Skip to content

Rebase #150

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
NareshM1702 merged 6 commits into from
Dec 11, 2025
Merged

Rebase #150

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1b0dd0b
Add changelog for release 1.4.0
bunnam988 Dec 4, 2025
d119fdd
Merge branch 'release/1.4.0'
bunnam988 Dec 4, 2025
e7e3d74
Merge tag '1.4.0' into develop
bunnam988 Dec 4, 2025
e330fcb
RDKB-61944 : [Coverity] Various issues in utopia - part2 (#137)
abhishek-kumaracee2 Dec 4, 2025
2f7edab
RDKCOM-5473: RDKBACCL-1248 rdkb-cli connection was not established fr…
kpandu987 Dec 10, 2025
24d7904
[RDKB-62642] Parental control is not working as expected - iptables b…
nvenka781 Dec 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,30 @@ All notable changes to this project will be documented in this file. Dates are d

Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).

#### [1.4.0](https://github.com/rdkcentral/utopia/compare/1.3.1...1.4.0)

- RDKB-61489: {Ignite} Router advertisement packet has been dropped via firewall at runtime. [`#139`](https://github.com/rdkcentral/utopia/pull/139)
- RDKB-62206 - Rename NTP Telemetry Marker [`#133`](https://github.com/rdkcentral/utopia/pull/133)
- IPV6 hotspot support for ETHWAN mode and Other Platform [`#124`](https://github.com/rdkcentral/utopia/pull/124)
- RDKB-61914: XB,XLE and Client online in NOC and connected to each oth… [`#123`](https://github.com/rdkcentral/utopia/pull/123)
- RDKCOM-5465: RDKBDEV-3294 Fix open port 21515 by default on unexpected interfaces. [`#98`](https://github.com/rdkcentral/utopia/pull/98)
- RDKB-61944 : [Coverity] Various issues in utopia component [`#132`](https://github.com/rdkcentral/utopia/pull/132)
- RDKB-6079800: IPv6 Support for WiFi Hotspot [`8ea42bb`](https://github.com/rdkcentral/utopia/commit/8ea42bb4ab7b4f5a5abbcdedf50102411689db09)
- RDKB-6079800: IPv6 Support for WiFi Hotspot [`53f7e13`](https://github.com/rdkcentral/utopia/commit/53f7e13cf295b1d6af7c711fc8a13f0297e4d30c)
- RDKB-61914: XB,XLE and Client online in NOC and connected to each other without internet [`5c19b83`](https://github.com/rdkcentral/utopia/commit/5c19b839ff2fbad226e51792e68edc984e0e88d3)

#### [1.3.1](https://github.com/rdkcentral/utopia/compare/1.3.0...1.3.1)

> 20 November 2025

- CBR2-2216:Observing SYS_SH_Zebra_restart marker during stability testing [`#129`](https://github.com/rdkcentral/utopia/pull/129)
- RDKCOM-5457: RDKBDEV-3301 Bringup of Utopia on QCOM Platform [`#94`](https://github.com/rdkcentral/utopia/pull/94)
- XB9-668 : Upstream xb9 specific changes to github repo [`#118`](https://github.com/rdkcentral/utopia/pull/118)
- TCXB8-3707: Parental Controls blocks false positives [`#107`](https://github.com/rdkcentral/utopia/pull/107)
- TCXB8-3706 : SYS_SH_Syseventd_restart marker [`#116`](https://github.com/rdkcentral/utopia/pull/116)
- RDKB-777777: Debugging the lan-status is not set to started issue [`11c8f66`](https://github.com/rdkcentral/utopia/commit/11c8f66d7acc6364737efddb85fc62394c40e2fb)
- Merge tag '1.3.0' into develop [`c866914`](https://github.com/rdkcentral/utopia/commit/c86691486474e6156fd8243cd55299fa778021e9)
- Adding rule for handling https keyword filtering [`8627882`](https://github.com/rdkcentral/utopia/commit/86278821c1fc53f7276a726294e1cfa72a548686)
- Description : Bringup of IPQ Platforms [`99e8eaf`](https://github.com/rdkcentral/utopia/commit/99e8eafe797929860af24ee64a2f8570943a3bad)
- RDKB-777777: Debugging the lan-status is not set to started issue [`11c8f66`](https://github.com/rdkcentral/utopia/commit/11c8f66d7acc6364737efddb85fc62394c40e2fb)

