Add files

README.md

@@ -0,0 +1,7 @@
+![](https://count.ayaya.beauty/get/@lol219321?theme=asoul)
+
+---
+
+Root files from the GPT-2741 GPON router. Extracted using the bundled sftp server (I don't remember correctly, but I used dd to copy the images to a file)
+
+mtdblock3 and mtdblock5 were extracted using `binwalk -eB`. The other filesystems and partitions failed to extract automaticalle but they should be YAFFS2 filesystems.

_mtdblock3.img.extracted/squashfs-root/bin/ash

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/bash

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/cat

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/chmod

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/cp

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/date

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/dd

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/dmesg

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/echo

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/false

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/grep

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/gzip

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/hostname

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/kill

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/ln

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/login

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/ls

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/maceui

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/mkdir

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/more

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/mount

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/mv

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/netstat

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/nice

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/pidof

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/pidofzombie

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/ping

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/ping6

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/ps

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/pwd

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/rm

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/rmdir

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/run-parts

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/sed

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/sh

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/shgw

@@ -0,0 +1,566 @@
+#!/bin/sh
+
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+
+#
+# Used for matching the version
+. /etc/shgw/shgw.version
+
+#
+# Load all the variables
+. /etc/shgw/shgw.constants
+. /etc/shgw/shgw.common
+. /etc/shgw/shgw.env
+. /etc/shgw/shgw.errno
+. /etc/shgw/shgw_migrate
+
+fn_trim_startup_log
+${SHGW_LOG_TRIMMER} &
+
+#
+# Enable deep inspection debugging of this shell script
+
+exec 3>&1 4>&2 1>> ${SHGW_STARTUP_LOG} 2>&1
+set -x
+
+fn_retry_cmd_upto_five_times() {
+	local _cmd=$1
+	local _ecode=$2
+	COUNT=1
+	while [ $COUNT -lt $SQL_FAILURE_RETRY_COUNT ]; do
+		eval $_cmd > /dev/null 2>&1
+		if [ $? -eq 0 ]; then
+			break
+		fi
+		sleep 1
+		COUNT=$((${COUNT} + 1))
+	done
+
+	if [ $COUNT -eq $SQL_FAILURE_RETRY_COUNT ]; then
+		fn_err_exit $_ecode
+	fi
+}
+
+create_debug_files(){
+	if [ ! -f ${SHGW_STARTUP_STATUS} ]; then
+		> ${SHGW_STARTUP_STATUS}
+	fi
+
+	if [ ! -f  ${SHGW_ERROR_FILE} ]; then
+		> ${SHGW_ERROR_FILE}
+	fi
+}
+
+
+get_lan_ifaces() {
+	local _IFACE=""
+	LAN_INTERFACE_JSON_LIST=""
+	for _IFACE in ${LAN_INTERFACES}; do
+		if [ ! -z ${LAN_INTERFACE_JSON_LIST} ]; then
+			LAN_INTERFACE_JSON_LIST=${LAN_INTERFACE_JSON_LIST}','
+		fi
+		LAN_INTERFACE_JSON_LIST=${LAN_INTERFACE_JSON_LIST}'"'${_IFACE}'"'
+	done
+	if [ -z ${LAN_INTERFACE_JSON_LIST} ]; then
+		fn_err_exit ${NO_LAN_IFACE}
+	fi
+	LAN_INTERFACE_JSON_LIST='['${LAN_INTERFACE_JSON_LIST}']'
+	${ECHO} "[$(fn_time_now)] LAN_INTERFACES = ${LAN_INTERFACE_JSON_LIST} " >> ${SHGW_STARTUP_STATUS}
+}
+
+create_persistant_sqlite_db(){
+	${SHGW_ENCRYPT_SQL} "START" "PERSIST"
+}
+
+update_persistant_sqlite_db() {
+	if [ X"$mode" == X"softstart" ]; then
+		reset=0
+		${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" 				"${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}" "${reset}"
+	elif [ X"$mode" == X"db_start" ]; then
+		reset=2
+		${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" 				"${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}" "${reset}"
+	else
+		${SHGW_ENCRYPT_SQL} "UPDATE_START" "${LAN_INTERFACE_JSON_LIST}" "${SHGW_VERSION}" "${IP_SKIP_JSON_LIST}" "${base_mac}" "${serial}" "${model}" "${country_code}" "${timezone}" 				"${WAN_INTERFACE_JSON_LIST}" "${DEFAULT_WAN_INTERFACE}" "${DEFAULT_DNS_SERVER_LIST}" "${LAN_IP_LIST}" "${LAN_IFACE_IP_LIST}"
+	fi
+}
+
+check_persistant_db(){
+
+	local _need_to_create_db=0
+	if [ -f ${SHGW_PERSISTANT_DB} ]; then
+		local _shgw_version_from_sql=$(${SHGW_ENCRYPT_SQL} "GET" "VERSION" "shgw_config_store")
+		if [ "${_shgw_version_from_sql}" != "${SHGW_VERSION}" ]; then
+			fn_migrate_persistant_db
+		fi
+	else
+		# persistant db not found
+		_need_to_create_db=1
+	fi
+
+	if [ ${_need_to_create_db} -eq 1 ]; then
+		create_persistant_sqlite_db
+	fi
+}
+
+fetch_skip_ips() {
+	if [ ! -f ${IP_SKIP_LIST_FILE} ]; then
+		${ECHO} "[$(fn_time_now)] No Skip IPs file" >> ${SHGW_STARTUP_STATUS}
+		IP_SKIP_JSON_LIST='[""]'
+	else
+		IP_SKIP_JSON_LIST=""
+		while read line
+		do
+			if [ ! -z ${IP_SKIP_JSON_LIST} ]; then
+				IP_SKIP_JSON_LIST=${IP_SKIP_JSON_LIST}','
+			fi
+			IP_SKIP_JSON_LIST=${IP_SKIP_JSON_LIST}'"'${line}'"'
+		done < ${IP_SKIP_LIST_FILE}
+
+		if [ -z ${IP_SKIP_JSON_LIST} ]; then
