Scan cache (#1160)

* Cache the last wifi scan and update it when a re-scan is requested.
This change was suggested as a way of handling Ubiquiti AC devices
which disconnect while scanning and making retrieving the results
problematic if that was your connection. Now we scan and store the
results so they can be retrieved later. In fact we no longer scan when
navigating to this page but require an explicity scan button push.
This make the page generally more responsive when initially navigated
to.

.circleci/config.yml

@@ -1,45 +1,165 @@
-version: 2
+version: 2.1
+
+######################################
+# PIPELINE PARAMETERS
+######################################
+parameters:
+  action:
+    type: enum
+    enum: [no_action, nightly_build, manual_build, release_build, afs_collector]
+    default: no_action
+  release_version:
+    type: string
+    default: "NO_RELEASE_VERSION_SET"
+
+
+######################################
+# REUSABLE COMMANDS
+######################################
+commands:
+  update_config_mk:
+    description: "Update variables in config.mk"
+    steps:
+      - run:
+          name: Update Config.mk
+          command:  |
+            export MY_WORKING_DIRECTORY=`pwd`
+            printf -v BUILD_DATE '%(%Y%m%d)T' -1
+            sed -i "s/NoCall/${BUILD_DATE}/g" ${MY_WORKING_DIRECTORY}/config.mk
+            sed -i "s/MAKE_ARGS=-j3/MAKE_ARGS=-j${DASH_J_VALUE}/g" ${MY_WORKING_DIRECTORY}/config.mk
+            cat ${MY_WORKING_DIRECTORY}/config.mk
+  
+  update_config_mk_release:
+    description: "Update variables in config.mk for release"
+    steps:
+      - run:
+          name: Update Config.mk Release
+          command:  |
+            export MY_WORKING_DIRECTORY=`pwd`
+            sed -i "s/FW_VERSION=\$(PRIVATE_BUILD_VERSION)-\$(GIT_COMMIT)/FW_VERSION=\$(PRIVATE_BUILD_VERSION)/g" ${MY_WORKING_DIRECTORY}/Makefile
+            sed -i "s/NoCall/<< pipeline.parameters.release_version >>/g" ${MY_WORKING_DIRECTORY}/config.mk
+            sed -i "s/releases\/3\/24\/<< pipeline.parameters.release_version >>/g" ${MY_WORKING_DIRECTORY}/config.mk
+            sed -i "s/MAKE_ARGS=-j3/MAKE_ARGS=-j${DASH_J_VALUE}/g" ${MY_WORKING_DIRECTORY}/config.mk
+            sed -i "s/develop/<< pipeline.parameters.release_version >>/g" ${MY_WORKING_DIRECTORY}/feeds.conf
+            cat ${MY_WORKING_DIRECTORY}/config.mk
+
+######################################
+# JOBS
+######################################
 jobs:
-  ######################################
-  # Common
-  ######################################
   build:
+    resource_class: large
     docker:
       - image: arednmesh/builder
 
     steps:
       - checkout
+      - update_config_mk
       - run:
-          name: Update Config.mk
-          command:  |
-            export MY_WORKING_DIRECTORY=`pwd`
-            export MY_PROCS=`nproc`
-            echo "#Procs: ${MY_PROCS}, DASH_J_VALUE: ${DASH_J_VALUE}" 
-            sed -i "s/NoCall/${CIRCLE_BUILD_NUM}/g" ${MY_WORKING_DIRECTORY}/config.mk
-            sed -i "s/MAKE_ARGS=-j3/MAKE_ARGS=-j${DASH_J_VALUE}/g" ${MY_WORKING_DIRECTORY}/config.mk
-            cat ${MY_WORKING_DIRECTORY}/config.mk
-            echo "${TARGET_DIR}"
-      - run:
-          name: Build
-          command: make
+          name: Build ath79/generic
+          command: make MAINTARGET=ath79 SUBTARGET=generic
           no_output_timeout: 2h
       - run:
-          name: Build
-          command: make SUBTARGET=mikrotik
+          name: Build ath79/tiny
+          command: make MAINTARGET=ath79 SUBTARGET=tiny
           no_output_timeout: 1h
       - run:
-          name: Build
-          command: make MAINTARGET=ath79
+          name: Build ath79/mikrotik
+          command: make MAINTARGET=ath79 SUBTARGET=mikrotik
           no_output_timeout: 1h
+      - run:
+          name: Build ath79/mikrotik/ath10k
+          command: make MAINTARGET=ath79 SUBTARGET=mikrotik ALTTARGET=ath10k
+          no_output_timeout: 1h
+      - run:
+          name: Build ath79/mikrotik/nand
+          command: make MAINTARGET=ath79 SUBTARGET=mikrotik ALTTARGET=nand
+          no_output_timeout: 1h
+      - run:
+          name: Build ath79/nand
+          command: make MAINTARGET=ath79 SUBTARGET=nand
+          no_output_timeout: 1h
+      - run:
+          name: Build ipq40xx/generic
+          command: make MAINTARGET=ipq40xx SUBTARGET=generic
+          no_output_timeout: 2h
+      - run:
+          name: Build ipq40xx/mikrotik
+          command: make MAINTARGET=ipq40xx SUBTARGET=mikrotik
+          no_output_timeout: 1h
+      - run:
+          name: Build x64/64
+          command: make MAINTARGET=x86 SUBTARGET=64
+          no_output_timeout: 2h
+      - run:
+          name: Build ramips/mt7621
+          command: make MAINTARGET=ramips SUBTARGET=mt7621
+          no_output_timeout: 2h
       - run:
           name: Compress build files
           command: tar -cjf ~/${CIRCLE_BRANCH}_${ARTIFACTS_FILE} -C ${MY_WORKING_DIRECTORY}/${ARTIFACTS_DIR} .
       - run:
           name: Deploy Files
           command: scp -o StrictHostKeyChecking=no ~/${CIRCLE_BRANCH}_${ARTIFACTS_FILE} ${SSH_USER}@${SSH_HOST}:${TARGET_DIR}
+  
+  build_release:
+    resource_class: large
+    docker:
+      - image: arednmesh/builder
+
+    steps:
+      - checkout
+      - update_config_mk_release
+      - run:
+          name: Build ath79/generic
+          command: make MAINTARGET=ath79 SUBTARGET=generic
+          no_output_timeout: 2h
+      - run:
+          name: Build ath79/tiny
+          command: make MAINTARGET=ath79 SUBTARGET=tiny
+          no_output_timeout: 1h
+      - run:
+          name: Build ath79/mikrotik
+          command: make MAINTARGET=ath79 SUBTARGET=mikrotik
+          no_output_timeout: 1h
+      - run:
+          name: Build ath79/mikrotik/ath10k
+          command: make MAINTARGET=ath79 SUBTARGET=mikrotik ALTTARGET=ath10k
+          no_output_timeout: 1h
+      - run:
+          name: Build ath79/mikrotik/nand
+          command: make MAINTARGET=ath79 SUBTARGET=mikrotik ALTTARGET=nand
+          no_output_timeout: 1h
+      - run:
+          name: Build ath79/nand
+          command: make MAINTARGET=ath79 SUBTARGET=nand
+          no_output_timeout: 1h
+      - run:
+          name: Build ipq40xx/generic
+          command: make MAINTARGET=ipq40xx SUBTARGET=generic
+          no_output_timeout: 2h
+      - run:
+          name: Build ipq40xx/mikrotik
+          command: make MAINTARGET=ipq40xx SUBTARGET=mikrotik
+          no_output_timeout: 1h
+      - run:
+          name: Build x64/64
+          command: make MAINTARGET=x86 SUBTARGET=64
+          no_output_timeout: 2h
+      - run:
+          name: Build ramips/mt7621
+          command: make MAINTARGET=ramips SUBTARGET=mt7621
+          no_output_timeout: 2h
+      - run:
+          name: Compress build files
+          command: tar -cjf ~/${CIRCLE_BRANCH}_${ARTIFACTS_FILE} -C ${MY_WORKING_DIRECTORY}/${ARTIFACTS_DIR} .
+      - run:
+          name: Deploy Files
+          command: scp -o StrictHostKeyChecking=no ~/${CIRCLE_BRANCH}_${ARTIFACTS_FILE} ${SSH_USER}@${SSH_HOST}:${TARGET_DIR}
+  
   check2build:
     machine:
-      enabled: true
+      image: ubuntu-2004:2023.02.1
     steps:
       - run:
           name: Retrieve last build info and check
@@ -48,20 +168,18 @@ jobs:
           name: Check2build failure (build not needed)
           when: on_fail
           command: circleci-agent step halt
+  
   save_build_info:
-      machine:
-        enabled: true
-      steps:
-        - run:
-            name: Save last build info
-            command: ssh ${SSH_USER}@${SSH_HOST} "sh -c ' echo ${CIRCLE_SHA1} > ~/build_info/${CIRCLE_PROJECT_USERNAME}_${CIRCLE_PROJECT_REPONAME}_${CIRCLE_BRANCH}'"
+    machine:
+      image: ubuntu-2004:2023.02.1
+    steps:
+      - run:
+          name: Save last build info
+          command: ssh ${SSH_USER}@${SSH_HOST} "sh -c ' echo ${CIRCLE_SHA1} > ~/build_info/${CIRCLE_PROJECT_USERNAME}_${CIRCLE_PROJECT_REPONAME}_${CIRCLE_BRANCH}'"
 
-  ######################################
-  # Nightly
-  ######################################
   process_artifacts_nightly:
     machine:
-      enabled: true
+      image: ubuntu-2004:2023.02.1
     steps:
       - run:
           name: Untar Files
@@ -79,9 +197,17 @@ jobs:
           name: Move packages
           command: ssh ${SSH_USER}@${SSH_HOST} "sh -c 'mv ${TARGET_DIR}/packages ${NIGHTLY_DIR}'"
 
+  process_artifacts_release:
+    machine:
+      image: ubuntu-2004:2023.02.1
+    steps:
+      - run:
+          name: Untar Files
+          command: ssh ${SSH_USER}@${SSH_HOST} "sh -c 'tar -xjf ${TARGET_DIR}/${CIRCLE_BRANCH}_${ARTIFACTS_FILE} -C ${TARGET_DIR}'"
+
   changelog_nightly:
     machine:
-      enabled: true
+      image: ubuntu-2004:2023.02.1
     steps:
       - run:
           name: Generate changelog.md
@@ -92,7 +218,7 @@ jobs:
 
   readme_nightly:
     machine:
-      enabled: true
+      image: ubuntu-2004:2023.02.1
     steps:
       - run:
           name: Fetch README.md
@@ -100,58 +226,117 @@ jobs:
       - run:
           name: Move README.md
           command: ssh ${SSH_USER}@${SSH_HOST} "sh -c 'mv ~/README.md ${NIGHTLY_DIR}/readme.md'"
+      - run:
+          name: Fetch SUPPORTED_DEVICES.md
+          command: ssh ${SSH_USER}@${SSH_HOST} "sh -c 'wget https://raw.githubusercontent.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/${CIRCLE_BRANCH}/SUPPORTED_DEVICES.md'"
+      - run:
+          name: Move SUPPORTED_DEVICES.md
+          command: ssh ${SSH_USER}@${SSH_HOST} "sh -c 'mv ~/SUPPORTED_DEVICES.md ${NIGHTLY_DIR}/SUPPORTED_DEVICES.md'"
 
   afs_collector:
     machine:
-      enabled: true
+      image: ubuntu-2004:2023.02.1
     steps:
       - run:
           name: Run AFS collector
-          command: ssh ${SSH_USER}@${SSH_HOST} "sh -c '${DOWNLOADS_DOCROOT}/afs/misc/collect.py --image-url http://downloads.arednmesh.org/{base}/{target} ${DOWNLOADS_DOCROOT} ${DOWNLOADS_DOCROOT}/afs/www'"
+          command: ssh ${SSH_USER}@${SSH_HOST} "sh -c '${DOWNLOADS_DOCROOT}/afs/misc/collect.py ${DOWNLOADS_DOCROOT} ${DOWNLOADS_DOCROOT}/afs/www'"
+
+  post_to_slack:
+    machine:
+      image: ubuntu-2004:2023.02.1
+    steps:
+      - run:
+          name: Post to Slack
+          command: ssh ${SSH_USER}@${SSH_HOST} "./post-nightly.sh $(printf '%(%Y%m%d)T')-$(echo ${CIRCLE_SHA1} | cut -c '-7')"
       
+  no_action:
+    machine:
+      image: ubuntu-2004:2023.02.1
+    steps:
+      - run: echo "No action needed"
+
 ######################################
 # Workflows
 ######################################
 workflows:
-  version: 2
+  no_action_default:
+    when:
+      equal: [ no_action, << pipeline.parameters.action >> ]
+    jobs:
+      - no_action
 
-  nightly:
-    triggers:
-      - schedule:
-          cron: "0 9 * * *" # 9AM UTC
-          filters:
-            branches:
-              only: main
+  nightly_build:
+    when:
+      equal: [ nightly_build, << pipeline.parameters.action >> ]
     jobs:
       - check2build
       - build:
           requires:
             - check2build
-      - save_build_info:
-          requires:
-            - build
       - process_artifacts_nightly:
           requires:
             - build
-          filters:
-            branches:
-              only: main
       - readme_nightly:
           requires:
             - process_artifacts_nightly
-          filters:
-            branches:
-              only:
-                - main
       - changelog_nightly:
           requires:
             - process_artifacts_nightly
-          filters:
-            branches:
-              only: main
       - afs_collector:
           requires:
             - process_artifacts_nightly
-          filters:
-            branches:
-              only: main
+      - save_build_info:
+          requires:
+            - process_artifacts_nightly
+      - post_to_slack:
+          requires:
+            - afs_collector
+  
+  manual_build:
+    when:
+      equal: [ manual_build, << pipeline.parameters.action >> ]
+    jobs:
+      - build
+      - process_artifacts_nightly:
+          requires:
+            - build
+      - readme_nightly:
+          requires:
+            - process_artifacts_nightly
+      - changelog_nightly:
+          requires:
+            - process_artifacts_nightly
+      - afs_collector:
+          requires:
+            - process_artifacts_nightly
+      - save_build_info:
+          requires:
+            - process_artifacts_nightly
+
+  release_build:
+    when:
+      equal: [ release_build, << pipeline.parameters.action >> ]
+    jobs:
+      - build_release
+      - process_artifacts_release:
+          requires:
+            - build_release 
+      - readme_nightly:
+          requires:
+            - process_artifacts_release
+      - changelog_nightly:
+          requires:
+            - process_artifacts_release
+      - afs_collector:
+          requires:
+            - process_artifacts_release
+      - save_build_info:
+          requires:
+            - process_artifacts_release
+
+  afs_collector_workflow:
+    when:
+      equal: [ afs_collector, << pipeline.parameters.action >> ]
+    jobs:
+      - afs_collector
+

.github/ISSUE_TEMPLATE/bug.md

@@ -0,0 +1,24 @@
+---
+name: Bug Report
+about: Create a report for firmware related bugs.
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+### Describe the bug
+A clear and concise description of what the bug is.
+
+- [ ] Does this issue still occur on the latest version? (**Required**)
+
+### Expected behavior
+A clear and concise description of what you expected to happen.
+
+### Screenshots
+Please include a screenshot of your system information (if possible) if the specific system environment is relevant to the bug.
+
+If applicable, add screenshots to help explain your problem.
+
+### Additional context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/enhancement.md

@@ -0,0 +1,20 @@
+---
+name: Feature Request
+about: New feature or request
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/new_hardware_support.md

@@ -0,0 +1,19 @@
+---
+name: Hardware Support
+about: Suggest supporting new hardware/platforms
+title: ''
+labels: 'new hardware support'
+assignees: ''
+
+---
+
+### What is the hardware/platform
+What is the name of the item? Ex. Ubiquiti Rocket M2
+
+### Links
+Please include relevant links to the content.
+
+e.g. Product page, OpenWRT Table of Hardware page, etc.
+
+### Additional context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,17 @@
+---
+name: Question
+about: Question related to the project that is not related to bugs or hardware/feature addition.
+title: ''
+labels: 'question'
+assignees: ''
+
+---
+
+### What is your question
+Describe your question/problem as clearly as possible.
+
+### Links and screenshots
+Please include any relevant links or screenshots, if applicable.
+
+### Additional context
+Add any other context about the problem here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+
+<!-- Thank you so much for contributing! -->
+
+### Description
+Describe the goals that the pull request accomplishes.
+
+### Relevant Links
+If there are related issues, please link them here.
+
+Please also include links relevant to the changes.
+
+### Screenshots
+If applicable, please include screenshots before and after your changes.
+
+### Additional context
+Add any other context about the problem or changes here.

.gitignore

@@ -5,4 +5,8 @@
 # Files created during make
 .stamp*
 firmware
-openwrt/
+openwrt/
+
+# Other
+.DS_Store
+._.DS_Store

CONTRIBUTORS

@@ -10,3 +10,6 @@ Ray Suelzer - KK6RAY <rsuelzer@gmail.com>
 Steve Lewis - AB7PA <ab7pa.radio@gmail.com>
 Tim Wilkinson - KN6PLV <tim.j.wilkinson@gmail.com>
 Phil Crump - M0DNY <phil@philcrump.co.uk>
+Paul Milazzo - K3PGM <milazzo@comcast.net>
+Jean-Michel Vien - VA2XJM <va2xjm@gmail.com>
+Jacob McSwain - KI5VMF <aredn@mcswain.dev>

Makefile

@@ -4,6 +4,7 @@ include openwrt.mk
 # get main- and subtarget name from TARGET
 MAINTARGET=$(word 1, $(subst -, ,$(TARGET)))
 SUBTARGET=$(word 2, $(subst -, ,$(TARGET)))
+ALTTARGET=$(word 3, $(subst -, ,$(TARGET)))
 
 GIT_BRANCH=$(shell git symbolic-ref HEAD | sed -e 's,.*/\(.*\),\1,')
 GIT_COMMIT=$(shell git rev-parse --short HEAD)
@@ -11,13 +12,13 @@ GIT_COMMIT=$(shell git rev-parse --short HEAD)
 # set dir and file names
 TOP_DIR=$(shell pwd)
 OPENWRT_DIR=$(TOP_DIR)/openwrt
-TARGET_CONFIG=$(TOP_DIR)/configs/common.config $(TOP_DIR)/configs/$(MAINTARGET)-$(SUBTARGET).config
+TARGET_CONFIG=$(TOP_DIR)/configs/common.config $(TOP_DIR)/configs/$(MAINTARGET)-$(SUBTARGET)$(patsubst %,-%,$(ALTTARGET)).config
 UMASK=umask 022
 
 # set variables based on private or CircleCI build
 ifeq ($(CIRCLECI),true)
 $(info CircleCI build ...)
-FW_VERSION=$(PRIVATE_BUILD_VERSION)
+FW_VERSION=$(PRIVATE_BUILD_VERSION)-$(GIT_COMMIT)
 else
 FW_VERSION=$(PRIVATE_BUILD_VERSION)-$(GIT_BRANCH)-$(GIT_COMMIT)
 endif
@@ -57,6 +58,7 @@ openwrt-clean: stamp-clean-openwrt-cleaned .stamp-openwrt-cleaned
 	ln -sf $(TOP_DIR)/patches $(OPENWRT_DIR)/
 	ln -sf $(TOP_DIR)/files   $(OPENWRT_DIR)/
 	sed -i "s/^.*freifunk.*$$//" $(OPENWRT_DIR)/feeds.conf.default
+	sed -i "s/luci.git$$/luci.git;openwrt-22.03/" $(OPENWRT_DIR)/feeds.conf.default
 	touch $@
 
 # update openwrt and checkout specified commit
@@ -76,6 +78,7 @@ feeds-update: stamp-clean-feeds-updated .stamp-feeds-updated
 .stamp-feeds-updated: $(OPENWRT_DIR)/feeds.conf
 	cd $(OPENWRT_DIR); ./scripts/feeds uninstall -a
 	cd $(OPENWRT_DIR); ./scripts/feeds update -a
+	cd $(OPENWRT_DIR); ./scripts/feeds install libpam
 	cd $(OPENWRT_DIR); ./scripts/feeds install libcap
 	cd $(OPENWRT_DIR); ./scripts/feeds install jansson
 	cd $(OPENWRT_DIR); ./scripts/feeds install libidn2
@@ -84,22 +87,23 @@ feeds-update: stamp-clean-feeds-updated .stamp-feeds-updated
 	cd $(OPENWRT_DIR); ./scripts/feeds install libidn
 	cd $(OPENWRT_DIR); ./scripts/feeds install libopenldap
 	cd $(OPENWRT_DIR); ./scripts/feeds install libgnutls
-	cd $(OPENWRT_DIR); ./scripts/feeds install libpam
 	cd $(OPENWRT_DIR); ./scripts/feeds install libnetsnmp
 	cd $(OPENWRT_DIR); ./scripts/feeds install -p arednpackages olsrd
-	cd $(OPENWRT_DIR); ./scripts/feeds install perl
 	cd $(OPENWRT_DIR); ./scripts/feeds install -p arednpackages vtun
-	cd $(OPENWRT_DIR); ./scripts/feeds install -a -p arednpackages
+	cd $(OPENWRT_DIR); ./scripts/feeds install -p arednpackages dd-wrt-ath10k-firmware
+	cd $(OPENWRT_DIR); ./scripts/feeds install -p arednpackages prometheus-exporter
 	cd $(OPENWRT_DIR); ./scripts/feeds install snmpd
+	cd $(OPENWRT_DIR); ./scripts/feeds install curl
 	cd $(OPENWRT_DIR); ./scripts/feeds install ntpclient
 	cd $(OPENWRT_DIR); ./scripts/feeds install socat
-	cd $(OPENWRT_DIR); ./scripts/feeds install xinetd
-	cd $(OPENWRT_DIR); ./scripts/feeds install luci-base
+	cd $(OPENWRT_DIR); ./scripts/feeds install luci-lib-base
 	cd $(OPENWRT_DIR); ./scripts/feeds install luci-lib-nixio
 	cd $(OPENWRT_DIR); ./scripts/feeds install luci-lib-ip
 	cd $(OPENWRT_DIR); ./scripts/feeds install luci-lib-jsonc
-	cd $(OPENWRT_DIR); ./scripts/feeds install luaposix
 	cd $(OPENWRT_DIR); ./scripts/feeds install luasocket
+	cd $(OPENWRT_DIR); ./scripts/feeds install iperf3
+	cd $(OPENWRT_DIR); ./scripts/feeds install micrond
+	cd $(OPENWRT_DIR); ./scripts/feeds install mii-tool
 	cd $(OPENWRT_DIR); ./scripts/feeds install mmc-utils
 	touch $@
 
@@ -145,9 +149,8 @@ compile: stamp-clean-compiled .stamp-compiled
 	$(TOP_DIR)/scripts/tests-prebuild.sh
 	$(UMASK); \
 	  $(MAKE) -C $(OPENWRT_DIR) $(MAKE_ARGS)
-	for FILE in `find $(TOP_DIR)/firmware/targets/ -path "*packages" -prune -o \( -type f -a \
-	  ! \( -name "*factory.bin" -o -name "*sysupgrade.bin" -o -name "*initramfs.elf" -o \
-	  -name sha256sums -o -name "*.buildinfo" -o -name "*.json" \) \
+	for FILE in `find $(TOP_DIR)/firmware/targets/$(MAINTARGET)/$(SUBTARGET) -path "*packages" -prune -o \( -type f -a \
+	  ! \( -name "*factory.bin" -o -name "*sysupgrade.bin" -o -name "*x86*" -o -name "*initramfs*" -o -name sha256sums -o -name "*.buildinfo" -o -name "*.json" \) \
 	  -print \)`; do rm $$FILE; \
 	done;
 	$(TOP_DIR)/scripts/tests-postbuild.sh

README.md

@@ -1,124 +1,28 @@
-# Amateur Radio Emergency Data Network AREDN(tm) Firmware
+# Amateur Radio Emergency Data Network AREDN® Firmware 
 
-http://www.arednmesh.org
+https://www.arednmesh.org
 
-## About AREDN
+## About AREDN®
 
-AREDN wireless networks are deployed by licensed Amateur Radio
-operators, Technician Class or higher, under FCC Part 97 allocations
-adjacent to FCC part 15, unlicensed, WIFI, allocations. They are
-configured as ad-hoc nodes to form mesh networks.  The firmware
-created below enables the effective use of valuable and dedicated
-frequencies for communication services to government and private
-relief organizations in times of disaster or other emergencies.
+AREDN® wireless networks are deployed by licensed Amateur Radio operators, Technician Class or higher, under FCC Part 97 allocations adjacent to FCC part 15, unlicensed, WIFI, allocations. They are configured as adhoc nodes to form mesh networks. The firmware created below enables the effective use of valuable and dedicated frequencies for communication services to government and private relief organizations in times of disaster or other emergencies.
 
-Amateur Radio frequencies are relatively clean of noise from the commercial
-allocations and ensure usability for Amateur Radio Operators.  This firmware
-enables 802.11n wireless networks to be created and expanded with minimal 
-to no pre-planning or IT expertise.  A user can deploy a 'node' anywhere
-to connect in and extend an AREDN network.  Device hardware options exist to
-provide sector coverage, build point-to-point links, and connect end
-point services to the network. High speed link rates are routinely achieved
-over long distances, e.g. 60Mbps+ on 10MHz channels over 80km links. 
+This firmware enables 802.11 wireless networks to be created and expanded with little to no IT expertise.  A user can deploy a 'node' anywhere to connect to and extend an AREDN® network.  Device hardware options exist to provide sector coverage, build point-to-point links, and connect end point services to the network. High speed link rates are routinely achieved over long distances, e.g. 60Mbps+ on 10MHz channels over 80km links.
 
-For further information on obtaining an Amateur Radio Technician Class
-license, please refer to http://www.arrl.org/getting-your-technician-license
+For further information on obtaining an Amateur Radio Technician Class license, please refer to https://www.arrl.org/getting-your-technician-license
 
 ## Usage Information
 
-### What to know about the images built with the instructions below
-
-This is the 3.22.6.0 Release.
-
-### Images built
-
-Device | target | Image to Use | RAM | Stability
------- | ------ | ------------ | --- | ---------
-AirGrid XM | ar71xx | bullet-m | 32Mb | stable
-AirGrid XW | ar71xx | loco-m-xw | 32Mb | stable
-AirRouter  | ath79 | airrouter | 32Mb | stable
-AirRouter HP | ath79 | airrouter | 32Mb | stable
-Bullet M2Ti/M5/M5Ti | ar71xx | bullet-m | 32Mb | stable
-Bullet M2 | ath79 | bullet-m | 32Mb | stable
-Bullet M2 XW | ath79 | bullet-m-xw | 64Mb | stable
-LiteBeam M5 | ar71xx | lbe-m5 | 64Mb | stable
-NanoBeam M2-13/M5-16/M5-19 | ar71xx | loco-m-xw | 32Mb | stable
-NanoBridge 2G18 | ar71xx | bullet-m | 32Mb | stable
-NanoBridge 5G22/25 | ar71xx | bullet-m | 32Mb | stable
-NanoBridge M9 | ar71xx | bullet-m | 32Mb | stable
-NanoStation Loco M2/M5/M9 XM | ar71xx | bullet-m | 32Mb | stable
-NanoStation Loco M2 XW | ar71xx | loco-m-xw | 64Mb | stable
-NanoStation Loco M5 XW with test date before ~Nov 2017| ar71xx | loco-m-xw | 64Mb | stable
-NanoStation Loco M5 XW with test date on or after ~Nov 2017 | ar71xx | rocket-m-xw | 64Mb | stable
-NanoStation  M2/M3/M5 XM | ath79 | nanostation-m | 32Mb | stable
-NanoStation  M2/M5 XW | ath79 | nanostation-m-xw | 64Mb | stable
-PicoStation M2 | ar71xx | bullet-m | 32Mb | stable
-PowerBeam-M2-400 | ar71xx | loco-m-xw | 64Mb | stable
-PowerBeam-M5-300 | ar71xx | loco-m-xw | 64Mb | stable
-PowerBeam-M5-400/400ISO/620 | ar71xx | rocket-m-xw | 64Mb | stable
-PowerBridge | ar71xx | nano-m  | 64Mb | stable
-Rocket M9/M2/M3/M5/M5GPS XM | ath79 | rocket-m | 64Mb | stable
-Rocket M2/M5 XM with USB port | ar71xx | rocket-m | 64Mb | stable
-Rocket M2 XW | ar71xx | loco-m-xw | 64Mb | stable
-Rocket M5 XW | ar71xx | rocket-m-xw | 64Mb | stable
-Rocket M2 Titanium TI | ar71xx | rocket-m-ti | 64Mb | unknown
-Rocket M2 Titanium XW | ar71xx | rocket-m-xw | 64Mb | unknown
-Rocket M5 Titanium TI | ar71xx | rocket-m-ti | 64Mb | stable
-Rocket M5 Titanium XW | ar71xx | rocket-m-xw | 64Mb | stable
-TPLink CPE210 v1.0/v1.1 | ath79  | cpe210-v1 | 64Mb | stable
-TPLink CPE210 v2.0 | ath79 | cpe210-v2 | 64Mb | stable
-TPLink CPE210 v3.0 | ath79 | cpe210-v3 | 64Mb | stable
-TPLink CPE220 v2.0 | ath79 | cpe220-v2 | 64Mb | stable
-TPLink CPE220 v3.0 | ath79  | cpe220-v3 | 64Mb | stable
-TPLink CPE510 v1.0/v1.1 | ath79  | cpe510-v1 | 64Mb | stable
-TPLink CPE510 v2.0 | ath79  | cpe510-v2 | 64Mb | stable
-TPLink CPE510 v3.0 | ath79  | cpe510-v3 | 64Mb | stable
-TPLink CPE610 v1.0 | ath79  | cpe610-v1 | 64Mb | stable
-TPLink CPE610 v2.0 | ath79  | cpe610-v2 | 64Mb | stable
-TPLink WBS210 v1.0 | ath79  | wbs210-v1 | 64mb | stable
-TPLink WBS210 v2.0 | ath79  | wbs210-v2 | 64mb | stable
-TPLink WBS510 v1.0 | ath79  | wbs510-v1 | 64mb | stable
-TPLink WBS510 v2.0 | ath79  | wbs510-v2 | 64mb | stable
-Mikrotik Basebox RB912UAG-5HPnD/2HPnD | ar71xx | mikrotik-nand-large | 64Mb | stable
-Mikrotik hAP ac lite 952Ui-5ac2nD | ar71xx | mikrotik-rb-nor-flash-16M-ac | 64Mb | stable
-Mikrotik RBLHG-2nD/5nD | ar71xx | mikrotik-rb-nor-flash-16M | 64Mb | stable
-Mikrotik RBLHG-5HPnD | ar71xx | mikrotik-rb-nor-flash-16M | 64Mb | stable
-Mikrotik RBLHG-2nD-XL/5HPnD-XL | ar71xx | mikrotik-rb-nor-flash-16M | 64Mb | stable
-Mikrotik RBLDF-2nD/5nD | ar71xx | mikrotik-rb-nor-flash-16M | 64Mb | stable
-Mikrotik QRT5 RB911G-5HPnD-QRT | ar71xx | mikrotik-nand-large | 64Mb | stable
-Mikrotik mAntbox RB911G-2HPnD/5HPnD | ar71xx | mikrotik-nand-large | 64Mb | stable
-Mikrotik SXTsq 5HPnD/5nD/2nD | ar71xx | mikrotik-rb-nor-flash-16M | 64Mb | stable
-GL.iNet GL-AR150 | ath79 | gl-ar150 | 64Mb | stable
-GL.iNet GL-USB150 | ar71xx | gl-usb150 | 64Mb | stable
-GL.iNet GL-AR300M16 | ar71xx | gl-ar300m | 64Mb | stable
-GL.iNet GL-AR300M w/ 128Mb NAND | None | None | 64Mb | Not compatible
-GL.iNet GL-AR750 | ar71xx | gl-ar750 | 128Mb | stable
-Meraki MR-16 | ar71xx | mr16 | 64mb | stable
-
-The 'target' is a directory to find the image on at http://downloads.arednmesh.org
-
-Latest Mikrotik installation options are found at: https://www.arednmesh.org/content/installation-instructions-mikrotik-devices
-
 ### Ethernet Port usage
 
-The standard Ethernet port of an AREDN device uses the following vlan tags.  An 802.1Q
-switch is necessary to utilize the vlan tagged networks:
+The standard Ethernet port of an AREDN® device uses the following vlan tags.  An 802.1Q switch is necessary to utilize the vlan tagged networks:
 
 * untagged:  LAN devices - laptop, ipcam, voip phone, etc.
-* vlan 1:  WAN - gateway to connect AREDN network to home network and/or internet (some devices support changing this vlan to an alternate value)
-* vlan 2:  DtDLink (device to device) - AREDN network routing between nodes, typically cross band
+* vlan 1:  WAN - gateway to connect AREDN® network to home network and/or internet (some devices support changing this vlan to an alternate value)
+* vlan 2:  DtDLink (device to device) - AREDN® network routing between nodes, typically cross band
 
-The following devices have enhanced Ethernet port usage.  A single cat5 to the device
-could be plugged into ether the 'main' or 'secondary' port with standard port functionality.
-Both ports can be used interchangeably and simultaneously with LAN devices on both ports
-at the same time. 
+The following devices have enhanced Ethernet port usage.  A single cat5 to the device could be plugged into ether the 'main' or 'secondary' port with standard port functionality. Both ports can be used interchangeably and simultaneously with LAN devices on both ports at the same time.
 
