bbfdm crash debug

firewallmngr: concept to add porttrigger in firewallmngr
firewallmngr: Handling for Device.NAT object
2025-12-24 11:05:02 +08:00 · 2024-03-19 18:30:15 +05:30 · 2024-03-19 11:23:42 +05:30 · 2024-03-19 11:23:42 +05:30 · 2024-03-19 11:23:42 +05:30 · 2024-03-19 11:23:42 +05:30
160 changed files with 7381 additions and 2024 deletions
--- a/bbfdm/Config_bbfdm.in
+++ b/bbfdm/Config_bbfdm.in
@@ -1,7 +1,3 @@
-config BBF_VENDOR_EXTENSION
-	bool "Enable Vendor Extension"
-	default y
-
 config BBF_VENDOR_LIST
 	string "Vendor List"
 	default "iopsys"
--- a/bbfdm/Makefile
+++ b/bbfdm/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bbfdm
-PKG_VERSION:=1.5.4
+PKG_VERSION:=1.7.17

 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=cd2066de6781ace66d3165937a138a0f12353d8c
+PKG_SOURCE_VERSION:=8c998e886ce5345cfead5092ccf5447b8a8f7ee7
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -21,13 +21,14 @@ PKG_LICENSE_FILES:=LICENSE

 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
+include bbfdm.mk

 define Package/libbbfdm-api
  SECTION:=utils
  CATEGORY:=Utilities
  SUBMENU:=TRx69
  TITLE:=BBF datamodel library, provides API to extend datamodel using DotSO plugins
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libcurl
  ABI_VERSION:=1.0
 endef

@@ -36,7 +37,7 @@ define Package/libbbfdm
  CATEGORY:=Utilities
  SUBMENU:=TRx69
  TITLE:=Library for broadband forum data model support
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libcurl +libbbfdm-api \
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api \
 	    +BBF_TR471:obudpst +libopenssl
 endef

@@ -48,17 +49,6 @@ define Package/bbfdmd
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api +libbbfdm
 endef

-define Package/userinterface
-  SECTION:=utils
-  CATEGORY:=Utilities
-  SUBMENU:=TRx69
-  TITLE:=Package to add Device.UserInterface. datamodel support
-endef
-
-define Package/userinterface/description
-  Package to add Device.UserInterface. datamodel support
-endef
-
 define Package/libbbfdm/config
 	source "$(SOURCE)/Config_bbfdm.in"
 endef
@@ -91,17 +81,11 @@ CMAKE_OPTIONS += \
 	-DBBF_TR471=ON
 endif

-ifeq ($(CONFIG_BBF_VENDOR_EXTENSION),y)
-CMAKE_OPTIONS += \
-	-DBBF_VENDOR_EXTENSION=ON
-
 CMAKE_OPTIONS += \
 	-DBBF_VENDOR_LIST:String="$(CONFIG_BBF_VENDOR_LIST)" \
 	-DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)" \
 	-DBBF_MAX_OBJECT_INSTANCES:Integer=$(CONFIG_BBF_MAX_OBJECT_INSTANCES)

-endif ##CONFIG_BBF_VENDOR_EXTENSION
-
 ifeq ($(CONFIG_PACKAGE_bbfdmd),y)
 CMAKE_OPTIONS += \
 	-DBBFDMD_MAX_MSG_LEN:Integer=10485760
@@ -123,12 +107,17 @@ define Package/libbbfdm/install
 	$(INSTALL_BIN) ./files/etc/uci-defaults/95-portmap-firewall $(1)/etc/uci-defaults/95-portmap-firewall
 	$(INSTALL_BIN) ./files/etc/uci-defaults/97-firewall-service $(1)/etc/uci-defaults/97-firewall-service
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-link-core-plugins $(1)/etc/uci-defaults/99-link-core-plugins
+	$(INSTALL_BIN) ./files/etc/uci-defaults/90-remove-nonexisting-microservices $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/91-fix-bbfdmd-enabled-option $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/firewall.portmap $(1)/etc/firewall.portmap
 	$(INSTALL_BIN) ./files/etc/firewall.service $(1)/etc/firewall.service
+ifeq ($(findstring iopsys,$(CONFIG_BBF_VENDOR_LIST)),iopsys)
+	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/libbbfdm/dmtree/vendor/iopsys/libbbfdm_iopsys_ext.so)
+endif	
 ifeq ($(CONFIG_BBF_TR143),y)
 	$(INSTALL_DIR) $(1)/usr/share/bbfdm
 	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libbbfdm/scripts/* $(1)/usr/share/bbfdm
+	$(CP) $(PKG_BUILD_DIR)/libbbfdm/scripts/* $(1)/usr/share/bbfdm
 	$(LN) /usr/share/bbfdm/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
 endif
 endef
@@ -153,36 +142,14 @@ define Package/bbfdmd/install
 	$(INSTALL_BIN) ./files/etc/hotplug.d/iface/85-bbfdm-sysctl $(1)/etc/hotplug.d/iface/85-bbfdm-sysctl
 endef

-define Package/userinterface/install
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
-	$(INSTALL_DATA) ./files/etc/config/userinterface $(1)/etc/config/userinterface
-	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/userinterface $(1)/lib/upgrade/keep.d/userinterface
-	$(INSTALL_BIN) ./files/etc/init.d/userinterface $(1)/etc/init.d/userinterface
-	$(INSTALL_BIN) ./files/etc/uci-defaults/93-userinterface-firewall $(1)/etc/uci-defaults/93-userinterface-firewall
-	$(INSTALL_BIN) ./files/etc/uci-defaults/94-userinterface-json $(1)/etc/uci-defaults/94-userinterface-json
-	$(INSTALL_BIN) ./files/etc/firewall.userinterface $(1)/etc/firewall.userinterface
-endef
-
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/include
-	$(INSTALL_DIR) $(1)/usr/include/libbbfdm
 	$(INSTALL_DIR) $(1)/usr/include/libbbfdm-api
-	$(INSTALL_DIR) $(1)/usr/include/libbbf_api
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm-api/include/*.h $(1)/usr/include/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm/dmtree/tr181/device.h $(1)/usr/include/libbbfdm/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm/dmtree/vendor/vendor.h $(1)/usr/include/libbbfdm/
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm-api/*.h $(1)/usr/include/libbbfdm-api/
-	# Work around for backward compatibility
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm-api/*.h $(1)/usr/include/libbbf_api/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm-api/include/libbbfdm_api.h $(1)/usr/include/libbbf_api.h
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libbbfdm-api/include/*.h $(1)/usr/include/
 endef

 $(eval $(call BuildPackage,libbbfdm-api))
 $(eval $(call BuildPackage,libbbfdm))
 $(eval $(call BuildPackage,bbfdmd))
-
-$(eval $(call BuildPackage,userinterface))
--- a/bbfdm/README.md
+++ b/bbfdm/README.md
@@ -0,0 +1,92 @@
+# BBFDM configuration options and utilities
+
+bbfdm provides few compile time configuration options and compile time help utility called [bbfdm.mk](./bbfdm.mk), this document aimed to explain the available usages and best practices.
+
+## Compilation options
+
+|  Configuration option    | Default Value | Description |
+| -----------------------  | ------------- | ----------- |
+| CONFIG_BBF_VENDOR_LIST   | iopsys        | List of vendor extension directories |
+| CONFIG_BBF_VENDOR_PREFIX | X_IOPSYS_EU_  | Prefix for Vendor extension datamodel objects/parameters |
+| CONFIG_BBF_TR143         | y             | Enable/Add TR-143 Data Model Support |
+| CONFIG_BBF_TR471         | y             | Enable/Add TR-471 Data Model Support |
+| CONFIG_BBF_MAX_OBJECT_INSTANCES | 255    | Maximum number of instances per object |
+
+## Helper utility (bbfdm.mk)
+
+bbfdm provides a helper utility [bbfdm.mk](./bbfdm.mk) to install datamodel plugins in bbfdm core or in microservice directory.
+
+### Install datamodel DotSO/JSON plugin in bbfdm core
+
+Utility to install the DotSO/JSON plugin in bbfdm core plugin path
+
+```bash
+# inputs:
+#  $1 => package install directory
+#  $2 => Plugin artifact
+```
+
+Example:
+
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/CWMPManagementServer.json)
+endef
+```
+
+### Install datamodel DotSO/JSON plugin in bbfdm core with priority
+
+Its now possible to overwrite/remove core datamodel with plugin, so, if some datamodel objects/parameters are present in more than one plugin, order in which they loaded into memory becomes crucial, this Utility help to configure a priority order in which they gets loaded in memory.
+
+```bash
+# inputs:
+#  $1 => package install directory
+#  $2 => Priority of the installed plugin
+#  $3 => Plugin artifact
+```
+
+Example:
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallPluginWithPriority,$(1),01,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+endef
+```
+
+> Note: Last loaded plugin gets the highest priority
+
+### Install plugin into micro-service directory
+
+Utility to install the plugin in datamodel microservice directory, ex. user wants to run a datamodel micro-service, it required to install the DotSO/JSON plugin into a non bbf core directory, this utility helps in installing the DotSO/JSON plugin in mentioned directory.
+
+```bash
+# inputs:
+#  $1 => package install directory with micro-service directory
+#  $2 => Plugin artifact
+```
+
+Example:
+
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/bulkdata,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+endef
+```
+
+### Install datamodel micro-service input file
+
+Utility to install the datamodel plugin input file into the bbfdm micro-service directory, so that bbfdm auto start the datamodel micro-service before main bbfdm process.
+
+```bash
+# inputs:
+#  $1 => package install directory
+#  $2 => Microservice input.json path
+```
+
+Example:
+
+```make
+define Package/$(PKG_NAME)/install
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bulkdata/input.json)
+endef
+```
+
--- a/bbfdm/bbfdm.mk
+++ b/bbfdm/bbfdm.mk
@@ -2,8 +2,56 @@
 # Copyright (C) 2023 IOPSYS
 #

-
+# Utility to install the plugin in bbfdm core path
+# inputs:
+#  $1 => package install directory
+#  $2 => Plugin artifact
+#
+# Example:
+#  $(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/CWMPManagementServer.json)
+#
 define BbfdmInstallPlugin
 	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
 	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/plugins/
 endef
+
+# Utility to install the plugin in bbfdm core path with priority
+# inputs:
+#  $1 => package install directory
+#  $2 => Priority of the installed plugin
+#  $3 => Plugin artifact
+#
+# Example:
+#   $(call BbfdmInstallPluginWithPriority,$(1),01,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+#
+define BbfdmInstallPluginWithPriority
+	$(INSTALL_DIR) $(1)/etc/bbfdm/plugins
+	$(INSTALL_DATA) $(3) $(1)/etc/bbfdm/plugins/$(2)_$(shell basename ${3})
+endef
+
+# Utility to install the plugin in datamodel microservice directory
+# inputs:
+#  $1 => package install directory with micro-service directory
+#  $2 => Plugin artifact
+#
+# Example:
+#  $(call BbfdmInstallPluginInMicroservice,$(1)/etc/bulkdata,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+#
+define BbfdmInstallPluginInMicroservice
+	$(INSTALL_DIR) $(1)
+	$(INSTALL_DATA) $(2) $(1)/
+endef
+
+# Utility to install the datamodel plugin input file
+# inputs:
+#  $1 => package install directory
+#  $2 => Microservice input.json path
+#
+# Example:
+#  $(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bulkdata/input.json)
+#
+define BbfdmInstallMicroServiceInputFile
+	$(INSTALL_DIR) $(1)/etc/bbfdm/micro_services
+	$(INSTALL_DATA) $(2) $(1)/etc/bbfdm/micro_services/$(PKG_NAME).json
+endef
+
--- a/bbfdm/files/etc/bbfdm/bbfdm_services.sh
+++ b/bbfdm/files/etc/bbfdm/bbfdm_services.sh
@@ -14,6 +14,7 @@ bbfdm_add_service()
 	fi

 	ubus call service add "{'name':'bbfdm.services','instances':{'$name':{'command':['$BBFDMD','-m','$path']}}}"
+	echo "Use of bbfdm_add_service deprecated, please use bbfdm micro_service uci"
 }

 bbfdm_stop_service()
--- a/bbfdm/files/etc/config/bbfdm
+++ b/bbfdm/files/etc/config/bbfdm
@@ -1,8 +1,6 @@
-
 config bbfdmd 'bbfdmd'
-	option enabled '1'
+	option enable '1'
 	option loglevel '1'
-	option refresh_time '10'
+	option refresh_time '300'
 	option transaction_timeout '30'
 	option subprocess_level '2'
-
--- a/bbfdm/files/etc/init.d/bbfdmd
+++ b/bbfdm/files/etc/init.d/bbfdmd
@@ -7,7 +7,8 @@ USE_PROCD=1
 PROG=/usr/sbin/bbfdmd

 BBFDM_JSON_INPUT="/etc/bbfdm/input.json"
-BBFDM_TEMP_JSON="/tmp/bbfdm/input.json"
+BBFDM_MICROSERVICE_DIR="/etc/bbfdm/micro_services"
+BBFDM_TEMP_DIR="/tmp/bbfdm"

 log() {
 	echo "${@}"|logger -t bbfdmd.init -p info
@@ -16,7 +17,7 @@ log() {
 validate_bbfdm_bbfdmd_section()
 {
 	uci_validate_section bbfdm bbfdmd "bbfdmd" \
-		'enabled:bool:true' \
+		'enable:bool:true' \
 		'sock:string' \
 		'debug:bool:false' \
 		'loglevel:uinteger:1' \
@@ -25,22 +26,61 @@ validate_bbfdm_bbfdmd_section()
 		'subprocess_level:uinteger'
 }

+bbfdm_add_micro_service()
+{
+	local name path
+
+	path="${1}"
+	name="$(basename ${path})"
+	name="${name//.json}"
+
+	ubus call service add "{'name':'bbfdm.services','instances':{'$name':{'command':['${PROG}','-m','$path']}}}"
+}
+
+_add_microservice()
+{
+	local enable loglevel input_json name
+
+	name="${1}"
+	input_json="$(jq -r '.daemon.input.name' ${name})"
+
+	if [ -f "${input_json}" ]; then
+		bbfdm_add_micro_service "${name}"
+	else
+		log "Input json [${input_json}] does not defined/present"
+	fi
+
+}
+
+configure_bbfdm_micro_services()
+{
+	if [ -d "${BBFDM_MICROSERVICE_DIR}" ]; then
+		FILES="$(ls -1 ${BBFDM_MICROSERVICE_DIR}/*.json)"
+
+		for service in $FILES;
+		do
+			[ -e "$service" ] || continue
+			_add_microservice $service
+		done
+	fi
+	ubus call service state '{"name":"bbfdm.services", "spawn":true}'
+}
+
 configure_bbfdmd()
 {
-	local enabled debug sock update
+	local enable debug sock
 	local jlog jrefresh jtimeout jlevel

-	update=0
 	config_load bbfdm
 	validate_bbfdm_bbfdmd_section || {
 		log "Validation of bbfdmd section failed"
 		return 1;
 	}

-	[ "${enabled}" -eq 0 ] && return 0
+	[ "${enable}" -eq 0 ] && return 0

 	if [ -f "${BBFDM_JSON_INPUT}" ]; then
-		echo "$(jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' ${BBFDM_JSON_INPUT})" > ${BBFDM_TEMP_JSON}
+		echo "$(jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' ${BBFDM_JSON_INPUT})" > "${BBFDM_TEMP_DIR}/input.json"
 	fi

 	procd_set_param command ${PROG}
@@ -56,13 +96,14 @@ configure_bbfdmd()

 start_service()
 {
-	mkdir -p /tmp/bbfdm
+	mkdir -p ${BBFDM_TEMP_DIR}
+
+	configure_bbfdm_micro_services
+
 	procd_open_instance "bbfdm"
 	configure_bbfdmd
 	procd_set_param respawn
 	procd_close_instance "bbfdm"
-
-	ubus call service state '{"name":"bbfdm.services", "spawn":true}'
 }

 stop_service()
--- a/bbfdm/files/etc/uci-defaults/90-remove-nonexisting-microservices
+++ b/bbfdm/files/etc/uci-defaults/90-remove-nonexisting-microservices
@@ -0,0 +1,18 @@
+#!/bin/sh
+. /lib/functions.sh
+
+remove_nonexisting_microservice() {
+	local input_json
+
+	config_get input_json "$1" input_json ""
+
+	if [ -z "${input_json}" ]; then
+		uci_remove bbfdm "${1}"
+	fi
+}
+
+config_load bbfdm
+config_foreach remove_nonexisting_microservice "micro_service"
+
+exit 0
+
--- a/bbfdm/files/etc/uci-defaults/91-fix-bbfdmd-enabled-option
+++ b/bbfdm/files/etc/uci-defaults/91-fix-bbfdmd-enabled-option
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# rename bbfdmd enabled option to enable
+val="$(uci -q get bbfdm.bbfdmd.enabled)"
+if [ -n "${val}" ]; then
+	uci -q set bbfdm.bbfdmd.enabled=""
+	uci -q set bbfdm.bbfdmd.enable="${val}"
+fi
+
+exit 0
+
--- a/bulkdata/Makefile
+++ b/bulkdata/Makefile
@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.5
+PKG_VERSION:=2.1.8

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=f03fb8682aa7efe760294e54c422f2eab856e08c
+PKG_SOURCE_VERSION:=e472e90feec31d9f318ea8c732ab564002e25db1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -22,6 +22,7 @@ PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE

 include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk

 define Package/$(PKG_NAME)
  SECTION:=utils
@@ -43,10 +44,16 @@ endif

 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bulkdatad $(1)/usr/sbin/	
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/bulkdata
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bbf_plugin/*.json $(1)/etc/bulkdata
-	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bulkdatad $(1)/usr/sbin/
+	$(INSTALL_DATA) ./files/etc/config/bulkdata $(1)/etc/config/
+	$(INSTALL_DATA) ./files/etc/init.d/bulkdatad $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/uci-defaults/95-bulkdata-translation-options $(1)/etc/uci-defaults/
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/bulkdata,$(PKG_BUILD_DIR)/bbf_plugin/bulkdata.json)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bulkdata/input.json)
 endef

 $(eval $(call BuildPackage,$(PKG_NAME)))
--- a/bulkdata/files/etc/bulkdata/input.json
+++ b/bulkdata/files/etc/bulkdata/input.json
@@ -1,15 +1,17 @@
 {
 	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
 		"input": {
 			"type": "JSON",
 			"name": "/etc/bulkdata/bulkdata.json"
 		},
 		"output": {
 			"type": "UBUS",
-			"name": "bbfdm.bulkdata",
 			"parent_dm": "Device.",
 			"object": "BulkData",
 			"root_obj": "bbfdm"
 		}
 	}
-}
+}
--- a/bulkdata/files/etc/init.d/bulkdatad
+++ b/bulkdata/files/etc/init.d/bulkdatad
@@ -3,11 +3,8 @@
 START=60
 STOP=10

-. /etc/bbfdm/bbfdm_services.sh
-
 USE_PROCD=1
 PROG="/usr/sbin/bulkdatad"
-BULKDATA_JSON_INPUT="/etc/bulkdata/input.json"

 start_service() {
 	local enable
@@ -21,8 +18,6 @@ start_service() {
 		procd_set_param respawn
 		procd_close_instance "bulkdata"
 	}
-
-	bbfdm_add_service "bbfdm.bulkdata" "${BULKDATA_JSON_INPUT}"
 }

 reload_service() {
--- a/capiagent/Makefile
+++ b/capiagent/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=capiagent
-PKG_VERSION:=2.1.0
+PKG_VERSION:=2.1.1

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=3e671db8f567b19c109fc13b25bc571c4c73a962
+PKG_SOURCE_VERSION:=136cab3a9f1eec0132db9fa3f7bb1c8748ce1449
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/capiagent.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -31,7 +31,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/capiagent
  TITLE+= capiagent (daemon implementing Wi-Fi Alliance's CAPI commands)
  DEPENDS= +libubox +libuci +libubus +libnl-genl +libeasy +libwifi \
-	   +libjson-c +libblobmsg-json +ubus +libieee1905
+	   +libjson-c +libblobmsg-json +ubus +libieee1905 +libwifiutils
 endef

