}/endpoint"
+			uci_set obuspa ${section} mqtt "mqtt_sulu_$user"
 			RESTART_REQ=1
 		fi
 
 		# Add controller
 		section="controller_sulu_${user}"
-		if ! uci_get obuspa "${section}" >/dev/null 2>&1; then
-			uci_add obuspa controller "${section}"
-			uci_set obuspa "${section}" EndpointID "self::sulu-${user}"
-			uci_set obuspa "${section}" Protocol "MQTT"
-			uci_set obuspa "${section}" Topic "/usp/${agent}/${user}/controller"
-			uci_set obuspa "${section}" mqtt "mqtt_sulu_$user"
-			uci_set obuspa "${section}" assigned_role_name "$user"
+		if ! uci_get obuspa ${section} >/dev/null 2>&1; then
+			uci_add obuspa controller ${section}
+			uci_set obuspa ${section} EndpointID "self::sulu-${user}"
+			uci_set obuspa ${section} Protocol "MQTT"
+			uci_set obuspa ${section} Topic "/usp/${agent}/${user}/controller"
+			uci_set obuspa ${section} mqtt "mqtt_sulu_$user"
+			uci_set obuspa ${section} assigned_role_name "$user"
 			RESTART_REQ=1
 		fi
 
-		obMode="$(uci_get obuspa "${section}" SessionMode)"
+		obMode="$(uci_get obuspa ${section} SessionMode)"
 		if [ "${session}" != "${obMode}" ]; then
-			uci_set obuspa "${section}" SessionMode "${session}"
+			uci_set obuspa ${section} SessionMode "${session}"
 			RESTART_REQ=1
 		fi
 	done
 }
 
-_create_mosquitto_acl() {
+function _create_mosquitto_acl() {
 	local agentid users
 	local ACL_FILE acl_users
 
@@ -169,59 +175,109 @@ _create_mosquitto_acl() {
 
 	users="$(_get_sulu_user_roles)"
 	if [ -f "${ACL_FILE}" ]; then
-		acl_users="$(awk '/^user / {print $2}' "${ACL_FILE}")"
-		for user in ${acl_users}; do
-			if ! echo "$users" | grep -qwF "$user"; then
+		acl_users="$(awk '/^user/ {print $2}' ${ACL_FILE})"
+		for user in ${users}; do
+			if ! grep -q "$user" ${acl_users}; then
 				rm -f "${ACL_FILE}"
-				RESTART_REQ="1"
-				break
 			fi
 		done
 	fi
-	[ -f "${ACL_FILE}" ] || touch "${ACL_FILE}"
+	touch "${ACL_FILE}"
 
 	agentid="$(_get_agent_id)"
 	for user in ${users}; do
-		if ! grep -qxF "user $user" "${ACL_FILE}"; then
-			{
-				echo "user ${user}"
-				echo "topic read  /usp/${agentid}/${user}/controller/reply-to"
-				echo "topic write /usp/${agentid}/${user}/endpoint"
-				echo "topic read  /usp/${agentid}/${user}/controller"
-				echo ""
-			} >> "${ACL_FILE}"
+		if ! grep -q "user $user" ${ACL_FILE}; then
+			echo "user ${user}" >>${ACL_FILE}
+			echo "topic read  /usp/${agentid}/${user}/controller/reply-to/#" >>${ACL_FILE}
+			echo "topic write /usp/${agentid}/${user}/endpoint/#" >>${ACL_FILE}
+			echo "topic read  /usp/${agentid}/${user}/controller/#" >>${ACL_FILE}
+			echo "" >>${ACL_FILE}
 			RESTART_REQ="1"
 		fi
 	done
 
-	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
+	if [ "${_RESTART_SERVICES}" -eq "1" -a "${RESTART_REQ}" -gt "0" ]; then
 		slog "Restarting mosquitto..."
 		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
-update_obuspa_config() {
+function update_obuspa_config() {
+
 	RESTART_REQ=0
+	uci_load obuspa
 	_update_obuspa_config_rbac
 	uci_commit obuspa
 
-	if [ "${_RESTART_SERVICES}" -eq "1" ] && [ "${RESTART_REQ}" -gt "0" ]; then
+	if [ "${_RESTART_SERVICES}" -eq "1" -a "${RESTART_REQ}" -gt "0" ]; then
 		slog "Restarting obuspa..."
 		ubus call uci commit '{"config":"obuspa"}'
 	fi
 }
 
-configure_sulu() {
+generate_qr_code() {
+	local NA="UNKNOWN"
+	local TMP="/tmp/wifi_qr.svg"
+	local QR="/sulu/assets/QR.svg"
+	local SSID=""
+	local KEY=""
+	which qrencode || return
+	local PASS="$(get_user_password)"
+	if [ -z "$PASS" ]; then
+		PASS="$NA"
+	fi
+	get_ssid_and_key() {
+		local sec="$1"
+		local filter_vid="$2"
+		if [ "$SSID" != "" ]; then
+			return
+		fi
+		config_get type "$sec" type
+		if [ "$type" != "fronthaul" ]; then
+			return
+		fi
+		if [ "$filter_vid" = "1" ]; then
+			config_get vid "$sec" vid
+			if [ "$vid" != "1" ]; then
+				return
+			fi
+		fi
+		config_get ssid "$sec" ssid
+		config_get key "$sec" key
+		SSID="$ssid"
+		KEY="$key"
+	}
+	config_load mapcontroller
+	config_foreach get_ssid_and_key "ap" "0"
+	if [ "$SSID" == "" ]; then
+		config_foreach get_ssid_and_key "ap" "1"
+	fi
+	SSID=${SSID:-$NA}
+	KEY=${KEY:-$NA}
+	PASS=${PASS:-$NA}
+	qrencode -t svg -m 0 -o "$TMP" "WIFI:S:$SSID;T:WPA;P:$KEY;;GNX:U:user;Q:$PASS;;"
+	if [ "$(sha256sum "$TMP" | cut -d ' ' -f1)" != "$(sha256sum "$QR" | cut -d ' ' -f1)" ]; then
+		mv "$TMP" "$QR"
+	else
+		rm "$TMP"
+	fi
+}
+
+function configure_sulu() {
 	_create_mosquitto_acl
 	update_obuspa_config
 	generate_sulu_conn_config
 }
 
-while getopts ":r" opt; do
+while getopts ":rq" opt; do
 	case ${opt} in
 	r)
 		_RESTART_SERVICES="1"
 		;;
+	q)
+		generate_qr_code
+		exit 0
+		;;
 	*)
 		slog "Invalid option: ${OPTARG}"
 		exit 1

sulu/sulu-builder/files/etc/sulu/sulu_watcher.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-if ! command -v obuspa >/dev/null 2>&1; then
-	exit 0
-fi
-
-USP_PATH="/tmp/sulu/"
-
-log() {
-	logger -t sulu_watcher "$*"
-}
-
-wait_for_obuspa() {
-	while true; do
-		ENDPOINTID="$(obuspa -c get Device.LocalAgent.EndpointID |grep Device.|awk '{print $3}')"
-		sleep 2
-		if [ -n "${ENDPOINTID}" ]; then
-			break;
-		fi
-	done
-}
-
-mark_usp_ready() {
-	mkdir -p "${USP_PATH}"
-	touch ${USP_PATH}/ready
-}
-
-wait_for_obuspa
-mark_usp_ready

sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config

@@ -1,66 +1,91 @@
 #!/bin/sh
 
-. /lib/functions.sh
 UCI_TEMPLATE="/etc/nginx/uci.conf.template"
 
 if [ ! -f "/etc/config/mosquitto" ]; then
-	logger -t sulu.ucidefault "Local mosquitto broker not available"
-	return 1
+	echo "Local mosquitto broker not available"
+	return 0
 fi
 
 if [ ! -f "${UCI_TEMPLATE}" ]; then
-	logger -t sulu.ucidefault "nginx utils not installed, sulu can't run"
-	return 1
+	echo "nginx utils not installed, sulu can't run"
+	return 0
 fi
 
