map-controller: 4.7.0.0

Added a ubus method `bbf.secure` which allows encoding/decoding of values using sha512 hash or with a RSA private/public key pair

bbfdm/Config_bbfdm.in

@@ -6,6 +6,10 @@ config BBF_VENDOR_PREFIX
 	string "Vendor Prefix"
 	default "X_IOPSYS_EU_"
 
+config BBF_OBFUSCATION_KEY
+	string "Obfuscation key"
+	default "371d530c95a17d1ca223a29b7a6cdc97e1135c1e0959b51106cca91a0b148b5e42742d372a359760742803f2a44bd88fca67ccdcfaeed26d02ce3b6049cb1e04"
+
 config BBF_TR143
 	bool "Enable TR-143 Data Model Support"
 	default y

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.6.5
+PKG_VERSION:=1.7.20
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=52c40d635bc9ede892440437e84c455684432b78
+PKG_SOURCE_VERSION:=2b62491910498d68055891b552c6d7078ce2dbc7
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -94,6 +94,11 @@ endif
 define Package/libbbfdm-api/install
 	$(INSTALL_DIR) $(1)/lib
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm-api/libbbfdm-api.so $(1)/lib/
+	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
+	$(CP) $(PKG_BUILD_DIR)/libbbfdm-api/scripts/bbf.secure $(1)/usr/libexec/rpcd/bbf.secure
+	$(INSTALL_DIR) $(1)/etc/bbfdm
+	echo "$(CONFIG_BBF_OBFUSCATION_KEY)" > $(1)/etc/bbfdm/.secure_hash
+	$(INSTALL_DIR) $(1)/etc/bbfdm/certificates
 endef
 
 define Package/libbbfdm/install
@@ -107,6 +112,8 @@ define Package/libbbfdm/install
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-portmap-firewall $(1)/etc/uci-defaults/95-portmap-firewall
 	$(INSTALL_BIN) ./files/etc/uci-defaults/97-firewall-service $(1)/etc/uci-defaults/97-firewall-service
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-link-core-plugins $(1)/etc/uci-defaults/99-link-core-plugins
+	$(INSTALL_BIN) ./files/etc/uci-defaults/90-remove-nonexisting-microservices $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/91-fix-bbfdmd-enabled-option $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/firewall.portmap $(1)/etc/firewall.portmap
 	$(INSTALL_BIN) ./files/etc/firewall.service $(1)/etc/firewall.service
 ifeq ($(findstring iopsys,$(CONFIG_BBF_VENDOR_LIST)),iopsys)

bbfdm/README.md

@@ -0,0 +1,114 @@
+# BBFDM configuration options and utilities
+
+bbfdm provides few compile time configuration options and compile time help utility called [bbfdm.mk](./bbfdm.mk), this document aimed to explain the available usages and best practices.
+
+## Compilation options
+
+|  Configuration option    | Description   | Default Value |
+| -----------------------  | ------------- | ----------- |
+| CONFIG_BBF_VENDOR_LIST   | List of vendor extension directories | iopsys        |
+| CONFIG_BBF_VENDOR_PREFIX | Prefix for Vendor extension datamodel objects/parameters | X_IOPSYS_EU_  |
+| CONFIG_BBF_TR143         | Enable/Add TR-143 Data Model Support | y             |
+| CONFIG_BBF_TR471         | Enable/Add TR-471 Data Model Support | y             |
+| CONFIG_BBF_MAX_OBJECT_INSTANCES | Maximum number of instances per object | 255    |
+| BBF_OBFUSCATION_KEY      | Hash used to encode/decode in `bbf.secure` object | 371d530c95a17d1ca223a29b7a6cdc97e1135c1e0959b51106cca91a0b148b5e42742d372a359760742803f2a44bd88fca67ccdcfaeed26d02ce3b6049cb1e04 |
+
+
+#### BBF_OBFUSCATION_KEY
+
+`bbfdm` provides an ubus object called `bbf.secure` to allow encoding/decoding the values, `bbf.secure` currently support following methods internally to encode/decode
+
+  - Encode/Decode using a predefined SHA512 Hash key
+  - Encode/Decode using a private/public RSA key pair
+
+The `BBF_OBFUSCATION_KEY` compile time configuration option used to defined the SHA512 HASH, if this option is undefined, then it usages a default value as mention in the above table.
+
+User must override this parameter with their own hash value, to generate a hash user can run below command and copy the hash value to this option.
+
+ex: User wants to use 'Sup3rS3cur3Passw0rd' as passkey, then can get the SHA512 sum with
+
+```bash
+$ echo -n "Sup3rS3cur3Passw0rd" | sha512sum
+371d530c95a17d1ca223a29b7a6cdc97e1135c1e0959b51106cca91a0b148b5e42742d372a359760742803f2a44bd88fca67ccdcfaeed26d02ce3b6049cb1e04  -
+```
+
+> Note: Additionally, user can install RSA private key in '/etc/bbfdm/certificates/private_key.pem' path, if private key is present `bbf.secure` shall use rsa private certificate for encrypt/decrypt function. In case of key not present in the pre-defined path, hash will be used for the same.
+
+## Helper utility (bbfdm.mk)
+
+bbfdm provides a helper utility [bbfdm.mk](./bbfdm.mk) to install datamodel plugins in bbfdm core or in microservice directory.
+
+### Install datamodel DotSO/JSON plugin in bbfdm core
+
+Utility to install the DotSO/JSON plugin in bbfdm core plugin path
+
+```bash
+# inputs:
+#  $1 => package install directory
+#  $2 => Plugin artifact
+```
+
+Example:
+
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/CWMPManagementServer.json)
+endef
+```
+
+### Install datamodel DotSO/JSON plugin in bbfdm core with priority
+
+Its now possible to overwrite/remove core datamodel with plugin, so, if some datamodel objects/parameters are present in more than one plugin, order in which they loaded into memory becomes crucial, this Utility help to configure a priority order in which they gets loaded in memory.
+
+```bash
+# inputs:
+#  $1 => package install directory
+#  $2 => Priority of the installed plugin
+#  $3 => Plugin artifact
+```
+
+Example:
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallPluginWithPriority,$(1),01,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+endef
+```
+
+> Note: Last loaded plugin gets the highest priority
+
+### Install plugin into micro-service directory
+
+Utility to install the plugin in datamodel microservice directory, ex. user wants to run a datamodel micro-service, it required to install the DotSO/JSON plugin into a non bbf core directory, this utility helps in installing the DotSO/JSON plugin in mentioned directory.
+
+```bash
+# inputs:
+#  $1 => package install directory with micro-service directory
+#  $2 => Plugin artifact
+```
+
+Example:
+
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/bulkdata,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+endef
+```
+
+### Install datamodel micro-service input file
+
+Utility to install the datamodel plugin input file into the bbfdm micro-service directory, so that bbfdm auto start the datamodel micro-service before main bbfdm process.
+
+```bash
+# inputs:
+#  $1 => package install directory
+#  $2 => Microservice input.json path
+```
+
+Example:
+
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bulkdata/input.json)
+endef
+```
+

bbfdm/bbfdm.mk

@@ -2,8 +2,56 @@
 # Copyright (C) 2023 IOPSYS
 #
 
-
+# Utility to install the plugin in bbfdm core path
+# inputs:
+#  $1 => package install directory
+#  $2 => Plugin artifact
+#
+# Example:
+#  $(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/CWMPManagementServer.json)
+#
 define BbfdmInstallPlugin
 	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
 	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/plugins/
 endef
+
+# Utility to install the plugin in bbfdm core path with priority
+# inputs:
+#  $1 => package install directory
+#  $2 => Priority of the installed plugin
+#  $3 => Plugin artifact
+#
+# Example:
+#   $(call BbfdmInstallPluginWithPriority,$(1),01,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+#
+define BbfdmInstallPluginWithPriority
+	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
+	$(INSTALL_DATA) $(3) $(1)/etc/bbfdm/plugins/$(2)_$(shell basename ${3})
+endef
+
+# Utility to install the plugin in datamodel microservice directory
+# inputs:
+#  $1 => package install directory with micro-service directory
+#  $2 => Plugin artifact
+#
+# Example:
+#  $(call BbfdmInstallPluginInMicroservice,$(1)/etc/bulkdata,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+#
+define BbfdmInstallPluginInMicroservice
+	$(INSTALL_DIR) $(1)
+	$(INSTALL_DATA) $(2) $(1)/
+endef
+
+# Utility to install the datamodel plugin input file
+# inputs:
+#  $1 => package install directory
+#  $2 => Microservice input.json path
+#
+# Example:
+#  $(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bulkdata/input.json)
+#
+define BbfdmInstallMicroServiceInputFile
+	$(INSTALL_DIR) $(1)/etc/bbfdm/micro_services
+	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/micro_services/$(PKG_NAME).json
+endef
+

bbfdm/files/etc/bbfdm/bbfdm_services.sh

@@ -14,6 +14,7 @@ bbfdm_add_service()
 	fi
 
 	ubus call service add "{'name':'bbfdm.services','instances':{'$name':{'command':['$BBFDMD','-m','$path']}}}"
+	echo "Use of bbfdm_add_service deprecated, please use bbfdm micro_service uci"
 }
 
 bbfdm_stop_service()

bbfdm/files/etc/config/bbfdm

@@ -1,8 +1,11 @@
-
 config bbfdmd 'bbfdmd'
-	option enabled '1'
+	option enable '1'
 	option loglevel '1'
-	option refresh_time '10'
+	option refresh_time '120'
 	option transaction_timeout '30'
 	option subprocess_level '2'
 
+config micro_services 'micro_services'
+	option enable '1'
+	option enable_core '0'
+	option enable_respawn '1'

bbfdm/files/etc/init.d/bbfdmd

@@ -7,7 +7,10 @@ USE_PROCD=1
 PROG=/usr/sbin/bbfdmd
 
 BBFDM_JSON_INPUT="/etc/bbfdm/input.json"
-BBFDM_TEMP_JSON="/tmp/bbfdm/input.json"
+BBFDM_MICROSERVICE_DIR="/etc/bbfdm/micro_services"
+BBFDM_TEMP_DIR="/tmp/bbfdm"
+
+. /usr/share/libubox/jshn.sh
 
 log() {
 	echo "${@}"|logger -t bbfdmd.init -p info
@@ -16,7 +19,7 @@ log() {
 validate_bbfdm_bbfdmd_section()
 {
 	uci_validate_section bbfdm bbfdmd "bbfdmd" \
-		'enabled:bool:true' \
+		'enable:bool:true' \
 		'sock:string' \
 		'debug:bool:false' \
 		'loglevel:uinteger:1' \
@@ -25,22 +28,106 @@ validate_bbfdm_bbfdmd_section()
 		'subprocess_level:uinteger'
 }
 
+validate_bbfdm_micro_service_section()
+{
+	uci_validate_section bbfdm micro_services "micro_services" \
+		'enable:bool:true' \
+		'enable_core:bool:false' \
+		'enable_respawn:bool:true'
+}
+
+bbfdm_add_micro_service()
+{
+	local name path cmd
+	local enable enable_core enable_respawn
+
+	validate_bbfdm_micro_service_section || {
+		log "Validation of micro_service section failed"
+		return 1;
+	}
+
+	[ "${enable}" -eq "0" ] && return 0
+
+	path="${1}"
+	name="$(basename ${path})"
+	name="${name//.json}"
+
+	json_init
+	json_add_string name "bbfdm.services"
+	json_add_object "instances"
+		json_add_object "${name}"
+			json_add_array "command"
+				json_add_string "" "${PROG}"
+				json_add_string "" "-m"
+				json_add_string "" "${path}"
+			json_close_array
+
+			if [ "${enable_core}" -eq "1" ]; then
+				json_add_object "limits"
+					json_add_string "core" "unlimited"
+				json_close_object
+				json_add_boolean "stdout" 1
+				json_add_boolean "stderr" 1
+			fi
+
+			if [ "${enable_respawn}" -eq "1" ]; then
+				json_add_array "respawn"
+					json_add_string "" "3600"
+					json_add_string "" "5"
+					json_add_string "" "5"
+				json_close_array
+			fi
+		json_close_object
+	json_close_object
+
+	cmd="$(json_dump)"
+	ubus call service add "${cmd}"
+}
+
+_add_microservice()
+{
+	local enable loglevel input_json name
+
+	name="${1}"
+	input_json="$(jq -r '.daemon.input.name' ${name})"
+
+	if [ -f "${input_json}" ]; then
+		bbfdm_add_micro_service "${name}"
+	else
+		log "Input json [${input_json}] does not defined/present"
+	fi
+
+}
+
+configure_bbfdm_micro_services()
+{
+	if [ -d "${BBFDM_MICROSERVICE_DIR}" ]; then
+		FILES="$(ls -1 ${BBFDM_MICROSERVICE_DIR}/*.json)"
+
+		for service in $FILES;
+		do
+			[ -e "$service" ] || continue
+			_add_microservice $service
+		done
+	fi
+	ubus call service state '{"name":"bbfdm.services", "spawn":true}'
+}
+
 configure_bbfdmd()
 {
-	local enabled debug sock update
+	local enable debug sock
 	local jlog jrefresh jtimeout jlevel
 
-	update=0
 	config_load bbfdm
 	validate_bbfdm_bbfdmd_section || {
 		log "Validation of bbfdmd section failed"
 		return 1;
 	}
 
-	[ "${enabled}" -eq 0 ] && return 0
+	[ "${enable}" -eq 0 ] && return 0
 
 	if [ -f "${BBFDM_JSON_INPUT}" ]; then
-		echo "$(jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' ${BBFDM_JSON_INPUT})" > ${BBFDM_TEMP_JSON}
+		echo "$(jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' ${BBFDM_JSON_INPUT})" > "${BBFDM_TEMP_DIR}/input.json"
 	fi
 
 	procd_set_param command ${PROG}
@@ -56,18 +143,19 @@ configure_bbfdmd()
 
 start_service()
 {
-	mkdir -p /tmp/bbfdm
+	mkdir -p ${BBFDM_TEMP_DIR}
+
+	configure_bbfdm_micro_services
+
 	procd_open_instance "bbfdm"
 	configure_bbfdmd
 	procd_set_param respawn
 	procd_close_instance "bbfdm"
-
-	ubus call service state '{"name":"bbfdm.services", "spawn":true}'
 }
 
 stop_service()
 {
-	ubus call service state '{"name":"bbfdm.services", "spawn":false}'
+	ubus call service delete '{"name":"bbfdm.services"}'
 }
 
 service_triggers()

bbfdm/files/etc/uci-defaults/90-remove-nonexisting-microservices

@@ -0,0 +1,18 @@
+#!/bin/sh
+. /lib/functions.sh
+
+remove_nonexisting_microservice() {
+	local input_json
+
+	config_get input_json "$1" input_json ""
+
+	if [ -z "${input_json}" ]; then
+		uci_remove bbfdm "${1}"
+	fi
+}
+
+config_load bbfdm
+config_foreach remove_nonexisting_microservice "micro_service"
+
+exit 0
+

bbfdm/files/etc/uci-defaults/91-fix-bbfdmd-enabled-option

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# rename bbfdmd enabled option to enable
+val="$(uci -q get bbfdm.bbfdmd.enabled)"
+if [ -n "${val}" ]; then
+	uci -q set bbfdm.bbfdmd.enabled=""
+	uci -q set bbfdm.bbfdmd.enable="${val}"
+fi
+
+exit 0
+

bulkdata/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.5
+PKG_VERSION:=2.1.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=f03fb8682aa7efe760294e54c422f2eab856e08c
+PKG_SOURCE_VERSION:=e472e90feec31d9f318ea8c732ab564002e25db1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -22,6 +22,7 @@ PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 
 define Package/$(PKG_NAME)
   SECTION:=utils
@@ -43,10 +44,16 @@ endif
 
 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bulkdatad $(1)/usr/sbin/	
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/bulkdata
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bbf_plugin/*.json $(1)/etc/bulkdata
-	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bulkdatad $(1)/usr/sbin/
+	$(INSTALL_DATA) ./files/etc/config/bulkdata $(1)/etc/config/
+	$(INSTALL_DATA) ./files/etc/init.d/bulkdatad $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-bulkdata-translation-options $(1)/etc/uci-defaults/
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/bulkdata,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bulkdata/input.json)
 endef
 
 $(eval $(call BuildPackage,$(PKG_NAME)))

bulkdata/files/etc/bulkdata/input.json

@@ -1,15 +1,17 @@
 {
 	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
 		"input": {
 			"type": "JSON",
 			"name": "/etc/bulkdata/bulkdata.json"
 		},
 		"output": {
 			"type": "UBUS",
-			"name": "bbfdm.bulkdata",
 			"parent_dm": "Device.",
 			"object": "BulkData",
 			"root_obj": "bbfdm"
 		}
 	}
-}
+}

bulkdata/files/etc/init.d/bulkdatad

@@ -3,11 +3,8 @@
 START=60
 STOP=10
 
-. /etc/bbfdm/bbfdm_services.sh
-
 USE_PROCD=1
 PROG="/usr/sbin/bulkdatad"
-BULKDATA_JSON_INPUT="/etc/bulkdata/input.json"
 
 start_service() {
 	local enable
@@ -21,8 +18,6 @@ start_service() {
 		procd_set_param respawn
 		procd_close_instance "bulkdata"
 	}
-
-	bbfdm_add_service "bbfdm.bulkdata" "${BULKDATA_JSON_INPUT}"
 }
 
 reload_service() {

csmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=csmngr
-PKG_VERSION:=0.0.2
+PKG_VERSION:=0.0.5
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=2b743136cebf2bd0ae946a0b5912eaffca9c453f
+PKG_SOURCE_VERSION:=dcdaba75b85bf8758c34d3ae4a1be0ba09359331
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/csmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ddnsmngr/Config.in