 define Package/capiagent/description
--- a/csmngr/Makefile
+++ b/csmngr/Makefile
@@ -0,0 +1,64 @@
+#
+# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=csmngr
+PKG_VERSION:=0.0.5
+
+LOCAL_DEV=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=dcdaba75b85bf8758c34d3ae4a1be0ba09359331
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/csmngr.git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_CONFIG_DEPENDS := \
+		     CONFIG_PACKAGE_libwifiutils \
+		     CONFIG_PACKAGE_libwifi
+
+PKG_BUILD_DEPENDS := libwifi
+
+include $(INCLUDE_DIR)/package.mk
+
+
+MAKE_PATH:=src
+
+define Package/csmngr
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=WiFi channel selection manager
+  DEPENDS:=+libwifiutils +libwifi +libuci +libubox +ubus +libnl-genl
+endef
+
+define Package/csmngr/description
+ WiFi Auto Channel Selection manager.
+endef
+
+TARGET_CFLAGS += \
+	-I$(STAGING_DIR)/usr/include \
+	-I$(STAGING_DIR)/usr/include/libnl3 \
+	-D_GNU_SOURCE
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+  rsync -r --exclude=.* ~/git/csmngr/ $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/csmngr/install
+	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/csmngr $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,csmngr))
--- a/csmngr/files/etc/init.d/csmngr
+++ b/csmngr/files/etc/init.d/csmngr
@@ -0,0 +1,21 @@
+#!/bin/sh /etc/rc.common
+
+START=95
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/sbin/csmngr
+
+start_service() {
+	procd_open_instance
+	procd_set_param command ${PROG}
+#	procd_set_param stderr 1                    #for debugging only
+#	procd_set_param respawn
+	procd_close_instance
+}
+
+reload_service() {
+        stop
+        start
+}
+
--- a/ddnsmngr/Config.in
+++ b/ddnsmngr/Config.in
@@ -0,0 +1,16 @@
+if PACKAGE_ddnsmngr
+choice
+	prompt "Select backend for dynamic DNS management"
+	default DDNSMNGR_BACKEND_DDNSSCRIPT
+	depends on PACKAGE_ddnsmngr
+	help
+		Select which package to use for dynamic DNS support
+
+config DDNSMNGR_BACKEND_DDNSSCRIPT
+	bool "Use ddns_script"
+
+config DDNSMNGR_BACKEND_INADYN
+	bool "Use inadyn"
+
+endchoice
+endif
--- a/ddnsmngr/Makefile
+++ b/ddnsmngr/Makefile
@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2024 IOPSYS
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ddnsmngr
+PKG_VERSION:=1.0.3
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/ddnsmngr.git
+PKG_SOURCE_VERSION:=d0d37df44644ef2c1a0b11d3a4f92dc694ae1010
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+PKG_CONFIG_DEPENDS:=CONFIG_DDNSMNGR_BACKEND_DDNSSCRIPT CONFIG_DDNSMNGR_BACKEND_INADYN
+
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
+
+define Package/$(PKG_NAME)
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=TRx69
+  TITLE:=Dynamic DNS manager
+  DEPENDS:=+libbbfdm-api +DDNSMNGR_BACKEND_DDNSSCRIPT:ddns-scripts +DDNSMNGR_BACKEND_INADYN:inadyn
+  MENU:=1
+endef
+
+define Package/$(PKG_NAME)/config
+	source "$(SOURCE)/Config.in"
+endef
+
+MAKE_PATH:=src
+
+define Package/$(PKG_NAME)/description
+	Manage dynamic DNS updation and provides Device.DynamicDNS. datamodel object based on TR181-2.16
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/ddnsmngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/$(PKG_NAME)/install
+	$(INSTALL_DIR) $(1)/etc/ddnsmngr
+	$(INSTALL_DIR) $(1)/etc/ddnsmngr/ddns
+	$(INSTALL_DIR) $(1)/etc/ddnsmngr/servers
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/lib/ddnsmngr
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/ddnsmngr,$(PKG_BUILD_DIR)/src/libddnsmngr.so)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/ddnsmngr/input.json)
+	$(INSTALL_DATA) ./files/etc/config/ddnsmngr $(1)/etc/config/ddnsmngr
+	$(INSTALL_BIN) ./files/etc/uci-defaults/01-ddns-config-migrate $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/init.d/ddnsmngr $(1)/etc/init.d/ddnsmngr
+ifeq ($(CONFIG_DDNSMNGR_BACKEND_DDNSSCRIPT),y)
+	$(INSTALL_BIN) ./files/usr/lib/ddns_script/ddnsmngr_service.sh $(1)/usr/lib/ddnsmngr/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns-script/usr/lib/ddnsmngr/ddnsmngr_updater.sh $(1)/usr/lib/ddnsmngr/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/files/ddns-script/server/* $(1)/etc/ddnsmngr/servers
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns-script/usr/libexec/rpcd/ddnsmngr $(1)/usr/libexec/rpcd/ddnsmngr
+endif
+ifeq ($(CONFIG_DDNSMNGR_BACKEND_INADYN),y)
+	$(INSTALL_BIN) ./files/usr/lib/inadyn/ddnsmngr_service.sh $(1)/usr/lib/ddnsmngr/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/files/inadyn/server/* $(1)/etc/ddnsmngr/servers
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/inadyn/usr/libexec/rpcd/ddnsmngr $(1)/usr/libexec/rpcd/ddnsmngr
+endif
+endef
+
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
--- a/ddnsmngr/files/etc/config/ddnsmngr
+++ b/ddnsmngr/files/etc/config/ddnsmngr
@@ -0,0 +1,23 @@
+config ddnsmngr 'global'
+	option configfile '/var/run/ddnsmngr/ddnsmngr.json'
+	option ddns_dateformat '%F %R'
+	option ddns_rundir '/var/run/ddnsmngr'
+	option ddns_logdir '/var/log/ddnsmngr'
+	option ddns_loglines '250'
+	option upd_privateip '0'
+	option use_curl '1'
+
+config server 'ddns_server_1'
+	option enabled '1'
+	option service 'dynu.com'
+	option name 'dynu.com'
+
+config server 'ddns_server_2'
+	option enabled '1'
+	option service 'dyndns.org'
+	option name 'dyndns.org'
+
+config server 'ddns_server_3'
+	option enabled '1'
+	option service 'zoneedit.com'
+	option name 'zoneedit.com'
--- a/ddnsmngr/files/etc/ddnsmngr/input.json
+++ b/ddnsmngr/files/etc/ddnsmngr/input.json
@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/ddnsmngr/libddnsmngr.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"object": "DynamicDNS",
+			"root_obj": "bbfdm"
+		}
+	}
+}
--- a/ddnsmngr/files/etc/init.d/ddnsmngr
+++ b/ddnsmngr/files/etc/init.d/ddnsmngr
@@ -0,0 +1,26 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+STOP=10
+USE_PROCD=1
+
+. /usr/lib/ddnsmngr/ddnsmngr_service.sh
+
+start_service() {
+	start_ddnsmngr_service
+}
+
+stop_service() {
+	stop_ddnsmngr_service
+}
+
+reload_service() {
+	stop
+	sleep 1
+	start
+}
+
+service_triggers() {
+	procd_add_reload_trigger ddnsmngr
+	add_ddnsmngr_triggers
+}
--- a/ddnsmngr/files/etc/uci-defaults/01-ddns-config-migrate
+++ b/ddnsmngr/files/etc/uci-defaults/01-ddns-config-migrate
@@ -0,0 +1,170 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+cl_id=1
+srv_id=1
+
+function get_ddns_config_option() {
+	local val
+
+	val="$(uci -q get ddns.${1}.${2})"
+
+	if [ -z "${val}" ] && [ -n "${3}" ]; then
+		val="${3}"
+	fi
+
+	echo "${val}"
+}
+
+function config_supported_service() {
+	if ! uci -q get ddnsmngr.global >/dev/null 2>&1; then
+		uci -q set ddnsmngr.global="ddnsmngr"
+	fi
+
+	servers=""
+
+	for i in $(find /etc/ddnsmngr/servers/ -name '*.json' | cut -d'/' -f 5 | sed "s/.json//")
+	do
+		if [ -z "${servers}" ]; then
+			servers="${i}"
+		else
+			servers="${servers},${i}"
+		fi
+	done
+
+	uci -q set ddnsmngr.global.supported_services="${servers}"
+}
+
+function migrate_service_section() {
+	client_sec=""
+	enabled="$(get_ddns_config_option ${1} enabled "0")"
+	service_name="$(get_ddns_config_option ${1} service_name)"
+	interface="$(get_ddns_config_option ${1} interface)"
+	ip_network="$(get_ddns_config_option ${1} ip_network)"
+	username="$(get_ddns_config_option ${1} username)"
+	password="$(get_ddns_config_option ${1} password)"
+	lookup_host="$(get_ddns_config_option ${1} lookup_host)"
+	use_ipv6="$(get_ddns_config_option ${1} use_ipv6 "0")"
+	force_ipversion="$(get_ddns_config_option ${1} force_ipversion "0")"
+	use_https="$(get_ddns_config_option ${1} use_https "0")"
+	force_dnstcp="$(get_ddns_config_option ${1} force_dnstcp "0")"
+
+	if [ -z "${service_name}" ]; then
+		uci -q delete ddns."${1}"
+		return 0
+	fi
+
+	# check server file is present in device
+	if [ ! -f "/etc/ddnsmngr/servers/${service_name}.json" ]; then
+		uci -q delete ddns."${1}"
+		return 0
+	fi
+
+	# Check if client section is already added for this service
+	clients=$(uci -q show ddnsmngr | grep "=client")
+	client_count=$(echo "${clients}" | wc -l)
+
+	tmp=0
+	while [ $tmp -lt $client_count ]
+	do
+		mngr_serv="$(uci -q get ddnsmngr.@client[$tmp].service_name)"
+		mngr_intf="$(uci -q get ddnsmngr.@client[$tmp].interface)"
+		mngr_netw="$(uci -q get ddnsmngr.@client[$tmp].ip_network)"
+		mngr_user="$(uci -q get ddnsmngr.@client[$tmp].username)"
+		mngr_ipv6="$(uci -q get ddnsmngr.@client[$tmp].use_ipv6)"
+		mngr_forceip="$(uci -q get ddnsmngr.@client[$tmp].force_ipversion)"
+		mngr_https="$(uci -q get ddnsmngr.@client[$tmp].use_https)"
+		mngr_dnstcp="$(uci -q get ddnsmngr.@client[$tmp].force_dnstcp)"
+
+		[ -z "${mngr_ipv6}" ] && mngr_ipv6="0"
+		[ -z "${mngr_forceip}" ] && mngr_forceip="0"
+		[ -z "${mngr_https}" ] && mngr_https="0"
+		[ -z "${mngr_dnstcp}" ] && mngr_dnstcp="0"
+
+		if [ "${mngr_serv}" == "${service_name}" ] && [ "${mngr_intf}" == "${interface}" ] && \
+		   [ "${mngr_netw}" == "${ip_network}" ] && [ "${mngr_user}" == "${username}" ] && \
+		   [ "${mngr_ipv6}" == "${use_ipv6}" ] && [ "${mngr_forceip}" == "${force_ipversion}" ] && \
+		   [ "${mngr_https}" == "${use_https}" ] && [ "${mngr_dnstcp}" == "${force_dnstcp}" ]; then
+			break
+		fi
+
+		tmp=$(( tmp + 1 ))
+	done
+
+	if [ $tmp -ne $client_count ]; then
+		i=0
+		for client in $clients; do
+			if [ $i -eq $tmp ]; then
+				client_sec="$(echo $client | cut -d'=' -f 1 | cut -d'.' -f 2)"
+				break
+			fi
+			i=$(( i + 1 ))
+		done
+
+		if [ $enabled -eq 1 ]; then
+			uci -q set ddnsmngr."${client_sec}".enabled="1"
+		fi
+	else
+		client_sec=ddns_mig_client_"${cl_id}"
+
+		uci -q set ddnsmngr."${client_sec}"="client"
+		uci -q set ddnsmngr."${client_sec}".enabled="${enabled}"
+		uci -q set ddnsmngr."${client_sec}".service_name="${service_name}"
+		uci -q set ddnsmngr."${client_sec}".interface="${interface}"
+		uci -q set ddnsmngr."${client_sec}".ip_network="${ip_network}"
+		uci -q set ddnsmngr."${client_sec}".username="${username}"
+		uci -q set ddnsmngr."${client_sec}".password="${password}"
+		uci -q set ddnsmngr."${client_sec}".use_ipv6="${use_ipv6}"
+		uci -q set ddnsmngr."${client_sec}".force_ipversion="${force_ipversion}"
+		uci -q set ddnsmngr."${client_sec}".use_https="${use_https}"
+		uci -q set ddnsmngr."${client_sec}".force_dnstcp="${force_dnstcp}"
+
+		cl_id=$(( cl_id + 1 ))
+
+		# add server section if not added
+		servers=$(uci -q show ddnsmngr | grep "service=\'${service_name}\'")
+		if [ -z "${servers}" ]; then
+			server_sec=ddns_mig_server_"${srv_id}"
+			uci -q set ddnsmngr."${server_sec}"="server"
+			uci -q set ddnsmngr."${server_sec}".enabled="1"
+			uci -q set ddnsmngr."${server_sec}".service="${service_name}"
+			uci -q set ddnsmngr."${server_sec}".name="${service_name}"
+
+			srv_id=$(( srv_id + 1 ))
+		fi
+	fi
+
+
+	# if lookup_host is set then add host section
+	if [ -n "${lookup_host}" ] && [ -n "${client_sec}" ]; then
+		# check number of hosts present for this client
+		host_count=$(uci -q show ddnsmngr | grep "dm_parent=\'${client_sec}\'" | wc -l)
+		host_ix=$(( host_count + 1 ))
+		host_sec="${client_sec}"_host_"${host_ix}"
+
+		uci -q set ddnsmngr."${host_sec}"="host"
+		uci -q set ddnsmngr."${host_sec}".enabled="${enabled}"
+		uci -q set ddnsmngr."${host_sec}".lookup_host="${lookup_host}"
+		uci -q set ddnsmngr."${host_sec}".dm_parent="${client_sec}"
+	fi
+
+	uci -q delete ddns."${1}"
+}
+
+function migrate_ddns_config() {
+	if [ ! -f "/etc/config/ddnsmngr" ]; then
+		# Create ddnsmngr config file
+		touch /etc/config/ddnsmngr
+	fi
+
+	config_supported_service
+
+	config_load ddns
+	config_foreach migrate_service_section service
+
+	uci -q commit ddns
+	uci -q commit ddnsmngr
+}
+
+migrate_ddns_config
--- a/ddnsmngr/files/usr/lib/ddns_script/ddnsmngr_service.sh
+++ b/ddnsmngr/files/usr/lib/ddns_script/ddnsmngr_service.sh
@@ -0,0 +1,169 @@
+#! /bin/sh
+
+RUNDIR="/var/run/ddnsmngr"
+LOGDIR="/var/log/ddnsmngr"
+PROG="/usr/lib/ddnsmngr/ddnsmngr_updater.sh"
+CONFIGFILE="/var/run/ddnsmngr/ddnsmngr.json"
+CLIENT_INTFS=""
+
+. /usr/share/libubox/jshn.sh
+
+log() {
+	echo "$*"|logger -t ddnsmngr.init -p debug
+}
+
+validate_host_section() {
+	uci_validate_section ddnsmngr host "${1}" \
+		'enabled:bool:0' \
+		'lookup_host:string' \
+		'dm_parent:string'
+}
+
+validate_client_section() {
+	uci_validate_section ddnsmngr client "${1}" \
+		'enabled:bool:0' \
+		'service_name:string' \
+		'interface:string' \
+		'ip_network:string' \
+		'username:string' \
+		'password:string' \
+		'use_https:bool:0' \
+		'force_dnstcp:bool:0' \
+		'use_ipv6:bool:0' \
+		'force_ipversion:bool:0'
+}
+
+add_object() {
+	local enabled lookup_host dm_parent use_ipv6 force_ipversion proc_info_file
+	local service_name interface ip_network username password use_https force_dnstcp
+
+	validate_host_section "${1}" || {
+		log "Validation of host section failed"
+		return 0
+	}
+
+	if [ "${enabled}" -ne 1 ] || [ -z "${dm_parent}" ]; then
+		return 0
+	fi
+
+	validate_client_section "${dm_parent}" || {
+		log "Validation of client section failed"
+		return 0 
+	}
+
+	if [ "${enabled}" -ne 1 ]; then
+		return 0
+	fi
+
+	service_name=$(uci -q get ddnsmngr.${dm_parent}.service_name)
+	if [ -z "${service_name}" ]; then
+		return 0
+	fi
+
+	service_section=$(uci -q show ddnsmngr | grep "service=\'${service_name}\'" | cut -d'.' -f 2 | head -1)
+	if [ -z "${service_section}" ]; then
+		return 0
+	fi
+
+	service_enabled=$(uci -q get ddnsmngr.${service_section}.enabled)
+	if [ "${service_enabled}" -ne 1 ]; then
+		return 0
+	fi
+
+	json_add_object
+	json_add_string "interface" "${interface}"
+	json_add_string "service_name" "${service_name}"
+	json_add_string "username" "${username}"
+	json_add_string "password" "${password}"
+	json_add_string "lookup_host" "${lookup_host}"
+	json_add_string "ip_network" "${ip_network}"
+	json_add_string "proc_info_file" "${1}"
+	json_add_string "use_ipv6" "${use_ipv6}"
+	json_add_string "force_ipversion" "${force_ipversion}"
+	json_add_string "use_https" "${use_https}"
+	json_add_string "force_dnstcp" "${force_dnstcp}"
+	json_close_object
+
+	if [ -z "${interface}" ]; then
+		if [ "${use_ipv6}" -eq 0 ]; then
+			interface="wan"
+		else
+			interface="wan6"
+		fi
+	fi
+
+	for intf in $CLIENT_INTFS; do
+		if [ "${intf}" == "${interface}" ]; then
+			return 0
+		fi
+	done
+
+	CLIENT_INTFS="${CLIENT_INTFS} ${interface}"
+}
+
+start_ddnsmngr_service() {
+	run_dir=$(uci -q get ddnsmngr.global.ddns_rundir)
+	log_dir=$(uci -q get ddnsmngr.global.ddns_logdir)
+
+	if [ -n "${run_dir}" ]; then
+		RUNDIR="${run_dir}"
+	fi
+
+	if [ -n "${log_dir}" ]; then
+		LOGDIR="${log_dir}"
+	fi
+
+	mkdir -p "${RUNDIR}"
+	mkdir -p "${LOGDIR}"
+
+	conf_file=$(uci -q get ddnsmngr.global.configfile)
+	if [ -n "${conf_file}" ]; then
+		CONFIGFILE="${conf_file}"
+	fi
+
+	touch "${CONFIGFILE}"
+
+	if [ ! -f "${CONFIGFILE}" ]; then
+		log "Can not create ${CONFIGFILE}, exit"
+		exit 0
+	fi
+
+	json_init
+	json_add_array "services"
+
+	config_load ddnsmngr
+	config_foreach add_object host
+
+	json_close_array
+	json_dump > "${CONFIGFILE}"
+
+	procd_open_instance ddnsmngr
+	procd_set_param command "$PROG"
+	procd_append_param command -c "${CONFIGFILE}"
+	procd_append_param command -- start
+	procd_close_instance
+}
+
+stop_ddnsmngr_service() {
+	conf_file=$(uci -q get ddnsmngr.global.configfile)
+	if [ -n "${conf_file}" ]; then
+		CONFIGFILE="${conf_file}"
+	fi
+
+	if [ ! -f "${CONFIGFILE}" ]; then
+		log "${CONFIGFILE} not found, can't stop services if running any"
+	fi
+
+	"$PROG" -c "${CONFIGFILE}" -- stop
+	return 0
+}
+
+add_ddnsmngr_triggers() {
+	procd_open_trigger
+	for intf in $CLIENT_INTFS; do
+		# No need to handle other ifevents like ifupdate etc
+		procd_add_interface_trigger "interface.*.up" $intf /etc/init.d/ddnsmngr restart
+		procd_add_interface_trigger "interface.*.down" $intf /etc/init.d/ddnsmngr restart
+	done
+	procd_close_trigger
+}
--- a/ddnsmngr/files/usr/lib/inadyn/ddnsmngr_service.sh
+++ b/ddnsmngr/files/usr/lib/inadyn/ddnsmngr_service.sh
@@ -0,0 +1,311 @@
+#!/bin/sh
+
+PROG="/usr/sbin/inadyn"
+CONFIGPATH="/tmp/inadyn_config"
+PIDPATH="/etc/inadyn_pid"
+CLIENT_INTFS=""
+CONFIG_FILES=""
+SERVER_PATH="/etc/ddnsmngr/servers"
+
+FORMAT="custom [SECTION] {\n\tusername\t= [USER]\n\tpassword\t= [PWD]\n\tddns-server\t= [SERV]\n\tddns-path\t= [URI]\n\tssl\t\t= [SSL]\n\thostname\t= [NAME]\n\tcheckip-command\t= [CMD]\n\tddns-response\t= [RESPONSES]\n}"
+
+
+. /usr/share/libubox/jshn.sh
+
+log() {
+	echo "$*"|logger -t ddnsmngr.init -p debug
+}
+
+get_service_data() {
+	local provider="$1"
+	shift
+	local dir="$1"
+	shift
+	local ipv6="$1"
+	shift
+
+	local name data url answer script
+
+	[ $# -ne 2 ] && {
+		return 1
+	}
+
+	[ -f "${dir}/${provider}.json" ] || {
+		eval "$1=\"\""
+		eval "$2=\"\""
+		return 1
+	}
+
+	json_load_file "${dir}/${provider}.json"
+	json_get_var name "name"
+	if [ "$ipv6" -eq "1" ]; then
+		json_select "ipv6"
+	else
+		json_select "ipv4"
+	fi
+	json_get_var data "url"
+	json_get_var answer "answer"
+	json_select ".."
+	json_cleanup
+
+	response=""
+	if [ -n "${answer}" ]; then
+		answer=$(echo "${answer}" | sed 's/|/ /g')
+		for ans in $answer; do
+			if [ -z "${response}" ]; then
+				response="${ans}"
+			else
+				response="${response}, ${ans}"
+			fi
+		done
+		response="{ ${response} }"
+	fi
+
+	eval "$1=\"$data\""
+	eval "$2=\"$response\""
+
+	return 0
+}
+
+generate_inadyn_config() {
+	json_load "${1}"
+	json_get_var service_name service_name
+	json_get_var use_ipv6 use_ipv6
+	json_get_var interface interface
+	json_get_var username username
+	json_get_var password password
+	json_get_var host lookup_host
+	json_get_var conf_file config_file
+	json_get_var conf_dir config_dir
+	json_get_var server_address server_address
+	json_cleanup
+
+	if [ -z "${service_name}" ] || [ -z "${host}" ]; then
+		return 1
+	fi
+
+	if [ -z "${conf_file}" ]; then
+		return 1
+	fi
+
+	if [ -z "${conf_dir}" ]; then
+		return 1
+	fi
+
+	# First look into custom path to load the url otherwise default path
+	get_service_data "${service_name}" "${SERVER_PATH}" "${use_ipv6}" server_url server_answer
+
+	if [ -z "${server_url}" ]; then
+		return 1
+	fi
+
+	# Need to pick proto, server address and request uri separately from the url
+	# format http://[server_address]/[update_Request_uri]
+	proto=$(echo $server_url | cut -d':' -f 1)
+	serv=$(echo $server_url | cut -d'/' -f 3 | cut -d'@' -f 2)
+	uri=${server_url#*$serv}
+
+	if [ -z $proto ] || [ -z $serv ] || [ -z $uri ]; then
+		return 1
+	fi
+
+	path=$(echo "$uri" | sed 's/&/\\&/g')
+	update_uri=$(echo $path | sed -e "s#\[DOMAIN\]#%h#g"	-e "s#\[PASSWORD\]#%p#g" \
+				      -e "s#\[USERNAME\]#%u#g"	-e "s#\[IP\]#%i#g")
+
+	if [ -z "${interface}" ]; then
+		if [ "${use_ipv6}" -eq 0 ]; then
+			interface="wan"
+		else
+			interface="wan6"
+		fi
+	fi
+
+	# now get the physical interface name
+	intf=$(ifstatus "${interface}" | jsonfilter -e '@.device')
+	if [ -z "${intf}" ]; then
+		return 1
+	fi
+
+	# command to get ip of the interface
+	if [ "${use_ipv6}" -eq 0 ]; then
+		get_ip="\"ifstatus ${interface} | jsonfilter -e '@[\\\\\"ipv4-address\\\\\"][0].address'\""
+	else
+		get_ip="\"ifstatus ${interface} | jsonfilter -e '@[\\\\\"ipv6-address\\\\\"][0].address'\""
+	fi
+
+	if [ "${proto}" = "http" ]; then
+		ssl="false"
+	else
+		ssl="true"
+	fi
+
+	inadyn_ver=$(inadyn -v)
+	user_agent="inadyn/${inadyn_ver}"
+
+	config_file="${conf_dir}/${conf_file}"
+	touch "${config_file}"
+
+	echo "iface = ${intf}" > "${config_file}"
+	echo "period = 600" >> "${config_file}"
+	echo "user-agent = ${user_agent}" >> "${config_file}"
+
+	if [ "${use_ipv6}" -eq 1 ]; then
+		echo "allow-ipv6 = true" >> "${config_file}"
+	fi
+
+	if [ -z "${password}" ]; then
+		FORMAT=$(echo "${FORMAT}" | sed 's/\\tpassword\\t= \[PWD\]\\n//g')
+	fi
+
+	if [ -z "${server_answer}" ]; then
+		FORMAT=$(echo "${FORMAT}" | sed 's/\\tddns-response\\t= \[RESPONSES\]\\n//g')
+	fi
+
+	config=$(echo $FORMAT | sed -e "s#\[SECTION\]#$conf_file#g"	-e "s#\[PWD\]#$password#g" \
+				    -e "s#\[USER\]#$username#g"	-e "s#\[SERV\]#$serv#g" \
+				    -e "s#\[URI\]#\"$update_uri\"#g"	-e "s#\[SSL\]#$ssl#g" \
+				    -e "s#\[NAME\]#$host#g"	-e "s#\[CMD\]#$get_ip#g" \
+				    -e "s#\[RESPONSES\]#$server_answer#g")
+
+	echo -e "\n\n${config}" >> "${config_file}"
+
+	return 0
+}
+
+validate_host_section() {
+	uci_validate_section ddnsmngr host "${1}" \
+		'enabled:bool:0' \
+		'lookup_host:string' \
+		'dm_parent:string'
+}
+
+validate_client_section() {
+	uci_validate_section ddnsmngr client "${1}" \
+		'enabled:bool:0' \
+		'service_name:string' \
+		'interface:string' \
+		'ip_network:string' \
+		'username:string' \
+		'password:string' \
+		'use_https:bool:0' \
+		'force_dnstcp:bool:0' \
+		'use_ipv6:bool:0' \
+		'force_ipversion:bool:0'
+}
+
+add_object() {
+	local enabled lookup_host dm_parent use_ipv6 force_ipversion
+	local service_name interface ip_network username password use_https force_dnstcp
+
+	validate_host_section "${1}" || {
+		log "Validation of host section failed"
+		return
+	}
+
+	if [ "${enabled}" -ne 1 ] || [ -z "${dm_parent}" ]; then
+		return
+	fi
+
+	validate_client_section "${dm_parent}" || {
+		log "Validation of client section failed"
+		return
+	}
+
+	if [ "${enabled}" -ne 1 ]; then
+		return
+	fi
+
+	service_name=$(uci -q get ddnsmngr.${dm_parent}.service_name)
+	if [ -z "${service_name}" ]; then
+		return
+	fi
+
+	service_section=$(uci show ddnsmngr | grep "service=\'${service_name}\'" | cut -d'.' -f 2 | head -1)
+	if [ -z "${service_section}" ]; then
+		return
+	fi
+
+	service_enabled=$(uci -q get ddnsmngr.${service_section}.enabled)
+	if [ "${service_enabled}" -ne 1 ]; then
+		return
+	fi
+
+	json_init
+	json_add_string "interface" "${interface}"
+	json_add_string "service_name" "${service_name}"
+	json_add_string "username" "${username}"
+	json_add_string "password" "${password}"
+	json_add_string "lookup_host" "${lookup_host}"
+	json_add_string "ip_network" "${ip_network}"
+	json_add_string "use_ipv6" "${use_ipv6}"
+	json_add_string "force_ipversion" "${force_ipversion}"
+	json_add_string "use_https" "${use_https}"
+	json_add_string "force_dnstcp" "${force_dnstcp}"
+	json_add_string "config_file" "${1}"
+	json_add_string "config_dir" "${CONFIGPATH}"
+
+	json_str=$(json_dump)
+	json_cleanup
+
+	generate_inadyn_config "${json_str}"
+
+	if [ "$?" -ne 0 ]; then
+		return
+	fi
+
+	CONFIG_FILES="${CONFIG_FILES} ${1}"
+
+	if [ -z "${interface}" ]; then
+		if [ "${use_ipv6}" -eq 0 ]; then
+			interface="wan"
+		else
+			interface="wan6"
+		fi
+	fi
+
+	for intf in $CLIENT_INTFS; do
+		if [ "${intf}" == "${interface}" ]; then
+			return
+		fi
+	done
+
+	CLIENT_INTFS="${CLIENT_INTFS} ${interface}"
+}
+
+start_ddnsmngr_service() {
+	rm -rf $CONFIGPATH
+	mkdir $CONFIGPATH
+	mkdir -p $PIDPATH
+
+	config_load ddnsmngr
+	config_foreach add_object host
+
+	i=1
+	for conf in $CONFIG_FILES; do
+		instance="ddnsmngr_${i}"
+		i=$(( i + 1 ))
+
+		procd_open_instance $instance
+		procd_set_param command "$PROG"
+		procd_append_param command -f "${CONFIGPATH}/${conf}"
+		procd_append_param command -l debug
+		procd_append_param command -P "${PIDPATH}/${conf}"
+		procd_append_param command -n -C
+		procd_close_instance
+	done
+}
+
+stop_ddnsmngr_service() {
+	rm -rf $CONFIGPATH
+	return 0
+}
+
+add_ddnsmngr_triggers() {
+	procd_open_trigger
+	for intf in $CLIENT_INTFS; do
+		# No need to handle other ifevents like ifupdate etc
+		procd_add_interface_trigger "interface.*.up" $intf /etc/init.d/ddnsmngr restart
+	done
+	procd_close_trigger
+}
--- a/decollector/Makefile
+++ b/decollector/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=decollector
-PKG_VERSION:=4.2.1.1
+PKG_VERSION:=4.2.1.4

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ae836adb0779979686d0dad34b941f319ffed1b8
+PKG_SOURCE_VERSION:=c18d0f411eea6974fc99dd9e717269087e75e874
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -29,7 +29,7 @@ define Package/decollector
  CATEGORY:=Utilities
  TITLE:=WiFi DataElements Collector Proxy
  DEPENDS:=+libuci +libubox +ubus +libpthread +libnl-genl \
-	   +libeasy +libwifiutils +libieee1905 +map-plugin
+	   +libeasy +libwifiutils +libieee1905 +ieee1905-map-plugin
 endef

 define Package/decollector/description
--- a/dectmngr/Makefile
+++ b/dectmngr/Makefile
@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.6.4
+PKG_VERSION:=3.6.5

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=d9cc11c81ce1ff625e4e789afa180b301c7fcf74
+PKG_SOURCE_VERSION:=192e74db2082e3f89f6defe9d752d752b0b09079
 PKG_MIRROR_HASH:=skip
 endif

--- a/dnsmngr/Makefile
+++ b/dnsmngr/Makefile
@@ -0,0 +1,50 @@
+#
+# Copyright (C) 2022-2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dnsmngr
+PKG_VERSION:=1.0.2
+
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
+PKG_SOURCE_VERSION:=3abb2b026c697b63f574bdc619e912e85ea55115
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+MAKE_PATH:=src
+
+define Package/dnsmngr
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +dnsmasq +umdns
+  TITLE:=Package to add Device.DNS. datamodel support
+endef
+
+define Package/dnsmngr/description
+  Package to add Device.DNS. datamodel support.
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/dnsmngr/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/dnsmngr/install
+	$(INSTALL_DIR) $(1)/etc/dnsmngr
+	$(CP) $(PKG_BUILD_DIR)/src/libdnsmngr.so $(1)/etc/dnsmngr
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/dnsmngr/input.json)
+endef
+
+$(eval $(call BuildPackage,dnsmngr))
--- a/dnsmngr/files/etc/dnsmngr/input.json
+++ b/dnsmngr/files/etc/dnsmngr/input.json
@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/dnsmngr/libdnsmngr.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"object": "DNS",
+			"root_obj": "bbfdm"
+		}
+	}
+}
--- a/dslmngr/Makefile
+++ b/dslmngr/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dslmngr
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.3

