fluent-bit: add support for lua filter

this allows us to add custom records, for example, for converting
kernel monotonic timestamps to UTC format timestamps

bbfdm/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bbfdm
-PKG_VERSION:=1.15.14
+PKG_VERSION:=1.15.28
 
 USE_LOCAL:=0
 ifneq ($(USE_LOCAL),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bbfdm.git
-PKG_SOURCE_VERSION:=e3757b5f37d2683b08edf9dae175210093e47cea
+PKG_SOURCE_VERSION:=a20a15888b15864136ec40b15f221db2edbaf574
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -155,6 +155,10 @@ define Package/bbfdmd/install
 	
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/etc/uci-defaults/91-fix-bbfdmd-enabled-option $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/ruleng.bbfdm $(1)/etc/uci-defaults
+
+	$(INSTALL_DIR) $(1)/etc/ruleng
+	$(INSTALL_BIN) ./files/etc/ruleng/bbfdm.json $(1)/etc/ruleng
 endef
 
 define Package/dm-service/install

bbfdm/files/etc/bbfdm/critical_services.json

@@ -14,8 +14,6 @@
 			"firewall",
 			"network",
 			"dhcp",
-			"stunc",
-			"xmpp",
 			"wireless",
 			"time"
 	]

bbfdm/files/etc/ruleng/bbfdm.json

@@ -0,0 +1,62 @@
+{
+	"hosts_refresh": {
+		"if" : [
+			{
+				"event": "host"
+			}
+		],
+		"then" : [
+			{
+				"object": "bbfdm.hostmngr",
+				"method":"refresh_references_db",
+				"args" : {},
+				"timeout": 1
+			}
+		]
+	},
+	"dhcp_refresh": {
+		"if" : [
+			{
+				"event": "host"
+			}
+		],
+		"then" : [
+			{
+				"object": "bbfdm.dhcpmngr",
+				"method":"refresh_references_db",
+				"args" : {},
+				"timeout": 1
+			}
+		]
+	},
+	"ieee1905_refresh_add": {
+		"if" : [
+			{
+				"event": "ieee1905.neighbor.add"
+			}
+		],
+		"then" : [
+			{
+				"object": "bbfdm.ieee1905",
+				"method":"refresh_references_db",
+				"args" : {},
+				"timeout": 1
+			}
+		]
+	},
+	"ieee1905_refresh_del": {
+		"if" : [
+			{
+				"event": "ieee1905.neighbor.del"
+			}
+		],
+		"then" : [
+			{
+				"object": "bbfdm.ieee1905",
+				"method":"refresh_references_db",
+				"args" : {},
+				"timeout": 1
+			}
+		]
+	}
+}

bbfdm/files/etc/uci-defaults/ruleng.bbfdm

@@ -0,0 +1,2 @@
+uci -q set ruleng.bbfdm=rule
+uci -q set ruleng.bbfdm.recipe='/etc/ruleng/bbfdm.json'

bulkdata/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bulkdata
-PKG_VERSION:=2.1.19
+PKG_VERSION:=2.1.20
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/bulkdata.git
-PKG_SOURCE_VERSION:=628525b02ae9ccd39f4bc85cf616ed4a102bca48
+PKG_SOURCE_VERSION:=a5e57962938ca143ede65d92be90b6e9fce66e15
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

decollector/Makefile

@@ -1,22 +1,23 @@
 #
-# Copyright (C) 2021-2023 IOPSYS Software Solutions AB
+# Copyright (C) 2021-2024 IOPSYS Software Solutions AB
+# Copyright (C) 2025 Genexis AB
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=decollector
-PKG_VERSION:=6.2.0.1
+PKG_VERSION:=6.2.1.2
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=575ecfff3779aadcea83d890ba975109c0f7d6a3
+PKG_SOURCE_VERSION:=a5c381b2855bd88f09dedb00f76040f1a4662079
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/decollector.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
+PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@genexis.eu>
 
 
 PKG_LICENSE:=BSD-3-Clause

dectmngr/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dectmngr
 PKG_RELEASE:=3
-PKG_VERSION:=3.7.4
+PKG_VERSION:=3.7.7
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/dectmngr.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=393dfd7637fdeccc24ef286c3daec9a232896b98
+PKG_SOURCE_VERSION:=289a91b3e7f221f16c976efd147bd4b203420b41
 PKG_MIRROR_HASH:=skip
 endif
 

dectmngr/files/etc/config/dect

@@ -1,3 +1,6 @@
 config dect 'global'
- 	option log_dect_cmbs 'syslog'
-        option log_level 'realtime,warning,error'
+	option log_dect_cmbs 'syslog'
+	option log_level 'realtime,warning,error'
+
+config dect 'base'
+	option enable '1'

dectmngr/files/etc/init.d/dectmngr

@@ -11,6 +11,25 @@ LOG_PATH=/var/log/dectmngr
 DB_PATH=/etc/dect
 DCX81_UART_DT_ALIAS=/proc/device-tree/aliases/dcx81-uart
 
+get_extension_shift() {
+   local dect_exts
+
+   get_dect_extension() {
+       local ext=$1
+       local type
+
+       config_get type $ext type
+
+       [ "$type" == "dect" ] && echo $ext
+    }
+
+    config_load "asterisk"
+
+    dect_exts=$(config_foreach get_dect_extension "extension" |sort |head -n1)
+
+    echo "${dect_exts#extension}"
+}
+
 # Ask dectmngr to exit nicely and wait for it to clean up, which is a slow process.
 stop_and_wait_dectmngr() {
 	dect_pid=$(pidof $PROG)
@@ -56,6 +75,8 @@ start_service() {
 		return 0
 	fi
 
+	opt_ext="-extensionShift $(get_extension_shift)"
+
 	local dcx81_uart_device
 	if ! dcx81_uart_device="$(get_dcx81_device)"; then
 		logger -t "$PROG" -p daemon.warning "Could not determine DCX81 UART device. Falling back to default ttyH0."
@@ -77,6 +98,11 @@ start_service() {
 
 	config_load dect
 	config_get log_dect_cmbs global log_dect_cmbs syslog
+	config_get pcm_slot_start global pcm_slot_start
+	config_get pcm_fsync global pcm_fsync
+
+        [ -n "$pcm_fsync" ] && opt_ext="$opt_ext -sync $pcm_fsync"
+        [ -n "$pcm_slot_start" ] && opt_ext="$opt_ext -slotsShift $pcm_slot_start"
 
 	procd_open_instance
 

dhcpmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dhcpmngr
-PKG_VERSION:=1.0.5
+PKG_VERSION:=1.0.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dhcpmngr.git
-PKG_SOURCE_VERSION:=2a517188211849bcc324a9f9727eeb34d076c032
+PKG_SOURCE_VERSION:=986f66608959f4f589009d580b046e250d8c620d
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

dnsmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmngr
-PKG_VERSION:=1.0.16
+PKG_VERSION:=1.0.17
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/dnsmngr.git
-PKG_SOURCE_VERSION:=32bd2501fca8a4f45ba13ee0e4762756c60fe721
+PKG_SOURCE_VERSION:=2ceb76e98cf23a8d52ab3f464d38d62385311a87
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

ethmngr/Makefile

@@ -5,14 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ethmngr
-PKG_VERSION:=3.0.5
+PKG_VERSION:=3.0.7
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/hal/ethmngr.git
-PKG_SOURCE_VERSION:=01e1c5f6642a8fa79fc445c71558ad02bda40eb5
-PKG_MAINTAINER:=Rahul Thakur <rahul.thakur@iopsys.eu>
+PKG_SOURCE_VERSION:=171cf63d972c6fa81b97281531e457a0967c16c7
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip
 endif

ethmngr/files/etc/hotplug.d/ethernet/ethport-deprecated-ubus-event

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-[ -n "$PORT" -a -n "$LINK" ] || exit 0
-
-case "$PORT" in
-	# do not generate ethport ubus event
-	# for wifi, dsl and brige devices
-	wl*|wds*|atm*|ptm*|br-*)
-		exit 0
-	;;
-esac
-
-speed=0
-duplex=full
-
-if [ "$LINK" = "up" ]; then
-	devspeed="$(ubus -t 2 call network.device status "{\"name\":\"$PORT\"}" | jsonfilter -e @.speed)"
-	speed=${devspeed:0:-1}
-	duplex=${devspeed:0-1}
-	[ "$duplex" == "H" ] && duplex="half" || duplex="full"
-fi
-
-ubus send ethport "{\"ifname\":\"$PORT\",\"link\":\"$LINK\",\"speed\":\"$speed\",\"duplex\":\"$duplex\"}"

ethmngr/files/etc/ruleng/ethport.json

@@ -0,0 +1,23 @@
+{
+	"ethport_update": {
+		"if" : [
+			{
+				"event": "network.device",
+				"match": {
+					"wireless": false
+				}
+			}
+		],
+		"then" : [
+			{
+				"cli": "/sbin/hotplug-call ethernet",
+				"envs": {
+					"PORT": "&network.device->ifname",
+					"LINK": "&network.device->link"
+				},
+				"timeout": 1
+			}
+		]
+	}
+}
+

ethmngr/files/etc/uci-defaults/ruleng.ethport

@@ -0,0 +1,2 @@
+uci -q set ruleng.ethport=rule
+uci -q set ruleng.ethport.recipe='/etc/ruleng/ethport.json'

firewallmngr/files/port-trigger/etc/init.d/port-trigger

@@ -7,7 +7,11 @@ USE_PROCD=1
 . /lib/port-trigger/port_trigger.sh
 
 start_service() {
-	port_trigger_handling
+	port_trigger_add
+}
+
+stop_service() {
+	port_trigger_clean
 }
 
 service_triggers()
@@ -17,5 +21,6 @@ service_triggers()
 }
 
 reload_service() {
+	stop
 	start
 }

firewallmngr/files/port-trigger/lib/port-trigger/port_trigger.sh

@@ -119,18 +119,12 @@ process_port_trigger() {
 	fi
 }
 
-port_trigger_handling() {
+port_trigger_add() {
 	rm /tmp/port_trigger_iptables 2> /dev/null
 	rm /tmp/port_trigger_ip6tables 2> /dev/null
 	touch /tmp/port_trigger_iptables
 	touch /tmp/port_trigger_ip6tables
 
-	echo "iptables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "iptables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "iptables -w -t nat -F prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "ip6tables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-	echo "ip6tables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-
 	echo "iptables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
 	ret=$?
 	[ $ret -eq 0 ] && echo "iptables -w -t nat -I PREROUTING -j prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
@@ -139,7 +133,7 @@ port_trigger_handling() {
 	[ $ret -eq 0 ] && echo "iptables -w -t filter -I forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
 	echo "iptables -w -t nat -N prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
 	ret=$?
-	[ $ret -eq 0 ] && echo "iptables -w -t nat -I prerouting_wan_rule -j prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
+	[ $ret -eq 0 ] && echo "iptables -w -t nat -A prerouting_wan_rule -j prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
 
 	echo "ip6tables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
 	ret=$?
@@ -155,3 +149,21 @@ port_trigger_handling() {
 	sh /tmp/port_trigger_iptables
 	sh /tmp/port_trigger_ip6tables
 }
+
+port_trigger_clean() {
+	iptables -w -t nat -D PREROUTING -j prerouting_porttrigger 2> /dev/null
+	iptables -w -t nat -F prerouting_porttrigger 2> /dev/null
+	iptables -w -t nat -X prerouting_porttrigger 2> /dev/null
+	iptables -w -t nat -D prerouting_wan_rule -j prerouting_wan_porttrigger 2> /dev/null
+	iptables -w -t nat -F prerouting_wan_porttrigger 2> /dev/null
+	iptables -w -t nat -X prerouting_wan_porttrigger 2> /dev/null
+	iptables -w -t filter -D forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null
+	iptables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null
+	iptables -w -t filter -X forwarding_wan_porttrigger 2> /dev/null
+	ip6tables -w -t nat -D PREROUTING -j prerouting_porttrigger 2> /dev/null
+	ip6tables -w -t nat -F prerouting_porttrigger 2> /dev/null
+	ip6tables -w -t nat -X prerouting_porttrigger 2> /dev/null
+	ip6tables -w -t filter -D forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null
+	ip6tables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null
+	ip6tables -w -t filter -X forwarding_wan_porttrigger 2> /dev/null
+}

fluent-bit/Makefile

@@ -1,18 +1,19 @@
 #
-# Copyright (C) 2024 IOPSYS
+# Copyright (C) 2024-2025 IOPSYS
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fluent-bit
-PKG_VERSION:=3.1.0
+PKG_VERSION:=4.0.2
 PKG_RELEASE:=$(AUTORELEASE)
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit/archive/v$(PKG_VERSION)
-PKG_HASH:=7a49e110cf3050b6c29c911063494b8081f3c743274d1d95e52562d0476ba1eb
+PKG_SOURCE_URL_FILE:=v$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit/archive/refs/tags/
+PKG_HASH:=aa0577ba7251081c8d5398b2a905b5b0585bb657ca13b39a5e12931437516f08
 endif
 
 PKG_LICENSE:=Apache-2.0
@@ -23,7 +24,7 @@ include $(INCLUDE_DIR)/cmake.mk
 
 define Package/fluent-bit
 	CATEGORY:=Utilities
-	DEPENDS:= +libyaml +libopenssl +libcurl +libatomic +musl-fts +flex +bison
+	DEPENDS:= +libyaml +libopenssl +libcurl +libatomic +musl-fts +flex +bison +libstdcpp +@OPENSSL_WITH_NPN
 	TITLE:=Fluent-Bit
 	URL:=https://fluentbit.io/
 endef
@@ -45,15 +46,16 @@ CMAKE_OPTIONS+= \
 	-DFLB_RELEASE=Yes \
 	-DFLB_SMALL=No \
 	-DEXCLUDE_FROM_ALL=true \
-	-DFLB_SHARED_LIBS=Yes \
+	-DFLB_SHARED_LIB=Yes \
 	-DFLB_DEBUG=Yes \
 	-DFLB_ALL=No \
 	-DFLB_JEMALLOC=No \
 	-DFLB_EXAMPLES=No \
 	-DFLB_CHUNK_TRACE=No \
 	-DFLB_BACKTRACE=No \
+	-DFLB_KAFKA=No \
 	-DFLB_WASM=No \
-	-DFLB_LUAJIT=No
+	-DFLB_LUAJIT=Yes
 
 # In plugins
 CMAKE_OPTIONS += \
@@ -100,11 +102,11 @@ CMAKE_OPTIONS += \
 
 
 # Filter options
-CMAKE_OPTIONS += 
+CMAKE_OPTIONS += \
+	-DFLB_FILTER_LUA=Yes \
 	-DFLB_FILTER_AWS=No \
 	-DFLB_FILTER_ECS=No \
 	-DFLB_FILTER_KUBERNETES=No \
-	-DFLB_FILTER_LUA=No \
 	-DFLB_FILTER_NEST=No \
 	-DFLB_FILTER_RECORD_MODIFIER=No \
 	-DFLB_FILTER_THROTTLE=No \
@@ -138,6 +140,7 @@ CMAKE_OPTIONS += \
 	-DFLB_OUT_ES=No \
 	-DFLB_OUT_GELF=No \
 	-DFLB_OUT_INFLUXDB=No \
+	-DFLB_OUT_KAFKA=No \
 	-DFLB_OUT_NRLOGS=No \
 	-DFLB_OUT_OPENSEARCH=No \
 	-DFLB_OUT_TD=No \

fluent-bit/patches/0003-fix_luajit_compile_error.patch

@@ -0,0 +1,24 @@
+diff --git a/lib/luajit-cmake/LuaJIT.cmake b/lib/luajit-cmake/LuaJIT.cmake
+index 4ad1ef565..c0dee5830 100644
+--- a/lib/luajit-cmake/LuaJIT.cmake
++++ b/lib/luajit-cmake/LuaJIT.cmake
+@@ -426,10 +426,17 @@ execute_process(
+   OUTPUT_STRIP_TRAILING_WHITESPACE
+ )
+ 
+-if (GIT_EXISTENCE EQUAL 0)
++execute_process(
++  COMMAND git rev-parse --is-inside-work-tree
++  RESULT_VARIABLE GIT_IN_REPOSITORY
++  OUTPUT_VARIABLE GIT_IS_IN_REPOSITORY
++  OUTPUT_STRIP_TRAILING_WHITESPACE
++)
++
++if ((GIT_EXISTENCE EQUAL 0) AND (GIT_IN_REPOSITORY EQUAL 0))
+   message(STATUS "Using Git: ${GIT_VERSION}")
+   add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/luajit_relver.txt
+-    COMMAND git show -s --format=${GIT_FORMAT} > ${CMAKE_CURRENT_BINARY_DIR}/luajit_relver.txt
++    COMMAND git -c log.showSignature=false show -s --format=${GIT_FORMAT} > ${CMAKE_CURRENT_BINARY_DIR}/luajit_relver.txt
+     WORKING_DIRECTORY ${LUAJIT_DIR}
+   )
+ else()

hostmngr/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostmngr
-PKG_VERSION:=1.2.16
+PKG_VERSION:=1.2.20
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=3b50823da3f2904191332634c1e45d46090def1d
+PKG_SOURCE_VERSION:=3948618fa8fa23a0ddc51632b0036dbd08e27696
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/hostmngr.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

icwmp/Config.in

@@ -7,4 +7,16 @@ config ICWMP_MGMT_FROM_USP
 config ICWMP_BACKUP_EVENTS
 	bool "Create backup of session events to persistent storage after each successful session"
 	default y
+
+config ICWMP_ENABLE_VENDOR_EXTN
+	bool "Enable datamodel vendor extension"
+	default y
+
+config ICWMP_VENDOR_PREFIX
+	string "Package specific datamodel Vendor Prefix for TR181 extensions"
+	default ""
+
+config ICWMP_ENABLE_SMM_SUPPORT
+	bool "Enable software module management support"
+	default n
 endmenu

icwmp/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.8.41
+PKG_VERSION:=9.9.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/icwmp.git
-PKG_SOURCE_VERSION:=1e192605446b420c103a08e8a145be114ebdcabc
+PKG_SOURCE_VERSION:=5dba542b280495730176da468bc45ed5dcc8c94e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -52,6 +52,21 @@ ifeq ($(CONFIG_ICWMP_BACKUP_EVENTS),y)
 EXTRA_CFLAGS += -DPERSIST_BACKUP_SESSION_EVENTS
 endif
 
