Merge branch 'freifunk-gluon:master' into add-fritzbox-7430

2022-02-12 12:36:15 +01:00 · 2022-02-12 12:36:15 +01:00 · 968f77a097
commit 968f77a097
parent c24f7c1b87 545d1cbb11
88 changed files with 1145 additions and 1381 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -25,7 +25,7 @@ indent_size = 4
 [*.rst]
 indent_style = space
-indent_size = 3
+indent_size = 2
 [*.yml]
 indent_style = space
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,12 @@
 # Docs: <https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/customizing-dependency-updates>
 version: 2
 updates:
  - package-ecosystem: github-actions
    directory: /
    schedule: {interval: monthly}
  - package-ecosystem: pip
    directory: /docs/
    schedule: {interval: monthly}
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@ -0,0 +1,21 @@
 name: Backport
 on:
  pull_request_target:
    types: [closed, labeled]
 jobs:
  backport:
    name: Backport Pull Request
    if: github.repository_owner == 'freifunk-gluon' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Create backport PRs
        uses: zeebe-io/backport-action@v0.0.7
        with:
          # Config README: https://github.com/zeebe-io/backport-action#backport-action
          github_token: ${{ secrets.GITHUB_TOKEN }}
          github_workspace: ${{ github.workspace }}
          pull_description: |-
            Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.
--- a/.github/workflows/build-docs.yml
+++ b/.github/workflows/build-docs.yml
@ -20,7 +20,7 @@ jobs:
      - name: Build documentation
        run: make -C docs html
      - name: Archive build output
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v2.3.1
        with:
          name: docs_output
          path: docs/_build/html
--- a/.github/workflows/build-gluon.yml
+++ b/.github/workflows/build-gluon.yml
@ -1,7 +1,3 @@
 # Update this file after adding/removing/renaming a target by running
 # `make list-targets BROKEN=1 | ./contrib/actions/generate-actions.py > ./.github/workflows/build-gluon.yml`
 name: Build Gluon
 on:
  push:
@ -28,6 +24,7 @@ jobs:
  build_firmware:
    needs: changed
    if: ${{ needs.changed.outputs.targets != '[]' && needs.changed.outputs.targets != '' }}
    strategy:
      fail-fast: false
      matrix:
@ -45,13 +42,13 @@ jobs:
      - name: Archive build logs
        if: ${{ !cancelled() }}
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v2.3.1
        with:
          name: ${{ matrix.target }}_logs
          path: openwrt/logs
      - name: Archive build output
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v2.3.1
        with:
          name: ${{ matrix.target }}_output
          path: output
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -10,7 +10,7 @@ jobs:
    steps:
      - uses: actions/checkout@v2
      - name: Install Dependencies
-        run: sudo apt install lua-check
+        run: sudo apt-get -y update && sudo apt-get -y install lua-check
      - name: Install example site
        run: ln -s ./docs/site-example ./site
      - name: Lint Lua code
@ -22,7 +22,7 @@ jobs:
    steps:
      - uses: actions/checkout@v2
      - name: Install Dependencies
-        run: sudo apt install shellcheck
+        run: sudo apt-get -y update && sudo apt-get -y install shellcheck
      - name: Install example site
        run: ln -s ./docs/site-example ./site
      - name: Lint shell code
--- a/13
+++ b/13
@ -19,14 +19,15 @@ escape = '$(subst ','\'',$(1))'
 GLUON_SITEDIR ?= site
 $(eval $(call mkabspath,GLUON_SITEDIR))
-$(GLUON_SITEDIR)/site.mk:
+ifeq ($(realpath $(GLUON_SITEDIR)/site.mk),)
-	$(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR))
+$(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR))
 endif
 include $(GLUON_SITEDIR)/site.mk
 GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line)
-GLUON_DEPRECATED ?= $(error GLUON_DEPRECATED not set. Please consult the documentation)
+GLUON_DEPRECATED ?= 0
 ifneq ($(GLUON_BRANCH),)
  $(warning *** Warning: GLUON_BRANCH has been deprecated, please set GLUON_AUTOUPDATER_BRANCH and GLUON_AUTOUPDATER_ENABLED instead.)
@ -70,7 +71,7 @@ GLUON_VARS = \
 	GLUON_VERSION GLUON_SITE_VERSION \
 	GLUON_RELEASE GLUON_REGION GLUON_MULTIDOMAIN GLUON_AUTOREMOVE GLUON_DEBUG GLUON_MINIFY GLUON_DEPRECATED \
 	GLUON_DEVICES GLUON_TARGETSDIR GLUON_PATCHESDIR GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR GLUON_DEBUGDIR \
-	GLUON_SITEDIR GLUON_RELEASE GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \
+	GLUON_SITEDIR GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \
 	GLUON_TARGET BOARD SUBTARGET
 unexport $(GLUON_VARS)
@ -185,6 +186,10 @@ config: $(LUA) FORCE
 	$(GLUON_ENV) $(LUA) scripts/target_config_check.lua
 container: FORCE
 	@scripts/container.sh
 all: config
 	+@
 	$(GLUON_ENV) $(LUA) scripts/clean_output.lua
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@ If you're new to Gluon and ready to get your feet wet, have a look at the
 Gluon's developers frequent an IRC chatroom at [#gluon](ircs://irc.hackint.org/#gluon)
 on [hackint](https://hackint.org/). There is also a [webchat](https://webirc.hackint.org/#irc://irc.hackint.org/#gluon)
-that allows for uncomplicated access from within your browser.
+that allows for uncomplicated access from within your browser. This channel is also available as a bridged Matrix Room at [#gluon:hackint.org](https://matrix.to/#/#gluon:hackint.org).
 ## Issues & Feature requests
--- a/contrib/docker/Dockerfile
+++ b/contrib/docker/Dockerfile
--- a/contrib/lsupgrade.sh
+++ b/contrib/lsupgrade.sh
@ -28,7 +28,7 @@ fi
 pushd "$(dirname "$0")/.." >/dev/null
-find ./package packages -name Makefile | while read -r makefile; do
+find ./package packages -name Makefile | grep -v '^packages/packages/' | while read -r makefile; do
 	dir="$(dirname "$makefile")"
 	pushd "$dir" >/dev/null
@ -37,13 +37,12 @@ find ./package packages -name Makefile | while read -r makefile; do
 	dirname="$(dirname "$dir" | cut -d/ -f 3-)"
 	package="$(basename "$dir")"
-	for file in "${SUFFIX1}"/*; do
+	for file in "${SUFFIX1}"/* "${SUFFIX2}"/*; do
-		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX1})"
+		basename="$(basename "${file}")"
-	done
+		suffix="$(dirname "${file}")"
-	for file in "${SUFFIX2}"/*; do
+		printf "%s\t%s\n" "${basename}" "${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${suffix}/${GREEN}${basename}${RESET}"
 		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX2})"
 	done
 	popd >/dev/null
-done | sort
+done | sort | cut -f2-
 popd >/dev/null
--- a/contrib/push_pkg.sh
+++ b/contrib/push_pkg.sh
@ -48,7 +48,7 @@ shift $(( OPTIND - 1 ))
 if [ "$build_only" -eq 0 ]; then
 	remote_info=$(ssh -p "${ssh_port}" "root@${ssh_host}" '
 		source /etc/os-release
-		printf "%s\t%s\n" "$OPENWRT_BOARD" "$OPENWRT_ARCH"
+		printf "%s\\t%s\\n" "$OPENWRT_BOARD" "$OPENWRT_ARCH"
 	')
 	REMOTE_OPENWRT_BOARD="$(echo "$remote_info" | cut -f 1)"
 	REMOTE_OPENWRT_ARCH="$(echo "$remote_info" | cut -f 2)"
@ -92,7 +92,7 @@ while [ $# -gt 0 ]; do
 	opkg_packages="$(make TOPDIR="${topdir}" -C "${pkgdir}" DUMP=1 | awk '/^Package: / { print $2 }')"
 	search_package() {
-		find "$2" -name "$1_*.ipk" -printf "%f\n"
+		find "$2" -name "$1_*.ipk" -printf '%f\n'
 	}
 	make TOPDIR="${topdir}" -C "${pkgdir}" clean
--- a/docs/dev/basics.rst
+++ b/docs/dev/basics.rst
@ -23,6 +23,7 @@ webbrowser. You're welcome to join us!
 .. _hackint: https://hackint.org/
 .. _webchat: https://webirc.hackint.org/#irc://irc.hackint.org/#gluon
 .. _working-with-repositories:
 Working with repositories
 -------------------------
@ -32,7 +33,7 @@ rerun
 ::
-	make update
+  make update
 `make update` also applies the patches that can be found in the directories found in
 `patches`; the resulting branch will be called `patched`, while the commit specified in `modules`
@ -44,7 +45,7 @@ using
 ::
-	make update-patches
+  make update-patches
 If applying a patch fails because you have changed the base commit, the repository will be reset to the old `patched` branch
 and you can try rebasing it onto the new `base` branch yourself and after that call `make update-patches` to fix the problem.
@ -54,7 +55,7 @@ commits, making `git reflog` the only way to recover them!
 ::
-	make refresh-patches
+  make refresh-patches
 In order to refresh patches when updating feeds or the OpenWrt base, `make refresh-patches` applies and updates all of their patches without installing feed packages to the OpenWrt buildsystem.
--- a/docs/dev/debugging.rst
+++ b/docs/dev/debugging.rst
@ -32,12 +32,12 @@ The tooling is contained in the kernel source tree in the file
 `decode_stacktrace.sh <https://github.com/torvalds/linux/blob/master/scripts/decode_stacktrace.sh>`__.
 This file and the needed source tree are available in the directory: ::
-    openwrt/build_dir/target-<architecture>/linux-<architecture>/linux-<version>/
+  openwrt/build_dir/target-<architecture>/linux-<architecture>/linux-<version>/
 .. note::
-   Make sure to use a kernel tree that matches the version and patches
+  Make sure to use a kernel tree that matches the version and patches
-   that was used to build the kernel.
+  that was used to build the kernel.
-   If in doubt just re-build the images for the target.
+  If in doubt just re-build the images for the target.
 Some more information on how to use this tool can be found at
 `LWN <https://lwn.net/Articles/592724/>`__.
@ -48,4 +48,4 @@ Obtaining Stacktraces
 On many targets stacktraces can be read from the following
 location after reboot: ::
-    /sys/kernel/debug/crashlog
+  /sys/kernel/debug/crashlog
--- a/docs/dev/packages.rst
+++ b/docs/dev/packages.rst
@ -9,13 +9,16 @@ Development workflow
 When you are developing packages, it often happens that you iteratively want to deploy
 and verify the state your development. There are two ways to verify your changes:
-1) One way is to rebuild the complete firmware, flash it, configure it and verify your
+1)
-   development then. This usually takes at least a few minutes to get your changes
+  One way is to rebuild the complete firmware, flash it, configure it and verify your
-   working so you can test them. Especially if you iterate a lot, this becomes tedious.
+  development then. This usually takes at least a few minutes to get your changes
-2) Another way is to rebuild only the package you are currently working on and
+  working so you can test them. Especially if you iterate a lot, this becomes tedious.
-   to deploy this package to your test system. Here not even a reboot is required.
+
-   This makes iterating relatively fast. Your test system could be real hardware or
+2)
-   even a qemu in most cases.
+  Another way is to rebuild only the package you are currently working on and
  to deploy this package to your test system. Here not even a reboot is required.
  This makes iterating relatively fast. Your test system could be real hardware or
  even a qemu in most cases.
