fff-layer3-config: add rules for router_ip

This forces routes for packets originating from a router_ip to be looked up in the fff table. If the router_ips don't happen to be included in the client network's subnet, the decision defaults to a main table lookup. This causes packets to choose the wrong interface. This patch forces packets from a router_ip to be routed via the fff table. Fixes #175 Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2021-11-29 20:30:05 +01:00
104 changed files with 663 additions and 1478 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -1,45 +0,0 @@
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      tags: true
 pipeline:
  buildall-layer3:
    image: openwrtorg/imagebuilder
    commands:
      - export HOME=/home/build/openwrt
      - sudo chown -R build:build .
      - git config --global user.email "ci@fff.community"
      - git config --global user.name "FFF CI"
      - ./buildscript selectvariant layer3
      - ./buildscript selectbsp bsp/ath79-generic.bsp
      - ./buildscript prepare
      - ./buildscript buildall
  buildall-node:
    image: openwrtorg/imagebuilder
    commands:
      - export HOME=/home/build/openwrt
      - sudo chown -R build:build .
      - git config --global user.email "ci@fff.community"
      - git config --global user.name "FFF CI"
      - ./buildscript selectvariant node
      - ./buildscript selectbsp bsp/ath79-generic.bsp
      - ./buildscript prepare
      - ./buildscript buildall
  distribute:
    image: alpine/git
    volumes:
      - /var/lib/woodpecker/artifacts:/var/run/artifacts
    commands:
      - rm -rf /var/run/artifacts/$(git describe --tags)
      - mkdir -p /var/run/artifacts/$(git describe --tags)
      - cp -r bin/* /var/run/artifacts/$(git describe --tags)/
      - echo
      - echo
      - echo "You can download the built firmware images here:"
      - echo "https://ci.fff.community/artifacts/$(git describe --tags)"
 branches: [ master ]
--- a/bsp/ath79-generic/.config
+++ b/bsp/ath79-generic/.config
@ -7,11 +7,11 @@ CONFIG_TARGET_MULTI_PROFILE=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-ar150=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_glinet_gl-ar150=""
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c25-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v2=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v2=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c7-v2="-kmod-ath10k-ct kmod-ath10k -ath10k-firmware-qca988x-ct ath10k-firmware-qca988x"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v5=y
@ -88,7 +88,6 @@ CONFIG_PACKAGE_wpad-mini=m
 CONFIG_PACKAGE_ath10k-firmware-qca9887=m
 CONFIG_PACKAGE_ath10k-firmware-qca9888=m
 CONFIG_PACKAGE_ath10k-firmware-qca988x=m
 CONFIG_PACKAGE_kmod-ath10k-smallbuffers=m
 CONFIG_PACKAGE_kmod-ath10k=m
 CONFIG_PACKAGE_ath10k-firmware-qca9887-ct=m
 CONFIG_PACKAGE_ath10k-firmware-qca9888-ct=m
--- a/bsp/octeon.bsp
+++ b/bsp/octeon.bsp
@ -1,5 +1,4 @@
 chipset=octeon
 subtarget=generic
 images=(
        "openwrt-${chipset}-ubnt_edgerouter-4-*"
--- a/bsp/x86-64.bsp
+++ b/bsp/x86-64.bsp
@ -1,4 +0,0 @@
 chipset=x86
 subtarget=64
 images=("openwrt-${chipset}-${subtarget}-generic-squashfs-combined-*"
        )
--- a/bsp/x86-64/.config
+++ b/bsp/x86-64/.config
@ -1,19 +0,0 @@
 # Generated using "./buildscript config openwrt".
 # Do no edit manually
 #
 CONFIG_TARGET_x86=y
 CONFIG_TARGET_x86_64=y
 CONFIG_TARGET_x86_64_DEVICE_generic=y
 # CONFIG_TARGET_ROOTFS_EXT4FS is not set
 CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 # CONFIG_BUSYBOX_CONFIG_BRCTL is not set
 # CONFIG_BUSYBOX_CONFIG_CROND is not set
 # CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
 # CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
 # CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
 CONFIG_CLEAN_IPKG=y
 # CONFIG_PACKAGE_ALFRED_VIS is not set
 CONFIG_PACKAGE_kmod-vmxnet3=y
 CONFIG_PACKAGE_opkg=m
 CONFIG_STRIP_KERNEL_EXPORTS=y
--- a/build_patches/openwrt/0005-mac80211-add-back-ath10k_pci-memory-hacks.patch
+++ b/build_patches/openwrt/0005-mac80211-add-back-ath10k_pci-memory-hacks.patch
@ -0,0 +1,72 @@
 From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 Date: Wed, 10 Feb 2021 22:53:00 +0100
 Subject: mac80211: add back ath10k_pci memory hacks
 These hacks have been removed in commit 1e27befe63ff ("mac80211: remove
 ath10k_pci memory hacks").
 However, since we still use mainline ath10k, we will need them.
 Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 diff --git a/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch b/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch
 new file mode 100644
 index 0000000000000000000000000000000000000000..e907c7ab73677a3db928ef3620d77bf22a4d752a
 --- /dev/null
 +++ b/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch
@@ -0,0 +1,11 @@
 +--- a/drivers/net/wireless/ath/ath10k/htt.h
 ++++ b/drivers/net/wireless/ath/ath10k/htt.h
 +@@ -236,7 +236,7 @@ enum htt_rx_ring_flags {
 + };
 + 
 + #define HTT_RX_RING_SIZE_MIN 128
 +-#define HTT_RX_RING_SIZE_MAX 2048
 ++#define HTT_RX_RING_SIZE_MAX 512
 + #define HTT_RX_RING_SIZE HTT_RX_RING_SIZE_MAX
 + #define HTT_RX_RING_FILL_LEVEL (((HTT_RX_RING_SIZE) / 2) - 1)
 + #define HTT_RX_RING_FILL_LEVEL_DUAL_MAC (HTT_RX_RING_SIZE - 1)
 diff --git a/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch b/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch
 new file mode 100644
 index 0000000000000000000000000000000000000000..b5e5c3a9bb00a407096936ece1916e331e0164f5
 --- /dev/null
 +++ b/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch
@@ -0,0 +1,38 @@
 +--- a/drivers/net/wireless/ath/ath10k/pci.c
 ++++ b/drivers/net/wireless/ath/ath10k/pci.c
 +@@ -131,7 +131,7 @@ static const struct ce_attr pci_host_ce_
 + 		.flags = CE_ATTR_FLAGS,
 + 		.src_nentries = 0,
 + 		.src_sz_max = 2048,
 +-		.dest_nentries = 512,
 ++		.dest_nentries = 128,
 + 		.recv_cb = ath10k_pci_htt_htc_rx_cb,
 + 	},
 + 
 +@@ -140,7 +140,7 @@ static const struct ce_attr pci_host_ce_
 + 		.flags = CE_ATTR_FLAGS,
 + 		.src_nentries = 0,
 + 		.src_sz_max = 2048,
 +-		.dest_nentries = 128,
 ++		.dest_nentries = 64,
 + 		.recv_cb = ath10k_pci_htc_rx_cb,
 + 	},
 + 
 +@@ -167,7 +167,7 @@ static const struct ce_attr pci_host_ce_
 + 		.flags = CE_ATTR_FLAGS,
 + 		.src_nentries = 0,
 + 		.src_sz_max = 512,
 +-		.dest_nentries = 512,
 ++		.dest_nentries = 128,
 + 		.recv_cb = ath10k_pci_htt_rx_cb,
 + 	},
 + 
 +@@ -192,7 +192,7 @@ static const struct ce_attr pci_host_ce_
 + 		.flags = CE_ATTR_FLAGS,
 + 		.src_nentries = 0,
 + 		.src_sz_max = 2048,
 +-		.dest_nentries = 128,
 ++		.dest_nentries = 96,
 + 		.recv_cb = ath10k_pci_pktlog_rx_cb,
 + 	},
 + 
--- a/build_patches/openwrt/0011-generic-add-support-for-EON-EN25QX128A-spi-nor-flash.patch
+++ b/build_patches/openwrt/0011-generic-add-support-for-EON-EN25QX128A-spi-nor-flash.patch
@ -1,106 +0,0 @@
 From 3b63209f03007e755c4a076d0a81a60fdf15dcd0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
 Date: Wed, 16 Nov 2022 11:41:32 +0100
 Subject: [PATCH] generic: add support for EON EN25QX128A spi nor flash
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Add support for EON EN25QX128A spi nor flash with no flags as it does
 support SFDP parsing.
 Fixes: #9442
 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
 [fabian@blaese.de: Backport to Kernel 5.4]
 Signed-off-by: Fabian Bläse <fabian@blaese.de>
 ---
 .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
 .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
 .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
 create mode 100644 target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
 create mode 100644 target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
 diff --git a/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
 new file mode 100644
 index 0000000000..0a681d6753
 --- /dev/null
 +++ b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
@@ -0,0 +1,21 @@
 +From: Christian Marangi <ansuelsmth@gmail.com>
 +Subject: kernel/mtd: add support for EON EN25QX128A
 +
 +Add support for EON EN25QX128A with no flags as it does
 +support SFDP parsing.
 +
 +Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 +---
 + drivers/mtd/spi-nor/spi-nor.c | 1 +
 + 1 file changed, 1 insertion(+)
 +
 +--- a/drivers/mtd/spi-nor/eon.c
 ++++ b/drivers/mtd/spi-nor/eon.c
 +@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
 + 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
 + 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256,
 + 			     SECT_4K | SPI_NOR_DUAL_READ) },
 ++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
 + 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
 + 			     SECT_4K | SPI_NOR_DUAL_READ) },
 + 	{ "en25qh16",   INFO(0x1c7015, 0, 64 * 1024,   32,
 diff --git a/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
 new file mode 100644
 index 0000000000..0a681d6753
 --- /dev/null
 +++ b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
@@ -0,0 +1,21 @@
 +From: Christian Marangi <ansuelsmth@gmail.com>
 +Subject: kernel/mtd: add support for EON EN25QX128A
 +
 +Add support for EON EN25QX128A with no flags as it does
 +support SFDP parsing.
 +
 +Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 +---
 + drivers/mtd/spi-nor/spi-nor.c | 1 +
 + 1 file changed, 1 insertion(+)
 +
 +--- a/drivers/mtd/spi-nor/eon.c
 ++++ b/drivers/mtd/spi-nor/eon.c
 +@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
 + 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
 + 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256,
 + 			     SECT_4K | SPI_NOR_DUAL_READ) },
 ++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
 + 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
 + 			     SECT_4K | SPI_NOR_DUAL_READ) },
 + 	{ "en25qh16",   INFO(0x1c7015, 0, 64 * 1024,   32,
 diff --git a/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
 new file mode 100644
 index 0000000000..0a681d6753
 --- /dev/null
 +++ b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
@@ -0,0 +1,18 @@
 +From: Fabian Bläse <fabian@blaese.de>
 +Subject: kernel/mtd: add support for EON EN25QX128A
 +
 +Signed-off-by: Fabian Bläse <fabian@blaese.de>
 +---
 + drivers/mtd/spi-nor/spi-nor.c | 1 +
 + 1 file changed, 1 insertion(+)
 +
 +--- a/drivers/mtd/spi-nor/spi-nor.c
 ++++ b/drivers/mtd/spi-nor/spi-nor.c
 +@@ -2240,8 +2240,9 @@ static const struct flash_info spi_nor_i
 + 	{ "en25p64",    INFO(0x1c2017, 0, 64 * 1024,  128, 0) },
 + 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
 + 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256, SECT_4K) },
 ++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024,  256, 0) },
 + 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
 + 			SECT_4K | SPI_NOR_DUAL_READ) },
 + 	{ "en25qh32",   INFO(0x1c7016, 0, 64 * 1024,   64, 0) },
 -- 
 2.38.1
--- a/build_patches/openwrt/0020-kernel-5.4-backport-fix-to-allow-bridge-in-bridge-co.patch
+++ b/build_patches/openwrt/0020-kernel-5.4-backport-fix-to-allow-bridge-in-bridge-co.patch
@ -0,0 +1,101 @@
 From c50ece58c41647880cc74c927d98b465cdfbdad8 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
 Date: Sun, 29 Aug 2021 21:21:35 +0200
 Subject: [PATCH] kernel: backport switchdev fix for bridge in bridge
 configurations
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 This patch fixes the forwarding behavior of bridge in bridge
 configurations with DSA.