+ifeq ($(CONFIG_ICWMP_ENABLE_VENDOR_EXTN),y)
+EXTRA_CFLAGS += -DICWMP_ENABLE_VENDOR_EXTN
+endif
+
+ifeq ($(CONFIG_ICWMP_ENABLE_SMM_SUPPORT),y)
+EXTRA_CFLAGS += -DICWMP_ENABLE_SMM_SUPPORT
+endif
+
+ifeq ($(CONFIG_ICWMP_VENDOR_PREFIX),"")
+CMAKE_OPTIONS += -DBBF_VENDOR_PREFIX:String="$(CONFIG_BBF_VENDOR_PREFIX)"
+else
+CMAKE_OPTIONS += -DBBF_VENDOR_PREFIX:String="$(CONFIG_ICWMP_VENDOR_PREFIX)"
+endif
+
+
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
 	$(CP) -rf ~/git/icwmp/* $(PKG_BUILD_DIR)/

icwmp/bbfdm_service.json

@@ -15,7 +15,8 @@
       },
       {
         "parent_dm": "Device.",
-        "object": "XMPP"
+        "object": "XMPP",
+        "proto": "cwmp"
       }
     ],
     "config": {

icwmp/files/etc/config/cwmp

@@ -1,6 +1,6 @@
 config acs 'acs'
 	option userid '' #$OUI-$SER
-	option passwd 'iopsys'
+	option passwd ''
 	option periodic_inform_enable 'true'
 	option periodic_inform_interval '1800'
 	option periodic_inform_time '0001-01-01T00:00:00Z'
@@ -29,7 +29,7 @@ config cpe 'cpe'
 	option log_file_name '/var/log/icwmpd.log'
 	option log_max_size '102400'
 	option userid '' #$OUI-$SER
-	option passwd 'iopsys'
+	option passwd ''
 	option port '7547'
 	option provisioning_code ''
 	option amd_version '5'
@@ -45,6 +45,7 @@ config cpe 'cpe'
 	option fw_upgrade_keep_settings '1'
 	option clock_sync_timeout '128'
 	option disable_datatype_check '0'
+	#list allowed_cr_ip '10.5.1.0/24'
 	
 config lwn 'lwn'
 	option enable '0'

icwmp/files/etc/icwmpd/firewall.cwmp

@@ -6,19 +6,24 @@ log() {
 }
 
 get_firewall_zone() {
-	zone="$(uci show firewall|grep network|grep -w ${1}|cut -d. -f 2)"
+	zone="$(uci show firewall|grep network|grep -w "${1}"|cut -d. -f 2)"
 	zone="${zone:-wan}" # defaults to wan zone
 	echo "$zone"
 }
 
-cleanup_exiting_rules() {
-        while iptables -w 1 -nL zone_"${1}"_input --line-numbers 2>/dev/null | grep "Open_ACS_port"; do
+cleanup_upstream_rules() {
+	if [ -z "${1}" ]; then
+		log "Rule can not be cleaned without zone name"
+		return
+	fi
+
+	while iptables -w 1 -nL zone_"${1}"_input --line-numbers 2>/dev/null | grep "Open_ACS_port"; do
 		rule_num="$(iptables -w 1 -nL zone_"${1}"_input --line-numbers | grep "Open_ACS_port" | head -1|awk '{print $1}')"
 		if [ -n "${rule_num}" ]; then
 			iptables -w 1 -D zone_"${1}"_input "${rule_num}";
 		fi
 	done
-        while ip6tables -w 1 -nL zone_"${1}"_input --line-numbers 2>/dev/null | grep "Open_ACS_port"; do
+	while ip6tables -w 1 -nL zone_"${1}"_input --line-numbers 2>/dev/null | grep "Open_ACS_port"; do
 		rule_num="$(ip6tables -w 1 -nL zone_"${1}"_input --line-numbers | grep "Open_ACS_port" | head -1|awk '{print $1}')"
 		if [ -n "${rule_num}" ]; then
 			ip6tables -w 1 -D zone_"${1}"_input "${rule_num}";
@@ -26,76 +31,142 @@ cleanup_exiting_rules() {
 	done
 }
 
-enable="$(uci -q get cwmp.cpe.enable)"
-enable="${enable:-1}"
-
-if [ "$enable" -eq 0 ]; then
-	log "CWMP not enabled"
-	exit 0;
-fi
-
-wan="$(uci -q get cwmp.cpe.default_wan_interface)"
-wan="${wan:-wan}"
-
-zone_name="$(get_firewall_zone $wan)"
-
-port=$(uci -q get cwmp.cpe.port)
-port="${port:-7547}"
-
-incoming_rule=$(uci -q get cwmp.cpe.incoming_rule|awk '{print tolower($0)}')
-incoming_rule="${incoming_rule:-port_only}"
-
-ipaddr=$(uci -c /var/state -q get icwmp.acs.ip)
-ip6addr=$(uci -c /var/state -q get icwmp.acs.ip6)
-
-cmd="iptables -w 1 -I zone_${zone_name}_input -p tcp"
-cmd6="ip6tables -w 1 -I zone_${zone_name}_input -p tcp"
-
-# default incoming rule is Port only
-if [ "${incoming_rule}" = "ip_only" ]; then
-	if [ -n "${ipaddr}" ]; then
-		cmd="${cmd} -s ${ipaddr}"
-	fi
-	if [ -n "${ip6addr}" ]; then
-		cmd6="${cmd6} -s ${ip6addr}"
-	fi
-elif [ "${incoming_rule}" = "port_only" ]; then
-	if [ -n "${port}" ]; then
-		cmd="${cmd} --dport ${port}"
-		cmd6="${cmd6} --dport ${port}"
-	fi
-else
-	if [ -n "${ipaddr}" ]; then
-		cmd="${cmd} -s ${ipaddr}"
+cleanup_downstream_rules() {
+	if [ -z "${1}" ]; then
+		log "Rule can not be cleaned without zone name"
+		return
 	fi
 
-	if [ -n "${ip6addr}" ]; then
-		cmd6="${cmd6} -s ${ip6addr}"
+	while iptables -w 1 -nL zone_"${1}"_input --line-numbers 2>/dev/null | grep "Close_ACS_port"; do
+		rule_num="$(iptables -w 1 -nL zone_"${1}"_input --line-numbers | grep "Close_ACS_port" | head -1|awk '{print $1}')"
+		if [ -n "${rule_num}" ]; then
+			iptables -w 1 -D zone_"${1}"_input "${rule_num}";
+		fi
+	done
+	while ip6tables -w 1 -nL zone_"${1}"_input --line-numbers 2>/dev/null | grep "Close_ACS_port"; do
+		rule_num="$(ip6tables -w 1 -nL zone_"${1}"_input --line-numbers | grep "Close_ACS_port" | head -1|awk '{print $1}')"
+		if [ -n "${rule_num}" ]; then
+			ip6tables -w 1 -D zone_"${1}"_input "${rule_num}";
+		fi
+	done
+}
+
+close_downstream_acs_port() {
+	lan="${1}"
+	port="${2}"
+	zone_name="$(get_firewall_zone $lan)"
+
+	if [ -z "${zone_name}" ]; then
+		log "Rule can not be added without zone name"
+		return
 	fi
 
-	if [ -n "${port}" ]; then
-		cmd="${cmd} --dport ${port}"
-		cmd6="${cmd6} --dport ${port}"
-	fi
-fi
-
-cleanup_exiting_rules "${zone_name}"
-
-echo "${cmd}"|grep -q "\-\-dport \|\-s "
-if [ "$?" -eq 0 ]; then
-	cmd="${cmd} -j ACCEPT -m comment --comment=Open_ACS_port"
+	cmd="iptables -w 1 -I zone_${zone_name}_input -p tcp --dport ${port} -j DROP -m comment --comment=Close_ACS_port"
 	${cmd}
 	log "Applied [${cmd}]"
-fi
 
-echo "${cmd6}"|grep -q "\-\-dport \|\-s "
-if [ "$?" -eq 0 ]; then
-	cmd6="${cmd6} -j ACCEPT -m comment --comment=Open_ACS_port"
-	${cmd6}
-	log "Applied [${cmd6}]"
-fi
+	cmd="ip6tables -w 1 -I zone_${zone_name}_input -p tcp --dport ${port} -j DROP -m comment --comment=Close_ACS_port"
+	${cmd}
+	log "Applied [${cmd}]"
+}
 
-if [ -f "/var/state/icwmp" ]; then
-	uci -c /var/state -q set icwmp.cpe.firewall_restart="init"
-	uci -c /var/state -q commit icwmp
-fi
+add_firewall_rule() {
+	version="${1}"
+	ipaddr="${2}"
+	port="${3}"
+	zone_name="${4}"
+	cmd=""
+
+	if [ -z "${zone_name}" ]; then
+		log "Rule can not be added without zone name"
+		return
+	fi
+
+	if [ "${version}" = "ipv6" ]; then
+		cmd="ip6tables -w 1 -I zone_${zone_name}_input -p tcp"
+	else
+		cmd="iptables -w 1 -I zone_${zone_name}_input -p tcp"
+	fi
+
+	if [ -n "${ipaddr}" ]; then
+		cmd="${cmd} -s ${ipaddr}"
+	fi
+
+	if [ -n "${port}" ]; then
+		cmd="${cmd} --dport ${port}"
+	fi
+
+	if echo "${cmd}"|grep -q "\-\-dport \|\-s "; then
+		cmd="${cmd} -j ACCEPT -m comment --comment=Open_ACS_port"
+		${cmd}
+		log "Applied [${cmd}]"
+	fi
+}
+
+configure_connection_req_rules() {
+	app="${1}"
+
+	wan="$(uci -q get cwmp.cpe.default_wan_interface)"
+	wan="${wan:-wan}"
+
+	wan_zone_name="$(get_firewall_zone $wan)"
+
+	cleanup_upstream_rules "${wan_zone_name}"
+
+	lan="$(uci -q get cwmp.cpe.default_lan_interface)"
+	lan="${lan:-lan}"
+
+	if [ "${lan}" != "${wan}" ]; then
+		lan_zone_name="$(get_firewall_zone $lan)"
+		cleanup_downstream_rules "${lan_zone_name}"
+	fi
+
+	enable="$(uci -q get cwmp.cpe.enable)"
+	enable="${enable:-1}"
+
+	if [ "$enable" -eq 0 ]; then
+		exit 0
+	fi
+
+	url="$(uci -q get cwmp.acs.url)"
+	if [ -z "${url}" ]; then
+		url="$(uci -q get cwmp.acs.dhcp_url)"
+	fi
+
+	# no need to apply firewall rule, acs url not configured
+	if [ -z "${url}" ]; then
+		exit 0
+	fi
+
+	if [ -z "${app}" ]; then
+		if ! ubus -t 1 list tr069 2>/dev/null; then
+			log "cwmp client not running"
+			exit 0
+		fi
+	fi
+
+	port=$(uci -q get cwmp.cpe.port)
+	port="${port:-7547}"
+
+	ipaddr=$(uci -q get cwmp.cpe.allowed_cr_ip)
+	if [ -n "${ipaddr}" ]; then
+		for ip in $ipaddr; do
+			if echo "${ip}" | grep -q ":"; then
+				add_firewall_rule "ipv6" "${ip}" "${port}" "${wan_zone_name}"
+			else
+				add_firewall_rule "ipv4" "${ip}" "${port}" "${wan_zone_name}"
+			fi
+		done
+	else
+		# Port-only
+		add_firewall_rule "ipv6" "" "${port}" "${wan_zone_name}"
+		add_firewall_rule "ipv4" "" "${port}" "${wan_zone_name}"
+	fi
+
+	if [ "${lan}" != "${wan}" ]; then
+		# Close the ACS port at Lan side
+		close_downstream_acs_port "${lan}" "${port}"
+	fi
+}
+
+configure_connection_req_rules "$@"

icwmp/files/etc/uci-defaults/85-cwmp-set-userid

@@ -4,6 +4,10 @@
 # Copy defaults by the factory to the cwmp UCI user section.
 config_load cwmp
 
+if [ -f "/lib/functions/iopsys-environment.sh" ]; then
+	. /lib/functions/iopsys-environment.sh
+fi
+
 # Get Manufacturer OUI.
 config_get oui cpe manufacturer_oui ""
 if [ -z "${oui}" ]; then
@@ -38,4 +42,14 @@ if [ -z "${enable_cwmp}" ]; then
     uci -q set cwmp.cpe.enable="1"
 fi
 
+default_password="$(get_acs_password)"
+config_get pass cpe passwd ""
+if [ -z "${pass}" ]; then
+	uci -q set cwmp.cpe.passwd="${default_password:-iopsys}"
+fi
+
+config_get pass acs passwd ""
+if [ -z "${pass}" ]; then
+	uci -q set cwmp.acs.passwd="${default_password:-iopsys}"
+fi
 # No need for commit here, it is done by uci_apply_defaults().

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=8.7.4
+PKG_VERSION:=8.7.8
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=c01ef079c78045670a834dbc0fbb937652dd7e70
+PKG_SOURCE_VERSION:=9c507bfb7f45fad81097262f05dc7cd11760e6b0
 PKG_SOURCE_URL:=https://dev.iopsys.eu/multi-ap/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ieee1905/files/etc/uci-defaults/32-ieee1905-device-info

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+. /etc/os-release
+
+set_val() {
+	uci -q get "$1" > /dev/null || uci set "${1}=${2:-${3}}"
+}
+
+set_val ieee1905.ieee1905.manufacturer "$OPENWRT_DEVICE_MANUFACTURER" IOPSYS
+set_val ieee1905.ieee1905.model_name "$(cat /tmp/sysinfo/model)" 1905-SampleDev
+set_val ieee1905.ieee1905.device_name "$NAME" 1905Device
+
+exit 0

libeasy/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libeasy
-PKG_VERSION:=7.4.5
+PKG_VERSION:=7.4.6
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=67e6b91b8aca4c068a71f097f5f0576b47ec1d2e
+PKG_SOURCE_VERSION:=ca7b20068c9d373e41045a2e899a9c697576262c
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libeasy.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

libvoice-airoha/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvoice-airoha
 PKG_RELEASE:=1
-PKG_VERSION:=1.1.2
+PKG_VERSION:=1.1.3
 PKG_LICENSE:=PROPRIETARY
 PKG_LICENSE_FILES:=LICENSE
 
@@ -17,7 +17,7 @@ LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/$(PKG_NAME).git
-PKG_SOURCE_VERSION:=1ded9a4bb0f2f8a5f3989799b5500e328e086c99
+PKG_SOURCE_VERSION:=f4ffa38b77e20f9e2a6b6ffd5b2bf83cddb6bffc
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

libvoice-airoha/files/etc/uci-defaults/991-libvoice-airoha

@@ -1,16 +1,25 @@
 #!/bin/sh
 
 hasVoice=$(db -q get hw.board.hasVoice)
-
 [ "$hasVoice" = "1" ] || exit 0
 
-SLIC=`cat /proc/device-tree/airoha-voice/slic-type`
-[ "${SLIC#pef}" != "${SLIC}" ] || exit 0
+SLIC=$(cat /proc/device-tree/airoha-voice/slic-type)
+[ "${SLIC#pef}" != "${SLIC}" ] && {
+    echo Configure TxGain and RxGain for MXL SLIC $SLIC
 
-echo Configure TxGain and RxGain for MXL SLIC $SLIC
+    ports=$(db -q get hw.board.VoicePorts)
+    for p in $(seq 0 $((ports-1))); do
+        uci set asterisk.extension${p}.txgain='10'
+        uci set asterisk.extension${p}.rxgain='-15'
+    done
+}
 
-ports=$(db -q get hw.board.VoicePorts)
-for p in $(seq 0 $((ports-1))); do
-    uci set asterisk.extension${p}.txgain='10'
-    uci set asterisk.extension${p}.rxgain='-15'
-done
+hasDect=$(db -q get hw.board.hasDect)
+[ "$hasDect" = "1" ] || exit 0
+
+# configure the PCM for DECT/DCX81
+[ -f "/proc/device-tree/aliases/dcx81-uart" ] && {
+    uci set dect.global.pcm_fsync='SHORT_LF'
+    uci set dect.global.pcm_slot_start='8'
+    uci set dect.global.dect_channel_start='3'
+}

libwifi/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libwifi
-PKG_VERSION:=7.10.9
+PKG_VERSION:=7.12.9
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=b2718296b4312e0bb6bd4cab802453d696a666d2
+PKG_SOURCE_VERSION:=0877163a9653a9f83c8244aa24f762a131ae02a6
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/libwifi.git
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz

logmngr/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=logmngr
-PKG_VERSION:=1.0.14
+PKG_VERSION:=1.0.15
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
@@ -33,6 +33,7 @@ define Package/logmngr
  DEPENDS+=+LOGMNGR_BACKEND_SYSLOG_NG:syslog-ng
  DEPENDS+=+LOGMNGR_LOGROTATE:logrotate
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+ CONFLICTS:=logd
 endef
 
 define Package/logmngr/description
@@ -62,8 +63,8 @@ ifeq ($(CONFIG_LOGMNGR_BACKEND_FLUENTBIT),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/fluent-bit.sh $(1)/lib/logmngr/
 	$(INSTALL_DIR) $(1)/usr/libexec
 	$(INSTALL_BIN) ./files/logmngr-klogd $(1)/usr/libexec/
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) ./files/logread $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_BIN) ./files/logread $(1)/sbin/
 endif
 ifeq ($(CONFIG_LOGMNGR_BACKEND_SYSLOG_NG),y)
 	$(INSTALL_DATA) ./files/lib/logmngr/syslog-ng.sh $(1)/lib/logmngr/

logmngr/files/lib/logmngr/fluent-bit.sh

@@ -23,6 +23,7 @@ create_service_section() {
 	echo "    flush        1" >> ${TMP_CONF_FILE}
 	echo "    daemon       off" >> ${TMP_CONF_FILE}
 	echo "    log_level    info" >> ${TMP_CONF_FILE}
+	echo "    coro_stack_size    24576" >> ${TMP_CONF_FILE}
 	echo "    parsers_file /etc/fluent-bit/parsers.conf" >> ${TMP_CONF_FILE}
 	echo "" >> ${TMP_CONF_FILE}
 }

logmngr/files/lib/logmngr/logrotate.sh

@@ -8,10 +8,9 @@ LOGROTATE_TMP_FILE=/tmp/logrotate/logrotate.conf
 create_logrotate_file() {
 	mkdir -p /tmp/logrotate
 	rm -f ${LOGROTATE_TMP_FILE}
-	touch ${LOGROTATE_FILE}
+	touch ${LOGROTATE_TMP_FILE}
 }
 
-
 handle_logrotate() {
 	local section="$1"
 

ltq-nand/Makefile

@@ -1,36 +0,0 @@
-#
-# Copyright (C) 2008-2016 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=ltq-nand
-PKG_VERSION:=1.0
-
-PKG_SOURCE:=v$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/merbanan/ltq-nand/archive/
-#PKG_SOURCE_PROTO:=git
-#PKG_SOURCE_URL:=https://github.com/merbanan/ltq-nand/releases/download/v$(PKG_VERSION)/
-#PKG_SOURCE_URL:=https://github.com/merbanan/ltq-nand.git
-#PKG_SOURCE_VERSION:=07b5b0331af6de4174dab2c02bf260ee9625452a
-
-PKG_LICENSE:=GPLv2
-PKG_LICENSE_FILES:=LICENSE
-
-include $(INCLUDE_DIR)/host-build.mk
-
-
-define Host/Compile
-	$(MAKE) -C $(HOST_BUILD_DIR)
-endef
-
-define Host/Install
-	$(CP) \
-		$(HOST_BUILD_DIR)/ltq-nand \
-		$(STAGING_DIR_HOST)/bin/
-endef
-
-$(eval $(call HostBuild))
-

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=6.3.3.9
+PKG_VERSION:=6.3.5.3
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=81b815c32aafbf5476bba4691ce36b9a446c3363
+PKG_SOURCE_VERSION:=a2cc8dde8da330c2e78e186174db45ba36681b6a
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/etc/hotplug.d/ethernet/map-dynamic-backhaul

@@ -1,6 +1,5 @@
 #!/bin/sh
 
-conn_ports_file="/var/run/multiap/map.connected.ports"
 map_bh_file="/var/run/multiap/multiap.backhaul"
 
