Switch back roles of br-client and local-node interfaces

When preparing the migration from macvlan to veth for local-node, MAC
address conflicts occurred as some ports of br-client had the same address
as local-node. Reverting the roles of both interfaces fixes this.

By default, br-client is left as an interface without addresses and
firewall rules that drop everything, so the bridge is used to connect its
ports only. gluon-mesh-batman-adv-core changes this to the usual set
of addresses and firewall rules.

package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred

@@ -4,7 +4,7 @@ local uci = require('simple-uci').cursor()
 
 uci:delete('alfred', 'alfred')
 uci:section('alfred', 'alfred', 'alfred', {
-	interface = 'local-node',
+	interface = 'br-client',
 	mode = 'slave',
 	batmanif = 'bat0',
 	start_vis = true,

package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network

@@ -1,37 +1,12 @@
 #!/usr/bin/lua
 
-local site = require 'gluon.site_config'
 local sysconfig = require 'gluon.sysconfig'
+local sysctl = require 'gluon.sysctl'
 local util = require 'gluon.util'
 
 local uci = require('simple-uci').cursor()
 
 
-local ip4, ip6
-
-if site.next_node.ip4 then
-	local plen = site.prefix4:match('/%d+$')
-	ip4 = site.next_node.ip4 .. plen
-end
-
-if site.next_node.ip6 then
-	ip6 = site.next_node.ip6 .. '/128'
-end
-
-uci:section('network', 'interface', 'client', {
-	type = 'bridge',
-	proto = 'static',
-	macaddr = site.next_node.mac,
-	ipaddr = ip4,
-	ip6addr = ip6,
-})
-
-uci:delete('network', 'client', 'reqprefix')
-uci:delete('network', 'client', 'peerdns')
-uci:delete('network', 'client', 'sourcefilter')
-uci:delete('network', 'client', 'netmask')
-
-
 local interfaces = uci:get('network', 'client', 'ifname') or {}
 
 if type(interfaces) == 'string' then
@@ -48,11 +23,31 @@ if sysconfig.lan_ifname and not ifname and not uci:get_bool('network', 'mesh_lan
 	end
 end
 
-uci:set_list('network', 'client', 'ifname', interfaces)
+uci:delete('network', 'client')
+uci:section('network', 'interface', 'client', {
+	type = 'bridge',
+	ifname = interfaces,
+	proto = 'none',
+	auto = true,
+	ipv6 = false,
+	macaddr = sysconfig.primary_mac,
+})
 
 uci:save('network')
 
 
+uci:delete('firewall', 'client')
+uci:section('firewall', 'zone', 'client', {
+	name = 'client',
+	network = {'client'},
+	input = 'DROP',
+	output = 'DROP',
+	forward = 'DROP',
+})
+
+uci:save('firewall')
+
+
 local dnsmasq = uci:get_first('dhcp', 'dnsmasq')
 uci:set('dhcp', dnsmasq, 'boguspriv', false)
 uci:set('dhcp', dnsmasq, 'localise_queries', false)
@@ -65,3 +60,6 @@ uci:section('dhcp', 'dhcp', 'client', {
 })
 
 uci:save('dhcp')
+
+
+sysctl.set('net.ipv6.conf.br-client.forwarding', 0)

package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node

@@ -1,5 +1,6 @@
 #!/usr/bin/lua
 
+local site = require 'gluon.site_config'
 local sysconfig = require 'gluon.sysconfig'
 
 local uci = require('simple-uci').cursor()
@@ -10,14 +11,27 @@ uci:section('network', 'device', 'local_node_dev', {
 	name = 'local-node',
 	ifname = 'br-client',
 	type = 'macvlan',
-	macaddr = sysconfig.primary_mac,
+	macaddr = site.next_node.mac,
 })
 
+
+local ip4, ip6
+
+if site.next_node.ip4 then
+	local plen = site.prefix4:match('/%d+$')
+	ip4 = site.next_node.ip4 .. plen
+end
+
+if site.next_node.ip6 then
+	ip6 = site.next_node.ip6 .. '/128'
+end
+
 uci:delete('network', 'local_node')
 uci:section('network', 'interface', 'local_node', {
 	ifname = 'local-node',
-	proto = 'none',
-	auto = true,
+	proto = 'static',
+	ipaddr = ip4,
+	ip6addr = ip6,
 })
 
 uci:save('network')

package/gluon-mesh-batman-adv-core/files/lib/gluon/radvd/arguments

@@ -1,3 +1,3 @@
 #!/usr/bin/lua
 local site = require "gluon.site_config"
-print("-i br-client -p " .. site.prefix6)
+print("-i local-node -p " .. site.prefix6)

package/gluon-mesh-batman-adv-core/files/lib/gluon/respondd/client.dev

@@ -1 +1 @@
-local_node
+client

package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-core-client-bridge

@@ -1,39 +1,71 @@
 #!/usr/bin/lua
 
+-- This script must be ordered after 300-gluon-client-bridge-network, as
+-- it overrides parts of network.client
+
+
+local site = require 'gluon.site_config'
 local sysconfig = require 'gluon.sysconfig'
 local sysctl = require 'gluon.sysctl'
 
 local uci = require('simple-uci').cursor()
 