 Without it, the configuration of the upper bridge might overwrite
 settings of the lower bridge. For example, a vlan-aware bridge
 with DSA interfaces in it might be offloaded to the DSA hardware. If the
 bridge interface itself gets slave of a different bridge without vlan
 filtering, the vlan filtering setting of the lower bridge is overwritten
 by the upper bridge, which results in an incorrect hardware
 configuration.
 This was backported from kernel 5.7.
 Ref: https://lore.kernel.org/netdev/20191222192235.GK25745@shell.armlinux.org.uk/
 Fixes: FS#3996
 Signed-off-by: Fabian Bläse <fabian@blaese.de>
 ---
 ...-not-propagate-bridge-updates-across.patch | 60 +++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
 diff --git a/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch b/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
 new file mode 100644
 index 000000000000..bc8014b772f8
 --- /dev/null
 +++ b/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
@@ -0,0 +1,60 @@
 +From 07c6f9805f12f1bb538ef165a092b300350384aa Mon Sep 17 00:00:00 2001
 +From: Russell King <rmk+kernel@armlinux.org.uk>
 +Date: Wed, 26 Feb 2020 17:14:21 +0000
 +Subject: [PATCH] net: switchdev: do not propagate bridge updates across
 + bridges
 +
 +When configuring a tree of independent bridges, propagating changes
 +from the upper bridge across a bridge master to the lower bridge
 +ports brings surprises.
 +
 +For example, a lower bridge may have vlan filtering enabled.  It
 +may have a vlan interface attached to the bridge master, which may
 +then be incorporated into another bridge.  As soon as the lower
 +bridge vlan interface is attached to the upper bridge, the lower
 +bridge has vlan filtering disabled.
 +
 +This occurs because switchdev recursively applies its changes to
 +all lower devices no matter what.
 +
 +Reviewed-by: Ido Schimmel <idosch@mellanox.com>
 +Tested-by: Ido Schimmel <idosch@mellanox.com>
 +Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
 +Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
 +Signed-off-by: David S. Miller <davem@davemloft.net>
 +---
 + net/switchdev/switchdev.c | 9 +++++++++
 + 1 file changed, 9 insertions(+)
 +
 +diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c
 +index 60630762a748b7..f25604d68337cf 100644
 +--- a/net/switchdev/switchdev.c
 ++++ b/net/switchdev/switchdev.c
 +@@ -476,6 +476,9 @@ static int __switchdev_handle_port_obj_a
 + 	 * necessary to go through this helper.
 + 	 */
 + 	netdev_for_each_lower_dev(dev, lower_dev, iter) {
 ++		if (netif_is_bridge_master(lower_dev))
 ++			continue;
 ++
 + 		err = __switchdev_handle_port_obj_add(lower_dev, port_obj_info,
 + 						      check_cb, add_cb);
 + 		if (err && err != -EOPNOTSUPP)
 +@@ -528,6 +531,9 @@ static int __switchdev_handle_port_obj_d
 + 	 * necessary to go through this helper.
 + 	 */
 + 	netdev_for_each_lower_dev(dev, lower_dev, iter) {
 ++		if (netif_is_bridge_master(lower_dev))
 ++			continue;
 ++
 + 		err = __switchdev_handle_port_obj_del(lower_dev, port_obj_info,
 + 						      check_cb, del_cb);
 + 		if (err && err != -EOPNOTSUPP)
 +@@ -579,6 +585,9 @@ static int __switchdev_handle_port_attr_
 + 	 * necessary to go through this helper.
 + 	 */
 + 	netdev_for_each_lower_dev(dev, lower_dev, iter) {
 ++		if (netif_is_bridge_master(lower_dev))
 ++			continue;
 ++
 + 		err = __switchdev_handle_port_attr_set(lower_dev, port_attr_info,
 + 						       check_cb, set_cb);
 + 		if (err && err != -EOPNOTSUPP)
 -- 
 2.33.0
--- a/build_patches/openwrt/0020-mt7621-retain-old-compat_version.patch
+++ b/build_patches/openwrt/0020-mt7621-retain-old-compat_version.patch
@ -0,0 +1,19 @@
 From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
 Date: Sat, 23 Oct 2021 23:34:07 +0200
 Subject: [PATCH] mt7621: retain old compat_version
 diff --git a/target/linux/ramips/image/mt7621.mk b/target/linux/ramips/image/mt7621.mk
 index a3bc14d59d..99887e8192 100644
 --- a/target/linux/ramips/image/mt7621.mk
 +++ b/target/linux/ramips/image/mt7621.mk
@@ -91,8 +91,7 @@ define Build/zytrx-header
 endef
 define Device/dsa-migration
 -  DEVICE_COMPAT_VERSION := 1.1
 -  DEVICE_COMPAT_MESSAGE := Config cannot be migrated from swconfig to DSA
 +  DEVICE_COMPAT_VERSION := 1.0
 endef
 define Device/adslr_g7
--- a/build_patches/openwrt/0050-Disable-ipq40xx-lan-wan-separation.patch
+++ b/build_patches/openwrt/0050-Disable-ipq40xx-lan-wan-separation.patch
@ -38,20 +38,20 @@ index ac11655904..147e159ea1 100755
 	;;
 avm,fritzbox-7530 |\
 diff --git a/target/linux/ipq40xx/base-files/etc/board.d/02_network b/target/linux/ipq40xx/base-files/etc/board.d/02_network
-index 87c79db5e1..666be0d145 100755
+index 1d4c78833a..ea2cc60186 100755
 --- a/target/linux/ipq40xx/base-files/etc/board.d/02_network
 +++ b/target/linux/ipq40xx/base-files/etc/board.d/02_network
-@@ -58,9 +58,8 @@ ipq40xx_setup_interfaces()
+@@ -59,9 +59,8 @@ ipq40xx_setup_interfaces()
 	avm,fritzbox-4040|\
 	linksys,ea6350v3|\
- 	linksys,ea8300)
+ 	linksys,ea8300|\
 	linksys,mr8300)
 -		ucidef_set_interfaces_lan_wan "eth0" "eth1"
 		ucidef_add_switch "switch0" \
 -			"0u@eth0" "1:lan" "2:lan" "3:lan" "4:lan"
 +			"0@eth0" "1:lan" "2:lan" "3:lan" "4:lan" "5:wan"
 		;;
- 	linksys,mr8300)
+ 	avm,fritzbox-7530)
- 		ucidef_set_interfaces_lan_wan "eth0" "eth1"
+ 		ucidef_add_switch "switch0" \
 diff --git a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h b/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
 index 015e5f5026..daa60639d1 100644
 --- a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
@ -80,10 +80,10 @@ index 015e5f5026..daa60639d1 100644
 /* Queues exposed to linux kernel */
 #define EDMA_NETDEV_TX_QUEUE 4
 diff --git a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
-index 545e3985ae..28453c2363 100644
+index c35ba2799f..0517e4f29e 100644
 --- a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
 +++ b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
-@@ -1483,6 +1483,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
+@@ -1481,6 +1481,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
 	unsigned long bmp;
 	/* By default Enable VLAN */
@ -91,7 +91,7 @@ index 545e3985ae..28453c2363 100644
 	priv->vlan = 1;
 	priv->vlan_table[AR40XX_LAN_VLAN] = priv->cpu_bmp | priv->lan_bmp;
 	priv->vlan_table[AR40XX_WAN_VLAN] = priv->cpu_bmp | priv->wan_bmp;
-@@ -1494,6 +1495,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
+@@ -1492,6 +1493,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
 	bmp = priv->wan_bmp;
 	for_each_set_bit(port, &bmp, AR40XX_NUM_PORTS)
 			priv->pvid[port] = AR40XX_WAN_VLAN;
@ -100,7 +100,7 @@ index 545e3985ae..28453c2363 100644
 	return 0;
 }
 diff --git a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
-index 3567eb7810..b13b312a91 100644
+index 7b2ddfe00d..1a01b08e41 100644
 --- a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
 +++ b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
@@ -36,7 +36,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
--- a/build_patches/openwrt/0100-Add-hack-which-fixes-forwarding-on-a-stacked-bridge-.patch
+++ b/build_patches/openwrt/0100-Add-hack-which-fixes-forwarding-on-a-stacked-bridge-.patch
@ -1,32 +0,0 @@
 From f53b71d2907eeb0d80e79d99fa7b756b5e5bf32b Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
 Date: Thu, 24 Feb 2022 00:04:47 +0100
 Subject: [PATCH] Add hack which fixes forwarding on a stacked bridge
 configuration using DSA
 ---
 .../hack-5.4/999-fix-stacked-bridge-forwarding.patch | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
 diff --git a/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
 new file mode 100644
 index 0000000000..e1d4cb9cd5
 --- /dev/null
 +++ b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
@@ -0,0 +1,12 @@
 +--- a/net/bridge/br_input.c
 ++++ b/net/bridge/br_input.c
 +@@ -52,6 +52,9 @@ static int br_pass_frame_up(struct sk_bu
 + 		return NET_RX_DROP;
 + 	}
 + 
 ++	/* remove offload flag, so upper bridges do not drop the packet */
 ++	br_switchdev_frame_unmark(skb);
 ++
 + 	indev = skb->dev;
 + 	skb->dev = brdev;
 + 	skb = br_handle_vlan(br, NULL, vg, skb);
 -- 
 2.35.1
--- a/build_patches/openwrt/0200-mpc85xx-Drop-pci-aliases-to-avoid-domain-changes.patch
+++ b/build_patches/openwrt/0200-mpc85xx-Drop-pci-aliases-to-avoid-domain-changes.patch
@ -1,158 +0,0 @@
 From 7f4b4c29f3489697dca7495216460d0ed5023e02 Mon Sep 17 00:00:00 2001
 From: Martin Kennedy <hurricos@gmail.com>
 Date: Mon, 29 Aug 2022 20:47:24 -0400
 Subject: [PATCH] mpc85xx: Drop pci aliases to avoid domain changes
 As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
 domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
 domain address is no longer numbered by the lowest 16 bits of the PCI
 register address after a fallthrough. Instead of the fallthrough, the
 enumeration process accepts the alias ID (as determined by
 `of_alias_scan()`). This causes e.g.:
 9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
 9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
 to become
 0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
 0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
 ... which then causes the sysfs path of the netdev to change,
 invalidating the `wifi_device.path`s enumerated in
 `/etc/config/wireless`.
 One other solution might be to migrate the uci configuration, as was
 done for mvebu in commit 0bd5aa89fcf2 ("mvebu: Migrate uci config to
 new PCIe path"). However, there are concerns that the sysfs path will
 change once again once some upstream patches[^2][^3] are merged and
 backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
 Instead, remove the aliases and allow the fallthrough to continue for
 now. We will provide a migration in a later release.
 This was first reported as a Github issue[^1].
 [^1]: https://github.com/openwrt/openwrt/issues/10530
 [^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
 [^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/
 Fixes: #10530
 Tested-by: Martin Kennedy <hurricos@gmail.com>
 [Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
 Signed-off-by: Martin Kennedy <hurricos@gmail.com>
 ---
 .../files/arch/powerpc/boot/dts/hiveap-330.dts     | 13 +++++++++++++
 .../mpc85xx/files/arch/powerpc/boot/dts/panda.dts  | 14 ++++++++++++++
 .../files/arch/powerpc/boot/dts/red-15w-rev1.dts   | 14 ++++++++++++++
 .../files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts  | 13 +++++++++++++
 .../files/arch/powerpc/boot/dts/ws-ap3710i.dts     | 13 +++++++++++++
 6 files changed, 80 insertions(+)
 diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
 index ccf60eaeed0e1..d6a8da84ef66d 100644
 --- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
 +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
@@ -300,3 +300,16 @@
 	};
 };
 /include/ "fsl/p1020si-post.dtsi"
 +
 +/*
 + * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
 + * aliases to determine PCI domain numbers, drop aliases so as not to
 + * change the sysfs path of our wireless netdevs.
 + */
 +
 +/ {
 +	aliases {
 +		/delete-property/ pci0;
 +		/delete-property/ pci1;
 +	};
 +};
 diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
 index baaa4a43fd559..9be822f7bb8ac 100644
 --- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
 +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
@@ -265,3 +265,17 @@
 	};
 };
 /include/ "fsl/p1020si-post.dtsi"
 +
 +/*
 + * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
 + * aliases to determine PCI domain numbers, drop aliases so as not to
 + * change the sysfs path of our wireless netdevs.