 # Exit if AL Bridge is not configured to be a bridge device
@@ -30,30 +29,6 @@ al_brnet="${al_bridge:3}"
 
 ############## Dynamic Backhaul Daemon ##############
 if [ -n "$(which dynbhd)" ]; then
-	pidof dynbhd >/dev/null && exit 0 # dynbhd is managing the links
-
-	if [ ! -f $conn_ports_file ]; then
-		mkdir -p /var/run/multiap
-		touch $conn_ports_file
-		if [ "$LINK" = "up" ]; then
-			touch $conn_ports_file
-			echo "$PORT" > $conn_ports_file
-			brctl delif $al_bridge $PORT
-			#ubus call network.interface.lan remove_device "{\"name\":\"$PORT\"}"
-		fi
-	else
-		if [ "$LINK" = "up" ]; then
-			brctl delif $al_bridge $PORT
-			echo "$PORT" >> $conn_ports_file
-			#ubus call network.interface.lan remove_device "{\"name\":\"$PORT\"}"
-		else
-			sed -i -E "/(^|:)${PORT}(:|$)/d" $conn_ports_file
-			#ubus call network.interface.lan add_device "{\"name\":\"$PORT\"}"
-			brctl addif $al_bridge $PORT
-			[ "$(cat $conn_ports_file | wc -c)" = "0" ] && rm -f $conn_ports_file
-		fi
-	fi
-
 	exit 0
 fi
 ########################################################

map-controller/Config.in

@@ -15,6 +15,11 @@ config CONTROLLER_PROVISION_DISABLED_AP
 	bool "Enable vendor extension that provisions disabled APs to agents"
 	default n
 
+config CONTROLLER_PROVISION_BRIDGE
+	depends on CONTROLLER_EASYMESH_VENDOR_EXT
+	bool "Enable vendor extension that provisions custom bridge for APs to agents, if configured"
+	default n
+
 config CONTROLLER_EASYMESH_VENDOR_EXT_OUI_DEFAULT
 	hex "Vendor OUI default"
 	default 0xB456FA

map-controller/Makefile

@@ -6,9 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=6.3.0.10
+PKG_VERSION:=6.3.0.17
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=4abd4db59e3bc5e19c263dba07a10d5326bfa98c
+PKG_SOURCE_VERSION:=7f55e5705fee1b879d651bbba872ec5d7152d5ab
 PKG_MAINTAINER:=Jakob Olsson <jakob.olsson@genexis.eu>
 
 LOCAL_DEV=0
@@ -65,6 +65,9 @@ TARGET_CFLAGS += -DEASYMESH_VENDOR_EXT
 ifeq ($(CONFIG_CONTROLLER_PROVISION_DISABLED_AP),y)
 TARGET_CFLAGS += -DPROVISION_DISABLED_AP
 endif
+ifeq ($(CONFIG_CONTROLLER_PROVISION_BRIDGE),y)
+TARGET_CFLAGS += -DPROVISION_BRIDGE
+endif
 endif
 
 ifeq ($(CONFIG_CONTROLLER_PROPAGATE_PROBE_REQ),y)

map-controller/files/etc/config/mapcontroller

@@ -33,27 +33,27 @@ config sta_steering
 
 config ap
 	option band '2'
-	option ssid '$DEVICE_MANUFACTURER-$BASEMAC_ADDR'
-	option encryption 'sae-mixed'
-	option key '$WIFI_FH_KEY'
+	option ssid '$WIFI_FH_2G_SSID'
+	option encryption '$WIFI_FH_2G_ENCRYPTION'
+	option key '$WIFI_FH_2G_KEY'
 	option vid '1'
 	option type 'fronthaul'
 	option mld_id '1'
 
 config ap
 	option band '5'
-	option ssid '$DEVICE_MANUFACTURER-$BASEMAC_ADDR'
-	option encryption 'sae-mixed'
-	option key '$WIFI_FH_KEY'
+	option ssid '$WIFI_FH_5G_SSID'
+	option encryption '$WIFI_FH_5G_ENCRYPTION'
+	option key '$WIFI_FH_5G_KEY'
 	option vid '1'
 	option type 'fronthaul'
 	option mld_id '1'
 
 config ap
 	option band '6'
-	option ssid '$DEVICE_MANUFACTURER-$BASEMAC_ADDR'
-	option encryption 'sae'
-	option key '$WIFI_FH_KEY'
+	option ssid '$WIFI_FH_6G_SSID'
+	option encryption '$WIFI_FH_6G_ENCRYPTION'
+	option key '$WIFI_FH_6G_KEY'
 	option vid '1'
 	option type 'fronthaul'
 	option mld_id '1'
@@ -87,8 +87,8 @@ config ap
 
 config mld
 	option id '1'
-	option ssid '$DEVICE_MANUFACTURER-$BASEMAC_ADDR'
-	option key '$WIFI_FH_KEY'
+	option ssid '$WIFI_FH_ALL_SSID'
+	option key '$WIFI_FH_ALL_KEY'
 #	option vid '1'
 	option type 'fronthaul'
 

map-controller/files/etc/uci-defaults/99-mapcntlr

@@ -1,18 +1,95 @@
 #!/bin/sh
 
+. /lib/functions/system.sh
+. /usr/share/libubox/jshn.sh
+
+CFG=/etc/board.json
 . /etc/device_info
 
 WIFI_BH_KEY=$(openssl rand -rand /dev/urandom -hex 64 2>/dev/null | openssl dgst -hex -sha256 | cut -d " " -f 2)
 WIFI_BH_KEY=${WIFI_BH_KEY::-1}
 
-BASEMAC_ADDR="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
-[ ${#BASEMAC_ADDR} -eq 12 ] || BASEMAC_ADDR="$(db -q get device.deviceinfo.BaseMACAddress | tr -d ':')"
+BASEMAC_ADDR="$(get_mac_label | tr -d ':' | tr 'a-z' 'A-Z')"
 
-WIFI_FH_KEY="$(db get hw.board.wpa_key)"
-WIFI_FH_KEY="${WIFI_FH_KEY:-1234567890}"
+FALLBACK_SSID="$DEVICE_MANUFACTURER-$BASEMAC_ADDR"
+FALLBACK_KEY="1234567890"
+FALLBACK_2G_ENCRYPTION="sae-mixed"
+FALLBACK_5G_ENCRYPTION="sae-mixed"
+FALLBACK_6G_ENCRYPTION="sae"
+FALLBACK_ALL_ENCRYPTION="sae-mixed"
+
+set_per_band_callback() {
+	local band="$2"
+	json_select "$band" || return
+	local ssid encryption key
+	json_get_vars ssid encryption key
+	case "$band" in
+	all|2g|5g|6g)
+		local band_upper="$(printf "%s" "$band" | tr 'a-z' 'A-Z')"
+		eval "WIFI_FH_${band_upper}_SSID=\$ssid"
+		eval "WIFI_FH_${band_upper}_ENCRYPTION=\$encryption"
+		eval "WIFI_FH_${band_upper}_KEY=\$key"
+		;;
+	esac
+	json_select ..
+}
+
+set_vars_from_board_json() {
+	json_init
+	json_load_file "$CFG"
+	if json_select wlan && json_select defaults && json_is_a ssids object; then
+		json_for_each_item set_per_band_callback ssids
+	fi
+	json_cleanup
+}
+
+set_in_priority() {
+	local destination="$1"
+	local alternative value
+	shift
+	for alternative in "$@"; do
+		eval "value=\${${alternative}}"
+		if [ -n "$value" ]; then
+			echo "Setting $destination to '$value' from \$$alternative"
+			eval "${destination}=\$value"
+			break
+		fi
+	done
+}
+
+set_missing_vars_from_fallback() {
+	local band what
+	for band in ALL 2G 5G 6G; do
+		for what in SSID KEY; do
+			set_in_priority \
+				WIFI_FH_${band}_${what} \
+				WIFI_FH_${band}_${what} \
+				WIFI_FH_ALL_${what} \
+				FALLBACK_${what}
+		done
+		# Per band fallback variables for encryption because SAE is mandatory on 6 GHz
+		set_in_priority \
+			WIFI_FH_${band}_ENCRYPTION \
+			WIFI_FH_${band}_ENCRYPTION \
+			FALLBACK_${band}_ENCRYPTION
+	done
+}
+
+set_vars_from_board_json
+set_missing_vars_from_fallback
 
 sed -i  -e "s/\$BASEMAC_ADDR/$BASEMAC_ADDR/g" \
-	-e "s/\$WIFI_FH_KEY/$WIFI_FH_KEY/g" \
+	-e "s/\$WIFI_FH_2G_KEY/$WIFI_FH_2G_KEY/g" \
+	-e "s/\$WIFI_FH_5G_KEY/$WIFI_FH_5G_KEY/g" \
+	-e "s/\$WIFI_FH_6G_KEY/$WIFI_FH_6G_KEY/g" \
+	-e "s/\$WIFI_FH_ALL_KEY/$WIFI_FH_ALL_KEY/g" \
+	-e "s/\$WIFI_FH_2G_SSID/$WIFI_FH_2G_SSID/g" \
+	-e "s/\$WIFI_FH_5G_SSID/$WIFI_FH_5G_SSID/g" \
+	-e "s/\$WIFI_FH_6G_SSID/$WIFI_FH_6G_SSID/g" \
+	-e "s/\$WIFI_FH_ALL_SSID/$WIFI_FH_ALL_SSID/g" \
+	-e "s/\$WIFI_FH_2G_ENCRYPTION/$WIFI_FH_2G_ENCRYPTION/g" \
+	-e "s/\$WIFI_FH_5G_ENCRYPTION/$WIFI_FH_5G_ENCRYPTION/g" \
+	-e "s/\$WIFI_FH_6G_ENCRYPTION/$WIFI_FH_6G_ENCRYPTION/g" \
+	-e "s/\$WIFI_FH_ALL_ENCRYPTION/$WIFI_FH_ALL_ENCRYPTION/g" \
 	-e "s/\$WIFI_BH_KEY/$WIFI_BH_KEY/g" \
-	-e "s/\$DEVICE_MANUFACTURER/$DEVICE_MANUFACTURER/g" \
 	/etc/config/mapcontroller	2>/dev/null

netmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmngr
-PKG_VERSION:=1.1.5
+PKG_VERSION:=1.1.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/netmngr.git
-PKG_SOURCE_VERSION:=77158d2ee3ac2d144681f6352d6d18dde0db4b22
+PKG_SOURCE_VERSION:=f1422e4de76990f7037ca265431d5f1031621c93
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

netmode/Makefile

@@ -8,11 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netmode
-PKG_VERSION:=1.0.1
+PKG_VERSION:=1.1.2
 PKG_RELEASE:=1
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0-only
 include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/iopsys/bbfdm/bbfdm.mk
 
 define Package/netmode
   CATEGORY:=Utilities
@@ -23,11 +24,29 @@ define Package/netmode/description
 	Network Modes and Utils
 endef
 
+define Package/$(PKG_NAME)/config
+	config NETMODE_VENDOR_PREFIX
+		depends on PACKAGE_netmode
+		string "Vendor Extension used for netmode datamodel"
+		default ""
+endef
+
+ifeq ($(CONFIG_NETMODE_VENDOR_PREFIX),"")
+VENDOR_PREFIX = $(CONFIG_BBF_VENDOR_PREFIX)
+else
+VENDOR_PREFIX = $(CONFIG_NETMODE_VENDOR_PREFIX)
+endif
+
 define Build/Compile
 endef
 
 define Package/netmode/install
-	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DIR) $(1)/lib
+	$(CP) ./files/etc/* $(1)/etc/
+	$(CP) ./files/lib/* $(1)/lib/
+	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) $(PKG_NAME)
+	$(BBFDM_INSTALL_MS_DM) -v ${VENDOR_PREFIX} ./files/datamodel.json $(1) $(PKG_NAME)
 endef
 
 $(eval $(call BuildPackage,netmode))

netmode/bbfdm_service.json

@@ -0,0 +1,16 @@
+{
+  "daemon": {
+    "enable": "1",
+    "service_name": "netmode",
+    "unified_daemon": false,
+    "services": [
+      {
+        "parent_dm": "Device.",
+        "object": "{BBF_VENDOR_PREFIX}NetMode"
+      }
+    ],
+    "config": {
+      "loglevel": "3"
+    }
+  }
+}

netmode/files/datamodel.json

@@ -0,0 +1,267 @@
+{
+	"json_plugin_version": 2,
+	"Device.{BBF_VENDOR_PREFIX}NetMode.": {
+		"type": "object",
+		"protocols": [
+			"cwmp",
+			"usp"
+		],
+		"description": "Datamodel vendor extension to support easy switching between wan types, a reboot is required in some cases after switching the mode",
+		"access": false,
+		"array": false,
+		"dependency": "file:/etc/config/netmode",
+		"Enable": {
+			"type": "boolean",
+			"read": true,
+			"write": true,
+			"description": "Enable/Disable WAN switching using netmode",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "netmode",
+						"section": {
+							"name": "global"
+						},
+						"option": {
+							"name": "enabled"
+						}
+					}
+				}
+			]
+		},
+		"Mode": {
+			"type": "string",
+			"read": true,
+			"write": true,
+			"description": "Current configured netmode value",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"flags": [
+				"Reference"
+			],
+			"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "netmode",
+						"section": {
+							"name": "global"
+						},
+						"option": {
+							"name": "mode"
+						}
+					},
+					"linker_obj": "Device.{BBF_VENDOR_PREFIX}NetMode.SupportedModes.[Name==@key]."
+				}
+			]
+		},
+		"SupportedModesNumberOfEntries": {
+			"type": "unsignedInt",
+			"read": true,
+			"write": false,
+			"description": "SupportedModes Number of entries in the current config",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"mapping": [
+			{
+				"type": "uci",
+				"uci": {
+					"file": "netmode",
+					"section": {
+						"type": "supported_modes"
+					},
+					"option": {
+						"name": "@Count"
+					}
+				}
+			}
+			]
+		},
+		"Device.{BBF_VENDOR_PREFIX}NetMode.SupportedModes.{i}.": {
+			"type": "object",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"access": false,
+			"array": true,
+			"description": "Object to list supported wan modes",
+			"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "netmode",
+						"section": {
+							"type": "supported_modes"
+						},
+						"dmmapfile": "dmmap_netmode"
+					}
+				}
+			],
+			"Name": {
+				"type": "string",
+				"read": true,
+				"write": false,
+				"description": "Name of the wan mode, it has to be unique and in sync with /etc/netmodes/",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"flags": [
+					"Linker",
+					"Unique"
+				],
+				"mapping": [
+					{
+						"type": "uci_sec",
+						"data": "@Parent",
+						"key": "name"
+					}
+				]
+			},
+			"Description": {
+				"type": "string",
+				"read": true,
+				"write": false,
+				"description": "Human readable description for this mode",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"mapping": [
+					{
+						"type": "uci_sec",
+						"data": "@Parent",
+						"key": "description"
+					}
+				]
+			},
+			"SupportedArgumentsNumberOfEntries": {
+				"type": "unsignedInt",
+				"read": true,
+				"write": false,
+				"description": "SupportedModes Number of entries in the current config",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"mapping": [
+				{
+					"type": "uci",
+					"uci": {
+						"file": "netmode",
+						"section": {
+							"type": "supported_args"
+						},
+						"option": {
+							"name": "@Count"
+						}
+					}
+				}
+				]
+			},
+			"Device.{BBF_VENDOR_PREFIX}NetMode.SupportedModes.{i}.SupportedArguments.{i}.": {
+				"type": "object",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"access": false,
+				"array": true,
+				"description": "Extra arguments for this Mode",
+				"mapping": [
+					{
+						"type": "uci",
+						"uci": {
+							"file": "netmode",
+							"section": {
+								"type": "supported_args"
+							},
+							"dmmapfile": "dmmap_netmode"
+						}
+					}
+				],
+				"Name": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"description": "Name of the argument",
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"mapping": [
+						{
+							"type": "uci_sec",
+							"data": "@Parent",
+							"key": "name"
+						}
+					]
+				},
+				"Description": {
+					"type": "string",
+					"read": true,
+					"write": false,
+					"description": "Human readable description for this Argument",
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"mapping": [
+						{
+							"type": "uci_sec",
+							"data": "@Parent",
+							"key": "description"
+						}
+					]
+				},
+				"Required": {
+					"type": "boolean",
+					"read": true,
+					"write": false,
+					"description": "If Required is true, then Name and Value is mandatory for mode to apply",
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"mapping": [
+						{
+							"type": "uci_sec",
+							"data": "@Parent",
+							"key": "required"
+						}
+					]
+				},
+				"Value": {
+					"type": "string",
+					"read": true,
+					"write": true,
+					"description": "Value for this SupportedArguments Name, get on this parameter result into empty output",
+					"protocols": [
+						"cwmp",
+						"usp"
+					],
+					"flags": [
+						"Secure"
+					],
+					"mapping": [
+						{
+							"type": "uci_sec",
+							"data": "@Parent",
+							"key": "value"
+						}
+					]
+				}
+			}
+		}
+	}
+}

netmode/files/etc/config/netmode

@@ -1,3 +1,2 @@
 config netmode global
 	option enabled 0
-#	option mode 'router'

netmode/files/etc/init.d/netmode

@@ -6,28 +6,119 @@ USE_PROCD=1
 . /lib/functions.sh
 
 MODEDIR="/etc/netmodes"
+SUPP_MODES_SEC=""
+
+_log() {
+	logger -s -p user.info -t "netmode" "$*"
+}
 
 libnetmode_exec() {
 	when="$1"
 	# Execute /lib/netmode scripts
 	if [ -d /lib/netmode/$when ]; then
-		logger -s -p user.info -t "netmode" "Executing /lib/netmode/$when scripts"
+		_log "Executing /lib/netmode/$when scripts"
 		for script in $(ls /lib/netmode/$when/); do
 			sh /lib/netmode/$when/$script
 		done
 	fi
 }
 
+_get_modes_sec_name() {
+	local sec mode name
+
+	sec="${1}"
+	mode="${2}"
+
+	config_get name ${1} name ""
+	if [ "${name}" = "${mode}" ]; then
+		SUPP_MODES_SEC="${sec}"
+		break;
+	fi
+}
+
+_set_env_args() {
+	local sec name value required dm_parent
+
+	sec="${1}"
+
+	config_get_bool required ${sec} required "0"
+	config_get name ${sec} name ""
+	config_get value ${sec} value ""
+	config_get dm_parent ${sec} dm_parent ""
+
+	if [ -z "${dm_parent}" ]; then
+		continue;
+	fi
+
+	if [ "${dm_parent}" != "${SUPP_MODES_SEC}" ]; then
+		continue;
+	fi
+
+	if [ "${required}" -eq "1" ]; then
+		if [ -z "${name}" -o -z "${value}" ]; then
+			_log "Can't apply mode, name[${name}] or value[${value}] is missing"
+			exit 0
+		fi
+	fi
+
+	if [ -n "${name}" -a -n "${value}" ]; then
+		export NETMODE_${name}="${value}"
+	fi
+}
+
+configure_env_vars() {
+	local mode
+
+	mode="${1}"
+	if [ -z "${mode}" ]; then
+		_log "mode info missing"
+		exit 0
+	fi
+
+	SUPP_MODES_SEC=""
+	config_load "netmode"
+	config_foreach _get_modes_sec_name supported_modes "${mode}"
+
+	if [ -z "${SUPP_MODES_SEC}" ]; then
+		_log "mode ${mode} not found in uci"
+		exit 0
+	fi
+
+	config_foreach _set_env_args supported_args
+}
+
+cleanup_arg_values() {
+	local dm_parent
+
+	config_get dm_parent ${1} dm_parent ""
+	if [ "${dm_parent}" = "${SUPP_MODES_SEC}" ]; then
+		uci -q set netmode.${1}.value=""
+	fi
+}
+
+cleanup_env_vars() {
+	for e in $(env); do
+		if echo ${e} |grep -q "^NETMODE_"; then
+			unset ${e}
+		fi
+	done
+
+	if [ -n "${SUPP_MODES_SEC}" ]; then
+		config_load "netmode"
+		config_foreach cleanup_arg_values supported_args
+		uci commit netmode
+	fi
+}
+
 start_service() {
 	[ -f /etc/config/netmode ] || return
 
 	config_load netmode
-
 	config_get_bool enabled global enabled '0'
 	[ $enabled -eq 0 ] && return
 
