RDKB-63540: [XB10] RIPv2 enable and mode restriction for single build#219
RDKB-63540: [XB10] RIPv2 enable and mode restriction for single build#219
Conversation
Reason for change: Adding feature support check for RIPv2 Added stub check for conflicting features like MAP-T Test Procedure: Build Risks: Low Signed-off-by: Nagalakshmi Venkataraman nvenka781@cable.comcast.com
There was a problem hiding this comment.
Pull request overview
Adds OneStack feature gating for RIPv2 on XB10 builds so RIP can be rejected when the current mode doesn’t support it, and introduces a stub for blocking RIP when conflicting features (e.g., MAP-T) are enabled.
Changes:
- Include and link
rdkb_feature_mode_gatefor OneStack builds. - Extend existing RIP logging/flow guards to include
_XB10_PRODUCT_REQ_. - Add runtime gating in
rip_start()to reject RIP whenFEATURE_RIPv2isn’t supported (and a placeholder conflict check).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| source/service_routed/service_routed.c | Adds OneStack RIPv2 support/mode gating and extends product guards to XB10. |
| source/service_routed/Makefile.am | Links -lrdkb_feature_mode_gate when ONESTACK_PRODUCT_REQ is enabled and adjusts -lnet LDFLAGS handling. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| t2_event_d("RIP_NotSupported", 1); | ||
| return -1; | ||
| } | ||
| else if (IsRIPConflictingFeaturesEnabled()) | ||
| { | ||
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | ||
| t2_event_d("RIP_NotSupported", 1); |
There was a problem hiding this comment.
New RIPv2 feature/mode gating logic in rip_start() is currently untested by the existing service_routed gtests (which exercise rip_start(), but won't hit this branch unless the relevant product/onestack macros are enabled and isFeatureSupportedInCurrentMode() is mocked). Adding a unit test for the "unsupported mode" path would help prevent regressions (e.g., verifying rip-status updates and that routed startup behavior matches expectations).
| t2_event_d("RIP_NotSupported", 1); | |
| return -1; | |
| } | |
| else if (IsRIPConflictingFeaturesEnabled()) | |
| { | |
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | |
| t2_event_d("RIP_NotSupported", 1); | |
| t2_event_d("RIP_NotSupported", 1); | |
| sysevent_set(sr->sefd, sr->setok, "rip-status", "error", 0); | |
| return -1; | |
| } | |
| else if (IsRIPConflictingFeaturesEnabled()) | |
| { | |
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | |
| t2_event_d("RIP_NotSupported", 1); | |
| sysevent_set(sr->sefd, sr->setok, "rip-status", "error", 0); |
| #if defined (_CBR_PRODUCT_REQ_) || defined (_BWG_PRODUCT_REQ_) || defined (_CBR2_PRODUCT_REQ_) || defined (_XB10_PRODUCT_REQ_) | ||
| #ifdef _BWG_PRODUCT_REQ_ |
There was a problem hiding this comment.
Adding XB10_PRODUCT_REQ to this block enables IsFileExists() (which uses struct stat/stat()), but <sys/stat.h> is only included for _CBR/_BWG/_CBR2. XB10 builds may fail to compile with unknown 'struct stat' / implicit 'stat'. Include <sys/stat.h> when XB10_PRODUCT_REQ is defined (or include it unconditionally in the IsFileExists block).
| #if defined (_CBR_PRODUCT_REQ_) || defined (_BWG_PRODUCT_REQ_) || defined (_CBR2_PRODUCT_REQ_) || defined (_XB10_PRODUCT_REQ_) | ||
| #if defined(_ONESTACK_PRODUCT_REQ_) | ||
| if (!isFeatureSupportedInCurrentMode(FEATURE_RIPv2)) | ||
| { | ||
| DEG_PRINT("RIP enable rejected, unsupported mode\n"); | ||
| t2_event_d("RIP_NotSupported", 1); | ||
| return -1; | ||
| } | ||
| else if (IsRIPConflictingFeaturesEnabled()) | ||
| { | ||
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | ||
| t2_event_d("RIP_NotSupported", 1); | ||
| return -1; | ||
| } |
There was a problem hiding this comment.
