bsp/x86-64: Include vmxnet3 driver

Signed-off-by: Fabian Bläse <fabian@blaese.de>

.woodpecker.yml

@@ -0,0 +1,45 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      tags: true
+
+pipeline:
+  buildall-layer3:
+    image: openwrtorg/imagebuilder
+    commands:
+      - export HOME=/home/build/openwrt
+      - sudo chown -R build:build .
+      - git config --global user.email "ci@fff.community"
+      - git config --global user.name "FFF CI"
+      - ./buildscript selectvariant layer3
+      - ./buildscript selectbsp bsp/ath79-generic.bsp
+      - ./buildscript prepare
+      - ./buildscript buildall
+
+  buildall-node:
+    image: openwrtorg/imagebuilder
+    commands:
+      - export HOME=/home/build/openwrt
+      - sudo chown -R build:build .
+      - git config --global user.email "ci@fff.community"
+      - git config --global user.name "FFF CI"
+      - ./buildscript selectvariant node
+      - ./buildscript selectbsp bsp/ath79-generic.bsp
+      - ./buildscript prepare
+      - ./buildscript buildall
+
+  distribute:
+    image: alpine/git
+    volumes:
+      - /var/lib/woodpecker/artifacts:/var/run/artifacts
+    commands:
+      - rm -rf /var/run/artifacts/$(git describe --tags)
+      - mkdir -p /var/run/artifacts/$(git describe --tags)
+      - cp -r bin/* /var/run/artifacts/$(git describe --tags)/
+      - echo
+      - echo
+      - echo "You can download the built firmware images here:"
+      - echo "https://ci.fff.community/artifacts/$(git describe --tags)"
+
+branches: [ master ]

bsp/ath79-generic/.config

@@ -7,11 +7,11 @@ CONFIG_TARGET_MULTI_PROFILE=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-ar150=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_glinet_gl-ar150=""
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c25-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v2=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v2=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c7-v2="-kmod-ath10k-ct kmod-ath10k -ath10k-firmware-qca988x-ct ath10k-firmware-qca988x"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v5=y
@@ -88,6 +88,7 @@ CONFIG_PACKAGE_wpad-mini=m
 CONFIG_PACKAGE_ath10k-firmware-qca9887=m
 CONFIG_PACKAGE_ath10k-firmware-qca9888=m
 CONFIG_PACKAGE_ath10k-firmware-qca988x=m
+CONFIG_PACKAGE_kmod-ath10k-smallbuffers=m
 CONFIG_PACKAGE_kmod-ath10k=m
 CONFIG_PACKAGE_ath10k-firmware-qca9887-ct=m
 CONFIG_PACKAGE_ath10k-firmware-qca9888-ct=m

bsp/octeon.bsp

@@ -1,4 +1,5 @@
 chipset=octeon
+subtarget=generic
 
 images=(
         "openwrt-${chipset}-ubnt_edgerouter-4-*"

bsp/x86-64.bsp

@@ -0,0 +1,4 @@
+chipset=x86
+subtarget=64
+images=("openwrt-${chipset}-${subtarget}-generic-squashfs-combined-*"
+        )

bsp/x86-64/.config

@@ -0,0 +1,19 @@
+# Generated using "./buildscript config openwrt".
+# Do no edit manually
+#
+CONFIG_TARGET_x86=y
+CONFIG_TARGET_x86_64=y
+CONFIG_TARGET_x86_64_DEVICE_generic=y
+# CONFIG_TARGET_ROOTFS_EXT4FS is not set
+CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
+# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
+# CONFIG_BUSYBOX_CONFIG_CROND is not set
+# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
+CONFIG_CLEAN_IPKG=y
+# CONFIG_PACKAGE_ALFRED_VIS is not set
+CONFIG_PACKAGE_kmod-vmxnet3=y
+CONFIG_PACKAGE_opkg=m
+CONFIG_STRIP_KERNEL_EXPORTS=y

build_patches/openwrt/0005-mac80211-add-back-ath10k_pci-memory-hacks.patch

@@ -1,72 +0,0 @@
-From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
-Date: Wed, 10 Feb 2021 22:53:00 +0100
-Subject: mac80211: add back ath10k_pci memory hacks
-
-These hacks have been removed in commit 1e27befe63ff ("mac80211: remove
-ath10k_pci memory hacks").
-
-However, since we still use mainline ath10k, we will need them.
-
-Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
-diff --git a/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch b/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch
-new file mode 100644
-index 0000000000000000000000000000000000000000..e907c7ab73677a3db928ef3620d77bf22a4d752a
---- /dev/null
-+++ b/package/kernel/mac80211/patches/ath/960-ath10k-limit-htt-rx-ring-size.patch
-@@ -0,0 +1,11 @@
-+--- a/drivers/net/wireless/ath/ath10k/htt.h
-++++ b/drivers/net/wireless/ath/ath10k/htt.h
-+@@ -236,7 +236,7 @@ enum htt_rx_ring_flags {
-+ };
-+ 
-+ #define HTT_RX_RING_SIZE_MIN 128
-+-#define HTT_RX_RING_SIZE_MAX 2048
-++#define HTT_RX_RING_SIZE_MAX 512
-+ #define HTT_RX_RING_SIZE HTT_RX_RING_SIZE_MAX
-+ #define HTT_RX_RING_FILL_LEVEL (((HTT_RX_RING_SIZE) / 2) - 1)
-+ #define HTT_RX_RING_FILL_LEVEL_DUAL_MAC (HTT_RX_RING_SIZE - 1)
-diff --git a/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch b/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch
-new file mode 100644
-index 0000000000000000000000000000000000000000..b5e5c3a9bb00a407096936ece1916e331e0164f5
---- /dev/null
-+++ b/package/kernel/mac80211/patches/ath/961-ath10k-limit-pci-buffer-size.patch
-@@ -0,0 +1,38 @@
-+--- a/drivers/net/wireless/ath/ath10k/pci.c
-++++ b/drivers/net/wireless/ath/ath10k/pci.c
-+@@ -131,7 +131,7 @@ static const struct ce_attr pci_host_ce_
-+ 		.flags = CE_ATTR_FLAGS,
-+ 		.src_nentries = 0,
-+ 		.src_sz_max = 2048,
-+-		.dest_nentries = 512,
-++		.dest_nentries = 128,
-+ 		.recv_cb = ath10k_pci_htt_htc_rx_cb,
-+ 	},
-+ 
-+@@ -140,7 +140,7 @@ static const struct ce_attr pci_host_ce_
-+ 		.flags = CE_ATTR_FLAGS,
-+ 		.src_nentries = 0,
-+ 		.src_sz_max = 2048,
-+-		.dest_nentries = 128,
-++		.dest_nentries = 64,
-+ 		.recv_cb = ath10k_pci_htc_rx_cb,
-+ 	},
-+ 
-+@@ -167,7 +167,7 @@ static const struct ce_attr pci_host_ce_
-+ 		.flags = CE_ATTR_FLAGS,
-+ 		.src_nentries = 0,
-+ 		.src_sz_max = 512,
-+-		.dest_nentries = 512,
-++		.dest_nentries = 128,
-+ 		.recv_cb = ath10k_pci_htt_rx_cb,
-+ 	},
-+ 
-+@@ -192,7 +192,7 @@ static const struct ce_attr pci_host_ce_
-+ 		.flags = CE_ATTR_FLAGS,
-+ 		.src_nentries = 0,
-+ 		.src_sz_max = 2048,
-+-		.dest_nentries = 128,
-++		.dest_nentries = 96,
-+ 		.recv_cb = ath10k_pci_pktlog_rx_cb,
-+ 	},
-+ 

build_patches/openwrt/0011-generic-add-support-for-EON-EN25QX128A-spi-nor-flash.patch

@@ -0,0 +1,106 @@
+From 3b63209f03007e755c4a076d0a81a60fdf15dcd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
+Date: Wed, 16 Nov 2022 11:41:32 +0100
+Subject: [PATCH] generic: add support for EON EN25QX128A spi nor flash
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add support for EON EN25QX128A spi nor flash with no flags as it does
+support SFDP parsing.
+
+Fixes: #9442
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
+[fabian@blaese.de: Backport to Kernel 5.4]
+Signed-off-by: Fabian Bläse <fabian@blaese.de>
+---
+ .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
+ .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
+ .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
+ 3 files changed, 63 insertions(+)
+ create mode 100644 target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
+ create mode 100644 target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
+ create mode 100644 target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
+
+diff --git a/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
+new file mode 100644
+index 0000000000..0a681d6753
+--- /dev/null
++++ b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
+@@ -0,0 +1,21 @@
++From: Christian Marangi <ansuelsmth@gmail.com>
++Subject: kernel/mtd: add support for EON EN25QX128A
++
++Add support for EON EN25QX128A with no flags as it does
++support SFDP parsing.
++
++Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
++---
++ drivers/mtd/spi-nor/spi-nor.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/drivers/mtd/spi-nor/eon.c
+++++ b/drivers/mtd/spi-nor/eon.c
++@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
++ 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
++ 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
+++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
++ 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
++ 	{ "en25qh16",   INFO(0x1c7015, 0, 64 * 1024,   32,
+diff --git a/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
+new file mode 100644
+index 0000000000..0a681d6753
+--- /dev/null
++++ b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
+@@ -0,0 +1,21 @@
++From: Christian Marangi <ansuelsmth@gmail.com>
++Subject: kernel/mtd: add support for EON EN25QX128A
++
++Add support for EON EN25QX128A with no flags as it does
++support SFDP parsing.
++
++Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
++---
++ drivers/mtd/spi-nor/spi-nor.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/drivers/mtd/spi-nor/eon.c
+++++ b/drivers/mtd/spi-nor/eon.c
++@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
++ 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
++ 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
+++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
++ 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
++ 	{ "en25qh16",   INFO(0x1c7015, 0, 64 * 1024,   32,
+diff --git a/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
+new file mode 100644
+index 0000000000..0a681d6753
+--- /dev/null
++++ b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
+@@ -0,0 +1,18 @@
++From: Fabian Bläse <fabian@blaese.de>
++Subject: kernel/mtd: add support for EON EN25QX128A
++
++Signed-off-by: Fabian Bläse <fabian@blaese.de>
++---
++ drivers/mtd/spi-nor/spi-nor.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/drivers/mtd/spi-nor/spi-nor.c
+++++ b/drivers/mtd/spi-nor/spi-nor.c
++@@ -2240,8 +2240,9 @@ static const struct flash_info spi_nor_i
++ 	{ "en25p64",    INFO(0x1c2017, 0, 64 * 1024,  128, 0) },
++ 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
++ 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256, SECT_4K) },
+++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024,  256, 0) },
++ 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
++ 			SECT_4K | SPI_NOR_DUAL_READ) },
++ 	{ "en25qh32",   INFO(0x1c7016, 0, 64 * 1024,   64, 0) },
+-- 
+2.38.1
+

build_patches/openwrt/0020-kernel-5.4-backport-fix-to-allow-bridge-in-bridge-co.patch

