package/gluon-mesh-vpn-wireguard/src/respondd.c

+/* SPDX-FileCopyrightText: 2020, Leonardo Mörlein <me@irrelefant.net> */
+/* SPDX-FileCopyrightText: 2016, Matthias Schiffer <mschiffer@universe-factory.net> */
+/* SPDX-License-Identifier: BSD-2-Clause */
+
+
+#include <respondd.h>
+
+#include <json-c/json.h>
+#include <libgluonutil.h>
+#include <uci.h>
+
+#include <ctype.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include "libubus.h"
+
+static struct json_object * stdout_read(const char *cmd, const char *skip, bool oneword) {
+	FILE *f = popen(cmd, "r");
+	if (!f)
+		return NULL;
+
+	char *line = NULL;
+	size_t len = 0;
+	size_t skiplen = strlen(skip);
+
+	ssize_t read_chars = getline(&line, &len, f);
+
+	pclose(f);
+
+	if (read_chars < 1) {
+		free(line);
+		return NULL;
+	}
+
+	if (line[read_chars-1] == '\n')
+		line[read_chars-1] = '\0';
+
+	const char *content = line;
+	if (strncmp(content, skip, skiplen) == 0)
+		content += skiplen;
+
+	if (oneword) {
+		for (int i = 0; i < len; i++) {
+			if (isspace(line[i])) {
+				line[i] = 0;
+			}
+		}
+	}
+
+	struct json_object *ret = gluonutil_wrap_string(content);
+	free(line);
+	return ret;
+}
+
+static struct json_object * get_wireguard_public_key(void) {
+	return stdout_read("exec /lib/gluon/mesh-vpn/wireguard_pubkey.sh", "", false);
+}
+
+static struct json_object * get_wireguard_version(void) {
+	return stdout_read("exec wg -v", "wireguard-tools ", true);
+}
+
+static bool wireguard_enabled(void) {
+	bool enabled = true;
+
+	struct uci_context *ctx = uci_alloc_context();
+	if (!ctx)
+		goto disabled_nofree;
+	ctx->flags &= ~UCI_FLAG_STRICT;
+
+	struct uci_package *p;
+	if (uci_load(ctx, "network", &p))
+		goto disabled;
+
+	struct uci_section *s = uci_lookup_section(ctx, p, "wg_mesh");
+	if (!s)
+		goto disabled;
+
+	const char *disabled_str = uci_lookup_option_string(ctx, s, "disabled");
+	if (!disabled_str || !strcmp(disabled_str, "1"))
+		enabled = false;
+
+disabled:
+	uci_free_context(ctx);
+
+disabled_nofree:
+	return enabled;
+}
+
+static bool get_pubkey_privacy(void) {
+	bool ret = true;
+	struct json_object *site = NULL;
+
+	site = gluonutil_load_site_config();
+	if (!site)
+		goto end;
+
+	struct json_object *mesh_vpn;
+	if (!json_object_object_get_ex(site, "mesh_vpn", &mesh_vpn))
+		goto end;
+
+	struct json_object *pubkey_privacy;
+	if (!json_object_object_get_ex(mesh_vpn, "pubkey_privacy", &pubkey_privacy))
+		goto end;
+
+	ret = json_object_get_boolean(pubkey_privacy);
+
+end:
+	json_object_put(site);
+
+	return ret;
+}
+
+static struct json_object * get_wireguard(void) {
+	bool wg_enabled = wireguard_enabled();
+
+	struct json_object *ret = json_object_new_object();
+	json_object_object_add(ret, "version", get_wireguard_version());
+	json_object_object_add(ret, "enabled", json_object_new_boolean(wg_enabled));
+	if (wg_enabled && !get_pubkey_privacy())
+		json_object_object_add(ret, "public_key", get_wireguard_public_key());
+	return ret;
+}
+
+static struct json_object * respondd_provider_nodeinfo(void) {
+	struct json_object *ret = json_object_new_object();
+
+	struct json_object *software = json_object_new_object();
+	json_object_object_add(software, "wireguard", get_wireguard());
+	json_object_object_add(ret, "software", software);
+
+	return ret;
+}
+
+static json_object *blobmsg_attr2json(struct blob_attr *attr, int type)
+{
+	int len = blobmsg_data_len(attr);
+	struct blobmsg_data *data = blobmsg_data(attr);
+	struct blob_attr *inner_attr;
+	json_object *res = NULL;
+	switch(type) {
+		case BLOBMSG_TYPE_STRING:
+			return gluonutil_wrap_string(blobmsg_get_string(attr));
+		case BLOBMSG_TYPE_BOOL:
+			return json_object_new_boolean(blobmsg_get_bool(attr));
+		case BLOBMSG_TYPE_INT16:
+			return json_object_new_double(blobmsg_get_u16(attr));
+		case BLOBMSG_TYPE_INT32:
+			return json_object_new_double(blobmsg_get_u32(attr));
+		case BLOBMSG_TYPE_INT64:
+			return json_object_new_double(blobmsg_get_u64(attr));
+		case BLOBMSG_TYPE_DOUBLE:
+			return json_object_new_double(blobmsg_get_double(attr));
+		case BLOBMSG_TYPE_TABLE:
+			res = json_object_new_object();
+			__blob_for_each_attr(inner_attr, data, len) {
+				json_object_object_add(res, blobmsg_name(inner_attr), blobmsg_attr2json(inner_attr, blobmsg_type(inner_attr)));
+			};
+			break;
+		case BLOBMSG_TYPE_ARRAY:
+			res = json_object_new_array();
+			__blob_for_each_attr(inner_attr, data, len) {
+				json_object_array_add(res, blobmsg_attr2json(inner_attr, blobmsg_type(inner_attr)));
+			}
+			break;
+	}
+
+	return res;
+}
+
+static void cb_wgpeerselector_vpn(struct ubus_request *req, int type, struct blob_attr *msg)
+{
+	json_object_object_add(req->priv, "mesh_vpn", blobmsg_attr2json(msg, type));
+}
+
+static struct json_object * respondd_provider_statistics(void) {
+	struct json_object *ret = json_object_new_object();
+	struct ubus_context *ctx = ubus_connect(NULL);
+	uint32_t ubus_path_id;
+
+	if (!ctx) {
+		fprintf(stderr, "Error in gluon-mesh-vpn-wireguard.so: Failed to connect to ubus.\n");
+		goto err;
+	}
+
+	if (ubus_lookup_id(ctx, "wgpeerselector.wg_mesh", &ubus_path_id)) {
+		goto err;
+	}
+
+	ubus_invoke(ctx, ubus_path_id, "status", NULL, cb_wgpeerselector_vpn, ret, 1000);
+
+err:
+	if (ctx)
+		ubus_free(ctx);
+	return ret;
+}
+
+
+const struct respondd_provider_info respondd_providers[] = {
+	{"nodeinfo", respondd_provider_nodeinfo},
+	{"statistics", respondd_provider_statistics},
+	{}
+};

