Release 2.5.1

CHANGELOG.md

@@ -4,12 +4,21 @@ All notable changes to this project will be documented in this file. Dates are d
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
+#### [2.5.1](https://github.com/rdkcentral/advanced-security/compare/2.5.0...2.5.1)
+
+- RDKB-64184, RDKB-65468 : Include all Network Intelligence (NI) processes to compute overall NI memory consumption [`#88`](https://github.com/rdkcentral/advanced-security/pull/88)
+- RDKB-64184, RDKB-65468, RDKB-64928 : 26.1.3 WDA update [`#87`](https://github.com/rdkcentral/advanced-security/pull/87)
+- Merge tag '2.5.0' into develop [`72be850`](https://github.com/rdkcentral/advanced-security/commit/72be8508d694d6c8fb0ab025921a8ca2e6161f52)
+
 #### [2.5.0](https://github.com/rdkcentral/advanced-security/compare/2.4.0...2.5.0)
 
+> 3 June 2026
+
 - RDKB-64489 : fix to prevent firewall restart on a bridgemode_event change [`#64`](https://github.com/rdkcentral/advanced-security/pull/64)
 - RDKB-64184, RDKB-63906 : start or stop Network Intelligence (NI) service only if present [`#84`](https://github.com/rdkcentral/advanced-security/pull/84)
 - RDKB-64184, RDKB-63906 : Remove platform specific checks for network intelligence feature [`#83`](https://github.com/rdkcentral/advanced-security/pull/83)
 - RDKB-64184, RDKB-64546 : RFC implementation and NI CPU, Memory monitoring for CUJO 26.1 release [`#80`](https://github.com/rdkcentral/advanced-security/pull/80)
+- Add changelog for release 2.5.0 [`31135f5`](https://github.com/rdkcentral/advanced-security/commit/31135f51bc0719dc3ae6dcb1b2ac56ff1ddde5d2)
 - Merge tag '2.4.0' into develop [`57da2f9`](https://github.com/rdkcentral/advanced-security/commit/57da2f9956e4fa9143426e5af941f9a10db5fcfb)
 
 #### [2.4.0](https://github.com/rdkcentral/advanced-security/compare/2.3.0...2.4.0)

scripts/advsec_cpu_mem_recovery.sh

@@ -45,7 +45,7 @@ fi
 NI_ENABLE=$(dmcli eRT retv Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Feature.NetworkIntelligence.Enable)
 
 # Default NI memory hard limit in MB
-NI_MEM_HARD_LIMIT=15
+NI_MEM_HARD_LIMIT=25
 
 #syscfg contains value in MB.
 ni_max_rss=$(syscfg get Advsecurity_NetworkIntelligenceMemoryLimit)
@@ -147,30 +147,28 @@ check_networkintelligence_mem_recovery()
     fi
 
     echo "####Network Intelligence RSS/PSS MEM stats####" >> $ADVSEC_AGENT_LOG_PATH
-    ni_rss=0
-    ni_pss=0
+    total_ni_rss=0
+    total_ni_pss=0
     for pid in ${NI_PID_LIST}; do
         sfile=/proc/$pid/smaps_rollup
         if [ -e "$sfile" ]; then
             rss=$(awk '/^Rss:/{print $2}' "$sfile")
             pss=$(awk '/^Pss:/{print $2}' "$sfile")
             proc_name=$(tr '\0' ' ' < /proc/$pid/cmdline | sed 's/[[:space:]]*$//')
             echo_t "$pid:$proc_name : RSS=$rss kB PSS=$pss kB" >> $ADVSEC_AGENT_LOG_PATH
-            if [ ${ni_rss} -eq 0 ]; then
-                ni_rss=$rss
-                ni_pss=$pss
-            fi
+            total_ni_rss=$(( total_ni_rss + rss ))
+            total_ni_pss=$(( total_ni_pss + pss ))
         fi
     done
 