@@ -1,101 +0,0 @@
-From c50ece58c41647880cc74c927d98b465cdfbdad8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
-Date: Sun, 29 Aug 2021 21:21:35 +0200
-Subject: [PATCH] kernel: backport switchdev fix for bridge in bridge
- configurations
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch fixes the forwarding behavior of bridge in bridge
-configurations with DSA.
-
-Without it, the configuration of the upper bridge might overwrite
-settings of the lower bridge. For example, a vlan-aware bridge
-with DSA interfaces in it might be offloaded to the DSA hardware. If the
-bridge interface itself gets slave of a different bridge without vlan
-filtering, the vlan filtering setting of the lower bridge is overwritten
-by the upper bridge, which results in an incorrect hardware
-configuration.
-
-This was backported from kernel 5.7.
-
-Ref: https://lore.kernel.org/netdev/20191222192235.GK25745@shell.armlinux.org.uk/
-Fixes: FS#3996
-Signed-off-by: Fabian Bläse <fabian@blaese.de>
----
- ...-not-propagate-bridge-updates-across.patch | 60 +++++++++++++++++++
- 1 file changed, 60 insertions(+)
- create mode 100644 target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
-
-diff --git a/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch b/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
-new file mode 100644
-index 000000000000..bc8014b772f8
---- /dev/null
-+++ b/target/linux/generic/backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
-@@ -0,0 +1,60 @@
-+From 07c6f9805f12f1bb538ef165a092b300350384aa Mon Sep 17 00:00:00 2001
-+From: Russell King <rmk+kernel@armlinux.org.uk>
-+Date: Wed, 26 Feb 2020 17:14:21 +0000
-+Subject: [PATCH] net: switchdev: do not propagate bridge updates across
-+ bridges
-+
-+When configuring a tree of independent bridges, propagating changes
-+from the upper bridge across a bridge master to the lower bridge
-+ports brings surprises.
-+
-+For example, a lower bridge may have vlan filtering enabled.  It
-+may have a vlan interface attached to the bridge master, which may
-+then be incorporated into another bridge.  As soon as the lower
-+bridge vlan interface is attached to the upper bridge, the lower
-+bridge has vlan filtering disabled.
-+
-+This occurs because switchdev recursively applies its changes to
-+all lower devices no matter what.
-+
-+Reviewed-by: Ido Schimmel <idosch@mellanox.com>
-+Tested-by: Ido Schimmel <idosch@mellanox.com>
-+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
-+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
-+Signed-off-by: David S. Miller <davem@davemloft.net>
-+---
-+ net/switchdev/switchdev.c | 9 +++++++++
-+ 1 file changed, 9 insertions(+)
-+
-+diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c
-+index 60630762a748b7..f25604d68337cf 100644
-+--- a/net/switchdev/switchdev.c
-++++ b/net/switchdev/switchdev.c
-+@@ -476,6 +476,9 @@ static int __switchdev_handle_port_obj_a
-+ 	 * necessary to go through this helper.
-+ 	 */
-+ 	netdev_for_each_lower_dev(dev, lower_dev, iter) {
-++		if (netif_is_bridge_master(lower_dev))
-++			continue;
-++
-+ 		err = __switchdev_handle_port_obj_add(lower_dev, port_obj_info,
-+ 						      check_cb, add_cb);
-+ 		if (err && err != -EOPNOTSUPP)
-+@@ -528,6 +531,9 @@ static int __switchdev_handle_port_obj_d
-+ 	 * necessary to go through this helper.
-+ 	 */
-+ 	netdev_for_each_lower_dev(dev, lower_dev, iter) {
-++		if (netif_is_bridge_master(lower_dev))
-++			continue;
-++
-+ 		err = __switchdev_handle_port_obj_del(lower_dev, port_obj_info,
-+ 						      check_cb, del_cb);
-+ 		if (err && err != -EOPNOTSUPP)
-+@@ -579,6 +585,9 @@ static int __switchdev_handle_port_attr_
-+ 	 * necessary to go through this helper.
-+ 	 */
-+ 	netdev_for_each_lower_dev(dev, lower_dev, iter) {
-++		if (netif_is_bridge_master(lower_dev))
-++			continue;
-++
-+ 		err = __switchdev_handle_port_attr_set(lower_dev, port_attr_info,
-+ 						       check_cb, set_cb);
-+ 		if (err && err != -EOPNOTSUPP)
--- 
-2.33.0
-

build_patches/openwrt/0020-mt7621-retain-old-compat_version.patch

@@ -1,19 +0,0 @@
-From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
-Date: Sat, 23 Oct 2021 23:34:07 +0200
-Subject: [PATCH] mt7621: retain old compat_version
-
-diff --git a/target/linux/ramips/image/mt7621.mk b/target/linux/ramips/image/mt7621.mk
-index a3bc14d59d..99887e8192 100644
---- a/target/linux/ramips/image/mt7621.mk
-+++ b/target/linux/ramips/image/mt7621.mk
-@@ -91,8 +91,7 @@ define Build/zytrx-header
- endef
- 
- define Device/dsa-migration
--  DEVICE_COMPAT_VERSION := 1.1
--  DEVICE_COMPAT_MESSAGE := Config cannot be migrated from swconfig to DSA
-+  DEVICE_COMPAT_VERSION := 1.0
- endef
- 
- define Device/adslr_g7
-

build_patches/openwrt/0050-Disable-ipq40xx-lan-wan-separation.patch

@@ -38,20 +38,20 @@ index ac11655904..147e159ea1 100755
  	;;
  avm,fritzbox-7530 |\
 diff --git a/target/linux/ipq40xx/base-files/etc/board.d/02_network b/target/linux/ipq40xx/base-files/etc/board.d/02_network
-index 1d4c78833a..ea2cc60186 100755
+index 87c79db5e1..666be0d145 100755
 --- a/target/linux/ipq40xx/base-files/etc/board.d/02_network
 +++ b/target/linux/ipq40xx/base-files/etc/board.d/02_network
-@@ -59,9 +59,8 @@ ipq40xx_setup_interfaces()
+@@ -58,9 +58,8 @@ ipq40xx_setup_interfaces()
+ 	avm,fritzbox-4040|\
  	linksys,ea6350v3|\
- 	linksys,ea8300|\
- 	linksys,mr8300)
+ 	linksys,ea8300)
 -		ucidef_set_interfaces_lan_wan "eth0" "eth1"
  		ucidef_add_switch "switch0" \
 -			"0u@eth0" "1:lan" "2:lan" "3:lan" "4:lan"
 +			"0@eth0" "1:lan" "2:lan" "3:lan" "4:lan" "5:wan"
  		;;
- 	avm,fritzbox-7530)
- 		ucidef_add_switch "switch0" \
+ 	linksys,mr8300)
+ 		ucidef_set_interfaces_lan_wan "eth0" "eth1"
 diff --git a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h b/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
 index 015e5f5026..daa60639d1 100644
 --- a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
@@ -80,10 +80,10 @@ index 015e5f5026..daa60639d1 100644
  /* Queues exposed to linux kernel */
  #define EDMA_NETDEV_TX_QUEUE 4
 diff --git a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
-index c35ba2799f..0517e4f29e 100644
+index 545e3985ae..28453c2363 100644
 --- a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
 +++ b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
-@@ -1481,6 +1481,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
+@@ -1483,6 +1483,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
  	unsigned long bmp;
  
  	/* By default Enable VLAN */
@@ -91,7 +91,7 @@ index c35ba2799f..0517e4f29e 100644
  	priv->vlan = 1;
  	priv->vlan_table[AR40XX_LAN_VLAN] = priv->cpu_bmp | priv->lan_bmp;
  	priv->vlan_table[AR40XX_WAN_VLAN] = priv->cpu_bmp | priv->wan_bmp;
-@@ -1492,6 +1493,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
+@@ -1494,6 +1495,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
  	bmp = priv->wan_bmp;
  	for_each_set_bit(port, &bmp, AR40XX_NUM_PORTS)
  			priv->pvid[port] = AR40XX_WAN_VLAN;
@@ -100,7 +100,7 @@ index c35ba2799f..0517e4f29e 100644
  	return 0;
  }
 diff --git a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
-index 7b2ddfe00d..1a01b08e41 100644
+index 3567eb7810..b13b312a91 100644
 --- a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
 +++ b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
 @@ -36,7 +36,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

build_patches/openwrt/0100-Add-hack-which-fixes-forwarding-on-a-stacked-bridge-.patch

@@ -0,0 +1,32 @@
+From f53b71d2907eeb0d80e79d99fa7b756b5e5bf32b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
+Date: Thu, 24 Feb 2022 00:04:47 +0100
+Subject: [PATCH] Add hack which fixes forwarding on a stacked bridge
+ configuration using DSA
+
+---
+ .../hack-5.4/999-fix-stacked-bridge-forwarding.patch | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+ create mode 100644 target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
+
+diff --git a/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
+new file mode 100644
+index 0000000000..e1d4cb9cd5
+--- /dev/null
++++ b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
+@@ -0,0 +1,12 @@
++--- a/net/bridge/br_input.c
+++++ b/net/bridge/br_input.c
++@@ -52,6 +52,9 @@ static int br_pass_frame_up(struct sk_bu
++ 		return NET_RX_DROP;
++ 	}
++ 
+++	/* remove offload flag, so upper bridges do not drop the packet */
+++	br_switchdev_frame_unmark(skb);
+++
++ 	indev = skb->dev;
++ 	skb->dev = brdev;
++ 	skb = br_handle_vlan(br, NULL, vg, skb);
+-- 
+2.35.1
+

build_patches/openwrt/0200-mpc85xx-Drop-pci-aliases-to-avoid-domain-changes.patch

@@ -0,0 +1,158 @@
+From 7f4b4c29f3489697dca7495216460d0ed5023e02 Mon Sep 17 00:00:00 2001
+From: Martin Kennedy <hurricos@gmail.com>
+Date: Mon, 29 Aug 2022 20:47:24 -0400
+Subject: [PATCH] mpc85xx: Drop pci aliases to avoid domain changes
+
+As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
+domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
+domain address is no longer numbered by the lowest 16 bits of the PCI
+register address after a fallthrough. Instead of the fallthrough, the
+enumeration process accepts the alias ID (as determined by
+`of_alias_scan()`). This causes e.g.:
+
+9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
+9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
+
+to become
+
+0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
+0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
+
+... which then causes the sysfs path of the netdev to change,
+invalidating the `wifi_device.path`s enumerated in
+`/etc/config/wireless`.
+
+One other solution might be to migrate the uci configuration, as was
+done for mvebu in commit 0bd5aa89fcf2 ("mvebu: Migrate uci config to
+new PCIe path"). However, there are concerns that the sysfs path will
+change once again once some upstream patches[^2][^3] are merged and
+backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
+
+Instead, remove the aliases and allow the fallthrough to continue for
+now. We will provide a migration in a later release.
+
+This was first reported as a Github issue[^1].
+
+[^1]: https://github.com/openwrt/openwrt/issues/10530
+[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
+[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/
+
+Fixes: #10530
+Tested-by: Martin Kennedy <hurricos@gmail.com>
+[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
+Signed-off-by: Martin Kennedy <hurricos@gmail.com>
+---
+ .../files/arch/powerpc/boot/dts/hiveap-330.dts     | 13 +++++++++++++
+ .../mpc85xx/files/arch/powerpc/boot/dts/panda.dts  | 14 ++++++++++++++
+ .../files/arch/powerpc/boot/dts/red-15w-rev1.dts   | 14 ++++++++++++++
+ .../files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts  | 13 +++++++++++++
+ .../files/arch/powerpc/boot/dts/ws-ap3710i.dts     | 13 +++++++++++++
+ 6 files changed, 80 insertions(+)
+
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
+index ccf60eaeed0e1..d6a8da84ef66d 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
+@@ -300,3 +300,16 @@
+ 	};
+ };
+ /include/ "fsl/p1020si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
+index baaa4a43fd559..9be822f7bb8ac 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
+@@ -265,3 +265,17 @@
+ 	};
+ };
+ /include/ "fsl/p1020si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
++
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
+index 1fd6a4aa49713..db35602b94b5b 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
+@@ -214,3 +214,17 @@
+ };
+ 
+ /include/ "fsl/p1010si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
++
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
+index fbe1c0ee705d2..12281808aa5b6 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
+@@ -302,3 +302,16 @@
+ 		/delete-node/ crypto@30000; /* Pulled in by p1010si-post */
+ 	};
+ };
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
+index c5588d80275e2..5d81da4686413 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
+@@ -173,3 +173,16 @@
+ 
+ };
+ /include/ "fsl/p1020si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};

buildscript

@@ -7,15 +7,15 @@ set -o pipefail
 builddir=./build
 
 # OpenWrt: package hashes correspond to core repo version
-OPENWRTREV="v21.02.0"
-PACKAGEREV="65057dcbb5de371503c9159de3d45824bec482e0"
-ROUTINGREV="c30c9ffc93702365439a7647244a052531f2e957"
+OPENWRTREV="v21.02.5"
+PACKAGEREV="0b16e3f359fe9d015861596d63c5bde4c56daa2e"
+ROUTINGREV="25e76489c83cfcee61e36a491896e1e9bfc3ec13"
 
