buildscript: fix fetch step

firewall: Add flow offloading
layer3: Enable flow offloading
2021-06-04 00:27:22 +02:00 · 2021-06-04 00:26:46 +02:00 · 2021-06-04 00:26:44 +02:00 · 2021-06-04 00:26:40 +02:00 · 2021-04-27 21:01:42 +02:00 · 2021-04-19 20:33:08 +02:00
47 changed files with 511 additions and 996 deletions
--- a/bsp/octeon.bsp
+++ b/bsp/octeon.bsp
@ -0,0 +1,5 @@
+chipset=octeon
+
+images=(
+        "openwrt-${chipset}-ubnt_edgerouter-4-*"
+       )
--- a/bsp/octeon/.config
+++ b/bsp/octeon/.config
@ -0,0 +1,21 @@
+# Generated using "./buildscript config openwrt".
+# Do no edit manually
+#
+CONFIG_TARGET_octeon=y
+CONFIG_TARGET_MULTI_PROFILE=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
+CONFIG_TARGET_DEVICE_octeon_DEVICE_ubnt_edgerouter-4=y
+CONFIG_TARGET_DEVICE_PACKAGES_octeon_DEVICE_ubnt_edgerouter-4=""
+CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
+# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
+# CONFIG_BUSYBOX_CONFIG_CROND is not set
+# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
+CONFIG_CLEAN_IPKG=y
+# CONFIG_DROPBEAR_CURVE25519 is not set
+# CONFIG_PACKAGE_ALFRED_VIS is not set
+CONFIG_PACKAGE_opkg=m
+CONFIG_STRIP_KERNEL_EXPORTS=y
+CONFIG_TARGET_SQUASHFS_BLOCK_SIZE=512
--- a/bsp/ramips-mt7621.bsp
+++ b/bsp/ramips-mt7621.bsp
@ -2,7 +2,7 @@ chipset=ramips
 subtarget=mt7621

 images=(
-        "openwrt-ramips-mt7621-r6220-squashfs-*"
-        "openwrt-ramips-mt7621-ubnt-erx-squashfs-*"
-        "openwrt-ramips-mt7621-ubnt-erx-sfp-squashfs-*"
+        "openwrt-ramips-mt7621-netgear_r6220-squashfs-*"
+        "openwrt-ramips-mt7621-ubnt_edgerouter-x-squashfs-*"
+        "openwrt-ramips-mt7621-ubnt_edgerouter-x-sfp-squashfs-*"
       )
--- a/bsp/ramips-mt7621/.config
+++ b/bsp/ramips-mt7621/.config
@ -4,12 +4,12 @@
 CONFIG_TARGET_ramips=y
 CONFIG_TARGET_ramips_mt7621=y
 CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_r6220=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_r6220=""
-CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt-erx=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt-erx=""
-CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt-erx-sfp=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt-erx-sfp=""
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_netgear_r6220=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_netgear_r6220=""
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt_edgerouter-x=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt_edgerouter-x=""
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt_edgerouter-x-sfp=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt_edgerouter-x-sfp=""
 CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 # CONFIG_BUSYBOX_CONFIG_BRCTL is not set
@ -19,13 +19,6 @@ CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 # CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
 CONFIG_CLEAN_IPKG=y
 # CONFIG_DROPBEAR_CURVE25519 is not set
-# CONFIG_FASTD_ENABLE_CIPHER_SALSA2012 is not set
-# CONFIG_FASTD_ENABLE_MAC_GHASH is not set
-# CONFIG_FASTD_ENABLE_MAC_UHASH is not set
-# CONFIG_FASTD_ENABLE_METHOD_COMPOSED_GMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_COMPOSED_UMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_GENERIC_GMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_GENERIC_UMAC is not set
 # CONFIG_PACKAGE_ALFRED_VIS is not set
 CONFIG_PACKAGE_opkg=m
 CONFIG_STRIP_KERNEL_EXPORTS=y
--- a/build_patches/openwrt/0001-Disable-OpenWrt-config-migration-mechanisms.patch
+++ b/build_patches/openwrt/0001-Disable-OpenWrt-config-migration-mechanisms.patch
@ -6,18 +6,23 @@ This disables all OpenWrt config migration mechanisms except for
 files listed in /etc/sysupgrade.conf

 diff --git a/package/base-files/files/sbin/sysupgrade b/package/base-files/files/sbin/sysupgrade
-index 6c518b780eddd973966537b50d8f7c82539bb1e1..49d4514b988e827098450d57da0ae50a37506d3a 100755
+index 7977b06ef1..df60f21b2f 100755
 --- a/package/base-files/files/sbin/sysupgrade
 +++ b/package/base-files/files/sbin/sysupgrade
-@@ -134,9 +134,9 @@ list_changed_conffiles() {
- add_conffiles() {
- 	local file="$1"
- 	( find $(sed -ne '/^[[:space:]]*$/d; /^#/d; p' \
+@@ -135,14 +135,14 @@ list_static_conffiles() {
+ 	local filter=$1
+ 
+ 	find $(sed -ne '/^[[:space:]]*$/d; /^#/d; p' \
 -		/etc/sysupgrade.conf /lib/upgrade/keep.d/* 2>/dev/null) \
 +		/etc/sysupgrade.conf 2>/dev/null) \
- 		\( -type f -o -type l \) $find_filter 2>/dev/null;
-	  list_changed_conffiles ) | sort -u > "$file"
-+	  ) | sort -u > "$file"
- 	return 0
+ 		\( -type f -o -type l \) $filter 2>/dev/null
 }
 
+ add_conffiles() {
+ 	local file="$1"
+ 
+-	( list_static_conffiles "$find_filter"; list_changed_conffiles ) |
+	( list_static_conffiles "$find_filter" ) |
+ 		sort -u > "$file"
+ 	return 0
+ }
--- a/build_patches/openwrt/0002-set-root-password.patch
+++ b/build_patches/openwrt/0002-set-root-password.patch
@ -3,7 +3,7 @@ Date: Sat, 8 Jul 2017 10:47:28 +0200
 Subject: set root password

 diff --git a/package/base-files/files/etc/shadow b/package/base-files/files/etc/shadow
-index 4b4154f21f478cc025a350363b3e34319c6afacc..b8d180a95691ab09f9c4d759ffd97da34a022623 100644
+index 4b4154f21f..b8d180a956 100644
 --- a/package/base-files/files/etc/shadow
 +++ b/package/base-files/files/etc/shadow
@@ -1,4 +1,4 @@
--- a/build_patches/openwrt/0003-ntpd-host-as-string.patch
+++ b/build_patches/openwrt/0003-ntpd-host-as-string.patch
@ -3,7 +3,7 @@ Date: Sat, 8 Jul 2017 10:47:56 +0200
 Subject: ntpd host as string

 diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd
-index 52866ba32acd26a490f9c9024fc3e43e0f757496..b6b28cd02527b89c0a4cc2f9adef52bb4c8427b0 100755
+index 19571a2306..c58febfbfe 100755
 --- a/package/utils/busybox/files/sysntpd
 +++ b/package/utils/busybox/files/sysntpd
@@ -30,7 +30,7 @@ get_dhcp_ntp_servers() {
--- a/build_patches/openwrt/0004-vxlan-remove-mandatory-peeraddr.patch
+++ b/build_patches/openwrt/0004-vxlan-remove-mandatory-peeraddr.patch
@ -1,43 +0,0 @@
-From: Johannes Kimmel <fff@bareminimum.eu>
-Date: Mon, 20 Jul 2020 08:05:09 +0200
-Subject: vxlan: remove mandatory peeraddr
-
-vxlan can be configured without a peer address. This is used to prepare
-an interface and add peers later.
-
-Fixes: FS#2743
-
-Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
-(cherry picked from commit 5222aadbf353b7cc030c39aa816f33951b104552)
-
-diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index 7b1c7039551b7781f5f7a8e73b964db698f3697b..bdcaa628c4416cc83258dd38a6fc0978ea55a3bb 100755
--- a/package/network/config/vxlan/files/vxlan.sh
-+++ b/package/network/config/vxlan/files/vxlan.sh
-@@ -55,12 +55,6 @@ proto_vxlan_setup() {
- 	local ipaddr peeraddr
- 	json_get_vars ipaddr peeraddr tunlink
- 
-	[ -z "$peeraddr" ] && {
-		proto_notify_error "$cfg" "MISSING_ADDRESS"
-		proto_block_restart "$cfg"
-		exit
-	}
-
- 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
- 
- 	[ -z "$ipaddr" ] && {
-@@ -85,12 +79,6 @@ proto_vxlan6_setup() {
- 	local ip6addr peer6addr
- 	json_get_vars ip6addr peer6addr tunlink
- 
-	[ -z "$peer6addr" ] && {
-		proto_notify_error "$cfg" "MISSING_ADDRESS"
-		proto_block_restart "$cfg"
-		exit
-	}
-
- 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
- 
- 	[ -z "$ip6addr" ] && {
--- a/build_patches/openwrt/0005-vxlan-add-capability-for-multiple-fdb-entries.patch
+++ b/build_patches/openwrt/0005-vxlan-add-capability-for-multiple-fdb-entries.patch
@ -1,159 +0,0 @@
-From: Johannes Kimmel <fff@bareminimum.eu>
-Date: Mon, 20 Jul 2020 08:05:10 +0200
-Subject: vxlan: add capability for multiple fdb entries
-
-Similar to wireguard, vxlan can configure multiple peers or add specific
-entries to the fdb for a single mac address.
-
-While you can still use peeraddr/peer6addr option within the proto
-vxlan/vxlan6 section to not break existing configurations, this patch
-allows to add multiple sections that conigure fdb entries via the bridge
-command. As such, the bridge command is now a dependency of the vxlan
-package. (To be honest without the bridge command available, vxlan isn't
-very much fun to use or debug at all)
-
-Field names are taken direclty from the bridge command.
-
-Example with all supported parameters, since this hasn't been documented so
-far:
-
-  config interface 'vx0'
-      option proto     'vxlan6'      # use vxlan over ipv6
-
-      # main options
-      option ip6addr   '2001:db8::1' # listen address
-      option tunlink   'wan6'        # optional if listen address given
-      option peer6addr '2001:db8::2' # now optional
-      option port      '8472'        # this is the standard port under linux
-      option vid       '42'          # VXLAN Network Identifier to use
-      option mtu       '1430'        # vxlan6 has 70 bytes overhead
-
-      # extra options
-      option rxcsum  '0'  # allow receiving packets without checksum
-      option txcsum  '0'  # send packets without checksum
-      option ttl     '16' # specifies the TTL value for outgoing packets
-      option tos     '0'  # specifies the TOS value for outgoing packets
-      option macaddr '11:22:33:44:55:66' # optional, manually specify mac
-                                         # default is a random address
-
-Single peer with head-end replication. Corresponds to the following call
-to bridge:
-
-  $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3
-
-  config vxlan_peer
-      option vxlan 'vx0'
-      option dst '2001:db8::3' # always required
-
-For multiple peers, this section can be repeated for each dst address.
-
-It's possible to specify a multicast address as destination. Useful when
-multicast routing is available or within one lan segment:
-
-  config vxlan_peer
-      option vxlan 'vx0'
-      option dst 'ff02::1337' # multicast group to join.
-                              # all bum traffic will be send there
-      option via 'eth1'       # for multicast, an outgoing interface needs
-                              # to be specified
-
-All available peer options for completeness:
-
-  config vxlan_peer
-      option vxlan   'vx0'               # the interface to configure
-      option lladdr  'aa:bb:cc:dd:ee:ff' # specific mac,
-      option dst     '2001:db8::4'       # connected to this peer
-      option via     'eth0.1'            # use this interface only
-      option port    '4789'              # use different port for this peer
-      option vni     '23'                # override vni for this peer
-      option src_vni '123'               # see man 3 bridge
-
-Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-(cherry picked from commit 65e9de3c333bae1ccef1dfb0cc008ad6f13958e4)
-
-diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
-index 13fcf0c55d07d97f5dcc3cbfcf2478020e7107cc..7232f71b45e6f72f2c62a245ad44cb9ade144f52 100644
--- a/package/network/config/vxlan/Makefile
-+++ b/package/network/config/vxlan/Makefile
-@@ -1,7 +1,7 @@
- include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=vxlan
-PKG_RELEASE:=3
-+PKG_RELEASE:=4
- PKG_LICENSE:=GPL-2.0
- 
- include $(INCLUDE_DIR)/package.mk
-diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index bdcaa628c4416cc83258dd38a6fc0978ea55a3bb..d063c47d47d0f4e339b21e97f4e25f55a33c0497 100755
--- a/package/network/config/vxlan/files/vxlan.sh
-+++ b/package/network/config/vxlan/files/vxlan.sh
-@@ -7,6 +7,50 @@
- 	init_proto "$@"
- }
- 
-+proto_vxlan_setup_peer() {
-+	type bridge &> /dev/null || {
-+		proto_notify_error "$cfg" "MISSING_BRIDGE_COMMAND"
-+		exit
-+	}
-+
-+	local peer_config="$1"
-+
-+	local vxlan
-+	local lladdr
-+	local dst
-+	local src_vni
-+	local vni
-+	local port
-+	local via
-+
-+	config_get vxlan   "${peer_config}" "vxlan"
-+	config_get lladdr  "${peer_config}" "lladdr"
-+	config_get dst     "${peer_config}" "dst"
-+	config_get src_vni "${peer_config}" "src_vni"
-+	config_get vni     "${peer_config}" "vni"
-+	config_get port    "${peer_config}" "port"
-+	config_get via     "${peer_config}" "via"
-+
-+	[ "$cfg" = "$vxlan" ] || {
-+		# This peer section belongs to another device
-+		return
-+	}
-+
-+	[ -n "${dst}" ] || {
-+		proto_notify_error "$cfg" "MISSING_PEER_ADDRESS"
-+		exit
-+	}
-+
-+	bridge fdb append \
-+		${lladdr:-00:00:00:00:00:00} \
-+		dev ${cfg}                   \
-+		dst ${dst}                   \
-+		${src_vni:+src_vni $src_vni} \
-+		${vni:+vni $vni}             \
-+		${port:+port $port}          \
-+		${via:+via $via}
-+}
-+
- vxlan_generic_setup() {
- 	local cfg="$1"
- 	local mode="$2"
-@@ -18,7 +62,6 @@ vxlan_generic_setup() {
- 	local port vid ttl tos mtu macaddr zone rxcsum txcsum
- 	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum
- 
-
- 	proto_init_update "$link" 1
- 
- 	proto_add_tunnel
-@@ -47,6 +90,9 @@ vxlan_generic_setup() {
- 	proto_close_data
- 
- 	proto_send_update "$cfg"
-+
-+	config_load network
-+	config_foreach proto_vxlan_setup_peer "vxlan_peer"
- }
- 
- proto_vxlan_setup() {
--- a/build_patches/openwrt/0006-vxlan-add-extra-config-options.patch
+++ b/build_patches/openwrt/0006-vxlan-add-extra-config-options.patch
@ -1,90 +0,0 @@
-From: Hans Dedecker <dedeckeh@gmail.com>
-Date: Mon, 14 Sep 2020 21:55:01 +0200
-Subject: vxlan: add extra config options
-
-Add config options:
-  srcportmin/srcportmax : range of port numbers to use as  UDP source ports
-                          to communicate to the remote VXLAN tunnel endpoint
-  ageing                : lifetime in seconds of FDB entries learnt by the kernel
-  maxaddress            : maximum number of FDB entries
-  learning              : enable/disable entering unknown source link layer addresses
-                          and IP addresses into the VXLAN device FDB.
-  rsc                   : enable/disable route short circuit
-  proxy                 : enable/disable ARP proxy
-  l2miss                : enable/disable netlink LLADDR miss notifications
-  l3miss                : enable/disable netlink IP ADDR miss notifications
-  gbp                   : enable/disable the Group Policy extension
-
-Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
-(cherry picked from commit 036221ce5a899eb99ef1c1623fc9460af00a69e7)
-
-diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
-index 7232f71b45e6f72f2c62a245ad44cb9ade144f52..eb053bf1118dd300db549906bfd474a19f5e3752 100644
--- a/package/network/config/vxlan/Makefile
-+++ b/package/network/config/vxlan/Makefile
-@@ -1,7 +1,7 @@
- include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=vxlan
-PKG_RELEASE:=4
-+PKG_RELEASE:=5
- PKG_LICENSE:=GPL-2.0
- 
- include $(INCLUDE_DIR)/package.mk
-diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index d063c47d47d0f4e339b21e97f4e25f55a33c0497..8b3a0a53d47c675fcf89981061a250b5f526df3e 100755
--- a/package/network/config/vxlan/files/vxlan.sh
