bsp/x86-64: Include vmxnet3 driver

Signed-off-by: Fabian Bläse <fabian@blaese.de>

.woodpecker.yml

@@ -0,0 +1,45 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      tags: true
+
+pipeline:
+  buildall-layer3:
+    image: openwrtorg/imagebuilder
+    commands:
+      - export HOME=/home/build/openwrt
+      - sudo chown -R build:build .
+      - git config --global user.email "ci@fff.community"
+      - git config --global user.name "FFF CI"
+      - ./buildscript selectvariant layer3
+      - ./buildscript selectbsp bsp/ath79-generic.bsp
+      - ./buildscript prepare
+      - ./buildscript buildall
+
+  buildall-node:
+    image: openwrtorg/imagebuilder
+    commands:
+      - export HOME=/home/build/openwrt
+      - sudo chown -R build:build .
+      - git config --global user.email "ci@fff.community"
+      - git config --global user.name "FFF CI"
+      - ./buildscript selectvariant node
+      - ./buildscript selectbsp bsp/ath79-generic.bsp
+      - ./buildscript prepare
+      - ./buildscript buildall
+
+  distribute:
+    image: alpine/git
+    volumes:
+      - /var/lib/woodpecker/artifacts:/var/run/artifacts
+    commands:
+      - rm -rf /var/run/artifacts/$(git describe --tags)
+      - mkdir -p /var/run/artifacts/$(git describe --tags)
+      - cp -r bin/* /var/run/artifacts/$(git describe --tags)/
+      - echo
+      - echo
+      - echo "You can download the built firmware images here:"
+      - echo "https://ci.fff.community/artifacts/$(git describe --tags)"
+
+branches: [ master ]

LICENSES/GPL-2.0

@@ -0,0 +1,356 @@
+Valid-License-Identifier: GPL-2.0-only
+Valid-License-Identifier: GPL-2.0
+Valid-License-Identifier: GPL-2.0-or-later
+Valid-License-Identifier: GPL-2.0+
+SPDX-URL: https://spdx.org/licenses/GPL-2.0-only.html
+SPDX-URL: https://spdx.org/licenses/GPL-2.0-or-later.html
+Usage-Guide:
+  To use this license in source code, put one of the following SPDX
+  tag/value pairs into a comment according to the placement
+  guidelines in the licensing rules documentation.
+  For 'GNU General Public License (GPL) version 2 only' use:
+    SPDX-License-Identifier: GPL-2.0-only
+  For 'GNU General Public License (GPL) version 2 or any later version' use:
+    SPDX-License-Identifier: GPL-2.0-or-later
+License-Text:
+
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.

LICENSES/GPL-3.0

@@ -0,0 +1,690 @@
+Valid-License-Identifier: GPL-3.0-only
+Valid-License-Identifier: GPL-3.0
+Valid-License-Identifier: GPL-3.0-or-later
+Valid-License-Identifier: GPL-3.0+
+SPDX-URL: https://spdx.org/licenses/GPL-3.0-only.html
+SPDX-URL: https://spdx.org/licenses/GPL-3.0-or-later.html
+Usage-Guide:
+  To use this license in source code, put one of the following SPDX
+  tag/value pairs into a comment according to the placement
+  guidelines in the licensing rules documentation.
+  For 'GNU General Public License (GPL) version 3 only' use:
+    SPDX-License-Identifier: GPL-3.0-only
+  For 'GNU General Public License (GPL) version 3 or any later version' use:
+    SPDX-License-Identifier: GPL-3.0-or-later
+License-Text:
+
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

README.md

@@ -8,7 +8,7 @@ Weitere Informationen gibt es auf <https://freifunk.net/> und auf <https://wiki.
 
 # Firmware selbst kompilieren
 ## Voraussetzungen
-* `apt-get install zlib1g-dev lua5.2 build-essential unzip libncurses-dev gawk git subversion realpath libssl-dev` (Sicherlich müssen noch mehr Abhängigkeiten installiert werden, diese Liste wird sich hoffentlich nach und nach füllen. Ein erster Ansatzpunkt sind die Abhängigkeiten von OpenWrt selbst)
+* `apt-get install zlib1g-dev lua5.2 build-essential unzip libncurses-dev gawk git subversion libssl-dev` (Sicherlich müssen noch mehr Abhängigkeiten installiert werden, diese Liste wird sich hoffentlich nach und nach füllen. Ein erster Ansatzpunkt sind die Abhängigkeiten von OpenWrt selbst)
 * `git clone https://git.freifunk-franken.de/freifunk-franken/firmware.git`
 * `cd firmware`
 

bsp/ar71xx-generic.bsp

@@ -1,5 +0,0 @@
-chipset=ar71xx
-subtarget=generic
-images=("openwrt-${chipset}-${subtarget}-cpe210-220-v1-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-cpe510-520-v1-squashfs-*"
-        )

bsp/ar71xx-generic/.config

@@ -1,34 +0,0 @@
-# Generated using "./buildscript config openwrt".
-# Do no edit manually
-#
-CONFIG_TARGET_ar71xx=y
-CONFIG_TARGET_ar71xx_generic=y
-CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_cpe210-220-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ar71xx_generic_DEVICE_cpe210-220-v1="-rssileds"
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_cpe510-520-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ar71xx_generic_DEVICE_cpe510-520-v1="-rssileds"
-CONFIG_BUSYBOX_CUSTOM=y
-CONFIG_TARGET_PER_DEVICE_ROOTFS=y
-# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
-# CONFIG_BUSYBOX_CONFIG_CROND is not set
-# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
-# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
-# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
-CONFIG_CLEAN_IPKG=y
-# CONFIG_DROPBEAR_CURVE25519 is not set
-# CONFIG_FASTD_ENABLE_CIPHER_SALSA2012 is not set
-# CONFIG_FASTD_ENABLE_MAC_GHASH is not set
-# CONFIG_FASTD_ENABLE_MAC_UHASH is not set
-# CONFIG_FASTD_ENABLE_METHOD_COMPOSED_GMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_COMPOSED_UMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_GENERIC_GMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_GENERIC_UMAC is not set
-CONFIG_KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE=1
-# CONFIG_PACKAGE_ALFRED_VIS is not set
-CONFIG_PACKAGE_hostapd-mini=y
-CONFIG_PACKAGE_iwinfo=m
-CONFIG_PACKAGE_libiwinfo=m
-CONFIG_PACKAGE_opkg=m
-CONFIG_PACKAGE_wpad-mini=m
-CONFIG_STRIP_KERNEL_EXPORTS=y

bsp/ath79-generic.bsp

@@ -6,24 +6,19 @@ images=("openwrt-${chipset}-${subtarget}-glinet_gl-ar150-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_archer-c60-v2-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_archer-c7-v2-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_archer-c7-v5-squashfs-*"
+        "openwrt-${chipset}-${subtarget}-tplink_cpe210-v1-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_cpe210-v2-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_cpe210-v3-squashfs-*"
+        "openwrt-${chipset}-${subtarget}-tplink_cpe510-v1-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wdr3500-v1-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wdr3600-v1-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wdr4300-v1-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wdr4310-v1-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr1043nd-v1-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wr1043nd-v2-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wr1043nd-v3-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wr1043nd-v4-squashfs-*"
         "openwrt-${chipset}-${subtarget}-tplink_tl-wr1043n-v5-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr710n-v1-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr842n-v2-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-ubnt_bullet-m-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-ubnt_nanostation-loco-m-squashfs-*"
         "openwrt-${chipset}-${subtarget}-ubnt_nanostation-loco-m-xw-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-ubnt_nanostation-m-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-ubnt_picostation-m-squashfs-*"
         "openwrt-${chipset}-${subtarget}-ubnt_unifi-squashfs-*"
         "openwrt-${chipset}-${subtarget}-ubnt_unifiac-mesh-squashfs-*"
         )

bsp/ath79-generic/.config

@@ -7,19 +7,23 @@ CONFIG_TARGET_MULTI_PROFILE=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-ar150=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_glinet_gl-ar150=""
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c25-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c25-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9887-ct ath10k-firmware-qca9887"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v1="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c60-v2=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c60-v2="-kmod-ath10k-ct-smallbuffers kmod-ath10k-smallbuffers -ath10k-firmware-qca9888-ct ath10k-firmware-qca9888"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v2=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c7-v2="-kmod-ath10k-ct kmod-ath10k -ath10k-firmware-qca988x-ct ath10k-firmware-qca988x"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_archer-c7-v5=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_archer-c7-v5="-kmod-ath10k-ct kmod-ath10k -ath10k-firmware-qca988x-ct ath10k-firmware-qca988x"
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe210-v1=y
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_cpe210-v1="-rssileds"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe210-v2=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_cpe210-v2="-rssileds"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe210-v3=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_cpe210-v3="-rssileds"
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe510-v1=y
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_cpe510-v1="-rssileds"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_tl-wdr3500-v1=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_tl-wdr3500-v1=""
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_tl-wdr3600-v1=y
@@ -42,8 +46,10 @@ CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_tl-wr710n-v1=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_tl-wr710n-v1=""
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_tl-wr842n-v2=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_tl-wr842n-v2=""
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_bullet-m=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_ubnt_bullet-m="-rssileds"
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_bullet-m-ar7240=y
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_ubnt_bullet-m-ar7240="-rssileds"
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_bullet-m-ar7241=y
+CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_ubnt_bullet-m-ar7241="-rssileds"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanostation-loco-m=y
 CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_ubnt_nanostation-loco-m="-rssileds"
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanostation-loco-m-xw=y
@@ -82,6 +88,7 @@ CONFIG_PACKAGE_wpad-mini=m
 CONFIG_PACKAGE_ath10k-firmware-qca9887=m
 CONFIG_PACKAGE_ath10k-firmware-qca9888=m
 CONFIG_PACKAGE_ath10k-firmware-qca988x=m
+CONFIG_PACKAGE_kmod-ath10k-smallbuffers=m
 CONFIG_PACKAGE_kmod-ath10k=m
 CONFIG_PACKAGE_ath10k-firmware-qca9887-ct=m
 CONFIG_PACKAGE_ath10k-firmware-qca9888-ct=m

bsp/ath79-tiny.bsp

@@ -1,16 +0,0 @@
-chipset=ath79
-subtarget=tiny
-images=("openwrt-${chipset}-${subtarget}-tplink_tl-mr3020-v1-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wa850re-v1-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wa860re-v1-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wa901nd-v2-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr740n-v4-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr741-v1-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr741nd-v4-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841-v7-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841-v8-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841-v9-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841-v10-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841-v11-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841-v12-squashfs-*"
-        )

bsp/ath79-tiny/.config

@@ -1,56 +0,0 @@
-# Generated using "./buildscript config openwrt".
-# Do no edit manually
-#
-CONFIG_TARGET_ath79=y
-CONFIG_TARGET_ath79_tiny=y
-CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-mr3020-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-mr3020-v1="-uboot-envtools -kmod-usb-core -kmod-usb-chipidea2 -kmod-usb-ledtrig-usbport"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wa850re-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wa850re-v1="-uboot-envtools -rssileds"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wa860re-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wa860re-v1="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wa901nd-v2=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wa901nd-v2="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr740n-v4=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr740n-v4="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr741-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr741-v1="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr741nd-v4=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr741nd-v4="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr841-v7=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr841-v7="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr841-v8=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr841-v8="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr841-v9=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr841-v9="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr841-v10=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr841-v10="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr841-v11=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr841-v11="-uboot-envtools"
-CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_tplink_tl-wr841-v12=y
-CONFIG_TARGET_DEVICE_PACKAGES_ath79_tiny_DEVICE_tplink_tl-wr841-v12="-uboot-envtools"
-CONFIG_BUSYBOX_CUSTOM=y
-CONFIG_TARGET_PER_DEVICE_ROOTFS=y
-# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
-# CONFIG_BUSYBOX_CONFIG_CROND is not set
-# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
-# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
-# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
-CONFIG_CLEAN_IPKG=y
-# CONFIG_DROPBEAR_CURVE25519 is not set
-# CONFIG_FASTD_ENABLE_CIPHER_SALSA2012 is not set
-# CONFIG_FASTD_ENABLE_MAC_GHASH is not set
-# CONFIG_FASTD_ENABLE_MAC_UHASH is not set
-# CONFIG_FASTD_ENABLE_METHOD_COMPOSED_GMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_COMPOSED_UMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_GENERIC_GMAC is not set
-# CONFIG_FASTD_ENABLE_METHOD_GENERIC_UMAC is not set
-CONFIG_KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE=1
-# CONFIG_PACKAGE_ALFRED_VIS is not set
-CONFIG_PACKAGE_hostapd-mini=y
-CONFIG_PACKAGE_iwinfo=m
-CONFIG_PACKAGE_libiwinfo=m
-CONFIG_PACKAGE_opkg=m
-CONFIG_PACKAGE_wpad-mini=m
-CONFIG_STRIP_KERNEL_EXPORTS=y

bsp/default/root_file_system/etc/profile

@@ -13,6 +13,9 @@ export HOME=${HOME:-/root}
 [ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; }
 [ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
 
+# update uhttpd passwd on passwd-change
+[ -e /etc/rc.d/S50uhttpd ] && passwd() { /bin/passwd "$@" && /etc/init.d/uhttpd restart; }
+
 # I'm lazy, let's add some aliases
 alias ..='cd ..'
 alias ...='cd ../..'
@@ -20,6 +23,7 @@ alias l='ls -CF'
 alias la='ls -A'
 alias ll='ls -alF'
 alias ls='ls --color=auto'
+alias ip='ip --color=auto'
 
