qos: enable should be 1 by default

(cherry picked from commit 01819a7f72)

bbf/Makefile

@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libbbfdm
-PKG_VERSION:=6.8.12
+PKG_VERSION:=6.8.16
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bbf.git
-PKG_SOURCE_VERSION:=78157b22411816642f2bab81119c6d997c180c37
+PKG_SOURCE_VERSION:=0ef6169d86333b8727ed34c63f379b08254340e3
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 
@@ -160,7 +160,7 @@ define Package/libbbfdm/default/install
 	$(LN) /usr/share/bbfdm/bbf.diag $(1)/usr/libexec/rpcd/bbf.diag
 ifeq ($(CONFIG_PACKAGE_mosquitto-ssl),y)
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./files/etc/uci-defaults/94-mosquitto-config $(1)/etc/uci-defaults/94-mosquitto-config
+	$(INSTALL_BIN) ./files/etc/uci-defaults/01-mosquitto-config $(1)/etc/uci-defaults/
 endif
 endef
 

bbf/files/etc/uci-defaults/01-mosquitto-config

@@ -8,7 +8,7 @@ config_mosquitto_owrt() {
 	fi
 
 	uci -q set mosquitto.owrt.use_uci="1"
-	uci -q set mosquitto.owrt.write_pid="0"
+	uci -q set mosquitto.owrt.write_pid="1"
 	uci -q commit mosquitto
 }
 
@@ -20,7 +20,6 @@ config_mosquitto_general() {
 	fi
 
 	uci -q set mosquitto.mosquitto.log_dest="syslog"
-	uci -q set mosquitto.mosquitto.include_dir="/etc/mosquitto/conf.d"
 	uci -q set mosquitto.mosquitto.log_facility="5"
 	uci -q set mosquitto.mosquitto.log_timestamp="1"
 	uci -q set mosquitto.mosquitto.log_types="error warning notice"

icwmp/Makefile

@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icwmp
-PKG_VERSION:=9.1.3
+PKG_VERSION:=9.1.4
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/icwmp.git
-PKG_SOURCE_VERSION:=71488fdc4e1a97416fa7f8ad356314c80e4c0b87
+PKG_SOURCE_VERSION:=fb8b5b9da6cadd53a3d12e27af0ed800b149a9f2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 

icwmp/files/etc/init.d/icwmpd

@@ -290,8 +290,9 @@ copy_cwmp_etc_files_to_varstate() {
 
 	if [ -f /etc/icwmpd/cwmp ]; then
 		uci -q -c /etc/icwmpd delete cwmp.acs
+		uci -q -c /etc/icwmpd delete cwmp.gatewayinfo
 		uci -q -c /etc/icwmpd commit cwmp
-		cp -f /etc/icwmpd/cwmp /var/state/cwmp
+		cat /etc/icwmpd/cwmp >> /var/state/cwmp
 	fi
 
 	if [ -f /etc/icwmpd/icwmpd_backup_session.xml ]; then
@@ -421,6 +422,9 @@ boot() {
 		regenerate_ssl_link "${ssl_capath}"
 	fi
 
+	# Copy backup data so that if it restart latter on it gets the info
+	copy_cwmp_etc_files_to_varstate
+
 	start
 }
 
@@ -443,9 +447,6 @@ start_service() {
 		return 1;
 	}
 
-	# Copy backup data so that if it restart latter on it gets the info
-	copy_cwmp_etc_files_to_varstate
-
 	procd_open_instance icwmp
 	procd_set_param command "$PROG"
 	procd_append_param command -b

icwmp/files/etc/udhcpc.user.d/udhcpc_icwmp.user

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /lib/functions.sh
+
 CLASS=""
 OUI=""
 SERIAL=""
@@ -102,13 +104,22 @@ get_vivsoi() {
 	done
 }
 
-wan_intf=$(uci -q get cwmp.cpe.default_wan_interface)
-if [ -n "${wan_intf}" ] && [ "${wan_intf}" == "${INTERFACE}" ]; then
+config_load cwmp
+config_get_bool enable_cwmp cpe enable 1
+config_get wan_intf cpe default_wan_interface "wan"
+
+if [ "$enable_cwmp" = "0" ]; then
+	return 0
+fi
+
+if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	if [ -n "$opt125" ]; then
 		len=$(printf "$opt125"|wc -c)
 		get_vivsoi "$opt125" "$len"
 	fi
 
+	mkdir -p /var/state
+	touch /var/state/cwmp
 	sec=$(uci -q -c /var/state get cwmp.gatewayinfo)
 	if [ -z "${sec}" ]; then
 		sec=$(uci -q -c /var/state add cwmp gatewayinfo)

ieee1905/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ieee1905
-PKG_VERSION:=6.0.20
+PKG_VERSION:=6.0.21
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=166fc0543f578336089f0940d9f5d2c27fac73a6
+PKG_SOURCE_VERSION:=29f58120eea9bf3c48fae98a74f0f4c9d3d902a8
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/ieee1905.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(PKG_SOURCE_VERSION).tar.xz
 PKG_MIRROR_HASH:=skip

ieee1905/files/etc/init.d/ieee1905

@@ -44,7 +44,8 @@ validate_ap_section() {
 	uci_validate_section ieee1905 $section "${1}" \
 			'band:or("2", "5", "60", "6")' \
 			'ssid:string' \
-			'encryption:or("psk2", "sae-mixed", "sae", string)' \
+			'encryption:or("psk2", "sae-mixed", "sae",
+				"psk", "psk-mixed", "none", string)' \
 			'key:string' \
 			'uuid:string' \
 			'manufacturer:string' \

ieee1905/files/etc/uci-defaults/31-ifname-option-to-list

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+config_load ieee1905
+
+ifname_to_list() {
+	local section=$1
+
+	config_get ifname $section ifname	# get list or option as space separated values
+	ifname=${ifname//,/\ }			# convert csv with space separation
+	uci del ieee1905.${section}.ifname	# delete entry
+	for i in ${ifname}; do
+		uci add_list ieee1905.${section}.ifname="$i"	# writeback entry as list
+	done
+}
+
+config_foreach ifname_to_list al-iface

iop/config

@@ -153,6 +153,7 @@ CONFIG_PACKAGE_ip-bridge=y
 CONFIG_PACKAGE_ip-full=y
 CONFIG_PACKAGE_iperf3=y
 CONFIG_PACKAGE_ipset=y
+CONFIG_PACKAGE_ip6tables-zz-legacy=y
 CONFIG_PACKAGE_iptables-zz-legacy=y
 CONFIG_PACKAGE_iptables-mod-conntrack-extra=y
 CONFIG_PACKAGE_iptables-mod-filter=y

map-agent/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-agent
-PKG_VERSION:=2.10.4.13
+PKG_VERSION:=2.10.4.17
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=fdce58318b082b8683f80688c5d284e21efa7908
+PKG_SOURCE_VERSION:=098fef903c1e746776f88df3706337b8fc3899ac
 PKG_MAINTAINER:=Anjan Chanda <anjan.chanda@iopsys.eu>
 