 + */
 +
 +/ {
 +	aliases {
 +		/delete-property/ pci0;
 +		/delete-property/ pci1;
 +	};
 +};
 +
 diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
 index 1fd6a4aa49713..db35602b94b5b 100644
 --- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
 +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
@@ -214,3 +214,17 @@
 };
 /include/ "fsl/p1010si-post.dtsi"
 +
 +/*
 + * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
 + * aliases to determine PCI domain numbers, drop aliases so as not to
 + * change the sysfs path of our wireless netdevs.
 + */
 +
 +/ {
 +	aliases {
 +		/delete-property/ pci0;
 +		/delete-property/ pci1;
 +	};
 +};
 +
 diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
 index fbe1c0ee705d2..12281808aa5b6 100644
 --- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
 +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
@@ -302,3 +302,16 @@
 		/delete-node/ crypto@30000; /* Pulled in by p1010si-post */
 	};
 };
 +
 +/*
 + * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
 + * aliases to determine PCI domain numbers, drop aliases so as not to
 + * change the sysfs path of our wireless netdevs.
 + */
 +
 +/ {
 +	aliases {
 +		/delete-property/ pci0;
 +		/delete-property/ pci1;
 +	};
 +};
 diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
 index c5588d80275e2..5d81da4686413 100644
 --- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
 +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
@@ -173,3 +173,16 @@
 };
 /include/ "fsl/p1020si-post.dtsi"
 +
 +/*
 + * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
 + * aliases to determine PCI domain numbers, drop aliases so as not to
 + * change the sysfs path of our wireless netdevs.
 + */
 +
 +/ {
 +	aliases {
 +		/delete-property/ pci0;
 +		/delete-property/ pci1;
 +	};
 +};
--- a/53
+++ b/53
@ -7,15 +7,15 @@ set -o pipefail
 builddir=./build
 # OpenWrt: package hashes correspond to core repo version
-OPENWRTREV="v21.02.5"
+OPENWRTREV="v21.02.0"
-PACKAGEREV="0b16e3f359fe9d015861596d63c5bde4c56daa2e"
+PACKAGEREV="65057dcbb5de371503c9159de3d45824bec482e0"
-ROUTINGREV="25e76489c83cfcee61e36a491896e1e9bfc3ec13"
+ROUTINGREV="c30c9ffc93702365439a7647244a052531f2e957"
 # Gluon packages: master from 2020-02-04
 GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
 OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl micrond mtr bmon"
-ROUTING_PKGS="kmod-batman-adv batctl alfred babeld bird2"
+ROUTING_PKGS="kmod-batman-adv batctl alfred babeld"
 GLUON_PKGS="simple-tc uradvd"
 FFF_VARIANTS="node layer3"
@ -126,9 +126,20 @@ prepare() {
    patch_target
    # apply variant to ensure the included file "variant.mk"
    # exists in builddir.
    apply_variant
    update_feeds
 }
 apply_variant() {
    # set the variant for this build
    export FFF_VARIANT=$(cat selected_variant)
    # force the reevaluation of this Makefile to make note of the new variant
    touch ./src/packages/fff/fff/Makefile
 }
 update_feeds() {
    ## generate own feeds.conf
    #this local variable should be globally configure variable used in get_source and here
@ -163,6 +174,8 @@ update_feeds() {
 }
 prebuild() {
    apply_variant
    #create filesdir for our config
    /bin/rm -rf "$builddir"/files
    mkdir "$builddir"/files
@ -180,9 +193,6 @@ prebuild() {
        version="$variant-$version"
    fi
    # select variant packages
    echo "CONFIG_PACKAGE_fff-${variant}=y" >> "$builddir"/.config
    {
        echo "FIRMWARE_VERSION=\"$version\""
        echo "VARIANT=\"$variant\""
@ -208,19 +218,13 @@ build() {
    case "$1" in
        "debug")
-            if [ -n "$2" ]; then
+            make V=99
                make V=99 -j $2
            else
                make V=99
            fi
            ;;
        "fast")
-            [ -n "$2" ] && threads=$2 || threads=$((cpus*2))
+            ionice -c 2 -- nice -n 1 -- make -j $((cpus*2))
            ionice -c 2 -- nice -n 1 -- make -j $threads
            ;;
        *)
-            [ -n "$2" ] && threads=$2 || threads=$((cpus+1))
+            ionice -c 3 -- nice -n 10 -- make -j $((cpus+1))
            ionice -c 3 -- nice -n 10 -- make -j $threads
            ;;
    esac
@ -286,13 +290,7 @@ cp_firmware() {
            filename_build=${f##*/}
            filename_build=${filename_build//openwrt/fff-${version}}
            filename_build=${filename_build//squashfs-/}
-
+            filename_build=${filename_build//${chipset}-${subtarget}-/}
            # The x86 OpenWrt target does not have a device name,
            # so keep the target and subtarget for identification.
            if [ "$chipset" != "x86" ]; then
                filename_build=${filename_build//${chipset}-/}
                filename_build=${filename_build//${subtarget}-/}
            fi
            cp "$f" "$imagedestpath/$filename_build"
        done
    done
@ -318,7 +316,8 @@ buildrelease() {
    fi
    cd bin/$variant
-    for binary in *.bin *.img *.img.gz *.tar; do
+    for binary in *.bin; do
        md5sum "$binary" > ./"$binary".md5
        sha256sum "$binary" > ./"$binary".sha256
    done
    echo -e "VERSION:$version" > release.nfo
@ -450,13 +449,13 @@ case "$1" in
    "build")
        if [ "$2" = "help" ] || [ "$2" = "x" ]; then
            echo "This option compiles the firmware"
-            echo "Normally the build uses lower IO and System priorities, "
+            echo "Normaly the build uses lower IO and System priorities, "
            echo "you can append \"fast\" option, to use normal user priorities"
            echo
-            echo "Usage: $0 $1 [fast|debug] [numthreads]"
+            echo "Usage: $0 $1 [fast|debug]"
            echo
        else
-            build "$2" "$3"
+            build "$2"
        fi
        ;;
    "config")
--- a/src/packages/fff/fff-alfred-monitoring-proxy/Makefile
+++ b/src/packages/fff/fff-alfred-monitoring-proxy/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-alfred-monitoring-proxy
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=5
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-alfred/Makefile
+++ b/src/packages/fff/fff-alfred/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-alfred
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=2
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-babel-bird2/Makefile
+++ b/src/packages/fff/fff-babel-bird2/Makefile
@ -1,29 +0,0 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-babel-bird2
 PKG_RELEASE:=$(COMMITCOUNT)
 include $(INCLUDE_DIR)/package.mk
 define Package/fff-babel-bird2
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken babel-bird2
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+bird2 +bird2c +owipcalc
 	PROVIDES:=fff-babel-implementation
 endef
 define Package/fff-babel-bird2/description
 	This is the Freifunk Franken Firmware babel-bird2 package.
 endef
 define Build/Compile
 	# nothing
 endef
 define Package/fff-babel-bird2/install
 	$(CP) ./files/* $(1)/
 endef
 $(eval $(call BuildPackage,fff-babel-bird2))
--- a/src/packages/fff/fff-babel-bird2/files/etc/bird-fff.conf
+++ b/src/packages/fff/fff-babel-bird2/files/etc/bird-fff.conf
@ -1,123 +0,0 @@
 # router id is not required for babeld, but necessary for bird startup
 router id 192.0.2.0;
 ipv4 table fff4;
 ipv6 sadr table fff6;
 protocol device {
 	scan time 15;
 }
 # device routes for ipv4 peering address
 protocol direct {
 	ipv4 {
 		table fff4;
 		import filter {
 			include "/tmp/bird/include/nat-filter.conf";
 			if (net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16) && net.len = 32 then {
 				accept;
 			}
 			reject;
 		};
 	};
 }
 # device routes on loopback interface
 protocol direct {
 	ipv4 {
 		table fff4;
 		import filter {
 			include "/tmp/bird/include/nat-filter.conf";
 			if net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16 then {
 				accept;
 			}
 			reject;
 		};
 	};
 	ipv6 sadr {
 		table fff6;
 		import filter {
 			if net ~ fdff::/64 from ::/0 then {
 				reject;
 			}
 			# only import GUA + ULA addresses
 			if net !~ 2000::/3 from ::/0 && net !~ fc00::/7 from ::/0 then {
 				reject;
 			}
 			accept;
 		};
 		import keep filtered;
 	};
 	interface "lo";
 }
 # ipv6 kernel route interface
 protocol kernel {
 	ipv6 sadr {
 		table fff6;
 		import filter {
 			# only import routes from kernel with proto static
 			if krt_source != 4 then {
 				reject;
 			}
 			if net ~ fdff::/64 from ::/0 then {
 				reject;
 			}
 			accept;
 		};
 		export all;
 		preference 200;
 	};
 	kernel table 10;
 	scan time 15;
 	learn yes;
 }
 # ipv4 kernel route interface
 protocol kernel {
 	ipv4 {
 		table fff4;
 		import filter {
 			include "/tmp/bird/include/nat-filter.conf";
 			# only import routes from kernel with proto static
 			if krt_source = 4 then {
 				accept;
 			}
 			reject;
 		};
 		export all;
 		preference 200;
 	};
 	kernel table 10;
 	scan time 15;
 	learn yes;
 }
 protocol babel {
 	# required due to static configuration of global router id.
 	# also improves reconnect speed after restart.
 	randomize router id yes;
 	ipv4 {
 		table fff4;
 		import all;
 		export all;
 	};
 	ipv6 sadr {
 		table fff6;
 		import all;
 		export all;
 	};
 	include "/tmp/bird/include/babelpeers.conf";
 };
--- a/src/packages/fff/fff-babel-bird2/files/etc/bird/fff/nat-filter.conf
+++ b/src/packages/fff/fff-babel-bird2/files/etc/bird/fff/nat-filter.conf
--- a/src/packages/fff/fff-babel-bird2/files/etc/init.d/fff-bird
+++ b/src/packages/fff/fff-babel-bird2/files/etc/init.d/fff-bird
@ -1,45 +0,0 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2010-2017 OpenWrt.org
 USE_PROCD=1
 START=70
 BIRD_BIN="/usr/sbin/bird"
 BIRD_CONF="/etc/bird.conf"
 BIRD_PID_FILE="/var/run/bird.pid"
 start_service() {
    mkdir -p /var/run
    set_include_path
    procd_open_instance
    procd_set_param command $BIRD_BIN -f -c $BIRD_CONF -P $BIRD_PID_FILE
    procd_set_param file "$BIRD_CONF"