-If the device's hardware supports POE (Power Over Ethernet) pass-through from main port to secondary
-port, an Advanced Setting option will show to turn on/off.  This is useful to power ipCams or other
-mesh nodes by daisy chaining the network cable from one device to another. Then only one network
-cable may be needed to reach 2 or 3 devices on the tower. Be sure to check the power capacity in the
-vendor specifications to not exceed. The first device in the chain will provide the DHCP address to
-all LAN devices on all nodes (because it powers up first).
+If the device's hardware supports POE (Power Over Ethernet) pass-through from main port to secondary port, an Advanced Setting option will show to turn on/off.  This is useful to power ipCams or other mesh nodes by daisy chaining the network cable from one device to another. Then only one network cable may be needed to reach 2 or 3 devices on the tower. Be sure to check the power capacity in the vendor specifications to not exceed. The first device in the chain will provide the DHCP address to all LAN devices on all nodes (because it powers up first).
 
 * NanoStation M2 XW
 * NanoStation M5 XW
@@ -134,17 +38,22 @@ all LAN devices on all nodes (because it powers up first).
 * TP-Link WBS510 v1
 * TP-Link WBS510 v2
 
-The Mikrotik hAP AC Lite, Ubiquiti AirRouter, and AirRouter HP are pre-configured with the following VLANs:
+The Mikrotik hAP AC Lite, Mikrotik hAP ac2, and Mikrotik hAP ac3 are pre-configured with the following VLANs:
 
 * Port 1: WAN Port - Packets in/out of this port are expected to be untagged. The node is (by default) configured to receive a DHCP assigned address from a home network, internet, or other foreign network.
 * Port 5: DtDLink Port Mesh Routing -- Connect to another mesh node or 8021.q switch. Packets in/out of this port must be vlan 2 tagged, other packets are ignored.
 * Ports 2-4: LAN devices -- Packets in/out of this port are expected to be untagged. The mesh node will (default) DHCP assign an IP address to your computer, ipCam, voip phone, etc. connected to these ports.
 
+The Ubiquiti AirRouter and AirRouter HP are pre-configured with the following VLANs:
+
+* Port "WAN": Packets in/out of this port are expected to be untagged. The node is (by default) configured to receive a DHCP assigned address from a home network, internet, or other foreign network.
+* Port 4: DtDLink Port Mesh Routing -- Connect to another mesh node or 8021.q switch. Packets in/out of this port must be vlan 2 tagged, other packets are ignored.
+* Ports 1-3: LAN devices -- Packets in/out of this port are expected to be untagged. The mesh node will (default) DHCP assign an IP address to your computer, ipCam, voip phone, etc. connected to these ports.
 
 The GL.iNet GL-AR150 and GL-AR300M16 are pre-configured with the following VLANS:
 
-* Port labeled "WAN": untagged = AREDN WAN
-* Port labeled "LAN": untagged = AREDN LAN, vlan 2 = DtDLink (device to device)
+* Port labeled "WAN": untagged = AREDN® WAN
+* Port labeled "LAN": untagged = AREDN® LAN, vlan 2 = DtDLink (device to device)
 
 The GL.iNet GL-AR750 is pre-configured with the following ports, left to right:
 
@@ -152,16 +61,23 @@ The GL.iNet GL-AR750 is pre-configured with the following ports, left to right:
 * Middle Port with "<..>" icon: DtDLink (vlan 2)
 * Right Port with "<..>" icon: LAN (untagged)
 
-IMPORTANT: For Gl.iNet devices, when initially installing AREDN on OpenWRT, you *MUST* uncheck the "Keep Settings" checkbox.
- 
+IMPORTANT: For Gl.iNet devices, when initially installing AREDN® on OpenWRT, you *MUST* uncheck the "Keep Settings" checkbox.
+
 ## Submitting Bug Reports
 
-Please submit all issues to http://github.com/aredn/aredn/issues
+Please submit all issues to https://github.com/aredn/aredn/issues
 
 ## Developer Only Information
 
-The AREDN firmware is based on OpenWrt with additional packages and patches.
-A Makefile automates the entire process to create firmware images.
+The AREDN® firmware is based on OpenWrt with additional packages and patches. A Makefile automates the entire process to create firmware images.
+
+### Images built with the instructions below
+
+This is the active 'main' branch with latest AREDN® code. The Amateur Radio community is encouraged to participate in loading the images produced from a "nightly build" and run the AREDN® firmware in a variety of environments. Given new features may not yet be documented, participants should already have a basic knowledge of Linux and networking to understand and provide useful feedback to the Developer submitting the code.
+
+The goal of participation is to obtain confidence that new features and the overall mesh node is stable. The more participation, the earlier an issue is found, the faster an enhancement will be turned into a release.
+
+Please refer to https://github.com/aredn/aredn/issues for a list of outstanding defects.
 
 ### Building with Docker
 Installing the Docker environment on your windows/linux/mac machine is a pre-requisite. A docker 'container' has been pre-configured with an aredn linux build environment. Alternative instructions are below if you wish to setup your linux install with the compiler pre-requisites necessary to do the build.
@@ -174,13 +90,12 @@ docker run -it --name builder arednmesh/builder
 
 To pull an image (or any other file) out of the docker container:
 ```
-docker cp builder:/opt/aredn/aredn/firmware/targets/ar71xx/generic/<image>.bin <local directory>
+docker cp builder:/opt/aredn/aredn/firmware/targets/ath79/generic/<image>.bin <local directory>
 ```
 
 ### Build Prerequisites
 
-Please take a look at the [OpenWrt documentation](https://openwrt.org/docs/guide-developer/build-system/install-buildsystem)
-for a complete and up to date list of packages for your operating system. 
+Please take a look at the [OpenWrt documentation](https://openwrt.org/docs/guide-developer/build-system/install-buildsystem) for a complete and up to date list of packages for your operating system.
 
 On Ubuntu/Debian:
 ```
@@ -212,78 +127,112 @@ bash
 git clone https://github.com/aredn/aredn.git
 cd aredn
 vi config.mk # enter your callsign, etc.
-# build default legacy ar71xx target ubnt and tplink images
+# build default legacy ath79 target ubnt and tplink images
 make  
-# build and add legacy ar71xx target mikrotik images
+# build and add legacy ath79 target mikrotik images
 make SUBTARGET=mikrotik
 # build and add ath79 target (latest linux kernel) ubnt, tplink, and gl images
 make MAINTARGET=ath79
 ```
 
-Building the images may take minutes or hours depending on the machine.
-For more details see [build options](https://openwrt.org/docs/guide-developer/build-system/use-buildsystem).  
-Review the build options in config.mk: `-j <number of cores + 1>`. 
+Building the images may take minutes or hours depending on the machine. For more details see [build options](https://openwrt.org/docs/guide-developer/build-system/use-buildsystem).  
+Review the build options in config.mk: `-j <nuMBer of cores + 1>`.
 `V=s` will give more verbose error messages.
 
-An internet connection is required during the build process. A good internet
-connection can improve the build time.
+An internet connection is required during the build process. A good internet connection can improve the build time.
 
 You need approximately 10GB of space for the build.
 
-### How to build prior builds of AREDN
+### How to build prior builds of AREDN®
 
-Prior AREDN images can be rebuilt.  Replace one of the following after
+Prior AREDN® images can be rebuilt.  Replace one of the following after
 the "cd aredn" command above:
 
-AREDN release 3.22.1.0
+AREDN® release 3.23.12.0
+
+```
+git checkout 3.23.12.0
+```
+
+AREDN® release 3.23.8.0
+
+```
+git checkout 3.23.8.0
+```
+
+AREDN® release 3.23.4.0
+
+```
+git checkout 3.23.4.0
+```
+
+AREDN® release 3.22.12.0
+
+```
+git checkout 3.22.12.0
+```
+
+AREDN® release 3.22.8.0
+
+```
+git checkout 3.22.8.0
+```
+
+AREDN® release 3.22.6.0
+
+```
+git checkout 3.22.6.0
+```
+
+AREDN® release 3.22.1.0
 
 ```
 git checkout 3.22.1.0
 ```
 
-AREDN release 3.21.4.0
+AREDN® release 3.21.4.0
 
 ```
 git checkout 3.21.4.0
 ```
 
-AREDN release 3.20.3.1
+AREDN® release 3.20.3.1
 
 ```
 git checkout 3.20.3.1
 ```
 
-AREDN release 3.20.3.0
+AREDN® release 3.20.3.0
 
 ```
 git checkout 3.20.3.0
 ```
 
-AREDN release 3.19.3.0
+AREDN® release 3.19.3.0
 
 ```
 git checkout 3.19.3.0
 ```
 
-AREDN release 3.18.9.0
+AREDN® release 3.18.9.0
 
 ```
 git checkout 3.18.9.0
 ```
 
-AREDN release 3.16.2.0
+AREDN® release 3.16.2.0
 
 ```
 git checkout 3.16.2.0
 ```
 
-AREDN release 3.16.1.1
+AREDN® release 3.16.1.1
 
 ```
 git checkout 3.16.1.1-make
 ```
 
-AREDN build 176
+AREDN® build 176
 
 ```
 git checkout 91ee867
@@ -302,9 +251,9 @@ Included in the git Repo:
 config.mk    <- build settings
 openwrt.mk   <- which openwrt repo and branch/tag/commit to use
 feeds.conf/  <- custom package feeds (edit to point to your clone of aredn_packages)
-files/       <- file system in AREDN created images, most customizations go here
-patches/     <- patches to openwrt go here 
-scripts/     <- tests and other scripts called from the build 
+files/       <- file system in AREDN® created images, most customizations go here
+patches/     <- patches to openwrt go here
+scripts/     <- tests and other scripts called from the build
 configs/     <- definitions of features in the devices' kernel and what packages to include
 Makefile     <- the build definition
 README.md    <- this file
@@ -317,12 +266,10 @@ results/     <- code checks and other test results in jUnit xml format
 
 ### Patches with quilt
 
-The patches directory contains quilt patches applied on top of the
-openwrt git repo defined in config.mk. 
+The patches directory contains quilt patches applied on top of the openwrt git repo defined in config.mk.
 
 If a patch is not yet included upstream, it can be placed in the `patches` directory with
-the `quilt` tool. Please configure `quilt` as described in 
-[OpenWrt Quilt](https://openwrt.org/docs/guide-developer/build-system/use-patches-with-buildsystem).  
+the `quilt` tool. Please configure `quilt` as described in [OpenWrt Quilt](https://openwrt.org/docs/guide-developer/build-system/use-patches-with-buildsystem).  
 
 #### Add, modify or delete a patch
 
@@ -343,13 +290,10 @@ quilt edit somedir/somefile2
 quilt refresh                 # creates/updates the patch file
 ```
 
-## Submitting new features and patches to AREDN
+## Submitting new features and patches to AREDN®
 
 The high level steps to submit to this repository https://github.com/aredn/aredn are:
 
 1) create a github account and 'fork' this repo
-2) git commit a change into your fork, e.g. http://github.com/ae6xe/aredn
-3) create a pull request for http://github.com/aredn/aredn to consider your change
-
-
-
+2) git commit a change into your fork, e.g. https://github.com/ae6xe/aredn
+3) create a pull request for https://github.com/aredn/aredn to consider your change

RELEASE_NOTES.md

@@ -0,0 +1,642 @@
+__RELEASE NOTES__
+
+# 3.23.12.0
+
+## Enhancements
+
+* Added Supernode support.
+
+  "Supernodes" are specifically configured AREDN nodes in various locations which support a 
+"mesh of meshes". With this release your localnode will automatically detect a nearby 
+supernode, and will show a new button on the Mesh Status page, labeled "Cloud Mesh". 
+Clicking on that button will take you to the Mesh Status page of that supernode and show you 
+all the nodes and services on the Cloud Mesh. You can navigate to any of them as though they
+were on your local mesh.
+
+  The URL for the supernode map is currently https://arednmap.xojs.org/  Clicking on any of the 
+nodes in the upper-right-hand corner of the map will filter all other nodes out, showing only the 
+types selected.
+
+* Remember and reinstall packages after firmware upgrade (AFTER this version is installed)
+* Simplified search tool
+* Added LZ77 decompression for Mikrotik firmware, which is now using a different compression method
+* Cron
+  * Now run cron.boot tasks earlier
+  * Changed pollrate default to one hour
+  * Added installable cron package for people who need more functionality
+* Improved dual radio configuration support in hAPs
+* Added support for wildcard DNS subdomains
+* Now using frequency list for scan.  Some hardware didn’t scan all the frequencies we want by default. (Not a fix for the scan issue seen on some AC devices.)
+* Set tunnel weight to 1 and provided UI to change it. With this change, if there are both RF and tunnel links to a destination, the tunnel value can be set high (relatively poor).  In that way traffic will only flow over the tunnel if the RF link goes down.  This provides an effective method for implementing backup links.
+* Bumped the allowed Ubiquiti version numbers to support AREDN installation on newer LiteBeam 5ACs.  (Probably all new Ubiquiti devices but currently only tested on Litebeams).
+* Xlink broadcast - Allow xlinks to broadcast OLSR traffic as well as targeting specific IPs.
+
+## New device support
+
+None in this release
+
+## Bug fixes
+
+* Now detect if we support firstboot mode (x86 VMs don't support it, so don't show the button in that case)
+* Fixed dnsmasq directives 
+* Correctly set wifi wan mode when depending on the mesh wifi setting.
+* Corrected a bug where it would mess up the wan wifi when switching the band of the mesh wifi
+* Made LQM neighbor improvements (fixed occasional exclusion of specific DtD neighbors)
+
+## Known problems
+
+* Ubiquiti 802.11ac devices - missing wifi scan and waterfall info
+
+# 3.23.8.0
+
+There have been over 70 nightly releases of the AREDN codebase since the last production release in April of 2023. Here are the highlights of the latest production release:	 	
+
+## Enhancements
+
+* Added Prometheus Metrics (meant for use with monitoring apps like Grafana)
+* SSH, TELNET and HTTP access to a node via the WAN port can now be disabled from the advanced configuration page.
+* Improved handling of unsupported hardware.
+* Use wifi assoc list when looking for unresponsive nodes
+* Allow MTU on wifi interface to be modified
+* Minor wifi monitor improvements for better metrics reporting
+* Merge all the station monitoring and mitigation into a single service
+* Support xlinks on x86
+* Remove subnet restrictions for xlinks
+* Support switching mesh radio on multi-radio devices
+* UI improvements from AB7PA
+* Upgrade to OpenWRT 22.03.5 
+* Added Advanced Networking tab
+* Feedback when pressing upload/download buttons
+* Virtualized X86 support
+* Restructure, modularize and tidy up the navigation buttons and menus
+* Remove hardwired frequency tables and use information from the hardware instead
+* Note devices which support the danger-upgrade process
+* Allow the “&” character in service paths
+* Added support for group alert messages
+
+## Known Issues
+
+* Wifi scanning on Ubiquiti AC devices does not return all found devices, only ones already associated with the node.
+
+## New Devices Added
+
+* New LiteBeam AC Gen2 variant
+* Mikrotik LDF 5AC 
+* Mikrotik LDF2
+* PowerBeam 5ac-620 support
+
+## Bug Fixes
+
+* Fix x86 upgrades (naming is a little odd)
+* Fix Mikrotik first install
+* Re-enable AREDN’s reset button behavior (was being overridden by OpenWrt’s)
+* Revert PowerBeam 5AC 400 name change which caused upgrade problems
+* Remove another coverage test which causes problems
+* Fix MTU failure which broke node setup
+* Avoid error if mac disappears across a radio reset
+* Monitor bug fixes
+* Fix bug when editing xlinks on single port devices
+* Enhance ‘has_wifi’ detection
+* Handle non-wifi devices passed to maxpower/pwroffset functions 
+* Fix LUA converting empty port object to empty array. 
+* Alternate ath9k and ath10k radio reset for deaf nodes
+* Fix API nil pointer when mac lookup fails
+* Disable WAN access to node by default
+* Fix disabled mesh on multi-wifi devices
+* Split rocket-m[52]-xw into different builds
+* Enable Rocket M XW (accidentally disabled when splitting out the M2 version)
+* Fix wifi setup for multi-radio devices 05/08/2023
+* Add missing radios.json for Powerbeam 5AC 400 05/07/2023 
+* Remove old PBE 100mb fix and /etc/rc.local where it was included
+* Fix channel display for 5GHz nodes
+* Tidy up the formatting and fix column widths
+* Fix syntax error in patch that broke network on many ath79 devices
+* Fix ar300m16 wan configuration 04/25/2023
+* Fix frequency range reporting and display for 900MHz & 3GHz devices
+* Tolerate missing frequency list
+* Fix missing POE for nanostation-m
+* Remove ar300m nand and nor builds which are causing confusion
+* Fix local message refresh 
+
+# 3.23.4.0
+
+There have been over 140 nightly releases of the AREDN codebase since the last production release in December 2022. Here are the highlights:
+
+## Major Enhancements
+
+* Support for the ‘AC’ class of radios [2]
+* Improved service validation
+* Improved WiFi scanning
+* Better error feedback for future upgrades
+* Hidden and Exposed node handling [3]
+* Enhance AP and WiFi Client channel selection
+* Support for easier “nightly build” testing
+* Upgraded to OpenWRT 22.03.3; the latest release of OpenWRT with many security and bug fixes.
+* Upgraded to Linux kernel 5.10.161
+
+**IMPORTANT NOTE!** 
+
+Because of changes in the way OpenWRT names devices, this upgrade is not simple to revert without reinstalling your node as if you just took it out of the box.
+
+## New Devices
+
+* Ubiquiti [1]
+    * LiteAP 5 AC
+    * LiteBeam AC5 Gen2
+    * NanoBeam AC 5 (WA)
+    * NanoBeam AC 5 (XC)
+    * NanoBeam AC 5 Gen 2 (WA)
+    * NanoBeam AC 5 Gen 2 (XC)
+    * NanoStation AC 5
+    * PowerBeam AC 5 Gen2
+    * PowerBeam AC 5 400
+    * PowerBeam AC 5 500
+    * Rocket 5 AC Lite
+* Mikrotik
+    * hAP ac2
+    * hAP ac3
+    * SXTsq 5 ac
+    * LHG 5 ac
+    * LHG XL 5 ac
+    * LDF 5
+    * mANTBox 15s
+    * mANTBox 19s
+* TPLink
+    * CPE710 v1.0
+* GL.iNet
+    * Shadow (128MB NAND)
+    * Slate
+    * Mudi
+
+For a full list of supported products, see the list [here](http://downloads.arednmesh.org/snapshots/SUPPORTED_DEVICES.md).
+
+**Notes:**
+
+1. **Important** - the initial factory installation instructions for Ubiquiti 802.11 ac products are new.  They can be found in the AREDN Online Documentation [here](http://docs.arednmesh.org/en/latest/arednGettingStarted/installing_firmware.html#ubiquiti-802-11ac-first-install-process).
+
+2. The 802.11ac products offer noticeable advantages over the legacy 802.11n devices.  If you’re contemplating a new deployment or just looking for better performance, consider an 802.11ac device.  Here’s [a list of recommended devices](https://www.arednmesh.org/content/device-migration-suggestions) for migrations.
+
+3. Over and above neighbor status states of pending, active and idle, new states of hidden and exposed have been added. Because the nodes talk amongst themselves, your node knows which of its neighbor nodes are nearby but hidden from it. This can be useful for network management. Exposed nodes are nodes that a node can see, but will block it from transmitting to other neighbors when they are transmitting. It's a bit complex - see the 'exposed node problem' in Wikipedia for more detail The AREDN team hopes to use these parameters in the future to reduce channel congestion.
+
+## Full Change List
+
+* RF performance improvements
+    * Now automatically enable RTS (Ready To Send) when hidden nodes detected
+    * Fixed IBSS (Independent Basic Service Set) problem on 2.4GHz
+    * Enabled negative channels for 2.4 GHz 802.11ac devices
+    * Fixed negative channels not beaconing.
+    * Fixed power offsets on various devices
+    * Fixed fccid beacon
+    * Fixed -ac coverage calculation in driver.
+    * Resolve unresponsive node problems with Mikrotik AC devices
+    * Now ignore non-routable when calculating hidden nodes
+* Network performance improvements
+    * Added a maximum timeout for service checks
+    * Provided a timeout on the iperf3 client
+    * iperf3: Improve error reporting when server is busy/disabled
+    * Set up to refresh LQM’s hostnames periodically
+    * Made the default country HX (HAM)Now handle missing IP address and create more general RF/DTD identification
+    * Validate state of services over a period of time before disabling advertisements
+    * Force dnsmasq to update itself if no network changes for > 60 secs
+    * Fixed idle tunnel quality check
+    * Fixed WAN VLAN detection on hAP
+    * Fixed the netmask on the br-nomesh device (for when RF mesh is disabled)
+    * A node with a single RF link can’t have any exposed nodes - corrected
+    * Filtered out non-routable ARP entries which confuse LQM
+    * Don't let services use hostnames which are not propagated.
+    * Block DHCP server traffic from ever going to the WAN interface
+    * Reworked the DTD blocking detection
+    * Fix occasional LQM nil error
+    * Eliminate false network rejoins using LQM information
+    * Force badly associated stations to reassociate.
+* Node management improvements
+    * Improved the quality of the scan output
+    * Improved idle tunnel quality measurement
+    * Provided better error feedback when upgrades fail
+    * Tagged devices which must be reinstalled. (The NAND layout for a few Mikrotik devices has changed sufficiently that they cannot be easily upgraded and must be reinstalled from scratch.)
+    * Now gather statistics about RF links
+    * Established a more consistent way to provide interface mac address in overrides
+    * Support forced upgrades
+    * Move the unconfigured setup earlier
+    * Handle system upgrade files of type “nand-sysupgrade”
+    * Remove WAN Wifi Client key lower limit
+    * Improve AP band selection
+    * Add extended channels to LAN AP list
+    * Fixed PowerBridge M upgrade
+    * Fixed AirRouter port identification
+    * Made sure we look for packages with the correct architecture
+    * Fixed AR150 port settings
+    * Fixed Mikrotik boot loader to avoid boot lockup problem
+    * Improved firmware failure error recovery
+    * Stop RETURN from refreshing the mesh page
+    * Fixed support for Mikrotik LHGG-5acd-xl
+    * Fixed upgrade compatibility for nanobeam m5 19
+    * Fixed AP mode selection when turning mesh back on.
+    * More fixes for AP mode
+    * Fixed firewall rule checking for existing drop rules
+    * Fixed monitors not detecting non-mesh mode
+    * Created new network configuration code
+* Miscellaneous
+    * Merged openwrt release 22.03.3
+    * Updated firmware selector on web page
+    * Made sure we never pass ‘nil’ to the json parser
+    * Fixed xlink firewall rule inserted incorrectly
+    * Removed a firmware blocker we no longer need
+    * Added a note about the USB150 & AR150 devices
+    * Added "hidden" and "exposed" node statuses to help file
+    * Re-enabled the  kmod-rtc-ds1307 package
+    * Some initramfs cleanup
+    * Generalized node-setup variable expansion
+    * Removed firewall counters except for specific ports
+    * Now use luci’s urldecode_params to handle query strings
+    * Added “tiny build” notes
+    * Set PowerBeam-M2-400 to stable status
+    * Fixed service alignments on web page
+    * Add SKUs to Supported Devices doc
+    * Cleaned up Supported Devices doc
+    * Split the various Mikrotik radios into their individual variants
+    * Clarified the Mikrotik LHG 2nd firmware versions
+    * Validate Bullet M5 build
+    * More upgrade compatibility
+    * Ath9k driver - no error accounting - added
+    * Fixed the bandwidth reporting for ath10k devices
+
+# 3.22.12.0
+
+Since version 3.22.8.0 was released in August, over 50 nightly builds have been released. So the dev team decided that it was time for another production release. While many of them were small tweaks, some were significant. Here’s a summary:
+
+## UI (web page) updates.
+
+Many updates were made to the UI (web pages) to increase usability and provide additional information. Some highlights:
+ 
+* Added NTP update period to basic setup page - can now choose between daily and hourly updates    
+* Now display host totals rather than OLSR totals     
+* Added search capabilities to the Mesh Status page     
+* Grouped Mesh RF info if WiFi is enabled     
+* Both types of gateways on Status page now displayed    
+* Added a warning when attempting to add extra packages to 32 MB nodes 
+* Added help link to pages missing it.
+* Changed support link to button
+* Updated help file for new Advanced Config format
+* Simplified Advanced Config display
+* Added units to Setup and Advanced Config pages
+
+## Miscellaneous fixes and updates
+ 
+* Optionally include static routes (and preserve them across upgrades)     
+* Added support for extra network links to OLSR     
+* Included wireguard packages in the repo
+* Fixed recoverymode script (didn't work correctly)
+* Stopped a node from including itself in its LQM neighbors
+* Fixed bad match for NAT DHCP addresses.
+* Added a wifi scan trigger for when the "nodes detected" count becomes zero (resets wifi)
+* Added a snapshot of hostnames after OLSR updates so we have a consistent copy to display on Mesh Status page
+* Advertised services:
+    * Determination logic updated
+    * Added more 3XX redirects + 401 authentication
+    * If redirect ends at an https link, assume it is valid
+
+# 3.22.8.0
+
+The AREDN development team has shifted into high gear with this third release of 2022!  This production release adds the many fixes and enhancements made since 3.22.6.0
+
+## Fixes
+
+* Dealt with LAN on AR300M always having the same MAC address.
+* Fixed default DHCP limits in NAT mode if fields are blank.
+* Fixed a "do not propagate" issue when reserving DHCP names.
+* Fixed tactical names.
+* Fully validate node and tactical names; give better messages when invalid.
+* Prevent < and > from being used in service names.
+* Correct map update claiming success when it actually fails.
+* Added device definition for Ubiquiti PBE M5 300-ISO.
+* Some Ubiquiti Powerbeams: keep 100MB as the only port speed, but let the port auto-negotiate with the switch to fix throughput issues.
+* Fixed display of unknown radio models.
+
+## Enhancements
+
+* Added a service alert icon.
+* Adjusted the Administration page display. (advanced WAN moved to AdvConfig page)
+* Added changeable WAN VLAN support to the Mikrotik hAP and AR300M.
+* Allowed display of longer filenames (wider field).
+* Now run an hourly check on published service and “unpublish” any which aren’t really available.  Re-enabled services will be republished automatically.
+* Added a visual indicator to show when a service is not being published.
+* Made “Keep Settings” more prominent.
+* Renamed Support Data file extension from tgz to gz (to allow them to be easily added to a forum post and/or github issues).
+* Allow zero length WAN WiFi client passphrases.
+* Allow LQM auto-distance to be overridden.
+* Further improvements in LQM.
+* Password visibility toggles on setup page.
+* Added connection status feedback when using WAN WiFi.
+* Status page now shows if you’re using wired or WiFi WAN.
+* Updated the HTML Help file to reflect these changes.
+
+# 3.22.6.0
+
+AREDN production release 3.22.6.0 is now available.  This is the release you've been looking for :-)
+
+Since the last production release, there have been 136 separate ‘pull requests’ in the AREDN github repository.   Those requests pulled these significant improvements and new features into the AREDN software:
+1. The conversion from Perl programming to Lua is complete - the result is a significantly smaller, somewhat faster, code base.
+
+2. Due to the recovered space in the image, tunnels are now always installed, so nothing needs to be done with them during future upgrades.
+
+3. After this upgrade, future upgrades should be much more reliable, especially on low memory devices.
+
+4. Tunnels will be prevented from accidentally connecting over the mesh.
+
+    Tunnels normally connect via the WAN interface, that being the point of the things. However, if the WAN interface on a node goes down for some reason (the tunnel server/client Internet fails) the node will select a new way to talk to the Internet by first routing over the Mesh. When this happens, tunnels could end up being routed partially over the mesh, which is bad because tunnels are also part of the mesh. So, we now prevent this by default by adding a firewall rule.
+
+
+5. You can now adjust the poll rate for alerts. AREDN alerts and local alerts (those yellow banner things you see sometimes) were polled twice a day. This is now configurable.
+
+6. There is now a 60-second timeout when tunnel connections are interrupted. 
+
+    Node tunnels run over TCP/IP so they guarantee that what is sent is what will be received. This is all fine when things are running reliably, but if a connected tunnel fails for a bit, but then recovers, this guarantee means very old, pending traffic will still be delivered. In AREDN’s case, this traffic is not useful to the user, and for OLSR it is positively dangerous to deliver ancient routing information. This is all low level protocol stuff and there will be no visible effects to users.
+
+
+7. Nodes which are only connected via the WAN port and tunnels (no Wifi, no LAN) can cause some configuration problems because AREDN really wants either the LAN port to be connected or the WiFI to be enabled. We made some changes, so this is no longer a requirement. Thanks to K1KY, who has some unusual setups, for finding this.
+
+8. Automatic NTP sync - we now locate an NTP server (either the one configured or by searching the mesh for a local one) and sync the time daily.
+
+9. Added the ability to change the default VLAN for the WAN port. Currently not available on devices which contain network switches.
+
+10. Included iperf3 by default, as well as a simple web UI. Its use is described here in the AREDN online docs.
+
+11. Updated the Advanced Configuration page; sorted items on the page into categories.
+
+12. Added the capability of loading firmware updates "locally" after copying them to the node via SCP.  This is useful if you’re trying to update a distant node over marginal links.   Information on how to use it is in the AREDN online docs, here.
+
+13. Nodes will now drop nodenames and services that haven't been included in a broadcast for approximately 30 minutes.
+
+14. The hardware brand and model have been added to the main page.
+
+15. Messages banner will only be displayed on the Status & Mesh pages, keeping the setup & admin pages uncluttered.
+
+16. Channels -3 and -4 have been added to 2 GHz, for use in those countries where it’s legal.
+
+17. Added link quality management (LQM). It’s designed to make the AREDN network more stable and improve the available bandwidth.    
+
+    When enabled LQM accomplishes this in two ways:
+First, it drops links to neighbors which won't work well. Links are dropped that don't have good SNR, are too far away, or have low quality (forcing retransmissions).
+Second, it uses the distance to the remaining links to optimize the radio which improves the bandwidth. This mechanism replaces the older ‘auto-distance’ system which was often confused by distant nodes with which it could barely communicate.
+
+
+Many LQM parameters are capable of being modified to allow for local network circumstances.  There’s documentation on LQM in both the node help file and in the AREDN on-line docs.
+
+**NOTE 1:** LQM is turned off by default, unless it was previously enabled in a nightly build.
+
+**NOTE 2:** Latitude and longitude need to be configured in order for LQM to work properly.
+ 
+**IMPORTANT NOTE:** If you’re running MeshChat and/or iPerfSpeed, after this upgrade you’ll need to install compatible versions of them (but note that with the built-in throughput test you may no longer need iPerfSpeed).  URLs for those versions:
+
+iperfSpeed: https://github.com/kn6plv/iperfspeed/raw/master/iperfspeed_0.6-lua_all.ipk
+
+MeshChat: https://github.com/kn6plv/meshchat/raw/master/meshchat_2.0_all.ipk
+
+# 3.22.1.0
+
+This release includes many significant improvements in the underlying OpenWRT code and stability/scalability fixes to the OLSR mesh routing protocol.
+ 
+## List of Changes:
+​
+1. The AREDN  simplified firmware filename standard has been changed to the default OpenWRT convention to leverage data files created at build time for future automation of firmware selection.
+
+    When installing this firmware release, from prior firmware versions, you may get an error message similar to
+
+        “This filename is NOT appropriate for this device.“
+        “This device expects a file such as: aredn-3.22.1.0-main-ef2d605-ubnt-nano-m-xw-.*sysupgrade.bin”
+        “Click OK to continue if you are CERTAIN that the file is correct”
+
+    Ensure that you are loading the correct file by referring to the downloads page, then safely ignore the warning.   Once this release is loaded, this error message will never occur again.
+
+2. When the size of the hostname and service advertisements exceeded the size of a single network packet, only IP addresses would be known.  The advertised services and hostname would not propagate to other nodes on the network.  The OLSR routing protocol was changed to fix this.
+
+3. The OLSR scalability failure, commonly called “OLSR storms”, has been fixed.  Large networks with hundreds of nodes would experience cycles of routing disruption, making the network unusable.  
+
+4. SNR history may be missing neighbor node names – fixed.
+
+5. When defining a local location of packages in Advanced Configuration, there was no way to change the location of some packages obtained from the upstream Freifunk group.    The Advanced Configuration page now has a row to define this local location.
+
+6. Performance improvements were made to the Mesh Status page based on results from the large scale stress test on Oct 31, 2021.
+
+7. Local alerts as configured on the Advanced Configuration page can now have zones which allow a mesh user to subscribe to alert messages affecting a specific locale.
+
+8. The allowed number of tunnel connections is now configurable on the Advanced Configuration page.
+
+9. There are numerous API updates.
+
+# 3.21.4.0
+
+This release contains, among other things the following changes and fixes:
+
+* Fix spike to zero in SNR Chart #90 (ab7pa)
+* Execute Button Description #86 (ab7pa)
+* Add Rocket XM ar71xx image to support older models with USB port #83 (ae6xe)
+* Fix tunnel server clients accidentally limited to 9 #82 (pmilazzo)
+* Add “none” type advanced config options to simplify the UI #81 (dman776)
+* Update banner #80 (dman776)
+* update login banner #79 (dman776)
+* Add mesh gateway setting to sysinfo.json #77 (dman776)
+* Add advanced config option to purge AREDN Alert msgs #76 (dman776)
+* Update alert banner background color #72 (ab7pa)
+* Reset download paths upon upgrade to default #69 (dman776)
+* Upgrade to openwrt 19.07.7 #68 (ae6xe)
+* Add new Mikrotik model string for SXTsq5nD #62 (ae6xe)
+
+# 3.20.3.1
+
+The AREDN® team is pleased to announce the general availability of the latest stable release of AREDN firmware. We now fully support 70+ devices from four manufacturers. This diversity of supported equipment enables hams to choose the right gear for a given situation and budget.
+
+Here is a summary of the significant changes since 3.20.3.0 was release:
+
+* Migrate all remaining TP-Link models to ath79 target
+* Fix CPE510 v3 image not installing
+* Fix Ethernet port to fully conform with AREDN expected usage on NanoStation M5 XW
+* Added ability to change and revert firmware and package download paths
+* Added target type info (ar71xx/ath79) to admin page
+* Fix issue with the map on the setup page PR #501
+* Added "aredn alerts" feature in header
+* Fix firewall blocking traffic when using tunnel PR #524
+* Added support for Mikrotik r2 hardware
+* Bump to OpenWRT 19.07.3 https://openwrt.org/releases/19.07/notes-19.07.3
+* Use "mode ether" for tunnel links reducing ETX to 0.1
+* Change default map tile server url away from MapBox PR #527
+* Allow ping from WAN to node
+
+# 3.20.3.0
+
+The AREDN team is pleased to announce the general availability of the latest stable release of AREDN firmware. We now fully support 70+ devices from four manufacturers. This diversity of supported equipment enables hams to choose the right gear for a given situation and budget.
+
+AREDN firmware is now based on the most recent stable version of OpenWRT19.07.2 which was released in March 2020. This improvement is significant in that it enables AREDN firmware to benefit from the many bug fixes, security improvements and feature enhancements provided by OpenWRT developers from around the world.
+
+The latest AREDN firmware contains features inherited from the newest OpenWRT upstream release (19.07.2). One important change is the inclusion of a new target (architecture) for the firmware, labelled “ath79”, which is the successor to the existing “ar71xx” targets. OpenWRT explains that their main goal for this target is to bring the code into a form that will allow all devices to run a standard unpatched Linux kernel. This will greatly reduce the amount of customization required and will streamline the firmware development process. As not all supported devices have been migrated to the new “ath79” target, AREDN continues to build firmware for both targets.  You may notice that the AREDN download page has firmware for these two targets, and you should select the latest image based on the type of hardware (and the recommended target) on which it is to be installed. 
+
+## Changes to the Supported Platform Matrix
+
+Several devices are now shaded in light green to indicate that they are no longer recommended for AREDN firmware, primarily due to their low computing resources (memory/storage).
+
+The following new devices are newly supported in the latest firmware release.
+
+## GL.iNet
+
+* AR750 definitions #425 (ae6xe)
+
+* AR300M16 #419 (ae6xe)
+
+* USB150 Microuter #411 (ae6xe)
+
+* AR150 #407 (ZL2WRW)
+
+## Mikrotik
+
+* RB911G-2HPnD mANTBox #464 (ae6xe)
+
+* RBSXTsq2nD #461 (ae6xe)
+
+* SXTsq 2nD #458 (ae6xe)
+
+* RBSXTsq5nD #453 (ae6xe)
+
+* RBSXTsq5HPnD #446 (ae6xe)
+
+* LDF-2nD, LHG-2nD, LHG-2nD-XL #436 (ae6xe)
+
+* New LDF5 model number #410 (ae6xe)
+
+* LHG 5HPnD #395 (ae6xe)
+
+## TP-LINK
+CPE210 v3.1 and v3.2 #484 (ae6xe)
+
+WBS510 V2 #466 (apcameron)
+
+## Features added
+
+* Upgraded to pre-openwrt-19.07.2 #487 (ae6xe)
+
+* Added /etc/board.json to aredn support data download #483 (ae6xe)
+
+* Added contact info/comment field for each tunnel connect… #479 (r1de)
+
+* Removed libopenssl (large library) and disable ssl in vtun #475 (dman776)
+
+* Common build config updates #467 (ae6xe)
+
+* Reduce visual clutter on mesh status page #459 (kostecke)
+
+* Removed the meshmap=1 option from sysinfo.json. #454 (r1de)
+
+* Updated Help for passive Wifi Scan updates #445 (ae6xe)
+
+* Switch from active to passive wifi scan #444 (ae6xe)
+
+* Updated with note regarding gl.inet keep settings #440 (dman776)
+
+* Added olsr restart option in AdvancedConfig #435 (ae6xe)
+
+* Enabled wan wifi client to connect to an open AP #434 (ae6xe)
+
+* Added wan wifi client capability #430 (ae6xe)
+
+* Check less frequently to updated Mesh link LED #422 (ae6xe)
+
+* Added “MESH” led for GL USB150 #417 (dman776)
+
+* Added first_boot field to indicate if this node has been configured #416 (dman776)
+
+* Added auto distance setting option #409 (ae6xe)
+
+* New sysinfo json changes #405 (r1de)
+
+* Fixed the consistency between “archive” and “realtime” SNR data #403 (mcleanra)
+
+* Updated .gitnignore to ignore more build artifacts #402 (BKasin)
+
+* Minor UI/output updates #399 (BKasin)
+
+* Set default channel and width #396 (ae6xe)
+
+* API - added current dhcp leases #394 (dman776)
+
+* Added localhosts info to api #390 (mcleanra)
+
+* Added OLSR current neighbor info to API #389 (dman776)
+
+* Added chart endpoint to the /api #386 (mcleanra)
+
+* Added a wifi scan endpoint to the /api #379 (mcleanra)
+
+## Bugs fixed
+
+* PBE400/400-ISO/620 port hang #493 (ae6xe)
+
+* Changed firmware download location #488 (dman776)
+
+* Port Forward not working over dtdlink in LAN NAT mode #485 (ae6xe)
+
+* Added missing network definitions for GL-AR150 #482 (ae6xe)
+
+* ath79 TP-Link CPE210 v2 changed name #481 (ae6xe)
+
+* Fixed the Authentication for vtun to be compatible with legacy #478 (apcameron)
+
+* Fixed status led for the WBS510-v2 #476 (apcameron)
+
+* +x to /www/cgi-bin/mesh - 403 error if not. #460 (r1de)
+
+* WAN interface fails to function on UBNT NS XM devices #433 (ae6xe)
+
+* Fixed instance of sysupgrade failing #432 (ae6xe)
+
+* Mesh Status missing owning host of service advertisement #421 (ae6xe)
+
+* Added build config for AR300M #420 (ae6xe)
+
+* Fixed index error in aredn_info lib #412 (dman776)
+
+* Fixed call to getFrequency() to getFreq() in api #408 (r1de)
+
+* UBNT LBE-M5 does not identify boardid #401 (ae6xe)
+
+* Added luasocket feed to make luasocket package available #391 (dman776)
+
+## Known issues
+Please refer to https://github.com/aredn/aredn_ar71xx/issues for a list of outstanding defects.
+
+## Key workarounds
+
+### OLSR Restart
+
+OLSR is the capability in AREDN that exchanges IP Addresses, Hostnames, and figures how to route packets across the mesh network.   There continues to be an intermittent defect when OLSR starts as a device is powering up. OLSR fails to propagate or may miss receiving some hostname information.  A one-time restart of OLSR will resolve the situation. This option can be found in Advanced Configuration settings--it doesn’t save a setting per se, rather restarts OLSR without rebooting the device.  
+
+How do I know when OLSR needs to be restarted:
+
+* IP Address is showing in Mesh Status:  go to the IP Address’s node and restart OLSR
+
+* “Dtdlink” or “mid” is showing in a host name:  go to those hosts and restart OLSR
+
+* Others can access a device by the hostname, but I can’t:  restart OLSR on my device
+
+### PBE 400/400-ISO/620 degraded throughput over ethernet port
+
+These Uniquiti PBE devices have a gigabit Ethernet port that does not handshake correctly with some switches.   The device’s Ethernet port is locked to a 100mbps rate at Full-Duplex (still sufficient for the max rates generally achieved over RF).  This made the port always functional, but for some switches the performance may be severely degraded. It is recommended to lock the rate on all switches this devices is connected to at the same 100mbps rate at Full-Duplex.  Check your switch’s port statistics to determine if there are TX or RX packet errors. Alternatively, an iperf test from the node to another node on the same switch will identify if there is any performance degradation.
+
+### Upgrading Firmware Images
+
+1) 32M RAM devices continue to be at the limit of available memory.  This means that doing a sysupgrade to load new firmware may take many tries to succeed.   Don't use these devices at hard to reach tower sites! The sysupgrade process needs close to 10M of memory to succeed. 
+
+    **Tips to get it to work:**
+
+    1) fresh reboot and very quickly do the upgrade (recommended for all devices, particular if at a tower site)
+
+    2) disable mesh RF and any use of wireless, reboot before sysupgrade
+
+    3) disable or uninstall any packages that are running, e.g. meshchat
+
+    4) as an almost last resort, scp the .bin image to /tmp on the node and from the command line type "sysupgrade -n <.bin filename>" (does not save settings)
+
+    5) as the last resort, tftp to load the factory image (does not save settings) 
+
+2) Do not count on being able to sysupgrade to return back to older AREDN images, when upgrading to ‘ath79’ target images.    It might work, it might not based on if model names were cleaned up and changed moving to ath79. The older images may not be recognized on the newer target images.  Do a tftp process instead.
+
+3) To know what image to use, pay close attention to the table located here (scroll down):  https://github.com/aredn/aredn_ar71xx .