@@ -0,0 +1,16 @@
+if PACKAGE_ddnsmngr
+choice
+	prompt "Select backend for dynamic DNS management"
+	default DDNSMNGR_BACKEND_DDNSSCRIPT
+	depends on PACKAGE_ddnsmngr
+	help
+		Select which package to use for dynamic DNS support
+
+config DDNSMNGR_BACKEND_DDNSSCRIPT
+	bool "Use ddns_script"
+
+config DDNSMNGR_BACKEND_INADYN
+	bool "Use inadyn"
+
+endchoice
+endif

ddnsmngr/Makefile

@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2024 IOPSYS
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ddnsmngr
+PKG_VERSION:=1.0.3
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ddnsmngr.git
+PKG_SOURCE_VERSION:=d0d37df44644ef2c1a0b11d3a4f92dc694ae1010
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+PKG_CONFIG_DEPENDS:=CONFIG_DDNSMNGR_BACKEND_DDNSSCRIPT CONFIG_DDNSMNGR_BACKEND_INADYN
+
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
+
+define Package/$(PKG_NAME)
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=TRx69
+  TITLE:=Dynamic DNS manager
+  DEPENDS:=+libbbfdm-api +DDNSMNGR_BACKEND_DDNSSCRIPT:ddns-scripts +DDNSMNGR_BACKEND_INADYN:inadyn
+  MENU:=1
+endef
+
+define Package/$(PKG_NAME)/config
+	source "$(SOURCE)/Config.in"
+endef
+
+MAKE_PATH:=src
+
+define Package/$(PKG_NAME)/description
+	Manage dynamic DNS updation and provides Device.DynamicDNS. datamodel object based on TR181-2.16
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/ddnsmngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/$(PKG_NAME)/install
+	$(INSTALL_DIR) $(1)/etc/ddnsmngr
+	$(INSTALL_DIR) $(1)/etc/ddnsmngr/ddns
+	$(INSTALL_DIR) $(1)/etc/ddnsmngr/servers
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/lib/ddnsmngr
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/ddnsmngr,$(PKG_BUILD_DIR)/src/libddnsmngr.so)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/ddnsmngr/input.json)
+	$(INSTALL_DATA) ./files/etc/config/ddnsmngr $(1)/etc/config/ddnsmngr
+	$(INSTALL_BIN) ./files/etc/uci-defaults/01-ddns-config-migrate $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/init.d/ddnsmngr $(1)/etc/init.d/ddnsmngr
+ifeq ($(CONFIG_DDNSMNGR_BACKEND_DDNSSCRIPT),y)
+	$(INSTALL_BIN) ./files/usr/lib/ddns_script/ddnsmngr_service.sh $(1)/usr/lib/ddnsmngr/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns-script/usr/lib/ddnsmngr/ddnsmngr_updater.sh $(1)/usr/lib/ddnsmngr/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/files/ddns-script/server/* $(1)/etc/ddnsmngr/servers
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns-script/usr/libexec/rpcd/ddnsmngr $(1)/usr/libexec/rpcd/ddnsmngr
+endif
+ifeq ($(CONFIG_DDNSMNGR_BACKEND_INADYN),y)
+	$(INSTALL_BIN) ./files/usr/lib/inadyn/ddnsmngr_service.sh $(1)/usr/lib/ddnsmngr/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/files/inadyn/server/* $(1)/etc/ddnsmngr/servers
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/inadyn/usr/libexec/rpcd/ddnsmngr $(1)/usr/libexec/rpcd/ddnsmngr
+endif
+endef
+
+
+$(eval $(call BuildPackage,$(PKG_NAME)))

ddnsmngr/files/etc/config/ddnsmngr

@@ -0,0 +1,23 @@
+config ddnsmngr 'global'
+	option configfile '/var/run/ddnsmngr/ddnsmngr.json'
+	option ddns_dateformat '%F %R'
+	option ddns_rundir '/var/run/ddnsmngr'
+	option ddns_logdir '/var/log/ddnsmngr'
+	option ddns_loglines '250'
+	option upd_privateip '0'
+	option use_curl '1'
+
+config server 'ddns_server_1'
+	option enabled '1'
+	option service 'dynu.com'
+	option name 'dynu.com'
+
+config server 'ddns_server_2'
+	option enabled '1'
+	option service 'dyndns.org'
+	option name 'dyndns.org'
+
+config server 'ddns_server_3'
+	option enabled '1'
+	option service 'zoneedit.com'
+	option name 'zoneedit.com'

ddnsmngr/files/etc/ddnsmngr/input.json

@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/ddnsmngr/libddnsmngr.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"object": "DynamicDNS",
+			"root_obj": "bbfdm"
+		}
+	}
+}

ddnsmngr/files/etc/init.d/ddnsmngr

@@ -0,0 +1,26 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+STOP=10
+USE_PROCD=1
+
+. /usr/lib/ddnsmngr/ddnsmngr_service.sh
+
+start_service() {
+	start_ddnsmngr_service
+}
+
+stop_service() {
+	stop_ddnsmngr_service
+}
+
+reload_service() {
+	stop
+	sleep 1
+	start
+}
+
+service_triggers() {
+	procd_add_reload_trigger ddnsmngr
+	add_ddnsmngr_triggers
+}

ddnsmngr/files/etc/uci-defaults/01-ddns-config-migrate

@@ -0,0 +1,170 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+cl_id=1
+srv_id=1
+
+function get_ddns_config_option() {
+	local val
+
+	val="$(uci -q get ddns.${1}.${2})"
+
+	if [ -z "${val}" ] && [ -n "${3}" ]; then
+		val="${3}"
+	fi
+
+	echo "${val}"
+}
+
+function config_supported_service() {
+	if ! uci -q get ddnsmngr.global >/dev/null 2>&1; then
+		uci -q set ddnsmngr.global="ddnsmngr"
+	fi
+
+	servers=""
+
+	for i in $(find /etc/ddnsmngr/servers/ -name '*.json' | cut -d'/' -f 5 | sed "s/.json//")
+	do
+		if [ -z "${servers}" ]; then
+			servers="${i}"
+		else
+			servers="${servers},${i}"
+		fi
+	done
+
+	uci -q set ddnsmngr.global.supported_services="${servers}"
+}
+
+function migrate_service_section() {
+	client_sec=""
+	enabled="$(get_ddns_config_option ${1} enabled "0")"
+	service_name="$(get_ddns_config_option ${1} service_name)"
+	interface="$(get_ddns_config_option ${1} interface)"
+	ip_network="$(get_ddns_config_option ${1} ip_network)"
+	username="$(get_ddns_config_option ${1} username)"
+	password="$(get_ddns_config_option ${1} password)"
+	lookup_host="$(get_ddns_config_option ${1} lookup_host)"
+	use_ipv6="$(get_ddns_config_option ${1} use_ipv6 "0")"
+	force_ipversion="$(get_ddns_config_option ${1} force_ipversion "0")"
+	use_https="$(get_ddns_config_option ${1} use_https "0")"
+	force_dnstcp="$(get_ddns_config_option ${1} force_dnstcp "0")"
+
+	if [ -z "${service_name}" ]; then
+		uci -q delete ddns."${1}"
+		return 0
+	fi
+
+	# check server file is present in device
+	if [ ! -f "/etc/ddnsmngr/servers/${service_name}.json" ]; then
+		uci -q delete ddns."${1}"
+		return 0
+	fi
+
+	# Check if client section is already added for this service
+	clients=$(uci -q show ddnsmngr | grep "=client")
+	client_count=$(echo "${clients}" | wc -l)
+
+	tmp=0
+	while [ $tmp -lt $client_count ]
+	do
+		mngr_serv="$(uci -q get ddnsmngr.@client[$tmp].service_name)"
+		mngr_intf="$(uci -q get ddnsmngr.@client[$tmp].interface)"
+		mngr_netw="$(uci -q get ddnsmngr.@client[$tmp].ip_network)"
+		mngr_user="$(uci -q get ddnsmngr.@client[$tmp].username)"
+		mngr_ipv6="$(uci -q get ddnsmngr.@client[$tmp].use_ipv6)"
+		mngr_forceip="$(uci -q get ddnsmngr.@client[$tmp].force_ipversion)"
+		mngr_https="$(uci -q get ddnsmngr.@client[$tmp].use_https)"
+		mngr_dnstcp="$(uci -q get ddnsmngr.@client[$tmp].force_dnstcp)"
+
+		[ -z "${mngr_ipv6}" ] && mngr_ipv6="0"
+		[ -z "${mngr_forceip}" ] && mngr_forceip="0"
+		[ -z "${mngr_https}" ] && mngr_https="0"
+		[ -z "${mngr_dnstcp}" ] && mngr_dnstcp="0"
+
+		if [ "${mngr_serv}" == "${service_name}" ] && [ "${mngr_intf}" == "${interface}" ] && \
+		   [ "${mngr_netw}" == "${ip_network}" ] && [ "${mngr_user}" == "${username}" ] && \
+		   [ "${mngr_ipv6}" == "${use_ipv6}" ] && [ "${mngr_forceip}" == "${force_ipversion}" ] && \
+		   [ "${mngr_https}" == "${use_https}" ] && [ "${mngr_dnstcp}" == "${force_dnstcp}" ]; then
+			break
+		fi
+
+		tmp=$(( tmp + 1 ))
+	done
+
+	if [ $tmp -ne $client_count ]; then
+		i=0
+		for client in $clients; do
+			if [ $i -eq $tmp ]; then
+				client_sec="$(echo $client | cut -d'=' -f 1 | cut -d'.' -f 2)"
+				break
+			fi
+			i=$(( i + 1 ))
+		done
+
+		if [ $enabled -eq 1 ]; then
+			uci -q set ddnsmngr."${client_sec}".enabled="1"
+		fi
+	else
+		client_sec=ddns_mig_client_"${cl_id}"
+
+		uci -q set ddnsmngr."${client_sec}"="client"
+		uci -q set ddnsmngr."${client_sec}".enabled="${enabled}"
+		uci -q set ddnsmngr."${client_sec}".service_name="${service_name}"
+		uci -q set ddnsmngr."${client_sec}".interface="${interface}"
+		uci -q set ddnsmngr."${client_sec}".ip_network="${ip_network}"
+		uci -q set ddnsmngr."${client_sec}".username="${username}"
+		uci -q set ddnsmngr."${client_sec}".password="${password}"
+		uci -q set ddnsmngr."${client_sec}".use_ipv6="${use_ipv6}"
+		uci -q set ddnsmngr."${client_sec}".force_ipversion="${force_ipversion}"
+		uci -q set ddnsmngr."${client_sec}".use_https="${use_https}"
+		uci -q set ddnsmngr."${client_sec}".force_dnstcp="${force_dnstcp}"
+
+		cl_id=$(( cl_id + 1 ))
+
+		# add server section if not added
+		servers=$(uci -q show ddnsmngr | grep "service=\'${service_name}\'")
+		if [ -z "${servers}" ]; then
+			server_sec=ddns_mig_server_"${srv_id}"
+			uci -q set ddnsmngr."${server_sec}"="server"
+			uci -q set ddnsmngr."${server_sec}".enabled="1"
+			uci -q set ddnsmngr."${server_sec}".service="${service_name}"
+			uci -q set ddnsmngr."${server_sec}".name="${service_name}"
+
+			srv_id=$(( srv_id + 1 ))
+		fi
+	fi
+
+
+	# if lookup_host is set then add host section
+	if [ -n "${lookup_host}" ] && [ -n "${client_sec}" ]; then
+		# check number of hosts present for this client
+		host_count=$(uci -q show ddnsmngr | grep "dm_parent=\'${client_sec}\'" | wc -l)
+		host_ix=$(( host_count + 1 ))
+		host_sec="${client_sec}"_host_"${host_ix}"
+
+		uci -q set ddnsmngr."${host_sec}"="host"
+		uci -q set ddnsmngr."${host_sec}".enabled="${enabled}"
+		uci -q set ddnsmngr."${host_sec}".lookup_host="${lookup_host}"
+		uci -q set ddnsmngr."${host_sec}".dm_parent="${client_sec}"
+	fi
+
+	uci -q delete ddns."${1}"
+}
+
+function migrate_ddns_config() {
+	if [ ! -f "/etc/config/ddnsmngr" ]; then
+		# Create ddnsmngr config file
+		touch /etc/config/ddnsmngr
+	fi
+
+	config_supported_service
+
+	config_load ddns
+	config_foreach migrate_service_section service
+
+	uci -q commit ddns
+	uci -q commit ddnsmngr
+}
+
+migrate_ddns_config

ddnsmngr/files/usr/lib/ddns_script/ddnsmngr_service.sh

@@ -0,0 +1,169 @@
+#! /bin/sh
+
+RUNDIR="/var/run/ddnsmngr"
+LOGDIR="/var/log/ddnsmngr"
+PROG="/usr/lib/ddnsmngr/ddnsmngr_updater.sh"
+CONFIGFILE="/var/run/ddnsmngr/ddnsmngr.json"
+CLIENT_INTFS=""
+
+. /usr/share/libubox/jshn.sh
+
+log() {
+	echo "$*"|logger -t ddnsmngr.init -p debug
+}
+
+validate_host_section() {
+	uci_validate_section ddnsmngr host "${1}" \
+		'enabled:bool:0' \
+		'lookup_host:string' \
+		'dm_parent:string'
+}
+
+validate_client_section() {
+	uci_validate_section ddnsmngr client "${1}" \
+		'enabled:bool:0' \
+		'service_name:string' \
+		'interface:string' \
+		'ip_network:string' \
+		'username:string' \
+		'password:string' \
+		'use_https:bool:0' \
+		'force_dnstcp:bool:0' \
+		'use_ipv6:bool:0' \
+		'force_ipversion:bool:0'
+}
+
+add_object() {
+	local enabled lookup_host dm_parent use_ipv6 force_ipversion proc_info_file
+	local service_name interface ip_network username password use_https force_dnstcp
+
+	validate_host_section "${1}" || {
+		log "Validation of host section failed"
+		return 0
+	}
+
+	if [ "${enabled}" -ne 1 ] || [ -z "${dm_parent}" ]; then
+		return 0
+	fi
+
+	validate_client_section "${dm_parent}" || {
+		log "Validation of client section failed"
+		return 0 
+	}
+
+	if [ "${enabled}" -ne 1 ]; then
+		return 0
+	fi
+
+	service_name=$(uci -q get ddnsmngr.${dm_parent}.service_name)
+	if [ -z "${service_name}" ]; then
+		return 0
+	fi
+
+	service_section=$(uci -q show ddnsmngr | grep "service=\'${service_name}\'" | cut -d'.' -f 2 | head -1)
+	if [ -z "${service_section}" ]; then
+		return 0
+	fi
+
+	service_enabled=$(uci -q get ddnsmngr.${service_section}.enabled)
+	if [ "${service_enabled}" -ne 1 ]; then
+		return 0
+	fi
+
+	json_add_object
+	json_add_string "interface" "${interface}"
+	json_add_string "service_name" "${service_name}"
+	json_add_string "username" "${username}"
+	json_add_string "password" "${password}"
+	json_add_string "lookup_host" "${lookup_host}"
+	json_add_string "ip_network" "${ip_network}"
+	json_add_string "proc_info_file" "${1}"
+	json_add_string "use_ipv6" "${use_ipv6}"
+	json_add_string "force_ipversion" "${force_ipversion}"
+	json_add_string "use_https" "${use_https}"
+	json_add_string "force_dnstcp" "${force_dnstcp}"
+	json_close_object
+
+	if [ -z "${interface}" ]; then
+		if [ "${use_ipv6}" -eq 0 ]; then
+			interface="wan"
+		else
+			interface="wan6"
+		fi
+	fi
+
+	for intf in $CLIENT_INTFS; do
+		if [ "${intf}" == "${interface}" ]; then
+			return 0
+		fi
+	done
+
+	CLIENT_INTFS="${CLIENT_INTFS} ${interface}"
+}
+
+start_ddnsmngr_service() {
+	run_dir=$(uci -q get ddnsmngr.global.ddns_rundir)
+	log_dir=$(uci -q get ddnsmngr.global.ddns_logdir)
+
+	if [ -n "${run_dir}" ]; then
+		RUNDIR="${run_dir}"
+	fi
+
+	if [ -n "${log_dir}" ]; then
+		LOGDIR="${log_dir}"
+	fi
+
+	mkdir -p "${RUNDIR}"
+	mkdir -p "${LOGDIR}"
+
+	conf_file=$(uci -q get ddnsmngr.global.configfile)
+	if [ -n "${conf_file}" ]; then
+		CONFIGFILE="${conf_file}"
+	fi
+
+	touch "${CONFIGFILE}"
+
+	if [ ! -f "${CONFIGFILE}" ]; then
+		log "Can not create ${CONFIGFILE}, exit"
+		exit 0
+	fi
+
+	json_init
+	json_add_array "services"
+
+	config_load ddnsmngr
+	config_foreach add_object host
+
+	json_close_array
+	json_dump > "${CONFIGFILE}"
+
+	procd_open_instance ddnsmngr
+	procd_set_param command "$PROG"
+	procd_append_param command -c "${CONFIGFILE}"
+	procd_append_param command -- start
+	procd_close_instance
+}
+
+stop_ddnsmngr_service() {
+	conf_file=$(uci -q get ddnsmngr.global.configfile)
+	if [ -n "${conf_file}" ]; then
+		CONFIGFILE="${conf_file}"
+	fi
+
+	if [ ! -f "${CONFIGFILE}" ]; then
+		log "${CONFIGFILE} not found, can't stop services if running any"
+	fi
+
+	"$PROG" -c "${CONFIGFILE}" -- stop
+	return 0
+}
+
+add_ddnsmngr_triggers() {
+	procd_open_trigger
+	for intf in $CLIENT_INTFS; do
+		# No need to handle other ifevents like ifupdate etc
+		procd_add_interface_trigger "interface.*.up" $intf /etc/init.d/ddnsmngr restart
+		procd_add_interface_trigger "interface.*.down" $intf /etc/init.d/ddnsmngr restart
+	done
+	procd_close_trigger
+}