 	# Get the desired netmode from config
-	config_get mode global mode
+	config_get mode global mode ""
 	# Check if netmode is set as boot environment parameter
 	[ -n "$mode" ] || mode="$(fw_printenv -n netmode 2>/dev/null)"
 	# Return if mode is not set
@@ -38,18 +129,16 @@ start_service() {
 	# Return if desired mode is same as last saved mode
 	[ "$mode" == "$lastmode" ] && return
 
-	# Save mode as last mode
-	[ -d $MODEDIR ] || mkdir -p $MODEDIR
-	echo "$mode" > $MODEDIR/.last_mode
-
-	logger -s -p user.info -t "netmode" "Switching to $mode Mode" >/dev/console
+	_log "Switching to [${mode}] Mode" >/dev/console
 
+	# Configure env variables
+	configure_env_vars ${mode}
 	# Execute netmode generic pre-mode-switch scripts
 	libnetmode_exec "pre"
 
 	# Copy netmode UCI config files
 	if [ -d $MODEDIR/$mode/uci ]; then
-		logger -s -p user.info -t "netmode" "Copying $MODEDIR/$mode/uci/* to /etc/config/"
+		_log "Copying $MODEDIR/$mode/uci/* to /etc/config/"
 		cp $MODEDIR/$mode/uci/* /etc/config/ 2>/dev/null
 	fi
 
@@ -58,7 +147,7 @@ start_service() {
 
 	# Execute mode specific scripts
 	if [ -d $MODEDIR/$mode/scripts ]; then
-		logger -s -p user.info -t "netmode" "Executing $MODEDIR/$mode/scripts/* scripts"
+		_log "Executing $MODEDIR/$mode/scripts/* scripts"
 		for script in $(ls $MODEDIR/$mode/scripts/); do
 			sh $MODEDIR/$mode/scripts/$script
 		done
@@ -66,6 +155,12 @@ start_service() {
 
 	# Execute netmode generic post-mode-switch scripts
 	libnetmode_exec "post"
+	cleanup_env_vars "${mode}"
+
+	# Save mode as last mode
+	[ -d $MODEDIR ] || mkdir -p $MODEDIR
+	echo "$mode" > $MODEDIR/.last_mode
+	_log "Switching to Mode [${mode}] done, last mode updated" >/dev/console
 }
 
 service_triggers()

netmode/files/etc/netmodes/supported_modes.json

@@ -0,0 +1,31 @@
+{
+  "#mode": "routed-pppoe",
+  "supported_modes": [
+    {
+      "name": "routed-dhcp",
+      "description": "WAN with DHCP proto (Layer 3)"
+    },
+    {
+      "name": "routed-pppoe",
+      "description": "WAN with PPPoE (Layer 3)",
+      "supported_args": [
+        {
+          "name": "username",
+          "description": "PPoE username",
+          "required": true,
+          "#value": "TestUser"
+        },
+        {
+          "name": "password",
+          "description": "PPoE password",
+          "required": true,
+          "#value": "TestPassword"
+        }
+      ]
+    },
+    {
+      "name": "bridged",
+      "description": "Bridged mode (Layer 2)"
+    }
+  ]
+}

netmode/files/etc/uci-defaults/40_supported_mode

@@ -0,0 +1,104 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+COUNT=1
+SUPP_ARGS=1
+SUPPORTED_MODE="/etc/netmodes/supported_modes.json"
+
+if [ ! -f "/etc/config/netmode" ]; then
+	exit 0
+fi
+
+if [ ! -f "${SUPPORTED_MODE}" ]; then
+	exit 0
+fi
+
+configure_supp_modes_args()
+{
+	local obj inst name description required value parent
+
+	obj="${1}"
+	inst="${2}"
+	parent="${3}"
+
+	if [ -z "${inst}" ]; then
+		return 0
+	fi
+
+	json_select ${inst}
+	json_get_var name name
+	json_get_var description description
+	json_get_var value value
+	json_get_var required required
+
+	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}=supported_args
+	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.name="${name}"
+	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.description="${description}"
+	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.required="${required}"
+	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.value="${value}"
+	uci -q set netmode.${parent}_supprted_args_${SUPP_ARGS}.dm_parent="${parent}"
+
+	json_select ..
+	SUPP_ARGS="$((SUPP_ARGS + 1))"
+}
+
+configure_supp_modes()
+{
+	local obj inst name description args
+
+	obj="${1}"
+	inst="${2}"
+
+	if [ -z "${inst}" ]; then
+		return 0
+	fi
+
+	json_select ${inst}
+	json_get_var name name
+	json_get_var description description
+
+	if [ -d "/etc/netmodes/${name}" ]; then
+		uci -q set netmode.mode_${COUNT}=supported_modes
+		uci -q set netmode.mode_${COUNT}.name="${name}"
+		uci -q set netmode.mode_${COUNT}.description="${description}"
+	fi
+
+	SUPP_ARGS=1
+	json_for_each_item configure_supp_modes_args supported_args mode_${COUNT}
+
+	json_select ..
+	COUNT="$((COUNT + 1))"
+}
+
+remove_mode()
+{
+	uci -q delete netmode.${1}
+}
+
+cleanup_modes()
+{
+	config_load "netmode"
+	config_foreach remove_mode supported_modes
+}
+
+update_modes()
+{
+	local mode
+
+	json_init
+	json_load_file "${SUPPORTED_MODE}"
+	json_get_var mode mode ""
+
+	if [ -n "${mode}" ]; then
+		uci -q set netmode.global.mode="${mode}"
+	fi
+
+
+	json_for_each_item configure_supp_modes supported_modes
+
+}
+
+cleanup_modes
+update_modes

netmode/files/etc/uci-defaults/62-netmode.l2mode

@@ -109,7 +109,7 @@ l2_network_config() {
 }
 
 network_mode="$(fw_printenv -n netmode 2>/dev/null)"
-	
+
 case "$network_mode" in
 	layer2|extender)
 		l2_network_config

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=9.0.4.13
+PKG_VERSION:=10.0.0.8
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=9bd0c3c895cbcf34b922329c55a8262180b1fa86
+PKG_SOURCE_VERSION:=3e9299063e3c65565d2c834b5ab654fda830f749
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

obuspa/files/etc/config/obuspa

@@ -1,6 +1,5 @@
 config obuspa 'global'
 	option enabled '1'
-	option debug '1'
 	option dhcp_discovery '1'
 	option log_level '2'
 	option prototrace '0'
@@ -9,6 +8,6 @@ config obuspa 'global'
 	#option max_cache_time '600'
 	#option trust_cert '/etc/obuspa/ca.pem'
 	#option client_cert '/etc/obuspa/client.pem'
-	#option log_dest '/tmp/obuspa.log'
+	option log_dest 'syslog'
 	option dm_caching_exclude '/etc/obuspa/transient_dm.json'
 

obuspa/files/etc/init.d/obuspa

@@ -156,7 +156,6 @@ validate_obuspa_section()
 		'client_cert:file' \
 		'interface:string' \
 		'ifname:string' \
-		'debug:bool:0' \
 		'prototrace:bool:0' \
 		'log_level:uinteger' \
 		'min_num_to_group:uinteger' \
@@ -632,18 +631,11 @@ configure_mqtt_client() {
 
 
 configure_obuspa() {
-	local enabled trust_cert ifname interface debug prototrace log_level db_file log_dest
+	local enabled trust_cert ifname interface prototrace log_level db_file log_dest
 	local client_cert
 
 	validate_obuspa_section "global"
 
-	if [ "${debug}" -ne "0" ]; then
-		# Forward stdout of the command to logd
-		procd_set_param stdout 1
-		# Same for stderr
-		procd_set_param stderr 1
-	fi
-
 	if [ "${prototrace}" -eq 1 ]; then
 		procd_append_param command -p
 	fi

obuspa/files/etc/users/roles/full_access.json

@@ -0,0 +1,14 @@
+{
+  "tr181": {
+    "name": "full_access",
+    "instance": 1,
+    "permission": [
+      {
+        "object": "Device.",
+        "perm": [
+          "PERMIT_ALL"
+        ]
+      }
+    ]
+  }
+}

obuspa/files/etc/users/roles/untrusted.json

@@ -0,0 +1,6 @@
+{
+  "tr181": {
+    "name": "Untrusted",
+    "instance": 2
+  }
+}

obuspa/patches/0001-fix_segfault_invalid_uds.patch

@@ -1,6 +1,8 @@
---- a/src/core/device_uds.c
-+++ b/src/core/device_uds.c
-@@ -182,10 +182,7 @@ int DEVICE_UDS_Start(void)
+Index: obuspa-10.0.0.1/src/core/device_uds.c
+===================================================================
+--- obuspa-10.0.0.1.orig/src/core/device_uds.c
++++ obuspa-10.0.0.1/src/core/device_uds.c
+@@ -183,10 +183,7 @@ int DEVICE_UDS_Start(void)
              USP_SNPRINTF(path, sizeof(path), "%s.%d", device_uds_conn_root, instance);
              USP_LOG_Warning("%s: Deleting %s as it contained invalid parameters.", __FUNCTION__, path);
              err = DATA_MODEL_DeleteInstance(path, 0);

obuspa/patches/0002-fix_e2e_session_init.patch

@@ -1,8 +1,8 @@
-Index: obuspa-9.0.0.25/src/core/device_controller.c
+Index: obuspa-10.0.0.1/src/core/device_controller.c
 ===================================================================
---- obuspa-9.0.0.25.orig/src/core/device_controller.c
-+++ obuspa-9.0.0.25/src/core/device_controller.c
-@@ -4210,6 +4210,14 @@ int ProcessControllerAdded(int cont_inst
+--- obuspa-10.0.0.1.orig/src/core/device_controller.c
++++ obuspa-10.0.0.1/src/core/device_controller.c
+@@ -4211,6 +4211,14 @@ int ProcessControllerAdded(int cont_inst
          goto exit;
      }
  
@@ -17,7 +17,7 @@ Index: obuspa-9.0.0.25/src/core/device_controller.c
      // Exit if unable to get the object instance numbers present in this controller's MTP table
      USP_SNPRINTF(path, sizeof(path), "%s.%d.MTP", device_cont_root, cont_instance);
      err = DATA_MODEL_GetInstances(path, &iv);
-@@ -4251,14 +4259,6 @@ int ProcessControllerAdded(int cont_inst
+@@ -4252,14 +4260,6 @@ int ProcessControllerAdded(int cont_inst
      DEVICE_MQTT_UpdateControllerTopics();
  #endif
  

obuspa/patches/0003-Return-error-when-XSI-compliant-strerror_r-fails-in-.patch

@@ -1,6 +1,8 @@
---- a/src/core/usp_err.c
-+++ b/src/core/usp_err.c
-@@ -189,7 +189,9 @@ char *USP_ERR_ToString(int err, char *bu
+Index: obuspa-10.0.0.1/src/core/usp_err.c
+===================================================================
+--- obuspa-10.0.0.1.orig/src/core/usp_err.c
++++ obuspa-10.0.0.1/src/core/usp_err.c
+@@ -190,7 +190,9 @@ char *USP_ERR_ToString(int err, char *bu
  {
  #if HAVE_STRERROR_R && !STRERROR_R_CHAR_P
      // XSI version of strerror_r

obuspa/patches/0004-bulkdata_extn.patch

@@ -1,8 +1,8 @@
-diff --git a/src/core/bdc_exec.c b/src/core/bdc_exec.c
-index dc30a98..6a2938b 100644
---- a/src/core/bdc_exec.c
-+++ b/src/core/bdc_exec.c
-@@ -548,10 +548,25 @@ int StartSendingReport(bdc_connection_t *bc)
+Index: obuspa-10.0.0.1/src/core/bdc_exec.c
+===================================================================
+--- obuspa-10.0.0.1.orig/src/core/bdc_exec.c
++++ obuspa-10.0.0.1/src/core/bdc_exec.c
+@@ -549,10 +549,25 @@ int StartSendingReport(bdc_connection_t
  
      // Set the list of headers
      bc->headers = NULL;
@@ -30,26 +30,26 @@ index dc30a98..6a2938b 100644
          bc->headers = curl_slist_append(bc->headers, "Content-Encoding: gzip");
      }
  
-diff --git a/src/core/bdc_exec.h b/src/core/bdc_exec.h
-index 8c259c5..6322221 100644
---- a/src/core/bdc_exec.h
-+++ b/src/core/bdc_exec.h
-@@ -53,6 +53,8 @@ void BDC_EXEC_ScheduleExit(void);
+Index: obuspa-10.0.0.1/src/core/bdc_exec.h
+===================================================================
+--- obuspa-10.0.0.1.orig/src/core/bdc_exec.h
++++ obuspa-10.0.0.1/src/core/bdc_exec.h
+@@ -54,6 +54,8 @@ void BDC_EXEC_ScheduleExit(void);
  #define BDC_FLAG_PUT            0x00000001  // If set, HTTP PUT should be used instead of HTTP POST when sending the report to the BDC server
  #define BDC_FLAG_GZIP           0x00000002  // If set, the reports contants are Gzipped
  #define BDC_FLAG_DATE_HEADER    0x00000004  // If set, the date header should be included in the HTTP post.
 -
 -
-+#define BDC_FLAG_HEADER_OBJ_HIER 0x00000008 // If set, report format in header would be json ObjectHierarchy 
++#define BDC_FLAG_HEADER_OBJ_HIER 0x00000008 // If set, report format in header would be json ObjectHierarchy
 +#define BDC_FLAG_HEADER_NAME_VAL 0x00000010 // If set, report format in header would be json NameValuePair
 +#define BDC_FLAG_HEADER_PER_ROW  0x00000020 // If set, report format in header would be csv ParameterPerRow
 +#define BDC_FLAG_HEADER_PER_COL  0x00000040 // If set, report format in header would be csv ParameterPerColumn
  #endif
-diff --git a/src/core/device_bulkdata.c b/src/core/device_bulkdata.c
-index 915b282..f799793 100755
---- a/src/core/device_bulkdata.c
-+++ b/src/core/device_bulkdata.c
-@@ -70,8 +70,12 @@
+Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
+===================================================================
+--- obuspa-10.0.0.1.orig/src/core/device_bulkdata.c
++++ obuspa-10.0.0.1/src/core/device_bulkdata.c
+@@ -71,8 +71,12 @@
  
  //------------------------------------------------------------------------------
  // Definitions for formats that we support
@@ -64,7 +64,7 @@ index 915b282..f799793 100755
  
  
  // Definitions for Device.BulkData.Profile.{i}.JSONEncoding.ReportTimestamp
-@@ -161,6 +165,7 @@ static char *profile_push_event_args[] =
+@@ -162,6 +166,7 @@ static char *profile_push_event_args[] =
  typedef struct
  {
      int num_retained_failed_reports;
@@ -72,7 +72,7 @@ index 915b282..f799793 100755
  #ifdef ENABLE_MQTT
      char mqtt_reference[254];      // relates to Device.BulkData.Profile.{i}.MQTT.Reference
      char mqtt_publish_topic[254];  // relates to Device.BulkData.Profile.{i}.MQTT.PublishTopic
-@@ -171,6 +176,12 @@ typedef struct
+@@ -172,6 +177,12 @@ typedef struct
      char password[257];
      char compression[9];
      char method[9];
@@ -85,7 +85,7 @@ index 915b282..f799793 100755
      bool use_date_header;
  } profile_ctrl_params_t;
  
-@@ -219,6 +230,7 @@ int Validate_BulkDataEncodingType(dm_req_t *req, char *value);
+@@ -220,6 +231,7 @@ int Validate_BulkDataEncodingType(dm_req
  int Validate_BulkDataReportingInterval(dm_req_t *req, char *value);
  int Validate_BulkDataReference(dm_req_t *req, char *value);
  int Validate_BulkDataReportFormat(dm_req_t *req, char *value);
@@ -93,7 +93,7 @@ index 915b282..f799793 100755
  int Validate_BulkDataReportTimestamp(dm_req_t *req, char *value);
  int Validate_BulkDataCompression(dm_req_t *req, char *value);
  int Validate_BulkDataHTTPMethod(dm_req_t *req, char *value);
-@@ -246,7 +258,8 @@ bulkdata_profile_t *bulkdata_find_free_profile(void);
+@@ -247,7 +259,8 @@ bulkdata_profile_t *bulkdata_find_free_p
  bulkdata_profile_t *bulkdata_find_profile(int profile_id);
  int bulkdata_calc_report_map(bulkdata_profile_t *bp, kv_vector_t *report_map);
  int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *out_buf, int buf_len);
@@ -103,7 +103,7 @@ index 915b282..f799793 100755
  unsigned char *bulkdata_compress_report(profile_ctrl_params_t *ctrl, char *input_buf, int input_len, int *p_output_len);
  int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_profile_t *bp, unsigned char *json_report, int report_len);
  int bulkdata_start_profile(bulkdata_profile_t *bp);
-@@ -261,6 +274,8 @@ char *bulkdata_platform_calc_uri_query_string(kv_vector_t *escaped_map);
+@@ -262,6 +275,8 @@ char *bulkdata_platform_calc_uri_query_s
  int bulkdata_platform_get_param_refs(int profile_id, param_ref_vector_t *param_refs);
  void bulkdata_expand_param_ref(param_ref_entry_t *pr, group_get_vector_t *ggv);
  void bulkdata_append_to_result_map(param_ref_entry_t *pr, group_get_vector_t *ggv, kv_vector_t *report_map);
@@ -112,7 +112,7 @@ index 915b282..f799793 100755
  #ifdef ENABLE_MQTT
  int Validate_BulkDataMqttReference(dm_req_t *req, char *value);
  void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp);
-@@ -298,7 +313,7 @@ int DEVICE_BULKDATA_Init(void)
+@@ -299,7 +314,7 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_VendorParam_ReadOnly("Device.BulkData.Status", Get_BulkDataGlobalStatus, DM_STRING);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MinReportingInterval", BULKDATA_MINIMUM_REPORTING_INTERVAL_STR, DM_UINT);
      err |= USP_REGISTER_Param_SupportedList("Device.BulkData.Protocols", bdc_protocols, NUM_ELEM(bdc_protocols));
@@ -121,7 +121,7 @@ index 915b282..f799793 100755
      err |= USP_REGISTER_Param_Constant("Device.BulkData.ParameterWildCardSupported", "true", DM_BOOL);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MaxNumberOfProfiles", BULKDATA_MAX_PROFILES_STR, DM_INT);
      err |= USP_REGISTER_Param_Constant("Device.BulkData.MaxNumberOfParameterReferences", "-1", DM_INT);
-@@ -313,7 +328,7 @@ int DEVICE_BULKDATA_Init(void)
+@@ -314,7 +329,7 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Name", "", NULL, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.NumberOfRetainedFailedReports", "0", Validate_NumberOfRetainedFailedReports, NULL, DM_INT);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Protocol", BULKDATA_PROTOCOL_HTTP, Validate_BulkDataProtocol, NULL, DM_STRING);
@@ -130,7 +130,7 @@ index 915b282..f799793 100755
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.ReportingInterval", "86400", Validate_BulkDataReportingInterval, NotifyChange_BulkDataReportingInterval, DM_UINT);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.TimeReference", UNKNOWN_TIME_STR, NULL, NotifyChange_BulkDataTimeReference, DM_DATETIME);
  
-@@ -325,9 +340,16 @@ int DEVICE_BULKDATA_Init(void)
+@@ -326,9 +341,16 @@ int DEVICE_BULKDATA_Init(void)
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.Parameter.{i}.Reference", "", Validate_BulkDataReference, NULL, DM_STRING);
  