 Gluon provides scripts to enhance workflow 2). Here is an example illustrating
 the workflow using these scripts:
--- a/docs/features/autoupdater.rst
+++ b/docs/features/autoupdater.rst
@ -99,16 +99,16 @@ These commands can be used on a node:
 ::
-   # Update with some probability
+  # Update with some probability
-   autoupdater
+  autoupdater
 ::
-   # Force update check, even when the updater is disabled
+  # Force update check, even when the updater is disabled
-   autoupdater -f
+  autoupdater -f
 ::
-   # If fallback is true the updater will perform an update only if the timespan
+  # If fallback is true the updater will perform an update only if the timespan
-   # PRIORITY days (as defined in the manifest) and another 24h have passed
+  # PRIORITY days (as defined in the manifest) and another 24h have passed
-   autoupdater --fallback
+  autoupdater --fallback
--- a/docs/features/multidomain.rst
+++ b/docs/features/multidomain.rst
@ -21,18 +21,18 @@ Overview
 Multidomain support allows to build a single firmware with multiple,
 switchable domain configurations. The nomenclature is as follows:
-  ``site``: an aggregate over multiple domains
+- ``site``: an aggregate over multiple domains
-  ``domain``: mesh network with connectivity parameters that prevent
+- ``domain``: mesh network with connectivity parameters that prevent
-   accidental bridging with other domains
+  accidental bridging with other domains
-  ``domain code``: unique domain identifier
+- ``domain code``: unique domain identifier
-  ``domain name``: pretty name for a domain code
+- ``domain name``: pretty name for a domain code
 By default Gluon builds firmware with a single domain embedded into
 ``site.conf``. To use multiple domains, enable it in ``site.mk``:
 ::
-    GLUON_MULTIDOMAIN=1
+  GLUON_MULTIDOMAIN=1
 In the site repository, create the ``domains/`` directory, which will
 hold your domain configurations. Each domain configuration file is named
@ -41,26 +41,26 @@ supported.
 ::
-    site/
+  site/
-    |-- site.conf
+  |-- site.conf
-    |-- site.mk
+  |-- site.mk
-    |-- i18n/
+  |-- i18n/
-    |-- domains/
+  |-- domains/
-      |-- alpha_centauri.conf
+    |-- alpha_centauri.conf
-      |-- beta_centauri.conf
+    |-- beta_centauri.conf
-      |-- gamma_centauri.conf
+    |-- gamma_centauri.conf
 The domain configuration ``alpha_centauri.conf`` could look like this.
 ::
-    {
+  {
-      domain_names = {
+    domain_names = {
-        alpha_centauri = 'Alpha Centauri'
+      alpha_centauri = 'Alpha Centauri'
-      },
+    },
-      -- more domain specific config follows below
+    -- more domain specific config follows below
-    }
+  }
 In this example “Alpha Centauri” is the user-visible ``domain_name`` for the
 domain_code ``alpha_centauri``. Also note that the domain code
@ -93,12 +93,12 @@ Via commandline
 ::
-    gluon-switch-domain 'newdomaincode'
+  gluon-switch-domain 'newdomaincode'
 When the node is not in config mode, ``gluon-switch-domain`` will automatically
 reboot the node by default. This can be suppressed by passing ``--no-reboot``::
-    gluon-switch-domain --no-reboot 'newdomaincode'
+  gluon-switch-domain --no-reboot 'newdomaincode'
 Switching the domain without reboot is currently **experimental**.
@ -123,115 +123,115 @@ site or domain context.
 site.conf only variables
 ^^^^^^^^^^^^^^^^^^^^^^^^
-  Used in as initial default values, when the firmware was just flashed
+- Used in as initial default values, when the firmware was just flashed
-   and/or the config mode is skipped, so they do not make sense in a
+  and/or the config mode is skipped, so they do not make sense in a
-   domain specific way:
+  domain specific way:
-   -  authorized_keys
+  - authorized_keys
-   -  default_domain
+  - default_domain
-   -  poe_passthrough
+  - poe_passthrough
-   -  mesh_on_wan
+  - mesh_on_wan
-   -  mesh_on_lan
+  - mesh_on_lan
-   -  single_as_lan
+  - single_as_lan
-   -  setup_mode.skip
+  - setup_mode.skip
-   -  autoupdater.branch
+  - autoupdater.branch
-   -  mesh_vpn.enabled
+  - mesh_vpn.enabled
-   -  mesh_vpn.pubkey_privacy
+  - mesh_vpn.pubkey_privacy
-   -  mesh_vpn.bandwidth_limit
+  - mesh_vpn.bandwidth_limit
-   -  mesh_vpn.bandwidth_limit.enabled
+  - mesh_vpn.bandwidth_limit.enabled
-   -  mesh_vpn.bandwidth_limit.ingress
+  - mesh_vpn.bandwidth_limit.ingress
-   -  mesh_vpn.bandwidth_limit.egress
+  - mesh_vpn.bandwidth_limit.egress
-  Variables that influence the appearance of the config mode,
+- Variables that influence the appearance of the config mode,
-   domain-independent because they are relevant before a domain was selected.
+  domain-independent because they are relevant before a domain was selected.
-   -  config_mode.geo_location.show_altitude
+  - config_mode.geo_location.show_altitude
-   -  config_mode.hostname.optional
+  - config_mode.hostname.optional
-   -  config_mode.remote_login
+  - config_mode.remote_login
-   -  config_mode.remote_login.show_password_form
+  - config_mode.remote_login.show_password_form
-   -  config_mode.remote_login.min_password_length
+  - config_mode.remote_login.min_password_length
-   -  hostname_prefix
+  - hostname_prefix
-   -  mesh_vpn.fastd.configurable
+  - mesh_vpn.fastd.configurable
-   -  roles.default
+  - roles.default
-   -  roles.list
+  - roles.list
-  Specific to a firmware build itself:
+- Specific to a firmware build itself:
-   -  site_code
+  - site_code
-   -  site_name
+  - site_name
-   -  autoupdater.branches.*.name
+  - autoupdater.branches.*.name
-   -  autoupdater.branches.*.good_signatures
+  - autoupdater.branches.*.good_signatures
-   -  autoupdater.branches.*.pubkeys
+  - autoupdater.branches.*.pubkeys
-  We simply do not see any reason, why these variables could be helpful
+- We simply do not see any reason, why these variables could be helpful
-   in a domain specific way:
+  in a domain specific way:
-   -  mesh_vpn.fastd.syslog_level
+  - mesh_vpn.fastd.syslog_level
-   -  timezone
+  - timezone
-   -  regdom
+  - regdom
 domain.conf only variables
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
-  Obviously:
+- Obviously:
-   -  domain_names
+  - domain_names
-      -  a table of domain codes to domain names
+    - a table of domain codes to domain names
-         ``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }``
+      ``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }``
-   -  hide_domain
+  - hide_domain
-      -  prevents a domain name(s) from appearing in config mode, either
+    - prevents a domain name(s) from appearing in config mode, either
-         boolean or array of domain codes
+      boolean or array of domain codes
-         -  ``true``, ``false``
+      - ``true``, ``false``
-         -  ``{ 'foo', 'bar' }``
+      - ``{ 'foo', 'bar' }``
-  Because each domain is considered as an own layer 2 network, these
+- Because each domain is considered a separate layer 2 network, these
-   values should be different in each domain:
+  values should be different in each domain:
-   -  next_node.ip4
+  - next_node.ip4
-   -  next_node.ip6
+  - next_node.ip6
-   -  next_node.name
+  - next_node.name
-   -  prefix6
+  - prefix6
-   -  prefix4
+  - prefix4
-   -  extra_prefixes6
+  - extra_prefixes6
-  To prevent accidental bridging of different domains, all meshing
+- To prevent accidental bridging of different domains, all meshing
-   technologies should be separated:
+  technologies should be separated:
-   -  domain_seed (wired mesh)
+  - domain_seed (wired mesh)
-      -  must be a random value used to derive the vxlan id for wired meshing
+    - must be a random value used to derive the vxlan id for wired meshing
-   -  wifi*.mesh.id
+  - wifi*.mesh.id
-   -  mesh_vpn.fastd.groups.*.peers.remotes
+  - mesh_vpn.fastd.groups.*.peers.remotes
-   -  mesh_vpn.fastd.groups.*.peers.key
+  - mesh_vpn.fastd.groups.*.peers.key
-   -  mesh_vpn.tunneldigger.brokers
+  - mesh_vpn.tunneldigger.brokers
-  Clients consider WiFi networks sharing the same ESSID as if they were
+- Clients consider WiFi networks sharing the same ESSID as if they were
-   the same L2 network and try to reconfirm and reuse previous
+  the same L2 network and try to reconfirm and reuse previous
-   addressing. If multiple neighbouring domains shared the same ESSID,
+  addressing. If multiple neighbouring domains shared the same ESSID,
-   the roaming experience of clients would degrade.
+  the roaming experience of clients would degrade.
-   -  wifi*.ap.ssid
+  - wifi*.ap.ssid
-  Some values should be only set in legacy domains and not in new domains.
+- Some values should be only set in legacy domains and not in new domains.
-   -  mesh.vxlan
+  - mesh.vxlan
-      -  By default, this value is `true`. It should be only set to `false`
+    - By default, this value is `true`. It should be only set to `false`
-         for one legacy domain, since vxlan prevents accidental wired
+      for one legacy domain, since vxlan prevents accidental wired
-         merges of domains. For old domains this value is still available
+      merges of domains. For old domains this value is still available
-         to keep compatibility between all nodes in one domain.
+      to keep compatibility between all nodes in one domain.
-   -  next_node.mac
+  - next_node.mac
-      -  For new domains, the default value should be used, since there is
+    - For new domains, the default value should be used, since there is
-         no need for a special mac (or domain specific mac). For old domains
+      no need for a special mac (or domain specific mac). For old domains
-         this value is still available to keep compatibility between all
+      this value is still available to keep compatibility between all
-         nodes in one domain.
+      nodes in one domain.
 Example config
 --------------
--- a/docs/features/vpn.rst
+++ b/docs/features/vpn.rst
@ -52,6 +52,6 @@ socket can be interrogated, after installing for example `socat`.
 ::
-       opkg update
+  opkg update
-       opkg install socat
+  opkg install socat
-       socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket
+  socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket
--- a/docs/multidomain-site-example/site.mk
+++ b/docs/multidomain-site-example/site.mk
@ -58,6 +58,3 @@ GLUON_REGION ?= eu
 # Languages to include
 GLUON_LANGS ?= en de
 # Do not build images for deprecated devices
 GLUON_DEPRECATED ?= 0
--- a/docs/package/gluon-mesh-batman-adv.rst
+++ b/docs/package/gluon-mesh-batman-adv.rst
@ -2,7 +2,7 @@ gluon-mesh-batman-adv
 =====================
 .. image:: gluon-mesh-batman-adv-logo.svg
-   :width: 300 px
+  :width: 300 px
 B.A.T.M.A.N. Advanced (often referenced as batman-adv) is an implementation of
 the B.A.T.M.A.N. routing protocol in form of a linux kernel module operating on layer 2.
@ -47,7 +47,7 @@ Multicast Architecture
 ----------------------
 .. image:: gluon-mesh-batman-adv-multicast.svg
-   :width: 300 px
+  :width: 300 px
 While generally broadcast capability is a nice feature of a layer 2
 mesh protocol, it quickly reaches its limit.
--- a/docs/package/gluon-scheduled-domain-switch.rst
+++ b/docs/package/gluon-scheduled-domain-switch.rst
@ -15,15 +15,15 @@ site.conf
 All those settings have to be defined exclusively in the domain, not the site.
 domain_switch : optional (needed for domains to switch)
-    target_domain :
+  target_domain :
-        - target domain to switch to
+    - target domain to switch to
-    switch_after_offline_mins :
+  switch_after_offline_mins :
-        - amount of time without reachable gateway to switch unconditionally
+    - amount of time without reachable gateway to switch unconditionally
-    switch_time :
+  switch_time :
-        - UNIX epoch after which domain will be switched
+    - UNIX epoch after which domain will be switched
-    connection_check_targets :
+  connection_check_targets :
-        - array of IPv6 addresses which are probed to determine if the node is
+    - array of IPv6 addresses which are probed to determine if the node is
-	  connected to the mesh
+      connected to the mesh
 Example::
--- a/docs/releases/v2015.1.rst
+++ b/docs/releases/v2015.1.rst
@ -170,16 +170,16 @@ Site changes
    for example::
      fastd_mesh_vpn = {
-          methods = {'salsa2012+umac'},
+        methods = {'salsa2012+umac'},
-          mtu = 1426,
+        mtu = 1426,
-          groups = {
+        groups = {
-              backbone = {
+          backbone = {
-                  limit = 2,
+            limit = 2,
-                  peers = {
+            peers = {
-                      -- ...