SUPPORTED_DEVICES.md

@@ -0,0 +1,167 @@
+# Supported Devices
+
+**Stability**
+* *untested* - this image has not been tested on hardware. It may or may not work.
+* *stable* - this image has been tested on hardware. There may still be bugs.
+
+**Status**
+* *released* - this image is in a production release of the AREDN firmware.
+* *nightly* - this device is newly supported in the nightly builds (since the last production release).
+* *sunset* - this device is supported but no longer recommended. Support will be deprecated in the future.
+* *brick* - this image has been tested and found to brick your hardware. Avoid for now.
+
+The 'target' and 'subtarget' identify the directory in which to find the image on at http://downloads.arednmesh.org
+
+## Mikrotik
+Model | SKUs | Band | Target | Subtarget | Image | RAM | Stability | Status
+:------ | :----: | :----: | :------: | :---------: | :-----: | :---: | :---------: | :------
+hAP ac lite <br> hAP ac lite TC | RB952Ui-5ac2nD <br> RB952Ui-5ac2nD-TC | 2 & 5 | ath79 | mikrotik | mikrotik-952ui-5ac2nd | 64MB | stable | released
+hAP ac² | RBD52G-5HacD2HnD-TC | 2 & 5 | ipq40xx | mikrotik | mikrotik_hap-ac2 | 128MB | stable | released
+hAP ac³ | RBD53iG-5HacD2HnD | 2 & 5 | ipq40xx | mikrotik | mikrotik_hap-ac3 | 256MB | stable | released
+SXTsq Lite2 | RBSXTsq2nD | 2 | ath79 | mikrotik | mikrotik-sxt-2nd | 64MB | stable | released
+SXTsq Lite5 | RBSXTsq5nD | 5 | ath79 | mikrotik | mikrotik-sxt-5nd | 64MB | stable | released
+SXTsq 5 High Power | RBSXTsq5HPnD | 5 | ath79 | mikrotik | mikrotik-sxt-5hpnd | 64MB | stable | released
+SXTsq 5 ac | RBSXTsqG-5acD | 5 | ipq40xx | mikrotik | mikrotik_sxtsq-5-ac | 256MB | stable | released
+LHG 2 | RBLHG-2nD | 2 | ath79 | mikrotik | mikrotik-lhg-2nd | 64MB | stable | released
+LHG XL 2 | RBLHG-2nD-XL | 2 | ath79 | mikrotik | mikrotik-lhg-2nd-xl | 64MB | stable | released
+LHG 5 | RBLHG-5nD | 5 | ath79 | mikrotik | mikrotik-lhg-5nd | 64MB | stable | released
+LHG HP5 | RBLHG-5HPnD | 5 | ath79 | mikrotik | mikrotik-lhg-5hpnd | 64MB | stable | released
+LHG XL HP5 | RBLHG-5HPnD-XL | 5 | ath79 | mikrotik | mikrotik-lhg-5hpnd-xl | 64MB | stable | released
+LHG 5 ac | RBLHGG-5acD | 5 | ipq40xx | mikrotik | mikrotik_lhgg-5acd | 256MB | stable | released
+LHG XL 5 ac | RBLHGG-5acD-XL | 5 | ipq40xx | mikrotik | mikrotik_lhgg-5acd-xl | 256MB | stable | released
+LDF 2 | RBLDF-2nD | 2 | ath79 | mikrotik | mikrotik-ldf-2nd | 64MB | stable | released
+LDF 5 | RBLDF-5nD | 5 | ath79 | mikrotik | mikrotik-ldf-5nd | 64MB | stable | released
+LDF 5 ac | RBLDFG-5acD | 5 | ipq40xx | mikrotik | mikrotik-ldf-5acd | 64MB | stable | released
+RB911G-2HPnD <br> mANTBox 2 12s | RB911G-2HPnD <br> RB911G-2HPnD-12S | 2 | ath79 | mikrotik | - | 64MB | untested | released
+RB911G-5HPnD | RB911G-5HPnD | 5 | ath79 | mikrotik | - | 64MB | untested | released
+QRT 5 | RB911G-5HPnD-QRT | 5 | ath79 | mikrotik | mikrotik-911g-5hpnd-qrt | 64MB | stable | released (1)
+RB912UAG-2HPnD <br> BaseBox 2 | RB912UAG-2HPnD <br> RB912UAG-2HPnD-OUT | 2 | ath79 | mikrotik | mikrotik-912uag-2hpnd | 64MB | untested | released
+RB912UAG-5HPnD <br> BaseBox 5 | RB912UAG-5HPnD <br> RB912UAG-5HPnD-OUT | 5 | ath79 | mikrotik | mikrotik-912uag-5hpnd | 64MB | stable | released (1)
+mANTBox 15s | RB921GS-5HPacD-15S | 5 | ath79 | mikrotik | mikrotik-921gs-5hpacd-15s | 128MB | stable | released
+mANTBox 19s | RB921GS-5HPacD-19S | 5 | ath79 | mikrotik | mikrotik-921gs-5hpacd-19s | 128MB | stable | released
+mANTBox 2 12s | RB911G-2HPnD-12S | 2 | ath79 | mikrotik | mikrotik-911g-2hpnd-12s | 64MB | stable | nightly
+
+## Ubiquiti
+Model | SKUs | Band | Target | Subtarget | Image | RAM | Stability | Status
+:------ | :----: | :----: | :------: | :---------: | :-----: | :---: | :---------: | :------
+Bullet M2 XW || 2 | ath79 | generic | ubnt_bullet-m-xw | 64MB | untested | released
+LiteAP 5AC | LAP-120 <br> LAP-120-US <br> LBE-5AC-16-120 <br> LBE-5AC-16-120-US | 5 | ath79 | generic | ubnt_lap-120 | 64MB | stable | released
+LiteBeam AC5 Gen2 | LBE-5AC <br> LBE-5AC-US | 5 | ath79 | generic | ubnt_litebeam-ac-gen2 | 64MB | stable | released
+LiteBeam AC5 LR | LBE-5AC-LR <br> LBE-5AC-LR-US | 5 | ath79 | generic | ubnt_litebeam-ac-lr | 64MB | stable | nightly
+LiteBeam M5 || 5 | ath79 | - | - | 64MB | untested | released
+NanoBeam 2AC 13 (2WA) || 2 | ath79 | generic | ubnt_nanobeam-2ac-13 | 64MB | stable | nightly
+NanoBeam AC 5 (WA) || 5 | ath79 | generic | ubnt_nanobeam-ac | 64MB | untested | released
+NanoBeam AC 5 (XC) || 5 | ath79 | generic | ubnt_nanobeam-ac-xc | 64MB | stable | released
+NanoBeam AC 5 Gen 2 (WA) || 5 | ath79 | generic | ubnt_nanobeam-ac-gen2 | 128MB | stable | released
+NanoBeam AC 5 Gen 2 (XC) || 5 | ath79 | generic | ubnt_nanobeam-ac-gen2-xc | 128MB | untested | released
+NanoBeam M5-16 || 5 | ath79 | generic | ubnt_nanobeam-m5-16 | 64MB | stable | released
+NanoBeam M5-19 || 5 | ath79 | generic | ubnt_nanobeam-m5-19 | 64MB | stable | released
+NanoStation AC 5 | NS-5AC <br> NS-5AC-US | 5 | ath79 | generic | ubnt_nanostation-ac | 64MB | stable | released
+NanoStation Loco M2 XW || 2 | ath79 | generic | ubnt_nanostation-loco-m-xw | 64MB | untested | released
+NanoStation Loco M5 XW || 5 | ath79 | generic | ubnt_nanostation-loco-m-xw | 64MB | stable | released
+NanoStation M2 XW || 2 | ath79 | generic | ubnt_nanostation-m-xw | 64MB | stable | released
+NanoStation M5 XW || 5 | ath79 | generic | ubnt_nanostation-m-xw | 64MB | stable | released
+PowerBeam AC 5 Gen2 || 5 | ath79 | generic | ubnt_powerbeam-5ac-gen2 | 128MB | untested | released
+PowerBeam AC 5 400 || 5 | ath79 | generic | ubnt_powerbeam-5ac-400 | 128MB | untested | released
+PowerBeam AC 5 500 | PBE-5AC-500 <br> PBE-5AC-500-US | 5 | ath79 | generic | ubnt_powerbeam-5ac-500 | 128MB | stable | released
+PowerBeam AC 5 620 || 5 | ath79 | generic | ubnt_powerbeam-5ac-620 | 128MB | untested | released
+PowerBeam-M2-400 || 2 | ath79 | generic | ubnt_powerbeam-m2-xw | 64MB | stable | released
+PowerBeam-M5-300 || 5 | ath79 | generic | ubnt_powerbeam-m5-300 | 64MB | stable | released
+PowerBeam-M5-400 || 5 | ath79 | generic | ubnt_powerbeam-m5-xw | 64MB | stable | released
+PowerBeam-M5-400ISO || 5 | ath79 | generic | ubnt_powerbeam-m5-xw | 64MB | stable | released
+PowerBeam-M5-620 || 5 | ath79 | generic | ubnt_powerbeam-m5-xw | 64MB | stable | released
+PowerBridge || 5 | ath79 | generic | ubnt_powerbridge-m | 64MB | untested | released
+Rocket AC Lite 5 | R5AC-LITE <br> R5AC-LITE-US | 5 | ath79 | generic | ubnt_rocket-5ac-lite | 128MB | stable | released
+Rocket M9 XM || 900 | ath79 | generic | ubnt_rocket-m | 64MB | stable | released
+Rocket M2 XM || 2 | ath79 | generic | ubnt_rocket-m | 64MB | stable | released
+Rocket M3 XM || 3 | ath79 | generic | ubnt_rocket-m | 64MB | stable | released
+Rocket M5 XM || 5 | ath79 | generic | ubnt_rocket-m | 64MB | stable | released
+Rocket M5GPS XM || 5 | ath79 | generic | ubnt_rocket-m | 64MB | stable | released
+Rocket M2 XM with USB port || 2 | ath79 | generic | ubnt_rocket-m | 64MB | untested | released
+Rocket M5 XM with USB port || 5 | ath79 | generic | ubnt_rocket-m | 64MB | untested | released
+Rocket M2 XW || 2 | ath79 | generic | ubnt_rocket-m2-xw | 64MB | stable | released
+Rocket M5 XW || 5 | ath79 | generic | ubnt_rocket-m5-xw | 64MB | stable | released
+Rocket M2 Titanium TI || 2 | ath79 | - | - | 64MB | untested | released
+Rocket M2 Titanium XW || 2 | ath79 | generic | ubnt_rocket-m2-xw | 64MB | untested | released
+Rocket M5 Titanium TI || 5 | ath79 | - | - | 64MB | untested | released
+Rocket M5 Titanium XW || 5 | ath79 | generic | ubnt_rocket-m5-xw | 64MB | stable | released
+**Sunset Devices** | | | | | | | |
+AirGrid M2 XM || 2 | ath79 | tiny (2) | ubnt_bullet-m-ar7241 | 32MB | untested | sunset
+AirGrid M5 XM || 5 | ath79 | tiny (2) | ubnt_bullet-m-ar7241 | 32MB | untested | sunset
+AirGrid M5 XW || 5 | ath79 | generic | ubnt_bullet-m-xw | 32MB | untested | sunset
+AirRouter || 2 | ath79 | tiny (2) | ubnt_airrouter | 32MB | stable | sunset
+AirRouter HP || 2 | ath79 | tiny (2) | ubnt_airrouter | 32MB | stable | sunset
+Bullet M2Ti || 2 | ath79 | - | - | 32MB | untested | sunset
+Bullet M5 || 5 | ath79 | tiny (2) | ubnt_bullet-m-ar7241 | 32MB | stable | sunset
+Bullet M5Ti || 5 | ath79 | - | - | 32MB | untested | sunset
+Bullet M2 || 2 | ath79 | tiny (2) | ubnt_bullet-m-ar7241 | 32MB | stable | sunset
+NanoBeam M2-13 || 2 | ath79 | - | - | 32MB | untested | sunset
+NanoBridge 2G18 || 2 | ath79 | tiny (2) | ubnt_nanobridge-m | 32MB | untested | sunset
+NanoBridge 5G22 || 5 | ath79 | tiny (2) | ubnt_nanobridge-m | 32MB | stable | sunset
+NanoBridge 5G25 || 5 | ath79 | tiny (2) | ubnt_nanobridge-m | 32MB | stable | sunset
+NanoBridge M9 || 900 | ath79 | tiny (2) | ubnt_nanostation-loco-m | 32MB | stable | sunset
+NanoStation Loco M2 XM || 2 | ath79 | tiny (2) | ubnt_nanostation-loco-m | 32MB | stable | sunset
+NanoStation Loco M5 XM || 5 | ath79 | tiny (2) | ubnt_nanostation-loco-m | 32MB | untested | sunset
+NanoStation Loco M9 XM || 900 | ath79 | tiny (2) | ubnt_nanostation-loco-m | 32MB | stable | sunset
+NanoStation M2 XM || 2 | ath79 | tiny (2) | ubnt_nanostation-m | 32MB | stable | sunset
+NanoStation M3 XM || 3 | ath79 | tiny (2) | ubnt_nanostation-m | 32MB | stable | sunset
+NanoStation M5 XM || 5 | ath79 | tiny (2) | ubnt_nanostation-m | 32MB | stable | sunset
+PicoStation M2 || 2 | ath79 | tiny (2) | ubnt_picostation-m | 32MB | untested | sunset
+
+## TP-Link
+Model | SKUs | Band | Target | Subtarget | Image | RAM | Stability | Status
+:------ | :----: | :----: | :------: | :---------: | :-----: | :---: | :---------: | :------
+TPLink CPE210 v1.X || 2 | ath79 | generic | tplink_cpe210-v1 | 64MB | stable | released
+TPLink CPE210 v2.0 || 2 | ath79 | generic | tplink_cpe210-v2 | 64MB | stable | released
+TPLink CPE210 v3.0 || 2 | ath79 | generic | tplink_cpe210-v3 | 64MB | untested | released
+TPLink CPE220 v2.0 || 2 | ath79 | generic | tplink_cpe220-v2 | 64MB | untested | released
+TPLink CPE220 v3.0 || 2 | ath79 | generic | tplink_cpe220-v3 | 64MB | untested | released
+TPLink CPE510 v1.X || 5 | ath79 | generic | tplink_cpe510-v1 | 64MB | stable | released
+TPLink CPE510 v2.0 || 5 | ath79 | generic | tplink_cpe510-v2 | 64MB | stable | released
+TPLink CPE510 v3.0 || 5 | ath79 | generic | tplink_cpe510-v3 | 64MB | stable | released
+TPLink CPE605 v1.0 || 5 | ath79 | generic | tplink_cpe605-v1 | 64MB | untested | released
+TPLink CPE610 v1.0 || 5 | ath79 | generic | tplink_cpe610-v1 | 64MB | untested | released
+TPLink CPE610 v2.0 || 5 | ath79 | generic | tplink_cpe610-v2 | 64MB | untested | released
+TPLink CPE710 v1.0 | CPE710 V1.0 | 5 | ath79 | generic | tplink_cpe710-v1 | 128MB | stable | released
+TPLink WBS210 v1.0 || 2 | ath79 | generic | tplink_wbs210-v1 | 64MB | untested | released
+TPLink WBS210 v2.0 || 2 | ath79 | generic | tplink_wbs210-v2 | 64MB | untested | released
+TPLink WBS510 v1.0 || 5 | ath79 | generic | tplink_wbs510-v1 | 64MB | untested | released
+TPLink WBS510 v2.0 || 5 | ath79 | generic | tplink_wbs510-v2 | 64MB | untested | released
+
+## GL.iNet
+Model | SKUs | Band | Target | Subtarget | Image | RAM | Stability | Status
+:------ | :----: | :----: | :------: | :---------: | :-----: | :---: | :---------: | :------
+Shadow (16MB NOR) | GL-AR300M16 <br> GL-AR300M16-Ext | 2 | ath79 | generic | glinet_gl-ar300m16 | 64MB | stable | released
+Shadow (128MB NAND) | GL-AR300M <br> GL-AR300M-Ext | 2 | ath79 | nand | gl-ar300m-nand | 128MB | stable | nightly
+Mudi | GL-E750 | 2 & 5 | ath79 | nand | gl-e750 | 128MB | stable | nightly
+Convexa-B | GL-B1300 | 2 & 5 | ipq40xx | generic | gl-b1300 | 256MB | untested | nightly
+Beryl | GL-MT1300 | 2 & 5 | ramips | mt7621 | gl-mt1300 | 256MB | untested | nightly (4)
+**Sunset Devices** | | | | | | | |
+White | GL-AR150 | 2 | ath79 | generic | glinet_gl-ar150 | 64MB | stable | sunset (3)
+Microuter | GL-USB150 | 2 | ath79 | generic | glinet_gl-usb150 | 64MB | stable | sunset (3)
+Creta | GL-AR750 | 2 | ath79 | generic | glinet_gl-ar750 | 128MB | stable | sunset (3)
+Slate | GL-AR750S-Ext | 2 | ath79 | nand | gl-ar750s | 128MB | untested | sunset (3)
+
+## Meraki
+Model | SKUs | Band | Target | Subtarget | Image | RAM | Stability | Status
+:------ | :----: | :----: | :------: | :---------: | :-----: | :---: | :---------: | :------
+Meraki MR-16 | MR16-HW | 5 | ath79 | - | - | 64MB | unsupported | **brick**
+
+## x86 / Virtual Machine
+
+Hypervisor |  Target | Subtarget | Image | RAM | Stability | Status
+:------ | :------: | :---------: | :-----: | :---: | :---------: | :------
+Vmware ESXi  | x86 | 64 | x86-64-generic-ext4 | 64mb+ | stable | nightly (5)
+Proxmox pve  | x86 | 64 | x86-64-generic-ext4 | 64mb+ | stable | released  (5)
+Unraid | x86 |  64  | x86-64-generic-ext4 | 64mb+ | unsupported | nightly (5)
+
+
+## Footnotes
+ 1. This device is supported for new installs. It can also be upgraded from 3.22.12.0 after first installing the [DangerousUpgrade package](https://github.com/kn6plv/DangerousUpgrade/raw/main/dangerousupgrade_0.1_all.ipk) to disable the firmware compatibility checks. Proceed carefully.
+ 2. Tiny builds exclude support for *tunnels* and *WiFi AP* mode due to lack of resources. The relevant packages can be installed separately but this is not recommended.
+ 3. These devices are no longer being manufactured by GL-iNET. They may not reboot reliably and you may need to power cycle them (several times) during an update.
+ 4. 20MHz channels only.
+ 5. x86 images are for advanced users. See "Installing AREDN Firmware" x86 documentation section.
+
+
+Latest installation instructions are found at: https://docs.arednmesh.org/en/latest/

config.mk

@@ -1,7 +1,7 @@
 # default parameters for Makefile
 
 # What version will show in the AREDN firmware 'Node Status" UI page?
-PRIVATE_BUILD_VERSION=3.22.6.0
+PRIVATE_BUILD_VERSION=NoCall
 
 # build options:  -j# for (# of cores +1) on build machine,  V=s for verbose output
 # https://wiki.openwrt.org/doc/howto/build#make_options  (archive)
@@ -12,8 +12,8 @@ MAKE_ARGS=-j3
 # Where will the installed image find add-on Packages to download?
 # This URL must contain the packages from this build
 # downloading packages within the AREDN UI uses signatures 
-PRIVATE_BUILD_PACKAGES=http://downloads.arednmesh.org/3/22/3.22.6.0
+PRIVATE_BUILD_PACKAGES=http://downloads.arednmesh.org/snapshots
 