+function _get_usp_upstream_port() {
+	local port
+
+	port="$(uci -q get mosquitto.sulu.port)"
+	echo "${port:-9009}"
+}
+
 update_nginx_uci_template()
 {
 	local port
 
-	port="$(uci -q get mosquitto.sulu.port)"
-	port="${port:-9009}"
-
-	if ! grep -w "upstream websocket" ${UCI_TEMPLATE} | grep -wq "127.0.0.1:${port}"; then
+	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+	port="$(_get_usp_upstream_port)"
+        if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
 		sed -i '/#UCI_HTTP_CONFIG$/i\   map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
 		sed -i "/#UCI_HTTP_CONFIG$/i\   upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}
-	fi
+        fi
 }
 
 add_sulu_config_to_mosquitto()
 {
-	uci_add mosquitto listener sulu
-	uci_set mosquitto sulu enabled 1
-	uci_set mosquitto sulu port '9009'
-	uci_set mosquitto sulu no_remote_access '1'
-	uci_set mosquitto sulu protocol 'websockets'
-	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-	uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu require_certificates '0'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
+	fi
+}
+
+add_obuspa_config_to_mosquitto()
+{
+	uci_load mosquitto
+	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
+		uci_add mosquitto listener obuspa
+		uci_set mosquitto obuspa enabled 1
+		uci_set mosquitto obuspa port '1883'
+		uci_set mosquitto obuspa no_remote_access '1'
+		uci_set mosquitto obuspa allow_anonymous '1'
+	fi
 }
 
 add_sulu_userinterface_uci()
 {
-	if [ -f "/etc/config/userinterface" ]; then
+	uci_load userinterface
+
+	if ! uci_get userinterface _sulu_s >/dev/null 2>&1; then
 		uci_add userinterface http_access _sulu_s
 		uci_set userinterface _sulu_s path_prefix '/sulu'
 		uci_set userinterface _sulu_s port '8443'
-		uci_set userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations'
+		uci_add_list userinterface _sulu_s _nginx_include '/etc/sulu/nginx.locations'
 		uci_set userinterface _sulu_s _nginx_uci_manage_ssl 'self-signed'
-		uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt'
-		uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
-		uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none'
-		uci_set userinterface _sulu_s _nginx_error_page '503 /maintenance.html'
-		uci_set userinterface _sulu_s protocol 'HTTPS'
-		uci_set userinterface _sulu_s role 'admin user'
+        	uci_set userinterface _sulu_s _nginx_ssl_certificate '/etc/nginx/conf.d/_lan.crt'
+	        uci_set userinterface _sulu_s _nginx_ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
+	        uci_set userinterface _sulu_s _nginx_ssl_session_cache 'none'
+	        uci_set userinterface _sulu_s protocol 'HTTPS'
+		uci_add_list userinterface _sulu_s role 'admin'
+		uci_add_list userinterface _sulu_s role 'user'
+	fi
 
+	if ! uci_get userinterface _suluredirect >/dev/null 2>&1; then
 		uci_add userinterface http_access _suluredirect
 		uci_set userinterface _suluredirect redirect '_sulu_s'
-		uci_set userinterface _suluredirect protocol 'HTTP'
+	        uci_set userinterface _suluredirect protocol 'HTTP'
 		uci_set userinterface _suluredirect port "8080"
 	fi
 }
 
+add_obuspa_config_to_mosquitto
 add_sulu_config_to_mosquitto
-add_sulu_userinterface_uci
 update_nginx_uci_template
+add_sulu_userinterface_uci
 
 /etc/sulu/sulu.sh

sulu/sulu-builder/files/etc/uci-defaults/41-make-sulu-default-ui

@@ -2,16 +2,23 @@
 
 . /lib/functions.sh
 
+uci_load nginx
+# this is to make sure to not mess up existing config
+if uci_get nginx _sulu_s >/dev/null 2>&1; then
+  exit 0
+fi
+
 update_default_nginx_listner() {
-  if [ ! -f "/etc/config/nginx" ]; then
-    return 0
+
+  if [ ! -f /etc/config/nginx ]; then
+    return
   fi
 
   if ! uci_get nginx _lan >/dev/null 2>&1; then
-    return 0
+    return
   fi
 
-  if ! opkg list-installed | grep -q "^luci "; then
+  if ! opkg list-installed |grep -q "luci "; then
     echo "Luci not installed, removing luci config"
     uci_remove nginx _lan
     uci_remove nginx _redirect2ssl
@@ -21,7 +28,7 @@ update_default_nginx_listner() {
     uci_add_list nginx _lan listen "[::]:8443 ssl default_server"
 
     if ! uci_get nginx _redirect2ssl >/dev/null 2>&1; then
-        return 0
+        return
     fi
 
     uci_remove nginx _redirect2ssl listen
@@ -32,19 +39,17 @@ update_default_nginx_listner() {
 }
 
 move_sulu_to_443_and_80() {
-  if ! config_load userinterface; then
-    return 0
+  uci_load userinterface
+  if [ ! -f /etc/config/userinterface ]; then
+    return
   fi
 
   set_port() {
-    local protocol port
-
+    local protocol
     config_get protocol "$1" protocol
-    config_get port "$1" port
-
-    if [ "$protocol" == "HTTPS" ] && [ "${port}" -eq "8443" ]; then
+    if [ "$protocol" == "HTTPS" ]; then
       uci_set userinterface "$1" port "443"
-    elif [ "$protocol" == "HTTP" ] && [ "${port}" -eq "8080" ]; then
+    elif [ "$protocol" == "HTTP" ]; then
       uci_set userinterface "$1" port "80"
     fi
   }

sulu/sulu-builder/files/etc/users/roles/admin.json

@@ -6,7 +6,554 @@
     "permission": [
       {
         "object": "Device.",
-        "perm": ["PERMIT_ALL"]
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Reboot()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SelfTestDiagnostics()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.FactoryReset()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Time.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UPnP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Bridging.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Ethernet.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv6.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Hosts.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.NAT.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Firewall.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_SET",
+          "PERMIT_SUBS_VAL_CHANGE"
+        ]
+      },
+      {
+        "object": "Device.Firewall.DMZ.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PPP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LANConfigSecurity.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SoftwareModules.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.Users.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.Subscription.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.WiFi.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SSH.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.CycleElement.{i}.Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
       }
     ]
   }

sulu/sulu-builder/files/etc/users/roles/user.json

@@ -2,11 +2,533 @@
   "tr181": {
     "name": "user",
     "instance": 5,
-    "secure_role": true,
     "permission": [
       {
         "object": "Device.",
-        "perm": ["PERMIT_ALL"]
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Reboot()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SelfTestDiagnostics()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.FactoryReset()",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Time.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UPnP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Bridging.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Ethernet.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv4.Server.Pool.{i}.StaticAddress.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DHCPv6.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Hosts.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}ParentalControl.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.NAT.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Firewall.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_SET",
+          "PERMIT_SUBS_VAL_CHANGE"
+        ]
+      },
+      {
+        "object": "Device.Firewall.DMZ.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PPP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Routing.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IEEE1905.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.InterfaceStack.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DynamicDNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LANConfigSecurity.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Security.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.RouterAdvertisement.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.Services.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.UserInterface.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.PeriodicStatistics.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SoftwareModules.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.Users.User.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.LocalAgent.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.Subscription.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.WiFi.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.DNS.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_ADD",
+          "PERMIT_DEL",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.IP.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_GET_INST",
+          "PERMIT_OBJ_INFO",
+          "PERMIT_CMD_INFO",
+          "PERMIT_SET",
+          "PERMIT_OPER",
+          "PERMIT_SUBS_VAL_CHANGE",
+          "PERMIT_SUBS_OBJ_ADD",
+          "PERMIT_SUBS_OBJ_DEL",
+          "PERMIT_SUBS_EVT_OPER_COMP"
+        ]
+      },
+      {
+        "object": "Device.SSH.",
+        "perm": ["PERMIT_NONE"]
+      },
+      {
+        "object": "Device.LEDs.LED.{i}.CycleElement.{i}.Brightness",
+        "perm": ["PERMIT_GET", "PERMIT_SET", "PERMIT_GET_INST"]
       }
     ]
   }

