From ef7ef09af84b9b4f0780b8f3229fdbc42fdec0a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Fri, 17 Jun 2022 08:52:15 +0200
Subject: [PATCH 1/8] gluon-mesh-layer3-common: add package

---
 package/gluon-mesh-layer3-common/Makefile     | 12 +++++++++
 .../lib/gluon/upgrade/310-layer3-firewall     | 25 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 package/gluon-mesh-layer3-common/Makefile
 create mode 100755 package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall

diff --git a/package/gluon-mesh-layer3-common/Makefile b/package/gluon-mesh-layer3-common/Makefile
new file mode 100644
index 00000000..45ad2f57
--- /dev/null
+++ b/package/gluon-mesh-layer3-common/Makefile
@@ -0,0 +1,12 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-layer3-common
+
+include ../gluon.mk
+
+define Package/gluon-mesh-layer3-common
+  TITLE:=Layer3 common files
+  DEPENDS:=+gluon-core +gluon-mmfd +firewall
+endef
+
+$(eval $(call BuildPackageGluon,gluon-mesh-layer3-common))
diff --git a/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall
new file mode 100755
index 00000000..b6f53384
--- /dev/null
+++ b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall
@@ -0,0 +1,25 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:section('firewall', 'forwarding', 'fcc', {
+	src = 'loc_client',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcm', {
+	src = 'loc_client',
+	dest = 'mesh',
+})
+
+uci:section('firewall', 'forwarding', 'fmc', {
+	src = 'mesh',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fmm', {
+	src = 'mesh',
+	dest = 'mesh',
+})
+
+uci:save('firewall')

From 583dc69961c187d3f39b73e219b455275e0ee168 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Fri, 17 Jun 2022 08:52:37 +0200
Subject: [PATCH 2/8] gluon-l3roamd: add firewall rules

---
 .../lib/gluon/upgrade/320-firewall-l3roamd    | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd b/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd
index b1b28844..e69a9d77 100755
--- a/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd
+++ b/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd
@@ -1,6 +1,26 @@
 #!/usr/bin/lua
+
 local uci = require('simple-uci').cursor()
 
+uci:section('firewall', 'zone', 'l3roamd', {
+	name = 'l3roamd',
+	input = 'ACCEPT',
+	output = 'ACCEPT',
+	forward = 'REJECT',
+	device = 'l3roam+',
+	log = '1',
+})
+
+uci:section('firewall', 'forwarding', 'flc', {
+	src = 'l3roamd',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcl', {
+	src = 'loc_client',
+	dest = 'l3roamd',
+})
+
 uci:section('firewall', 'rule',  'mesh_l3roamd', {
 	name = 'mesh_l3roamd',
 	src = 'mesh',

From 0cf6fade94a46d19aae7cc5732948483a1b23670 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Thu, 16 Jun 2022 19:05:26 +0200
Subject: [PATCH 3/8] gluon-mmfd: add firewall rules

---
 .../lib/gluon/upgrade/310-gluon-mmfd-firewall | 55 +++++++++++++++++++
 .../gluon/upgrade/430-gluon-mmfd-interface    | 11 ++++
 2 files changed, 66 insertions(+)
 create mode 100755 package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
 create mode 100755 package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface

diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
new file mode 100755
index 00000000..5b533809
--- /dev/null
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
@@ -0,0 +1,55 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local site = require "gluon.site"
+
+uci:section('firewall', 'zone', 'mmfd', {
+	name = 'mmfd',
+	input = 'REJECT',
+	output = 'accept',
+	forward = 'REJECT',
+	device = 'mmfd+',
+	log = '1',
+})
+
+uci:section('firewall', 'rule',  'mesh_mmfd', {
+	src = 'mesh',
+	src_ip = 'fe80::/64',
+	dest_port = '27275',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
+	src = 'mesh',
+	src_ip = 'fe80::/64' ,
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
+	src = 'mesh',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
+	src = 'mmfd',
+	src_ip = 'fe80::/64',
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
+	src = 'mmfd',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:save('firewall')
diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
new file mode 100755
index 00000000..8e500d16
--- /dev/null
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
@@ -0,0 +1,11 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:section('network', 'interface', 'mmfd', {
+	proto = 'static',
+	ifname = 'mmfd0',
+	ip6addr = 'fe80::1/64'
+})
+
+uci:save('network')

From 85d61f12bdac1242d56327db3cbdbfe35fb1ec6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Thu, 16 Jun 2022 19:06:42 +0200
Subject: [PATCH 4/8] gluon-mesh-babel: remove common fw rules

