emctrl2: example easymesh controller dm package

- Optimize CPU usages
- Remove support to delete all instances at once

bbfdm/Config_bbfdm.in

@@ -1,3 +1,4 @@
+if PACKAGE_libbbfdm
 config BBF_VENDOR_LIST
 	string "Vendor List"
 	default "iopsys"
@@ -10,14 +11,7 @@ config BBF_OBFUSCATION_KEY
 	string "Obfuscation key"
 	default "371d530c95a17d1ca223a29b7a6cdc97e1135c1e0959b51106cca91a0b148b5e42742d372a359760742803f2a44bd88fca67ccdcfaeed26d02ce3b6049cb1e04"
 
-config BBF_TR143
-	bool "Enable TR-143 Data Model Support"
-	default y
-
-config BBF_TR471
-	bool "Enable TR-471 Data Model Support"
-	default y
-
 config BBF_MAX_OBJECT_INSTANCES
 	int "Maximum number of instances per object"
 	default 255
+endif

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.8.1
+PKG_VERSION:=1.10.0
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=63fad00eeed1a7c181ef51be43174d92be4ad00f
+PKG_SOURCE_VERSION:=75195a112e3aef2b07e224afbbffcb15368be58f
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -37,8 +37,8 @@ define Package/libbbfdm
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=Library for broadband forum data model support
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api \
-	    +BBF_TR471:obudpst +libopenssl
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +libopenssl
+  MENU:=1
 endef
 
 define Package/bbfdmd
@@ -46,19 +46,36 @@ define Package/bbfdmd
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=Datamodel ubus backend
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api +libbbfdm
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api +libbbfdm +jq +bbf_configmngr
+endef
+
+define Package/bbf_configmngr
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=TRx69
+  TITLE:= BBF Config Manager
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json
+  MENU:=1
 endef
 
 define Package/libbbfdm/config
 	source "$(SOURCE)/Config_bbfdm.in"
 endef
 
+define Package/bbf_configmngr/config
+	source "$(SOURCE)/bbf_configmngr.in"
+endef
+
 define Package/libbbfdm-api/description
  Library contains the API(UCI, UBUS, JSON, CLI and Browse) of libbbfdm
 endef
 
 define Package/libbbfdm/description
- Library contains the data model tree. It includes TR181, TR143 data models
+ Library contains the data model tree, It includes basic TR181 nodes.
+endef
+
+define Package/bbf_configmngr/description
+ Daemon for handling bbf reload services via ubus bbf.config
 endef
 
 ifeq ($(USE_LOCAL),1)
@@ -69,17 +86,6 @@ endif
 
 CMAKE_OPTIONS += \
 	-DBBF_TR181=ON
-	-DBBF_WIFI_DATAELEMENTS=ON
-
-ifeq ($(CONFIG_BBF_TR143),y)
-CMAKE_OPTIONS += \
-	-DBBF_TR143=ON
-endif
-
-ifeq ($(CONFIG_BBF_TR471),y)
-CMAKE_OPTIONS += \
-	-DBBF_TR471=ON
-endif
 
 CMAKE_OPTIONS += \
 	-DBBF_VENDOR_LIST:String="$(CONFIG_BBF_VENDOR_LIST)" \
@@ -94,38 +100,37 @@ endif
 define Package/libbbfdm-api/install
 	$(INSTALL_DIR) $(1)/lib
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm-api/libbbfdm-api.so $(1)/lib/
+
 	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm-api/scripts/bbf.secure $(1)/usr/libexec/rpcd/bbf.secure
-	$(INSTALL_DIR) $(1)/etc/bbfdm
-	echo "$(CONFIG_BBF_OBFUSCATION_KEY)" > $(1)/etc/bbfdm/.secure_hash
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/libexec/rpcd/bbf.secure $(1)/usr/libexec/rpcd/bbf.secure
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/libexec/rpcd/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
+
+	$(INSTALL_DIR) $(1)/usr/share/bbfdm/scripts/
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_api $(1)/usr/share/bbfdm/scripts/
+
 	$(INSTALL_DIR) $(1)/etc/bbfdm/certificates
+	echo "$(CONFIG_BBF_OBFUSCATION_KEY)" > $(1)/etc/bbfdm/.secure_hash
 endef
 
 define Package/libbbfdm/install
-	$(INSTALL_DIR) $(1)/lib
-	$(INSTALL_DIR) $(1)/etc/bbfdm
 	$(INSTALL_DIR) $(1)/etc/bbfdm/dmmap
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
+
 	$(INSTALL_DIR) $(1)/usr/share/bbfdm/
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm/libbbfdm.so $(1)/usr/share/bbfdm/libbbfdm.so
+
+	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/bbf $(1)/lib/upgrade/keep.d/bbf
-	$(INSTALL_BIN) ./files/etc/uci-defaults/95-portmap-firewall $(1)/etc/uci-defaults/95-portmap-firewall
-	$(INSTALL_BIN) ./files/etc/uci-defaults/97-firewall-service $(1)/etc/uci-defaults/97-firewall-service
-	$(INSTALL_BIN) ./files/etc/uci-defaults/99-link-core-plugins $(1)/etc/uci-defaults/99-link-core-plugins
-	$(INSTALL_BIN) ./files/etc/uci-defaults/90-remove-nonexisting-microservices $(1)/etc/uci-defaults/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-fix-bbfdmd-enabled-option $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/etc/firewall.portmap $(1)/etc/firewall.portmap
-	$(INSTALL_BIN) ./files/etc/firewall.service $(1)/etc/firewall.service
+
 ifeq ($(findstring iopsys,$(CONFIG_BBF_VENDOR_LIST)),iopsys)
 	$(BBFDM_INSTALL_CORE_PLUGIN) $(PKG_BUILD_DIR)/libbbfdm/dmtree/vendor/iopsys/libbbfdm_iopsys_ext.so $(1)
 endif
-ifeq ($(CONFIG_BBF_TR143),y)
+
 	$(INSTALL_DIR) $(1)/usr/share/bbfdm/scripts/
-	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm/scripts/* $(1)/usr/share/bbfdm/scripts/
-	$(LN) /usr/share/bbfdm/scripts/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
-endif
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_activate_handler.sh $(1)/usr/share/bbfdm/scripts/
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/share/bbfdm/scripts/bbf_check_idle.sh $(1)/usr/share/bbfdm/scripts/
 endef
 
 define Package/libbbfdm/prerm
@@ -148,6 +153,19 @@ define Package/bbfdmd/install
 	$(INSTALL_BIN) ./files/etc/hotplug.d/iface/85-bbfdm-sysctl $(1)/etc/hotplug.d/iface/85-bbfdm-sysctl
 endef
 
+define Package/bbf_configmngr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+ifeq ($(CONFIG_BBF_CONFIGMNGR_C_BACKEND),y)
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/utilities/bbf_configd $(1)/usr/sbin/
+	$(INSTALL_BIN) ./files/etc/init.d/bbf_configd $(1)/etc/init.d/bbf_configd
+endif
+ifeq ($(CONFIG_BBF_CONFIGMNGR_SCRIPT_BACKEND),y)
+	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
+	$(CP) $(PKG_BUILD_DIR)/utilities/files/usr/libexec/rpcd/bbf.config $(1)/usr/libexec/rpcd/bbf.config
+endif
+endef
+
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/include
@@ -156,6 +174,7 @@ define Build/InstallDev
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm-api/include/*.h $(1)/usr/include/
 endef
 
+$(eval $(call BuildPackage,bbf_configmngr))
 $(eval $(call BuildPackage,libbbfdm-api))
 $(eval $(call BuildPackage,libbbfdm))
 $(eval $(call BuildPackage,bbfdmd))

bbfdm/README.md

@@ -8,8 +8,6 @@ bbfdm provides few compile time configuration options and compile time help util
 | -----------------------  | ------------- | ----------- |
 | CONFIG_BBF_VENDOR_LIST   | List of vendor extension directories | iopsys        |
 | CONFIG_BBF_VENDOR_PREFIX | Prefix for Vendor extension datamodel objects/parameters | X_IOPSYS_EU_  |
-| CONFIG_BBF_TR143         | Enable/Add TR-143 Data Model Support | y             |
-| CONFIG_BBF_TR471         | Enable/Add TR-471 Data Model Support | y             |
 | CONFIG_BBF_MAX_OBJECT_INSTANCES | Maximum number of instances per object | 255    |
 | BBF_OBFUSCATION_KEY      | Hash used to encode/decode in `bbf.secure` object | 371d530c95a17d1ca223a29b7a6cdc97e1135c1e0959b51106cca91a0b148b5e42742d372a359760742803f2a44bd88fca67ccdcfaeed26d02ce3b6049cb1e04 |
 

bbfdm/bbf_configmngr.in

@@ -0,0 +1,19 @@
+if PACKAGE_bbf_configmngr
+choice
+	prompt "Select backend daemon for bbf.config"
+	default BBF_CONFIGMNGR_C_BACKEND
+	help
+		Select which backend daemon should be used for ubus bbf.config
+
+config BBF_CONFIGMNGR_SCRIPT_BACKEND
+	bool "Use shell script backend"
+	help
+		Enable this option to use shell script as the backend for bbf.config. This can be useful for quick and easy scripting of configuration tasks.
+
+config BBF_CONFIGMNGR_C_BACKEND
+	bool "Use C code backend"
+	help
+		Enable this option to use a C code implementation as the backend for bbf.config. This option is generally preferred for performance-critical tasks and scenarios requiring more robust and efficient handling.
+
+endchoice
+endif

bbfdm/bbfdm.mk

@@ -6,8 +6,8 @@ BBFDM_BASE_DM_PATH=/usr/share/bbfdm
 BBFDM_INPUT_PATH=/etc/bbfdm/micro_services
 BBFDM_DIR:=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 
-BBFDM_VERSION:=$(shell grep -oP '(?<=^PKG_VERSION:=).*' ${BBFDM_DIR}/Makefile)
-BBFDM_TOOLS:=$(BUILD_DIR)/bbfdm-$(BBFDM_VERSION)/tools
+#BBFDM_VERSION:=$(shell grep -oP '(?<=^PKG_VERSION:=).*' ${BBFDM_DIR}/Makefile)
+#BBFDM_TOOLS:=$(BUILD_DIR)/bbfdm-$(BBFDM_VERSION)/tools
 
 # Utility to install the plugin in bbfdm core path with priority.
 # Its now possible to overwrite/remove core datamodel with plugin, so, if some
@@ -29,7 +29,7 @@ BBFDM_TOOLS:=$(BUILD_DIR)/bbfdm-$(BBFDM_VERSION)/tools
 # Example to install plugin with priority:
 #  BBFDM_INSTALL_CORE_PLUGIN ./files/etc/bbfdm/json/CWMPManagementServer.json $(1) 01
 #
-BBFDM_INSTALL_CORE_PLUGIN:=$(BBFDM_DIR)/bbfdm.sh -t $(BBFDM_TOOLS) -p
+BBFDM_INSTALL_CORE_PLUGIN:=$(BBFDM_DIR)/tools/bbfdm.sh -p
 
 
 # Utility to install the micro-service datamodel
@@ -47,11 +47,12 @@ BBFDM_INSTALL_CORE_PLUGIN:=$(BBFDM_DIR)/bbfdm.sh -t $(BBFDM_TOOLS) -p
 # Note:
 # - There could be only one main plugin file, so its bind to PKG_NAME
 # - Micro-service input.json will be auto generated with this call
+# - Use -u (optional argument) to overwrite ubus object name
 #
 # Example:
 #  BBFDM_INSTALL_MS_DM $(PKG_BUILD_DIR)/libcwmp.so $(1) $(PKG_NAME)
 #
-BBFDM_INSTALL_MS_DM:=$(BBFDM_DIR)/bbfdm.sh -t $(BBFDM_TOOLS) -m
+BBFDM_INSTALL_MS_DM:=$(BBFDM_DIR)/tools/bbfdm.sh -m
 
 
 # Utility to install a plugins in datamodel micro-service
@@ -67,8 +68,25 @@ BBFDM_INSTALL_MS_DM:=$(BBFDM_DIR)/bbfdm.sh -t $(BBFDM_TOOLS) -m
 # Example:
 #  BBFDM_INSTALL_MS_PLUGIN $(PKG_BUILD_DIR)/libxmpp.so $(1) icwmp
 #
-BBFDM_INSTALL_MS_PLUGIN:=$(BBFDM_DIR)/bbfdm.sh -t $(BBFDM_TOOLS) -m -p
+BBFDM_INSTALL_MS_PLUGIN:=$(BBFDM_DIR)/tools/bbfdm.sh -m -p
 
+# Utility to install the helper scripts in default bbfdm script path
+#
+# Use Case:
+# User want to install some script for running diagnostics
+#
+# ARGS:
+#  $1 => Script with complete path
+#  $2 => package install directory
+#
+# Note:
+# - Use with -d option to install script in bbf.diag directory
+#
+# Example:
+#  BBFDM_INSTALL_SCRIPT $(PKG_BUILD_DIR)/download $(1)
+#  BBFDM_INSTALL_SCRIPT -d $(PKG_BUILD_DIR)/ipping $(1)
+#
+BBFDM_INSTALL_SCRIPT:=$(BBFDM_DIR)/tools/bbfdm.sh -s
 
 # Deprecated functions errors
 define BbfdmInstallPluginInMicroservice

bbfdm/files/etc/init.d/bbf_configd

@@ -0,0 +1,15 @@
+#!/bin/sh /etc/rc.common
+
+START=64
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/sbin/bbf_configd
+
+start_service()
+{
+	procd_open_instance "bbf_configd"
+	procd_set_param command ${PROG}
+	procd_set_param respawn
+	procd_close_instance "bbf_configd"
+}

bbfdm/files/etc/init.d/bbfdm.services

@@ -35,7 +35,7 @@ _add_microservice()
 	name="$(basename ${path})"
 	name="${name//.json}"
 
-	enable="$(jq '.daemon.enable//1' ${path})"
+	enable="$(jq -r '.daemon.enable//1' ${path})"
 	if [ "${enable}" -eq "0" ]; then
 		log "datamodel micro-service ${name} not enabled"
 		return 0

bbfdm/files/etc/uci-defaults/90-remove-nonexisting-microservices

@@ -1,18 +0,0 @@
-#!/bin/sh
-. /lib/functions.sh
-
-remove_nonexisting_microservice() {
-	local input_json
-
-	config_get input_json "$1" input_json ""
-
-	if [ -z "${input_json}" ]; then
-		uci_remove bbfdm "${1}"
-	fi
-}
-
-config_load bbfdm
-config_foreach remove_nonexisting_microservice "micro_service"
-
-exit 0
-

bbfdm/files/etc/uci-defaults/99-link-core-plugins

@@ -1,34 +0,0 @@
-#!/bin/sh
-
-UNIFIED_PATH="/usr/share/bbfdm/plugins/"
-
-log() {
-	echo "$@" | logger -t bbfdm.uci-default -p info
-}
-
-# Link JSON plugins
-for f in `ls -1 /etc/bbfdm/json/*.json`; do
-	log "# BBFDM JSON plugin ${f} not aligned #"
-	ln -s ${f} "${UNIFIED_PATH}"
-done
-
-# Link DotSo plugins
-for f in `ls -1 /usr/lib/bbfdm/*.so`; do
-	log "# BBFDM DotSO plugin ${f} not aligned #"
-	ln -s ${f} "${UNIFIED_PATH}"
-done
-
-# Link JSON plugins
-for f in `ls -1 /etc/bbfdm/plugins/*.json`; do
-	log "# BBFDM JSON plugin ${f} not aligned #"
-	ln -s ${f} "${UNIFIED_PATH}"
-done
-
-# Link DotSo plugins
-for f in `ls -1 /etc/bbfdm/plugins/*.so`; do
-	log "# BBFDM DotSO plugin ${f} not aligned #"
-	ln -s ${f} "${UNIFIED_PATH}"
-done
-
-exit 0
-

bbfdm/tools/bbfdm.sh

@@ -2,25 +2,34 @@
 
 BBFDM_BASE_DM_PATH="usr/share/bbfdm"
 BBFDM_INPUT_PATH="etc/bbfdm/micro_services"
-INPUT_TEMPLATE='{"daemon":{"service_name":"template","config":{"loglevel":"1"}}}'
+INPUT_TEMPLATE='{"daemon":{"enable":"1","service_name":"template","config":{"loglevel":"1"}}}'
+OUT_NAME=""
 
 MICRO_SERVICE=0
+SCRIPT=0
+DIAG=0
 PLUGIN=0
 DEST=""
-TOOLS=""
+TOOLS="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
 SRC=""
 
-while getopts ":t:mp" opt; do
+while getopts ":mpsdu:" opt; do
 	case ${opt} in
-	  t)
-	  	TOOLS="${OPTARG}"
-		;;
 	  m)
 	  	MICRO_SERVICE=1
 		;;
 	  p)
 	  	PLUGIN=1
 		;;
+	  s)
+	  	SCRIPT=1
+		;;
+	  d)
+	  	DIAG=1
+		;;
+	  u)
+	  	OUT_NAME="${OPTARG}"
+		;;
 	  ?)
 	  	echo "Invalid option: ${OPTARG}"
 		exit 1
@@ -59,11 +68,10 @@ install_data() {
 # Installing datamodel
 bbfdm_install_dm()
 {
-	local src dest priority minfile
+	local src dest minfile
 
 	src="$1"
 	dest="$2"
-	priority="${3}"
 	minfile=""
 
 	if [ -z ${src} ] || [ -z "${dest}" ] || [ -z "${TOOLS}" ]; then
@@ -79,7 +87,7 @@ bbfdm_install_dm()
 		src=${minfile}
 		if dpkg -s python3-jsonschema >/dev/null 2>&1; then
 			echo "Verifying bbfdm Datamodel JSON file"
-			if ! ${TOOLS}/validate_json_plugin.py ${src}; then
+			if ! ${TOOLS}/validate_plugins.py ${src}; then
 				echo "Validation of the plugin failed ${src}"
 				exit 1
 			fi
@@ -88,11 +96,7 @@ bbfdm_install_dm()
 		fi
 	fi
 
-	if [ -n "${priority}" ]; then
-		install_bin ${src} ${dest}/${priority}_$(basename ${src})
-	else
-		install_bin ${src} ${dest}
-	fi
+	install_bin ${src} ${dest}
 
 	if [ -f "${minfile}" ]; then
 		rm ${minfile}
@@ -107,7 +111,12 @@ bbfdm_generate_input()
 	ser=${2}
 	dest=${dest_dir}/${ser}.json
 
-	echo ${INPUT_TEMPLATE} | jq --arg service "$ser" '.daemon.service_name = $service' > ${dest}
+	if [ -n "${OUT_NAME}" ]; then
+		echo ${INPUT_TEMPLATE} | jq --arg service "${ser}" --arg OUT "${OUT_NAME}" '.daemon |= (.service_name = $service |.output.name = $OUT)' > ${dest}
+	else
+		echo ${INPUT_TEMPLATE} | jq --arg service "${ser}" '.daemon.service_name = $service' > ${dest}
+	fi
+
 	chmod 466 ${dest}
 }
 
@@ -116,6 +125,17 @@ if [ -z "$SRC" ] || [ -z "${DEST}" ] ; then
 	exit 1
 fi
 
+if [ "${SCRIPT}" -eq "1" ]; then
+	if [ "${DIAG}" -eq "1" ]; then
+		install_dir ${DEST}/${BBFDM_BASE_DM_PATH}/scripts/bbf_diag
+		install_bin ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/scripts/bbf_diag/
+	else
+		install_dir ${DEST}/${BBFDM_BASE_DM_PATH}/scripts
+		install_bin ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/scripts/
+	fi
+	exit 0
+fi
+
 if [ "${MICRO_SERVICE}" -eq "1" ]; then
 	if [ -z "${DATA}" ]; then
 		echo "# service_name[${DATA}] not provided"
@@ -136,8 +156,14 @@ if [ "${MICRO_SERVICE}" -eq "1" ]; then
 	fi
 else
 	if [ "${PLUGIN}" -eq "1" ]; then
+		priority="${DATA:-0}"
 		install_dir ${DEST}/${BBFDM_BASE_DM_PATH}/plugins
-		bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/plugins/ ${DATA}
+		if [ "${priority}" -gt "0" ]; then
+			# install with priority if defined
+			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/plugins/${priority}_$(basename ${SRC})
+		else
+			bbfdm_install_dm ${SRC} ${DEST}/${BBFDM_BASE_DM_PATH}/plugins/$(basename ${SRC})
+		fi
 	fi
 fi
 

bbfdm/tools/validate_plugins.py

@@ -0,0 +1,330 @@
+#!/usr/bin/python3
+
+# Copyright (C) 2024 iopsys Software Solutions AB
+# Author: Amin Ben Romdhane <amin.benromdhane@iopsys.eu>
+
+import sys
+import json
+from jsonschema import validate
+
+JSON_PLUGIN_VERSION = 0
+
+obj_schema = {
+	"definitions": {
+		"type_t": {
+			"type": "string",
+			"enum": [
+				"object"
+			]
+		},
+		"map_type_t": {
+			"type": "string",
+			"enum": [
+				"uci",
+				"ubus"
+			]
+		},
+		"protocols_t": {
+			"type": "string",
+			"enum": [
+				"cwmp",
+				"usp"
+			]
+		}
+	},
+	"type" : "object",
+	"properties" : {
+		"type" : {"$ref": "#/definitions/type_t"},
+		"version" : {"type": "string"},
+		"protocols" : {"type" : "array", "items" : {"$ref": "#/definitions/protocols_t"}},
+		"uniqueKeys" : {"type" : "array"},
+		"access" : {"type" : "boolean"},
+		"array" : {"type" : "boolean"},
+		"mapping" : {"type" : "object", "properties" : {
+				"type" : {"$ref": "#/definitions/map_type_t"},
+				"uci" : {"type" : "object", "properties" : {
+						"file" : {"type": "string"},
+						"section" : {"type": "object", "properties" : {
+								"type" : {"type": "string"}
+							}
+						},
+						"dmmapfile" : {"type": "string"}
+					}
+				},
+				"ubus" : {"type" : "object", "properties" : {
+						"object" : {"type": "string"},
+						"method" : {"type": "string"},
+						"args" : {"type": "object"},
+						"key" : {"type": "string"}
+					}
+				}
+			}
+		}
+	},
+	"required": [
+		"type",
+		"protocols",
+		"array",
+		"access"
+	]
+}
+
+obj_schema_v1 = {
+	"definitions": {
+		"type_t": {
+			"type": "string",
+			"enum": [
+				"object"
+			]
+		},
+		"map_type_t": {
+			"type": "string",
+			"enum": [
+				"uci",
+				"ubus"
+			]
+		},
+		"protocols_t": {
+			"type": "string",
+			"enum": [
+				"cwmp",
+				"usp",
+				"none"
+			]
+		}
+	},
+	"type" : "object",
+	"properties" : {
+		"type" : {"$ref": "#/definitions/type_t"},
+		"version" : {"type": "string"},
+		"protocols" : {"type" : "array", "items" : {"$ref": "#/definitions/protocols_t"}},
+		"uniqueKeys" : {"type" : "array"},
+		"access" : {"type" : "boolean"},
+		"array" : {"type" : "boolean"},
+		"mapping" : {"type" : "array", "items" : {
+			"type" : "object", "properties" : {
+				"type" : {"$ref": "#/definitions/map_type_t"},
+					"uci" : {"type" : "object", "properties" : {
+							"file" : {"type": "string"},
+							"section" : {"type": "object", "properties" : {
+									"type" : {"type": "string"}
+								}
+							},
+							"dmmapfile" : {"type": "string"}
+						}
+					},
+					"ubus" : {"type" : "object", "properties" : {
+							"object" : {"type": "string"},
+							"method" : {"type": "string"},
+							"args" : {"type": "object"},
+							"key" : {"type": "string"}
+						}
+					}
+				}
+			}
+		}
+	},
+	"required": [
+		"type",
+		"protocols",
+		"array",
+		"access"
+	]
+}
+
+param_schema = {
+	"definitions": {
+		"type_t": {
+			"type": "string",
+			"enum": [
+				"string",
+				"unsignedInt",
+				"unsignedLong",
+				"int",
+				"long",
+				"boolean",
+				"dateTime",
+				"hexBinary",
+				"base64",
+				"decimal"
+			]
+		},
+		"map_type_t": {
+			"type": "string",
+			"enum": [
+				"uci",
+				"ubus",
+				"procfs",
+				"sysfs",
+				"json",
+				"uci_sec"
+			]
+		},
+		"protocols_t": {
+			"type": "string",
+			"enum": [
+				"cwmp",
+				"usp",
+				"none"
+			]
+		}
+	},
+	"type" : "object",
+	"properties" : {
+		"type" : {"$ref": "#/definitions/type_t"},
+		"protocols" : {"type" : "array", "items" : {"$ref": "#/definitions/protocols_t"}},
+		"read" : {"type" : "boolean"},
+		"write" : {"type" : "boolean"},
+		"mapping" : {"type" : "array", "items" : {"type": "object", "properties" : {
+					"type" : {"$ref": "#/definitions/map_type_t"},
+					"uci" : {"type" : "object", "properties" : {
+							"file" : {"type": "string"},
+							"section" : {"type": "object", "properties" : {
+									"type" : {"type": "string"},
+									"index" : {"type": "string"}
+								}
+							},
+							"option" : {"type": "object", "properties" : {
+									"name" : {"type": "string"}								}
+							}
+						}
+					},
+					"ubus" : {"type" : "object", "properties" : {
+							"object" : {"type": "string"},
+							"method" : {"type": "string"},
+							"args" : {"type": "object"},
+							"key" : {"type": "string"}
+						}
+					},
+					"procfs" : {"type" : "object", "properties" : {
+							"file" : {"type": "string"}
+						}
+					},
+					"sysfs" : {"type" : "object", "properties" : {
+							"file" : {"type": "string"}
+						}
+					}
+				}
+			}
+		}
+	},
+	"required": [
+		"type",
+		"protocols",
+		"read",
+		"write"
+	]
+}
+
+event_schema = {
+	"definitions": {
+		"type_t": {
+			"type": "string",
+			"enum": [
+				"event"
+			]
+		},
+		"protocols_t": {
+			"type": "string",
+			"enum": [
+				"usp"
+			]
+		}
+	},
+	"type" : "object",
+	"properties" : {
+		"type" : {"$ref": "#/definitions/type_t"},
+		"version" : {"type": "string"},
+		"protocols" : {"type" : "array", "items" : {"$ref": "#/definitions/protocols_t"}}
+	},
+	"required": [
+		"type",
+		"protocols"
+	]
+}
+
+command_schema = {
+	"definitions": {
+		"type_t": {
+			"type": "string",
+			"enum": [
+				"command"
+			]
+		},
+		"protocols_t": {
+			"type": "string",
+			"enum": [
+				"usp"
+			]
+		}
+	},
+	"type" : "object",
+	"properties" : {
+		"type" : {"$ref": "#/definitions/type_t"},
+		"async" : {"type" : "boolean"},
+		"protocols" : {"type" : "array", "items" : {"$ref": "#/definitions/protocols_t"}},
+		"input" : {"type" : "object"},
+		"output" : {"type" : "object"}
+	},
+	"required": [
+		"type",
+		"async",
+		"protocols"
+	]
+}
+
+def print_validate_json_usage():
+    print("Usage: " + sys.argv[0] + " <dm json file>")
+    print("Examples:")
+    print("  - " + sys.argv[0] + " datamodel.json")
+    print("    ==> Validate the json file")
+    print("")
+    exit(1)
+
+def parse_value( key , value ):
+
+    if key.endswith('.') and not key.startswith('Device.'):
+        print(key + " is not a valid path")
+        exit(1)
+
+    if key.endswith('.') and (JSON_PLUGIN_VERSION == 1 or JSON_PLUGIN_VERSION == 2):
+        __schema = obj_schema_v1
+    elif key.endswith('.'):
+        __schema = obj_schema
+    elif key.endswith('!'):
+        __schema = event_schema
+    elif key.endswith('()'):
+        __schema = command_schema
+    else:
+        __schema = param_schema
+    
+    validate(instance = value, schema = __schema)
+    
+    for k, v in value.items():
+        if k != "list" and k != "mapping" and k != "input" and k != "output" and isinstance(v, dict):
+            parse_value(k, v)
+
+### main ###
+if len(sys.argv) < 2:
+    print_validate_json_usage()
+    
+json_file = open(sys.argv[1], "r", encoding='utf-8')
+try:
+    json_data = json.loads(json_file.read())
+except ValueError:
+    print(sys.argv[1] + " file has a wrong JSON format!!!!!")
+    exit(1)
+
+for __key, __value in json_data.items():
+
+    if __key == "json_plugin_version":
+
+        if not isinstance(__value, int) or __value not in [0, 1, 2]:
+            raise ValueError("Invalid value for json_plugin_version")
+
+        JSON_PLUGIN_VERSION = __value
+        continue
+
+    parse_value(__key , __value)
+
+print("JSON File is Valid")

bridgemngr/Config.in

@@ -0,0 +1,11 @@
+if PACKAGE_bridgemngr
+
+menu "Configuration"
+
+config BRIDGEMNGR_BRIDGE_VLAN
+	bool "Use bridge-vlan backend"
+	help
+	   Set this option to use bridge-vlan as backend for VLAN objects.
+
+endmenu
+endif

bridgemngr/Makefile

@@ -0,0 +1,61 @@
+#
+# Copyright (C) 2020-2024 iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=bridgemngr
+PKG_VERSION:=1.0.5
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/bridgemngr
+PKG_SOURCE_VERSION:=c0f2e17f6d4f96aecfe72ab90be885939413176d
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/bridgemngr
+ CATEGORY:=Utilities
+ TITLE:=Bridge Manager
+ DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api
+endef
+
+define Package/bridgemngr/description
+	Package to add Device.Bridging. data model support.
+endef
+
+define Package/$(PKG_NAME)/config
+	source "$(SOURCE)/Config.in"
+endef
+
+MAKE_PATH:=src
+
+TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
+
+ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VLAN),y)
+	TARGET_CFLAGS += -DBRIDGE_VLAN_BACKEND
+endif
+
+define Package/bridgemngr/install
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libbridgemngr.so $(1) $(PKG_NAME)
+ifeq ($(findstring iopsys,$(CONFIG_BBF_VENDOR_LIST)),iopsys)
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libbridgeext.so $(1) $(PKG_NAME)
+endif
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) ~/git/bridgemngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+$(eval $(call BuildPackage,bridgemngr))

bulkdata/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.10
+PKG_VERSION:=2.1.11
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=e472e90feec31d9f318ea8c732ab564002e25db1
+PKG_SOURCE_VERSION:=5dd9cd3cfc95e9dce5f64fe9cadd274bb31b8fa6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

bulkdata/files/etc/init.d/bulkdatad

@@ -12,12 +12,21 @@ start_service() {
 	config_load bulkdata
 	config_get_bool enable bulkdata enable 1
 
-	[ "$enable" -eq "1" ] && {
+	if [ ! -f "/var/state/bulkdatad" ]; then
+		touch /var/state/bulkdatad
+		uci -q -c /var/state set bulkdatad.global='global'
+		uci -q -c /var/state commit bulkdatad
+	fi
+
+	if [ "$enable" -eq "1" ]; then
 		procd_open_instance "bulkdata"
 		procd_set_param command "$PROG"
 		procd_set_param respawn
 		procd_close_instance "bulkdata"
-	}
+	else
+		uci -q -c /var/state set bulkdatad.global.status='Disabled'
+		uci -q -c /var/state commit bulkdatad
+	fi
 }
 
 reload_service() {

csmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=csmngr
-PKG_VERSION:=0.0.8
+PKG_VERSION:=1.0.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ca899eb18b5bec38f4b8b4d08b42d89fef965c13
+PKG_SOURCE_VERSION:=5e50fe388fff29b08d895c1c580152cccfa290ad
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/csmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ddnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ddnsmngr
-PKG_VERSION:=1.0.4
+PKG_VERSION:=1.0.7
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ddnsmngr.git
-PKG_SOURCE_VERSION:=d0d37df44644ef2c1a0b11d3a4f92dc694ae1010
+PKG_SOURCE_VERSION:=4b0c679c4dc3e3725de5c0c55ed60f24b87c6edd
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Config.in

@@ -2,6 +2,6 @@ menu "Configuration"
 
 config DECOLLECTOR_EASYMESH_VERSION
 	int "Support Easymesh version"
-	default 4
+	default 6
 
 endmenu

decollector/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=4.4.0.5
+PKG_VERSION:=6.0.0.13
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b3e76eb2f03b13cc8d73b103277b7ad240460ec2
+PKG_SOURCE_VERSION:=d75639d9ae82538103123b32fc0de9280e84cabb
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.6.5
+PKG_VERSION:=3.6.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=192e74db2082e3f89f6defe9d752d752b0b09079
+PKG_SOURCE_VERSION:=98999eb75755f79a3c8a7e802e024b42914d1efc
 PKG_MIRROR_HASH:=skip
 endif
 

dectmngr/files/etc/init.d/dectmngr

@@ -11,8 +11,6 @@ LOG_PATH=/var/log/dectmngr
 DB_PATH=/etc/dect
 DCX81_UART_DT_ALIAS=/proc/device-tree/aliases/dcx81-uart
 
-DECT_GPIO="$(gpiofind DCX81_RSTN | cut -d ' ' -f 2 2>/dev/null)"
-
 # Ask dectmngr to exit nicely and wait for it to clean up, which is a slow process.
 stop_and_wait_dectmngr() {
 	dect_pid=$(pidof $PROG)
@@ -64,8 +62,6 @@ start_service() {
 		dcx81_uart_device=/dev/ttyH0
 	fi
 
-	[ -n "$DECT_GPIO" ] && echo 1 > /sys/class/gpio/gpio${DECT_GPIO}/value
-
 	rfpi=$(db -q get hw.board.dect_rfpi)
 	[ -n "$rfpi" -a ${#rfpi} -eq 14 ] && opt_ext="$opt_ext -rfpi $rfpi"
 
@@ -112,7 +108,6 @@ start_service() {
 stop_service() {
 	has_dect || return 0
 
-	[ -n "$DECT_GPIO" ] && echo 0 > /sys/class/gpio/gpio${DECT_GPIO}/value
 	stop_and_wait_dectmngr
 }
 
@@ -126,11 +121,6 @@ service_triggers() {
 }
 
 boot() {
-	[ -n "$DECT_GPIO" ] && {
-		echo ${DECT_GPIO} > /sys/class/gpio/export
-		echo out > /sys/class/gpio/gpio${DECT_GPIO}/direction
-	}
-
 	[ ! -d $LOG_PATH ] && mkdir -p $LOG_PATH
 	[ ! -d $DB_PATH ] && mkdir -p $DB_PATH
 	start

dhcpmngr/Makefile

@@ -0,0 +1,50 @@
+#
+# Copyright (C) 2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dhcpmngr
+PKG_VERSION:=1.0.2
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
+PKG_SOURCE_VERSION:=4c89a3f12686343e3cca23819255744ac06dfb22
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+MAKE_PATH:=src
+
+define Package/dhcpmngr
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Package to add Device.DHCPv4 and v6 data model support.
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +dnsmasq
+endef
+
+define Package/dhcpmngr/description
+  Package to add Device.DHCPv4. and Device.DHCPv6. data model support.
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/dhcpmngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/dhcpmngr/install
+	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
+	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_lease_start_time.user $(1)/etc/udhcpc.user.d/udhcpc_lease_start_time.user
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libdhcpmngr.so $(1) $(PKG_NAME)
+endef
+
+$(eval $(call BuildPackage,dhcpmngr))

dhcpmngr/files/etc/udhcpc.user.d/udhcpc_lease_start_time.user

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+leasestarttime="$(awk -F'.' '{print $1}' /proc/uptime 2> /dev/null)"
+target_file=/tmp/dhcp_client_info
+target_str="$INTERFACE $lease $leasestarttime"
+
+# if this interface is present in file, then replace it
+if grep -q "$INTERFACE" "$target_file" 2> /dev/null; then
+	# replace the whole line if pattern matches
+	sed -i "/${INTERFACE}/c\\${target_str}" "$target_file"
+else
+	# interface info was not present, append it to the file
+	echo "$target_str" >> "$target_file"
+fi

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.7
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=347070e096b98946ba660791e3c78d1646adc54a
+PKG_SOURCE_VERSION:=f6223f6034a57753ae9d1552ab1334194b1deaff
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -42,9 +42,8 @@ endef
 endif
 
 define Package/dnsmngr/install
-	$(INSTALL_DIR) $(1)/etc/dnsmngr
-	$(CP) $(PKG_BUILD_DIR)/src/libdnsmngr.so $(1)/etc/dnsmngr
-	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/dnsmngr/input.json)
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libdnsmngr.so $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_SCRIPT) -d $(PKG_BUILD_DIR)/scripts/nslookup $(1)
 endef
 