#### [1.3.0](https://github.com/rdkcentral/utopia/compare/1.2.2...1.3.0)

Expand Down
33 changes: 23 additions & 10 deletions source/firewall/firewall.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* If not stated otherwise in this file or this component's Licenses.txt file the

Check failure on line 2 in source/firewall/firewall.c

View workflow job for this annotation

GitHub Actions / call-fossid-workflow / Fossid Annotate PR

FossID License Issue Detected 

Source code with 'BSD-3-Clause' license found in local file 'source/firewall/firewall.c' (Match: rdkb/components/opensource/ccsp/Utopia/rdkb/components/opensource/ccsp/Utopia/1812, 13251 lines, url: https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+archive/rdk-dev-1812.tar.gz, file: source/firewall/firewall.c)

Check failure on line 2 in source/firewall/firewall.c

View workflow job for this annotation

GitHub Actions / call-fossid-workflow / Fossid Annotate PR

FossID License Issue Detected 

Source code with 'BSD-3-Clause' license found in local file 'source/firewall/firewall.c' (Match: rdkb/components/opensource/ccsp/Utopia/rdkb/components/opensource/ccsp/Utopia/fc67ea3, 13311 lines, url: https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+archive/fc67ea3f18571960905f44f7118bbc957f4094cc.tar.gz, file: source/firewall/firewall.c)

Check failure on line 2 in source/firewall/firewall.c

View workflow job for this annotation

GitHub Actions / call-fossid-workflow / Fossid Annotate PR

FossID License Issue Detected 

Source code with 'BSD-Intel' license found in local file 'source/firewall/firewall.c' (Match: rdkb/components/opensource/ccsp/Utopia/rdkb/components/opensource/ccsp/Utopia/1, 13311 lines, url: https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+archive/RDKB-TEST-RELEASE-1.tar.gz, file: source/firewall/firewall.c)

Check failure on line 2 in source/firewall/firewall.c

View workflow job for this annotation

GitHub Actions / call-fossid-workflow / Fossid Annotate PR

FossID License Issue Detected 

Source code with 'BSD-Intel' license found in local file 'source/firewall/firewall.c' (Match: rdkb/components/opensource/ccsp/Utopia/rdkb/components/opensource/ccsp/Utopia/1, 13311 lines, url: https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+archive/RDKB-RELEASE-TEST-DUNFELL-1.tar.gz, file: source/firewall/firewall.c)
* following copyright and licenses apply:
*
* Copyright 2015 RDK Management
Expand Down Expand Up @@ -8958,6 +8958,7 @@
return(0);
}

#define MAX_DEV_8K 8192
devMacSt * getPcmdList(int *devCount)
{
int count = 0;
Expand All @@ -8984,9 +8985,10 @@
FIREWALL_DEBUG("invalid data\n");
break;
}
if (numDev < INT_MIN || numDev > INT_MAX)

if(numDev < 0 || numDev > MAX_DEV_8K)
{
FIREWALL_DEBUG("invalid integer\n");
FIREWALL_DEBUG("value out of range\n");
break;
}

Expand Down Expand Up @@ -9192,6 +9194,7 @@
ruleIndex += do_parcon_mgmt_lan2wan_pc_site_appendrule(fp);
#endif

bool keywd_chains_exists = false;
for (idx = 1; idx <= count; idx++)
{
char namespace[MAX_QUERY];
Expand Down Expand Up @@ -9397,6 +9400,7 @@
int range_max = 1024; //max payload bytes to filter
int range_multiplier = 2;

FIREWALL_DEBUG("adding rules for KEYWD\n");
// Extract keyword if user input is a full URL
if (strstr(query, "://") != NULL) {
keyword = strstr(query, "://") + 3;
Expand All @@ -9413,25 +9417,33 @@
int from,to;
for (from = 0, to = 64; from < range_max; from = to, to = (to * range_multiplier > range_max) ? range_max : to * range_multiplier)
{
char chainName[64] = {'\0'};
char chain_name[64] = {'\0'};

// Create new chain
// Create new chain only for first keyword
// linux iptables chainname length is max 29 chars
snprintf(chainName, sizeof(chainName), "LOG_SiteBlk_KW_%d_%d", from, to);
fprintf(fp, ":%s - [0:0]\n", chainName);
snprintf(chain_name, sizeof(chain_name), "LOG_SiteBlk_KW_%d_%d", from, to);

