porttrigger: implementation of porttrigger

Added init script Makefile and library for rule installation

bbfdm/Config_bbfdm.in

@@ -10,168 +10,14 @@ config BBF_VENDOR_PREFIX
 	string "Vendor Prefix"
 	default "X_IOPSYS_EU_"
 
+config BBF_TR143
+	bool "Enable TR-143 Data Model Support"
+	default y
+
+config BBF_TR471
+	bool "Enable TR-471 Data Model Support"
+	default y
+
 config BBF_MAX_OBJECT_INSTANCES
 	int "Maximum number of instances per object"
 	default 255
-
-menu "TR181 Datamodels"
-	depends on PACKAGE_libbbfdm
-
-	config BBF_TR143
-		bool "Enable TR-143 Data Model Support"
-		default y
-
-	config BBF_TR471
-		bool "Enable TR-471 Data Model Support"
-		default y
-
-	config BBFDM_TR181_ATM
-		bool "Include Device.ATM."
-		default y
-
-	config BBFDM_TR181_BRIDGING
-		bool "Include Device.Bridging."
-		default y
-
-	config BBFDM_TR181_DDNS
-		bool "Include Device.DynamicDNS."
-		default y
-
-	config BBFDM_TR181_DEVICEINFO
-		bool "Include Device.DeviceInfo."
-		default y
-
-	config BBFDM_TR181_DEVICEINFO_PROCESSSTATUS
-		bool "Include Device.DeviceInfo.ProcessStatus."
-		default y
-
-	config BBFDM_TR181_DHCPv4
-		bool "Include Device.DHCPv4."
-		default y
-
-	config BBFDM_TR181_DHCPv6
-		bool "Include Device.DHCPv6."
-		default y
-
-	config BBFDM_TR181_DNS
-		bool "Include Device.DNS."
-		default y
-
-	config BBFDM_TR181_DSL
-		bool "Include Device.DSL."
-		default y
-
-	config BBFDM_TR181_ETHERNET
-		bool "Include Device.Ethenet."
-		default y
-
-	config BBFDM_TR181_FAST
-		bool "Include Device.FAST."
-		default y
-
-	config BBFDM_TR181_FIREWALL
-		bool "Include Device.Firewall."
-		default y
-
-	config BBFDM_TR181_GATEWAYINFO
-		bool "Include Device.GatewayInfo."
-		default y
-
-	config BBFDM_TR181_GRE
-		bool "Include Device.GRE."
-		default y
-
-	config BBFDM_TR181_IEEE1905
-		bool "Include Device.IEEE1905."
-		default y
-
-	config BBFDM_TR181_INTERFACESTACK
-		bool "Include Device.InterfaceStack."
-		default y
-
-	config BBFDM_TR181_IP
-		bool "Include Device.IP."
-		default y
-
-	config BBFDM_TR181_LANCONFSEC
-		bool "Include Device.LANonfigSecurity."
-		default y
-
-	config BBFDM_TR181_MQTT
-		bool "Include Device.MQTT."
-		default y
-
-	config BBFDM_TR181_NAT
-		bool "Include Device.NAT."
-		default y
-
-	config BBFDM_TR181_PACKETCAPTURE
-		bool "Include Device.PacketCaptureDiagnostics."
-		default y
-
-	config BBFDM_TR181_PPP
-		bool "Include Device.PPP."
-		default y
-
-	config BBFDM_TR181_PTM
-		bool "Include Device.PTM."
-		default y
-
-	config BBFDM_TR181_QOS
-		bool "Include Device.QoS."
-		default y
-
-	config BBFDM_TR181_ROUTERADVERTISEMENT
-		bool "Include Device.RouterAdvertisement."
-		default y
-
-	config BBFDM_TR181_ROUTING
-		bool "Include Device.Routing."
-		default y
-
-	config BBFDM_TR181_SECURITY
-		bool "Include Device.Security."
-		default y
-
-	config BBFDM_TR181_SELFTEST
-		bool "Include Device.SelfTestDiagnostics."
-		default y
-
-	config BBFDM_TR181_SSH
-		bool "Include Device.SSH."
-		default y
-
-	config BBFDM_TR181_TIME
-		bool "Include Device.Time."
-		default y
-
-	config BBFDM_TR181_UPNP
-		bool "Include Device.UPnP."
-		default y
-
-	config BBFDM_TR181_USB
-		bool "Include Device.USB."
-		default y
-
-	config BBFDM_TR181_USERINTERFACE
-		bool "Include Device.UserInterface."
-		default y
-
-	config BBFDM_TR181_WIFI
-		bool "Include Device.WiFi."
-		default y
-
-	config BBFDM_TR181_WIFI_DATAELEMENTS
-		bool "Include Device.WiFi.DataElements."
-		default y
-
-	config BBFDM_TR181_WIFI_DATAELEMENTS_ASSOCEVENTS
-		bool "Include deprecated AssociationEventData/DisassociationEventData tables"
-		default n
-		help
-		  TR181-2.17 deprecates below dataelements tables
-		  - Device.WiFi.DataElements.AssociationEvent.AssociationEventData.{i}.
-		  - Device.WiFi.DataElements.DisassociationEvent.DisassociationEventData.{i}.
-		  If this option is selected, above mentioned tables shall be added in datamodel.
-
-endmenu

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.4.23.29
+PKG_VERSION:=1.5.4
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=2f1dac5686f54219fc7706c677905816b650dd1c
+PKG_SOURCE_VERSION:=cd2066de6781ace66d3165937a138a0f12353d8c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -31,46 +31,13 @@ define Package/libbbfdm-api
   ABI_VERSION:=1.0
 endef
 
-define Package/libbbfdm/default
+define Package/libbbfdm
   SECTION:=utils
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=Library for broadband forum data model support
   DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libcurl +libbbfdm-api \
-	    +BBF_TR471:obudpst
-  MENU:=1
-endef
-
-define Package/libbbfdm
-  $(Package/libbbfdm/default)
-  TITLE += (default)
-  VARIANT:=default
-  DEPENDS += +PACKAGE_libbbfdm-openssl:libopenssl
-  DEFAULT_VARIANT:=1
-endef
-
-define Package/libbbfdm-mbedtls
-  $(Package/libbbfdm/default)
-  TITLE += (mbedtls)
-  DEPENDS += +PACKAGE_libbbfdm-mbedtls:libmbedtls
-  VARIANT:=mbedtls
-  CONFLICTS := libbbfdm libbbfdm-openssl libbbfdm-wolfssl
-endef
-
-define Package/libbbfdm-openssl
-  $(Package/libbbfdm/default)
-  TITLE += (openssl)
-  DEPENDS += +PACKAGE_libbbfdm-openssl:libopenssl
-  VARIANT:=openssl
-  CONFLICTS := libbbfdm libbbfdm-mbedtls libbbfdm-wolfssl
-endef
-
-define Package/libbbfdm-wolfssl
-  $(Package/libbbfdm/default)
-  TITLE += (wolfssl)
-  DEPENDS += +PACKAGE_libbbfdm-wolfssl:libwolfssl
-  VARIANT:=wolfssl
-  CONFLICTS := libbbfdm libbbfdm-mbedtls libbbfdm-openssl
+	    +BBF_TR471:obudpst +libopenssl
 endef
 
 define Package/bbfdmd
@@ -78,9 +45,7 @@ define Package/bbfdmd
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=Datamodel ubus backend
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api +PACKAGE_libbbfdm-mbedtls:libbbfdm-mbedtls \
-		   +PACKAGE_libbbfdm-openssl:libbbfdm-openssl +PACKAGE_libbbfdm-wolfssl:libbbfdm-wolfssl \
-		   +PACKAGE_libbbfdm:libbbfdm
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libbbfdm-api +libbbfdm
 endef
 
 define Package/userinterface
@@ -113,153 +78,8 @@ endef
 endif
 
 CMAKE_OPTIONS += \
-	-DBBF_TR181=ON \
-	-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON
-
-
-ifeq ($(CONFIG_BBFDM_TR181_ATM),y)
-TARGET_CFLAGS += -DBBFDM_TR181_ATM
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_BRIDGING),y)
-TARGET_CFLAGS += -DBBFDM_TR181_BRIDGING
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_DDNS),y)
-TARGET_CFLAGS += -DBBFDM_TR181_DDNS
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_DEVICEINFO),y)
-TARGET_CFLAGS += -DBBFDM_TR181_DEVICEINFO
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_DEVICEINFO_PROCESSSTATUS),y)
-TARGET_CFLAGS += -DBBFDM_TR181_DEVICEINFO_PROCESSSTATUS
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_DHCPv4),y)
-TARGET_CFLAGS += -DBBFDM_TR181_DHCPv4
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_DHCPv6),y)
-TARGET_CFLAGS += -DBBFDM_TR181_DHCPv6
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_DNS),y)
-TARGET_CFLAGS += -DBBFDM_TR181_DNS
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_DSL),y)
-TARGET_CFLAGS += -DBBFDM_TR181_DSL
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_ETHERNET),y)
-TARGET_CFLAGS += -DBBFDM_TR181_ETHERNET
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_FAST),y)
-TARGET_CFLAGS += -DBBFDM_TR181_FAST
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_FIREWALL),y)
-TARGET_CFLAGS += -DBBFDM_TR181_FIREWALL
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_GATEWAYINFO),y)
-TARGET_CFLAGS += -DBBFDM_TR181_GATEWAYINFO
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_GRE),y)
-TARGET_CFLAGS += -DBBFDM_TR181_GRE
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_IEEE1905),y)
-TARGET_CFLAGS += -DBBFDM_TR181_IEEE1905
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_INTERFACESTACK),y)
-TARGET_CFLAGS += -DBBFDM_TR181_INTERFACESTACK
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_IP),y)
-TARGET_CFLAGS += -DBBFDM_TR181_IP
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_LANCONFSEC),y)
-TARGET_CFLAGS += -DBBFDM_TR181_LANCONFSEC
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_MQTT),y)
-TARGET_CFLAGS += -DBBFDM_TR181_MQTT
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_NAT),y)
-TARGET_CFLAGS += -DBBFDM_TR181_NAT
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_PACKETCAPTURE),y)
-TARGET_CFLAGS += -DBBFDM_TR181_PACKETCAPTURE
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_PPP),y)
-TARGET_CFLAGS += -DBBFDM_TR181_PPP
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_PTM),y)
-TARGET_CFLAGS += -DBBFDM_TR181_PTM
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_QOS),y)
-TARGET_CFLAGS += -DBBFDM_TR181_QOS
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_ROUTERADVERTISEMENT),y)
-TARGET_CFLAGS += -DBBFDM_TR181_ROUTERADVERTISEMENT
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_ROUTING),y)
-TARGET_CFLAGS += -DBBFDM_TR181_ROUTING
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_SECURITY),y)
-TARGET_CFLAGS += -DBBFDM_TR181_SECURITY
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_SELFTEST),y)
-TARGET_CFLAGS += -DBBFDM_TR181_SELFTEST
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_SSH),y)
-TARGET_CFLAGS += -DBBFDM_TR181_SSH
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_TIME),y)
-TARGET_CFLAGS += -DBBFDM_TR181_TIME
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_UPNP),y)
-TARGET_CFLAGS += -DBBFDM_TR181_UPNP
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_USB),y)
-TARGET_CFLAGS += -DBBFDM_TR181_USB
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_USERINTERFACE),y)
-TARGET_CFLAGS += -DBBFDM_TR181_USERINTERFACE
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_WIFI),y)
-TARGET_CFLAGS += -DBBFDM_TR181_WIFI
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_WIFI_DATAELEMENTS),y)
-TARGET_CFLAGS += -DBBFDM_TR181_WIFI_DATAELEMENTS
-endif
-
-ifeq ($(CONFIG_BBFDM_TR181_WIFI_DATAELEMENTS_ASSOCEVENTS),y)
-TARGET_CFLAGS += -DBBFDM_TR181_WIFI_DATAELEMENTS_ASSOCEVENTS
-endif
+	-DBBF_TR181=ON
+	-DBBF_WIFI_DATAELEMENTS=ON
 
 ifeq ($(CONFIG_BBF_TR143),y)
 CMAKE_OPTIONS += \
@@ -282,22 +102,6 @@ CMAKE_OPTIONS += \
 
 endif ##CONFIG_BBF_VENDOR_EXTENSION
 
-ifeq ($(BUILD_VARIANT),default)
-CMAKE_OPTIONS += -DWITH_OPENSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),openssl)
-CMAKE_OPTIONS += -DWITH_OPENSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),wolfssl)
-CMAKE_OPTIONS += -DWITH_WOLFSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),mbedtls)
-CMAKE_OPTIONS += -DWITH_MBEDTLS=ON
-endif
-
 ifeq ($(CONFIG_PACKAGE_bbfdmd),y)
 CMAKE_OPTIONS += \
 	-DBBFDMD_MAX_MSG_LEN:Integer=10485760
@@ -306,11 +110,9 @@ endif
 define Package/libbbfdm-api/install
 	$(INSTALL_DIR) $(1)/lib
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm-api/libbbfdm-api.so $(1)/lib/
-	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
-	$(CP) $(PKG_BUILD_DIR)/libbbfdm-api/scripts/bbf.config $(1)/usr/libexec/rpcd/bbf.config
 endef
 
-define Package/libbbfdm/default/install
+define Package/libbbfdm/install
 	$(INSTALL_DIR) $(1)/lib
 	$(INSTALL_DIR) $(1)/etc/bbfdm
 	$(INSTALL_DIR) $(1)/etc/bbfdm/dmmap
@@ -331,7 +133,7 @@ ifeq ($(CONFIG_BBF_TR143),y)
 endif
 endef
 
-define Package/libbbfdm/default/prerm
+define Package/libbbfdm/prerm
 	#!/bin/sh
 	rm -rf /etc/bbfdm/dmmap/*
 	exit 0
@@ -343,15 +145,12 @@ define Package/bbfdmd/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/bbfdm
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bbfdmd/ubus/bbfdmd $(1)/usr/sbin/
 	$(INSTALL_DATA) ./files/etc/bbfdm/input.json $(1)/etc/bbfdm/
 	$(INSTALL_BIN) ./files/etc/init.d/bbfdmd $(1)/etc/init.d/bbfdmd
 	$(INSTALL_CONF) ./files/etc/config/bbfdm $(1)/etc/config/bbfdm
-	$(INSTALL_CONF) ./files/etc/config/schedules $(1)/etc/config/schedules
 	$(INSTALL_BIN) ./files/etc/bbfdm/bbfdm_services.sh $(1)/etc/bbfdm/
 	$(INSTALL_BIN) ./files/etc/hotplug.d/iface/85-bbfdm-sysctl $(1)/etc/hotplug.d/iface/85-bbfdm-sysctl
-	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_lease_start_time.user $(1)/etc/udhcpc.user.d/udhcpc_lease_start_time.user
 endef
 
 define Package/userinterface/install
@@ -367,16 +166,6 @@ define Package/userinterface/install
 	$(INSTALL_BIN) ./files/etc/firewall.userinterface $(1)/etc/firewall.userinterface
 endef
 
-Package/libbbfdm/prerm = $(Package/libbbfdm/default/prerm)
-Package/libbbfdm-openssl/prerm = $(Package/libbbfdm/default/prerm)
-Package/libbbfdm-wolfssl/prerm = $(Package/libbbfdm/default/prerm)
-Package/libbbfdm-mbedtls/prerm = $(Package/libbbfdm/default/prerm)
-
-Package/libbbfdm/install = $(Package/libbbfdm/default/install)
-Package/libbbfdm-openssl/install = $(Package/libbbfdm/default/install)
-Package/libbbfdm-wolfssl/install = $(Package/libbbfdm/default/install)
-Package/libbbfdm-mbedtls/install = $(Package/libbbfdm/default/install)
-
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DIR) $(1)/usr/include
@@ -394,9 +183,6 @@ endef
 
 $(eval $(call BuildPackage,libbbfdm-api))
 $(eval $(call BuildPackage,libbbfdm))
-$(eval $(call BuildPackage,libbbfdm-openssl))
-$(eval $(call BuildPackage,libbbfdm-wolfssl))
-$(eval $(call BuildPackage,libbbfdm-mbedtls))
 $(eval $(call BuildPackage,bbfdmd))
 
 $(eval $(call BuildPackage,userinterface))

bbfdm/files/etc/config/bbfdm

@@ -2,7 +2,7 @@
 config bbfdmd 'bbfdmd'
 	option enabled '1'
 	option loglevel '1'
-	option refresh_time '120'
+	option refresh_time '10'
 	option transaction_timeout '30'
 	option subprocess_level '2'
 

bbfdm/files/etc/config/schedules

@@ -1,2 +0,0 @@
-config global 'global'
-	option enable '1'

bbfdm/files/etc/firewall.portmap

@@ -2,40 +2,71 @@
 
 . /lib/functions.sh
 
+log() {
+	echo "${@}"|logger -t firewall.dnat -p info
+}
+
+exec_cmd() {
+	if ! eval "$*"; then
+		log "Failed to run [$*]"
+	fi
+}
+
 reorder_dnat_rules() {
 	nat_chains=$(iptables -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)
 
 	for chain in ${nat_chains}; do
 		# Collect empty remote host & empty dport rules
 		EMPTY_HOST_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")
+		if [ -n "${EMPTY_HOST_PORT}" ]; then
+			echo "${EMPTY_HOST_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
+				exec_cmd $cmd1
+			done
+		fi
 
 		# Collect empty remote host but non empty dport rules
 		EMPTY_HOST=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")
+		if [ -n "${EMPTY_HOST}" ]; then
+			echo "${EMPTY_HOST}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
+				exec_cmd $cmd1
+			done
+		fi
 
 		# Collect non empty remote host but empty dport rules
 		EMPTY_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")
+		if [ -n "${EMPTY_PORT}" ]; then
+			echo "${EMPTY_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd | sed 's/-A /-D /g')"
+				exec_cmd $cmd1
+			done
+		fi
 
-		# Skip this chain if no matching rules were found
-		[ -n "${EMPTY_HOST_PORT}" -o -n "${EMPTY_HOST}" -o -n "${EMPTY_PORT}" ] || continue
+		# Now add rules as per datamodel precedence shown below
+		## Non empty remote host, empty dport
+		## empty remote host, non empty dport
+		## empty remote host, empty dport
+		if [ -n "${EMPTY_PORT}" ]; then
+			echo "${EMPTY_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd)"
+				exec_cmd $cmd1
+			done
+		fi
 
-		(
-			echo '*nat'
+		if [ -n "${EMPTY_HOST}" ]; then
+			echo "${EMPTY_HOST}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd)"
+				exec_cmd $cmd1
+			done
+		fi
 