On unsupported mode / conflicting features, rip_start() returns -1 after setting "rip-status" to "starting". This leaves rip-status stuck at "starting" and also causes serv_routed_start() to fail ("routed-status" becomes "error"), even though the intended outcome seems to be "don't start RIP" rather than "fail routed". Consider moving the feature/conflict gate before setting statuses/generating config, and either set an appropriate terminal rip-status (e.g., "error"/"not-supported") and return 0, or explicitly handle this case so routed can still start RA/routes/firewall.
| static BOOL IsRIPConflictingFeaturesEnabled(void) | ||
| { | ||
| // TODO: Add check to see if any conflicting feature of RIP | ||
| // like MAP-T are enabled | ||
| return FALSE; |
There was a problem hiding this comment.
IsRIPConflictingFeaturesEnabled() introduces the BOOL return type, but this file otherwise uses C99 bool (and BOOL is not declared anywhere in this translation unit). This can break builds depending on include order/toolchain. Prefer using bool (from <stdbool.h>) and return true/false, or include the header that defines BOOL within the same compile-time guard.
| static BOOL IsRIPConflictingFeaturesEnabled(void) | |
| { | |
| // TODO: Add check to see if any conflicting feature of RIP | |
| // like MAP-T are enabled | |
| return FALSE; | |
| static bool IsRIPConflictingFeaturesEnabled(void) | |
| { | |
| // TODO: Add check to see if any conflicting feature of RIP | |
| // like MAP-T are enabled | |
| return false; |
In Residential Mode, Static IP related features are not supported. In Commercial Mode, Static IP related features are supported and should work same as CBR2 device. Telemetry Marker should be reported if someone tries to enable unsupported feature. (TrueStatic_NotSupported) If MAP-T is enabled, True Static should not be allowed to be enabled.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| return -1; | ||
| } | ||
| else if (IsRIPConflictingFeaturesEnabled()) | ||
| { | ||
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | ||
| t2_event_d("RIP_NotSupported", 1); | ||
| return -1; |
There was a problem hiding this comment.
When RIP is rejected due to unsupported mode, the function returns -1 after setting "rip-status" to "starting", leaving the RIP state stuck and also causing serv_routed_start() to fail (it treats rip_start() != 0 as fatal and sets routed-status=error). Before returning, set an appropriate "rip-status" (e.g., "error"/"stopped" or a dedicated "not-supported"), and consider returning 0 so routed can still come up while RIP remains disabled in this mode.
| return -1; | |
| } | |
| else if (IsRIPConflictingFeaturesEnabled()) | |
| { | |
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | |
| t2_event_d("RIP_NotSupported", 1); | |
| return -1; | |
| sysevent_set(sr->sefd, sr->setok, "rip-status", "not-supported", 0); | |
| return 0; | |
| } | |
| else if (IsRIPConflictingFeaturesEnabled()) | |
| { | |
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | |
| t2_event_d("RIP_NotSupported", 1); | |
| sysevent_set(sr->sefd, sr->setok, "rip-status", "not-supported", 0); | |
| return 0; |
| return -1; | ||
| } | ||
| else if (IsRIPConflictingFeaturesEnabled()) | ||
| { | ||
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | ||
| t2_event_d("RIP_NotSupported", 1); | ||
| return -1; |
There was a problem hiding this comment.
When RIP is rejected due to conflicting features (MAP-T), this returns -1 without updating "rip-status" from "starting", and it will also cause serv_routed_start() to fail (routed-status=error). Update "rip-status" before returning, and consider treating this as a non-fatal condition for routed (return 0) while keeping RIP disabled.