 $(eval $(call BuildPackage,dnsmngr))

dnsmngr/files/etc/dnsmngr/input.json

@@ -1,17 +0,0 @@
-{
-	"daemon": {
-		"config": {
-			"loglevel": "1"
-		},
-		"input": {
-			"type": "DotSo",
-			"name": "/etc/dnsmngr/libdnsmngr.so"
-		},
-		"output": {
-			"type": "UBUS",
-			"parent_dm": "Device.",
-			"object": "DNS",
-			"root_obj": "bbfdm"
-		}
-	}
-}

dslmngr/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dslmngr
-PKG_VERSION:=1.2.4
+PKG_VERSION:=1.2.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
-PKG_SOURCE_VERSION:=d71bef278b8222dee1c278723f8264aa8faf5e40
+PKG_SOURCE_VERSION:=2b1ecbd2079dbd88ed6d58b277b91dcf5038d869
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_MIRROR_HASH:=skip

dslmngr/files/broadcom/lib/dsl/broadcom.sh

@@ -211,8 +211,8 @@ create_ptm_devices() {
 
 prioritize_arp()
 {
-      ebtables -t nat -D POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
-      ebtables -t nat -A POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
+      ebtables --concurrent -t nat -D POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
+      ebtables --concurrent -t nat -A POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
 }
 
 xtm_remove_devices() {

easy-qos/Makefile

@@ -1,47 +0,0 @@
-#
-# Copyright (C) 2019 iopsys Software Solutions AB
-#
-# This is free software, licensed under the GNU General Public License v2.
-# 
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=easy-qos
-PKG_VERSION:=1.1
-PKG_RELEASE:=0
-
-PKG_LICENSE:=GPLv2
-PKG_LICENSE_FILES:=none
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/easy-qos
-  SECTION:=net
-  CATEGORY:=Network
-  TITLE:=Easy QoS
-  DEPENDS:=@(TARGET_brcmbca||TARGET_airoha)
-endef
-
-define Package/easy-qos/description
-	This package contains Easy QoS utility
-endef
-
-define Build/Prepare
-	mkdir -p $(PKG_BUILD_DIR)
-	$(CP) ./files/* $(PKG_BUILD_DIR)/
-endef
-
-define Build/Compile
-endef
-
-define Package/easy-qos/install
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(CP) ./files/etc/config/easy_qos $(1)/etc/config/
-	$(CP) ./files/etc/init.d/easy_qos.iptables $(1)/etc/init.d/easy_qos
-	$(CP) ./files/etc/uci-defaults/* $(1)/etc/uci-defaults/
-	$(CP) ./files/etc/firewall.easyqos $(1)/etc/firewall.easyqos
-endef
-
-$(eval $(call BuildPackage,easy-qos))

easy-qos/files/etc/firewall.easyqos

@@ -1 +0,0 @@
-/etc/init.d/easy_qos reload

easy-qos/files/etc/init.d/easy_qos.ebtables

@@ -1,140 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=99
-USE_PROCD=1
-
-log() {
-	echo "${@}"|logger -t easy_qos.ebtable -p debug
-}
-
-exec_log() {
-	${@}
-	if [ "${?}" -ne 0 ]; then
-		log "Failed to create ${@}";
-	fi
-}
-
-get_priority() {
-	local prio=$(echo $1|tr 'A-Z' 'a-z');
-	case "${prio}" in
-		"lowest")
-			echo 0;;
-		"low")
-			echo 1;;
-		"besteffort")
-			echo 2;;
-		"normal")
-			echo 3;;
-		"video")
-			echo 4;;
-		"medium")
-			echo 5;;
-		"high")
-			echo 6;;
-		"highest")
-			echo 7;;
-	esac
-}
-
-validate_rule_section()
-{
-	uci_validate_section easy_qos rule "${1}" \
-		'priority:string' \
-		'macaddr:string' \
-		'proto:string:none' \
-		'port:list(uinteger)' \
-		'comment:string:none'
-}
-
-# Clear existing rules before applying new rules
-clear_existing_rules() {
-	local rule=$(ebtables -t broute -L BROUTING|grep -m 1 mark)
-	while [ -n "${rule}" ]; do
-		exec_log ebtables -t broute -D BROUTING ${rule}
-		rule=$(ebtables -t broute -L BROUTING|grep -m 1 mark)
-	done
-}
-
-create_rule() {
-	local protocol=$1; shift
-	local mac=$1; shift
-	local mark="0x$1"; shift
-	local forward_port=$1;
-	local cmd="";
-	local protocol_number
-
-	cmd="-j mark --mark-or ${mark}";
-	if [ -n "${forward_port}" ]; then
-		cmd="--ip-destination-port ${forward_port} ${cmd}";
-	fi
-	
-	case "${protocol}" in
-		"tcp")
-			protocol_number=6;;
-		"udp")
-			protocol_number=17;;
-		"dccp")
-			protocol_number=33;;
-		"sctp")
-			protocol_number=132;;
-		*)
-			log "Protocol ${protocol} not supported in ebtables"
-			return;;
-	esac
-			
-	cmd="--ip-proto ${protocol_number} $cmd"
-	cmd="-p ip $cmd"
-
-	cmd="-s ${mac} $cmd"
-	exec_log ebtables -t broute -A BROUTING ${cmd}
-}
-
-manage_rule() {
-	local cfg="$1"
-	local priority macaddr proto port comment prio_num protocol
-
-	validate_rule_section "${1}" || {
-		log "Validation of section failed"
-		return 1;
-	}
-
-	protocol=$(echo ${proto}|tr 'A-Z' 'a-z')
-	prio_num=$(get_priority ${priority})
-	if [ -n "${macaddr}" -a -n "${prio_num}" ]; then
-		for p in ${port}; do
-			if [ "${protocol}" == "none" -o "${protocol}" == "tcpudp" ]; then
-				create_rule tcp ${macaddr} ${prio_num} ${p}
-				create_rule udp ${macaddr} ${prio_num} ${p}
-			else
-				create_rule ${protocol} ${macaddr} ${prio_num} ${p}
-			fi
-		done
-		# Create rule for all ports if port is not mentioned in uci
-		if [ -z "${port}" ]; then
-			if [ "${protocol}" == "none" -o "${protocol}" == "tcpudp" ]; then
-				create_rule tcp ${macaddr} ${prio_num}
-				create_rule udp ${macaddr} ${prio_num}
-			else
-				create_rule ${protocol} ${macaddr} ${prio_num}
-			fi
-		fi
-	fi
-}
-
-reload_service() {
-	# Do not apply rules if ebtables is not present in system
-	[ -x /usr/sbin/ebtables ] || return;
-
-	clear_existing_rules
-	config_load easy_qos
-	config_foreach manage_rule rule
-}
-
-start_service() {
-	reload_service
-}
-
-service_triggers() {
-	procd_add_reload_trigger "easy_qos"
-}
-

easy-qos/files/etc/init.d/easy_qos.iptables

@@ -1,186 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-. /usr/share/libubox/jshn.sh
-
-START=99
-USE_PROCD=1
-
-CLIENT_LIST="/tmp/easy_qos_client.list"
-
-log() {
-	echo "${@}"|logger -t easy_qos -p debug
-}
-
-exec_log() {
-	${@}
-	if [ "${?}" -ne 0 ]; then
-		log "Failed to create ${@}";
-	fi
-}
-
-get_priority() {
-	local prio=$(echo $1|tr 'A-Z' 'a-z');
-	case "${prio}" in
-		"lowest")
-			echo 0;;
-		"low")
-			echo 1;;
-		"besteffort")
-			echo 2;;
-		"normal")
-			echo 3;;
-		"video")
-			echo 4;;
-		"medium")
-			echo 5;;
-		"high")
-			echo 6;;
-		"highest")
-			echo 7;;
-	esac
-}
-
-clean_client_entries() {
-	[ -f ${CLIENT_LIST} ] && rm ${CLIENT_LIST}
-}
-
-map_client_entries() {
-	local clients ip mac host
-
-	json_load "$(ubus call router.network 'clients')"
-	json_get_keys keys
-
-	for key in ${keys};
-	do
-		json_select ${key}
-		json_get_vars ipaddr macaddr hostname
-		clients="${macaddr} ${ipaddr} ${hostname};${clients}"
-		json_select ..
-	done
-
-	json_init
-
-#	json_add_array "clients"
-	IFS=";"
-	for client in ${clients};
-	do
-		macaddr=$(echo ${client} | cut -d" " -f1)
-		json_add_object "${macaddr//:/_}"
-		json_add_string "ip" "$(echo ${client} | cut -d" " -f2)"
-		json_add_string "macaddr" "$(echo ${client} | cut -d" " -f1)"
-		json_add_string "host" "$(echo ${client} | cut -d" " -f3)"
-		json_close_object
-	done
-
-	IFS=' '
-	echo `json_dump` > ${CLIENT_LIST}
-	json_cleanup
-}
-
-# Find the IP of a corresponding mac from arp table
-get_ipaddress() {
-	local clients ip mac host
-
-	json_load "$(cat ${CLIENT_LIST})"
-	json_get_keys keys
-
-	# jshn seems a bit iffy on having : in key, replace by _
-	json_select "${1//:/_}" 2 > /dev/null
-	json_get_var ip ip
-
-	echo "$ip"
-}
-
-validate_rule_section()
-{
-	uci_validate_section easy_qos rule "${1}" \
-		'priority:string' \
-		'macaddr:string' \
-		'proto:string:none' \
-		'port:list(uinteger)' \
-		'comment:string:none'
-}
-
-# Clear existing rules before applying new rules
-clear_existing_rules() {
-	local rule=$(iptables -t mangle -S PREROUTING | grep -m 1 MARK |sed 's/-A/-D/1')
-	while [ -n "${rule}" ]; do
-		exec_log iptables -t mangle ${rule}
-		rule=$(iptables -t mangle -S PREROUTING | grep -m 1 MARK |sed 's/-A/-D/1')
-	done
-}
-
-check_and_create() {
-	iptables -t mangle -C PREROUTING ${@} 2>/dev/null
-	# Create rule if not exists
-	if [ ${?} -ne 0 ]; then
-		exec_log iptables -t mangle -A PREROUTING ${@}
-	else
-		log "Rule exists for ${@}"
-	fi
-}
-
-create_rule() {
-	local proto=$1; shift
-	local src_ip=$1; shift
-	local mark="0x$1/0x$1"; shift
-	local ports=$1;
-	local cmd="";
-
-	cmd="-j MARK --set-xmark ${mark}";
-	if [ -n "${ports}" ]; then
-		cmd="--match multiport --dports ${ports} ${cmd}";
-	fi
-
-	if [ "${proto}" == "icmp" ]; then
-		cmd="-p icmp -m icmp --icmp-type 8 $cmd"
-	elif [ "${proto}" == "all" ]; then
-		cmd="-p all $cmd"
-	else
-		cmd="-p ${proto} -m ${proto} $cmd"
-	fi
-	cmd="-s ${src_ip} $cmd"
-
-	check_and_create ${cmd} 
-}
-
-manage_rule() {
-	local cfg="$1"
-	local priority macaddr proto port comment prio_num ip port_list
-
-	validate_rule_section "${1}" || {
-		log "Validation of section failed"
-		return 1;
-	}
-
-	prio_num=$(get_priority ${priority})
-	ip=$(get_ipaddress ${macaddr})
-	port_list=$(echo ${port}|sed 's/ /,/g')
-
-	if [ -n "${ip}" -a -n "${prio_num}" ]; then
-		if [ "${proto}" == "none" -o "${proto}" == "tcpudp" ]; then
-			create_rule tcp ${ip} ${prio_num} ${port_list}
-			create_rule udp ${ip} ${prio_num} ${port_list}
-		else
-			create_rule ${proto} ${ip} ${prio_num} ${port_list}
-		fi
-	fi
-}
-
-reload_service() {
-	clear_existing_rules
-	map_client_entries
-	config_load easy_qos
-	config_foreach manage_rule rule
-	clean_client_entries
-}
-
-start_service() {
-	reload_service
-	echo "Easy QoS installed">/dev/console;
-}
-
-service_triggers() {
-	procd_add_reload_trigger "easy_qos"
-}
-

easy-qos/files/etc/uci-defaults/60-easyqos-reqs

@@ -1,8 +0,0 @@
-# Add firewall include
-uci -q batch <<-EOT
-        delete firewall.easyqos
-        set firewall.easyqos=include
-        set firewall.easyqos.path=/etc/firewall.easyqos
-        set firewall.easyqos.reload=1
-        commit firewall
-EOT

ebtables-extensions/Makefile

@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ebtables-extensions
+PKG_VERSION:=1.0.4
+PKG_LICENSE:=GPL-2.0
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=35fb79f95c47d90e3791c7e126048b451f078f24
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ebtables-extensions.git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+include $(INCLUDE_DIR)/package.mk
+
+define KernelPackage/vlantranslation
+  SUBMENU:=Other modules
+  TITLE:=Kernel module for ebtables VLAN translation
+  FILES:=$(PKG_BUILD_DIR)/src/ebt_vlantranslation.ko
+  DEPENDS+=+kmod-ebtables
+  AUTOLOAD:=$(call AutoLoad,30,ebt_vlantranslation,1)
+  KCONFIG:=
+endef
+
+define KernelPackage/dscp2pbit
+  SUBMENU:=Other modules
+  TITLE:=Kernel module for DSCP-to-Pbit mapping
+  DEPENDS+=+kmod-ebtables
+  FILES:=$(PKG_BUILD_DIR)/src/ebt_dscp2pbit.ko
+  AUTOLOAD:=$(call AutoLoad,30,ebt_dscp2pbit,1)
+  KCONFIG:=
+endef
+
+define KernelPackage/vlantranslation/description
+	Kernel module to enable VLAN translation for ebtables
+endef
+
+define KernelPackage/dscp2pbit/description
+	Kernel module to enableDSCP-to-Pbit mapping for ebtables
+endef
+
+ifeq ($(CONFIG_TARGET_brcmbca),y)
+	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+endif
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ./src/* $(PKG_BUILD_DIR)/
+	$(CP) $(PKG_BUILD_DIR)/src/ebt_vlantranslation.h $(LINUX_DIR)/include/uapi/linux/netfilter_bridge/
+	$(CP) $(PKG_BUILD_DIR)/src/ebt_dscp2pbit.h $(LINUX_DIR)/include/uapi/linux/netfilter_bridge/
+endef
+else
+define Build/Prepare
+	$(Build/Prepare/Default)
+	$(CP) $(PKG_BUILD_DIR)/src/ebt_vlantranslation.h $(LINUX_DIR)/include/uapi/linux/netfilter_bridge/
+	$(CP) $(PKG_BUILD_DIR)/src/ebt_dscp2pbit.h $(LINUX_DIR)/include/uapi/linux/netfilter_bridge/
+endef
+endif
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/include/uapi/linux/netfilter_bridge/
+	$(CP) $(PKG_BUILD_DIR)/src/ebt_vlantranslation.h $(1)/include/uapi/linux/netfilter_bridge/
+	$(CP) $(PKG_BUILD_DIR)/src/ebt_dscp2pbit.h $(1)/include/uapi/linux/netfilter_bridge/
+endef
+
+KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
+
+define Build/Compile
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src" modules
+endef
+
+$(eval $(call KernelPackage,vlantranslation))
+$(eval $(call KernelPackage,dscp2pbit))

emctrl2/Makefile

@@ -0,0 +1,29 @@
+#
+# Copyright (C) 2020-2024 iopsys
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=emctrl2
+PKG_VERSION:=1.0.0
+
+PKG_LICENSE:=BSD-3-Clause
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/emctrl2
+ CATEGORY:=Utilities
+ TITLE:= EasyMesh Controller V2
+ DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api
+endef
+
+define Package/emctrl2/description
+	Em Controller to provide extended WiFi DataElement features
+endef
+
+define Package/emctrl2/install
+	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/libemctrl2.so $(1) wifidmd
+endef
+
+$(eval $(call BuildPackage,emctrl2))

emctrl2/src/Makefile

@@ -0,0 +1,21 @@
+LIBOUT := libemctrl2.so
+
+LIBOBJS := datamodel_override.o
+
+PROG_CFLAGS = $(CFLAGS) -Wno-unused-parameter -fstrict-aliasing -g
+LIB_LDFLAGS = $(LDFLAGS)
+
+FPIC := -fPIC
+
+.PHONY: all
+
+%.o: %.c
+	$(CC) $(PROG_CFLAGS) $(FPIC) -c -o $@ $<
+
+all: $(LIBOUT)
+
+$(LIBOUT): $(LIBOBJS)
+	$(CC) $(PROG_CFLAGS) $(LIB_LDFLAGS) -shared -o $@ $^
+
+clean:
+	rm -f *.o $(LIBOUT)

emctrl2/src/datamodel_override.c

@@ -0,0 +1,546 @@
+/*
+ * Copyright (C) 2023 iopsys Software Solutions AB
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ *	Author: <Name> <Surname> <name.surname@iopsys.eu>
+ */
+
+#include <libbbfdm-api/dmcommon.h>
+
+
+/*************************************************************
+* ENTRY METHOD
+**************************************************************/
+static int browseWiFiDataElementsNetworkSSIDInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+{
+	//TODO
+	struct dm_data *curr_data = NULL;
+	char *inst = NULL, *mld_id = NULL;
+
+	// loop to create multiple multi-instance objects
+	for(int i=0; i<=1; i++) {
+		char inst[3] = {0};
+
+		// inst is instance number for the object
+		snprintf(inst, sizeof(inst), "%d", i+1);
+		// This API creates instance, curr_data is to pass some instance specific information to child object, children can access this info from *prev_data
+		if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)curr_data, inst) == DM_STOP)
+			break;
+	}
+	return 0;
+}
+
+static int browseWiFiDataElementsNetworkDeviceDefault8021QInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+{
+	//TODO
+	BBF_ERR("Debug print");
+	// Instances can be created statically as well
+	DM_LINK_INST_OBJ(dmctx, parent_node, prev_data, "1");
+	return 0;
+}
+
+static int browseWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+{
+	//TODO
+	BBF_ERR("Debug print");
+	return 0;
+}
+
+/*************************************************************
+* ADD & DEL OBJ
+**************************************************************/
+static int addObjWiFiDataElementsNetworkDeviceDefault8021Q(char *refparam, struct dmctx *ctx, void *data, char **instance)
+{
+	//TODO
+	return 0;
+}
+
+static int delObjWiFiDataElementsNetworkDeviceDefault8021Q(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action)
+{
+	//TODO
+	return 0;
+}
+
+/*************************************************************
+* GET & SET PARAM
+**************************************************************/
+static int get_WiFiDataElementsNetwork_SSIDNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	int cnt = get_number_of_entries(ctx, data, instance, browseWiFiDataElementsNetworkSSIDInst);
+	dmasprintf(value, "%d", cnt);
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_SSID(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_Band(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_AKMsAllowed(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_SuiteSelector(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_AdvertisementEnabled(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_MFPConfig(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_MobilityDomain(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkSSID_HaulType(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDevice_TrafficSeparationAllowed(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDevice_Default8021QNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	int cnt = get_number_of_entries(ctx, data, instance, browseWiFiDataElementsNetworkDeviceDefault8021QInst);
+	dmasprintf(value, "%d", cnt);
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceDefault8021Q_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int set_WiFiDataElementsNetworkDeviceDefault8021Q_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+	switch (action)	{
+		case VALUECHECK:
+			if (bbfdm_validate_boolean(ctx, value))
+				return FAULT_9007;
+			break;
+		case VALUESET:
+			//TODO
+			break;
+	}
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int set_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+	switch (action)	{
+		case VALUECHECK:
+			if (bbfdm_validate_unsignedInt(ctx, value, RANGE_ARGS{{NULL,"4095"}}, 1))
+				return FAULT_9007;
+			break;
+		case VALUESET:
+			//TODO
+			break;
+	}
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int set_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+	switch (action)	{
+		case VALUECHECK:
+			if (bbfdm_validate_unsignedInt(ctx, value, RANGE_ARGS{{NULL,"7"}}, 1))
+				return FAULT_9007;
+			break;
+		case VALUESET:
+			//TODO
+			break;
+	}
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_Time(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APOrigin(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_TriggerEvent(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringApproach(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APDestination(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringDuration(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	//TODO
+	return 0;
+}
+
+static int get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_SteeringHistoryNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+	int cnt = get_number_of_entries(ctx, data, instance, browseWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryInst);
+	dmasprintf(value, "%d", cnt);
+	return 0;
+}
+
+/*************************************************************
+* OPERATE COMMANDS
+**************************************************************/
+static operation_args wifidataelementsnetwork_settrafficseparation_args = {
+    .in = (const char *[]) {
+        "Enable",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetwork_SetTrafficSeparation(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetwork_settrafficseparation_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetwork_SetTrafficSeparation(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetwork_setpreferredbackhauls_args = {
+    .in = (const char *[]) {
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetwork_SetPreferredBackhauls(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetwork_setpreferredbackhauls_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetwork_SetPreferredBackhauls(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetwork_setssid_args = {
+    .in = (const char *[]) {
+        "SSID",
+        "Enable",
+        "AddRemoveChange",
+        "PassPhrase",
+        "Band",
+        "AKMsAllowed",
+        "SuiteSelector",
+        "AdvertisementEnabled",
+        "MFPConfig",
+        "MobilityDomain",
+        "HaulType",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetwork_SetSSID(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetwork_setssid_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetwork_SetSSID(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetwork_setmscsdisallowed_args = {
+    .in = (const char *[]) {
+        "MSCSDisallowedStaList",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static operation_args wifidataelementsnetworkdevice_setstasteeringstate_args = {
+    .in = (const char *[]) {
+        "Disallowed",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDevice_SetSTASteeringState(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdevice_setstasteeringstate_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDevice_SetSTASteeringState(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetworkdevicemultiapdevicebackhaul_steerwifibackhaul_args = {
+    .in = (const char *[]) {
+        "TargetBSS",
+        "Channel",
+        "TimeOut",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdevicemultiapdevicebackhaul_steerwifibackhaul_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetworkdeviceradio_channelscanrequest_args = {
+    .in = (const char *[]) {
+        "OpClass",
+        "ChannelList",
+        "ScanType",
+        "DwellTime",
+        "DFSDwellTime",
+        "HomeTime",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdeviceradio_channelscanrequest_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+
+static operation_args wifidataelementsnetworkdeviceradiobssstamultiapsta_btmrequest_args = {
+    .in = (const char *[]) {
+        "DisassociationImminent",
+        "DisassociationTimer",
+        "BSSTerminationDuration",
+        "ValidityInterval",
+        "SteeringTimer",
+        "TargetBSS",
+        NULL
+    },
+    .out = (const char *[]) {
+        "Status",
+        NULL
+    }
+};
+
+static int get_operate_args_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+    *value = (char *)&wifidataelementsnetworkdeviceradiobssstamultiapsta_btmrequest_args;
+    return 0;
+}
+
+static int operate_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+    //TODO
+    return 0;
+}
+/**********************************************************************************************************************************
+*                                            OBJ & PARAM DEFINITION
+***********************************************************************************************************************************/
+DMLEAF tWiFiDataElementsNetworkParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SSIDNumberOfEntries", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetwork_SSIDNumberOfEntries, NULL, BBFDM_BOTH},
+{"SetTrafficSeparation()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetwork_SetTrafficSeparation, operate_WiFiDataElementsNetwork_SetTrafficSeparation, BBFDM_USP},
+{"SetPreferredBackhauls()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetwork_SetPreferredBackhauls, operate_WiFiDataElementsNetwork_SetPreferredBackhauls, BBFDM_USP},
+{"SetSSID()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetwork_SetSSID, operate_WiFiDataElementsNetwork_SetSSID, BBFDM_USP},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.SSID.{i}. *** */
+DMLEAF tWiFiDataElementsNetworkSSIDParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SSID", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_SSID, NULL, BBFDM_BOTH},
+{"Band", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_Band, NULL, BBFDM_BOTH},
+{"Enable", &DMREAD, DMT_BOOL, get_WiFiDataElementsNetworkSSID_Enable, NULL, BBFDM_BOTH},
+{"AKMsAllowed", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_AKMsAllowed, NULL, BBFDM_BOTH},
+{"SuiteSelector", &DMREAD, DMT_HEXBIN, get_WiFiDataElementsNetworkSSID_SuiteSelector, NULL, BBFDM_BOTH},
+{"AdvertisementEnabled", &DMREAD, DMT_BOOL, get_WiFiDataElementsNetworkSSID_AdvertisementEnabled, NULL, BBFDM_BOTH},
+{"MFPConfig", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_MFPConfig, NULL, BBFDM_BOTH},
+{"MobilityDomain", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_MobilityDomain, NULL, BBFDM_BOTH},
+{"HaulType", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkSSID_HaulType, NULL, BBFDM_BOTH},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network. *** */
+DMOBJ tWiFiDataElementsNetworkObj[] = {
+/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys */
+{"SSID", &DMREAD, NULL, NULL, NULL, browseWiFiDataElementsNetworkSSIDInst, NULL, NULL, NULL, tWiFiDataElementsNetworkSSIDParams, NULL, BBFDM_BOTH, NULL},
+{0}
+};
+
+DMLEAF tWiFiDataElementsNetworkDeviceParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"TrafficSeparationAllowed", &DMREAD, DMT_BOOL, get_WiFiDataElementsNetworkDevice_TrafficSeparationAllowed, NULL, BBFDM_BOTH},
+{"SetSTASteeringState()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDevice_SetSTASteeringState, operate_WiFiDataElementsNetworkDevice_SetSTASteeringState, BBFDM_USP},
+{"Default8021QNumberOfEntries", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetworkDevice_Default8021QNumberOfEntries, NULL, BBFDM_BOTH},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.Device.{i}.Default8021Q.{i}. *** */
+DMLEAF tWiFiDataElementsNetworkDeviceDefault8021QParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"Enable", &DMWRITE, DMT_BOOL, get_WiFiDataElementsNetworkDeviceDefault8021Q_Enable, set_WiFiDataElementsNetworkDeviceDefault8021Q_Enable, BBFDM_BOTH},
+{"PrimaryVID", &DMWRITE, DMT_UNINT, get_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID, set_WiFiDataElementsNetworkDeviceDefault8021Q_PrimaryVID, BBFDM_BOTH},
+{"DefaultPCP", &DMWRITE, DMT_UNINT, get_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP, set_WiFiDataElementsNetworkDeviceDefault8021Q_DefaultPCP, BBFDM_BOTH},
+{0}
+};
+
+DMOBJ tWiFiDataElementsNetworkDeviceObj[] = {
+/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys, version*/
+{"Default8021Q", &DMWRITE, addObjWiFiDataElementsNetworkDeviceDefault8021Q, delObjWiFiDataElementsNetworkDeviceDefault8021Q, NULL, browseWiFiDataElementsNetworkDeviceDefault8021QInst, NULL, NULL, NULL, tWiFiDataElementsNetworkDeviceDefault8021QParams, NULL, BBFDM_BOTH, NULL},
+{0}
+};
+
+DMLEAF tWiFiDataElementsNetworkDeviceMultiAPDeviceBackhaulParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SteerWiFiBackhaul()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul, operate_WiFiDataElementsNetworkDeviceMultiAPDeviceBackhaul_SteerWiFiBackhaul, BBFDM_USP},
+{0}
+};
+
+
+DMLEAF tWiFiDataElementsNetworkDeviceRadioParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"ChannelScanRequest()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest, operate_WiFiDataElementsNetworkDeviceRadio_ChannelScanRequest, BBFDM_USP},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.BSS.{i}.STA.{i}.MultiAPSTA.SteeringHistory.{i}. *** */
+DMLEAF tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"Time", &DMREAD, DMT_TIME, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_Time, NULL, BBFDM_BOTH},
+{"APOrigin", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APOrigin, NULL, BBFDM_BOTH},
+{"TriggerEvent", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_TriggerEvent, NULL, BBFDM_BOTH},
+{"SteeringApproach", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringApproach, NULL, BBFDM_BOTH},
+{"APDestination", &DMREAD, DMT_STRING, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_APDestination, NULL, BBFDM_BOTH},
+{"SteeringDuration", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistory_SteeringDuration, NULL, BBFDM_BOTH},
+{0}
+};
+
+/* *** Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.BSS.{i}.STA.{i}.MultiAPSTA. *** */
+DMOBJ tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAObj[] = {
+/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys */
+{"SteeringHistory", &DMREAD, NULL, NULL, NULL, browseWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryInst, NULL, NULL, NULL, tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTASteeringHistoryParams, NULL, BBFDM_BOTH, NULL},
+{0}
+};
+
+DMLEAF tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"SteeringHistoryNumberOfEntries", &DMREAD, DMT_UNINT, get_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_SteeringHistoryNumberOfEntries, NULL, BBFDM_BOTH},
+{"BTMRequest()", &DMASYNC, DMT_COMMAND, get_operate_args_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest, operate_WiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTA_BTMRequest, BBFDM_USP},
+{0}
+};
+
+DM_MAP_OBJ tDynamicObj[] = {
+/* parentobj, nextobject, parameter */
+{"Device.WiFi.DataElements.Network.", tWiFiDataElementsNetworkObj, tWiFiDataElementsNetworkParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.", tWiFiDataElementsNetworkDeviceObj, tWiFiDataElementsNetworkDeviceParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.MultiAPDevice.Backhaul.", NULL, tWiFiDataElementsNetworkDeviceMultiAPDeviceBackhaulParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.", NULL, tWiFiDataElementsNetworkDeviceRadioParams},
+{"Device.WiFi.DataElements.Network.Device.{i}.Radio.{i}.BSS.{i}.STA.{i}.MultiAPSTA.", tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAObj,tWiFiDataElementsNetworkDeviceRadioBSSSTAMultiAPSTAParams},
+{0}
+};

ethmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=2.1.7
+PKG_VERSION:=2.1.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=d029ce86fe99b7896f096f68eda3f6caa000ee5f
+PKG_SOURCE_VERSION:=2d35e86cc8dfd7ef4e0d8579f5d314e90faadc90
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

firewallmngr/Config.in

@@ -0,0 +1,12 @@
+if PACKAGE_firewallmngr
+
+menu "Configuration"
+
+config FIREWALLMNGR_PORT_TRIGGER
+	bool "Include Device.NAT.PortTrigger"
+	default y
+	help
+	   Set this option to include support for PortTrigger object.
+
+endmenu
+endif

firewallmngr/Makefile

@@ -1,20 +1,20 @@
 #
-# Copyright (C) 2022-2024 IOPSYS Software Solutions AB
+# Copyright (C) 2024 IOPSYS Software Solutions AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewallmngr
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.0.5
 
-#LOCAL_DEV:=1
-#ifneq ($(LOCAL_DEV),1)
-#PKG_SOURCE_PROTO:=git
-#PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/firewallmngr.git
-#PKG_SOURCE_VERSION:=4f429e25c6e7a69c5171186731bc560befa5a660
-#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-#PKG_MIRROR_HASH:=skip
-#endif
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/firewallmngr.git
+PKG_SOURCE_VERSION:=94246676dc2e2db29b94fcffec1be3cee3ec8e9f
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -22,48 +22,53 @@ PKG_LICENSE_FILES:=LICENSE
 include $(INCLUDE_DIR)/package.mk
 include ../bbfdm/bbfdm.mk
 
-#MAKE_PATH:=src
+MAKE_PATH:=src
 
 define Package/firewallmngr
-  SECTION:=utils
-  CATEGORY:=Utilities
-  SUBMENU:=TRx69
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Package to add Device.Firewall and Device.NAT. data model support.
   DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +firewall
-  TITLE:=Package to add Device.Firewall data model support.
+  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:kmod-ipt-trigger +FIREWALLMNGR_PORT_TRIGGER:kmod-ip6t-trigger
+  DEPENDS+=+FIREWALLMNGR_PORT_TRIGGER:iptables-mod-nfqueue
 endef
 
 define Package/firewallmngr/description
-  Package to add Device.Firewall data model support.
+  Package to add Device.Firewall. and Device.NAT. data model support.
 endef
 
-#ifeq ($(LOCAL_DEV),0)
-#define Build/Prepare
-#	$(CP) -rf ./src/* $(PKG_BUILD_DIR)/
-#endef
-#endif
+define Package/$(PKG_NAME)/config
+        source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/firewallmngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
+	TARGET_CFLAGS += -DINCLUDE_PORT_TRIGGER
+endif
 
 define Package/firewallmngr/install
-	$(INSTALL_DIR) $(1)/etc/firewallmngr
-	$(INSTALL_DIR) $(1)/etc/firewallmngr/plugins
 	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/lib/fwmngr
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) ./files/etc/uci-defaults/00-firewallmngr $(1)/etc/uci-defaults/00-firewallmngr
-	$(INSTALL_DATA) ./files/etc/config/firewallmngr  $(1)/etc/config/
-	$(INSTALL_BIN) ./files/etc/init.d/firewallmngr  $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/lib/fwmngr/fwmngr.sh  $(1)/lib/fwmngr/
-	$(INSTALL_DATA) ./files/lib/fwmngr/fwmngr_functions.sh  $(1)/lib/fwmngr/
-	$(INSTALL_DATA) ./files/lib/fwmngr/uci_migration.sh  $(1)/lib/fwmngr/
-	$(INSTALL_BIN) ./files/lib/fwmngr/is_intf_bridge  $(1)/lib/fwmngr/
-	$(INSTALL_BIN) ./files/lib/fwmngr/firewallmngr_preconfig  $(1)/lib/fwmngr/
-	$(INSTALL_DATA) ./files/lib/fwmngr/fwmngr_twamp.sh  $(1)/lib/fwmngr/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/firewallmngr $(1)/usr/sbin
+ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/lib/port-trigger
 
-	$(call BbfdmInstallPluginInMicroservice, $(1)/etc/firewallmngr,./files/etc/firewallmngr/firewallmngr.json)
-	$(call BbfdmInstallPluginInMicroservice, $(1)/etc/firewallmngr/plugins,$(PKG_BUILD_DIR)/libbbffirewall.so)
-	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bbfdm/micro_services/firewallmngr.json)
+	$(INSTALL_BIN) ./files/port-trigger/etc/init.d/port-trigger $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/port-trigger/etc/config/port-trigger $(1)/etc/config/
+	$(INSTALL_DATA) ./files/port-trigger/lib/port-trigger/port_trigger.sh $(1)/lib/port-trigger/
+endif
+	$(INSTALL_BIN) ./files/firewall.portmap $(1)/etc/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-portmap-firewall $(1)/etc/uci-defaults/
+
+	$(INSTALL_BIN) ./files/firewall.service $(1)/etc/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/97-firewall-service $(1)/etc/uci-defaults/
+
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libfirewallmngr.so $(1) $(PKG_NAME)
 endef
 