+			${ECHO} "[$(fn_time_now)] No Skip IPs" >> ${SHGW_STARTUP_STATUS}
+		fi
+
+		IP_SKIP_JSON_LIST='['${IP_SKIP_JSON_LIST}']'
+		${ECHO} "[$(fn_time_now)] Skipping IPs = ${IP_SKIP_JSON_LIST} " >> ${SHGW_STARTUP_STATUS}
+	fi
+}
+
+__fetch_wan_and_dns_data() {
+	local line=${1}
+	local wan=""
+	local dns=""
+	local res=""
+
+	wan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
+	dns=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
+	dns_list=""
+
+	if [ ! -z "${dns}" ]; then
+		for i in ${dns}; do
+			if [ ! -z ${dns_list} ]; then
+				dns_list=${dns_list}','
+			fi
+			dns_list=${dns_list}'"'${i}'"'
+		done
+		res='{"interface":"'${wan}'","dns":['${dns_list}']}'
+	fi
+
+	${ECHO} $res
+}
+
+fetch_wan_interfaces() {
+	DEFAULT_WAN_INTERFACE=""
+	WAN_INTERFACE_JSON_LIST=''
+	if [ ! -f ${WAN_INFO} ]; then
+		${ECHO} "[$(fn_time_now)] No WAN Info file" >> ${SHGW_STARTUP_STATUS}
+		fn_err_exit ${NO_DEFAULT_WAN_IFACE}
+	else
+		while read line
+		do
+			if [ ! -z "$(${ECHO} ${line} | ${GREP} default)" ]; then
+				DEFAULT_WAN_INTERFACE=$(${ECHO} ${line} | ${AWK} '{print $2}')
+			else
+				dns_list=""
+				dns_list=$(__fetch_wan_and_dns_data ${line})
+				#fetch default DNS server
+				CUR_WAN_INTERFACE=$(${ECHO} ${dns_list} | ${CUT} -d':' -f2 | ${CUT} -d',' -f1 | ${SED} -e 's/"//g')
+				if [ X"$CUR_WAN_INTERFACE" = X"$DEFAULT_WAN_INTERFACE" ]; then
+					DEFAULT_DNS_SERVER_LIST=$(${ECHO} ${dns_list} | ${CUT} -d'[' -f2 | ${SED} -e 's/"//g' -e 's/]//g' -e 's/}//g')
+				fi
+
+				if [ ! -z ${dns_list} ]; then
+					if [ ! -z ${WAN_INTERFACE_JSON_LIST} ]; then
+						WAN_INTERFACE_JSON_LIST=${WAN_INTERFACE_JSON_LIST}','
+					fi
+					WAN_INTERFACE_JSON_LIST=${WAN_INTERFACE_JSON_LIST}${dns_list}
+				fi
+			fi
+		done < ${WAN_INFO}
+	fi
+
+	if [ -z ${DEFAULT_WAN_INTERFACE} ]; then
+		${ECHO} "[$(fn_time_now)] No Default WAN Interface" >> ${SHGW_STARTUP_STATUS}
+		fn_err_exit ${NO_DEFAULT_WAN_IFACE}
+	fi
+	# exit if there is no default DNS server
+	if [ -z ${DEFAULT_DNS_SERVER_LIST} ]; then
+		${ECHO} "[$(fn_time_now)] No Default DNS Server" >> ${SHGW_STARTUP_STATUS}
+		fn_err_exit ${NO_DEFAULT_DNS_SERVER_LIST}
+        fi
+
+	if [ -z ${WAN_INTERFACE_JSON_LIST} ]; then
+		${ECHO} "[$(fn_time_now)] No WAN Interfaces" >> ${SHGW_STARTUP_STATUS}
+		fn_err_exit ${NO_DEFAULT_WAN_IFACE}
+	fi
+
+	WAN_INTERFACE_JSON_LIST="["${WAN_INTERFACE_JSON_LIST}"]"
+	${ECHO} "[$(fn_time_now)] Default WAN Interfaces: ${DEFAULT_WAN_INTERFACE}" >> ${SHGW_STARTUP_STATUS}
+	${ECHO} "[$(fn_time_now)] Default DNS server list: ${DEFAULT_DNS_SERVER_LIST}" >> ${SHGW_STARTUP_STATUS}
+	${ECHO} "[$(fn_time_now)] WAN Interfaces: ${WAN_INTERFACE_JSON_LIST}" >> ${SHGW_STARTUP_STATUS}
+}
+
+__fetch_lan_and_ip_data() {
+	local line=${1}
+	local lan=""
+	local ip=""
+	local res=""
+
+	lan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
+	ip=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
+	ip_list=""
+
+	if [ ! -z "${ip}" ]; then
+		for i in ${ip}; do
+			if [ ! -z ${ip_list} ]; then
+				ip_list=${ip_list}','
+			fi
+			ip_list=${ip_list}'"'${i}'"'
+		done
+		res='{"interface":"'${lan}'","lan_ip":['${ip_list}']}'
+	fi
+	${ECHO} $res
+}
+
+fetch_lan_ip() {
+	local line=${1}
+	local ip=""
+
+	ip=$(${ECHO} ${line} | ${CUT} -d';' -f2 | ${SED} 's/,/ /g')
+	if [ ! -z "${ip}" ]; then
+		for i in ${ip}; do
+			if [ ! -z "$LAN_IP_LIST" ]; then
+				LAN_IP_LIST=${LAN_IP_LIST}','
+			fi
+			LAN_IP_LIST=${LAN_IP_LIST}'"'${i}'"'
+		done
+	else
+		LAN_IP_LIST='"192.168.1.1"'
+	fi
+	${ECHO} ${LAN_IP_LIST}
+}
+
+fetch_lan_interfaces() {
+	LAN_INTERFACES=""
+	LAN_IP_LIST=""
+	LAN_IFACE_IP_LIST=""
+
+	local lan=""
+	if [ ! -f ${LAN_INFO} ]; then
+		${ECHO} "[$(fn_time_now)] No LAN Info file" >> ${SHGW_STARTUP_STATUS}
+		LAN_INTERFACES="br0"
+		LAN_IP_LIST='"192.168.1.1"'
+	else
+		while read line
+		do
+			if [ ! -z "$LAN_INTERFACES" ]; then
+				LAN_INTERFACES=${LAN_INTERFACES}' '
+			fi
+			lan=$(${ECHO} ${line} | ${CUT} -d';' -f1)
+			LAN_INTERFACES=${LAN_INTERFACES}${lan}
+			if [ ! -z "$(${ECHO} ${line} | ${GREP} br0)" ]; then
+				LAN_IP_LIST=$(fetch_lan_ip ${line})
+			fi
+			ip_list=""
+			ip_list=$(__fetch_lan_and_ip_data ${line})
+			if [ ! -z ${ip_list} ]; then
+				if [ ! -z ${LAN_IFACE_IP_LIST} ]; then
+					LAN_IFACE_IP_LIST=${LAN_IFACE_IP_LIST}','
+				fi
+				LAN_IFACE_IP_LIST=${LAN_IFACE_IP_LIST}${ip_list}
+			fi
+		done < ${LAN_INFO}
+	fi
+	LAN_IP_LIST='['${LAN_IP_LIST}']'
+	LAN_IFACE_IP_LIST='['${LAN_IFACE_IP_LIST}']'
+
+	${ECHO} "[$(fn_time_now)] LAN Interfaces: ${LAN_INTERFACES}" >> ${SHGW_STARTUP_STATUS}
+	${ECHO} "[$(fn_time_now)] LAN IP for br0: ${LAN_IP_LIST}" >> ${SHGW_STARTUP_STATUS}
+	${ECHO} "[$(fn_time_now)] LAN IP for all interfcaes: ${LAN_IFACE_IP_LIST}" >> ${SHGW_STARTUP_STATUS}
+
+}
+
+fetch_and_update_gwinfo() {
+	if [ ! -f ${HGUINFO} ]; then
+		${ECHO} "[$(fn_time_now)] No HGU Info file" >> ${SHGW_STARTUP_STATUS}
+		fn_err_exit ${FETCH_BASE_MAC_FAILED}
+	else
+		serial=$(${ECHO} $(${CUT} -d ';' -f1 ${HGUINFO}))
+		model=$(${ECHO} $(${CUT} -d ';' -f2 ${HGUINFO}))
+		timezone=$(${ECHO} $(${CUT} -d ';' -f3 ${HGUINFO}))
+		country_code=$(${ECHO} $(${CUT} -d ';' -f4 ${HGUINFO}))
+		base_mac=$(${ECHO} $(${CUT} -d ';' -f5 ${HGUINFO}))
+	fi
+
+	if [ -z "${base_mac}" ]; then
+		fn_err_exit ${FETCH_BASE_MAC_FAILED}
+	fi
+
+	if [ -z ${serial} ]; then
+		${ECHO} "[$(fn_time_now)] Serial number is empty!"
+		serial="serial"
+	fi
+
+	if [ -z ${model} ]; then
+		${ECHO} "[$(fn_time_now)] Model number is empty!"
+		model="model"
+	fi
+
+	if [ -z ${country_code} ]; then
+		${ECHO} "[$(fn_time_now)] Country code is empty!"
+		country_code="ES" #Should we quit instead of this?
+	fi
+
+	# Timezone in Econet is a huge string need to understand
+	timezone=""
+	if [ -z ${timezone} ]; then
+		${ECHO} "[$(fn_time_now)] Timezone is empty!"
+		timezone="GMT"
+	fi
+
+	if [ -z ${tproxy_mark} ]; then