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=cb8b8fd2549751bcd38808391b76a1a9a908c4de
+PKG_SOURCE_VERSION:=6009d4cdabc2fb6827a1dd6096a96e720e97750b
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/dslmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
@@ -26,6 +26,7 @@ PKG_LICENSE_FILES:=LICENSE


 include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk

 ifeq ($(CONFIG_TARGET_brcmbca),y)
  TARGET_PLATFORM=BROADCOM
@@ -39,7 +40,7 @@ define Package/dslmngr
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=XDSL status and configration utility
-  DEPENDS:=+libdsl +libuci +libubox +ubus +libpthread +libnl-genl +libeasy
+  DEPENDS:=+libdsl +libuci +libubox +ubus +libpthread +libnl-genl +libeasy +libbbfdm-api
 endef

 define Package/dslmngr/description
@@ -69,12 +70,14 @@ define Build/Compile
 endef

 define Package/dslmngr/install
+	$(INSTALL_DIR) $(1)/etc/dsl
 	$(CP) ./files/common/* $(1)/
 ifeq ($(CONFIG_TARGET_brcmbca),y)
 	$(CP) ./files/broadcom/* $(1)/
 endif
 	$(INSTALL_DIR) $(1)/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dslmngr $(1)/sbin/
+	$(CP) $(PKG_BUILD_DIR)/libbbfdsl.so $(1)/etc/dsl/
 endef

 $(eval $(call BuildPackage,dslmngr))
--- a/dslmngr/files/common/etc/bbfdm/micro_services/dsl.json
+++ b/dslmngr/files/common/etc/bbfdm/micro_services/dsl.json
@@ -0,0 +1,17 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/dsl/libbbfdsl.so"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"root_obj": "bbfdm",
+			"multiple_objects": ["DSL","PTM","ATM","FAST"]
+		}
+	}
+}
--- a/ethmngr/Config.in
+++ b/ethmngr/Config.in
@@ -0,0 +1,9 @@
+if (PACKAGE_ethmngr)
+
+menu "Configurations"
+
+config TR181_VENDOR_EXTENSIONS_MACVLAN
+	bool "Use TR181 vendor extension MACVLAN"
+	default y
+endmenu
+endif
--- a/ethmngr/Makefile
+++ b/ethmngr/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=ethmngr
-PKG_VERSION:=2.1.2
+PKG_VERSION:=2.1.4

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=e5cccdd45a93d969d51c4085cb52b543df544811
+PKG_SOURCE_VERSION:=a64e2775a3931f4e4624c9314658132ae9b7c5e3
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -21,12 +21,13 @@ PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=LICENSE

 include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk

 define Package/ethmngr
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=Ethernet status and configration utility
-  DEPENDS:=+(TARGET_brcmbca||TARGET_airoha||TARGET_ipq95xx||TARGET_ipq53xx||TARGET_mediatek):libethernet +libuci +libubox +ubus +libpthread +libnl-genl
+  DEPENDS:=+(TARGET_brcmbca||TARGET_airoha||TARGET_ipq95xx||TARGET_ipq53xx||TARGET_mediatek):libethernet +libuci +libubox +ubus +libpthread +libnl-genl +libeasy +libbbfdm-api
 endef

 define Package/ethmngr/description
@@ -35,6 +36,10 @@ define Package/ethmngr/description
 It uses APIs from the libethernet.so library.
 endef

+define Package/$(PKG_NAME)/config
+       source "$(SOURCE)/Config.in"
+endef
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
        $(CP) -rf ./ethmngr/* $(PKG_BUILD_DIR)/
@@ -44,7 +49,12 @@ endif
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
 	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
+	-D_GNU_SOURCE \
+	-DBBF_VENDOR_PREFIX=\\\"$(CONFIG_BBF_VENDOR_PREFIX)\\\"
+
+ifeq ($(CONFIG_TR181_VENDOR_EXTENSIONS_MACVLAN),y)
+TARGET_CFLAGS += -DTR181_VENDOR_EXTENSIONS_MACVLAN
+endif

 ifeq ($(CONFIG_TARGET_brcmbca)$(CONFIG_TARGET_airoha)$(CONFIG_TARGET_ipq95xx)$(CONFIG_TARGET_ipq53xx)$(CONFIG_TARGET_mediatek),)
 define Build/Compile
@@ -53,10 +63,15 @@ endif

 define Package/ethmngr/install
 	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc/ethmngr
+	$(INSTALL_DIR) $(1)/etc/ethmngr/plugins
 ifneq ($(CONFIG_TARGET_brcmbca)$(CONFIG_TARGET_airoha)$(CONFIG_TARGET_ipq95xx)$(CONFIG_TARGET_ipq53xx)$(CONFIG_TARGET_mediatek),)
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ethmngr $(1)/usr/sbin/
 endif
+	$(CP) $(PKG_BUILD_DIR)/libbbfethernet.so $(1)/etc/ethmngr
+	$(CP) $(PKG_BUILD_DIR)/libbbfethernetmacvlan.so $(1)/etc/ethmngr/plugins
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bbfdm/micro_services/ethernet.json)
 endef

 $(eval $(call BuildPackage,ethmngr))
--- a/ethmngr/files/etc/bbfdm/micro_services/ethernet.json
+++ b/ethmngr/files/etc/bbfdm/micro_services/ethernet.json
@@ -0,0 +1,18 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/ethmngr/libbbfethernet.so",
+			"plugin_dir": "/etc/ethmngr/plugins"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"object": "Ethernet",
+			"root_obj": "bbfdm"
+		}
+	}
+}
--- a/firewallmngr/Makefile
+++ b/firewallmngr/Makefile
@@ -0,0 +1,59 @@
+#
+# Copyright (C) 2022-2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=firewallmngr
+PKG_VERSION:=1.0.0
+
+#LOCAL_DEV:=1
+#ifneq ($(LOCAL_DEV),1)
+#PKG_SOURCE_PROTO:=git
+#PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/firewallmngr.git
+#PKG_SOURCE_VERSION:=4f429e25c6e7a69c5171186731bc560befa5a660
+#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+#PKG_MIRROR_HASH:=skip
+#endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+#MAKE_PATH:=src
+
+define Package/firewallmngr
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=TRx69
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api +firewall
+  TITLE:=Package to add Device.Firewall data model support.
+endef
+
+define Package/firewallmngr/description
+  Package to add Device.Firewall data model support.
+endef
+
+#ifeq ($(LOCAL_DEV),0)
+#define Build/Prepare
+#	$(CP) -rf ./src/* $(PKG_BUILD_DIR)/
+#endef
+#endif
+
+define Package/firewallmngr/install
+	$(INSTALL_DIR) $(1)/etc/firewallmngr
+	$(INSTALL_DIR) $(1)/etc/firewallmngr/plugins
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/lib/fwmngr
+	$(INSTALL_DATA) ./files/etc/config/firewallmngr  $(1)/etc/config/
+	$(INSTALL_DATA) ./files/etc/init.d/firewallmngr  $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/lib/fwmngr/fwmngr.sh  $(1)/lib/fwmngr/
+	$(call BbfdmInstallPluginInMicroservice, $(1)/etc/firewallmngr,./files/etc/firewallmngr/nat.json)
+	$(call BbfdmInstallPluginInMicroservice, $(1)/etc/firewallmngr/plugins,$(PKG_BUILD_DIR)/libfirewallmngr.so)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/bbfdm/micro_services/firewallmngr.json)
+endef
+
+$(eval $(call BuildPackage,firewallmngr))
--- a/firewallmngr/files/etc/bbfdm/micro_services/firewallmngr.json
+++ b/firewallmngr/files/etc/bbfdm/micro_services/firewallmngr.json
@@ -0,0 +1,18 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "4"
+		},
+		"input": {
+			"type": "JSON",
+			"name": "/etc/firewallmngr/nat.json",
+			"plugin_dir": "/etc/firewallmngr/plugins"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"root_obj": "bbfdm",
+			"multiple_objects": ["NAT","Firewall"]
+		}
+	}
+}
--- a/firewallmngr/files/etc/config/firewallmngr
+++ b/firewallmngr/files/etc/config/firewallmngr
@@ -0,0 +1,133 @@
+config firewall 'firewall'
+	option config 'Advanced'
+	option Advanced_level 'level1'
+
+config level 'level1'
+	option name 'level1'
+	option chain 'chain1'
+	option port_mapping_enabled '1'
+	option default_policy 'reject'
+	option default_log_policy '0'
+	option enable '1'
+
+config chain 'chain1'
+	option enable '1'
+	option name 'chain1'
+
+config rule 'rule1'
+	option chain 'chain1'
+	option enable '1'
+	option order '1'
+	option target 'accept'
+	option source_interface 'lan'
+
+config rule 'rule2'
+	option chain 'chain1'
+	option enable '1'
+	option order '2'
+	option description 'Allow-DHCP-Renew'
+	option target 'accept'
+	option source_interface 'wan'
+	option ip_version '4'
+	option protocol '17'
+	option dest_port '68'
+
+config rule 'rule3'
+	option chain 'chain1'
+	option enable '1'
+	option order '3'
+	option description 'Allow-Ping'
+	option target 'accept'
+	option source_interface 'wan'
+	option ip_version '4'
+	option protocol '1'
+
+config rule 'rule4'
+	option chain 'chain1'
+	option enable '1'
+	option order '4'
+	option description 'Allow-IGMP'
+	option target 'accept'
+	option source_interface 'wan'
+	option ip_version '4'
+	option protocol '2'
+
+config rule 'rule5'
+	option chain 'chain1'
+	option enable '1'
+	option order '5'
+	option description 'Allow-DHCPv6'
+	option target 'accept'
+	option source_interface 'wan'
+	option ip_version '6'
+	option protocol '17'
+	option dest_port '546'
+
+config rule 'rule6'
+	option chain 'chain1'
+	option enable '1'
+	option order '6'
+	option description 'Allow-MLD'
+	option target 'accept'
+	option source_interface 'wan'
+	option ip_version '6'
+	option source_ip 'fe80::'
+	option source_mask 'fe80::/10'
+	option protocol '1'
+
+config rule 'rule7'
+	option chain 'chain1'
+	option enable '1'
+	option order '7'
+	option description 'Allow-ICMPv6-Input'
+	option target 'accept'
+	option source_interface 'wan'
+	option ip_version '6'
+	option protocol '1'
+
+config rule 'rule8'
+	option chain 'chain1'
+	option enable '1'
+	option order '8'
+	option description 'Allow-ICMPv6-Forward'
+	option target 'accept'
+	option source_interface 'wan'
+	option dest_all_interface '1'
+	option ip_version '6'
+	option protocol '1'
+
+config rule 'rule9'
+	option chain 'chain1'
+	option enable '1'
+	option order '9'
+	option description 'Allow-IPSec-ESP'
+	option target 'accept'
+	option source_interface 'wan'
+	option dest_interface 'lan'
+	option protocol '50'
+
+config rule 'rule10'
+	option chain 'chain1'
+	option enable '1'
+	option order '10'
+	option description 'Allow-ISAKMP'
+	option target 'accept'
+	option source_interface 'wan'
+	option dest_interface 'lan'
+	option protocol '17'
+	option dest_port '500'
+
+config rule 'rule11'
+	option chain 'chain1'
+	option enable '1'
+	option order '11'
+	option description 'Support-UDP-Traceroute'
+	option target 'reject'
+	option source_interface 'wan'
+	option ip_version '4'
+	option protocol '17'
+	option dest_port '33434'
+	option dest_port_range_max '33689'
+
+
+
--- a/firewallmngr/files/etc/firewallmngr/nat.json
+++ b/firewallmngr/files/etc/firewallmngr/nat.json
@@ -0,0 +1,566 @@
+{
+	"json_plugin_version": 2,
+	"Device.NAT.": {
+			"type": "object",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"access": false,
+			"array": false,
+			"InterfaceSettingNumberOfEntries": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "unsignedInt",
+				"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"object": "firewallmngr",
+						"section": {
+							"type": "nat_interface_setting"
+						},
+						"option": {
+							"name": "@Count"
+						}
+					}
+				}
+				]
+			},
+			"PortMappingNumberOfEntries": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "unsignedInt",
+				"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"object": "firewallmngr",
+						"section": {
+							"type": "nat_portmapping"
+						},
+						"option": {
+							"name": "@Count"
+						}
+					}
+				}
+				]
+
+			},
+			"MaxNumberOfPortMappings": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": false,
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"datatype": "unsignedInt",
+				"default": "32"
+			},
+			"Device.NAT.InterfaceSetting.{i}.": {
+				"type": "object",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"uniqueKeys": [
+					"Alias",
+					"Interface"
+				],
+				"access": true,
+				"array": true,
+				"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "firewallmngr", 
+						"section": {
+							"type": "nat_interface_setting"
+						}, 
+						"dmmapfile": "dmmap_nat"
+					}
+				}
+				],
+				"Enable": {
+					"type": "boolean",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "false",
+					"datatype": "boolean",
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "enable"
+					}
+					]
+				},
+				"Status": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "Disabled",
+					"datatype": "string",
+					"enumerations": [
+						"Disabled",
+						"Enabled",
+						"Enabled_NATForcedDisabled",
+						"Enabled_PortMappingDisabled",
+						"Error_Misconfigured",
+						"Error"
+					]
+				},
+				"Alias": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "Alias",
+					"range": [
+						{
+							"max": 64
+						}
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "alias"
+					}
+					]
+
+				},
+				"Interface": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 256
+						}
+					],
+					"flags": [
+						"Reference"
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "interface",
+						"linker_obj": "Device.IP.Interface.[Name==@key]."
+					}
+					]
+				},
+				"SourceNetwork": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"list": {
+						"datatype": "string",
+						"range": [
+							{
+								"max": 256
+							}
+						]
+					}
+				},
+				"TCPTranslationTimeout": {
+					"type": "int",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "300",
+					"datatype": "int",
+					"range": [
+						{
+							"min": -1
+						}
+					],
+					"unit": "seconds"
+				},
+				"UDPTranslationTimeout": {
+					"type": "int",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "30",
+					"datatype": "int",
+					"range": [
+						{
+							"min": -1
+						}
+					],
+					"unit": "seconds"
+				}
+			},
+			"Device.NAT.PortMapping.{i}.": {
+				"type": "object",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"uniqueKeys": [
+					"Alias",
+					"RemoteHost",
+					"ExternalPort",
+					"Protocol"
+				],
+				"access": true,
+				"array": true,
+				"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "firewallmngr", 
+						"section": {
+							"type": "nat_portmapping"
+						}, 
+						"dmmapfile": "dmmap_nat"
+					}
+				}
+				],
+				"Enable": {
+					"type": "boolean",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "false",
+					"datatype": "boolean",
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "enable"
+					}
+					]
+				},
+				"Status": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "Disabled",
+					"datatype": "string",
+					"enumerations": [
+						"Disabled",
+						"Enabled",
+						"Error_Misconfigured",
+						"Error"
+					]
+				},
+				"Origin": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "Controller",
+					"datatype": "string",
+					"enumerations": [
+						"User",
+						"System",
+						"UPnP",
+						"Controller"
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "origin"
+					}
+					]
+
+				},
+				"Alias": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "Alias",
+					"range": [
+						{
+							"max": 64
+						}
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "alias"
+					}
+					]
+
+				},
+				"Interface": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 256
+						}
+					],
+					"flags": [
+						"Reference"
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "interface",
+						"linker_obj": "Device.IP.Interface.*.Name"
+					}
+					]
+				},
+				"AllInterfaces": {
+					"type": "boolean",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "false",
+					"datatype": "boolean",
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "all_interfaces"
+					}
+					]
+
+				},
+				"LeaseDuration": {
+					"type": "unsignedInt",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "unsignedInt",
+					"unit": "seconds",
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "lease_duration"
+					}
+					]
+
+				},
+				"RemoteHost": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "string",
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "remote_host"
+					}
+					]
+
+				},
+				"ExternalPort": {
+					"type": "unsignedInt",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "unsignedInt",
+					"range": [
+						{
+							"min": 0,
+							"max": 65535
+						}
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "external_port"
+					}
+					]
+
+				},
+				"ExternalPortEndRange": {
+					"type": "unsignedInt",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"default": "0",
+					"datatype": "unsignedInt",
+					"range": [
+						{
+							"min": 0,
+							"max": 65535
+						}
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "external_port_end"
+					}
+					]
+
+				},
+				"InternalPort": {
+					"type": "unsignedInt",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "unsignedInt",
+					"range": [
+						{
+							"min": 0,
+							"max": 65535
+						}
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "internal_port"
+					}
+					]
+
+				},
+				"Protocol": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "string",
+					"enumerations": [
+						"TCP",
+						"UDP"
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "protocol"
+					}
+					]
+
+				},
+				"InternalClient": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 256
+						}
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "internal_client"
+					}
+					]
+
+				},
+				"Description": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"datatype": "string",
+					"range": [
+						{
+							"max": 256
+						}
+					],
+					"mapping": [
+					{
+						"data": "@Parent",
+						"type": "uci_sec",
+						"key": "description"
+					}
+					]
+				}
+			}
+		}
+}
--- a/firewallmngr/files/etc/init.d/firewallmngr
+++ b/firewallmngr/files/etc/init.d/firewallmngr
@@ -0,0 +1,16 @@
+#!/bin/sh /etc/rc.common
+
+START=18
+USE_PROCD=1
+
+. /lib/fwmngr/fwmngr.sh
+. /etc/bbfdm/bbfdm_services.sh
+
+
+start_service() {
+	configure_firewall
+}
+
+service_triggers() {
+	procd_add_reload_trigger firewallmngr
+}
--- a/firewallmngr/files/lib/fwmngr/fwmngr.sh
+++ b/firewallmngr/files/lib/fwmngr/fwmngr.sh
@@ -0,0 +1,300 @@
+#!/bin/sh
+#set -x
+
+. /lib/functions.sh
+
+TEMP_UCI_PATH="/tmp/firewall"
+
+INPUT="REJECT"
+OUTPUT="ACCEPT"
+FORWARD="REJECT"
+
+zone_list=""
+
+get_rule_ip_family() {
+	if [ "$1" == "4" ]; then
+		echo "ipv4"
+	elif [ "$1" == "6" ]; then
+		echo "ipv6"
+	else
+		echo "-1"
+	fi
+}
+
+set_rule_target() {
+	local rule_sec="$1"
+	local target="$2"
+	local targetchain="$3"
+	if [ "$target" == "Accept" ] || [ "$target" == "accept" ] || [ "$target" == "Reject" ] || [ "$target" == "reject" ] || [ "$target" == "Drop" ] || [ "$target" == "drop" ]; then
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.target="$(echo $target | awk '{ print toupper($target) }')"
+	elif [ "$target" == "Retrun" ]; then
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.target="MARK"
+	elif [ "$target" == "TargetChain" ]; then
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.target="$targetchain"
+	else
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.target="DROP"
+	fi
+}
+
+set_rule_protocol() {
+	local rule_sec="$1"
+	local protocol="$protocol"
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.proto="$protocol"
+#TODO implementaton to configure icmpType
+}
+
+create_firewall_zone_config() {
+	local intf="$1"
+	local masq="$2"
+	local zone_exist="false"
+	local is_bridge="false"
+	local intf_dev=""
+	local dev=""
+	local zn=""
+
+	is_device_type_bridge() {
+		config_get dev $1 "name"
+		config_get dev_type $1 "type"
+		if [ "$dev" == "$intf_dev" ] &&  [ "$dev_type" == "bridge" ]; then
+			is_bridge="true"
+		fi
+	}
+
+	for zn in $zone_list; do
+		if [ "$zn" == "$intf" ]; then
+			zone_exist="true"
+		fi
+	done
+	if [ "$zone_exist" == "false" ]; then
+		zone_list="$zone_list $intf"
+
+		#default masq is set to 1 for zone wan
+		if [ "$intf" == "wan" ]; then
+			masq="1"
+		fi
+	
+		zone_sec=$(uci -p "$TEMP_UCI_PATH" add "firewall" "zone")
+		uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.enabled="1"
+		uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.name="$intf"
+
+		intf_dev=$(uci -q get network.$intf.device)
+		config_load network
+		config_foreach is_device_type_bridge device 
+
+		uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.output="$OUTPUT"
+		if [ "$is_bridge" == "true" ]; then
+			uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.input="ACCEPT"
+			uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.forward="ACCEPT"
+		else
+			uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.input="REJECT"
+			uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.forward="REJECT"
+		fi
+		uci -p "$TEMP_UCI_PATH" add_list firewall.$zone_sec.network="$intf"
+		[ "$masq" == "1" ] && uci -p "$TEMP_UCI_PATH" set firewall.$zone_sec.masq="1"
+		uci -p "$TEMP_UCI_PATH" rename firewall.$zone_sec="$intf"
+	else
+		[ "$masq" == "1" ] && uci -p "$TEMP_UCI_PATH" add_list firewall.${intf}.masq="1"
+	fi
+}
+
+#create_redirect_config() {
+
+#}
+
+handle_firewall_rule() {
+	local rule="$1"
+	local chain_name="$2"
+	local chain=""
+	local is_enable=""
+	local src_intf=""
+	local ip_version=""
+	local ip_famiexitproto=""
+	local protocol=""
+	local dest_intf=""
+	local target=""
+	local targetchain=""
+	local desc=""
+	local dest_port=""
+	local src_port=""
+	local src_port_range_max=""
+	local dest_port_range_max=""
+	local src_ip=""
+	local dest_ip=""
+
+	config_get is_enable "$rule" "enable" 0
+	[ "$is_enable" == "1" ] || return
+
+	config_get chain "$rule" "chain"
+	[ "$chain" == "$chain_name" ] || return
+
+	config_get src_intf "$rule" "source_interface"
+	config_get dest_intf "$rule" "dest_interface"
+
+	if [ -n "$src_intf" ]; then
+		create_firewall_zone_config "$src_intf" "0"
+	fi
+
+	if [ -n "$dest_intf" ]; then
+		create_firewall_zone_config "$dest_intf" "0"
+	fi
+
+	config_get ip_version "$rule" "ip_version"
+	ip_family="$(get_rule_ip_family $ip_version)"
+	config_get protocol "$rule" "protocol"
+	config_get src_port "$rule" "src_port"
+	config_get dest_port "$rule" "dest_port"
+	config_get src_ip "$rule" "src_ip"
+	config_get dest_ip "$rule" "dest_ip"
+	config_get dest_port_range_max "$rule" "dest_port_range_max"
+	config_get src_port_range_max "$rule" "src_port_range_max"
+	config_get target "$rule" "target"
+	config_get targetchain "$rule" "targetchain"
+	config_get desc "$rule" "description"
+
+	rule_sec=$(uci -p "$TEMP_UCI_PATH" add firewall rule)
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.enabled="1"
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.name="$desc"
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.src="$src_intf"
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.dst="$dst_intf"
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.family="$ip_family"
+	set_rule_target "$rule_sec" "$target" "$tagetchain"
+	set_rule_protocol "$rule_sec" "$protocol"
+	if [ -z "$dest_port_range_max" ]; then
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.dest_port="$dest_port"
+	else
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.dest_port="$dest_port:$dest_port_range_max"
+	fi
+
+	if [ -z "$src_port_range_max" ]; then
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.src_port="$src_port"
+	else
+		uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.src_port="$src_port:$src_port_range_max"
+	fi
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.src_ip="$src_ip"
+	uci -p "$TEMP_UCI_PATH" set firewall.$rule_sec.dest_ip="$dest_ip"
+        uci -p "$TEMP_UCI_PATH" rename firewall.$rule_sec="$rule"
+}
+
+handle_nat_interface_setting() {
+	local nat_intf_cfg="$1"
+	local interface=""
+	local enable=""
+
+	config_get enable $nat_intf_cfg "enable"
+	[ -z "$enable" ] && return
+	config_get interface $nat_intf_cfg "interface"
+	if [ "$enable" == "1" ] && [ -n "$interface" ]; then
+		create_firewall_zone_config "$interface" "1"
+	fi
+}
+
+handle_nat_port_mapping() {
+	local nat_port_cfg="$1"
+	local enable=""
+	local interface=""
+	local all_interface=""
+	local lease_duration=""
+	local remote_host=""
+	local external_port=""
+	local external_port_end=""
+	local internal_port=""
+	local protocol=""
+	local internal_client=""
+	local description=""
+	local redirect_sec=""
+	local epoch_sec=""
+	local stop_epoch=""
+	local stop_ymd=""
+	local stop_hms=""
+
+	config_get enable $nat_port_cfg "enable"
+	masq=$(uci -q get firewall.$interface.masq)
+	if [ -z "$enable" ] && ! [ "$masq" == "1" ]; then
+		return
+	fi
+	config_get interface $nat_port_cfg "interface"
+	config_get internal_client $nat_port_cfg "internal_client"
+	if [ -z "$interface" ] || [ -z "$internal_client" ]; then
+		return
+	fi
+	config_get all_interface $nat_port_cfg "all_interface"
+	config_get lease_duration $nat_port_cfg "lease_duration"
+	config_get remote_host $nat_port_cfg "remote_host"
+	config_get external_port $nat_port_cfg "external_port" "0"
+	config_get external_port_end $nat_port_cfg "external_port_end" "0"
+	config_get internal_port $nat_port_cfg "internal_port"
+	config_get protocol $nat_port_cfg "protocol"
+	protocol=$(echo $protocol | awk '{print tolower($0)}')
+	config_get description $nat_port_cfg "description"
+
+	redirect_sec=$(uci -p "$TEMP_UCI_PATH" add firewall redirect)
+	uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.src="$interface"
+	uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.enabled="1"
+	uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.dest_ip="$internal_client"
+	[ -z "$protocol" ] || uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.protocol="$protocol"
+	[ -z "$remote_host" ] || uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.src_ip="$remote_host"
+	if [ -n "$lease_duration" ] && ! [ "$lease_duration" == "0" ]; then
+		epoch_sec=$(date +%s)
+		stop_epoch=$(( epoch_sec + lease_duration ))
+		stop_ymd=$(date -d @${stop_epoch} +%Y-%m-%d)
+		stop_hms=$(date -d @${stop_epoch} +%H:%M:%S)
+		uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.stop_date="$stop_ymd"
+		uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.stop_time="$stop_hms"
+	fi
+	if [ "$external_port_end" == "0" ]; then
+		if ! [ "$external_port" == "0" ]; then
+			uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.src_dport="$external_port"
+		fi
+	else
+		uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.src_dport="$external_port-$external_port_end"
+	fi
+	[ -z "$internal_port" ] || uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.dest_port="$internal_port"
+	[ -z "$description" ] || uci -p "$TEMP_UCI_PATH" set firewall.$redirect_sec.description="$description"
+
+        uci -p "$TEMP_UCI_PATH" rename firewall.$redirect_sec="$nat_port_cfg"
+}
+
+configure_firewall() {
+	rm -rf "$TEMP_UCI_PATH"/firewall 2>/dev/null
+	mkdir -p "$TEMP_UCI_PATH"
+	touch "$TEMP_UCI_PATH"/firewall
+	zone_list=""
+
+	config_load firewallmngr
+	fw_config="$(uci -q get firewallmngr.firewall.config)"
+	[ -z "$fw_config" ] && return
+	[ "$fw_config" == "Advanced" ] || return
+
+	fw_level="$(uci -q get firewallmngr.firewall.${fw_config}_level)"
+	[ -z "$fw_level" ] && return
+	enabled="$(uci -q get firewallmngr.${fw_level}.enable)"
+
+	[ "$enabled" == "1" ] || exit
+
+	chain="$(uci -q get firewallmngr.${fw_level}.chain)"
+	[ -z "$chain" ] && exit
+
+	enabled="$(uci -q get firewallmngr.${chain}.enable)"
+	chain_name="$(uci -q get firewallmngr.${chain}.name)"
+
+#configure firewall global config
+	global_sec=$(uci -p "$TEMP_UCI_PATH" add firewall globals)
+        uci -p "$TEMP_UCI_PATH" set firewall.$global_sec.enabled="1"
+        uci -p "$TEMP_UCI_PATH" rename firewall.$global_sec="globals"
+
+#configure firewall default config
+	default_sec=$(uci -p "$TEMP_UCI_PATH" add firewall default)
+	uci -p "$TEMP_UCI_PATH" set firewall.$default_sec.syn_flood="1"
+	uci -p "$TEMP_UCI_PATH" set firewall.$default_sec.input="$INPUT"
+	uci -p "$TEMP_UCI_PATH" set firewall.$default_sec.output="$OUTPUT"
+	uci -p "$TEMP_UCI_PATH" set firewall.$default_sec.forward="$FORWARD"
+
+	config_foreach handle_firewall_rule rule "$chain_name"
+
+	config_load firewallmngr
+	config_foreach handle_nat_interface_setting nat_interface_setting
+	config_foreach handle_nat_port_mapping nat_portmapping
+
+	uci -c "$TEMP_UCI_PATH" commit firewall
+	cp "$TEMP_UCI_PATH"/firewall /etc/config/
+}
--- a/firewallmngr/src/Makefile
+++ b/firewallmngr/src/Makefile
@@ -0,0 +1,17 @@
+LIB = libfirewallmngr.so
+
+LIB_OBJS = firewallmngr.o
+
+PROG_CFLAGS = $(CFLAGS) -Wall -Werror -fPIC
+LIB_LDFLAGS = $(LDFLAGS)
+
+%.o: %.c
+	$(CC) $(PROG_CFLAGS) -c -o $@ $<
+
+all: $(LIB)
+
+$(LIB): $(LIB_OBJS)
+	$(CC) $(PROG_CFLAGS) -shared -o $@ $^ $(LIB_LDFLAGS)
+
+clean:
+	rm -f *.o $(LIB)
--- a/firewallmngr/src/common.c
+++ b/firewallmngr/src/common.c
@@ -0,0 +1,12 @@
+char *Config[] = {"High", "Low", "Off", "Advanced", "Policy", NULL};
+char *DefaultPolicy[] = {"Drop", "Accept", "Reject", NULL};
+char *TargetChain[] = {"Drop", "Accept", "Reject", "Chain", NULL};
+char *ReverseTargetChain[] = {"Drop", "Accept", "Reject", "Chain", NULL};
+char *Target[] = {"Drop", "Accept", "Reject", "Return", "TargetChain", NULL};
+char *ConnectionState[] = {"INVALID", "NEW", "RELATED", "ESTABLISHED", NULL};
+char *MACAddress[] = {"^$", "^([0-9A-Fa-f][0-9A-Fa-f]:){5}([0-9A-Fa-f][0-9A-Fa-f])$", NULL};
+char *MACAddress[] = {"^$", "^([0-9A-Fa-f][0-9A-Fa-f]:){5}([0-9A-Fa-f][0-9A-Fa-f])$", NULL};
+char *Origin[] = {"User", "System", "Controller", NULL};
+char *IPv4Address[] = {"^$", "^((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])$", NULL};
+char *IPv4Prefix[] = {"^$", "^/(3[0-2]|[012]?[0-9])$", "^((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/(3[0-2]|[012]?[0-9])$", NULL};
+char *Action[] = {"Drop", "Accept", "Reject", NULL};
--- a/firewallmngr/src/firewallmngr.c
+++ b/firewallmngr/src/firewallmngr.c
--- a/firewallmngr/src/firewallmngr.h
+++ b/firewallmngr/src/firewallmngr.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2024 iopsys Software Solutions AB
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ *	Author: Husaam Mehdi <husaam.mehdi@iopsys.eu>
+ */
+
+#ifndef __FIREWALLMNGR_H
+#define __FIREWALLMNGR_H
+
+#include <libbbfdm-api/dmcommon.h>
+#include <libbbfdm_api.h>
+
+extern DMOBJ tFirewallObj[];
+extern DMLEAF tFirewallParams[];
+extern DMLEAF tFirewallLevelParams[];
+extern DMOBJ tFirewallChainObj[];
+extern DMLEAF tFirewallChainParams[];
+extern DMLEAF tFirewallChainRuleParams[];
+extern DMLEAF tFirewallDMZParams[];
+extern DMLEAF tFirewallServiceParams[];
+
+#endif //__FIREWALLMNGR_H
--- a/hostmngr/Makefile
+++ b/hostmngr/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=hostmngr
-PKG_VERSION:=1.1.4
+PKG_VERSION:=1.2.3