-			# Delete collected rules
-			[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}" | sed 's/^-A /-D /'
-			[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}" | sed 's/^-A /-D /'
-			[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}" | sed 's/^-A /-D /'
-
-			# Now add rules as per datamodel precedence shown below
-			## Non empty remote host, empty dport
-			## empty remote host, non empty dport
-			## empty remote host, empty dport
-			[ -n "${EMPTY_PORT}" ] && echo "${EMPTY_PORT}"
-			[ -n "${EMPTY_HOST}" ] && echo "${EMPTY_HOST}"
-			[ -n "${EMPTY_HOST_PORT}" ] && echo "${EMPTY_HOST_PORT}"
-
-			echo 'COMMIT'
-		) | iptables-restore -w -n
+		if [ -n "${EMPTY_HOST_PORT}" ]; then
+			echo "${EMPTY_HOST_PORT}" | while read cmd; do
+				cmd1="iptables -t nat $(echo $cmd)"
+				exec_cmd $cmd1
+			done
+		fi
 	done
 }
 

bbfdm/files/etc/firewall.service

@@ -7,7 +7,7 @@ log() {
 }
 
 exec_cmd() {
-	if ! "$@"; then
+	if ! eval "$*"; then
 		log "Failed to run [$*]"
 		echo "-1"
 		return 0
@@ -73,7 +73,7 @@ add_iptable_rule() {
 		fi
 
 		if [ -z "${src_prefix}" ]; then
-			res=$(exec_cmd iptables -w ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
+			res=$(exec_cmd "iptables ${cmd} -m comment --comment IPtables_service_rule -j ${action}")
 		else
 			#Add ipv4 sources if any
 			src_list=""
@@ -86,7 +86,7 @@ add_iptable_rule() {
 
 			if [ -n "$src_list" ]; then
 				src_list=$(echo "${src_list}" | sed "s/,$//")
-				res=$(exec_cmd iptables -w -s "$src_list" ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
+				res=$(exec_cmd "iptables -s $src_list ${cmd} -m comment --comment IPtables_service_rule -j ${action}")
 			fi
 		fi
 	fi
@@ -97,7 +97,7 @@ add_iptable_rule() {
 		fi
 
 		if [ -z "${src_prefix}" ]; then
-			res=$(exec_cmd ip6tables -w ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
+			res=$(exec_cmd "ip6tables ${cmd} -m comment --comment IP6tables_service_rule -j ${action}")
 		else
 			#Add ipv6 sources if any
 			src_list=""
@@ -110,7 +110,7 @@ add_iptable_rule() {
 
 			if [ -n "$src_list" ]; then
 				src_list=$(echo "${src_list}" | sed "s/,$//")
-				res=$(exec_cmd ip6tables -w -s "$src_list" ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
+				res=$(exec_cmd "ip6tables -s $src_list ${cmd} -m comment --comment IP6tables_service_rule -j ${action}")
 			fi
 		fi
 	fi

bbfdm/files/etc/init.d/bbfdmd

@@ -40,12 +40,7 @@ configure_bbfdmd()
 	[ "${enabled}" -eq 0 ] && return 0
 
 	if [ -f "${BBFDM_JSON_INPUT}" ]; then
-		cat ${BBFDM_JSON_INPUT} |jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' > ${BBFDM_TEMP_JSON}
-		val="$(jq -r '.daemon.input // empty' ${BBFDM_TEMP_JSON})"
-		if [ -z "${val}" ]; then
-			log "Failed to generate temp input json, uci changes not applied"
-			cp ${BBFDM_JSON_INPUT} ${BBFDM_TEMP_JSON}
-		fi
+		echo "$(jq --arg log ${loglevel} --arg tran ${transaction_timeout} --arg refresh ${refresh_time} --arg level ${subprocess_level} '.daemon.config += {"loglevel": $log, "refresh_time": $refresh, "transaction_timeout": $tran, "subprocess_level": $level}' ${BBFDM_JSON_INPUT})" > ${BBFDM_TEMP_JSON}
 	fi
 
 	procd_set_param command ${PROG}

bbfdm/files/etc/udhcpc.user.d/udhcpc_lease_start_time.user

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-leasestarttime="$(awk -F'.' '{print $1}' /proc/uptime 2> /dev/null)"
-target_file=/tmp/dhcp_client_info
-target_str="$INTERFACE $lease $leasestarttime"
-
-# if this interface is present in file, then replace it
-if grep -q "$INTERFACE" "$target_file" 2> /dev/null; then
-	# replace the whole line if pattern matches
-	sed -i "/${INTERFACE}/c\\${target_str}" "$target_file"
-else
-	# interface info was not present, append it to the file
-	echo "$target_str" >> "$target_file"
-fi

bulkdata/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.3
+PKG_VERSION:=2.1.5
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=f556410b51a2248f11358793f11ae54d3e53e85e
+PKG_SOURCE_VERSION:=f03fb8682aa7efe760294e54c422f2eab856e08c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

csmngr/Makefile

@@ -1,64 +0,0 @@
-#
-# Copyright (C) 2020-2024 IOPSYS Software Solutions AB
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=csmngr
-PKG_VERSION:=1.0.1
-
-LOCAL_DEV=0
-ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=92c62f8df86066bd1718a6a6036195b113e74032
-PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/csmngr.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
-PKG_MIRROR_HASH:=skip
-endif
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_CONFIG_DEPENDS := \
-		     CONFIG_PACKAGE_libwifiutils \
-		     CONFIG_PACKAGE_libwifi
-
-PKG_BUILD_DEPENDS := libwifi
-
-include $(INCLUDE_DIR)/package.mk
-
-
-MAKE_PATH:=src
-
-define Package/csmngr
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=WiFi channel selection manager
-  DEPENDS:=+libwifiutils +libwifi +libuci +libubox +ubus +libnl-genl
-endef
-
-define Package/csmngr/description
- WiFi Auto Channel Selection manager.
-endef
-
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include \
-	-I$(STAGING_DIR)/usr/include/libnl3 \
-	-D_GNU_SOURCE
-
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-  rsync -r --exclude=.* ~/git/csmngr/ $(PKG_BUILD_DIR)/
-endef
-endif
-
-define Package/csmngr/install
-	$(CP) ./files/* $(1)/
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/csmngr $(1)/usr/sbin/
-endef
-
-$(eval $(call BuildPackage,csmngr))

csmngr/files/etc/init.d/csmngr

@@ -1,21 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=95
-STOP=10
-
-USE_PROCD=1
-PROG=/usr/sbin/csmngr
-
-start_service() {
-	procd_open_instance
-	procd_set_param command ${PROG}
-#	procd_set_param stderr 1                    #for debugging only
-#	procd_set_param respawn
-	procd_close_instance
-}
-
-reload_service() {
-        stop
-        start
-}
-

decollector/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=4.2.1.1.6
+PKG_VERSION:=4.2.1.1
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=9fae736fa6c4ee39e7775964c7f84b105196c034
+PKG_SOURCE_VERSION:=ae836adb0779979686d0dad34b941f319ffed1b8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.6.5
+PKG_VERSION:=3.6.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=192e74db2082e3f89f6defe9d752d752b0b09079
+PKG_SOURCE_VERSION:=d9cc11c81ce1ff625e4e789afa180b301c7fcf74
 PKG_MIRROR_HASH:=skip
 endif
 

ethmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=2.1.3.1
+PKG_VERSION:=2.1.2
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=847a94cee530d60bfd10ceaee4185d64fb6397d0
+PKG_SOURCE_VERSION:=e5cccdd45a93d969d51c4085cb52b543df544811
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
 PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.1.9
+PKG_VERSION:=1.1.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=3aabf79273537b146e063e32cd0443d8a156daa2
+PKG_SOURCE_VERSION:=edb5bbe57c5bc83035e217c73071c9b3e878dc22
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
@@ -57,7 +57,7 @@ endif
 MAKE_PATH:=src
 
 define Package/hostmngr/install
-	$(CP) ./files/etc $(1)/
+	$(CP) ./files/* $(1)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/hostmngr/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/hostmngr $(1)/usr/sbin/

hostmngr/files/etc/hostmngr/input.json

@@ -2,8 +2,7 @@
 	"daemon": {
 		"input": {
 			"type": "DotSo",
-			"name": "/etc/hostmngr/libhostmngr.so",
-			"plugin_dir": "/etc/hostmngr/plugins/"
+			"name": "/etc/hostmngr/libhostmngr.so"
 		},
 		"output": {
 			"type": "UBUS",

hostmngr/files/scripts/hosts_acl.sh

@@ -218,15 +218,11 @@ process_ac_schedule() {
 iptables -w -F hosts_forward
 ip6tables -w -F hosts_forward
 
-hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward)
-if [ -z "$hosts_ipv4_forward" ]; then
+hosts_forward=$(iptables -t filter --list | grep hosts_forward)
+if [ -z "$hosts_forward" ]; then
 	iptables -w -t filter -N hosts_forward
 	ret=$?
 	[ $ret -eq 0 ] && iptables -w -t filter -I FORWARD -j hosts_forward
-fi
-
-hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward)
-if [ -z "$hosts_ipv6_forward" ]; then
 	ip6tables -w -t filter -N hosts_forward
 	ret=$?
 	[ $ret -eq 0 ] && ip6tables -w -t filter -I FORWARD -j hosts_forward

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.5.29.18
+PKG_VERSION:=9.6.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=816033a14672e8e9c3566ce06fa19fb422eeb546
+PKG_SOURCE_VERSION:=601708dd0a2ca4fad5213e78cc456e0f355f45bc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -26,68 +26,21 @@ include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 include ../bbfdm/bbfdm.mk
 
-define Package/icwmp/default
+define Package/icwmp
   SECTION:=utils
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=TR069 CWMP client
-  DEPENDS:=+libuci +libubox +libblobmsg-json +libubus +libjson-c +libcurl +mxml +libuuid +libbbfdm-api
+  DEPENDS:=+libuci +libubox +libblobmsg-json +libubus +libjson-c +libcurl +mxml +libuuid +libbbfdm-api +libopenssl
 endef
 
-define Package/icwmp
-  $(Package/icwmp/default)
-  VARIANT:=default
-  DEFAULT_VARIANT:=1
-  DEPENDS += +PACKAGE_icwmp-openssl:libopenssl
-endef
-
-define Package/icwmp-openssl
-  $(Package/icwmp/default)
-  TITLE += (openssl)
-  VARIANT:=openssl
-  DEPENDS += +PACKAGE_icwmp-openssl:libopenssl
-  CONFLICTS := icwmp icwmp-mbedtls icwmp-wolfssl
-endef
-
-define Package/icwmp-wolfssl
-  $(Package/icwmp/default)
-  TITLE += (wolfssl)
-  VARIANT:=wolfssl
-  DEPENDS += +PACKAGE_icwmp-wolfssl:libwolfssl
-  CONFLICTS := icwmp icwmp-mbedtls icwmp-openssl
-endef
-
-define Package/icwmp-mbedtls
-  $(Package/icwmp/default)
-  TITLE += (mbedtls)
-  DEPENDS += +PACKAGE_icwmp-mbedtls:libmbedtls
-  VARIANT:=mbedtls
-  CONFLICTS := icwmp icwmp-wolfssl icwmp-openssl
-endef
-
-ifeq ($(BUILD_VARIANT),default)
-CMAKE_OPTIONS += -DWITH_OPENSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),openssl)
-CMAKE_OPTIONS += -DWITH_OPENSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),wolfssl)
-CMAKE_OPTIONS += -DWITH_WOLFSSL=ON
-endif
-
-ifeq ($(BUILD_VARIANT),mbedtls)
-CMAKE_OPTIONS += -DWITH_MBEDTLS=ON
-endif
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/icwmp/* $(PKG_BUILD_DIR)/
 endef
 endif
 
-define Package/icwmp/default/install
+define Package/icwmp/install
 	$(INSTALL_DIR) $(1)/etc/icwmpd
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/config
@@ -109,12 +62,4 @@ define Package/icwmp/default/install
 	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/libcwmpdm.so)
 endef
 
-Package/icwmp/install = $(Package/icwmp/default/install)
-Package/icwmp-openssl/install = $(Package/icwmp/default/install)
-Package/icwmp-wolfssl/install = $(Package/icwmp/default/install)
-Package/icwmp-mbedtls/install = $(Package/icwmp/default/install)
-
 $(eval $(call BuildPackage,icwmp))
-$(eval $(call BuildPackage,icwmp-openssl))
-$(eval $(call BuildPackage,icwmp-wolfssl))
-$(eval $(call BuildPackage,icwmp-mbedtls))

icwmp/files/etc/config/cwmp

@@ -21,7 +21,7 @@ config cpe 'cpe'
 	option log_to_file 'disable'
 	# log_severity: INFO (Default)	
 	# log_severity possible configs: EMERG, ALERT, CRITIC ,ERROR, WARNING, NOTICE, INFO, DEBUG
-	option log_severity 'ERROR'
+	option log_severity 'DEBUG'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
 	option userid '' #$OUI-$SER

icwmp/files/etc/init.d/icwmpd

@@ -436,13 +436,14 @@ validate_cpe_section()
 		'notification:bool' \
 		'exec_download:bool' \
 		'periodic_notify_enable:bool' \
-		'enable:bool' \
+		'enable:bool:1' \
 		'periodic_notify_interval:uinteger' \
 		'fw_upgrade_keep_settings:bool'
 }
 
 validate_defaults() {
-	local ssl_capath
+	local ssl_capath enable url dhcp_url
+
 	config_load cwmp
 
 	validate_acs_section || {
@@ -450,6 +451,11 @@ validate_defaults() {
 		return 1;
 	}
 
+	if [ -z "${url}" ] && [ -z "${dhcp_url}" ]; then
+		log "No ACS URL is configured"
+		return 1
+	fi
+
 	ssl_capath="${ssl_capath%/}"
 	# Put the cert pem file in keep list
 	if [ -d "${ssl_capath}" ]; then
@@ -465,6 +471,11 @@ validate_defaults() {
 		return 1;
 	}
 
+	if [ "$enable" = "0" ]; then
+		log "CWMP service disabled"
+		return 1
+	fi
+
 	return 0;
 }
 
@@ -512,30 +523,17 @@ boot() {
 }
 
 start_service() {
-	local enable_cwmp url dhcp_url
-
-	config_load cwmp
-	config_get_bool enable_cwmp cpe enable 1
-	config_get url acs url ""
-	config_get dhcp_url acs dhcp_url ""
 
 	procd_open_instance icwmp
 
-	if [ "$enable_cwmp" = "0" ]; then
-		procd_close_instance
-		return 0
-	fi
-
 	validate_defaults || {
 		log "Validation of defaults failed"
 		procd_close_instance
 		return 1;
 	}
 
-	if [ -n "${url}" ] || [ -n "${dhcp_url}" ]; then
-		procd_set_param command "$PROG"
-		procd_append_param command -b
-	fi
+	procd_set_param command "$PROG"
+	procd_append_param command -b
 
 	procd_set_param respawn \
 		"${respawn_threshold:-5}" \
@@ -552,16 +550,14 @@ stop_service()
 reload_service() {
 	local ret
 
-	config_load cwmp
-	config_get_bool enable_cwmp cpe enable 1
-
 	log "Reload service $ret"
 	ret="0"
-	if [ "$enable_cwmp" = "0" ]; then
+
+	validate_defaults || {
 		stop
 		start
-		return 0
-	fi
+		return 0;
+	}
 
 	ret=$(ubus call service list '{"name":"icwmpd"}' | jsonfilter -qe '@.icwmpd.instances.icwmp.running')
 	if [ "$ret" != "true" ]; then

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.3.4.15
+PKG_VERSION:=8.3.4
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=bdf808d9b2c74e2613f1e2842cb01e62e2d1a3e1
+PKG_SOURCE_VERSION:=526690993c93720ee1707bba6b7a08e8c28f2dd9
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

iop/config

@@ -79,7 +79,6 @@ CONFIG_PACKAGE_map-controller=y
 # Network #
 CONFIG_PACKAGE_hostmngr=y
 CONFIG_PACKAGE_netmode=y
-CONFIG_PACKAGE_testnet=y
 CONFIG_PACKAGE_urlfilter=y
 
 # System #
@@ -143,6 +142,7 @@ CONFIG_PACKAGE_wwan=y
 CONFIG_PACKAGE_xl2tpd=y
 
 # Services #
+CONFIG_PACKAGE_atftp=y
 CONFIG_PACKAGE_atftpd=y
 CONFIG_PACKAGE_ddns-scripts=y
 CONFIG_PACKAGE_dnsmasq=y
@@ -150,7 +150,6 @@ CONFIG_PACKAGE_ssdpd=y
 CONFIG_PACKAGE_miniupnpd-iptables=y
 CONFIG_PACKAGE_mosquitto-client-ssl=y
 CONFIG_PACKAGE_mosquitto-ssl=y
-# CONFIG_MOSQUITTO_BRIDGE_SUPPORT is not set
 CONFIG_PACKAGE_nginx=y
 CONFIG_PACKAGE_openvpn-easy-rsa=y
 CONFIG_PACKAGE_openvpn-openssl=y

iop/scripts/genconfig.sh

@@ -399,6 +399,8 @@ function genconfig {
 			echo "CONFIG_TARGET_${target}=y" >> .config
 			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
 			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
+			echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
+			echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
 			;;
 		*)
 			echo "CONFIG_TARGET_${target}=y" >> .config
@@ -431,15 +433,6 @@ function genconfig {
 				fi
 			done
 		fi
-		# Ensure strict file permissions, for when provided through the above
-		if [ -f "$FILEDIR/etc/shadow" ]; then
-			v "chmod 0600 $FILEDIR/etc/shadow"
-			chmod 0600 "$FILEDIR/etc/shadow"
-		fi
-		if [ -d "$FILEDIR/etc/ssl/private" ]; then
-			v "find $FILEDIR/etc/ssl/private -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'"
-			find "$FILEDIR/etc/ssl/private" -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'
-		fi
 