+		${ECHO} "[$(fn_time_now)] tproxy_mark is empty!"
+		tproxy_mark="0x4000"
+	fi
+
+	if [ -z ${tproxy_mask} ]; then
+		${ECHO} "[$(fn_time_now)] tproxy_mask is empty!"
+		tproxy_mask="0x4000"
+	fi
+
+}
+
+create_non_persistant_sqlite_db(){
+		fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS device_discovery_table(dev_id TEXT PRIMARY KEY, mac TEXT,ip_address TEXT,ip6_address TEXT,host_name TEXT,headless INTEGER,status INTEGER,last_seen INTEGER,trusted INTEGER);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
+		fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS stats(key TEXT PRIMARY KEY, value TEXT);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
+		fn_retry_query_upto_five_times "DELETE FROM stats;" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
+		fn_retry_query_upto_five_times "INSERT INTO stats VALUES('dns_stats', '{}');" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
+		fn_retry_query_upto_five_times "INSERT INTO stats VALUES('sys_stats', '{}');" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
+		fn_retry_query_upto_five_times "CREATE TABLE IF NOT EXISTS shgw_access_restrictions(status INTEGER, protocol TEXT, port INTEGER, source TEXT, devices TEXT);" "${SHGW_NON_PERSISTANT_DB}" "${NON_PERSISTANT_DB_UPDATE_FAILED}" "${ONE_SEC}"
+}
+
+delete_old_persistent_db() {
+	if [ -f ${SHGW_OLD_PERSISTANT_DB} ]; then
+		${RM} -f ${SHGW_OLD_PERSISTANT_DB}
+	fi
+}
+
+#------------------------------------start_server------------------------------
+
+start_watchdogd() {
+	#Remove the o/p redirection done by exec
+	exec 1>&3 2>&4
+
+	${SHGW_WD_MONIT} &
+
+	#Add the o/p redirection
+	exec 3>&1 4>&2 1>> ${SHGW_STARTUP_LOG} 2>&1
+
+	wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_pid ]; then
+		# request start
+		${KILL} -SIGUSR2 $wd_pid
+	fi
+}
+
+create_shgw_directories() {
+	${MKDIR} -p ${SHGW_NVRAM}
+	${MKDIR} -p ${SHGW_TMPFS_PATH}
+}
+
+
+check_tld_json_existence() {
+	if [ ! -f ${TLD_JSON_FILE} ];then
+		${CP} ${SHGW_PRIVATE}/shgw_tld_file.json ${SHGW_NVRAM}
+		${CHMOD} 666 ${TLD_JSON_FILE}
+	fi
+}
+
+set_time() {
+	rtm_util cfg igd time_ntp set 1 adm_state enable ip_intf 2 ntp_svr_1 211.22.103.157
+}
+
+#------------------------------------>MAIN<----------------------------------------
+
+start_shg(){
+	delete_old_persistent_db
+	create_shgw_directories
+
+	fetch_wan_interfaces
+	fetch_lan_interfaces
+	get_lan_ifaces
+
+	check_persistant_db
+	fetch_and_update_gwinfo
+	#calc_gwinfo
+	fetch_skip_ips
+	update_persistant_sqlite_db
+
+	#set_time
+
+	${SHGW_ACCESS_RESTRICTION} "inbound_sec_start"
+	create_non_persistant_sqlite_db
+	${ECHO} "[$(fn_time_now)] Database created successfully" >> ${SHGW_STARTUP_STATUS}
+	check_tld_json_existence
+	start_watchdogd
+
+}
+
+force_start_shg() {
+	${SHGW_ENCRYPT_SQL} "UPDATE" "STOP_STATUS" "0"
+	start_shg
+}
+
+stop_shg(){
+	${SHGW_ACCESS_RESTRICTION} "inbound_sec_stop"
+
+	# request stop
+	wd_pid=$(ps | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_pid ]; then
+		# request stop
+		${KILL} -SIGUSR1 $wd_pid
+	fi
+}
+
+force_stop_shg(){
+	${SHGW_ENCRYPT_SQL} "UPDATE" "STOP_STATUS" "1"
+	stop_shg
+}
+
+kill_shg() {
+	${ECHO} "Killing SHGW"
+
+	stop_shg
+
+	wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_monit_pid ]; then
+		${ECHO} "Stopping monit!"
+		${KILL} -9 $wd_monit_pid
+	fi
+
+	wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_pid ]; then
+		${ECHO} "Stopping watchdog!"
+		${KILL} -9 $wd_pid
+	fi
+
+
+	${RM} -rf ${SHGW_TMPFS_PATH}
+	${RM} -rf ${SHGW_STARTUP_STATUS}
+	${RM} -rf ${SHGW_STARTUP_LOG}
+	${RM} -rf ${SHGW_ERROR_FILE}
+
+}
+
+reset_shg() {
+	${ECHO} "Resetting SHGW!"
+
+	${SHGW_ROUTER_RESET} hard
+
+	wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_monit_pid ]; then
+		${ECHO} "Stopping monit!"
+		${KILL} -9 $wd_monit_pid
+	fi
+
+	wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_pid ]; then
+		${ECHO} "Stopping watchdog!"
+		${KILL} -9 $wd_pid
+	fi
+	# backup
+	${RM} -f ${SHGW_PERSISTANT_DB}
+
+	${ECHO} "Reset done!"
+}
+
+shgw_mode() {
+	if [ X"$mode" == X"start" ]; then
+		${ECHO} "SHGW start called!"
+		start_shg
+	elif [ X"$mode" == X"stop" ]; then
+		${ECHO} "SHGW stop called!"
+		stop_shg
+	elif [ X"$mode" == X"kill" ]; then
+		${ECHO} "SHGW kill called!"
+		kill_shg
+	elif [ X"$mode" == X"restart" ]; then
+		${ECHO} "SHGW restart called!"
+		stop_shg
+		sleep 3
+		start_shg
+	elif [ X"$mode" == X"force_start" ]; then
+		${ECHO} "SHGW force_start called!"
+		force_start_shg
+	elif [ X"$mode" == X"force_stop" ]; then
+		${ECHO} "SHGW force_stop called!"
+		force_stop_shg
+	elif [ X"$mode" == X"reset" ]; then
+		${ECHO} "SHGW reset called!"
+		reset_shg
+	elif [ X"$mode" == X"softstart" ]; then
+		${ECHO} "SHGW softstart called!"
+		start_shg
+	elif [ X"$mode" == X"db_start" ]; then
+		${ECHO} "SHGW DB start called!"
+		start_shg
+	else
+		${ECHO} "Usage: $0 [start|stop|kill|restart|force_start|force_stop|reset|softstart|db_start]"
+		fn_err_exit ${INVALID_MODE}
+	fi
+	${RM} -rf $STARTUP_LOCK
+}
+
+
+exit_if_running() {
+	# TODO : Add a fdlock implementaion
+	local mypid=$$
+
+	if ! [ -f "$STARTUP_LOCK" ]; then
+		${ECHO} $$ > $STARTUP_LOCK
+		return
+	fi
+
+	local pid_on_file=$(${CAT} "$STARTUP_LOCK")
+	[ X"$pid_on_file" == X"$mypid" ] && return
+
+	old_cmd_line=$(${CAT} /proc/$pid_on_file/cmdline 2>/dev/null)
+	[ "$?" != "0" ] && ${ECHO} $$ > $STARTUP_LOCK && return
+
+	${ECHO} "$old_cmd_line" | ${GREP} "shgw"
+	[ "$?" == "0" ] && ${ECHO} "Already running" && exit 127
+
+	${ECHO} $$ > $STARTUP_LOCK
+}
+
+#--------------------------------------------------------------------------------
+
+${ECHO} "Called for: $1"
+exit_if_running
+
+create_debug_files
+${ECHO} "[$(fn_time_now)] starting" >> ${SHGW_STARTUP_STATUS}
+mode=$1
+shgw_mode
+${ECHO} "[$(fn_time_now)] done" >> ${SHGW_STARTUP_STATUS}

