netmode: add support for more netmodes

* routed-vlan-per-service
* routed-mac-per-service
* bridged now accepts cvlanid and svlanid for lan and wan

netmode/files/etc/netmodes/bridged/scripts/10-bridged

@@ -2,6 +2,7 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/netmode/netmode_helpers.sh
 
 source "/etc/device_info"
 
@@ -43,6 +44,79 @@ l2_mcast_config() {
 	uci -q commit mcast
 }
 
+create_vlan_device() {
+	local ifname="$1"
+	local vlanid="$2"
+	local qinq="$3"
+	local name=""
+	
+	if uci -q add network device; then
+		if [ "$qinq" = "1" ]; then
+			uci -q set network.@device[-1].type="8021ad"
+		else
+			uci -q set network.@device[-1].type="8021q"
+		fi
+		name="${ifname}.${vlanid}"
+		uci -q set network.@device[-1].name="$name"
+		uci -q set network.@device[-1].ifname="$ifname"
+		uci -q set network.@device[-1].vid="$vlanid"
+
+		echo "$name"
+	fi
+}
+
+# if svlanid is present, 8021ad section will be created
+# if cvlanid is present, 8021q section will be created
+# if both are present, 8021q section will be created on top of 8021ad
+# if none are present, ifname will be returned
+add_vlan_device() {
+	local ifname="$1"
+	local cvlanid="$2"
+	local svlanid="$3"
+	local dev_name="$ifname"
+
+	[ -n "$ifname" ] || return
+
+	if [ -n "$svlanid" ]; then
+		dev_name="$(create_vlan_device "$ifname" "$svlanid" "1")"
+	fi
+	if [ -n "$dev_name" ] && [ -n "$cvlanid" ]; then
+		dev_name="$(create_vlan_device "$dev_name" "$cvlanid" "0")"
+	fi
+
+	echo "$dev_name"
+}
+
+lanlist_to_ifnames() {
+	local list="$1"
+	local out=""
+	local lan ifname
+	local idx=0
+
+	[ -n "$list" ] || { echo ""; return; }
+
+	IFS=','
+	for lan in $list; do
+		# just to be safe
+		if [ "$idx" -gt 255 ]; then
+			break
+		fi
+		idx="$((idx + 1))"
+
+		ifname="$(uci -q get network.$lan.name)"
+		[ -n "$ifname" ] || continue
+
+		if [ -z "$out" ]; then
+			out="$ifname"
+		else
+			out="$out,$ifname"
+		fi
+	done
+	unset IFS
+
+	echo "$out"
+}
+
 l2_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L2 network configuration"
 
@@ -67,10 +141,29 @@ l2_network_config() {
 	uci -q delete network.br_lan.ports
 	uci -q set network.br_lan.bridge_empty='1'
 
+	# delete interfaces apart from lan, lan6, wan, wan6
+	delete_extra_interfaces
+	# delete existing vlan and macvlan sections to prevent clashes
+	delete_vlan_and_macvlan_sections
+
+	# convert LAN1,LAN2,LAN3 to eth1,eth2,eth3
+	converted_port_list="$(lanlist_to_ifnames "$NETMODE_port_list")"
+
 	add_port_to_br_lan() {
 		port="$1"
 		[ -n "$port" -a -d /sys/class/net/$port ] || continue
-		uci add_list network.br_lan.ports="$port"
+
+		if [ -n "$converted_port_list" ]; then
+			# Check if $port appears as an exact item in comma-separated converted_port_list
+			case ",$converted_port_list," in
+				*,"$port",*) ;;        # match , do nothing
+				*) continue ;;         # no match , skip this port
+			esac
+		fi
+
+		# get the vlan device name from port name
+		device_name="$(add_vlan_device "$port" "$NETMODE_lan_cvlanid" "$NETMODE_lan_svlanid")"
+		uci add_list network.br_lan.ports="$device_name"
 	}
 
 	if [ -f /etc/board.json ]; then
@@ -86,7 +179,9 @@ l2_network_config() {
 		json_select ..
 		json_select wan 2>/dev/null
 		json_get_var device device
-		[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		# get the vlan device name from port name
+		device_name="$(add_vlan_device "$device" "$NETMODE_wan_cvlanid" "$NETMODE_wan_svlanid")"
+		[ -n "$device_name" ] && uci add_list network.br_lan.ports="$device_name"
 		json_cleanup
 	fi
 

netmode/files/etc/netmodes/routed-dhcp/scripts/10-routed-dhcp

@@ -2,21 +2,18 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/netmode/netmode_helpers.sh
 
 source "/etc/device_info"
 