 # These options are for more complex changes
 SHELL:=$(shell which bash)
-TARGET=ar71xx-generic
+TARGET=ath79-generic

configs/README

@@ -0,0 +1,16 @@
+How to update AREDN config files
+
+1) do (or start) an AREDN build, e.g. "make MAINTARGET=ipq40xx SUBTARGET=mikrotik"
+2) from ./openwrt directory, "make menuconfig"
+3) update config options via the menu and save
+4) capture the updated config, from ./openwrt directory, e.g.:
+    "./scripts/diffconfig.sh > ../configs/ipq40xx-mikrotik.config"
+
+Notes:
+1) adding the same option to every MAINTARGET-SUBTARGET.config file is
+    done one at a time.
+2) It can be very difficult to manually determine compatible dependencies
+    of config options.
+3) Not recommended to manually update the MAINTARGET-SUBTARGET.config
+    file.  If you do, append the setting at the end (will take 
+    precendent).  

configs/ar71xx-generic.config

@@ -1,21 +0,0 @@
-CONFIG_TARGET_ar71xx=y
-CONFIG_TARGET_ar71xx_generic=y
-CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_ubnt-bullet-m=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_ubnt-loco-m-xw=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_ubnt-nano-m=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_ubnt-rocket-m-ti=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_ubnt-rocket-m-xw=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_ubnt-rocket-m=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_ubnt-lbe-m5=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_gl-ar300m=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_gl-usb150=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_gl-ar750=y
-CONFIG_TARGET_DEVICE_ar71xx_generic_DEVICE_mr16=y
-CONFIG_HAS_SUBTARGETS=y
-CONFIG_HAS_DEVICES=y
-CONFIG_TARGET_BOARD="ar71xx"
-CONFIG_TARGET_SUBTARGET="generic"
-CONFIG_TARGET_ARCH_PACKAGES="mips_24kc"
-CONFIG_DEFAULT_TARGET_OPTIMIZATION="-Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc"
-CONFIG_CPU_TYPE="24kc"

configs/ar71xx-mikrotik.config

@@ -1,14 +0,0 @@
-CONFIG_TARGET_ar71xx=y
-CONFIG_TARGET_ar71xx_mikrotik=y
-CONFIG_TARGET_MULTI_PROFILE=y
-CONFIG_TARGET_SUBTARGET=mikrotik
-CONFIG_TARGET_DEVICE_ar71xx_mikrotik_DEVICE_nand-large=y
-CONFIG_TARGET_DEVICE_ar71xx_mikrotik_DEVICE_rb-nor-flash-16M-ac=y
-CONFIG_TARGET_DEVICE_ar71xx_mikrotik_DEVICE_rb-nor-flash-16M=y
-CONFIG_DEFAULT_ath10k-firmware-qca9887=y
-CONFIG_DEFAULT_ath10k-firmware-qca988x=y
-CONFIG_DEFAULT_kmod-ath10k=y
-CONFIG_DEFAULT_kmod-ledtrig-gpio=y
-CONFIG_DEFault_kmod-usb-ehci=y
-CONFIG_DEFAULT_rssileds=y
-CONFIG_PACKAGE_rbcfg=y

configs/ath79-generic.config

@@ -1,32 +1,50 @@
 CONFIG_TARGET_ath79=y
 CONFIG_TARGET_ath79_generic=y
-CONFIG_TARGET_MULTI_PROFILE=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-ar150=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs210-v1=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs210-v2=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs510-v1=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs510-v2=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe510-v1=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe510-v2=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe510-v3=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe610-v1=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe610-v2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-ar300m16=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-ar750=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_glinet_gl-usb150=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe210-v1=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe210-v2=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe210-v3=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe220-v2=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe220-v3=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_airrouter=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_bullet-m=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe510-v1=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe510-v2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe510-v3=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe605-v1=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe610-v1=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe610-v2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_cpe710-v1=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs210-v1=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs210-v2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs510-v1=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_tplink_wbs510-v2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_bullet-ac=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_bullet-m-xw=y
-CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanostation-m=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_lap-120=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_litebeam-ac-gen2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_litebeam-ac-lr=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-2ac-13=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-ac-gen2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-ac=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-ac-xc=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-ac-gen2-xc=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-m5-xw=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-m5-16=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanobeam-m5-19=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanostation-ac=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanostation-loco-m-xw=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_nanostation-m-xw=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbeam-m5-300=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbeam-m2-xw=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbeam-m5-xw=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbeam-5ac-400=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbeam-5ac-500=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbeam-5ac-620=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbeam-5ac-gen2=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_powerbridge-m=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_rocket-5ac-lite=y
 CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_rocket-m=y
-CONFIG_HAS_SUBTARGETS=y
-CONFIG_HAS_DEVICES=y
-CONFIG_TARGET_BOARD="ath79"
-CONFIG_TARGET_SUBTARGET="generic"
-CONFIG_TARGET_ARCH_PACKAGES="mips_24kc"
-CONFIG_DEFAULT_TARGET_OPTIMIZATION="-Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc"
-CONFIG_CPU_TYPE="24kc"
-CONFIG_PACKAGE_sysfsutils=m
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_rocket-m2-xw=y
+CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_ubnt_rocket-m-xw=y

configs/ath79-mikrotik-ath10k.config

@@ -0,0 +1,17 @@
+CONFIG_TARGET_ath79=y
+CONFIG_TARGET_ath79_mikrotik=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-921gs-5hpacd-15s=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-921gs-5hpacd-19s=y
+
+#
+# Mikrotik use initramfs to install
+#
+CONFIG_TARGET_ROOTFS_INITRAMFS=y
+#
+# DEVICE_PACKAGES are not included in the initramfs, but for these devices we need
+# extra packages pre-installed to successfully install sysupgrade.
+#
+CONFIG_PACKAGE_ath10k-board-qca988x=y
+CONFIG_PACKAGE_ath10k-firmware-qca988x-ct=y
+CONFIG_PACKAGE_kmod-ath10k-ct=y
+CONFIG_PACKAGE_nand-utils=y

configs/ath79-mikrotik-nand.config

@@ -0,0 +1,16 @@
+CONFIG_TARGET_ath79=y
+CONFIG_TARGET_ath79_mikrotik=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-911g-5hpnd-qrt=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-912uag-2hpnd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-912uag-5hpnd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-911g-2hpnd-12s=y
+
+#
+# Mikrotik use initramfs to install
+#
+CONFIG_TARGET_ROOTFS_INITRAMFS=y
+#
+# DEVICE_PACKAGES are not included in the initramfs, but for these devices we need
+# extra packages pre-installed to successfully install sysupgrade.
+#
+CONFIG_PACKAGE_nand-utils=y

configs/ath79-mikrotik.config

@@ -0,0 +1,18 @@
+CONFIG_TARGET_ath79=y
+CONFIG_TARGET_ath79_mikrotik=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-952ui-5ac2nd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-lhg-2nd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-lhg-2nd-xl=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-sxt-2nd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-lhg-5nd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-lhg-5hpnd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-lhg-5hpnd-xl=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-sxt-5nd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-sxt-5hpnd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-ldf-5nd=y
+CONFIG_TARGET_DEVICE_ath79_mikrotik_DEVICE_mikrotik_routerboard-ldf-2nd=y
+
+#
+# Mikrotik use initramfs to install
+#
+CONFIG_TARGET_ROOTFS_INITRAMFS=y

configs/ath79-nand.config

@@ -0,0 +1,6 @@
+CONFIG_TARGET_ath79=y
+CONFIG_TARGET_ath79_nand=y
+CONFIG_TARGET_DEVICE_ath79_nand_DEVICE_glinet_gl-ar300m-nand=y
+CONFIG_TARGET_DEVICE_ath79_nand_DEVICE_glinet_gl-ar750s-nor-nand=y
+CONFIG_TARGET_DEVICE_ath79_nand_DEVICE_glinet_gl-ar750s-nor=y
+CONFIG_TARGET_DEVICE_ath79_nand_DEVICE_glinet_gl-e750=y

configs/ath79-tiny.config

@@ -0,0 +1,22 @@
+CONFIG_TARGET_ath79=y
+CONFIG_TARGET_ath79_tiny=y
+CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_ubnt_airrouter=y
+CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_ubnt_bullet-m-ar7241=y
+CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_ubnt_nanostation-loco-m=y
+CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_ubnt_nanobridge-m=y
+CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_ubnt_nanostation-m=y
+CONFIG_TARGET_DEVICE_ath79_tiny_DEVICE_ubnt_picostation-m=y
+
+# Overrides to save as much space as we can
+CONFIG_KERNEL_CC_STACKPROTECTOR_NONE=y
+CONFIG_KERNEL_PRINTK=n
+CONFIG_PACKAGE_ATH_SPECTRAL=n
+CONFIG_PACKAGE_ethtool=m
+CONFIG_PACKAGE_iperf3=m
+CONFIG_PACKAGE_libustream-mbedtls=m
+CONFIG_PACKAGE_kmod-wireguard=m
+CONFIG_PACKAGE_vtun=m
+CONFIG_PACKAGE_wireguard=m
+CONFIG_PACKAGE_wireguard-tools=m
+CONFIG_PKG_CC_STACKPROTECTOR_NONE=y
+CONFIG_PKG_FORTIFY_SOURCE_NONE=y

configs/common.config

@@ -1,119 +1,181 @@
-CONFIG_KERNEL_CRASHLOG=n
-CONFIG_KERNEL_SWAP=n
-CONFIG_KERNEL_KALLSYMS=n
-CONFIG_KERNEL_DEBUG_INFO=n
-CONFIG_KERNEL_ELF_CORE=n
-CONFIG_KERNEL_MAGIC_SYSRQ=n
-CONFIG_PACKAGE_MAC80211_MESH=n
-CONFIG_STRIP_KERNEL_EXPORTS=y
-CONFIG_USE_MKLIBS=y
-CONFIG_LOG_BUF_SHIFT=16
-CONFIG_LOG_CPU_MAX_BUF_SHIFT=16
-CONFIG_KERNEL_IPV6=n
-CONFIG_KERNEL_IPV6_MULTIPLE_TABLES=n
-CONFIG_KERNEL_IPV6_SUBTREES=n
-CONFIG_KERNEL_IPV6_MROUTE=n
-CONFIG_IPV6=n
 CONFIG_ATH_USER_REGD=y
-CONFIG_PACKAGE_bridge=y
-CONFIG_PACKAGE_busybox=y
-CONFIG_BUSYBOX_CUSTOM=y
-CONFIG_BUSYBOX_DEFAULT_FEATURE_IPV6=n
-CONFIG_BUSYBOX_CONFIG_FEATURE_IPV6=n
-CONFIG_BUSYBOX_CONFIG_TELNETD=y
-CONFIG_BUSYBOX_DEFAULT_MKSWAP=n
-CONFIG_BUSYBOX_CONFIG_MKSWAP=n
-CONFIG_BUSYBOX_CONFIG_FEATURE_TOP_INTERACTIVE=y
 CONFIG_BUSYBOX_CONFIG_ARPING=y
-CONFIG_PACKAGE_dnsmasq=y
-CONFIG_PACKAGE_dropbear=y
+CONFIG_BUSYBOX_CONFIG_CROND=n
+CONFIG_BUSYBOX_CONFIG_FEATURE_IPV6=n
+CONFIG_BUSYBOX_CONFIG_FEATURE_TOP_INTERACTIVE=y
+CONFIG_BUSYBOX_CONFIG_MKSWAP=n
+CONFIG_BUSYBOX_CONFIG_NTPD=y
+CONFIG_BUSYBOX_CONFIG_SETSID=y
+CONFIG_BUSYBOX_CONFIG_TELNETD=y
+CONFIG_BUSYBOX_CUSTOM=y
+CONFIG_DROPBEAR_AGENTFORWARD=n
+CONFIG_DROPBEAR_CURVE25519=n
+CONFIG_DROPBEAR_CHACHA20POLY1305=n
+CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD=n
+CONFIG_DROPBEAR_ECC=y
+CONFIG_DROPBEAR_ED25519=n
+CONFIG_IMAGEOPT=y
+CONFIG_IPV6=n
+CONFIG_JSON_OVERVIEW_IMAGE_INFO=y
+CONFIG_KERNEL_AIO=n
+CONFIG_KERNEL_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_KERNEL_CGROUPS=n
+CONFIG_KERNEL_CRASHLOG=n
+CONFIG_KERNEL_DEBUG_INFO=n
+CONFIG_KERNEL_DEVPTS_MULTIPLE_INSTANCES=n
+CONFIG_KERNEL_ELF_CORE=n
+CONFIG_KERNEL_IO_URING=n
+CONFIG_KERNEL_IP_MROUTE=n
+CONFIG_KERNEL_IPV6=n
+CONFIG_KERNEL_KALLSYMS=n
+CONFIG_KERNEL_KEYS=n
+CONFIG_KERNEL_MAGIC_SYSRQ=n
+CONFIG_KERNEL_NAMESPACES=n
+CONFIG_KERNEL_POSIX_MQUEUE=n
+CONFIG_KERNEL_RELAY=y
+CONFIG_KERNEL_SECCOMP=n
+CONFIG_KERNEL_SWAP=n
+CONFIG_LIBCURL_COOKIES=y
+CONFIG_LIBCURL_FILE=y
+CONFIG_LIBCURL_FTP=y
+CONFIG_LIBCURL_HTTP=y
+CONFIG_LIBCURL_NGHTTP2=n
+CONFIG_LIBCURL_NO_SMB=y
+CONFIG_LIBCURL_PROXY=y
+CONFIG_LIBCURL_NO_RTSP=n
+CONFIG_PACKAGE_ATH_DEBUG=y
+CONFIG_PACKAGE_ATH_DYNACK=y
+CONFIG_PACKAGE_ATH_SPECTRAL=y
+CONFIG_PACKAGE_blockknownencryption=m
+CONFIG_PACKAGE_block-mount=m
+CONFIG_PACKAGE_cgi-io=n
+CONFIG_PACKAGE_curl=y
+CONFIG_PACKAGE_e2fsprogs=m
+CONFIG_PACKAGE_ethtool=y
+CONFIG_PACKAGE_firewall4=y
 CONFIG_PACKAGE_iperf3=y
-CONFIG_PACKAGE_iptables=y
-CONFIG_PACKAGE_kmod-ipt-nathelper=y
-CONFIG_PACKAGE_kmod-usb-core=m
-CONFIG_PACKAGE_kmod-usb-ehci=m
-CONFIG_PACKAGE_kmod-usb-ohci=m
-CONFIG_PACKAGE_kmod-usb-uhci=m
+CONFIG_PACKAGE_jansson=n
+CONFIG_PACKAGE_kmod-crypto-crc32c=m
+CONFIG_PACKAGE_kmod-fs-ext4=m
+CONFIG_PACKAGE_kmod-fs-ntfs=m
+CONFIG_PACKAGE_kmod-fs-vfat=m
+CONFIG_PACKAGE_kmod-ipip=y
+CONFIG_PACKAGE_kmod-iptunnel4=y
+CONFIG_PACKAGE_kmod-iptunnel=y
+CONFIG_PACKAGE_kmod-lib-crc16=m
+CONFIG_PACKAGE_kmod-lib-crc-ccitt=m
+CONFIG_PACKAGE_kmod-nft-core=y
+CONFIG_PACKAGE_kmod-nft-fib=y
+CONFIG_PACKAGE_kmod-nft-nat=y
+CONFIG_PACKAGE_kmod-nft-offload=y
+CONFIG_PACKAGE_kmod-nls-cp437=m
+CONFIG_PACKAGE_kmod-nls-iso8859-1=m
+CONFIG_PACKAGE_kmod-nls-utf8=m
+CONFIG_PACKAGE_kmod-ppp=m
+CONFIG_PACKAGE_kmod-pppoe=m
+CONFIG_PACKAGE_kmod-pppox=m
+CONFIG_PACKAGE_kmod-rtc-ds1307=m
+CONFIG_PACKAGE_kmod-scsi-core=m
+CONFIG_PACKAGE_kmod-slhc=m
+CONFIG_PACKAGE_kmod-tun=m
 CONFIG_PACKAGE_kmod-usb2=m
 CONFIG_PACKAGE_kmod-usb3=m
-CONFIG_PACKAGE_block-mount=m
-CONFIG_PACKAGE_kmod-fs-vfat=m
-CONFIG_PACKAGE_kmod-fs-ntfs=m
-CONFIG_PACKAGE_kmod-fs-ext4=m
-CONFIG_PACKAGE_e2fsprogs=m
-CONFIG_PACKAGE_kmod-usb-storage=m
+CONFIG_PACKAGE_kmod-usb-ohci=m
 CONFIG_PACKAGE_kmod-usb-storage-extras=m
+CONFIG_PACKAGE_kmod-usb-storage=m
 CONFIG_PACKAGE_kmod-usb-storage-uas=m
-CONFIG_PACKAGE_kmod-mmc=m
-CONFIG_PACKAGE_mmc-utils=m
-CONFIG_PACKAGE_kmod-sdhci=m
-CONFIG_PACKAGE_kmod-sdhci-mt7620=m
-CONFIG_PACKAGE_libgcc=y
-CONFIG_PACKAGE_mtd=y
-CONFIG_PACKAGE_ppp=n
-CONFIG_PACKAGE_ppp-mod-pppoe=n
-CONFIG_PACKAGE_odhcp6c=n
-CONFIG_PACKAGE_odhcpd=n
-CONFIG_PACKAGE_odhcpd-ipv6only=n
-CONFIG_PACKAGE_kmod-ppp=n
-CONFIG_PACKAGE_kmod-pppoe=n
-CONFIG_PACKAGE_kmod-pppox=n
-CONFIG_PACKAGE_uhttpd=y
-CONFIG_PACKAGE_olsrd=y
-CONFIG_PACKAGE_perl=m
-CONFIG_PACKAGE_olsrd-mod-arprefresh=y
-CONFIG_PACKAGE_olsrd-mod-dyn-gw=y
-CONFIG_PACKAGE_olsrd-mod-nameservice=y
-CONFIG_PACKAGE_olsrd-mod-txtinfo=y
-CONFIG_PACKAGE_olsrd-mod-jsoninfo=y
-CONFIG_PACKAGE_olsrd-mod-dot-draw=y
-CONFIG_PACKAGE_olsrd-mod-watchdog=y
-CONFIG_PACKAGE_olsrd-mod-secure=m
-CONFIG_PACKAGE_perlbase-essential=m
-CONFIG_PACKAGE_perlbase-xsloader=m
-CONFIG_PACKAGE_perlbase-file=m
-CONFIG_PACKAGE_perlbase-perlio=m
-CONFIG_PACKAGE_libpcap=m
-CONFIG_PACKAGE_tcpdump-mini=m
-CONFIG_PACKAGE_ntpclient=m
-CONFIG_PACKAGE_xinetd=m
-CONFIG_PACKAGE_kmod-ipv6=n
-CONFIG_PACKAGE_ip6tables=n
-CONFIG_PACKAGE_kmod-ip6tables=n
-CONFIG_PACKAGE_libip6tc=n
-CONFIG_PACKAGE_ip=y
-CONFIG_PACKAGE_iptables-mod-ipopt=y
-CONFIG_PACKAGE_iwinfo=y
-CONFIG_PACKAGE_libiwinfo=y
-CONFIG_PACKAGE_socat=y
-CONFIG_PACKAGE_curl=y
-CONFIG_PACKAGE_libnetsnmp=m
-CONFIG_PACKAGE_snmpd=m
-CONFIG_PACKAGE_lua=y
+CONFIG_PACKAGE_kmod-usb-uhci=m
+CONFIG_PACKAGE_kmod-usb-xhci-hcd=m
+CONFIG_PACKAGE_kmod-wireguard=y
+CONFIG_PACKAGE_libblkid=m
+CONFIG_PACKAGE_libcomerr=m
+CONFIG_PACKAGE_libcurl=y
+CONFIG_PACKAGE_libext2fs=m
+CONFIG_PACKAGE_libiwinfo-lua=y
 CONFIG_PACKAGE_liblua=y
-CONFIG_PACKAGE_libuci-lua=y
+CONFIG_PACKAGE_liblucihttp-lua=y
+CONFIG_PACKAGE_liblucihttp=y
+CONFIG_PACKAGE_liblzo=m
+CONFIG_PACKAGE_libnetsnmp=m
+CONFIG_PACKAGE_libnftnl=y
+CONFIG_PACKAGE_libnghttp2=n
+CONFIG_PACKAGE_libpcap=m
+CONFIG_PACKAGE_libpci=m
+CONFIG_PACKAGE_libpcre=m
+CONFIG_PACKAGE_librt=y
+CONFIG_PACKAGE_libss=m
+CONFIG_PACKAGE_libsysfs=m
 CONFIG_PACKAGE_libubus-lua=y
-CONFIG_PACKAGE_luci-base=y
-CONFIG_PACKAGE_luci-lib-nixio=y
+CONFIG_PACKAGE_libuci-lua=y
+CONFIG_PACKAGE_libustream-wolfssl=n
+CONFIG_PACKAGE_libuuid=m
+CONFIG_PACKAGE_libwolfssl=n
+CONFIG_PACKAGE_libxtables=y
+CONFIG_PACKAGE_lua-bit32=y
+CONFIG_PACKAGE_luaposix=n
+CONFIG_PACKAGE_luasocket=y
+CONFIG_PACKAGE_lua=y
+CONFIG_PACKAGE_luci-lib-base=y
 CONFIG_PACKAGE_luci-lib-ip=y
 CONFIG_PACKAGE_luci-lib-jsonc=y
-CONFIG_PACKAGE_libc=y
-CONFIG_PACKAGE_libjson-c=y
-CONFIG_PACKAGE_libnl_tiny=y
-CONFIG_PACKAGE_libiwinfo-lua=y
-CONFIG_PACKAGE_luaposix=y
-CONFIG_PACKAGE_luasocket=y
+CONFIG_PACKAGE_luci-lib-nixio=y
+CONFIG_PACKAGE_micrond=m
+CONFIG_PACKAGE_mii-tool=m
+CONFIG_PACKAGE_nftables-json=y
+CONFIG_PACKAGE_nftables=y
+CONFIG_PACKAGE_odhcp6c=n
+CONFIG_PACKAGE_odhcpd-ipv6only=n
+CONFIG_PACKAGE_odhcpd=n
+CONFIG_PACKAGE_olsrd-mod-arprefresh=y
+CONFIG_PACKAGE_olsrd-mod-dot-draw=y
+CONFIG_PACKAGE_olsrd-mod-dyn-gw=y
+CONFIG_PACKAGE_olsrd-mod-jsoninfo=y
+CONFIG_PACKAGE_olsrd-mod-nameservice=y
+CONFIG_PACKAGE_olsrd-mod-secure=m
+CONFIG_PACKAGE_olsrd-mod-txtinfo=y
+CONFIG_PACKAGE_olsrd-mod-watchdog=y
+CONFIG_PACKAGE_olsrd=y
+CONFIG_PACKAGE_ppp=m
+CONFIG_PACKAGE_ppp-mod-pppoe=m
+CONFIG_PACKAGE_procd-seccomp=n
+CONFIG_PACKAGE_procd-ujail=n
+CONFIG_PACKAGE_prometheus-exporter=y
+CONFIG_PACKAGE_rpcd-mod-file=y
+CONFIG_PACKAGE_rpcd-mod-luci=y
+CONFIG_PACKAGE_rpcd=y
+CONFIG_PACKAGE_snmpd=m
+CONFIG_PACKAGE_socat=m
+CONFIG_PACKAGE_sysfsutils=m
+CONFIG_PACKAGE_tcpdump-mini=m
+CONFIG_PACKAGE_ubi-utils=y
+CONFIG_PACKAGE_uhttpd=y
 CONFIG_PACKAGE_vtun=y
-CONFIG_PACKAGE_kmod-ipip=y
-CONFIG_IMAGEOPT=y
-CONFIG_VERSIONOPT=y
-CONFIG_VERSION_DIST="AREDN"
-CONFIG_PACKAGE_ATH_DYNACK=y
-CONFIG_PACKAGE_ATH_DEBUG=y
-CONFIG_PACKAGE_blockknownencryption=m
+CONFIG_PACKAGE_wireguard=y
+CONFIG_PACKAGE_wireguard-tools=y
+CONFIG_PACKAGE_wpad-mini=y
+CONFIG_PACKAGE_xinetd=n
+CONFIG_PACKAGE_zlib=m
+CONFIG_PACKAGE_zram-swap=n
+CONFIG_PKG_ASLR_PIE_NONE=y
+CONFIG_PKG_RELRO_NONE=y
 CONFIG_PREINITOPT=y
+CONFIG_SECCOMP=n
+CONFIG_STRIP_KERNEL_EXPORTS=y
+CONFIG_TARGET_MULTI_PROFILE=y
+CONFIG_TARGET_PER_DEVICE_ROOTFS=y
 CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y
+CONFIG_TARGET_ROOTFS_INITRAMFS=n
+CONFIG_VERSION_BUG_URL="https://github.com/aredn/aredn/issues"
+CONFIG_VERSION_CODE=""
+CONFIG_VERSION_DIST="AREDN"
+CONFIG_VERSION_FILENAMES=y
+CONFIG_VERSION_HOME_URL=""
+CONFIG_VERSION_HWREV=""
+CONFIG_VERSION_MANUFACTURER=""
+CONFIG_VERSION_MANUFACTURER_URL=""
+CONFIG_VERSIONOPT=y
+CONFIG_VERSION_PRODUCT=""
+CONFIG_VERSION_REPO="http://downloads.arednmesh.org/snapshots"
+CONFIG_VERSION_SUPPORT_URL="https://arednmesh.org"
+CONFIG_VTUN_LZO=y
 CONFIG_VTUN_SSL=n
-CONFIG_PACKAGE_ethtool=y
-CONFIG_JSON_OVERVIEW_IMAGE_INFO=y
-CONFIG_PACKAGE_kmod-rtc-ds1307=m

configs/ipq40xx-generic.config

@@ -0,0 +1,3 @@
+CONFIG_TARGET_ipq40xx=y
+CONFIG_TARGET_ipq40xx_generic=y
+CONFIG_TARGET_DEVICE_ipq40xx_generic_DEVICE_glinet_gl-b1300=y

configs/ipq40xx-mikrotik.config

@@ -0,0 +1,13 @@
+CONFIG_TARGET_ipq40xx=y
+CONFIG_TARGET_ipq40xx_mikrotik=y
+CONFIG_TARGET_DEVICE_ipq40xx_mikrotik_DEVICE_mikrotik_hap-ac2=y
+CONFIG_TARGET_DEVICE_ipq40xx_mikrotik_DEVICE_mikrotik_hap-ac3=y
+CONFIG_TARGET_DEVICE_ipq40xx_mikrotik_DEVICE_mikrotik_lhgg-5acd=y
+CONFIG_TARGET_DEVICE_ipq40xx_mikrotik_DEVICE_mikrotik_lhgg-5acd-xl=y
+CONFIG_TARGET_DEVICE_ipq40xx_mikrotik_DEVICE_mikrotik_sxtsq-5-ac=y
+CONFIG_TARGET_DEVICE_ipq40xx_mikrotik_DEVICE_mikrotik_ldf-5acd=y
+
+#
+# Mikrotik use initramfs to install
+#
+CONFIG_TARGET_ROOTFS_INITRAMFS=y

configs/ramips-mt7621.config

@@ -0,0 +1,3 @@
+CONFIG_TARGET_ramips=y
+CONFIG_TARGET_ramips_mt7621=y
+CONFIG_TARGET_DEVICE_ramips_mt7621_DEVICE_glinet_gl-mt1300=y

configs/x86-64.config

@@ -0,0 +1,6 @@
+CONFIG_TARGET_x86=y
+CONFIG_TARGET_x86_64=y
+CONFIG_TARGET_ALL_PROFILES=y
+CONFIG_TARGET_ROOTFS_INITRAMFS=n
+CONFIG_TARGET_ROOTFS_TARGZ=n
+CONFIG_TARGET_ROOTFS_SQUASHFS=n

feeds.conf

@@ -1 +1 @@
-src-git arednpackages https://github.com/aredn/aredn_packages;3.22.6.0
+src-git arednpackages https://github.com/aredn/aredn_packages;develop