_mtdblock3.img.extracted/squashfs-root/bin/shgw_access_restriction

@@ -0,0 +1,252 @@
+#!/bin/sh
+
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+
+
+. /etc/shgw/shgw.constants
+. /etc/shgw/shgw.common
+. /etc/shgw/shgw.errno
+. /etc/shgw/shgw.env
+
+
+get_wan_iface(){
+	WAN_IFACE=$(fn_get_wan_iface)
+}
+
+flush_ipv4_tables() {
+	${IPTABLES} -w -F SHP_MGT_CONSOLE_B -t filter
+	${IPTABLES} -w -F SHP_MGT_CONSOLE_A -t filter
+
+	${IPTABLES} -w -F SHP_WAN_BLOCK -t filter
+	${IPTABLES} -w -F SHP_WAN_ALLOW -t filter
+}
+
+flush_ipv4_ipset() {
+	${IPSET} -F SHP_MGT_CONSOLE_SET_A
+	${IPSET} -F SHP_WAN_ALLOW_SET
+}
+
+flush_ipv6_tables() {
+	${IP6TABLES} -w -F SHP_MGT_CONSOLE_B -t filter
+	${IP6TABLES} -w -F SHP_MGT_CONSOLE_A -t filter
+	
+	${IP6TABLES} -w -F SHP_WAN_BLOCK -t filter
+	${IP6TABLES} -w -F SHP_WAN_ALLOW -t filter
+
+	${IP6TABLES} -w -F SHGW_EXCLUSION_WAN_IPV6 -t filter
+	${IP6TABLES} -w -F SHGW_EXCLUSION_IPV6 -t filter
+}
+
+flush_ipv6_ipset() {
+	${IPSET} -F SHP_MGT_CONSOLE_SET_A_IP6
+	${IPSET} -F SHP_WAN_ALLOW_SET_IP6	
+}
+
+add_ipsets_to_iptables() {
+		${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET dst,dst -t filter -i ${WAN_IFACE} -p tcp -j ACCEPT
+		${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A src,dst -t filter -j ACCEPT
+		${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
+		${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
+		${IPTABLES} -w -I SHP_WAN_BLOCK -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
+		${IPTABLES} -w -I SHP_MGT_CONSOLE_B -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
+		${IP6TABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET_IP6 dst,dst -i ${WAN_IFACE} -p tcp -t filter -j ACCEPT
+		${IP6TABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A_IP6 src,dst -t filter -j ACCEPT
+}
+
+check_and_run_script() {
+	flush_ipv4_tables
+	flush_ipv6_tables
+	add_ipsets_to_iptables
+	if [ -f ${SHGW_INBOUND_SEC_SCRIPT} ]; then
+		${CHMOD} +x ${SHGW_INBOUND_SEC_SCRIPT}
+		${SHGW_INBOUND_SEC_SCRIPT}
+	 	${RM} -f ${SHGW_INBOUND_SEC_SCRIPT}
+	fi
+}
+
+#Creates 4 user defined chains and inserts rules
+create_ip4table_chains() {
+	${IPTABLES} -w -N SHP_WAN_BLOCK -t filter
+	${IPTABLES} -w -N SHP_WAN_ALLOW -t filter
+	${IPSET} -N SHP_WAN_ALLOW_SET hash:ip,port
+	
+	insert_filter_forward_ipset_ip4targets
+	${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET dst,dst -t filter -i ${WAN_IFACE} -p tcp -j ACCEPT
+	${IPTABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
+	${IPTABLES} -w -I SHP_WAN_BLOCK -m set --match-set SHGW_EXCLUSION dst -t filter -i ${WAN_IFACE} -p tcp -j RETURN
+	
+	${IPTABLES} -w -N SHP_MGT_CONSOLE_B -t filter
+	${IPTABLES} -w -N SHP_MGT_CONSOLE_A -t filter
+	${IPSET} -N SHP_MGT_CONSOLE_SET_A hash:ip,port
+	
+	insert_filter_input_ipset_ip4targets
+	${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A src,dst -t filter -j ACCEPT
+	${IPTABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
+	${IPTABLES} -w -I SHP_MGT_CONSOLE_B -m set --match-set SHGW_EXCLUSION src -t filter -j RETURN
+}
+
+remove_ip4table_chains() {
+	flush_ipv4_tables
+	flush_ipv4_ipset
+		
+
+	remove_filter_input_ipset_ip4targets	
+	${IPSET} -X SHP_MGT_CONSOLE_SET_A
+	${IPTABLES} -w -X SHP_MGT_CONSOLE_B -t filter
+	${IPTABLES} -w -X SHP_MGT_CONSOLE_A -t filter
+		
+	remove_filter_forward_ipset_ip4targets
+	
+	${IPSET} -X SHP_WAN_ALLOW_SET
+	${IPTABLES} -w -X SHP_WAN_BLOCK -t filter
+	${IPTABLES} -w -X SHP_WAN_ALLOW -t filter	
+}
+
+# Insert IP4 targets in INPUT chain for ipset interception
+insert_filter_input_ipset_ip4targets() {
+	${IPTABLES} -w -I INPUT -t filter -j SHP_MGT_CONSOLE_B
+	${IPTABLES} -w -I INPUT -t filter -j SHP_MGT_CONSOLE_A
+}
+
+# Insert IP6 targets in INPUT chain for ipset interception
+insert_filter_input_ipset_ip6targets() {
+	${IP6TABLES} -w -I INPUT -t filter -j SHGW_EXCLUSION_IPV6
+
+	${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_IPV6 -j SHP_MGT_CONSOLE_B
+	${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_IPV6 -j SHP_MGT_CONSOLE_A
+}
+
+# Insert IP4 targets in FORWARD chain for ipset interception
+insert_filter_forward_ipset_ip4targets() {
+	${IPTABLES} -w -I FORWARD -t filter -j SHP_WAN_BLOCK
+	${IPTABLES} -w -I FORWARD -t filter -j SHP_WAN_ALLOW
+}
+
+# Insert IP6 targets in FORWARD chain for ipset interception
+insert_filter_forward_ipset_ip6targets() {
+	${IP6TABLES} -w -I FORWARD -t filter -j SHGW_EXCLUSION_WAN_IPV6
+
+	${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_WAN_IPV6 -j SHP_WAN_BLOCK
+	${IP6TABLES} -w -t filter -A SHGW_EXCLUSION_WAN_IPV6 -j SHP_WAN_ALLOW
+}
+# Remove IP4 targets from INPUT chain for ipset interception
+remove_filter_input_ipset_ip4targets() {
+	${IPTABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_B
+	${IPTABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_A
+}
+
+# Remove IP6 targets from INPUT chain for ipset interception
+remove_filter_input_ipset_ip6targets() {
+	${IP6TABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_B
+	${IP6TABLES} -w -D INPUT -t filter -j SHP_MGT_CONSOLE_A
+}
+
+# Remove IP4 targets from FORWARD chain for ipset interception
+remove_filter_forward_ipset_ip4targets() {
+	${IPTABLES} -w -D FORWARD -t filter -j SHP_WAN_BLOCK
+	${IPTABLES} -w -D FORWARD -t filter -j SHP_WAN_ALLOW
+}
+
+# Remove IP6 targets from FORWARD chain for ipset interception
+remove_filter_forward_ipset_ip6targets() {
+	${IP6TABLES} -w -D FORWARD -t filter -j SHP_WAN_BLOCK
+	${IP6TABLES} -w -D FORWARD -t filter -j SHP_WAN_ALLOW
+}
+
+#Creates 4 user defined chains and inserts rules
+create_ip6table_chains() {
+	${IP6TABLES} -w -N SHP_WAN_BLOCK -t filter
+	${IP6TABLES} -w -N SHP_WAN_ALLOW -t filter
+	${IP6TABLES} -w -N SHGW_EXCLUSION_WAN_IPV6 -t filter
+	${IPSET} -N SHP_WAN_ALLOW_SET_IP6 hash:ip,port family inet6
+	
+	insert_filter_forward_ipset_ip6targets
+	${IP6TABLES} -w -I SHP_WAN_ALLOW -m set --match-set SHP_WAN_ALLOW_SET_IP6 dst,dst -i ${WAN_IFACE} -p tcp -t filter -j ACCEPT
+	
+	${IP6TABLES} -w -N SHP_MGT_CONSOLE_B -t filter
+	${IP6TABLES} -w -N SHP_MGT_CONSOLE_A -t filter
+	${IPSET} -N SHP_MGT_CONSOLE_SET_A_IP6 hash:ip,port family inet6
+	
+	insert_filter_input_ipset_ip6targets
+	${IP6TABLES} -w -I SHP_MGT_CONSOLE_A -m set --match-set SHP_MGT_CONSOLE_SET_A_IP6 src,dst -t filter -j ACCEPT
+}
+
+remove_ip6table_chains() {
+	flush_ipv6_tables
+	flush_ipv6_ipset
+	
+	remove_filter_input_ipset_ip6targets
+	
+	${IPSET} -X SHP_MGT_CONSOLE_SET_A_IP6
+	${IP6TABLES} -w -X SHP_MGT_CONSOLE_B -t filter
+	${IP6TABLES} -w -X SHP_MGT_CONSOLE_A -t filter
+
+	remove_filter_forward_ipset_ip6targets	
+
+	${IPSET} -X SHP_WAN_ALLOW_SET_IP6
+	${IP6TABLES} -w -X SHP_WAN_BLOCK -t filter
+	${IP6TABLES} -w -X SHP_WAN_ALLOW -t filter
+	${IP6TABLES} -w -X SHGW_EXCLUSION_WAN_IPV6 -t filter	
+}
+
+#Main
+
+get_wan_iface
+
+case $1 in
+	inbound_sec_start)
+		remove_ip4table_chains
+		remove_ip6table_chains	
+		create_ip4table_chains
+		create_ip6table_chains
+		;;
+	inbound_sec_stop)
+		remove_ip4table_chains
+		remove_ip6table_chains
+		;;
+	add_rules)
+		check_and_run_script
+		;;
+	flush_ipset)
+		flush_ipv4_ipset
+		flush_ipv6_ipset
+		;;
+	halt_ipset)
+		remove_filter_input_ipset_ip4targets
+		remove_filter_input_ipset_ip6targets
+		remove_filter_forward_ipset_ip4targets
+		remove_filter_forward_ipset_ip6targets
+		;;
+	resume_ipset)
+		remove_filter_input_ipset_ip4targets
+		remove_filter_input_ipset_ip6targets
+		remove_filter_forward_ipset_ip4targets
+		remove_filter_forward_ipset_ip6targets
+		insert_filter_input_ipset_ip4targets
+		insert_filter_input_ipset_ip6targets
+		insert_filter_forward_ipset_ip4targets
+		insert_filter_forward_ipset_ip6targets
+		;;
+esac