 # Gluon packages: master from 2020-02-04
 GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
 
 OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl micrond mtr bmon"
-ROUTING_PKGS="kmod-batman-adv batctl alfred babeld"
+ROUTING_PKGS="kmod-batman-adv batctl alfred babeld bird2"
 GLUON_PKGS="simple-tc uradvd"
 
 FFF_VARIANTS="node layer3"
@@ -126,20 +126,9 @@ prepare() {
 
     patch_target
 
-    # apply variant to ensure the included file "variant.mk"
-    # exists in builddir.
-    apply_variant
-
     update_feeds
 }
 
-apply_variant() {
-    # set the variant for this build
-    export FFF_VARIANT=$(cat selected_variant)
-    # force the reevaluation of this Makefile to make note of the new variant
-    touch ./src/packages/fff/fff/Makefile
-}
-
 update_feeds() {
     ## generate own feeds.conf
     #this local variable should be globally configure variable used in get_source and here
@@ -174,8 +163,6 @@ update_feeds() {
 }
 
 prebuild() {
-    apply_variant
-
     #create filesdir for our config
     /bin/rm -rf "$builddir"/files
     mkdir "$builddir"/files
@@ -193,6 +180,9 @@ prebuild() {
         version="$variant-$version"
     fi
 
+    # select variant packages
+    echo "CONFIG_PACKAGE_fff-${variant}=y" >> "$builddir"/.config
+
     {
         echo "FIRMWARE_VERSION=\"$version\""
         echo "VARIANT=\"$variant\""
@@ -218,13 +208,19 @@ build() {
 
     case "$1" in
         "debug")
-            make V=99
+            if [ -n "$2" ]; then
+                make V=99 -j $2
+            else
+                make V=99
+            fi
             ;;
         "fast")
-            ionice -c 2 -- nice -n 1 -- make -j $((cpus*2))
+            [ -n "$2" ] && threads=$2 || threads=$((cpus*2))
+            ionice -c 2 -- nice -n 1 -- make -j $threads
             ;;
         *)
-            ionice -c 3 -- nice -n 10 -- make -j $((cpus+1))
+            [ -n "$2" ] && threads=$2 || threads=$((cpus+1))
+            ionice -c 3 -- nice -n 10 -- make -j $threads
             ;;
     esac
 
@@ -290,7 +286,13 @@ cp_firmware() {
             filename_build=${f##*/}
             filename_build=${filename_build//openwrt/fff-${version}}
             filename_build=${filename_build//squashfs-/}
-            filename_build=${filename_build//${chipset}-${subtarget}-/}
+
+            # The x86 OpenWrt target does not have a device name,
+            # so keep the target and subtarget for identification.
+            if [ "$chipset" != "x86" ]; then
+                filename_build=${filename_build//${chipset}-/}
+                filename_build=${filename_build//${subtarget}-/}
+            fi
             cp "$f" "$imagedestpath/$filename_build"
         done
     done
@@ -316,8 +318,7 @@ buildrelease() {
     fi
 
     cd bin/$variant
-    for binary in *.bin; do
-        md5sum "$binary" > ./"$binary".md5
+    for binary in *.bin *.img *.img.gz *.tar; do
         sha256sum "$binary" > ./"$binary".sha256
     done
     echo -e "VERSION:$version" > release.nfo
@@ -449,13 +450,13 @@ case "$1" in
     "build")
         if [ "$2" = "help" ] || [ "$2" = "x" ]; then
             echo "This option compiles the firmware"
-            echo "Normaly the build uses lower IO and System priorities, "
+            echo "Normally the build uses lower IO and System priorities, "
             echo "you can append \"fast\" option, to use normal user priorities"
             echo
-            echo "Usage: $0 $1 [fast|debug]"
+            echo "Usage: $0 $1 [fast|debug] [numthreads]"
             echo
         else
-            build "$2"
+            build "$2" "$3"
         fi
         ;;
     "config")

src/packages/fff/fff-alfred-monitoring-proxy/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-alfred-monitoring-proxy
-PKG_RELEASE:=5
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-alfred/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-alfred
-PKG_RELEASE:=2
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-babel-bird2/Makefile

@@ -0,0 +1,29 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-babel-bird2
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-babel-bird2
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken babel-bird2
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:=+bird2 +bird2c +owipcalc
+	PROVIDES:=fff-babel-implementation
+endef
+
+define Package/fff-babel-bird2/description
+	This is the Freifunk Franken Firmware babel-bird2 package.
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-babel-bird2/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-babel-bird2))

src/packages/fff/fff-babel-bird2/files/etc/bird-fff.conf

@@ -0,0 +1,123 @@
+# router id is not required for babeld, but necessary for bird startup
+router id 192.0.2.0;
+
+ipv4 table fff4;
+ipv6 sadr table fff6;
+
+protocol device {
+	scan time 15;
+}
+
+# device routes for ipv4 peering address
+protocol direct {
+	ipv4 {
+		table fff4;
+		import filter {
+			include "/tmp/bird/include/nat-filter.conf";
+
+			if (net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16) && net.len = 32 then {
+				accept;
+			}
+			reject;
+		};
+	};
+}
+
+# device routes on loopback interface
+protocol direct {
+	ipv4 {
+		table fff4;
+		import filter {
+			include "/tmp/bird/include/nat-filter.conf";
+
+			if net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16 then {
+				accept;
+			}
+			reject;
+		};
+	};
+
+	ipv6 sadr {
+		table fff6;
+		import filter {
+			if net ~ fdff::/64 from ::/0 then {
+				reject;
+			}
+
+			# only import GUA + ULA addresses
+			if net !~ 2000::/3 from ::/0 && net !~ fc00::/7 from ::/0 then {
+				reject;
+			}
+
+			accept;
+		};
+		import keep filtered;
+	};
+
+	interface "lo";
+}
+
+# ipv6 kernel route interface
+protocol kernel {
+	ipv6 sadr {
+		table fff6;
+		import filter {
+			# only import routes from kernel with proto static
+			if krt_source != 4 then {
+				reject;
+			}
+
+			if net ~ fdff::/64 from ::/0 then {
+				reject;
+			}
+
+			accept;
+		};
+		export all;
+		preference 200;
+	};
+	kernel table 10;
+	scan time 15;
+	learn yes;
+}
+
+# ipv4 kernel route interface
+protocol kernel {
+	ipv4 {
+		table fff4;
+		import filter {
+			include "/tmp/bird/include/nat-filter.conf";
+
+			# only import routes from kernel with proto static
+			if krt_source = 4 then {
+				accept;
+			}
+			reject;
+		};
+		export all;
+		preference 200;
+	};
+	kernel table 10;
+	scan time 15;
+	learn yes;
+}
+
+protocol babel {
+	# required due to static configuration of global router id.
+	# also improves reconnect speed after restart.
+	randomize router id yes;
+
+	ipv4 {
+		table fff4;
+		import all;
+		export all;
+	};
+
+	ipv6 sadr {
+		table fff6;
+		import all;
+		export all;
+	};
+
+	include "/tmp/bird/include/babelpeers.conf";
+};

src/packages/fff/fff-babel-bird2/files/etc/init.d/fff-bird

@@ -0,0 +1,45 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2010-2017 OpenWrt.org
+
+USE_PROCD=1
+START=70
+
+BIRD_BIN="/usr/sbin/bird"
+BIRD_CONF="/etc/bird.conf"
+BIRD_PID_FILE="/var/run/bird.pid"
+
+start_service() {
+    mkdir -p /var/run
+
+    set_include_path
+
+    procd_open_instance
+    procd_set_param command $BIRD_BIN -f -c $BIRD_CONF -P $BIRD_PID_FILE
+    procd_set_param file "$BIRD_CONF"
+    procd_set_param stdout 1
+    procd_set_param stderr 1
+    procd_set_param respawn
+    procd_close_instance
+}
+
+reload_service() {
+    set_include_path
+    procd_send_signal fff-bird
+}
+
+set_include_path() {
+    # Change include file path, so bird uses the correct configuration, depending on the configuration state:
+    #  - If test mode is active (and /tmp/bird/fff exists), switch to the temporary configuration to be tested.
+    #  - If new settings are applied or the old settings are restored after an unsuccessful test (and /tmp/bird/fff does not exist),
+    #    switch back to the permanent configuration (/etc/bird/fff).
+
+    mkdir -p /tmp/bird/include
+
+    if [ -d /tmp/bird/fff ]; then
+        echo 'include "/tmp/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
+        echo 'include "/tmp/bird/fff/nat-filter.conf";'   > /tmp/bird/include/nat-filter.conf
+    else
+        echo 'include "/etc/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
+        echo 'include "/etc/bird/fff/nat-filter.conf";'   > /tmp/bird/include/nat-filter.conf
+    fi
+}

src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/30-disable-bird2

@@ -0,0 +1,4 @@
+/etc/init.d/bird disable
+rm -f /etc/init.d/bird
+
+exit 0

src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/60-fff-bird-config

@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-3.0-only
+
+mv /etc/bird-fff.conf /etc/bird.conf
+
+exit 0

src/packages/fff/fff-babel-bird2/files/lib/functions/fff/babeldaemon/bird2

@@ -0,0 +1,72 @@
+# SPDX-License-Identifier: GPL-3.0-only
+
+babel_get_version() {
+	/usr/sbin/bird --version 2>&1 | sed "s/BIRD version /bird-/"
+}
+
+babel_add_interface() {
+	[ "$#" -ne "4" ] && return 1
+
+	local name="$1"
+	local interface="$2"
+	local type="$3"
+	local rxcost="$4"
+
+	mkdir -p /tmp/bird/fff/babelpeers
+	echo "interface \"$interface\" { type $type; rxcost $rxcost; };" > /tmp/bird/fff/babelpeers/$name.conf
+
+	return 0
+}
+
+babel_delete_interface() {
+	[ "$#" -ne "1" ] && return 1
+
+	local name="$1"
+
+	# Removing peers from /etc is not necessary, as all peers are generated into /tmp on every configuration run,
+	# which completely overwrites existing peers in /etc in the apply step.
+	rm -f /tmp/bird/fff/babelpeers/$name.conf
+
+	return 0
+}
+
+babel_add_redistribute_filter() {
+	return 0
+}
+
+babel_add_private_prefix_filter() {
+	[ "$#" -ne "1" ] && return 1
+
+	local prefix="$1"
+	prefix=$(owipcalc "$prefix" network prefix "$prefix")
+
+	mkdir -p /tmp/bird/fff
+	echo "if net ~ $prefix then reject;" > /tmp/bird/fff/nat-filter.conf
+
+	return 0
+}
+
+babel_remove_custom_redistribute_filters() {
+	mkdir -p /tmp/bird/fff
+	> /tmp/bird/fff/nat-filter.conf
+
+	return 0
+}
+
+babel_apply_implementation() {
+	# error output hidden because apply might be executed without a preceding configure step.
+	if [ -d /tmp/bird/fff ]; then
+		rm -rf /etc/bird/fff
+		mv /tmp/bird/fff /etc/bird/fff
+	fi
+
+	return 0
+}
+
+babel_reload_implementation() {
+	/etc/init.d/fff-bird reload
+}
+
+babel_revert() {
+	rm -r /tmp/bird/fff
+}

src/packages/fff/fff-babel-bird2/files/usr/lib/nodewatcher.d/80-bird2.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-only
+
+set -e
+set -o pipefail
+
+
+if ! birdc show status >/dev/null 2>&1; then
+	# bird daemon not running or unavailable. exit.
+	exit 0
+fi
+
+neighbours="$(birdc -r show babel neighbors |
+		tail -n +5 |
+		awk '{ printf "<neighbour><ip>%s</ip><outgoing_interface>%s</outgoing_interface><link_cost>%s</link_cost></neighbour>", $1, $2, $3 }'
+	)"
+
+echo -n "<babel_neighbours>$neighbours</babel_neighbours>"
+
+exit 0

src/packages/fff/fff-babel/Makefile

@@ -0,0 +1,28 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-babel
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-babel
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken babel
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:=+fff-babel-implementation
+endef
+
+define Package/fff-babel/description
+	This is the Freifunk Franken Firmware babel package.
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-babel/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-babel))

src/packages/fff/fff-babel/files/etc/layer3.d/40-babel

@@ -26,7 +26,7 @@ configure() {
 		fi
 	}
 
-	config_load babeld
+	config_load network
 	config_foreach remove_babelpeer interface
 
