From ec20da706ba6456727834ab0dd9b07fdc73b3c79 Mon Sep 17 00:00:00 2001 From: Mohd Husaam Mehdi Date: Wed, 19 Nov 2025 20:48:37 +0530 Subject: [PATCH] netmode: add support for more netmodes * routed-vlan-per-service * routed-mac-per-service * bridged now accepts cvlanid and svlanid for lan and wan --- .../etc/netmodes/bridged/scripts/10-bridged | 99 +++++++- .../routed-dhcp/scripts/10-routed-dhcp | 15 +- .../scripts/10-routed-mac-per-service | 239 ++++++++++++++++++ .../routed-pppoe/scripts/10-routed-pppoe | 15 +- .../routed-static/scripts/10-routed-static | 15 +- .../scripts/10-routed-vlan-per-service | 232 +++++++++++++++++ .../files/etc/netmodes/supported_modes.json | 108 ++++++++ netmode/files/lib/netmode/netmode_helpers.sh | 127 ++++++++++ 8 files changed, 821 insertions(+), 29 deletions(-) create mode 100644 netmode/files/etc/netmodes/routed-mac-per-service/scripts/10-routed-mac-per-service create mode 100644 netmode/files/etc/netmodes/routed-vlan-per-service/scripts/10-routed-vlan-per-service create mode 100644 netmode/files/lib/netmode/netmode_helpers.sh diff --git a/netmode/files/etc/netmodes/bridged/scripts/10-bridged b/netmode/files/etc/netmodes/bridged/scripts/10-bridged index c6f43b026..15b69d840 100644 --- a/netmode/files/etc/netmodes/bridged/scripts/10-bridged +++ b/netmode/files/etc/netmodes/bridged/scripts/10-bridged @@ -2,6 +2,7 @@ . /lib/functions.sh . /usr/share/libubox/jshn.sh +. /lib/netmode/netmode_helpers.sh source "/etc/device_info" @@ -43,6 +44,79 @@ l2_mcast_config() { uci -q commit mcast } +create_vlan_device() { + local ifname="$1" + local vlanid="$2" + local qinq="$3" + local name="" + + if uci -q add network device; then + if [ "$qinq" = "1" ]; then + uci -q set network.@device[-1].type="8021ad" + else + uci -q set network.@device[-1].type="8021q" + fi + name="${ifname}.${vlanid}" + uci -q set network.@device[-1].name="$name" + uci -q set network.@device[-1].ifname="$ifname" + uci -q set network.@device[-1].vid="$vlanid" + + echo "$name" + fi +} + +# if svlanid is present, 8021ad section will be created +# if cvlanid is present, 8021q section will be created +# if both are present, 8021q section will be created on top of 8021ad +# if none are present, ifname will be returned +add_vlan_device() { + local ifname="$1" + local cvlanid="$2" + local svlanid="$3" + local dev_name="$ifname" + + [ -n "$ifname" ] || return + + if [ -n "$svlanid" ]; then + dev_name="$(create_vlan_device "$ifname" "$svlanid" "1")" + fi + if [ -n "$dev_name" ] && [ -n "$cvlanid" ]; then + dev_name="$(create_vlan_device "$dev_name" "$cvlanid" "0")" + fi + + echo "$dev_name" +} + +lanlist_to_ifnames() { + local list="$1" + local out="" + local lan ifname + local idx=0 + + [ -n "$list" ] || { echo ""; return; } + + IFS=',' + for lan in $list; do + # just to be safe + if [ "$idx" -gt 255 ]; then + break + fi + idx="$((idx + 1))" + + ifname="$(uci -q get network.