 $(eval $(call BuildPackage,firewallmngr))

firewallmngr/files/etc/bbfdm/micro_services/firewallmngr.json

@@ -1,18 +0,0 @@
-{
-	"daemon": {
-		"config": {
-			"loglevel": "4"
-		},
-		"input": {
-			"type": "JSON",
-			"name": "/etc/firewallmngr/firewallmngr.json",
-			"plugin_dir": "/etc/firewallmngr/plugins"
-		},
-		"output": {
-			"type": "UBUS",
-			"parent_dm": "Device.",
-			"root_obj": "bbfdm",
-			"multiple_objects": ["Firewall","NAT"]
-		}
-	}
-}

firewallmngr/files/etc/config/firewallmngr

@@ -1,160 +0,0 @@
-config firewall 'firewall'
-	option enable '1'
-	option config 'Advanced'
-	option advanced_level 'level1'
-
-config level 'level1'
-	option name 'level1'
-	option chain 'chain1'
-	option port_mapping_enabled '1'
-	option default_policy 'reject'
-	option default_log_policy '0'
-	option enable '1'
-
-config chain 'chain1'
-	option enable '1'
-	option name 'chain1'
-
-config rule 'default_rule_0'
-	option chain 'chain1'
-	option enable '1'
-	option order '1'
-	option name 'Allow-DHCP-Renew'
-	option target 'accept'
-	option src 'wan'
-	option family '4'
-	option proto '17'
-	option dest_port '68'
-
-config rule 'default_rule_1'
-	option chain 'chain1'
-	option enable '1'
-	option order '2'
-	option name 'Allow-Ping'
-	option target 'accept'
-	option src 'wan'
-	list icmp_type 'echo-request'
-	option family '4'
-	option proto '1'
-
-config rule 'default_rule_2'
-	option chain 'chain1'
-	option enable '1'
-	option order '3'
-	option name 'Allow-IGMP'
-	option target 'accept'
-	option src 'wan'
-	option family '4'
-	option proto '2'
-
-config rule 'default_rule_3'
-	option chain 'chain1'
-	option enable '1'
-	option order '4'
-	option name 'Allow-DHCPv6'
-	option target 'accept'
-	option src 'wan'
-	option family '6'
-	option proto '17'
-	option dest_port '546'
-
-config rule 'default_rule_4'
-	option chain 'chain1'
-	option enable '1'
-	option order '5'
-	option name 'Allow-MLD'
-	option target 'accept'
-	option src 'wan'
-	option family '6'
-	option src_ip 'fe80::'
-	option source_mask 'fe80::/10'
-	list icmp_type '130/0'
-	list icmp_type '131/0'
-	list icmp_type '132/0'
-	list icmp_type '143/0'
-	option proto '1'
-
-config rule 'default_rule_5'
-	option chain 'chain1'
-	option enable '1'
-	option order '6'
-	option name 'Allow-ICMPv6-Input'
-	option target 'accept'
-	option src 'wan'
-	option family '6'
-	list icmp_type  'echo-request'
-	list icmp_type  'echo-reply'
-	list icmp_type  'destination-unreachable'
-	list icmp_type  'packet-too-big'
-	list icmp_type  'time-exceeded'
-	list icmp_type  'bad-header'
-	list icmp_type  'unknown-header-type'
-	list icmp_type  'router-solicitation'
-	list icmp_type  'neighbour-solicitation'
-	list icmp_type  'router-advertisement'
-	list icmp_type  'neighbour-advertisement'
-	option limit  '1000/sec'
-	option proto '1'
-
-config rule 'default_rule_6'
-	option chain 'chain1'
-	option enable '1'
-	option order '7'
-	option name 'Allow-ICMPv6-Forward'
-	option target 'accept'
-	option src 'wan'
-	option dest_all_interface '1'
-	option family '6'
-	list icmp_type 'echo-request'
-	list icmp_type 'echo-reply'
-	list icmp_type 'destination-unreachable'
-	list icmp_type 'packet-too-big'
-	list icmp_type 'time-exceeded'
-	list icmp_type 'bad-header'
-	list icmp_type 'unknown-header-type'
-	option limit  '1000/sec'
-	option proto '1'
-
-config rule 'default_rule_7'
-	option chain 'chain1'
-	option enable '1'
-	option order '8'
-	option name 'Allow-IPSec-ESP'
-	option target 'accept'
-	option src 'wan'
-	option dest 'lan'
-	option proto '50'
-
-config rule 'default_rule_8'
-	option chain 'chain1'
-	option enable '1'
-	option order '9'
-	option name 'Allow-ISAKMP'
-	option target 'accept'
-	option src 'wan'
-	option dest 'lan'
-	option proto '17'
-	option dest_port '500'
-
-config rule 'default_rule_9'
-	option chain 'chain1'
-	option enable '1'
-	option order '10'
-	option name 'Support-UDP-Traceroute'
-	option target 'reject'
-	option src 'wan'
-	option family '4'
-	option proto '17'
-	option dest_port '33434'
-	option dest_port_range_max '33689'
-
-config rule 'default_forward_rule'
-	option chain 'chain1'
-	option enable '1'
-	option order '65535'
-	option name 'forward-rule'
-	option src 'lan'
-	option dest 'wan'
-	option proto '-1'
-	option target 'accept'
-

firewallmngr/files/etc/init.d/firewallmngr

@@ -1,27 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=18
-USE_PROCD=1
-
-USE_PROCD=1
-NAME=firewallmngr
-PROG=/usr/sbin/firewallmngr
-
-. /lib/fwmngr/fwmngr.sh
-
-
-start_service() {
-	configure_firewall
-	procd_open_instance firewallmngr
-	procd_set_param command ${PROG}
-	procd_set_param respawn
-	procd_close_instance
-}
-
-boot() {
-	start
-}
-
-service_triggers() {
-	procd_add_reload_trigger firewallmngr
-}

firewallmngr/files/etc/uci-defaults/00-firewallmngr

@@ -1,28 +0,0 @@
-#!/bin/sh
-
-. /lib/fwmngr/fwmngr_functions.sh
-. /lib/fwmngr/uci_migration.sh
-
-
-rule_sec=$(uci show firewall | grep "=rule")
-[ -z "$rule_sec" ] && return
-rule_sec=$(echo $rule_sec | grep "fwmngr")
-
-if [ -z "$rule_sec" ]; then
-	generate_firewallmngr_config
-fi
-if [ -f /etc/firewall.ddos ]; then
-        uci -q get firewall.ddos || {
-                uci -q set firewall.ddos=include
-                uci -q set firewall.ddos.path="/etc/firewall.ddos"
-                uci -q set firewall.ddos.reload=1
-fi
-if [ -f /etc/firewall.protect_port ]; then
-        uci -q get firewall.protect_port || {
-                uci -q set firewall.protect_port='include'
-                uci -q set firewall.protect_port.path='/etc/firewall.protect_port'
-                uci -q set firewall.protect_port.reload='1'
-        }
-fi
-
-

firewallmngr/files/lib/fwmngr/firewallmngr_preconfig

@@ -1,71 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-rule_max_order_val=0
-config_load firewallmngr
-
-firewallmngr_generate_nat_interface_setting() {
-	local intf="$1"
-	local is_bridge="false"
-	local masq="0"
-	local intf_dev
-	local type=""
-	local nat_intf_setting=""
-
-
-	type=$(uci -q get firewallmngr."$intf")
-	[ "$type" = "natif" ] && return
-
-	nat_intf_setting=$(uci  add "firewallmngr" "natif")
-	uci set firewallmngr."$nat_intf_setting".interface="$intf"
-
-	if [ $(/lib/fwmngr/is_intf_bridge "$intf") -eq 1 ]; then
-		uci set firewallmngr."$nat_intf_setting".enabled="0"
-	else
-		uci set firewallmngr."$nat_intf_setting".enabled="1"
-	fi
-
-	uci rename firewallmngr."$nat_intf_setting"="$intf"
-}
-
-firewallmngr_process_rule_interface() {
-	local rule="$1"
-	local src_intf=""
-	local dest_intf=""
-
-	config_get src_intf "$rule" "src"
-	config_get dest_intf "$rule" "dest"
-
-	[ -z "$src_intf" ] || firewallmngr_generate_nat_interface_setting "$src_intf"
-	[ -z "$dest_intf" ] || firewallmngr_generate_nat_interface_setting "$dest_intf"
-}
-
-firewallmngr_process_rule_param() {
-	local order=""
-	config_get order "$1" order
-
-	[ -z "$order" ] && return
-	rule_max_order_val=$(( rule_max_order_val + 1 ))
-	if [ ${order} -gt ${rule_max_order_val} ]; then
-		uci -q set firewallmngr."$1".order="$rule_max_order_val"
-		uci -q reorder firewallmngr."$1"=${rule_max_order_val}
-	fi
-
-	firewallmngr_process_rule_interface "$1"
-}
-
-firewallmngr_set_rule_order() {
-	local order=""
-	config_get order "$1" order
-
-	[ -n "$order" ] && return
-	rule_max_order_val=$(( rule_max_order_val + 1 ))
-	uci -q set firewallmngr."$1".order="$rule_max_order_val"
-	uci -q reorder firewallmngr."$1"=${rule_max_order_val}
-}
-
-config_foreach firewallmngr_process_rule_param rule
-config_foreach firewallmngr_set_rule_order rule
-
-uci commit firewallmngr

firewallmngr/files/lib/fwmngr/fwmngr.sh

@@ -1,265 +0,0 @@
-#!/bin/sh
-#set -x
-
-. /lib/functions.sh
-. /lib/fwmngr/fwmngr_functions.sh
-
-
-fw_rule_sections=""
-fw_redirect_sections=""
-fw_include_sections=""
-
-clean_expiry() {
-	[ -f "/tmp/fw3.atjobs" ] || return
-	for job in $(cat /tmp/fw3.atjobs); do
-		atrm $job 2>/dev/null
-	done
-	rm -f /tmp/fw3.atjobs
-}
-
-schedule_expiry() {
-
-        [ -f "/usr/bin/at" ] || return
-
-        expire_at() {
-                local cfg=$1
-                local expiry atdate
-
-                config_get expiry $cfg expiry
-
-                [ -n "$expiry" ] || return
-
-                atdate="$(date +'%Y%m%d%H%M.%S' -d @$expiry)"
-
-                [ -n "$atdate" ] || return
-
-                sec=$(echo $atdate | cut -d. -f2)
-                at_date=$(echo $atdate | cut -d. -f1)
-
-                echo "sleep $sec && uci -q delete firewallmngr.$cfg; ubus call uci commit '{\"config\":\"firewallmngr\"}'" | \
-                        at -t $at_date 2>&1 | grep job | awk '{print$2}' >> /tmp/fw3.atjobs
-        }
-
-        config_foreach expire_at rule
-        config_foreach expire_at redirect
-}
-
-firewall_cleanup() {
-	local count=1
-
-	list=$(uci show firewall)
-        section_list=$(echo "$list" | grep "fwmngr")
-
-        section_list=$(echo "$section_list" | awk -F. '{ print $2 }')
-        section_list=$(echo "$section_list" | awk -F= '{ print $1 }')
-
-        fw_rule_sections=$(echo "$list" | grep -v fwmngr | grep "=rule")
-        fw_rule_sections=$(echo "$fw_rule_sections" | awk -F= '{ print $1 }')
-        fw_rule_sections=$(echo "$fw_rule_sections" | awk -F. '{ print $2 }')
-        fw_redirect_sections=$(echo "$list" | grep -v fwmngr | grep "=redirect")
-        fw_redirect_sections=$(echo "$fw_redirect_sections" | awk -F= '{ print $1 }')
-        fw_redirect_sections=$(echo "$fw_redirect_sections" | awk -F. '{ print $2 }')
-        fw_include_sections=$(echo "$list" | grep -v fwmngr | grep "=include")
-        fw_include_sections=$(echo "$fw_include_sections" | awk -F= '{ print $1 }')
-        fw_include_sections=$(echo "$fw_include_sections" | awk -F. '{ print $2 }')
-
-        for sec in $section_list; do
-                uci -q delete firewall."$sec"
-        done
-	uci commit firewall
-}
-
-firewallmngr_preload() {
-	firewall_cleanup
-
-	/lib/fwmngr/firewallmngr_preconfig
-}
-
-firewall_handle_section_dmz() {
-	local dmz_cfg="$1"
-	local dest_uci="$2"
-	local dmz_sec=""
-	local enable=""
-	local origin=""
-	local description=""
-	local interface=""
-	local dest_ip=""
-	local source_prefix=""
-	
-	config_get enable "$dmz_cfg" "enabled" 0
-	[ "$enable" = "1" ] || return
-	config_get dest_ip "$dmz_cfg" "dest_ip"
-	config_get interface "$dmz_cfg" "interface"
-	if [ -z "$dest_ip" ] || [ -z "$interface" ]; then
-		return
-	fi
-	config_get origin "$dmz_cfg" "origin"
-	config_get description "$dmz_cfg" "description"
-	config_get source_prefix "$dmz_cfg" "source_prefix"
-
-	if [ "$dest_uci" = "firewall" ]; then
-		zones=$(uci show firewall | grep "=zone")
-		for zn in zones; do
-			zn_arg=$(echo $zn | awk -F= '{ print $1 }')
-			if [ "$interface" = "$(uci -q get $zn_arg.network)" ]; then
-				zn_name=$(uci -q get "$zn_arg".name)
-			fi
-		done
-	fi
-
-	dmz_sec=$(uci add "$dest_uci" redirect)
-	uci set "$dest_uci"."$dmz_sec".src="$zn_name"
-	uci set "$dest_uci"."$dmz_sec".enabled="1"
-	uci set "$dest_uci"."$dmz_sec".dest_ip="$dest_ip"
-	uci set "$dest_uci"."$dmz_sec".origin="$origin"
-	uci set "$dest_uci"."$dmz_sec".src_ip="$source_prefix"
-	uci set "$dest_uci"."$dmz_sec".target="DNAT"
-
-       	uci rename "$dest_uci"."$dmz_sec"="fwmngr_$dmz_cfg"
-}
-
-
-configure_cwmp_rule_option() {
-# default incoming rule is Port only
-	local rule_sec="$1"
-	local enabled="$2"
-	local incoming_rule="$3"
-	local ipaddr="$4"
-	local family="$5"
-	local port="$6"
-	local zone_name="$7"
-
-	uci   set firewall."$rule_sec".enabled="$enabled"
-	uci   set firewall."$rule_sec".src="$zone_name"
-	if [ "$incoming_rule" == "ip_only" ]; then
-		uci   set firewall."$rule_sec".family="$family"
-		uci   set firewall."$rule_sec".src_ip="$ipaddr"
-	elif [ "$incoming_rule" == "port_only" ]; then
-		if [ -n "${port}" ]; then
-			uci   set firewall."$rule_sec".dest_port="$port"
-		fi
-	else
-		uci   set firewall."$rule_sec".family="$family"
-		uci   set firewall."$rule_sec".src_ip="$ipaddr"
-
-		if [ -n "${port}" ]; then
-			uci   set firewall."$rule_sec".dest_port="$port"
-		fi
-	fi
-	uci   set firewall."$rule_sec".name="Open_ACS_port"
-	uci   set firewall."$rule_sec".target="ACCEPT"
-}
-
-handle_cwmp_rules() {
-	get_firewall_zone() {
-		zone="$(uci show firewall|grep network|grep ${1}|cut -d. -f 2)"
-		zone="${zone:-wan}" # defaults to wan zone
-		echo "$zone"
-	}
-
-	enable="$(uci -q get cwmp.cpe.enable)"
-	enable="${enable:-1}"
-
-	if [ "$enable" -eq 0 ]; then
-		return
-	fi
-
-	wan="$(uci -q get cwmp.cpe.default_wan_interface)"
-	wan="${wan:-wan}"
-
-	zone_name="$(get_firewall_zone $wan)"
-
-	port=$(uci -q get cwmp.cpe.port)
-	port="${port:-7547}"
-
-	incoming_rule=$(uci -q get cwmp.cpe.incoming_rule|awk '{print tolower($0)}')
-	incoming_rule="${incoming_rule:-port_only}"
-
-	ipaddr=$(uci -c /var/state -q get icwmp.acs.ip)
-	ip6addr=$(uci -c /var/state -q get icwmp.acs.ip6)
-
-	rule_sec=$(uci   add "firewall" "rule")
-	configure_cwmp_rule_option "$rule_Sec" "$enable" "$incoming_rule" "$ipaddr" "ipv4" "$port" "$zone_name"
-	uci -q reorder firewall."$rule_sec"=0
-
-	rule_sec=$(uci   add "firewall" "rule")
-	configure_cwmp_rule_option "$rule_Sec" "$enable" "$incoming_rule" "$ip6addr" "ipv6" "$port" "$zone_name"
-	uci -q reorder firewall."$rule_sec"=1
-}
-
-handle_section_nat_interface_setting() {
-	local nat_intf_cfg="$1"
-	local interface=""
-	local enable=""
-
-	config_get enable "$nat_intf_cfg" "enabled"
-	[ -z "$enable" ] && return
-	config_get interface "$nat_intf_cfg" "interface"
-	if [ -n "$interface" ]; then
-		create_firewall_zone_config "$interface" "$enable"
-	fi
-}
-
-generate_firewall_config() {
-	local minus_one
-
-
-	firewallmngr_preload
-	uci commit firewallmngr
-	fw_config="$(uci -q get firewallmngr.firewall.config)"
-	[ -z "$fw_config" ] && return
-	[ "$fw_config" = "Advanced" ] || return
-
-#get active chain name
-	chain_name=$(firewallmngr_get_active_chain)
-
-#configure firewall global config
-	global_exist=$(uci -q get firewall.globals)
-	if [ -z "$global_exist" ]; then
-		global_sec=$(uci   add firewall globals)
-		uci   set firewall."$global_sec".enabled="1"
-		uci   rename firewall."$global_sec"="globals"
-	fi
-
-#configure firewall default config
-	default_sec=$(uci  add firewall defaults)
-	uci   set firewall."$default_sec".syn_flood="1"
-	uci   set firewall."$default_sec".input="$INPUT"
-	uci   set firewall."$default_sec".output="$OUTPUT"
-	uci   set firewall."$default_sec".forward="$FORWARD"
-        uci   rename firewall."$default_sec"="fwmngr_default"
-
-	config_load firewallmngr
-	config_foreach handle_section_nat_interface_setting natif
-	uci commit firewall
-#loop through rules in firewallmngr uci and write rule in firewall
-	config_foreach handle_section_firewall_rule rule "$chain_name" "firewall"
-	uci commit firewall
-
-	config_foreach handle_section_nat_port_mapping nat_portmapping "firewall"
-	config_foreach firewall_handle_section_dmz dmz "firewall"
-	config_foreach handle_section_service service "firewall"
-
-#reorder sections to place rule created by user at the end
-	minus_one=$((2**16))
-	for sec in $fw_rule_sections; do
-		uci -q reorder firewall."$sec"=${minus_one}
-	done
-	for sec in $fw_redirect_sections; do
-		uci -q reorder firewall."$sec"=${minus_one}
-	done
-	for sec in $fw_include_sections; do
-		uci -q reorder firewall."$sec"=${minus_one}
-	done
-
-	ubus call uci commit '{"config":"firewall"}'
-	schedule_expiry
-}
-
-configure_firewall () {
-	if ! [ -f "/etc/config/firewall" ]; then
-		touch /etc/config/firewall
-	fi
-	touch /tmp/amit_debug
-	generate_firewall_config
-}

firewallmngr/files/lib/fwmngr/fwmngr_functions.sh

@@ -1,625 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-INPUT="REJECT"
-OUTPUT="ACCEPT"
-FORWARD="REJECT"
-
-firewallmngr_get_active_chain() {
-	local fw_level=""
-	local chain_name=""
-	local fw_level=""
-	local chain=""
-
-	fw_level="$(uci -q get firewallmngr.firewall.advanced_level)"
-	[ -z "$fw_level" ] && return
-	enabled="$(uci -q get firewallmngr."${fw_level}".enable)"
-
-	[ "$enabled" = "1" ] || exit
-
-	chain="$(uci -q get firewallmngr."${fw_level}".chain)"
-	[ -z "$chain" ] && exit
-
-	enabled="$(uci -q get firewallmngr."${chain}".enable)"
-	chain_name="$(uci -q get firewallmngr."${chain}".name)"
-	echo "$chain_name"
-}
-
-
-create_firewall_zone_config() {
-	local intf="$1"
-	local masq="$2"
-	local is_bridge="false"
-	local intf_dev=""
-	local ntwrk=""
-	local interface=$(echo "$intf" | awk -F" " '{ print $1 }')
-
-	type=$(uci -q get firewall."$interface")
-	[ "$type" = "zone" ] && return
-
-	zone_sec=$(uci add "firewall" "zone")
-	uci set firewall."$zone_sec".enabled="$masq"
-	uci set firewall."$zone_sec".name="$interface"
-	uci set firewall."$zone_sec".output="$OUTPUT"
-
-	if [ $(/lib/fwmngr/is_intf_bridge "$interface") -eq 1 ]; then
-		uci set firewall."$zone_sec".input="ACCEPT"
-		uci set firewall."$zone_sec".forward="ACCEPT"
-	else
-		if [ "$(uci -q get firewallmngr.globals.enabled)" = "0" ]; then
-			uci set firewall."$zone_sec".input="ACCEPT"
-		else
-			uci set firewall."$zone_sec".input="REJECT"
-		fi
-		uci set firewall."$zone_sec".forward="REJECT"
-	fi
-	for ntwrk in $intf; do
-		uci add_list firewall."$zone_sec".network="$ntwrk"
-	done
-	uci rename firewall."$zone_sec"="$interface"
-}
-
-firewallmngr_set_ip() {
-	local rule_sec="$1"
-	local src_ip="$2"
-	local dest_ip="$3"
-
-	mask=$(echo "$src_ip"|grep "/")
-	if [ -z "$src_ip" ]; then
-		uci set firewallmngr."$rule_sec".src_ip="$src_ip"
-	else
-		ip=$(echo "$src_ip" | awk -F"/" '{ print $0 }')
-		mask=$(echo "$src_ip" | awk -F"/" '{ print $2 }')
-		uci set firewallmngr."$rule_sec".src_ip="$ip"
-		uci set firewallmngr."$rule_sec".source_mask="$mask"
-	fi
-
-	mask=$(echo "$src_ip"|grep "/")
-	if [ -z "$dest_ip" ]; then
-		uci set firewallmngr."$rule_sec".dest_ip="$dest_ip"
-	else
-		ip=$(echo "$dest_ip" | awk -F"/" '{ print $0 }')
-		mask=$(echo "$dest_ip" | awk -F"/" '{ print $2 }')
-		uci set firewallmngr."$rule_sec".dest_ip="$ip"
-		uci set firewallmngr."$rule_sec".dest_mask="$mask"
-	fi
-}
-
-firewall_set_ip() {
-	local rule_sec="$1"
-	local src_ip="$2"
-	local dest_ip="$3"
-
-	uci set firewall."$rule_sec".src_ip="$src_ip"
-	uci set firewall."$rule_sec".dest_ip="$dest_ip"
-}
-
-firewallmngr_set_port() {
-	local rule_sec="$1"
-	local src_port="$2"
-	local dest_port="$3"
-	local src_port_range_max="$4"
-	local dest_port_range_max="$5"
-
-	range=$(echo "$src_port" | grep ":")
-	if [ -z "$range" ]; then
-		uci set firewallmngr."$rule_sec".src_port="$src_port"
-	else
-		min_port=$(echo "$src_port" | awk -F":" '{ print $1 }')
-		max_port=$(echo "$src_port" | awk -F":" '{ print $2 }')
-
-		uci set firewallmngr."$rule_sec".src_port="$min_port"
-		uci set firewallmngr."$rule_sec".src_port_range_max="$max_port"
-	fi
-	range=$(echo "$dest_port" | grep ":")
-	if [ -z "$range" ]; then
-		uci set firewallmngr."$rule_sec".dest_port="$dest_port"
-	else
-		min_port=$(echo "$dest_port" | awk -F":" '{ print $1 }')
-		max_port=$(echo "$dest_port" | awk -F":" '{ print $2 }')
-
-		uci set firewallmngr."$rule_sec".dest_port="$min_port"
-		uci set firewallmngr."$rule_sec".dest_port_range_max="$max_port"
-	fi
-
-}
-
-firewall_set_port() {
-	local rule_sec="$1"
-	local src_port="$2"
-	local dest_port="$3"
-	local src_port_range_max="$4"
-	local dest_port_range_max="$5"
-
-	if [ -z "$dest_port_range_max" ] || [ "$dest_port_range_max" = "-1" ]; then
-		[ "$dest_port" == "-1" ] || uci set firewall."$rule_sec".dest_port="$dest_port"
-	else
-		uci set firewall."$rule_sec".dest_port="$dest_port:$dest_port_range_max"
-	fi
-
-	if [ -z "$src_port_range_max" ] || [ "$src_port_range_max" = "-1" ]; then
-		[ "$src_port" == "-1" ] || uci set firewall."$rule_sec".src_port="$src_port"
-	else
-		uci set firewall."$rule_sec".src_port="$src_port:$src_port_range_max"
-	fi
-}
-
-firewallmngr_set_interface() {
-	local rule_sec="$1"
-	local src_intf="$2"
-	local dest_intf="$3"
-
-	if [ "$src_intf" = "*" ]; then
-		uci set firewallmngr."$rule_sec".source_all_interfaces="1"
-	else
-		uci set firewallmngr."$rule_sec".source_all_interfaces="0"
-		uci set firewallmngr."$rule_sec".src="$src_intf"
-	fi
-	if [ "$dest_intf" = "*" ]; then
-		uci set firewallmngr."$rule_sec".dest_all_interfaces="1"
-	else
-		uci set firewallmngr."$rule_sec".dest_all_interfaces="0"
-		uci set firewallmngr."$rule_sec".dest="$dest_intf"
-	fi
-
-}
-
-firewall_set_interface() {
-	local rule_sec="$1"
-	local src_intf="$2"
-	local dest_intf="$3"
-	uci set firewall."$rule_sec".src="$src_intf"
-	uci set firewall."$rule_sec".dest="$dest_intf"
-}
-
-
-firewallmngr_get_rule_ip_family() {
-	local version="$1"
-
-	if [ "$version" == "ipv4" ]; then
-		echo "4"
-	elif [ "$version" == "ipv6" ]; then
-		echo "6"
-	else
-		echo "-1"
-	fi
-}
-
-firewall_get_rule_ip_family() {
-	local version="$1"
-
-	if [ "$version" == "4" ]; then
-		echo "ipv4"
-	elif [ "$version" == "6" ]; then
-		echo "ipv6"
-	else
-		echo "-1"
-	fi
-}
-
-firewallmngr_set_ip_family() {
-	local rule_sec="$1"
-	local ip_family="$2"
-
-	if [ -z "$ip_family" ]; then
-		uci set firewallmngr."$rule_sec".family="-1"
-		return
-	fi
-	uci set firewallmngr."$rule_sec".family="$ip_family"
-}
-
-firewall_set_ip_family() {
-	local rule_sec="$1"
-	local ip_family="$2"
-
-	[ "$ip_family" == "-1" ] ||  uci set firewall."$rule_sec".family="$ip_family"
-}
-
-firewallmngr_set_rule_target() {
-	local rule_sec="$1"
-	local target="$2"
-	local targetchain="$3"
-	local action
-	if [ "$target" = "MARK" ]; then
-		uci set firewallmngr."$rule_sec".target="Return"
-	elif [ "$target" = "TargetChain" ]; then
-		uci set firewallmngr."$rule_sec".target="$targetchain"
-	else
-		action=$(echo "$target" | awk '{for(i=1;i<=NF;i++){$i=toupper(substr($i,1,1)) substr($i,2)}} 1')
-		uci set firewallmngr."$rule_sec".target="$action"
-	fi
-}
-
-firewall_set_rule_target() {
-	local rule_sec="$1"
-	local target="$2"
-	local targetchain="$3"
-	if [ "$target" = "Accept" ] || [ "$target" = "accept" ] || [ "$target" = "Reject" ] || [ "$target" = "reject" ] || [ "$target" = "Drop" ] || [ "$target" = "drop" ]; then
-		uci set firewall."$rule_sec".target="$(echo $target | awk '{ print toupper($0) }')"
-	elif [ "$target" = "Retrun" ]; then
-		uci set firewall."$rule_sec".target="MARK"
-	elif [ "$target" = "TargetChain" ]; then
-		uci set firewall."$rule_sec".target="$targetchain"
-	else
-		uci set firewall."$rule_sec".target="DROP"
-	fi
-}
-
-set_rule_protocol() {
-	local rule_sec="$1"
-	local protocol="$2"
-	local rule_rd="$3"
-	local dest_uci="$4"
-
-	set_icmp_type() {
-		uci add_list "$dest_uci"."$rule_sec".icmp_type="$1"
-	}
-
-	if [ -z "$protocol" ] || [ "$protocol" = "0" ] || [ "$protocol" = "all" ] || [ "$protocol" = "-1" ]; then
-		uci set "$dest_uci"."$rule_sec".proto="all"
-		return
-	fi
-
-	if [ "$dest_uci" = "firewallmngr" ]; then
-		protocol=$(grep -m 1 "$protocol" "/etc/protocols" | awk -F" " '{ print $2 }')
-	fi
-	uci set "$dest_uci"."$rule_sec".proto="$protocol"
-	if [ "$protocol" = "1" ] || [ "$protocol" = "icmp" ]; then
-		config_list_foreach "$rule_rd" "icmp_type" set_icmp_type
-	fi
-}
-
-handle_section_firewall_rule() {
-	local rule="$1"
-	local chain_name="$2"
-	local dest_uci="$3"
-	local chain=""
-	local is_enable=""
-	local src_intf=""
-	local ip_version=""
-	local ip_family=""
-	local protocol=""
-	local dest_intf=""
-	local target=""
-	local targetchain=""
-	local desc=""
-	local dest_port=""
-	local src_port=""
-	local src_port_range_max=""
-	local dest_port_range_max=""
-	local src_ip=""
-	local dest_ip=""
-	local source_mac=""
-	local source_all_interfaces=""
-	local dest_all_interfaces=""
-	local source_mask=""
-	local dest_mask=""
-	local limit=""
-	local expiry=""
-	local order=""
-
-	config_get is_enable "$rule" "enable" 1
-	[ "$is_enable" = "1" ] || return
-
-	if [ "$dest_uci" = "firewall" ]; then
-		config_get chain "$rule" "chain"
-		[ "$chain" = "$chain_name" ] || return
-	fi
-
-	config_get desc "$rule" "name"
-	config_get src_intf "$rule" "src"
-	config_get dest_intf "$rule" "dest"
-	config_get ip_version "$rule" "family"
-	function="$dest_uci"_get_rule_ip_family
-	ip_family="$($function $ip_version)"
-	config_get protocol "$rule" "proto"
-	config_get src_port "$rule" "src_port"
-	config_get dest_port "$rule" "dest_port"
-	config_get src_ip "$rule" "src_ip"
-	config_get source_mask "$rule" "source_mask"
-	[ -n "$source_mask" ] && src_ip="${src_ip}/$source_mask"
-	config_get dest_ip "$rule" "dest_ip"
-	config_get dest_mask "$rule" "dest_mask"
-	[ -n "$dest_mask" ] && dest_ip="${dest_ip}/$dest_mask"
-	config_get dest_port_range_max "$rule" "dest_port_range_max"
-	config_get src_port_range_max "$rule" "src_port_range_max"
-	config_get target "$rule" "target"
-	config_get targetchain "$rule" "targetchain"
-	config_get source_mac "$rule" "src_mac"
-	config_get order "$rule" "order"
-	config_get limit "$rule" "limit"
-	config_get expiry "$rule" "expiry"
-	config_get source_all_interfaces "$rule" "source_all_interfaces"
-	[ "$source_all_interfaces" = "1" ] && src_intf="*"
-	config_get dest_all_interfaces "$rule" "dest_all_interfaces"
-	[ "$dest_all_interfaces" = "1" ] && dest_intf="*"
-
-	rule_sec=$(uci add "$dest_uci" rule)
-	uci set "$dest_uci"."$rule_sec".chain="$chain_name"
-	uci set "$dest_uci"."$rule_sec".enabled="1"
-	uci set "$dest_uci"."$rule_sec".name="$desc"
-
-	"$dest_uci"_set_interface "$rule_sec" "$src_intf" "$dest_intf"
-	"$dest_uci"_set_ip_family "$rule_sec" "$ip_family"
-	"$dest_uci"_set_rule_target "$rule_sec" "$target" "$targetchain"
-	set_rule_protocol "$rule_sec" "$protocol" "$rule" "$dest_uci"
-
-	"$dest_uci"_set_port "$rule_sec" "$src_port" "$dest_port" "$src_port_range_max" "$dest_port_range_max"
-
-	"$dest_uci"_set_ip "$rule_sec" "$src_ip" "$dest_ip"
-
-	uci set "$dest_uci"."$rule_sec".src_mac="$source_mac"
-	uci set "$dest_uci"."$rule_sec".order="$order"
-	uci set "$dest_uci"."$rule_sec".limit="$limit"
-	uci set "$dest_uci"."$rule_sec".expiry="$expiry"
-
-	if [ "$dest_uci" = "firewall" ]; then
-        	uci rename "$dest_uci"."$rule_sec"="fwmngr_$rule"
-	else
-        	uci rename "$dest_uci"."$rule_sec"="$rule"
-	fi
-}
-
-firewallmngr_configure_service_rule() {
-	local interface="$1"
-	local dest_port="$2"
-	local ip_family="$3"
-	local protocol="$4"
-	local icmp_type="$5"
-	local source_prefix="$6"
-	local action="$7"
-	local service_cfg="$8"
-	local service_sec
-	
-	service_sec_add_list_value() {
-		for value in $1; do
-			uci add_list firewallmngr."$service_sec"."$2"="$value"
-		done
-	}
-
-	service_sec=$(uci add firewall service)
-	uci set firewallmngr."$service_sec".enabled="1"
-	uci set firewallmngr."$service_sec".name="service rule"
-	uci set firewallmngr."$service_sec".src="$interface"
-	uci set firewallmngr."$service_sec".icmp_type="$icmp_type"
-	uci set firewallmngr."$service_sec".family=$(firewallmngr_get_rule_ip_family "$ip_family")
-	firewallmngr_set_rule_target "$service_sec" "$action" ""
-
-	service_sec_add_list_value "$dest_port" "dest_port"
-	service_sec_add_list_value "$protocol" "protocol"
-	service_sec_add_list_value "$source_prefix" "src_prefix"
-
-	uci rename firewallmngr."$service_sec"="${service_cfg}"
-}
-
-firewall_configure_service_rule() {
-	local interface="$1"
-	local dest_port="$2"
-	local ip_family="$3"
-	local protocol="$4"
-	local icmp_type="$5"
-	local source_prefix="$6"
-	local action="$7"
-	local service_cfg="$8"
-	local service_sec
-
-	service_sec=$(uci add firewall rule)
-	uci set firewall."$service_sec".enabled="1"
-	uci set firewall."$service_sec".name="service rule"
-	uci set firewall."$service_sec".src="$interface"
-	[ "$dest_port" == "-1" ] || uci set firewall."$service_sec".dest_port="$dest_port"
-	uci set firewall."$service_sec".family=$(firewall_get_rule_ip_family "$ip_family")
-	[ "$protocol" == "-1" ] || uci set firewall."$service_sec".proto="$protocol"
-	[ "$icmp_type"  == "-1" ] || uci set firewall."$service_sec".icmp_type="$icmp_type"
-	uci set firewall."$service_sec".src_ip="$source_prefix"
-	firewall_set_rule_target "$service_sec" "$action" ""
-
-	[ -z "$service_cfg" ] || uci rename firewall."$service_sec"="fwmngr_${service_cfg}"
-}
-
-handle_section_service() {
-	local service_cfg="$1"
-	local dest_uci="$2"
-	local service_sec=""
-	local enable=""
-	local interface=""
-	local dest_port=""
-	local protocol=""
-	local icmp_type=""
-	local source_prefix=""
-	local action=""
-	local ip_family=""
-
-	get_service_proto_list() {
-		protocol="$protocol $1"
-	}
-	get_service_src_prefix_list() {
-		source_prefix="$source_prefix $1"
-	}
-	get_service_dest_port_list() {
-		dest_port="$dest_port $1"
-	}
-
-	config_get enable "$service_cfg" "enable" 0
-	[ "$enable" == "1" ] || return
-	config_get interface "$service_cfg" "interface"
-	[ -z "$interface" ] && return
-	config_get ip_family "$service_cfg" "family"
-
-	config_list_foreach "$service_cfg" "proto" get_service_proto_list
-	config_list_foreach "$service_cfg" "dest_port" get_service_dest_port_list
-	config_list_foreach "$service_cfg" "src_prefix" get_service_src_prefix_list
-
-	config_get icmp_type "$service_cfg" "icmp_type"
-	config_get action "$service_cfg" "target"
-
-	"$dest_uci"_configure_service_rule "$interface" "$dest_port" "$ip_family" "$protocol" "$icmp_type" "$source_prefix" "$action" "$service_cfg"
-
-}
-
-firewallmngr_set_all_intf_src_dip() {
-	local redirect_section="$1"
-	local zn_name="$2"
-	local all_interface="$3"
-
-	config_get src_dip "$redirect_section" "src_dip"
-
-	if [ "$src_dip" = "*" ]; then
-		uci set firewallmngr."$redirect_sec".all_interface="1"
-	else
-		uci set firewallmngr."$redirect_sec".all_interface="0"
-	fi
-}
-
-firewall_set_all_intf_src_dip() {
-	local redirect_section="$1"
-	local zn_name="$2"
-	local all_interface="$3"
-
-	if [ "$all_interface" = "1" ]; then
-		if [ -z "$zn_name" ]; then
-			uci set firewall."$redirect_sec".src="wan"
-		else
-			uci set firewall."$redirect_sec".src="$zn_name"
-		fi
-		uci set firewall."$redirect_sec".src_dip="*"
-	else
-		uci set firewall."$redirect_sec".src="$zn_name"
-		uci set firewall."$redirect_sec".src_dip=""
-	fi
-}
-
-firewallmngr_set_src_dport() {
-        local redirect_sec="$1"
-        lodcal external_port="$2"
-        local external_port_end="$3"
-
-	range=$(echo "$external_port" | grep "-")
-	if [ -z "$range" ]; then
-		uci set firewallmngr."$redirect_sec".src_dport="$external_port"
-	else
-		min_port=$(echo "$external_port" | awk -F"-" '{ print $1 }')
-		max_port=$(echo "$external_port" | awk -F"-" '{ print $2 }')
-
-		uci set firewallmngr."$redirect_sec".src_dport="$min_port"
-		uci set firewallmngr."$redirect_sec".src_dport_end="$max_port"
-	fi
-} 
-
-firewall_set_src_dport() {
-        local redirect_sec="$1"
-        local external_port="$2"
-        local external_port_end="$3"
-
-	if [ "$external_port_end" = "0" ]; then
-		if ! [ "$external_port" = "0" ]; then
-			uci set firewall."$redirect_sec".src_dport="$external_port"
-		fi
-	else
-		uci set firewall."$redirect_sec".src_dport="$external_port-$external_port_end"
-	fi
-} 
-
-
-# handling for firewallmngr to firewall
-handle_section_nat_port_mapping() {
-	local nat_port_cfg="$1"
-	local dest_uci="$2"
-	local enable=""
-	local interface=""
-	local all_interface=""
-	local lease_duration=""
-	local remote_host=""
-	local external_port=""
-	local external_port_end=""
-	local internal_port=""
-	local protocol=""
-	local internal_client=""
-	local description=""
-	local redirect_sec=""
-	local epoch_sec=""
-	local stop_epoch=""
-	local stop_ymd=""
-	local stop_hms=""
-	local zn_name=""
-
-	config_get enable "$nat_port_cfg" "enabled"
-	config_get interface "$nat_port_cfg" "src"
-
-	if [ "$dest_uci" = "firewall" ]; then
-		zones=$(uci show firewall | grep "=zone")
-		for zn in zones; do
-			zn_arg=$(echo $zn | awk -F= '{ print $1 }')
-			if [ "$interface" = "$(uci -q get $zn_arg.network)" ]; then
-				zn_name=$(uci -q get "$zn_arg".name)
-				masq=$(uci -q get "$zn_arg".masq)
-			fi
-		done
-		if [ -z "$enable" ] && ! [ "$masq" = "1" ]; then
-			return
-		fi
-	fi
-
-	config_get internal_client "$nat_port_cfg" "dest_ip"
-	config_get all_interface "$nat_port_cfg" "all_interface"
-	config_get lease_duration "$nat_port_cfg" "lease_duration"
-	config_get remote_host "$nat_port_cfg" "src_ip"
-	config_get external_port "$nat_port_cfg" "src_dport" "0"
-	config_get external_port_end "$nat_port_cfg" "src_dport_end" "0"
-	config_get internal_port "$nat_port_cfg" "dest_port"
-	config_get protocol "$nat_port_cfg" "proto"
-	protocol=$(echo $protocol | awk '{ print tolower($0) }')
-	config_get description "$nat_port_cfg" "name"
-
-	redirect_sec=$(uci add "$dest_uci" redirect)
-
-	"dest_uci"_set_all_intf_src_dip "$redirect_sec" "$zn_name" "$all_interface"
-
-	if [ "$dest_uci" = "firewall" ]; then
-		if [ -n "$lease_duration" ] && ! [ "$lease_duration" == "0" ]; then
-			epoch_sec=$(date +%s)
-			stop_epoch=$(( epoch_sec + lease_duration ))
-			stop_ymd=$(date -d @${stop_epoh} +%Y-%m-%d)
-			stop_hms=$(date -d @${stop_epoch} +%H:%M:%S)
-			uci set "$dest_uci"."$redirect_sec".stop_date="$stop_ymd"
-			uci set "$dest_uci"."$redirect_sec".stop_time="$stop_hms"
-		fi
-	fi
-
-	"$dest_uci"_set_src_dport "$redirect_section" "$external_port" "$external_port_end"
-
-	uci  set "$dest_uci"."$redirect_sec".enabled="1"
-	uci  set "$dest_uci"."$redirect_sec".target="DNAT"
-	uci  set "$dest_uci"."$redirect_sec".dest_ip="$internal_client"
-	[ -z "$protocol" ] || uci set "$dest_uci"."$redirect_sec".proto="$protocol"
-	[ -z "$remote_host" ] || uci  set "$dest_uci"."$redirect_sec".src_ip="$remote_host"
-	[ -z "$internal_port" ] || uci set "$dest_uci"."$redirect_sec".dest_port="$internal_port"
-	[ -z "$description" ] || uci set "$dest_uci"."$redirect_sec".name="$description"
-
-	if [ "$dest_uci" = "firewall" ]; then
-        	uci rename "$dest_uci"."$redirect_sec"="fwmngr_$nat_port_cfg"
-	else
-        	uci rename "$dest_uci"."$redirect_sec"="$nat_port_cfg"
-	fi
-}
-
-handle_include_section() {
-	local include_sec="$1"
-	local dest_uci="$2"
-
-	config_get path "$include_sec" "path"
-	config_get reload "$include_sec" "reload"
-	config_get include_type "$include_sec" "type"
-
-	sec=$(uci   add "$dest_uci" include)
-	[ -z "$path" ] || uci   set "$dest_uci"."$sec".path="$path"
-	[ -z "$reload" ] || uci   set "$dest_uci"."$sec".reload="$reload"
-	[ -z "$include_type" ] || uci   set "$dest_uci"."$sec".type="$include_type"
-	if [ "$dest_uci" = "firewall" ]; then
-        	uci   rename "$dest_uci"."$sec"="fwmngr_$include_sec"
-	else
-        	uci   rename "$dest_uci"."$sec"="$include_sec"
-	fi
-	
-}