ddnsmngr/files/usr/lib/inadyn/ddnsmngr_service.sh

@@ -0,0 +1,311 @@
+#!/bin/sh
+
+PROG="/usr/sbin/inadyn"
+CONFIGPATH="/tmp/inadyn_config"
+PIDPATH="/etc/inadyn_pid"
+CLIENT_INTFS=""
+CONFIG_FILES=""
+SERVER_PATH="/etc/ddnsmngr/servers"
+
+FORMAT="custom [SECTION] {\n\tusername\t= [USER]\n\tpassword\t= [PWD]\n\tddns-server\t= [SERV]\n\tddns-path\t= [URI]\n\tssl\t\t= [SSL]\n\thostname\t= [NAME]\n\tcheckip-command\t= [CMD]\n\tddns-response\t= [RESPONSES]\n}"
+
+
+. /usr/share/libubox/jshn.sh
+
+log() {
+	echo "$*"|logger -t ddnsmngr.init -p debug
+}
+
+get_service_data() {
+	local provider="$1"
+	shift
+	local dir="$1"
+	shift
+	local ipv6="$1"
+	shift
+
+	local name data url answer script
+
+	[ $# -ne 2 ] && {
+		return 1
+	}
+
+	[ -f "${dir}/${provider}.json" ] || {
+		eval "$1=\"\""
+		eval "$2=\"\""
+		return 1
+	}
+
+	json_load_file "${dir}/${provider}.json"
+	json_get_var name "name"
+	if [ "$ipv6" -eq "1" ]; then
+		json_select "ipv6"
+	else
+		json_select "ipv4"
+	fi
+	json_get_var data "url"
+	json_get_var answer "answer"
+	json_select ".."
+	json_cleanup
+
+	response=""
+	if [ -n "${answer}" ]; then
+		answer=$(echo "${answer}" | sed 's/|/ /g')
+		for ans in $answer; do
+			if [ -z "${response}" ]; then
+				response="${ans}"
+			else
+				response="${response}, ${ans}"
+			fi
+		done
+		response="{ ${response} }"
+	fi
+
+	eval "$1=\"$data\""
+	eval "$2=\"$response\""
+
+	return 0
+}
+
+generate_inadyn_config() {
+	json_load "${1}"
+	json_get_var service_name service_name
+	json_get_var use_ipv6 use_ipv6
+	json_get_var interface interface
+	json_get_var username username
+	json_get_var password password
+	json_get_var host lookup_host
+	json_get_var conf_file config_file
+	json_get_var conf_dir config_dir
+	json_get_var server_address server_address
+	json_cleanup
+
+	if [ -z "${service_name}" ] || [ -z "${host}" ]; then
+		return 1
+	fi
+
+	if [ -z "${conf_file}" ]; then
+		return 1
+	fi
+
+	if [ -z "${conf_dir}" ]; then
+		return 1
+	fi
+
+	# First look into custom path to load the url otherwise default path
+	get_service_data "${service_name}" "${SERVER_PATH}" "${use_ipv6}" server_url server_answer
+
+	if [ -z "${server_url}" ]; then
+		return 1
+	fi
+
+	# Need to pick proto, server address and request uri separately from the url
+	# format http://[server_address]/[update_Request_uri]
+	proto=$(echo $server_url | cut -d':' -f 1)
+	serv=$(echo $server_url | cut -d'/' -f 3 | cut -d'@' -f 2)
+	uri=${server_url#*$serv}
+
+	if [ -z $proto ] || [ -z $serv ] || [ -z $uri ]; then
+		return 1
+	fi
+
+	path=$(echo "$uri" | sed 's/&/\\&/g')
+	update_uri=$(echo $path | sed -e "s#\[DOMAIN\]#%h#g"	-e "s#\[PASSWORD\]#%p#g" \
+				      -e "s#\[USERNAME\]#%u#g"	-e "s#\[IP\]#%i#g")
+
+	if [ -z "${interface}" ]; then
+		if [ "${use_ipv6}" -eq 0 ]; then
+			interface="wan"
+		else
+			interface="wan6"
+		fi
+	fi
+
+	# now get the physical interface name
+	intf=$(ifstatus "${interface}" | jsonfilter -e '@.device')
+	if [ -z "${intf}" ]; then
+		return 1
+	fi
+
+	# command to get ip of the interface
+	if [ "${use_ipv6}" -eq 0 ]; then
+		get_ip="\"ifstatus ${interface} | jsonfilter -e '@[\\\\\"ipv4-address\\\\\"][0].address'\""
+	else
+		get_ip="\"ifstatus ${interface} | jsonfilter -e '@[\\\\\"ipv6-address\\\\\"][0].address'\""
+	fi
+
+	if [ "${proto}" = "http" ]; then
+		ssl="false"
+	else
+		ssl="true"
+	fi
+
+	inadyn_ver=$(inadyn -v)
+	user_agent="inadyn/${inadyn_ver}"
+
+	config_file="${conf_dir}/${conf_file}"
+	touch "${config_file}"
+
+	echo "iface = ${intf}" > "${config_file}"
+	echo "period = 600" >> "${config_file}"
+	echo "user-agent = ${user_agent}" >> "${config_file}"
+
+	if [ "${use_ipv6}" -eq 1 ]; then
+		echo "allow-ipv6 = true" >> "${config_file}"
+	fi
+
+	if [ -z "${password}" ]; then
+		FORMAT=$(echo "${FORMAT}" | sed 's/\\tpassword\\t= \[PWD\]\\n//g')
+	fi
+
+	if [ -z "${server_answer}" ]; then
+		FORMAT=$(echo "${FORMAT}" | sed 's/\\tddns-response\\t= \[RESPONSES\]\\n//g')
+	fi
+
+	config=$(echo $FORMAT | sed -e "s#\[SECTION\]#$conf_file#g"	-e "s#\[PWD\]#$password#g" \
+				    -e "s#\[USER\]#$username#g"	-e "s#\[SERV\]#$serv#g" \
+				    -e "s#\[URI\]#\"$update_uri\"#g"	-e "s#\[SSL\]#$ssl#g" \
+				    -e "s#\[NAME\]#$host#g"	-e "s#\[CMD\]#$get_ip#g" \
+				    -e "s#\[RESPONSES\]#$server_answer#g")
+
+	echo -e "\n\n${config}" >> "${config_file}"
+
+	return 0
+}
+
+validate_host_section() {
+	uci_validate_section ddnsmngr host "${1}" \
+		'enabled:bool:0' \
+		'lookup_host:string' \
+		'dm_parent:string'
+}
+
+validate_client_section() {
+	uci_validate_section ddnsmngr client "${1}" \
+		'enabled:bool:0' \
+		'service_name:string' \
+		'interface:string' \
+		'ip_network:string' \
+		'username:string' \
+		'password:string' \
+		'use_https:bool:0' \
+		'force_dnstcp:bool:0' \
+		'use_ipv6:bool:0' \
+		'force_ipversion:bool:0'
+}
+
+add_object() {
+	local enabled lookup_host dm_parent use_ipv6 force_ipversion
+	local service_name interface ip_network username password use_https force_dnstcp
+
+	validate_host_section "${1}" || {
+		log "Validation of host section failed"
+		return
+	}
+
+	if [ "${enabled}" -ne 1 ] || [ -z "${dm_parent}" ]; then
+		return
+	fi
+
+	validate_client_section "${dm_parent}" || {
+		log "Validation of client section failed"
+		return
+	}
+
+	if [ "${enabled}" -ne 1 ]; then
+		return
+	fi
+
+	service_name=$(uci -q get ddnsmngr.${dm_parent}.service_name)
+	if [ -z "${service_name}" ]; then
+		return
+	fi
+
+	service_section=$(uci show ddnsmngr | grep "service=\'${service_name}\'" | cut -d'.' -f 2 | head -1)
+	if [ -z "${service_section}" ]; then
+		return
+	fi
+
+	service_enabled=$(uci -q get ddnsmngr.${service_section}.enabled)
+	if [ "${service_enabled}" -ne 1 ]; then
+		return
+	fi
+
+	json_init
+	json_add_string "interface" "${interface}"
+	json_add_string "service_name" "${service_name}"
+	json_add_string "username" "${username}"
+	json_add_string "password" "${password}"
+	json_add_string "lookup_host" "${lookup_host}"
+	json_add_string "ip_network" "${ip_network}"
+	json_add_string "use_ipv6" "${use_ipv6}"
+	json_add_string "force_ipversion" "${force_ipversion}"
+	json_add_string "use_https" "${use_https}"
+	json_add_string "force_dnstcp" "${force_dnstcp}"
+	json_add_string "config_file" "${1}"
+	json_add_string "config_dir" "${CONFIGPATH}"
+
+	json_str=$(json_dump)
+	json_cleanup
+
+	generate_inadyn_config "${json_str}"
+
+	if [ "$?" -ne 0 ]; then
+		return
+	fi
+
+	CONFIG_FILES="${CONFIG_FILES} ${1}"
+
+	if [ -z "${interface}" ]; then
+		if [ "${use_ipv6}" -eq 0 ]; then
+			interface="wan"
+		else
+			interface="wan6"
+		fi
+	fi
+
+	for intf in $CLIENT_INTFS; do
+		if [ "${intf}" == "${interface}" ]; then
+			return
+		fi
+	done
+
+	CLIENT_INTFS="${CLIENT_INTFS} ${interface}"
+}
+
+start_ddnsmngr_service() {
+	rm -rf $CONFIGPATH
+	mkdir $CONFIGPATH
+	mkdir -p $PIDPATH
+
+	config_load ddnsmngr
+	config_foreach add_object host
+
+	i=1
+	for conf in $CONFIG_FILES; do
+		instance="ddnsmngr_${i}"
+		i=$(( i + 1 ))
+
+		procd_open_instance $instance
+		procd_set_param command "$PROG"
+		procd_append_param command -f "${CONFIGPATH}/${conf}"
+		procd_append_param command -l debug
+		procd_append_param command -P "${PIDPATH}/${conf}"
+		procd_append_param command -n -C
+		procd_close_instance
+	done
+}
+
+stop_ddnsmngr_service() {
+	rm -rf $CONFIGPATH
+	return 0
+}
+
+add_ddnsmngr_triggers() {
+	procd_open_trigger
+	for intf in $CLIENT_INTFS; do
+		# No need to handle other ifevents like ifupdate etc
+		procd_add_interface_trigger "interface.*.up" $intf /etc/init.d/ddnsmngr restart
+	done
+	procd_close_trigger
+}

decollector/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=4.2.1.2
+PKG_VERSION:=4.2.1.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=58be2803c9cfbb365ea6eae6f33d31391599a482
+PKG_SOURCE_VERSION:=c18d0f411eea6974fc99dd9e717269087e75e874
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.6.4
+PKG_VERSION:=3.6.5
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=d9cc11c81ce1ff625e4e789afa180b301c7fcf74
+PKG_SOURCE_VERSION:=192e74db2082e3f89f6defe9d752d752b0b09079
 PKG_MIRROR_HASH:=skip
 endif
 

dnsmngr/Makefile

@@ -0,0 +1,50 @@
+#
+# Copyright (C) 2022-2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dnsmngr
+PKG_VERSION:=1.0.3
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
+PKG_SOURCE_VERSION:=347070e096b98946ba660791e3c78d1646adc54a
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+MAKE_PATH:=src
+
+define Package/dnsmngr
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +dnsmasq +umdns
+  TITLE:=Package to add Device.DNS. datamodel support
+endef
+
+define Package/dnsmngr/description
+  Package to add Device.DNS. datamodel support.
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/dnsmngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/dnsmngr/install
+	$(INSTALL_DIR) $(1)/etc/dnsmngr
+	$(CP) $(PKG_BUILD_DIR)/src/libdnsmngr.so $(1)/etc/dnsmngr
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/dnsmngr/input.json)
+endef
+
+$(eval $(call BuildPackage,dnsmngr))

dnsmngr/files/etc/dnsmngr/input.json

@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/dnsmngr/libdnsmngr.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"object": "DNS",
+			"root_obj": "bbfdm"
+		}
+	}
+}

dslmngr/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dslmngr
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.3
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=cb8b8fd2549751bcd38808391b76a1a9a908c4de
+PKG_SOURCE_VERSION:=6009d4cdabc2fb6827a1dd6096a96e720e97750b
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
@@ -26,6 +26,7 @@ PKG_LICENSE_FILES:=LICENSE
 
 
 include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
 
 ifeq ($(CONFIG_TARGET_brcmbca),y)
   TARGET_PLATFORM=BROADCOM
@@ -39,7 +40,7 @@ define Package/dslmngr
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=XDSL status and configration utility
-  DEPENDS:=+libdsl +libuci +libubox +ubus +libpthread +libnl-genl +libeasy
+  DEPENDS:=+libdsl +libuci +libubox +ubus +libpthread +libnl-genl +libeasy +libbbfdm-api
 endef
 
 define Package/dslmngr/description
@@ -69,12 +70,14 @@ define Build/Compile
 endef
 
 define Package/dslmngr/install
+	$(INSTALL_DIR) $(1)/etc/dsl
 	$(CP) ./files/common/* $(1)/
 ifeq ($(CONFIG_TARGET_brcmbca),y)
 	$(CP) ./files/broadcom/* $(1)/
 endif
 	$(INSTALL_DIR) $(1)/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dslmngr $(1)/sbin/
+	$(CP) $(PKG_BUILD_DIR)/libbbfdsl.so $(1)/etc/dsl/
 endef
 
 $(eval $(call BuildPackage,dslmngr))

dslmngr/files/common/etc/bbfdm/micro_services/dsl.json

@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/dsl/libbbfdsl.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"root_obj": "bbfdm",
+			"multiple_objects": ["DSL","PTM","ATM","FAST"]
+		}
+	}
+}

ethmngr/Config.in

@@ -0,0 +1,9 @@
+if (PACKAGE_ethmngr)
+
+menu "Configurations"
+
+config TR181_VENDOR_EXTENSIONS_MACVLAN
+	bool "Use TR181 vendor extension MACVLAN"
+	default y
+endmenu
+endif

ethmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=2.1.2
+PKG_VERSION:=2.1.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=e5cccdd45a93d969d51c4085cb52b543df544811
+PKG_SOURCE_VERSION:=53d31f7027f759a36f47c026c50eaee2888619cc
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -21,12 +21,13 @@ PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
 
 define Package/ethmngr
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=Ethernet status and configration utility
-  DEPENDS:=+(TARGET_brcmbca||TARGET_airoha||TARGET_ipq95xx||TARGET_ipq53xx||TARGET_mediatek):libethernet +libuci +libubox +ubus +libpthread +libnl-genl +libeasy
+  DEPENDS:=+(TARGET_brcmbca||TARGET_airoha||TARGET_ipq95xx||TARGET_ipq53xx||TARGET_mediatek):libethernet +libuci +libubox +ubus +libpthread +libnl-genl +libeasy +libbbfdm-api
 endef
 
 define Package/ethmngr/description
@@ -35,6 +36,10 @@ define Package/ethmngr/description
  It uses APIs from the libethernet.so library.
 endef
 
+define Package/$(PKG_NAME)/config
+       source "$(SOURCE)/Config.in"
+endef
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
         $(CP) -rf ./ethmngr/* $(PKG_BUILD_DIR)/
@@ -44,7 +49,12 @@ endif
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
 	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
+	-D_GNU_SOURCE \
+	-DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
+
+ifeq ($(CONFIG_TR181_VENDOR_EXTENSIONS_MACVLAN),y)
+TARGET_CFLAGS += -DTR181_VENDOR_EXTENSIONS_MACVLAN
+endif
 
 ifeq ($(CONFIG_TARGET_brcmbca)$(CONFIG_TARGET_airoha)$(CONFIG_TARGET_ipq95xx)$(CONFIG_TARGET_ipq53xx)$(CONFIG_TARGET_mediatek),)
 define Build/Compile
@@ -53,10 +63,15 @@ endif
 
 define Package/ethmngr/install
 	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc/ethmngr
+	$(INSTALL_DIR) $(1)/etc/ethmngr/plugins
 ifneq ($(CONFIG_TARGET_brcmbca)$(CONFIG_TARGET_airoha)$(CONFIG_TARGET_ipq95xx)$(CONFIG_TARGET_ipq53xx)$(CONFIG_TARGET_mediatek),)
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ethmngr $(1)/usr/sbin/
 endif
+	$(CP) $(PKG_BUILD_DIR)/libbbfethernet.so $(1)/etc/ethmngr
+	$(CP) $(PKG_BUILD_DIR)/libbbfethernetmacvlan.so $(1)/etc/ethmngr/plugins
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bbfdm/micro_services/ethernet.json)
 endef
 
 $(eval $(call BuildPackage,ethmngr))

ethmngr/files/etc/bbfdm/micro_services/ethernet.json

@@ -0,0 +1,18 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/ethmngr/libbbfethernet.so",
+			"plugin_dir": "/etc/ethmngr/plugins"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"object": "Ethernet",
+			"root_obj": "bbfdm"
+		}
+	}
+}

ethmngr/files/etc/ruleng/ethport.json

@@ -0,0 +1,20 @@
+{
+	"ethport_update": {
+		"if" : [
+			{
+				"event": "network.device"
+			}
+		],
+		"then" : [
+			{
+				"cli": "/sbin/hotplug-call ethernet",
+				"envs": {
+					"PORT": "&network.device->ifname",
+					"LINK": "&network.device->link"
+				},
+				"timeout": 1
+			}
+		]
+	}
+}
+

hostmngr/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.2.2
+PKG_VERSION:=1.2.3
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
@@ -58,12 +58,11 @@ endif
 MAKE_PATH:=src
 
 define Package/hostmngr/install
-	$(CP) ./files/* $(1)/
+	$(CP) ./files/etc $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/hostmngr/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/hostmngr $(1)/usr/sbin/
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/bbf_plugin/libhostmngr.so $(1)/etc/hostmngr/
-	$(INSTALL_DATA) ./files/etc/hostmngr/input.json $(1)/etc/hostmngr/	
 	$(INSTALL_DIR) $(1)/usr/share/hostmngr
 	$(INSTALL_DATA) ./files/scripts/hosts_acl.sh $(1)/usr/share/hostmngr/
 endef

hostmngr/files/etc/bbfdm/micro_services/hostmngr.json

@@ -1,12 +1,14 @@
 {
 	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
 		"input": {
 			"type": "DotSo",
 			"name": "/etc/hostmngr/libhostmngr.so"
 		},
 		"output": {
 			"type": "UBUS",
-			"name": "bbfdm.hosts",
 			"parent_dm": "Device.",
 			"object": "Hosts",
 			"root_obj": "bbfdm"

hostmngr/files/etc/init.d/hostmngr

@@ -3,12 +3,8 @@
 START=65
 STOP=20
 
-. /etc/bbfdm/bbfdm_services.sh
-
 USE_PROCD=1
 
-HOSTS_JSON_INPUT="/etc/hostmngr/input.json"
-
 start_service() {
 	procd_open_instance
 	procd_set_param command "/usr/sbin/hostmngr" "--config hosts" "-o"  "/tmp/hostmngr.log" "-f"
@@ -18,7 +14,6 @@ start_service() {
 #	procd_set_param stderr 1
 	procd_close_instance
 	