 	#add new peers
@@ -75,14 +75,14 @@ configure() {
 		babel_add_peer6addr "network.$prefixname.ip6addr"
 
 		# add babel interface
-		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babeld interface for babelpeer $name"; exit 1; }
+		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babel interface for babelpeer $name"; exit 1; }
 	}
 
 	config_load gateway
 	config_foreach add_babelpeer babelpeer
 
 
-	# configure babeld filters for custom ipv6 addresses
+	# configure babel filters for custom ipv6 addresses
 	## remove old filters
 	babel_remove_custom_redistribute_filters
 
@@ -90,14 +90,25 @@ configure() {
 	for prefix in $(uci -q get gateway.@client[0].ip6addr); do
 		babel_add_redistribute_filter "$prefix"
 	done
+
+	## add deny filters for client prefixes used with snat
+	if [ "$(uci -q get gateway.@client[0].snat)" = "1" ]; then
+		for prefix in $(uci -q get gateway.@client[0].ipaddr); do
+			babel_add_private_prefix_filter "$prefix"
+		done
+	fi
 }
 
 apply() {
 	uci commit network
-	uci commit babeld
+	babel_apply
+}
+
+reload() {
+	babel_reload
 }
 
 revert() {
 	uci revert network
-	uci revert babeld
+	babel_revert
 }

src/packages/fff/fff-babel/files/lib/functions/fff/babel

@@ -1,3 +1,9 @@
+
+implementation=$(uci -q get babelimpl.impl.impl)
+[ -z "$implementation" ] && implementation=bird2
+
+. /lib/functions/fff/babeldaemon/$implementation
+
 babel_add_iifrules() {
 	[ "$#" -ne "1" ] && return 1
 
@@ -38,10 +44,18 @@ babel_add_peeraddr() {
 		uci add_list "$option"="$peer_ip"
 	elif router_ip=$(uci -q get gateway.meta.router_ip); then
 		# use router_ip if no peer_ip is set
-		uci add_list "$option"="$router_ip"
+		ip=$router_ip
+
+		# use only first ip
+		ip=${ip%% *}
+
+		# remove CIDR mask
+		ip=${ip%%/*}
+
+		uci add_list "$option"="$ip"
 	elif ipaddr=$(uci -q get gateway.@client[0].ipaddr); then
 		# use client interface address (without subnet) if no router_ip is set
-		uci add_list "$option"=$(echo $ipaddr | cut -d / -f1)
+		uci add_list "$option"=${ipaddr%%/*}
 	else
 		echo "WARNING: No peer_ip, router_ip or client interface ipaddr set! IPv4 routing is not possible."
 		return 1
@@ -64,61 +78,39 @@ babel_add_peer6addr() {
 	return 0
 }
 
-babel_add_interface() {
-	[ "$#" -ne "4" ] && return 1
+babel_reload() {
+	# switch implementation temporarily
+	case $implementation in
+		bird2)
+			/etc/init.d/babeld stop 2>/dev/null
+			/etc/init.d/fff-bird start
+			;;
+		babeld)
+			/etc/init.d/fff-bird stop 2>/dev/null
+			/etc/init.d/babeld start
+			;;
+	esac
 
-	local name="$1"
-	local interface="$2"
-	local type="$3"
-	local rxcost="$4"
-
-	uci set babeld.$name=interface
-	uci set babeld.$name.ifname="$interface"
-	uci set babeld.$name.type="$type"
-	uci set babeld.$name.rxcost="$rxcost"
+	# call implementation-specific reload commands
+	babel_reload_implementation
 
 	return 0
 }
 
-babel_delete_interface() {
-	[ "$#" -ne "1" ] && return 1
+babel_apply() {
+	# switch implementation persistently
+	case $implementation in
+		bird2)
+			/etc/init.d/babeld disable
+			/etc/init.d/fff-bird enable
+			;;
+		babeld)
+			/etc/init.d/fff-bird disable
+			/etc/init.d/babeld enable
+			;;
+	esac
 
-	local name="$1"
-
-	uci -q del babeld.$name
-
-	return 0
-}
-
-babel_add_redistribute_filter() {
-	[ "$#" -ne "1" ] && return 1
-
-	local prefix="$1"
-
-	config=$(uci add babeld filter)
-	uci set babeld.$config.type='redistribute'
-	uci set babeld.$config.ip="$prefix"
-	uci set babeld.$config.addedbyautoconfig='true'
-
-	return 0
-}
-
-babel_remove_custom_redistribute_filters() {
-	[ "$#" -ne "0" ] && return 1
-
-	remove_filters() {
-		local name="$1"
-
-		# check if filter was added by configuregateway
-		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
-			return
-		fi
-
-		uci -q del babeld.$name
-	}
-
-	config_load babeld
-	config_foreach remove_filters filter
+	babel_apply_implementation
 
 	return 0
 }

src/packages/fff/fff-babeld/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-babeld
-PKG_RELEASE:=8
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,6 +11,7 @@ define Package/fff-babeld
 	TITLE:=Freifunk-Franken babeld configuration example
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+babeld
+	PROVIDES:=fff-babel-implementation
 endef
 
 define Package/fff-babeld/description

src/packages/fff/fff-babeld/files/etc/uci-defaults/30-disable-babeld

@@ -0,0 +1,3 @@
+/etc/init.d/babeld disable
+
+exit 0

src/packages/fff/fff-babeld/files/lib/functions/fff/babeldaemon/babeld

@@ -0,0 +1,103 @@
+# SPDX-License-Identifier: GPL-3.0-only
+
+babel_get_version() {
+	/usr/sbin/babeld -V 2>&1
+}
+
+babel_add_interface() {
+	[ "$#" -ne "4" ] && return 1
+
+	local name="$1"
+	local interface="$2"
+	local type="$3"
+	local rxcost="$4"
+
+	uci set babeld.$name=interface
+	uci set babeld.$name.ifname="$interface"
+	uci set babeld.$name.type="$type"
+	uci set babeld.$name.rxcost="$rxcost"
+
+	return 0
+}
+
+babel_delete_interface() {
+	[ "$#" -ne "1" ] && return 1
+
+	local name="$1"
+
+	uci -q del babeld.$name
+
+	return 0
+}
+
+babel_add_redistribute_filter() {
+	[ "$#" -ne "1" ] && return 1
+
+	local prefix="$1"
+
+	config=$(uci add babeld filter)
+	uci set babeld.$config.type='redistribute'
+	uci set babeld.$config.ip="$prefix"
+	uci set babeld.$config.addedbyautoconfig='true'
+
+	return 0
+}
+
+babel_add_private_prefix_filter() {
+	[ "$#" -ne "1" ] && return 1
+
+	local prefix="$1"
+
+	config=$(uci add babeld filter)
+	uci set babeld.$config.type='redistribute'
+	uci set babeld.$config.ip="$prefix"
+	uci set babeld.$config.addedbyautoconfig='true'
+	uci set babeld.$config.action='deny'
+
+	# move to top, so filter rule has precedence over all other rules
+	uci reorder babeld.$config=0
+
+	config=$(uci add babeld filter)
+	uci set babeld.$config.type='redistribute'
+	uci set babeld.$config.ip="$prefix"
+	uci set babeld.$config.addedbyautoconfig='true'
+	uci set babeld.$config.local='true'
+	uci set babeld.$config.action='deny'
+
+	# move to top, so filter rule has precedence over all other rules
+	uci reorder babeld.$config=0
+
+	return 0
+}
+
+babel_remove_custom_redistribute_filters() {
+	[ "$#" -ne "0" ] && return 1
+
+	remove_filters() {
+		local name="$1"
+
+		# check if filter was added by configuregateway
+		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
+			return
+		fi
+
+		uci -q del babeld.$name
+	}
+
+	config_load babeld
+	config_foreach remove_filters filter
+
+	return 0
+}
+
+babel_apply_implementation() {
+	uci commit babeld
+}
+
+babel_reload_implementation() {
+	return 0
+}
+
+babel_revert() {
+	uci revert babeld
+}

src/packages/fff/fff-base/Makefile

@@ -0,0 +1,34 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-base
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-base
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken base dependencies
+	URL:=https://www.freifunk-franken.de
+	DEFAULT:=y
+	DEPENDS:= \
+		+iptables \
+		+ip6tables \
+		+micrond \
+		+odhcp6c \
+		+fff-config \
+		+fff-network \
+		+fff-nodewatcher \
+		+fff-simple-tc \
+		+fff-support \
+		+fff-sysupgrade \
+		+fff-timeserver \
+		+fff-web-ui \
+		+fff-wireless
+endef
+
+define Package/fff-variant/description
+	This package includes base packages used in the Freifunk-Franken firmware
+endef
+
+$(eval $(call BuildPackage,fff-base))

src/packages/fff/fff-batman-adv/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-batman-adv
-PKG_RELEASE:=4
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-boardname/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-boardname
-PKG_RELEASE:=8
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-boardname/files/etc/uci-defaults/15-fff-boardname

@@ -1,5 +1,9 @@
 BOARD=$(cat /var/sysinfo/board_name)
 
+if uname -a | grep x86_64 > /dev/null; then
+	BOARD="x86_64"
+fi
+
 uci set board.model.name=$BOARD
 uci commit board
 

src/packages/fff/fff-config/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-config
-PKG_RELEASE:=2
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-config/files/etc/sysctl.d/20-oom-panic.conf

@@ -0,0 +1 @@
+vm.panic_on_oom=1

src/packages/fff/fff-dhcp/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-dhcp
-PKG_RELEASE:=6
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-dhcp/files/etc/uci-defaults/90-fff-dhcp

@@ -1,3 +1,10 @@
+# Use a larger cachesize by default
+cachesize=1024
+
+# Increase cachesize for systems with enough memory
+mem="$(awk '/^MemTotal:/ {print $2}' /proc/meminfo)"
+[ "$mem" -gt 65536 ] && cachesize=8192
+
 uci batch >/dev/null <<EOF
   delete dhcp.@dnsmasq[0]
   delete dhcp.lan
@@ -12,12 +19,19 @@ uci batch >/dev/null <<EOF
   set dhcp.@dnsmasq[-1].domain='fff.community'
   set dhcp.@dnsmasq[-1].expandhosts='0'
   set dhcp.@dnsmasq[-1].nonegcache='0'
+  set dhcp.@dnsmasq[-1].cachesize="$cachesize"
   set dhcp.@dnsmasq[-1].authoritative='1'
   set dhcp.@dnsmasq[-1].readethers='1'
   set dhcp.@dnsmasq[-1].leasefile='/tmp/dhcp.leases'
   set dhcp.@dnsmasq[-1].noresolv='1'
   set dhcp.@dnsmasq[-1].localservice='1'
 
+  # do not generate A or AAAA records for the routers hostname,
+  # because this might interfere with upstream records.
+  #
+  # e.g. hostname: 'router.fff.community'
+  set dhcp.@dnsmasq[-1].add_local_fqdn='0'
+
   set dhcp.client=dhcp
   set dhcp.client.interface='client'
   set dhcp.client.leasetime='1h'

src/packages/fff/fff-fastd/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-fastd
-PKG_RELEASE:=3
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd

@@ -29,6 +29,7 @@ ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
 echo "#!/bin/sh" > /etc/fastd/fff/up.sh
 echo "ip link set up dev fffVPN" >> /etc/fastd/fff/up.sh
 echo "batctl if add fffVPN" >> /etc/fastd/fff/up.sh
+echo "batctl hardif fffVPN hop_penalty 30" >> /etc/fastd/fff/up.sh
 chmod +x /etc/fastd/fff/up.sh
 
 exit 0

src/packages/fff/fff-fastd/files/usr/lib/vpn-select.d/fastd

@@ -0,0 +1,29 @@
+protocol=fastd
+
+fastd_clear() {
+	rm /tmp/fastd_fff_peers/* 2>/dev/null
+}
+
+fastd_addpeer() {
+	[ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers
+
+	# write fastd-config
+	json_get_var servername name
+	filename="/etc/fastd/fff/peers/$servername"
+	echo "#name \"${servername}\";" > "$filename"
+	json_get_var key key
+	echo "key \"${key}\";" >> "$filename"
+	json_get_var address address
+	json_get_var port port
+	echo "remote \"${address}\" port ${port};" >> "$filename"
+	echo "" >> "$filename"
+	echo "float yes;" >> "$filename"
+}
+
+fastd_start_stop() {
+	if ls /etc/fastd/fff/peers/* &>/dev/null; then
+		/etc/init.d/fastd reload
+	else
+		/etc/init.d/fastd stop
+	fi
+}

src/packages/fff/fff-firewall/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-firewall
-PKG_RELEASE:=8
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-clamp-mss

@@ -1,2 +0,0 @@
-#solves MTU problem with bad ISPs
-iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh

@@ -1,5 +0,0 @@
-# Limit ssh to 6 new connections per 60 seconds
-/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
-/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
-/usr/sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
-/usr/sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP

src/packages/fff/fff-hoods/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-hoods
-PKG_RELEASE:=19
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-hoodutils/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-hoodutils
-PKG_RELEASE:=2
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-layer3-config/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-layer3-config
-PKG_RELEASE:=9
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-layer3-config/files/etc/layer3.d/01-version

@@ -1,6 +1,6 @@
 configure() {
 	# check if gateway config exists
-	if ! uci -q show gateway > /dev/null; then
+	if ! uci show gateway > /dev/null; then
 		echo "ERROR: Gateway config could not be parsed or does not exist."
 
 		return 1

src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-client

@@ -20,7 +20,7 @@ configure() {
 
 	# ip6addr
 	#remove old ip6addr
-	for ip in $(uci get network.client.ip6addr); do
+	for ip in $(uci -q get network.client.ip6addr); do
 		if echo "$ip" | grep -v -e "fdff:" -e "fe80::1/64" > /dev/null; then
 			uci del_list network.client.ip6addr="$ip"
 		fi
@@ -50,11 +50,10 @@ configure() {
 
 	# set interface
 	#remove all eth interfaces
-	ifaces=$(uci get network.client.ifname | sed 's/\beth[^ ]* *//g' | sed 's/\bswitch[^ ]* *//g')
 	if vlan=$(uci -q get gateway.@client[0].vlan); then
-		uci set network.client.ifname="${SWITCHDEV}.$vlan $ifaces"
+		uci set network.client.ifname="${SWITCHDEV}.$vlan"
 	elif iface=$(uci -q get gateway.@client[0].iface); then
-		uci set network.client.ifname="$iface $ifaces"
+		uci set network.client.ifname="$iface"
 	else
 		echo "WARNING: No Interface for client specified"
 	fi

src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip

@@ -1,3 +1,5 @@
+. /lib/functions.sh
+
 configure() {
 	local router_ip
 	local router_ip6
@@ -9,16 +11,66 @@ configure() {
 	# remove netmask entry that ships by default
 	uci -q del network.loopback.netmask
 
+	# clean old rules
+	remove_rules() {
+		local name="$1"
+
+		# check if filter was added by this script
+		if ! [ "$(uci -q get network.$name.addedbyautoconfig)" = '30-network-routerip' ]; then
+			return
+		fi
+
+		uci -q del network.$name
+	}
+
+	config_load network
+	config_foreach remove_rules rule
+	config_foreach remove_rules rule6
+
 	# add router_ip
 	router_ip=$(uci -q get gateway.meta.router_ip)
 	for ip in $router_ip; do
 		uci -q add_list network.loopback.ipaddr="$ip"
+
+		# CIDR notation required
+		case $ip in
+			*/*)
+				# do nothing; ip is already in CIDR notation
+				;;
+			*)
+				ip="$ip/32"
+				;;
+		esac
+
+		config=$(uci add network rule)
+		uci -q set network.$config.src="$ip"
+		uci -q set network.$config.lookup='fff'
+		# default prio for the ip4table interface option is 10000
+		uci -q set network.$config.priority='10000'
+		uci -q set network.$config.addedbyautoconfig='30-network-routerip'
 	done
 
 	# add router_ip6
 	router_ip6=$(uci -q get gateway.meta.router_ip6)
 	for ip in $router_ip6; do
 		uci -q add_list network.loopback.ip6addr="$ip"
+
+		# CIDR notation required
+		case $ip in
+			*/*)
+				# do nothing; ip is already in CIDR notation
+				;;
+			*)
+				ip="$ip/128"
+				;;
+		esac
+
+		config=$(uci add network rule6)
+		uci -q set network.$config.src="$ip"
+		uci -q set network.$config.lookup='fff'
+		# default prio for the ip6table interface option is 10000
+		uci -q set network.$config.priority='10000'
+		uci -q set network.$config.addedbyautoconfig='30-network-routerip'
 	done
 }
 

src/packages/fff/fff-layer3-config/files/usr/sbin/configure-layer3

@@ -7,6 +7,7 @@
 execute_subshell() {
 	if [ $# -ne 1 ]; then
 		echo "Usage:" "$0" "<function>"
+		return 1
 	fi
 
 	for script in /etc/layer3.d/*; do
@@ -23,7 +24,7 @@ execute_subshell() {
 		if [ $? -ne 0 ]; then
 			echo
 			echo "Error when executing" "$1" "from" "$(basename "$script")"
-			exit 1
+			return 1
 		fi
 	done
 }
@@ -32,29 +33,33 @@ configure() {
 	echo "This script might remove existing vlans, interfaces, addresses, etc."
 	read -r -p "Do you really want to continue? (y/n) " response
 	if ! ( [ "$response" == "y" ] || [ "$response" == "Y" ] ); then
-		exit 1
+		return 1
 	fi
 
 	echo
-	execute_subshell configure
+	execute_subshell configure || return $?
 
-	exit 0
+	return 0
 }
 
 reload_services() {
 	execute_subshell reload
 	reload_config
+
+	return 0
 }
 
 apply_changes() {
 	execute_subshell apply
 	reload_services
-	exit 0
+
+	return 0
 }
 
 revert_changes() {
 	execute_subshell revert
-	exit 0
+
+	return 0
 }
 
 keep_changes() {

src/packages/fff/fff-layer3-snat/Makefile

@@ -0,0 +1,31 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-layer3-snat
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-layer3-snat
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken layer3 configuration with SNAT
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:= \
+		+fff-firewall \
+		+fff-layer3-config \
+		+kmod-ipt-nat
+endef
+
+define Package/fff-layer3-snat/description
+	With this package it is possible to make SNAT with IPv4 on the router
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-layer3-snat/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-layer3-snat))

src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf

@@ -0,0 +1,34 @@
+configure() {
+	# first we delete the snat config
+	uci -q del network.client.fff_snat
+	uci -q del network.client.fff_snat_sourceip
+	if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then
+
+		# first check the config is plausible
+		if ! routerip=$(uci -q get gateway.meta.router_ip); then
+			echo "ERROR: No router_ip set, which is required for SNAT!"
+			return 1
+		fi
+		if ! uci -q get gateway.@client[0].ipaddr >/dev/null; then
+			echo "ERROR: No ipaddr set, which is required for SNAT!"
+			return 1
+		fi
+
+		# keep only the first IP
+		routerip=${routerip%% *}
+		# keep only the IP without the CIDR
+		routerip=${routerip%%/*}
+
+		# We set the snat config
+		uci set network.client.fff_snat=1
+		uci set network.client.fff_snat_sourceip=$routerip
+	fi
+}
+
+apply() {
+	uci commit network
+}
+
+revert() {
+	uci revert network
+}

src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat

@@ -0,0 +1,4 @@
+if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then
+	iptables -t mangle -A PREROUTING -i br-client -j MARK --set-mark 0x736e6174
+	iptables -t nat -A POSTROUTING -m mark --mark 0x736e6174 -j SNAT --to-source $(uci -q get network.client.fff_snat_sourceip)
+fi

src/packages/fff/fff-layer3/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-layer3
-PKG_RELEASE:=8
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,10 +11,13 @@ define Package/fff-layer3
 	TITLE:=Freifunk-Franken gateway configuration
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-alfred-monitoring-proxy \
+	         +fff-babel \
 	         +fff-babeld \
+	         +fff-babel-bird2 \
 	         +fff-boardname \
 	         +fff-dhcp \
 	         +fff-layer3-config \
+	         +fff-layer3-snat \
 	         +fff-mqtt-monitoring \
 	         +fff-network \
 	         +fff-ra \
@@ -36,6 +39,7 @@ define Package/fff-layer3
 	         +iptables-mod-ipopt \
 	         +iptables-mod-conntrack-extra \
 	         +mtr \
+	         +snmp-utils \
 	         +tc \
 	         +tcpdump \
 	         +vxlan

src/packages/fff/fff-layer3/files/usr/lib/nodewatcher.d/90-latency.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+ipv4dest=$(uci -q get fff.latency.ipv4)
+ipv6dest=$(uci -q get fff.latency.ipv6)
+if [ -n "$ipv4dest" ] || [ -n "$ipv6dest" ] ; then
+        printf "<latency>"
+
+        if [ -n "$ipv4dest" ] ; then
+                ipv4latency=$(ping -qc3 -4 $ipv4dest 2>&1 | awk -F'/' 'END{ print (/^round-trip/? $4:"0") }')
+                printf "<ipv4latency>$ipv4latency</ipv4latency><ipv4dest>$ipv4dest</ipv4dest>"
+        fi
+
+        if [ -n "$ipv6dest" ] ; then
+                ipv6latency=$(ping -qc3 -6 $ipv6dest 2>&1 | awk -F'/' 'END{ print (/^round-trip/? $4:"0") }')
+                printf "<ipv6latency>$ipv6latency</ipv6latency><ipv6dest>$ipv6dest</ipv6dest>"
+        fi
+
+        printf "</latency>"
+fi
+exit 0

src/packages/fff/fff-mqtt-monitoring/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-mqtt-monitoring
-PKG_RELEASE:=1
+PKG_RELEASE:=$(COMMITCOUNT)
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-mqtt-monitoring
 

src/packages/fff/fff-mqtt/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-mqtt
-PKG_RELEASE:=1
+PKG_RELEASE:=$(COMMITCOUNT)
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-mqtt
 