 PKG_LICENSE:=BSD-3-Clause

map-agent/files/etc/init.d/mapagent

@@ -104,7 +104,11 @@ validate_radio_section() {
 			'include_sta_metric:bool:false' \
 			'rcpi_hysteresis_margin:range(0,255)' \
 			'report_util_threshold:range(0,255)' \
-			'encryption:or("sae", "psk2", "sae-mixed")'
+			'encryption:or("sae", "sae+aes", "psk2",
+				"psk2+aes", "sae-mixed", "sae-mixed+aes",
+				"none", "psk-mixed", "psk-mixed+aes",
+				"wpa", "wpa+aes", "wpa2", "wpa2+aes",
+				"psk", "psk+aes")' \
 
 	[ "$?" -ne 0 ] && {
 		logger -s -t "mapagent" "Validation of radio section failed"

map-controller/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map-controller
-PKG_VERSION:=2.11.0.21
+PKG_VERSION:=2.11.0.24
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=24fb4d95c3a1d0b736239de28a8e14ab7a185630
+PKG_SOURCE_VERSION:=8944352f648643fa5c72cd216a76695a021b7851
 
 LOCAL_DEV=0
 ifneq ($(LOCAL_DEV),1)

map-controller/files/etc/init.d/mapcontroller

@@ -62,7 +62,10 @@ validate_ap_section() {
 			'band:or("2", "5", "6")' \
 			'ssid:string' \
 			'encryption:or("sae", "sae+aes", "psk2",
-				"psk2+aes", "sae-mixed", "sae-mixed+aes")' \
+				"psk2+aes", "sae-mixed", "sae-mixed+aes",
+				"none", "psk-mixed", "psk-mixed+aes",
+				"wpa", "wpa+aes", "wpa2", "wpa2+aes",
+				"psk", "psk+aes")' \
 			'key:string' \
 			'vid:range(1,65535):1' \
 			'type:or("backhaul", "fronthaul", "combined")' \

map-topology/Makefile

@@ -6,11 +6,11 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=map-topology
-PKG_VERSION:=2.5.1.13
+PKG_VERSION:=2.5.1.14
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
-PKG_SOURCE_VERSION:=aaa55a72e719184af32d57a9b40bec1c440774a9
+PKG_SOURCE_VERSION:=bacbffccabdc1a388a135daad58db4ca60676b05
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/map-topology.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz

map-topology/files/etc/firewall.hosts

@@ -0,0 +1,126 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+day=""
+IP_RULE=""
+
+process_ac_schedule() {
+	local acs_id="$1"
+	local is_enabled
+	local access_control
+	local start_time=""
+	local stop_time=""
+	local mac=""
+
+	handle_day_list() {
+		local value=$1
+
+		val=$(echo $value | cut -c 1-3)
+		if [ -z $day ]; then
+			day="$val"
+		else
+			day="$day,$val"
+		fi
+	}
+
+	config_list_foreach "$acs_id" "day" handle_day_list
+	config_get is_enabled "$acs_id" "enable" 1
+	config_get access_control "$acs_id" "dm_parent"
+
+	if [ "$is_enabled" == "0" ] || [ -z "$access_control" ]; then
+		return
+	fi
+
+	IP_RULE=""
+
+	mac=$(uci -q get hosts.$access_control.macaddr)
+	access_policy=$(uci -q get hosts.$access_control.access_policy)
+
+	config_get start_time "$acs_id" "start_time"
+	config_get duration "$acs_id" "duration"
+
+	if [ -z "$mac" ] && [ -z "$start_time" ] && [ -z "$duration" ] && [ -z "$day" ] && [ -z "$access_policy" ]; then
+		return
+	fi
+	if [ -n "$mac" ]; then
+		IP_RULE="$IP_RULE -m mac --mac-source $mac"
+	fi
+
+	# as per iptables manual default starttime is 00:00
+	# default stoptime is 23:59
+	if [ -z "$start_time" ]; then
+		start_time="0:0"
+	fi
+
+        if [ -n "$duration" ]; then
+		hh=$(echo $start_time | awk -F: '{ print $1 }')
+                mm=$(echo $start_time | awk -F: '{ print $2 }')
+                hh_s=`expr $hh \* 3600`
+                mm_s=`expr $mm \* 60`
+                ss=$(( hh_s + mm_s ))
+
+                stop_ss=$(( ss + duration ))
+                hh=$(( stop_ss / 3600 ))
+                if [ $hh -lt 24 ]; then
+                	rem_ss=$(( stop_ss % 3600 ))
+                	mm=$(( rem_ss / 60 ))
+                	ss=$(( rem_ss % 60 ))
+                	stop_time="$hh:$mm:$ss"
+                else
+                	stop_time="23:59"
+                fi
+        else
+        	stop_time="23:59"
+        fi
+
+	# conversion to utc
+	zone=$(date +%z | cut -c 1)
+	utc_h=$(date -u -d @$(date "+%s" -d "$start_time") +%H)
+	local_h=$(echo $start_time | awk -F: '{ print $1 }')
+	if [ "$zone" == "+" ] && [ $utc_h -gt $local_h ]; then
+		start_utc="0:0"
+	else
+		start_utc=$(date -u -d @$(date "+%s" -d "$start_time") +%H:%M)
+	fi
+
+	utc_h=$(date -u -d @$(date "+%s" -d "$stop_time") +%H)
+	local_h=$(echo $stop_time | awk -F: '{ print $1 }')
+	if [ "$zone" == "-" ] && [ $utc_h -lt $local_h ]; then
+		stop_utc="23:59"
+	else
+		stop_utc=$(date -u -d @$(date "+%s" -d "$stop_time") +%H:%M)
+	fi
+
+
+	IP_RULE="$IP_RULE -m time --timestart $start_utc --timestop $stop_utc"
+	if [ -n "$day" ]; then
+		IP_RULE="$IP_RULE --weekdays $day"
+	fi
+
+	if [ "$access_policy" == "Deny" ]; then
+		IP_RULE="$IP_RULE -j DROP"
+	else
+		IP_RULE="$IP_RULE -j ACCEPT"
+	fi
+
+	iptables -w -A hosts_forward ${IP_RULE}
+	ip6tables -w -A hosts_forward ${IP_RULE}
+
+	day=""
+}
+
+iptables -w -F hosts_forward
+ip6tables -w -F hosts_forward
+
+iptables -w -t filter -N hosts_forward
+ret=$?                        
+[ $ret -eq 0 ] && iptables -w -t filter -I FORWARD -j hosts_forward
+ip6tables -w -t filter -N hosts_forward
+ret=$?                        
+[ $ret -eq 0 ] && ip6tables -w -t filter -I FORWARD -j hosts_forward
+
+# Load /etc/config/hosts UCI file
+config_load hosts
+config_foreach process_ac_schedule ac_schedule
+

map-topology/files/etc/uci-defaults/992-firewall_host.ucidefaults

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ -f /etc/firewall.hosts ]; then
+	uci -q get firewall.hosts || {
+		uci -q set firewall.hosts=include
+		uci -q set firewall.hosts.path="/etc/firewall.hosts"
+		uci -q set firewall.hosts.reload=1
+	}
+fi
+
+
+exit 0