-	bbfdm_add_service "bbfdm.hosts" "${HOSTS_JSON_INPUT}"
 	sh /usr/share/hostmngr/hosts_acl.sh
 }
 

hostmngr/files/scripts/hosts_acl.sh

@@ -5,6 +5,9 @@
 day=""
 next_days=""
 prev_days=""
+schedule_added=""
+
+ACCESS_RULE=""
 IP_RULE=""
 IP_RULE1=""
 
@@ -108,70 +111,77 @@ ip_rule_east_zone() {
 	fi
 }
 
-process_ac_schedule() {
-	local acs_id="$1"
-	local is_enabled
-	local access_control
-	local start_time=""
-	local mac=""
 
+add_access_rule() {
+	local rule="$1"
+	echo "iptables -w -A hosts_forward ${rule}" >> $ACL_FILE
+	echo "ip6tables -w -A hosts_forward ${rule}" >> $ACL_FILE
+}
 
-	handle_day_list() {
-		local value=$1
+handle_day_list() {
+	local value=$1
 
-		val=$(echo $value | cut -c 1-3)
-		next_day_val=$(get_next_day $val)
-		prev_day_val=$(get_previous_day $val)
-		if [ -z $day ]; then
-			day="$val"
-			next_days="$next_day_val"
-			prev_days="$prev_day_val"
-		else
-			day="$day,$val"
-			next_days="$next_days,$next_day_val"
-			prev_days="$prev_days,$prev_day_val"
-		fi
-	}
+	val=$(echo $value | cut -c 1-3)
+	next_day_val=$(get_next_day $val)
+	prev_day_val=$(get_previous_day $val)
+	if [ -z $day ]; then
+		day="$val"
+		next_days="$next_day_val"
+		prev_days="$prev_day_val"
+	else
+		day="$day,$val"
+		next_days="$next_days,$next_day_val"
+		prev_days="$prev_days,$prev_day_val"
+	fi
+}
 
-	config_list_foreach "$acs_id" "day" handle_day_list
-	config_get is_enabled "$acs_id" "enable" 1
-	config_get access_control "$acs_id" "dm_parent"
+handle_schedule() {
+	local schd_section="$1"
+	local ac_section="$2"
+	local acs_id
+	local start_time
+	local duration
 
-	if [ "$is_enabled" == "0" ] || [ -z "$access_control" ]; then
-		return
+	IP_RULE="$ACCESS_RULE"
+	IP_RULE1=""
+	day=""
+	next_days=""
+	prev_days=""
+
+	config_get acs_id "$schd_section" "dm_parent"
+
+	if [ "$acs_id" != "$ac_section" ]; then
+		return # schedule not for this access control section
 	fi
 
-	IP_RULE=""
-	IP_RULE1=""
-
-	config_get is_enabled "$access_control" "enable" 1
+	local is_enabled
+	config_get is_enabled "$schd_section" "enable" 0
 	if [ "$is_enabled" == "0" ]; then
 		return
 	fi
 
-	mac=$(uci -q get hosts.$access_control.macaddr)
-	access_policy=$(uci -q get hosts.$access_control.access_policy)
+	local all_days="Monday Tuesday Wednesday Thursday Friday Saturday Sunday"
+	local day_config
+	config_get day_config "$schd_section" "day" "$all_days"
 
-	config_get start_time "$acs_id" "start_time"
-	config_get duration "$acs_id" "duration"
+	IFS=" "
+	for d in $day_config; do
+		handle_day_list $d
+	done
 
-	if [ -z "$mac" ] && [ -z "$start_time" ] && [ -z "$duration" ] && [ -z "$day" ] && [ -z "$access_policy" ]; then
-		return
-	fi
-	if [ -n "$mac" ]; then
-		IP_RULE="$IP_RULE -m mac --mac-source $mac"
-	fi
+	config_get start_time "$schd_section" "start_time" "00:00"
+	config_get duration "$schd_section" "duration"
 
 	zone=$(date +%z | cut -c 1)
 	local_start_time=$start_time
-        if [ -n "$duration" ]; then
-		hh=$(echo $local_start_time | awk -F: '{ print $1 }')
-                mm=$(echo $local_start_time | awk -F: '{ print $2 }')
-                hh_s=`expr $hh \* 3600`
-                mm_s=`expr $mm \* 60`
-                ss=$(( hh_s + mm_s ))
-		local_start_hh=$hh
+	hh=$(echo $local_start_time | awk -F: '{ print $1 }')
+	mm=$(echo $local_start_time | awk -F: '{ print $2 }')
+	hh_s=`expr $hh \* 3600`
+	mm_s=`expr $mm \* 60`
+	ss=$(( hh_s + mm_s ))
+	local_start_hh=$hh
 
+        if [ -n "$duration" ]; then
                 stop_ss=$(( ss + duration ))
                 hh=$(( stop_ss / 3600 ))
                	rem_ss=$(( stop_ss % 3600 ))
@@ -179,6 +189,10 @@ process_ac_schedule() {
                	ss=$(( rem_ss % 60 ))
 		local_stop_time="$hh:$mm:$ss"
 		local_stop_hh=$hh
+	else
+		# if duartion is not specified, then apply rule to end of the day
+		local_stop_time="23:59:59"
+		local_stop_hh="23"
 	fi
 
 	utc_start_time=$(date -u -d @$(date "+%s" -d "$local_start_time") +%H:%M)
@@ -191,43 +205,91 @@ process_ac_schedule() {
 		ip_rule_east_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
 	fi
 
-	if [ "$access_policy" == "Deny" ]; then
-		IP_RULE="$IP_RULE -j DROP"
-		if [ -n "$IP_RULE1" ]; then
-			IP_RULE1="$IP_RULE1 -j DROP"
-		fi
-	else
-		IP_RULE="$IP_RULE -j ACCEPT"
-		if [ -n "$IP_RULE1" ]; then
-			IP_RULE1="$IP_RULE1 -j ACCEPT"
-		fi
-	fi
-
-	iptables -w -A hosts_forward ${IP_RULE}
-	ip6tables -w -A hosts_forward ${IP_RULE}
+	IP_RULE="$IP_RULE -j ACCEPT"
 	if [ -n "$IP_RULE1" ]; then
-		iptables -w -A hosts_forward ${IP_RULE1}
-		ip6tables -w -A hosts_forward ${IP_RULE1}
+		IP_RULE1="$IP_RULE1 -j ACCEPT"
 	fi
 
-	day=""
-	next_days=""
-	prev_days=""
+	add_access_rule "$IP_RULE"
+	if [ -n "$IP_RULE1" ]; then
+		add_access_rule "$IP_RULE1"
+	fi
+
+	# for access rules to be effective for a schedule, need to add DROP rule
+	# to block the access outside the defined schedule
+	if [ "$schedule_added" == "0" ]; then
+		schedule_added="1"
+	fi
 }
 
-iptables -w -F hosts_forward
-ip6tables -w -F hosts_forward
+handle_access_control() {
+	local ac_section="$1"
+	local is_enabled
+
+	# default value of Hosts.AccessControl.{i}.Enable is false,
+	# so, if not defined in uci as 1, assume 0
+	config_get is_enabled "$ac_section" "enable" 0
+	if [ "$is_enabled" == "0" ]; then
+		return
+	fi
+
+	local mac_addr
+	config_get mac_addr "$ac_section" "macaddr"
+	if [ -z "$mac_addr" ]; then
+		return
+	else
+		ACCESS_RULE="-m mac --mac-source $mac_addr"
+	fi
+
+	local access_policy
+	config_get access_policy "$ac_section" "access_policy"
+	if [ -z "$access_policy" ]; then
+		return # since system default is allow so no need to do anything
+	fi
+
+	# As per Data Model, if access policy is deny, then schedule is to be ignored
+	# and no access is to be provided for the device
+	if [ "$access_policy" == "Deny" ]; then
+		ACCESS_RULE="$ACCESS_RULE -j DROP"
+		add_access_rule "$ACCESS_RULE"
+		return # no need to parse schedule
+	fi
+
+	schedule_added="0"
+	# check if schedule is defined for this access_control instance
+	# and if yes, create rule accordingly
+	config_foreach handle_schedule  ac_schedule "$ac_section"
+
+	# for access rule to work, need to have default drop rule as last rule
+	if [ "$schedule_added" == "1" ]; then
+		IP_RULE="$ACCESS_RULE -j DROP"
+		add_access_rule "$IP_RULE"
+	fi
+}
+
+ACL_FILE="/tmp/hosts_access_control/access_control.rules"
+
+rm -f $ACL_FILE
+
+mkdir -p /tmp/hosts_access_control/
+touch $ACL_FILE
+
+echo "iptables -w -F hosts_forward" >> $ACL_FILE
+echo "ip6tables -w -F hosts_forward" >> $ACL_FILE
 
 hosts_forward=$(iptables -t filter --list | grep hosts_forward)
 if [ -z "$hosts_forward" ]; then
-	iptables -w -t filter -N hosts_forward
+	echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
-	[ $ret -eq 0 ] && iptables -w -t filter -I FORWARD -j hosts_forward
-	ip6tables -w -t filter -N hosts_forward
+	[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
+	echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
-	[ $ret -eq 0 ] && ip6tables -w -t filter -I FORWARD -j hosts_forward
+	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
 fi
 
 # Load /etc/config/hosts UCI file
 config_load hosts
-config_foreach process_ac_schedule ac_schedule
+config_foreach handle_access_control access_control
+
+# apply the rules
+sh $ACL_FILE

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.6.5
+PKG_VERSION:=9.7.4
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=52632e3b3f4d89ac3c0bdddd3543087be0d32460
+PKG_SOURCE_VERSION:=1a5ed79a014ff3e9633b70b310bf3f21dea6f036
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -48,6 +48,7 @@ define Package/icwmp/install
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
+	$(INSTALL_DIR) $(1)/etc/icwmpd/plugins
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/firewall.cwmp $(1)/etc/firewall.cwmp
@@ -58,8 +59,9 @@ define Package/icwmp/install
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user
-	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/CWMPManagementServer.json)
-	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/libcwmpdm.so)
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/icwmpd,$(PKG_BUILD_DIR)/libcwmpdm.so)
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/icwmpd/plugins,./files/etc/bbfdm/json/CWMPManagementServer.json)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/icwmpd/input.json)
 endef
 
 $(eval $(call BuildPackage,icwmp))

icwmp/files/etc/bbfdm/json/CWMPManagementServer.json

@@ -1,8 +1,7 @@
 {
-	"json_plugin_version": 1,
+	"json_plugin_version": 2,
 	"Device.CWMPManagementServer.": {
 		"type": "object",
-		"version": "2.15",
 		"protocols": [
 			"usp"
 		],
@@ -11,7 +10,6 @@
 		"dependency": "file:/etc/config/cwmp",
 		"EnableCWMP": {
 			"type": "boolean",
-			"version": "2.15",
 			"read": true,
 			"write": true,
 			"protocols": [

icwmp/files/etc/config/cwmp

@@ -5,6 +5,7 @@ config acs 'acs'
 	option periodic_inform_interval '1800'
 	option periodic_inform_time '0001-01-01T00:00:00Z'
 	option dhcp_discovery 'enable'
+	option ssl_capath "/etc/ssl/certs"
 	# compression possible configs: GZIP, Deflate, Disabled
 	option compression 'Disabled'
 	#­ possible configs interval :[1:65535]
@@ -21,7 +22,7 @@ config cpe 'cpe'
 	option log_to_file 'disable'
 	# log_severity: INFO (Default)	
 	# log_severity possible configs: EMERG, ALERT, CRITIC ,ERROR, WARNING, NOTICE, INFO, DEBUG
-	option log_severity 'DEBUG'
+	option log_severity 'ERROR'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
 	option userid '' #$OUI-$SER

icwmp/files/etc/icwmpd/input.json

@@ -0,0 +1,18 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/icwmpd/libcwmpdm.so",
+			"plugin_dir": "/etc/icwmpd/plugins/"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"multiple_objects": [ "ManagementServer", "XMPP" , "CWMPManagementServer"],
+			"root_obj": "bbfdm"
+		}
+	}
+}

icwmp/files/etc/init.d/icwmpd

@@ -9,38 +9,31 @@ PROG="/usr/sbin/icwmpd"
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+
 include /lib/network
 
 log() {
 	echo "${@}"|logger -t cwmp.init -p info
 }
 
-regenerate_ssl_link()
-{
-	local cert_dir all_file rehash
+regenerate_ssl_link() {
+	local cert_dir="${1%/}"
+	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
 
-	cert_dir="${1}"
-	[ ! -d "${cert_dir}" ] && return 0;
-
-	### Generate all ssl link for pem certicates ###
-	all_file=$(ls "${cert_dir}"/*.pem 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-			[ -f "${cert_dir}"/"${rehash}".0 ] || \
-				ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
+	generate_links() {
+		local file_type="$1"
+		local files="${cert_dir}"/*."${file_type}"
+		for cfile in ${files}; do
+			if [ -f "${cfile}" ]; then
+				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
+				[ -f "${cert_dir}/${rehash}.0" ] || \
+					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
+			fi
 		done
-	fi
+	}
 
-	### Generate all ssl link for crt certicates ###
-	all_file=$(ls "${cert_dir}"/*.crt 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-			[ -f "${cert_dir}"/"${rehash}".0 ] || \
-				ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
-		done
-	fi
+	generate_links "pem"
+	generate_links "crt"
 }
 
 enable_dhcp_option43() {
@@ -458,11 +451,10 @@ validate_defaults() {
 
 	ssl_capath="${ssl_capath%/}"
 	# Put the cert pem file in keep list
-	if [ -d "${ssl_capath}" ]; then
+	if [ -d "${ssl_capath}" ] && [ "${ssl_capath}" != "/etc/ssl/certs" ]; then
 		if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then
 			echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp
 			echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp
-			echo "${ssl_capath}"'/*.0' >> /lib/upgrade/keep.d/icwmp
 		fi
 	fi
 

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.3.7
+PKG_VERSION:=8.3.10
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=a7303fc23b812dde4259cbf75c1cecfc7b6af1cd
+PKG_SOURCE_VERSION:=dc1f5af80bbea7bd03b8f87184636efd5373cd7e
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

iop/config

@@ -142,7 +142,6 @@ CONFIG_PACKAGE_wwan=y
 CONFIG_PACKAGE_xl2tpd=y
 
 # Services #
-CONFIG_PACKAGE_atftp=y
 CONFIG_PACKAGE_atftpd=y
 CONFIG_PACKAGE_ddns-scripts=y
 CONFIG_PACKAGE_dnsmasq=y

iop/scripts/update_package.sh

@@ -1,9 +1,6 @@
-# Exported interface
 update_package() {
 	echo "update_package is no longer supported." >&2
-	echo "Its replacement will come soon." >&2
-	echo >&2
-	echo "For now update references in profiles/include/*.yml and feeds.conf.io manually." >&2
+	echo "Its replacement is ./iop set-feed-rev." >&2
 	return 1
 }
 

iopsys-analytics/Makefile

@@ -4,7 +4,7 @@ PKG_NAME:=iopsys-analytics
 PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=PROPRIETARY
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=88dd7997ed78b1ab02c2904ed90518c46a8fa26b
+PKG_SOURCE_VERSION:=1a749bdebd142a83ba0733f1644a6241403c9097
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/iopsys-analytics.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ipt-trigger/Makefile

