From 1ac11e69007ad4522ca04dc857602a0fd2ad87a9 Mon Sep 17 00:00:00 2001 From: rirfha948 Date: Fri, 5 Sep 2025 11:58:46 +0000 Subject: [PATCH 01/26] RDKB-6079800: IPv6 Support for WiFi Hotspot Reason for change: Added appropriate Firewall changes Test Procedure: - TBD Risks: None Priority: P3 Change-Id: I21e345f281f9db6a3f28ac9f22c9103d1f22f93c Signed-off-by: rirfha948 --- source/firewall/firewall.c | 31 +++++++++++++++++++++++ source/firewall/firewall.h | 2 ++ source/firewall/firewall_ipv6.c | 45 ++++++++++++++++++++++++++++++--- 3 files changed, 74 insertions(+), 4 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 387202ee..f10e6aee 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -5248,6 +5248,31 @@ static int do_nat_ephemeral(FILE *fp) return(0); } +void applyHotspotPostRoutingRules(FILE *fp) +{ + FIREWALL_DEBUG("60736: Entering applyHotspotPostRoutingRules \n"); + int rc; + char *pStr = NULL; + errno_t safec_rc = -1; + char hotspot_wan_ifname[32]; + memset(hotspot_wan_ifname,0,sizeof(hotspot_wan_ifname)); + rc = PSM_VALUE_GET_STRING(PSM_HOTSPOT_WAN_IFNAME, pStr); + if(rc == CCSP_SUCCESS && pStr != NULL){ + FIREWALL_DEBUG("HotSpot wan interface fetched \n"); + safec_rc = strcpy_s(hotspot_wan_ifname, sizeof(hotspot_wan_ifname),pStr); + ERR_CHK(safec_rc); + Ansc_FreeMemory_Callback(pStr); + pStr = NULL; + } + FIREWALL_DEBUG(" line:%d current_wan_ifname:%s hotspot_wan_ifname %s \n" COMMA __LINE__ COMMA current_wan_ifname COMMA hotspot_wan_ifname); + + if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) + { + fprintf(fp, "-A postrouting_towan -j MASQUERADE\n"); + } + FIREWALL_DEBUG("60736: Exiting applyHotspotPostRoutingRules \n"); +} + #if defined(_BWG_PRODUCT_REQ_) /* * Procedure : do_raw_table_staticip @@ -5400,7 +5425,13 @@ static int do_wan_nat_lan_clients(FILE *fp) #ifdef RDKB_EXTENDER_ENABLED fprintf(fp, "-A postrouting_towan -j MASQUERADE\n"); #else + if (0 == checkIfULAEnabled()) + { + FIREWALL_DEBUG("Applying applyHotspotPostRoutingRules \n"); + applyHotspotPostRoutingRules(fp); + } else { fprintf(fp, "-A postrouting_towan -j SNAT --to-source %s\n", natip4); + } #endif #if defined (FEATURE_MAPT) || defined (FEATURE_SUPPORT_MAPT_NAT46) } diff --git a/source/firewall/firewall.h b/source/firewall/firewall.h index 6b9ae880..141e43e6 100644 --- a/source/firewall/firewall.h +++ b/source/firewall/firewall.h @@ -115,6 +115,7 @@ extern int sysevent_fd; extern char sysevent_ip[19]; extern unsigned short sysevent_port; #define PSM_VALUE_GET_STRING(name, str) PSM_Get_Record_Value2(bus_handle, CCSP_SUBSYS, name, NULL, &(str)) +#define PSM_HOTSPOT_WAN_IFNAME "dmsb.wanmanager.if.3.Name" int get_ip6address (char * ifname, char ipArry[][40], int * p_num, unsigned int scope_in); @@ -210,6 +211,7 @@ void do_forwardPorts(FILE *fp); int IsValidIPv6Addr(char* ip_addr_string); #ifdef WAN_FAILOVER_SUPPORTED int checkIfULAEnabled(void); +void applyHotspotPostRoutingRules(FILE *fp); #endif void getIpv6Interfaces(char Interface[MAX_NO_IPV6_INF][MAX_LEN_IPV6_INF], int *len); void prepare_hotspot_gre_ipv6_rule(FILE *filter_fp); diff --git a/source/firewall/firewall_ipv6.c b/source/firewall/firewall_ipv6.c index be0e81d6..de1962d6 100644 --- a/source/firewall/firewall_ipv6.c +++ b/source/firewall/firewall_ipv6.c @@ -2108,22 +2108,53 @@ int checkIfULAEnabled() void applyIpv6ULARules(FILE* fp) { - #ifdef RDKB_EXTENDER_ENABLED + #if defined (RDKB_EXTENDER_ENABLED) if(strlen(current_wan_ipv6[0]) > 0) { - FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ipv6); - - fprintf(fp, "-A POSTROUTING -o %s -j MASQUERADE\n",current_wan_ifname); + FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ipv6); + fprintf(fp, "-A POSTROUTING -o %s -j MASQUERADE\n",current_wan_ifname); } #else + FIREWALL_DEBUG("Applying applyIpv6ULARules \n"); applyRoutingRules(fp,GLOBAL_IPV6); applyRoutingRules(fp,ULA_IPV6); #endif } + +void applyHotspotIpv6PostRoutingRules(FILE *fp) +{ + FIREWALL_DEBUG("60736: Entering applyHotspotIpv6PostRoutingRules \n"); + int rc; + char *pStr = NULL; + errno_t safec_rc = -1; + char hotspot_wan_ifname[32]; + memset(hotspot_wan_ifname,0,sizeof(hotspot_wan_ifname)); + rc = PSM_VALUE_GET_STRING(PSM_HOTSPOT_WAN_IFNAME, pStr); + if(rc == CCSP_SUCCESS && pStr != NULL){ + FIREWALL_DEBUG("HotSpot wan interface fetched \n"); + safec_rc = strcpy_s(hotspot_wan_ifname, sizeof(hotspot_wan_ifname),pStr); + ERR_CHK(safec_rc); + Ansc_FreeMemory_Callback(pStr); + pStr = NULL; + } + FIREWALL_DEBUG(" line:%d current_wan_ifname:%s hotspot_wan_ifname %s \n" COMMA __LINE__ COMMA current_wan_ifname COMMA hotspot_wan_ifname); + memset(current_wan_ip6_addr, 0, sizeof(current_wan_ip6_addr)); + sysevent_get(sysevent_fd, sysevent_token, "tr_brww0_dhcpv6_client_v6addr", current_wan_ip6_addr, sizeof(current_wan_ip6_addr)); + + if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) + { + FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); + fprintf(fp, "-t nat -I POSTROUTING -o %s -j SNAT --to-source %s\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); + fprintf(fp, "-A INPUT -s %s -i %s -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 100/sec -j ACCEPT\n" , current_wan_ip6_addr , current_wan_ifname); + } + FIREWALL_DEBUG("60736: Exiting applyHotspotIpv6PostRoutingRules \n"); +} + #endif void do_ipv6_nat_table(FILE* fp) { + FIREWALL_DEBUG("Entering do_ipv6_nat_table \n"); char IPv6[INET6_ADDRSTRLEN] = "0"; fprintf(fp, "*nat\n"); fprintf(fp, ":%s - [0:0]\n", "prerouting_devices"); @@ -2224,6 +2255,12 @@ void do_ipv6_nat_table(FILE* fp) fprintf(fp, "-A POSTROUTING -o %s -j MASQUERADE\n", current_wan_ifname); #endif + #if defined (WAN_FAILOVER_SUPPORTED) + if (0 == checkIfULAEnabled()) + { + applyHotspotIpv6PostRoutingRules(fp); + } + #endif FIREWALL_DEBUG("Exiting do_ipv6_nat_table \n"); } From bd239f5fa72d65c24e3b48a1b6532d36505dedc1 Mon Sep 17 00:00:00 2001 From: rirfha948 Date: Fri, 5 Sep 2025 11:58:46 +0000 Subject: [PATCH 02/26] RDKB-6079800: IPv6 Support for WiFi Hotspot Reason for change: Added appropriate Firewall changes Test Procedure: - TBD Risks: None Priority: P3 Change-Id: I21e345f281f9db6a3f28ac9f22c9103d1f22f93c Signed-off-by: rirfha948 --- source/firewall/firewall.c | 4 ++-- source/firewall/firewall_ipv6.