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=edb5bbe57c5bc83035e217c73071c9b3e878dc22
+PKG_SOURCE_VERSION:=b4990b384461f2d1ff75a122a7fa5d9276f211bb
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -31,7 +31,8 @@ define Package/hostmngr
  DEPENDS= +libubox +libuci +libubus +ubus +libeasy +libnl-genl \
 	   +libjson-c +libblobmsg-json +libnfnetlink +libmnl \
 	   +libnetfilter-conntrack \
-	   +HOSTMNGR_PLATFORM_HAS_WIFI:libwifi +libbbfdm-api
+	   +HOSTMNGR_PLATFORM_HAS_WIFI:libwifi +libbbfdm-api \
+	   +libwifiutils

 endef

@@ -57,12 +58,11 @@ endif
 MAKE_PATH:=src

 define Package/hostmngr/install
-	$(CP) ./files/* $(1)/
+	$(CP) ./files/etc $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/hostmngr/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/hostmngr $(1)/usr/sbin/
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/bbf_plugin/libhostmngr.so $(1)/etc/hostmngr/
-	$(INSTALL_DATA) ./files/etc/hostmngr/input.json $(1)/etc/hostmngr/	
 	$(INSTALL_DIR) $(1)/usr/share/hostmngr
 	$(INSTALL_DATA) ./files/scripts/hosts_acl.sh $(1)/usr/share/hostmngr/
 endef
--- a/hostmngr/files/etc/bbfdm/micro_services/hostmngr.json
+++ b/hostmngr/files/etc/bbfdm/micro_services/hostmngr.json
@@ -1,12 +1,14 @@
 {
 	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
 		"input": {
 			"type": "DotSo",
 			"name": "/etc/hostmngr/libhostmngr.so"
 		},
 		"output": {
 			"type": "UBUS",
-			"name": "bbfdm.hosts",
 			"parent_dm": "Device.",
 			"object": "Hosts",
 			"root_obj": "bbfdm"
--- a/hostmngr/files/etc/init.d/hostmngr
+++ b/hostmngr/files/etc/init.d/hostmngr
@@ -3,12 +3,8 @@
 START=65
 STOP=20

-. /etc/bbfdm/bbfdm_services.sh
-
 USE_PROCD=1

-HOSTS_JSON_INPUT="/etc/hostmngr/input.json"
-
 start_service() {
 	procd_open_instance
 	procd_set_param command "/usr/sbin/hostmngr" "--config hosts" "-o"  "/tmp/hostmngr.log" "-f"
@@ -18,7 +14,6 @@ start_service() {
 #	procd_set_param stderr 1
 	procd_close_instance
 	
-	bbfdm_add_service "bbfdm.hosts" "${HOSTS_JSON_INPUT}"
 	sh /usr/share/hostmngr/hosts_acl.sh
 }

--- a/hostmngr/files/scripts/hosts_acl.sh
+++ b/hostmngr/files/scripts/hosts_acl.sh
@@ -5,6 +5,9 @@
 day=""
 next_days=""
 prev_days=""
+schedule_added=""
+
+ACCESS_RULE=""
 IP_RULE=""
 IP_RULE1=""

@@ -108,70 +111,77 @@ ip_rule_east_zone() {
 	fi
 }

-process_ac_schedule() {
-	local acs_id="$1"
-	local is_enabled
-	local access_control
-	local start_time=""
-	local mac=""

+add_access_rule() {
+	local rule="$1"
+	echo "iptables -w -A hosts_forward ${rule}" >> $ACL_FILE
+	echo "ip6tables -w -A hosts_forward ${rule}" >> $ACL_FILE
+}

-	handle_day_list() {
-		local value=$1
+handle_day_list() {
+	local value=$1

-		val=$(echo $value | cut -c 1-3)
-		next_day_val=$(get_next_day $val)
-		prev_day_val=$(get_previous_day $val)
-		if [ -z $day ]; then
-			day="$val"
-			next_days="$next_day_val"
-			prev_days="$prev_day_val"
-		else
-			day="$day,$val"
-			next_days="$next_days,$next_day_val"
-			prev_days="$prev_days,$prev_day_val"
-		fi
-	}
+	val=$(echo $value | cut -c 1-3)
+	next_day_val=$(get_next_day $val)
+	prev_day_val=$(get_previous_day $val)
+	if [ -z $day ]; then
+		day="$val"
+		next_days="$next_day_val"
+		prev_days="$prev_day_val"
+	else
+		day="$day,$val"
+		next_days="$next_days,$next_day_val"
+		prev_days="$prev_days,$prev_day_val"
+	fi
+}

-	config_list_foreach "$acs_id" "day" handle_day_list
-	config_get is_enabled "$acs_id" "enable" 1
-	config_get access_control "$acs_id" "dm_parent"
+handle_schedule() {
+	local schd_section="$1"
+	local ac_section="$2"
+	local acs_id
+	local start_time
+	local duration

-	if [ "$is_enabled" == "0" ] || [ -z "$access_control" ]; then
-		return
+	IP_RULE="$ACCESS_RULE"
+	IP_RULE1=""
+	day=""
+	next_days=""
+	prev_days=""
+
+	config_get acs_id "$schd_section" "dm_parent"
+
+	if [ "$acs_id" != "$ac_section" ]; then
+		return # schedule not for this access control section
 	fi

-	IP_RULE=""
-	IP_RULE1=""
-
-	config_get is_enabled "$access_control" "enable" 1
+	local is_enabled
+	config_get is_enabled "$schd_section" "enable" 0
 	if [ "$is_enabled" == "0" ]; then
 		return
 	fi

-	mac=$(uci -q get hosts.$access_control.macaddr)
-	access_policy=$(uci -q get hosts.$access_control.access_policy)
+	local all_days="Monday Tuesday Wednesday Thursday Friday Saturday Sunday"
+	local day_config
+	config_get day_config "$schd_section" "day" "$all_days"

-	config_get start_time "$acs_id" "start_time"
-	config_get duration "$acs_id" "duration"
+	IFS=" "
+	for d in $day_config; do
+		handle_day_list $d
+	done

-	if [ -z "$mac" ] && [ -z "$start_time" ] && [ -z "$duration" ] && [ -z "$day" ] && [ -z "$access_policy" ]; then
-		return
-	fi
-	if [ -n "$mac" ]; then
-		IP_RULE="$IP_RULE -m mac --mac-source $mac"
-	fi
+	config_get start_time "$schd_section" "start_time" "00:00"
+	config_get duration "$schd_section" "duration"

 	zone=$(date +%z | cut -c 1)
 	local_start_time=$start_time
-        if [ -n "$duration" ]; then
-		hh=$(echo $local_start_time | awk -F: '{ print $1 }')
-                mm=$(echo $local_start_time | awk -F: '{ print $2 }')
-                hh_s=`expr $hh \* 3600`
-                mm_s=`expr $mm \* 60`
-                ss=$(( hh_s + mm_s ))
-		local_start_hh=$hh
+	hh=$(echo $local_start_time | awk -F: '{ print $1 }')
+	mm=$(echo $local_start_time | awk -F: '{ print $2 }')
+	hh_s=`expr $hh \* 3600`
+	mm_s=`expr $mm \* 60`
+	ss=$(( hh_s + mm_s ))
+	local_start_hh=$hh

+        if [ -n "$duration" ]; then
                stop_ss=$(( ss + duration ))
                hh=$(( stop_ss / 3600 ))
               	rem_ss=$(( stop_ss % 3600 ))
@@ -179,6 +189,10 @@ process_ac_schedule() {
               	ss=$(( rem_ss % 60 ))
 		local_stop_time="$hh:$mm:$ss"
 		local_stop_hh=$hh
+	else
+		# if duartion is not specified, then apply rule to end of the day
+		local_stop_time="23:59:59"
+		local_stop_hh="23"
 	fi

 	utc_start_time=$(date -u -d @$(date "+%s" -d "$local_start_time") +%H:%M)
@@ -191,43 +205,91 @@ process_ac_schedule() {
 		ip_rule_east_zone $utc_start_hh $utc_stop_hh $local_start_hh $local_stop_hh $utc_start_time $utc_stop_time
 	fi

-	if [ "$access_policy" == "Deny" ]; then
-		IP_RULE="$IP_RULE -j DROP"
-		if [ -n "$IP_RULE1" ]; then
-			IP_RULE1="$IP_RULE1 -j DROP"
-		fi
-	else
-		IP_RULE="$IP_RULE -j ACCEPT"
-		if [ -n "$IP_RULE1" ]; then
-			IP_RULE1="$IP_RULE1 -j ACCEPT"
-		fi
-	fi
-
-	iptables -w -A hosts_forward ${IP_RULE}
-	ip6tables -w -A hosts_forward ${IP_RULE}
+	IP_RULE="$IP_RULE -j ACCEPT"
 	if [ -n "$IP_RULE1" ]; then
-		iptables -w -A hosts_forward ${IP_RULE1}
-		ip6tables -w -A hosts_forward ${IP_RULE1}
+		IP_RULE1="$IP_RULE1 -j ACCEPT"
 	fi

-	day=""
-	next_days=""
-	prev_days=""
+	add_access_rule "$IP_RULE"
+	if [ -n "$IP_RULE1" ]; then
+		add_access_rule "$IP_RULE1"
+	fi
+
+	# for access rules to be effective for a schedule, need to add DROP rule
+	# to block the access outside the defined schedule
+	if [ "$schedule_added" == "0" ]; then
+		schedule_added="1"
+	fi
 }

-iptables -w -F hosts_forward
-ip6tables -w -F hosts_forward
+handle_access_control() {
+	local ac_section="$1"
+	local is_enabled
+
+	# default value of Hosts.AccessControl.{i}.Enable is false,
+	# so, if not defined in uci as 1, assume 0
+	config_get is_enabled "$ac_section" "enable" 0
+	if [ "$is_enabled" == "0" ]; then
+		return
+	fi
+
+	local mac_addr
+	config_get mac_addr "$ac_section" "macaddr"
+	if [ -z "$mac_addr" ]; then
+		return
+	else
+		ACCESS_RULE="-m mac --mac-source $mac_addr"
+	fi
+
+	local access_policy
+	config_get access_policy "$ac_section" "access_policy"
+	if [ -z "$access_policy" ]; then
+		return # since system default is allow so no need to do anything
+	fi
+
+	# As per Data Model, if access policy is deny, then schedule is to be ignored
+	# and no access is to be provided for the device
+	if [ "$access_policy" == "Deny" ]; then
+		ACCESS_RULE="$ACCESS_RULE -j DROP"
+		add_access_rule "$ACCESS_RULE"
+		return # no need to parse schedule
+	fi
+
+	schedule_added="0"
+	# check if schedule is defined for this access_control instance
+	# and if yes, create rule accordingly
+	config_foreach handle_schedule  ac_schedule "$ac_section"
+
+	# for access rule to work, need to have default drop rule as last rule
+	if [ "$schedule_added" == "1" ]; then
+		IP_RULE="$ACCESS_RULE -j DROP"
+		add_access_rule "$IP_RULE"
+	fi
+}
+
+ACL_FILE="/tmp/hosts_access_control/access_control.rules"
+
+rm -f $ACL_FILE
+
+mkdir -p /tmp/hosts_access_control/
+touch $ACL_FILE
+
+echo "iptables -w -F hosts_forward" >> $ACL_FILE
+echo "ip6tables -w -F hosts_forward" >> $ACL_FILE

 hosts_forward=$(iptables -t filter --list | grep hosts_forward)
 if [ -z "$hosts_forward" ]; then
-	iptables -w -t filter -N hosts_forward
+	echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
-	[ $ret -eq 0 ] && iptables -w -t filter -I FORWARD -j hosts_forward
-	ip6tables -w -t filter -N hosts_forward
+	[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
+	echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
-	[ $ret -eq 0 ] && ip6tables -w -t filter -I FORWARD -j hosts_forward
+	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
 fi

 # Load /etc/config/hosts UCI file
 config_load hosts
-config_foreach process_ac_schedule ac_schedule
+config_foreach handle_access_control access_control
+
+# apply the rules
+sh $ACL_FILE
--- a/icwmp/Makefile
+++ b/icwmp/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=icwmp
-PKG_VERSION:=9.6.1
+PKG_VERSION:=9.7.3

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=601708dd0a2ca4fad5213e78cc456e0f355f45bc
+PKG_SOURCE_VERSION:=d1caec840201824b590a4aa98766d0aa94a409b0
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -48,6 +48,7 @@ define Package/icwmp/install
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
+	$(INSTALL_DIR) $(1)/etc/icwmpd/plugins
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/icwmpd $(1)/usr/sbin/icwmpd
 	$(INSTALL_DATA) ./files/etc/config/cwmp $(1)/etc/config/cwmp
 	$(INSTALL_BIN) ./files/etc/firewall.cwmp $(1)/etc/firewall.cwmp
@@ -58,8 +59,9 @@ define Package/icwmp/install
 	$(INSTALL_DATA) ./files/lib/upgrade/keep.d/icwmp $(1)/lib/upgrade/keep.d/icwmp
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt125.user
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user $(1)/etc/udhcpc.user.d/udhcpc_icwmp_opt43.user
-	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/CWMPManagementServer.json)
-	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/libcwmpdm.so)
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/icwmpd,$(PKG_BUILD_DIR)/libcwmpdm.so)
+	$(call BbfdmInstallPluginInMicroservice,$(1)/etc/icwmpd/plugins,./files/etc/bbfdm/json/CWMPManagementServer.json)
+	$(call BbfdmInstallMicroServiceInputFile,$(1),./files/etc/icwmpd/input.json)
 endef

 $(eval $(call BuildPackage,icwmp))
--- a/icwmp/files/etc/bbfdm/json/CWMPManagementServer.json
+++ b/icwmp/files/etc/bbfdm/json/CWMPManagementServer.json
@@ -1,8 +1,7 @@
 {
-	"json_plugin_version": 1,
+	"json_plugin_version": 2,
 	"Device.CWMPManagementServer.": {
 		"type": "object",
-		"version": "2.15",
 		"protocols": [
 			"usp"
 		],
@@ -11,7 +10,6 @@
 		"dependency": "file:/etc/config/cwmp",
 		"EnableCWMP": {
 			"type": "boolean",
-			"version": "2.15",
 			"read": true,
 			"write": true,
 			"protocols": [
--- a/icwmp/files/etc/config/cwmp
+++ b/icwmp/files/etc/config/cwmp
@@ -5,6 +5,7 @@ config acs 'acs'
 	option periodic_inform_interval '1800'
 	option periodic_inform_time '0001-01-01T00:00:00Z'
 	option dhcp_discovery 'enable'
+	option ssl_capath "/etc/ssl/certs"
 	# compression possible configs: GZIP, Deflate, Disabled
 	option compression 'Disabled'
 	# possible configs interval :[1:65535]
@@ -21,7 +22,7 @@ config cpe 'cpe'
 	option log_to_file 'disable'
 	# log_severity: INFO (Default)	
 	# log_severity possible configs: EMERG, ALERT, CRITIC ,ERROR, WARNING, NOTICE, INFO, DEBUG
-	option log_severity 'DEBUG'
+	option log_severity 'ERROR'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
 	option userid '' #$OUI-$SER
--- a/icwmp/files/etc/icwmpd/input.json
+++ b/icwmp/files/etc/icwmpd/input.json
@@ -0,0 +1,18 @@
+{
+	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
+		"input": {
+			"type": "DotSo",
+			"name": "/etc/icwmpd/libcwmpdm.so",
+			"plugin_dir": "/etc/icwmpd/plugins/"
+		},
+		"output": {
+			"type": "UBUS",
+			"parent_dm": "Device.",
+			"multiple_objects": [ "ManagementServer", "XMPP" , "CWMPManagementServer"],
+			"root_obj": "bbfdm"
+		}
+	}
+}
--- a/icwmp/files/etc/init.d/icwmpd
+++ b/icwmp/files/etc/init.d/icwmpd
@@ -9,38 +9,31 @@ PROG="/usr/sbin/icwmpd"

 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+
 include /lib/network

 log() {
 	echo "${@}"|logger -t cwmp.init -p info
 }

-regenerate_ssl_link()
-{
-	local cert_dir all_file rehash
+regenerate_ssl_link() {
+	local cert_dir="${1%/}"
+	[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0

-	cert_dir="${1}"
-	[ ! -d "${cert_dir}" ] && return 0;
-
-	### Generate all ssl link for pem certicates ###
-	all_file=$(ls "${cert_dir}"/*.pem 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-			[ -f "${cert_dir}"/"${rehash}".0 ] || \
-				ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
+	generate_links() {
+		local file_type="$1"
+		local files="${cert_dir}"/*."${file_type}"
+		for cfile in ${files}; do
+			if [ -f "${cfile}" ]; then
+				rehash="$(openssl x509 -hash -noout -in "${cfile}")"
+				[ -f "${cert_dir}/${rehash}.0" ] || \
+					ln -s "${cfile}" "${cert_dir}/${rehash}.0"
+			fi
 		done
-	fi
+	}

-	### Generate all ssl link for crt certicates ###
-	all_file=$(ls "${cert_dir}"/*.crt 2>/dev/null)
-	if [ -n "${all_file}" ]; then
-		for cfile in $all_file; do
-			rehash="$(openssl x509 -hash -noout -in "${cfile}")"
-			[ -f "${cert_dir}"/"${rehash}".0 ] || \
-				ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
-		done
-	fi
+	generate_links "pem"
+	generate_links "crt"
 }

 enable_dhcp_option43() {
@@ -458,11 +451,10 @@ validate_defaults() {

 	ssl_capath="${ssl_capath%/}"
 	# Put the cert pem file in keep list
-	if [ -d "${ssl_capath}" ]; then
+	if [ -d "${ssl_capath}" ] && [ "${ssl_capath}" != "/etc/ssl/certs" ]; then
 		if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then
 			echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp
 			echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp
-			echo "${ssl_capath}"'/*.0' >> /lib/upgrade/keep.d/icwmp
 		fi
 	fi

--- a/ieee1905/Makefile
+++ b/ieee1905/Makefile
@@ -1,16 +1,16 @@
 #
-# Copyright (C) 2020-2023 IOPSYS Software Solutions AB
+# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=ieee1905
-PKG_VERSION:=8.3.4
+PKG_VERSION:=8.3.9

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=526690993c93720ee1707bba6b7a08e8c28f2dd9
+PKG_SOURCE_VERSION:=00322a24b4f5bf0dff768db965200295f52e32d7
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -60,12 +60,12 @@ define Package/libieee1905/description
 endef

 plugins := \
-	$(if $(CONFIG_PACKAGE_map-plugin),map) \
-	$(if $(CONFIG_PACKAGE_snoop-plugin),snoop) \
-	$(if $(CONFIG_PACKAGE_topology-plugin),topology)
+	$(if $(CONFIG_PACKAGE_ieee1905-map-plugin),map) \
+	$(if $(CONFIG_PACKAGE_ieee1905-snoop-plugin),snoop) \
+	$(if $(CONFIG_PACKAGE_ieee1905-topology-plugin),topology)


-ppkg:=$(patsubst plugins/%.mk,%-plugin,$(wildcard plugins/*.mk))
+ppkg:=$(patsubst plugins/%.mk,ieee1905-%-plugin,$(wildcard plugins/*.mk))


 TARGET_CFLAGS += \
--- a/ieee1905/plugins/map.mk
+++ b/ieee1905/plugins/map.mk
@@ -1,12 +1,12 @@
-define Package/map-plugin
+define Package/ieee1905-map-plugin
  $(call Package/ieee1905/Default)
  TITLE:=Multi-AP plugin supporting WiFi-Alliance Easymesh standard
  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
 	   +libjson-c +libblobmsg-json +ieee1905 +libieee1905
 endef

-define Package/map-plugin/config
-	if (PACKAGE_map-plugin)
+define Package/ieee1905-map-plugin/config
+	if (PACKAGE_ieee1905-map-plugin)

 		menu "Configuration"

@@ -32,7 +32,7 @@ ifeq ($(CONFIG_MULTIAP_DYNAMIC_CNTLR_SYNC_CONFIG),y)
 TARGET_CFLAGS += -DDYNAMIC_CNTLR_SYNC_CONFIG
 endif

-define Build/InstallDev/map-plugin
+define Build/InstallDev/ieee1905-map-plugin
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/include
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
@@ -43,7 +43,7 @@ define Build/InstallDev/map-plugin
 	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/libmaputil.so $(1)/usr/lib/libmaputil.so
 endef