@@ -14,9 +14,8 @@ define Package/fff-mqtt
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:= \
 		+fff-config \
-		+libmosquitto-ssl \
-		+mosquitto-client-ssl \
-		+mosquitto-ssl
+		+libmosquitto-nossl \
+		+mosquitto-client-nossl
 endef
 
 define Package/fff-mqtt/description

src/packages/fff/fff-network/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-network
-PKG_RELEASE:=50
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-network/files/etc/config/network

@@ -1,30 +0,0 @@
-config globals 'globals'
-        option packet_steering '1'
-
-config interface 'loopback'
-        option ifname 'lo'
-        option proto 'static'
-        option ipaddr '127.0.0.1'
-        option netmask '255.0.0.0'
-
-config interface 'client'
-        option type 'bridge'
-        option auto '1'
-
-config interface 'wan'
-        option proto 'none'
-        option ifname 'eth2'
-
-config interface 'wan4'
-        option proto 'dhcp'
-        option ifname '@wan'
-
-config interface 'wan6'
-        option proto 'dhcpv6'
-        option reqprefix 'no'
-        option sourcefilter '0'
-        option ifname '@wan'
-
-config interface 'ethmesh'
-        option proto 'batadv_hardif'
-        option master 'bat0'

src/packages/fff/fff-network/files/etc/uci-defaults/20-migrate-gl-ar150

@@ -0,0 +1,12 @@
+# The GL-AR150 was converted from ONEPORT to TWOPORT.
+# Copy ETHMODE to LAN1MODE ("LAN"-Port) and set LAN0MODE ("WAN"-Port) to WAN to retain the configured behaviour for upgraded devices.
+if [ -s /etc/network.config ] ; then
+	. /etc/network.config
+
+	# Ensure ETHMODE contains a sensible value. Use default behaviour (CLIENT) otherwise.
+	[ "$ETHMODE" != "BATMAN" ] && [ "$ETHMODE" != "CLIENT" ] && [ "$ETHMODE" != "WAN" ] && ETHMODE="CLIENT"
+
+	echo "LAN0MODE='WAN' # use BATMAN, CLIENT or WAN" > /etc/network.config
+	echo "LAN1MODE='$ETHMODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config
+	echo "FORCEPARSE='2' # Parse at: 0=first boot only, 1=every reboot, 2=next reboot (once)" >> /etc/network.config
+fi

src/packages/fff/fff-network/files/etc/uci-defaults/22-network-base

@@ -0,0 +1,141 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+. /lib/functions/system.sh
+. /lib/functions/fff/network
+
+BOARD="$(uci get board.model.name)"
+. /etc/network.$BOARD
+
+[ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
+
+# Clear possibly existing network configuration
+> /etc/config/network
+
+# Add basic network configuration
+uci batch <<-__EOF__
+	set network.loopback='interface'
+	set network.loopback.ifname='lo'
+	set network.loopback.proto='static'
+	set network.loopback.ipaddr='127.0.0.1'
+	set network.loopback.netmask='255.0.0.0'
+
+	set network.client='interface'
+	set network.client.type='bridge'
+	set network.client.auto='1'
+
+	set network.wan='interface'
+	set network.wan.proto='none'
+	set network.wan.ifname="$WANDEV"
+
+	set network.wan4='interface'
+	set network.wan4.proto='dhcp'
+	set network.wan4.ifname='@wan'
+
+	set network.wan6='interface'
+	set network.wan6.proto='dhcpv6'
+	set network.wan6.reqprefix='no'
+	set network.wan6.sourcefilter='0'
+	set network.wan6.ifname='@wan'
+
+	set network.ethmesh='interface'
+	set network.ethmesh.proto='batadv_hardif'
+	set network.ethmesh.master='bat0'
+__EOF__
+
+SWITCHHW=$(swconfig list | awk '{ print $4 }')
+if [ "$DSA" = "1" ]; then
+	uci batch <<-__EOF__
+		set network.$SWITCHDEV=device
+		set network.$SWITCHDEV.name=$SWITCHDEV
+		set network.$SWITCHDEV.type=bridge
+		# temporary workaround for netifd bug present in OpenWrt 21.02.0 (FS#4104)
+		set network.$SWITCHDEV.bridge_empty='1'
+
+		set network.${SWITCHDEV}_1=bridge-vlan
+		set network.${SWITCHDEV}_1.device=$SWITCHDEV
+		set network.${SWITCHDEV}_1.vlan=1
+		set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
+
+		set network.${SWITCHDEV}_3=bridge-vlan
+		set network.${SWITCHDEV}_3.device=$SWITCHDEV
+		set network.${SWITCHDEV}_3.vlan=3
+		set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
+	__EOF__
+
+	if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
+		uci batch <<-__EOF__
+			set network.${SWITCHDEV}_2=bridge-vlan
+			set network.${SWITCHDEV}_2.device=$SWITCHDEV
+			set network.${SWITCHDEV}_2.vlan=2
+			set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
+		__EOF__
+	fi
+elif [ -n "$SWITCHHW" ] && [ -z "$ONE_PORT" ] && [ -z "$TWO_PORT" ]; then
+	uci batch <<-__EOF__
+		set network.$SWITCHDEV=switch
+		set network.$SWITCHDEV.name=$SWITCHHW
+		set network.$SWITCHDEV.enable=1
+		set network.$SWITCHDEV.reset=1
+		set network.$SWITCHDEV.enable_vlan=1
+
+		set network.${SWITCHDEV}_1=switch_vlan
+		set network.${SWITCHDEV}_1.device=$SWITCHHW
+		set network.${SWITCHDEV}_1.vlan=1
+		set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
+
+		set network.${SWITCHDEV}_3=switch_vlan
+		set network.${SWITCHDEV}_3.device=$SWITCHHW
+		set network.${SWITCHDEV}_3.vlan=3
+		set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
+	__EOF__
+
+	if [ "$WANDEV" = "$SWITCHDEV" ] || [ -n "$WAN_PORTS" ]; then
+		uci batch <<-__EOF__
+			set network.${SWITCHDEV}_2=switch_vlan
+			set network.${SWITCHDEV}_2.device=$SWITCHHW
+			set network.${SWITCHDEV}_2.vlan=2
+			set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
+		__EOF__
+	fi
+fi
+
+if [ -n "$SWITCHHW" ] || [ "$DSA" = "1" ]; then
+	uci set network.client.ifname="$SWITCHDEV.1 bat0"
+	uci set network.ethmesh.ifname="$SWITCHDEV.3"
+
+	if [ "$WANDEV" = "$SWITCHDEV" ]; then
+		uci set network.wan.ifname=$WANDEV.2
+	fi
+fi
+
+if [ -n "$ETHMESHMAC" ]; then
+	uci set network.ethmesh.macaddr=$ETHMESHMAC
+fi
+
+if [ -n "$ROUTERMAC" ]; then
+	uci set network.client.macaddr=$ROUTERMAC
+fi
+
+
+prefix="fdff::/64"
+
+# Set $prefix::1 as IP
+addr1=$(owipcalc "$prefix" add ::1)
+# Set $prefix::MAC as IP
+addr2=$(owipcalc "$prefix" add "::$(ipMacSuffix "$ROUTERMAC")")
+# Set $prefix::EUI64 as IP
+addr3=$(owipcalc "$prefix" add "::$(ipEUISuffix "$ROUTERMAC")")
+
+uci batch <<-__EOF__
+	del network.globals
+	set network.globals=globals
+	set network.globals.ula_prefix=$prefix
+	add_list network.client.ip6addr=$addr1
+	add_list network.client.ip6addr=$addr2
+	add_list network.client.ip6addr=$addr3
+	set network.client.proto=static
+__EOF__
+
+
+uci -q commit network

src/packages/fff/fff-network/files/etc/uci-defaults/50-packet-steering

@@ -0,0 +1,10 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Enable RPS
+uci batch <<-__EOF__
+	set network.globals=globals
+	set network.globals.packet_steering='1'
+__EOF__
+
+uci -q commit network

src/packages/fff/fff-network/files/lib/functions/fff/cpuport

@@ -24,6 +24,7 @@ get_cpu_port() {
 		ubnt,nanostation-loco-m-xw|\
 		ubnt,unifi|\
 		ubnt,unifiac-mesh|\
+		x86_64|\
 		xiaomi,mi-router-4a-gigabit)
 			CPUPORT=""
 			;;

src/packages/fff/fff-network/files/usr/sbin/configurenetwork

@@ -6,13 +6,12 @@
 
 BOARD="$(uci get board.model.name)"
 . /etc/network.$BOARD
-[ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
 
 if [ -s /etc/network.config ] ; then
     . /etc/network.config
 else
     # Write network.config
-    if [ "$ONE_PORT" = "YES" ] || [ -n "$ETHPORT" ] ; then
+    if [ "$ONE_PORT" = "YES" ] ; then
         echo "ETHMODE='$ETHMODE' # use BATMAN, CLIENT or WAN" >> /etc/network.config
     fi
     if [ -n "$TWO_PORT" ] ; then
@@ -105,109 +104,6 @@ elif [ "$TWO_PORT" = "YES" ]; then
 
         uci commit network
     fi
-else
-    if ! uci -q get network.$SWITCHDEV > /dev/null ; then
-
-        if [ "$DSA" = "1" ]; then
-            uci set network.$SWITCHDEV=device
-            uci set network.$SWITCHDEV.name=$SWITCHDEV
-            uci set network.$SWITCHDEV.type=bridge
-            # temporary workaround for netifd bug present in OpenWrt 21.02.0 (FS#4104)
-            uci set network.$SWITCHDEV.bridge_empty='1'
-
-            uci set network.${SWITCHDEV}_1=bridge-vlan
-            uci set network.${SWITCHDEV}_1.device=$SWITCHDEV
-            uci set network.${SWITCHDEV}_1.vlan=1
-            uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
-
-            if [ "$WANDEV" = "$SWITCHDEV" ] || ! [ -z "$WAN_PORTS" ]; then
-                uci set network.${SWITCHDEV}_2=bridge-vlan
-                uci set network.${SWITCHDEV}_2.device=$SWITCHDEV
-                uci set network.${SWITCHDEV}_2.vlan=2
-                uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
-            fi
-
-            uci set network.${SWITCHDEV}_3=bridge-vlan
-            uci set network.${SWITCHDEV}_3.device=$SWITCHDEV
-            uci set network.${SWITCHDEV}_3.vlan=3
-            uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
-        else
-            SWITCHHW=$(swconfig list | awk '{ print $4 }')
-
-            uci set network.$SWITCHDEV=switch
-            uci set network.$SWITCHDEV.name=$SWITCHHW
-            uci set network.$SWITCHDEV.enable=1
-            uci set network.$SWITCHDEV.reset=1
-            uci set network.$SWITCHDEV.enable_vlan=1
-
-            uci set network.${SWITCHDEV}_1=switch_vlan
-            uci set network.${SWITCHDEV}_1.device=$SWITCHHW
-            uci set network.${SWITCHDEV}_1.vlan=1
-            uci set network.${SWITCHDEV}_1.ports="$CLIENT_PORTS"
-
-            if [ "$WANDEV" = "$SWITCHDEV" ] || [ -n "$WAN_PORTS" ]; then
-                uci set network.${SWITCHDEV}_2=switch_vlan
-                uci set network.${SWITCHDEV}_2.device=$SWITCHHW
-                uci set network.${SWITCHDEV}_2.vlan=2
-                uci set network.${SWITCHDEV}_2.ports="$WAN_PORTS"
-            fi
-
-            uci set network.${SWITCHDEV}_3=switch_vlan
-            uci set network.${SWITCHDEV}_3.device=$SWITCHHW
-            uci set network.${SWITCHDEV}_3.vlan=3
-            uci set network.${SWITCHDEV}_3.ports="$BATMAN_PORTS"
-        fi
-
-        uci set network.client.ifname="$SWITCHDEV.1 bat0"
-
-        uci set network.ethmesh.ifname="$SWITCHDEV.3"
-
-        if [ "$WANDEV" = "$SWITCHDEV" ]; then
-            uci set network.wan.ifname=$WANDEV.2
-        else
-            uci set network.wan.ifname=$WANDEV
-        fi
-
-        uci commit network
-    fi
-fi
-
-/etc/init.d/network restart
-
-if [ -n "$ETHMESHMAC" ]; then
-    if uci get network.ethmesh.macaddr
-    then
-        echo "MAC for ethmesh is set already"
-    else
-        echo "Fixing MAC on $SWITCHDEV.3 (ethmesh)"
-        sleep 10
-
-        uci set network.ethmesh.macaddr=$ETHMESHMAC
-        uci commit network
-
-        ifconfig $SWITCHDEV.3 down
-        ifconfig $SWITCHDEV.3 hw ether $ETHMESHMAC
-        ifconfig $SWITCHDEV.3 up
-        /etc/init.d/network restart
-    fi
-fi
-
-if [ -n "$ROUTERMAC" ]; then
-    if uci get network.client.macaddr
-    then
-        echo "MAC for client is set already"
-    else
-        echo "Fixing MAC on br-client"
-        sleep 10
-
-        uci set network.client.macaddr=$ROUTERMAC
-        uci commit network
-
-        ifconfig br-client down
-        ifconfig br-client hw ether $ROUTERMAC
-        ifconfig br-client up
-        /etc/init.d/network restart
-    fi
 fi
 