$lan.name)" + [ -n "$ifname" ] || continue + + if [ -z "$out" ]; then + out="$ifname" + else + out="$out,$ifname" + fi + done + unset IFS + + echo "$out" +} + l2_network_config() { logger -s -p user.info -t "netmode" "Generating L2 network configuration" @@ -67,10 +141,29 @@ l2_network_config() { uci -q delete network.br_lan.ports uci -q set network.br_lan.bridge_empty='1' + # delete interfaces apart from lan, lan6, wan, wan6 + delete_extra_interfaces + # delete existing vlan and macvlan sections to prevent clashes + delete_vlan_and_macvlan_sections + + # convert LAN1,LAN2,LAN3 to eth1,eth2,eth3 + converted_port_list="$(lanlist_to_ifnames "$NETMODE_port_list")" + add_port_to_br_lan() { port="$1" [ -n "$port" -a -d /sys/class/net/$port ] || continue - uci add_list network.br_lan.ports="$port" + + if [ -n "$converted_port_list" ]; then + # Check if $port appears as an exact item in comma-separated converted_port_list + case ",$converted_port_list," in + *,"$port",*) ;; # match , do nothing + *) continue ;; # no match , skip this port + esac + fi + + # get the vlan device name from port name + device_name="$(add_vlan_device "$port" "$NETMODE_lan_cvlanid" "$NETMODE_lan_svlanid")" + uci add_list network.br_lan.ports="$device_name" } if [ -f /etc/board.json ]; then @@ -86,7 +179,9 @@ l2_network_config() { json_select .. json_select wan 2>/dev/null json_get_var device device - [ -n "$device" ] && uci add_list network.br_lan.ports="$device" + # get the vlan device name from port name + device_name="$(add_vlan_device "$device" "$NETMODE_wan_cvlanid" "$NETMODE_wan_svlanid")" + [ -n "$device_name" ] && uci add_list network.br_lan.ports="$device_name" json_cleanup fi diff --git a/netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp b/netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp index bd00e87eb..ad2eec2f3 100644 --- a/netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp +++ b/netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp @@ -2,21 +2,18 @@ . /lib/functions.sh . /usr/share/libubox/jshn.sh +. /lib/netmode/netmode_helpers.sh source "/etc/device_info" -l3_mcast_config() { - # configure L3 mcast config - logger -s -p user.info -t "netmode" "Generating L3 mcast configuration" - - rm -f /etc/config/mcast - sh /rom/etc/uci-defaults/61-mcast_config_generate - uci -q commit mcast -} - l3_network_config() { logger -s -p user.info -t "netmode" "Generating L3 network configuration" + # delete interfaces apart from lan, lan6, wan, wan6 + delete_extra_interfaces + # delete existing vlan and macvlan sections to prevent clashes + delete_vlan_and_macvlan_sections + wandev="$(uci -q get network.WAN.ifname)" # Configure L3 Network Mode diff --git a/netmode/files/etc/netmodes/routed-mac-per-service/scripts/10-routed-mac-per-service b/netmode/files/etc/netmodes/routed-mac-per-service/scripts/10-routed-mac-per-service new file mode 100644 index 000000000..61b392c65 --- /dev/null +++ b/netmode/files/etc/netmodes/routed-mac-per-service/scripts/10-routed-mac-per-service @@ -0,0 +1,239 @@ +#!/bin/sh + +. /lib/functions.sh +. /usr/share/libubox/jshn.sh +. /lib/netmode/netmode_helpers.sh + +source "/etc/device_info" + +INET_IFACE="wan" +INET_IFACE6="wan6" + +IPTV_IFACE="iptv_iface" +IPTV_IFACE6="iptv_iface6" + +MGMT_IFACE="mgmt_iface" +MGMT_IFACE6="mgmt_iface6" + +IPTV_DEV="" + +create_macvlan_dev() { + local ifname="$1" + local mac_addr="$2" + local iface_name="$3" + + if [ -z "$ifname" ] || [ -z "$mac_addr" ] || [ -z "$iface_name" ]; then + return + fi + + local name="${ifname}_${iface_name}" + + uci -q set network.mac_${iface_name}=device + uci -q set network.mac_${iface_name}.type="macvlan" + uci -q set network.mac_${iface_name}.name="$name" + uci -q set network.mac_${iface_name}.ifname="$ifname" + uci -q set network.mac_${iface_name}.macaddr=$mac_addr + + echo "$name" +} + +create_vlan_interface() { + local