package/gluon-mesh-wireless-sae/Makefile

+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-wireless-sae
+
+include ../gluon.mk
+
+define Package/gluon-mesh-wireless-sae
+  TITLE:=Encryption of 802.11s Mesh Links through SAE
+  DEPENDS:=+gluon-core +wpa-supplicant-mesh-mbedtls
+endef
+
+$(eval $(call BuildPackageGluon,gluon-mesh-wireless-sae))

package/gluon-mesh-wireless-sae/check_site.lua

+need_boolean({'wifi', 'mesh', 'sae'}, false)
+need_string({'wifi', 'mesh', 'sae_passphrase'}, false)

package/gluon-mesh-wireless-sae/luasrc/lib/gluon/upgrade/205-wireless-mesh-sae

+#!/usr/bin/lua
+
+local site = require 'gluon.site'
+local wireless = require 'gluon.wireless'
+local hash = require 'hash'
+local uci = require('simple-uci').cursor()
+
+
+local function configure_sae(vif)
+	uci:set('wireless', vif, 'encryption', 'sae')
+	uci:set('wireless', vif, 'key', site.wifi.mesh.sae_passphrase() or hash.md5(site.prefix6()))
+end
+
+wireless.foreach_radio(uci, function(radio)
+	local radio_name = radio['.name']
+	local vif = 'mesh_' .. radio_name
+	local enable = site.wifi.mesh.sae(false)
+
+	if uci:get('wireless', vif) then
+		uci:delete('wireless', vif, 'encryption')
+		uci:delete('wireless', vif, 'key')
+
+		if enable then
+			configure_sae(vif)
+		end
+	end
+end)
+
+uci:save('wireless')

package/gluon-mmfd/Makefile

+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mmfd
+
+include ../gluon.mk
+
+define Package/gluon-mmfd
+  TITLE:=Mesh multicast forwarding daemon - Gluon integration
+  DEPENDS:=+mmfd +uc +gluon-core
+endef
+
+$(eval $(call BuildPackageGluon,gluon-mmfd))

