parental-control: Option to enable/disable urlfilter

2026-01-28 01:47:19 +01:00 · 2025-06-03 10:26:45 +00:00 · 2025-06-03 10:26:45 +00:00 · 93d2d09dcc
commit 93d2d09dcc
parent ece7e8f22c
11 changed files with 229 additions and 121 deletions
--- a/parental-control/Config.in
+++ b/parental-control/Config.in
@ -1,12 +1,10 @@
 if PACKAGE_parental-control

-config PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES
-	bool "Include default bundle files"
-	default n
+config PARENTAL_CONTROL_URLFILTERING
+	bool "Enables URL Filter functions and datamodel"
+	default y
 	help
-	   Set this option to include bundle files by default,
-	   they are also included in the UCI, urlfilter
-	   still needs to be enabled though.
+	   Set this option to include url filter feature

 config PARENTAL_CONTROL_VENDOR_PREFIX
 	string "Package specific datamodel Vendor Prefix for TR181 extensions"
--- a/parental-control/Makefile
+++ b/parental-control/Makefile
@ -1,17 +1,17 @@
 #
-# Copyright (C) 2021-2024 IOPSYS
+# Copyright (C) 2021-2025 IOPSYS
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=parental-control
-PKG_VERSION:=1.1.6
+PKG_VERSION:=1.2.0

 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/parental-control.git
-PKG_SOURCE_VERSION:=5128498a36c8f1ac48d320850c292c7e66256884
+PKG_SOURCE_VERSION:=5d931642e1d46b8cfe24e37054ffd2885e354c2c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@ -49,8 +49,11 @@ endif

 TARGET_CFLAGS += -DBBF_VENDOR_PREFIX=\\\"$(VENDOR_PREFIX)\\\"

-TARGET_LDFLAGS += \
-	-lcmph
+ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y)
+	TARGET_CFLAGS+=-DPARENTAL_CONTROL_ULRFILTER
+endif
+
+TARGET_LDFLAGS += -lcmph

 ifeq ($(LOCAL_DEV),1)
 define Build/Prepare
@ -85,8 +88,12 @@ define Package/parental-control/install

 	$(BBFDM_REGISTER_SERVICES) -v ${VENDOR_PREFIX} ./bbfdm_service.json $(1) parentalcontrol

-ifeq ($(CONFIG_PARENTAL_CONTROL_INCLUDE_URLFILTER_BUNDLES),y)
-	$(INSTALL_DATA) ./files/etc/parentalcontrol/urlbundles.tar.xz $(1)/etc/parentalcontrol/
+ifeq ($(CONFIG_PARENTAL_CONTROL_URLFILTERING),y)
+	$(INSTALL_DATA) ./files/etc/uci-defaults/55-add-default-bundles $(1)/etc/uci-defaults/
+	$(CP) ./files/urlbundle_override.json $(1)/etc/parentalcontrol/
+else
+	$(BBFDM_INSTALL_MS_PLUGIN) -v ${VENDOR_PREFIX} ./files/urlbundle_override.json $(1) parentalcontrol
+	$(INSTALL_DATA) ./files/etc/uci-defaults/50-parental_control_urlfilter $(1)/etc/uci-defaults/
 endif
 endef