iface_name="$1" + local ifname="$2" + local mac_addr="$3" + local defaultroute="$4" + local mgmt="$5" + local device iface_name6 + + if [ -z "$iface_name" ] || [ -z "$ifname" ]; then + return + fi + + # if not mgmt iface, then mac_addr is mandatory + if [ -n "$mac_addr" ]; then + device="$(create_macvlan_dev "$ifname" "$mac_addr" "$iface_name")" + elif [ "$mgmt" = "1" ]; then + device="$ifname" + else + logger -p err -t netmode "No mac address provided, skipping: $iface_name" + return + fi + + if [ -n "$device" ]; then + uci -q set network.$iface_name=interface + uci -q set network.$iface_name.proto="dhcp" + uci -q set network.$iface_name.device="$device" + uci -q set network.$iface_name.defaultroute="$defaultroute" + uci -q set network.$iface_name.reqopts="43" + + iface_name6="${iface_name}6" + uci -q set network.$iface_name6=interface + uci -q set network.$iface_name6.proto="dhcpv6" + uci -q set network.$iface_name6.device="$device" + fi +} + +l3_dhcp_config() { + # Enable DHCP Server + uci -q set dhcp.lan.ignore=0 + uci -q set dhcp.wan.ignore=1 + uci -q set dhcp.$IPTV_IFACE=dhcp + uci -q set dhcp.$IPTV_IFACE.interface="$IPTV_IFACE" + uci -q set dhcp.$IPTV_IFACE.ignore=1 + uci -q set dhcp.$MGMT_IFACE=dhcp + uci -q set dhcp.$MGMT_IFACE.interface="$MGMT_IFACE" + uci -q set dhcp.$MGMT_IFACE.ignore=1 + uci -q commit dhcp + /etc/init.d/odhcpd enable +} + +l3_network_config() { + logger -s -p user.info -t "netmode" "Generating L3 network configuration" + + # delete interfaces apart from lan, lan6, wan, wan6 + delete_extra_interfaces + # delete existing vlan and macvlan sections to prevent clashes + delete_vlan_and_macvlan_sections + + local wandev="$(uci -q get network.WAN.ifname)" + local new_wandev="$wandev" + + # Configure L3 Network Mode + uci -q set network.lan=interface + uci -q set network.lan.device='br-lan' + uci -q set network.lan.proto='static' + uci -q set network.lan.ipaddr='192.168.1.1' + uci -q set network.lan.netmask='255.255.255.0' + uci -q set network.lan.ip6assign='60' + uci -q delete network.lan.vendorid + uci -q delete network.lan.clientid + uci -q delete network.lan.reqopts + uci -q delete network.lan.sendopts + + uci -q delete network.lan6 + + uci -q delete network.wan.disabled + uci -q delete network.wan.username + uci -q delete network.wan.password + uci -q delete network.wan.ipaddr + uci -q delete network.wan.gateway + uci -q delete network.wan.netmask + + uci -q delete network.wan6.disabled + + # since inet_iface is supposed to have defaultroute set to 1, all traffic will flow through it + # so using the default wan interface as inet_iface, as it is used as the default everywhere on the + # system, for example by other daemons etc. + # inet_wan = wan + # mgmt_wan = mgmt_wan + # iptv_wan = iptv_wan + create_vlan_interface "$MGMT_IFACE" "$wandev" "$NETMODE_mgmt_mac_addr" "0" "1" + create_vlan_interface "$INET_IFACE" "$wandev" "$NETMODE_inet_mac_addr" "1" "0" + create_vlan_interface "$IPTV_IFACE" "$wandev" "$NETMODE_iptv_mac_addr" "0" "0" + IPTV_DEV="$wandev.