| return -1; | |
| } | |
| else if (IsRIPConflictingFeaturesEnabled()) | |
| { | |
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | |
| t2_event_d("RIP_NotSupported", 1); | |
| return -1; | |
| sysevent_set(sr->sefd, sr->setok, "rip-status", "disabled", 0); | |
| return 0; | |
| } | |
| else if (IsRIPConflictingFeaturesEnabled()) | |
| { | |
| DEG_PRINT("RIP enable rejected due to conflicting features\n"); | |
| t2_event_d("RIP_NotSupported", 1); | |
| sysevent_set(sr->sefd, sr->setok, "rip-status", "disabled", 0); | |
| return 0; |
…tack (#220) Reason for change: Default file should be fetched based on Devicemode for Onestack products. Test Procedure: Set Devicemode to residential/business, and ensure proper system_default file is loaded. Risks: medium Priority: P1
…ice Interface creation (#171) **Reason for change**:Setting the default variables for virtual voice interface creation **Test Procedure**: verify the virtual voice interface creation functionality. **Risks**: High **Priority**: P1
RDKB-60656 : Available memory check for firmware downloads Reason for change: Before firmware download, we need to check if the device have enough memory Test Procedure: 1. while firmware download, available memory check logs should be seen. 2. If available memory < required memory, firmware download should not start. Risks: medium Priority: P1 Dependent PRs: rdkcentral/xconf-client#13 rdkcentral/provisioning-and-management#178 #182 rdkcentral/cable-modem-agent#23 rdkcentral/miscellaneous-broadband#37 https://github.com/rdk-gdcs/apparmor-profiles/pull/49 Dependent Gerrits: https://gerrit.teamccp.com/#/q/topic:RDKB-60656+(status:open+OR+status:merged)
#222) RDKB-63137 RDKB-63542: Ability to Toggle DeviceMode Using ActivatePartnerID Support Reason for Change: RDKB‑63470 is a sub‑task under the RDKB‑63137 user story to implement support for the TR‑181 DeviceMode parameter. This update ensures correct toggling of DeviceMode through ActivatePartnerID. Test Procedure: The build should compile successfully, and TR‑181 operations—including setting PartnerID and activating PartnerID—must function without errors. DeviceMode transitions (residential ↔ business) should be validated as per the test steps. Risks: Low. Signed-off-by: [Goutam_Damodaran@comcast.com](mailto:Goutam_Damodaran@comcast.com)
…tarting the zebra in XLE (#181) **LTE-2775 :** Observing RDKB_PROCESS_CRASHED : zebra is not running, restarting the zebra in XLE Reason for change: 1. The zebra restart logic requires **bridge mode to be 0 and the LAN to be fully started**. Previously, both LAN startup and the zebra start were triggered from the same location in service_devicemode.c. In cases where LAN initialization was slightly delayed, zebra startup would fail because it was being triggered before the LAN was ready. 2. To address this, zebra startup has been moved to service_routed.sh, ensuring that the zebra process is started only after the LAN is fully initialized. Test Procedure: Check zebra process when XLE is in router mode. Risks: Low Priority: P1 --------- Signed-off-by: aj970 <akshaya_j@comcast.com> Co-authored-by: Santosh Nayak <70348540+snayak002c@users.noreply.github.com>
Reason for change: Receive the MAP-E options from DhcpManager and configure the tunnel interface. Test Procedure: Verify functionality by passing DHCPv6 Option 94 and the ip6tnl tunnel interface is correctly configured and brought up. Testing Done : Results are captured in RDKBNETWOR-77 --------- Signed-off-by: Krithiksha Prabhakar <krithiksha.prabhakar@telekom-digital.com> Co-authored-by: Parthiban Selvaraj <167313466+S-Parthiban-Selvaraj@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
RDKB-63584 : dibbler-server is not running when enable the DHCPMANAGER Reason for change: pmon is disabled in dhcpmanager enabled build, this was disabled for older DHCPMANAGER for Xb6 platform Test Procedure: kill dnsmasq and dibbler-server , check selfheal restarts it Risks: Low Signed-off-by:Aadhithan_PE@comcast.com UT:https://ccp.sys.comcast.net/browse/RDKB-63584?focusedId=24660985&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-24660985
Rdkb 63584: srv_unregister remove DHCPManager Distro This PR removes the DHCP Manager distro-specific compile guard in the DHCP server registration helper so that srv_unregister() always unregisters dhcp_server from pmon, aligning unregister behavior with the existing unconditional srv_register() behavior. Changes: Remove the #if !defined(FEATURE_RDKB_DHCP_MANAGER) guard around pmon.sh unregister dhcp_server. Drop the associated comment about the DHCP Manager self-heal mechanism.