sulu/sulu-builder/files/maintenance.html

@@ -1,248 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Router Interface Loading...</title>
-    <style>
-      * {
-        margin: 0;
-        padding: 0;
-        box-sizing: border-box;
-      }
-
-      body {
-        font-family:
-          -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu,
-          sans-serif;
-        background: linear-gradient(135deg, #3399ff 0%, #012669 100%);
-        height: 100vh;
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        color: #fff;
-      }
-
-      .container {
-        text-align: center;
-        padding: 2rem;
-        background: rgba(255, 255, 255, 0.1);
-        border-radius: 20px;
-        backdrop-filter: blur(10px);
-        box-shadow: 0 20px 40px rgba(0, 0, 0, 0.1);
-        max-width: 400px;
-        width: 90%;
-      }
-
-      .spinner {
-        width: 60px;
-        height: 60px;
-        margin: 0 auto 2rem;
-        position: relative;
-      }
-
-      .spinner::before,
-      .spinner::after {
-        content: "";
-        position: absolute;
-        top: 0;
-        left: 0;
-        width: 100%;
-        height: 100%;
-        border-radius: 50%;
-        border: 3px solid transparent;
-        border-top-color: #fff;
-        animation: spin 1.5s ease-in-out infinite;
-      }
-
-      .spinner::after {
-        animation-delay: 0.15s;
-        border-top-color: rgba(255, 255, 255, 0.5);
-      }
-
-      @keyframes spin {
-        0% {
-          transform: rotate(0deg);
-        }
-        100% {
-          transform: rotate(360deg);
-        }
-      }
-
-      h1 {
-        font-size: 1.8rem;
-        margin-bottom: 1rem;
-        font-weight: 600;
-      }
-
-      p {
-        font-size: 1rem;
-        opacity: 0.9;
-        line-height: 1.5;
-        margin-bottom: 1rem;
-      }
-
-      .status {
-        font-size: 0.9rem;
-        opacity: 0.8;
-        margin-top: 1.5rem;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        gap: 0.5rem;
-      }
-
-      .status-dot {
-        width: 8px;
-        height: 8px;
-        background: #fff;
-        border-radius: 50%;
-        animation: pulse 1.5s ease-in-out infinite;
-      }
-
-      @keyframes pulse {
-        0%,
-        100% {
-          opacity: 0.3;
-        }
-        50% {
-          opacity: 1;
-        }
-      }
-
-      .retry-count {
-        font-size: 0.85rem;
-        opacity: 0.7;
-        margin-top: 0.5rem;
-      }
-
-      .error-message {
-        background: rgba(255, 59, 48, 0.2);
-        border: 1px solid rgba(255, 59, 48, 0.5);
-        padding: 0.75rem;
-        border-radius: 8px;
-        margin-top: 1rem;
-        font-size: 0.9rem;
-        display: none;
-      }
-    </style>
-  </head>
-  <body>
-    <div class="container">
-      <div class="spinner"></div>
-      <h1>Router Starting Up</h1>
-      <p>
-        The web interface is initializing. You'll be redirected automatically
-        once it's ready.
-      </p>
-
-      <div class="status">
-        <span class="status-dot"></span>
-        <span id="statusText">Checking availability...</span>
-      </div>
-
-      <div class="retry-count" id="retryCount"></div>
-      <div class="error-message" id="errorMessage"></div>
-    </div>
-
-    <script>
-      let retryCount = 0;
-      let checkInterval = 2000; // Start with 2 seconds
-      let maxInterval = 10000; // Max 10 seconds between checks
-      let consecutiveFailures = 0;
-      let maxConsecutiveFailures = 100; // Stop after 100 consecutive failures (~8-10 minutes)
-
-      function updateStatus(message) {
-        document.getElementById("statusText").textContent = message;
-      }
-
-      function updateRetryCount() {
-        retryCount++;
-        const retryElement = document.getElementById("retryCount");
-        retryElement.textContent = `Attempt ${retryCount}`;
-      }
-
-      function showError(message) {
-        const errorElement = document.getElementById("errorMessage");
-        errorElement.textContent = message;
-        errorElement.style.display = "block";
-      }
-
-      async function checkAvailability() {
-        updateRetryCount();
-        updateStatus("Connecting to router...");
-
-        try {
-          // Try to fetch the index page
-          const response = await fetch("/index.html", {
-            method: "HEAD", // Use HEAD to minimize bandwidth
-            cache: "no-cache",
-            mode: "no-cors", // Allow checking even with CORS restrictions
-          });
-
-          // If we get any response (even 404), the server is responding
-          // For a router, we typically want to redirect on 200 or 304
-          if (response.ok || response.status === 304) {
-            updateStatus("Router ready! Redirecting...");
-            consecutiveFailures = 0;
-
-            // Small delay for user feedback
-            setTimeout(() => {
-              window.location.reload();
-            }, 500);
-            return true;
-          } else if (response.status !== 503) {
-            // Server is responding but page not ready yet
-            updateStatus(`Server responding (${response.status}), waiting...`);
-            consecutiveFailures = 0;
-          }
-        } catch (error) {
-          // Network error - server not reachable
-          consecutiveFailures++;
-
-          if (consecutiveFailures > maxConsecutiveFailures) {
-            updateStatus("Connection timeout");
-            showError(
-              "Unable to connect to router. Please check your connection and refresh this page.",
-            );
-            return true; // Stop checking
-          }
-
-          updateStatus("Router not ready yet...");
-
-          // Implement exponential backoff
-          if (consecutiveFailures > 5) {
-            checkInterval = Math.min(checkInterval * 1.2, maxInterval);
-          }
-        }
-
-        return false;
-      }
-
-      async function startChecking() {
-        // Initial check
-        const isReady = await checkAvailability();
-        if (isReady) return;
-
-        // Continue checking
-        const intervalId = setInterval(async () => {
-          const isReady = await checkAvailability();
-          if (isReady) {
-            clearInterval(intervalId);
-          }
-        }, checkInterval);
-      }
-
-      // Start checking when page loads
-      window.addEventListener("DOMContentLoaded", () => {
-        // Small initial delay to show the UI
-        setTimeout(startChecking, 500);
-      });
-
-      // Also try to check if user clicks anywhere on the page
-      document.addEventListener("click", () => {
-        checkAvailability();
-      });
-    </script>
-  </body>
-</html>

sulu/sulu-theme-genexis/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-theme-genexis
-PKG_VERSION:=5.1.7
+PKG_VERSION:=5.0.3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/sulu-theme-genexis
-PKG_SOURCE_VERSION:=d329108aa49a0d57325cd8e639c80ba70c126f3f
+PKG_SOURCE_VERSION:=69b72c2e589a3f73db3cb219ee7f59ab40b1bf48
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sulu/sulu-vendorext/Makefile