@@ -0,0 +1,62 @@
+#
+# Copyright (C) 2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ipt-trigger
+PKG_VERSION:=1.0.0
+PKG_LICENSE:=GPL-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define KernelPackage/ipt-trigger
+  SUBMENU:=Other modules
+  TITLE:=Kernel module for iptables port trigger
+  FILES:=$(PKG_BUILD_DIR)/ipv4/ipt_TRIGGER.ko
+  DEPENDS+=+kmod-nf-nat +xtables-legacy
+  AUTOLOAD:=$(call AutoLoad,30,ipt_TRIGGER,1)
+  KCONFIG:=
+endef
+
+define KernelPackage/ip6t-trigger
+  SUBMENU:=Other modules
+  TITLE:=Kernel module for ip6tables port trigger
+  DEPENDS+=+kmod-nf-nat +xtables-legacy
+  FILES:=$(PKG_BUILD_DIR)/ipv6/ip6t_TRIGGER.ko
+  AUTOLOAD:=$(call AutoLoad,30,ip6t_TRIGGER,1)
+  KCONFIG:=
+endef
+
+define KernelPackage/ipt-trigger/description
+	Kernel module to enable port trigger for iptables
+endef
+
+define KernelPackage/ip6t-trigger/description
+	Kernel module to enable port trigger for ip6tables
+endef
+
+ifeq ($(CONFIG_TARGET_brcmbca),y)
+	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+endif
+
+define Build/Prepare
+	$(CP) -rf ./src/* $(PKG_BUILD_DIR)/
+	$(CP) $(PKG_BUILD_DIR)/ipt_TRIGGER.h $(LINUX_DIR)/include/linux/netfilter_ipv4/
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/include/linux/netfilter_ipv4
+	$(CP) $(PKG_BUILD_DIR)/ipt_TRIGGER.h $(1)/include/linux/netfilter_ipv4/
+endef
+
+KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
+
+define Build/Compile
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/ipv4/" modules
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/ipv6/" modules
+endef
+
+$(eval $(call KernelPackage,ipt-trigger))
+$(eval $(call KernelPackage,ip6t-trigger))

ipt-trigger/src/ipt_TRIGGER.h

@@ -0,0 +1,26 @@
+#ifndef _IPT_TRIGGER_H_target
+#define _IPT_TRIGGER_H_target
+
+#define TRIGGER_TIMEOUT 600	/* 600 secs */
+
+enum ipt_trigger_type
+{
+	IPT_TRIGGER_DNAT = 1,
+	IPT_TRIGGER_IN = 2,
+	IPT_TRIGGER_OUT = 3,
+	IPT_TRIGGER_REFRESH = 4
+};
+
+struct ipt_trigger_ports {
+	u_int16_t mport[2];	/* Related destination port range */
+	u_int16_t rport[2];	/* Port range to map related destination port range to */
+};
+
+struct ipt_trigger_info {
+	enum ipt_trigger_type type;
+	u_int16_t proto;		/* Related protocol */
+	u_int16_t trigger_timeout;	/* Auto disable duration */
+	struct ipt_trigger_ports ports;
+};
+
+#endif /*_IPT_TRIGGER_H_target*/

ipt-trigger/src/ipv4/Makefile

@@ -0,0 +1 @@
+obj-m +=ipt_TRIGGER.o

ipt-trigger/src/ipv4/ipt_TRIGGER.c

@@ -0,0 +1,407 @@
+/* Kernel module to match the port-ranges, trigger related port-ranges,
+ * and alters the destination to a local IP address.
+ *
+ * Copyright (C) 2003, CyberTAN Corporation
+ * All Rights Reserved.
+ *
+ * Description:
+ *   This is kernel module for port-triggering.
+ *
+ *   The module follows the Netfilter framework, called extended packet
+ *   matching modules.
+ */
+
+#include <linux/types.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/timer.h>
+#include <linux/module.h>
+#include <linux/netfilter.h>
+#include <linux/netdevice.h>
+#include <linux/if.h>
+#include <linux/inetdevice.h>
+#include <linux/list.h>
+#include <net/protocol.h>
+#include <net/checksum.h>
+#include <linux/spinlock.h>
+
+#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter_ipv4/ipt_TRIGGER.h>
+
+/* This rwlock protects the main hash table, protocol/helper/expected
+ *    registrations, conntrack timers*/
+
+
+static DEFINE_SPINLOCK(nf_trigger_lock);
+
+
+
+#define NF_IP_PRE_ROUTING	0
+#define NF_IP_FORWARD		2
+#define IPT_CONTINUE XT_CONTINUE
+
+
+
+/***********************lock help**********************/
+#define MUST_BE_READ_LOCKED(l)
+#define MUST_BE_WRITE_LOCKED(l)
+
+
+#define LOCK_BH(l) spin_lock_bh(l)
+#define UNLOCK_BH(l) spin_unlock_bh(l)
+
+#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&nf_trigger_lock)
+#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&nf_trigger_lock)
+
+
+
+
+/***********************list help**********************/
+#define LIST_FIND(head, cmpfn, type, args...)           \
+({                                                      \
+        const struct list_head *__i, *__j = NULL;       \
+                                                        \
+        ASSERT_READ_LOCK(head);                         \
+        list_for_each(__i, (head))                      \
+                if (cmpfn((const type)__i , ## args)) { \
+                        __j = __i;                      \
+                        break;                          \
+                }                                       \
+        (type)__j;                                      \
+})
+
+static inline int
+__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
+
+static inline void
+list_prepend(struct list_head *head, void *new)
+{
+	ASSERT_WRITE_LOCK(head);
+	list_add(new, head);
+}
+
+#define list_named_find(head, name)                     \
+LIST_FIND(head, __list_cmp_name, void *, name)
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
+MODULE_DESCRIPTION("iptables trigger target module");
+
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+struct ipt_trigger {
+        struct list_head list;          /* Trigger list */
+        struct timer_list timeout;      /* Timer for list destroying */
+        u_int32_t srcip;                /* Outgoing source address */
+        u_int32_t dstip;                /* Outgoing destination address */
+        u_int16_t mproto;               /* Trigger protocol */
+        u_int16_t rproto;               /* Related protocol */
+        u_int16_t trigger_timeout;      /* Auto disable duration */
+        struct ipt_trigger_ports ports; /* Trigger and related ports */
+        u_int8_t reply;                 /* Confirm a reply connection */
+};
+
+LIST_HEAD(ipt_trigger_list);
+
+static void trigger_refresh(struct ipt_trigger *trig, unsigned long extra_jiffies)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	LOCK_BH(&nf_trigger_lock);
+	/* Need del_timer for race avoidance (may already be dying). */
+	if (del_timer(&trig->timeout)) {
+		trig->timeout.expires = jiffies + extra_jiffies;
+		add_timer(&trig->timeout);
+	}
+
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static void __del_trigger(struct ipt_trigger *trig)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	MUST_BE_WRITE_LOCKED(&nf_trigger_lock);
+
+	/* delete from 'ipt_trigger_list' */
+	list_del(&trig->list);
+	kfree(trig);
+}
+
+static void trigger_timeout(struct timer_list *t)
+{
+	struct ipt_trigger *trig = from_timer(trig, t, timeout);
+
+	DEBUGP("trigger list %p timed out\n", trig);
+	LOCK_BH(&nf_trigger_lock);
+	__del_trigger(trig);
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static unsigned int
+add_new_trigger(struct ipt_trigger *trig)
+{
+	struct ipt_trigger *new = NULL;
+
+	DEBUGP("!!!!!!!!!!!! %s !!!!!!!!!!!\n", __FUNCTION__);
+
+	LOCK_BH(&nf_trigger_lock);
+	new = (struct ipt_trigger *)
+		kmalloc(sizeof(struct ipt_trigger), GFP_ATOMIC);
+
+	if (!new) {
+		UNLOCK_BH(&nf_trigger_lock);
+		DEBUGP("%s: OOM allocating trigger list\n", __FUNCTION__);
+		return -ENOMEM;
+	}
+
+	memset(new, 0, sizeof(*trig));
+	INIT_LIST_HEAD(&new->list);
+	memcpy(new, trig, sizeof(*trig));
+
+	/* add to global table of trigger */
+	list_prepend(&ipt_trigger_list, &new->list);
+
+	/* add and start timer if required */
+	timer_setup(&new->timeout, trigger_timeout, 0);
+	mod_timer(&new->timeout, jiffies + (trig->trigger_timeout * HZ));
+
+	UNLOCK_BH(&nf_trigger_lock);
+
+	return 0;
+}
+
+/*
+ *      Service-Name    OutBound        InBound
+ * 1.   TMD             UDP:1000        TCP/UDP:2000..2010
+ * 2.   WOKAO           UDP:1000        TCP/UDP:3000..3010
+ * 3.   net2phone-1     UDP:6801        TCP:30000..30000
+ * 4.   net2phone-2     UDP:6801        UDP:30000..30000
+ *
+ * For supporting to use the same outgoing port to trigger different port rules,
+ * it should check the inbound protocol and port range value. If all conditions
+ * are matched, it is a same trigger item, else it needs to create a new one.
+ */
+static inline int trigger_out_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport, const struct ipt_trigger_info *info)
+{
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, mproto= %d, mport[0..1]=%d, %d, ", __FUNCTION__,
+			i->mproto, i->ports.mport[0], i->ports.mport[1]);
+	DEBUGP("rproto= %d, rport[0..1]=%d, %d.\n",
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	return ((i->mproto == proto) &&
+			(i->ports.mport[0] <= dport)  &&
+			(i->ports.mport[1] >= dport) &&
+			(i->rproto == info->proto) &&
+			(i->ports.rport[0] == info->ports.rport[0]) &&
+			(i->ports.rport[1] == info->ports.rport[1]));
+}
+
+static unsigned int
+trigger_out(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger trig, *found;
+	const struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	/* Check if the trigger range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_out_matched,
+			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest), info);
+
+
+	if (found) {
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		/* In order to allow multiple hosts use the same port range, we update
+		   the 'saddr' after previous trigger has a reply connection. */
+		if (found->reply)
+			found->srcip = iph->saddr;
+	}
+	else {
+		/* Create new trigger */
+		memset(&trig, 0, sizeof(trig));
+		trig.srcip = iph->saddr;
+		trig.mproto = iph->protocol;
+		trig.rproto = info->proto;
+		trig.trigger_timeout = info->trigger_timeout;
+		memcpy(&trig.ports, &info->ports, sizeof(struct ipt_trigger_ports));
+		add_new_trigger(&trig); /* Add the new 'trig' to list 'ipt_trigger_list'. */
+	}
+
+	return IPT_CONTINUE;        /* We don't block any packet. */
+}
+
+static inline int trigger_in_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport)
+{
+	u_int16_t rproto = i->rproto;
+
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, rproto= %d, rport[0..1]=%d, %d.\n", __FUNCTION__,
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	if (!rproto)
+		rproto = proto;
+
+	return ((rproto == proto) && (i->ports.rport[0] <= dport)
+			&& (i->ports.rport[1] >= dport));
+}
+
+static unsigned int
+trigger_in(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger *found;
+	const struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest));
+	if (found) {
+		DEBUGP("############# %s ############\n", __FUNCTION__);
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		return NF_ACCEPT;       /* Accept it, or the imcoming packet could be
+					   dropped in the FORWARD chain */
+	}
+
+	return IPT_CONTINUE;        /* Our job is the interception. */
+}
+
+static unsigned int
+trigger_dnat(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	struct ipt_trigger *found = NULL;
+	const struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
+	struct nf_conn *ct = NULL;
+	enum ip_conntrack_info ctinfo;
+	struct nf_nat_range2 newrange;
+
+	DEBUGP("############# %s ############%d\n", __FUNCTION__, __LINE__);
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest));
+	if (found) {
+		DEBUGP("############# %s ############%d srcip:%d\n", __FUNCTION__, __LINE__, found->srcip);
+	}
+
+	if (!found || !found->srcip)
+		return IPT_CONTINUE;    /* We don't block any packet. */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	found->reply = 1;   /* Confirm there has been a reply connection. */
+	ct = nf_ct_get(skb, &ctinfo);
+
+	DEBUGP("%s: got ", __FUNCTION__);
+
+
+	/* Alter the destination of imcoming packet. */
+	/* Transfer from original range. */
+	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
+	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
+	memset(&newrange.min_proto, 0, sizeof(newrange.min_proto));
+	memset(&newrange.max_proto, 0, sizeof(newrange.max_proto));
+	newrange.flags	     = NF_NAT_RANGE_MAP_IPS;
+	newrange.min_addr.ip = found->srcip;
+	newrange.max_addr.ip = found->srcip;
+	DEBUGP("%s: found->srcip = %x\n", __FUNCTION__,  found->srcip);
+
+	/* Hand modified range to generic setup. */
+	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
+}
+
+static unsigned int
+trigger_target(struct sk_buff *skb,
+			       const struct xt_action_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+	const struct iphdr *iph = ip_hdr(skb);
+	unsigned int hooknum = xt_hooknum(par);
+
+	DEBUGP("%s: type = %s\n", __FUNCTION__,
+			(info->type == IPT_TRIGGER_DNAT) ? "dnat" :
+			(info->type == IPT_TRIGGER_IN) ? "in" : "out");
+
+	/* The Port-trigger only supports TCP and UDP. */
+	if ((iph->protocol != IPPROTO_TCP) && (iph->protocol != IPPROTO_UDP))
+		return IPT_CONTINUE;
+
+	if (info->type == IPT_TRIGGER_OUT)
+		return trigger_out(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_IN)
+		return trigger_in(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_DNAT)
+		return trigger_dnat(skb, hooknum, info);
+
+	return IPT_CONTINUE;
+}
+static int
+trigger_check(const struct xt_tgchk_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+
+	if ((strcmp(par->table, "mangle") == 0)) {
+		DEBUGP("trigger_check: bad table `%s'.\n", par->table);
+		return -EINVAL;
+	}
+	if (par->hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_FORWARD))) {
+		DEBUGP("trigger_check: bad hooks %x.\n", par->hook_mask);
+		return -EINVAL;
+	}
+
+	if (info->proto) {
+		if (info->proto != IPPROTO_TCP && info->proto != IPPROTO_UDP) {
+			DEBUGP("trigger_check: bad proto %d.\n", info->proto);
+			return -EINVAL;
+		}
+	}
+	if (info->type == IPT_TRIGGER_OUT) {
+		if (!info->ports.mport[0] || !info->ports.rport[0]) {
+			DEBUGP("trigger_check: Try 'iptbles -j TRIGGER -h' for help.\n");
+			return -EINVAL;
+		}
+	}
+
+	return 0;
+}
+
+
+static struct xt_target redirect_reg = {
+        .name           = "TRIGGER",
+        .family         = NFPROTO_IPV4,
+        .target         = trigger_target,
+        .targetsize     = sizeof(struct ipt_trigger_info),
+        .checkentry     = trigger_check,
+        .me             = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+	return xt_register_target(&redirect_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(&redirect_reg);
+}
+
+module_init(init);
+module_exit(fini);