 		# Set target version
 		local git_version

iop/scripts/genconfig_min.sh

@@ -373,6 +373,8 @@ function genconfig_min {
 			echo "CONFIG_TARGET_${target}=y" >> .config
 			echo "CONFIG_TARGET_${target}_${subtarget}=y" >> .config
 			echo "CONFIG_TARGET_DEVICE_${target}_${subtarget}_DEVICE_${BOARDTYPE}=y" >> .config
+			echo "CONFIG_TARGET_MULTI_PROFILE=y" >> .config
+			echo "CONFIG_TARGET_PER_DEVICE_ROOTFS=y" >> .config
 			;;
 		*)
 			echo "CONFIG_TARGET_${target}=y" >> .config
@@ -405,15 +407,6 @@ function genconfig_min {
 				fi
 			done
 		fi
-		# Ensure strict file permissions, for when provided through the above
-		if [ -f "$FILEDIR/etc/shadow" ]; then
-			v "chmod 0600 $FILEDIR/etc/shadow"
-			chmod 0600 "$FILEDIR/etc/shadow"
-		fi
-		if [ -d "$FILEDIR/etc/ssl/private" ]; then
-			v "find $FILEDIR/etc/ssl/private -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'"
-			find "$FILEDIR/etc/ssl/private" -type d -exec chmod 0700 '{}' ';' -o -type f -exec chmod 0600 '{}' ';'
-		fi
 
 		# Set target version
 		local git_version

libeasy/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.4.3
+PKG_VERSION:=7.4.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=0f16f1bd7d995427f0c4601b4e1e595224321df2
+PKG_SOURCE_VERSION:=11eb263666556c419220e2a50c3a67422e79f884
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libeasy.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libethernet/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libethernet
-PKG_VERSION:=7.2.112.1
+PKG_VERSION:=7.2.107
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=938752e3bd4c524aa518fc247d186ebdf282e1c0
+PKG_SOURCE_VERSION:=9c0e9ecd62b79d4e89b4f013f04124870d237395
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libethernet.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.13
+PKG_VERSION:=1.0.10
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=c22f9b2e5348c3e4c99840314f68f35b379a3549
+PKG_SOURCE_VERSION:=e6ba6fca814f6c83a3d6ff4a5b7560fbc36d3101
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-airoha/files/etc/uci-defaults/99-asterisk

@@ -1,21 +0,0 @@
-#!/bin/sh
-
-hasVoice=$(db -q get hw.board.hasVoice)
-
-[ "$hasVoice" = "1" ] || { rm -f "/etc/config/asterisk"; return; }
-
-source /lib/voice/config_asterisk.sh
-
-default_asterisk_config
-
-SLIC=`cat /proc/device-tree/airoha-voice/slic-type`
-[ "${SLIC#pef}" != "${SLIC}" ] || return
-
-echo Configure TxGain and RxGain for MXL SLIC $SLIC
-
-ports=$(db -q get hw.board.VoicePorts)
-for p in $(seq 0 $((ports-1))); do
-    uci set asterisk.extension${p}.txgain='10'
-    uci set asterisk.extension${p}.rxgain='-15'
-done
-uci commit asterisk

libvoice-broadcom/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-broadcom
 PKG_RELEASE:=1
-PKG_VERSION:=1.0.9
+PKG_VERSION:=1.0.8
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=99ed0ea5ef83cebb444d135909573ccb2b37fe45
+PKG_SOURCE_VERSION:=e1de60c2c05935fb2f4adfc1f73feba0bb32ade6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-broadcom/files/etc/uci-defaults/99-asterisk

@@ -1,10 +0,0 @@
-#!/bin/sh
-
-hasVoice=$(db -q get hw.board.hasVoice)
-
-[ "$hasVoice" = "1" ] || { rm -f "/etc/config/asterisk"; return; }
-
-source /lib/voice/config_asterisk.sh
-
-default_asterisk_config
-

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.4.16.18
+PKG_VERSION:=7.4.18
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b8adef24b294279bf07c0f9d00813b51fae7107f
+PKG_SOURCE_VERSION:=4f6d22e0afa199bcff63f084a022c6142883973f
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
@@ -76,10 +76,6 @@ ifeq ($(CONFIG_LIBWIFI_USE_CTRL_IFACE),y)
   TARGET_CFLAGS +=-DLIBWIFI_USE_CTRL_IFACE
 endif
 
-ifeq ($(CONFIG_LIBWIFI_SKIP_PROBES),y)
-  TARGET_CFLAGS +=-DLIBWIFI_BRCM_SKIP_PROBES
-endif
-
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include \
 	-I$(STAGING_DIR)/usr/include/openssl \
@@ -147,12 +143,7 @@ define Package/libwifi/config
 
 	config LIBWIFI_USE_CTRL_IFACE
 		bool "Create UNIX sockets to interface with hostapd/wpa_supplicant"
-		default n
-
-	config LIBWIFI_SKIP_PROBES
-		bool "Don't create probe-req events"
 		default y
-
   endif
 endef
 

map-agent/Config.in

@@ -55,8 +55,5 @@ config AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST
 config AGENT_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config DYNBHD_DYNAMICALLY_PERSIST_CONTROLLER
-	bool "Let dynbhd through AP-Autoconfiguration Search and DHCP Discovery determine the controller or agent role"
-
 endmenu
 endif

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=4.5.0.34
+PKG_VERSION:=4.5.1.0
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=8a73986f67c717961dc62cf11c8b0458ab04cc05
+PKG_SOURCE_VERSION:=6d74ca3c6a4a2893160a5de2f7f455a8d8596fec
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -105,10 +105,6 @@ ifeq ($(CONFIG_AGENT_OPER_CHANNEL_CHANGE_RELAY_MCAST),y)
 TARGET_CFLAGS += -DOPER_CHAN_CHANGE_RELAY_MCAST
 endif
 
-ifeq ($(CONFIG_DYNBHD_DYNAMICALLY_PERSIST_CONTROLLER),y)
-TARGET_CFLAGS += -DPERSIST_CONTROLLER
-endif
-
 MAKE_PATH:=src
 
 define Package/map-agent/install

map-agent/files/etc/config/mapagent

@@ -1,14 +1,14 @@
 config agent 'agent'
-	option enabled '1'
+	option enabled '0'
 	option debug '0'
 	option profile '3'
 	option al_bridge 'br-lan'
-	option island_prevention '1'
+	option netdev 'wlan'
+	option island_prevention '0'
 	option eth_onboards_wifi_bhs '1'
 	option scan_on_boot_only '0'
 	option chan_ch_relay_mcast '1'
 	option guest_isolation '1'
-	option dyn_cntlr_sync '0'
 	list map_port 'all'
 #	option controller_macaddr '0a:1b:2c:3d:4e:50'
 

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -1,19 +1,17 @@
 #!/bin/sh
 
+. /lib/network/utils.sh
+
 conn_ports_file="/var/run/multiap/map.connected.ports"
 map_bh_file="/var/run/multiap/multiap.backhaul"
-
-# Exit if AL Bridge is not configured to be a bridge device
 al_bridge="$(uci -q get mapagent.agent.al_bridge)"
 [ "${al_bridge:0:3}" = "br-" ] || exit 0
+al_brnet="${al_bridge:3}"
 
 # Exit if the PORT is not member of the AL Bridge
-port_bridge_sec="$(uci show network | grep -w $PORT | grep '\.ports' | cut -d'.' -f2)"
-port_bridge_name="$(uci -q get network.$port_bridge_sec.name)"
-[ "$port_bridge_name" = "$al_bridge" ] || exit 0
+[ "$(get_network_of $PORT)" = "$al_brnet" ] || exit 0
 
 # Exit if the device is not operating in extender/repeater mode
-al_brnet="${al_bridge:3}"
 [ "$(uci -q get network.${al_brnet}.proto)" == "dhcp" ] || exit 0
 
 ############## Dynamic Backhaul Daemon ##############
@@ -71,7 +69,7 @@ fi
 
 remove_from_bridge() {
 	config_get ifname "$section" ifname
-	[ -n "$ifname" ] && brctl delif ${al_bridge} ${ifname}
+	[ -n "$ifname" ] && ubus call network.interface.${al_brnet} remove_device '{"name":"$ifname"}'
 }
 
 update_bstas() {

map-agent/files/lib/multiap/map_genconfig

@@ -5,8 +5,8 @@
 generate_mapagent_config=0
 generate_wireless_sta_config=0
 
-network_mode="$(fw_printenv -n netmode)" # default is layer3
-multiap_mode="$(fw_printenv -n multiap_mode)" # default is full
+network_mode="$(fw_printenv -n netmode)"
+multiap_mode="$(fw_printenv -n multiap_mode)"
 
 is_airoha() {
 	[ -f /proc/device-tree/compatible ] || return
@@ -181,19 +181,20 @@ map_genconf () {
 		elif [ "$multiap_mode" == "auto" ]; then
 			uci -q set mapagent.@controller_select[0].autostart=1
 			uci -q set mapagent.@controller_select[0].local=0
-		elif [ "$multiap_mode" == "none" ]; then
-			uci set mapagent.agent.enabled="0"
-		else # default to full
+		elif [ "$multiap_mode" == "full" ]; then
 			uci -q set mapagent.@controller_select[0].autostart=1
 			uci -q set mapagent.@controller_select[0].local=1
+		elif [ "$multiap_mode" == "none" ]; then
+			uci set mapagent.agent.enabled="0"
 		fi
 		uci -q commit mapagent
-
-		if [ "$multiap_mode" == "agent" -o "$multiap_mode" == "none" ]; then
-			uci set mapcontroller.controller.enabled="0"
-		else
-			uci set mapcontroller.controller.enabled="1"
-		fi
-		uci -q commit mapcontroller
 	fi
+
+
+	if [ "$multiap_mode" == "agent" -o "$multiap_mode" == "none" ]; then
+		uci set mapcontroller.controller.enabled="0"
+	else
+		uci set mapcontroller.controller.enabled="1"
+	fi
+	uci -q commit mapcontroller
 }

map-controller/Config.in

@@ -29,10 +29,6 @@ config CONTROLLER_EASYMESH_VENDOR_EXT_OUI
 config CONTROLLER_USE_LIBDPP
 	bool "Depend on libdpp for DPP EasyConnect"
 
-config CONTROLLER_PROPAGATE_PROBE_REQ
-	depends on CONTROLLER_EASYMESH_VENDOR_EXT
-	bool "Enable publishing probe requests vendor specific messages as UBUS events"
-	default y
 
 endmenu
 endif

map-controller/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=4.5.0.23
+PKG_VERSION:=4.5.0.4
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ea159dee9536889171fe6f2463c2259ac48c4a97
+PKG_SOURCE_VERSION:=59a3bb0e2cbd0f37f60bd121e4b30289a64d310e
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 LOCAL_DEV=0
@@ -63,10 +63,6 @@ TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT_OUI=$(CONFIG_CONTROLLER_EASYMESH_VENDOR_E
 TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
 endif
 
-ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)
-TARGET_CFLAGS += -DPROPAGATE_PROBE_REQ
-endif
-
 define Package/map-controller/install
 	$(INSTALL_DIR) $(1)/etc
 	$(CP) ./files/* $(1)/

map-controller/files/etc/config/mapcontroller

@@ -59,7 +59,7 @@ config ap
 
 config ap
 	option band '2'
-	option ssid 'MAP-$BASEMAC_ADDR-BH'
+	option ssid 'MAP-$BASEMAC_ADDR-BH-2.4GHz'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'
@@ -67,7 +67,7 @@ config ap
 
 config ap
 	option band '5'
-	option ssid 'MAP-$BASEMAC_ADDR-BH'
+	option ssid 'MAP-$BASEMAC_ADDR-BH-5GHz'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'
@@ -75,7 +75,7 @@ config ap
 
 config ap
 	option band '6'
-	option ssid 'MAP-$BASEMAC_ADDR-BH'
+	option ssid 'MAP-$BASEMAC_ADDR-BH-6GHz'
 	option encryption 'sae'
 	option key '$WIFI_BH_KEY'
 	option type 'backhaul'

mcastmngr/files/broadcom/lib/mcast/broadcom.sh

@@ -39,6 +39,7 @@ config_snooping_upstream_interface() {
 	local snooping_upstream_intf=""
 
 	json_load "$(devstatus $1)"
+	logger -t "mcastconf" "$(devstatus $1)"
 	itr=1
 	json_select bridge-members
 
@@ -48,7 +49,7 @@ config_snooping_upstream_interface() {
 			*.*)
 				port="$(echo "$dev" | cut -d'.' -f 1)"
 				if [ $port == $ethwan ]; then
-					ifconfig $dev | grep RUNNING >/dev/null && snooping_upstream_intf="$dev" && break
+					ifconfig $dev | grep RUNNING >/dev/null && $snooping_upstream_intf="$dev" && break
 				fi
 				;;
 		esac

mcastmngr/files/common/etc/uci-defaults/61-mcast_config_generate

@@ -91,7 +91,7 @@ interfaces_ok(){
 	for itf in $up_interf; do
 		# check if there exist a interface section for this upstream interface, if yes the
 		# do nothing, if no then generate config as mcast config is outdated
-		local dev_section=$(uci show network | grep -E "\.device=\'$itf\'" | head -n 1 | cut -d'.' -f2)
+		local dev_section=$(uci show network | grep -E "\.device=\'$itf\'" | cut -d'.' -f2)
 
 		# mcast config is outdated, simply generate as per new logic
 		if [ -z "$dev_section" ]; then

mcastmngr/files/common/lib/mcast/common.sh

@@ -62,7 +62,7 @@ read_snooping() {
 	local proto
 
 	config_get sec_enable "$config" enable 0
-	config_get proto "$config" proto "igmp"
+	config_get proto "$config" proto
 
 	if [ "$sec_enable" == "0" ]; then
 		return
@@ -103,7 +103,7 @@ read_proxy() {
 	local proto
 
 	config_get sec_enable "$config" enable 0
-	config_get proto "$config" proto "igmp"
+	config_get proto "$config" proto
 
 	if [ "$sec_enable" == "0" ]; then
 		return

mcastmngr/files/linux/lib/mcast/linux.sh

@@ -15,7 +15,7 @@ snooping_bridges=
 
 __device_is_bridge() {
 	local device="$2"
-	local devsec__="$(uci show network | grep -F ".name='$device'" | cut -d'.' -f2)"
+	local devsec__="$(uci show network | grep name=.*$device | grep -v ifname | cut -d'.' -f2)"
 	local sectype="$(uci -q get network.$devsec__)"
 	local devtype="$(uci -q get network.$devsec__.type)"
 	[ "$sectype" != "device" -o "$devtype" != "bridge" ] && return 1
@@ -46,6 +46,9 @@ device_has_ip() {
 	# Read the openwrt interface for the device.
 	# Device can have multiple logical interfaces like wan and wan6
 	# but same l3 device
+	# NB. Don't use 'get_network_of' here.
+	# This function fails in some uci configurations for interfaces that refer
+	# to a device indirectly.
 	local ifaces=$(ubus call network.interface dump | jsonfilter -e "@.interface[@.device='$device'].interface")
 	for iface in $ifaces; do
 		local ip=
@@ -85,8 +88,9 @@ config_mcproxy_interfaces() {
 
 	echo -e "pinstance main:$str_up ==>$str_down;\n" >> $CONFFILE
 
-	local filter=""
 	for excp in $exceptions; do
+		local filter=""
+
 		case $excp in
 		*/*)
 			ip_start="$(ipcalc.sh $excp | grep IP | awk '{print substr($0,4)}')"
@@ -97,16 +101,16 @@ config_mcproxy_interfaces() {
 			filter="$filter ($excp | *)"
 			;;
 		esac
-	done
 
-	for upstream in $str_up; do
-		echo "pinstance main upstream $upstream in blacklist table{$filter };" >> $CONFFILE
-		echo "pinstance main upstream $upstream out blacklist table{$filter };" >> $CONFFILE
-	done
+		for upstream in $str_up; do
+			echo "pinstance main upstream $upstream in blacklist table{$filter };" >> $CONFFILE
+			echo "pinstance main upstream $upstream out blacklist table{$filter };" >> $CONFFILE
+		done
 
-	for downstream in $str_down; do
-		echo "pinstance main downstream $downstream in blacklist table{$filter };" >> $CONFFILE
-		echo "pinstance main downstream $downstream out blacklist table{$filter };" >> $CONFFILE
+		for downstream in $str_down; do
+			echo "pinstance main downstream $downstream in blacklist table{$filter };" >> $CONFFILE
+			echo "pinstance main downstream $downstream out blacklist table{$filter };" >> $CONFFILE
+		done
 	done
 }
 
@@ -116,7 +120,6 @@ config_sysfs_mcast_snooping() {
 
 	for downstream in $downstreams; do
 		if device_is_bridge "$downstream"; then
-			echo 0 > /sys/class/net/$downstream/bridge/multicast_snooping
 			echo $snooping > /sys/class/net/$downstream/bridge/multicast_snooping
 		fi
 	done
@@ -261,6 +264,10 @@ config_mcproxy_instance() {
 		downstreams=$igmp_p_down_interfaces
 		mcast_mode=$igmp_p_mode
 
+		# mcproxy reserves two multicast subscriptions for igmp router service groups
+		local mg=$(cat /proc/sys/net/ipv4/igmp_max_memberships)
+		mg=$((mg+2))
+		echo $mg > /proc/sys/net/ipv4/igmp_max_memberships
 	elif [ "$protocol" == "mld" ]; then
 		case "$version" in
 			[1-2])
@@ -295,12 +302,7 @@ config_mcproxy_instance() {
 	# for snooping to work we should enable it on the bridge, doing it from
 	# here instead of from inside network config
 	if [ "$downstreams" != "$snooping_bridges" ]; then
-		if [ "$mcast_mode" == "0" ]; then
-			config_sysfs_mcast_snooping "$downstreams" 0
-		else
-			config_sysfs_mcast_snooping "$downstreams" 1
-		fi
-
+		config_sysfs_mcast_snooping "$downstreams" 1
 		[ -n $fast_leave ] &&
 			config_sysfs_mcast_fastleave "$downstreams" "$fast_leave"
 		config_sysfs_mcast_flood "$downstreams" "$mcast_mode"

netmode/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.0.1
+PKG_VERSION:=0.3.0
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only

netmode/files/etc/config/netmode

@@ -1,3 +1,10 @@
 config netmode global
 	option enabled 0
 #	option mode 'router'
+
+#config testnet testnet
+#	option enabled 1
+#	option destination '8.8.8.8'
+	
+#config shiftrange shiftrange
+#	option enabled 1

netmode/files/etc/hotplug.d/iface/05-testnet

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # do not start testnet if the feature is explicitly disabled
-[ "$(uci -q get testnet.global.enabled)" = "0" ] && exit 0
+[ "$(uci -q get netmode.testnet.enabled)" = "0" ] && exit 0
 