@@ -1,36 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=sulu-vendorext
-PKG_VERSION:=0.0.4
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=none
-
-include $(INCLUDE_DIR)/package.mk
-include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
-
-
-define Package/sulu-vendorext
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=Adds sulu-vendorext extensions
-endef
-
-define Build/Compile
-endef
-
-define Package/sulu-vendorext/install
-	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU_firewall.json $(1) firewallmngr
-
-	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU.json $(1) sysmngr
-	$(BBFDM_INSTALL_MS_PLUGIN) ./extn/X_GENEXIS_EU_wan.json $(1) sysmngr
-
-	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) suluvendorext
-	$(BBFDM_INSTALL_MS_DM) ./extn/X_IOWRT_EU_MAPController.json $(1) suluvendorext
-
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,sulu-vendorext))

sulu/sulu-vendorext/bbfdm_service.json

@@ -1,16 +0,0 @@
-{
-  "daemon": {
-    "enable": "1",
-    "service_name": "suluvendorext",
-    "unified_daemon": false,
-    "services": [
-      {
-        "parent_dm": "Device.",
-        "object": "X_IOWRT_EU_MAPController"
-      }
-    ],
-    "config": {
-      "loglevel": "3"
-    }
-  }
-}

sulu/sulu-vendorext/extn/X_GENEXIS_EU.json

@@ -1,140 +0,0 @@
-{
-        "Device.DeviceInfo.X_GENEXIS_EU.": {
-                "type": "object",
-                "version": "1.00",
-                "protocols": [
-                        "cwmp",
-                        "usp"
-                ],
-                "access": false,
-                "array": false,
-                "is_primary_node": {
-                        "type": "boolean",
-                        "version": "1.00",
-                        "read": true,
-                        "write": false,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "heimgard",
-                                                "section": {
-                                                        "name": "routeragent"
-                                                },
-                                                "option": {
-                                                        "name": "is_master"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "meshmode": {
-                        "type": "string",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "rpc": "get",
-                                        "type": "ubus",
-                                        "ubus": {
-                                                "object": "meshmode",
-                                                "method": "status",
-                                                "key": "mode"
-                                        }
-                                },
-                                {
-                                        "rpc": "set",
-                                        "type": "ubus",
-                                        "ubus": {
-                                                "object": "meshmode",
-                                                "method": "change_meshmode",
-                                                "args": {
-                                                        "mode": "@Value"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "wizardHasBeenUsed": {
-                        "type": "boolean",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "heimgard",
-                                                "section": {
-                                                        "name": "settings"
-                                                },
-                                                "option": {
-                                                        "name": "wizard_executed"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "LocalTimeZone": {
-                        "type": "string",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "system",
-                                                "section": {
-                                                        "name": "@system[0]"
-                                                },
-                                                "option": {
-                                                        "name": "timezone"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-                "LocalTimeZoneName": {
-                        "type": "string",
-                        "version": "1.00",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "system",
-                                                "section": {
-                                                        "name": "@system[0]"
-                                                },
-                                                "option": {
-                                                        "name": "zonename"
-                                                }
-                                        }
-                                }
-                        ]
-                }
-        }
-}

sulu/sulu-vendorext/extn/X_GENEXIS_EU_firewall.json

@@ -1,723 +0,0 @@
-{
-        "Device.Firewall.X_GENEXIS_EU.": {
-                "type": "object",
-                "protocols": [
-                        "cwmp",
-                        "usp"
-                ],
-                "access": false,
-                "array": false,
-                "Mode": {
-                        "type": "string",
-			"enumerations": [
-				"Low",
-				"low",
-				"Medium",
-				"medium",
-				"High",
-				"high",
-				"Custom",
-				"custom"
-			],
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "datatype": "string",
-                        "mapping": [
-                                {
-                                        "rpc": "get",
-                                        "type": "ubus",
-                                        "ubus": {
-                                                "object": "firewall_mode",
-                                                "method": "get",
-                                                "key": "mode"
-                                        }
-                                },
-                                {
-                                        "rpc": "set",
-                                        "type": "ubus",
-                                        "ubus": {
-                                                "object": "firewall_mode",
-                                                "method": "set",
-                                                "args": {
-                                                        "mode": "@Value"
-                                                }
-                                        }
-                                }
-                        ]
-		},
-		"Input": {
-			"type": "string",
-			"enumerations": [
-				"ACCEPT",
-				"REJECT",
-				"DROP"
-			],
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "datatype": "string",
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "firewall",
-                                                "section": {
-                                                        "name": "@defaults[0]"
-                                                },
-                                                "option": {
-                                                        "name": "input"
-                                                }
-                                        }
-                                }
-                        ]
-		},
-		"Forward": {
-			"type": "string",
-			"enumerations": [
-				"ACCEPT",
-				"REJECT",
-				"DROP"
-			],
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "datatype": "string",
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "firewall",
-                                                "section": {
-                                                        "name": "@defaults[0]"
-                                                },
-                                                "option": {
-                                                        "name": "forward"
-                                                }
-                                        }
-                                }
-                        ]
-                },
-		"Output": {
-			"type": "string",
-			"enumerations": [
-				"ACCEPT",
-				"REJECT",
-				"DROP"
-			],
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-                        "datatype": "string",
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "firewall",
-                                                "section": {
-                                                        "name": "@defaults[0]"
-                                                },
-                                                "option": {
-                                                        "name": "output"
-                                                }
-                                        }
-                                }
-                        ]
-		},
-		"Drop_invalid": {
-			"type": "boolean",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-			"datatype": "boolean",
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "firewall",
-                                                "section": {
-                                                        "name": "@defaults[0]"
-                                                },
-                                                "option": {
-                                                        "name": "drop_invalid"
-                                                }
-                                        }
-                                }
-                        ]
-		},
-		"Synflood_protect": {
-			"type": "boolean",
-                        "read": true,
-                        "write": true,
-                        "protocols": [
-                                "cwmp",
-                                "usp"
-                        ],
-			"datatype": "boolean",
-                        "mapping": [
-                                {
-                                        "type": "uci",
-                                        "uci": {
-                                                "file": "firewall",
-                                                "section": {
-                                                        "name": "@defaults[0]"
-                                                },
-                                                "option": {
-                                                        "name": "synflood_protect"
-                                                }
-                                        }
-                                }
-                        ]
-		},
-		"ZoneNumberOfEntries": {
-			"type": "unsignedInt",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"read": true,
-			"write": false,
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "firewall",
-						"section": {
-							"type": "zone"
-						},
-						"option": {
-							"name": "@Count"
-						}
-					}
-				}
-			]
-		},
-		"Device.Firewall.X_GENEXIS_EU.Zone.{i}.": {
-			"type": "object",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"access": true,
-			"array": true,
-			"mapping": {
-				"type": "uci",
-				"uci": {
-					"file": "firewall",
-					"section": {
-						"type": "zone"
-					},
-					"dmmapfile": "dmmap_firewall"
-				}
-			},
-			"Name": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "name"
-							}
-						}
-					}
-				]
-			},
-			"Network": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "network"
-							}
-						}
-					}
-				]
-			},
-			"Masq": {
-				"type": "boolean",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "boolean",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "masq"
-							}
-						}
-					}
-				]
-			},
-			"Masq_src": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "masq_src"
-							}
-						}
-					}
-				]
-			},
-			"Masq_dest": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "masq_dest"
-							}
-						}
-					}
-				]
-			},
-			"Masq_allow_invalid": {
-				"type": "boolean",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "boolean",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "masq_allow_invalid"
-							}
-						}
-					}
-				]
-			},
-			"Mtu_fix": {
-				"type": "boolean",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"description": "MSS clamping",
-				"datatype": "boolean",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "mtu_fix"
-							}
-						}
-					}
-				]
-			},
-			"Input": {
-				"type": "string",
-				"enumerations": [
-					"ACCEPT",
-					"REJECT",
-					"DROP"
-				],
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "input"
-							}
-						}
-					}
-				]
-			},
-			"Forward": {
-				"type": "string",
-				"enumerations": [
-					"ACCEPT",
-					"REJECT",
-					"DROP"
-				],
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "forward"
-							}
-						}
-					}
-				]
-			},
-			"Output": {
-				"type": "string",
-				"enumerations": [
-					"ACCEPT",
-					"REJECT",
-					"DROP"
-				],
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "output"
-							}
-						}
-					}
-				]
-			},
-			"Family": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "family"
-							}
-						}
-					}
-				]
-			},
-			"Log": {
-				"type": "unsignedInt",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "unsignedInt",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "log"
-							}
-						}
-					}
-				]
-			},
-			"Device": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "device"
-							}
-						}
-					}
-				]
-			},
-			"Subnet": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"list": {
-					"datatype": "string"
-				},
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "subnet"
-							}
-						}
-					}
-				]
-			},
-			"Auto_helper": {
-				"type": "boolean",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "boolean",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "zone",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "auto_helper"
-							}
-						}
-					}
-				]
-			}
-		},
-		"ForwardingNumberOfEntries": {
-			"type": "unsignedInt",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"read": true,
-			"write": false,
-			"mapping": [
-				{
-					"type": "uci",
-					"uci": {
-						"file": "firewall",
-						"section": {
-							"type": "forwarding"
-						},
-						"option": {
-							"name": "@Count"
-						}
-					}
-				}
-			]
-		},
-		"Device.Firewall.X_GENEXIS_EU.Forwarding.{i}.": {
-			"type": "object",
-			"protocols": [
-				"cwmp",
-				"usp"
-			],
-			"access": true,
-			"array": true,
-			"mapping": {
-				"type": "uci",
-				"uci": {
-					"file": "firewall",
-					"section": {
-						"type": "forwarding"
-					},
-					"dmmapfile": "dmmap_firewall"
-				}
-			},
-			"Src": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "forwarding",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "src"
-							}
-						}
-					}
-				]
-			},
-			"Dest": {
-				"type": "string",
-				"read": true,
-				"write": true,
-				"protocols": [
-					"cwmp",
-					"usp"
-				],
-				"datatype": "string",
-				"mapping": [
-					{
-						"type": "uci",
-						"uci": {
-							"file": "firewall",
-							"section": {
-								"type": "forwarding",
-								"index": "@i-1"
-							},
-							"option": {
-								"name": "dest"
-							}
-						}
-					}
-				]
-			}
-		}
-	}
-}