-+++ b/package/network/config/vxlan/files/vxlan.sh
-@@ -59,8 +59,8 @@ vxlan_generic_setup() {
- 
- 	local link="$cfg"
- 
-	local port vid ttl tos mtu macaddr zone rxcsum txcsum
-	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum
-+	local port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
-+	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
- 
- 	proto_init_update "$link" 1
- 
-@@ -78,9 +78,20 @@ vxlan_generic_setup() {
- 	json_add_object 'data'
- 	[ -n "$port" ] && json_add_int port "$port"
- 	[ -n "$vid" ] && json_add_int id "$vid"
-+	[ -n "$srcportmin" ] && json_add_int srcportmin "$srcportmin"
-+	[ -n "$srcportmax" ] && json_add_int srcportmax "$srcportmax"
-+	[ -n "$ageing" ] && json_add_int ageing "$ageing"
-+	[ -n "$maxaddress" ] && json_add_int maxaddress "$maxaddress"
- 	[ -n "$macaddr" ] && json_add_string macaddr "$macaddr"
- 	[ -n "$rxcsum" ] && json_add_boolean rxcsum "$rxcsum"
- 	[ -n "$txcsum" ] && json_add_boolean txcsum "$txcsum"
-+	[ -n "$learning" ] && json_add_boolean learning "$learning"
-+	[ -n "$rsc" ] && json_add_boolean rsc "$rsc"
-+	[ -n "$proxy" ] && json_add_boolean proxy "$proxy"
-+	[ -n "$l2miss" ] && json_add_boolean l2miss "$l2miss"
-+	[ -n "$l3miss" ] && json_add_boolean l3miss "$l3miss"
-+	[ -n "$gbp" ] && json_add_boolean gbp "$gbp"
-+
- 	json_close_object
- 
- 	proto_close_tunnel
-@@ -163,9 +174,20 @@ vxlan_generic_init_config() {
- 	proto_config_add_int "ttl"
- 	proto_config_add_int "tos"
- 	proto_config_add_int "mtu"
-+	proto_config_add_int "srcportmin"
-+	proto_config_add_int "srcportmax"
-+	proto_config_add_int "ageing"
-+	proto_config_add_int "maxaddress"
- 	proto_config_add_boolean "rxcsum"
- 	proto_config_add_boolean "txcsum"
-+	proto_config_add_boolean "learning"
-+	proto_config_add_boolean "rsc"
-+	proto_config_add_boolean "proxy"
-+	proto_config_add_boolean "l2miss"
-+	proto_config_add_boolean "l3miss"
-+	proto_config_add_boolean "gbp"
- 	proto_config_add_string "macaddr"
-+
- }
- 
- proto_vxlan_init_config() {
--- a/build_patches/openwrt/0007-vxlan-fix-rsc-config-option.patch
+++ b/build_patches/openwrt/0007-vxlan-fix-rsc-config-option.patch
@ -1,37 +0,0 @@
-From: Hans Dedecker <dedeckeh@gmail.com>
-Date: Thu, 24 Sep 2020 22:04:39 +0200
-Subject: vxlan: fix rsc config option
-
-Fix route short circuit config option; fixes commit 036221ce5a899eb99ef1c1623fc9460af00a69e7
-
-Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
-(cherry picked from commit ad3044c424510668dd318c6a48c0b56bfba3c2da)
-
-diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
-index eb053bf1118dd300db549906bfd474a19f5e3752..0b4d6713f9e1cfcad9f4c94272f8dc9192b7f3b4 100644
--- a/package/network/config/vxlan/Makefile
-+++ b/package/network/config/vxlan/Makefile
-@@ -1,7 +1,7 @@
- include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=vxlan
-PKG_RELEASE:=5
-+PKG_RELEASE:=6
- PKG_LICENSE:=GPL-2.0
- 
- include $(INCLUDE_DIR)/package.mk
-diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index 8b3a0a53d47c675fcf89981061a250b5f526df3e..5c1c484c47f7fb48f1cb705b200d589df77a60f6 100755
--- a/package/network/config/vxlan/files/vxlan.sh
-+++ b/package/network/config/vxlan/files/vxlan.sh
-@@ -59,8 +59,8 @@ vxlan_generic_setup() {
- 
- 	local link="$cfg"
- 
-	local port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
-	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
-+	local port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning rsc proxy l2miss l3miss gbp
-+	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning rsc proxy l2miss l3miss gbp
- 
- 	proto_init_update "$link" 1
- 
--- a/build_patches/openwrt/0008-vxlan-allow-for-dynamic-source-ip-selection-FS-3426.patch
+++ b/build_patches/openwrt/0008-vxlan-allow-for-dynamic-source-ip-selection-FS-3426.patch
@ -1,101 +0,0 @@
-From: Johannes Kimmel <fff@bareminimum.eu>
-Date: Tue, 15 Dec 2020 00:31:52 +0100
-Subject: vxlan: allow for dynamic source ip selection (FS#3426)
-
-By setting 'auto', the zero address or the empty string as source
-address (option ipaddr, option ip6addr), vxlan will choose one
-dynamically. This helps in setups where a wan ip or prefix changes.
-
-This corresponse to setting up an vxlan tunnel with:
-
-proto vxlan6:
-    # ip link add vx0 type vxlan id ID local :: ...
-proto vxlan:
-    # ip link add vx0 type vxlan id ID local 0.0.0.0 ...
-
-While it is possible to not specify a source ip at all, the kernel will
-default to setting up a ipv4 tunnel. The kernel will take any hint from
-source and peer ips to figure out, what tunnel type to use. To make sure
-we setup an ipv6 tunnel for proto vxlan6, this workaround is needed.
-
-This will not change the behaviour of currently working configurations.
-However this will allow former broken configurations, namely those not
-specifying both a source address and tunnel interface, to setup a
-tunnel interface. Previously those configurations weren't reporting an
-error and were stueck in a setup loop like in Bug FS#3426.
-
-This change lifts the currently very strict behaviour and should fix the
-following bug:
-
-Fixes: FS#3426
-Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426
-
-Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-(cherry picked from commit 3f5619f259de42af4404e0e36d11df4adcef9f5e)
-
-diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
-index 0b4d6713f9e1cfcad9f4c94272f8dc9192b7f3b4..97972d6d85bddc56d1575088d3966ae6899f06da 100644
--- a/package/network/config/vxlan/Makefile
-+++ b/package/network/config/vxlan/Makefile
-@@ -1,7 +1,7 @@
- include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=vxlan
-PKG_RELEASE:=6
-+PKG_RELEASE:=7
- PKG_LICENSE:=GPL-2.0
- 
- include $(INCLUDE_DIR)/package.mk
-diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index 5c1c484c47f7fb48f1cb705b200d589df77a60f6..a087c4a3ce2ca42a6b8d43b2254d0ea7379c0936 100755
--- a/package/network/config/vxlan/files/vxlan.sh
-+++ b/package/network/config/vxlan/files/vxlan.sh
-@@ -114,18 +114,11 @@ proto_vxlan_setup() {
- 
- 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
- 
-	[ -z "$ipaddr" ] && {
-		local wanif="$tunlink"
-		if [ -z "$wanif" ] && ! network_find_wan wanif; then
-			proto_notify_error "$cfg" "NO_WAN_LINK"
-			exit
-		fi
-
-		if ! network_get_ipaddr ipaddr "$wanif"; then
-			proto_notify_error "$cfg" "NO_WAN_LINK"
-			exit
-		fi
-	}
-+	case "$ipaddr" in
-+		"auto"|"")
-+			ipaddr="0.0.0.0"
-+			;;
-+	esac
- 
- 	vxlan_generic_setup "$cfg" 'vxlan' "$ipaddr" "$peeraddr"
- }
-@@ -138,18 +131,12 @@ proto_vxlan6_setup() {
- 
- 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
- 
-	[ -z "$ip6addr" ] && {
-		local wanif="$tunlink"
-		if [ -z "$wanif" ] && ! network_find_wan6 wanif; then
-			proto_notify_error "$cfg" "NO_WAN_LINK"
-			exit
-		fi
-
-		if ! network_get_ipaddr6 ip6addr "$wanif"; then
-			proto_notify_error "$cfg" "NO_WAN_LINK"
-			exit
-		fi
-	}
-+	case "$ip6addr" in
-+		"auto"|"")
-+			# ensure tunnel via ipv6
-+			ip6addr="::"
-+			;;
-+	esac
- 
- 	vxlan_generic_setup "$cfg" 'vxlan6' "$ip6addr" "$peer6addr"
- }
--- a/build_patches/openwrt/0009-netifd-backport-vxlan-patches.patch
+++ b/build_patches/openwrt/0009-netifd-backport-vxlan-patches.patch
@ -1,324 +0,0 @@
-From: Johannes Kimmel <fff@bareminimum.eu>
-Date: Fri, 1 Jan 2021 09:55:25 +0100
-Subject: netifd: backport vxlan patches
-
-Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-[refresh patches]
-Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
-diff --git a/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
-new file mode 100644
-index 0000000000000000000000000000000000000000..0b803aca8bebe33ad47f7e441bc9aa36d42b0aea
--- /dev/null
-+++ b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
-@@ -0,0 +1,89 @@
-+From a3c033e2afc289672e0ed4b8d8a835d509715af8 Mon Sep 17 00:00:00 2001
-+From: Johannes Kimmel <fff@bareminimum.eu>
-+Date: Fri, 4 Sep 2020 04:59:40 +0200
-+Subject: [PATCH 1/4] netifd: vxlan: handle srcport range
-+
-+This adds adds the ability to set the source port range for vxlan
-+interfaces.
-+
-+By default vxlans will use a random port within the ephermal range as
-+source ports for packets. This is done to aid scaleability within a
-+datacenter.
-+
-+But with these defaults it's impossible to punch through NATs or
-+traverese most stateful firewalls easily. One solution is to fix the
-+srcport to the same as dstport.
-+
-+If only srcportmin is specified, then srcportmax is set in a way that
-+outgoing packets will only use srcportmin.
-+
-+If a range is to be specified, srcportmin and srcportmax have to be
-+specified. srcportmax is exclusive.
-+
-+If only srcportmax is specified, the value is ignored and defaults are
-+used.
-+
-+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-+---
-+ system-linux.c | 26 ++++++++++++++++++++++++++
-+ system.c       |  2 ++
-+ system.h       |  2 ++
-+ 3 files changed, 30 insertions(+)
-+
-+--- a/system-linux.c
-++++ b/system-linux.c
-+@@ -3062,6 +3062,32 @@ static int system_add_vxlan(const char *
-+ 	}
-+ 	nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port));
-+ 
-++	if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) {
-++		struct ifla_vxlan_port_range srcports = {0,0};
-++