-define Package/map-plugin/install
+define Package/ieee1905-map-plugin/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
 	$(CP) $(PKG_BUILD_DIR)/src/extensions/map/libmaputil.so $(1)/usr/lib/libmaputil.so
--- a/ieee1905/plugins/snoop.mk
+++ b/ieee1905/plugins/snoop.mk
@@ -1,11 +1,11 @@
-define Package/snoop-plugin
+define Package/ieee1905-snoop-plugin
  $(call Package/ieee1905/Default)
  TITLE:=Show all received 1905 CMDUs over UBUS
  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
 	   +libjson-c +libblobmsg-json +ieee1905 +libieee1905
 endef

-define Package/snoop-plugin/install
+define Package/ieee1905-snoop-plugin/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
 	$(CP) $(PKG_BUILD_DIR)/src/extensions/snoop/snoop.so $(1)/usr/lib/ieee1905/snoop.so
--- a/ieee1905/plugins/topology.mk
+++ b/ieee1905/plugins/topology.mk
@@ -1,11 +1,11 @@
-define Package/topology-plugin
+define Package/ieee1905-topology-plugin
  $(call Package/ieee1905/Default)
  TITLE:=Build full network topology of the 1905 nodes only
  DEPENDS= +libubox +libuci +libubus +libeasy +libnl-genl \
 	   +libjson-c +libblobmsg-json +ieee1905 +libieee1905
 endef

-define Package/topology-plugin/install
+define Package/ieee1905-topology-plugin/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/lib/ieee1905
 	$(CP) $(PKG_BUILD_DIR)/src/extensions/topology/topology.so $(1)/usr/lib/ieee1905/topology.so
--- a/iop/config
+++ b/iop/config
@@ -71,7 +71,7 @@ CONFIG_PACKAGE_wifimngr=y
 # Multi-AP #
 CONFIG_PACKAGE_ieee1905=y
 CONFIG_IEEE1905_CMDU_SA_IS_ALMAC=y
-CONFIG_PACKAGE_topology-plugin=y
+CONFIG_PACKAGE_ieee1905-topology-plugin=y
 CONFIG_PACKAGE_decollector=y
 CONFIG_PACKAGE_map-agent=y
 CONFIG_PACKAGE_map-controller=y
@@ -142,7 +142,6 @@ CONFIG_PACKAGE_wwan=y
 CONFIG_PACKAGE_xl2tpd=y

 # Services #
-CONFIG_PACKAGE_atftp=y
 CONFIG_PACKAGE_atftpd=y
 CONFIG_PACKAGE_ddns-scripts=y
 CONFIG_PACKAGE_dnsmasq=y
--- a/iop/iop.completion
+++ b/iop/iop.completion
@@ -33,7 +33,8 @@ _iop()
    prev="${COMP_WORDS[COMP_CWORD-1]}"

    iopcmds="bootstrap cfe_upgrade cfe_upgrade_latest extract_core \
-             feeds_update genconfig generate_tarballs install_key \
+             feeds_update feeds_update-legacy genconfig genconfig-legacy \
+             generate_tarballs install_key \
             scp_changes setup_host ssh_install_key status \
             update_package update_feed_branches ssh_upgrade smoketest"

--- a/iop/scripts/feeds_update-legacy.sh
+++ b/iop/scripts/feeds_update-legacy.sh
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+function feeds_update-legacy {
+	heads=1
+	developer=0
+	override=1
+	force=1
+
+	function update_failure {
+		if [ $force == 1 ]; then
+			echo "WARNING: Failed to update feed(s). Forced update, proceeding anyway." >&2
+		else
+			echo "ERROR: Failed to update feed(s). Omit -F to proceed anyway." >&2
+			exit 1
+		fi
+	}
+
+	while getopts "inFh" opt; do
+		case $opt in
+		i)
+			heads=0
+			;;
+		n)
+			override=0
+			;;
+		F)
+			force=0
+			;;
+		h|\?)
+			echo "Usage: ./iop feeds_update-legacy  [-i] [-n] [-F] [-h]"
+			echo
+			echo "OPTIONS:"
+			echo "  -i - Only update index. Do not change HEAD in feeds."
+			echo "  -n - Do not replace core packages with iopsys versions."
+			echo "  -F - Do not force update if there are inaccessible feeds."
+			echo "  -h - Display this help message and exit."
+			exit 1
+			;;
+		esac
+	done
+
+	git remote -v | grep -qE '(git@|ssh://)' && developer=1
+
+	cp .config .genconfig_config_bak
+
+	if [ $heads == 1 ]; then
+		if [ $developer == 1 ]; then
+			./scripts/feeds update -g || update_failure
+		else
+			./scripts/feeds update || update_failure
+		fi
+	fi
+	./scripts/feeds update -ai || exit 1
+
+	# replace core packages with iopsys versions
+	if [ $override == 1 ]; then
+		./scripts/feeds install -f -p openwrt_core -a || exit 1
+		./scripts/feeds install -f -p qualcomm -a || exit 1
+	fi
+
+	(
+		echo '# DO NOT EDIT. Autogenerated file by ./iop feeds_update'
+		echo 'FEED_DEVICES_DIRS:='
+		find feeds -type f -name .is-feed-devices-dir -printf 'FEED_DEVICES_DIRS+=$(TOPDIR)/%h\n'
+	) > target/linux/feed-devices/feed-devices-list.mk || exit 1
+
+	# targets need to be installed explicitly
+	for target in $(ls ./feeds/targets); do
+		./scripts/feeds install -f -p targets $target || exit 1
+	done
+
+	# install all packages
+	./scripts/feeds install -a || exit 1
+
+	# remove broken symlinks ( for packages that are no longer in the feed )
+	find -L package/feeds -maxdepth 2 -type l -delete || exit 1
+
+	cp .genconfig_config_bak .config
+	make defconfig || exit 1
+
+	# record when we last run this script
+	touch tmp/.iop_bootstrap || exit 1
+
+	# always return true
+	exit 0
+}
+
+register_command "feeds_update-legacy" "Update feeds to point to commit hashes from feeds.conf - legacy mode"
--- a/iop/scripts/feeds_update.sh
+++ b/iop/scripts/feeds_update.sh
@@ -1,88 +1,9 @@
 #!/bin/bash

 function feeds_update {
-	heads=1
-	developer=0
-	override=1
-	force=1
-
-	function update_failure {
-		if [ $force == 1 ]; then
-			echo "WARNING: Failed to update feed(s). Forced update, proceeding anyway." >&2
-		else
-			echo "ERROR: Failed to update feed(s). Omit -F to proceed anyway." >&2
-			exit 1
-		fi
-	}
-
-	while getopts "inFh" opt; do
-		case $opt in
-		i)
-			heads=0
-			;;
-		n)
-			override=0
-			;;
-		F)
-			force=0
-			;;
-		h|\?)
-			echo "Usage: ./iop feeds_update [-i] [-n] [-F] [-h]"
-			echo
-			echo "OPTIONS:"
-			echo "  -i - Only update index. Do not change HEAD in feeds."
-			echo "  -n - Do not replace core packages with iopsys versions."
-			echo "  -F - Do not force update if there are inaccessible feeds."
-			echo "  -h - Display this help message and exit."
-			exit 1
-			;;
-		esac
-	done
-
-	git remote -v | grep -qE '(git@|ssh://)' && developer=1
-
-	cp .config .genconfig_config_bak
-
-	if [ $heads == 1 ]; then
-		if [ $developer == 1 ]; then
-			./scripts/feeds update -g || update_failure
-		else
-			./scripts/feeds update || update_failure
-		fi
-	fi
-	./scripts/feeds update -ai || exit 1
-
-	# replace core packages with iopsys versions
-	if [ $override == 1 ]; then
-		./scripts/feeds install -f -p openwrt_core -a || exit 1
-		./scripts/feeds install -f -p qualcomm -a || exit 1
-	fi
-
-	(
-		echo '# DO NOT EDIT. Autogenerated file by ./iop feeds_update'
-		echo 'FEED_DEVICES_DIRS:='
-		find feeds -type f -name .is-feed-devices-dir -printf 'FEED_DEVICES_DIRS+=$(TOPDIR)/%h\n'
-	) > target/linux/feed-devices/feed-devices-list.mk || exit 1
-
-	# targets need to be installed explicitly
-	for target in $(ls ./feeds/targets); do
-		./scripts/feeds install -f -p targets $target || exit 1
-	done
-
-	# install all packages
-	./scripts/feeds install -a || exit 1
-
-	# remove broken symlinks ( for packages that are no longer in the feed )
-	find -L package/feeds -maxdepth 2 -type l -delete || exit 1
-
-	cp .genconfig_config_bak .config
-	make defconfig || exit 1
-
-	# record when we last run this script
-	touch tmp/.iop_bootstrap || exit 1

 	# always return true
 	exit 0
 }

-register_command "feeds_update" "Update feeds to point to commit hashes from feeds.conf"
+register_command "feeds_update" "Compatibility function only"
--- a/iop/scripts/genconfig-legacy.sh
+++ b/iop/scripts/genconfig-legacy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash

-function genconfig {
+function genconfig-legacy {
 	export CLEAN=0
 	export DIRTY="--dirty"
 	export IMPORT=1
@@ -196,7 +196,7 @@ function genconfig {

 	usage() {
 		echo
-		echo 1>&2 "Usage: $0 [ OPTIONS ] < Board_Type > [ Customer [customer2 ]...]"
+		echo 1>&2 "Usage: $0 genconfig-legacy [ OPTIONS ] < Board_Type > [ Customer [customer2 ]...]"
 		echo
 		echo -e "  -c|--clean\t\tRemove all files under ./files and import from config "
 		echo -e "  -D|--no-dirty\t\tIgnore dirty tree"
@@ -210,7 +210,7 @@ function genconfig {
 		echo -e "  -a|--list-all\t\tList all Customers and their board types"
 		echo -e "  -b|--boards\t\tList all board types"
 		echo
-		echo "Example ./iop genconfig eg400 OPERATORX"
+		echo "Example ./iop genconfig-legacy eg400 OPERATORX"
 		echo "(if no customerconfig is chosen, iopsys config will be used)"
 		echo
 		exit 0
@@ -496,7 +496,7 @@ function genconfig {
 	if [ $# -eq 0 ]; then
 		echo Current profile:
 		cat $CURRENT_CONFIG_FILE
-		echo "Try ./iop genconfig -h' to get instructions if you want to change current config"
+		echo "Try ./iop genconfig-legacy -h' to get instructions if you want to change current config"
 		exit 0
 	else
 		while [ -n "$1" ]; do
@@ -532,4 +532,4 @@ function genconfig {
 	fi
 }

-register_command "genconfig" "Generate configuration for board and customer"
+register_command "genconfig-legacy" "Generate configuration for board and customer - legacy mode"
--- a/iop/scripts/genconfig_min-legacy.sh
+++ b/iop/scripts/genconfig_min-legacy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash

-function genconfig_min {
+function genconfig_min-legacy {
 	export CLEAN=0
 	export DIRTY="--dirty"
 	export SRCTREEOVERR=0
@@ -195,7 +195,7 @@ function genconfig_min {

 	usage() {
 		echo
-		echo 1>&2 "Usage: $0 [ OPTIONS ] < Board_Type > [ Customer [customer2 ]...]"
+		echo 1>&2 "Usage: $0 genconfig_min-legacy [ OPTIONS ] < Board_Type > [ Customer [customer2 ]...]"
 		echo
 		echo -e "  -c|--clean\t\tRemove all files under ./files and import from config "
 		echo -e "  -D|--no-dirty\t\tIgnore dirty tree"
@@ -209,7 +209,7 @@ function genconfig_min {
 		echo -e "  -a|--list-all\t\tList all Customers and their board types"
 		echo -e "  -b|--boards\t\tList all board types"
 		echo
-		echo "Example ./iop genconfig eg400 OPERATORX"
+		echo "Example ./iop genconfig_min-legacy eg400 OPERATORX"
 		echo "(if no customerconfig is chosen, iopsys config will be used)"
 		echo
 		exit 0
@@ -464,7 +464,7 @@ function genconfig_min {
 	if [ $# -eq 0 ]; then
 		echo Current profile:
 		cat $CURRENT_CONFIG_FILE
-		echo "Try ./iop genconfig -h' to get instructions if you want to change current config"
+		echo "Try ./iop genconfig_min-legacy -h' to get instructions if you want to change current config"
 		exit 0
 	else
 		while [ -n "$1" ]; do
@@ -500,4 +500,4 @@ function genconfig_min {
 	fi
 }

-register_command "genconfig_min" "Generate configuration for customer with manual board configuration"
+register_command "genconfig_min-legacy" "Generate configuration for customer with manual board configuration - legacy mode"
--- a/iop/scripts/genconfig_wrap.sh
+++ b/iop/scripts/genconfig_wrap.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Function to convert parameters to lowercase
+function to_lowercase {
+    local params=()
+    for param in "$@"; do
+        params+=("$(tr '[:upper:]' '[:lower:]' <<< "$param")")
+    done
+    echo "${params[@]}"
+}
+
+function genconfig {
+    target_script="./scripts/gen_config.py"
+
+    # First convert all to lowercase
+    args=$(to_lowercase "$@")
+
+    # Check if an option is provided
+    if [[ ${args[0]} == -* ]]; then
+      # Convert options for target script
+      if [[ ${args[0]}  == "-b" || ${args[0]}  == "--boards" ]]; then
+        args=("--list")
+      fi
+    fi
+
+    ${target_script} ${args[@]}
+}
+
+register_command "genconfig" "Generate configuration for board and customer"
--- a/iop/scripts/update_package.sh
+++ b/iop/scripts/update_package.sh
@@ -1,646 +1,7 @@
-#!/bin/bash
-
-print_git_update()
-{
-    echo "pkg -> ${PKG_NAME}"
-    echo "	PKG_BUILD_DIR	=	${PKG_BUILD_DIR}"
-    echo "	PKG_DIR		=	${PKG_DIR}"
-    echo "	PKG_SOURCE	=	${PKG_SOURCE}"
-    echo "	PKG_NAME	=	${PKG_NAME}"
-    echo "	PKG_SOURCE_URL	=	${PKG_SOURCE_URL}"
-    echo "	PKG_SOURCE_PROTO=	${PKG_SOURCE_PROTO}"
-    echo "	PKG_SOURCE_VERSION=	${PKG_SOURCE_VERSION}"
-    echo "	PKG_SOURCE	=	${PKG_SOURCE}"
-    echo "	PKG_SOURCE_VERSION_FILE=${PKG_SOURCE_VERSION_FILE}"
+update_package() {
+	echo "update_package is no longer supported." >&2
+	echo "Its replacement is ./iop set-feed-rev." >&2
+	return 1
 }

