9 files changed, 279 insertions, 3 deletions
diff --git a/protocols/luci-proto-batman-adv/Makefile b/protocols/luci-proto-batman-adv/Makefile
new file mode 100644
index 0000000000..9258d7db9e
--- /dev/null
+++ b/protocols/luci-proto-batman-adv/Makefile
@@ -0,0 +1,14 @@
+#
+# Copyright (C) 2022 Marc Ahlgrim <marc@onemarcfifty.com>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Support for the batman-adv protocol
+LUCI_DEPENDS:=+kmod-batman-adv
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/protocols/luci-proto-batman-adv/htdocs/luci-static/resources/protocol/batadv.js b/protocols/luci-proto-batman-adv/htdocs/luci-static/resources/protocol/batadv.js
new file mode 100644
index 0000000000..2e90e41cfa
--- /dev/null
+++ b/protocols/luci-proto-batman-adv/htdocs/luci-static/resources/protocol/batadv.js
@@ -0,0 +1,109 @@
+'use strict';
+'require form';
+'require network';
+
+
+network.registerPatternVirtual(/^bat\d+/);
+
+return network.registerProtocol('batadv', {
+	getI18n: function() {
+		return _('Batman Device');
+	},
+
+	getIfname: function() {
+		return this._ubus('l3_device') || this.sid;
+	},
+
+	getOpkgPackage: function() {
+		return 'kmod-batman-adv';
+	},
+
+	isFloating: function() {
+		return true;
+	},
+
+	isVirtual: function() {
+		return true;
+	},
+
+	getDevices: function() {
+		return null;
+	},
+
+	containsDevice: function(ifname) {
+		return (network.getIfnameOf(ifname) == this.getIfname());
+	},
+
+	renderFormOptions: function(s) {
+		var dev = this.getL3Device() || this.getDevice(), 
+			o;
+			
+		s.tab('mesh', _('Mesh Routing'), _('Mesh and routing related options'));
+
+		// @FIXME - the list of routing protocols should not be hard coded but come from batctl  
+		o = s.taboption('mesh', form.ListValue, 'routing_algo', _('Routing Algorithm'),
+				_('The algorithm that is used to discover mesh routes'));
+		o.value('BATMAN_IV', 'BATMAN_IV');
+		o.value('BATMAN_V', 'BATMAN_V');
+		o.default = 'BATMAN_IV';
+
+		o = s.taboption('mesh', form.Flag, 'aggregated_ogms', _('Aggregate Originator Messages'),
+				_('reduces overhead by collecting and aggregating originator messages in a single packet rather than many small ones'));
+		o.ucioption = 'aggregated_ogms';
+		o.default = o.disabled;
+
+		o = s.taboption('mesh', form.Value, 'orig_interval', _('Originator Interval'), 
+				_('The value specifies the interval (milliseconds) in which batman-adv floods the network with its protocol information.'));
+		o.placeholder = '1000';
+		o.datatype    = 'min(1)';
+
+		o = s.taboption('mesh', form.Flag, 'ap_isolation', _('Access Point Isolation'), 
+				_('Prevents one wireless client to talk to another. This setting only affects packets without any VLAN tag (untagged packets).'));
+		o.ucioption = 'ap_isolation';
+		o.default = o.disabled;
+
+		o = s.taboption('mesh', form.Flag, 'bonding', _('Bonding Mode'), 
+				_('When running the mesh over multiple WiFi interfaces per node batman-adv is capable of optimizing the traffic flow to gain maximum performance.'));
+		o.ucioption = 'bonding';
+		o.default = o.disabled;
+
+		o = s.taboption('mesh', form.Flag, 'bridge_loop_avoidance', _('Avoid Bridge Loops'), 
+				_('In bridged LAN setups it is advisable to enable the bridge loop avoidance in order to avoid broadcast loops that can bring the entire LAN to a standstill.'));
+		o.ucioption = 'bridge_loop_avoidance';
+		o.default = o.disabled;
+
+		o = s.taboption('mesh', form.Flag, 'distributed_arp_table', _('Distributed ARP Table'), 
+				_('When enabled the distributed ARP table forms a mesh-wide ARP cache that helps non-mesh clients to get ARP responses much more reliably and without much delay.'));
+		o.ucioption = 'distributed_arp_table';
+		o.default = o.enabled;
+
+		o = s.taboption('mesh', form.Flag, 'fragmentation', _('Fragmentation'), 
+				_('Batman-adv has a built-in layer 2 fragmentation for unicast data flowing through the mesh which will allow to run batman-adv over interfaces / connections that don\'t allow to increase the MTU beyond the standard Ethernet packet size of 1500 bytes. When the fragmentation is enabled batman-adv will automatically fragment over-sized packets and defragment them on the other end. Per default fragmentation is enabled and inactive if the packet fits but it is possible to deactivate the fragmentation entirely.'));