--- a/parental-control/files/etc/config/parentalcontrol
+++ b/parental-control/files/etc/config/parentalcontrol
@ -1,93 +1,4 @@
 config globals 'globals'
    option enable '0'
    option loglevel '3'
-
-config urlbundle 'urlbundle_1'
-    option enable '0'
-    option name 'Abuse'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt'
-
-config urlbundle 'urlbundle_2'
-    option enable '0'
-    option name 'Ads'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt'
-
-config urlbundle 'urlbundle_3'
-    option enable '0'
-    option name 'Crypto'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt'
-
-config urlbundle 'urlbundle_4'
-    option enable '1'
-    option name 'Drugs'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt'
-
-config urlbundle 'urlbundle_5'
-    option enable '0'
-    option name 'Everything else'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt'
-
-config urlbundle 'urlbundle_6'
-    option enable '1'
-    option name 'Facebook/Instagram'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt'
-
-config urlbundle 'urlbundle_7'
-    option enable '1'
-    option name 'Fraud'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt'
-
-config urlbundle 'urlbundle_8'
-    option enable '1'
-    option name 'Gambling'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt'
-
-config urlbundle 'urlbundle_9'
-    option enable '0'
-    option name 'Malware'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt'
-
-config urlbundle 'urlbundle_10'
-    option enable '1'
-    option name 'Phishing'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt'
-
-config urlbundle 'urlbundle_11'
-    option enable '1'
-    option name 'Piracy'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt'
-
-config urlbundle 'urlbundle_12'
-    option enable '0'
-    option name 'Porn'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt'
-
-config urlbundle 'urlbundle_13'
-    option enable '1'
-    option name 'Ransomware'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt'
-
-config urlbundle 'urlbundle_14'
-    option enable '0'
-    option name 'Redirect'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt'
-
-config urlbundle 'urlbundle_15'
-    option enable '1'
-    option name 'Scam'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt'
-
-config urlbundle 'urlbundle_16'
-    option enable '0'
-    option name 'TikTok'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt'
-
-config urlbundle 'urlbundle_17'
-    option enable '0'
-    option name 'Torrent'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt'
-
-config urlbundle 'urlbundle_18'
-    option enable '0'
-    option name 'Tracking'
-    option download_url 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt'
+    option urlfilter '1'
--- a/parental-control/files/etc/firewall.parentalcontrol
+++ b/parental-control/files/etc/firewall.parentalcontrol
@ -2,15 +2,22 @@

 . /lib/parentalcontrol/parentalcontrol.sh

+enabled="$(uci -q get parentalcontrol.globals.enable)"
+urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+
 # if parentalcontrol is  enabled, add the rules, else remove them
-if [ "$(uci -q get parentalcontrol.globals.enable)" == "1" ]; then
+if [ "${enabled}" -eq "1" ]; then
 	# this is for urlfilter daemon
 	add_iptables_nfqueue_rules
-	# this for internet_access and profile_bedtime_schedule sections
-	add_internet_schedule_rules
+	if [ "${urlfilter}" -eq "1" ]; then
+		# this for internet_access and profile_bedtime_schedule sections
+		add_internet_schedule_rules
+	fi
 else
 	# remove urlfilter daemon rules
 	remove_iptables_nfqueue_rules
-	# remove internet_access and profile_bedtime_schedule rules
-	remove_internet_schedule_rules
+	if [ "${urlfilter}" -eq "1" ]; then
+		# remove internet_access and profile_bedtime_schedule rules
+		remove_internet_schedule_rules
+	fi
 fi
--- a/parental-control/files/etc/init.d/parentalcontrol
+++ b/parental-control/files/etc/init.d/parentalcontrol
@ -12,7 +12,8 @@ validate_global_section() {
 	uci_validate_section parentalcontrol globals globals \
 	    'enable:bool:1' \
 	    'loglevel:uinteger:3' \
-	    'bundle_path:string'
+	    'bundle_path:string' \
+	    'urlfilter:bool'
 }

 remove_fw_rules() {
@ -23,27 +24,36 @@ remove_fw_rules() {
 }

 configure_fw_rules() {
-	local enable
-
-	remove_fw_rules
+	local enable urlfilter

 	config_load parentalcontrol
 	config_get_bool enable globals enable 0
+	config_get_bool urlfilter globals urlfilter 0
+
+	remove_fw_rules

 	if [ "${enable}" -eq "0" ]; then
 		# Parental control is disabled
 		return 0
 	fi

-	# Now flush the existing connections, otherwise,
-	# URL filtering cannot be performed on already open sites.
-	if [ -n "$(which conntrack)" ]; then
-		sleep 5
-		conntrack -F
+	if [ "${urlfilter}" -eq "1" ]; then
+		if [ ! -f "${DM_PLUGIN_PATH}" ]; then
+			# throw error
+	                log "ERROR: urlfiltering disabled at compile time but enabled in config"
+		else
+			# Now flush the existing connections, otherwise,
+			# URL filtering cannot be performed on already open sites.
+			if [ -n "$(which conntrack)" ]; then
+				sleep 5
+				conntrack -F
+			fi
+
+			# this is for urlfilter daemon
+			add_iptables_nfqueue_rules
+		fi
 	fi