firewallmngr/files/lib/fwmngr/fwmngr_twamp.sh

@@ -1,60 +0,0 @@
-#! /bin/sh
-
-active_chain=""
-remove_twamp_reflector_rules() {
-	config_get name "$1" name
-
-	if [ "$name" = "Twamp Reflector Rule" ]; then
-		uci delete firewallmngr."$1"
-	fi
-
-}
-
-handle_twamp_reflector_rules() {
-	local twamp_cfg="$1"
-	local sec_name=""
-	local action="Acept"
-
-	config_get enable "$twamp_cfg" enable "1"
-	config_get port "$twamp_cfg" port
-	config_get interface "$twamp_cfg" interface
-
-	if [ "${enable}" -eq 0 ] || [ -z "$port" ] || [ -z "$interface" ]; then
-		return
-	fi
-	sec_name="twamp_${interface}_${port}"
-	rule_twamp=$(uci add firewallmngr rule)
-	uci set firewallmngr."$rule_twamp".enable="1"
-	uci set firewallmngr."$rule_twamp".chain="$active_chain"
-	uci set firewallmngr."$rule_twamp".dest_port="$port"
-	uci set firewallmngr."$rule_twamp".name="Twamp Reflector Rule"
-	uci set firewallmngr."$rule_twamp".interface="$interface"
-	uci set firewallmngr."$rule_twamp".ip_version="4"
-	uci set firewallmngr."$rule_twamp".protocol="17"
-	uci set firewallmngr."$rule_twamp".target="$action"
-	uci rename firewallmngr."$rule_twamp"="fwmngr_$sec_name"
-}
-
-firewallmngr_get_active_chain() {
-	config_get creator "$1" creator
-	[ "$creator" = "PortMapping" ] && return
-
-	config_get enable "$1" enable
-	if [ -n "$enable" ] && [ "$enable" = "1" ]; then
-		config_get active_chain "$1" name
-	fi
-}
-
-handle_twamp_rules() {
-	twamp_enable=$(uci -q get twamp.twamp.enable)
-
-	config_load firewallmngr
-	config_foreach firewallmngr_get_active_chain chain
-
-	config_foreach remove_twamp_reflector_rules rule
-	config_load twamp
-	if [ -n "$twamp_enable" ] && [ "$twamp_enable" == "1" ]; then
-		config_foreach handle_twamp_reflector_rules twamp_reflector
-	fi
-	uci commit firewallmngr
-}

firewallmngr/files/lib/fwmngr/is_intf_bridge

@@ -1,23 +0,0 @@
-#!/bin/sh
-. /lib/functions.sh
-
-interface=$1
-intf_dev=""
-is_bridge=0
-
-is_device_type_bridge() {
-	local dev
-	local dev_type
-
-	config_get dev "$1" "name"
-	config_get dev_type "$1" "type"
-	if [ "$dev" = "$intf_dev" ] && [ "$dev_type" = "bridge" ]; then
-		is_bridge=1
-	fi
-}
-
-intf_dev=$(uci -q get network."$interface".device)
-config_load network
-config_foreach is_device_type_bridge device 
-
-echo $is_bridge

firewallmngr/files/lib/fwmngr/uci_migration.sh

@@ -1,158 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /lib/fwmngr/fwmngr_functions.sh
-
-uci_mig_include_sections=""
-include_deprecated_list="hosts cwmp dmz mcast twamp portmap service"
-final_include_cfg=""
-
-
-firewallmngr_zone_to_nat_interface_setting() {
-	zone="$1"
-
-	config_get interface "$zone" "network"
-	[ -n "$interface" ] || return
-	config_get enable "$zone" "masq" "0"
-	nat_intf_setting=$(uci add "firewallmngr" "natif")
-	uci set firewallmngr."$nat_intf_setting".enabled="$enable"
-	uci set firewallmngr."$nat_intf_setting".interface="$interface"
-
-	uci rename firewallmngr."$nat_intf_setting"=$(echo "$interface" | awk -F" " '{ print $1 }')
-}
-
-handle_section_forwarding_rule() {
-	local fwd="$1"
-	local chain="$2"
-
-	config_get src_intf "$fwd" "src" 
-	config_get dest_intf "$fwd" "dest"
-
-	rule_sec=$(uci add "firewallmngr" rule)
-	firewallmngr_set_interface "$rule_sec" "$src_intf" "$dest_intf"
-	uci set firewallmngr."$rule_sec".chain="$chain"
-	uci set firewallmngr."$rule_sec".name="$fwd"
-	uci set firewallmngr."$rule_sec".target="accept"
-       	uci rename firewallmngr."$rule_sec"="fwmngr_$fwd"
-}
-
-firewallmngr_handle_section_dmz() {
-	local dmz_cfg="$1"
-	local dest_uci="$2"
-	local dmz_sec=""
-	local enabled=""
-	local origin=""
-	local description=""
-	local interface=""
-	local dest_ip=""
-	local source_prefix=""
-	
-	config_get dest_ip "$dmz_cfg" "dest_ip"
-	config_get interface "$dmz_cfg" "interface"
-	config_get origin "$dmz_cfg" "origin"
-	config_get source_prefix "$dmz_cfg" "source_prefix"
-	config_get description "$dmz_cfg" "description"
-	config_get enabled "$dmz_cfg" "enabled"
-
-	dmz_sec=$(uci add firewallmngr dmz)
-
-	uci set firewallmngr."$dmz_sec".enabled="$enabled"
-	uci set firewallmngr."$dmz_sec".dest_ip="$dest_ip"
-	uci set firewallmngr."$dmz_sec".interface="$interface"
-	uci set firewallmngr."$dmz_sec".origin="$origin"
-	uci set firewallmngr."$dmz_sec".description="$description"
-	uci set firewallmngr."$dmz_sec".source_prefix="$source_prefix"
-
-       	uci rename firewallmngr."$dmz_sec"="$dmz_cfg"
-}
-
-#This call must be triggered from procd boot function
-cleanup_firewallmngr_rule_section() {
-	rule_sec=$(uci show firewallmngr | grep "=rule")
-	for sec in $rule_sec; do
-		rule=$(echo "$sec" | awk -F= '{ print $1 }')
-		uci delete "$rule"
-	done
-	uci commit firewallmngr
-}
-
-firewallmngr_delete_install_dmz_rule() {
-	local dmz_cfgs
-
-	dmz_cfgs=$(uci show firewall | grep "=dmz")
-	for dmz in $dmz_cfgs; do
-		dmz=$(echo $dmz | awk -F= '{ print $1 }')
-		uci del "$dmz"
-	done
-	uci commit firewall
-}
-
-firewall_delete_deprecated_include_section() {
-	new_inc_list=""
-
-	inc_list=$(uci show firewall | grep "=include")
-	for inc in $inc_list; do
-		inc=$(echo "$inc"| awk -F"=" '{ print $1 }')
-
-		inc_name=$(echo "$inc" | awk -F. '{ print $2 }')
-		inc_path=$(uci -q get "$inc".path | awk -F/ '{ print $NF }')
-		inc_file=$(echo "$inc_path" | awk -F. '{ print $2 }')
-
-		inc_ignore=$(echo "$include_deprecated_list"| grep -w "$inc_name")
-		if [ -z "$inc_ignore" ]; then
-			inc_ignore=$(echo "$include_deprecated_list"| grep -w "$inc_file")
-		fi
-		[ -z "$inc_ignore" ] || uci delete "$inc"
-
-	done
-	uci commit firewall
-
-
-}
-
-firewall_backup_include_section() {
-	list=$(uci show firewall)
-        uci_mig_include_sections=$(echo "$list" | grep "=include")
-        uci_mig_include_sections=$(echo "$fw_include_sections" | awk -F= '{ print $1 }')
-        uci_mig_include_sections=$(echo "$fw_include_sections" | awk -F. '{ print $2 }')
-}
-
-firewall_uci_cleanup() {
-# cleanup all sections of firewall uci, firewall uci will be generated by firewallmngr init
-	section_cleanup () {
-		local sec="$1"
-
-		rule_sec=$(uci show firewall | grep "$sec")
-		for rule in $rule_sec; do
-			rule=$(echo "$rule" | awk -F= '{ print $1 }')
-			uci delete "$rule"
-		done
-	}
-
-	section_cleanup "=rule"
-	section_cleanup "=zone"
-	section_cleanup "=redirect"
-	section_cleanup "=dmz"
-	section_cleanup "=service"
-	section_cleanup "=forwarding"
-	section_cleanup "=defaults"
-	section_cleanup "=globals"
-	uci commit firewall
-}
-
-generate_firewallmngr_config() {
-	chain_name=$(firewallmngr_get_active_chain)
-	cleanup_firewallmngr_rule_section
-	config_load firewall
-	config_foreach handle_section_firewall_rule rule "$chain_name" "firewallmngr"
-	config_foreach firewallmngr_zone_to_nat_interface_setting zone 
-	config_foreach handle_section_nat_port_mapping redirect "firewallmngr"
-	config_foreach firewallmngr_handle_section_dmz dmz "firewallmngr"
-	config_foreach handle_section_service service "firewallmngr"
-	config_foreach handle_section_forwarding_rule forwarding "$chain_name"
-
-	uci commit firewallmngr
-
-	firewall_uci_cleanup
-	firewall_delete_deprecated_include_section
-}

firewallmngr/files/port-trigger/etc/config/port-trigger

@@ -0,0 +1 @@
+#port trigger uci file

firewallmngr/files/port-trigger/etc/init.d/port-trigger

@@ -0,0 +1,21 @@
+#!/bin/sh /etc/rc.common
+
+START=65
+STOP=20
+USE_PROCD=1
+
+. /lib/port-trigger/port_trigger.sh
+
+start_service() {
+	port_trigger_handling
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger firewall
+	procd_add_reload_trigger port-trigger
+}
+
+reload_service() {
+	start
+}

firewallmngr/files/port-trigger/lib/port-trigger/port_trigger.sh

@@ -0,0 +1,157 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+process_port_trigger() {
+	local rule_id="$1"
+	local is_enabled=""
+	local duration=""
+	local trigger_dport=""
+	local trigger_dport_end=""
+	local protocol=""
+	local interface=""
+	local open_dport=""
+	local open_dport_end=""
+	local open_protocol=""
+	local ptg_id=""
+	local IP_RULE=""
+	local IP6_RULE=""
+	local IP_RULE_FWD=""
+
+	get_port_trigger() {
+		local ptg_name
+		config_get ptg_name "$1" "name"
+		if [ "$ptg_name" == "$2" ]; then
+			ptg_id="$1"
+			return
+		fi
+	}
+
+	ptg_id=""
+	config_get name "$rule_id" "port_trigger"
+	config_foreach get_port_trigger  "port_trigger" "$name"
+	[ -z "$ptg_id" ] && return
+
+	is_enabled=$(uci -q get port-trigger."$ptg_id".enable)
+
+	if [ -z "$is_enabled" ] || [ "$is_enabled" = "0" ]; then
+		return
+	fi
+
+	protocol=$(uci -q get port-trigger."$ptg_id".protocol)
+	[ -z "$protocol" ] && return
+
+	if [ "$protocol" = "UDP" ] || [ "$protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -p udp"
+		IP6_RULE="$IP6_RULE -p udp"
+		IP_RULE_FWD="$IP_RULE_FWD -p udp"
+	elif [ "$protocol" = "TCP" ] || [ "$protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -p tcp"
+		IP6_RULE="$IP6_RULE -p tcp"
+		IP_RULE_FWD="$IP_RULE_FWD -p tcp"
+	else
+		return
+	fi
+
+	trigger_dport=$(uci -q get port-trigger."$ptg_id".port)
+	[ -z "$trigger_dport" ] && return
+	IP_RULE="$IP_RULE --dport $trigger_dport"
+	IP6_RULE="$IP6_RULE --dport $trigger_dport"
+
+	trigger_dport_end=$(uci -q get port-trigger."$ptg_id".end_port_range)
+	if [ -n "$trigger_dport_end" ]; then
+		IP_RULE="$IP_RULE:$trigger_dport"
+		IP6_RULE="$IP6_RULE:$trigger_dport"
+	fi
+
+	config_get open_protocol "$rule_id" "protocol"
+	if [ "$open_protocol" = "UDP" ] || [ "$open_protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
+		IP6_RULE="$IP6_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
+	elif [ "$open_protocol" = "TCP" ] || [ "$open_protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
+		IP6_RULE="$IP6_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
+	else
+		return
+	fi
+
+	config_get open_dport "$rule_id" "port"
+	[ -z "$open_dport" ] && return
+	IP_RULE="$IP_RULE --trigger-match $open_dport"
+	IP6_RULE="$IP6_RULE --trigger-match $open_dport"
+	IP_RULE_FWD="$IP_RULE_FWD --dport $open_dport"
+
+	config_get open_dport_end "$rule_id" "end_port_range"
+	if [ -z "$open_dport_end" ]; then
+		IP_RULE="$IP_RULE --trigger-relate $open_dport"
+		IP6_RULE="$IP6_RULE --trigger-relate $open_dport"
+	else
+		IP_RULE="$IP_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
+		IP6_RULE="$IP6_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
+		IP_RULE_FWD="$IP_RULE_FWD:$open_dport_end"
+	fi
+
+	duration=$(uci -q get port-trigger."$ptg_id".auto_disable_duration)
+        if [ -n "$duration" ]; then
+                IP_RULE="$IP_RULE --trigger-timeout $duration"
+                IP6_RULE="$IP6_RULE --trigger-timeout $duration"
+        fi
+
+	interface=$(uci -q get port-trigger."$ptg_id".src)
+	[ -z "$interface" ] && return
+	device=$(uci -q get network.$interface.device)
+       	IP_RULE_1="iptables -w -t nat -A prerouting_porttrigger -i $device $IP_RULE"
+       	echo "$IP_RULE_1">>/tmp/port_trigger_iptables
+
+       	IP_RULE_1="ip6tables -w -t nat -A prerouting_porttrigger -i $device $IP6_RULE"
+       	echo "$IP_RULE_1">>/tmp/port_trigger_ip6tables
+
+        if [ -n "$duration" ]; then
+		echo "iptables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in --trigger-timeout $duration">>/tmp/port_trigger_iptables
+		echo "ip6tables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in --trigger-timeout $duration">>/tmp/port_trigger_ip6tables
+
+		echo "iptables -w -t nat -A prerouting_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type dnat --trigger-timeout $duration">>/tmp/port_trigger_iptables
+	else
+		echo "iptables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in">>/tmp/port_trigger_iptables
+		echo "ip6tables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in">>/tmp/port_trigger_ip6tables
+
+		echo "iptables -w -t nat -A prerouting_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type dnat">>/tmp/port_trigger_iptables
+	fi
+}
+
+port_trigger_handling() {
+	rm /tmp/port_trigger_iptables 2> /dev/null
+	rm /tmp/port_trigger_ip6tables 2> /dev/null
+	touch /tmp/port_trigger_iptables
+	touch /tmp/port_trigger_ip6tables
+
+	echo "iptables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t nat -F prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "ip6tables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	echo "ip6tables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+
+	echo "iptables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	ret=$?
+	[ $ret -eq 0 ] && echo "iptables -w -t nat -I PREROUTING -j prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t filter -N forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	ret=$?
+	[ $ret -eq 0 ] && echo "iptables -w -t filter -I forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	echo "iptables -w -t nat -N prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	ret=$?
+	[ $ret -eq 0 ] && echo "iptables -w -t nat -I prerouting_wan_rule -j prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+
+	echo "ip6tables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	ret=$?
+	[ $ret -eq 0 ] && echo "ip6tables -w -t nat -I PREROUTING -j prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	echo "ip6tables -w -t filter -N forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+	ret=$?
+	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
+
+	# Load /etc/config/port-trigger UCI file
+	config_load port-trigger
+	config_foreach process_port_trigger rule
+
+	sh /tmp/port_trigger_iptables
+	sh /tmp/port_trigger_ip6tables
+}

firewallmngr/src/Makefile

@@ -1,34 +0,0 @@
-CC=gcc
-PROG = firewallmngr
-LIB_BBF = libbbffirewall.so
-SRC_DIR = .
-OBJS = $(addprefix $(SRC_DIR)/, firewallmngr.o)
-LIB_OBJS = ./bbf_plugin/firewall.o
-
-DIAG_CFLAGS = -Wall -Wshadow -Wdouble-promotion -Wformat=2 -Wundef -fno-common -Wstrict-prototypes -Wno-declaration-after-statement
-PROG_CFLAGS = $(CFLAGS) $(DIAG_CFLAGS) -Werror -fstrict-aliasing -fPIC
-
-# MUSL has the following issue in snprintf, so it is ignored:
-PROG_CFLAGS += -Wno-format-nonliteral
-
-PROG_LDFLAGS = $(LDFLAGS)
-PROG_LIBS += -luci -lubus -lubox -ljson-c -lblobmsg_json
-
-%.o: %.c
-	$(CC) $(PROG_CFLAGS) $(FPIC) -c -o $@ $<
-
-.PHONY: all clean
-
-all: $(PROG) $(LIB_BBF)
-
-$(PROG): $(OBJS)
-	$(CC) $(PROG_LDFLAGS) -o $@ $^ $(PROG_LIBS)
-
-$(LIB_BBF): $(LIB_OBJS)
-	$(CC) $(PROG_LDFLAGS) -shared -o $@ $^
-
-clean:
-	rm -f *.o $(PROG)
-	make -C bbf_plugin clean
-
-.PHONY: clean

firewallmngr/src/bbf_plugin/Makefile

@@ -1,21 +0,0 @@
-LIB_FIREWALL := libfirewallrule.so
-
-OBJS  := firewall.o
-
-LIB_CFLAGS = $(CFLAGS) -Wall -Werror -fstrict-aliasing
-LIB_LDFLAGS = $(LDFLAGS)
-FPIC := -fPIC
-
-.PHONY: all
-
-%.o: %.c
-	$(CC) $(LIB_CFLAGS) $(FPIC) -c -o $@ $<
-
-all: $(LIB_FIREWALL)
-
-$(LIB_FIREWALL): $(OBJS)
-	$(CC) $(LIB_CFLAGS) $(LIB_LDFLAGS) -shared -o $@ $^
-
-clean:
-	rm -f *.o $(LIB_FIREWALL)
-

firewallmngr/src/bbf_plugin/firewall.c

@@ -1,820 +0,0 @@
-/*
- * Copyright (C) 2023 iopsys Software Solutions AB
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 2.1
- * as published by the Free Software Foundation
- *
- *	Author: Husaam Mehdi <husaam.mehdi@iopsys.eu>
- */
-
-#include <libbbfdm-api/dmcommon.h>
-#include <libbbfdm_api.h>
-
-
-/*************************************************************
-* UTILITY METHODS
-**************************************************************/
-
-static int browseFirewallChainRuleInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
-{
-	struct dm_data *p = NULL;
-	LIST_HEAD(dup_list);
-	char *inst = NULL;
-	char *parent_chain = NULL;
-
-	if (!(((struct dm_data *)prev_data)->config_section)) {
-		return 0;
-	}
-
-	bbf_uci_get_value_by_section(((struct dm_data *)prev_data)->config_section, "name", &parent_chain);
-
-	if (!parent_chain) {
-		return 0;
-	}
-
-	synchronize_specific_config_sections_with_dmmap("firewallmngr", "rule", "dmmap_firewallmngr", &dup_list);
-	list_for_each_entry(p, &dup_list, list) {
-		char *current_chain = NULL;
-
-		bbf_uci_get_value_by_section(p->config_section, "chain", &current_chain);
-		if (!current_chain) {
-			continue;
-		}
-
-		if (DM_STRCMP(current_chain, parent_chain)) {
-			continue;
-		}
-
-		inst = handle_instance(dmctx, parent_node, p->dmmap_section, "firewall_rule_instance", "firewall_rule_alias");
-
-		if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)p, inst) == DM_STOP)
-			break;
-	}
-	free_dmmap_config_dup_list(&dup_list);
-
-	return 0;
-}
-
-
-/*************************************************************
-* ADD & DEL OBJ
-**************************************************************/
-
-static int addObjFirewallChainRule(char *refparam, struct dmctx *ctx, void *data, char **instance)
-{
-	struct uci_section *s = NULL;
-	struct uci_section *dmmap_firewall_rule = NULL;
-	char creation_date[32] = {0};
-	char rule_name[32] = {0};
-	char *parent_chain = NULL;
-	time_t now = time(NULL);
-
-	if (!((struct dm_data *)data)->config_section)
-		return 0;
-
-	bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "name", &parent_chain);
-	if (!parent_chain || !DM_STRLEN(parent_chain))
-		return 0;
-
-	snprintf(rule_name, sizeof(rule_name), "%s_rule_%s", section_name(((struct dm_data *)data)->config_section), *instance);
-
-	// Add rule section
-	dmuci_add_section("firewallmngr", "rule", &s);
-	dmuci_rename_section_by_section(s, rule_name);
-	dmuci_set_value_by_section(s, "name", rule_name);
-	dmuci_set_value_by_section(s, "chain", parent_chain);
-	dmuci_set_value_by_section(s, "target", "0");
-	dmuci_set_value_by_section(s, "enable", "0");
-	dmuci_set_value_by_section(s, "proto", "0");
-
-	// Add rule section in dmmap_firewallmngr file
-	dmuci_add_section_bbfdm("dmmap_firewallmngr", "rule", &dmmap_firewall_rule);
-	dmuci_set_value_by_section(dmmap_firewall_rule, "section_name", rule_name);
-	dmuci_set_value_by_section(dmmap_firewall_rule, "firewall_rule_instance", *instance);
-
-	strftime(creation_date, sizeof(creation_date), "%Y-%m-%dT%H:%M:%SZ", gmtime(&now));
-	dmuci_set_value_by_section(dmmap_firewall_rule, "creation_date", creation_date);
-
-	return 0;
-}
-
-static int delObjFirewallChainRule(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action)
-{
-	switch (del_action) {
-		case DEL_INST:
-			char buf[32] = {0};
-			char *rule_name = NULL;
-			char *rule_order = NULL;
-
-
-			bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "order", &rule_order);
-			bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "name", &rule_name);
-
-
-			snprintf(buf, sizeof(buf), "%lu", DM_STRTOUL(rule_order) + 1);
-
-
-			// Remove section
-			dmuci_delete_by_section(((struct dm_data *)data)->config_section, NULL, NULL);
-
-			// Remove section in dmmap file
-			dmuci_delete_by_section(((struct dm_data *)data)->dmmap_section, NULL, NULL);
-
-			break;
-		case DEL_ALL:
-			//TODO
-			break;
-	}
-	return 0;
-}
-
-/*************************************************************
-* GET & SET PARAM
-**************************************************************/
-
-static int get_FirewallChain_RuleNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	int cnt = get_number_of_entries(ctx, data, instance, browseFirewallChainRuleInst);
-        dmasprintf(value, "%d", cnt);
-	return 0;
-}
-
-static int get_FirewallChainRule_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "enable", "0");
-	return 0;
-}
-
-static int set_FirewallChainRule_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_boolean(ctx, value))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			 bool b = true;
-                        string_to_bool(value, &b);
-
-                        bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "enable", value);
-			break;
-	}
-
-	return 0;
-}
-
-static int get_FirewallChainRule_Status(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-
-       	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "status", "Enabled");
-
-	return 0;
-}
-
-static int get_FirewallChainRule_Order(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "order", "");
-	return 0;
-}
-
-static int set_FirewallChainRule_Order(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_unsignedInt(ctx, value, RANGE_ARGS{{"1",NULL}}, 1))
-				return FAULT_9007;
-
-			break;
-		case VALUESET:
-
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "order", value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_Alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	return bbf_get_alias(ctx, ((struct dm_data *)data)->dmmap_section, "firewall_rule_alias", instance, value);
-}
-
-static int set_FirewallChainRule_Alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	return bbf_set_alias(ctx, ((struct dm_data *)data)->dmmap_section, "firewall_rule_alias", instance, value);
-}
-
-static int get_FirewallChainRule_Description(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "name", "");
-	return 0;
-}
-
-static int set_FirewallChainRule_Description(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, value, -1, 256, NULL, NULL))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "name", value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_Target(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	char *target_arr[] = {"Drop", "Accept", "Reject", "Return", "TargetChain", NULL};
-
-	char *target = NULL;
-
-        target = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "target", "0");
-
-        if (target) {
-                int c = atoi(target);
-
-                if (c >=0 && c < 5)
-                        *value = target_arr[c];
-                else
-                        *value = "Drop";//TODO verify default behaviour
-        }
-	return 0;
-}
-
-static int set_FirewallChainRule_Target(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	char *target_arr[] = {"Drop", "Accept", "Reject", "Return", "TargetChain", NULL};
-
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, value, -1, -1, target_arr, NULL))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			int i = 0;
-                        bool found = false;
-
-                        for (i = 0; i < 5; i++) {
-                                if (!DM_STRCMP(value, target_arr[i])) {
-                                        found = true;
-                                        break;
-                                }
-                        }
-
-                        if (found) {
-				char str[2] = {0};
-				snprintf(str, 2, "%d", i);
-                                bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "target", str);
-                        } else {
-				// TODO correct default behaviour?
-                                bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "target", "DROP");
-                        }
-
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_Log(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "log", "0");
-
-	return 0;
-}
-
-static int set_FirewallChainRule_Log(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_boolean(ctx, value))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bool b = false;
-			string_to_bool(value, &b);
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "log", b ? "1" : "0");
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_CreationDate(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "creation_date", "0001-01-01T00:00:00Z");
-	return 0;
-}
-
-static int get_FirewallChainRule_ExpiryDate(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	char *expiry_date = NULL;
-
-	bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "expiry", &expiry_date);
-
-	if (expiry_date && DM_STRLEN(expiry_date) != 0 && DM_STRTOL(expiry_date) > 0) {
-                char expiry[sizeof "AAAA-MM-JJTHH:MM:SSZ"];
-                time_t time_value = DM_STRTOL(expiry_date);
-
-                strftime(expiry, sizeof expiry, "%Y-%m-%dT%H:%M:%SZ", gmtime(&time_value));
-                *value = dmstrdup(expiry);
-        } else {
-                *value = "9999-12-31T23:59:59Z";
-        }
-
-	return 0;
-}
-
-static int set_FirewallChainRule_ExpiryDate(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	char expiry_date[16];
-	struct tm tm;
-
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_dateTime(ctx, value))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			strptime(value, "%Y-%m-%dT%H:%M:%SZ", &tm);
-			snprintf(expiry_date, sizeof(expiry_date), "%lld", (long long)timegm(&tm));
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "expiry", expiry_date);
-			break;
-	}
-
-	return 0;
-}
-
-static int get_FirewallChainRule_SourceInterface(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	char *linker = NULL;
-
-        bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "src", &linker);
-        bbf_get_reference_param("Device.IP.Interface.", "Name", linker, value);
-
-	return 0;
-}
-
-static int set_FirewallChainRule_SourceInterface(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	char *allowed_objects[] = {"Device.IP.Interface.", NULL};
-        struct dm_reference reference = {0};
-
-	bbf_get_reference_args(value, &reference);
-
-
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, reference.path, -1, 256, NULL, NULL)) {
-				return FAULT_9007;
-			}
-
-
-                        if (dm_validate_allowed_objects(ctx, &reference, allowed_objects))
-                                return FAULT_9007;
-			break;
-		case VALUESET:
-			if (DM_STRLEN(reference.value)) {
-				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "src", reference.value);
-			}
-
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_SourceAllInterfaces(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "source_all_interfaces", "0");
-	return 0;
-}
-
-static int set_FirewallChainRule_SourceAllInterfaces(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_boolean(ctx, value))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bool b = false;
-                        string_to_bool(value, &b);
-
-                        bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "source_all_interfaces", b ? "1" : "0");
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_DestInterface(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	char *linker = NULL;
-
-        bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "dest", &linker);
-        bbf_get_reference_param("Device.IP.Interface.", "Name", linker, value);
-
-	return 0;
-}
-
-static int set_FirewallChainRule_DestInterface(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	char *allowed_objects[] = {"Device.IP.Interface.", NULL};
-        struct dm_reference reference = {0};
-
-        bbf_get_reference_args(value, &reference);
-
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, reference.path, -1, 256, NULL, NULL)) {
-				return FAULT_9007;
-			}
-
-			if (dm_validate_allowed_objects(ctx, &reference, allowed_objects))
-                                return FAULT_9007;
-			break;
-		case VALUESET:
-			if (DM_STRLEN(reference.value)) {
-                                bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "dest", reference.value);
-                        }
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_DestAllInterfaces(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "dest_all_interfaces", "0");
-	return 0;
-}
-
-static int set_FirewallChainRule_DestAllInterfaces(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_boolean(ctx, value))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bool b = false;
-                        string_to_bool(value, &b);
-
-
-                        bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "dest_all_interfaces", b ? "1" : "0");
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_IPVersion(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	char *ipversion = NULL;
-
-	bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "family", &ipversion);
-
-	if (!ipversion) {
-		*value = "-1";
-		return 0;
-	}
-
-	if (strcasecmp(ipversion, "ipv4") == 0) {
-		*value = "4";
-	} else if (strcasecmp(ipversion, "ipv6") == 0) {
-		*value = "6";
-	} else {
-		*value = "-1";
-	}
-
-	return 0;
-}
-
-static int set_FirewallChainRule_IPVersion(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","15"}}, 1))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			if (DM_LSTRCMP(value, "4") == 0)
-				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "ipv4");
-			else if (DM_LSTRCMP(value, "6") == 0)
-				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "ipv6");
-			else if (DM_LSTRCMP(value, "-1") == 0)
-				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "");
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_DestIP(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "dest_ip", "");
-	return 0;
-}
-
-static int set_FirewallChainRule_DestIP(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, value, -1, 45, NULL, IPAddress))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "dest_ip", value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_DestMask(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "dest_mask", "");
-
-	return 0;
-}
-
-static int set_FirewallChainRule_DestMask(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, value, -1, 49, NULL, IPPrefix))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			char *pch = NULL;
-			pch = DM_STRCHR(value, '/');
-                        if (pch == NULL)
-                                return 0;
-			pch++;
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "dest_mask", pch);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_SourceIP(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "src_ip", "");
-
-	return 0;
-}
-
-static int set_FirewallChainRule_SourceIP(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, value, -1, 45, NULL, IPAddress))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "src_ip", value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_SourceMask(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "source_mask", "");
-
-	return 0;
-}
-
-static int set_FirewallChainRule_SourceMask(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, value, -1, 49, NULL, IPPrefix))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			char *pch = NULL;
-			pch = DM_STRCHR(value, '/');
-                        if (pch == NULL)
-                                return 0;
-			pch++;
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "source_mask", pch);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_Protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	char *proto = NULL, buf[256], protocol[32], protocol_nbr[16];
-
-	bbf_uci_get_value_by_section(((struct dm_data *)data)->config_section, "proto", &proto);
-
-	if (!proto || DM_STRLEN(proto) == 0 || strchr(proto, ' ')) {
-		*value = "255";
-		return 0;
-	}
-
-	if (*proto == '0' || strcmp(proto, "all") == 0) {
-		*value = "-1";
-		return 0;
-	}
-
-	if (isdigit_str(proto)) {
-		*value = proto;
-		return 0;
-	}
-
-	FILE *fp = fopen("/etc/protocols", "r");
-	if (fp == NULL)
-		return 0;
-
-	while (fgets (buf , 256 , fp) != NULL) {
-		sscanf(buf, "%31s %15s", protocol, protocol_nbr);
-		if (DM_STRCASECMP(protocol, proto) == 0) {
-			*value = dmstrdup(protocol_nbr);
-			fclose(fp);
-			return 0;
-		}
-	}
-	fclose(fp);
-
-	return 0;
-}
-
-static int set_FirewallChainRule_Protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","255"}}, 1))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "proto", (*value == '-') ? "0" : value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_DestPort(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "dest_port", "-1");
-	return 0;
-}
-
-static int set_FirewallChainRule_DestPort(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","65535"}}, 1))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "dest_port", value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_DestPortRangeMax(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "dest_port_range_max", "-1");
-	return 0;
-}
-
-static int set_FirewallChainRule_DestPortRangeMax(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","65535"}}, 1))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "dest_port_range_max", value);
-		break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_SourcePort(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "source_port", "-1");
-
-	return 0;
-}
-
-static int set_FirewallChainRule_SourcePort(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","65535"}}, 1))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "source_port", value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_SourcePortRangeMax(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "source_port_range_max", "-1");
-
-	return 0;
-}
-
-static int set_FirewallChainRule_SourcePortRangeMax(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","65535"}}, 1))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "source_port_range_max", value);
-			break;
-	}
-	return 0;
-}
-
-static int get_FirewallChainRule_SourceMAC(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
-	*value = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "src_mac", "");
-
-	return 0;
-}
-
-static int set_FirewallChainRule_SourceMAC(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
-	switch (action)	{
-		case VALUECHECK:
-			if (bbfdm_validate_string(ctx, value, -1, 17, NULL, MACAddress))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-                        bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "src_mac", value);
-			break;
-	}
-	return 0;
-}
-
-/**********************************************************************************************************************************
-*                                            OBJ & PARAM DEFINITION
-***********************************************************************************************************************************/
-
-/* *** Device.Firewall.Chain.{i}.Rule.{i}. *** */
-DMLEAF tFirewallChainRuleParams[] = {
-/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
-{"Enable", &DMWRITE, DMT_BOOL, get_FirewallChainRule_Enable, set_FirewallChainRule_Enable, BBFDM_BOTH},
-{"Status", &DMREAD, DMT_STRING, get_FirewallChainRule_Status, NULL, BBFDM_BOTH},
-{"Order", &DMWRITE, DMT_STRING, get_FirewallChainRule_Order, set_FirewallChainRule_Order, BBFDM_BOTH},
-{"Alias", &DMWRITE, DMT_STRING, get_FirewallChainRule_Alias, set_FirewallChainRule_Alias, BBFDM_BOTH},
-{"Description", &DMWRITE, DMT_STRING, get_FirewallChainRule_Description, set_FirewallChainRule_Description, BBFDM_BOTH},
-{"Target", &DMWRITE, DMT_STRING, get_FirewallChainRule_Target, set_FirewallChainRule_Target, BBFDM_BOTH},
-/*{"TargetChain", &DMWRITE, DMT_STRING, get_FirewallChainRule_TargetChain, set_FirewallChainRule_TargetChain, BBFDM_BOTH, DM_FLAG_REFERENCE},*/
-{"Log", &DMWRITE, DMT_BOOL, get_FirewallChainRule_Log, set_FirewallChainRule_Log, BBFDM_BOTH},
-{"CreationDate", &DMREAD, DMT_TIME, get_FirewallChainRule_CreationDate, NULL, BBFDM_BOTH},
-{"ExpiryDate", &DMWRITE, DMT_TIME, get_FirewallChainRule_ExpiryDate, set_FirewallChainRule_ExpiryDate, BBFDM_BOTH},
-{"SourceInterface", &DMWRITE, DMT_STRING, get_FirewallChainRule_SourceInterface, set_FirewallChainRule_SourceInterface, BBFDM_BOTH, DM_FLAG_REFERENCE},
-/*{"SourceInterfaceExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_SourceInterfaceExclude, set_FirewallChainRule_SourceInterfaceExclude, BBFDM_BOTH},*/
-{"SourceAllInterfaces", &DMWRITE, DMT_BOOL, get_FirewallChainRule_SourceAllInterfaces, set_FirewallChainRule_SourceAllInterfaces, BBFDM_BOTH},
-{"DestInterface", &DMWRITE, DMT_STRING, get_FirewallChainRule_DestInterface, set_FirewallChainRule_DestInterface, BBFDM_BOTH, DM_FLAG_REFERENCE},
-/*{"DestInterfaceExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_DestInterfaceExclude, set_FirewallChainRule_DestInterfaceExclude, BBFDM_BOTH},*/
-{"DestAllInterfaces", &DMWRITE, DMT_BOOL, get_FirewallChainRule_DestAllInterfaces, set_FirewallChainRule_DestAllInterfaces, BBFDM_BOTH},
-{"IPVersion", &DMWRITE, DMT_INT, get_FirewallChainRule_IPVersion, set_FirewallChainRule_IPVersion, BBFDM_BOTH},
-{"DestIP", &DMWRITE, DMT_STRING, get_FirewallChainRule_DestIP, set_FirewallChainRule_DestIP, BBFDM_BOTH},
-{"DestMask", &DMWRITE, DMT_STRING, get_FirewallChainRule_DestMask, set_FirewallChainRule_DestMask, BBFDM_BOTH},
-/*{"DestIPExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_DestIPExclude, set_FirewallChainRule_DestIPExclude, BBFDM_BOTH},*/
-{"SourceIP", &DMWRITE, DMT_STRING, get_FirewallChainRule_SourceIP, set_FirewallChainRule_SourceIP, BBFDM_BOTH},
-{"SourceMask", &DMWRITE, DMT_STRING, get_FirewallChainRule_SourceMask, set_FirewallChainRule_SourceMask, BBFDM_BOTH},
-/*{"SourceIPExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_SourceIPExclude, set_FirewallChainRule_SourceIPExclude, BBFDM_BOTH},*/
-{"Protocol", &DMWRITE, DMT_INT, get_FirewallChainRule_Protocol, set_FirewallChainRule_Protocol, BBFDM_BOTH},
-/*{"ProtocolExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_ProtocolExclude, set_FirewallChainRule_ProtocolExclude, BBFDM_BOTH},*/
-{"DestPort", &DMWRITE, DMT_INT, get_FirewallChainRule_DestPort, set_FirewallChainRule_DestPort, BBFDM_BOTH},
-{"DestPortRangeMax", &DMWRITE, DMT_INT, get_FirewallChainRule_DestPortRangeMax, set_FirewallChainRule_DestPortRangeMax, BBFDM_BOTH},
-/*{"DestPortExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_DestPortExclude, set_FirewallChainRule_DestPortExclude, BBFDM_BOTH},*/
-{"SourcePort", &DMWRITE, DMT_INT, get_FirewallChainRule_SourcePort, set_FirewallChainRule_SourcePort, BBFDM_BOTH},
-{"SourcePortRangeMax", &DMWRITE, DMT_INT, get_FirewallChainRule_SourcePortRangeMax, set_FirewallChainRule_SourcePortRangeMax, BBFDM_BOTH},
-/*{"SourcePortExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_SourcePortExclude, set_FirewallChainRule_SourcePortExclude, BBFDM_BOTH},*/
-/*{"DSCP", &DMWRITE, DMT_INT, get_FirewallChainRule_DSCP, set_FirewallChainRule_DSCP, BBFDM_BOTH},*/
-/*{"DSCPExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_DSCPExclude, set_FirewallChainRule_DSCPExclude, BBFDM_BOTH},*/
-/*{"ConnectionState", &DMWRITE, DMT_STRING, get_FirewallChainRule_ConnectionState, set_FirewallChainRule_ConnectionState, BBFDM_BOTH},*/
-{"SourceMAC", &DMWRITE, DMT_STRING, get_FirewallChainRule_SourceMAC, set_FirewallChainRule_SourceMAC, BBFDM_BOTH},
-/*{"SourceMACExclude", &DMWRITE, DMT_BOOL, get_FirewallChainRule_SourceMACExclude, set_FirewallChainRule_SourceMACExclude, BBFDM_BOTH},*/
-{0}
-};
-
-DMLEAF tDeviceFirewallChainRuleParam[] = {
-{"RuleNumberOfEntries", &DMREAD, DMT_UNINT, get_FirewallChain_RuleNumberOfEntries, NULL, BBFDM_BOTH},
-{0}
-};
-
-/* *** Device.Firewall.Chain.{i}. *** */
-DMOBJ tDeviceFirewallChainRuleObj[] = {
-/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys */
-{"Rule", &DMWRITE, addObjFirewallChainRule, delObjFirewallChainRule, NULL, browseFirewallChainRuleInst, NULL, NULL, NULL, tFirewallChainRuleParams, NULL, BBFDM_BOTH, NULL},
-{0}
-};
-
-/* ********** DynamicObj ********** */
-DM_MAP_OBJ tDynamicObj[] = {
-/* parentobj, nextobject, parameter */
-{"Device.Firewall.Chain.", tDeviceFirewallChainRuleObj, tDeviceFirewallChainRuleParam},
-{0}
-};