+		o.ucioption = 'fragmentation';
+		o.default = o.enabled;
+
+		o = s.taboption('mesh', form.ListValue, 'gw_mode', _('Gateway Mode'), 
+				_('A batman-adv node can either run in server mode (sharing its internet connection with the mesh) or in client mode (searching for the most suitable internet connection in the mesh) or having the gateway support turned off entirely (which is the default setting).'));
+		o.value('off', _('Off'));
+		o.value('client', _('Client'));
+		o.value('server', _('Server'));
+		o.default = 'off';
+
+		o = s.taboption('mesh', form.Value, 'hop_penalty', _('Hop Penalty'), 
+				_('The hop penalty setting allows to modify batman-adv\'s preference for multihop routes vs. short routes. The value is applied to the TQ of each forwarded OGM, thereby propagating the cost of an extra hop (the packet has to be received and retransmitted which costs airtime)'));
+		o.ucioption = 'hop_penalty';
+		o.datatype    = 'min(1)';
+		o.placeholder = '30';
+		o.default = '30';
+		
+		o = s.taboption('mesh', form.Flag, 'multicast_mode', _('Multicast Mode'), 
+				_('Enables more efficient, group aware multicast forwarding infrastructure in batman-adv.'));
+		o.ucioption = 'multicast_mode';
+		o.default = o.enabled;
+
+		o = s.taboption('mesh', form.Flag, 'network_coding', _('Network Coding'), 
+				_('When enabled network coding increases the WiFi throughput by combining multiple frames into a single frame, thus reducing the needed air time.'));
+		o.ucioption = 'network_coding';
+		o.default = o.enabled;
+	}
+});
diff --git a/protocols/luci-proto-batman-adv/htdocs/luci-static/resources/protocol/batadv_hardif.js b/protocols/luci-proto-batman-adv/htdocs/luci-static/resources/protocol/batadv_hardif.js
new file mode 100644
index 0000000000..b8b1263b97
--- /dev/null
+++ b/protocols/luci-proto-batman-adv/htdocs/luci-static/resources/protocol/batadv_hardif.js
@@ -0,0 +1,58 @@
+'use strict';
+'require uci';
+'require form';
+'require network';
+
+network.registerPatternVirtual(/^bat.+$/);
+
+return network.registerProtocol('batadv_hardif', {
+	getI18n: function() {
+		return _('Batman Interface');
+	},
+	
+	getIfname: function() {
+		return this._ubus('l3_device') || this.sid;
+	},
+	
+	getOpkgPackage: function() {
+		return 'kmod-batman-adv';
+	},
+	
+	isFloating: function() {
+		return false;
+	},
+	
+	isVirtual: function() {
+		return false;
+	},
+	
+	getDevices: function() {
+		return null;
+	},
+	
+	containsDevice: function(ifname) {
+		return (network.getIfnameOf(ifname) == this.getIfname());
+	},
+	
+	renderFormOptions: function(s) {
+		var dev = this.getL3Device() || this.getDevice(), 
+			o;
+
+		o = s.taboption('general', form.ListValue, 'master', _('Batman Device'),
+				_('This is the batman-adv device where you want to link the physical Device from above to. If this list is empty, then you need to create one first. If you want to route mesh traffic over a wired network device, then please select it from the above Device selector. If you want to assign the batman-adv interface to a Wi-fi mesh then do not select a Device in the Device selector but rather go to the Wireless settings and select this Interface as a network from there.'));
+		var uciInterfaces = uci.sections('network', 'interface');
+
+		for (var i = 0; i < uciInterfaces.length; i++) 
+		{
+			if (uciInterfaces[i].proto == 'batadv') 
+			{
+				var x=uciInterfaces[i]['.name']; 
+				o.value(x);
+			}
+		}
+		
+		o = s.taboption('general', form.Value, 'mtu', _('Override MTU'));
+		o.placeholder = dev ? (dev.getMTU() || '1536') : '1536';
+		o.datatype    = 'max(9200)';
+	}
+});
diff --git a/protocols/luci-proto-ipip/htdocs/luci-static/resources/protocol/ipip.js b/protocols/luci-proto-ipip/htdocs/luci-static/resources/protocol/ipip.js
index 7423a08585..44a0e20ac6 100644
--- a/protocols/luci-proto-ipip/htdocs/luci-static/resources/protocol/ipip.js
+++ b/protocols/luci-proto-ipip/htdocs/luci-static/resources/protocol/ipip.js
@@ -64,6 +64,10 @@ return network.registerProtocol('ipip', {
 		o.optional = true;
 		o.datatype = 'range(0, 255)';
 