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_set_param respawn
    procd_close_instance
 }
 reload_service() {
    set_include_path
    procd_send_signal fff-bird
 }
 set_include_path() {
    # Change include file path, so bird uses the correct configuration, depending on the configuration state:
    #  - If test mode is active (and /tmp/bird/fff exists), switch to the temporary configuration to be tested.
    #  - If new settings are applied or the old settings are restored after an unsuccessful test (and /tmp/bird/fff does not exist),
    #    switch back to the permanent configuration (/etc/bird/fff).
    mkdir -p /tmp/bird/include
    if [ -d /tmp/bird/fff ]; then
        echo 'include "/tmp/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
        echo 'include "/tmp/bird/fff/nat-filter.conf";'   > /tmp/bird/include/nat-filter.conf
    else
        echo 'include "/etc/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
        echo 'include "/etc/bird/fff/nat-filter.conf";'   > /tmp/bird/include/nat-filter.conf
    fi
 }
--- a/src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/30-disable-bird2
+++ b/src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/30-disable-bird2
@ -1,4 +0,0 @@
 /etc/init.d/bird disable
 rm -f /etc/init.d/bird
 exit 0
--- a/src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/60-fff-bird-config
+++ b/src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/60-fff-bird-config
@ -1,5 +0,0 @@
 # SPDX-License-Identifier: GPL-3.0-only
 mv /etc/bird-fff.conf /etc/bird.conf
 exit 0
--- a/src/packages/fff/fff-babel-bird2/files/lib/functions/fff/babeldaemon/bird2
+++ b/src/packages/fff/fff-babel-bird2/files/lib/functions/fff/babeldaemon/bird2
@ -1,72 +0,0 @@
 # SPDX-License-Identifier: GPL-3.0-only
 babel_get_version() {
 	/usr/sbin/bird --version 2>&1 | sed "s/BIRD version /bird-/"
 }
 babel_add_interface() {
 	[ "$#" -ne "4" ] && return 1
 	local name="$1"
 	local interface="$2"
 	local type="$3"
 	local rxcost="$4"
 	mkdir -p /tmp/bird/fff/babelpeers
 	echo "interface \"$interface\" { type $type; rxcost $rxcost; };" > /tmp/bird/fff/babelpeers/$name.conf
 	return 0
 }
 babel_delete_interface() {
 	[ "$#" -ne "1" ] && return 1
 	local name="$1"
 	# Removing peers from /etc is not necessary, as all peers are generated into /tmp on every configuration run,
 	# which completely overwrites existing peers in /etc in the apply step.
 	rm -f /tmp/bird/fff/babelpeers/$name.conf
 	return 0
 }
 babel_add_redistribute_filter() {
 	return 0
 }
 babel_add_private_prefix_filter() {
 	[ "$#" -ne "1" ] && return 1
 	local prefix="$1"
 	prefix=$(owipcalc "$prefix" network prefix "$prefix")
 	mkdir -p /tmp/bird/fff
 	echo "if net ~ $prefix then reject;" > /tmp/bird/fff/nat-filter.conf
 	return 0
 }
 babel_remove_custom_redistribute_filters() {
 	mkdir -p /tmp/bird/fff
 	> /tmp/bird/fff/nat-filter.conf
 	return 0
 }
 babel_apply_implementation() {
 	# error output hidden because apply might be executed without a preceding configure step.
 	if [ -d /tmp/bird/fff ]; then
 		rm -rf /etc/bird/fff
 		mv /tmp/bird/fff /etc/bird/fff
 	fi
 	return 0
 }
 babel_reload_implementation() {
 	/etc/init.d/fff-bird reload
 }
 babel_revert() {
 	rm -r /tmp/bird/fff
 }
--- a/src/packages/fff/fff-babel-bird2/files/usr/lib/nodewatcher.d/80-bird2.sh
+++ b/src/packages/fff/fff-babel-bird2/files/usr/lib/nodewatcher.d/80-bird2.sh
@ -1,20 +0,0 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-3.0-only
 set -e
 set -o pipefail
 if ! birdc show status >/dev/null 2>&1; then
 	# bird daemon not running or unavailable. exit.
 	exit 0
 fi
 neighbours="$(birdc -r show babel neighbors |
 		tail -n +5 |
 		awk '{ printf "<neighbour><ip>%s</ip><outgoing_interface>%s</outgoing_interface><link_cost>%s</link_cost></neighbour>", $1, $2, $3 }'
 	)"
 echo -n "<babel_neighbours>$neighbours</babel_neighbours>"
 exit 0
--- a/src/packages/fff/fff-babel/Makefile
+++ b/src/packages/fff/fff-babel/Makefile
@ -1,28 +0,0 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-babel
 PKG_RELEASE:=$(COMMITCOUNT)
 include $(INCLUDE_DIR)/package.mk
 define Package/fff-babel
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken babel
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-babel-implementation
 endef
 define Package/fff-babel/description
 	This is the Freifunk Franken Firmware babel package.
 endef
 define Build/Compile
 	# nothing
 endef
 define Package/fff-babel/install
 	$(CP) ./files/* $(1)/
 endef
 $(eval $(call BuildPackage,fff-babel))
--- a/src/packages/fff/fff-babeld/Makefile
+++ b/src/packages/fff/fff-babeld/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-babeld
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=8
 include $(INCLUDE_DIR)/package.mk
@ -11,7 +11,6 @@ define Package/fff-babeld
 	TITLE:=Freifunk-Franken babeld configuration example
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+babeld
 	PROVIDES:=fff-babel-implementation
 endef
 define Package/fff-babeld/description
--- a/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
+++ b/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
@ -26,7 +26,7 @@ configure() {
 		fi
 	}
-	config_load network
+	config_load babeld
 	config_foreach remove_babelpeer interface
 	#add new peers
@ -75,14 +75,14 @@ configure() {
 		babel_add_peer6addr "network.$prefixname.ip6addr"
 		# add babel interface
-		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babel interface for babelpeer $name"; exit 1; }
+		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babeld interface for babelpeer $name"; exit 1; }
 	}
 	config_load gateway
 	config_foreach add_babelpeer babelpeer
-	# configure babel filters for custom ipv6 addresses
+	# configure babeld filters for custom ipv6 addresses
 	## remove old filters
 	babel_remove_custom_redistribute_filters
@ -90,25 +90,14 @@ configure() {
 	for prefix in $(uci -q get gateway.@client[0].ip6addr); do
 		babel_add_redistribute_filter "$prefix"
 	done
 	## add deny filters for client prefixes used with snat
 	if [ "$(uci -q get gateway.@client[0].snat)" = "1" ]; then
 		for prefix in $(uci -q get gateway.@client[0].ipaddr); do
 			babel_add_private_prefix_filter "$prefix"
 		done
 	fi
 }
 apply() {
 	uci commit network
-	babel_apply
+	uci commit babeld
 }
 reload() {
 	babel_reload
 }
 revert() {
 	uci revert network
-	babel_revert
+	uci revert babeld
 }
--- a/src/packages/fff/fff-babel/files/etc/uci-defaults/26-babel-iproute
+++ b/src/packages/fff/fff-babel/files/etc/uci-defaults/26-babel-iproute
--- a/src/packages/fff/fff-babel/files/etc/uci-defaults/27-babel-network-rules
+++ b/src/packages/fff/fff-babel/files/etc/uci-defaults/27-babel-network-rules
--- a/src/packages/fff/fff-babeld/files/etc/uci-defaults/30-disable-babeld
+++ b/src/packages/fff/fff-babeld/files/etc/uci-defaults/30-disable-babeld
@ -1,3 +0,0 @@
 /etc/init.d/babeld disable
 exit 0
--- a/src/packages/fff/fff-babeld/files/lib/functions/fff/babel
+++ b/src/packages/fff/fff-babeld/files/lib/functions/fff/babel
@ -1,9 +1,3 @@
 implementation=$(uci -q get babelimpl.impl.impl)
 [ -z "$implementation" ] && implementation=bird2
 . /lib/functions/fff/babeldaemon/$implementation
 babel_add_iifrules() {
 	[ "$#" -ne "1" ] && return 1
@ -44,18 +38,10 @@ babel_add_peeraddr() {
 		uci add_list "$option"="$peer_ip"
 	elif router_ip=$(uci -q get gateway.meta.router_ip); then
 		# use router_ip if no peer_ip is set
-		ip=$router_ip
+		uci add_list "$option"="$router_ip"
 		# use only first ip
 		ip=${ip%% *}
 		# remove CIDR mask
 		ip=${ip%%/*}
 		uci add_list "$option"="$ip"
 	elif ipaddr=$(uci -q get gateway.@client[0].ipaddr); then
 		# use client interface address (without subnet) if no router_ip is set
-		uci add_list "$option"=${ipaddr%%/*}
+		uci add_list "$option"=$(echo $ipaddr | cut -d / -f1)
 	else
 		echo "WARNING: No peer_ip, router_ip or client interface ipaddr set! IPv4 routing is not possible."
 		return 1
@ -78,39 +64,61 @@ babel_add_peer6addr() {
 	return 0
 }
-babel_reload() {
+babel_add_interface() {
-	# switch implementation temporarily
+	[ "$#" -ne "4" ] && return 1
 	case $implementation in
 		bird2)
 			/etc/init.d/babeld stop 2>/dev/null
 			/etc/init.d/fff-bird start
 			;;
 		babeld)
 			/etc/init.d/fff-bird stop 2>/dev/null
 			/etc/init.d/babeld start
 			;;
 	esac
-	# call implementation-specific reload commands
+	local name="$1"
-	babel_reload_implementation
+	local interface="$2"
 	local type="$3"
 	local rxcost="$4"
 	uci set babeld.$name=interface
 	uci set babeld.$name.ifname="$interface"
 	uci set babeld.$name.type="$type"
 	uci set babeld.$name.rxcost="$rxcost"
 	return 0
 }
-babel_apply() {
+babel_delete_interface() {
-	# switch implementation persistently
+	[ "$#" -ne "1" ] && return 1
 	case $implementation in
 		bird2)
 			/etc/init.d/babeld disable
 			/etc/init.d/fff-bird enable
 			;;
 		babeld)
 			/etc/init.d/fff-bird disable
 			/etc/init.d/babeld enable
 			;;
 	esac
-	babel_apply_implementation
+	local name="$1"
 	uci -q del babeld.$name
 	return 0
 }
 babel_add_redistribute_filter() {
 	[ "$#" -ne "1" ] && return 1
 	local prefix="$1"
 	config=$(uci add babeld filter)
 	uci set babeld.$config.type='redistribute'
 	uci set babeld.$config.ip="$prefix"
 	uci set babeld.$config.addedbyautoconfig='true'
 	return 0
 }
 babel_remove_custom_redistribute_filters() {
 	[ "$#" -ne "0" ] && return 1
 	remove_filters() {
 		local name="$1"
 		# check if filter was added by configuregateway
 		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
 			return
 		fi
 		uci -q del babeld.$name
 	}
 	config_load babeld
 	config_foreach remove_filters filter
 	return 0
 }
--- a/src/packages/fff/fff-babeld/files/lib/functions/fff/babeldaemon/babeld
+++ b/src/packages/fff/fff-babeld/files/lib/functions/fff/babeldaemon/babeld
@ -1,103 +0,0 @@
 # SPDX-License-Identifier: GPL-3.0-only
 babel_get_version() {
 	/usr/sbin/babeld -V 2>&1
 }
 babel_add_interface() {
 	[ "$#" -ne "4" ] && return 1
 	local name="$1"
 	local interface="$2"
 	local type="$3"
 	local rxcost="$4"
 	uci set babeld.$name=interface
 	uci set babeld.$name.ifname="$interface"
 	uci set babeld.$name.type="$type"
 	uci set babeld.$name.rxcost="$rxcost"
 	return 0
 }
 babel_delete_interface() {
 	[ "$#" -ne "1" ] && return 1
 	local name="$1"
 	uci -q del babeld.$name
 	return 0
 }
 babel_add_redistribute_filter() {
 	[ "$#" -ne "1" ] && return 1
 	local prefix="$1"
 	config=$(uci add babeld filter)
 	uci set babeld.$config.type='redistribute'
 	uci set babeld.$config.ip="$prefix"
 	uci set babeld.$config.addedbyautoconfig='true'
 	return 0
 }
 babel_add_private_prefix_filter() {
 	[ "$#" -ne "1" ] && return 1
 	local prefix="$1"
 	config=$(uci add babeld filter)
 	uci set babeld.$config.type='redistribute'
 	uci set babeld.$config.ip="$prefix"
 	uci set babeld.$config.addedbyautoconfig='true'
 	uci set babeld.$config.action='deny'
 	# move to top, so filter rule has precedence over all other rules
 	uci reorder babeld.$config=0
 	config=$(uci add babeld filter)
 	uci set babeld.$config.type='redistribute'
 	uci set babeld.$config.ip="$prefix"
 	uci set babeld.$config.addedbyautoconfig='true'
 	uci set babeld.$config.local='true'
 	uci set babeld.$config.action='deny'
 	# move to top, so filter rule has precedence over all other rules
 	uci reorder babeld.$config=0
 	return 0
 }
 babel_remove_custom_redistribute_filters() {
 	[ "$#" -ne "0" ] && return 1
 	remove_filters() {
 		local name="$1"
 		# check if filter was added by configuregateway
 		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
 			return
 		fi
 		uci -q del babeld.$name
 	}
 	config_load babeld
 	config_foreach remove_filters filter
 	return 0
 }
 babel_apply_implementation() {
 	uci commit babeld
 }
 babel_reload_implementation() {
 	return 0
 }
 babel_revert() {
 	uci revert babeld
 }
--- a/src/packages/fff/fff-base/Makefile
+++ b/src/packages/fff/fff-base/Makefile
@ -1,34 +0,0 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-base
 PKG_RELEASE:=$(COMMITCOUNT)
 include $(INCLUDE_DIR)/package.mk
 define Package/fff-base
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken base dependencies
 	URL:=https://www.freifunk-franken.de
 	DEFAULT:=y
 	DEPENDS:= \
 		+iptables \
 		+ip6tables \
 		+micrond \
 		+odhcp6c \
 		+fff-config \
 		+fff-network \
 		+fff-nodewatcher \
 		+fff-simple-tc \
 		+fff-support \
 		+fff-sysupgrade \
 		+fff-timeserver \
 		+fff-web-ui \
 		+fff-wireless
 endef
 define Package/fff-variant/description
 	This package includes base packages used in the Freifunk-Franken firmware
 endef
 $(eval $(call BuildPackage,fff-base))
--- a/src/packages/fff/fff-batman-adv/Makefile
+++ b/src/packages/fff/fff-batman-adv/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-batman-adv
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=4
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-boardname/Makefile
+++ b/src/packages/fff/fff-boardname/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-boardname
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=8
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-boardname/files/etc/uci-defaults/15-fff-boardname
+++ b/src/packages/fff/fff-boardname/files/etc/uci-defaults/15-fff-boardname
@ -1,9 +1,5 @@
 BOARD=$(cat /var/sysinfo/board_name)
 if uname -a | grep x86_64 > /dev/null; then
 	BOARD="x86_64"
 fi
 uci set board.model.name=$BOARD
 uci commit board
--- a/src/packages/fff/fff-config/Makefile
+++ b/src/packages/fff/fff-config/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-config
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=2
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-config/files/etc/sysctl.d/20-oom-panic.conf
+++ b/src/packages/fff/fff-config/files/etc/sysctl.d/20-oom-panic.conf
@ -1 +0,0 @@
 vm.panic_on_oom=1
--- a/src/packages/fff/fff-dhcp/Makefile
+++ b/src/packages/fff/fff-dhcp/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-dhcp
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=6
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-dhcp/files/etc/uci-defaults/90-fff-dhcp
+++ b/src/packages/fff/fff-dhcp/files/etc/uci-defaults/90-fff-dhcp
@ -1,10 +1,3 @@
 # Use a larger cachesize by default
 cachesize=1024
 # Increase cachesize for systems with enough memory
 mem="$(awk '/^MemTotal:/ {print $2}' /proc/meminfo)"
 [ "$mem" -gt 65536 ] && cachesize=8192
 uci batch >/dev/null <<EOF
  delete dhcp.@dnsmasq[0]
  delete dhcp.lan
@ -19,19 +12,12 @@ uci batch >/dev/null <<EOF
  set dhcp.@dnsmasq[-1].domain='fff.community'
  set dhcp.@dnsmasq[-1].expandhosts='0'
  set dhcp.@dnsmasq[-1].nonegcache='0'
  set dhcp.@dnsmasq[-1].cachesize="$cachesize"
  set dhcp.@dnsmasq[-1].authoritative='1'
  set dhcp.@dnsmasq[-1].readethers='1'
  set dhcp.@dnsmasq[-1].leasefile='/tmp/dhcp.leases'
  set dhcp.@dnsmasq[-1].noresolv='1'
  set dhcp.@dnsmasq[-1].localservice='1'