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index f10e6aee..a30d9060 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -5250,7 +5250,7 @@ static int do_nat_ephemeral(FILE *fp) void applyHotspotPostRoutingRules(FILE *fp) { - FIREWALL_DEBUG("60736: Entering applyHotspotPostRoutingRules \n"); + FIREWALL_DEBUG(" Entering applyHotspotPostRoutingRules \n"); int rc; char *pStr = NULL; errno_t safec_rc = -1; @@ -5270,7 +5270,7 @@ void applyHotspotPostRoutingRules(FILE *fp) { fprintf(fp, "-A postrouting_towan -j MASQUERADE\n"); } - FIREWALL_DEBUG("60736: Exiting applyHotspotPostRoutingRules \n"); + FIREWALL_DEBUG(" Exiting applyHotspotPostRoutingRules \n"); } #if defined(_BWG_PRODUCT_REQ_) diff --git a/source/firewall/firewall_ipv6.c b/source/firewall/firewall_ipv6.c index de1962d6..142ce37f 100644 --- a/source/firewall/firewall_ipv6.c +++ b/source/firewall/firewall_ipv6.c @@ -2124,7 +2124,7 @@ void applyIpv6ULARules(FILE* fp) void applyHotspotIpv6PostRoutingRules(FILE *fp) { - FIREWALL_DEBUG("60736: Entering applyHotspotIpv6PostRoutingRules \n"); + FIREWALL_DEBUG(" Entering applyHotspotIpv6PostRoutingRules \n"); int rc; char *pStr = NULL; errno_t safec_rc = -1; @@ -2148,7 +2148,7 @@ void applyHotspotIpv6PostRoutingRules(FILE *fp) fprintf(fp, "-t nat -I POSTROUTING -o %s -j SNAT --to-source %s\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); fprintf(fp, "-A INPUT -s %s -i %s -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 100/sec -j ACCEPT\n" , current_wan_ip6_addr , current_wan_ifname); } - FIREWALL_DEBUG("60736: Exiting applyHotspotIpv6PostRoutingRules \n"); + FIREWALL_DEBUG(" Exiting applyHotspotIpv6PostRoutingRules \n"); } #endif From f2f202b4f1b1298aa028336b2d3638108768d47c Mon Sep 17 00:00:00 2001 From: Suresh babu Palamangalam Date: Fri, 19 Sep 2025 12:04:48 +0100 Subject: [PATCH 03/26] SHARMAN-1210:Add telemetry support to report FW info from both banks on Hub6 Reason for change: Enable the crontab job entry to execute the FwBankInfo binary on Hub6 Test Procedure: NA Priority:P1 Risks:Low Signed-off-by: Suresh babu Palamangalam --- source/scripts/init/service.d/service_crond.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/scripts/init/service.d/service_crond.sh b/source/scripts/init/service.d/service_crond.sh index cd78c2fa..be1c8493 100755 --- a/source/scripts/init/service.d/service_crond.sh +++ b/source/scripts/init/service.d/service_crond.sh @@ -190,7 +190,7 @@ service_start () addCron "48 * * * * sh /etc/sky/monitor_dhd_dump.sh &" fi - if [ "$BOX_TYPE" != "SR300" ] && [ "$BOX_TYPE" != "SE501" ] && [ "$BOX_TYPE" != "SR213" ] && [ "$BOX_TYPE" != "WNXL11BWL" ] && [ "$BOX_TYPE" != "SCER11BEL" ]; then + if [ "$BOX_TYPE" != "SR300" ] && [ "$BOX_TYPE" != "SE501" ] && [ "$BOX_TYPE" != "WNXL11BWL" ] && [ "$BOX_TYPE" != "SCER11BEL" ]; then #RDKB-43895 log the firmware bank informations in selfheal log echo "5 */12 * * * /usr/bin/FwBankInfo" >> $CRONTAB_FILE fi From 317ac47e56e892901587e20d5ffd5ab54202e4ad Mon Sep 17 00:00:00 2001 From: mkorav871 Date: Sun, 21 Sep 2025 19:36:01 +0530 Subject: [PATCH 04/26] RDKB-61777: [utopia] Code development to remove _64BIT_ARCH_SUPPORT_ macro Reason for change: [COPILOT] remove 64BIT_ARCH_SUPPORT macro from utopia module Test Procedure: No build warning or errors. basic sanity Priority: P1 Risks: Low Change-Id: Ie04210b44a0c874ac17d083153f0ecf76cd880b8 Signed-off-by: mkorav871 --- source/sysevent/lib/sysevent.h | 6 +----- source/sysevent/server/syseventd.h | 7 ++----- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/source/sysevent/lib/sysevent.h b/source/sysevent/lib/sysevent.h index 87d1aa43..56feea9f 100644 --- a/source/sysevent/lib/sysevent.h +++ b/source/sysevent/lib/sysevent.h @@ -93,11 +93,7 @@ extern "C" { * as is commonly done for reading from an fd into a buffer * and then using that buffer as a structure */ -#ifdef _64BIT_ARCH_SUPPORT_ -typedef char se_buffer[SE_MAX_MSG_SIZE+1] __attribute__ ((aligned(8))); -#else -typedef char se_buffer[SE_MAX_MSG_SIZE+1] __attribute__ ((aligned(4))); -#endif +typedef char se_buffer[SE_MAX_MSG_SIZE+1] __attribute__ ((aligned(sizeof(void*)))); /* * Errors diff --git a/source/sysevent/server/syseventd.h b/source/sysevent/server/syseventd.h index 1c68469c..8c126dab 100644 --- a/source/sysevent/server/syseventd.h +++ b/source/sysevent/server/syseventd.h @@ -96,11 +96,8 @@ extern sem_t worker_sem; // e.g Multinet process is taking more time to finish in some of the field units. #define MAX_ACTIVATION_BLOCKING_SECS 300 -#if defined (_64BIT_ARCH_SUPPORT_) -#define WORKER_THREAD_STACK_SIZE 8192*1024 /* the default stack size per process is 8MB */ -#else -#define WORKER_THREAD_STACK_SIZE 65536 -#endif +/* Scale stack size based on pointer size - larger for 64-bit architectures */ +#define WORKER_THREAD_STACK_SIZE (sizeof(void*) == 8 ? 8192*1024 : 65536) #define SANITY_THREAD_STACK_SIZE 65536 From 21eca34566e46c53dfffcbed7186dd4ce0728a65 Mon Sep 17 00:00:00 2001 From: smp960 Date: Wed, 24 Sep 2025 10:23:49 +0000 Subject: [PATCH 05/26] RDKB-61612 : WAN Failover Utility is required in Ethwan mode similar to DOCSIS Reason for change: Enable WAN Failover simulation in EthWAN mode Test Procedure: Set this "Device.X_RDKCENTRAL-COM_EthernetWAN.LinkDown" TR181 param to true for verifying the WAN failover simulation is happening or not when device is in EthWAN mode. Risks: Low Priority: P1 Signed-off-by: Suriyanarayanan_MP@comcast.com --- source/scripts/init/defaults/system_defaults_arm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/scripts/init/defaults/system_defaults_arm b/source/scripts/init/defaults/system_defaults_arm index a3a7ad25..01dc730f 100755 --- a/source/scripts/init/defaults/system_defaults_arm +++ b/source/scripts/init/defaults/system_defaults_arm @@ -1429,6 +1429,9 @@ $DscpSleepInterval_2=0 #Ccsp CMagent Docsis linkdown timeout default value is 900sec $DocsisLinkDownTimeOut=900 +#Ccsp Ethagent EWAN linkdown timeout default value is 900sec +$EWanLinkDownTimeout=900 + #LLDEnable default value is false $LldEnable=false From 57bf6d4e89c940e3b5ca5a18fd6d173cc96fbe0a Mon Sep 17 00:00:00 2001 From: rirfha948 Date: Fri, 5 Sep 2025 11:58:46 +0000 Subject: [PATCH 06/26] RDKB-6079800: IPv6 Support for WiFi Hotspot Reason for change: Added appropriate Firewall changes Test Procedure: - TBD Risks: None Priority: P3 Change-Id: I21e345f281f9db6a3f28ac9f22c9103d1f22f93c Signed-off-by: rirfha948 --- source/firewall/firewall.c | 61 +++++++++++++++++++++------------ source/firewall/firewall.h | 2 ++ source/firewall/firewall_ipv6.c | 35 +++---------------- 3 files changed, 47 insertions(+), 51 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index f10e6aee..e23ef148 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -697,6 +697,7 @@ char current_wan_ip6_addr[128]; bool isDefHttpsPortUsed = FALSE ; int current_wan_ipv6_num = 0; char default_wan_ifname[50]; // name of the regular wan interface +char hotspot_wan_ifname[50]; int rfstatus; /* * For timed internet access rules we use cron @@ -2452,6 +2453,19 @@ static int