-++		uint32_t low = blobmsg_get_u32(cur);
-++		if (low < 1 || low > 65535 - 1) {
-++			ret = -EINVAL;
-++			goto failure;
-++		}
-++
-++		srcports.low = htons((uint16_t) low);
-++		srcports.high = htons((uint16_t) (low+1));
-++
-++		if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) {
-++			uint32_t high = blobmsg_get_u32(cur);
-++			if (high < 1 || high > 65535) {
-++				ret = -EINVAL;
-++				goto failure;
-++			}
-++
-++			if (high > low)
-++				srcports.high = htons((uint16_t) high);
-++		}
-++
-++		nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
-++	}
-++
-+ 	if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
-+ 		bool rxcsum = blobmsg_get_bool(cur);
-+ 		nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
-+--- a/system.c
-++++ b/system.c
-+@@ -38,6 +38,8 @@ static const struct blobmsg_policy vxlan
-+ 	[VXLAN_DATA_ATTR_MACADDR] = { .name = "macaddr", .type = BLOBMSG_TYPE_STRING },
-+ 	[VXLAN_DATA_ATTR_RXCSUM] = { .name = "rxcsum", .type = BLOBMSG_TYPE_BOOL },
-+ 	[VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
-++	[VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
-++	[VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
-+ };
-+ 
-+ const struct uci_blob_param_list vxlan_data_attr_list = {
-+--- a/system.h
-++++ b/system.h
-+@@ -43,6 +43,8 @@ enum vxlan_data {
-+ 	VXLAN_DATA_ATTR_MACADDR,
-+ 	VXLAN_DATA_ATTR_RXCSUM,
-+ 	VXLAN_DATA_ATTR_TXCSUM,
-++	VXLAN_DATA_ATTR_SRCPORTMIN,
-++	VXLAN_DATA_ATTR_SRCPORTMAX,
-+ 	__VXLAN_DATA_ATTR_MAX
-+ };
-+ 
-diff --git a/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
-new file mode 100644
-index 0000000000000000000000000000000000000000..3c60665354a52159566826bbedf59964077205d5
--- /dev/null
-+++ b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
-@@ -0,0 +1,54 @@
-+From 226566b967dc4ef4d83ed7844b8ad746f4306f8d Mon Sep 17 00:00:00 2001
-+From: Johannes Kimmel <fff@bareminimum.eu>
-+Date: Fri, 4 Sep 2020 04:59:41 +0200
-+Subject: [PATCH 2/4] netifd: vxlan: refactor mapping of boolean attrs
-+
-+Add a small function to handle boolean options and make use of it to handle:
-+  - rxcsum
-+  - txcsum
-+
-+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-+---
-+ system-linux.c | 24 ++++++++++++++----------
-+ 1 file changed, 14 insertions(+), 10 deletions(-)
-+
-+--- a/system-linux.c
-++++ b/system-linux.c
-+@@ -2951,6 +2951,17 @@ failure:
-+ #endif
-+ 
-+ #ifdef IFLA_VXLAN_MAX
-++static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) {
-++	struct blob_attr *cur;
-++	if ((cur = tb_data[vxlandatatype])) {
-++		bool val = blobmsg_get_bool(cur);
-++		if (invert) {
-++			val = !val;
-++		}
-++		nla_put_u8(msg, attrtype, val);
-++	}
-++}
-++
-+ static int system_add_vxlan(const char *name, const unsigned int link, struct blob_attr **tb, bool v6)
-+ {
-+ 	struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX];
-+@@ -3088,16 +3099,9 @@ static int system_add_vxlan(const char *
-+ 		nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
-+ 	}
-+ 
-+-	if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
-+-		bool rxcsum = blobmsg_get_bool(cur);
-+-		nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
-+-	}
-+-
-+-	if ((cur = tb_data[VXLAN_DATA_ATTR_TXCSUM])) {
-+-		bool txcsum = blobmsg_get_bool(cur);
-+-		nla_put_u8(msg, IFLA_VXLAN_UDP_CSUM, txcsum);
-+-		nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, !txcsum);
-+-	}
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
-+ 
-+ 	if ((cur = tb[TUNNEL_ATTR_TOS])) {
-+ 		char *str = blobmsg_get_string(cur);
-diff --git a/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
-new file mode 100644
-index 0000000000000000000000000000000000000000..693e92b9f6b50f20d8fd220c196440d7bf894eb9
--- /dev/null
-+++ b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
-@@ -0,0 +1,93 @@
-+From 11223f5550f7dd8faefb85441065b682be16e61f Mon Sep 17 00:00:00 2001
-+From: Johannes Kimmel <fff@bareminimum.eu>
-+Date: Fri, 4 Sep 2020 04:59:42 +0200
-+Subject: [PATCH 3/4] netifd: vxlan: add most missing boolean options
-+
-+adds the folloing missing options:
-+  - learning
-+  - rsc
-+  - proxy
-+  - l2miss
-+  - l3miss
-+  - gbp
-+
-+See ip-link(3) for their meaning.
-+
-+still missing:
-+  - external
-+  - gpe
-+
-+I'm not sure how to handle them at the moment. It's unclear to me what
-+IFLA_VXLAN_* value corresponds to the 'external' option and according to
-+the manpage, gpe depends on it.
-+
-+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-+---
-+ system-linux.c | 16 +++++++++++++---
-+ system.c       |  6 ++++++
-+ system.h       |  6 ++++++
-+ 3 files changed, 25 insertions(+), 3 deletions(-)
-+
-+--- a/system-linux.c
-++++ b/system-linux.c
-+@@ -2955,10 +2955,14 @@ static void system_vxlan_map_bool_attr(s
-+ 	struct blob_attr *cur;
-+ 	if ((cur = tb_data[vxlandatatype])) {
-+ 		bool val = blobmsg_get_bool(cur);
-+-		if (invert) {
-++		if (invert)
-+ 			val = !val;
-+-		}
-+-		nla_put_u8(msg, attrtype, val);
-++
-++		if ((attrtype == IFLA_VXLAN_GBP) && val)
-++			nla_put_flag(msg, attrtype);
-++		else 
-++			nla_put_u8(msg, attrtype, val);
-++
-+ 	}
-+ }
-+ 
-+@@ -3102,6 +3106,12 @@ static int system_add_vxlan(const char *
-+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
-+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
-+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC , VXLAN_DATA_ATTR_RSC, false);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY , VXLAN_DATA_ATTR_PROXY, false);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS , VXLAN_DATA_ATTR_L2MISS, false);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false);
-++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false);
-+ 
-+ 	if ((cur = tb[TUNNEL_ATTR_TOS])) {
-+ 		char *str = blobmsg_get_string(cur);
-+--- a/system.c
-++++ b/system.c
-+@@ -40,6 +40,12 @@ static const struct blobmsg_policy vxlan
-+ 	[VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
-+ 	[VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
-+ 	[VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
-++	[VXLAN_DATA_ATTR_LEARNING] = { .name = "learning", .type = BLOBMSG_TYPE_BOOL },
-++	[VXLAN_DATA_ATTR_RSC] = { .name = "rsc", .type = BLOBMSG_TYPE_BOOL },
-++	[VXLAN_DATA_ATTR_PROXY] = { .name = "proxy", .type = BLOBMSG_TYPE_BOOL },
-++	[VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL },
-++	[VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL },
-++	[VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL },
-+ };
-+ 
-+ const struct uci_blob_param_list vxlan_data_attr_list = {
-+--- a/system.h
-++++ b/system.h
-+@@ -45,6 +45,12 @@ enum vxlan_data {
-+ 	VXLAN_DATA_ATTR_TXCSUM,
-+ 	VXLAN_DATA_ATTR_SRCPORTMIN,
-+ 	VXLAN_DATA_ATTR_SRCPORTMAX,
-++	VXLAN_DATA_ATTR_LEARNING,
-++	VXLAN_DATA_ATTR_RSC,
-++	VXLAN_DATA_ATTR_PROXY,
-++	VXLAN_DATA_ATTR_L2MISS,
-++	VXLAN_DATA_ATTR_L3MISS,
-++	VXLAN_DATA_ATTR_GBP,
-+ 	__VXLAN_DATA_ATTR_MAX
-+ };
-+ 
-diff --git a/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch b/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch
-new file mode 100644
-index 0000000000000000000000000000000000000000..8a2b4424fe282492ecf64522ecf3d1b3ba106bbb
--- /dev/null
-+++ b/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch
-@@ -0,0 +1,56 @@
-+From 55a7b6b7f2f773c06a79cb7359ffdab54ba32450 Mon Sep 17 00:00:00 2001
-+From: Johannes Kimmel <fff@bareminimum.eu>
-+Date: Fri, 4 Sep 2020 04:59:43 +0200
-+Subject: [PATCH 4/4] netifd: vxlan: add aging and maxaddress options
-+
-+For both options the values can just be passed to the kernel. All
-+unsigned values are accepted, thus no range checking required.
-+
-+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-+---
-+ system-linux.c | 10 ++++++++++
-+ system.c       |  2 ++
-+ system.h       |  2 ++
-+ 3 files changed, 14 insertions(+)
-+
-+--- a/system-linux.c
-++++ b/system-linux.c
-+@@ -3113,6 +3113,16 @@ static int system_add_vxlan(const char *
-+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false);
-+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false);
-+ 
-++	if ((cur = tb_data[VXLAN_DATA_ATTR_AGEING])) {
-++		uint32_t ageing = blobmsg_get_u32(cur);
-++		nla_put_u32(msg, IFLA_VXLAN_AGEING, ageing);
-++	}
-++
-++	if ((cur = tb_data[VXLAN_DATA_ATTR_LIMIT])) {
-++		uint32_t maxaddress = blobmsg_get_u32(cur);
-++		nla_put_u32(msg, IFLA_VXLAN_LIMIT, maxaddress);
-++	}
-++
-+ 	if ((cur = tb[TUNNEL_ATTR_TOS])) {
-+ 		char *str = blobmsg_get_string(cur);
-+ 		unsigned tos = 1;
-+--- a/system.c
-++++ b/system.c
-+@@ -46,6 +46,8 @@ static const struct blobmsg_policy vxlan
-+ 	[VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL },
-+ 	[VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL },
-+ 	[VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL },
-++	[VXLAN_DATA_ATTR_AGEING] = { .name = "ageing", .type = BLOBMSG_TYPE_INT32 },
-++	[VXLAN_DATA_ATTR_LIMIT] = { .name = "maxaddress", .type = BLOBMSG_TYPE_INT32 },
-+ };
-+ 
-+ const struct uci_blob_param_list vxlan_data_attr_list = {
-+--- a/system.h
-++++ b/system.h
-+@@ -51,6 +51,8 @@ enum vxlan_data {
-+ 	VXLAN_DATA_ATTR_L2MISS,
-+ 	VXLAN_DATA_ATTR_L3MISS,
-+ 	VXLAN_DATA_ATTR_GBP,
-++	VXLAN_DATA_ATTR_AGEING,
-++	VXLAN_DATA_ATTR_LIMIT,
-+ 	__VXLAN_DATA_ATTR_MAX
-+ };
-+ 
--- a/12
+++ b/12
@ -3,16 +3,16 @@