  # do not generate A or AAAA records for the routers hostname,
  # because this might interfere with upstream records.
  #
  # e.g. hostname: 'router.fff.community'
  set dhcp.@dnsmasq[-1].add_local_fqdn='0'
  set dhcp.client=dhcp
  set dhcp.client.interface='client'
  set dhcp.client.leasetime='1h'
--- a/src/packages/fff/fff-fastd/Makefile
+++ b/src/packages/fff/fff-fastd/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-fastd
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=3
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
+++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
@ -29,7 +29,6 @@ ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
 echo "#!/bin/sh" > /etc/fastd/fff/up.sh
 echo "ip link set up dev fffVPN" >> /etc/fastd/fff/up.sh
 echo "batctl if add fffVPN" >> /etc/fastd/fff/up.sh
 echo "batctl hardif fffVPN hop_penalty 30" >> /etc/fastd/fff/up.sh
 chmod +x /etc/fastd/fff/up.sh
 exit 0
--- a/src/packages/fff/fff-fastd/files/usr/lib/vpn-select.d/fastd
+++ b/src/packages/fff/fff-fastd/files/usr/lib/vpn-select.d/fastd
@ -1,29 +0,0 @@
 protocol=fastd
 fastd_clear() {
 	rm /tmp/fastd_fff_peers/* 2>/dev/null
 }
 fastd_addpeer() {
 	[ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers
 	# write fastd-config
 	json_get_var servername name
 	filename="/etc/fastd/fff/peers/$servername"
 	echo "#name \"${servername}\";" > "$filename"
 	json_get_var key key
 	echo "key \"${key}\";" >> "$filename"
 	json_get_var address address
 	json_get_var port port
 	echo "remote \"${address}\" port ${port};" >> "$filename"
 	echo "" >> "$filename"
 	echo "float yes;" >> "$filename"
 }
 fastd_start_stop() {
 	if ls /etc/fastd/fff/peers/* &>/dev/null; then
 		/etc/init.d/fastd reload
 	else
 		/etc/init.d/fastd stop
 	fi
 }
--- a/src/packages/fff/fff-firewall/Makefile
+++ b/src/packages/fff/fff-firewall/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-firewall
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=8
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-clamp-mss
+++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-clamp-mss
@ -0,0 +1,2 @@
 #solves MTU problem with bad ISPs
 iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
+++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
@ -0,0 +1,5 @@
 # Limit ssh to 6 new connections per 60 seconds
 /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
 /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
 /usr/sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
 /usr/sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
--- a/src/packages/fff/fff-hoods/Makefile
+++ b/src/packages/fff/fff-hoods/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-hoods
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=19
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-hoodutils/Makefile
+++ b/src/packages/fff/fff-hoodutils/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-hoodutils
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=2
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-layer3-config/Makefile
+++ b/src/packages/fff/fff-layer3-config/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-layer3-config
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=9
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/01-version
+++ b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/01-version
@ -1,6 +1,6 @@
 configure() {
 	# check if gateway config exists
-	if ! uci show gateway > /dev/null; then
+	if ! uci -q show gateway > /dev/null; then
 		echo "ERROR: Gateway config could not be parsed or does not exist."
 		return 1
--- a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-client
+++ b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-client
@ -20,7 +20,7 @@ configure() {
 	# ip6addr
 	#remove old ip6addr
-	for ip in $(uci -q get network.client.ip6addr); do
+	for ip in $(uci get network.client.ip6addr); do
 		if echo "$ip" | grep -v -e "fdff:" -e "fe80::1/64" > /dev/null; then
 			uci del_list network.client.ip6addr="$ip"
 		fi
@ -50,10 +50,11 @@ configure() {
 	# set interface
 	#remove all eth interfaces
 	ifaces=$(uci get network.client.ifname | sed 's/\beth[^ ]* *//g' | sed 's/\bswitch[^ ]* *//g')
 	if vlan=$(uci -q get gateway.@client[0].vlan); then
-		uci set network.client.ifname="${SWITCHDEV}.$vlan"
+		uci set network.client.ifname="${SWITCHDEV}.$vlan $ifaces"
 	elif iface=$(uci -q get gateway.@client[0].iface); then
-		uci set network.client.ifname="$iface"
+		uci set network.client.ifname="$iface $ifaces"
 	else
 		echo "WARNING: No Interface for client specified"
 	fi
--- a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip
+++ b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip
@ -32,16 +32,6 @@ configure() {
 	for ip in $router_ip; do
 		uci -q add_list network.loopback.ipaddr="$ip"
 		# CIDR notation required
 		case $ip in
 			*/*)
 				# do nothing; ip is already in CIDR notation
 				;;
 			*)
 				ip="$ip/32"
 				;;
 		esac
 		config=$(uci add network rule)
 		uci -q set network.$config.src="$ip"
 		uci -q set network.$config.lookup='fff'
@ -55,16 +45,6 @@ configure() {
 	for ip in $router_ip6; do
 		uci -q add_list network.loopback.ip6addr="$ip"
 		# CIDR notation required
 		case $ip in
 			*/*)
 				# do nothing; ip is already in CIDR notation
 				;;
 			*)
 				ip="$ip/128"
 				;;
 		esac
 		config=$(uci add network rule6)
 		uci -q set network.$config.src="$ip"
 		uci -q set network.$config.lookup='fff'
--- a/src/packages/fff/fff-layer3-config/files/usr/sbin/configure-layer3
+++ b/src/packages/fff/fff-layer3-config/files/usr/sbin/configure-layer3
@ -7,7 +7,6 @@
 execute_subshell() {
 	if [ $# -ne 1 ]; then
 		echo "Usage:" "$0" "<function>"
 		return 1
 	fi
 	for script in /etc/layer3.d/*; do
@ -24,7 +23,7 @@ execute_subshell() {
 		if [ $? -ne 0 ]; then
 			echo
 			echo "Error when executing" "$1" "from" "$(basename "$script")"
-			return 1
+			exit 1
 		fi
 	done
 }
@ -33,33 +32,29 @@ configure() {
 	echo "This script might remove existing vlans, interfaces, addresses, etc."
 	read -r -p "Do you really want to continue? (y/n) " response
 	if ! ( [ "$response" == "y" ] || [ "$response" == "Y" ] ); then
-		return 1
+		exit 1
 	fi
 	echo
-	execute_subshell configure || return $?
+	execute_subshell configure
-	return 0
+	exit 0
 }
 reload_services() {
 	execute_subshell reload
 	reload_config
 	return 0
 }
 apply_changes() {
 	execute_subshell apply
 	reload_services
-
+	exit 0
 	return 0
 }
 revert_changes() {
 	execute_subshell revert
-
+	exit 0
 	return 0
 }
 keep_changes() {
--- a/src/packages/fff/fff-layer3-snat/Makefile
+++ b/src/packages/fff/fff-layer3-snat/Makefile
@ -1,31 +0,0 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-layer3-snat
 PKG_RELEASE:=$(COMMITCOUNT)
 include $(INCLUDE_DIR)/package.mk
 define Package/fff-layer3-snat
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken layer3 configuration with SNAT
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:= \
 		+fff-firewall \
 		+fff-layer3-config \
 		+kmod-ipt-nat
 endef
 define Package/fff-layer3-snat/description
 	With this package it is possible to make SNAT with IPv4 on the router
 endef
 define Build/Compile
 	# nothing
 endef
 define Package/fff-layer3-snat/install
 	$(CP) ./files/* $(1)/
 endef
 $(eval $(call BuildPackage,fff-layer3-snat))
--- a/src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf
+++ b/src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf
@ -1,34 +0,0 @@
 configure() {
 	# first we delete the snat config
 	uci -q del network.client.fff_snat
 	uci -q del network.client.fff_snat_sourceip
 	if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then
 		# first check the config is plausible
 		if ! routerip=$(uci -q get gateway.meta.router_ip); then
 			echo "ERROR: No router_ip set, which is required for SNAT!"
 			return 1
 		fi
 		if ! uci -q get gateway.@client[0].ipaddr >/dev/null; then
 			echo "ERROR: No ipaddr set, which is required for SNAT!"