prepare_globals_from_configuration(void) pStr = NULL; } } + + // Update WIFI hotspot interface name -> from PSM + memset(hotspot_wan_ifname,0,sizeof(hotspot_wan_ifname)); + rc = PSM_VALUE_GET_STRING(PSM_HOTSPOT_WAN_IFNAME, pStr); + if(rc == CCSP_SUCCESS && pStr != NULL){ + FIREWALL_DEBUG("HotSpot wan interface fetched \n"); + safec_rc = strcpy_s(hotspot_wan_ifname, sizeof(hotspot_wan_ifname),pStr); + ERR_CHK(safec_rc); + Ansc_FreeMemory_Callback(pStr); + pStr = NULL; + } + FIREWALL_DEBUG(" line:%d current_wan_ifname:%s hotspot_wan_ifname %s \n" COMMA __LINE__ COMMA current_wan_ifname COMMA hotspot_wan_ifname); + memset(mesh_wan_ipv6addr,0,sizeof(mesh_wan_ipv6addr)); get_ip6address(mesh_wan_ifname, mesh_wan_ipv6addr, &mesh_wan_ipv6_num,IPV6_ADDR_SCOPE_GLOBAL); #endif @@ -5248,29 +5262,35 @@ static int do_nat_ephemeral(FILE *fp) return(0); } -void applyHotspotPostRoutingRules(FILE *fp) +void applyHotspotPostRoutingRules(FILE *fp, bool isIpv4) { - FIREWALL_DEBUG("60736: Entering applyHotspotPostRoutingRules \n"); - int rc; - char *pStr = NULL; - errno_t safec_rc = -1; - char hotspot_wan_ifname[32]; - memset(hotspot_wan_ifname,0,sizeof(hotspot_wan_ifname)); - rc = PSM_VALUE_GET_STRING(PSM_HOTSPOT_WAN_IFNAME, pStr); - if(rc == CCSP_SUCCESS && pStr != NULL){ - FIREWALL_DEBUG("HotSpot wan interface fetched \n"); - safec_rc = strcpy_s(hotspot_wan_ifname, sizeof(hotspot_wan_ifname),pStr); - ERR_CHK(safec_rc); - Ansc_FreeMemory_Callback(pStr); - pStr = NULL; + FIREWALL_DEBUG(" Entering applyHotspotPostRoutingRules \n"); + char sysEventName[256]; + if (isIpv4 == true) + { + if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) + { + FIREWALL_DEBUG("Apply Post Routing Rules for IPv4\n"); + FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ipaddr); + fprintf(fp, "-A postrouting_towan -o %s -j SNAT --to-source %s\n" COMMA current_wan_ifname COMMA current_wan_ipaddr); + } } - FIREWALL_DEBUG(" line:%d current_wan_ifname:%s hotspot_wan_ifname %s \n" COMMA __LINE__ COMMA current_wan_ifname COMMA hotspot_wan_ifname); - - if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) + else { - fprintf(fp, "-A postrouting_towan -j MASQUERADE\n"); + memset(current_wan_ip6_addr, 0, sizeof(current_wan_ip6_addr)); + memset(sysEventName, 0, sizeof(sysEventName)); + snprintf(sysEventName, sizeof(sysEventName),"tr_%s_dhcpv6_client_v6addr", hotspot_wan_ifname); + sysevent_get(sysevent_fd, sysevent_token, sysEventName, current_wan_ip6_addr, sizeof(current_wan_ip6_addr)); + + if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) + { + FIREWALL_DEBUG("Apply Post Routing Rules for IPv6\n"); + FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); + fprintf(fp, "-A POSTROUTING -o %s -j SNAT --to-source %s\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); + } + } - FIREWALL_DEBUG("60736: Exiting applyHotspotPostRoutingRules \n"); + FIREWALL_DEBUG(" Exiting applyHotspotPostRoutingRules \n"); } #if defined(_BWG_PRODUCT_REQ_) @@ -5427,8 +5447,7 @@ static int do_wan_nat_lan_clients(FILE *fp) #else if (0 == checkIfULAEnabled()) { - FIREWALL_DEBUG("Applying applyHotspotPostRoutingRules \n"); - applyHotspotPostRoutingRules(fp); + applyHotspotPostRoutingRules(fp, true); } else { fprintf(fp, "-A postrouting_towan -j SNAT --to-source %s\n", natip4); } diff --git a/source/firewall/firewall.h b/source/firewall/firewall.h index 141e43e6..51ea3d11 100644 --- a/source/firewall/firewall.h +++ b/source/firewall/firewall.h @@ -348,6 +348,8 @@ extern char dev_type[20]; extern char mesh_wan_ifname[32]; #endif +void applyHotspotPostRoutingRules(FILE *fp, bool isIpv4); +extern char hotspot_wan_ifname[32]; extern int current_wan_ipv6_num; extern char default_wan_ifname[50]; // name of the regular wan interface extern char current_wan_ipv6[IF_IPV6ADDR_MAX][40]; diff --git a/source/firewall/firewall_ipv6.c b/source/firewall/firewall_ipv6.c index de1962d6..6501bfb8 100644 --- a/source/firewall/firewall_ipv6.c +++ b/source/firewall/firewall_ipv6.c @@ -1959,6 +1959,10 @@ void do_ipv6_sn_filter(FILE* fp) { fprintf(fp, "-A PREROUTING -i %s -d %s -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 20/sec -j ACCEPT\n", ifnames[i], mcastAddrStr); /* NS Throttling rules for WAN and LAN */ fprintf(fp, "-A PREROUTING -i %s -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 20/sec -j ACCEPT\n", ifnames[i]); + if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) + { + fprintf(fp, "-A INPUT -s %s -i %s -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 100/sec -j ACCEPT\n" , current_wan_ip6_addr , current_wan_ifname); + } fprintf(fp, "-A PREROUTING -i %s -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j DROP\n", ifnames[i]); } @@ -2122,35 +2126,6 @@ void applyIpv6ULARules(FILE* fp) #endif } -void applyHotspotIpv6PostRoutingRules(FILE *fp) -{ - FIREWALL_DEBUG("60736: Entering applyHotspotIpv6PostRoutingRules \n"); - int rc; - char *pStr = NULL; - errno_t safec_rc = -1; - char hotspot_wan_ifname[32]; - memset(hotspot_wan_ifname,0,sizeof(hotspot_wan_ifname)); - rc = PSM_VALUE_GET_STRING(PSM_HOTSPOT_WAN_IFNAME, pStr); - if(rc == CCSP_SUCCESS && pStr != NULL){ - FIREWALL_DEBUG("HotSpot wan interface fetched \n"); - safec_rc = strcpy_s(hotspot_wan_ifname, sizeof(hotspot_wan_ifname),pStr); - ERR_CHK(safec_rc); - Ansc_FreeMemory_Callback(pStr); - pStr = NULL; - } - FIREWALL_DEBUG(" line:%d current_wan_ifname:%s hotspot_wan_ifname %s \n" COMMA __LINE__ COMMA current_wan_ifname COMMA hotspot_wan_ifname); - memset(current_wan_ip6_addr, 0, sizeof(current_wan_ip6_addr)); - sysevent_get(sysevent_fd, sysevent_token, "tr_brww0_dhcpv6_client_v6addr", current_wan_ip6_addr, sizeof(current_wan_ip6_addr)); - - if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) - { - FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); - fprintf(fp, "-t nat -I POSTROUTING -o %s -j SNAT --to-source %s\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); - fprintf(fp, "-A INPUT -s %s -i %s -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 100/sec -j ACCEPT\n" , current_wan_ip6_addr , current_wan_ifname); - } - FIREWALL_DEBUG("60736: Exiting applyHotspotIpv6PostRoutingRules \n"); -} - #endif void do_ipv6_nat_table(FILE* fp) { @@ -2258,7 +2233,7 @@ void do_ipv6_nat_table(FILE* fp) #if defined (WAN_FAILOVER_SUPPORTED) if (0 == checkIfULAEnabled()) { - applyHotspotIpv6PostRoutingRules(fp); + applyHotspotPostRoutingRules(fp, false); } #endif FIREWALL_DEBUG("Exiting do_ipv6_nat_table \n"); From b480b3410be6dc41dc1453bd3c8fca6fa5efbdfe Mon Sep 17 00:00:00 2001 From: rirfha948 Date: Fri, 26 Sep 2025 05:37:43 +0000 Subject: [PATCH 07/26] RDKB-6079800: IPv6 Support for WiFi Hotspot Reason for change: Added appropriate Firewall changes Test Procedure: - TBD Risks: None Priority: P3 Change-Id: I21e345f281f9db6a3f28ac9f22c9103d1f22f93c Signed-off-by: rirfha948 --- source/firewall/firewall.h | 1 - 1 file changed, 1 deletion(-) diff --git a/source/firewall/firewall.h b/source/firewall/firewall.h index 51ea3d11..06e8db29 100644 --- a/source/firewall/firewall.h +++ b/source/firewall/firewall.h @@ -211,7 +211,6 @@ void do_forwardPorts(FILE *fp); int IsValidIPv6Addr(char* ip_addr_string); #ifdef WAN_FAILOVER_SUPPORTED int checkIfULAEnabled(void); -void applyHotspotPostRoutingRules(FILE *fp); #endif void getIpv6Interfaces(char Interface[MAX_NO_IPV6_INF][MAX_LEN_IPV6_INF], int *len); void prepare_hotspot_gre_ipv6_rule(FILE *filter_fp); From 7fc0ea649de6fb302ba75c62dd2c67e340fc4602 Mon Sep 17 00:00:00 2001 From: rirfha948 Date: Fri, 26 Sep 2025 05:37:43 +0000 Subject: [PATCH 08/26] RDKB-6079800: IPv6 Support for WiFi Hotspot Reason for change: Added appropriate Firewall changes Test Procedure: - TBD Risks: None Priority: P3 Change-Id: I21e345f281f9db6a3f28ac9f22c9103d1f22f93c Signed-off-by: rirfha948 --- source/firewall/firewall.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source/firewall/firewall.h b/source/firewall/firewall.h index 51ea3d11..bbfabae5 100644 --- a/source/firewall/firewall.h +++ b/source/firewall/firewall.h @@ -211,7 +211,6 @@ void do_forwardPorts(FILE *fp); int IsValidIPv6Addr(char* ip_addr_string); #ifdef WAN_FAILOVER_SUPPORTED int checkIfULAEnabled(void); -void applyHotspotPostRoutingRules(FILE *fp); #endif void getIpv6Interfaces(char Interface[MAX_NO_IPV6_INF][MAX_LEN_IPV6_INF], int *len); void prepare_hotspot_gre_ipv6_rule(FILE *filter_fp); @@ -349,7 +348,7 @@ extern char mesh_wan_ifname[32]; #endif void applyHotspotPostRoutingRules(FILE *fp, bool isIpv4); -extern char hotspot_wan_ifname[32]; +extern char hotspot_wan_ifname[50]; extern int current_wan_ipv6_num; extern char default_wan_ifname[50]; // name of the regular wan interface extern char current_wan_ipv6[IF_IPV6ADDR_MAX][40]; From ad4f5b0b26fef32342ac3d6011ddd13e38f8dd1c Mon Sep 17 00:00:00 2001 From: smp960 <224775237+suriya-prem@users.noreply.github.com> Date: Mon, 6 Oct 2025 06:09:12 +0000 Subject: [PATCH 09/26] RDKB-61612 : WAN Failover Utility is required in Ethwan mode similar to DOCSIS Reason for change: Enable WAN Failover simulation in EthWAN mode Test Procedure: Set this "Device.X_RDKCENTRAL-COM_EthernetWAN.LinkDown" TR181 param to true for verifying the WAN failover simulation is happening or not when device is in EthWAN mode. Risks: Low Priority: P1 --- source/scripts/init/defaults/system_defaults_arm | 1 - 1 file changed, 1 deletion(-) diff --git a/source/scripts/init/defaults/system_defaults_arm b/source/scripts/init/defaults/system_defaults_arm index 01dc730f..ace916f5 100755 --- a/source/scripts/init/defaults/system_defaults_arm +++ b/source/scripts/init/defaults/system_defaults_arm @@ -1431,7 +1431,6 @@ $DocsisLinkDownTimeOut=900 #Ccsp Ethagent EWAN linkdown timeout default value is 900sec $EWanLinkDownTimeout=900 - #LLDEnable default value is false $LldEnable=false From 064fa249b8c3b0499db5fdc150eace7c838479e9 Mon Sep 17 00:00:00 2001 From: Gowthami K Date: Wed, 10 Sep 2025 18:01:18 +0530 Subject: [PATCH 10/26] XB9-375 : [XB9] Upstream Utopia layer changes Reason for change: Added XB9 model number support in utopia module Test Procedure: Build and verify Risks: None Priority: P1 Signed-off-by: Gowthami Kanthasamy --- source/igd/src/inc/igd_platform_dependent_inf.h | 3 +++ .../service.d/service_dhcp_server/dhcp_server_functions.sh | 2 +- source/scripts/init/system/utopia_init_xb6.sh | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/source/igd/src/inc/igd_platform_dependent_inf.h b/source/igd/src/inc/igd_platform_dependent_inf.h index 380c17b8..97a4c78a 100644 --- a/source/igd/src/inc/igd_platform_dependent_inf.h +++ b/source/igd/src/inc/igd_platform_dependent_inf.h @@ -87,6 +87,9 @@ #elif defined(_XER5_PRODUCT_REQ_) #undef CONFIG_VENDOR_MODEL #define CONFIG_VENDOR_MODEL "VTER11QEL" +#elif defined(_XB9_PRODUCT_REQ_) + #undef CONFIG_VENDOR_MODEL + #define CONFIG_VENDOR_MODEL "CWA438TCOM" #elif defined(_XB10_PRODUCT_REQ_) #undef CONFIG_VENDOR_MODEL #if defined (IGD_SERCOMMXB10_INFO) diff --git a/source/scripts/init/service.d/service_dhcp_server/dhcp_server_functions.sh b/source/scripts/init/service.d/service_dhcp_server/dhcp_server_functions.sh index 40a6bcba..95d6b7ec 100755 --- a/source/scripts/init/service.d/service_dhcp_server/dhcp_server_functions.sh +++ b/source/scripts/init/service.d/service_dhcp_server/dhcp_server_functions.sh @@ -1202,7 +1202,7 @@ fi echo "${PREFIX}""dhcp-option=l2sd0.4090,6,$WAN_DHCP_NS" >> $LOCAL_DHCP_CONF fi - elif [ "$MODEL_NUM" = "CGM4331COM" ] || [ "$MODEL_NUM" = "CGM4981COM" ] || [ "$MODEL_NUM" = "CGM601TCOM" ] || [ "$MODEL_NUM" = "SG417DBCT" ] || [ "$MODEL_NUM" = "TG4482A" ] || [ "$BOX_TYPE" = "WNXL11BWL" ] || [ "$MODEL_NUM" = "CGA4332COM" ] || [ "$BOX_TYPE" = "SCER11BEL" ] || [ "$BOX_TYPE" = "VNTXER5" ]; then + elif [ "$MODEL_NUM" = "CGM4331COM" ] || [ "$MODEL_NUM" = "CGM4981COM" ] || [ "$MODEL_NUM" = "CGM601TCOM" ] || [ "$MODEL_NUM" = "SG417DBCT" ] || [ "$MODEL_NUM" = "CWA438TCOM" ] || [ "$MODEL_NUM" = "TG4482A" ] || [ "$BOX_TYPE" = "WNXL11BWL" ] || [ "$MODEL_NUM" = "CGA4332COM" ] || [ "$BOX_TYPE" = "SCER11BEL" ] || [ "$BOX_TYPE" = "VNTXER5" ]; then echo "interface=brlan112" >> $LOCAL_DHCP_CONF if [ "$BOX_TYPE" = "WNXL11BWL" ]; then echo "dhcp-range=169.254.70.5,169.254.70.253,255.255.255.0,infinite" >> $LOCAL_DHCP_CONF diff --git a/source/scripts/init/system/utopia_init_xb6.sh b/source/scripts/init/system/utopia_init_xb6.sh index d899a82c..f21e3c78 100755 --- a/source/scripts/init/system/utopia_init_xb6.sh +++ b/source/scripts/init/system/utopia_init_xb6.sh @@ -771,7 +771,7 @@ if [ "$FACTORY_RESET_REASON" = "true" ]; then fi syscfg set X_RDKCENTRAL-COM_LastRebootReason "factory-reset" syscfg set X_RDKCENTRAL-COM_LastRebootCounter "1" - if [ "$MODEL_NUM" = "CGM4331COM" ] || [ "$MODEL_NUM" = "CGM4981COM" ] || [ "${MODEL_NUM}" = "CGM601TCOM" ] || [ "${MODEL_NUM}" = "SG417DBCT" ] || [ "$MODEL_NUM" = "CGM4140COM" ] || [ "$MODEL_NUM" = "CGA4332COM" ] || [ "$MODEL_NUM" = "TG4482A" ] || [ "$MODEL_NUM" = "INTEL_PUMA" ]; then + if [ "$MODEL_NUM" = "CGM4331COM" ] || [ "$MODEL_NUM" = "CGM4981COM" ] || [ "${MODEL_NUM}" = "CGM601TCOM" ] || [ "${MODEL_NUM}" = "SG417DBCT" ] || [ "${MODEL_NUM}" = "CWA438TCOM" ] || [ "$MODEL_NUM" = "CGM4140COM" ] || [ "$MODEL_NUM" = "CGA4332COM" ] || [ "$MODEL_NUM" = "TG4482A" ] || [ "$MODEL_NUM" = "INTEL_PUMA" ]; then # Enable AUTOWAN by default for XB7, change is made