firewallmngr/src/firewallmngr.c

@@ -1,394 +0,0 @@
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <libubox/blobmsg_json.h>
-#include <libubus.h>
-#include <uci.h>
-#include <json-c/json.h>
-
-
-
-int nat_get_status(struct ubus_context *ctx, struct ubus_object *obj,
-	       struct ubus_request_data *req, const char *method,
-	       struct blob_attr *msg);
-int firewallmngr_get_status(struct ubus_context *ctx_arg, struct ubus_object *obj,
-	       struct ubus_request_data *req, const char *method,
-	       struct blob_attr *msg);
-
-const char *ubus_socket;
-struct ubus_context *ctx = NULL;
-
-enum {
-	STATUS_POLICY_INSTANCE,
-	STATUS_POLICY_MAX
-};
-
-static const struct blobmsg_policy status_policy[STATUS_POLICY_MAX] = {
-			[STATUS_POLICY_INSTANCE] = { .name = "instance", .type = BLOBMSG_TYPE_STRING },
-};
-
-static const struct ubus_method nat_methods[] = {
-	UBUS_METHOD("status", nat_get_status, status_policy),
-};
-
-static struct ubus_object_type nat_object_type =
-        UBUS_OBJECT_TYPE("nat", nat_methods);
-
-static struct ubus_object nat_object = {
-        .name = "nat",
-        .type = &nat_object_type,
-        .methods = nat_methods,
-        .n_methods = ARRAY_SIZE(nat_methods),
-};
-
-static const struct ubus_method firewallmngr_methods[] = {
-	{ .name = "status", .handler = firewallmngr_get_status },
-};
-
-static struct ubus_object_type firewallmngr_object_type =
-        UBUS_OBJECT_TYPE("firewallmngr", firewallmngr_methods);
-
-static struct ubus_object firewallmngr_object = {
-        .name = "firewallmngr",
-        .type = &firewallmngr_object_type,
-        .methods = firewallmngr_methods,
-        .n_methods = ARRAY_SIZE(firewallmngr_methods),
-};
-
-
-
-/**
- *  To expose the firewallmngr object on ubus i.e., firewallmngr or nat with method status
- *  @param context input parameter pointer to ubus context
- *  retrun integer value 0 on success and -1 on failure
- */
-static int firewallmngr_publish_object(struct ubus_context *context, struct ubus_object *obj)
-{
-	int ret;
-	ret = ubus_add_object(context, obj);
-	if (ret) {
-		syslog(LOG_ERR, "Failed to add firewallmngr ubus object: %s\n",
-			ubus_strerror(ret));
-	}
-
-	return ret;
-}
-
-static void nat_get_interfacesetting_status(struct blob_buf *buf, struct uci_package *uci_pkg, struct blob_attr *msg)
-{
-	char *status = "Disabled";
-	struct uci_element *uci_elmnt = NULL;
-	struct blob_attr *tb[STATUS_POLICY_MAX];
-	char instance[20] = {0};
-
-	blobmsg_parse(status_policy, STATUS_POLICY_MAX, tb, blob_data(msg), (unsigned int)blob_len(msg));
-
-	if (!tb[STATUS_POLICY_INSTANCE])
-		return;
-
-	strncpy(instance, blobmsg_data(tb[STATUS_POLICY_INSTANCE]), sizeof(instance)-1);
-
-	uci_foreach_element(&uci_pkg->sections, uci_elmnt) {
-		struct uci_section *uci_sec = uci_to_section(uci_elmnt);
-		
-
-		if (uci_sec && !strcmp(uci_sec->type, "zone")) {
-			struct uci_element *e = NULL;
-			if (strcmp(instance, uci_sec->e.name))
-				continue;
-
-			blobmsg_add_string(buf, "name", uci_sec->e.name);
-			uci_foreach_element(&uci_sec->options, e) {
-				struct uci_option *uci_opn = uci_to_option(e);
-syslog(LOG_INFO,"%s %d \n", __FUNCTION__, __LINE__);
-				if (uci_opn && !strcmp(uci_opn->e.name, "enabled")) {
-					status = (*(uci_opn->v.string) == 'n' || *(uci_opn->v.string) == '0' ) ? "Disabled" : "Enabled";
-					break;
-				}
-			}
-			blobmsg_add_string(buf, "Status", status);
-		}
-
-	}
-}
-
-static void nat_get_portmapping_status(struct blob_buf *buf, struct uci_package *uci_pkg, struct blob_attr *msg)
-{
-	char *status = "Disabled";
-	struct uci_element *uci_elmnt = NULL;
-	struct blob_attr *tb[STATUS_POLICY_MAX];
-	char instance[20] = {0};
-
-	blobmsg_parse(status_policy, STATUS_POLICY_MAX, tb, blob_data(msg), (unsigned int)blob_len(msg));
-
-	if (!tb[STATUS_POLICY_INSTANCE])
-		return;
-
-	strncpy(instance, blobmsg_data(tb[STATUS_POLICY_INSTANCE]), sizeof(instance)-1);
-
-	uci_foreach_element(&uci_pkg->sections, uci_elmnt) {
-		struct uci_section *uci_sec = uci_to_section(uci_elmnt);
-
-		if (uci_sec && !strcmp(uci_sec->type, "redirect")) {
-			struct uci_element *e = NULL;
-			if (strcmp(instance, uci_sec->e.name))
-				continue;
-
-			blobmsg_add_string(buf, "name", uci_sec->e.name);
-			uci_foreach_element(&uci_sec->options, e) {
-				struct uci_option *uci_opn = uci_to_option(e);
-				if (uci_opn && !strcmp(uci_opn->e.name, "enabled")) {
-					status = (*(uci_opn->v.string) == 'n' || *(uci_opn->v.string) == '0' ) ? "Disabled" : "Enabled";
-					break;
-				}
-			}
-			blobmsg_add_string(buf, "Status", status);
-		}
-
-	}
-}
-
-/**
- *  nat_get_status function callback on ubus method nat_status
- *  @param ctx input parameter pointer to ubus context
- *  @param obj input parameter pointer to ubus object in out case nat
- *  @param req input parameter pointer to ubus requested data
- *  @param method input parameter pointer to char method i.e., nat_status
- *  @param msg input parameter pointer containing 
- *  retrun integer value 0 on success and -1 on failure
- */
-int nat_get_status(struct ubus_context *ctx_arg, struct ubus_object *obj,
-	       struct ubus_request_data *req, const char *method,
-	       struct blob_attr *msg)
-{
-	int ret = 0;
-
-	struct blob_buf b = {0};
-	struct uci_package *uci_pkg = NULL;
-	struct uci_context *uci_ctx = uci_alloc_context();
-
-	uci_load(uci_ctx, "firewall", &uci_pkg);                                      
-	if (!uci_pkg) {                                                          
-		syslog(LOG_ERR, "nat Failed to load configuration\n");               
-		goto done;                                                       
-	}
-
-	blob_buf_init(&b, 0);
-
-	nat_get_interfacesetting_status(&b, uci_pkg, msg);
-	nat_get_portmapping_status(&b, uci_pkg, msg);
-
-	ubus_send_reply(ctx_arg, req, b.head);
-
-	blob_buf_free(&b);
-	uci_unload(uci_ctx, uci_pkg);                                            
-done:                                                                           
-	uci_free_context(uci_ctx);
-	return ret;
-
-}
-
-static void firewallmngr_get_service_status(struct blob_buf *buf, struct uci_package *uci_pkg, struct blob_attr *msg)
-{
-	char *status = "Disabled";
-	struct uci_element *uci_elmnt = NULL;
-	struct blob_attr *tb[STATUS_POLICY_MAX];
-	char instance[30] = {0};
-
-	blobmsg_parse(status_policy, STATUS_POLICY_MAX, tb, blob_data(msg), (unsigned int)blob_len(msg));
-
-	if (!tb[STATUS_POLICY_INSTANCE])
-		return;
-
-	strcpy(instance,"fwmngr_");
-	strncat(instance, blobmsg_data(tb[STATUS_POLICY_INSTANCE]), sizeof(instance)-1);
-
-
-	uci_foreach_element(&uci_pkg->sections, uci_elmnt) {
-		struct uci_section *uci_sec = uci_to_section(uci_elmnt);
-
-		if (uci_sec && !strcmp(uci_sec->type, "service")) {
-			struct uci_element *e = NULL;
-			if (strcmp(instance, uci_sec->e.name))
-				continue;
-
-			blobmsg_add_string(buf, "name", uci_sec->e.name);
-			uci_foreach_element(&uci_sec->options, e) {
-				struct uci_option *uci_opn = uci_to_option(e);
-				if (uci_opn && !strcmp(uci_opn->e.name, "enabled")) {
-					status = (*(uci_opn->v.string) == 'n' || *(uci_opn->v.string) == '0' ) ? "Disabled" : "Enabled";
-					break;
-				}
-			}
-			blobmsg_add_string(buf, "Status", status);
-		}
-
-	}
-}
-
-static void firewallmngr_get_dmz_status(struct blob_buf *buf, struct uci_package *uci_pkg, struct blob_attr *msg)
-{
-	char *status = "Disabled";
-	struct uci_element *uci_elmnt = NULL;
-	struct blob_attr *tb[STATUS_POLICY_MAX];
-	char instance[30] = {0};
-
-	blobmsg_parse(status_policy, STATUS_POLICY_MAX, tb, blob_data(msg), (unsigned int)blob_len(msg));
-
-	if (!tb[STATUS_POLICY_INSTANCE])
-		return;
-
-	strcpy(instance,"fwmngr_");
-	strncat(instance, blobmsg_data(tb[STATUS_POLICY_INSTANCE]), sizeof(instance)-1);
-
-
-	uci_foreach_element(&uci_pkg->sections, uci_elmnt) {
-		struct uci_section *uci_sec = uci_to_section(uci_elmnt);
-
-		if (uci_sec && !strcmp(uci_sec->type, "redirect")) {
-			struct uci_element *e = NULL;
-			if (strcmp(instance, uci_sec->e.name))
-				continue;
-
-			blobmsg_add_string(buf, "name", uci_sec->e.name);
-			uci_foreach_element(&uci_sec->options, e) {
-				struct uci_option *uci_opn = uci_to_option(e);
-				if (uci_opn && !strcmp(uci_opn->e.name, "enabled")) {
-					status = (*(uci_opn->v.string) == 'n' || *(uci_opn->v.string) == '0' ) ? "Disabled" : "Enabled";
-					break;
-				}
-			}
-			blobmsg_add_string(buf, "Status", status);
-		}
-
-	}
-}
-
-static void firewallmngr_get_rule_status(struct blob_buf *buf, struct uci_package *uci_pkg, struct blob_attr *msg)
-{
-	char *status = "Disabled";
-	struct uci_element *uci_elmnt = NULL;
-	struct blob_attr *tb[STATUS_POLICY_MAX];
-	char instance[30] = {0};
-
-	blobmsg_parse(status_policy, STATUS_POLICY_MAX, tb, blob_data(msg), (unsigned int)blob_len(msg));
-
-	if (!tb[STATUS_POLICY_INSTANCE])
-		return;
-
-	strcpy(instance,"fwmngr_");
-	strncat(instance, blobmsg_data(tb[STATUS_POLICY_INSTANCE]), sizeof(instance)-1);
-
-	uci_foreach_element(&uci_pkg->sections, uci_elmnt) {
-		struct uci_section *uci_sec = uci_to_section(uci_elmnt);
-
-		if (uci_sec && !strcmp(uci_sec->type, "rule")) {
-			struct uci_element *e = NULL;
-			if (strcmp(instance, uci_sec->e.name))
-				continue;
-
-			blobmsg_add_string(buf, "name", uci_sec->e.name);
-			uci_foreach_element(&uci_sec->options, e) {
-				struct uci_option *uci_opn = uci_to_option(e);
-				if (uci_opn && !strcmp(uci_opn->e.name, "enabled")) {
-					status = (*(uci_opn->v.string) == 'n' || *(uci_opn->v.string) == '0' ) ? "Disabled" : "Enabled";
-					break;
-				}
-			}
-			blobmsg_add_string(buf, "Status", status);
-		}
-
-	}
-}
-
-/**
- *  firewallmngr_get_status function callback on ubus method firewallmngr_status
- *  @param ctx input parameter pointer to ubus context
- *  @param obj input parameter pointer to ubus object in out case firewallmngr
- *  @param req input parameter pointer to ubus requested data
- *  @param method input parameter pointer to char method i.e., firewallmngr_status
- *  @param msg input parameter pointer containing 
- *  retrun integer value 0 on success and -1 on failure
- */
-int firewallmngr_get_status(struct ubus_context *ctx_arg, struct ubus_object *obj,
-	       struct ubus_request_data *req, const char *method,
-	       struct blob_attr *msg)
-{
-	int ret = 0;
-
-	struct blob_buf b = {0};
-	struct uci_package *uci_pkg = NULL;
-	struct uci_context *uci_ctx = uci_alloc_context();
-
-	blob_buf_init(&b, 0);
-	uci_load(uci_ctx, "firewall", &uci_pkg);                                      
-	if (!uci_pkg) {                                                          
-		syslog(LOG_ERR, "firewallmngr Failed to load configuration\n");               
-		uci_free_context(uci_ctx);
-		return ret;                                                       
-	}
-
-	firewallmngr_get_rule_status(&b, uci_pkg, msg);
-	firewallmngr_get_dmz_status(&b, uci_pkg, msg);
-	firewallmngr_get_service_status(&b, uci_pkg, msg);
-
-	ubus_send_reply(ctx_arg, req, b.head);
-
-	blob_buf_free(&b);
-	uci_unload(uci_ctx, uci_pkg);                                            
-	uci_free_context(uci_ctx);
-	return ret;
-
-}
-
-
-/**
- *  Main function for firewallmngr, everything starts here
- *  @param argc input number of input arguments
- *  @param argv input double pointer array of optional command line arguments
- *  retrun integer value 0 on success and -1 on failure
- */
-int main(int argc, char **argv)
-{
-	int ret;
-	int ch;
-
-	while ((ch = getopt(argc, argv, "s:e:")) != -1) {
-		switch (ch) {
-		case 's':
-			ubus_socket = optarg;
-			break;
-		default:
-			break;
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	uloop_init();
-	ctx = ubus_connect(ubus_socket);
-	if (!ctx) {
-		syslog(LOG_ERR, "nat Failed to connect to ubus\n");
-		return -1;
-	}
-
-	ubus_add_uloop(ctx);
-	ret = firewallmngr_publish_object(ctx, &nat_object);
-	if (ret)
-		goto out;
-	ret = firewallmngr_publish_object(ctx, &firewallmngr_object);
-	if (ret)
-		goto out;
-
-	/* Main loop of firewallmngr */
-	uloop_run();
-
- out:
-	ubus_free(ctx);
-	uloop_done();
-
-	return 0;
-}
-

fluent-bit/Makefile

@@ -0,0 +1,176 @@
+#
+# Copyright (C) 2024 IOPSYS
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fluent-bit
+PKG_VERSION:=3.1.0
+PKG_RELEASE:=1
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
+PKG_SOURCE_VERSION=v$(PKG_VERSION)
+PKG_MIRROR_HASH:=9bedfabf859b88a2cfcf51cc17669b83a170e85427ce562131366cb1542b52ae
+endif
+
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/fluent-bit
+	CATEGORY:=Utilities
+	DEPENDS:= +libyaml +libopenssl +libcurl +libatomic +musl-fts +flex +bison
+	TITLE:=Fluent-Bit
+	URL:=https://fluentbit.io/
+endef
+
+define Package/fluent-bit/description
+	Fluent Bit is a super fast, lightweight, and highly scalable logging and metrics processor and forwarder.
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+        $(CP) -rf ./fluent-bit/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+# General options
+TARGET_LDFLAGS +=-lfts -latomic
+
+CMAKE_OPTIONS+= \
+	-DFLB_RELEASE=Yes \
+	-DFLB_SMALL=No \
+	-DEXCLUDE_FROM_ALL=true \
+	-DFLB_SHARED_LIBS=Yes \
+	-DFLB_DEBUG=Yes \
+	-DFLB_ALL=No \
+	-DFLB_JEMALLOC=No \
+	-DFLB_EXAMPLES=No \
+	-DFLB_CHUNK_TRACE=No \
+	-DFLB_BACKTRACE=No \
+	-DFLB_WASM=No \
+	-DFLB_LUAJIT=No
+
+# In plugins
+CMAKE_OPTIONS += \
+	-DFLB_IN_SYSLOG=Yes \
+	-DFLB_IN_CPU=Yes \
+	-DFLB_IN_MEM=Yes \
+	-DFLB_IN_DISK=Yes \
+	-DFLB_IN_EXEC=Yes \
+	-DFLB_IN_HEAD=Yes \
+	-DFLB_IN_FORWARD=No \
+	-DFLB_IN_KMSG=No \
+	-DFLB_IN_PROC=No \
+	-DFLB_IN_RANDOM=No \
+	-DFLB_IN_SERIAL=No \
+	-DFLB_IN_MQTT=No \
+	-DFLB_IN_STDIN=No \
+	-DFLB_IN_SYSTEMD=No \
+	-DFLB_IN_TAIL=No \
+	-DFLB_IN_TCP=No \
+	-DFLB_IN_THERMAL=No \
+	-DFLB_IN_UDP=No \
+	-DFLB_IN_DOCKER=No \
+	-DFLB_IN_EXEC_WASI=No \
+	-DFLB_IN_EVENT_TYPE=No \
+	-DFLB_IN_FLUENTBIT_METRICS=No \
+	-DFLB_IN_KUBERNETES_EVENTS=No \
+	-DFLB_IN_KAFKA=No \
+	-DFLB_IN_LIB=No \
+	-DFLB_IN_SYSTEMD=No \
+	-DFLB_IN_DUMMY=No \
+	-DFLB_IN_NETIF=No \
+	-DFLB_IN_COLLECTD=No \
+	-DFLB_IN_PROMETHEUS_SCRAPE=No \
+	-DFLB_IN_STATSD=No \
+	-DFLB_IN_STORAGE_BACKLOG=No \
+	-DFLB_IN_PODMAN_METRICS=No \
+	-DFLB_IN_OPENTELEMETRY=No \
+	-DFLB_IN_ELASTICSEARCH=No \
+	-DFLB_IN_CALYPTIA_FLEET=No \
+	-DFLB_IN_SPLUNK=No
+	-DFLB_IN_HEALTH=No \
+	-DFLB_IN_WINLOG=No \
+	-DFLB_IN_WINEVTLOG=No
+
+
+# Filter options
+CMAKE_OPTIONS += 
+	-DFLB_FILTER_AWS=No \
+	-DFLB_FILTER_ECS=No \
+	-DFLB_FILTER_KUBERNETES=No \
+	-DFLB_FILTER_LUA=No \
+	-DFLB_FILTER_NEST=No \
+	-DFLB_FILTER_RECORD_MODIFIER=No \
+	-DFLB_FILTER_THROTTLE=No \
+	-DFLB_FILTER_TYPE_CONVERTER=No \
+	-DFLB_FILTER_WASM=No \
+	-DFLB_FILTER_TENSORFLOW=No \
+	-DFLB_FILTER_GEOIP2=No \
+	-DFLB_FILTER_NIGHTFALL=No
+
+# out plugins
+CMAKE_OPTIONS += \
+	-DFLB_OUT_EXIT=Yes \
+	-DFLB_OUT_FORWARD=Yes \
+	-DFLB_OUT_HTTP=Yes \
+	-DFLB_OUT_NATS=Yes \
+	-DFLB_OUT_TCP=Yes \
+	-DFLB_OUT_UDP=Yes \
+	-DFLB_OUT_FILE=Yes \
+	-DFLB_OUT_STDOUT=Yes \
+	-DFLB_OUT_SYSLOG=Yes \
+	-DFLB_OUT_NULL=Yes \
+	-DFLB_OUT_PLOT=No \
+	-DFLB_OUT_AZURE=No \
+	-DFLB_OUT_AZURE_BLOB=No \
+	-DFLB_OUT_AZURE_LOGS_INGESTION=No \
+	-DFLB_OUT_AZURE_KUSTO=No \
+	-DFLB_OUT_BIGQUERY=No \
+	-DFLB_OUT_CALYPTIA=No \
+	-DFLB_OUT_COUNTER=No \
+	-DFLB_OUT_DATADOG=No \
+	-DFLB_OUT_ES=No \
+	-DFLB_OUT_GELF=No \
+	-DFLB_OUT_INFLUXDB=No \
+	-DFLB_OUT_NRLOGS=No \
+	-DFLB_OUT_OPENSEARCH=No \
+	-DFLB_OUT_TD=No \
+	-DFLB_OUT_SKYWALKING=No \
+	-DFLB_OUT_SLACK=No \
+	-DFLB_OUT_SPLUNK=No \
+	-DFLB_OUT_STACKDRIVER=No \
+	-DFLB_OUT_LIB=No \
+	-DFLB_OUT_FLOWCOUNTER=No \
+	-DFLB_OUT_LOGDNA=No \
+	-DFLB_OUT_LOKI=No \
+	-DFLB_OUT_KAFKA=No \
+	-DFLB_OUT_KAFKA_REST=No \
+	-DFLB_OUT_CLOUDWATCH_LOGS=No \
+	-DFLB_OUT_KINESIS_FIREHOSE=No \
+	-DFLB_OUT_KINESIS_STREAMS=No \
+	-DFLB_OUT_OPENTELEMETRY=No \
+	-DFLB_OUT_PROMETHEUS_EXPORTER=No \
+	-DFLB_OUT_PROMETHEUS_REMOTE_WRITE=No \
+	-DFLB_OUT_S3=No \
+	-DFLB_OUT_VIVO_EXPORTER=No \
+	-DFLB_OUT_WEBSOCKET=No \
+	-DFLB_OUT_ORACLE_LOG_ANALYTICS=No \
+	-DFLB_OUT_CHRONICLE=No \
+	-DFLB_OUT_PGSQL=No
+
+define Package/fluent-bit/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/etc/fluent-bit
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/fluent-bit $(1)/usr/sbin/
+	$(INSTALL_DATA) ./files/fluent-bit.conf $(1)/etc/fluent-bit/fluent-bit.conf
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/conf/parsers.conf $(1)/etc/fluent-bit/parsers.conf
+endef
+
+$(eval $(call BuildPackage,fluent-bit))

fluent-bit/files/fluent-bit.conf

@@ -0,0 +1,15 @@
+[SERVICE]
+    flush           3
+    daemon          Off
+    log_level       info
+    parsers_file    /etc/fluent-bit/parsers.conf
+
+[INPUT]
+    name            syslog
+    tag             syslog
+    path            /dev/log
+
+[OUTPUT]
+    name            null
+    match           *
+

fluent-bit/patches/0001-fix_out_file_plugin.patch

@@ -0,0 +1,14 @@
+diff --git a/plugins/out_file/file.c b/plugins/out_file/file.c
+index 2e47c9666..42ace24c6 100644
+--- a/plugins/out_file/file.c
++++ b/plugins/out_file/file.c
+@@ -45,6 +45,9 @@
+ #define NEWLINE "\n"
+ #endif
+ 
++#undef PATH_MAX
++#define PATH_MAX 256
++
+ struct flb_file_conf {
+     const char *out_path;
+     const char *out_file;

gryphon-led-module/Makefile

@@ -28,7 +28,7 @@ define KernelPackage/$(PKG_NAME)
   FILES:=$(PKG_BUILD_DIR)/$(PKG_NAME).$(LINUX_KMOD_SUFFIX)
   KCONFIG:=CONFIG_PACKAGE_kmod-gryphon-led-kernel-module=y
   AUTOLOAD:=$(call AutoLoad,60,$(PKG_NAME))
-  DEPENDS:= +(TARGET_brcmbca):bcmkernel
+  DEPENDS:= +(TARGET_brcmbca):bcm963xx-bsp
   PKG_LICENSE:=GPLv2
   PKG_LICENSE_URL:=
 endef

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.2.3
+PKG_VERSION:=1.2.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b4990b384461f2d1ff75a122a7fa5d9276f211bb
+PKG_SOURCE_VERSION:=aa365710b227ba82b1c43f9cdf497261edb21852
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -22,7 +22,7 @@ PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
-
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 
 define Package/hostmngr
   SECTION:=utils
@@ -60,11 +60,10 @@ MAKE_PATH:=src
 define Package/hostmngr/install
 	$(CP) ./files/etc $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/hostmngr/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/hostmngr $(1)/usr/sbin/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/bbf_plugin/libhostmngr.so $(1)/etc/hostmngr/
 	$(INSTALL_DIR) $(1)/usr/share/hostmngr
 	$(INSTALL_DATA) ./files/scripts/hosts_acl.sh $(1)/usr/share/hostmngr/
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/bbf_plugin/libhostmngr.so $(1) $(PKG_NAME)
 endef
 
 ifeq ($(LOCAL_DEV),1)

hostmngr/files/etc/bbfdm/micro_services/hostmngr.json

@@ -1,18 +0,0 @@
-{
-	"daemon": {
-		"config": {
-			"loglevel": "1"
-		},
-		"input": {
-			"type": "DotSo",
-			"name": "/etc/hostmngr/libhostmngr.so"
-		},
-		"output": {
-			"type": "UBUS",
-			"parent_dm": "Device.",
-			"object": "Hosts",
-			"root_obj": "bbfdm"
-		}
-	}
-}
-

hostmngr/files/scripts/hosts_acl.sh

@@ -7,9 +7,9 @@ next_days=""
 prev_days=""
 schedule_added=""
 
-rule1_needed="0"
-active_chain=""
-rule_count=1
+ACCESS_RULE=""
+IP_RULE=""
+IP_RULE1=""
 
 get_next_day() {
 	local weekday="$1"
@@ -58,32 +58,25 @@ ip_rule_west_zone() {
 	local local_stop_t_h="$4"
 	local utc_start_time="$5"
 	local utc_stop_time="$6"
-	local rule_sec="$7"
-	local rule1_sec="$8"
 
 	if [ "$utc_start_t_h" -lt "$local_start_t_h" ]; then
-		uci set firewallmngr."$rule_sec".start_time="$utc_start_time"
-		uci set firewallmngr."$rule_sec".stop_time="$utc_stop_time"
-
+		IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
 		if [ -n "$next_days" ]; then
-			uci set firewallmngr."$rule_sec".weekdays="$next_days"
+			IP_RULE="$IP_RULE --weekdays $next_days"
 		fi
 	else
 		if [ "$utc_stop_t_h" -lt "$local_stop_t_h" ]; then
-			rule1_needed="1"
-			uci set firewallmngr."$rule_sec".start_time="$utc_start_time"
-			uci set firewallmngr."$rule_sec".stop_time="23:59"
-			uci set firewallmngr."$rule1_sec".start_time="00:00"
-			uci set firewallmngr."$rule1_sec".stop_time="$utc_stop_time"
+			IP_RULE1="$IP_RULE"
+			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop 23:59"
+			IP_RULE1="$IP_RULE1 -m time --timestart 00:00 --timestop $utc_stop_time"
 			if [ -n "$next_days" ]; then
-				uci set firewallmngr."$rule1_sec".weekdays="$next_days"
+				IP_RULE1="$IP_RULE1 --weekdays $next_days"
 			fi
 		else
-			uci set firewallmngr."$rule_sec".start_time="$utc_start_time"
-			uci set firewallmngr."$rule_sec".stop_time="$utc_stop_time"
+			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
 		fi
 		if [ -n "$day" ]; then
-			uci set firewallmngr."$rule_sec".weekdays="$days"
+			IP_RULE="$IP_RULE --weekdays $day"
 		fi
 	fi
 }
@@ -95,35 +88,36 @@ ip_rule_east_zone() {
 	local local_stop_t_h="$4"
 	local utc_start_time="$5"
 	local utc_stop_time="$6"
-	local rule_sec="$7"
-	local rule1_sec="$8"
 
 	if [ "$utc_start_t_h" -lt "$local_start_t_h" ]; then
-		uci set firewallmngr."$rule_sec".start_time="$utc_start_time"
-		uci set firewallmngr."$rule_sec".stop_time="$utc_stop_time"
+		IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
 		if [ -n "$day" ]; then
-			uci set firewallmngr."$rule_sec".weekdays="$days"
+			IP_RULE="$IP_RULE --weekdays $day"
 		fi
 	else
 		if [ "$utc_stop_t_h" -lt "$local_stop_t_h" ]; then
-			rule1_needed="1"
-			uci set firewallmngr."$rule_sec".start_time="00:00"
-			uci set firewallmngr."$rule_sec".stop_time="$utc_stop_time"
-			uci set firewallmngr."$rule1_sec".start_time="$utc_start_time"
-			uci set firewallmngr."$rule1_sec".stop_time="23:59"
+			IP_RULE1="$IP_RULE"
+			IP_RULE="$IP_RULE -m time --timestart 00:00 --timestop $utc_stop_time"
+			IP_RULE1="$IP_RULE1 -m time --timestart $utc_start_time --timestop 23:59"
 			if [ -n "$prev_days" ]; then
-				uci set firewallmngr."$rule1_sec".weekdays="$prev_days"
+				IP_RULE1="$IP_RULE1 --weekdays $prev_days"
 			fi
 		else
-			uci set firewallmngr."$rule_sec".start_time="$utc_start_time"
-			uci set firewallmngr."$rule_sec".stop_time="$utc_stop_time"
+			IP_RULE="$IP_RULE -m time --timestart $utc_start_time --timestop $utc_stop_time"
 		fi
 		if [ -n "$day" ]; then
-			uci set firewallmngr."$rule_sec".weekdays="$days"
+			IP_RULE="$IP_RULE --weekdays $day"
 		fi
 	fi
 }
 
+
+add_access_rule() {
+	local rule="$1"
+	echo "iptables -w -A hosts_forward ${rule}" >> $ACL_FILE
+	echo "ip6tables -w -A hosts_forward ${rule}" >> $ACL_FILE
+}
+
 handle_day_list() {
 	local value=$1
 
@@ -144,12 +138,12 @@ handle_day_list() {
 handle_schedule() {
 	local schd_section="$1"
 	local ac_section="$2"
-	local rule_sec
-	local rule1_sec
 	local acs_id
 	local start_time
 	local duration
 
+	IP_RULE="$ACCESS_RULE"
+	IP_RULE1=""
 	day=""
 	next_days=""
 	prev_days=""
@@ -205,42 +199,24 @@ handle_schedule() {
 	utc_stop_time=$(date -u -d @$(date "+%s" -d "$local_stop_time") +%H:%M)
 	utc_start_hh=$(echo $utc_start_time | awk -F: '{ print $1 }')
 	utc_stop_hh=$(echo $utc_stop_time | awk -F: '{ print $1 }')
-
-	rule_sec=$(uci add "firewallmngr" "rule")
-	rule1_sec=$(uci add "firewallmngr" "rule")
-	uci set firewallmngr."$rule_sec".enable="1"
-	uci set firewallmngr."$rule_sec".chain="$active_chain"
-	uci set firewallmngr."$rule_sec".creator="host_acl"
-	uci set firewallmngr."$rule_sec".source_interface="*"
-	uci set firewallmngr."$rule_sec".dest_interface="*"
-	uci set firewallmngr."$rule_sec".source_mac="$mac_addr"
-	uci set firewallmngr."$rule1_sec".enable="1"
-	uci set firewallmngr."$rule1_sec".chain="$active_chain"
-	uci set firewallmngr."$rule_sec".creator="host_acl"
-	uci set firewallmngr."$rule1_sec".source_interface="*"
-	uci set firewallmngr."$rule1_sec".dest_interface="*"
-	uci set firewallmngr."$rule1_sec".source_mac="$mac_addr"
-
 	if [ "$zone" == "-" ]; then
-		ip_rule_west_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time "$rule_sec" "$rule1_sec"
+		ip_rule_west_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
 	else
-		ip_rule_east_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time "$rule_sec" "$rule1_sec"
+		ip_rule_east_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
 	fi
 