obuspa/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=6.0.0.12
+PKG_VERSION:=6.0.0.14
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/fork/obuspa.git
-PKG_SOURCE_VERSION:=668748cd4801aa5af12d61d9b0837064b9f933cc
+PKG_SOURCE_VERSION:=3df3346238a9eef2168fddadcef01ebe311053e4
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@@ -110,6 +110,7 @@ define Package/obuspa/install
 	$(INSTALL_DATA) ./files/etc/bbfdm/json/USPAgent.json $(1)/etc/bbfdm/json/USPAgent.json
 	$(INSTALL_DATA) ./files/etc/bbfdm/json/TransferComplete.json $(1)/etc/bbfdm/json/TransferComplete.json
 	$(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/50-add-mqtt-usp-test $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,obuspa))

obuspa/files/etc/uci-defaults/50-add-mqtt-usp-test

@@ -0,0 +1,14 @@
+add_usp_test()
+{
+        if ! uci_get mosquitto usptest >/dev/null 2>&1; then
+                uci_add mosquitto listener usptest
+                uci_set mosquitto usptest enabled 1
+                uci_set mosquitto usptest port '9001'
+                uci_set mosquitto usptest protocol 'websockets'
+                uci_set mosquitto usptest require_certificates '0'
+                uci_set mosquitto usptest auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+        fi
+}
+
+uci_load mosquitto
+add_usp_test

qosmngr/Makefile

@@ -27,7 +27,7 @@ define Package/qosmngr
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=QoS Manager
-  DEPENDS:=@(TARGET_brcmbca||TARGET_airoha) +libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos
+  DEPENDS:=@(TARGET_brcmbca||TARGET_airoha||TARGET_iopsys_mediatek) +libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos
 endef
 
 define Package/qosmngr/description
@@ -60,4 +60,12 @@ define Package/qosmngr/install
 	$(call Package/qosmngr/install/common,$(1))
 endef
 endif
+
+ifeq ($(CONFIG_TARGET_iopsys_mediatek),y)
+define Package/qosmngr/install
+	$(CP) ./files/linux/* $(1)/
+	echo "Honoring the flag mediatek"
+	$(call Package/qosmngr/install/common,$(1))
+endef
+endif
 $(eval $(call BuildPackage,qosmngr))

qosmngr/files/airoha/lib/qos/airoha.sh

@@ -182,9 +182,9 @@ hw_commit_all() {
 
     if [ "${glob_alg}" != "" ] ; then
         /userfs/bin/qosrule discpline $(hw_sc_alg2str ${glob_alg}) ${weight_list} \
-                            ${shape_rate:+uplink-bandwidth} $shape_rate \
+                            uplink-bandwidth ${shape_rate:-0} \
                             queuemask $queue_mask
     else
-        /userfs/bin/qosrule discpline off
+        /userfs/bin/qosrule discpline Enable 0
     fi
 }

qosmngr/files/airoha/lib/qos/common/classify.sh

@@ -5,9 +5,9 @@
 handle_classify() {
     cid="$1" #classify section ID
 
-    config_get is_enable "$cid" "enable"
+    config_get is_enable "$cid" "enable" 1
     # no need to configure disabled classify rules
-    if [ -z "$is_enable" ] || [ "$is_enable" == "0" ]; then
+    if [ "$is_enable" == "0" ]; then
         return
     fi
 

qosmngr/files/airoha/lib/qos/common/policer.sh

@@ -80,10 +80,10 @@ handle_policer() {
     local p_sec="$1" # policer section ID
     local dir=1 # default direction, upstream
 
-    config_get is_enable "$p_sec" "enable"
+    config_get is_enable "$p_sec" "enable" 1
 
     # No need to configure disabled policer
-    if [ -z "$is_enable" ] || [ "$is_enable" == "0" ] ; then
+    if [ "$is_enable" == "0" ] ; then
         return
     fi
 

qosmngr/files/airoha/lib/qos/common/queue.sh

@@ -18,10 +18,10 @@ handle_queue() {
     local qid="$1" #queue section ID
     local intf_name="$2"
 
-    config_get is_enable "$qid" "enable"
+    config_get is_enable "$qid" "enable" 1
 
     # no need to configure disabled queues
-    if [ -z "${is_enable}" ] || [ "${is_enable}" == "0" ]; then
+    if [ "${is_enable}" == "0" ]; then
         return
     fi
 

qosmngr/files/airoha/lib/qos/common/shaper.sh

@@ -7,9 +7,9 @@
 handle_shaper() {
     sid="$1" #queue section ID
 
-    config_get is_enable "$sid" "enable"
+    config_get is_enable "$sid" "enable" 1
     # no need to configure disabled queues
-    if [ -z "${is_enable}" ] || [ "${is_enable}" == "0" ] ; then
+    if [ "${is_enable}" == "0" ] ; then
         return
     fi
 

qosmngr/files/linux/etc/uci-defaults/60-qos_queue_generate

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+ethwan="$(db -q get hw.board.ethernetWanPort)"
+
+generate_queue(){
+	section="$1"
+
+	config_get ifname "$section" "ifname"
+
+	local no_of_q="0 1 2 3 4 5 6 7"
+
+	i=0
+	local total_q=$((${no_of_q##* } + 1))
+        for i in $no_of_q; do
+		order=$((total_q - i))
+		uci add qos queue
+		uci rename qos.@queue[-1]="q_${i}_${ifname}"
+		uci set qos.@queue[-1].enable="1"
+		uci set qos.@queue[-1].ifname="$ifname"
+		uci set qos.@queue[-1].precedence="$order"
+		uci set qos.@queue[-1].scheduling="SP"
+		uci set qos.@queue[-1].rate="1000000"
+		uci set qos.@queue[-1].burst_size="1500"
+		uci set qos.@queue[-1].weight="1"
+	done
+
+	uci commit qos
+}
+
+if [ -s "/etc/config/qos" ]; then
+	if uci -q get qos.@queue[0] >/dev/null; then
+		# return if there is any valid content
+		exit
+	else
+		rm -f /etc/config/qos
+	fi
+fi
+touch /etc/config/qos
+
+config_load ports
+config_foreach generate_queue ethport