-l3_mcast_config() {
-	# configure L3 mcast config
-	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
-
-	rm -f /etc/config/mcast
-	sh /rom/etc/uci-defaults/61-mcast_config_generate
-	uci -q commit mcast
-}
-
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	# delete interfaces apart from lan, lan6, wan, wan6
+	delete_extra_interfaces
+	# delete existing vlan and macvlan sections to prevent clashes
+	delete_vlan_and_macvlan_sections
+
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode

netmode/files/etc/netmodes/routed-mac-per-service/scripts/10-routed-mac-per-service

@@ -0,0 +1,239 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+. /lib/netmode/netmode_helpers.sh
+
+source "/etc/device_info"
+
+INET_IFACE="wan"
+INET_IFACE6="wan6"
+
+IPTV_IFACE="iptv_iface"
+IPTV_IFACE6="iptv_iface6"
+
+MGMT_IFACE="mgmt_iface"
+MGMT_IFACE6="mgmt_iface6"
+
+IPTV_DEV=""
+
+create_macvlan_dev() {
+	local ifname="$1"
+	local mac_addr="$2"
+	local iface_name="$3"
+
+	if [ -z "$ifname" ] || [ -z "$mac_addr" ] || [ -z "$iface_name" ]; then
+		return
+	fi
+
+	local name="${ifname}_${iface_name}"
+
+	uci -q set network.mac_${iface_name}=device
+	uci -q set network.mac_${iface_name}.type="macvlan"
+	uci -q set network.mac_${iface_name}.name="$name"
+	uci -q set network.mac_${iface_name}.ifname="$ifname"
+	uci -q set network.mac_${iface_name}.macaddr=$mac_addr
+
+	echo "$name"
+}
+
+create_vlan_interface() {
+	local iface_name="$1"
+	local ifname="$2"
+	local mac_addr="$3"
+	local defaultroute="$4"
+	local mgmt="$5"
+	local device iface_name6
+
+	if [ -z "$iface_name" ] || [ -z "$ifname" ]; then
+		return
+	fi
+
+	# if not mgmt iface, then mac_addr is mandatory
+	if [ -n "$mac_addr" ]; then
+		device="$(create_macvlan_dev "$ifname" "$mac_addr" "$iface_name")"
+	elif [ "$mgmt" = "1" ]; then
+		device="$ifname"
+	else
+		logger -p err -t netmode "No mac address provided, skipping: $iface_name"
+		return
+	fi
+
+	if [ -n "$device" ]; then
+		uci -q set network.$iface_name=interface
+		uci -q set network.$iface_name.proto="dhcp"
+		uci -q set network.$iface_name.device="$device"
+		uci -q set network.$iface_name.defaultroute="$defaultroute"
+		uci -q set network.$iface_name.reqopts="43"
+
+		iface_name6="${iface_name}6"
+		uci -q set network.$iface_name6=interface
+		uci -q set network.$iface_name6.proto="dhcpv6"
+		uci -q set network.$iface_name6.device="$device"
+	fi
+}
+
+l3_dhcp_config() {
+	# Enable DHCP Server
+	uci -q set dhcp.lan.ignore=0
+	uci -q set dhcp.wan.ignore=1
+	uci -q set dhcp.$IPTV_IFACE=dhcp
+	uci -q set dhcp.$IPTV_IFACE.interface="$IPTV_IFACE"
+	uci -q set dhcp.$IPTV_IFACE.ignore=1
+	uci -q set dhcp.$MGMT_IFACE=dhcp
+	uci -q set dhcp.$MGMT_IFACE.interface="$MGMT_IFACE"
+	uci -q set dhcp.$MGMT_IFACE.ignore=1
+	uci -q commit dhcp
+	/etc/init.d/odhcpd enable
+}
+
+l3_network_config() {
+	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
+
+	# delete interfaces apart from lan, lan6, wan, wan6
+	delete_extra_interfaces
+	# delete existing vlan and macvlan sections to prevent clashes
+	delete_vlan_and_macvlan_sections
+
+	local wandev="$(uci -q get network.WAN.ifname)"
+	local new_wandev="$wandev"
+
+	# Configure L3 Network Mode
+	uci -q set network.lan=interface
+	uci -q set network.lan.device='br-lan'
+	uci -q set network.lan.proto='static'
+	uci -q set network.lan.ipaddr='192.168.1.1'
+	uci -q set network.lan.netmask='255.255.255.0'
+	uci -q set network.lan.ip6assign='60'
+	uci -q delete network.lan.vendorid
+	uci -q delete network.lan.clientid
+	uci -q delete network.lan.reqopts
+	uci -q delete network.lan.sendopts