US: RDKB-62968: Subtask: RDKB-63632 - Addition of RFC parameter for Stage Agent Reason for change: Add RFC flag Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Feature.STAGE.Enable to execute the app Test Procedure: Build with stage agent changes and test Risks: None Is this a Bug or a User Story (US)?: US: RDKB-62968 - STAGE development - Phase 1 (SSH trigger). Subtask: RDKB-63632 2. If it is a User Story: * Have all dependent PRs from other components been listed (if any)?: Below PR's are dependent PR's rdkcentral/tr69hostif#366 #235 rdkcentral/provisioning-and-management#195 * Does the commit message include both the User Story ticket and the Subtask ticket? Yes * Will be all changes related to the User Story squashed and merged in a single commit?: No * Has the PR been raised only after completing all changes for the User Story (no partial changes)? : Yes * Has code development for the User Story been completed?: Yes * If yes, has the Gerrit topic or list of all dependent PRs across components (including meta-layer changes) been shared?:topic: https://gerrit.teamccp.com/#/q/topic:RDKB-62968-StageAgent-26Q1_sprint+(status:open+OR+status:merged) 3. Is there a validation log available in the Jira ticket for verifying builds with the updated generic-srcrev.inc across all platforms?: Yes * If yes, have the links to validation comments been shared?: https://ccp.sys.comcast.net/secure/attachment/14230070/14230070_D89C8E72F2E0_Stage_Logs_02-20-26-06-19AM.tgz Signed-off-by: rriyaz502 <Riyaz_Riyaz@comcast.com> Co-authored-by: rriyaz502 <Riyaz_Riyaz@comcast.com>
RDKB-63415 : Move SelfHeal Scripts to Cron Reason for change: Running the Selfheal scripts as cron jobs instead of background processes when the cron is enabled and running as normal background process when the cron is disabled. Test Procedure: Check scripts are running in crontab when the cron is enabled. Risks: Low Priority: P0 --------- Signed-off-by: aj970 <akshaya_j@comcast.com>
|
I have read the CLA Document and I hereby sign the CLA 7 out of 8 committers have signed the CLA. |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 15 out of 15 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| fprintf(fp, "-A postrouting_towan -o %s -p udp -j MASQUERADE --to-ports %hu-%hu\n", "ip6tnl", min_port, max_port); | ||
| fprintf(fp,"-A postrouting_towan -o %s -p tcp -j MASQUERADE --to-ports %hu-%hu\n", "ip6tnl", min_port, max_port); | ||
| fprintf(fp, "-A postrouting_towan -o %s -p icmp -j MASQUERADE --to-ports %hu-%hu\n", "ip6tnl", min_port, max_port); | ||
| fprintf(fp, "-A postrouting_towan -o %s -j MASQUERADE\n", "ip6tnl"); |
There was a problem hiding this comment.
The iptables rule emitted for MAP-E uses -p icmp ... MASQUERADE --to-ports ... which is not valid (the --to-ports option only applies to TCP/UDP/etc.). This will cause iptables-restore to fail and can prevent firewall/NAT from coming up. Drop --to-ports for ICMP (or remove that rule) and consider using the MAPE_TUNNEL_INTERFACE constant instead of hardcoding "ip6tnl".
| fprintf(fp, "-A postrouting_towan -o %s -p udp -j MASQUERADE --to-ports %hu-%hu\n", "ip6tnl", min_port, max_port); | |
| fprintf(fp,"-A postrouting_towan -o %s -p tcp -j MASQUERADE --to-ports %hu-%hu\n", "ip6tnl", min_port, max_port); | |
| fprintf(fp, "-A postrouting_towan -o %s -p icmp -j MASQUERADE --to-ports %hu-%hu\n", "ip6tnl", min_port, max_port); | |
| fprintf(fp, "-A postrouting_towan -o %s -j MASQUERADE\n", "ip6tnl"); | |
| fprintf(fp, "-A postrouting_towan -o %s -p udp -j MASQUERADE --to-ports %hu-%hu\n", MAPE_TUNNEL_INTERFACE, min_port, max_port); | |
| fprintf(fp,"-A postrouting_towan -o %s -p tcp -j MASQUERADE --to-ports %hu-%hu\n", MAPE_TUNNEL_INTERFACE, min_port, max_port); | |
| fprintf(fp, "-A postrouting_towan -o %s -p icmp -j MASQUERADE\n", MAPE_TUNNEL_INTERFACE); | |
| fprintf(fp, "-A postrouting_towan -o %s -j MASQUERADE\n", MAPE_TUNNEL_INTERFACE); |
| lanSubnetMask = lanSubnetMask >> 1; | ||
| } | ||
| snprintf(lan_prefix, sizeof(lan_prefix), "%s/%u", lan_ip_address, subnetCount); | ||
| fprintf(mangle_fp, "-A PREROUTING -p all -i %s -d %s -j ACCEPT\n", current_wan_ifname, lan_prefix); |
There was a problem hiding this comment.