here so that it will take effect only after FR syscfg set selected_wan_mode "0" fi @@ -783,7 +783,7 @@ if [ "$FACTORY_RESET_REASON" = "true" ]; then #syscfg set X_RDKCENTRAL-COM_LastRebootReason "WPS-Factory-Reset" #syscfg set X_RDKCENTRAL-COM_LastRebootCounter "1" rm -f /nvram/WPS_Factory_Reset - elif ([ "${MODEL_NUM}" = "CGM601TCOM" ] || [ "${MODEL_NUM}" = "SG417DBCT" ] || [ "${MODEL_NUM}" = "CVA601ZCOM" ]) && [ -f /nvram/.image_upgrade_and_FR_done ]; then + elif ([ "${MODEL_NUM}" = "CGM601TCOM" ] || [ "${MODEL_NUM}" = "SG417DBCT" ] || [ "${MODEL_NUM}" = "CWA438TCOM" ] || [ "${MODEL_NUM}" = "CVA601ZCOM" ]) && [ -f /nvram/.image_upgrade_and_FR_done ]; then echo "[utopia][init] Detected last reboot reason as FirmwareDownloadAndFactoryReset" if [ -e "/usr/bin/onboarding_log" ]; then /usr/bin/onboarding_log "[utopia][init] Detected last reboot reason as FirmwareDownloadAndFactoryReset" From 64f30d585b900be3e560e3588be5555842f6c547 Mon Sep 17 00:00:00 2001 From: rirfha948 Date: Fri, 17 Oct 2025 04:27:31 +0000 Subject: [PATCH 11/26] RDKB-6079800: IPv6 Support for WiFi Hotspot Reason for change: Added appropriate Firewall changes Test Procedure: - TBD Risks: None Priority: P3 Change-Id: I21e345f281f9db6a3f28ac9f22c9103d1f22f93c Signed-off-by: rirfha948 --- source/firewall/firewall_ipv6.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/source/firewall/firewall_ipv6.c b/source/firewall/firewall_ipv6.c index 6501bfb8..fb1f7907 100644 --- a/source/firewall/firewall_ipv6.c +++ b/source/firewall/firewall_ipv6.c @@ -2223,19 +2223,25 @@ void do_ipv6_nat_table(FILE* fp) } } #ifdef _PLATFORM_RASPBERRYPI_ - fprintf(fp, "-A POSTROUTING -o %s -j MASQUERADE\n", current_wan_ifname); + if(strncmp(current_wan_ifname, hotspot_wan_ifname, strlen(current_wan_ifname) ) == 0) + { + #if defined (WAN_FAILOVER_SUPPORTED) + if (0 == checkIfULAEnabled()) + { + applyHotspotPostRoutingRules(fp, false); + } + #endif + } + else + { + fprintf(fp, "-A POSTROUTING -o %s -j MASQUERADE\n", current_wan_ifname); + } #endif #ifdef _PLATFORM_BANANAPI_R4_ fprintf(fp, "-A POSTROUTING -o %s -j MASQUERADE\n", current_wan_ifname); #endif - #if defined (WAN_FAILOVER_SUPPORTED) - if (0 == checkIfULAEnabled()) - { - applyHotspotPostRoutingRules(fp, false); - } - #endif FIREWALL_DEBUG("Exiting do_ipv6_nat_table \n"); } From 86278821c1fc53f7276a726294e1cfa72a548686 Mon Sep 17 00:00:00 2001 From: nvenka781 Date: Wed, 22 Oct 2025 20:38:40 +0000 Subject: [PATCH 12/26] Adding rule for handling https keyword filtering --- source/firewall/firewall.c | 46 +++++++++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 0cb72caf..4b9dd1d4 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -9311,9 +9311,49 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c } else if (strncasecmp(method, "KEYWD", 5)==0) { - // consider the case that user input whole url. - if(strstr(query, "://") != 0) { - fprintf(fp, "-A lan2wan_pc_site -m string --string \"%s\" --algo kmp --icase -j %s\n", strstr(query, "://") + 3, drop_log); + const char *keyword = NULL; + char hostStr[] = "Host:"; + int range_max = 1024; //max payload bytes to filter + int range_incr = 64; //byte ranges to filter + + // Extract keyword if user input is a full URL + if (strstr(query, "://") != NULL) { + keyword = strstr(query, "://") + 3; + } else { + keyword = query; + } + + if (keyword == NULL || strlen(keyword) == 0) { + fprintf(stderr, "Warning: Empty keyword, skipping rule generation.\n"); + return(0); + } + + // Create rules for various ranges of payload to filter + int from; + for (from = 0; from < range_max; from += range_incr) { + int to = from + range_incr; + char chainName[64]; + + // Create new chain LOG_SiteBlocked_check_kw__ + snprintf(chainName, sizeof(chainName), "LOG_SiteBlocked_check_kw_%d_%d", from, to); + fprintf(fp, "-N %s\n", chainName); + + // Add rule to jump to private chain if "Host:" is found in this offset range + fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 80 -m string --string \"%s\" --algo kmp --from %d --to %d --icase -j %s\n", + hostStr, from, to, chainName); + + // Add rule to match keyword in private chain within same offset range + fprintf(fp, "-A %s -m string --string \"%s\" --algo kmp --from %d --to %d --icase -j %s\n", + chainName, keyword, from, to, drop_log); + + // Default rule to return if not matched + fprintf(fp, "-A %s -j RETURN\n", chainName); + } + + // Add rule for https filter + fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 443 -m string --string \"%s\" --algo kmp --icase -j %s\n", + keyword, drop_log); + #if defined(_HUB4_PRODUCT_REQ_) || defined (_RDKB_GLOBAL_PRODUCT_REQ_) #if defined (_RDKB_GLOBAL_PRODUCT_REQ_) if( 0 == strncmp( devicePartnerId, "sky-", 4 ) ) From 77fe72633adb46f47963bdfdd5eb6b901e9168a4 Mon Sep 17 00:00:00 2001 From: nvenka781 Date: Wed, 22 Oct 2025 22:07:24 +0000 Subject: [PATCH 13/26] Corrected cherry-pick rebase --- source/firewall/firewall.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 4b9dd1d4..2a7adf26 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -9356,25 +9356,14 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c #if defined(_HUB4_PRODUCT_REQ_) || defined (_RDKB_GLOBAL_PRODUCT_REQ_) #if defined (_RDKB_GLOBAL_PRODUCT_REQ_) - if( 0 == strncmp( devicePartnerId, "sky-", 4 ) ) + if( 0 == strncmp( devicePartnerId, "sky-", 4 ) ) #endif - { - //In Hub4 keyword blocking feature is not working with FORWARD chain rules as CPE (dnsmasq) acts as DNS Proxy. - //Add rules in INPUT chain to resolve this issue. - fprintf(fp, "-I INPUT -i %s -j lan2wan_pc_site \n", lan_ifname); - } -#endif - } else { - fprintf(fp, "-A lan2wan_pc_site -m string --string \"%s\" --algo kmp --icase -j %s\n", query, drop_log); -#if defined(_HUB4_PRODUCT_REQ_) || defined (_RDKB_GLOBAL_PRODUCT_REQ_) -#if defined (_RDKB_GLOBAL_PRODUCT_REQ_) - if( 0 == strncmp( devicePartnerId, "sky-", 4 ) ) -#endif - { - fprintf(fp, "-I INPUT -i %s -j lan2wan_pc_site \n", lan_ifname); - } + { + //In Hub4 keyword blocking feature is not working with FORWARD chain rules as CPE (dnsmasq) acts as DNS Proxy. + //Add rules in INPUT chain to resolve this issue. + fprintf(fp, "-I INPUT -i %s -j lan2wan_pc_site \n", lan_ifname); + } #endif - } } } } From 9715e7f5b7df31507f69a2e29e556b2baf5964d3 Mon Sep 17 00:00:00 2001 From: SanthoshGujulvajagadeesh Date: Thu, 23 Oct 2025 15:55:41 +0530 Subject: [PATCH 14/26] Add CHANGELOG.md for Release 1.2.1 --- CHANGELOG.