 [ "$ACTION" == "ifup" -o "$ACTION" == "ifdown" ] || exit 0
 
@@ -14,4 +14,8 @@ interface_check() {
 }
 
 interface_check
-/etc/init.d/testnet reload
+if [ -n "$(pgrep -f testnet)" ]; then
+	testnet once
+else
+	testnet &
+fi

netmode/files/etc/hotplug.d/iface/70-shiftrange

@@ -0,0 +1,252 @@
+#!/bin/sh
+# this scripts shifts the lan network prefixes
+# if a wan interface has the same network prefix.
+
+# do not shift range if the feature is explicitly disabled
+[ "$(uci -q get netmode.shiftrange.enabled)" == "0" ] && exit 0
+
+. /lib/functions.sh
+. /lib/functions/network.sh
+
+LOCKFILE="/tmp/70-shiftrange.lock"
+RESTRICTED_NETS=""
+ALL_NETS=""
+
+#####
+##### initial functions
+#####
+
+initial_check()
+{
+	# run only on ifup
+	[ "$ACTION" == "ifup" ] || exit 0
+
+	# run only for uplink (not is_lan) interfaces
+	local islan="$(uci -q get network.$INTERFACE.is_lan)"
+	[ "$islan" != "1" ] || exit 0
+
+	# run only if the uplink interface has a configured protocol
+	local proto="$(uci -q get network.$INTERFACE.proto)"
+	[ "$proto" != "none" ] || exit 0
+}
+
+finish()
+{
+    lock -u $LOCKFILE
+    rm -f $LOCKFILE
+}
+
+# just one instance of this script at a time
+just_one_instance()
+{
+	local counter=0
+	local limit=10
+
+	#wait for the lock to become free
+	while [ -e $LOCKFILE ] ; do
+		sleep 1
+		counter=$((counter + 1))
+		[ "$counter" -gt "$limit" ] && exit 1
+	done
+
+	lock $LOCKFILE
+	trap finish EXIT INT TERM
+}
+
+
+#####
+##### helper functions
+#####
+
+#given a an ip and a mask in the form of "192.168.1.1/24"
+#return the network address like "192.168.1.0/24"
+get_network_address()
+{
+	local ip="$1"
+	[ -z "$ip" ] && return
+
+	local prefix=${ip##*/}
+
+	local ip1=${ip%%.*} ; ip=${ip#*.*}
+	local ip2=${ip%%.*} ; ip=${ip#*.*}
+	local ip3=${ip%%.*} ; ip=${ip#*.*}
+	local ip4=${ip%%/*}
+
+	local ip=$((($ip1 << 24) + ($ip2 << 16) + ($ip3 << 8) + $ip4))
+	local mask=$((0xFFFFFFFF >> (32 - $prefix) << (32 - $prefix)))
+	local network=$(($ip & $mask))
+
+	local n1=$((($network & 0xFF000000) >> 24))
+	local n2=$((($network & 0x00FF0000) >> 16))
+	local n3=$((($network & 0x0000FF00) >> 8))
+	local n4=$(( $network & 0x000000FF))
+
+	echo "$n1.$n2.$n3.$n4/$prefix"
+}
+
+#given a network address (192.168.1.0/24)
+#find the next network address (192.168.2.0/24)
+next_network_address()
+{
+	local ip=$1
+	local prefix=${ip##*/}
+
+	local ip1=${ip%%.*} ; ip=${ip#*.*}
+	local ip2=${ip%%.*} ; ip=${ip#*.*}
+	local ip3=${ip%%.*} ; ip=${ip#*.*}
+	local ip4=${ip%%/*}
+
+	local ip=$((($ip1 << 24) + ($ip2 << 16) + ($ip3 << 8) + $ip4))
+	local one="$((1 << (32-$prefix)))"
+	local new=$(($ip + $one))
+
+	local n1=$((($new & 0xFF000000) >> 24))
+	local n2=$((($new & 0x00FF0000) >> 16))
+	local n3=$((($new & 0x0000FF00) >> 8))
+	local n4=$(( $new & 0x000000FF))
+
+	echo "$n1.$n2.$n3.$n4/$prefix"
+}
+
+# given a network address and a prefix (192.168.2.0/24)
+# return the first host ip available   (192.168.2.1)
+first_host_in_network ()
+{
+	local ip=$1
+	local prefix=${ip##*/}
+
+	local ip1=${ip%%.*} ; ip=${ip#*.*}
+	local ip2=${ip%%.*} ; ip=${ip#*.*}
+	local ip3=${ip%%.*} ; ip=${ip#*.*}
+	local ip4=${ip%%/*}
+
+	local ip=$((($ip1 << 24) + ($ip2 << 16) + ($ip3 << 8) + $ip4))
+	local new=$(($ip + 1))
+
+	local n1=$((($new & 0xFF000000) >> 24))
+	local n2=$((($new & 0x00FF0000) >> 16))
+	local n3=$((($new & 0x0000FF00) >> 8))
+	local n4=$(( $new & 0x000000FF))
+
+	echo "$n1.$n2.$n3.$n4"
+}
+
+# given a network address,
+# find the next available network address.
+shift_range()
+{
+	local net="$1"
+	while true ; do
+		if [ "$RESTRICTED_NETS" == "${RESTRICTED_NETS//$net/}" ] && [ "$ALL_NETS" == "${ALL_NETS//$net/}" ]; then
+			# found a net that is not in restricted nets nor in all nets
+			break
+		fi
+		net=$(next_network_address $net)
+	done
+
+	echo "$net"
+}
+
+
+#####
+##### parse all interfaces section
+#####
+
+# RESTRICTED_NETS = all the IPs on wan interfaces
+# ALL_NETS = all the IPs on any interface
+parse_interface()
+{
+	local interface=$1
+	local nets=""		# "192.168.1.1/24"
+	local networks=""	# "192.168.1.0/24"
+
+	config_get is_lan $interface is_lan
+	network_get_subnets nets $interface
+
+	for n in $nets ; do
+		networks="$networks $(get_network_address $n)"
+	done
+
+	[ "$is_lan" != "1" ] && RESTRICTED_NETS="$RESTRICTED_NETS $networks"
+	ALL_NETS="$ALL_NETS $networks"
+}
+
+# parse all the interfaces
+# get all the IPs on wan interfaces and store them in restrict_nets
+# get all the IPs on all interfaces and store them in ALL_NETS
+parse_interfaces()
+{
+	config_foreach parse_interface "interface"
+}
+
+
+#####
+##### parse all lan interfaces section
+#####
+
+parse_lan()
+{
+	local interface=$1
+	local nets=""
+	local ips=""
+	local newips=""
+	local ips_changed=0
+
+	[ "$interface" == "loopback" ] && return
+	config_get is_lan $interface is_lan
+	[ "$is_lan" == "1" ] || return
+
+	network_get_subnets ips $interface
+
+	for ip in $ips ; do
+		net="$(get_network_address $ip)"
+
+		if [ "$RESTRICTED_NETS" == "${RESTRICTED_NETS//$net/}" ] ; then
+			# net is not in restricted nets
+			# append ip to newips
+			[ -z "$newips" ] && newips="${ip%/*}" ||  newips="$newips ${ip%/*}"
+			continue
+		fi
+
+		#net is in RESTRICTED_NETS
+		local newnet=$(shift_range $net)
+		local newip="$(first_host_in_network $newnet)"
+		# append newip to newips
+		[ -z "$newips" ] && newips="$newip" ||  newips="$newips $newip"
+
+		ips_changed=1
+		logger "$0: Changing the ip on interface $interface from $ip to $newip/${newnet##*/}"
+		echo "$0: Changing the ip on interface $interface from $ip to $newip/${newnet##*/}" >/dev/console
+	done
+
+	#assign the new ips
+	if [ "$ips_changed" == "1" ] ; then
+		uci -q set network.$interface.ipaddr="$newips"
+	fi
+}
+
+# parse all the interface with is_lan=1
+parse_lans()
+{
+	config_foreach parse_lan "interface"
+}
+
+#####
+##### main
+#####
+
+main()
+{
+	initial_check
+	just_one_instance
+
+	config_load network
+	parse_interfaces
+	parse_lans
+
+	if [ -n "$(uci changes network)" ] ; then
+		ubus call uci commit '{"config":"network"}'
+	fi
+}
+
+main $@

netmode/files/etc/uci-defaults/netmode.l2mode

@@ -1,114 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-. /usr/share/libubox/jshn.sh
-
-source "/etc/device_info"
-
-l2_mcast_config() {
-	# configure L2 mcast config for snooping
-	logger -s -p user.info -t "netmode" "Generating L2 mcast configuration"
-
-	# remove proxy sections
-	uci -q delete mcast.igmp_proxy_1
-	uci -q delete mcast.mc_proxy_MLD
-
-	# add igmp_snooping section
-	uci -q set mcast.igmp_snooping_1=snooping
-	uci -q set mcast.igmp_snooping_1.enable='1'
-	uci -q set mcast.igmp_snooping_1.proto='igmp'
-	uci -q set mcast.igmp_snooping_1.version='2'
-	uci -q set mcast.igmp_snooping_1.robustness='2'
-	uci -q set mcast.igmp_snooping_1.query_interval='125'
-	uci -q set mcast.igmp_snooping_1.query_response_interval='100'
-	uci -q set mcast.igmp_snooping_1.last_member_query_interval='10'
-	uci -q set mcast.igmp_snooping_1.fast_leave='1'
-	uci -q set mcast.igmp_snooping_1.snooping_mode='2'
-	uci -q set mcast.igmp_snooping_1.interface='br-lan'
-	uci -q add_list mcast.igmp_snooping_1.filter='239.0.0.0/8'
-
-	# add mld_snooping section
-	uci -q set mcast.mld_snooping_1=snooping
-	uci -q set mcast.mld_snooping_1.enable='1'
-	uci -q set mcast.mld_snooping_1.proto='mld'
-	uci -q set mcast.mld_snooping_1.version='2'
-	uci -q set mcast.mld_snooping_1.robustness='2'
-	uci -q set mcast.mld_snooping_1.query_interval='125'
-	uci -q set mcast.mld_snooping_1.query_response_interval='100'
-	uci -q set mcast.mld_snooping_1.last_member_query_interval='10'
-	uci -q set mcast.mld_snooping_1.fast_leave='1'
-	uci -q set mcast.mld_snooping_1.snooping_mode='2'
-	uci -q set mcast.mld_snooping_1.interface='br-lan'
-
-	uci -q commit mcast
-}
-
-l2_network_config() {
-	logger -s -p user.info -t "netmode" "Generating L2 network configuration"
-
-	# Configure L2 Network Mode
-	uci -q delete network.lan
-	uci -q delete network.wan
-	uci -q delete network.wan6
-	uci -q set network.lan=interface
-	uci -q set network.lan.proto='dhcp'
-	uci -q set network.lan.device='br-lan'
-	uci -q set network.lan.force_link='1'
-	uci -q set network.lan6=interface
-	uci -q set network.lan6.proto='dhcpv6'
-	uci -q set network.lan6.device='@lan'
-	uci -q set network.lan6.reqprefix='no'
-	uci -q delete network.br_lan.ports
-	uci -q set network.br_lan.bridge_empty='1'
-
-	add_port_to_br_lan() {
-		port="$1"
-		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
-	}
-
-	if [ -f /etc/board.json ]; then
-		json_load_file /etc/board.json
-		json_select network
-		json_select lan
-		if json_is_a ports array; then
-			json_for_each_item add_port_to_br_lan ports
-		else
-			json_get_var device device
-			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		fi
-		json_select ..
-		json_select wan 2>/dev/null
-		json_get_var device device
-		[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
-		json_cleanup
-	fi
-
-	uci -q commit network
-
-	# Disable DHCP Server
-	uci -q set dhcp.lan.ignore=1
-	uci -q commit dhcp
-	/etc/init.d/odhcpd disable
-
-	# Disable SSDPD
-	uci -q set ssdpd.ssdp.enabled="0"
-	uci -q commit ssdpd
-
-	# Update CWMP Agent WAN Interface
-	uci -q set cwmp.cpe.default_wan_interface="lan"
-	uci -q commit cwmp
-
-	# disable firewall
-	uci -q set firewall.globals.enabled="0"
-	uci -q commit firewall
-}
-
-network_mode="$(fw_printenv -n netmode 2>/dev/null)"
-	
-case "$network_mode" in
-	layer2|extender)
-		l2_network_config
-		l2_mcast_config
-	;;	
-esac

netmode/files/sbin/testnet

@@ -1,7 +1,7 @@
 #!/bin/sh
 
-RELOAD=0
-WAITING=0
+. /lib/functions.sh
+. /lib/network/utils.sh
 
 NETCON=0
 LASTSTATUS=""
@@ -14,32 +14,29 @@ test_connection() {
 	local defroute="$(ip r | grep default | awk '{print$3}' | head -1)"
 	local def6route="$(ip -f inet6 r | grep default | awk '{print$3}')"
 	local ping6dev="$(ip -f inet6 r | grep default | awk '{print$5}')"
-	local resolvfile="$(uci -q get 'dhcp.@dnsmasq[0].resolvfile')"
 
 	if [ -n "$addr" ]; then
-		ping -q -w 5 -c 1 "$addr" >/dev/null 2>&1 && return 0
+		ping -q -w 5 -c 1 $addr >/dev/null 2>&1 && return 0
 	elif [ -n "$defroute" ]; then
-		ping -q -w 5 -c 1 "$defroute" >/dev/null 2>&1 && return 0
-		if [ -e "$resolvfile" ]; then
-			for nmsrv in $(grep nameserver "$resolvfile" | awk '{print$2}'); do
-				ping -q -w 5 -c 1 "$nmsrv" >/dev/null 2>&1 && return 0
-			done
-		fi
+		ping -q -w 5 -c 1 $defroute >/dev/null 2>&1 && return 0
+		for nmsrv in $(grep nameserver /var/resolv.conf.auto | awk '{print$2}'); do
+			ping -q -w 5 -c 1 $nmsrv >/dev/null 2>&1 && return 0
+		done
 	elif [ -n "$def6route" -a -n "$ping6dev" ]; then
-		ndisc6 -w 5 -1 "$def6route" "$ping6dev" >/dev/null 2>&1 && return 0
+		ndisc6 -w 5 -1 $def6route $ping6dev >/dev/null 2>&1 && return 0
 	fi
 	return 1
 }
 
 internet_test() {
-	local dest
+	local link dest
 
 	# use the destination address given in config for connectivity check
-	dest="$(uci -q get testnet.global.destination)"
+	dest="$(uci -q get netmode.testnet.destination)"
 	# for backwards compatibility
-	[ -n "$dest" ] || dest="$(uci -q get 'system.@system[0].netping_addr')"
+	[ -n "$dest" ] || dest="$(uci -q get diagnostics.@connectivity[0].destination)"
 
-	test_connection "$dest"
+	test_connection $dest
 
 	if [ "$?" -eq 0 ]; then
 		NETCON=1
@@ -53,7 +50,7 @@ internet_test() {
 connectivity_test() {
 	internet_test
 
-	if [ "$NETCON" -eq 1 ]; then
+	if [ $NETCON -eq 1 ]; then
 		CURSTATUS=1
 		[ "$CURSTATUS" == "$LASTSTATUS" ] || ubus send internet '{"status" : "online"}'
 		LASTSTATUS=1
@@ -64,14 +61,12 @@ connectivity_test() {
 	fi
 }
 
-trap RELOAD=1 HUP
+if [ "$1" == "once" ]; then
+	connectivity_test
+	exit 0
+fi
 
 while true; do
-	if [ "$WAITING" -eq 0 ]; then
-		sleep "$SLEEP_TIME" &
-		WAITING=1
-	fi
-	RELOAD=0
 	connectivity_test
-	[ "$RELOAD" -eq 0 ] && wait && WAITING=0
+	sleep $SLEEP_TIME
 done

obuspa/Config.in

@@ -22,17 +22,4 @@ config OBUSPA_CONTROLLER_MTP_VERIFY
 config OBUSPA_ENABLE_TEST_CONTROLLER
 	bool "Adds a test controller by default"
 	default n
-	select OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
-
-config OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL
-	bool "Adds a test controller by default (local access only)"
-	default n
-
-config OBUSPA_MAX_CONTROLLERS_NUM
-	int "The maximum number of controllers to be supported"
-	range 1 10
-	default 5
-	help
-	 This value must be in range of 1 to 10. (default 5)
-
 endif

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=7.0.5.6.12
+PKG_VERSION:=7.0.5.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=131e04ec5c6ddd8c2fb47f95fe7da2b9836ed925
+PKG_SOURCE_VERSION:=d11c8505ffddb4c840d630632b0bb7dda04ca5b2
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -32,9 +32,7 @@ define Package/obuspa
   SUBMENU:=TRx69
   TITLE:=USP agent
   MENU:=1
-  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
-		+OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-ssl +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-client-ssl \
-		+OBUSPA_ENABLE_TEST_CONTROLLER:mosquitto-auth-shadow
+  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl
 endef
 
 define Package/obuspa/description
@@ -83,14 +81,10 @@ else
 CMAKE_OPTIONS += -DENABLE_WEBSOCKETS=OFF
 endif
 
-ifdef $(CONFIG_OBUSPA_MAX_CONTROLLERS_NUM)
-TARGET_CFLAGS += -DOBUSPA_MAX_CONTROLLERS_NUM=$(CONFIG_OBUSPA_MAX_CONTROLLERS_NUM)
-endif
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-	$(CP) -rf ~/git/obuspa/* $(PKG_BUILD_DIR)/
-	$(Build/Patch)
+        $(CP) -rf ~/git/obuspa/* $(PKG_BUILD_DIR)/
+        $(Build/Patch)
 endef
 endif
 