files/etc/antennas.json

@@ -0,0 +1,426 @@
+{
+    "900MHz": [
+        {
+            "model": "",
+            "description": "None"
+        },
+        {
+            "model": "unknown",
+            "description": "Unknown"
+        },
+        {
+            "model": "AM-9M13-120",
+            "description": "airMAX 900 MHz, 13 dBi, 120° Sector",
+            "gain": 13,
+            "beamwidth": 120
+        },
+        {
+            "model": "NB-OD9",
+            "description": "airMAX NanoBridge OD9 Offset Dish, 11 dBi",
+            "gain": 11,
+            "beamwidth": 10
+        },
+        {
+            "model": "Generic-Omni",
+            "description": "Generic Omni",
+            "gain": 0,
+            "beamwidth": 360
+        }
+    ],
+    "2.4GHz": [
+        {
+            "model": "",
+            "description": "None"
+        },
+        {
+            "model": "unknown",
+            "description": "Unknown"
+        },
+        {
+            "model": "AMO-2G10",
+            "description": "airMAX 2.4 GHz, 10 dBi Omni",
+            "gain": 10,
+            "beamwidth": 360
+        },
+        {
+            "model": "AMO-2G13",
+            "description": "airMAX 2.4 GHz, 13 dBi Omni",
+            "gain": 13,
+            "beamwidth": 360
+        },
+        {
+            "model": "AM-V2G-Ti-15",
+            "description": "airMAX Sector 2.4 GHz Titanium, 15 dBi 120° Sector",
+            "gain": 15,
+            "beamwidth": 120
+        },
+        {
+            "model": "AM-V2G-Ti-16",
+            "description": "airMAX Sector 2.4 GHz Titanium, 16 dBi 90° Sector",
+            "gain": 16,
+            "beamwidth": 90
+        },
+        {
+            "model": "AM-V2G-Ti-17",
+            "description": "airMAX Sector 2.4 GHz Titanium, 17 dBi 60° Sector",
+            "gain": 17,
+            "beamwidth": 60
+        },
+        {
+            "model": "AM-2G15-120",
+            "description": "airMAX 2.4 GHz, 15 dBi, 120° Sector",
+            "gain": 15,
+            "beamwidth": 120
+        },
+        {
+            "model": "AM-2G16-90",
+            "description": "airMAX 2.4 GHz, 16 dBi, 90° Sector",
+            "gain": 16,
+            "beamwidth": 90
+        },
+        {
+            "model": "AF-2G24-S45",
+            "description": "airFiber X 2.4 GHz, 24 dBi 6.6°, Slant 45 Dish",
+            "gain": 24,
+            "beamwidth": 6.6
+        },
+        {
+            "model": "UB24EWIFIDBI",
+            "description": "KP Performance Antenna, 19 dBi 12° Dish",
+            "gain": 19,
+            "beamwidth": 12
+        },
+        {
+            "model": "AS24G17B90MS-KU",
+            "description": "Altelix 17 dBi 90° Sector",
+            "gain": 17,
+            "beamwidth": 90
+        },
+        {
+            "model": "TL-ANT2424MD",
+            "description": "TP-Link 24 dBi 6° Dish",
+            "gain": 24,
+            "beamwidth": 6
+        },
+        {
+            "model": "Generic-Omni",
+            "description": "Generic Omni",
+            "gain": 0,
+            "beamwidth": 360
+        },
+        {
+            "model": "Generic-Sector-120",
+            "description": "Generic 120° Sector",
+            "gain": 0,
+            "beamwidth": 90
+        },
+        {
+            "model": "Generic-Sector-90",
+            "description": "Generic 90° Sector",
+            "gain": 0,
+            "beamwidth": 90
+        },
+        {
+            "model": "Generic-Sector-60",
+            "description": "Generic 90° Sector",
+            "gain": 0,
+            "beamwidth": 60
+        },
+        {
+            "model": "Generic-Sector-45",
+            "description": "Generic 90° Sector",
+            "gain": 0,
+            "beamwidth": 45
+        },
+        {
+            "model": "Generic-Dish-10",
+            "description": "Generic 10° Dish",
+            "gain": 0,
+            "beamwidth": 10
+        },
+        {
+            "model": "Generic-Dish-6",
+            "description": "Generic 6° Dish",
+            "gain": 0,
+            "beamwidth": 6
+        },
+        {
+            "model": "Generic-Dish-3",
+            "description": "Generic 3° Dish",
+            "gain": 0,
+            "beamwidth": 3
+        }
+    ],
+    "3GHz": [
+        {
+            "model": "",
+            "description": "None"
+        },
+        {
+            "model": "unknown",
+            "description": "Unknown"
+        },
+        {
+            "model": "UB24EWIFIDBI",
+            "description": "KP Performance Antenna, 21 dBi 9° Dish",
+            "gain": 21,
+            "beamwidth": 9
+        },
+        {
+            "model": "Generic-Omni",
+            "description": "Generic Omni",
+            "gain": 0,
+            "beamwidth": 360
+        },
+        {
+            "model": "Generic-Sector-120",
+            "description": "Generic 120° Sector",
+            "gain": 0,
+            "beamwidth": 90
+        },
+        {
+            "model": "Generic-Sector-90",
+            "description": "Generic 90° Sector",
+            "gain": 0,
+            "beamwidth": 90
+        },
+        {
+            "model": "Generic-Sector-60",
+            "description": "Generic 90° Sector",
+            "gain": 0,
+            "beamwidth": 60
+        },
+        {
+            "model": "Generic-Sector-45",
+            "description": "Generic 90° Sector",
+            "gain": 0,
+            "beamwidth": 45
+        },
+        {
+            "model": "Generic-Dish-10",
+            "description": "Generic 10° Dish",
+            "gain": 0,
+            "beamwidth": 10
+        },
+        {
+            "model": "Generic-Dish-6",
+            "description": "Generic 6° Dish",
+            "gain": 0,
+            "beamwidth": 6
+        },
+        {
+            "model": "Generic-Dish-3",
+            "description": "Generic 3° Dish",
+            "gain": 0,
+            "beamwidth": 3
+        }
+    ],
+    "5GHz": [
+        {
+            "model": "",
+            "description": "None"
+        },
+        {
+            "model": "unknown",
+            "description": "Unknown"
+        },
+        {
+            "model": "AMO-5G10",
+            "description": "airMAX 5 GHz, 10 dBi Omni",
+            "gain": 10,
+            "beamwidth": 360
+        },
+        {
+            "model": "AMO-5G13",
+            "description": "airMAX 5 GHz, 13 dBi Omni",
+            "gain": 10,
+            "beamwidth": 360
+        },
+        {
+            "model": "AM-5G16-120",
+            "description": "airMAX 5 GHz, 16 dBi 120° Sector",
+            "gain": 16,
+            "beamwidth": 120
+        },
+        {
+            "model": "AM-5G17-90",
+            "description": "airMAX 5 GHz, 17 dBi 90° Sector",
+            "gain": 17,
+            "beamwidth": 90
+        },
+        {
+            "model": "AM-5G19-120",
+            "description": "airMAX 5 GHz, 19 dBi 120° Sector",
+            "gain": 19,
+            "beamwidth": 120
+        },
+        {
+            "model": "AM-5G20-90",
+            "description": "airMAX 5 GHz, 20 dBi 90° Sector",
+            "gain": 20,
+            "beamwidth": 90
+        },
+        {
+            "model": "AM-5AC21-60",
+            "description": "airMAX AC 5 GHz, 21 dBi, 60° Sector",
+            "gain": 21,
+            "beamwidth": 60
+        },
+        {
+            "model": "AM-5AC22-45",
+            "description": "airMAX AC 5 GHz, 22 dBi, 45° Sector",
+            "gain": 22,
+            "beamwidth": 45
+        },
+        {
+            "model": "AP-5AC-90-HD",
+            "description": "airPRISM 3x30° HD Sector",
+            "gain": 22,
+            "beamwidth": 30
+        },
+        {
+            "model": "AF-5G23-S45",
+            "description": "airFiber X 5 GHz, 23 dBi 10°, Slant 45 Dish",
+            "gain": 23,
+            "beamwidth": 10
+        },
+        {
+            "model": "AF-5G30-S45",
+            "description": "airFiber X 5 GHz, 30 dBi 5.8°, Slant 45 Dish",
+            "gain": 30,
+            "beamwidth": 5.8
+        },
+        {
+            "model": "AF-5G34-S45",
+            "description": "airFiber X 5 GHz, 34 dBi 3°, Slant 45 Dish",
+            "gain": 34,
+            "beamwidth": 3
+        },
+        {
+            "model": "RD-5G30",
+            "description": "airMAX AC 5 GHz, 30 dBi 5° RocketDish",
+            "gain": 30,
+            "beamwidth": 5
+        },
+        {
+            "model": "RD-5G31-AC",
+            "description": "airMAX AC 5 GHz, 31 dBi 4° RocketDish",
+            "gain": 31,
+            "beamwidth": 4
+        },
+        {
+            "model": "RD-5G34",
+            "description": "airMAX AC 5 GHz, 34 dBi 3° RocketDish",
+            "gain": 34,
+            "beamwidth": 3
+        },
+        {
+            "model": "Horn-5-90",
+            "description": "airMAX PrismStation Horn, 13 dBi 90°",
+            "gain": 13,
+            "beamwidth": 90
+        },
+        {
+            "model": "Horn-5-60",
+            "description": "airMAX PrismStation Horn, 16 dBi 60°",
+            "gain": 16,
+            "beamwidth": 60
+        },
+        {
+            "model": "Horn-5-45",
+            "description": "airMAX PrismStation Horn, 15.5 dBi 45°",
+            "gain": 15.5,
+            "beamwidth": 45
+        },
+        {
+            "model": "Horn-5-30",
+            "description": "airMAX PrismStation Horn, 19 dBi 30°",
+            "gain": 19,
+            "beamwidth": 30
+        },
+        {
+            "model": "NBM5-22",
+            "description": "airMAX NanoBridge M5, 22 dBi 8° dish;",
+            "gain": 22,
+            "beamwidth": 8
+        },
+        {
+            "model": "NBM5-25",
+            "description": "airMAX NanoBridge M5, 25 dBi 8° dish",
+            "gain": 25,
+            "beamwidth": 8
+        },        
+        {
+            "model": "STH-30-USMA",
+            "description": "RF Elements StarterHorn™ 30 USMA, 18 dBi 30° Horn",
+            "gain": 18,
+            "beamwidth": 30
+        },
+        {
+            "model": "UB24EWIFIDBI",
+            "description": "KP Performance Antenna, 25 dBi 6° Dish",
+            "gain": 25,
+            "beamwidth": 6
+        },
+        {
+            "model": "AS5158G18B65Ms-NF",
+            "description": "Altelix 18 dBi 65° Sector",
+            "gain": 18,
+            "beamwidth": 65
+        },
+        {
+            "model": "TL-ANT5830MD",
+            "description": "TP-Link 30 dBi 6° Dish",
+            "gain": 30,
+            "beamwidth": 6
+        },
+        {
+            "model": "Generic-Omni",
+            "description": "Generic Omni",
+            "gain": 0,
+            "beamwidth": 360
+        },
+        {
+            "model": "Generic-Sector-120",
+            "description": "Generic 120° Sector",
+            "gain": 0,
+            "beamwidth": 90
+        },
+        {
+            "model": "Generic-Sector-90",
+            "description": "Generic 90° Sector",
+            "gain": 0,
+            "beamwidth": 90
+        },
+        {
+            "model": "Generic-Sector-60",
+            "description": "Generic 60° Sector",
+            "gain": 0,
+            "beamwidth": 60
+        },
+        {
+            "model": "Generic-Sector-45",
+            "description": "Generic 45° Sector",
+            "gain": 0,
+            "beamwidth": 45
+        },
+        {
+            "model": "Generic-Dish-10",
+            "description": "Generic 10° Dish",
+            "gain": 0,
+            "beamwidth": 10
+        },
+        {
+            "model": "Generic-Dish-6",
+            "description": "Generic 6° Dish",
+            "gain": 0,
+            "beamwidth": 6
+        },
+        {
+            "model": "Generic-Dish-3",
+            "description": "Generic 3° Dish",
+            "gain": 0,
+            "beamwidth": 3
+        }
+    ]
+}

files/etc/aredn_include/dnsmasq-user.conf

@@ -0,0 +1 @@
+# Extra user dnsmasq options (preserved across reboots and upgrades)

files/etc/aredn_include/static_routes

@@ -0,0 +1,12 @@
+#
+# Add extra static routes here.
+# For details see: https://openwrt.org/docs/guide-user/network/routing/routes_configuration
+#
+# Example:
+#
+# config route 'route_example_1'
+#        option interface 'lan'
+#        option target '172.16.123.0'
+#        option netmask '255.255.255.0'
+#        option gateway '172.16.123.100'
+#

files/etc/arednsysupgrade.conf

@@ -3,6 +3,10 @@
 /etc/config.mesh/_setup
 /etc/config.mesh/_setup.dhcp.dmz
 /etc/config.mesh/_setup.dhcp.nat
+/etc/config.mesh/_setup.dhcptags.dmz
+/etc/config.mesh/_setup.dhcptags.nat
+/etc/config.mesh/_setup.dhcpoptions.dmz
+/etc/config.mesh/_setup.dhcpoptions.nat
 /etc/config.mesh/_setup.ports.dmz
 /etc/config.mesh/_setup.ports.nat
 /etc/config.mesh/_setup.services.dmz
@@ -10,10 +14,23 @@
 /etc/config.mesh/aliases.dmz
 /etc/config.mesh/aliases.nat
 /etc/config.mesh/vtun
-/etc/config.mesh/network_tun
+/etc/config.mesh/wireguard
 /etc/config.mesh/aredn
+/etc/config.mesh/xlink
+/etc/config.mesh/metrics
+/etc/aredn_include/swconfig.user
+/etc/aredn_include/static_routes
+/etc/aredn_include/fixedmac.lan
+/etc/aredn_include/fixedmac.wan
+/etc/aredn_include/fixedmac.dtdlink
+/etc/aredn_include/bridge.network.user
+/etc/aredn_include/lan.network.user
+/etc/aredn_include/wan.network.user
+/etc/aredn_include/dtdlink.network.user
+/etc/aredn_include/dnsmasq-user.conf
 /etc/dropbear/dropbear_dss_host_key
 /etc/dropbear/dropbear_rsa_host_key
+/etc/dropbear/dropbear_ecdsa_host_key
 /etc/dropbear/authorized_keys
 /etc/local/mesh-firewall/59-custom-rules
 /etc/firewall.user
@@ -23,3 +40,4 @@
 /etc/local/uci/hsmmmesh
 /etc/passwd
 /etc/shadow
+/etc/package_store

files/etc/config.mesh/_setup

@@ -33,7 +33,6 @@ dhcp_end = 25
 dhcp_limit = 20
 
 olsrd_bridge = 0
-olsrd_gw = 0
 
 wan_proto = dhcp
 wan_dns1 = 8.8.8.8
@@ -45,3 +44,5 @@ time_zone = UTC
 ntp_server = us.pool.ntp.org
 
 description_node = 
+
+compat_version = 1.0

files/etc/config.mesh/_setup.default

@@ -1,3 +1,4 @@
+wifi_intf =
 wifi_proto = static
 wifi_ip = 10.<MAC2>
 wifi_mask = 255.0.0.0
@@ -27,14 +28,12 @@ lan_proto = static
 lan_ip = 172.27.0.1
 lan_mask = 255.255.255.0
 lan_dhcp = 1
-lan_dhcp_noroute = 0
 
 dhcp_start = 5
 dhcp_end = 25
 dhcp_limit = 20
 
 olsrd_bridge = 0
-olsrd_gw = 0
 
 wan_proto = dhcp
 wan_dns1 = 8.8.8.8
@@ -47,3 +46,5 @@ time_zone_name = UTC
 ntp_server = us.pool.ntp.org
 
 description_node = 
+
+compat_version = 1.0

files/etc/config.mesh/aredn

@@ -2,10 +2,10 @@ config downloads
         option firmwarepath 'http://downloads.arednmesh.org/firmware'
 
 config poe
-		option passthrough '0'
+        option passthrough '0'
 
 config usb
-		option passthrough '1'
+        option passthrough '1'
 
 config map
         option leafletjs 'http://unpkg.com/leaflet@0.7.7/dist/leaflet.js'
@@ -20,11 +20,10 @@ config dmz
 config location
 
 config tunnel
-        option maxclients '10'
-        option maxservers '10'
+        option weight '1'
 
 config lqm
-        option enable '0'
+        option enable '1'
         option min_snr '15'
         option margin_snr '1'
         option min_distance '0'

files/etc/config.mesh/dhcp

@@ -1,10 +1,13 @@
+config dnsmasq
+	option rebind_protection '0'
+	option confdir		'/tmp/dnsmasq.d,*.conf'
+
 config dhcp
 	option interface	lan
 	option start 		<dhcp_start>
 	option limit		<dhcp_limit>
 	option leasetime	1h
-        option ignore           <lan_dhcp>
-
+    option ignore		<lan_dhcp>
 
 config dhcp
 	option interface	wan

files/etc/config.mesh/firewall

@@ -81,29 +81,12 @@ config rule
         option target           ACCEPT
 
 config include
-        option path /usr/local/bin/mesh-firewall
-        option reload           1
+       option path             /usr/local/bin/mesh-firewall
+       option fw4_compatible   1
 
 config include
-        option path /etc/firewall.user
-
-config rule
-       option src              wan
-       option dest_port        2222
-       option proto    tcp
-       option target   ACCEPT
-
-config rule
-       option src              wan
-       option dest_port        8080
-       option proto    tcp
-       option target   ACCEPT
-
-config rule
-       option src              wan
-       option dest_port        80
-       option proto    tcp
-       option target   ACCEPT
+       option	path             /etc/firewall.user
+       option	fw4_compatible   1
 
 config rule
         option name             Allow-Ping

files/etc/config.mesh/firewall.user

@@ -1,4 +1,3 @@
 # This file is interpreted as shell script.
-# Put your custom iptables rules here, they will
+# Put your custom nft rules here, they will
 # be executed with each firewall (re-)start.
-

files/etc/config.mesh/network

@@ -1,51 +1,50 @@
+## The template place holders below can be overriden by adding files to
+## /etc/aredn_include of the format "NET.network.user". NET can be one
+## of the following: bridge, wan, wifi, lan or dtdlink.
+
+#### Globals
+config globals 'globals'
+	option packet_steering	'1'
+
 #### Loopback configuration
 config interface loopback
-	option ifname	"lo"
+	option device	"lo"
 	option proto	static
 	option ipaddr	127.0.0.1
 	option netmask	255.0.0.0
 
-
-#### LAN configuration
-config interface lan
-	option ifname	"<lan_intf>"
-	option type	"bridge"
-	option proto	<lan_proto>
-	option ipaddr	<lan_ip>
-	option netmask	<lan_mask>
-	option dns	"<wan_dns1> <wan_dns2>"
-	option gateway	<lan_gw>
-include /etc/aredn_include/ethmacfixup
-
-#### WAN configuration
-config interface wan
-	option ifname	"<wan_intf>"
-include /etc/aredn_include/bridge_ports
-	option proto	<wan_proto>
-	option ipaddr	<wan_ip>
-	option netmask	<wan_mask>
-	option gateway  <wan_gw>
-	
-	
 #### WIFI configuration
-config interface wifi
-	option ifname	"<wifi_intf>"
-	option proto	<wifi_proto>
-	option ipaddr	<wifi_ip>
-	option netmask	<wifi_mask>
-
-#### device to device configuration
-config interface dtdlink
-        option ifname   "<dtdlink_intf>"
-include /etc/aredn_include/bridge_ports
-        option proto    static
-        option ipaddr   <dtdlink_ip>
-        option netmask  255.0.0.0
+<wifi_network_config>
 
 config interface wifi_mon
-        option proto 	none
+	option proto 	none
 
+### Bridge configuration
+<bridge_network_config>
+
+#### LAN configuration
+<lan_network_config>
+
+#### WAN configuration
+<wan_network_config>
+
+#### DtD configuration
+<dtdlink_network_config>
+
+### Switch configuration
 include /etc/aredn_include/swconfig
 
+### Static routes
+include /etc/aredn_include/static_routes
+
+### Extra vlans
+include /etc/aredn_include/vlans
+
+### Extra links
+include /etc/config.mesh/xlink
+
 ### Tunnels devices
-include /etc/config.mesh/network_tun
+<tun_devices_config>
+
+### Wireguard
+<wireguard_network_config>

files/etc/config.mesh/network_tun

@@ -1,79 +0,0 @@
-config interface 'tun50'
-        option ifname 'tun50'
-        option proto 'none'
-
-config interface 'tun51'
-        option ifname 'tun51'
-        option proto 'none'
-
-config interface 'tun52'
-        option ifname 'tun52'
-        option proto 'none'
-
-config interface 'tun53'
-        option ifname 'tun53'
-        option proto 'none'
-
-config interface 'tun54'
-        option ifname 'tun54'
-        option proto 'none'
-
-config interface 'tun55'
-        option ifname 'tun55'
-        option proto 'none'
-
-config interface 'tun56'
-        option ifname 'tun56'
-        option proto 'none'
-
-config interface 'tun57'
-        option ifname 'tun57'
-        option proto 'none'
-
-config interface 'tun58'
-        option ifname 'tun58'
-        option proto 'none'
-
-config interface 'tun59'
-        option ifname 'tun59'
-        option proto 'none'
-
-config interface 'tun60'
-        option ifname 'tun60'
-        option proto 'none'
-
-config interface 'tun61'
-        option ifname 'tun61'
-        option proto 'none'
-
-config interface 'tun62'
-        option ifname 'tun62'
-        option proto 'none'
-
-config interface 'tun63'
-        option ifname 'tun63'
-        option proto 'none'
-
-config interface 'tun64'
-        option ifname 'tun64'
-        option proto 'none'
-
-config interface 'tun65'
-        option ifname 'tun65'
-        option proto 'none'
-
-config interface 'tun66'
-        option ifname 'tun66'
-        option proto 'none'
-
-config interface 'tun67'
-        option ifname 'tun67'
-        option proto 'none'
-
-config interface 'tun68'
-        option ifname 'tun68'
-        option proto 'none'
-
-config interface 'tun69'
-        option ifname 'tun69'
-        option proto 'none'

files/etc/config.mesh/olsrd

@@ -1,13 +1,11 @@
 config olsrd
-	# uncomment the following line to use a custom config file instead:
-	#option config_file '/etc/olsrd.conf'
-
 	option IpVersion '4'
 	option MainIp '<wifi_ip>'
-        option RtTable '30'
-        option RtTableDefault '31'
+	option RtTable '30'
+	option RtTableDefault '31'
 	option LinkQualityAlgorithm 'etx_ffeth'
 	option AllowNoInt 'yes'
+	option Pollrate '<olsrd_pollrate>'
 
 config LoadPlugin
 	option library 'olsrd_arprefresh.so.0.1'
@@ -20,10 +18,6 @@ config LoadPlugin
 	option library 'olsrd_jsoninfo.so.1.1'
 	option accept '0.0.0.0'
 
-#config LoadPlugin 
-#	option library 'olsrd_secure.so.0.6'
-#	option keyfile '/etc/olsrd.d/olsrd_secure_key'
-
 config LoadPlugin
 	option library 'olsrd_dot_draw.so.0.3'
 	option accept '0.0.0.0'
@@ -36,7 +30,15 @@ config LoadPlugin
 
 config Interface
 	list interface 'wifi'
+	option HelloInterval '<hello_interval>'
+	option TcInterval '<tc_interval>'
+	option MidInterval '<mid_interval>'
+	option HnaInterval '<hna_interval>'
 
 config Interface 
-        list interface 'dtdlink'
-        option Mode 'ether'
+	list interface 'dtdlink'
+	option Mode '<olsrd_dtd_interface_mode>'
+	option HelloInterval '<hello_interval>'
+	option TcInterval '<tc_interval>'
+	option MidInterval '<mid_interval>'
+	option HnaInterval '<hna_interval>'

files/etc/config.mesh/system

@@ -2,6 +2,10 @@ config 'system'
 	option 'hostname' '<NODE>'
         option 'timezone' '<time_zone>'
         option 'description' '<description_node>'
+        option 'compat_version' '<compat_version>'
+        option 'log_ip' '<remote_log_ip>'
+        option 'log_port' '<remote_log_port>'
+        option 'log_proto' '<remote_log_proto>'
 
 config 'timeserver' 'ntp'
         list 'server'     '<ntp_server>'
@@ -11,7 +15,7 @@ config 'timeserver' 'ntp'
 config button
         option button 'reset'
         option action 'released'
-        option handler '/usr/local/bin/bbhnrecoverymode'
+        option handler '/usr/local/bin/recoverymode'
         option min '3'
         option max '7'
 
@@ -21,5 +25,5 @@ config button
         option handler 'firstboot -y && reboot'
         option min '12'
         option max '20'
-        
+
 include /etc/aredn_include/system_netled

files/etc/config.mesh/uhttpd

@@ -1,13 +1,11 @@
 # Server configuration
 config uhttpd main
-
-	# HTTP listen addresses, multiple allowed
-	list listen_http	0.0.0.0:8080
-	list listen_http	0.0.0.0:80
-	option home		/www
-	option rfc1918_filter 1
-	option cgi_prefix	/cgi-bin
-	option script_timeout	240
-	option network_timeout	30
-	option tcp_keepalive	5
-#	option config	/etc/httpd.conf
+	list listen_http '0.0.0.0:8080'
+	list listen_http '0.0.0.0:80'
+	option home '/www'
+	option rfc1918_filter '1'
+	option cgi_prefix '/cgi-bin'
+	option script_timeout '240'
+	option network_timeout '30'
+	option http_keepalive '0'
+	list alias '/metrics=/cgi-bin/metrics'

files/etc/config.mesh/xlink

@@ -0,0 +1,18 @@
+#
+# Provide extra links into the OLSR router to make it easy to
+# to attach external networks to AREDN. Used for non-AREDN backbone
+# radios.
+#
+# Example:
+#
+# config interface 'xlink0'
+#        option ifname     "br0.500"
+#        option proto      static
+#        option ipaddr     44.1.2.3
+#        option netmask    255.255.255.255
+#        option peer       44.1.2.1
+#        option weight     2
+#
+# config route
+#        option interface 'xlink0'
+#        option target '44.1.2.1'

files/etc/config/dhcp

@@ -3,6 +3,7 @@ config dhcp
 	option start 	5
 	option limit	20
 	option leasetime	12h
+	option force	1
 
 config dhcp
 	option interface	wan

files/etc/config/firewall

@@ -47,8 +47,8 @@ config rule
         option target           ACCEPT
 
 config include
-        option path /etc/firewall.user
-
+        option	path		'/etc/firewall.user'
+        option	fw4_compatible	1
 
 config rule
        option src              wan

files/etc/config/system

@@ -1,6 +1,7 @@
 config 'system'
 	option 'hostname' 'NOCALL'
         option 'timezone' 'UTC'
+        option 'compat_version' '1.0'
 
 config 'timeserver' 'ntp'
         list 'server'     'us.pool.ntp.org'
@@ -9,7 +10,7 @@ config 'timeserver' 'ntp'
 config button
         option button 'reset'
         option action 'released'
-        option handler '/usr/local/bin/bbhnrecoverymode'
+        option handler '/usr/local/bin/recoverymode'
         option min '3'
         option max '7'
 

files/etc/cron.boot/reinstall-packages

@@ -0,0 +1,71 @@
+#!/usr/bin/lua
+--[[
+
+	Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+	Copyright (C) 2023 Tim Wilkinson
+	See Contributors file for additional contributors
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation version 3 of the License.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+	Additional Terms:
+
+	Additional use restrictions exist on the AREDN(TM) trademark and logo.
+		See AREDNLicense.txt for more info.
+
+	Attributions to the AREDN Project must be retained in the source code.
+	If importing this code into a new or existing project attribution
+	to the AREDN project must be added to the source code.
+
+	You must not misrepresent the origin of the material contained within.
+
+	Modified versions must be modified to attribute to the original source
+	and be marked in reasonable ways as differentiate it from the original
+	version
+
+--]]
+
+require("nixio")
+require("luci.jsonc")
+
+local package_store = "/etc/package_store"
+local package_catalog = package_store .. "/catalog.json"
+
+if nixio.fs.stat(package_catalog) then
+	-- Make sure we can contact the package server before proceeding.
+	-- We'll wait a few minutes before going ahead anyway
+	for i = 1,5
+	do
+		if os.execute("ping -q -c 1 -W 5 downloads.arednmesh.org > /dev/null 2>&1") == 0 then
+			break
+		end
+		print("Failed to contact package server - retry in 60 seconds")
+		nixio.nanosleep(60, 0)
+	end
+
+    os.execute("opkg update")
+    local catalog = luci.jsonc.parse(io.open(package_catalog):read("*a"))
+    for ipkg, state in pairs(catalog.installed)
+    do
+        if state == "local" then
+            local file = package_store .. "/" .. ipkg .. ".ipk"
+            if nixio.fs.stat(file) then
+                os.execute("opkg install " .. file)
+            end
+        elseif state == "global" then
+            os.execute("opkg install " .. ipkg)
+        end
+    end
+end
+
+-- Don't do this again
+os.remove("/etc/cron.boot/reinstall-packages")

files/etc/cron.daily/update-clock

@@ -49,7 +49,7 @@ fi
 
 # NTP servers tend to be poorly advertised, so we have to use a bit of
 # heuristics to find them
-for candidate in $(grep -i ntp /var/run/services_olsr | sed "s/^http:\/\/\(.*\):.*$/\1/")
+for candidate in $(grep -i ntp /var/run/services_olsr | sed "s/^.*:\/\/\(.*\):.*$/\1/")
 do
     if $(ntpd -n -q -p ${candidate}); then
         logger -p notice -t update-time "Update clock from ${candidate}"

files/etc/cron.hourly/check-services

@@ -0,0 +1,130 @@
+#!/usr/bin/lua
+--[[
+
+	Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+	Copyright (C) 2022-2023 Tim Wilkinson
+	See Contributors file for additional contributors
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation version 3 of the License.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+	Additional Terms:
+
+	Additional use restrictions exist on the AREDN(TM) trademark and logo.
+		See AREDNLicense.txt for more info.
+
+	Attributions to the AREDN Project must be retained in the source code.
+	If importing this code into a new or existing project attribution
+	to the AREDN project must be added to the source code.
+
+	You must not misrepresent the origin of the material contained within.
+
+	Modified versions must be modified to attribute to the original source
+	and be marked in reasonable ways as differentiate it from the original
+	version
+
+--]]
+
+require("uci")
+require("aredn.services")
+
+local cursor = uci.cursor()
+
+-- Current nameservice state
+local ns = cursor:get_all("olsrd", "nameservice")
+if not ns then
+    print("Missing nameservice")
+    return
+end
+local cnames = {}
+for _, name in ipairs(ns.name)
+do
+    cnames[name] = true
+end
+local chosts = {}
+for _, iphost in ipairs(ns.hosts or {})
+do
+    chosts[iphost] = true
+end
+local cservices = {}
+for _, service in ipairs(ns.service or {})
+do
+    cservices[service] = true
+end
+
+-- Work out the differences between the validated state and the current state
+local names, hosts, services = aredn.services.get(true)
+local nnames = false
+for _, name in ipairs(names)
+do
+    if cnames[name] then
+        cnames[name] = nil
+    else
+        nnames = true
+    end
+end
+local nhosts = false
+for _, host in ipairs(hosts)
+do
+    local iphost = host.ip .. " " .. host.host
+    if chosts[iphost] then
+        chosts[iphost] = nil
+    else
+        nhosts = true
+    end
+end
+local nservices = false
+for _, service in ipairs(services)
+do
+    if cservices[service] then
+        cservices[service] = nil
+    else
+        nservices = true
+    end
+end
+
+function not_empty(h)
+    for _, _ in pairs(h)
+    do
+        return true
+    end
+    return false
+end
+
+local change = false
+
+-- Apply the changes
+if nnames or not_empty(cnames) then
+    cursor:set("olsrd", "nameservice", "name", names)
+    change = true
+end
+if nhosts or not_empty(chosts) then
+    for i, host in ipairs(hosts)
+    do
+        hosts[i] = host.ip .. " " .. host.host
+    end
+    cursor:set("olsrd", "nameservice", "hosts", hosts)
+    change = true
+end
+if nservices or not_empty(cservices) then
+    cursor:set("olsrd", "nameservice", "service", services)
+    change = true
+end
+
+-- If services have changed we need to restart olsrd
+if change then
+    cursor:commit("olsrd")
+    print("Change")
+    os.execute("/usr/local/bin/restart-services.sh --force olsrd")
+else
+    print("Unchange")
+end

files/etc/cron.hourly/check-supernodes

@@ -0,0 +1,78 @@
+#!/usr/bin/lua
+--[[
+
+	Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+	Copyright (C) 2023 Tim Wilkinson
+	See Contributors file for additional contributors
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation version 3 of the License.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+	Additional Terms:
+
+	Additional use restrictions exist on the AREDN(TM) trademark and logo.
+		See AREDNLicense.txt for more info.
+
+	Attributions to the AREDN Project must be retained in the source code.
+	If importing this code into a new or existing project attribution
+	to the AREDN project must be added to the source code.
+
+	You must not misrepresent the origin of the material contained within.
+
+	Modified versions must be modified to attribute to the original source
+	and be marked in reasonable ways as differentiate it from the original
+	version
+
+--]]
+
+require("uci")
+require("aredn.olsr")
+
+local dns_file = "/tmp/dnsmasq.d/supernode.conf"
+
+local c = uci.cursor()
+
+-- Supernodes themselves dont need supernode nameservers
+if c:get("aredn", "@supernode[0]", "enable") == "1" then
+    os.exit(0)
+end
+
+-- Ignore supernodes?
+if c:get("aredn", "@supernode[0]", "support") == "0" then
+	os.exit(0)
+end
+
+-- Find the first supernode to use as a nameserver
+local dns = ""
+for _, hna in ipairs(aredn.olsr.getOLSRHNA())
+do
+	if hna.genmask == 8 and hna.destination == "10.0.0.0" then
+		dns = "#" .. hna.gateway .. "\nserver=/local.mesh/" .. hna.gateway .. "\nrev-server=10.0.0.0/8," .. hna.gateway .. "\nrev-server=172.31.0.0/16," .. hna.gateway .. "\nrev-server=172.30.0.0/16," .. hna.gateway .. "\n"
+		break
+	end
+end
+
+-- Updae the dns and restart network if necessary
+local odns = ""
+local f = io.open(dns_file)
+if f then
+	odns = f:read("*a")
+	f:close()
+end
+if odns ~= dns then
+	f = io.open(dns_file, "w+")
+	if f then
+		f:write(dns)
+		f:close()
+		os.execute("/etc/init.d/dnsmasq restart")
+	end
+end

files/etc/dnsmasq.conf

@@ -5,7 +5,6 @@ filterwin2k
 localise-queries
 
 # allow /etc/hosts and dhcp lookups via *.lan
-#local=/lan/
 domain=local.mesh
 expand-hosts
 no-negcache
@@ -25,4 +24,11 @@ read-ethers
 # default route(s): dhcp-option=3,192.168.1.1,192.168.1.2
 #    dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2
 
+# Make sure clients use our domain
+dhcp-option=option:domain-search,local.mesh
+
 strict-order
+log-facility=/dev/null
+
+# extra user options
+conf-file=/etc/aredn_include/dnsmasq-user.conf

files/etc/firewall.natmode

@@ -9,10 +9,9 @@ ip rule del pref 20010 fwmark 0x15 lookup 29  > /dev/null 2>&1
 ip rule add pref 20010 fwmark 0x15 lookup 29
 
 #tag traffic for use later in iprule's
-iptables -t mangle -I PREROUTING -d $wifiip/32 -j MARK --set-xmark 0x15/0xffffffff
-iptables -t mangle -I PREROUTING -d $dtdlinkip/32 -j MARK --set-xmark 0x15/0xffffffff
+nft insert rule ip fw4 mangle_prerouting ip daddr $wifiip meta mark set 0x15
+nft insert rule ip fw4 mangle_prerouting ip daddr $dtdlinkip meta mark set 0x15
 
 # Mark and masq local traffic going out the dtdlink interface.
-iptables -t nat -A zone_lan_prerouting -j MARK --set-xmark 0xe/0xffffffff
-iptables -t nat -A zone_dtdlink_postrouting -m mark --mark 0xe -j MASQUERADE 
-
+nft add rule ip fw4 helper_lan meta mark set 0xe
+nft add rule ip fw4 srcnat mark 0xe mark 0xe masquerade

files/etc/hotplug.d/iface/11-meshrouting

@@ -4,6 +4,7 @@ configmode=$(uci -q -c /etc/local/uci/ get hsmmmesh.settings.config)
 
 if [ "$configmode" != "mesh" ] ; then exit 0; fi
 
+xlink=$(uci -q -c /etc/config.mesh/ show xlink | grep "ifname='${DEVICE}'")
 
 # This section will generate rtnetlink errors when the rule doesn't exist.
 # This will be most common in the case of ifup.
@@ -16,7 +17,7 @@ if [ "$ACTION" = "ifdown" ] || [ "$ACTION" = "ifup" ] ; then
 
   echo "Deleting specific routing rules that may exist."
 