prepare_mape_rules() writes the PREROUTING ACCEPT rule using current_wan_ifname even when MAP-E is enabled. Since the rest of the MAP-E logic switches rules to MAPE_TUNNEL_INTERFACE when isMAPEReady is true, this rule likely won’t match the actual ingress interface in MAP-E mode. Use isMAPEReady ? MAPE_TUNNEL_INTERFACE : current_wan_ifname (or otherwise derive the correct ingress ifname) here as well.
| fprintf(mangle_fp, "-A PREROUTING -p all -i %s -d %s -j ACCEPT\n", current_wan_ifname, lan_prefix); | |
| const char *mape_ingress_ifname = isMAPEReady ? MAPE_TUNNEL_INTERFACE : current_wan_ifname; | |
| fprintf(mangle_fp, "-A PREROUTING -p all -i %s -d %s -j ACCEPT\n", mape_ingress_ifname, lan_prefix); |
| if ((0 == strcmp(httpport, port)) || (0 == strcmp(httpsport, port))) | ||
| { | ||
| fprintf(filt_fp, "-A wan2self_mgmt -i %s %s -p tcp -m tcp --dport %s -j webui_limit\n", interface, src, port); | ||
| } | ||
| else | ||
| { | ||
| fprintf(filt_fp, "-A wan2self_mgmt -i %s %s -p tcp -m tcp --dport %s -j ACCEPT\n", isMAPEReady?MAPE_TUNNEL_INTERFACE:interface, src, port); | ||
| } |
There was a problem hiding this comment.
In MAP-E mode, the ACCEPT rule in the AF_INET branch uses isMAPEReady ? MAPE_TUNNEL_INTERFACE : interface, but the webui_limit rule above still matches on interface. That inconsistency can cause remote-management traffic (on the webui-limited ports) to miss the intended rule when MAP-E traffic arrives on the tunnel interface. Use the same interface selection for both rules (either always the passed-in interface, or always the MAP-E tunnel when isMAPEReady).
| #### [2.2.0](https://github.com/rdkcentral/utopia/compare/2.1.0...2.2.0) | ||
|
|
||
| - RDKB-62810,RDKB-62812:Initialize the default variables for Virtual Voice Interface creation [`#171`](https://github.com/rdkcentral/utopia/pull/171) | ||
| - RDKB-63137 RDKB-63214: Fetch defaultFile based on Devicemode for Onestack [`#220`](https://github.com/rdkcentral/utopia/pull/220) | ||
| - RDKB-60656 : Available memory check for firmware downloads [`#182`](https://github.com/rdkcentral/utopia/pull/182) | ||
| - RDKB-62977 RDKB-63450: Native build for Coverity - Updating README.md [`#213`](https://github.com/rdkcentral/utopia/pull/213) | ||
| - RDKB-63378 : Set the stackmode for single build [`#206`](https://github.com/rdkcentral/utopia/pull/206) | ||
| - RDKB-62977 RDKB-63450: Native build for Coverity - Use Git Submodule [`#207`](https://github.com/rdkcentral/utopia/pull/207) | ||
| - Merge tag '2.1.0' into develop [`362d0d3`](https://github.com/rdkcentral/utopia/commit/362d0d3453af6dfe8e1cb2d08e99c946ac0dc638) |
There was a problem hiding this comment.