+
+	uci -q delete network.lan6
+
+	uci -q delete network.wan.disabled
+	uci -q delete network.wan.username
+	uci -q delete network.wan.password
+	uci -q delete network.wan.ipaddr
+	uci -q delete network.wan.gateway
+	uci -q delete network.wan.netmask
+
+	uci -q delete network.wan6.disabled
+
+	# since inet_iface is supposed to have defaultroute set to 1, all traffic will flow through it
+	# so using the default wan interface as inet_iface, as it is used as the default everywhere on the
+	# system, for example by other daemons etc.
+	# inet_wan = wan
+	# mgmt_wan = mgmt_wan
+	# iptv_wan = iptv_wan
+	create_vlan_interface "$MGMT_IFACE" "$wandev" "$NETMODE_mgmt_mac_addr" "0" "1"
+	create_vlan_interface "$INET_IFACE" "$wandev" "$NETMODE_inet_mac_addr" "1" "0"
+	create_vlan_interface "$IPTV_IFACE" "$wandev" "$NETMODE_iptv_mac_addr" "0" "0"
+	IPTV_DEV="$wandev.$NETMODE_iptv_mac_addr"
+	#TODO voice?
+
+	[ -n "$NETMODE_mtu" ] && uci -q set network.WAN.mtu="$NETMODE_mtu"
+
+	uci -q delete network.wan.dns
+	if [ -n "$NETMODE_dns_servers" ]; then
+		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
+		for server in $dns_servers; do
+		    uci -q add_list network.wan.dns=$server
+		done
+	fi
+
+	uci -q delete network.br_lan.ports
+	uci -q set network.br_lan.bridge_empty='1'
+
+	add_port_to_br_lan() {
+		port="$1"
+		[ -n "$port" -a -d /sys/class/net/$port ] || continue
+		uci add_list network.br_lan.ports="$port"
+	}
+
+	if [ -f /etc/board.json ]; then
+		json_load_file /etc/board.json
+		json_select network
+		json_select lan
+		if json_is_a ports array; then
+			json_for_each_item add_port_to_br_lan ports
+		else
+			json_get_var device device
+			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		fi
+		json_select ..
+		json_cleanup
+	fi
+
+	uci -q commit network
+}
+
+l3_misc_config() {
+	# Enable SSDPD
+	uci -q set ssdpd.ssdp.enabled="1"
+	uci -q commit ssdpd
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="wan"
+	uci -q commit cwmp
+
+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="wan"
+	uci -q commit gateway
+}
+
+l3_firewall_config() {
+	# iptv_iface is for iptv
+	# wan interface is for internet
+	# mgmt_iface is for mgmt
+	#
+	# so service zone will have iptv_iface and wan_iface interface
+	# so management zone will have mgmt_iface
+	local iface
+	local firewall_file="/etc/config/firewall"
+
+	# Check if the file exists
+	if [ ! -f "$firewall_file" ]; then
+		echo "Error: $firewall_file does not exist."
+		return 1
+	fi
+
+	logger -s -p user.info -t "netmode" "Configuring firewall"
+
+	# Check if 'mgmt' zone already exists to avoid duplicates
+	if grep -q "config zone 'mgmt'" "$firewall_file"; then
+		echo "Firewall zone 'mgmt' already exists. Skipping append."
+		return 0
+	fi
+
+	uci -q set firewall.globals.enabled="1"
+
+	# iptv and inet interfaces replace existing wan interface in the firewall
+	# as for mgmt, a separate zone will be created below, because lan traffic
+	# is not forwarded to mgmt
+	uci -q set firewall.wan.network=""
+	for iface in "$INET_IFACE" "$INET_IFACE6" "$IPTV_IFACE" "$IPTV_IFACE6"; do
+		uci -q add_list firewall.wan.network="$iface"
+	done
+
+	append_mgmt_firewall_config
+
+	uci -q commit firewall
+}
+
+l3_network_config
+l3_dhcp_config
+l3_mcast_config "$IPTV_DEV"
+l3_firewall_config
+l3_misc_config
+
+# If device is already boot-up, assume netmode changed during runtime
+if [ -f /var/run/boot_complete ]; then
+	/etc/init.d/odhcpd restart 2>/dev/null
+	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
+		ubus call uci commit "{\"config\":\"$config\"}"
+		sleep 1
+	done
+fi
+