      // Device.BulkData.Profile.{i}.JSONEncoding
@@ -148,7 +148,7 @@ index 915b282..f799793 100755
      // Device.BulkData.Profile.{i}.HTTP
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.HTTP.URL", "", NULL, NotifyChange_BulkDataURL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.HTTP.Username", "", NULL, NULL, DM_STRING);
-@@ -613,9 +635,10 @@ int Validate_BulkDataProtocol(dm_req_t *req, char *value)
+@@ -614,9 +636,10 @@ int Validate_BulkDataProtocol(dm_req_t *
  int Validate_BulkDataEncodingType(dm_req_t *req, char *value)
  {
      // Exit if trying to set a value outside of the range we accept
@@ -162,7 +162,7 @@ index 915b282..f799793 100755
          return USP_ERR_INVALID_VALUE;
      }
  
-@@ -719,9 +742,36 @@ int Validate_BulkDataReference(dm_req_t *req, char *value)
+@@ -720,9 +743,36 @@ int Validate_BulkDataReference(dm_req_t
  int Validate_BulkDataReportFormat(dm_req_t *req, char *value)
  {
      // Exit if trying to set a value outside of the range we accept
@@ -201,7 +201,7 @@ index 915b282..f799793 100755
          return USP_ERR_INVALID_VALUE;
      }
  
-@@ -2052,6 +2102,14 @@ int bulkdata_platform_get_profile_control_params(bulkdata_profile_t *bp, profile
+@@ -2053,6 +2103,14 @@ int bulkdata_platform_get_profile_contro
          return err;
      }
  
@@ -216,7 +216,7 @@ index 915b282..f799793 100755
      // Exit if unable to get ReportTimestamp
      USP_SNPRINTF(path, sizeof(path), "Device.BulkData.Profile.%d.JSONEncoding.ReportTimestamp", bp->profile_id);
      err = DATA_MODEL_GetParameterValue(path, ctrl_params->report_timestamp, sizeof(ctrl_params->report_timestamp), 0);
-@@ -2060,6 +2118,54 @@ int bulkdata_platform_get_profile_control_params(bulkdata_profile_t *bp, profile
+@@ -2061,6 +2119,54 @@ int bulkdata_platform_get_profile_contro
          return err;
      }
  
@@ -271,7 +271,7 @@ index 915b282..f799793 100755
  #ifdef ENABLE_MQTT
  {
      char protocol[32];
-@@ -2333,7 +2439,7 @@ void bulkdata_process_profile_http(bulkdata_profile_t *bp)
+@@ -2334,7 +2440,7 @@ void bulkdata_process_profile_http(bulkd
  {
      int err;
      report_t *cur_report;
@@ -280,7 +280,7 @@ index 915b282..f799793 100755
      profile_ctrl_params_t ctrl;
      unsigned char *compressed_report;
      int compressed_len;
-@@ -2372,10 +2478,23 @@ void bulkdata_process_profile_http(bulkdata_profile_t *bp)
+@@ -2373,10 +2479,23 @@ void bulkdata_process_profile_http(bulkd
      }
  
      // Exit if unable to generate the report
@@ -308,7 +308,7 @@ index 915b282..f799793 100755
          return;
      }
  
-@@ -2384,14 +2503,14 @@ void bulkdata_process_profile_http(bulkdata_profile_t *bp)
+@@ -2385,14 +2504,14 @@ void bulkdata_process_profile_http(bulkd
      USP_LOG_Info("BULK DATA: using compression method=%s", ctrl.compression);
      if (enable_protocol_trace)
      {
@@ -327,7 +327,7 @@ index 915b282..f799793 100755
      }
      // NOTE: From this point on, only the compressed_report exists
  
-@@ -2421,8 +2540,15 @@ void bulkdata_process_profile_usp_event(bulkdata_profile_t *bp)
+@@ -2422,8 +2541,15 @@ void bulkdata_process_profile_usp_event(
      kv_vector_t event_args;
      kv_pair_t kv;
      report_t *cur_report;
@@ -344,7 +344,7 @@ index 915b282..f799793 100755
  
      // Exit if the MTP has not been connected to successfully after bootup
      // This is to prevent BDC events being enqueued before the Boot! event is sent (the Boot! event is only sent after successfully connecting to the MTP).
-@@ -2431,13 +2557,63 @@ void bulkdata_process_profile_usp_event(bulkdata_profile_t *bp)
+@@ -2432,13 +2558,63 @@ void bulkdata_process_profile_usp_event(
          goto exit;
      }
  
@@ -361,7 +361,7 @@ index 915b282..f799793 100755
 +    if (err != USP_ERR_OK) {
 +         return;
 +     }
-+ 
++
 +    if (strcmp(encoding_type, BULKDATA_ENCODING_TYPE_JSON) == 0) {
 +        // Exit if unable to get ReportTimestamp
 +        USP_SNPRINTF(path, sizeof(path), "Device.BulkData.Profile.%d.JSONEncoding.ReportTimestamp", bp->profile_id);
@@ -415,7 +415,7 @@ index 915b282..f799793 100755
  
      // When sending via USP events, only one report is ever sent in each USP event
      // So ensure all retained reports are removed. NOTE: Clearing the reports here is only necessary when switching protocol from HTTP to USP event, and where HTTP had some unsent reports
-@@ -2455,11 +2631,17 @@ void bulkdata_process_profile_usp_event(bulkdata_profile_t *bp)
+@@ -2456,11 +2632,17 @@ void bulkdata_process_profile_usp_event(
      }
      bp->num_retained_reports = 1;
  
@@ -436,7 +436,7 @@ index 915b282..f799793 100755
          return;
      }
  
-@@ -2467,15 +2649,15 @@ void bulkdata_process_profile_usp_event(bulkdata_profile_t *bp)
+@@ -2468,15 +2650,15 @@ void bulkdata_process_profile_usp_event(
  
      // Construct event_args manually to avoid the overhead of a malloc and copy of the report in KV_VECTOR_Add()
      kv.key = "Data";
@@ -455,7 +455,7 @@ index 915b282..f799793 100755
  
      // From the point of view of this code, the report(s) have been successfully sent, so don't retain them
      // NOTE: Sending of the reports successfully is delegated to the USP notification retry mechanism
-@@ -2547,11 +2729,24 @@ void bulkdata_process_profile_mqtt(bulkdata_profile_t *bp)
+@@ -2548,11 +2730,24 @@ void bulkdata_process_profile_mqtt(bulkd
      }
  
      // Exit if unable to generate the report
@@ -483,9 +483,9 @@ index 915b282..f799793 100755
 +        USP_ERR_SetMessage("%s: bulkdata invalid report encoding type %s", __FUNCTION__, ctrl.encoding_type);
 +        return;
      }
-
+ 
      // Print out the JSON report, if debugging is enabled
-@@ -2762,7 +2957,7 @@ int bulkdata_reduce_to_alt_name(char *spec, char *path, char *alt_name, char *ou
+@@ -2763,7 +2958,7 @@ int bulkdata_reduce_to_alt_name(char *sp
  ** \return  pointer to NULL terminated dynamically allocated buffer containing the serialized report to send
  **
  **************************************************************************/
@@ -494,7 +494,7 @@ index 915b282..f799793 100755
  {
      JsonNode *top;          // top of report
      JsonNode *array;        // array of reports (retained + current)
-@@ -2867,6 +3062,483 @@ char *bulkdata_generate_json_report(bulkdata_profile_t *bp, char *report_timesta
+@@ -2868,6 +3063,483 @@ char *bulkdata_generate_json_report(bulk
      return result;
  }
  
@@ -978,7 +978,7 @@ index 915b282..f799793 100755
  /*********************************************************************//**
  **
  **  bulkdata_compress_report
-@@ -3070,6 +3742,20 @@ int bulkdata_schedule_sending_http_report(profile_ctrl_params_t *ctrl, bulkdata_
+@@ -3071,6 +3743,20 @@ int bulkdata_schedule_sending_http_repor
          flags |= BDC_FLAG_DATE_HEADER;
      }
  

obuspa/patches/0005-CTrust-SecureRoles.patch

@@ -1,562 +0,0 @@
-Index: obuspa-9.0.4.3/src/core/data_model.c
-===================================================================
---- obuspa-9.0.4.3.orig/src/core/data_model.c
-+++ obuspa-9.0.4.3/src/core/data_model.c
-@@ -57,6 +57,7 @@
- #include "iso8601.h"
- #include "group_get_vector.h"
- #include "plugin.h"
-+#include "device_ctrust.h"
- 
- #ifdef ENABLE_COAP
- #include "usp_coap.h"
-@@ -507,6 +508,14 @@ int DATA_MODEL_GetParameterValue(char *p
-         return USP_ERR_INVALID_PATH;
-     }
- 
-+    // Check if the parameter is secured and the controller has a secured role, and if the SHOW_PASSWORD flag is not set
-+    if (!(flags & SHOW_PASSWORD) && node->registered.param_info.type_flags & DM_SECURE && !DEVICE_CTRUST_IsControllerSecured())
-+    {
-+        // Return an empty string for secured parameters when controller doesn't have secured role
-+        *buf = '\0';
-+        return USP_ERR_OK;
-+    }
-+
-     // NOTE: We do not check 'is_qualified_instance' here, because the only time it would be unqualified, is if the
-     //       path represented a multi-instance object. If path does represent this, then it will be caught below (switch statement)
- 
-@@ -537,8 +546,8 @@ int DATA_MODEL_GetParameterValue(char *p
-             break;
- 
-         case kDMNodeType_DBParam_Secure:
--            // Return an empty string, if special flag is not set
--            if ((flags & SHOW_PASSWORD)==0)
-+	    // Return an empty string if the parameter is secured and the controller has a secured role, and if the SHOW_PASSWORD flag is not set
-+            if (!(flags & SHOW_PASSWORD) && node->registered.param_info.type_flags & DM_SECURE && !DEVICE_CTRUST_IsControllerSecured())
-             {
-                 *buf = '\0';
-                 break;
-Index: obuspa-9.0.4.3/src/core/device_ctrust.c
-===================================================================
---- obuspa-9.0.4.3.orig/src/core/device_ctrust.c
-+++ obuspa-9.0.4.3/src/core/device_ctrust.c
-@@ -64,6 +64,7 @@
- #include "text_utils.h"
- #include "dm_inst_vector.h"
- #include "database.h"
-+#include "device_ctrust.h"
- 
- //------------------------------------------------------------------------------
- // Location of the controller trust tables within the data model
-@@ -228,6 +229,7 @@ credential_t *FindCredentialByCertInstan
- int Get_CredentialRole(dm_req_t *req, char *buf, int len);
- int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
- int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
-+int Validate_SecuredRoles(dm_req_t *req, char *value);
- 
- #ifndef REMOVE_DEVICE_SECURITY
- int InitChallengeTable();
-@@ -347,6 +349,10 @@ int DEVICE_CTRUST_Init(void)
-                         challenge_response_input_args, NUM_ELEM(challenge_response_input_args),
-                         NULL, 0);
- #endif
-+
-+    // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
-+    err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
-+
-     // Exit if any errors occurred
-     if (err != USP_ERR_OK)
-     {
-@@ -2793,3 +2799,128 @@ exit:
-     return err;
- }
- #endif // REMOVE_DEVICE_SECURITY
-+
-+
-+/*********************************************************************//**
-+**
-+** Validate_SecuredRoles
-+**
-+** Validates Device.LocalAgent.ControllerTrust.SecuredRoles
-+** Each list item MUST be the Path Name of a row in the Device.LocalAgent.ControllerTrust.Role table
-+**
-+** \param   req - pointer to structure identifying the parameter
-+** \param   value - value that the controller would like to set the parameter to
-+**
-+** \return  USP_ERR_OK if successful
-+**
-+**************************************************************************/
-+int Validate_SecuredRoles(dm_req_t *req, char *value)
-+{
-+    char *role_path;
-+    char *saveptr;
-+    char *str;
-+    char temp[MAX_DM_PATH];
-+    int role_instance;
-+    int err;
-+
-+    // Empty string is valid
-+    if (*value == '\0')
-+    {
-+        return USP_ERR_OK;
-+    }
-+
-+    // Copy the value as strtok_r modifies the string
-+    USP_STRNCPY(temp, value, sizeof(temp));
-+
-+    // Iterate through comma-separated list
-+    str = temp;
-+    role_path = strtok_r(str, ",", &saveptr);
-+    while (role_path != NULL)
-+    {
-+        // Trim whitespace
-+        role_path = TEXT_UTILS_TrimBuffer(role_path);
-+
-+        // Verify that this path exists in the Role table using DM_ACCESS_ValidateReference
-+        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
-+        if (err != USP_ERR_OK)
-+        {
-+            USP_ERR_SetMessage("%s: Role path '%s' does not exist in Device.LocalAgent.ControllerTrust.Role table", __FUNCTION__, role_path);
-+            return USP_ERR_INVALID_VALUE;
-+        }
-+
-+        role_path = strtok_r(NULL, ",", &saveptr);
-+    }
-+
-+    return USP_ERR_OK;
-+}
-+
-+/*********************************************************************//**
-+**
-+** DEVICE_CTRUST_IsControllerSecured
-+**
-+** Determines whether the specified controller has a secured role
-+**
-+** \param   combined_role - pointer to structure containing the role indexes for this controller
-+**
-+** \return  true if the controller has a secured role, false otherwise
-+**
-+**************************************************************************/
-+bool DEVICE_CTRUST_IsControllerSecured()
-+{
-+    char secured_roles[MAX_DM_PATH];
-+    char *role_path;
-+    char *saveptr;
-+    char *str;
-+    char temp[MAX_DM_PATH];
-+    int err;
-+    role_t *role;
-+    int role_instance;
-+    combined_role_t combined_role;
-+
-+    // Exit if unable to get the secured roles
-+    err = DATA_MODEL_GetParameterValue("Device.LocalAgent.ControllerTrust.SecuredRoles", secured_roles, sizeof(secured_roles), 0);
-+    if (err != USP_ERR_OK)
-+    {
-+        return false;
-+    }
-+
-+    // Empty string means no secured roles
-+    if (*secured_roles == '\0')
-+    {
-+        return false;
-+    }
-+
-+    MSG_HANDLER_GetMsgRole(&combined_role);
-+    // Copy the value as strtok_r modifies the string
-+    USP_STRNCPY(temp, secured_roles, sizeof(temp));
-+
-+    // Iterate through comma-separated list
-+    str = temp;
-+    role_path = strtok_r(str, ",", &saveptr);
-+    while (role_path != NULL)
-+    {
-+        // Trim whitespace
-+        role_path = TEXT_UTILS_TrimBuffer(role_path);
-+
-+        // Extract the instance number from the role path
-+        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
-+        if (err == USP_ERR_OK)
-+        {
-+            // Find the role in our internal array
-+            role = FindRoleByInstance(role_instance);
-+            if (role != NULL)
-+            {
-+                // Check if this role matches either the inherited or assigned role
-+                if ((role - roles == combined_role.inherited_index) ||
-+                    (role - roles == combined_role.assigned_index))
-+                {
-+                    return true;
-+                }
-+            }
-+        }
-+
-+        role_path = strtok_r(NULL, ",", &saveptr);
-+    }
-+
-+    return false;
-+}
-Index: obuspa-9.0.4.3/src/core/device_ctrust.h
-===================================================================
---- /dev/null
-+++ obuspa-9.0.4.3/src/core/device_ctrust.h
-@@ -0,0 +1,48 @@
-+/*
-+ *
-+ * Copyright (C) 2019-2025, Broadband Forum
-+ * Copyright (C) 2016-2025,  CommScope, Inc
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ *
-+ * 3. Neither the name of the copyright holder nor the names of its
-+ *    contributors may be used to endorse or promote products derived from
-+ *    this software without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-+ * THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+/**
-+ * \file device_ctrust.h
-+ *
-+ * Header file containing the API functions provided by Controller Trust component
-+ *
-+ */
-+#ifndef DEVICE_CTRUST_H
-+#define DEVICE_CTRUST_H
-+
-+#include "device.h"
-+
-+bool DEVICE_CTRUST_IsControllerSecured(void);
-+
-+#endif
-Index: obuspa-9.0.4.3/src/include/usp_api.h
-===================================================================
---- obuspa-9.0.4.3.orig/src/include/usp_api.h
-+++ obuspa-9.0.4.3/src/include/usp_api.h
-@@ -418,6 +418,7 @@ typedef struct
- #define DM_DECIMAL      0x00000100      // 64 bit floating point number (double)
- #define DM_LONG         0x00000200      // 64 bit signed integer (long long)
- #define DM_VALUE_CHANGE_WILL_IGNORE  0x00000400 // Do not emit value change notifications for this parameter
-+#define DM_SECURE       0x00000800      // secure parameter
- 
- //-------------------------------------------------------------------------
- // Functions to register the data model
-Index: obuspa-9.0.4.3/src/core/group_get_vector.c
-===================================================================
---- obuspa-9.0.4.3.orig/src/core/group_get_vector.c
-+++ obuspa-9.0.4.3/src/core/group_get_vector.c
-@@ -49,6 +49,16 @@
- #include "group_get_vector.h"
- #include "int_vector.h"
- #include "data_model.h"
-+#include "device_ctrust.h"   // Added to use DEVICE_CTRUST_IsControllerSecured()
-+
-+//------------------------------------------------------------------------------
-+// New function to check secure flag and controller state
-+static int IsSecuredParamNotAccessible(char *path)
-+{
-+    dm_instances_t inst;
-+    dm_node_t *node = DM_PRIV_GetNodeFromPath(path, &inst, NULL, 0);
-+    return (node && (node->registered.param_info.type_flags & DM_SECURE) && !DEVICE_CTRUST_IsControllerSecured());
-+}
- 
- //------------------------------------------------------------------------------
- // Forward declarations. Note these are not static, because we need them in the symbol table for USP_LOG_Callstack() to show them
-@@ -282,14 +292,14 @@ void GROUP_GET_VECTOR_GetValues(group_ge
-     return;
- #endif
- 
--    // Iterate over all parameters, getting them if non grouped, otherwise adding them to the relevant group to get
-+    // Iterate over all parameters, getting them if non-grouped, otherwise adding them to the relevant group to get
-     memset(ggv_indexes, 0, sizeof(ggv_indexes));
-     for (i=0; i < ggv->num_entries; i++)
-     {
-         gge = &ggv->vector[i];
-         if (gge->group_id == NON_GROUPED)
-         {
--            // If the parameter is not grouped, then get its value now.
-+            // For non-grouped parameters, directly call DATA_MODEL_GetParameterValue which handles secure parameters internally
-             gge->err_code = DATA_MODEL_GetParameterValue(gge->path, buf, sizeof(buf), 0);
-             if (gge->err_code != USP_ERR_OK)
-             {
-@@ -320,7 +330,6 @@ void GROUP_GET_VECTOR_GetValues(group_ge
-                 chunk_size = MIN(GROUP_GET_CHUNK_SIZE, iv->num_entries - start_index);
-                 GetParameterGroup(i, ggv, iv, start_index, chunk_size);
-             }
--
-         }
-     }
- 
-@@ -378,88 +387,101 @@ void GetParameterGroup(int group_id, gro
-         return;
-     }
- 
--    // Add all parameters to get in this group to a key value vector
--    // NOTE: We form the key value vector manually to avoid copying the param paths.
--    //       Ownership of the param paths stay with the group get vector
--    params.num_entries = chunk_size;
--    params.vector = USP_MALLOC(sizeof(kv_pair_t) * chunk_size);
-+    // Prepare a mapping for non-secure parameters and process secure ones directly
-+    int non_secure_count = 0;
-+    int *non_secure_map = USP_MALLOC(chunk_size * sizeof(int));
-     for (i=0; i < chunk_size; i++)
-     {
-         index = iv->vector[start_index + i];
-         gge = &ggv->vector[index];
-         USP_ASSERT(gge->path != NULL);
--
--        kv = &params.vector[i];
--        kv->key = gge->path;
--        kv->value = NULL;
-+        if (IsSecuredParamNotAccessible(gge->path))
-+        {
-+            // For secure parameter when controller is not secured, return empty value
-+            gge->value = USP_STRDUP("");
-+            gge->err_code = USP_ERR_OK;
-+        }
-+        else
-+        {
-+            non_secure_map[non_secure_count] = index;
-+            non_secure_count++;
-+        }
-     }
- 
--    // Exit if group callback fails
--    USP_ERR_ClearMessage();
--    err = get_group_cb(group_id, &params);
--    if (err != USP_ERR_OK)
-+    // If there are non-secure parameters, call the group callback for them
-+    if (non_secure_count > 0)
-     {
--        // Mark all results for params in this group with an error
--        usp_err_msg = USP_ERR_GetMessage();
--        for (i=0; i < chunk_size; i++)
-+        params.num_entries = non_secure_count;
-+        params.vector = USP_MALLOC(sizeof(kv_pair_t) * non_secure_count);
-+        for (i=0; i < non_secure_count; i++)
-         {
--            index = iv->vector[start_index + i];
-+            index = non_secure_map[i];
-             gge = &ggv->vector[index];
--            gge->err_code = USP_ERR_INTERNAL_ERROR;
-+            USP_ASSERT(gge->path != NULL);
-+            kv = &params.vector[i];
-+            kv->key = gge->path;
-+            kv->value = NULL;
-+        }
- 
--            // Assign an error message to this param
--            if (usp_err_msg[0] != '\0')
--            {
--                gge->err_msg = USP_STRDUP(usp_err_msg);
--            }
--            else
-+        USP_ERR_ClearMessage();
-+        err = get_group_cb(group_id, &params);
-+        if (err != USP_ERR_OK)
-+        {
-+            // Mark all non-secure results with an error
-+            usp_err_msg = USP_ERR_GetMessage();
-+            for (i=0; i < non_secure_count; i++)
-             {
--                // Form an error message if none was provided
--                USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback failed for param %s", __FUNCTION__, gge->path);
--                gge->err_msg = USP_STRDUP(err_msg);
-+                index = non_secure_map[i];
-+                gge = &ggv->vector[index];
-+                gge->err_code = USP_ERR_INTERNAL_ERROR;
-+                if (usp_err_msg[0] != '\0')
-+                {
-+                    gge->err_msg = USP_STRDUP(usp_err_msg);
-+                }
-+                else
-+                {
-+                    USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback failed for param %s", __FUNCTION__, gge->path);
-+                    gge->err_msg = USP_STRDUP(err_msg);
-+                }
-+                USP_SAFE_FREE(params.vector[i].value);
-             }
--
--            // NOTE: The group get might have populated a value for some params, so free these values
--            USP_SAFE_FREE(params.vector[i].value);
-+            USP_FREE(params.vector);
-+            USP_FREE(non_secure_map);
-+            return;
-         }
--        goto exit;
--    }
- 
--    // Move all parameter values obtained to the group get vector
--    // NOTE: Ownership of the value string transfers from the params vector to the group get vector
--    usp_err_msg = USP_ERR_GetMessage();
--    empty_count = 0;
--    for (i=0; i < chunk_size; i++)
--    {
--        kv = &params.vector[i];
--        index = iv->vector[start_index + i];
--        gge = &ggv->vector[index];
--
--        if (kv->value != NULL)
--        {
--            gge->value = kv->value;
--        }
--        else
-+        // Move all parameter values obtained to the group get vector for non-secure parameters
-+        usp_err_msg = USP_ERR_GetMessage();
-+        empty_count = 0;
-+        for (i=0; i < non_secure_count; i++)
-         {
--            // If this is the first parameter with no value, and an error message has been set, then use the error message
--            if ((usp_err_msg[0] != '\0') && (empty_count == 0))
-+            index = non_secure_map[i];
-+            gge = &ggv->vector[index];
-+            kv = &params.vector[i];
-+
-+            if (kv->value != NULL)
-             {
--                USP_SNPRINTF(err_msg, sizeof(err_msg), "%s", usp_err_msg);
-+                gge->value = kv->value;
-             }
-             else
-             {
--                USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
-+                if ((usp_err_msg[0] != '\0') && (empty_count == 0))
-+                {
-+                    USP_SNPRINTF(err_msg, sizeof(err_msg), "%s", usp_err_msg);
-+                }
-+                else
-+                {
-+                    USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
-+                }
-+                gge->err_code = USP_ERR_INTERNAL_ERROR;
-+                gge->err_msg = USP_STRDUP(err_msg);
-+                empty_count++;
-             }
--            gge->err_code = USP_ERR_INTERNAL_ERROR;
--            gge->err_msg = USP_STRDUP(err_msg);
--            empty_count++;
-         }
-+        USP_FREE(params.vector);
-     }
- 
--exit:
--    // Destroy the key-value vector.
--    // As ownership of all strings in it have transferred to the group get vector, we only have to free the array itself
--    USP_FREE(params.vector);
-+    USP_FREE(non_secure_map);
- }
- 
- /*********************************************************************//**
-@@ -486,9 +508,10 @@ void GetParametersIndividually(group_get
-     for (i=0; i < ggv->num_entries; i++)
-     {
-         gge = &ggv->vector[i];
-+
-         if (gge->group_id == NON_GROUPED)
-         {
--            // Non-grouped parameters can directly call DATA_MODEL_GetParameterValue()
-+            // For non-grouped parameters, directly call DATA_MODEL_GetParameterValue which handles secure parameters internally
-             gge->err_code = DATA_MODEL_GetParameterValue(gge->path, buf, sizeof(buf), 0);
-             if (gge->err_code == USP_ERR_OK)
-             {
-@@ -497,42 +520,51 @@ void GetParametersIndividually(group_get
-         }
-         else
-         {
--            // Grouped parameters cannot call DATA_MODEL_GetParameterValue(), as that would cause infinite recursion
--            get_group_cb = group_vendor_hooks[gge->group_id].get_group_cb;
--            if (get_group_cb == NULL)
-+            // For grouped parameters, check if the parameter is secure and the controller is not secured
-+            if (IsSecuredParamNotAccessible(gge->path))
-             {
--                // Set an error message, if no group callback registered for this parameter
--                USP_ERR_SetMessage("%s: No registered group callback to get param %s", __FUNCTION__, gge->path);
--                gge->err_code = USP_ERR_INTERNAL_ERROR;
-+                gge->value = USP_STRDUP("");
-+                gge->err_code = USP_ERR_OK;
-             }
-             else
-             {
--                // Get this grouped parameter individually using the group get callback
--                pv.num_entries = 1;
--                pv.vector = &param;
--                param.key = gge->path;
--                param.value = NULL;
--
--                USP_ERR_ClearMessage();
--                gge->err_code = get_group_cb(gge->group_id, &pv);
--                if (gge->err_code != USP_ERR_OK)
-+                // Grouped parameters cannot call DATA_MODEL_GetParameterValue(), as that would cause infinite recursion
-+                get_group_cb = group_vendor_hooks[gge->group_id].get_group_cb;
-+                if (get_group_cb == NULL)
-                 {
--                    USP_ERR_ReplaceEmptyMessage("%s: group get failed for '%s' (%s)", __FUNCTION__, gge->path, USP_ERR_UspErrToString(gge->err_code));
--                    USP_SAFE_FREE(param.value)
-+                    // Set an error message, if no group callback registered for this parameter
-+                    USP_ERR_SetMessage("%s: No registered group callback to get param %s", __FUNCTION__, gge->path);
-+                    gge->err_code = USP_ERR_INTERNAL_ERROR;
-                 }
-                 else
-                 {
--                    if (param.value != NULL)
-+                    // Get this grouped parameter individually using the group get callback
-+                    pv.num_entries = 1;
-+                    pv.vector = &param;
-+                    param.key = gge->path;
-+                    param.value = NULL;
-+
-+                    USP_ERR_ClearMessage();
-+                    gge->err_code = get_group_cb(gge->group_id, &pv);
-+                    if (gge->err_code != USP_ERR_OK)
-                     {
--                        // Move ownership of the returned string from param.value to gge->value
--                        gge->value = param.value;
--                        param.value = NULL;  // not strictly necessary
-+                        USP_ERR_ReplaceEmptyMessage("%s: group get failed for '%s' (%s)", __FUNCTION__, gge->path, USP_ERR_UspErrToString(gge->err_code));
-+                        USP_SAFE_FREE(param.value)
-                     }
-                     else
-                     {
--                        // If no value was returned, then this is also reported as an error in the group get array
--                        USP_ERR_ReplaceEmptyMessage("%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
--                        gge->err_code = USP_ERR_INTERNAL_ERROR;
-+                        if (param.value != NULL)
-+                        {
-+                            // Move ownership of the returned string from param.value to gge->value
-+                            gge->value = param.value;
-+                            param.value = NULL;  // not strictly necessary
-+                        }
-+                        else
-+                        {
-+                            // If no value was returned, then this is also reported as an error in the group get array
-+                            USP_ERR_ReplaceEmptyMessage("%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
-+                            gge->err_code = USP_ERR_INTERNAL_ERROR;
-+                        }
-                     }
-                 }
-             }
-@@ -545,3 +577,4 @@ void GetParametersIndividually(group_get
-         }
-     }
- }
-+