 builddir=./build

-# OpenWrt: package hashes correspond to core repo version
-OPENWRTREV="v19.07.7"
-PACKAGEREV="90af10d01579425369bd474051b6d3ddaf32a7e3"
-ROUTINGREV="e26b4745209655976b7d124465b1dc53ade632f9"
+# OpenWrt:
+OPENWRTREV="v21.02.0-rc2"
+PACKAGEREV="920c4f29c55d26d8d602c1357ffd6b23a0df5914"
+ROUTINGREV="57533a25e84932a7e50b8483843c840f0924bc0c"

 # Gluon packages: master from 2020-02-04
 GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"

 OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl micrond mtr bmon"
-ROUTING_PKGS="kmod-batman-adv batctl alfred babeld"
+ROUTING_PKGS="kmod-batman-adv batctl alfred babeld bird2"
 GLUON_PKGS="simple-tc uradvd"

 FFF_VARIANTS="node layer3"
@ -59,7 +59,7 @@ checkout_git(){
            # Select desired commit and remove local changes (-f)
            if ! $MYGIT checkout -f "$COMMITID" ; then
                echo "commitid not found trying to fetch new commits"
-                $MYGIT pull && $MYGIT checkout "$COMMITID"
+                $MYGIT fetch --all && $MYGIT checkout "$COMMITID"
            fi
        else
            echo "wrong remote or not an git repo at all -> deleting whole directory"
--- a/feed_patches/openwrt/0030-micrond-show-stdout-and-stderr-in-log.patch
+++ b/feed_patches/openwrt/0030-micrond-show-stdout-and-stderr-in-log.patch
@ -1,44 +0,0 @@
-From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
-Date: Wed, 22 Apr 2020 16:57:34 +0200
-Subject: micrond: show stdout and stderr in log
-
-So far, all output created by scripts run with micrond has been
-discarded. Since there is no reason for that and it also does not
-match the expected behavior, this enables both stdout and stderr
-output for the service.
-
-If not desired, a user can still use >/dev/null or similar in his/her
-micrond jobs to disable output easily and similar to what it would be
-on other systems.
-
-Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
---
- utils/micrond/Makefile                 | 2 +-
- utils/micrond/files/etc/init.d/micrond | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/utils/micrond/Makefile b/utils/micrond/Makefile
-index ba063b674..c979025bb 100644
--- a/utils/micrond/Makefile
-+++ b/utils/micrond/Makefile
-@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=micrond
- PKG_VERSION:=1
-PKG_RELEASE:=1
-+PKG_RELEASE:=2
- PKG_LICENSE:=BSD-2-clause
- 
- include $(INCLUDE_DIR)/package.mk
-diff --git a/utils/micrond/files/etc/init.d/micrond b/utils/micrond/files/etc/init.d/micrond
-index 1eef2ef52..35a3b9e70 100755
--- a/utils/micrond/files/etc/init.d/micrond
-+++ b/utils/micrond/files/etc/init.d/micrond
-@@ -9,5 +9,7 @@ start_service() {
- 	procd_open_instance
- 	procd_set_param command /usr/sbin/micrond "$CRONDIR"
- 	procd_set_param respawn
-+	procd_set_param stdout 1
-+	procd_set_param stderr 1
- 	procd_close_instance
- }
--- a/feed_patches/routing/0011-babeld-Include-PKG_RELEASE-in-babeld-version.patch
+++ b/feed_patches/routing/0011-babeld-Include-PKG_RELEASE-in-babeld-version.patch
@ -1,7 +1,7 @@
-From f114914490740247f2b6ca705f0f7055db9681ab Mon Sep 17 00:00:00 2001
+From af52d8a526d8aa99db937cd3ca86d49814bc4190 Mon Sep 17 00:00:00 2001
 From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 Date: Mon, 30 Sep 2019 17:09:10 +0200
-Subject: [PATCH 1/2] babeld: Include PKG_RELEASE in babeld version
+Subject: [PATCH] babeld: Include PKG_RELEASE in babeld version

 This will account for custom patches added, as otherwise version
 would stay the same.
@ -14,12 +14,12 @@ Signed-off-by: Fabian Bläse <fabian@blaese.de>
 1 file changed, 5 insertions(+)

 diff --git a/babeld/Makefile b/babeld/Makefile
-index 022d0b8..78fdf83 100644
+index 0b61128..b0ed749 100644
 --- a/babeld/Makefile
 +++ b/babeld/Makefile
-@@ -48,6 +48,11 @@ MAKE_FLAGS+= \
- 	CFLAGS="$(TARGET_CFLAGS)" \
+@@ -49,6 +49,11 @@ MAKE_FLAGS+= \
 	LDLIBS="" \
+ 	LDLIBS+="-lubus -lubox"
 
 +define Build/Configure
 +	echo "babeld-$(PKG_VERSION)+fff$(PKG_RELEASE)" > $(PKG_BUILD_DIR)/version
@ -30,5 +30,5 @@ index 022d0b8..78fdf83 100644
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/babeld $(1)/usr/sbin/
 -- 
-2.25.1
+2.30.1

--- a/src/packages/fff/fff-babel-bird2/Makefile
+++ b/src/packages/fff/fff-babel-bird2/Makefile
@ -0,0 +1,30 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-babel-bird2
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-babel-bird2
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken babel-bird2
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:=+bird2 +bird2c
+	PROVIDES:=fff-babel-implementation
+	CONFLICTS:=fff-babeld
+endef
+
+define Package/fff-babel-bird2/description
+	This is the Freifunk Franken Firmware babel-bird2 package.
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-babel-bird2/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-babel-bird2))
--- a/src/packages/fff/fff-babel-bird2/files/etc/bird-babel-include.conf
+++ b/src/packages/fff/fff-babel-bird2/files/etc/bird-babel-include.conf
@ -0,0 +1 @@
+include "/etc/bird-babel/*.conf";
--- a/src/packages/fff/fff-babel-bird2/files/etc/bird-fff.conf
+++ b/src/packages/fff/fff-babel-bird2/files/etc/bird-fff.conf
@ -0,0 +1,115 @@
+# router id is not required for babeld, but necessary for bird startup
+router id 192.0.2.0;
+
+ipv4 table fff4;
+ipv6 sadr table fff6;
+
+ipv4 table local4;
+ipv6 sadr table local6;
+
+protocol device {
+	scan time 15;
+}
+
+# device routes for ipv4 peering address
+protocol direct {
+	ipv4 {
+		table fff4;
+		import filter {
+			if (net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16) && net.len = 32 then {
+				accept;
+			}
+			reject;
+		};
+	};
+}
+
+# device routes on loopback interface
+protocol direct {
+	ipv4 {
+		table fff4;
+		import filter {
+			if net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16 then {
+				accept;
+			}
+			reject;
+		};
+	};
+
+	ipv6 sadr {
+		table fff6;
+		import filter {
+			if net ~ 2000::/3 from ::/0 then {
+				accept;
+			}
+			reject;
+		};
+		import keep filtered;
+	};
+
+	interface "lo";
+}
+
+# ipv6 kernel route interface
+protocol kernel {
+	ipv6 sadr {
+		table fff6;
+		import filter {
+			# only import routes from kernel with proto static
+			if krt_source = 4 then {
+				accept;
+			}
+			reject;
+		};
+		export all;
+		preference 200;
+	};
+	kernel table 10;
+	scan time 15;
+	learn yes;
+}
+
+# ipv4 kernel route interface
+protocol kernel {
+	ipv4 {
+		table fff4;
+		import filter {
+			# only import routes from kernel with proto static
+			if krt_source = 4 then {
+				accept;
+			}
+			reject;
+		};
+		export all;
+		preference 200;
+	};
+	kernel table 10;
+	scan time 15;
+	learn yes;
+}
+
+protocol babel {
+	# required due to static configuration of global router id.
+	# also improves reconnect speed after restart.
+	randomize router id yes;
+
+	ipv4 {
+		table fff4;
+		import filter {
+			accept;
+		};
+		export all;
+	};
+
+	ipv6 sadr {
+		table fff6;
+		import filter {
+			accept;
+		};
+		export filter {
+			accept;
+		};
+	};
+
+	include "/etc/bird-babel-include.conf";
+};
--- a/src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/60-fff-bird-config
+++ b/src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/60-fff-bird-config
@ -0,0 +1,3 @@
+mv /etc/bird-fff.conf /etc/bird.conf
+
+exit 0
--- a/src/packages/fff/fff-babel-bird2/files/lib/functions/fff/babeldaemon
+++ b/src/packages/fff/fff-babel-bird2/files/lib/functions/fff/babeldaemon
@ -0,0 +1,53 @@
+babel_add_interface() {
+	[ "$#" -ne "4" ] && return 1
+
+	local name="$1"
+	local interface="$2"
+	local type="$3"
+	local rxcost="$4"
+
+	mkdir -p /tmp/bird-babel
+	echo "interface \"$interface\" { type $type; rxcost $rxcost; };" > /tmp/bird-babel/$name.conf
+
+	return 0
+}
+
+babel_delete_interface() {
+	return 0
+}
+
+babel_add_redistribute_filter() {
+	return 0
+}
+
+babel_remove_custom_redistribute_filters() {
+	return 0
+}
+
+babel_apply() {
+	# error output hidden because apply might be executed without a preceding configure step.
+	if [ -d /tmp/bird-babel ]; then
+		rm -rf /etc/bird-babel
+		mv /tmp/bird-babel /etc/bird-babel
+	fi
+
+	return 0
+}
+
+babel_reload() {
+	# Change include file path, so bird uses the correct configuration, depending on the configuration state:
+	#  - If test mode is active (and /tmp/bird-babel exists), switch to the temporary (/tmp) configuration to be tested.
+	#  - If new settings are applied or the old settings are restored after an unsuccessful test (and /tmp/bird-babel does not exist),
+	#    switch back to the permanent configuration (/etc).
+	if [ -d /tmp/bird-babel ]; then
+		echo 'include "/tmp/bird-babel/*.conf";' > /etc/bird-babel-include.conf
+	else
+		echo 'include "/etc/bird-babel/*.conf";' > /etc/bird-babel-include.conf
+	fi
+
+	/etc/init.d/bird reload
+}
+
+babel_revert() {
+	rm -r /tmp/bird-babel
+}
--- a/src/packages/fff/fff-babel-bird2/files/usr/lib/nodewatcher.d/80-bird2.sh
+++ b/src/packages/fff/fff-babel-bird2/files/usr/lib/nodewatcher.d/80-bird2.sh
@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+set -o pipefail
+
+neighbours="$(birdc -r show babel neighbors |
+		tail -n +5 |
+		awk '{ printf "<neighbour><ip>%s</ip><outgoing_interface>%s</outgoing_interface><link_cost>%s</link_cost></neighbour>", $1, $2, $3 }'
+	)"
+
+echo -n "<babel_neighbours>$neighbours</babel_neighbours>"
+
+exit 0
--- a/src/packages/fff/fff-babel/Makefile
+++ b/src/packages/fff/fff-babel/Makefile
@ -0,0 +1,28 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-babel
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-babel
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken babel
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:=+fff-babel-implementation
+endef
+
+define Package/fff-babel/description
+	This is the Freifunk Franken Firmware babel package.
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-babel/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-babel))
--- a/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
+++ b/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
@ -26,7 +26,7 @@ configure() {
 		fi
 	}