ipt-trigger/src/ipv6/Makefile

@@ -0,0 +1 @@
+obj-m +=ip6t_TRIGGER.o

ipt-trigger/src/ipv6/ip6t_TRIGGER.c

@@ -0,0 +1,429 @@
+/* Kernel module to match the port-ranges, trigger related port-ranges,
+ * and alters the destination to a local IPv6 address.
+ *
+ * Copyright (C) 2024, IOPSYS
+ * All Rights Reserved.
+ *
+ * Description:
+ *   This is kernel module for port-triggering.
+ *
+ *   The module follows the Netfilter framework, called extended packet
+ *   matching modules.
+ */
+
+#include <linux/types.h>
+#include <linux/tcp.h>
+#include <linux/timer.h>
+#include <linux/module.h>
+#include <linux/netfilter.h>
+#include <linux/netdevice.h>
+#include <linux/if.h>
+#include <linux/inetdevice.h>
+#include <linux/list.h>
+#include <net/protocol.h>
+#include <net/checksum.h>
+#include <linux/spinlock.h>
+
+#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter_ipv4/ipt_TRIGGER.h>
+
+/* This rwlock protects the main hash table, protocol/helper/expected
+ *    registrations, conntrack timers*/
+
+
+static DEFINE_SPINLOCK(nf_trigger_lock);
+
+
+
+#define NF_IP_PRE_ROUTING	0
+#define NF_IP_FORWARD		2
+#define IPT_CONTINUE XT_CONTINUE
+
+
+
+/***********************lock help**********************/
+#define MUST_BE_READ_LOCKED(l)
+#define MUST_BE_WRITE_LOCKED(l)
+
+
+#define LOCK_BH(l) spin_lock_bh(l)
+#define UNLOCK_BH(l) spin_unlock_bh(l)
+
+#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&nf_trigger_lock)
+#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&nf_trigger_lock)
+
+
+
+
+/***********************list help**********************/
+#define LIST_FIND(head, cmpfn, type, args...)           \
+({                                                      \
+        const struct list_head *__i, *__j = NULL;       \
+                                                        \
+        ASSERT_READ_LOCK(head);                         \
+        list_for_each(__i, (head))                      \
+                if (cmpfn((const type)__i , ## args)) { \
+                        __j = __i;                      \
+                        break;                          \
+                }                                       \
+        (type)__j;                                      \
+})
+
+static inline int
+__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
+
+static inline void
+list_prepend(struct list_head *head, void *new)
+{
+	ASSERT_WRITE_LOCK(head);
+	list_add(new, head);
+}
+
+#define list_named_find(head, name)                     \
+LIST_FIND(head, __list_cmp_name, void *, name)
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("IOPSYS Network Team");
+MODULE_DESCRIPTION("iptables trigger target module");
+
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+struct ipt_trigger {
+        struct list_head list;          /* Trigger list */
+        struct timer_list timeout;      /* Timer for list destroying */
+        struct in6_addr srcip;                /* Outgoing source address */
+        struct in6_addr dstip;                /* Outgoing destination address */
+        u_int16_t mproto;               /* Trigger protocol */
+        u_int16_t rproto;               /* Related protocol */
+	u_int16_t trigger_timeout;      /* Auto disable duration */
+        struct ipt_trigger_ports ports; /* Trigger and related ports */
+        u_int8_t reply;                 /* Confirm a reply connection */
+};
+
+LIST_HEAD(ipt_trigger_list);
+
+static unsigned char *ipv6_header_get_L4_header_offset(const struct ipv6hdr *ip6h_p)
+{
+        unsigned int ext_head_count = 8;
+        const struct ipv6_opt_hdr *ip_ext_p;
+        unsigned int payload_offset = 0;
+	char *tcpudp_hdr = NULL;
+	uint8_t nextHdr_p;
+
+        nextHdr_p = ip6h_p->nexthdr;
+        ip_ext_p = (const struct ipv6_opt_hdr *)(ip6h_p + 1);
+        payload_offset = sizeof(struct ipv6hdr);
+
+        do {
+                if ((nextHdr_p == IPPROTO_TCP) || (nextHdr_p == IPPROTO_UDP)) {
+			tcpudp_hdr = (unsigned char *)ip6h_p + payload_offset;
+                        break;
+		}
+
+                payload_offset += (ip_ext_p->hdrlen + 1U) << 3U;
+                nextHdr_p = ip_ext_p->nexthdr;
+                ip_ext_p = (struct ipv6_opt_hdr *)((uint8_t *)ip6h_p + payload_offset);
+                ext_head_count--; /* at most 8 extension headers */
+        } while (ext_head_count);
+
+        return tcpudp_hdr;
+}
+
+static void trigger_refresh(struct ipt_trigger *trig, unsigned long extra_jiffies)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	LOCK_BH(&nf_trigger_lock);
+	/* Need del_timer for race avoidance (may already be dying). */
+	if (del_timer(&trig->timeout)) {
+		trig->timeout.expires = jiffies + extra_jiffies;
+		add_timer(&trig->timeout);
+	}
+
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static void __del_trigger(struct ipt_trigger *trig)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	MUST_BE_WRITE_LOCKED(&nf_trigger_lock);
+
+	/* delete from 'ipt_trigger_list' */
+	list_del(&trig->list);
+	kfree(trig);
+}
+
+static void trigger_timeout(struct timer_list *t)
+{
+	struct ipt_trigger *trig = from_timer(trig, t, timeout);
+
+	DEBUGP("trigger list %p timed out\n", trig);
+	LOCK_BH(&nf_trigger_lock);
+	__del_trigger(trig);
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static unsigned int
+add_new_trigger(struct ipt_trigger *trig)
+{
+	struct ipt_trigger *new = NULL;
+
+	DEBUGP("!!!!!!!!!!!! %s !!!!!!!!!!!\n", __FUNCTION__);
+
+	LOCK_BH(&nf_trigger_lock);
+	new = (struct ipt_trigger *)
+		kmalloc(sizeof(struct ipt_trigger), GFP_ATOMIC);
+
+	if (!new) {
+		UNLOCK_BH(&nf_trigger_lock);
+		DEBUGP("%s: OOM allocating trigger list\n", __FUNCTION__);
+		return -ENOMEM;
+	}
+
+	memset(new, 0, sizeof(*trig));
+	INIT_LIST_HEAD(&new->list);
+	memcpy(new, trig, sizeof(*trig));
+
+	/* add to global table of trigger */
+	list_prepend(&ipt_trigger_list, &new->list);
+
+	/* add and start timer if required */
+	timer_setup(&new->timeout, trigger_timeout, 0);
+	mod_timer(&new->timeout, jiffies + (trig->trigger_timeout * HZ));
+
+	UNLOCK_BH(&nf_trigger_lock);
+
+	return 0;
+}
+
+/*
+ *      Service-Name    OutBound        InBound
+ * 1.   TMD             UDP:1000        TCP/UDP:2000..2010
+ * 2.   WOKAO           UDP:1000        TCP/UDP:3000..3010
+ * 3.   net2phone-1     UDP:6801        TCP:30000..30000
+ * 4.   net2phone-2     UDP:6801        UDP:30000..30000
+ *
+ * For supporting to use the same outgoing port to trigger different port rules,
+ * it should check the inbound protocol and port range value. If all conditions
+ * are matched, it is a same trigger item, else it needs to create a new one.
+ */
+static inline int trigger_out_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport, const struct ipt_trigger_info *info)
+{
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, mproto= %d, mport[0..1]=%d, %d, ", __FUNCTION__,
+			i->mproto, i->ports.mport[0], i->ports.mport[1]);
+	DEBUGP("rproto= %d, rport[0..1]=%d, %d.\n",
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	return ((i->mproto == proto) &&
+			(i->ports.mport[0] <= dport)  &&
+			(i->ports.mport[1] >= dport) &&
+			(i->rproto == info->proto) &&
+			(i->ports.rport[0] == info->ports.rport[0]) &&
+			(i->ports.rport[1] == info->ports.rport[1]));
+}
+
+static unsigned int
+trigger_out(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger trig, *found;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	struct tcphdr *tcph = (struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	/* Check if the trigger range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_out_matched,
+			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest), info);
+
+
+	if (found) {
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		/* In order to allow multiple hosts use the same port range, we update
+		   the 'saddr' after previous trigger has a reply connection. */
+		if (found->reply)
+			found->srcip = ip6h->saddr;
+	}
+	else {
+		/* Create new trigger */
+		memset(&trig, 0, sizeof(trig));
+		memcpy(&trig.srcip, &ip6h->saddr, sizeof(trig.srcip));
+		trig.mproto = ip6h->nexthdr;
+		trig.rproto = info->proto;
+		trig.trigger_timeout = info->trigger_timeout;
+		memcpy(&trig.ports, &info->ports, sizeof(struct ipt_trigger_ports));
+		add_new_trigger(&trig); /* Add the new 'trig' to list 'ipt_trigger_list'. */
+	}
+
+	return IPT_CONTINUE;        /* We don't block any packet. */
+}
+
+static inline int trigger_in_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport)
+{
+	u_int16_t rproto = i->rproto;
+
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, rproto= %d, rport[0..1]=%d, %d.\n", __FUNCTION__,
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	if (!rproto)
+		rproto = proto;
+
+	return ((rproto == proto) && (i->ports.rport[0] <= dport)
+			&& (i->ports.rport[1] >= dport));
+}
+
+static unsigned int
+trigger_in(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger *found;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	struct tcphdr *tcph =(struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest));
+	if (found) {
+		DEBUGP("############# %s ############\n", __FUNCTION__);
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		return NF_ACCEPT;       /* Accept it, or the imcoming packet could be
+					   dropped in the FORWARD chain */
+	}
+
+	return IPT_CONTINUE;        /* Our job is the interception. */
+}
+
+static unsigned int
+trigger_dnat(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	struct ipt_trigger *found = NULL;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	struct tcphdr *tcph =(struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
+	struct nf_conn *ct = NULL;
+	enum ip_conntrack_info ctinfo;
+	struct nf_nat_range2 newrange;
+
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest));
+
+	if (!found)
+		return IPT_CONTINUE;    /* We don't block any packet. */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	found->reply = 1;   /* Confirm there has been a reply connection. */
+	ct = nf_ct_get(skb, &ctinfo);
+
+	DEBUGP("%s: got ", __FUNCTION__);
+
+
+	/* Alter the destination of imcoming packet. */
+	/* Transfer from original range. */
+	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
+	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
+	memset(&newrange.min_proto, 0, sizeof(newrange.min_proto));
+	memset(&newrange.max_proto, 0, sizeof(newrange.max_proto));
+	newrange.flags	     = NF_NAT_RANGE_MAP_IPS;
+	memcpy(&newrange.min_addr.ip, &found->srcip, sizeof(newrange.min_addr.ip));
+	memcpy(&newrange.max_addr.ip, &found->srcip, sizeof(newrange.max_addr.ip));
+	DEBUGP("%s: found->srcip = %x\n", __FUNCTION__,  found->srcip);
+
+	/* Hand modified range to generic setup. */
+	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
+}
+
+static unsigned int
+trigger_target(struct sk_buff *skb,
+			       const struct xt_action_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	unsigned int hooknum = xt_hooknum(par);
+
+	DEBUGP("%s: type = %s\n", __FUNCTION__,
+			(info->type == IPT_TRIGGER_DNAT) ? "dnat" :
+			(info->type == IPT_TRIGGER_IN) ? "in" : "out");
+
+	/* The Port-trigger only supports TCP and UDP. */
+	if ((ip6h->nexthdr != IPPROTO_TCP) && (ip6h->nexthdr != IPPROTO_UDP))
+		return IPT_CONTINUE;
+
+	if (info->type == IPT_TRIGGER_OUT)
+		return trigger_out(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_IN)
+		return trigger_in(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_DNAT)
+		return trigger_dnat(skb, hooknum, info);
+
+	return IPT_CONTINUE;
+}
+static int
+trigger_check(const struct xt_tgchk_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+
+	if ((strcmp(par->table, "mangle") == 0)) {
+		DEBUGP("trigger_check: bad table `%s'.\n", par->table);
+		return -EINVAL;
+	}
+	if (par->hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_FORWARD))) {
+		DEBUGP("trigger_check: bad hooks %x.\n", par->hook_mask);
+		return -EINVAL;
+	}
+
+	if (info->proto) {
+		if (info->proto != IPPROTO_TCP && info->proto != IPPROTO_UDP) {
+			DEBUGP("trigger_check: bad proto %d.\n", info->proto);
+			return -EINVAL;
+		}
+	}
+	if (info->type == IPT_TRIGGER_OUT) {
+		if (!info->ports.mport[0] || !info->ports.rport[0]) {
+			DEBUGP("trigger_check: Try 'iptbles -j TRIGGER -h' for help.\n");
+			return -EINVAL;
+		}
+	}
+
+	return 0;
+}
+
+
+static struct xt_target redirect_reg = {
+        .name           = "TRIGGER",
+        .family         = NFPROTO_IPV6,
+        .target         = trigger_target,
+        .targetsize     = sizeof(struct ipt_trigger_info),
+        .checkentry     = trigger_check,
+        .me             = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+	return xt_register_target(&redirect_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(&redirect_reg);
+}
+
+module_init(init);
+module_exit(fini);

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.0
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f22959b107a8bf443d04d6261d00074b5514dfe8
+PKG_SOURCE_VERSION:=1f82436531d4bb094b0b74e99613e0dfc84eada3
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libethernet/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libethernet
-PKG_VERSION:=7.2.107
+PKG_VERSION:=7.2.108
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=9c0e9ecd62b79d4e89b4f013f04124870d237395
+PKG_SOURCE_VERSION:=df0181ae4e8391901a8005ffa17ff28fbce8ec64
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libethernet.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libvoice-broadcom/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-broadcom
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.9
+PKG_VERSION:=1.0.10
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=3a8d0954ca351a1f8f669dc2f3d294409b90f091
+PKG_SOURCE_VERSION:=059574b5036c840df97feecdace141e59210acc2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-d2/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-d2
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.3
+PKG_VERSION:=1.1.6
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=7c8a29771632c2fe819bf78700517c8a76d0a4ba
+PKG_SOURCE_VERSION:=054cbe19186dbc3682f6977e7856cdac1226f17a
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.4.28
+PKG_VERSION:=7.4.50
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=22faa4758aadee1017584453444c79a9b6c3d5bf
+PKG_SOURCE_VERSION:=665fd6fd51d2676b4384938e695157f9a2e937b4
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=4.5.1.6
+PKG_VERSION:=4.6.0.0
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=14be500afdb800acdc7072916c99296f07435841
+PKG_SOURCE_VERSION:=34314514affb47a11b85d4cfe30211fa7a94abff
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/etc/config/mapagent

@@ -3,11 +3,10 @@ config agent 'agent'
 	option debug '0'
 	option profile '3'
 	option al_bridge 'br-lan'
-	option netdev 'wlan'
 	option island_prevention '0'
 	option eth_onboards_wifi_bhs '1'
 	option scan_on_boot_only '0'
-	option chan_ch_relay_mcast '1'
+	option chan_ch_relay_mcast '0'
 	option guest_isolation '1'
 	list map_port 'all'
 #	option controller_macaddr '0a:1b:2c:3d:4e:50'

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -1,17 +1,19 @@
 #!/bin/sh
 
-. /lib/network/utils.sh
-
 conn_ports_file="/var/run/multiap/map.connected.ports"
 map_bh_file="/var/run/multiap/multiap.backhaul"
+
+# Exit if AL Bridge is not configured to be a bridge device
 al_bridge="$(uci -q get mapagent.agent.al_bridge)"
 [ "${al_bridge:0:3}" = "br-" ] || exit 0
-al_brnet="${al_bridge:3}"
 
 # Exit if the PORT is not member of the AL Bridge
-[ "$(get_network_of $PORT)" = "$al_brnet" ] || exit 0
+port_bridge_sec="$(uci show network | grep -w $PORT | grep '\.ports' | cut -d'.' -f2)"
+port_bridge_name="$(uci -q get network.$port_bridge_sec.name)"
+[ "$port_bridge_name" = "$al_bridge" ] || exit 0
 
 # Exit if the device is not operating in extender/repeater mode
+al_brnet="${al_bridge:3}"
 [ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ] || exit 0
 
 ############## Dynamic Backhaul Daemon ##############
@@ -45,7 +47,7 @@ fi
 ########################################################
 
 ################ Dedicated ETH WAN Port ################
-wanport="$(db -q get hw.board.ethernetWanPort)"
+wanport="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
 if [ -n "$wanport" ]; then
 	[ "$wanport" = "$PORT" ] || exit 0
 ########################################################
@@ -69,7 +71,7 @@ fi
 
 remove_from_bridge() {
 	config_get ifname "$section" ifname
-	[ -n "$ifname" ] && ubus call network.interface.${al_brnet} remove_device '{"name":"$ifname"}'
+	[ -n "$ifname" ] && brctl delif ${al_bridge} ${ifname}
 }
 
 update_bstas() {

map-agent/files/lib/multiap/map_genconfig

@@ -159,12 +159,6 @@ map_genconf () {
 		if ! uci show wireless | grep -q "mode=.*sta"; then
 			generate_wireless_sta_config=1
 
-			if is_broadcom; then
-				for section in $(uci show wireless | grep wifi-device | cut -d'.' -f2 | cut -d'=' -f1); do
-					uci -q set wireless.$section.apsta="1"
-				done
-			fi
-
 			for section in $(uci show wireless | grep "mode=.*ap" | cut -d'.' -f2); do
 				uci delete wireless.$section
 			done

map-controller/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=4.6.0.3
+PKG_VERSION:=4.7.0.0
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=e15b3252bb25b29f6127f01428dc157b3272180c
+PKG_SOURCE_VERSION:=cf047cf3b9b545f36a8e4c4e32da784253fb0853
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 LOCAL_DEV=0

mcastmngr/files/broadcom/lib/mcast/broadcom.sh

@@ -11,7 +11,7 @@ CONFFILE=/var/mcpd.conf
 PROG_EXE=/usr/sbin/mcpd
 
 proxdevs=""
-ethwan="$(db -q get hw.board.ethernetWanPort)"
+ethwan="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
 
 
 config_snooping_common_params() {

mcastmngr/files/common/lib/mcast/common.sh

@@ -62,7 +62,7 @@ read_snooping() {
 	local proto
 
 	config_get sec_enable "$config" enable 0
-	config_get proto "$config" proto
+	config_get proto "$config" proto "igmp"
 
 	if [ "$sec_enable" == "0" ]; then
 		return
@@ -103,7 +103,7 @@ read_proxy() {
 	local proto
 
 	config_get sec_enable "$config" enable 0
-	config_get proto "$config" proto
+	config_get proto "$config" proto "igmp"
 
 	if [ "$sec_enable" == "0" ]; then
 		return

mcastmngr/files/linux/lib/mcast/linux.sh

@@ -46,9 +46,6 @@ device_has_ip() {
 	# Read the openwrt interface for the device.
 	# Device can have multiple logical interfaces like wan and wan6
 	# but same l3 device
-	# NB. Don't use 'get_network_of' here.
-	# This function fails in some uci configurations for interfaces that refer
-	# to a device indirectly.
 	local ifaces=$(ubus call network.interface dump | jsonfilter -e "@.interface[@.device='$device'].interface")
 	for iface in $ifaces; do
 		local ip=
@@ -302,7 +299,12 @@ config_mcproxy_instance() {
 	# for snooping to work we should enable it on the bridge, doing it from
 	# here instead of from inside network config
 	if [ "$downstreams" != "$snooping_bridges" ]; then
-		config_sysfs_mcast_snooping "$downstreams" 1
+		if [ "$mcast_mode" == "0" ]; then
+			config_sysfs_mcast_snooping "$downstreams" 0
+		else
+			config_sysfs_mcast_snooping "$downstreams" 1
+		fi
+
 		[ -n $fast_leave ] &&
 			config_sysfs_mcast_fastleave "$downstreams" "$fast_leave"
 		config_sysfs_mcast_flood "$downstreams" "$mcast_mode"

netmode/files/etc/uci-defaults/netmode.l2mode

@@ -98,6 +98,10 @@ l2_network_config() {
 	# Update CWMP Agent WAN Interface
 	uci -q set cwmp.cpe.default_wan_interface="lan"
 	uci -q commit cwmp
+
+	# disable firewall
+	uci -q set firewall.globals.enabled="0"
+	uci -q commit firewall
 }
 
 network_mode="$(fw_printenv -n netmode 2>/dev/null)"