sulu/sulu-vendorext/extn/X_GENEXIS_EU_wan.json

@@ -1,487 +0,0 @@
-{
-    "Device.DeviceInfo.X_GENEXIS_EU.Wan.": {
-        "type": "object",
-        "version": "1.00",
-        "protocols": [
-            "cwmp",
-            "usp"
-        ],
-        "access": false,
-        "array": false,
-        "proto": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "proto"
-                        },
-                        "key": "proto"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "proto",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "ipaddr": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "status",
-                        "args": {},
-                        "key": "ipaddr"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "ipaddr"
-                        }
-                    }
-                }
-            ]
-        },
-        "netmask": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "status",
-                        "args": {},
-                        "key": "netmask"
-                    }
-                },
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "netmask"
-                        }
-                    }
-                }
-            ]
-        },
-        "gateway": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "status",
-                        "args": {},
-                        "key": "gateway"
-                    }
-                },
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "gateway"
-                        }
-                    }
-                }
-            ]
-        },
-        "peerdns": {
-            "type": "boolean",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "peerdns"
-                        }
-                    }
-                }
-            ]
-        },
-        "dns": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "dns"
-                        }
-                    }
-                }
-            ]
-        },
-        "hostname": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "hostname"
-                        }
-                    }
-                }
-            ]
-        },
-        "NAT": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "firewall",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "masq"
-                        }
-                    }
-                }
-            ]
-        },
-        "mtu": {
-            "type": "unsignedInt",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "type": "uci",
-                    "uci": {
-                        "file": "network",
-                        "section": {
-                            "name": "wan"
-                        },
-                        "option": {
-                            "name": "mtu"
-                        }
-                    }
-                }
-            ]
-        },
-        "vid": {
-            "type": "unsignedInt",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "vid"
-                        },
-                        "key": "vid"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "vid",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "username": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "username"
-                        },
-                        "key": "username"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "username",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "password": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "password"
-                        },
-                        "key": "password"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "password",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "service": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "service"
-                        },
-                        "key": "service"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "service",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "ac": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "ac"
-                        }
-                    },
-                    "key": "ac"
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "ac",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        },
-        "keepalive": {
-            "type": "string",
-            "version": "1.00",
-            "read": true,
-            "write": true,
-            "protocols": [
-                "cwmp",
-                "usp"
-            ],
-            "mapping": [
-                {
-                    "rpc": "get",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "get",
-                        "args": {
-                            "param": "keepalive"
-                        },
-                        "key": "keepalive"
-                    }
-                },
-                {
-                    "rpc": "set",
-                    "type": "ubus",
-                    "ubus": {
-                        "object": "genexis.wan",
-                        "method": "set",
-                        "args": {
-                            "param": "keepalive",
-                            "value": "@Value"
-                        }
-                    }
-                }
-            ]
-        }
-    }
-}

sulu/sulu-vendorext/extn/X_IOWRT_EU_MAPController.json

@@ -1,353 +0,0 @@
-{
-  "json_plugin_version": 2,
-  "Device.X_IOWRT_EU_MAPController.": {
-    "type": "object",
-    "protocols": [
-      "usp"
-    ],
-    "access": false,
-    "array": false,
-    "Device.X_IOWRT_EU_MAPController.Controller.": {
-      "type": "object",
-      "protocols": [
-        "usp"
-      ],
-      "access": false,
-      "array": false,
-      "dependency": "file:/etc/config/mapcontroller",
-      "Enable": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "default": true,
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "enabled"
-              }
-            }
-          }
-        ]
-      },
-      "ChannelPlan": {
-        "type": "unsignedInt",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "channel_plan_interval"
-              }
-            }
-          }
-        ]
-      },
-      "AllowBackgroundDFS": {
-        "type": "unsignedInt",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "bgdfs_interval"
-              }
-            }
-          }
-        ]
-      },
-      "TrafficSeparation": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "traffic_separation"
-              }
-            }
-          }
-        ]
-      },
-      "InitialChannelScan": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "controller"
-              },
-              "option": {
-                "name": "initial_scan"
-              }
-            }
-          }
-        ]
-      }
-    },
-    "Device.X_IOWRT_EU_MAPController.AccessPoint.{i}.": {
-      "type": "object",
-      "protocols": [
-        "usp"
-      ],
-      "access": true,
-      "array": true,
-      "mapping": [
-        {
-          "type": "uci",
-          "uci": {
-            "file": "mapcontroller",
-            "section": {
-              "type": "ap"
-            },
-            "dmmapfile": "dmmap_mapcontroller"
-          }
-        }
-      ],
-      "Band": {
-        "type": "string",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "band"
-          }
-        ]
-      },
-      "SSID": {
-        "type": "string",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "ssid"
-          }
-        ]
-      },
-      "Encryption": {
-        "type": "string",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "encryption"
-          }
-        ]
-      },
-      "Key": {
-        "type": "string",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "flags": [
-          "Secure"
-        ],
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "key"
-          }
-        ]
-      },
-      "HaulType": {
-        "type": "string",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "default": "fronthaul",
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "type"
-          }
-        ]
-      },
-      "NetworkType": {
-        "type": "string",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "default": "Primary",
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "network_type"
-          }
-        ]
-      },
-      "VID": {
-        "type": "unsignedInt",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "default": 1,
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "vid"
-          }
-        ]
-      },
-      "Enable": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "default": true,
-        "mapping": [
-          {
-            "type": "uci_sec",
-            "data": "@Parent",
-            "key": "enabled"
-          }
-        ]
-      }
-    },
-    "Device.X_IOWRT_EU_MAPController.STASteering.": {
-      "type": "object",
-      "protocols": [
-        "usp"
-      ],
-      "access": false,
-      "array": false,
-      "dependency": "file:/etc/config/mapcontroller",
-      "STASteering": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "sta_steering"
-              },
-              "option": {
-                "name": "enable_sta_steer"
-              }
-            }
-          }
-        ]
-      },
-      "BackhaulSTASteering": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "sta_steering"
-              },
-              "option": {
-                "name": "enable_bsta_steer"
-              }
-            }
-          }
-        ]
-      },
-      "BandSteering": {
-        "type": "boolean",
-        "read": true,
-        "write": true,
-        "protocols": [
-          "usp"
-        ],
-        "mapping": [
-          {
-            "type": "uci",
-            "uci": {
-              "file": "mapcontroller",
-              "section": {
-                "name": "sta_steering"
-              },
-              "option": {
-                "name": "bandsteer"
-              }
-            }
-          }
-        ]
-      }
-    }
-  }
-}