-	uci set firewallmngr.$rule_sec.target="ACCEPT"
-	uci rename firewallmngr."$rule_sec"="fwmngr_host_acl_${rule_count}"
-	rule_count=$(( rule_count + 1 ))
-	if [ "$rule1_needed" == "1" ]; then
-		uci set firewallmngr."$rule1_sec".target="ACCEPT"
-		uci rename firewallmngr."$rule1_sec"="fwmngr_host_acl_${rule_count}"
-		rule_count=$(( rule_count + 1 ))
-	else
-		uci delete firewallmngr."$rule1_sec"
+	IP_RULE="$IP_RULE -j ACCEPT"
+	if [ -n "$IP_RULE1" ]; then
+		IP_RULE1="$IP_RULE1 -j ACCEPT"
 	fi
 
+	add_access_rule "$IP_RULE"
+	if [ -n "$IP_RULE1" ]; then
+		add_access_rule "$IP_RULE1"
+	fi
 
 	# for access rules to be effective for a schedule, need to add DROP rule
-# to block the access outside the defined schedule
+	# to block the access outside the defined schedule
 	if [ "$schedule_added" == "0" ]; then
 		schedule_added="1"
 	fi
@@ -249,9 +225,6 @@ handle_schedule() {
 handle_access_control() {
 	local ac_section="$1"
 	local is_enabled
-	local rule_sec
-	local rule1_sec
-	local rule2_sec
 
 	# default value of Hosts.AccessControl.{i}.Enable is false,
 	# so, if not defined in uci as 1, assume 0
@@ -264,6 +237,8 @@ handle_access_control() {
 	config_get mac_addr "$ac_section" "macaddr"
 	if [ -z "$mac_addr" ]; then
 		return
+	else
+		ACCESS_RULE="-m mac --mac-source $mac_addr"
 	fi
 
 	local access_policy
@@ -275,61 +250,50 @@ handle_access_control() {
 	# As per Data Model, if access policy is deny, then schedule is to be ignored
 	# and no access is to be provided for the device
 	if [ "$access_policy" == "Deny" ]; then
-		rule_sec=$(uci add "firewallmngr" "rule")
-		uci set firewallmngr."$rule_sec".enable="1"
-		uci set firewallmngr."$rule_sec".chain="$active_chain"
-		uci set firewallmngr."$rule_sec".creator="host_acl"
-		uci set firewallmngr."$rule_sec".source_interface="*"
-		uci set firewallmngr."$rule_sec".dest_interface="*"
-		uci set firewallmngr."$rule_sec".source_mac="$mac_addr"
-		uci set firewallmngr."$rule_sec".target="DROP"
-		uci rename firewallmngr."$rule_sec"="fwmngr_host_acl_${rule_count}"
-		rule_count=$(( rule_count + 1 ))
+		ACCESS_RULE="$ACCESS_RULE -j DROP"
+		add_access_rule "$ACCESS_RULE"
 		return # no need to parse schedule
 	fi
 
 	schedule_added="0"
 	# check if schedule is defined for this access_control instance
 	# and if yes, create rule accordingly
-	config_foreach handle_schedule  ac_schedule "$ac_section" "$mac_addr"
+	config_foreach handle_schedule  ac_schedule "$ac_section"
 
 	# for access rule to work, need to have default drop rule as last rule
 	if [ "$schedule_added" == "1" ]; then
-		rule2_sec=$(uci add "firewallmngr" "rule")
-		uci set firewallmngr."$rule2_sec".enable="1"
-		uci set firewallmngr."$rule2_sec".chain="$active_chain"
-		uci set firewallmngr."$rule_sec".creator="host_acl"
-		uci set firewallmngr."$rule2_sec".source_interface="*"
-		uci set firewallmngr."$rule2_sec".dest_interface="*"
-		uci set firewallmngr."$rule_sec".source_mac="$mac_addr"
-		uci set firewallmngr."$rule2_sec".target="DROP"
-		uci rename firewallmngr."$rule1_sec"="fwmngr_host_acl_${rule_count}"
-		rule_count=$(( rule_count + 1 ))
+		IP_RULE="$ACCESS_RULE -j DROP"
+		add_access_rule "$IP_RULE"
 	fi
 }
 
-firewallmngr_get_active_chain() {
-	config_get creator "$1" creator
-	[ "$creator" = "PortMapping" ] && return
+ACL_FILE="/tmp/hosts_access_control/access_control.rules"
 
-	config_get enable "$1" enable
-	if [ -n "$enable" ] && [ "$enable" = "1" ]; then
-		config_get active_chain "$1" name
-	fi
-}
+rm -f $ACL_FILE
 
-remove_firewallmngr_host_acl_rule() {
-	config_get creator "$1" creator
-	[ "$creator" = "host_acl" ] || return
-	uci delete firewallmngr."$1"
-}
+mkdir -p /tmp/hosts_access_control/
+touch $ACL_FILE
+
+echo "iptables -w -F hosts_forward" >> $ACL_FILE
+echo "ip6tables -w -F hosts_forward" >> $ACL_FILE
+
+hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward)
+if [ -z "$hosts_ipv4_forward" ]; then
+	echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
+	ret=$?
+	[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
+fi
+
+hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward)
+if [ -z "$hosts_ipv6_forward" ]; then
+	echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
+	ret=$?
+	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
+fi
 
 # Load /etc/config/hosts UCI file
-config_load firewallmngr
-config_foreach firewallmngr_get_active_chain chain
-config_foreach remove_firewallmngr_host_acl_rule rule
-
 config_load hosts
 config_foreach handle_access_control access_control
 
-uci commit firewallmngr
+# apply the rules
+sh $ACL_FILE

icwmp/Config.in

@@ -0,0 +1,6 @@
+menu "Configuration"
+
+config ICWMP_MGMT_FROM_USP
+	bool "Support configuration of ManagementServer from USP"
+	default y
+endmenu

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.7.8
+PKG_VERSION:=9.8.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=5139c70c5f4da5107b7996456763b6beecb3b7d4
+PKG_SOURCE_VERSION:=580f923cfc89aa9f151096d8606dde71e4604d08
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -32,8 +32,21 @@ define Package/icwmp
   SUBMENU:=TRx69
   TITLE:=TR069 CWMP client
   DEPENDS:=+libuci +libubox +libblobmsg-json +libubus +libjson-c +libcurl +mxml +libuuid +libbbfdm-api +libopenssl
+  MENU:=1
 endef
 
+define Package/icwmp/description
+ TR069 client implementation with bbfdm backend for TR181 support
+endef
+
+define Package/icwmp/config
+	source "$(SOURCE)/Config.in"
+endef
+
+ifeq ($(CONFIG_ICWMP_MGMT_FROM_USP),y)
+EXTRA_CFLAGS += -DCWMP_DUAL_SUPPORT=BBFDM_BOTH
+endif
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/icwmp/* $(PKG_BUILD_DIR)/
@@ -48,12 +61,13 @@ define Package/icwmp/install
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
-	$(INSTALL_DIR) $(1)/etc/icwmpd/plugins
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
-	$(INSTALL_BIN) ./files/etc/firewall_cwmp.sh $(1)/etc/firewall_cwmp.sh
+	$(INSTALL_BIN) ./files/etc/firewall.cwmp $(1)/etc/firewall.cwmp
+	$(INSTALL_BIN) ./files/etc/critical_services.json $(1)/etc/icwmpd/critical_services.json
 	$(INSTALL_BIN) ./files/etc/init.d/icwmpd $(1)/etc/init.d/icwmpd
 	$(INSTALL_BIN) ./files/etc/uci-defaults/85-cwmp-set-userid $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/90-cwmpfirewall $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-set-random-inform-time $(1)/etc/uci-defaults/
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user

icwmp/files/etc/config/cwmp

@@ -5,7 +5,7 @@ config acs 'acs'
 	option periodic_inform_interval '1800'
 	option periodic_inform_time '0001-01-01T00:00:00Z'
 	option dhcp_discovery 'enable'
-	option ssl_capath "/etc/ssl/certs"
+	#option ssl_capath "/etc/icwmpd/ca.pem"
 	# compression possible configs: GZIP, Deflate, Disabled
 	option compression 'Disabled'
 	#­ possible configs interval :[1:65535]
@@ -41,6 +41,7 @@ config cpe 'cpe'
 	option active_notif_throttle '0'
 	option disable_gatewayinfo '0'
 	option fw_upgrade_keep_settings '1'
+	option clock_sync_timeout '128'
 	
 config lwn 'lwn'
 	option enable '0'

icwmp/files/etc/critical_services.json

@@ -0,0 +1,11 @@
+{
+	"services_list": [
+			"firewall",
+			"network",
+			"dhcp",
+			"stunc",
+			"xmpp",
+			"wireless",
+			"time"
+	]
+}

icwmp/files/etc/firewall.cwmp

@@ -6,7 +6,7 @@ log() {
 }
 
 get_firewall_zone() {
-	zone="$(uci show firewall|grep network|grep ${1}|cut -d. -f 2)"
+	zone="$(uci show firewall|grep network|grep -w ${1}|cut -d. -f 2)"
 	zone="${zone:-wan}" # defaults to wan zone
 	echo "$zone"
 }

icwmp/files/etc/firewall_cwmp.sh

@@ -1,91 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-get_firewall_zone() {
-	zone="$(uci show firewall|grep network|grep ${1}|cut -d. -f 2)"
-	zone="${zone:-wan}" # defaults to wan zone
-	echo "$zone"
-}
-
-cleanup_rule_firewallmngr() {
-	local rule_sec="$1"
-
-	config_get description "$rule_sec" "description"
-	[ "$description" = "Open_ACS_port" ] || return
-	uci -q delete firewallmngr."$rule_sec"
-
-}
-
-enable="$(uci -q get cwmp.cpe.enable)"
-enable="${enable:-1}"
-
-if [ "$enable" -eq 0 ]; then
-	exit 0;
-fi
-
-wan="$(uci -q get cwmp.cpe.default_wan_interface)"
-wan="${wan:-wan}"
-
-zone_name="$(get_firewall_zone $wan)"
-active_level=$(uci -q get firewallmngr.firewall.advanced_level)
-active_chain=$(uci -q get firewallmngr."$active_level".chain)
-
-port=$(uci -q get cwmp.cpe.port)
-port="${port:-7547}"
-
-incoming_rule=$(uci -q get cwmp.cpe.incoming_rule|awk '{print tolower($0)}')
-incoming_rule="${incoming_rule:-port_only}"
-
-ipaddr=$(uci -c /var/state -q get icwmp.acs.ip)
-ip6addr=$(uci -c /var/state -q get icwmp.acs.ip6)
-
-config_load firewallmngr
-config_foreach cleanup_rule_firewallmngr "rule"
-rule_sec=$(uci add firewallmngr rule)
-rule1_sec=$(uci add firewallmngr rule)
-uci set firewallmngr."$rule_sec".ip_version="4"
-uci set firewallmngr."$rule1_sec".ip_version="6"
-uci set firewallmngr."$rule_sec".source_interface="$zone_name"
-uci set firewallmngr."$rule1_sec".source_interface="$zone_name"
-uci set firewallmngr."$rule_sec".dm_parent="$active_chain"
-uci set firewallmngr."$rule1_sec".dm_parent="$active_chain"
-uci reorder firewallmngr."$rule_sec"=1
-uci reorder firewallmngr."$rule1_sec"=1
-
-# default incoming rule is Port only
-if [ "${incoming_rule}" = "ip_only" ]; then
-	if [ -n "${ipaddr}" ]; then
-		uci -q set firewallmngr."$rule_sec".source_ip=${ipaddr}
-	fi
-	if [ -n "${ip6addr}" ]; then
-		uci -q set firewallmngr."$rule1_sec".source_ip=${ip6addr}
-	fi
-elif [ "${incoming_rule}" = "port_only" ]; then
-	if [ -n "${port}" ]; then
-		uci -q set firewallmngr."$rule_sec".dest_port=${port}
-		uci -q set firewallmngr."$rule1_sec".dest_port=${port}
-	fi
-else
-	if [ -n "${ipaddr}" ]; then
-		uci -q set firewallmngr."$rule_sec".source_ip=${ipaddr}
-	fi
-
-	if [ -n "${ip6addr}" ]; then
-		uci -q set firewallmngr."$rule1_sec".source_ip=${ip6addr}
-	fi
-
-	if [ -n "${port}" ]; then
-		uci -q set firewallmngr."$rule_sec".dest_port=${port}
-		uci -q set firewallmngr."$rule1_sec".dest_port=${port}
-	fi
-fi
-
-uci set firewallmngr."$rule_sec".description="Open_ACS_port"
-uci set firewallmngr."$rule1_sec".description="Open_ACS_port"
-uci set firewallmngr."$rule_sec".target="Accept"
-uci set firewallmngr."$rule1_sec".target="Accept"
-uci set firewallmngr."$rule_sec".enable="1"
-uci set firewallmngr."$rule1_sec".enable="1"
-uci commit firewallmngr
-

icwmp/files/etc/init.d/icwmpd

@@ -17,7 +17,15 @@ log() {
 }
 
 regenerate_ssl_link() {
-	local cert_dir="${1%/}"
+	local cert_dir
+
+	cert_dir="${1%/}"
+	if [ -f "${cert_dir}" ]; then
+		return 0
+	fi
+
+	# do not generate the c_rehash if its system default cert path
+	# ca-certificate package already generates c_rehash on compilation
 	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
 
 	generate_links() {
@@ -26,14 +34,15 @@ regenerate_ssl_link() {
 		for cfile in ${files}; do
 			if [ -f "${cfile}" ]; then
 				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-				[ -f "${cert_dir}/${rehash}.0" ] || \
+				if [ ! -f "${cert_dir}/${rehash}.0" ]; then
+					log "Generating c_rehash for ${cfile}=>${rehash}.0"
 					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
+				fi
 			fi
 		done
 	}
 
 	generate_links "pem"
-	generate_links "crt"
 }
 
 enable_dhcp_option43() {
@@ -532,7 +541,6 @@ start_service() {
 		"${respawn_timeout:-10}" "${respawn_retry:-3}"
 
 	procd_close_instance
-	sh /etc/firewall_cwmp.sh
 }
 
 stop_service()

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.3.19
+PKG_VERSION:=8.5.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=fa847e6360e24265ae4e9e2e12ca4ed62ebf7fc5
+PKG_SOURCE_VERSION:=b0e9ef0934888281ba7db7843738e56e6541665a
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -22,6 +22,7 @@ PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
 include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 
 
 define Package/ieee1905/Default
@@ -38,7 +39,7 @@ define Package/libieee1905
   $(call Package/ieee1905/Default)
   TITLE:=libieee1905.so (library for CMDU and TLV handling)
   DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
-	   +libjson-c +libblobmsg-json
+	   +libjson-c +libblobmsg-json +libwifiutils
 endef
 
 define Package/ieee1905
@@ -46,7 +47,8 @@ define Package/ieee1905
   TITLE:=ieee1905d (daemon implementing 1905.1 and provides cli)
   DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
 	   +libjson-c +libblobmsg-json +ubus +libpthread \
-	   +libieee1905 +IEEE1905_PLATFORM_HAS_WIFI:libwifi
+	   +libieee1905 +IEEE1905_PLATFORM_HAS_WIFI:libwifi \
+	   +libwifiutils +libbbfdm-api
 endef
 
 include $(wildcard plugins/*.mk)
@@ -107,6 +109,7 @@ define Package/ieee1905/install
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ieee1905d $(1)/usr/sbin/
+	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/tr181/ieee1905dm.so $(1) $(PKG_NAME)
 endef
 
 define Package/libieee1905/install

ieee1905/plugins/map.mk

@@ -12,7 +12,7 @@ define Package/ieee1905-map-plugin/config
 
 		config MULTIAP_EASYMESH_VERSION
 		int "Easymesh version"
-		default 4
+		default 6
 
 		config MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG
 		bool "Sync configuration between dynamic controllers in the network"

iop/config

@@ -1,335 +0,0 @@
-############
-# Generic #
-##########
-
-# Build #
-CONFIG_BUILD_LOG=y
-CONFIG_CCACHE=y
-CONFIG_DEBUG=y
-CONFIG_DEVEL=y
-# CONFIG_USE_SSTRIP is not set
-CONFIG_USE_STRIP=y
-# CONFIG_SIGNED_PACKAGES is not set
-
-CONFIG_JSON_CYCLONEDX_SBOM=y
-CONFIG_INCLUDE_CONFIG=y
-
-# Image #
-CONFIG_TARGET_CUSTOMER="IOPSYS"
-CONFIG_TARGET_ROOTFS_TARGZ=y
-
-# Although UBIFS and EXT4 images work on all non-secure-boot devices,
-# squashfs is the only officially supported rootfs filesystem.
-# A writable rootfs is useful for developping an debugging preinit code.
-# CONFIG_TARGET_ROOTFS_UBIFS is not set
-# CONFIG_TARGET_ROOTFS_EXT4FS is not set
-
-# /etc/banner and /etc/device_info #
-CONFIG_IMAGEOPT=y
-CONFIG_VERSIONOPT=y
-CONFIG_VERSION_MANUFACTURER="IOPSYS"
-CONFIG_VERSION_MANUFACTURER_URL="https://iopsys.eu/"
-CONFIG_VERSION_DIST="IOWRT"
-
-# OpenWrt is given by CONFIG_VERSION_NUMBER which we do not want to override.
-# disabling CONFIG_VERSION_FILENAMES will hide the OpenWrt version from the image filename
-# CONFIG_VERSION_FILENAMES is not set
-
-# CONFIG_VERSION_CODE is set to the IOWRT version instead by the genconfig-script and
-# CONFIG_VERSION_CODE_FILENAMES will put it into the image filename.
-CONFIG_VERSION_CODE_FILENAMES=y
-
-CONFIG_VERSION_HOME_URL="https://iopsys.eu"
-CONFIG_VERSION_BUG_URL="https://iopsys.eu"
-CONFIG_VERSION_SUPPORT_URL="https://iopsys.eu"
-
-# /lib/preinit #
-CONFIG_PREINITOPT=y
-# CONFIG_TARGET_PREINIT_SUPPRESS_STDERR is not set
-CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y
-CONFIG_TARGET_PREINIT_TIMEOUT=1
-# CONFIG_TARGET_PREINIT_SHOW_NETMSG is not set
-# CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG is not set
-CONFIG_TARGET_PREINIT_IFNAME=""
-CONFIG_TARGET_PREINIT_IP=""
-CONFIG_TARGET_PREINIT_NETMASK=""
-CONFIG_TARGET_PREINIT_BROADCAST=""
-
-# Mirror #
-CONFIG_LOCALMIRROR="https://download.iopsys.eu/iopsys/mirror/"
-
-
-##################
-# IOWRT Add-ons #
-################
-
-# EasySoC HAL #
-CONFIG_PACKAGE_qosmngr=y
-CONFIG_PACKAGE_libwifiutils=y
-CONFIG_PACKAGE_wifimngr=y
-
-# Multi-AP #
-CONFIG_PACKAGE_ieee1905=y
-CONFIG_IEEE1905_CMDU_SA_IS_ALMAC=y
-CONFIG_PACKAGE_ieee1905-topology-plugin=y
-CONFIG_PACKAGE_decollector=y
-CONFIG_PACKAGE_map-agent=y
-CONFIG_PACKAGE_map-controller=y
-
-# Network #
-CONFIG_PACKAGE_hostmngr=y
-CONFIG_PACKAGE_netmode=y
-CONFIG_PACKAGE_urlfilter=y
-
-# System #
-CONFIG_PACKAGE_imonitor=m
-CONFIG_PACKAGE_questd=y
-CONFIG_PACKAGE_rulengd=y
-CONFIG_PACKAGE_usermngr=y
-
-# TR-x69 #
-CONFIG_PACKAGE_libbbfdm=y
-CONFIG_PACKAGE_bbfdmd=y
-CONFIG_PACKAGE_icwmp=y
-CONFIG_PACKAGE_obuspa=y
-CONFIG_PACKAGE_bulkdata=y
-CONFIG_PACKAGE_periodicstats=y
-CONFIG_PACKAGE_stunc=y
-CONFIG_PACKAGE_swmodd=y
-CONFIG_PACKAGE_twamp=y
-CONFIG_PACKAGE_udpecho-client=y
-CONFIG_PACKAGE_udpecho-server=y
-CONFIG_PACKAGE_userinterface=y
-CONFIG_PACKAGE_xmppc=y
-CONFIG_PACKAGE_timemngr=y
-CONFIG_PACKAGE_self-diagnostics=y
-
-# WebGUI #
-CONFIG_PACKAGE_sulu=y
-
-
-############
-# Network #
-##########
-
-# Protocols #
-CONFIG_PACKAGE_6in4=y
-CONFIG_PACKAGE_6rd=y
-CONFIG_PACKAGE_6to4=y
-CONFIG_PACKAGE_chat=y
-CONFIG_PACKAGE_comgt=y
-CONFIG_PACKAGE_comgt-directip=y
-CONFIG_PACKAGE_comgt-ncm=y
-CONFIG_PACKAGE_ds-lite=y
-CONFIG_PACKAGE_firewall=y
-# CONFIG_PACKAGE_firewall4 is not set
-CONFIG_PACKAGE_gre=y
-CONFIG_PACKAGE_map=y
-CONFIG_PACKAGE_ntfs-3g=y
-CONFIG_PACKAGE_ntpd=y
-CONFIG_PACKAGE_odhcp6c=y
-CONFIG_PACKAGE_odhcpd=y
-CONFIG_PACKAGE_ppp-mod-pppoa=y
-CONFIG_PACKAGE_ppp-mod-pppoe=y
-CONFIG_PACKAGE_ppp-mod-pppol2tp=y
-CONFIG_PACKAGE_ppp-mod-pptp=y
-CONFIG_PACKAGE_ppp-multilink=y
-# CONFIG_PACKAGE_ppp is not set
-CONFIG_PACKAGE_relayd=y
-CONFIG_PACKAGE_umbim=y
-CONFIG_PACKAGE_uqmi=y
-CONFIG_PACKAGE_wwan=y
-CONFIG_PACKAGE_xl2tpd=y
-
-# Services #
-CONFIG_PACKAGE_atftpd=y
-CONFIG_PACKAGE_ddns-scripts=y
-CONFIG_PACKAGE_dnsmasq=y
-CONFIG_PACKAGE_ssdpd=y
-CONFIG_PACKAGE_miniupnpd-iptables=y
-CONFIG_PACKAGE_mosquitto-client-ssl=y
-CONFIG_PACKAGE_mosquitto-ssl=y
-CONFIG_PACKAGE_nginx=y
-CONFIG_PACKAGE_openvpn-easy-rsa=y
-CONFIG_PACKAGE_openvpn-openssl=y
-CONFIG_OPENVPN_openssl_ENABLE_IPROUTE2=y
-# CONFIG_PACKAGE_qos-scripts is not set
-CONFIG_PACKAGE_rdnssd=y
-CONFIG_PACKAGE_vsftpd-tls=y
-
-# Tools and Utilities #
-CONFIG_PACKAGE_curl=y
-CONFIG_PACKAGE_libcurl=y
-CONFIG_LIBCURL_CRYPTO_AUTH=y
-# CONFIG_LIBCURL_MBEDTLS is not set
-CONFIG_LIBCURL_OPENSSL=y
-CONFIG_PACKAGE_ethtool=y
-CONFIG_PACKAGE_ip-bridge=y
-CONFIG_PACKAGE_ip-full=y
-CONFIG_PACKAGE_iperf3=y
-CONFIG_PACKAGE_ipset=y
-CONFIG_PACKAGE_ip6tables-zz-legacy=y
-CONFIG_PACKAGE_iptables-zz-legacy=y
-CONFIG_PACKAGE_iptables-mod-conntrack-extra=y
-CONFIG_PACKAGE_iptables-mod-extra=y
-CONFIG_PACKAGE_iptables-mod-filter=y
-CONFIG_PACKAGE_iptables-mod-ipmark=y
-CONFIG_PACKAGE_iptables-mod-ipopt=y
-CONFIG_PACKAGE_iptables-mod-nflog=y
-CONFIG_PACKAGE_iptables-mod-nfqueue=y
-CONFIG_PACKAGE_iputils-arping=y
-CONFIG_PACKAGE_iputils-ping=y
-CONFIG_PACKAGE_ndisc6=y
-CONFIG_PACKAGE_rdisc6=y
-CONFIG_PACKAGE_resolveip=y
-CONFIG_PACKAGE_socat=y
-CONFIG_PACKAGE_tcpdump=y
-CONFIG_PACKAGE_traceroute6=y
-
-
-############
-# System  #
-##########
-
-CONFIG_PACKAGE_at=y
-CONFIG_PACKAGE_ca-certificates=y
-CONFIG_PACKAGE_crun=y
-CONFIG_PACKAGE_getopt=y
-CONFIG_PACKAGE_gpiod-tools=y
-# CONFIG_PACKAGE_iwatchdog is not set
-CONFIG_PACKAGE_jq=y
-CONFIG_PACKAGE_libcap-bin=y
-CONFIG_PACKAGE_libustream-openssl=y
-# CONFIG_PACKAGE_libustream-wolfssl is not set
-CONFIG_PACKAGE_lscpu=y
-CONFIG_PACKAGE_nand-utils=y
-CONFIG_PACKAGE_openssl-util=y
-CONFIG_OPENSSL_WITH_COMPRESSION=y
-CONFIG_PACKAGE_procd-ujail=m
-CONFIG_PACKAGE_quota=y
-CONFIG_PACKAGE_rpcd=y
-CONFIG_PACKAGE_rpcd-mod-rpcsys=y
-CONFIG_PACKAGE_rpcd-mod-rrdns=y
-CONFIG_PACKAGE_strace=y
-CONFIG_PACKAGE_terminfo=y
-CONFIG_PACKAGE_uledd=y
-# The urandom-seed package is very strange. It seeds urandom with urandom...
-# Disable it. Most SoCs nowadays has HW random generators anyway.
-# CONFIG_PACKAGE_urandom-seed is not set
-# CONFIG_PACKAGE_urngd is not set
-CONFIG_PACKAGE_usb-modeswitch=y
-CONFIG_PACKAGE_uuidgen=y
-CONFIG_PACKAGE_zoneinfo-core=y
-CONFIG_PACKAGE_zoneinfo-europe=y
-
-
-################
-# LuCI WebGUI #
-##############
-
-# BEGIN: luci-nginx metapackage with some changes
-# We do not want libiwinfo-lua on non-WiFi targets, but it is already
-# depended on by other luci-packages, so no need to take it in explicitly
-CONFIG_PACKAGE_luci-mod-admin-full=y
-CONFIG_PACKAGE_luci-app-firewall=y
-CONFIG_PACKAGE_luci-app-opkg=y
-CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-proto-ipv6=y
-# CONFIG_LUCI_JSMIN is not set
-# CONFIG_LUCI_CSSTIDY is not set
-CONFIG_PACKAGE_luci-mod-dashboard=y
-CONFIG_PACKAGE_luci-theme-openwrt-2020=y
-CONFIG_PACKAGE_nginx-mod-luci=y
-
-
-############
-# BusyBox #
-##########
-
-CONFIG_BUSYBOX_CUSTOM=y
-CONFIG_BUSYBOX_CONFIG_ADDUSER=y
-CONFIG_BUSYBOX_CONFIG_ASH_IDLE_TIMEOUT=y
-CONFIG_BUSYBOX_CONFIG_ASH_RANDOM_SUPPORT=y
-CONFIG_BUSYBOX_CONFIG_CTTYHACK=y
-CONFIG_BUSYBOX_CONFIG_DELUSER=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_UDHCP_8021Q=y
-CONFIG_BUSYBOX_CONFIG_FIRST_SYSTEM_ID=100
-# CONFIG_BUSYBOX_CONFIG_HTTPD is not set
-# CONFIG_BUSYBOX_CONFIG_INSMOD is not set
-# CONFIG_BUSYBOX_CONFIG_MODINFO is not set
-# CONFIG_BUSYBOX_CONFIG_MODPROBE is not set
-CONFIG_BUSYBOX_CONFIG_FEATURE_MODPROBE_BLACKLIST=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_CHECK_TAINTED_MODULE=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_MODUTILS_ALIAS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_MODUTILS_SYMBOLS=y
-CONFIG_BUSYBOX_CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
-CONFIG_BUSYBOX_CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
-# CONFIG_BUSYBOX_CONFIG_IP is not set
-CONFIG_BUSYBOX_CONFIG_LAST_SYSTEM_ID=999
-CONFIG_BUSYBOX_CONFIG_LOGIN=y
-# CONFIG_BUSYBOX_CONFIG_LSMOD is not set
-CONFIG_BUSYBOX_CONFIG_LSPCI=y
-CONFIG_BUSYBOX_CONFIG_LSUSB=y
-CONFIG_BUSYBOX_CONFIG_MICROCOM=y
-# CONFIG_BUSYBOX_CONFIG_RMMOD is not set
-CONFIG_BUSYBOX_CONFIG_STTY=y
-CONFIG_BUSYBOX_CONFIG_TFTP=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_CHECK_TAINTED_MODULE=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_AUTH_MD5=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_BASIC_AUTH=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_CGI=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_ERROR_PAGES=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_GZIP=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_PROXY=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_RANGES=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_SETUID=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_HTTPD_USE_SENDFILE=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT=y
-# CONFIG_BUSYBOX_CONFIG_FEATURE_NOLOGIN is not set
-CONFIG_BUSYBOX_CONFIG_FEATURE_SECURETTY=y
-# CONFIG_BUSYBOX_CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
-CONFIG_BUSYBOX_CONFIG_FEATURE_TFTP_GET=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_TFTP_PUT=y
-# CONFIG_BUSYBOX_CONFIG_WGET is not set
-# CONFIG_BUSYBOX_CONFIG_LOGIN_SCRIPTS is not set
-# CONFIG_BUSYBOX_CONFIG_LOGIN_SESSION_AS_CHILD is not set
-# CONFIG_BUSYBOX_CONFIG_PAM is not set
-# CONFIG_BUSYBOX_CONFIG_TFTP_DEBUG is not set
-# CONFIG_BUSYBOX_CONFIG_NTPD is not set
-CONFIG_BUSYBOX_CONFIG_MOUNTPOINT=y
-CONFIG_BUSYBOX_CONFIG_RUN_PARTS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_RUN_PARTS_FANCY=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_GZIP_LEVELS=y
-CONFIG_BUSYBOX_CONFIG_GZIP_FAST=2
-CONFIG_BUSYBOX_CONFIG_FEATURE_FANCY_SLEEP=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_FLOAT_SLEEP=y
-CONFIG_BUSYBOX_CONFIG_FLOAT_DURATION=y
-CONFIG_BUSYBOX_CONFIG_USLEEP=y
-CONFIG_BUSYBOX_CONFIG_REALPATH=y
-CONFIG_BUSYBOX_CONFIG_TTY=y
-CONFIG_BUSYBOX_CONFIG_BLOCKDEV=y
-CONFIG_BUSYBOX_CONFIG_PARTPROBE=y
-CONFIG_BUSYBOX_CONFIG_LFS=y
-CONFIG_BUSYBOX_CONFIG_FDISK=y
-CONFIG_BUSYBOX_CONFIG_FDISK_SUPPORT_LARGE_DISKS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_FDISK_WRITABLE=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_GPT_LABEL=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_FDISK_ADVANCED=y
-CONFIG_BUSYBOX_CONFIG_IONICE=y
-CONFIG_BUSYBOX_CONFIG_RENICE=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_BTRFS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_F2FS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_LINUXSWAP=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_SQUASHFS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_VOLUMEID_UBIFS=y
-CONFIG_BUSYBOX_CONFIG_TIMEOUT=y
-CONFIG_BUSYBOX_CONFIG_NOHUP=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="sha512"
-# CONFIG_BUSYBOX_CONFIG_ARPING is not set
-# CONFIG_BUSYBOX_CONFIG_PING is not set
-# CONFIG_BUSYBOX_CONFIG_PING6 is not set
-# CONFIG_BUSYBOX_CONFIG_FEATURE_FANCY_PING is not set

iop/iop.completion

@@ -33,10 +33,10 @@ _iop()
     prev="${COMP_WORDS[COMP_CWORD-1]}"
 
     iopcmds="bootstrap cfe_upgrade cfe_upgrade_latest extract_core \
-             feeds_update feeds_update-legacy genconfig genconfig-legacy \
+             feeds_update genconfig \
              generate_tarballs install_key \
              scp_changes setup_host ssh_install_key status \
-             update_package update_feed_branches ssh_upgrade smoketest"
+             update_feed_branches ssh_upgrade smoketest"
 
     if [ $COMP_CWORD -eq 1 ] ; then
 

iop/scripts/feeds_update-legacy.sh

@@ -1,88 +0,0 @@
-#!/bin/bash
-
-function feeds_update-legacy {
-	heads=1
-	developer=0
-	override=1
-	force=1
-
-	function update_failure {
-		if [ $force == 1 ]; then
-			echo "WARNING: Failed to update feed(s). Forced update, proceeding anyway." >&2
-		else
-			echo "ERROR: Failed to update feed(s). Omit -F to proceed anyway." >&2
-			exit 1
-		fi
-	}
-
-	while getopts "inFh" opt; do
-		case $opt in
-		i)
-			heads=0
-			;;
-		n)
-			override=0
-			;;
-		F)
-			force=0
-			;;
-		h|\?)
-			echo "Usage: ./iop feeds_update-legacy  [-i] [-n] [-F] [-h]"
-			echo
-			echo "OPTIONS:"
-			echo "  -i - Only update index. Do not change HEAD in feeds."
-			echo "  -n - Do not replace core packages with iopsys versions."
-			echo "  -F - Do not force update if there are inaccessible feeds."
-			echo "  -h - Display this help message and exit."
-			exit 1
-			;;
-		esac
-	done
-
-	git remote -v | grep -qE '(git@|ssh://)' && developer=1
-
-	cp .config .genconfig_config_bak
-
-	if [ $heads == 1 ]; then
-		if [ $developer == 1 ]; then
-			./scripts/feeds update -g || update_failure
-		else
-			./scripts/feeds update || update_failure
-		fi
-	fi
-	./scripts/feeds update -ai || exit 1
-
-	# replace core packages with iopsys versions
-	if [ $override == 1 ]; then
-		./scripts/feeds install -f -p openwrt_core -a || exit 1
-		./scripts/feeds install -f -p qualcomm -a || exit 1
-	fi
-
-	(
-		echo '# DO NOT EDIT. Autogenerated file by ./iop feeds_update'
-		echo 'FEED_DEVICES_DIRS:='
-		find feeds -type f -name .is-feed-devices-dir -printf 'FEED_DEVICES_DIRS+=$(TOPDIR)/%h\n'
-	) > target/linux/feed-devices/feed-devices-list.mk || exit 1
-
-	# targets need to be installed explicitly
-	for target in $(ls ./feeds/targets); do
-		./scripts/feeds install -f -p targets $target || exit 1
-	done
-
-	# install all packages
-	./scripts/feeds install -a || exit 1
-
-	# remove broken symlinks ( for packages that are no longer in the feed )
-	find -L package/feeds -maxdepth 2 -type l -delete || exit 1
-
-	cp .genconfig_config_bak .config
-	make defconfig || exit 1
-
-	# record when we last run this script
-	touch tmp/.iop_bootstrap || exit 1
-
-	# always return true
-	exit 0
-}
-
-register_command "feeds_update-legacy" "Update feeds to point to commit hashes from feeds.conf - legacy mode"