@@ -106,14 +100,12 @@ define Package/obuspa/install
 	$(INSTALL_DATA) ./files/etc/config/obuspa $(1)/etc/config/
 	$(INSTALL_DATA) ./files/etc/obuspa/roles.json $(1)/etc/obuspa/roles.json
 	$(INSTALL_DATA) ./files/etc/obuspa/dmcaching_exclude.json $(1)/etc/obuspa/dmcaching_exclude.json
+	$(INSTALL_BIN) ./files/etc/uci-defaults/00-obuspa-extender-mode $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/02-obuspa-dhcp-option $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
 	$(call BbfdmInstallPlugin,$(1),./files/etc/bbfdm/json/USPAgent.json)
 ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER),y)
-	$(INSTALL_BIN) ./files/etc/uci-defaults/54-test-usp-remote $(1)/etc/uci-defaults/
-endif
-ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL),y)
 	$(INSTALL_BIN) ./files/etc/init.d/usptest $(1)/etc/init.d/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/55-test-usp-controller $(1)/etc/uci-defaults/
 endif

obuspa/files/etc/config/obuspa

@@ -7,8 +7,7 @@ config obuspa 'global'
 	option db_file '/etc/obuspa/usp.db'
 	option role_file '/etc/obuspa/roles.json'
 	option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'
-	#option trust_cert '/etc/ssl/cert.pem'
+	#option trust_cert '/etc/obuspa/rootCA.pem'
 	#option client_cert '/etc/obuspa/client.pem'
 	#option log_dest '/tmp/obuspa.log'
-	option max_cache_time  '120'
 

obuspa/files/etc/init.d/obuspa

@@ -92,10 +92,10 @@ get_base_path()
 	count=0
 
 	if [ -f "${DB_DUMP}" ]; then
-		path=$(grep -E "${refpath}\d+.Alias \"${value}\"" ${DB_DUMP})
+		path=$(grep "${refpath}\d.Alias \"${value}\"" ${DB_DUMP})
 		path=${path%.*}
 		if [ -z "${path}" ]; then
-			path=$(grep -oE "${refpath}\d+" ${DB_DUMP} |sort -r|head -n 1)
+			path=$(grep -o "${refpath}\d" ${DB_DUMP} |sort -r|head -n 1)
 			if [ -n "${path}" ]; then
 				count=${path##*.}
 				count=$(( count + 1 ))
@@ -122,9 +122,9 @@ get_refrence_path()
 	path=""
 
 	if [ -f "${DB_DUMP}" ]; then
-		path=$(grep -E "${dmref}\d+.Alias " ${DB_DUMP}|grep -w "${value}")
+		path=$(grep "${dmref}\d.Alias " ${DB_DUMP}|grep -w "${value}")
 	elif [ -f "${RESET_FILE}" ]; then
-		path=$(grep -E "${dmref}\d+.Alias " ${RESET_FILE}|grep -w "${value}")
+		path=$(grep "${dmref}\d.Alias " ${RESET_FILE}|grep -w "${value}")
 	fi
 	path=${path%.*}
 	echo "${path}"
@@ -217,10 +217,12 @@ validate_controller_section()
 		'Enable:bool:1' \
 		'EndpointID:string' \
 		'assigned_role_name:string' \
+		'AssignedRole:string' \
 		'Protocol:or("STOMP","CoAP","MQTT", "WebSocket")' \
 		'Destination:string' \
 		'Topic:string' \
 		'ParameterName:list(string)' \
+		'Reference:string' \
 		'mqtt:string' \
 		'stomp:string' \
 		'Host:string' \
@@ -228,7 +230,7 @@ validate_controller_section()
 		'Path:string' \
 		'EnableEncryption:bool' \
 		'PeriodicNotifInterval:uinteger' \
-		'SessionMode:string' \
+		'SessionMode:string:Allow' \
 		'ProvisioningCode:string'
 }
 
@@ -253,6 +255,7 @@ validate_mtp_section()
 		'Path:string' \
 		'mqtt:string' \
 		'stomp:string' \
+		'Reference:string' \
 		'PublishQoS:uinteger' \
 		'EnableEncryption:bool'
 }
@@ -321,7 +324,7 @@ configure_controller()
 	local EndpointID Enable 
 	local Protocol Destination
 	local Topic mqtt stomp assigned_role_name AssignedRole ParameterName ProvisioningCode
-	local Host Port Path EnableEncryption PeriodicNotifInterval
+	local Host Port Path EnableEncryption Reference SessionMode PeriodicNotifInterval
 	local dm_ref sec
 
 	sec="${1}"
@@ -343,12 +346,16 @@ configure_controller()
 	fi
 
 	dm_ref=""
-	if [ "${Protocol}" = "STOMP" ]; then
-		stomp="${stomp/stomp_/cpe-}"
-		dm_ref=$(get_refrence_path "Device.STOMP.Connection." "${stomp}")
-	elif [ "${Protocol}" = "MQTT" ]; then
-		mqtt="${mqtt/mqtt_/cpe-}"
-		dm_ref=$(get_refrence_path "Device.MQTT.Client." "${mqtt}")
+	if [ -z "${Reference}" ]; then
+		if [ "${Protocol}" = "STOMP" ]; then
+			stomp="${stomp/stomp_/cpe-}"
+			dm_ref=$(get_refrence_path "Device.STOMP.Connection." "${stomp}")
+		elif [ "${Protocol}" = "MQTT" ]; then
+			mqtt="${mqtt/mqtt_/cpe-}"
+			dm_ref=$(get_refrence_path "Device.MQTT.Client." "${mqtt}")
+		fi
+	else
+		dm_ref="${Reference}"
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -363,15 +370,16 @@ configure_controller()
 		db_set "${BASEPATH}.PeriodicNotifInterval" "${PeriodicNotifInterval}"
 	fi
 
-	#if [ -n "${SessionMode}" ]; then
-	#	db_set "${BASEPATH}.E2ESession.SessionMode" "${SessionMode}"
-	#fi
+	if [ -n "${SessionMode}" ]; then
+		db_set "${BASEPATH}.E2ESession.SessionMode" "${SessionMode}"
+	fi
 
 	if [ -n "${assigned_role_name}" ]; then
 		AssignedRole=$(get_role_index "${assigned_role_name}")
-		if [ -n "${AssignedRole}" ]; then
-			db_set "${BASEPATH}.AssignedRole" "${AssignedRole}"
-		fi
+	fi
+
+	if [ -n "${AssignedRole}" ]; then
+		db_set "${BASEPATH}.AssignedRole" "${AssignedRole}"
 	fi
 
 	db_set "${BASEPATH}.MTP.1.Alias" "${sec}"
@@ -551,12 +559,16 @@ configure_mtp() {
 	fi
 
 	dm_ref=""
-	if [ "${Protocol}" = "STOMP" ]; then
-		stomp="${stomp/stomp_/cpe-}"
-		dm_ref=$(get_refrence_path "Device.STOMP.Connection." "${stomp}")
-	elif [ "${Protocol}" = "MQTT" ]; then
-		mqtt="${mqtt/mqtt_/cpe-}"
-		dm_ref=$(get_refrence_path "Device.MQTT.Client." "${mqtt}")
+	if [ -z "${Reference}" ]; then
+		if [ "${Protocol}" = "STOMP" ]; then
+			stomp="${stomp/stomp_/cpe-}"
+			dm_ref=$(get_refrence_path "Device.STOMP.Connection." "${stomp}")
+		elif [ "${Protocol}" = "MQTT" ]; then
+			mqtt="${mqtt/mqtt_/cpe-}"
+			dm_ref=$(get_refrence_path "Device.MQTT.Client." "${mqtt}")
+		fi
+	else
+		dm_ref="${Reference}"
 	fi
 
 	db_set "${BASEPATH}.Alias" "${sec}"
@@ -716,13 +728,13 @@ get_instances_from_db_dump()
 {
 	local obj inst
 
-	obj="${1}\d+"
+	obj="${1}\d"
 	if [ ! -f "${DB_DUMP}" ]; then
 		echo ""
 		return 0;
 	fi
 
-	inst="$(grep -oE "${obj}" "${DB_DUMP}"|uniq)"
+	inst="$(grep -oe "${obj}" "${DB_DUMP}"|uniq)"
 	echo "$inst"
 }
 
@@ -764,8 +776,8 @@ sync_db_controller()
 {
 	local cntrs copts sec pvalue protocol
 
-	copts="Enable EndpointID PeriodicNotifInterval"
-	popts="Destination Topic Host Port Path EnableEncryption"
+	copts="Enable EndpointID AssignedRole PeriodicNotifInterval"
+	popts="Destination Topic Reference Host Port Path EnableEncryption"
 
 	cntrs="$(get_instances_from_db_dump Device.LocalAgent.Controller.)"
 	for cntr in $cntrs; do
@@ -797,7 +809,8 @@ sync_db_localagent_mtp()
 	local mtps opts popts sec pvalue protocol
 
 	opts="Enable"
-	popts="ResponseTopicConfigured Destination Port Path EnableEncryption PublishQoS"
+	popts="ResponseTopicConfigured Destination Port Path Reference EnableEncryption PublishQoS"
+	ropts="mqtt stomp"
 
 	mtps="$(get_instances_from_db_dump Device.LocalAgent.MTP.)"
 	for inst in $mtps; do
@@ -820,6 +833,9 @@ sync_db_localagent_mtp()
 			pvalue="$(get_param_value_from_dump "${inst}"."${protocol}"."${param}")"
 			uci_set obuspa "${sec}" "${param}" "${pvalue}"
 		done
+		for param in ${ropts}; do
+			uci_set obuspa "${sec}" "${param}" ""
+		done
 	done
 }
 
@@ -926,7 +942,7 @@ check_n_delete_db()
 	r="${3}"
 	sec="${sec/${t}_/cpe-}"
 
-	path=$(grep -E "${r}\d+.Alias \"${sec}\"" ${DB_DUMP})
+	path=$(grep "${r}\d.Alias \"${sec}\"" ${DB_DUMP})
 	path=${path%.*}
 
 	delete_sql_db_entry_with_pattern "${path}"
@@ -986,9 +1002,6 @@ db_init()
 		reverse_update_db_with_uci
 	fi
 
-	# Remove ControllerTrust.Role., if present in db for backward compatibility
-	delete_sql_db_entry_with_pattern "^Device.LocalAgent.ControllerTrust.Role."
-
 	# Remove reset file if present
 	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old
 
@@ -1021,17 +1034,11 @@ db_init()
 }
 
 start_service() {
-	local enabled role_file
+	local enabled
 
 	mkdir -p /tmp/obuspa/
 	config_load obuspa
 	config_get_bool enabled global enabled 0
-	config_get role_file global role_file ""
-	# Use the default role file if not defined in uci, but present in path
-	if [ -z "${role_file}" ] && [ -f "/etc/obuspa/roles.json" ] ; then
-		uci -q set obuspa.global.role_file="/etc/obuspa/roles.json"
-		uci_commit obuspa
-	fi
 
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then

obuspa/files/etc/obuspa/dmcaching_exclude.json

@@ -1,6 +1,7 @@
 {
   "dmcaching_exclude": [
     "Device.Hosts.Host.",
-    "Device.Services.VoiceService."
+    "Device.IEEE1905.",
+    "Device.WiFi.DataElements."
   ]
 }

obuspa/files/etc/obuspa/roles.json

@@ -82,17 +82,6 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
-        {
-          "object": "Device.SelfTestDiagnostics()",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_OPER",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
         {
           "object": "Device.FactoryReset()",
           "perm": [
@@ -260,40 +249,6 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
-        {
-          "object":"Device.Schedules.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SET",
-            "PERMIT_ADD",
-            "PERMIT_DEL",
-            "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SET",
-            "PERMIT_ADD",
-            "PERMIT_DEL",
-            "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
         {
           "object":"Device.NAT.",
           "perm": [
@@ -615,40 +570,7 @@
         {
           "object": "Device.",
           "perm": [
-            "PERMIT_NONE"
-          ]
-        },
-        {
-          "object":"Device.Schedules.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SET",
-            "PERMIT_ADD",
-            "PERMIT_DEL",
-            "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
-            "PERMIT_SUBS_EVT_OPER_COMP"
-          ]
-        },
-        {
-          "object":"Device.{BBF_VENDOR_PREFIX}ParentalControl.",
-          "perm": [
-            "PERMIT_GET",
-            "PERMIT_GET_INST",
-            "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO",
-            "PERMIT_SET",
-            "PERMIT_ADD",
-            "PERMIT_DEL",
-            "PERMIT_OPER",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL",
+            "PERMIT_NONE",
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
@@ -662,11 +584,80 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
+        {
+          "object":"Device.Time.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.UPnP.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.Bridging.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.Ethernet.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.DHCPv4.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.DHCPv6.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
         {
           "object":"Device.Hosts.",
           "perm": [
             "PERMIT_GET",
-            "PERMIT_SET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.NAT.",
+          "perm": [
+            "PERMIT_GET",
             "PERMIT_GET_INST",
             "PERMIT_OBJ_INFO",
             "PERMIT_CMD_INFO",
@@ -675,18 +666,23 @@
           ]
         },
         {
-          "object":"Device.Hosts.AccessControl.",
+          "object":"Device.PPP.",
           "perm": [
             "PERMIT_GET",
             "PERMIT_GET_INST",
             "PERMIT_OBJ_INFO",
             "PERMIT_CMD_INFO",
-            "PERMIT_SET",
-            "PERMIT_ADD",
-            "PERMIT_DEL",
-            "PERMIT_SUBS_VAL_CHANGE",
-            "PERMIT_SUBS_OBJ_ADD",
-            "PERMIT_SUBS_OBJ_DEL"
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.Routing.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
         {
@@ -700,12 +696,13 @@
           ]
         },
         {
-          "object": "Device.IP.",
+          "object":"Device.InterfaceStack.",
           "perm": [
             "PERMIT_GET",
             "PERMIT_GET_INST",
             "PERMIT_OBJ_INFO",
-            "PERMIT_CMD_INFO"
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
         {
@@ -718,6 +715,56 @@
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
+        {
+          "object":"Device.LANConfigSecurity.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.Security.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.RouterAdvertisement.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.Services.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
+        {
+          "object":"Device.UserInterface.",
+          "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
+            "PERMIT_SUBS_EVT_OPER_COMP"
+          ]
+        },
         {
           "object":"Device.PeriodicStatistics.",
           "perm": [
@@ -754,16 +801,30 @@
           ]
         },
         {
-          "object": "Device.WiFi.AccessPoint.{i}.WPS.InitiateWPSPBC()",
+          "object": "Device.DNS.",
           "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
             "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         },
         {
-          "object": "Device.WiFi.DataElements.Network.SetSSID()",
+          "object": "Device.IP.",
           "perm": [
+            "PERMIT_GET",
+            "PERMIT_GET_INST",
+            "PERMIT_OBJ_INFO",
+            "PERMIT_CMD_INFO",
             "PERMIT_OPER",
+            "PERMIT_SUBS_VAL_CHANGE",
+            "PERMIT_SUBS_OBJ_ADD",
+            "PERMIT_SUBS_OBJ_DEL",
             "PERMIT_SUBS_EVT_OPER_COMP"
           ]
         }

obuspa/files/etc/uci-defaults/00-obuspa-extender-mode

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+config_load obuspa
+config_get interface global interface ""
+
+if command -v fw_printenv; then
+	mode="$(fw_printenv -n netmode)"
+	if [ "${mode}" == "extender" -a -z "$interface" ] ; then
+		uci_set obuspa global interface "lan"
+	fi
+fi

obuspa/files/etc/uci-defaults/54-test-usp-remote

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-if [ ! -f "/etc/config/mosquitto" ]; then
-	echo "Local mosquitto broker not available"
-	return 0
-fi
-
-add_usp_test()
-{
-	uci_add mosquitto listener usptest
-	uci_set mosquitto usptest enabled 1
-	uci_set mosquitto usptest port '9001'
-	uci_set mosquitto usptest protocol 'websockets'
-	uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
-}
-
-# Install test MQTT over WS listener
-add_usp_test

obuspa/files/etc/uci-defaults/55-test-usp-controller

@@ -40,6 +40,16 @@ add_obuspa_test_controller()
 	uci_set obuspa testcontroller assigned_role_name 'full_access'
 }
 
+add_usp_test()
+{
+	uci_add mosquitto listener usptest
+	uci_set mosquitto usptest enabled 1
+	uci_set mosquitto usptest port '9001'
+	uci_set mosquitto usptest protocol 'websockets'
+	uci_set mosquitto usptest require_certificates '0'
+	uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+}
+
 add_obuspa_config()
 {
 	uci_add mosquitto listener obuspa
@@ -50,8 +60,11 @@ add_obuspa_config()
 }
 
 # Install test usp controller config
+uci_load mosquitto
+add_usp_test
 add_obuspa_config
 
+uci_load obuspa
 add_obuspa_test_mtp
 add_obuspa_test_mqtt
 add_obuspa_test_controller

obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user

@@ -8,11 +8,6 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
 
-log()
-{
-	echo "$*"|logger -t obuspa.dhcp -p debug
-}
-
 get_oui_from_db() {
 	db -q get device.deviceinfo.ManufacturerOUI
 }
@@ -129,15 +124,15 @@ get_vivsoi() {
 	done
 }
 
-get_access_role()
+get_netmode()
 {
-	local mode lan_proto
+	local mode
 
-	lan_proto="$(uci -q get network.lan.proto)"
+	if command -v fw_printenv; then
+		mode="$(fw_printenv -n netmode)"
+	fi
 
-	if [ "${lan_proto}" == "dhcp" ]; then
-		mode="extender"
-	else
+	if [ "$mode" != "extender" ]; then
 		mode="full_access"
 	fi
 
@@ -146,25 +141,13 @@ get_access_role()
 
 config_load obuspa
 config_get_bool enable_obuspa global enabled 1
-config_get wan_intf global interface
+config_get wan_intf global interface "wan"
 config_get_bool dhcp_discovery global dhcp_discovery 1
 
 if [ "$enable_obuspa" = "0" ] || [ "$dhcp_discovery" = "0" ]; then
 	return 0
 fi
 
-if [ -z "${wan_intf}" ]; then
-	role="$(get_access_role)"
-
-	if [ "${role}" = "extender" ]; then
-		wan_intf="lan"
-		uci -q set obuspa.global.interface="lan"
-		uci commit obuspa
-	else
-		wan_intf="wan"
-	fi
-fi
-
 if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	if [ -n "$opt125" ]; then
 		len=$(printf "$opt125"|wc -c)
@@ -243,7 +226,7 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 			fi
 		fi
 
-		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_access_role)"
+		uci -q set obuspa.dhcpcontroller.assigned_role_name="$(get_netmode)"
 		uci -q set obuspa.dhcpcontroller.Enable='1'
 		uci_change=1
 	fi
@@ -326,7 +309,6 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	fi
 
 	if [ ${uci_change} -eq 1 ]; then
-		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi
 fi

obuspa/patches/0003-set-internal-role-fix.patch

@@ -1,69 +1,29 @@
 --- a/src/core/cli_server.c
 +++ b/src/core/cli_server.c
-@@ -780,6 +780,7 @@ int ExecuteCli_Set(char *arg1, char *arg
+@@ -787,6 +787,7 @@ int ExecuteCli_Set(char *arg1, char *arg
          goto exit;
      }
  