sulu/sulu-vendorext/files/etc/config/heimgard

@@ -1,36 +0,0 @@
-config ota 'ota'
-  # Allow firmware upgrades, defaults true
-  option firmware 'true'
-  # Allow download of arbituary files
-  option file_download 'true'
-  # Allow to download software packages
-  option software 'false'
-  # Allow to download personalization files (isp/customer settings)
-  option customer_settings 'false'
-  option mirror_url '$fwenv$upgrade_ota_url|https://upgradeserver$'
-  option crontab_entry "$(date +%M) * * * *"
-  list softwarelist 'ping_container'
-  list softwarelist 'pingcom_ota'
-  option interval 'nightly'
-  option registry_service_enabled '$fwenv$registry_service_enabled|1$'
-  option registry_service_url '$fwenv$registry_service_url|https://registry.hc-apis.com$'
-  option verbose_level '6'
-
-config routeragent 'routeragent'
-  option is_master 'false'
-  option onboarded 'false'
-
-config containers 'containers'
-  list 'cnt_list' 'f-secure'
-  list 'cnt_list' 'lxc_hello_world'
-
-config services 'state'
-  option mwan3 'disable'
- 
-config links 'help_support'
-	option support_link 'https://genexis.eu/solutions/support-services/'
-	option faq_link ''
-	option contact_link 'https://genexis.eu/contact'
-	option contact_phone ''
-	option livechat_link ''
-	option contact_times 'Monday – Friday from 09:00 – 17:00'

sulu/sulu-vendorext/files/etc/init.d/sulu_widgets

@@ -1,63 +0,0 @@
-#!/bin/sh /etc/rc.common
-#
-# This script will hide sulu widgets depending on router mode.
-# This is achieved by creating a widget-presets.json file
-# overriding the visibilityControl for each hidden widget.
-#
-# Note: widget names must be unique!
-#
-
-START=61
-
-HIDDEN_WIDGETS_PPPOE=""
-HIDDEN_WIDGETS_BRIDGE="wan-dash wan heimgard-dhcp heimgard-static-lease heimgard-firewall heimgard-internet-access heimgard-upnp"
-HIDDEN_WIDGETS_ROUTER=""
-
-output_file="/sulu/widget-presets/widget-presets.json"
-
-start() {
-	local mode hidden_widgets
-
-	mode=$(ubus call meshmode status | jsonfilter -e '@.mode')
-
-	case "$mode" in
-		pppoe)
-			hidden_widgets=$HIDDEN_WIDGETS_PPPOE
-		;;
-		bridge)
-			hidden_widgets=$HIDDEN_WIDGETS_BRIDGE
-		;;
-		router)
-			hidden_widgets=$HIDDEN_WIDGETS_ROUTER
-		;;
-		default)
-			logger -t "Sulu widgets" "Unable to determine device mode"
-			return 1
-		;;
-	esac
-
-	output_dir=$(dirname "$output_file")
-	if [ ! -d "$output_dir" ]; then
-		mkdir -p "$output_dir"
-	fi
-
-	echo "{" > "$output_file"
-
-	first=1
-	for widget in $hidden_widgets; do
-		if [ $first -eq 0 ]; then
-			echo "  ," >> "$output_file"
-		fi
-		first=0
-
-		echo '  "'$widget'": {' >> "$output_file"
-		echo '    "visibilityControl": "hide"' >> "$output_file"
-		echo '  }' >> "$output_file"
-	done
-
-	echo "}" >> "$output_file"
-}
-
-reload() {
-        start
-}

