build(deps): bump korthout/backport-action from 1.2.0 to 1.3.1

.github/labeler.yml

@@ -28,7 +28,7 @@
   - package/gluon-mesh-vpn-fastd/**
 "3. topic: firewall":
   - package/**/*-firewall
-  - package/gluon-ebtables-*/**
+  - package/gluon-nftables-*/**
 "3. topic: hardware":
   - package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac
   - package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua

.github/workflows/backport.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Create backport PRs
-        uses: korthout/backport-action@v1.2.0
+        uses: korthout/backport-action@v1.3.1
         with:
           # Config README: https://github.com/korthout/backport-action#backport-action
           pull_description: |-

.luacheckrc

@@ -81,10 +81,17 @@ files["package/**/luasrc/lib/gluon/**/controller/*"] = {
 	},
 }
 
-files["package/**/luasrc/lib/gluon/ebtables/*"] = {
+files["package/**/luasrc/lib/gluon/nftables/*"] = {
 	read_globals = {
-		"chain",
+		"path",
+		"include",
 		"rule",
+
+		"bridge_rule",
+		"bridge_chain",
+		"bridge_table",
+		"bridge_include_rule",
+		"bridge_include_table",
 	},
 	max_line_length = false,
 }

Makefile

@@ -45,6 +45,7 @@ GLUON_PACKAGEDIR ?= $(GLUON_OUTPUTDIR)/packages
 GLUON_DEBUGDIR ?= $(GLUON_OUTPUTDIR)/debug
 GLUON_TARGETSDIR ?= targets
 GLUON_PATCHESDIR ?= patches
+GLUON_PREFIX ?= openwrt
 
 $(eval $(call mkabspath,GLUON_TMPDIR))
 $(eval $(call mkabspath,GLUON_OUTPUTDIR))
@@ -60,6 +61,7 @@ GLUON_MULTIDOMAIN ?= 0
 GLUON_AUTOREMOVE ?= 0
 GLUON_DEBUG ?= 0
 GLUON_MINIFY ?= 1
+GLUON_BUILDTYPE ?= gluon
 
 # Can be overridden via environment/command line/... to use the Gluon
 # build system for non-Gluon builds
@@ -71,7 +73,7 @@ GLUON_VARS = \
 	GLUON_VERSION GLUON_SITE_VERSION \
 	GLUON_RELEASE GLUON_REGION GLUON_MULTIDOMAIN GLUON_AUTOREMOVE GLUON_DEBUG GLUON_MINIFY GLUON_DEPRECATED \
 	GLUON_DEVICES GLUON_TARGETSDIR GLUON_PATCHESDIR GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR GLUON_DEBUGDIR \
-	GLUON_SITEDIR GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \
+	GLUON_SITEDIR GLUON_BUILDTYPE GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS GLUON_PREFIX \
 	GLUON_TARGET BOARD SUBTARGET
 
 unexport $(GLUON_VARS)

README.md

@@ -2,6 +2,14 @@
 [![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/license/bsd-2-clause/)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/freifunk-gluon/gluon?sort=semver)](https://github.com/freifunk-gluon/gluon/releases/latest)
 
+# FFGraz Fork
+
+This is a fork of gluon to add olsrd and L3 mesh support.
+
+This is intended to be eventually upstreamed. Currently it's a bit messy and the best documentation of the site config would be the  [ffgraz site](https://github.com/mkg20001/funkfeuer-graz-gluon-site/blob/master/site.conf)
+
+See [the github project](https://github.com/ffgraz/gluon/projects/1?query=is%3Aopen+sort%3Aupdated-desc) for more details
+
 # Gluon
 
 Gluon is a firmware framework to build preconfigured OpenWrt images for public mesh networks.

contrib/ci/olsr-site/site.conf

@@ -23,10 +23,14 @@
   -- Prefixes used by clients within the mesh.
   -- prefix6 is required, prefix4 can be omitted if next_node.ip4
   -- is not set.
+  prefix4 = '10.0.0.0/20',
   prefix6 = 'fdff:cafe:cafe:cafe::/64',
 
   -- Prefixes used by nodes within the mesh
   node_prefix6 = 'fdff:cafe:cafe:cafe::/64',
+  node_prefix4 = '10.12.0.0/16',
+  node_prefix4_range = 24,
+  node_prefix4_temporary = true,
 
   -- Timezone of your community.
   -- See https://openwrt.org/docs/guide-user/base-system/system_configuration#time_zones
@@ -96,7 +100,16 @@
   -- Options specific to routing protocols (optional)
   mesh = {
     vxlan = true,
-    olsrd = {},
+    -- [olsr] OLSR configuration with v1/v2 parallel mesh
+    olsrd = {
+      v1 = {
+        enable = true,
+      },
+      v2 = {
+        enable = true,
+        ip6_exclusive_mode = true,
+      }
+    },
   },
 
   mesh_vpn = {

contrib/ci/olsr-site/site.mk

@@ -7,9 +7,6 @@
 
 GLUON_FEATURES := \
 	autoupdater \
-	ebtables-filter-multicast \
-	ebtables-filter-ra-dhcp \
-	ebtables-limit-arp \
 	mesh-olsrd \
 	mesh-vpn-fastd \
 	respondd \

contrib/docker/Dockerfile

@@ -6,6 +6,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     file \
     git \
     python3 \
+    python3-distutils \
     build-essential \
     gawk \
     unzip \

contrib/push_pkg.sh

@@ -7,7 +7,6 @@ topdir="$(realpath "$(dirname "${0}")/../openwrt")"
 # defaults to qemu run script
 ssh_host=localhost
 build_only=0
-preserve_config=1
 
 print_help() {
 	echo "$0 [OPTIONS] PACAKGE_DIR [PACKAGE_DIR] ..."
@@ -18,10 +17,6 @@ print_help() {
 	echo "             running qemu instance started by run_qemu.sh."
 	echo " -p PORT     use PORT as ssh port (default is 22)"
 	echo " -b          build only, do not push"
-	echo " -P          do not preserve /etc/config. By default, if a package"
-	echo "             defines a config file in /etc/config, this config file"
-	echo "             will be preserved. If you specify this flag, the package"
-	echo "             default will be installed instead."
 	echo ""
 	echo ' To change gluon variables, run e.g. "make config GLUON_MINIFY=0"'
 	echo ' because then the gluon logic will be triggered, and openwrt/.config'
@@ -33,7 +28,6 @@ print_help() {
 while getopts "p:r:hbP" opt
 do
 	case $opt in
-		P) preserve_config=0;;
 		p) ssh_port="${OPTARG}";;
 		r) ssh_host="${OPTARG}"; [ -z "$ssh_port" ] && ssh_port=22;;
 		b) build_only=1;;
@@ -121,18 +115,16 @@ while [ $# -gt 0 ]; do
 			fi
 		done
 
-		if [ "$preserve_config" -eq 0 ]; then
-			opkg_flags=" --force-maintainer"
-		fi
-
 		# shellcheck disable=SC2029
 		if [ -n "$filename" ]; then
-			scp -O -P "${ssh_port}" "$feed/$filename" "root@${BL}${ssh_host}${BR}:/tmp/${filename}"
+			scp -P "${ssh_port}" "$feed/$filename" "root@${BL}${ssh_host}${BR}:/tmp/${filename}"
 			ssh -p "${ssh_port}" "root@${ssh_host}" "
 				set -e
-				echo Running opkg:
-				opkg install --force-reinstall ${opkg_flags} '/tmp/${filename}'
+				echo Extracting:
+				tar xvfz '/tmp/${filename}' -C /tmp
+				tar xvfz '/tmp/data.tar.gz' -C /
 				rm '/tmp/${filename}'
+				rm /tmp/*.tar.gz
 				gluon-reconfigure
 			"
 		else

docs/dev/packages.rst

@@ -29,10 +29,10 @@ the workflow using these scripts:
   contrib/run_qemu.sh output/images/factory/[...]-x86-64.img
 
   # apply changes to the desired package
-  vi package/gluon-ebtables/files/etc/init.d/gluon-ebtables
+  vi package/gluon-nftables/files/etc/init.d/gluon-nftables
 
   # rebuild and push the package to the qemu instance
-  contrib/push_pkg.sh package/gluon-ebtables/
+  contrib/push_pkg.sh package/gluon-nftables/
 
   # test your changes
   ...
@@ -41,7 +41,7 @@ the workflow using these scripts:
   ...
 
   # rebuild and push the package to the qemu instance
-  contrib/push_pkg.sh package/gluon-ebtables/
+  contrib/push_pkg.sh package/gluon-nftables/
 
   # test your changes
   ...
@@ -83,7 +83,7 @@ Note that:
 * If you add new packages, you must run ``make update config GLUON_TARGET=...``.
 * You can change the gluon target of the target machine via ``make config GLUON_TARGET=...``.
 * If you want to update the ``site.conf`` of the target machine, use ``push_pkg.sh package/gluon-site/``.
-* Sometimes when things break, you can heal them by compiling a package with its dependencies: ``cd openwrt; make package/gluon-ebtables/clean; make package/gluon-ebtables/compile; cd ..``.
+* Sometimes when things break, you can heal them by compiling a package with its dependencies: ``cd openwrt; make package/gluon-nftables/clean; make package/gluon-nftables/compile; cd ..``.
 * You can exit qemu by pressing ``CTRL + a`` and ``c`` afterwards.
 
 Gluon package makefiles

docs/features/olsrd.rst

@@ -0,0 +1,57 @@
+OLSRD
+===========
+
+[todo: re-work for upstream]
+
+Gluon supports OLSRD, both version 1 and 2 in the following modes:
+
+- olsrd
+  - v4 only
+- olsrd2
+  - v4 only
+  - v6 only
+  - dual-stack
+
+olsrdv1 support is intended mostly for migration purposes
+and as such v1 IPv6 support is not going to be added
+
+Configuration
+-------------
+
+The LAN will automatically be determined by the specified prefix and prefix6
+
+The following options exist
+
+.. code-block:: lua
+    {
+      mesh {
+        olsrd = {
+          v1 = {
+            -- Enable v1
+            -- enable = true,
+
+            -- Set additional olsrd configuration
+            -- config = {
+            --   DebugLevel = 0,
+            --   IpVersion = 4,
+            --   AllowNoInt = yes,
+            -- },
+          },
+          v2 = {
+            -- Enable v2
+            enable = true,
+
+            -- Make v2 IPv6 exclusive
+            -- ip6_exclusive_mode = true,
+
+            -- Make v2 IPv4 exclusive (useful for v1 co-existence)
+            -- ip4_exclusive_mode = true,
+
+            -- Set additional olsrd2 configuration
+            -- config = {
+            --
+            -- }
+          }
+        }
+      }
+    }

docs/features/static-ip.rst

@@ -0,0 +1,21 @@
+Static IP managment
+-------------------
+
+A hack for graz
+
+Static IP managment has the following options
+
+.. code-block:: lua
+    {
+      -- Auto-assign addresses from an IPv4 range
+      node_prefix4 = '10.12.23.0/16',
+      node_prefix4_range = 24, -- range of node_prefix4 that should be randomized with mac
+      node_prefix4_temporary = true, -- (def: true) flag to indicate whether or not this is a temporary range that will need manual change for permanent assignments or not
+
+      -- Auto-assign addresses from an IPv6 range
+      node_prefix6 = 'fdff:cafe:cafe:cafe:23::/128',
+      node_prefix6_range = 84, -- (def: 64) range of node_prefix6 that should be randomized with mac
+      node_prefix6_temporary = true, -- (def: false) flag to indicate whether or not this is a temporary range that will need manual change for permanent assignments or not
+    }
+
+Note that these addresses are intended to be temporary

docs/index.rst

@@ -28,8 +28,10 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
   features/dns-cache
   features/monitoring
   features/multidomain
+  features/olsrd
   features/authorized-keys
   features/roles
+  features/static-ip
   features/vpn
 
 .. toctree::
@@ -62,10 +64,10 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
 
   package/gluon-client-bridge
   package/gluon-config-mode-domain-select
-  package/gluon-ebtables-filter-multicast
-  package/gluon-ebtables-filter-ra-dhcp
-  package/gluon-ebtables-limit-arp
-  package/gluon-ebtables-source-filter
+  package/gluon-nftables-filter-multicast
+  package/gluon-nftables-filter-ra-dhcp
+  package/gluon-nftables-limit-arp
+  package/gluon-nftables-source-filter
   package/gluon-hoodselector
   package/gluon-logging
   package/gluon-mesh-batman-adv

docs/multidomain-site-example/site.mk

@@ -7,9 +7,9 @@
 
 GLUON_FEATURES := \
 	autoupdater \
-	ebtables-filter-multicast \
-	ebtables-filter-ra-dhcp \
-	ebtables-limit-arp \
+	nftables-filter-multicast \
+	nftables-filter-ra-dhcp \
+	nftables-limit-arp \
 	mesh-batman-adv-15 \
 	mesh-vpn-fastd \
 	respondd \

docs/package/gluon-mesh-batman-adv.rst

@@ -13,7 +13,7 @@ domain and will see each other "as if they were connected to one giant switch".
 This comes with a set of advantages (like quick and economical client device roaming,
 layer 3 protocol agnosticism, broadcast/multicast). But also impediments, especially
 layer 2 multicast overhead - which Gluon tries to mitigate to achieve a certain degree
-of scalability. See :doc:`gluon-ebtables-filter-multicast` and
+of scalability. See :doc:`gluon-nftables-filter-multicast` and
 :ref:`batman-adv-multicast-architecture` for details.
 
 B.A.T.M.A.N. Advanced project homepage:
@@ -53,9 +53,9 @@ While generally broadcast capability is a nice feature of a layer 2
 mesh protocol, it quickly reaches its limit.
 
 For meshes with about **50 nodes / 100 clients, or more** it is therefore highly
-recommended to add the :doc:`gluon-ebtables-filter-multicast`
+recommended to add the :doc:`gluon-nftables-filter-multicast`
 package. Also, with the *mesh-batman-adv-15* feature,
-:doc:`gluon-ebtables-limit-arp` is selected by default.
+:doc:`gluon-nftables-limit-arp` is selected by default.
 
 Furthermore, by default IGMP and MLD messages are filtered. See
 :ref:`site.conf mesh section <user-site-mesh>` and

docs/package/gluon-ebtables-filter-multicast.rst → docs/package/gluon-nftables-filter-multicast.rst

@@ -1,7 +1,7 @@
-gluon-ebtables-filter-multicast
+gluon-nftables-filter-multicast
 ===============================
 
-The *gluon-ebtables-filter-multicast* package filters out various kinds of
+The *gluon-nftables-filter-multicast* package filters out various kinds of
 non-essential multicast traffic, as this traffic often constitutes a
 disproportionate burden on the mesh network. Unfortunately, this breaks many useful services
 (Avahi, Bonjour chat, ...), but this seems unavoidable, as the current Avahi implementation is

docs/package/gluon-ebtables-filter-ra-dhcp.rst → docs/package/gluon-nftables-filter-ra-dhcp.rst

@@ -1,7 +1,7 @@
-gluon-ebtables-filter-ra-dhcp
+gluon-nftables-filter-ra-dhcp
 =============================
 
-The *gluon-ebtables-filter-ra-dhcp* package tries to prevent common
+The *gluon-nftables-filter-ra-dhcp* package tries to prevent common
 misconfigurations (i.e. connecting the client interface of a Gluon
 node to a private network) from causing issues for either of the
 networks.

docs/package/gluon-ebtables-limit-arp.rst → docs/package/gluon-nftables-limit-arp.rst

@@ -1,14 +1,14 @@
-gluon-ebtables-limit-arp
+gluon-nftables-limit-arp
 ========================
 
-The *gluon-ebtables-limit-arp* package adds filters to limit the
+The *gluon-nftables-limit-arp* package adds filters to limit the
 amount of ARP requests client devices are allowed to send into the
 mesh.
 
 The limits per client device, identified by its MAC address, are
 6 packets per minute and 1 per second per node in total.
 A burst of up to 50 ARP requests is allowed until the rate-limiting
-takes effect (see ``--limit-burst`` in ``ebtables(8)``).
+takes effect (see ``--limit-burst`` in ``nftables(8)``).
 
 Furthermore, ARP requests for a target IP already present in the
 batman-adv DAT cache are excluded from rate-limiting, in regard
@@ -26,4 +26,4 @@ feature is *mesh-batman-adv-15*.
 It can be unselected via::
 
     GLUON_SITE_PACKAGES := \
-      -gluon-ebtables-limit-arp
+      -gluon-nftables-limit-arp