netmode/files/etc/netmodes/routed-pppoe/scripts/10-routed-pppoe

@@ -2,21 +2,18 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/netmode/netmode_helpers.sh
 
 source "/etc/device_info"
 
-l3_mcast_config() {
-	# configure L3 mcast config
-	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
-
-	rm -f /etc/config/mcast
-	sh /rom/etc/uci-defaults/61-mcast_config_generate
-	uci -q commit mcast
-}
-
 l3_network_pppoe_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	# delete interfaces apart from lan, lan6, wan, wan6
+	delete_extra_interfaces
+	# delete existing vlan and macvlan sections to prevent clashes
+	delete_vlan_and_macvlan_sections
+
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode

netmode/files/etc/netmodes/routed-static/scripts/10-routed-static

@@ -2,21 +2,18 @@
 
 . /lib/functions.sh
 . /usr/share/libubox/jshn.sh
+. /lib/netmode/netmode_helpers.sh
 
 source "/etc/device_info"
 
-l3_mcast_config() {
-	# configure L3 mcast config
-	logger -s -p user.info -t "netmode" "Generating L3 mcast configuration"
-
-	rm -f /etc/config/mcast
-	sh /rom/etc/uci-defaults/61-mcast_config_generate
-	uci -q commit mcast
-}
-
 l3_network_config() {
 	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
 
+	# delete interfaces apart from lan, lan6, wan, wan6
+	delete_extra_interfaces
+	# delete existing vlan and macvlan sections to prevent clashes
+	delete_vlan_and_macvlan_sections
+
 	wandev="$(uci -q get network.WAN.ifname)"
 
 	# Configure L3 Network Mode

netmode/files/etc/netmodes/routed-vlan-per-service/scripts/10-routed-vlan-per-service