$NETMODE_iptv_mac_addr" + #TODO voice? + + [ -n "$NETMODE_mtu" ] && uci -q set network.WAN.mtu="$NETMODE_mtu" + + uci -q delete network.wan.dns + if [ -n "$NETMODE_dns_servers" ]; then + dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')" + for server in $dns_servers; do + uci -q add_list network.wan.dns=$server + done + fi + + uci -q delete network.br_lan.ports + uci -q set network.br_lan.bridge_empty='1' + + add_port_to_br_lan() { + port="$1" + [ -n "$port" -a -d /sys/class/net/$port ] || continue + uci add_list network.br_lan.ports="$port" + } + + if [ -f /etc/board.json ]; then + json_load_file /etc/board.json + json_select network + json_select lan + if json_is_a ports array; then + json_for_each_item add_port_to_br_lan ports + else + json_get_var device device + [ -n "$device" ] && uci add_list network.br_lan.ports="$device" + fi + json_select .. + json_cleanup + fi + + uci -q commit network +} + +l3_misc_config() { + # Enable SSDPD + uci -q set ssdpd.ssdp.enabled="1" + uci -q commit ssdpd + + # Update CWMP Agent WAN Interface + uci -q set cwmp.cpe.default_wan_interface="wan" + uci -q commit cwmp + + # Update gateway WAN Interface + uci -q set gateway.global.wan_interface="wan" + uci -q commit gateway +} + +l3_firewall_config() { + # iptv_iface is for iptv + # wan interface is for internet + # mgmt_iface is for mgmt + # + # so service zone will have iptv_iface and wan_iface interface + # so management zone will have mgmt_iface + local iface + local firewall_file="/etc/config/firewall" + + # Check if the file exists + if [ ! -f "$firewall_file" ]; then + echo "Error: $firewall_file does not exist." + return 1 + fi + + logger -s -p user.info -t "netmode" "Configuring firewall" + + # Check if 'mgmt' zone already exists to avoid duplicates + if grep -q "config zone 'mgmt'" "$firewall_file"; then + echo "Firewall zone 'mgmt' already exists. Skipping append." + return 0 + fi + + uci -q set firewall.globals.enabled="1" + + # iptv and inet interfaces replace existing wan interface in the firewall + # as for mgmt, a separate zone will be created below, because lan traffic + # is not forwarded to mgmt + uci -q set firewall.wan.network="" + for iface in "$INET_IFACE" "$INET_IFACE6" "$IPTV_IFACE" "$IPTV_IFACE6"; do + uci -q add_list firewall.wan.network="$iface" + done + + append_mgmt_firewall_config + + uci -q commit firewall +} + +l3_network_config +l3_dhcp_config +l3_mcast_config "$IPTV_DEV" +l3_firewall_config +l3_misc_config + +# If device is already boot-up, assume netmode changed during runtime +if [ -f /var/run/boot_complete ]; then + /etc/init.d/odhcpd restart 2>/dev/null + for config in network dhcp ssdpd cwmp gateway firewall mcast; do + ubus call uci commit "{\"config\":\"$config\"}" + sleep 1 + done +fi + diff --git a/netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe b/netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe index afc834a0e..ac75fce6e 100644 --- a/netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe +++ b/netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe @@ -2,21 +2,18 @@ . /lib/functions.sh . /usr/share/libubox/jshn.sh +. /lib/netmode/netmode_helpers.sh source "/etc/device_info" -l3_mcast_config() { - # configure L3 mcast config - logger -s -p user.info -t "netmode" "Generating L3 mcast configuration" - - rm -f /etc/config/mcast - sh /rom/etc/uci-defaults/61-mcast_config_generate - uci -q commit mcast -} - l3_network_pppoe_config() { logger -s -p user.info -t "netmode" "Generating L3 network configuration" + # delete interfaces apart from lan, lan6, wan, wan6 + delete_extra_interfaces + # delete existing vlan and macvlan sections to prevent clashes + delete_vlan_and_macvlan_sections + wandev="$(uci -q get network.WAN.ifname)" # Configure L3 