sulu/sulu-vendorext/files/lib/sulu_functions.sh

@@ -1,198 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC1091,SC3043,SC3043
-
-. /usr/share/libubox/jshn.sh
-. /lib/functions/network.sh
-
-persistent_file="/tmp/sulu.json"
-
-init_json() {
-	json_init
-	[ -f "${persistent_file}" ] && json_load_file "${persistent_file}"
-	json_add_int "schema_version" "1"
-	if ! json_select "network" >/dev/null; then
-		json_add_object "network"
-	fi
-
-	if ! json_select "wan" >/dev/null; then
-		local current_dev=""
-		local current_proto=""
-		local current_vid=""
-		local current_mtu=""
-		local current_username=""
-		local current_password=""
-		local default_gw_interface=""
-		# Load current settings
-		network_find_wan default_gw_interface
-		[ -z "${default_gw_interface}" ] && default_gw_interface="wan"
-		current_dev="$(uci -q get network."${default_gw_interface}".device)"
-		current_proto="$(uci -q get network."${default_gw_interface}".proto || echo "dhcp")"
-		current_vid="$(uci -q get network."${current_dev}".vid)"
-		current_mtu="$(uci -q get network."${default_gw_interface}".mtu)"
-		if [ "pppoe" = "${current_proto}" ]; then
-			current_username="$(uci -q get network."${default_gw_interface}".username)"
-			current_password="$(uci -q get network."${default_gw_interface}".password)"
-		fi
-		json_add_array "wan"
-		json_add_object
-		json_add_string "name" "wan"
-		json_add_string "proto" "${current_proto}"
-		[ -n "${current_vid}" ] && json_add_int "vlan_id" "${current_vid}"
-		[ -n "${current_mtu}" ] && json_add_int "mtu" "${current_mtu}"
-		[ -n "${current_username}" ] && json_add_string "username" "${current_username}"
-		[ -n "${current_password}" ] && json_add_string "password" "${current_password}"
-		json_close_object
-	fi
-	json_close_object
-	json_close_object
-	if ! json_select "netmode" >/dev/null; then
-		json_add_object "netmode"
-	fi
-	json_close_object
-}
-
-save_and_exit() {
-	json_dump >"${persistent_file}"
-	exit 0
-}
-
-save_userconf() {
-	json_dump >"${persistent_file}"
-	# reload opconf to apply changes from persistent file, discarding output
-	opconf "${persistent_file}" > /dev/null 2>&1
-	# Commit network changes
-	ubus call uci commit '{"config": "network"}'
-}
-
-# Create skeleton file if it doesn't exists after that load in $persistent_file
-init_json
-
-go_L2() {
-	logger -s -p user.info -t "netmode" "User has manually chosen L2; switching to Layer2 mode"
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	json_select "netmode"
-	json_add_string "current" "layer2"
-	json_select ..
-	save_userconf
-	json_set_namespace old_cb
-}
-
-# Set netmode in uboot to correct mode, remove marker so network config is regenerated and reboot
-go_L3() {
-	logger -p user.info -t "netmode" "User has manually chosen L3; switching to Layer3/Full mode"
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	json_select "network"
-	json_select "wan"
-	if ! json_is_a 1 object; then
-		json_add_object
-	else
-		json_select 1
-	fi
-	json_add_string "name" "wan"
-	json_add_string "proto" "dhcp"
-	json_add_int "vlan_id" 0
-	json_close_object
-	json_select ..
-	json_select ..
-	json_select "netmode"
-	json_add_string "current" "layer3"
-	json_select ..
-	save_userconf
-	json_set_namespace old_cb
-}
-
-go_pppoe() {
-	local username="${1}"
-	local password="${2}"
-	local enable_vid="${3:-1}"
-	local vid="${4:-0}"
-	local mtu="${5:-1500}"
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	logger -p user.info -t "netmode" "User has manually chosen pppoe; switching to pppoe mode"
-	logger -p user.info -t "netmode" "params - username:${username} password:${password} enable:${enable_vid} vid:${vid} mtu:${mtu}"
-	json_select "network"
-	json_select "wan"
-	if ! json_is_a 1 object; then
-		json_add_object
-	else
-		json_select 1
-	fi
-	json_add_string "name" "wan"
-	json_add_string "proto" "pppoe"
-	json_add_int "vlan_id" "${vid}"
-	json_add_string "username" "${username}"
-	json_add_string "password" "${password}"
-	json_add_int "mtu" "${mtu}"
-	json_close_object
-	json_select ..
-	json_select ..
-	json_select "netmode"
-	json_add_string "current" "pppoe"
-	save_userconf
-	json_set_namespace old_cb
-}
-
-# shellcheck disable=SC3043
-set_wan_param() {
-	local name="${1:?}"
-	local value="${2:?}"
-	# shellcheck disable=SC2034
-	local old_cb
-	json_set_namespace set_wan_param old_cb
-	init_json
-	json_select "network"
-	json_select "wan"
-	if ! json_is_a 1 object; then
-		json_add_object
-	else
-		json_select 1
-	fi
-	json_add_string "name" "wan"
-	case "${name}" in
-	proto | username | password)
-		json_add_string "${name}" "${value}"
-		;;
-	vid | vland_id)
-		json_add_int "vlan_id" "${value}"
-		;;
-	mtu)
-		json_add_int "mtu" "${value}"
-		;;
-	*)
-		logger "sulu_functions: Unkown name '${name}' in set_wan_param"
-		;;
-	esac
-	json_close_object
-	json_select ..
-	json_select ..
-	logger -s "sulu_functions Name: '${name}'='${value}'"
-	save_userconf
-	json_set_namespace old_cb
-}
-# shellcheck disable=SC3043
-# Parses all jsons in /opconf, returns active variable_name
-get_wan_value() {
-	local variable_name="${1:?}"
-	local value_from_opconf=""
-	local final_config=""
-	local json_file=""
-
-	case "${variable_name}" in
-	"vid")
-		variable_name="vlan_id"
-		;;
-	*) ;;
-	esac
-
-	for json_file in /opconf/*.json ${persistent_file}; do
-		value_from_opconf="$(jsonfilter -e "@.network.wan[@.name='wan'].${variable_name}" <"${json_file}")"
-		[ -n "${value_from_opconf}" ] && final_config="${value_from_opconf}"
-	done
-	echo "${final_config}"
-}

sulu/sulu-vendorext/files/usr/libexec/rpcd/firewall_mode

@@ -1,147 +0,0 @@
-#!/bin/sh
-
-. /usr/share/libubox/jshn.sh
-
-get_fwmode() {
-	uci -q get firewall.globals.mode || echo "custom"
-}
-
-set_fwmode() {
-	local mode=$1
-	local allow_gw_rule="allow_gw_in"
-	local services="http https smtp pop3 imap ssh"
-	local ports="80 443 25 110 143 22"
-
-	uci set firewall.globals.mode="$mode"
-
-	# Set some defaults and start from a clean slate
-	uci set firewall.lan.input='ACCEPT'
-	uci set firewall.lan.output='ACCEPT'
-	uci set firewall.lan.forward='ACCEPT'
-
-	uci set firewall.wan.input='REJECT'
-	uci set firewall.wan.output='ACCEPT'
-	uci set firewall.wan.forward='REJECT'
-
-	# remove rules from low mode
-	uci -q delete firewall.${allow_gw_rule}
-
-	# remove rules from high mode
-	for service in $services; do
-		uci -q delete firewall.allow_${service}_out
-	done
-
-	# handle any custom zones and forwardings
-	for zone in $(uci show firewall | grep "=zone" | cut -d'.' -f2 | cut -d'=' -f1); do
-		if [ "$zone" == "lan" ] || [ "$zone" == "wan" ]; then
-			continue
-		fi
-		if [ "$mode" == "custom" ]; then
-			uci set firewall.${zone}.enabled=1
-		else
-			uci set firewall.${zone}.enabled=0
-		fi
-	done
-	for forwarding in $(uci show firewall | grep "=forwarding" | cut -d'.' -f2 | cut -d'=' -f1); do
-		if [ "$forwarding" == "default_fwd_1" ]; then
-			continue
-		fi
-		if [ "$mode" == "custom" ]; then
-			uci set firewall.${forwarding}.enabled=1
-		else
-			uci set firewall.${forwarding}.enabled=0
-		fi
-	done
-
-	# Now set mode specific presets
-	case "$mode" in
-	low)
-		# add rule for incoming gateway
-		json_init
-		json_load "$(ubus -S call genexis.wan status)"
-		json_get_var gateway gateway
-
-		if [ -n "$gateway" ]; then
-			uci set firewall.${allow_gw_rule}=rule
-			uci set firewall.${allow_gw_rule}.name='Allow-Gateway-In'
-			uci set firewall.${allow_gw_rule}.src='wan'
-			uci set firewall.${allow_gw_rule}.src_ip="$gateway"
-			uci set firewall.${allow_gw_rule}.target='ACCEPT'
-			uci reorder firewall.${allow_gw_rule}=1
-		fi
-		;;
-	medium)
-		uci set firewall.wan.input='DROP'
-		uci set firewall.wan.forward='DROP'
-		;;
-	high)
-		uci set firewall.wan.input='DROP'
-		uci set firewall.wan.output='REJECT'
-		uci set firewall.wan.forward='DROP'
-
-		# add rules for outgoing services
-		i=1
-		for service in $services; do
-			port=$(echo $ports | cut -d' ' -f$i)
-			uci set firewall.allow_${service}_out=rule
-			uci set firewall.allow_${service}_out.name="Allow-${service}-Out"
-			uci set firewall.allow_${service}_out.src='lan'
-			uci set firewall.allow_${service}_out.dest='wan'
-			uci set firewall.allow_${service}_out.proto='tcp'
-			uci set firewall.allow_${service}_out.dest_port="$port"
-			uci set firewall.allow_${service}_out.target='ACCEPT'
-			uci reorder firewall.allow_${service}_out=1
-			i=$((i + 1))
-		done
-		;;
-	custom)
-		uci -q delete firewall.globals.mode # keep or not keep?
-		# in custom mode we will get additional usp calls to set config directly towards uci
-		;;
-	esac
-
-	ubus call uci commit '{"config": "firewall"}'
-	logger -t "firewall.ubus" "Commited and applied new firewall config"
-}
-
-fwmode="$(get_fwmode)"
-
-case "$1" in
-list)
-	echo '{ "get" : {}, "set" : {"mode":"String"}}'
-	;;
-call)
-	case "$2" in
-	get)
-
-		if [ -n "$fwmode" ]; then
-			echo '{"mode": "'"$fwmode"'"}'
-		else
-			echo '{"error": "Could not detect mode"}'
-		fi
-		;;
-	set)
-		# Read the JSON object provided for the arguments
-		read -r input
-
-		json_load "${input}"
-		json_get_var mode mode
-
-		mode=$(echo "$mode" | tr 'A-Z' 'a-z')
-		case "$mode" in
-		low | medium | high | custom)
-			if [ "$mode" == "$fwmode" ]; then
-				echo '{"status": "No change"}'
-				return
-			fi
-			set_fwmode "$mode"
-			echo '{"status": "Ok"}'
-			;;
-		*)
-			echo '{"error": "Incorrect mode ('"$mode"')"}'
-			;;
-		esac
-		;;
-	esac
-	;;
-esac