-		s.taboption('advanced', form.Flag, 'df', _("Don't Fragment"), _("Enable the DF (Don't Fragment) flag of the encapsulating packets."));
+		o = s.taboption('advanced', form.Flag, 'df', _("Don't Fragment"), _("Enable the DF (Don't Fragment) flag of the encapsulating packets."));
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Flag, 'nohostroute', _("No host route"), _("Do not create host route to peer (optional)."));
+		o.optional = true;
 	}
 });
diff --git a/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js b/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js
index 50080ca9b6..d0726795ea 100644
--- a/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js
+++ b/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js
@@ -25,6 +25,12 @@ var generateQrCode = rpc.declare({
 	expect: { qr_code: '' }
 });
 
+var generatePsk = rpc.declare({
+	object: 'luci.wireguard',
+	method: 'generatePsk',
+	expect: { psk: '' }
+});
+
 function validateBase64(section_id, value) {
 	if (value.length == 0)
 		return true;
@@ -142,7 +148,7 @@ return network.registerProtocol('wireguard', {
 		// -- advanced --------------------------------------------------------------------
 
 		o = s.taboption('advanced', form.Value, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of tunnel interface.'));
-		o.datatype = 'range(1280,1420)';
+		o.datatype = 'range(0,8940)';
 		o.placeholder = '1420';
 		o.optional = true;
 
@@ -273,6 +279,18 @@ return network.registerProtocol('wireguard', {
 		o.validate = validateBase64;
 		o.optional = true;
 
+		o = ss.option(form.Button, 'generate_key', _('Generate Key'));
+		o.inputstyle = 'apply';
+		o.onclick = ui.createHandlerFn(this, function (section_id, ev, peer_id) {
+			return generatePsk().then(function (psk) {
+				var keyInput = document.getElementById('widget.cbid.network.%s.preshared_key'.format(peer_id)),
+					changeEvent = new Event('change');
+
+				keyInput.value = psk;
+				keyInput.dispatchEvent(changeEvent);
+			});
+		}, s.section);
+
 		o = ss.option(form.DynamicList, 'allowed_ips', _('Allowed IPs'), _("Optional. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel."));
 		o.datatype = 'ipaddr';
 		o.optional = true;
diff --git a/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard b/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard
index bbe91cdd6a..f1f8f16d00 100755
--- a/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard
+++ b/protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard
@@ -8,6 +8,13 @@ local uci = require "uci"
 local fs = require "nixio.fs"
 
 local methods = {
+	generatePsk = {
+		call = function()
+			local psk = sys.exec("wg genpsk"):sub(1, -2)
+
+			return {psk = psk}
+		end
+	},
 	generateKeyPair = {
 		call = function()
 			local prv = sys.exec("wg genkey 2>/dev/null"):sub(1, -2)
diff --git a/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json b/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json
index aa949b9d14..9d0a561411 100644
--- a/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json
+++ b/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json
@@ -6,7 +6,8 @@
 				"luci.wireguard": [
 					"generateKeyPair",
 					"getPublicAndPrivateKeyFromPrivate",
-					"generateQrCode"
+					"generateQrCode",
+					"generatePsk"
 				]
 			}
 		}
diff --git a/protocols/luci-proto-xfrm/Makefile b/protocols/luci-proto-xfrm/Makefile
new file mode 100644
index 0000000000..e59818e417
--- /dev/null
+++ b/protocols/luci-proto-xfrm/Makefile
@@ -0,0 +1,14 @@
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Support for XFRM interfaces
+LUCI_DEPENDS:=+xfrm
+
+PKG_MAINTAINER:=Glen Huang <heyhgl@gmail.com>
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/protocols/luci-proto-xfrm/htdocs/luci-static/resources/protocol/xfrm.js b/protocols/luci-proto-xfrm/htdocs/luci-static/resources/protocol/xfrm.js
new file mode 100644
index 0000000000..b630f3818b
--- /dev/null
+++ b/protocols/luci-proto-xfrm/htdocs/luci-static/resources/protocol/xfrm.js
@@ -0,0 +1,51 @@
+'use strict';
+'require uci';
+'require form';
+'require network';
+'require tools.widgets as widgets';
+
+return network.registerProtocol('xfrm', {
+	getI18n: function() {
+		return _('IPsec XFRM');
+	},
+
+	getIfname: function() {
+		return this._ubus('l3_device') || this.sid;
+	},
+
+	getOpkgPackage: function() {
+		return 'xfrm';
+	},
+
+	isFloating: function() {
+		return true;
+	},
+
+	isVirtual: function() {
+		return true;
+	},
+
+	getDevice: function() {
+		return null;
+	},
+
+	containsDevice: function(ifname) {
+		return (network.getIfnameOf(ifname) == this.getIfname());
+	},
+
+	renderFormOptions: function(s) {
+		var o, ss;
+
+		o = s.taboption('general', form.Value, 'ifid', _('Interface ID'), _('Required. XFRM interface ID to be used for SA.'));
+		o.datatype = 'integer';
+
+		o = s.taboption('general', widgets.NetworkSelect, 'tunlink', _('Required. Underlying interface.'));
+		o.exclude = s.section;
+		o.nocreate = true;
+
+		o = s.taboption('general', form.Value, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of the XFRM interface.'));
+		o.datatype = 'range(68,65535)';
+		o.placeholder = '1280';
+		o.optional = true;
+	}
+});