Network Mode diff --git a/netmode/files/etc/netmodes/routed-static/scripts/10-routed-static b/netmode/files/etc/netmodes/routed-static/scripts/10-routed-static index 910145311..a0dcb9a12 100644 --- a/netmode/files/etc/netmodes/routed-static/scripts/10-routed-static +++ b/netmode/files/etc/netmodes/routed-static/scripts/10-routed-static @@ -2,21 +2,18 @@ . /lib/functions.sh . /usr/share/libubox/jshn.sh +. /lib/netmode/netmode_helpers.sh source "/etc/device_info" -l3_mcast_config() { - # configure L3 mcast config - logger -s -p user.info -t "netmode" "Generating L3 mcast configuration" - - rm -f /etc/config/mcast - sh /rom/etc/uci-defaults/61-mcast_config_generate - uci -q commit mcast -} - l3_network_config() { logger -s -p user.info -t "netmode" "Generating L3 network configuration" + # delete interfaces apart from lan, lan6, wan, wan6 + delete_extra_interfaces + # delete existing vlan and macvlan sections to prevent clashes + delete_vlan_and_macvlan_sections + wandev="$(uci -q get network.WAN.ifname)" # Configure L3 Network Mode diff --git a/netmode/files/etc/netmodes/routed-vlan-per-service/scripts/10-routed-vlan-per-service b/netmode/files/etc/netmodes/routed-vlan-per-service/scripts/10-routed-vlan-per-service new file mode 100644 index 000000000..2907cff39 --- /dev/null +++ b/netmode/files/etc/netmodes/routed-vlan-per-service/scripts/10-routed-vlan-per-service @@ -0,0 +1,232 @@ +#!/bin/sh + +. /lib/functions.sh +. /usr/share/libubox/jshn.sh +. /lib/netmode/netmode_helpers.sh + +source "/etc/device_info" + +INET_IFACE="wan" +INET_IFACE6="wan6" + +IPTV_IFACE="iptv_iface" +IPTV_IFACE6="iptv_iface6" + +MGMT_IFACE="mgmt_iface" +MGMT_IFACE6="mgmt_iface6" + +IPTV_DEV="" + +create_vlan_dev() { + local ifname="$1" + local vlanid="$2" + + if [ -z "$ifname" ] || [ -z "$vlanid" ]; then + return + fi + + local name="$ifname.$vlanid" + + uci -q set network.vlan_${vlanid}=device + uci -q set network.vlan_${vlanid}.type="8021q" + uci -q set network.vlan_${vlanid}.name="$name" + uci -q set network.vlan_${vlanid}.ifname="$ifname" + uci -q set network.vlan_${vlanid}.vid=$vlanid + + echo "$name" +} + +create_vlan_interface() { + local iface_name="$1" + local ifname="$2" + local vlanid="$3" + local defaultroute="$4" + local mgmt="$5" + local device iface_name6 + + if [ -z "$iface_name" ] || [ -z "$ifname" ]; then + return + fi + + # if not mgmt iface, then vlanid is mandatory + if [ -n "$vlanid" ]; then + device="$(create_vlan_dev "$ifname" "$vlanid")" + elif [ "$mgmt" = "1" ]; then + device="$ifname" + else + return + fi + + if [ -n "$device" ]; then + uci -q set network.$iface_name=interface + uci -q set network.$iface_name.proto="dhcp" + uci -q set network.$iface_name.device="$device" + uci -q set network.$iface_name.defaultroute="$defaultroute" + uci -q set network.$iface_name.reqopts="43" + + iface_name6="${iface_name}6" + uci -q set network.$iface_name6=interface + uci -q set network.$iface_name6.proto="dhcpv6" + uci -q set network.$iface_name6.device="$device" + fi +} + +l3_dhcp_config() { + # Enable DHCP Server + uci -q set dhcp.lan.ignore=0 + uci -q set dhcp.wan.ignore=1 + uci -q set dhcp.$IPTV_IFACE=dhcp + uci -q set dhcp.$IPTV_IFACE.interface="$IPTV_IFACE" + uci -q set dhcp.$IPTV_IFACE.ignore=1 + uci -q set dhcp.$MGMT_IFACE=dhcp + uci -q set dhcp.$MGMT_IFACE.interface="$MGMT_IFACE" + uci -q set dhcp.