 			return 1
 		fi
 		# keep only the first IP
 		routerip=${routerip%% *}
 		# keep only the IP without the CIDR
 		routerip=${routerip%%/*}
 		# We set the snat config
 		uci set network.client.fff_snat=1
 		uci set network.client.fff_snat_sourceip=$routerip
 	fi
 }
 apply() {
 	uci commit network
 }
 revert() {
 	uci revert network
 }
--- a/src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat
+++ b/src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat
@ -1,4 +0,0 @@
 if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then
 	iptables -t mangle -A PREROUTING -i br-client -j MARK --set-mark 0x736e6174
 	iptables -t nat -A POSTROUTING -m mark --mark 0x736e6174 -j SNAT --to-source $(uci -q get network.client.fff_snat_sourceip)
 fi
--- a/src/packages/fff/fff-layer3/Makefile
+++ b/src/packages/fff/fff-layer3/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-layer3
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=8
 include $(INCLUDE_DIR)/package.mk
@ -11,13 +11,10 @@ define Package/fff-layer3
 	TITLE:=Freifunk-Franken gateway configuration
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-alfred-monitoring-proxy \
 	         +fff-babel \
 	         +fff-babeld \
 	         +fff-babel-bird2 \
 	         +fff-boardname \
 	         +fff-dhcp \
 	         +fff-layer3-config \
 	         +fff-layer3-snat \
 	         +fff-mqtt-monitoring \
 	         +fff-network \
 	         +fff-ra \
@ -39,7 +36,6 @@ define Package/fff-layer3
 	         +iptables-mod-ipopt \
 	         +iptables-mod-conntrack-extra \
 	         +mtr \
 	         +snmp-utils \
 	         +tc \
 	         +tcpdump \
 	         +vxlan
--- a/src/packages/fff/fff-layer3/files/usr/lib/nodewatcher.d/90-latency.sh
+++ b/src/packages/fff/fff-layer3/files/usr/lib/nodewatcher.d/90-latency.sh
@ -1,19 +0,0 @@
 #!/bin/sh
 ipv4dest=$(uci -q get fff.latency.ipv4)
 ipv6dest=$(uci -q get fff.latency.ipv6)
 if [ -n "$ipv4dest" ] || [ -n "$ipv6dest" ] ; then
        printf "<latency>"
        if [ -n "$ipv4dest" ] ; then
                ipv4latency=$(ping -qc3 -4 $ipv4dest 2>&1 | awk -F'/' 'END{ print (/^round-trip/? $4:"0") }')
                printf "<ipv4latency>$ipv4latency</ipv4latency><ipv4dest>$ipv4dest</ipv4dest>"
        fi
        if [ -n "$ipv6dest" ] ; then
                ipv6latency=$(ping -qc3 -6 $ipv6dest 2>&1 | awk -F'/' 'END{ print (/^round-trip/? $4:"0") }')
                printf "<ipv6latency>$ipv6latency</ipv6latency><ipv6dest>$ipv6dest</ipv6dest>"
        fi
        printf "</latency>"
 fi
 exit 0
--- a/src/packages/fff/fff-mqtt-monitoring/Makefile
+++ b/src/packages/fff/fff-mqtt-monitoring/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-mqtt-monitoring
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=1
 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-mqtt-monitoring
--- a/src/packages/fff/fff-mqtt/Makefile
+++ b/src/packages/fff/fff-mqtt/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-mqtt
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=1
 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-mqtt
@ -14,8 +14,9 @@ define Package/fff-mqtt
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:= \
 		+fff-config \
-		+libmosquitto-nossl \
+		+libmosquitto-ssl \
-		+mosquitto-client-nossl
+		+mosquitto-client-ssl \
 		+mosquitto-ssl
 endef
 define Package/fff-mqtt/description
--- a/src/packages/fff/fff-network/Makefile
+++ b/src/packages/fff/fff-network/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-network
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=50
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-network/files/etc/config/network
+++ b/src/packages/fff/fff-network/files/etc/config/network
@ -0,0 +1,30 @@
 config globals 'globals'
        option packet_steering '1'
 config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
 config interface 'client'
        option type 'bridge'
        option auto '1'
 config interface 'wan'
        option proto 'none'
        option ifname 'eth2'
 config interface 'wan4'
        option proto 'dhcp'
        option ifname '@wan'
 config interface 'wan6'
        option proto 'dhcpv6'
        option reqprefix 'no'
        option sourcefilter '0'
        option ifname '@wan'
 config interface 'ethmesh'
        option proto 'batadv_hardif'
        option master 'bat0'
--- a/src/packages/fff/fff-network/files/etc/uci-defaults/20-migrate-gl-ar150
+++ b/src/packages/fff/fff-network/files/etc/uci-defaults/20-migrate-gl-ar150
@ -1,12 +0,0 @@
 # The GL-AR150 was converted from ONEPORT to TWOPORT.
 # Copy ETHMODE to LAN1MODE ("LAN"-Port) and set LAN0MODE ("WAN"-Port) to WAN to retain the configured behaviour for upgraded devices.
 if [ -s /etc/network.config ] ; then
 	. /etc/network.config
 	# Ensure ETHMODE contains a sensible value. Use default behaviour (CLIENT) otherwise.
 	[ "$ETHMODE" != "BATMAN" ] && [ "$ETHMODE" != "CLIENT" ] && [ "$ETHMODE" != "WAN" ] && ETHMODE="CLIENT"
 	echo "LAN0MODE='WAN' # use BATMAN, CLIENT or WAN" > /etc/network.config
 	echo "LAN1MODE='$ETHMODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config
 	echo "FORCEPARSE='2' # Parse at: 0=first boot only, 1=every reboot, 2=next reboot (once)" >> /etc/network.config
 fi
--- a/src/packages/fff/fff-network/files/etc/uci-defaults/22-network-base
+++ b/src/packages/fff/fff-network/files/etc/uci-defaults/22-network-base
@ -1,141 +0,0 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-3.0-or-later
 . /lib/functions/system.sh
 . /lib/functions/fff/network
 BOARD="$(uci get board.model.name)"
 . /etc/network.$BOARD
 [ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
 # Clear possibly existing network configuration
 > /etc/config/network
 # Add basic network configuration
 uci batch <<-__EOF__
 	set network.loopback='interface'
 	set network.loopback.ifname='lo'
 	set network.loopback.proto='static'
 	set network.loopback.ipaddr='127.0.0.1'
 	set network.loopback.netmask='255.0.0.0'
 	set network.client='interface'
 	set network.client.type='bridge'
 	set network.client.auto='1'
 	set network.wan='interface'
 	set network.wan.proto='none'
 	set network.wan.ifname="$WANDEV"
 	set network.wan4='interface'
 	set network.wan4.proto='dhcp'
 	set network.wan4.ifname='@wan'
 	set network.wan6='interface'
 	set network.wan6.proto='dhcpv6'
 	set network.wan6.reqprefix='no'
 	set network.wan6.sourcefilter='0'
 	set network.wan6.ifname='@wan'
 	set network.ethmesh='interface'
 	set network.ethmesh.proto='batadv_hardif'
 	set network.ethmesh.master='bat0'
 __EOF__
 SWITCHHW=$(swconfig list | awk '{ print $4 }')
 if [ "$DSA" = "1" ]; then
 	uci batch <<-__EOF__
 		set network.$SWITCHDEV=device
 		set network.$SWITCHDEV.name=$SWITCHDEV
 		set network.$SWITCHDEV.type=bridge
 		# temporary workaround for netifd bug present in OpenWrt 21.02.0 (FS#4104)
 		set network.$SWITCHDEV.bridge_empty='1'
 		set network.${SWITCHDEV}_1=bridge-vlan
 		set network.${SWITCHDEV}_1.device=$SWITCHDEV
 		set network.${SWITCHDEV}_1.vlan=1
 		set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
 		set network.${SWITCHDEV}_3=bridge-vlan
 		set network.${SWITCHDEV}_3.device=$SWITCHDEV
 		set network.${SWITCHDEV}_3.vlan=3
 		set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
 	__EOF__
 	if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
 		uci batch <<-__EOF__
 			set network.${SWITCHDEV}_2=bridge-vlan
 			set network.${SWITCHDEV}_2.device=$SWITCHDEV
 			set network.${SWITCHDEV}_2.vlan=2
 			set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
 		__EOF__
 	fi
 elif [ -n "$SWITCHHW" ] && [ -z "$ONE_PORT" ] && [ -z "$TWO_PORT" ]; then
 	uci batch <<-__EOF__
 		set network.$SWITCHDEV=switch
 		set network.$SWITCHDEV.name=$SWITCHHW
 		set network.$SWITCHDEV.enable=1
 		set network.$SWITCHDEV.reset=1
 		set network.$SWITCHDEV.enable_vlan=1
 		set network.${SWITCHDEV}_1=switch_vlan
 		set network.${SWITCHDEV}_1.device=$SWITCHHW
 		set network.${SWITCHDEV}_1.vlan=1
 		set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
 		set network.${SWITCHDEV}_3=switch_vlan
 		set network.${SWITCHDEV}_3.device=$SWITCHHW
 		set network.${SWITCHDEV}_3.vlan=3
 		set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
 	__EOF__
 	if [ "$WANDEV" = "$SWITCHDEV" ] || [ -n "$WAN_PORTS" ]; then
 		uci batch <<-__EOF__
 			set network.${SWITCHDEV}_2=switch_vlan
 			set network.${SWITCHDEV}_2.device=$SWITCHHW
 			set network.${SWITCHDEV}_2.vlan=2
 			set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
 		__EOF__
 	fi
 fi
 if [ -n "$SWITCHHW" ] || [ "$DSA" = "1" ]; then
 	uci set network.client.ifname="$SWITCHDEV.1 bat0"
 	uci set network.ethmesh.ifname="$SWITCHDEV.3"
 	if [ "$WANDEV" = "$SWITCHDEV" ]; then
 		uci set network.wan.ifname=$WANDEV.2
 	fi
 fi
 if [ -n "$ETHMESHMAC" ]; then
 	uci set network.ethmesh.macaddr=$ETHMESHMAC
 fi
 if [ -n "$ROUTERMAC" ]; then
 	uci set network.client.macaddr=$ROUTERMAC
 fi
 prefix="fdff::/64"
 # Set $prefix::1 as IP
 addr1=$(owipcalc "$prefix" add ::1)
 # Set $prefix::MAC as IP
 addr2=$(owipcalc "$prefix" add "::$(ipMacSuffix "$ROUTERMAC")")
 # Set $prefix::EUI64 as IP
 addr3=$(owipcalc "$prefix" add "::$(ipEUISuffix "$ROUTERMAC")")
 uci batch <<-__EOF__
 	del network.globals
 	set network.globals=globals
 	set network.globals.ula_prefix=$prefix
 	add_list network.client.ip6addr=$addr1
 	add_list network.client.ip6addr=$addr2
 	add_list network.client.ip6addr=$addr3
 	set network.client.proto=static
 __EOF__
 uci -q commit network
--- a/src/packages/fff/fff-network/files/etc/uci-defaults/50-packet-steering
+++ b/src/packages/fff/fff-network/files/etc/uci-defaults/50-packet-steering
@ -1,10 +0,0 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-3.0-or-later
 # Enable RPS
 uci batch <<-__EOF__
 	set network.globals=globals
 	set network.globals.packet_steering='1'
 __EOF__
 uci -q commit network
--- a/src/packages/fff/fff-network/files/lib/functions/fff/cpuport
+++ b/src/packages/fff/fff-network/files/lib/functions/fff/cpuport
@ -24,7 +24,6 @@ get_cpu_port() {
 		ubnt,nanostation-loco-m-xw|\
 		ubnt,unifi|\
 		ubnt,unifiac-mesh|\
 		x86_64|\
 		xiaomi,mi-router-4a-gigabit)
 			CPUPORT=""
 			;;
--- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
+++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
@ -6,12 +6,13 @@
 BOARD="$(uci get board.model.name)"
 . /etc/network.$BOARD
 [ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
 if [ -s /etc/network.config ] ; then
    . /etc/network.config
 else
    # Write network.config
-    if [ "$ONE_PORT" = "YES" ] ; then
+    if [ "$ONE_PORT" = "YES" ] || [ -n "$ETHPORT" ] ; then
        echo "ETHMODE='$ETHMODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config
    fi
    if [ -n "$TWO_PORT" ] ; then
@ -104,6 +105,109 @@ elif [ "$TWO_PORT" = "YES" ]; then
        uci commit network
    fi
 else
    if ! uci -q get network.$SWITCHDEV > /dev/null ; then
        if [ "$DSA" = "1" ]; then
            uci set network.$SWITCHDEV=device
            uci set network.$SWITCHDEV.name=$SWITCHDEV
            uci set network.$SWITCHDEV.type=bridge
            # temporary workaround for netifd bug present in OpenWrt 21.02.0 (FS#4104)
            uci set network.$SWITCHDEV.bridge_empty='1'
            uci set network.${SWITCHDEV}_1=bridge-vlan
            uci set network.${SWITCHDEV}_1.device=$SWITCHDEV
            uci set network.${SWITCHDEV}_1.vlan=1
            uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
            if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
                uci set network.${SWITCHDEV}_2=bridge-vlan
                uci set network.${SWITCHDEV}_2.device=$SWITCHDEV