_mtdblock3.img.extracted/squashfs-root/bin/shgw_hard_block_get_n_set.sh

@@ -0,0 +1,63 @@
+#!/bin/sh
+. /etc/shgw/shgw.constants
+
+	_temp_file="${TMPFS_PATH}/temp_hard_blk"
+case $1 in
+
+        get)
+
+                $ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :GET" > ${_temp_file}
+                $ECHO "param:MACAddressControlList: :" >> ${_temp_file}
+
+                $ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :GET" >> ${_temp_file}
+                $ECHO "param:MACAddressControlList: :" >> ${_temp_file}
+
+                ${CALTEST} -g ${_temp_file} 2>&1 | ${GREP} ${PARAMVALUE} | ${AWK} 'FNR == 3 {print $3}' | ${TR} -d '""' > /var/.shgw/temp_caltest
+                ${CALTEST} -g ${_temp_file} 2>&1 | ${GREP} ${PARAMVALUE} | ${AWK} 'FNR == 4 {print $3}' | ${TR} -d '""' >> /var/.shgw/temp_caltest
+        ;;
+
+        set)
+
+		case $2 in
+
+			block) 
+
+				$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :MODIFY" > ${_temp_file}
+				$ECHO "param:MACAddressControlList: :$3" >> ${_temp_file}
+				$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
+
+				$ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :MODIFY" >> ${_temp_file}
+				$ECHO "param:MACAddressControlList: :$4" >> ${_temp_file}
+				$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
+			        ${CALTEST} -s ${_temp_file}
+        
+			;;
+	
+			unblock)
+
+				$ECHO "object:Device.WiFi.AccessPoint.1.X_LANTIQ_COM_Vendor: :MODIFY" > ${_temp_file}
+				if [ ${#3} -le 1  ]
+				then
+				        $ECHO "param:MACAddressControlList: :\"" >> ${_temp_file}
+					$ECHO "param:MACAddressControlMode: :Disabled" >> ${_temp_file}
+				else
+				        $ECHO "param:MACAddressControlList: :${3}" >> ${_temp_file}
+					$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
+				fi
+
+			        $ECHO "object:Device.WiFi.AccessPoint.2.X_LANTIQ_COM_Vendor: :MODIFY" >> ${_temp_file}
+				if [ ${#4} -le 1 ]
+				then
+			        	$ECHO "param:MACAddressControlList: :\"" >> ${_temp_file}
+					$ECHO "param:MACAddressControlMode: :Disabled" >> ${_temp_file}
+				else
+			        	$ECHO "param:MACAddressControlList: :${4}" >> ${_temp_file}
+					$ECHO "param:MACAddressControlMode: :Deny" >> ${_temp_file}
+				fi
+			        ${CALTEST} -s ${_temp_file}
+
+			;;
+		esac
+	;;
+esac
+

_mtdblock3.img.extracted/squashfs-root/bin/shgw_log_trimmer

@@ -0,0 +1,43 @@
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+#
+#
+# Date                 : 09/Apr/2019
+##############################################################################
+
+. /etc/shgw/shgw.common
+. /etc/shgw/shgw.constants
+
+
+#TODO: Make this file as one stop for trimming all kind of log files except shgw.log
+
+# Trim shgw error log file
+fn_trim_error_log() {
+       ${TAIL} -n ${NO_ERROR_LOG_LINES} ${SHGW_ERROR_FILE} > ${SHGW_ERROR_FILE_TMP}
+       ${CAT} ${SHGW_ERROR_FILE_TMP} > ${SHGW_ERROR_FILE}
+       ${RM} -f ${SHGW_ERROR_FILE_TMP}
+}
+
+
+fn_trim_error_log