-  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ] ; then
+  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ] || [ "${INTERFACE:0:3}" == "tun" ] || [ "$xlink" != "" ] ; then
     ip rule del pref 20010 iif $DEVICE lookup 29
     ip rule del pref 20020 iif $DEVICE lookup 30
     ip rule del pref 20080 iif $DEVICE lookup 31
@@ -42,14 +43,14 @@ fi
 
 if [ "$ACTION" = "ifup" ] ; then
 
-  is_olsrgw=$(cat /etc/config.mesh/_setup|grep -i olsrd_gw|cut -d ' ' -f 3)
+  is_olsrgw=$(/sbin/uci -q get aredn.@wan[0].olsrd_gw)
 
   # Set routes for wifi or device to device linking
   # unreachable rule is needed  to ensure packets do not traverse a rule later that considers routing to another network.
 
   echo "Setting routing rules."
 
-  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ]; then
+  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ] || [ "${INTERFACE:0:3}" = "tun" ] || [ "${INTERFACE:0:2}" = "wg" ] || [ "$xlink" != "" ]; then
     if [ "$(/sbin/uci -q get aredn.@dmz[0].mode)" != "0" ] ; then 
       ip rule add pref 20010 iif $DEVICE lookup 29
     fi
@@ -76,7 +77,7 @@ if [ "$ACTION" = "ifup" ] ; then
     if [ $bridge = "bridge" ] ; then
         lan_ifname="br-lan"
     else
-	lan_ifname=$(uci -q get network.lan.ifname | cut -f1)
+	lan_ifname=$(uci -q get network.lan.device | cut -f1)
     fi
     if [ "$lan_ifname" != "" ] && [ "$lan_ipaddr" != "" ] && [ "$lan_netmask" != "" ] ; then
       lan_networkip=$(ipcalc.sh $lan_ipaddr $lan_netmask|grep NETWORK|cut -d'=' -f2)

files/etc/hotplug.d/iface/13-vtun

@@ -1,22 +0,0 @@
-#!/bin/sh
-# Handles setting up rules for tunnel interfaces               
-if [ -x "/usr/sbin/vtund" ]
-then
-  ISVPN=false
-  case "$INTERFACE" in
-  	tun*)
-  	ISVPN=true;
-  	;;
-  esac
-
-  if [ "$ISVPN" = true ]; then                            
-    INTF=tun${INTERFACE:3}         
-    if [ $ACTION = "ifup" ] ; then                                        
-       /usr/local/bin/vtun_up $INTF up                                     
-       # echo "$INTF up" >> /tmp/vtundscript.log                         
-    elif [ $ACTION = "ifdown" ] ; then             
-       /usr/local/bin/vtun_up $INTF down        
-       # echo "$INTF down" >> /tmp/vtundscript.log            
-    fi                           
-  fi 
-fi

files/etc/httpd.conf

@@ -6,3 +6,4 @@
 /cgi-bin/supporttool:root:$p$root
 /cgi-bin/advancedconfig:root:$p$root
 /cgi-bin/apiprotected:root:$p$root
+/cgi-bin/advancednetwork:root:$p$root

files/etc/init.d/local

@@ -4,44 +4,6 @@
 START=99
 boot() {
 
-  if [ ! -f /etc/aredn_include/ethmacfixup ]
-  then
-    mkdir -p /etc/aredn_include
-    touch /etc/aredn_include/ethmacfixup
-    local lanintf="$(uci -q get 'network.lan.ifname')"
-    lanintf=${lanintf%% *}
-    local wifiintf="$(uci -q get 'network.wifi.ifname')"
-    local lanmac=`ifconfig $lanintf | grep -o -E '([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}'`
-    local wifimac=`ifconfig $wifiintf | grep -o -E '([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}'`
-
-    local intlanmac=${lanmac//:/}
-    local intwanmac=${wifimac//:/}
-    local macdelta=$((0x$intwanmac - 0x$intlanmac))
-
-    # Deal with lan and wifi having same mac address (common on TP-Link)
-    # Deal with lan mac + ~10 = wifi mac address (common on Microtik and
-    # breaks OLSR if using derived IP addresses)
-    if [ $macdelta -le 10 ]
-    then
-      local wifimacdigit=`printf "%X" $(((0x${wifimac:9:2} + 1) % 256))`
-      local newmac=${wifimac:0:9}${wifimacdigit}${wifimac:11}
-      lanintf=${lanintf%%.*}
-      echo "" > /etc/aredn_include/ethmacfixup
-      echo "config interface 'setethmac'" >> /etc/aredn_include/ethmacfixup
-      echo -e "\toption\tifname\t'$lanintf'" >> /etc/aredn_include/ethmacfixup
-      echo -e "\toption\tproto\t'none'" >> /etc/aredn_include/ethmacfixup
-      echo -e "\toption\tmacaddr\t$newmac" >> /etc/aredn_include/ethmacfixup
-      uci set "network.setethmac=interface"
-      uci set "network.setethmac.ifname=$lanintf"
-      uci set "network.setethmac.proto=none"
-      uci set "network.setethmac.macaddr=$newmac"
-      uci commit
-      /etc/init.d/network reload
-      /etc/init.d/network restart
-    fi
-  fi
-
-
   [ -x /usr/local/bin/aredn_postupgrade ] && /usr/local/bin/aredn_postupgrade
 
   # setup nvram variables

files/etc/init.d/local-early

@@ -0,0 +1,7 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+
+START=10
+boot() {
+    mkdir -p /tmp/dnsmasq.d
+}

files/etc/init.d/vtund

@@ -44,7 +44,7 @@ options_config() {
 	config_get ppp "$cfg" ppp "/usr/sbin/pppd"            
 	config_get ifconfig "$cfg" ifconfig "/sbin/ifconfig"
 	config_get route "$cfg" route "/sbin/route"
-	config_get firewall "$cfg" firewall "/usr/sbin/iptables"
+	config_get firewall "$cfg" firewall "/usr/sbin/nft"
 	config_get ip "$cfg" ip "/sbin/ip"
 	
 	echo "options {" >> $new_file

files/etc/init.d/vtundsrv

@@ -29,7 +29,7 @@ options_config() {
 	config_get ppp "$cfg" ppp "/usr/sbin/pppd"            
 	config_get ifconfig "$cfg" ifconfig "/sbin/ifconfig"
 	config_get route "$cfg" route "/sbin/route"
-	config_get firewall "$cfg" firewall "/usr/sbin/iptables"
+	config_get firewall "$cfg" firewall "/usr/sbin/nft"
 	config_get ip "$cfg" ip "/sbin/ip"
 	
 	echo "options {" >> $new_file

files/etc/local/mesh-firewall/01-tunnels

@@ -34,67 +34,77 @@
 
 LICENSE
 
-if [ "$MESHFW_TUNNELS_ENABLED" != "1" ]; then
-        exit 0;
+if [ "$MESHFW_TUNNELS_ENABLED" != "1" -a "$MESHFW_WG_TUNNELS_ENABLED" != "1" ]; then
+  exit 0;
 fi
 
 # In all cases - restart, flush, clear -- it is necessary to clean up any remenant rules to ensure chain order is correct
-
-iptables -D FORWARD -i tun+ -j zone_vpn_forward 2>/dev/null
-iptables -D INPUT -i tun+ -j zone_vpn_input 2>/dev/null
-iptables -D OUTPUT -o tun+ -j zone_vpn_ACCEPT 2>/dev/null
-iptables -F forwarding_vpn_rule 2>/dev/null
-iptables -F zone_vpn_input 2>/dev/null
-iptables -F zone_vpn_ACCEPT 2>/dev/null
-iptables -F zone_vpn_REJECT 2>/dev/null
-iptables -F zone_vpn_forward 2>/dev/null
-iptables -F zone_vpn_dest_ACCEPT 2>/dev/null
-iptables -F zone_vpn_dest_REJECT 2>/dev/null
-iptables -X forwarding_vpn_rule 2>/dev/null
-iptables -X zone_vpn_input 2>/dev/null
-iptables -X zone_vpn_ACCEPT  2>/dev/null
-iptables -X zone_vpn_REJECT 2>/dev/null
-iptables -X zone_vpn_forward 2>/dev/null
-iptables -X zone_vpn_dest_ACCEPT 2>/dev/null
-iptables -X zone_vpn_dest_REJECT 2>/dev/null
+nft flush chain ip fw4 forwarding_vpn_rule 2>/dev/null
+nft flush chain ip fw4 input_vpn 2>/dev/null
+nft flush chain ip fw4 accept_vpn 2>/dev/null
+nft flush chain ip fw4 reject_vpn 2>/dev/null
+nft flush chain ip fw4 forward_vpn 2>/dev/null
+nft flush chain ip fw4 accept_to_vpn 2>/dev/null
+nft flush chain ip fw4 reject_to_vpn 2>/dev/null
+nft delete chain ip fw4 forwarding_vpn_rule 2>/dev/null
+nft delete chain ip fw4 input_vpn 2>/dev/null
+nft delete chain ip fw4 accept_vpn  2>/dev/null
+nft delete chain ip fw4 reject_vpn 2>/dev/null
+nft delete chain ip fw4 forward_vpn 2>/dev/null
+nft delete chain ip fw4 accept_to_vpn 2>/dev/null
+nft delete chain ip fw4 reject_to_vpn 2>/dev/null
 
 echo " * Adding vtun firewall rules..."
-iptables -N forwarding_vpn_rule
-iptables -N zone_vpn_input
-iptables -N zone_vpn_ACCEPT
-iptables -N zone_vpn_REJECT
-iptables -N zone_vpn_forward
-iptables -N zone_vpn_dest_ACCEPT
-iptables -N zone_vpn_dest_REJECT
-iptables -I FORWARD 3 -i tun+ -j zone_vpn_forward
-iptables -I INPUT 5 -i tun+ -j zone_vpn_input
-iptables -I OUTPUT 4 -o tun+ -j zone_vpn_ACCEPT # instead of creating a zone_vpn_output chain
-iptables -A zone_vpn_input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-iptables -A zone_vpn_input -p tcp -m tcp --dport 2222 -j ACCEPT
-iptables -A zone_vpn_input -p tcp -m tcp --dport 8080 -j ACCEPT
-iptables -A zone_vpn_input -p tcp -m tcp --dport 80 -j ACCEPT
-iptables -A zone_vpn_input -p udp -m udp --dport 698 -j ACCEPT
-iptables -A zone_vpn_input -p tcp -m tcp --dport 23 -j ACCEPT
-iptables -A zone_vpn_input -p tcp -m tcp --dport 9090 -j ACCEPT
-iptables -A zone_vpn_input -p udp -m udp --dport 161 -j ACCEPT
-iptables -A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!vtun: Accept port redirections" -j ACCEPT
-iptables -A zone_vpn_input -j zone_vpn_REJECT
-iptables -I zone_vpn_forward -j forwarding_vpn_rule
-iptables -A zone_vpn_forward -j zone_vpn_dest_ACCEPT 
-if [ "$MESHFW_MESHGW" -eq 1 ] ; then
-        iptables -I zone_vpn_forward -j zone_wan_dest_ACCEPT
+nft add chain ip fw4 forwarding_vpn_rule
+nft add chain ip fw4 input_vpn
+nft add chain ip fw4 accept_vpn
+nft add chain ip fw4 reject_vpn
+nft add chain ip fw4 forward_vpn
+nft add chain ip fw4 accept_to_vpn
+nft add chain ip fw4 reject_to_vpn
+
+nft insert rule ip fw4 forward iifname "tun*" jump forward_vpn
+nft add rule ip fw4 input iifname "tun*" jump input_vpn
+nft add rule ip fw4 output oifname "tun*" jump accept_vpn # instead of creating a output_vpn chain
+nft insert rule ip fw4 forward iifname "wg*" jump forward_vpn
+nft add rule ip fw4 input iifname "wg*" jump input_vpn
+nft add rule ip fw4 output oifname "wg*" jump accept_vpn # instead of creating a output_vpn chain
+nft add rule ip fw4 input_vpn icmp type echo-request accept
+nft add rule ip fw4 input_vpn tcp dport 2222 accept
+nft add rule ip fw4 input_vpn tcp dport 8080 accept
+nft add rule ip fw4 input_vpn tcp dport 80 accept
+nft add rule ip fw4 input_vpn udp dport 698 accept
+nft add rule ip fw4 input_vpn tcp dport 23 accept
+nft add rule ip fw4 input_vpn tcp dport 9090 accept
+nft add rule ip fw4 input_vpn udp dport 161 accept
+nft add rule ip fw4 input_vpn ct status dnat accept comment \"!vtun: Accept port redirections\"
+nft add rule ip fw4 input_vpn jump reject_vpn
+nft insert rule ip fw4 forward_vpn jump forwarding_vpn_rule
+nft add rule ip fw4 forward_vpn jump accept_to_vpn
+if [ "$MESHFW_MESHGW" = "1" ] ; then
+  nft insert rule ip fw4 forward_vpn jump accept_to_wan
 fi
-iptables -A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!vtun: Accept port forwards" -j ACCEPT
-iptables -A zone_vpn_forward -j zone_dtdlink_dest_ACCEPT
-iptables -A zone_vpn_forward -j zone_lan_dest_ACCEPT
-iptables -A zone_vpn_forward -j zone_wifi_dest_ACCEPT
-iptables -A zone_vpn_forward -j zone_vpn_dest_REJECT
-iptables -A zone_vpn_ACCEPT -o tun+ -j ACCEPT
-iptables -A zone_vpn_ACCEPT -i tun+ -j ACCEPT
-iptables -A zone_vpn_REJECT -o tun+ -j reject
-iptables -A zone_vpn_REJECT -i tun+ -j reject
-iptables -A zone_vpn_dest_ACCEPT -o tun+ -j ACCEPT
-iptables -A zone_vpn_dest_REJECT -o tun+ -j reject
-iptables -I zone_dtdlink_forward 5 -j zone_vpn_dest_ACCEPT
-iptables -I zone_wifi_forward 6 -j zone_vpn_dest_ACCEPT
-iptables -I zone_lan_forward 5 -j zone_vpn_dest_ACCEPT
+nft add rule ip fw4 forward_vpn ct status dnat accept comment \"!vtun: Accept port forwards\"
+nft add rule ip fw4 forward_vpn jump accept_to_dtdlink
+nft add rule ip fw4 forward_vpn jump accept_to_lan
+nft add rule ip fw4 forward_vpn jump accept_to_wifi
+nft add rule ip fw4 forward_vpn jump reject_to_vpn
+nft add rule ip fw4 accept_vpn oifname "tun*" accept
+nft add rule ip fw4 accept_vpn iifname "tun*" accept
+nft add rule ip fw4 reject_vpn oifname "tun*" reject
+nft add rule ip fw4 reject_vpn iifname "tun*" reject
+nft add rule ip fw4 accept_to_vpn oifname "tun*" accept
+nft add rule ip fw4 reject_to_vpn oifname "tun*" reject
+nft add rule ip fw4 accept_vpn oifname "wg*" accept
+nft add rule ip fw4 accept_vpn iifname "wg*" accept
+nft add rule ip fw4 reject_vpn oifname "wg*" reject
+nft add rule ip fw4 reject_vpn iifname "wg*" reject
+nft add rule ip fw4 accept_to_vpn oifname "wg*" accept
+nft add rule ip fw4 reject_to_vpn oifname "wg*" reject
+nft insert rule ip fw4 forward_dtdlink jump accept_to_vpn
+nft insert rule ip fw4 forward_wifi jump accept_to_vpn
+nft insert rule ip fw4 forward_lan jump accept_to_vpn
+nft add rule ip fw4 mangle_forward iifname "tun*" tcp flags syn tcp option maxseg size set rt mtu
+nft add rule ip fw4 mangle_forward oifname "tun*" tcp flags syn tcp option maxseg size set rt mtu
+nft add rule ip fw4 mangle_forward iifname "wg*" tcp flags syn tcp option maxseg size set rt mtu
+nft add rule ip fw4 mangle_forward oifname "wg*" tcp flags syn tcp option maxseg size set rt mtu

files/etc/local/mesh-firewall/03-dhcp-wan-block

@@ -1,11 +1,9 @@
 #!/bin/sh
 <<'LICENSE'
   Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
-  Copyright (C) 2015 Conrad Lara
+  Copyright (C) 2023 Tim Wilkinson
    See Contributors file for additional contributors
 
-  Copyright (c) 2013 David Rivenburg et al. BroadBand-HamNet
-
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation version 3 of the License.
@@ -35,12 +33,5 @@
 
 LICENSE
 
-[ -f /etc/config/run-fccid ] || exit
-
-wifiif=$(uci -q get 'network.wifi.ifname')
-
-# stagger the beacons between nodes
-N=$(ifconfig "$wifiif" | grep "inet addr" | cut -f4 -d. | cut -c1-3)
-sleep "$N"
-
-echo "ID: $(uname -n)" | socat - udp4:10.255.255.255:4919,broadcast,so-bindtodevice="$wifiif"
+nft 'add chain ip fw4 postrouting { type filter hook postrouting priority filter; policy accept; }'
+nft 'add rule ip fw4 postrouting oifname "br-wan" udp sport 67 drop'

files/etc/local/mesh-firewall/04-wireguard

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+vtunduciport=$(uci get vtun.@options[0].port 2>/dev/null)
+vtundport=${vtunduciport:-5525}
+issupernode=$(uci get aredn.@supernode[0].enable 2>/dev/null)
+if [ "$issupernode" = "1" ]; then
+    vtundport=$(($vtundport+1000))
+fi
+vtundportend=$(($vtundport+128))
+
+nft insert rule ip fw4 input_wan udp dport $vtundport-$vtundportend accept comment \"Wireguard\"
+if [ "$(/sbin/uci -q get aredn.@tunnel[0].wanonly)" != "0" ]; then
+    nft insert rule ip fw4 output_wifi udp dport $vtundport-$vtundportend reject comment \"Wireguard\"
+    nft insert rule ip fw4 output_dtdlink udp dport $vtundport-$vtundportend reject comment \"Wireguard\"
+fi

files/etc/local/mesh-firewall/05-xlink

@@ -0,0 +1,80 @@
+#! /usr/bin/lua
+--[[
+
+	Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+	Copyright (C) 2022 Tim Wilkinson
+	Original Perl Copyright (C) 2015 Conrad Lara
+	See Contributors file for additional contributors
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation version 3 of the License.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+	Additional Terms:
+
+	Additional use restrictions exist on the AREDN(TM) trademark and logo.
+		See AREDNLicense.txt for more info.
+
+	Attributions to the AREDN Project must be retained in the source code.
+	If importing this code into a new or existing project attribution
+	to the AREDN project must be added to the source code.
+
+	You must not misrepresent the origin of the material contained within.
+
+	Modified versions must be modified to attribute to the original source
+	and be marked in reasonable ways as differentiate it from the original
+	version
+
+--]]
+
+require("nixio")
+require("uci")
+
+if nixio.fs.stat("/etc/config.mesh/xlink") then
+    function nft_delete(list, query)
+        for line in io.popen("/usr/sbin/nft -a list chain ip fw4 " .. list):lines()
+        do
+            local handle = line:match(query .. "%s*# handle (%d+)")
+            if handle then
+                os.execute("/usr/sbin/nft delete rule ip fw4 " .. list .. " handle " .. handle)
+                return
+            end
+        end
+    end
+    uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
+        function(section)
+            local ifname = section.ifname
+            nft_delete("forward", "iifname \"" .. ifname .. "\".*jump forward_dtdlink")
+            nft_delete("input", "iifname \"" .. ifname .. "\".*jump input_dtdlink")
+            nft_delete("output", "oifname \"" .. ifname .. "\".*jump output_dtdlink")
+            nft_delete("accept_to_dtdlink", "oifname \"" .. ifname .. "\".*accept")
+            nft_delete("reject_to_dtdlink", "oifname \"" .. ifname .. "\".*reject")
+            nft_delete("reject_from_dtdlink", "iifname \"" .. ifname .. "\".*reject")
+        end
+    )
+    nft_delete("forward_dtdlink", "jump accept_to_dtdlink")
+    local addrule = false
+    uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
+        function(section)
+            local ifname = section.ifname
+            os.execute("/usr/sbin/nft insert rule ip fw4 forward iifname \"" .. ifname .. "\" jump forward_dtdlink")
+            os.execute("/usr/sbin/nft add rule ip fw4 input iifname \"" .. ifname .. "\" jump input_dtdlink")
+            os.execute("/usr/sbin/nft add rule ip fw4 output oifname \"" .. ifname .. "\" jump output_dtdlink")
+            os.execute("/usr/sbin/nft add rule ip fw4 accept_to_dtdlink oifname \"" .. ifname .. "\" accept")
+            os.execute("/usr/sbin/nft add rule ip fw4 reject_to_dtdlink oifname \"" .. ifname .. "\" reject")
+            os.execute("/usr/sbin/nft add rule ip fw4 reject_from_dtdlink iifname \"" .. ifname .. "\" reject")
+            addrule = true
+        end
+    )
+    if addrule then
+        os.execute("/usr/sbin/nft insert rule ip fw4 forward_dtdlink jump accept_to_dtdlink")
+    end
+end

files/etc/local/mesh-firewall/10-lan-to-wan

@@ -0,0 +1,54 @@
+#!/bin/sh
+<<'LICENSE'
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2022 Tim Wilkinson
+   See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+LICENSE
+
+lan_dhcp_route=$(/sbin/uci -q get aredn.@wan[0].lan_dhcp_route)
+wan=$(grep "wan_intf" /etc/config.mesh/_setup | sed s/^wan_intf\ =\ //)
+
+case "${lan_dhcp_route}" in
+  0)
+    # LAN to WAN forwarding is disabled
+    # Inserted in reverse order
+    # Block traffic forwarding between LAN and local WAN (need this rule if WAN happens to be 10.X or 172.16.X)
+    # Allow traffic for mesh-IPs and tun-IPs
+    # Block traffic to all other IPs
+    nft insert rule ip fw4 forward_lan reject
+    nft insert rule ip fw4 forward_lan ip daddr 172.16.0.0/12 accept
+    nft insert rule ip fw4 forward_lan ip daddr 10.0.0.0/8 accept
+    nft insert rule ip fw4 forward_lan oifname "${wan}" reject
+    ;;
+  *)
+    # LAN to WAN okay
+    ;;
+esac

files/etc/local/mesh-firewall/12-wan-services

@@ -0,0 +1,50 @@
+<<'LICENSE'
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2023 Tim Wilkinson
+   See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+LICENSE
+
+MESHFW_WAN_WEB=$(/sbin/uci -q get aredn.@wan[0].web_access)
+MESHFW_WAN_SSH=$(/sbin/uci -q get aredn.@wan[0].ssh_access)
+MESHFW_WAN_TELNET=$(/sbin/uci -q get aredn.@wan[0].telnet_access)
+
+if [ "${MESHFW_WAN_WEB}" != "0" ]; then
+    nft insert rule ip fw4 input_wan tcp dport 80 accept comment \"wan web access\" 2> /dev/null
+    nft insert rule ip fw4 input_wan tcp dport 8080 accept comment \"wan web access\" > /dev/null
+fi
+
+if [ "${MESHFW_WAN_SSH}" != "0" ]; then
+    nft insert rule ip fw4 input_wan tcp dport 2222 accept comment \"wan ssh access\" 2> /dev/null
+fi
+
+if [ "${MESHFW_WAN_TELNET}" != "0" ]; then
+    nft insert rule ip fw4 input_wan tcp dport 23 accept comment \"wan telnet access\" 2> /dev/null
+fi

files/etc/local/mesh-firewall/13-supernode-rules

@@ -0,0 +1,41 @@
+<<'LICENSE'
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2023 Tim Wilkinson
+   See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+LICENSE
+
+SUPERNODE_ENABLE=$(/sbin/uci -q get aredn.@supernode[0].enable)
+
+if [ "${SUPERNODE_ENABLE}" = "1" ]; then
+    nft insert rule ip fw4 input_dtdlink udp dport 53 accept comment \"dns access\" 2> /dev/null
+    nft insert rule ip fw4 input_dtdlink tcp dport 53 accept comment \"dns access\" > /dev/null
+    ip route add blackhole 10.0.0.0/8 table 30
+fi

files/etc/local/mesh-firewall/21-lqm

@@ -33,8 +33,11 @@
 
 LICENSE
 
-/usr/sbin/iptables -F input_lqm 2> /dev/null
-/usr/sbin/iptables -X input_lqm 2> /dev/null
-/usr/sbin/iptables -N input_lqm 2> /dev/null
-/usr/sbin/iptables -D INPUT -j input_lqm -m comment --comment 'block low quality links' 2> /dev/null
-/usr/sbin/iptables -I INPUT -j input_lqm -m comment --comment 'block low quality links' 2> /dev/null
+nft flush chain ip fw4 input_lqm 2> /dev/null
+nft delete chain ip fw4 input_lqm 2> /dev/null
+nft add chain ip fw4 input_lqm 2> /dev/null
+handle=$(nft -n -a list chain ip fw4 input | grep "jump input_lqm" | sed "s/^.* handle //")
+if [ "$handle" != "" ]; then
+  nft delete rule ip fw4 input handle $handle 2> /dev/null
+fi
+nft insert rule ip fw4 input jump input_lqm comment \"block low quality links\" 2> /dev/null

files/etc/local/mesh-firewall/59-custom-rules

@@ -8,7 +8,6 @@
 # on home network use the IP address of the WAN assigned to the mesh node
 # to access the ipcam, e.g.  http://192.168.1.59:8082
 
-#iptables -t nat -A zone_wan_prerouting       -p tcp -m tcp --dport 8082 		-j DNAT		    --to <IP address of ipcam>            -m comment --comment "my mesh ipCam"
-#iptables -t nat -A zone_wifi_postrouting     -p tcp -m tcp -d <IP address of ipcam>	-j SNAT --dport 80  --to-source <IP wifi on this node>    -m comment --comment "my mesh ipCam"
-#iptables -t nat -A zone_dtdlink_postrouting  -p tcp -m tcp -d <IP address of ipcam>	-j SNAT --dport 80  --to-source <IP dtdlink on this node> -m comment --comment "my mesh ipCam"
-
+#nft add rule ip fw4 prerouting_wan                                     tcp dport 8082 counter dnat to <IP address of ipcam>
+#nft add rule ip fw4 postrouting_wan     ip daddr <IP address of ipcam> tcp dport 80   counter snat to <IP wifi on this node>    comment \"my mesh ipCam\"
+#nft add rule ip fw4 postrouting_dtdlink ip daddr <IP address of ipcam> tcp dport 80   counter snat to <IP dtdlink on this node> comment \"my mesh ipCam\"

files/etc/mesh-release

@@ -1 +1 @@
-3.1.1TUNNEL
+KN6PLV-main-cdeb1b1d

files/etc/permpkg

@@ -1,80 +1,192 @@
+ath10k-board-qca9887
+ath10k-board-qca988x
+ath10k-firmware-qca4019-ct
+ath10k-firmware-qca9887-ct
+ath10k-firmware-qca988x-ct
 base-files
-bridge
+bnx2-firmware
 busybox
+ca-bundle
+curl
 dnsmasq
 dropbear
-firewall
-hotplug2
-ip
+ethtool
+firewall4
+fstools
+fwtool
+getrandom
+grub2
+grub2-bios-setup
+grub2-efi
+hostapd-common
 iperf3
-iptables
-iptables-mod-ipopt
 iw
 iwinfo
+jansson4
 jshn
+jsonfilter
 kernel
+kmod-amazon-ena
+kmod-amd-xgbe
 kmod-ath
+kmod-ath10k-ct
+kmod-ath10k-ct-smallbuffers
 kmod-ath9k
 kmod-ath9k-common
+kmod-bnx2
+kmod-button-hotplug
 kmod-cfg80211
-kmod-crypto-aes
-kmod-crypto-arc4
-kmod-crypto-core
+kmod-crypto-acompress
+kmod-crypto-aead
+kmod-crypto-ccm
+kmod-crypto-cmac
+kmod-crypto-crc32c
+kmod-crypto-ctr
+kmod-crypto-gcm
+kmod-crypto-gf128
+kmod-crypto-ghash
+kmod-crypto-hash
+kmod-crypto-hmac
+kmod-crypto-manager
+kmod-crypto-null
+kmod-crypto-rng
+kmod-crypto-seqiv
+kmod-crypto-sha256
+kmod-crypto-sha512
+kmod-e1000
+kmod-e1000e
+kmod-forcedeth
+kmod-fs-vfat
 kmod-gpio-button-hotplug
-kmod-ipt-conntrack
-kmod-ipt-core
-kmod-ipt-ipopt
-kmod-ipt-nat
-kmod-ipt-nathelper
+kmod-hwmon-core
+kmod-i2c-algo-bit
+kmod-i2c-core
+kmod-igb
+kmod-igc
+kmod-input-core
+kmod-ipip
+kmod-iptunnel
+kmod-iptunnel4
+kmod-ixgbe
 kmod-leds-gpio
-kmod-ledtrig-default-on
-kmod-ledtrig-netdev
-kmod-ledtrig-timer
-kmod-ledtrig-usbdev
-kmod-lib-crc-ccitt
+kmod-ledtrig-gpio
+kmod-lib-crc32c
+kmod-lib-lzo
+kmod-libphy
 kmod-mac80211
+kmod-mdio
+kmod-mdio-devres
+kmod-mii
+kmod-nf-conntrack
+kmod-nf-flow
+kmod-nf-log
+kmod-nf-nat
+kmod-nfnetlink
+kmod-nf-reject
+kmod-nft-core
+kmod-nft-fib
+kmod-nft-nat
+kmod-nft-offload
 kmod-nls-base
+kmod-nls-cp437
+kmod-nls-iso8859-1
+kmod-nls-utf8
+kmod-phy-realtek
+kmod-pps
+kmod-ptp
+kmod-r8169
+kmod-tg3
 kmod-tun
 kmod-usb-core
-kmod-usb-ohci
-kmod-usb-uhci
-kmod-usb2
-kmod-wdt-ath79
-libblobmsg-json
+kmod-usb-dwc3
+kmod-usb-dwc3-qcom
+libblkid1
+libblobmsg-json20220515
+libblobmsg-json20230523
 libc
-libgcc
-libip4tc
-libiwinfo
-libjson
-liblzo
-libnl-tiny
-libpcap
+libcurl4
+libf2fs6
+libgcc1
+libiperf3
+libiwinfo20210430
+libiwinfo20230701
+libiwinfo-data
+libiwinfo-lua
+libjson-c5
+libjson-script20220515
+libjson-script20230523
+liblua5.1.5
+liblucihttp0
+liblucihttp-lua
+liblzo2
+libmbedtls12
+libmnl0
+libnftnl11
+libnl-tiny1
 libpthread
 librt
-libubox
-libubus
-libuci
-libxtables
+libsmartcols1
+libubox20220515
+libubox20230523
+libubus20220601
+libubus20230605
+libubus-lua
+libuci20130104
+libuci-lua
+libuclient20201210
+libucode20220812
+libustream-mbedtls20201210
+libuuid1
+libxtables12
+logd
+lua
+luasocket
+luci-lib-base
+luci-lib-ip
+luci-lib-jsonc
+luci-lib-nixio
+mkf2fs
 mtd
 netifd
+nftables-json
 olsrd
 olsrd-mod-arprefresh
 olsrd-mod-dot-draw
 olsrd-mod-dyn-gw
-olsrd-mod-httpinfo
+olsrd-mod-jsoninfo
 olsrd-mod-nameservice
-olsrd-mod-secure
 olsrd-mod-txtinfo
 olsrd-mod-watchdog
+openwrt-keyring
 opkg
-ssidident
+partx-utils
+procd
+prometheus-exporter
+r8169-firmware
+rpcd
+rpcd-mod-file
+rpcd-mod-luci
+rssileds
 swconfig
-tcpdump-mini
+ubi-utils
 uboot-envtools
+ubox
 ubus
 ubusd
 uci
+uclient-fetch
+ucode
+ucode-mod-fs
+ucode-mod-nl80211
+ucode-mod-rtnl
+ucode-mod-ubus
+ucode-mod-uci
+ucode-mod-uloop
 uhttpd
+urandom-seed
+urngd
+usign
 vtun
+wireless-regdb
 wpad-mini
 zlib

files/etc/uci-defaults/11_compat_version

@@ -0,0 +1,8 @@
+#! /bin/sh
+VER=$(jsonfilter -e '@.system.compat_version' < /etc/board.json)
+if [ "${VER}" != "" ]; then
+    sed -i "s/^compat_version = 1.0/compat_version = ${VER}/" /etc/config.mesh/_setup
+    sed -i "s/^compat_version = 1.0/compat_version = ${VER}/" /etc/config.mesh/_setup.default
+    uci -q set system.@system[0].compat_version=${VER}
+    uci -q commit system
+fi

files/etc/uci-defaults/12_mikrotik_boot

@@ -0,0 +1,11 @@
+#! /bin/sh
+#
+# On Mikrotik devices, make sure the boot mode is 'flasheth' otherwise
+# the node can fail to boot.
+#
+if [ -f /sys/firmware/mikrotik/soft_config/boot_device ]; then
+    if [ "$(grep '\[flasheth\]' /sys/firmware/mikrotik/soft_config/boot_device)" = "" ]; then
+        echo "flasheth" > /sys/firmware/mikrotik/soft_config/boot_device
+        echo "1" > /sys/firmware/mikrotik/soft_config/commit
+    fi
+fi

files/etc/uci-defaults/45_aredn_reset_paths

@@ -4,6 +4,7 @@
 #will not change existing custom entries
 DISTRIB_TARGET=$(grep DISTRIB_TARGET /etc/openwrt_release|cut -d'=' -f2|tr -d "'")
 DISTRIB_RELEASE=$(grep DISTRIB_RELEASE /etc/openwrt_release|cut -d'=' -f2|tr -d "'")
+DISTRIB_ARCH=$(grep DISTRIB_ARCH /etc/openwrt_release|cut -d'=' -f2|tr -d "'")
 SERVER_PREFIX='http://downloads.arednmesh.org/'
 SNAPSHOT_PREFIX='snapshots/'
 