                uci set network.${SWITCHDEV}_2.vlan=2
                uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
            fi
            uci set network.${SWITCHDEV}_3=bridge-vlan
            uci set network.${SWITCHDEV}_3.device=$SWITCHDEV
            uci set network.${SWITCHDEV}_3.vlan=3
            uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
        else
            SWITCHHW=$(swconfig list | awk '{ print $4 }')
            uci set network.$SWITCHDEV=switch
            uci set network.$SWITCHDEV.name=$SWITCHHW
            uci set network.$SWITCHDEV.enable=1
            uci set network.$SWITCHDEV.reset=1
            uci set network.$SWITCHDEV.enable_vlan=1
            uci set network.${SWITCHDEV}_1=switch_vlan
            uci set network.${SWITCHDEV}_1.device=$SWITCHHW
            uci set network.${SWITCHDEV}_1.vlan=1
            uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
            if [ "$WANDEV" = "$SWITCHDEV" ] || [ -n "$WAN_PORTS" ]; then
                uci set network.${SWITCHDEV}_2=switch_vlan
                uci set network.${SWITCHDEV}_2.device=$SWITCHHW
                uci set network.${SWITCHDEV}_2.vlan=2
                uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
            fi
            uci set network.${SWITCHDEV}_3=switch_vlan
            uci set network.${SWITCHDEV}_3.device=$SWITCHHW
            uci set network.${SWITCHDEV}_3.vlan=3
            uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
        fi
        uci set network.client.ifname="$SWITCHDEV.1 bat0"
        uci set network.ethmesh.ifname="$SWITCHDEV.3"
        if [ "$WANDEV" = "$SWITCHDEV" ]; then
            uci set network.wan.ifname=$WANDEV.2
        else
            uci set network.wan.ifname=$WANDEV
        fi
        uci commit network
    fi
 fi
 /etc/init.d/network restart
 if [ -n "$ETHMESHMAC" ]; then
    if uci get network.ethmesh.macaddr
    then
        echo "MAC for ethmesh is set already"
    else
        echo "Fixing MAC on $SWITCHDEV.3 (ethmesh)"
        sleep 10
        uci set network.ethmesh.macaddr=$ETHMESHMAC
        uci commit network
        ifconfig $SWITCHDEV.3 down
        ifconfig $SWITCHDEV.3 hw ether $ETHMESHMAC
        ifconfig $SWITCHDEV.3 up
        /etc/init.d/network restart
    fi
 fi
 if [ -n "$ROUTERMAC" ]; then
    if uci get network.client.macaddr
    then
        echo "MAC for client is set already"
    else
        echo "Fixing MAC on br-client"
        sleep 10
        uci set network.client.macaddr=$ROUTERMAC
        uci commit network
        ifconfig br-client down
        ifconfig br-client hw ether $ROUTERMAC
        ifconfig br-client up
        /etc/init.d/network restart
    fi
 fi
 if [ -n "$ETH0MAC" ]; then
@ -112,6 +216,44 @@ if [ -n "$ETH0MAC" ]; then
        NEW_MACADDR=$(cat "/sys/class/net/${ETH0MAC}/address")
        uci set network.$ETH0DEV.macaddr=$NEW_MACADDR
        uci commit network
        ifconfig $ETH0DEV down
        ifconfig $ETH0DEV hw ether $NEW_MACADDR
        ifconfig $ETH0DEV up
        /etc/init.d/network restart
 fi
-reload_config
+if uci -q get "network.client.ip6addr" > /dev/null
 then
    echo "IPv6 for client is set already"
 else
    echo "Setting IPv6 addresses"
    # Some time needed :(
    sleep 5
    for ip in $(ip -6 addr show br-client | awk '/fdff/{ print $2 }'); do
        ip -6 addr del $ip dev br-client
    done
    prefix="fdff::/64"
    # Set $prefix::MAC as IP
    addr=$(owipcalc "$prefix" add "::$(ipMacSuffix "$ROUTERMAC")")
    ip -6 addr add $addr dev br-client
    uci -q set network.globals.ula_prefix=$prefix
    uci -q add_list network.client.ip6addr=$addr
    uci -q set network.client.proto=static
    # Set $prefix::1 as IP
    addr=$(owipcalc "$prefix" add ::1)
    ip -6 addr add $addr dev br-client
    uci -q add_list network.client.ip6addr=$addr
    # Set $prefix::link-local as IP
    addr=$(owipcalc "$prefix" add "::$(ipEUISuffix "$ROUTERMAC")")
    ip -6 addr add $addr dev br-client
    uci -q add_list network.client.ip6addr=$addr
    uci -q commit network
    [ -s /etc/init.d/fff-uradvd ] && /etc/init.d/fff-uradvd restart
 fi
--- a/src/packages/fff/fff-network/mips/network.glinet,gl-ar150
+++ b/src/packages/fff/fff-network/mips/network.glinet,gl-ar150
@ -2,8 +2,12 @@
 WANDEV=eth1
 SWITCHDEV=eth0
-TWO_PORT=YES
+WAN_PORTS=
 BATMAN_PORTS="0t"
 CLIENT_PORTS="0t"
 ETHMESHMAC="$(macFlipLocalBit $(cat /sys/class/net/eth0/address))"
 . /etc/network.mode
 ETHPORT=1
--- a/src/packages/fff/fff-network/x86_64/network.mode
+++ b/src/packages/fff/fff-network/x86_64/network.mode
@ -1 +0,0 @@
 ETHMODE="CLIENT"
--- a/src/packages/fff/fff-network/x86_64/network.x86_64
+++ b/src/packages/fff/fff-network/x86_64/network.x86_64
@ -1,7 +0,0 @@
 WANDEV=eth0
 SWITCHDEV=eth0
 ONE_PORT="YES"
 . /etc/network.mode
 ROUTERMAC=$(cat /sys/class/net/eth0/address)
--- a/src/packages/fff/fff-node/Makefile
+++ b/src/packages/fff/fff-node/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-node
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=3
 include $(INCLUDE_DIR)/package.mk
@ -12,7 +12,6 @@ define Package/fff-node
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-batman-adv \
 	         +fff-fastd \
 	         +fff-vxlan-node-vpn \
 	         +fff-firewall \
 	         +fff-hoods \
 	         +fff-uradvd
--- a/src/packages/fff/fff-nodewatcher/files/usr/lib/nodewatcher.d/10-systemdata.sh
+++ b/src/packages/fff/fff-nodewatcher/files/usr/lib/nodewatcher.d/10-systemdata.sh
@ -74,12 +74,8 @@ if [ -x /usr/bin/fastd ]; then
 	SYSTEM_DATA="$SYSTEM_DATA<fastd_version>$(/usr/bin/fastd -v | awk '{ print $2 }')</fastd_version>"
 fi
-if [ -e /lib/functions/fff/babel ]; then
+if [ -x /usr/sbin/babeld ]; then
-	. /lib/functions/fff/babel
+	SYSTEM_DATA="$SYSTEM_DATA<babel_version>$(/usr/sbin/babeld -V 2>&1)</babel_version>"
 	babel_version=$(babel_get_version)
 	if [ $? -eq 0 ]; then
 		SYSTEM_DATA="$SYSTEM_DATA<babel_version>$babel_version</babel_version>"
 	fi
 fi
 # example for /etc/openwrt_release:
@ -116,7 +112,6 @@ fi
 # Checks if fastd is running
 vpn_active=0
 pidof fastd >/dev/null && vpn_active=1
 bridge fdb show brport vxlan0 state permanent &>/dev/null && vpn_active=1
 SYSTEM_DATA="$SYSTEM_DATA<vpn_active>$vpn_active</vpn_active>"
 echo -n "<system_data>$SYSTEM_DATA</system_data>"
--- a/src/packages/fff/fff-ra/Makefile
+++ b/src/packages/fff/fff-ra/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-ra
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=3
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-ra/files/etc/uci-defaults/90-fff-ra
+++ b/src/packages/fff/fff-ra/files/etc/uci-defaults/90-fff-ra
@ -4,13 +4,6 @@ uci batch <<EOF
 	set dhcp.client.ra='server'
 	set dhcp.client.ra_default='2'
 	set dhcp.client.ra_management='0'
 	set dhcp.client.ra_useleasetime='1'
 	# Work around unexpected behavior of odhcpd (see #238).
 	#
 	# This value has to be less then or equal to
 	# dhcp.client.leasetime (set in fff-dhcp).
 	set dhcp.client.preferred_lifetime='1h'
 EOF
 exit 0
--- a/src/packages/fff/fff-random/Makefile
+++ b/src/packages/fff/fff-random/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-random
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=3
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-simple-tc/Makefile
+++ b/src/packages/fff/fff-simple-tc/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-simple-tc
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=2
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-support/Makefile
+++ b/src/packages/fff/fff-support/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-support
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=9
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-support/files/usr/sbin/show_info
+++ b/src/packages/fff/fff-support/files/usr/sbin/show_info
@ -221,7 +221,7 @@ if swconfig list | grep -q switch0 ; then
 	done
 else
 	echo "-> PORT ASSIGNMENT"
-	if grep -q "ONE_PORT" "/etc/network.$board_name" ; then
+	if grep -q "ONE_PORT" "/etc/network.$board_name" || grep -q "ETHPORT" "/etc/network.$board_name" ; then
 		# Device has a port set by $ETHMODE
 		. /etc/network.mode
 		. /etc/network.config
--- a/src/packages/fff/fff-sysupgrade/Makefile
+++ b/src/packages/fff/fff-sysupgrade/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-sysupgrade
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=13
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-timeserver/Makefile
+++ b/src/packages/fff/fff-timeserver/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-timeserver
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=3
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-uradvd/Makefile
+++ b/src/packages/fff/fff-uradvd/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-uradvd
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=2
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-uradvd/files/etc/init.d/fff-uradvd
+++ b/src/packages/fff/fff-uradvd/files/etc/init.d/fff-uradvd
@ -11,16 +11,10 @@ URADVD_BIN=/usr/sbin/uradvd
 service_triggers()
 {
-        procd_add_reload_trigger "fff-uradvd" "network"
+        procd_add_reload_trigger "fff-uradvd"
 }
 start_service() {
        procd_open_instance
        procd_set_param command "$URADVD_BIN" -i br-client -p $(uci get network.globals.ula_prefix)
 }
 reload_service()
 {
        stop
        start
 }
--- a/src/packages/fff/fff-vpn-select/Makefile
+++ b/src/packages/fff/fff-vpn-select/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-vpn-select
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=5
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@ -1,47 +1,65 @@
 #!/bin/sh
 # Usage: vpn-select <path-to-hood-file>
 # To add a new protocol, put a file with three functions to /usr/lib/vpn-select.d/ .
 # The file must start with protocol=name. It is most important to use the same name here and in hoodfile.
 # The old config can be cleared in function ${protocol}_clear(). It is called first once per installed protocol.
 # The function ${protocol}_addpeer() is called for every selected peer in hoodfile.
 # The function ${protocol}_start_stop() is called at the end once per installed protocol.
 . /usr/share/libubox/jshn.sh
 hoodfile="$1"
-# source functions
+make_config() {
-for file in /usr/lib/vpn-select.d/*; do
+	# remove old config
-	[ -f $file ] && . "$file"
+	rm /tmp/fastd_fff_peers/*
 	supported_protocols="$supported_protocols $protocol"
 done
-# clear old config
+	# prepare
-for protocol in $supported_protocols; do
+	Index=1
-	"${protocol}_clear"
+	json_load "$(cat "$hoodfile")"
-done
+	json_select vpn
-# configure vpn
+	# get fastd peers
 	while json_select "$Index" > /dev/null
 	do
 		json_get_var protocol protocol
 		if [ "$protocol" = "fastd" ]; then
 			# set up fastd
 			json_get_var servername name
 			filename="/etc/fastd/fff/peers/$servername"
 			echo "#name \"${servername}\";" > "$filename"
 			json_get_var key key
 			echo "key \"${key}\";" >> "$filename"
 			json_get_var address address
 			json_get_var port port
 			echo "remote \"${address}\" port ${port};" >> "$filename"
 			echo "" >> "$filename"
 			echo "float yes;" >> "$filename"
 		fi
 		json_select ".." # back to vpn
 		Index=$(( Index + 1 ))
 	done
 	json_select ".." # back to root
 }
-if [ "$0" != "/usr/sbin/vpn-stop" ] ; then
+# Only do something if file is there and not empty; otherwise exit 1
-	if [ -n "$hoodfile" ] && [ -s "$hoodfile" ] ; then
+if [ -s "$hoodfile" ]; then
-		json_load "$(cat "$hoodfile")"
+	if [ ! -d /tmp/fastd_fff_peers ]; then
-		json_select hood
+		# first run after reboot
-		json_get_var id id
+		mkdir /tmp/fastd_fff_peers
-		json_select ".."