+              -- ...
-                  }
+            }
              }
          }
        }
      }
  - ``config_mode``: The config mode messages aren't configured in ``site.conf`` anymore. Instead, they are
@ -190,11 +190,11 @@ Site changes
    in the site i18n files. The ``site.conf`` section becomes::
      roles = {
-          default = 'foo',
+        default = 'foo',
-          list = {
+        list = {
-              'foo',
+          'foo',
-              'bar',
+          'bar',
-          }
+        }
      }
    The display string use i18n message IDs like ``gluon-luci-node-role:role:foo`` and ``gluon-luci-node-role:role:bar``.
--- a/docs/releases/v2016.1.5.rst
+++ b/docs/releases/v2016.1.5.rst
@ -9,21 +9,21 @@ ar71xx-generic
 * OpenMesh
- - MR600 (v1, v2)
+  - MR600 (v1, v2)
- - MR900 (v1, v2)
+  - MR900 (v1, v2)
- - OM2P (v1, v2)
+  - OM2P (v1, v2)
- - OM2P-HS (v1, v2)
+  - OM2P-HS (v1, v2)
- - OM2P-LC
+  - OM2P-LC
- - OM5P
+  - OM5P
- - OM5P-AN
+  - OM5P-AN
 * Ubiquiti
- - Rocket M XW
+  - Rocket M XW
 * TP-LINK
- - TL-WR841N/ND v11
+  - TL-WR841N/ND v11
 Bugfixes
 ~~~~~~~~
--- a/docs/releases/v2019.1.1.rst
+++ b/docs/releases/v2019.1.1.rst
@ -30,13 +30,15 @@ Known issues
 * The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/releases/v2019.1.2.rst
+++ b/docs/releases/v2019.1.2.rst
@ -26,13 +26,15 @@ Known issues
 * The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/releases/v2019.1.3.rst
+++ b/docs/releases/v2019.1.3.rst
@ -36,13 +36,15 @@ Known issues
 * The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/releases/v2019.1.rst
+++ b/docs/releases/v2019.1.rst
@ -73,8 +73,8 @@ ramips-mt7621
 .. note::
-    The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt
+  The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt
-    release yet. You might have to update your build scripts accordingly.
+  release yet. You might have to update your build scripts accordingly.
@ -109,20 +109,20 @@ have outdoor mode automatically enabled during their initial setup, specifically
 * Ubiquiti
-    - Bullet M
+  - Bullet M
-    - Litebeam M5
+  - Litebeam M5
-    - Nanostation M5
+  - Nanostation M5
-    - Nanostation M5 Loco
+  - Nanostation M5 Loco
-    - Rocket M5
+  - Rocket M5
-    - Rocket M5 TI
+  - Rocket M5 TI
-    - Unifi AC Mesh
+  - Unifi AC Mesh
-    - Unifi AC Mesh Pro
+  - Unifi AC Mesh Pro
-    - Unifi Outdoor
+  - Unifi Outdoor
 * TP-Link
-    - CPE510
+  - CPE510
-    - WBS510
+  - WBS510
 See the :ref:`wifi5 <user-site-wifi5>` section for the *site.conf* configuration of this feature.
@ -253,13 +253,15 @@ Known issues
 * The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/releases/v2020.1.1.rst
+++ b/docs/releases/v2020.1.1.rst
@ -25,13 +25,15 @@ Known issues
 - The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/releases/v2020.1.2.rst
+++ b/docs/releases/v2020.1.2.rst
@ -50,13 +50,15 @@ Known issues
 - The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/releases/v2020.1.3.rst
+++ b/docs/releases/v2020.1.3.rst
@ -30,13 +30,15 @@ Known issues
 - The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/releases/v2020.1.rst
+++ b/docs/releases/v2020.1.rst
@ -11,80 +11,80 @@ Added hardware support
 ath79-generic
 ~~~~~~~~~~~~~
-  devolo WiFi pro 1200e
+- devolo WiFi pro 1200e
-  devolo WiFi pro 1200i
+- devolo WiFi pro 1200i
-  devolo WiFi pro 1750c
+- devolo WiFi pro 1750c
-  devolo WiFi pro 1750e
+- devolo WiFi pro 1750e
-  devolo WiFi pro 1750i
+- devolo WiFi pro 1750i
-  devolo WiFi pro 1750x
+- devolo WiFi pro 1750x
-  GL.iNet GL-AR300M-Lite
+- GL.iNet GL-AR300M-Lite
-  OCEDO Raccoon
+- OCEDO Raccoon
-  TP-Link Archer C6 v2
+- TP-Link Archer C6 v2
 ipq40xx-generic
 ~~~~~~~~~~~~~~~
-  Aruba AP-303
+- Aruba AP-303
-  Aruba Instant On AP11
+- Aruba Instant On AP11
-  AVM FRITZ!Repeater 1200
+- AVM FRITZ!Repeater 1200
 ipq806x-generic
 ~~~~~~~~~~~~~~~
-  Netgear R7800
+- Netgear R7800
 lantiq-xway
 ~~~~~~~~~~~
-  AVM FRITZ!Box 7312
+- AVM FRITZ!Box 7312
-  AVM FRITZ!Box 7320
+- AVM FRITZ!Box 7320
-  AVM FRITZ!Box 7330
+- AVM FRITZ!Box 7330
-  AVM FRITZ!Box 7330 SL
+- AVM FRITZ!Box 7330 SL
 lantiq-xrx200
 ~~~~~~~~~~~~~
-  AVM FRITZ!Box 7360 (v1, v2)
+- AVM FRITZ!Box 7360 (v1, v2)
-  AVM FRITZ!Box 7360 SL
+- AVM FRITZ!Box 7360 SL
-  AVM FRITZ!Box 7362 SL
+- AVM FRITZ!Box 7362 SL
-  AVM FRITZ!Box 7412
+- AVM FRITZ!Box 7412
 mpc85xx-p1020
 ~~~~~~~~~~~~~
-  Enterasys WS-AP3710i
+- Enterasys WS-AP3710i
-  OCEDO Panda
+- OCEDO Panda
 ramips-mt7620
 ~~~~~~~~~~~~~
-  TP-Link Archer C2 (v1)
+- TP-Link Archer C2 (v1)
-  TP-Link Archer C20 (v1)
+- TP-Link Archer C20 (v1)
-  TP-Link Archer C20i
+- TP-Link Archer C20i
-  TP-Link Archer C50 (v1)
+- TP-Link Archer C50 (v1)
-  Xiaomi MiWifi Mini
+- Xiaomi MiWifi Mini
 ramips-mt7621
 ~~~~~~~~~~~~~
-  Netgear EX6150 (v1)
+- Netgear EX6150 (v1)
-  Netgear R6220
+- Netgear R6220
 ramips-mt76x8
 ~~~~~~~~~~~~~
-  GL.iNet VIXMINI
+- GL.iNet VIXMINI
-  TP-Link TL-MR3020 (v3)
+- TP-Link TL-MR3020 (v3)
-  TP-Link TL-WA801ND (v5)
+- TP-Link TL-WA801ND (v5)
-  TP-Link TL-WR902AC (v3)
+- TP-Link TL-WR902AC (v3)
 Removed hardware support
 ------------------------
-  ALFA Network Hornet-UB [#kernelpartition_too_small]_
+- ALFA Network Hornet-UB [#kernelpartition_too_small]_
-  ALFA Network Tube2H [#kernelpartition_too_small]_
+- ALFA Network Tube2H [#kernelpartition_too_small]_
-  ALFA Network N2 [#kernelpartition_too_small]_
+- ALFA Network N2 [#kernelpartition_too_small]_
-  ALFA Network N5 [#kernelpartition_too_small]_
+- ALFA Network N5 [#kernelpartition_too_small]_
 .. [#kernelpartition_too_small]
  The kernel partition on this device is too small to build a working image.
@ -162,8 +162,8 @@ Site changes
 site.mk
 ~~~~~~~
-  The ``GLUON_WLAN_MESH`` variable can be dropped, as 802.11s is
+- The ``GLUON_WLAN_MESH`` variable can be dropped, as 802.11s is
-   the only supported wireless transport from now on.
+  the only supported wireless transport from now on.
 Internals
 ---------
@ -206,13 +206,15 @@ Known issues
 * The integration of the BATMAN_V routing algorithm is incomplete.
-   - | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+  - Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
     | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
     | metric.
-   - | Throughput values are not correctly acquired for different interface types.
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
-     | (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    metric.
-     | This affects virtual interface types like bridges and VXLAN.
+
  - Throughput values are not correctly acquired for different interface types.
    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
    This affects virtual interface types like bridges and VXLAN.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
  (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@ -1 +1 @@
-sphinx-rtd-theme==0.5.2
+sphinx-rtd-theme==1.0.0
--- a/docs/site-example/site.mk
+++ b/docs/site-example/site.mk
@ -55,6 +55,3 @@ GLUON_REGION ?= eu
 # Languages to include
 GLUON_LANGS ?= en de
 # Do not build images for deprecated devices
 GLUON_DEPRECATED ?= 0
--- a/docs/user/getting_started.rst
+++ b/docs/user/getting_started.rst
@ -40,6 +40,12 @@ freshly installed Debian Stretch system the following packages are required:
 * `time` (built-in `time` doesn't work)
 * `qemu-utils`
 We also provide a container environment that already tracks all these dependencies. It quickly gets you up and running, if you already have either Docker or Podman installed locally.
 ::
  ./scripts/container.sh
 Building the images
 -------------------
@ -48,31 +54,31 @@ version you'd like to checkout, e.g. *v2021.1*.
 ::
-    git clone https://github.com/freifunk-gluon/gluon.git gluon -b RELEASE
+  git clone https://github.com/freifunk-gluon/gluon.git gluon -b RELEASE
 This command will create a directory named *gluon/*.
 It might also tell a scary message about being in a *detached state*.
 **Don't panic!** Everything's fine.
 Now, enter the freshly created directory::
-    cd gluon
+  cd gluon
 It's time to add (or create) your site configuration. If you already
 have a site repository, just clone it::
-   git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site
+  git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site
 If you want to build a new site, create a new git repository *site/*::
-    mkdir site
+  mkdir site
-    cd site
+  cd site
-    git init
+  git init
 Copy *site.conf*, *site.mk* and *i18n* from *docs/site-example*::
-    cp ../docs/site-example/site.conf .
+  cp ../docs/site-example/site.conf .
-    cp ../docs/site-example/site.mk .
+  cp ../docs/site-example/site.mk .
-    cp -r ../docs/site-example/i18n .
+  cp -r ../docs/site-example/i18n .
 Edit these files as you see fit and commit them into the site repository.
 Extensive documentation about the site configuration can be found at:
@ -80,11 +86,11 @@ Extensive documentation about the site configuration can be found at:
 site directory should always be a git repository by itself; committing site-specific files
 to the Gluon main repository should be avoided, as it will make updates more complicated.
-Next go back to the top-level Gluon directory and build Gluon::
+Next go back to the top-level Gluon directory and build Gluon\ [#make_update]_::
-    cd ..
+  cd ..
-    make update                        # Get other repositories used by Gluon
+  make update                       # Get other repositories used by Gluon
-    make GLUON_TARGET=ath79-generic   # Build Gluon
+  make GLUON_TARGET=ath79-generic   # Build Gluon
 In case of errors read the messages carefully and try to fix the stated issues
 (e.g. install missing tools not available or look for Troubleshooting_ in the wiki.
@ -96,9 +102,9 @@ To see a complete list of supported targets, call ``make`` without setting ``GLU
 To build all targets use a loop like this::
-    for TARGET in $(make list-targets); do
+  for TARGET in $(make list-targets); do
-      make GLUON_TARGET=$TARGET
+    make GLUON_TARGET=$TARGET
-    done
+  done
 You should generally reserve 5GB of disk space and additionally about 10GB for each `GLUON_TARGET`.
@ -111,7 +117,7 @@ system.
 of multiple copies of the same image. If your webserver's configuration prohibits following
 symlinks, you can use the following command to resolve these links while copying the images::
-    cp -rL output/images /var/www
+  cp -rL output/images /var/www
 The directory `output/debug` contains a compressed kernel image for each
 architecture.
@ -119,19 +125,29 @@ These can be used for debugging and should be stored along with the images to
 allow debugging of kernel problems on devices in the field.
 See :ref:`Debugging <dev-debugging-kernel-oops>` for more information.
 .. rubric:: Footnotes
 .. [#make_update] ``make update`` only needs to be called again after updating the
  Gluon repository (using ``git pull`` or similar) or after changing branches,
  not for each build. Running it more often than necessary is undesirable, as
  the update will take some time, and may undo manual modifications of the
  external repositories while developing on Gluon.
  See :ref:`working-with-repositories` for more information.
 Cleaning the build tree
 .......................
 There are two levels of `make clean`::
-    make clean GLUON_TARGET=ath79-generic
+  make clean GLUON_TARGET=ath79-generic
 will ensure all packages are rebuilt for a single target. This is usually not
 necessary, but may fix certain kinds of build failures.
 ::
-    make dirclean
+  make dirclean
 will clean the entire tree, so the toolchain will be rebuilt as well, which will take a while.
@ -197,7 +213,7 @@ GLUON_DEPRECATED
  Usually, devices are deprecated because their flash size is insufficient to
  support future Gluon versions. The recommended setting is ``0`` for new sites,
  and ``upgrade`` for existing configurations (where upgrades for existing
-  deployments of low-flash devices are required).
+  deployments of low-flash devices are required). Defaults to ``0``.
 GLUON_LANGS
  Space-separated list of languages to include for the config mode/advanced settings. Defaults to ``en``.
--- a/docs/user/site.rst
+++ b/docs/user/site.rst
--- a/docs/user/supported_devices.rst
+++ b/docs/user/supported_devices.rst
@ -44,6 +44,7 @@ ath79-generic
 * TP-Link
  - Archer A7 (v5)
  - Archer C6 (v2)
  - CPE220 (v3.0)
  - CPE510 (v2.0)
--- a/8
+++ b/8
@ -2,15 +2,15 @@ GLUON_FEEDS='packages routing gluon'
 OPENWRT_REPO=https://github.com/openwrt/openwrt.git
 OPENWRT_BRANCH=openwrt-21.02
-OPENWRT_COMMIT=dec9e8395605d9ff3f1eb09f9dfb7d743939ee37
+OPENWRT_COMMIT=97b95ef8b9186518cda6f2d3cec8a01860fae2e7
 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
 PACKAGES_PACKAGES_BRANCH=openwrt-21.02
-PACKAGES_PACKAGES_COMMIT=f71a9c91cb44f4e50fbfb53ce5666fa0097d61a0
+PACKAGES_PACKAGES_COMMIT=444b64e36cfb9d1dbbb6733bd713aacd2f91a821
 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git
 PACKAGES_ROUTING_BRANCH=openwrt-21.02
-PACKAGES_ROUTING_COMMIT=da7d7a0255efec87c1b0a511d6082e86754cba7e
+PACKAGES_ROUTING_COMMIT=c2e138d49fa4796ab03f0eadb7b4d37aac75498a
 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
-PACKAGES_GLUON_COMMIT=52d7ac4aea7dc17c639c96ad9e179137ca66e614
+PACKAGES_GLUON_COMMIT=308166e3c6b2d571606dd1dbfadd2bb8e31d8f90
--- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless
+++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless
@ -1,6 +1,5 @@
 #!/usr/bin/lua
 local platform = require 'gluon.platform'
 local wireless = require 'gluon.wireless'
 local uci = require('simple-uci').cursor()
@ -52,7 +51,7 @@ local function configure_owe(radio, index, config, radio_name)
 	-- Don't configure OWE in case our device
 	-- can't do MFP, as it's mandatory for OWE.
-	if not platform.device_supports_mfp(uci) then
+	if not wireless.device_supports_mfp(uci) then
 		return
 	end
@ -80,7 +79,7 @@ local function configure_owe_transition_mode(config, radio_name)
 	-- Don't configure OWE in case our device
 	-- can't do MFP, as it's mandatory for OWE.
-	if not platform.device_supports_mfp(uci) then
+	if not wireless.device_supports_mfp(uci) then
 		return
 	end
--- a/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua
+++ b/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua
@ -2,7 +2,7 @@ return function(form, uci)
 	local platform = require 'gluon.platform'
 	local wireless = require 'gluon.wireless'
-	if not (platform.is_outdoor_device() and platform.device_uses_11a(uci)) then
+	if not (platform.is_outdoor_device() and wireless.device_uses_11a(uci)) then
 		-- only visible on wizard for outdoor devices
 		return
 	end
@ -31,7 +31,7 @@ return function(form, uci)
 			if data == false then
 				local mesh_ifaces_5ghz = {}
 				uci:foreach('wireless', 'wifi-device', function(config)
-					if config.hwmode ~= '11a' and config.hwmode ~= '11na' then
+					if config.band ~= '5g' then
 						return
 					end
--- a/package/gluon-core/Makefile
+++ b/package/gluon-core/Makefile
@ -31,7 +31,6 @@ endef
 define Package/gluon-core/conffiles
 /etc/config/gluon
 /etc/config/gluon-core
 endef
 define Package/gluon-core/install
--- a/package/gluon-core/files/etc/config/gluon-core
+++ b/package/gluon-core/files/etc/config/gluon-core
@ -1 +0,0 @@
 config wireless
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/001-upgrade
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/001-upgrade
@ -1,10 +0,0 @@
 #!/usr/bin/lua
 local sysconfig = require 'gluon.sysconfig'
 local unistd = require 'posix.unistd'
 if unistd.access('/lib/gluon/version/core') and not sysconfig.gluon_version then
  -- This isn't an initial upgrade, so set gluon_version
  sysconfig.gluon_version = ''
 end
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/005-wireless-migration
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/005-wireless-migration
@ -0,0 +1,20 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 -- Migration from hwmode to band (OpenWrt 21.02)
 -- Use uci:foreach(), as wireless.foreach_radio() depends on band already being set
 uci:foreach('wireless', 'wifi-device', function(radio)
 	local radio_name = radio['.name']
 	local hwmode = radio.hwmode
 	if not radio.band then
 		if hwmode == '11g' or hwmode == '11ng' then
 			uci:set('wireless', radio_name, 'band', '2g')
 		elseif hwmode == '11a' or hwmode == '11na' then
 			uci:set('wireless', radio_name, 'band', '5g')
 		end
 	end
 	uci:delete('wireless', radio_name, 'hwmode')
 end)
 uci:save('wireless')
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac
@ -74,6 +74,7 @@ local primary_addrs = {
 		{'ath79', 'generic', {
 			'glinet,gl-ar750s-nor',
 			'ocedo,raccoon',
 			'tplink,archer-a7-v5',
 			'tplink,archer-c2-v3',
 			'tplink,archer-d50-v1',
 		}},
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces
@ -50,7 +50,11 @@ end
 local lan_ifname = iface_exists(lan_interfaces)
 local wan_ifname = iface_exists(wan_interfaces)
-if platform.match('lantiq') then
+if platform.match('ath79', 'generic', {
 	'tplink,wbs210-v2',
 }) then
 	lan_ifname, wan_ifname = wan_ifname, lan_ifname
 elseif platform.match('lantiq') then
 	local switch_data = board_data.switch or {}
 	local switch0_data = switch_data.switch0 or {}
 	local roles_data = switch0_data.roles or {}
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/180-outdoors
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/180-outdoors
@ -13,6 +13,7 @@ end
 local sysconfig = require 'gluon.sysconfig'
 local platform = require 'gluon.platform'
 local wireless = require 'gluon.wireless'
 local config = site.wifi5.outdoors('preset')
 local outdoor
@ -22,7 +23,7 @@ if sysconfig.gluon_version then
 	outdoor = false
 elseif config == 'preset' then
 	-- enable outdoor mode through presets on new installs
-	outdoor = platform.is_outdoor_device() and platform.device_uses_11a(uci)
+	outdoor = platform.is_outdoor_device() and wireless.device_uses_11a(uci)
 else
 	-- enable/disable outdoor mode unconditionally on new installs
 	outdoor = config
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless
@ -38,11 +38,11 @@ if not sysconfig.gluon_version then
 			if radio_band_count["band24"] <= radio_band_count["band5"] then
 				-- Assign radio to 2.4GHz band
 				radio_band_count["band24"] = radio_band_count["band24"] + 1
-				uci:set('wireless', radio_name, 'hwmode', '11g')
+				uci:set('wireless', radio_name, 'band', '2g')
 			else
 				-- Assign radio to 5GHz band
 				radio_band_count["band5"] = radio_band_count["band5"] + 1
-				uci:set('wireless', radio_name, 'hwmode', '11a')
+				uci:set('wireless', radio_name, 'band', '5g')
 			end
 		end
 	end)
@ -57,7 +57,7 @@ local function get_channel(radio, config)
 	if wireless.preserve_channels(uci) then
 		-- preserved channel always wins
 		channel = radio.channel
-	elseif  (radio.hwmode == '11a' or radio.hwmode == '11na') and is_outdoor() then
+	elseif radio.band == '5g' and is_outdoor() then
 		-- actual channel will be picked and probed from chanlist
 		channel = 'auto'
 	end
@ -66,7 +66,7 @@ local function get_channel(radio, config)
 end
 local function get_htmode(radio)
-	if (radio.hwmode == '11a' or radio.hwmode == '11na') and is_outdoor() then
+	if radio.band == '5g' and is_outdoor() then
 		local outdoor_htmode = uci:get('gluon', 'wireless', 'outdoor_' .. radio['.name'] .. '_htmode')
 		if outdoor_htmode ~= nil then
 			return outdoor_htmode
@ -207,11 +207,11 @@ wireless.foreach_radio(uci, function(radio, index, config)
 	uci:delete('wireless', radio_name, 'supported_rates')
 	uci:delete('wireless', radio_name, 'basic_rate')
-	local hwmode = radio.hwmode
+	local band = radio.band
-	if hwmode == '11g' or hwmode == '11ng' then
+	if band == '2g' then
 		uci:set('wireless', radio_name, 'legacy_rates', false)
 		configure_mesh_wireless(radio, index, config)
-	elseif (hwmode == '11a' or hwmode == '11na') then
+	elseif (band == '5g') then
 		if is_outdoor() then
 			uci:set('wireless', radio_name, 'channels', config.outdoor_chanlist())
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan
@ -22,8 +22,4 @@ if uci:get('network', 'mesh_wan', 'transitive') == nil then
 	uci:set('network', 'mesh_wan', 'transitive', true)
 end
 uci:delete('network', 'mesh_wan', 'auto')
 uci:delete('network', 'mesh_wan', 'fixed_mtu')
 uci:delete('network', 'mesh_wan', 'legacy')
 uci:save('network')
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan
@ -50,8 +50,4 @@ if uci:get('network', 'mesh_lan', 'transitive') == nil then
 	uci:set('network', 'mesh_lan', 'transitive', true)
 end
 uci:delete('network', 'mesh_lan', 'auto')
 uci:delete('network', 'mesh_lan', 'fixed_mtu')
 uci:delete('network', 'mesh_lan', 'legacy')
 uci:save('network')
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/800-migrate-batadv
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/800-migrate-batadv
@ -1,24 +0,0 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 local function migrate_iface(iface)
 	if iface.proto ~= 'batadv' or iface.mesh ~= 'bat0' then
 		return
 	end
 	local s = iface['.name']
 	uci:set('network', s, 'proto', 'gluon_mesh')
 	uci:set('network', s, 'fixed_mtu', true)
 	if iface.mesh_no_rebroadcast then
 		uci:set('network', s, 'transitive', iface.mesh_no_rebroadcast)
 	end
 	uci:delete('network', s, 'mesh')
 	uci:delete('network', s, 'mesh_no_rebroadcast')
 end
 uci:foreach('network', 'interface', migrate_iface)
 uci:save('network')
--- a/package/gluon-core/luasrc/usr/bin/gluon-info
+++ b/package/gluon-core/luasrc/usr/bin/gluon-info
@ -0,0 +1,38 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 local pretty_hostname = require 'pretty_hostname'
 local site = require 'gluon.site'
 local sysconfig = require 'gluon.sysconfig'
 local platform = require 'gluon.platform'
 local util = require 'gluon.util'
 local has_vpn, vpn = pcall(require, 'gluon.mesh-vpn')
 local pubkey
 if has_vpn and vpn.enabled() then
 	local _, active_vpn = vpn.get_active_provider()
 	if active_vpn ~= nil then
 		pubkey = active_vpn.public_key()
 	end
 end
 local values = {
 	{ 'Hostname', pretty_hostname.get(uci) },
 	{ 'MAC address', sysconfig.primary_mac },
 	{ 'Hardware model', platform.get_model() },
 	{ 'Gluon version / Site version', util.trim(util.readfile('/lib/gluon/gluon-version'))
 		.. ' / ' .. util.trim(util.readfile('/lib/gluon/site-version')) },
 	{ 'Firmware release', util.trim(util.readfile('/lib/gluon/release')) },
 	{ 'Site', site.site_name() },
 	{ 'Public VPN key', pubkey or 'n/a' },
 }
 local padTo = 24
 for _, info in ipairs(values) do
 	local labelLen = string.len(info[1]) + 1
 	print(info[1] .. ':' .. string.rep(' ', padTo - labelLen), info[2])
 end
--- a/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua
+++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua
@ -1,7 +1,5 @@
 local platform_info = require 'platform_info'
 local util = require 'gluon.util'
 local wireless = require 'gluon.wireless'
 local unistd = require 'posix.unistd'
 local M = setmetatable({}, {
@ -48,41 +46,4 @@ function M.is_outdoor_device()
 	return false
 end
 function M.device_supports_wpa3()
 	return unistd.access('/lib/gluon/features/wpa3')
 end
 function M.device_supports_mfp(uci)
 	local supports_mfp = true
 	if not M.device_supports_wpa3() then
 		return false
 	end
 	uci:foreach('wireless', 'wifi-device', function(radio)
 		local phy = wireless.find_phy(radio)
 		local phypath = '/sys/kernel/debug/ieee80211/' .. phy .. '/'
 		if not util.file_contains_line(phypath .. 'hwflags', 'MFP_CAPABLE') then
 			supports_mfp = false
 			return false
 		end
 	end)
 	return supports_mfp
 end
 function M.device_uses_11a(uci)
 	local ret = false
 	uci:foreach('wireless', 'wifi-device', function(radio)
 		if radio.hwmode == '11a' or radio.hwmode == '11na' then
 			ret = true
 			return false
 		end
 	end)
 	return ret
 end
 return M
--- a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua
+++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua
@ -112,18 +112,66 @@ function M.foreach_radio(uci, f)
 	end)
 	for index, radio in ipairs(radios) do
-		local hwmode = radio.hwmode
+		local band = radio.band
-		if hwmode == '11g' or hwmode == '11ng' then
+		if band == '2g' then
 			f(radio, index, site.wifi24)
-		elseif hwmode == '11a' or hwmode == '11na' then
+		elseif band == '5g' then
 			f(radio, index, site.wifi5)
 		end
 	end
 end
 function M.preserve_channels(uci)
-	return uci:get_first('gluon-core', 'wireless', 'preserve_channels')
+	return uci:get('gluon', 'wireless', 'preserve_channels')
 end
 function M.device_supports_wpa3()
 	return unistd.access('/lib/gluon/features/wpa3')
 end
 function M.device_supports_mfp(uci)
 	local supports_mfp = true
 	if not M.device_supports_wpa3() then
 		return false
 	end
 	uci:foreach('wireless', 'wifi-device', function(radio)
 		local phy = M.find_phy(radio)
 		local phypath = '/sys/kernel/debug/ieee80211/' .. phy .. '/'
 		if not util.file_contains_line(phypath .. 'hwflags', 'MFP_CAPABLE') then
 			supports_mfp = false
 			return false
 		end
 	end)
 	return supports_mfp
 end
 function M.device_uses_wlan(uci)
 	local ret = false
 	uci:foreach('wireless', 'wifi-device', function()
 		ret = true
 		return false
 	end)
 	return ret
 end
 function M.device_uses_11a(uci)
 	local ret = false
 	uci:foreach('wireless', 'wifi-device', function(radio)
 		if radio.band == '5g' then
 			ret = true
 			return false
 		end
 	end)
 	return ret
 end
 return M
--- a/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4
+++ b/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4
@ -1,5 +1,11 @@
-rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
+local uci = require('simple-uci').cursor()
 rule 'OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
-rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
+local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode')
-rule 'INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
+
 if gw_mode ~= 'server' then
 	rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
 	rule 'OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
 	rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
 	rule 'INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
 end
--- a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c
+++ b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c
@ -25,6 +25,8 @@
 static struct addr_store ip_store;
 static struct addr_store mac_store;
 int clock;
 char *addr_mac_ntoa(void *addr)
 {
 	return mac_ntoa((struct mac_addr *)addr);
--- a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.h
+++ b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.h
@ -8,6 +8,6 @@
 #ifndef _GLUON_ARP_LIMITER_H_
 #define _GLUON_ARP_LIMITER_H_
-int clock;
+extern int clock;
 #endif /* _GLUON_ARP_LIMITER_H_ */
--- a/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/380-gluon-l3roamd-route
+++ b/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/380-gluon-l3roamd-route
@ -1,7 +0,0 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 uci:delete('network', 'l3roam')
 uci:delete('network', 'l3roamd_client')
 uci:save('network')
--- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh
+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh
@ -6,14 +6,10 @@ local util = require 'gluon.util'
 local uci = require('simple-uci').cursor()
 local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode') or uci:get('network', 'bat0', 'gw_mode') or 'client'
 uci:delete('batman-adv-legacy', 'bat0')
 uci:save('batman-adv-legacy')
 uci:delete('batman-adv', 'bat0')
 uci:save('batman-adv')
 local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode') or 'client'
 uci:delete('network', 'gluon_bat0')
 uci:section('network', 'interface', 'gluon_bat0', {
 	proto = 'gluon_bat0',
--- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge
+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge
@ -21,10 +21,6 @@ uci:section('network', 'interface', 'client', {
 	query_response_interval = 500,
 })
 uci:delete('network', 'client_lan')
 uci:delete('network', 'local_node_route')
 uci:delete('network', 'local_node_route6')
 uci:section('network', 'route6', 'local_node_route6', {
 	interface = 'client',
@ -42,6 +38,4 @@ networks = uci:get_list('firewall', 'drop', 'network')
 util.remove_from_set(networks, 'client')
 uci:set_list('firewall', 'drop', 'network', networks)
 uci:delete('firewall', 'local_node_dns')
 uci:save('firewall')
--- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
+++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
@ -9,6 +9,11 @@ local uci = require('simple-uci').cursor()
 local syslog_level = uci:get('fastd', 'mesh_vpn', 'syslog_level') or 'verbose'
 local secret = uci:get('fastd', 'mesh_vpn', 'secret')
 if not secret or not secret:match(('%x'):rep(64)) then
 	secret = 'generate'
 end
 local methods
 if site.mesh_vpn.fastd.configurable(false) then
@ -38,6 +43,7 @@ end
 uci:section('fastd', 'fastd', 'mesh_vpn', {
 	group = 'gluon-mesh-vpn',
 	syslog_level = syslog_level,
 	secret = secret,
 	interface = vpn_core.get_interface(),
 	mode = 'tap',
 	mtu = site.mesh_vpn.mtu(),
@ -46,7 +52,6 @@ uci:section('fastd', 'fastd', 'mesh_vpn', {
 	packet_mark = 1,
 	status_socket = '/var/run/fastd.mesh_vpn.socket',
 })
 uci:delete('fastd', 'mesh_vpn', 'user')
 -- Collect list of groups that have peers with 'preserve' flag
--- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/410-mesh-vpn-fastd-generate-secret
+++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/410-mesh-vpn-fastd-generate-secret
@ -1,12 +0,0 @@
 #!/usr/bin/lua
 local uci = require 'simple-uci'
 local c = uci.cursor()
 local secret = c:get("fastd", "mesh_vpn", "secret")
 if not secret or not secret:match(("%x"):rep(64)) then
  c:set("fastd", "mesh_vpn", "secret", "generate")
  c:save("fastd")
 end
--- a/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
+++ b/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua
@ -7,7 +7,13 @@ local vpn_core = require 'gluon.mesh-vpn'
 local M = {}
 function M.public_key()
-	return util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn'))
+	local key = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn'))
 	if key == '' then
 		key = nil
 	end
 	return key
 end
 function M.enable(val)
--- a/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger
+++ b/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger
@ -7,22 +7,7 @@ local vpn_core = require 'gluon.mesh-vpn'
 local uci = require('simple-uci').cursor()
 local enabled
 -- Delete old broker config section (remove in 2019)
 if not uci:get('tunneldigger', 'mesh_vpn') then
 	if uci:get_first('tunneldigger', 'broker', 'interface') == 'mesh-vpn' then
 		enabled = uci:get_first('tunneldigger', 'broker', 'enabled')
 	end
 	-- In the usual case (no migration from old tunneldigger package), the
 	-- enabled state is set in the 500-mesh-vpn script
 	uci:delete_all('tunneldigger', 'broker')
 end
 uci:section('tunneldigger', 'broker', 'mesh_vpn', {
 	enabled = enabled,
 	uuid = util.node_id(),
 	interface = vpn_core.get_interface(),
 	bind_interface = 'br-wan',
--- a/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
+++ b/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua
@ -7,7 +7,13 @@ local vpn_core = require 'gluon.mesh-vpn'
 local M = {}
 function M.public_key()
-	return util.trim(util.exec("/lib/gluon/mesh-vpn/wireguard_pubkey.sh"))
+	local key = util.trim(util.exec("/lib/gluon/mesh-vpn/wireguard_pubkey.sh"))
 	if key == '' then
 		key = nil
 	end
 	return key
 end
 function M.enable(val)
--- a/package/gluon-node-info/luasrc/lib/gluon/upgrade/520-node-info-whitespace-fix
+++ b/package/gluon-node-info/luasrc/lib/gluon/upgrade/520-node-info-whitespace-fix
@ -1,15 +0,0 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 local util = require 'gluon.util'
 local sname = uci:get_first('gluon-node-info', 'location')
 if sname then
  local options = {'longitude', 'latitude', 'altitude'}
  for _, option in ipairs(options) do
    local value = uci:get('gluon-node-info', sname, option)
    if value then
      uci:set('gluon-node-info', sname, option, util.trim(value))
    end
  end
  uci:save('gluon-node-info')
 end
--- a/package/gluon-radvd/luasrc/lib/gluon/upgrade/500-radvd-remove-user
+++ b/package/gluon-radvd/luasrc/lib/gluon/upgrade/500-radvd-remove-user
@ -1,5 +0,0 @@
 #!/usr/bin/lua
 local users = require 'gluon.users'
 users.remove_user('gluon-radvd')
--- a/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall
+++ b/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall
@ -3,8 +3,6 @@
 local uci = require('simple-uci').cursor()
 local site = require('gluon.site')
 uci:delete('firewall', 'wan_announced')
 -- Allow respondd port on WAN to allow resolving neighbours over mesh-on-wan
 uci:section('firewall', 'rule', 'wan_respondd', {
 	name = 'wan_respondd',
--- a/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/310-setup-mode-migrate
+++ b/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/310-setup-mode-migrate
@ -1,14 +0,0 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 local old = uci:get_first('gluon-config-mode', 'wizard', 'configured')
 if old == '1' then
 	local setup_mode = uci:get_first('gluon-setup-mode', 'setup_mode')
 	uci:set('gluon-setup-mode', setup_mode, 'configured', true)
 	uci:save('gluon-setup-mode')
 end
 os.remove('/etc/config/gluon-config-mode')
--- a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html
+++ b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html
@ -1,7 +1,11 @@
 <%-
 	local iwinfo = require 'iwinfo'
 	local ubus = require 'ubus'
 	local unistd = require 'posix.unistd'
 	local util = require 'gluon.util'
 	local wireless = require 'gluon.wireless'
 	local uci = require('simple-uci').cursor()
 	local translations = {}
 	local site_i18n = i18n 'gluon-site'
@ -35,22 +39,22 @@
 		return interfaces
 	end
-	local function get_radios(uconn)
+	local function get_radios()
 		local radios = uconn:call("network.wireless", "status", {})
 		local ret = {}
-		for radio, info in pairs(radios) do
+		wireless.foreach_radio(uci, function(radio)
-			if info.up then
+			local channel = iwinfo.nl80211.channel(wireless.find_phy(radio))
 			if channel then
 				table.insert(ret, {
-					name = radio,
+					name = radio['.name'],
-					channel = info.config.channel,
+					channel = channel,
 				})
 			end
-		end
+		end)
 		table.sort(ret, function(a, b)
 			return a.name < b.name
 		end)
 		return ret
 	end
@ -72,10 +76,11 @@
 	end
 	local interfaces = get_interfaces(uconn)
 	local radios = get_radios(uconn)
 	ubus.close(uconn)
 	local radios = get_radios()
 	local function sorted(t)
 		t = {unpack(t)}
 		table.sort(t)
@ -163,10 +168,10 @@
 						<dt><%:Bandwidth limit%></dt>
 						<dd>
 							<% if nodeinfo.network.mesh_vpn.bandwidth_limit.ingress then -%>
-								▼ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.ingress*1000) %>/s <%:downstream%>
+								▼ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.ingress*1000) %>/s <%:downstream%><br />
 							<%- end %>
 							<% if nodeinfo.network.mesh_vpn.bandwidth_limit.egress then -%>
-								▲ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.egress*1000) %>/s <%:upstream%><br />
+								▲ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.egress*1000) %>/s <%:upstream%>
 							<%- end %>
 						</dd>
 						<%- end %>
--- a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/info.html
+++ b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/info.html
@ -18,17 +18,13 @@
 		if active_vpn ~= nil then
 			pubkey = active_vpn.public_key()
 		end
 		if pubkey == '' then
 			pubkey = nil
 		end
 	end
 	local values = {
 		{ _('Hostname'), pretty_hostname.get(uci) },
 		{ _('MAC address'), sysconfig.primary_mac },
 		{ _('Hardware model'), platform.get_model() },
-		{ _('Gluon version') .. " / " .. _('Site version'), util.trim(util.readfile('/lib/gluon/gluon-version')) 
+		{ _('Gluon version') .. " / " .. _('Site version'), util.trim(util.readfile('/lib/gluon/gluon-version'))
 			.. " / " .. util.trim(util.readfile('/lib/gluon/site-version')) },
 		{ _('Firmware release'), util.trim(util.readfile('/lib/gluon/release')) },
 		{ _('Site'), site.site_name() },
--- a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade.html
+++ b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade.html
@ -44,7 +44,6 @@ $Id$
 	<div class="gluon-page-actions">
 		<input type="hidden" name="step" value="2" />
 		<input type="hidden" name="token" value="<%=token%>" />
 		<input class="gluon-button gluon-button-submit" type="submit" value="<%:Upload image%>" />
 	</div>
 </form>
--- a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade_confirm.html
+++ b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade_confirm.html
@ -49,13 +49,11 @@ You may obtain a copy of the License at
  <form method="post" enctype="multipart/form-data" action="<%|url(request)%>" style="display:inline">
    <input type="hidden" name="step" value="3" />
    <input type="hidden" name="keepcfg" value="<%=keepconfig and "1" or "0"%>" />
    <input type="hidden" name="token" value="<%=token%>" />
    <input class="gluon-button gluon-button-submit" type="submit" value="<%:Continue%>" />
  </form>
  <form method="post" enctype="multipart/form-data" action="<%|url(request)%>" style="display:inline">
    <input type="hidden" name="step" value="1" />
    <input type="hidden" name="keepcfg" value="<%=keepconfig and "1" or "0"%>" />
    <input type="hidden" name="token" value="<%=token%>" />
    <input class="gluon-button gluon-button-reset" type="submit" value="<%:Cancel%>" />
  </form>
 </div>
--- a/package/gluon-web-model/files/lib/gluon/web/view/model/form.html
+++ b/package/gluon-web-model/files/lib/gluon/web/view/model/form.html
@ -1,5 +1,4 @@
 <form method="post" enctype="multipart/form-data" action="<%|url(request)%>" data-update="reset">
 	<input type="hidden" name="token" value="<%=token%>" />
 	<input type="hidden" name="<%=id%>" value="1" />
 	<div class="gluon-form" id="form-<%=id%>">
--- a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/controller/admin/privatewifi.lua
+++ b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/controller/admin/privatewifi.lua
@ -1,3 +1,8 @@
 local uci = require("simple-uci").cursor()
 local wireless = require 'gluon.wireless'
 package 'gluon-web-private-wifi'
-entry({"admin", "privatewifi"}, model("admin/privatewifi"), _("Private WLAN"), 30)
+if wireless.device_uses_wlan(uci) then
 	entry({"admin", "privatewifi"}, model("admin/privatewifi"), _("Private WLAN"), 30)
 end
--- a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua
+++ b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua
@ -1,5 +1,4 @@
 local uci = require("simple-uci").cursor()
 local platform = require 'gluon.platform'
 local wireless = require 'gluon.wireless'
 -- where to read the configuration from
@ -30,7 +29,7 @@ key.default = uci:get('wireless', primary_iface, "key")
 local encryption = s:option(ListValue, "encryption", translate("Encryption"))
 encryption:depends(enabled, true)
 encryption:value("psk2", translate("WPA2"))
-if platform.device_supports_wpa3() then
+if wireless.device_supports_wpa3() then
 	encryption:value("psk3-mixed", translate("WPA2 / WPA3"))
 	encryption:value("psk3", translate("WPA3"))
 end
@ -39,7 +38,7 @@ encryption.default = uci:get('wireless', primary_iface, 'encryption') or "psk2"
 local mfp = s:option(ListValue, "mfp", translate("Management Frame Protection"))
 mfp:depends(enabled, true)
 mfp:value("0", translate("Disabled"))
-if platform.device_supports_mfp(uci) then
+if wireless.device_supports_mfp(uci) then
 	mfp:value("1", translate("Optional"))
 	mfp:value("2", translate("Required"))
 end
@ -68,7 +67,7 @@ function f:write()
 			})
 			-- hostapd-mini won't start in case 802.11w is configured
-			if platform.device_supports_mfp(uci) then
+			if wireless.device_supports_mfp(uci) then
 				uci:set('wireless', name, 'ieee80211w', mfp.data)
 			else
 				uci:delete('wireless', name, 'ieee80211w')
--- a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/controller/admin/wifi-config.lua
+++ b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/controller/admin/wifi-config.lua
@ -1,3 +1,8 @@
 local uci = require("simple-uci").cursor()
 local wireless = require 'gluon.wireless'
 package 'gluon-web-wifi-config'
-entry({"admin", "wifi-config"}, model("admin/wifi-config"), _("WLAN"), 20)
+if wireless.device_uses_wlan(uci) then
 	entry({"admin", "wifi-config"}, model("admin/wifi-config"), _("WLAN"), 20)
 end
--- a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua
+++ b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua
@ -24,18 +24,6 @@ local function txpower_list(phy)
 	return new
 end
 local function has_5ghz_radio()
 	local result = false
 	uci:foreach('wireless', 'wifi-device', function(config)
 		local radio = config['.name']
 		local hwmode = uci:get('wireless', radio, 'hwmode')
 		result = result or (hwmode == '11a' or hwmode == '11na')
 	end)
 	return result
 end
 local f = Form(translate("WLAN"))
 f:section(Section, nil, translate(
@ -56,9 +44,9 @@ uci:foreach('wireless', 'wifi-device', function(config)
 	local is_5ghz = false
 	local title
-	if config.hwmode == '11g' or config.hwmode == '11ng' then
+	if config.band == '2g' then
 		title = translate("2.4GHz WLAN")
-	elseif config.hwmode == '11a' or config.hwmode == '11na' then
+	elseif config.band == '5g' then
 		is_5ghz = true
 		title = translate("5GHz WLAN")
 	else
@ -142,7 +130,7 @@ uci:foreach('wireless', 'wifi-device', function(config)
 end)
-if has_5ghz_radio() and not wireless.preserve_channels(uci) then
+if wireless.device_uses_11a(uci) and not wireless.preserve_channels(uci) then
 	local r = f:section(Section, translate("Outdoor Installation"), translate(
 		"Configuring the node for outdoor use tunes the 5 GHz radio to a frequency "
 		.. "and transmission power that conforms with the local regulatory requirements. "
@ -167,9 +155,9 @@ if has_5ghz_radio() and not wireless.preserve_channels(uci) then
 	uci:foreach('wireless', 'wifi-device', function(config)
 		local radio = config['.name']
-		local hwmode = uci:get('wireless', radio, 'hwmode')
+		local band = uci:get('wireless', radio, 'band')
-		if hwmode ~= '11a' and hwmode ~= '11na' then
+		if band ~= '5g' then
 			return
 		end
--- a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua
+++ b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua
@ -184,9 +184,15 @@ local function dispatch(config, http, request)
 		return
 	end
-	http:parse_input(node.filehandler)
+	local ok, err = pcall(http.parse_input, http, node.filehandler)
 	if not ok then
 		http:status(400, "Bad request")
 		http:prepare_content("text/plain")
 		http:write(err .. "\r\n")
 		return
 	end
-	local ok, err = pcall(node.target)
+	ok, err = pcall(node.target)
 	if not ok then
 		http:status(500, "Internal Server Error")
 		renderer.render_layout("error/500", {
@ -208,6 +214,6 @@ return function(config, http)
 	if not ok then
 		http:status(500, "Internal Server Error")
 		http:prepare_content("text/plain")
-		http:write(err)
+		http:write(err .. "\r\n")
 	end
 end
--- a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua
+++ b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua
@ -108,16 +108,11 @@ end
 --  o String value containing a chunk of the file data
 --  o Boolean which indicates whether the current chunk is the last one (eof)
 local function mimedecode_message_body(src, msg, filecb)
-
+	local mime_boundary = (msg.env.CONTENT_TYPE or ''):match("^multipart/form%-data; boundary=(.+)$")
-	if msg and msg.env.CONTENT_TYPE then
+	if not mime_boundary then
-		msg.mime_boundary = msg.env.CONTENT_TYPE:match("^multipart/form%-data; boundary=(.+)$")
+		error("Invalid Content-Type found")
 	end
 	if not msg.mime_boundary then
 		return nil, "Invalid Content-Type found"
 	end
 	local tlen   = 0
 	local inhdr  = false
 	local field  = nil
@ -188,10 +183,10 @@ local function mimedecode_message_body(src, msg, filecb)
 			local spos, epos, found
 			repeat
-				spos, epos = data:find("\r\n--" .. msg.mime_boundary .. "\r\n", 1, true)
+				spos, epos = data:find("\r\n--" .. mime_boundary .. "\r\n", 1, true)
 				if not spos then
-					spos, epos = data:find("\r\n--" .. msg.mime_boundary .. "--\r\n", 1, true)
+					spos, epos = data:find("\r\n--" .. mime_boundary .. "--\r\n", 1, true)
 				end
@ -250,20 +245,61 @@ local function mimedecode_message_body(src, msg, filecb)
 		return true
 	end
-	return pump(src, snk)
+	assert(pump(src, snk))
 end
 local function check_post_origin(msg)
 	local default_port = '80'
 	local request_scheme = 'http'
 	if msg.env.HTTPS then
 		default_port = '443'
 		request_scheme = 'https'
 	end
 	local request_host = msg.env.HTTP_HOST
 	if not request_host then
 		error('POST request without Host header')
 	end
 	if not request_host:match(':[0-9]+$') then
 		request_host = request_host .. ':' .. default_port
 	end
 	local origin = msg.env.HTTP_ORIGIN
 	if not origin then
 		error('POST request without Origin header')
 	end
 	local origin_scheme, origin_host = origin:match('^([^:]*)://(.*)$')
 	if not origin_host then
 		error('POST request with invalid Origin header')
 	end
 	if not origin_host:match(':[0-9]+$') then
 		local origin_port
 		if origin_scheme == 'http' then
 			origin_port = '80'
 		elseif origin_scheme == 'https' then
 			origin_port = '443'
 		else
 			error('POST request with invalid Origin header')
 		end
 		origin_host = origin_host .. ':' .. origin_port
 	end
 	if request_scheme ~= origin_scheme or request_host ~= origin_host then
 		error('Invalid cross-origin POST')
 	end
 end
 -- This function will examine the Content-Type within the given message object
 -- to select the appropriate content decoder.