qosmngr/files/linux/lib/qos/qos.sh

@@ -0,0 +1,431 @@
+#!/bin/sh
+. /lib/functions.sh
+#set -x
+
+POLICER_COUNT=0
+Q_COUNT=0
+SP_Q_PRIO=7
+
+#counter variable to assign classify order value if not added in config
+temp_order=1
+
+# Function to handle a queue order and
+# update total number of queues
+handle_q_order() {
+	local qid="$1" #queue section ID
+
+	config_get is_enable "$qid" "enable" 1
+
+	# No need to configure disabled queues
+	if [ $is_enable == '0' ]; then
+		return
+	fi
+
+	config_get ifname "$qid" "ifname"
+	# If ifname is empty that is good enough to break
+	if [ -z "$ifname" ];then
+		return
+	fi
+
+	# Create precedence file containing queue order per
+	# interface.
+	local precedence_file="/tmp/qos/$ifname/q_order"
+	local q_no=$(cat /tmp/qos/$ifname/q_idx)
+
+	config_get precedence "$qid" "precedence"
+	value=${precedence}_q${q_no}
+	echo $value >> $precedence_file
+
+	# Update the number of queues per interface.
+	q_no=$((q_no + 1))
+	echo $q_no > /tmp/qos/$ifname/q_idx
+}
+
+# Sort queue, lower value in uci means higher precedence, so this
+# function sorts the precedence in decending order
+sort_q_by_precedence() {
+	ifname="$1"
+
+	local order_file="/tmp/qos/$ifname/q_order"
+	local tmp_order_file="/tmp/qos/$ifname/q_order.tmp"
+
+	sort -n -k1 $order_file > $tmp_order_file
+	cp $tmp_order_file $order_file
+	rm -f $tmp_order_file
+}
+
+sort_by_precedence() {
+	for interf in $(db -q get hw.board.ethernetPortOrder); do
+		sort_q_by_precedence $interf
+	done
+}
+
+# function to handle a queue section
+handle_queue() {
+	local qid="$1" #queue section ID
+	local port="$2"
+	local port_bw="$3"
+	local root="$4"
+	local port_bs="$5"
+
+	config_get is_enable "$qid" "enable"
+
+	# no need to configure disabled queues
+	if [ "$is_enable" == "0" ]; then
+		return
+	fi
+
+	config_get ifname "$qid" "ifname"
+	# if ifname is empty that is good enough to break
+	if [ -z "$ifname" ];then
+		return
+	fi
+
+	# This is to get the qid per interface.
+	if [ "$port" != "$ifname" ]; then
+		return
+	fi
+
+	local precedence_file="/tmp/qos/$ifname/q_order"
+
+	local temp_order=0
+	while read -r line; do
+		line_qid=${line: -1}
+		if [ "$line_qid" == "$Q_COUNT" ]; then
+			break
+		fi
+		temp_order=$((temp_order + 1))
+	done < "$precedence_file"
+
+	# precedence_file so the order is calculated accordingly.
+	local order=`expr $SP_Q_PRIO - $temp_order`
+
+	config_get sc_alg "$qid" "scheduling"
+	config_get wgt "$qid" "weight" 1
+	config_get rate "$qid" "rate"
+	config_get bs "$qid" "burst_size"
+	config_get qsize "$qid" "queue_size" 1024
+
+	[ "$rate" == "0" ] && rate="$port_bw"
+	[ "$bs" == "0" ] && bs="$port_bs"
+
+	local salg=1
+
+	case "$sc_alg" in
+		"SP") salg=1
+		;;
+		"WRR") salg=2
+		;;
+		"WDRR") salg=3
+		;;
+		"WFQ") salg=4
+		;;
+	esac
+
+	# ignore precedence value in case of WRR, broadcom recommends that WRR queue should
+	# always have precedence value set to 0
+	if [ $salg -eq 2 ]; then
+	       order=0
+	fi
+
+	if [ $salg -eq 2 ]; then
+		tc class add dev $port parent ${root}: classid ${root}:$((order + 1)) cbq allot $bs bandwidth ${port_bw}kbit rate ${rate}kbit prio $order weight $wgt  avpkt 1500 bounded isolated
+	else
+		tc class add dev $port parent ${root}: classid ${root}:$((order + 1)) cbq allot $bs bandwidth ${port_bw}kbit rate ${rate}kbit prio $order  avpkt 1500 bounded isolated
+	fi
+	
+	if [ $order -eq 0 ]; then
+		# By default flowid is targeted to queue 1.
+		tc filter add dev $port parent ${root}:0 protocol ip prio 1 u32 match u32 0 0  flowid ${root}:1
+	fi
+
+	Q_COUNT=$((Q_COUNT + 1))
+}
+
+#function to handle a policer section
+handle_policer() {
+	local p_sec="$1" # policer section ID
+	local dir=1 # default direction, upstream
+
+	config_get is_enable "$p_sec" "enable"
+
+	#no need to configure disabled policer
+	if [ $is_enable == '0' ]; then
+		return
+	fi
+
+	POLICER_COUNT=$((POLICER_COUNT + 1))
+}
+
+setup_qos() {
+	if [ ! -d "/tmp/qos" ]; then
+		mkdir -p /tmp/qos
+	fi
+
+	ebtables -t broute -N qos
+	ret=$?
+	if [ $ret -eq 0 ]; then
+		ebtables -t broute -I BROUTING -j qos
+	else
+		ebtables -t broute -D BROUTING -j qos
+		ebtables -t broute -I BROUTING -j qos
+	fi
+
+	iptables -w -t mangle -N qos_forward
+	ret=$?
+	[ $ret -eq 0 ] && iptables -w -t mangle -I FORWARD -j qos_forward
+
+	iptables -w -t mangle -N qos_prerouting
+	ret=$?
+	[ $ret -eq 0 ] && iptables -w -t mangle -I PREROUTING -j qos_prerouting
+
+	iptables -w -t mangle -N qos_output
+	ret=$?
+	[ $ret -eq 0 ] && iptables -w -t mangle -I OUTPUT -j qos_output
+
+	ip6tables -t mangle -N qos_forward
+	ret=$?
+	[ $ret -eq 0 ] && ip6tables -t mangle -I FORWARD -j qos_forward
+
+	ip6tables -t mangle -N qos_prerouting
+	ret=$?
+	[ $ret -eq 0 ] && ip6tables -t mangle -I PREROUTING -j qos_prerouting
+
+	ip6tables -t mangle -N qos_output
+	ret=$?
+	[ $ret -eq 0 ] && ip6tables -t mangle -I OUTPUT -j qos_output
+}
+
+handle_policer_rules() {
+	local c_sec=$1
+	local policer_name
+	local ifname
+	local pname
+	local pindex=-1
+	local ingress_rate=0
+	local in_burst_size=0
+
+	config_get policer_name "$c_sec" "policer"
+	if [ -z "$policer_name" ];then
+		# no need to apply policer if policer not present in this
+		# classification rule
+		return
+	fi
+
+	config_get ifname "$c_sec" "ifname"
+	if [ -z "$ifname" ]; then
+		# cannot associate policer as interface is not mentioned