-is_git_same()
-{
-    git_last=$(cd ${PKG_BUILD_DIR}; git rev-parse HEAD)
-    #echo "$PKG_NAME $git_last = ${PKG_SOURCE_VERSION}"
-    if [ "$git_last" == "${PKG_SOURCE_VERSION}" ]
-    then
-	return 0
-    fi
-    return 1
-}
-
-update_this_pkg()
-{
-    mk_hash=$(get_makefile_hash)
-
-    if [ "$mk_hash" != "${PKG_SOURCE_VERSION}" ]
-    then
-	echo "${PKG_NAME}:"
-	echo "	build dir     = ${PKG_BUILD_DIR}"
-	echo "	feed makefile = ${mk_hash}"
-	echo "	stale hash    = ${PKG_SOURCE_VERSION}"
-	echo "	build git     = $(cd ${PKG_BUILD_DIR}; git rev-parse HEAD)"
-	echo "	Git hash in package makefile and the git hash recorded from last compile of"
-	echo "	package is different. You probably want to recompile the package"
-	echo "	to get an up to date version in ${PKG_BUILD_DIR}/.git_update"
-	echo ""
-
-	echo -n "	Should we continue with the update anyway? [y/N]:"
-	read answer
-	echo ""
-
-	case $answer in
-	    y|Y)
-		;;
-	    n|N|*)
-		return 1;;
-	esac
-    fi
-
-    echo "${PKG_NAME}:"
-    echo "	build dir     = ${PKG_BUILD_DIR}"
-    echo "	pkg dir       = ${PKG_DIR}"
-    echo "	feed makefile = ${PKG_SOURCE_VERSION}"
-    echo "	build git     = $(cd ${PKG_BUILD_DIR}; git rev-parse HEAD)"
-    echo "	package is at a different git commit in build compared to feed"
-    echo -n "	Should we update the feed and top project to reflect the new version ? [y/N]:"
-    read answer
-    echo ""
-
-    case $answer in
-	y|Y)
-	    return 0;;
-	*)
-	    echo ""
-	    return 1;;
-    esac
-}
-
-get_makefile_hash()
-{
-    if [ -n "$PKG_SOURCE_VERSION_FILE" ]
-    then
-	name="$PKG_SOURCE_VERSION_FILE"
-    else
-	name=Makefile
-    fi
-    grep "PKG_SOURCE_VERSION:=" ${PKG_DIR}/${name} | sed -e "s/\(^PKG_SOURCE_VERSION:=\)\(.*\)/\2/"
-}
-
-insert_hash_in_feed_makefile()
-{
-    if [ -n "$PKG_SOURCE_VERSION_FILE" ]
-    then
-	name="$PKG_SOURCE_VERSION_FILE"
-    else
-	name=Makefile
-    fi
-
-    git_last=$(cd ${PKG_BUILD_DIR}; git rev-parse HEAD)
-
-    sed -i -e "s/\(^PKG_SOURCE_VERSION:=\).*/\1${git_last}/" ${PKG_DIR}/${name}
-    (cd ${PKG_DIR}; git add ${name})
-}
-
-insert_version_in_feed_makefile()
-{
-    if [ -n "$PKG_SOURCE_VERSION_FILE" ]
-    then
-	name="$PKG_SOURCE_VERSION_FILE"
-    else
-	name=Makefile
-    fi
-
-    last_version=$(awk -F '=' '/PKG_VERSION:=/ {print $2}' ${PKG_DIR}/${name})
-
-	echo -n "please enter version: "
-	read -ei "$last_version" answer
-
-	if [ -z ${answer} ]; then
-		return
-	fi
-
-    sed -i -e "s/\(^PKG_VERSION:=\).*/\1${answer}/" ${PKG_DIR}/${name}
-    (cd ${PKG_DIR}; git add ${name})
-}
-
-
-# BUG: fix if only local branche name!
-branch_uptodate()
-{
-    # $1 git repo
-    # $2 if it exist dont abort do the pull
-    (cd $1
-     git remote update 2>&1 >/dev/null
-
-     LOCAL=$(git rev-parse @)
-     REMOTE=$(git rev-parse @{u})
-     BASE=$(git merge-base @ @{u})
-
-     if [ -z "$REMOTE" ]; then
-	 BRANCH=$(basename $(git symbolic-ref -q HEAD))
-	 echo "You need to setup a tracking branch for $BRANCH"
-	 exit 99
-     fi
-
-     if [ $LOCAL = $REMOTE ]; then
-	 return
-     elif [ $LOCAL = $BASE ]; then
-	 if [ -n "$2" ]
-	 then
-	     echo "Doing automatic pull on [ $1 ]"
-	     if git pull
-	     then
-		 return
-	     else
-		 echo "Something wrong with pull. aborting, repo at"
-		 echo "    [ $1 ]"
-		 exit 99
-	     fi
-	 else
-	     echo "Local repo behind remote:"
-	     echo "do git pull at repo"
-	     echo "    [ $1 ]"
-	     exit 99
-	 fi
-     elif [ $REMOTE = $BASE ]; then
-	 echo "Local repo ahead of remote. A push is needed"
-	 echo "Repo is at: $1"
-	 echo ""
-	 echo -n "Should we try a push ? [Y/n]:"
-	 read answer
-	 echo ""
-
-	 case $answer in
-	     n|N|q|Q)
-		 exit 99;;
-	     *)
-		 echo -e "${Yellow}"
-		 if ! git push origin HEAD
-		 then
-		     echo -e "${Color_Off}"
-		     exit 99
-		 fi
-		 echo -e "${Color_Off}Push done."
-		 ;;
-	 esac
-
-     else
-	 echo "Diverged. not sure what you did but there is no tracking branch. "
-	 echo "repo at [ $1 ]. fix it so that there is a tracking branch remote."
-	 echo "Often this is related to somebody having commited to the same branch"
-	 echo "on the server so a simple push wont work, try a 'git rebase'."
-	 exit 99
-     fi
-    )
-}
-
-on_a_branch()
-{
-    local repo=$1
-    local type=$2
-    (
-	cd $repo
-	name=$(git symbolic-ref -q HEAD)
-	if [ -z "$name" ]
-	then
-	    echo "git $type repo [ $repo ] is detached."
-
-	    branches=($(git branch -r --contains $(git rev-parse HEAD)))
-	    if [ 0 == ${#branches[@]} ]
-	    then
-		echo "It needs to be on a branch but git could not find any associated branch"
-		echo ""
-		echo "you need to make sure that the commit is not on a detached branch"
-		echo "and that the branch exist in the remote repo also. it can not be a local name"
-		echo "as it is about to get pushed so it can be part of system release"
-		exit 99
-	    fi
-
-	    echo "It needs to be on a branch. Please select one or quit if it is not in list."
-	    echo ""
-
-	    i=0
-	    for branch in ${branches[*]}
-	    do
-		echo "$i: $branch"
-		i=$((i + 1))
-	    done
-
-	    echo ""
-	    echo -n "Select what branch to checkout. Q/q or N/n to quit? "
-	    read answer
-
-	    case $answer in
-		q|Q|n|N)
-		    echo "Aborting!"
-		    exit 99;;
-	    esac
-
-	    echo -e "${Yellow}"
-	    pwd
-	    echo "git checkout ${branches[$answer]}"
-	    if ! git checkout -t ${branches[$answer]}
-	    then
-		local_branch=$(basename ${branches[$answer]})
-		if ! git checkout ${local_branch}
-		then
-		    echo -e "${Color_Off}"
-		    echo "update_git aborting! something was wrong changing to branch ${branches[$answer]}"
-		    echo "go to [ $repo ] and fix it."
-		    exit 99
-		fi
-	    fi
-	    echo -e "${Color_Off}"
-	fi
-    )
-}
-
-git_repos_uptodate()
-{
-    on_a_branch ${PKG_BUILD_DIR} package
-    on_a_branch ${PKG_DIR} feed
-    on_a_branch ${PWD} top
-    branch_uptodate ${PKG_BUILD_DIR}
-    branch_uptodate ${PKG_DIR} do_pull
-    branch_uptodate ${PWD} do_pull
-}
-
-get_feed_name()
-{
-
-    echo $1 |sed  -e "s|.*feeds/\([^/]*\).*|\1|"
-
-    # rest=$(dirname $1)
-    # base=$(basename $1)
-    # prev=$base
-
-    # while [ -n "$rest" ]
-    # do
-    # 	if [ "$base" == "feeds" ]
-    # 	then
-    # 	    echo "$prev"
-    # 	fi
-    # done
-}
-
-create_message()
-{
-    FORMAT="commit %H%n\
-Author: %aN <%aE>%n\
-Date: %ai%n\
-%n\
-%w(80,4,4)%s%n
-%b%n\
-%w()Base directory -> ${repo_PATH}/"
-    local FROM=${PKG_SOURCE_VERSION}
-    local TO=$(cd ${PKG_BUILD_DIR}; git rev-parse HEAD)
-
-    local commits=$(cd ${PKG_BUILD_DIR};git rev-list ${FROM}..${TO})
-
-    local feed=$(get_feed_name ${PKG_DIR})
-
-    echo "Update feed [ $feed ] package [ $PKG_NAME ]"
-    echo ""
-    echo "-------------------------------------------------------------------------------"
-    (cd ${PKG_BUILD_DIR}; git log --graph --oneline ${FROM}..${TO})
-    echo "-------------------------------------------------------------------------------"
-
-    for commit in $commits
-    do
-	(cd ${PKG_BUILD_DIR}; git show --stat --pretty=format:"$FORMAT"  $commit)
-	echo "-------------------------------------------------------------------------------"
-    done
-}
-
-edit_file()
-{
-    echo -en "${Red}"
-    echo "Here is the commit message we are going to use!"
-    echo "-------------------------------------------------------------------------------"
-    echo -en "${Color_Off}"
-    cat $1
-    echo -en "${Red}"
-    echo "-------------------------------------------------------------------------------"
-    echo -en "${Color_Off}"
-
-    echo -n "Do you want to edit the message [y/N]? "
-    read answer
-
-    case $answer in
-	y|Y)
-	       $EDITOR $1;;
-    esac
-}
-
-
-commit_feed()
-{
-    template=$(readlink -f $1)
-    edit_file $template
-
-    echo -e "${Yellow}"
-    (
-	cd ${PKG_DIR}
-	if git commit -F $template
-	then
-	    if git push origin HEAD
-	    then
-		echo -e "${Color_Off} Feed Updated!"
-		return
-	    else
-		echo -e "${Color_Off}"
-		echo "something wrong push feed git ${PKG_DIR}"
-		exit 99
-	    fi
-	else
-	    echo -e "${Color_Off}"
-	    echo "something wrong committing to feed git ${PKG_DIR}"
-	    exit 99
-	fi
-    )
-}
-
-commit_feeds_config()
-{
-    template=$(readlink -f $1)
-    edit_file $template
-
-    echo -e "${Yellow}"
-    if git commit -F $template
-    then
-	if git push origin HEAD
-	then
-	    echo -e "${Color_Off}Feeds.conf updated!"
-	    return
-	else
-	    echo -e "${Color_Off}"
-	    echo "something wrong push change to feeds.conf"
-	    echo "try \"git remote update ; git stash ;git rebase; git push;git stash pop\""
-	    exit 99
-	fi
-    else
-	echo -e "${Color_Off}"
-	echo "something wrong committing to feed git"
-	exit 99
-    fi
-}
-
-insert_hash_in_feeds_config()
-{
-    local feed=$(get_feed_name ${PKG_DIR})
-    local TO=$(cd ${PKG_DIR}; git rev-parse HEAD)
-
-    sed -i feeds.conf -e "/ ${feed} / s/\(.*\)[;^].*/\1^${TO}/"
-    git add feeds.conf
-}
-
-check_packages()
-{
-    echo -e "${Green}_______________________________________________________________________________${Color_Off}"
-    echo "Now checking if any changes have been done to the packages."
-    echo -e "${Green}_______________________________________________________________________________${Color_Off}"
-
-    # only scan in the build directory that is currently in use.
-    CPU=$(grep  "CONFIG_CPU_TYPE=" .config| cut -f2 -d\")
-    LIBC=$(grep "CONFIG_LIBC=" .config| cut -f2 -d\")
-    
-    # First scan all files in build dir for packages that have .git directories.
-    all_pkgs=$(find build_dir/*${CPU}*${LIBC}* -name ".git")
-    
-    for pkg in `echo "$all_pkgs"`
-    do
-	pkg=$(dirname $pkg)
-
-	# check if the git in build is at same commit id as the feed makefile points out
-	if [ -e ${pkg}/.git_update ]
-	then
-	    source ${pkg}/.git_update
-	fi
-
-#	print_git_update
-
-	if [ -n "${PKG_NAME}" ]
-	then
-	    if ! is_git_same
-	    then
-		if update_this_pkg
-		then
-		    #  print_git_update
-		    git_repos_uptodate
-		    insert_hash_in_feed_makefile
-		    [ ${UPDATE} -eq 1 ] && insert_version_in_feed_makefile
-		    create_message >tmp/msg
-		    commit_feed tmp/msg
-		    insert_hash_in_feeds_config
-		    commit_feeds_config tmp/msg
-		fi
-	    fi
-	fi
-    done
-}
-
-# now handle the target git. we have only one
-
-
-feeds_hash()
-{
-    grep -v "^#" feeds.conf | grep " $1 " | grep "\^" | sed -e "s/.*[;^]\(.*\)/\1/"
-}
-
-insert_feed_hash_in_feeds_config()
-{
-    local feed=$1
-    local TO=$(cd feeds/${feed}; git rev-parse HEAD)
-
-    sed -i feeds.conf -e "/ ${feed} / s/\(.*\)[;^].*/\1^${TO}/"
-    git add feeds.conf
-}
-
-create_feed_message()
-{
-    local feed=$1
-    local FROM=$2
-    local TO=$3
-
-    local FORMAT="commit %H%n\
-Author: %aN <%aE>%n\
-Date: %ai%n\
-%n\
-%w(80,4,4)%s%n
-%b%n\
-%w()Base directory -> feeds/$feed/"
-
-
-    local commits=$(cd feeds/$feed;git rev-list ${FROM}..${TO})
-
-    echo "Update feed [ $feed ]"
-    echo ""
-    echo "-------------------------------------------------------------------------------"
-    (cd feeds/$feed; git log --graph --oneline ${FROM}..${TO})
-    echo "-------------------------------------------------------------------------------"
-
-    for commit in $commits
-    do
-	(cd feeds/$feed; git show --stat --pretty=format:"$FORMAT"  $commit)
-	echo "-------------------------------------------------------------------------------"
-    done
-}
-
-
-
-
-check_feeds()
-{
-    echo -e "${Green}_______________________________________________________________________________${Color_Off}"
-    echo "Now checking if any changes have been done to the feeds."
-    echo -e "${Green}_______________________________________________________________________________${Color_Off}"
-
-    feeds="$1"
-    [ -n "$feeds" ] || feeds=$(grep -v "^#" feeds.conf| awk '{print $2}')
-    for feed in `echo $feeds`
-    do
-		feed_hash=$(feeds_hash $feed)
-		[ -n "$feed_hash" ] || continue
-		if [ -d feeds/$feed ]; then
-			in_git=$(cd feeds/$feed; git rev-parse HEAD)
-
-			if [ "$feed_hash" != "$in_git" ]
-			then
-
-				name=$(cd feeds/$feed;git symbolic-ref -q HEAD)
-				if [ -z "$name" ]
-				then
-					echo "Feed feeds/${feed} is at a git commit which is different from feeds.conf"
-					#echo "git id from feeds.conf [$feed_hash] git id from feeds/${feed} [$in_git]"
-					on_a_branch feeds/${feed} feed
-
-					#redo the test here and see if the feeds.conf and git is still different.
-					in_git=$(cd feeds/$feed; git rev-parse HEAD)
-					if [ "$feed_hash" = "$in_git" ]
-					then
-						continue
-					fi
-				fi
-
-				LOCAL=$(cd feeds/$feed;git rev-parse @)
-				REMOTE=$(cd feeds/$feed;git rev-parse @{u})
-				BASE=$(cd feeds/$feed;git merge-base @ @{u})
-
-				# if we are behind the remote automatically do a pull
-				if [ $LOCAL = $BASE ]; then
-					(cd feeds/$feed ; git pull 1>/dev/null)
-
-					#redo the test here and see if the feeds.conf and git is still different.
-					in_git=$(cd feeds/$feed; git rev-parse HEAD)
-					if [ "$feed_hash" = "$in_git" ]
-					then
-						continue
-					fi
-				fi
-
-				echo "Feed feeds/${feed} is at different commit than what is in feeds.conf"
-				#echo "git id from feeds.conf [$feed_hash] git id from feeds/${feed} [$in_git]"
-				echo -n "Should we update feeds.conf to reflect the new version ? [y/N]:"
-				read answer
-
-				case $answer in
-					n|N|'')
-						continue;;
-				esac
-				branch_uptodate feeds/${feed}
-				create_feed_message ${feed} $feed_hash $in_git  >tmp/msg
-				insert_feed_hash_in_feeds_config ${feed}
-				commit_feeds_config tmp/msg
-			fi
-		fi
-    done
-}
-
-is_local_and_remote_same()
-{
-    git remote update 2>/dev/null 1>/dev/null
-    LOCAL=$(git rev-parse @)
-    REMOTE=$(git rev-parse @{u})
-
-    if [ $LOCAL = $REMOTE ]
-    then
-	return
-    fi
-
-    local_name=$(git rev-parse --abbrev-ref @ )
-    remote_name=$(git rev-parse --abbrev-ref @{u} )
-    
-    echo "Top repo local branch \"$local_name\" is not at same point as remote \"$remote_name\""
-    echo "This update script will update the feeds.conf file and for that to work it needs to"
-    echo "be up to date with the remote."
-    echo ""
-    echo "please run:"
-    echo "  git pull"
-    echo "  ./iop feeds_update"
-    echo ""
-    echo "do not forget the bootstrap. but do not run make it can delete your package in build"
-    exit 0
-}
-
-usage(){
-	echo -e "$0 [flags]"
-	echo -e "flags:"
-	echo -e "  -f\tFeed to update"
-	echo -e "  -h\tShow this help"
-	echo -e "  -u\tUpdate package version\n"
-}
-
-# Exported interface
-function update_package {
-
-    UPDATE=0
-
-    Color_Off='\033[0m'       # Text Reset
-
-    # Regular Colors
-    Black='\033[0;30m'        # Black
-    Red='\033[0;31m'          # Red
-    Green='\033[0;32m'        # Green
-    Yellow='\033[0;33m'       # Yellow
-    Blue='\033[0;34m'         # Blue
-    Purple='\033[0;35m'       # Purple
-    Cyan='\033[0;36m'         # Cyan
-    White='\033[0;37m'        # White
-
-    while getopts "f:hu" opt; do
-	case $opt in
-	    f)
-		feed=$OPTARG
-		;;
-	    h)
-		usage
-		exit 1
-		;;
-	    u)
-		UPDATE=1
-		;;
-	    \?)
-		echo "Invalid option: -$OPTARG" >&2
-		exit 1
-		;;
-	esac
-    done
-
-    if [ -z "$EDITOR" ]
-    then
-	if [ -f /usr/bin/vi ]; then
-	    EDITOR=vi
-	else
-	    echo "env variable EDITOR needs to be set"
-	    exit 1
-	fi
-    fi
-
-
-    # allow subshells to abort the whole program by exiting with "exit 99"
-    set -E
-    trap '[ "$?" -ne 99 ] || exit 99' ERR
-
-    is_local_and_remote_same
-    [ -n "$feed" ] || check_packages
-    check_feeds $feed
-}
-
-register_command "update_package" "Publish changes to packages and feeds"
+register_command "update_package" "No longer used command"
--- a/iopsys-analytics/Makefile
+++ b/iopsys-analytics/Makefile
@@ -0,0 +1,50 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=iopsys-analytics
+PKG_RELEASE:=$(COMMITCOUNT)
+PKG_LICENSE:=PROPRIETARY
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=88dd7997ed78b1ab02c2904ed90518c46a8fa26b
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/iopsys-analytics.git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=skip
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/$(PKG_NAME)
+  CATEGORY:=Utilities
+  TITLE:=Analytics tweaks for IOPSYS CI/CD purposes
+
+  # setting core dump limit
+  DEPENDS+=                                             \
+    +prlimit                                            \
+  # monitoring
+  DEPENDS+=                                             \
+    +collectd                                           \
+    +collectd-mod-cpu                                   \
+    +collectd-mod-exec                                  \
+    +collectd-mod-load                                  \
+    +collectd-mod-memory                                \
+    +collectd-mod-network                               \
+    +collectd-mod-processes                             \
+    +collectd-mod-write-http                            \
+    +@PACKAGE_COLLECTD_ENCRYPTED_NETWORK                \
+  # remote syslog
+  DEPENDS+=                                             \
+    +syslog-ng                                          \
+    +@SYSLOGNG_LOGROTATE                                \
+
+endef
+
+define Package/$(PKG_NAME)/description
+        Analytics tweaks for IOPSYS internal CI/CD purposes
+        e.g. syslog, system health, coredumps...
+endef
+
+Build/Compile=
+
+define Package/$(PKG_NAME)/install
+	$(CP) -r $(PKG_BUILD_DIR)/files/*  $(1)/
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
--- a/ipt-trigger/Makefile
+++ b/ipt-trigger/Makefile
@@ -0,0 +1,62 @@
+#
+# Copyright (C) 2024 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ipt-trigger
+PKG_VERSION:=1.0.0
+PKG_LICENSE:=GPL-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define KernelPackage/ipt-trigger
+  SUBMENU:=Other modules
+  TITLE:=Kernel module for iptables port trigger
+  FILES:=$(PKG_BUILD_DIR)/ipv4/ipt_TRIGGER.ko
+  DEPENDS+=+kmod-nf-nat +xtables-legacy
+  AUTOLOAD:=$(call AutoLoad,30,ipt_TRIGGER,1)
+  KCONFIG:=
+endef
+
+define KernelPackage/ip6t-trigger
+  SUBMENU:=Other modules
+  TITLE:=Kernel module for ip6tables port trigger
+  DEPENDS+=+kmod-nf-nat +xtables-legacy
+  FILES:=$(PKG_BUILD_DIR)/ipv6/ip6t_TRIGGER.ko
+  AUTOLOAD:=$(call AutoLoad,30,ip6t_TRIGGER,1)
+  KCONFIG:=
+endef
+
+define KernelPackage/ipt-trigger/description
+	Kernel module to enable port trigger for iptables
+endef
+
+define KernelPackage/ip6t-trigger/description
+	Kernel module to enable port trigger for ip6tables
+endef
+
+ifeq ($(CONFIG_TARGET_brcmbca),y)
+	include ../../broadcom/bcmkernel/bcm-kernel-toolchain.mk
+endif
+
+define Build/Prepare
+	$(CP) -rf ./src/* $(PKG_BUILD_DIR)/
+	$(CP) $(PKG_BUILD_DIR)/ipt_TRIGGER.h $(LINUX_DIR)/include/linux/netfilter_ipv4/
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/include/linux/netfilter_ipv4
+	$(CP) $(PKG_BUILD_DIR)/ipt_TRIGGER.h $(1)/include/linux/netfilter_ipv4/
+endef
+
+KERNEL_MAKE_FLAGS += -I$(LINUX_DIR)/include
+
+define Build/Compile
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/ipv4/" modules
+	$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/ipv6/" modules
+endef
+
+$(eval $(call KernelPackage,ipt-trigger))
+$(eval $(call KernelPackage,ip6t-trigger))
--- a/ipt-trigger/src/ipt_TRIGGER.h
+++ b/ipt-trigger/src/ipt_TRIGGER.h
@@ -0,0 +1,26 @@
+#ifndef _IPT_TRIGGER_H_target
+#define _IPT_TRIGGER_H_target
+
+#define TRIGGER_TIMEOUT 600	/* 600 secs */
+
+enum ipt_trigger_type
+{
+	IPT_TRIGGER_DNAT = 1,
+	IPT_TRIGGER_IN = 2,
+	IPT_TRIGGER_OUT = 3,
+	IPT_TRIGGER_REFRESH = 4
+};
+
+struct ipt_trigger_ports {
+	u_int16_t mport[2];	/* Related destination port range */
+	u_int16_t rport[2];	/* Port range to map related destination port range to */
+};
+
+struct ipt_trigger_info {
+	enum ipt_trigger_type type;
+	u_int16_t proto;		/* Related protocol */
+	u_int16_t trigger_timeout;	/* Auto disable duration */
+	struct ipt_trigger_ports ports;
+};
+
+#endif /*_IPT_TRIGGER_H_target*/
--- a/ipt-trigger/src/ipv4/Makefile
+++ b/ipt-trigger/src/ipv4/Makefile
@@ -0,0 +1 @@
+obj-m +=ipt_TRIGGER.o
--- a/ipt-trigger/src/ipv4/ipt_TRIGGER.c
+++ b/ipt-trigger/src/ipv4/ipt_TRIGGER.c
@@ -0,0 +1,407 @@
+/* Kernel module to match the port-ranges, trigger related port-ranges,
+ * and alters the destination to a local IP address.
+ *
+ * Copyright (C) 2003, CyberTAN Corporation
+ * All Rights Reserved.
+ *
+ * Description:
+ *   This is kernel module for port-triggering.
+ *
+ *   The module follows the Netfilter framework, called extended packet
+ *   matching modules.
+ */
+
+#include <linux/types.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/timer.h>
+#include <linux/module.h>
+#include <linux/netfilter.h>
+#include <linux/netdevice.h>
+#include <linux/if.h>
+#include <linux/inetdevice.h>
+#include <linux/list.h>
+#include <net/protocol.h>
+#include <net/checksum.h>
+#include <linux/spinlock.h>
+
+#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter_ipv4/ipt_TRIGGER.h>
+
+/* This rwlock protects the main hash table, protocol/helper/expected
+ *    registrations, conntrack timers*/
+
+
+static DEFINE_SPINLOCK(nf_trigger_lock);
+
+
+
+#define NF_IP_PRE_ROUTING	0
+#define NF_IP_FORWARD		2
+#define IPT_CONTINUE XT_CONTINUE
+
+
+
+/***********************lock help**********************/
+#define MUST_BE_READ_LOCKED(l)
+#define MUST_BE_WRITE_LOCKED(l)
+
+
+#define LOCK_BH(l) spin_lock_bh(l)
+#define UNLOCK_BH(l) spin_unlock_bh(l)
+
+#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&nf_trigger_lock)
+#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&nf_trigger_lock)
+
+
+
+
+/***********************list help**********************/
+#define LIST_FIND(head, cmpfn, type, args...)           \
+({                                                      \
+        const struct list_head *__i, *__j = NULL;       \
+                                                        \
+        ASSERT_READ_LOCK(head);                         \
+        list_for_each(__i, (head))                      \
+                if (cmpfn((const type)__i , ## args)) { \
+                        __j = __i;                      \
+                        break;                          \
+                }                                       \
+        (type)__j;                                      \
+})
+
+static inline int
+__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
+
+static inline void
+list_prepend(struct list_head *head, void *new)
+{
+	ASSERT_WRITE_LOCK(head);
+	list_add(new, head);
+}
+
+#define list_named_find(head, name)                     \
+LIST_FIND(head, __list_cmp_name, void *, name)
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
+MODULE_DESCRIPTION("iptables trigger target module");
+
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+struct ipt_trigger {
+        struct list_head list;          /* Trigger list */
+        struct timer_list timeout;      /* Timer for list destroying */
+        u_int32_t srcip;                /* Outgoing source address */
+        u_int32_t dstip;                /* Outgoing destination address */
+        u_int16_t mproto;               /* Trigger protocol */
+        u_int16_t rproto;               /* Related protocol */
+        u_int16_t trigger_timeout;      /* Auto disable duration */
+        struct ipt_trigger_ports ports; /* Trigger and related ports */
+        u_int8_t reply;                 /* Confirm a reply connection */
+};
+
+LIST_HEAD(ipt_trigger_list);
+
+static void trigger_refresh(struct ipt_trigger *trig, unsigned long extra_jiffies)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	LOCK_BH(&nf_trigger_lock);
+	/* Need del_timer for race avoidance (may already be dying). */
+	if (del_timer(&trig->timeout)) {
+		trig->timeout.expires = jiffies + extra_jiffies;
+		add_timer(&trig->timeout);
+	}
+
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static void __del_trigger(struct ipt_trigger *trig)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	MUST_BE_WRITE_LOCKED(&nf_trigger_lock);
+
+	/* delete from 'ipt_trigger_list' */
+	list_del(&trig->list);
+	kfree(trig);
+}
+
+static void trigger_timeout(struct timer_list *t)
+{
+	struct ipt_trigger *trig = from_timer(trig, t, timeout);
+
+	DEBUGP("trigger list %p timed out\n", trig);
+	LOCK_BH(&nf_trigger_lock);
+	__del_trigger(trig);
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static unsigned int
+add_new_trigger(struct ipt_trigger *trig)
+{
+	struct ipt_trigger *new = NULL;
+
+	DEBUGP("!!!!!!!!!!!! %s !!!!!!!!!!!\n", __FUNCTION__);
+
+	LOCK_BH(&nf_trigger_lock);
+	new = (struct ipt_trigger *)
+		kmalloc(sizeof(struct ipt_trigger), GFP_ATOMIC);
+
+	if (!new) {
+		UNLOCK_BH(&nf_trigger_lock);
+		DEBUGP("%s: OOM allocating trigger list\n", __FUNCTION__);
+		return -ENOMEM;
+	}
+
+	memset(new, 0, sizeof(*trig));
+	INIT_LIST_HEAD(&new->list);
+	memcpy(new, trig, sizeof(*trig));
+
+	/* add to global table of trigger */
+	list_prepend(&ipt_trigger_list, &new->list);
+
+	/* add and start timer if required */
+	timer_setup(&new->timeout, trigger_timeout, 0);
+	mod_timer(&new->timeout, jiffies + (trig->trigger_timeout * HZ));
+
+	UNLOCK_BH(&nf_trigger_lock);
+
+	return 0;
+}
+
+/*
+ *      Service-Name    OutBound        InBound
+ * 1.   TMD             UDP:1000        TCP/UDP:2000..2010
+ * 2.   WOKAO           UDP:1000        TCP/UDP:3000..3010
+ * 3.   net2phone-1     UDP:6801        TCP:30000..30000
+ * 4.   net2phone-2     UDP:6801        UDP:30000..30000
+ *
+ * For supporting to use the same outgoing port to trigger different port rules,
+ * it should check the inbound protocol and port range value. If all conditions
+ * are matched, it is a same trigger item, else it needs to create a new one.
+ */
+static inline int trigger_out_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport, const struct ipt_trigger_info *info)
+{
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, mproto= %d, mport[0..1]=%d, %d, ", __FUNCTION__,
+			i->mproto, i->ports.mport[0], i->ports.mport[1]);
+	DEBUGP("rproto= %d, rport[0..1]=%d, %d.\n",
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	return ((i->mproto == proto) &&
+			(i->ports.mport[0] <= dport)  &&
+			(i->ports.mport[1] >= dport) &&
+			(i->rproto == info->proto) &&
+			(i->ports.rport[0] == info->ports.rport[0]) &&
+			(i->ports.rport[1] == info->ports.rport[1]));
+}
+
+static unsigned int
+trigger_out(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger trig, *found;
+	const struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	/* Check if the trigger range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_out_matched,
+			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest), info);
+
+
+	if (found) {
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		/* In order to allow multiple hosts use the same port range, we update
+		   the 'saddr' after previous trigger has a reply connection. */
+		if (found->reply)
+			found->srcip = iph->saddr;
+	}
+	else {
+		/* Create new trigger */
+		memset(&trig, 0, sizeof(trig));
+		trig.srcip = iph->saddr;
+		trig.mproto = iph->protocol;
+		trig.rproto = info->proto;
+		trig.trigger_timeout = info->trigger_timeout;
+		memcpy(&trig.ports, &info->ports, sizeof(struct ipt_trigger_ports));
+		add_new_trigger(&trig); /* Add the new 'trig' to list 'ipt_trigger_list'. */
+	}
+
+	return IPT_CONTINUE;        /* We don't block any packet. */
+}
+
+static inline int trigger_in_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport)
+{
+	u_int16_t rproto = i->rproto;
+
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, rproto= %d, rport[0..1]=%d, %d.\n", __FUNCTION__,
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	if (!rproto)
+		rproto = proto;
+
+	return ((rproto == proto) && (i->ports.rport[0] <= dport)
+			&& (i->ports.rport[1] >= dport));
+}
+
+static unsigned int
+trigger_in(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger *found;
+	const struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest));
+	if (found) {
+		DEBUGP("############# %s ############\n", __FUNCTION__);
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		return NF_ACCEPT;       /* Accept it, or the imcoming packet could be
+					   dropped in the FORWARD chain */
+	}
+
+	return IPT_CONTINUE;        /* Our job is the interception. */
+}
+
+static unsigned int
+trigger_dnat(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	struct ipt_trigger *found = NULL;
+	const struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *tcph = (void *)iph + iph->ihl*4;     /* Might be TCP, UDP */
+	struct nf_conn *ct = NULL;
+	enum ip_conntrack_info ctinfo;
+	struct nf_nat_range2 newrange;
+
+	DEBUGP("############# %s ############%d\n", __FUNCTION__, __LINE__);
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, iph->protocol, ntohs(tcph->dest));
+	if (found) {
+		DEBUGP("############# %s ############%d srcip:%d\n", __FUNCTION__, __LINE__, found->srcip);
+	}
+
+	if (!found || !found->srcip)
+		return IPT_CONTINUE;    /* We don't block any packet. */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	found->reply = 1;   /* Confirm there has been a reply connection. */
+	ct = nf_ct_get(skb, &ctinfo);
+
+	DEBUGP("%s: got ", __FUNCTION__);
+
+
+	/* Alter the destination of imcoming packet. */
+	/* Transfer from original range. */
+	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
+	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
+	memset(&newrange.min_proto, 0, sizeof(newrange.min_proto));
+	memset(&newrange.max_proto, 0, sizeof(newrange.max_proto));
+	newrange.flags	     = NF_NAT_RANGE_MAP_IPS;
+	newrange.min_addr.ip = found->srcip;
+	newrange.max_addr.ip = found->srcip;
+	DEBUGP("%s: found->srcip = %x\n", __FUNCTION__,  found->srcip);
+
+	/* Hand modified range to generic setup. */
+	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
+}
+
+static unsigned int
+trigger_target(struct sk_buff *skb,
+			       const struct xt_action_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+	const struct iphdr *iph = ip_hdr(skb);
+	unsigned int hooknum = xt_hooknum(par);
+
+	DEBUGP("%s: type = %s\n", __FUNCTION__,
+			(info->type == IPT_TRIGGER_DNAT) ? "dnat" :
+			(info->type == IPT_TRIGGER_IN) ? "in" : "out");
+
+	/* The Port-trigger only supports TCP and UDP. */
+	if ((iph->protocol != IPPROTO_TCP) && (iph->protocol != IPPROTO_UDP))
+		return IPT_CONTINUE;
+
+	if (info->type == IPT_TRIGGER_OUT)
+		return trigger_out(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_IN)
+		return trigger_in(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_DNAT)
+		return trigger_dnat(skb, hooknum, info);
+
+	return IPT_CONTINUE;
+}
+static int
+trigger_check(const struct xt_tgchk_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+
+	if ((strcmp(par->table, "mangle") == 0)) {
+		DEBUGP("trigger_check: bad table `%s'.\n", par->table);
+		return -EINVAL;
+	}
+	if (par->hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_FORWARD))) {
+		DEBUGP("trigger_check: bad hooks %x.\n", par->hook_mask);
+		return -EINVAL;
+	}
+
+	if (info->proto) {
+		if (info->proto != IPPROTO_TCP && info->proto != IPPROTO_UDP) {
+			DEBUGP("trigger_check: bad proto %d.\n", info->proto);
+			return -EINVAL;
+		}
+	}
+	if (info->type == IPT_TRIGGER_OUT) {
+		if (!info->ports.mport[0] || !info->ports.rport[0]) {
+			DEBUGP("trigger_check: Try 'iptbles -j TRIGGER -h' for help.\n");
+			return -EINVAL;
+		}
+	}
+
+	return 0;
+}
+
+
+static struct xt_target redirect_reg = {
+        .name           = "TRIGGER",
+        .family         = NFPROTO_IPV4,
+        .target         = trigger_target,
+        .targetsize     = sizeof(struct ipt_trigger_info),
+        .checkentry     = trigger_check,
+        .me             = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+	return xt_register_target(&redirect_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(&redirect_reg);
+}
+
+module_init(init);
+module_exit(fini);
--- a/ipt-trigger/src/ipv6/Makefile
+++ b/ipt-trigger/src/ipv6/Makefile
@@ -0,0 +1 @@
+obj-m +=ip6t_TRIGGER.o
--- a/ipt-trigger/src/ipv6/ip6t_TRIGGER.c
+++ b/ipt-trigger/src/ipv6/ip6t_TRIGGER.c
@@ -0,0 +1,429 @@
+/* Kernel module to match the port-ranges, trigger related port-ranges,
+ * and alters the destination to a local IPv6 address.
+ *
+ * Copyright (C) 2024, IOPSYS
+ * All Rights Reserved.
+ *
+ * Description:
+ *   This is kernel module for port-triggering.
+ *
+ *   The module follows the Netfilter framework, called extended packet
+ *   matching modules.
+ */
+
+#include <linux/types.h>
+#include <linux/tcp.h>
+#include <linux/timer.h>
+#include <linux/module.h>
+#include <linux/netfilter.h>
+#include <linux/netdevice.h>
+#include <linux/if.h>
+#include <linux/inetdevice.h>
+#include <linux/list.h>
+#include <net/protocol.h>
+#include <net/checksum.h>
+#include <linux/spinlock.h>
+
+#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter_ipv4/ipt_TRIGGER.h>
+
+/* This rwlock protects the main hash table, protocol/helper/expected
+ *    registrations, conntrack timers*/
+
+
+static DEFINE_SPINLOCK(nf_trigger_lock);
+
+
+
+#define NF_IP_PRE_ROUTING	0
+#define NF_IP_FORWARD		2
+#define IPT_CONTINUE XT_CONTINUE
+
+
+
+/***********************lock help**********************/
+#define MUST_BE_READ_LOCKED(l)
+#define MUST_BE_WRITE_LOCKED(l)
+
+
+#define LOCK_BH(l) spin_lock_bh(l)
+#define UNLOCK_BH(l) spin_unlock_bh(l)
+
+#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&nf_trigger_lock)
+#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&nf_trigger_lock)
+
+
+
+
+/***********************list help**********************/
+#define LIST_FIND(head, cmpfn, type, args...)           \
+({                                                      \
+        const struct list_head *__i, *__j = NULL;       \
+                                                        \
+        ASSERT_READ_LOCK(head);                         \
+        list_for_each(__i, (head))                      \
+                if (cmpfn((const type)__i , ## args)) { \
+                        __j = __i;                      \
+                        break;                          \
+                }                                       \
+        (type)__j;                                      \
+})
+
+static inline int
+__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
+
+static inline void
+list_prepend(struct list_head *head, void *new)
+{
+	ASSERT_WRITE_LOCK(head);
+	list_add(new, head);
+}
+
+#define list_named_find(head, name)                     \
+LIST_FIND(head, __list_cmp_name, void *, name)
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("IOPSYS Network Team");
+MODULE_DESCRIPTION("iptables trigger target module");
+
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+struct ipt_trigger {
+        struct list_head list;          /* Trigger list */
+        struct timer_list timeout;      /* Timer for list destroying */
+        struct in6_addr srcip;                /* Outgoing source address */
+        struct in6_addr dstip;                /* Outgoing destination address */
+        u_int16_t mproto;               /* Trigger protocol */
+        u_int16_t rproto;               /* Related protocol */
+	u_int16_t trigger_timeout;      /* Auto disable duration */
+        struct ipt_trigger_ports ports; /* Trigger and related ports */
+        u_int8_t reply;                 /* Confirm a reply connection */
+};
+
+LIST_HEAD(ipt_trigger_list);
+
+static unsigned char *ipv6_header_get_L4_header_offset(const struct ipv6hdr *ip6h_p)
+{
+        unsigned int ext_head_count = 8;
+        const struct ipv6_opt_hdr *ip_ext_p;
+        unsigned int payload_offset = 0;
+	char *tcpudp_hdr = NULL;
+	uint8_t nextHdr_p;
+
+        nextHdr_p = ip6h_p->nexthdr;
+        ip_ext_p = (const struct ipv6_opt_hdr *)(ip6h_p + 1);
+        payload_offset = sizeof(struct ipv6hdr);
+
+        do {
+                if ((nextHdr_p == IPPROTO_TCP) || (nextHdr_p == IPPROTO_UDP)) {
+			tcpudp_hdr = (unsigned char *)ip6h_p + payload_offset;
+                        break;
+		}
+
+                payload_offset += (ip_ext_p->hdrlen + 1U) << 3U;
+                nextHdr_p = ip_ext_p->nexthdr;
+                ip_ext_p = (struct ipv6_opt_hdr *)((uint8_t *)ip6h_p + payload_offset);
+                ext_head_count--; /* at most 8 extension headers */
+        } while (ext_head_count);
+
+        return tcpudp_hdr;
+}
+
+static void trigger_refresh(struct ipt_trigger *trig, unsigned long extra_jiffies)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	LOCK_BH(&nf_trigger_lock);
+	/* Need del_timer for race avoidance (may already be dying). */
+	if (del_timer(&trig->timeout)) {
+		trig->timeout.expires = jiffies + extra_jiffies;
+		add_timer(&trig->timeout);
+	}
+
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static void __del_trigger(struct ipt_trigger *trig)
+{
+	DEBUGP("%s: \n", __FUNCTION__);
+	MUST_BE_WRITE_LOCKED(&nf_trigger_lock);
+
+	/* delete from 'ipt_trigger_list' */
+	list_del(&trig->list);
+	kfree(trig);
+}
+
+static void trigger_timeout(struct timer_list *t)
+{
+	struct ipt_trigger *trig = from_timer(trig, t, timeout);
+
+	DEBUGP("trigger list %p timed out\n", trig);
+	LOCK_BH(&nf_trigger_lock);
+	__del_trigger(trig);
+	UNLOCK_BH(&nf_trigger_lock);
+}
+
+static unsigned int
+add_new_trigger(struct ipt_trigger *trig)
+{
+	struct ipt_trigger *new = NULL;
+
+	DEBUGP("!!!!!!!!!!!! %s !!!!!!!!!!!\n", __FUNCTION__);
+
+	LOCK_BH(&nf_trigger_lock);
+	new = (struct ipt_trigger *)
+		kmalloc(sizeof(struct ipt_trigger), GFP_ATOMIC);
+
+	if (!new) {
+		UNLOCK_BH(&nf_trigger_lock);
+		DEBUGP("%s: OOM allocating trigger list\n", __FUNCTION__);
+		return -ENOMEM;
+	}
+
+	memset(new, 0, sizeof(*trig));
+	INIT_LIST_HEAD(&new->list);
+	memcpy(new, trig, sizeof(*trig));
+
+	/* add to global table of trigger */
+	list_prepend(&ipt_trigger_list, &new->list);
+
+	/* add and start timer if required */
+	timer_setup(&new->timeout, trigger_timeout, 0);
+	mod_timer(&new->timeout, jiffies + (trig->trigger_timeout * HZ));
+
+	UNLOCK_BH(&nf_trigger_lock);
+
+	return 0;
+}
+
+/*
+ *      Service-Name    OutBound        InBound
+ * 1.   TMD             UDP:1000        TCP/UDP:2000..2010
+ * 2.   WOKAO           UDP:1000        TCP/UDP:3000..3010
+ * 3.   net2phone-1     UDP:6801        TCP:30000..30000
+ * 4.   net2phone-2     UDP:6801        UDP:30000..30000
+ *
+ * For supporting to use the same outgoing port to trigger different port rules,
+ * it should check the inbound protocol and port range value. If all conditions
+ * are matched, it is a same trigger item, else it needs to create a new one.
+ */
+static inline int trigger_out_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport, const struct ipt_trigger_info *info)
+{
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, mproto= %d, mport[0..1]=%d, %d, ", __FUNCTION__,
+			i->mproto, i->ports.mport[0], i->ports.mport[1]);
+	DEBUGP("rproto= %d, rport[0..1]=%d, %d.\n",
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	return ((i->mproto == proto) &&
+			(i->ports.mport[0] <= dport)  &&
+			(i->ports.mport[1] >= dport) &&
+			(i->rproto == info->proto) &&
+			(i->ports.rport[0] == info->ports.rport[0]) &&
+			(i->ports.rport[1] == info->ports.rport[1]));
+}
+
+static unsigned int
+trigger_out(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger trig, *found;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	struct tcphdr *tcph = (struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	/* Check if the trigger range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_out_matched,
+			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest), info);
+
+
+	if (found) {
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		/* In order to allow multiple hosts use the same port range, we update
+		   the 'saddr' after previous trigger has a reply connection. */
+		if (found->reply)
+			found->srcip = ip6h->saddr;
+	}
+	else {
+		/* Create new trigger */
+		memset(&trig, 0, sizeof(trig));
+		memcpy(&trig.srcip, &ip6h->saddr, sizeof(trig.srcip));
+		trig.mproto = ip6h->nexthdr;
+		trig.rproto = info->proto;
+		trig.trigger_timeout = info->trigger_timeout;
+		memcpy(&trig.ports, &info->ports, sizeof(struct ipt_trigger_ports));
+		add_new_trigger(&trig); /* Add the new 'trig' to list 'ipt_trigger_list'. */
+	}
+
+	return IPT_CONTINUE;        /* We don't block any packet. */
+}
+
+static inline int trigger_in_matched(const struct ipt_trigger *i,
+        const u_int16_t proto, const u_int16_t dport)
+{
+	u_int16_t rproto = i->rproto;
+
+	DEBUGP("%s: i=%p, proto= %d, dport=%d.\n", __FUNCTION__, i, proto, dport);
+	DEBUGP("%s: Got one, rproto= %d, rport[0..1]=%d, %d.\n", __FUNCTION__,
+			i->rproto, i->ports.rport[0], i->ports.rport[1]);
+
+	if (!rproto)
+		rproto = proto;
+
+	return ((rproto == proto) && (i->ports.rport[0] <= dport)
+			&& (i->ports.rport[1] >= dport));
+}
+
+static unsigned int
+trigger_in(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	const struct ipt_trigger_info *info = targinfo;
+	struct ipt_trigger *found;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	struct tcphdr *tcph =(struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest));
+	if (found) {
+		DEBUGP("############# %s ############\n", __FUNCTION__);
+		/* Yeah, it exists. We need to update(delay) the destroying timer. */
+		trigger_refresh(found, info->trigger_timeout * HZ);
+		return NF_ACCEPT;       /* Accept it, or the imcoming packet could be
+					   dropped in the FORWARD chain */
+	}
+
+	return IPT_CONTINUE;        /* Our job is the interception. */
+}
+
+static unsigned int
+trigger_dnat(struct sk_buff *skb,
+                unsigned int hooknum,
+                const void *targinfo)
+{
+	struct ipt_trigger *found = NULL;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	struct tcphdr *tcph =(struct tcphdr*)ipv6_header_get_L4_header_offset(ip6h);     /* Might be TCP, UDP */
+	struct nf_conn *ct = NULL;
+	enum ip_conntrack_info ctinfo;
+	struct nf_nat_range2 newrange;
+
+	/* Check if the trigger-ed range has already existed in 'ipt_trigger_list'. */
+	found = LIST_FIND(&ipt_trigger_list, trigger_in_matched,
+			struct ipt_trigger *, ip6h->nexthdr, ntohs(tcph->dest));
+
+	if (!found)
+		return IPT_CONTINUE;    /* We don't block any packet. */
+
+	DEBUGP("############# %s ############\n", __FUNCTION__);
+	found->reply = 1;   /* Confirm there has been a reply connection. */
+	ct = nf_ct_get(skb, &ctinfo);
+
+	DEBUGP("%s: got ", __FUNCTION__);
+
+
+	/* Alter the destination of imcoming packet. */
+	/* Transfer from original range. */
+	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
+	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
+	memset(&newrange.min_proto, 0, sizeof(newrange.min_proto));
+	memset(&newrange.max_proto, 0, sizeof(newrange.max_proto));
+	newrange.flags	     = NF_NAT_RANGE_MAP_IPS;
+	memcpy(&newrange.min_addr.ip, &found->srcip, sizeof(newrange.min_addr.ip));
+	memcpy(&newrange.max_addr.ip, &found->srcip, sizeof(newrange.max_addr.ip));
+	DEBUGP("%s: found->srcip = %x\n", __FUNCTION__,  found->srcip);
+
+	/* Hand modified range to generic setup. */
+	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
+}
+
+static unsigned int
+trigger_target(struct sk_buff *skb,
+			       const struct xt_action_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
+	unsigned int hooknum = xt_hooknum(par);
+
+	DEBUGP("%s: type = %s\n", __FUNCTION__,
+			(info->type == IPT_TRIGGER_DNAT) ? "dnat" :
+			(info->type == IPT_TRIGGER_IN) ? "in" : "out");
+
+	/* The Port-trigger only supports TCP and UDP. */
+	if ((ip6h->nexthdr != IPPROTO_TCP) && (ip6h->nexthdr != IPPROTO_UDP))
+		return IPT_CONTINUE;
+
+	if (info->type == IPT_TRIGGER_OUT)
+		return trigger_out(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_IN)
+		return trigger_in(skb, hooknum, info);
+	else if (info->type == IPT_TRIGGER_DNAT)
+		return trigger_dnat(skb, hooknum, info);
+
+	return IPT_CONTINUE;
+}
+static int
+trigger_check(const struct xt_tgchk_param *par)
+{
+	const struct ipt_trigger_info *info = par->targinfo;
+
+	if ((strcmp(par->table, "mangle") == 0)) {
+		DEBUGP("trigger_check: bad table `%s'.\n", par->table);
+		return -EINVAL;
+	}
+	if (par->hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_FORWARD))) {
+		DEBUGP("trigger_check: bad hooks %x.\n", par->hook_mask);
+		return -EINVAL;
+	}
+
+	if (info->proto) {
+		if (info->proto != IPPROTO_TCP && info->proto != IPPROTO_UDP) {
+			DEBUGP("trigger_check: bad proto %d.\n", info->proto);
+			return -EINVAL;
+		}
+	}
+	if (info->type == IPT_TRIGGER_OUT) {
+		if (!info->ports.mport[0] || !info->ports.rport[0]) {
+			DEBUGP("trigger_check: Try 'iptbles -j TRIGGER -h' for help.\n");
+			return -EINVAL;
+		}
+	}
+
+	return 0;
+}
+
+
+static struct xt_target redirect_reg = {
+        .name           = "TRIGGER",
+        .family         = NFPROTO_IPV6,
+        .target         = trigger_target,
+        .targetsize     = sizeof(struct ipt_trigger_info),
+        .checkentry     = trigger_check,
+        .me             = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+	return xt_register_target(&redirect_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(&redirect_reg);
+}
+
+module_init(init);
+module_exit(fini);
--- a/libeasy/Makefile
+++ b/libeasy/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libeasy
-PKG_VERSION:=7.4.2
+PKG_VERSION:=7.4.3