-	# this is for urlfilter daemon
-	add_iptables_nfqueue_rules
 	# this for internet_access and profile_bedtime_schedule sections
 	add_internet_schedule_rules
 }
@ -68,7 +78,7 @@ copy_dhcp_leases() {
 }

 start_service() {
-	local enable loglevel bundle_path
+	local enable loglevel bundle_path urlfilter

 	config_load parentalcontrol
 	validate_global_section
@ -80,6 +90,12 @@ start_service() {
 	# add firewall rules
 	configure_fw_rules

+	if [ "${urlfilter}" -eq "1" ]; then
+		enable_urlfilter_dm
+	else
+		disable_urlfilter_dm
+	fi
+
 	# if the router is, for example, upgraded and then it boots up
 	# then /tmp/dhcp.leases will be empty until clients try to get a lease,
 	# in that case, hostnames will not be processed by the daemon,
@ -88,7 +104,7 @@ start_service() {
 	# and will be used as a backup in case /tmp/dhcp.leases is empty
 	copy_dhcp_leases

-	procd_open_instance "parentalcontrol_dm"
+	procd_open_instance "parentalcontrol"
 	procd_set_param command nice -n 10 "${PROG}"  # Lower priority
 	procd_append_param command -l ${loglevel}
 	procd_set_param respawn
--- a/parental-control/files/etc/parentalcontrol/urlbundles.tar.xz
+++ b/parental-control/files/etc/parentalcontrol/urlbundles.tar.xz
--- a/parental-control/files/etc/uci-defaults/50-parental_control_urlfilter
+++ b/parental-control/files/etc/uci-defaults/50-parental_control_urlfilter
@ -0,0 +1,7 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+[ ! -f "/etc/config/parentalcontrol" ] && exit 0
+
+uci -q set parentalcontrol.globals.urlfilter='0'
--- a/parental-control/files/etc/uci-defaults/55-add-default-bundles
+++ b/parental-control/files/etc/uci-defaults/55-add-default-bundles
@ -0,0 +1,40 @@
+#!/bin/sh
+
+COUNT=1
+
+add_urlbundle()
+{
+	local enabled name url
+
+	enabled="${1}"; shift
+	url="${1}"; shift
+	name="${@}"
+
+	uci -q set parentalcontrol.urlbundle_${COUNT}=urlbundle
+	uci -q set parentalcontrol.urlbundle_${COUNT}.enable="${enabled}"
+	uci -q set parentalcontrol.urlbundle_${COUNT}.name="${name}"
+	uci -q set parentalcontrol.urlbundle_${COUNT}.download_url="${url}"
+
+	COUNT="$((COUNT+1))"
+}
+
+add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt" "Abuse"
+add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt" "Ads"
+add_urlbundle "0" "https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt" "Crypto"
+add_urlbundle "1" "https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt" "Drugs"
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt' "Everything else"
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt' 'Facebook/Instagram'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt' 'Fraud'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt' 'Gambling'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt' 'Malware'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt' 'Phishing'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt' 'Piracy'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt' 'Porn'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt' 'Ransomware'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt' 'Redirect'
+add_urlbundle "1" 'https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt' 'Scam'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt' 'TikTok'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt' 'Torrent'
+add_urlbundle "0" 'https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt' 'Tracking'
+
+exit 0
--- a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh
+++ b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh
@ -311,6 +311,9 @@ parse_macs_or_hostnames() {
 	local input="$1"
 	local lease_file="/tmp/dhcp.leases"