$MGMT_IFACE.ignore=1 + uci -q commit dhcp + /etc/init.d/odhcpd enable +} + +l3_network_config() { + logger -s -p user.info -t "netmode" "Generating L3 network configuration" + + local wandev="$(uci -q get network.WAN.ifname)" + local new_wandev="$wandev" + + # Configure L3 Network Mode + uci -q set network.lan=interface + uci -q set network.lan.device='br-lan' + uci -q set network.lan.proto='static' + uci -q set network.lan.ipaddr='192.168.1.1' + uci -q set network.lan.netmask='255.255.255.0' + uci -q set network.lan.ip6assign='60' + uci -q delete network.lan.vendorid + uci -q delete network.lan.clientid + uci -q delete network.lan.reqopts + uci -q delete network.lan.sendopts + + uci -q delete network.lan6 + + uci -q delete network.wan.disabled + uci -q delete network.wan.username + uci -q delete network.wan.password + uci -q delete network.wan.ipaddr + uci -q delete network.wan.gateway + uci -q delete network.wan.netmask + + uci -q delete network.wan6.disabled + + # since inet_iface is supposed to have defaultroute set to 1, all traffic will flow through it + # so using the default wan interface as inet_iface, as it is used as the default everywhere on the + # system + # inet_wan = wan + # mgmt_wan = mgmt_wan + # iptv_wan = iptv_wan + create_vlan_interface "$MGMT_IFACE" "$wandev" "$NETMODE_mgmt_vlanid" "0" "1" + create_vlan_interface "$INET_IFACE" "$wandev" "$NETMODE_inet_vlanid" "1" "0" + create_vlan_interface "$IPTV_IFACE" "$wandev" "$NETMODE_iptv_vlanid" "0" "0" + IPTV_DEV="$wandev.$NETMODE_iptv_vlanid" + #TODO voice? + + [ -n "$NETMODE_mtu" ] && uci -q set network.WAN.mtu="$NETMODE_mtu" + + uci -q delete network.wan.dns + if [ -n "$NETMODE_dns_servers" ]; then + dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')" + for server in $dns_servers; do + uci -q add_list network.wan.dns=$server + done + fi + + uci -q delete network.br_lan.ports + uci -q set network.br_lan.bridge_empty='1' + + add_port_to_br_lan() { + port="$1" + [ -n "$port" -a -d /sys/class/net/$port ] || continue + uci add_list network.br_lan.ports="$port" + } + + if [ -f /etc/board.json ]; then + json_load_file /etc/board.json + json_select network + json_select lan + if json_is_a ports array; then + json_for_each_item add_port_to_br_lan ports + else + json_get_var device device + [ -n "$device" ] && uci add_list network.br_lan.ports="$device" + fi + json_select .. + json_cleanup + fi + + uci -q commit network +} + +l3_misc_config() { + # Enable SSDPD + uci -q set ssdpd.ssdp.enabled="1" + uci -q commit ssdpd + + # Update CWMP Agent WAN Interface + uci -q set cwmp.cpe.default_wan_interface="wan" + uci -q commit cwmp + + # Update gateway WAN Interface + uci -q set gateway.global.wan_interface="wan" + uci -q commit gateway +} + +l3_firewall_config() { + # iptv_iface is for iptv + # wan interface is for internet + # mgmt_iface is for mgmt + # + # so service zone will have iptv_iface and wan_iface interface + # so management zone will have mgmt_iface + local iface + local firewall_file="/etc/config/firewall" + + # Check if the file exists + if [ ! -f "$firewall_file" ]; then + echo "Error: $firewall_file does not exist." + return 1 + fi + + logger -s -p user.info -t "netmode" "Configuring firewall" + + # Check if 'mgmt' zone already exists to avoid duplicates + if grep -q "config zone 'mgmt'" "$firewall_file"; then + echo "Firewall zone 'mgmt' already exists. Skipping append." + return 0 + fi + + uci -q set