@@ -0,0 +1,232 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+. /lib/netmode/netmode_helpers.sh
+
+source "/etc/device_info"
+
+INET_IFACE="wan"
+INET_IFACE6="wan6"
+
+IPTV_IFACE="iptv_iface"
+IPTV_IFACE6="iptv_iface6"
+
+MGMT_IFACE="mgmt_iface"
+MGMT_IFACE6="mgmt_iface6"
+
+IPTV_DEV=""
+
+create_vlan_dev() {
+	local ifname="$1"
+	local vlanid="$2"
+
+	if [ -z "$ifname" ] || [ -z "$vlanid" ]; then
+		return
+	fi
+
+	local name="$ifname.$vlanid"
+
+	uci -q set network.vlan_${vlanid}=device
+	uci -q set network.vlan_${vlanid}.type="8021q"
+	uci -q set network.vlan_${vlanid}.name="$name"
+	uci -q set network.vlan_${vlanid}.ifname="$ifname"
+	uci -q set network.vlan_${vlanid}.vid=$vlanid
+
+	echo "$name"
+}
+
+create_vlan_interface() {
+	local iface_name="$1"
+	local ifname="$2"
+	local vlanid="$3"
+	local defaultroute="$4"
+	local mgmt="$5"
+	local device iface_name6
+
+	if [ -z "$iface_name" ] || [ -z "$ifname" ]; then
+		return
+	fi
+
+	# if not mgmt iface, then vlanid is mandatory
+	if [ -n "$vlanid" ]; then
+		device="$(create_vlan_dev "$ifname" "$vlanid")"
+	elif [ "$mgmt" = "1" ]; then
+		device="$ifname"
+	else
+		return
+	fi
+
+	if [ -n "$device" ]; then
+		uci -q set network.$iface_name=interface
+		uci -q set network.$iface_name.proto="dhcp"
+		uci -q set network.$iface_name.device="$device"
+		uci -q set network.$iface_name.defaultroute="$defaultroute"
+		uci -q set network.$iface_name.reqopts="43"
+
+		iface_name6="${iface_name}6"
+		uci -q set network.$iface_name6=interface
+		uci -q set network.$iface_name6.proto="dhcpv6"
+		uci -q set network.$iface_name6.device="$device"
+	fi
+}
+
+l3_dhcp_config() {
+	# Enable DHCP Server
+	uci -q set dhcp.lan.ignore=0
+	uci -q set dhcp.wan.ignore=1
+	uci -q set dhcp.$IPTV_IFACE=dhcp
+	uci -q set dhcp.$IPTV_IFACE.interface="$IPTV_IFACE"
+	uci -q set dhcp.$IPTV_IFACE.ignore=1
+	uci -q set dhcp.$MGMT_IFACE=dhcp
+	uci -q set dhcp.$MGMT_IFACE.interface="$MGMT_IFACE"
+	uci -q set dhcp.$MGMT_IFACE.ignore=1
+	uci -q commit dhcp
+	/etc/init.d/odhcpd enable
+}
+
+l3_network_config() {
+	logger -s -p user.info -t "netmode" "Generating L3 network configuration"
+
+	local wandev="$(uci -q get network.WAN.ifname)"
+	local new_wandev="$wandev"
+
+	# Configure L3 Network Mode
+	uci -q set network.lan=interface
+	uci -q set network.lan.device='br-lan'
+	uci -q set network.lan.proto='static'
+	uci -q set network.lan.ipaddr='192.168.1.1'
+	uci -q set network.lan.netmask='255.255.255.0'
+	uci -q set network.lan.ip6assign='60'
+	uci -q delete network.lan.vendorid
+	uci -q delete network.lan.clientid
+	uci -q delete network.lan.reqopts
+	uci -q delete network.lan.sendopts
+
+	uci -q delete network.lan6
+
+	uci -q delete network.wan.disabled
+	uci -q delete network.wan.username
+	uci -q delete network.wan.password
+	uci -q delete network.wan.ipaddr
+	uci -q delete network.wan.gateway
+	uci -q delete network.wan.netmask
+
+	uci -q delete network.wan6.disabled
+
+	# since inet_iface is supposed to have defaultroute set to 1, all traffic will flow through it
+	# so using the default wan interface as inet_iface, as it is used as the default everywhere on the
+	# system
+	# inet_wan = wan
+	# mgmt_wan = mgmt_wan
+	# iptv_wan = iptv_wan
+	create_vlan_interface "$MGMT_IFACE" "$wandev" "$NETMODE_mgmt_vlanid" "0" "1"
+	create_vlan_interface "$INET_IFACE" "$wandev" "$NETMODE_inet_vlanid" "1" "0"
+	create_vlan_interface "$IPTV_IFACE" "$wandev" "$NETMODE_iptv_vlanid" "0" "0"
+	IPTV_DEV="$wandev.$NETMODE_iptv_vlanid"
+	#TODO voice?
+
+	[ -n "$NETMODE_mtu" ] && uci -q set network.WAN.mtu="$NETMODE_mtu"
+
+	uci -q delete network.wan.dns
+	if [ -n "$NETMODE_dns_servers" ]; then
+		dns_servers="$(echo $NETMODE_dns_servers | tr ',' ' ')"
+		for server in $dns_servers; do
+		    uci -q add_list network.wan.dns=$server
+		done
+	fi
+
+	uci -q delete network.br_lan.ports
+	uci -q set network.br_lan.bridge_empty='1'
+
+	add_port_to_br_lan() {
+		port="$1"
+		[ -n "$port" -a -d /sys/class/net/$port ] || continue
+		uci add_list network.br_lan.ports="$port"
+	}
+
+	if [ -f /etc/board.json ]; then
+		json_load_file /etc/board.json
+		json_select network
+		json_select lan
+		if json_is_a ports array; then
+			json_for_each_item add_port_to_br_lan ports
+		else
+			json_get_var device device
+			[ -n "$device" ] && uci add_list network.br_lan.ports="$device"
+		fi
+		json_select ..
+		json_cleanup
+	fi
+
+	uci -q commit network
+}
+
+l3_misc_config() {
+	# Enable SSDPD
+	uci -q set ssdpd.ssdp.enabled="1"
+	uci -q commit ssdpd
+
+	# Update CWMP Agent WAN Interface
+	uci -q set cwmp.cpe.default_wan_interface="wan"
+	uci -q commit cwmp
+
+	# Update gateway WAN Interface
+	uci -q set gateway.global.wan_interface="wan"
+	uci -q commit gateway
+}
+
+l3_firewall_config() {
+	# iptv_iface is for iptv
+	# wan interface is for internet
+	# mgmt_iface is for mgmt
+	#
+	# so service zone will have iptv_iface and wan_iface interface
+	# so management zone will have mgmt_iface
+	local iface
+	local firewall_file="/etc/config/firewall"
+
+	# Check if the file exists
+	if [ ! -f "$firewall_file" ]; then
+		echo "Error: $firewall_file does not exist."
+		return 1
+	fi
+
+	logger -s -p user.info -t "netmode" "Configuring firewall"
+
+	# Check if 'mgmt' zone already exists to avoid duplicates
+	if grep -q "config zone 'mgmt'" "$firewall_file"; then
+		echo "Firewall zone 'mgmt' already exists. Skipping append."
+		return 0
+	fi
+
+	uci -q set firewall.globals.enabled="1"
+
+	# iptv and inet interfaces replace existing wan interface in the firewall
+	# as for mgmt, a separate zone will be created below, because lan traffic
+	# is not forwarded to mgmt
+	uci -q set firewall.wan.network=""
+	for iface in "$INET_IFACE" "$INET_IFACE6" "$IPTV_IFACE" "$IPTV_IFACE6"; do
+		uci -q add_list firewall.wan.network="$iface"
+	done
+
+	append_mgmt_firewall_config
+
+	uci -q commit firewall
+}
+
+l3_network_config
+l3_dhcp_config
+l3_mcast_config "$IPTV_DEV"
+l3_firewall_config
+l3_misc_config
+
+# If device is already boot-up, assume netmode changed during runtime
+if [ -f /var/run/boot_complete ]; then
+	/etc/init.d/odhcpd restart 2>/dev/null
+	for config in network dhcp ssdpd cwmp gateway firewall mcast; do
+		ubus call uci commit "{\"config\":\"$config\"}"
+		sleep 1
+	done
+fi
+