+
 uci:section('network', 'interface', 'client', {
+	ipv6 = true,
+	proto = 'dhcpv6',
+	reqprefix = 'no',
+	peerdns = not (site.dns and site.dns.servers),
+	sourcefilter = false,
+	keep_ra_dnslifetime = true,
 	robustness = 3,
 	query_interval = 2000,
 	query_response_interval = 500,
 })
-uci:delete('network', 'client', 'igmp_snooping')
 
 uci:delete('network', 'client_lan')
 if sysconfig.lan_ifname then
 	uci:section('network', 'interface', 'client_lan', {
 		unicast_flood = false,
+		ifname = sysconfig.lan_ifname,
 	})
-	uci:set('network', 'client_lan', 'ifname', sysconfig.lan_ifname)
 end
 
+uci:delete('network', 'local_node_route6')
+uci:section('network', 'route6', 'local_node_route6', {
+	interface = 'client',
+	target = site.prefix6,
+	gateway = '::',
+})
+
 uci:save('network')
 
 
-uci:delete('firewall', 'client')
 uci:section('firewall', 'zone', 'client', {
-	name = 'client',
-	network = {'client'},
 	input = 'ACCEPT',
 	output = 'ACCEPT',
 	forward = 'REJECT',
 })
 
-uci:delete('firewall', 'client_dns')
+uci:section('firewall', 'rule', 'client_dns', {
+	name = 'client_dns',
+	src = 'client',
+	dest_port = '53',
+	target = 'REJECT',
+})
+
+uci:delete('firewall', 'local_node')
+uci:section('firewall', 'zone', 'local_node', {
+	name = 'local_node',
+	network = {'local_node'},
+	input = 'ACCEPT',
+	output = 'ACCEPT',
+	forward = 'REJECT',
+})
+
+uci:delete('firewall', 'local_node_dns')
 
 uci:save('firewall')
 
-sysctl.set('net.ipv6.conf.br-client.forwarding')
+
+sysctl.set('net.ipv6.conf.local-node.forwarding', 0)

package/gluon-mesh-batman-adv-core/luasrc/lib/gluon/upgrade/330-gluon-mesh-batman-adv-core-local-node

@@ -1,51 +0,0 @@
-#!/usr/bin/lua
-
--- This script must be ordered after 310-gluon-client-bridge-local-node, as
--- it overrides parts of network.local_node
-
-
-local site = require 'gluon.site_config'
-local sysconfig = require 'gluon.sysconfig'
-local sysctl = require 'gluon.sysctl'
-
-local uci = require('simple-uci').cursor()
-
-
-uci:section('network', 'interface', 'local_node', {
-	proto = 'dhcpv6',
-	reqprefix = 'no',
-	peerdns = not (site.dns and site.dns.servers),
-	sourcefilter = false,
-	keep_ra_dnslifetime = true,
-})
-
-uci:delete('network', 'local_node_route6')
-uci:section('network', 'route6', 'local_node_route6', {
-	interface = 'local-node',
-	target = site.prefix6,
-	gateway = '::',
-})
-
-uci:save('network')
-
-
-uci:delete('firewall', 'local_node')
-uci:section('firewall', 'zone', 'local_node', {
-	name = 'local_node',
-	network = {'local_node'},
-	input = 'ACCEPT',
-	output = 'ACCEPT',
-	forward = 'REJECT',
-})
-
-uci:section('firewall', 'rule', 'local_node_dns', {
-	name = 'local_node_dns',
-	src = 'local_node',
-	dest_port = '53',
-	target = 'REJECT',
-})
-
-uci:save('firewall')
-
-
-sysctl.set('net.ipv6.conf.local_node.forwarding', 0)

package/gluon-mesh-batman-adv-core/src/respondd.c

@@ -102,7 +102,7 @@ static struct json_object * get_addresses(void) {
 			   &flags, ifname) != 18)
 			continue;
 
-		if (strcmp(ifname, "local-node"))
+		if (strcmp(ifname, "br-client"))
 			continue;
 
 		if (flags & (IFA_F_TENTATIVE|IFA_F_DEPRECATED))