-	config_load babeld
+	config_load network
 	config_foreach remove_babelpeer interface

 	#add new peers
@ -75,14 +75,14 @@ configure() {
 		babel_add_peer6addr "network.$prefixname.ip6addr"

 		# add babel interface
-		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babeld interface for babelpeer $name"; exit 1; }
+		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babel interface for babelpeer $name"; exit 1; }
 	}

 	config_load gateway
 	config_foreach add_babelpeer babelpeer


-	# configure babeld filters for custom ipv6 addresses
+	# configure babel filters for custom ipv6 addresses
 	## remove old filters
 	babel_remove_custom_redistribute_filters

@ -94,10 +94,14 @@ configure() {

 apply() {
 	uci commit network
-	uci commit babeld
+	babel_apply
+}
+
+reload() {
+	babel_reload
 }

 revert() {
 	uci revert network
-	uci revert babeld
+	babel_revert
 }
--- a/src/packages/fff/fff-babeld/files/etc/uci-defaults/01-iproute
+++ b/src/packages/fff/fff-babeld/files/etc/uci-defaults/01-iproute
--- a/src/packages/fff/fff-babeld/files/etc/uci-defaults/02-network-rules
+++ b/src/packages/fff/fff-babeld/files/etc/uci-defaults/02-network-rules
--- a/src/packages/fff/fff-babeld/files/lib/functions/fff/babel
+++ b/src/packages/fff/fff-babeld/files/lib/functions/fff/babel
@ -1,3 +1,5 @@
+. /lib/functions/fff/babeldaemon
+
 babel_add_iifrules() {
 	[ "$#" -ne "1" ] && return 1

@ -60,62 +62,3 @@ babel_add_peer6addr() {

 	return 0
 }
-
-babel_add_interface() {
-	[ "$#" -ne "4" ] && return 1
-
-	local name="$1"
-	local interface="$2"
-	local type="$3"
-	local rxcost="$4"
-
-	uci set babeld.$name=interface
-	uci set babeld.$name.ifname="$interface"
-	uci set babeld.$name.type="$type"
-	uci set babeld.$name.rxcost="$rxcost"
-
-	return 0
-}
-
-babel_delete_interface() {
-	[ "$#" -ne "1" ] && return 1
-
-	local name="$1"
-
-	uci -q del babeld.$name
-
-	return 0
-}
-
-babel_add_redistribute_filter() {
-	[ "$#" -ne "1" ] && return 1
-
-	local prefix="$1"
-
-	config=$(uci add babeld filter)
-	uci set babeld.$config.type='redistribute'
-	uci set babeld.$config.ip="$prefix"
-	uci set babeld.$config.addedbyautoconfig='true'
-
-	return 0
-}
-
-babel_remove_custom_redistribute_filters() {
-	[ "$#" -ne "0" ] && return 1
-
-	remove_filters() {
-		local name="$1"
-
-		# check if filter was added by configuregateway
-		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
-			return
-		fi
-
-		uci -q del babeld.$name
-	}
-
-	config_load babeld
-	config_foreach remove_filters filter
-
-	return 0
-}
--- a/src/packages/fff/fff-babeld/Makefile
+++ b/src/packages/fff/fff-babeld/Makefile
@ -11,6 +11,7 @@ define Package/fff-babeld
 	TITLE:=Freifunk-Franken babeld configuration example
 	URL:=http://www.freifunk-franken.de
 	DEPENDS:=+babeld
+	PROVIDES:=fff-babel-implementation
 endef

 define Package/fff-babeld/description
--- a/src/packages/fff/fff-babeld/files/lib/functions/fff/babeldaemon
+++ b/src/packages/fff/fff-babeld/files/lib/functions/fff/babeldaemon
@ -0,0 +1,70 @@
+babel_add_interface() {
+	[ "$#" -ne "4" ] && return 1
+
+	local name="$1"
+	local interface="$2"
+	local type="$3"
+	local rxcost="$4"
+
+	uci set babeld.$name=interface
+	uci set babeld.$name.ifname="$interface"
+	uci set babeld.$name.type="$type"
+	uci set babeld.$name.rxcost="$rxcost"
+
+	return 0
+}
+
+babel_delete_interface() {
+	[ "$#" -ne "1" ] && return 1
+
+	local name="$1"
+
+	uci -q del babeld.$name
+
+	return 0
+}
+
+babel_add_redistribute_filter() {
+	[ "$#" -ne "1" ] && return 1
+
+	local prefix="$1"
+
+	config=$(uci add babeld filter)
+	uci set babeld.$config.type='redistribute'
+	uci set babeld.$config.ip="$prefix"
+	uci set babeld.$config.addedbyautoconfig='true'
+
+	return 0
+}
+
+babel_remove_custom_redistribute_filters() {
+	[ "$#" -ne "0" ] && return 1
+
+	remove_filters() {
+		local name="$1"
+
+		# check if filter was added by configuregateway
+		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
+			return
+		fi
+
+		uci -q del babeld.$name
+	}
+
+	config_load babeld
+	config_foreach remove_filters filter
+
+	return 0
+}
+
+babel_apply() {
+	uci apply babeld
+}
+
+babel_reload() {
+	return 0
+}
+
+babel_revert() {
+	uci revert babeld
+}
--- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/50-flowoffload
+++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/50-flowoffload
@ -0,0 +1,2 @@
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
+ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
--- a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/20-vlan
+++ b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/20-vlan
@ -13,7 +13,12 @@ configure() {
 		local ports="$(uci -q get gateway.$vlan.ports)"
 		local name="$SWITCHDEV"_$vlan

-		uci set network.$name='switch_vlan'
+		if [ "$DSA" = "1" ]; then
+			uci set network.$name='bridge-vlan'
+		else
+			uci set network.$name='switch_vlan'
+		fi
+
 		uci set network.$name.device="$(uci get network.$SWITCHDEV.name)"
 		uci set network.$name.vlan="$vlan"
 		uci set network.$name.ports="$(get_cpu_port) $ports"
@ -34,6 +39,7 @@ configure() {

 	config_load network
 	config_foreach remove_vlan switch_vlan
+	config_foreach remove_vlan bridge-vlan

 	config_load gateway
 	config_foreach add_vlan vlan
--- a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-client
+++ b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-client
@ -50,7 +50,7 @@ configure() {