netmode/files/etc/netmodes/supported_modes.json

@@ -95,6 +95,114 @@
           "type": "string"
         }
       ]
+    },
+    {
+      "name": "bridged",
+      "description": "Bridged mode with optional VLAN and Q-in-Q support, the bridge will have a DHCP v4 and v6 client",
+      "supported_args": [
+        {
+          "name": "lan_cvlanid",
+          "description": "LAN CVLAN ID, if present, 8021q set up will be done for LAN ports with this VID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "lan_svlanid",
+          "description": "LAN SVLAN ID, if present, 8021ad set up will be done for LAN ports with this VID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "wan_cvlanid",
+          "description": "WAN CVLAN ID, if present, 8021q set up will be done for WAN port with this VID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "wan_svlanid",
+          "description": "WAN SVLAN ID, if present, 8021ad set up will be done for WAN port with this VID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "port_list",
+          "description": "LAN ports that will be bridged with wan, example: 'LAN1,LAN2', unset value means all ports",
+          "required": false,
+          "type": "string"
+        }
+      ]
+    },
+    {
+      "name": "routed-vlan-per-service",
+      "description": "routed configuration with separate vlans for internet and iptv",
+      "supported_args": [
+        {
+          "name": "inet_vlanid",
+          "description": "Internet VLAN ID",
+          "required": true,
+          "type": "integer"
+        },
+        {
+          "name": "iptv_vlanid",
+          "description": "IPTV VLAN ID",
+          "required": true,
+          "type": "integer"
+        },
+        {
+          "name": "mgmt_vlanid",
+          "description": "Management VLAN ID",
+          "required": false,
+          "type": "integer"
+        },
+        {
+          "name": "dns_servers",
+          "description": "DNS Servers",
+          "required": false,
+          "type": "string"
+        },
+        {
+          "name": "mtu",
+          "description": "MTU",
+          "required": false,
+          "type": "integer"
+        }
+      ]
+    },
+    {
+      "name": "routed-mac-per-service",
+      "description": "routed configuration with separate macvlans for internet and iptv",
+      "supported_args": [
+        {
+          "name": "inet_mac_addr",
+          "description": "Internet MAC Address",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "name": "iptv_mac_addr",
+          "description": "IPTV MAC Address",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "name": "mgmt_mac_addr",
+          "description": "Management MAC Address",
+          "required": false,
+          "type": "string"
+        },
+        {
+          "name": "dns_servers",
+          "description": "DNS Servers",
+          "required": false,
+          "type": "string"
+        },
+        {
+          "name": "mtu",
+          "description": "MTU",
+          "required": false,
+          "type": "integer"
+        }
+      ]
     }
   ]
 }