@@ -29,7 +30,7 @@ defaultPackageRepos()
   if [ "$repo" == "core" ]; then
     echo "${SERVER_PREFIX}${BUILD_PREFIX}targets/${DISTRIB_TARGET}/packages"
   else
-    echo "${SERVER_PREFIX}${BUILD_PREFIX}packages/mips_24kc/${repo}"
+    echo "${SERVER_PREFIX}${BUILD_PREFIX}packages/${DISTRIB_ARCH}/${repo}"
   fi
 }
 

files/etc/uci-defaults/80_aredn_lqm

@@ -7,6 +7,7 @@ do
         option enable '0'
         option min_snr '15'
         option margin_snr '1'
+        option rts_threshold '1'
         option min_distance '0'
         option max_distance '80467'
         option min_quality '50'

files/etc/uci-defaults/81_aredn_migrate_wansettings

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+noroute=$(grep "lan_dhcp_noroute" /etc/config.mesh/_setup | sed s/^lan_dhcp_noroute\ =\ //)
+olsrd_gw=$(grep "olsrd_gw" /etc/config.mesh/_setup | sed s/^olsrd_gw\ =\ //)
+
+if [ "$(/sbin/uci -c /etc/config.mesh -q get aredn.@wan[0])" != "wan" ]; then
+    /sbin/uci -c /etc/config.mesh -q add aredn wan
+fi
+
+if [ "${noroute}" != "" ]; then
+    if [ "${noroute}" = "0" ]; then
+        /sbin/uci -c /etc/config.mesh set aredn.@wan[0].lan_dhcp_route=1
+    else
+        /sbin/uci -c /etc/config.mesh set aredn.@wan[0].lan_dhcp_route=0
+    fi
+    /sbin/uci -c /etc/config.mesh set aredn.@wan[0].lan_dhcp_defaultroute=0
+    /sbin/uci -c /etc/config.mesh commit aredn
+    sed -i /^lan_dhcp_noroute\ =/d /etc/config.mesh/_setup
+elif [ "$(/sbin/uci -c /etc/config.mesh -q get aredn.@wan[0].lan_dhcp_route)" = "" ]; then
+    /sbin/uci -c /etc/config.mesh set aredn.@wan[0].lan_dhcp_route=1
+    /sbin/uci -c /etc/config.mesh set aredn.@wan[0].lan_dhcp_defaultroute=0
+    /sbin/uci -c /etc/config.mesh commit aredn
+fi
+
+if [ "${olsrd_gw}" != "" ]; then
+    /sbin/uci -c /etc/config.mesh set aredn.@wan[0].olsrd_gw=${olsrd_gw}
+    /sbin/uci -c /etc/config.mesh commit aredn
+    sed -i /^olsrd_gw\ =/d /etc/config.mesh/_setup
+fi

files/etc/uci-defaults/82_aredn_ntp_period_migrate

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# get current value of ntp_period if any
+if [ -e /etc/config.mesh/_setup ] ; then
+    period=$(grep "ntp_period" /etc/config.mesh/_setup | sed s/^ntp_period\ =\ //)
+fi
+
+# ensure /etc/config.mesh/aredn has ntp values
+if [ "$(/sbin/uci -c /etc/config.mesh -q get aredn.@ntp[0])" != "ntp" ]; then
+    /sbin/uci -c /etc/config.mesh -q add aredn ntp
+    if [ -n "${period}" ] ; then
+        /sbin/uci -c /etc/config.mesh -q set aredn.@ntp[0].period="${period}"
+    else
+        /sbin/uci -c /etc/config.mesh -q set aredn.@ntp[0].period="daily"
+    fi
+    /sbin/uci -c /etc/config.mesh -q commit aredn
+fi
+

files/etc/uci-defaults/90_aredn_default_tunnels

@@ -1,24 +1,11 @@
 #!/bin/sh
 if [ "$(/sbin/uci -c /etc/config.mesh -q get aredn.@tunnel[0])" != "tunnel" ]; then
     /sbin/uci -c /etc/config.mesh -q add aredn tunnel
-    /sbin/uci -c /etc/config.mesh -q set aredn.@tunnel[0].maxclients=10
-    /sbin/uci -c /etc/config.mesh -q set aredn.@tunnel[0].maxservers=10
     /sbin/uci -c /etc/config.mesh -q commit aredn
 fi
-clients=$(/sbin/uci -c /etc/config.mesh -q get aredn.@tunnel[0].maxclients)
-servers=$(/sbin/uci -c /etc/config.mesh -q get aredn.@tunnel[0].maxservers)
-maxtun=$((49 + $clients + $servers))
 
-# Check we have sufficient tunnels and regenerate network_tun if not
-if [ "$(/sbin/uci -c /etc/config.mesh -q get network_tun.tun$maxtun)" != "interface" -o "$(/sbin/uci -c /etc/config.mesh -q get network_tun.tun$((1 + $maxtun)))" != "" ]; then
-    cp /dev/null /etc/config.mesh/network_tun
-    for tun in $(seq 50 $maxtun)
-    do
-        cat >> /etc/config.mesh/network_tun <<__EOT__
-config interface 'tun$tun'
-    option ifname 'tun$tun'
-    option proto 'none'
-
-__EOT__
-    done
+# Default tunnel weight to 1 (perfect RF)
+if [ "$(/sbin/uci -c /etc/config.mesh -q get aredn.@tunnel[0].weight)" = "" ]; then
+    /sbin/uci -c /etc/config.mesh -q set aredn.@tunnel[0].weight=1
+    /sbin/uci -c /etc/config.mesh -q commit aredn
 fi

files/etc/uci-defaults/94_fix_mac_addresses

@@ -0,0 +1,41 @@
+#!/bin/sh
+# Fix mac addresses as necessary
+
+fix=""
+
+eth0=$(ifconfig eth0 2> /dev/null | grep HWaddr | sed s/^.*HWaddr\ // | sed s/\ //g)
+wlan0=$(ifconfig wlan0 2> /dev/null | grep HWaddr | sed s/^.*HWaddr\ // | sed s/\ //g)
+brlan=$(ifconfig br-lan 2> /dev/null | grep HWaddr | sed s/^.*HWaddr\ // | sed s/\ //g)
+boardid=$(/usr/local/bin/get_boardid)
+mfg=$(/usr/local/bin/get_hardware_mfg)
+
+if [ "$eth0" = "$wlan0" -a "$eth0" != "" ]; then
+    fix="lan wan dtdlink"
+elif [ "$wlan0" = "" ]; then
+    fix="lan wan dtdlink"
+elif [ "$brlan" = "00:03:7F:11:23:C6" ]; then # Fix AR300M
+    fix="lan"
+elif [ "$mfg" = "MikroTik" ]; then # Fix all MikroTiks
+    fix="lan wan dtdlink"
+fi
+
+mkdir -p /etc/aredn_include
+
+list=""
+for i in $fix
+do
+    if [ ! -s /etc/aredn_include/fixedmac.$i ]; then
+        # Some mac addresses are stored in /etc/board.json
+        mac=$(jsonfilter -i /etc/board.json -e @.network.$i.macaddr 2> /dev/null | awk '{print toupper($0)}')
+        if [[ "$list" =~ "#$mac#" ]]; then
+            # Dont allow reuse
+            mac=""
+        fi
+        if [ "$mac" = "" ]; then
+            # Generate a safe mac address
+            mac=$(hexdump -n5 -e'/5 "02" 5/1 ":%02X"' /dev/random)
+        fi
+        echo -e "\toption macaddr $mac" > /etc/aredn_include/fixedmac.$i
+        list="$list#$mac#"
+    fi
+done

files/etc/uci-defaults/94_update_permpkg

@@ -0,0 +1,4 @@
+#! /bin/sh
+# Update the permanent package list so we can't uninstall any of the standard system
+
+opkg list-installed | sed s/\ .*// > /etc/permpkg

files/etc/uci-defaults/98_change_default_maptiles

@@ -1,10 +1,11 @@
 #!/bin/sh
 #check for old default map tiles and change to the new map tiles if req'd
 #will not change existing custom entries.
-OLDTILES='http://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoiazVkbHEiLCJhIjoiY2lqMnlieTM4MDAyNXUwa3A2eHMxdXE3MiJ9.BRFvx4q2vi70z5Uu2zRYQw'
-NEWTILES='http://stamen-tiles-{s}.a.ssl.fastly.net/terrain/{z}/{x}/{y}.jpg'
+OLDTILES_1='http://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoiazVkbHEiLCJhIjoiY2lqMnlieTM4MDAyNXUwa3A2eHMxdXE3MiJ9.BRFvx4q2vi70z5Uu2zRYQw'
+OLDTILES_2='http://stamen-tiles-{s}.a.ssl.fastly.net/terrain/{z}/{x}/{y}.jpg'
+NEWTILES='http://tile.openstreetmap.org/{z}/{x}/{y}.png'
 MAPTILESERVER=$(/sbin/uci -c /etc/config.mesh get aredn.@map[0].maptiles)
-if [ "$MAPTILESERVER" = "$OLDTILES" ]; then
+if [ "$MAPTILESERVER" = "$OLDTILES_1" -o "$MAPTILESERVER" = "$OLDTILES_2" ]; then
   /sbin/uci -c /etc/config.mesh set aredn.@map[0].maptiles="$NEWTILES"
   /sbin/uci -c /etc/config.mesh commit aredn
 fi

files/etc/uci-defaults/99_setup_aredn_include

@@ -1,10 +1,16 @@
 #!/bin/sh
 # extract auto-generated first boot switch config settings
-# and store them for future use
+# and store them for future use. Support advanced user overrides.
+ainclude="/etc/aredn_include"
+mkdir -p $ainclude
+
+if [ -f /etc/aredn_include/swconfig.user ]
+then
+	cp /etc/aredn_include/swconfig.user /etc/aredn_include/swconfig
+fi
 if [ ! -f /etc/aredn_include/swconfig ]
 then
-  mkdir -p /etc/aredn_include
-  touch /etc/aredn_include/swconfig
+  touch $ainclude/swconfig
   i=0
   while true; do
     uci -q get network.\@switch\[$i\] > /dev/null
@@ -13,11 +19,11 @@ then
     then
       break
     fi
-    echo "config switch" >> /etc/aredn_include/swconfig
-    echo "    option name '`uci -q get network.\@switch\[$i\].name`'" >> /etc/aredn_include/swconfig
-    echo "    option reset '`uci -q get network.\@switch\[$i\].reset`'" >> /etc/aredn_include/swconfig
-    echo "    option enable_vlan '`uci -q get network.\@switch\[$i\].enable_vlan`'" >> /etc/aredn_include/swconfig
-    echo "" >> /etc/aredn_include/swconfig
+    echo "config switch" >> $ainclude/swconfig
+    echo "    option name '`uci -q get network.\@switch\[$i\].name`'" >> $ainclude/swconfig
+    echo "    option reset '`uci -q get network.\@switch\[$i\].reset`'" >> $ainclude/swconfig
+    echo "    option enable_vlan '`uci -q get network.\@switch\[$i\].enable_vlan`'" >> $ainclude/swconfig
+    echo "" >> $ainclude/swconfig
     let i++
   done
 
@@ -29,11 +35,11 @@ then
     then
       break
     fi
-    echo "config switch_vlan" >> /etc/aredn_include/swconfig
-    echo "	option device '`uci -q get network.\@switch_vlan\[$i\].device`'" >> /etc/aredn_include/swconfig
-    echo "	option vlan '`uci -q get network.\@switch_vlan\[$i\].vlan`'" >> /etc/aredn_include/swconfig
-    echo "	option ports '`uci -q get network.\@switch_vlan\[$i\].ports`'" >> /etc/aredn_include/swconfig
-    echo "" >> /etc/aredn_include/swconfig
+    echo "config switch_vlan" >> $ainclude/swconfig
+    echo "	option device '`uci -q get network.\@switch_vlan\[$i\].device`'" >> $ainclude/swconfig
+    echo "	option vlan '`uci -q get network.\@switch_vlan\[$i\].vlan`'" >> $ainclude/swconfig
+    echo "	option ports '`uci -q get network.\@switch_vlan\[$i\].ports`'" >> $ainclude/swconfig
+    echo "" >> $ainclude/swconfig
     let i++
   done
 
@@ -45,29 +51,30 @@ then
     then
       break
     fi
-    echo "config switch_port" >> /etc/aredn_include/swconfig
-    echo "	option device '`uci -q get network.\@switch_port\[$i\].device`'" >> /etc/aredn_include/swconfig
-    echo "	option port '`uci -q get network.\@switch_port\[$i\].port`'" >> /etc/aredn_include/swconfig
-    echo "	option pvid '`uci -q get network.\@switch_port\[$i\].pvid`'" >> /etc/aredn_include/swconfig
-    echo "" >> /etc/aredn_include/swconfig
+    echo "config switch_port" >> $ainclude/swconfig
+    echo "	option device '`uci -q get network.\@switch_port\[$i\].device`'" >> $ainclude/swconfig
+    echo "	option port '`uci -q get network.\@switch_port\[$i\].port`'" >> $ainclude/swconfig
+    echo "	option pvid '`uci -q get network.\@switch_port\[$i\].pvid`'" >> $ainclude/swconfig
+    echo "" >> $ainclude/swconfig
     let i++
   done
 
 fi
 
+# Network setup done by node-setup
+
 # Save system NET  LED settings
-if [ ! -f /etc/aredn_include/system_netled ]
+if [ ! -f $ainclude/system_netled ]
 then
-  mkdir -p /etc/aredn_include
-  touch /etc/aredn_include/system_netled
+  touch $ainclude/system_netled
 
-CFG=/etc/board.json
+  CFG=/etc/board.json
 
-. /usr/share/libubox/jshn.sh
+  . /usr/share/libubox/jshn.sh
 
-[ -s $CFG ] || /bin/board_detect || exit 1
+  [ -s $CFG ] || /bin/board_detect || exit 1
 
-generate_led() {
+  generate_led() {
 	local key="$1"
 	local cfg="led_$key"
 
@@ -85,13 +92,13 @@ generate_led() {
 		netdev)
 			local device mode
 			json_get_vars device mode
-    			echo "config led 'led_$1'" >> /etc/aredn_include/system_netled
-    			echo "    option name '$name'" >> /etc/aredn_include/system_netled
-    			echo "    option sysfs '$sysfs'" >> /etc/aredn_include/system_netled
-    			echo "    option trigger 'netdev'" >> /etc/aredn_include/system_netled
-    			echo "    option mode '$mode'" >> /etc/aredn_include/system_netled
-    			echo "    option dev '$device'" >> /etc/aredn_include/system_netled
-    			echo "" >> /etc/aredn_include/system_netled
+    			echo "config led 'led_$1'" >> $ainclude/system_netled
+    			echo "    option name '$name'" >> $ainclude/system_netled
+    			echo "    option sysfs '$sysfs'" >> $ainclude/system_netled
+    			echo "    option trigger 'netdev'" >> $ainclude/system_netled
+    			echo "    option mode '$mode'" >> $ainclude/system_netled
+    			echo "    option dev '$device'" >> $ainclude/system_netled
+    			echo "" >> $ainclude/system_netled
 		;;
 
 		usb)
@@ -112,12 +119,12 @@ generate_led() {
 		switch)
 			local port_mask speed_mask
 			json_get_vars port_mask speed_mask
-    			echo "config led 'led_$1'" >> /etc/aredn_include/system_netled
-    			echo "    option name '$name'" >> /etc/aredn_include/system_netled
-    			echo "    option sysfs '$sysfs'" >> /etc/aredn_include/system_netled
-    			echo "    option trigger '$trigger'" >> /etc/aredn_include/system_netled
-    			echo "    option port_mask '$port_mask'" >> /etc/aredn_include/system_netled
-    			echo "" >> /etc/aredn_include/system_netled
+    			echo "config led 'led_$1'" >> $ainclude/system_netled
+    			echo "    option name '$name'" >> $ainclude/system_netled
+    			echo "    option sysfs '$sysfs'" >> $ainclude/system_netled
+    			echo "    option trigger '$trigger'" >> $ainclude/system_netled
+    			echo "    option port_mask '$port_mask'" >> $ainclude/system_netled
+    			echo "" >> $ainclude/system_netled
 		;;
 
 		portstate)
@@ -133,25 +140,19 @@ generate_led() {
 
 	json_select ..
 	json_select ..
-}
+  }
 
 
-json_init
-json_load "$(cat ${CFG})"
+  json_init
+  json_load "$(cat ${CFG})"
 
 
-if [ ! -s /etc/aredn_include/system_netled ]; then
-	touch /etc/aredn_include/system_netled
+  if [ ! -s $ainclude/system_netled ]; then
+	touch $ainclude/system_netled
 
 	json_get_keys keys led
 	for key in $keys; do generate_led $key; done
-fi
-fi
-
-hwtype="$('/usr/local/bin/get_hardwaretype')"
-touch /etc/aredn_include/bridge_ports
-if [ "$hwtype" = "nanostation-m" -o "$hwtype" = "cpe220-v2" -o "$hwtype" = "cpe220-v3" -o "$hwtype" = "cpe210-v1" -o "$hwtype" = "cpe510-v1" -o "$hwtype" = "wbs210-v1" -o "$hwtype" = "wbs210-v2" -o "$hwtype" = "wbs510-v1" -o "$hwtype" = "wbs510-v2" ]; then
-	echo "	option	type	'bridge'" > /etc/aredn_include/bridge_ports
+  fi
 fi
 
 exit 0

files/usr/lib/lua/aredn/controller/login.lua

@@ -0,0 +1,83 @@
+#!/usr/bin/lua
+--[[
+
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2021 Darryl Quinn
+  See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+--]]
+require("aredn.info")
+require("aredn.utils")
+
+-- -------------------------------------
+-- -- Public API is attached to table
+-- -------------------------------------
+local module = {}
+
+function module:new(req)
+  self.req = req
+  return self
+end
+
+-- Class methods
+function module:process()
+  local res={}
+  
+  if self.req['method']=="GET" then
+    res = module:GET()
+  elseif self.req['method']=="POST" then
+    res = module:POST()
+  else
+    msg="unsupported http method: " .. self.req['method']
+    res['msg']=msg
+    res['success']=false
+  end
+  return res
+end
+
+-- IS LOGGED IN
+function module:GET()
+  local res={}
+  res['errors'] = {}
+  -- res['debug'] = {}
+  -- res['debug'] = self.req
+  res['success']=true
+  return res
+end
+
+-- LOGIN
+function module:POST()
+  local res={}
+  res['errors'] = {}
+  res['success']=true
+  return res
+end
+
+return module

files/usr/lib/lua/aredn/controller/setup_advanced.lua

@@ -0,0 +1,99 @@
+#!/usr/bin/lua
+--[[
+
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2021 Darryl Quinn
+  See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+--]]
+
+require("aredn.utils")
+
+-- -------------------------------------
+-- -- Public API is attached to table
+-- -------------------------------------
+local module = {}
+
+-- Class constructor (NEW method)
+function module:new(req)
+  self.req = req
+  return self
+end
+
+-- Class methods
+function module:process()
+  local res={}
+  
+  if self.req['method']=="GET" then
+    res = module:GET()
+  elseif self.req['method']=="POST" then
+    res = module:POST()
+  else
+    msg="unsupported http method: " .. self.req['method']
+    res['msg']=msg
+    res['success']=false
+  end
+  return res
+end
+
+
+function module:GET()
+  local res={}
+  msg="SetupAdvanced:GET()"
+  res['msg']=msg
+  res['success']=true
+  return res
+end
+
+function module:POST()
+  local res={}
+  msg="SetupAdvanced:POST()"
+  res['msg']=msg
+  res['success']=true
+  return res
+end
+
+function module:PUT()
+  local res={}
+  msg="unsupported method"
+  res['msg']=msg
+  res['success']=false
+  return res
+end
+
+function module:DELETE()
+  local res={}
+  msg="unsupported method"
+  res['msg']=msg
+  res['success']=false
+  return res
+end
+
+return module

files/usr/lib/lua/aredn/controller/setup_basic.lua

@@ -0,0 +1,213 @@
+#!/usr/bin/lua
+--[[
+
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2021 Darryl Quinn
+  See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+--]]
+require("aredn.info")
+require("aredn.hardware")
+require("aredn.utils")
+
+-- -------------------------------------
+-- -- Public API is attached to table
+-- -------------------------------------
+local module = {}
+
+-- Class constructor (NEW method)
+function module:new(req)
+  self.req = req
+  return self
+end
+
+-- Class methods
+function module:process()
+  local res={}
+  
+  if self.req['method']=="GET" then
+    res = module:GET()
+  elseif self.req['method']=="POST" then
+    res = module:POST()
+  else
+    msg="unsupported http method: " .. self.req['method']
+    res.msg=msg
+    res.success = false
+  end
+  return res
+end
+
+function module:GET()
+  local res={}
+  local data={}
+  data.basic = {}
+  data.basic.nodename = aredn.info.getNodeName()
+  data.basic.description = aredn.info.getNodeDescription()
+  -- password :: "WE CANNOT RETRIEVE THE PASSWORD"
+
+  -- MESHRF
+  radio = aredn.info.getMeshRadioDevice()
+  data.meshrf = {}
+  data.meshrf.ssid_full = aredn.info.getSSID()
+  data.meshrf.ssid_prefix = data['meshrf']['ssid_full']:split("-")[1]
+  data.meshrf.enabled = aredn.info.isMeshRadioEnabled(radio)
+  data.meshrf.ip = aredn.info.getInterfaceIPAddress("wifi")
+  data.meshrf.netmask = aredn.info.getInterfaceNetmask("wifi")
+  data.meshrf.distance = aredn.info.getMeshRadioDistance(radio)
+  data.meshrf.bw = aredn.info.getChannelBW(radio)
+  data.meshrf.channel = aredn.info.getChannel(radio)
+  data.meshrf.power = aredn.info.getTXPower(radio)
+  data.meshrf.maxpower = aredn.hardware.wifi_maxpower(radio, data['meshrf']['channel'])
+  
+
+  -- LAN
+  data.lan = {}
+  data.lan.mode = aredn.info.getLANMode()
+  data.lan.dhcp = aredn.info.isLANDHCPEnabled()
+  data.lan.ip = aredn.info.getInterfaceIPAddress("lan")
+  data.lan.netmask = aredn.info.getInterfaceNetmask("lan")
+  -- dhcp_start
+  -- dhcp_end
+
+  -- LANAP
+  data.lanap = {}
+
+  -- WAN
+  data.wan = {}
+
+  -- WAN Advanced
+  data.wanadv = {}
+  data.wanadv.meshgw = aredn.info.isMeshGatewayEnabled()
+
+  -- WAN Wifi Client
+  data.wanclient = {}
+
+  res.data=data
+  res.errors = {}
+  res.success = true
+  return res
+end
+
+function module:POST()
+  local res={}
+  local errors = {}
+  local e = {}
+  
+  -- STORE DATA --
+  -- node name (to uci)
+  local nodename = self.req.content.data.nodename
+  local description = self.req.content.data.description
+  local passwd = self.req.content.data.password
+
+  local cursor = uci.cursor()
+
+  -- PERFORM any CROSS-VALUE validation
+  -- (ie. if 2Ghz radio is configured for MESH, don't allow 2Ghz radio for AP Client, etc)
+
+
+  e = module:save_nodename(nodename)
+  if next(e)~=nil then table.insert(errors, e) end
+  
+  e = module:save_description(description)
+  if next(e)~=nil then table.insert(errors, e) end
+  
+  -- password
+  e = module:save_password(passwd)
+  if next(e)~=nil then table.insert(errors, e) end
+  
+  -- -- UCI commit
+  if #errors==0 then
+    -- TODO: change to optimal commit
+    -- cursor:commit("hsmmmesh")
+    -- cursor:commit("system")
+    rc = os.execute("uci -q -c /etc/local/uci/ commit")
+    if (rc ~= 0) then
+      e = {}
+      e.name="setup_basic"
+      e.msg="uci commit error: " .. rc
+      table.insert(errors, e)
+    end
+  end
+
+  res.errors = errors
+  res.success = (#errors==0 and true or false)
+  if res.success then res.restart = true end
+  return res
+end
+
+-- ---------------
+-- SAVE FUNCTIONS
+-- ---------------
+function module:save_nodename(nodename)
+  local e = {}
+  -- validations
+  if (nodename == "") then
+    e.name = "nodename"
+    e.msg = "field cannot be empty"
+  else
+    -- local cursor = uci.cursor()
+    cursor:set("hsmmmesh", "settings", "node", nodename)
+    
+    -- local rc = os.execute("uci -q -c /etc/local/uci/ set hsmmmesh.settings.node='" .. nodename .. "'")
+    --if (rc ~= 0) then
+    --  e.name="nodename"
+    --  e.msg="error setting uci value"
+    --end
+  end
+  return e
+end
+
+function module:save_description(description)
+  local e = {}
+  -- validations
+  local rc = os.execute("uci -q set system.@system[0].description='" .. description .. "'")
+  if (rc ~= 0) then
+    e.name="description"
+    e.msg="error setting uci value " .. rc
+  end
+  return e
+end
+
+function module:save_password(password)
+  local e = {}
+  local rc = nil
+  -- validations
+  if password then
+    rc = os.execute("/usr/local/bin/setpasswd '"  .. password .. "' >/dev/null 2>&1")
+  end
+  if (rc ~= 0) then
+    e.name="password"
+    e.msg="error setting password " .. rc
+  end
+  return e
+end
+
+
+return module

files/usr/lib/lua/aredn/controller/setup_optional.lua

@@ -0,0 +1,95 @@
+#!/usr/bin/lua
+--[[
+
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2021 Darryl Quinn
+  See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+--]]
+
+require("aredn.utils")
+
+-- -------------------------------------
+-- -- Public API is attached to table
+-- -------------------------------------
+local module = {}
+
+-- Class constructor (NEW method)
+function module:new(req)
+  self.req = req
+  return self
+end
+
+-- Class methods
+function module:process()
+  local res={}
+  
+  if self.req['method']=="GET" then
+    res = module:GET()
+  elseif self.req['method']=="POST" then
+    res = module:POST()
+  end
+  return res
+end
+
+
+function module:GET()
+  local res={}
+  msg="SetupOptional:GET()"
+  res['msg']=msg
+  res['success']=true
+  return res
+end
+
+function module:POST()
+  local res={}
+  msg="SetupOptional:POST()"
+  res['msg']=msg
+  res['success']=true
+  return res
+end
+
+function module:PUT()
+  local res={}
+  msg="unsupported method"
+  res['msg']=msg
+  res['success']=false
+  return res
+end
+
+function module:DELETE()
+  local res={}
+  msg="unsupported method"
+  res['msg']=msg
+  res['success']=false
+  return res
+end
+
+return module

files/usr/lib/lua/aredn/hardware.lua

@@ -41,6 +41,8 @@ local hardware = {}
 
 local radio_json = nil
 local board_json = nil
+local channels_cache = {}
+local antennas_cache = {}
 
 function hardware.get_board()
     if not board_json then
@@ -50,6 +52,14 @@ function hardware.get_board()
         end
         board_json = json.parse(f:read("*a"))
         f:close()
+        -- Collapse virtualized hardware into the two basic types
+        if board_json.model.id:match("^qemu%-") then
+            board_json.model.id = "qemu"
+            board_json.model.name = "QEMU"
+        elseif board_json.model.id:lower():match("^vmware") then
+            board_json.model.id = "vmware"
+            board_json.model.name = "VMware"
+        end
     end
     return board_json
 end
@@ -62,26 +72,62 @@ function hardware.get_radio()
         end
         local radios = json.parse(f:read("*a"))
         f:close()
-        radio_json = radios[hardware.get_board_id()]
+        radio_json = radios[hardware.get_board_id():lower()]
+        if radio_json and not radio_json.name then
+            radio_json.name = hardware.get_board_id()
+        end
     end
     return radio_json
 end
 