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ffd1c33..e8d21c57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,14 +4,27 @@ All notable changes to this project will be documented in this file. Dates are d Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). +#### [1.2.1](https://github.com/rdkcentral/utopia/compare/1.2.0...1.2.1) + +- RDKB-61777: [utopia] Code development to remove _64BIT_ARCH_SUPPORT_ macro [`#99`](https://github.com/rdkcentral/utopia/pull/99) +- XB9-429 : Upstream xb9 specific changes to github repo [`#53`](https://github.com/rdkcentral/utopia/pull/53) +- XF10-18 : XF10 Model support in Utopia Scripts [`#73`](https://github.com/rdkcentral/utopia/pull/73) +- RDKCOM-5434: RDKBDEV-3290,RDKBACCL-1052 fynecli connection was not established from remote ubuntu pc via 49153 port [`#47`](https://github.com/rdkcentral/utopia/pull/47) +- Update service_routed.c [`92feb43`](https://github.com/rdkcentral/utopia/commit/92feb43e4b9528b801ada6c7b6c5be286ba9329a) +- Update service_routed.c [`9eedf98`](https://github.com/rdkcentral/utopia/commit/9eedf983fbc74a4701b7e15226f2efea11040e8f) +- XB9-375 : [XB9] Upstream Utopia layer changes [`064fa24`](https://github.com/rdkcentral/utopia/commit/064fa249b8c3b0499db5fdc150eace7c838479e9) + #### [1.2.0](https://github.com/rdkcentral/utopia/compare/1.1.3...1.2.0) +> 9 October 2025 + - Update CODEOWNERS [`#100`](https://github.com/rdkcentral/utopia/pull/100) - Add the XF10 product common flag [`#72`](https://github.com/rdkcentral/utopia/pull/72) - RDKB-59938 : Observing SYSCFG DB stored with junk values [`#61`](https://github.com/rdkcentral/utopia/pull/61) - Deploy fossid_integration_stateless_diffscan_target_repo action [`#93`](https://github.com/rdkcentral/utopia/pull/93) - Update CODEOWNERS [`#81`](https://github.com/rdkcentral/utopia/pull/81) - Deploy cla action [`#82`](https://github.com/rdkcentral/utopia/pull/82) +- Add CHANGELOG.md for Release 1.2.0 [`29800ce`](https://github.com/rdkcentral/utopia/commit/29800ce8221a3251b5bab5fb0b43ded3ff82fab8) #### [1.1.3](https://github.com/rdkcentral/utopia/compare/1.1.2...1.1.3) From 7837da6db83a2336a84b59dbab3903a5d69882c2 Mon Sep 17 00:00:00 2001 From: roushan-tel Date: Mon, 27 Oct 2025 17:43:50 +0530 Subject: [PATCH 15/26] RDKB-62232: Syntax error in /etc/utopia/service.d/service_ntpd.sh RDKB-62232: Syntax error in /etc/utopia/service.d/service_ntpd.sh Reason for change: Syntax error in /etc/utopia/service.d/service_ntpd.sh Test Procedure: systemctl status ntpd Risks: Low Priority: P0 --- source/scripts/init/service.d/service_ntpd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/scripts/init/service.d/service_ntpd.sh b/source/scripts/init/service.d/service_ntpd.sh index 68167f87..6e68b819 100644 --- a/source/scripts/init/service.d/service_ntpd.sh +++ b/source/scripts/init/service.d/service_ntpd.sh @@ -550,7 +550,7 @@ service_start () fi #if [ -n "$QUICK_SYNC_WAN_IP" ]; then if [ -n "$PEER_INTERFACE_IP" ]; then - if [ "$BOX_TYPE" != "HUB4" ] && [ "$BOX_TYPE" != "SR300" ] && [ "$BOX_TYPE" != "SE501" ] && [ "$BOX_TYPE" != "SR213" ] && [ "$BOX_TYPE" != "WNXL11BWL" ] && [ "$NTPD_IMMED_PEER_SYNC" != "true" ] && [ "$BOX_TYPE" != "SCER11BEL" ] || && [ "$BOX_TYPE" != "SCXF11BFL" ]; then + if [ "$BOX_TYPE" != "HUB4" ] && [ "$BOX_TYPE" != "SR300" ] && [ "$BOX_TYPE" != "SE501" ] && [ "$BOX_TYPE" != "SR213" ] && [ "$BOX_TYPE" != "WNXL11BWL" ] && [ "$NTPD_IMMED_PEER_SYNC" != "true" ] && [ "$BOX_TYPE" != "SCER11BEL" ] && [ "$BOX_TYPE" != "SCXF11BFL" ]; then if [ -z "$SOURCE_PING_INTF" ]; then MASK="255.255.255.0" else From 71f62ac3e8601aaa4bb3147488bd40d49c127dfc Mon Sep 17 00:00:00 2001 From: roushan-tel Date: Mon, 27 Oct 2025 17:43:50 +0530 Subject: [PATCH 16/26] RDKB-62232: Syntax error in /etc/utopia/service.d/service_ntpd.sh RDKB-62232: Syntax error in /etc/utopia/service.d/service_ntpd.sh Reason for change: Syntax error in /etc/utopia/service.d/service_ntpd.sh Test Procedure: systemctl status ntpd Risks: Low Priority: P0 (cherry picked from commit 7837da6db83a2336a84b59dbab3903a5d69882c2) --- source/scripts/init/service.d/service_ntpd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/scripts/init/service.d/service_ntpd.sh b/source/scripts/init/service.d/service_ntpd.sh index 68167f87..6e68b819 100644 --- a/source/scripts/init/service.d/service_ntpd.sh +++ b/source/scripts/init/service.d/service_ntpd.sh @@ -550,7 +550,7 @@ service_start () fi #if [ -n "$QUICK_SYNC_WAN_IP" ]; then if [ -n "$PEER_INTERFACE_IP" ]; then - if [ "$BOX_TYPE" != "HUB4" ] && [ "$BOX_TYPE" != "SR300" ] && [ "$BOX_TYPE" != "SE501" ] && [ "$BOX_TYPE" != "SR213" ] && [ "$BOX_TYPE" != "WNXL11BWL" ] && [ "$NTPD_IMMED_PEER_SYNC" != "true" ] && [ "$BOX_TYPE" != "SCER11BEL" ] || && [ "$BOX_TYPE" != "SCXF11BFL" ]; then + if [ "$BOX_TYPE" != "HUB4" ] && [ "$BOX_TYPE" != "SR300" ] && [ "$BOX_TYPE" != "SE501" ] && [ "$BOX_TYPE" != "SR213" ] && [ "$BOX_TYPE" != "WNXL11BWL" ] && [ "$NTPD_IMMED_PEER_SYNC" != "true" ] && [ "$BOX_TYPE" != "SCER11BEL" ] && [ "$BOX_TYPE" != "SCXF11BFL" ]; then if [ -z "$SOURCE_PING_INTF" ]; then MASK="255.255.255.0" else From d1013350a35701126277638f15726ada20e84ad9 Mon Sep 17 00:00:00 2001 From: SanthoshGujulvajagadeesh Date: Tue, 28 Oct 2025 14:04:50 +0530 Subject: [PATCH 17/26] Add CHANGELOG.md for hotfix 1.2.2 --- CHANGELOG.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8d21c57..940f33ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,15 +4,21 @@ All notable changes to this project will be documented in this file. Dates are d Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). +#### [1.2.2](https://github.com/rdkcentral/utopia/compare/1.2.1...1.2.2) + +- RDKB-62232: Syntax error in /etc/utopia/service.d/service_ntpd.sh [`71f62ac`](https://github.com/rdkcentral/utopia/commit/71f62ac3e8601aaa4bb3147488bd40d49c127dfc) + #### [1.2.1](https://github.com/rdkcentral/utopia/compare/1.2.0...1.2.1) +> 23 October 2025 + - RDKB-61777: [utopia] Code development to remove _64BIT_ARCH_SUPPORT_ macro [`#99`](https://github.com/rdkcentral/utopia/pull/99) - XB9-429 : Upstream xb9 specific changes to github repo [`#53`](https://github.com/rdkcentral/utopia/pull/53) - XF10-18 : XF10 Model support in Utopia Scripts [`#73`](https://github.com/rdkcentral/utopia/pull/73) - RDKCOM-5434: RDKBDEV-3290,RDKBACCL-1052 fynecli connection was not established from remote ubuntu pc via 49153 port [`#47`](https://github.com/rdkcentral/utopia/pull/47) - Update service_routed.c [`92feb43`](https://github.com/rdkcentral/utopia/commit/92feb43e4b9528b801ada6c7b6c5be286ba9329a) - Update service_routed.c [`9eedf98`](https://github.com/rdkcentral/utopia/commit/9eedf983fbc74a4701b7e15226f2efea11040e8f) -- XB9-375 : [XB9] Upstream Utopia layer changes [`064fa24`](https://github.com/rdkcentral/utopia/commit/064fa249b8c3b0499db5fdc150eace7c838479e9) +- Add CHANGELOG.md for Release 1.2.1 [`9715e7f`](https://github.com/rdkcentral/utopia/commit/9715e7f5b7df31507f69a2e29e556b2baf5964d3) #### [1.2.0](https://github.com/rdkcentral/utopia/compare/1.1.3...1.2.0) From 015405e1fb33219115a51f5ebcdd1ac4fe545416 Mon Sep 17 00:00:00 2001 From: nvenka781 Date: Wed, 29 Oct 2025 04:46:27 +0000 Subject: [PATCH 18/26] Change add new chain to iptables-save file format --- source/firewall/firewall.