netmode/files/lib/netmode/netmode_helpers.sh

@@ -0,0 +1,127 @@
+append_mgmt_firewall_config() {
+	# Append the configuration block
+	cat <<'EOF' >> "$firewall_file"
+
+config zone 'mgmt'
+	option name 'mgmt'
+	list network 'mgmt_iface'
+	list network 'mgmt_iface6'
+	option input 'REJECT'
+	option output 'ACCEPT'
+	option forward 'REJECT'
+	option mtu_fix '1'
+
+config rule
+	option name 'Allow-DHCP-Renew'
+	option src 'mgmt'
+	option proto 'udp'
+	option dest_port '68'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
+config rule
+	option name 'Allow-Ping'
+	option src 'mgmt'
+	option proto 'icmp'
+	option icmp_type 'echo-request'
+	option family 'ipv4'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-IGMP'
+	option src 'mgmt'
+	option proto 'igmp'
+	option family 'ipv4'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-DHCPv6'
+	option src 'mgmt'
+	option proto 'udp'
+	option dest_port '546'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-MLD'
+	option src 'mgmt'
+	option proto 'icmp'
+	option src_ip 'fe80::/10'
+	list icmp_type '130/0'
+	list icmp_type '131/0'
+	list icmp_type '132/0'
+	list icmp_type '143/0'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-ICMPv6-Input'
+	option src 'mgmt'
+	option proto 'icmp'
+	list icmp_type 'echo-request'
+	list icmp_type 'echo-reply'
+	list icmp_type 'destination-unreachable'
+	list icmp_type 'packet-too-big'
+	list icmp_type 'time-exceeded'
+	list icmp_type 'bad-header'
+	list icmp_type 'unknown-header-type'
+	list icmp_type 'router-solicitation'
+	list icmp_type 'neighbour-solicitation'
+	list icmp_type 'router-advertisement'
+	list icmp_type 'neighbour-advertisement'
+	option limit '1000/sec'
+	option family 'ipv6'
+	option target 'ACCEPT'
+EOF
+
+	echo "Firewall configuration for 'mgmt' zone appended successfully."
+}
+
+l3_mcast_config() {
+	# configure L3 mcast config
+	local iptv_dev="$1"
+
+	logger -p user.info -t "netmode" "Generating L3 mcast configuration"
+
+	rm -f /etc/config/mcast
+	sh /rom/etc/uci-defaults/61-mcast_config_generate
+
+	if [ -n "$iptv_dev" ]; then
+		uci -q set mcast.mc_proxy_MLD.upstream_interface="$iptv_dev"
+		uci -q set mcast.igmp_proxy_1.upstream_interface="$iptv_dev"
+	fi
+
+	uci -q commit mcast
+}
+
+# deletes all interfaces except lan, lan6, wan and wan6
+delete_extra_interfaces() {
+        local sect
+
+        # Extract all interface section names and iterate
+        for sect in $(uci -X show network | grep -F '=interface' | cut -d '.' -f2 | cut -d '=' -f1); do
+                case "$sect" in
+                        lan|lan6|wan|wan6)
+                                echo "Skipping reserved interface: network.$sect"
+                                continue
+                                ;;
+                esac
+
+                echo "Deleting interface section: network.$sect"
+                uci -q delete network.$sect
+        done
+
+        uci -q commit network
+}
+
+delete_vlan_and_macvlan_sections() {
+	local sect
+
+	# Extract all vlan device section names and iterate
+	for sect in $(uci -X show network | grep -E '8021q|8021ad|macvlan' | cut -d '.' -f 2); do
+		echo "Deleting device section: network.$sect"
+		uci -q delete network.$sect
+	done
+
+	uci -q commit network
+}