---
 .../upgrade/310-gluon-mesh-babel-firewall     | 90 -------------------
 .../430-gluon-mesh-babel-add-mmfd-interface   | 10 ---
 2 files changed, 100 deletions(-)
 delete mode 100755 package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface

diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall b/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
index 5f3a8976..09daeba7 100755
--- a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
+++ b/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
@@ -1,96 +1,6 @@
 #!/usr/bin/lua
 
 local uci = require('simple-uci').cursor()
-local site = require "gluon.site"
-
-uci:section('firewall', 'zone', 'l3roamd', {
-	name = 'l3roamd',
-	input = 'ACCEPT',
-	output = 'ACCEPT',
-	forward = 'REJECT',
-	device = 'l3roam+',
-	log = '1',
-})
-
-uci:section('firewall', 'zone', 'mmfd', {
-	name = 'mmfd',
-	input = 'REJECT',
-	output = 'accept',
-	forward = 'REJECT',
-	device = 'mmfd+',
-	log = '1',
-})
-
--- forwardings and respective rules
-uci:section('firewall', 'forwarding', 'fcc', {
-	src = 'loc_client',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcm', {
-	src = 'loc_client',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'fmc', {
-	src = 'mesh',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fmm', {
-	src = 'mesh',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'flc', {
-	src = 'l3roamd',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcl', {
-	src = 'loc_client',
-	dest = 'l3roamd',
-})
-
-uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
-	src = 'mesh',
-	src_ip = 'fe80::/64' ,
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
-	src = 'mesh',
-	src_ip = site.node_prefix6(),
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
-	src = 'mmfd',
-	src_ip = 'fe80::/64',
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
-	src = 'mmfd',
-	src_ip = site.node_prefix6(),
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mesh_mmfd', {
-	src = 'mesh',
-	src_ip = 'fe80::/64',
-	dest_port = '27275',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
 
 uci:section('firewall', 'rule', 'mesh_babel', {
 	src = 'mesh',
diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface b/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface
deleted file mode 100755
index 073d288e..00000000
--- a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/lua
-
-local uci = require('simple-uci').cursor()
-
-uci:section('network', 'interface', 'mmfd', {
-	proto = 'static',
-	ifname = 'mmfd0',
-	ip6addr = 'fe80::1/64'
-})
-uci:save('network')

From b59eb548b56e1310f7dcf4eda8a7d00826294cab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Fri, 17 Jun 2022 08:57:59 +0200
Subject: [PATCH 5/8] gluon-mesh-babel: use layer3 common

---
 package/gluon-mesh-babel/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/gluon-mesh-babel/Makefile b/package/gluon-mesh-babel/Makefile
index 3abe66df..239d7132 100644
--- a/package/gluon-mesh-babel/Makefile
+++ b/package/gluon-mesh-babel/Makefile
@@ -9,7 +9,7 @@ include ../gluon.mk
 
 define Package/gluon-mesh-babel
   TITLE:=Babel mesh
-  DEPENDS:=+gluon-core +babeld +gluon-mmfd +libiwinfo +libgluonutil +firewall +libjson-c +libnl-tiny +libubus +libubox +libblobmsg-json +libbabelhelper +luabitop
+  DEPENDS:=+gluon-core +babeld +gluon-mesh-layer3-common +libiwinfo +libgluonutil +firewall +libjson-c +libnl-tiny +libubus +libubox +libblobmsg-json +libbabelhelper +luabitop
   PROVIDES:=gluon-mesh-provider
 endef
 

From b5f36c7e00c4d9c3dd9877013d11c70384cfa1b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Fri, 17 Jun 2022 09:21:43 +0200
Subject: [PATCH 6/8] gluon-mesh-layer3-common: add ip6 from babel

---
 .../luasrc/lib/gluon/upgrade/250-layer3-ip6}                      | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename package/{gluon-mesh-babel/luasrc/lib/gluon/upgrade/300-gluon-mesh-babel-ip6 => gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/250-layer3-ip6} (100%)

diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/300-gluon-mesh-babel-ip6 b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/250-layer3-ip6
similarity index 100%
rename from package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/300-gluon-mesh-babel-ip6
rename to package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/250-layer3-ip6

From c3af0aca96e111fc944a6efc1f0be542b9ef8330 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Fri, 24 Jun 2022 18:46:37 +0200
Subject: [PATCH 7/8] gluon-mesh-layer3-common: add radvd from babel

---
 .../luasrc/lib/gluon/radvd/arguments                              | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename package/{gluon-mesh-babel => gluon-mesh-layer3-common}/luasrc/lib/gluon/radvd/arguments (100%)

diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/radvd/arguments b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/radvd/arguments
similarity index 100%
rename from package/gluon-mesh-babel/luasrc/lib/gluon/radvd/arguments
rename to package/gluon-mesh-layer3-common/luasrc/lib/gluon/radvd/arguments

From 242a2dccd55b5ce2764605470e8fb1320d78b976 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Fri, 24 Jun 2022 18:52:44 +0200
Subject: [PATCH 8/8] gluon-mesh-layer3-common: add node_prefix6 to check_site

---
 package/gluon-mesh-layer3-common/check_site.lua | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 package/gluon-mesh-layer3-common/check_site.lua

diff --git a/package/gluon-mesh-layer3-common/check_site.lua b/package/gluon-mesh-layer3-common/check_site.lua
new file mode 100644
index 00000000..dd6ee348
--- /dev/null
+++ b/package/gluon-mesh-layer3-common/check_site.lua
@@ -0,0 +1,2 @@
+need_string_match(in_domain({'node_prefix6'}), '^[%x:]+/64$')
+