_mtdblock3.img.extracted/squashfs-root/bin/shgw_router_reset

@@ -0,0 +1,105 @@
+#!/bin/sh
+
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+
+. /etc/shgw/shgw.constants
+
+#This script is called after SHGW stop is performed from code
+#Do not change this implementation
+
+delete_database() {
+${RM} -f ${SHGW_PERSISTANT_DB}
+${RM} -f ${TLD_JSON_FILE}
+${RM} -f ${BOTNET_FEED_FILE}
+${RM} -f ${SHGW_NON_PERSISTANT_DB}
+${RM} -f ${SHGW_LOG_FILE}
+${RM} -rf ${SHGW_TMPFS_PATH}
+${RM} -f ${TEMP_HARD_BLK}
+}
+
+delete_shgw_debug_data_files() {
+       ${RM} -f ${SHGW_TMPFS_PATH}/shgw_debug_data*
+}
+
+hard_reset() {
+delete_database
+}
+
+kill_wd_monit_del_db() {
+
+	wd_monit_pid=$(${PS} | ${GREP} -i "shgw_wd_monit" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_monit_pid ]; then
+		${ECHO} "Stopping monit!"
+		${KILL} -9 $wd_monit_pid
+	fi
+
+	wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+	if [ ! -z $wd_pid ]; then
+		${ECHO} "Stopping watchdog!"
+		${KILL} -9 $wd_pid
+	fi
+	
+	delete_database
+	
+}
+
+soft_reset() {
+	kill_wd_monit_del_db
+	${SHGW_STARTUP_SCRIPT} softstart &
+}
+
+db_reset() {
+	kill_wd_monit_del_db
+	delete_shgw_debug_data_files
+	#Try to restart N number of times. After that don't restart SHP till reboot
+	if [ -f ${SHGW_DB_FAIL_COUNT} ]; then
+		COUNT=`${CAT} ${SHGW_DB_FAIL_COUNT}`
+		COUNT=$((COUNT+1))
+	else
+		COUNT=0
+	fi
+
+	${ECHO} $COUNT > ${SHGW_DB_FAIL_COUNT}
+	if [ $COUNT -lt $SQL_DB_MAX_FAIL_COUNT ]; then
+		${SHGW_STARTUP_SCRIPT} db_start &
+	else
+		${RM} -f ${SHGW_DB_FAIL_COUNT}
+		${ECHO} "Max Reset tried. Exit now" && exit 127
+	fi
+}
+
+#Main
+reset_type=$1
+
+if [ X"$reset_type" == X"hard" ]; then
+	${ECHO} "Hard reset called!" >> ${SHGW_STARTUP_STATUS}
+	hard_reset
+elif [ X"$reset_type" == X"soft" ]; then
+	${ECHO} "Soft reset called!" >> ${SHGW_STARTUP_STATUS}
+	soft_reset
+elif [ X"$reset_type" == X"db_fail" ]; then
+	${ECHO} "DB reset called!" >> ${SHGW_STARTUP_STATUS}
+	db_reset
+fi

_mtdblock3.img.extracted/squashfs-root/bin/shgw_run_ndp_scan.sh

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+
+
+. /etc/shgw/shgw.constants
+. /etc/shgw/shgw.env
+
+SCAN_FILE="${SHGW_TMPFS_PATH}/ndp_scan_file"
+NDP_LOCK_FILE="${SHGW_TMPFS_PATH}/ndp_lock_file"
+
+ping_on_multicast() {
+	local _LAN_IFACES=$(fn_get_lan_ifaces)
+	local _IFACE=""
+	for _IFACE in ${_LAN_IFACES}; do
+		${PING6} -I ${_IFACE} -c 2 ${LOCAL_MULTICAST_ADDRESS} > /dev/null 2>&1
+	done
+}
+
+parse_ndp_cache() {
+	local _LAN_IFACES=$(fn_get_lan_ifaces)
+	local _IFACE=""
+	for _IFACE in ${_LAN_IFACES}; do
+		${IP} -6 neigh 															\
+			| ${GREP} ${_IFACE}										\
+			| ${GREP} -vi fail 													\
+			| ${AWK} '{print $5,$1}' >> ${SCAN_FILE} 2> /dev/null
+	done
+}
+
+empty_scan_file() {
+	> ${SCAN_FILE}
+}
+
+exit_if_running() {
+	if  [ -f "$NDP_LOCK_FILE" ]; then
+		${ECHO} "Already running" && exit 127
+	fi
+	${ECHO} $$ > ${NDP_LOCK_FILE}
+}
+
+remove_ndp_lock_file() {
+	${RM} ${NDP_LOCK_FILE}
+}
+
+#
+# Main
+exit_if_running
+empty_scan_file
+ping_on_multicast
+parse_ndp_cache
+remove_ndp_lock_file
+

_mtdblock3.img.extracted/squashfs-root/bin/shgw_version

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+
+
+#############################################################################
+# Print the SHGW version details
+# The version details are generated by build system
+#
+# Date: 23/03/2016
+#############################################################################
+
+. /etc/shgw/shgw.version
+
+echo
+echo "System Version	: ${SHGW_SYSTEM_VERSION}"
+echo "Version		: ${SHGW_VERSION}"
+echo "Version Date	: ${SHGW_VERSION_DATE}"
+echo "Build Date	: ${SHGW_BUILD_DATE}"
+if [ ! -z ${SHGW_BUILD_NUMBER}  ]; then
+	echo "Build Number	: ${SHGW_BUILD_NUMBER}"
+fi
+if [ ! -z ${SHGW_BUILD_BRANCH}  ]; then
+	echo "GIT Branch	: ${SHGW_BUILD_BRANCH}"
+fi
+echo
+