 +    SetControllerRoleForInternal();
-     // Exit if unable to start a transaction
-     err = DM_TRANS_Start(&trans);
-     if (err != USP_ERR_OK)
-@@ -865,6 +866,7 @@ int ExecuteCli_Add(char *arg1, char *arg
-         goto exit;
-     }
- 
-+    SetControllerRoleForInternal();
-     // Exit if unable to start a transaction
-     err = DM_TRANS_Start(&trans);
-     if (err != USP_ERR_OK)
-@@ -976,6 +978,7 @@ int ExecuteCli_Del(char *arg1, char *arg
-         goto exit;
-     }
- 
-+    SetControllerRoleForInternal();
-     // Exit if unable to start a transaction
-     err = DM_TRANS_Start(&trans);
-     if (err != USP_ERR_OK)
+     // Iterate over all objects to set
+     for (i=0; i < objects.num_entries; i++)
+     {
 --- a/src/core/data_model.h
 +++ b/src/core/data_model.h
-@@ -325,6 +325,8 @@ void DATA_MODEL_DumpSchema(void);
+@@ -325,6 +325,7 @@ void DATA_MODEL_DumpSchema(void);
  void DATA_MODEL_DumpInstances(void);
  char DATA_MODEL_GetJSONParameterType(char *path);
  int DATA_MODEL_SetParameterInDatabase(char *path, char *value);
 +void SetControllerRoleForInternal();
-+void SetControllerDummyID();
  
  int DM_PRIV_InitSetRequest(dm_req_t *req, dm_node_t *node, char *path, dm_instances_t *inst, char *new_value);
  void DM_PRIV_RequestInit(dm_req_t *req, dm_node_t *node, char *path, dm_instances_t *inst);
---- a/src/core/dm_exec.c
-+++ b/src/core/dm_exec.c
-@@ -1207,6 +1207,7 @@ void ProcessMessageQueueSocketActivity(s
-         return;
-     }
- 
-+    SetControllerDummyID(); // To make sure session handler does not break with internal services
-     switch(msg.type)
-     {
-         case kDmExecMsg_ProcessUspRecord:
 --- a/src/core/msg_handler.c
 +++ b/src/core/msg_handler.c
-@@ -902,6 +902,34 @@ char *MtpSendItemToString(mtp_send_item_
+@@ -902,6 +902,20 @@ char *MtpSendItemToString(mtp_send_item_
  
  /*********************************************************************//**
  **
-+** SetControllerDummyID
-+**
-+** Sets the role for internal user
-+**
-+**
-+**************************************************************************/
-+void SetControllerDummyID()
-+{
-+    cur_msg_controller_info.endpoint_id = "CLI_Utility";
-+}
-+
-+/*********************************************************************//**
-+**
 +** SetControllerRoleForInternal
 +**
 +** Sets the role for internal user
@@ -74,7 +34,6 @@
 +{
 +    cur_msg_combined_role.inherited = kCTrustRole_Untrusted;
 +    cur_msg_combined_role.assigned = kCTrustRole_FullAccess;
-+    SetControllerDummyID();
 +}
 +
 +/*********************************************************************//**

obuspa/patches/0011-max_controllers.patch

@@ -1,42 +0,0 @@
-diff --git a/src/core/mqtt.c b/src/core/mqtt.c
-index 04a1a9c..8cb2ad7 100644
---- a/src/core/mqtt.c
-+++ b/src/core/mqtt.c
-@@ -234,6 +234,8 @@ void HandleMqttDisconnect(mqtt_client_t *client);
- #define DEFINE_MQTT_TrustCertVerifyCallbackIndex(index) \
- int MQTT_TrustCertVerifyCallback_##index (int preverify_ok, X509_STORE_CTX *x509_ctx) \
- {\
-+    if (index >= MAX_MQTT_CLIENTS) \
-+	    return 0; \
-     return DEVICE_SECURITY_TrustCertVerifyCallbackWithCertChain(preverify_ok, x509_ctx, &mqtt_clients[index].cert_chain);\
- }
- 
-@@ -244,6 +246,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex(1);
- DEFINE_MQTT_TrustCertVerifyCallbackIndex(2);
- DEFINE_MQTT_TrustCertVerifyCallbackIndex(3);
- DEFINE_MQTT_TrustCertVerifyCallbackIndex(4);
-+DEFINE_MQTT_TrustCertVerifyCallbackIndex(5);
-+DEFINE_MQTT_TrustCertVerifyCallbackIndex(6);
-+DEFINE_MQTT_TrustCertVerifyCallbackIndex(7);
-+DEFINE_MQTT_TrustCertVerifyCallbackIndex(8);
-+DEFINE_MQTT_TrustCertVerifyCallbackIndex(9);
- // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
- 
- //------------------------------------------------------------------------------------
-@@ -254,10 +261,15 @@ ssl_verify_callback_t* mqtt_verify_callbacks[] = {
-     MQTT_TrustCertVerifyCallbackIndex(2),
-     MQTT_TrustCertVerifyCallbackIndex(3),
-     MQTT_TrustCertVerifyCallbackIndex(4),
-+    MQTT_TrustCertVerifyCallbackIndex(5),
-+    MQTT_TrustCertVerifyCallbackIndex(6),
-+    MQTT_TrustCertVerifyCallbackIndex(7),
-+    MQTT_TrustCertVerifyCallbackIndex(8),
-+    MQTT_TrustCertVerifyCallbackIndex(9),
-     // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
- };
- 
--USP_COMPILEASSERT( ((sizeof(mqtt_verify_callbacks)/sizeof(ssl_verify_callback_t*)) == MAX_MQTT_CLIENTS),
-+USP_COMPILEASSERT( ((sizeof(mqtt_verify_callbacks)/sizeof(ssl_verify_callback_t*)) >= MAX_MQTT_CLIENTS),
-         "There must be MAX_MQTT_CLIENTS callbacks defined");
- 
- /*********************************************************************//**

obuspa/patches/0012-check_mqtt_host_alive.patch

@@ -1,95 +0,0 @@
-diff --git a/src/core/mqtt.c b/src/core/mqtt.c
-index 04a1a9c..00b95a4 100644
---- a/src/core/mqtt.c
-+++ b/src/core/mqtt.c
-@@ -2124,6 +2124,75 @@ exit:
-     }
- }
- 
-+static int _check_host_rechability(CURL *handle, curl_infotype type, char *data, size_t size, void *userp)
-+{
-+    bool *palive = (bool *)userp;
-+
-+    USP_ASSERT(palive != NULL);
-+    switch(type) {
-+        case CURLINFO_HEADER_OUT:
-+        case CURLINFO_HEADER_IN:
-+            *palive = true;
-+            break;
-+        case CURLINFO_TEXT:
-+        {
-+            USP_LOG_Debug("CURL DATA:: [%s]", data);
-+            if (strstr(data, "Connected to ") != NULL) {
-+                *palive = true;
-+            }
-+            break;
-+        }
-+        default:
-+            break;
-+    }
-+
-+    return 0;
-+}
-+
-+int check_mqtt_host_reachability(mqtt_client_t *client)
-+{
-+    CURL *curl;
-+    mqtt_conn_params_t *cparam = &client->conn_params;
-+    char buffer[128] = {0};
-+    int ret = USP_ERR_INTERNAL_ERROR;
-+    bool is_alive = false;
-+
-+    curl = curl_easy_init();
-+    if(curl) {
-+        USP_SNPRINTF(buffer, 128, "mqtt://%s:%d", cparam->host, cparam->port);
-+        curl_easy_setopt(curl, CURLOPT_URL, buffer);
-+
-+        if (strlen(cparam->username) > 0) {
-+            curl_easy_setopt(curl, CURLOPT_USERNAME, cparam->username);
-+        }
-+
-+        if (strlen(cparam->password) > 0) {
-+            curl_easy_setopt(curl, CURLOPT_PASSWORD, cparam->password);
-+        }
-+
-+        curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-+        curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &is_alive);
-+        curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, _check_host_rechability);
-+
-+        /* complete within 2 seconds */
-+        curl_easy_setopt(curl, CURLOPT_TIMEOUT, 2L);
-+
-+        ret = curl_easy_perform(curl);
-+        /* Check for errors */
-+        if(ret == CURLE_OK || ret == CURLE_URL_MALFORMAT || is_alive == true) {
-+            USP_LOG_Debug("CURL MQTT host %s, ret %d, alive %d ...", buffer, ret, is_alive);
-+            ret = USP_ERR_OK;
-+        } else {
-+            USP_LOG_Info("# CURL MQTT host %s unreachable: %d=>%s ...", buffer, ret, curl_easy_strerror(ret));
-+        }
-+
-+        /* always cleanup */
-+        curl_easy_cleanup(curl);
-+    }
-+
-+    return ret;
-+}
-+
- /*********************************************************************//**
- **
- ** PerformMqttClientConnect
-@@ -2193,6 +2262,14 @@ int PerformMqttClientConnect(mqtt_client_t *client)
-         keep_alive = 5;
-     }
- 
-+    // Below function is a workaround to check the host reachability with a timeout
-+    // mosquitto_connect_* API block the thread for 2 mins if host is not reachable,
-+    // which halts other clients connectivity
-+    err = check_mqtt_host_reachability(client);
-+    if (err != USP_ERR_OK) {
-+        err = USP_ERR_INTERNAL_ERROR;
-+        goto exit;
-+    }
-     // Release the access mutex temporarily whilst performing the connect call
-     // We do this to prevent the data model thread from potentially being blocked, whilst the connect call is taking place
-     OS_UTILS_UnlockMutex(&mqtt_access_mutex);

obuspa/patches/0013-mqtt-retry-param-change.patch

@@ -1,76 +0,0 @@
-diff --git a/src/core/device_mqtt.c b/src/core/device_mqtt.c
-index 7b3c3df7eb..7beb78ef86 100755
---- a/src/core/device_mqtt.c
-+++ b/src/core/device_mqtt.c
-@@ -1602,14 +1602,23 @@ int Validate_MQTTConnectRetryTime(dm_req_t *req, char *value)
- int NotifyChange_MQTTConnectRetryTime(dm_req_t *req, char *value)
- {
-     mqtt_conn_params_t *mp;
-+    bool schedule_reconnect = false;
- 
-     // Determine mqtt client to be updated
-     mp = FindMqttParamsByInstance(inst1);
-     USP_ASSERT(mp != NULL);
- 
-     // Set the new value.
-+    if ((mp->retry.connect_retrytime != val_uint) && (mp->enable)) {
-+        schedule_reconnect = true;
-+    }
-+
-     mp->retry.connect_retrytime = val_uint;
- 
-+    if (schedule_reconnect) {
-+        ScheduleMqttReconnect(mp);
-+    }
-+
-     return USP_ERR_OK;
- }
- 
-@@ -1645,14 +1654,23 @@ int Validate_MQTTConnectRetryIntervalMultiplier(dm_req_t *req, char *value)
- int NotifyChange_MQTTConnectRetryIntervalMultiplier(dm_req_t *req, char *value)
- {
-     mqtt_conn_params_t *mp;
-+    bool schedule_reconnect = false;
- 
-     // Determine mqtt client to be updated
-     mp = FindMqttParamsByInstance(inst1);
-     USP_ASSERT(mp != NULL);
- 
-+    if ((mp->retry.interval_multiplier != val_int) && (mp->enable)) {
-+        schedule_reconnect = true;
-+    }
-+
-     // Set the new value.
-     mp->retry.interval_multiplier = val_int;
- 
-+    if (schedule_reconnect) {
-+        ScheduleMqttReconnect(mp);
-+    }
-+
-     return USP_ERR_OK;
- }
- 
-@@ -1688,14 +1706,23 @@ int Validate_MQTTConnectRetryMaxInterval(dm_req_t *req, char *value)
- int NotifyChange_MQTTConnectRetryMaxInterval(dm_req_t *req, char *value)
- {
-     mqtt_conn_params_t *mp;
-+    bool schedule_reconnect = false;
- 
-     // Determine mqtt client to be updated
-     mp = FindMqttParamsByInstance(inst1);
-     USP_ASSERT(mp != NULL);
- 
-+    if ((mp->retry.max_interval != val_uint) && (mp->enable)) {
-+        schedule_reconnect = true;
-+    }
-+
-     // Set the new value.
-     mp->retry.max_interval = val_uint;
- 
-+    if (schedule_reconnect) {
-+        ScheduleMqttReconnect(mp);
-+    }
-+
-     return USP_ERR_OK;
- }
- 

obuspa/patches/0014-mqtt-reconnect.patch

@@ -1,90 +0,0 @@
-diff --git a/src/core/device_controller.c b/src/core/device_controller.c
-index a6335f5..57b8486 100644
---- a/src/core/device_controller.c
-+++ b/src/core/device_controller.c
-@@ -2340,6 +2340,26 @@ int Notify_ControllerEnable(dm_req_t *req, char *value)
-         }
-     }
- }
-+#endif
-+
-+#ifdef ENABLE_MQTT
-+{
-+    // Reconnect MQTT client since it may need to update MQTT reference and Topic
-+    if (cont->enable)
-+    {
-+        int i;
-+        for (i=0; i<MAX_CONTROLLER_MTPS; i++)
-+        {
-+            controller_mtp_t *mtp;
-+
-+            mtp = &cont->mtps[i];
-+            if ((mtp->protocol == kMtpProtocol_MQTT) && (mtp->mqtt_connection_instance != INVALID) && (mtp->enable))
-+            {
-+                DEVICE_MQTT_ScheduleReconnect(mtp->mqtt_connection_instance);
-+            }
-+        }
-+    }
-+}
- #endif
- 
-     return USP_ERR_OK;
-@@ -2468,6 +2488,17 @@ int Notify_ControllerMtpEnable(dm_req_t *req, char *value)
-         }
-     }
- }
-+#endif
-+
-+#ifdef ENABLE_MQTT
-+{
-+    // Reconnect MQTT client since it may need to update MQTT reference and Topic
-+    if ((mtp->protocol == kMtpProtocol_MQTT) && (mtp->enable) && (cont->enable) &&
-+        (mtp->mqtt_connection_instance != INVALID))
-+    {
-+        DEVICE_MQTT_ScheduleReconnect(mtp->mqtt_connection_instance);
-+    }
-+}
- #endif
- 
-     // NOTE: We do not have to do anything for STOMP, as these parameters are only searched when we send
-@@ -2559,6 +2590,16 @@ int Notify_ControllerMtpProtocol(dm_req_t *req, char *value)
-         WSCLIENT_StartClient(cont->instance, mtp->instance, cont->endpoint_id, &mtp->websock);
-     }
- }
-+#endif
-+
-+#ifdef ENABLE_MQTT
-+{
-+    // Reconnect MQTT client since it may need to update MQTT reference and Topic
-+    if ((mtp->protocol == kMtpProtocol_MQTT) && (mtp->mqtt_connection_instance != INVALID))
-+    {
-+        DEVICE_MQTT_ScheduleReconnect(mtp->mqtt_connection_instance);
-+    }
-+}
- #endif
- 
-     // NOTE: We don't need to do anything explicitly for STOMP
-diff --git a/src/core/device_mtp.c b/src/core/device_mtp.c
-index e78a305..d690978 100644
---- a/src/core/device_mtp.c
-+++ b/src/core/device_mtp.c
-@@ -964,6 +964,9 @@ int NotifyChange_AgentMtpProtocol(dm_req_t *req, char *value)
-     }
- #endif
- 
-+    // Cache the changed value
-+    mtp->protocol = new_protocol;
-+
- #ifdef ENABLE_MQTT
-     // Schedule the affected MQTT connection to reconnect (because it might have lost or gained a agent queue to subscribe to)
-     if ((mtp->enable) && (mtp->mqtt_connection_instance != INVALID))
-@@ -972,9 +975,6 @@ int NotifyChange_AgentMtpProtocol(dm_req_t *req, char *value)
-     }
- #endif
- 
--    // Cache the changed value
--    mtp->protocol = new_protocol;
--
- #ifndef DISABLE_STOMP
-     // Schedule the affected STOMP connection to reconnect (because it might have lost or gained a agent queue to subscribe to)
-     if ((mtp->enable) && (mtp->stomp_connection_instance != INVALID))

periodicstats/Config.in

@@ -1,9 +0,0 @@
-if PACKAGE_periodicstats
-config PERIODICSTAT_INTERNAL_SAMPLING_RATE
-	int "Number of times statistics will be measured within a sample interval"
-	range 3 10
-	default 3
-	depends on PACKAGE_periodicstats
-	help
-	 This value must be in range of 3 to 10. (default 3)	
-endif

periodicstats/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=periodicstats
-PKG_VERSION:=1.5.8.2
+PKG_VERSION:=1.5.3
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/periodicstats.git
-PKG_SOURCE_VERSION:=6bee158e3a4d56d573fb8f26fe06fe59b75138ca
+PKG_SOURCE_VERSION:=28bea5be686013af0ba8e54cf4871f10015e4b06
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -32,12 +32,6 @@ define Package/periodicstats/description
 	Manage periodic statistics
 endef
 
-define Package/periodicstats/config
-	source "$(SOURCE)/Config.in"
-endef
-
-TARGET_CFLAGS += -DINTERNAL_SAMPLING_RATE=$(CONFIG_PERIODICSTAT_INTERNAL_SAMPLING_RATE)
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
         $(CP) -rf ~/git/periodicstats/* $(PKG_BUILD_DIR)/

periodicstats/files/etc/config/periodicstats

@@ -1,4 +1,4 @@
 config globals 'globals'
-	option enable '1'
+	option enable '0'
 	option base_interval '5'
 

periodicstats/files/etc/init.d/periodicstats

@@ -17,17 +17,14 @@ start_service() {
 	
 	bbfdm_add_service "bbfdm.periodicstats" "${PERIODICSTATS_JSON_INPUT}"
 
-	procd_open_instance periodicstatsd
-	if [ "${enable}" -eq "1" ]; then
-		procd_set_param command ${PROG}
-		procd_set_param respawn
+	if [ "${enable}" -ne "1" ]; then
+		return 0;
 	fi
-	procd_close_instance
-}
 
-reload_service() {
-	stop
-	start
+	procd_open_instance periodicstatsd
+	procd_set_param command ${PROG}
+	procd_set_param respawn
+	procd_close_instance
 }
 
 service_triggers() {

ponmngr/files/airoha/lib/xpon/airoha.sh

@@ -3,34 +3,39 @@
 . /lib/functions.sh
 
 set_serial_number() {
-	local vendor_id="$1"
-	local vssn="$2"
+	vendor_id=$1
+	vssn=$2
 
 	# Vendor id is not taken from serial automatically, propagate it as well
-	/userfs/bin/omcicfgCmd set vendorId "${vendor_id}"
-	/userfs/bin/omcicfgCmd set sn "${vendor_id}${vssn}"
+	/userfs/bin/omcicfgCmd set vendorId ${vendor_id}
+	/userfs/bin/omcicfgCmd set sn ${vendor_id}${vssn}
 }
 
 set_equipment_id() {
-	local eqid="$1"
+	local eqid=$1
+	local eq_id_default="KE2.119.241R2B"
 