+		return
+	fi
+
+	local i=0
+	local max_policer_inst=$(cat /tmp/qos/max_policer_inst)
+	while :
+	do
+		if [ $i -eq $max_policer_inst ]; then
+			break
+		fi
+
+		pname="$(uci -q get qos.@policer[$i].name)"
+		if [ "$policer_name" == "$pname" ]; then
+			pindex=$i
+			ingress_rate=$(uci -q get qos.@policer[$i].committed_rate)
+			in_burst_rate=$(uci -q get qos.@policer[$i].committed_burst_size)
+			break
+		fi
+		i=$((i + 1))
+	done
+
+	if [ $pindex -lt 0 ]; then
+		# policer not found, no need to proceed further
+		return
+	fi
+
+	config_ingress_rate_limit $ifname $ingress_rate $in_burst_size $pindex
+
+}
+
+config_ingress_rate_limit() {
+	local ifname="$1"
+	local ingress_rate=$2
+	local in_burst_size=$3
+	local pindex="$4"
+	local wanport="$(db -q get hw.board.ethernetWanPort)"
+
+	# Unit in uci file is in bps while that accepted by ethswctl is kbits
+	if [ $ingress_rate -lt 1000 ]; then
+		return
+	fi
+
+	ingress_rate=$((ingress_rate / 1000))
+
+	if [ $in_burst_size -eq 0 ]; then
+		in_burst_size=$ingress_rate
+	else
+		in_burst_size=$((in_burst_size / 1000))
+	fi
+
+	tc qdisc add dev $ifname ingress
+
+	tc filter add dev $ifname parent ffff: protocol ip prio $pindex u32 match ip src 0.0.0.0/0 police rate ${ingress_rate}kbit burst $in_burst_size drop flowid :$pindex
+
+}
+
+#function to handle a classify section
+handle_classify() {
+        cid="$1" #classify section ID
+
+        config_get is_enable "$cid" "enable"
+        # no need to configure disabled classify rules
+        if [ "$is_enable" == '0' ]; then
+                return
+        fi
+        handle_policer_rules $cid
+}
+
+configure_classify() {
+        #processing classify section
+
+        # create files that will contain the rules if not present already
+        mkdir -p /tmp/qos/
+
+        # Load UCI file
+        config_load qos
+        config_foreach handle_classify classify
+}
+
+pre_configure_queue() {
+	# Delete queues
+	for intf in $(db get hw.board.ethernetPortOrder); do
+		rm -rf /tmp/qos/$intf
+
+		mkdir -p /tmp/qos/$intf
+		touch /tmp/qos/$intf/q_order
+		touch /tmp/qos/$intf/q_idx
+		echo 0 > /tmp/qos/$intf/q_idx
+
+		tc qdisc del dev $intf root
+		tc qdisc del dev $intf ingress
+	done
+}
+
+get_link_rate() {                     
+        intf="$1"              
+        speed=0   
+        config_load ports               
+        get_speed() {
+                psid="$1"                     
+                iname="$2"
+                config_load ports             
+                config_get ifname "$psid" "ifname"
+                if [ "$ifname" == "$iname" ]; then
+                        config_get speed "$psid" "speed"
+                fi
+        }                                
+        config_foreach get_speed ethport $intf           
+        echo "$speed"           
+}                   
+
+configure_queue() {
+	qdisc_idx=0
+	local bs=1500
+	local rate=0
+	# Load UCI file
+	config_load qos
+	config_foreach handle_q_order queue
+	sort_by_precedence
+
+	get_intf_shaper_config() {
+		local b_size
+		sid="$1" #shaper section ID
+
+		config_get is_enable "$sid" "enable"
+		# no need to configure disabled queues
+		if [ "$is_enable" == "0" ]; then
+			return
+		fi
+
+
+		config_get ifname "$sid" "ifname"
+		# if ifname is empty that is good enough to break
+		if [ -z "$ifname" ] || ! [ "$ifname" == "$2" ];then
+			return
+		fi
+
+		config_get rate "$sid" "rate"
+		# Convert the rate from bps to kbps.
+		if [ $rate -lt 1000 ];then
+			return
+		fi
+
+		rate=$(( rate / 1000 ))
+		config_get b_size "$sid" "burst_size"
+		if [ "$b_size" == "0" ]; then
+			bs="$b_size"
+		fi
+	}
+
+	for interf in $(db -q get hw.board.ethernetPortOrder); do
+		Q_COUNT=0
+		rate=0
+		# sp queue have max priority value = no. of queue configured on the port
+		# hence read and update SP_Q_PRIO here
+		local q_no=$(cat /tmp/qos/$interf/q_idx)
+		SP_Q_PRIO=`expr $q_no - 1`
+		qdisc_idx=`expr $qdisc_idx + 1`
+		# link_rate is in mbps and rate is in kbp
+		link_rate=$(get_link_rate "$interf")
+		# Read the shaper configuration for interface
+		config_foreach get_intf_shaper_config shaper $interf
+		if [ "$rate" == "0" ]; then
+			rate=$(( link_rate * 1000 ))
+		fi
+
+		# TODO using 1500 as allot and avpkt, if shaper config exist for interf get burst_size of shaper for actual value
+		tc qdisc add dev $interf root handle ${qdisc_idx}: cbq allot $bs  avpkt 1500 bandwidth ${rate}kbit
+
+		config_foreach handle_queue queue $interf $rate $qdisc_idx $bs
+	done
+}
+
+configure_policer() {
+
+        # Delete policer
+        local i=0
+        local max_p_inst=0
+        if [ -f "/tmp/qos/max_policer_inst" ]; then
+                max_p_inst=$(cat /tmp/qos/max_policer_inst)
+        fi
+
+        # reset the policer counter
+        echo 0 > /tmp/qos/max_policer_inst
+        # Load UCI file
+        config_load qos
+        config_foreach handle_policer policer
+        echo $POLICER_COUNT > /tmp/qos/max_policer_inst
+}
+
+
+configure_qos() {
+	pre_configure_queue
+	configure_queue
+	configure_policer
+}
+
+reload_qos() {
+	local service_name="$1"
+
+	if [ -z "$service_name" ]; then
+		configure_qos
+	elif [ "$service_name" == "queue" ]; then
+		pre_configure_queue
+		configure_queue
+	elif [ "$service_name" == "policer" ]; then
+		configure_policer
+	fi
+}
+
+reload_qos_service() {
+	reload_qos
+}
+