iop/scripts/genconfig-legacy.sh

@@ -1,535 +0,0 @@
-#!/bin/bash
-
-function genconfig-legacy {
-	export CLEAN=0
-	export DIRTY="--dirty"
-	export IMPORT=1
-	export SRCTREEOVERR=0
-	export FILEDIR="files/"
-	CURRENT_CONFIG_FILE=".current_config_file"
-	export CONFIGPATH="package/feeds/iopsys/iop"
-	CUSTPATH="customerconfigs"
-	export CUSTCONF="customerconfigs/customers"
-	export VERBOSE=0
-	export DEVELOPER=0
-	target="bogus"
-	target_config_path=""
-	brcmbca_feed="target/linux/feeds/brcmbca"
-	airoha_feed="target/linux/feeds/airoha"
-	x86_feed="target/linux/feeds/x86"
-	armsr_feed="target/linux/feeds/armsr"
-	mediatek_feed="target/linux/feeds/mediatek"
-	qualcomm_ipq95xx_feed="target/linux/feeds/ipq95xx"
-	qualcomm_ipq53xx_feed="target/linux/feeds/ipq53xx"
-
-	Red='\033[0;31m'          # Red
-	Color_Off='\033[0m'       # Text Reset
-	Yellow='\033[0;33m'       # Yellow
-
-	function find_last {
-	    egrep "^[ #]*${1}[ =]" $2 | tail -n1
-	}
-
-	function is_new {
-	    for opt in $conf_warned
-	    do
-		if [ "$opt" == "$1" ]
-		then
-		    return 1
-		fi
-	    done
-	    # option not found return true
-	    return 0
-	}
-
-	function verify_config {
-	    local conf_opt
-	    local conf_org
-	    local conf_new
-
-	    while read -r line
-	    do
-		conf_opt=$(echo $line | grep "^[ #]*CONFIG_" | sed 's|.*\(CONFIG_[^ =]*\)[ =].*|\1|')
-		if [ -n "${conf_opt}" ]
-		then
-		    conf_org=$(find_last ${conf_opt} .genconfig.config)
-		    conf_new=$(find_last ${conf_opt} .config)
-		    if [ "$conf_org" != "$conf_new" ]
-		    then
-			if is_new $conf_opt
-			then
-			    echo -e "config option [${Red}$conf_opt${Color_Off}] is not set correctly in .config"
-			    echo -e "got value [${Yellow}$conf_new${Color_Off}] but wanted [${Yellow}$conf_org${Color_Off}]"
-			    echo "This is a real problem somebody needs to investigate"
-			    echo ""
-			    conf_warned="$conf_warned $conf_opt"
-			fi
-		    else
-			true
-			# for debug to see all options
-			#echo -e "wanted [$conf_org] got [$conf_new]"
-		    fi
-		fi
-	    done < .genconfig.config
-	}
-
-	# Takes a board name and returns the target name in global var $target
-	set_target() {
-		local profile=$1
-
-		[ -n "$profile" ] || return
-
-		if [ -n "$TARGET" -a -d "./target/linux/feeds/$TARGET" ]; then
-			local targetpath="./target/linux/feeds/$TARGET"
-			local profiles=
-			local pfound=0
-
-			if [ -e "$targetpath/genconfig" ]; then
-				profiles=$(cd $targetpath; ./genconfig)
-
-				for p in $profiles; do
-					if [ $p == $profile ]; then
-						pfound=1
-						break
-					fi
-				done
-			fi
-
-			if [ $pfound -eq 1 ]; then
-				target="$(echo $TARGET | tr '-' '_')"
-				target_config_path="$targetpath/config"
-			fi
-
-			return
-		fi
-
-		[ -e $brcmbca_feed/genconfig ] &&
-			brcmbca=$(cd $brcmbca_feed; ./genconfig)
-		[ -e $airoha_feed/genconfig ] &&
-			airoha=$(cd $airoha_feed; ./genconfig)
-		[ -e $x86_feed/genconfig ] &&
-			x86=$(cd $x86_feed; ./genconfig)
-		[ -e $armsr_feed/genconfig ] &&
-			armsr=$(cd $armsr_feed; ./genconfig)
-		[ -e $mediatek_feed/genconfig ] &&
-			mediatek=$(cd $mediatek_feed; ./genconfig)
-		[ -e $qualcomm_ipq95xx_feed/genconfig ] &&
-			ipq95xx=$(cd $qualcomm_ipq95xx_feed; ./genconfig)
-		[ -e $qualcomm_ipq53xx_feed/genconfig ] &&
-			ipq53xx=$(cd $qualcomm_ipq53xx_feed; ./genconfig)
-
-	    if [ "$profile" == "LIST" ]; then
-			for list in brcmbca airoha x86 armsr mediatek ipq95xx ipq53xx; do
-				echo "$list based boards:"
-				a=$(echo "${!list}" | sort)
-				for b in $a; do
-					echo -e "\t$b"
-				done
-			done
-			return
-	    fi
-
-	    for p in $airoha; do
-		if [ $p == $profile ]; then
-		    target="airoha"
-			target_config_path="$airoha_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $x86; do
-		if [ $p == $profile ]; then
-		    target="x86"
-			target_config_path="$x86_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $armsr; do
-		if [ $p == $profile ]; then
-		    target="armsr"
-			target_config_path="$armsr_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $mediatek; do
-		if [ $p == $profile ]; then
-		    target="mediatek"
-			target_config_path="$mediatek_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $ipq95xx; do
-		if [ $p == $profile ]; then
-		    target="ipq95xx"
-			target_config_path="$qualcomm_ipq95xx_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $ipq53xx; do
-		if [ $p == $profile ]; then
-		    target="ipq53xx"
-			target_config_path="$qualcomm_ipq53xx_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $brcmbca; do
-		if [ $p == $profile ]; then
-		    target="brcmbca"
-			target_config_path="$brcmbca_feed/config"
-		    return
-		fi
-	    done
-	}
-
-	git remote -v | grep -qE '(git@|ssh://)' && {
-		DEVELOPER=1
-	}
-
-	v() {
-		[ "$VERBOSE" -ge 1 ] && echo "$@"
-	}
-
-	usage() {
-		echo
-		echo 1>&2 "Usage: $0 genconfig-legacy [ OPTIONS ] < Board_Type > [ Customer [customer2 ]...]"
-		echo
-		echo -e "  -c|--clean\t\tRemove all files under ./files and import from config "
-		echo -e "  -D|--no-dirty\t\tIgnore dirty tree"
-		echo -e "  -v|--verbose\t\tVerbose"
-		echo -e "  -n|--no-update\tDo NOT! Update customer config before applying"
-		echo -e "  -t|--target\t\tExplicitly specify the linux target to build the board profile from"
-		echo -e "  -s|--override\t\tEnable 'Package source tree override'"
-		echo -e "  -S|--brcmsingle\tForce build of bcmkernel to use only one thread"
-		echo -e "  -h|--help\t\tShow this message"
-		echo -e "  -l|--list [customer]\tList all Customers or all boards for one customer"
-		echo -e "  -a|--list-all\t\tList all Customers and their board types"
-		echo -e "  -b|--boards\t\tList all board types"
-		echo
-		echo "Example ./iop genconfig-legacy eg400 OPERATORX"
-		echo "(if no customerconfig is chosen, iopsys config will be used)"
-		echo
-		exit 0
-	}
-
-	list_customers()
-	{
-		local ALL="$1"
-		local CUSTOMER="$2"
-		if [ "$CUSTOMER" -a -d "$CUSTCONF/$CUSTOMER" ]; then
-			local boards="$(ls -1 "$CUSTCONF/$CUSTOMER" | grep -v common)"
-			if [ "$boards" ]; then
-				echo "$CUSTOMER has following boards:"
-				for board in $boards; do
-					echo -e "\t$board"
-				done
-			else
-				echo "No boards found for $CUSTOMER"
-			fi
-		elif [ "$CUSTOMER" ]; then
-			echo "No customer called $CUSTOMER"
-			exit 1
-		elif [ -d $CUSTCONF ]; then
-			local customers="$(ls -1 $CUSTCONF)"
-			if [ "$customers" -a "$ALL" == 1 ]; then
-				for customer in $customers; do
-					echo $customer
-					local boards="$(ls -1 $CUSTCONF/$customer | grep -v common)"
-					if [ "$boards" ]; then
-						for board in $boards; do
-							echo -e "\t$board"
-						done
-					else
-						echo "has no boards"
-					fi
-				done
-			elif [ "$customers" ]; then
-				echo -e "$customers"
-			else
-				echo "no customers found"
-			fi
-		else
-			echo "No $CUSTCONF folder found"
-		fi
-		exit 0
-	}
-
-
-	generate_config()
-	{
-		DIFFFILE="$1"
-		MASTERFILE="$2"
-		while read p; do
-			v "$p"
-			sed -r -i "$p" $MASTERFILE
-		done < $DIFFFILE
-	}
-
-	setup_dirs()
-	{
-		git remote -v | grep -q http || {
-			CUSTBRANCH="$(git rev-parse --abbrev-ref HEAD)"
-			if git ls-remote $CUSTREPO -q 2>/dev/null; then
-				if [ ! -d "$CUSTPATH" ]; then
-					echo "Cloning $CUSTBRANCH branch of $CUSTREPO"
-					git clone -b "$CUSTBRANCH" "$CUSTREPO" "$CUSTPATH" 2>/dev/null || {
-						DEFBRANCH="$(git remote show $CUSTREPO | grep 'HEAD branch' | cut -d' ' -f5)"
-						echo "$CUSTBRANCH branch is not found, cloning $DEFBRANCH branch of $CUSTREPO"
-						git clone "$CUSTREPO" "$CUSTPATH"
-					}
-				elif [ $IMPORT -eq 1 ]; then
-					cd $CUSTPATH
-					echo "Checking out $CUSTBRANCH branch in $CUSTPATH"
-					git checkout "$CUSTBRANCH" 2>/dev/null || {
-						DEFBRANCH="$(git symbolic-ref refs/remotes/origin/HEAD | cut -d '/' -f4)"
-						echo "Checking out $CUSTBRANCH branch has failed, using $DEFBRANCH branch in $CUSTPATH"
-					}
-					v "git pull"
-					git pull
-					cd - >/dev/null #go back
-				fi
-			else
-				echo "You do not have access to $CUSTREPO"
-			fi
-		}
-
-		if [ ! -d "$FILEDIR" ]; then
-			mkdir -p $FILEDIR
-		elif [ -d "$FILEDIR" -a $CLEAN -eq 1 ]; then
-			v "rm -rf $FILEDIR*"
-			rm -rf $FILEDIR*
-		fi
-	}
-
-	get_subtarget_for_device() {
-		readonly target="$1"
-		readonly device="$2"
-		readonly targetinfo_file="tmp/info/.targetinfo-feeds_$target"
-		readonly target_profile_line="Target-Profile: DEVICE_$device"
-		# We want to know after which Target: $target/$subtarget line
-		# our $target_profile_line appears
-		# This is a crude way to "parse" the file using shell 🤯
-		# 1. grep for both lines with line number output
-		# 2. grep again to determine the device profile line that we looked for
-		#    but output one context line before as well to determine corresponding subtarget line
-		# 4. Use head and sed to extract the subtarget
-		grep "^Target: $target/\|^$target_profile_line" "$targetinfo_file" \
-			| grep -E -B1 "^$target_profile_line" \
-			| head -n1 \
-			| sed -E "s|^Target: $target/||"
-	}
-
-	create_and_copy_files()
-	{
-		local BOARDTYPE=$1
-		shift
-		local CUSTOMERS=$@
-
-		# Validate seleced board and customers
-		set_target $BOARDTYPE
-		if [ $target == "bogus" ]; then
-			echo "Hardware profile does not exist"
-			exit 1
-		elif [ -n "$CUSTOMERS" ]; then
-			for CUSTOMER in $CUSTOMERS; do
-				if [ ! -d "$CUSTCONF/$CUSTOMER/" ]; then
-					echo "Customer profile for '$CUSTOMER' does not exist"
-					exit 1
-				elif [ ! -d "$CUSTCONF/$CUSTOMER/$BOARDTYPE/" ]; then
-					echo "'$BOARDTYPE' board profile does not exist for customer '$CUSTOMER'"
-					if [ -f "$CUSTCONF/$CUSTOMER/common/common.diff" ]; then
-						echo "Common profile configuration will be used"
-					else
-						exit 1
-					fi
-				fi
-			done
-		fi
-
-		# Generate base config
-		rm -f .config
-		v "Config $BOARDTYPE selected"
-		v "cp $CONFIGPATH/config .config"
-		cp $CONFIGPATH/config .config
-
-		if [ -f $target_config_path/config ]; then
-		    cat $target_config_path/config >> .config
-		    echo "" >> .config
-		fi
-		if [ -f $target_config_path/$BOARDTYPE/config ]; then
-		    cat $target_config_path/$BOARDTYPE/config >> .config
-		    echo "" >> .config
-		fi
-		# hack to support custom-devices until we have deprecated this genconfig-script...
-		local custom_found=false
-		local used_config_file
-
-		for config_file in feeds/*/devices/$target/config/$BOARDTYPE/config; do
-			if [ "$custom_found" = "true" ]; then
-				echo
-				echo "Error was found!"
-				echo "Please use only one path."
-				echo "Two instances of $target/config/$BOARDTYPE exists:"
-				echo "Path 1: $used_config_file"
-				echo "Path 2: $config_file"
-				return 1
-			fi
-			if [ -f "$config_file" ]; then
-				cat "$config_file" >> .config
-				echo "" >> .config
-				custom_found=true
-				used_config_file=$config_file
-			fi
-		done
-
-		# Special handling for targets which use TARGET_DEVICES
-		case "$target" in
-		airoha | mediatek | brcmbca | ipq95xx | ipq53xx)
-			# This assumes the device name to be unique within one target,
-			# which is a fair assumption to make.
-			local subtarget="$(get_subtarget_for_device "${target/_/-}" "$BOARDTYPE")"
-			if [ -z "$subtarget" ]; then
-				echo "Error determining subtarget for $target / ${BOARDTYPE}"
-				return 1
-			fi
-			echo "CONFIG_TARGET_${target}=y" >> .config
-			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
-			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
-			echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
-			echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
-			;;
-		*)
-			echo "CONFIG_TARGET_${target}=y" >> .config
-			echo "CONFIG_TARGET_${target}_${BOARDTYPE}=y" >> .config
-			;;
-		esac
-
-		echo "$CUSTOMERS $BOARDTYPE" > $CURRENT_CONFIG_FILE
-
-		# Add customerconfig diff if a customer is selected
-		if [ -n "$CUSTOMERS" ]; then
-			for CUSTOMER in $CUSTOMERS; do
-				if [ -d "$CUSTCONF/$CUSTOMER/common/fs" ]; then
-					v "cp -ar $CUSTCONF/$CUSTOMER/common/fs/* $FILEDIR"
-					cp -ar $CUSTCONF/$CUSTOMER/common/fs/* $FILEDIR
-				fi
-				if [ -d "$CUSTCONF/$CUSTOMER/$BOARDTYPE/fs" ]; then
-					v "cp -ar $CUSTCONF/$CUSTOMER/$BOARDTYPE/fs/* $FILEDIR"
-					cp -ar $CUSTCONF/$CUSTOMER/$BOARDTYPE/fs/* $FILEDIR
-				fi
-				if [ -e "$CUSTCONF/$CUSTOMER/common/common.diff" ]; then
-					v "Apply $CUSTCONF/$CUSTOMER/common/common.diff"
-					cat $CUSTCONF/$CUSTOMER/common/common.diff >> .config
-					echo "" >> .config
-				fi
-				if [ -e "$CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff" ]; then
-					v "Apply $CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff"
-					cat $CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff >> .config
-					echo "" >> .config
-				fi
-			done
-		fi
-
-		# Set target version
-		local git_version
-		if ! git_version="$(git describe --always $DIRTY --tags --match '[0-9].*.*' --match '[0-9][0-9].*.*')"; then
-			echo "ERROR: Failed getting version via git describe, exiting." >&2
-			return 1
-		fi
-		local version="${git_version,,}${CUSTOMERS:+-${CUSTOMERS// /}}"
-		local version_lower="${version,,}"
-		echo "CONFIG_TARGET_VERSION=\"${version_lower}\"" >> .config
-		echo "CONFIG_VERSION_CODE=\"${version_lower}\"" >> .config
-		echo "CONFIG_VERSION_PRODUCT=\"$BOARDTYPE"\" >> .config
-
-		# Enable Package source tree override if selected
-		[ $SRCTREEOVERR -eq 1 ] && echo CONFIG_SRC_TREE_OVERRIDE=y >> .config
-
-		# developer mode selected ?
-		echo "CONFIG_DEVEL=y" >>.config
-		if [ $DEVELOPER -eq 1 ]; then
-			# rewrite url to clone with ssh instead of http
-			echo "CONFIG_GITMIRROR_REWRITE=y" >>.config
-		else
-			echo "# CONFIG_GITMIRROR_REWRITE is not set" >>.config
-		fi
-
-		if [ -n "$BRCM_MAX_JOBS" ]
-		then
-		    echo "CONFIG_BRCM_MAX_JOBS=\"1\"" >>.config
-		fi
-
-		# Force regeneration of kernel Makefile
-		# Needed to disable kmods for iopsys-brcm targets
-		touch package/kernel/linux/Makefile
-
-		# we need to signal to bradcom SDK that we have changed the board id
-		# currently boardparms.c and boardparms_voice.c is the only place that is depending on boardid name
-		# so just touch that file.
-		[ -d ./build_dir ] && find build_dir/ -name "boardparms*c" -print0 2>/dev/null | xargs -0 touch 2>/dev/null
-
-		# Store generated config
-		cp .config .genconfig.config
-
-		# Set default values based on selected parameters
-		v "$(make defconfig 2>&1)"
-
-		echo Set version to $(grep -w CONFIG_TARGET_VERSION .config | cut -d'=' -f2 | tr -d '"')
-
-		# Clean base-file package to force rebuild when changing profile
-		v "$(make package/base-files/clean 2>&1)"
-
-		verify_config
-	}
-
-	####### main #####
-	if [ ! -e tmp/.iop_bootstrap ]; then
-		echo "You have not installed feeds. Running genconfig in this state would create a non functional configuration."
-		echo "Run: iop feeds_update"
-		exit 1
-	fi
-
-	if [ $# -eq 0 ]; then
-		echo Current profile:
-		cat $CURRENT_CONFIG_FILE
-		echo "Try ./iop genconfig-legacy -h' to get instructions if you want to change current config"
-		exit 0
-	else
-		while [ -n "$1" ]; do
-			case "$1" in
-
-			-c|--clean) export CLEAN=1;;
-			-D|--no-dirty) export DIRTY="";;
-			-n|--no-update) export IMPORT=0;;
-			-v|--verbose) export VERBOSE="$(($VERBOSE + 1))";;
-			-t|--target) export TARGET="$2"; shift;;
-			-p|--profile) export PROFILE="$2"; shift;;
-			-r|--repo) export CUSTREPO="$2"; shift;;
-			-s|--override) export SRCTREEOVERR=1;;
-			-S|--brcmsingel) export BRCM_MAX_JOBS=1;;
-			-h|--help) usage;;
-			-l|--list) list_customers 0 $2;;
-			-a|--list-all)list_customers 1;;
-			-b|--boards)set_target LIST;exit 0;;
-			-*)
-				echo "Invalid option: $1 "
-				echo "Try -h or --help for more information."
-				exit 1
-				;;
-			*) break;;
-			esac
-			shift;
-		done
-
-		CUSTREPO="${CUSTREPO:-git@dev.iopsys.eu:consumer/iopsys.git}"
-
-		setup_dirs
-		create_and_copy_files "$@" || exit 1
-	fi
-}
-
-register_command "genconfig-legacy" "Generate configuration for board and customer - legacy mode"

iop/scripts/genconfig_min-legacy.sh

@@ -1,503 +0,0 @@
-#!/bin/bash
-
-function genconfig_min-legacy {
-	export CLEAN=0
-	export DIRTY="--dirty"
-	export SRCTREEOVERR=0
-	export FILEDIR="files/"
-	CURRENT_CONFIG_FILE=".current_config_file"
-	export CONFIGPATH="package/feeds/iopsys/iop"
-	CUSTPATH="customerconfigs"
-	export CUSTCONF="customerconfigs/customers"
-	export VERBOSE=0
-	export DEVELOPER=0
-	target="bogus"
-	target_config_path=""
-	brcmbca_feed="target/linux/feeds/brcmbca"
-	airoha_feed="target/linux/feeds/airoha"
-	x86_feed="target/linux/feeds/x86"
-	armsr_feed="target/linux/feeds/armsr"
-	mediatek_feed="target/linux/feeds/mediatek"
-	qualcomm_ipq95xx_feed="target/linux/feeds/ipq95xx"
-	qualcomm_ipq53xx_feed="target/linux/feeds/ipq53xx"
-
-	Red='\033[0;31m'          # Red
-	Color_Off='\033[0m'       # Text Reset
-	Yellow='\033[0;33m'       # Yellow
-
-	function find_last {
-	    egrep "^[ #]*${1}[ =]" $2 | tail -n1
-	}
-
-	function is_new {
-	    for opt in $conf_warned
-	    do
-		if [ "$opt" == "$1" ]
-		then
-		    return 1
-		fi
-	    done
-	    # option not found return true
-	    return 0
-	}
-
-	function verify_config {
-	    local conf_opt
-	    local conf_org
-	    local conf_new
-
-	    while read -r line
-	    do
-		conf_opt=$(echo $line | grep "^[ #]*CONFIG_" | sed 's|.*\(CONFIG_[^ =]*\)[ =].*|\1|')
-		if [ -n "${conf_opt}" ]
-		then
-		    conf_org=$(find_last ${conf_opt} .genconfig.config)
-		    conf_new=$(find_last ${conf_opt} .config)
-		    if [ "$conf_org" != "$conf_new" ]
-		    then
-			if is_new $conf_opt
-			then
-			    echo -e "config option [${Red}$conf_opt${Color_Off}] is not set correctly in .config"
-			    echo -e "got value [${Yellow}$conf_new${Color_Off}] but wanted [${Yellow}$conf_org${Color_Off}]"
-			    echo "This is a real problem somebody needs to investigate"
-			    echo ""
-			    conf_warned="$conf_warned $conf_opt"
-			fi
-		    else
-			true
-			# for debug to see all options
-			#echo -e "wanted [$conf_org] got [$conf_new]"
-		    fi
-		fi
-	    done < .genconfig.config
-	}
-
-	# Takes a board name and returns the target name in global var $target
-	set_target() {
-		local profile=$1
-
-		[ -n "$profile" ] || return
-
-		if [ -n "$TARGET" -a -d "./target/linux/feeds/$TARGET" ]; then
-			local targetpath="./target/linux/feeds/$TARGET"
-			local profiles=
-			local pfound=0
-
-			if [ -e "$targetpath/genconfig" ]; then
-				profiles=$(cd $targetpath; ./genconfig)
-
-				for p in $profiles; do
-					if [ $p == $profile ]; then
-						pfound=1
-						break
-					fi
-				done
-			fi
-
-			if [ $pfound -eq 1 ]; then
-				target="$(echo $TARGET | tr '-' '_')"
-				target_config_path="$targetpath/config"
-			fi
-
-			return
-		fi
-
-		[ -e $brcmbca_feed/genconfig ] &&
-			brcmbca=$(cd $brcmbca_feed; ./genconfig)
-		[ -e $airoha_feed/genconfig ] &&
-			airoha=$(cd $airoha_feed; ./genconfig)
-		[ -e $x86_feed/genconfig ] &&
-			x86=$(cd $x86_feed; ./genconfig)
-		[ -e $armsr_feed/genconfig ] &&
-			armsr=$(cd $armsr_feed; ./genconfig)
-		[ -e $mediatek_feed/genconfig ] &&
-			mediatek=$(cd $mediatek_feed; ./genconfig)
-		[ -e $qualcomm_ipq95xx_feed/genconfig ] &&
-			ipq95xx=$(cd $qualcomm_ipq95xx_feed; ./genconfig)
-		[ -e $qualcomm_ipq53xx_feed/genconfig ] &&
-			ipq53xx=$(cd $qualcomm_ipq53xx_feed; ./genconfig)
-
-	    if [ "$profile" == "LIST" ]; then
-			for list in brcmbca airoha x86 armsr mediatek ipq95xx ipq53xx; do
-				echo "$list based boards:"
-				a=$(echo "${!list}" | sort)
-				for b in $a; do
-					echo -e "\t$b"
-				done
-			done
-			return
-	    fi
-
-	    for p in $airoha; do
-		if [ $p == $profile ]; then
-		    target="airoha"
-			target_config_path="$airoha_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $x86; do
-		if [ $p == $profile ]; then
-		    target="x86"
-			target_config_path="$x86_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $armsr; do
-		if [ $p == $profile ]; then
-		    target="armsr"
-			target_config_path="$armsr_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $mediatek; do
-		if [ $p == $profile ]; then
-		    target="mediatek"
-			target_config_path="$mediatek_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $ipq95xx; do
-		if [ $p == $profile ]; then
-		    target="ipq95xx"
-			target_config_path="$qualcomm_ipq95xx_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $ipq53xx; do
-		if [ $p == $profile ]; then
-		    target="ipq53xx"
-			target_config_path="$qualcomm_ipq53xx_feed/config"
-		    return
-		fi
-	    done
-
-	    for p in $brcmbca; do
-		if [ $p == $profile ]; then
-		    target="brcmbca"
-			target_config_path="$brcmbca_feed/config"
-		    return
-		fi
-	    done
-	}
-
-	git remote -v | grep -qE '(git@|ssh://)' && {
-		DEVELOPER=1
-	}
-
-	v() {
-		[ "$VERBOSE" -ge 1 ] && echo "$@"
-	}
-
-	usage() {
-		echo
-		echo 1>&2 "Usage: $0 genconfig_min-legacy [ OPTIONS ] < Board_Type > [ Customer [customer2 ]...]"
-		echo
-		echo -e "  -c|--clean\t\tRemove all files under ./files and import from config "
-		echo -e "  -D|--no-dirty\t\tIgnore dirty tree"
-		echo -e "  -v|--verbose\t\tVerbose"
-		echo -e "  -n|--no-update\tDo NOT! Update customer config before applying"
-		echo -e "  -t|--target\t\tExplicitly specify the linux target to build the board profile from"
-		echo -e "  -s|--override\t\tEnable 'Package source tree override'"
-		echo -e "  -S|--brcmsingle\tForce build of bcmkernel to use only one thread"
-		echo -e "  -h|--help\t\tShow this message"
-		echo -e "  -l|--list [customer]\tList all Customers or all boards for one customer"
-		echo -e "  -a|--list-all\t\tList all Customers and their board types"
-		echo -e "  -b|--boards\t\tList all board types"
-		echo
-		echo "Example ./iop genconfig_min-legacy eg400 OPERATORX"
-		echo "(if no customerconfig is chosen, iopsys config will be used)"
-		echo
-		exit 0
-	}
-
-	list_customers()
-	{
-		local ALL="$1"
-		local CUSTOMER="$2"
-		if [ "$CUSTOMER" -a -d "$CUSTCONF/$CUSTOMER" ]; then
-			local boards="$(ls -1 "$CUSTCONF/$CUSTOMER" | grep -v common )"
-			if [ "$boards" ]; then
-				echo "$CUSTOMER has following boards:"
-				for board in $boards; do
-					echo -e "\t$board"
-				done
-			else
-				echo "No boards found for $CUSTOMER"
-			fi
-		elif [ "$CUSTOMER" ]; then
-			echo "No customer called $CUSTOMER"
-			exit 1
-		elif [ -d $CUSTCONF ]; then
-			local customers="$(ls -1 $CUSTCONF)"
-			if [ "$customers" -a "$ALL" == 1 ]; then
-				for customer in $customers; do
-					echo $customer
-					local boards="$(ls -1 $CUSTCONF/$customer | grep -v common )"
-					if [ "$boards" ]; then
-						for board in $boards; do
-							echo -e "\t$board"
-						done
-					else
-						echo "has no boards"
-					fi
-				done
-			elif [ "$customers" ]; then
-				echo -e "$customers"
-			else
-				echo "no customers found"
-			fi
-		else
-			echo "No $CUSTCONF folder found"
-		fi
-		exit 0
-	}
-
-
-	generate_config()
-	{
-		DIFFFILE="$1"
-		MASTERFILE="$2"
-		while read p; do
-			v "$p"
-			sed -r -i "$p" $MASTERFILE
-		done < $DIFFFILE
-	}
-
-	setup_dirs()
-	{
-
-		if [ ! -d "$FILEDIR" ]; then
-			mkdir -p $FILEDIR
-		elif [ -d "$FILEDIR" -a $CLEAN -eq 1 ]; then
-			v "rm -rf $FILEDIR*"
-			rm -rf $FILEDIR*
-		fi
-	}
-
-	get_subtarget_for_device() {
-		readonly target="$1"
-		readonly device="$2"
-		readonly targetinfo_file="tmp/info/.targetinfo-feeds_$target"
-		readonly target_profile_line="Target-Profile: DEVICE_$device"
-		# We want to know after which Target: $target/$subtarget line
-		# our $target_profile_line appears
-		# This is a crude way to "parse" the file using shell 🤯
-		# 1. grep for both lines with line number output
-		# 2. grep again to determine the device profile line that we looked for
-		#    but output one context line before as well to determine corresponding subtarget line
-		# 4. Use head and sed to extract the subtarget
-		grep "^Target: $target/\|^$target_profile_line" "$targetinfo_file" \
-			| grep -E -B1 "^$target_profile_line" \
-			| head -n1 \
-			| sed -E "s|^Target: $target/||"
-	}
-
-	create_and_copy_files()
-	{
-		local BOARDTYPE=$1
-		shift
-		local CUSTOMERS=$@
-
-		# Validate seleced board and customers
-		set_target $BOARDTYPE
-		if [ $target == "bogus" ]; then
-			echo "Hardware profile does not exist"
-			exit 1
-		elif [ -n "$CUSTOMERS" ]; then
-			for CUSTOMER in $CUSTOMERS; do
-				if [ ! -d "$CUSTCONF/$CUSTOMER/" ]; then
-					echo "Customer profile for '$CUSTOMER' does not exist"
-					exit 1
-				elif [ ! -d "$CUSTCONF/$CUSTOMER/$BOARDTYPE/" ]; then
-					echo "'$BOARDTYPE' board profile does not exist for customer '$CUSTOMER'"
-					if [ -f "$CUSTCONF/$CUSTOMER/common/common.diff" ]; then
-						echo "Common profile configuration will be used"
-					else
-						exit 1
-					fi
-				fi
-			done
-		fi
-
-		# Generate base config
-		rm -f .config
-		v "Config $BOARDTYPE selected"
-		v "cp $CONFIGPATH/config .config"
-		cp $CONFIGPATH/config .config
-
-		if [ -f $target_config_path/config ]; then
-		    cat $target_config_path/config >> .config
-		    echo "" >> .config
-		fi
-		if [ -f $target_config_path/$BOARDTYPE/config ]; then
-		    cat $target_config_path/$BOARDTYPE/config >> .config
-		    echo "" >> .config
-		fi
-		# hack to support custom-devices until we have deprecated this genconfig-script...
-		local custom_found=false
-		local used_config_file
-
-		for config_file in feeds/*/devices/$target/config/$BOARDTYPE/config; do
-			if [ "$custom_found" = "true" ]; then
-				echo
-				echo "Error was found!"
-				echo "Please use only one path."
-				echo "Two instances of $target/config/$BOARDTYPE exists:"
-				echo "Path 1: $used_config_file"
-				echo "Path 2: $config_file"
-				return 1
-			fi
-			if [ -f "$config_file" ]; then
-				cat "$config_file" >> .config
-				echo "" >> .config
-				custom_found=true
-				used_config_file=$config_file
-			fi
-		done
-
-		# Special handling for targets which use TARGET_DEVICES
-		case "$target" in
-		airoha | mediatek | brcmbca | ipq95xx | ipq53xx)
-			# This assumes the device name to be unique within one target,
-			# which is a fair assumption to make.
-			local subtarget="$(get_subtarget_for_device "${target/_/-}" "$BOARDTYPE")"
-			if [ -z "$subtarget" ]; then
-				echo "Error determining subtarget for $target / ${BOARDTYPE}"
-				return 1
-			fi
-			echo "CONFIG_TARGET_${target}=y" >> .config
-			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
-			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
-			echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
-			echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
-			;;
-		*)
-			echo "CONFIG_TARGET_${target}=y" >> .config
-			echo "CONFIG_TARGET_${target}_${BOARDTYPE}=y" >> .config
-			;;
-		esac
-
-		echo "$CUSTOMERS $BOARDTYPE" > $CURRENT_CONFIG_FILE
-
-		# Add customerconfig diff if a customer is selected
-		if [ -n "$CUSTOMERS" ]; then
-			for CUSTOMER in $CUSTOMERS; do
-				if [ -d "$CUSTCONF/$CUSTOMER/common/fs" ]; then
-					v "cp -ar $CUSTCONF/$CUSTOMER/common/fs/* $FILEDIR"
-					cp -ar $CUSTCONF/$CUSTOMER/common/fs/* $FILEDIR
-				fi
-				if [ -d "$CUSTCONF/$CUSTOMER/$BOARDTYPE/fs" ]; then
-					v "cp -ar $CUSTCONF/$CUSTOMER/$BOARDTYPE/fs/* $FILEDIR"
-					cp -ar $CUSTCONF/$CUSTOMER/$BOARDTYPE/fs/* $FILEDIR
-				fi
-				if [ -e "$CUSTCONF/$CUSTOMER/common/common.diff" ]; then
-					v "Apply $CUSTCONF/$CUSTOMER/common/common.diff"
-					cat $CUSTCONF/$CUSTOMER/common/common.diff >> .config
-					echo "" >> .config
-				fi
-				if [ -e "$CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff" ]; then
-					v "Apply $CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff"
-					cat $CUSTCONF/$CUSTOMER/$BOARDTYPE/$BOARDTYPE.diff >> .config
-					echo "" >> .config
-				fi
-			done
-		fi
-
-		# Set target version
-		local git_version
-		if ! git_version="$(git describe --always $DIRTY --tags --match '[0-9].*.*' --match '[0-9][0-9].*.*')"; then
-			echo "ERROR: Failed getting version via git describe, exiting." >&2
-			return 1
-		fi
-		local version="${git_version,,}${CUSTOMERS:+-${CUSTOMERS// /}}"
-		local version_lower="${version,,}"
-		echo "CONFIG_TARGET_VERSION=\"${version_lower}\"" >> .config
-		echo "CONFIG_VERSION_CODE=\"${version_lower}\"" >> .config
-		echo "CONFIG_VERSION_PRODUCT=\"$BOARDTYPE"\" >> .config
-
-		# Enable Package source tree override if selected
-		[ $SRCTREEOVERR -eq 1 ] && echo CONFIG_SRC_TREE_OVERRIDE=y >> .config
-
-		# developer mode selected ?
-		echo "CONFIG_DEVEL=y" >>.config
-
-		if [ -n "$BRCM_MAX_JOBS" ]
-		then
-		    echo "CONFIG_BRCM_MAX_JOBS=\"1\"" >>.config
-		fi
-
-		# Force regeneration of kernel Makefile
-		# Needed to disable kmods for iopsys-brcm targets
-		touch package/kernel/linux/Makefile
-
-		# we need to signal to bradcom SDK that we have changed the board id
-		# currently boardparms.c and boardparms_voice.c is the only place that is depending on boardid name
-		# so just touch that file.
-		[ -d ./build_dir ] && find build_dir/ -name "boardparms*c" -print0 2>/dev/null | xargs -0 touch 2>/dev/null
-
-		# Store generated config
-		cp .config .genconfig.config
-
-		# Set default values based on selected parameters
-		v "$(make defconfig 2>&1)"
-
-		echo Set version to $(grep -w CONFIG_TARGET_VERSION .config | cut -d'=' -f2 | tr -d '"')
-
-		# Clean base-file package to force rebuild when changing profile
-		v "$(make package/base-files/clean 2>&1)"
-
-		verify_config
-	}
-
-	####### main #####
-	if [ ! -e tmp/.iop_bootstrap ]; then
-		echo "You have not installed feeds. Running genconfig in this state would create a non functional configuration."
-		echo "Run: iop feeds_update"
-		exit 1
-	fi
-
-	if [ $# -eq 0 ]; then
-		echo Current profile:
-		cat $CURRENT_CONFIG_FILE
-		echo "Try ./iop genconfig_min-legacy -h' to get instructions if you want to change current config"
-		exit 0
-	else
-		while [ -n "$1" ]; do
-			case "$1" in
-
-			-c|--clean) export CLEAN=1;;
-			-D|--no-dirty) export DIRTY="";;
-			-n|--no-update) export IMPORT=0;;
-			-v|--verbose) export VERBOSE="$(($VERBOSE + 1))";;
-			-t|--target) export TARGET="$2"; shift;;
-			-p|--profile) export PROFILE="$2"; shift;;
-			-r|--repo) export CUSTREPO="$2"; shift;;
-			-s|--override) export SRCTREEOVERR=1;;
-			-S|--brcmsingel) export BRCM_MAX_JOBS=1;;
-			-h|--help) usage;;
-			-l|--list) list_customers 0 $2;;
-			-a|--list-all)list_customers 1;;
-			-b|--boards)set_target LIST;exit 0;;
-			-*)
-				echo "Invalid option: $1 "
-				echo "Try -h or --help for more information."
-				exit 1
-				;;
-			*) break;;
-			esac
-			shift;
-		done
-
-		CUSTREPO="${CUSTREPO:-git@dev.iopsys.eu:consumer/iopsys.git}"
-
-		setup_dirs
-		create_and_copy_files "$@"
-	fi
-}
-
-register_command "genconfig_min-legacy" "Generate configuration for customer with manual board configuration - legacy mode"

iop/scripts/update_package.sh

@@ -1,7 +0,0 @@
-update_package() {
-	echo "update_package is no longer supported." >&2
-	echo "Its replacement is ./iop set-feed-rev." >&2
-	return 1
-}
-
-register_command "update_package" "No longer used command"

iopsys-analytics/Makefile

@@ -4,7 +4,7 @@ PKG_NAME:=iopsys-analytics
 PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=PROPRIETARY
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=1a749bdebd142a83ba0733f1644a6241403c9097
+PKG_SOURCE_VERSION:=aea91816de703cf1c72490f51c2aa73c2f61640d
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/iopsys-analytics.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ipt-trigger/Makefile

@@ -6,15 +6,24 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ipt-trigger
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.0.2
 PKG_LICENSE:=GPL-2.0
 
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=4f3d4427403e0a9be7653c1b92907ae8ae5f21ae
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ipt-trigger.git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
 include $(INCLUDE_DIR)/package.mk
 
 define KernelPackage/ipt-trigger
   SUBMENU:=Other modules
   TITLE:=Kernel module for iptables port trigger
-  FILES:=$(PKG_BUILD_DIR)/ipv4/ipt_TRIGGER.ko
+  FILES:=$(PKG_BUILD_DIR)/src/ipv4/ipt_TRIGGER.ko
   DEPENDS+=+kmod-nf-nat +xtables-legacy
   AUTOLOAD:=$(call AutoLoad,30,ipt_TRIGGER,1)
   KCONFIG:=
@@ -24,7 +33,7 @@ define KernelPackage/ip6t-trigger
   SUBMENU:=Other modules
   TITLE:=Kernel module for ip6tables port trigger
   DEPENDS+=+kmod-nf-nat +xtables-legacy
-  FILES:=$(PKG_BUILD_DIR)/ipv6/ip6t_TRIGGER.ko
+  FILES:=$(PKG_BUILD_DIR)/src/ipv6/ip6t_TRIGGER.ko
   AUTOLOAD:=$(call AutoLoad,30,ip6t_TRIGGER,1)
   KCONFIG:=
 endef
@@ -41,21 +50,28 @@ ifeq ($(CONFIG_TARGET_brcmbca),y)
 	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
 endif
 
+ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-	$(CP) -rf ./src/* $(PKG_BUILD_DIR)/
-	$(CP) $(PKG_BUILD_DIR)/ipt_TRIGGER.h $(LINUX_DIR)/include/linux/netfilter_ipv4/
+	$(CP) -rf ./ipt-trigger/* $(PKG_BUILD_DIR)/
+	$(CP) ./ipt-trigger/include/ipt_TRIGGER.h $(LINUX_DIR)/include/linux/netfilter_ipv4/
 endef
+else
+define Build/Prepare
+	$(Build/Prepare/Default)
+	$(CP) $(PKG_BUILD_DIR)/include/ipt_TRIGGER.h $(LINUX_DIR)/include/linux/netfilter_ipv4/
+endef
+endif
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/include/linux/netfilter_ipv4
-	$(CP) $(PKG_BUILD_DIR)/ipt_TRIGGER.h $(1)/include/linux/netfilter_ipv4/
+	$(CP) $(PKG_BUILD_DIR)/include/ipt_TRIGGER.h $(1)/include/linux/netfilter_ipv4/
 endef
 
 KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
 
 define Build/Compile
-	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/ipv4/" modules
-	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/ipv6/" modules
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src/ipv4/" modules
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src/ipv6/" modules
 endef
 
 $(eval $(call KernelPackage,ipt-trigger))

ipt-trigger/src/ipt_TRIGGER.h

@@ -1,26 +0,0 @@
-#ifndef _IPT_TRIGGER_H_target
-#define _IPT_TRIGGER_H_target
-
-#define TRIGGER_TIMEOUT 600	/* 600 secs */
-
-enum ipt_trigger_type
-{
-	IPT_TRIGGER_DNAT = 1,
-	IPT_TRIGGER_IN = 2,
-	IPT_TRIGGER_OUT = 3,
-	IPT_TRIGGER_REFRESH = 4
-};
-
-struct ipt_trigger_ports {
-	u_int16_t mport[2];	/* Related destination port range */
-	u_int16_t rport[2];	/* Port range to map related destination port range to */
-};
-
-struct ipt_trigger_info {
-	enum ipt_trigger_type type;
-	u_int16_t proto;		/* Related protocol */
-	u_int16_t trigger_timeout;	/* Auto disable duration */
-	struct ipt_trigger_ports ports;
-};
-
-#endif /*_IPT_TRIGGER_H_target*/

ipt-trigger/src/ipv4/Makefile

@@ -1 +0,0 @@
-obj-m +=ipt_TRIGGER.o

ipt-trigger/src/ipv4/ipt_TRIGGER.c

@@ -1,407 +0,0 @@
-/* Kernel module to match the port-ranges, trigger related port-ranges,
- * and alters the destination to a local IP address.
- *
- * Copyright (C) 2003, CyberTAN Corporation
- * All Rights Reserved.
- *
- * Description:
- *   This is kernel module for port-triggering.
- *
- *   The module follows the Netfilter framework, called extended packet
- *   matching modules.
- */
-
-#include <linux/types.h>
-#include <linux/ip.h>
-#include <linux/tcp.h>
-#include <linux/timer.h>
-#include <linux/module.h>
-#include <linux/netfilter.h>
-#include <linux/netdevice.h>
-#include <linux/if.h>
-#include <linux/inetdevice.h>
-#include <linux/list.h>
-#include <net/protocol.h>
-#include <net/checksum.h>
-#include <linux/spinlock.h>
-
-#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
-#include <net/netfilter/nf_conntrack.h>
-#include <net/netfilter/nf_conntrack_core.h>
-#include <net/netfilter/nf_conntrack_tuple.h>
-#include <net/netfilter/nf_nat.h>
-#include <linux/netfilter_ipv4/ipt_TRIGGER.h>
-
-/* This rwlock protects the main hash table, protocol/helper/expected
- *    registrations, conntrack timers*/
-
-
-static DEFINE_SPINLOCK(nf_trigger_lock);
-
-
-
-#define NF_IP_PRE_ROUTING	0
-#define NF_IP_FORWARD		2
-#define IPT_CONTINUE XT_CONTINUE
-
-
-
-/***********************lock help**********************/
-#define MUST_BE_READ_LOCKED(l)
-#define MUST_BE_WRITE_LOCKED(l)
-
-
-#define LOCK_BH(l) spin_lock_bh(l)
-#define UNLOCK_BH(l) spin_unlock_bh(l)
-
-#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&nf_trigger_lock)
-#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&nf_trigger_lock)
-
-
-
-
-/***********************list help**********************/
-#define LIST_FIND(head, cmpfn, type, args...)           \
-({                                                      \
-        const struct list_head *__i, *__j = NULL;       \
-                                                        \
-        ASSERT_READ_LOCK(head);                         \
-        list_for_each(__i, (head))                      \
-                if (cmpfn((const type)__i , ## args)) { \
-                        __j = __i;                      \
-                        break;                          \
-                }                                       \
-        (type)__j;                                      \
-})
-
-static inline int
-__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
-
-static inline void
-list_prepend(struct list_head *head, void *new)
-{
-	ASSERT_WRITE_LOCK(head);
-	list_add(new, head);
-}
-
-#define list_named_find(head, name)                     \
-LIST_FIND(head, __list_cmp_name, void *, name)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
-MODULE_DESCRIPTION("iptables trigger target module");
-
-#if 0
-#define DEBUGP printk
-#else
-#define DEBUGP(format, args...)
-#endif
-
-struct ipt_trigger {
-        struct list_head list;          /* Trigger list */
-        struct timer_list timeout;      /* Timer for list destroying */
-        u_int32_t srcip;                /* Outgoing source address */
-        u_int32_t dstip;                /* Outgoing destination address */
-        u_int16_t mproto;               /* Trigger protocol */
-        u_int16_t rproto;               /* Related protocol */
-        u_int16_t trigger_timeout;      /* Auto disable duration */
-        struct ipt_trigger_ports ports; /* Trigger and related ports */
-        u_int8_t reply;                 /* Confirm a reply connection */
-};
-
-LIST_HEAD(ipt_trigger_list);
-
-static void trigger_refresh(struct ipt_trigger *trig, unsigned long extra_jiffies)
-{
-	DEBUGP("%s: \n", __FUNCTION__);
-	LOCK_BH(&nf_trigger_lock);
-	/* Need del_timer for race avoidance (may already be dying). */
-	if (del_timer(&trig->timeout)) {
-		trig->timeout.expires = jiffies + extra_jiffies;
-		add_timer(&trig->timeout);
-	}
-
-	UNLOCK_BH(&nf_trigger_lock);
-}
-
-static void __del_trigger(struct ipt_trigger *trig)
-{
-	DEBUGP("%s: \n", __FUNCTION__);
-	MUST_BE_WRITE_LOCKED(&nf_trigger_lock);
-
-	/* delete from 'ipt_trigger_list' */
-	list_del(&trig->list);
-	kfree(trig);
-}
-
-static void trigger_timeout(struct timer_list *t)
-{
-	struct ipt_trigger *trig = from_timer(trig, t, timeout);
-
-	DEBUGP("trigger list %p timed out\n", trig);
-	LOCK_BH(&nf_trigger_lock);
-	__del_trigger(trig);
-	UNLOCK_BH(&nf_trigger_lock);
-}
-
-static unsigned int
-add_new_trigger(struct ipt_trigger *trig)
-{
-	struct ipt_trigger *new = NULL;
-
-	DEBUGP("!!!!!!!!!!!! %s !!!!!!!!!!!\n", __FUNCTION__);
-
-	LOCK_BH(&nf_trigger_lock);
-	new = (struct ipt_trigger *)
-		kmalloc(sizeof(struct ipt_trigger), GFP_ATOMIC);
-
-	if (!new) {
-		UNLOCK_BH(&nf_trigger_lock);
-		DEBUGP("%s: OOM allocating trigger list\n", __FUNCTION__);
-		return -ENOMEM;
-	}
-
-	memset(new, 0, sizeof(*trig));
-	INIT_LIST_HEAD(&new->list);
-	memcpy(new, trig, sizeof(*trig));
-
-	/* add to global table of trigger */
-	list_prepend(&ipt_trigger_list, &new->list);
-
-	/* add and start timer if required */
-	timer_setup(&new->timeout, trigger_timeout, 0);
-	mod_timer(&new->timeout, jiffies + (trig->trigger_timeout * HZ));
-
-	UNLOCK_BH(&nf_trigger_lock);
-
-	return 0;
-}
-
-/*
- *      Service-Name    OutBound        InBound
- * 1.   TMD             UDP:1000        TCP/UDP:2000..2010
- * 2.   WOKAO           UDP:1000        TCP/UDP:3000..3010
- * 3.   net2phone-1     UDP:6801        TCP:30000..30000
- * 4.   net2phone-2     UDP:6801        UDP:30000..30000
- *
- * For supporting to use the same outgoing port to trigger different port rules,
- * it should check the inbound protocol and port range value. If all conditions
- * are matched, it is a same trigger item, else it needs to create a new one.
- */
-static inline int trigger_out_matched(const struct ipt_trigger *i,
-        const u_int16_t proto, const u_int16_t dport, const struct ipt_trigger_info *info)
-{
-	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
-	DEBUGP("%s: Got one, mproto= %d, mport[0..1]=%d, %d, ", __FUNCTION__,
-			i->mproto, i->ports.mport[0], i->ports.mport[1]);
-	DEBUGP("rproto= %d, rport[0..1]=%d, %d.\n",
-			i->rproto, i->ports.rport[0], i->ports.rport[1]);
-
-	return ((i->mproto == proto) &&
-			(i->ports.mport[0] <= dport)  &&
-			(i->ports.mport[1] >= dport) &&
-			(i->rproto == info->proto) &&
-			(i->ports.rport[0] == info->ports.rport[0]) &&
-			(i->ports.rport[1] == info->ports.rport[1]));
-}
-
-static unsigned int
-trigger_out(struct sk_buff *skb,
-                unsigned int hooknum,
-                const void *targinfo)
-{
-	const struct ipt_trigger_info *info = targinfo;
-	struct ipt_trigger trig, *found;
-	const struct iphdr *iph = ip_hdr(skb);
-	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
-
-	DEBUGP("############# %s ############\n", __FUNCTION__);
-	/* Check if the trigger range has already existed in 'ipt_trigger_list'. */
-	found = LIST_FIND(&ipt_trigger_list, trigger_out_matched,
-			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest), info);
-
-
-	if (found) {
-		/* Yeah, it exists. We need to update(delay) the destroying timer. */
-		trigger_refresh(found, info->trigger_timeout * HZ);
-		/* In order to allow multiple hosts use the same port range, we update
-		   the 'saddr' after previous trigger has a reply connection. */
-		if (found->reply)
-			found->srcip = iph->saddr;
-	}
-	else {
-		/* Create new trigger */
-		memset(&trig, 0, sizeof(trig));
-		trig.srcip = iph->saddr;
-		trig.mproto = iph->protocol;
-		trig.rproto = info->proto;
-		trig.trigger_timeout = info->trigger_timeout;
-		memcpy(&trig.ports, &info->ports, sizeof(struct ipt_trigger_ports));
-		add_new_trigger(&trig); /* Add the new 'trig' to list 'ipt_trigger_list'. */
-	}
-
-	return IPT_CONTINUE;        /* We don't block any packet. */
-}
-
-static inline int trigger_in_matched(const struct ipt_trigger *i,
-        const u_int16_t proto, const u_int16_t dport)
-{
-	u_int16_t rproto = i->rproto;
-
-	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
-	DEBUGP("%s: Got one, rproto= %d, rport[0..1]=%d, %d.\n", __FUNCTION__,
-			i->rproto, i->ports.rport[0], i->ports.rport[1]);
-
-	if (!rproto)
-		rproto = proto;
-
-	return ((rproto == proto) && (i->ports.rport[0] <= dport)
-			&& (i->ports.rport[1] >= dport));
-}
-
-static unsigned int
-trigger_in(struct sk_buff *skb,
-                unsigned int hooknum,
-                const void *targinfo)
-{
-	const struct ipt_trigger_info *info = targinfo;
-	struct ipt_trigger *found;
-	const struct iphdr *iph = ip_hdr(skb);
-	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
-	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
-	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
-			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest));
-	if (found) {
-		DEBUGP("############# %s ############\n", __FUNCTION__);
-		/* Yeah, it exists. We need to update(delay) the destroying timer. */
-		trigger_refresh(found, info->trigger_timeout * HZ);
-		return NF_ACCEPT;       /* Accept it, or the imcoming packet could be
-					   dropped in the FORWARD chain */
-	}
-
-	return IPT_CONTINUE;        /* Our job is the interception. */
-}
-
-static unsigned int
-trigger_dnat(struct sk_buff *skb,
-                unsigned int hooknum,
-                const void *targinfo)
-{
-	struct ipt_trigger *found = NULL;
-	const struct iphdr *iph = ip_hdr(skb);
-	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
-	struct nf_conn *ct = NULL;
-	enum ip_conntrack_info ctinfo;
-	struct nf_nat_range2 newrange;
-
-	DEBUGP("############# %s ############%d\n", __FUNCTION__, __LINE__);
-	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
-	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
-			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest));
-	if (found) {
-		DEBUGP("############# %s ############%d srcip:%d\n", __FUNCTION__, __LINE__, found->srcip);
-	}
-
-	if (!found || !found->srcip)
-		return IPT_CONTINUE;    /* We don't block any packet. */
-
-	DEBUGP("############# %s ############\n", __FUNCTION__);
-	found->reply = 1;   /* Confirm there has been a reply connection. */
-	ct = nf_ct_get(skb, &ctinfo);
-
-	DEBUGP("%s: got ", __FUNCTION__);
-
-
-	/* Alter the destination of imcoming packet. */
-	/* Transfer from original range. */
-	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
-	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
-	memset(&newrange.min_proto, 0, sizeof(newrange.min_proto));
-	memset(&newrange.max_proto, 0, sizeof(newrange.max_proto));
-	newrange.flags	     = NF_NAT_RANGE_MAP_IPS;
-	newrange.min_addr.ip = found->srcip;
-	newrange.max_addr.ip = found->srcip;
-	DEBUGP("%s: found->srcip = %x\n", __FUNCTION__,  found->srcip);
-
-	/* Hand modified range to generic setup. */
-	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
-}
-
-static unsigned int
-trigger_target(struct sk_buff *skb,
-			       const struct xt_action_param *par)
-{
-	const struct ipt_trigger_info *info = par->targinfo;
-	const struct iphdr *iph = ip_hdr(skb);
-	unsigned int hooknum = xt_hooknum(par);
-
-	DEBUGP("%s: type = %s\n", __FUNCTION__,
-			(info->type == IPT_TRIGGER_DNAT) ? "dnat" :
-			(info->type == IPT_TRIGGER_IN) ? "in" : "out");
-
-	/* The Port-trigger only supports TCP and UDP. */
-	if ((iph->protocol != IPPROTO_TCP) && (iph->protocol != IPPROTO_UDP))
-		return IPT_CONTINUE;
-
-	if (info->type == IPT_TRIGGER_OUT)
-		return trigger_out(skb, hooknum, info);
-	else if (info->type == IPT_TRIGGER_IN)
-		return trigger_in(skb, hooknum, info);
-	else if (info->type == IPT_TRIGGER_DNAT)
-		return trigger_dnat(skb, hooknum, info);
-
-	return IPT_CONTINUE;
-}
-static int
-trigger_check(const struct xt_tgchk_param *par)
-{
-	const struct ipt_trigger_info *info = par->targinfo;
-
-	if ((strcmp(par->table, "mangle") == 0)) {
-		DEBUGP("trigger_check: bad table `%s'.\n", par->table);
-		return -EINVAL;
-	}
-	if (par->hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_FORWARD))) {
-		DEBUGP("trigger_check: bad hooks %x.\n", par->hook_mask);
-		return -EINVAL;
-	}
-
-	if (info->proto) {
-		if (info->proto != IPPROTO_TCP && info->proto != IPPROTO_UDP) {
-			DEBUGP("trigger_check: bad proto %d.\n", info->proto);
-			return -EINVAL;
-		}
-	}
-	if (info->type == IPT_TRIGGER_OUT) {
-		if (!info->ports.mport[0] || !info->ports.rport[0]) {
-			DEBUGP("trigger_check: Try 'iptbles -j TRIGGER -h' for help.\n");
-			return -EINVAL;
-		}
-	}
-
-	return 0;
-}
-
-
-static struct xt_target redirect_reg = {
-        .name           = "TRIGGER",
-        .family         = NFPROTO_IPV4,
-        .target         = trigger_target,
-        .targetsize     = sizeof(struct ipt_trigger_info),
-        .checkentry     = trigger_check,
-        .me             = THIS_MODULE,
-};
-
-static int __init init(void)
-{
-	return xt_register_target(&redirect_reg);
-}
-
-static void __exit fini(void)
-{
-	xt_unregister_target(&redirect_reg);
-}
-
-module_init(init);
-module_exit(fini);

ipt-trigger/src/ipv6/Makefile

@@ -1 +0,0 @@
-obj-m +=ip6t_TRIGGER.o

ipt-trigger/src/ipv6/ip6t_TRIGGER.c

@@ -1,429 +0,0 @@
-/* Kernel module to match the port-ranges, trigger related port-ranges,
- * and alters the destination to a local IPv6 address.
- *
- * Copyright (C) 2024, IOPSYS
- * All Rights Reserved.
- *
- * Description:
- *   This is kernel module for port-triggering.
- *
- *   The module follows the Netfilter framework, called extended packet
- *   matching modules.
- */
-
-#include <linux/types.h>
-#include <linux/tcp.h>
-#include <linux/timer.h>
-#include <linux/module.h>
-#include <linux/netfilter.h>
-#include <linux/netdevice.h>
-#include <linux/if.h>
-#include <linux/inetdevice.h>
-#include <linux/list.h>
-#include <net/protocol.h>
-#include <net/checksum.h>
-#include <linux/spinlock.h>
-
-#include <linux/netfilter_ipv6.h>
-#include <linux/netfilter_ipv6/ip6_tables.h>
-#include <net/netfilter/nf_conntrack.h>
-#include <net/netfilter/nf_conntrack_core.h>
-#include <net/netfilter/nf_conntrack_tuple.h>
-#include <net/netfilter/nf_nat.h>
-#include <linux/netfilter_ipv4/ipt_TRIGGER.h>
-
-/* This rwlock protects the main hash table, protocol/helper/expected
- *    registrations, conntrack timers*/
-
-
-static DEFINE_SPINLOCK(nf_trigger_lock);
-
-
-
-#define NF_IP_PRE_ROUTING	0
-#define NF_IP_FORWARD		2
-#define IPT_CONTINUE XT_CONTINUE
-
-
-
-/***********************lock help**********************/
-#define MUST_BE_READ_LOCKED(l)
-#define MUST_BE_WRITE_LOCKED(l)
-
-
-#define LOCK_BH(l) spin_lock_bh(l)
-#define UNLOCK_BH(l) spin_unlock_bh(l)
-
-#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&nf_trigger_lock)
-#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&nf_trigger_lock)
-
-
-
-
-/***********************list help**********************/
-#define LIST_FIND(head, cmpfn, type, args...)           \
-({                                                      \
-        const struct list_head *__i, *__j = NULL;       \
-                                                        \
-        ASSERT_READ_LOCK(head);                         \
-        list_for_each(__i, (head))                      \
-                if (cmpfn((const type)__i , ## args)) { \
-                        __j = __i;                      \
-                        break;                          \
-                }                                       \
-        (type)__j;                                      \
-})
-
-static inline int
-__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
-
-static inline void
-list_prepend(struct list_head *head, void *new)
-{
-	ASSERT_WRITE_LOCK(head);
-	list_add(new, head);
-}
-
-#define list_named_find(head, name)                     \
-LIST_FIND(head, __list_cmp_name, void *, name)
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("IOPSYS Network Team");
-MODULE_DESCRIPTION("iptables trigger target module");
-
-#if 0
-#define DEBUGP printk
-#else
-#define DEBUGP(format, args...)
-#endif
-
-struct ipt_trigger {
-        struct list_head list;          /* Trigger list */
-        struct timer_list timeout;      /* Timer for list destroying */
-        struct in6_addr srcip;                /* Outgoing source address */
-        struct in6_addr dstip;                /* Outgoing destination address */
-        u_int16_t mproto;               /* Trigger protocol */
-        u_int16_t rproto;               /* Related protocol */
-	u_int16_t trigger_timeout;      /* Auto disable duration */
-        struct ipt_trigger_ports ports; /* Trigger and related ports */
-        u_int8_t reply;                 /* Confirm a reply connection */
-};
-
-LIST_HEAD(ipt_trigger_list);
-
-static unsigned char *ipv6_header_get_L4_header_offset(const struct ipv6hdr *ip6h_p)
-{
-        unsigned int ext_head_count = 8;
-        const struct ipv6_opt_hdr *ip_ext_p;
-        unsigned int payload_offset = 0;
-	char *tcpudp_hdr = NULL;
-	uint8_t nextHdr_p;
-
-        nextHdr_p = ip6h_p->nexthdr;
-        ip_ext_p = (const struct ipv6_opt_hdr *)(ip6h_p + 1);
-        payload_offset = sizeof(struct ipv6hdr);
-
-        do {
-                if ((nextHdr_p == IPPROTO_TCP) || (nextHdr_p == IPPROTO_UDP)) {
-			tcpudp_hdr = (unsigned char *)ip6h_p + payload_offset;
-                        break;
-		}
-
-                payload_offset += (ip_ext_p->hdrlen + 1U) << 3U;
-                nextHdr_p = ip_ext_p->nexthdr;
-                ip_ext_p = (struct ipv6_opt_hdr *)((uint8_t *)ip6h_p + payload_offset);
-                ext_head_count--; /* at most 8 extension headers */
-        } while (ext_head_count);
-
-        return tcpudp_hdr;
-}
-
-static void trigger_refresh(struct ipt_trigger *trig, unsigned long extra_jiffies)
-{
-	DEBUGP("%s: \n", __FUNCTION__);
-	LOCK_BH(&nf_trigger_lock);
-	/* Need del_timer for race avoidance (may already be dying). */
-	if (del_timer(&trig->timeout)) {
-		trig->timeout.expires = jiffies + extra_jiffies;
-		add_timer(&trig->timeout);
-	}
-
-	UNLOCK_BH(&nf_trigger_lock);
-}
-
-static void __del_trigger(struct ipt_trigger *trig)
-{
-	DEBUGP("%s: \n", __FUNCTION__);
-	MUST_BE_WRITE_LOCKED(&nf_trigger_lock);
-
-	/* delete from 'ipt_trigger_list' */
-	list_del(&trig->list);
-	kfree(trig);
-}
-
-static void trigger_timeout(struct timer_list *t)
-{
-	struct ipt_trigger *trig = from_timer(trig, t, timeout);
-
-	DEBUGP("trigger list %p timed out\n", trig);
-	LOCK_BH(&nf_trigger_lock);
-	__del_trigger(trig);
-	UNLOCK_BH(&nf_trigger_lock);
-}
-
-static unsigned int
-add_new_trigger(struct ipt_trigger *trig)
-{
-	struct ipt_trigger *new = NULL;
-
-	DEBUGP("!!!!!!!!!!!! %s !!!!!!!!!!!\n", __FUNCTION__);
-
-	LOCK_BH(&nf_trigger_lock);
-	new = (struct ipt_trigger *)
-		kmalloc(sizeof(struct ipt_trigger), GFP_ATOMIC);
-
-	if (!new) {
-		UNLOCK_BH(&nf_trigger_lock);
-		DEBUGP("%s: OOM allocating trigger list\n", __FUNCTION__);
-		return -ENOMEM;
-	}
-
-	memset(new, 0, sizeof(*trig));
-	INIT_LIST_HEAD(&new->list);
-	memcpy(new, trig, sizeof(*trig));
-
-	/* add to global table of trigger */
-	list_prepend(&ipt_trigger_list, &new->list);
-
-	/* add and start timer if required */
-	timer_setup(&new->timeout, trigger_timeout, 0);
-	mod_timer(&new->timeout, jiffies + (trig->trigger_timeout * HZ));
-
-	UNLOCK_BH(&nf_trigger_lock);
-
-	return 0;
-}
-
-/*
- *      Service-Name    OutBound        InBound
- * 1.   TMD             UDP:1000        TCP/UDP:2000..2010
- * 2.   WOKAO           UDP:1000        TCP/UDP:3000..3010
- * 3.   net2phone-1     UDP:6801        TCP:30000..30000
- * 4.   net2phone-2     UDP:6801        UDP:30000..30000
- *
- * For supporting to use the same outgoing port to trigger different port rules,
- * it should check the inbound protocol and port range value. If all conditions
- * are matched, it is a same trigger item, else it needs to create a new one.
- */
-static inline int trigger_out_matched(const struct ipt_trigger *i,
-        const u_int16_t proto, const u_int16_t dport, const struct ipt_trigger_info *info)
-{
-	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
-	DEBUGP("%s: Got one, mproto= %d, mport[0..1]=%d, %d, ", __FUNCTION__,
-			i->mproto, i->ports.mport[0], i->ports.mport[1]);
-	DEBUGP("rproto= %d, rport[0..1]=%d, %d.\n",
-			i->rproto, i->ports.rport[0], i->ports.rport[1]);
-
-	return ((i->mproto == proto) &&
-			(i->ports.mport[0] <= dport)  &&
-			(i->ports.mport[1] >= dport) &&
-			(i->rproto == info->proto) &&
-			(i->ports.rport[0] == info->ports.rport[0]) &&
-			(i->ports.rport[1] == info->ports.rport[1]));
-}
-
-static unsigned int
-trigger_out(struct sk_buff *skb,
-                unsigned int hooknum,
-                const void *targinfo)
-{
-	const struct ipt_trigger_info *info = targinfo;
-	struct ipt_trigger trig, *found;
-	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
-	struct tcphdr *tcph = (struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
-
-	DEBUGP("############# %s ############\n", __FUNCTION__);
-	/* Check if the trigger range has already existed in 'ipt_trigger_list'. */
-	found = LIST_FIND(&ipt_trigger_list, trigger_out_matched,
-			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest), info);
-
-
-	if (found) {
-		/* Yeah, it exists. We need to update(delay) the destroying timer. */
-		trigger_refresh(found, info->trigger_timeout * HZ);
-		/* In order to allow multiple hosts use the same port range, we update
-		   the 'saddr' after previous trigger has a reply connection. */
-		if (found->reply)
-			found->srcip = ip6h->saddr;
-	}
-	else {
-		/* Create new trigger */
-		memset(&trig, 0, sizeof(trig));
-		memcpy(&trig.srcip, &ip6h->saddr, sizeof(trig.srcip));
-		trig.mproto = ip6h->nexthdr;
-		trig.rproto = info->proto;
-		trig.trigger_timeout = info->trigger_timeout;
-		memcpy(&trig.ports, &info->ports, sizeof(struct ipt_trigger_ports));
-		add_new_trigger(&trig); /* Add the new 'trig' to list 'ipt_trigger_list'. */
-	}
-
-	return IPT_CONTINUE;        /* We don't block any packet. */
-}
-
-static inline int trigger_in_matched(const struct ipt_trigger *i,
-        const u_int16_t proto, const u_int16_t dport)
-{
-	u_int16_t rproto = i->rproto;
-
-	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
-	DEBUGP("%s: Got one, rproto= %d, rport[0..1]=%d, %d.\n", __FUNCTION__,
-			i->rproto, i->ports.rport[0], i->ports.rport[1]);
-
-	if (!rproto)
-		rproto = proto;
-
-	return ((rproto == proto) && (i->ports.rport[0] <= dport)
-			&& (i->ports.rport[1] >= dport));
-}
-
-static unsigned int
-trigger_in(struct sk_buff *skb,
-                unsigned int hooknum,
-                const void *targinfo)
-{
-	const struct ipt_trigger_info *info = targinfo;
-	struct ipt_trigger *found;
-	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
-	struct tcphdr *tcph =(struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
-	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
-	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
-			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest));
-	if (found) {
-		DEBUGP("############# %s ############\n", __FUNCTION__);
-		/* Yeah, it exists. We need to update(delay) the destroying timer. */
-		trigger_refresh(found, info->trigger_timeout * HZ);
-		return NF_ACCEPT;       /* Accept it, or the imcoming packet could be
-					   dropped in the FORWARD chain */
-	}
-
-	return IPT_CONTINUE;        /* Our job is the interception. */
-}
-
-static unsigned int
-trigger_dnat(struct sk_buff *skb,
-                unsigned int hooknum,
-                const void *targinfo)
-{
-	struct ipt_trigger *found = NULL;
-	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
-	struct tcphdr *tcph =(struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
-	struct nf_conn *ct = NULL;
-	enum ip_conntrack_info ctinfo;
-	struct nf_nat_range2 newrange;
-
-	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
-	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
-			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest));
-
-	if (!found)
-		return IPT_CONTINUE;    /* We don't block any packet. */
-
-	DEBUGP("############# %s ############\n", __FUNCTION__);
-	found->reply = 1;   /* Confirm there has been a reply connection. */
-	ct = nf_ct_get(skb, &ctinfo);
-
-	DEBUGP("%s: got ", __FUNCTION__);
-
-
-	/* Alter the destination of imcoming packet. */
-	/* Transfer from original range. */
-	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
-	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
-	memset(&newrange.min_proto, 0, sizeof(newrange.min_proto));
-	memset(&newrange.max_proto, 0, sizeof(newrange.max_proto));
-	newrange.flags	     = NF_NAT_RANGE_MAP_IPS;
-	memcpy(&newrange.min_addr.ip, &found->srcip, sizeof(newrange.min_addr.ip));
-	memcpy(&newrange.max_addr.ip, &found->srcip, sizeof(newrange.max_addr.ip));
-	DEBUGP("%s: found->srcip = %x\n", __FUNCTION__,  found->srcip);
-
-	/* Hand modified range to generic setup. */
-	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
-}
-
-static unsigned int
-trigger_target(struct sk_buff *skb,
-			       const struct xt_action_param *par)
-{
-	const struct ipt_trigger_info *info = par->targinfo;
-	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
-	unsigned int hooknum = xt_hooknum(par);
-
-	DEBUGP("%s: type = %s\n", __FUNCTION__,
-			(info->type == IPT_TRIGGER_DNAT) ? "dnat" :
-			(info->type == IPT_TRIGGER_IN) ? "in" : "out");
-
-	/* The Port-trigger only supports TCP and UDP. */
-	if ((ip6h->nexthdr != IPPROTO_TCP) && (ip6h->nexthdr != IPPROTO_UDP))
-		return IPT_CONTINUE;
-
-	if (info->type == IPT_TRIGGER_OUT)
-		return trigger_out(skb, hooknum, info);
-	else if (info->type == IPT_TRIGGER_IN)
-		return trigger_in(skb, hooknum, info);
-	else if (info->type == IPT_TRIGGER_DNAT)
-		return trigger_dnat(skb, hooknum, info);
-
-	return IPT_CONTINUE;
-}
-static int
-trigger_check(const struct xt_tgchk_param *par)
-{
-	const struct ipt_trigger_info *info = par->targinfo;
-
-	if ((strcmp(par->table, "mangle") == 0)) {
-		DEBUGP("trigger_check: bad table `%s'.\n", par->table);
-		return -EINVAL;
-	}
-	if (par->hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_FORWARD))) {
-		DEBUGP("trigger_check: bad hooks %x.\n", par->hook_mask);
-		return -EINVAL;
-	}
-
-	if (info->proto) {
-		if (info->proto != IPPROTO_TCP && info->proto != IPPROTO_UDP) {
-			DEBUGP("trigger_check: bad proto %d.\n", info->proto);
-			return -EINVAL;
-		}
-	}
-	if (info->type == IPT_TRIGGER_OUT) {
-		if (!info->ports.mport[0] || !info->ports.rport[0]) {
-			DEBUGP("trigger_check: Try 'iptbles -j TRIGGER -h' for help.\n");
-			return -EINVAL;
-		}
-	}
-
-	return 0;
-}
-
-
-static struct xt_target redirect_reg = {
-        .name           = "TRIGGER",
-        .family         = NFPROTO_IPV6,
-        .target         = trigger_target,
-        .targetsize     = sizeof(struct ipt_trigger_info),
-        .checkentry     = trigger_check,
-        .me             = THIS_MODULE,
-};
-
-static int __init init(void)
-{
-	return xt_register_target(&redirect_reg);
-}
-
-static void __exit fini(void)
-{
-	xt_unregister_target(&redirect_reg);
-}
-
-module_init(init);
-module_exit(fini);

libdpp/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdpp
-PKG_VERSION:=2.1.0
+PKG_VERSION:=2.1.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=1f82436531d4bb094b0b74e99613e0dfc84eada3
+PKG_SOURCE_VERSION:=6024efd3db9dd490c07465ea9b0c15120063165c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/libdpp.git
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libeasy/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.4.4
+PKG_VERSION:=7.4.5
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=7a9e69c413c2d0b950a1a2e0f2964439fb797f48
+PKG_SOURCE_VERSION:=67e6b91b8aca4c068a71f097f5f0576b47ec1d2e
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libeasy.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libethernet/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libethernet
-PKG_VERSION:=7.2.109
+PKG_VERSION:=7.2.110
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=cc72f5ab0171cd0fc29bb48dafff6751ab2f0d9c
+PKG_SOURCE_VERSION:=d94e3029e4e9d14907fd6b283218defb4d319f5a
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libethernet.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -66,7 +66,7 @@ define Package/libethernet
   SUBMENU:=IOPSYS HAL libs
   MENU:=1
   TITLE:= Ethernet library (libethernet)
-  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_airoha:ecnt_api +TARGET_brcmbca:bcmkernel
+  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_airoha:ecnt_api +TARGET_brcmbca:bcm963xx-bsp
 endef
 
 define Package/libethernet/description

libpicoevent-bcm/Makefile

@@ -26,11 +26,8 @@ define Package/libpicoevent-bcm
   CATEGORY:=Libraries
   TITLE:=Libpicoevent-bcm
   URL:=
-  DEPENDS:= +TARGET_brcmbca:bcmkernel
+  DEPENDS:= +TARGET_brcmbca:bcm963xx-bsp
   include $(TOPDIR)/feeds/broadcom/bcmkernel/bcm-toolchain.mk
-  TARGET_CFLAGS := -Os -pipe -mfpu=vfpv3-d16 -mfloat-abi=softfp -DCONFIG_TARGET_brcmbca -g3 -fno-caller-saves -fno-plt -Wno-error=unused-but-set-variable -Wno-error=unused-result \
-                   -mfloat-abi=soft -fmacro-prefix-map=$(BUILD_DIR)libpicoevent-bcm-0.3=libpicoevent-bcm-0.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 \
-                   -Wl,-z,now -Wl,-z,relro -Wl,--build-i
 endef
 
 define Package/libpicoevent-bcm/description

libqos/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libqos
-PKG_VERSION:=7.2.106
+PKG_VERSION:=7.2.108
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0e54d7a992c506d6302d7cc32a39eb64e9b2c42e
+PKG_SOURCE_VERSION:=6a72e35e1a662e2f707e4901679676a9c09b3bc2
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libqos.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -65,7 +65,7 @@ define Package/libqos
   SUBMENU:=IOPSYS HAL libs
   MENU:=1
   TITLE:= QoS library (libqos)
-  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_brcmbca:bcmkernel
+  DEPENDS+=+libnl +libnl-route +libeasy +TARGET_brcmbca:bcm963xx-bsp
 endef
 
 define Package/libqos/config

libvoice-broadcom/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-broadcom
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.11
+PKG_VERSION:=1.0.14
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=b648a9089a79f6dd445cf7de89eab6a90c7cb47e
+PKG_SOURCE_VERSION:=7fde62b9634c63b9bc71d1c20541798971a78dc8
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-d2/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-d2
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.8
+PKG_VERSION:=1.1.12
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=ad13e49043ddb7b8723f969fa5c355bd77e422b3
+PKG_SOURCE_VERSION:=772955d814af8bbf91cf5c76f128cd1d17755625
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.4.59
+PKG_VERSION:=7.5.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=78491478f60adc9f29cefbf2196f111423823d14
+PKG_SOURCE_VERSION:=e93fcd63354489846e5bb2450c7e8059774577d5
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -131,7 +131,7 @@ endef
 define Package/libwifi
   $(call Package/libwifi-common)
   TITLE:= WiFi library (libwifi)
-  DEPENDS+=+libnl +libnl-route +libeasy +libwifiutils +TARGET_brcmbca:bcmkernel
+  DEPENDS+=+libnl +libnl-route +libeasy +libwifiutils +TARGET_brcmbca:bcm963xx-bsp
 endef
 
 define Package/libwifi/config

logmngr/Config.in

@@ -0,0 +1,26 @@
+if PACKAGE_logmngr
+choice
+	prompt "Select backend for syslog management"
+	default LOGMNGR_BACKEND_FLUENTBIT
+	depends on PACKAGE_logmngr
+	help
+		Select which backend daemon to use for syslog management
+
+config LOGMNGR_BACKEND_FLUENTBIT
+	bool "Use fluent-bit for log management"
+	help
+		Enable this option to use fluent-bit for log management.
+
+config LOGMNGR_BACKEND_SYSLOG_NG
+	bool "Use syslog-ng for log management"
+	help
+		Enable this option to use syslog-ng for log management.
+
+endchoice
+config LOGMNGR_LOGROTATE
+	bool "Logrotate support"
+	depends on PACKAGE_logmngr
+	default y
+	help
+		It adds support for logrotate functionality.
+endif