-	if [ -z "${eqid}" ]; then
+	if [ -z "$eqid"  ]; then
 		return
 	fi
 
-	/userfs/bin/omcicfgCmd set equipmentId "${eqid}"
+	if [ "$eqid" = "$eq_id_default" ]; then
+		return
+	fi
+
+        /userfs/bin/omcicfgCmd set equipmentId ${eqid}
 }
 
 set_loid_authentication() {
-	local loid="$1"
-	local loid_pwd="$2"
+	local loid=$1
+	local loid_pwd=$2
 
-	[ -z "${loid}" ] && return
+	[ -z "$loid" ] && return
 
-	/userfs/bin/omcicfgCmd set loid "${loid}"
+	/userfs/bin/omcicfgCmd set loid ${loid}
 
-	if [ -n "${loid_pwd}" ]; then
-		/userfs/bin/omcicfgCmd set loidPasswd "${loid_pwd}"
+	if [ -n "$loid_pwd" ]; then
+		/userfs/bin/omcicfgCmd set loid_password ${loid_pwd}
 	fi
 }
 

ponmngr/files/broadcom/lib/xpon/broadcom.sh

@@ -3,39 +3,37 @@
 . /lib/functions.sh
 
 set_serial_number() {
-	local vendor_id="$1"
-	local vssn="$2"
+	vendor_id=$1
+	vssn=$2
 
-	vendor_id="$(echo "${vendor_id}" | hexdump -e '4/1 "%02X" "\n"')"
-	vendor_id="${vendor_id:0:8}"
+	vendor_id="$(echo $vendor_id | hexdump -e '4/1 "%02X" "\n"')"
+	vendor_id=${vendor_id:0:8}
 
 	bs /b/c gpon onu_sn={vendor_id=$vendor_id,vendor_specific=$vssn}
 }
 
 set_equipment_id() {
-	local equipment_id="$1"
+	equipment_id=$1
 	[ -z "$equipment_id" ] && return
 
-	json_add_string "equipment_id" "$equipment_id"
+	json_add_string "equipment_id" $equipment_id
 }
 
 set_loid_authentication() {
-	local loid="$1"
-	local loid_password="$2"
-
+	loid=$1
+	loid_password=$2
 	[ -z "$loid" ] && return
 
-	json_add_string "loid" "$loid"
-	json_add_string "loid_password" "$loid_password"
+	json_add_string "loid" $loid
+	json_add_string "loid_password" $loid_password
 }
 
 apply_xpon_uci_config() {
-	local sn
 
 	json_init
 	json_add_object 'ani'
 	sn="$(uci -q get xpon.ani.serial_number)"
-	json_add_string "serial_number" "$sn"
+	json_add_string "serial_number" $sn
 	configure_loid_authentication
 	configure_equipment_id
 	json_close_object

ponmngr/files/common/etc/init.d/xpon

@@ -11,21 +11,21 @@ include /lib/xpon
 configure_serial_number() {
 	# serial number generation is taken care in the uci defaults, so if
 	# serial number is not found here its a misconfig
-	local serial_number="$(uci -q get xpon.ani.serial_number)"
+	serial_number="$(uci -q get xpon.ani.serial_number)"
 	if [ ${#serial_number} -eq 12 ]; then
-		local vendor_id="${serial_number:0:4}"
-		local vssn="${serial_number:4:8}"
+		vendor_id="${serial_number:0:4}"
+		vssn="${serial_number:4:8}"
 	else
-		logger -s -t "xpon" "Serial number not found in UCI, ONT will probably not be registered at the OLT."
-		logger -s -t "xpon" "Please configure a valid serial number."
+		logger -s -t "xpon" "Serial number not found in uci, ont will probably not be registered at the olt"
+		logger -s -t "xpon" "Please configure a valid serial number"
 		return
 	fi
 
-	set_serial_number "${vendor_id}" "${vssn}"
+	set_serial_number $vendor_id $vssn
 }
 
 start_service() {
-	if [ "$(uci -q get xpon.ani.enable)" = "1" ]; then
+	if [ "$(uci -q get xpon.ani.enable)" == "1" ]; then
 		configure_serial_number
 		apply_xpon_uci_config
 		init_xpon

ponmngr/files/common/etc/uci-defaults/60-xpon-generate

@@ -3,15 +3,14 @@
 
 configure_serial_number() {
 	# check if serial number is present in the production data
-	local production_sn="$(fw_printenv -n gponsn)"
+	production_sn="$(fw_printenv -n gponsn)"
 	if [ ${#production_sn} -eq 12 ]; then
-		uci set xpon.ani.serial_number="${production_sn}"
+		uci set xpon.ani.serial_number=$production_sn
 	else
-		local macaddr="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
-		local vendor_id="IOPS"
-		local vssn="${macaddr:4:8}"
-
-		uci set xpon.ani.serial_number="${vendor_id}${vssn}"
+		macaddr="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
+		vendor_id="IOPS"
+		vssn="${macaddr:4:8}"
+		uci set xpon.ani.serial_number=$vendor_id$vssn
 	fi
 }
 
@@ -19,38 +18,37 @@ configure_loid_authentication() {
 	local production_loid
 	local production_loidpwd
 
-	local loid="$(uci -q get xpon.ani.loid)"
-	local loidpwd="$(uci -q get xpon.ani.loid_password)"
-
-	if [ -z "${loid}" ]; then
+	loid="$(uci -q get xpon.ani.loid)"
+	loidpwd="$(uci -q get xpon.ani.loid_password)"
+        if [ -z $loid ]; then
 		production_loid="$(fw_printenv -n gponloid)"
 	fi
-	if [ -z "${loidpwd}" ]; then
+	if [ -z $loidpwd ]; then
 		production_loidpwd="$(fw_printenv -n gponloid_password)"
 	fi
 
-	if [ -n "${production_loid}" ]; then
-		uci set xpon.ani.loid="${production_loid}"
+	if [ -n $production_loid ]; then
+		uci set xpon.ani.loid=$production_loid
 	fi
-	if [ -n "${production_loidpwd}" ]; then
-		uci set xpon.ani.loid_password="${production_loidpwd}"
+	if [ -n $production_loidpwd ]; then
+		uci set xpon.ani.loid_password=$production_loidpwd
 	fi
 
 }
 
 if [ -s "/etc/config/xpon" ]; then
-	if uci -q get xpon.ani >/dev/null; then
-		# generate serial number in case its not present and return
-		SERIAL_NUMBER="$(uci -q get xpon.ani.serial_number)"
-		if [ ${#SERIAL_NUMBER} -ne 12 ]; then
+        if uci -q get xpon.ani >/dev/null; then
+                # generate serial number in case its not present and return
+		serial_number="$(uci -q get xpon.ani.serial_number)"
+		if [ ${#serial_number} -ne 12 ]; then
 			configure_serial_number
 		fi
 		configure_loid_authentication
-		exit
-	else
-		rm -f /etc/config/xpon
-	fi
-fi
+                exit                                  
+        else                                          
+                rm -f /etc/config/xpon
+        fi                           
+fi                                   
 touch /etc/config/xpon
 
 uci set xpon.ani=ani

ponmngr/files/common/lib/xpon/get_uci_config.sh

@@ -1,15 +1,13 @@
 #!/bin/sh
 
-configure_equipment_id() {
-	local eqid="$(uci -q get xpon.ani.equipment_id)"
-
-	set_equipment_id "${eqid}"
-}
-
-configure_loid_authentication() {
-	local loid="$(uci -q get xpon.ani.loid)"
-	local loid_pwd="$(uci -q get xpon.ani.loid_password)"
-
-	set_loid_authentication "${loid}" "${loid_pwd}"
+configure_equipment_id() {                                                      
+        eqid="$(uci -q get xpon.ani.equipment_id)"                              
+        set_equipment_id $eqid                                                  
+}                                                                               
+                                                                                
+configure_loid_authentication() {                                               
+        loid="$(uci -q get xpon.ani.loid)"                                      
+        loid_pwd="$(uci -q get xpon.ani.loid_password)"                         
+        set_loid_authentication $loid $loid_pwd                                 
 }
 

porttrigger/Makefile

@@ -0,0 +1,56 @@
+#
+# Copyright (C) 2021-2023 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=porttrigger
+PKG_VERSION:=1.0.0
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+LOCAL_DEV:=1
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/port-trigger.git
+PKG_SOURCE_VERSION:=
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/porttrigger
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Port Trigger Daemon
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api
+endef
+
+define Package/porttrigger/description
+	Manage port trigger
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+        $(CP) -rf ./port-trigger/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/porttrigger/install
+	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/lib/porttrigger
+                                                                                
+	$(INSTALL_BIN) ./files/etc/init.d/porttrigger $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/config/porttrigger $(1)/etc/config/
+	$(INSTALL_DATA) ./files/lib/port_trigger.sh $(1)/lib/porttrigger/
+	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/bbf_plugin/libporttrigger.so)
+endef
+
+$(eval $(call BuildPackage,porttrigger))

porttrigger/files/etc/config/porttrigger

@@ -0,0 +1 @@
+#port trigger uci file

porttrigger/files/etc/init.d/porttrigger

@@ -0,0 +1,20 @@
+#!/bin/sh /etc/rc.common
+
+START=65
+STOP=20
+USE_PROCD=1
+
+. /lib/porttrigger/port_trigger.sh
+
+start_service() {
+	port_trigger_handling
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "firewall"
+}
+
+reload_service() {
+	start
+}

porttrigger/files/lib/port_trigger.sh

@@ -0,0 +1,99 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+process_port_trigger() {
+	local rule_id="$1"
+	local is_enabled=""
+	local duration=""
+	local trigger_dport=""
+	local trigger_dport_end=""
+	local protocol=""
+	local interface=""
+	local open_dport=""
+	local open_dport_end=""
+	local open_protocol=""
+	local ptg_id=""
+
+	config_get ptg_id "$rule_id" "dm_parent"
+
+	is_enabled=$(uci -q get porttrigger."$ptg_id".enable)
+
+	if [ -z "$is_enabled" ] || [ "$is_enabled" = "0" ]; then
+		return
+	fi
+
+	IP_RULE=""
+	protocol=$(uci -q get porttrigger."$ptg_id".protocol)
+	[ -z "$protocol" ] && return
+
+	if [ "$protocol" = "UDP" ] || [ "$protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -p udp"
+	elif [ "$protocol" = "TCP" ] || [ "$protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -p tcp"
+	else
+		return
+	fi
+
+	trigger_dport=$(uci -q get porttrigger."$ptg_id".port)
+	[ -z "$trigger_dport" ] && return
+	IP_RULE="$IP_RULE --dport $trigger_dport"
+
+	trigger_dport_end=$(uci -q get porttrigger."$ptg_id".end_port_range)
+	if [ -n "$trigger_dport_end" ]; then
+		IP_RULE="$IP_RULE:$trigger_dport"
+	fi
+
+	config_get open_protocol "$rule_id" "protocol"
+	if [ "$open_protocol" = "UDP" ] || [ "$open_protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
+	elif [ "$open_protocol" = "TCP" ] || [ "$open_protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
+	else
+		return
+	fi
+
+	config_get open_dport "$rule_id" "port"
+	[ -z "$open_dport" ] && return
+	IP_RULE="$IP_RULE --trigger-match $open_dport"
+
+	config_get open_dport_end "$rule_id" "end_port_range"
+	if [ -z "$open_dport_end" ]; then
+		IP_RULE="$IP_RULE --trigger-relate $open_dport"
+	else
+		IP_RULE="$IP_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
+	fi
+
+	duration=$(uci -q get porttrigger."$ptg_id".auto_disable_duration)
+        if [ -n "$duration" ]; then
+                IP_RULE="$IP_RULE --trigger-timeout $duration"
+        fi
+
+	interface=$(uci -q get porttrigger."$ptg_id".src)
+	[ -z "$interface" ] && return
+	device=$(uci show network | grep -w "name='.*$interface'" | cut -d'.' -f2)
+	ports=$(uci -q get network."$device".ports)
+	for port in ${ports}; do
+        	IP_RULE_1="iptables -t nat -A prerouting_porttrigger -i $port $IP_RULE"
+        	echo "$IP_RULE_1">>/tmp/port_trigger_iptables
+	done
+}
+
+port_trigger_handling() {
+	rm /tmp/port_trigger_iptables
+	iptables -w -t nat -F prerouting_porttrigger
+
+	touch /tmp/port_trigger_iptables
+	prerouting_porttrigger=$(iptables -t nat --list | grep prerouting_porttrigger)
+	if [ -z "$prerouting_porttrigger" ]; then
+		iptables -w -t nat -N prerouting_porttrigger
+		ret=$?
+		[ $ret -eq 0 ] && iptables -w -t nat -I PREROUTING -j prerouting_porttrigger
+	fi
+
+	# Load /etc/config/porttrigger UCI file
+	config_load porttrigger
+	config_foreach process_port_trigger rule
+
+	sh /tmp/port_trigger_iptables
+}

qosmngr/files/airoha/lib/qos/chains.ebtables.sh

@@ -16,10 +16,6 @@ broute_rule_set_traffic_class() {
     fi
 }
 
-broute_filter_on_dscp() {
-    BR_RULE="$BR_RULE --ip-tos $1"
-}
-
 broute_ipv4_rule_options()
 {
     local cid="$1"
@@ -29,12 +25,7 @@ broute_ipv4_rule_options()
     set_ip_addr "$cid" ebt_match_src_ip ebt_match_dst_ip
 
     if [ -n "$dscp_filter" ]; then
-        local tos_val
-        local tos_hex
-
-        tos_val=$((dscp_filter<<2))
-        tos_hex=$(printf "%x" $tos_val)
-        broute_filter_on_dscp "$tos_hex"
+        echo "DSCP filter is not supporter"
     fi
 
     if [ -n "$protocol" ]; then

qosmngr/files/airoha/lib/qos/qos.sh

@@ -15,6 +15,10 @@ include /lib/ethernet
 . /lib/qos/shaper.sh
 . /lib/qos/airoha.sh
 
+get_rate_per_queue() {
+	echo "0"
+}
+
 get_burst_size_per_queue() {
 	echo "0"
 }

qosmngr/files/broadcom/lib/qos/qos.sh

@@ -34,6 +34,10 @@ get_port_number() {
 	done
 }
 
+get_rate_per_queue() {
+	echo "0"
+}
+
 get_burst_size_per_queue() {
 	echo "0"
 }

qosmngr/files/common/etc/uci-defaults/60-qos_config_generate

@@ -31,7 +31,7 @@ generate_queue(){
 		uci set qos.@queue[-1].ifname="$ifname"
 		uci set qos.@queue[-1].precedence="$order"
 		uci set qos.@queue[-1].scheduling="SP"
-		uci set qos.@queue[-1].rate="0"
+		uci set qos.@queue[-1].rate=$(get_rate_per_queue)
 		uci set qos.@queue[-1].burst_size=$(get_burst_size_per_queue)
 		uci set qos.@queue[-1].weight="1"
 	done

qosmngr/files/linux/lib/qos/qos.sh

@@ -15,6 +15,10 @@ Q_COUNT=0
 SP_Q_PRIO=7
 SOQ_wgt=0
 
+get_rate_per_queue() {
+	echo "1000000"
+}
+
 get_burst_size_per_queue() {
 	echo "1500"
 }
@@ -220,7 +224,12 @@ ebt_match_ipv6_dscp() {
 }
 
 broute_filter_on_dscp() {
-	BR_RULE="$BR_RULE --ip-tos $1"
+	# The broadcom option --ip-dscp-extend actually accepts tos
+	# and not dscp and that too in hex, hence, perform the conversion
+	# from dscp in uci to tos first and then convert to hex
+	tos_val=$(($1<<2))
+	tos_hex=$(printf "%x" $tos_val)
+	BR_RULE="$BR_RULE --ip-dscp-extend $tos_hex"
 }
 
 broute_ipv4_rule_options()
@@ -232,12 +241,7 @@ broute_ipv4_rule_options()
 	set_ip_addr $cid ebt_match_src_ip ebt_match_dst_ip
 
 	if [ ! -z $dscp_filter ]; then
-		local tos_val
-		local tos_hex
-
-		tos_val=$((dscp_filter<<2))
-		tos_hex=$(printf "%x" $tos_val)
-		broute_filter_on_dscp "$tos_hex"
+		broute_filter_on_dscp "$dscp_filter"
 	fi
 
 	if [ ! -z $protocol ]; then
@@ -401,20 +405,18 @@ pre_configure_queue() {
 }
 
 get_link_rate() {
-	local ifname="$1"
-	local phycap="$(ethtool $ifname | grep -A 10 "Supported link modes" | grep 00 | tail -n 1 | awk '{print$NF}')"
-	local speed=1000
+        intf="$1"
+	speed=1000
 
-	# Get the max capability of this port
-	case "$phycap" in
-		10000*) speed=10000 ;;
-		5000*) speed=5000 ;;
-		2500*) speed=2500 ;;
-		1000*) speed=1000 ;;
-		100*) speed=100 ;;
-		10*) speed=10 ;;
-		*) speed=1000 ;;
-	esac
+	if [ -d "/sys/class/net/$intf/" ]; then
+		speed=$(cat /sys/class/net/$intf/speed 2>/dev/null)
+		[ -z "$speed" ] & speed=1000
+	fi
+
+	if [ $speed -le 0 ]; then
+		# assuming default 1000
+		speed=1000
+	fi
 
 	echo "$speed"
 }

rulengd/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rulengd
-PKG_VERSION:=1.2.11
+PKG_VERSION:=1.2.10
 PKG_RELEASE:=1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/rulengd.git
-PKG_SOURCE_VERSION:=8fabf294cc056fd9a85cad06e81bd11df64e23a3
+PKG_SOURCE_VERSION:=a32e325090d4303fe9aec786f81f0699006d21ab
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

stunc/Makefile

@@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=stunc
 PKG_RELEASE:=1
-PKG_VERSION:=1.3.3.1
+PKG_VERSION:=1.4.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/stunc.git
-PKG_SOURCE_VERSION:=242326500576f644e7c730f556ce4a896c47be8c
+PKG_SOURCE_VERSION:=335f52d51b3b988917f0130303d571ac1fd9636c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -27,77 +27,25 @@ include ../bbfdm/bbfdm.mk
 