ssdpd/Makefile

@@ -5,13 +5,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ssdpd
-PKG_RELEASE:=1.0.0
+PKG_VERSION:=1.0.3
 
-PKG_VERSION:=1.6.0
-PKG_SOURCE_URL:=http://miniupnp.free.fr/files/
-PKG_SOURCE:=mini$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=f4c2dea6a472e0a5cc9dca2dc4c1fc36ba5538eacf8d793825293251725546bd
-PKG_BUILD_DIR:=$(BUILD_DIR)/mini$(PKG_NAME)-$(PKG_VERSION)
+LOCAL_DEV:=0
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp.git
+PKG_SOURCE_VERSION:=207cf440a22c075cb55fb067a850be4f9c204e6e
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -26,6 +29,8 @@ define Package/ssdpd
   URL:=https://miniupnp.tuxfamily.org/minissdpd.html
 endef
 
+MAKE_PATH:=minissdpd
+
 TARGET_CFLAGS += \
 	-D_GNU_SOURCE \
 	-Wall -Wextra -Werror
@@ -33,6 +38,12 @@ TARGET_CFLAGS += \
 TARGET_LDFLAGS += \
 	-lpthread -lubox -lubus -lblobmsg_json -lcurl -lmxml
 
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+	$(CP) -rf ~/git/sspd/* $(PKG_BUILD_DIR)/
+endef
+endif
+
 define Package/ssdpd/install
 	$(INSTALL_DIR) $(1)/etc/upnp
 	$(INSTALL_DIR) $(1)/etc/upnp/description
@@ -41,7 +52,7 @@ define Package/ssdpd/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_CONF) ./files/etc/config/ssdpd $(1)/etc/config/ssdpd
 	$(INSTALL_BIN) ./files/etc/init.d/ssdpd $(1)/etc/init.d/ssdpd
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/minissdpd $(1)/usr/sbin/ssdpd
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/minissdpd/minissdpd $(1)/usr/sbin/ssdpd
 endef
 
 $(eval $(call BuildPackage,ssdpd))

ssdpd/files/etc/config/ssdpd

@@ -4,4 +4,6 @@ config ssdpd 'ssdp'
 	option ipv6_enabled '0'
 	option socket_path '/var/run/minissdpd.sock'
 	option ttl '2'
-	option interface ''
+	option interface 'br-lan'
+	option debug '0'
+

ssdpd/files/etc/init.d/ssdpd

@@ -1,19 +1,20 @@
 #!/bin/sh /etc/rc.common
 
-START=80
+START=99
 STOP=02
 
 USE_PROCD=1
 PROG=/usr/sbin/ssdpd
 
 log() {
-	echo "${@}"|logger -t ssdp.init -p info
+	echo "${@}"|logger -t ssdpd.init -p info
 }
 
 validate_ssdpd_ssdp_section()
 {
 	uci_validate_section ssdpd ssdpd "ssdp" \
 		'enabled:bool:true' \
+		'debug:bool:false' \
 		'ipv6_enabled:bool:false' \
 		'socket_path:string' \
 		'ttl:uinteger' \
@@ -33,10 +34,16 @@ configure_ssdp()
 
 	[ ${enabled} -eq 0 ] && return 0
 
+	procd_set_param command ${PROG}
+
 	if [ ${ipv6_enabled} -eq 1 ]; then
 		procd_append_param command -6
 	fi
 
+	if [ ${debug} -eq 1 ]; then
+		procd_append_param command -d
+	fi
+
 	if [ -n "${socket_path}" ]; then
 		procd_append_param command -s ${socket_path}
 	fi
@@ -45,18 +52,12 @@ configure_ssdp()
 		procd_append_param command -t ${ttl}
 	fi
 
-	if [ -z "${interface}" ]; then
-		iface=$(uci -q get cwmp.cpe.default_lan_interface)
-		interface=$(ifstatus ${iface} | jsonfilter -e @.device)
-	fi
-
-	procd_append_param command -i ${interface}
-	procd_append_param command -d
+	# If no interface is given defaults for br-lan
+	procd_append_param command -i ${interface:-br-lan}
 }
 
 start_service() {
 	procd_open_instance ssdp
-	procd_set_param command ${PROG}
 	configure_ssdp
 	procd_set_param respawn
 	procd_close_instance

ssdpd/patches/001-fix-gcc-warnings

@@ -1,5 +1,5 @@
---- a/openssdpsocket.c
-+++ b/openssdpsocket.c
+--- a/minissdpd/openssdpsocket.c
++++ b/minissdpd/openssdpsocket.c
 @@ -11,6 +11,7 @@
  #include <unistd.h>
  #include <sys/ioctl.h>
@@ -8,8 +8,8 @@
  #include <netinet/in.h>
  #include <arpa/inet.h>
  #include <net/if.h>
---- a/ifacewatch.c
-+++ b/ifacewatch.c
+--- a/minissdpd/ifacewatch.c
++++ b/minissdpd/ifacewatch.c
 @@ -130,6 +130,7 @@ ProcessInterfaceWatch(int s, int s_ssdp,
  		/* case RTM_DELLINK: */
  		case RTM_DELADDR:

ssdpd/patches/010-add-test-object

@@ -1,5 +1,5 @@
---- a/Makefile
-+++ b/Makefile
+--- a/minissdpd/Makefile
++++ b/minissdpd/Makefile
 @@ -41,7 +41,7 @@ endif
  EXECUTABLES = minissdpd testminissdpd testcodelength \
                showminissdpdnotif

ssdpd/patches/011-add-ubus-object

@@ -1,5 +1,5 @@
 --- /dev/null
-+++ b/ssdpd.c
++++ b/minissdpd/ssdpd.c
 @@ -0,0 +1,626 @@
 +/*
 + * Copyright (C) 2022 iopsys Software Solutions AB

ssdpd/patches/012-ubus-runner-thread-hook

@@ -1,5 +1,5 @@
---- a/minissdpd.c
-+++ b/minissdpd.c
+--- a/minissdpd/minissdpd.c
++++ b/minissdpd/minissdpd.c
 @@ -32,6 +32,8 @@
  #include <pwd.h>
  #include <grp.h>
@@ -9,17 +9,18 @@
  
  /* LOG_PERROR does not exist on Solaris */
  #ifndef LOG_PERROR
-@@ -52,6 +54,9 @@
+@@ -52,6 +54,10 @@
  #define MIN(x,y) (((x)<(y))?(x):(y))
  #endif
  
 +extern char *ssdp_sockpath;
 +void upnp_thread_discover_devices(void);
++void ssdpd_ubus_stop(void);
 +
  /* current request management structure */
  struct reqelem {
  	int socket;
-@@ -1220,6 +1225,12 @@ static void ssdpDiscover(int s, int ipv6
+@@ -1220,6 +1226,12 @@ static void ssdpDiscover(int s, int ipv6
  	}
  }
  
@@ -32,7 +33,7 @@
  /* main(): program entry point */
  int main(int argc, char * * argv)
  {
-@@ -1264,6 +1275,7 @@ int main(int argc, char * * argv)
+@@ -1264,6 +1276,7 @@ int main(int argc, char * * argv)
  	unsigned char ttl = 2;	/* UDA says it should default to 2 */
  	const char * searched_device = NULL;	/* if not NULL, search/filter a specific device type */
  	int opt;
@@ -40,7 +41,7 @@
  
  	LIST_INIT(&reqlisthead);
  	LIST_INIT(&servicelisthead);
-@@ -1309,6 +1321,7 @@ int main(int argc, char * * argv)
+@@ -1309,6 +1322,7 @@ int main(int argc, char * * argv)
  			break;
  		case 's':
  			sockpath = optarg;
@@ -48,7 +49,7 @@
  			break;
  #ifndef NO_BACKGROUND_NO_PIDFILE
  		case 'p':
-@@ -1496,6 +1509,11 @@ int main(int argc, char * * argv)
+@@ -1496,6 +1510,11 @@ int main(int argc, char * * argv)
  	if(s_ssdp6 >= 0)
  		ssdpDiscover(s_ssdp6, 1, searched_device);
  