obuspa/patches/0006-contains-expression.patch

@@ -1,8 +1,8 @@
-Index: obuspa-9.0.4.11/src/core/expr_vector.c
+Index: obuspa-10.0.0.1/src/core/expr_vector.c
 ===================================================================
---- obuspa-9.0.4.11.orig/src/core/expr_vector.c
-+++ obuspa-9.0.4.11/src/core/expr_vector.c
-@@ -58,6 +58,7 @@ char *expr_op_2_str[kExprOp_Max] =
+--- obuspa-10.0.0.1.orig/src/core/expr_vector.c
++++ obuspa-10.0.0.1/src/core/expr_vector.c
+@@ -59,6 +59,7 @@ char *expr_op_2_str[kExprOp_Max] =
      "<",  // kExprOp_LessThan
      ">",  // kExprOp_GreaterThan
      "=",  // kExprOp_Equals
@@ -10,7 +10,7 @@ Index: obuspa-9.0.4.11/src/core/expr_vector.c
  };
  
  
-@@ -482,6 +483,15 @@ char *SplitOnOperator(char *buf, expr_op
+@@ -483,6 +484,15 @@ char *SplitOnOperator(char *buf, expr_op
          *op = '\0';
          return &op[2];
      }
@@ -26,20 +26,20 @@ Index: obuspa-9.0.4.11/src/core/expr_vector.c
  
      // Exit if found the "<" operator
      op = strchr(buf, '<');
-Index: obuspa-9.0.4.11/src/core/path_resolver.c
+Index: obuspa-10.0.0.1/src/core/path_resolver.c
 ===================================================================
---- obuspa-9.0.4.11.orig/src/core/path_resolver.c
-+++ obuspa-9.0.4.11/src/core/path_resolver.c
-@@ -1481,7 +1481,7 @@ int ResolveUniqueKey(char *resolved, cha
+--- obuspa-10.0.0.1.orig/src/core/path_resolver.c
++++ obuspa-10.0.0.1/src/core/path_resolver.c
+@@ -1088,7 +1088,7 @@ int ResolveUniqueKey(char *resolved, cha
      char temp[MAX_DM_PATH];
      bool is_match;
      bool is_ref_match;
 -    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan};
 +    expr_op_t valid_ops[] = {kExprOp_Equal, kExprOp_NotEqual, kExprOp_LessThanOrEqual, kExprOp_GreaterThanOrEqual, kExprOp_LessThan, kExprOp_GreaterThan, kExprOp_Contains};
-     unsigned short permission_bitmask;
  
      // Exit if unable to find the end of the unique key
-@@ -1815,6 +1815,67 @@ int DoUniqueKeysMatch(int index, search_
+     p = strchr(unresolved, ']');
+@@ -1754,6 +1754,67 @@ int DoUniqueKeysMatch(int index, search_
          }
          USP_ASSERT(gge->value != NULL);     // GROUP_GET_VECTOR_GetValues() should have set an error message if the vendor hook didn't set a value for the parameter
  
@@ -107,11 +107,11 @@ Index: obuspa-9.0.4.11/src/core/path_resolver.c
          // Determine the function to call to perform the comparison
          if (type_flags & (DM_INT | DM_UINT | DM_ULONG | DM_LONG | DM_DECIMAL))
          {
-Index: obuspa-9.0.4.11/src/include/usp_api.h
+Index: obuspa-10.0.0.1/src/include/usp_api.h
 ===================================================================
---- obuspa-9.0.4.11.orig/src/include/usp_api.h
-+++ obuspa-9.0.4.11/src/include/usp_api.h
-@@ -105,6 +105,7 @@ typedef enum
+--- obuspa-10.0.0.1.orig/src/include/usp_api.h
++++ obuspa-10.0.0.1/src/include/usp_api.h
+@@ -106,6 +106,7 @@ typedef enum
      kExprOp_LessThan,               // '<'
      kExprOp_GreaterThan,            // '>'
      kExprOp_Equals,                 // '='

obuspa/patches/1000-SecuredRole-bbfdm.patch

@@ -0,0 +1,176 @@
+Index: obuspa-10.0.0.2/src/core/device.h
+===================================================================
+--- obuspa-10.0.0.2.orig/src/core/device.h
++++ obuspa-10.0.0.2/src/core/device.h
+@@ -305,6 +305,8 @@ void DEVICE_CTRUST_ApplyPermissionsToSub
+ char *DEVICE_CTRUST_InstSelToPermTarget(int role_index, void *is, int *perm_instance);
+ int DEVICE_CTRUST_SetRoleParameter(int instance, char *param_name, char *new_value);
+ int DEVICE_CTRUST_SetPermissionParameter(int instance1, int instance2, char *param_name, char *new_value);
++bool DEVICE_CTRUST_IsControllerSecured(void);
++
+ int DEVICE_REQUEST_Init(void);
+ int DEVICE_REQUEST_Add(char *path, char *command_key, int *instance);
+ void DEVICE_REQUEST_OperationComplete(int instance, int err_code, char *err_msg, kv_vector_t *output_args);
+Index: obuspa-10.0.0.2/src/core/device_ctrust.c
+===================================================================
+--- obuspa-10.0.0.2.orig/src/core/device_ctrust.c
++++ obuspa-10.0.0.2/src/core/device_ctrust.c
+@@ -235,6 +235,7 @@ credential_t *FindCredentialByCertInstan
+ int Get_CredentialRole(dm_req_t *req, char *buf, int len);
+ int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
+ int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
++int Validate_SecuredRoles(dm_req_t *req, char *value);
+ 
+ #ifndef REMOVE_DEVICE_SECURITY
+ int InitChallengeTable();
+@@ -354,6 +355,10 @@ int DEVICE_CTRUST_Init(void)
+                         challenge_response_input_args, NUM_ELEM(challenge_response_input_args),
+                         NULL, 0);
+ #endif
++
++    // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
++    err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
++
+     // Exit if any errors occurred
+     if (err != USP_ERR_OK)
+     {
+@@ -2908,3 +2913,139 @@ exit:
+     return err;
+ }
+ #endif // REMOVE_DEVICE_SECURITY
++
++
++/*********************************************************************//**
++**
++** Validate_SecuredRoles
++**
++** Validates Device.LocalAgent.ControllerTrust.SecuredRoles
++** Each list item MUST be the Path Name of a row in the Device.LocalAgent.ControllerTrust.Role table
++**
++** \param   req - pointer to structure identifying the parameter
++** \param   value - value that the controller would like to set the parameter to
++**
++** \return  USP_ERR_OK if successful
++**
++**************************************************************************/
++int Validate_SecuredRoles(dm_req_t *req, char *value)
++{
++    char *role_path;
++    char *saveptr;
++    char *str;
++    char temp[MAX_DM_PATH];
++    int role_instance;
++    int err;
++
++    // Empty string is valid
++    if (*value == '\0')
++    {
++        return USP_ERR_OK;
++    }
++
++    // Copy the value as strtok_r modifies the string
++    USP_STRNCPY(temp, value, sizeof(temp));
++
++    // Iterate through comma-separated list
++    str = temp;
++    role_path = strtok_r(str, ",", &saveptr);
++    while (role_path != NULL)
++    {
++        // Trim whitespace
++        role_path = TEXT_UTILS_TrimBuffer(role_path);
++
++        // Verify that this path exists in the Role table using DM_ACCESS_ValidateReference
++        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
++        if (err != USP_ERR_OK)
++        {
++            USP_ERR_SetMessage("%s: Role path '%s' does not exist in Device.LocalAgent.ControllerTrust.Role table", __FUNCTION__, role_path);
++            return USP_ERR_INVALID_VALUE;
++        }
++
++        role_path = strtok_r(NULL, ",", &saveptr);
++    }
++
++    return USP_ERR_OK;
++}
++
++/*********************************************************************//**
++**
++** DEVICE_CTRUST_IsControllerSecured
++**
++** Determines whether the specified controller has a secured role
++**
++** \param   combined_role - pointer to structure containing the role indexes for this controller
++**
++** \return  true if the controller has a secured role, false otherwise
++**
++**************************************************************************/
++bool DEVICE_CTRUST_IsControllerSecured()
++{
++    char secured_roles[MAX_DM_PATH];
++    char *role_path;
++    char *saveptr;
++    char *str;
++    char temp[MAX_DM_PATH];
++    int err;
++    role_t *role;
++    int role_instance;
++    combined_role_t combined_role;
++    controller_info_t ci;
++
++    // Exit if unable to get the secured roles
++    err = DATA_MODEL_GetParameterValue("Device.LocalAgent.ControllerTrust.SecuredRoles", secured_roles, sizeof(secured_roles), 0);
++    if (err != USP_ERR_OK)
++    {
++        return false;
++    }
++
++    // Empty string means no secured roles
++    if (*secured_roles == '\0')
++    {
++        return false;
++    }
++
++    MSG_HANDLER_GetControllerInfo(&ci);
++    if (ci.endpoint_id == NULL)
++    {
++        return false;
++    }
++    if(strlen(ci.endpoint_id) == 0)
++    {
++        return false;
++    }
++
++    MSG_HANDLER_GetMsgRole(&combined_role);
++    // Copy the value as strtok_r modifies the string
++    USP_STRNCPY(temp, secured_roles, sizeof(temp));
++
++    // Iterate through comma-separated list
++    str = temp;
++    role_path = strtok_r(str, ",", &saveptr);
++    while (role_path != NULL)
++    {
++        // Trim whitespace
++        role_path = TEXT_UTILS_TrimBuffer(role_path);
++
++        // Extract the instance number from the role path
++        err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
++        if (err == USP_ERR_OK)
++        {
++            // Find the role in our internal array
++            role = FindRoleByInstance(role_instance);
++            if (role != NULL)
++            {
++                // Check if this role matches either the inherited or assigned role
++                if ((role - roles == combined_role.inherited_index) ||
++                    (role - roles == combined_role.assigned_index))
++                {
++                    return true;
++                }
++            }
++        }
++
++        role_path = strtok_r(NULL, ",", &saveptr);
++    }
++
++    return false;
++}

obuspa/patches/1000-suppress-logs.patch

@@ -1,8 +1,8 @@
-Index: obuspa-9.0.4.1/src/core/cli_server.c
+Index: obuspa-10.0.0.2/src/core/cli_server.c
 ===================================================================
---- obuspa-9.0.4.1.orig/src/core/cli_server.c
-+++ obuspa-9.0.4.1/src/core/cli_server.c
-@@ -715,10 +715,6 @@ int ExecuteCli_Get(str_vector_t *args)
+--- obuspa-10.0.0.2.orig/src/core/cli_server.c
++++ obuspa-10.0.0.2/src/core/cli_server.c
+@@ -724,10 +724,6 @@ int ExecuteCli_Get(str_vector_t *args)
              USP_ASSERT(gge->value != NULL);
              SendCliResponse("%s => %s\n", gge->path, gge->value);
          }
@@ -13,11 +13,11 @@ Index: obuspa-9.0.4.1/src/core/cli_server.c
      }
  
      GROUP_GET_VECTOR_Destroy(&ggv);
-Index: obuspa-9.0.4.1/src/core/data_model.c
+Index: obuspa-10.0.0.2/src/core/data_model.c
 ===================================================================
---- obuspa-9.0.4.1.orig/src/core/data_model.c
-+++ obuspa-9.0.4.1/src/core/data_model.c
-@@ -1316,7 +1316,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
+--- obuspa-10.0.0.2.orig/src/core/data_model.c
++++ obuspa-10.0.0.2/src/core/data_model.c
+@@ -1321,7 +1321,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
      // Exit if instance already exists - nothing to do
      if (exists)
      {
@@ -26,7 +26,7 @@ Index: obuspa-9.0.4.1/src/core/data_model.c
          return USP_ERR_CREATION_FAILURE;
      }
  
-@@ -1404,7 +1404,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
+@@ -1409,7 +1409,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
      // Exit if instance does not exist - nothing to do
      if (exists == false)
      {

obuspa/patches/1001-use-datamodel-caching.patch

@@ -1,8 +1,14 @@
-Index: obuspa-9.0.4.1/src/core/cli_server.c
-===================================================================
---- obuspa-9.0.4.1.orig/src/core/cli_server.c
-+++ obuspa-9.0.4.1/src/core/cli_server.c
-@@ -501,6 +501,7 @@ int CLI_SERVER_ExecuteCliCommand(char *c
+commit 7bb794c3d8bbdcf4aa39f8c28f1fabcda11487b9
+Author: Vivek Kumar Dutta <vivek.dutta@iopsys.eu>
+Date:   Wed Apr 30 17:18:27 2025 +0530
+
+    1001-use-datamodel-caching.patch
+
+diff --git a/src/core/cli_server.c b/src/core/cli_server.c
+index da61c6f..abac7cb 100644
+--- a/src/core/cli_server.c
++++ b/src/core/cli_server.c
+@@ -511,6 +511,7 @@ int CLI_SERVER_ExecuteCliCommand(char *cmd_line)
          SendCliResponse("WARNING: Discarding unused args: %s\n", args.vector[cli_cmd->max_args+1]);
      }
  
@@ -10,36 +16,34 @@ Index: obuspa-9.0.4.1/src/core/cli_server.c
      // Process command
      err = cli_cmd->exec_cmd(&args);
      print_help = false;
-@@ -683,6 +684,13 @@ int ExecuteCli_Get(str_vector_t *args)
- }
- #endif
+@@ -670,6 +671,11 @@ int ExecuteCli_Version(str_vector_t *args)
+ int ExecuteCli_Get(str_vector_t *args)
+ {
+     combined_role_t *combined_role;
++
++    char *path[2] = {args->vector[1], 0};
++
++    vendor_create_dm_cache(path, 1);
++
+ #ifndef REMOVE_USP_BROKER
+     char *arg1;
  
-+    if (arg1 != NULL) {
-+        char *path[2] = {0};
-+
-+        path[0] = arg1;
-+        vendor_create_dm_cache(path, 1);
-+    }
-+
-     // Exit if unable to get a list of all parameters referenced by the expression
-     STR_VECTOR_Init(&params);
-     INT_VECTOR_Init(&group_ids);
-Index: obuspa-9.0.4.1/src/core/data_model.h
-===================================================================
---- obuspa-9.0.4.1.orig/src/core/data_model.h
-+++ obuspa-9.0.4.1/src/core/data_model.h
-@@ -370,5 +370,6 @@ int DM_PRIV_ReRegister_DBParam_Default(c
+diff --git a/src/core/data_model.h b/src/core/data_model.h
+index 7564127..2736d7c 100755
+--- a/src/core/data_model.h
++++ b/src/core/data_model.h
+@@ -405,5 +405,6 @@ int DM_PRIV_ReRegister_DBParam_Default(char *path, char *value);
  bool DM_PRIV_IsChildNodeOf(dm_node_t *node, dm_node_t *parent_node);
  void DM_PRIV_GetAllEventsAndCommands(dm_node_t *node, str_vector_t *events, str_vector_t *commands);
  
 +int vendor_create_dm_cache(char *paths[], int num_paths);
  #endif
  
-Index: obuspa-9.0.4.1/src/core/handle_get.c
-===================================================================
---- obuspa-9.0.4.1.orig/src/core/handle_get.c
-+++ obuspa-9.0.4.1/src/core/handle_get.c
-@@ -123,6 +123,7 @@ void MSG_HANDLER_HandleGet(Usp__Msg *usp
+diff --git a/src/core/handle_get.c b/src/core/handle_get.c
+index d9d3e9e..c263978 100644
+--- a/src/core/handle_get.c
++++ b/src/core/handle_get.c
+@@ -129,6 +129,7 @@ void MSG_HANDLER_HandleGet(Usp__Msg *usp, char *controller_endpoint, mtp_conn_t
          goto exit;
      }
  
@@ -47,11 +51,11 @@ Index: obuspa-9.0.4.1/src/core/handle_get.c
      // Calculate the number of hierarchical levels to traverse in the data model when performing partial path resolution
      // NOTE: protocol buffer has depth as an unsigned quantity, but internally we use a signed number, so limit range to that of a signed number
      depth = usp->body->request->get->max_depth;
-Index: obuspa-9.0.4.1/src/core/msg_handler.c
-===================================================================
---- obuspa-9.0.4.1.orig/src/core/msg_handler.c
-+++ obuspa-9.0.4.1/src/core/msg_handler.c
-@@ -862,6 +862,8 @@ int HandleUspMessage(Usp__Msg *usp, char
+diff --git a/src/core/msg_handler.c b/src/core/msg_handler.c
+index 647591d..b7498d8 100755
+--- a/src/core/msg_handler.c
++++ b/src/core/msg_handler.c
+@@ -863,6 +863,8 @@ int HandleUspMessage(Usp__Msg *usp, char *endpoint_id, mtp_conn_t *mtpc)
                  MSG_HANDLER_UspMsgTypeToString(usp->header->msg_type),
                  iso8601_cur_time(buf, sizeof(buf)) );
  

obuspa/patches/1002-mqtt-qos.patch

@@ -1,6 +1,8 @@
---- a/src/core/device_bulkdata.c	2025-02-18 16:49:27.507575767 +0530
-+++ b/src/core/device_bulkdata.c	2025-02-18 16:51:45.535693108 +0530
-@@ -374,6 +374,8 @@
+Index: obuspa-10.0.0.1/src/core/device_bulkdata.c
+===================================================================
+--- obuspa-10.0.0.1.orig/src/core/device_bulkdata.c
++++ obuspa-10.0.0.1/src/core/device_bulkdata.c
+@@ -375,6 +375,8 @@ int DEVICE_BULKDATA_Init(void)
      // Device.BulkData.Profile.{i}.MQTT
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.Reference", "", Validate_BulkDataMqttReference, NULL, DM_STRING);
      err |= USP_REGISTER_DBParam_ReadWrite("Device.BulkData.Profile.{i}.MQTT.PublishTopic", "", NULL, NULL, DM_STRING);

obuspa/patches/1003-ct-full-access-rename.patch

@@ -1,8 +1,8 @@
-diff --git a/src/core/data_model.c b/src/core/data_model.c
-index 360c5e2..136de0d 100644
---- a/src/core/data_model.c
-+++ b/src/core/data_model.c
-@@ -5180,7 +5180,7 @@ int RegisterDefaultControllerTrust(void)
+Index: obuspa-10.0.0.2/src/core/data_model.c
+===================================================================
+--- obuspa-10.0.0.2.orig/src/core/data_model.c
++++ obuspa-10.0.0.2/src/core/data_model.c
+@@ -5347,7 +5347,7 @@ int RegisterDefaultControllerTrust(void)
      int err = USP_ERR_OK;
  
      // Register 'Full Access' role

obuspa/patches/1004-syslog-format.patch

@@ -0,0 +1,12 @@
+diff --git a/src/core/usp_log.c b/src/core/usp_log.c
+index 2722b8f..95b61b3 100644
+--- a/src/core/usp_log.c
++++ b/src/core/usp_log.c
+@@ -115,6 +115,7 @@ int USP_LOG_SetFile(const char *file)
+     if ((file == NULL) || strcmp(file, "syslog")==0)
+     {
+         log_fd = NULL;
++        openlog("obuspa", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+         return USP_ERR_OK;
+     }
+ 

obuspa/patches/2001-validate-controller-mtp.patch

@@ -1,8 +1,8 @@
-Index: obuspa-9.0.4.1/src/core/device.h
+Index: obuspa-10.0.0.2/src/core/device.h
 ===================================================================
---- obuspa-9.0.4.1.orig/src/core/device.h
-+++ obuspa-9.0.4.1/src/core/device.h
-@@ -338,6 +338,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
+--- obuspa-10.0.0.2.orig/src/core/device.h
++++ obuspa-10.0.0.2/src/core/device.h
+@@ -346,6 +346,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
  int DEVICE_CONTROLLER_CountEnabledWebsockClientConnections(void);
  #endif
  
@@ -11,13 +11,13 @@ Index: obuspa-9.0.4.1/src/core/device.h
 +#endif
 +
  #ifndef REMOVE_USP_BROKER
- int DEVICE_SUBSCRIPTION_RouteNotification(Usp__Msg *usp, int instance);
+ int DEVICE_SUBSCRIPTION_RouteNotification(Usp__Msg *usp, int instance, char *subscribed_path);
  bool DEVICE_SUBSCRIPTION_MarkVendorLayerSubs(int broker_instance, subs_notify_t notify_type, char *path, int group_id);
-Index: obuspa-9.0.4.1/src/core/device_controller.c
+Index: obuspa-10.0.0.2/src/core/device_controller.c
 ===================================================================
---- obuspa-9.0.4.1.orig/src/core/device_controller.c
-+++ obuspa-9.0.4.1/src/core/device_controller.c
-@@ -967,6 +967,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
+--- obuspa-10.0.0.2.orig/src/core/device_controller.c
++++ obuspa-10.0.0.2/src/core/device_controller.c
+@@ -968,6 +968,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
      return USP_ERR_OK;
  }
  
@@ -96,11 +96,11 @@ Index: obuspa-9.0.4.1/src/core/device_controller.c
  /*********************************************************************//**
  **
  ** DEVICE_CONTROLLER_IsMTPConfigured
-Index: obuspa-9.0.4.1/src/core/msg_handler.c
+Index: obuspa-10.0.0.2/src/core/msg_handler.c
 ===================================================================
---- obuspa-9.0.4.1.orig/src/core/msg_handler.c
-+++ obuspa-9.0.4.1/src/core/msg_handler.c
-@@ -1219,6 +1219,15 @@ int ValidateUspRecord(UspRecord__Record
+--- obuspa-10.0.0.2.orig/src/core/msg_handler.c
++++ obuspa-10.0.0.2/src/core/msg_handler.c
+@@ -1220,6 +1220,15 @@ int ValidateUspRecord(UspRecord__Record
      usp_service_instance = USP_BROKER_GetUspServiceInstance(rec->from_id, 0);
  #endif
  

obuspa/patches/2002-max_controllers.patch

@@ -1,8 +1,8 @@
-Index: obuspa-9.0.4.1/src/core/mqtt.c
+Index: obuspa-10.0.0.1/src/core/mqtt.c
 ===================================================================
---- obuspa-9.0.4.1.orig/src/core/mqtt.c
-+++ obuspa-9.0.4.1/src/core/mqtt.c
-@@ -258,6 +258,8 @@ void MqttSubscriptionDestroy(mqtt_subscr
+--- obuspa-10.0.0.1.orig/src/core/mqtt.c
++++ obuspa-10.0.0.1/src/core/mqtt.c
+@@ -259,6 +259,8 @@ void MqttSubscriptionDestroy(mqtt_subscr
  #define DEFINE_MQTT_TrustCertVerifyCallbackIndex(index) \
  int MQTT_TrustCertVerifyCallback_##index (int preverify_ok, X509_STORE_CTX *x509_ctx) \
  {\
@@ -11,7 +11,7 @@ Index: obuspa-9.0.4.1/src/core/mqtt.c
      return DEVICE_SECURITY_TrustCertVerifyCallbackWithCertChain(preverify_ok, x509_ctx, &mqtt_clients[index].cert_chain);\
  }
  
-@@ -268,6 +270,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
+@@ -269,6 +271,11 @@ DEFINE_MQTT_TrustCertVerifyCallbackIndex
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(2);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(3);
  DEFINE_MQTT_TrustCertVerifyCallbackIndex(4);
@@ -23,7 +23,7 @@ Index: obuspa-9.0.4.1/src/core/mqtt.c
  // Add more, with incrementing indexes here, if you change MAX_MQTT_CLIENTS
  
  //------------------------------------------------------------------------------------
-@@ -278,10 +285,15 @@ ssl_verify_callback_t* mqtt_verify_callb
+@@ -279,10 +286,15 @@ ssl_verify_callback_t* mqtt_verify_callb
      MQTT_TrustCertVerifyCallbackIndex(2),
      MQTT_TrustCertVerifyCallbackIndex(3),
      MQTT_TrustCertVerifyCallbackIndex(4),

obuspa/patches/2003-Optimize-set-commits.patch

@@ -0,0 +1,26 @@
+diff --git a/src/core/handle_set.c b/src/core/handle_set.c
+index cbb0838..fb58bfb 100644
+--- a/src/core/handle_set.c
++++ b/src/core/handle_set.c
+@@ -94,6 +94,7 @@ void DestroySetExprInfo(set_expr_info_t *set_expr_info, int num_set_expr);
+ void PopulateSetResp_OperFailure(Usp__SetResp *set_resp, set_expr_info_t *si, group_set_vector_t *gsv);
+ void PopulateOperFailure_UpdatedInstFailure(Usp__SetResp__UpdatedObjectResult__OperationStatus__OperationFailure *oper_failure, set_expr_info_t *si, int obj_index, group_set_vector_t *gsv);
+ 
++extern int vendor_hold_commits(bool hold_commit);
+ /*********************************************************************//**
+ **
+ ** MSG_HANDLER_HandleSet
+@@ -421,11 +422,13 @@ Usp__Msg *ProcessSet_AllowPartialTrue(char *msg_id, set_expr_info_t *set_expr_in
+     resp = CreateSetResp(msg_id);
+     set_resp = resp->body->response->set_resp;
+ 
++    vendor_hold_commits(true);
+     // Iterate over all resolved expressions
+     for (i=0; i < num_set_expr; i++)
+     {
+         ProcessSet_AllowPartialTrue_Expression(msg_id, set_resp, &set_expr_info[i], gsv);
+     }
++    vendor_hold_commits(false);
+ 
+     return resp;
+ }

parental-control/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=parental-control
-PKG_VERSION:=1.1.4
+PKG_VERSION:=1.1.6
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=a746707e4231bd190000a752785974ccaf9dd6da
+PKG_SOURCE_VERSION:=5128498a36c8f1ac48d320850c292c7e66256884
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

periodicstats/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=periodicstats
-PKG_VERSION:=1.5.16
+PKG_VERSION:=1.5.18
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/periodicstats.git
-PKG_SOURCE_VERSION:=8545c349a2704af45b30da0facf8940977333969
+PKG_SOURCE_VERSION:=2772d77bd477adfdf513499fda11397107996d21
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

port-trigger/Makefile

@@ -1,55 +0,0 @@
-#
-# Copyright (C) 2024 IOPSYS Software Solutions AB
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=port-trigger
-PKG_VERSION:=1.0.3
-
-LOCAL_DEV:=0
-ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://dev.iopsys.eu/network/port-trigger.git
-PKG_SOURCE_VERSION:=715fa689e5c22721d8ccd9d4e1cbe290caca3662
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=skip
-endif
-
-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=LICENSE
-
-include $(INCLUDE_DIR)/package.mk
-include ../bbfdm/bbfdm.mk
-
-define Package/port-trigger
-  SECTION:=utils
-  CATEGORY:=Utilities
-  TITLE:=Port Trigger Daemon
-  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +iptables-mod-trigger +iptables-mod-nfqueue
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
-endef
-
-define Package/port-trigger/description
-	Manage port trigger
-endef
-
-ifeq ($(LOCAL_DEV),1)
-define Build/Prepare
-        $(CP) -rf ./port-trigger/* $(PKG_BUILD_DIR)/
-endef
-endif
-
-define Package/port-trigger/install
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/lib/port-trigger
-	$(CP) ./files/* $(1)/
-                                                                                
-	$(INSTALL_BIN) ./files/etc/init.d/port-trigger $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/etc/config/port-trigger $(1)/etc/config/
-	$(INSTALL_DATA) ./files/lib/port-trigger/port_trigger.sh $(1)/lib/port-trigger/
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libporttrigger.so $(1) firewallmngr 11
-endef
-
-$(eval $(call BuildPackage,port-trigger))

port-trigger/files/etc/config/port-trigger

@@ -1 +0,0 @@
-#port trigger uci file

port-trigger/files/etc/init.d/port-trigger

@@ -1,21 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=65
-STOP=20
-USE_PROCD=1
-
-. /lib/port-trigger/port_trigger.sh
-
-start_service() {
-	port_trigger_handling
-}
-
-service_triggers()
-{
-	procd_add_reload_trigger firewall
-	procd_add_reload_trigger port-trigger
-}
-
-reload_service() {
-	start
-}

port-trigger/files/lib/port-trigger/port_trigger.sh

@@ -1,157 +0,0 @@
-#!/bin/sh
-
-. /lib/functions.sh
-
-process_port_trigger() {
-	local rule_id="$1"
-	local is_enabled=""
-	local duration=""
-	local trigger_dport=""
-	local trigger_dport_end=""
-	local protocol=""
-	local interface=""
-	local open_dport=""
-	local open_dport_end=""
-	local open_protocol=""
-	local ptg_id=""
-	local IP_RULE=""
-	local IP6_RULE=""
-	local IP_RULE_FWD=""
-
-	get_port_trigger() {
-		local ptg_name
-		config_get ptg_name "$1" "name"
-		if [ "$ptg_name" == "$2" ]; then
-			ptg_id="$1"
-			return
-		fi
-	}
-
-	ptg_id=""
-	config_get name "$rule_id" "port_trigger"
-	config_foreach get_port_trigger  "port_trigger" "$name"
-	[ -z "$ptg_id" ] && return
-
-	is_enabled=$(uci -q get port-trigger."$ptg_id".enable)
-
-	if [ -z "$is_enabled" ] || [ "$is_enabled" = "0" ]; then
-		return
-	fi
-
-	protocol=$(uci -q get port-trigger."$ptg_id".protocol)
-	[ -z "$protocol" ] && return
-
-	if [ "$protocol" = "UDP" ] || [ "$protocol" = "udp" ]; then
-		IP_RULE="$IP_RULE -p udp"
-		IP6_RULE="$IP6_RULE -p udp"
-		IP_RULE_FWD="$IP_RULE_FWD -p udp"
-	elif [ "$protocol" = "TCP" ] || [ "$protocol" = "tcp" ]; then
-		IP_RULE="$IP_RULE -p tcp"
-		IP6_RULE="$IP6_RULE -p tcp"
-		IP_RULE_FWD="$IP_RULE_FWD -p tcp"
-	else
-		return
-	fi
-
-	trigger_dport=$(uci -q get port-trigger."$ptg_id".port)
-	[ -z "$trigger_dport" ] && return
-	IP_RULE="$IP_RULE --dport $trigger_dport"
-	IP6_RULE="$IP6_RULE --dport $trigger_dport"
-
-	trigger_dport_end=$(uci -q get port-trigger."$ptg_id".end_port_range)
-	if [ -n "$trigger_dport_end" ]; then
-		IP_RULE="$IP_RULE:$trigger_dport"
-		IP6_RULE="$IP6_RULE:$trigger_dport"
-	fi
-
-	config_get open_protocol "$rule_id" "protocol"
-	if [ "$open_protocol" = "UDP" ] || [ "$open_protocol" = "udp" ]; then
-		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
-		IP6_RULE="$IP6_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
-	elif [ "$open_protocol" = "TCP" ] || [ "$open_protocol" = "tcp" ]; then
-		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
-		IP6_RULE="$IP6_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
-	else
-		return
-	fi
-
-	config_get open_dport "$rule_id" "port"
-	[ -z "$open_dport" ] && return
-	IP_RULE="$IP_RULE --trigger-match $open_dport"
-	IP6_RULE="$IP6_RULE --trigger-match $open_dport"
-	IP_RULE_FWD="$IP_RULE_FWD --dport $open_dport"
-
-	config_get open_dport_end "$rule_id" "end_port_range"
-	if [ -z "$open_dport_end" ]; then
-		IP_RULE="$IP_RULE --trigger-relate $open_dport"
-		IP6_RULE="$IP6_RULE --trigger-relate $open_dport"
-	else
-		IP_RULE="$IP_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
-		IP6_RULE="$IP6_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
-		IP_RULE_FWD="$IP_RULE_FWD:$open_dport_end"
-	fi
-
-	duration=$(uci -q get port-trigger."$ptg_id".auto_disable_duration)
-        if [ -n "$duration" ]; then
-                IP_RULE="$IP_RULE --trigger-timeout $duration"
-                IP6_RULE="$IP6_RULE --trigger-timeout $duration"
-        fi
-
-	interface=$(uci -q get port-trigger."$ptg_id".src)
-	[ -z "$interface" ] && return
-	device=$(uci -q get network.$interface.device)
-       	IP_RULE_1="iptables -w -t nat -A prerouting_porttrigger -i $device $IP_RULE"
-       	echo "$IP_RULE_1">>/tmp/port_trigger_iptables
-
-       	IP_RULE_1="ip6tables -w -t nat -A prerouting_porttrigger -i $device $IP6_RULE"
-       	echo "$IP_RULE_1">>/tmp/port_trigger_ip6tables
-
-        if [ -n "$duration" ]; then
-		echo "iptables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in --trigger-timeout $duration">>/tmp/port_trigger_iptables
-		echo "ip6tables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in --trigger-timeout $duration">>/tmp/port_trigger_ip6tables
-
-		echo "iptables -w -t nat -A prerouting_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type dnat --trigger-timeout $duration">>/tmp/port_trigger_iptables
-	else
-		echo "iptables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in">>/tmp/port_trigger_iptables
-		echo "ip6tables -w -t filter -A forwarding_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type in">>/tmp/port_trigger_ip6tables
-
-		echo "iptables -w -t nat -A prerouting_wan_porttrigger $IP_RULE_FWD -j TRIGGER --trigger-type dnat">>/tmp/port_trigger_iptables
-	fi
-}
-
-port_trigger_handling() {
-	rm /tmp/port_trigger_iptables 2> /dev/null
-	rm /tmp/port_trigger_ip6tables 2> /dev/null
-	touch /tmp/port_trigger_iptables
-	touch /tmp/port_trigger_ip6tables
-
-	echo "iptables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "iptables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "iptables -w -t nat -F prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "ip6tables -w -t nat -F prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-	echo "ip6tables -w -t filter -F forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-
-	echo "iptables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	ret=$?
-	[ $ret -eq 0 ] && echo "iptables -w -t nat -I PREROUTING -j prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "iptables -w -t filter -N forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	ret=$?
-	[ $ret -eq 0 ] && echo "iptables -w -t filter -I forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	echo "iptables -w -t nat -N prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-	ret=$?
-	[ $ret -eq 0 ] && echo "iptables -w -t nat -I prerouting_wan_rule -j prerouting_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_iptables
-
-	echo "ip6tables -w -t nat -N prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-	ret=$?
-	[ $ret -eq 0 ] && echo "ip6tables -w -t nat -I PREROUTING -j prerouting_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-	echo "ip6tables -w -t filter -N forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-	ret=$?
-	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I forwarding_wan_rule -j forwarding_wan_porttrigger 2> /dev/null">>/tmp/port_trigger_ip6tables
-
-	# Load /etc/config/port-trigger UCI file
-	config_load port-trigger
-	config_foreach process_port_trigger rule
-
-	sh /tmp/port_trigger_iptables
-	sh /tmp/port_trigger_ip6tables
-}

qosmngr/Config.in

@@ -3,5 +3,10 @@ if PACKAGE_qosmngr
 config QOSMNGR_VENDOR_PREFIX
 	string "Package specific datamodel Vendor Prefix for TR181 extensions"
 	default ""
-endif
 
+config QOSMNGR_UBUS
+	bool "qos ubus object support"
+	default y
+	help
+	   Enable this option to support the qos ubus object.
+endif

qosmngr/Makefile

@@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=qosmngr
-PKG_VERSION:=1.0.23
+PKG_VERSION:=1.1.0
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/qosmngr.git
-PKG_SOURCE_VERSION:=f03c22f4bae8497bc9c88715ab094e7bef46b59e
+PKG_SOURCE_VERSION:=1a15f1da7a1474d29aad77b8ad3272fcf4b4f6d1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -24,6 +24,8 @@ PKG_LICENSE_FILES:=LICENSE
 include $(INCLUDE_DIR)/package.mk
 include ../bbfdm/bbfdm.mk
 
+MAKE_PATH:=src
+
 define Package/qosmngr
   SECTION:=utils
   CATEGORY:=Utilities
@@ -48,10 +50,13 @@ VENDOR_PREFIX = $(CONFIG_QOSMNGR_VENDOR_PREFIX)
 endif
 
 TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"
+ifeq ($(CONFIG_QOSMNGR_UBUS),y)
+        TARGET_CFLAGS += -DUBUS_SUPPORT
+endif
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-        $(CP) -rf ~/git/qosmngr/* $(PKG_BUILD_DIR)/
+	$(CP) -rf ~/git/qosmngr/* $(PKG_BUILD_DIR)/
 endef
 endif
 
@@ -65,10 +70,8 @@ else
 	$(CP) ./files/linux/* $(1)/
 endif
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/qosmngr $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/qosmngr $(1)/usr/sbin
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
-	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/bbf_plugin/libqos_bbf.so $(1) $(PKG_NAME)
-	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/bbf_plugin/libqos_vendor_bbf.so $(1) $(PKG_NAME) 10
 endef
 
 $(eval $(call BuildPackage,qosmngr))

qosmngr/bbfdm_service.json

@@ -2,7 +2,7 @@
   "daemon": {
     "enable": "1",
     "service_name": "qosmngr",
-    "unified_daemon": false,
+    "unified_daemon": true,
     "services": [
       {
         "parent_dm": "Device.",

qosmngr/files/common/etc/init.d/qos

@@ -7,7 +7,6 @@ START=21
 STOP=10
 
 USE_PROCD=1
-NAME=qosmngr
 PROG=/usr/sbin/qosmngr
 INIT_QOS=/lib/qos/init_qos.sh
 
@@ -17,12 +16,15 @@ INIT_QOS=/lib/qos/init_qos.sh
 
 start_service() {
 	if [ -f "/etc/config/qos" ]; then
+		log_level=$(jsonfilter -qe '@.daemon.config.loglevel' < /etc/bbfdm/services/qosmngr.json)
+		[ -z "$log_level" ] && log_level="3"
+
 		procd_open_instance init_qos
 		procd_set_param command "${INIT_QOS}"
 		procd_close_instance
 
 		procd_open_instance qosmngr
-		procd_set_param command "${PROG}"
+		procd_set_param command "${PROG}" -l "${log_level}"
 		procd_set_param respawn
 		procd_close_instance
 	fi

qosmngr/files/common/lib/qos/ebtables.sh

@@ -340,11 +340,11 @@ handle_ebtables_rules() {
         is_l2_rule=1
     fi
 
-    case $eth_type in
-    IPv4|IPV4|0800)
+    case $(echo "$eth_type" | tr 'a-z' 'A-Z') in
+    IPV4|0800|800|0X0800)
         ip_version=4
         ;;
-    IPv6|IPV6|86DD)
+    IPV6|86DD|0X86DD)
         ip_version=6
         ;;
     *)

sulu/sulu-base/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-base
-PKG_VERSION:=4.0.8
+PKG_VERSION:=4.1.5
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=51c3724ba69d95d09864340e383742237196b5ac
+PKG_SOURCE_VERSION:=359894b8bfbdd595c547f01c6a173a89a973ba8e
 PKG_MIRROR_HASH:=skip
 
 SULU_MOD:=core

sulu/sulu-builder/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=4.0.14
+PKG_VERSION:=4.1.5
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=cf2f9f8f18163ddebf83d299281974111ef53db9
+PKG_SOURCE_VERSION:=006e7cc0cb091d5fe9c68019020906946b0ce7f4
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@@ -28,7 +28,7 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-shadow +usermngr +jq +userinterface +obuspa
+	DEPENDS:=+mosquitto-auth-shadow +usermngr +jq +userinterface +obuspa +qrencode
 	EXTRA_DEPENDS:=nginx
 endef
 

sulu/sulu-builder/files/etc/init.d/sulu

@@ -8,11 +8,10 @@ STOP=01
 . /lib/functions.sh
 
 log() {
-	echo "${@}"|logger -t sulu.init -p debug
+	echo "${@}" | logger -t sulu.init -p debug
 }
 
-validate_sulu_global_section()
-{
+validate_sulu_global_section() {
 	uci_validate_section sulu global global \
 		'enabled:bool:1'
 }
@@ -23,7 +22,7 @@ start_service() {
 	config_load sulu
 	procd_open_instance sulu
 
-	validate_sulu_global_section || return 0;
+	validate_sulu_global_section || return 0
 	# append sulu connection injection
 	if [ "${enabled}" -eq "0" ]; then
 		procd_close_instance
@@ -34,6 +33,7 @@ start_service() {
 		log "Reloading related services"
 		/etc/sulu/sulu.sh -r
 	fi
+	/etc/sulu/sulu.sh -q
 	procd_close_instance
 }
 
@@ -42,7 +42,7 @@ reload_service() {
 	start update
 }
 
-service_triggers()
-{
+service_triggers() {
 	procd_add_reload_trigger "sulu" "userinterface" "mosquitto"
+	procd_add_reload_trigger "config.change" "mapcontroller" /etc/sulu/sulu.sh -q
 }

sulu/sulu-builder/files/etc/sulu/sulu.sh

@@ -4,6 +4,7 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/functions/iopsys-environment.sh
 
 RESTART_REQ=0
 _RESTART_SERVICES="0"
@@ -214,17 +215,69 @@ function update_obuspa_config() {
 	fi
 }
 
+generate_qr_code() {
+	local NA="UNKNOWN"
+	local TMP="/tmp/wifi_qr.svg"
+	local QR="/sulu/assets/QR.svg"
+	local SSID=""
+	local KEY=""
+	which qrencode || return
+	local PASS="$(get_user_password)"
+	if [ -z "$PASS" ]; then
+		PASS="$NA"
+	fi
+	get_ssid_and_key() {
+		local sec="$1"
+		local filter_vid="$2"
+		if [ "$SSID" != "" ]; then
+			return
+		fi
+		config_get type "$sec" type
+		if [ "$type" != "fronthaul" ]; then
+			return
+		fi
+		if [ "$filter_vid" = "1" ]; then
+			config_get vid "$sec" vid
+			if [ "$vid" != "1" ]; then
+				return
+			fi
+		fi
+		config_get ssid "$sec" ssid
+		config_get key "$sec" key
+		SSID="$ssid"
+		KEY="$key"
+	}
+	config_load mapcontroller
+	config_foreach get_ssid_and_key "ap" "0"
+	if [ "$SSID" == "" ]; then
+		config_foreach get_ssid_and_key "ap" "1"
+	fi
+	SSID=${SSID:-$NA}
+	KEY=${KEY:-$NA}
+	PASS=${PASS:-$NA}
+	qrencode -t svg -m 0 -o "$TMP" "WIFI:S:$SSID;T:WPA;P:$KEY;;GNX:U:user;Q:$PASS;;"
+	if [ "$(sha256sum "$TMP" | cut -d ' ' -f1)" != "$(sha256sum "$QR" | cut -d ' ' -f1)" ]; then
+		mv "$TMP" "$QR"
+	else
+		rm "$TMP"
+	fi
+}
+
 function configure_sulu() {
 	_create_mosquitto_acl
 	update_obuspa_config
 	generate_sulu_conn_config
 }
 
-while getopts ":r" opt; do
+while getopts ":rq" opt; do
 	case ${opt} in
 	r)
 		_RESTART_SERVICES="1"
 		;;
+	q)
+		generate_qr_code
+		exit 0
+		;;
 	*)
 		slog "Invalid option: ${OPTARG}"
 		exit 1

sulu/sulu-builder/files/etc/users/roles/admin.json

@@ -311,6 +311,10 @@
           "PERMIT_SUBS_EVT_OPER_COMP"
         ]
       },
+      {
+        "object": "Device.IEEE1905.AL.",
+        "perm": [ "PERMIT_NONE" ]
+      },
       {
         "object": "Device.InterfaceStack.",
         "perm": [
@@ -440,18 +444,7 @@
       {
         "object": "Device.SoftwareModules.",
         "perm": [
-          "PERMIT_GET",
-          "PERMIT_GET_INST",
-          "PERMIT_OBJ_INFO",
-          "PERMIT_CMD_INFO",
-          "PERMIT_SET",
-          "PERMIT_ADD",
-          "PERMIT_DEL",
-          "PERMIT_OPER",
-          "PERMIT_SUBS_VAL_CHANGE",
-          "PERMIT_SUBS_OBJ_ADD",
-          "PERMIT_SUBS_OBJ_DEL",
-          "PERMIT_SUBS_EVT_OPER_COMP"
+          "PERMIT_NONE"
         ]
       },
       {

sulu/sulu-builder/files/etc/users/roles/user.json

@@ -310,6 +310,10 @@
           "PERMIT_SUBS_EVT_OPER_COMP"
         ]
       },
+      {
+        "object": "Device.IEEE1905.AL.",
+        "perm": [ "PERMIT_NONE" ]
+      },
       {
         "object": "Device.InterfaceStack.",
         "perm": [
@@ -436,6 +440,12 @@
           "PERMIT_SUBS_EVT_OPER_COMP"
         ]
       },
+      {
+        "object": "Device.SoftwareModules.",
+        "perm": [
+          "PERMIT_NONE"
+        ]
+      },
       {
         "object": "Device.Users.User.",
         "perm": ["PERMIT_NONE"]

sulu/sulu-theme-genexis/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-theme-genexis
-PKG_VERSION:=4.0.0
+PKG_VERSION:=4.1.0
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/gnx/sulu-theme-genexis
-PKG_SOURCE_VERSION:=35fd7be2e057d346aa914c7db842ae1d46be6e1f
+PKG_SOURCE_VERSION:=bf60e82a1cc7e492733d470474e90d1a3eacfc08
 PKG_MIRROR_HASH:=skip
 
 include ../sulu-builder/sulu.mk

sysmngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sysmngr
-PKG_VERSION:=1.0.21
+PKG_VERSION:=1.0.24
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/system/sysmngr.git
-PKG_SOURCE_VERSION:=2c842f0875765d1af08c2d1e3d03471e083887c2
+PKG_SOURCE_VERSION:=15d055064699574917bb6f3c6f3c3807d8d01484
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

sysmngr/files/etc/config/sysmngr

@@ -7,6 +7,8 @@ config reboots 'reboots'
 
 config process_status 'process'
 	option instance_refresh_interval '0'
+	option max_process_entries '50'
+	option sorting_method 'Memory'
 
 config memory_status 'memory'
 	option enable '0'

sysmngr/files/etc/sysmngr/broadcom.sh

@@ -42,7 +42,6 @@ function get_cpu_temperature()
 
 function get_temperature_status()
 {
-  local hasWifi="$(db -q get hw.board.hasWifi)"
   local hasSfp="$(db -q get hw.board.hasSfp)"
 
   json_init
@@ -54,7 +53,7 @@ function get_temperature_status()
   json_add_int "temperature" "$(get_cpu_temperature)"
   json_close_object
 
-  [ "$hasWifi" = "1" ] && get_wlan_temperature
+  [ -s /etc/config/wireless ] && get_wlan_temperature
 
   [ "$hasSfp" = "1" ] && {
 	  json_add_object

sysmngr/files/etc/sysmngr/default.sh

@@ -20,7 +20,6 @@ function get_cpu_temperature()
 
 function get_temperature_status()
 {
-  local hasWifi="$(db -q get hw.board.hasWifi)"
   local hasSfp="$(db -q get hw.board.hasSfp)"
 
   json_init
@@ -32,7 +31,7 @@ function get_temperature_status()
   json_add_int "temperature" "$(get_cpu_temperature)"
   json_close_object
 
-  [ "$hasWifi" = "1" ] && get_wlan_temperature
+  [ -s /etc/config/wireless ] && get_wlan_temperature
 
   [ "$hasSfp" = "1" ] && {
 	  json_add_object

timemngr/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=timemngr
-PKG_VERSION:=1.1.7
+PKG_VERSION:=1.1.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/timemngr.git
-PKG_SOURCE_VERSION:=a4d21010d4070136656d3e68423504175bc871c4
+PKG_SOURCE_VERSION:=c0c15beee2b60925f51b8ba78be516d2f5536c65
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif

tr143/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tr143
-PKG_VERSION:=1.0.8
+PKG_VERSION:=1.1.1
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/tr143d.git
-PKG_SOURCE_VERSION:=71d6f4d3b3ba1a3d771b99cc39cdb41e1c197d02
+PKG_SOURCE_VERSION:=3220a7e88ffc2d2dbd5f729f36b4617ed3588c95
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@@ -37,7 +37,15 @@ MAKE_PATH:=src
 
 define Package/tr143/install
 	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libtr143d.so $(1) netmngr 11
+
+ifeq ($(CONFIG_TARGET_SUBTARGET),"an7581")
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./airoha/etc/init.d/tr143 $(1)/etc/init.d/tr143
+	$(BBFDM_INSTALL_SCRIPT) $(PKG_BUILD_DIR)/airoha/scripts/download $(1)
+else
 	$(BBFDM_INSTALL_SCRIPT) $(PKG_BUILD_DIR)/scripts/download $(1)
+endif
+
 	$(BBFDM_INSTALL_SCRIPT) $(PKG_BUILD_DIR)/scripts/traceroute $(1)
 	$(BBFDM_INSTALL_SCRIPT) $(PKG_BUILD_DIR)/scripts/upload $(1)
 	$(BBFDM_INSTALL_SCRIPT) -d $(PKG_BUILD_DIR)/scripts/bbf_diag/ipping $(1)
@@ -47,7 +55,7 @@ endef
 
 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
-	$(CP) ~/git/tr143/* $(PKG_BUILD_DIR)/
+	$(CP) ~/git/tr143d/* $(PKG_BUILD_DIR)/
 endef
 endif