+		make_config
-		json_select vpn
+		# start fastd only if there are some peers
-		json_get_keys vpn_keys
+		[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
-		for key in $vpn_keys; do
+	else
-			json_select $key
+		make_config
-			json_get_var protocol protocol
+		/etc/init.d/fastd reload
-			"${protocol}_addpeer"
+
-			json_select ".." # back to vpn
+		# fastd start/stop for various situations
-		done
+		pidfile="/tmp/run/fastd.fff.pid"
 		if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
 			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
 		else
 			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
 		fi
 	fi
 	exit 0
 else
 	echo "vpn-select: Hood file not found or empty!"
 	exit 1
 fi
 # start/restart/stop vpnservices
 for protocol in $supported_protocols; do
 	"${protocol}_start_stop"
 done
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
@ -1 +0,0 @@
 vpn-select
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
@ -0,0 +1,5 @@
 #!/bin/sh
 rm /tmp/fastd_fff_peers/*
 /etc/init.d/fastd stop
--- a/src/packages/fff/fff-vxlan-node-vpn/Makefile
+++ b/src/packages/fff/fff-vxlan-node-vpn/Makefile
@ -1,29 +0,0 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-vxlan-node-vpn
 PKG_RELEASE:=$(COMMITCOUNT)
 include $(INCLUDE_DIR)/package.mk
 define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken vxlan-node
 	URL:=http://www.freifunk-franken.de
 	DEPENDS:=+vxlan
 endef
 define Package/$(PKG_NAME)/description
 	This is the vxlan-node-vpn package for the Freifunk Franken Firmware
 	This will configure and set up the VPN via vxlan
 endef
 define Build/Compile
 	# nothing
 endef
 define Package/$(PKG_NAME)/install
 	$(CP) ./files/* $(1)/
 endef
 $(eval $(call BuildPackage,$(PKG_NAME)))
--- a/src/packages/fff/fff-vxlan-node-vpn/files/etc/uci-defaults/53-vxlan-node
+++ b/src/packages/fff/fff-vxlan-node-vpn/files/etc/uci-defaults/53-vxlan-node
@ -1,18 +0,0 @@
 uci batch <<EOF
 set network.vxlan0=interface
 set network.vxlan0.proto=vxlan6
 set network.vxlan0.port=8472
 set network.vxlan0.ip6addr=auto
 set network.vxlan0.srcportmin=8472
 set network.vxlan0.srcportmax=8473
 set network.vxlan0.ageing=30
 set network.vxlan0.mtu=1422
 set network.vxlan0.vid=0
 set network.vxlan0.disabled=1
 set network.vxbat=interface
 set network.vxbat.proto=batadv_hardif
 set network.vxbat.master=bat0
 set network.vxbat.ifname=vxlan0
 set network.vxbat.disabled=1
 EOF
--- a/src/packages/fff/fff-vxlan-node-vpn/files/usr/lib/vpn-select.d/vxlan
+++ b/src/packages/fff/fff-vxlan-node-vpn/files/usr/lib/vpn-select.d/vxlan
@ -1,24 +0,0 @@
 protocol=vxlan
 vxlan_clear() {
 	while uci -q delete network.@vxlan_peer[0]; do :; done
 	uci set network.vxlan0.vid="0"
 	uci set network.vxlan0.disabled="1"
 	uci set network.vxbat.disabled="1"
 }
 vxlan_addpeer() {
 	json_get_var address address
 	address=$(ping6 -w1 -c1 "$address" | awk '/from/ {print substr($4, 1, length($4)-1); exit}')
 	[ -z $address ] && return ## address not reachable
 	uci set network.vxlan0.vid="$id"
 	uci set network.vxlan0.disabled="0"
 	uci set network.vxbat.disabled="0"
 	uci add network vxlan_peer
 	uci set network.@vxlan_peer[-1].vxlan="vxlan0"
 	uci set network.@vxlan_peer[-1].dst="$address"
 }
 vxlan_start_stop() {
 	reload_config
 }
--- a/src/packages/fff/fff-web-hood/Makefile
+++ b/src/packages/fff/fff-web-hood/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-web-hood
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=2
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-web-mqtt/Makefile
+++ b/src/packages/fff/fff-web-mqtt/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-web-mqtt
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=1
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
--- a/src/packages/fff/fff-web-ui/Makefile
+++ b/src/packages/fff/fff-web-ui/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-web-ui
-PKG_RELEASE:=$(shell echo -n $$(( $(COMMITCOUNT) + 20 )))
+PKG_RELEASE:=18
 include $(INCLUDE_DIR)/package.mk
--- a/src/packages/fff/fff-web-ui/files/www/include/header
+++ b/src/packages/fff/fff-web-ui/files/www/include/header
@ -65,12 +65,9 @@ fi
 			if [ -s /tmp/isupdate ] ; then
 				VERSION=$(cat /tmp/isupdate)
 			%>
-				<div id="updatenotification" style="padding: 15px; margin: 4px; background-color: #cfcfcf; margin-bottom: 15px;">
+				<table style="width: 100%;">
-					<h3 style="font-size: 14pt; font-weight: bold; margin-bottom: 10px;">Es ist eine neue Firmware für deinen Freifunkrouter verfügbar!</h3>
+					<tr>
-					<table style="margin-bottom: 10px;">
+						<td><span style="font-size: 16pt; color:#FF0000">Es ist eine neue Firmware für deinen Freifunkrouter verfügbar.<br />Alte Version: <%= ${FIRMWARE_VERSION} %> - Neue Version: <%= ${VERSION} %> <br /><a href="upgrade.html">Firmware jetzt updaten</a></span></td>
-					<tr><td>Installierte Version: </td><td><b><%= ${FIRMWARE_VERSION} %></b></td></tr>
+					</tr>
-					<tr><td>Neue Version: </td><td><b><%= ${VERSION} %></b></td></tr>
+				</table>
 					</table>
 					<a href="https://dev.freifunk-franken.de" target="_blank">Zum Download</a> | <a href="upgrade.html">Zur Upgradeseite</a>
 				</div>
 			<% fi %>
--- a/src/packages/fff/fff-web-ui/files/www/public/cgi-bin/status.html
+++ b/src/packages/fff/fff-web-ui/files/www/public/cgi-bin/status.html
@ -61,8 +61,8 @@ contact="$(uci -q get "fff.system.contact")"
 							<legend>Status</legend>
 							<table>
 								<tr><th>Hood:</th><td><% echo "$hood" %></td></tr>
-								<tr><th>Bekannte Knoten:</th><td><% echo -n $(($(batctl tg -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l)+1)) %></td></tr>
+								<tr><th>Bekannte Knoten:</th><td><% echo -n $(($(batctl tg -H | cut -b 40-56 | sort | uniq | wc -l 2> /dev/null)+1)) %></td></tr>
-								<tr><th>Nachbarknoten:</th><td><% echo -n $(batctl o -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l) %></td></tr>
+								<tr><th>Nachbarknoten:</th><td><% echo -n $(batctl o -H | cut -b 40-56 | sort | uniq | wc -l 2> /dev/null) %></td></tr>
 								<tr><th>Lokale Clients:</th><td><% echo -n $(batctl tl -H 2> /dev/null | grep -c 'W') %></td></tr>
 							</table>
 						</fieldset>
--- a/src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/home.html
+++ b/src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/home.html
@ -59,8 +59,8 @@ fi
 		<tr><th>Name:</th><td><%= ${HOSTNAME} %></td></tr>
 		<tr><th>Modell:</th><td><% cat /tmp/sysinfo/model 2>/dev/null %></td></tr>
 		<tr><th>MAC-Adresse:</th><td><%= $(cat /sys/class/net/br-client/address) %></td></tr>
-		<tr><th>Bekannte Knoten:</th><td><%= $(($(batctl tg -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l)+1)) %></td></tr>
+		<tr><th>Bekannte Knoten:</th><td><%= $(($(batctl tg -H | cut -b 40-56 | sort | uniq | wc -l 2>/dev/null)+1)) %></td></tr>
-		<tr><th>Nachbarknoten:</th><td><%= $(batctl o -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l) %></td></tr>
+		<tr><th>Nachbarknoten:</th><td><%= $(batctl o -H | cut -b 40-56 | sort | uniq | wc -l 2>/dev/null) %></td></tr>
 		<tr><th>VPN via fastd:</th><td><%= ${vpn_active} %></td></tr>
 		<tr><th>fastd public key:</th><td><%= ${fastd_pub} %></td></tr>
 		<tr><th>Laufzeit:</th><td><%= ${uptime} %></td></tr>
--- a/src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/ports.html
+++ b/src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/ports.html
@ -9,8 +9,8 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
 		echo "ETHMODE=\"${POST_mode}\" # set via WebUI" >> /etc/network.config
 		sed -i '/^FORCEPARSE/d' /etc/network.config
 		echo "FORCEPARSE='2'" >> /etc/network.config
-		do_reconfigure=1
+		do_reboot=1
-		MSG='<span class="green">Port Modus wird ge&auml;ndert!</span>'
+		MSG='<span class="green">Port Modus ge&auml;ndert! Router startet neu...</span>'
 	fi
 	if [ "$POST_change_twoport" != "" ] ; then
 		sed -i '/^.*# set via WebUI/d' /etc/network.config
@ -18,8 +18,8 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
 		echo "LAN1MODE=\"${POST_mode1}\" # set via WebUI" >> /etc/network.config
 		sed -i '/^FORCEPARSE/d' /etc/network.config
 		echo "FORCEPARSE='2'" >> /etc/network.config
-		do_reconfigure=1
+		do_reboot=1
-		MSG='<span class="green">Port Modus wird ge&auml;ndert!</span>'
+		MSG='<span class="green">Port Modus ge&auml;ndert! Router startet neu...</span>'
 	fi
 fi
@ -151,7 +151,7 @@ format_port() {
 	</fieldset>
 	</td></tr>
 <% fi %>
-<% if grep -q "ONE_PORT" "/etc/network.$board_name" ; then %>
+<% if grep -q "ONE_PORT" "/etc/network.$board_name" || grep -q "ETHPORT" "/etc/network.$board_name" ; then %>
 	<%
 		# Device has a port set by $ETHMODE
 		. /etc/network.mode
@ -182,12 +182,13 @@ format_port() {
 				Wenn diese Einstellung ver&auml;ndert wird, wird eine evtl. vorhandene manuelle Netzwerkkonfiguration in der
 				<tt>/etc/config/network</tt> &uuml;berschrieben.<br />
 				Anschlie&szlig;end wird der Router neugestartet.
 			</td></tr>
 		</table>
 	</fieldset>
 	</td></tr>
 <% fi %>
-<% if grep -q "TWO_PORT" "/etc/network.$board_name" ; then %>
+<% if grep -q "LAN0PORT" "/etc/network.$board_name" || grep -q "LAN1PORT" "/etc/network.$board_name" ; then %>
 	<%
 		# Device has two ports
 		. /etc/network.mode
@ -227,6 +228,7 @@ format_port() {
 				Wenn diese Einstellung ver&auml;ndert wird, wird eine evtl. vorhandene manuelle Netzwerkkonfiguration in der
 				<tt>/etc/config/network</tt> &uuml;berschrieben.<br />
 				Anschlie&szlig;end wird der Router neugestartet.
 			</td></tr>
 		</table>
 	</fieldset>
@ -237,7 +239,7 @@ format_port() {
 <%in /www/include/footer %>
 <%
 # write
-if [ "$do_reconfigure" = "1" ] ; then
+if [ "$do_reboot" = "1" ] ; then
-	configurenetwork
+	reboot
 fi
 %>
--- a/src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/settings.html
+++ b/src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/settings.html
@ -61,7 +61,7 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
 		uci -q commit
-		MSG='<span class="green">Daten gespeichert!</span>'
+		MSG='<span class="green">Daten gespeichert! - Bitte Router neustarten.</span>'
 	fi
 fi
 %>
--- a/src/packages/fff/fff-web-ui/files/www/ssl/leaflet.css.gz
+++ b/src/packages/fff/fff-web-ui/files/www/ssl/leaflet.css.gz
--- a/src/packages/fff/fff-web-ui/files/www/ssl/leaflet.js.gz
+++ b/src/packages/fff/fff-web-ui/files/www/ssl/leaflet.js.gz
--- a/src/packages/fff/fff-wireguard/Makefile
+++ b/src/packages/fff/fff-wireguard/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=fff-wireguard
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=8
 include $(INCLUDE_DIR)/package.mk
@ -14,7 +14,7 @@ define Package/fff-wireguard
 		+kmod-wireguard \
 		+owipcalc \
 		+wireguard-tools \
-		+fff-babel \
+		+fff-babeld \
 		+fff-network
 endef
--- a/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
+++ b/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
@ -31,7 +31,7 @@ configure() {
 		fi
 	}
-	config_load network
+	config_load babeld
 	config_foreach remove_wgpeer interface
@ -128,7 +128,7 @@ configure() {
 		babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
 		# add babel interface
-		babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babel interface for wgpeer $name"; exit 1; }
+		babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
 	}
 	config_load gateway
@ -137,16 +137,12 @@ configure() {
 apply() {
 	uci commit network
 	uci commit babeld
 	uci commit gateway
 	babel_apply
 }
 reload() {
 	babel_reload
 }
 revert() {
 	uci revert network
 	uci revert babeld
 	uci revert gateway
 	babel_revert
 }
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,2 @@`
							`#solves MTU problem with bad ISPs`
							`iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu`