From 7c81897b4ccc2213972c0409a59b07f1fda87a0f Mon Sep 17 00:00:00 2001
From: lemoer <git@irrelefant.net>
Date: Tue, 28 Dec 2021 22:50:18 +0100
Subject: [PATCH] gluon-mesh-vpn-*: make vpn MTU provider specific

If a community uses different vpn providers, they typically
assume the same MTU for the wan device underneath the VPN. As
different VPN providers however have different overhead, the MTU
of the VPN device differs for each provider. Therefore this
commit makes the MTU of the VPN device provider specific.

This has two advantages:
1. The same site.conf can used to bake firmwares for different
   VPN providers (only by selecting a diferent vpn feature in the
   site.mk).
2. We are coming closer to the option of integrating multiple VPN
   providers into one firmware.
---
 package/gluon-mesh-vpn-core/check_site.lua                    | 1 -
 .../gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn | 3 ++-
 package/gluon-mesh-vpn-fastd/check_site.lua                   | 1 +
 .../luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd               | 3 ++-
 .../luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua      | 4 ++++
 package/gluon-mesh-vpn-tunneldigger/check_site.lua            | 1 +
 .../usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua      | 4 ++++
 package/gluon-mesh-vpn-wireguard/check_site.lua               | 1 +
 .../luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua  | 4 ++++
 9 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/package/gluon-mesh-vpn-core/check_site.lua b/package/gluon-mesh-vpn-core/check_site.lua
index 04ff3c84..cff076e1 100644
--- a/package/gluon-mesh-vpn-core/check_site.lua
+++ b/package/gluon-mesh-vpn-core/check_site.lua
@@ -1,5 +1,4 @@
 need_boolean(in_site({'mesh_vpn', 'enabled'}), false)
-need_number({'mesh_vpn', 'mtu'})
 need_boolean(in_site({'mesh_vpn', 'pubkey_privacy'}), false)
 
 need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false)
diff --git a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
index a476afdb..b1495255 100755
--- a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
+++ b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
@@ -7,6 +7,7 @@ local util = require 'gluon.util'
 local uci = require('simple-uci').cursor()
 
 local vpn_core = require 'gluon.mesh-vpn'
+local _, active_vpn = vpn_core.get_active_provider()
 
 uci:section('network', 'interface', 'mesh_vpn', {
 	ifname = vpn_core.get_interface(),
@@ -14,7 +15,7 @@ uci:section('network', 'interface', 'mesh_vpn', {
 	transitive = true,
 	fixed_mtu = true,
 	macaddr = util.generate_mac(7),
-	mtu = site.mesh_vpn.mtu(),
+	mtu = active_vpn.mtu(),
 })
 
 uci:save('network')
diff --git a/package/gluon-mesh-vpn-fastd/check_site.lua b/package/gluon-mesh-vpn-fastd/check_site.lua
index 6f3c0832..dadcc917 100644
--- a/package/gluon-mesh-vpn-fastd/check_site.lua
+++ b/package/gluon-mesh-vpn-fastd/check_site.lua
@@ -1,6 +1,7 @@
 local fastd_methods = {'salsa2012+umac', 'null+salsa2012+umac', 'null@l2tp', 'null'}
 need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods)
 need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false)
+need_number({'mesh_vpn', 'fastd', 'mtu'})
 
 need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}),
 	{'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
index c8898755..4c2dc046 100755
--- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
+++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
@@ -3,6 +3,7 @@
 local site = require 'gluon.site'
 local util = require 'gluon.util'
 local vpn_core = require 'gluon.mesh-vpn'
+local _, active_vpn = vpn_core.get_active_provider()
 
 local uci = require('simple-uci').cursor()
 local unistd = require 'posix.unistd'
@@ -49,7 +50,7 @@ uci:section('fastd', 'fastd', 'mesh_vpn', {
 	secret = secret,
 	interface = vpn_core.get_interface(),
 	mode = 'tap',
-	mtu = site.mesh_vpn.mtu(),
+	mtu = active_vpn.mtu(),
 	secure_handshakes = true,
 	method = methods,
 	packet_mark = 1,
diff --git a/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua b/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
index bcc6b5e1..20ac4777 100644
--- a/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
+++ b/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
@@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
 	uci:save('simple-tc')
 end
 
+function M.mtu()
+	return site.mesh_vpn.fastd.mtu()
+end
+
 return M
diff --git a/package/gluon-mesh-vpn-tunneldigger/check_site.lua b/package/gluon-mesh-vpn-tunneldigger/check_site.lua
index 188433fd..77ea83c5 100644
--- a/package/gluon-mesh-vpn-tunneldigger/check_site.lua
+++ b/package/gluon-mesh-vpn-tunneldigger/check_site.lua
@@ -1 +1,2 @@
 need_string_array(in_domain({'mesh_vpn', 'tunneldigger', 'brokers'}))
+need_number({'mesh_vpn', 'tunneldigger', 'mtu'})
diff --git a/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua b/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua
index d324a3cc..9ae67539 100644
--- a/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua
+++ b/package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua
@@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
 	uci:save('simple-tc')
 end
 
+function M.mtu()
+	return site.mesh_vpn.tunneldigger.mtu()
+end
+
 return M
diff --git a/package/gluon-mesh-vpn-wireguard/check_site.lua b/package/gluon-mesh-vpn-wireguard/check_site.lua
index f5a0d94e..5769e36e 100644
--- a/package/gluon-mesh-vpn-wireguard/check_site.lua
+++ b/package/gluon-mesh-vpn-wireguard/check_site.lua
@@ -7,3 +7,4 @@ local function check_peer(k)
 end
 
 need_table({'mesh_vpn', 'wireguard', 'peers'}, check_peer)
+need_number({'mesh_vpn', 'wireguard', 'mtu'})
diff --git a/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua b/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
index b531b80e..fb5041c5 100644
--- a/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
+++ b/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
@@ -40,4 +40,8 @@ function M.set_limit(ingress_limit, egress_limit)
 	uci:save('simple-tc')
 end
 
+function M.mtu()
+	return site.mesh_vpn.wireguard.mtu()
+end
+
 return M