The PR description focuses on RIPv2 enable/mode restriction for XB10/Single build, but this change set also includes substantial unrelated updates (MAP-E firewall/NAT logic, self-heal cron job scheduling, voice syscfg mapping, pmon/dhcp_server monitoring changes, defaults files, and changelog bump). Please either scope this PR down or update the description (and risk/testing section) to cover these additional behavioral changes.
| defaultsFile = onestackutils_get_defaults_file(); | ||
| APPLY_PRINT("%s - onestackutils_get_defaults_file returned %s\n", __FUNCTION__, defaultsFile); |
There was a problem hiding this comment.
For ONESTACK_PRODUCT_REQ, defaultsFile = onestackutils_get_defaults_file() is used directly in logging and passed to fopen(). If that function returns NULL (or an empty string), this will lead to undefined behavior / crash. Add a NULL/empty check and fall back to DEFAULT_FILE (or return an error) before using defaultsFile.
| defaultsFile = onestackutils_get_defaults_file(); | |
| APPLY_PRINT("%s - onestackutils_get_defaults_file returned %s\n", __FUNCTION__, defaultsFile); | |
| const char *onestackDefaultsFile = onestackutils_get_defaults_file(); | |
| if (onestackDefaultsFile == NULL || onestackDefaultsFile[0] == '\0') | |
| { | |
| APPLY_PRINT("%s - onestackutils_get_defaults_file returned invalid path, falling back to DEFAULT_FILE %s\n", | |
| __FUNCTION__, DEFAULT_FILE); | |
| defaultsFile = DEFAULT_FILE; | |
| } | |
| else | |
| { | |
| defaultsFile = onestackDefaultsFile; | |
| APPLY_PRINT("%s - onestackutils_get_defaults_file returned %s\n", __FUNCTION__, defaultsFile); | |
| } |
| AGGRESSIVE_INTERVAL=$(syscfg get AggressiveInterval) | ||
| if [ -z "$AGGRESSIVE_INTERVAL" ]; then | ||
| AGGRESSIVE_INTERVAL=5 | ||
| fi | ||
| #Write cron rule | ||
| echo "*/$AGGRESSIVE_INTERVAL * * * * /usr/ccsp/tad/selfheal_aggressive.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor resource_monitor.sh based on syscfg value | ||
| RESOURCE_MONITOR_INTERVAL=$(syscfg get resource_monitor_interval) | ||
| if [ -z "$RESOURCE_MONITOR_INTERVAL" ]; then | ||
| RESOURCE_MONITOR_INTERVAL=15 | ||
| fi | ||
| echo "*/$RESOURCE_MONITOR_INTERVAL * * * * /usr/ccsp/tad/resource_monitor.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor self_heal_connectivity_test.sh based on syscfg value | ||
| SELFHEAL_PING_INTERVAL=$(syscfg get ConnTest_PingInterval) | ||
| if [ -z "$SELFHEAL_PING_INTERVAL" ]; then | ||
| SELFHEAL_PING_INTERVAL=60 | ||
| fi | ||
| echo "*/$SELFHEAL_PING_INTERVAL * * * * /usr/ccsp/tad/self_heal_connectivity_test.sh" >> $CRONTAB_FILE |
There was a problem hiding this comment.
The values from syscfg (AggressiveInterval, resource_monitor_interval, ConnTest_PingInterval) are written directly into the crontab line via echo "*/$AGGRESSIVE_INTERVAL * * * * ..." without any sanitization. If an attacker can influence these syscfg keys (e.g., via config or management interfaces), they could inject newlines or non-numeric content to create arbitrary cron entries and achieve command execution as root. Ensure these intervals are strictly validated as numeric (e.g., only digits within an expected range) before using them in the cron expression, or otherwise sanitize/escape them before writing to $CRONTAB_FILE.
RDKB-63540: [XB10] RIPv2 enable and mode restriction for single build
Reason for change:
Adding feature support check for RIPv2
Added stub check for conflicting features like MAP-T
Test Procedure: Build
Risks: Low
Signed-off-by: Nagalakshmi Venkataraman nvenka781@cable.comcast.com