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=11eb263666556c419220e2a50c3a67422e79f884
+PKG_SOURCE_VERSION:=ba80dcc51056772c906cac8022a2537b74959e6a
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libeasy.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -28,6 +28,12 @@ TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include/openssl \
 	-I$(STAGING_DIR)/usr/include/libnl3

+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	rsync -r --exclude=.* ~/git/libeasy/ $(PKG_BUILD_DIR)/
+endef
+endif
+
 MAKE_FLAGS += \
 	CFLAGS="$(TARGET_CFLAGS) -Wall"

@@ -56,6 +62,7 @@ define Build/InstallDev/libeasy
 	$(CP) $(PKG_BUILD_DIR)/if_utils.h $(1)/usr/include/easy/
 	$(CP) $(PKG_BUILD_DIR)/debug.h $(1)/usr/include/easy/
 	$(CP) $(PKG_BUILD_DIR)/hlist.h $(1)/usr/include/easy/
+	$(CP) $(PKG_BUILD_DIR)/timestamp.h $(1)/usr/include/easy/
 	$(CP) $(PKG_BUILD_DIR)/libeasy*.so* $(1)/usr/lib/
 endef

--- a/libethernet/Makefile
+++ b/libethernet/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libethernet
-PKG_VERSION:=7.2.107
+PKG_VERSION:=7.2.108

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=9c0e9ecd62b79d4e89b4f013f04124870d237395
+PKG_SOURCE_VERSION:=df0181ae4e8391901a8005ffa17ff28fbce8ec64
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libethernet.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
--- a/libvoice-airoha/Makefile
+++ b/libvoice-airoha/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.10
+PKG_VERSION:=1.0.12
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE

@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=e6ba6fca814f6c83a3d6ff4a5b7560fbc36d3101
+PKG_SOURCE_VERSION:=68f0b4f3edecea9b8f05e72b6bbf3952d3946b7c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/libvoice-broadcom/Makefile
+++ b/libvoice-broadcom/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libvoice-broadcom
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.8
+PKG_VERSION:=1.0.10
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE

@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=e1de60c2c05935fb2f4adfc1f73feba0bb32ade6
+PKG_SOURCE_VERSION:=059574b5036c840df97feecdace141e59210acc2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/libvoice-d2/Makefile
+++ b/libvoice-d2/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libvoice-d2
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.1.5
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE

@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=e6d689334000bc57498d9a3f203a8933160e1ef4
+PKG_SOURCE_VERSION:=0a7a3219bf0d90b1f1a31b0deaf9a6d78b6420f1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
--- a/libwifi/Makefile
+++ b/libwifi/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libwifi
-PKG_VERSION:=7.4.18
+PKG_VERSION:=7.4.49

 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=4f6d22e0afa199bcff63f084a022c6142883973f
+PKG_SOURCE_VERSION:=be3df63b06bc0d7af5997fd999d0a996c89316cd
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
--- a/map-agent/Makefile
+++ b/map-agent/Makefile
@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-agent
-PKG_VERSION:=4.5.1.0
+PKG_VERSION:=4.5.2.3
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=6d74ca3c6a4a2893160a5de2f7f455a8d8596fec
+PKG_SOURCE_VERSION:=9f3a56d86c844b45c896abfdf885f4c197c3cf81
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>

 PKG_LICENSE:=BSD-3-Clause
@@ -28,7 +28,7 @@ define Package/map-agent
  CATEGORY:=Utilities
  TITLE:=WiFi multi-AP Agent (EasyMesh R2)
  DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
-	   +map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp
+	   +ieee1905-map-plugin +ip-bridge +AGENT_USE_LIBDPP:libdpp
 endef

 ifeq ($(CONFIG_AGENT_USE_LIBDPP),y)
@@ -40,7 +40,7 @@ define Package/dynbhd
  CATEGORY:=Utilities
  TITLE:=Dynamic Backhaul Daemon
  DEPENDS:=+libwifi +libuci +libubox +ubus +libeasy +libieee1905 +ieee1905 \
-	  +map-plugin +map-agent
+	  +ieee1905-map-plugin +map-agent
 endef


--- a/map-agent/files/etc/config/mapagent
+++ b/map-agent/files/etc/config/mapagent
@@ -3,11 +3,10 @@ config agent 'agent'
 	option debug '0'
 	option profile '3'
 	option al_bridge 'br-lan'
-	option netdev 'wlan'
 	option island_prevention '0'
 	option eth_onboards_wifi_bhs '1'
 	option scan_on_boot_only '0'
-	option chan_ch_relay_mcast '1'
+	option chan_ch_relay_mcast '0'
 	option guest_isolation '1'
 	list map_port 'all'
 #	option controller_macaddr '0a:1b:2c:3d:4e:50'
--- a/map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul
+++ b/map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul
@@ -1,17 +1,19 @@
 #!/bin/sh

-. /lib/network/utils.sh
-
 conn_ports_file="/var/run/multiap/map.connected.ports"
 map_bh_file="/var/run/multiap/multiap.backhaul"
+
+# Exit if AL Bridge is not configured to be a bridge device
 al_bridge="$(uci -q get mapagent.agent.al_bridge)"
 [ "${al_bridge:0:3}" = "br-" ] || exit 0
-al_brnet="${al_bridge:3}"

 # Exit if the PORT is not member of the AL Bridge
-[ "$(get_network_of $PORT)" = "$al_brnet" ] || exit 0
+port_bridge_sec="$(uci show network | grep -w $PORT | grep '\.ports' | cut -d'.' -f2)"
+port_bridge_name="$(uci -q get network.$port_bridge_sec.name)"
+[ "$port_bridge_name" = "$al_bridge" ] || exit 0

 # Exit if the device is not operating in extender/repeater mode
+al_brnet="${al_bridge:3}"
 [ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ] || exit 0

 ############## Dynamic Backhaul Daemon ##############
@@ -45,7 +47,7 @@ fi
 ########################################################

 ################ Dedicated ETH WAN Port ################
-wanport="$(db -q get hw.board.ethernetWanPort)"
+wanport="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"
 if [ -n "$wanport" ]; then
 	[ "$wanport" = "$PORT" ] || exit 0
 ########################################################
@@ -69,7 +71,7 @@ fi

 remove_from_bridge() {
 	config_get ifname "$section" ifname
-	[ -n "$ifname" ] && ubus call network.interface.${al_brnet} remove_device '{"name":"$ifname"}'
+	[ -n "$ifname" ] && brctl delif ${al_bridge} ${ifname}
 }

 update_bstas() {
--- a/map-agent/files/lib/multiap/map_genconfig
+++ b/map-agent/files/lib/multiap/map_genconfig
@@ -159,12 +159,6 @@ map_genconf () {
 		if ! uci show wireless | grep -q "mode=.*sta"; then
 			generate_wireless_sta_config=1

-			if is_broadcom; then
-				for section in $(uci show wireless | grep wifi-device | cut -d'.' -f2 | cut -d'=' -f1); do
-					uci -q set wireless.$section.apsta="1"
-				done
-			fi
-
 			for section in $(uci show wireless | grep "mode=.*ap" | cut -d'.' -f2); do
 				uci delete wireless.$section
 			done
--- a/map-controller/Makefile
+++ b/map-controller/Makefile
@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=map-controller
-PKG_VERSION:=4.5.0.4
+PKG_VERSION:=4.6.1.0
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=59a3bb0e2cbd0f37f60bd121e4b30289a64d310e
+PKG_SOURCE_VERSION:=96b5b249ddd12828726ab14310011f39727253ef
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>

 LOCAL_DEV=0
@@ -27,7 +27,7 @@ define Package/map-controller
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=WiFi Multi-AP Controller (EasyMesh R2)
-  DEPENDS:=+libuci +libubox +ubus +libeasy +libwifiutils +libieee1905 +ieee1905 +map-plugin \
+  DEPENDS:=+libuci +libubox +ubus +libeasy +libwifiutils +libieee1905 +ieee1905 +ieee1905-map-plugin \
 	   +CONTROLLER_USE_LIBDPP:libdpp
 endef

--- a/map-controller/files/etc/config/mapcontroller
+++ b/map-controller/files/etc/config/mapcontroller
@@ -59,7 +59,7 @@ config ap

 config ap
 	option band '2'
-	option ssid 'MAP-$BASEMAC_ADDR-BH-2.4GHz'
+	option ssid 'MAP-$BASEMAC_ADDR-BH'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'
@@ -67,7 +67,7 @@ config ap

 config ap
 	option band '5'
-	option ssid 'MAP-$BASEMAC_ADDR-BH-5GHz'
+	option ssid 'MAP-$BASEMAC_ADDR-BH'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'
@@ -75,7 +75,7 @@ config ap

 config ap
 	option band '6'
-	option ssid 'MAP-$BASEMAC_ADDR-BH-6GHz'
+	option ssid 'MAP-$BASEMAC_ADDR-BH'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'
--- a/mcastmngr/files/broadcom/lib/mcast/broadcom.sh
+++ b/mcastmngr/files/broadcom/lib/mcast/broadcom.sh
@@ -11,7 +11,7 @@ CONFFILE=/var/mcpd.conf
 PROG_EXE=/usr/sbin/mcpd

 proxdevs=""
-ethwan="$(db -q get hw.board.ethernetWanPort)"
+ethwan="$(jsonfilter -i /etc/board.json -e @.network.wan.device)"


 config_snooping_common_params() {
--- a/mcastmngr/files/common/lib/mcast/common.sh
+++ b/mcastmngr/files/common/lib/mcast/common.sh
@@ -62,7 +62,7 @@ read_snooping() {
 	local proto

 	config_get sec_enable "$config" enable 0
-	config_get proto "$config" proto
+	config_get proto "$config" proto "igmp"

 	if [ "$sec_enable" == "0" ]; then
 		return
@@ -103,7 +103,7 @@ read_proxy() {
 	local proto

 	config_get sec_enable "$config" enable 0
-	config_get proto "$config" proto
+	config_get proto "$config" proto "igmp"

 	if [ "$sec_enable" == "0" ]; then
 		return
--- a/mcastmngr/files/linux/lib/mcast/linux.sh
+++ b/mcastmngr/files/linux/lib/mcast/linux.sh
@@ -15,7 +15,7 @@ snooping_bridges=