-    t2ValNotify "NI_RSS_MEM_kB_split" "$ni_rss"
-    t2ValNotify "NI_PSS_MEM_kB_split" "$ni_pss"
-    echo_t "NI_RSS_MEM:$ni_rss kB" >> $ADVSEC_AGENT_LOG_PATH
-    echo_t "NI_PSS_MEM:$ni_pss kB" >> $ADVSEC_AGENT_LOG_PATH
+    t2ValNotify "NI_RSS_MEM_kB_split" "$total_ni_rss"
+    t2ValNotify "NI_PSS_MEM_kB_split" "$total_ni_pss"
+    echo_t "NI_RSS_MEM:$total_ni_rss kB" >> $ADVSEC_AGENT_LOG_PATH
+    echo_t "NI_PSS_MEM:$total_ni_pss kB" >> $ADVSEC_AGENT_LOG_PATH
     echo "##############################################" >> $ADVSEC_AGENT_LOG_PATH
 
-    if [ "$ni_rss" -ge "$NI_MAX_RSS_THRESHOLD" ]; then
-        echo_t "Warning !!! NetworkIntelligence reached memory limit of $NI_MEM_HARD_LIMIT MB, current:$ni_rss kB, restarting cujo-ni" >> $ADVSEC_AGENT_LOG_PATH
+    if [ "$total_ni_rss" -ge "$NI_MAX_RSS_THRESHOLD" ]; then
+        echo_t "Warning !!! NetworkIntelligence reached memory limit of $NI_MEM_HARD_LIMIT MB, current:$total_ni_rss kB, restarting cujo-ni service" >> $ADVSEC_AGENT_LOG_PATH
         systemctl restart cujo-ni
     fi
 }

source/AdvSecurityDml/cosa_adv_security_dml.c

@@ -31,7 +31,7 @@
 #define MIN_AGENT_MEMORY_HARD_LIMIT 45
 #define MAX_RABID_MACCACHE_SIZE 32768
 #define MAX_RABID_DNSCACHE_SIZE 32768
-#define MIN_NI_MEMORY_HARD_LIMIT 15
+#define MIN_NI_MEMORY_HARD_LIMIT 25
 
 extern COSA_DATAMODEL_AGENT* g_pAdvSecAgent;
 extern pthread_mutex_t logMutex;
@@ -4127,7 +4127,7 @@ NetworkIntelligence_RFC_SetParamUlongValue
         if(uValue == g_pAdvSecAgent->pAdvNetworkIntelligence_RFC->uMemoryLimit)
             return TRUE;
 
-        if (uValue <= MIN_NI_MEMORY_HARD_LIMIT)
+        if (uValue < MIN_NI_MEMORY_HARD_LIMIT)
             return FALSE;
 
         returnStatus = CosaNetworkIntelligenceSetMemoryLimit(g_pAdvSecAgent->pAdvNetworkIntelligence_RFC, uValue);

source/AdvSecurityDml/cujoagent_dcl_api.c

@@ -1560,13 +1560,29 @@ static void cujoagent_new_station_event(
   hash_map_t *assoc_dev_map = NULL;
   assoc_dev_data_t *assoc_dev_data = NULL;
   wifi_interface_name_idex_map_t *iface_map = NULL;
+  int vap_array_index = 0;
 