package/gluon-mmfd/files/etc/init.d/mmfd

+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=50
+DAEMON=/usr/sbin/mmfd
+SOCKET=/var/run/mmfd.sock
+
+waitforsocket() {
+	while ! echo "get_neighbours" | uc $SOCKET
+	do
+		sleep 1
+		echo "waiting for successful socket connection for mmfd"
+	done
+}
+
+
+start_service() {
+	local interfaces
+	interfaces=$(for dev in $(gluon-list-mesh-interfaces); do echo " -i $dev"; done)
+
+	procd_open_instance
+	# shellcheck disable=SC2086
+	procd_set_param command "$DAEMON" -s "$SOCKET" $interfaces
+	procd_set_param respawn "${respawn_threshold:-60}" "${respawn_timeout:-1}" "${respawn_retry:-0}"
+	procd_set_param stderr 1
+	procd_set_param stdout 1
+	procd_close_instance
+}
+
+mmfd_get_interfaces() {
+	echo get_meshifs | uc $SOCKET | jsonfilter -e "@.mesh_interfaces[@]"
+}
+
+mmfd_has_interface() {
+	mmfd_get_interfaces | grep -qxF "$1"
+}
+
+addif() {
+	echo "add_meshif $1" | uc $SOCKET
+}
+
+delif() {
+	echo "del_meshif $1" | uc $SOCKET
+}
+
+reload_service() {
+	waitforsocket
+
+	for i in $(ubus call network.interface dump | jsonfilter -e "@.interface[@.proto='gluon_mesh' && @.up=true].device")
+	do
+		if ! mmfd_has_interface "$i"; then
+			addif "$i"
+		fi
+	done
+
+	for i in $(mmfd_get_interfaces)
+	do
+		if ! ubus call network.interface dump | jsonfilter -e "@.interface[@.proto='gluon_mesh' && @.up=true].device" | grep -qxF "$i"; then
+			delif "$i"
+		fi
+	done
+}
+
+service_triggers() {
+	local script name
+	# shellcheck disable=SC2154
+	script=$(readlink "$initscript")
+	name=$(basename "${script:-$initscript}")
+
+	procd_open_trigger
+	procd_add_raw_trigger "interface.*" 0 "/etc/init.d/$name" reload
+	procd_close_trigger
+}

package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/140-gluon-mesh-babel-firewall → package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall

@@ -3,15 +3,6 @@
 local uci = require('simple-uci').cursor()
 local site = require "gluon.site"
 
-uci:section('firewall', 'zone', 'l3roamd', {
-	name = 'l3roamd',
-	input = 'ACCEPT',
-	output = 'ACCEPT',
-	forward = 'REJECT',
-	device = 'l3roam+',
-	log = '1',
-})
-
 uci:section('firewall', 'zone', 'mmfd', {
 	name = 'mmfd',
 	input = 'REJECT',
@@ -21,35 +12,12 @@ uci:section('firewall', 'zone', 'mmfd', {
 	log = '1',
 })
 
--- forwardings and respective rules
-uci:section('firewall', 'forwarding', 'fcc', {
-	src = 'local_client',
-	dest = 'local_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcm', {
-	src = 'local_client',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'fmc', {
-	src = 'mesh',
-	dest = 'local_client',
-})
-
-uci:section('firewall', 'forwarding', 'fmm', {
+uci:section('firewall', 'rule',  'mesh_mmfd', {
 	src = 'mesh',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'flc', {
-	src = 'l3roamd',
-	dest = 'local_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcl', {
-	src = 'local_client',
-	dest = 'l3roamd',
+	src_ip = 'fe80::/64',
+	dest_port = '27275',
+	proto = 'udp',
+	target = 'ACCEPT',
 })
 
 uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
@@ -62,7 +30,7 @@ uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
 
 uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
 	src = 'mesh',
-	src_ip = site.node_prefix6(),
+	src_ip = site.node_prefix6() or site.prefix6(),
 	dest_port = '1001',
 	proto = 'udp',
 	target = 'ACCEPT',
@@ -78,26 +46,10 @@ uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
 
 uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
 	src = 'mmfd',
-	src_ip = site.node_prefix6(),
+	src_ip = site.node_prefix6() or site.prefix6(),
 	dest_port = '1001',
 	proto = 'udp',
 	target = 'ACCEPT',
 })
 