 -- Currently only the multipart/form-data mime type is supported.
 function M.parse_message_body(src, msg, filecb)
-	if not (msg.env.REQUEST_METHOD == "POST" and msg.env.CONTENT_TYPE) then
+	if msg.env.REQUEST_METHOD ~= "POST" then
 		return
 	end
-	if msg.env.CONTENT_TYPE:match("^multipart/form%-data") then
+	check_post_origin(msg)
-		return mimedecode_message_body(src, msg, filecb)
+
-	end
+	mimedecode_message_body(src, msg, filecb)
 end
 return M
--- a/patches/openwrt/0004-kernel-ebtables-add-support-for-ICMP-IGMP-type-matches.patch
+++ b/patches/openwrt/0004-kernel-ebtables-add-support-for-ICMP-IGMP-type-matches.patch
@ -1,240 +0,0 @@
 From: Matthias Schiffer <mschiffer@universe-factory.net>
 Date: Thu, 12 Apr 2018 07:50:02 +0200
 Subject: kernel: ebtables: add support for ICMP/IGMP type matches
 Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
 diff --git a/target/linux/generic/backport-4.14/096-0001-ebtables-add-support-for-matching-ICMP-type-and-code.patch b/target/linux/generic/backport-4.14/096-0001-ebtables-add-support-for-matching-ICMP-type-and-code.patch
 new file mode 100644
 index 0000000000000000000000000000000000000000..fe9c479338a7b597be649c761c70a63085b51c5f
 --- /dev/null
 +++ b/target/linux/generic/backport-4.14/096-0001-ebtables-add-support-for-matching-ICMP-type-and-code.patch
@@ -0,0 +1,134 @@
 +From: Matthias Schiffer <mschiffer@universe-factory.net>
 +Date: Sat, 3 Mar 2018 11:55:21 +0100
 +Subject: [PATCH 1/2] ebtables: add support for matching ICMP type and code
 +
 +We already have ICMPv6 type/code matches. This adds support for IPv4 ICMP
 +matches in the same way.
 +
 +Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
 +---
 + include/uapi/linux/netfilter_bridge/ebt_ip.h | 13 +++++++--
 + net/bridge/netfilter/ebt_ip.c                | 43 +++++++++++++++++++++-------
 + 2 files changed, 43 insertions(+), 13 deletions(-)
 +
 +--- a/include/uapi/linux/netfilter_bridge/ebt_ip.h
 ++++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h
 +@@ -24,8 +24,9 @@
 + #define EBT_IP_PROTO 0x08
 + #define EBT_IP_SPORT 0x10
 + #define EBT_IP_DPORT 0x20
 ++#define EBT_IP_ICMP 0x40
 + #define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
 +- EBT_IP_SPORT | EBT_IP_DPORT )
 ++		     EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP)
 + #define EBT_IP_MATCH "ip"
 + 
 + /* the same values are used for the invflags */
 +@@ -38,8 +39,14 @@ struct ebt_ip_info {
 + 	__u8  protocol;
 + 	__u8  bitmask;
 + 	__u8  invflags;
 +-	__u16 sport[2];
 +-	__u16 dport[2];
 ++	union {
 ++		__u16 sport[2];
 ++		__u8 icmp_type[2];
 ++	};
 ++	union {
 ++		__u16 dport[2];
 ++		__u8 icmp_code[2];
 ++	};
 + };
 + 
 + #endif
 +--- a/net/bridge/netfilter/ebt_ip.c
 ++++ b/net/bridge/netfilter/ebt_ip.c
 +@@ -19,9 +19,15 @@
 + #include <linux/netfilter_bridge/ebtables.h>
 + #include <linux/netfilter_bridge/ebt_ip.h>
 + 
 +-struct tcpudphdr {
 +-	__be16 src;
 +-	__be16 dst;
 ++union pkthdr {
 ++	struct {
 ++		__be16 src;
 ++		__be16 dst;
 ++	} tcpudphdr;
 ++	struct {
 ++		u8 type;
 ++		u8 code;
 ++	} icmphdr;
 + };
 + 
 + static bool
 +@@ -30,8 +36,8 @@ ebt_ip_mt(const struct sk_buff *skb, str
 + 	const struct ebt_ip_info *info = par->matchinfo;
 + 	const struct iphdr *ih;
 + 	struct iphdr _iph;
 +-	const struct tcpudphdr *pptr;
 +-	struct tcpudphdr _ports;
 ++	const union pkthdr *pptr;
 ++	union pkthdr _pkthdr;
 + 
 + 	ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
 + 	if (ih == NULL)
 +@@ -50,29 +56,38 @@ ebt_ip_mt(const struct sk_buff *skb, str
 + 	if (info->bitmask & EBT_IP_PROTO) {
 + 		if (NF_INVF(info, EBT_IP_PROTO, info->protocol != ih->protocol))
 + 			return false;
 +-		if (!(info->bitmask & EBT_IP_DPORT) &&
 +-		    !(info->bitmask & EBT_IP_SPORT))
 ++		if (!(info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT |
 ++				       EBT_IP_ICMP)))
 + 			return true;
 + 		if (ntohs(ih->frag_off) & IP_OFFSET)
 + 			return false;
 ++
 ++		/* min icmp headersize is 4, so sizeof(_pkthdr) is ok. */
 + 		pptr = skb_header_pointer(skb, ih->ihl*4,
 +-					  sizeof(_ports), &_ports);
 ++					  sizeof(_pkthdr), &_pkthdr);
 + 		if (pptr == NULL)
 + 			return false;
 + 		if (info->bitmask & EBT_IP_DPORT) {
 +-			u32 dst = ntohs(pptr->dst);
 ++			u32 dst = ntohs(pptr->tcpudphdr.dst);
 + 			if (NF_INVF(info, EBT_IP_DPORT,
 + 				    dst < info->dport[0] ||
 + 				    dst > info->dport[1]))
 + 				return false;
 + 		}
 + 		if (info->bitmask & EBT_IP_SPORT) {
 +-			u32 src = ntohs(pptr->src);
 ++			u32 src = ntohs(pptr->tcpudphdr.src);
 + 			if (NF_INVF(info, EBT_IP_SPORT,
 + 				    src < info->sport[0] ||
 + 				    src > info->sport[1]))
 + 				return false;
 + 		}
 ++		if ((info->bitmask & EBT_IP_ICMP) &&
 ++		    NF_INVF(info, EBT_IP_ICMP,
 ++			    pptr->icmphdr.type < info->icmp_type[0] ||
 ++			    pptr->icmphdr.type > info->icmp_type[1] ||
 ++			    pptr->icmphdr.code < info->icmp_code[0] ||
 ++			    pptr->icmphdr.code > info->icmp_code[1]))
 ++			return false;
 + 	}
 + 	return true;
 + }
 +@@ -101,6 +116,14 @@ static int ebt_ip_mt_check(const struct
 + 		return -EINVAL;
 + 	if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])
 + 		return -EINVAL;
 ++	if (info->bitmask & EBT_IP_ICMP) {
 ++		if ((info->invflags & EBT_IP_PROTO) ||
 ++		    info->protocol != IPPROTO_ICMP)
 ++			return -EINVAL;
 ++		if (info->icmp_type[0] > info->icmp_type[1] ||
 ++		    info->icmp_code[0] > info->icmp_code[1])
 ++			return -EINVAL;
 ++	}
 + 	return 0;
 + }
 + 
 diff --git a/target/linux/generic/backport-4.14/096-0002-ebtables-add-support-for-matching-IGMP-type.patch b/target/linux/generic/backport-4.14/096-0002-ebtables-add-support-for-matching-IGMP-type.patch
 new file mode 100644
 index 0000000000000000000000000000000000000000..4c8144834d87c58ff90363cdc2f2933194e54fdc
 --- /dev/null
 +++ b/target/linux/generic/backport-4.14/096-0002-ebtables-add-support-for-matching-IGMP-type.patch
@@ -0,0 +1,88 @@
 +From: Matthias Schiffer <mschiffer@universe-factory.net>
 +Date: Sat, 3 Mar 2018 12:02:21 +0100
 +Subject: [PATCH 2/2] ebtables: add support for matching IGMP type
 +
 +We already have ICMPv6 type/code matches (which can be used to distinguish
 +different types of MLD packets). Add support for IPv4 IGMP matches in the
 +same way.