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 2a7adf26..8bb56285 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -9312,15 +9312,14 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c else if (strncasecmp(method, "KEYWD", 5)==0) { const char *keyword = NULL; - char hostStr[] = "Host:"; int range_max = 1024; //max payload bytes to filter - int range_incr = 64; //byte ranges to filter + int range_multiplier = 2; // Extract keyword if user input is a full URL if (strstr(query, "://") != NULL) { keyword = strstr(query, "://") + 3; } else { - keyword = query; + keyword = query; } if (keyword == NULL || strlen(keyword) == 0) { @@ -9329,18 +9328,18 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c } // Create rules for various ranges of payload to filter - int from; - for (from = 0; from < range_max; from += range_incr) { - int to = from + range_incr; - char chainName[64]; + int from,to; + for ( from = 0, to = 64; from < range_max; from = to, to *= range_multiplier ) + { + char chainName[30]; // linux chainname length is max 29 chars - // Create new chain LOG_SiteBlocked_check_kw__ - snprintf(chainName, sizeof(chainName), "LOG_SiteBlocked_check_kw_%d_%d", from, to); - fprintf(fp, "-N %s\n", chainName); + // Create new chain + snprintf(chainName, sizeof(chainName), "LOG_SiteBlk_KW_%d_%d", from, to); + fprintf(fp, ":%s - [0:0]\n", chainName); // Add rule to jump to private chain if "Host:" is found in this offset range - fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 80 -m string --string \"%s\" --algo kmp --from %d --to %d --icase -j %s\n", - hostStr, from, to, chainName); + fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 80 -m string --string \"Host:\" --algo kmp --from %d --to %d --icase -j %s\n", + from, to, chainName); // Add rule to match keyword in private chain within same offset range fprintf(fp, "-A %s -m string --string \"%s\" --algo kmp --from %d --to %d --icase -j %s\n", @@ -9358,11 +9357,11 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c #if defined (_RDKB_GLOBAL_PRODUCT_REQ_) if( 0 == strncmp( devicePartnerId, "sky-", 4 ) ) #endif - { + { //In Hub4 keyword blocking feature is not working with FORWARD chain rules as CPE (dnsmasq) acts as DNS Proxy. //Add rules in INPUT chain to resolve this issue. fprintf(fp, "-I INPUT -i %s -j lan2wan_pc_site \n", lan_ifname); - } + } #endif } } From f56857d00b72d0268b63818c29527aae9c26a9b8 Mon Sep 17 00:00:00 2001 From: nvenka781 Date: Wed, 29 Oct 2025 05:01:01 +0000 Subject: [PATCH 19/26] Corrected chainname initializer --- source/firewall/firewall.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 8bb56285..01d179ce 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -9329,9 +9329,9 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c // Create rules for various ranges of payload to filter int from,to; - for ( from = 0, to = 64; from < range_max; from = to, to *= range_multiplier ) + for (from = 0, to = 64; from < range_max; from = to, to = (to * range_multiplier > range_max) ? range_max : to * range_multiplier) { - char chainName[30]; // linux chainname length is max 29 chars + char chainName[30] = {'\0'}; // linux chainname length is max 29 chars // Create new chain snprintf(chainName, sizeof(chainName), "LOG_SiteBlk_KW_%d_%d", from, to); From 1033dd0541953eb3dd671bb3a99d5d4430f7a0a7 Mon Sep 17 00:00:00 2001 From: nvenka781 Date: Wed, 29 Oct 2025 05:05:51 +0000 Subject: [PATCH 20/26] Fixed snprintf %d directive length issue --- source/firewall/firewall.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 01d179ce..4e8a2463 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -9331,9 +9331,10 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c int from,to; for (from = 0, to = 64; from < range_max; from = to, to = (to * range_multiplier > range_max) ? range_max : to * range_multiplier) { - char chainName[30] = {'\0'}; // linux chainname length is max 29 chars + char chainName[64] = {'\0'}; // Create new chain + // linux iptables chainname length is max 29 chars snprintf(chainName, sizeof(chainName), "LOG_SiteBlk_KW_%d_%d", from, to); fprintf(fp, ":%s - [0:0]\n", chainName); From 04d5da34148680adce639b27d63f790a5438832a Mon Sep 17 00:00:00 2001 From: rirfha948 Date: Thu, 30 Oct 2025 06:24:24 +0000 Subject: [PATCH 21/26] Presence Notification --- source/firewall/firewall.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index d3b8fe1d..c7181ea4 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -5288,7 +5288,7 @@ void applyHotspotPostRoutingRules(FILE *fp, bool isIpv4) { FIREWALL_DEBUG("Apply Post Routing Rules for IPv4\n"); FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ipaddr); - fprintf(fp, "-A postrouting_towan -o %s -j SNAT --to-source %s\n" COMMA current_wan_ifname COMMA current_wan_ipaddr); + fprintf(fp, "-A postrouting_towan -o %s -j SNAT --to-source %s\n" , current_wan_ifname, current_wan_ipaddr); } } else @@ -5302,7 +5302,7 @@ void applyHotspotPostRoutingRules(FILE *fp, bool isIpv4) { FIREWALL_DEBUG("Apply Post Routing Rules for IPv6\n"); FIREWALL_DEBUG("Source natting all traffic on %s interface to %s address\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); - fprintf(fp, "-A POSTROUTING -o %s -j SNAT --to-source %s\n" COMMA current_wan_ifname COMMA current_wan_ip6_addr); + fprintf(fp, "-A POSTROUTING -o %s -j SNAT --to-source %s\n", current_wan_ifname, current_wan_ip6_addr); } } @@ -5461,12 +5461,14 @@ static int do_wan_nat_lan_clients(FILE *fp) #ifdef RDKB_EXTENDER_ENABLED fprintf(fp, "-A postrouting_towan -j MASQUERADE\n"); #else + #ifdef WAN_FAILOVER_SUPPORTED if (0 == checkIfULAEnabled()) { applyHotspotPostRoutingRules(fp, true); } else { fprintf(fp, "-A postrouting_towan -j SNAT --to-source %s\n", natip4); } + #endif #endif #if defined (FEATURE_MAPT) || defined (FEATURE_SUPPORT_MAPT_NAT46) } From 497e06f90837201fa938b74a974a777b90d8b4e5 Mon Sep 17 00:00:00 2001 From: srasu759 Date: Thu, 30 Oct 2025 07:19:58 +0000 Subject: [PATCH 22/26] XER10-1687-Observing intermittent ovsh crash Reason for change: Not connecting properly to the CMS / NVRAM communication bus properly due to PID issues Reducing the max_pid to 32k. --- source/scripts/init/system/utopia_init.