 MAKE_PATH:=src
 
-define Package/stunc/default
+define Package/stunc
   SECTION:=utils
   CATEGORY:=Utilities
   SUBMENU:=TRx69
   TITLE:=BBF STUN Client
-  DEPENDS:=+libubus +libuci +libubox +libjson-c +libblobmsg-json +libbbfdm-api
-endef
-
-define Package/stunc
-  $(Package/stunc/default)
-  TITLE += (default)
-  DEPENDS += +libopenssl
-  VARIANT:=default
-  DEFAULT_VARIANT:=1
-endef
-
-define Package/stunc-mbedtls
-  $(Package/stunc/default)
-  TITLE += (mbedtls)
-  DEPENDS += +PACKAGE_stunc-mbedtls:libmbedtls
-  VARIANT:=mbedtls
-  CONFLICTS := stunc stunc-openssl stunc-wolfssl
-endef
-
-define Package/stunc-openssl
-  $(Package/stunc/default)
-  TITLE += (openssl)
-  DEPENDS += +PACKAGE_stunc-openssl:libopenssl
-  VARIANT:=openssl
-  CONFLICTS := stunc stunc-mbedtls stunc-wolfssl
-endef
-
-define Package/stunc-wolfssl
-  $(Package/stunc/default)
-  TITLE += (wolfssl)
-  DEPENDS += +PACKAGE_stunc-wolfssl:libwolfssl
-  VARIANT:=wolfssl
-  CONFLICTS := stunc stunc-openssl stunc-mbedtls
+  DEPENDS:=+libubus +libuci +libubox +libjson-c +libblobmsg-json +libbbfdm-api +libopenssl
 endef
 
 TARGET_CFLAGS += \
 	-D_GNU_SOURCE \
 	-Wall -Werror
 
-ifeq ($(BUILD_VARIANT),default)
-  MAKE_FLAGS += \
-	USE_OPENSSL="yes"
-endif
-
-ifeq ($(BUILD_VARIANT),wolfssl)
-  MAKE_FLAGS += \
-	USE_WOLFSSL="yes"
-endif
-
-ifeq ($(BUILD_VARIANT),mbedtls)
-  MAKE_FLAGS += \
-	USE_MBEDTLS="yes"
-endif
-
-ifeq ($(BUILD_VARIANT),openssl)
-  MAKE_FLAGS += \
-	USE_OPENSSL="yes"
-endif
-
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/stunc/* $(PKG_BUILD_DIR)/
 endef
 endif
 
-define Package/stunc/default/install
+define Package/stunc/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/init.d
@@ -107,12 +55,4 @@ define Package/stunc/default/install
 	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/src/libstunc.so)
 endef
 
-Package/stunc/install = $(Package/stunc/default/install)
-Package/stunc-openssl/install = $(Package/stunc/default/install)
-Package/stunc-wolfssl/install = $(Package/stunc/default/install)
-Package/stunc-mbedtls/install = $(Package/stunc/default/install)
-
 $(eval $(call BuildPackage,stunc))
-$(eval $(call BuildPackage,stunc-openssl))
-$(eval $(call BuildPackage,stunc-wolfssl))
-$(eval $(call BuildPackage,stunc-mbedtls))

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=3.1.53
+PKG_VERSION:=3.1.45
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=0108f9c192a168936ee223dbf4d85a7ceba7093d
+PKG_SOURCE_VERSION:=9f3525957ac203c8900996c467032c2be6343ae5
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=3.1.53
+PKG_VERSION:=3.1.45
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=5d0336f678a116cdf4c73fec7c0d8ab06c0f65d6
+PKG_SOURCE_VERSION:=32f297540eca2d80aea425968d3503b3c41d86eb
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)

sulu/sulu-lcm/Makefile

@@ -4,11 +4,11 @@
 
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-lcm
-PKG_VERSION:=3.1.52
+PKG_VERSION:=3.1.27
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-lcm.git
-PKG_SOURCE_VERSION:=af612edb4ea186d9c71fc2157883bf686b14e376
+PKG_SOURCE_VERSION:=6b1d30d7918adeb19c5177dd7c5472cb0dac9896
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sulu/sulu-multi-ap/Makefile

@@ -4,11 +4,11 @@
 
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-multi-ap
-PKG_VERSION:=3.1.52
+PKG_VERSION:=3.1.42
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-multi-ap.git
-PKG_SOURCE_VERSION:=ac4a73768844796be5678559b64269e6fe073192
+PKG_SOURCE_VERSION:=e209cbc04a92494b96c74cee443e1b385c6687fe
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sulu/sulu-parental-control/Makefile

@@ -4,11 +4,11 @@
 
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-parental-control
-PKG_VERSION:=3.1.52
+PKG_VERSION:=3.1.38
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-parental-control.git
-PKG_SOURCE_VERSION:=e1c5b4473fba9d42ef7d1e95e634416585bf5887
+PKG_SOURCE_VERSION:=dd9dab9fb8aca87991cd2cc02c5fedd8baee3b97
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

swmodd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=swmodd
-PKG_VERSION:=2.5.3.2
+PKG_VERSION:=2.5.3
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/lcm/swmodd.git
-PKG_SOURCE_VERSION:=d8cc9a7a3749975720c9b748adadb2b6c920acdc
+PKG_SOURCE_VERSION:=80d8a2f0dddc8e1575c0a6dee1e496c52104d033
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

swmodd/files/etc/config/swmodd

@@ -3,7 +3,3 @@ config globals 'globals'
         option debug '1'
         option log_level '3'
         option lan_bridge 'br-lan'
-        option root '/container'
-
-config execenv 'execenv_1'
-        option name 'oci'

swmodd/files/etc/init.d/crun

@@ -56,8 +56,8 @@ configure_lxc_container() {
 }
 
 configure_crun_container() {
-	local name type autostart du_status requested_state url username password capability
-	local BRIDGE BUNDLE BOOT PERM
+	local name type autostart du_status requested_state url username password
+	local BRIDGE BUNDLE BOOT
 	local RUNNER="/etc/swmodd/run.sh"
 
 	BUNDLE="${2}"
@@ -73,10 +73,6 @@ configure_crun_container() {
 	config_get url "${1}" url ""
 	config_get username "${1}" username ""
 	config_get password "${1}" password ""
-	config_get capability "${1}" capability ""
-	if [ -n "${capability}" ]; then
-		PERM="-p ${capability// /,}"
-	fi
 
 	if [ -z "${name}" ] || [ -z "${type}" ] || [ -z "${du_status}" ]; then
 		return 0;
@@ -152,7 +148,7 @@ configure_crun_container() {
 
 	if [ "${BOOT}" -eq "1" ]; then
 		if [ "${autostart}" -eq 1 ]; then
-			${RUNNER} -U -b "${BUNDLE}" -n "${name}" ${PERM}
+			${RUNNER} -U -b "${BUNDLE}" -n "${name}"
 			result=$(cat ${BUNDLE}/${name}/config.json |jq ".annotations.org_opencontainers_image_description")
 			if [ "${result}" != "null" ]; then
 				uci_set ocicontainer "${1}" description "${result}"
@@ -182,10 +178,10 @@ configure_crun_container() {
 			fi
 		elif [ "${requested_state}" = "Active" ]; then
 			if is_container_running "${name}"; then
-				${RUNNER} -u -n "${name}" -i "${BRIDGE}" ${PERM}
+				${RUNNER} -u -n "${name}" -i "${BRIDGE}"
 				crun resume "${name}"
 			else
-				${RUNNER} -U -b "${BUNDLE}" -n "${name}" ${PERM}
+				${RUNNER} -U -b "${BUNDLE}" -n "${name}"
 				result=$(cat ${BUNDLE}/${name}/config.json |jq ".annotations.org_opencontainers_image_description")
 				if [ "${result}" != "null" ]; then
 					uci_set ocicontainer "${1}" description "${result}"
@@ -211,7 +207,7 @@ configure_crun_container() {
         procd_set_param stderr 1
         procd_set_param command "${RUNNER}"
         procd_append_param command -b "${BUNDLE}" -n "${name}" -i "${BRIDGE}"
-        #procd_set_param respawn
+        procd_set_param respawn
         procd_close_instance "${name}"
 }
 
@@ -241,7 +237,7 @@ start_service() {
 
 	env=$(uci -q get swmodd.@execenv[0].name)
 	if [ -z "${root}" ] || [ -z "${bridge}" ]; then
-		log "# Base bundle root[$root] or bridge[$bridge] not defined"
+		log "Base bundle root[$root] or bridge[$bridge] not defined"
 		return 0;
 	fi
 

swmodd/files/etc/init.d/swmodd

@@ -22,20 +22,20 @@ validate_globals_section()
 }
 
 start_lxc_container() {
-	local root_dir
+	local root
 
 	config_get name "${1}" name ""
 	config_get type "${1}" type ""
 	config_get autostart "${1}" autostart "0"
 	config_get timeout "${1}" timeout "300"
-	root_dir="${2}"
+	root="${2}"
 
 	if [ -z "${name}" ] || [ -z "${type}" ]; then
 		return 0;
 	fi
 
 	# workaround to install lxc container with installdu and autostart them
-	if [ -f "${root_dir}/$name/config" ]; then
+	if [ -f "${root}/$name/config" ]; then
 		type=lxc
 	fi
 
@@ -43,7 +43,7 @@ start_lxc_container() {
 		return 0;
 	fi
 
-	state=$(lxc-info -n "$name" -s -H)
+	state=$(lxc-ls -f | tail -n +2 | grep -w "${name}" | cut -d " " -f 2)
 	if [ -z "${state}" ]; then
 		return 0;
 	fi
@@ -81,24 +81,31 @@ start_service() {
 	local enabled debug log_level sock root
 
 	config_load swmodd
+
 	validate_globals_section || {
 		return 1;
 	}
 
 	[ "${enabled}" -eq 0 ] && return 0
 
-	# crun default runtime directory /run, if not present then create
 	[ ! -d "/run" ] && ln -fs /var/run /run
+        if [ ! -d "${root}" ]; then
+                log "# Not staring root [${root}] not present/defined"
+                return 1
+        fi
 
-	if [ ! -d "${root}" ]; then
-		log "# Not starting, Base root [${root}] not accessible/defined"
-		return 1
-	fi
+	env_name=""
+	execenvs=$(uci show swmodd | grep "=execenv" | cut -d'=' -f 1 | cut -d'.' -f 2)
+	for env in ${execenvs}; do
+		name=$(uci get swmodd.${env}.name)
+		if [ -n "${name}" ]; then
+			env_name="${name}"
+			break
+		fi
+	done
 
-	# Currently only one execenv supported
-	env_name="$(uci -q get swmodd.@execenv[0].name)"
 	if [ -z "${env_name}" ]; then
-		log "# Not starting, execenv name [${env_name}] not defined"
+		log "# Not starting execenv name [${env_name}] not defined"
 		return 1
 	fi
 
@@ -108,14 +115,10 @@ start_service() {
 	fi
 
 	bundle_root="${bundle_root}${env_name}"
-	if [ ! -d "${bundle_root}" ]; then
-		if [ -n "${bundle_root}" ]; then
-			mkdir -p "${bundle_root}"
-		else
-			log "# Not starting, execenv [${bundle_root}] not defined"
-			return 1
-		fi
-	fi
+        if [ ! -d "${bundle_root}" ]; then
+                log "# Not staring execenv [${bundle_root}] not present"
+                return 1
+        fi
 
 	procd_open_instance swmodd
 	procd_set_param command ${PROG}
@@ -151,5 +154,5 @@ reload_service() {
 }
 
 service_triggers() {
-	procd_add_reload_trigger "swmodd"
+       procd_add_reload_trigger "swmodd"
 }

swmodd/files/etc/swmodd/run.sh

@@ -74,7 +74,7 @@ setup_container_network() {
 }
 
 run_container() {
-	local bundle name bridge network
+	local bundle name bridge
 
 	bundle="${1}"
 	name="${2}"
@@ -85,13 +85,7 @@ run_container() {
 		return 1
 	fi
 
-	# Only do the network setup if defined in config
-	network="$(cat ${BUNDLE}/${NAME}/config.json |jq '.linux.namespaces[] |select (.type == "network")')"
-	if [ -n "${network}" ] ; then
-		setup_container_network "${name}" "${bridge}"
-	else
-		log "Network not defined in config, using host network..."
-	fi
+	setup_container_network "${name}" "${bridge}"
 	
         script -q -c "crun run -b ${bundle}/${name} ${name}" /dev/null
 }
@@ -129,57 +123,12 @@ update_config_json() {
 	fi
 	cd "${BUNDLE}/${NAME}"
 	if cat config.json |jq '.linux.namespaces[] |select (.type == "network") |.path' |grep -q ${NAME}; then
-		# If netns already configured and no additional permission bit assigned, exit from here
-		if [ -z "${PERM}" ]; then
-			exit 0;
-		fi
+		exit 0;
 	fi
 
 	mv config.json config_orig.json
 	json_init
 	json_load_file "config_orig.json"
-
-	# update hostname to container name
-	if [ -n "${NAME}" ]; then
-		json_add_string hostname "${NAME}"
-	fi
-
-	# Update cabalities
-	if [ -n "${PERM}" ]; then
-		log "Updating Permission in the json ..."
-		PERM="${PERM//,/ }"
-		json_select process
-			json_select capabilities
-				json_select bounding
-					for p in ${PERM}; do
-						json_add_string "" ${p}
-					done
-				json_select ..
-				json_select effective
-					for p in ${PERM}; do
-						json_add_string "" ${p}
-					done
-				json_select ..
-				json_select inheritable
-					for p in ${PERM}; do
-						json_add_string "" ${p}
-					done
-				json_select ..
-				json_select permitted
-					for p in ${PERM}; do
-						json_add_string "" ${p}
-					done
-				json_select ..
-				json_select ambient
-					for p in ${PERM}; do
-						json_add_string "" ${p}
-					done
-				json_select ..
-			json_select ..
-		json_select ..
-	fi
-
-	# update additional capabilities
 	json_select linux
 	json_for_each_item update_network_ns namespaces
 	json_dump >config.json
@@ -263,19 +212,16 @@ pull_image_from_registry() {
 clean=0
 net_update=0
 update_json=0
-PERM=""
-
-while getopts b:n:i:r:l:t:p:cuU options
+while getopts b:n:i:r:l:t:cuU options
 do
 	case "${options}" in
 		b) BUNDLE=${OPTARG};;
-		c) clean=1;;
-		i) BRIDGE=${OPTARG};;
 		n) NAME=${OPTARG};;
-		p) PERM="${OPTARG}";;
+		i) BRIDGE=${OPTARG};;
 		r) REGURL=${OPTARG};;
 		l) LOGIN=${OPTARG};;
 		t) TIMEOUT=${OPTARG};;
+		c) clean=1;;
 		u) net_update=1;;
 		U) update_json=1;;
 		*) log "Invalid options";;
@@ -287,7 +233,7 @@ if [ -z "${NAME}" ]; then
 	return 0;
 fi
 
-if [ "${update_json}" -eq "1" ]; then
+if [ "${update_json}" -eq 1 ]; then
 	update_config_json
 	return 0;
 fi
@@ -297,7 +243,7 @@ if [ -n "${REGURL}" ]; then
 	return 0;
 fi
 
-if [ "$clean" -eq "1" ]; then
+if [ "$clean" -eq 1 ]; then
 	clean_container_network "${NAME}"
 	return 0;
 fi
@@ -307,7 +253,7 @@ if [ -z "${BRIDGE}" ]; then
 	return 0;
 fi
 
-if [ "${net_update}" -eq "1" ]; then
+if [ "${net_update}" -eq 1 ]; then
 	get_veth_name "${NAME}"
 	brctl addif "${BRIDGE}" "${VETHNAME}"
 	return 0;

swmodd/files/etc/uci-defaults/01-fix-bundle-path

@@ -10,31 +10,32 @@ configure_ee_path() {
 	config_get oci_bundle globals oci_bundle_root ""
 
 	mkdir -p /etc/lxc
-	if [ -n "${lxc_bundle}" ]; then
-		# if lxc_bundle_root define in swmodd, then remove it
-		name=$(echo ${lxc_bundle##/*/})
-		root=$(echo ${lxc_bundle%/$name})
-		echo "lxc.lxcpath = ${lxc_bundle}" > /etc/lxc/lxc.conf
-		uci_set swmodd globals lxc_bundle_root ""
-	fi
-
 	if [ -n "${oci_bundle}" ]; then
 		# if oci_bundle_root define in swmodd, then remove it
 		name=$(echo ${oci_bundle##/*/})
 		root=$(echo ${oci_bundle%/$name})
 		echo "lxc.lxcpath = ${oci_bundle}" > /etc/lxc/lxc.conf
-		uci_set swmodd globals oci_bundle_root ""
+	elif [ -n "${lxc_bundle}" ]; then
+		# if lxc_bundle_root define in swmodd, then remove it
+		name=$(echo ${lxc_bundle##/*/})
+		root=$(echo ${lxc_bundle%/$name})
+		echo "lxc.lxcpath = ${lxc_bundle}" > /etc/lxc/lxc.conf
+	elif [ -f /etc/lxc/lxc.conf ]; then
+		bundle_path=$(cat /etc/lxc/lxc.conf | grep "lxc.lxcpath" | cut -d "=" -f 2 | sed 's/[[:blank:]]//g')
+		name=$(echo ${bundle_path##/*/})
+		root=$(echo ${bundle_path%/$name})
+	else
+		name="lxc"
+		root="/srv"
+		echo "lxc.lxcpath = /srv/lxc" > /etc/lxc/lxc.conf
 	fi
 
+	uci_set swmodd globals oci_bundle_root ""
+	uci_set swmodd globals lxc_bundle_root ""
+
 	# configure root in globals section
-	if [ -n "${root}" ]; then
-		if ! uci_get swmodd globals root >/dev/null; then
-			uci_set swmodd globals root ${root}
-		fi
-	fi
-
-	if [ -z "${name}" ]; then
-		name="oci"
+	if ! uci_get swmodd globals root >/dev/null; then
+		uci_set swmodd globals root ${root}
 	fi
 
 	# configure execenv in swmodd

testnet/Makefile

@@ -1,27 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=testnet
-PKG_VERSION:=1.0.0
-PKG_RELEASE:=1
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_LICENSE:=GPL-2.0-only
-include $(INCLUDE_DIR)/package.mk
-
-define Package/testnet
-  CATEGORY:=Utilities
-  TITLE:=Check WAN IP Connection
-  DEPENDS:=+ndisc6
-endef
-
-define Package/testnet/description
-	Check WAN IP connection
-endef
-
-define Build/Compile
-endef
-
-define Package/testnet/install
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,testnet))

testnet/files/etc/init.d/testnet

@@ -1,23 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=21
-STOP=10
-USE_PROCD=1
-
-TESTNET=$(which testnet)
-
-start_service() {
-	# do not start testnet if the feature is explicitly disabled
-	[ "$(uci -q get testnet.global.enabled)" = "0" ] && return 0
-
-	[ -n "$TESTNET" ] && {
-		procd_open_instance
-		procd_set_param command "$TESTNET"
-		procd_set_param respawn
-		procd_close_instance
-	}
-}
-
-reload_service() {
-	procd_send_signal testnet
-}