// Private chain per range is created only once
if (keywd_chains_exists == false) {
// create new chain
fprintf(fp, ":%s - [0:0]\n", chain_name);
}

// Add rule to jump to private chain if "Host:" is found in this offset range
fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 80 -m string --string \"Host:\" --algo kmp --from %d --to %d --icase -j %s\n",
from, to, chainName);
from, to, chain_name);

// Add rule to match keyword in private chain within same offset range
fprintf(fp, "-A %s -m string --string \"%s\" --algo kmp --from %d --to %d --icase -j %s\n",
chainName, keyword, from, to, drop_log);
chain_name, keyword, from, to, drop_log);

// Default rule to return if not matched
fprintf(fp, "-A %s -j RETURN\n", chainName);
fprintf(fp, "-A %s -j RETURN\n", chain_name);
}

// set keywd chains created
keywd_chains_exists = true;

// Add rule for https filter
fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 443 -m string --string \"%s\" --algo kmp --icase -j %s\n",
keyword, drop_log);
Expand Down Expand Up @@ -13241,7 +13253,8 @@
fprintf(filter_fp, "-A INPUT ! -i brlan0 -p tcp -m tcp --dport 49152:49153 -j DROP\n");
/* For EasyMesh Controller Communication */
#if defined(_PLATFORM_BANANAPI_R4_)
fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 49153 -j ACCEPT\n",get_current_wan_ifname());
fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 49153 -j ACCEPT\n", get_current_wan_ifname());
fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 8888 -j ACCEPT\n", get_current_wan_ifname());
#endif
fprintf(filter_fp, "-A INPUT ! -i brlan0 -p udp -m udp --dport 1900 -j DROP\n");
fprintf(filter_fp, "-I INPUT ! -i brlan0 -p tcp -m tcp --dport 21515 -j DROP\n");
Expand Down
7 changes: 5 additions & 2 deletions source/scripts/init/src/apply_system_defaults/apply_system_defaults.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,11 +133,14 @@ static inline void create_file_644(const char *path)
int fd = open(path,
O_WRONLY | O_CREAT | O_TRUNC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (fd == -1)
if (fd >= 0)
{
close(fd);
}
else
{
perror("open failed");
}
close(fd);
}

static char *trim (char *in)
Expand Down
8 changes: 8 additions & 0 deletions source/utapi/lib/utapi.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* If not stated otherwise in this file or this component's Licenses.txt file the

Check failure on line 2 in source/utapi/lib/utapi.c

View workflow job for this annotation

GitHub Actions / call-fossid-workflow / Fossid Annotate PR

FossID License Issue Detected 

Source code with 'BSD-Intel' license found in local file 'source/utapi/lib/utapi.c' (Match: rdkb/components/opensource/ccsp/Utopia/rdkb/components/opensource/ccsp/Utopia/1, 7519 lines, url: https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+archive/RDKB-TEST-RELEASE-1.tar.gz, file: source/utapi/lib/utapi.c)

Check failure on line 2 in source/utapi/lib/utapi.c

View workflow job for this annotation

GitHub Actions / call-fossid-workflow / Fossid Annotate PR

FossID License Issue Detected 

Source code with 'BSD-Intel' license found in local file 'source/utapi/lib/utapi.c' (Match: rdkb/components/opensource/ccsp/Utopia/rdkb/components/opensource/ccsp/Utopia/1, 7771 lines, url: https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+archive/RDKB-RELEASE-TEST-DUNFELL-1.tar.gz, file: source/utapi/lib/utapi.c)
* following copyright and licenses apply:
*
* Copyright 2015 RDK Management
Expand Down Expand Up @@ -1878,11 +1878,19 @@
return UT_SUCCESS;
}

size_t ucount = (size_t)*count;
if (ucount > SIZE_MAX / sizeof(routeStatic_t))
{
fclose(fp);
return -EOVERFLOW;
}

sroute = (routeStatic_t *) calloc((size_t)(*count), sizeof(routeStatic_t));
if (NULL == sroute) {
fclose(fp);/*RDKB-7128, CID-33470, free unused resources before exit*/
return ERR_INSUFFICIENT_MEM;
}

memset(sroute, 0, (size_t)(*count) * sizeof(routeStatic_t));
// Seek to beginning of file
fseek(fp, 0, SEEK_SET);
Expand Down
Loading