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source/scripts/init/system/utopia_init.sh b/source/scripts/init/system/utopia_init.sh index fca35332..07a306df 100755 --- a/source/scripts/init/system/utopia_init.sh +++ b/source/scripts/init/system/utopia_init.sh @@ -855,3 +855,7 @@ fi if [ "$BOX_TYPE" = "SCER11BEL" ] || [ "$MODEL_NUM" = "SCXF11BFL" ]; then /etc/reset_reason_log.sh & fi + +if [ "$BOX_TYPE" = "SCER11BEL" ]; then + sysctl -w kernel.pid_max=32768 +fi From 03425756b437ce58e18bd397853a084a90310344 Mon Sep 17 00:00:00 2001 From: srasu759 Date: Mon, 3 Nov 2025 07:39:12 +0000 Subject: [PATCH 23/26] revert of kernel_pid.max val set from utopia_init.sh file --- source/scripts/init/system/utopia_init.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/source/scripts/init/system/utopia_init.sh b/source/scripts/init/system/utopia_init.sh index 07a306df..fca35332 100755 --- a/source/scripts/init/system/utopia_init.sh +++ b/source/scripts/init/system/utopia_init.sh @@ -855,7 +855,3 @@ fi if [ "$BOX_TYPE" = "SCER11BEL" ] || [ "$MODEL_NUM" = "SCXF11BFL" ]; then /etc/reset_reason_log.sh & fi - -if [ "$BOX_TYPE" = "SCER11BEL" ]; then - sysctl -w kernel.pid_max=32768 -fi From f7b2573bc544385dc5aa2165405afabda0990c33 Mon Sep 17 00:00:00 2001 From: Yashwaanth S V Date: Tue, 4 Nov 2025 11:51:02 +0000 Subject: [PATCH 24/26] XB10-2198: SYS_SH_dnsmasq_restart is continuous with 8.2p5s1 upgrade Reason for change: Syseventd crash happened due to incorrect FD value, Adding check to avoid invalid FD's. Test Procedure: systemd crash should not be seen. Risks: High Priority: P1 Signed-off-by: Yashwaanth S V --- source/sysevent/server/worker_threads.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source/sysevent/server/worker_threads.c b/source/sysevent/server/worker_threads.c index c5b58094..d3165ef1 100644 --- a/source/sysevent/server/worker_threads.c +++ b/source/sysevent/server/worker_threads.c @@ -2950,6 +2950,10 @@ static int handle_message_from_trigger_thread(int fd) return(rc); } +static int is_valid_fd(int fd) +{ + return fd >= 0 && fcntl(fd, F_GETFD) != -1; +} /* * Procedure : worker_thread_main * Purpose : Thread start routine for worker @@ -3021,9 +3025,9 @@ void *worker_thread_main(void *arg) if ((global_clients.clients)[i].used) { int cur_fd; cur_fd = (global_clients.clients)[i].fd; - if (-1 == cur_fd) { + if (0 == is_valid_fd(cur_fd)) { SE_INC_LOG(ERROR, - printf("main select got used client with a bad fd. Ignoring\n"); + printf("Thread id %d line %d main select got used client with a bad fd. Ignoring cur_fd = %d\n",thread_get_id(worker_data_key), __LINE__, cur_fd); ) incr_stat_info(STAT_WORKER_MAIN_SELECT_BAD_FD); } else { From f098983d0ae5480baa788dda25a8b8676004cfc2 Mon Sep 17 00:00:00 2001 From: SanthoshGujulvajagadeesh Date: Thu, 6 Nov 2025 12:29:45 +0530 Subject: [PATCH 25/26] Add CHANGELOG.md for Release 1.3.0 --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 940f33ba..def893ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,25 @@ All notable changes to this project will be documented in this file. Dates are d Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). +#### [1.3.0](https://github.com/rdkcentral/utopia/compare/1.2.2...1.3.0) + +- XB10-2198: SYS_SH_dnsmasq_restart is continuous with 8.2p5s1 upgrade [`#119`](https://github.com/rdkcentral/utopia/pull/119) +- revert of kernel_pid.max val set from utopia_init.sh file [`#117`](https://github.com/rdkcentral/utopia/pull/117) +- RDKB-60798-IPv6 Support for WiFi Hotspot [`#115`](https://github.com/rdkcentral/utopia/pull/115) +- XER10-1687-Observing intermittent ovsh crash [`#114`](https://github.com/rdkcentral/utopia/pull/114) +- RDKB-61612 : WAN Failover Utility is required in Ethwan mode similar to DOCSIS [`#97`](https://github.com/rdkcentral/utopia/pull/97) +- RDKB-62232: Syntax error in /etc/utopia/service.d/service_ntpd.sh [`#111`](https://github.com/rdkcentral/utopia/pull/111) +- SHARMAN-1210:Add telemetry support to report FW info from both banks [`#70`](https://github.com/rdkcentral/utopia/pull/70) +- IPv6 support for WIFI hotspot [`#52`](https://github.com/rdkcentral/utopia/pull/52) +- Presence Notification [`04d5da3`](https://github.com/rdkcentral/utopia/commit/04d5da34148680adce639b27d63f790a5438832a) +- Merge tag '1.2.2' into develop [`3b14a92`](https://github.com/rdkcentral/utopia/commit/3b14a92d8a532ec9e34064eb5b0ddc861fe1c88f) +- Merge tag '1.2.1' into develop [`d652c3a`](https://github.com/rdkcentral/utopia/commit/d652c3a4266e78d843c330383c334f79a3e051ea) + #### [1.2.2](https://github.com/rdkcentral/utopia/compare/1.2.1...1.2.2) +> 28 October 2025 + +- Add CHANGELOG.md for hotfix 1.2.2 [`d101335`](https://github.com/rdkcentral/utopia/commit/d1013350a35701126277638f15726ada20e84ad9) - RDKB-62232: Syntax error in /etc/utopia/service.d/service_ntpd.sh [`71f62ac`](https://github.com/rdkcentral/utopia/commit/71f62ac3e8601aaa4bb3147488bd40d49c127dfc) #### [1.2.1](https://github.com/rdkcentral/utopia/compare/1.2.0...1.2.1) From 5bba90a759d397da82d14117fd708a3fa39a73a0 Mon Sep 17 00:00:00 2001 From: abhishek-kumaracee2 Date: Fri, 7 Nov 2025 00:10:43 -0500 Subject: [PATCH 26/26] TCXB8-3706 : SYS_SH_Syseventd_restart marker (#116) Reason for change: syseventd must not be started, even if sysevent_open() fails Test Procedure: refer to jira Risks: Low Priority:P1 Signed-off-by: abhishek_kumaracee2@comcast.com Signed-off-by: abhishek_kumaracee2@comcast.com --- source/scripts/init/service.d/pmon.sh | 4 ++-- source/sysevent/server/syseventd_main.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/source/scripts/init/service.d/pmon.sh b/source/scripts/init/service.d/pmon.sh index 8f8852f5..6674c713 100755 --- a/source/scripts/init/service.d/pmon.sh +++ b/source/scripts/init/service.d/pmon.sh @@ -93,8 +93,8 @@ do_check_process() { LOCAL_CONF_FILE=/tmp/pmon.conf$$ - # Add static pmon entries - echo "syseventd /var/run/syseventd.pid /etc/utopia/service.d/syseventd_restart.sh" > $LOCAL_CONF_FILE + # Add static pmon entries - commented-out below line - selfheal takes care of it. + # echo "syseventd /var/run/syseventd.pid /etc/utopia/service.d/syseventd_restart.sh" > $LOCAL_CONF_FILE # Add dynamic pmon entries stashed in sysevent # by various modules diff --git a/source/sysevent/server/syseventd_main.c b/source/sysevent/server/syseventd_main.c index 4cc1c071..08e2fabf 100644 --- a/source/sysevent/server/syseventd_main.c +++ b/source/sysevent/server/syseventd_main.c @@ -1388,6 +1388,8 @@ int main (int argc, char **argv) clilen = sizeof(cli_addr); int rc = select(maxfd, &rd_set, NULL, NULL, NULL); if (-1 == rc) { + // stop hogging processor in case of error + sleep(1); continue; }