 	# set interface
 	#remove all eth interfaces
-	ifaces=$(uci get network.client.ifname | sed 's/\beth[^ ]* *//g')
+	ifaces=$(uci get network.client.ifname | sed 's/\beth[^ ]* *//g' | sed 's/\bswitch[^ ]* *//g')
 	if vlan=$(uci -q get gateway.@client[0].vlan); then
 		uci set network.client.ifname="${SWITCHDEV}.$vlan $ifaces"
 	elif iface=$(uci -q get gateway.@client[0].iface); then
--- a/src/packages/fff/fff-layer3/Makefile
+++ b/src/packages/fff/fff-layer3/Makefile
@ -11,7 +11,8 @@ define Package/fff-layer3
 	TITLE:=Freifunk-Franken gateway configuration
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-alfred-monitoring-proxy \
-	         +fff-babeld \
+	         +fff-babel \
+	         +fff-babel-bird2 \
 	         +fff-boardname \
 	         +fff-dhcp \
 	         +fff-layer3-config \
@ -24,6 +25,7 @@ define Package/fff-layer3
 	         +ebtables-utils \
 	         +kmod-ebtables-ipv4 \
 	         +kmod-ebtables-ipv6 \
+	         +kmod-ipt-offload \
 	         +kmod-sched-cake \
 	         +gre \
 	         +@PACKAGE_grev4 \
--- a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
+++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
@ -1,46 +1,24 @@
-net.ipv4.conf.default.arp_ignore=1
-net.ipv4.conf.all.arp_ignore=1
-net.ipv4.conf.all.forwarding=0
-net.ipv4.conf.all.send_redirects=0
-net.ipv4.tcp_ecn=0
-net.ipv4.tcp_fin_timeout=30
-net.ipv4.tcp_keepalive_time=120
-net.ipv4.tcp_syncookies=1
-net.core.netdev_max_backlog=30
-net.netfilter.nf_conntrack_checksum=0
-
-#Do not accept source routing
-net.ipv4.conf.all.accept_source_route=0
-net.ipv4.conf.all.accept_redirects=0
-net.ipv4.conf.default.accept_source_route=0
-net.ipv4.conf.default.accept_redirects=0
-net.ipv4.icmp_echo_ignore_broadcasts=1
-net.ipv4.icmp_ignore_bogus_error_responses=1
+# Disable IPv4 forwarding.
+# This has to be set first, because it resets some of the
+# net.ipv4.conf.* sysctls.
 net.ipv4.ip_forward=0

-net.ipv6.conf.default.accept_dad=0
-net.ipv6.conf.default.accept_ra=0
-net.ipv6.conf.default.accept_redirects=0
-net.ipv6.conf.all.accept_dad=0
-net.ipv6.conf.all.accept_ra=0
-net.ipv6.conf.all.accept_redirects=0
-
-# Learn Prefix Information in Router Advertisement
-net.ipv6.conf.default.accept_ra_pinfo = 0
-net.ipv6.conf.all.accept_ra_pinfo = 0
-
-# Setting controls whether the system will accept Hop Limit settings from a router advertisement
-net.ipv6.conf.default.accept_ra_defrtr = 0
-net.ipv6.conf.all.accept_ra_defrtr = 0
-
-#router advertisements can cause the system to assign a global unicast address to an interface
-net.ipv6.conf.default.autoconf = 0
-net.ipv6.conf.all.autoconf = 0
-
-#how many neighbor solicitations to send out per address?
-net.ipv6.conf.default.dad_transmits = 3
-net.ipv6.conf.all.dad_transmits = 3
-
-# Enable forwarding, otherwise not all local route are examined
+# Enable IPv6 forwarding, otherwise the fc00::/7 route sometimes is
+# not used if a default route is available, which breaks fc00::/7
+# inside Freifunk.
+# To ensure no packets are routed to different interfaces, fff-firewall
+# sets appropriate iptables rules
 net.ipv6.conf.all.forwarding=1
 net.ipv6.conf.default.forwarding=0
+
+# Do not accept Router Advertisements, so no public
+# addresses are assigned to interfaces, where we don't
+# want them. OpenWrts netifd overwrites this option for the WAN
+# interface, so IPv6 WAN connectivity is still possible.
+net.ipv6.conf.default.accept_ra=0
+net.ipv6.conf.all.accept_ra=0
+
+# Disable DAD, so fdff::1 on br-client does not get erroneously disabled.
+# This should be done on a per-interface basis in the future.
+net.ipv6.conf.default.accept_dad=0
+net.ipv6.conf.all.accept_dad=0
--- a/src/packages/fff/fff-network/files/lib/functions/fff/cpuport
+++ b/src/packages/fff/fff-network/files/lib/functions/fff/cpuport
@ -11,12 +11,10 @@ get_cpu_port() {
 		tplink,c50-v4|\
 		tplink,tl-wr1043nd-v2|\
 		tplink,tl-wr1043nd-v3|\
-		tl-wr841n-v13|\
-		r6220|\
-		ubnt-erx|\
-		ubnt-erx-sfp)
+		tl-wr841n-v13)
 			CPUPORT="6t"
 			;;
+		netgear,r6220|\
 		tplink,cpe210-v2|\
 		tplink,cpe210-v3|\
 		tplink,tl-mr3020-v1|\
@ -24,6 +22,8 @@ get_cpu_port() {
 		tplink,tl-wa860re-v1|\
 		tplink,tl-wa901nd-v2|\
 		ubnt,bullet-m|\
+		ubnt,edgerouter-x|\
+		ubnt,edgerouter-x-sfp|\
 		ubnt,nanostation-loco-m|\
 		ubnt,nanostation-loco-m-xw|\
 		ubnt,nanostation-m|\
--- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
+++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
@ -65,31 +65,52 @@ fi

 if ! uci -q get network.$SWITCHDEV > /dev/null || [ "$FORCEPARSE" = '1' ] ; then

-    SWITCHHW=$(swconfig list | awk '{ print $4 }')
+    if [ "$DSA" = "1" ]; then
+        uci set network.$SWITCHDEV=device
+        uci set network.$SWITCHDEV.name=$SWITCHDEV
+        uci set network.$SWITCHDEV.type=bridge

-    uci set network.$SWITCHDEV=switch
-    uci set network.$SWITCHDEV.name=$SWITCHHW
-    uci set network.$SWITCHDEV.enable=1
-    uci set network.$SWITCHDEV.reset=1
-    uci set network.$SWITCHDEV.enable_vlan=1
+        uci set network.${SWITCHDEV}_1=bridge-vlan
+        uci set network.${SWITCHDEV}_1.device=$SWITCHDEV
+        uci set network.${SWITCHDEV}_1.vlan=1
+        uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"

-    uci set network.${SWITCHDEV}_1=switch_vlan
-    uci set network.${SWITCHDEV}_1.device=$SWITCHHW
-    uci set network.${SWITCHDEV}_1.vlan=1
-    uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
+        if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
+            uci set network.${SWITCHDEV}_2=bridge-vlan
+            uci set network.${SWITCHDEV}_2.device=$SWITCHDEV
+            uci set network.${SWITCHDEV}_2.vlan=2
+            uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
+        fi

-    if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
-        uci set network.${SWITCHDEV}_2=switch_vlan
-        uci set network.${SWITCHDEV}_2.device=$SWITCHHW
-        uci set network.${SWITCHDEV}_2.vlan=2
-        uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
+        uci set network.${SWITCHDEV}_3=bridge-vlan
+        uci set network.${SWITCHDEV}_3.device=$SWITCHDEV
+        uci set network.${SWITCHDEV}_3.vlan=3
+        uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
+    else
+        uci set network.$SWITCHDEV=switch
+        uci set network.$SWITCHDEV.name=$SWITCHHW
+        uci set network.$SWITCHDEV.enable=1
+        uci set network.$SWITCHDEV.reset=1
+        uci set network.$SWITCHDEV.enable_vlan=1
+
+        uci set network.${SWITCHDEV}_1=switch_vlan
+        uci set network.${SWITCHDEV}_1.device=$SWITCHHW
+        uci set network.${SWITCHDEV}_1.vlan=1
+        uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
+
+        if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
+            uci set network.${SWITCHDEV}_2=switch_vlan
+            uci set network.${SWITCHDEV}_2.device=$SWITCHHW
+            uci set network.${SWITCHDEV}_2.vlan=2
+            uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
+        fi
+
+        uci set network.${SWITCHDEV}_3=switch_vlan
+        uci set network.${SWITCHDEV}_3.device=$SWITCHHW
+        uci set network.${SWITCHDEV}_3.vlan=3
+        uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
    fi

