This patch adds a new gluon-ebtables package to filter IGMP/MLD messages
via ebtables.

For one thing this reduces multicast overhead: About one third of all
ICMPv6 multicast traffic in Lübeck or Hamburg is MLD.

Furthermore it removes a potential Distributed Denial-of-Service vector
(see Gluon ticket #553).

Finally, it is a prerequisite for enabling bridge multicast snooping in
a decentral and robust fashion.

Note that IGMP/MLD are filtered for multicast traffic coming from
the mesh, too (new MULTICAST_IN), as unfortunately there seem to
be other queriers somewhere in the mesh at least for Freifunk
Lübeck. Also adding these rules to be prepared to anyone intentionally
or unintentionally disabling these filters on his/her node.

Node operators not running Gluon (for instance gateway nodes) should
make sure to either enable multicast_router towards bat0 or disable
multicast snooping entirely if they have a bridge on top of bat0.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

ebtables actually skips any IPv6 extension headers like the hop-by-hop
one. So this rule is actually void.

The intend back then was to allow passing MLD messages into the mesh.
Since extension headers are skipped, the general icmpv6 rule will
actually match MLD messages. So the hop-by-hop rule is unnecessary,
too.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

Don't fork reboot process before all package hooks have been handled and
rendering is complete.

Replace debug.setfenv hack to close stdout with nixio.dup.

Fixes #772

This was causing "recursive dependency" errors and potentially broken
configurations.

Integrate OpenMesh devices available in OpenWrt Chaos Calmer:

 - MR600
 - MR600v2
 - MR900
 - MR900v2
 - OM2P
 - OM2P-HS
 - OM2P-HSv2
 - OM2P-LC
 - OM2Pv2
 - OM5P
 - OM5P-AN

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>

The image validation currently fails on some devices (tested OpenMesh)
because it isn't done via sysupgrade. But the checks depend partially on
the integration in sysupgrade (e.g. via loops that can be stopped via
"break statements").

Instead of hacking its own version check, it is easier and better tested to
just use 'sysupgrade -T' like it is already done by LuCI.

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>

Fixes #764

Also backport some patches improving QCA956x support.

Lua's tables are 1-based, so we must decrement the index by 1 to get the
desired MAC addresses. By not doing this, the second IBSS interface would
get the address with index 8, but only indices 0..7 are available.

Fixes: c73a12e0

Make pkg-config, mkimage and gcc build with GCC 6 as host compiler. Fix
miscompilation of node.

Fixes #755

Fixes #687

Fixes VLANs with shell protos on top of WLAN devices.

Fixes #754

Fixes #731

This also reverts commit 24d8695d...

Signed-off-by: kb-light <freifunk@kb-light.de>

build: fix inconsistent handling of BROKEN variable.

There are a few devices which have more than one LAN interface (for example
some revision of the TL-WR941ND, which uses a DSA-based switch, so each
switch port has its own netdev.) On these devices we need a bridge for
mesh-on-lan (as the alternative of adding them to batman-adv individually
would need too many MAC addresses.)

While ath9k/ath10k devices can supprt VIFs with any combination of MAC addresses, there are also adapters which have a hardware MAC filter which only allows a few bits to differ. This commit changes the addresses of all VIFs to ony differ in the last 3 bits, which is required to support many Ralink/Mediatek based WLAN adapters.

Technically, the new addresses are generated by calculating an MD5 hash of the primary MAC address and using a part of this hash as a prefix for the MAC addresses.

The addresses (BSSIDs) of the AP VIFs are also reused for the LAN and WAN interfaces in mesh-on-LAN/WAN mode to reduce the number of needed addresses, and thus reduce the chance of collisions. This is not a problem as the MAC addresses of the AP VIFs are never used except as BSSID, and thus not seen by routing protocols like batman-adv.

Fixes #648

[Matthias Schiffer: rewrote commit message]

We have Git for history, there's no reason to keep old files that aren't
used anymore.

Fixes #721

It is not used anymore.

Fixes #733