@@ -60,11 +61,35 @@
  	/* Main loop */
  	while(!quitting) {
  		/* fill readfds fd_set */
-@@ -1704,6 +1722,7 @@ quit:
+@@ -1704,6 +1723,8 @@ quit:
  	if(unlink(pidfilename) < 0)
  		syslog(LOG_ERR, "unlink(%s): %m", pidfilename);
  #endif
++	ssdpd_ubus_stop();
 +	pthread_join(upnp_thread, NULL);
  	closelog();
  	return ret;
  }
+--- a/minissdpd/ssdpd.c
++++ b/minissdpd/ssdpd.c
+@@ -624,3 +624,8 @@ end:
+ 	uloop_done();
+ 	ubus_free(ctx);
+ }
++
++void ssdpd_ubus_stop(void)
++{
++	uloop_end();
++}
++
+--- a/minissdpd/config.h
++++ b/minissdpd/config.h
+@@ -32,7 +32,7 @@
+ 
+ /* When NO_BACKGROUND_NO_PIDFILE is defined, minissdpd does not go to
+  * background and does not create any pidfile */
+-/*#define NO_BACKGROUND_NO_PIDFILE*/
++#define NO_BACKGROUND_NO_PIDFILE
+ 
+ /* define HAVE_IP_MREQN to use struct ip_mreqn instead of struct ip_mreq
+  * for setsockopt(IP_MULTICAST_IF). Available with Linux 2.4+,

sulu-builder/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=1.3.24
+PKG_VERSION:=1.3.25
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
@@ -162,11 +162,6 @@ endif
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
 
-	$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
-
 	$(INSTALL_DIR) $(1)/etc/sulu
 	$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
@@ -176,6 +171,7 @@ endif
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-nginx-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/01-update-nginx-uci-template $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/10-add-mqtt-config $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,${PKG_NAME}))

sulu-builder/files/etc/config/sulu

@@ -1,5 +1,4 @@
 config global 'global'
-	option enable_system_credentials '1'
 	option role_based_access '1'
 	list user 'admin'
 	list user 'user'

sulu-builder/files/etc/init.d/sulu

@@ -33,8 +33,9 @@ start_service() {
 		return 0
 	fi
 
+	update_nginx_template
 	configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
-	update_sulu_connection_port
+	generate_sulu_conn_config "${role_based_access}"
 	procd_close_instance
 }
 

sulu-builder/files/etc/mosquitto/conf.d/obuspa.conf

@@ -1,3 +0,0 @@
-listener 1883 127.0.0.1
-allow_anonymous true
-

sulu-builder/files/etc/mosquitto/conf.d/sulu.conf

@@ -1,4 +0,0 @@
-listener 9001
-protocol websockets
-require_certificate false
-allow_anonymous false

sulu-builder/files/etc/mosquitto/sulu.password

@@ -1 +0,0 @@
-admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==

sulu-builder/files/etc/sulu/sulu.sh

@@ -2,7 +2,6 @@
 
 . /lib/functions.sh
 
-ACL_FILE="/tmp/sulu/mqtt.acl"
 _RESTART_SERVICES="0"
 
 mkdir -p /tmp/sulu/
@@ -54,6 +53,22 @@ function _get_sulu_root()
 	echo "${root:-/sulu}"
 }
 
+function _get_usp_upstream_port()
+{
+	local port
+
+	port="$(uci -q get mosquitto.sulu.port)"
+	echo "${port:-9009}"
+}
+
+function _get_sulu_acl_file()
+{
+	local file
+
+	file="$(uci -q get mosquitto.sulu.acl_file)"
+	echo "${file}"
+}
+
 function _get_sulu_tls_port()
 {
 	local port listen
@@ -64,6 +79,19 @@ function _get_sulu_tls_port()
 	echo "${port:-8443}"
 }
 
+function update_nginx_template()
+{
+	local port
+
+	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+	port="$(_get_usp_upstream_port)"
+        if ! grep -q "upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}; then
+		sed -i "s/upstream websocket { server 127.0.0.1:[0-9]\+; }/upstream websocket { server 127.0.0.1:${var}; }/" ${UCI_TEMPLATE}
+		log "Restarting nginx"
+		ubus call uci commit '{"config":"nginx"}'
+	fi
+}
+
 function generate_sulu_conn_config()
 {
 	local rbac users SCONFIG
@@ -275,72 +303,40 @@ function _remove_obuspa_config_rbac()
 }
 
 function _create_acl() {
-        local agentid rbac users
+        local agentid rbac users restart
+	local ACL_FILE
 
 	rbac="${1:-0}"
+	restart="0"
 
-        [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
-
-	if [ "${rbac}" -eq "0" ]; then
-		return 0;
+	ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then
+		return 0
 	fi
 
-        agentid="$(_get_agent_id)"
-	users="$(_get_sulu_users)"
-        for f in ${users}; do
-                echo "user ${f}" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
-                echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
-                echo "" >> ${ACL_FILE}
-        done
-}
-
-function update_mosquitto_broker_config()
-{
-	local system_cred rbac restart
-
-	MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
-	system_cred="${1}"
-	rbac="${2}"
-	restart=0
-
-	if [ "${system_cred}" -eq "1" ]; then
-		if grep -q "password_file " ${MB_SULU_CONF}; then
-			sed -i '/password_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
-			echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
-			sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
-			echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
-			restart=1
-		fi
+	if [ -f "${ACL_FILE}" ]; then
+		rm -f "${ACL_FILE}"
 	fi
+	touch "${ACL_FILE}"
 
 	if [ "${rbac}" -eq "1" ]; then
-		_create_acl "${rbac}"
-		if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			sed -i '/acl_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
+		users="$(_get_sulu_users)"
+		agentid="$(_get_agent_id)"
+		for f in ${users}; do
+			if ! grep -q "user $f" ${ACL_FILE}; then
+				echo "user ${f}" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+				echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+				echo "" >> ${ACL_FILE}
+				restart="1"
+			fi
+		done
 	fi
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting mqtt broker..."
-		/etc/init.d/mosquitto restart &
+	if [ "${restart}" -gt "0" ]; then
+		slog "Restarting mosquitto..."
+		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
@@ -386,7 +382,7 @@ function configure_sulu()
 
 	_RESTART_SERVICES="${restart}"
 
-	update_mosquitto_broker_config "${sys_cred}" "${rbac}"
 	set_sulu_connection_mode "${rbac}"
 	update_obuspa_config "${rbac}"
+	_create_acl "${rbac}"
 }

sulu-builder/files/etc/uci-defaults/01-update-nginx-uci-template

@@ -3,8 +3,10 @@
 UCI_TEMPLATE="/etc/nginx/uci.conf.template"
 update_nginx_uci_template()
 {
-	sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
-	sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9001; }' ${UCI_TEMPLATE}
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
+		sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
+		sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9009; }' ${UCI_TEMPLATE}
+	fi
 }
 
 update_nginx_uci_template

sulu-builder/files/etc/uci-defaults/10-add-mqtt-config

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_obuspa_config()
+{
+	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
+		uci_add mosquitto listener obuspa
+		uci_set mosquitto obuspa enabled 1
+		uci_set mosquitto obuspa port '1883'
+		uci_set mosquitto obuspa no_remote_access '1'
+		uci_set mosquitto obuspa allow_anonymous '1'
+	fi
+}
+
+add_sulu_config()
+{
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu require_certificates '0'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
+	fi
+}
+
+uci_load mosquitto
+add_obuspa_config
+add_sulu_config

sulu/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu
-PKG_VERSION:=1.3.24
+PKG_VERSION:=1.3.25
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
@@ -49,11 +49,6 @@ endif
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
 