-uci:section('firewall', 'rule',  'mesh_mmfd', {
-	src = 'mesh',
-	src_ip = 'fe80::/64',
-	dest_port = '27275',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule', 'mesh_babel', {
-	src = 'mesh',
-	src_ip = 'fe80::/64',
-	dest_port = '6696',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
 uci:save('firewall')

package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface → package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface

@@ -2,10 +2,10 @@
 
 local uci = require('simple-uci').cursor()
 
-uci:delete('network', 'mmfd')
 uci:section('network', 'interface', 'mmfd', {
 	proto = 'static',
 	ifname = 'mmfd0',
 	ip6addr = 'fe80::1/64'
 })
+
 uci:save('network')

package/gluon-neighbour-info/Makefile

 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gluon-neighbour-info
-PKG_VERSION:=1
-PKG_RELEASE:=1
 
 include ../gluon.mk
 

package/gluon-neighbour-info/luasrc/lib/gluon/upgrade/400-neighbour-info-firewall

@@ -4,8 +4,7 @@ local uci = require('simple-uci').cursor()
 
 -- Allow incoming respondd replies to queries on WAN
 -- If the query was via multicast, the response isn't matched by --state RELATED
-uci:section('firewall', 'rule', 'wan_respondd_reply',
-  {
+uci:section('firewall', 'rule', 'wan_respondd_reply', {
 	name = 'wan_respondd_reply',
 	src = 'wan',
 	src_ip = 'fe80::/64',
@@ -13,11 +12,9 @@ uci:section('firewall', 'rule', 'wan_respondd_reply',
 	dest_port = '32768:61000', -- see /proc/sys/net/ipv4/ip_local_port_range
 	proto = 'udp',
 	target = 'ACCEPT',
-  }
-)
+})
 
-uci:section('firewall', 'rule', 'mesh_respondd_reply',
-  {
+uci:section('firewall', 'rule', 'mesh_respondd_reply', {
 	name = 'mesh_respondd_reply',
 	src = 'mesh',
 	src_ip = 'fe80::/64',
@@ -25,7 +22,6 @@ uci:section('firewall', 'rule', 'mesh_respondd_reply',
 	dest_port = '32768:61000', -- see /proc/sys/net/ipv4/ip_local_port_range
 	proto = 'udp',
 	target = 'ACCEPT',
-  }
-)
+})
 
 uci:save('firewall')

package/gluon-neighbour-info/src/gluon-neighbour-info.c

-/*
-	 Copyright (c) 2014, Nils Schneider <nils@nilsschneider.net>
-	 All rights reserved.
-
-	 Redistribution and use in source and binary forms, with or without
-	 modification, are permitted provided that the following conditions are met:
-
-	 1. Redistributions of source code must retain the above copyright notice,
-	 this list of conditions and the following disclaimer.
-	 2. Redistributions in binary form must reproduce the above copyright notice,
-	 this list of conditions and the following disclaimer in the documentation
-	 and/or other materials provided with the distribution.
-
-	 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-	 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-	 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-	 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-	 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-	 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-	 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-	 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-	 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-	 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-	 */
+/* SPDX-FileCopyrightText: 2014, Nils Schneider <nils@nilsschneider.net> */
+/* SPDX-License-Identifier: BSD-2-Clause */
 
 #include <stdbool.h>
 #include <stdio.h>
@@ -37,14 +15,15 @@
 
 void usage() {
 	puts("Usage: gluon-neighbour-info [-h] [-s] [-l] [-c <count>] [-t <sec>] -d <dest> -p <port> -i <if0> -r <request>");
-	puts("  -p <int>         UDP port");
-	puts("  -d <ip6>         destination address (unicast ip6 or multicast group, e.g. ff02:0:0:0:0:0:2:1001)");
+	puts("  -p <int>         UDP port (default: 1001)");
+	puts("  -d <ip6>         destination address (unicast ip6 or multicast group, e.g. ff02:0:0:0:0:0:2:1001, default: ::1)");
 	puts("  -i <string>      interface, e.g. eth0 ");
 	puts("  -r <string>      request, e.g. nodeinfo");
 	puts("  -t <sec>         timeout in seconds (default: 3)");
 	puts("  -s <event>       output as server-sent events of type <event>");
 	puts("                   or without type if <event> is the empty string");
-	puts("  -c <count>       only wait for at most <count> replies");
+	puts("  -c <count>       only wait for at most <count> replies (default: 1");
+	puts("                   if -l is not given for unicast destination addresses)");
 	puts("  -l               after timeout (or <count> replies if -c is given),");
 	puts("                   send another request and loop forever");
 	puts("  -h               this help\n");
@@ -68,8 +47,23 @@ void tv_subtract (struct timeval *r, const struct timeval *a, const struct timev
 	}
 }
 