 if [ -n "$ETH0MAC" ]; then
@@ -216,44 +112,6 @@ if [ -n "$ETH0MAC" ]; then
         NEW_MACADDR=$(cat "/sys/class/net/${ETH0MAC}/address")
         uci set network.$ETH0DEV.macaddr=$NEW_MACADDR
         uci commit network
-        ifconfig $ETH0DEV down
-        ifconfig $ETH0DEV hw ether $NEW_MACADDR
-        ifconfig $ETH0DEV up
-        /etc/init.d/network restart
 fi
 
-if uci -q get "network.client.ip6addr" > /dev/null
-then
-    echo "IPv6 for client is set already"
-else
-    echo "Setting IPv6 addresses"
-    # Some time needed :(
-    sleep 5
-
-    for ip in $(ip -6 addr show br-client | awk '/fdff/{ print $2 }'); do
-        ip -6 addr del $ip dev br-client
-    done
-
-    prefix="fdff::/64"
-    # Set $prefix::MAC as IP
-    addr=$(owipcalc "$prefix" add "::$(ipMacSuffix "$ROUTERMAC")")
-    ip -6 addr add $addr dev br-client
-
-    uci -q set network.globals.ula_prefix=$prefix
-    uci -q add_list network.client.ip6addr=$addr
-    uci -q set network.client.proto=static
-
-    # Set $prefix::1 as IP
-    addr=$(owipcalc "$prefix" add ::1)
-    ip -6 addr add $addr dev br-client
-    uci -q add_list network.client.ip6addr=$addr
-
-    # Set $prefix::link-local as IP
-    addr=$(owipcalc "$prefix" add "::$(ipEUISuffix "$ROUTERMAC")")
-    ip -6 addr add $addr dev br-client
-    uci -q add_list network.client.ip6addr=$addr
-
-    uci -q commit network
-
-    [ -s /etc/init.d/fff-uradvd ] && /etc/init.d/fff-uradvd restart
-fi
+reload_config

src/packages/fff/fff-network/mips/network.glinet,gl-ar150

@@ -2,12 +2,8 @@
 
 WANDEV=eth1
 SWITCHDEV=eth0
-WAN_PORTS=
-BATMAN_PORTS="0t"
-CLIENT_PORTS="0t"
+TWO_PORT=YES
 
 ETHMESHMAC="$(macFlipLocalBit $(cat /sys/class/net/eth0/address))"
 
 . /etc/network.mode
-
-ETHPORT=1

src/packages/fff/fff-network/x86_64/network.mode

@@ -0,0 +1 @@
+ETHMODE="CLIENT"

src/packages/fff/fff-network/x86_64/network.x86_64

@@ -0,0 +1,7 @@
+WANDEV=eth0
+SWITCHDEV=eth0
+ONE_PORT="YES"
+
+. /etc/network.mode
+
+ROUTERMAC=$(cat /sys/class/net/eth0/address)

src/packages/fff/fff-node/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-node
-PKG_RELEASE:=3
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -12,6 +12,7 @@ define Package/fff-node
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-batman-adv \
 	         +fff-fastd \
+	         +fff-vxlan-node-vpn \
 	         +fff-firewall \
 	         +fff-hoods \
 	         +fff-uradvd

src/packages/fff/fff-nodewatcher/files/usr/lib/nodewatcher.d/10-systemdata.sh

@@ -74,8 +74,12 @@ if [ -x /usr/bin/fastd ]; then
 	SYSTEM_DATA="$SYSTEM_DATA<fastd_version>$(/usr/bin/fastd -v | awk '{ print $2 }')</fastd_version>"
 fi
 
-if [ -x /usr/sbin/babeld ]; then
-	SYSTEM_DATA="$SYSTEM_DATA<babel_version>$(/usr/sbin/babeld -V 2>&1)</babel_version>"
+if [ -e /lib/functions/fff/babel ]; then
+	. /lib/functions/fff/babel
+	babel_version=$(babel_get_version)
+	if [ $? -eq 0 ]; then
+		SYSTEM_DATA="$SYSTEM_DATA<babel_version>$babel_version</babel_version>"
+	fi
 fi
 
 # example for /etc/openwrt_release:
@@ -112,6 +116,7 @@ fi
 # Checks if fastd is running
 vpn_active=0
 pidof fastd >/dev/null && vpn_active=1
+bridge fdb show brport vxlan0 state permanent &>/dev/null && vpn_active=1
 SYSTEM_DATA="$SYSTEM_DATA<vpn_active>$vpn_active</vpn_active>"
 
 echo -n "<system_data>$SYSTEM_DATA</system_data>"

src/packages/fff/fff-ra/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-ra
-PKG_RELEASE:=3
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-ra/files/etc/uci-defaults/90-fff-ra

@@ -4,6 +4,13 @@ uci batch <<EOF
 	set dhcp.client.ra='server'
 	set dhcp.client.ra_default='2'
 	set dhcp.client.ra_management='0'
+	set dhcp.client.ra_useleasetime='1'
+
+	# Work around unexpected behavior of odhcpd (see #238).
+	#
+	# This value has to be less then or equal to
+	# dhcp.client.leasetime (set in fff-dhcp).
+	set dhcp.client.preferred_lifetime='1h'
 EOF
 
 exit 0

src/packages/fff/fff-random/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-random
-PKG_RELEASE:=3
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-simple-tc/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-simple-tc
-PKG_RELEASE:=2
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-support/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-support
-PKG_RELEASE:=9
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-support/files/usr/sbin/show_info

@@ -221,7 +221,7 @@ if swconfig list | grep -q switch0 ; then
 	done
 else
 	echo "-> PORT ASSIGNMENT"
-	if grep -q "ONE_PORT" "/etc/network.$board_name" || grep -q "ETHPORT" "/etc/network.$board_name" ; then
+	if grep -q "ONE_PORT" "/etc/network.$board_name" ; then
 		# Device has a port set by $ETHMODE
 		. /etc/network.mode
 		. /etc/network.config

src/packages/fff/fff-sysupgrade/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-sysupgrade
-PKG_RELEASE:=13
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-timeserver/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-timeserver
-PKG_RELEASE:=3
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-uradvd/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-uradvd
-PKG_RELEASE:=2
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-uradvd/files/etc/init.d/fff-uradvd

@@ -11,10 +11,16 @@ URADVD_BIN=/usr/sbin/uradvd
 
 service_triggers()
 {
-        procd_add_reload_trigger "fff-uradvd"
+        procd_add_reload_trigger "fff-uradvd" "network"
 }
 
 start_service() {
         procd_open_instance
         procd_set_param command "$URADVD_BIN" -i br-client -p $(uci get network.globals.ula_prefix)
 }
+
+reload_service()
+{
+        stop
+        start
+}

src/packages/fff/fff-vpn-select/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-vpn-select
-PKG_RELEASE:=5
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select

@@ -1,65 +1,47 @@
 #!/bin/sh
 
 # Usage: vpn-select <path-to-hood-file>
+# To add a new protocol, put a file with three functions to /usr/lib/vpn-select.d/ .
+# The file must start with protocol=name. It is most important to use the same name here and in hoodfile.
+# The old config can be cleared in function ${protocol}_clear(). It is called first once per installed protocol.
+# The function ${protocol}_addpeer() is called for every selected peer in hoodfile.
+# The function ${protocol}_start_stop() is called at the end once per installed protocol.
 
 . /usr/share/libubox/jshn.sh
 
 hoodfile="$1"
 
-make_config() {
-	# remove old config
-	rm /tmp/fastd_fff_peers/*
+# source functions
+for file in /usr/lib/vpn-select.d/*; do
+	[ -f $file ] && . "$file"
+	supported_protocols="$supported_protocols $protocol"
+done
 
-	# prepare
-	Index=1
-	json_load "$(cat "$hoodfile")"
-	json_select vpn
+# clear old config
+for protocol in $supported_protocols; do
+	"${protocol}_clear"
+done
 
-	# get fastd peers
-	while json_select "$Index" > /dev/null
-	do
-		json_get_var protocol protocol
-		if [ "$protocol" = "fastd" ]; then
-			# set up fastd
-			json_get_var servername name
-			filename="/etc/fastd/fff/peers/$servername"
-			echo "#name \"${servername}\";" > "$filename"
-			json_get_var key key
-			echo "key \"${key}\";" >> "$filename"
-			json_get_var address address
-			json_get_var port port
-			echo "remote \"${address}\" port ${port};" >> "$filename"
-			echo "" >> "$filename"
-			echo "float yes;" >> "$filename"
-		fi
-		json_select ".." # back to vpn
-		Index=$(( Index + 1 ))
-	done
-	json_select ".." # back to root
-}
+# configure vpn
 