-	$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
-
 	$(INSTALL_DIR) $(1)/etc/sulu
 	$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
@@ -63,6 +58,7 @@ endif
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-nginx-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/01-update-nginx-uci-template $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/10-add-mqtt-config $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,sulu))

sulu/files/etc/config/sulu

@@ -1,5 +1,4 @@
 config global 'global'
-	option enable_system_credentials '1'
 	option role_based_access '1'
 	list user 'admin'
 	list user 'user'

sulu/files/etc/init.d/sulu

@@ -33,8 +33,9 @@ start_service() {
 		return 0
 	fi
 
+	update_nginx_template
 	configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
-	update_sulu_connection_port
+	generate_sulu_conn_config "${role_based_access}"
 	procd_close_instance
 }
 

sulu/files/etc/mosquitto/conf.d/obuspa.conf

@@ -1,3 +0,0 @@
-listener 1883 127.0.0.1
-allow_anonymous true
-

sulu/files/etc/mosquitto/conf.d/sulu.conf

@@ -1,4 +0,0 @@
-listener 9001
-protocol websockets
-require_certificate false
-allow_anonymous false

sulu/files/etc/mosquitto/sulu.password

@@ -1 +0,0 @@
-admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==

sulu/files/etc/sulu/sulu.sh

@@ -2,7 +2,6 @@
 
 . /lib/functions.sh
 
-ACL_FILE="/tmp/sulu/mqtt.acl"
 _RESTART_SERVICES="0"
 
 mkdir -p /tmp/sulu/
@@ -54,6 +53,22 @@ function _get_sulu_root()
 	echo "${root:-/sulu}"
 }
 
+function _get_usp_upstream_port()
+{
+	local port
+
+	port="$(uci -q get mosquitto.sulu.port)"
+	echo "${port:-9009}"
+}
+
+function _get_sulu_acl_file()
+{
+	local file
+
+	file="$(uci -q get mosquitto.sulu.acl_file)"
+	echo "${file}"
+}
+
 function _get_sulu_tls_port()
 {
 	local port listen
@@ -64,6 +79,19 @@ function _get_sulu_tls_port()
 	echo "${port:-8443}"
 }
 
+function update_nginx_template()
+{
+	local port
+
+	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+	port="$(_get_usp_upstream_port)"
+        if ! grep -q "upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}; then
+		sed -i "s/upstream websocket { server 127.0.0.1:[0-9]\+; }/upstream websocket { server 127.0.0.1:${var}; }/" ${UCI_TEMPLATE}
+		log "Restarting nginx"
+		ubus call uci commit '{"config":"nginx"}'
+	fi
+}
+
 function generate_sulu_conn_config()
 {
 	local rbac users SCONFIG
@@ -275,72 +303,40 @@ function _remove_obuspa_config_rbac()
 }
 
 function _create_acl() {
-        local agentid rbac users
+        local agentid rbac users restart
+	local ACL_FILE
 
 	rbac="${1:-0}"
+	restart="0"
 
-        [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
-
-	if [ "${rbac}" -eq "0" ]; then
-		return 0;
+	ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then
+		return 0
 	fi
 
-        agentid="$(_get_agent_id)"
-	users="$(_get_sulu_users)"
-        for f in ${users}; do
-                echo "user ${f}" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
-                echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
-                echo "" >> ${ACL_FILE}
-        done
-}
-
-function update_mosquitto_broker_config()
-{
-	local system_cred rbac restart
-
-	MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
-	system_cred="${1}"
-	rbac="${2}"
-	restart=0
-
-	if [ "${system_cred}" -eq "1" ]; then
-		if grep -q "password_file " ${MB_SULU_CONF}; then
-			sed -i '/password_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
-			echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
-			sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
-			echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
-			restart=1
-		fi
+	if [ -f "${ACL_FILE}" ]; then
+		rm -f "${ACL_FILE}"
 	fi
+	touch "${ACL_FILE}"
 
 	if [ "${rbac}" -eq "1" ]; then
-		_create_acl "${rbac}"
-		if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			sed -i '/acl_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
+		users="$(_get_sulu_users)"
+		agentid="$(_get_agent_id)"
+		for f in ${users}; do
+			if ! grep -q "user $f" ${ACL_FILE}; then
+				echo "user ${f}" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+				echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+				echo "" >> ${ACL_FILE}
+				restart="1"
+			fi
+		done
 	fi
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting mqtt broker..."
-		/etc/init.d/mosquitto restart &
+	if [ "${restart}" -gt "0" ]; then
+		slog "Restarting mosquitto..."
+		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
@@ -386,7 +382,7 @@ function configure_sulu()
 
 	_RESTART_SERVICES="${restart}"
 
-	update_mosquitto_broker_config "${sys_cred}" "${rbac}"
 	set_sulu_connection_mode "${rbac}"
 	update_obuspa_config "${rbac}"
+	_create_acl "${rbac}"
 }

sulu/files/etc/uci-defaults/01-update-nginx-uci-template

@@ -3,8 +3,10 @@
 UCI_TEMPLATE="/etc/nginx/uci.conf.template"
 update_nginx_uci_template()
 {
-	sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
-	sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9001; }' ${UCI_TEMPLATE}
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
+		sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
+		sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9009; }' ${UCI_TEMPLATE}
+	fi
 }
 
 update_nginx_uci_template

sulu/files/etc/uci-defaults/10-add-mqtt-config

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_obuspa_config()
+{
+	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
+		uci_add mosquitto listener obuspa
+		uci_set mosquitto obuspa enabled 1
+		uci_set mosquitto obuspa port '1883'
+		uci_set mosquitto obuspa no_remote_access '1'
+		uci_set mosquitto obuspa allow_anonymous '1'
+	fi
+}
+
+add_sulu_config()
+{
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu require_certificates '0'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
+	fi
+}
+
+uci_load mosquitto
+add_obuspa_config
+add_sulu_config

uspd/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uspd
-PKG_VERSION:=2.2.22
+PKG_VERSION:=2.2.23
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)

uspd/files/etc/init.d/uspd

@@ -30,6 +30,7 @@ configure_uspd()
 
 	[ ${enabled} -eq 0 ] && return 0
 
+	procd_set_param command ${PROG}
 	if [ ${debug} -eq 1 ]; then
 		procd_set_param stdout 1
 		procd_set_param stderr 1
@@ -46,7 +47,6 @@ configure_uspd()
 
 start_service() {
 	procd_open_instance usp
-	procd_set_param command ${PROG}
 	configure_uspd
 	procd_set_param respawn
 	procd_close_instance