firewall.globals.enabled="1" + + # iptv and inet interfaces replace existing wan interface in the firewall + # as for mgmt, a separate zone will be created below, because lan traffic + # is not forwarded to mgmt + uci -q set firewall.wan.network="" + for iface in "$INET_IFACE" "$INET_IFACE6" "$IPTV_IFACE" "$IPTV_IFACE6"; do + uci -q add_list firewall.wan.network="$iface" + done + + append_mgmt_firewall_config + + uci -q commit firewall +} + +l3_network_config +l3_dhcp_config +l3_mcast_config "$IPTV_DEV" +l3_firewall_config +l3_misc_config + +# If device is already boot-up, assume netmode changed during runtime +if [ -f /var/run/boot_complete ]; then + /etc/init.d/odhcpd restart 2>/dev/null + for config in network dhcp ssdpd cwmp gateway firewall mcast; do + ubus call uci commit "{\"config\":\"$config\"}" + sleep 1 + done +fi + diff --git a/netmode/files/etc/netmodes/supported_modes.json b/netmode/files/etc/netmodes/supported_modes.json index c2d51d439..e97f5fb72 100644 --- a/netmode/files/etc/netmodes/supported_modes.json +++ b/netmode/files/etc/netmodes/supported_modes.json @@ -95,6 +95,114 @@ "type": "string" } ] + }, + { + "name": "bridged", + "description": "Bridged mode with optional VLAN and Q-in-Q support, the bridge will have a DHCP v4 and v6 client", + "supported_args": [ + { + "name": "lan_cvlanid", + "description": "LAN CVLAN ID, if present, 8021q set up will be done for LAN ports with this VID", + "required": false, + "type": "integer" + }, + { + "name": "lan_svlanid", + "description": "LAN SVLAN ID, if present, 8021ad set up will be done for LAN ports with this VID", + "required": false, + "type": "integer" + }, + { + "name": "wan_cvlanid", + "description": "WAN CVLAN ID, if present, 8021q set up will be done for WAN port with this VID", + "required": false, + "type": "integer" + }, + { + "name": "wan_svlanid", + "description": "WAN SVLAN ID, if present, 8021ad set up will be done for WAN port with this VID", + "required": false, + "type": "integer" + }, + { + "name": "port_list", + "description": "LAN ports that will be bridged with wan, example: 'LAN1,LAN2', unset value means all ports", + "required": false, + "type": "string" + } + ] + }, + { + "name": "routed-vlan-per-service", + "description": "routed configuration with separate vlans for internet and iptv", + "supported_args": [ + { + "name": "inet_vlanid", + "description": "Internet VLAN ID", + "required": true, + "type": "integer" + }, + { + "name": "iptv_vlanid", + "description": "IPTV VLAN ID", + "required": true, + "type": "integer" + }, + { + "name": "mgmt_vlanid", + "description": "Management VLAN ID", + "required": false, + "type": "integer" + }, + { + "name": "dns_servers", + "description": "DNS Servers", + "required": false, + "type": "string" + }, + { + "name": "mtu", + "description": "MTU", + "required": false, + "type": "integer" + } + ] + }, + { + "name": "routed-mac-per-service", + "description": "routed configuration with separate macvlans for internet and iptv", + "supported_args": [ + { + "name": "inet_mac_addr", + "description": "Internet MAC Address", + "required": true, + "type": "string" + }, + { + "name": "iptv_mac_addr", + "description": "IPTV MAC Address", + "required": true, + "type": "string" + }, + { + "name": "mgmt_mac_addr", + "description": "Management MAC Address", + "required": false, + "type": "string" + }, + { + "name": "dns_servers", + "description": "DNS