 __device_is_bridge() {
 	local device="$2"
-	local devsec__="$(uci show network | grep name=.*$device | grep -v ifname | cut -d'.' -f2)"
+	local devsec__="$(uci show network | grep -F ".name='$device'" | cut -d'.' -f2)"
 	local sectype="$(uci -q get network.$devsec__)"
 	local devtype="$(uci -q get network.$devsec__.type)"
 	[ "$sectype" != "device" -o "$devtype" != "bridge" ] && return 1
@@ -46,9 +46,6 @@ device_has_ip() {
 	# Read the openwrt interface for the device.
 	# Device can have multiple logical interfaces like wan and wan6
 	# but same l3 device
-	# NB. Don't use 'get_network_of' here.
-	# This function fails in some uci configurations for interfaces that refer
-	# to a device indirectly.
 	local ifaces=$(ubus call network.interface dump | jsonfilter -e "@.interface[@.device='$device'].interface")
 	for iface in $ifaces; do
 		local ip=
@@ -302,7 +299,12 @@ config_mcproxy_instance() {
 	# for snooping to work we should enable it on the bridge, doing it from
 	# here instead of from inside network config
 	if [ "$downstreams" != "$snooping_bridges" ]; then
-		config_sysfs_mcast_snooping "$downstreams" 1
+		if [ "$mcast_mode" == "0" ]; then
+			config_sysfs_mcast_snooping "$downstreams" 0
+		else
+			config_sysfs_mcast_snooping "$downstreams" 1
+		fi
+
 		[ -n $fast_leave ] &&
 			config_sysfs_mcast_fastleave "$downstreams" "$fast_leave"
 		config_sysfs_mcast_flood "$downstreams" "$mcast_mode"
--- a/netmode/Makefile
+++ b/netmode/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=netmode
-PKG_VERSION:=0.3.0
+PKG_VERSION:=1.0.1
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only
--- a/netmode/files/etc/config/netmode
+++ b/netmode/files/etc/config/netmode
@@ -1,10 +1,3 @@
 config netmode global
 	option enabled 0
 #	option mode 'router'
-
-#config testnet testnet
-#	option enabled 1
-#	option destination '8.8.8.8'
-	
-#config shiftrange shiftrange
-#	option enabled 1
--- a/netmode/files/etc/hotplug.d/iface/70-shiftrange
+++ b/netmode/files/etc/hotplug.d/iface/70-shiftrange
@@ -1,252 +0,0 @@
-#!/bin/sh
-# this scripts shifts the lan network prefixes
-# if a wan interface has the same network prefix.
-
-# do not shift range if the feature is explicitly disabled
-[ "$(uci -q get netmode.shiftrange.enabled)" == "0" ] && exit 0
-
-. /lib/functions.sh
-. /lib/functions/network.sh
-
-LOCKFILE="/tmp/70-shiftrange.lock"
-RESTRICTED_NETS=""
-ALL_NETS=""
-
-#####
-##### initial functions
-#####
-
-initial_check()
-{
-	# run only on ifup
-	[ "$ACTION" == "ifup" ] || exit 0
-
-	# run only for uplink (not is_lan) interfaces
-	local islan="$(uci -q get network.$INTERFACE.is_lan)"
-	[ "$islan" != "1" ] || exit 0
-
-	# run only if the uplink interface has a configured protocol
-	local proto="$(uci -q get network.$INTERFACE.proto)"
-	[ "$proto" != "none" ] || exit 0
-}
-
-finish()
-{
-    lock -u $LOCKFILE
-    rm -f $LOCKFILE
-}
-
-# just one instance of this script at a time
-just_one_instance()
-{
-	local counter=0
-	local limit=10
-
-	#wait for the lock to become free
-	while [ -e $LOCKFILE ] ; do
-		sleep 1
-		counter=$((counter + 1))
-		[ "$counter" -gt "$limit" ] && exit 1
-	done
-
-	lock $LOCKFILE
-	trap finish EXIT INT TERM
-}
-
-
-#####
-##### helper functions
-#####
-
-#given a an ip and a mask in the form of "192.168.1.1/24"
-#return the network address like "192.168.1.0/24"
-get_network_address()
-{
-	local ip="$1"
-	[ -z "$ip" ] && return
-
-	local prefix=${ip##*/}
-
-	local ip1=${ip%%.*} ; ip=${ip#*.*}
-	local ip2=${ip%%.*} ; ip=${ip#*.*}
-	local ip3=${ip%%.*} ; ip=${ip#*.*}
-	local ip4=${ip%%/*}
-
-	local ip=$((($ip1 << 24) + ($ip2 << 16) + ($ip3 << 8) + $ip4))
-	local mask=$((0xFFFFFFFF >> (32 - $prefix) << (32 - $prefix)))
-	local network=$(($ip & $mask))
-
-	local n1=$((($network & 0xFF000000) >> 24))
-	local n2=$((($network & 0x00FF0000) >> 16))
-	local n3=$((($network & 0x0000FF00) >> 8))
-	local n4=$(( $network & 0x000000FF))
-
-	echo "$n1.$n2.$n3.$n4/$prefix"
-}
-
-#given a network address (192.168.1.0/24)
-#find the next network address (192.168.2.0/24)
-next_network_address()
-{
-	local ip=$1
-	local prefix=${ip##*/}
-
-	local ip1=${ip%%.*} ; ip=${ip#*.*}
-	local ip2=${ip%%.*} ; ip=${ip#*.*}
-	local ip3=${ip%%.*} ; ip=${ip#*.*}
-	local ip4=${ip%%/*}
-
-	local ip=$((($ip1 << 24) + ($ip2 << 16) + ($ip3 << 8) + $ip4))
-	local one="$((1 << (32-$prefix)))"
-	local new=$(($ip + $one))
-
-	local n1=$((($new & 0xFF000000) >> 24))
-	local n2=$((($new & 0x00FF0000) >> 16))
-	local n3=$((($new & 0x0000FF00) >> 8))
-	local n4=$(( $new & 0x000000FF))
-
-	echo "$n1.$n2.$n3.$n4/$prefix"
-}
-
-# given a network address and a prefix (192.168.2.0/24)
-# return the first host ip available   (192.168.2.1)
-first_host_in_network ()
-{
-	local ip=$1
-	local prefix=${ip##*/}
-
-	local ip1=${ip%%.*} ; ip=${ip#*.*}
-	local ip2=${ip%%.*} ; ip=${ip#*.*}
-	local ip3=${ip%%.*} ; ip=${ip#*.*}
-	local ip4=${ip%%/*}
-
-	local ip=$((($ip1 << 24) + ($ip2 << 16) + ($ip3 << 8) + $ip4))
-	local new=$(($ip + 1))
-
-	local n1=$((($new & 0xFF000000) >> 24))
-	local n2=$((($new & 0x00FF0000) >> 16))
-	local n3=$((($new & 0x0000FF00) >> 8))
-	local n4=$(( $new & 0x000000FF))
-
-	echo "$n1.$n2.$n3.$n4"
-}
-
-# given a network address,
-# find the next available network address.
-shift_range()
-{
-	local net="$1"
-	while true ; do
-		if [ "$RESTRICTED_NETS" == "${RESTRICTED_NETS//$net/}" ] && [ "$ALL_NETS" == "${ALL_NETS//$net/}" ]; then
-			# found a net that is not in restricted nets nor in all nets
-			break
-		fi
-		net=$(next_network_address $net)
-	done
-
-	echo "$net"
-}
-
-
-#####
-##### parse all interfaces section
-#####
-
-# RESTRICTED_NETS = all the IPs on wan interfaces
-# ALL_NETS = all the IPs on any interface
-parse_interface()
-{
-	local interface=$1
-	local nets=""		# "192.168.1.1/24"
-	local networks=""	# "192.168.1.0/24"
-
-	config_get is_lan $interface is_lan
-	network_get_subnets nets $interface
-
-	for n in $nets ; do
-		networks="$networks $(get_network_address $n)"
-	done
-
-	[ "$is_lan" != "1" ] && RESTRICTED_NETS="$RESTRICTED_NETS $networks"
-	ALL_NETS="$ALL_NETS $networks"
-}
-
-# parse all the interfaces
-# get all the IPs on wan interfaces and store them in restrict_nets
-# get all the IPs on all interfaces and store them in ALL_NETS
-parse_interfaces()
-{
-	config_foreach parse_interface "interface"
-}
-
-
-#####
-##### parse all lan interfaces section
-#####
-
-parse_lan()
-{
-	local interface=$1
-	local nets=""
-	local ips=""
-	local newips=""
-	local ips_changed=0
-
-	[ "$interface" == "loopback" ] && return
-	config_get is_lan $interface is_lan
-	[ "$is_lan" == "1" ] || return
-
-	network_get_subnets ips $interface
-
-	for ip in $ips ; do
-		net="$(get_network_address $ip)"
-
-		if [ "$RESTRICTED_NETS" == "${RESTRICTED_NETS//$net/}" ] ; then
-			# net is not in restricted nets
-			# append ip to newips
-			[ -z "$newips" ] && newips="${ip%/*}" ||  newips="$newips ${ip%/*}"
-			continue
-		fi
-
-		#net is in RESTRICTED_NETS
-		local newnet=$(shift_range $net)
-		local newip="$(first_host_in_network $newnet)"
-		# append newip to newips
-		[ -z "$newips" ] && newips="$newip" ||  newips="$newips $newip"
-
-		ips_changed=1
-		logger "$0: Changing the ip on interface $interface from $ip to $newip/${newnet##*/}"
-		echo "$0: Changing the ip on interface $interface from $ip to $newip/${newnet##*/}" >/dev/console
-	done
-
-	#assign the new ips
-	if [ "$ips_changed" == "1" ] ; then
-		uci -q set network.$interface.ipaddr="$newips"
-	fi
-}
-
-# parse all the interface with is_lan=1
-parse_lans()
-{
-	config_foreach parse_lan "interface"
-}
-
-#####
-##### main
-#####
-
-main()
-{
-	initial_check
-	just_one_instance
-
-	config_load network
-	parse_interfaces
-	parse_lans
-
-	if [ -n "$(uci changes network)" ] ; then
-		ubus call uci commit '{"config":"network"}'
-	fi
-}
-
-main $@
--- a/netmode/files/etc/uci-defaults/netmode.l2mode
+++ b/netmode/files/etc/uci-defaults/netmode.l2mode
@@ -0,0 +1,114 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+source "/etc/device_info"
+
+l2_mcast_config() {
+	# configure L2 mcast config for snooping
+	logger -s -p user.info -t "netmode" "Generating L2 mcast configuration"
+
+	# remove proxy sections
+	uci -q delete mcast.igmp_proxy_1
+	uci -q delete mcast.mc_proxy_MLD
+
+	# add igmp_snooping section
+	uci -q set mcast.igmp_snooping_1=snooping
+	uci -q set mcast.igmp_snooping_1.enable='1'
+	uci -q set mcast.igmp_snooping_1.proto='igmp'
+	uci -q set mcast.igmp_snooping_1.version='2'
+	uci -q set mcast.igmp_snooping_1.robustness='2'
+	uci -q set mcast.igmp_snooping_1.query_interval='125'
+	uci -q set mcast.igmp_snooping_1.query_response_interval='100'
+	uci -q set mcast.igmp_snooping_1.last_member_query_interval='10'
+	uci -q set mcast.igmp_snooping_1.fast_leave='1'
+	uci -q set mcast.igmp_snooping_1.snooping_mode='2'
+	uci -q set mcast.igmp_snooping_1.interface='br-lan'
+	uci -q add_list mcast.igmp_snooping_1.filter='239.0.0.0/8'
+
+	# add mld_snooping section
+	uci -q set mcast.mld_snooping_1=snooping
+	uci -q set mcast.mld_snooping_1.enable='1'
+	uci -q set mcast.mld_snooping_1.proto='mld'
+	uci -q set mcast.mld_snooping_1.version='2'
+	uci -q set mcast.mld_snooping_1.robustness='2'
+	uci -q set mcast.mld_snooping_1.query_interval='125'
+	uci -q set mcast.mld_snooping_1.query_response_interval='100'
+	uci -q set mcast.mld_snooping_1.last_member_query_interval='10'
+	uci -q set mcast.mld_snooping_1.fast_leave='1'
+	uci -q set mcast.mld_snooping_1.snooping_mode='2'
+	uci -q set mcast.mld_snooping_1.interface='br-lan'
+
+	uci -q commit mcast
+}
+
+l2_network_config() {
+	logger -s -p user.info -t "netmode" "Generating L2 network configuration"
+
+	# Configure L2 Network Mode
+	uci -q delete network.lan
+	uci -q delete network.wan
+	uci -q delete network.wan6
+	uci -q set network.lan=interface
+	uci -q set network.lan.proto='dhcp'
+	uci -q set network.lan.device='br-lan'
+	uci -q set network.lan.force_link='1'
+	uci -q set network.lan6=interface
+	uci -q set network.lan6.proto='dhcpv6'
+	uci -q set network.lan6.device='@lan'
+	uci -q set network.lan6.reqprefix='no'
+	uci -q delete network.br_lan.ports
+	uci -q set network.br_lan.bridge_empty='1'
+
+	add_port_to_br_lan() {
+		port="$1"
+		[ -n "$port" -a -d /sys/class/net/$port ] || continue
+		uci add_list network.br_lan.ports="$port"
+	}
+
+	if [ -f /etc/board.json ]; then
+		json_load_file /etc/board.json
+		json_select network
+		json_select lan
+		if json_is_a ports array; then
+			json_for_each_item add_port_to_br_lan ports
+		else
+			json_get_var device device
+			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		fi
+		json_select ..
+		json_select wan 2>/dev/null
+		json_get_var device device
+		[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		json_cleanup
+	fi
+
+	uci -q commit network
+
+	# Disable DHCP Server
+	uci -q set dhcp.lan.ignore=1
+	uci -q commit dhcp
+	/etc/init.d/odhcpd disable
+
+	# Disable SSDPD
+	uci -q set ssdpd.ssdp.enabled="0"
+	uci -q commit ssdpd
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="lan"
+	uci -q commit cwmp
+
+	# disable firewall
+	uci -q set firewall.globals.enabled="0"
+	uci -q commit firewall
+}
+
+network_mode="$(fw_printenv -n netmode 2>/dev/null)"
+	
+case "$network_mode" in
+	layer2|extender)
+		l2_network_config
+		l2_mcast_config
+	;;	
+esac
--- a/obuspa/Config.in
+++ b/obuspa/Config.in
@@ -22,4 +22,12 @@ config OBUSPA_CONTROLLER_MTP_VERIFY
 config OBUSPA_ENABLE_TEST_CONTROLLER
 	bool "Adds a test controller by default"
 	default n
+
+config OBUSPA_MAX_CONTROLLERS_NUM
+	int "The maximum number of controllers to be supported"
+	range 1 10
+	default 5
+	help
+	 This value must be in range of 1 to 10. (default 5)
+
 endif
--- a/obuspa/Makefile
+++ b/obuspa/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=obuspa
-PKG_VERSION:=7.0.5.8
+PKG_VERSION:=7.0.5.19

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=d11c8505ffddb4c840d630632b0bb7dda04ca5b2
+PKG_SOURCE_VERSION:=83e4608de2dd316efbe336b93dab90aa47a2b4a6
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,7 +32,7 @@ define Package/obuspa
  SUBMENU:=TRx69
  TITLE:=USP agent
  MENU:=1
-  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl
+  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates
 endef

 define Package/obuspa/description
@@ -81,10 +81,14 @@ else
 CMAKE_OPTIONS += -DENABLE_WEBSOCKETS=OFF
 endif

+ifdef $(CONFIG_OBUSPA_MAX_CONTROLLERS_NUM)
+TARGET_CFLAGS += -DOBUSPA_MAX_CONTROLLERS_NUM=$(CONFIG_OBUSPA_MAX_CONTROLLERS_NUM)
+endif
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-        $(CP) -rf ~/git/obuspa/* $(PKG_BUILD_DIR)/
-        $(Build/Patch)
+	$(CP) -rf ~/git/obuspa/* $(PKG_BUILD_DIR)/
+	$(Build/Patch)
 endef
 endif

--- a/obuspa/files/etc/config/obuspa
+++ b/obuspa/files/etc/config/obuspa
@@ -2,12 +2,12 @@ config obuspa 'global'
 	option enabled '1'
 	option debug '1'
 	option dhcp_discovery '1'
-	option log_level '2'
+	option log_level '1'
 	option prototrace '0'
 	option db_file '/etc/obuspa/usp.db'
 	option role_file '/etc/obuspa/roles.json'
 	option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'
-	#option trust_cert '/etc/obuspa/rootCA.pem'
+	option trust_cert '/etc/ssl/cert.pem'
 	#option client_cert '/etc/obuspa/client.pem'
 	#option log_dest '/tmp/obuspa.log'

--- a/obuspa/files/etc/init.d/obuspa
+++ b/obuspa/files/etc/init.d/obuspa
@@ -92,10 +92,10 @@ get_base_path()
 	count=0

 	if [ -f "${DB_DUMP}" ]; then
-		path=$(grep "${refpath}\d.Alias \"${value}\"" ${DB_DUMP})
+		path=$(grep -E "${refpath}\d+.Alias \"${value}\"" ${DB_DUMP})
 		path=${path%.*}
 		if [ -z "${path}" ]; then
-			path=$(grep -o "${refpath}\d" ${DB_DUMP} |sort -r|head -n 1)
+			path=$(grep -oE "${refpath}\d+" ${DB_DUMP} |sort -r|head -n 1)
 			if [ -n "${path}" ]; then
 				count=${path##*.}
 				count=$(( count + 1 ))
@@ -122,9 +122,9 @@ get_refrence_path()
 	path=""

 	if [ -f "${DB_DUMP}" ]; then
-		path=$(grep "${dmref}\d.Alias " ${DB_DUMP}|grep -w "${value}")
+		path=$(grep -E "${dmref}\d+.Alias " ${DB_DUMP}|grep -w "${value}")
 	elif [ -f "${RESET_FILE}" ]; then
-		path=$(grep "${dmref}\d.Alias " ${RESET_FILE}|grep -w "${value}")
+		path=$(grep -E "${dmref}\d+.Alias " ${RESET_FILE}|grep -w "${value}")
 	fi
 	path=${path%.*}
 	echo "${path}"
@@ -728,13 +728,13 @@ get_instances_from_db_dump()
 {
 	local obj inst

-	obj="${1}\d"
+	obj="${1}\d+"
 	if [ ! -f "${DB_DUMP}" ]; then
 		echo ""
 		return 0;
 	fi

-	inst="$(grep -oe "${obj}" "${DB_DUMP}"|uniq)"
+	inst="$(grep -oE "${obj}" "${DB_DUMP}"|uniq)"
 	echo "$inst"
 }

@@ -942,7 +942,7 @@ check_n_delete_db()
 	r="${3}"
 	sec="${sec/${t}_/cpe-}"

-	path=$(grep "${r}\d.Alias \"${sec}\"" ${DB_DUMP})
+	path=$(grep -E "${r}\d+.Alias \"${sec}\"" ${DB_DUMP})
 	path=${path%.*}

 	delete_sql_db_entry_with_pattern "${path}"
--- a/obuspa/files/etc/obuspa/roles.json
+++ b/obuspa/files/etc/obuspa/roles.json
@@ -82,6 +82,17 @@
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        },
+        {
+          "object": "Device.SelfTestDiagnostics()",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
        {
          "object": "Device.FactoryReset()",
          "perm": [
@@ -249,6 +260,23 @@
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        },
+        {
+          "object":"Device.{BBF_VENDOR_PREFIX}OpenVPN.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SET",
+            "PERMIT_ADD",
+            "PERMIT_DEL",
+            "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
        {
          "object":"Device.NAT.",
          "perm": [
@@ -570,8 +598,7 @@
        {
          "object": "Device.",
          "perm": [
-            "PERMIT_NONE",
-            "PERMIT_SUBS_EVT_OPER_COMP"
+            "PERMIT_NONE"
          ]
        },
        {
@@ -584,66 +611,6 @@
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        },
-        {
-          "object":"Device.Time.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.UPnP.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Bridging.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Ethernet.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.DHCPv4.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.DHCPv6.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
        {
          "object":"Device.Hosts.",
          "perm": [
@@ -654,37 +621,6 @@
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        },
-        {
-          "object":"Device.NAT.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.PPP.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Routing.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
        {
          "object":"Device.IEEE1905.",
          "perm": [
@@ -695,16 +631,6 @@
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        },
-        {
-          "object":"Device.InterfaceStack.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
        {
          "object":"Device.DynamicDNS.",
          "perm": [
@@ -715,56 +641,6 @@
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        },
-        {
-          "object":"Device.LANConfigSecurity.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Security.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.RouterAdvertisement.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.Services.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.UserInterface.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
        {
          "object":"Device.PeriodicStatistics.",
          "perm": [
@@ -801,30 +677,16 @@
          ]
        },
        {
-          "object": "Device.DNS.",
+          "object": "Device.WiFi.AccessPoint.{i}.WPS.InitiateWPSPBC()",
          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
            "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        },
        {
-          "object": "Device.IP.",
+          "object": "Device.WiFi.DataElements.Network.SetSSID()",
          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
            "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
            "PERMIT_SUBS_EVT_OPER_COMP"
          ]
        }
--- a/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
+++ b/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
@@ -8,6 +8,11 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""

+log()
+{
+	echo "$*"|logger -t obuspa.dhcp -p debug
+}
+
 get_oui_from_db() {
 	db -q get device.deviceinfo.ManufacturerOUI
 }
@@ -309,6 +314,7 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	fi

 	if [ ${uci_change} -eq 1 ]; then
+		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi
 fi
--- a/obuspa/patches/0003-set-internal-role-fix.patch
+++ b/obuspa/patches/0003-set-internal-role-fix.patch
@@ -1,29 +1,69 @@
 --- a/src/core/cli_server.c
 +++ b/src/core/cli_server.c
-@@ -787,6 +787,7 @@ int ExecuteCli_Set(char *arg1, char *arg
+@@ -780,6 +780,7 @@ int ExecuteCli_Set(char *arg1, char *arg
         goto exit;
     }
 
 +    SetControllerRoleForInternal();
-     // Iterate over all objects to set
-     for (i=0; i < objects.num_entries; i++)
-     {
+     // Exit if unable to start a transaction
+     err = DM_TRANS_Start(&trans);
+     if (err != USP_ERR_OK)
+@@ -865,6 +866,7 @@ int ExecuteCli_Add(char *arg1, char *arg
+         goto exit;
+     }
+ 
+    SetControllerRoleForInternal();
+     // Exit if unable to start a transaction
+     err = DM_TRANS_Start(&trans);
+     if (err != USP_ERR_OK)
+@@ -976,6 +978,7 @@ int ExecuteCli_Del(char *arg1, char *arg
+         goto exit;
+     }
+ 
+    SetControllerRoleForInternal();
+     // Exit if unable to start a transaction
+     err = DM_TRANS_Start(&trans);
+     if (err != USP_ERR_OK)
 --- a/src/core/data_model.h
 +++ b/src/core/data_model.h
-@@ -325,6 +325,7 @@ void DATA_MODEL_DumpSchema(void);
+@@ -325,6 +325,8 @@ void DATA_MODEL_DumpSchema(void);
 void DATA_MODEL_DumpInstances(void);
 char DATA_MODEL_GetJSONParameterType(char *path);
 int DATA_MODEL_SetParameterInDatabase(char *path, char *value);
 +void SetControllerRoleForInternal();
+void SetControllerDummyID();
 
 int DM_PRIV_InitSetRequest(dm_req_t *req, dm_node_t *node, char *path, dm_instances_t *inst, char *new_value);
 void DM_PRIV_RequestInit(dm_req_t *req, dm_node_t *node, char *path, dm_instances_t *inst);
+--- a/src/core/dm_exec.c
+++ b/src/core/dm_exec.c
+@@ -1207,6 +1207,7 @@ void ProcessMessageQueueSocketActivity(s
+         return;
+     }
+ 
+    SetControllerDummyID(); // To make sure session handler does not break with internal services
+     switch(msg.type)
+     {
+         case kDmExecMsg_ProcessUspRecord:
 --- a/src/core/msg_handler.c
 +++ b/src/core/msg_handler.c
-@@ -902,6 +902,20 @@ char *MtpSendItemToString(mtp_send_item_
+@@ -902,6 +902,34 @@ char *MtpSendItemToString(mtp_send_item_
 
 /*********************************************************************//**
 **
+** SetControllerDummyID
+**
+** Sets the role for internal user
+**
+**
+**************************************************************************/
+void SetControllerDummyID()
+{
+    cur_msg_controller_info.endpoint_id = "CLI_Utility";
+}
+
+/*********************************************************************//**
+**
 +** SetControllerRoleForInternal
 +**
 +** Sets the role for internal user
@@ -34,6 +74,7 @@
 +{
 +    cur_msg_combined_role.inherited = kCTrustRole_Untrusted;
 +    cur_msg_combined_role.assigned = kCTrustRole_FullAccess;
+    SetControllerDummyID();
 +}
 +
 +/*********************************************************************//**
--- a/obuspa/patches/0011-max_controllers.patch
+++ b/obuspa/patches/0011-max_controllers.patch
@@ -0,0 +1,42 @@
+diff --git a/src/core/mqtt.c b/src/core/mqtt.c
+index 04a1a9c..8cb2ad7 100644
+--- a/src/core/mqtt.c
+++ b/src/core/mqtt.c
+@@ -234,6 +234,8 @@ void HandleMqttDisconnect(mqtt_client_t *client);
+ #define DEFINE_MQTT_TrustCertVerifyCallbackIndex(index) \
+ int MQTT_TrustCertVerifyCallback_##index (int preverify_ok, X509_STORE_CTX *x509_ctx) \
+ {\
+    if (index >= MAX_MQTT_CLIENTS) \
+	    return 0; \
+     return DEVICE_SECURITY_TrustCertVerifyCallbackWithCertChain(preverify_ok, x509_ctx, &mqtt_clients[index].cert_chain);\
+ }
+ 
+@@ -244,6 +246,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex(1);
+ DEFINE_MQTT_TrustCertVerifyCallbackIndex(2);
+ DEFINE_MQTT_TrustCertVerifyCallbackIndex(3);
+ DEFINE_MQTT_TrustCertVerifyCallbackIndex(4);
+DEFINE_MQTT_TrustCertVerifyCallbackIndex(5);
+DEFINE_MQTT_TrustCertVerifyCallbackIndex(6);
+DEFINE_MQTT_TrustCertVerifyCallbackIndex(7);
+DEFINE_MQTT_TrustCertVerifyCallbackIndex(8);
+DEFINE_MQTT_TrustCertVerifyCallbackIndex(9);
+ // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
+ 
+ //------------------------------------------------------------------------------------
+@@ -254,10 +261,15 @@ ssl_verify_callback_t* mqtt_verify_callbacks[] = {
+     MQTT_TrustCertVerifyCallbackIndex(2),
+     MQTT_TrustCertVerifyCallbackIndex(3),
+     MQTT_TrustCertVerifyCallbackIndex(4),
+    MQTT_TrustCertVerifyCallbackIndex(5),
+    MQTT_TrustCertVerifyCallbackIndex(6),
+    MQTT_TrustCertVerifyCallbackIndex(7),
+    MQTT_TrustCertVerifyCallbackIndex(8),
+    MQTT_TrustCertVerifyCallbackIndex(9),
+     // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
+ };
+ 
+-USP_COMPILEASSERT( ((sizeof(mqtt_verify_callbacks)/sizeof(ssl_verify_callback_t*)) == MAX_MQTT_CLIENTS),
+USP_COMPILEASSERT( ((sizeof(mqtt_verify_callbacks)/sizeof(ssl_verify_callback_t*)) >= MAX_MQTT_CLIENTS),
+         "There must be MAX_MQTT_CLIENTS callbacks defined");
+ 
+ /*********************************************************************//**
--- a/periodicstats/Makefile
+++ b/periodicstats/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=periodicstats
-PKG_VERSION:=1.5.3
+PKG_VERSION:=1.5.5

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
--- a/periodicstats/files/etc/bbfdm/micro_services/periodicstats.json
+++ b/periodicstats/files/etc/bbfdm/micro_services/periodicstats.json
@@ -1,15 +1,17 @@
 {
 	"daemon": {
+		"config": {
+			"loglevel": "1"
+		},
 		"input": {
 			"type": "DotSo",
 			"name": "/etc/periodicstats/libperiodicstats.so"
 		},
 		"output": {
 			"type": "UBUS",
-			"name": "bbfdm.periodicstats",
 			"parent_dm": "Device.",
 			"object": "PeriodicStatistics",
 			"root_obj": "bbfdm"
 		}
 	}
-}
+}
--- a/periodicstats/files/etc/init.d/periodicstats
+++ b/periodicstats/files/etc/init.d/periodicstats
@@ -3,11 +3,8 @@
 START=61
 STOP=01

-. /etc/bbfdm/bbfdm_services.sh
-
 USE_PROCD=1
 PROG="/usr/sbin/periodicstatsd"
-PERIODICSTATS_JSON_INPUT="/etc/periodicstats/input.json"

 start_service() {
 	local enable
@@ -15,8 +12,6 @@ start_service() {
 	config_load periodicstats
 	config_get_bool enable globals enable 1
 	
-	bbfdm_add_service "bbfdm.periodicstats" "${PERIODICSTATS_JSON_INPUT}"
-
 	if [ "${enable}" -ne "1" ]; then
 		return 0;
 	fi
--- a/Show More
+++ b/Show More