_mtdblock3.img.extracted/squashfs-root/bin/shgw_wd_dpwrap

@@ -0,0 +1,272 @@
+#!/bin/sh
+
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+
+
+trap fn_on_sigterm SIGTERM
+
+. /etc/shgw/shgw.constants
+. /etc/shgw/shgw.common
+. /etc/shgw/shgw.env
+
+LAN_INTERFACES=$(fn_get_lan_ifaces)
+if [ -z ${LAN_INTERFACES} ]; then
+	${ECHO} "No Lan interfaces! Exiting from dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1
+	exit 0
+fi
+SHGW_DNSPROXY_PID=0
+
+fn_kill_dpwrap_if_running() {
+	if [ -f ${SHGW_DPWRAP_LOCK} ]; then
+		${ECHO} "[$(fn_time_now)] Pid of the previous dpwarp that is running - $(${CAT} ${SHGW_DPWRAP_LOCK}). Going to kill it!" >> ${SHGW_STARTUP_LOG} 2>&1
+		kill -SIGKILL $(${CAT} ${SHGW_DPWRAP_LOCK})
+	fi
+	${ECHO} $$ > ${SHGW_DPWRAP_LOCK}
+	${ECHO} "[$(fn_time_now)] Pid of the current dpwrap - $(${CAT} ${SHGW_DPWRAP_LOCK})]"  >> ${SHGW_STARTUP_LOG} 2>&1
+}
+
+fn_shgw_ipv4_tproxy_setup() {
+	local _IFACE=""
+	${IPTABLES} -w -t mangle -N SHGW_DNS > /dev/null 2>&1
+	for _IFACE in ${LAN_INTERFACES}; do
+		${IPTABLES} -w -t mangle -A SHGW_DNS \
+			-i ${_IFACE} \
+			-p udp --dport 53 \
+			-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK} --on-port ${SHGW_REQ_PORT} > /dev/null 2>&1
+	done
+
+	${IPTABLES} -w -t mangle -I PREROUTING -j SHGW_DNS > /dev/null 2>&1
+
+	${IP} rule add fwmark ${SHGW_TPROXY_MARK} lookup ${SHGW_TABLE} ${SHGW_IPV4_RULE_PREF} > /dev/null 2>&1
+	${IP} route add local 0.0.0.0/0 dev lo table ${SHGW_TABLE} > /dev/null 2>&1
+}
+
+fn_shgw_ipv4_tproxy_cleanup() {
+	local _IFACE=""
+	for _IFACE in ${LAN_INTERFACES}; do
+		fn_run_until_failure "${IPTABLES} -w -t mangle -D SHGW_DNS \
+			-i ${_IFACE} \
+			-p udp --dport 53 \
+			-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK} --on-port ${SHGW_REQ_PORT}"
+	done
+	fn_run_until_failure "${IPTABLES} -w -t mangle -D PREROUTING -j SHGW_DNS"
+	${IPTABLES} -w -t mangle -F SHGW_DNS > /dev/null 2>&1
+	${IPTABLES} -w -t mangle -X SHGW_DNS > /dev/null 2>&1
+
+	${IP} route del local 0.0.0.0/0 dev lo table ${SHGW_TABLE} > /dev/null 2>&1
+	fn_run_until_failure "${IP} rule del fwmark ${SHGW_TPROXY_MARK} lookup ${SHGW_TABLE} ${SHGW_IPV4_RULE_PREF}"
+}
+
+fn_shgw_ipv6_tproxy_setup() {
+	local _IFACE=""
+	${IP6TABLES} -w -t mangle -N SHGW_DNS > /dev/null 2>&1
+	for _IFACE in ${LAN_INTERFACES}; do
+		${IP6TABLES} -w -t mangle -A SHGW_DNS \
+			-i ${_IFACE} \
+			-p udp --dport 53 \
+			-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK6} --on-port ${SHGW_REQ_PORT} > /dev/null 2>&1
+	done
+
+	${IP6TABLES} -w -t mangle -I PREROUTING -j SHGW_DNS > /dev/null 2>&1
+
+	${IP} -6 rule add fwmark ${SHGW_TPROXY_MARK6} lookup ${SHGW_TABLE6} ${SHGW_IPV6_RULE_PREF} > /dev/null 2>&1
+	${IP} -6 route add local ::/0 dev lo table ${SHGW_TABLE6} > /dev/null 2>&1
+}
+
+fn_shgw_ipv6_tproxy_cleanup() {
+	local _IFACE=""
+	for _IFACE in ${LAN_INTERFACES}; do
+		fn_run_until_failure "${IP6TABLES} -w -t mangle -D SHGW_DNS \
+			-i ${_IFACE} \
+			-p udp --dport 53 \
+			-j TPROXY --tproxy-mark ${SHGW_TPROXY_MARK6} --on-port ${SHGW_REQ_PORT}"
+	done
+	fn_run_until_failure "${IP6TABLES} -w -t mangle -D PREROUTING -j SHGW_DNS"
+	${IP6TABLES} -w -t mangle -F SHGW_DNS > /dev/null 2>&1
+	${IP6TABLES} -w -t mangle -X SHGW_DNS > /dev/null 2>&1
+
+	${IP} -6 route del local ::/0 dev lo table ${SHGW_TABLE6} > /dev/null 2>&1
+	fn_run_until_failure "${IP} -6 rule del fwmark ${SHGW_TPROXY_MARK6} lookup ${SHGW_TABLE6} ${SHGW_IPV6_RULE_PREF}"
+}
+
+fn_on_sigterm() {
+	fn_shgw_ipset_cleanup
+	fn_shgw_ipv6_tproxy_cleanup
+	fn_shgw_ipv4_tproxy_cleanup
+	fn_kill_if_running
+	${ECHO} "[$(fn_time_now)] Trap handler.Dnsproxy exited!" >> ${SHGW_STARTUP_LOG} 2>&1
+	exit 0
+}
+
+fn_kill_if_running() {
+	dp_pids=$(${PS} | ${GREP} shgw_dnsproxy | ${GREP} -v grep | ${AWK} '{ print $1 }')
+	if [ ! -z "$dp_pids" ]; then
+		for dp_pid in $dp_pids; do
+			${KILL} -s KILL $dp_pid
+		done
+	fi
+}
+
+fn_launch_and_wait() {
+	${ECHO} "[$(fn_time_now)]" >> ${SHGW_STARTUP_LOG} 2>&1
+	${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
+	${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
+	fn_kill_if_running
+	${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
+	${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
+	$SHGW_DNSPROXY &
+	SHGW_DNSPROXY_PID=$!
+	wait $SHGW_DNSPROXY_PID
+	${ECHO} "[$(fn_time_now)] Dnsproxy exited!" >> ${SHGW_STARTUP_LOG} 2>&1
+}
+
+fn_shgw_ipset_cleanup() {
+
+	## RULES UNDER NAT TABLE
+	${IPTABLES} -w -t nat -F SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_PC_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_PC_PENDING > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_PC_ASK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_EULA_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t nat -F SHGW_WHITELIST > /dev/null 2>&1
+	
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_PENDING > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_ASK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_EULA_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D SHGW_IPSET -j SHGW_WHITELIST > /dev/null 2>&1
+	${IPTABLES} -w -t nat -D ${SHGW_PREROUTING_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
+	
+	${IPTABLES} -w -t nat -X SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_PC_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_PC_PENDING > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_PC_ASK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_EULA_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_WHITELIST > /dev/null 2>&1
+	${IPTABLES} -w -t nat -X SHGW_IPSET > /dev/null 2>&1
+	
+	## RULES UNDER FILTER TABLE
+	${IPTABLES} -w -t filter -F SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t filter -F SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -F SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -F SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	
+	${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -D SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t filter -D ${SHGW_FORWARD_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
+	
+	${IPTABLES} -w -t filter -X SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t filter -X SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -X SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -X SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t filter -X SHGW_IPSET > /dev/null 2>&1
+	
+	
+	${IPSET} destroy SHGW_HOST_REPUTATION	> /dev/null 2>&1 ##Set name and Iptable chain name are same
+	${IPSET} destroy SHGW_HOST_REPUTATION_DST	> /dev/null 2>&1
+	${IPSET} destroy SHGW_PC_BLOCK  > /dev/null 2>&1
+	${IPSET} destroy SHGW_PC_PENDING        > /dev/null 2>&1
+	${IPSET} destroy SHGW_PC_ASK    > /dev/null 2>&1
+	${IPSET} destroy SHGW_PC_TIME_BLOCK     > /dev/null 2>&1 
+	${IPSET} destroy SHGW_EULA_BLOCK	> /dev/null 2>&1
+	${IPSET} destroy SHGW_DEVICE_BLOCK	> /dev/null 2>&1
+	${IPSET} destroy SHGW_NETWORK_PAUSE	> /dev/null 2>&1
+	${IPSET} destroy SHGW_WHITELIST	> /dev/null 2>&1
+}
+
+##Creating custom iptable chains for matching the shgw ipsets
+fn_shgw_ipset_setup() {
+
+	## RULES UNDER NAT TABLE
+	${IPTABLES} -w -t nat -N SHGW_IPSET > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_WHITELIST > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_EULA_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_PC_ASK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_PC_PENDING > /dev/null 2>&1
+	${IPTABLES} -w -t nat -N SHGW_PC_BLOCK > /dev/null 2>&1
+	
+	${IPTABLES} -w -t nat -N SHGW_HOST_REPUTATION > /dev/null 2>&1
+	
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_WHITELIST > /dev/null 2>&1
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_EULA_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_ASK > /dev/null 2>&1
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_PENDING > /dev/null 2>&1
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_PC_BLOCK > /dev/null 2>&1
+
+	${IPTABLES} -w -t nat -A SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t nat -I ${SHGW_PREROUTING_CHAIN} -j SHGW_IPSET > /dev/null 2>&1	
+	
+	## RULES UNDER FILTER TABLE
+	${IPTABLES} -w -t filter -N SHGW_IPSET > /dev/null 2>&1
+	${IPTABLES} -w -t filter -N SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t filter -N SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -N SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -N SHGW_HOST_REPUTATION > /dev/null 2>&1
+	
+	${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_NETWORK_PAUSE > /dev/null 2>&1
+	${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_DEVICE_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_PC_TIME_BLOCK > /dev/null 2>&1
+	${IPTABLES} -w -t filter -A SHGW_IPSET -j SHGW_HOST_REPUTATION > /dev/null 2>&1
+	${IPTABLES} -w -t filter -I ${SHGW_FORWARD_CHAIN} -j SHGW_IPSET > /dev/null 2>&1
+	
+	
+}
+
+# main
+${ECHO} "Starting dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1
+fn_trim_startup_log
+fn_kill_dpwrap_if_running
+fn_shgw_ipv6_tproxy_cleanup
+fn_shgw_ipv6_tproxy_setup
+fn_shgw_ipv4_tproxy_cleanup
+fn_shgw_ipv4_tproxy_setup
+fn_shgw_ipset_cleanup
+fn_shgw_ipset_setup
+fn_launch_and_wait
+fn_shgw_ipset_cleanup
+fn_shgw_ipv4_tproxy_cleanup
+fn_shgw_ipv6_tproxy_cleanup
+${IPTABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
+${IP6TABLES} -t mangle -nvL | ${GREP} ${SHGW_REQ_PORT} >> ${SHGW_STARTUP_LOG} 2>&1
+${ECHO} "Stopping dpwrap" >> ${SHGW_STARTUP_LOG} 2>&1