+	[ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases"
+	[ -f "$lease_file" ] || { log "Error: No DHCP lease file found."; return 1; }
+
 	for item in $input; do
 		case "$item" in
 			??:??:??:??:??:??)
@ -509,3 +512,25 @@ remove_internet_schedule_rules() {
 		ip6tables -w -X parentalcontrol_forward
 	fi
 }
+
+OVERRIDE_JSON="/etc/parentalcontrol/urlbundle_override.json"
+DM_PLUGIN_PATH="/usr/share/bbfdm/micro_services/parentalcontrol/urlbundle_override.json"
+
+enable_urlfilter_dm() {
+	if [ -f "${DM_PLUGIN_PATH}" ]; then
+		rm ${DM_PLUGIN_PATH}
+		echo "Please restart to apply"
+	fi
+}
+
+disable_urlfilter_dm() {
+	mkdir -p "$(dirname ${DM_PLUGIN_PATH})"
+
+	if [ ! -f "${DM_PLUGIN_PATH}" ]; then
+		if [ -f "${OVERRIDE_JSON}" ]; then
+			cp "${OVERRIDE_JSON}" "${DM_PLUGIN_PATH}"
+			echo "Please restart to apply"
+
+		fi
+	fi
+}
--- a/parental-control/files/lib/parentalcontrol/sync_bundles.sh
+++ b/parental-control/files/lib/parentalcontrol/sync_bundles.sh
@ -224,6 +224,14 @@ cleanup_bundle_files() {

 # Main handler for all profile URL bundles
 handle_filter_for_bundles() {
+	local urlfilter
+
+	urlfilter="$(uci -q get parentalcontrol.globals.urlfilter)"
+	if [ "${urlfilter}" -ne "1" ]; then
+		logger -p info "urlbundle not supported"
+		return
+	fi
+
 	ubus -t 20 wait_for bbfdm.parentalcontrol

 	if [ "$?" -ne 0 ]; then
--- a/parental-control/files/urlbundle_override.json
+++ b/parental-control/files/urlbundle_override.json
@ -0,0 +1,89 @@
+{
+    "json_plugin_version": 2,
+    "Device.X_IOWRT_EU_ParentalControl.": {
+        "type": "object",
+        "protocols": [
+            "cwmp",
+            "usp"
+        ],
+        "access": false,
+        "array": false,
+        "DefaultBundles": {
+            "type": "string",
+            "protocols": [
+                "none"
+            ],
+            "read": true,
+            "write": false
+        },
+        "MaxBlockHistory": {
+            "type": "unsignedInt",
+            "protocols": [
+                "none"
+            ],
+            "read": true,
+            "write": true,
+            "datatype": "unsignedInt"
+        },
+        "BlockHistoryNumberOfEntries": {
+            "type": "unsignedInt",
+            "read": true,
+            "write": false,
+            "protocols": [
+                "none"
+            ],
+            "datatype": "unsignedInt"
+        },
+        "URLBundleNumberOfEntries": {
+            "type": "unsignedInt",
+            "read": true,
+            "write": false,
+            "protocols": [
+                "none"
+            ],
+            "datatype": "unsignedInt"
+        },
+        "Device.X_IOWRT_EU_ParentalControl.BlockHistory.": {
+            "type": "object",
+            "protocols": [
+                "none"
+            ],
+            "access": false,
+            "array": true
+        },
+        "Device.X_IOWRT_EU_ParentalControl.URLBundle.": {
+            "type": "object",
+            "protocols": [
+                "none"
+            ],
+            "access": true,
+            "array": true
+        }
+    },
+    "Device.X_IOWRT_EU_ParentalControl.Profile.{i}.": {
+        "type": "object",
+        "protocols": [
+            "cwmp",
+            "usp"
+        ],
+        "access": true,
+        "array": true,
+        "URLFilterNumberOfEntries": {
+            "type": "unsignedInt",
+            "read": true,
+            "write": false,
+            "protocols": [
+                "none"
+            ],
+            "datatype": "unsignedInt"
+        },	
+	"Device.X_IOWRT_EU_ParentalControl.Profile.{i}.URLFilter.": {
+            "type": "object",
+            "protocols": [
+                "none"
+            ],
+            "access": true,
+            "array": true
+        }
+    }
+}