 +
 +Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
 +---
 + include/uapi/linux/netfilter_bridge/ebt_ip.h |  4 +++-
 + net/bridge/netfilter/ebt_ip.c                | 19 +++++++++++++++++--
 + 2 files changed, 20 insertions(+), 3 deletions(-)
 +
 +--- a/include/uapi/linux/netfilter_bridge/ebt_ip.h
 ++++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h
 +@@ -25,8 +25,9 @@
 + #define EBT_IP_SPORT 0x10
 + #define EBT_IP_DPORT 0x20
 + #define EBT_IP_ICMP 0x40
 ++#define EBT_IP_IGMP 0x80
 + #define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
 +-		     EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP)
 ++		     EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP | EBT_IP_IGMP)
 + #define EBT_IP_MATCH "ip"
 + 
 + /* the same values are used for the invflags */
 +@@ -42,6 +43,7 @@ struct ebt_ip_info {
 + 	union {
 + 		__u16 sport[2];
 + 		__u8 icmp_type[2];
 ++		__u8 igmp_type[2];
 + 	};
 + 	union {
 + 		__u16 dport[2];
 +--- a/net/bridge/netfilter/ebt_ip.c
 ++++ b/net/bridge/netfilter/ebt_ip.c
 +@@ -28,6 +28,9 @@ union pkthdr {
 + 		u8 type;
 + 		u8 code;
 + 	} icmphdr;
 ++	struct {
 ++		u8 type;
 ++	} igmphdr;
 + };
 + 
 + static bool
 +@@ -57,12 +60,12 @@ ebt_ip_mt(const struct sk_buff *skb, str
 + 		if (NF_INVF(info, EBT_IP_PROTO, info->protocol != ih->protocol))
 + 			return false;
 + 		if (!(info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT |
 +-				       EBT_IP_ICMP)))
 ++				       EBT_IP_ICMP | EBT_IP_IGMP)))
 + 			return true;
 + 		if (ntohs(ih->frag_off) & IP_OFFSET)
 + 			return false;
 + 
 +-		/* min icmp headersize is 4, so sizeof(_pkthdr) is ok. */
 ++		/* min icmp/igmp headersize is 4, so sizeof(_pkthdr) is ok. */
 + 		pptr = skb_header_pointer(skb, ih->ihl*4,
 + 					  sizeof(_pkthdr), &_pkthdr);
 + 		if (pptr == NULL)
 +@@ -88,6 +91,11 @@ ebt_ip_mt(const struct sk_buff *skb, str
 + 			    pptr->icmphdr.code < info->icmp_code[0] ||
 + 			    pptr->icmphdr.code > info->icmp_code[1]))
 + 			return false;
 ++		if ((info->bitmask & EBT_IP_IGMP) &&
 ++		    NF_INVF(info, EBT_IP_IGMP,
 ++			    pptr->igmphdr.type < info->igmp_type[0] ||
 ++			    pptr->igmphdr.type > info->igmp_type[1]))
 ++			return false;
 + 	}
 + 	return true;
 + }
 +@@ -124,6 +132,13 @@ static int ebt_ip_mt_check(const struct
 + 		    info->icmp_code[0] > info->icmp_code[1])
 + 			return -EINVAL;
 + 	}
 ++	if (info->bitmask & EBT_IP_IGMP) {
 ++		if ((info->invflags & EBT_IP_PROTO) ||
 ++		    info->protocol != IPPROTO_IGMP)
 ++			return -EINVAL;
 ++		if (info->igmp_type[0] > info->igmp_type[1])
 ++			return -EINVAL;
 ++	}
 + 	return 0;
 + }
 + 
--- a/patches/openwrt/0004-wireguard-tools-allow-generating-private_key-v3.patch
+++ b/patches/openwrt/0004-wireguard-tools-allow-generating-private_key-v3.patch
--- a/patches/openwrt/0005-package-uci-backport-cli-add-option-for-changing-save-path.patch
+++ b/patches/openwrt/0005-package-uci-backport-cli-add-option-for-changing-save-path.patch
@ -1,83 +0,0 @@
 From: Leonardo Mörlein <me@irrelefant.net>
 Date: Sat, 16 Jan 2021 23:11:01 +0100
 Subject: package/uci: backport: "cli: add option for changing save path"
 This is a backport of
 https://git.openwrt.org/?p=project/uci.git;a=commit;h=4b3db1179747b6a6779029407984bacef851325c
 diff --git a/package/system/uci/Makefile b/package/system/uci/Makefile
 index 75fc1bdfad0694aac99830b9b0cc87b42ea16e7d..924d5bb4824f567888e2ffd2954429af8f4fd504 100644
 --- a/package/system/uci/Makefile
 +++ b/package/system/uci/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=uci
 -PKG_RELEASE:=5
 +PKG_RELEASE:=6
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uci.git
 PKG_SOURCE_PROTO:=git
 diff --git a/package/system/uci/patches/0001-cli-add-option-for-changin-save-path.patch b/package/system/uci/patches/0001-cli-add-option-for-changin-save-path.patch
 new file mode 100644
 index 0000000000000000000000000000000000000000..377aec41fe6928aa26bccdde9fd77576d57ec4ed
 --- /dev/null
 +++ b/package/system/uci/patches/0001-cli-add-option-for-changin-save-path.patch
@@ -0,0 +1,56 @@
 +From: Rafał Miłecki <rafal@milecki.pl>
 +Date: Mon, 12 Apr 2021 14:05:52 +0000 (+0200)
 +Subject: cli: add option for changing save path
 +X-Git-Url: http://git.openwrt.org/?p=project%2Fuci.git;a=commitdiff_plain;h=4b3db1179747b6a6779029407984bacef851325c;hp=52bbc99f69ea6f67b6fe264f424dac91bde5016c
 +
 +cli: add option for changing save path
 +
 +Save path is a directory where config change (delta) files are stored.
 +Having a custom individual save dir can be used to prevent two (or more)
 +"uci" cli callers (e.g. bash scripts) from commiting each other changes.
 +
 +In the following example:
 +
 +App0					App1
 +----					----
 +uci set system.@system[0].timezone=UTC
 +					uci set system.@system[0].hostname=OpenWrt
 +					uci commit system
 +
 +App1 would unintentionally commit changes made by App0. This can be
 +avoided by at least 1 "uci" cli user specifying a custom -t option.
 +
 +Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
 +---
 +
 +diff --git a/cli.c b/cli.c
 +index 267437d..2fce39d 100644
 +--- a/cli.c
 ++++ b/cli.c
 +@@ -167,6 +167,7 @@ static void uci_usage(void)
 + 		"\t-N         don't name unnamed sections\n"
 + 		"\t-p <path>  add a search path for config change files\n"
 + 		"\t-P <path>  add a search path for config change files and use as default\n"
 ++		"\t-t <path>  set save path for config change files\n"
 + 		"\t-q         quiet mode (don't print error messages)\n"
 + 		"\t-s         force strict mode (stop on parser errors, default)\n"
 + 		"\t-S         disable strict mode\n"
 +@@ -706,7 +707,7 @@ int main(int argc, char **argv)
 + 		return 1;
 + 	}
 + 
 +-	while((c = getopt(argc, argv, "c:d:f:LmnNp:P:sSqX")) != -1) {
 ++	while((c = getopt(argc, argv, "c:d:f:LmnNp:P:qsSt:X")) != -1) {
 + 		switch(c) {
 + 			case 'c':
 + 				uci_set_confdir(ctx, optarg);
 +@@ -754,6 +755,9 @@ int main(int argc, char **argv)
 + 			case 'q':
 + 				flags |= CLI_FLAG_QUIET;
 + 				break;
 ++			case 't':
 ++				uci_set_savedir(ctx, optarg);
 ++				break;
 + 			case 'X':
 + 				flags &= ~CLI_FLAG_SHOW_EXT;
 + 				break;
--- a/patches/packages/packages/0001-perl-don-t-build-in-parallel-and-bump-release.patch
+++ b/patches/packages/packages/0001-perl-don-t-build-in-parallel-and-bump-release.patch
@ -0,0 +1,24 @@
 From: Martin Weinelt <martin@darmstadt.freifunk.net>
 Date: Tue, 8 Feb 2022 21:09:20 +0100
 Subject: perl: don't build in parallel and bump release
 Parallel builds cause spurious build failures with high core counts.
 https://github.com/openwrt/packages/issues/8238
 https://github.com/openwrt/packages/pull/17274
 diff --git a/lang/perl/Makefile b/lang/perl/Makefile
 index 443164f0a4a6a1c9fa189bf9c3c033d70db30ca0..121a3bfe653f46ecac7d10b1f3ae480fcd02f155 100644
 --- a/lang/perl/Makefile
 +++ b/lang/perl/Makefile
@@ -34,8 +34,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/perl/$(PKG_NAME)-$(PKG_VERSION)
 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/perl/$(PKG_NAME)-$(PKG_VERSION)
 PKG_INSTALL:=1
 PKG_BUILD_DEPENDS:=perl/host
 -PKG_BUILD_PARALLEL:=1
 -HOST_BUILD_PARALLEL:=1
 +PKG_BUILD_PARALLEL:=0
 +HOST_BUILD_PARALLEL:=0
 # Variables used during configuration/build
 HOST_PERL_PREFIX:=$(STAGING_DIR_HOSTPKG)/usr
--- a/scripts/container.sh
+++ b/scripts/container.sh
@ -0,0 +1,24 @@
 #!/usr/bin/env bash
 set -euo pipefail
 # move into base directory, in case this script is not executed via `make container`
 cd "$(dirname "$0")/.."
 # normalize branch name to reflect a valid image name
 BRANCH=$(git branch --show-current 2>/dev/null | sed 's/[^a-z0-9-]/_/ig')
 TAG="gluon:${BRANCH:-latest}"
 if [ "$(command -v podman)" ]
 then
 	podman build -t "${TAG}" contrib/docker
 	podman run -it --rm --userns=keep-id --volume="$(pwd):/gluon" "${TAG}"
 elif [ "$(command -v docker)" ]
 then
 	docker build -t "${TAG}" contrib/docker
 	docker run -it --rm --volume="$(pwd):/gluon" "${TAG}"
 else
 	1>&2 echo "Please install either podman or docker. Exiting" >/dev/null
 	exit 1
 fi
--- a/scripts/lint-sh.sh
+++ b/scripts/lint-sh.sh
@ -17,7 +17,7 @@ find package -type f | while read -r file; do
 	is_scriptfile "$file" || continue
 	echo "Checking $file"
-	shellcheck -f gcc -x -s sh -e SC2039,SC1091,SC2155,SC2034 "$file"
+	shellcheck -f gcc -x -s sh -e SC2039,SC1091,SC2155,SC2034,SC3043,SC3037,SC3057 "$file"
 done
 find scripts -type f | while read -r file; do
--- a/scripts/target_lib.lua
+++ b/scripts/target_lib.lua
@ -267,47 +267,6 @@ function F.device(image, name, options)
 	end
 end
 function F.factory_image(image, name, ext, options)
 	options = merge(default_options, options)
 	if not want_device(image, options) then
 		return
 	end
 	if options.deprecated and not full_deprecated then
 		return
 	end
 	add_image {
 		image = image,
 		name = name,
 		subdir = 'factory',
 		in_suffix = '',
 		out_suffix = '',
 		extension = ext,
 		aliases = options.aliases,
 	}
 end
 function F.sysupgrade_image(image, name, ext, options)
 	options = merge(default_options, options)
 	if not want_device(image, options) then
 		return
 	end
 	add_image {
 		image = image,
 		name = name,
 		subdir = 'sysupgrade',
 		in_suffix = '',
 		out_suffix = '-sysupgrade',
 		extension = ext,
 		aliases = options.aliases,
 		manifest_aliases = options.manifest_aliases,
 	}
 end
 function F.defaults(options)
 	default_options = merge(default_options, options)
 end
--- a/targets/ath79-generic
+++ b/targets/ath79-generic
@ -103,6 +103,10 @@ device('siemens-ws-ap3610', 'siemens_ws-ap3610', {
 -- TP-Link
 device('tp-link-archer-a7-v5', 'tplink_archer-a7-v5', {
 	packages = ATH10K_PACKAGES_QCA9880,
 })
 device('tp-link-archer-c2-v3', 'tplink_archer-c2-v3', {
 	packages = ATH10K_PACKAGES_QCA9887,
 	class = 'tiny',
--- a/targets/x86-64
+++ b/targets/x86-64
@ -1,9 +1,14 @@
 include 'x86.inc'
 packages {
-        'kmod-gpio-nct5104d',
+	'kmod-gpio-nct5104d',
-        'kmod-leds-gpio',
+	'kmod-leds-gpio',
-        'kmod-pcengines-apuv2',
+	'kmod-pcengines-apuv2',
 }
-device('x86-64', 'generic')
+device('x86-64', 'generic', {
 	extra_images = {
 		{'-kernel', '-kernel', '.bin'},
 		{'-squashfs-rootfs', '-rootfs', '.img.gz'},
 	},
 })
--- a/targets/x86-generic
+++ b/targets/x86-generic
@ -1,12 +1,16 @@
 include 'x86.inc'
 packages {
-        'kmod-gpio-nct5104d',
+	'kmod-gpio-nct5104d',
-        'kmod-leds-gpio',
+	'kmod-leds-gpio',
-        'kmod-pcengines-apuv2',
+	'kmod-pcengines-apuv2',
 }
 device('x86-generic', 'generic', {
 	extra_images = {
 		{'-kernel', '-kernel', '.bin'},
 		{'-squashfs-rootfs', '-rootfs', '.img.gz'},
 	},
 	manifest_aliases = {
 		'x86-kvm',
 		'x86-xen_domu',
`@ -1 +1 @@`
	`sphinx-rtd-theme==0.5.2`	`sphinx-rtd-theme==1.0.0`