 # and color my prompt
-export PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+export PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

bsp/ipq40xx-generic.bsp

@@ -0,0 +1,6 @@
+chipset=ipq40xx
+subtarget=generic
+
+images=(
+        "openwrt-${chipset}-${subtarget}-avm_fritzbox-4040-squashfs-*"
+       )

bsp/ipq40xx-generic/.config

@@ -0,0 +1,25 @@
+# Generated using "./buildscript config openwrt".
+# Do no edit manually
+#
+CONFIG_TARGET_ipq40xx=y
+CONFIG_TARGET_ipq40xx_generic=y
+CONFIG_TARGET_MULTI_PROFILE=y
+CONFIG_TARGET_DEVICE_ipq40xx_generic_DEVICE_avm_fritzbox-4040=y
+CONFIG_TARGET_DEVICE_PACKAGES_ipq40xx_generic_DEVICE_avm_fritzbox-4040="-kmod-ath10k-ct kmod-ath10k -ath10k-firmware-qca4019-ct ath10k-firmware-qca4019"
+CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
+# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
+# CONFIG_BUSYBOX_CONFIG_CROND is not set
+# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
+CONFIG_CLEAN_IPKG=y
+# CONFIG_DROPBEAR_CURVE25519 is not set
+# CONFIG_PACKAGE_ALFRED_VIS is not set
+CONFIG_PACKAGE_ath10k-firmware-qca4019=m
+CONFIG_PACKAGE_ath10k-firmware-qca4019-ct=m
+CONFIG_PACKAGE_kmod-ath10k=m
+CONFIG_PACKAGE_kmod-ath10k-ct=m
+CONFIG_PACKAGE_opkg=m
+CONFIG_STRIP_KERNEL_EXPORTS=y
+CONFIG_PACKAGE_kmod-hwmon-core=y

bsp/mpc85xx-generic.bsp

@@ -1,6 +0,0 @@
-chipset=mpc85xx
-subtarget=generic
-
-images=(
-        "openwrt-${chipset}-${subtarget}-tl-wdr4900-v1-squashfs-*"
-       )

bsp/mpc85xx-p1010.bsp

@@ -0,0 +1,6 @@
+chipset=mpc85xx
+subtarget=p1010
+
+images=(
+        "openwrt-${chipset}-${subtarget}-tplink_tl-wdr4900-v1-squashfs-*"
+       )

bsp/mpc85xx-p1010/.config

@@ -2,10 +2,10 @@
 # Do no edit manually
 #
 CONFIG_TARGET_mpc85xx=y
-CONFIG_TARGET_mpc85xx_generic=y
+CONFIG_TARGET_mpc85xx_p1010=y
 CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_DEVICE_mpc85xx_generic_DEVICE_tl-wdr4900-v1=y
-CONFIG_TARGET_DEVICE_PACKAGES_mpc85xx_generic_DEVICE_tl-wdr4900-v1=""
+CONFIG_TARGET_DEVICE_mpc85xx_p1010_DEVICE_tplink_tl-wdr4900-v1=y
+CONFIG_TARGET_DEVICE_PACKAGES_mpc85xx_p1010_DEVICE_tplink_tl-wdr4900-v1=""
 CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 # CONFIG_BUSYBOX_CONFIG_BRCTL is not set

bsp/octeon.bsp

@@ -0,0 +1,6 @@
+chipset=octeon
+subtarget=generic
+
+images=(
+        "openwrt-${chipset}-ubnt_edgerouter-4-*"
+       )

bsp/octeon/.config

@@ -0,0 +1,21 @@
+# Generated using "./buildscript config openwrt".
+# Do no edit manually
+#
+CONFIG_TARGET_octeon=y
+CONFIG_TARGET_MULTI_PROFILE=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
+CONFIG_TARGET_DEVICE_octeon_DEVICE_ubnt_edgerouter-4=y
+CONFIG_TARGET_DEVICE_PACKAGES_octeon_DEVICE_ubnt_edgerouter-4=""
+CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
+# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
+# CONFIG_BUSYBOX_CONFIG_CROND is not set
+# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
+CONFIG_CLEAN_IPKG=y
+# CONFIG_DROPBEAR_CURVE25519 is not set
+# CONFIG_PACKAGE_ALFRED_VIS is not set
+CONFIG_PACKAGE_opkg=m
+CONFIG_STRIP_KERNEL_EXPORTS=y
+CONFIG_TARGET_SQUASHFS_BLOCK_SIZE=512

bsp/ramips-mt7621.bsp

@@ -2,7 +2,8 @@ chipset=ramips
 subtarget=mt7621
 
 images=(
-        "openwrt-ramips-mt7621-r6220-squashfs-*"
-        "openwrt-ramips-mt7621-ubnt-erx-squashfs-*"
-        "openwrt-ramips-mt7621-ubnt-erx-sfp-squashfs-*"
+        "openwrt-ramips-mt7621-netgear_r6220-squashfs-*"
+        "openwrt-ramips-mt7621-ubnt_edgerouter-x-squashfs-*"
+        "openwrt-ramips-mt7621-ubnt_edgerouter-x-sfp-squashfs-*"
+        "openwrt-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-*"
        )

bsp/ramips-mt7621/.config

@@ -4,12 +4,14 @@
 CONFIG_TARGET_ramips=y
 CONFIG_TARGET_ramips_mt7621=y
 CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_r6220=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_r6220=""
-CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt-erx=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt-erx=""
-CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt-erx-sfp=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt-erx-sfp=""
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_netgear_r6220=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_netgear_r6220=""
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt_edgerouter-x=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt_edgerouter-x=""
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_ubnt_edgerouter-x-sfp=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_ubnt_edgerouter-x-sfp=""
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_xiaomi_mi-router-4a-gigabit=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_xiaomi_mi-router-4a-gigabit=""
 CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 # CONFIG_BUSYBOX_CONFIG_BRCTL is not set

bsp/ramips-mt76x8.bsp

@@ -1,6 +1,7 @@
 chipset=ramips
 subtarget=mt76x8
-images=("openwrt-${chipset}-${subtarget}-tplink_c50-v3-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tplink_c50-v4-squashfs-*"
-        "openwrt-${chipset}-${subtarget}-tl-wr841n-v13-squashfs-*"
+images=("openwrt-${chipset}-${subtarget}-tplink_archer-c50-v3-squashfs-*"
+        "openwrt-${chipset}-${subtarget}-tplink_archer-c50-v4-squashfs-*"
+        "openwrt-${chipset}-${subtarget}-tplink_tl-wr841n-v13-squashfs-*"
+        "openwrt-${chipset}-${subtarget}-xiaomi_mi-router-4a-100m-squashfs-*"
         )

bsp/ramips-mt76x8/.config

@@ -4,12 +4,14 @@
 CONFIG_TARGET_ramips=y
 CONFIG_TARGET_ramips_mt76x8=y
 CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_c50-v3=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_c50-v3=""
-CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_c50-v4=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_c50-v4=""
-CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tl-wr841n-v13=y
-CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tl-wr841n-v13=""
+CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_archer-c50-v3=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_archer-c50-v3=""
+CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_archer-c50-v4=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_archer-c50-v4=""
+CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_tplink_tl-wr841n-v13=""
+CONFIG_TARGET_DEVICE_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=y
+CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt76x8_DEVICE_xiaomi_mi-router-4a-100m=""
 CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 # CONFIG_BUSYBOX_CONFIG_BRCTL is not set

bsp/x86-64.bsp

@@ -0,0 +1,4 @@
+chipset=x86
+subtarget=64
+images=("openwrt-${chipset}-${subtarget}-generic-squashfs-combined-*"
+        )

bsp/x86-64/.config

@@ -0,0 +1,19 @@
+# Generated using "./buildscript config openwrt".
+# Do no edit manually
+#
+CONFIG_TARGET_x86=y
+CONFIG_TARGET_x86_64=y
+CONFIG_TARGET_x86_64_DEVICE_generic=y
+# CONFIG_TARGET_ROOTFS_EXT4FS is not set
+CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
+# CONFIG_BUSYBOX_CONFIG_BRCTL is not set
+# CONFIG_BUSYBOX_CONFIG_CROND is not set
+# CONFIG_BUSYBOX_CONFIG_CRONTAB is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_FAST_TOP is not set
+# CONFIG_BUSYBOX_CONFIG_FEATURE_NTPD_SERVER is not set
+CONFIG_CLEAN_IPKG=y
+# CONFIG_PACKAGE_ALFRED_VIS is not set
+CONFIG_PACKAGE_kmod-vmxnet3=y
+CONFIG_PACKAGE_opkg=m
+CONFIG_STRIP_KERNEL_EXPORTS=y

build_patches/openwrt/0001-Disable-OpenWrt-config-migration-mechanisms.patch

@@ -6,18 +6,23 @@ This disables all OpenWrt config migration mechanisms except for
 files listed in /etc/sysupgrade.conf
 
 diff --git a/package/base-files/files/sbin/sysupgrade b/package/base-files/files/sbin/sysupgrade
-index 6c518b780eddd973966537b50d8f7c82539bb1e1..49d4514b988e827098450d57da0ae50a37506d3a 100755
+index 7e0a00e13b8ee4be7163936fd01a7beff0ce5c99..97f50dc83088e29fba651741fff28c70f7585b3f 100755
 --- a/package/base-files/files/sbin/sysupgrade
 +++ b/package/base-files/files/sbin/sysupgrade
-@@ -134,9 +134,9 @@ list_changed_conffiles() {
- add_conffiles() {
- 	local file="$1"
- 	( find $(sed -ne '/^[[:space:]]*$/d; /^#/d; p' \
+@@ -135,14 +135,14 @@ list_static_conffiles() {
+ 	local filter=$1
+ 
+ 	find $(sed -ne '/^[[:space:]]*$/d; /^#/d; p' \
 -		/etc/sysupgrade.conf /lib/upgrade/keep.d/* 2>/dev/null) \
 +		/etc/sysupgrade.conf 2>/dev/null) \
- 		\( -type f -o -type l \) $find_filter 2>/dev/null;
--	  list_changed_conffiles ) | sort -u > "$file"
-+	  ) | sort -u > "$file"
- 	return 0
+ 		\( -type f -o -type l \) $filter 2>/dev/null
  }
  
+ add_conffiles() {
+ 	local file="$1"
+ 
+-	( list_static_conffiles "$find_filter"; list_changed_conffiles ) |
++	( list_static_conffiles "$find_filter" ) |
+ 		sort -u > "$file"
+ 	return 0
+ }

build_patches/openwrt/0003-ntpd-host-as-string.patch

@@ -3,15 +3,15 @@ Date: Sat, 8 Jul 2017 10:47:56 +0200
 Subject: ntpd host as string
 
 diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd
-index 52866ba32acd26a490f9c9024fc3e43e0f757496..b6b28cd02527b89c0a4cc2f9adef52bb4c8427b0 100755
+index 074f14b8f8..a05d1789ff 100755
 --- a/package/utils/busybox/files/sysntpd
 +++ b/package/utils/busybox/files/sysntpd
-@@ -30,7 +30,7 @@ get_dhcp_ntp_servers() {
- 
- validate_ntp_section() {
- 	uci_load_validate system timeserver "$1" "$2" \
--		'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' 'use_dhcp:bool:1' 'dhcp_interface:list(string)'
-+		'server:list(string)' 'enabled:bool:1' 'enable_server:bool:0' 'use_dhcp:bool:1' 'dhcp_interface:list(string)'
+@@ -34,7 +34,7 @@ validate_ntp_section() {
+ 		'enable_server:bool:0' \
+ 		'enabled:bool:1' \
+ 		'interface:string' \
+-		'server:list(host)' \
++		'server:list(string)' \
+ 		'use_dhcp:bool:1'
  }
  
- start_ntpd_instance() {

build_patches/openwrt/0004-build-remove-libustream-and-certs-from-default-packa.patch

@@ -0,0 +1,29 @@
+From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
+Date: Wed, 10 Feb 2021 19:12:59 +0100
+Subject: build: remove libustream and certs from default packages
+
+This effectively reverts upstream commit e79df3516d3e ("build: add
+libustream and certs to default pkgs").
+
+The libustream-wolfssl library conflicts with the libustream-mbedtls
+we are selecting in fff-web-ui and is probably much bigger.
+
+Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
+
+diff --git a/include/target.mk b/include/target.mk
+index 7526224972e18148fec8a12318ca7f90a382475f..338e97f836759fc454986210e5818ad390ba6efb 100644
+--- a/include/target.mk
++++ b/include/target.mk
+@@ -12,12 +12,10 @@ DEVICE_TYPE?=router
+ # Default packages - the really basic set
+ DEFAULT_PACKAGES:=\
+ 	base-files \
+-	ca-bundle \
+ 	dropbear \
+ 	fstools \
+ 	libc \
+ 	libgcc \
+-	libustream-wolfssl \
+ 	logd \
+ 	mtd \
+ 	netifd \

build_patches/openwrt/0010-ramips-add-missing-label-mac-device-mi-router-4a.patch

@@ -0,0 +1,25 @@
+From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
+Date: Mon, 19 Jul 2021 21:54:29 +0200
+Subject: [PATCH] ramips: add missing label-mac-device for Xiaomi Mi Router 4A
+ (100M)
+
+As both the Mi Router 4A (100M) and the Mi Router 4C use the same
+label-mac-device, the alias can be moved to the shared dtsi.
+
+Signed-off-by: Fabian Bläse <fabian@blaese.de>
+---
+ target/linux/ramips/dts/mt7628an_xiaomi_mi-router-4.dtsi | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/target/linux/ramips/dts/mt7628an_xiaomi_mi-router-4.dtsi b/target/linux/ramips/dts/mt7628an_xiaomi_mi-router-4.dtsi
+index 0f5897f5c593..d3f5e33be732 100644
+--- a/target/linux/ramips/dts/mt7628an_xiaomi_mi-router-4.dtsi
++++ b/target/linux/ramips/dts/mt7628an_xiaomi_mi-router-4.dtsi
+@@ -11,6 +11,7 @@
+ 		led-failsafe = &led_power_yellow;
+ 		led-running = &led_power_blue;
+ 		led-upgrade = &led_power_yellow;
++		label-mac-device = &ethernet;
+ 	};
+ 
+ 	chosen {

build_patches/openwrt/0011-generic-add-support-for-EON-EN25QX128A-spi-nor-flash.patch

@@ -0,0 +1,106 @@
+From 3b63209f03007e755c4a076d0a81a60fdf15dcd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
+Date: Wed, 16 Nov 2022 11:41:32 +0100
+Subject: [PATCH] generic: add support for EON EN25QX128A spi nor flash
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add support for EON EN25QX128A spi nor flash with no flags as it does
+support SFDP parsing.
+
+Fixes: #9442
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
+[fabian@blaese.de: Backport to Kernel 5.4]
+Signed-off-by: Fabian Bläse <fabian@blaese.de>
+---
+ .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
+ .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
+ .../477-mtd-spi-nor-add-eon-en25qx128a.patch  | 21 +++++++++++++++++++
+ 3 files changed, 63 insertions(+)
+ create mode 100644 target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
+ create mode 100644 target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
+ create mode 100644 target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
+
+diff --git a/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
+new file mode 100644
+index 0000000000..0a681d6753
+--- /dev/null
++++ b/target/linux/generic/pending-5.10/477-mtd-spi-nor-add-eon-en25qx128a.patch
+@@ -0,0 +1,21 @@
++From: Christian Marangi <ansuelsmth@gmail.com>
++Subject: kernel/mtd: add support for EON EN25QX128A
++
++Add support for EON EN25QX128A with no flags as it does
++support SFDP parsing.
++
++Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
++---
++ drivers/mtd/spi-nor/spi-nor.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/drivers/mtd/spi-nor/eon.c
+++++ b/drivers/mtd/spi-nor/eon.c
++@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
++ 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
++ 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
+++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
++ 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
++ 	{ "en25qh16",   INFO(0x1c7015, 0, 64 * 1024,   32,
+diff --git a/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
+new file mode 100644
+index 0000000000..0a681d6753
+--- /dev/null
++++ b/target/linux/generic/pending-5.15/477-mtd-spi-nor-add-eon-en25qx128a.patch
+@@ -0,0 +1,21 @@
++From: Christian Marangi <ansuelsmth@gmail.com>
++Subject: kernel/mtd: add support for EON EN25QX128A
++
++Add support for EON EN25QX128A with no flags as it does
++support SFDP parsing.
++
++Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
++---
++ drivers/mtd/spi-nor/spi-nor.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/drivers/mtd/spi-nor/eon.c
+++++ b/drivers/mtd/spi-nor/eon.c
++@@ -15,6 +15,7 @@ static const struct flash_info eon_parts
++ 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
++ 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
+++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024, 256, 0) },
++ 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
++ 			     SECT_4K | SPI_NOR_DUAL_READ) },
++ 	{ "en25qh16",   INFO(0x1c7015, 0, 64 * 1024,   32,
+diff --git a/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
+new file mode 100644
+index 0000000000..0a681d6753
+--- /dev/null
++++ b/target/linux/generic/pending-5.4/477-mtd-spi-nor-add-eon-en25qx128a.patch
+@@ -0,0 +1,18 @@
++From: Fabian Bläse <fabian@blaese.de>
++Subject: kernel/mtd: add support for EON EN25QX128A
++
++Signed-off-by: Fabian Bläse <fabian@blaese.de>
++---
++ drivers/mtd/spi-nor/spi-nor.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++--- a/drivers/mtd/spi-nor/spi-nor.c
+++++ b/drivers/mtd/spi-nor/spi-nor.c
++@@ -2240,8 +2240,9 @@ static const struct flash_info spi_nor_i
++ 	{ "en25p64",    INFO(0x1c2017, 0, 64 * 1024,  128, 0) },
++ 	{ "en25q64",    INFO(0x1c3017, 0, 64 * 1024,  128, SECT_4K) },
++ 	{ "en25q128",   INFO(0x1c3018, 0, 64 * 1024,  256, SECT_4K) },
+++	{ "en25qx128a", INFO(0x1c7118, 0, 64 * 1024,  256, 0) },
++ 	{ "en25q80a",   INFO(0x1c3014, 0, 64 * 1024,   16,
++ 			SECT_4K | SPI_NOR_DUAL_READ) },
++ 	{ "en25qh32",   INFO(0x1c7016, 0, 64 * 1024,   64, 0) },
+-- 
+2.38.1
+

build_patches/openwrt/0013-vxlan-remove-mandatory-peeraddr.patch

@@ -1,43 +0,0 @@
-From: Johannes Kimmel <fff@bareminimum.eu>
-Date: Mon, 20 Jul 2020 08:05:09 +0200
-Subject: vxlan: remove mandatory peeraddr
-
-vxlan can be configured without a peer address. This is used to prepare
-an interface and add peers later.
-
-Fixes: FS#2743
-
-Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
-(cherry picked from commit 5222aadbf353b7cc030c39aa816f33951b104552)
-
-diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index 7b1c7039551b7781f5f7a8e73b964db698f3697b..bdcaa628c4416cc83258dd38a6fc0978ea55a3bb 100755
---- a/package/network/config/vxlan/files/vxlan.sh
-+++ b/package/network/config/vxlan/files/vxlan.sh
-@@ -55,12 +55,6 @@ proto_vxlan_setup() {
- 	local ipaddr peeraddr
- 	json_get_vars ipaddr peeraddr tunlink
- 
--	[ -z "$peeraddr" ] && {
--		proto_notify_error "$cfg" "MISSING_ADDRESS"
--		proto_block_restart "$cfg"
--		exit
--	}
--
- 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
- 
- 	[ -z "$ipaddr" ] && {
-@@ -85,12 +79,6 @@ proto_vxlan6_setup() {
- 	local ip6addr peer6addr
- 	json_get_vars ip6addr peer6addr tunlink
- 
--	[ -z "$peer6addr" ] && {
--		proto_notify_error "$cfg" "MISSING_ADDRESS"
--		proto_block_restart "$cfg"
--		exit
--	}
--
- 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
- 
- 	[ -z "$ip6addr" ] && {

build_patches/openwrt/0014-vxlan-add-capability-for-multiple-fdb-entries.patch

@@ -1,159 +0,0 @@
-From: Johannes Kimmel <fff@bareminimum.eu>
-Date: Mon, 20 Jul 2020 08:05:10 +0200
-Subject: vxlan: add capability for multiple fdb entries
-
-Similar to wireguard, vxlan can configure multiple peers or add specific
-entries to the fdb for a single mac address.
-
-While you can still use peeraddr/peer6addr option within the proto
-vxlan/vxlan6 section to not break existing configurations, this patch
-allows to add multiple sections that conigure fdb entries via the bridge
-command. As such, the bridge command is now a dependency of the vxlan
-package. (To be honest without the bridge command available, vxlan isn't
-very much fun to use or debug at all)
-
-Field names are taken direclty from the bridge command.
-
-Example with all supported parameters, since this hasn't been documented so
-far:
-
-  config interface 'vx0'
-      option proto     'vxlan6'      # use vxlan over ipv6
-
-      # main options
-      option ip6addr   '2001:db8::1' # listen address
-      option tunlink   'wan6'        # optional if listen address given
-      option peer6addr '2001:db8::2' # now optional
-      option port      '8472'        # this is the standard port under linux
-      option vid       '42'          # VXLAN Network Identifier to use
-      option mtu       '1430'        # vxlan6 has 70 bytes overhead
-
-      # extra options
-      option rxcsum  '0'  # allow receiving packets without checksum
-      option txcsum  '0'  # send packets without checksum
-      option ttl     '16' # specifies the TTL value for outgoing packets
-      option tos     '0'  # specifies the TOS value for outgoing packets
-      option macaddr '11:22:33:44:55:66' # optional, manually specify mac
-                                         # default is a random address
-
-Single peer with head-end replication. Corresponds to the following call
-to bridge:
-
-  $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3
-
-  config vxlan_peer
-      option vxlan 'vx0'
-      option dst '2001:db8::3' # always required
-
-For multiple peers, this section can be repeated for each dst address.
-
-It's possible to specify a multicast address as destination. Useful when
-multicast routing is available or within one lan segment:
-
-  config vxlan_peer
-      option vxlan 'vx0'
-      option dst 'ff02::1337' # multicast group to join.
-                              # all bum traffic will be send there
-      option via 'eth1'       # for multicast, an outgoing interface needs
-                              # to be specified
-
-All available peer options for completeness:
-
-  config vxlan_peer
-      option vxlan   'vx0'               # the interface to configure
-      option lladdr  'aa:bb:cc:dd:ee:ff' # specific mac,
-      option dst     '2001:db8::4'       # connected to this peer
-      option via     'eth0.1'            # use this interface only
-      option port    '4789'              # use different port for this peer
-      option vni     '23'                # override vni for this peer
-      option src_vni '123'               # see man 3 bridge
-
-Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-(cherry picked from commit 65e9de3c333bae1ccef1dfb0cc008ad6f13958e4)
-
-diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
-index 13fcf0c55d07d97f5dcc3cbfcf2478020e7107cc..7232f71b45e6f72f2c62a245ad44cb9ade144f52 100644
---- a/package/network/config/vxlan/Makefile
-+++ b/package/network/config/vxlan/Makefile
-@@ -1,7 +1,7 @@
- include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=vxlan
--PKG_RELEASE:=3
-+PKG_RELEASE:=4
- PKG_LICENSE:=GPL-2.0
- 
- include $(INCLUDE_DIR)/package.mk
-diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index bdcaa628c4416cc83258dd38a6fc0978ea55a3bb..d063c47d47d0f4e339b21e97f4e25f55a33c0497 100755
---- a/package/network/config/vxlan/files/vxlan.sh
-+++ b/package/network/config/vxlan/files/vxlan.sh
-@@ -7,6 +7,50 @@
- 	init_proto "$@"
- }
- 
-+proto_vxlan_setup_peer() {
-+	type bridge &> /dev/null || {
-+		proto_notify_error "$cfg" "MISSING_BRIDGE_COMMAND"
-+		exit
-+	}
-+
-+	local peer_config="$1"
-+
-+	local vxlan
-+	local lladdr
-+	local dst
-+	local src_vni
-+	local vni
-+	local port
-+	local via
-+
-+	config_get vxlan   "${peer_config}" "vxlan"
-+	config_get lladdr  "${peer_config}" "lladdr"
-+	config_get dst     "${peer_config}" "dst"
-+	config_get src_vni "${peer_config}" "src_vni"
-+	config_get vni     "${peer_config}" "vni"
-+	config_get port    "${peer_config}" "port"
-+	config_get via     "${peer_config}" "via"
-+
-+	[ "$cfg" = "$vxlan" ] || {
-+		# This peer section belongs to another device
-+		return
-+	}
-+
-+	[ -n "${dst}" ] || {
-+		proto_notify_error "$cfg" "MISSING_PEER_ADDRESS"
-+		exit
-+	}
-+
-+	bridge fdb append \
-+		${lladdr:-00:00:00:00:00:00} \
-+		dev ${cfg}                   \
-+		dst ${dst}                   \
-+		${src_vni:+src_vni $src_vni} \
-+		${vni:+vni $vni}             \
-+		${port:+port $port}          \
-+		${via:+via $via}
-+}
-+
- vxlan_generic_setup() {
- 	local cfg="$1"
- 	local mode="$2"
-@@ -18,7 +62,6 @@ vxlan_generic_setup() {
- 	local port vid ttl tos mtu macaddr zone rxcsum txcsum
- 	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum
- 
--
- 	proto_init_update "$link" 1
- 
- 	proto_add_tunnel
-@@ -47,6 +90,9 @@ vxlan_generic_setup() {
- 	proto_close_data
- 
- 	proto_send_update "$cfg"
-+
-+	config_load network
-+	config_foreach proto_vxlan_setup_peer "vxlan_peer"
- }
- 
- proto_vxlan_setup() {

build_patches/openwrt/0031-mt76-mt7603-allow-eeprom-sections-starting-with-7600.patch

@@ -1,50 +0,0 @@
-From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
-Date: Fri, 16 Oct 2020 13:36:02 +0200
-Subject: mt76: mt7603: allow eeprom sections starting with 7600
-
-Fixes low signal issue for 2.4 GHz for the TP-Link Archer C50 v4.
-The first two bytes in the eeprom are the chip id. The working
-devices have 0x7628 there, whereas the non-working devices have
-0x7600 there. This chip id gets checked by the function
-mt7603_check_eeprom() which leads the driver to ignore the
-contents of the eeprom partition and load default values from otp.
-
-The has been manually added based on mt76 PR:
-https://github.com/openwrt/mt76/pull/442/
-
-Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
-diff --git a/package/kernel/mt76/patches/0001-fix-archer-c50-v4.patch b/package/kernel/mt76/patches/0001-fix-archer-c50-v4.patch
-new file mode 100644
-index 0000000000000000000000000000000000000000..29e422dc0c7f3046be0aa761bcfe8db1e298ed88
---- /dev/null
-+++ b/package/kernel/mt76/patches/0001-fix-archer-c50-v4.patch
-@@ -0,0 +1,28 @@
-+From b0c7f88d900d2986cd2061113201825eda6a6482 Mon Sep 17 00:00:00 2001
-+From: Ron Asimi <ron.asimi@gmail.com>
-+Date: Wed, 2 Sep 2020 23:18:23 -0400
-+Subject: [PATCH] mt7603: allow eeprom sections starting with 7600
-+
-+Fixes low  signal issue for 2.4 GHz for the TP-Link Archer C50 v4.
-+The first two bytes in the eeprom are the chip id. The working
-+devices have 0x7628 there, whereas the non-working devices have
-+0x7600 there. This chip id gets checked by the function
-+mt7603_check_eeprom() which leads the driver to ignore the contents
-+of the eeprom partition and load default values from otp.
-+
-+---
-+ mt7603/eeprom.c | 1 +
-+ 1 file changed, 1 insertion(+)
-+
-+diff --git a/mt7603/eeprom.c b/mt7603/eeprom.c
-+index 01f1e0da..9d5042af 100644
-+--- a/mt7603/eeprom.c
-++++ b/mt7603/eeprom.c
-+@@ -136,6 +136,7 @@ static int mt7603_check_eeprom(struct mt76_dev *dev)
-+ 	switch (val) {
-+ 	case 0x7628:
-+ 	case 0x7603:
-++	case 0x7600:
-+ 		return 0;
-+ 	default:
-+ 		return -EINVAL;

build_patches/openwrt/0050-Disable-ipq40xx-lan-wan-separation.patch

@@ -0,0 +1,132 @@
+From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
+Date: Sat, 7 Aug 2021 00:40:34 +0200
+Subject: [PATCH] Disable ipq40xx lan/wan separation
+
+While the ipq40xx only has a single MDIO connection to the switch chip,
+the ipq40xx essedma ethernet driver configures two gmac interfaces,
+which are seperated into WAN and LAN ports using vlan cid at driver
+level. Linux is not aware of these vlan tags.
+
+However, this configuration does interfere with the vlan ids we use in
+our firmware. Therefore, this feature is disabled by setting the default
+vlan id for all gmacs to 0, changing the port mask so all physical ports
+are connected to the first gmac, and reducing the amount of configured
+gmacs to one. The definition of the second gmac is kept, because it is
+referenced by some devices. The default configuration of the switch chip
+is removed accordingly.
+
+These changes are currently only done with the FritzBox 4040 in mind.
+---
+ .../linux/ipq40xx/base-files/etc/board.d/01_leds |  2 +-
+ .../ipq40xx/base-files/etc/board.d/02_network    |  3 +--
+ .../drivers/net/ethernet/qualcomm/essedma/edma.h | 16 ++++++++--------
+ .../linux/ipq40xx/files/drivers/net/phy/ar40xx.c |  2 ++
+ ...1-dts-ipq4019-add-ethernet-essedma-node.patch |  6 +++---
+ 5 files changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/target/linux/ipq40xx/base-files/etc/board.d/01_leds b/target/linux/ipq40xx/base-files/etc/board.d/01_leds
+index ac11655904..147e159ea1 100755
+--- a/target/linux/ipq40xx/base-files/etc/board.d/01_leds
++++ b/target/linux/ipq40xx/base-files/etc/board.d/01_leds
+@@ -19,7 +19,7 @@ asus,rt-ac58u)
+ 	;;
+ avm,fritzbox-4040)
+ 	ucidef_set_led_wlan "wlan" "WLAN" "green:wlan" "phy0tpt" "phy1tpt"
+-	ucidef_set_led_netdev "wan" "WAN" "green:wan" "eth1"
++	ucidef_set_led_switch "wan" "WAN" "green:wan" "switch0" "0x20"
+ 	ucidef_set_led_switch "lan" "LAN" "green:lan" "switch0" "0x1e"
+ 	;;
+ avm,fritzbox-7530 |\
+diff --git a/target/linux/ipq40xx/base-files/etc/board.d/02_network b/target/linux/ipq40xx/base-files/etc/board.d/02_network
+index 87c79db5e1..666be0d145 100755
+--- a/target/linux/ipq40xx/base-files/etc/board.d/02_network
++++ b/target/linux/ipq40xx/base-files/etc/board.d/02_network
+@@ -58,9 +58,8 @@ ipq40xx_setup_interfaces()
+ 	avm,fritzbox-4040|\
+ 	linksys,ea6350v3|\
+ 	linksys,ea8300)
+-		ucidef_set_interfaces_lan_wan "eth0" "eth1"
+ 		ucidef_add_switch "switch0" \
+-			"0u@eth0" "1:lan" "2:lan" "3:lan" "4:lan"
++			"0@eth0" "1:lan" "2:lan" "3:lan" "4:lan" "5:wan"
+ 		;;
+ 	linksys,mr8300)
+ 		ucidef_set_interfaces_lan_wan "eth0" "eth1"
+diff --git a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h b/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
+index 015e5f5026..daa60639d1 100644
+--- a/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
++++ b/target/linux/ipq40xx/files/drivers/net/ethernet/qualcomm/essedma/edma.h
+@@ -57,14 +57,14 @@
+ #define EDMA_LAN 1
+ 
+ /* VLAN tag */
+-#define EDMA_LAN_DEFAULT_VLAN 1
+-#define EDMA_WAN_DEFAULT_VLAN 2
+-
+-#define EDMA_DEFAULT_GROUP1_VLAN 1
+-#define EDMA_DEFAULT_GROUP2_VLAN 2
+-#define EDMA_DEFAULT_GROUP3_VLAN 3
+-#define EDMA_DEFAULT_GROUP4_VLAN 4
+-#define EDMA_DEFAULT_GROUP5_VLAN 5
++#define EDMA_LAN_DEFAULT_VLAN 0
++#define EDMA_WAN_DEFAULT_VLAN 0
++
++#define EDMA_DEFAULT_GROUP1_VLAN 0
++#define EDMA_DEFAULT_GROUP2_VLAN 0
++#define EDMA_DEFAULT_GROUP3_VLAN 0
++#define EDMA_DEFAULT_GROUP4_VLAN 0
++#define EDMA_DEFAULT_GROUP5_VLAN 0
+ 
+ /* Queues exposed to linux kernel */
+ #define EDMA_NETDEV_TX_QUEUE 4
+diff --git a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
+index 545e3985ae..28453c2363 100644
+--- a/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
++++ b/target/linux/ipq40xx/files/drivers/net/phy/ar40xx.c
+@@ -1483,6 +1483,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
+ 	unsigned long bmp;
+ 
+ 	/* By default Enable VLAN */
++	/*
+ 	priv->vlan = 1;
+ 	priv->vlan_table[AR40XX_LAN_VLAN] = priv->cpu_bmp | priv->lan_bmp;
+ 	priv->vlan_table[AR40XX_WAN_VLAN] = priv->cpu_bmp | priv->wan_bmp;
+@@ -1494,6 +1495,7 @@ ar40xx_vlan_init(struct ar40xx_priv *priv)
+ 	bmp = priv->wan_bmp;
+ 	for_each_set_bit(port, &bmp, AR40XX_NUM_PORTS)
+ 			priv->pvid[port] = AR40XX_WAN_VLAN;
++	*/
+ 
+ 	return 0;
+ }
+diff --git a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
+index 3567eb7810..b13b312a91 100644
+--- a/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
++++ b/target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch
+@@ -36,7 +36,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+ +			qcom,rx_head_buf_size = <1540>;
+ +			qcom,mdio_supported;
+ +			qcom,poll_required = <1>;
+-+			qcom,num_gmac = <2>;
+++			qcom,num_gmac = <1>;
+ +			interrupts = <0  65 IRQ_TYPE_EDGE_RISING
+ +				      0  66 IRQ_TYPE_EDGE_RISING
+ +				      0  67 IRQ_TYPE_EDGE_RISING
+@@ -74,7 +74,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+ +
+ +			gmac0: gmac0 {
+ +				local-mac-address = [00 00 00 00 00 00];
+-+				vlan_tag = <1 0x1f>;
+++				vlan_tag = <0 0x3f>;
+ +			};
+ +
+ +			gmac1: gmac1 {
+@@ -83,7 +83,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+ +				qcom,poll_required = <1>;
+ +				qcom,forced_speed = <1000>;
+ +				qcom,forced_duplex = <1>;
+-+				vlan_tag = <2 0x20>;
+++				vlan_tag = <0 0x00>;
+ +			};
+ +		};
+ +

build_patches/openwrt/0100-Add-hack-which-fixes-forwarding-on-a-stacked-bridge-.patch

@@ -0,0 +1,32 @@
+From f53b71d2907eeb0d80e79d99fa7b756b5e5bf32b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
+Date: Thu, 24 Feb 2022 00:04:47 +0100
+Subject: [PATCH] Add hack which fixes forwarding on a stacked bridge
+ configuration using DSA
+
+---
+ .../hack-5.4/999-fix-stacked-bridge-forwarding.patch | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+ create mode 100644 target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
+
+diff --git a/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
+new file mode 100644
+index 0000000000..e1d4cb9cd5
+--- /dev/null
++++ b/target/linux/generic/hack-5.4/999-fix-stacked-bridge-forwarding.patch
+@@ -0,0 +1,12 @@
++--- a/net/bridge/br_input.c
+++++ b/net/bridge/br_input.c
++@@ -52,6 +52,9 @@ static int br_pass_frame_up(struct sk_bu
++ 		return NET_RX_DROP;
++ 	}
++ 
+++	/* remove offload flag, so upper bridges do not drop the packet */
+++	br_switchdev_frame_unmark(skb);
+++
++ 	indev = skb->dev;
++ 	skb->dev = brdev;
++ 	skb = br_handle_vlan(br, NULL, vg, skb);
+-- 
+2.35.1
+

build_patches/openwrt/0200-mpc85xx-Drop-pci-aliases-to-avoid-domain-changes.patch

@@ -0,0 +1,158 @@
+From 7f4b4c29f3489697dca7495216460d0ed5023e02 Mon Sep 17 00:00:00 2001
+From: Martin Kennedy <hurricos@gmail.com>
+Date: Mon, 29 Aug 2022 20:47:24 -0400
+Subject: [PATCH] mpc85xx: Drop pci aliases to avoid domain changes
+
+As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
+domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
+domain address is no longer numbered by the lowest 16 bits of the PCI
+register address after a fallthrough. Instead of the fallthrough, the
+enumeration process accepts the alias ID (as determined by
+`of_alias_scan()`). This causes e.g.:
+
+9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
+9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
+
+to become
+
+0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
+0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
+
+... which then causes the sysfs path of the netdev to change,
+invalidating the `wifi_device.path`s enumerated in
+`/etc/config/wireless`.
+
+One other solution might be to migrate the uci configuration, as was
+done for mvebu in commit 0bd5aa89fcf2 ("mvebu: Migrate uci config to
+new PCIe path"). However, there are concerns that the sysfs path will
+change once again once some upstream patches[^2][^3] are merged and
+backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
+
+Instead, remove the aliases and allow the fallthrough to continue for
+now. We will provide a migration in a later release.
+
+This was first reported as a Github issue[^1].
+
+[^1]: https://github.com/openwrt/openwrt/issues/10530
+[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
+[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/
+
+Fixes: #10530
+Tested-by: Martin Kennedy <hurricos@gmail.com>
+[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
+Signed-off-by: Martin Kennedy <hurricos@gmail.com>
+---
+ .../files/arch/powerpc/boot/dts/hiveap-330.dts     | 13 +++++++++++++
+ .../mpc85xx/files/arch/powerpc/boot/dts/panda.dts  | 14 ++++++++++++++
+ .../files/arch/powerpc/boot/dts/red-15w-rev1.dts   | 14 ++++++++++++++
+ .../files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts  | 13 +++++++++++++
+ .../files/arch/powerpc/boot/dts/ws-ap3710i.dts     | 13 +++++++++++++
+ 6 files changed, 80 insertions(+)
+
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
+index ccf60eaeed0e1..d6a8da84ef66d 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/hiveap-330.dts
+@@ -300,3 +300,16 @@
+ 	};
+ };
+ /include/ "fsl/p1020si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
+index baaa4a43fd559..9be822f7bb8ac 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/panda.dts
+@@ -265,3 +265,17 @@
+ 	};
+ };
+ /include/ "fsl/p1020si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
++
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
+index 1fd6a4aa49713..db35602b94b5b 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/red-15w-rev1.dts
+@@ -214,3 +214,17 @@
+ };
+ 
+ /include/ "fsl/p1010si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
++
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
+index fbe1c0ee705d2..12281808aa5b6 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts
+@@ -302,3 +302,16 @@
+ 		/delete-node/ crypto@30000; /* Pulled in by p1010si-post */
+ 	};
+ };
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};
+diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
+index c5588d80275e2..5d81da4686413 100644
+--- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
++++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/ws-ap3710i.dts
+@@ -173,3 +173,16 @@
+ 
+ };
+ /include/ "fsl/p1020si-post.dtsi"
++
++/*
++ * For the OpenWrt 22.03 release, since Linux 5.10.138 now uses
++ * aliases to determine PCI domain numbers, drop aliases so as not to
++ * change the sysfs path of our wireless netdevs.
++ */
++
++/ {
++	aliases {
++		/delete-property/ pci0;
++		/delete-property/ pci1;
++	};
++};

buildscript

@@ -1,43 +1,43 @@
 #!/bin/bash
+# SPDX-License-Identifier: GPL-3.0-or-later
 
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
+set -e
+set -o pipefail
 
 builddir=./build
 
-OPENWRTREV="v19.07.5"
-OPENWRTURL="https://git.openwrt.org/openwrt/openwrt.git"
-PACKAGEREV="2974079d3db786fe5da00c10f1d80e79b0112093" # openwrt-19.07.5
-PACKAGEURL="https://git.openwrt.org/feed/packages.git"
+# OpenWrt: package hashes correspond to core repo version
+OPENWRTREV="v21.02.5"
+PACKAGEREV="0b16e3f359fe9d015861596d63c5bde4c56daa2e"
+ROUTINGREV="25e76489c83cfcee61e36a491896e1e9bfc3ec13"
 
-## Feed definition [0]: name aka directory, [1]: url, [2]: revision, [3..n]: patches
+# Gluon packages: master from 2020-02-04
+GLUONREV="12e41d0ff07ec54bbd67a31ab50d12ca04f2238c"
+
+OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl micrond mtr bmon"
+ROUTING_PKGS="kmod-batman-adv batctl alfred babeld bird2"
+GLUON_PKGS="simple-tc uradvd"
+
+FFF_VARIANTS="node layer3"
+
+OPENWRTURL="https://git.freifunk-franken.de/mirror/openwrt.git"
+
+## Feed definition [0]: name aka directory, [1]: url, [2]: revision
 
 #official openwrt packages
 OPENWRT=(openwrt
-         $PACKAGEURL
+         https://git.freifunk-franken.de/mirror/openwrt-packages.git
          $PACKAGEREV)
-OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl micrond mtr bmon"
 
-## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment.
-## See http://www.open-mesh.org/projects/batman-adv/wiki/Compatversion
+#gluon packages
 GLUON=(gluon
-            https://github.com/freifunk-gluon/packages.git
-            12e41d0ff07ec54bbd67a31ab50d12ca04f2238c) # 2020-02-04
-GLUON_PKGS="simple-tc uradvd"
+       https://github.com/freifunk-gluon/packages.git
+       $GLUONREV)
 
 #official openwrt routing packages
 ROUTING=(routing
-         https://git.openwrt.org/feed/routing.git
-         02b4dbfcb7b8f8b566940847d22d5a6f229d2e66) # openwrt-19.07.5
-ROUTING_PKGS="kmod-batman-adv batctl alfred babeld"
+         https://git.freifunk-franken.de/mirror/openwrt-routing.git
+         $ROUTINGREV)
 
 FFF=(fff)
 FFF_PKGS="-a"
@@ -57,9 +57,12 @@ checkout_git(){
     if [ -d "$DIRECTORY" ]; then
         if $MYGIT remote -v | grep -q "$REPO_URL" ; then
             echo "Right remote detected"
-            if ! $MYGIT checkout "$COMMITID" ; then
+            # Remove untracked files
+            $MYGIT clean -f -d
+            # Select desired commit and remove local changes (-f)
+            if ! $MYGIT checkout -f "$COMMITID" ; then
                 echo "commitid not found trying to fetch new commits"
-                $MYGIT pull && $MYGIT checkout "$COMMITID"
+                $MYGIT fetch --all && $MYGIT checkout "$COMMITID"
             fi
         else
             echo "wrong remote or not an git repo at all -> deleting whole directory"
@@ -77,14 +80,11 @@ checkout_git(){
 }
 
 get_source() {
-    test -d src || mkdir src
-    cd src
+    #Get the OpenWrt main repo
+    checkout_git $builddir $OPENWRTURL $OPENWRTREV
 
-    #Get the OpenWrt Core Source for Firmware
-    checkout_git openwrt $OPENWRTURL $OPENWRTREV
-
-    test -d packages || mkdir packages
-    cd packages
+    test -d src/packages || mkdir -p src/packages
+    cd src/packages
 
     #checkout needed package feeds
     for FEEDVAR in "${FEEDS[@]}" ; do
@@ -124,31 +124,11 @@ patch_target() {
 prepare() {
     get_source
 
-    test -d $builddir || mkdir $builddir
-
-    /bin/rm -rf "$builddir"
-    cp -a src/openwrt "$builddir"
-
     patch_target
 
-    # apply variant to ensure the included file "variant.mk"
-    # exists in builddir.
-    apply_variant
-
-    #saves ~200MB for each build
-    test -d ./src/dl || mkdir ./src/dl
-    ln -s ../src/dl "$builddir"/dl
-
     update_feeds
 }
 
-apply_variant() {
-    # set the variant for this build
-    cp "./src/packages/fff/fff/variant-$(cat selected_variant).mk" "$builddir"/variant.mk
-    # force the reevaluation of this Makefile to make note of the new variant
-    touch ./src/packages/fff/fff/Makefile
-}
-
 update_feeds() {
     ## generate own feeds.conf
     #this local variable should be globally configure variable used in get_source and here
@@ -183,8 +163,6 @@ update_feeds() {
 }
 
 prebuild() {
-    apply_variant
-
     #create filesdir for our config
     /bin/rm -rf "$builddir"/files
     mkdir "$builddir"/files
@@ -192,13 +170,6 @@ prebuild() {
     cp -r ./bsp/default/root_file_system/* "$builddir"/files/
     cp ./bsp/"$machine"/.config "$builddir"/.config
 
-    while IFS= read -r -d '' template
-    do
-        echo "Translating $template .."
-        $tpl_translate "$template" > "$(dirname "$template")"/"$(basename "$template" .tpl)"
-        /bin/rm "$template"
-    done < <(find "${builddir}/files" -name '*.tpl' -print0)
-
     #insert actual firware version informations into release file
     variant=$(cat selected_variant)
     version=$(git describe --tags --dirty)
@@ -209,6 +180,9 @@ prebuild() {
         version="$variant-$version"
     fi
 
+    # select variant packages
+    echo "CONFIG_PACKAGE_fff-${variant}=y" >> "$builddir"/.config
+
     {
         echo "FIRMWARE_VERSION=\"$version\""
         echo "VARIANT=\"$variant\""
@@ -230,17 +204,23 @@ build() {
 
     opath=$(pwd)
     cd "$builddir"
-    cpus=$(grep -c processor /proc/cpuinfo)
+    cpus=$(nproc)
 
     case "$1" in
         "debug")
-            make V=99
+            if [ -n "$2" ]; then
+                make V=99 -j $2
+            else
+                make V=99
+            fi
             ;;
         "fast")
-            ionice -c 2 -- nice -n 1 -- make -j $((cpus*2))
+            [ -n "$2" ] && threads=$2 || threads=$((cpus*2))
+            ionice -c 2 -- nice -n 1 -- make -j $threads
             ;;
         *)
-            ionice -c 3 -- nice -n 10 -- make -j $((cpus+1))
+            [ -n "$2" ] && threads=$2 || threads=$((cpus+1))
+            ionice -c 3 -- nice -n 10 -- make -j $threads
             ;;
     esac
 
@@ -306,7 +286,13 @@ cp_firmware() {
             filename_build=${f##*/}
             filename_build=${filename_build//openwrt/fff-${version}}
             filename_build=${filename_build//squashfs-/}
-            filename_build=${filename_build//${chipset}-${subtarget}-/}
+
+            # The x86 OpenWrt target does not have a device name,
+            # so keep the target and subtarget for identification.
+            if [ "$chipset" != "x86" ]; then
+                filename_build=${filename_build//${chipset}-/}
+                filename_build=${filename_build//${subtarget}-/}
+            fi
             cp "$f" "$imagedestpath/$filename_build"
         done
     done
@@ -332,8 +318,7 @@ buildrelease() {
     fi
 
     cd bin/$variant
-    for binary in *.bin; do
-        md5sum "$binary" > ./"$binary".md5
+    for binary in *.bin *.img *.img.gz *.tar; do
         sha256sum "$binary" > ./"$binary".sha256
     done
     echo -e "VERSION:$version" > release.nfo
@@ -341,7 +326,7 @@ buildrelease() {
 }
 
 clean() {
-    /bin/rm -rf bin $builddir src/openwrt
+    /bin/rm -rf bin $builddir
 
     # remove downloaded package feeds
     for FEEDVAR in "${FEEDS[@]}" ; do
@@ -436,14 +421,13 @@ case "$1" in
         ;;
     "selectvariant")
         if [ "$2" = "help" ] || [ "$2" = "" ]; then
-            echo "Select a build varaint:"
+            echo "Select a build variant:"
             echo
             echo "Usage: $0 $1 <name of variant>"
-            echo "available variants: "
-            /bin/ls src/packages/fff/fff/variant-*.mk | sed 's#.*/variant-\(.*\)\.mk#\1#g'
+            echo "available variants: $FFF_VARIANTS"
             echo
         else
-            if [ ! -f "src/packages/fff/fff/variant-$2.mk" ]; then
+            if ! echo "$FFF_VARIANTS" | grep -q "\b$2\b"; then
                 echo "Could not find variant $2"
             else
                 setVariant $2
@@ -466,13 +450,13 @@ case "$1" in
     "build")
         if [ "$2" = "help" ] || [ "$2" = "x" ]; then
             echo "This option compiles the firmware"
-            echo "Normaly the build uses lower IO and System priorities, "
+            echo "Normally the build uses lower IO and System priorities, "
             echo "you can append \"fast\" option, to use normal user priorities"
             echo
-            echo "Usage: $0 $1 [fast|debug]"
+            echo "Usage: $0 $1 [fast|debug] [numthreads]"
             echo
         else
-            build "$2"
+            build "$2" "$3"
         fi
         ;;
     "config")

feed_patches/openwrt/0020-fastd_generate_key_from_urandom.patch

@@ -1,16 +1,10 @@
-From 8e7de199282ba76a94a1b4370ac7712325b81fc2 Mon Sep 17 00:00:00 2001
 From: Robert Langhammer <rlanghammer@web.de>
 Date: Mon, 13 Nov 2017 21:04:55 +0100
-Subject: [PATCH] fastd_generate_key_from_urandom
-
----
- net/fastd/patches/001-generate_key_from_urandom.patch | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
- create mode 100644 net/fastd/patches/001-generate_key_from_urandom.patch
+Subject: fastd_generate_key_from_urandom
 
 diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch b/net/fastd/patches/001-generate_key_from_urandom.patch
 new file mode 100644
-index 000000000..e06739a1e
+index 0000000000000000000000000000000000000000..e06739a1e715ab310d9b30ae704f615572d6b4b9
 --- /dev/null
 +++ b/net/fastd/patches/001-generate_key_from_urandom.patch
 @@ -0,0 +1,14 @@
@@ -28,6 +22,3 @@ index 000000000..e06739a1e
 + 	ecc_25519_gf_sanitize_secret(&secret_key, &secret_key);
 +
 + 	ecc_25519_work_t work;
--- 
-2.25.1
-

feed_patches/openwrt/0030-micrond-show-stdout-and-stderr-in-log.patch

@@ -1,44 +0,0 @@
-From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
-Date: Wed, 22 Apr 2020 16:57:34 +0200
-Subject: micrond: show stdout and stderr in log
-
-So far, all output created by scripts run with micrond has been
-discarded. Since there is no reason for that and it also does not
-match the expected behavior, this enables both stdout and stderr
-output for the service.
-
-If not desired, a user can still use >/dev/null or similar in his/her
-micrond jobs to disable output easily and similar to what it would be
-on other systems.
-
-Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
----
- utils/micrond/Makefile                 | 2 +-
- utils/micrond/files/etc/init.d/micrond | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/utils/micrond/Makefile b/utils/micrond/Makefile
-index ba063b674..c979025bb 100644
---- a/utils/micrond/Makefile
-+++ b/utils/micrond/Makefile
-@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=micrond
- PKG_VERSION:=1
--PKG_RELEASE:=1
-+PKG_RELEASE:=2
- PKG_LICENSE:=BSD-2-clause
- 
- include $(INCLUDE_DIR)/package.mk
-diff --git a/utils/micrond/files/etc/init.d/micrond b/utils/micrond/files/etc/init.d/micrond
-index 1eef2ef52..35a3b9e70 100755
---- a/utils/micrond/files/etc/init.d/micrond
-+++ b/utils/micrond/files/etc/init.d/micrond
-@@ -9,5 +9,7 @@ start_service() {
- 	procd_open_instance
- 	procd_set_param command /usr/sbin/micrond "$CRONDIR"
- 	procd_set_param respawn
-+	procd_set_param stdout 1
-+	procd_set_param stderr 1
- 	procd_close_instance
- }

feed_patches/routing/0001-babeld-Include-PKG_RELEASE-in-babeld-version.patch

@@ -1,7 +1,6 @@
-From f114914490740247f2b6ca705f0f7055db9681ab Mon Sep 17 00:00:00 2001
 From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 Date: Mon, 30 Sep 2019 17:09:10 +0200
-Subject: [PATCH 1/2] babeld: Include PKG_RELEASE in babeld version
+Subject: babeld: Include PKG_RELEASE in babeld version
 
 This will account for custom patches added, as otherwise version
 would stay the same.
@@ -9,17 +8,14 @@ would stay the same.
 Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 [fabian@blaese.de: revise version string]
 Signed-off-by: Fabian Bläse <fabian@blaese.de>
----
- babeld/Makefile | 5 +++++
- 1 file changed, 5 insertions(+)
 
 diff --git a/babeld/Makefile b/babeld/Makefile
-index 022d0b8..78fdf83 100644
+index 056ce43d5ddb461ba94e51a5b18ffac0ef971468..16cc86fe5c2ae8731b0d7d2f64517e9b92d029f9 100644
 --- a/babeld/Makefile
 +++ b/babeld/Makefile
-@@ -48,6 +48,11 @@ MAKE_FLAGS+= \
- 	CFLAGS="$(TARGET_CFLAGS)" \
+@@ -50,6 +50,11 @@ MAKE_FLAGS+= \
  	LDLIBS="" \
+ 	LDLIBS+="-lubus -lubox"
  
 +define Build/Configure
 +	echo "babeld-$(PKG_VERSION)+fff$(PKG_RELEASE)" > $(PKG_BUILD_DIR)/version
@@ -29,6 +25,3 @@ index 022d0b8..78fdf83 100644
  define Package/babeld/install
  	$(INSTALL_DIR) $(1)/usr/sbin
  	$(INSTALL_BIN) $(PKG_BUILD_DIR)/babeld $(1)/usr/sbin/
--- 
-2.25.1
-

feed_patches/routing/0002-Add-batman-adv-patch-to-remove-gw-mode-switch-messag.patch

@@ -1,46 +0,0 @@
-From f8c90adf89a45d9cfd5e189f28d0250e06710764 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
-Date: Wed, 11 Jul 2018 13:39:06 +0200
-Subject: [PATCH] Add batman-adv patch to remove gw mode switch message
-
-Signed-off-by: Fabian Bläse <fabian@blaese.de>
----
- .../0000-Remove-gw-mode-switch-message.patch  | 26 +++++++++++++++++++
- 1 file changed, 26 insertions(+)
- create mode 100644 batman-adv/patches/0000-Remove-gw-mode-switch-message.patch
-
-diff --git a/batman-adv/patches/0000-Remove-gw-mode-switch-message.patch b/batman-adv/patches/0000-Remove-gw-mode-switch-message.patch
-new file mode 100644
-index 0000000..fb49d6c
---- /dev/null
-+++ b/batman-adv/patches/0000-Remove-gw-mode-switch-message.patch
-@@ -0,0 +1,26 @@
-+From 5a99aa98460605dcc649c43b85ae87e36d326cdf Mon Sep 17 00:00:00 2001
-+From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= <fabian@blaese.de>
-+Date: Wed, 11 Jul 2018 13:37:08 +0200
-+Subject: [PATCH] Remove gw mode switch message
-+
-+Signed-off-by: Fabian Bläse <fabian@blaese.de>
-+---
-+ net/batman-adv/sysfs.c | 3 ---
-+ 1 file changed, 3 deletions(-)
-+
-+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
-+index f2eef43b..dc529d50 100644
-+--- a/net/batman-adv/sysfs.c
-++++ b/net/batman-adv/sysfs.c
-+@@ -508,9 +508,6 @@ static ssize_t batadv_store_gw_mode(struct kobject *kobj,
-+ 		break;
-+ 	}
-+ 
-+-	batadv_info(net_dev, "Changing gw mode from: %s to: %s\n",
-+-		    curr_gw_mode_str, buff);
-+-
-+ 	/* Invoking batadv_gw_reselect() is not enough to really de-select the
-+ 	 * current GW. It will only instruct the gateway client code to perform
-+ 	 * a re-election the next time that this is needed.
-+-- 
-+2.18.0
--- 
-2.25.1
-

src/packages/fff/alfred-json/Makefile

@@ -3,7 +3,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=alfred-json
 PKG_VERSION:=0.3.1
 PKG_RELEASE:=1
-PKG_LICENSE:=GPL-2.0
+PKG_LICENSE:=GPL-2.0-only
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=e4cacfc791092389f63c36a435d3f1d069f8a13e
 PKG_SOURCE_URL:=https://github.com/FreifunkFranken/alfred-json.git

src/packages/fff/fff-alfred-monitoring-proxy/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-alfred-monitoring-proxy
-PKG_RELEASE:=4
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/fff-alfred-monitoring-proxy
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/fff-alfred-monitoring-proxy
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken Alfred-Monitoring-Proxy
-	URL:=https://www.freifunk-franken.de/
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+curl +micrond +alfred-json +fff-alfred +fff-random
 endef
 
@@ -21,8 +19,8 @@ define Package/fff-alfred-monitoring-proxy/description
 	https://monitoring.freifunk-franken.de/
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
+define Build/Compile
+	# nothing
 endef
 
 define Package/fff-alfred-monitoring-proxy/install

src/packages/fff/fff-alfred-monitoring-proxy/files/usr/lib/filewall.d/06-enable-mc-out

@@ -1 +0,0 @@
-ebtables -P MULTICAST_OUT RETURN

src/packages/fff/fff-alfred/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-alfred
-PKG_RELEASE:=1
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken Alfred
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+alfred
 endef
 
@@ -20,14 +18,6 @@ define Package/$(PKG_NAME)/description
 	This packages configures the Alfred on the device.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-alfred/files/etc/uci-defaults/51-fff-alfred

@@ -2,7 +2,7 @@
 
 uci batch <<EOF
   set alfred.alfred=alfred
-  set alfred.alfred.interface='br-mesh'
+  set alfred.alfred.interface='br-client'
   set alfred.alfred.mode='slave'
   set alfred.alfred.batmanif='none'
   set alfred.alfred.start_vis='0'

src/packages/fff/fff-babel-bird2/Makefile

@@ -0,0 +1,29 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-babel-bird2
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-babel-bird2
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken babel-bird2
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:=+bird2 +bird2c +owipcalc
+	PROVIDES:=fff-babel-implementation
+endef
+
+define Package/fff-babel-bird2/description
+	This is the Freifunk Franken Firmware babel-bird2 package.
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-babel-bird2/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-babel-bird2))

src/packages/fff/fff-babel-bird2/files/etc/bird-fff.conf

@@ -0,0 +1,123 @@
+# router id is not required for babeld, but necessary for bird startup
+router id 192.0.2.0;
+
+ipv4 table fff4;
+ipv6 sadr table fff6;
+
+protocol device {
+	scan time 15;
+}
+
+# device routes for ipv4 peering address
+protocol direct {
+	ipv4 {
+		table fff4;
+		import filter {
+			include "/tmp/bird/include/nat-filter.conf";
+
+			if (net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16) && net.len = 32 then {
+				accept;
+			}
+			reject;
+		};
+	};
+}
+
+# device routes on loopback interface
+protocol direct {
+	ipv4 {
+		table fff4;
+		import filter {
+			include "/tmp/bird/include/nat-filter.conf";
+
+			if net ~ 10.50.0.0/16 || net ~ 10.83.0.0/16 then {
+				accept;
+			}
+			reject;
+		};
+	};
+
+	ipv6 sadr {
+		table fff6;
+		import filter {
+			if net ~ fdff::/64 from ::/0 then {
+				reject;
+			}
+
+			# only import GUA + ULA addresses
+			if net !~ 2000::/3 from ::/0 && net !~ fc00::/7 from ::/0 then {
+				reject;
+			}
+
+			accept;
+		};
+		import keep filtered;
+	};
+
+	interface "lo";
+}
+
+# ipv6 kernel route interface
+protocol kernel {
+	ipv6 sadr {
+		table fff6;
+		import filter {
+			# only import routes from kernel with proto static
+			if krt_source != 4 then {
+				reject;
+			}
+
+			if net ~ fdff::/64 from ::/0 then {
+				reject;
+			}
+
+			accept;
+		};
+		export all;
+		preference 200;
+	};
+	kernel table 10;
+	scan time 15;
+	learn yes;
+}
+
+# ipv4 kernel route interface
+protocol kernel {
+	ipv4 {
+		table fff4;
+		import filter {
+			include "/tmp/bird/include/nat-filter.conf";
+
+			# only import routes from kernel with proto static
+			if krt_source = 4 then {
+				accept;
+			}
+			reject;
+		};
+		export all;
+		preference 200;
+	};
+	kernel table 10;
+	scan time 15;
+	learn yes;
+}
+
+protocol babel {
+	# required due to static configuration of global router id.
+	# also improves reconnect speed after restart.
+	randomize router id yes;
+
+	ipv4 {
+		table fff4;
+		import all;
+		export all;
+	};
+
+	ipv6 sadr {
+		table fff6;
+		import all;
+		export all;
+	};
+
+	include "/tmp/bird/include/babelpeers.conf";
+};

src/packages/fff/fff-babel-bird2/files/etc/init.d/fff-bird

@@ -0,0 +1,45 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2010-2017 OpenWrt.org
+
+USE_PROCD=1
+START=70
+
+BIRD_BIN="/usr/sbin/bird"
+BIRD_CONF="/etc/bird.conf"
+BIRD_PID_FILE="/var/run/bird.pid"
+
+start_service() {
+    mkdir -p /var/run
+
+    set_include_path
+
+    procd_open_instance
+    procd_set_param command $BIRD_BIN -f -c $BIRD_CONF -P $BIRD_PID_FILE
+    procd_set_param file "$BIRD_CONF"
+    procd_set_param stdout 1
+    procd_set_param stderr 1
+    procd_set_param respawn
+    procd_close_instance
+}
+
+reload_service() {
+    set_include_path
+    procd_send_signal fff-bird
+}
+
+set_include_path() {
+    # Change include file path, so bird uses the correct configuration, depending on the configuration state:
+    #  - If test mode is active (and /tmp/bird/fff exists), switch to the temporary configuration to be tested.
+    #  - If new settings are applied or the old settings are restored after an unsuccessful test (and /tmp/bird/fff does not exist),
+    #    switch back to the permanent configuration (/etc/bird/fff).
+
+    mkdir -p /tmp/bird/include
+
+    if [ -d /tmp/bird/fff ]; then
+        echo 'include "/tmp/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
+        echo 'include "/tmp/bird/fff/nat-filter.conf";'   > /tmp/bird/include/nat-filter.conf
+    else
+        echo 'include "/etc/bird/fff/babelpeers/*.conf";' > /tmp/bird/include/babelpeers.conf
+        echo 'include "/etc/bird/fff/nat-filter.conf";'   > /tmp/bird/include/nat-filter.conf
+    fi
+}

src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/30-disable-bird2

@@ -0,0 +1,4 @@
+/etc/init.d/bird disable
+rm -f /etc/init.d/bird
+
+exit 0

src/packages/fff/fff-babel-bird2/files/etc/uci-defaults/60-fff-bird-config

@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-3.0-only
+
+mv /etc/bird-fff.conf /etc/bird.conf
+
+exit 0

src/packages/fff/fff-babel-bird2/files/lib/functions/fff/babeldaemon/bird2

@@ -0,0 +1,72 @@
+# SPDX-License-Identifier: GPL-3.0-only
+
+babel_get_version() {
+	/usr/sbin/bird --version 2>&1 | sed "s/BIRD version /bird-/"
+}
+
+babel_add_interface() {
+	[ "$#" -ne "4" ] && return 1
+
+	local name="$1"
+	local interface="$2"
+	local type="$3"
+	local rxcost="$4"
+
+	mkdir -p /tmp/bird/fff/babelpeers
+	echo "interface \"$interface\" { type $type; rxcost $rxcost; };" > /tmp/bird/fff/babelpeers/$name.conf
+
+	return 0
+}
+
+babel_delete_interface() {
+	[ "$#" -ne "1" ] && return 1
+
+	local name="$1"
+
+	# Removing peers from /etc is not necessary, as all peers are generated into /tmp on every configuration run,
+	# which completely overwrites existing peers in /etc in the apply step.
+	rm -f /tmp/bird/fff/babelpeers/$name.conf
+
+	return 0
+}
+
+babel_add_redistribute_filter() {
+	return 0
+}
+
+babel_add_private_prefix_filter() {
+	[ "$#" -ne "1" ] && return 1
+
+	local prefix="$1"
+	prefix=$(owipcalc "$prefix" network prefix "$prefix")
+
+	mkdir -p /tmp/bird/fff
+	echo "if net ~ $prefix then reject;" > /tmp/bird/fff/nat-filter.conf
+
+	return 0
+}
+
+babel_remove_custom_redistribute_filters() {
+	mkdir -p /tmp/bird/fff
+	> /tmp/bird/fff/nat-filter.conf
+
+	return 0
+}
+
+babel_apply_implementation() {
+	# error output hidden because apply might be executed without a preceding configure step.
+	if [ -d /tmp/bird/fff ]; then
+		rm -rf /etc/bird/fff
+		mv /tmp/bird/fff /etc/bird/fff
+	fi
+
+	return 0
+}
+
+babel_reload_implementation() {
+	/etc/init.d/fff-bird reload
+}
+
+babel_revert() {
+	rm -r /tmp/bird/fff
+}

src/packages/fff/fff-babel-bird2/files/usr/lib/nodewatcher.d/80-bird2.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-only
+
+set -e
+set -o pipefail
+
+
+if ! birdc show status >/dev/null 2>&1; then
+	# bird daemon not running or unavailable. exit.
+	exit 0
+fi
+
+neighbours="$(birdc -r show babel neighbors |
+		tail -n +5 |
+		awk '{ printf "<neighbour><ip>%s</ip><outgoing_interface>%s</outgoing_interface><link_cost>%s</link_cost></neighbour>", $1, $2, $3 }'
+	)"
+
+echo -n "<babel_neighbours>$neighbours</babel_neighbours>"
+
+exit 0

src/packages/fff/fff-babel/Makefile

@@ -0,0 +1,28 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-babel
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-babel
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken babel
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:=+fff-babel-implementation
+endef
+
+define Package/fff-babel/description
+	This is the Freifunk Franken Firmware babel package.
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-babel/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-babel))

src/packages/fff/fff-babel/files/etc/layer3.d/40-babel

@@ -26,7 +26,7 @@ configure() {
 		fi
 	}
 
-	config_load babeld
+	config_load network
 	config_foreach remove_babelpeer interface
 
 	#add new peers
@@ -75,14 +75,14 @@ configure() {
 		babel_add_peer6addr "network.$prefixname.ip6addr"
 
 		# add babel interface
-		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babeld interface for babelpeer $name"; exit 1; }
+		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babel interface for babelpeer $name"; exit 1; }
 	}
 
 	config_load gateway
 	config_foreach add_babelpeer babelpeer
 
 
-	# configure babeld filters for custom ipv6 addresses
+	# configure babel filters for custom ipv6 addresses
 	## remove old filters
 	babel_remove_custom_redistribute_filters
 
@@ -90,14 +90,25 @@ configure() {
 	for prefix in $(uci -q get gateway.@client[0].ip6addr); do
 		babel_add_redistribute_filter "$prefix"
 	done
+
+	## add deny filters for client prefixes used with snat
+	if [ "$(uci -q get gateway.@client[0].snat)" = "1" ]; then
+		for prefix in $(uci -q get gateway.@client[0].ipaddr); do
+			babel_add_private_prefix_filter "$prefix"
+		done
+	fi
 }
 
 apply() {
 	uci commit network
-	uci commit babeld
+	babel_apply
+}
+
+reload() {
+	babel_reload
 }
 
 revert() {
 	uci revert network
-	uci revert babeld
+	babel_revert
 }

src/packages/fff/fff-babel/files/etc/uci-defaults/27-babel-network-rules

@@ -19,7 +19,7 @@ uci batch <<EOF
   set network.@rule[3].priority='20'
   add network rule
   set network.@rule[4]=rule
-  set network.@rule[4].in='mesh'
+  set network.@rule[4].in='client'
   set network.@rule[4].lookup='10'
   set network.@rule[4].priority='31'
   add network rule6
@@ -34,7 +34,7 @@ uci batch <<EOF
   set network.@rule6[1].priority='20'
   add network rule6
   set network.@rule6[2]=rule6
-  set network.@rule6[2].in='mesh'
+  set network.@rule6[2].in='client'
   set network.@rule6[2].lookup='10'
   set network.@rule6[2].priority='31'
 EOF

src/packages/fff/fff-babel/files/lib/functions/fff/babel

@@ -0,0 +1,116 @@
+
+implementation=$(uci -q get babelimpl.impl.impl)
+[ -z "$implementation" ] && implementation=bird2
+
+. /lib/functions/fff/babeldaemon/$implementation
+
+babel_add_iifrules() {
+	[ "$#" -ne "1" ] && return 1
+
+	local name="$1"
+	local table='10'
+	local prio='31'
+
+	uci set network.${name}_rule=rule
+	uci set network.${name}_rule.in="$name"
+	uci set network.${name}_rule.lookup="$table"
+	uci set network.${name}_rule.priority="$prio"
+
+	uci set network.${name}_rule6=rule6
+	uci set network.${name}_rule6.in="$name"
+	uci set network.${name}_rule6.lookup="$table"
+	uci set network.${name}_rule6.priority="$prio"
+
+	return 0
+}
+
+babel_delete_iifrules() {
+	[ "$#" -ne "1" ] && return 1
+
+	local name="$1"
+
+	uci -q del network.${name}_rule
+	uci -q del network.${name}_rule6
+
+	return 0
+}
+
+babel_add_peeraddr() {
+	[ "$#" -ne "1" ] && return 1
+
+	local option="$1"
+
+	if peer_ip=$(uci -q get gateway.@gateway[0].peer_ip); then
+		uci add_list "$option"="$peer_ip"
+	elif router_ip=$(uci -q get gateway.meta.router_ip); then
+		# use router_ip if no peer_ip is set
+		ip=$router_ip
+
+		# use only first ip
+		ip=${ip%% *}
+
+		# remove CIDR mask
+		ip=${ip%%/*}
+
+		uci add_list "$option"="$ip"
+	elif ipaddr=$(uci -q get gateway.@client[0].ipaddr); then
+		# use client interface address (without subnet) if no router_ip is set
+		uci add_list "$option"=${ipaddr%%/*}
+	else
+		echo "WARNING: No peer_ip, router_ip or client interface ipaddr set! IPv4 routing is not possible."
+		return 1
+	fi
+
+	return 0
+}
+
+babel_add_peer6addr() {
+	[ "$#" -ne "1" ] && return 1
+
+	local option="$1"
+
+	if peer_ip6=$(uci -q get gateway.@gateway[0].peer_ip6); then
+		uci add_list "$option"="$peer_ip6"
+	else
+		return 1
+	fi
+
+	return 0
+}
+
+babel_reload() {
+	# switch implementation temporarily
+	case $implementation in
+		bird2)
+			/etc/init.d/babeld stop 2>/dev/null
+			/etc/init.d/fff-bird start
+			;;
+		babeld)
+			/etc/init.d/fff-bird stop 2>/dev/null
+			/etc/init.d/babeld start
+			;;
+	esac
+
+	# call implementation-specific reload commands
+	babel_reload_implementation
+
+	return 0
+}
+
+babel_apply() {
+	# switch implementation persistently
+	case $implementation in
+		bird2)
+			/etc/init.d/babeld disable
+			/etc/init.d/fff-bird enable
+			;;
+		babeld)
+			/etc/init.d/fff-bird disable
+			/etc/init.d/babeld enable
+			;;
+	esac
+
+	babel_apply_implementation
+
+	return 0
+}

src/packages/fff/fff-babeld/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-babeld
-PKG_RELEASE:=2
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/fff-babeld
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,8 +9,9 @@ define Package/fff-babeld
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken babeld configuration example
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+babeld
+	PROVIDES:=fff-babel-implementation
 endef
 
 define Package/fff-babeld/description
@@ -20,14 +19,6 @@ define Package/fff-babeld/description
 	This package provides an example babeld configuration.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-babeld/files/etc/config/babeld

@@ -1,7 +1,6 @@
 config general
 	option export_table '10'
 	option import_table '10'
-	option first_table_number '100'
 	option local_port '33123'
 
 config interface
@@ -22,6 +21,11 @@ config filter
 	option local 'true'
 	option ip 'fd43:5602:29bd::/48'
 
+config filter
+	option type 'redistribute'
+	option local 'true'
+	option if 'lo'
+
 config filter
 	option type 'redistribute'
 	option local 'true'

src/packages/fff/fff-babeld/files/etc/uci-defaults/30-disable-babeld

@@ -0,0 +1,3 @@
+/etc/init.d/babeld disable
+
+exit 0

src/packages/fff/fff-babeld/files/lib/functions/fff/babel

@@ -1,121 +0,0 @@
-babel_add_iifrules() {
-	[ "$#" -ne "1" ] && return 1
-
-	local name="$1"
-	local table='10'
-	local prio='31'
-
-	uci set network.${name}_rule=rule
-	uci set network.${name}_rule.in="$name"
-	uci set network.${name}_rule.lookup="$table"
-	uci set network.${name}_rule.priority="$prio"
-
-	uci set network.${name}_rule6=rule6
-	uci set network.${name}_rule6.in="$name"
-	uci set network.${name}_rule6.lookup="$table"
-	uci set network.${name}_rule6.priority="$prio"
-
-	return 0
-}
-
-babel_delete_iifrules() {
-	[ "$#" -ne "1" ] && return 1
-
-	local name="$1"
-
-	uci -q del network.${name}_rule
-	uci -q del network.${name}_rule6
-
-	return 0
-}
-
-babel_add_peeraddr() {
-	[ "$#" -ne "1" ] && return 1
-
-	local option="$1"
-
-	if peer_ip=$(uci -q get gateway.@gateway[0].peer_ip); then
-		uci add_list "$option"="$peer_ip"
-	elif ipaddr=$(uci -q get gateway.@client[0].ipaddr); then
-		# use ipaddr (without subnet) if no peer_ip set
-		uci add_list "$option"=$(echo $ipaddr | cut -d / -f1)
-	else
-		echo "FATAL: Neither peer_ip nor ipaddr set! No peering ipv4 set!"
-		return 1
-	fi
-
-	return 0
-}
-
-babel_add_peer6addr() {
-	[ "$#" -ne "1" ] && return 1
-
-	local option="$1"
-
-	if peer_ip6=$(uci -q get gateway.@gateway[0].peer_ip6); then
-		uci add_list "$option"="$peer_ip6"
-	else
-		return 1
-	fi
-
-	return 0
-}
-
-babel_add_interface() {
-	[ "$#" -ne "4" ] && return 1
-
-	local name="$1"
-	local interface="$2"
-	local type="$3"
-	local rxcost="$4"
-
-	uci set babeld.$name=interface
-	uci set babeld.$name.ifname="$interface"
-	uci set babeld.$name.type="$type"
-	uci set babeld.$name.rxcost="$rxcost"
-
-	return 0
-}
-
-babel_delete_interface() {
-	[ "$#" -ne "1" ] && return 1
-
-	local name="$1"
-
-	uci -q del babeld.$name
-
-	return 0
-}
-
-babel_add_redistribute_filter() {
-	[ "$#" -ne "1" ] && return 1
-
-	local prefix="$1"
-
-	config=$(uci add babeld filter)
-	uci set babeld.$config.type='redistribute'
-	uci set babeld.$config.ip="$prefix"
-	uci set babeld.$config.addedbyautoconfig='true'
-
-	return 0
-}
-
-babel_remove_custom_redistribute_filters() {
-	[ "$#" -ne "0" ] && return 1
-
-	remove_filters() {
-		local name="$1"
-
-		# check if filter was added by configuregateway
-		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
-			return
-		fi
-
-		uci -q del babeld.$name
-	}
-
-	config_load babeld
-	config_foreach remove_filters filter
-
-	return 0
-}

src/packages/fff/fff-babeld/files/lib/functions/fff/babeldaemon/babeld

@@ -0,0 +1,103 @@
+# SPDX-License-Identifier: GPL-3.0-only
+
+babel_get_version() {
+	/usr/sbin/babeld -V 2>&1
+}
+
+babel_add_interface() {
+	[ "$#" -ne "4" ] && return 1
+
+	local name="$1"
+	local interface="$2"
+	local type="$3"
+	local rxcost="$4"
+
+	uci set babeld.$name=interface
+	uci set babeld.$name.ifname="$interface"
+	uci set babeld.$name.type="$type"
+	uci set babeld.$name.rxcost="$rxcost"
+
+	return 0
+}
+
+babel_delete_interface() {
+	[ "$#" -ne "1" ] && return 1
+
+	local name="$1"
+
+	uci -q del babeld.$name
+
+	return 0
+}
+
+babel_add_redistribute_filter() {
+	[ "$#" -ne "1" ] && return 1
+
+	local prefix="$1"
+
+	config=$(uci add babeld filter)
+	uci set babeld.$config.type='redistribute'
+	uci set babeld.$config.ip="$prefix"
+	uci set babeld.$config.addedbyautoconfig='true'
+
+	return 0
+}
+
+babel_add_private_prefix_filter() {
+	[ "$#" -ne "1" ] && return 1
+
+	local prefix="$1"
+
+	config=$(uci add babeld filter)
+	uci set babeld.$config.type='redistribute'
+	uci set babeld.$config.ip="$prefix"
+	uci set babeld.$config.addedbyautoconfig='true'
+	uci set babeld.$config.action='deny'
+
+	# move to top, so filter rule has precedence over all other rules
+	uci reorder babeld.$config=0
+
+	config=$(uci add babeld filter)
+	uci set babeld.$config.type='redistribute'
+	uci set babeld.$config.ip="$prefix"
+	uci set babeld.$config.addedbyautoconfig='true'
+	uci set babeld.$config.local='true'
+	uci set babeld.$config.action='deny'
+
+	# move to top, so filter rule has precedence over all other rules
+	uci reorder babeld.$config=0
+
+	return 0
+}
+
+babel_remove_custom_redistribute_filters() {
+	[ "$#" -ne "0" ] && return 1
+
+	remove_filters() {
+		local name="$1"
+
+		# check if filter was added by configuregateway
+		if ! [ "$(uci -q get babeld.$name.addedbyautoconfig)" = 'true' ]; then
+			return
+		fi
+
+		uci -q del babeld.$name
+	}
+
+	config_load babeld
+	config_foreach remove_filters filter
+
+	return 0
+}
+
+babel_apply_implementation() {
+	uci commit babeld
+}
+
+babel_reload_implementation() {
+	return 0
+}
+
+babel_revert() {
+	uci revert babeld
+}

src/packages/fff/fff-base/Makefile

@@ -0,0 +1,34 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-base
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-base
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken base dependencies
+	URL:=https://www.freifunk-franken.de
+	DEFAULT:=y
+	DEPENDS:= \
+		+iptables \
+		+ip6tables \
+		+micrond \
+		+odhcp6c \
+		+fff-config \
+		+fff-network \
+		+fff-nodewatcher \
+		+fff-simple-tc \
+		+fff-support \
+		+fff-sysupgrade \
+		+fff-timeserver \
+		+fff-web-ui \
+		+fff-wireless
+endef
+
+define Package/fff-variant/description
+	This package includes base packages used in the Freifunk-Franken firmware
+endef
+
+$(eval $(call BuildPackage,fff-base))

src/packages/fff/fff-batman-adv/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-batman-adv
-PKG_RELEASE:=4
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken batman-adv
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+kmod-batman-adv \
 			 +@BATMAN_ADV_BATMAN_V \
 			 +@BATMAN_ADV_NC \
@@ -23,14 +21,6 @@ define Package/$(PKG_NAME)/description
 	It is used to configure batman-adv.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-batman-adv/files/usr/lib/nodewatcher.d/30-batman-adv.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-only
+#
 # Netmon Nodewatcher (C) 2010-2012 Freifunk Oldenburg
-# License; GPL v3
 
 debug() {
 	(>&2 echo "nodewatcher: $1")

src/packages/fff/fff-boardname/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-boardname
-PKG_RELEASE:=8
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken boardname
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 endef
 
 define Package/$(PKG_NAME)/description
@@ -19,14 +17,6 @@ define Package/$(PKG_NAME)/description
 	This packages configures the boardname in the board config.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-boardname/files/etc/uci-defaults/15-fff-boardname

@@ -1,5 +1,9 @@
 BOARD=$(cat /var/sysinfo/board_name)
 
+if uname -a | grep x86_64 > /dev/null; then
+	BOARD="x86_64"
+fi
+
 uci set board.model.name=$BOARD
 uci commit board
 

src/packages/fff/fff-config/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-config
-PKG_RELEASE:=2
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken Config
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-boardname
 endef
 
@@ -20,14 +18,6 @@ define Package/$(PKG_NAME)/description
 	This packages provides utilities for a central FFF config file.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-config/files/etc/sysctl.d/20-oom-panic.conf

@@ -0,0 +1 @@
+vm.panic_on_oom=1

src/packages/fff/fff-config/files/etc/uci-defaults/98-configure-fff

@@ -1,5 +1,6 @@
+# SPDX-License-Identifier: GPL-3.0-only
+#
 # Copyright 2017 Adrian Schmutzler
-# License GPLv3
 
 touch /etc/config/fff
 

src/packages/fff/fff-dhcp/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-dhcp
-PKG_RELEASE:=2
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/fff-dhcp
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/fff-dhcp
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken dhcp
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+dnsmasq
 endef
 
@@ -20,14 +18,6 @@ define Package/fff-dhcp/description
 	It is used to configure dnsmasq for use as gateway.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-dhcp/files/etc/layer3.d/35-dns

@@ -8,7 +8,10 @@ configure() {
 			uci add_list dhcp.@dnsmasq[0].server="/ip6.arpa/$f"
 		done
 	else
-		echo "WARNING: No DNS servers set!"
+		echo "WARNING: No DNS servers set! Using default server fd43:5602:29bd:ffff:1:1:1:1"
+		uci add_list dhcp.@dnsmasq[0].server="fd43:5602:29bd:ffff:1:1:1:1"
+		uci add_list dhcp.@dnsmasq[0].server="/in-addr.arpa/fd43:5602:29bd:ffff:1:1:1:1"
+		uci add_list dhcp.@dnsmasq[0].server="/ip6.arpa/fd43:5602:29bd:ffff:1:1:1:1"
 	fi
 }
 

src/packages/fff/fff-dhcp/files/etc/uci-defaults/90-fff-dhcp

@@ -1,32 +1,40 @@
-uci batch <<EOF
+# Use a larger cachesize by default
+cachesize=1024
+
+# Increase cachesize for systems with enough memory
+mem="$(awk '/^MemTotal:/ {print $2}' /proc/meminfo)"
+[ "$mem" -gt 65536 ] && cachesize=8192
+
+uci batch >/dev/null <<EOF
   delete dhcp.@dnsmasq[0]
   delete dhcp.lan
   delete dhcp.wan
   add dhcp dnsmasq
-  set dhcp.@dnsmasq[0].domainneeded='0'
-  set dhcp.@dnsmasq[0].boguspriv='0'
-  set dhcp.@dnsmasq[0].filterwin2k='0'
-  set dhcp.@dnsmasq[0].localise_queries='0'
-  set dhcp.@dnsmasq[0].rebind_protection='0'
-  set dhcp.@dnsmasq[0].rebind_localhost='1'
-  set dhcp.@dnsmasq[0].domain='fff.community'
-  set dhcp.@dnsmasq[0].expandhosts='0'
-  set dhcp.@dnsmasq[0].nonegcache='0'
-  set dhcp.@dnsmasq[0].authoritative='1'
-  set dhcp.@dnsmasq[0].readethers='1'
-  set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
-  set dhcp.@dnsmasq[0].noresolv='1'
-  set dhcp.@dnsmasq[0].localservice='1'
-  add_list dhcp.@dnsmasq[0].server='10.50.252.11'
-  add_list dhcp.@dnsmasq[0].server='10.50.252.0'
-  add_list dhcp.@dnsmasq[0].server='/in-addr.arpa/10.50.252.11'
-  add_list dhcp.@dnsmasq[0].server='/in-addr.arpa/10.50.252.0'
-  add_list dhcp.@dnsmasq[0].server='/ip6.arpa/10.50.252.11'
-  add_list dhcp.@dnsmasq[0].server='/ip6.arpa/10.50.252.0'
+  set dhcp.@dnsmasq[-1].domainneeded='0'
+  set dhcp.@dnsmasq[-1].boguspriv='0'
+  set dhcp.@dnsmasq[-1].filterwin2k='0'
+  set dhcp.@dnsmasq[-1].localise_queries='0'
+  set dhcp.@dnsmasq[-1].rebind_protection='0'
+  set dhcp.@dnsmasq[-1].rebind_localhost='1'
+  set dhcp.@dnsmasq[-1].domain='fff.community'
+  set dhcp.@dnsmasq[-1].expandhosts='0'
+  set dhcp.@dnsmasq[-1].nonegcache='0'
+  set dhcp.@dnsmasq[-1].cachesize="$cachesize"
+  set dhcp.@dnsmasq[-1].authoritative='1'
+  set dhcp.@dnsmasq[-1].readethers='1'
+  set dhcp.@dnsmasq[-1].leasefile='/tmp/dhcp.leases'
+  set dhcp.@dnsmasq[-1].noresolv='1'
+  set dhcp.@dnsmasq[-1].localservice='1'
 
-  set dhcp.mesh=dhcp
-  set dhcp.mesh.interface='mesh'
-  set dhcp.mesh.leasetime='1h'
+  # do not generate A or AAAA records for the routers hostname,
+  # because this might interfere with upstream records.
+  #
+  # e.g. hostname: 'router.fff.community'
+  set dhcp.@dnsmasq[-1].add_local_fqdn='0'
+
+  set dhcp.client=dhcp
+  set dhcp.client.interface='client'
+  set dhcp.client.leasetime='1h'
 EOF
 
 uci commit dhcp

src/packages/fff/fff-fastd/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-fastd
-PKG_RELEASE:=3
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken fastd configuration script
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+@BUSYBOX_CUSTOM \
 			 +@FASTD_ENABLE_METHOD_NULL \
 			 +@FASTD_ENABLE_CIPHER_NULL \
@@ -26,14 +24,6 @@ define Package/$(PKG_NAME)/description
 	It is used to configure fastd.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd

@@ -29,6 +29,7 @@ ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
 echo "#!/bin/sh" > /etc/fastd/fff/up.sh
 echo "ip link set up dev fffVPN" >> /etc/fastd/fff/up.sh
 echo "batctl if add fffVPN" >> /etc/fastd/fff/up.sh
+echo "batctl hardif fffVPN hop_penalty 30" >> /etc/fastd/fff/up.sh
 chmod +x /etc/fastd/fff/up.sh
 
 exit 0

src/packages/fff/fff-fastd/files/usr/lib/vpn-select.d/fastd

@@ -0,0 +1,29 @@
+protocol=fastd
+
+fastd_clear() {
+	rm /tmp/fastd_fff_peers/* 2>/dev/null
+}
+
+fastd_addpeer() {
+	[ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers
+
+	# write fastd-config
+	json_get_var servername name
+	filename="/etc/fastd/fff/peers/$servername"
+	echo "#name \"${servername}\";" > "$filename"
+	json_get_var key key
+	echo "key \"${key}\";" >> "$filename"
+	json_get_var address address
+	json_get_var port port
+	echo "remote \"${address}\" port ${port};" >> "$filename"
+	echo "" >> "$filename"
+	echo "float yes;" >> "$filename"
+}
+
+fastd_start_stop() {
+	if ls /etc/fastd/fff/peers/* &>/dev/null; then
+		/etc/init.d/fastd reload
+	else
+		/etc/init.d/fastd stop
+	fi
+}

src/packages/fff/fff-firewall/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-firewall
-PKG_RELEASE:=5
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken firewall
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+arptables \
 			 +ebtables +ebtables-utils \
 			 +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 \
@@ -24,14 +22,6 @@ define Package/$(PKG_NAME)/description
 	It is used to configure firewall.
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall

@@ -4,14 +4,11 @@ START=50
 
 USE_PROCD=1
 
-SERVICE_WRITE_PID=1
-SERVICE_DAEMONIZE=1
-
 FIREWALL_DIR=/usr/lib/firewall.d
 
 service_triggers()
 {
-    procd_add_reload_trigger "fff-firewall"
+    procd_add_reload_trigger "fff-firewall" "network"
 }
 
 start_service()

src/packages/fff/fff-firewall/files/usr/lib/firewall.d/00-prepare

@@ -2,8 +2,5 @@
 ebtables -F
 ebtables -X
 
-iptables -F
-iptables -X
-
-ip6tables -F
-ip6tables -X
+iptables-save  | awk '/^[*]/ { print $1 } /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }  /COMMIT/ { print $0; }' | iptables-restore
+ip6tables-save | awk '/^[*]/ { print $1 } /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }  /COMMIT/ { print $0; }' | ip6tables-restore

src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-clamp-mss

@@ -1,2 +0,0 @@
-#solves MTU problem with bad ISPs
-iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh

@@ -1,3 +0,0 @@
-# Limit ssh to 6 new connections per 60 seconds
-/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
-/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP

src/packages/fff/fff-hoods/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-hoods
-PKG_RELEASE:=15
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,24 +9,26 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken hoods
-	URL:=http://www.freifunk-franken.de
-	DEPENDS:=+fff-hoodutils +fff-macnock +fff-vpn-select +fff-firewall \
-			 +fff-timeserver +fff-network +fff-wireless +jshn \
-			 +@BUSYBOX_CONFIG_WGET +@BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:= \
+		+fff-firewall \
+		+fff-hoodutils \
+		+fff-macnock \
+		+fff-network \
+		+fff-timeserver \
+		+fff-vpn-select \
+		+fff-web-hood \
+		+fff-wireless \
+		+jshn \
+		+owipcalc \
+		+@BUSYBOX_CONFIG_WGET \
+		+@BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT
 endef
 
 define Package/$(PKG_NAME)/description
 	This package load and configures the current hood
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-hoods/files/usr/lib/functions/fff/hoodfile

@@ -77,7 +77,7 @@ getGatewayHoodfile() {
 
 	echo "Trying to get hoodfile from gateway..."
 
-	if /bin/busybox wget -T15 -O "$file" "http://[fe80::1%br-mesh]:2342/keyxchangev2data"; then
+	if /bin/busybox wget -T15 -O "$file" "http://[fe80::1%br-client]:2342/keyxchangev2data"; then
 		return 0
 	else
 		return 1

src/packages/fff/fff-hoods/files/usr/sbin/configurehood

@@ -184,36 +184,44 @@ if [ -s "$hoodfiletmp" ]; then
 		/usr/sbin/vpn-stop
 	fi
 
-	# now we load the prefix from the hoodfile and set this to br-mesh
+	# now we load the prefix from the hoodfile and set this to br-client
 	json_select network
 	json_get_var prefix ula_prefix
 	# Set $prefix::MAC as IP
 	if [ -n "$prefix" ] ; then
-		prefix="$(echo "$prefix" | sed -e 's,\\,,')"
-		mac="$(cat "/sys/class/net/br-mesh/address")"
-		addr="$(ipMacAssemble "$prefix" "$mac")"
-		addr="$(ipTidyColon "$addr")"
-		addr_eui="$(ipEUIAssemble "$prefix" "$mac")"
-		addr_eui="$(ipTidyColon "$addr_eui")"
-		for ip in $(ip -6 addr show dev br-mesh | grep inet6 | grep -v -e " $addr" -e " $addr_eui" -e " fe80::" -e " fdff::" | cut -f6 -d " "); do
-			ip -6 addr del "$ip" dev br-mesh
+		# remove escape character
+		prefix=$(echo "$prefix" | sed -e 's,\\,,')
+
+		# In earlier firmware versions the prefix had to be written
+		# in an incorrect syntax (missing a trailing colon).
+		# To make hoodfiles with this old incorrect syntax work with
+		# newer firmware versions like this one, we have to fix the
+		# incorrect syntax here. Both the old, incorrect and
+		# the correct syntax work with this fix.
+		prefix="$(echo "$prefix" | sed -e 's,\([^:]\):/,\1::/,')"
+
+		mac=$(cat "/sys/class/net/br-client/address")
+		addr=$(owipcalc "$prefix" add "::$(ipMacSuffix "$mac")")
+		addr_eui=$(owipcalc "$prefix" add "::$(ipEUISuffix "$mac")")
+		for ip in $(ip -6 addr show dev br-client | grep inet6 | grep -v -e " $addr" -e " $addr_eui" -e " fe80::" -e " fdff::" | cut -f6 -d " "); do
+			ip -6 addr del "$ip" dev br-client
 		done
-		if ! ( ip -6 addr show dev br-mesh | grep -q "$addr" ) ; then
-			ip -6 addr add "$addr" dev br-mesh
-			echo "Set ULA address to br-mesh: $addr"
+		if ! ( ip -6 addr show dev br-client | grep -q "$addr" ) ; then
+			ip -6 addr add "$addr" dev br-client
+			echo "Set ULA address to br-client: $addr"
 		else
 			echo "Address already set."
 		fi
 		# Set $prefix::link-local as IP
-		if ! ( ip -6 addr show dev br-mesh | grep -q "$addr_eui" ) ; then
-			ip -6 addr add "$addr_eui" dev br-mesh
-			echo "Set ULA EUI-64 address to br-mesh: $addr_eui"
+		if ! ( ip -6 addr show dev br-client | grep -q "$addr_eui" ) ; then
+			ip -6 addr add "$addr_eui" dev br-client
+			echo "Set ULA EUI-64 address to br-client: $addr_eui"
 		else
 			echo "Address already set."
 		fi
-		if ! ( ip -6 route show dev br-mesh | grep -q "fc00::" ) ; then
-			ip -6 route add fc00::/7 via fe80::1 dev br-mesh
-			echo "Set ULA route to br-mesh."
+		if ! ( ip -6 route show dev br-client | grep -q "fc00::" ) ; then
+			ip -6 route add fc00::/7 via fe80::1 dev br-client
+			echo "Set ULA route to br-client."
 		else
 			echo "Route already set."
 		fi

src/packages/fff/fff-hoodutils/Makefile

@@ -1,9 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-hoodutils
-PKG_RELEASE:=2
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+PKG_RELEASE:=$(COMMITCOUNT)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -11,7 +9,7 @@ define Package/$(PKG_NAME)
 	SECTION:=base
 	CATEGORY:=Freifunk
 	TITLE:=Freifunk-Franken hoodutils
-	URL:=http://www.freifunk-franken.de
+	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-network +fff-config
 endef
 
@@ -20,14 +18,6 @@ define Package/$(PKG_NAME)/description
 	may be used outside of configurehood
 endef
 
-define Build/Prepare
-	echo "all: " > $(PKG_BUILD_DIR)/Makefile
-endef
-
-define Build/Configure
-	# nothing
-endef
-
 define Build/Compile
 	# nothing
 endef

src/packages/fff/fff-hoodutils/files/lib/functions/fff/evalhoodinfo

@@ -1,5 +1,6 @@
+# SPDX-License-Identifier: GPL-3.0-only
+#
 # Copyright 2017 Adrian Schmutzler
-# License GPLv3
 
 . /lib/functions/fff/keyxchange
 

src/packages/fff/fff-hoodutils/files/lib/functions/fff/keyxchange

@@ -1,5 +1,6 @@
+# SPDX-License-Identifier: GPL-3.0-only
+#
 # Copyright 2017 Adrian Schmutzler
-# License GPLv3
 