Servers", + "required": false, + "type": "string" + }, + { + "name": "mtu", + "description": "MTU", + "required": false, + "type": "integer" + } + ] } ] } diff --git a/netmode/files/lib/netmode/netmode_helpers.sh b/netmode/files/lib/netmode/netmode_helpers.sh new file mode 100644 index 000000000..68f6239a4 --- /dev/null +++ b/netmode/files/lib/netmode/netmode_helpers.sh @@ -0,0 +1,127 @@ +append_mgmt_firewall_config() { + # Append the configuration block + cat <<'EOF' >> "$firewall_file" + +config zone 'mgmt' + option name 'mgmt' + list network 'mgmt_iface' + list network 'mgmt_iface6' + option input 'REJECT' + option output 'ACCEPT' + option forward 'REJECT' + option mtu_fix '1' + +config rule + option name 'Allow-DHCP-Renew' + option src 'mgmt' + option proto 'udp' + option dest_port '68' + option target 'ACCEPT' + option family 'ipv4' + +config rule + option name 'Allow-Ping' + option src 'mgmt' + option proto 'icmp' + option icmp_type 'echo-request' + option family 'ipv4' + option target 'ACCEPT' + +config rule + option name 'Allow-IGMP' + option src 'mgmt' + option proto 'igmp' + option family 'ipv4' + option target 'ACCEPT' + +config rule + option name 'Allow-DHCPv6' + option src 'mgmt' + option proto 'udp' + option dest_port '546' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-MLD' + option src 'mgmt' + option proto 'icmp' + option src_ip 'fe80::/10' + list icmp_type '130/0' + list icmp_type '131/0' + list icmp_type '132/0' + list icmp_type '143/0' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-ICMPv6-Input' + option src 'mgmt' + option proto 'icmp' + list icmp_type 'echo-request' + list icmp_type 'echo-reply' + list icmp_type 'destination-unreachable' + list icmp_type 'packet-too-big' + list icmp_type 'time-exceeded' + list icmp_type 'bad-header' + list icmp_type 'unknown-header-type' + list icmp_type 'router-solicitation' + list icmp_type 'neighbour-solicitation' + list icmp_type 'router-advertisement' + list icmp_type 'neighbour-advertisement' + option limit '1000/sec' + option family 'ipv6' + option target 'ACCEPT' +EOF + + echo "Firewall configuration for 'mgmt' zone appended successfully." +} + +l3_mcast_config() { + # configure L3 mcast config + local iptv_dev="$1" + + logger -p user.info -t "netmode" "Generating L3 mcast configuration" + + rm -f /etc/config/mcast + sh /rom/etc/uci-defaults/61-mcast_config_generate + + if [ -n "$iptv_dev" ]; then + uci -q set mcast.mc_proxy_MLD.upstream_interface="$iptv_dev" + uci -q set mcast.igmp_proxy_1.upstream_interface="$iptv_dev" + fi + + uci -q commit mcast +} + +# deletes all interfaces except lan, lan6, wan and wan6 +delete_extra_interfaces() { + local sect + + # Extract all interface section names and iterate + for sect in $(uci -X show network | grep -F '=interface' | cut -d '.' -f2 | cut -d '=' -f1); do + case "$sect" in + lan|lan6|wan|wan6) + echo "Skipping reserved interface: network.$sect" + continue + ;; + esac + + echo "Deleting interface section: network.$sect" + uci -q delete network.$sect + done + + uci -q commit network +} + +delete_vlan_and_macvlan_sections() { + local sect + + # Extract all vlan device section names and iterate + for sect in $(uci -X show network | grep -E '8021q|8021ad|macvlan' | cut -d '.' -f 2); do + echo "Deleting device section: network.$sect" + uci -q delete network.$sect + done + + uci -q commit network +}