-    uci set network.${SWITCHDEV}_3=switch_vlan
-    uci set network.${SWITCHDEV}_3.device=$SWITCHHW
-    uci set network.${SWITCHDEV}_3.vlan=3
-    uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
-
    uci set network.client.ifname="$SWITCHDEV.1 bat0"

    uci set network.ethmesh.ifname="$SWITCHDEV.3"
--- a/src/packages/fff/fff-network/mips64/network.ubnt,edgerouter-4
+++ b/src/packages/fff/fff-network/mips64/network.ubnt,edgerouter-4
@ -0,0 +1,10 @@
+. /lib/functions/fff/network
+
+WANDEV=switch0
+SWITCHDEV=switch0
+CLIENT_PORTS="lan2"
+WAN_PORTS="lan0"
+BATMAN_PORTS="lan1"
+DSA=1
+
+ROUTERMAC=$(cat /sys/class/net/lan3/address)
--- a/src/packages/fff/fff-network/mipsel/network.netgear-r6220
+++ b/src/packages/fff/fff-network/mipsel/network.netgear-r6220
--- a/src/packages/fff/fff-network/mipsel/network.ubnt,edgerouter-x
+++ b/src/packages/fff/fff-network/mipsel/network.ubnt,edgerouter-x
@ -0,0 +1,10 @@
+. /lib/functions/fff/network
+
+WANDEV=switch0
+SWITCHDEV=switch0
+CLIENT_PORTS="eth3 eth4"
+WAN_PORTS="eth0"
+BATMAN_PORTS="eth1 eth2"
+DSA=1
+
+ROUTERMAC=$(cat /sys/class/net/eth0/address)
--- a/src/packages/fff/fff-network/mipsel/network.ubnt,edgerouter-x-sfp
+++ b/src/packages/fff/fff-network/mipsel/network.ubnt,edgerouter-x-sfp
@ -0,0 +1,10 @@
+. /lib/functions/fff/network
+
+WANDEV=switch0
+SWITCHDEV=switch0
+CLIENT_PORTS="eth3 eth4 eth5"
+WAN_PORTS="eth0"
+BATMAN_PORTS="eth1 eth2"
+DSA=1
+
+ROUTERMAC=$(cat /sys/class/net/eth0/address)
--- a/src/packages/fff/fff-network/mipsel/network.ubnt-erx
+++ b/src/packages/fff/fff-network/mipsel/network.ubnt-erx
@ -1,9 +0,0 @@
-. /lib/functions/fff/network
-
-WANDEV=eth0
-SWITCHDEV=eth0
-CLIENT_PORTS="6t 3 4"
-WAN_PORTS="6t 0"
-BATMAN_PORTS="6t 1 2"
-
-ROUTERMAC=$(cat /sys/class/net/eth0/address)
--- a/src/packages/fff/fff-network/mipsel/network.ubnt-erx-sfp
+++ b/src/packages/fff/fff-network/mipsel/network.ubnt-erx-sfp
@ -1,9 +0,0 @@
-. /lib/functions/fff/network
-
-WANDEV=eth0
-SWITCHDEV=eth0
-CLIENT_PORTS="6t 3 4"
-WAN_PORTS="6t 0"
-BATMAN_PORTS="6t 1 2"
-
-ROUTERMAC=$(cat /sys/class/net/eth0/address)
--- a/src/packages/fff/fff-nodewatcher/files/usr/lib/nodewatcher.d/10-systemdata.sh
+++ b/src/packages/fff/fff-nodewatcher/files/usr/lib/nodewatcher.d/10-systemdata.sh
@ -76,6 +76,8 @@ fi

 if [ -x /usr/sbin/babeld ]; then
 	SYSTEM_DATA="$SYSTEM_DATA<babel_version>$(/usr/sbin/babeld -V 2>&1)</babel_version>"
+elif [ -x /usr/sbin/bird ]; then
+	SYSTEM_DATA="$SYSTEM_DATA<babel_version>$(/usr/sbin/bird --version 2>&1 | sed "s/BIRD version /bird-/")</babel_version>"
 fi

 # example for /etc/openwrt_release:
--- a/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade
+++ b/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade
@ -4,8 +4,8 @@

 cat > /etc/sysupgrade.conf <<-__EOF__
 /etc/shadow
-/etc/dropbear/dropbear_dss_host_key
 /etc/dropbear/dropbear_rsa_host_key
+/etc/dropbear/dropbear_ed25519_host_key
 /etc/dropbear/authorized_keys
 /etc/network.config
 /etc/config/fff
--- a/src/packages/fff/fff-web-ui/Makefile
+++ b/src/packages/fff/fff-web-ui/Makefile
@ -10,7 +10,7 @@ define Package/$(PKG_NAME)
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken Webinterface
 	URL:=http://www.freifunk-franken.de
-	DEPENDS:=+uhttpd +libustream-mbedtls +haserl +px5g +fff-simple-tc \
+	DEPENDS:=+uhttpd +libustream-wolfssl +haserl +px5g +fff-simple-tc \
 			 +fff-boardname +fff-config +fff-network +fff-hoodutils \
 			 +@BUSYBOX_CONFIG_WGET +@BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT
 endef
--- a/src/packages/fff/fff-wireguard/Makefile
+++ b/src/packages/fff/fff-wireguard/Makefile
@ -12,8 +12,9 @@ define Package/fff-wireguard
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:= \
 		+owipcalc \
-		+wireguard \
-		+fff-babeld \
+		+kmod-wireguard \
+		+wireguard-tools \
+		+fff-babel \
 		+fff-network
 endef

--- a/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
+++ b/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
@ -29,7 +29,7 @@ configure() {
 		fi
 	}

-	config_load babeld
+	config_load network
 	config_foreach remove_wgpeer interface


@ -126,7 +126,7 @@ configure() {
 		babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }

 		# add babel interface
-		babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
+		babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babel interface for wgpeer $name"; exit 1; }
 	}

 	config_load gateway
@ -135,12 +135,16 @@ configure() {

 apply() {
 	uci commit network
-	uci commit babeld
 	uci commit gateway
+	babel_apply
+}
+
+reload() {
+	babel_reload
 }

 revert() {
 	uci revert network
-	uci revert babeld
 	uci revert gateway
+	babel_revert
 }
Author	SHA1	Message	Date
Fabian Bläse	d773fb1ed1	buildscript: fix fetch step	2021-06-04 00:27:22 +02:00
Fabian Bläse	8f7f2920a3	firewall: Add flow offloading	2021-06-04 00:26:46 +02:00
Fabian Bläse	ce18ff4fe6	layer3: Enable flow offloading	2021-06-04 00:26:44 +02:00
Fabian Bläse	abd4c2517d	buildscript: Update to OpenWrt 21.02.0-rc2	2021-06-04 00:26:40 +02:00
Fabian Bläse	e22d5b4269	Increase preference of kernel routes to ensure local routes are announced properly in anycast situations	2021-04-27 21:01:42 +02:00
Fabian Bläse	42f6272cf2	fff-network: Add comments to set sysctls To make it clear why the set sysctls are necessary, add appropriate comments to them. Also reorder them for improved readability. Signed-off-by: Fabian Bläse <fabian@blaese.de>	2021-04-19 20:33:08 +02:00
Fabian Bläse	fd2fc838a3	fff-network: Remove obsolete and unnecessary sysctls Many of the set sysctls are either unnecessary, are already default in the kernel or in OpenWrts defaults, or the reason for them being explicitly set is unknown. Remove all those sysctls from fff-network, as unfounded deviations from default values will cause hard-to-debug problems in the future. The original motivation for this patch is the netdev_max_backlog sysctl, which was set to a very low value without any reason or comment. This hurt forwarding performance on mt7621 with DSA significantly and took quite a while to discover. Signed-off-by: Fabian Bläse <fabian@blaese.de>	2021-04-19 20:33:08 +02:00
Fabian Bläse	85513e0350	Fix bird reload issues when old configuration is present	2021-04-19 20:33:08 +02:00
Fabian Bläse	1a7b97f089	WIP: try to fix issues with bird configuration	2021-04-19 18:16:23 +02:00
Fabian Bläse	9713449f65	Update OpenWrt snapshot	2021-04-17 13:14:46 +02:00
Fabian Bläse	01f7b6c792	save ed25519 host key	2021-03-14 14:38:17 +01:00
Fabian Bläse	2bd62540f5	Fix small issue with apply return value	2021-03-14 14:37:58 +01:00
Fabian Bläse	15208f03c3	small babel-bird fixups	2021-03-14 14:29:34 +01:00
Fabian Bläse	67cf0134d5	switch back to master	2021-03-14 14:09:56 +01:00
Fabian Bläse	fa6f82b1bb	Merge branch 'bird2' into dsa2	2021-03-14 12:17:38 +01:00
Fabian Bläse	707a83ffd1	Merge remote-tracking branch 'upstream/master' into dsa2	2021-03-07 14:49:54 +01:00
Fabian Bläse	49b462ea40	Use openwrt-21.02 branch	2021-03-07 14:48:01 +01:00
Fabian Bläse	6b6ff569d5	Add support for edgerouter 4 Signed-off-by: Fabian Bläse <fabian@blaese.de>	2021-03-07 01:25:02 +01:00
Fabian Bläse	ae3456a449	Update openwrt which resolves weird workaround	2021-03-02 23:26:11 +01:00
Fabian Bläse	8d0a7118c7	Add bird babel implementation Signed-off-by: Fabian Bläse <fabian@blaese.de>	2021-02-15 02:27:06 +01:00
Fabian Bläse	f7e1ec318f	Make babel modular Signed-off-by: Fabian Bläse <fabian@blaese.de>	2021-02-15 01:06:15 +01:00
Fabian Bläse	7d7e0ae891	Remove implementation-specific references Signed-off-by: Fabian Bläse <fabian@blaese.de>	2021-02-15 00:34:56 +01:00
Fabian Bläse	1c4e5cec4b	Lookup removed babel interfaces in network instead of babeld config Signed-off-by: Fabian Bläse <fabian@blaese.de>	2021-02-15 00:32:53 +01:00
Fabian Bläse	45b47b052a	initial dsa switch changes	2021-02-12 15:20:00 +01:00
Fabian Bläse	97161949aa	device renames	2021-02-12 03:41:53 +01:00
Fabian Bläse	02698dea6a	Switch to OpenWrt master	2021-02-12 03:39:55 +01:00
Fabian Bläse	cd7f052e22	Switch to libustream-wolfssl	2021-02-12 03:39:55 +01:00
Fabian Bläse	6d039defc1	Refresh patches for OpenWrt master	2021-02-12 03:39:55 +01:00