sulu/sulu-vendorext/files/usr/libexec/rpcd/genexis.wan

@@ -1,110 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC3043,SC1091,SC2140
-. /usr/share/libubox/jshn.sh
-. /lib/functions/network.sh
-. /lib/sulu_functions.sh
-
-cidr_to_netmask() {
-    value=$((0xffffffff ^ ((1 << (32 - $1)) - 1)))
-    echo "$(((value >> 24) & 0xff)).$(((value >> 16) & 0xff)).$(((value >> 8) & 0xff)).$((value & 0xff))"
-}
-
-# setValue() - Set the value of the given WAN parameter.
-#
-# Args:
-#  $1 - The parameter name.
-#  $2 - The new value of the parameter.
-#
-# Notes:
-#  If the parameter name is "vid", the value of the "vid" option is read from
-#  the appropriate section (based on the value of the "device" option in the
-#  "network.wan" section). Otherwise, the value of the parameter is read from
-#  the "network.wan" section.
-#
-#  If the parameter name is "vid", it is checked if the value is 0, 1 or empty.
-#  If so, it does not create a new vlan interface. Otherwise, it creates a new
-#  vlan interface with the given vid.
-setValue() {
-    local paramName="${1}"
-    local paramValue="${2}"
-    local default_gw_interface=""
-    network_find_wan default_gw_interface
-    if [ -z "${default_gw_interface}" ]; then
-        default_gw_interface=wan
-    fi
-    case "$paramName" in
-    "vid")
-        set_wan_param "vid" "$paramValue"
-        ;;
-    "username")
-        set_wan_param "username" "$paramValue"
-        ;;
-    "password")
-		set_wan_param "password" "$paramValue"
-        ;;
-    "mtu")
-		set_wan_param "mtu" "$paramValue"
-        ;;
-     "proto")
-		set_wan_param "proto" "${paramValue}"
-        touch /tmp/netmode_changed
-        ;;
-    *)
-        ;;
-    esac
-}
-
-case "$1" in
-list)
-    json_init
-    json_add_object "status"
-    json_close_object
-    json_add_object "get"
-    json_add_string "param" ""
-    json_close_object
-    json_add_object "set"
-    json_add_string "param" ""
-    json_close_object
-    json_dump
-
-    ;;
-call)
-    case "$2" in
-    status)
-        network_find_wan default_gw_interface
-        wan_json="$(ubus call network.interface."${default_gw_interface}" status)"
-        ipaddr="$(echo "$wan_json" | jsonfilter -e '@["ipv4-address"][0].address')"
-        netmask="$(echo "$wan_json" | jsonfilter -e '@["ipv4-address"][0].mask')"
-        gateway="$(echo "$wan_json" | jsonfilter -e '@["route"][0].nexthop')"
-        if [ -n "$netmask" ]; then
-            netmask=$(cidr_to_netmask "$netmask")
-        fi
-        json_init
-        json_add_string ipaddr "$ipaddr"
-        json_add_string netmask "$netmask"
-        json_add_string gateway "$gateway"
-        json_dump
-        ;;
-    get)
-        read -r input
-        _param=$(echo "$input" | jsonfilter -e '@.param')
-        value="$(get_wan_value "$_param")"
-
-        json_init
-        json_add_string "$_param" "${value}"
-        json_dump
-        ;;
-
-    set)
-        read -r input
-        _param="$(echo "$input" | jsonfilter -e '@.param')"
-        value="$(echo "$input" | jsonfilter -e '@.value')"
-        logger -t "genexis.wan" "_param: ${_param} value: ${value}"
-        json_init
-        reply="$(set_wan_param "$_param" "$value")"
-        json_add_string "status" "${reply}"
-        json_dump
-        ;;
-    esac
-    ;;
-esac

sulu/sulu-vendorext/files/usr/libexec/rpcd/meshmode

@@ -1,93 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC3043,SC1091
-. /usr/share/libubox/jshn.sh
-. /lib/sulu_functions.sh
-
-init_json
-
-get_netmode() {
-	local _netmode
-	if [ -f "${persistent_file}" ]; then
-		json_init
-		json_load_file "${persistent_file}"
-		if json_select netmode; then
-			json_get_var _netmode current "unknown"
-			json_select ..
-		fi
-	else
-		_netmode="unknown"
-	fi
-
-	case "${_netmode}" in
-	extender | layer2)
-		echo "bridge"
-		;;
-	layer3)
-		echo "router"
-		;;
-	pppoe)
-		echo "pppoe"
-		;;
-	*)
-		ifstatus wan >/dev/null 2>&1 && echo "router" || echo "unknown"
-		;;
-	esac
-}
-
-netmode="$(get_netmode)"
-
-case "$1" in
-list)
-	echo '{ "status" : {}, "change_meshmode" : {"mode":"String"}}'
-	;;
-call)
-	mode=""
-	case "$2" in
-	status)
-		if [ -z "${netmode}" ]; then
-			echo "{\"status\":\"Mode unknown\"}"
-		else
-			echo "{\"mode\":\"${netmode}\"}"
-		fi
-		;;
-	change_meshmode)
-		# Read the JSON object provided for the arguments
-		read -r input
-
-		json_load "${input}"
-
-		json_get_var mode mode
-
-		if [ "${mode}" = "${netmode}" ] && [ "${mode}" != "pppoe" ] && [ ! -f /tmp/netmode_changed ]; then
-			echo '{"status":"no_change"}' && return
-		fi
-
-		if [ "${mode}" = "bridge" ]; then
-			echo '{"status": "ok"}'
-			go_L2
-		elif [ "${mode}" = "router" ]; then
-			echo '{"status": "ok"}'
-			go_L3
-		elif [ "${mode}" = "pppoe" ]; then
-			username="$(get_wan_value "username")"
-			password="$(get_wan_value "password")"
-			vid="$(get_wan_value "vlan_id")"
-			mtu="$(get_wan_value "mtu")"
-
-			enable=0
-			if [ "${vid}" -gt 0 ]; then
-				enable=1
-			fi
-
-			echo '{"status": "ok"}'
-			logger "'${username}' '${password}' '${enable}' '${vid}' '${mtu}'"
-			go_pppoe "${username}" "${password}" "${enable}" "${vid}" "${mtu}"
-		else
-			echo '{"status":"Wrong value"}'
-		fi
-		;;
-	*) ;;
-	esac
-	;;
-*) ;;
-esac