 . /usr/share/libubox/jshn.sh
 . /etc/firmware_release

src/packages/fff/fff-layer3-config/Makefile

@@ -0,0 +1,32 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-layer3-config
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-layer3-config
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken Layer3 firmware configuration tools
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:= \
+		+fff-boardname \
+		+fff-config \
+		+fff-dhcp \
+		+fff-network
+endef
+
+define Package/fff-layer3-config/description
+	This package provides the means for configuring the gateway
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-layer3-config/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-layer3-config))

src/packages/fff/fff-layer3-config/files/etc/init.d/fff-layer3-update

@@ -0,0 +1,17 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+boot() {
+	# Reapply gateway settings, if configuration succeeds
+	if yes | configure-layer3 -c; then
+		configure-layer3 -a
+	else
+		configure-layer3 -r
+	fi
+
+	# first we disable the init.d
+	/etc/init.d/fff-layer3-update disable
+	# we must delete the symlink manually
+	rm -f /etc/rc.d/S99fff-layer3-update
+}

src/packages/fff/fff-layer3-config/files/etc/layer3.d/01-version

@@ -1,13 +1,13 @@
 configure() {
 	# check if gateway config exists
-	if ! uci -q show gateway > /dev/null; then
+	if ! uci show gateway > /dev/null; then
 		echo "ERROR: Gateway config could not be parsed or does not exist."
 
 		return 1
 	fi
 
 	# check version of configuration
-	local expected_version=1
+	local expected_version=2
 	local config_version=$(uci -q get gateway.meta.config_version)
 
 	if ! [ -n "$config_version" ]; then

src/packages/fff/fff-layer3-config/files/etc/layer3.d/20-vlan

@@ -13,10 +13,15 @@ configure() {
 		local ports="$(uci -q get gateway.$vlan.ports)"
 		local name="$SWITCHDEV"_$vlan
 
-		uci set network.$name='switch_vlan'
+		if [ "$DSA" = "1" ]; then
+			uci set network.$name='bridge-vlan'
+		else
+			uci set network.$name='switch_vlan'
+		fi
+
 		uci set network.$name.device="$(uci get network.$SWITCHDEV.name)"
 		uci set network.$name.vlan="$vlan"
-		uci set network.$name.ports="$CPUPORT $ports"
+		uci set network.$name.ports="$(get_cpu_port) $ports"
 	}
 
 	remove_vlan() {
@@ -34,6 +39,7 @@ configure() {
 
 	config_load network
 	config_foreach remove_vlan switch_vlan
+	config_foreach remove_vlan bridge-vlan
 
 	config_load gateway
 	config_foreach add_vlan vlan

src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-client

@@ -6,55 +6,54 @@ BOARD="$(uci get board.model.name)"
 configure() {
 	# ipaddr
 	#remove old ipaddr
-	uci -q del network.mesh.ipaddr
+	uci -q del network.client.ipaddr
 	#set new ipaddr
 	if ipaddr=$(uci -q get gateway.@client[0].ipaddr); then
 		for ip in $ipaddr; do
-			uci add_list network.mesh.ipaddr=$ip
+			uci add_list network.client.ipaddr=$ip
 		done
 	else
 		echo "WARNING: No client ipaddr set!"
 	fi
 	#put interface routes from set addresses into fff table
-	uci set network.mesh.ip4table='fff'
+	uci set network.client.ip4table='fff'
 
 	# ip6addr
 	#remove old ip6addr
-	for ip in $(uci get network.mesh.ip6addr); do
+	for ip in $(uci -q get network.client.ip6addr); do
 		if echo "$ip" | grep -v -e "fdff:" -e "fe80::1/64" > /dev/null; then
-			uci del_list network.mesh.ip6addr="$ip"
+			uci del_list network.client.ip6addr="$ip"
 		fi
 	done
 	#set new ip6addr
 	if ip6addr=$(uci -q get gateway.@client[0].ip6addr); then
 		for ip in $ip6addr; do
-			uci add_list network.mesh.ip6addr=$ip
+			uci add_list network.client.ip6addr=$ip
 		done
 	else
 		echo "WARNING: No client ip6addr set!"
 	fi
 	#put interface routes from set addresses into fff table
-	uci set network.mesh.ip6table='fff'
+	uci set network.client.ip6table='fff'
 
 	# dhcp
-	uci -q del dhcp.mesh.start
-	uci -q del dhcp.mesh.limit
+	uci -q del dhcp.client.start
+	uci -q del dhcp.client.limit
 	if dhcp_start=$(uci -q get gateway.@client[0].dhcp_start); then
-		uci set dhcp.mesh=dhcp
-		uci set dhcp.mesh.interface=mesh
-		uci set dhcp.mesh.start=$dhcp_start
-		uci set dhcp.mesh.limit=$(uci -q get gateway.@client[0].dhcp_limit)
+		uci set dhcp.client=dhcp
+		uci set dhcp.client.interface=client
+		uci set dhcp.client.start=$dhcp_start
+		uci set dhcp.client.limit=$(uci -q get gateway.@client[0].dhcp_limit)
 	else
 		echo "WARNING: No DHCP range start and/or limit set!"
 	fi
 
 	# set interface
 	#remove all eth interfaces
-	ifaces=$(uci get network.mesh.ifname | sed 's/\beth[^ ]* *//g')
 	if vlan=$(uci -q get gateway.@client[0].vlan); then
-		uci set network.mesh.ifname="${SWITCHDEV}.$vlan $ifaces"
+		uci set network.client.ifname="${SWITCHDEV}.$vlan"
 	elif iface=$(uci -q get gateway.@client[0].iface); then
-		uci set network.mesh.ifname="$iface $ifaces"
+		uci set network.client.ifname="$iface"
 	else
 		echo "WARNING: No Interface for client specified"
 	fi

src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip

@@ -0,0 +1,83 @@
+. /lib/functions.sh
+
+configure() {
+	local router_ip
+	local router_ip6
+
+	# clean old addresses
+	uci -q del network.loopback.ipaddr
+	uci -q del network.loopback.ip6addr
+
+	# remove netmask entry that ships by default
+	uci -q del network.loopback.netmask
+
+	# clean old rules
+	remove_rules() {
+		local name="$1"
+
+		# check if filter was added by this script
+		if ! [ "$(uci -q get network.$name.addedbyautoconfig)" = '30-network-routerip' ]; then
+			return
+		fi
+
+		uci -q del network.$name
+	}
+
+	config_load network
+	config_foreach remove_rules rule
+	config_foreach remove_rules rule6
+
+	# add router_ip
+	router_ip=$(uci -q get gateway.meta.router_ip)
+	for ip in $router_ip; do
+		uci -q add_list network.loopback.ipaddr="$ip"
+
+		# CIDR notation required
+		case $ip in
+			*/*)
+				# do nothing; ip is already in CIDR notation
+				;;
+			*)
+				ip="$ip/32"
+				;;
+		esac
+
+		config=$(uci add network rule)
+		uci -q set network.$config.src="$ip"
+		uci -q set network.$config.lookup='fff'
+		# default prio for the ip4table interface option is 10000
+		uci -q set network.$config.priority='10000'
+		uci -q set network.$config.addedbyautoconfig='30-network-routerip'
+	done
+
+	# add router_ip6
+	router_ip6=$(uci -q get gateway.meta.router_ip6)
+	for ip in $router_ip6; do
+		uci -q add_list network.loopback.ip6addr="$ip"
+
+		# CIDR notation required
+		case $ip in
+			*/*)
+				# do nothing; ip is already in CIDR notation
+				;;
+			*)
+				ip="$ip/128"
+				;;
+		esac
+
+		config=$(uci add network rule6)
+		uci -q set network.$config.src="$ip"
+		uci -q set network.$config.lookup='fff'
+		# default prio for the ip6table interface option is 10000
+		uci -q set network.$config.priority='10000'
+		uci -q set network.$config.addedbyautoconfig='30-network-routerip'
+	done
+}
+
+apply() {
+	uci commit network
+}
+
+revert() {
+	uci revert network
+}

src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-wan

@@ -0,0 +1,21 @@
+# load board specific properties
+BOARD="$(uci get board.model.name)"
+. /etc/network.$BOARD
+
+configure() {
+	if vlan=$(uci -q get gateway.@wan[0].vlan); then
+		uci set network.wan.ifname="${SWITCHDEV}.$vlan"
+	elif iface=$(uci -q get gateway.@wan[0].iface); then
+		uci set network.wan.ifname="$iface"
+	else
+		echo "WARNING: No vlan/interface for WAN specified. The default setting won't be overwritten."
+	fi
+}
+
+apply() {
+	uci commit network
+}
+
+revert() {
+	uci revert network
+}

src/packages/fff/fff-layer3-config/files/etc/uci-defaults/20-l3config-migrate-dsa

@@ -0,0 +1,79 @@
+## this script migrates configs from version 1 to 2.
+##
+## with version 2 the switchport names of some devices changed
+## due to the switch to DSA
+
+
+BOARD="$(uci get board.model.name)"
+
+# only migrate appropriate config versions
+[ "$(uci -q get gateway.meta.config_version)" = "1" ] || exit 1
+
+translate_ports() {
+	local vlan="$1"
+	local oldports="$(uci -q get gateway.$vlan.ports)"
+	local newports
+
+	local name
+	local tag
+
+	for port in $oldports; do
+		# generate new tagged/untagged syntax
+		if [ -z "${port##*t}" ]; then
+			# port is tagged
+			tag=":t"
+		else
+			# port is untagged
+			tag=":*"
+		fi
+
+		# generate new name
+		case "$BOARD" in
+			ubnt,edgerouter-x|\
+			ubnt,edgerouter-x-sfp)
+				case "${port%%t}" in
+					0) name="eth0" ;;
+					1) name="eth1" ;;
+					2) name="eth2" ;;
+					3) name="eth3" ;;
+					4) name="eth4" ;;
+					5) name="eth5" ;;
+					*) name="" ;;
+				esac
+				;;
+			netgear,r6220)
+				case "${port%%t}" in
+					0) name="lan1" ;;
+					1) name="lan2" ;;
+					2) name="lan3" ;;
+					3) name="lan4" ;;
+					4) name="wan" ;;
+					*) name="" ;;
+				esac
+				;;
+		esac
+
+		# catch empty name (invalid entry or old cpuport)
+		[ -z "$name" ] && continue
+
+		# assemble new port name
+		newports="$newports ${name}${tag}"
+	done
+
+	# cleanup unnecessary spaces
+	newports=$(echo "$newports" | xargs)
+
+	uci set gateway.$vlan.ports="$newports"
+}
+
+case "$BOARD" in
+	ubnt,edgerouter-x|\
+	ubnt,edgerouter-x-sfp|\
+	netgear,r6220)
+		config_load gateway
+		config_foreach translate_ports vlan
+		;;
+esac
+
+uci set gateway.meta.config_version='2'
+uci commit gateway

src/packages/fff/fff-layer3-config/files/usr/sbin/configure-layer3

@@ -1,14 +1,5 @@
 #!/bin/sh
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
-# GNU General Public License for more details.
-
+# SPDX-License-Identifier: GPL-3.0-or-later
 
 # IMPORTANT!!
 # DO NOT RUN THIS IN CRONJOB!
@@ -16,9 +7,10 @@
 execute_subshell() {
 	if [ $# -ne 1 ]; then
 		echo "Usage:" "$0" "<function>"
+		return 1
 	fi
 
-	for script in /etc/gateway.d/*; do
+	for script in /etc/layer3.d/*; do
 		(
 			# unset function to prevent executing parents shell function
 			unset -f "$1"
@@ -32,7 +24,7 @@ execute_subshell() {
 		if [ $? -ne 0 ]; then
 			echo
 			echo "Error when executing" "$1" "from" "$(basename "$script")"
-			exit 1
+			return 1
 		fi
 	done
 }
@@ -41,40 +33,65 @@ configure() {
 	echo "This script might remove existing vlans, interfaces, addresses, etc."
 	read -r -p "Do you really want to continue? (y/n) " response
 	if ! ( [ "$response" == "y" ] || [ "$response" == "Y" ] ); then
-		exit 1
+		return 1
 	fi
 
 	echo
-	execute_subshell configure
+	execute_subshell configure || return $?
 
-	exit 0
+	return 0
 }
 
 reload_services() {
 	execute_subshell reload
 	reload_config
+
+	return 0
 }
 
 apply_changes() {
 	execute_subshell apply
 	reload_services
-	exit 0
+
+	return 0
 }
 
 revert_changes() {
 	execute_subshell revert
-	exit 0
+
+	return 0
+}
+
+keep_changes() {
+	if [ -f "/tmp/configure-layer3-pid" ]; then
+		echo "Keep changes"
+		kill -9 $(cat /tmp/configure-layer3-pid)
+		rm /tmp/configure-layer3-pid
+		# We need exit because trap in test_changes() will not stop
+		# the script here and revert settings otherwise
+		exit
+	else
+		echo "configure-layer3 -t is not running"
+	fi
 }
 
 test_changes() {
+	echo $$ > /tmp/configure-layer3-pid
+	trap keep_changes SIGINT SIGTERM
+	trap : SIGHUP
+
 	reload_services
 
 	sleep 5
-	echo "Configuration reloaded. Changes will be reverted in 200s."
-	echo "Kill this script to keep changes."
-	sleep 200
-	echo "Reverting changes.."
 
+	echo "Configuration reloaded. Changes will be reverted in 200s."
+	echo "Kill this script or use configure-layer3 -k to keep changes."
+
+	sleep 200
+
+	echo "Reverting changes.."
+	# on revert we must delete the pid-file
+	rm /tmp/configure-layer3-pid
 	revert_changes
 	reload_services
 }
@@ -86,6 +103,7 @@ usage() {
 	echo "Options:"
 	echo "	-c: configure. No commit, no restart!"
 	echo "	-t: test changes. Restarts services, waits up to 200s for SIGINT"
+	echo "	-k: keep changes from test mode"
 	echo "	-a: apply changes"
 	echo "	-r: revert changes"
 }
@@ -98,6 +116,7 @@ fi
 case "$1" in
 	-c) configure ;;
 	-t) test_changes ;;
+	-k) keep_changes ;;
 	-a) apply_changes ;;
 	-r) revert_changes ;;
 	*) usage; exit 1 ;;

src/packages/fff/fff-layer3-snat/Makefile

@@ -0,0 +1,31 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-layer3-snat
+PKG_RELEASE:=$(COMMITCOUNT)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-layer3-snat
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken layer3 configuration with SNAT
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:= \
+		+fff-firewall \
+		+fff-layer3-config \
+		+kmod-ipt-nat
+endef
+
+define Package/fff-layer3-snat/description
+	With this package it is possible to make SNAT with IPv4 on the router
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-layer3-snat/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-layer3-snat))

src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf

@@ -0,0 +1,34 @@
+configure() {
+	# first we delete the snat config
+	uci -q del network.client.fff_snat
+	uci -q del network.client.fff_snat_sourceip
+	if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then
+
+		# first check the config is plausible
+		if ! routerip=$(uci -q get gateway.meta.router_ip); then
+			echo "ERROR: No router_ip set, which is required for SNAT!"
+			return 1
+		fi
+		if ! uci -q get gateway.@client[0].ipaddr >/dev/null; then
+			echo "ERROR: No ipaddr set, which is required for SNAT!"
+			return 1
+		fi
+
+		# keep only the first IP
+		routerip=${routerip%% *}
+		# keep only the IP without the CIDR
+		routerip=${routerip%%/*}
+
+		# We set the snat config
+		uci set network.client.fff_snat=1
+		uci set network.client.fff_snat_sourceip=$routerip
+	fi
+}
+
+apply() {
+	uci commit network
+}
+
+revert() {
+	uci revert network
+}