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=7.0.5.12
+PKG_VERSION:=7.0.5.19
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=a8fadc3b497fe8c97f6a93d5dbf5cd4a41caca73
+PKG_SOURCE_VERSION:=83e4608de2dd316efbe336b93dab90aa47a2b4a6
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,7 +32,7 @@ define Package/obuspa
   SUBMENU:=TRx69
   TITLE:=USP agent
   MENU:=1
-  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl
+  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates
 endef
 
 define Package/obuspa/description

obuspa/files/etc/config/obuspa

@@ -2,12 +2,12 @@ config obuspa 'global'
 	option enabled '1'
 	option debug '1'
 	option dhcp_discovery '1'
-	option log_level '2'
+	option log_level '1'
 	option prototrace '0'
 	option db_file '/etc/obuspa/usp.db'
 	option role_file '/etc/obuspa/roles.json'
 	option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'
-	#option trust_cert '/etc/obuspa/rootCA.pem'
+	option trust_cert '/etc/ssl/cert.pem'
 	#option client_cert '/etc/obuspa/client.pem'
 	#option log_dest '/tmp/obuspa.log'
 

obuspa/files/etc/obuspa/roles.json

@@ -260,6 +260,23 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
+        {
+          "object":"Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
         {
           "object":"Device.NAT.",
           "perm": [
@@ -581,8 +598,7 @@
         {
           "object": "Device.",
           "perm": [
-            "PERMIT_NONE",
-            "PERMIT_SUBS_EVT_OPER_COMP"
+            "PERMIT_NONE"
           ]
         },
         {
@@ -595,66 +611,6 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
-        {
-          "object":"Device.Time.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.UPnP.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Bridging.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Ethernet.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.DHCPv4.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.DHCPv6.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
         {
           "object":"Device.Hosts.",
           "perm": [
@@ -665,37 +621,6 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
-        {
-          "object":"Device.NAT.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.PPP.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Routing.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
         {
           "object":"Device.IEEE1905.",
           "perm": [
@@ -706,16 +631,6 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
-        {
-          "object":"Device.InterfaceStack.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
         {
           "object":"Device.DynamicDNS.",
           "perm": [
@@ -726,56 +641,6 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
-        {
-          "object":"Device.LANConfigSecurity.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Security.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.RouterAdvertisement.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Services.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.UserInterface.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
         {
           "object":"Device.PeriodicStatistics.",
           "perm": [
@@ -812,30 +677,16 @@
           ]
         },
         {
-          "object": "Device.DNS.",
+          "object": "Device.WiFi.AccessPoint.{i}.WPS.InitiateWPSPBC()",
           "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
             "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
         {
-          "object": "Device.IP.",
+          "object": "Device.WiFi.DataElements.Network.SetSSID()",
           "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
             "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         }

obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user

@@ -8,6 +8,11 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
 
+log()
+{
+	echo "$*"|logger -t obuspa.dhcp -p debug
+}
+
 get_oui_from_db() {
 	db -q get device.deviceinfo.ManufacturerOUI
 }
@@ -309,6 +314,7 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	fi
 
 	if [ ${uci_change} -eq 1 ]; then
+		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi
 fi

obuspa/patches/0003-set-internal-role-fix.patch

@@ -59,7 +59,7 @@
 +**************************************************************************/
 +void SetControllerDummyID()
 +{
-+    cur_msg_controller_info.endpoint_id = "";
++    cur_msg_controller_info.endpoint_id = "CLI_Utility";
 +}
 +
 +/*********************************************************************//**

periodicstats/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=periodicstats
-PKG_VERSION:=1.5.3
+PKG_VERSION:=1.5.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)

periodicstats/files/etc/bbfdm/micro_services/periodicstats.json

@@ -1,15 +1,17 @@
 {
 	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
 		"input": {
 			"type": "DotSo",
 			"name": "/etc/periodicstats/libperiodicstats.so"
 		},
 		"output": {
 			"type": "UBUS",
-			"name": "bbfdm.periodicstats",
 			"parent_dm": "Device.",
 			"object": "PeriodicStatistics",
 			"root_obj": "bbfdm"
 		}
 	}
-}
+}

periodicstats/files/etc/init.d/periodicstats

@@ -3,11 +3,8 @@
 START=61
 STOP=01
 
-. /etc/bbfdm/bbfdm_services.sh
-
 USE_PROCD=1
 PROG="/usr/sbin/periodicstatsd"
-PERIODICSTATS_JSON_INPUT="/etc/periodicstats/input.json"
 
 start_service() {
 	local enable
@@ -15,8 +12,6 @@ start_service() {
 	config_load periodicstats
 	config_get_bool enable globals enable 1
 	
-	bbfdm_add_service "bbfdm.periodicstats" "${PERIODICSTATS_JSON_INPUT}"
-
 	if [ "${enable}" -ne "1" ]; then
 		return 0;
 	fi

ponmngr/files/airoha/lib/xpon/airoha.sh

@@ -3,50 +3,54 @@
 . /lib/functions.sh
 
 set_serial_number() {
-	vendor_id=$1
-	vssn=$2
+	local vendor_id="$1"
+	local vssn="$2"
 
 	# Vendor id is not taken from serial automatically, propagate it as well
-	/userfs/bin/omcicfgCmd set vendorId ${vendor_id}
-	/userfs/bin/omcicfgCmd set sn ${vendor_id}${vssn}
+	/userfs/bin/omcicfgCmd set vendorId "${vendor_id}"
+	/userfs/bin/omcicfgCmd set sn "${vendor_id}${vssn}"
 }
 
 set_equipment_id() {
-	local eqid=$1
-	local eq_id_default="KE2.119.241R2B"
+	local eqid="$1"
 
-	if [ -z "$eqid"  ]; then
+	if [ -z "${eqid}" ]; then
 		return
 	fi
 
-	if [ "$eqid" = "$eq_id_default" ]; then
-		return
-	fi
-
-        /userfs/bin/omcicfgCmd set equipmentId ${eqid}
+	/userfs/bin/omcicfgCmd set equipmentId "${eqid}"
 }
 
 set_loid_authentication() {
-	local loid=$1
-	local loid_pwd=$2
+	local loid="$1"
+	local loid_pwd="$2"
 
-	[ -z "$loid" ] && return
+	[ -z "${loid}" ] && return
 
-	/userfs/bin/omcicfgCmd set loid ${loid}
+	/userfs/bin/omcicfgCmd set loid "${loid}"
 
-	if [ -n "$loid_pwd" ]; then
-		/userfs/bin/omcicfgCmd set loid_password ${loid_pwd}
+	if [ -n "${loid_pwd}" ]; then
+		/userfs/bin/omcicfgCmd set loidPasswd "${loid_pwd}"
 	fi
 }
 
+set_onu_version() {
+	local onu_version="$1"
+
+	[ -z "${onu_version}" ] && return
+
+	/userfs/bin/omcicfgCmd set onuVersion "${onu_version}"
+}
+
 apply_xpon_uci_config() {
 	configure_loid_authentication
 	configure_equipment_id
+	configure_onu_version
 }
 
 init_xpon() {
 	# don't start pon daemons if xpon module is not loaded
-	[ -d /sys/module/xpon ] || return
+	[ -d /sys/module/xpon -o -d /sys/module/xpon_10g ] || return
 
 	procd_open_instance ponmgr_cfg
 	procd_set_param command /userfs/bin/ponmgr_cfg

ponmngr/files/broadcom/lib/xpon/broadcom.sh

@@ -3,39 +3,49 @@
 . /lib/functions.sh
 
 set_serial_number() {
-	vendor_id=$1
-	vssn=$2
+	local vendor_id="$1"
+	local vssn="$2"
 
-	vendor_id="$(echo $vendor_id | hexdump -e '4/1 "%02X" "\n"')"
-	vendor_id=${vendor_id:0:8}
+	vendor_id="$(echo "${vendor_id}" | hexdump -e '4/1 "%02X" "\n"')"
+	vendor_id="${vendor_id:0:8}"
 
 	bs /b/c gpon onu_sn={vendor_id=$vendor_id,vendor_specific=$vssn}
 }
 
 set_equipment_id() {
-	equipment_id=$1
+	local equipment_id="$1"
 	[ -z "$equipment_id" ] && return
 
-	json_add_string "equipment_id" $equipment_id
+	json_add_string "equipment_id" "$equipment_id"
 }
 
 set_loid_authentication() {
-	loid=$1
-	loid_password=$2
+	local loid="$1"
+	local loid_password="$2"
+
 	[ -z "$loid" ] && return
 
-	json_add_string "loid" $loid
-	json_add_string "loid_password" $loid_password
+	json_add_string "loid" "$loid"
+	json_add_string "loid_password" "$loid_password"
+}
+
+set_onu_version() {
+	local onu_version="$1"
+	[ -z "${onu_version}" ] && return
+
+	json_add_string "onu_version" "${onu_version}"
 }
 
 apply_xpon_uci_config() {
+	local sn
 
 	json_init
 	json_add_object 'ani'
 	sn="$(uci -q get xpon.ani.serial_number)"
-	json_add_string "serial_number" $sn
+	json_add_string "serial_number" "$sn"
 	configure_loid_authentication
 	configure_equipment_id
+	configure_onu_version
 	json_close_object
 	json_dump > /tmp/xpon.json
 }

ponmngr/files/common/etc/init.d/xpon

@@ -11,21 +11,21 @@ include /lib/xpon
 configure_serial_number() {
 	# serial number generation is taken care in the uci defaults, so if
 	# serial number is not found here its a misconfig
-	serial_number="$(uci -q get xpon.ani.serial_number)"
+	local serial_number="$(uci -q get xpon.ani.serial_number)"
 	if [ ${#serial_number} -eq 12 ]; then
-		vendor_id="${serial_number:0:4}"
-		vssn="${serial_number:4:8}"
+		local vendor_id="${serial_number:0:4}"
+		local vssn="${serial_number:4:8}"
 	else
-		logger -s -t "xpon" "Serial number not found in uci, ont will probably not be registered at the olt"
-		logger -s -t "xpon" "Please configure a valid serial number"
+		logger -s -t "xpon" "Serial number not found in UCI, ONT will probably not be registered at the OLT."
+		logger -s -t "xpon" "Please configure a valid serial number."
 		return
 	fi
 
-	set_serial_number $vendor_id $vssn
+	set_serial_number "${vendor_id}" "${vssn}"
 }
 
 start_service() {
-	if [ "$(uci -q get xpon.ani.enable)" == "1" ]; then
+	if [ "$(uci -q get xpon.ani.enable)" = "1" ]; then
 		configure_serial_number
 		apply_xpon_uci_config
 		init_xpon

ponmngr/files/common/etc/uci-defaults/60-xpon-generate

@@ -3,14 +3,15 @@
 
 configure_serial_number() {
 	# check if serial number is present in the production data
-	production_sn="$(fw_printenv -n gponsn)"
+	local production_sn="$(fw_printenv -n gponsn)"
 	if [ ${#production_sn} -eq 12 ]; then
-		uci set xpon.ani.serial_number=$production_sn
+		uci set xpon.ani.serial_number="${production_sn}"
 	else
-		macaddr="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
-		vendor_id="IOPS"
-		vssn="${macaddr:4:8}"
-		uci set xpon.ani.serial_number=$vendor_id$vssn
+		local macaddr="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
+		local vendor_id="IOPS"
+		local vssn="${macaddr:4:8}"
+
+		uci set xpon.ani.serial_number="${vendor_id}${vssn}"
 	fi
 }
 
@@ -18,37 +19,38 @@ configure_loid_authentication() {
 	local production_loid
 	local production_loidpwd
 
-	loid="$(uci -q get xpon.ani.loid)"
-	loidpwd="$(uci -q get xpon.ani.loid_password)"
-        if [ -z $loid ]; then
+	local loid="$(uci -q get xpon.ani.loid)"
+	local loidpwd="$(uci -q get xpon.ani.loid_password)"
+
+	if [ -z "${loid}" ]; then
 		production_loid="$(fw_printenv -n gponloid)"
 	fi
-	if [ -z $loidpwd ]; then
+	if [ -z "${loidpwd}" ]; then
 		production_loidpwd="$(fw_printenv -n gponloid_password)"
 	fi
 
-	if [ -n $production_loid ]; then
-		uci set xpon.ani.loid=$production_loid
+	if [ -n "${production_loid}" ]; then
+		uci set xpon.ani.loid="${production_loid}"
 	fi
-	if [ -n $production_loidpwd ]; then
-		uci set xpon.ani.loid_password=$production_loidpwd
+	if [ -n "${production_loidpwd}" ]; then
+		uci set xpon.ani.loid_password="${production_loidpwd}"
 	fi
 
 }
 
 if [ -s "/etc/config/xpon" ]; then
-        if uci -q get xpon.ani >/dev/null; then
-                # generate serial number in case its not present and return
-		serial_number="$(uci -q get xpon.ani.serial_number)"
-		if [ ${#serial_number} -ne 12 ]; then
+	if uci -q get xpon.ani >/dev/null; then
+		# generate serial number in case its not present and return
+		SERIAL_NUMBER="$(uci -q get xpon.ani.serial_number)"
+		if [ ${#SERIAL_NUMBER} -ne 12 ]; then
 			configure_serial_number
 		fi
 		configure_loid_authentication
-                exit                                  
-        else                                          
-                rm -f /etc/config/xpon
-        fi                           
-fi                                   
+		exit
+	else
+		rm -f /etc/config/xpon
+	fi
+fi
 touch /etc/config/xpon
 
 uci set xpon.ani=ani

ponmngr/files/common/lib/xpon/get_uci_config.sh

@@ -1,13 +1,20 @@
 #!/bin/sh
 
-configure_equipment_id() {                                                      
-        eqid="$(uci -q get xpon.ani.equipment_id)"                              
-        set_equipment_id $eqid                                                  
-}                                                                               
-                                                                                
-configure_loid_authentication() {                                               
-        loid="$(uci -q get xpon.ani.loid)"                                      
-        loid_pwd="$(uci -q get xpon.ani.loid_password)"                         
-        set_loid_authentication $loid $loid_pwd                                 
+configure_equipment_id() {
+	local eqid="$(uci -q get xpon.ani.equipment_id)"
+
+	set_equipment_id "${eqid}"
 }
 
+configure_loid_authentication() {
+	local loid="$(uci -q get xpon.ani.loid)"
+	local loid_pwd="$(uci -q get xpon.ani.loid_password)"
+
+	set_loid_authentication "${loid}" "${loid_pwd}"
+}
+
+configure_onu_version() {
+	local onu_version="$(uci -q get xpon.ani.onu_version)"
+
+	set_onu_version "${onu_version}"
+}

port-trigger/Makefile

@@ -0,0 +1,55 @@
+#
+# Copyright (C) 2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=port-trigger
+PKG_VERSION:=1.0.0
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/port-trigger.git
+PKG_SOURCE_VERSION:=715fa689e5c22721d8ccd9d4e1cbe290caca3662
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/port-trigger
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Port Trigger Daemon
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +kmod-ipt-trigger +kmod-ip6t-trigger +iptables-mod-nfqueue
+endef
+
+define Package/port-trigger/description
+	Manage port trigger
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+        $(CP) -rf ./port-trigger/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/port-trigger/install
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/lib/port-trigger
+	$(CP) ./files/* $(1)/
+                                                                                
+	$(INSTALL_BIN) ./files/etc/init.d/port-trigger $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/config/port-trigger $(1)/etc/config/
+	$(INSTALL_DATA) ./files/lib/port-trigger/port_trigger.sh $(1)/lib/port-trigger/
+	$(call BbfdmInstallPluginInMicroservice, $(1)/etc/port-trigger,$(PKG_BUILD_DIR)/bbf_plugin/libporttrigger.so)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bbfdm/micro_services/port-trigger.json)
+endef
+
+$(eval $(call BuildPackage,port-trigger))

port-trigger/files/etc/bbfdm/micro_services/port-trigger.json

@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/port-trigger/libporttrigger.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.NAT.",
+			"object": "PortTrigger",
+			"root_obj": "bbfdm"
+		}
+	}
+}

port-trigger/files/etc/config/port-trigger

@@ -0,0 +1 @@
+#port trigger uci file

port-trigger/files/etc/init.d/port-trigger

@@ -0,0 +1,21 @@
+#!/bin/sh /etc/rc.common
+
+START=65
+STOP=20
+USE_PROCD=1
+
+. /lib/port-trigger/port_trigger.sh
+
+start_service() {
+	port_trigger_handling
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger firewall
+	procd_add_reload_trigger port-trigger
+}
+
+reload_service() {
+	start
+}

port-trigger/files/lib/port-trigger/port_trigger.sh

@@ -0,0 +1,157 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+process_port_trigger() {
+	local rule_id="$1"
+	local is_enabled=""
+	local duration=""
+	local trigger_dport=""
+	local trigger_dport_end=""
+	local protocol=""
+	local interface=""
+	local open_dport=""
+	local open_dport_end=""
+	local open_protocol=""
+	local ptg_id=""
+	local IP_RULE=""
+	local IP6_RULE=""
+	local IP_RULE_FWD=""
+
+	get_port_trigger() {
+		local ptg_name
+		config_get ptg_name "$1" "name"
+		if [ "$ptg_name" == "$2" ]; then
+			ptg_id="$1"
+			return
+		fi
+	}
+
+	ptg_id=""
+	config_get name "$rule_id" "port_trigger"
+	config_foreach get_port_trigger  "port_trigger" "$name"
+	[ -z "$ptg_id" ] && return
+
+	is_enabled=$(uci -q get port-trigger."$ptg_id".enable)
+
+	if [ -z "$is_enabled" ] || [ "$is_enabled" = "0" ]; then
+		return
+	fi
+
+	protocol=$(uci -q get port-trigger."$ptg_id".protocol)
+	[ -z "$protocol" ] && return
+
+	if [ "$protocol" = "UDP" ] || [ "$protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -p udp"
+		IP6_RULE="$IP6_RULE -p udp"
+		IP_RULE_FWD="$IP_RULE_FWD -p udp"
+	elif [ "$protocol" = "TCP" ] || [ "$protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -p tcp"
+		IP6_RULE="$IP6_RULE -p tcp"
+		IP_RULE_FWD="$IP_RULE_FWD -p tcp"
+	else
+		return
+	fi
+
+	trigger_dport=$(uci -q get port-trigger."$ptg_id".port)
+	[ -z "$trigger_dport" ] && return
+	IP_RULE="$IP_RULE --dport $trigger_dport"
+	IP6_RULE="$IP6_RULE --dport $trigger_dport"
+
+	trigger_dport_end=$(uci -q get port-trigger."$ptg_id".end_port_range)
+	if [ -n "$trigger_dport_end" ]; then
+		IP_RULE="$IP_RULE:$trigger_dport"
+		IP6_RULE="$IP6_RULE:$trigger_dport"
+	fi
+
+	config_get open_protocol "$rule_id" "protocol"
+	if [ "$open_protocol" = "UDP" ] || [ "$open_protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
+		IP6_RULE="$IP6_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
+	elif [ "$open_protocol" = "TCP" ] || [ "$open_protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
+		IP6_RULE="$IP6_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
+	else
+		return
+	fi
+
+	config_get open_dport "$rule_id" "port"
+	[ -z "$open_dport" ] && return
+	IP_RULE="$IP_RULE --trigger-match $open_dport"
+	IP6_RULE="$IP6_RULE --trigger-match $open_dport"
+	IP_RULE_FWD="$IP_RULE_FWD --dport $open_dport"
+
+	config_get open_dport_end "$rule_id" "end_port_range"
+	if [ -z "$open_dport_end" ]; then
+		IP_RULE="$IP_RULE --trigger-relate $open_dport"
+		IP6_RULE="$IP6_RULE --trigger-relate $open_dport"
+	else
+		IP_RULE="$IP_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
+		IP6_RULE="$IP6_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
+		IP_RULE_FWD="$IP_RULE_FWD:$open_dport_end"
+	fi
+
+	duration=$(uci -q get port-trigger."$ptg_id".auto_disable_duration)
+        if [ -n "$duration" ]; then
+                IP_RULE="$IP_RULE --trigger-timeout $duration"
+                IP6_RULE="$IP6_RULE --trigger-timeout $duration"
+        fi
+
+	interface=$(uci -q get port-trigger."$ptg_id".src)
+	[ -z "$interface" ] && return
+	device=$(uci -q get network.$interface.device)
+       	IP_RULE_1="iptables -w -t nat -A prerouting_porttrigger -i $device $IP_RULE"
+       	echo "$IP_RULE_1">>/tmp/port_trigger_iptables
+
+       	IP_RULE_1="ip6tables -w -t nat -A prerouting_porttrigger -i $device $IP6_RULE"
+       	echo "$IP_RULE_1">>/tmp/port_trigger_ip6tables
+
+        if [ -n "$duration" ]; then
+		echo "iptables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in --trigger-timeout $duration">>/tmp/port_trigger_iptables
+		echo "ip6tables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in --trigger-timeout $duration">>/tmp/port_trigger_ip6tables
+
+		echo "iptables -w -t nat -A prerouting_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type dnat --trigger-timeout $duration">>/tmp/port_trigger_iptables
+	else
+		echo "iptables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in">>/tmp/port_trigger_iptables
+		echo "ip6tables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in">>/tmp/port_trigger_ip6tables
+
+		echo "iptables -w -t nat -A prerouting_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type dnat">>/tmp/port_trigger_iptables
+	fi
+}
+
+port_trigger_handling() {
+	rm /tmp/port_trigger_iptables 2> /dev/null
+	rm /tmp/port_trigger_ip6tables 2> /dev/null
+	touch /tmp/port_trigger_iptables
+	touch /tmp/port_trigger_ip6tables
+
+	echo "iptables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t nat -F prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "ip6tables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	echo "ip6tables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+
+	echo "iptables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	ret=$?
+	[ $ret -eq 0 ] && echo "iptables -w -t nat -I PREROUTING -j prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t filter -N forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	ret=$?
+	[ $ret -eq 0 ] && echo "iptables -w -t filter -I forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t nat -N prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	ret=$?
+	[ $ret -eq 0 ] && echo "iptables -w -t nat -I prerouting_wan_rule -j prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+
+	echo "ip6tables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	ret=$?
+	[ $ret -eq 0 ] && echo "ip6tables -w -t nat -I PREROUTING -j prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	echo "ip6tables -w -t filter -N forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	ret=$?
+	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+
+	# Load /etc/config/port-trigger UCI file
+	config_load port-trigger
+	config_foreach process_port_trigger rule
+
+	sh /tmp/port_trigger_iptables
+	sh /tmp/port_trigger_ip6tables
+}

