This package adds filters to limit the amount of ARP Requests
devices are allowed to send into the mesh. The limits are 6 packets
per minute per client device, by MAC address, and 1 per second per
node in total.

A burst of up to 50 ARP Requests is allowed until the rate-limiting
takes effect (see --limit-burst in the ebtables manpage).

Furthermore, ARP Requests with a target IP already present in the
batman-adv DAT Cache are excluded from the rate-limiting,
both regarding counting and filtering, as batman-adv will respond
locally with no burden for the mesh. Therefore, this limiter
should not affect popular target IPs, like gateways.

However it should mitigate the problem of curious people or
smart devices scanning the whole IP range. Which could create
a significant amount of overhead for all participants so far.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

[Matthias Schiffer: slightly clean up code]

Allow returning functions in addition to the names of UCI packages to
commit. Functions are run after all packages have been committed.

Both gluon.sysconfig and libgluonutil already remove the trailing newline
if it exists. It's nicer to avoid files without a trailing newline, e.g.
for printing the file contents in a terminal.

Patch originally authored by @oleeander.

Fixes #424

Allows to remove some redundant UCI lookups.

Fixes #1322

This is currently only implemented in the gluon-mesh-vpn-fastd
package.

Advertising the public key may be deemed problematic when
your threat-model involves protecting the nodes privacy
from tunnel traffic correlation by onlink observers.

It can be enabled by setting site.mesh_vpn.fastd.pubkey_privacy
to `false`.

Fixes: cfe1bba8 "gluon-web: fix radio button view of ListValues"

Fixes validation of ListValues.

Fixes: ec532b95 "gluon-web: extend ListValue with optional and unset
values"

The prefix is not used, and requesting it leads to odhcp6c log spam with
certain DHCPv6 servers.

If a value is unset or optional, an empty choice is added to the selection.
This empty choice will be marked as invalid if the value is not optional.

This is properly supported for the 'select' widget only for now, and not
for 'radio'.

Pretty much everything about this was broken:
* Fix dependency tracking
* Fix vertical orientation
* Fix paddings
* Add theming

Solves a recursive dependency problem.

While we're at it, also fix the description string.

Based-on-patch-by: lemoer <git@irrelefant.net>

[Matthias Schiffer: rebase]

[Matthias Schiffer: rebase and simplify]

This does not do anything yet, as this_domain() is not implemented yet.

Based-on-patch-by: lemoer <git@irrelefant.net>

This package drops all incoming router advertisements except for the
default router with the best metric according to B.A.T.M.A.N. advanced.

Note that advertisements originating from the node itself (for example
via gluon-radvd) are not affected.

Also disabling TX checksums and not only allowing incoming packets without
checksum will provide another small speedup. As doing so would break wired
meshing with VXLAN-enabled nodes that require non-zero checksums, we will
wait a few days before this step.

Evaluating these rules before all the ICMPv6 rules improves wired mesh
throughput measurably.

On most devices, there is only a single LAN interface connected to all LAN
ports, so no bridge is necessary.

Ensure packages get rebuilt when gluon.mk changes.

In addition to significant internal differences in check_site_lib.lua (in
particular unifying error handling to a single place for the upcoming
multi-domain support), this changes the way fields are addressed in site
check scripts: rather than providing a string like 'next_node.ip6', the
path is passed as an array {'next_node', 'ip6'}.

Other changes in site check scripts:
* need_array and need_table now pass the full path to the sub fields to the
subcheck instead of the key and value
* Any check referring to a field inside a table implies that all higher
levels must be tables if they exist: a check for {'next_node', 'ip6'} adds
an implicit (optional) check for {'next_node'}, which allows to remove many
explicit checks for such tables

libgluonutil is not usable outside the OpenWrt/LEDE environment anyways, so
it doesn't make much sense to make the CMakeLists.txt overly generic.

The domain configs are not checked yet, and not used for anything.

Based-on-patch-by: lemoer <git@irrelefant.net>

[Matthias schiffer: rebase, add a few more restrictions]

[Matthias Schiffer: rebase]

Not useful by itself except for testing; will be used for multi-domain
support.

[Matthias Schiffer: rename script, use for initial configuration]

This should not convert JSON to a Lua table and back, as this loses the
distinction between arrays and objects, but as our site.conf is defined in
Lua anyways (for now), this can be fixed in a later revision.

[Matthias Schiffer: rename to gluon-show-site, rebase]

[Matthias Schiffer: change section name and commit message]

By basing the Lua gluon.site module on gluonutil_load_site_config(), the
config load implementation needs to changed only in a single place for
multi-domain support.