-ssize_t recvtimeout(int socket, void *buffer, size_t length, int flags, const struct timeval *timeout) {
+void resize_recvbuffer(char **recvbuffer, size_t *recvbuffer_len, size_t recvlen)
+{
+	free(*recvbuffer);
+	*recvbuffer = malloc(recvlen);
+
+	if (!(*recvbuffer)) {
+		perror("Could not resize recvbuffer");
+		exit(EXIT_FAILURE);
+	}
+
+	*recvbuffer_len = recvlen;
+}
+
+ssize_t recvtimeout(int socket, char **recvbuffer, size_t *recvbuffer_len,
+		const struct timeval *timeout) {
 	struct timeval now, timeout_left;
+	ssize_t recvlen;
 
 	getclock(&now);
 	tv_subtract(&timeout_left, timeout, &now);
@@ -78,18 +72,28 @@ ssize_t recvtimeout(int socket, void *buffer, size_t length, int flags, const st
 		return -1;
 
 	setsockopt(socket, SOL_SOCKET, SO_RCVTIMEO, &timeout_left, sizeof(timeout_left));
-	return recv(socket, buffer, length, flags);
+
+	recvlen = recv(socket, *recvbuffer, 0, MSG_PEEK | MSG_TRUNC);
+	if (recvlen < 0)
+		return recvlen;
+
+	if (recvlen > *recvbuffer_len)
+		resize_recvbuffer(recvbuffer, recvbuffer_len, recvlen);
+
+	return recv(socket, *recvbuffer, *recvbuffer_len, 0);
 }
 
-int request(const int sock, const struct sockaddr_in6 *client_addr, const char *request, const char *sse, double timeout, unsigned int max_count) {
+int request(const int sock, char **recvbuffer, size_t *recvbuffer_len,
+		const struct sockaddr_in6 *client_addr, const char *request,
+		const char *sse, double timeout, unsigned int max_count) {
 	ssize_t ret;
-	char buffer[8192];
 	unsigned int count = 0;
 
 	ret = sendto(sock, request, strlen(request), 0, (struct sockaddr *)client_addr, sizeof(struct sockaddr_in6));
 
 	if (ret < 0) {
 		perror("Error in sendto()");
+		free(*recvbuffer);
 		exit(EXIT_FAILURE);
 	}
 
@@ -104,7 +108,7 @@ int request(const int sock, const struct sockaddr_in6 *client_addr, const char *
 	}
 
 	do {
-		ret = recvtimeout(sock, buffer, sizeof(buffer), 0, &tv_timeout);
+		ret = recvtimeout(sock, recvbuffer, recvbuffer_len, &tv_timeout);
 
 		if (ret < 0)
 			break;
@@ -115,7 +119,7 @@ int request(const int sock, const struct sockaddr_in6 *client_addr, const char *
 			fputs("data: ", stdout);
 		}
 
-		fwrite(buffer, sizeof(char), ret, stdout);
+		fwrite(*recvbuffer, sizeof(char), ret, stdout);
 
 		if (sse)
 			fputs("\n\n", stdout);
@@ -136,6 +140,8 @@ int main(int argc, char **argv) {
 	int sock;
 	struct sockaddr_in6 client_addr = {};
 	char *request_string = NULL;
+	char *recvbuffer = NULL;
+	size_t recvbuffer_len = 0;
 
 	sock = socket(PF_INET6, SOCK_DGRAM, 0);
 
@@ -144,6 +150,8 @@ int main(int argc, char **argv) {
 		exit(EXIT_FAILURE);
 	}
 
+	client_addr.sin6_addr = in6addr_loopback;
+	client_addr.sin6_port = htons(1001);
 	client_addr.sin6_family = AF_INET6;
 
 	opterr = 0;
@@ -230,17 +238,25 @@ int main(int argc, char **argv) {
 		}
 	}
 
+	if (!loop && !IN6_IS_ADDR_MULTICAST(&client_addr.sin6_addr)) {
+		max_count=1;
+	}
+
 	if (sse) {
 		fputs("Content-Type: text/event-stream\n\n", stdout);
 		fflush(stdout);
 	}
 