   /* Count clients across _all_ VAPs of interest */
   *station_update_event_size = sizeof(struct cujo_fpc_wifi_station_event);
   for (unsigned int i = 0; i < consumer->hal_cap.wifi_prop.numRadios; i++) {
     for (unsigned int j = 0; j < consumer->vap_subs_count; j++) {
+      iface_map = cujoagent_iface_property(
+          &consumer->hal_cap.wifi_prop, consumer->vap_subs_indexes[j]);
+      if (!iface_map) {
+        CcspTraceError(("Couldn't find interface map for VAP index [%u]\n",
+                        consumer->vap_subs_indexes[j]));
+        continue;
+      }
+      if (iface_map->rdk_radio_index != i) {
+        continue;
+      }
+      vap_array_index =
+          cujoagent_vap_array_index(&consumer->hal_cap.wifi_prop, iface_map);
+      if (vap_array_index < 0) {
+        continue;
+      }
       assoc_dev_map = consumer->radios[i]
-                          .vaps.rdk_vap_array[consumer->vap_subs_indexes[j]]
+                          .vaps.rdk_vap_array[vap_array_index]
                           .associated_devices_map;
       if (assoc_dev_map) {
         assoc_dev_count = hash_map_count(assoc_dev_map);
@@ -1586,28 +1602,25 @@ static void cujoagent_new_station_event(
   /* Populate the station update event with the list of _all_ connected clients */
   for (unsigned int i = 0, offset = 0; i < consumer->hal_cap.wifi_prop.numRadios; i++) {
     for (unsigned int j = 0; j < consumer->vap_subs_count; j++) {
+      iface_map = cujoagent_iface_property(
+          &consumer->hal_cap.wifi_prop, consumer->vap_subs_indexes[j]);
+      if (!iface_map) {
+        CcspTraceError(("Couldn't find interface map for VAP index [%u]\n",
+                        consumer->vap_subs_indexes[j]));
+        continue;
+      }
+      if (iface_map->rdk_radio_index != i) {
+        continue;
+      }
+      vap_array_index =
+          cujoagent_vap_array_index(&consumer->hal_cap.wifi_prop, iface_map);
+      if (vap_array_index < 0) {
+        continue;
+      }
       assoc_dev_map = consumer->radios[i]
-                          .vaps.rdk_vap_array[consumer->vap_subs_indexes[j]]
+                          .vaps.rdk_vap_array[vap_array_index]
                           .associated_devices_map;
       if (assoc_dev_map) {
-        /* We need the if_name of the VAP each client is connected to, not the
-         * if_name of the VAP where the particular (dis)connect event happened.
-         * Therefore, get the iface_map here rather than passing it as an
-         * argument from the diff map we are processing the particular station
-         * event for. */
-        iface_map = cujoagent_iface_property(
-            &consumer->hal_cap.wifi_prop,
-            consumer->radios[i]
-                .vaps.rdk_vap_array[consumer->vap_subs_indexes[j]]
-                .vap_index);
-        if (!iface_map) {
-          CcspTraceError(("Couldn't find interface map for vap index [%u]\n",
-                          consumer->radios[i]
-                              .vaps.rdk_vap_array[consumer->vap_subs_indexes[j]]
-                              .vap_index));
-          break;
-        }
-
         assoc_dev_count = hash_map_count(assoc_dev_map);
         assoc_dev_data = hash_map_get_first(assoc_dev_map);
         for (unsigned int k = 0; assoc_dev_data; k++) {
@@ -2048,20 +2061,22 @@ cujoagent_process_client_state(client_state_t client_state,
 
   for (unsigned int i = 0; i < consumer->hal_cap.wifi_prop.numRadios; i++) {
     for (unsigned int j = 0; j < consumer->vap_subs_count; j++) {
-      vap_array_index = consumer->vap_subs_indexes[j];
-      iface_map =
-          cujoagent_iface_property(&decoded_params->hal_cap.wifi_prop,
-                                   decoded_params->radios[i]
-                                       .vaps.rdk_vap_array[vap_array_index]
-                                       .vap_index);
+      iface_map = cujoagent_iface_property(
+          &decoded_params->hal_cap.wifi_prop, consumer->vap_subs_indexes[j]);
       if (!iface_map) {
-        CcspTraceError(("Couldn't find interface map for vap index [%u]\n",
-                        decoded_params->radios[i]
-                            .vaps.rdk_vap_array[vap_array_index]
-                            .vap_index));
+        CcspTraceError(("Couldn't find interface map for VAP index [%u]\n",
+                        consumer->vap_subs_indexes[j]));
+        continue;
+      }
+      if (iface_map->rdk_radio_index != i) {
+        continue;
+      }
+      vap_array_index = cujoagent_vap_array_index(
+          &decoded_params->hal_cap.wifi_prop, iface_map);
+      if (vap_array_index < 0) {
         continue;
       }
-      radio = &decoded_params->radios[iface_map->rdk_radio_index];
+      radio = &decoded_params->radios[i];
       vap_info = &radio->vaps.vap_map.vap_array[vap_array_index];
 
       assoc_dev_diff_map = decoded_params->radios[i]