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -42,7 +42,7 @@ hw_queue_set() {
     local rate="$7"
     local burstsize="$8"
     local index="$((order - 1))"
-    local ethwan="$(db -q get hw.board.ethernetWanPort)"
+    local ethwan="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
 
     #if [ "${ifname}" != "${ethwan}" ] ; then
     #   return 2

qosmngr/files/airoha/lib/qos/policer.sh

@@ -101,7 +101,7 @@ handle_policer() {
 
 # Configure policer based on UCI subtree 'qos.policer'
 configure_policer() {
-    for intf in $(db get hw.board.ethernetPortOrder); do
+    for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
         if [ -n "${intf}" ] ; then
             hw_policer_set_ingress_rate "$intf" 0 0
         fi
@@ -129,4 +129,4 @@ configure_policer() {
     config_load qos
     config_foreach handle_policer policer
     echo $POLICER_COUNT > /tmp/qos/max_policer_inst
-}
+}

qosmngr/files/airoha/lib/qos/queue.sh

@@ -8,7 +8,7 @@ pre_configure_queue() {
     # Delete queues
     hw_queue_init_all
 
-    for intf in $(db get hw.board.ethernetPortOrder); do
+    for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
         hw_intf_init "${intf}"
     done
 }

qosmngr/files/airoha/lib/qos/shaper.sh

@@ -35,7 +35,7 @@ handle_shaper() {
 # Configure shaper based on options saved to UCI tree 'qos.shaper'
 configure_shaper() {
     # Delete existing shaper
-    for intf in $(db get hw.board.ethernetPortOrder); do
+    for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
         hw_shaper_set "$intf" del
     done
 

qosmngr/files/broadcom/lib/qos/qos.sh

@@ -80,7 +80,7 @@ sort_q_by_precedence() {
 }
 
 sort_by_precedence() {
-	for interf in $(db -q get hw.board.ethernetPortOrder); do
+	for interf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		sort_q_by_precedence $interf
 	done
 }
@@ -335,7 +335,7 @@ handle_shaper() {
 assign_policer_to_port() {
 	local ifname="$1"
 	local pindex="$2"
-	local portorder="$(db -q get hw.board.ethernetPortOrder)"
+	local portorder="$(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs)"
 
 	for port in $portorder; do
 		if [ "$ifname" == "$port" ]; then
@@ -398,7 +398,7 @@ config_ingress_rate_limit() {
 	local ifname="$1"
 	local ingress_rate=$2
 	local in_burst_size=$3
-	local wanport="$(db -q get hw.board.ethernetWanPort)"
+	local wanport="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
 
 	# Unit in uci file is in bps while that accepted by ethswctl is kbits
 	if [ $ingress_rate -lt 1000 ]; then
@@ -421,7 +421,7 @@ config_ingress_rate_limit() {
 
 configure_shaper() {
 	# Delete existing shaper
-	for intf in $(db get hw.board.ethernetPortOrder); do
+	for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		tmctl setportshaper --devtype 0 --if $intf --shapingrate 0 --burstsize -1
 	done
 	# Load UCI file
@@ -432,7 +432,7 @@ configure_shaper() {
 
 pre_configure_queue() {
 	# Delete queues
-	for intf in $(db get hw.board.ethernetPortOrder); do
+	for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		rm -rf /tmp/qos/$intf
 
 		mkdir -p /tmp/qos/$intf
@@ -452,7 +452,7 @@ pre_configure_queue() {
 configure_queue_shaping_rate() {
 	# Load UCI file
 	config_load qos
-	for interf in $(db -q get hw.board.ethernetPortOrder); do
+	for interf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		Q_COUNT=0
 		config_foreach handle_queue_shapingrate queue $interf
 	done
@@ -463,7 +463,7 @@ configure_queue() {
 	config_load qos
 	config_foreach handle_q_order queue
 	sort_by_precedence
-	for interf in $(db -q get hw.board.ethernetPortOrder); do
+	for interf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		Q_COUNT=0
 		# sp queue have max priority value = no. of queue configured on the port
 		# hence read and update SP_Q_PRIO here
@@ -476,7 +476,7 @@ configure_queue() {
 configure_policer() {
 	# The policer object is not available on non BCM968* chips, just clean up
 	# the old config if any and return
-	for intf in $(db get hw.board.ethernetPortOrder); do
+	for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		local unitport="$(get_port_number $intf)"
 		local unit=$(echo $unitport | cut -d ' ' -f 1)
 		local port=$(echo $unitport | cut -d ' ' -f 2)

qosmngr/files/common/lib/qos/ebtables.sh

@@ -242,7 +242,7 @@ handle_ebtables_rules() {
     if [ "$all_interfaces" == "1" ]; then
 	is_l2_rule=1
     elif [ -n "$src_if" ]; then
-	for interf in $(db -q get hw.board.ethernetPortOrder); do
+	for interf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 	    if [ "$src_if" == "$interf" ]; then
 		src_if="$src_if+"
 		broute_filter_on_src_if "$src_if"

qosmngr/files/linux/lib/qos/qos.sh

@@ -82,7 +82,7 @@ sort_q_by_precedence() {
 }
 
 sort_by_precedence() {
-	for interf in $(db -q get hw.board.ethernetPortOrder); do
+	for interf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		sort_q_by_precedence $interf
 	done
 }
@@ -356,7 +356,7 @@ config_ingress_rate_limit() {
 	local ingress_rate=$2
 	local in_burst_size=$3
 	local pindex="$4"
-	local wanport="$(db -q get hw.board.ethernetWanPort)"
+	local wanport="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
 
 	# Unit in uci file is in bps while that accepted by ethswctl is kbits
 	if [ $ingress_rate -lt 1000 ]; then
@@ -384,7 +384,7 @@ config_ingress_rate_limit() {
 
 pre_configure_queue() {
 	# Delete queues
-	for intf in $(db get hw.board.ethernetPortOrder); do
+	for intf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		rm -rf /tmp/qos/$intf
 
 		mkdir -p /tmp/qos/$intf
@@ -462,8 +462,8 @@ configure_queue() {
 		fi
 		bs=$(( bs / 1000 ))
 	}
-	local wanport="$(db -q get hw.board.ethernetWanPort)"
-	for interf in $(db -q get hw.board.ethernetPortOrder); do
+	local wanport="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
+	for interf in $(jsonfilter -i /etc/board.json -e @.network.lan.ports[*] -e @.network.lan.device -e @.network.wan.device | xargs); do
 		Q_COUNT=0
 		rate=0
 		# sp queue have max priority value = no. of queue configured on the port

self-diagnostics/files/usr/share/self-diagnostics/helper/wifi_radio_status.sh

@@ -0,0 +1,3 @@
+for radio_if in $(ubus list 'wifi.radio.*'); do
+	ubus call "${radio_if}" status
+done

self-diagnostics/files/usr/share/self-diagnostics/spec/wifi.json

@@ -12,9 +12,13 @@
 			"cmd": "ubus call network.wireless status"
 		},
 		{
-			"description": "Wireless Radio Status",
+			"description": "WiFi Status",
 			"cmd": "ubus call wifi status"
 		},
+		{
+			"description": "WiFi Radio Status",
+			"cmd": "sh /usr/share/self-diagnostics/helper/wifi_radio_status.sh"
+		},
 		{
 			"description": "Get radio scan",
 			"cmd": "sh /usr/share/self-diagnostics/helper/wifi_radio_scan.sh"
@@ -23,6 +27,10 @@
 			"description": "Get Assoc List",
 			"cmd": "sh /usr/share/self-diagnostics/helper/wifi_assoclist.sh"
 		},
+		{
+			"description": "List Wireless Devices",
+			"cmd": "iw dev"
+		},
 		{
 			"description": "iwinfo interface details",
 			"cmd": "/usr/bin/iwinfo"

stunc/Makefile

@@ -7,14 +7,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=stunc
+PKG_VERSION:=1.4.2
 PKG_RELEASE:=1
-PKG_VERSION:=1.4.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/stunc.git
-PKG_SOURCE_VERSION:=335f52d51b3b988917f0130303d571ac1fd9636c
+PKG_SOURCE_VERSION:=92fd3d9d59b3c660266b0411b653fee9dcfda1ed
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -23,7 +23,6 @@ PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
-include ../bbfdm/bbfdm.mk
 
 MAKE_PATH:=src
 
@@ -49,10 +48,11 @@ define Package/stunc/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/icwmpd/plugins
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/stunc $(1)/usr/sbin/
 	$(INSTALL_BIN) ./files/etc/init.d/stunc $(1)/etc/init.d/stunc
 	$(INSTALL_DATA) ./files/etc/config/stunc $(1)/etc/config/stunc
-	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/src/libstunc.so)
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/libstunc.so $(1)/etc/icwmpd/plugins/
 endef
 
 $(eval $(call BuildPackage,stunc))

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=3.1.49
+PKG_VERSION:=3.1.57
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=66af310956f40de684c0c1bc760439bb34815159
+PKG_SOURCE_VERSION:=5c031a2e3c3ebc0b71566073a8296c75f422b8aa
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=3.1.49
+PKG_VERSION:=3.1.57
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=ca9091f89b183bc6133e74bb4968373c108eafdf
+PKG_SOURCE_VERSION:=f40a83b669b9a6abb527f3e7e6babbcd7c00622a
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)

sulu/sulu-lcm/Makefile

@@ -4,11 +4,11 @@
 
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-lcm
-PKG_VERSION:=3.1.27
+PKG_VERSION:=3.1.52
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-lcm.git
-PKG_SOURCE_VERSION:=6b1d30d7918adeb19c5177dd7c5472cb0dac9896
+PKG_SOURCE_VERSION:=af612edb4ea186d9c71fc2157883bf686b14e376
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sulu/sulu-multi-ap/Makefile

@@ -4,11 +4,11 @@
 
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-multi-ap
-PKG_VERSION:=3.1.42
+PKG_VERSION:=3.1.52
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-multi-ap.git
-PKG_SOURCE_VERSION:=e209cbc04a92494b96c74cee443e1b385c6687fe
+PKG_SOURCE_VERSION:=ac4a73768844796be5678559b64269e6fe073192
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sulu/sulu-parental-control/Makefile

@@ -4,11 +4,11 @@
 
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-parental-control
-PKG_VERSION:=3.1.38
+PKG_VERSION:=3.1.52
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-parental-control.git
-PKG_SOURCE_VERSION:=dd9dab9fb8aca87991cd2cc02c5fedd8baee3b97
+PKG_SOURCE_VERSION:=e1c5b4473fba9d42ef7d1e95e634416585bf5887
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

swmodd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=swmodd
-PKG_VERSION:=2.5.3
+PKG_VERSION:=2.5.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/lcm/swmodd.git
-PKG_SOURCE_VERSION:=80d8a2f0dddc8e1575c0a6dee1e496c52104d033
+PKG_SOURCE_VERSION:=723d3597ef0f1b20fd3212b3e1ced3242f2491f1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -75,6 +75,7 @@ endif
 define Package/swmodd/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/swmodd
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/usr/share/swmodd/
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
@@ -90,13 +91,13 @@ ifeq ($(CONFIG_PACKAGE_liblxc),y)
 	$(INSTALL_BIN) ./files/etc/uci-defaults/02-migrate-lxc $(1)/etc/uci-defaults/02-migrate-lxc
 endif
 ifeq ($(CONFIG_PACKAGE_crun),y)
-	$(INSTALL_DIR) $(1)/etc/swmodd
 	$(INSTALL_BIN) ./files/etc/swmodd/run.sh $(1)/etc/swmodd/run.sh
 	$(INSTALL_BIN) ./files/etc/init.d/crun $(1)/etc/init.d/crun
 	$(INSTALL_BIN) ./files/etc/config/crun $(1)/etc/config/crun
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/crun_create $(1)/usr/sbin/crun_create
 endif
-	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/libswmodd.so)
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/swmodd,$(PKG_BUILD_DIR)/libswmodd.so)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/swmodd/input.json)
 endef
 
 define Package/swmodd-cgroup/install

swmodd/files/etc/init.d/swmodd

@@ -22,20 +22,20 @@ validate_globals_section()
 }
 
 start_lxc_container() {
-	local root
+	local root_dir
 
 	config_get name "${1}" name ""
 	config_get type "${1}" type ""
 	config_get autostart "${1}" autostart "0"
 	config_get timeout "${1}" timeout "300"
-	root="${2}"
+	root_dir="${2}"
 
 	if [ -z "${name}" ] || [ -z "${type}" ]; then
 		return 0;
 	fi
 
 	# workaround to install lxc container with installdu and autostart them
-	if [ -f "${root}/$name/config" ]; then
+	if [ -f "${root_dir}/$name/config" ]; then
 		type=lxc
 	fi
 
@@ -81,31 +81,29 @@ start_service() {
 	local enabled debug log_level sock root
 
 	config_load swmodd
-
 	validate_globals_section || {
 		return 1;
 	}
 
 	[ "${enabled}" -eq 0 ] && return 0
 
+	# crun default runtime directory /run, if not present then create
 	[ ! -d "/run" ] && ln -fs /var/run /run
-        if [ ! -d "${root}" ]; then
-                log "# Not staring root [${root}] not present/defined"
-                return 1
-        fi
 
-	env_name=""
-	execenvs=$(uci show swmodd | grep "=execenv" | cut -d'=' -f 1 | cut -d'.' -f 2)
-	for env in ${execenvs}; do
-		name=$(uci get swmodd.${env}.name)
-		if [ -n "${name}" ]; then
-			env_name="${name}"
-			break
+	if [ ! -d "${root}" ]; then
+		log "# root [${root}] not present, creating ..."
+		if [ -n "${root}" ]; then
+			mkdir -p "${root}"
+		else
+			log "# Not starting, root [${root}] not defined"
+			return 1
 		fi
-	done
+	fi
 
+	# Currently only one execenv supported
+	env_name="$(uci -q get swmodd.@execenv[0].name)"
 	if [ -z "${env_name}" ]; then
-		log "# Not starting execenv name [${env_name}] not defined"
+		log "# Not starting, execenv name [${env_name}] not defined"
 		return 1
 	fi
 
@@ -115,10 +113,14 @@ start_service() {
 	fi
 
 	bundle_root="${bundle_root}${env_name}"
-        if [ ! -d "${bundle_root}" ]; then
-                log "# Not staring execenv [${bundle_root}] not present"
-                return 1
-        fi
+	if [ ! -d "${bundle_root}" ]; then
+		if [ -n "${bundle_root}" ]; then
+			mkdir -p "${bundle_root}"
+		else
+			log "# Not starting, execenv [${bundle_root}] not defined"
+			return 1
+		fi
+	fi
 
 	procd_open_instance swmodd
 	procd_set_param command ${PROG}
@@ -154,5 +156,5 @@ reload_service() {
 }
 
 service_triggers() {
-       procd_add_reload_trigger "swmodd"
+	procd_add_reload_trigger "swmodd"
 }

swmodd/files/etc/swmodd/input.json

@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/swmodd/libswmodd.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"object": "SoftwareModules",
+			"root_obj": "bbfdm"
+		}
+	}
+}