-function hardware.wifi_maxpower(channel)
+function hardware.get_radio_count()
     local radio = hardware.get_radio()
+    if radio and radio.wlan0 then
+        if radio.wlan1 then
+            return 2
+        else
+            return 1
+        end
+    else
+        local count = 0
+        if nixio.fs.stat("/sys/class/ieee80211") then
+            for file in nixio.fs.dir("/sys/class/ieee80211")
+            do
+                count = count + 1
+            end
+        end
+        return count
+    end
+end
+
+function hardware.get_radio_intf(wifiintf)
+    local radio = hardware.get_radio()
+    if radio and radio[wifiintf] then
+        return radio[wifiintf]
+    else
+        return radio
+    end
+end
+
+function hardware.wifi_maxpower(wifiintf, channel)
+    local radio = hardware.get_radio_intf(wifiintf)
     if radio then
-        if radio.chanpower then
-            for k, v in pairs(radio.chanpower)
+        local maxpower = radio.maxpower
+        local chanpower = radio.chanpower
+        if chanpower then
+            for k, v in pairs(chanpower)
             do
                 if channel <= tonumber(k) then
                     return tonumber(v)
                 end
             end
-        elseif radio.maxpower then
-            return tonumber(radio.maxpower)
+        end
+        maxpower = tonumber(maxpower)
+        if maxpower then
+            return maxpower
         end
     end
-    return 27 -- if all else fails
+    return 27 -- default
 end
 
 function hardware.wifi_poweroffset(wifiintf)
@@ -98,11 +144,14 @@ function hardware.wifi_poweroffset(wifiintf)
         end
         f:close()
     end
-    local radio = hardware.get_radio()
-    if radio and tonumber(radio.pwroffset) then
-         return tonumber(radio.pwroffset)
+    local radio = hardware.get_radio_intf(wifiintf)
+    if radio then
+        local pwroffset = tonumber(radio.pwroffset)
+        if pwroffset then
+            return pwroffset
+        end
     end
-    return 0 -- if all else fails
+    return 0 -- default
 end
 
 function hardware.get_board_id()
@@ -123,6 +172,22 @@ function hardware.get_board_type()
     return hardware.get_board().model.id
 end
 
+function hardware.get_board_network_ifname(type)
+    local network = hardware.get_board().network[type]
+    if network then
+        if network.ifname then
+            return network.ifname
+        end
+        if network.device then
+            return network.device
+        end
+        if network.ports then
+            return table.concat(network.ports, " ")
+        end
+    end
+    return ""
+end
+
 function hardware.get_type()
     local id = hardware.get_board().model.id
     local type = id:match(",(.*)")
@@ -151,6 +216,10 @@ function hardware.get_iface_name(name)
     if intfname then
         return intfname:match("^(%S+)")
     end
+    local device = cursor:get("network", name, "device")
+    if device then
+        return device
+    end
     -- Now we guess
     if name == "lan" then
         return "eth0"
@@ -168,29 +237,6 @@ function hardware.get_iface_name(name)
     return hardware.get_board().network[name].ifname:match("^(%S+)")
 end
 
-function hardware.get_bridge_iface_names(name)
-    local cursor = uci.cursor()
-    local intfnames = cursor:get("network", name, "ifname")
-    if intfnames then
-        return intfnames
-    end
-    -- Now we guess
-    if name == "lan" then
-        return "eth0"
-    end
-    if name == "wan" then
-        return "eth0.1"
-    end
-    if name == "wifi" then
-        return "wlan0"
-    end
-    if name == "dtdlink" then
-        return "eth0.2"
-    end
-    -- Maybe the board knows
-    return hardware.get_board().network[name].ifname
-end
-
 function hardware.get_link_led()
     local err, result = xpcall(
         function()
@@ -213,52 +259,207 @@ function hardware.get_link_led()
 end
 
 function hardware.has_poe()
-    local err, result = xpcall(
-        function() return hardware.get_board().gpioswitch.poe_passthrough.pin or true end,
-        function() return false end
-    )
-    return result
+    local board = hardware.get_board()
+    if board and board.gpioswitch and board.gpioswitch.poe_passthrough and board.gpioswitch.poe_passthrough.pin then
+        return true
+    end
+    -- Handle typo in various config files
+    if board and board.gpioswitch and board.gpioswitch.poe_passtrough and board.gpioswitch.poe_passtrough.pin then
+        return true
+    end
+    local _, count = nixio.fs.glob("/sys/class/gpio/enable-poe:*")
+    if count > 0 then
+        return true
+    end
+    return false
 end
 
 function hardware.has_usb()
-    local err, result = xpcall(
-        function() return hardware.get_board().gpioswitch.usb_power_switch.pin or true end,
-        function() return false end
-    )
-    return result
+    local board = hardware.get_board()
+    if board and board.gpioswitch and board.gpioswitch.usb_power_switch and board.gpioswitch.usb_power_switch.pin then
+        return true
+    end
+    local _, count = nixio.fs.glob("/sys/class/gpio/usb-power")
+    if count > 0 then
+        return true
+    end
+    return false
 end
 
-function hardware.get_rfband()
-    local radio = hardware.get_radio()
-    if radio then
-        return radio.rfband
+function hardware.has_wifi()
+    if nixio.fs.stat("/sys/kernel/debug/ieee80211/phy0") then
+        return true
     else
-        return nil
+        return false
     end
 end
 
-function hardware.get_default_channel()
-    local radio = hardware.get_radio()
-    if radio.rfband == "900" then
-        return { channel = 5, bandwidth = 5 }
-    elseif radio.rfband == "2400" then
-        return { channel = -2, bandwidth = 10 }
-    elseif radio.rfband == "3400" then
-        return { channel = 84, bandwidth = 10 }
-    elseif radio.rfband == "5800ubntus" then
-        return { channel = 149, bandwidth = 10 }
-    else
-        return nil
+function hardware.get_rfbandwidths(wifiintf)
+    local radio = hardware.get_radio_intf(wifiintf)
+    if radio and radio.bandwidths then
+        return radio.bandwidths
     end
+    return { 5, 10, 20 }
+end
+
+function hardware.get_default_channel(wifiintf)
+    for _, channel in ipairs(hardware.get_rfchannels(wifiintf))
+    do
+        if channel.frequency == 912 then
+            return { channel = 5, bandwidth = 5, band = "900MHz" }
+        end
+        local bws = {}
+        for _, v in ipairs(hardware.get_rfbandwidths(wifiintf))
+        do
+            bws[v] = v
+        end
+        local bw = bws[10] or bws[20] or bws[5] or 0
+        if channel.frequency == 2397 then
+            return { channel = -2, bandwidth = bw, band = "2.4GHz" }
+        end
+        if channel.frequency == 2412 then
+            return { channel = 1, bandwidth = bw, band = "2.4GHz" }
+        end
+        if channel.frequency == 3420 then
+            return { channel = 84, bandwidth = bw, band = "3GHz" }
+        end
+        if channel.frequency == 5745 then
+            return { channel = 149, bandwidth = bw, band = "5GHz" }
+        end
+    end
+    return nil
+end
+
+function hardware.get_rfchannels(wifiintf)
+    local channels = channels_cache[wifiintf]
+    if not channels then
+        channels = {}
+        local f = io.popen("iwinfo " .. wifiintf .. " freqlist")
+        if f then
+            local freq_adjust = 0
+            local freq_min = 0
+            local freq_max = 0x7FFFFFFF
+            if wifiintf == "wlan0" then
+                local radio = hardware.get_radio()
+                if radio then
+                    if radio.name:match("M9") then
+                        freq_adjust = -1520;
+                        freq_min = 907
+                        freq_max = 922
+                    elseif radio.name:match("M3") then
+                        freq_adjust = -2000;
+                        freq_min = 3380
+                        freq_max = 3495
+                    end
+                end
+            end
+            for line in f:lines()
+            do
+                local freq, num = line:match("(%d+%.%d+) GHz %(Band: .*, Channel (%-?%d+)%)")
+                if freq and not line:match("restricted") and not line:match("disabled") then
+                    freq = tonumber("" .. freq:gsub("%.", "")) + freq_adjust
+                    if freq >= freq_min and freq <= freq_max then
+                        num = tonumber("" .. num:gsub("^0+", ""))
+                        channels[#channels + 1] = {
+                            label = freq_adjust == 0 and (num .. " (" .. freq .. ")") or (freq),
+                            number = num,
+                            frequency = freq
+                        }
+                    end
+                end
+            end
+            f:close()
+            channels_cache[wifiintf] = channels
+        end
+    end
+    return channels
+end
+
+function hardware.get_antennas(wifiintf)
+    local ants = antennas_cache[wifiintf]
+    if not ants then
+        local radio = hardware.get_radio_intf(wifiintf)
+        if radio and radio.antenna then
+            if radio.antenna == "external" then
+                local dchan = hardware.get_default_channel(wifiintf)
+                if dchan and dchan.band then
+                    local f = io.open("/etc/antennas.json")
+                    if f then
+                        ants = json.parse(f:read("*a"))
+                        f:close()
+                        ants = ants[dchan.band]
+                    end
+                end
+            else
+                radio.antenna.builtin = true
+                ants = { radio.antenna }
+            end
+        end
+        antennas_cache[wifiintf] = ants
+    end
+    return ants
+end
+
+function hardware.get_antennas_aux(wifiintf)
+    local ants = antennas_cache["aux:" .. wifiintf]
+    if not ants then
+        local radio = hardware.get_radio_intf(wifiintf)
+        if radio and radio.antenna_aux == "external" then
+            local dchan = hardware.get_default_channel(wifiintf)
+            if dchan and dchan.band then
+                local f = io.open("/etc/antennas.json")
+                if f then
+                    ants = json.parse(f:read("*a"))
+                    f:close()
+                    ants = ants[dchan.band]
+                end
+            end
+        end
+        antennas_cache["aux:" .. wifiintf] = ants
+    end
+    return ants
+end
+
+function hardware.get_current_antenna(wifiintf)
+    local ants = hardware.get_antennas(wifiintf)
+    if ants then
+        if #ants == 1 then
+            return ants[1]
+        end
+        local antenna = uci.cursor():get("aredn", "@location[0]", "antenna")
+        if antenna then
+            for _, ant in ipairs(ants)
+            do
+                if ant.model == antenna then
+                    return ant
+                end
+            end
+        end
+    end
+    return nil
+end
+
+function hardware.get_current_antenna_aux(wifiintf)
+    local ants = hardware.get_antennas_aux(wifiintf)
+    if ants then
+        if #ants == 1 then
+            return ants[1]
+        end
+        local antenna = uci.cursor():get("aredn", "@location[0]", "antenna_aux")
+        if antenna then
+            for _, ant in ipairs(ants)
+            do
+                if ant.model == antenna then
+                    return ant
+                end
+            end
+        end
+    end
+    return nil
 end
 
 function hardware.supported()
-    local radio = hardware.get_radio()
-    if radio then
-        return tonumber(radio.supported)
-    else
-        return 0
-    end
+    return hardware.get_radio() and true or false
 end
 
 function hardware.get_interface_ip4(intf)

files/usr/lib/lua/aredn/html.lua

@@ -69,13 +69,17 @@ end
 function html.alert_banner()
     html.print("<div class=\"TopBanner\">")
     html.print("<div class=\"LogoDiv\"><a href=\"http://localnode.local.mesh:8080\" title=\"Go to localnode\"><img src=\"/AREDN.png\" class=\"AREDNLogo\"></img></a></div>")
-    local supported = aredn.hardware.supported()
-    if supported == 0 then
-        html.print("<div style=\"padding:5px;background-color:#FF4719;color:black;border:1px solid #ccc;width:600px;\"><a href=\"/cgi-bin/sysinfo\">!!!! UNSUPPORTED DEVICE !!!!</a></div>")
-    elseif supported == -2 then
-        html.print("<div style=\"padding:5px;background-color:yellow;color:black;border:1px solid #ccc;width:600px;\"><a href=\"/cgi-bin/sysinfo\"> !!!! THIS DEVICE IS STILL BEING TESTED !!!!</a></div>")
-    elseif supported ~= 1 then
-        html.print("<div style=\"padding:5px;background-color:yellow;color:black;border:1px solid #ccc;width:600px;\"><a href=\"/cgi-bin/sysinfo\">!!!! UNTESTED HARDWARE !!!!</a></div>")
+    if not aredn.hardware.supported() then
+        html.print("<center><div style=\"padding:5px;background-color:#FF4719;color:black;border:1px solid #ccc;width:600px;\"><a href=\"/cgi-bin/sysinfo\">!!!! UNSUPPORTED DEVICE !!!!</a></div></center>")
+    end
+    local f = io.open("/etc/cron.boot/reinstall-packages")
+    if f then
+        f:close()
+        f = io.open("/etc/package_store/catalog.json")
+        if f then
+            f:close()
+            html.print("<center><div style=\"padding:5px;color:black;border:1px solid #ccc;width:650px;\">Packages are being reinstalled in the background. This can take a few minutes.</div></center>")
+        end
     end
     html.print("</div>")
 end
@@ -93,6 +97,185 @@ function html.msg_banner()
     html.print("</div>")
 end
 
+function html.navbar_user(selected, config_mode)
+    local order = {}
+    local navs = {}
+    if config_mode then
+        _G.config_mode = config_mode
+    end
+    for file in nixio.fs.dir("/usr/lib/lua/aredn/nav/user")
+    do
+        order[#order + 1] = file
+        navs[file] = require("aredn.nav.user." .. file:match("^(.*)%.lua$"))
+    end
+    table.sort(order)
+    html.print("<nobr>")
+    html.print("<a href='/help.html' target='_blank'>Help</a>")
+    html.print("&nbsp;&nbsp;<input type=button name=refresh value=Refresh title='Refresh this page' onclick='window.location.reload()'>")
+    for _, key in ipairs(order)
+    do
+        local nav = navs[key]
+        if type(nav) == "table" then
+            html.print("&nbsp;&nbsp;<button type=button onClick='window.location=\"" .. nav.href .. "\"' title='" .. (nav.hint or "") .. "' " .. (nav.enable == false and "disabled" or "") .. ">" .. nav.display .. "</button>")
+        end
+    end
+    html.print("&nbsp;&nbsp;<select name=\"css\" size=\"1\" onChange=\"form.submit()\" >")
+    html.print("<option>Select a theme</option>")
+    for file in nixio.fs.glob("/www/*.css")
+    do
+        if file ~= "/www/style.css" then
+            file = file:match("/www/(.*).css")
+            html.print("<option value=\"" .. file .. ".css\">" .. file .. "</option>")
+        end
+    end
+    html.print("</select>")
+    html.print("</nobr>")
+end
+
+function html.navbar_admin(selected)
+    local order = {}
+    local navs = {}
+    for file in nixio.fs.dir("/usr/lib/lua/aredn/nav/admin")
+    do
+        order[#order + 1] = file
+        navs[file] = require("aredn.nav.admin." .. file:match("^(.*)%.lua$"))
+    end
+    table.sort(order)
+    html.print("<table cellpadding=5 border=0 align=center width='" .. (#order * 120) .. "px'><tr><td colspan=100%><hr></td></tr><tr>")
+    local width = math.floor(100 / #order) .. "%"
+    for _, key in ipairs(order)
+    do
+        local nav = navs[key]
+        if type(nav) == "table" then
+            html.print("<td align=center width=" .. width .. (nav.href == selected and " class='navbar_select'" or "") .. ">")
+            if nav.enable == false then
+                html.print(nav.display .. "</td>")
+            else
+                html.print("<a href='" .. nav.href .. "'>" .. nav.display .. "</a></td>")
+            end
+        end
+    end
+    html.print("</tr><tr><td colspan=100%><hr></td></tr></table>")
+end
+
+function html.wait_for_reboot(delay, countdown, address)
+    if address then
+        address = [["http://]] .. address .. [[/cgi-bin/status"]]
+    else
+        address = [[window.origin + "/cgi-bin/status"]]
+    end
+    html.print([[
+<script>
+    const TIMEOUT = 5000;
+    function reload() {
+        const start = Date.now();
+        const req = new XMLHttpRequest();
+        req.open('GET', ]] .. address .. [[);
+        req.onreadystatechange = function() {
+            if (req.readyState === 4) {
+                if (req.status === 200) {
+                    window.location = ]] .. address .. [[;
+                }
+                else {
+                    const time = Date.now() - start;
+                    setTimeout(reload, time > TIMEOUT ? 0 : TIMEOUT - time);
+                }
+            }
+        }
+        req.timeout = TIMEOUT;
+        try {
+            req.send(null);
+        }
+        catch (_) {
+        }
+    }
+    const start = Date.now()
+    function cdown() {
+        const div = document.getElementById("countdown");
+        if (div) {
+            let t = Math.round(]] .. countdown .. [[ - (Date.now() - start) / 1000);
+            div.innerHTML = t <= 0 ? "..." : new Date(1000 * t).toISOString().substring(14, 19);
+            const cdp = document.getElementById("cdprogress");
+            if (cdp) {
+                if (t < 0)
+                    cdp.removeAttribute("value");
+                else
+                    cdp.setAttribute("value", cdp.getAttribute("max") - t);
+            }
+        }
+    }
+    setInterval(cdown, 1000);
+    setTimeout(reload, ]] .. delay .. [[ * 1000);
+</script>
+    ]])
+end
+
+function html.reboot()
+    require("aredn.info")
+    require("aredn.hardware")
+    require("aredn.http")
+    require("uci")
+
+    local node = aredn.info.get_nvram("node")
+    if node == "" then
+        node = "Node"
+    end
+    local lanip, _, lanmask = aredn.hardware.get_interface_ip4(aredn.hardware.get_iface_name("lan"))
+    local browser = os.getenv("REMOTE_ADDR")
+    local browser6 = browser:match("::ffff:([%d%.]+)")
+    if browser6 then
+        browser = browser6
+    end
+    local fromlan = false
+    local subnet_change = false
+    if lanip then
+        fromlan = validate_same_subnet(browser, lanip, lanmask)
+        if fromlan then
+            lanmask = ip_to_decimal(lanmask)
+            local cursor = uci.cursor()
+            local cfgip = cursor:get("network", "lan", "ipaddr")
+            local cfgmask = ip_to_decimal(cursor:get("network", "lan", "netmask"))
+            if lanmask ~= cfgmask or nixio.bit.band(ip_to_decimal(lanip), lanmask) ~= nixio.bit.band(ip_to_decimal(cfgip), cfgmask) then
+                subnet_change = true
+            end
+        end
+    end
+    http_header()
+    if fromlan and subnet_change then
+        html.header(node .. " rebooting", false);
+        local cursor = uci.cursor()
+        local wifiip = cursor:get("network", "wifi", "ipaddr")
+        if not wifiip then
+            wifiip = "localnode.local.mesh"
+        end
+        html.wait_for_reboot(20, 120, wifiip)
+        html.print("</head><body><center>")
+        html.print("<h1>" .. node .. " is rebooting</h1><br>")
+        html.print("<h3>The LAN subnet has changed. You will need to acquire a new DHCP lease<br>")
+        html.print("and reset any name service caches you may be using.</h3><br>")
+        html.print("<h3>When the node reboots you get your new DHCP lease and reconnect with<br>")
+        html.print("<a href='http://localnode.local.mesh:8080/'>http://localnode.local.mesh:8080/</a><br>or<br>")
+        html.print("<a href='http://" .. node .. ".local.mesh:8080/'>http://" .. node .. ".local.mesh:8080/</a></h3>")
+    else
+        html.header(node .. " rebooting", false)
+        html.wait_for_reboot(20, 120)
+        html.print("</head><body><center>")
+        html.print("<h1>" .. node .. " is rebooting</h1><br>")
+        html.print("<h3>Your browser should return to this node after it has rebooted.</br><br>")
+        html.print("If something goes astray you can try to connect with<br><br>")
+        html.print("<a href='http://localnode.local.mesh:8080/'>http://localnode.local.mesh:8080/</a><br>")
+        if node ~= "Node" then
+            html.print("or<br><a href='http://" .. node .. ".local.mesh:8080/'>http://" .. node .. ".local.mesh:8080/</a></h3>")
+        end
+    end
+    html.print("<br><h3><label for='cdprogress'>Rebooting: </label><progress id='cdprogress' max='120'/></h3>")
+    html.print("<h1>Time Remaining: <span id='countdown'/></h1>")
+    html.print("</center></body></html>")
+    http_footer()
+    os.execute("reboot >/dev/null 2>&1")
+    os.exit()
+end
+
 function html.print(line)
     -- html output is defined in aredn.http
     -- this is a bit icky at the moment :-()
@@ -103,6 +286,14 @@ function html.print(line)
     end
 end
 
+function html.write(str)
+    if http_output then
+        http_output:write(str)
+    else
+        io.write(str)
+    end
+end
+
 if not aredn then
     aredn = {}
 end

files/usr/lib/lua/aredn/http.lua

@@ -49,6 +49,7 @@ http_output = nil
 function http_header(disable_compression)
    print "Content-type: text/html\r"
    print "Cache-Control: no-store\r"
+   print("Access-Control-Allow-Origin: *\r")
    if not disable_compression then
      local encoding = os.getenv("HTTP_ACCEPT_ENCODING")
      if encoding and encoding:match("gzip") then
@@ -94,3 +95,6 @@ function parsecgi(str)
 end
 -- Written by RiciLake -- END
 
+function encode_uri_component(str)
+  return str:gsub(" ", "%%20"):gsub("%+", "%%2B"):gsub("=", "%%3D")
+end

files/usr/lib/lua/aredn/info.lua

@@ -37,8 +37,6 @@
 require("uci")
 local aredn_uci = require("aredn.uci")
 require("aredn.utils")
-
--- require("aredn.http")
 local lip=require("luci.ip")
 require("nixio")
 require("ubus")
@@ -121,6 +119,30 @@ function model.getGridSquare()
 	return loc[1]['gridsquare']
 end
 
+-------------------------------------
+-- Returns antenna azimuth
+-------------------------------------
+function model.getAzimuth()
+	loc=aredn_uci.getUciConfType("aredn", "location")
+	return loc[1]['azimuth']
+end
+
+-------------------------------------
+-- Returns antenna elevation
+-------------------------------------
+function model.getElevation()
+	loc=aredn_uci.getUciConfType("aredn", "location")
+	return loc[1]['elevation']
+end
+
+-------------------------------------
+-- Returns antenna height
+-------------------------------------
+function model.getHeight()
+	loc=aredn_uci.getUciConfType("aredn", "location")
+	return loc[1]['height']
+end
+
 -------------------------------------
 -- Returns AREDN Alert (if exists)
 -------------------------------------
@@ -190,6 +212,7 @@ function model.getSSID()
 	for pos, t in pairs(wif) do
 		if wif[pos]['network']=="wifi" then
 			myssid=wif[pos]['ssid']
+			break
 		end
 	end
 	return myssid
@@ -206,11 +229,46 @@ function model.getMeshRadioDevice()
 	for pos,i in pairs(wifiinterfaces) do
 		if wifiinterfaces[pos]['mode']=="adhoc" then
 			radio=wifiinterfaces[pos]['device']
+			break
 		end
 	end
 	return radio
 end
 
+-------------------------------------
+-- Determine if Radio Device for Mesh is enabled
+-------------------------------------
+function model.isMeshRadioEnabled(radio)
+	local wifidevice=aredn_uci.getUciConfType("wireless","wifi-device")
+	for pos,i in pairs(wifidevice) do
+		if wifidevice[pos]['.name']==radio then
+			disabled=wifidevice[pos]['disabled']
+			break
+		end
+	end
+	
+	if disabled == "0" then
+		return true
+	else
+		return false
+	end
+end
+
+-------------------------------------
+-- Determine distance value for Mesh radio
+-------------------------------------
+function model.getMeshRadioDistance(radio)
+	local distance = ""
+	local wifidevice=aredn_uci.getUciConfType("wireless","wifi-device")
+	for pos,i in pairs(wifidevice) do
+		if wifidevice[pos]['.name']==radio then
+			distance=wifidevice[pos]['distance']
+			break
+		end
+	end
+	return distance
+end
+
 -------------------------------------
 -- TODO: Return Band
 -------------------------------------
@@ -219,20 +277,26 @@ function model.getBand(radio)
 end
 
 -------------------------------------
--- Return Frequency
+-- Return TX Power
 -------------------------------------
-function model.getFreq()
-	local wlanInf=get_ifname('wifi')
+function model.getTXPower(wlanInf)
 	local api=iwinfo.type(wlanInf)
 	local iw = iwinfo[api]
-	local freq = iw.frequency(wlanInf)
-	local radio = wlanInf:match("wlan(%d+)")
-	if radio then
-		local chan = tonumber(uci.cursor():get("wireless", "radio" .. radio, "channel") or 0)
-		-- 3GHZ channel -> Freq conversion
-		if (chan >= 76 and chan <= 99) then
-			freq = freq - 2000
-		end
+	local power = iw.txpower(wlanInf)
+	return tostring(power)
+end
+
+-------------------------------------
+-- Return Frequency
+-------------------------------------
+function model.getFreq(radio)
+	local api=iwinfo.type(radio)
+	local iw = iwinfo[api]
+	local freq = iw.frequency(radio)
+	local chan = tonumber(uci.cursor():get("wireless", radio, "channel") or 0)
+	-- 3GHZ channel -> Freq conversion
+	if (chan >= 76 and chan <= 99) then
+		freq = freq - 2000
 	end
 	return tostring(freq)
 end
@@ -241,27 +305,19 @@ end
 -- Return locally hosted services (for sysinfo.json)
 -------------------------------------
 function model.local_services()
-	local filelines={}
-	local lclsrvs={}
-	local lclsrvfile=io.open("/etc/config/services", "r")
-	if lclsrvfile~=nil then
-		for line in lclsrvfile:lines() do
-			table.insert(filelines, line)
+	require("aredn.services")
+	local lclsrvs = {}
+	local _, _, services = aredn.services.get()
+	for _, service in ipairs(services)
+	do
+		local link, protocol, name = service:match("^([^|]*)|(.+)|([^\t]*).*")
+		if link and protocol and name then
+			table.insert(lclsrvs, {
+				name = name,
+				protocol = protocol,
+				link = link
+			})
 		end
-		lclsrvfile:close()
-		for pos,val in pairs(filelines) do
-			local service={}
-			local link,protocol,name = string.match(val,"^([^|]*)|(.+)|([^\t]*).*")
-			if link and protocol and name then
-				service['name']=name
-				service['protocol']=protocol
-				service['link']=link
-				table.insert(lclsrvs, service)
-			end
-		end
-	else
-		service['error']="Cannot read local services file"
-		table.insert(lclsrvs, service)
 	end
 	return lclsrvs
 end
@@ -273,12 +329,10 @@ function model.all_services()
 	local services={}
 	local lines={}
 	local pos, val
-	local hfile=io.open("/var/run/services_olsr","r")
-	if hfile~=nil then
-		for line in hfile:lines() do
-			table.insert(lines,line)
-		end
-		hfile:close()
+	for line in aredn.olsr.getServicesAsLines() do
+		table.insert(lines,line)
+	end
+	if #lines > 0 then
 		for pos,val in pairs(lines) do
 			local service={}
 			local link,protocol,name,ip = string.match(val,"^([^|]*)|(.+)|([^\t]*)\t#(.*)")
@@ -309,15 +363,14 @@ end
 -- Return *All* Hosts
 -------------------------------------
 function model.all_hosts()
+	require("aredn.olsr")
 	local hosts={}
 	local lines={}
 	local pos, val
-	local hfile=io.open("/var/run/hosts_olsr","r")
-	if hfile~=nil then
-		for line in hfile:lines() do
-			table.insert(lines,line)
-		end
-		hfile:close()
+	for line in aredn.olsr.getHostAsLines() do
+		table.insert(lines,line)
+	end
+	if #lines > 0 then
 		for pos,val in pairs(lines) do
 			local host={}
 
@@ -478,6 +531,18 @@ function model.getInterfaceIPAddress(interface)
 	return aredn_uci.getUciConfSectionOption("network",interface,"ipaddr")
 end
 
+-------------------------------------
+-- Returns Interface Netmask
+-- @param interface name of interface 'wifi' | 'lan' | 'wan'
+-------------------------------------
+function model.getInterfaceNetmask(interface)
+	-- special case
+	-- if interface == "wan" then
+	-- 	return getWAN()
+	-- end
+	return aredn_uci.getUciConfSectionOption("network",interface,"netmask")
+end
+
 -------------------------------------
 -- Returns Default Gateway
 -------------------------------------
@@ -542,11 +607,44 @@ end
 -- Returns Mesh gateway setting
 -------------------------------------
 function model.getMeshGatewaySetting()
-	gw=os.capture("cat /etc/config.mesh/_setup|grep olsrd_gw|cut -d'=' -f2|tr -d ' ' ")
-	gw=gw:chomp()
-	return gw
+	return uci.cursor():get("aredn", "@wan[0]", "olsrd_gw") or ""
 end
 
+-------------------------------------
+-- Returns LAN Mode (dmz_mode)
+-------------------------------------
+function model.getLANMode()
+	lm=os.capture("cat /etc/config.mesh/_setup|grep dmz_mode|cut -d'=' -f2|tr -d ' ' ")
+	lm=lm:chomp()
+	return lm
+end
+
+-------------------------------------
+-- is LAN DHCP enabled
+-------------------------------------
+function model.isLANDHCPEnabled()
+	r=os.capture("cat /etc/config.mesh/_setup|grep lan_dhcp|cut -d'=' -f2|tr -d ' ' ")
+	r=r:chomp()
+	if r=="0" then
+		return false
+	else
+		return true
+	end
+end
+
+-------------------------------------
+-- is Mesh olsr gateway enabled
+-------------------------------------
+function model.isMeshGatewayEnabled()
+	local r = model.getMeshGatewaySetting()
+	if r=="0" then
+		return false
+	else
+		return true
+	end
+end
+
+
 -------------------------------------
 -- Get and set NVRAM values
 -------------------------------------
@@ -560,4 +658,8 @@ function model.set_nvram(var, val)
     c:commit("hsmmmesh")
 end
 
+if not aredn then
+    aredn = {}
+end
+aredn.info = model
 return model

files/usr/lib/lua/aredn/log.lua

@@ -42,6 +42,7 @@ function log.open(name, maxsize)
     l.logfile = name
     l.logmax = maxsize
     l.logf = nil
+    l.prefix = nil
     return l
 end
 
@@ -49,7 +50,11 @@ function log:write(str)
     if not self.logf then
         self.logf = io.open(self.logfile, "a")
     end
-    self.logf:write(string.format("%s: %s\n", os.date("%m/%d %H:%M:%S", os.time()), str))
+    local pstr = ""
+    if self.prefix then
+        pstr = self.prefix .. ": "
+    end
+    self.logf:write(string.format("%s: %s%s\n", os.date("%m/%d %H:%M:%S", os.time()), pstr, str))
     if self.logf:seek() > self.logmax then
         self:flush(true)
     end

files/usr/lib/lua/aredn/nav/admin/10status.lua

@@ -0,0 +1 @@
+return { href = "status", display = "Node Status" }

files/usr/lib/lua/aredn/nav/admin/20setup.lua

@@ -0,0 +1 @@
+return { href = "setup", display = "Basic Setup" }

files/usr/lib/lua/aredn/nav/admin/30ports.lua

@@ -0,0 +1 @@
+return { href = "ports", display = "Port Forwarding,<br>DHCP, and Services" }

files/usr/lib/lua/aredn/nav/admin/40vpn.lua

@@ -0,0 +1 @@
+return { href = "vpn", display = "Tunnel<br>Server", enable = nixio.fs.stat("/usr/sbin/vtund") ~= nil }

files/usr/lib/lua/aredn/nav/admin/50vpnc.lua

@@ -0,0 +1 @@
+return { href = "vpnc", display = "Tunnel<br>Client", enable = nixio.fs.stat("/usr/sbin/vtund") ~= nil }

files/usr/lib/lua/aredn/nav/admin/60admin.lua

@@ -0,0 +1 @@
+return { href = "admin", display = "Administration" }

files/usr/lib/lua/aredn/nav/admin/65advancednetwork.lua

@@ -0,0 +1,4 @@
+local board = aredn.hardware.get_board_type()
+if board == "mikrotik,hap-ac2" or board == "mikrotik,hap-ac3" or board == "qemu" or board == "glinet,gl-b1300" or board == "vmware" then
+    return { href = "advancednetwork", display = "Advanced Network" }
+end