_mtdblock3.img.extracted/squashfs-root/bin/shgw_wd_monit

@@ -0,0 +1,83 @@
+#!/bin/sh
+
+#############################################################################
+#
+# MCAFEE CONFIDENTIAL
+# Copyright ©2018 McAfee, LLC
+#
+# The source code contained or described herein and all documents related
+# to the source code ("Material") are owned by McAfee or its
+# suppliers or licensors. Title to the Material remains with McAfee
+# or its suppliers and licensors. The Material contains trade
+# secrets and proprietary and confidential information of McAfee or its
+# suppliers and licensors. The Material is protected by worldwide copyright
+# and trade secret laws and treaty provisions. No part of the Material may
+# be used, copied, reproduced, modified, published, uploaded, posted,
+# transmitted, distributed, or disclosed in any way without McAfee's prior
+# express written permission.
+#
+# No license under any patent, copyright, trade secret or other intellectual
+# property right is granted to or conferred upon you by disclosure or
+# delivery of the Materials, either expressly, by implication, inducement,
+# estoppel or otherwise. Any license under such intellectual property rights
+# must be express and approved by McAfee in writing.
+#
+##############################################################################
+
+# A script to monitor if watchdogd is running or not
+#
+# Author : Eswar Yaganti
+# Date : 10-Mar-2016
+
+. /etc/shgw/shgw.constants
+. /etc/shgw/shgw.common
+
+MONIT_PID_FILE=${SHGW_TMPFS_PATH}/.shgw_wd_monit_pid
+
+start_and_monitor_WD() {
+	wd_died=0
+	while true ; do
+		fn_trim_startup_log
+		${SHGW_LOG_TRIMMER} &
+		wd_pid=$(${PS} | ${GREP} -i "shgw_watchdogd" | ${GREP} -v "grep" | ${AWK} -v OFS=' ' '{print $1}')
+		if [ ! -z ${wd_pid} ]; then
+			${ECHO} "[$$] $0 killing previous WD, pid=${wd_pid}, at `uptime`"
+			${ECHO} "[$$] $0 killing previous WD, pid=${wd_pid}, at `uptime`" >> ${SHGW_STARTUP_LOG}
+			${KILL} -9 ${wd_pid}
+			${SLEEP} 2
+		fi
+
+		${ECHO} "[$$] $0 starting ${SHGW_WD} ${SHGW_WD_CONF}, at `uptime`"
+		${ECHO} "[$$] $0 starting ${SHGW_WD} ${SHGW_WD_CONF}, at `uptime`" >> ${SHGW_STARTUP_LOG}
+		${SHGW_WD} ${SHGW_WD_CONF} ${wd_died} 2>>${SHGW_ERROR_FILE} &
+		SHGW_WD_PID=$!
+		wait ${SHGW_WD_PID}
+
+		# Is this required?
+		${SLEEP} 2
+		wd_died=1
+done
+}
+
+exit_if_running() {
+	if [ ! -f ${MONIT_PID_FILE} ]; then
+		${ECHO} "[$$] Fresh instance at `uptime`"
+		${ECHO} "[$$] Fresh instance at `uptime`"  >> ${SHGW_STARTUP_LOG}
+		${ECHO} $$ > ${MONIT_PID_FILE}
+	else
+		_PID=$(${CAT} ${MONIT_PID_FILE})
+		if [ ! -z $(${CAT} /proc/${_PID}/cmdline | ${GREP} shgw_wd_monit) ];then
+			${ECHO} "[$$] Another instance running, pids=[${_PID}] at `uptime`"
+			${ECHO} "[$$] Another instance running, pids=[${_PID}] at `uptime`" >> ${SHGW_STARTUP_LOG}
+			exit 1
+		else
+			${ECHO} "[$$] Overwriting ${MONIT_PID_FILE} at `uptime`"
+			${ECHO} "[$$] Overwriting ${MONIT_PID_FILE} at `uptime`"  >> ${SHGW_STARTUP_LOG}
+			${ECHO} $$ > ${MONIT_PID_FILE}
+		fi
+	fi
+}
+
+exit_if_running
+start_and_monitor_WD
+

_mtdblock3.img.extracted/squashfs-root/bin/sleep

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/tar

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/touch

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/true

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/umount

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/uname

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/uncompress

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/update-patterndb

@@ -0,0 +1,8 @@
+#!/bin/sh
+prefix=
+exec_prefix=${prefix}
+bindir=${exec_prefix}/bin
+sysconfdir=/etc
+localstatedir=${prefix}/var
+
+${bindir}/pdbtool merge -r --glob \*.pdb -D ${sysconfdir}/patterndb.d -p ${localstatedir}/patterndb.xml

_mtdblock3.img.extracted/squashfs-root/bin/usleep

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/bin/vi

@@ -0,0 +1 @@
+busybox

_mtdblock3.img.extracted/squashfs-root/dev/log

@@ -0,0 +1 @@
+/dev/null

_mtdblock3.img.extracted/squashfs-root/etc

@@ -0,0 +1 @@
+/dev/null