+	resize_recvbuffer(&recvbuffer, &recvbuffer_len, 8192);
+
 	do {
-		ret = request(sock, &client_addr, request_string, sse, timeout, max_count);
+		ret = request(sock, &recvbuffer, &recvbuffer_len, &client_addr,
+				request_string, sse, timeout, max_count);
 	} while(loop);
 
 	if (sse)
 		fputs("event: eot\ndata: null\n\n", stdout);
 
+	free(recvbuffer);
 	return ret;
 }

package/gluon-node-info/Makefile

 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gluon-node-info
-PKG_VERSION:=1
-PKG_RELEASE:=1
 
 include ../gluon.mk
 
@@ -11,4 +9,8 @@ define Package/gluon-node-info
   DEPENDS:=+gluon-core +libgluonutil
 endef
 
+define Package/gluon-node-info/conffiles
+/etc/config/gluon-node-info
+endef
+
 $(eval $(call BuildPackageGluon,gluon-node-info))

package/gluon-node-info/luasrc/lib/gluon/upgrade/520-node-info-whitespace-fix

-#!/usr/bin/lua
-local uci = require('simple-uci').cursor()
-local util = require 'gluon.util'
-
-local sname = uci:get_first('gluon-node-info', 'location')
-if sname then
-  local options = {'longitude', 'latitude', 'altitude'}
-  for _, option in ipairs(options) do
-    local value = uci:get('gluon-node-info', sname, option)
-    if value then
-      uci:set('gluon-node-info', sname, option, util.trim(value))
-    end
-  end
-  uci:save('gluon-node-info')
-end

package/gluon-node-info/src/respondd.c

-/*
-  Copyright (c) 2016, Matthias Schiffer <mschiffer@universe-factory.net>
-  All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-       this list of conditions and the following disclaimer.
-    2. Redistributions in binary form must reproduce the above copyright notice,
-       this list of conditions and the following disclaimer in the documentation
-       and/or other materials provided with the distribution.
-
-  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-  CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
+/* SPDX-FileCopyrightText: 2016, Matthias Schiffer <mschiffer@universe-factory.net> */
+/* SPDX-License-Identifier: BSD-2-Clause */
 
 
 #include <respondd.h>

package/gluon-private-wifi/Makefile

+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-private-wifi
+
+include ../gluon.mk
+
+define Package/gluon-private-wifi
+  TITLE:=Provides a virtual access point for the nodes WAN network 
+  DEPENDS:=+gluon-core
+endef
+
+$(eval $(call BuildPackageGluon,gluon-private-wifi))

package/gluon-private-wifi/luasrc/lib/gluon/upgrade/325-gluon-private-wifi

+#!/usr/bin/lua
+
+local uci = require("simple-uci").cursor()
+local wireless = require 'gluon.wireless'
+
+wireless.foreach_radio(uci, function(radio)
+	local radio_name = radio['.name']
+	local suffix = radio_name:match('^radio(%d+)$')
+	local name   = "wan_" .. radio_name
+
+	if not uci:get('wireless', name, 'device') then
+		return
+	end
+
+	uci:set('wireless', name, 'ifname', suffix and 'wl-wan' .. suffix)
+
+	-- migrate encryption from Gluon v2023.2.x or older
+	-- remove in 2027 or on first release supporting only upgrades from >=v2025.1.x
+	local encryption = uci:get('wireless', name, 'encryption')
+	uci:set('wireless', name, 'encryption', encryption:gsub("psk3", "sae"))
+end)
+
+uci:save('wireless')

package/gluon-radv-filterd/Makefile

 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gluon-radv-filterd
-PKG_VERSION:=1
-PKG_RELEASE:=1
 
 include ../gluon.mk
 

package/gluon-radv-filterd/files/etc/init.d/gluon-radv-filterd

@@ -5,11 +5,12 @@ START=50
 DAEMON=/usr/sbin/gluon-radv-filterd
 
 start_service() {
-	local threshold="$(lua -e 'print(require("gluon.site").radv_filterd.threshold(20))')"
+	local threshold
+	threshold="$(lua -e 'print(require("gluon.site").radv_filterd.threshold(20))')"
 
 	procd_open_instance
-	procd_set_param command $DAEMON -i br-client -c RADV_FILTER -t $threshold
-	procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
+	procd_set_param command "$DAEMON" -i br-client -c RADV_FILTER -t "$threshold"
+	procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}"
 	procd_set_param netdev br-client
 	procd_set_param stderr 1
 	procd_close_instance

package/gluon-radv-filterd/files/lib/gluon/reload.d/350-gluon-radv-filterd-stop

+#!/bin/sh
+/etc/init.d/gluon-radv-filterd stop