-# Only do something if file is there and not empty; otherwise exit 1
-if [ -s "$hoodfile" ]; then
-	if [ ! -d /tmp/fastd_fff_peers ]; then
-		# first run after reboot
-		mkdir /tmp/fastd_fff_peers
-		make_config
-		# start fastd only if there are some peers
-		[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
-	else
-		make_config
-		/etc/init.d/fastd reload
-
-		# fastd start/stop for various situations
-		pidfile="/tmp/run/fastd.fff.pid"
-		if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
-			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
-		else
-			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
-		fi
+if [ "$0" != "/usr/sbin/vpn-stop" ] ; then
+	if [ -n "$hoodfile" ] && [ -s "$hoodfile" ] ; then
+		json_load "$(cat "$hoodfile")"
+		json_select hood
+		json_get_var id id
+		json_select ".."
+		json_select vpn
+		json_get_keys vpn_keys
+		for key in $vpn_keys; do
+			json_select $key
+			json_get_var protocol protocol
+			"${protocol}_addpeer"
+			json_select ".." # back to vpn
+		done
 	fi
-	exit 0
-else
-	echo "vpn-select: Hood file not found or empty!"
-	exit 1
 fi
+
+# start/restart/stop vpnservices
+for protocol in $supported_protocols; do
+	"${protocol}_start_stop"
+done

src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-rm /tmp/fastd_fff_peers/*
-/etc/init.d/fastd stop
-

src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop

@@ -0,0 +1 @@
+vpn-select

src/packages/fff/fff-vxlan-node-vpn/Makefile

@@ -0,0 +1,29 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-vxlan-node-vpn
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/$(PKG_NAME)
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken vxlan-node
+	URL:=http://www.freifunk-franken.de
+	DEPENDS:=+vxlan
+endef
+
+define Package/$(PKG_NAME)/description
+	This is the vxlan-node-vpn package for the Freifunk Franken Firmware
+	This will configure and set up the VPN via vxlan
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/$(PKG_NAME)/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))

src/packages/fff/fff-vxlan-node-vpn/files/etc/uci-defaults/53-vxlan-node

@@ -0,0 +1,18 @@
+uci batch <<EOF
+ set network.vxlan0=interface
+ set network.vxlan0.proto=vxlan6
+ set network.vxlan0.port=8472
+ set network.vxlan0.ip6addr=auto
+ set network.vxlan0.srcportmin=8472
+ set network.vxlan0.srcportmax=8473
+ set network.vxlan0.ageing=30
+ set network.vxlan0.mtu=1422
+ set network.vxlan0.vid=0
+ set network.vxlan0.disabled=1
+
+ set network.vxbat=interface
+ set network.vxbat.proto=batadv_hardif
+ set network.vxbat.master=bat0
+ set network.vxbat.ifname=vxlan0
+ set network.vxbat.disabled=1
+EOF

src/packages/fff/fff-vxlan-node-vpn/files/usr/lib/vpn-select.d/vxlan

@@ -0,0 +1,24 @@
+protocol=vxlan
+
+vxlan_clear() {
+	while uci -q delete network.@vxlan_peer[0]; do :; done
+	uci set network.vxlan0.vid="0"
+	uci set network.vxlan0.disabled="1"
+	uci set network.vxbat.disabled="1"
+}
+
+vxlan_addpeer() {
+	json_get_var address address
+	address=$(ping6 -w1 -c1 "$address" | awk '/from/ {print substr($4, 1, length($4)-1); exit}')
+	[ -z $address ] && return ## address not reachable
+	uci set network.vxlan0.vid="$id"
+	uci set network.vxlan0.disabled="0"
+	uci set network.vxbat.disabled="0"
+	uci add network vxlan_peer
+	uci set network.@vxlan_peer[-1].vxlan="vxlan0"
+	uci set network.@vxlan_peer[-1].dst="$address"
+}
+
+vxlan_start_stop() {
+	reload_config
+}

src/packages/fff/fff-web-hood/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-web-hood
-PKG_RELEASE:=2
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-web-mqtt/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-web-mqtt
-PKG_RELEASE:=1
+PKG_RELEASE:=$(COMMITCOUNT)
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 

src/packages/fff/fff-web-ui/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-web-ui
-PKG_RELEASE:=18
+PKG_RELEASE:=$(shell echo -n $$(( $(COMMITCOUNT) + 20 )))
 
 include $(INCLUDE_DIR)/package.mk
 

src/packages/fff/fff-web-ui/files/www/include/header

@@ -65,9 +65,12 @@ fi
 			if [ -s /tmp/isupdate ] ; then
 				VERSION=$(cat /tmp/isupdate)
 			%>
-				<table style="width: 100%;">
-					<tr>
-						<td><span style="font-size: 16pt; color:#FF0000">Es ist eine neue Firmware für deinen Freifunkrouter verfügbar.<br />Alte Version: <%= ${FIRMWARE_VERSION} %> - Neue Version: <%= ${VERSION} %> <br /><a href="upgrade.html">Firmware jetzt updaten</a></span></td>
-					</tr>
-				</table>
+				<div id="updatenotification" style="padding: 15px; margin: 4px; background-color: #cfcfcf; margin-bottom: 15px;">
+					<h3 style="font-size: 14pt; font-weight: bold; margin-bottom: 10px;">Es ist eine neue Firmware für deinen Freifunkrouter verfügbar!</h3>
+					<table style="margin-bottom: 10px;">
+					<tr><td>Installierte Version: </td><td><b><%= ${FIRMWARE_VERSION} %></b></td></tr>
+					<tr><td>Neue Version: </td><td><b><%= ${VERSION} %></b></td></tr>
+					</table>
+					<a href="https://dev.freifunk-franken.de" target="_blank">Zum Download</a> | <a href="upgrade.html">Zur Upgradeseite</a>
+				</div>
 			<% fi %>

src/packages/fff/fff-web-ui/files/www/public/cgi-bin/status.html

@@ -61,8 +61,8 @@ contact="$(uci -q get "fff.system.contact")"
 							<legend>Status</legend>
 							<table>
 								<tr><th>Hood:</th><td><% echo "$hood" %></td></tr>
-								<tr><th>Bekannte Knoten:</th><td><% echo -n $(($(batctl tg -H | cut -b 40-56 | sort | uniq | wc -l 2> /dev/null)+1)) %></td></tr>
-								<tr><th>Nachbarknoten:</th><td><% echo -n $(batctl o -H | cut -b 40-56 | sort | uniq | wc -l 2> /dev/null) %></td></tr>
+								<tr><th>Bekannte Knoten:</th><td><% echo -n $(($(batctl tg -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l)+1)) %></td></tr>
+								<tr><th>Nachbarknoten:</th><td><% echo -n $(batctl o -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l) %></td></tr>
 								<tr><th>Lokale Clients:</th><td><% echo -n $(batctl tl -H 2> /dev/null | grep -c 'W') %></td></tr>
 							</table>
 						</fieldset>

src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/home.html

@@ -59,8 +59,8 @@ fi
 		<tr><th>Name:</th><td><%= ${HOSTNAME} %></td></tr>
 		<tr><th>Modell:</th><td><% cat /tmp/sysinfo/model 2>/dev/null %></td></tr>
 		<tr><th>MAC-Adresse:</th><td><%= $(cat /sys/class/net/br-client/address) %></td></tr>
-		<tr><th>Bekannte Knoten:</th><td><%= $(($(batctl tg -H | cut -b 40-56 | sort | uniq | wc -l 2>/dev/null)+1)) %></td></tr>
-		<tr><th>Nachbarknoten:</th><td><%= $(batctl o -H | cut -b 40-56 | sort | uniq | wc -l 2>/dev/null) %></td></tr>
+		<tr><th>Bekannte Knoten:</th><td><%= $(($(batctl tg -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l)+1)) %></td></tr>
+		<tr><th>Nachbarknoten:</th><td><%= $(batctl o -H 2>/dev/null | cut -b 40-56 | sort | uniq | wc -l) %></td></tr>
 		<tr><th>VPN via fastd:</th><td><%= ${vpn_active} %></td></tr>
 		<tr><th>fastd public key:</th><td><%= ${fastd_pub} %></td></tr>
 		<tr><th>Laufzeit:</th><td><%= ${uptime} %></td></tr>

src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/ports.html

@@ -9,8 +9,8 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
 		echo "ETHMODE=\"${POST_mode}\" # set via WebUI" >> /etc/network.config
 		sed -i '/^FORCEPARSE/d' /etc/network.config
 		echo "FORCEPARSE='2'" >> /etc/network.config
-		do_reboot=1
-		MSG='<span class="green">Port Modus ge&auml;ndert! Router startet neu...</span>'
+		do_reconfigure=1
+		MSG='<span class="green">Port Modus wird ge&auml;ndert!</span>'
 	fi
 	if [ "$POST_change_twoport" != "" ] ; then
 		sed -i '/^.*# set via WebUI/d' /etc/network.config
@@ -18,8 +18,8 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
 		echo "LAN1MODE=\"${POST_mode1}\" # set via WebUI" >> /etc/network.config
 		sed -i '/^FORCEPARSE/d' /etc/network.config
 		echo "FORCEPARSE='2'" >> /etc/network.config
-		do_reboot=1
-		MSG='<span class="green">Port Modus ge&auml;ndert! Router startet neu...</span>'
+		do_reconfigure=1
+		MSG='<span class="green">Port Modus wird ge&auml;ndert!</span>'
 	fi
 fi
 
@@ -151,7 +151,7 @@ format_port() {
 	</fieldset>
 	</td></tr>
 <% fi %>
-<% if grep -q "ONE_PORT" "/etc/network.$board_name" || grep -q "ETHPORT" "/etc/network.$board_name" ; then %>
+<% if grep -q "ONE_PORT" "/etc/network.$board_name" ; then %>
 	<%
 		# Device has a port set by $ETHMODE
 		. /etc/network.mode
@@ -182,13 +182,12 @@ format_port() {
 
 				Wenn diese Einstellung ver&auml;ndert wird, wird eine evtl. vorhandene manuelle Netzwerkkonfiguration in der
 				<tt>/etc/config/network</tt> &uuml;berschrieben.<br />
-				Anschlie&szlig;end wird der Router neugestartet.
 			</td></tr>
 		</table>
 	</fieldset>
 	</td></tr>
 <% fi %>
-<% if grep -q "LAN0PORT" "/etc/network.$board_name" || grep -q "LAN1PORT" "/etc/network.$board_name" ; then %>
+<% if grep -q "TWO_PORT" "/etc/network.$board_name" ; then %>
 	<%
 		# Device has two ports
 		. /etc/network.mode
@@ -228,7 +227,6 @@ format_port() {
 
 				Wenn diese Einstellung ver&auml;ndert wird, wird eine evtl. vorhandene manuelle Netzwerkkonfiguration in der
 				<tt>/etc/config/network</tt> &uuml;berschrieben.<br />
-				Anschlie&szlig;end wird der Router neugestartet.
 			</td></tr>
 		</table>
 	</fieldset>
@@ -239,7 +237,7 @@ format_port() {
 <%in /www/include/footer %>
 <%
 # write
-if [ "$do_reboot" = "1" ] ; then
-	reboot
+if [ "$do_reconfigure" = "1" ] ; then
+	configurenetwork
 fi
 %>

src/packages/fff/fff-web-ui/files/www/ssl/cgi-bin/settings.html

@@ -61,7 +61,7 @@ if [ "$REQUEST_METHOD" = "POST" ] ; then
 
 		uci -q commit
 
-		MSG='<span class="green">Daten gespeichert! - Bitte Router neustarten.</span>'
+		MSG='<span class="green">Daten gespeichert!</span>'
 	fi
 fi
 %>

src/packages/fff/fff-wireguard/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-wireguard
-PKG_RELEASE:=8
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -14,7 +14,7 @@ define Package/fff-wireguard
 		+kmod-wireguard \
 		+owipcalc \
 		+wireguard-tools \
-		+fff-babeld \
+		+fff-babel \
 		+fff-network
 endef
 

src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard

@@ -31,7 +31,7 @@ configure() {
 		fi
 	}
 
-	config_load babeld
+	config_load network
 	config_foreach remove_wgpeer interface
 
 
@@ -128,7 +128,7 @@ configure() {
 		babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
 
 		# add babel interface
-		babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
+		babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babel interface for wgpeer $name"; exit 1; }
 	}
 
 	config_load gateway
@@ -137,12 +137,16 @@ configure() {
 
 apply() {
 	uci commit network
-	uci commit babeld
 	uci commit gateway
+	babel_apply
+}
+
+reload() {
+	babel_reload
 }
 
 revert() {
 	uci revert network
-	uci revert babeld
 	uci revert gateway
+	babel_revert
 }